1185 files changed, 317546 insertions, 0 deletions

diff --git a/share/security/advisories/CERT-CA-98-13-tcp-denial-of-service.asc b/share/security/advisories/CERT-CA-98-13-tcp-denial-of-service.asc
new file mode 100644
index 0000000000..5b73963404
--- /dev/null
+++ b/share/security/advisories/CERT-CA-98-13-tcp-denial-of-service.asc
@@ -0,0 +1,254 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+
+CERT Advisory CA-98-13-tcp-denial-of-service
+
+   Original Issue Date: December 21, 1998
+
+   Last Revised
+
+Topic: Vulnerability in Certain TCP/IP Implementations
+
+Affected Systems
+
+   Some systems with BSD-derived TCP/IP stacks. See Appendix A for a
+   complete list of affected systems.
+
+Overview
+
+   Intruders can disrupt service or crash systems with vulnerable TCP/IP
+   stacks. No special access is required, and intruders can use
+   source-address spoofing to conceal their true location.
+
+I. Description
+
+   By carefully constructing a sequence of packets with certain
+   characteristics, an intruder can cause vulnerable systems to crash,
+   hang, or behave in unpredictable ways. This vulnerability is similar
+   in its effect to other denial-of-service vulnerabilities, including
+   the ones described in
+
+     http://www.cert.org/advisories/CA-97.28.Teardrop_Land.html
+
+   Specifically, intruders can use this vulnerability in conjunction with
+   IP-source-address spoofing to make it difficult or impossible to know
+   their location. They can also use the vulnerability in conjunction
+   with broadcast packets to affect a large number of vulnerable machines
+   with a small number of packets.
+
+II. Impact
+
+   Any remote user can crash or hang a vulnerable machine, or cause the
+   system to behave in unpredictable ways.
+
+III. Solution
+
+A. Install a patch from your vendor.
+
+   Appendix A contains input from vendors who have provided information
+   for this advisory. We will update the appendix as we receive more
+   information. If you do not see your vendor's name, the CERT/CC did not
+   hear from that vendor. Please contact your vendor directly.
+
+B. Configure your router or firewall to help prevent source-address spoofing.
+
+   We encourage sites to configure their routers or firewalls to reduce
+   the ability of intruders to use source-address spoofing. Currently,
+   the best method to reduce the number of IP-spoofed packets exiting
+   your network is to install filtering on your routers that requires
+   packets leaving your network to have a source address from your
+   internal network. This type of filter prevents a source IP-spoofing
+   attack from your site by filtering all outgoing packets that contain a
+   source address of a different network.
+
+   A detailed description of this type of filtering is available in RFC
+   2267, "Network Ingress Filtering: Defeating Denial of Service Attacks
+   which employ IP Source Address Spoofing" by Paul Ferguson of Cisco
+   Systems, Inc. and Daniel Senie of Blazenet, Inc. We recommend it to
+   both Internet Service Providers and sites that manage their own
+   routers. The document is currently available at
+
+     http://info.internet.isi.edu:80/in-notes/rfc/files/rfc2267.txt
+
+   Note that this type of filtering does not protect a site from the
+   attack itself, but it does reduce the ability of intruders to conceal
+   their location, thereby discouraging attacks.
+
+Appendix A - Vendor Information
+
+   Berkeley Software Design, Inc. (BSDI)
+
+   BSDI's current release BSD/OS 4.0 is not vulnerable to this problem.
+   BSD/OS 3.1 is vulnerable and a patch (M310-049) is available from
+   BSDI's WWW server at http://www.bsdi.com/support/patches or via our
+   ftp server from the directory
+   ftp://ftp.bsdi.com/bsdi/patches/patches-3.1.
+
+   Cisco Systems
+
+   Cisco is not vulnerable.
+
+   Compaq Computer Corporation
+
+   SOURCE: (c) Copyright 1994, 1995, 1996, 1997, 1998 Compaq Computer
+   Corporation.
+
+   All rights reserved.
+
+   SOURCE: Compaq Computer Corporation
+   Compaq Services
+   Software Security Response Team USA
+
+   This reported problem is not present for the as shipped, Compaq's
+   Digital ULTRIX or Compaq's Digital UNIX Operating Systems Software.
+
+     - Compaq Computer Corporation
+
+   Data General Corporation
+
+   We are investigating. We will provide an update when our investigation
+   is complete.
+
+   FreeBSD, Inc.
+
+   FreeBSD 2.2.8 is not vulnerable.
+   FreeBSD versions prior to 2.2.8 are vulnerable.
+   FreeBSD 3.0 is also vulnerable.
+   FreeBSD 3.0-current as of 1998/11/12 is not vulnerable.
+
+   A patch is available at
+   ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/CA-98-13/patch
+
+   Fujitsu
+
+   Regarding this vulnerability, Fujitsu's UXP/V operating system is not
+   vulnerable.
+
+   Hewlett-Packard Company
+
+   HP is not vulnerable.
+
+   IBM Corporation
+
+   AIX is not vulnerable.
+
+   IBM and AIX are registered trademarks of International Business
+   Machines Corporation.
+
+   Livingston Enterprises, Inc.
+
+   Livingston systems are not vulnerable.
+
+   Computer Associates International
+
+   CA systems are not vulnerable.
+
+   Microsoft Corporation
+
+   Microsoft is not vulnerable.
+
+   NEC Corporation
+
+   NEC Corporation EWS-UX, UP-UX and UX/4800 Unix systems are not
+   vulnerable to this problem.
+
+   OpenBSD
+
+   Security fixes for this problem are now available for 2.3 and 2.4.
+
+   For 2.3, see
+
+     www.openbsd.org/errata23.html#tcpfix
+
+   For our 2.4 release which is available on CD on Dec 1, see
+
+     www.openbsd.org/errata.html#tcpfix
+
+   The bug is fixed in our -current source tree.
+
+   Sun Microsystems, Inc.
+
+   We have confirmed that SunOS and Solaris are not vulnerable to the DOS
+   attack.
+
+   Wind River Systems, Inc.
+
+   We've taken a look at our networking code and have determined that
+   this is not a problem in the currently shipping version of the VxWorks
+   RTOS.
+     _________________________________________________________________
+
+Contributors
+
+   The vulnerability was originally discovered by Joel Boutros of the
+   Enterprise Security Services team of Cambridge Technology Partners.
+   Guido van Rooij of FreeBSD, Inc., provided an analysis of the
+   vulnerability and information regarding its scope and extent.
+   ______________________________________________________________________
+
+   This document is available from:
+   http://www.cert.org/advisories/CA-98-13-tcp-denial-of-service.html.
+   ______________________________________________________________________
+
+CERT/CC Contact Information
+
+   Email: cert@cert.org
+          Phone: +1 412-268-7090 (24-hour hotline)
+          Fax: +1 412-268-6989
+          Postal address:
+          CERT Coordination Center
+          Software Engineering Institute
+          Carnegie Mellon University
+          Pittsburgh PA 15213-3890
+          U.S.A.
+
+   CERT personnel answer the hotline 08:00-20:00 EST(GMT-5) / EDT(GMT-4)
+   Monday through Friday; they are on call for emergencies during other
+   hours, on U.S. holidays, and on weekends.
+
+Using encryption
+
+   We strongly urge you to encrypt sensitive information sent by email.
+   Our public PGP key is available from http://www.cert.org/CERT_PGP.key.
+   If you prefer to use DES, please call the CERT hotline for more
+   information.
+
+Getting security information
+
+   CERT publications and other security information are available from
+   our web site http://www.cert.org/.
+
+   To be added to our mailing list for advisories and bulletins, send
+   email to cert-advisory-request@cert.org and include SUBSCRIBE
+   your-email-address in the subject of your message.
+
+   Copyright 1998 Carnegie Mellon University.
+   Conditions for use, disclaimers, and sponsorship information can be
+   found in http://www.cert.org/legal_stuff.html.
+
+   * CERT is registered in the U.S. Patent and Trademark Office
+   ______________________________________________________________________
+
+   NO WARRANTY
+   Any material furnished by Carnegie Mellon University and the Software
+   Engineering Institute is furnished on an "as is" basis. Carnegie
+   Mellon University makes no warranties of any kind, either expressed or
+   implied as to any matter including, but not limited to, warranty of
+   fitness for a particular purpose or merchantability, exclusivity or
+   results obtained from use of the material. Carnegie Mellon University
+   does not make any warranty of any kind with respect to freedom from
+   patent, trademark, or copyright infringement.
+     _________________________________________________________________
+
+   Revision History
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBNn64knVP+x0t4w7BAQHd/wQAv+1cQif/KNdFZ1ObARzlJJUd9T0Za5WM
+GjZwrlYR3CIm+eByVbGGizCYTXzuiTjQdenKxfDXAXXwqZRIvFbpjU3qWY6kCicf
+BhTbvzOOIT/ROhr9fWRwPqqPMKUyUYaJCbeWYWeV6PFJ6fYhWrBihiE+yml4n1Xp
+k2lHvwHl9lE=
+=9kEz
+-----END PGP SIGNATURE-----
+
diff --git a/share/security/advisories/FreeBSD-EN-04:01.twe.asc b/share/security/advisories/FreeBSD-EN-04:01.twe.asc
new file mode 100644
index 0000000000..02153d39d5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-04:01.twe.asc
@@ -0,0 +1,84 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+
+FreeBSD-EN-04:01.twe                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          twe(4) driver may hang on heavily loaded systems
+
+Category:       core
+Module:         twe(4) device driver
+Announced:      2004-06-28
+Credits:        Vinod Kashyap
+                Paul Saab
+Affects:        FreeBSD 4.10-RELEASE
+Corrected:      2004-06-26 02:22:24 UTC (4.10-RELEASE-p1)
+
+I.   Background
+
+The twe(4) driver handles the 3ware series of RAID controllers.
+
+II.  Problem Description
+
+On 6xxx series controllers the driver may try to repeatedly submit the
+same request if the cmd queue gets full, which may happen under extremely
+high I/O rates.
+
+III. Impact
+
+Once the driver entered the state it was repeatedly submitting the same
+request all normal disk I/O through the controller stops.  The computer
+would require a hard reset, any pending I/O buffered in memory would be
+lost.
+
+IV.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to the RELENG_4_10 errata branch dated
+after the correction date using cvsup(1) or cvs(1).  This is the preferred
+method.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/patches/EN-04:01/twe.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/ERRATA/patches/EN-04:01/twe.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch -p0 < /path/to/patch
+
+Then follow the normal procedures for rebuilding/reinstalling the kernel.
+Note that this method will only work with no errors if your system was
+installed from scratch using the FreeBSD-4.10 Release CDs or FTP install.
+If that is not the case you may see errors while patching the UPDATING
+file.  Those errors would be harmless.  Any other errors while running
+patch(1) should be investigated before proceeding with the rebuild/reinstall.
+
+V.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- --------------------------------------------------------------------------
+RELENG_4_10
+  src/sys/dev/twe/twe.c                                      1.1.2.8.2.2
+  src/sys/dev/twe/twe_freebsd.c                              1.2.2.8.2.1
+  src/sys/dev/twe/twevar.h                                   1.1.2.6.2.2
+  src/sys/conf/newvers.sh                                    1.44.2.34.2.3
+  src/UPDATING                                               1.73.2.90.2.2
+- --------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFA3ZYO/G14VSmup/YRAlOqAJ0cTgJcc83f+aAnHSFejBbUwMp5vQCdGpfB
+mHTWM/zA65ZjvrPEq1mrZy8=
+=T1Ow
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-05:01.nfs.asc b/share/security/advisories/FreeBSD-EN-05:01.nfs.asc
new file mode 100644
index 0000000000..84e84f6480
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-05:01.nfs.asc
@@ -0,0 +1,84 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+
+FreeBSD-EN-05:01.nfs                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          NFS Server may panic under certain load patterns
+
+Category:       core
+Module:         nfsserver
+Announced:      2005-01-05
+Credits:        Robert Watson
+Affects:        FreeBSD 5.3-RELEASE
+Corrected:      2005-01-05 03:35:00 UTC
+
+I.   Background
+
+The Network File System (NFS) allows a system to share directories and files
+with others over a network.  By using this, users and programs can access
+files on remote systems almost as if they were local files.
+
+II.  Problem Description
+
+Due to a bug in nfsrv_create() a call to nfsrv_access() might be made
+while holding the NFS server mutex, which results in kernel panics under
+certain load patterns.
+
+III. Impact
+
+NFS servers that encountered the load pattern would crash and reboot.
+
+IV.   Solution
+
+Do one of the following to update the source tree:
+
+  1) Upgrade your vulnerable system to the RELENG_5_3 errata branch dated
+     after the correction date using cvsup(1) or cvs(1).  This is the
+     preferred method.
+
+  2) Obtain the updated files using the cvsweb interface.  Cvsweb is a
+     Web interface to the CVS repository.  The URL to the general
+     interface is "http://www.freebsd.org/cgi/cvsweb.cgi/".  You can
+     obtain any of the source files for the RELENG_5_3 branch by going
+     to the src  directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src")
+     and then selecting the "RELENG_5_3" branch tag.  With the branch
+     tag set navigate to the files listed below in the "Correction
+     details" section and download them, making sure you get the correct
+     revision numbers.  Copy the downloaded files into your /usr/src tree.
+
+If using the second procedure you should make sure you have used that
+same procedure to download all previous Errata Notices and Security
+Advisories.  We strongly discourage this procedure due to the problems
+that may be caused by not doing that - using the first procedure takes
+care of making sure all updates get applied.
+
+Then follow the normal procedures for rebuilding/reinstalling the kernel.
+Details about rebuilding/reinstalling are available here:
+
+  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
+
+V.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- --------------------------------------------------------------------------
+RELENG_5_3
+
+  Revision        Changes    Path
+  1.342.2.13.2.6  +5 -0      src/UPDATING
+  1.62.2.15.2.8   +1 -1      src/sys/conf/newvers.sh
+  1.147.2.1.2.2   +52 -38    src/sys/nfsserver/nfs_serv.c
+
+- --------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQFB3HLR/G14VSmup/YRAuOXAJwI4YDlIDgLSkf8gTGSGKV+9CJX0wCgmVik
+x/MKtaf+dAelJTDxrUGUfmo=
+=ywyb
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-05:02.sk.asc b/share/security/advisories/FreeBSD-EN-05:02.sk.asc
new file mode 100644
index 0000000000..d1980aab56
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-05:02.sk.asc
@@ -0,0 +1,85 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+
+FreeBSD-EN-05:02.sk                                             Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          sk(4) driver instability on SMP systems
+
+Category:       core
+Module:         sys_pci
+Announced:      2005-01-06
+Credits:        Peter Edwards, John-Mark Gurney, David O'Brien, Bjoern A. Zeeb
+Affects:        FreeBSD 5.3-RELEASE
+Corrected:      2005-01-06 17:54:47 UTC
+
+I.   Background
+
+The sk(4) network driver provides support for SysKonnect-based Gigabit
+Ethernet adapters.
+
+II.  Problem Description
+
+Several programming errors were discovered in the sk(4) network driver,
+including an off-by-one error and a missing lock.
+
+III. Impact
+
+FreeBSD symmetric multiprocessing (SMP) systems using the sk(4) network
+driver may experience data corruption or system crashes.  Symptoms
+include panics, page faults, aborted SSH connections, and corrupted file
+transfers.
+
+IV.   Solution
+
+Do one of the following to update the source tree:
+
+  1) Upgrade your vulnerable system to the RELENG_5_3 errata branch dated
+     after the correction date using cvsup(1) or cvs(1).  This is the
+     preferred method.
+
+  2) Obtain the updated files using the cvsweb interface.  Cvsweb is a
+     Web interface to the CVS repository.  The URL to the general
+     interface is "http://www.freebsd.org/cgi/cvsweb.cgi/".  You can
+     obtain any of the source files for the RELENG_5_3 branch by going
+     to the src  directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src")
+     and then selecting the "RELENG_5_3" branch tag.  With the branch
+     tag set navigate to the files listed below in the "Correction
+     details" section and download them, making sure you get the correct
+     revision numbers.  Copy the downloaded files into your /usr/src tree.
+
+If using the second procedure you should make sure you have used that
+same procedure to download all previous Errata Notices and Security
+Advisories.  We strongly discourage this procedure due to the problems
+that may be caused by not doing that - using the first procedure takes
+care of making sure all updates get applied.
+
+Then follow the normal procedures for rebuilding/reinstalling the kernel.
+Details about rebuilding/reinstalling are available here:
+
+  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
+
+V.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+- --------------------------------------------------------------------------
+RELENG_5_3
+
+  Revision        Changes    Path
+  1.342.2.13.2.7  +4 -0      src/UPDATING
+  1.62.2.15.2.9   +1 -1      src/sys/conf/newvers.sh
+  1.83.2.2.2.1    +33 -16    src/sys/pci/if_sk.c
+  1.20.2.2.2.1    +1 -0      src/sys/pci/if_skreg.h
+
+- --------------------------------------------------------------------------
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQFB3YWR/G14VSmup/YRAisHAKCZDDsbpJ6QQWtVQaU+lo1N8OKQfACdGOdL
+dppEWGvxke7etwmpDK63k98=
+=x28D
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-05:03.ipi.asc b/share/security/advisories/FreeBSD-EN-05:03.ipi.asc
new file mode 100644
index 0000000000..9dca15a3cb
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-05:03.ipi.asc
@@ -0,0 +1,89 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+
+FreeBSD-EN-05:03.ipi                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          FreeBSD/i386 may panic under heavy load on SMP machines
+
+Category:       core
+Module:         smp
+Announced:      2005-01-16
+Credits:        Stephan Uphoff, Xin LI
+Affects:        FreeBSD 5.3-RELEASE
+Corrected:      2005-01-16 08:29:14 UTC
+
+I.   Background
+
+Inter-processor Interrupt, also known as ``IPI'', is a mechanism on
+multiprocessor system (specifically, SMP) to indicate some event that the
+other CPUs should be aware of.
+
+II.  Problem Description
+
+Under FreeBSD 5.3-RELEASE prior to the correction date, when there are
+more than two pending IPI vectors per local APIC it is possible to cause
+deadlocks.  The deadlock will then result in a kernel panic.
+
+III. Impact
+
+SMP servers that encounted heavy load, e.g. buildworld with md(4) and -jN,
+can easily be crashed.
+
+IV.   Solution
+
+Do one of the following to update the source tree:
+
+  1) Upgrade your affected system to the RELENG_5_3 errata branch dated
+     after the correction date using cvsup(1) or cvs(1).  This is the
+     preferred method.  For information on how to use cvsup(1) to update
+     your source code see:
+       http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
+
+  2) Obtain the updated files using the cvsweb interface.  Cvsweb is a
+     Web interface to the CVS repository.  The URL to the general
+     interface is "http://www.freebsd.org/cgi/cvsweb.cgi/".  You can
+     obtain any of the source files for the RELENG_5_3 branch by going
+     to the src  directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src")
+     and then selecting the "RELENG_5_3" branch tag.  With the branch
+     tag set navigate to the files listed below in the "Correction
+     details" section and download them, making sure you get the correct
+     revision numbers.  Copy the downloaded files into your /usr/src tree.
+
+If using the second procedure you should make sure you have used that
+same procedure to download all previous Errata Notices and Security
+Advisories.  We strongly discourage this procedure due to the problems
+that may be caused by not doing that - using the first procedure takes
+care of making sure all updates get applied.
+
+Then follow the normal procedures for rebuilding/reinstalling the kernel.
+Details about rebuilding/reinstalling are available here:
+
+  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
+
+V.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+- ---------------------------------------------------------------------------
+RELENG_5_3
+
+  Revision        Changes    Path
+  1.342.2.13.2.8  +4 -0      src/UPDATING
+  1.62.2.15.2.10  +1 -1      src/sys/conf/newvers.sh
+  1.101.4.1       +2 -50     src/sys/i386/i386/apic_vector.s
+  1.235.2.3.2.1   +65 -37    src/sys/i386/i386/mp_machdep.c
+  1.8.4.1         +42 -9     src/sys/i386/include/apicvar.h
+  1.78.4.1        +2 -5      src/sys/i386/include/smp.h
+
+- ---------------------------------------------------------------------------
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQFB6yY3/G14VSmup/YRAtq7AJ4nr1MGKyV1kzEhTRN66L7atWbUUgCdHERt
+tYcKMOFWc6i7sjGuJBqZvog=
+=k5nm
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-05:04.nfs.asc b/share/security/advisories/FreeBSD-EN-05:04.nfs.asc
new file mode 100644
index 0000000000..7245c559bc
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-05:04.nfs.asc
@@ -0,0 +1,82 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+FreeBSD-EN-05:04.nfs                                           Errata Notice
+                                                         The FreeBSD Project
+
+Topic:          NFS Client may panic when encounted errors
+
+Category:       core
+Module:         nfsclient
+Announced:      2005-12-19
+Credits:        Mohan Srinivasan, Xin LI
+Affects:        FreeBSD 6.0-RELEASE
+Corrected:      2005-12-19 10:58:58 UTC
+
+I.   Background
+
+The Network File System (NFS) allows a system to share directories and files
+with others over a network.  By using this, users and programs can access
+files on remote systems almost as if they were local files.
+
+II.  Problem Description
+
+Due to a locking issue in nfs_lookup() a call to vrele() might be made
+while holding the vnode mutex, which results in kernel panic when doing
+VFS operations under certain load patterns.
+
+III. Impact
+
+NFS clients that encountered the load pattern would crash and reboot.
+
+IV.   Solution
+
+Do one of the following to update the source tree:
+
+ 1) Upgrade your affected system to the RELENG_6_0 errata branch dated
+    after the correction date using cvsup(1) or cvs(1).  This is the
+    preferred method.
+
+ 2) Obtain the updated files using the cvsweb interface.  Cvsweb is a
+    Web interface to the CVS repository.  The URL to the general
+    interface is "http://cvsweb.freebsd.org/".  You can obtain any of
+    the source files for the RELENG_6_0 branch by going to the src
+    directory ("http://cvsweb.freebsd.org/src") and then selecting
+    the "RELENG_6_0" branch tag.  With the branch tag set navigate
+    to the files listed below in the "Correction details" section and
+    download them, making sure you get the correct revision numbers.
+    Copy the downloaded files into your /usr/src tree.
+
+If using the second procedure you should make sure you have used that
+same procedure to download all previous Errata Notices and Security
+Advisories.  We strongly discourage this procedure due to the problems
+that may be caused by not doing that - using the first procedure takes
+care of making sure all updates get applied.
+
+Then follow the normal procedures for rebuilding/reinstalling the kernel.
+Details about rebuilding/reinstalling are available here:
+
+ http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
+
+V.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+- ---------------------------------------------------------------------------
+RELENG_6_0
+
+  Revision       Changes    Path
+  1.416.2.3.2.6  +5 -0      src/UPDATING
+  1.69.2.8.2.2   +1 -1      src/sys/conf/newvers.sh
+  1.258.4.1      +1 -1      src/sys/nfsclient/nfs_vnops.c
+
+- ---------------------------------------------------------------------------
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFDujwhFdaIBMps37IRAiPOAKCC9BmZhzFEBm6/kzKMDpZVXk7X/QCfTmsY
+kHH+tM9KBV1Vau80d0G3vk4=
+=UvNX
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-06:01.jail.asc b/share/security/advisories/FreeBSD-EN-06:01.jail.asc
new file mode 100644
index 0000000000..7e2b796d48
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-06:01.jail.asc
@@ -0,0 +1,90 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+FreeBSD-EN-06:01.jail                                           Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Jail startup scripts may override some global jail_*
+                variables.
+
+Category:       core
+Module:         etc_rc.d
+Announced:      2006-07-07
+Credits:        Florent Thoumie, Pawel Dawidek, Cheng-Lung Sung
+Affects:        FreeBSD 6.1-RELEASE
+Corrected:      2006-07-07 07:25:21 UTC
+
+I.   Background
+
+System startup scripts, typically in /etc/rc.d, control what happens
+as a system boots to multi-user mode.  The behavior of those scripts
+can be controlled by "global" variables in /etc/rc.conf.
+
+II.  Problem Description
+
+The names of several internal variables in the jail startup script
+conflicted with those of global variables that could be set by
+administrators.  In addition, some configuration variables are not
+properly validated in the jail startup script.
+
+III. Impact
+
+Jails may not have started up as the administrator intended.  If some
+configuration variables required by jail configuration in /etc/rc.conf
+are not correctly set jail startup may have been attempted by the script
+anyway.
+
+IV.   Solution
+
+Do one of the following to update the source tree:
+
+  1) Upgrade your affected system to the RELENG_6_1 errata branch dated
+     after the correction date using cvsup(1) or cvs(1).  This is the
+     preferred method.  For information on how to use cvsup(1) to update
+     your source code see:
+       http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
+
+  2) Obtain the updated files using the cvsweb interface.  Cvsweb is a
+     Web interface to the CVS repository.  The URL to the general
+     interface is "http://www.freebsd.org/cgi/cvsweb.cgi/".  You can
+     obtain any of the source files for the RELENG_6_1 branch by going
+     to the src  directory ("http://www.freebsd.org/cgi/cvsweb.cgi/src")
+     and then selecting the "RELENG_6_1" branch tag.  With the branch
+     tag set navigate to the files listed below in the "Correction
+     details" section and download them, making sure you get the correct
+     revision numbers.  Copy the downloaded files into your /usr/src tree.
+
+If using the second procedure you should make sure you have used that
+same procedure to download all previous Errata Notices and Security
+Advisories.  We strongly discourage this procedure due to the problems
+that may be caused by not doing that - using the first procedure takes
+care of making sure all updates get applied.
+
+Then use mergemaster(8) to install the updated startup script support.  Note
+that mergemaster(8) will expect to find a normal object file tree having
+resulted from doing 'make world' in /usr/src, and will build one if it
+does not exist.  If you do not have a recent object file tree you may
+want to just manually copy the src/etc/rc.d/jail and src/etc/defaults/rc.conf
+files into place.
+
+V.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+- ---------------------------------------------------------------------------
+RELENG_6_1
+
+  Revision        Changes    Path
+  1.416.2.22.2.5  +3 -0      src/UPDATING
+  1.23.2.3.2.2    +102 -91   src/etc/rc.d/jail
+  1.69.2.11.2.5   +1 -1      src/sys/conf/newvers.sh
+
+- ---------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQFErgzzFdaIBMps37IRAh17AJwLueUv5ZzXrbZG8qtL1lwgpPZCCgCfYGxE
+2oAorGMRBTbqVx/YhKJX1lA=
+=Lmti
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-06:02.net.asc b/share/security/advisories/FreeBSD-EN-06:02.net.asc
new file mode 100644
index 0000000000..aaa32196b6
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-06:02.net.asc
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-06:02.net                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Networking Issues
+
+Category:       core
+Module:         sys
+Announced:      2006-08-28
+Credits:        Robert Watson, JINMEI Tatuya
+Affects:        FreeBSD 6.1-RELEASE
+Corrected:      2006-08-28 07:31:11 UTC (RELENG_6_1, 6.1-RELEASE-p5)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+The FreeBSD kernel provides basic networking services, supporting the
+IPv4 and IPv6 network protocols.
+
+II.  Problem Description
+
+Several issues have been discovered in the networking code in the
+FreeBSD 6.1 kernel.  Specifically:
+
+1.  A pointer was not being checked for validity before being
+    dereferenced.
+
+2.  Some statistics-keeping code in the UMA memory allocator
+    erroneously counted certain types of successful memory allocations
+    as failures.
+
+3.  IPv6 neighbor discovery did not work correctly over point-to-point
+    links.
+
+III. Impact
+
+The impacts of these bugs are varied.
+
+1.  The pointer dereferencing issue could cause a kernel panic.
+
+2.  The memory statistics-keeping error could cause the kernel to
+    report an incorrect number of memory allocations that failed.
+    One symptom of this problem is a artificially high count of
+    "requests for mbufs denied" in the output from "netstat -m".
+
+3.  The IPv6 neighbor discovery bug could cause spurious warnings to
+    be generated when running IPv6 over point-to-point links.  This
+    problem was particularly noticeable over gif(4) tunnels.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or to the RELENG_6_1
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-06:02/net.patch
+# fetch http://security.FreeBSD.org/patches/EN-06:02/net.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6_1
+  src/UPDATING                                             1.416.2.22.2.7
+  src/sys/conf/newvers.sh                                   1.69.2.11.2.7
+  src/sys/netinet/ip_output.c                               1.242.2.8.2.1
+  src/sys/netinet6/in6.c                                     1.51.2.8.2.1
+  src/sys/netinet6/nd6.c                                    1.48.2.12.2.1
+  src/sys/vm/uma_core.c                                    1.119.2.15.2.1
+- -------------------------------------------------------------------------
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-06:02.net.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQFE8pwjFdaIBMps37IRAtQkAKCd89w0feF8PI4RM5cD90WQX/fPOgCfb/OH
+wecGoGYP8sZw8vTx0i5HqQQ=
+=Qj8N
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-07:01.nfs.asc b/share/security/advisories/FreeBSD-EN-07:01.nfs.asc
new file mode 100644
index 0000000000..19ee34bfa4
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-07:01.nfs.asc
@@ -0,0 +1,119 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-07:01.nfs                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          NFS server reliability issues
+
+Category:       core
+Module:         sys_nfsserver
+Announced:      2007-02-14
+Credits:        Kostik Belousov,
+                Pawel Jakub Dawidek,
+                Padma Bhooma,
+                Hiroki Sato
+Affects:        All FreeBSD 6.x releases prior to 6.2-RELEASE
+Corrected:      2007-01-07 13:20:24 UTC (RELENG_6, 6.2-STABLE)
+                2007-02-14 22:30:33 UTC (RELENG_6_1, 6.1-RELEASE-p14)
+                2007-02-14 22:29:57 UTC (RELENG_6_0, 6.0-RELEASE-p18)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The Network File System (NFS) allows a host to export some or all of
+its file systems so that other hosts can access them over the network
+and mount them as if they were on local disks.  NFS is built on top of
+the Sun Remote Procedure Call (RPC) framework.  FreeBSD includes
+server and client implementations of NFS.
+
+II.  Problem Description
+
+The NFS server subsystem had the following three problems:
+
+ - Inconsistent locking that leads to performance degradation and can
+   cause a system panic during certain operations to manipulate symbolic
+   links.
+
+ - A memory leak in pathname lookup operation.
+
+ - A bug that prevents a symbolic link with a particular pathname from
+   being created.
+
+III. Impact
+
+Under some circumstances, the NFS server subsystem can cause a system
+panic due to bugs in the FreeBSD kernel.  This can be serious and could
+lead to a denial of service especially in an NFS server configuration
+where the server shares home directories amongst many clients. 
+This is because several particular operations from a client can trigger
+the panic without special privilege on either the server and the client.
+
+IV.   Solution
+
+Perform one of the following:
+
+1) Upgrade your affected system to 6-STABLE, or to the RELENG_6_1 or
+RELENG_6_0 errata branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.0 and
+6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 6.0]
+# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs60.patch
+# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs60.patch.asc
+
+[FreeBSD 6.1]
+# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs61.patch
+# fetch http://security.FreeBSD.org/patches/EN-07:01/nfs61.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+V.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.16
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.16
+  src/sys/nfsserver/nfs_serv.c                              1.156.2.2.2.1
+  src/sys/nfsserver/nfs_srvsubs.c                           1.136.2.2.2.1
+  src/sys/nfsserver/nfsm_subs.h                                  1.37.6.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.23
+  src/sys/conf/newvers.sh                                   1.69.2.8.2.19
+  src/sys/nfsserver/nfs_serv.c                                  1.156.4.1
+  src/sys/nfsserver/nfs_srvsubs.c                               1.136.4.1
+  src/sys/nfsserver/nfsm_subs.h                                  1.37.4.1
+- -------------------------------------------------------------------------
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-07:01.nfs.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQFF047GFdaIBMps37IRAlDuAJ9sjXfjvIl+F9/sqZSXksUeagRIAwCePXsA
+cb9f5GWVCblMm/Y90CUjYTE=
+=g+wq
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-07:02.net.asc b/share/security/advisories/FreeBSD-EN-07:02.net.asc
new file mode 100644
index 0000000000..61421e7e10
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-07:02.net.asc
@@ -0,0 +1,110 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-07:02.net                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          IPv6 over Point-to-Point gif(4) tunnels
+
+Category:       core
+Module:         sys_netinet6
+Announced:      2007-02-28
+Credits:        Bruce A. Mah
+Affects:        FreeBSD 6.2-RELEASE
+Corrected:      2007-02-08 22:52:56 UTC (RELENG_6, 6.2-STABLE)
+                2007-02-28 18:24:37 UTC (RELENG_6_2, 6.2-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The FreeBSD kernel provides basic networking services, including
+(among other protocols) the IPv6 network protocol stack.
+
+The gif(4) tunnel driver provides a generic tunnelling interface,
+which is commonly used to carry IPv6 packets across an IPv4 internetwork.
+
+II.  Problem Description
+
+FreeBSD 6.2-RELEASE contains a regression in the behavior of IPv6
+over gif(4) tunnels configured as point-to-point interfaces (in
+other words, gif(4) interfaces with an explicitly-configured destination
+address and a 128-bit prefix length).  When such an interface is
+configured, a route to the destination address must be added implicitly
+by the kernel to allow packets to traverse the tunnel properly.
+FreeBSD 6.2-RELEASE does not do this.
+
+III. Impact
+
+In some cases, it may be impossible for a host to send IPv6 traffic over a
+gif(4) tunnel interface due to the lack of an appropriate routing table
+entry.
+
+IV.  Workaround
+
+One workaround is to add a route to the destination address explicitly
+using the route(8) command, as in the following example:
+
+# route add -host -inet6 ADDRESS -interface GIF -nostatic -llinfo
+
+In the command line above, ADDRESS and GIF should be replaced by the
+destination IPv6 address and the interface name of the gif(4) tunnel,
+respectively.
+
+In some cases, the host route to the destination may be added implicitly
+as a side-effect of receiving inbound packets over the tunnel.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your affected system to 6-STABLE or to the RELENG_6_2
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.2
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-07:02/net.patch
+# fetch http://security.FreeBSD.org/patches/EN-07:02/net.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- ----------------------------------------------------------------------------
+RELENG_6_2
+  src/UPDATING                                                1.416.2.29.2.5
+  src/sys/conf/newvers.sh                                      1.69.2.13.2.5
+  src/sys/netinet6/nd6.c	                               1.48.2.15.2.1
+- ----------------------------------------------------------------------------
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-07:02.net.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQFF5ct4FdaIBMps37IRAjN0AJ9llRTF/ccXBJDRqJeFDocSkIF5lQCdF2ww
+y+4KLUVBRVLLQz0AJuKygfc=
+=x04b
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-07:03.rc.d_jail.asc b/share/security/advisories/FreeBSD-EN-07:03.rc.d_jail.asc
new file mode 100644
index 0000000000..1237cb15b2
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-07:03.rc.d_jail.asc
@@ -0,0 +1,104 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-07:03.rc.d_jail                                      Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          rc.d jail script interface IP alias removal
+
+Category:       core
+Module:         etc_rc.d
+Announced:      2007-02-28
+Credits:        Philipp Wuensche
+Affects:        FreeBSD 6.2-RELEASE.
+Corrected:      2007-01-02 11:14:07 UTC (RELENG_6, 6.2-STABLE)
+                2007-02-28 18:24:37 UTC (RELENG_6_2, 6.2-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+The jail(2) system call allows a system administrator to lock a process
+and all of its descendants inside an environment with a very limited
+ability to affect the system outside that environment, even for
+processes with superuser privileges.  It is an extension of, but
+far more powerful than, the traditional UNIX chroot(2) system call.
+
+The host's jail rc.d(8) script can be used to start and stop jails
+automatically on system boot/shutdown.  The jail_interface rc.conf(5)
+variable can be used to automatically add and remove an IP address on
+a specific network interface when a jail starts and stops.
+
+II.  Problem Description
+
+A cleanup of the rc.d jail script did not rename the variables used by
+the jail_interface feature when removing the IP address in the case
+where the jail startup fails.  This may result in ifconfig(8) being
+run with incorrect arguments.
+
+III. Impact
+
+Since the wrong variable is used, in some cases, ifconfig(8) will
+remove an arbitrary IP address instead of the IP address of the jail
+if startup of a jail fails.  It may be possible for a user with root
+access in a jail to provoke this situation by intentionally making
+jail startup fail.
+
+IV.  Workaround
+
+Do not use the jail_interface feature; instead, manually configure IP
+addresses for the jails.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or to the RELENG_6_2
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.2
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-07:03/rc.d_jail.patch
+# fetch http://security.FreeBSD.org/patches/EN-07:03/rc.d_jail.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# install -o root -g wheel -m 555 etc/rc.d/jail /etc/rc.d
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/etc/rc.d/jail                                              1.23.2.8
+RELENG_6_2
+  src/UPDATING                                             1.416.2.29.2.5
+  src/sys/conf/newvers.sh                                   1.69.2.13.2.5
+  src/etc/rc.d/jail                                          1.23.2.7.2.2
+- -------------------------------------------------------------------------
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-07:03.rc.d_jail.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQFF5ct8FdaIBMps37IRAu3qAKCHNEFb/kqTVyFSllHyG6YOg+qccACfbmfI
+CiEeWDDU73GVG+T15VeGH2Q=
+=EQyo
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-07:04.zoneinfo.asc b/share/security/advisories/FreeBSD-EN-07:04.zoneinfo.asc
new file mode 100644
index 0000000000..1c6da081b1
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-07:04.zoneinfo.asc
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-07:04.zoneinfo                                       Errata Notice
+                                                          The FreeBSD Project
+
+Topic:		Zoneinfo file update
+
+Category:       core
+Module:         share_zoneinfo
+Announced:      2007-02-28
+Affects:        FreeBSD 6.1-RELEASE
+Corrected:      2007-02-28 18:23:09 UTC (RELENG_6_1, 6.1-RELEASE-p15)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+The tzsetup(8) program allows the user to specify the default local
+timezone.  Based on the user's choice, tzsetup(8) copies one of the
+files from /usr/share/zoneinfo to /etc/localtime.  This file actually
+controls the conversion.
+
+II.  Problem Description
+
+In 2005 several governments, among them the United States of America and
+Canada, decided to change when Daylight Savings Time begins and ends.
+The change takes effect in 2007.  Because of that change the data in
+the zoneinfo files needs to be updated, and if the computer's local
+time zone is affected tzsetup(8) needs to be run so /etc/localtime
+gets updated.
+
+FreeBSD 6.1-RELEASE shipped with the correct zoneinfo files for the United
+States time zones affected by the change made in 2005, but the zoneinfo
+files for several other countries (e.g. Canada) do not contain current
+information.
+
+III. Impact
+
+If the /usr/share/zoneinfo files as well as /etc/localtime are not updated
+on a computer that has its time zone set to one of the regions affected by
+the change made in 2005 it will display the wrong time between March 15th
+and April 1st, then again between October 28th and November 4th.  All things
+on that computer that rely on the system time (e.g. cron jobs, timestamps
+entered in log files, etc) will be affected.
+
+IV.  Workaround
+
+At least in theory the system time could be manually adjusted by an hour
+on the affected dates.  However the system will still incorrectly say whether
+or not Daylight Savings Time is in effect (e.g. it will still say the
+time is "EST" instead of "EDT" for the Eastern US).  Doing this is NOT
+recommended because the kernel stores timestamp information in the
+filesystem and other places using its internal representation of time
+(based on UTC).
+
+Since the following is such a frequently asked question we will mention
+the answer here.  Using an NTP server as the source of your system's
+time will NOT automatically take care of the change in Daylight Savings
+Time.  This patch should still be applied if you are in a region that
+is affected.
+
+V.   Solution
+
+Following the instructions in this Errata Notice will update all of
+the zoneinfo files to be the same as what was released with FreeBSD
+6.2-RELEASE.
+
+Perform one of the following:
+
+1) Upgrade your affected system to 6-STABLE or to the RELENG_6_1
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.1
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-07:04/zoneinfo.patch
+# fetch http://security.FreeBSD.org/patches/EN-07:04/zoneinfo.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/share/misc
+# make obj && make depend && make && make install
+# cd /usr/src/share/zoneinfo
+# make obj && make depend && make && make install
+# tzsetup
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.17
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.17
+  src/share/misc/iso3166                                        1.13.12.1
+  src/share/zoneinfo/Makefile                                    1.20.6.1
+  src/share/zoneinfo/africa                                 1.14.14.2.2.1
+  src/share/zoneinfo/antarctica                         1.1.2.10.12.2.2.1
+  src/share/zoneinfo/asia                                    1.25.2.2.2.1
+  src/share/zoneinfo/australasia                            1.25.10.2.2.1
+  src/share/zoneinfo/backward                            1.1.2.11.2.2.2.1
+  src/share/zoneinfo/etcetera                            1.1.2.5.14.1.2.1
+  src/share/zoneinfo/europe                                  1.29.2.2.2.1
+  src/share/zoneinfo/factory                                     1.5.38.1
+  src/share/zoneinfo/leapseconds                             1.13.2.1.2.1
+  src/share/zoneinfo/northamerica                            1.25.2.2.2.1
+  src/share/zoneinfo/southamerica                            1.24.2.2.2.1
+  src/share/zoneinfo/systemv                             1.1.2.2.14.1.2.1
+  src/share/zoneinfo/yearistype.sh                       1.1.2.5.14.1.2.1
+  src/share/zoneinfo/zone.tab                                1.17.2.1.2.1
+- -------------------------------------------------------------------------
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-07:04.zoneinfo.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQFF5ct/FdaIBMps37IRAiXgAJ4ldnfI9FL27J9n4/nHM9D0K1Qf6gCghXiL
+9VMtdP/Us5QtJ7n4psLVIlg=
+=AiEF
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-07:05.freebsd-update.asc b/share/security/advisories/FreeBSD-EN-07:05.freebsd-update.asc
new file mode 100644
index 0000000000..f613a1a6ae
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-07:05.freebsd-update.asc
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-07:05.freebsd-update                                 Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          FreeBSD Update problems updating SMP kernels
+
+Category:       core
+Module:         usr.sbin
+Announced:      2007-03-15
+Affects:        FreeBSD 6.2
+Corrected:      2007-03-08 05:43:12 UTC (RELENG_6, 6.2-STABLE)
+                2007-03-15 08:06:11 UTC (RELENG_6_2, 6.2-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+FreeBSD Update is a system for building, distributing, and installing
+binary security and errata updates to the FreeBSD base system.  Starting
+with FreeBSD 6.2-RELEASE, the FreeBSD Update client software, 
+freebsd-update(8), has been included in the FreeBSD base system.
+
+II.  Problem Description
+
+Due to a programming error in the FreeBSD Update client, kernels built
+from the default SMP kernel configuration (including those distributed
+as part of the release) are not correctly identified as such.  On the 
+i386 platform, they are not recognized; on the amd64 platform, they are
+mis-identified as GENERIC kernels.
+
+III. Impact
+
+On the i386 platform, if a system is running a kernel built from the
+default SMP kernel configuration, and this kernel is installed somewhere
+other than /boot/SMP/kernel, the FreeBSD Update client will not download
+and install updates for it.
+
+On the amd64 platform, if a system is running a kernel built from the
+default SMP kernel configuration, and this kernel is installed somewhere
+other than /boot/SMP/kernel, the FreeBSD Update client will replace it
+with a kernel built from the GENERIC (single-processor) kernel
+configuration.
+
+IV.  Workaround
+
+As described in Security Advisories and Errata Notices, it is possible to
+update FreeBSD systems by applying source code patches and rebuilding the
+affected components.
+
+Note that systems which are not running SMP kernels are not affected.
+
+Note also that this problem applies only to FreeBSD 6.2 systems using the
+FreeBSD Update client distributed as part of the FreeBSD base system.
+The FreeBSD Update client distributed as security/freebsd-update in the
+FreeBSD Ports Collection is not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your affected system to 6-STABLE or to the RELENG_6_2 errata
+branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-07:05/freebsd-update.patch
+# fetch http://security.FreeBSD.org/patches/EN-07:05/freebsd-update.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/freebsd-update/
+# make obj && make && make install
+
+V.1. IMPORTANT NOTES to users of FreeBSD Update:
+
+a) i386 systems:
+
+It is possible that past kernel updates have not been downloaded and
+installed by FreeBSD Update.  To ensure that all available updates have
+been installed, run FreeBSD Update twice; first to download and install
+an updated FreeBSD Update client, and second to download and install any
+updates which were missed earlier.
+
+b) amd64 systems:
+
+It is possible that systems which were initially installed with an SMP
+kernel have been "updated" by replacing the kernel with a GENERIC kernel.
+To see which kernel is running, run
+# sysctl kern.smp.maxcpus
+which will report either 1 (GENERIC kernel) or 16 (SMP kernel).  (Note
+that `uname -i`, the standard mechanism for determining a kernel ident,
+returns "GENERIC" on both amd64 GENERIC and SMP kernels.)
+
+If FreeBSD Update has replaced an SMP kernel by a GENERIC kernel,
+repeatedly run
+# freebsd-update rollback
+and reboot until the system is running an SMP kernel.
+
+Once you have verified that the system is running the correct kernel, run
+FreeBSD Update twice *without rebooting*.  The first time FreeBSD Update
+is run it might replace an SMP kernel with a GENERIC kernel; but on the
+second run (after an updated FreeBSD Update client is installed, and as
+long as the system has not been rebooted into the wrong kernel) it will
+download the correct kernel.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/usr.sbin/freebsd-update/freebsd-update.sh                   1.2.2.4
+RELENG_6_2
+  src/UPDATING                                             1.416.2.29.2.6
+  src/sys/conf/newvers.sh                                   1.69.2.13.2.6
+  src/usr.sbin/freebsd-update/freebsd-update.sh               1.2.2.2.2.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-07:05.freebsd-update.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQFF+pUJFdaIBMps37IRAo+tAKCTwLNoR2C+ACCfQ8LNm7UKJ/K2egCgh2aS
+GPNjhwdxwSbjhzNPs4aidwo=
+=K+Fo
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-08:01.libpthread.asc b/share/security/advisories/FreeBSD-EN-08:01.libpthread.asc
new file mode 100644
index 0000000000..3080efa90d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-08:01.libpthread.asc
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-08:01.libpthread                                     Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Problems with fork(2) within threaded programs
+
+Category:       core
+Module:         libpthread
+Announced:      2008-04-17
+Credits:	Julian Elischer, Dan Eischen
+Affects:        FreeBSD 6.3
+Corrected:      2008-02-04 20:05:20 UTC (RELENG_6, 6.3-STABLE)
+                2008-04-16 23:59:48 UTC (RELENG_6_3, 6.3-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+POSIX threads are a set of functions that support applications with
+requirements for multiple flows of control, called threads, within a
+process.  The fork(2) system call is used to create a new process.
+
+II.  Problem Description
+
+The libpthread threading library on FreeBSD 6.3 fails to properly
+reinitialize mutexes when a threaded process invokes fork(2).
+
+III. Impact
+
+After the fork(2) system returns, the newly created child process may
+freeze in user space for no apparent reason.  This affects any threaded
+application that invokes fork(2), most frequently those that call
+fork(2) before execve(2) or system(3) to run external programs.
+
+IV.  Workaround
+
+On some systems, using libthr instead of libpthread, via the libmap
+configuration file libmap.conf(5), may be an acceptable workaround.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE or the RELENG_6_3
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 6.3 systems:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-08:01/libpthread.patch
+# fetch http://security.FreeBSD.org/patches/EN-08:01/libpthread.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libpthread
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/lib/libpthread/sys/lock.c                                   1.9.2.2
+  src/lib/libpthread/thread/thr_kern.c                          1.116.2.2
+RELENG_6_3
+  src/UPDATING                                             1.416.2.37.2.6
+  src/sys/conf/newvers.sh                                   1.69.2.15.2.5
+  src/lib/libpthread/sys/lock.c                               1.9.2.1.8.1
+  src/lib/libpthread/thread/thr_kern.c                      1.116.2.1.6.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-08:01.libpthread.asc
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFIBpWeFdaIBMps37IRAg2wAJ9jwXi2ZTaYXBdsU6CzS8dCzsQ5cwCcD2Fu
+NCao693yWJo1bJrCrrbG8Ww=
+=7mo1
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-08:02.tcp.asc b/share/security/advisories/FreeBSD-EN-08:02.tcp.asc
new file mode 100644
index 0000000000..77764d2d56
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-08:02.tcp.asc
@@ -0,0 +1,111 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-08:02.tcp                                      Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          TCP options padding
+
+Category:       core
+Module:         sys_netinet
+Announced:      2008-06-19
+Credits:        Bjoern A. Zeeb, Mike Silbersack, Andre Oppermann
+Affects:        7.0-RELEASE
+Corrected:      2008-05-05 20:59:36 UTC (RELENG_7, 7.0-STABLE)
+                2008-06-19 06:36:10 UTC (RELENG_7_0, 7.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
+provides a connection-oriented, reliable, sequence-preserving data
+stream service.  TCP packets can contain "TCP options" which allow for
+enhancements to basic TCP functionality; depending on the length of
+these options, it may be necessary for padding to be added.
+
+II.  Problem Description
+
+Under certain conditions, TCP options are not correctly padded.
+
+III. Impact
+
+A small number of firewalls have been reported to block incorrectly
+padded TCP SYN and SYN/ACK packets generated by FreeBSD 7.0, with the
+result that an attempt to open a TCP connection to or from an affected
+host across such a firewall will fail.
+
+IV.  Workaround
+
+Disabling RFC 1323 extensions and selective acknowledgments will
+eliminate the need for TCP option padding and restore interoperability.
+Note that disabling these features may cause a reduction in performance
+on high latency networks and networks that experience frequent packet
+loss.
+
+To disable these features, add the following lines to /etc/sysctl.conf:
+
+net.inet.tcp.rfc1323=0
+net.inet.tcp.sack.enable=0
+
+And then run "/etc/rc.d/sysctl restart" to make the change effective.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your affected system to 7-STABLE, or the RELENG_7_0 security
+branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 7.0 systems:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-08:02/tcp.patch
+# fetch http://security.FreeBSD.org/patches/EN-08:02/tcp.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/netinet/tcp.h                                          1.40.2.1
+  src/sys/netinet/tcp_output.c                                  1.141.2.6
+RELENG_7_0
+  src/UPDATING                                              1.507.2.3.2.6
+  src/sys/conf/newvers.sh                                    1.72.2.5.2.6
+  src/sys/netinet/tcp.h                                          1.40.4.1
+  src/sys/netinet/tcp_output.c                              1.141.2.3.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-08:02.tcp.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkhaAaQACgkQFdaIBMps37KmwgCfdC7qerBUDdmxPLe6yKZEwb7/
+TqwAoJGFuowGOY/oeEQr6/AQZm3zgRY3
+=UlPD
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-09:01.kenv.asc b/share/security/advisories/FreeBSD-EN-09:01.kenv.asc
new file mode 100644
index 0000000000..99fb0f36bb
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-09:01.kenv.asc
@@ -0,0 +1,113 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-09:01.kenv                                           Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Kernel panic when dumping environment
+
+Category:       core
+Module:         kern
+Announced:      2009-03-23
+Affects:        FreeBSD 7.x
+Corrected:      2009-03-23 00:00:50 UTC (RELENG_7, 7.2-PRERELEASE)
+                2009-03-23 00:00:50 UTC (RELENG_7_1, 7.1-RELEASE-p4)
+                2009-03-23 00:00:50 UTC (RELENG_7_0, 7.0-RELEASE-p11)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The kenv(2) system call allows userland processes to get, set, and unset
+kernel environment variables, as well as to dump all of the entries in
+the kernel environment.
+
+II.  Problem Description
+
+When dumping all of the entries in the kernel environment, the kernel
+does not adequately bounds-check the size of the buffer into which the
+environment should be written.
+
+III. Impact
+
+An unprivileged process can cause the FreeBSD kernel to attempt to
+allocate a very large amount of memory, thereby causing the FreeBSD
+kernel to panic.
+
+IV.  Workaround
+
+No workaround is available, but systems without untrusted local users
+are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1
+or  RELENG_7_0 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 7.0 and 7.1
+systems.
+
+a) Download the patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-09:01/kenv.patch
+# fetch http://security.FreeBSD.org/patches/EN-09:01/kenv.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/kern/kern_environment.c                                1.47.2.1
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.7
+  src/sys/conf/newvers.sh                                    1.72.2.9.2.8
+  src/sys/kern/kern_environment.c                                1.47.6.2
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.15
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.15
+  src/sys/kern/kern_environment.c                                1.47.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r190301
+releng/7.1/                                                       r190301
+releng/7.0/                                                       r190301
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-09:01.kenv.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEUEARECAAYFAknG0gwACgkQFdaIBMps37ILlwCfcbVKW5FlPK+GtATY34wfkDWr
+5tAAmMteIrkXAeBgp3QNI6pFiHzgunE=
+=wJeF
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-09:02.bce.asc b/share/security/advisories/FreeBSD-EN-09:02.bce.asc
new file mode 100644
index 0000000000..681076050c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-09:02.bce.asc
@@ -0,0 +1,113 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-09:02.bce                                            Errata Notice
+                                                          The FreeBSD Project
+
+Topic:		bce(4) does not work with lagg(4) LACP mode
+
+Category:	core
+Module:		sys/dev
+Announced:	2009-06-24
+Credits:	Pete French <petefrench@ticketswitch.com>
+		David Christensen
+Affects:	FreeBSD 7.2
+Corrected:	2009-05-20 21:13:49 (RELENG_7, 7.2-STABLE)
+		2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.	Background
+
+bce(4) is a network device driver for Broadcom NetXtreme II
+(BCM5706/5708/5709/5716) PCI/PCIe Gigabit Ethernet adapters.  The
+lagg(4) driver is a pseudo network interface driver which allows
+aggregation of multiple network interfaces as one virtual interface
+for the purpose of providing fault-tolerance and high-speed links.
+
+II.	Problem Description
+
+The bce(4) driver used an incorrect total packet length calculation.  This
+bug was accidentally added just after 7.1-RELEASE.
+
+III.	Impact
+
+When adding a bce(4) interface on the system as a lagg(4) member with
+the LACP aggregation protocol enabled network communication via the
+bce(4) interface stops completely.  Although the bce(4) interface
+works if it is not a lagg(4) member, the incoming traffic statistics
+which can be found in netstat(1) output will be incorrect because
+every packet is recognized as full-sized one.
+
+IV.	Workaround
+
+No workaround is available.
+
+V.	Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2
+   security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 7.2 system.
+
+a) Download the relevant patch from the location below, and verify the
+   detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch
+# fetch http://security.FreeBSD.org/patches/EN-09:02/bce.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+   <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot
+   the system.
+
+VI.	Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch								 Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/dev/bce/if_bce.c				         1.34.2.8
+  src/sys/dev/bce/if_bcereg.c				         1.16.2.3
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.5
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.6
+  src/sys/dev/bce/if_bce.c                                   1.34.2.7.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r192477
+releng/7.2/                                                       r194808
+- -------------------------------------------------------------------------
+
+VII.	References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-09:02.bce.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkpBu9cACgkQFdaIBMps37IyrgCeKorJrpSXubynKzNJ2ld4j1K3
+RqoAnAjhR8Fld9c8gJUIP/BuQ0wx2atT
+=oSkz
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-09:03.fxp.asc b/share/security/advisories/FreeBSD-EN-09:03.fxp.asc
new file mode 100644
index 0000000000..4954df4d93
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-09:03.fxp.asc
@@ -0,0 +1,117 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-09:03.fxp						Errata Notice
+							  The FreeBSD Project
+
+Topic:		Poor TCP performance of fxp(4)
+
+Category:	core
+Module:		sys/dev
+Announced:	2009-06-24
+Credits:	Bjoern Koenig <bkoenig@alpha-tierchen.de>
+		Pyun YongHyeon <yongari@FreeBSD.org>
+Affects:	FreeBSD 7.2
+Corrected:	2009-05-07 01:14:59 (RELENG_7, 7.2-STABLE)
+		2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.	Background
+
+fxp(4) is a network device driver which provides support for Ethernet
+adapters based on the Intel i82557, i82558, i82559, i82550, and i82562
+chips.  It supports TCP segmentation offload (TSO) for IPv4 on i82550
+and i82551.
+
+II.	Problem Description
+
+When a TSO option is enabled, fxp(4) always sets the length of outgoing IP
+packets as the interface MTU (Maximum Transmission Unit).  This could
+could cause the packet to be lost when the TCP receiver advertises a smaller
+MSS (Maximum Segment Size) than the interface MTU on the sender side.
+
+III.	Impact
+
+TCP connections via fxp(4) can cause significantly poor performance
+when the TSO option is enabled due to packet loss.  Note that the loss
+depends on the receiver side's MSS.
+
+IV.	Workaround
+
+Disable TSO of fxp(4) interfaces on your system.  There are two ways
+to do this:
+
+ (disable TSO of a specific interface; "fxp0" in the below example)
+ # ifconfig fxp0 -tso
+
+ (disable TSO of all interfaces on the system)
+ # sysctl net.inet.tcp.tso=0
+
+V.	Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2
+   security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 7.2 system.
+
+a) Download the relevant patch from the location below, and verify the
+   detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-09:03/fxp.patch
+# fetch http://security.FreeBSD.org/patches/EN-09:03/fxp.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+   <URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot
+   the system.
+
+VI.	Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch								 Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/dev/fxp/if_fxp.c				       1.266.2.15
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.5
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.6
+  src/sys/dev/fxp/if_fxp.c                                 1.266.2.14.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r191867
+releng/7.2/                                                       r194808
+- -------------------------------------------------------------------------
+
+VII.	References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-09:03.fxp.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkpB3kwACgkQFdaIBMps37IjxwCgkw+SiBKPWl/VV5dudLRZEi/2
+upMAn2CNg1EOpeM4FCuS+C5KaXwIehh2
+=sX1l
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-09:04.fork.asc b/share/security/advisories/FreeBSD-EN-09:04.fork.asc
new file mode 100644
index 0000000000..04ce18c0c7
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-09:04.fork.asc
@@ -0,0 +1,109 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-09:04.fork                                           Errata Notice
+                                                          The FreeBSD Project
+
+Topic:		Deadlock in a multi-threaded program during fork(2)
+
+Category:	core
+Module:		libc
+Announced:	2009-06-24
+Credits:	Konstantin Belousov <kib@FreeBSD.org>,
+		Max Brazhnikov <makc@FreeBSD.org>
+Affects:	FreeBSD 7.2
+Corrected:	2009-05-03 17:51:38 (RELENG_7, 7.2-STABLE)
+		2009-06-24 05:28:09 (RELENG_7_2, 7.2-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.	Background
+
+fork(2) is a system call which causes creation of a new process.
+FreeBSD supports invoking the malloc(3) function during the fork(2) in
+a process running in threaded mode which involves locking of the memory
+allocator.
+
+II.	Problem Description
+
+A lock order reversal has been found in the interaction between the
+malloc(3) implementation and threading library.  When a multi-threaded
+process calls the fork(2) system call in a thread and the malloc(3)
+function in another thread it can cause a deadlock in the child
+process.
+
+III.	Impact
+
+A multi-threaded program that calls fork(2) in a thread and malloc(3)
+in another thread can make the child process stop unintentionally.
+There is no direct impact on the other processes or the kernel.
+
+IV.	Workaround
+
+No workaround is available.
+
+V.	Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or to the RELENG_7_2
+   security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 7.2 system.
+
+a) Download the relevant patch from the location below, and verify the
+   detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-09:04/fork.patch
+# fetch http://security.FreeBSD.org/patches/EN-09:04/fork.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libc
+# make obj && make depend && make && make install
+
+VI.	Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch								 Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/lib/libc/stdlib/malloc.c					1.147.2.7
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.5
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.6
+  src/lib/libc/stdlib/malloc.c                              1.147.2.6.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r191767
+releng/7.2/                                                       r194808
+- -------------------------------------------------------------------------
+
+VII.	References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-09:04.fork.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkpBvBsACgkQFdaIBMps37LnLQCeNw8Es9R9X8QySoZni2JQ9Kma
+N+8An3Ff/bB4l3dvgfAa0rAA+TjbfQBV
+=8YtE
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-09:05.null.asc b/share/security/advisories/FreeBSD-EN-09:05.null.asc
new file mode 100644
index 0000000000..c2c388e988
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-09:05.null.asc
@@ -0,0 +1,185 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-09:05.null                                           Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          No zero mapping feature
+
+Category:       core
+Module:         kern
+Announced:      2009-10-02
+Credits:        John Baldwin, Konstantin Belousov, Alan Cox, and Bjoern Zeeb
+Affects:        All supported versions of FreeBSD.
+Corrected:      2009-10-02 18:09:56 UTC (RELENG_8, 8.0-RC2)
+                2009-10-02 18:09:56 UTC (RELENG_7, 7.2-STABLE)
+                2009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-RELEASE-p4)
+                2009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-RELEASE-p8)
+                2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE)
+                2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7)
+                2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.	Background
+
+In the C programming language, address 0 (NULL) is used to represent
+unallocated memory.  NULL pointer dereferences are a common class of C
+programming bug in which pointers are not properly checked for NULL
+before being used.  Dereferencing a NULL pointer normally terminates
+execution, via a segmentation fault for user processes, or a page
+fault panic in the kernel.
+
+II.	Problem Description
+
+On most architectures, the FreeBSD kernel splits the process virtual
+memory address space into two portions: user and kernel.  This
+improves system call performance by avoiding a full address space
+switch when a process enters the kernel, and improves performance for
+kernel access to user memory.
+
+However, in this design, address 0 is part of the user-controlled
+portion of the virtual address space.  If the kernel dereferences a
+NULL pointer due to a kernel bug, a malicious process that has mapped
+code or data at address 0 may be able to manipulate kernel behavior.
+For example, if a malicious user process maps code at address 0 and
+then triggers a kernel bug in which a NULL function pointer is
+invoked, the kernel may execute that code with kernel privilege rather
+than panicking.
+
+III.	Impact
+
+This errata patch introduces a mitigation feature in which user
+mapping at address 0 is disallowed, limiting the attacker's ability to
+convert a kernel NULL pointer dereference into a privilege escalation
+attack.
+
+The feature is disabled by default in FreeBSD 7 and lower, and must be
+enabled by setting the sysctl(8) variable security.bsd.map_at_zero to
+0.  In FreeBSD 8 and later feature is enabled by default.
+
+While extremely rare, certain applications may rely on mapping memory
+at address 0.  Careful testing is advised when enabling this feature
+when using virtual machines, emulation technologies, and older a.out
+format binaries.
+
+Changing the mentioned sysctl(8) variable only affects processes
+started after the sysctl(8) variable was set.  Processes started
+before the sysctl(8) variable was changed will continue to run with
+the setting of the sysctl(8) variable which existed when the processes
+was started.
+
+Consequently, to ensure that the sysctl(8) variable affects all
+processes, a reboot is required with the sysctl(8) variable configured
+as mentioned below.
+
+IV.	Workaround
+
+No workaround is available.
+
+V.	Solution
+
+Perform one of the following:
+
+1) Upgrade your system to 6-STABLE, 7-STABLE, or 8-RC, or to the
+RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+Enable feature as mentioned below.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.1, and 7.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+   detached PGP signature using your PGP utility.
+
+[FreeBSD 7.x]
+# fetch http://security.FreeBSD.org/patches/EN-09:05/null.patch
+# fetch http://security.FreeBSD.org/patches/EN-09:05/null.patch.asc
+
+[FreeBSD 6.x]
+# fetch http://security.FreeBSD.org/patches/EN-09:05/null6.patch
+# fetch http://security.FreeBSD.org/patches/EN-09:05/null6.patch.asc
+
+NOTE WELL: The patch for FreeBSD 7.x can be used on FreeBSD 8, but
+does not enable the feature by default!
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+To actually enable the feature in FreeBSD 6.x and 7.x, add the
+following to either /boot/loader.conf or /etc/sysctl.conf:
+
+	security.bsd.map_at_zero="0"
+
+VI.	Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/kern/kern_exec.c                                      1.275.2.9
+RELENG_6_4
+  src/UPDATING                                            1.416.2.40.2.11
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.13
+  src/sys/kern/kern_exec.c                                  1.275.2.8.4.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.18
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.17
+  src/sys/kern/kern_exec.c                                  1.275.2.8.2.1
+RELENG_7
+  src/sys/kern/kern_exec.c                                     1.308.2.11
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.7
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.8
+  src/sys/kern/kern_exec.c                                  1.308.2.8.2.2
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.11
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.12
+  src/sys/kern/kern_exec.c                                  1.308.2.6.2.2
+RELENG_8
+  src/sys/kern/kern_exec.c                                      1.337.2.3
+  src/sys/kern/init_main.c                                      1.303.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r197715
+releng/6.4/                                                       r197715
+releng/6.3/                                                       r197715
+stable/7/                                                         r197715
+releng/7.2/                                                       r197715
+releng/7.1/                                                       r197715
+stable/8/                                                         r197714
+- -------------------------------------------------------------------------
+
+VII.	References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-09:05.null.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQFKxltpFdaIBMps37IRAoniAJ9ENWQ431doaje7gXrAfAov5l0FKwCdFRxh
+rTmlD1oew/hZTMBuFKM/LSI=
+=+ZZf
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-10:01.freebsd.asc b/share/security/advisories/FreeBSD-EN-10:01.freebsd.asc
new file mode 100644
index 0000000000..66aaaf985b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-10:01.freebsd.asc
@@ -0,0 +1,156 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-10:01.freebsd                                        Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Various FreeBSD 8.0-RELEASE improvements
+
+Category:       core
+Module:         kern
+Announced:      2010-01-06
+Affects:        FreeBSD 8.0-RELEASE.
+Corrected:      2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.FreeBSD.org/>.
+
+I.      Background
+
+Since FreeBSD 8.0 was released, several stability and performance problems
+have been identified.  This Errata Notice describes several fixes judged to
+be of particular importance, but low risk, to users with specific workloads
+or using specific features that trigger these problems.
+
+Areas where problems are addressed include NFS, ZFS, Multicast networking,
+SCTP as well as the rename(2) syscall.
+
+II.     Description
+
+* Slow NFS client reconnects when using TCP
+
+Under certain circumstances the NFS client can queue requests even though
+the remote server has initiated a connection shutdown.
+The deferred notice of the shutdown can cause slow reconnects against
+an NFS server that drops inactive connections.
+
+* Possible panics in ZFS
+
+Due to inadequate checks, attempts to modify a file on a read-only ZFS
+snapshot will lead to a 'dirtying snapshot' kernel panic.
+
+The system will also panic if ZFS is combined with a MAC policy supporting
+file system labeling (e.g., mac_biba(4) or mac_mls(4)).
+
+* Multicast regression and panic
+
+Multicast filtering may not pass incoming IGMP messages if the group
+has not been joined.  User space routing daemons will therefore not see
+all IGMP control traffic.
+
+Further, the system will panic under certain circumstances in the IPv4
+multicast forwarding path.
+
+* Panic when invalid SCTP message received during connection shutdown
+
+Receiving a specially crafted SCTP shutdown message with an invalid
+Transmission Sequence Number may cause the system to panic if there
+has been a valid association.
+
+* Panic caused by rename(2)
+
+If a path argument to the rename(2) syscall ends in '/.', insufficient
+checking will cause the system to panic.
+
+III.    Solution
+
+Perform one of the following:
+
+1) Upgrade your system to 8-STABLE, or to the RELENG_8_0 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 8.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+   detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-10:01/nfsreconnect.patch
+# fetch http://security.FreeBSD.org/patches/EN-10:01/nfsreconnect.patch.asc
+
+# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsvaccess.patch
+# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsvaccess.patch.asc
+
+# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsmac.patch
+# fetch http://security.FreeBSD.org/patches/EN-10:01/zfsmac.patch.asc
+
+# fetch http://security.FreeBSD.org/patches/EN-10:01/multicast.patch
+# fetch http://security.FreeBSD.org/patches/EN-10:01/multicast.patch.asc
+
+# fetch http://security.FreeBSD.org/patches/EN-10:01/mcinit.patch
+# fetch http://security.FreeBSD.org/patches/EN-10:01/mcinit.patch.asc
+
+# fetch http://security.FreeBSD.org/patches/EN-10:01/sctp.patch
+# fetch http://security.FreeBSD.org/patches/EN-10:01/sctp.patch.asc
+
+# fetch http://security.FreeBSD.org/patches/EN-10:01/rename.patch
+# fetch http://security.FreeBSD.org/patches/EN-10:01/rename.patch.asc
+
+b) Apply the patches.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+IV.     Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- - -------------------------------------------------------------------------
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.5
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.5
+  src/sys/netinet/ip_mroute.c                               1.155.2.1.2.2
+  src/sys/netinet/raw_ip.c                                  1.220.2.2.2.2
+  src/sys/netinet6/raw_ip6.c                                1.111.2.1.2.2
+  src/sys/rpc/clnt_vc.c                                       1.8.2.2.2.2
+  src/sys/kern/vfs_lookup.c                                 1.132.2.1.2.2
+  src/sys/netinet/sctp_input.c                               1.82.2.2.2.2
+  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c
+                                                             1.24.2.2.2.1
+  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
+                                                             1.46.2.7.2.1
+  src/sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h     1.3.4.1.2.1
+  src/sys/cddl/compat/opensolaris/sys/vnode.h                1.12.2.2.2.2
+- - -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- - -------------------------------------------------------------------------
+releng/8.0/                                                       r201679
+- - -------------------------------------------------------------------------
+
+V.      References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-10:01.freebsd.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQFLRRFQFdaIBMps37IRAuq9AJ9fq1708qfDgnyzuNRWnumiQhJD2gCcDqWd
+AyQA3ZdKXci6S8d9UauJFw4=
+=NwGp
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-10:02.sched_ule.asc b/share/security/advisories/FreeBSD-EN-10:02.sched_ule.asc
new file mode 100644
index 0000000000..384ae179fc
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-10:02.sched_ule.asc
@@ -0,0 +1,157 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-10:02.sched_ule                                      Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Deadlock in ULE scheduler
+
+Category:       core
+Module:         kern
+Announced:      2010-02-27
+Credits:        Attilio Rao
+Affects:        FreeBSD 7.0, 7.1, and 7.2.
+Corrected:      2009-09-24 09:08:22 UTC (RELENG_7, 7.2-STABLE)
+                2010-02-27 10:55:43 UTC (RELENG_7_2, 7.2-RELEASE-p7)
+                2010-02-27 10:55:43 UTC (RELENG_7_1, 7.1-RELEASE-p11)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+FreeBSD has two schedulers: the classic 4BSD scheduler and a newer,
+more SMP-aware scheduler called ULE.  The 4BSD scheduler was the
+default scheduler until FreeBSD 7.0.  Starting with FreeBSD 7.1 the
+default scheduler is ULE.
+
+The scheduler is responsible for allocating CPU time to threads and
+assigning threads to CPUs.  Runnable threads (i.e. threads which are
+not waiting for a blocking operation, such as an I/O operation, memory
+allocation or lock acquisition, to complete) are assigned to a CPU and
+placed in that CPU's run queue.  Each thread and each CPU's run queue
+is protected by a separate lock.
+
+II.  Problem Description
+
+When a thread is reassigned from one CPU to another, the scheduler
+first acquires the thread's lock, then releases the source CPU's run
+queue lock.  The scheduler then acquires the target CPU's run queue
+lock and holds the lock while it adds the thread to the queue and signals
+the target CPU.  Finally it reacquires the source CPU's run queue lock
+before unlocking the thread.  A thread on the target CPU, having been
+notified of the reassigned thread's arrival on the target CPU's run
+queue, will then acquire the thread's lock before switching it in.
+
+If, at the same time, a third thread tries to acquire both the source
+and target CPUs' run queue locks, a three-way deadlock may occur:
+
+ - The second thread has acquired the target CPU's run queue lock, but
+   has not yet acquired the first thread's lock.
+
+ - The third thread has acquired the source CPU's run queue lock, and
+   is waiting to acquire the target CPU's run queue lock, which is
+   locked by the second thread.
+
+ - The first thread is waiting to acquire the source CPU's run queue
+   lock, which is held by the third thread, in order to release its
+   own lock.
+
+As a result both CPUs' run queues are locked, and each of the three
+threads is waiting to acquire a lock held by one of the others.
+
+Eventually every CPU in the system ends up in a state where it is
+waiting to acquire each other's locks.
+
+It has not been determined whether this also affects single-CPU
+systems but it is recommended this Errata Notice be applied to
+single-CPU systems as well.
+
+III. Impact
+
+Affected systems may become deadlocked and require power-cycling.  The
+chance of a deadlock occurring increases with the number of CPUs.
+There may be other aggravating factors such as running powerd(8).  But
+eventually any multi-processor system using the ULE scheduler will
+become deadlocked.
+
+IV.  Workaround
+
+Replace SCHED_ULE with SCHED_4BSD in your kernel configuration,
+recompile your kernel and reboot the system.
+
+Note that systems running the 4BSD scheduler are not affected; to
+determine what scheduler a system is using, run
+# sysctl kern.sched.name
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your system to 7-STABLE, or to the RELENG_7_2 or RELENG_7_1
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 7.1 and
+7.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+   detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-10:02/sched_ule.patch
+# fetch http://security.FreeBSD.org/patches/EN-10:02/sched_ule.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/kern/sched_ule.c                                      1.214.2.9
+RELENG_7_2
+  src/UPDATING                                            1.507.2.23.2.10
+  src/sys/conf/newvers.sh                                  1.72.2.11.2.11
+  src/sys/kern/sched_ule.c                                  1.214.2.8.2.2
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.14
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.15
+  src/sys/kern/sched_ule.c                                  1.214.2.7.2.2
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r197453
+releng/7.2/                                                       r204409
+releng/7.1/                                                       r204409
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-10:02.sched_ule.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEARECAAYFAkuI+1oACgkQFdaIBMps37ItgACghSdnagnmy9Zohrh5IKuhygiy
+kVsAn2EXtts/l+IrjuWIzODSSUzLylia
+=mj/v
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-12:01.freebsd-update.asc b/share/security/advisories/FreeBSD-EN-12:01.freebsd-update.asc
new file mode 100644
index 0000000000..336cf2e101
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-12:01.freebsd-update.asc
@@ -0,0 +1,143 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-12:01.freebsd-update                                 Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          freebsd-update support for FreeBSD 9.0-RELEASE
+
+Category:       core
+Module:         freebsd-update
+Announced:      2012-01-04
+Affects:        All versions of FreeBSD prior to 9.0-RC2.
+Corrected:      2011-10-26 20:07:58 UTC (RELENG_7, 7.4-STABLE)
+                2012-01-04 23:47:20 UTC (RELENG_7_4, 7.4-RELEASE-p6)
+                2012-01-04 23:47:20 UTC (RELENG_7_3, 7.3-RELEASE-p10)
+                2011-10-26 20:06:27 UTC (RELENG_8, 8.2-STABLE)
+                2012-01-04 23:47:20 UTC (RELENG_8_2, 8.2-RELEASE-p6)
+                2012-01-04 23:47:20 UTC (RELENG_8_1, 8.1-RELEASE-p8)
+                2011-10-26 20:01:43 UTC (RELENG_9, 9.0-RC2)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+freebsd-update(8) allows system administrators to install binary updates to
+the base FreeBSD install, as distributed by the FreeBSD Project.
+
+II.  Problem Description
+
+freebsd-update in affected releases is unable to perform an automated upgrade
+to FreeBSD 9.0 due to unsupported characters in FreeBSD 9.0 filenames.  When
+this bug is triggered, updates fail with the following error message:
+
+  The update metadata is correctly signed, but
+  failed an integrity check.
+  Cowardly refusing to proceed any further.
+
+III. Impact
+
+Affected systems are unable to update from affected releases to FreeBSD 9.0
+using freebsd-update.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) For FreeBSD 7.x, upgrade your system to 7-STABLE, or to the RELENG_7_4 or
+  RELENG_7_3 security branch dated after the correction date.  For FreeBSD
+  8.x, upgrade your system to 8-STABLE, or to the RELENG_8_1 or RELENG_8_2
+  security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 7.3, 7.4, 8.1,
+and 8.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+   detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/EN-12:01/freebsd-update.patch
+# fetch http://security.FreeBSD.org/patches/EN-12:01/freebsd-update.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/freebsd-update
+# make obj && make && make install
+
+3) To update your affected system via a binary patch:
+
+Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE, or 8.2-RELEASE on the
+i386 or amd64 platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/usr.sbin/freebsd-update/freebsd-update.sh                   1.8.2.7
+RELENG_7_4
+  src/UPDATING                                             1.507.2.36.2.8
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.11
+  src/usr.sbin/freebsd-update/freebsd-update.sh               1.8.2.5.4.2
+RELENG_7_3
+  src/UPDATING                                            1.507.2.34.2.12
+  src/sys/conf/newvers.sh                                  1.72.2.16.2.14
+  src/usr.sbin/freebsd-update/freebsd-update.sh               1.8.2.5.2.2
+RELENG_8
+  src/usr.sbin/freebsd-update/freebsd-update.sh                  1.16.2.6
+RELENG_8_2
+  src/UPDATING                                             1.632.2.19.2.8
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.11
+  src/usr.sbin/freebsd-update/freebsd-update.sh              1.16.2.4.2.2
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.11
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.12
+  src/usr.sbin/freebsd-update/freebsd-update.sh              1.16.2.3.2.2
+RELENG_9
+  src/usr.sbin/freebsd-update/freebsd-update.sh                  1.25.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r226813
+releng/7.4/                                                       r229539
+releng/7.3/                                                       r229539
+stable/8/                                                         r226812
+releng/8.2/                                                       r229539
+releng/8.1/                                                       r229539
+stable/9/                                                         r226811
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-12:01.freebsd-update.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEARECAAYFAk8E5YQACgkQFdaIBMps37LeTACeKYRkY5s+Iy+JCf/Zc3yvKSLD
+2RsAnRsmN3gCPYglNjwkhJctdkLdGULh
+=6LzH
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-EN-12:02.ipv6refcount.asc b/share/security/advisories/FreeBSD-EN-12:02.ipv6refcount.asc
new file mode 100644
index 0000000000..9178d35d42
--- /dev/null
+++ b/share/security/advisories/FreeBSD-EN-12:02.ipv6refcount.asc
@@ -0,0 +1,161 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-EN-12:02.ipv6refcount                                   Errata Notice
+                                                          The FreeBSD Project
+
+Topic:          Reference count errors in IPv6 code
+
+Category:       core
+Modules:        sys_netinet sys_netinet6
+Announced:      2012-06-12
+Credits:        Scott Long, Rui Paulo, Maksim Yevmenkin
+Affects:        FreeBSD 8.0 and later
+Corrected:      2012-06-09 22:44:49 UTC (RELENG_8, 8.3-STABLE)
+                2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
+                2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
+                2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
+                2012-06-09 22:44:24 UTC (RELENG_9, 9.0-STABLE)
+                2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
+
+For general information regarding FreeBSD Errata Notices and Security
+Advisories, including descriptions of the fields above, security
+branches, and the following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+The FreeBSD network stack implements Internet Protocol version 6 (IPv6),
+the successor to IPv4.  IPv6 is now seeing widespread deployment.
+
+Reference counts are a programming technology used by the FreeBSD kernel
+to maintain stability of objects while in use.
+
+II.  Problem Description
+
+The FreeBSD IPv4 and IPv6 kernel implementations employ reference counts to
+protect IP addresses configured on network interfaces.  Due to multiple
+bugs, IPv6 address references may be improperly acquired or released; IPv4
+is unaffected.
+
+III. Impact
+
+Under high IPv6 network load, reference counts may improperly hit zero
+due to overflow or underflow, causing an IPv6 address, which is still in
+use, to be freed.  This will lead to a kernel panic on next access.
+
+IV.  Workaround
+
+No workaround is available, but systems not using any IPv6 communication
+are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 8-STABLE, or 9-STABLE, or to the
+RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0 security branch dated
+after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 8.3, 8.2,
+8.1, and 9.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 8.1-RELEASE, 8.2-RELEASE, and 9.0-RELEASE]
+# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount.patch
+# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount.patch.asc
+
+[FreeBSD 8.3-RELEASE]
+# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount-83.patch
+# fetch http://security.FreeBSD.org/patches/EN-12:02/ipv6refcount-83.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE, or 9.0-RELEASE on
+the i386 or amd64 platforms can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_8
+  sys/netinet/tcp_input.c                                      1.411.2.22
+  sys/netinet6/in6.c                                           1.121.2.28
+  sys/netinet6/ip6_input.c                                      1.132.2.9
+RELENG_8_3
+  src/UPDATING                                             1.632.2.26.2.5
+  src/sys/conf/newvers.sh                                   1.83.2.15.2.7
+  sys/netinet/tcp_input.c                                  1.411.2.19.2.2
+  sys/netinet6/in6.c                                       1.121.2.23.2.2
+  sys/netinet6/ip6_input.c                                  1.132.2.6.4.2
+RELENG_8_2
+  src/UPDATING                                            1.632.2.19.2.11
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.14
+  sys/netinet/tcp_input.c                                   1.411.2.9.2.2
+  sys/netinet6/in6.c                                       1.121.2.12.2.2
+  sys/netinet6/ip6_input.c                                  1.132.2.6.2.2
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.14
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.15
+  sys/netinet/tcp_input.c                                   1.411.2.6.2.2
+  sys/netinet6/in6.c                                       1.121.2.11.2.2
+  sys/netinet6/ip6_input.c                                  1.132.2.4.2.2
+RELENG_9
+  sys/netinet/tcp_input.c                                       1.437.2.7
+  sys/netinet6/in6.c                                           1.139.2.16
+  sys/netinet6/ip6_input.c                                      1.147.2.4
+RELENG_9_0
+  src/UPDATING                                              1.702.2.4.2.5
+  src/sys/conf/newvers.sh                                    1.95.2.4.2.7
+  sys/netinet/tcp_input.c                                   1.437.2.2.2.2
+  sys/netinet6/in6.c                                        1.139.2.4.2.2
+  sys/netinet6/ip6_input.c                                  1.147.2.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r236827
+releng/8.3/                                                       r236953
+releng/8.2/                                                       r236953
+releng/8.1/                                                       r236953
+stable/9/                                                         r236826
+releng/9.0/                                                       r236953
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this Errata Notice is available at
+http://security.FreeBSD.org/advisories/FreeBSD-EN-12:02.ipv6refcount.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEARECAAYFAk/XQFQACgkQFdaIBMps37LBygCeLi30YsLogAWsemBcX/WdtOqi
+35UAoIVvwvGi+fOs/fGm2PoAixAWqhSH
+=2X+g
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:01.make.asc b/share/security/advisories/FreeBSD-SA-00:01.make.asc
new file mode 100644
index 0000000000..7ed4c2666b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:01.make.asc
@@ -0,0 +1,243 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:01                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Insecure temporary file handling in make(1)
+
+Category:       core
+Module:         make
+Announced:      2000-01-19
+Affects:        All versions before the correction date.
+Corrected:      2000-01-16
+FreeBSD only:   NO
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:01/make.patch
+
+I.   Background
+
+The make(1) program is typically used to schedule building of source
+code. It has a switch ('-j') to allow parallel building by spawning
+multiple child processes.
+
+II.  Problem Description
+
+The -j option to make(1) uses temporary files in /tmp to communicate
+with its child processes by storing the shell command the child should
+execute. This is useful on multi-processor architectures for making
+use of all of the available CPUs, and is also widely used on
+uniprocessor systems to minimize the scheduling latency of the build
+process.
+
+However make(1) uses the temporary file in an insecure way, repeatedly
+deleting and reusing the same file name for the entire life of the
+program. This makes it vulnerable to a race condition wherein a
+malicious user could observe the name of the temporary file being
+used, and replace the contents of a later instance of the file with
+her desired commands after the legitimate commands have been written.
+
+This vulnerability was discovered as part of the FreeBSD Auditing
+Project, an ongoing effort to identify and correct security
+vulnerabilities in the FreeBSD operating system.
+
+All versions of NetBSD and OpenBSD are also believed to be vulnerable
+to this problem. Other systems using a BSD-derived make(1) binary may
+also be vulnerable.
+
+III. Impact
+
+Local users could execute arbitrary shell commands as part of the
+build process scheduled by "make -j" by another user.
+
+IV.  Workaround
+
+Avoid using the '-j' flag to make(1).
+
+V.   Solution
+
+Upgrade your system to one that is listed above as having the problem
+resolved, or patch your present system.
+
+To patch your present system: save the patch below into a file, and
+execute the following commands as root:
+
+cd /usr/src/usr.bin/make
+patch < /path/to/patch/file
+make all
+make install
+
+Patches for 3.4-STABLE and 4.0-CURRENT systems before the resolution date:
+
+    Index: job.c
+    ===================================================================
+    RCS file: /home/ncvs/src/usr.bin/make/job.c,v
+    retrieving revision 1.16
+    diff -u -r1.16 job.c
+    --- job.c	1999/09/11 13:08:01	1.16
+    +++ job.c	2000/01/17 01:42:57
+    @@ -163,14 +163,6 @@
+     #define JOB_STOPPED	3   	/* The job is stopped */
+     
+     /*
+    - * tfile is the name of a file into which all shell commands are put. It is
+    - * used over by removing it before the child shell is executed. The XXXXXXXXXX
+    - * in the string are replaced by mkstemp(3).
+    - */
+    -static char     tfile[sizeof(TMPPAT)];
+    -
+    -
+    -/*
+      * Descriptions for various shells.
+      */
+     static Shell    shells[] = {
+    @@ -993,7 +985,7 @@
+     	/*
+     	 * If we are aborting and the job table is now empty, we finish.
+     	 */
+    -	(void) eunlink(tfile);
+    +	(void) eunlink(job->tfile);
+     	Finish(errors);
+         }
+     }
+    @@ -1668,6 +1660,7 @@
+         Boolean	  cmdsOK;     /* true if the nodes commands were all right */
+         Boolean 	  local;      /* Set true if the job was run locally */
+         Boolean 	  noExec;     /* Set true if we decide not to run the job */
+    +    int		  tfd;	      /* File descriptor for temp file */
+     
+         if (previous != NULL) {
+     	previous->flags &= ~(JOB_FIRST|JOB_IGNERR|JOB_SILENT|JOB_REMOTE);
+    @@ -1697,6 +1690,12 @@
+         }
+         job->flags |= flags;
+     
+    +    (void) strcpy(job->tfile, TMPPAT);
+    +    if ((tfd = mkstemp(job->tfile)) == -1)
+    +	Punt("cannot create temp file: %s", strerror(errno));
+    +    else
+    +	(void) close(tfd);
+    +
+         /*
+          * Check the commands now so any attributes from .DEFAULT have a chance
+          * to migrate to the node
+    @@ -1722,9 +1721,9 @@
+     	    DieHorribly();
+     	}
+     
+    -	job->cmdFILE = fopen(tfile, "w+");
+    +	job->cmdFILE = fopen(job->tfile, "w+");
+     	if (job->cmdFILE == NULL) {
+    -	    Punt("Could not open %s", tfile);
+    +	    Punt("Could not open %s", job->tfile);
+     	}
+     	(void) fcntl(FILENO(job->cmdFILE), F_SETFD, 1);
+     	/*
+    @@ -1830,7 +1829,7 @@
+     	 * Unlink and close the command file if we opened one
+     	 */
+     	if (job->cmdFILE != stdout) {
+    -	    (void) eunlink(tfile);
+    +	    (void) eunlink(job->tfile);
+     	    if (job->cmdFILE != NULL)
+     		(void) fclose(job->cmdFILE);
+     	} else {
+    @@ -1859,7 +1858,7 @@
+     	}
+         } else {
+     	(void) fflush(job->cmdFILE);
+    -	(void) eunlink(tfile);
+    +	(void) eunlink(job->tfile);
+         }
+     
+         /*
+    @@ -2403,13 +2402,6 @@
+     			     * be running at once. */
+     {
+         GNode         *begin;     /* node for commands to do at the very start */
+    -    int	          tfd;
+    -
+    -    (void) strcpy(tfile, TMPPAT);
+    -    if ((tfd = mkstemp(tfile)) == -1)
+    -	Punt("cannot create temp file: %s", strerror(errno));
+    -    else
+    -	(void) close(tfd);
+     
+         jobs =  	  Lst_Init(FALSE);
+         stoppedJobs = Lst_Init(FALSE);
+    @@ -2914,7 +2906,7 @@
+     	    }
+     	}
+         }
+    -    (void) eunlink(tfile);
+    +    (void) eunlink(job->tfile);
+     }
+     
+     /*
+    @@ -2948,7 +2940,6 @@
+     	    }
+     	}
+         }
+    -    (void) eunlink(tfile);
+         return(errors);
+     }
+     
+    @@ -3024,6 +3015,7 @@
+     	    KILL(job->pid, SIGINT);
+     	    KILL(job->pid, SIGKILL);
+     #endif /* RMT_WANTS_SIGNALS */
+    +	    (void) eunlink(job->tfile);
+     	}
+         }
+     
+    @@ -3032,7 +3024,6 @@
+          */
+         while (waitpid((pid_t) -1, &foo, WNOHANG) > 0)
+     	continue;
+    -    (void) eunlink(tfile);
+     }
+     
+     #ifdef REMOTE
+    Index: job.h
+    ===================================================================
+    RCS file: /home/ncvs/src/usr.bin/make/job.h,v
+    retrieving revision 1.10
+    diff -u -r1.10 job.h
+    --- job.h	1999/08/28 01:03:31	1.10
+    +++ job.h	2000/01/17 01:42:31
+    @@ -93,6 +93,8 @@
+     #define JOB_BUFSIZE	1024
+     typedef struct Job {
+         int       	pid;	    /* The child's process ID */
+    +    char	tfile[sizeof(TMPPAT)];
+    +			    /* Temporary file to use for job */
+         GNode    	*node;      /* The target the child is making */
+         LstNode 	tailCmds;   /* The node of the first command to be
+     			     * saved when the job has been run */
+    
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
+
+iQCVAwUBOIVvCFUuHi5z0oilAQF7nQP+No1n5Rl2g0ltvu+Vrx2ImMZreOwz04zZ
+a6MM+bQQ0q/pXgupzSQ3xcfpzZzHjQx2+ajMg4P+l7+OsBvjBvrVFrc021rRW18W
+Ds3A/Vlm8seaWOe4Q4u5qSTdp2PO9HXJrEQWL37xAQtqVyT3J2E37MQyEfENWg4d
+FeIUCiTIMuA=
+=86yT
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:02.procfs.asc b/share/security/advisories/FreeBSD-SA-00:02.procfs.asc
new file mode 100644
index 0000000000..d1181c6fc5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:02.procfs.asc
@@ -0,0 +1,183 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:01                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Old procfs hole incompletely filled
+
+Category:       core
+Module:         make
+Announced:      2000-01-24
+Affects:        All versions before the correction date.
+Corrected:      2000-01-20
+FreeBSD only:   NO
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:02/procfs.patch
+
+I.   Background
+
+procfs provides access to other processes memory spaces.  This is
+intended to be used in debugging and has many safeguards built into it
+to prevent abuse.
+
+II.  Problem Description
+
+In January 1997 a fatal flaw in *BSD procfs code (leading to a local
+root compromise) was discussed on various security forums. The exploit
+code dealt with /proc/pid/mem interface. Since then *BSD kernels
+contained a simple fix which was meant to close this hole.
+
+Unfortunately, throughout these three years it was still possible to
+abuse /proc/pid/mem in a similar, though more complicated fashion,
+which could lead to local root compromise.
+
+III. Impact
+
+Local users can gain root access.
+
+IV.  Workaround
+
+You can unmount /proc.  In both 3.x-stable and 4.0-current this will
+break truss and gcore.  In 3.x-stable systems only it will reduce the
+amount of information ps reports.
+
+V.   Solution
+
+Apply the following patch
+
+     Index: sys/filedesc.h
+     ===================================================================
+     RCS file: /base/FreeBSD-CVS/src/sys/sys/filedesc.h,v
+     retrieving revision 1.15.2.1
+     diff -u -r1.15.2.1 filedesc.h
+     --- filedesc.h	1999/08/29 16:32:22	1.15.2.1
+     +++ filedesc.h	2000/01/20 21:39:29
+     @@ -139,6 +139,7 @@
+      int	fsetown __P((pid_t, struct sigio **));
+      void	funsetown __P((struct sigio *));
+      void	funsetownlst __P((struct sigiolst *));
+     +void	setugidsafety __P((struct proc *p));
+      #endif
+
+      #endif
+     Index: kern/kern_descrip.c
+     ===================================================================
+     RCS file: /base/FreeBSD-CVS/src/sys/kern/kern_descrip.c,v
+     retrieving revision 1.58.2.3
+     diff -u -r1.58.2.3 kern_descrip.c
+     --- kern_descrip.c	1999/11/18 08:09:08	1.58.2.3
+     +++ kern_descrip.c	2000/01/20 21:40:00
+     @@ -984,6 +984,62 @@
+      }
+
+      /*
+     + * For setuid/setgid programs we don't want to people to use that setuidness
+     + * to generate error messages which write to a file which otherwise would
+     + * otherwise be off limits to the proces.
+     + *
+     + * This is a gross hack to plug the hole.  A better solution would involve
+     + * a special vop or other form of generalized access control mechanism.  We
+     + * go ahead and just reject all procfs file systems accesses as dangerous.
+     + *
+     + * Since setugidsafety calls this only for fd 0, 1 and 2, this check is
+     + * sufficient.  We also don't for setugidness since we know we are.
+     + */
+     +static int
+     +is_unsafe(struct file *fp)
+     +{
+     +	if (fp->f_type == DTYPE_VNODE && 
+     +	    ((struct vnode *)(fp->f_data))->v_tag == VT_PROCFS)
+     +		return (1);
+     +	return (0);
+     +}
+     +
+     +/*
+     + * Make this setguid thing safe, if at all possible.
+     + */
+     +void
+     +setugidsafety(p)
+     +	struct proc *p;
+     +{
+     +	struct filedesc *fdp = p->p_fd;
+     +	struct file **fpp;
+     +	char *fdfp;
+     +	register int i;
+     +
+     +	/* Certain daemons might not have file descriptors. */
+     +	if (fdp == NULL)
+     +		return;
+     +
+     +	fpp = fdp->fd_ofiles;
+     +	fdfp = fdp->fd_ofileflags;
+     +	for (i = 0; i <= fdp->fd_lastfile; i++, fpp++, fdfp++) {
+     +		if (i > 2)
+     +			break;
+     +		if (*fpp != NULL && is_unsafe(*fpp)) {
+     +			if (*fdfp & UF_MAPPED)
+     +				(void) munmapfd(p, i);
+     +			(void) closef(*fpp, p);
+     +			*fpp = NULL;
+     +			*fdfp = 0;
+     +			if (i < fdp->fd_freefile)
+     +				fdp->fd_freefile = i;
+     +		}
+     +	}
+     +	while (fdp->fd_lastfile > 0 && fdp->fd_ofiles[fdp->fd_lastfile] == NULL)
+     +		fdp->fd_lastfile--;
+     +}
+     +
+     +/*
+       * Close any files on exec?
+       */
+      void
+     Index: kern/kern_exec.c
+     ===================================================================
+     RCS file: /base/FreeBSD-CVS/src/sys/kern/kern_exec.c,v
+     retrieving revision 1.93.2.3
+     diff -u -r1.93.2.3 kern_exec.c
+     --- kern_exec.c	1999/08/29 16:25:58	1.93.2.3
+     +++ kern_exec.c	2000/01/20 21:39:29
+     @@ -281,6 +281,7 @@
+		     if (attr.va_mode & VSGID)
+			     p->p_ucred->cr_gid = attr.va_gid;
+		     setsugid(p);
+     +		setugidsafety(p);
+	     } else {
+		     if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
+			 p->p_ucred->cr_gid == p->p_cred->p_rgid)
+
+VI.  Credits
+
+We are republishing a heavily edited FEAR security advisory (number 1)
+entitled "*BSD procfs vulnerability".  More information about FEAR can
+be found at http://www.fear.pl.  We would like to thank
+nergal@idea.avet.com.pl for sending a preliminary version of the
+advisory to us in time to correct the problem.
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
+
+iQCVAwUBOJFWeFUuHi5z0oilAQHo2AP+N4GDREEmjxy6RUvt+G3cRe1Sx4yxr/Jd
+q70D5Icp3JlcJgxGfWFqGGvt8yx9xMm6d57mFDltdvPKr0TY0n0bY39BJlRAto9n
+gn8BJJvQ0WQ15ctOQKIsGwGJqHvA+p4qAHYFE3sUIZn6oMz5//C5OmaC7mFtrycY
+TI64bNR+0F8=
+=/F89
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:03.asmon.asc b/share/security/advisories/FreeBSD-SA-00:03.asmon.asc
new file mode 100644
index 0000000000..c1b61b9466
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:03.asmon.asc
@@ -0,0 +1,87 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:03                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Asmon/Ascpu ports fail to drop privileges
+
+Category:       ports
+Module:         asmon/ascpu
+Announced:      2000-02-19
+Affects:        Ports collection before the correction date.
+Corrected:      2000-01-29
+FreeBSD only:   yes
+
+I.   Background
+
+Two optional third-party ports distributed with FreeBSD can be used to
+execute commands with elevated privileges, specifically setgid kmem
+privileges. This may lead to a local root compromise.
+
+II.  Problem Description
+
+Asmon and ascpu allow users to execute arbitrary commands as part of a user
+configuration file. Both applications are Linux-centric as distributed by
+the vendor and require patching to run under FreeBSD (specifically, using
+the kvm interface and setgid kmem privileges to obtain system statistics);
+this patching was the source of the present security problem. This is a
+similar flaw to one found in the wmmon port, which was corrected on
+1999/12/31.
+
+Note that neither utility is installed by default, nor are they "part of
+FreeBSD" as such: they are part of the FreeBSD ports collection, which
+contains over 3100 third-party applications in a ready-to-install format.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security audit of
+the most security-critical ports.
+
+III. Impact
+
+If you have not chosen to install the asmon or ascpu ports/packages, then
+your system is not vulnerable. If you have, then local users can obtain
+setgid kmem rights, which allows them to manipulate kernel memory, and
+thereby compromise root.
+
+IV.  Workaround
+
+Remove the asmon and ascpu ports/packages, if you have installed them.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the asmon and/or ascpu
+ports.
+
+2) Reinstall a new package obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/sysutils/asmon-0.60.tgz
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/sysutils/ascpu-1.8.tgz
+
+after the correction date. At the time of advisory release, the asmon
+package was not available - you may need to use one of the other methods
+to update the software.
+
+3) download a new port skeleton for the asmon and/or ascpu ports from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild one or both ports.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOK+LsFUuHi5z0oilAQHRZAP+MC3e3NhGNTDhiL/GAQjewUS8c16ClPhj
+WruCd5Tu1WJA2Em8Q19Ui7vrLRLQ9aXzTocUOBd6x6/zqpM3lS1aJMwvV9BkZ59G
+ONh6aiM7FbWPKukW1YThKDn0Vjtc5JaDHsbJ4dVHQh/IMqZD8hqocLG4AjJDxnLj
+qlRyhiCr/lA=
+=l1gj
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:04.delegate.asc b/share/security/advisories/FreeBSD-SA-00:04.delegate.asc
new file mode 100644
index 0000000000..a16b3893eb
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:04.delegate.asc
@@ -0,0 +1,92 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:04                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Delegate port contains numerous buffer overflows
+
+Category:       ports
+Module:         delegate
+Announced:      2000-02-19
+Affects:        Ports collection before the correction date.
+Corrected:      2000-02-02
+FreeBSD only:   NO
+
+I.   Background
+
+An optional third-party port distributed with FreeBSD contains numerous
+remotely-exploitable buffer overflows which allow an attacker to execute
+arbitrary commands on the local system, typically as the 'nobody' user.
+
+II.  Problem Description
+
+Delegate is a versatile application-level proxy. Unfortunately it is
+written in a very insecure style, with potentially dozens of different
+exploitable buffer overflows (including several demonstrated ones), each of
+which could allow an attacker to execute arbitrary code on the delegate
+server. This code will run as the user ID of the 'delegated' process,
+typically 'nobody' in the recommended configuration, but this still
+represents a security risk as the attacker may be able to mount a local
+attack to further upgrade his or her access privileges.
+
+Note that the delegate utility is not installed by default, nor is it "part
+of FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3100 third-party applications in a ready-to-install format.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security audit of
+the most security-critical ports.
+
+III. Impact
+
+If you have not chosen to install the delegate port/package, then your
+system is not vulnerable. If you have, then local or remote users who can
+connect to the delegate port(s), or malicious servers which a user accesses
+using the delegate proxy, can potentially execute arbitrary code on your
+system in any number of ways.
+
+IV.  Workaround
+
+Remove the delegate port/package, if you have installed it.
+
+V.   Solution
+
+Unfortunately no simple fix is available - the problems with the delegate
+software are too endemic to be fixed by a simple patch. It is hoped the
+software authors will take security to heart and correct the security
+problems in a future version, although user caution is advised given the
+current state of the code.
+
+Depending on your local setup and your security threat model, using a
+firewall/packet filter such as ipfw(8) or ipf(8) to prevent remote users
+from connecting to the delegate port(s) may be enough to meet your security
+needs. Note that this will not prevent legitimate proxy users from
+attacking the delegate server, although this may not be an issue if they
+have a shell account on the machine anyway.
+
+Note also that this does not prevent "passive" exploits in which a user is
+convinced through other means into visiting a malicious server using the
+proxy, which may be able to compromise it by sending back invalid
+data. Several flaws of this type have been discovered during a brief
+survey of the code.
+
+If you are running FreeBSD 4.0, a possible solution might be to confine the
+delegate process inside a "jail" (see the jail(8) manpage). A properly
+configured jail will isolate the contents in their own separate "virtual
+machine", which can be suitably secured so that an attacker who gains
+control of a process running inside the jail cannot escape and gain access
+to the rest of the machine. Note that this is different from a traditional
+chroot(8), since it does not just attempt to isolate processes inside
+portions of the filesystem. This solution is not possible under standard
+FreeBSD 3.x or earlier.
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOK+NTVUuHi5z0oilAQGGnAP+NOxAOVpEUpyR0iQwNjA1Je7B4M5gOxzc
+NwqQKp7WBm/IzzIW23KvyPcbTld83+m2tnhdNW3srh8ESSYDaa/hhmG2AtR0LYEL
+H2EWTIBcPBhidquX+ihKGTSaMnMjYpmp6GVGSsBqcNFXAPGHiJ6BbsEg2k6rJSLz
+wgL0NJ+qkCI=
+=ZhXO
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:05.mysql.asc b/share/security/advisories/FreeBSD-SA-00:05.mysql.asc
new file mode 100644
index 0000000000..a8f0768081
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:05.mysql.asc
@@ -0,0 +1,92 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:05                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          MySQL allows bypassing of password authentication
+
+Category:       ports
+Module:         mysql322-server
+Announced:      2000-02-28
+Affects:        Ports collection before the correction date.
+Corrected:      2000-02-15
+FreeBSD only:   NO
+
+I.   Background
+
+MySQL is a popular SQL database client/server distributed as part of the
+FreeBSD ports collection.
+
+II.  Problem Description
+
+The MySQL database server (versions prior to 3.22.32) has a flaw in the
+password authentication mechanism which allows anyone who can connect to
+the server to access databases without requiring a password, given a valid
+username on the database - in other words, the normal password
+authentication mechanism can be completely bypassed.
+
+MySQL is not installed by default, nor is it "part of FreeBSD" as such: it
+is part of the FreeBSD ports collection, which contains over 3100
+third-party applications in a ready-to-install format.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security audit
+of the most security-critical ports.
+
+III. Impact
+
+The successful attacker will have all of the access rights of that
+database user and may be able to read, add or modify records.
+
+If you have not chosen to install the mysql322-server port/package, then
+your system is not vulnerable.
+
+IV.  Workaround
+
+Use appropriate access-control lists to limit which hosts can initiate
+connections to MySQL databases - see:
+
+http://www.mysql.com/Manual_chapter/manual_Privilege_system.html
+
+for more information. If unrestricted remote access to the database is not
+required, consider using ipfw(8) or ipf(8), or your network perimeter
+firewall, to prevent remote access to the database from untrusted machines
+(MySQL uses TCP port 3306 for network communication). Note that users who
+have access to machines which are allowed to initiate database connections
+(e.g. local users) can still exploit the security hole.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the mysql322-server
+port.
+
+2) Reinstall a new package obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/databases/mysql-server-3.22.32.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/databases/mysql-server-3.22.32.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/databases/mysql-server-3.22.32.tgz
+
+3) download a new port skeleton for the mysql322-server port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOLtYEVUuHi5z0oilAQHtbwP/TF0hNZwrO/wAuBjYF8Eff5aDU1KtnA9D
+u0bcUakDgF/nODVxgOFZ1MfaK95PAhRqdYvtwssTqTXwlRB+PU0vtwjdt3p3l8d3
+SixfhxT+Ys/v222jK+o6lJdxfKOC4chNDseboSRoCSLEESNl2NDGkBKezKSzzlng
+vzxtva695bI=
+=KYqf
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:06.htdig.asc b/share/security/advisories/FreeBSD-SA-00:06.htdig.asc
new file mode 100644
index 0000000000..86403ddd9f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:06.htdig.asc
@@ -0,0 +1,90 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:06                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          htdig port allows remote reading of files
+
+Category:       ports
+Module:         htdig
+Announced:      2000-03-01
+Affects:        Ports collection before the correction date.
+Corrected:      2000-02-28
+FreeBSD only:   NO
+
+I.   Background
+
+The ht://Dig system is a complete world wide web indexing and searching
+system for a small domain or intranet.
+
+II.  Problem Description
+
+There is a security hole in the htsearch cgi-bin program for versions of
+htdig prior to 3.1.5, which allows remote users to read any file on the
+local system that is accessible to the user ID running htsearch (usually
+the user ID running the webserver process, user 'nobody' in the default
+installation of apache).
+
+Note that the htdig utility is not installed by default, nor is it "part
+of FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3100 third-party applications in a ready-to-install format.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security audit
+of the most security-critical ports.
+
+III. Impact
+
+If you have not chosen to install the htdig port/package, then your system
+is not vulnerable. If you have, then local or remote users who can connect
+to a web server which contains the htsearch cgi-bin executable can read
+any file on your system which is accessible to the user running the
+htsearch process (typically user nobody). It is not currently believed
+that an attacker can exploit this hole to modify or delete files, but they
+may be able to use the ability to read files to mount a further attack
+based on other security holes they discover.
+
+IV.  Workaround
+
+Remove the /usr/local/share/apache/cgi-bin/htsearch file, if you do not
+make use of it.
+
+V.  Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the htdig port.
+
+2) Reinstall a new package obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/textproc/htdig-3.1.5.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/textproc/htdig-3.1.5.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/textproc/htdig-3.1.5.tgz
+
+(Note: it may be several days before the new packages appear on the FTP
+site)
+
+3) download a new port skeleton for the htdig port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOL1um1UuHi5z0oilAQGtnwP+JsTP4KCrAO/fEIMG70a79tPsLeqUiuyP
+ihPc5Rw/e6wguW8qPLXvLGSsT5zzkXLOeuww+2ViPpYehTkD4cB1zt3UsWeNSGa+
+kkWQyYFwK/3BaHbsN8COu4xa5c4B+VdqbFXa3G/cIM+MRRTxlhrDWqaJp58UKpD3
+OA7HcbSdSKk=
+=A+Nm
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:07.mh.asc b/share/security/advisories/FreeBSD-SA-00:07.mh.asc
new file mode 100644
index 0000000000..2cdad2d777
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:07.mh.asc
@@ -0,0 +1,113 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:07                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		mh/nmh/exmh/exmh2 ports allow remote execution of binary code
+
+Category:       ports
+Module:         mh/nmh/exmh/exmh2
+Announced:      2000-03-15
+Revised:	2000-03-19
+Affects:        Ports collection before the correction date.
+Corrected:      [See below for a more complete description]
+		All versions fixed in 4.0-RELEASE.
+		mh: 2000-03-04
+		nmh: 2000-02-29
+		exmh: 2000-03-05
+		exmh2: 2000-03-05
+FreeBSD only:   NO
+
+I.   Background
+
+MH and its successor NMH are popular Mail User Agents. EXMH and EXMH2 are
+TCL/TK-based front-ends to the MH system. There are also Japanese-language
+versions of the MH and EXMH2 ports, but these are developed separately and are
+not vulnerable to the problem described here.
+
+II.  Problem Description
+
+The mhshow command used for viewing MIME attachments contains a buffer
+overflow which can be exploited by a specially-crafted email attachment,
+which will allow the execution of arbitrary code as the local user when the
+attachment is opened.
+
+The *MH ports are not installed by default, nor are they "part of
+FreeBSD" as such: they are part of the FreeBSD ports collection, which
+contains over 3100 third-party applications in a ready-to-install
+format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to
+this problem.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security audit
+of the most security-critical ports.
+
+III. Impact
+
+An attacker who can convince a user to open a hostile MIME attachment sent
+as part of an email message can execute arbitrary binary code running with
+the privileges of that user.
+
+If you have not chosen to install any of the mh/nmh/exmh/exmh2
+ports/packages, then your system is not vulnerable.
+
+The Japanese-language version of MH is being actively developed and is
+believed to have fixed this particular problem over a year ago. Consequently
+the ja-mh and ja-exmh2 ports are not believed to be vulnerable to this problem.
+
+IV.  Workaround
+
+1) Remove the mhshow binary, located in /usr/local/bin/mhshow. This will
+prevent the viewing of MIME attachments from within *mh.
+
+2) Remove the mh/nmh/exmh/exmh2 ports, if you you have installed them.
+
+V.   Solution
+
+The English language version of the MH software is no longer actively
+developed, and no fix is currently available. It is unknown whether a fix
+to the problem will be forthcoming - consider upgrading to use NMH instead,
+which is the designated successor of the MH software. EXMH and EXMH2 can
+both be compiled to use NMH instead (this is now the default behaviour). It
+is not necessary to recompile EXMH/EXMH2 after reinstalling NMH.
+
+SOLUTION: Remove any old versions of the mail/mh or mail/nmh ports and
+perform one of the following:
+
+1) Upgrade your entire ports collection and rebuild the mail/nmh port.
+
+2) Reinstall a new package obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/nmh-1.0.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/mail/nmh-1.0.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/mail/nmh-1.0.3.tgz
+
+3) download a new port skeleton for the nmh port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+VI.   Revision history
+
+v1.0  2000-03-15   Initial release
+v1.1  2000-03-19   Update to note that the japanese-localized ports are not
+                   vulnerable
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBONXFXlUuHi5z0oilAQHQ/QP9FCTFiFlaeSv2ROM46PbDkF6MN39SLTuv
+DEW6a6wmMU5+YbSTlFLjvYrqYgpjOmM7NMOMhhceVVpoZVMMPonHuJxHWh7YvF2G
+T4bZcRM3kpRcjXAOQnIiUrgh77zoEmfBysAmHZbNucCmOB5y7UqHI3CM31+geiPR
+/bsvHCy4U0U=
+=Odcg
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:08.lynx.asc b/share/security/advisories/FreeBSD-SA-00:08.lynx.asc
new file mode 100644
index 0000000000..42b7cf6663
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:08.lynx.asc
@@ -0,0 +1,111 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:08                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		Lynx ports contain numerous buffer overflows
+
+Category:       ports
+Module:         lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current
+Announced:      2000-03-15
+Revised:	2000-05-17
+Affects:        Ports collection before the correction date.
+Corrected:      2000-04-16 [lynx-current]
+		2000-04-21 [lynx]
+FreeBSD only:   NO
+
+I.   Background
+
+Lynx is a popular text-mode WWW browser, available in several versions
+including SSL support and Japanese language localization.
+
+II.  Problem Description
+
+Versions of the lynx software prior to version 2.8.3pre.5 were written
+in a very insecure style and contain numerous potential and several
+proven security vulnerabilities (publicized on the BugTraq mailing
+list) exploitable by a malicious server.
+
+The lynx ports are not installed by default, nor are they "part of
+FreeBSD" as such: they are part of the FreeBSD ports collection, which
+contains over 3200 third-party applications in a ready-to-install
+format.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A malicious server which is visited by a user with the lynx browser
+can exploit the browser security holes in order to execute arbitrary
+code as the local user.
+
+If you have not chosen to install any of the
+lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports/packages,
+then your system is not vulnerable.
+
+IV.  Workaround
+
+Remove the lynx/lynx-current/lynx-ssl/ja-lynx/ja-lynx-current ports,
+if you you have installed them.
+
+V.   Solution
+
+Upgrade to lynx or lynx-current after the correction date.
+
+After the initial release of this advisory, the Lynx development team
+conducted an audit of the source code, and have corrected the known
+vulnerabilities in lynx as well as increasing the robustness of the
+string-handling code. As of lynx-2.8.3pre.5, we consider it safe
+enough to use again.
+
+Note that there may be undiscovered vulnerabilities remaining in the
+code, as with all software - but should any further vulnerabilities be
+discovered a new advisory will be issued.
+
+At this time the lynx-ssl/ja-lynx/ja-lynx-current ports are not yet
+updated to a safe version of lynx: this advisory will be reissued
+again once they are.
+
+1) Upgrade your entire ports collection and rebuild the lynx or
+lynx-current port.
+
+2) Reinstall a lynx new package dated after the correction date,
+obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/lynx-2.8.3.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/lynx-2.8.3.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/lynx-2.8.3.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/lynx-2.8.3.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/lynx-2.8.3.1.tgz
+
+Note that the lynx-current port is not automatically built as a package.
+
+3) download a new port skeleton for the lynx/lynx-current port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+VI.   Revision History
+
+v1.0  2000-03-15  Initial release
+v1.1  2000-05-17  Update to note fix of lynx and lynx-current ports.
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOSMQT1UuHi5z0oilAQHlgwP9EiLqvf8MM55fvftEXPMfL6PJ6HFQPYMH
++TqX5Q/P9s0mgBFiGfN8wblmtEUyZ1GwF8goPa9fqqJIfNg8Qu2zWqJOYPjc20hW
+yo3Rxbi+lEWOYxLpxBKDhvBH7yWxiV8Nm1+w73a76BjaZ20E0b91hgw2lebFiZPi
+uzK38WjnFNQ=
+=qWEC
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:09.mtr.asc b/share/security/advisories/FreeBSD-SA-00:09.mtr.asc
new file mode 100644
index 0000000000..0780e8a0a2
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:09.mtr.asc
@@ -0,0 +1,85 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:09                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		mtr port contains a local root exploit.
+
+Category:       ports
+Module:         mtr
+Announced:      2000-03-15
+Affects:        Ports collection before the correction date.
+Corrected:      2000-03-07 (included in FreeBSD 4.0-RELEASE)
+FreeBSD only:   NO
+
+I.   Background
+
+mtr ("Multi Traceroute") combines the functionality of the "traceroute" and
+"ping" programs into a single network diagnostic tool.
+
+II.  Problem Description
+
+The mtr program (versions 0.41 and below) fails to correctly drop setuid
+root privileges during operation, allowing a local root compromise.
+
+The mtr port is not installed by default, nor is it "part of FreeBSD" as
+such: it is part of the FreeBSD ports collection, which contains over 3100
+third-party applications in a ready-to-install format. The FreeBSD
+4.0-RELEASE ports collection is not vulnerable to this problem.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security audit of
+the most security-critical ports.
+
+III. Impact
+
+A local user can exploit the security hole to obtain root privileges.
+
+If you have not chosen to install the mtr port/package, then your system is
+not vulnerable.
+
+IV.  Workaround
+
+1) Remove the mtr port if you have installed it.
+
+2) Disable the setuid bit - run the following command as root:
+
+chmod u-s /usr/local/sbin/mtr
+
+This will mean non-root users cannot make use of the program, since it
+requires root privileges to properly run.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the mtr port.
+
+2) Reinstall a new package obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mtr-0.42.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/net/mtr-0.42.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/net/mtr-0.42.tgz
+
+Note: it may be several days before the updated packages are available.
+
+3) download a new port skeleton for the mtr port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOM/J3FUuHi5z0oilAQFdjQP+MCxSn1WYvRehaxky8xnOLP8sAOiLvxLf
+DG3emT6hgG7IFKTHNQ/KvHE5M9Y4/frk1tJGKVb/RKEbpbDDF3mmN0eq6S2B2Qda
+TB4YjbaLVAnFKVhFcbZjVfc4YTtutNgl7xd/4bvXennki77oQiO5T3VRNnIXkjD1
+NUk4XQDyTQ4=
+=Rrxf
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc b/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc
new file mode 100644
index 0000000000..70bf197319
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:10.orville-write.asc
@@ -0,0 +1,90 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:10                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		orville-write port contains local root compromise.
+
+Category:       ports
+Module:         orville-write
+Announced:      2000-03-15
+Affects:        Ports collection before the correction date.
+Corrected:      2000-03-09
+FreeBSD only:   Yes
+
+I.   Background
+
+Orville-write is a replacement for the write(1) command, which
+provides improved control over message delivery and other features.
+
+II.  Problem Description
+
+One of the commands installed by the port is incorrectly installed
+with setuid root permissions. The 'huh' command should not have any
+special privileges since it is intended to be run by the local user to
+view his saved messages.
+
+The orville-write port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3100 third-party applications in a ready-to-install
+format. The FreeBSD 4.0-RELEASE ports collection is not vulnerable to
+this problem.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security audit of
+the most security-critical ports.
+
+III. Impact
+
+A local user can exploit a buffer overflow in the 'huh' utility to
+obtain root privileges.
+
+If you have not chosen to install the orville-write port/package, then
+your system is not vulnerable.
+
+IV.  Workaround
+
+Remove the orville-write port if you have installed it.
+
+V.   Solution
+
+Remove the setuid bit from the huh utility, by executing the following
+command as root:
+
+chmod u-s /usr/local/bin/huh
+
+It is not necessary to reinstall the orville-write port, although this
+can be done in one of the following ways if desired:
+
+1) Upgrade your entire ports collection and rebuild the orville-write port.
+
+2) Reinstall a new package dated after the correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/orville-write-2.41a.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-current/misc/orville-write-2.41a.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-current/misc/orville-write-2.41a.tgz
+
+Note: it may be several days before the updated packages are available.
+
+3) download a new port skeleton for the orville-write port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOM/KWlUuHi5z0oilAQHk3AP+PEWNZ95ou8Oyf0nFzgAvjRCc4T060cJf
+8qncBFmbWKvl/VHGJnj+u5HPE2LciZb/SdQxH0Ibuvm45hjt7umRrNcHQABmhtYV
+9kG2k2cG+w9QtPnWQUtk7UDAQ2nmbyvQBsUJI+wrILoTHaKU1nLBivzzQbZPX9Nr
+YTNtkrInpV0=
+=c84W
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:11.ircii.asc b/share/security/advisories/FreeBSD-SA-00:11.ircii.asc
new file mode 100644
index 0000000000..8c43b3b163
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:11.ircii.asc
@@ -0,0 +1,93 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:11                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		ircII port contains a remote overflow
+
+Category:       ports
+Module:         ircII
+Announced:      2000-04-10
+Credits:	Derek Callaway <super@UDEL.EDU> via BugTraq
+		"bladi" <bladi@EUSKALNET.NET> via BugTraq
+Affects:        Ports collection before the correction date.
+Corrected:      2000-03-19
+FreeBSD only:   NO
+
+I.   Background
+
+ircII is a popular text-mode IRC client.
+
+II.  Problem Description
+
+ircII version 4.4 contained a remotely-exploitable buffer overflow in
+the /DCC CHAT command which allows remote users to execute arbitrary
+code as the client user.
+
+The bug was originally reported in 1997 in a much older version of
+ircII, but was apparently not corrected at the time, and the problem
+was recently rediscovered independently. Development on the version of
+ircII previously in ports ceased several years ago, and has been taken
+up by a new group who have fixed this problem (and possibly
+others). FreeBSD now provides this new version of ircII.
+
+The ircII port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3200 third-party applications in a ready-to-install
+format. FreeBSD 4.0 did not ship with the ircII package available
+because this vulnerability was reported to us late in the release
+cycle and it was not possible to upgrade the port in time.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A remote user can cause arbitrary code to be executed on the local
+system as the user running ircII.
+
+If you have not chosen to install the ircII port/package, then your
+system is not known to be vulnerable to this problem, although there
+are several other IRC clients which are derived from ircII including
+Epic and BitchX. At this time it is unknown whether other clients are
+vulnerable to this problem.
+
+IV.  Workaround
+
+Remove the ircII port, if you you have installed it.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the ircII port.
+
+2) Reinstall a new package dated after the correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/ircII-4.4S.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-3-stable/irc/ircII-4.4S.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/ircII-4.4S.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/ircII-4.4S.tgz
+
+3) download a new port skeleton for the ircII port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOPJAMVUuHi5z0oilAQHKpgQAjdphg+Xaw4J7J5+dowvgrgoggA4YG0P5
+a7Nodawpvm2ya8jBStmi0cs3LhYIXZUPQfY3lqiAfEbf4Ndd4r5KUbQ+iAjgz4lZ
+XHG0PjUGE98dK3eHZbLszaMIwPbBaCyicCD0gLPCVm40O0VOlqY+WHO9MfITgpec
+GFF3l8b8Ym0=
+=IU1d
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:12.healthd.asc b/share/security/advisories/FreeBSD-SA-00:12.healthd.asc
new file mode 100644
index 0000000000..b43208eb2e
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:12.healthd.asc
@@ -0,0 +1,85 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:12                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		healthd allows a local root compromise
+
+Category:       ports
+Module:         healthd
+Announced:      2000-04-10
+Credits:	Discovered during FreeBSD ports collection auditing.
+Affects:        Ports collection before the correction date.
+Corrected:      2000-03-25
+Vendor status:	Updated version released.
+FreeBSD only:   NO
+
+I.   Background
+
+healthd is a small utility for monitoring the temperature, fan speed
+and voltage levels of certain motherboards.
+
+II.  Problem Description
+
+healthd v0.3 installs a utility which is setuid root in order to
+monitor the system status. This utility contains a trivial buffer
+overflow which allows an unprivileged local user to obtain root
+privileges on the system.
+
+The healthd port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3200 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.0 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A local user can obtain root privileges by exploiting a vulnerability
+in the healthd utility.
+
+If you have not chosen to install the healthd port/package, then your
+system is not vulnerable.
+
+IV.  Workaround
+
+Remove the healthd port, if you you have installed it.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the healthd port.
+
+2) Reinstall a new package dated after the correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/healthd-0.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/healthd-0.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-3-stable/sysutils/healthd-0.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/healthd-0.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/healthd-0.3.tgz
+
+3) download a new port skeleton for the healthd port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOPJABVUuHi5z0oilAQGEjgP/VQi4gknLQTpons+W/D3pT1fsk9F55HjQ
+80pdBIfRxWNekFA+ZlfDNESLbG3qPyr+R4UaVxIZMnMVM/ZZRGPc/suYOxoHWZv0
+F29AqveqINRewGHJoF+hw+DDGJPrrWy2t25BW9AX8KXPCJ2C1uiyChN+2egdJT5J
+EcTA8JgVU8I=
+=RtRI
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:13.generic-nqs.asc b/share/security/advisories/FreeBSD-SA-00:13.generic-nqs.asc
new file mode 100644
index 0000000000..8b47ffe1bd
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:13.generic-nqs.asc
@@ -0,0 +1,90 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:13                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		generic-nqs contains a local root compromise
+
+Category:       ports
+Module:         generic-nqs
+Announced:      2000-04-19
+Credits:	Philippe Andersson <philippe_andersson@STE.SCITEX.COM>
+		via BugTraq
+Affects:        Ports collection before the correction date.
+Corrected:      2000-04-16
+Vendor status:	Updated version released.
+FreeBSD only:   NO
+
+I.   Background
+
+Generic-NQS is a Network Queuing System for batch-processing jobs across
+multiple machines.
+
+II.  Problem Description
+
+Generic-NQS versions 3.50.7 and earlier contain a security vulnerability
+which allow a local user to easily obtain root privileges. Unfortunately,
+further details of the location and nature of the vulnerability were not
+provided by the original poster, upon request of the Generic-NQS
+developers.
+
+The generic-nqs port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3200 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.0 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A local user can obtain root privileges by exploiting a vulnerability
+in the generic-nqs package.
+
+If you have not chosen to install the generic-nqs port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Remove the generic-nqs port, if you you have installed it.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the generic-nqs port.
+
+2) Reinstall a new package dated after the correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/generic-nqs-3.50.9.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/generic-nqs-3.50.9.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/generic-nqs-3.50.9.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/generic-nqs-3.50.9.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/generic-nqs-3.50.9.tgz
+
+Note that it may be a few days before the updated package is available.
+
+3) download a new port skeleton for the generic-nqs port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOP4kUVUuHi5z0oilAQGmYAQAntm5ianpGoWd2dr2Nf294InKoxRK5tt+
+61yGHUdZiFIWNUcEEow158vCnmAid1XyBRrYdeZLCs0EU0gaHRL21a1RpKab31T1
+oc8pPK5mCyygwrXCf/u4aZES/HQyVbpryEqnvrggSzjlXExhsl6i+4YEBYHUO2Mi
+s8xowH91Sy4=
+=eXhd
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:14.imap-uw.asc b/share/security/advisories/FreeBSD-SA-00:14.imap-uw.asc
new file mode 100644
index 0000000000..77d6875e2b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:14.imap-uw.asc
@@ -0,0 +1,105 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:14                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		imap-uw contains security vulnerabilities for "closed"
+		mail servers
+
+Category:       ports
+Module:         imap-uw
+Announced:      2000-04-24
+Credits:	Michal Zalewski <lcamtuf@DIONE.IDS.PL>
+		Michal Szymanski <siva9@CLICO.PL> via BugTraq
+Affects:        Ports collection.
+Corrected:      See below.
+Vendor status:	Aware of the problem, no satisfactory solution provided.
+FreeBSD only:   NO
+
+I.   Background
+
+imap-uw is a popular IMAP4/POP2/POP3 mail server from the University
+of Washington.
+
+II.  Problem Description
+
+There are numerous buffer overflows available to an imap user after
+they have successfully logged into their mail account
+(i.e. authenticated themselves by giving the correct password,
+etc). Once the user logs in, imapd has dropped root privileges and is
+running as the user ID of the mail account which has been logged into,
+so the buffer overflow can only allow code to be executed as that
+user.
+
+Thus, the vulnerability is only relevant on a "closed" mail server,
+i.e. one which does not normally allow interactive logins by mail
+users. For a system which allows users to log in or execute code on
+the system, there is minimal vulnerability.
+
+Note that once a user has successfully exploited the vulnerability to
+gain access to their user account they may be able to mount further
+attacks against the local (or a remote) machine to upgrade their
+privileges.
+
+The imap-uw port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3200 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.0 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A user with a mail account on the imap server can execute arbitrary
+code as themselves on that machine. This is only likely to be a
+security issue on "closed" mail servers which do not allow interactive
+shell logins.
+
+Only imapd is known to be vulnerable to this time - the other daemons
+installed by the imap-uw port (ipop2d/ipop3d) are not known to suffer
+from the same vulnerability.
+
+If you have not chosen to install the imap-uw port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+1) Deinstall the imap-uw port/package, if you you have installed it.
+
+2) If you do not specifically require imap functionality
+(i.e. pop2/pop3 is sufficient) then disable the imap daemon in
+/etc/inetd.conf and restart inetd (e.g. with the command 'killall -HUP
+inetd')
+
+V.   Solution
+
+Unfortunately the vulnerabilities in imapd are quite extensive and no
+patch is currently available to address them. There is also no
+"drop-in" replacement for imap-uw currently available in ports,
+although the mail/cyrus port is another imap server which may be a
+suitable replacement. Cyrus has different configuration and
+operational requirements than imap-uw however, which may make it
+unsuitable for many users.
+
+Until a security audit of the imap-uw source can be completed and the
+vulnerabilities patched, it is recommended that operators of "closed"
+imapd servers take steps to minimize the impact of users being able to
+run code on the server (i.e., by tightening the local security on the
+machine to minimize the damage an intruding user can cause).
+
+This advisory will be updated once the known vulnerabilities in
+imap-uw have been addressed.
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOQTN61UuHi5z0oilAQEe9QQAhoPtcTPFYv4RSvh0x/FYe1x8J4kmvi0x
+I5fFL3Am8Yfjra/ETGE/WQpGttIFluyfs7RmOc7aglJHp9Aeii9zgCU0dv+3TIZb
+FA0NUpode09tfEOP4ciuL1Diae9utoPc+80mitbGFoNL1uAUj4QKWxNNCJ1K6Jyd
+plUnZwIFx64=
+=qaIn
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:15.imap-uw.asc b/share/security/advisories/FreeBSD-SA-00:15.imap-uw.asc
new file mode 100644
index 0000000000..f32ef95960
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:15.imap-uw.asc
@@ -0,0 +1,87 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:15                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		imap-uw allows local users to deny service to any mailbox
+
+Category:       ports
+Module:         imap-uw
+Announced:      2000-04-24
+Credits:	Alex Mottram <alex@NET-CONNECT.NET> via BugTraq
+Affects:        Ports collection.
+Corrected:      See below.
+Vendor status:	Notified.
+FreeBSD only:   NO
+
+I.   Background
+
+imap-uw is a popular IMAP4/POP2/POP3 mail server from the University
+of Washington.
+
+II.  Problem Description
+
+The imap-uw port supplies a "libc-client" library which provides
+various functionality common to mail servers. The algorithm used for
+locking of mailbox files contains a weakness which allows an
+unprivileged local user to lock an arbitrary local mailbox.
+
+In the case of POP2/POP3 servers, this means that the mailbox will not
+be able to be accessed at all by the owner. In the case of IMAP4
+servers, the folder can be opened for reading, but not writing
+(i.e. can only be accessed read-only).
+
+Note that this is a different vulnerability than that described in
+FreeBSD Security Advisory 00:14, and affects all imap-uw servers which
+provide shell-level access to users. However note that by virtue of
+advisory 00:14, all users who can access their mail remotely via imap
+can acquire such access even without explicit shell login access.
+
+The imap-uw port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3200 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.0 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A user who has, or who can obtain (see advisory 00:14) shell access to
+the mail server can prevent an arbitrary mailbox from being opened via
+pop2/pop3, or can force the mailbox to be only opened read-only via
+imap.
+
+If you have not chosen to install the imap-uw port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+1) Deinstall the imap-uw port/package, if you you have installed it.
+
+2) Consider using another POP2/POP3 server if you do not require IMAP
+functionality. See the notes regarding alternative IMAP servers in
+FreeBSD Security Advisory 00:14.
+
+V.   Solution
+
+No patch is currently available. It is encumbent on the imap-uw
+developers to redesign the mailbox locking scheme to provide a secure
+locking mechanism which is not vulnerable to local denial-of-service
+attacks.
+
+This advisory will be updated once the known vulnerabilities in
+imap-uw have been addressed.
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOQTN8FUuHi5z0oilAQH58gP+JtkvDh4EFR13jGKxb6PERkt9x6Cpy+DY
+1P56XODBiK4tnbTjdke2JLLNUHpSYtN23h8zt1DtnlxnxunQa8Y6fhptbpgHUWAu
+ZIJlLLnl0iQcjj3Lqwz2E2BaFsyZxlVSGQnD/EmI+tyZcY+oTYbomCgi1RW3kbn+
+fmNJXmwTXCg=
+=TwTN
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:16.golddig.asc b/share/security/advisories/FreeBSD-SA-00:16.golddig.asc
new file mode 100644
index 0000000000..977b976e4c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:16.golddig.asc
@@ -0,0 +1,94 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:16                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		golddig port allows users to overwrite local files
+
+Category:       ports
+Module:         golddig
+Announced:      2000-05-09
+Credits:	Discovered during internal ports collection auditing.
+Affects:        Ports collection.
+Corrected:      2000-04-30
+Vendor status:	Email bounced.
+FreeBSD only:   NO
+
+I.   Background
+
+Golddig is an X11 game provided as part of the FreeBSD ports collection.
+
+II.  Problem Description
+
+The golddig port erroneously installs a level-creation utility setuid
+root, which allows users to overwrite the contents of arbitrary local
+files. It is not believed that any elevation of privileges is possible
+with this vulnerability because the contents of the file are a textual
+representation of a golddig game level which is highly constrained.
+
+The golddig port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3200 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.0 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+An unprivileged local user can overwrite the contents of any file,
+although they are restricted in the possible contents of the new file.
+
+If you have not chosen to install the golddig port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+One of the following:
+
+1) Deinstall the golddig port/package, if you you have installed it.
+
+2) Remove the setuid bit from /usr/local/bin/makelev. This will mean
+unprivileged users cannot create or modify golddig levels except in
+their own directories.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the golddig port.
+
+2) Reinstall a new package dated after the correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/games/golddig-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/games/golddig-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/games/golddig-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/games/golddig-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/games/golddig-2.0.tgz
+
+Note: it may be several days before the updated packages are available.
+
+3) download a new port skeleton for the golddig port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBORhjV1UuHi5z0oilAQHa4AP8D5QZo+zNieNemPMfMW77JIxsHtCHCg+M
+MEG6CkJ6QOZlwJ8Mav1ExMyQywWncccgkazBFyK2KG5rAqpxX4KMZ+C3zfysTraS
+cHVCVBw73yx0t53/FnvoR3yqtI+GdmhPaw9X3icCtp9st3hiSMF759yPqOUKBbIu
+JFgdfAuXaqs=
+=Pxca
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:17.libmytinfo.asc b/share/security/advisories/FreeBSD-SA-00:17.libmytinfo.asc
new file mode 100644
index 0000000000..46c163fb54
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:17.libmytinfo.asc
@@ -0,0 +1,157 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:17                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Buffer overflow in libmytinfo may yield increased
+		privileges with third-party software.
+
+Category:       core
+Module:         libmytinfo
+Announced:      2000-05-09
+Affects:        FreeBSD 3.x before the correction date.
+Corrected:      2000-04-25
+FreeBSD only:   Yes
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libmytinfo.patch
+
+I.   Background
+
+libmytinfo is part of ncurses, a text-mode display library.
+
+II.  Problem Description
+
+libmytinfo allows users to specify an alternate termcap file or entry
+via the TERMCAP environment variable, however this is not handled
+securely and contains a overflowable buffer inside the library.
+
+This is a security vulnerability for binaries which are linked against
+libmytinfo and which are setuid or setgid (i.e. run with elevated
+privileges). It may also be a vulnerability in other more obscure
+situations where a user can exert control over the environment with
+which an ncurses binary is run by another user.
+
+FreeBSD 3.x and earlier versions use a very old, customized version of
+ncurses which is difficult to update without breaking
+backwards-compatibility. The update was made for FreeBSD 4.0, but it
+is unlikely that 3.x will be updated. However, the ncurses source is
+currently being audited for further vulnerabilities.
+
+III. Impact
+
+Certain setuid/setgid third-party software (including FreeBSD
+ports/packages) may be vulnerable to a local exploit yielding
+privileged resources, such as network sockets, privileged filesystem
+access, or outright privileged shell access (including root access).
+
+No program in the FreeBSD base system is believed to be vulnerable to
+the bug.
+
+FreeBSD 4.0 and above are NOT vulnerable to this problem.
+
+IV.  Workaround
+
+Remove any setuid or setgid binary which is linked against libmytinfo
+(including statically linked), or remove set[ug]id privileges from the
+file as appropriate.
+
+The following instructions will identify the binaries installed on the
+system which are candidates for removal or removal of file
+permissions. Since there may be other as yet undiscovered
+vulnerabilities in libmytinfo it may be wise to perform this audit
+regardless of whether or not you upgrade your system as described in
+section V below. In particular, see the note regarding static linking
+in section V.
+
+Of course, it is possible that some of the identified files may be
+required for the correct operation of your local system, in which case
+there is no clear workaround except for limiting the set of users who
+may run the binaries, by an appropriate use of user groups and
+removing the "o+x" file permission bit.
+
+1) Download the 'libfind.sh' script from
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh
+
+e.g. with the fetch(1) command:
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:17/libfind.sh
+Receiving libfind.sh (460 bytes): 100%
+460 bytes transferred in 0.0 seconds  (394.69 Kbytes/s)
+#
+
+2) Verify the md5 checksum and compare to the value below:
+
+# /sbin/md5 libfind.sh
+MD5 (libfind.sh) = 59dceaa76d6440c58471354a10a8fb0b
+
+3) Run the libfind script against your system:
+
+# sh libfind.sh /
+
+This will scan your entire system for setuid or setgid binaries which
+are linked against libmytinfo. Each returned binary should be examined
+(e.g. with 'ls -l' and/or other tools) to determine what security risk
+it poses to your local environment, e.g. whether it can be run by
+arbitrary local users who may be able to exploit it to gain
+privileges.
+
+4) Remove the binaries, or reduce their file permissions, as appropriate.
+
+V.   Solution
+
+Upgrade your FreeBSD 3.x system to 3.4-STABLE after the correction
+date, or patch your present system source code and rebuild. Then run
+the libfind script as instructed in section IV and identify any
+statically-linked binaries (those reported as "STATIC" by the
+libfind script). These should either be removed, recompiled, or have
+privileges restricted to secure them against this vulnerability (since
+statically-linked binaries will not be affected by recompiling the
+shared libmytinfo library).
+
+To patch your present system: save the patch below into a file, and
+execute the following commands as root:
+
+cd /usr/src/lib/libmytinfo
+patch < /path/to/patch/file
+make all
+make install
+
+Patches for 3.x systems before the resolution date:
+
+  Index: findterm.c
+  ===================================================================
+  RCS file: /usr/cvs/src/lib/libmytinfo/Attic/findterm.c,v
+  retrieving revision 1.3
+  diff -u -r1.3 findterm.c
+  --- findterm.c	1997/08/13 01:21:36	1.3
+  +++ findterm.c	2000/04/25 16:58:19
+  @@ -242,7 +242,7 @@
+   			} else {
+   				s = path->file;
+   				d = buf;
+  -				while(*s != '\0' && *s != ':')
+  +				while(*s != '\0' && *s != ':' && d - buf < MAX_LINE - 1)
+   					*d++ = *s++;
+   				*d = '\0';
+   				if (_tmatch(buf, name)) {
+  @@ -259,7 +259,7 @@
+   			} else {
+   				s = path->file;
+   				d = buf;
+  -				while(*s != '\0' && *s != ',')
+  +				while(*s != '\0' && *s != ',' && d - buf < MAX_LINE - 1)
+   					*d++ = *s++;
+   				*d = '\0';
+   				if (_tmatch(buf, name)) {
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBORc3NFUuHi5z0oilAQGcaAP6Ar4+mNTHR/qXUJ+MFIVy+AQHFDwpYq5f
+KgBpCRzgKVZs/zfsQ+LwC1vCHzusftTK0lEd//2pfGZHt3ln0eD1s6qt+Q6+ZJBE
+MYYiXvqoBL1ob2Ahts6uEUs/vbMb4bCbEmMCn4ad2iU+neKH9a81Lk3frIaJjAVK
+8/6vW7wH9W4=
+=NDsR
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:18.gnapster.knapster.asc b/share/security/advisories/FreeBSD-SA-00:18.gnapster.knapster.asc
new file mode 100644
index 0000000000..f5a24f31fd
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:18.gnapster.knapster.asc
@@ -0,0 +1,111 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:18                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		gnapster/knapster ports allows remote users to view local files
+
+Category:	ports
+Module:		gnapster/knapster
+Announced:	2000-05-09
+Reissued:	2000-05-16
+Credits:	Fixed by vendor.
+		Knapster vulnerability pointed out by:
+		Tom Daniels <daniels@CERIAS.PURDUE.EDU> via BugTraq
+Affects:	Ports collection.
+Corrected:	2000-04-29 (gnapster)
+		2000-05-01 (knapster)                
+Vendor status:	Updated version released.
+FreeBSD only:	NO
+
+I.   Background
+
+Gnapster and knapster are clients for the Napster file-sharing network.
+
+II.  Problem Description
+
+The gnapster port (version 1.3.8 and earlier), and the knapster port
+(version 0.9 and earlier) contain a vulnerability which allows remote
+napster users to view any file on the local system which is accessible
+to the user running gnapster/knapster. Gnapster and knapster do not
+run with elevated privileges, so it is only the user's regular
+filesystem access permissions which are involved.
+
+Note that there may be further undiscovered bugs in these and other
+napster clients leading to a similar vulnerability. System
+administrators and users should exercise discretion in installing a
+napster client on their system.
+
+The gnapster/knapster ports are not installed by default, nor are they
+"part of FreeBSD" as such: they are part of the FreeBSD ports
+collection, which contains over 3200 third-party applications in a
+ready-to-install format. The ports collection shipped with FreeBSD 4.0
+contains this problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users can view files accessible to the user running the
+gnapster/knapster client.
+
+If you have not chosen to install a napster client, then your system
+is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the gnapster and/or knapster port/package, if you you have
+installed them.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the gnapster
+and/or knapster port.
+
+2) Reinstall a new package dated after the correction date, obtained from:
+
+[gnapster]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/audio/gnapster-1.3.9.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/gnapster-1.3.9.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/gnapster-1.3.9.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/gnapster-1.3.9.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/gnapster-1.3.9.tgz
+
+[knapster]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/audio/knapster-0.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/knapster-0.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/knapster-0.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/knapster-0.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/knapster-0.10.tgz
+
+3) download a new port skeleton for the gnapster/knapster ports from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port(s).
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+VI.   Revision History
+
+v1.0  2000-05-09  Initial release
+v1.1  2000-05-16  Update to note that knapster 0.9 is also vulnerable and
+                  broaden warning to include all napster clients.
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOSMRPVUuHi5z0oilAQHclAP/X+2Xdki6PUEZ/fCHdwZTLEC0kQNenOJ9
+oWxWFuI4z3jpylQ3CweIoo9akx32ZzyIVHTViG3mF2BC+NRQShl1aXu2MYqy6vKc
+c4R+oHxx2OeYSQo4Q8rS8Ttxa543ynXg9wLBL0vtGMq07GtVYTXpg1+Ooi+QKe2o
+9JMpcxAohAQ=
+=2iHQ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:19.semconfig.asc b/share/security/advisories/FreeBSD-SA-00:19.semconfig.asc
new file mode 100644
index 0000000000..7516c517c8
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:19.semconfig.asc
@@ -0,0 +1,373 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:19                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		local users can prevent all processes from exiting
+
+Category:	core
+Module:		kernel
+Announced:	2000-05-23
+Credits:	Peter Wemm <peter@FreeBSD.org>
+Affects:	386BSD-derived OSes, including all versions of FreeBSD,
+		NetBSD and OpenBSD.
+Corrected:	2000-05-01
+FreeBSD only:	NO
+Patch:		ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:19/semconfig.patch
+
+I.   Background
+
+System V IPC is a set of interfaces for providing inter-process
+communication, in the form of shared memory segments, message queues
+and semaphores. These are managed in user-space by ipcs(1) and
+related utilities.
+
+II.  Problem Description
+
+An undocumented system call is incorrectly exported from the kernel
+without access-control checks. This operation causes the acquisition
+in the kernel of a global semaphore which causes all processes on the
+system to block during exit() handling, thereby preventing any process
+from exiting until the corresponding "unblock" system call is issued.
+
+This operation was intended for use only by ipcs(1) to atomically
+sample the state of System V IPC resources on the system (i.e., to
+ensure that resources are not allocated or deallocated during the
+process of sampling itself).
+
+In the future, this functionality may be reimplemented as a sysctl()
+node.
+
+III. Impact
+
+An unprivileged local user can cause every process on the system to
+hang during exiting. In other words, after the system call is issued,
+no process on the system will be able to exit completely until another
+user issues the "unblock" call or the system is rebooted. This is a
+denial-of-service attack.
+
+IV.  Workaround
+
+None available.
+
+V.   Solution
+
+Upgrade to FreeBSD 2.1.7.1-STABLE, 2.2.8-STABLE, 3.4-STABLE,
+4.0-STABLE or 5.0-CURRENT after the correction date.
+
+Alternatively, apply the following patch and rebuild the kernel and
+the src/usr.bin/ipcs utility. This patch removes the semconfig()
+syscall. It has been tested to apply cleanly against 3.4-RELEASE,
+3.4-STABLE, 4.0-RELEASE and 4.0-STABLE systems.
+
+1) Save this advisory as a file, and run the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/advisory
+# cd usr.bin/ipcs
+# make all install
+
+2) Rebuild and reinstall the kernel and kernel modules as described in
+the FreeBSD handbook (see:
+http://www.freebsd.org/handbook/kernelconfig.html for more information)
+
+3) Reboot the system
+
+Patches for FreeBSD systems before the resolution date:
+
+    --- sys/kern/syscalls.master	2000/01/19 06:01:07	1.72
+    +++ sys/kern/syscalls.master	2000/05/01 11:15:10	1.72.2.1
+    @@ -342,7 +342,7 @@
+     221	STD	BSD	{ int semget(key_t key, int nsems, int semflg); }
+     222	STD	BSD	{ int semop(int semid, struct sembuf *sops, \
+     			    u_int nsops); }
+    -223	STD	BSD	{ int semconfig(int flag); }
+    +223	UNIMPL	NOHIDE	semconfig
+     224	STD	BSD	{ int msgctl(int msqid, int cmd, \
+     			    struct msqid_ds *buf); }
+     225	STD	BSD	{ int msgget(key_t key, int msgflg); }
+    --- sys/kern/init_sysent.c	2000/01/19 06:02:29	1.79
+    +++ sys/kern/init_sysent.c	2000/05/01 11:15:56	1.79.2.1
+    @@ -243,7 +243,7 @@
+     	{ 4, (sy_call_t *)__semctl },			/* 220 = __semctl */
+     	{ 3, (sy_call_t *)semget },			/* 221 = semget */
+     	{ 3, (sy_call_t *)semop },			/* 222 = semop */
+    -	{ 1, (sy_call_t *)semconfig },			/* 223 = semconfig */
+    +	{ 0, (sy_call_t *)nosys },			/* 223 = semconfig */
+     	{ 3, (sy_call_t *)msgctl },			/* 224 = msgctl */
+     	{ 2, (sy_call_t *)msgget },			/* 225 = msgget */
+     	{ 4, (sy_call_t *)msgsnd },			/* 226 = msgsnd */
+    --- sys/kern/syscalls.c	2000/01/19 06:02:29	1.71
+    +++ sys/kern/syscalls.c	2000/05/01 11:15:56	1.71.2.1
+    @@ -230,7 +230,7 @@
+     	"__semctl",			/* 220 = __semctl */
+     	"semget",			/* 221 = semget */
+     	"semop",			/* 222 = semop */
+    -	"semconfig",			/* 223 = semconfig */
+    +	"#223",			/* 223 = semconfig */
+     	"msgctl",			/* 224 = msgctl */
+     	"msgget",			/* 225 = msgget */
+     	"msgsnd",			/* 226 = msgsnd */
+    --- sys/kern/sysv_ipc.c	2000/02/29 22:58:59	1.13
+    +++ sys/kern/sysv_ipc.c	2000/05/01 11:15:56	1.13.2.1
+    @@ -107,15 +107,6 @@
+     semsys(p, uap)
+     	struct proc *p;
+     	struct semsys_args *uap;
+    -{
+    -	sysv_nosys(p, "SYSVSEM");
+    -	return nosys(p, (struct nosys_args *)uap);
+    -};
+    -
+    -int
+    -semconfig(p, uap)
+    -	struct proc *p;
+    -	struct semconfig_args *uap;
+     {
+     	sysv_nosys(p, "SYSVSEM");
+     	return nosys(p, (struct nosys_args *)uap);
+    --- sys/kern/sysv_sem.c	2000/04/02 08:47:08	1.24.2.1
+    +++ sys/kern/sysv_sem.c	2000/05/01 11:15:56	1.24.2.2
+    @@ -26,8 +26,6 @@
+     int semget __P((struct proc *p, struct semget_args *uap));
+     struct semop_args;
+     int semop __P((struct proc *p, struct semop_args *uap));
+    -struct semconfig_args;
+    -int semconfig __P((struct proc *p, struct semconfig_args *uap));
+     #endif
+     
+     static struct sem_undo *semu_alloc __P((struct proc *p));
+    @@ -38,7 +36,7 @@
+     /* XXX casting to (sy_call_t *) is bogus, as usual. */
+     static sy_call_t *semcalls[] = {
+     	(sy_call_t *)__semctl, (sy_call_t *)semget,
+    -	(sy_call_t *)semop, (sy_call_t *)semconfig
+    +	(sy_call_t *)semop
+     };
+     
+     static int	semtot = 0;
+    @@ -47,8 +45,6 @@
+     static struct sem_undo *semu_list; 	/* list of active undo structures */
+     int	*semu;			/* undo structure pool */
+     
+    -static struct proc *semlock_holder = NULL;
+    -
+     void
+     seminit(dummy)
+     	void *dummy;
+    @@ -87,64 +83,12 @@
+     	} */ *uap;
+     {
+     
+    -	while (semlock_holder != NULL && semlock_holder != p)
+    -		(void) tsleep((caddr_t)&semlock_holder, (PZERO - 4), "semsys", 0);
+    -
+     	if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0]))
+     		return (EINVAL);
+     	return ((*semcalls[uap->which])(p, &uap->a2));
+     }
+     
+     /*
+    - * Lock or unlock the entire semaphore facility.
+    - *
+    - * This will probably eventually evolve into a general purpose semaphore
+    - * facility status enquiry mechanism (I don't like the "read /dev/kmem"
+    - * approach currently taken by ipcs and the amount of info that we want
+    - * to be able to extract for ipcs is probably beyond what the capability
+    - * of the getkerninfo facility.
+    - *
+    - * At the time that the current version of semconfig was written, ipcs is
+    - * the only user of the semconfig facility.  It uses it to ensure that the
+    - * semaphore facility data structures remain static while it fishes around
+    - * in /dev/kmem.
+    - */
+    -
+    -#ifndef _SYS_SYSPROTO_H_
+    -struct semconfig_args {
+    -	semconfig_ctl_t	flag;
+    -};
+    -#endif
+    -
+    -int
+    -semconfig(p, uap)
+    -	struct proc *p;
+    -	struct semconfig_args *uap;
+    -{
+    -	int eval = 0;
+    -
+    -	switch (uap->flag) {
+    -	case SEM_CONFIG_FREEZE:
+    -		semlock_holder = p;
+    -		break;
+    -
+    -	case SEM_CONFIG_THAW:
+    -		semlock_holder = NULL;
+    -		wakeup((caddr_t)&semlock_holder);
+    -		break;
+    -
+    -	default:
+    -		printf("semconfig: unknown flag parameter value (%d) - ignored\n",
+    -		    uap->flag);
+    -		eval = EINVAL;
+    -		break;
+    -	}
+    -
+    -	p->p_retval[0] = 0;
+    -	return(eval);
+    -}
+    -
+    -/*
+      * Allocate a new sem_undo structure for a process
+      * (returns ptr to structure or NULL if no more room)
+      */
+    @@ -873,17 +817,6 @@
+     	register struct sem_undo **supptr;
+     	int did_something;
+     
+    -	/*
+    -	 * If somebody else is holding the global semaphore facility lock
+    -	 * then sleep until it is released.
+    -	 */
+    -	while (semlock_holder != NULL && semlock_holder != p) {
+    -#ifdef SEM_DEBUG
+    -		printf("semaphore facility locked - sleeping ...\n");
+    -#endif
+    -		(void) tsleep((caddr_t)&semlock_holder, (PZERO - 4), "semext", 0);
+    -	}
+    -
+     	did_something = 0;
+     
+     	/*
+    @@ -898,7 +831,7 @@
+     	}
+     
+     	if (suptr == NULL)
+    -		goto unlock;
+    +		return;
+     
+     #ifdef SEM_DEBUG
+     	printf("proc @%08x has undo structure with %d entries\n", p,
+    @@ -955,14 +888,4 @@
+     #endif
+     	suptr->un_proc = NULL;
+     	*supptr = suptr->un_next;
+    -
+    -unlock:
+    -	/*
+    -	 * If the exiting process is holding the global semaphore facility
+    -	 * lock then release it.
+    -	 */
+    -	if (semlock_holder == p) {
+    -		semlock_holder = NULL;
+    -		wakeup((caddr_t)&semlock_holder);
+    -	}
+     }
+
+    --- sys/sys/sem.h	1999/12/29 04:24:46	1.20
+    +++ sys/sys/sem.h	2000/05/01 11:15:58	1.20.2.1
+    @@ -163,13 +163,5 @@
+      * Process sem_undo vectors at proc exit.
+      */
+     void	semexit __P((struct proc *p));
+    -
+    -/*
+    - * Parameters to the semconfig system call
+    - */
+    -typedef enum {
+    -	SEM_CONFIG_FREEZE,	/* Freeze the semaphore facility. */
+    -	SEM_CONFIG_THAW		/* Thaw the semaphore facility. */
+    -} semconfig_ctl_t;
+     #endif /* _KERNEL */
+     
+    --- sys/sys/syscall-hide.h	2000/01/19 06:02:31	1.65
+    +++ sys/sys/syscall-hide.h	2000/05/01 11:15:58	1.65.2.1
+    @@ -191,7 +191,6 @@
+     HIDE_BSD(__semctl)
+     HIDE_BSD(semget)
+     HIDE_BSD(semop)
+    -HIDE_BSD(semconfig)
+     HIDE_BSD(msgctl)
+     HIDE_BSD(msgget)
+     HIDE_BSD(msgsnd)
+    --- sys/sys/syscall.h	2000/01/19 06:02:31	1.69
+    +++ sys/sys/syscall.h	2000/05/01 11:15:59	1.69.2.1
+    @@ -196,7 +196,6 @@
+     #define	SYS___semctl	220
+     #define	SYS_semget	221
+     #define	SYS_semop	222
+    -#define	SYS_semconfig	223
+     #define	SYS_msgctl	224
+     #define	SYS_msgget	225
+     #define	SYS_msgsnd	226
+    --- sys/sys/syscall.mk	2000/01/19 06:07:34	1.23
+    +++ sys/sys/syscall.mk	2000/05/01 11:15:59	1.23.2.1
+    @@ -148,7 +148,6 @@
+     	__semctl.o \
+     	semget.o \
+     	semop.o \
+    -	semconfig.o \
+     	msgctl.o \
+     	msgget.o \
+     	msgsnd.o \
+    --- sys/sys/sysproto.h	2000/01/19 06:02:31	1.59
+    +++ sys/sys/sysproto.h	2000/05/01 11:16:00	1.59.2.1
+    @@ -662,9 +662,6 @@
+     	struct sembuf *	sops;	char sops_[PAD_(struct sembuf *)];
+     	u_int	nsops;	char nsops_[PAD_(u_int)];
+     };
+    -struct	semconfig_args {
+    -	int	flag;	char flag_[PAD_(int)];
+    -};
+     struct	msgctl_args {
+     	int	msqid;	char msqid_[PAD_(int)];
+     	int	cmd;	char cmd_[PAD_(int)];
+    @@ -1158,7 +1155,6 @@
+     int	__semctl __P((struct proc *, struct __semctl_args *));
+     int	semget __P((struct proc *, struct semget_args *));
+     int	semop __P((struct proc *, struct semop_args *));
+    -int	semconfig __P((struct proc *, struct semconfig_args *));
+     int	msgctl __P((struct proc *, struct msgctl_args *));
+     int	msgget __P((struct proc *, struct msgget_args *));
+     int	msgsnd __P((struct proc *, struct msgsnd_args *));
+    --- usr.bin/ipcs/ipcs.c	1999/12/29 05:05:32	1.12
+    +++ usr.bin/ipcs/ipcs.c	2000/05/01 10:51:37	1.12.2.1
+    @@ -56,7 +56,6 @@
+     struct shminfo	shminfo;
+     struct shmid_ds	*shmsegs;
+     
+    -int	semconfig __P((int,...));
+     void	usage __P((void));
+     
+     static struct nlist symbols[] = {
+    @@ -420,11 +419,6 @@
+     			    seminfo.semaem);
+     		}
+     		if (display & SEMINFO) {
+    -			if (semconfig(SEM_CONFIG_FREEZE) != 0) {
+    -				perror("semconfig");
+    -				fprintf(stderr,
+    -				    "Can't lock semaphore facility - winging it...\n");
+    -			}
+     			kvm_read(kd, symbols[X_SEMA].n_value, &sema, sizeof(sema));
+     			xsema = malloc(sizeof(struct semid_ds) * seminfo.semmni);
+     			kvm_read(kd, (u_long) sema, xsema, sizeof(struct semid_ds) * seminfo.semmni);
+    @@ -470,8 +464,6 @@
+     					printf("\n");
+     				}
+     			}
+    -
+    -			(void) semconfig(SEM_CONFIG_THAW);
+     
+     			printf("\n");
+     		}
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOSpSolUuHi5z0oilAQH+jgP9HxVwbtFPUs9E3CuoeKb6rdDM6GRZUqgt
+WpXRSpGkAjQmGNZl/33DN7gt0HnjIvl4lZCHhSVKrl4vg4URU+MQJKEudmdm7/v/
+G6nH33ytuXtjC1/tMGquuHLnzhaaaDmYJErPtHgyWPbuN9JTTlvaqQjtJ6IsyBPU
+27eN3Py107o=
+=bah2
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:20.krb5.asc b/share/security/advisories/FreeBSD-SA-00:20.krb5.asc
new file mode 100644
index 0000000000..8f7fb29698
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:20.krb5.asc
@@ -0,0 +1,98 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:20                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		krb5 port contains remote and local root exploits.
+
+Category:	ports
+Module:		krb5
+Announced:	2000-05-26
+Credits:	Jeffrey I. Schiller <jis@MIT.EDU>
+Affects:	Ports collection prior to the correction date
+Corrected:	2000-05-17
+Vendor status:	Patch released
+FreeBSD only:	NO
+
+I.   Background
+
+MIT Kerberos 5 is an implementation of the Kerberos 5 protocol which
+is available in the FreeBSD ports collection as the security/krb5
+port. FreeBSD also includes separately-developed Kerberos 4 and 5
+implementations from KTH, which are optionally installed as part of
+the base system (KTH Heimdal, the Kerberos 5 implementation, is
+currently considered "experimental" software).
+
+II.  Problem Description
+
+The MIT Kerberos 5 port, versions 1.1.1 and earlier, contains several
+remote and local buffer overflows which can lead to root compromise.
+
+Note that the implementations of Kerberos shipped in the FreeBSD base
+system are separately-developed software to MIT Kerberos and are
+believed not to be vulnerable to these problems.
+
+However, a very old release of FreeBSD dating from 1997 (FreeBSD
+2.2.5) did ship with a closely MIT-derived Kerberos implementation
+("eBones") and may be vulnerable to attacks of the kind described
+here. Any users still using FreeBSD 2.2.5 and who have installed the
+optional Kerberos distribution are urged to upgrade to 2.2.8-STABLE or
+later. Note however that FreeBSD 2.x is no longer an officially
+supported version, nor are security fixes always provided.
+
+The krb5 port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+nearly 3300 third-party applications in a ready-to-install format. The
+ports collection shipped with FreeBSD 4.0 contains this problem since
+it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local or remote users can obtain root access on the system running krb5.
+
+If you have not chosen to install the krb5 port, then your system is
+not vulnerable to this problem.
+
+IV.  Workaround
+
+Due to the nature of the vulnerability there are several programs and
+network services which are affected. If recompiling the port is not
+practical, please see the MIT Kerberos advisory for suggested
+workarounds (including the disabling or adjustment of services and
+removal of setuid permissions on vulnerable binaries). The advisory
+can be found at the following location:
+
+http://web.mit.edu/kerberos/www/advisories/krb4buf.txt
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the krb5 port. A
+package is not provided for this port for export control reasons.
+
+2) download a new port skeleton for the krb5 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+3) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOS626lUuHi5z0oilAQHUWAP+LqSso3fDe+k7/6EJMc5iH9JgbrD2JARh
+mQOV6m9qUgZbcaEc9oUrsEJIurFGGukCAbGA82dPHGWpNFzbzL3pXgqcswVvHIqV
+qoZuzLyLV5+1NaurwovmXD2hQH56Cgaa+N4byxuxs+cnIbfJNF8DEYjhnPqVHc9l
+sP0RelxSDuk=
+=yPXe
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:21.ssh.asc b/share/security/advisories/FreeBSD-SA-00:21.ssh.asc
new file mode 100644
index 0000000000..5444f7b7c7
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:21.ssh.asc
@@ -0,0 +1,109 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:21                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		ssh port listens on extra network port [REVISED]
+
+Category:       ports
+Module:         ssh
+Announced:      2000-06-07
+Credits:	Jan Koum <jkb@best.com>
+Affects:        Ports collection.
+Corrected:      2000-04-21 
+FreeBSD only:   Yes
+
+I.   Background
+
+SSH is an implementation of the Secure Shell protocol for providing
+encrypted and authenticated communication between networked machines.
+
+II.  Problem Description
+
+A patch added to the FreeBSD SSH port on 2000-01-14 incorrectly
+configured the SSH daemon to listen on an additional network port,
+722, in addition to the usual port 22. This change was made as part of
+a patch to allow the SSH server to listen on multiple ports, but the
+option was incorrectly enabled by default.
+
+This may cause a violation of security policy if the additional port
+is not subjected to the same access-controls (e.g. firewallling) as
+the standard SSH port.
+
+Note this is not a vulnerability associated with the SSH software
+itself, and it is not likely to be a risk for the majority of
+installations, since a remote user must still have valid SSH
+credentials in order to access the SSH server on the alternate
+port. The risk is that users may be able to access the SSH server from
+IP addresses which are prohibited to connect to the standard port.
+
+The ssh port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 3300 third-party applications in a ready-to-install format. The
+ports collection shipped with FreeBSD 4.0 contains this problem since
+it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+FreeBSD 4.0 ships with OpenSSH, a free implementation of the SSH
+protocol, included within the base system. OpenSSH does not suffer
+from this misconfiguration.
+
+III. Impact
+
+Remote users with valid SSH credentials may access the ssh server on a
+non-standard port, potentially bypassing IP address access controls on
+the standard SSH port.
+
+If you have not chosen to install the ssh port/package, or installed
+it prior to 2000-01-14 or after 2000-04-21, then your system is not
+vulnerable to this problem.
+
+IV.  Workaround
+
+One of the following:
+
+1) Comment out the line "Port 722" in /usr/local/etc/sshd_config and
+restart sshd
+
+2) Add filtering rules to your perimeter firewall, or on the local
+machine (using ipfw or ipf) to limit connections to port 722.
+
+3) Deinstall the ssh port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the ssh port.
+
+2) download a new port skeleton for the ssh port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port. Note that packages are not provided
+for the ssh port.
+
+3) Use the portcheckout utility to automate option (2) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+VI.   Revision History
+
+v1.0  2000-06-07  Initial release
+v1.1  2000-06-07  Corrected typo in name of sshd config file
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOT7lF1UuHi5z0oilAQHLaQP+LyCyEfrzDh63awRl8swXzHLpYib1upd+
+nUbctw+HOc7GfWGCUFfzhTUWvuwjqx43reE1XSX5ETXm4nVKwMDCum35FomlrUB+
+3LQeXHgsogeTmGzNoWqaJBhvC7ffMBWZrW4JFokasyWbOgJhhWiklBRVojkale0Y
+e+CNOgK3f3U=
+=no4A
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:22.apsfilter.asc b/share/security/advisories/FreeBSD-SA-00:22.apsfilter.asc
new file mode 100644
index 0000000000..a9c7bbe727
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:22.apsfilter.asc
@@ -0,0 +1,89 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:22                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		apsfilter allows users to execute arbitrary commands as
+		user lpd
+
+Category:       ports
+Module:         apsfilter
+Announced:      2000-06-07
+Credits:	Fixed by vendor.
+Affects:        Ports collection.
+Corrected:      2000-04-29
+Vendor status:	Updated version released.
+FreeBSD only:   NO
+
+I.   Background
+
+apsfilter is a print filter which automatically handles the conversion
+of various types of file into a format understood by the printer.
+
+II.  Problem Description
+
+The apsfilter port, versions 5.4.1 and below, contain a vulnerability
+which allow local users to execute arbitrary commands as the user
+running lpd, user root in a default FreeBSD installation. The
+apsfilter software allows users to specify their own filter
+configurations, which are read in an insecure manner and may be used
+to elevate privileges.
+
+The apsfilter port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3300 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.0 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local users can cause arbitrary commands to be executed as root.
+
+If you have not chosen to install the apsfilter port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the apsfilter port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the apsfilter port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/print/apsfilter-5.4.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/print/apsfilter-5.4.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/print/apsfilter-5.4.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/print/apsfilter-5.4.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/print/apsfilter-5.4.2.tgz
+
+3) download a new port skeleton for the apsfilter port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOT7YnFUuHi5z0oilAQExcgP/T7U8rtKfUE6sn3QiLrhVueX/h06gvUtp
+aSwqtd4EVS8FMbnMARs+TAcrLUVQBaHf7RA0LtIHhD441HNUmC0mbtL0GJQr1tI4
+3H5tfqav7y3C0PiLe+4yy4HPjhOcZtOneldIf76hU+HiaCwWo6uBvv7ue3z1IIJQ
+o6BuABiKzE0=
+=S7V8
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:23.ip-options.asc b/share/security/advisories/FreeBSD-SA-00:23.ip-options.asc
new file mode 100644
index 0000000000..dc91a0744c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:23.ip-options.asc
@@ -0,0 +1,172 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:23                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		Remote denial-of-service in IP stack [REVISED]
+
+Category:	core
+Module:		kernel
+Announced:	2000-06-19
+Revised:	2000-07-11
+Affects:	FreeBSD systems prior to the correction date
+Credits:	NetBSD Security Advisory 2000-002, and
+		Jun-ichiro itojun Hagino <itojun@kame.net>
+Corrected:	(Several bugs fixed, the date below is that of the most
+		recent fix)
+		2000-06-08 (3.4-STABLE)
+		2000-06-08 (4.0-STABLE)
+		2000-06-02 (5.0-CURRENT)
+FreeBSD only:	NO
+
+I.   Background
+
+II.  Problem Description
+
+There are several bugs in the processing of IP options in the FreeBSD
+IP stack, which fail to correctly bounds-check arguments and contain
+other coding errors leading to the possibility of data corruption and
+a kernel panic upon reception of certain invalid IP packets.
+
+This set of bugs includes the instance of the vulnerability described
+in NetBSD Security Advisory 2000-002 (see
+ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc)
+as well as other bugs with similar effect.
+
+III. Impact
+
+Remote users can cause a FreeBSD system to panic and reboot.
+
+IV.  Workaround
+
+Incoming packets containing IP Options can be blocked at a perimeter
+firewall or on the local system, using ipfw(8) (ipf(8) is also capable
+of blocking packets with IP Options, but is not described here).
+
+The following ipfw rules are believed to prevent the denial-of-service
+attack (replace the rule numbers '100'-'103' with whichever rule
+numbers are appropriate for your local firewall, if you are already
+using ipfw):
+
+ipfw add 100 deny log ip from any to any ipopt rr
+ipfw add 101 deny log ip from any to any ipopt ts
+ipfw add 102 deny log ip from any to any ipopt ssrr
+ipfw add 103 deny log ip from any to any ipopt lsrr
+
+Note that there are legitimate uses for IP options, although they are
+no believed to be in common use, and blocking them should not cause
+any problems. Therefore the log entries generated by these ipfw rules
+will not necessarily be evidence of an attempted attack. Furthermore,
+the packets may be spoofed and have falsified source addresses.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your FreeBSD system to 3.4-STABLE, 4.0-STABLE or
+5.0-CURRENT after the respective correction dates.
+
+2) Apply the patch below and recompile your kernel.
+
+Either save this advisory to a file, or download the patch and
+detached PGP signature from the following locations, and verify the
+signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:23/ip_options.diff
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:23/ip_options.diff.asc
+
+# cd /usr/src/sys/netinet
+# patch -p < /path/to/patch_or_advisory
+
+[ Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system ]
+
+VI.   Revision History
+
+v1.0  2000-06-19  Initial release
+v1.1  2000-07-11  Note workaround using ipfw.
+
+    Index: ip_icmp.c
+    ===================================================================
+    RCS file: /ncvs/src/sys/netinet/ip_icmp.c,v
+    retrieving revision 1.39
+    diff -u -r1.39 ip_icmp.c
+    --- ip_icmp.c	2000/01/28 06:13:09	1.39
+    +++ ip_icmp.c	2000/06/08 15:26:39
+    @@ -662,8 +662,11 @@
+     			    if (opt == IPOPT_NOP)
+     				    len = 1;
+     			    else {
+    +				    if (cnt < IPOPT_OLEN + sizeof(*cp))
+    +					    break;
+     				    len = cp[IPOPT_OLEN];
+    -				    if (len <= 0 || len > cnt)
+    +				    if (len < IPOPT_OLEN + sizeof(*cp) ||
+    +				        len > cnt)
+     					    break;
+     			    }
+     			    /*
+    Index: ip_input.c
+    ===================================================================
+    RCS file: /ncvs/src/sys/netinet/ip_input.c,v
+    retrieving revision 1.130
+    diff -u -r1.130 ip_input.c
+    --- ip_input.c	2000/02/23 20:11:57	1.130
+    +++ ip_input.c	2000/06/08 15:25:46
+    @@ -1067,8 +1067,12 @@
+     		if (opt == IPOPT_NOP)
+     			optlen = 1;
+     		else {
+    +			if (cnt < IPOPT_OLEN + sizeof(*cp)) {
+    +				code = &cp[IPOPT_OLEN] - (u_char *)ip;
+    +				goto bad;
+    +			}
+     			optlen = cp[IPOPT_OLEN];
+    -			if (optlen <= 0 || optlen > cnt) {
+    +			if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) {
+     				code = &cp[IPOPT_OLEN] - (u_char *)ip;
+     				goto bad;
+     			}
+    @@ -1174,6 +1178,10 @@
+     			break;
+     
+     		case IPOPT_RR:
+    +			if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
+    +				code = &cp[IPOPT_OFFSET] - (u_char *)ip;
+    +				goto bad;
+    +			}
+     			if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) {
+     				code = &cp[IPOPT_OFFSET] - (u_char *)ip;
+     				goto bad;
+    Index: ip_output.c
+    ===================================================================
+    RCS file: /ncvs/src/sys/netinet/ip_output.c,v
+    retrieving revision 1.99
+    diff -u -r1.99 ip_output.c
+    --- ip_output.c	2000/03/09 14:57:15	1.99
+    +++ ip_output.c	2000/06/08 15:27:08
+    @@ -1302,8 +1302,10 @@
+     		if (opt == IPOPT_NOP)
+     			optlen = 1;
+     		else {
+    +			if (cnt < IPOPT_OLEN + sizeof(*cp))
+    +				goto bad;
+     			optlen = cp[IPOPT_OLEN];
+    -			if (optlen <= IPOPT_OLEN || optlen > cnt)
+    +			if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt)
+     				goto bad;
+     		}
+     		switch (opt) {
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOWuYHFUuHi5z0oilAQEp+wP/bK5jRQXK/d3sQw9cph/usAbiYUD6Ux3l
+MIo1R1ZPWnIE20Hx334hvr3u5AUnbtjkFg+86WZcpv5bgWjKS2VLyV4UjJIMMOQr
+sSDXta5X4XRO0aXv1Td/Jlkoh2UcoayhKssYa3LLwgcYq++BBGrwbJM+ShUGmllS
+qQ86FwHKdow=
+=5Ksz
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:24.libedit.asc b/share/security/advisories/FreeBSD-SA-00:24.libedit.asc
new file mode 100644
index 0000000000..200ca96e99
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:24.libedit.asc
@@ -0,0 +1,142 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:24                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		libedit reads config file from current directory
+
+Category:	core
+Module:		libedit
+Announced:	2000-07-05
+Affects:	All versions of FreeBSD prior to the correction date
+Credits:	Tim Vanderhoek <hoek@FreeBSD.org>
+Vendor status:	Notified
+Corrected:	2000-05-22
+FreeBSD only:	NO
+
+I.   Background
+
+libedit is a library of routines for providing command editing and
+history retrieval for interactive command-oriented programs.
+
+II.  Problem Description
+
+libedit incorrectly reads an ".editrc" file in the current directory
+if it exists, in order to specify configurable program
+behaviour. However it does not check for ownership of the file, so an
+attacker can cause a libedit application to execute arbitrary key
+rebindings and exercise terminal capabilities by creating an .editrc
+file in a directory from which another user executes a libedit binary
+(e.g. root running ftp(1) from /tmp). This can be used to fool the
+user into unknowingly executing program commands which may compromise
+system security. For example, ftp(1) includes the ability to escape to
+a shell and execute a command, which can be done under libedit
+control.
+
+The supplied patch removes this behaviour and causes libedit to only
+search for its configuration file in the home directory of the user,
+if it exists and the binary is not running with increased privileges
+(i.e. setuid or setgid).
+
+FreeBSD 3.5-RELEASE is not affected by this vulnerability, although
+4.0-RELEASE is affected since the problem was discovered after it was
+released.
+
+III. Impact
+
+An attacker can cause a user to execute arbitrary commands within a
+program which is run from a directory to which the attacker has write
+access, potentially leading to system compromise if run as a
+privileged user (such as root).
+
+IV.  Workaround
+
+Do not interactively run utilities which link against libedit from
+directories which can be written to by other users.
+
+To identify utilities which link dynamically against libedit, download
+the libfind tool and detached PGP signature as follows: 
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:24/libfind.sh
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:24/libfind.sh.asc
+
+Verify the detached signature using your PGP utility.
+
+Run the libfind.sh tool as root, as follows:
+
+# sh libfind.sh libedit /
+
+Note that it is not feasible to locate utilities which link statically
+against libedit since there are no common strings embedded in such
+binaries. However the following is believed to be a complete list of
+statically and dynamically linked FreeBSD system utilities which link
+against the library:
+
+/bin/sh
+/sbin/fsdb
+/usr/bin/ftp
+/usr/sbin/cdcontrol
+/usr/sbin/lpc
+/usr/sbin/nslookup
+/usr/sbin/pppctl
+
+Because libedit is not a portable library in common use there are
+unlikely to be many FreeBSD ports which link statically against it: no
+such ports are known at this time.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable system to a version dated after the
+correction date.
+
+2) Save the advisory into a file or download the patch and detached
+PGP signature:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:24/libedit.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:24/libedit.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+Apply the patch and rebuild as follows:
+
+# cd /usr/src/lib/libedit
+# patch -p < /path/to/patch/or/advisory
+
+and rebuild your system as described in 
+
+http://www.freebsd.org/handbook/makeworld.html
+
+    --- el.c	1999/08/20 01:17:12	1.6
+    +++ el.c	2000/05/22 05:55:22	1.7
+    @@ -290,13 +294,10 @@
+         char *ptr, path[MAXPATHLEN];
+     
+         if (fname == NULL) {
+    -	fname = &elpath[1];
+    -	if ((fp = fopen(fname, "r")) == NULL) {
+    -	    if (issetugid() != 0 || (ptr = getenv("HOME")) == NULL)
+    -		return -1;
+    -	    (void)snprintf(path, sizeof(path), "%s%s", ptr, elpath);
+    -	    fname = path;
+    -	}
+    +	if (issetugid() != 0 || (ptr = getenv("HOME")) == NULL)
+    +	    return -1;
+    +	(void) snprintf(path, sizeof(path), "%s%s", ptr, elpath);
+    +	fname = path;
+         }
+     
+         if ((fp = fopen(fname, "r")) == NULL)
+    
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOWGmz1UuHi5z0oilAQF1rwP/QhuVAAmc1873YHkhTS8kMTPR63HoIlkc
+8VRgf0PU6Z3AObVq6fjt3ZikCUXf7d8NhiTqRdL1Cb/Koai56yP+E5Fqbt2U5JCC
+cNbWIlI8NYKxAybgOsx+9EJGSnGfrjjjvxG6MguwcyJ+W1DS3M41mDzv8C1hdpqw
+/QAi9qToH+Q=
+=TlZc
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:25.alpha-random.asc b/share/security/advisories/FreeBSD-SA-00:25.alpha-random.asc
new file mode 100644
index 0000000000..6e7192d043
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:25.alpha-random.asc
@@ -0,0 +1,134 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:25                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		FreeBSD/Alpha platform lacks kernel pseudo-random number
+		generator, some applications fail to detect this.
+
+Category:	core
+Module:		kernel
+Announced:	2000-06-12
+Affects:	FreeBSD/Alpha prior to the correction date.
+Corrected:	2000-05-10 (4.0-STABLE)
+		2000-04-28 (5.0-CURRENT)
+FreeBSD only:	Yes
+
+I.   Background
+
+The FreeBSD kernel provides a cryptographic-strength pseudo-random
+number generator via the /dev/random and /dev/urandom interfaces,
+which samples hardware measurements to provide a high-quality source
+of "entropy" (randomness).
+
+II.  Problem Description
+
+The FreeBSD port to the Alpha platform did not provide the /dev/random
+or /dev/urandom devices - this was an oversight during the development
+process which was not corrected before the Alpha port "became
+mainstream". FreeBSD/i386 is not affected.
+
+As a consequence, there is no way for Alpha systems prior to the
+correction date to obtain cryptographic-strength random numbers,
+unless an application "rolls its own" entropy gathering
+mechanism. This in itself is not a vulnerability, although it is an
+omission and a departure from the expected behaviour of a FreeBSD
+system.
+
+The actual vulnerability is that some applications fail to correctly
+check for a working /dev/random and do not exit with an error if it is
+not available, so this weakness goes undetected. OpenSSL 0.9.4, and
+utilities based on it, including OpenSSH (both of which are included
+in the base FreeBSD 4.0 system) are affected in this manner (this bug
+was corrected in OpenSSL 0.9.5)
+
+Therefore, cryptographic security systems on vulnerable FreeBSD/Alpha
+systems (including OpenSSH in the base FreeBSD 4.0 system) may have
+weakened strength, and cryptographic keys generated on such systems
+should not be trusted.
+
+III. Impact
+
+Cryptographic secrets (such as OpenSSH public/private keys) generated
+on FreeBSD/Alpha systems may be much weaker than their "advertised"
+strength, and may lead to data compromise to a dedicated and
+knowledgeable attacker.
+
+PGP/GnuPG keys, and keys generated by the SSH or SSH2 ports, are not
+believed to be weakened since that software will correctly detect the
+lack of a working /dev/random and use alternative sources of
+entropy. OpenSSH and OpenSSL are currently the only known vulnerable
+applications.
+
+IV.  Workaround
+
+None available.
+
+V.   Solution
+
+One of the following three options, followed by step 2).
+
+1a) Upgrade your FreeBSD/Alpha system to FreeBSD 4.0-STABLE after the
+correction date.
+
+1b) install the patched 4.0-RELEASE GENERIC kernel available from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz
+
+e.g. perform the following steps as root:
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.gz.asc
+
+[ Verify the detached PGP signature using your PGP utility - consult your
+utility's documentation for how to do this ]
+
+# gunzip kernel.gz
+# cp /kernel /kernel.old
+# chflags noschg /kernel
+# cp kernel /kernel
+# chflags schg /kernel
+
+1c) Download the kernel source patch and rebuild your FreeBSD/Alpha
+kernel, as follows:
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.sys.diff
+
+Download the detached PGP signature:
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:25/kernel.sys.diff.asc
+
+and verify the signature using your PGP utility.
+
+Apply the patch:
+
+# cd /usr/src
+# patch -p < /path/to/kernel.sys.diff
+
+Rebuild your kernel as described in
+
+http://www.freebsd.org/handbook/kernelconfig.html
+
+and reboot with the new kernel.
+
+NOTE: Because of the significant improvements to the FreeBSD/Alpha
+platform in FreeBSD 4.0, it is not planned at this time to backport
+the necessary changes to FreeBSD 3.4-STABLE.
+
+2) Immediately regenerate all OpenSSH-generated SSH keys and
+OpenSSL-generated SSL certificates, and any other data relying on
+cryptographic random numbers which were generated on FreeBSD/Alpha
+systems, whose strength cannot be verified. [Note: for most systems,
+the only significant vulnerability is likely to be from OpenSSH and
+OpenSSL-generated keys and certificates (e.g. for SSL webservers)]
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOUVa6lUuHi5z0oilAQG/VQP/bXSr0YdjwTVuHrc1JOTzKMqSJYyff50d
+6Jg7VNL+X2B7hQcWUC8Rn/m+qy6byc9g51v8Wyk70olUs1Fy4bTGh+iEpE0mbQ45
+tx75z/Uhq46fYP3ldBx9XvXJQxRHXrPos7gfTOVVdJcchIIgJdtxC7LfvOswbnvY
+EK+rxB2I9f8=
+=ee12
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:26.popper.asc b/share/security/advisories/FreeBSD-SA-00:26.popper.asc
new file mode 100644
index 0000000000..e833dd6679
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:26.popper.asc
@@ -0,0 +1,105 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:26                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          popper port contains remote vulnerability [REVISED]
+
+Category:       ports
+Module:         popper
+Announced:      2000-07-05
+Revised:	2000-07-11
+Credits:        Prizm <prizm@RESENTMENT.ORG>
+Affects:        Ports collection.
+Corrected:      2000-05-25
+Vendor status:  Notified
+FreeBSD only:   NO
+
+I.   Background
+
+QPopper is a popular POP3 mail server.
+
+II.  Problem Description
+
+The qpopper port, version 2.53 and earlier, incorrectly parses string
+formatting operators included in part of the email message header. A
+remote attacker can send a malicious email message to a local user
+which can cause arbitrary code to be executed on the server when a POP
+client retrieves the message using the UIDL command. The code is
+executed as the user who is retrieving mail: thus if root reads email
+via POP3 this can lead to a root compromise. This vulnerability is
+not present in qpopper-3.0.2, also available in FreeBSD ports.
+
+The qpopper port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3500 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.0 contains this
+problem since it was discovered after the release, but it was fixed in
+time for FreeBSD 3.5.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users can cause arbitrary code to be executed as the retrieving
+user when a POP client retrieves email.
+
+If you have not chosen to install the qpopper-2.53 port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the qpopper-2.53 port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the qpopper port,
+or upgrade to qpopper-3.0.2 available in /usr/ports/mail/popper3.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/qpopper-2.53.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/qpopper-2.53.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/qpopper-2.53.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/qpopper-2.53.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/qpopper-2.53.tgz
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/qpopper3-3.0.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/qpopper3-3.0.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/qpopper3-3.0.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/qpopper3-3.0.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/qpopper3-3.0.2.tgz
+
+3) download a new port skeleton for the qpopper port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+VI.   Revision History
+
+v1.0  2000-07-05  Initial release
+v1.1  2000-07-11  Correct URL of qpopper-2.53 package and note availability of
+                  qpopper3-3.0.2. Update size of ports collection.
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOWuXjlUuHi5z0oilAQGviQP/TQqQXqwU0TBkJbvdtuLLXZdcjywbX39p
+O5EgHOjsHxnLkfOCYXJ+wQ+2s88OZouFhsR4OcTJDC8UobgVlKicOOEShov6IkrN
+rwJfkc7fgxuLVOW8Y3ef3gixqhCkCsgMI5NlvKt88YThr1y0Z8GnK5u9gxz1YUKA
+M9iveHnUsSU=
+=5bHQ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:27.XFree86-4.asc b/share/security/advisories/FreeBSD-SA-00:27.XFree86-4.asc
new file mode 100644
index 0000000000..9f17c5cf86
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:27.XFree86-4.asc
@@ -0,0 +1,110 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:27                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          XFree86-4.0 port contains local root overflow
+
+Category:       ports
+Module:         Xfree86-4
+Announced:      2000-07-05
+Credits:        Michal Zalewski <lcamtuf@TPI.PL>
+Affects:        Ports collection.
+Corrected:      2000-06-09
+Vendor status:  Vendor eventually released patch
+FreeBSD only:   NO
+
+I.   Background
+
+XFree86 4.0 is a development version of the popular XFree86 X Windows
+system.
+
+II.  Problem Description
+
+XFree86 4.0 contains a local root vulnerability in the XFree86 server
+binary, due to incorrect bounds checking of command-line
+arguments.
+
+The server binary is setuid root, in contrast to previous versions
+which had a small setuid wrapper which performed (among other things)
+argument sanitizing. 
+
+The XFree86-4 port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3400 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.0 contains this
+problem since it was discovered after the release, but it was fixed in
+time for FreeBSD 3.5.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users can obtain root access.
+
+If you have not chosen to install the XFree86-4 port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the XFree86-4 port/package, if you you have installed it, or
+limit the execution file permissions on the /usr/X11R6/bin/XFree86
+binary so that only members of a trusted group may run the binary.
+
+V.   Solution
+
+At this time, we do not recommend using XFree86 4.0 on multi-user
+systems with untrusted users, because of the lack of security in the
+server binary. The current "stable" version, XFree86 3.3.6, is also
+available in FreeBSD ports.
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the XFree86-4 port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/XFree86-4.0.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/XFree86-4.0.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11/XFree86-4.0.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/XFree86-4.0.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11/XFree86-4.0.tar.gz
+
+An updated version of XFree86, version 4.0.1, has just been released,
+which is believed to also fix the problems detailed in this advisory,
+however the X server is still installed setuid root and so the above
+warning against installation on multi-user machines still applies. The
+packages will be available at the following locations in the next few
+days:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/XFree86-4.0.1.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/XFree86-4.0.1.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11/XFree86-4.0.1.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/XFree86-4.0.1.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11/XFree86-4.0.1.tar.gz
+
+3) download a new port skeleton for the XFree86-4 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOWGrplUuHi5z0oilAQFDjgP9E3l6VG7ic+F0HMDsSDGbsYrIFM3hvBDJ
+hu22Vu/F18PyeOVrgZY4ljE/BvdSy4bJMJSDJsrP4jYicse7ArwvSLEJOjoIuPoK
+ErUCz34UgNAWs+zszFD0V5xAuWH3Oyii4qamqDnSaurYl6oKp5tPNx2vSrA3UDxM
+moK703Mpfak=
+=nu3f
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:28.majordomo.asc b/share/security/advisories/FreeBSD-SA-00:28.majordomo.asc
new file mode 100644
index 0000000000..14c8907504
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:28.majordomo.asc
@@ -0,0 +1,76 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:28                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          majordomo is not safe to run on multi-user machines
+
+Category:       ports
+Module:         majordomo
+Announced:      2000-07-05
+Affects:        Ports collection.
+Corrected:      See below
+Vendor status:  Problem documented
+FreeBSD only:   NO
+
+I.   Background
+
+Majordomo is a popular mailing-list manager.
+
+II.  Problem Description
+
+Majordomo contains a number of perl scripts which are executed by a
+setuid wrapper for providing mailing-list management
+functionality. However there are numerous weaknesses in these scripts
+which allow unprivileged users to run arbitrary commands as the
+majordomo user, as well as obtaining read and write access to the
+mailing list data.
+
+The majordomo port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3400 third-party applications in a ready-to-install
+format.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users can run commands as the 'majordomo' user,
+including accessing and modifying mailing-list subscription data.
+
+If you have not chosen to install the majordomo port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the majordomo port/package, if you you have installed it, or
+limit the permissions of the majordomo/ directory and/or its contents
+appropriately (see below).
+
+V.   Solution
+
+Since the vendor has chosen not to fix the various security holes in
+the default installation of majordomo, there is no simple solution. It
+may be possible to adequately secure the majordomo installation while
+retaining required functionality, by tightening the permissions on the
+/usr/local/majordomo directory and/or its contents, but these actions
+are not taken by the FreeBSD port and are beyond the scope of this
+advisory.
+
+Instead we recommend that majordomo not be used on a system which
+contains untrusted users, or an alternative mailing-list manager be
+used. There are several such utilities in the FreeBSD ports
+collection.
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOWGsGFUuHi5z0oilAQFUtgP9Gwb/h0AFJB8RH9LkE3zlmaTfePGGnIgk
+/SBux8RBiwPnEw4M25mZt26eV6Bd/MIdN8Gnb7q551TD8nrZu0N6//vi5w8uM5/l
+itRXtnE4FfqERWOTOt25b8N0kCtqESqGMPMyA1m1x+7wFHpq1B69gsQl8MbohUr5
+NlLkkEu6AQI=
+=EkWc
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:29.wu-ftpd.asc b/share/security/advisories/FreeBSD-SA-00:29.wu-ftpd.asc
new file mode 100644
index 0000000000..1e3c906936
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:29.wu-ftpd.asc
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:29                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          wu-ftpd port contains remote root compromise [REVISED]
+
+Category:       ports
+Module:         wu-ftpd
+Announced:      2000-07-05
+Revised:        2000-07-11
+Credits:        tf8 <tf8@ZOLO.FREELSD.NET>
+Affects:        Ports collection.
+Corrected:      2000-06-24
+Vendor status:  Contacted
+FreeBSD only:   NO
+
+I.   Background
+
+wu-ftpd is a popular FTP server.
+
+II.  Problem Description
+
+The wu-ftpd port, versions 2.6.0 and below, contains a vulnerability
+which allows FTP users, both anonymous FTP users and those with a
+valid account, to execute arbitrary code as root on the local machine,
+by inserting string-formatting operators into command input, which are
+incorrectly parsed by the FTP server.
+
+The wu-ftpd port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3500 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5 and 4.0
+contains this problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+FTP users, including anonymous FTP users, can cause arbitrary commands
+to be executed as root on the local machine.
+
+If you have not chosen to install the wu-ftpd port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the wu-ftpd port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the wu-ftpd port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/wu-ftpd-2.6.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/wu-ftpd-2.6.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/wu-ftpd-2.6.0.tgz
+
+NOTE: It may be several days before updated packages are available. Be
+sure to check the file creation date on the package, because the
+version number of the software has not changed.
+
+3) download a new port skeleton for the wu-ftpd port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+VI.   Revision History
+
+v1.0  2000-07-05  Initial release
+v1.1  2000-07-11  Clarify that vulnerability affects all FTP users, not
+                  just anonymous FTP. Correct URL of package. Update
+                  size of ports collection.
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOWuZzVUuHi5z0oilAQH+bgQAhpYzJ0xiU787xQFr/YnOJHe0k/CJiDOU
+yrfyvGq4Grl4F/czojsyRTd5DwQzBKqIYm1H/z73gxI6nbEe0KaP+omfpzaAy7iK
+pLyQJ5qbjQLuc54ed+gV1+lH84QkuMHzUygj5iqvjn91uAA5nMKEMnGbESZz3J4J
+NjYmA1EfXbI=
+=T7IG
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:30.openssh.asc b/share/security/advisories/FreeBSD-SA-00:30.openssh.asc
new file mode 100644
index 0000000000..f4646636d0
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:30.openssh.asc
@@ -0,0 +1,141 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:30                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          OpenSSH UseLogin directive permits remote root access
+
+Category:       core
+Module:         openssh
+Announced:      2000-07-05
+Credits:        Markus Friedl <markus@OpenBSD.org>
+Affects:        FreeBSD 4.0-RELEASE, FreeBSD 4.0-STABLE and 5.0-CURRENT
+                prior to the correction date
+Corrected:      2000-06-11
+Vendor status:  Disclosed vulnerability.
+FreeBSD only:   NO
+
+I.   Background
+
+OpenSSH is an implementation of the SSH1 (and SSH2 in later versions)
+secure shell protocols for providing encrypted and authenticated
+network access, which is available free for unrestricted use.
+
+II.  Problem Description
+
+The sshd server is typically invoked as root so it can manage general
+user logins. OpenSSH has a configuration option, not enabled by
+default ("UseLogin") which specifies that user logins should be done
+via the /usr/bin/login command instead of handled internally.
+
+OpenSSH also has a facility to enable remote users to execute commands
+on the server non-interactively. In this case, the UseLogin directive
+fails to correctly drop root privileges before executing the command,
+meaning that remote users without root access can execute commands on
+the local system as root.
+
+Note that with the default configuration, OpenSSH is not vulnerable to
+this problem, and this option is not needed for the vast majority of
+systems.
+
+OpenSSH is installed if you chose to install the 'crypto' distribution
+at install-time or when compiling from source, and you either have the
+international RSA libraries or installed the RSAREF port.
+
+III. Impact
+
+If your sshd configuration was modified to enable the 'UseLogin'
+directive then remote users with SSH access to the local machine can
+execute arbitrary commands as root.
+
+IV.  Workaround
+
+Set 'UseLogin No' in your /etc/ssh/sshd_config file and restart the
+SSH server by issuing the following command as root:
+
+# kill -HUP `cat /var/run/sshd.pid`
+
+This will cause the parent process to respawn and reread its
+configuration file, and should not interfere with existing SSH sessions.
+
+Note that a bug in sshd (discovered during preparation of this
+advisory, fixed in FreeBSD 5.0-CURRENT and 4.0-STABLE as of
+2000-07-03) means that it will fail to restart correctly unless it was
+originally invoked with an absolute path (i.e. "/usr/sbin/sshd"
+instead of "sshd"). Therefore you should verify that the server is
+still running after you deliver the HUP signal:
+
+# ps -p `cat /var/run/sshd.pid`
+  PID  TT  STAT      TIME COMMAND
+ 2110  ??  Ss     0:00.97 /usr/sbin/sshd
+
+If the server is no longer running, restart it by issuing the
+following command as root:
+
+# /usr/sbin/sshd
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade to FreeBSD 4.0-STABLE or 5.0-CURRENT after the correction
+date. Note that these versions of FreeBSD contain a newer version of
+OpenSSH than was in 4.0-RELEASE, version 2.1, which provides enhanced
+functionality including support for the SSH2 protocol and DSA keys.
+
+2) Save this advisory as a file and extract the relevant patch for
+your version of FreeBSD, or download the relevant patch and detached
+PGP signature from the following location:
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:30/sshd.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:30/sshd.patch.asc
+
+Verify the detached signature using your PGP utility.
+
+Issue the following commands as root:
+
+# cd /usr/src/crypto/openssh
+# patch -p < /path/to/patch/or/advisory
+# cd /usr/src/secure/lib/libssh
+# make all
+# cd /usr/src/secure/usr.sbin/sshd
+# make all install
+# kill -HUP `cat /var/run/sshd.pid`
+
+See the note in the "Workarounds" section about verifying that the
+sshd server is still running.
+
+VI.   Patch
+
+   Index: sshd.c
+   ===================================================================
+   RCS file: /home/ncvs/src/crypto/openssh/sshd.c,v
+   retrieving revision 1.6
+   diff -u -r1.6 sshd.c
+   --- sshd.c	2000/03/09 14:52:31	1.6
+   +++ sshd.c	2000/07/04 03:40:46
+   @@ -2564,7 +2564,13 @@
+    	char *argv[10];
+    #ifdef LOGIN_CAP
+    	login_cap_t *lc;
+   +#endif
+    
+   +	/* login(1) is only called if we execute the login shell */
+   +	if (options.use_login && command != NULL)
+   +		options.use_login = 0;
+   +
+   +#ifdef LOGIN_CAP
+    	lc = login_getpwclass(pw);
+    	if (lc == NULL)
+    		lc = login_getclassbyname(NULL, pw);
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOWPAn1UuHi5z0oilAQEt8QP+KlhsdMVqBjI6mhO/opnpIr+vFo5zxu4R
+rhPwSfyXf/ufRPcJbiQFjBlHwQWaOnt2N3w6MJYI4qNySPHmqIa1Cnxv8Em0K/ke
+wdFr8sXOZiqgBbu1aJRSsB+5Vc/TQFdHcY/QGwpUIUGYkDvEYcp46iDpQgiS41BW
+9hRgZIgcigo=
+=nEJ0
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:31.canna.asc b/share/security/advisories/FreeBSD-SA-00:31.canna.asc
new file mode 100644
index 0000000000..95a94973ac
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:31.canna.asc
@@ -0,0 +1,116 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:31                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Canna port contains remote vulnerability [REVISED]
+
+Category:       ports
+Module:         Canna
+Announced:      2000-07-05
+Revised:        2000-07-11
+Affects:        Ports collection.
+Corrected:      2000-06-29
+Credits:	Shadow Penguin Security
+                <http://shadowpenguin.backsection.net/advisories/index.html>
+Vendor status:  Contacted
+FreeBSD only:   NO
+
+I.   Background
+
+Canna is a Kana-Kanji conversion server.
+
+II.  Problem Description
+
+The Canna server contains an overflowable buffer which may be
+exploited by a remote user to execute arbitrary code on the local
+system as user 'bin'.
+
+The Canna port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3500 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 3.5 contains this
+vulnerability since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users can run arbitrary code as user 'bin' on the local system.
+Depending on the local system configuration, the attacker may be able
+to upgrade privileges further by exploiting local vulnerabilities.
+
+If you have not chosen to install the Canna port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+One of the following:
+
+1) Deinstall the Canna port/package, if you you have installed it.
+
+2) Consider limiting remote access to the Canna server using ipfw(8)
+or ipf(8).
+
+3) Create a /etc/hosts.canna file on the Canna server and list the
+hosts which you wish to allow access to the Canna server. For example,
+if you want to allow access via localhost only, include the following
+in your /etc/hosts.canna file:
+
+        localhost
+        unix
+
+If you want to allow access via localhost and some-other-host.com,
+which has IP address x.y.z.w, include the following:
+
+        localhost
+        unix
+        x.y.z.w
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the Canna port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/japanese/ja-Canna-3.2.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/japanese/ja-Canna-3.2.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/japanese/ja-Canna-3.2.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/japanese/ja-Canna-3.2.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/japanese/ja-Canna-3.2.2.tgz
+
+Note: it may be several days before updated packages are available.
+
+3) download a new port skeleton for the Canna port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+VI.   Revision History
+
+v1.0  2000-07-05  Initial release
+v1.1  2000-07-11  Add additional access-control method submitted by KOJIMA Hajime <kjm@rins.ryukoku.ac.jp>
+                  Correct package URL. Update size of ports collection.
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOWuZD1UuHi5z0oilAQEAOgP9FFIPBLNxpRkRC4lQqNHDcBQ/7EOapw1p
+YstPyT2sJkykj66QtS4CC5Wd4r7qy4EPQodAqYFgQqMRNyZX3PNzuoRTB+CNzE3f
+bV1bQq75FTpWBlDhD1LMxSjywgENeBUkuq214diIzUJMBucOa9caFDZ5K+22WquR
+S5O/SGoqI/A=
+=dynV
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:32.bitchx.asc b/share/security/advisories/FreeBSD-SA-00:32.bitchx.asc
new file mode 100644
index 0000000000..bda36aae46
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:32.bitchx.asc
@@ -0,0 +1,93 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:32                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          bitchx port contains client-side vulnerability
+
+Category:       ports
+Module:         bitchx
+Announced:      2000-07-05
+Affects:        Ports collection.
+Corrected:      2000-07-03
+Vendor status:  Patch released
+FreeBSD only:   NO
+
+I.   Background
+
+BitchX is a popular IRC client.
+
+II.  Problem Description
+
+The bitchx client incorrectly parses string-formatting operators
+included as part of channel invitation messages sent by remote IRC
+users. This can cause the local client to crash, and may possibly
+present the ability to execute arbitrary code as the local user.
+
+The bitchx port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3400 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 4.0 and 3.5 contain
+this problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote IRC users can cause the local client to crash, and possibly
+execute code as the local user.
+
+If you have not chosen to install the bitchx port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Issue the following bitchx command (e.g. as part of a startup script):
+
+/ignore * invites
+
+which will disable processing of channel invitation messages.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the bitchx port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/bitchx-1.0c16.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/bitchx-1.0c16.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/bitchx-1.0c16.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/bitchx-1.0c16.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/bitchx-1.0c16.tar.gz
+
+NOTE: It may be several days before updated packages are available. Be
+sure to check the file creation date on the package, because the
+version number of the software has not changed.
+
+3) download a new port skeleton for the bitchx port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/ports/packages/devel/portcheckout-1.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOWGvPlUuHi5z0oilAQGEQAP+MbpDIPmejoZUcpVCpIBFP+2LwmR/ouwu
+LMuDVgY5l3kaWNIypTNAbMVPDZFx1l3+LEUJfurBLydpH8PnB17C7tE+uPXpNDzA
+ph3jjHXazN8DvvdYCD6EcEXccgGIWREz+OUPsH4VZtqC0g84Lt7tpZwBFZ+Fh2Py
+gjxO4c2fPE8=
+=B4nR
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:33.kerberosIV.asc b/share/security/advisories/FreeBSD-SA-00:33.kerberosIV.asc
new file mode 100644
index 0000000000..5ba16436ff
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:33.kerberosIV.asc
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:33                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		kerberosIV distribution contains multiple vulnerabilities
+                under FreeBSD 3.x
+
+Category:	core
+Module:		kerberosIV
+Announced:	2000-07-12
+Credits:	Assar Westerlund <assar@FreeBSD.org>
+Affects:	FreeBSD 3.x systems prior to the correction date
+Corrected:	2000-07-06
+FreeBSD only:	NO
+
+I.   Background
+
+KTH Kerberos is an implementation of the Kerberos 4 protocol which
+is distributed as an optional component of the base system.
+
+II.  Problem Description
+
+Vulnerabilities in the MIT Kerberos 5 port were the subject of an
+earlier FreeBSD Security Advisory (SA-00:20). At the time it was
+believed that the implementation of Kerberos distributed with FreeBSD
+was not vulnerable to these problems, but it was later discovered that
+FreeBSD 3.x contained an older version of KTH Kerberos 4 which is in
+fact vulnerable to at least some of these vulnerabilities. FreeBSD
+4.0-RELEASE and later are unaffected by this problem, although FreeBSD
+3.5-RELEASE is vulnerable.
+
+The exact extent of the vulnerabilities are not known, but are likely
+to include local root vulnerabilities on both Kerberos clients and
+servers, and remote root vulnerabilities on Kerberos servers. For the
+client vulnerabilities, it is not necessary that Kerberos client
+functionality be actually configured, merely that the binaries be
+present on the system.
+
+III. Impact
+
+Local or remote users can obtain root access on the system running
+Kerberos, whether as client or server.
+
+If you have not chosen to install the KerberosIV distribution on your
+FreeBSD 3.x system, then your system is not vulnerable to this
+problem.
+
+IV.  Workaround
+
+Due to the nature of the vulnerability there are several programs and
+network services which are affected. The following libraries and
+utilities are installed by the KerberosIV distribution and must be
+removed or replaced with non-Kerberos versions to disable all
+Kerberos-related code.
+
+bin/rcp (*)
+sbin/dump (*)
+sbin/restore (*)
+usr/bin/kadmin
+usr/bin/kauth
+usr/bin/kdestroy
+usr/bin/kinit
+usr/bin/klist
+usr/bin/ksrvtgt
+usr/bin/telnet (*)
+usr/bin/cvs (*)
+usr/bin/passwd (*)
+usr/bin/rlogin (*)
+usr/bin/rsh (*)
+usr/bin/su (*)
+usr/lib/libacl.a
+usr/lib/libacl_p.a
+usr/lib/libacl.so.3
+usr/lib/libacl.so
+usr/lib/libkadm.a
+usr/lib/libkadm_p.a
+usr/lib/libkadm.so.3
+usr/lib/libkadm.so
+usr/lib/libkafs.a
+usr/lib/libkafs_p.a
+usr/lib/libkafs.so.3
+usr/lib/libkafs.so
+usr/lib/libkdb.a
+usr/lib/libkdb_p.a
+usr/lib/libkdb.so.3
+usr/lib/libkdb.so
+usr/lib/libkrb.a
+usr/lib/libkrb_p.a
+usr/lib/libkrb.so.3
+usr/lib/libkrb.so
+usr/lib/libtelnet.a
+usr/lib/libtelnet_p.a
+usr/libexec/kauthd
+usr/libexec/kipd
+usr/libexec/kpropd
+usr/libexec/telnetd (*)
+usr/libexec/rlogind (*)
+usr/libexec/rshd (*)
+usr/sbin/ext_srvtab
+usr/sbin/kadmind
+usr/sbin/kdb_destroy
+usr/sbin/kdb_edit
+usr/sbin/kdb_init
+usr/sbin/kdb_util
+usr/sbin/kerberos
+usr/sbin/kip
+usr/sbin/kprop
+usr/sbin/ksrvutil
+usr/sbin/kstash
+
+The files marked with a "(*)" are part of the base FreeBSD system when
+the Kerberos distribution is not installed, and are replaced when
+Kerberos is installed. Therefore you will need to replace them with
+non-Kerberos versions from another system, or perform a recompilation
+or reinstallation of FreeBSD after removal, if you wish to continue to
+use them.
+
+If you have chosen to install any ports with Kerberos support, such as
+the security/ssh port, then you should also remove, or recompile these
+with support disabled.
+
+As an interim measure, access control measures (either a perimeter
+firewall, or a local firewall on the affected machine - see the
+ipfw(8) manpage for more information) can be used to prevent remote
+systems from connecting to Kerberos services on a vulnerable Kerberos
+server.
+
+V.   Solution
+
+Upgrade your vulnerable FreeBSD 3.x system to a version of FreeBSD
+dated after the correction date (FreeBSD 3.5-STABLE dated after the
+correction date, 4.0-RELEASE or 4.0-STABLE). See
+http://www.freebsd.org/handbook/makeworld.html for more information
+about upgrading FreeBSD from source.
+
+Be sure to install the Kerberos code when performing an upgrade
+(whether by source or by a binary upgrade) to ensure that the old
+binaries are no longer present on the system.
+
+See the note in section IV. above about recompiling ports which were
+compiled with Kerberos support.
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOWzyeVUuHi5z0oilAQFJEwP/ZaecQhuSYfdR4ckwsDtGF86AvmRuqkTo
+8A55zz2DeBUPKAVrvJAEuzM15zEL4+w+dofCep9gMAPWlgpNoNHRs4H3BLUjMiXc
+UpFgKDYtY/gwYXZKOLVbe4as++G2Polk+oQXrRItV1LGKbjrtjuozPRGmkwCYwOk
+/rUWX1tCNLI=
+=ysen
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:34.dhclient.asc b/share/security/advisories/FreeBSD-SA-00:34.dhclient.asc
new file mode 100644
index 0000000000..e00a0e089b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:34.dhclient.asc
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:34                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		dhclient vulnerable to malicious dhcp server
+
+Category:	core, ports
+Module:		dhclient, isc-dhcp2 (ports), isc-dhcp3 (ports)
+Announced:	2000-08-14
+Affects:        All releases of FreeBSD after FreeBSD 3.2-RELEASE and
+                prior to the correction date (including FreeBSD 4.0
+                and 3.5, but not 4.1)
+                Ports collection prior to the correction date.
+Credits:	OpenBSD
+Vendor status:	Updated version released
+Corrected:	2000-07-20 [FreeBSD 4.0 base system]
+                2000-08-01 [isc-dhcp2 port]
+                2000-07-21 [isc-dhcp3 port]
+FreeBSD only:	NO
+
+I.   Background
+
+ISC-DHCP is an implementation of the DHCP protocol containing client
+and server. FreeBSD 3.2 and above includes the version 2 client by
+default in the base system, and the version 2 and version 3 clients
+and servers in the Ports Collection.
+
+II.  Problem Description
+
+The dhclient utility (DHCP client), versions 2.0pl2 and before (for
+the version 2.x series), and versions 3.0b1pl16 and before (for the
+version 3.x series) does not correctly validate input from the server,
+allowing a malicious DHCP server to execute arbitrary commands as root
+on the client. DHCP may be enabled if your system was initially
+configured from a DHCP server at install-time, or if you have
+specifically enabled it after installation.
+
+FreeBSD 4.1 is not affected by this problem since it contains the
+2.0pl3 client.
+
+III. Impact
+
+An attacker who has or gains control of a DHCP server may gain
+additional root access to DHCP clients running vulnerable versions of
+ISC-DHCP.
+
+If you are not using dhclient to configure client machines via DHCP,
+or your DHCP server is "trusted" according to your local security
+policy, then this vulnerability does not apply to you.
+
+IV.  Workaround
+
+Disable the use of DHCP for configuring client machines: remove the
+case-insensitive string "dhcp" from the "ifconfig_<foo>" directives in
+/etc/rc.conf and replace it with appropriate static interface
+configuration according to the rc.conf(5) manpage.
+
+An example of a DHCP-enabled interface is the following line in
+/etc/rc.conf:
+
+ifconfig_xl0="DHCP"
+
+V.   Solution
+
+NOTE: At this time the FreeBSD 3.x branch has not yet been patched,
+due to logistical difficulties. Users running a vulnerable 3.x system
+are advised to either upgrade to FreeBSD 4.1, disable the use of
+DHCP as described above, or use the dhclient binary from the isc-dhcp2
+port dated after the correction date.
+
+1) Upgrade your vulnerable FreeBSD 4.0 system to a version dated after the
+correction date. See
+
+http://www.freebsd.org/handbook/makeworld.html
+
+for instructions on how to upgrade and recompile your FreeBSD system
+from source, or perform a binary upgrade, e.g. to FreeBSD 4.1-RELEASE,
+described here:
+
+http://www.freebsd.org/releases/4.1R/notes.html
+
+2) (If using the isc-dhcp2 or isc-dhcp3 ports) One of the following:
+
+2a) Upgrade your entire ports collection and rebuild the isc-dhcp2 or isc-dhcp3 port.
+
+2b) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[isc-dhcp3]
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/isc-dhcp3-3.0.b1.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/isc-dhcp3-3.0.b1.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/isc-dhcp3-3.0.b1.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/isc-dhcp3-3.0.b1.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/isc-dhcp3-3.0.b1.17.tgz
+
+NOTE: The isc-dhcp2 port is not available as a package.
+
+2c) download a new port skeleton for the isc-dhcp2 or isc-dhcp3 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+2d) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOZh3J1UuHi5z0oilAQHXBQQAmCLlTUfikHbgBelFd22agjTo/AVwR933
+El0AMRHakiBJAHTMseZ4Nj+HyGUgVzD3oRMgmjx1u+HUCQM2/akuXXZdSHlur5Jc
+OyEGxcwxyzYXnNzWAL1vh6MYrpkGDfh74bHircLdO16d6uC1d+0VFmkxUOOFN4zb
+g7yK3m2ZOxo=
+=qTwd
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:35.proftpd.asc b/share/security/advisories/FreeBSD-SA-00:35.proftpd.asc
new file mode 100644
index 0000000000..09b0b1b277
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:35.proftpd.asc
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:35                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          proftpd port contains remote root compromise
+
+Category:       ports
+Module:         proftpd
+Announced:      2000-08-14
+Credits:        lamagra <lamagra@DIGIBEL.ORG>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000/07/28
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+proftpd is a popular FTP server.
+
+II.  Problem Description
+
+The proftpd port, versions prior to 1.2.0rc2, contains a vulnerability
+which allows FTP users, both anonymous FTP users and those with a
+valid account, to execute arbitrary code as root on the local machine,
+by inserting string-formatting operators into command input, which are
+incorrectly parsed by the FTP server.
+
+This is the same class of vulnerability as the one described in
+FreeBSD Security Advisory 00:29, which pertained to the wu-ftpd port.
+
+The proftpd port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains nearly 3700 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5 contains this
+problem since it was discovered after the release, but FreeBSD 4.1 did
+not ship with the proftpd package (and the port was disabled to
+prevent building) because the vulnerability was known but not yet
+fixed.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+FTP users, including anonymous FTP users, can cause arbitrary commands
+to be executed as root on the local machine.
+
+If you have not chosen to install the proftpd port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the proftpd port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the proftpd port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/proftpd-1.2.0rc2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/proftpd-1.2.0rc2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/proftpd-1.2.0rc2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/proftpd-1.2.0rc2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/proftpd-1.2.0rc2.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the proftpd port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOZh1u1UuHi5z0oilAQFYQQP/UH7MbeD/cm3aPGrPdb8NXUo9giAajayX
+uWazNh+kfJGUrpVg3DaYo7jY2ZG5yrBBo5kZRFUUSy5OpDvD20I3QBhtNV0gWItD
+n2mkSDP90BG4scmVuwx+GexCz5gZ+frpM2hKXlhtFqJRMA2Sk0R4vzapIvc16EFN
+6nraHfzVSCk=
+=7ifu
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:36.ntop.asc b/share/security/advisories/FreeBSD-SA-00:36.ntop.asc
new file mode 100644
index 0000000000..9c84c640ea
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:36.ntop.asc
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:36                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          ntop port allows remote and minor local compromise
+
+Category:       ports
+Module:         ntop
+Announced:      2000-08-14
+Credits:        Discovered during internal auditing
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-08-12 (However see below)
+Vendor status:  Contacted
+FreeBSD only:   NO
+
+I.   Background
+
+ntop is a utility for monitoring and summarizing network usage, from
+the command-line or remotely via HTTP.
+
+II.  Problem Description
+
+The ntop software is written in a very insecure style, with many
+potentially exploitable buffer overflows (including several
+demonstrated ones) which could in certain conditions allow the local
+or remote user to execute arbitrary code on the local system with
+increased privileges.
+
+By default the ntop port is installed setuid root and only executable
+by root and members of the 'wheel' group. The 'wheel' group is
+normally only populated by users who also have root access, but this
+is not necessarily the case (the user must know the root password to
+increase his or her privileges). ntop allows a member of the wheel
+group to obtain root privileges directly through a local exploit.
+
+If invoked in 'web' mode (ntop -w) then any remote user who can
+connect to the ntop server port (which is determined by local
+configuration) can execute arbitrary code on the server as the user
+running the ntop process, regardless of whether or not they can
+authenticate to the ntop server by providing a valid username and
+password.
+
+This will not necessarily yield root privileges unless ntop -w is
+executed as root since by the time it services network connections the
+program has dropped privileges, although it retains the ability to
+view all network traffic on the sampled network interface (instead of
+just the connection summaries which ntop normally presents). However,
+since ntop is not executable by unprivileged users, it is likely that
+the majority of installations using 'ntop -w' are doing so as root, in
+which case full system compromise is directly possible.
+
+The ntop port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains nearly 3700 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5 and 4.1
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local users who are members of the wheel group can obtain root
+privileges without having to pass through the normal system security
+mechanisms (i.e. entering the root password). If ntop is run in "web"
+mode (ntop -w) then remote users who can connect to the ntop server
+port can also execute arbitrary code on the server as the user running
+ntop -w (usually root).
+
+If you have not chosen to install the ntop port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+1) Remove the setuid bit from the ntop binary so that only the
+superuser may execute it. Depending on local policy this vulnerability
+may not present significant risk.
+
+2) Avoid using ntop -w. If ntop -w is required, consider imposing
+access controls to limit access to the ntop server port (e.g. using a
+perimeter firewall, or ipfw(8) or ipf(8) on the local machine). Note
+that specifying a username/password access list within the ntop
+configuration file is insufficient, as noted above. Users who pass the
+access restrictions can still gain privileges as described above.
+
+V.   Solution
+
+Due to the lack of attention to security in the ntop port no simple
+fix is possible: for example, the local root overflow can easily be
+fixed, but since ntop holds a privileged network socket a member of
+the wheel group could still obtain direct read access to all network
+traffic by exploiting other vulnerabilities in the program, which
+remains a technical security violation.
+
+The FreeBSD port has been changed to disable '-w' mode and remove the
+setuid bit, so that the command is only available locally to the
+superuser. Full functionality will be restored once the ntop
+developers have addressed these security concerns and provided an
+adequate fix - this advisory will be reissued at that time.
+
+To upgrade your ntop port/package, perform one of the following:
+
+1) Upgrade your entire ports collection and rebuild the ntop port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/ntop-1.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/ntop-1.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/ntop-1.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/ntop-1.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/ntop-1.1.tgz
+
+NOTE: It may be several days before updated packages are available. Be
+sure to check the file creation date on the package, because the
+version number of the software has not changed.
+
+3) download a new port skeleton for the ntop port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOZh1m1UuHi5z0oilAQFcIgQArlP0hzT+scsGxjI7wTWXh5fgm5E+CFh0
+EfeIvYgGCzsCCCAS0nm3vo+a1IUxloJdk27K2oO4aCjTLy+gLe/vnW28gWn9dzle
+nIyUDFudMpsx/WpO4F4UkMPTX+w0fiWpNvY2KddjwOeBn2xhRJik9ZVTMpc7zTe6
++2DGgV9jAnM=
+=9UuJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:37.cvsweb.asc b/share/security/advisories/FreeBSD-SA-00:37.cvsweb.asc
new file mode 100644
index 0000000000..b610d5488f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:37.cvsweb.asc
@@ -0,0 +1,106 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:37                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          cvsweb allows increased access to CVS committers
+
+Category:       ports
+Module:         cvsweb
+Announced:      2000-08-14
+Credits:        Joey Hess <joey@kitenet.net>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-07-11
+Vendor status:  Patch released
+FreeBSD only:   NO
+
+I.   Background
+
+cvsweb is a CGI script which provides a read-only interface to a CVS
+repository for browsing via a web interface.
+
+II.  Problem Description
+
+The cvsweb port, versions prior to 1.86, contains a vulnerability
+which allows users with commit access to a CVS repository monitored by
+cvsweb to execute arbitrary code as the user running the cvsweb.cgi
+script, which may be located on another machine where the committer
+has no direct access. The vulnerability is that cvsweb does not
+correctly process input obtained from the repository and is vulnerable
+to embedding of commands in committed filenames. Such an action is
+however usually highly visible in the CVS repository and provides an
+audit trail of sorts for such abuses unless the committer has access
+to modify the repository files directly to cover his or her tracks.
+
+This vulnerability may or may not be a security issue depending on the
+local security policy (for example, CVS itself is known to easily
+allow committers to execute commands on the CVS server even without a
+login account, so this presents little additional exposure if cvsweb
+is run on the CVS server itself).
+
+The cvsweb port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains nearly 3700 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5 contains this
+problem since it was discovered after the release, but it was fixed
+prior to the release of FreeBSD 4.1.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+CVS committers can execute code as the user running the cvsweb.cgi
+script, which may present a violation of local security policy.
+
+If you have not chosen to install the cvsweb port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the cvsweb port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the cvsweb port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/cvsweb-1.93.1.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/cvsweb-1.93.1.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/cvsweb-1.93.1.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/cvsweb-1.93.1.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/cvsweb-1.93.1.10.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the cvsweb port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOZh1qlUuHi5z0oilAQEAjAP7B+Kss7dLQ3upyq8HLwVMr5fhOPgW6TWK
+BtkZ71mBapFQleZi9vWbpd/R2Cow7i42nsZQi8d7kERiXJRW6EGXr125aIA5NopV
+1NoR4BKa9KYOP0CI9jqYUWiMj5PfNy03HlLbrDzHbGOIbqMqcsERXEFNGvt0Qvb4
+qkjHlQ9faRE=
+=VajH
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:38.zope.asc b/share/security/advisories/FreeBSD-SA-00:38.zope.asc
new file mode 100644
index 0000000000..93220ee8cf
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:38.zope.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:38                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          zope port allows remote modification of DTML documents
+
+Category:       ports
+Module:         zope
+Announced:      2000-08-14
+Credits:        Unknown
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-08-05
+Vendor status:  Patch released
+FreeBSD only:   NO
+
+I.   Background
+
+zope is an object-based dynamic web application platform.
+
+II.  Problem Description
+
+To quote the vendor advisory about this problem:
+
+> The issue involves an inadequately protected method in one of
+> the base classes in the DocumentTemplate package that could allow
+> the contents of DTMLDocuments or DTMLMethods to be changed
+> remotely or through DTML code without forcing proper user
+> authorization.
+
+The zope port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+nearly 3700 third-party applications in a ready-to-install format. The
+ports collections shipped with FreeBSD 3.5 contains this problem, but
+FreeBSD 4.1 did not ship with the proftpd package (and the port was
+disabled to prevent building) because the vulnerability was known but
+not yet fixed.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users can modify DTML documents without authorization.
+
+If you have not chosen to install the zope port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the zope port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the zope port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/zope-2.2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/zope-2.2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/zope-2.2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/zope-2.2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/zope-2.2.0.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the zope port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOZh1lFUuHi5z0oilAQFsowP+JE+R5hHUpY0pDfNl9Dd/ai354XJh8PYG
+X5DlmdMTMiByXkR0KMZBMB9SuRljuqBsknc8L3KB8UIyMUccnN0IhsFqZ2WEYiY4
+EAgS7I5EPTf/4y6g81Vt4g+s3l2XXu845kOv92hwJxFgUMINVXrIduJpdICAgcpr
+rcw+4BM/Www=
+=AoKX
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:39.netscape.asc b/share/security/advisories/FreeBSD-SA-00:39.netscape.asc
new file mode 100644
index 0000000000..8a3b037706
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:39.netscape.asc
@@ -0,0 +1,117 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:39                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Two vulnerabilities in Netscape
+
+Category:       ports
+Module:         netscape
+Announced:      2000-08-28
+Credits:        Solar Designer <solar@FALSE.COM> (Vulnerability #1)
+                Dan Brumleve <dan+Bsecurity@brumleve.com> (Vulnerability #2)
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-08-19
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+Netscape is a popular web browser, available in several versions in
+the FreeBSD ports collection.
+
+II.  Problem Description
+
+There are two security problems in recent versions of netscape:
+
+1) Versions prior to 4.74
+
+A client-side exploit may be possible through a buffer overflow in
+JPEG-handling code. Although an exploit is not known, attackers may be
+able to execute arbitrary code on the local machine as the user
+running netscape, or at the very least cause the netscape binary to
+crash.
+
+2) Versions prior to 4.75
+
+The Java Virtual Machine implementation has security vulnerabilities
+allowing a remote user to read the contents of local files accessible
+to the user running netscape, and to allow these files to be
+transmitted to any user on the internet.
+
+The netscape ports are not installed by default, nor are they "part of
+FreeBSD" as such: they are part of the FreeBSD ports collection, which
+contains over 3700 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5 and 4.1 are
+vulnerable to these problems.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users can read files on the local system accessible to the user
+running netscape, if java is enabled, and may be able to execute
+arbitrary code on the local system as that user.
+
+If you have not chosen to install a netscape port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the netscape port/package, if you you have installed it.
+
+Vulnerability 2) can be worked around by disabling Java in the
+"Advanced" section of the Preferences control panel. Vulnerability 1)
+can be worked around by disabling the "Automatically load images"
+option in the same location, although this is not a very practical
+workaround.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the relevant
+netscape port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/
+
+Since there are so many variations of the netscape ports in the
+FreeBSD ports collection they are not listed separately
+here. Localized versions are also available in the respective language
+subdirectory.
+
+3) download a new port skeleton for the netscape port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOaqy41UuHi5z0oilAQGsgAP/TGyAq7u74FJ/rYkfmTd4qyiyjN2XF0nH
+9Pikcu4EAJo8R0yhIU0mmXdK3HXWKRTKzH43+gLH6yZGVTr5SQu4a4RYgS4T8sbD
+Iu3p45DwYfZVQCjsJoseF48kaXlScheoxoR3+Et5khzhBDuwRedUXAK4VMWAm3Fp
+/4vWrTKykTc=
+=A0Wy
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:40.mopd.asc b/share/security/advisories/FreeBSD-SA-00:40.mopd.asc
new file mode 100644
index 0000000000..de83429e7c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:40.mopd.asc
@@ -0,0 +1,98 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:40                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          mopd port allows remote root compromise
+
+Category:       ports
+Module:         mopd
+Announced:      2000-08-28
+Credits:        Matt Power <mhpower@MIT.EDU>, OpenBSD
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-08-09
+Vendor status:  Contacted
+FreeBSD only:   NO
+
+I.   Background
+
+mopd is used for netbooting older DEC machines such as VAXen and
+DECstations.
+
+II.  Problem Description
+
+The mopd port contains several remotely exploitable
+vulnerabilities. An attacker exploiting these can execute arbitrary
+code on the local machine as root.
+
+The mopd port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 3700 third-party applications in a ready-to-install format. The
+ports collections shipped with FreeBSD 3.5-RELEASE and 4.1-RELEASE
+contain this problem, since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users can execute arbitrary code on the local machine as root.
+
+If you have not chosen to install the mopd port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+One of the following:
+
+1) Deinstall the mopd port/package, if you have installed it.
+
+2) Restrict access to the mopd port using a perimeter firewall, or
+ipfw(8)/ipf(8) on the local machine. Note that users who pass these
+access restrictions may still exploit the vulnerability.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the mopd port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mopd-1.2b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mopd-1.2b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mopd-1.2b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mopd-1.2b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mopd-1.2b.tgz
+
+NOTE: Be sure to check the file creation date on the package, because
+the version number of the software has not changed.
+
+3) download a new port skeleton for the mopd port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOaqy6FUuHi5z0oilAQG14gQAn9RVxulK3pIyHi3aQ5j9p0OnlOoP9Wg2
+yKEPARafL+WXHS1oJ+5ZGdhUG2rZjU1QktS0xTy5PXSo0mcX91jLJ7ASwg6K5w2e
+rpZMBRHZVFy3HltzFxwygZGGbENIbZNzZ9Qd9Luq/OPPxZzb/9NsHnUovk5/lyIE
+yCAt/USxiDs=
+=tlfC
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:41.elf.asc b/share/security/advisories/FreeBSD-SA-00:41.elf.asc
new file mode 100644
index 0000000000..254951d6a0
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:41.elf.asc
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:41                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Malformed ELF images can cause a system hang
+
+Category:       core
+Module:         kernel
+Announced:      2000-08-28
+Credits:        Adam McDougall <bsdx@looksharp.net>
+Affects:        FreeBSD 3.x, 4.x and 5.x prior to the correction date
+Corrected:      2000-07-25 (FreeBSD 5.0-CURRENT)
+                2000-07-23 (FreeBSD 4.0-STABLE)
+FreeBSD only:   Yes
+
+I.   Background
+
+The ELF binary format is used for binary executable programs on modern
+versions of FreeBSD.
+
+II.  Problem Description
+
+The ELF image activator did not perform sufficient sanity checks on
+the ELF image header, and when confronted with an invalid or truncated
+header it suffered a sign overflow bug which caused the CPU to enter
+into a very long loop in the kernel.
+
+The result of this is that the system will appear to lock up for an
+extended period of time before control returns. This bug can be
+exploited by unprivileged local users.
+
+This vulnerability is not present in FreeBSD 4.1-RELEASE, although
+3.5-RELEASE and 3.5.1-RELEASE are vulnerable.
+
+III. Impact
+
+Local users can cause the system to lock up for an extended period of
+time (15 minutes or more, depending on CPU speed), during which time
+the system is completely unresponsive to local and remote users.
+
+IV.  Workaround
+
+None available.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.1-RELEASE, 4.1-STABLE
+or 5.0-CURRENT after the respective correction dates. FreeBSD
+3.5-STABLE has not yet been fixed due to logistical difficulties (and
+the patch below does not apply cleanly). Consider upgrading to
+4.1-RELEASE if this is a concern - this advisory will be reissued once
+the patch has been applied to the 3.x branch.
+
+2) Apply the patch below and recompile your kernel.
+
+Either save this advisory to a file, or download the patch and
+detached PGP signature from the following locations, and verify the
+signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:41/elf.patch.asc
+
+# cd /usr/src/sys/kern
+# patch -p < /path/to/patch_or_advisory
+
+[ Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system ]
+
+    --- imgact_elf.c	2000/04/30 18:51:39	1.75
+    +++ imgact_elf.c	2000/07/23 22:19:49	1.78
+    @@ -190,6 +190,21 @@
+     	object = vp->v_object;
+     	error = 0;
+     
+    +	/*
+    +	 * It's necessary to fail if the filsz + offset taken from the
+    +	 * header is greater than the actual file pager object's size.
+    +	 * If we were to allow this, then the vm_map_find() below would
+    +	 * walk right off the end of the file object and into the ether.
+    +	 *
+    +	 * While I'm here, might as well check for something else that
+    +	 * is invalid: filsz cannot be greater than memsz.
+    +	 */
+    +	if ((off_t)filsz + offset > object->un_pager.vnp.vnp_size ||
+    +	    filsz > memsz) {
+    +		uprintf("elf_load_section: truncated ELF file\n");
+    +		return (ENOEXEC);
+    +	}
+    +
+     	map_addr = trunc_page((vm_offset_t)vmaddr);
+     	file_addr = trunc_page(offset);
+     
+    @@ -341,6 +356,12 @@
+     	}
+     
+     	error = exec_map_first_page(imgp);
+    +	/*
+    +	 * Also make certain that the interpreter stays the same, so set
+    +	 * its VTEXT flag, too.
+    +	 */
+    +	if (error == 0)
+    +		nd.ni_vp->v_flag |= VTEXT;
+     	VOP_UNLOCK(nd.ni_vp, 0, p);
+     	if (error)
+                     goto fail;
+    @@ -449,6 +470,17 @@
+     	/*
+     	 * From this point on, we may have resources that need to be freed.
+     	 */
+    +
+    +	/*
+    +	 * Yeah, I'm paranoid.  There is every reason in the world to get
+    +	 * VTEXT now since from here on out, there are places we can have
+    +	 * a context switch.  Better safe than sorry; I really don't want
+    +	 * the file to change while it's being loaded.
+    +	 */
+    +	simple_lock(&imgp->vp->v_interlock);
+    +	imgp->vp->v_flag |= VTEXT;
+    +	simple_unlock(&imgp->vp->v_interlock);
+    +
+     	if ((error = exec_extract_strings(imgp)) != 0)
+     		goto fail;
+     
+    @@ -610,9 +642,6 @@
+     	imgp->auxargs = elf_auxargs;
+     	imgp->interpreted = 0;
+     
+    -	/* don't allow modifying the file while we run it */
+    -	imgp->vp->v_flag |= VTEXT;
+    -	
+     fail:
+     	return error;
+     }
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOaq1hlUuHi5z0oilAQGpvgQAoaeqjoU1QppgQ+yXF7KOL6EfTQ9mrdEe
+zKQ6vU//hc1ejKx9C4zmQybflQIpkHS2TMNAfXuvFG74hvETwa8cpVqolJU29CCf
+FKlGTCAGCSzosWrndBuvakKqjeVvvQR4JydVhkO04neVEfbUXkich/2PT+3h3dKW
+GuW3coG8nYE=
+=2w2A
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:42.linux.asc b/share/security/advisories/FreeBSD-SA-00:42.linux.asc
new file mode 100644
index 0000000000..d9784deef6
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:42.linux.asc
@@ -0,0 +1,194 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:42                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Linux binary compatability mode can cause system compromise
+
+Category:       core
+Module:         kernel
+Announced:      2000-08-28
+Credits:        Boris Nikolaus <boris@cs.tu-berlin.de>
+Affects:        FreeBSD 3.x, 4.x and 5.x prior to the correction date
+Corrected:      2000-07-23 (FreeBSD 5.0-CURRENT)
+                2000-07-29 (FreeBSD 4.1-STABLE)
+		2000-08-24 (FreeBSD 3.5-STABLE)
+FreeBSD only:   Yes
+
+I.   Background
+
+FreeBSD is binary-compatible with the Linux operating system through a
+loadable kernel module/optional kernel component.
+
+II.  Problem Description
+
+The linux binary-compatability module implements a "shadow" filesystem
+hierarchy rooted in /compat/linux, which is overlayed against the
+regular filesystem hierarchy so that Linux binaries "see" files in the
+shadow hierarchy which can mask the native files.
+
+Filenames in this shadow hierarchy are treated incorrectly by the
+linux kernel module under certain circumstances, and a kernel stack
+overflow leading to a system compromise by an unprivileged user may be
+possible when very long filenames are used. This is only possible when
+the linux kernel module is loaded, or the equivalent functionality is
+statically compiled into the kernel. It is not enabled by default.
+
+This vulnerability was fixed just after the release of FreeBSD
+4.1-RELEASE, and 3.5-RELEASE is also vulnerable.
+
+III. Impact
+
+Local users may be able to obtain root privileges on the system when
+linux compatability mode is enabled.
+
+IV.  Workaround
+
+To determine whether the linux compatability module has been loaded,
+execute the following command as root and look for a 'linux.ko' entry:
+
+# kldstat
+ Id Refs Address    Size     Name
+  1    7 0xc0100000 270be0   kernel
+  2    1 0xc0371000 5540     vesa.ko
+  3    1 0xc0377000 10094    randomdev.ko
+  4    1 0xc0e17000 4e000    nfs.ko
+  5    1 0xc0e83000 11000    linux.ko
+
+If present, unload the "linux" module by executing the following
+command as root:
+
+# kldunload linux
+
+For safety, remove the /modules/linux.ko file to prevent it being
+reloaded accidentally, and add or change the following line in
+/etc/rc.conf:
+
+linux_enable="NO"       # Linux binary compatibility loaded at startup (or NO).
+
+If the module is not loaded, to determine whether the functionality
+has been statically compiled into the kernel, check the kernel
+configuration file for the following line:
+
+options    COMPAT_LINUX
+
+If present, remove and recompile the kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 3.5-STABLE, 4.1-STABLE or
+5.0-CURRENT after the respective correction dates.
+
+2) Apply the patch below and recompile your kernel.
+
+Either save this advisory to a file, or download the patch and
+detached PGP signature from the following locations, and verify the
+signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:42/linux.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:42/linux.patch.asc
+
+# cd /usr/src/sys/i386/linux
+# patch -p < /path/to/patch_or_advisory
+
+[ Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system ]
+
+    Index: linux_misc.c
+    ===================================================================
+    RCS file: /home/ncvs/src/sys/i386/linux/linux_misc.c,v
+    retrieving revision 1.77.2.3
+    retrieving revision 1.77.2.4
+    diff -u -r1.77.2.3 -r1.77.2.4
+    --- linux_misc.c	2000/07/20 05:31:56	1.77.2.3
+    +++ linux_misc.c	2000/07/30 05:36:11	1.77.2.4
+    @@ -954,6 +954,8 @@
+     	tv[1].tv_usec = 0;
+     	/* so that utimes can copyin */
+     	tvp = (struct timeval *)stackgap_alloc(&sg, sizeof(tv));
+    +	if (tvp == NULL)
+    +		return (ENAMETOOLONG);
+     	if ((error = copyout(tv, tvp, sizeof(tv))))
+     	    return error;
+     	bsdutimes.tptr = tvp;
+    Index: linux_util.c
+    ===================================================================
+    RCS file: /home/ncvs/src/sys/i386/linux/linux_util.c,v
+    retrieving revision 1.9.2.1
+    retrieving revision 1.9.2.2
+    diff -u -r1.9.2.1 -r1.9.2.2
+    --- linux_util.c	2000/07/07 01:23:45	1.9.2.1
+    +++ linux_util.c	2000/07/30 05:36:11	1.9.2.2
+    @@ -162,7 +162,10 @@
+     	else {
+     		sz = &ptr[len] - buf;
+     		*pbuf = stackgap_alloc(sgp, sz + 1);
+    -		error = copyout(buf, *pbuf, sz);
+    +		if (*pbuf != NULL)
+    +			error = copyout(buf, *pbuf, sz);
+    +		else
+    +			error = ENAMETOOLONG;
+     		free(buf, M_TEMP);
+     	}
+     
+    Index: linux_util.h
+    ===================================================================
+    RCS file: /home/ncvs/src/sys/i386/linux/linux_util.h,v
+    retrieving revision 1.10
+    retrieving revision 1.10.2.1
+    diff -u -r1.10 -r1.10.2.1
+    --- linux_util.h	1999/12/04 11:10:22	1.10
+    +++ linux_util.h	2000/07/30 05:36:11	1.10.2.1
+    @@ -56,29 +56,27 @@
+     static __inline caddr_t stackgap_init(void);
+     static __inline void *stackgap_alloc(caddr_t *, size_t);
+     
+    +#define szsigcode (*(curproc->p_sysent->sv_szsigcode))
+    +
+     static __inline caddr_t
+     stackgap_init()
+     {
+    -#define szsigcode (*(curproc->p_sysent->sv_szsigcode))
+     	return (caddr_t)(PS_STRINGS - szsigcode - SPARE_USRSPACE);
+     }
+     
+    -
+     static __inline void *
+     stackgap_alloc(sgp, sz)
+     	caddr_t	*sgp;
+     	size_t   sz;
+     {
+    -	void	*p = (void *) *sgp;
+    -	*sgp += ALIGN(sz);
+    +	void *p = (void *) *sgp;
+    +
+    +	sz = ALIGN(sz);
+    +	if (*sgp + sz > (caddr_t)(PS_STRINGS - szsigcode))
+    +		return NULL;
+    +	*sgp += sz;
+     	return p;
+     }
+    -
+    -#ifdef DEBUG_LINUX
+    -#define DPRINTF(a)      printf a;
+    -#else
+    -#define DPRINTF(a)
+    -#endif
+     
+     extern const char linux_emul_path[];
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOaq1wFUuHi5z0oilAQFcVQQAlYhhDM6T/qEDqVTvG9yr9mv++LVGqqRE
+SI4MEbmwbV5NvmFqTM2OzGpKsUaAy9gEfA5mjVKR+PRFoY7g68heFGAKWSRHmgs5
+ramrzVxBHOeviaHeAXpH7LgJOdFo8EwhqehLtv+M0I5n9JJjPvAEWXG9cdiYXTto
+pKJAPVXr9NU=
+=r8gN
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:43.brouted.asc b/share/security/advisories/FreeBSD-SA-00:43.brouted.asc
new file mode 100644
index 0000000000..b87977a405
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:43.brouted.asc
@@ -0,0 +1,98 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:43                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          brouted port allows gid kmem compromise
+
+Category:       ports
+Module:         brouted
+Announced:      2000-08-28
+Credits:        Discovered during internal auditing
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-08-22
+Vendor status:  Contacted
+FreeBSD only:   NO
+
+I.   Background
+
+brouted is a dynamic routing daemon.
+
+II.  Problem Description
+
+The brouted port is incorrectly installed setgid kmem, and contains
+several exploitable buffer overflows in command-line arguments. An
+attacker exploiting these to gain kmem privilege can easily upgrade to
+full root access by manipulating kernel memory.
+
+The brouted port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3700 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5-RELEASE and
+4.1-RELEASE contain this problem, since it was discovered after the
+releases during internal auditing.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users can obtain group kmem privileges, and upgrade
+further to full root privileges.
+
+If you have not chosen to install the brouted port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Execute the following command as root to remove the setgid bit on the
+/usr/local/sbin/brouted file:
+
+# chmod g-s /usr/local/bin/brouted
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the brouted port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/brouted-1.2b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/brouted-1.2b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/brouted-1.2b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/brouted-1.2b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/brouted-1.2b.tgz
+
+NOTE: It may be several days before updated packages are available. Be
+sure to check the file creation date on the package, because the
+version number of the software has not changed.
+
+3) download a new port skeleton for the brouted port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOaqy+lUuHi5z0oilAQHDzwQApGoedKCQAZcpjqafuNA9jPQ0fQ2PaScu
+OZlBlflrUVNAMcEkL3y9lmahdVTcdOBpKAALDzIxYnKYlSxGg1RTtxHoWhJiCD97
+c2mc9Ni65YCHab5O90WBHK+VjTiFzfq+dpG+rXLB1W2Pfq68Xf8O2rb2eSjdVW3d
+/wazSPNLcSg=
+=V2xB
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:44.xlock.asc b/share/security/advisories/FreeBSD-SA-00:44.xlock.asc
new file mode 100644
index 0000000000..9da8473ccf
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:44.xlock.asc
@@ -0,0 +1,103 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:44                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          xlockmore port allows reading of password file
+
+Category:       ports
+Module:         xlockmore
+Announced:      2000-08-28
+Credits:        bind <bind@SUBTERRAIN.NET>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-08-15
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+xlockmore is a utility for locking console access to an X terminal.
+
+II.  Problem Description
+
+The xlockmore port, versions 4.17 and below, installs the setuid root
+binary xlock, which contains a vulnerability due to incorrect use of
+the syslog() function. The xlock program correctly drops root
+privileges prior to the point of vulnerability, however it may retain
+in memory part of the hashed password database for the user accounts
+on the system.
+
+Attackers who can retrieve hashed password information from the memory
+space of the process can mount attacks against the user account
+passwords and possibly gain access to accounts on the system if
+successful.
+
+The xlockmore port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3700 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5-RELEASE and
+4.1-RELEASE contain this problem, since it was discovered after the
+releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users may be able to gain unauthorised access to
+parts of the /etc/spwd.db file, allowing them to mount guessing
+attacks against user passwords.
+
+If you have not chosen to install the xlockmore port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+One of the following:
+
+Deinstall the xlockmore port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the xlockmore port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/xlockmore-4.17.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/xlockmore-4.17.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11/xlockmore-4.17.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/xlockmore-4.17.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11/xlockmore-4.17.1.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the xlockmore port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOaqzxFUuHi5z0oilAQEJJgP/cpBPXxsnmcGysBYnZkq0+mhMYxxDyX/D
+czvyS90uO3k9slC+QYsmgLeTRrDpULcHNsePwxYKbt+zEydcENLhpiiGRuGkKrvD
+b5UH9Sjle3rF3nTecxKRPTPD0009Tk356YeYOPVofqfZzCQpR8MqUHGz9cmhBuXH
+t/y3LtBhLDo=
+=sJTv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:45.esound.asc b/share/security/advisories/FreeBSD-SA-00:45.esound.asc
new file mode 100644
index 0000000000..8c2681c0e3
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:45.esound.asc
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:45                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          esound port allows file permissions to be modified
+
+Category:       ports
+Module:         esound
+Announced:      2000-08-31
+Credits:        Brian Feldman <green@FreeBSD.org> during internal auditing
+Affects:        Ports collection prior to the correction date
+Corrected:      2000-06-30
+Vendor status:  Contacted
+FreeBSD only:   NO
+
+I.   Background
+
+EsounD is a component of the GNOME desktop environment which is
+responsible for multiplexing access to audio devices.
+
+II.  Problem Description
+
+The esound port, versions 0.2.19 and earlier, creates a world-writable
+directory in /tmp owned by the user running the EsounD session, which
+is used for the storage of a unix domain socket. A race condition
+exists in the creation of this socket which allows a local attacker to
+cause an arbitrary file or directory owned by the user running esound
+to become world-writable. This can give the attacker access to the
+victim's account, or lead to a system compromise if esound is run by
+root.
+
+The esound port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3700 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 4.0 and 3.5 contain
+this problem, but it was corrected prior to the release of FreeBSD
+4.1.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local users can cause files or directories owned by the target user to
+become world-writable when that user runs the esd daemon (e.g. by
+starting a GNOME session), allowing a security breach of that user
+account (or the entire system if esd is run by root)
+
+If you have not chosen to install the esound port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the esound port/package, if you have installed it (see the
+pkg_delete(1) manual page for more information).
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the esound port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/audio/esound-0.2.19.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/esound-0.2.19.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/esound-0.2.19.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/esound-0.2.19.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/esound-0.2.19.tgz
+
+3) download a new port skeleton for the esound port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOa6cE1UuHi5z0oilAQGGPwP/ePOVTscGQ6G4deQqeYVehEk8KTPr0nhm
+nWgQln3jZW46maoMgBHq/Zdj5DM+H9xmC9qaVjdJ2mYcNQIL3ldntO8IIeQfZ/zA
+kqy+CthlLiF7FSnwC4XwpzBU4OWxuNPT02naD2kK1p6ERcn1QKbqfvzel40Sc2wQ
++XnHbXpx4qE=
+=RtJ1
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:46.screen.asc b/share/security/advisories/FreeBSD-SA-00:46.screen.asc
new file mode 100644
index 0000000000..0d8d03216f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:46.screen.asc
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:46                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          screen port contains local root compromise
+
+Category:       ports
+Module:         screen
+Announced:      2000-09-13
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-09-01
+Credits:        Jouko Pynnönen <jouko@SOLUTIONS.FI>
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+screen is a popular application that multiplexes a physical terminal
+between several processes.
+
+II.  Problem Description
+
+The screen port, versions 3.9.5 and before, contains a vulnerability
+which allows local users to gain root privileges.  This is
+accomplished by inserting string-formatting operators into
+configuration parameters, which may allow arbitrary code to be
+executed.
+
+The screen port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3800 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5.1 and 4.1
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local users can obtain root privileges.
+
+If you have not chosen to install the screen port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Remove the setuid bit on the program: execute the following command as
+root:
+
+chmod 555 /usr/local/bin/screen-3.9.5
+
+Note that this should be considered a temporary measure and may affect
+the behaviour of the screen program.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the screen port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/misc/screen-3.9.8.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/misc/screen-3.9.8.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/misc/screen-3.9.8.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/misc/screen-3.9.8.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/misc/screen-3.9.8.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the screen port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOb/kA1UuHi5z0oilAQEXLwQAkMV9qAgfMfciDsW/Oseik/kGc//iuPwA
+nlQltRMXbVjdEhbe9QgyhVxd7gr3MZcRCfRTdqZodbXZpwA2WwB4BV6syjtuZE7+
+ShHCk3cyhgFBAlO7rBdDCu6+GCtfsmjJV3d4McHhsy40UzLxmVDuoEkVYp+TkS1U
+6shlUZTkIvI=
+=GTCE
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:47.pine.asc b/share/security/advisories/FreeBSD-SA-00:47.pine.asc
new file mode 100644
index 0000000000..95b59f3ed9
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:47.pine.asc
@@ -0,0 +1,107 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:47                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          pine4 port allows denial of service
+
+Category:       ports
+Module:         pine4
+Announced:      2000-09-13
+Affects:        Ports collection.
+Corrected:      2000-07-17
+Credits:	Juhapekka Tolvanen <juhtolv@ST.JYU.FI>
+Vendor status:  Contacted
+FreeBSD only:   NO
+
+I.   Background
+
+Pine is a popular mail user agent.
+
+II.  Problem Description
+
+The pine4 port, versions 4.21 and before, contained a bug which would
+cause the program to crash when processing a folder which contains an
+email message with a malformed X-Keywords header. The message itself
+could be deleted within pine if identified, but other operations such
+as closing the folder with the message still present would cause the
+program to crash with no apparent cause, discarding changes to the
+mailbox.
+
+The FreeBSD port of pine4 was changed on 2000-07-17 to use an updated
+version of the c-client library which is used to handle the mailbox
+processing. This library does not contain the bug and versions of
+pine4 built with it (i.e. ports or packages dated after the correction
+date) do not suffer from this vulnerability.
+
+The pine4 port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3800 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 4.1 and 3.5.1
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users can cause pine4 to crash when closing a mail folder by
+sending a malformed email.
+ 
+If you have not chosen to install the pine4 port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the pine4 port/package, if you have installed it.
+
+It may be possible to use a mail filtering utility such as procmail
+(available in FreeBSD ports as /usr/ports/mail/procmail) to filter out
+the malformed X-Keywords header from incoming mail, but this solution
+is not discussed here.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the pine4 port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/pine-4.21.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/pine-4.21.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/pine-4.21.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/pine-4.21.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/pine-4.21.tgz
+
+NOTE: Be sure to check the file creation date on the package, because
+the version number of the software has not changed.
+
+3) download a new port skeleton for the listmanager port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOb/kgFUuHi5z0oilAQEwgAQAnYgLOfvgfM88DLjUXgoZBkVRoroeU8rz
+2DXUw4LEQ6ARzruWPepALW2Yls+g5SraDCLHmuTo6tb3vR6kwQ97gQmzNCNDxK9T
+/5m4EFYo2ErTOB4nO/MqepJ+/0t4oBPByhaRjQBSqQncaN4FIkWgboqfpbYdL6HC
+cnQSlc+0FPs=
+=R2n+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:48.xchat.asc b/share/security/advisories/FreeBSD-SA-00:48.xchat.asc
new file mode 100644
index 0000000000..7ff6369194
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:48.xchat.asc
@@ -0,0 +1,94 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:48                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          xchat port inappropriately handles URLs
+
+Category:       ports
+Module:         xchat, xchat-devel
+Announced:      2000-09-13
+Affects:        Ports collection.
+Corrected:      2000-08-27
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+Xchat is a popular graphical IRC client.
+
+II.  Problem Description
+
+The xchat IRC client provides the ability to launch URLs displayed in
+an IRC window in a web browser by right clicking on the URL. However
+this was handled incorrectly in versions prior to 1.4.3, and prior to
+1.5.7 in the 1.5 development series, and allowed a malicious IRC user
+to embed command strings in a URL which could cause an arbitrary
+command to be executed as the local user if the URL were to be
+"launched" in a browser as described above.
+
+The xchat port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3800 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 4.0 and 3.5.1
+contain this problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote IRC users can cause an arbitrary command to be executed by the
+local user, if they attempt to launch a malformed URL by right
+clicking on it.
+
+If you have not chosen to install the xchat or xchat-devel
+ports/packages, then your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Do not attempt to launch URLs which contain the ` (backtick) character.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the xchat or
+xchat-devel port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/xchat-1.4.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/xchat-1.4.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/xchat-1.4.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/xchat-1.4.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/xchat-1.4.3.tgz
+
+3) download a new port skeleton for the xchat port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOb/kBlUuHi5z0oilAQEoEgP+Lso/K6rgAVDeWfsfean7fmKVX1ViID0j
+LUGlnLGohzSRC14W+21NIfChc0yl9gMmJRgkNHRLPkuyQBmdp8iHBsQlejjeq2PH
+ZqSF6++V3YBqm4H7EgfaNKTk3wn0l/8w+dw3l9iMxmcS8P1oxo4lq04Ufao/N8TS
+iCWpAmNQI44=
+=0uMP
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:49.eject.asc b/share/security/advisories/FreeBSD-SA-00:49.eject.asc
new file mode 100644
index 0000000000..d3f59587a5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:49.eject.asc
@@ -0,0 +1,94 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:49                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          eject port allows local root exploit
+
+Category:       ports
+Module:         eject
+Announced:      2000-09-13
+Affects:        Ports collection.
+Corrected:      2000-08-21
+Credits:	Discovered during internal auditing
+Vendor status:  Contacted
+FreeBSD only:   NO
+
+I.   Background
+
+Eject is a utility for ejecting the media from a CD or optical disk
+drive.
+
+II.  Problem Description
+
+The eject program is installed setuid root, and contains several
+exploitable buffers which can be overflowed by local users, yielding
+root privileges.
+
+The eject port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3800 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 4.1 and 3.5.1
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged users can obtain root privileges on the local system.
+
+If you have not chosen to install the eject port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the eject port/package, if you have installed it, or limit
+the file permissions on the /usr/local/sbin/eject file (e.g. remove
+setuid permission, or limit it to a trusted group)
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the eject port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/eject-1.4.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/eject-1.4.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/eject-1.4.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/eject-1.4.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/eject-1.4.tgz
+
+NOTE: Be sure to check the file creation date on the package, because
+the version number of the software has not changed.
+
+3) download a new port skeleton for the eject port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOb/kCVUuHi5z0oilAQHfygP/d5QizD/ClKWD6MiKke2lspaI4sLTAKAh
+QpnrJv2nF7tgK5DV+7X8J9f4dtSLippccwCscsvF8GT8d6RleP3dN0KfDRou/W/d
+BVUgj2SfRNvsacbc8SyiaekT8ylne70WcYT93RrJ7vWbxTRXGEnOkbJD1rgDSksP
+RLywyeVfI+U=
+=G4Dr
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:50.listmanager.asc b/share/security/advisories/FreeBSD-SA-00:50.listmanager.asc
new file mode 100644
index 0000000000..ef843dde56
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:50.listmanager.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:50                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          listmanager port allows local root compromise
+
+Category:       ports
+Module:         listmanager
+Announced:      2000-09-13
+Affects:        Ports collection.
+Corrected:      2000-09-08
+Credits:	Discovered during internal auditing
+Vendor status:  Updated version released.
+FreeBSD only:   NO
+
+I.   Background
+
+Listmanager is a mailing list manager.
+
+II.  Problem Description
+
+The listmanager port, versions prior to 2.105.1, contained several
+locally exploitable buffer overflow vulnerabilities which could be
+used to gain root privileges.
+
+Since the source code to listmanager is not available, it is difficult
+to determine whether there are remaining security vulnerabilities, or
+whether the software was previously exploitable remotely, but we
+believe the author has made a good faith effort to improve the
+security of the code.
+
+The listmanager port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3800 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 4.1 and 3.5.1
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged users can obtain root privileges on the local system.
+
+If you have not chosen to install the listmanager port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the listmanager port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the listmanager port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/listmanager-2.105.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/listmanager-2.105.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/listmanager-2.105.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/listmanager-2.105.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/listmanager-2.105.1.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the listmanager port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOb/kC1UuHi5z0oilAQGUUwQArIH9EegIaatzGdjc9t1g8y7hKEajUTzC
+Y5qeFxkOKosCMEEVfiZns6mo+nMuQsTwfxgthCnsCqX9PDXXAWrBjDOixmhp5nB3
+3ro8UvTiivXIplzncCEbBWZocXCLZWLPV2uoemsr3Py9OZHmCeXKuqsX0OonIHDy
+r+cAObdg7XA=
+=YlxZ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:51.mailman.asc b/share/security/advisories/FreeBSD-SA-00:51.mailman.asc
new file mode 100644
index 0000000000..5fd54b41b6
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:51.mailman.asc
@@ -0,0 +1,90 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:51                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          mailman port allows local root compromise
+
+Category:       ports
+Module:         mailman
+Announced:      2000-09-13
+Affects:        Ports collection.
+Corrected:      2000-08-05
+Credits:	
+Vendor status:  Updated version released.
+FreeBSD only:   NO
+
+I.   Background
+
+Mailman is a mailing list manager.
+
+II.  Problem Description
+
+The mailman port, versions prior to 2.0b5, contained several
+locally exploitable vulnerabilities which could be used to gain root
+privileges.
+
+The mailman port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 3800 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 4.1 and 3.5.1
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged users can obtain root privileges on the local system.
+
+If you have not chosen to install the mailman port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the mailman port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the mailman port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/mailman-2.0b5.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mailman-2.0b5.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/mailman-2.0b5.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mailman-2.0b5.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/mailman-2.0b5.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the listmanager port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOb/kDlUuHi5z0oilAQGvbAQAihAdHJMSq1ZyN71EzJ0FpBmzdgDYEIJ2
+keMI1mMfgTgH3gxGnQ9POji6vdw+FxuB2QQuNJvvc8xAsbTLxq18kfeLjlRglc9+
+rc23bwT83N5PVdQwJEMyvWugghxvT/3MYhnO3djNnpdep8jPmkAinjJWvVFcb50y
+kRwD3IJtjUc=
+=U45z
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:52.tcp-iss.asc b/share/security/advisories/FreeBSD-SA-00:52.tcp-iss.asc
new file mode 100644
index 0000000000..7cf5925758
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:52.tcp-iss.asc
@@ -0,0 +1,258 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:52                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          TCP uses weak initial sequence numbers
+
+Category:       core
+Module:         kernel
+Announced:      2000-10-06
+Credits:        Hacker Emergency Response Team <hert@hert.org>
+Affects:        FreeBSD 3.x, 4.x and 5.x prior to the correction date
+Corrected:      2000-09-28 (5.0-CURRENT, 4.1.1-STABLE, 3.5.1-STABLE) 
+FreeBSD only:   NO
+
+I.   Background
+
+TCP network connections use an initial sequence number as part of the
+connection handshaking. According to the TCP protocol, an
+acknowledgement packet from a remote host with the correct sequence
+number is trusted to come from the remote system with which an
+incoming connection is being established, and the connection is
+established.
+
+II.  Problem Description
+
+It has long been known that an attacker who can guess the initial
+sequence number which a system will use for the next incoming TCP
+connection can spoof a TCP connection handshake coming from a machine
+to which he does not have access, and then send arbitrary data into
+the resulting TCP connection which will be accepted by the server as
+coming from the spoofed machine.
+
+Systems derived from 4.4BSD-Lite2 including FreeBSD include code which
+attempts to introduce an element of unpredictability into the initial
+sequence numbers to prevent sequence number guessing by a remote
+attacker. However the pseudo-random number generator used is a simple
+linear congruent generator, and based on observations of a few initial
+sequence values from legitimate connections with a server, an attacker
+can guess with high probability the value which will be used for the
+next connection.
+
+In order for this to be successfully exploited, the attacker must also
+satisfy the following conditions:
+
+a) be able to initiate several consecutive TCP connections to an open
+port on the server in a short space of time (immediately followed by
+the attack itself). Quiescent servers (those which are not receiving
+connections from other systems at the time of attack) are therefore
+most vulnerable to the attack.
+
+b) be able to prevent the spoofed client machine from responding to
+the packets sent to it from the server, by making use of an address
+which is offline or by executing a denial of service attack against
+it to prevent it from responding.
+
+c) make use of an application-level protocol on the server which
+authenticates or grants trust solely based on the IP address of the
+client, not any higher-level authentication mechanisms such as a
+password or cryptographic key.
+
+d) be able to guess or infer the return TCP data from the server to
+the spoofed client (if any), to which he will not have access,
+
+All versions of FreeBSD prior to the correction date including 4.1.1
+and 3.5.1 are vulnerable to this problem.
+
+The FreeBSD Security Officer would like to thank the Hacker Emergency
+Response Team for working with us to bring this matter to our
+attention, and to coordinate the release of this advisory.
+
+III. Impact
+
+Systems running insecure protocols which blindly trust a TCP
+connection which appears to come from a given IP address without
+requiring other authentication of the originator are vulnerable to
+spoofing by a remote attacker, potentially yielding privileges or
+access on the local system.
+
+Examples of such protcols and services are: the rlogin/rsh/rexec
+family when used to grant passwordless access (e.g. via .rhosts or
+hosts.equiv files); web server address-based access controls on
+scripts which do not require user authentication and which control
+privileged resources; tcp-wrappers host access controls around
+services which do not authenticate the connection further; lpr
+address-based access controls, and others.
+
+Note that the rlogin family of protocols when configured to use
+Kerberos or UNIX passwords are not vulnerable to this attack since
+they authenticate connections (using Kerberos tickets in the former
+case, and account passwords in the latter). Source address based
+authentication in the rlogin family of protocols is not used by
+default, and must be specifically enabled through use of a per-user
+.rhosts file, or a global /etc/hosts.equiv file.
+
+Attackers can also forge TCP connections to arbitrary TCP protocols
+(including protocols not vulnerable to the spoofing attack described
+above) and simulate the effects of failed remote access attempts from
+a target machine (e.g. repeated attempts to guess a password),
+potentially misleading the administrators of the server into thinking
+they are under attack from the spoofed client.
+
+IV.  Workaround
+
+Note that in order to exploit the vulnerability an attacker must make
+several real connection attempts in close succession to a port on the
+target machine (e.g. a web server). Since in order for the attack to
+be successful the machine must be quiescent (i.e. not accepting any
+other connections), this rapid connection activity followed by a
+connection to an insecure service may provide a signature which can be
+used to detect and trace the attacker.
+
+Possible workarounds for the vulnerability include one or both of the
+following:
+
+1) Disable all insecure protocols and services including rlogin, rsh
+and rexec (if configured to use address-based authentication), or
+reconfigure them to not authenticate connections based solely on
+originating address. In general, the rlogin family should not be used
+anyway - the ssh family of commands (ssh, scp, slogin) provide a
+secure alternative which is included in FreeBSD 4.0 and above.
+
+To disable the rlogin family of protocols, make sure the
+/etc/inetd.conf file does not contain any of the following entries
+uncommented (i.e. if present in the inetd.conf file they should be
+commented out as shown below:)
+
+#shell   stream  tcp     nowait  root    /usr/libexec/rshd       rshd
+#login   stream  tcp     nowait  root    /usr/libexec/rlogind    rlogind
+#exec    stream  tcp     nowait  root    /usr/libexec/rexecd     rexecd
+
+Be sure to restart inetd by sending it a HUP signal after making any
+changes:
+
+# kill -HUP `cat /var/run/inetd.pid`
+
+Audit the use of other services including those noted in section III
+above and either disable the service, or if possible require it to use
+a stronger form of authentication. See workaround 3) below.
+
+2) Impose IP-level packet filters on network perimeters or on local
+affected machines to prevent access from any outside party to a
+vulnerable internal service using a "privileged" source address. For
+example, if machines on the internal 10.0.0.0/24 network are allowed
+to obtain passwordless rlogin access to a server, then external users
+should be prevented from sending packets with 10.0.0.0/24 source
+addresses from the outside network into the internal network. This is
+standard good security policy. Note however that if an external
+address must be granted access to local resources then this type of
+filtering cannot be applied. It also does not defend against spoofing
+attacks from within the network perimeter. Consider disabling this
+service until the affected machines can be patched.
+
+3) Enable the use of IPSEC to authenticate (and/or encrypt) vulnerable
+TCP connections at the IP layer. A system which requires authenticaion
+of all incoming connections to a port using IPSEC cannot be spoofed
+using the attack described in this advisory, nor can TCP sessions be
+hijacked by an attacker with access to the packet stream. FreeBSD 4.0
+and later include IPSEC functionality in the kernel, and 4.1 and later
+include an IKE daemon, racoon, in the ports collection. Configuration
+of IPSEC is beyond the scope of this document, however see the
+following web resources:
+
+http://www.freebsd.org/handbook/ipsec.html
+http://www.netbsd.org/Documentation/network/ipsec/
+http://www.kame.net/
+
+V.   Solution
+
+Note that address-based authentication is generally weak, and should
+be avoided even in environments running with the sequence numbering
+improvements. Instead, cryptographically-protected protocols and
+services should be used wherever possible.
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or
+3.5.1-STABLE after the respective correction dates.
+
+2a) FreeBSD 3.x systems
+
+Download the patch and detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss-3.x.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss-3.x.patch.asc
+
+# cd /usr/src/sys/
+# patch -p < /path/to/patch
+
+[ Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system ]
+
+2b) FreeBSD 4.x systems
+
+Apply the patch below and recompile your kernel.
+
+Either save this advisory to a file, or download the patch and
+detached PGP signature from the following locations, and verify the
+signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:52/tcp-iss.patch.asc
+
+# cd /usr/src/sys/netinet
+# patch -p < /path/to/patch_or_advisory
+
+[ Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system ]
+
+Patch for vulnerable 4.x systems:
+
+    Index: tcp_seq.h
+    ===================================================================
+    RCS file: /usr2/ncvs/src/sys/netinet/tcp_seq.h,v
+    retrieving revision 1.11
+    retrieving revision 1.12
+    diff -u -r1.11 -r1.12
+    --- tcp_seq.h	1999/12/29 04:41:02	1.11
+    +++ tcp_seq.h	2000/09/29 01:37:19	1.12
+    @@ -91,7 +91,7 @@
+      * number in the range [0-0x3ffff] that is hard to predict.
+      */
+     #ifndef tcp_random18
+    -#define	tcp_random18()	((random() >> 14) & 0x3ffff)
+    +#define	tcp_random18()	(arc4random() & 0x3ffff)
+     #endif
+     #define	TCP_ISSINCR	(122*1024 + tcp_random18())
+     
+    Index: tcp_subr.c
+    ===================================================================
+    RCS file: /usr2/ncvs/src/sys/netinet/tcp_subr.c,v
+    retrieving revision 1.80
+    retrieving revision 1.81
+    diff -u -r1.80 -r1.81
+    --- tcp_subr.c	2000/09/25 23:40:22	1.80
+    +++ tcp_subr.c	2000/09/29 01:37:19	1.81
+    @@ -178,7 +178,7 @@
+     {
+     	int hashsize;
+     	
+    -	tcp_iss = random();	/* wrong, but better than a constant */
+    +	tcp_iss = arc4random();	/* wrong, but better than a constant */
+     	tcp_ccgen = 1;
+     	tcp_cleartaocache();
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOd5Gv1UuHi5z0oilAQEzJwQAkJbKJBJcaIYFbMuRnINbNQQS/mLUuRoh
+fIzPEC17B2fwx+NjuHppBXroOsmsw0enM4tk7afP2yc3z2Ecyapr+oQH9KzBQ+nQ
+56IGoi5/MLgEY2KQn3kQBV++pH9zo/F/Gz3XV/x2gDUgLy0F9p2eYjDGkrA1U1H2
+NTx5kXB6ZE4=
+=zdbr
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:53.catopen.asc b/share/security/advisories/FreeBSD-SA-00:53.catopen.asc
new file mode 100644
index 0000000000..7c556b95a4
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:53.catopen.asc
@@ -0,0 +1,297 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:53                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          catopen() may pose security risk for third party code
+
+Category:       core
+Module:         libc
+Announced:      2000-09-27
+Affects:        FreeBSD 5.0-CURRENT, 4.x and 3.x prior to the correction date.
+Corrected:      Problem 1: 2000-08-06 (FreeBSD 5.0-CURRENT)
+                           2000-08-22 (FreeBSD 4.1-STABLE)
+                           2000-09-07 (FreeBSD 3.5-STABLE)
+                Problem 2: 2000-09-08 (FreeBSD 5.0-CURRENT, 4.1-STABLE and
+                                       3.5-STABLE)
+Credits:	Problem 1: Discovered during internal auditing
+		Problem 2: Ivan Arce <iarce@core-sdi.com>
+FreeBSD only:   NO
+
+I.   Background
+
+catopen() and setlocale() are functions which are used to display text
+in a localized format, e.g. for international users.
+
+II.  Problem Description
+
+There are two problems addressed in this advisory:
+
+1) The catopen() function did not correctly bounds-check an internal
+buffer which could be indirectly overflowed by the setting of an
+environment variable. A privileged application which uses catopen()
+could be made to execute arbitrary code by an unprivileged local user.
+
+2) The catopen() and setlocale() functions could be made to use an
+arbitrary file as the source for localized data and message catalogs,
+instead of one of the system files. An attacker could create a file
+which is a valid locale file or message catalog but which contains
+special formatting characters which may allow certain badly written
+privileged applications to be exploited and execute arbitrary code as
+the privileged user.
+
+This second vulnerability is slightly different from the problem
+originally discovered by Ivan Arce of Core-SDI which affects multiple
+UNIX operating systems, which involved a different environment
+variable and which FreeBSD is not susceptible to. However
+Vulnerability 2 was discovered in FreeBSD after the publication the
+Core-SDI advisory, and has the same effect on vulnerable applications.
+
+NOTE that the FreeBSD base system is not believed to be vulnerable to
+either of these problems, nor are any vulnerable third party programs
+(including FreeBSD ports) currently known. Therefore the impact on the
+majority of FreeBSD systems is expected to be nonexistent.
+
+III. Impact
+
+Certain setuid/setgid third-party software (including FreeBSD
+ports/packages) may be vulnerable to a local exploit yielding
+privileged access. No such software is however currently known.
+
+It is believed that no program in the FreeBSD base system is
+vulnerable to these bugs.
+
+The problems were corrected prior to the release of FreeBSD 4.1.1.
+
+IV.  Workaround
+
+Vulnerability 1 described above is the more serious of the two, since
+it does not require the application to contain a coding flaw in order
+to exploit it. A scanning utility is provided to detect privileged
+binaries which use the catopen() function (both statically and
+dynamically linked binaries), which should be either rebuilt, or have
+their privileges limited to minimize potential risk.
+
+It is not feasible to detect binaries which are vulnerable to the
+second vulnerability, however the provided utility will also report
+statically linked binaries which use the setlocale() functions and
+which *may* potentially be vulnerable. Most of the binaries reported
+will not in fact be vulnerable, but should be recompiled anyway for
+maximum assurance of security. Note that some FreeBSD system binaries
+may be reported as possibly vulnerable by this script, however this
+is not the case.
+
+Statically linked binaries which are identified as vulnerable or
+potentially vulnerable should be recompiled from source code after
+patching and recompiling libc, if possible, in order to correct the
+vulnerability. Dynamically linked binaries will be corrected by simply
+patching and recompiling libc as described below.
+
+As an interim measure, consider removing any identified setuid or
+setgid binary, removing set[ug]id privileges from the file, or
+limiting the file access permissions, as appropriate.
+
+Of course, it is possible that some of the identified files may be
+required for the correct operation of your local system, in which case
+there is no clear workaround except for limiting the set of users who
+may run the binaries, by an appropriate use of user groups and
+removing the "o+x" file permission bit.
+
+1) Download the 'scan_locale.sh' and 'test_locale.sh' scripts from
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/scan_locale.sh
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/test_locale.sh
+
+e.g. with the fetch(1) command:
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/scan_locale.sh
+Receiving scan_locale.sh (337 bytes): 100%
+337 bytes transferred in 0.0 seconds (1.05 MBps)
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:53/test_locale.sh
+Receiving test_locale.sh (889 bytes): 100%
+889 bytes transferred in 0.0 seconds (1.34 MBps)
+
+2) Verify the md5 checksums and compare to the value below:
+
+# /sbin/md5 scan_locale.sh
+MD5 (scan_locale.sh) = efea80f74b05e7ddbc0261ef5211e453
+# /sbin/md5 test_locale.sh
+MD5 (test_locale.sh) = 2a485bf8171cc984dbc58b4d545668b4
+
+3) Run the scan_locale.sh script against your system:
+
+# sh scan_locale.sh ./test_locale.sh /
+
+This will scan your entire system for setuid or setgid binaries which
+make use of the exploitable function catopen(), or the potentially
+exploitable function setlocale(). Each returned binary should be
+examined (e.g. with 'ls -l' and/or other tools) to determine what
+security risk it poses to your local environment, e.g. whether it can
+be run by arbitrary local users who may be able to exploit it to gain
+privileges.
+
+Note that this script reports setlocale() usage (i.e. vulnerability 2)
+only in statically linked binaries, not dynamically linked binaries,
+because of the high rate of false positives. It is likely that the
+majority of such setlocale() binaries identified are not insecure and
+their identification by this script should not be taken as evidence
+that they are vulnerable, but they should be recompiled anyway for
+maximum assurance of security.
+
+4) Remove the binaries, or reduce their file permissions, as appropriate.
+
+V.   Solution
+
+Upgrade your vulnerable FreeBSD system to 4.1-STABLE or 3.5-STABLE
+after the correction date, or patch your present system source code
+and rebuild. Then run the scan_locale.sh script as instructed in
+section IV and identify any statically-linked binaries as reported by
+the script. These should either be removed, recompiled, or have
+privileges restricted to secure them against this vulnerability (since
+statically-linked binaries will not be affected by simply recompiling
+the shared libc library).
+
+To patch your present system: save the patch below into a file, and
+execute the following commands as root:
+
+cd /usr/src/lib/libc
+patch < /path/to/patch/file
+make all
+make install
+
+Patches for FreeBSD systems before the correction date:
+
+    Index: msgcat.c
+    ===================================================================
+    RCS file: /usr2/ncvs//src/lib/libc/nls/msgcat.c,v
+    retrieving revision 1.21
+    retrieving revision 1.27
+    diff -u -r1.21 -r1.27
+    --- nls/msgcat.c	2000/01/27 23:06:33	1.21
+    +++ nls/msgcat.c	2000/09/01 11:56:31	1.27
+    @@ -91,8 +91,9 @@
+         __const char *catpath = NULL;
+         char        *nlspath;
+         char	*lang;
+    -    long	len;
+         char	*base, *cptr, *pathP;
+    +    int		spcleft;
+    +    long	len;
+         struct stat	sbuf;
+     
+         if (!name || !*name) {
+    @@ -106,10 +107,10 @@
+         } else {
+     	if (type == NL_CAT_LOCALE)
+     		lang = setlocale(LC_MESSAGES, NULL);
+    -	else {
+    -		if ((lang = (char *) getenv("LANG")) == NULL)
+    -			lang = "C";
+    -	}
+    +	else
+    +		lang = getenv("LANG");
+    +	if (lang == NULL || strchr(lang, '/') != NULL)
+    +		lang = "C";
+     	if ((nlspath = (char *) getenv("NLSPATH")) == NULL
+     #ifndef __NETBSD_SYSCALLS
+     	    || issetugid()
+    @@ -129,13 +130,22 @@
+     		*cptr = '\0';
+     		for (pathP = path; *nlspath; ++nlspath) {
+     		    if (*nlspath == '%') {
+    +		        spcleft = sizeof(path) - (pathP - path);
+     			if (*(nlspath + 1) == 'L') {
+     			    ++nlspath;
+    -			    strcpy(pathP, lang);
+    +			    if (strlcpy(pathP, lang, spcleft) >= spcleft) {
+    +				free(base);
+    +				errno = ENAMETOOLONG;
+    +				return(NLERR);
+    +			    }
+     			    pathP += strlen(lang);
+     			} else if (*(nlspath + 1) == 'N') {
+     			    ++nlspath;
+    -			    strcpy(pathP, name);
+    +			    if (strlcpy(pathP, name, spcleft) >= spcleft) {
+    +				free(base);
+    +			        errno = ENAMETOOLONG;
+    +				return(NLERR);
+    +			    }
+     			    pathP += strlen(name);
+     			} else *(pathP++) = *nlspath;
+     		    } else *(pathP++) = *nlspath;
+    @@ -186,7 +196,7 @@
+         MCSetT	*set;
+         long	lo, hi, cur, dir;
+     
+    -    if (!cat || setId <= 0) return(NULL);
+    +    if (cat == NULL || setId <= 0) return(NULL);
+     
+         lo = 0;
+         if (setId - 1 < cat->numSets) {
+    @@ -212,8 +222,8 @@
+     	if (hi - lo == 1) cur += dir;
+     	else cur += ((hi - lo) / 2) * dir;
+         }
+    -    if (set->invalid)
+    -	(void) loadSet(cat, set);
+    +    if (set->invalid && loadSet(cat, set) <= 0)
+    +	return(NULL);
+         return(set);
+     }
+     
+    @@ -225,7 +235,7 @@
+         MCMsgT	*msg;
+         long	lo, hi, cur, dir;
+     
+    -    if (!set || set->invalid || msgId <= 0) return(NULL);
+    +    if (set == NULL || set->invalid || msgId <= 0) return(NULL);
+     
+         lo = 0;
+         if (msgId - 1 < set->numMsgs) {
+    @@ -318,7 +328,7 @@
+         off_t	nextSet;
+     
+         cat = (MCCatT *) malloc(sizeof(MCCatT));
+    -    if (!cat) return(NLERR);
+    +    if (cat == NULL) return(NLERR);
+         cat->loadType = MCLoadBySet;
+     
+         if ((cat->fd = _open(catpath, O_RDONLY)) < 0) {
+    @@ -351,7 +361,7 @@
+     
+         cat->numSets = header.numSets;
+         cat->sets = (MCSetT *) malloc(sizeof(MCSetT) * header.numSets);
+    -    if (!cat->sets) NOSPACE();
+    +    if (cat->sets == NULL) NOSPACE();
+     
+         nextSet = header.firstSet;
+         for (i = 0; i < cat->numSets; ++i) {
+    Index: setlocale.c
+    ===================================================================
+    RCS file: /home/ncvs/src/lib/libc/locale/setlocale.c,v
+    retrieving revision 1.27
+    retrieving revision 1.28
+    diff -u -r1.27 -r1.28
+    --- locale/setlocale.c	2000/09/04 03:43:24	1.27
+    +++ locale/setlocale.c	2000/09/08 07:29:48	1.28
+    @@ -129,7 +129,7 @@
+     		if (!env || !*env)
+     			env = getenv("LANG");
+     
+    -		if (!env || !*env)
+    +		if (!env || !*env || strchr(env, '/'))
+     			env = "C";
+     
+     		(void) strncpy(new_categories[category], env, ENCODING_LEN);
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOdKTo1UuHi5z0oilAQH9QwQAhEdiXOU7A/hZpMBKU5bWz6alLqr7o4wp
+YcypPTnSoMQ2OkFlmuX9sdcgRfwl3gZ1z3QfjhE/eXG7rYSerEyxqcBqgQOBbCUH
+vURxPEIRqV90DMMZAp62viA1X1Vyx/Ie2WXG/r5Wck1/Zu6BSxsUo3yiWD4gFoVb
+L1f0kBgl2/A=
+=YtCH
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:54.fingerd.asc b/share/security/advisories/FreeBSD-SA-00:54.fingerd.asc
new file mode 100644
index 0000000000..5f9819345c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:54.fingerd.asc
@@ -0,0 +1,142 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:54                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          fingerd allows remote reading of filesystem
+
+Category:       core
+Module:         fingerd
+Announced:      2000-10-13
+Credits:        NIIMI Satoshi <sa2c@and.or.jp>
+Affects:        FreeBSD 4.1.1-RELEASE
+Corrected:      2000-10-05 (4.1.1-STABLE)
+FreeBSD only:   Yes
+
+I.   Background
+
+The finger service is used to provide information about users on the
+system to remote clients.
+
+II.  Problem Description
+
+Shortly before the release of FreeBSD 4.1.1, code was added to
+finger(1) intended to allow the utility to send the contents of
+administrator-specified files in response to a finger request. However
+the code incorrectly allowed users to specify a filename directly, the
+contents of which would be returned to the user.
+
+The finger daemon usually runs as user 'nobody' and invokes the
+finger(1) command in response to a remote request, meaning it does not
+have access to privileged files on the system (such as the hashed
+password file /etc/master.passwd), however the vulnerability may be
+used to read arbitrary files to which the 'nobody' user has read
+permission. This may disclose internal information including
+information which may be used to mount further attacks against the
+system.
+
+Note that servers running web and other services often incorrectly run
+these as the 'nobody' user, meaning this vulnerability may be used to
+read internal web server data such as web server password files, the
+source code to cgi-bin scripts, etc.
+
+FreeBSD 4.1-RELEASE, 4.0-RELEASE, 3.5.1-RELEASE and FreeBSD 4.1-STABLE
+systems dated before 2000-09-01 or after 2000-10-05 are unaffected by
+this vulnerability.
+
+III. Impact
+
+Remote users can obtain read access (as the 'nobody' user) to large
+parts of the local filesystem on systems running a vulnerable
+fingerd. This may disclose confidential information and may facilitate
+further attacks on the system.
+
+IV.  Workaround
+
+Disable the finger protocol in /etc/inetd.conf: make sure the
+/etc/inetd.conf file does not contain the following entry
+uncommented (i.e. if present in the inetd.conf file it should be
+commented out as shown below:)
+
+#finger  stream  tcp     nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
+
+On IPv6-connected systems, be sure to disable the IPv6 instance of the
+finger daemon as well:
+
+#finger stream  tcp6    nowait/3/10 nobody /usr/libexec/fingerd fingerd -s
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE dated after
+the correction date.
+
+2) Apply the patch below and rebuild your fingerd binary.
+
+Either save this advisory to a file, or download the patch and
+detached PGP signature from the following locations, and verify the
+signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:54/fingerd.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:54/fingerd.patch.asc
+
+# cd /usr/src/usr.bin/finger
+# patch -p < /path/to/patch_or_advisory
+# make all install
+# cd /usr/src/libexec/fingerd
+# make all install
+
+Patch for vulnerable 4.1.x systems:
+
+    Index: finger.c
+    ===================================================================
+    RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v
+    retrieving revision 1.15.2.3
+    retrieving revision 1.21
+    diff -u -r1.15.2.3 -r1.21
+    --- finger.c	2000/09/15 21:51:00	1.15.2.3
+    +++ finger.c	2000/10/05 15:56:13	1.21
+    @@ -293,6 +293,16 @@
+     		goto net;
+     
+     	/*
+    +	 * Mark any arguments beginning with '/' as invalid so that we 
+    +	 * don't accidently confuse them with expansions from finger.conf
+    +	 */
+    +	for (p = argv, ip = used; *p; ++p, ++ip)
+    +	    if (**p == '/') {
+    +		*ip = 1;
+    +		warnx("%s: no such user", *p);
+    +	    }
+    +
+    +	/*
+     	 * Traverse the finger alias configuration file of the form
+     	 * alias:(user|alias), ignoring comment lines beginning '#'.
+     	 */
+    @@ -323,11 +333,11 @@
+     	 * gathering the traditional finger information.
+     	 */
+     	if (mflag)
+    -		for (p = argv; *p; ++p) {
+    -			if (**p != '/' || !show_text("", *p, "")) {
+    +		for (p = argv, ip = used; *p; ++p, ++ip) {
+    +			if (**p != '/' || *ip == 1 || !show_text("", *p, "")) {
+     				if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
+     					enter_person(pw);
+    -			   	else
+    +				else if (!*ip)
+     					warnx("%s: no such user", *p);
+     			}
+     		}
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOebB4FUuHi5z0oilAQEE1AP+I7zDBn5TagYJEELea7ltGkNZ5h3nZi5E
+FwxqYekriycAzOqctwzu7lO2AO7KoPTzAfu4OCd+s+ijK+zpXkt+eOAttbhPwENJ
+RMAJPwcGr139mIT2ofuEUhtE9NZ66gg7WNh+8ixjtovKbZl1W/slX+wOqlaCcbLm
+U4t3bj6bx5M=
+=fg83
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:55.xpdf.asc b/share/security/advisories/FreeBSD-SA-00:55.xpdf.asc
new file mode 100644
index 0000000000..d7d8b295c1
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:55.xpdf.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:55                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          xpdf contains multiple vulnerabilities
+
+Category:       ports
+Module:         xpdf
+Announced:      2000-10-13
+Credits:        Unknown
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-09-04 (4.1.1-RELEASE)
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+xpdf is a PDF viewer for X Windows.
+
+II.  Problem Description
+
+The xpdf port, versions prior to 0.91, contains a race condition due
+to improper handing of temporary files that may allow a local user to
+overwrite arbitrary files owned by the user running xpdf.
+
+Additionally, when handling URLs in documents no checking was done for
+shell metacharacters before starting the browser. This makes it possible
+to construct a document which cause xpdf to run arbitrary commands when
+the user views an URL.
+
+The xpdf port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+nearly 4000 third-party applications in a ready-to-install format.
+The ports collections shipped with FreeBSD 3.5.1 and 4.1 contain this
+problem since it was discovered after the releases, but it was
+corrected prior to the release of FreeBSD 4.1.1.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local users, using a symlink attack, can cause arbitrary files owned
+by the user running xpdf to be overwritten. Also, malicious PDFs can
+cause arbitrary code to be executed.
+
+If you have not chosen to install the xpdf port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the xpdf port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the xpdf port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/graphics/xpdf-0.91.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/xpdf-0.91.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/graphics/xpdf-0.91.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/xpdf-0.91.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/graphics/xpdf-0.91.tgz
+
+3) download a new port skeleton for the cvsweb port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOebCfVUuHi5z0oilAQEcuAP8DYr3RrCnnysWYS3eVyNJ1sokvXOXZdhZ
+hI8ialbbpKY+kEtnL0DrUmeJ9c5xsVb70XJQ3D80n8O2N8I9ZAbfiHadY+omZPZX
+Hpk47MuA3R4G6jXldnyq545/QdK3+uKMLkNiGG63P5VcyUsQ3bpB1uIRIX/a9U6Z
+rdQfL0s3N0k=
+=qh/t
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:56.lprng.asc b/share/security/advisories/FreeBSD-SA-00:56.lprng.asc
new file mode 100644
index 0000000000..25941a91c9
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:56.lprng.asc
@@ -0,0 +1,94 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:56                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          LPRng contains potential root compromise
+
+Category:       ports
+Module:         LPRng
+Announced:      2000-10-13
+Credits:        Chris Evans <chris@SCARY.BEASTS.ORG>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-10-13
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+LPRng is a popular printer daemon.
+
+II.  Problem Description
+
+The LPRng port, versions prior to 3.6.24, contains a potential
+vulnerability which may allow root compromise from both local and
+remote systems. The vulnerability is due to incorrect usage of the
+syslog(3) function. Local and remote users can send string-formatting
+operators to the printer daemon to corrupt the daemon's execution,
+potentially gaining root access.
+
+The LPRng port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains nearly 4000 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5.1, 4.1 and
+4.1.1 contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local and remote users may potentially gain root privileges on systems
+using LPRng.
+
+If you have not chosen to install the LPRng port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the LPRng port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the LPRng port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/LPRng-3.6.25.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/LPRng-3.6.25.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/LPRng-3.6.25.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/LPRng-3.6.25.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/LPRng-3.6.25.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the cvsweb port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOebCc1UuHi5z0oilAQGIrwP+I0aP9pZOMT4FbOar8NpMExmeQXNr74+e
+euwWeJZszDNe4p0a2yGB9Xn4CrkQZNhwZKUoDzk1K9RrDxNwjwT7gouKMGgn38Lr
+OIQLi2FZqgT0cbnGusdK4sxbQZl2AnPkEunQOskeXhCbZX97wMQOjDid72ZXxNAR
+l+KW/XexpuQ=
+=Ew7y
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:57.muh.asc b/share/security/advisories/FreeBSD-SA-00:57.muh.asc
new file mode 100644
index 0000000000..38591c9a8c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:57.muh.asc
@@ -0,0 +1,97 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:57                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          muh IRC bouncer remote vulnerability
+
+Category:       ports
+Module:         muh
+Announced:      2000-10-13
+Credits:        Maxime Henrion <mux@QUALYS.COM>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-09-10 (4.1.1-RELEASE)
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+muh is an IRC bouncer, a program that allows a host to act as a relay
+between an IRC client on a local/remote machine and the IRC server.
+
+II.  Problem Description
+
+The muh port, versions 2.05c and before, contains a vulnerability
+which allows remote users to gain the privileges of the user running
+muh. This is accomplished by sending a carefully crafted exploit
+string containing string format operators to a user using muh but who
+is not connected. When the user reconnects and executes '/muh read',
+muh will allow the remote attacker to execute arbitrary code as the
+local user.
+
+The muh port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+nearly 4000 third-party applications in a ready-to-install format.
+The ports collections shipped with FreeBSD 3.5.1 and 4.1 contain this
+problem since it was discovered after the releases, but it was
+corrected prior to the release of FreeBSD 4.1.1.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote IRC users can cause arbitrary code to be executed as the user
+running muh.
+
+If you have not chosen to install the muh port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the muh port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the muh port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/muh-2.05c.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/muh-2.05c.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/muh-2.05c.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/muh-2.05c.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/muh-2.05c.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the cvsweb port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBOebDhVUuHi5z0oilAQE/3wP+K6oPSZ4jsnLAILhZD3fjdp+3bW7IhDmQ
+PoXpqSyEypJ6TlP0wLaZwhz1VPThAN9yVaUTzA7W8MVQyKCdIDBWu86WmcZ4CsY9
+v7ku77tshEcxza+ggegy9PkSWYDfaQIyGzRyZht280qxn5XUFIeEvXkx+YHKvffo
+Rm4dlo/akzA=
+=0bP+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:58.chpass.asc b/share/security/advisories/FreeBSD-SA-00:58.chpass.asc
new file mode 100644
index 0000000000..a30972e547
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:58.chpass.asc
@@ -0,0 +1,111 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:58                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          chpass family contains local root vulnerability
+
+Category:       core
+Module:         chfn/chpass/chsh/ypchfn/ypchpass/ypchsh/passwd
+Announced:      2000-10-30
+Credits:	Problem fixed during internal auditing.
+		Vulnerability pointed out by: caddis <caddis@DISSENSION.NET>
+Affects:        FreeBSD 3.x (all releases), FreeBSD 4.0-RELEASE,
+		FreeBSD 4.0-STABLE prior to the correction date
+Corrected:      2000/07/20 (FreeBSD 4.0-STABLE)
+		2000/10/04 (FreeBSD 3.5.1-STABLE)
+FreeBSD only:   NO
+
+I.   Background
+
+ch{fn,pass,sh} are utilities for changing user "finger" information,
+passwords, and login shell, respectively. The yp* variants perform the
+analogous changes on a NIS account.
+
+II.  Problem Description
+
+A "format string vulnerability" was discovered in code used by the
+vipw utility during an internal FreeBSD code audit in July 2000. The
+vipw utility does not run with increased privileges and so it was
+believed at the time that it did not represent a security
+vulnerability. However it was not realised that this code is also
+shared with other utilities -- namely chfn, chpass, chsh, ypchfn,
+ypchpass, ypchsh and passwd -- which do in fact run setuid root.
+
+Therefore, the problem may be exploited by unprivileged local users to
+gain root access to the local machine.
+
+All versions of FreeBSD prior to the correction date including 4.0 and
+3.5.1 are vulnerable to this problem, but it was fixed in the 4.x
+branch prior to the release of FreeBSD 4.1.
+
+III. Impact
+
+Local users can obtain root privileges on the local machine.
+
+IV.  Workaround
+
+Remove the setuid bit on the following utilities. This has the
+side-effect that non-root users cannot change their finger
+information, passwords, or login shells.
+
+# chflags noschg /usr/bin/chfn /usr/bin/chpass /usr/bin/chsh
+# chmod u-s /usr/bin/chfn /usr/bin/chpass /usr/bin/chsh
+# chflags noschg /usr/bin/ypchfn /usr/bin/ypchpass /usr/bin/ypchsh
+# chmod u-s /usr/bin/ypchfn /usr/bin/ypchpass /usr/bin/ypchsh
+# chflags noschg /usr/bin/passwd
+# chmod u-s /usr/bin/passwd
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.1-RELEASE,
+4.1.1-RELEASE, 4.1.1-STABLE or 3.5.1-STABLE after the respective
+correction dates.
+
+2) Apply the patch below and recompile the respective files:
+
+Either save this advisory to a file, or download the patch and
+detached PGP signature from the following locations, and verify the
+signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:58/vipw.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:58/vipw.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src/usr.sbin/vipw
+# patch -p < /path/to/patch_or_advisory
+# make depend && make all install
+# cd /usr/src/usr.bin/chpass/
+# make depend && make all install
+# cd /usr/src/usr.bin/passwd/
+# make depend && make all install
+
+Patch for vulnerable systems:
+
+    --- pw_util.c   1999/08/28 01:20:31     1.17
+    +++ pw_util.c   2000/07/12 00:49:40     1.18
+    @@ -250,7 +250,7 @@
+            extern int _use_yp;
+     #endif /* YP */
+            if (err)
+    -               warn(name);
+    +               warn("%s", name);
+     #ifdef YP
+            if (_use_yp)
+                    warnx("NIS information unchanged");
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOf3/FFUuHi5z0oilAQEAhAQApmUnWU8Se8V6rAsy98jJLBXp11mmCnaB
+lVPve0SjOEhTjYVOfLEslDIPECP1WNrO3Ep/FiczhoTVrMBzWjh74XIGaiDbRxEy
+UDWh/cQhAaEmy/KPwraoPas6T2lsJ9brBu5LycKQj/F2SMYCNQOQ3UK4rmXqmf+z
+jAqmmerfaPo=
+=YNNN
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:59.pine.asc b/share/security/advisories/FreeBSD-SA-00:59.pine.asc
new file mode 100644
index 0000000000..9904c18282
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:59.pine.asc
@@ -0,0 +1,105 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:59                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          pine4 port contains remote vulnerability
+
+Category:       ports
+Module:         pine4/pine4-ssl/zh-pine4/iw-pine4
+Announced:      2000-10-30
+Affects:        Ports collection.
+Corrected:      2000-10-29
+Credits:	arkane@SPEAKEASY.ORG
+Vendor status:  Contacted
+FreeBSD only:   NO
+
+I.   Background
+
+Pine is a popular mail user agent.
+
+II.  Problem Description
+
+The pine4 port, versions 4.21 and before, contains a buffer overflow
+vulnerability which allows a remote user to execute arbitrary code on
+the local client by the sending of a special-crafted email
+message.  The overflow occurs during the periodic "new mail" checking
+of an open folder.
+
+The pine4 port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4000 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 4.1.1 and 3.5.1
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+Administrators should note that the Pine software has been a frequent
+source of past security holes, and makes extensive use of string
+routines commonly associated with security vulnerabilities.  The
+FreeBSD Security Officer believes it is likely that further
+vulnerabilities exit in this software, and recommends the use of
+alternative mail software in environments where electronic mail may be
+received from untrusted sources.
+
+III. Impact
+
+Remote users can cause pine4 to crash when closing a mail folder by
+sending a malformed email.
+ 
+If you have not chosen to install the pine4 port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the pine4 port/package, if you have installed it.
+
+The risk can be decreased by not leaving pine sitting idle with an
+open folder, but it cannot be completely eliminated without patching
+and recompiling the software.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the pine4 port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/pine-4.21_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/pine-4.21_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/mail/pine-4.21_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/pine-4.21_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/mail/pine-4.21_1.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the listmanager port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above.  The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOf3+NVUuHi5z0oilAQHjFQQAmVrnuMQbQwPKf8LVdsNFgc6470e8Lz07
++8OTApKVTzX1WVbBNQUTJ8tC0TSiZt/BTOq41EVHc+yP6W8gJWPWmGJHMH2vtd2q
+/5X1o+Q17IP2doXuDBT2MUJH7simUJBPbZ9Fi+AuI+lecCx80Q9W9qndEypdwpwZ
+j01EAufwmMk=
+=nefD
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:60.boa.asc b/share/security/advisories/FreeBSD-SA-00:60.boa.asc
new file mode 100644
index 0000000000..90cf277244
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:60.boa.asc
@@ -0,0 +1,101 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:60                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          boa web server allows arbitrary file access/execution
+
+Category:       ports
+Module:         boa
+Announced:      2000-10-30
+Credits:        Lluis Mora <llmora@S21SEC.COM>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-10-07
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+Boa is a high-performance web server.
+
+II.  Problem Description
+
+The boa port, versions after 0.92 but prior to 0.94.8.3, contains a
+vulnerability which allows remote users to view arbitrary files
+outside the document root.  The vulnerability is that boa does not
+correctly restrict URL-encoded requests containing ".." in the path.
+
+In addition, if the administrator has enabled CGI extension support, a
+request for any file ending in .cgi will result in the file being
+executed with the privileges of the user id running the web server.
+Since the .cgi file may reside outside the document root, this may
+result in untrusted binaries/scripts being executed.  If an attacker
+can upload files to the system, e.g. via anonymous FTP, they can cause
+arbitrary code to be executed by the user running the web server.
+
+The boa port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 4000 third-party applications in a ready-to-install format.
+The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain
+this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users may view any file on the system that is accessible by the
+webserver account.  In addition, the webserver account may be
+compromised due to the execution of arbitrary files outside the
+document root.
+
+If you have not chosen to install the boa port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the boa port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the boa port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/boa-0.94.8.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/boa-0.94.8.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/boa-0.94.8.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/boa-0.94.8.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/boa-0.94.8.3.tgz
+
+3) download a new port skeleton for the cvsweb port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOf3+LlUuHi5z0oilAQHuAAP+PB/Y6PwDyWZrfvX5cKRdnQiwebU2FPiS
+BhKSwjwBsE4jZGFw0YC+tU6TksGhun6LvvIw0DVHXRevH0VwPcf18akuqKQrFhPA
+r3NQ1atFvrdDoGQN0J4px1vANXKPu6afe1LKaMTeF+sbjokoniScnAFyH9IHBvQH
+mVUcDXhq7sU=
+=WmZ+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:61.tcpdump.asc b/share/security/advisories/FreeBSD-SA-00:61.tcpdump.asc
new file mode 100644
index 0000000000..c2227bbbac
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:61.tcpdump.asc
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:61                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          tcpdump contains remote vulnerabilities [REISSUED]
+
+Category:       core
+Module:         tcpdump
+Announced:      2000-10-31
+Reissued:	2000-11-06
+Credits:	Discovered during internal auditing.
+Affects:        All releases of FreeBSD 3.x, 4.x prior to 4.2
+                FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the
+                correction date
+Corrected:      2000-10-04 (FreeBSD 4.1.1-STABLE)
+		2000-10-05 (FreeBSD 3.5.1-STABLE)
+Vendor status:	Patch released
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2000-10-31  Initial release
+v1.1  2000-11-06  Corrected patch
+
+I.   Background
+
+tcpdump is a tool for monitoring network activity.
+
+II.  Problem Description
+
+Several overflowable buffers were discovered in the version of tcpdump
+included in FreeBSD, during internal source code auditing.  Some
+simply allow the remote attacker to crash the local tcpdump process,
+but there is a more serious vulnerability in the decoding of AFS ACL
+packets in the more recent version of tcpdump (tcpdump 3.5) included
+in FreeBSD 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE, which may allow
+a remote attacker to execute arbitrary code on the local system
+(usually root, since root privileges are required to run tcpdump).
+
+The former issue may be a problem for systems using tcpdump as a form
+of intrusion detection system, i.e. to monitor suspicious network
+activity: after the attacker crashes any listening tcpdump processes
+their subsequent activities will not be observed.
+
+All released versions of FreeBSD prior to the correction date
+including 3.5.1-RELEASE, 4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE
+are vulnerable to the "remote crash" problems, and FreeBSD
+4.0-RELEASE, 4.1-RELEASE and 4.1.1-RELEASE are also vulnerable to the
+"remote execution" vulnerability.  Both problems were corrected in
+4.1.1-STABLE prior to the release of FreeBSD 4.2-RELEASE.
+
+III. Impact
+
+Remote users can cause the local tcpdump process to crash, and (under
+FreeBSD 4.0-RELEASE, 4.1-RELEASE, 4.1.1-RELEASE and 4.1.1-STABLE prior
+to the correction date) may be able to cause arbitrary code to be
+executed as the user running tcpdump, usually root.
+
+IV.  Workaround
+
+Do not use vulnerable versions of tcpdump in network environments
+which may contain packets from untrusted sources.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or
+3.5.1-STABLE after the respective correction dates.
+
+2a) FreeBSD 3.x systems prior to the correction date
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-3.x.patch.asc
+
+# cd /usr/src/contrib/tcpdump
+# patch -p < /path/to/patch
+# cd /usr/src/usr.sbin/tcpdump
+# make depend && make all install
+
+2b) FreeBSD 4.x systems prior to the correction date
+
+NOTE: The patch distributed with the original version of this advisory
+was incomplete and did not include all of the security fixes made to
+the tcpdump utility. In particular, it did not address the remote code
+execution vulnerability.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc
+
+# cd /usr/src/contrib/tcpdump
+# patch -p < /path/to/patch
+# cd /usr/src/usr.sbin/tcpdump
+# make depend && make all install
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOgcNKFUuHi5z0oilAQGYQAP9F00eE4rd0M46f8WMWTO7uFb1gV2p4Y0l
+KV0vT1wMy+PdmFNpo7SVrb/tdpa4Wtxb/Q/tu7RDZQqFI29yBPTFnE1iu8T2BSAm
+cO/dE5ypkjJkEjf8QjxqQXVhTbtIVVQa3Tosw3AdUFP0gKHUkZ36ryCQVxbqRMQK
+c0ZkdbwESp8=
+=uaOo
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:62.top.asc b/share/security/advisories/FreeBSD-SA-00:62.top.asc
new file mode 100644
index 0000000000..d1b3b2aace
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:62.top.asc
@@ -0,0 +1,154 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:62                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          top allows reading of kernel memory [REISSUED]
+
+Category:       core
+Module:         top
+Announced:      2000-11-01
+Reissued:       2000-11-06
+Credits:        vort@wiretapped.net via OpenBSD
+Affects:        FreeBSD 3.x (all releases), FreeBSD 4.x (all releases prior
+                to 4.2), FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior
+                to the correction date.
+Corrected:      2000-11-04 (FreeBSD 4.1.1-STABLE)
+                2000-11-05 (FreeBSD 3.5.1-STABLE)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2000-11-01  Initial release
+v1.1  2000-11-06  Updated patch released.
+
+I.   Background
+
+top is a utility for displaying current system resource statistics
+such as process CPU and memory use.  It is externally-maintained,
+contributed software which is included in FreeBSD by default.
+
+II.  Problem Description
+
+A "format string vulnerability" was discovered in the top(1) utility
+which allows unprivileged local users to cause the top process to
+execute arbitrary code.  The top utility runs with increased
+privileges as a member of the kmem group, which allows it to read from
+kernel memory (but not write to it).  A process with the ability to
+read from kernel memory can monitor privileged data such as network
+traffic, disk buffers and terminal activity, and may be able to
+leverage this to obtain further privileges on the local system or on
+other systems, including root privileges.
+
+All released versions of FreeBSD prior to the correction date
+including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem,
+but it was fixed in the 4.1.1-STABLE branch prior to the release of
+FreeBSD 4.2-RELEASE.
+
+III. Impact
+
+Local users can read privileged data from kernel memory which may
+provide information allowing them to further increase their local or
+remote system access privileges.
+
+IV.  Workaround
+
+Remove the setgid bit on the top utilities.  This has the side-effect
+that users who are not a member of the kmem group or who are not the
+superuser cannot use the top utility.
+
+# chmod g-s /usr/bin/top
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or
+3.5.1-STABLE after the respective correction dates.
+
+2) Apply the patch below and recompile the relevant files:
+
+NOTE: The original version of this advisory contained an incomplete
+patch which does not fully eliminate the security vulnerability. The
+additional vulnerability was pointed out by Przemyslaw Frasunek
+<venglin@freebsd.lublin.pl>.
+
+Either save this advisory to a file, or download the patch and
+detached PGP signature from the following locations, and verify the
+signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.v1.1
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:62/top.patch.v1.1.asc
+
+Execute the following commands as root:
+
+# cd /usr/src/contrib/top
+# patch -p < /path/to/patch_or_advisory
+# cd /usr/src/usr.bin/top
+# make depend && make all install
+
+Patch for vulnerable systems:
+
+    Index: display.c
+    ===================================================================
+    RCS file: /mnt/ncvs/src/contrib/top/display.c,v
+    retrieving revision 1.4
+    retrieving revision 1.5
+    diff -u -r1.4 -r1.5
+    --- display.c	1999/01/09 20:20:33	1.4
+    +++ display.c	2000/10/04 23:34:16	1.5
+    @@ -829,7 +831,7 @@
+         register int i;
+     
+         /* first, format the message */
+    -    (void) sprintf(next_msg, msgfmt, a1, a2, a3);
+    +    (void) snprintf(next_msg, sizeof(next_msg), msgfmt, a1, a2, a3);
+     
+         if (msglen > 0)
+         {
+    Index: top.c
+    ===================================================================
+    RCS file: /mnt/ncvs/src/contrib/top/top.c,v
+    retrieving revision 1.4
+    retrieving revision 1.5
+    diff -u -r1.4 -r1.5
+    --- top.c	1999/01/09 20:20:34	1.4
+    +++ top.c	2000/10/04 23:34:16	1.5
+    @@ -807,7 +809,7 @@
+     				{
+     				    if ((errmsg = kill_procs(tempbuf2)) != NULL)
+     				    {
+    -					new_message(MT_standout, errmsg);
+    +					new_message(MT_standout, "%s", errmsg);
+     					putchar('\r');
+     					no_command = Yes;
+     				    }
+    Index: top.c
+    ===================================================================
+    RCS file: /mnt/ncvs/src/contrib/top/top.c,v
+    retrieving revision 1.5
+    retrieving revision 1.6
+    diff -u -r1.5 -r1.6
+    --- top.c	2000/10/04 23:34:16	1.5
+    +++ top.c	2000/11/03 22:00:10	1.6
+    @@ -826,7 +826,7 @@
+     				{
+     				    if ((errmsg = renice_procs(tempbuf2)) != NULL)
+     				    {
+    -					new_message(MT_standout, errmsg);
+    +					new_message(MT_standout, "%s", errmsg);
+     					putchar('\r');
+     					no_command = Yes;
+     				    }
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOgcN7lUuHi5z0oilAQFqJgP/bn4SN6FaNvazYMaVzypsEgWzofK/kdlu
+iWXcdZVkoFZlF4J7e6M/wRn0xS1lvNPlv5yNF4bYa7lnZHeNzS/58v94+Sze2ooV
+bgML9JzhfaM0Ps+/mAXO4FzGi+WryTkdZGl9KVkwT+QwuRer/bz4GoJvnrsGuBpf
+dXoovvpgwiA=
+=hVPb
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:63.getnameinfo.asc b/share/security/advisories/FreeBSD-SA-00:63.getnameinfo.asc
new file mode 100644
index 0000000000..cb7deaac46
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:63.getnameinfo.asc
@@ -0,0 +1,124 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:63                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          getnameinfo function allows remote denial of service
+
+Category:       core
+Module:         libc
+Announced:      2000-11-01
+Credits:        Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>
+Affects:        FreeBSD 4.x (all releases prior to 4.2), 4.1.1-STABLE prior
+                to the correction date.
+Corrected:      2000/09/25 (FreeBSD 4.1.1-STABLE)
+FreeBSD only:   NO
+
+I.   Background
+
+The getnameinfo() function is part of the protocol-independent
+resolver library from the KAME project.
+
+II.  Problem Description
+
+An off-by-one error exists in the processing of DNS hostnames which
+allows a long DNS hostname to crash the getnameinfo() function when an
+address resolution of the hostname is performed (e.g. in response to a
+connection to a service which makes use of getnameinfo()).
+
+Under the following conditions, this bug can be used as a denial of
+service attack against vulnerable services:
+
+* The attacker must control their DNS server.
+* The service must be run as a persistent daemon (i.e. running
+  "standalone", not spawned as-needed from a supervisor process such
+  as inetd)
+* The daemon must perform the getnameinfo() call on the remote
+  hostname prior to forking a child process to handle the connection
+  (otherwise it is just the child process which dies, and the parent
+  remains running).
+* The daemon is not automatically restarted by a "watchdog" process.
+
+All released versions of FreeBSD 4.x prior to the correction date
+including 4.0, 4.1, and 4.1.1 are vulnerable to this problem, but it
+was fixed in the 4.1.1-STABLE branch prior to the release of FreeBSD
+4.2-RELEASE.  The FreeBSD 3.x branch is unaffected since it does not
+include the KAME code.
+
+Note that this vulnerability is not believed to pose a vulnerability
+for any servers included in the FreeBSD base system.  It is only a
+potential problem for certain third party servers fulfilling the above
+conditions (none of which are currently known).  Therefore the impact
+on the vast majority of FreeBSD systems is expected to be nonexistent.
+
+III. Impact
+
+Remote users may be able to cause a very small class of network
+servers to terminate abnormally, causing a denial of service
+condition.
+
+IV.  Workaround
+
+None practical.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD 4.x system to 4.1.1-STABLE after
+the correction date.
+
+2) Apply the patch below and recompile the relevant files:
+
+Either save this advisory to a file, or download the patch and
+detached PGP signature from the following locations, and verify the
+signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:63/getnameinfo.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src/lib/libc
+# patch -p < /path/to/patch_or_advisory
+# make depend && make all install
+
+Patch for vulnerable systems:
+
+    --- net/getnameinfo.c	2000/07/05 05:09:17	1.5
+    +++ net/getnameinfo.c	2000/09/25 23:04:36	1.6
+    @@ -154,12 +153,12 @@
+     				(flags & NI_DGRAM) ? "udp" : "tcp");
+     		}
+     		if (sp) {
+    -			if (strlen(sp->s_name) > servlen)
+    +			if (strlen(sp->s_name) + 1 > servlen)
+     				return ENI_MEMORY;
+     			strcpy(serv, sp->s_name);
+     		} else {
+     			snprintf(numserv, sizeof(numserv), "%d", ntohs(port));
+    -			if (strlen(numserv) > servlen)
+    +			if (strlen(numserv) + 1 > servlen)
+     				return ENI_MEMORY;
+     			strcpy(serv, numserv);
+     		}
+    @@ -253,7 +252,7 @@
+     					*p = '\0';
+     			}
+     #endif
+    -			if (strlen(hp->h_name) > hostlen) {
+    +			if (strlen(hp->h_name) + 1 > hostlen) {
+     				freehostent(hp);
+     				return ENI_MEMORY;
+     			}
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOgCgVlUuHi5z0oilAQGqfwP/SYLG0yD0uR4wdPHy5S9eXH4HqtNrVpF7
+NlN3iMjHrzIDqeFSYoRTbMEhrbTTGMWYIEadadW9zjlnHfGNRniYx2oOhm+0tqsI
+C3wlqsGAo2GXsXfr1hOpcVc1GqLhsK3oLgz9RRMoMlRWJ+K0bHHLwKlB9uEoxPJ2
+X/WHJ//RQXI=
+=YFwv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:64.global.asc b/share/security/advisories/FreeBSD-SA-00:64.global.asc
new file mode 100644
index 0000000000..6191abb0c5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:64.global.asc
@@ -0,0 +1,106 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:64                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          global port allows remote compromise through CGI script
+
+Category:       ports
+Module:         global
+Announced:      2000-11-06
+Credits:        Shigio Yamaguchi <shigio@tamacom.com> 
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-10-09
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+global is a source-code tagging system for indexing and searching
+large bodies of source code.
+
+II.  Problem Description
+
+The global port, versions 3.5 through to 3.55, contains a
+vulnerability in the CGI script generated by the htags utility which
+allows a remote attacker to execute code on the local system as the
+user running the script, typically user 'nobody' in most
+installations.
+
+There is no vulnerability in the default installation of the port, but
+if an administrator uses the 'htags -f' command to generate a CGI
+script enabling the browsing of source code, then the system is
+vulnerable to attack caused by incorrect validation of input.
+
+An older version of global was included in previous releases of
+FreeBSD; this is not vulnerable to the problem described here.
+
+The global port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4100 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.1.1
+contain this problem since it was discovered after the releases, but
+it was corrected prior to the release of FreeBSD 4.2.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+If the 'htags -f' command is used to generate a CGI script which is
+then installed under a webserver, then remote users may execute
+arbitrary commands on the local system as the user which runs the CGI
+script.
+
+If you have not chosen to install the global port/package, or you have
+not used the 'htags -f' command to produce a CGI script, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the global port/package, if you you have installed it, or
+remove the 'global.cgi' file installed on the website.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the global port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/global-4.0.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/global-4.0.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/global-4.0.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/global-4.0.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/global-4.0.1.tgz
+
+3) download a new port skeleton for the cvsweb port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOgcQslUuHi5z0oilAQHKXAP/Wz2SmgOAIYFOquE3z+++5nbNxKYmKS/J
+Tb1ClUtPSSk6s/dfX3t17O1o0a/Pmj3u+CxAdRXdIka1XAQE9lY2pL4uhEVr0nXT
+/+I4Hap17OZVdNTTiF/a6LYd/WYbJkMrRbADnZjvRp5zrOpPwbzc1ZwIn9GRqiHc
+XYA/cWGGWXg=
+=+ex8
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:65.xfce.asc b/share/security/advisories/FreeBSD-SA-00:65.xfce.asc
new file mode 100644
index 0000000000..7858be0515
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:65.xfce.asc
@@ -0,0 +1,94 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:65                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          xfce allows local X session compromise
+
+Category:       ports
+Module:         xfce
+Announced:      2000-11-06
+Credits:        Nicholas Brawn <nickbrawn@ONETEL.COM>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-11-01
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+xfce is a window manager/desktop environment for the X Windows system.
+
+II.  Problem Description
+
+Versions of xfce prior to 3.52 contain a startup script which
+incorrectly allows access to the X display to all other users on the
+local system. Such users are able to monitor and control the contents
+of the display window as well as monitoring input from keyboard and
+mouse devices. For example, this allows them to monitor passphrases
+typed into a terminal window, among other possibilities.
+
+The xfce port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 4100 third-party applications in a ready-to-install format. The
+ports collections shipped with FreeBSD 3.5.1 and 4.1.1 are vulnerable
+to this problem since it was discovered after the releases, but it was
+corrected prior to the release of FreeBSD 4.2.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local users can monitor and control the contents of the X display
+running xfce, as well as input devices such as mice and keyboards.
+
+IV.  Workaround
+
+Deinstall the xfce port/package, if you you have installed it, or
+remove the lines containing 'xhost +$HOSTNAME' in the following files:
+
+/usr/X11R6/etc/xfce/xinitrc
+/usr/X11R6/etc/xfce/xinitrc.mwm
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the xfce port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11-wm/xfce-3.12.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/xfce-3.12.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/x11-wm/xfce-3.12.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/xfce-3.12.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/x11-wm/xfce-3.12.tgz
+
+3) download a new port skeleton for the xfce port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOgdCalUuHi5z0oilAQEwxwP+OoowcV51kn3hHjcFWZRk2GAIw/mu6gxP
+GsLscf2IMAX+dyJG+sNtpzktsrMsIFcv5ADjNjhW+WAqqGhNCosV6cQ8/BNi0+m4
+o4Mqyc3jsYBkWzzXd/W6y4EWStup+7/iz/68DPdIUHs1IyfFQ7DiCgWXzZBo8GG1
+6muI/XYYm6Q=
+=Ioj2
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:66.netscape.asc b/share/security/advisories/FreeBSD-SA-00:66.netscape.asc
new file mode 100644
index 0000000000..9cb0bb78d5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:66.netscape.asc
@@ -0,0 +1,97 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:66                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Client vulnerability in Netscape
+
+Category:       ports
+Module:         netscape
+Announced:      2000-11-06
+Credits:        Michal Zalewski <lcamtuf@DIONE.IDS.PL>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-10-29
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+Netscape is a popular web browser, available in several versions in
+the FreeBSD ports collection.
+
+II.  Problem Description
+
+Versions of netscape prior to 4.76 allow a client-side exploit through
+a buffer overflow in html code. A malicious website operator can cause
+arbitrary code to be executed by the user running the netscape client.
+
+The netscape ports are not installed by default, nor are they "part of
+FreeBSD" as such: they are part of the FreeBSD ports collection, which
+contains over 4100 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 are
+vulnerable to this problem since it was discovered after the release,
+but it was corrected prior to the release of FreeBSD 4.2.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote attackers can execute arbitrary code on the local system by
+convincing users to visit a malicious website.
+
+If you have not chosen to install the netscape port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the netscape port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the relevant
+netscape port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/
+
+Since there are so many variations of the netscape ports in the
+FreeBSD ports collection they are not listed separately
+here. Localized versions are also available in the respective language
+subdirectory.
+
+3) download a new port skeleton for the netscape port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOgdCqFUuHi5z0oilAQFMFgQAjrqHzfVCD2oLCya0budGincSy+e6onfi
+XCMqyf8sAeEO5Bg4klVhkTMKCCPo9MEeLNWm3EwQHU4bN8wxD9NUHkYrVgNCsD8b
+rN34aAogoJR1fsfN960OW9EHWH8trPJDlC6IS1KYOmpOL8AuBfmbahL1vSx5TtZP
+vPFky0dFwKg=
+=mKdp
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:67.gnupg.asc b/share/security/advisories/FreeBSD-SA-00:67.gnupg.asc
new file mode 100644
index 0000000000..1f450f7cce
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:67.gnupg.asc
@@ -0,0 +1,92 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:67                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          gnupg fails to correctly verify signatures
+
+Category:       ports
+Module:         gnupg
+Announced:      2000-11-10
+Credits:        Jim Small <cavenewt@MY-DEJA.COM>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-10-18
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+GnuPG is an implementation of the PGP digital signature/encryption
+protocol.
+
+II.  Problem Description
+
+Versions of gnupg prior to 1.04 fail to correctly verify multiple
+signatures contained in a single document. Only the first signature
+encountered is actually verified, meaning that other data with invalid
+signatures (e.g. data which has been tampered with by an attacker)
+will not be verified, and the entire document will be treated as
+having valid signatures.
+
+The gnupg port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4100 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 are
+vulnerable to this problem since it was discovered after the releases,
+but it was corrected prior to the release of FreeBSD 4.2.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Documents containing multiple signed regions of data can be corrupted
+or tampered with by an attacker without detection, as long as the
+first signature in the document remains valid.
+
+IV.  Workaround
+
+Deinstall the gnupg port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the gnupg port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/gnupg-1.04.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/gnupg-1.04.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/security/gnupg-1.04.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/gnupg-1.04.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/security/gnupg-1.04.tgz
+
+3) download a new port skeleton for the gnupg port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOgx6dlUuHi5z0oilAQEGaAP+KXIJlLBgF7tXXtLWcyJkhI6mAxgMyHEJ
+y+9RkI22mz7etMN1Nqm22Rj1cYBO99Q35lx4qJpuGftuRV+D9P6f5FbXMp+qhw24
+K1t07eQhgiiNO1y9snvvEwwWtsHiosMFyIleFdbJwXoioqNsDFcByOwbG7zoEOOU
+BfDBTmKtPvQ=
+=1ZMA
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:68.ncurses.asc b/share/security/advisories/FreeBSD-SA-00:68.ncurses.asc
new file mode 100644
index 0000000000..126fbc73e9
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:68.ncurses.asc
@@ -0,0 +1,214 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:68                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          ncurses allows local privilege escalation [REVISED]
+
+Category:       core, ports
+Module:         ncurses
+Announced:      2000-11-13
+Revised:        2000-11-20
+Affects:        FreeBSD 5.0-CURRENT, 4.x prior to the correction date.
+                FreeBSD 3.x not yet fixed.
+Corrected:      2000-10-11 (FreeBSD 4.1.1-STABLE)
+                2000-11-10 (ncurses port)
+Credits:        Jouko Pynnonen <jouko@SOLUTIONS.FI>
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2000-11-13  Initial release
+v1.1  2000-11-20  Corrected status of 3.x, referenced ncurses port
+
+I.   Background
+
+ncurses is a text-mode display library used for formatting the output
+of applications on a variety of terminals.  It is externally
+maintained, contributed code which is included in FreeBSD by default.
+
+II.  Problem Description
+
+There exists an overflowable buffer in the libncurses library in the
+processing of cursor movement capabilities.  An attacker can force a
+privileged application to use the attacker's termcap file containing a
+specially crafted terminal entry, which will trigger the vulnerability
+when the vulnerable ncurses code is called.  This allows them to
+execute arbitrary code on the local system with the privileges of the
+exploited binary.
+
+The systat utility included in the FreeBSD base system is known to use
+vulnerable ncurses routines.  It runs with increased privileges as a
+member of the kmem group, which allows it to read from kernel memory
+(but not write to it).  A process with the ability to read from kernel
+memory can monitor privileged data such as network traffic, disk
+buffers and terminal activity, and may be able to leverage this to
+obtain further privileges on the local system or on other systems,
+including root privileges.
+
+There may be other vulnerable applications included in the FreeBSD
+base system, but no others are confirmed to be vulnerable due to the
+difficulty in identifying a complete list of vulnerable ncurses
+functions.  However the following is a complete list of FreeBSD system
+binaries which link against ncurses and run with increased
+privileges. They may or may not be vulnerable to exploitation.
+
+/usr/sbin/lpc
+/usr/bin/top
+/usr/bin/systat
+
+FreeBSD 3.x and earlier versions use a very old, customized version of
+ncurses which is difficult to update without breaking
+backwards-compatibility.  The update was made for FreeBSD 4.0, but 3.x
+will not be updated to the newer version.  At this stage the
+vulnerability has not been fixed in FreeBSD 3.x.
+
+The ncurses port (versions prior to 5.2) also contains this
+vulnerability.  It was corrected prior to the release of FreeBSD 4.2.
+
+III. Impact
+
+Certain setuid/setgid software (including FreeBSD base system
+utilities and third party ports/packages) may be vulnerable to a local
+exploit yielding privileged access.
+
+The /usr/bin/systat utility is known to be vulnerable to this problem
+in ncurses.  At this time is unknown whether /usr/bin/top and
+/usr/sbin/lpc are also affected.
+
+The problems were corrected prior to the release of FreeBSD 4.2.
+
+IV.  Workaround
+
+It is not feasible to reliably detect binaries which are vulnerable to
+the ncurses vulnerability, however the provided utility will scan for
+privileged binaries which use ncurses and which may potentially be
+vulnerable.  Some of the binaries reported may not in fact be
+vulnerable, but should be recompiled anyway for maximum assurance of
+security.
+
+Statically linked binaries which are identified as potentially
+vulnerable should be recompiled from source code if possible, after
+patching and recompiling libc, in order to correct the vulnerability.
+Dynamically linked binaries will be corrected by simply patching and
+recompiling libc as described below.
+
+As an interim measure, consider removing any identified setuid or
+setgid binary, removing set[ug]id privileges from the file, or
+limiting the file access permissions, as appropriate.
+
+Of course, it is possible that some of the identified files may be
+required for the correct operation of your local system, in which case
+there is no clear workaround except for limiting the set of users who
+may run the binaries, by an appropriate use of user groups and
+removing the "o+x" file permission bit.
+
+1) Download the 'scan_ncurses.sh' and 'test_ncurses.sh' scripts from
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/scan_ncurses.sh
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/test_ncurses.sh
+
+e.g. with the fetch(1) command:
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/scan_ncurses.sh
+Receiving scan_ncurses.sh (381 bytes): 100%
+381 bytes transferred in 0.1 seconds (7.03 kBps)
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/tools/SA-00:68/test_ncurses.sh
+Receiving test_ncurses.sh (604 bytes): 100%
+604 bytes transferred in 0.1 seconds (6.55 kBps)
+
+2) Verify the md5 checksums and compare to the value below:
+
+# md5 scan_ncurses.sh
+MD5 (scan_ncurses.sh) = 597f63af701253f053581aa1821cbac1
+# md5 test_ncurses.sh
+MD5 (test_ncurses.sh) = 12491ceb15415df7682e3797de53223e
+
+3) Run the scan_ncurses.sh script against your system:
+
+# chmod a+x ./test_ncurses.sh
+# sh scan_ncurses.sh ./test_ncurses.sh /
+
+This will scan your entire system for setuid or setgid binaries which
+make use of the ncurses library.  Each returned binary should be
+examined (e.g. with 'ls -l' and/or other tools) to determine what
+security risk it poses to your local environment, e.g. whether it can
+be run by arbitrary local users who may be able to exploit it to gain
+privileges.
+
+4) Remove the binaries, or reduce their file permissions, as appropriate.
+
+V.   Solution
+
+Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE after the
+correction date, or patch your present system source code and
+rebuild.  Then run the scan_ncurses.sh script as instructed in section
+IV and identify any statically-linked binaries as reported by the
+script.  These should either be removed, recompiled, or have privileges
+restricted to secure them against this vulnerability (since
+statically-linked binaries will not be affected by simply recompiling
+the shared libc library).
+
+To patch your present system: download the updated ncurses code from
+the below location, and execute the following commands as root:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:68/ncurses.tar.gz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+cd /usr/src
+tar xvfz /path/to/ncurses.tar.gz
+cd /usr/src/lib/libncurses
+make all
+make install
+
+In contrast to the usual practise, a simple patch fixing the security
+vulnerability is not provided because the vendor did not make one
+available, and the updated ncurses snapshot which fixed it contains
+numerous other changes whose purpose and relation to the fix was
+unclear.
+
+[ncurses port]
+
+If you have installed a vulnerable version of the ncurses port, one of
+the following steps may be used to upgrade it:
+
+1) Upgrade your entire ports collection and rebuild the ncurses port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/ncurses-5.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/ncurses-5.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/ncurses-5.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/ncurses-5.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/ncurses-5.2.tgz
+
+3) download a new port skeleton for the ncurses port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOhmaFlUuHi5z0oilAQG5MwP9FStZoFKPCqfciIbIcFrE0wLYuEOeI24S
+j9D4rSwU1ALzHB7DMpeXmju5pDRROmgUTIOGnBN9FcXZly4lDN3Y9yyIeW6Ia5UZ
+wWbkhxsn573kD3P00WHAB1F1ccbbK4+SPNLkdJDgyyqAC4SdgeJEg5+z+Wcx7d3E
+t/Xsv/X1ylA=
+=ZiMW
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:69.telnetd.asc b/share/security/advisories/FreeBSD-SA-00:69.telnetd.asc
new file mode 100644
index 0000000000..42fd43353b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:69.telnetd.asc
@@ -0,0 +1,231 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:69                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          telnetd allows remote system resource consumption [REVISED]
+
+Category:       core
+Module:         telnetd
+Announced:      2000-11-14
+Revised:	2000-11-20
+Credits:        Jouko Pynnonen <jouko@SOLUTIONS.FI>
+Affects:        FreeBSD 3.x (all releases), FreeBSD 4.x (all releases prior
+                to 4.2), FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior
+                to the correction date.
+Corrected:      2000-11-19 (FreeBSD 4.1.1-STABLE)
+                2000-11-19 (FreeBSD 3.5.1-STABLE)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2000-11-14  Initial release
+v1.1  2000-11-20  Corrected patch, pointed out by
+                  Christos Zoulas <christos@ZOULAS.COM>
+
+I.   Background
+
+telnetd is the server for the telnet remote login protocol.
+
+II.  Problem Description
+
+The telnet protocol allows for UNIX environment variables to be passed
+from the client to the user login session on the server.  However, some
+of these environment variables have special meaning to the telnetd
+child process itself and may be used to affect its operation.
+
+Of particular relevance is the ability for remote users to cause an
+arbitrary file on the system to be searched for termcap data by
+passing the TERMCAP environment variable.  Although any file on the
+local system can be read since the telnetd server runs as root, the
+contents of the file will not be reported in any way to the remote
+user unless it contains a valid termcap entry, in which case the
+corresponding termcap sequences will be used to format the output sent
+to the client.  It is believed there is no risk of data disclosure
+through this vulnerability.
+
+However, an attacker who forces the server to search through a large
+file or to read from a device can cause resources to be spent by the
+server, including CPU cycles and disk read bandwidth, which can
+increase the server load and may prevent it from servicing legitimate
+user requests.  Since the vulnerability occurs before the login(1)
+utility is spawned, it does not require authentication to a valid
+account on the server in order to exploit.
+
+All released versions of FreeBSD prior to the correction date
+including 4.0, 4.1, 4.1.1 and 3.5.1 are vulnerable to this problem,
+but it was fixed in the 4.1.1-STABLE branch prior to the release of
+FreeBSD 4.2-RELEASE.
+
+III. Impact
+
+Remote users without a valid login account on the server can cause
+resources such as CPU and disk read bandwidth to be consumed, causing
+increased server load and possibly denying service to legitimate
+users.
+
+IV.  Workaround
+
+1) Disable the telnet service, which is usually run out of inetd:
+comment out the following lines in /etc/inetd.conf, if present.
+
+telnet  stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd
+
+telnet  stream  tcp6    nowait  root    /usr/libexec/telnetd    telnetd
+
+2) Impose access restrictions using TCP wrappers (/etc/hosts.allow),
+or a network-level packet filter such as ipfw(8) or ipf(8) on the
+perimeter firewall or the local machine, to limit access to the telnet
+service to trusted machines.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or
+3.5.1-STABLE after the respective correction dates.  Note that the
+original patch was incorrect and caused telnetd to behave incorrectly
+in certain situations. 
+
+2) Apply the patch below and recompile the relevant files:
+
+Either save this advisory to a file, or download the patch and
+detached PGP signature from the following locations, and verify the
+signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:69/telnetd.patch.v1.1
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:69/telnetd.patch.v1.1.asc
+
+Execute the following commands as root:
+
+# cd /usr/src/libexec/telnetd
+# patch -p < /path/to/patch_or_advisory
+# make depend && make all install
+
+Updated patch for vulnerable systems:
+
+    Index: ext.h
+    ===================================================================
+    RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v
+    retrieving revision 1.7
+    retrieving revision 1.8
+    diff -u -r1.7 -r1.8
+    --- ext.h	1999/08/28 00:10:22	1.7
+    +++ ext.h	2000/11/19 10:01:27	1.8
+    @@ -87,7 +87,7 @@
+     #endif
+     
+     extern int	pty, net;
+    -extern char	*line;
+    +extern char	line[16];
+     extern int	SYNCHing;		/* we are in TELNET SYNCH mode */
+     
+     #ifndef	P
+    Index: sys_term.c
+    ===================================================================
+    RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v
+    retrieving revision 1.24
+    retrieving revision 1.26
+    diff -u -r1.24 -r1.26
+    --- sys_term.c	1999/08/28 00:10:24	1.24
+    +++ sys_term.c	2000/11/19 10:01:27	1.26
+    @@ -480,14 +480,10 @@
+      *
+      * Returns the file descriptor of the opened pty.
+      */
+    -#ifndef	__GNUC__
+    -char *line = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+    -#else
+    -static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+    -char *line = Xline;
+    -#endif
+     #ifdef	CRAY
+    -char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+    +char myline[16];
+    +#else
+    +char line[16];
+     #endif	/* CRAY */
+     
+     	int
+    @@ -1799,6 +1795,13 @@
+     		    strncmp(*cpp, "_RLD_", 5) &&
+     		    strncmp(*cpp, "LIBPATH=", 8) &&
+     #endif
+    +		    strncmp(*cpp, "LOCALDOMAIN=", 12) &&
+    +		    strncmp(*cpp, "RES_OPTIONS=", 12) &&
+    +		    strncmp(*cpp, "TERMINFO=", 9) &&
+    +		    strncmp(*cpp, "TERMINFO_DIRS=", 14) &&
+    +		    strncmp(*cpp, "TERMPATH=", 9) &&
+    +		    strncmp(*cpp, "TERMCAP=/", 9) &&
+    +		    strncmp(*cpp, "ENV=", 4) &&
+     		    strncmp(*cpp, "IFS=", 4))
+     			*cpp2++ = *cpp;
+     	}
+    Index: telnetd.c
+    ===================================================================
+    RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v
+    retrieving revision 1.22
+    retrieving revision 1.24
+    diff -u -r1.22 -r1.24
+    --- telnetd.c	2000/01/25 14:52:00	1.22
+    +++ telnetd.c	2000/11/19 10:01:27	1.24
+    @@ -805,13 +805,12 @@
+     #else
+     	for (;;) {
+     		char *lp;
+    -		extern char *line, *getpty();
+     
+     		if ((lp = getpty()) == NULL)
+     			fatal(net, "Out of ptys");
+     
+     		if ((pty = open(lp, 2)) >= 0) {
+    -			strcpy(line,lp);
+    +			strlcpy(line,lp,sizeof(line));
+     			line[5] = 't';
+     			break;
+     		}
+    @@ -1115,7 +1114,7 @@
+     		IM = Getstr("im", &cp);
+     		IF = Getstr("if", &cp);
+     		if (HN && *HN)
+    -			(void) strcpy(host_name, HN);
+    +			(void) strlcpy(host_name, HN, sizeof(host_name));
+     		if (IF && (if_fd = open(IF, O_RDONLY, 000)) != -1)
+     			IM = 0;
+     		if (IM == 0)
+    Index: utility.c
+    ===================================================================
+    RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v
+    retrieving revision 1.13
+    retrieving revision 1.14
+    diff -u -r1.13 -r1.14
+    --- utility.c	1999/08/28 00:10:25	1.13
+    +++ utility.c	2000/10/31 05:29:54	1.14
+    @@ -330,7 +330,7 @@
+     {
+     	char buf[BUFSIZ];
+     
+    -	(void) sprintf(buf, "telnetd: %s.\r\n", msg);
+    +	(void) snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
+     	(void) write(f, buf, (int)strlen(buf));
+     	sleep(1);	/*XXX*/
+     	exit(1);
+    @@ -343,7 +343,7 @@
+     {
+     	char buf[BUFSIZ], *strerror();
+     
+    -	(void) sprintf(buf, "%s: %s", msg, strerror(errno));
+    +	(void) snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno));
+     	fatal(f, buf);
+     }
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOhmZhlUuHi5z0oilAQECjQP/RJyFP/msuoNj1ebyeE4PjXHFV99FoVIY
+jeBCjheFN+9kVR2ZqGxzhF8Ds1jsHI2oURhjNwRkf+OGNzCfDKEseTa0/Aa59XG5
+68O9DKP2CEZnNra3N5uWCBX7ozGI1iCfJkBstSXBhdpyeumOjhfkEF1cwvJldyWl
+YMIWv/MwRWs=
+=wuWd
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:70.ppp-nat.asc b/share/security/advisories/FreeBSD-SA-00:70.ppp-nat.asc
new file mode 100644
index 0000000000..f3e081b7e6
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:70.ppp-nat.asc
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:70                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          ppp "deny_incoming" does not correctly deny incoming packets
+
+Category:       core
+Module:         ppp
+Announced:      2000-11-14
+Credits:        Robin Melville <robmel@innotts.co.uk>
+Affects:        FreeBSD 3.5, 3.5.1, 4.1, 4.1.1
+                FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the
+                correction date.
+Corrected:      2000-10-30 (FreeBSD 4.1.1-STABLE)
+                2000-10-30 (FreeBSD 3.5.1-STABLE)
+FreeBSD only:   Yes
+
+I.   Background
+
+The ppp(8) utility includes network address translation functionality
+for translating between public and private IP address ranges.  It uses
+the libalias library to perform translation services.
+
+II.  Problem Description
+
+The "nat deny_incoming" command is documented as "refusing all
+incoming connections" and is commonly used as a simple "firewall" to
+prevent outside users from connecting to services on the internal
+network.  However the behaviour of the ppp code was changed in the 4.x
+and 3.x branches prior to the release of FreeBSD 4.1 and 3.5 (on
+2000-06-05 and 2000-06-03 respectively) to allow passing of packets
+which are not understood, such as IPSEC packets and other IP protocol
+traffic not explicitly recognised by the code as being an "incoming
+connection attempt".  While this was arguably incorrect behaviour in
+itself, the code also incorrectly allowed through ALL incoming
+traffic, effectively turning "deny_incoming" into a no-op.
+
+Thus, users who are using the deny_incoming functionality in the
+expectation that it provides a "deny by default" firewall which only
+allows through packets known to be part of an existing NAT session,
+are in fact allowing other types of unsolicited IP traffic into their
+internal network.
+
+The behaviour of ppp was corrected to only allow incoming packets
+which are known to be part of a valid NAT session, which gives the
+desired packet filtering behaviour in the general case.  Outgoing IP
+traffic which is not understood by libalias (such as an outgoing IPSEC
+packet part of a VPN) will cause a NAT session to be established which
+will allow incoming packets with the corresponding source and
+destination IP addresses and protocol number to pass, but all others
+to be denied.
+
+This behaviour may be sufficient for the security needs of many users,
+although users with advanced filtering or security policy requirements
+are advised to use a more configurable packet filter such as those
+provided by ipfw(8) or ipf(8) which can meet their needs.
+
+The following released versions of FreeBSD are the only releases
+vulnerable to this problem: 3.5, 3.5.1, 4.1, 4.1.1.  It was fixed in
+the 4.1.1-STABLE branch prior to the release of FreeBSD 4.2-RELEASE.
+
+III. Impact
+
+Remote users can cause incoming traffic which is not part of an
+existing NAT session to pass the NAT gateway, which may constitute a
+breach of security policy.
+
+IV.  Workaround
+
+Use a true packet filter such as ipfw(8) or ipf(8) on the PPP gateway
+to deny incoming traffic according to the desired security policy.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE or
+3.5.1-STABLE after the respective correction dates.
+
+2) Apply the patch below and recompile the relevant files:
+
+Either save this advisory to a file, or download the patch and
+detached PGP signature from the following locations, and verify the
+signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:70/ppp.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-00:70/ppp.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src/usr.sbin/ppp
+# patch -p < /path/to/patch_or_advisory
+# make depend && make all install
+
+Patch for vulnerable systems:
+
+Index: nat_cmd.c
+===================================================================
+RCS file: /mnt/ncvs/src/usr.sbin/ppp/nat_cmd.c,v
+retrieving revision 1.49
+retrieving revision 1.50
+diff -u -r1.49 -r1.50
+- --- nat_cmd.c	2000/07/11 22:11:31	1.49
++++ nat_cmd.c	2000/10/30 18:02:01	1.50
+@@ -421,7 +421,11 @@
+       break;
+ 
+     case PKT_ALIAS_IGNORED:
+- -      if (log_IsKept(LogTCPIP)) {
++      if (PacketAliasSetMode(0, 0) & PKT_ALIAS_DENY_INCOMING) {
++        log_Printf(LogTCPIP, "NAT engine denied data:\n");
++        m_freem(bp);
++        bp = NULL;
++      } else if (log_IsKept(LogTCPIP)) {
+         log_Printf(LogTCPIP, "NAT engine ignored data:\n");
+         PacketCheck(bundle, MBUF_CTOP(bp), bp->m_len, NULL, NULL, NULL);
+       }
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOhG88FUuHi5z0oilAQFcaAP8D9gkr5GbGfj0visocGTMzKmhbXCwtgVX
+B5qwVdDKYSx3sAicK32gsnKdxJYno5D7Vd8ic0/N28DfuR+rw7tyGKPkgZZQiptL
+CTODBugeHFV/XZ3CyES+orkRN78Wgc6kBZtvyudaXtYHbzRo2K48acOGnQN/X4tR
+Tt613Vl57rY=
+=SCKm
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:71.mgetty.asc b/share/security/advisories/FreeBSD-SA-00:71.mgetty.asc
new file mode 100644
index 0000000000..2b3dee43ea
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:71.mgetty.asc
@@ -0,0 +1,100 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:71                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          mgetty can create or overwrite files
+
+Category:       ports
+Module:         mgetty
+Announced:      2000-11-20
+Credits:        Stan Bubrouski <satan@FASTDIAL.NET>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-9-10
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+mgetty is a replacement for the getty utility designed for use with
+data and fax modems.
+
+II.  Problem Description
+
+The mgetty port, versions prior to 1.1.22.8.17, contains a
+vulnerability that may allow local users to create or overwrite any
+file on the system.  This is due to the faxrunqd daemon (which usually
+runs as root) following symbolic links when creating a .last_run file
+in the world-writable /var/spool/fax/outgoing/ directory.
+
+This presents a denial of service attack since the attacker can cause
+critical system files to be overwritten, but it is not believed the
+attacker has the ability to control the contents of the overwritten
+file.  Therefore the possibility of using this attack to elevate
+privileges is believed to be minimal.
+
+The mgetty port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4100 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.1.1
+contain this problem since it was discovered after the releases, but
+it was corrected prior to the release of FreeBSD 4.2.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users may create or overwrite any file on the
+system.
+
+If you have not chosen to install the mgetty port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the mgetty port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the mgetty port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/comms/mgetty-1.1.22.8.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/comms/mgetty-1.1.22.8.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/comms/mgetty-1.1.22.8.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/comms/mgetty-1.1.22.8.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/comms/mgetty-1.1.22.8.17.tgz
+
+3) download a new port skeleton for the mgetty port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOhmWG1UuHi5z0oilAQE5jAP+Lj1qI76n/cHjmfR05NTckZ4EI1Fkt708
+zZfEL9B4y8FCgluw9nLNhVKHYjkQFg/b0SEgBetElPu+k6ivcu9EqI2Gk4RIyT82
+HJFqOOnvX2yodMgZo1NozEot3aw3DIQg8TFs0Z/w0E4e+02iCytPmZYfrE5vbWif
+q1qAcFpgJWE=
+=l2yv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:72.curl.asc b/share/security/advisories/FreeBSD-SA-00:72.curl.asc
new file mode 100644
index 0000000000..e3ef1a2fbd
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:72.curl.asc
@@ -0,0 +1,91 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:72                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          curl client-side vulnerability
+
+Category:       ports
+Module:         curl
+Announced:      2000-11-20
+Credits:        Wichert Akkerman <wichert@cistron.nl>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-10-30
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+curl is a multi-protocol file retrieval tool.
+
+II.  Problem Description
+
+The curl port, versions prior to 7.4.1, allows a client-side exploit
+through a buffer overflow in the error handling code.  A malicious ftp
+server operator can cause arbitrary code to be executed by the user
+running the curl client.
+
+The curl port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 4100 third-party applications in a ready-to-install format.
+The ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain
+this problem since it was discovered after the releases, but it was
+corrected prior to the release of FreeBSD 4.2.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious FTP server operators can execute arbitrary code on the local
+system when a file is downloaded from this server.
+
+If you have not chosen to install the curl port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the curl port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the curl port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/ftp/curl-7.4.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/curl-7.4.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/ftp/curl-7.4.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/curl-7.4.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/ftp/curl-7.4.1.tgz
+
+3) download a new port skeleton for the curl port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOhmXtlUuHi5z0oilAQGoWwP8D4Do6NX9PMIrCaky4BU4rj37l5PO7kHn
+h94zc2ISFpX5IBceUDCbVNjJJPkA8hXHhWXHZulpruu6yza/V9Oo3Uz86HrzY4Tw
+7Rj3iwQ/5/wJW3Ya/BcnBozk1/NlnAxGzKluTOlHe8UCFPV8JtCrE5RPRHMQ3BP8
+IN3EDVdvLzw=
+=EQge
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:73.thttpd.asc b/share/security/advisories/FreeBSD-SA-00:73.thttpd.asc
new file mode 100644
index 0000000000..eee7a61363
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:73.thttpd.asc
@@ -0,0 +1,95 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:73                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          thttpd allows remote reading of local files
+
+Category:       ports
+Module:         thttpd
+Announced:      2000-11-20
+Credits:        ghandi@MINDLESS.COM
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-10-30
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+thttpd is a simple, small, fast HTTP server.
+
+II.  Problem Description
+
+The thttpd port, versions prior to 2.20, allows remote viewing of
+arbitrary files on the local server.  The 'ssi' cgi script does not
+correctly restrict URL-encoded requests containing ".." in the path.
+In addition, the cgi script does not have the same restrictions as the
+web server for preventing requests outside of the web root.  These two
+flaws allow remote users to access any file on the system accessible
+to the web server user (user 'nobody' in the default configuration).
+
+The thttpd port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4100 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.1.1
+contain this problem since it was discovered after the releases, but
+it was corrected prior to the release of FreeBSD 4.2.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users may access any file on the system accessible to the web
+server user (user 'nobody' in the default installation).
+
+If you have not chosen to install the thttpd port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the thttpd port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the thttpd port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/thttpd-2.20b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/thttpd-2.20b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/thttpd-2.20b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/thttpd-2.20b.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/thttpd-2.20b.tgz
+
+3) download a new port skeleton for the thttpd port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOhmWNFUuHi5z0oilAQF1sQP9Fc/jBFjSNhzGIGc+bglEOiepdajSk3Ep
+wtoLUQJug56qcbUtxgg6FxbDv7xW/uYZ1YKWYQsjAr0tyYv+zTSVgvxAhREY1En2
+TIqrRTjTPir5yAodzsVvueTdjVhgQhWKHlrNMUKK3hfWoeLXiLhtFTDn8jam/2pO
+tw8I3tWT16I=
+=+HRv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:74.gaim.asc b/share/security/advisories/FreeBSD-SA-00:74.gaim.asc
new file mode 100644
index 0000000000..ac85747eea
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:74.gaim.asc
@@ -0,0 +1,94 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:74                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          gaim remote vulnerability
+
+Category:       ports
+Module:         gaim
+Announced:      2000-11-20
+Credits:        Stan Bubrouski <stan@CCS.NEU.EDU>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-11-16
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+gaim is a popular AOL Instant Messenger client.
+
+II.  Problem Description
+
+The gaim port, versions prior to 0.10.3_1, allows a client-side
+exploit through a buffer overflow in the HTML parsing code.  This
+vulnerability may allow remote users to execute arbitrary code as the
+user running gaim.
+
+The gaim port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 4100 third-party applications in a ready-to-install format.  The
+ports collections shipped with FreeBSD 3.5.1 and 4.1.1 contain this
+problem since it was discovered after the releases, but it was
+corrected prior to the release of FreeBSD 4.2.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote users may execute arbitrary code as the user running
+gaim.
+
+If you have not chosen to install the gaim port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the gaim port/package, if you you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the gaim port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/gaim-0.10.3_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/gaim-0.10.3_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/gaim-0.10.3_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/gaim-0.10.3_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/gaim-0.10.3_1.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the gaim port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOhmWVVUuHi5z0oilAQGDvwP+LYld3QmBByW+w9LkQ6wKLtaqFqWO+dEL
+1JQm44OEVgWX01btMuyVvso9iqn3bCVHE8CatXPp4mnwEgR29lu2taU7ilKWOxwX
+Odh9Q+XrWGaCRP/LkiPYUVpsc1gwoBpqEdrGjbv2LhIg04uyd/W1rwEfSPtOZUNW
+3ISE4DYF7RQ=
+=Yt3k
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:75.php.asc b/share/security/advisories/FreeBSD-SA-00:75.php.asc
new file mode 100644
index 0000000000..959766ff66
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:75.php.asc
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:75                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          mod_php3/mod_php4 allows remote code execution
+
+Category:       ports
+Module:         mod_php3/mod_php4
+Announced:      2000-11-20
+Credits:        Jouko Pynnönen <jouko@SOLUTIONS.FI>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-10-12 (mod_php4), 2000-10-18 (mod_php3)
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+php is a commonly used HTML-embedded scripting language.
+
+II.  Problem Description
+
+The mod_php ports, versions prior to 3.0.17 (mod_php3) and 4.0.3
+(mod_php4), contain a potential vulnerablilty that may allow a
+malicious remote user to execute arbitrary code as the user running
+the web server, typically user 'nobody'.  The vulnerability is due to
+a format string vulnerability in the error logging routines.
+
+A web server is vulnerable if error logging is enabled in php.ini.
+Additionally, individual php scripts may cause the web server to be
+vulnerable if the script uses the syslog() php function regardless of
+error logging in php.ini.
+
+The mod_php ports are not installed by default, nor are they "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4100 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.1.1
+contain this problem since it was discovered after the releases, but
+it was corrected prior to the release of FreeBSD 4.2.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote users can execute arbitrary code on the local system
+as the user running the webserver (typically user 'nobody').  This
+vulnerability requires error logging to be enabled in php.ini or by
+using the syslog() php function in a script.
+
+If you have not chosen to install the mod_php3 or mod_php4
+port/package, then your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the mod_php3/mod_php4 port/package, if you you have
+installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the
+mod_php3/mod_php4 port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[php3]
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-3.0.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-3.0.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-3.0.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-3.0.17.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-3.0.17.tgz
+
+[php4]
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/mod_php-4.0.3pl1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_php-4.0.3pl1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/mod_php-4.0.3pl1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_php-4.0.3pl1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/mod_php-4.0.3pl1.tgz
+
+3) download a new port skeleton for the mod_php3/mod_php4 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOhmWdlUuHi5z0oilAQHlCQP/W+MsHrhJbBEg8JRhw5ZoGh8DI/KHD6gT
+PYgaIhr72vmHYN7xtkuHDxV1C5O15YC+z7CzZseYvpdfBDVDm3qKwBQdN5EuumQg
+09LHPZEwayLYlgdRmoRQiP8OGsrYER29sYFQZlKvf8ZJw4tZkwJKPmpGBO5bxvSk
++N5lbHKNdHw=
+=gy7y
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:76.tcsh-csh.asc b/share/security/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
new file mode 100644
index 0000000000..822c78d4cf
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:76.tcsh-csh.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:76                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          tcsh/csh creates insecure temporary file
+
+Category:       core, ports
+Module:         tcsh, 44bsd-csh
+Announced:      2000-11-20
+Affects:        FreeBSD 4.x, 3.x prior to the correction date.
+Corrected:      2000-11-04 (FreeBSD 4.1.1-STABLE)
+                2000-11-05 (FreeBSD 3.5.1-STABLE)
+		2000-11-09 (44bsd-csh port)
+		2000-11-19 (tcsh port)
+Credits:	proton <proton@ENERGYMECH.NET>
+FreeBSD only:   NO
+
+I.   Background
+
+tcsh is an updated version of the traditional BSD C Shell
+(csh).  Versions of csh and tcsh are included in the FreeBSD ports
+collection (tcsh, 44bsd-csh) and the FreeBSD base system (csh, tcsh).
+
+II.  Problem Description
+
+The csh and tcsh code creates temporary files when the '<<' operator
+is used, however these are created insecurely and use a predictable
+filename based on the process ID of the shell.  An attacker can
+exploit this vulnerability to overwrite an arbitrary file writable by
+the user running the shell.  The contents of the file are overwritten
+with the text being entered using the '<<' operator, so it will
+usually not be under the control of the attacker.
+
+Therefore the likely impact of this vulnerability is a denial of
+service since the attacker can cause critical files writable by the
+user to be overwritten.  It is unlikely, although possible depending
+on the circumstances in which the '<<' operator is used, that the
+attacker could exploit the vulnerability to gain privileges (this
+typically requires that they have control over the contents the target
+file is overwritten with).
+
+All versions of FreeBSD prior to the correction date are vulnerable to
+this problem: the /bin/csh shell included in the base system (which is
+the same as /bin/tcsh in recent versions) as well as the tcsh
+(versions prior to 6.09.03_1) and 44bsd-csh ports (versions prior to
+44bsd-csh-20001106) in the ports collection.  The problems with the
+base system shells and the 44bsd-csh port were resolved prior to the
+release of FreeBSD 4.2.  The tcsh port was not fixed prior to the
+release, but the port is disabled in FreeBSD 4.2 since the same
+software exists in the base system.
+
+III. Impact
+
+Unprivileged local users can cause an arbitrary file writable by a
+victim to be overwritten when the victim invokes the '<<' operator in
+csh or tcsh (e.g. from within a shell script).
+
+If you have not installed the tcsh or 44bsd-csh ports on your
+4.1.1-STABLE system dated after the correction date, your system is
+not vulnerable to this problem.
+
+IV.  Workaround
+
+None practical.
+
+V.   Solution
+
+Upgrade your vulnerable FreeBSD system to 4.1.1-STABLE after the
+correction date, or patch your present system source code and
+rebuild.
+
+To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+[FreeBSD 4.x base system]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/tcsh.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/tcsh.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+cd /usr/src/contrib/tcsh
+patch -p < /path/to/patch
+cd /usr/src/bin/csh
+make depend && make all install
+
+[FreeBSD 3.x base system]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/csh.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:76/csh.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+cd /usr/src/bin/csh
+patch -p < /path/to/patch
+make depend && make all install
+
+[Ports collection]
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the tcsh/44bsd-csh
+port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[tcsh]
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/tcsh-6.09.03_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/tcsh-6.09.03_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/tcsh-6.09.03_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/tcsh-6.09.03_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/tcsh-6.09.03_1.tgz
+
+[44bsd-csh]
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/44bsd-csh-20001106.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/44bsd-csh-20001106.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/44bsd-csh-20001106.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/44bsd-csh-20001106.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/44bsd-csh-20001106.tgz
+
+3) download a new port skeleton for the tcsh/44bsd-csh port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above.  The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOhmfAlUuHi5z0oilAQGTBQP/fKPInKBn9a5NZSc5fWPYKdQda2gL1Mji
+bMaOpF6DiYb9NqKSQdBayq+cf3SI0tqnx0MWDads+Vx6E7zZJ1Eai8zXB0vx37sO
+vYULKsaK0Gp2wvPfEn0lDUN1l6tn7OQJIXg63i9qF2r/88G2stNbuxG6w++uponc
+PsehE1pTGQY=
+=ZAeV
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:77.procfs.asc b/share/security/advisories/FreeBSD-SA-00:77.procfs.asc
new file mode 100644
index 0000000000..7ad46bbc55
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:77.procfs.asc
@@ -0,0 +1,194 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:77                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Several vulnerabilities in procfs [REVISED]
+
+Category:       core
+Module:         procfs
+Announced:      2000-12-18
+Reissued:       2000-12-29
+Affects:        FreeBSD 4.x and 3.x prior to the correction date.
+Corrected:      2000-12-16 (FreeBSD 4.2-STABLE)
+                2000-12-18 (FreeBSD 3.5.1-STABLE)
+Credits:        Frank van Vliet <karin@root66.org>
+                Joost Pol <nohican@niets.org> (Problem #1, #2)
+                Esa Etelavuori <eetelavu@cc.hut.fi> (Problem #3)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2000-12-18  Initial release.
+v1.1  2000-12-29  Note FreeBSD 3.x also vulnerable to problem #1 (local
+                  root vulnerability), update 3.x patch, correct typo in
+                  mount command.
+
+I.   Background
+
+procfs is the process filesystem, which presents a filesystem
+interface to the system process table, together with associated data.
+
+II.  Problem Description
+
+There were several problems discovered in the procfs code:
+
+1) Unprivileged local users can gain superuser privileges due to
+insufficient access control checks on the /proc/<pid>/mem and
+/proc/<pid>/ctl files, which gives access to a process address space
+and perform various control operations on the process respectively.
+
+The attack proceeds as follows: the attacker can fork() a child
+process and map the address space of the child in the parent.  The
+child process then exec()s a utility which runs with root or other
+increased privileges.  The parent process incorrectly retains read and
+write access to the address space of the child process which is now
+running with increased privileges, and can modify it to execute
+arbitrary code with those privileges.
+
+2) Unprivileged local users can execute a denial of service against
+the local machine by mmap()ing a processes own /proc/<pid>/mem file in
+the procfs filesystem.  This will cause the system to enter into an
+infinite loop in the kernel, effectively causing the system to hang
+until manually rebooted by an administrator on the system console.
+
+3) Users with superuser privileges on the machine, including users
+with root privilege in a jail(8) virtual machine, can overflow a
+buffer in the kernel and bypass access control checks placed on the
+abilities of the superuser.  These include the ability to "break out"
+of the jail environment (jail is often used as a compartmentalization
+tool for security purposes), to lower the system securelevel without
+requiring a reboot, and to introduce new (possibly malicious) code
+into the kernel on systems where loading of KLDs (kernel loadable
+modules) has been disabled.
+
+III. Impact
+
+1) On vulnerable FreeBSD systems where procfs is mounted, unprivileged
+local users can obtain root privileges.
+
+2) On vulnerable FreeBSD systems where procfs is mounted, unprivileged
+local users can cause the system to hang.
+
+3) On vulnerable FreeBSD systems, superusers who can load the procfs
+filesystem, or on systems where it is already mounted, can bypass
+access control checks in the kernel which would otherwise limit their
+abilities.  Consequences include the ability to break out of a jail
+environment, to lower securelevel or to introduce malicious code into
+the kernel on systems where loading of KLDs has been disabled.  For
+many systems this vulnerability is likely to have minor impact.
+
+IV.  Workaround
+
+To work around problems 1 and 2, perform the following steps as root:
+
+Unmount all instances of the procfs filesystem using the umount(8)
+command:
+
+# umount -f -a -t procfs
+
+Disable the automatic mounting of all instances of procfs in
+/etc/fstab: remove or comment out the line(s) of the following form:
+
+proc                    /proc           procfs  rw              0       0
+
+The linprocfs filesystem, which provides additional interfaces to
+Linux binaries to emulate the Linux procfs filesystem, is believed not
+to be vulnerable to the problems described in this advisory and
+therefore does not need to be unmounted. Note however that some Linux
+binaries may require the presence of both procfs and linprocfs in
+order to function correctly.
+
+To work around problem 3 is more difficult since it involves the
+superuser, but the following steps are believed to be sufficient:
+
+* Unmount all procfs filesystems which are visible from within jail
+  environments, to prevent a jail root compromise from compromising
+  the entire system.  Since jailed users do not have the ability to
+  mount filesystems, a successful jail root compromise in a jail
+  without procfs visible cannot exploit this vulnerability.
+
+* Remove the "options PROCFS" line from your kernel configuration file,
+  if present, and compile a new kernel as described in
+  http://www.freebsd.org/handbook/kernelconfig.html
+
+  If the running kernel was compiled with "options PROCFS", then any user
+  who has root privileges can mount procfs and exploit vulnerability 3,
+  regardless of system securelevel.
+
+  If the kernel does not include this option, then an attempt to mount
+  procfs will trigger a load of the procfs.ko KLD module, which is
+  denied at securelevel greater than zero.  Since this vulnerability
+  only has meaning (in the case of unjailed root users) on systems which
+  are kept in a securelevel greater than zero, this will always be
+  true, and such systems are not vulnerable to the problem.
+
+Note that unmounting procfs may have a negative impact on the
+operation of the system: under older versions of FreeBSD it is
+required for some aspects of the ps(1) command, and it may also break
+use of userland inter-process debuggers such as gdb.  Other installed
+binaries including emulated Linux binaries may require access to
+procfs for correct operation.
+
+V.   Solution
+
+Upgrade your vulnerable FreeBSD system to 3.5.1-STABLE or 4.2-STABLE
+dated after the correction date, or patch your present system source
+code and rebuild.
+
+To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+[FreeBSD 3.5.1-RELEASE]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.3.5.1.patch.v1.1
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.3.5.1.patch.v1.1.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+[FreeBSD 4.1-RELEASE and FreeBSD 4.1.1-RELEASE]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.1.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.1.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+[FreeBSD 4.2-RELEASE]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.2.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-00:77/procfs.4.2.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/sys
+# patch -p < /path/to/patch
+
+If procfs is statically compiled into the kernel (e.g. the kernel
+configuration file contains the line 'options PROCFS'), then rebuild
+and reinstall your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system with the new kernel for the changes to take effect.
+
+If procfs is dynamically loaded by KLD (use the kldstat command to
+verify whether this is the case) and the system securelevel has not
+been raised, then the system can be patched at run-time without
+requiring a reboot, by performing the following steps after patching
+the source as described above:
+
+# cd /usr/src/sys/modules/procfs
+# make all install
+# umount -f -a -t procfs
+# kldunload procfs
+# kldload procfs
+# mount -a -t procfs
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOkyr7FUuHi5z0oilAQFBOgP+NimZ8FVU04GDn3XuzWnRQLsr0fpdQfua
+cBAq9ND0ksYYerl2CoK4Obk81aWPdq9h+mZqhaxd2c2w3e98WFsRr6Xa9gXKcu4p
+5GI08hqu5EKsCjzDFJzHBkHrFlze1dGvEF2696hpwhGXWGT0wLEixOuqEX95KXiO
+rDcAYveLhlw=
+=4NIQ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:78.bitchx.asc b/share/security/advisories/FreeBSD-SA-00:78.bitchx.asc
new file mode 100644
index 0000000000..f69eed0ead
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:78.bitchx.asc
@@ -0,0 +1,115 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:78                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          bitchx/ko-bitchx allows remote code execution [REVISED]
+
+Category:       ports
+Module:         bitchx/ko-bitchx
+Announced:      2000-12-20
+Reissued:       2000-12-29
+Credits:        nimrood <nimrood@ONEBOX.COM>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-12-12
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2000-12-20  Initial release
+v1.1  2000-12-29  Noted the vulnerability of ko-bitchx also
+
+I.   Background
+
+bitchx is a popular IRC client. It is available in a Korean-localized
+version as the ko-bitchx package.
+
+II.  Problem Description
+
+The bitchx port, versions prior to 1.0c17_1, and ko-bitchx port,
+versions prior to 1.0c16_3, contains a remote vulnerability.  Through
+a stack overflow in the DNS parsing code, a malicious remote user in
+control of their reverse DNS records may crash a bitchx session, or
+cause arbitrary code to be executed by the user running bitchx.
+
+The bitchx/ko-bitchx ports are not installed by default, nor are they
+"part of FreeBSD" as such: they are part of the FreeBSD ports
+collection, which contains over 4300 third-party applications in a
+ready-to-install format.  The ports collections shipped with FreeBSD
+3.5.1 and 4.2 contain this problem since it was discovered after the
+releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote users may execute arbitrary code as the user running
+bitchx.
+ 
+If you have not chosen to install the bitchx or ko-bitchx
+port/packages, then your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the bitchx and/or ko-bitchx port/packages, if you have
+installed them.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the bitchx or
+ko-bitchx ports.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[bitchx]
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/irc/BitchX-1.0c17_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/irc/BitchX-1.0c17_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/irc/BitchX-1.0c17_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/irc/BitchX-1.0c17_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/irc/BitchX-1.0c17_1.tgz
+
+[ko-bitchx]
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/korean/ko-BitchX-1.0c16_3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/korean/ko-BitchX-1.0c16_3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/korean/ko-BitchX-1.0c16_3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/korean/ko-BitchX-1.0c16_3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/korean/ko-BitchX-1.0c16_3.tgz
+
+NOTE: It may be several days before updated ko-bitchx packages are
+available.
+
+3) download a new port skeleton for the bitchx/ko-bitchx port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOkyVpVUuHi5z0oilAQHtTwP9E5ykEMUfnT8ihxBTfolYtjIzTcwK9G4w
+wiU2ldGTkEJWze1gc02cBq9i0zhG27cpHRgrDGE3xpVg2W5rra9r9JpGG75VRktE
+f0AfiBnvJd7Oy+svDpHngqNx6/mTxrumh9qsEOSeP81ko9oWOHuf/Ek1VQDp9mFj
+ONhD/SENhHI=
+=Cpy1
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:79.oops.asc b/share/security/advisories/FreeBSD-SA-00:79.oops.asc
new file mode 100644
index 0000000000..998a3bc2a5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:79.oops.asc
@@ -0,0 +1,93 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:79                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          oops allows remote code execution
+
+Category:       ports
+Module:         oops
+Announced:      2000-12-20
+Credits:        |CyRaX| <cyrax@pkcrew.org>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-12-14
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+oops is a caching WWW proxy server.
+
+II.  Problem Description
+
+The oops port, versions prior to 1.5.2, contains remote
+vulnerabilities through buffer and stack overflows in the HTML parsing
+code.  These vulnerabilities may allow remote users to execute
+arbitrary code as the user running oops.
+
+The oops port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains over
+4200 third-party applications in a ready-to-install format.  The ports
+collections shipped with FreeBSD 3.5.1 and 4.2 contain this problem
+since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote users may execute arbitrary code as the user running
+oops.
+
+If you have not chosen to install the oops port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the oops port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the oops port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/oops-1.5.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/oops-1.5.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/oops-1.5.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/oops-1.5.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/oops-1.5.2.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+3) download a new port skeleton for the oops port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOkDD+VUuHi5z0oilAQF/GQQAphFsq7DIG9Gez7F6ry71W/c9vwC0RMgz
+4IWDeYtkLQhB86n2nkQFMeRQi6EAAOKrOeVJtGhjgtOib6nR6sPCJxbY+s7G/RCw
+/hz1q6xG4MOw+obhFUsKO8UyWfONYGnKNB5JLqi/dbzXPXwSuuf6wKPClZbXRNEv
+aR8tF+briCU=
+=ZwXz
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc b/share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc
new file mode 100644
index 0000000000..29b10472e1
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:80.halflifeserver.asc
@@ -0,0 +1,84 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:80                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          halflifeserver allows remote code execution
+
+Category:       ports
+Module:         halflifeserver
+Announced:      2000-12-20
+Credits:        Mark Cooper
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-11-29
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+halflifeserver is a dedicated server for hosting Half-Life games.
+
+II.  Problem Description
+
+The halflifeserver port, versions prior to 3.1.0.4, contains local and
+remote vulnerabilities through buffer overflows and format string
+vulnerabilities.  These vulnerabilities may allow remote users to
+execute arbitrary code as the user running halflifeserver.
+
+The halflifeserver port is not installed by default, nor is it "part
+of FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4200 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote users may execute arbitrary code as the user running
+the halflifeserver software.
+
+If you have not chosen to install the halflifeserver port/package,
+then your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the halflifeserver port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the halflifeserver
+port.
+
+2) download a new port skeleton for the halflifeserver port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port. Due to license restrictions no binary
+package is provided for the halflifeserver port.
+
+3) Use the portcheckout utility to automate option (2) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOkDIQVUuHi5z0oilAQGcqQQApE+76gPjqdkQf9TvbGBThPxcSocU8F+N
+GHiBPzkrgVHqCLYee0sywsQ4KRg2awuq+sP6EcqLTfaIGLZqPgS4xNZ6gqOrrgLP
+wxvGdtlqgad5lXLEvs1uYwBmj+lTNteYWy6KC04za2rLHYdkZce21kyj+6preXZs
+trAQ2uVDvsM=
+=s4GT
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-00:81.ethereal.asc b/share/security/advisories/FreeBSD-SA-00:81.ethereal.asc
new file mode 100644
index 0000000000..515b6f14ff
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-00:81.ethereal.asc
@@ -0,0 +1,92 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-00:81                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          ethereal allows remote code execution
+
+Category:       ports
+Module:         ethereal
+Announced:      2000-12-20
+Credits:        mat@hacksware.com
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-11-21
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+ethereal is a tool for monitoring network activity.
+
+II.  Problem Description
+
+The ethereal port, versions prior to 0.8.14, contains buffer overflows
+which allow a remote attacker to crash ethereal or execute arbitrary
+code on the local system as the user running ethereal, typically the
+root user. These vulnerabilities are identical to those described in
+advisory 00:61 relating to tcpdump.
+
+The ethereal port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4200 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 are
+vulnerable to this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users can cause the local ethereal process to crash, or
+to execute arbitrary code as the user running ethereal (usually root).
+
+IV.  Workaround
+
+Do not use vulnerable versions of ethereal in network environments
+which may contain packets from untrusted sources.
+
+Deinstall the ethereal port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the ethereal port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/ethereal-0.8.14.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/ethereal-0.8.14.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/ethereal-0.8.14.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/ethereal-0.8.14.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/ethereal-0.8.14.tgz
+
+3) download a new port skeleton for the ethereal port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOkDOpVUuHi5z0oilAQFETAP/dV59JADazj/mrRLSW8a6JQluGrU4ZnYY
+60KmcRkiuCte+WehA3ZE0h2WRz+RbWuszeyIZ21j6Kz4a0mbb0WURcHtj5CtlQZj
+BMgezi15rnSfIzfFX4lEZX6bzR9xaPuJSfrRNaMhWY+ioWLQ+fFL8OcllTfa+LYx
+HUzOVq9kWQk=
+=s7BI
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:01.openssh.asc b/share/security/advisories/FreeBSD-SA-01:01.openssh.asc
new file mode 100644
index 0000000000..31acca7db3
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:01.openssh.asc
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:01                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Hostile server OpenSSH agent/X11 forwarding
+
+Category:       core/ports
+Module:         openssh
+Announced:      2001-01-15
+Credits:        Markus Friedl <markus@OpenBSD.org>
+Affects:        FreeBSD 4.1.1-STABLE prior to the correction date
+                Ports collection prior to the correction date
+Corrected:      2000-11-14
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+OpenSSH is an implementation of the SSH1 and SSH2 secure shell
+protocols for providing encrypted and authenticated network access,
+which is available free for unrestricted use. Versions of OpenSSH are
+included in the FreeBSD ports collection and the FreeBSD base system.
+
+II.  Problem Description
+
+To quote the OpenSSH Advisory:
+
+    If agent or X11 forwarding is disabled in the ssh client
+    configuration, the client does not request these features
+    during session setup.  This is the correct behaviour.
+
+    However, when the ssh client receives an actual request   
+    asking for access to the ssh-agent, the client fails to
+    check whether this feature has been negotiated during session
+    setup.  The client does not check whether the request is in
+    compliance with the client configuration and grants access
+    to the ssh-agent.  A similar problem exists in the X11
+    forwarding implementation.
+
+All versions of FreeBSD 4.x prior to the correction date including
+FreeBSD 4.1 and 4.1.1 are vulnerable to this problem, but it was
+corrected prior to the release of FreeBSD 4.2.  For users of FreeBSD
+3.x, OpenSSH is not installed by default, but is part of the FreeBSD
+ports collection.
+
+The base system and ports collections shipped with FreeBSD 4.2 do not
+contain this problem since it was discovered before the release.
+
+III. Impact
+
+Hostile SSH servers can access your X11 display or your ssh-agent when
+connected to, which may allow access to confidential data or other
+network accounts, through snooping of password or keying material
+through the X11 session, or reuse of the SSH credentials obtained
+through the SSH agent.
+
+IV.  Workaround
+
+Clear both the $DISPLAY and $SSH_AUTH_SOCK variables before connecting
+to untrusted hosts. For example, in Bourne shell syntax:
+
+% unset SSH_AUTH_SOCK; unset DISPLAY; ssh host
+
+V.   Solution
+
+Upgrade the vulnerable system to 4.1.1-STABLE or 4.2-STABLE after the
+correction date, or patch your current system source code and rebuild.
+
+To patch your present system: download the patch from the below
+location and execute the following commands as root:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:01/openssh.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:01/openssh.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/crypto/openssh
+# patch < /path/to/openssh.patch
+# cd /usr/src/secure/lib/libssh
+# make depend && make all
+# cd /usr/src/secure/usr.bin/ssh
+# make depend && make all install
+
+[Ports collection]
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the OpenSSH port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/openssh-2.2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-2.2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/security/openssh-2.2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-2.2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/security/openssh-2.2.0.tgz
+
+NOTE: Due to an oversight the package version was not updated after
+the security fix was applied, so be sure to install a package created
+after the correction date.
+ 
+3) download a new port skeleton for the OpenSSH port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOmN6RFUuHi5z0oilAQGAUAQAllC+FmvfYpmP6gQqO+xB6UIZsK0GQsAM
+WRCOiULMLBD4kHJkYVJUQmSyK5jPxEVkwILX3jE9qZhB65alW20L965mQS/DjM5p
+bj0itnwTy1DL6dul15vWBfCJKxL/A0SrgVv+hnDwHx3YU4x0re/1bNU3gVa8bT1K
+Nnu2/m1wmpU=
+=MAzv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:02.syslog-ng.asc b/share/security/advisories/FreeBSD-SA-01:02.syslog-ng.asc
new file mode 100644
index 0000000000..7859e1d615
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:02.syslog-ng.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:02                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          syslog-ng remote denial-of-service
+
+Category:       ports
+Module:         syslog-ng
+Announced:      2001-01-15
+Credits:        Balazs Scheidler <bazsi@BALABIT.HU>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-11-25
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+syslog-ng is a replacement for the standard syslogd daemon, a service
+for logging of local and remote system messages.
+
+II.  Problem Description
+
+The syslog-ng port, versions prior to 1.4.9, contains a remote
+vulnerability.  Due to incorrect log parsing, remote users may cause
+syslog-ng to crash, causing a denial-of-service if the daemon is not
+running under a watchdog process which will automatically restart it
+in the event of failure.
+
+The syslog-ng port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains nearly 4500 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote attackers may cause syslog-ng to crash, causing a
+denial-of-service if the daemon is not running under a watchdog
+process which will automatically restart it in the event of
+failure.  The default installation of the port/package is therefore
+vulnerable to this problem.
+
+If you have not chosen to install the syslog-ng port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the syslog-ng port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the syslog-ng port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/sysutils/syslog-ng-1.4.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/syslog-ng-1.4.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/sysutils/syslog-ng-1.4.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/syslog-ng-1.4.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/sysutils/syslog-ng-1.4.10.tgz
+
+3) download a new port skeleton for the syslog-ng port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOmN6R1UuHi5z0oilAQGfWgP/Yd6fjKCernj84HSuHgdXCxT3g27VFub6
+9k62GJ1wiwz8S3v4zvx1C1xbhE+pgBv+EuBe8SEp0R2BtKC/RdcrWAwYtxvqA/6d
+yknNjwBSJ2yvkZMzeG2pZXsy6TG8n6lIiEp0aCWqOsSn5FgykXg1YfAXiJ1Mo0Gu
+aNKBcOEMCag=
+=0IjM
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:03.bash1.asc b/share/security/advisories/FreeBSD-SA-01:03.bash1.asc
new file mode 100644
index 0000000000..4dbee2224b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:03.bash1.asc
@@ -0,0 +1,108 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:03                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          bash1 creates insecure temporary files
+
+Category:       ports
+Module:         bash1
+Announced:      2001-01-15
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-11-29
+Credits:	Various
+FreeBSD only:   NO
+
+I.   Background
+
+bash is an enhanced bourne-like shell.
+
+II.  Problem Description
+
+The bash port, versions prior to the correction date, creates insecure
+temporary files when the '<<' operator is used, by using a predictable
+filename based on the process ID of the shell.  An attacker can
+exploit this vulnerability to overwrite an arbitrary file writable by
+the user running the shell.  The contents of the file are overwritten
+with the text being entered using the '<<' operator, so it will
+usually not be under the control of the attacker.
+
+Therefore the likely impact of this vulnerability is a denial of
+service since the attacker can cause critical files writable by the
+user to be overwritten.  It is unlikely, although possible depending
+on the circumstances in which the '<<' operator is used, that the
+attacker could exploit the vulnerability to gain privileges (this
+typically requires that they have control over the contents the target
+file is overwritten with).
+
+This is the same vulnerability as that described in advisory 00:76
+relating to the tcsh/csh shells.
+
+The bash1 port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains nearly 4500 third-party applications in a ready-to-install
+format. The ports collections shipped with FreeBSD 3.5.1 and 4.2 are
+vulnerable to this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users can cause an arbitrary file writable by a
+victim to be overwritten when the victim invokes the '<<' operator in
+bash1 (e.g. from within a shell script).
+
+If you have not chosen to install the bash1 port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the bash1 port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the bash1 port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/shells/bash-1.14.7.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/shells/bash-1.14.7.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/shells/bash-1.14.7.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/shells/bash-1.14.7.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/shells/bash-1.14.7.tgz
+
+NOTE: Due to an oversight the package version was not updated after
+the security fix was applied, so be sure to install a package created
+after the correction date.
+
+3) download a new port skeleton for the bash1 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOmN6SVUuHi5z0oilAQERhgQAqW3ZEBCxXC2lZvqypspSwjPdc6kU3eQm
+gUNMdrk6BZX2Pj8t8q+xK9rHasyXw2fkPeZ93EvBHhOa4p5l5UARhCllNS628LAJ
+Vk3zalfHKtZIO1bCq16R5NpyQ1zh+QB9mPnl9q8KINyO0gEUtq0n3LKgr7yr74tN
+2TC9j+g5GhU=
+=RLhf
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:04.joe.asc b/share/security/advisories/FreeBSD-SA-01:04.joe.asc
new file mode 100644
index 0000000000..221b3a9161
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:04.joe.asc
@@ -0,0 +1,97 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:04                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          joe creates insecure recovery files
+
+Category:       ports
+Module:         joe
+Announced:      2001-01-15
+Credits:        Christer Öberg and Patrik Birgersson,
+		of Wkit Security AB
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-12-12
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+joe is a text editor.
+
+II.  Problem Description
+
+The joe port, versions prior to 2.8_2, contains a local vulnerability:
+if a joe session with an unsaved file terminates abnormally, joe
+creates a rescue copy of the file called ``DEADJOE'' in the same
+directory as the file being edited.  The creation of this copy is made
+without checking if the file is a symbolic link.  If the file is a
+link, joe will append the contents of the unsaved file to the linked
+file: therefore if the joe editor is run on a private file in a public
+directory such as /tmp, an attacker can access the contents of the
+edited file by causing it to be appended to a world-writable file
+owned by the attacker if the joe process terminates abnormally.
+
+The joe port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+nearly 4500 third-party applications in a ready-to-install format.
+The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this
+problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious local users, under certain restricted conditions, may obtain
+read access to non-readable files edited using the joe editor.
+
+If you have not chosen to install the joe port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the joe port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the joe port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/editors/joe-2.8_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/editors/joe-2.8_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/editors/joe-2.8_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/editors/joe-2.8_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/editors/joe-2.8_2.tgz
+
+3) download a new port skeleton for the joe port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOmN6S1UuHi5z0oilAQGiyAP+I8VOR5J8ThxuinRuGlwI9sIRImmMRxfd
+oHYJFWQRoNfQTSdE6Q+ushjqJNPL7JrU8PZjSL/6wE89CVGeZL+70/wTz8HU9Ihi
+8j8y98Fo+NvkBgpaLz5Ypo7Wpi3rZiEPzKTmfByk6CjVuwUc5k13aswcIg3TcZh0
+TZuJFzhBxm8=
+=baNZ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:05.stunnel.asc b/share/security/advisories/FreeBSD-SA-01:05.stunnel.asc
new file mode 100644
index 0000000000..3f086be547
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:05.stunnel.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:05                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          stunnel contains potential remote compromise
+
+Category:       ports
+Module:         stunnel
+Announced:      2001-01-15
+Credits:        Lez <lez@SCH.BME.HU>, Brian Hatch <bri@STUNNEL.ORG>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-12-20
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+stunnel is an SSL encryption wrapper for network services.
+
+II.  Problem Description
+
+The stunnel port, versions prior to 3.9, contains a vulnerability
+which could allow remote compromise.  When debugging is turned on
+(using the -d 7 option), stunnel will perform identd queries of remote
+connections, and the username returned by the remote identd server is
+written to the log file.  Due to incorrect usage of syslog(), a
+malicious remote user who can manipulate their identd username can
+take advantage of string-formatting operators to execute arbitrary
+code on the local system as the user running stunnel, often the root
+user.
+
+The stunnel port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains nearly 4500 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote users may execute arbitrary code on the local system
+as the user running stunnel using stunnel, under certain circumstances.
+
+If you have not chosen to install the stunnel port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the stunnel port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the stunnel port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/stunnel-3.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/stunnel-3.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/security/stunnel-3.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/stunnel-3.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/security/stunnel-3.10.tgz
+
+3) download a new port skeleton for the stunnel port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOmN6T1UuHi5z0oilAQGFYwP/TLc1mxrH+2H7XhW/srJraZwtQn33z66t
+1xASiaxefICPgnFvXHZoTMpkJI5ow2SFyLjUE2jG1MW2e5iu6fl7AeYIYNT1BF2t
+cqr6LRS92Srant5YbFqoBaTUuJtjw61T0P+dcjHfMCJAHVtihoQk8Ngw2YoX0KfV
+5ReEYZPh530=
+=okQ9
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:06.zope.asc b/share/security/advisories/FreeBSD-SA-01:06.zope.asc
new file mode 100644
index 0000000000..5afab0d955
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:06.zope.asc
@@ -0,0 +1,92 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:06                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          zope vulnerability allows escalation of privileges
+
+Category:       ports
+Module:         zope
+Announced:      2001-01-15
+Credits:        Erik Enge
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-12-20
+Vendor status:  Patch released
+FreeBSD only:   NO
+
+I.   Background
+
+zope is an object-based dynamic web application platform.
+
+II.  Problem Description
+
+The zope port, versions prior to 2.2.4, contains a vulnerability due
+to the computation of local roles not climbing the correct hierarchy
+of folders, sometimes granting local roles inappropriately.  This may
+allow users with privileges in one folder to gain the same privileges
+in another folder.
+
+The zope port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+nearly 4500 third-party applications in a ready-to-install format.
+The ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this
+problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Zope users with privileges in one folder may be able to gain the same
+privileges in other folders.
+
+If you have not chosen to install the zope port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the zope port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the zope port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/zope-2.2.4.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/zope-2.2.4.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/zope-2.2.4.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/zope-2.2.4.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/www/zope-2.2.4.tgz
+
+3) download a new port skeleton for the zope port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOmN6UVUuHi5z0oilAQGVdAP/TPreDK7sB21+F5wO6KAWKBZe4NZIRAlt
+aajsBSTmpCYGtQ1dbsIeMUtTYOzdR8FKO0CPYfZbl1cjGljW3HpWIus0ildznNeA
+LznyYR9fwoSNU0Vh9xtqZ3OolCGw+GY98Wg55RcgToDDxeNnT4ZSGZnf4zdwQw9S
+QbDfN6Br1oM=
+=c035
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:07.xfree86.asc b/share/security/advisories/FreeBSD-SA-01:07.xfree86.asc
new file mode 100644
index 0000000000..de0ae43643
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:07.xfree86.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:07                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Multiple XFree86 3.3.6 vulnerabilities
+
+Category:       ports
+Module:         XFree86-3.3.6, XFree86-aoutlibs
+Announced:      2001-01-23
+Credits:        Chris Evans <chris@ferret.lmh.ox.ac.uk>
+                Michal Zalewski <lcamtuf@tpi.pl>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2000-10-24 (XFree86-3.3.6)
+Vendor status:  Fixed in XFree86 4.0.1, no patches released by vendor.
+FreeBSD only:   NO
+
+I.   Background
+
+XFree86 is a popular X server.  It exists in three versions in the
+FreeBSD ports collection: 3.3.6 and 4.0.2, as well as a.out libraries
+based on XFree86 3.3.3.
+
+II.  Problem Description
+
+The XFree86-3.3.6 port, versions prior to 3.3.6_1, has multiple
+vulnerabilities that may allow local or remote users to cause a denial
+of service attack against a vulnerable X server.  Additionally, local
+users may be able to obtain elevated privileges under certain
+circumstances.
+
+X server DoS:
+  Remote users can, by sending a malformed packet to port 6000 TCP,
+  cause the victim's X server to freeze for several minutes. During
+  the freeze, the mouse does not move and the screen does not update
+  in any way. In addition, the keyboard is unresponsive, including
+  console-switch and kill-server key combinations. Non-X processes,
+  such as remote command-line logins and non-X applications, are
+  unaffected by the freeze.
+
+Xlib holes:
+  Due to various coding flaws in libX11, privileged (setuid/setgid)
+  programs linked against libX11 may allow local users to obtain
+  elevated privileges.
+
+libICE DoS:
+  Due to inadequate bounds checking in libICE, a denial of service
+  exists with any application using libICE to listen on a network port
+  for network services.
+
+The XFree86-aoutlibs port contains the XFree86 libraries from the
+3.3.3 release of XFree86, in a.out format suitable for use with
+applications in the legacy a.out binaryformat, most notably being the
+FreeBSD native version of Netscape.  It is unknown whether Netscape is
+vulnerable to the problems described in this advisory, but it believed
+that the only potential vulnerability is the libICE denial-of-service
+condition described above.
+
+The XFree86 and XFree86-aoutlibs ports are not installed by default
+(although XFree86 is available as an installation option in the
+FreeBSD installer), nor are they "part of FreeBSD" as such: they are
+part of the FreeBSD ports collection, which contains almost 4500
+third-party applications in a ready-to-install format.  The ports
+collections shipped with FreeBSD 3.5.1 and 4.1.1 contain these problem
+since they were discovered after the releases, but the XFree86 problem
+was corrected prior to the release of FreeBSD 4.2.  At the time of
+advisory release, the XFree86-aoutlibs port has not been corrected.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local or remote users may cause a denial of service attack against an
+X server or certain X applications.  Local users may obtain elevated
+privileges with certain X applications.
+
+If you have not chosen to install the XFree86 3.3.6 port/package or
+the XFree86-aoutlibs port/package, or you are running XFree86 4.0.1 or
+later, then your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the XFree86-3.3.6 and XFree86-aoutlibs ports/packages, if
+you you have installed them.
+
+Note that any statically linked binaries which make use of the
+vulnerable XFree86 routines may still be vulnerable to the problems
+after deinstallation of the port/package.  However due to the
+difficulty of developing a reliable scanning utility for such binaries
+no such utility is provided.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the XFree86-3.3.6
+port.
+
+2) Deinstall the old package and install an XFree86-4.0.2 package
+obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/x11/XFree86-4.0.2_5.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11/XFree86-4.0.2_5.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11/XFree86-4.0.2_5.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: XFree86-3.3.6 packages are no longer made available, only the
+newer XFree86-4.0.2 packages.
+
+Note also that the XFree86-aoutlibs port has not yet been fixed: there
+is currently no solution to the problem other than removing the
+port/package and recompiling any dependent software to use ELF
+libraries, or switching to an ELF-based version of the software, if
+available (e.g. the BSD/OS or Linux versions of Netscape, as an
+alternative to the FreeBSD native version).  The potential impact of
+the vulnerabilities to the local environment may be deemed not
+sufficiently great to warrant this approach, however.
+
+3) download a new port skeleton for the XFree86-3.3.6 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOm3xpFUuHi5z0oilAQF+zQQAiwIQSv6MemATgo6v2/QwMjttGpbMxbh2
+s94CK+aAlbtRlsrBZl6DIWwVydc1C3k6EHnM+NHqwhfOq/yrwp7JDKwVUmvi+5Qx
+1UAY8QRu45OednLsyT2qUuNrowjMmkdB0EcsqQq2UvLtN2054m6AmpZk1t3TjGTr
+CCOFX30qIn0=
+=pI+q
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:08.ipfw.asc b/share/security/advisories/FreeBSD-SA-01:08.ipfw.asc
new file mode 100644
index 0000000000..91efe6cec4
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:08.ipfw.asc
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:08                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		ipfw/ip6fw allows bypassing of 'established' keyword
+
+Category:	core
+Module:		kernel
+Announced:	2001-01-23
+Credits:	Aragon Gouveia <aragon@phat.za.net>
+Affects:	FreeBSD 3.x (all releases), FreeBSD 4.x (all releases),
+		FreeBSD 3.5-STABLE and 4.2-STABLE prior to the
+		correction date.
+Corrected:	2001-01-09 (FreeBSD 4.2-STABLE)
+		2001-01-12 (FreeBSD 3.5-STABLE)
+FreeBSD only:	Yes
+
+I.   Background
+
+ipfw is a system facility which allows IP packet filtering,
+redirecting, and traffic accounting.  ip6fw is the corresponding
+utility for IPv6 networks, included in FreeBSD 4.0 and above.  It is
+based on an old version of ipfw and does not contain as many features.
+
+II.  Problem Description
+
+Due to overloading of the TCP reserved flags field, ipfw and ip6fw
+incorrectly treat all TCP packets with the ECE flag set as being part
+of an established TCP connection, which will therefore match a
+corresponding ipfw rule containing the 'established' qualifier, even
+if the packet is not part of an established connection.
+
+The ECE flag is not believed to be in common use on the Internet at
+present, but is part of an experimental extension to TCP for
+congestion notification.  At least one other major operating system
+will emit TCP packets with the ECE flag set under certain operating
+conditions.
+
+Only systems which have enabled ipfw or ip6fw and use a ruleset
+containing TCP rules which make use of the 'established' qualifier,
+such as "allow tcp from any to any established", are vulnerable.  The
+exact impact of the vulnerability on such systems is undetermined and
+depends on the exact ruleset in use.
+
+All released versions of FreeBSD prior to the correction date
+including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable, but it was
+corrected prior to the (future) release of FreeBSD 4.3.
+
+III. Impact
+
+Remote attackers who construct TCP packets with the ECE flag set may
+bypass certain ipfw rules, allowing them to potentially circumvent
+the firewall.
+
+IV.  Workaround
+
+Because the vulnerability only affects 'established' rules and ECE-
+flagged TCP packets, this vulnerability can be removed by adjusting
+the system's rulesets.  In general, it is possible to express most
+'established' rules in terms of a general TCP rule (with no TCP flag
+qualifications) and a 'setup' rule, but may require some restructuring
+and renumbering of the ruleset.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade the vulnerable FreeBSD system to FreeBSD 3.5-STABLE, or
+or 4.2-STABLE after the correction date.
+
+2) Patch your present system by downloading the relevant patch from the
+below location:
+
+[FreeBSD 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-4.x.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-4.x.patch.asc
+
+[FreeBSD 3.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-3.x.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:08/ipfw-3.x.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# cp /usr/src/sys/netinet/tcp.h /usr/src/sys/netinet/ip_fw.h /usr/include/netinet/
+# cd /usr/src/sbin/ipfw
+# make depend && make all install
+# cd /usr/src/sys/modules/ipfw
+# make depend && make all install
+
+For 4.x systems, perform the following additional steps:
+
+# cp /usr/src/sys/netinet6/ip6_fw.h /usr/include/netinet6/
+# cd /usr/src/sbin/ip6fw
+# make depend && make all install
+# cd /usr/src/sys/modules/ip6fw
+# make depend && make all install
+
+NOTE: The ip6fw patches have not yet been tested but are believed to
+be correct.  The ip6fw software is not currently maintained and may be
+removed in a future release.
+
+If the system is using the ipfw or ip6fw kernel modules (see
+kldstat(8)), the module may be unloaded and the corrected module
+loaded into the kernel using kldload(8)/kldunload(8).  This will
+require that the firewall rules be reloaded, usually be executing the
+/etc/rc.firewall script.  Because the loading of the ipfw or ip6fw
+module will result in the system denying all packets by default, this
+should only be attempted when accessing the system via console or by
+careful use of a command such as:
+
+# kldload ipfw && sh /etc/rc.firewall
+
+which performs both operations sequentially.
+
+Otherwise, if the system has ipfw or ip6fw compiled into the kernel,
+the kernel will also have to be recompiled and installed, and the
+system will have to be rebooted for the changes to take effect.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOm3yulUuHi5z0oilAQEJbQP+Nf6JEKNUz0bOhgOYmY0DDCQNbY/2dlxA
+Qhs59HSB9Y7cwP+NuFKhix2fii8Y5oSOxjfMhllRl0yIQMHloG6orXNBuYJQ++d5
+A/e+eoePNTzTo7kbaEZyvS3pGBodkueUmnKAqT9Ho/SGY00p4/JxpNcp3KuYT4Re
+gyKXSFV3rkQ=
+=7XOn
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:09.crontab.asc b/share/security/advisories/FreeBSD-SA-01:09.crontab.asc
new file mode 100644
index 0000000000..9c6bd697b5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:09.crontab.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:09                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		crontab allows users to read certain files [REVISED]
+
+Category:	core
+Module:		crontab
+Announced:	2001-01-23
+Revised:	2001-01-25
+Credits:	Kyong-won Cho <dubhe@HACKERSLAB.COM>
+		Patch obtained from OpenBSD (Todd Miller <millert@openbsd.org>)
+Affects:	FreeBSD 3.x (all releases), 4.x (all releases prior to 4.2)
+                FreeBSD 3.5.1-STABLE and 4.1.1-STABLE prior to the
+                correction date.
+Corrected:	2000-11-11 (FreeBSD 4.1.1-STABLE)
+		2000-11-20 (FreeBSD 3.5.1-STABLE)
+FreeBSD only:	No
+
+0.   Revision History
+
+v1.0  2001-01-23  Initial release
+v1.1  2001-01-25  Update to credit OpenBSD as source of patch
+
+I.   Background
+
+crontab(8) is a program to edit crontab(5) files for use by the cron
+daemon, which schedules jobs to run at specified times.
+
+II.  Problem Description
+
+crontab(8) was discovered to contain a vulnerability that may allow
+local users to read any file on the system that conform to a valid
+crontab(5) file syntax.  Due to crontab(5) syntax requirements, the
+files that may be read is limited and subject to the following
+restrictions:
+
+* The file is a valid crontab(5) file, or:
+* The file is entirely commented out; every line contains either only
+  whitespace, or begins with a '#' character.
+
+The greatest security vulnerability is the disclosure of crontab
+entries owned by other users, which may contain sensitive data such as
+keying material (although this would often be publically disclosed
+anyway at the time when the crontab job executes, via process
+arguments and environment, etc).
+
+All released versions of FreeBSD prior to the correction date
+including FreeBSD 4.1.1 are vulnerable to this problem.  The problem
+was corrected prior to the release of FreeBSD 4.2.
+
+III. Impact
+
+Malicious local users can read arbitrary local files that conform to
+a valid crontab file syntax.
+
+IV.  Workaround
+
+One of the following:
+
+1) Utilize crontab allow/deny files (/var/cron/allow and
+/var/cron/deny) to limit access to use the crontab(8) utility.
+
+2) Remove the setuid privileges from /usr/sbin/crontab.  However, this
+will not allow users other than root to use cron.
+
+V.   Solution
+
+One of the following:
+
+Upgrade the vulnerable FreeBSD system to 3.5-STABLE or 4.1.1-STABLE
+after the correction date.
+
+To patch your present system: download the relavent patch from the
+below location and execute the following commands as root:
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:09/crontab-4.x.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/usr.sbin/cron/crontab
+# patch -p < /path/to/patch
+# make depend && make all install
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOnCTnVUuHi5z0oilAQGinAP8DtcJTo/0t/ajgbhccOSGMm9DHCN+jsou
+Nw+3rH07ImrSgeIyINi8d2J+tPL2eakesXm2yKOniuS25PoJN/GuzMC9Qvfybkvg
+cmKz3f4Fbzu9auWUUx2c+7GZargpGPRjxuNt86RucYswWjTT96MLs0ORGo9hZbXr
+F0kM+1EZoTg=
+=ONjc
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:10.bind.asc b/share/security/advisories/FreeBSD-SA-01:10.bind.asc
new file mode 100644
index 0000000000..e94c41eaed
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:10.bind.asc
@@ -0,0 +1,104 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:10                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          bind remote denial of service
+
+Category:       core, ports
+Module:         bind
+Announced:      2001-01-23
+Credits:	Fabio Pietrosanti <fabio@TELEMAIL.IT>
+Affects:        FreeBSD 3.x prior to the correction date.
+		Ports collection prior to the correction date.
+Corrected:      2000-11-27 (FreeBSD 3.5-STABLE)
+		2001-01-05 (Ports collection)
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+bind is an implementation of the Domain Name System (DNS) protocols.
+
+II.  Problem Description
+
+A vulnerability exists with the bind nameserver dealing with
+compressed zone transfers.  Due to a problem with the compressed zone
+transfer (ZXFR) implementation, if named is configured for zone
+transfers and recursive resolving, it will crash after a ZXFR for the
+authoritative zone and a query of a remote hostname.  Since named is
+not configured under a watchdog process which will automatically
+restart it after a failure, this will lead to the denial of DNS
+service on the server.
+
+All versions of FreeBSD 3.x prior to the correction date including
+3.5.1-RELEASE are vulnerable to this problem.  In addition, the bind8
+port in the ports collection is also vulnerable.  FreeBSD 4.x is not
+affected since it contains versions of BIND 8.2.3.
+
+III. Impact
+
+Malicious remote users can cause the named daemon to crash, if it is
+configured to allow zone transfers and recursive queries.
+
+IV.  Workaround
+
+A partial workaround can be implemented by disallowing zone transfers
+except from trusted hosts. Note that if the trusted hosts are
+compromised or contain malicious users, name servers with this bug
+will be vulnerable to the denial of service attack.
+
+V.   Solution
+
+[Base system]
+
+Upgrade your vulnerable FreeBSD system to 3.5.1-STABLE after the
+correction date.
+
+[Ports collection]
+
+If you have chosen to install BIND from the ports collection and are
+using it instead of the version in the base system, perform one of the
+following steps:
+
+1) Upgrade your entire ports collection and rebuild the bind8 port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/bind-8.2.2p7.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/bind-8.2.2p7.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/bind-8.2.2p7.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the bind8 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOm320lUuHi5z0oilAQHFXAP+NVSPyykl5nfZlsU/ocqyMAAt/ArNz1F/
+4GEL8Q5GF2+hhEOG4PoKfDiwQ/CK8gQT8kn46YI8k7J6kyDES3g15zQTPX0E2lJa
+dK0kpL4iWcLndZRHgFmE80//qY2E8G/pVIvhNi4yzjcFVTpshdSdl4OMcMf9IaYE
+zrWZ3Eyvdns=
+=PmSi
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:11.inetd.asc b/share/security/advisories/FreeBSD-SA-01:11.inetd.asc
new file mode 100644
index 0000000000..4e1ffbfce1
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:11.inetd.asc
@@ -0,0 +1,104 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:11                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          inetd ident server allows remote users to partially
+                read arbitrary wheel-accessible files [REVISED]
+
+Category:       core
+Module:         inetd
+Announced:      2001-01-29
+Revised:        2001-01-29
+Credits:        dynamo <dynamo@ime.net>
+Affects:        FreeBSD 3.x (all releases)
+                FreeBSD 4.x (all releases)
+Corrected:      2000-11-25 (FreeBSD 4.2-STABLE)
+                2001-01-26 (FreeBSD 3.5-STABLE)
+FreeBSD only:   Yes
+
+0.   Revision History
+
+v1.0  2001-01-29  Initial release
+v1.1  2001-01-29  Correctly credit original problem reporter
+
+I.   Background
+
+The inetd ident server is an implementation of the RFC1413
+identification server which returns the local username of the
+user connecting to a remote service.
+
+II.  Problem Description
+
+During internal auditing, the internal ident server in inetd was found
+to incorrectly set group privileges according to the user.  Due to
+ident using root's group permissions, users may read the first 16
+(excluding initial whitespace) bytes of wheel-accessible files.
+
+All released versions of FreeBSD prior to the correction date
+including FreeBSD 3.5.1 and FreeBSD 4.2 are vulnerable.
+
+III. Impact
+
+Users can read the first 16 bytes of wheel-accessible files.
+
+To determine which may be potentially read, execute the following
+command as root:
+
+# find / -group wheel \( -perm -40 -a \! -perm +4 \) -ls
+
+The inetd internal ident server is not enabled by default.  If you
+have not enabled the ident portion of inetd, you are not vulnerable.
+
+IV.  Workaround
+
+Disable the internal ident server, if enabled: comment out all lines
+beginning with "auth" in /etc/inetd.conf, then restart inetd by
+sending it a SIGHUP:
+
+# killall -HUP inetd
+
+V.   Solution
+
+One of the following:
+
+Upgrade the vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE
+after the correction date.
+
+To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+[FreeBSD 4.2 base system]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:11/inetd-4.2.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:11/inetd-4.2.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/usr.sbin/inetd
+# patch -p < /path/to/patch
+# make depend && make all install
+# killall -HUP inetd
+
+[FreeBSD 3.5.1 base system]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:11/inetd-3.5.1.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:11/inetd-3.5.1.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/usr.sbin/inetd
+# patch -p < /path/to/patch
+# make depend && make all install
+# killall -HUP inetd
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOnXa9FUuHi5z0oilAQGoPQP+ItWj4ScnyoBGBQw/CMLQN0XHWcEaT777
+dY8IL6U6NeSI0g/XAk5mVk2a0AExqimkhZFtaphg49y8XwjgbWGqtWHh0YMHa4k3
+ILtpOKQpDiGRda15FQUX+Pij8m3T1UdOmFQgCw2hFWnLh3eSgye7thHJzBjUlxCM
+WI5aiOcdOk4=
+=aAJS
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:12.periodic.asc b/share/security/advisories/FreeBSD-SA-01:12.periodic.asc
new file mode 100644
index 0000000000..47f662831c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:12.periodic.asc
@@ -0,0 +1,85 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:12                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          periodic uses insecure temporary files [REVISED]
+
+Category:       core
+Module:         periodic
+Announced:      2001-01-29
+Revised:        2001-01-29
+Credits:        David Lary <dlary@secureworks.net>
+Affects:        FreeBSD 4.1-STABLE after 2000-09-20, 4.1.1-RELEASE,
+		and 4.1.1-STABLE prior to the correction date.
+		No FreeBSD 3.x versions are affected.
+Corrected:      2000-11-11
+FreeBSD only:   Yes
+
+0.   Revision History
+
+v1.0  2001-01-29  Initial release
+v1.1  2001-01-29  Correctly credit original problem reporter
+
+I.   Background
+
+periodic is a program to run periodic system functions.
+
+II.  Problem Description
+
+A vulnerability was inadvertently introduced into periodic that caused
+temporary files with insecure file names to be used in the system's
+temporary directory.  This may allow a malicious local user to cause
+arbitrary files on the system to be corrupted.
+
+By default, periodic is normally called by cron for daily, weekly, and
+monthly maintenance.  Because these scripts run as root, an attacker
+may potentially corrupt any file on the system.
+
+FreeBSD 4.1-STABLE after 2000-09-20, 4.1.1-RELEASE, and 4.1.1-STABLE
+prior to the correction date are vulnerable.  The problem was
+corrected prior to the release of FreeBSD 4.2.
+
+III. Impact
+
+Malicious local users can cause arbitrary files on the system to be
+corrupted.
+
+IV.  Workaround
+
+Do not allow periodic to be used in untrusted multi-user environments.
+
+Disable the normal periodic system maintenance scripts by either
+commenting-out or removing the periodic entries in /etc/crontab.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade the vulnerable FreeBSD system to 4.1.1-STABLE after the
+correction date.
+
+2) Affected FreeBSD 4.x systems prior to the correction date:
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:12/periodic.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:12/periodic.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src/usr.sbin/periodic
+# patch -p < /path/to/patch
+# make depend && make all install
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOnXa7lUuHi5z0oilAQHW2AP7BP+YRA93Guy+ImRy1O2IHw/6qYBivSA1
+fpYrTERUyyBHbe04KypWjloHfzvKIZoYApXdleECkVBPMYwNPNixTYVrU4zR4qbC
+EjgtF4OhjLjmO/LqbKPiwDC7TEWWi3OtPWwpJlqT7uNoHmg+o6ySTJPPyrpAFuUQ
+FS8I+DjVESA=
+=wBFp
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:13.sort.asc b/share/security/advisories/FreeBSD-SA-01:13.sort.asc
new file mode 100644
index 0000000000..40f711d1c7
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:13.sort.asc
@@ -0,0 +1,93 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:13                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          sort uses insecure temporary files
+
+Category:       core
+Module:         sort
+Announced:      2001-01-29
+Credits:        Discovered during internal auditing
+Affects:        FreeBSD 3.x (all releases), FreeBSD 4.x (all releases
+                prior to 4.2), FreeBSD 3.5-STABLE prior to the
+                correction date.
+Corrected:      2000-11-11 (FreeBSD 4.1.1-STABLE)
+                2001-01-01 (FreeBSD 3.5-STABLE)
+FreeBSD only:   NO
+
+I.   Background
+
+sort(1) is a program to sort lines of text.  It is externally
+maintained, contributed software which is included in FreeBSD by
+default.
+
+II.  Problem Description
+
+During internal auditing, sort(1) was found to use easily predictable
+temporary file names.  It does create these temporary files correctly
+such that they cannot be "subverted" by a symlink attack, but the
+program will abort if the temporary filename chosen is already in use.
+This allows an attacker to cause the sort(1) command to abort, which
+may have a cascade effect on other scripts which make use of it (such
+as system management and reporting scripts).  For example, it may be
+possible to use this failure mode to hide the reporting of malicious
+system activity which would otherwise be detected by a management
+script.
+
+All released versions of FreeBSD prior to the correction date including
+FreeBSD 3.5.1 and FreeBSD 4.1.1 are vulnerable.  The problem was
+corrected prior to the release of FreeBSD 4.2.
+
+III. Impact
+
+Attackers can cause the operation of sort(1) to fail, possibly
+disrupting aspects of system operation.
+
+IV.  Workaround
+
+None appropriate.
+
+V.   Solution
+
+One of the following:
+
+Upgrade the vulnerable FreeBSD system to FreeBSD 3.5-STABLE,
+4.2-RELEASE, or 4.2-STABLE after the correction date.
+
+To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+[FreeBSD 4.1.1 base system]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-4.1.1.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-4.1.1.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/gnu/usr.bin/sort
+# patch -p < /path/to/patch
+# make depend && make all install
+
+[FreeBSD 3.5.1 base system]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-3.5.1.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:13/sort-3.5.1.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/gnu/usr.bin/sort
+# patch -p < /path/to/patch
+# make depend && make all install
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOnXd6VUuHi5z0oilAQF0XAP/d2M9nevTRLhEqTzutYfj2Whxxm1P8HgW
+1hRPi3n3r9I7m9cBCjree6N33CRJoa0pdKovL5OgC04AWdRSKhfVHsLJYQz41Vi2
+tfqfZCTdhCWmwx9TGeVek9Pk3OrUIwhfzg+YBqX+ioQYaenB+25FHK1cigmXdeWp
+UZWDyGlrmyM=
+=vOx+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:14.micq.asc b/share/security/advisories/FreeBSD-SA-01:14.micq.asc
new file mode 100644
index 0000000000..0433a50cb5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:14.micq.asc
@@ -0,0 +1,97 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:14                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          micq remote buffer overflow vulnerability
+
+Category:       ports
+Module:         micq
+Announced:      2001-01-29
+Credits:        recidjvo@pkcrew.org
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-01-24
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+micq is a text-based ICQ client.
+
+II.  Problem Description
+
+The micq port, versions prior to 0.4.6.1, contains a remote
+vulnerability: due to a buffer overflow, a malicious remote user
+sending specially-crafted packets may be able to execute arbitrary
+code on the local system with the privileges of the micq process.  To
+accomplish this, the attacker must be able to sniff the packets
+between the micq client and ICQ server in order to gain the session
+key to cause the client to accept the malicious packets.
+
+The micq port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 4500 third-party applications in a ready-to-install format.  The
+ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this
+problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote users may cause arbitrary code to be executed
+with the privileges of the micq process.
+
+If you have not chosen to install the micq port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the micq port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the micq port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/micq-0.4.6.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/micq-0.4.6.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/micq-0.4.6.1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the micq port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOnXfalUuHi5z0oilAQEhPQP/aq4wwNE4IFedgd2Fz8IEZo+cfiu5dsPa
+P1fNoylanm+TbLBEV+hJwjt5lBQHQoEmMh3efz2x7foj42QMP6YPtw6WPcwbXtVQ
+uTSra4+3Ck2NdO+5WDju2X0kMbIBWJMCAPrGEpr/EkNbJRu76Ojp6Cw31WBx17X7
+BwLriuu9c9I=
+=Iluh
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:15.tinyproxy.asc b/share/security/advisories/FreeBSD-SA-01:15.tinyproxy.asc
new file mode 100644
index 0000000000..fa277c9fc9
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:15.tinyproxy.asc
@@ -0,0 +1,95 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:15                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          tinyproxy contains remote vulnerabilities
+
+Category:       ports
+Module:         tinyproxy
+Announced:      2001-01-29
+Credits:        |CyRaX| <cyrax@pkcrew.org>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-01-22
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+tinyproxy is a lightweight http proxy.
+
+II.  Problem Description
+
+The tinyproxy port, versions prior to 1.3.3a, contains remote
+vulnerabilities: due to a heap overflow, malicious remote users can
+cause a denial-of-service by crashing the proxy.  Additionally, the
+attacker may potentially cause arbitrary code to be executed as the
+user running tinyproxy.
+
+The tinyproxy port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4500 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote users may cause a denial-of-service and potentially
+cause arbitrary code to be executed.
+
+If you have not chosen to install the tinyproxy port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the tinyproxy port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the tinyproxy port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/www/tinyproxy-1.3.3a.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/tinyproxy-1.3.3a.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/tinyproxy-1.3.3a.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the tinyproxy port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOnXgJ1UuHi5z0oilAQHo6wQAj3xyGIyobs/grdxqowjFMcpE86ZxuguC
+/FzN9pNGbj2/tRv+5XWALJs4dl5mfqNruxeNlFy7uNZAoLztRd5DxuPa/KLJBh3R
+NYUFjCBzBbjMDZzSOQSpRWwMrs8o/y5qWgAEdVQXqTmXPrKKnbiIBpAYRX/9pzGW
+s199naiw8yM=
+=M4Q1
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:16.mysql.asc b/share/security/advisories/FreeBSD-SA-01:16.mysql.asc
new file mode 100644
index 0000000000..24bf94bfef
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:16.mysql.asc
@@ -0,0 +1,110 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:16                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          mysql may allow remote users to gain increased
+                privileges
+
+Category:       ports
+Module:         mysql322-server/mysql323-server
+Announced:      2001-01-29
+Credits:        Nicolas GREGOIRE <nicolas.gregoire@7THZONE.COM>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-01-19
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+mysql is a high-performance database server.
+
+II.  Problem Description
+
+The mysql323-server port, versions prior to 3.23.22, and all
+mysql322-server ports contain remote vulerabilities.  Due to a buffer
+overflow, a malicious remote user can cause a denial-of-service by
+crashing the database.  Additionally, the attacker may be able to gain
+the privileges of the mysqld user, allowing access to all databases
+and the ability to leverage other local attacks as the mysqld user.
+In order to accomplish this, the attacker must have a valid mysql
+account.
+
+The mysql322-server and mysql323-server ports are not installed by
+default, nor are they "part of FreeBSD" as such: they are part of the
+FreeBSD ports collection, which contains over 4500 third-party
+applications in a ready-to-install format.  The ports collections
+shipped with FreeBSD 3.5.1 and 4.2 contain this problem since it was
+discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote mysql users may cause a denial-of-service and
+potentially gain access as the mysqld user, allowing access to all
+databases on the mysql server and the ability to leverage other local
+attacks as the mysqld user.
+
+If you have not chosen to install the mysql322-server or
+mysql323-server ports/packages, then your system is not vulnerable to
+this problem.
+
+IV.  Workaround
+
+Deinstall the mysql322-server or mysql323-server port/package, if you
+have installed it.
+
+V.   Solution
+
+Note: the mysql322-server port has been removed since mysql 3.23 is
+now the stable mysql branch.  People using older mysql322-server
+ports/packages are urged to update to the mysql323-server
+port/package.
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the
+mysql323-server port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/databases/mysql-3.23.32.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/databases/mysql-3.23.32.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/databases/mysql-3.23.32.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the mysql323-server port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOnXg81UuHi5z0oilAQEIKgP/fLnAPAIJt33PQl6NYnBzivsjX0/w0TGW
+MVkX3OAz14EZYGEajJJfCf2QboqvDYMMuoYNQS3MF8eTmSNQxpzDpRzFyU8zeiUj
+UnAzKWk+4vjTRkM8BcQHuXfsuzh/H1KjENjo+gbCrmXitLWjuFSS9l/U91tWeyMM
+sQevoqqqXQE=
+=8xko
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:17.exmh.asc b/share/security/advisories/FreeBSD-SA-01:17.exmh.asc
new file mode 100644
index 0000000000..0a818b8f7a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:17.exmh.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:17                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          exmh symlink vulnerability
+
+Category:       ports
+Module:         exmh2
+Announced:      2001-01-29
+Credits:        Stanley G. Bubrouski <stan@CCS.NEU.EDU>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-01-22
+Vendor status:  Updated version released
+FreeBSD only:   No
+
+I.   Background
+
+exmh is a tcl/tk based interface to the mh mail user agent.
+
+II.  Problem Description
+
+The exmh2 port, versions prior to 2.3.1, contains a local
+vulnerability: at startup, if exmh detects a problem in its code or
+configuration an error dialog appears giving the user an option to
+fill in a bug report and email it to the maintainer.  If the user
+agrees to mail the maintainer a file named /tmp/exmhErrorMsg is
+created.  If the file exists and is a symlink, it will follow the
+link, allowing local files writable by the user to be overwritten.
+
+The exmh2 port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4500 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious local users may cause arbitrary files writable by the user
+running exmh to be overwritten, in certain restricted situations.
+
+If you have not chosen to install the exmh2 port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the exmh2 port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the exmh2 port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/mail/exmh-2.3.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/exmh-2.3.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/exmh-2.3.1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the exmh2 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOnXiAVUuHi5z0oilAQFN1QP/Y8TNT5P86VCujRk704GXV9Lxw4W6+lgZ
+s6wmSPnm8BmO/MZo4RZ+snZToo9lZWEbgU490LU7sUjy8ehMiP6F2OpViuFT76ug
+INFou7NHIAmMre2iFzyy6pcsLttX0emc02qUiEPDCLXrgF0BvhbqC3myXsbUzrpJ
+srN7OD3Y8l4=
+=1966
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:18.bind.asc b/share/security/advisories/FreeBSD-SA-01:18.bind.asc
new file mode 100644
index 0000000000..268843e01a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:18.bind.asc
@@ -0,0 +1,252 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:18                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          BIND remotely exploitable buffer overflow
+
+Category:       core, ports
+Module:         bind
+Announced:      2001-01-31
+Credits:	COVERT Labs <seclabs@NAI.COM>
+                Claudio Musmarra
+Affects:        All released versions of FreeBSD 3.x, 4.x.
+		FreeBSD 3.5-STABLE prior to the correction date.
+		FreeBSD 4.2-STABLE prior to the correction date.
+		Ports collection prior to the correction date.
+Corrected:      2001-01-30 (FreeBSD 3.5-STABLE)
+		2001-01-29 (FreeBSD 4.2-STABLE)
+		2001-01-29 (Ports collection)
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+BIND is an implementation of the Domain Name Service (DNS) protocols.
+
+II.  Problem Description
+
+An overflowable buffer related to the processing of transaction
+signatures (TSIG) exists in all versions of BIND prior to
+8.2.3-RELEASE.  The vulnerability is exploitable regardless of
+configuration options and affects both recursive and non-recursive DNS
+servers.
+
+Additional vulnerabilities allow the leaking of environment variables
+and the contents of the program stack.  These vulnerabilities may
+assist the ability of attackers to exploit the primary vulnerability
+described above, and make provide additional information about the
+state or configuration of the system.
+
+All previous versions of BIND 8, such as the beta versions included in
+FreeBSD 4.x prior to the correction date (designated the version
+number BIND 8.2.3-T<#>B) are vulnerable to this problem.  Systems
+running versions of BIND 9.x (available in the FreeBSD ports
+collection) are unaffected.
+
+Further information about the vulnerabilities is contained in the CERT
+advisory located at:
+
+http://www.cert.org/advisories/CA-2001-02.html
+
+Note that this advisory also describes vulnerabilities in the BIND 4.x
+software, which is not included in any recent version of FreeBSD.
+
+All versions of FreeBSD 3.x and 4.x prior to the correction date
+including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this
+problem, if they have been configued to run named (this is not enabled
+by default).  In addition, the bind8 port in the ports collection
+(versions prior to 8.2.3) is also vulnerable.
+
+To check whether a DNS server is running a vulnerable version of BIND,
+perform the following command as any user:
+
+% dig @serverip version.bind. CHAOS TXT
+
+The following segment of output indicates a non-vulnerable server
+running BIND 8.2.3-RELEASE:
+
+...
+;; ANSWER SECTION:
+VERSION.BIND.           0S CHAOS TXT    "8.2.3-REL"
+...
+
+III. Impact
+
+Malicious remote users can cause arbitrary code to be executed as the
+user running the named daemon.  This is often the root user, although
+FreeBSD provides built-in support for the execution of named as an
+unprivileged 'bind' user, which greatly limits the scope of the
+vulnerability should a successful penetration take place.
+
+IV.  Workaround
+
+There is no known practical workaround to prevent the vulnerability
+from being exploited, short of upgrading the software.  A partial
+workaround to limit the impact of the vulnerability should it be
+exploited is to run named as an unprivileged user.
+
+Add the following line to /etc/rc.conf:
+
+named_flags="-u bind -g bind"  # Flags for named
+
+Add the following line to your /etc/namedb/named.conf file, in the
+"options" section:
+
+	pid-file "/var/named/named.pid";
+
+See the named.conf(5) manual page for more details about configuring
+named.
+
+Perform the following commands as root:
+
+Create a directory writable by the bind user where named can store its
+pid file:
+
+# mkdir /var/named
+# chown bind:bind /var/named
+
+Shut down the DNS server:
+
+# ndc stop
+
+Restart it using the non-privileged user and group:
+
+# ndc -p /var/named/named.pid start -u bind -g bind
+
+Note that when not running as the root user, named will lose the
+ability to re-bind to interfaces which change address, or which are
+added to the system after named has been started.  If such an event
+takes place, named will need to be stopped and restarted in order to
+re-bind to the interface(s).  See the ndc(8) manual page for more
+information about how to do this.
+
+Use of the -t option to named will also increase security when run as
+a non-privileged user by confining the named process to a chroot
+environment and thereby partially limiting the access it has to the
+rest of the system.  Configuration of these options is beyond the
+scope of the advisory.  The following website contains information
+which may be useful to administrators wishing to perform this step:
+
+http://www.losurs.org/docs/howto/Chroot-BIND.html
+
+Note that this tutorial does not specifically relate to FreeBSD, and
+the information contained therein may need to be modified for FreeBSD
+systems.
+
+Note that such a penetration of the unprivileged bind user may still
+allow the attacker to take advantage of a local security vulnerability
+or misconfiguration to further increase privileges.  Therefore this
+should only be considered a temporary workaround while preparations
+can be made to upgrade permanently.
+
+It is recommended that all affected users upgrade their systems
+immediately as described in the following section.
+
+V.   Solution
+
+Note that BIND 8.2.3-RELEASE is more strict about invalid zone file
+syntax than older versions.  DNS zones which contain errors may need
+to be corrected before the new version can be run.
+
+[Base system]
+
+Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE
+after the respective correction dates.
+
+A binary tarball containing the updated BIND files may be released in
+a few days, but is being held back for quality assurance reasons.  In
+the meantime an unofficial tarball is available from the following
+location.  Users are advised that the following tarball has not been
+tested on a production system, and those wishing to perform an upgrade
+without upgrading the entire OS are advised to use the bind8 port as
+described below.
+
+http://www.freebsd.org/~kris/bind-8.2.3-4.x.tgz
+http://www.freebsd.org/~kris/bind-8.2.3-4.x.tgz.asc
+
+To fetch and install it, perform the following actions as root:
+
+# fetch http://www.freebsd.org/~kris/bind-8.2.3-4.x.tgz
+# fetch http://www.freebsd.org/~kris/bind-8.2.3-4.x.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /
+# tar xvfz /path/to/bind-8.2.3-4.x.tgz
+
+Stop and restart the named process as shown:
+
+# ndc restart
+
+See the note in the previous section about how to restart ndc as a
+non-privileged user if it has been configued to run that way.
+
+[Ports collection]
+
+If you have chosen to install BIND from the ports collection and are
+using it instead of the version in the base system, perform one of the
+following steps:
+
+1) Update your entire ports collection and rebuild the bind8 port.
+
+If you are installing the port for the first time, be sure to edit the
+named_program variable in /etc/rc.conf to point to the installed
+location of the named executable.
+
+The bind8 port can be configured to install itself in /usr and read
+configuration data from /etc so that it is drop-in compatible with the
+system version of BIND.  Install the port as follows:
+
+# cd /usr/ports/net/bind8
+# make PREFIX=/usr PIDDIR=/var/run DESTETC=/etc/namedb \
+ DESTRUN=/var/run all install clean
+
+If you install the BIND port over the top of the system version in
+this way, be sure to add the following line to /etc/make.conf to
+prevent the future rebuilding of the system version during 'make
+world':
+
+NO_BIND=       true    # do not build BIND
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/bind-8.2.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/bind-8.2.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/bind-8.2.3.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the bind8 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above.  The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOniArlUuHi5z0oilAQGE+AQAiwizuORMqyzOw21QFyap2Z7lv7BkYuiC
+9zZ97X3WR+i8AujTfIrhwK1UdO6KFbp5Rjc54f3XHtaMotoRcp3x24xADpGQDP4s
+Xyw267ZoV7ZYuG6VcAgBzq9pqiCnU9rqRQy2aRn/8iCvcl/G5249B3DuMMtLiMw+
+Iuz0OOxWeLM=
+=hanM
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:19.ja-klock.asc b/share/security/advisories/FreeBSD-SA-01:19.ja-klock.asc
new file mode 100644
index 0000000000..f510c598f6
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:19.ja-klock.asc
@@ -0,0 +1,70 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:19                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          ja-xklock port contains a local root compromise
+
+Category:       ports
+Module:         ja-xklock
+Announced:      2001-02-07
+Credits:        Found during internal auditing
+Affects:        Ports collection prior to the correction date.
+Corrected:      See below.
+Vendor status:  N/A
+FreeBSD only:   No
+
+I.   Background
+
+The ja-xklock is a localized xlock clone, which locks an X display.
+
+II.  Problem Description
+
+The ja-xklock port, versions 2.7.1 and earlier, contains an
+exploitable buffer overflow.  Because the xklock program is also
+setuid root, unprivileged local users may gain root privileges on the
+local system.
+
+Because the ja-xklock port is unmaintained and due to the software's
+age, this vulnerability has not yet been corrected.  Additionally, the
+ja-xklock port is scheduled for removal from the ports system if it
+has not been audited and fixed within one month of discovery.  In the
+event the ja-xlock port is corrected, this advisory will be rereleased
+with updated information.
+
+The ja-xklock port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4500 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users may gain root privileges on the local system.
+
+If you have not chosen to install the ja-xklock port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the ja-xklock port/package, if you have installed it.
+
+V.   Solution
+
+It is suggested that an alternative, such as xlock or xlockmore, is
+used instead of the ja-xklock port.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOoGkUFUuHi5z0oilAQGzvwQAkiQisnaY94dUvy+a/RJoeY5j04yQf92u
+P8I5aTWn6CfVP2a5xpRW8I2xRpJtiUAVzNmAYflW9gGgzQL9GXHy8roiaYMP+V7Y
+X3zWhRV7Kb/L9jVKEGurwLaygF6m11AkmWUKbb8Hi95rzsJokTWA93MZK+exKfZ9
+lFBOA3QC2vA=
+=gIGE
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:20.mars_nwe.asc b/share/security/advisories/FreeBSD-SA-01:20.mars_nwe.asc
new file mode 100644
index 0000000000..de1ab42fdf
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:20.mars_nwe.asc
@@ -0,0 +1,98 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:20                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          mars_nwe contains potential remote root compromise
+
+Category:       ports
+Module:         mars_nwe
+Announced:      2001-02-07
+Credits:        Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-01-30
+Vendor status:  Vendor notified
+FreeBSD only:   NO
+
+I.   Background
+
+mars_nwe is a Novell Netware server emulator.
+
+II.  Problem Description
+
+The mars_nwe port, versions prior to 0.99.b19_1, contains a remote
+format string vulerability.  Because of this vulnerability, a
+malicious remote user sending specially-crafted packets may be able to
+execute arbitrary code on the local system, potentially gaining root
+access.
+
+The mars_nwe port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4500 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote users may cause arbitrary code to be executed
+on the local system, potentially gaining root access.
+
+If you have not chosen to install the mars_nwe port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the mars_nwe port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the mars_nwe port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/mars_nwe-0.99.b19_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/mars_nwe-0.99.b19_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/net/mars_nwe-0.99.b19_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/mars_nwe-0.99.b19_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/net/mars_nwe-0.99.b19_1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the mars_nwe port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOoGk4VUuHi5z0oilAQFwUAP9HAYPxR6z25Lg6QzlsWMBJt8UDx7JKZx8
+bR4U9l6IFzNS3p4IgwtiFDrqfCNpRRBtWDrXYmpWdwL2g1cx6MGWLayCeGq6g1ha
+MfKTTPlFrmSorXm6NdtcH33wDD05ScWQPCjhATJT3b4VxcbfmR1SEPxqXBOw6Whe
+MFKc9SisWEc=
+=m02+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:21.ja-elvis.asc b/share/security/advisories/FreeBSD-SA-01:21.ja-elvis.asc
new file mode 100644
index 0000000000..1518c6c8ba
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:21.ja-elvis.asc
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:21                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          ja-elvis and ko-helvis ports contain a local
+                root compromise
+
+Category:       ports
+Module:         ja-elvis/ko-helvis
+Announced:      2001-02-07
+Credits:        Found during internal auditing
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-01-28
+Vendor status:  Vendor notified
+FreeBSD only:   No
+
+I.   Background
+
+The ja-elvis and ko-helvis ports are localized versions of elvis,
+a vi editor clone.
+
+II.  Problem Description
+
+The ja-elvis and ko-helvis ports, versions prior to ja-elvis-1.8.4_1
+and ko-helvis-1.8h2_1, contain an exploitable buffer overflow in the
+elvrec utility.  Because elvrec is setuid root, unprivileged local
+users may gain root privileges on the local system.
+
+The ja-elvis and ko-helvis ports are not installed by default, nor
+are they "part of FreeBSD" as such: they are part of the FreeBSD
+ports collection, which contains over 4500 third-party applications
+in a ready-to-install format.  The ports collections shipped with
+FreeBSD 3.5.1 and 4.2 contain this problem since it was discovered
+after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users may gain root privileges on the local
+system.
+
+If you have not chosen to install the ja-elvis or ko-helvis
+ports/packages, then your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the ja-elvis or ko-helvis port/package, if you have
+installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the ja-elvis or
+ko-helvis port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+
+[ja-elvis]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/japanese/ja-elvis-1.8.4_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/japanese/ja-elvis-1.8.4_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/japanese/ja-elvis-1.8.4_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/japanese/ja-elvis-1.8.4_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/japanese/ja-elvis-1.8.4_1.tgz
+
+[ko-helvis]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/korean/ko-helvis-1.8h2_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/korean/ko-helvis-1.8h2_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/korean/ko-helvis-1.8h2_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/korean/ko-helvis-1.8h2_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/korean/ko-helvis-1.8h2_1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the ja-elvis or ko-helvis port
+from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOoGlh1UuHi5z0oilAQE/ggP/QR9lSQtamdAZCI1WXR2HwwVgu+UITBdK
+QCmYhia7H+YVRUp9Oiya1zZ/FyKQlz1VjoRVQEtU9jeHuo1tocABn6pobZLqc1z+
+gyUHX6vbC4wNVB1PFMX6RYUCpP50K4/QS6kQmLJdspYteCE7om374QyKTzQgoObh
+1FNmh60FcbI=
+=uB1V
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:22.dc20ctrl.asc b/share/security/advisories/FreeBSD-SA-01:22.dc20ctrl.asc
new file mode 100644
index 0000000000..4e11be7279
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:22.dc20ctrl.asc
@@ -0,0 +1,100 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:22                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          dc20ctrl port contains a locally exploitable buffer overflow
+                yielding gid dialer
+
+Category:       ports
+Module:         dc20ctrl
+Announced:      2001-02-07
+Credits:        Found during internal auditing
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-02-07
+Vendor status:  Vendor notified
+FreeBSD only:   No
+
+I.   Background
+
+dc20ctrl is a program to control Kodak DC20 digital cameras.
+
+II.  Problem Description
+
+The dc20ctrl port, versions prior to 0.4_1, contains a locally
+exploitable buffer overflow.  Because the dc20ctrl program is also
+setgid dialer, unprivileged local users may gain gid dialer on the
+local system.  This may allow the users to gain unauthorized access to
+the serial port devices.
+
+The dc20ctrl port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 4500 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users may gain increased privileges on the local
+system including potentially unauthorized access to the serial port
+devices.
+
+If you have not chosen to install the dc20ctrl port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the dc20ctrl port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the dc20ctrl port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/graphics/dc20ctrl-0.4_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/dc20ctrl-0.4_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/graphics/dc20ctrl-0.4_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/dc20ctrl-0.4_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/graphics/dc20ctrl-0.4_1.tgz
+
+NOTE: it may be several days before updated packages are available.
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the dc20ctrl from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOoGyClUuHi5z0oilAQFzvgP/fhW32mvqDBlqUodUFjjWYmRaLJmaU3Wi
+zNm5C/eb36jA9auvmZv9lE4UOlkPng1Kvhg8z0cSvWzhEUNk9IAdklvGsGXhvN/I
+rjJHdVG6qSFmmsfSrlQwwfNqbhivPITM7Iv2xH0WPLoaStvMnFFmm4bERPJ/4hAq
+8O9ZKoRXqyA=
+=J8Ao
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:23.icecast.asc b/share/security/advisories/FreeBSD-SA-01:23.icecast.asc
new file mode 100644
index 0000000000..01177d1b31
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:23.icecast.asc
@@ -0,0 +1,101 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:23                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          icecast port contains remote vulnerability
+
+Category:       ports
+Module:         icecast
+Announced:      2001-03-12
+Credits:        |CyRaX| <cyrax@pkcrew.org>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-03-10
+Vendor status:  Unresponsive
+FreeBSD only:   NO
+
+I.   Background
+
+icecast is a server for streaming MP3 audio.
+
+II.  Problem Description
+
+The icecast software, versions prior to 1.3.7_1, contains multiple
+format string vulnerabilities, which allow a remote attacker to
+execute arbitrary code as the user running icecast, usually the root
+user.
+
+There are a number of other potential abuses of format strings which
+may or may not pose security risks, but have not currently been
+audited.
+
+The icecast port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains nearly 4700 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Arbitrary remote users can execute arbitrary code on the local system
+as the user running icecast, usually the root user.
+
+If you have not chosen to install the icecast port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the icecast port/package, if you have installed it.
+
+V.   Solution
+
+Consider running the icecast software as a non-privileged user to
+minimize the impact of further security vulnerabilities in this
+software.
+
+To upgrade icecast, choose one of the following options:
+
+1) Upgrade your entire ports collection and rebuild the icecast port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/audio/icecast-1.3.7_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/audio/icecast-1.3.7_1.tgz
+
+NOTE: It may be several days before updated packages are available
+
+[alpha]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/audio/icecast-1.3.7_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/audio/icecast-1.3.7_1.tgz
+
+3) download a new port skeleton for the icecast port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOq1b9lUuHi5z0oilAQF0VQQAgjsvLSPtZ1pu6OtkGxuMJhCmmeCvFJvL
+4szsF1csrFrXhaH7z1VjJP8r/Q2NBzWcS3qujkhGRObsGGyvAJKk7QVrqnjXV3gD
+rgLnphjNlKt0VuXafxXwTT8YTxoCbzOHy23aa0KaRWoCAVcVi4AAZs4XHEUgU+Ov
+lWOyEgxUBEk=
+=WM3Y
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:24.ssh.asc b/share/security/advisories/FreeBSD-SA-01:24.ssh.asc
new file mode 100644
index 0000000000..f06f162894
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:24.ssh.asc
@@ -0,0 +1,260 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:24                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          SSH1 implementations may allow remote system, data compromise
+
+Category:       core/ports
+Module:         openssh, ssh
+Announced:      2001-02-12
+Credits:	Michal Zalewski <lcamtuf@razor.bindview.com> (Vulnerability 1)
+                Core-SDI (http://www.core-sdi.com) (Vulnerability 2)
+Affects:        FreeBSD 4.x, 4.2-STABLE prior to the correction date
+                Ports collection prior to the correction date.
+Corrected:      OpenSSH [FreeBSD 4.x base system]:
+                   2000-12-05 (Vulnerability 1)
+                   2001-02-11 (Vulnerability 2)
+                OpenSSH [ports]:
+                   2001-02-09 (Vulnerability 1)
+                   2001-02-11 (Vulnerability 2)
+                ssh [ports]:
+                   2001-02-09 (Vulnerability 1)
+                   2001-02-09 (Vulnerability 2)
+Vendor status:  Patches released.
+FreeBSD only:   NO
+
+I.   Background
+
+OpenSSH is an implementation of the SSH1 and SSH2 secure shell
+protocols for providing encrypted and authenticated network access,
+which is available free for unrestricted use.
+
+An SSH1 client/server (ssh) from ssh.com is included in the ports
+collection.  This software is not available free of charge for all
+uses, and the FreeBSD Security Officer does not recommend its use.
+
+II.  Problem Description
+
+There are two flaws in the SSH1 protocol as implemented by OpenSSH and
+ssh.
+
+Vulnerability 1:
+
+  An integer overflow may allow arbitrary remote users to obtain root
+  permissions on the server running sshd.  This is due to a coding
+  mistake in code intended to work around a protocol flaw in the SSH1
+  protocol.  This vulnerability was corrected in OpenSSH 2.3.0, which
+  was committed to FreeBSD 4.2-STABLE on 2000-12-05.
+
+Vulnerability 2;
+
+  Remote attackers who can observe the encrypted contents of a user's
+  SSH1 session, and who have the ability to mount large numbers of
+  connections fo the SSH1 server may be able to break the transient
+  server key used by the server to negotiate encryption parameters for
+  the session, and from there can decrypt the entire contents of the
+  snooped connection.  The transient key has a lifetime of only one
+  hour by default, but all snooped SSH1 sessions captured within this
+  timeframe may be broken if the attack is successful.
+
+  This attack is mitigated by the requirement to initiate large
+  numbers of SSH1 protocol connections to the server during the
+  lifetime of the key.  On average a sustained connection rate of
+  around 400 connections and SSH1 protocol handshakes must be carried
+  out per second to have a high chance of succeeding within the 1 hour
+  lifetime of the server key.  OpenSSH contains rate-limiting code
+  which will limit the number of outstanding connections to a fraction
+  of this number in the default configuration, and computational and
+  network limitations may reduce this number still further.
+  Therefore, though the potential impact of this flaw is great, it is
+  made very difficult to exploit in practice.  However, note that even
+  though the chances of success are reduced, the vulnerability is not
+  eliminated.
+
+OpenSSH is installed if you chose to install the 'crypto' distribution
+at install-time or when compiling from source, and is installed and
+enabled by default as of FreeBSD 4.1.1-RELEASE.  By default SSH1
+protocol support is enabled.
+
+If SSH1 protocol support has been disabled in OpenSSH, it is not
+vulnerable to these attacks.  They do not affect implementations of
+the SSH2 protocol, such as OpenSSH run in SSH2-only mode.
+
+Versions of the OpenSSH port prior to openssh-2.2.0_2, and versions
+of the ssh port prior to ssh-1.2.27_3 are vulnerable to these attacks.
+
+III. Impact
+
+Arbitrary remote users may be able to execute arbitrary code as root
+on an SSH1 server accepting connections via the SSH1 protocol.
+
+Remote users who can snoop the encrypted contents of SSH1 sessions
+belonging to other users, and who can mount a very high rate of
+connections to the server may be able to mount an attack leading to
+the ability to decrypt these sessions.  This attack may disclose
+account password details as well as other sensitive data.
+
+IV.  Workaround
+
+If you are running sshd, disable the use of the SSH1 protocol in
+OpenSSH.  SSH1 contains inherent protocol deficiencies and is not
+recommended for use in high-security environments.  Note that some
+third-party SSH clients are not capable of using the SSH2 protocol,
+however the OpenSSH client (version 2.1 and later) included in FreeBSD
+is SSH2-capable.
+
+To disable SSH1, add the following line to the /etc/ssh/sshd_config
+file (/usr/local/etc/sshd_config for the OpenSSH port):
+
+Protocol 2
+
+and remove any other "Protocol" directives from that file.
+
+Execute the following command as root:
+
+# kill -HUP `cat /var/run/sshd.pid`
+
+This will cause the parent process to reread its configuration file,
+and should not interfere with existing SSH sessions.
+
+V.   Solution
+
+- --[OpenSSH - base system]-----
+
+One of the following:
+
+1) Upgrade to FreeBSD 4.2-STABLE after the correction date.  Note that
+these versions of FreeBSD contain a newer version of OpenSSH (version
+2.3.0) than was in 4.2-RELEASE (version 2.2.0).
+
+2) Download the patch and detached PGP signature from the following
+location:
+
+The following patch applies to FreeBSD 4.2-RELEASE.
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-release.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-release.patch.asc
+
+The folllowing patch applies to FreeBSD 4.2-STABLE which is running
+OpenSSH 2.3.0 (4.2-STABLE dated after 2000-12-05)
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-stable.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:24/sshd-4.2-stable.patch.asc
+
+Verify the detached signature using your PGP utility.
+
+Issue the following commands as root:
+
+# cd /usr/src/crypto/openssh
+# patch -p < /path/to/patch
+# cd /usr/src/secure/lib/libssh
+# make all
+# cd /usr/src/secure/usr.bin/ssh-agent
+# make all install
+# cd /usr/src/secure/usr.sbin/sshd
+# make all install
+
+Finally, if sshd is already running then kill and restart the sshd
+daemon: perform the following command as root:
+
+# kill -KILL `cat /var/run/sshd.pid` && /usr/sbin/sshd
+
+This will not affect sessions in progress.
+
+- --[OpenSSH - port]-----
+
+Use one of the following options to upgrade the OpenSSH software, then
+kill and restart the sshd daemon if it is already running.  This will
+not affect sessions in progress.
+
+To kill and restart the sshd daemon, perform the following command as
+root:
+
+# kill -KILL `cat /var/run/sshd.pid` && /usr/local/sbin/sshd
+
+1) Upgrade your entire ports collection and rebuild the OpenSSH port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/openssh-2.2.0_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-2.2.0_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-2.2.0_2.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+ 
+3) download a new port skeleton for the OpenSSH port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+- --[ssh - port]-----
+
+Use one of the following options to upgrade the ssh software, then
+kill and restart the sshd daemon if it is already running.  This will
+not affect sessions in progress.
+
+To kill and restart the sshd daemon, perform the following command as
+root:
+
+# kill -KILL `cat /var/run/sshd.pid` && /usr/local/sbin/sshd
+
+1) Upgrade your entire ports collection and rebuild the ssh port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/security/ssh-1.2.27_3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/ssh-1.2.27_3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/ssh-1.2.27_3.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+ 
+3) download a new port skeleton for the OpenSSH port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOoiAylUuHi5z0oilAQEoVgP/Qc5UXjRnR3byHZfQyM4VyuwCWAWeAaD7
+HPjlhLTiOb0HUqsVhiraIX5Mgi5ReySj2wREd4EKW9pEKiXfcXCWItivG8PrV/P8
+NHEo5B393r1G8ovtkt3fu0bQ7RhOrxOeHRn5mxbmk8pIrRg7oxeZ02ygJiCV8LqT
+hoOxMmU4FYQ=
+=REEI
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:25.kerberosIV.asc b/share/security/advisories/FreeBSD-SA-01:25.kerberosIV.asc
new file mode 100644
index 0000000000..ead8f8d876
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:25.kerberosIV.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:25                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Local and remote vulnerabilities in Kerberos IV
+
+Category:       core
+Module:         libkrb, telnetd
+Announced:      2001-02-14
+Credits:        Jouko Pynnönen <jouko@solutions.fi>
+Affects:        FreeBSD 4.2-STABLE and 3.5-STABLE prior to the
+                correction dates.
+Corrected:      2000-12-13 (FreeBSD 4.2-STABLE)
+                2000-12-15 (FreeBSD 3.5-STABLE)
+FreeBSD only:   NO
+
+I.   Background
+
+telnetd is the server for the telnet remote login protocol, which is
+available with optional support for the Kerberos authentication
+protocol.  libkrb is the library used for Kerberised applications
+(including telnetd and login).  FreeBSD includes the KTH Kerberos
+implementation, which is externally maintained, contributed software,
+as an optional part of the base system.
+
+II.  Problem Description
+
+The advisory describes three vulnerabilities: first, an overflow in
+the libkrb KerberosIV authentication library, second, improper
+filtering of environmental variables by the KerberosIV-adapted telnet
+daemon, and finally, a temporary file vulnerability in the KerberosIV
+ticket management code.
+
+A buffer overflow exists in the libkrb Kerberos authentication
+library, which may be exploitable by malicious remote authentication
+servers.  This vulnerability exists in the kdc_reply_cipher() call.
+An attacker may be able to overflow this buffer during an
+authentication exchange, allowing the attacker to execute arbitrary
+code with the privileges of the caller of kdc_reply_cipher().
+
+The telnet protocol allows for UNIX environmental variables to be
+passed from the client to the user login session on the server.  The
+base system telnet daemon, telnetd, goes the great lengths to limit
+the variables passed so as to prevent them from improperly influencing
+the login and authentication mechanisms.  The telnet daemon used with
+KerberosIV relied on an incomplete list of improper environment
+variables to remove from the environment before executing the login
+program.  This is a similar vulnerability to that described in
+Security Advisory 00:69.
+
+Two environment variables have been identified that place users of
+Kerberos at risk.  The first allows the remote user to change the
+Kerberos server used for authentication requests, increasing the
+opportunity for an attacker to exploit the buffer overflow.  The
+second allows the configuration directory for Kerberos to be modified,
+allowing an attacker with the right to modify the local file system to
+cause Kerberos to autheticate using an improper configuration
+(including Kerberos realm and server configuration, as well as
+srvtab).  These vulnerabilities may be used to leverage root access.
+
+A race condition exists in the handling of ticket files in /tmp; this
+vulnerability may be exploited by a local user to gain ownership of
+arbitrary files in the file system.  This vulnerability can be
+leveraged to gain root access.
+
+These vulnerabilities only exist on systems which have installed the
+optional Kerberos IV distribution (whether or not it is configured),
+which is not installed by default.
+
+III. Impact
+
+If your system has the KerberosIV distribution installed, remote and
+local users may be able to obtain root privileges on the local system.
+
+IV.  Workaround
+
+To prevent remote root compromise via the telnet service, disable the
+telnet service, which is usually run out of inetd: comment out the
+following lines in /etc/inetd.conf, if present.
+
+telnet  stream  tcp     nowait  root    /usr/libexec/telnetd    telnetd
+
+telnet  stream  tcp6    nowait  root    /usr/libexec/telnetd    telnetd
+
+The local root compromise cannot be easily worked around.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.2-STABLE or
+3.5-STABLE after the respective correction dates.
+
+2) Apply the relevant patch from below and recompile the affected
+files:
+
+Download the relevant patch and detached PGP signature from the
+following locations, and verify the signature using your PGP utility.
+
+[FreeBSD 4.2]
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.4.2.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.4.2.patch.asc
+
+[FreeBSD 3.5.1]
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.3.5.1.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:25/telnetd-krb.3.5.1.patch.asc
+
+NOTE: This patch assumes you have already applied the patch in security advisory
+SA-00:69.
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# cd /usr/src/kerberosIV
+# make depend && make all install
+# cd /usr/src/libexec/telnetd
+# make depend && make all install
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOopfGFUuHi5z0oilAQGIZwP+OTdYs+CQQ0oZegWsQRNkf6CJCCCu/ban
+XWs5wIwEFESq8rCdtg4c6y2RKdF+oySU05nXRYG3gl2Il+71zjhTUnsXi2mM5WHi
+on6m8GOB9EGurb2xszuqNBREa61wGoYZTptzm/NKW7meaDVDlCwe1Mq+orz7ai3m
+WrEZuR94UFU=
+=TyCm
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:26.interbase.asc b/share/security/advisories/FreeBSD-SA-01:26.interbase.asc
new file mode 100644
index 0000000000..a4f03e7c36
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:26.interbase.asc
@@ -0,0 +1,85 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:26                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          interbase contains remote backdoor
+
+Category:       ports
+Module:         interbase
+Announced:      2001-03-12
+Credits:        Firebird project <http://firebird.sourceforge.net>
+Affects:        Ports collection prior to the correction date.
+Corrected:      See below.
+Vendor status:  No update released
+FreeBSD only:   NO
+
+I.   Background
+
+Interbase is a SQL database server from Borland.
+
+II.  Problem Description
+
+The interbase software contains a remote backdoor account, which was
+apparently introduced by the vendor in 1992.  The interbase source
+code has recently been released and is the basis for a derivative
+project called firebird, who are credited with discovering the
+vulnerability.
+
+The backdoor account has full read and write access to databases
+stored on the server, and also gives the ability to write to arbitrary
+files on the server as the user running the interbase server (usually
+user root).  Remote attackers may connect to the database on TCP port
+3050.
+
+The interbase port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains nearly 4700 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users who can connect to the interbase database server can
+obtain full access to all databases using a backdoor account built
+into the server itself.  This account cannot be disabled.
+
+If you have not chosen to install the interbase port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+1) Deinstall the interbase port/package, if you have installed it.
+
+2) Use packet filters on your perimeter firewalls, or ipfw(8)/ipf(8)
+on the interbase server to prevent connections from untrusted systems
+to TCP port 3050 on the interbase server.  Note that local users, or
+arbitrary users on systems permitted to connect to the TCP port can
+still access the backdoor account.
+
+3) Migrate to the firebird database, which is an open-source
+derivative of the interbase software which does not contain the
+backdoor account.
+
+V.   Solution
+
+The FreeBSD port of interbase is not provided by Borland -- it is
+provided in binary form from Rios Corporation -- and there does not
+appear to be a patch available for the security vulnerability.
+Therefore there is currently no complete solution to this security
+vulnerability; see the previous section for possible workarounds.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOq1c21UuHi5z0oilAQEfhgP/aoWhV5eBmmKkYcpVxRhu+FkkOYJvIwih
+RIsCmTKISP5f0smt37Qw4B0o5F2EmAUVncYFNGK39Co+Pxr9eyRx0PD4HvX8JnZ3
+7QtqRE4Oh2LwX0xpd9tpUpT1yxdGX9u+TSB+9MdB5hIyEsnRjwuMwZn1vUOBB8uk
+whVMpvQLc/w=
+=C9Nl
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:27.cfengine.asc b/share/security/advisories/FreeBSD-SA-01:27.cfengine.asc
new file mode 100644
index 0000000000..2a081a83be
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:27.cfengine.asc
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:27                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          cfengine port contains remote root vulnerability
+
+Category:       ports
+Module:         cfengine
+Announced:      2001-03-12
+Credits:        Pekka Savola <pekkas@NETCORE.FI>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-01-21
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+cfengine is a system for automating the configuration and maintenance
+of large networks.
+
+II.  Problem Description
+
+The cfengine port, versions prior to 1.6.1, contained several format
+string vulnerabilities which allow a remote attacker to execute
+arbitrary code on the local system as the user running cfengine,
+usually user root.
+
+The cfengine port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains nearly 4700 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Arbitrary remote users can execute code on the local system as the
+user running cfengine, usually user root.
+
+If you have not chosen to install the cfengine port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+One of the following:
+
+1) Deinstall the cfengine port/package, if you have installed it.
+
+2) Implement access controls on connections to the cfengine server,
+either at the application level using the cfengine configuration file,
+or by using network-level packet filtering on the local system using
+ipfw(8)/ipf(8), or on the perimeter firewalls.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the cfengine port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/sysutils/cfengine-1.6.3.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/sysutils/cfengine-1.6.3.tar.gz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the cfengine port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOq1dclUuHi5z0oilAQFhhAQApfRMj88GYMKiTtLeyjWeaDLFIlDjUTl4
+fF1QQNzetOSIoVjA+CsbkTgsX/c8B6Lc7BuTI7K3BLKUu2QC2GbYkn5/ymCdYQeE
+dW2S00bMdBP6GwURAdFnizezkZq5Y3oEVYXVL4s91M9jb3wCwNOwnbfKH/aegFvL
+ZOjDvMUdjb0=
+=yzjS
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:28.timed.asc b/share/security/advisories/FreeBSD-SA-01:28.timed.asc
new file mode 100644
index 0000000000..87c093a1c8
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:28.timed.asc
@@ -0,0 +1,92 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:28                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          timed allows remote denial of service
+
+Category:       core
+Module:         timed
+Announced:      2001-03-12
+Credits:        Discovered during internal source code auditing
+Affects:        All released versions of FreeBSD 3.x, 4.x.
+                FreeBSD 3.5-STABLE prior to the correction date.
+                FreeBSD 4.2-STABLE prior to the correction date.
+Corrected:      2001-03-10 (FreeBSD 3.5-STABLE)
+                2001-01-07 (FreeBSD 4.2-STABLE)
+FreeBSD only:   NO
+
+I.   Background
+
+timed(8) is a server for the Time Synchronisation Protocol, for
+synchronising the system clocks of multiple clients.
+
+II.  Problem Description
+
+Malformed packets sent to the timed daemon could cause it to crash,
+thereby denying service to clients if timed is not run under a
+watchdog process which causes it to automatically restart in the event
+of a failure.  The timed daemon is not run in this way in the default
+invocation from /etc/rc.conf using the timed_enable variable.
+
+The timed daemon is not enabled by default, and its use is not
+recommended (FreeBSD includes ntpd(8), the network time protocol
+daemon, which provides superior functionality).
+
+All versions of FreeBSD 3.x and 4.x prior to the correction date
+including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this
+problem, if they have been configued to run timed.  It was corrected
+prior to the forthcoming release of FreeBSD 4.3.
+
+III. Impact
+
+Remote users can cause the timed daemon to crash, denying service to
+clients.
+
+IV.  Workaround
+
+Implement packet filtering at perimeter firewalls or on the local
+machine using ipfw(8)/ipf(8) to prevent untrusted users from
+connecting to the timed service.  The timed daemon listens on UDP port
+525 by default.
+
+V.   Solution
+
+Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE
+after the respective correction dates.
+
+To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:28/timed.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:28/timed.patch.asc
+
+This patch has been verified to apply to FreeBSD 4.2-RELEASE and
+FreeBSD 3.5.1-RELEASE.  It may or may not apply to older releases.
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/usr.sbin/timed/timed
+# patch -p < /path/to/patch
+# make depend && make all install
+
+Kill and restart timed to cause the changes to take effect.  If you
+have started timed with non-standard options (e.g. by setting
+timed_flags in /etc/rc.conf) then the below command will need to be
+modified appropriately.
+
+# killall -KILL timed
+# /usr/sbin/timed
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOq1emVUuHi5z0oilAQEYEwP/cPNMQO7LjlEs2/MyxJwVKpQLRzmprJjQ
+i2QpXEvkZgXSxAcIh15jNsR1TPwUnzCRWHZ5touw0DxTbTbMsnzRVx0/P5jGmQCT
+6n5Z11puyEg336zET+tGhVnEt9Ybm7Z/h7Et+njVRTVqbe2AtpFeSbI5NXlZCgs6
+ZUYxdLUhfPM=
+=Dw88
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:29.rwhod.asc b/share/security/advisories/FreeBSD-SA-01:29.rwhod.asc
new file mode 100644
index 0000000000..56de22964c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:29.rwhod.asc
@@ -0,0 +1,88 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:29                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          rwhod allows remote denial of service
+
+Category:       core
+Module:         rwhod
+Announced:      2001-03-12
+Credits:        Mark Huizer <xaa@xaa.iae.nl>
+Affects:        All released versions of FreeBSD 3.x, 4.x.
+                FreeBSD 3.5-STABLE prior to the correction date.
+                FreeBSD 4.2-STABLE prior to the correction date.
+Corrected:      2000-12-23 (FreeBSD 3.5-STABLE)
+                2000-12-22 (FreeBSD 4.2-STABLE)
+FreeBSD only:   NO
+
+I.   Background
+
+rwhod(8) is a server which implements the rwho protocol, which
+communicates information on system uptime and logged-in users between
+machines on a network.
+
+II.  Problem Description
+
+Malformed packets sent to the rwhod daemon could cause it to crash,
+thereby denying service to clients if rwhod is not run under a
+watchdog process which causes it to automatically restart in the event
+of a failure.  The rwhod daemon is not run in this way in the default
+invocation from /etc/rc.conf using the rwhod_enable variable.
+
+All versions of FreeBSD 3.x and 4.x prior to the correction date
+including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this
+problem, if they have been configued to run rwhod (this is not enabled
+by default).
+
+III. Impact
+
+Remote users can cause the rwhod daemon to crash, denying service to
+clients.
+
+IV.  Workaround
+
+Implement packet filtering at perimeter firewalls or on the local
+machine using ipfw(8)/ipf(8) to prevent untrusted users from
+connecting to the rwhod service.  The rwhod daemon listens on UDP port
+513 by default.
+
+V.   Solution
+
+Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE
+after the respective correction dates.
+
+To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:29/rwhod.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:29/rwhod.patch.asc
+
+This patch has been verified to apply to FreeBSD 4.2-RELEASE and
+FreeBSD 3.5.1-RELEASE.  It may or may not apply to older releases.
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/usr.sbin/rwhod
+# patch -p < /path/to/patch
+# make depend && make all install
+
+Kill and restart rwhod to cause the changes to take effect.  If you
+have started rwhod with non-standard options (e.g. by setting
+rwhod_flags in /etc/rc.conf) then the below command will need to be
+modified appropriately.
+
+# killall -KILL rwhod
+# /usr/sbin/rwhod
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOq1fmlUuHi5z0oilAQG05QP/bQpUXpXc+X3/k/jbqgxjNOXwfzYRwNph
+trCjRBKDKZrBGvlS2mTSbyisn6Rcv5PhigVAmU7sllrrXmYDCuMjNoMQqIhRwMax
+ojaklsg6F8rX3zNwUlaQp45ZYiJ9Zi34kkRRnZQ5oAFciS6I/3tYnP9t0Sedbbsi
+V/na+hI/Gtk=
+=TskQ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:30.ufs-ext2fs.asc b/share/security/advisories/FreeBSD-SA-01:30.ufs-ext2fs.asc
new file mode 100644
index 0000000000..62fb1c5da7
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:30.ufs-ext2fs.asc
@@ -0,0 +1,90 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:30                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          UFS/EXT2FS allows disclosure of deleted data
+
+Category:       kernel
+Module:         ufs/ext2fs
+Announced:      2001-03-22
+Credits:        Sven Berkvens <sven@berkvens.net>, Marc Olzheim <zlo@zlo.nu>
+Affects:        All released versions of FreeBSD 3.x, 4.x.
+                FreeBSD 3.5-STABLE prior to the correction date.
+                FreeBSD 4.2-STABLE prior to the correction date.
+Corrected:      2000-12-22 (FreeBSD 3.5-STABLE)
+                2000-12-22 (FreeBSD 4.2-STABLE)
+FreeBSD only:   NO
+
+I.   Background
+
+UFS is the Unix File System, used by default on FreeBSD systems and
+many other UNIX variants.  EXT2FS is a filesystem used by default on
+many Linux systems, which is also available on FreeBSD.
+
+II.  Problem Description
+
+There exists a data consistency race condition which allows users to
+obtain access to areas of the filesystem containing data from deleted
+files.  The filesystem code is supposed to ensure that all filesystem
+blocks are zeroed before becoming available to user processes, but in
+a certain specific case this zeroing does not occur, and unzeroed
+blocks are passed to the user with their previous contents intact.
+Thus, if the block contains data which used to be part of a file or
+directory to which the user did not have access, the operation results
+in unauthorized access of data.
+
+All versions of FreeBSD 3.x and 4.x prior to the correction date
+including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this
+problem.  This problem is not specific to FreeBSD systems and is
+believed to exist on many filesystems.
+
+This problem was corrected prior to the forthcoming release of FreeBSD
+4.3.
+
+III. Impact
+
+Unprivileged users may obtain access to data which was part of deleted
+files.
+
+IV.  Workaround
+
+None appropriate.
+
+V.   Solution
+
+Upgrade your vulnerable FreeBSD system to 3.5-STABLE or 4.2-STABLE
+after the respective correction dates.
+
+To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:30/fs.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+This patch has been verified to apply against FreeBSD 3.5.1-RELEASE,
+FreeBSD 4.1.1-RELEASE and FreeBSD 4.2-RELEASE.  It may or may not
+apply to older, unsupported releases.
+
+# cd /usr/src
+# patch -p < /path/to/patch
+
+Rebuild and reinstall your kernel as described in the FreeBSD handbook
+at the following URL:
+
+  http://www.freebsd.org/handbook/kernelconfig.html
+
+and reboot for the changes to take effect.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOrpp2lUuHi5z0oilAQEXFwQAjIKJPtcwJOW2nyLkkIl9Ma59xpuOWEHL
+gZr7KQ6xi2KVH8D6Jztt8gaF+Qb3HRyq8BQUzqL20f+O8yfr8IyX0w5OWu1VkEYu
+ctKKwhMRtd+Cc4L9Y56Ck3DhK5CgDwCVUlThNShR8/omKFd+pWulYcaIdKwTzZIe
+aCnSgvTvAHU=
+=Jn5m
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:31.ntpd.asc b/share/security/advisories/FreeBSD-SA-01:31.ntpd.asc
new file mode 100644
index 0000000000..64be9ab2c3
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:31.ntpd.asc
@@ -0,0 +1,160 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:31                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          ntpd contains potential remote compromise
+
+Category:       core/ports
+Module:         ntpd
+Announced:      2001-04-06
+Credits:        Przemyslaw Frasunek <venglin@FREEBSD.LUBLIN.PL>
+Affects:        FreeBSD 3.x (all releases), FreeBSD 4.x (all releases),
+                FreeBSD 3.5-STABLE and 4.2-STABLE prior to the
+                correction date.
+                Ports collection prior to the correction date.
+Corrected:      2001-04-06 (FreeBSD 4.2-STABLE, 3.5-STABLE, and ports)
+Vendor status:  Vendor notified.
+FreeBSD only:   NO
+
+I.   Background
+
+The ntpd daemon is an implementation of the Network Time Protocol
+(NTP) used to synchronize the time of a computer system to a
+reference time source.  Older versions of ntpd, such as those in
+FreeBSD 3.x, were named xntpd.
+
+II.  Problem Description
+
+An overflowable buffer exists in the ntpd daemon related to the
+building of a response for a query with a large readvar argument.
+Due to insufficient bounds checking, a remote attacker may be able
+to cause arbitrary code to be executed as the user running the
+ntpd daemon, usually root.
+
+All versions of FreeBSD prior to the correction date, including
+FreeBSD 3.5.1 and 4.2, and versions of the ntpd port prior to
+ntp-4.0.99k_2 contain this problem.  The base system and ports
+collections that will ship with FreeBSD 4.3 do not contain this
+problem since it was corrected before the release.
+
+III. Impact
+
+Malicious remote users may be able to execute arbitrary code on an
+ntpd server as the user running the ntpd daemon, usually root.
+
+The ntpd daemon is not enabled by default.  If you have not enabled
+ntpd, your system is not vulnerable.
+
+IV.  Workaround
+
+Disable the ntpd daemon using the following command:
+
+# kill -KILL `cat /var/run/ntpd.pid`
+
+Additionally, the ntpd daemon should be disabled in the system's
+startup configuration file /etc/rc.conf, normally accomplished by
+changing "xntpd_enable=YES" to "xntpd_enable=NO".
+
+Since NTP is a stateless UDP-based protocol, source addresses can be
+spoofed rendering firewalling ineffective for stopping this
+vulnerability.
+
+V.   Solution
+
+[Base system]
+
+One of the following:
+
+1) Upgrade to FreeBSD 4.2-STABLE or 3.5.1-STABLE after the correction
+date.
+
+2) Download the patch and detached PGP signature from the following
+location:
+
+The following patch applies to FreeBSD 4.x.
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:31/ntpd-4.x.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:31/ntpd-4.x.patch.asc
+
+The folllowing patch applies to FreeBSD 3.x.
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:31/ntpd-3.x.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:31/ntpd-3.x.patch.asc
+
+Verify the detached signature using your PGP utility.
+
+Issue the following commands as root:
+
+[FreeBSD 4.x]
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# cd /usr/src/usr.sbin/ntp
+# make all install
+
+[FreeBSD 3.x]
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# cd /usr/src/usr.sbin/xntpd
+# make all install
+
+Finally, if ntpd is already running then kill and restart the ntpd
+daemon: perform the following command as root:
+
+# kill -KILL `cat /var/run/ntpd.pid` && /usr/sbin/ntpd
+
+[Ports collection]
+
+Use one of the following options to upgrade the ntpd software, then
+kill and restart the ntpd daemon if it is already running.
+
+To kill and restart the ntpd daemon, perform the following command as
+root:
+
+# kill -KILL `cat /var/run/ntpd.pid` && /usr/local/sbin/ntpd
+
+1) Upgrade your entire ports collection and rebuild the ntpd port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/net/ntp-4.0.99k_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/ntp-4.0.99k_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/ntp-4.0.99k_2.tgz
+
+NOTE: It may be several days before updated packages are available.
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+ 
+3) download a new port skeleton for the ntpd port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBOs5Oi1UuHi5z0oilAQGb+QP+MqTyEGJBziGnw2gHwAnK3lAaMFyKurBc
+cgpm61uWpOBsTnJGJ9t5uI3IGPjxsjjmyZR2ONYMIUCRC2b6MA21oEsenD3F8Jeu
+UphzKdv9IswnSkZFRI5v0PoFtUOKihDU1SLfp2DKjJel8HralhYuDiCOQ/pIpGCj
+emIKnwcGVu4=
+=FTKv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:32.ipfilter.asc b/share/security/advisories/FreeBSD-SA-01:32.ipfilter.asc
new file mode 100644
index 0000000000..e3cc8960af
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:32.ipfilter.asc
@@ -0,0 +1,108 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:32                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          IPFilter may incorrectly pass packets [REVISED]
+
+Category:       core
+Module:         IPFilter
+Announced:      2001-04-16
+Revised:        2001-04-19
+Credits:        Thomas Lopatic <thomas@lopatic.de>
+Affects:        FreeBSD 3.x (all releases), FreeBSD 4.x (all releases),
+                FreeBSD 3.5-STABLE, and 4.2-STABLE prior to the
+                correction date.
+Corrected:      2001-04-07 (FreeBSD 4.2-STABLE)
+Vendor status:  Corrected
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2001-04-16  Initial release
+v1.1  2001-04-19  Corrected patch location
+
+I.   Background
+
+IPFilter is a multi-platform packet filtering package.
+
+II.  Problem Description
+
+When matching a packet fragment, insufficient checks were performed
+to ensure the fragment is valid.  In addition, the fragment cache is
+checked before any rules are checked.  Even if all fragments are
+blocked with a rule, fragment cache entries can be created by
+packets that match currently held state information.  Because of
+these discrepancies, certain packets may bypass filtering rules.
+
+All versions of FreeBSD prior to the correction date, including
+FreeBSD 3.5.1 and 4.2, contain this problem.  The base system that
+will ship with FreeBSD 4.3 does not contain this problem since it
+was corrected during the beta cycle before the release.
+
+III. Impact
+
+Malicious remote users may be able to bypass filtering rules, allowing
+them to potentially circumvent the firewall.
+
+IPFilter is not enabled by default.  If you have not enabled IPFilter,
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Since fragment cache matching occurs before filtering rules checking,
+it is not possible to work around this problem using IPFilter rules.
+
+V.   Solution
+
+[FreeBSD 3.x]
+
+Due to the age of the IPFilter package shipped with FreeBSD 3.x, it
+is recommended that FreeBSD 3.x systems update to IPFilter 3.4.17
+using the package available from the authors website:
+http://coombs.anu.edu.au/~avalon/ip-filter.html
+
+[FreeBSD 4.x]
+
+One of the following:
+
+1) Upgrade to FreeBSD 4.2-STABLE after the correction date.
+
+2) Download the patch and detached PGP signature from the following
+location:
+
+The following patch applies to FreeBSD 4.1-RELEASE through 4.2-STABLE.
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:32/ipfilter.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:32/ipfilter.patch.asc
+
+Verify the detached signature using your PGP utility.
+
+Issue the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/patch
+
+If the system is using ipfilter as a kernel module, the module may be
+rebuilt and installed and ipfilter rules reloaded with the following
+commands:
+
+# cd /usr/src/sys/modules/ipfilter
+# make all install
+# kldunload ipl && kldload ipf && ipf -Fa -f /etc/ipf.rules
+
+Otherwise, if ipfilter is compiled into the kernel, a new kernel will
+need to be compiled and installed and the system will have to be
+rebooted for the changes to take effect.
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOt860lUuHi5z0oilAQF3YAP/QjuLc+e2gGAiuQSxfi9wE5Kw9Q4pYp66
+SNFxhz1cvfg/zfCe81bM3+M/GYDAZEqrmWsfvObKXuU+8BCMeJ/C+Jifu+P6hO4K
+galMavQ5UTzwnw4lwK4VU/D7zefX5HHOXk0jb/Q6DFs/4KKIFCmGHoBYhuGKbwm0
+soEQYwDEAps=
+=nkCa
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:33.ftpd-glob.asc b/share/security/advisories/FreeBSD-SA-01:33.ftpd-glob.asc
new file mode 100644
index 0000000000..0fb5739a61
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:33.ftpd-glob.asc
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:33                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          globbing vulnerability in ftpd [REVISED]
+
+Category:       core
+Module:         ftpd/libc
+Announced:      2001-04-17
+Revised:        2001-04-19
+Credits:        John McDonald and Anthony Osborne, COVERT Labs
+Affects:        FreeBSD 3.x (all releases), FreeBSD 4.x (all releases),
+                FreeBSD 3.5-STABLE and 4.3-RC prior to the
+                correction date.
+Corrected:      2001-04-17 (FreeBSD 4.3-RC)
+                2001-04-17 (FreeBSD 3.5-STABLE)
+Vendor status:  Corrected
+FreeBSD only:   NO
+
+0.   Revision History
+
+2001-04-17  v1.0  Initial release
+2001-04-19  v1.1  Corrected patch and patch instructions
+
+I.   Background
+
+Numerous FTP daemons, including the daemon distributed with FreeBSD,
+use server-side globbing to expand pathnames via user input.  This
+globbing is performed by FreeBSD's glob() implementation in libc.
+
+II.  Problem Description
+
+The glob() function contains potential buffer overflows that may be
+exploitable through the FTP daemon.  If a directory with a name of
+a certain length is present, a remote user specifying a pathname
+using globbing characters may cause arbitrary code to be executed
+on the FTP server as user running ftpd, usually root.
+
+Additionally, when given a path containing numerous globbing
+characters, the glob() functions may consume significant system
+resources when expanding the path.  This can be controlled by
+setting user limits via /etc/login.conf and setting limits on
+globbing expansion.
+
+All versions of FreeBSD prior to the correction date, including
+FreeBSD 3.5.1 and 4.2 contain this problem.  The base system that
+will ship with FreeBSD 4.3 does not contain this problem since it
+was corrected before the release.
+
+III. Impact
+
+Remote users may be able to execute arbitrary code on the FTP server
+as the user running ftpd, usually root.
+
+The FTP daemon supplied with FreeBSD is enabled by default to allow
+access to authorized local users and not anonymous users, thus
+limiting the impact to authorized local users.
+
+IV.  Workaround
+
+If the FTP daemon is executed from inetd, disable the FTP daemon by
+commenting out the ftp line in /etc/inetd.conf, then reload the
+inetd configuration by executing the following command as root:
+
+# killall -HUP inetd
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade to FreeBSD 4.3-RC or 3.5.1-STABLE after the correction
+date.
+
+2) Download the patch and detached PGP signature from the following
+location:
+
+The following patch applies to FreeBSD 4.x:
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.4.x.patch.asc
+
+The following patch applies to FreeBSD 3.x:
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:33/glob.3.x.patch.asc
+
+Verify the detached signature using your PGP utility.
+
+Issue the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# cp /usr/src/include/glob.h /usr/include/
+# cd /usr/src/lib/libc
+# make all install
+# cd /usr/src/libexec/ftpd
+# make all install
+
+If the FTP daemon is running standalone, it will have to be manually
+stopped and restarted.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOt83elUuHi5z0oilAQGvLwP+Mg6yScJhgTuGnJ1037opvwPEbKb0JWF4
+CuC8lKB0xV3BMQhQ8BRC3RVJWptFDv8qlWxW7kCyiuYk19oS8IUsllvwD6uftHZI
+iph5TF3F37DNiE2lEp4T5/VSPqkEaYoV0Iu9+S43V7M2dPWVPS4tziPQamtBupdQ
+OhsFSsEGgVU=
+=AV6T
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:34.hylafax.asc b/share/security/advisories/FreeBSD-SA-01:34.hylafax.asc
new file mode 100644
index 0000000000..5ef959f5fb
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:34.hylafax.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:34                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          hylafax contains local compromise
+
+Category:       ports
+Module:         hylafax
+Announced:      2001-04-23
+Credits:        Marcin Dawcewicz <miv@IIDEA.PL>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-04-17
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+HylaFAX is a facsimile system for UNIX systems.
+
+II.  Problem Description
+
+The hylafax port, versions prior to hylafax-4.1.b2_2, contains a
+format string bug in the hfaxd program.  A local user may execute
+the hfaxd program with command-line arguments containing format string
+characters, potentially gaining root privileges on the local system.
+
+The hylafax port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 5000 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+The ports collection that shipped with FreeBSD 4.3 is not vulnerable
+since this problem was corrected prior to the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local users may gain root privileges on the local system.
+
+If you have not chosen to install the hylafax port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the hylafax port/package if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the hylafax port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/comms/hylafax-4.1.b2_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/comms/hylafax-4.1.b2_2.tgz
+
+NOTE: it may be several days before updated packages are available.
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the hylafax port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBOuTqs1UuHi5z0oilAQEWwgQAlhOuE800ddI0J9hiGsQKli2LJyQ18ObQ
+w0/rdjahJDkOLrx5IGlFe9M1IzjbeXauYT6TUnaOxfwMo58bUy1T7QZ9ROUYzE39
+DzrN1JmjcTshG3HdgsdVfSwjQirYpN6uvRVWQx6ncMpuN5bSw3RZ3ci4WH/LsKty
+tZ9P/gD6bAs=
+=EFP3
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:35.licq.asc b/share/security/advisories/FreeBSD-SA-01:35.licq.asc
new file mode 100644
index 0000000000..62312d1378
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:35.licq.asc
@@ -0,0 +1,100 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:35                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          licq contains multiple remote vulnerabilities
+
+Category:       ports
+Module:         licq
+Announced:      2001-04-23
+Credits:        Stan Bubrouski <stan@ccs.neu.edu>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-03-13
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+licq is an ICQ client.
+
+II.  Problem Description
+
+The licq port, versions prior to 1.0.3, contains a vulnerability in
+URL parsing.  URLs received by the licq program are passed to the
+web browser using the system() function.  Since licq performs no
+sanity checking, a remote attacker may be able to pipe commands
+contained in the URL causing the client to execute arbitrary
+commands.  Additionally, the licq program also contains a buffer
+overflow in the logging functions allowing a remote attacker to
+cause licq to crash and potentially execute arbitbrary code on the
+local machine as the user running licq.
+
+The licq port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 5000 third-party applications in a ready-to-install format.  The
+ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this
+problem since it was discovered after the releases.  The ports
+collection that shipped with FreeBSD 4.3 is not vulnerable since this
+problem was corrected prior to the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote attackers may be able to crash licq or execute arbitrary
+commands on the local machine as the user running the licq program.
+
+If you have not chosen to install the licq port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the licq port/package if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the licq port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/licq-1.0.3.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/licq-1.0.3.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the licq port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBOuTqtFUuHi5z0oilAQGRMAQAkun9z8bA3ZGNHt0MjYrFdjFCg8EWZ4H6
+3e7pQxTXJktJkI6NgNVqycjezo4PMrTI5BOm8wMjnCpElI0sapZdf5mso65iJd8D
+WOrQYGsPA4//1tjv7P/VAtc61k53kr0HzwvZbczwbhiQqkEKFxxN4kyRuF4f9eQ1
+dFkYSVA+kVg=
+=J8Cm
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:36.samba.asc b/share/security/advisories/FreeBSD-SA-01:36.samba.asc
new file mode 100644
index 0000000000..3bde85466b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:36.samba.asc
@@ -0,0 +1,106 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:36                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          samba ports contain locally exploitable /tmp races
+
+Category:       ports
+Module:         samba
+Announced:      2001-04-23
+Credits:        Marcus Meissner <Marcus.Meissner@caldera.de>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-04-18
+Vendor status:  Updated version released
+FreeBSD only:   No
+
+I.   Background
+
+Samba is an implementation of the Server Message Block (SMB)
+protocol.
+
+II.  Problem Description
+
+The samba ports, versions prior to samba-2.0.8 and samba-devel-2.2.0,
+contain /tmp races that may allow local users to cause arbitrary
+files and devices to be overwritten.  Due to easily predictable
+printer queue cache file names, local users may create symbolic links
+to any file or device causing it to be corrupted when a remote user
+accesses a printer.  In addition, the file will be left with world-
+writable permission allowing any user to enter their own data.
+
+The samba ports are not installed by default, nor are they "part of
+FreeBSD" as such: they are part of the FreeBSD ports collection, which
+contains over 5000 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 3.5.1 and 4.2
+contain this problem since it was discovered after the releases.
+The ports collection that shipped with FreeBSD 4.3 is not vulnerable
+since this problem was corrected prior to the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users may cause arbitrary files or devices to be
+corrupted and gain increased privileges on the local system.
+
+If you have not chosen to install the samba ports/packages, then
+your system is not vulnerable to this problem.
+
+Samba servers that do not have any printers configured are not
+vulnerable.
+
+IV.  Workaround
+
+Deinstall the samba port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the samba port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-2.0.8.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-2.0.8.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-devel-2.2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-devel-2.2.0.tgz
+
+NOTE: it may be several days before updated packages are available.
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the samba from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBOuTqtVUuHi5z0oilAQEaFAQAlriJxzRK8s/UnIJliIIGqZgdp+bTiKfs
+XV66+DD0+RZtWcsjPx5imCCfsWJgdurq9JpM6iWYJCir34wargJygpZRWSU/Pnov
+yKw2IrNbOVkp4ASRbXCqLm+Z6WZKXhbJN+f/8N+ts2XVk+QJrZWzCRqa1ynyx1I1
+MpvXhM9lTvk=
+=qspP
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:37.slrn.asc b/share/security/advisories/FreeBSD-SA-01:37.slrn.asc
new file mode 100644
index 0000000000..2c6c89be7c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:37.slrn.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:37                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          slrn contains remotely-exploitable buffer overflow
+
+Category:       ports
+Module:         slrn
+Announced:      2001-04-23
+Credits:        Bill Nottingham
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-04-04
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+slrn is a slang-based NNTP news reader.
+
+II.  Problem Description
+
+The slrn port, versions prior to slrn-0.9.7.0, contains a buffer
+overflow in the wrapping/unwrapping functions of message header
+parsing.  If a sufficiently long header is parsed, a buffer may
+overflow allowing the execution of arbitrary code contained in a
+message header as the user running the slrn program.
+
+The slrn port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 5000 third-party applications in a ready-to-install format.  The
+ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this
+problem since it was discovered after the releases.  The ports
+collection that shipped with FreeBSD 4.3 is not vulnerable since this
+problem was corrected prior to the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Arbitrary code may be executed on the local machine as the user
+running the slrn program.
+
+If you have not chosen to install the slrn port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the slrn port/package, it you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the slrn port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/news/slrn-0.9.7.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/news/slrn-0.9.7.0.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the slrn port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBOuTqtVUuHi5z0oilAQHqsAP+PEzZ8FPPCrKKKDGP7gACN77r5dbbE9LF
+MYSVGp2Z2+vwSysJG2BOtyNrrKlUhaKTLAoWZF+7ytV9ujli+bI06R2iYoe5SqMM
+a7K1N1XKNvXdvq1nYjDuawIzJzl9b2B8XavPFEtwkkxDVAtq2ODKTabAtllrNnfV
+hD4HsUzFMRI=
+=al4w
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:38.sudo.asc b/share/security/advisories/FreeBSD-SA-01:38.sudo.asc
new file mode 100644
index 0000000000..59a6f9f02e
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:38.sudo.asc
@@ -0,0 +1,95 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:38                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          sudo contains local buffer overflow
+
+Category:       ports
+Module:         sudo
+Announced:      2001-04-23
+Credits:        Chris Wilson <chris@ritc.co.uk>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-03-07
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+sudo is a program that allowss a sysadmin to give limited root
+privileges to users and logs root activity.
+
+II.  Problem Description
+
+The sudo port, versions prior to sudo-1.6.3.7, contains a local
+command-line buffer overflow allowing a local user to potentially
+gain increased privileges on the local system.
+
+The sudo port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 5000 third-party applications in a ready-to-install format.  The
+ports collections shipped with FreeBSD 3.5.1 and 4.2 contain this
+problem since it was discovered after the releases.  The ports
+collection that shipped with FreeBSD 4.3 is not vulnerable since this
+problem was corrected prior to the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Local users may potentially gain increased privileges on the local
+system.
+
+If you have not chosen to install the sudo port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the sudo port/package if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the sudo port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/sudo-1.6.3.7.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/sudo-1.6.3.7.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the sudo port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBOuTqtlUuHi5z0oilAQGsKQP9HXFq79DNvBXkV+03EadLPoJV1gwzG2lp
+KCJeMOhMc2pKgPcGIxMQ9bmLC7gI+xkr2XrjEpsUnYHCoBS2F7Jd9gKQZNLvGqVy
+r2hCiTKcg1rObIYML4cghlo12Ppe7saxXszBmNa4VnHZwC4ksuREvZWJc+jKJ5oz
+zybz712C8iQ=
+=CQtP
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:39.tcp-isn.asc b/share/security/advisories/FreeBSD-SA-01:39.tcp-isn.asc
new file mode 100644
index 0000000000..7049616b69
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:39.tcp-isn.asc
@@ -0,0 +1,236 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:39                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          TCP initial sequence number generation contains
+                statistical vulnerability
+
+Category:       core
+Module:         kernel
+Announced:      2001-05-02
+Credits:        Tim Newsham <tim.newsham@guardent.com>
+                Niels Provos <provos@OpenBSD.org> for the revised algorithm
+Affects:        All released versions of FreeBSD 3.x, 4.x prior to 4.3.
+                FreeBSD 3.5-STABLE prior to the correction date.
+                FreeBSD 4.2-STABLE prior to the correction date.
+Corrected:      2001-05-02 (FreeBSD 3.5-STABLE)
+                2001-04-18 (FreeBSD 4.3-RC)
+FreeBSD only:   NO
+
+I.   Background
+
+TCP network connections use an initial sequence number as part of the
+connection handshaking.  According to the TCP protocol, an
+acknowledgement packet from a remote host with the correct sequence
+number is trusted to come from the remote system with which an
+incoming connection is being established, and the connection is
+established.
+
+II.  Problem Description
+
+It has long been known that an attacker who can guess the initial
+sequence number which a system will use for the next incoming TCP
+connection can spoof a TCP connection handshake coming from a machine
+to which he does not have access, and then send arbitrary data into
+the resulting TCP connection which will be accepted by the server as
+coming from the spoofed machine.
+
+The algorithm used to generate TCP initial sequence numbers was
+subject to statistical analysis, which allows an attacker to guess a
+range of values likely to be in use by a given server at a moment in
+time, based on observation of the value at a previous time (for
+example, by initiating a TCP connection to an open port on the
+server).
+
+Note that this vulnerability is different to the vulnerability
+described in Security Advisory 00:52 (which dealt with failure of the
+PRNG used in the ISN generation algorithm; this advisory relates to a
+higher-level weakness in the algorithm itself).
+
+In order for this to be successfully exploited, the attacker must also
+satisfy the following conditions:
+
+a) be able to initiate a TCP connection to an open port on the server.
+
+b) be able to prevent the spoofed client machine from responding to
+the packets sent to it from the server, by making use of an address
+which is offline or by executing a denial of service attack against
+it to prevent it from responding.
+
+c) make use of an application-level protocol on the server which
+authenticates or grants trust solely based on the IP address of the
+client, not any higher-level authentication mechanisms such as a
+password or cryptographic key.
+
+d) be able to guess or infer the return TCP data from the server to
+the spoofed client (if any), to which he will not have access.
+
+All versions of FreeBSD 3.x and 4.x prior to the correction date
+including 3.5.1-RELEASE and 4.2-RELEASE are vulnerable to this
+problem.  The problem was corrected prior to the release of FreeBSD
+4.3-RELEASE by using the TCP ISN generation algorithm obtained from
+OpenBSD, which uses a more sophisticated randomization method that is
+believed not to be vulnerable to the problem described here.
+
+A more satisfactory, long-term solution would be to implement the
+algorithm described in RFC 1948; plans are underway to implement this
+algorithm for FreeBSD, and it is likely that it will be included in
+future releases of FreeBSD.
+
+III. Impact
+
+Systems running insecure protocols which blindly trust a TCP
+connection which appears to come from a given IP address without
+requiring other authentication of the originator are vulnerable to
+spoofing by a remote attacker, potentially yielding privileges or
+access on the local system.
+
+Examples of such protcols and services are: the rlogin/rsh/rexec
+family when used to grant passwordless access (e.g. via .rhosts or
+hosts.equiv files); web server address-based access controls on
+scripts which do not require user authentication and which control
+privileged resources; tcp-wrappers host access controls around
+services which do not authenticate the connection further; lpr
+address-based access controls, and others.
+
+Note that the rlogin family of protocols when configured to use
+Kerberos or UNIX passwords are not vulnerable to this attack since
+they authenticate connections (using Kerberos tickets in the former
+case, and account passwords in the latter).  Source address based
+authentication in the rlogin family of protocols is not used by
+default, and must be specifically enabled through use of a per-user
+.rhosts file, or a global /etc/hosts.equiv file.
+
+Attackers can also forge TCP connections to arbitrary TCP protocols
+(including protocols not vulnerable to the spoofing attack described
+above) and simulate the effects of failed remote access attempts from
+a target machine (e.g. repeated attempts to guess a password),
+potentially misleading the administrators of the server into thinking
+they are under attack from the spoofed client.
+
+IV.  Workaround
+
+Possible workarounds for the vulnerability include one or more of the
+following:
+
+1) Disable all insecure protocols and services including rlogin, rsh
+and rexec (if configured to use address-based authentication), or
+reconfigure them to not authenticate connections based solely on
+originating address.  In general, the rlogin family should not be used
+anyway - the ssh family of commands (ssh, scp, slogin) provide a
+secure alternative which is included in FreeBSD 4.0 and above.  As of
+FreeBSD 4.2-RELEASE these services were not enabled by default.
+
+To disable the rlogin family of protocols, make sure the
+/etc/inetd.conf file does not contain any of the following entries
+uncommented (i.e. if present in the inetd.conf file they should be
+commented out as shown below:)
+
+#shell   stream  tcp     nowait  root    /usr/libexec/rshd       rshd
+#login   stream  tcp     nowait  root    /usr/libexec/rlogind    rlogind
+#exec    stream  tcp     nowait  root    /usr/libexec/rexecd     rexecd
+
+Be sure to restart inetd by sending it a HUP signal after making any
+changes:
+
+# kill -HUP `cat /var/run/inetd.pid`
+
+Audit the use of other services including those noted in section III
+above and either disable the service, or if possible require it to use
+a stronger form of authentication.  See workaround 3) below.
+
+2) Impose IP-level packet filters on network perimeters (ingress
+filtering) or on local affected machines to prevent access from any
+outside party to a vulnerable internal service using a "privileged"
+source address.  For example, if machines on the internal 10.0.0.0/24
+network are allowed to obtain passwordless rlogin access to a server,
+then external users should be prevented from sending packets with
+10.0.0.0/24 source addresses from the outside network into the
+internal network.  This is standard good security policy.  Note
+however that if an external address must be granted access to local
+resources then this type of filtering cannot be applied.  It also does
+not defend against spoofing attacks from within the network perimeter.
+Consider disabling this service until the affected machines can be
+patched.
+
+3) Enable the use of IPSEC to authenticate (and/or encrypt) vulnerable
+TCP connections at the IP layer.  A system which requires authenticaion
+of all incoming connections to a port using IPSEC cannot be spoofed
+using the attack described in this advisory, nor can TCP sessions be
+hijacked by an attacker with access to the packet stream.  FreeBSD 4.0
+and later include IPSEC functionality in the kernel, and 4.1 and later
+include an IKE daemon, racoon, in the ports collection.  Configuration
+of IPSEC is beyond the scope of this document, however see the
+following web resources:
+
+  http://www.freebsd.org/handbook/ipsec.html
+  http://www.netbsd.org/Documentation/network/ipsec/
+  http://www.kame.net/
+
+V.   Solution
+
+Note that address-based authentication is generally weak, and should
+be avoided even in environments running with the sequence numbering
+improvements.  Instead, cryptographically-protected protocols and
+services should be used wherever possible.
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.3-RELEASE or
+3.5.1-STABLE after the respective correction dates.
+
+2) To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+[FreeBSD 4.1/4.2 base system]
+
+This patch has been verified to apply to FreeBSD 4.1 and 4.2 only.  It
+may or may not apply to older releases.  Users of FreeBSD 4.1 must
+apply the patch from advisory 00:52 before applying this patch.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-4.2.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-4.2.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/sys/netinet
+# patch -p < /path/to/patch
+
+[ Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system ]
+
+[FreeBSD 3.5.1 base system]
+
+The following patch applies to FreeBSD 3.5.1-RELEASE which has already
+had the patch from advisory 00:52 applied.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-3.5.1-stable.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-3.5.1-stable.patch.asc
+
+The following patch applies to unpatched FreeBSD 3.5.1-RELEASE only.
+It may or may not apply to older, unsupported releases.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-3.5.1-rel.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:39/tcp-isn-3.5.1-rel.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/sys/netinet
+# patch -p < /path/to/patch
+
+[ Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system ]
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.5 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBOvB10FUuHi5z0oilAQETgAP/T7SbJS12PBczn9SRWPQ5exuZYMoj1VxR
+BJmeTafE1x3kBP195JkW3dF4klWynIgVakNtIndIH+pJvfBPe7Mo8PclKqRjEE2S
+JLGtPFPq7bYp0/tyaFy6wm26cLPye4/3x6qLthC04/WZVI4rqg6nY1qoiKAUBu7Z
+VFtFxTH+E/A=
+=CkM7
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:40.fts.asc b/share/security/advisories/FreeBSD-SA-01:40.fts.asc
new file mode 100644
index 0000000000..d75210b4ac
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:40.fts.asc
@@ -0,0 +1,171 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:40                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          fts(3) routines contain race condition [REVISED]
+
+Category:       core
+Module:         libc
+Announced:      2001-06-04
+Revised:        2001-08-16
+Credits:        Nick Cleaton <nick@cleaton.net>
+                Todd Miller <millert@openbsd.org> helped to develop the
+                patch.
+Affects:        FreeBSD 4.3-RELEASE, 4.3-STABLE prior to the correction
+                date.
+Corrected:      2001-06-01
+FreeBSD only:   NO
+
+0.   Revision History
+
+2001-06-04  v1.0  Initial release
+2001-08-16  v1.1  Corrected typo in recompilation instructions
+
+I.   Background
+
+The standard C library (libc) contains a set of routines known as fts
+which allow an application to recursively traverse a filesystem.
+
+II.  Problem Description
+
+The fts routines are vulnerable to a race condition when ascending a
+file hierarchy, which allows an attacker who has control over part of
+the hierarchy into which fts is descending to cause the application to
+ascend beyond the starting point of the file traversal, and enter
+other parts of the filesystem.
+
+If the fts routines are being used by an application to perform
+operations on the filesystem hierarchy, such as find(1) with a keyword
+such as -exec or -delete, or rm(1) with the -r flag, these operations
+can be incorrectly applied to files outside the intended hierarchy,
+which may result in system damage or compromise.
+
+All versions of FreeBSD prior to the correction date including
+4.3-RELEASE are vulnerable to this problem.
+
+III. Impact
+
+Local users may be able to remove or modify files on the local system
+which are owned or writable by a user running a command that uses the
+FTS routines in a vulnerable way.
+
+If the system administrator has enabled the daily_clean_tmps_enable
+variable in /etc/periodic.conf, the find -delete command is run once
+per day, allowing unauthorised removal of files on the system.  This
+option is not enabled by default.
+
+IV.  Workaround
+
+None appopriate for the general vulnerability.  The instance exposed
+by the daily_clean_tmps_enable setting can be prevented by disabling
+this switch in /etc/periodic.conf, if it has been enabled.
+
+V.   Solution
+
+One of the following:
+
+1) As of FreeBSD 4.3-RELEASE, we have introduced a new ``security fix
+CVS branch'' which contains security fixes only, which can be tracked
+using the standard FreeBSD tools (cvsup/CVS/etc).  The branch name is
+``RELENG_4_3''.  Upgrade your vulnerable FreeBSD system to the
+RELENG_4_3 branch after the correction date.
+
+2) Upgrade your vulnerable FreeBSD system to 4.3-STABLE after the
+correction dates.
+
+3) To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+[FreeBSD 4.3 base system]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:40/fts.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:40/fts.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/lib/libc
+# patch -p < /path/to/patch
+# make depend && make all install
+# cd /usr/src/lib/libc_r
+# make depend && make all install
+# cd /usr/src/bin/chmod
+# make depend && make all install
+# cd /usr/src/bin/cp
+# make depend && make all install
+# cd /usr/src/bin/ls
+# make depend && make all install
+# cd /usr/src/bin/pax
+# make depend && make all install
+# cd /usr/src/bin/rm
+# make depend && make all install
+# cd /usr/src/usr.bin/chflags
+# make depend && make all install
+# cd /usr/src/usr.bin/du
+# make depend && make all install
+# cd /usr/src/usr.bin/find
+# make depend && make all install
+# cd /usr/src/libexec/ftpd
+# make depend && make all install
+# cd /usr/src/usr.sbin/chown
+# make depend && make all install
+# cd /usr/src/usr.sbin/ckdist
+# make depend && make all install
+# cd /usr/src/usr.sbin/ctm
+# make depend && make all install
+# cd /usr/src/usr.sbin/mtree
+# make depend && make all install
+# cd /usr/src/usr.sbin/pkg_install
+# make depend && make all install
+
+This patch has been verified to apply to FreeBSD 4.3-RELEASE and
+4.2-RELEASE; it may or may not apply to older, unsupported versions of
+FreeBSD.
+
+4) An experimental upgrade package is available for adventurous users
+who wish to provide testing and feedback on the binary upgrade
+process.  This package may be installed on FreeBSD 4.3-RELEASE systems
+only, and is intended for use on systems for which source patching is
+not practical or convenient.
+
+Since this is the first binary upgrade package produced for the
+FreeBSD base system, it is not recommended that this be used on
+production systems without first being tested on a scratch machine;
+since the package replaces critical system files, a failed upgrade can
+leave a system in an unusable state.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patch state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:40/security-patch-fts-01.40.tgz 
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:40/security-patch-fts-01.40.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+Bring the system down to single-user mode; this package should not be
+installed from multi-user mode.  If it desired to remove the package
+at a later date, you should again do so from single-user mode.
+
+# shutdown now
+# pkg_add security-patch-fts-01.40
+
+Follow the directions given after the installation of the package to
+complete the system upgrade.
+
+To bring the system back up to multi-user mode, type the following
+command:
+
+# exit
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO3y5tFUuHi5z0oilAQF6PwP/fFXgo2bL/IlDleuWCQsVB/C1By8QPL5J
+Z0Hi4yl28Z8hEGRTI8qK2UXIliskU+ixlD0j9N6yxJDe17KIY/4w3gGJGsux3J7j
+TSHXZOfsX0CE61Jssm9kUpOzilwJBOhRvii0BSso7njtVIQpFpWBgIMne+lNluFe
+S7SZsk6sqgg=
+=K6yG
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:41.hanterm.asc b/share/security/advisories/FreeBSD-SA-01:41.hanterm.asc
new file mode 100644
index 0000000000..8068b096bb
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:41.hanterm.asc
@@ -0,0 +1,105 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:41                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          hanterm ports allow local root compromise
+
+Category:       ports
+Module:         ko-hanterm, ko-hanterm-xf
+Announced:      2001-07-09
+Credits:        ksecurity@iland.co.kr
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-05-29
+Vendor status:  Contacted
+FreeBSD only:   NO
+
+I.   Background
+
+hanterm is a modified version of xterm which supports Korean language
+entry and display.  It is included in the FreeBSD ports collection in
+two versions: ko-hanterm and ko-hanterm-xf.
+
+II.  Problem Description
+
+The hanterm binary is installed with setuid root permissions, but
+contains insecure code which allows unprivileged local users to obtain
+root access on the local system.
+
+The hanterm ports are not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 5400 third-party applications in a ready-to-install
+format.  The ports collections shipped with FreeBSD 4.3 contain this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Unprivileged local users can obtain root access on the local system.
+
+If you have not chosen to install the ko-hanterm or ko-hanterm-xf
+ports/packages, then your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+1) Deinstall the ko-hanterm and ko-hanterm-xf ports/packages, if you
+have installed them.
+
+2) Remove the setuid root permission from the /usr/X11R6/bin/hanterm
+file.  Execute the following command as root:
+
+# chmod u-s /usr/X11R6/bin/hanterm
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the
+ko-hanterm/ko-hanterm-xf ports.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ko-hanterm:
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/korean/ko-hanterm-3.1.5_1.tgz 
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/korean/ko-hanterm-3.1.5_1.tgz
+
+ko-hanterm-xf:
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/korean/ko-hanterm-xf-19_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/korean/ko-hanterm-xf-19_1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the ko-hanterm/ko-hanterm-xf port
+from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-3-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-5-current/devel/portcheckout-2.0.tgz
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO0lzS1UuHi5z0oilAQGuXwP9EZWLrlaxYZYBBFLASErm2PjTSgazT/8c
+EyrxNw33Qal+xecxopeS3p/3Cf9x/Y0cH53ZMJoId6MaWJSwQOWlVqNC/ehjm2tx
+NPfLu3eR1JhguFoQ0YRHnMBvX1KBRfVQnfoa7HFd1vPeKEqsaXBvRz8HSurpgNml
+nUXVwvklmPc=
+=W5bd
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:42.signal.asc b/share/security/advisories/FreeBSD-SA-01:42.signal.asc
new file mode 100644
index 0000000000..3f27f8fc34
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:42.signal.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:42                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          signal handling during exec may allow local root
+                compromise
+
+Category:       core
+Module:         kernel
+Announced:      2001-07-10
+Revised:        2001-08-06
+Credits:        Georgi Guninski <guninski@guninski.com>
+Affects:        All released versions of FreeBSD 4.x,
+                FreeBSD 4.3-STABLE prior to the correction date.
+Corrected:      2001-07-09
+FreeBSD only:   Yes
+
+0.   Revision History
+
+2001-07-10  v1.0  Initial release
+2001-08-06  v1.1  Binary upgrade package available
+
+I.   Background
+
+When a process forks, it inherits the parent's signals.  When the
+process execs, the kernel clears the signal handlers because they are
+not valid in the new address space.
+
+II.  Problem Description
+
+A flaw exists in FreeBSD signal handler clearing that would allow for
+some signal handlers to remain in effect after the exec.  Most of the
+signals were cleared, but some signal hanlders were not.  This allowed
+an attacker to execute arbitrary code in the context of a setuid
+binary.
+
+All versions of 4.x prior to the correction date including and
+4.3-RELEASE are vulnerable to this problem.  The problem has been
+corrected by copying the inherited signal handlers and resetting the
+signals instead of sharing the signal handlers.
+
+III. Impact
+
+Local users may be able to gain increased privileges on the local
+system.
+
+IV.  Workaround
+
+Do not allow untrusted users to gain access to the local system.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE after the
+correction date.
+
+2) To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+[FreeBSD 4.1, 4.2, and 4.3 base systems]
+
+This patch has been verified to apply to FreeBSD 4.1, 4.2, and 4.3 only.
+It may or may not apply to older releases.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:42/signal-4.3.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:42/signal-4.3.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/sys/kern
+# patch -p < /path/to/patch
+
+[ Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system ]
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+Since this vulnerability involves the FreeBSD kernel which is often
+locally customized on installed systems, a universal binary upgrade
+package is not feasible.  This package includes a patched version of
+the GENERIC kernel which should be suitable for use on many systems.
+Systems requiring a customized kernel must use an alternative
+solution.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:42/security-patch-signal-01.42.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:42/security-patch-signal-01.42.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-signal-01.42.tgz
+
+The new kernel is named /kernel.GENERIC to avoid conflict with the
+default kernel name (``/kernel'').  To cause the system to boot
+automatically with the new kernel, add the following line to
+/boot/loader.conf:
+
+kernel="/kernel.GENERIC"
+
+and reboot the system to load the new kernel.  The old kernel is still
+available and can be manually loaded in the boot loader in case of
+problems.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO28Pu1UuHi5z0oilAQHjeAQAmND4sSS6k1RHCz+uHSQb6hrX6vkKDr2M
+/9EMf/S90WFwVfIi7ifEgeY3U6XJpRd2Bdx1rCPOCMdSYkehd+WqVM8ZSgHkbpAL
+vrwS8KHrcC/G7KhCGzH5c6PjZYISdHXi4hWB9aV11zmmJZk3wL5GlIAaH8Dik403
+w2SjxgHHM8w=
+=qVIE
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:43.fetchmail.asc b/share/security/advisories/FreeBSD-SA-01:43.fetchmail.asc
new file mode 100644
index 0000000000..1cadc36bc5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:43.fetchmail.asc
@@ -0,0 +1,94 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:43                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          fetchmail contains potentially exploitable buffer
+                overflow
+
+Category:       ports
+Module:         fetchmail
+Announced:      2001-07-10
+Credits:        Wolfram Kleff <kleff@cs.uni-bonn.de>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-06-15
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+fetchmail is a program used to retrieve email from POP and IMAP
+servers.
+
+II.  Problem Description
+
+The fetchmail port, versions prior to fetchmail-5.8.6, contains a
+potentially exploitable buffer overflow when rewriting headers
+longer than 512 bytes.  This problem may allow remote users to
+cause fetchmail to crash and potentially execute arbitrary code
+as the user running fetchmail.
+
+The fetchmail port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 5400 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.3 is vulnerable
+to this problem since it was discovered after its release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users using specially crafted email messages may be able to
+cause fetchmail to crash and potentially execute arbitrary code as
+the user running fetchmail.
+
+If you have not chosen to install the fetchmail port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the fetchmail port/package if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the fetchmail port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/fetchmail-5.8.6.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/fetchmail-5.8.6.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the fetchmail port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBO0sNt1UuHi5z0oilAQH3NAP/aozGB400MgGyT/mndBk39Y1tD1aPR1AN
+yDUG+ddeiskXWjR2UNUd3hqQNJ/8LNMqty8MYOVDB+4S+Pvk4MS2iXcW/4r8yPuT
+2V0FfHos3ytxk/mujf7IlVhwp3fnGCFJpFJatgbhUUoU8gakl8BfR87zT77RbiDQ
+OuGG+fpBKEw=
+=zCcz
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:44.gnupg.asc b/share/security/advisories/FreeBSD-SA-01:44.gnupg.asc
new file mode 100644
index 0000000000..b520ddcf5c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:44.gnupg.asc
@@ -0,0 +1,94 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:44                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          gnupg contains format string vulnerability
+
+Category:       ports
+Module:         gnupg
+Announced:      2001-07-10
+Credits:        fish stiqz <fish@analog.org>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-05-30
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+GnuPG is an implementation of the PGP digital signature/encryption
+protocol
+
+II.  Problem Description
+
+The gnupg port, versions prior to gnupg-1.0.6, contains a format
+string vulnerability.  If gnupg attempts to decrypt a file whose
+filename does not end in '.gpg', the filename is copied to the
+prompt string, allowing a user-supplied format string.  This may allow
+a malicious user to cause arbitrary code to be executed as the user
+running gnupg.
+
+The gnupg port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 5400 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.3 is vulnerable
+to this problem since it was discovered after its release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A malicious user supplying a file to be decrypted by the target user
+running gnupg may be able to craft a filename causing arbitrary code
+to be executed as the user running gnupg.
+
+If you have not chosen to install the gnupg port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the gnupg port/package if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the gnupg port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/gnupg-1.0.6_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/gnupg-1.0.6_1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the gnupg port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBO0sNuVUuHi5z0oilAQEnPAP/XadCoa6avlv67LottE8OKLdxSbMRgVXL
+haBWIyZTMSLRiwgfiQS1riDXslCT8rI8piXSv5HI1zjT7OgkV6zXXRP2pez/EdLe
+H9sHUJMZNYP1VRfUUlxkmwfelT9cgD2Di3y9vrDouZTt4B5wEGgrzeNeQq1eFNlc
+7SvBBZsxEZQ=
+=g1DW
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:45.samba.asc b/share/security/advisories/FreeBSD-SA-01:45.samba.asc
new file mode 100644
index 0000000000..45ef08ee8a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:45.samba.asc
@@ -0,0 +1,111 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:45                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          samba
+
+Category:       ports
+Module:         samba
+Announced:      2001-07-10
+Credits:        Michal Zalewski <lcamtuf@bos.bindview.com>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-06-23
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+Samba is an implementation of the Server Message Block (SMB)
+protocol.
+
+II.  Problem Description
+
+The samba ports, versions prior to samba-2.0.10,
+samba-devel-2.2.0a, and ja-samba-2.0.9.j1.0_1, fail to properly
+validate NetBIOS names.  By sending a specially crafted NetBIOS name
+containing unix path characters, a remote user may be able to cause
+the samba server to write the log files to arbitrary locations on
+the local filesystems.
+
+If samba is configured to use the '%m' macro in the 'log file'
+directive, the NetBIOS name will be substituted without sanity
+checking.  This will allow the remote user to insert arbitrary paths
+given the 15 character NetBIOS name limit.  However, if a local user
+can create symlinks accessible via this problem, a remote user may be
+able to append to any arbitrary file or filesystem.
+
+The samba port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 5400 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.3 is vulnerable
+to this problem since it was discovered after its release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users using specially crafted NetBIOS names may be able to
+insert arbitrary paths in log file names, causing log files to be
+written in unintended and inappropriate locations.
+
+If a local user can create symlinks accessible via this problem, a
+remote user may be able to append to any arbitrary file or
+filesystem.
+
+If you have not chosen to install the samba port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Remove all occurrences of the %m macro from smb.conf.  Replacing the %m
+macro with the %I macro (replaced with the IP address of the client machine)
+is the recommended workaround for most sites.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the samba port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-2.0.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-2.0.10.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/samba-2.2.0a.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/samba-2.2.0a.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/japanese/ja-samba-2.0.9.j1.0_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/japanese/ja-samba-2.0.9.j1.0_1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the samba port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBO0sNulUuHi5z0oilAQGpUwP9FbgICIWlBI0KeUpp6YHwXUfQejJuls63
+lP9lnN25B+aSgXNvXQKaSVgQrWXY7AjdX2hhp/zShIUoDTYt4rVQyByUH4Zdl704
+HMzyX7+CiQ4tzG2lXwdHL1Bb1kVHtqX84GTpt+NlnUGSYYzTr/+wKHv04z1nIQ11
+Z0Nrmj64Coo=
+=VgXS
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:46.w3m.asc b/share/security/advisories/FreeBSD-SA-01:46.w3m.asc
new file mode 100644
index 0000000000..61dc7f1110
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:46.w3m.asc
@@ -0,0 +1,95 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:46                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          w3m contains remotely exploitable buffer overflow
+
+Category:       ports
+Module:         w3m
+Announced:      2001-07-10
+Credits:        OGASAWARA Satoshi   (LAC / s.ogaswr@lac.co.jp)
+                KOBAYASHI Shigehiro (LAC / sigehiro@lac.co.jp)
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-06-19
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+w3m is a console-based web browser.
+
+II.  Problem Description
+
+The w3m port, versions prior to w3m-0.2.1_1, contains a buffer
+overflow in the parsing of MIME headers.  A malicious server which
+is visited by a user with the w3m browser can exploit the browser
+security holes in order to execute arbitrary code on the local
+machine as the local user.
+
+The w3m port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 5400 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.3 is vulnerable
+to this problem since it was discovered after its release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A malicious server which is visited by a user with the w3m browser
+can exploit the browser security holes in order to execute arbitrary
+code as the local user.
+
+If you have not chosen to install the w3m port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the w3m port/package if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the w3m port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/w3m-ssl-0.2.1_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/w3m-ssl-0.2.1_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/w3m-ssl-0.2.1_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/w3m-ssl-0.2.1_1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the w3m port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBO0sQOFUuHi5z0oilAQG5DAP9EbxSc5vGjRnQCV5Nvs2x5pF/ZHvErLab
+164B1fsx02DGCJ6wxi/7Di68DM6BoQ+LTSuWvC0f1HXEhUSa9F9+tDjl+bZ+8Mn8
+3p0x3mT1wjajkW0ejOuochFnnQv0Yhwdx2Wc7UhtFyQOKTElNbt5/yN0XnFvjVtj
+h7/liv1MgbE=
+=a/OU
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:47.xinetd.asc b/share/security/advisories/FreeBSD-SA-01:47.xinetd.asc
new file mode 100644
index 0000000000..e2daca3269
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:47.xinetd.asc
@@ -0,0 +1,101 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:47                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          xinetd contains multiple vulnerabilities
+
+Category:       ports
+Module:         xinetd
+Announced:      2001-07-10
+Credits:        zen-parse@gmx.net
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-06-30
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+xinetd is a replacement for inetd, the internet super-server.
+
+II.  Problem Description
+
+The xinetd port, versions prior to xinetd-2.3.0, contains a
+potentially exploitable buffer overflow in the logging routines.
+If xinetd is configured to log the userid of remote clients obtained
+via the RFC1413 ident service, a remote user may be able to cause
+xinetd to crash by returning a specially-crafted ident response.  This
+may also potentially execute arbitrary code as the user running
+xinetd, normally root.
+
+In addition, xinetd used a default umask of 0.  This may 
+inadvertently cause applications started by xinetd to create
+world-writable files unless the applications explicitely set the
+umask.
+
+The xinetd port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 5400 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.3 is vulnerable
+to this problem since it was discovered after its release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Remote users may be able to cause xinetd to crash and potentially
+execute arbitrary code as the user running xinetd.
+
+Processes started by xinetd may inadvertently use a umask of 0, causing
+files created by these processes to by world-writable.
+
+If you have not chosen to install the xinetd port/package, then
+your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the xinetd port/package if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the xinetd port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/xinetd-2.3.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/xinetd-2.3.0.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the xinetd port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBO0sPDlUuHi5z0oilAQFOnAQAnzylUXvLsBiT2F5Mfwn94nd/r7nrP1WI
+a7hVwyXSYlfBXRFzsyUQsn1ED/t6mNzDKAiztZ7ZzsIfLxgcy7vFyzWmJSqEx6kk
+pPYzx2KXxB6FXbrSoX1Q4a5WgqWONgFEcG1Vua3nVmApdF0gy8XWinV9I0VWdlVY
+hQjelLjBi1U=
+=umCA
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:48.tcpdump.asc b/share/security/advisories/FreeBSD-SA-01:48.tcpdump.asc
new file mode 100644
index 0000000000..f1d8d1174d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:48.tcpdump.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:48                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          tcpdump contains remote buffer overflow
+
+Category:       core
+Module:         tcpdump
+Announced:      2001-07-17
+Credits:        Nick Cleaton <nick@cleaton.net>
+Affects:        All releases of FreeBSD 4.x prior to 4.4,
+                FreeBSD 4.3-STABLE prior to the correction date
+		FreeBSD 3.x is unaffected.
+Corrected:      2001-07-09
+Vendor status:  Patch released
+FreeBSD only:   NO
+
+I.   Background
+
+tcpdump is a tool for monitoring network traffic activity.
+
+II.  Problem Description
+
+An overflowable buffer was found in the version of tcpdump included
+with FreeBSD 4.x.  Due to incorrect string length handling in the
+decoding of AFS RPC packets, a remote user may be able to overflow a
+buffer causing the local tcpdump process to crash.  In addition, it
+may be possible to execute arbitrary code with the privileges of the
+user running tcpdump, often root.
+
+The effects of this vulnerability are similiar to those described in
+advisory FreeBSD-SA-00:61.tcpdump.v1.1.
+
+All released versions of FreeBSD prior to the correction date
+including 4.3-RELEASE are vulnerable to this problem, however it does
+not affect the FreeBSD 3.x branch which includes an older version of
+tcpdump.
+
+III. Impact
+
+Remote users can cause the local tcpdump process to crash, and may be
+able to cause arbitrary code to be executed as the user running
+tcpdump, often root.
+
+IV.  Workaround
+
+Do not use vulnerable versions of tcpdump in network environments
+which may contain packets from untrusted sources.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the
+RELENG_4_3 security branch after the respective correction dates.
+
+2) FreeBSD 4.x systems prior to the correction date:
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:48/tcpdump-4.x.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:48/tcpdump-4.x.patch.asc
+
+# cd /usr/src/contrib/tcpdump
+# patch -p < /path/to/patch
+# cd /usr/src/usr.sbin/tcpdump
+# make depend && make all install
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) is
+requested to security-officer@FreeBSD.org so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+Two versions of the upgrade package are available, depending on
+whether or not the system has openssl installed.  To verify whether
+your system has openssl installed, perform the following command:
+
+# ls /usr/bin/openssl
+
+Possible responses:
+
+/usr/bin/openssl       # This response indicates you have openssl present
+
+ls: /usr/bin/openssl: No such file or directory
+                       # This reponse indicates you do not have
+                       # openssl present
+
+3a) If OpenSSL is not present
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:48/security-patch-tcpdump-nossl-01.48.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:48/security-patch-tcpdump-nossl-01.48.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-tcpdump-nossl-01.48.tgz
+
+3b) If OpenSSL is present
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:48/security-patch-tcpdump-ssl-01.48.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:48/security-patch-tcpdump-ssl-01.48.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-tcpdump-ssl-01.48.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO1R5i1UuHi5z0oilAQFdCQQAhFUzYA7plZN1O0rK/iU/jPaoCqM0KDPP
+Vdg+3zP8I5Vovdbxdns1DVefI3PVhZbLwh8E0ZnEz544FB5atiYsRiqQxuoEMZiN
+1JSRHUOIYyAChtIUZY1JV9eF8GfemWaAcgNp7mNWYKl7dUn0nYERfTO92YNm+l7M
+3nNvOwkhqLU=
+=PrXC
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:49.telnetd.asc b/share/security/advisories/FreeBSD-SA-01:49.telnetd.asc
new file mode 100644
index 0000000000..2a1e518fcb
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:49.telnetd.asc
@@ -0,0 +1,263 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:49                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          telnetd contains remote buffer overflow
+
+Category:       core
+Module:         telnetd
+Announced:      2001-07-23
+Revised:        2001-07-27
+Credits:        Sebastian <scut@nb.in-berlin.de>
+Affects:        All releases of FreeBSD 3.x, 4.x prior to 4.4,
+                FreeBSD 4.3-STABLE prior to the correction date
+Corrected:      2001-07-23
+FreeBSD only:   NO
+
+0.   Revision History
+
+2001-07-23  v1.0  Initial release
+2001-07-27  v1.1  Updated patch instructions, kerberosIV package
+                  available, added reference to SSH in workarounds.
+
+I.   Background
+
+telnetd is the server for the telnet remote virtual terminal protocol.
+
+II.  Problem Description
+
+An overflowable buffer was found in the version of telnetd included
+with FreeBSD.  Due to incorrect bounds checking of data buffered for
+output to the remote client, an attacker can cause the telnetd process
+to overflow the buffer and crash, or execute arbitrary code as the
+user running telnetd, usually root.  A valid user account and password
+is not required to exploit this vulnerability, only the ability to
+connect to a telnetd server.
+
+The telnetd service is enabled by default on all FreeBSD installations
+if the 'high' security setting is not selected at install-time. This
+vulnerability is known to be exploitable, and is being actively
+exploited in the wild.
+
+All released versions of FreeBSD prior to the correction date
+including 3.5.1-RELEASE and 4.3-RELEASE are vulnerable to this
+problem.  It was corrected prior to the forthcoming release of
+4.4-RELEASE.
+
+III. Impact
+
+Remote users can cause arbitrary code to be executed as the user
+running telnetd, usually root.
+
+IV.  Workaround
+
+1) Disable the telnet service, which is usually run out of inetd:
+comment out the following lines in /etc/inetd.conf, if present.
+
+telnet	stream	tcp	nowait	root	/usr/libexec/telnetd	telnetd
+
+telnet	stream	tcp6	nowait	root	/usr/libexec/telnetd	telnetd
+
+and execute the following command as root:
+
+# kill -HUP `cat /var/run/inetd.pid`
+
+An alternative remote login protocol such as the SSH secure shell
+protocol (which is installed by default in FreeBSD), can be used
+instead.  The SSH protocol is the recommended protocol for remote
+logins to FreeBSD systems because of the superior authentication,
+confidentiality and integrity protection it supplies relative to other
+protocols such as telnet.
+
+2) Impose access restrictions using TCP wrappers (/etc/hosts.allow),
+or a network-level packet filter such as ipfw(8) or ipf(8) on the
+perimeter firewall or the local machine, to limit access to the telnet
+service to trusted machines.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the
+RELENG_4_3 security branch after the respective correction dates.
+
+2) FreeBSD 3.5.1, 4.x systems prior to the correction date:
+
+There are two versions of the patch available, for systems with and
+without the /usr/src/crypto/telnet sources.  To determine whether your
+system has the crypto-telnet sources installed, perform the following
+command:
+
+# ls /usr/src/crypto/telnet/telnetd
+
+A response of
+
+ls: /usr/src/crypto/telnet/telnetd: No such file or directory
+
+indicates you do not have the crypto sources present and should
+download the non-crypto-telnet patch: see section 2b) below.
+
+These patches have been verified to apply to FreeBSD 4.2-RELEASE,
+4.3-RELEASE and 3.5.1-STABLE dated prior to 2001-07-20 (users of
+3.5.1-RELEASE must have applied the patches from FreeBSD Security
+Advisory 00:69 prior to applying this patch).  These patches may or
+may not apply to older, unsupported releases of FreeBSD.
+
+2a) For systems with the crypto-telnet sources installed
+
+Under FreeBSD 4.x, the crypto-telnet client can be built in two
+versions: with or without support for the KerberosIV authentication
+system.  Under FreeBSD 3.x there is only one way to build the
+crypto-telnet client: with KerberosIV support.
+
+To determine whether your system has the kerberosIV distribution
+installed, perform the following command:
+
+# ls /usr/lib/libkrb.a
+
+Possible responses:
+
+/usr/lib/libkrb.a   # This response indicates you have kerberosIV present
+
+ls: /usr/lib/libkrb.a: No such file or directory
+                    # This reponse indicates you do not have
+                    # kerberosIV present
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd-crypto.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd-crypto.patch.asc
+
+2aa) For systems with the crypto-telnet sources installed but without
+KerberosIV installed
+
+[FreeBSD 4.x systems]
+
+# cd /usr/src/
+# patch -p < /path/to/patch
+# cd /usr/src/secure/lib/libtelnet
+# make depend && make all
+# cd /usr/src/secure/libexec/telnetd
+# make depend && make all install
+
+[FreeBSD 3.x systems]
+
+# cd /usr/src/
+# patch -p < /path/to/patch
+# cd /usr/src/lib/libtelnet
+# make depend && make all
+# cd /usr/src/libexec/telnetd
+# make depend && make all install
+
+2ab) For systems with the crypto-telnet sources installed and with
+KerberosIV installed
+
+# cd /usr/src/
+# patch -p < /path/to/patch
+# cd /usr/src/kerberosIV/lib/libtelnet
+# make depend && make all
+# cd /usr/src/kerberosIV/libexec/telnetd
+# make depend && make all install
+
+2b) For systems without the crypto-telnet sources installed
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:49/telnetd.patch.asc
+
+# cd /usr/src/
+# patch -p < /path/to/patch
+# cd /usr/src/lib/libtelnet
+# make depend && make all
+# cd /usr/src/libexec/telnetd
+# make depend && make all install
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+Three versions of the upgrade package are available, depending on
+whether or not the system has the crypto or kerberosIV distributions
+installed.
+
+To determine whether your system has the crypto distribution
+installed, perform the following command:
+
+# ls /usr/bin/openssl
+
+Possible responses:
+
+/usr/bin/openssl       # This response indicates you have crypto present
+
+ls: /usr/bin/openssl: No such file or directory
+                       # This reponse indicates you do not have
+                       # crypto present
+
+To determine whether your system has the kerberosIV distribution
+installed, perform the following command:
+
+# ls /usr/lib/libkrb.a
+
+Possible responses:
+
+/usr/lib/libkrb.a   # This response indicates you have kerberosIV present
+
+ls: /usr/lib/libkrb.a: No such file or directory
+                    # This reponse indicates you do not have
+                    # kerberosIV present
+
+3a) If crypto is present
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-crypto-01.49.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-crypto-01.49.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-telnetd-crypto-01.49.tgz
+
+3b) If kerberosIV is present
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-kerberosIV-01.49.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-kerberosIV-01.49.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-telnetd-kerberosIV-01.49.tgz
+
+3c) If neither crypto nor kerberosIV are present
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-01.49.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:49/security-patch-telnetd-01.49.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-telnetd-01.49.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO2HHK1UuHi5z0oilAQH9dwP/eupJuy60kLzGcJx5JVfDHyv0IoNvnMX2
+OsQw4+PwcvVv3r2nQn8FAiGa5WYlG+9Ft/s9XWuCUtWt35EiCmdo9I/72vuOasHN
+goiu+i+ncJeAp2BrgXerilHqBQnVnMI+QQrmKBiyhUPA3xR+t6JxRfk2DaCYSuvx
+tEQXDNB7wxU=
+=3OFg
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:50.windowmaker.asc b/share/security/advisories/FreeBSD-SA-01:50.windowmaker.asc
new file mode 100644
index 0000000000..8e0cc10524
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:50.windowmaker.asc
@@ -0,0 +1,100 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:50                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          windowmaker contains possibly exploitable buffer overflow
+
+Category:       ports
+Module:         windowmaker/windowmaker-i18n
+Announced:      2001-07-27
+Credits:        Robert Marshall <robert@chezmarshall.freeserve.co.uk>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-07-24
+Vendor status:  Updated version released
+FreeBSD only:   NO
+
+I.   Background
+
+Windowmaker is a GNUstep-compliant X11 window manager which emulates
+the NeXTSTEP interface.
+
+II.  Problem Description
+
+The windowmaker ports, versions prior to windowmaker-0.65.0_2 and
+windowmaker-i18n-0.65.0_1, contain a potentially exploitable buffer
+overflow when displaying a very long window title in the window list
+menu.  Since programs such as web browsers will include the contents
+of a webpage's title tag in window titles, this problem may allow
+authors of malicious webpages to cause windowmaker to crash and
+potentially execute arbitrary code as the user running windowmaker.
+
+The windowmaker ports are not installed by default, nor are they
+"part of FreeBSD" as such: they are part of the FreeBSD ports
+collection, which contains over 5500 third-party applications in
+a ready-to-install format. The ports collection shipped with FreeBSD
+4.3 is vulnerable to this problem since it was discovered after
+its release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Under certain circumstances, remote webservers may cause windowmaker
+to crash and potentially execute arbitrary code as the user running
+windowmaker.
+
+If you have not chosen to install the windowmaker port/package,
+then your system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the windowmaker package if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the windowmaker
+or windowmaker-i18n port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/windowmaker-0.65.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/windowmaker-0.65.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/x11-wm/windowmaker-i18n-0.65.0_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/x11-wm/windowmaker-i18n-0.65.0_1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) download a new port skeleton for the windowmaker or windowmaker-i18n
+port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO2HM5VUuHi5z0oilAQH8ZAP9GibPUuDW96J9ylQs/V3aoTblSlw3zaXX
+8EkouFxYEDTk0LBJfwyq343z4OfrM21A8gxlQiW+b620JkNkL795zkRQ01DxbQle
+bDaOOICvXpVmHyI0Xxn3qLCeQJpuNhJkT5kvf+49q4ldljsIiHNc6FFTOpcA0SlW
+NKPR3OpUy+o=
+=A5Cb
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:51.openssl.asc b/share/security/advisories/FreeBSD-SA-01:51.openssl.asc
new file mode 100644
index 0000000000..e96590dd46
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:51.openssl.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:51                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          OpenSSL 0.9.6a and earlier contain flaw in PRNG [REVISED]
+
+Category:       core
+Module:         openssl
+Announced:      2001-07-30
+Revised:        2001-07-31
+Credits:        Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>
+                The OpenSSL Project <URL:http://www.openssl.org/>
+Affects:        All releases of FreeBSD 4.x prior to 4.4,
+                FreeBSD 4.3-STABLE prior to the correction date
+Corrected:      2001-07-19 21:00:45 UTC (FreeBSD 4.3-STABLE)
+                2001-07-19 21:01:08 UTC (FreeBSD 4.3-SECURITY aka RELENG_4_3)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2001-07-30  Initial release
+v1.1  2001-07-31  Corrected patch instructions
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL
+Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured, and Open Source toolkit implementing
+the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
+v1) protocols as well as a full-strength general purpose cryptography
+library. 
+
+II.  Problem Description
+
+A flaw in the pseudo-random number generator (PRNG) of OpenSSL
+versions previous to 0.9.6b allows an attacker to determine the PRNG
+state and future output under certain restricted conditions, thereby
+weakening the strength of the PRNG and any cryptographic protection
+which is derived from it.  In effect, the flaw is that a portion of
+the PRNG state is incorrectly used as the PRNG output, allowing
+attackers to gain knowledge of the internal state of the PRNG by
+observing the output if they can sample it in a certain way. 
+
+An attack taking advantage of this flaw has been identified that can
+recover the complete state of the PRNG from the output of one
+carefully sized PRNG request followed by a few hundred consecutive
+1-byte PRNG requests. 
+
+This access pattern is not typically obtainable in real-world uses of
+the PRNG in cryptographic protocols, and no exploit against a protocol
+supported by OpenSSL is currently known.
+
+III. Impact
+
+By successfully exploiting a flaw in the PRNG, an attacker can gain
+important information that may allow him to deduce nonces (leading to
+the compromise of the protocol session) or encryption keys (allowing
+the attacker to obtain the plaintext of the encrypted data).
+
+Whether or not this flaw is exploitable depends upon the specifics of
+the application using OpenSSL.  No vulnerable applications or
+protocols are currently known. 
+
+IV.  Workaround
+
+None applicable.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the
+4.3-SECURITY (aka RELENG_4_3) security branch after the respective
+correction dates. 
+
+2) FreeBSD 4.x systems prior to the correction date:
+
+The following patch have been verified to apply to FreeBSD
+4.2-RELEASE, 4.3-RELEASE and 4.3-STABLE dated prior to the correction
+date.  These patches may or may not apply to older, unsupported
+releases of FreeBSD.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility. 
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:51/openssl.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:51/openssl.patch.asc
+
+# cd /usr/src/
+# patch -p < /path/to/patch
+# cd /usr/src/secure/lib/libcrypto/
+# make depend && make all install
+
+One must also recompile any statically linked applications that use
+OpenSSL's PRNG.  There are no such applications in the base system. 
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient. 
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories. 
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state. 
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:51/security-patch-openssl-01.51.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:51/security-patch-openssl-01.51.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-openssl-01.51.tgz
+
+VI.   Correction details
+
+The following list contains the revision numbers of each file that was
+corrected for the maintained versions of FreeBSD. 
+
+FreeBSD Version and CVS Tag
+  Path                                                           Revision
+- -------------------------------------------------------------------------
+FreeBSD 4.3-SECURITY (tag: RELENG_4_3)
+  src/crypto/openssl/crypto/rand/md_rand.c                1.1.1.1.2.2.2.1
+FreeBSD 4.3-STABLE (tag: RELENG_4)
+  src/crypto/openssl/crypto/rand/md_rand.c                    1.1.1.1.2.4
+- -------------------------------------------------------------------------
+
+VII.  References
+
+<URL:http://www.openssl.org/source/exp/CHANGES>
+<URL:http://www.securityfocus.com/bid/3004>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO2cIaFUuHi5z0oilAQHilgQAq8VsYlRClfALI5NLhJ5HPJpI+WZYr9wp
+rhPygQgYKuTsM89XYi3Cz3OUxNP7l4x1Zp846DHLS+9TVuOWxclxxWCvwybcIT/L
+3uhqwTAVM225g7TqDdc3kq0sFVTs3NRb13PgPz84QUdl/DcYkikfH49SSbvrQvch
+hHGsw1Ohiao=
+=R/xp
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:52.fragment.asc b/share/security/advisories/FreeBSD-SA-01:52.fragment.asc
new file mode 100644
index 0000000000..0d8326164b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:52.fragment.asc
@@ -0,0 +1,177 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:52                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:		Denial of service using fragmented IPv4 packets
+Category:       kernel
+Announced:      2001-08-06
+Credits:        "James Thomas" via NetBSD
+Affects:        All releases of FreeBSD 3.x, 4.x prior to 4.4,
+                FreeBSD 4.3-STABLE prior to the correction date
+Corrected:      2001-06-16 23:48:04 UTC (FreeBSD 4.3-STABLE)
+                2001-08-05 23:08:26 UTC (RELENG_4_3)
+                2001-08-06 09:20:57 UTC (FreeBSD 3.5.1-STABLE)
+FreeBSD only:   NO
+
+I. Background
+
+The IP protocol allows datagrams (``packets'') to be fragmented in
+transit to allow transportation by lower layers with a smaller frame
+size than the desired IP datagram size.  The fragments are collected
+and reassembled on the destination system.
+
+II. Problem Description
+
+Remote users may be able to prevent a FreeBSD system from
+communicating with other systems on the network by transmitting large
+numbers of fragmented IPv4 datagrams.  For the attack to be effective,
+the attacker must have a high-bandwidth connection to the target
+system (for example, connected via a local network or over a fast
+remote network connection).
+
+IP datagram fragments destined to the target system will be queued for
+30 seconds, to allow fragmented datagrams to be reassembled.  Until
+recently, there was no upper limit in the number of reassembly queues.
+Therefore, a malicious party may be able to transmit a lot of bogus
+fragmented datagrams (with different IPv4 identification field) and
+cause the target system to exhaust its mbuf pool, preventing further
+network traffic processing or generation while the starvation
+condition continues.
+
+To solve this problem an upper limit was placed on the number of
+fragment reassembly queues.  This value is tunable at runtime using
+the net.inet.ip.maxfragpackets sysctl: the sysctl is set to a default
+value at system startup but may be tuned up or down depending on the
+role of the system (e.g. if the system is a busy server which
+typically receives a lot of fragmented datagrams, you may want to set
+the value higher).  The old system behaviour of an unlimited number of
+reassembly queues can be obtained by setting this sysctl to a negative
+value.
+
+Note however that attackers are still able to prevent legitimate
+fragmented IPv4 traffic from being reassembled by flooding the system
+with bogus fragmented datagrams and keeping the reassembly queues
+full.  Unfragmented IPv4 communications will be unaffected by such an
+attack when this variable is set.
+
+All versions of FreeBSD 3.x and 4.x prior to the correction date
+including 3.5.1-RELEASE and 4.3-RELEASE are vulnerable to this
+problem, although exploitation is mitigated by the need for
+high-bandwidth access to the target machine.
+
+III. Impact
+
+IPv4-connected systems can be put into a resource-starved state from
+which they are unable to send or receive network traffic by the
+constant bombardment of the system by fragmented datagrams.
+
+IV. Workaround
+
+A possible workaround for systems which are under active attack is to
+increase the value of the NMBCLUSTERS kernel option on attacked
+machines and rebuild the kernel as described in the following URL:
+
+  http://www.freebsd.org/handbook/kernelconfig.html
+
+This may provide a temporary solution until the patch can be applied:
+normally, it is the cluster mbufs which are exhausted by this attack.
+By setting NMBCLUSTERS to a higher value, you may be able to prevent
+the mbuf memory pool from being starved.
+
+VI.  Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the
+RELENG_4_3 security-fix branch dated after the correction date.
+
+2) To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+[FreeBSD 4.x]
+This patch has been verified to apply to FreeBSD 4.2-RELEASE and
+4.3-RELEASE systems.  It may or may not apply to older, unsupported
+releases.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:52/frag-4.x.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:52/frag-4.x.patch.asc
+
+[FreeBSD 3.x]
+This patch has been verified to apply to FreeBSD 3.5.1-RELEASE
+systems.  It may or may not apply to older, unsupported releases.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:52/frag-3.x.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:52/frag-3.x.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src/
+# patch -p < /path/to/patch
+
+Rebuild the kernel as described in the following URL:
+
+  http://www.freebsd.org/handbook/kernelconfig.html
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+Since this vulnerability involves the FreeBSD kernel which is often
+locally customized on installed systems, a universal binary upgrade
+package is not feasible.  This package includes a patched version of
+the GENERIC kernel which should be suitable for use on many systems.
+Systems requiring a customized kernel must use an alternative
+solution.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:52/security-patch-fragment-01.52.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:52/security-patch-fragment-01.52.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-fragment-01.52.tgz
+
+The new kernel is named /kernel.GENERIC to avoid conflict with the
+default kernel name (``/kernel'').  To cause the system to boot
+automatically with the new kernel, add the following line to
+/boot/loader.conf:
+
+kernel="/kernel.GENERIC"
+
+and reboot the system to load the new kernel.  The old kernel is still
+available and can be manually loaded in the boot loader in case of
+problems.
+
+VII. Credits/References
+
+NetBSD wrote the original advisory from which large portions of this
+advisory was taken.
+
+<URL:http://www.securityfocus.com/vdb/bottom.html?vid=2799>
+<URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.asc>
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO28VK1UuHi5z0oilAQHU9AQAor9fi3Lp5Xtny/zPJpVcX4+96WvsqX4e
+j7xtydSKwbZg78AxCYzD53FnZ/Tmb0XCf6if0L+k4QFzBsmavauB2hoszJMuT1x0
+WdcQmBvzIy5Oibffv88Kev760K7icdkskWYTLPJMxmP0dec9NZBLkTcR6udMyy2u
+JbK9HknLMiE=
+=8PO/
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:53.ipfw.asc b/share/security/advisories/FreeBSD-SA-01:53.ipfw.asc
new file mode 100644
index 0000000000..34c682b89a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:53.ipfw.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:53                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          ipfw `me' on P2P interfaces matches remote address
+
+Category:       core
+Module:         ipfw
+Announced:      2001-08-17
+Credits:        Igor M Podlesny <poige@morning.ru>
+Affects:        FreeBSD 4-STABLE after February 20, 2001 and prior
+                  to the correction date
+                FreeBSD 4.3-RELEASE
+Corrected:      2001-07-17 10:50:01 UTC (FreeBSD 4.3-STABLE)
+                2001-07-18 06:56:23 UTC (RELENG_4_3)
+FreeBSD only:   YES
+
+I.   Background
+
+ipfw is a system facility which allows IP packet filtering,
+redirecting, and traffic accounting.  ipfw `me' rules are filter rules
+that specify a source or destination address of `me', intended to
+match any IP address configured on a local interface.
+
+II.  Problem Description
+
+A flaw in the implementation of the ipfw `me' rules when used in
+conjunction with point-to-point interfaces results in filter rules
+which match the remote IP address of the point-to-point interface in
+addition to the intended local IP address.
+
+III. Impact
+
+IP datagrams with a source or destination IP address of a remote
+point-to-point link may be handled in a way unintended by the system
+administrator.
+
+For example, given an interface such as
+
+  tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500
+          inet 1.1.1.1 --> 2.2.2.2 netmask 0xff000000
+
+and this ipfw rule:
+
+  00010 allow ip from me to any
+
+packets with a source address of 2.2.2.2 would be allowed to pass when
+the administrator may have reasonably expected it not to match this
+rule.
+
+IV.  Workaround
+
+Do not use ipfw `me' rules.  Rewrite any existing `me' rules to use
+explicit IP addresses.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the
+RELENG_4_3 security branch after the respective correction dates.
+
+2) FreeBSD 4.x systems prior to the correction date:
+
+The following patches have been verified to apply to FreeBSD
+4.3-RELEASE and 4-STABLE dated prior to the correction date.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:53/ipfw.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:53/ipfw.patch.asc
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# install -c -m 0444 -o root -g wheel /usr/src/sys/netinet/in_var.h /usr/include/netinet/
+# cd /usr/src/sbin/ipfw
+# make depend && make all install
+
+The following steps will be different depending upon whether your
+system has ipfw compiled into the kernel or is using the ipfw KLD.  If
+the output of `kldstat' includes `ipfw.ko', then you are using the KLD
+and should follow the directions listed in (2a) below.  Otherwise, if
+your kernel configuration file contains the line `options IPFIREWALL',
+you should follow the directions listed in (2b) below.
+
+2a) Execute the following commands as root:
+
+# cd /usr/src/sys/modules/ipfw
+# make depend && make all install
+
+2b) Rebuild and reinstall your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html
+
+In either case 2a) or 2b), you must reboot your system to load the new
+module or kernel.
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the
+files which are replaced by the package.  These backup copies will
+be reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:53/security-patch-ipfw-01.53.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:53/security-patch-ipfw-01.53.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-ipfw-01:53.tgz
+
+Restart your system after applying the patch.
+
+VI.   Correction details
+
+The following list contains the $FreeBSD$ revision numbers of each
+file that was corrected, for the supported branches of FreeBSD.  The
+$FreeBSD$ revision of installed sources can be examined using the
+ident(1) command.
+
+[FreeBSD 4.3-STABLE]
+
+  Revision  Path
+  1.33.4.1  src/sys/netinet/in_var.h
+
+[RELENG_4_3]
+
+  Revision  Path
+  1.33.2.2  src/sys/netinet/in_var.h
+
+VII.  References
+
+<URL:http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet/in_var.h#rev1.39>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO32OK1UuHi5z0oilAQGFaAQAoeOYBYHehpMs28K1K4BKneLF4/KBfel/
+NGmGslQVe4DHxiIfV2WWyQw1KjH/N8NSOiBsri8+pMZkFaOyBw1Q41vUCd+2pZW1
+97qYWj6aWjIlpNm9/zOPnWN6smge4OZ7UCqX1+VsP6nf8VBrEfOYl44hl82oCMk9
+S9NvqSOqDsI=
+=HqMM
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:54.ports-telnetd.asc b/share/security/advisories/FreeBSD-SA-01:54.ports-telnetd.asc
new file mode 100644
index 0000000000..12841e1034
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:54.ports-telnetd.asc
@@ -0,0 +1,142 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:54                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          telnetd contains remote buffer overflow
+
+Category:       ports
+Modules:        krb5/heimdal/SSLtelnet
+Announced:      2001-08-20
+Credits:        Sebastian <scut@nb.in-berlin.de>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-07-19 21:43:41 UTC (heimdal)
+                2001-07-24 15:29:39 UTC (krb5)
+                SSLtelnet port not yet corrected
+FreeBSD only:   NO
+
+I.   Background
+
+telnetd is the server for the telnet remote virtual terminal protocol.
+
+II.  Problem Description
+
+This advisory is closely related to the previously released
+FreeBSD-SA-01:49.telnetd.v1.1 advisory.  That advisory pertains to the
+telnetd included in the base FreeBSD system.  This advisory pertains
+to optional third-party telnetd implementations found in the FreeBSD
+ports collection.
+
+An overflowable buffer was found in the versions of telnetd included
+with several ports.  These ports include:
+
+  MIT Kerberos V (security/krb5) prior to version 1.2.2_2
+  Heimdal (security/heimdal) prior to version 0.4b_1
+  SSLtelnet (net/SSLtelnet) - this port is not yet fixed; see below.
+
+Due to incorrect bounds checking of data buffered for output to the
+remote client, an attacker can cause the telnetd process to overflow
+the buffer and crash, or execute arbitrary code as the user running
+telnetd, usually root.  A valid user account and password is not
+required to exploit this vulnerability, only the ability to connect to
+a telnetd server.
+
+These ports are not installed by default, nor are they "part of
+FreeBSD" as such: they are part of the FreeBSD ports collection, which
+contains over 5600 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.3 is vulnerable to
+this problem since it was discovered after its release, but the
+problems with the krb5 and heimdal ports were corrected prior to the
+(forthcoming) release of FreeBSD 4.4.
+
+The SSLtelnet vulnerability has not yet been corrected: due to
+divergences in the code, it is more difficult to correct the
+vulnerability in that port.  This advisory will be reissued once the
+vulnerability is corrected.
+
+III. Impact
+
+Remote users can cause arbitrary code to be executed as the user
+running telnetd, usually root.
+
+IV.  Workaround
+
+1) Disable the telnet service, which is usually run out of inetd:
+comment out lines in /etc/inetd.conf that begin with the word `telnet',
+if present, e.g.
+
+telnet stream tcp  nowait root /usr/local/libexec/telnetd telnetd
+
+telnet stream tcp6 nowait root /usr/local/libexec/telnetd telnetd
+
+and execute the following command as root:
+
+# kill -HUP `cat /var/run/inetd.pid`
+
+2) Impose access restrictions using TCP wrappers (/etc/hosts.allow),
+or a network-level packet filter such as ipfw(8) or ipf(8) on the
+perimeter firewall or the local machine, to limit access to the telnet
+service to trusted machines.
+
+3) Deinstall the affected ports/packages if they are installed.
+
+V.   Solution
+
+The updated ports include fixes for this vulnerability:
+   krb5-1.2.2_2 and later
+   heimdal-0.4b_1 and later
+
+1) Upgrade your entire ports collection and rebuild the affected
+ports (packages are not currently available for these ports).
+
+2) Download a new port skeleton for the affected ports from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+3) Use the portcheckout utility to automate option (2) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Affected port (module)
+  Path                                                           Revision
+- -------------------------------------------------------------------------
+MIT Kerberos V (krb5)
+  ports/security/krb5/Makefile                                       1.27
+  ports/security/krb5/files/patch-appl::telnet::telnetd::authenc.c    1.1
+  ports/security/krb5/files/patch-appl::telnet::telnetd::ext.h        1.2
+  ports/security/krb5/files/patch-appl::telnet::telnetd::slc.c        1.1
+  ports/security/krb5/files/patch-appl::telnet::telnetd::state.c      1.2
+  ports/security/krb5/files/patch-appl::telnet::telnetd::telnetd.c    1.2
+  ports/security/krb5/files/patch-appl::telnet::telnetd::termstat.c   1.1
+  ports/security/krb5/files/patch-appl::telnet::telnetd::utility.c    1.2
+Heimdal (heimdal)
+  ports/security/heimdal/Makefile                                    1.39
+  ports/security/heimdal/files/patch-ad                               1.6
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.securityfocus.com/advisories/3463>
+<URL:http://www.team-teso.net/advisories/teso-advisory-011.tar.gz>
+<URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.v1.1.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO4GGS1UuHi5z0oilAQENdgQAn48FDb8KqMftJGSS2ueRb9aZPuosS/3T
+2I6AC3AOtBIKe+3fhnURdivPIXBWMZ4GyzkctfvQ0NaKUnnVqTzoxdSVN4wStJ1e
+yXdJ9b4d5lyKvT0+JJI9IMylcA5o5kp5b36OpkB48Oo3y/4ZdiskJn3ZoU4zpBeU
++uCUTpg3TGM=
+=SChg
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:55.procfs.asc b/share/security/advisories/FreeBSD-SA-01:55.procfs.asc
new file mode 100644
index 0000000000..da27946f7f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:55.procfs.asc
@@ -0,0 +1,192 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:55                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          procfs vulnerability leaks set[ug]id process memory
+
+Category:       core
+Module:         procfs
+Announced:      2001-08-21
+Credits:        Joost Pol <joost@contempt.nl>
+Affects:        FreeBSD 4.x, 4.3-STABLE prior to the correction
+                date.
+Corrected:      2001-08-12 07:29 PDT (4.3-STABLE)
+                2001-08-13 12:45 PDT (RELENG_4_3)
+FreeBSD only:   Yes
+
+I.   Background
+
+procfs is the process filesystem, which presents a filesystem
+interface to the system process table, together with associated data.
+procfs provides access to the memory space of processes via the
+synthetic /proc/<pid>/mem file, subject to access control checks.
+
+linprocfs is an implementation of procfs which implements a
+Linux-style procfs, for use with Linux binaries so they can obtain
+access to exported kernel data.  It uses procfs to provide the
+/proc/<pid>/mem file.
+
+II.  Problem Description
+
+Prior to the migration of system monitoring utilities (such as ps(8))
+to use the sysctl(8) management interface, these utilities formerly
+used procfs and direct kernel memory access to extract process
+information, and they ran with the setgid kmem privilege to allow
+direct kernel memory access.  The procfs code checks for gid kmem
+privilege when granting access to the /proc/<pid>/mem file -- however,
+the code which is used to allow read-only access via the kmem group
+was incorrect, and inappropriately granted read access to the caller
+as long as they already had an open file descriptor for the procfs mem
+file.
+
+The result of this problem is that if a process initially has
+debugging rights to a second process, it may retain access to the
+target process' memory space, even if the target process has upgraded
+privilege by virtue of performing an execve() call on a setuid or
+setgid process.  This vulnerability can lead to the leaking of
+sensitive information from such processes, which could be used as the
+basis for additional attacks, resulting in escalation of attacker
+privilege on the system.
+
+The linprocfs filesystem is also vulnerable to the problem if procfs
+support is available in the kernel (statically compiled in, or
+dynamically loaded as a module).  If procfs support is not available
+then linprocfs is not vulnerable to this problem.
+
+All released versions of FreeBSD 4.x including FreeBSD 4.3-RELEASE are
+vulnerable to this problem if the procfs filesystem is in use.  It was
+corrected prior to the (forthcoming) release of FreeBSD 4.4-RELEASE.
+
+III. Impact
+
+Attackers may be able to extract sensitive system information, such as
+password hashes from the /etc/master.passwd file, from setuid or
+setgid processes, such as su(1).  This information could be used by
+attackers to escalate their privileges, possibly yielding root
+privileges on the local system.
+
+Because this attack may only be used on processes that initially are
+"debuggable" by the attacking process, this attack is limited to
+executed processes which gain privilege by virtue of being setuid or
+setgid, and so it cannot be used against other processes which are
+already running with privilege such as already-running daemons
+containing sensitive system information.
+
+IV. Workaround
+
+To work around the problem, perform the following steps as root:
+
+Unmount all instances of the procfs and linprocfs filesystems using
+the unmount(8) command:
+
+# umount -f -a -t procfs
+# umount -f -a -t linprocfs
+
+Disable the automatic mounting of all instances of procfs in /etc/fstab:
+remove or comment out the line(s) of the following form:
+
+proc			/proc		procfs	rw	0	0
+proc			/compat/linux/proc linprocfs rw	0	0
+
+V. Solution
+
+1) Upgrade your vulnerable system to 4.3-STABLE or the RELENG_4_3
+security branch, dated after the respective correction dates.
+
+2) To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:55/procfs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:55/procfs.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+This patch has been verified to apply to FreeBSD 4.3-RELEASE and
+4.2-RELEASE (users of 4.2-RELEASE should already have the patch from
+FreeBSD SA-00:77.procfs installed).  It may or may not apply to older,
+unsupported releases of FreeBSD.
+
+# cd /usr/src/sys
+# patch -p < /path/to/patch
+
+If procfs is statically compiled into the kernel (i.e. the kernel
+configuration file contains the line 'options PROCFS'), then rebuild
+and reinstall your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system with the new kernel for the changes to take effect.  By default
+procfs is statically compiled in the GENERIC kernel configuration.
+
+If procfs is dynamically loaded by KLD (use the kldstat(8) command to
+verify whether this is the case) and the system securelevel has not
+been raised to a level of 1 or higher, the system can be patched at
+run-time without requiring a reboot by performing the following steps
+after patching the source as described above:
+
+# cd /usr/src/sys/modules/procfs
+# make depend
+# make all install
+# umount -f -a -t procfs
+# kldunload procfs
+# kldload procfs
+# mount -a -t procfs
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the
+files which are replaced by the package.  These backup copies will
+be reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:55/security-patch-procfs-01.55.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:55/security-patch-procfs-01.55.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-procfs-01.55.tgz
+
+Restart your system after applying the patch.
+
+VI.  CVS Revisions
+
+The following $FreeBSD$ CVS revisions contain the fixes for this
+vulnerability.  The $FreeBSD$ revision of installed sources can be
+examined using the ident(1) command.  These revision IDs are not
+updated by applying the patch referenced above.
+
+[FreeBSD 4.3-STABLE]
+
+  Revision  Path
+  1.3.2.5   src/sys/i386/linux/linprocfs/linprocfs_vnops.c
+  1.32.2.2  src/sys/miscfs/procfs/procfs.h
+  1.46.2.2  src/sys/miscfs/procfs/procfs_mem.c
+  1.76.2.5  src/sys/miscfs/procfs/procfs_vnops.c
+
+[RELENG_4_3]
+
+  Revision      Path
+  1.3.2.3.2.1   src/sys/i386/linux/linprocfs/linprocfs_vnops.c
+  1.32.2.1.2.1  src/sys/miscfs/procfs/procfs.h
+  1.46.2.1.2.1  src/sys/miscfs/procfs/procfs_mem.c
+  1.76.2.3.2.1  src/sys/miscfs/procfs/procfs_vnops.c
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO4LGfFUuHi5z0oilAQGvFAP9Es3OpWi/tolP9Kfbw3+EWCfGupQ9QMtP
+xTKwwmp8epr+So1x+bHNaXBdGm5DJq4fvqUOh5kUHkNM5Gfkp2gPPwWXB9J6Ct3e
+ut3nUlJBeY8K+qV8DGdH4/InuW4HG+Jvw0WSGCmTZnz6q17K0ESJXp2cS5qB7eeL
+/66o9YNotkE=
+=FHFP
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc b/share/security/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc
new file mode 100644
index 0000000000..7a0d6dfd9c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc
@@ -0,0 +1,135 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:56                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          tcp_wrappers PARANOID hostname checking does not work
+
+Category:       core
+Module:         tcp_wrappers
+Announced:      2001-08-23
+Credits:        Tony Finch <dot@dotat.at>
+Affects:        FreeBSD 4.1.1-RELEASE
+		FreeBSD 4.2-RELEASE
+		FreeBSD 4.3-RELEASE
+		FreeBSD 4.3-STABLE before the correction date
+Corrected:      2001-07-04 20:18:11 UTC (FreeBSD 4.3-STABLE)
+                2001-07-04 20:18:54 UTC (RELENG_4_3)
+FreeBSD only:   Yes
+
+I.   Background
+
+FreeBSD has included Wietse Venema's tcp_wrappers since 3.2-RELEASE.
+tcp_wrappers allows one to add host-based ACLs to network
+applications, and additionally provides connection logging and some
+detection of DNS spoofing.
+
+II.  Problem Description
+
+The addition of a flawed check for a numeric result during reverse DNS
+lookup causes tcp_wrappers to skip some of its sanity checking of DNS
+results.  These sanity checks are only enabled by the 'PARANOID' ACL
+option in the configuration file, and simply weaken the 'PARANOID'
+host checks to the level of assurance provided by the regular host
+ACLs.
+
+This vulnerability was corrected prior to the (forthcoming) release of
+FreeBSD 4.4-RELEASE.
+
+III. Impact
+
+An attacker that can influence the results of reverse DNS lookups can
+bypass certain tcp_wrappers PARANOID ACL restrictions by impersonating
+a trusted host.  Such an attacker would need to be able to spoof
+reverse DNS lookups, or more simply the attacker may be the
+administrator of the DNS zone including the IP address of the remote
+host.
+
+IV.  Workaround
+
+None.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the
+RELENG_4_3 security branch after the respective correction dates.
+
+2) FreeBSD 4.x systems prior to the correction date:
+
+The following patche has been verified to apply to FreeBSD
+4.2-RELEASE, 4.3-RELEASE and 4.3-STABLE dated prior to the correction
+date.  This patch may or may not apply to older, unsupported releases
+of FreeBSD.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:56/tcp_wrappers.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:56/tcp_wrappers.patch.asc
+
+# cd /usr/src/
+# patch -p < /path/to/patch
+# cd /usr/src/lib/libwrap
+# make depend && make all install
+
+One must also recompile any statically linked applications that link
+against libwrap.a.  There are no such applications in the base system.
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the
+files which are replaced by the package.  These backup copies will
+be reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:56/security-patch-tcp_wrappers-01.56.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:56/security-patch-tcp_wrappers-01.56.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-tcp_wrappers-01.56.tgz
+
+VI.   Correction details
+
+The following list contains the $FreeBSD$ revision numbers of each
+file that was corrected, for the supported branches of FreeBSD.  The
+$FreeBSD$ revision of installed sources can be examined using the
+ident(1) command.  The patch provided above does not cause these
+revision numbers to be updated.
+
+[FreeBSD 4.3-STABLE]
+
+  Revision     Path
+  1.2.2.3      src/contrib/tcp_wrappers/socket.c
+
+[RELENG_4_3]
+
+  Revision     Path
+  1.2.2.2.2.1  src/contrib/tcp_wrappers/socket.c  
+
+VII.  References
+
+<URL:http://www.freebsd.org/cgi/cvsweb.cgi/src/contrib/tcp_wrappers/socket.c#rev1.6>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO4VsbFUuHi5z0oilAQGSLgQAlmWnYpSy1Da8Yvs4XkpQTgN32/9aBhM0
+yMM+qnd80ZYUayTNyqxKvgJDc7nROUa/qt+lWp6U1a9wuQEPX72Zq7549l8/SfuB
+IkCsnwf6w8lzMCVYzTQeWm7qvf00QOWsqPCvIbw61SwPN1FfF8WLYBUCuT3hShJx
+r8mBg+t55eY=
+=az63
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:57.sendmail.asc b/share/security/advisories/FreeBSD-SA-01:57.sendmail.asc
new file mode 100644
index 0000000000..118affff77
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:57.sendmail.asc
@@ -0,0 +1,163 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:57                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          sendmail contains local root vulnerability [REVISED]
+
+Category:       core
+Module:         sendmail
+Announced:      2001-08-27
+Revised:        2001-08-30
+Credits:        Cade Cairnss <cairnsc@securityfocus.com>
+Affects:        FreeBSD 4-STABLE after August 27, 2000 and prior to
+                the correction date, FreeBSD 4.1.1-RELEASE,
+                4.2-RELEASE, 4.3-RELEASE
+Corrected:      2001-08-21 01:36:37 UTC (FreeBSD 4.3-STABLE)
+                2001-08-22 05:34:11 UTC (RELENG_4_3)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2001-08-27  Initial release
+v1.1  2001-08-30  Update package to remove setuid bit from saved file;
+                  add non-openssl package; correct typo in package
+                  instructions; note that $Id: FreeBSD-SA-01:57.sendmail.asc,v 1.2 2001/09/06 21:05:35 kris Exp $ not updated in
+                  RELENG_4_3.
+
+I.   Background
+
+sendmail is a mail transfer agent.
+
+II.  Problem Description
+
+Sendmail contains an input validation error which may lead to the
+execution of arbitrary code with elevated privileges by local users.
+Due to the improper use of signed integers in code responsible for the
+processing of debugging arguments, a local user may be able to supply
+the signed integer equivalent of a negative value supplied to
+sendmail's "trace vector".  This may allow a local user to write data
+anywhere within a certain range of locations in process memory.
+Because the '-d' command-line switch is processed before the program
+drops its elevated privileges, the attacker may be able to cause
+arbitrary code to be executed with root privileges. 
+
+III. Impact
+
+Local users may be able to execute arbitrary code with root privileges.
+
+IV.  Workaround
+
+Do not allow untrusted users to execute the sendmail binary.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the
+RELENG_4_3 security branch after the respective correction dates.
+
+2) FreeBSD 4.x systems after August 27, 2000 and prior to the
+correction date:
+
+The following patch has been verified to apply to FreeBSD
+4.1.1-RELEASE, 4.2-RELEASE, 4.3-RELEASE and 4-STABLE dated prior to
+the correction date.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:57/sendmail.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:57/sendmail.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# cd /usr/src/lib/libsmutil
+# make depend && make all
+# cd /usr/src/usr.sbin/sendmail
+# make depend && make all install
+
+3) FreeBSD 4.3-RELEASE systems:
+
+** NOTE: The initial version of the upgrade package did not remove
+** setuid root privileges from the saved copy of the sendmail binary.
+** To correct this, deinstall the old package using the pkg_delete(1)
+** command and install the corrected package as described below.
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the
+files which are replaced by the package.  These backup copies will
+be reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+Two versions of the package are available, depending on whether or not
+OpenSSL is installed.  If the file /usr/lib/libcrypto.so exists on the
+local system, follow the directions in section 1a) below, otherwise
+follow the directions in section 1b).  After adding the package,
+proceed with the instructions in section 2).
+
+1a) If crypto is installed:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:57/security-patch-sendmail-crypto-01.57.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:57/security-patch-sendmail-crypto-01.57.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-sendmail-crypto-01.57.tgz
+
+1b) If crypto is not installed:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:57/security-patch-sendmail-nocrypto-01.57.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:57/security-patch-sendmail-nocrypto-01.57.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-sendmail-nocrypto-01.57.tgz
+
+2) Restart sendmail after applying the patch by executing the following
+commands as root:
+
+# killall sendmail
+# /usr/sbin/sendmail -bd -q30m
+
+The flags to sendmail may need to be adjusted as required for the
+local system configuration.
+
+VI.   Correction details
+
+The following is the sendmail $Id: FreeBSD-SA-01:57.sendmail.asc,v 1.2 2001/09/06 21:05:35 kris Exp $ revision number of the file that
+was corrected for the supported branches of FreeBSD.  The $Id: FreeBSD-SA-01:57.sendmail.asc,v 1.2 2001/09/06 21:05:35 kris Exp $
+revision number of the installed source can be examined using the
+ident(1) command.  Note that the $Id: FreeBSD-SA-01:57.sendmail.asc,v 1.2 2001/09/06 21:05:35 kris Exp $ tag was not updated on the
+RELENG_4_3 branch because a newer vendor release of sendmail was not
+imported, instead only this vulnerability was patched.
+
+  Revision   Path
+  8.20.22.4  src/contrib/sendmail/src/trace.c
+
+VII.  References
+
+<URL:http://www.securityfocus.com/bid/3163>
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO46RWlUuHi5z0oilAQH+VwP+MBpBopVejzWdHAjm0cEslleHZThEjja4
+qNd28CAQOy5KAdDcP61pqT2LcxlFUXyjRPjcVo6eqGaO63Lz3Ov2nnm3LPfcyR18
+PQaQkezGxTIfORuXxZiNA4EI51zjoquIRVWwMJaR1Azx+vf/u9XPIDVKA7rkL3df
+wvTf9D4V7ZU=
+=L1XV
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:58.lpd.asc b/share/security/advisories/FreeBSD-SA-01:58.lpd.asc
new file mode 100644
index 0000000000..d96e2c8c77
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:58.lpd.asc
@@ -0,0 +1,157 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:58                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          lpd contains remote root vulnerability
+
+Category:       core
+Module:         lpd
+Announced:      2001-08-30
+Credits:        ISS X-Force <xforce@iss.net>
+Affects:        All released versions FreeBSD 4.x, 3.x,
+                FreeBSD 4.3-STABLE, 3.5.1-STABLE prior to the correction
+                date
+Corrected:      2001-08-30 09:27:41 UTC (FreeBSD 4.3-STABLE)
+                2001-08-30 09:28:35 UTC (RELENG_4_3)
+                2001-08-30 09:46:44 UTC (FreeBSD 3.5.1-STABLE)
+FreeBSD only:   NO
+
+I.   Background
+
+lpd is the BSD line printer daemon used to print local and remote
+print jobs.
+
+II.  Problem Description
+
+Users on the local machine or on remote systems which are allowed to
+access the local line printer daemon may be able to cause a buffer
+overflow.  By submitting a specially-crafted incomplete print job and
+subsequently requesting a display of the printer queue, a static
+buffer overflow may be triggered.  This may cause arbitrary code to be
+executed on the local machine as root.
+
+In order to remotely exploit this vulnerability, the remote machine
+must be given access to the local printer daemon via a hostname entry
+in /etc/hosts.lpd or /etc/hosts.equiv.  lpd is not enabled on FreeBSD
+by default.
+
+All versions of FreeBSD prior to the correction date including FreeBSD
+4.3 contain this problem.  The base system that will ship with FreeBSD
+4.4 does not contain this problem since it was corrected before the
+release.
+
+III. Impact
+
+Users on the local machine and on remote systems which are allowed to
+connect to the local printer daemon may be able to trigger a buffer
+overflow causing arbitrary code to be executed on the local system as
+root.
+
+lpd is not enabled by default.  If you have not enabled lpd, your
+system is not vulnerable.
+
+IV.  Workaround
+
+Disable lpd by executing the following command as root:
+
+# killall lpd
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.3-STABLE or the
+RELENG_4_3 security branch after the respective correction dates.
+
+2) FreeBSD 3.x, 4.x systems prior to the correction date:
+
+The following patches have been verified to apply to FreeBSD
+4.2-RELEASE, 4.3-RELEASE, 4.3-STABLE and 3.5.1-STABLE dated prior to
+the correction date.  It may or may not apply to older, unsupported
+versions of FreeBSD.
+
+Download the relevant patch and the detached PGP signature from the
+following locations, and verify the signature using your PGP utility.
+
+[FreeBSD 4.3-RELEASE, 4.3-STABLE]
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-4.3.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-4.3.patch.asc
+
+[FreeBSD 4.2-RELEASE, 3.5.1-STABLE]
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-01:58/lpd-3.x-4.2.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# cd /usr/src/usr.sbin/lpr
+# make depend && make all install
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:58/security-patch-lpd-01.58.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:58/security-patch-lpd-01.58.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-lpd-01.58.tgz
+
+Restart lpd after applying the patch by executing the following
+commands as root:
+
+# killall lpd
+# /usr/sbin/lpd
+
+VI.   Correction details
+
+The following is the $FreeBSD$ revision number of the file that was
+corrected for the supported branches of FreeBSD.  The $FreeBSD$
+revision number of the installed source can be examined using the
+ident(1) command.  The patch provided above does not cause these
+revision numbers to be updated.
+
+[FreeBSD 4.3-STABLE]
+  Revision       Path
+  1.15.2.8        src/usr.sbin/lpr/common_source/displayq.c
+
+[RELENG_4_3]
+  Revision       Path
+  1.15.2.3.2.1   src/usr.sbin/lpr/common_source/displayq.c
+
+[FreeBSD 3.5.1-STABLE]
+  Revision       Path
+  1.14.2.2       src/usr.sbin/lpr/common_source/displayq.c
+
+VII.  References
+
+<URL: http://xforce.iss.net/alerts/advise93.php>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO46QLFUuHi5z0oilAQEJQQQAkjEeA8fQMhbFswTq743vCdfGKTSZbXRI
+IF1hbTPKQ8G+dX57lMDgkR7WiFOf/DR9AFuX6gevCslCNJo8hySW74UxnnRv67/6
+lsNUqWfAXD+d/yDUMO6amWUlz8xFNpIHa5Zf8F1QaPI3TBzrKKPekFUa3sHwlBD1
+WSFK0ZoFMgw=
+=8ZK/
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:59.rmuser.asc b/share/security/advisories/FreeBSD-SA-01:59.rmuser.asc
new file mode 100644
index 0000000000..7ba66f613b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:59.rmuser.asc
@@ -0,0 +1,131 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:59                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          rmuser contains a race condition exposing /etc/master.passwd
+
+Category:       core
+Module:         rmuser
+Announced:      2001-09-04
+Credits:	dynamo@harvard.net
+Affects:        FreeBSD 4.2-RELEASE, 4.3-RELEASE
+                FreeBSD 4.3-STABLE prior to the correction date.
+Corrected:      2001-07-28 12:10:15 UTC (4.3-STABLE)
+                2001-09-04 07:46:57 UTC (RELENG_4_3)
+FreeBSD only:   Yes
+
+I.   Background
+
+rmuser is a perl script used to completely remove users from a system.
+
+II.  Problem Description
+
+When removing a user from the system with the rmuser utility, the
+/etc/master.passwd file and it's corresponding database /etc/spwd.db
+must be updated.  The rmuser script was incorrectly doing this by
+creating a new master.passwd file with an unsafe umask and then using
+chmod to set its permissions to 0600.  Between the time that the file
+was created and the time that its permissions were changed the file is
+world-readable.
+
+This is only a minor security vulnerability since the rmuser command
+is only used infrequently on most systems, and the attack is highly
+timing-dependent.
+
+All versions of FreeBSD prior to the correction date including FreeBSD
+4.3 contain this problem.  The base system that will ship with FreeBSD
+4.4 does not contain this problem since it was corrected prior to the
+release.
+
+III. Impact
+
+For a brief amount of time while running rmuser, a world-readable copy
+of /etc/master.passwd is available.  A local attacker who reads this
+file can extract password hashes from the copy of /etc/master.passwd.
+This information could be used by attackers to escalate their
+privileges, possibly yielding root privileges on the local system, by
+mounting an offline dictionary attack in order to guess the plaintext
+passwords of the accounts on the local system.
+
+IV. Workaround
+
+Use the pw(8) utility to remove users instead of rmuser.
+    
+    - "pw userdel <username>" will only remove the user from
+      /etc/passwd, /etc/master.passwd and /etc/group
+    - "pw -r userdel <username>" will also remove the user's home
+      dirrectory
+
+V. Solution
+
+1) Upgrade your vulnerable system to 4.3-STABLE or the RELENG_4_3
+security branch, dated after the respective correction dates.
+
+2) To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:59/rmuser.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:59/rmuser.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+This patch has been verified to apply to FreeBSD 4.2-RELEASE and
+4.3-RELEASE.  It may or may not apply to older, unsupported releases
+of FreeBSD.
+
+# cd /usr/src/usr.sbin/adduser
+# patch -p < /path/to/patch
+# make depend && make all install
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:59/security-patch-rmuser-01.59.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:59/security-patch-rmuser-01.59.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-rmuser-01.59.tgz
+
+VI.  CVS Revisions
+
+The following $FreeBSD$ CVS revision contain the fixes for this
+vulnerability.  The $FreeBSD$ revision of installed sources can be
+examined using the ident(1) command.  These revision IDs are not
+updated by applying the patch referenced above.
+
+[FreeBSD 4.3-STABLE]
+
+  Revision      Path
+  1.8.2.5       src/usr.sbin/rmuser.perl
+
+[RELENG_4_3]
+
+  Revision      Path
+  1.8.2.2.2.1   src/usr.sbin/rmuser.perl
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO5SH1lUuHi5z0oilAQEWLAQAniPWZpgjNvhoT6ECltW4G9lKlsswDur9
+WMKkX2KEvZ9pswx3rqkn1IC+kBTfgdwwhU/54dyx1HKb2XJH5QdGpW/H/niTox4z
+ImJjctZNvnEuB52si1+Ivx3avwgw57YjAsJgLcv+CYYW+iizX1zVFBjdce6PDQgI
+pb50qM0sJYA=
+=hxQ5
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:60.procmail.asc b/share/security/advisories/FreeBSD-SA-01:60.procmail.asc
new file mode 100644
index 0000000000..faaf28705a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:60.procmail.asc
@@ -0,0 +1,106 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:60                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Multiple vulnerabilities in procmail signal handling
+
+Category:       ports
+Module:         procmail
+Announced:      2001-09-24
+Credits:        Philip A. Guenther <guenther@sendmail.com>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-06-29 06:46:38 2001 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+procmail is an incoming mail processor, typically used to implement
+mail filters as well as sorting incoming mail into folders.
+
+II.  Problem Description
+
+procmail versions prior to procmail 3.20 performed unsafe actions
+while in the signal handlers.  If a signal is delivered while procmail
+is already in an unsafe signal handler, undefined behaviour may
+result, possibly leading to the ability to perform actions as the
+superuser under unprivileged local user control.
+
+The procmail port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 5900 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.4 is not
+vulnerable to this problem since it was discovered before its release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Because procmail runs setuid root, a local attacker may be able to
+take advantage of these problems in order to obtain superuser
+privileges, although there are no known exploits as of the date of
+this advisory.
+
+IV.  Workaround
+
+1) Deinstall the procmail port/package if you have it installed.
+
+V.   Solution
+
+The port procmail-3.20 and later versions include fixes for these
+vulnerabilities.
+
+1) Upgrade your entire ports collection and rebuild the procmail port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/procmail-3.21.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/procmail-3.21.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) Download a new port skeleton for the procmail port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/mail/procmail/Makefile                                         1.38
+ports/mail/procmail/distinfo                                         1.11
+- -------------------------------------------------------------------------  
+
+VII. References
+
+<URL:http://www.somelist.com/mail.php/282/view/1200950>
+<URL:http://www.xray.mpe.mpg.de/mailing-lists/procmail/2001-06/msg00369.html>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO6+biVUuHi5z0oilAQHoEgP9HCVVpBp0+sTfJR5ATE2B5rVCLk6qQZVC
+oGsQ2Xr5pm6JZfcFM4iuSPqdd8weosX6l1g81uyBTM7aHvae5ul+iQLNkFyW2CeI
+98lGEa2pWV9Qw7/c19/nUSHwTGr++9XtUGysfnpI/zSQqGjkcNJF3gVe4Hsn153Q
+wJ5Y519JoC4=
+=Ti/S
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:61.squid.asc b/share/security/advisories/FreeBSD-SA-01:61.squid.asc
new file mode 100644
index 0000000000..d90652ddde
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:61.squid.asc
@@ -0,0 +1,109 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:61                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Squid in accelerator-only mode ignores ACLs
+
+Category:       ports
+Modules:        squid22, squid23, squid24
+Announced:      2001-10-08
+Credits:        Paul Nasrat <pnasrat@uk.now.com>
+Affects:        Ports collection prior to the correction date.
+Corrected:      2001-07-29 12:29:00 (squid23)
+                2001-08-28 16:48:35 2001 UTC (squid24)
+FreeBSD only:   NO
+
+I.   Background
+
+The Squid Internet Object Cache is a web proxy/cache.
+
+II.  Problem Description
+
+If squid is configured in acceleration-only mode (http_accel_host is
+set, but http_accel_with_proxy is off), then as a result of a bug,
+access control lists (ACLs) are ignored.
+
+III. Impact
+
+A remote attacker may use the squid server in order to issue requests
+to hosts that are otherwise inaccessible.  Because the squid server
+processes these requests as HTTP requests, the attacker cannot send or
+retrieve arbitrary data.  However, the attacker could use squid's
+response to determine if a particular port is open on a victim host.
+Therefore, the squid server may be used to conduct a port scan.
+
+IV.  Workaround
+
+1) Do not run squid in acceleration-only mode.
+
+2) Deinstall the squid port/package if you have it installed.
+
+V.   Solution
+
+The port squid-2.3_1 and later 2.3 versions, and the port squid-2.4_5
+and later 2.4 versions include fixes for this vulnerability.  The
+squid-2.3 and squid-2.2 ports have been deprecated and removed from
+the ports collection, and users are advised to upgrade to squid-2.4 as
+soon as possible.
+
+1) Upgrade your entire ports collection and rebuild the squid port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/squid-2.3_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/squid-2.4_5.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/squid-2.3_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/squid-2.4_5.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) Download a new port skeleton for the procmail port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Affected port
+  Path                                                           Revision
+- -------------------------------------------------------------------------
+squid22
+  *NOT CORRECTED*
+squid23
+  ports/www/squid23/Makefile                                         1.78
+  ports/www/squid23/distinfo                                         1.57
+squid24
+  ports/www/squid24/Makefile                                         1.84
+  ports/www/squid24/distinfo                                         1.61
+- -------------------------------------------------------------------------  
+
+VII. References
+
+<URL:http://www.squid-cache.org/bugs/show_bug.cgi?id=215>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO8IVHVUuHi5z0oilAQGK1AP+MZ+Drf7VzdO1O0nr4SIIS8/FGmLYsIha
+WsjWUBpmIeQk/c8jjLDMu32yIRoZNSu3F1Alc4XieDznAE8ZjburLMHY9RrQHOOY
+WKuBcjjgSpmeB84MVIT0nCOtlI6+cmk7gLflxNYwUY1QKkIff5KrhTRqByJnICW3
++g0WZtpdinE=
+=js2W
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:62.uucp.asc b/share/security/advisories/FreeBSD-SA-01:62.uucp.asc
new file mode 100644
index 0000000000..86cedc7986
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:62.uucp.asc
@@ -0,0 +1,160 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:62                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          UUCP allows local root exploit
+
+Category:       core
+Module:         uucp
+Announced:      2001-10-08
+Credits:        zen-parse@gmx.net
+Affects:        All released versions of FreeBSD 4.x prior to 4.4.
+                FreeBSD 4.3-STABLE prior to the correction date.
+Corrected:      2001-09-10 20:22:57 UTC (FreeBSD 4.3-STABLE)
+                2001-09-10 22:30:28 UTC (RELENG_4_3)
+FreeBSD only:   NO
+
+I.   Background
+
+Taylor UUCP is an implementation of the Unix-to-Unix Copy Protocol, a
+protocol sometimes used for mail delivery on systems where permanent
+IP connectivity to the internet is not available.
+
+II.  Problem Description
+
+The UUCP suite of utilities allow a user-specified configuration file
+to be given on the command-line.  This configuration file is
+incorrectly processed by the setuid uucp and/or setgid dialer UUCP
+utilities while running as the uucp user and/or dialer group, and
+allows unprivileged local users to execute arbitrary commands as the
+uucp user and/or dialer group.
+
+Since the uucp user owns most of the UUCP binaries (this is required
+for UUCP to be able to write to its spool directory during normal
+operation, by virtue of being setuid) the attacker can replace these
+binaries with trojaned versions which execute arbitrary commands as
+the user which runs them.  The uustat binary is run as root by default
+during the daily maintenance scripts.
+
+All versions of FreeBSD 4.x prior to the correction date including
+4.3-RELEASE are vulnerable to this problem, but it was corrected prior
+to the release of FreeBSD 4.4-RELEASE.
+
+III. Impact
+
+Unprivileged local users can overwrite the uustat binary, which is
+executed as root by the daily system maintenance scripts.  This allows
+them to execute arbitrary commands as root the next time the daily
+maintenance scripts are run.
+
+IV.  Workaround
+
+One or more of the following:
+
+1) Set the noschg flag on all binaries owned by the uucp user:
+
+# chflags schg /usr/bin/cu /usr/bin/uucp /usr/bin/uuname \
+/usr/bin/uustat /usr/bin/uux /usr/bin/tip /usr/libexec/uucp/uucico \
+/usr/libexec/uucp/uuxqt
+
+2) Remove the above binaries from the system, if UUCP is not in use.
+
+3) Disable the daily UUCP maintenance tasks by adding the following
+lines to /etc/periodic.conf:
+
+# 340.uucp
+daily_uuclean_enable="NO"                              # Run uuclean.daily
+
+# 410.status-uucp
+daily_status_uucp_enable="NO"                          # Check uucp status
+
+# 300.uucp
+weekly_uucp_enable="NO"                                # Clean uucp weekly
+
+V.   Solution
+
+We recommend that UUCP be removed entirely from systems containing
+untrusted users: to remove UUCP, refer to the directions in section IV
+above.  Compiling the UUCP binaries when rebuilding the FreeBSD system
+can be prevented by adding the following line to /etc/make.conf:
+
+NOUUCP=true
+
+1) Upgrade your vulnerable FreeBSD system to 4.4-RELEASE, 4.4-STABLE
+or the RELENG_4_3 security branch dated after the respective
+correction dates.
+
+2) To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+[FreeBSD 4.3]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:62/uucp.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:62/uucp.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# make depend && make all install
+
+3) FreeBSD 4.3-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.3-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:62/security-patch-uucp-01.62.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:62/security-patch-uucp-01.62.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-uucp-01.62.tgz
+
+VI.   Correction details
+
+The following is the $FreeBSD$ revision number of the file that was
+corrected for the supported branches of FreeBSD.  The $FreeBSD$
+revision number of the installed source can be examined using the
+ident(1) command.  The patch provided above does not cause these
+revision numbers to be updated.
+
+[FreeBSD 4.3-STABLE]
+  Revision       Path
+
+[RELENG_4_3]
+  Revision     Path
+  1.8.4.1      src/gnu/libexec/uucp/cu/Makefile
+  1.6.4.1      src/gnu/libexec/uucp/uucp/Makefile
+  1.5.4.1      src/gnu/libexec/uucp/uuname/Makefile
+  1.5.4.1      src/gnu/libexec/uucp/uustat/Makefile
+  1.6.4.1      src/gnu/libexec/uucp/uux/Makefile
+  1.10.8.1     src/usr.bin/tip/tip/Makefile
+  1.3.2.2.2.1  src/etc/periodic/daily/410.status-uucp
+
+VII.  References
+
+<URL: http://www.securityfocus.com/bid/3312>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBO8IU0FUuHi5z0oilAQFE4gP/dqLwzjAk3M5fhtfsENFy0OAlzQA70SG3
+IJibpH19KdjcQX53CrLI/wI34JXqCVfiGpw2kLSysL6yfbBI+3Z2YUxPRaxrtoGF
+9R4ZcCuuLuE14pCmAtWnLEdXFHVRThJzsLzk2xEZkhYU5hufW3+IqfIMcMNayQbf
+BSI5/zAjPG4=
+=TBLy
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:63.openssh.asc b/share/security/advisories/FreeBSD-SA-01:63.openssh.asc
new file mode 100644
index 0000000000..4a2cffbf2a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:63.openssh.asc
@@ -0,0 +1,271 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:63                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          OpenSSH UseLogin directive permits privilege escalation
+                [REVISED]
+
+Category:       core/ports
+Module:         openssh
+Announced:      2001-12-02
+Revised:        2001-12-06
+Credits:        Markus Friedl <markus@OpenBSD.org>
+Affects:        FreeBSD 4.3-RELEASE, 4.4-RELEASE
+                FreeBSD 4.4-STABLE prior to the correction date
+                Ports collection prior to the correction date
+Corrected:      2001-12-03 00:53:28 UTC (RELENG_4)
+                2001-12-03 00:54:18 UTC (RELENG_4_4)
+                2001-12-03 00:54:54 UTC (RELENG_4_3)
+                2001-12-02 06:52:40 UTC (openssh port)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2001-12-02  Initial release
+v1.1  2001-12-06  Corrected patch instructions
+
+I.   Background
+
+OpenSSH is an implementation of the SSH1 and SSH2 secure shell
+protocols for providing encrypted and authenticated network access,
+which is available free for unrestricted use. Versions of OpenSSH are
+included in the FreeBSD ports collection and the FreeBSD base system.
+
+II.  Problem Description
+
+OpenSSH includes a feature by which a user can arrange for
+environmental variables to be set depending upon the key used for
+authentication.  These environmental variables are specified in the
+`authorized_keys' (SSHv1) or `authorized_keys2' (SSHv2) files in the
+user's home directory on the server.  This is normally safe, as this
+environment is passed only to the user's shell, which is invoked with
+user privileges.
+
+However, when the OpenSSH server `sshd' is configured to use
+the system's login program (via the directive `UseLogin yes' in
+sshd_config), this environment is passed to login, which is invoked
+with superuser privileges.  Because certain environmental variables
+such as LD_LIBRARY_PATH and LD_PRELOAD can be set using the previously
+described feature, the user may arrange for login to execute arbitrary
+code with superuser privileges.
+
+All versions of FreeBSD 4.x prior to the correction date including
+FreeBSD 4.3 and 4.4 are potentially vulnerable to this problem.
+However, the OpenSSH server is configured to not use the system login
+program (`UseLogin no') by default, and is therefore not vulnerable
+unless the system administrator has changed this setting.
+
+In addition, there are two versions of OpenSSH included in the
+ports collection.  One is ports/security/openssh, which is the
+BSD-specific version of OpenSSH.  Versions of this port prior to
+openssh-3.0.2 exhibit the problem described above.  The other is
+ports/security/openssh-portable, which is not vulnerable, even if the
+server is set to `UseLogin yes'.
+
+III. Impact
+
+Hostile but otherwise legitimate users that can successfully
+authenticate using public key authentication may cause /usr/bin/login
+to run arbitrary code as the superuser.
+
+If you have not enabled the 'UseLogin' directive in the sshd
+configuration file, you are not vulnerable to this problem.
+
+IV.  Workaround
+
+Doing one of the following will eliminate the vulnerability:
+
+1) Configure sshd to not use the system login program.  Edit the
+   server configuration file and change any `UseLogin' directives
+   to `UseLogin no'.  This is the preferred workaround.
+
+2) If for whatever reason, disabling `UseLogin' is not possible,
+   then one can instead disable public key authentication.  Edit the
+   server configuration file and change any `RSAAuthentication',
+   `DSAAuthentication', or `PubKeyAuthentication' directives
+   to `RSAAuthentication no', `DSAAuthentication no', and
+   `PubKeyAuthentication no', respectively.
+
+For sshd included in the base system (/usr/bin/sshd), the
+server configuration file is `/etc/ssh/sshd_config'.  For sshd
+from the ports collection, the server configuration file is
+`/usr/local/etc/sshd_config'.
+
+After modifying the sshd configuration file, the sshd daemon must be
+restarted by executing the following command as root:
+
+# kill -HUP `cat /var/run/sshd.pid`
+
+V.   Solution
+
+1) Upgrade the vulnerable system to 4.3-RELEASEp21, 4.4-RELEASEp1, or
+4.4-STABLE after the correction date, or patch your current system
+source code and rebuild.
+
+2) FreeBSD 4.x systems prior to the correction date:
+
+The following patch has been verified to apply to FreeBSD
+4.3-RELEASE, 4.4-RELEASE, and 4.4-STABLE dated prior to the
+correction date.  It may or may not apply to older, unsupported
+versions of FreeBSD.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:63/sshd.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-01:63/sshd.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src/crypto/openssh
+# patch < /path/to/sshd.patch
+# cd /usr/src/secure/lib/libssh
+# make depend && make all
+# cd /usr/src/secure/usr.sbin/sshd
+# make depend && make all install
+
+3) FreeBSD 4.4-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.4-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state.  In addition, the package automatically restarts
+the sshd daemon if it is running.
+
+Three versions of the upgrade package are available, depending on
+whether or not the system has the kerberosIV or kerberos5
+distributions installed.
+
+3a) For systems without kerberosIV or kerberos5 installed:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-01.63.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-01.63.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-sshd-01.63.tgz
+
+3b) For systems with kerberosIV only installed:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-01.63.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-01.63.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-sshd-kerberosIV-01.63.tgz
+
+3c) For systems with kerberos5 only installed:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberos5-01.63.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberos5-01.63.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-sshd-kerberos5-01.63.tgz
+
+3d) For systems with both kerberosIV and kerberos5 installed:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-kerberos5-01.63.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-01:63/security-patch-sshd-kerberosIV-kerberos5-01.63.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-sshd-kerberosIV-kerberos5-01.63.tgz
+
+[Ports collection]
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the OpenSSH port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/openssh-3.0.2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/openssh-3.0.2.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available. Be
+sure to check the file creation date on the package, because the
+version number of the software has not changed.
+
+3) Download a new port skeleton for the openssh port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI. Correction details
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/crypto/openssh/session.c
+  HEAD                                                               1.18
+  RELENG_4                                                       1.4.2.11
+  RELENG_4_4                                                  1.4.2.8.4.1
+  RELENG_4_3                                                  1.4.2.8.2.1
+src/crypto/openssh/version.h
+  HEAD                                                                1.9
+  RELENG_4                                                    1.1.1.1.2.7
+  RELENG_4_4                                              1.1.1.1.2.5.2.1
+  RELENG_4_3                                              1.1.1.1.2.4.2.1
+ports/security/openssh/Makefile                                      1.79
+- -------------------------------------------------------------------------
+
+For OpenSSH included in the base system, there is a version string
+indicating which FreeBSD localizations are available.  The following
+table lists the version strings for each branch which include this
+security fix:
+
+Branch                                                     Version string
+- -------------------------------------------------------------------------
+HEAD                         OpenSSH_2.9 FreeBSD localisations 20011202
+RELENG_4                     OpenSSH_2.9 FreeBSD localisations 20011202
+RELENG_4_4                   OpenSSH_2.3.0 FreeBSD localisations 20011202
+RELENG_4_3                   OpenSSH_2.3.0 green@FreeBSD.org 20011202
+- -------------------------------------------------------------------------
+
+To view the version string of the OpenSSH server, execute the following
+command:
+
+  % /usr/sbin/sshd -\?
+
+The version string is also displayed when a client connects to the
+server.
+
+VII. References
+
+<URL:http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c#rev1.110>
+-----BEGIN PGP SIGNATURE-----
+Comment: http://www.nectar.cc/pgp
+
+iQCVAwUBPBDzPFUuHi5z0oilAQECogP+IDA7Sn9Rzfk6W+LDly1YlZHu8A6qRg0R
+umq5u4ZbNRxEmUgGGpRkZ7U4dn25LCbECqhXu+UZLXHTn2gLN1gt9HTNIaNo4fmS
+E8Y+6JPMfJfQc/er1VmD1YNDkWd0VS88gwfnbHby9GiwGv4geRpIe/VsgvA8Fc1d
+vpOYor3W6ag=
+=7u2U
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:64.wu-ftpd.asc b/share/security/advisories/FreeBSD-SA-01:64.wu-ftpd.asc
new file mode 100644
index 0000000000..8820bc4e4f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:64.wu-ftpd.asc
@@ -0,0 +1,111 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:64                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          wu-ftpd port contains remote root compromise
+
+Category:       ports
+Module:         wu-ftpd
+Announced:      2001-12-04
+Credits:        CORE Security Technologies
+                Contact: Ivan Arce (iarce@corest.com)
+Affects:        Ports collection prior to the correction date
+Corrected:      2001-11-28 10:52:26 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+wu-ftpd is a popular full-featured FTP server.
+
+II.  Problem Description
+
+The wu-ftpd port, versions prior to wu-ftpd-2.6.1_7, contains a
+vulnerability which allows FTP users, both anonymous FTP users and
+those with valid accounts, to execute arbitrary code as root on
+the local machine.  This may be accomplished by inserting invalid
+globbing parameters which are incorrectly parsed by the FTP server
+into command input.
+
+The wu-ftpd port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 6000 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.4 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+FTP users, including anonymous FTP users, can cause arbitrary commands
+to be executed as root on the local machine.
+
+If you have not chosen to install the wu-ftpd port/package, then your
+system is not vulnerable to this problem.
+
+IV.  Workaround
+
+Deinstall the wu-ftpd port/package, if you have installed it.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the wu-ftpd port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/ftp/wu-ftpd-2.6.1_7.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/ftp/wu-ftpd-2.6.1_7.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources
+
+NOTE: It may be several days before updated packages are available. Be
+sure to check the file creation date on the package, because the
+version number of the software has not changed.
+
+3) download a new port skeleton for the wu-ftpd port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/ftp/wu-ftpd/Makefile                                         1.41
+ports/ftp/wu-ftpd/files/patch-ap                                   1.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.securityfocus.com/archive/1/242750>
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPA0CA1UuHi5z0oilAQENSQP9HaHiACNyiHZtV8ILnUZWb+D01qf0wTy2
+gbZJGfKL/JTP41KLR4EpUitF5SZ+3Zjm8Ebv8XXCjCFWgIBU1xhZaXgi2U9PRLlG
+XxHKzvpGnTuBj3uJiLs2UvAbQ9Jz5Wp02u6fJV75dcbnXTPLSGRvxJZwOb2FHxnE
+MBUlG+QDpPw=
+=sp+c
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:65.libgtop.asc b/share/security/advisories/FreeBSD-SA-01:65.libgtop.asc
new file mode 100644
index 0000000000..123cc61146
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:65.libgtop.asc
@@ -0,0 +1,124 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:65                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Buffer overflow in libgtop_server
+
+Category:       ports
+Module:         libgtop
+Announced:      2001-12-11
+Credits:        Flavio Veloso <flaviovs@magnux.com>
+Affects:        Ports collection prior to the correction date
+Corrected:      2001-11-29 15:06:19 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+libgtop is a library for gtop, the GNOME version of the top command.
+The top command is a tool to display and update information about the
+top cpu processes.
+
+II.  Problem Description
+
+The libgtop port versions prior to libgtop-1.0.12_1 contain a stack
+buffer overflow in libgtop_server, allowing an arbitrary amount of
+data from the client application (assumed to be gtop) to be read
+into a fixed-sized buffer.  A local attacker can exploit this bug to
+cause libgtop_server to execute arbitrary code. libgtop_server runs
+with increased privileges as a member of group kmem, which allows
+it to read kernel memory (but not write it).  A process with the
+ability to read from kernel memory can monitor privileged data such as
+network traffic, disk buffers and terminal activity, and may be able
+to leverage this to obtain further privileges on the local system or
+on other systems, including root privileges.
+
+The libgtop port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 6000 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.4 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A successful exploit of this stack buffer overflow would allow an
+attacker arbitrary access to kernel memory, possibly acquiring
+information allowing further increases in privileges.
+
+No exploit is known to exist at this time, and it is not known
+whether this buffer overflow is exploitable even in theory.  In any
+case, local access to the machine on which libgtop_server is running
+is required to attempt an attack.
+
+IV.  Workaround
+
+1) Deinstall the libgtop port/package if you have it installed.
+
+OR
+
+2) Remove the setgid bit from the libgtop_server executable by
+executing the following command as root:
+
+# chmod g-s `which libgtop_server`
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/libgtop-1.0.12_1.tar.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/libgtop-1.0.12_1.tar.gz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available. Be
+sure to check the file creation date on the package, because the
+version number of the software has not changed.
+
+3) Download a new port skeleton for the libgtop port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/devel/libgtop/Makefile                                         1.45
+ports/devel/libgtop/files/patch-src::daemon::gnuserv.c                1.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.securityfocus.com/archive/1/242922>
+
+-----BEGIN PGP SIGNATURE-----
+Comment: http://www.nectar.cc/pgp
+
+iQCVAwUBPBY6xlUuHi5z0oilAQHwmQQAh3KtiIcKjmw5e9B2ABmdRYlwWFVEgN9F
+QlUj8NqiDUaekQoLb5p923Y8VC0/9e/alRrnvd4kcmVmU8PUpXNaMp4cHz1mHnLQ
+7w4QQ+qzmEOGJFOiUjE21FY8gPR3HH2rKiIOJyeHezRkUqhWMqlERJ08hnmtqjib
+2TukQesxbzw=
+=gyPX
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:66.thttpd.asc b/share/security/advisories/FreeBSD-SA-01:66.thttpd.asc
new file mode 100644
index 0000000000..107284c67c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:66.thttpd.asc
@@ -0,0 +1,92 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:66                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          thttpd port contains remotely vulnerability
+
+Category:       ports
+Module:         thttpd
+Announced:      2001-12-11
+Credits:        GOBBLES SECURITY
+Affects:        Ports collection prior to the correction date
+Corrected:      2001-11-22 00:10:56 UTC
+FreeBSD only:   no
+
+I.   Background
+
+thttpd is a simple, small, portable, fast, and secure HTTP server.
+
+II.  Problem Description
+
+In auth_check(), there is an off-by-one error in computing the amount
+of memory needed for storing a NUL terminated string.  Specifically, a
+stack buffer of 500 bytes is used to store a string of up to 501 bytes
+including the terminating NUL.
+
+III. Impact
+
+Due to the location of the affected buffer on the stack, this bug
+can be exploited using ``The poisoned NUL byte'' technique (see
+references).  A remote attacker can hijack the thttpd process,
+obtaining whatever privileges it has.  By default, the thttpd process
+runs as user `nobody'.
+
+IV.  Workaround
+
+1) Deinstall the thttpd port/package if you have it installed.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/thttpd-2.22.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/thttpd-2.22.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) Download a new port skeleton for the thttpd port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/www/thttpd/Makefile                                            1.23
+ports/www/thttpd/distinfo                                            1.20
+ports/www/thttpd/files/patch-fdwatch.c                            removed
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.securityfocus.com/archive/1/241310>
+<URL:http://www.securityfocus.com/archive/1/10884>
+-----BEGIN PGP SIGNATURE-----
+Comment: http://www.nectar.cc/pgp
+
+iQCVAwUBPBY6x1UuHi5z0oilAQEHrgQAgscqPT0AVJcotWgO1t8WuJQyNukLHnDS
+qGa8LT7ebuMY/Nl6JJzTYudwmr16RtJNPSYTfk1eHPWgAYzKyiNM7uMU87ZDplpM
+FOggQbjdhFPNUE3WK8P2cmdm+7mrZbdWGJmvZpYH4TRNn6yQVV4F8tENl+nPu3I+
+5IGxGqgr2vA=
+=1MCH
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:67.htdig.asc b/share/security/advisories/FreeBSD-SA-01:67.htdig.asc
new file mode 100644
index 0000000000..a446a3d69a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:67.htdig.asc
@@ -0,0 +1,110 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:67                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          htdig configuration file vulnerability
+
+Category:       ports
+Module:         htdig
+Announced:      2001-12-17
+Credits:        Rafal Wojtczuk <nergal@7bulls.com>
+Affects:        Ports collection prior to the correction date
+Corrected:      2001-09-25 07:08:47 2001 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+htsearch is a part of htdig. The htdig system is a complete World Wide
+Web indexing and searching system.
+
+II.  Problem Description
+
+htsearch can be run either remotely as a CGI or from the command line.
+htsearch supports several options for use from the command line, such
+as an option specifying a configuration file that it should use.
+However, these options are not limited to use via the command line.
+When run as a CGI script, htsearch still honors these options, which
+may be passed as part of the URL.  As a result, a remote attacker can
+request that htsearch use any file that the webserver has sufficient
+privilege to read as a configuration file.
+
+The htsearch port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 6000 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.4 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A remote attacker may use htsearch as a kind of denial-of-service
+attack by causing it to read a never-ending special file such as
+`/dev/null'.
+
+More seriously, if the attacker has a local account or can otherwise
+create a file on the target system (such as via anonymous FTP upload
+or Samba), then he can remotely read any file on the target system for
+which the webserver has sufficient privilege.
+
+IV.  Workaround
+
+1) Deinstall the htdig port/package if you have it installed.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the htdig port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/textproc/htdig-3.1.5_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/textproc/htdig-3.1.5_1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) Download a new port skeleton for the htdig port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/textproc/htdig/Makefile                                        1.20
+ports/textproc/htdig/file/patch-htsearch_cc                           1.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://sourceforge.net/tracker/?func=detail&atid=104593&aid=458013&group_id=4593>
+<URL:http://www.geocrawler.com/archives/3/8822/2001/9/100/6685429/>
+
+-----BEGIN PGP SIGNATURE-----
+Comment: http://www.nectar.cc/pgp
+
+iQCVAwUBPB4x3FUuHi5z0oilAQHsFgP/XYz0xj2mb7RjsKxkrM0Ymtur3CJAWjc/
+2lNGjTWMCg46PFX+wlLkd5O37Ryr6wPALamLJu30WmYNgIMPU64vlTrqXVzgPgwv
+ZZP3xv8qKTNrZwo40QYxTgeWF2dxIHAztrcD25CEUvrgPTAs0ZjwLKoVxM3sCqyl
+Fr2A/AN+JWw=
+=oZgk
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-01:68.xsane.asc b/share/security/advisories/FreeBSD-SA-01:68.xsane.asc
new file mode 100644
index 0000000000..777d1375e5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-01:68.xsane.asc
@@ -0,0 +1,106 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-01:68                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          xsane port uses insecure temporary file handling
+
+Category:       ports
+Module:         xsane
+Announced:      2001-12-17
+Credits:        Tim Waugh <twaugh@redhat.com>, michal@harddata.com
+Affects:        Ports collection prior to the correction date
+Corrected:      2001-12-14 01:58:36 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+The XSane application is a gtk based X11 front-end to the SANE
+(Scanner Access Now Easy) library used to interface with scanners.
+XSane will acquire images using devices such as scanners and cameras.
+
+II.  Problem Description
+
+XSane creates temporary files in /tmp during the process of scanning
+images and to communicate with SANE (the back-end application which
+actually performs the scans) during image preview and save.
+
+However XSane creates temporary files using mktemp(3), which can be
+easily predicted (see the BUGS section of the mktemp(3) man page).
+This makes XSane vulnerable to exploit, opening the opportunity for a
+user's files to be overwritten through a race condition.
+
+The xsane port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 6000 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.4 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A local user may be able to cause xsane (run by another user) to
+overwrite any file for which the latter user has sufficient privilege.
+While it is advisable to run XSane with a non-privileged user account,
+many users run it using the root account, increasing the risk.
+
+IV.  Workaround
+
+1) Deinstall the xsane port/package if you have it installed.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/graphics/xsane-0.82.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/graphics/xsane-0.82.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available. Be
+sure to check the file creation date on the package, because the
+version number of the software has not changed.
+
+3) Download a new port skeleton for the xsane port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/graphics/xsane/Makefile                                        1.30
+ports/graphics/xsane/distinfo                                        1.20
+ports/graphics/xsane/pkg-plist                                       1.18
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Comment: http://www.nectar.cc/pgp
+
+iQCVAwUBPB4x0lUuHi5z0oilAQGbNwP+NZpON4EgH8X/5Jzqr9ITnB4R3ljyka52
+lf1fuHrVgX1JJAi5SCFcNaJWcLC44Y24+Yzs4b3zsGszMS+dkG8GrkO+wD2nsTjq
+KTEGy8o+3Wyon/gcGQkU1AyhLdfticZhVSTubkcfg8AZUvkQV7zPuvLVronOcYGb
+QKpTRN0MDJo=
+=qr4R
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc b/share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc
new file mode 100644
index 0000000000..eb22d75ff9
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:01.pkg_add.asc
@@ -0,0 +1,108 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:01                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Directory permission vulnerability in pkg_add [REVISED]
+
+Category:       core
+Module:         pkg_install
+Announced:      2002-01-04
+Revised:        2002-01-07
+Credits:        The Anarcat <anarcat@anarcat.dyndns.org>
+Affects:        All versions of FreeBSD prior to the correction date.
+Corrected:      2001/11/22 17:40:36 UTC (4.4-STABLE aka RELENG_4)
+                2001/12/07 20:58:46 UTC (4.4-RELEASEp1 aka RELENG_4_4)
+                2001/12/07 20:57:19 UTC (4.3-RELEASEp21 aka RELENG_4_3)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-01-04  Initial release
+v1.1  2002-01-07  Correct terminology in problem description.
+
+I.   Background
+
+pkg_add is a utility program used to install software package
+distributions on FreeBSD systems.
+
+II.  Problem Description
+
+pkg_add extracts the contents of the package to a temporary directory,
+then moves files from the temporary directory to their ultimate
+destination on the system.  The temporary directory used in the
+extraction was created with world-searchable permissions, allowing
+arbitrary users to examine the contents of the package as it was
+being extracted.  This might allow users to attack world-writable
+parts of the package during installation.
+
+III. Impact
+
+A local attacker may be able to modify the package contents and
+potentially elevate privileges or otherwise compromise the system.
+There are no known exploits as of the date of this advisory.
+
+IV.  Workaround
+
+1) Remove or discontinue use of the pkg_add binary until it has
+been upgraded.
+
+2) When running pkg_add, create a secure temporary directory (such
+as /var/tmp/inst) and secure the directory permissions (chmod 700
+/var/tmp/inst).  Set the TMPDIR environment variable to this
+directory before running pkg_add.
+
+V.   Solution
+
+1) Upgrade your vulnerable FreeBSD system to 4.4-STABLE, or the
+RELENG_4_4 or RELENG_4_3 security branches dated after the respective
+correction dates.
+
+2) FreeBSD 4.x systems prior to the correction date:
+
+The following patch has been verified to apply to FreeBSD 4.3-RELEASE,
+4.4-RELEASE, and 4-STABLE dated prior to the correction date.  This
+patch may or may not apply to older, unsupported releases of FreeBSD.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/pkg_add.patch
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:01/pkg_add.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# cd /usr/src/usr.sbin/pkg_install
+# make depend && make all install
+
+VI.  Correction details
+
+The following list contains the $FreeBSD$ revision numbers of each
+file that was corrected in the FreeBSD source
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/usr.sbin/pkg_install/lib/pen.c
+  HEAD                                                               1.37
+  RELENG_4                                                       1.31.2.6
+  RELENG_4_4                                                 1.31.2.2.2.1
+  RELENG_4_3                                                 1.31.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32172>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPDnE7VUuHi5z0oilAQHc3AP+IVLft31MShGngUPRQOQRHsNPjdqwdacj
+ptKjsMfGCpDRyqgIc8CoaI/Bln6VKkKS3HuOYx4pYOPY5QjBPy9JpPSJrAxP/H/N
+424apgpo2eCmGcoIbCdM2RH1YYyKZANzt5igWNss1FbppvYbVwx+zZPBA4dyl9MZ
+8rat83zoMAc=
+=g74K
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:02.pw.asc b/share/security/advisories/FreeBSD-SA-02:02.pw.asc
new file mode 100644
index 0000000000..2a5c1bf259
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:02.pw.asc
@@ -0,0 +1,97 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:02                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          pw(8) race condition may allow disclosure of master.passwd
+
+Category:       core
+Module:         pw
+Announced:      2002-01-04
+Credits:        ryan beasley <ryanb@goddamnbastard.org>
+Affects:        All releases prior to 4.5-RELEASE,
+                4.4-STABLE prior to the correction date
+Corrected:      2001-12-21 15:21:32 UTC (4.4-STABLE aka RELENG_4)
+                2001-12-21 15:22:55 UTC (4.4-RELEASEp1 aka RELENG_4_4)
+                2001-12-21 15:23:04 UTC (4.3-RELEASEp21 aka RELENG_4_3)
+FreeBSD only:   YES
+
+I.   Background
+
+The pw(8) utility is used to create, remove, modify, and display system
+users and groups.
+
+II.  Problem Description
+
+When creating, removing, or modifying system users, the pw utility
+modifies the system password file `/etc/master.passwd'.  This file
+contains the users' encrypted passwords and is normally only readable
+by root.  During the modification, a temporary copy of the file is
+created. However, this temporary file is mistakenly created with
+permissions that allow it to be read by any user.
+
+III. Impact
+
+A local attacker can read the temporary file created by pw(8) and
+use the encrypted passwords to conduct an off-line dictionary attack.
+A successful attack would result in the recovery of one or more
+passwords.  Because the temporary file is short-lived (it is removed
+almost immediately after creation), this can be difficult to exploit:
+an attacker must `race' to read the file before it is removed.
+
+IV.  Workaround
+
+1) Do not use pw(8) to create, remove, or modify system users.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4-STABLE (RELENG_4), the
+4.4-RELEASE security-fix branch (RELENG_4_4), or the 4.3-RELEASE
+security-fix branch (RELENG_4_3), dated after the correction date.
+
+2) FreeBSD 4.x systems prior to the correction date:
+
+The following patch has been verified to apply to FreeBSD 4.3-RELEASE,
+4.4-RELEASE, and 4-STABLE dated prior to the correction date.  This
+patch may or may not apply to older, unsupported releases of FreeBSD.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:02/pw.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/pw
+# make depend && make all install
+
+VI.  Correction details
+
+The following list contains the $FreeBSD$ revision numbers of each
+file that was corrected in the FreeBSD source
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/usr.sbin/pw/pwupd.c
+  HEAD (CURRENT)                                                     1.18
+  RELENG_4 (4-STABLE)                                            1.12.2.4
+  RELENG_4_4 (4.4-RELEASE security branch)                   1.12.2.3.4.1
+  RELENG_4_3 (4.3-RELEASE security branch)                   1.12.2.3.2.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPDZOB1UuHi5z0oilAQE/FQP/UjSXBA+ntiemKMpvgQfHkvNFjT/L9VC6
+j1q7yhuM+JKIeQcAiotvEFmnRjZquJaNTvBRa4TSbr9943smZ7w8wC3lzq4aLBSv
+e4L1F/uIUx19hyeEDL8FEdE5hqiltFJVa605pNoyLtLBQx9UfYkdfZo9SqFtAIdl
+qNU0wX2XJU0=
+=g2Uh
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc b/share/security/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc
new file mode 100644
index 0000000000..d849bf38b7
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:03.mod_auth_pgsql.asc
@@ -0,0 +1,104 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:03                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          mod_auth_pgsql port authentication bypass
+
+Category:       ports
+Module:         mod_auth_pgsql
+Announced:      2002-01-04
+Credits:        RUS CERT <URL:http://cert.uni-stuttgart.de/>
+Affects:        Ports collection prior to the correction date
+Corrected:      2001-10-02 11:33:49 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+mod_auth_pgsql is an Apache module which allows the Apache web server
+to use a PostgreSQL database for user and/or group authentication.
+
+II.  Problem Description
+
+The mod_auth_pgsql port, versions prior to mod_auth_pgsql-0.9.9,
+contain a vulnerability that may allow a remote user to cause
+arbitrary SQL code to be execute.  mod_auth_pgsql constructs a SQL
+statement to be executed by the PostgreSQL server in order to lookup
+user information.  The username given by the remote user is inserted
+into the SQL statement without any quoting or other safety checks.
+
+The mod_auth_pgsql port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 6000 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.4 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A remote user may insert arbitrary SQL code into the username during
+authentication, leading to several exploit opportunities.  In
+particular, the attacker may cause mod_auth_pgsql to use a known fixed
+password hash for user verification, allowing him to authenticate as
+any user and obtain unauthorized access to web server data.
+
+IV.  Workaround
+
+1) Deinstall the mod_auth_pgsql port/package if you have it installed.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/mod_auth_pgsql-0.9.9.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/mod_auth_pgsql-0.9.9.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) Download a new port skeleton for the mod_auth_pgsql port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the $FreeBSD$ revision numbers of each
+file that was corrected in the FreeBSD source
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/www/mod_auth_pgsql/Makefile                                     1.3
+ports/www/mod_auth_pgsql/distinfo                                     1.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://cert.uni-stuttgart.de/advisories/apache_auth.php>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPDZOBVUuHi5z0oilAQHfNgQAgp9FKI4P0XfSzBdbcdOnqPCBJji4TPLS
+gENpCcvT55dWcGjYr0XsJrsk1NhF3Qq0TR8CnN2OmWaxx1ugoqwdc6o0vqzYIQ5H
+DAwBK4tbYOBYmram7A+0VBbTxPlHTnTop56i3/w2xaxafMHdlrzB2zCO7pimU83i
+2MAKa0dLwS4=
+=l5iu
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:04.mutt.asc b/share/security/advisories/FreeBSD-SA-02:04.mutt.asc
new file mode 100644
index 0000000000..2f57cb3d99
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:04.mutt.asc
@@ -0,0 +1,116 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:04                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          mutt ports contain remotely exploitable buffer overflow
+                [REVISED]
+
+Category:       ports
+Module:         mutt
+Announced:      2002-01-04
+Revised:        2002-01-06
+Credits:        Joost Pol <joost@contempt.nl>
+Affects:        Ports collection prior to the correction date
+Corrected:      2002-01-02 13:52:03 UTC (ports/mail/mutt: 1.2.x)
+                2002-01-02 03:39:01 UTC (ports/mail/mutt-devel: 1.3.x)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-01-04  Initial release
+v1.1  2002-01-06  Corrected typo in mutt port version.
+
+I.   Background
+
+Mutt is a small but very powerful text-based mail client for Unix
+operating systems.
+
+II.  Problem Description
+
+The mutt ports, versions prior to mutt-1.2.5_1 and
+mutt-devel-1.3.24_2, contain a buffer overflow in the handling of
+email addresses in headers.
+
+The mutt and mutt-devel ports are not installed by default, nor are
+they "part of FreeBSD" as such: they are parts of the FreeBSD ports
+collection, which contains over 6000 third-party applications in a
+ready-to-install format. The ports collection shipped with FreeBSD 4.4
+contains this problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+An attacker may send an email message with a specially crafted email
+address in any of several message headers to the victim.  When the
+victim reads the message using mutt and encounters that email address,
+the buffer overflow is triggered and may result in arbitrary code
+being executed with the privileges of the victim.
+
+IV.  Workaround
+
+1) Deinstall the mutt and mutt-devel ports/packages if you have them
+installed.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the ports.
+
+2) Deinstall the old packages and install news package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mutt-1.2.5_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/mutt-devel-1.3.24_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mutt-1.2.5_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/mutt-devel-1.3.24_2.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available.
+
+3) Download a new port skeleton for the mutt or mutt-devel port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the $FreeBSD$ revision numbers of each
+file that was corrected in the FreeBSD source
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/mail/mutt/Makefile                                            1.110
+ports/mail/mutt/files/patch-rfc822.c                                  1.1
+ports/mail/mutt-devel/Makefile                                      1.141
+ports/mail/mutt-devel/files/patch-rfc822-security                     1.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.mutt.org/announce/mutt-1.2.5.1-1.3.25.html>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPDiTdlUuHi5z0oilAQFUhwP9GrypvSZsDm4VXsvv0bTXMdgySDM6nR+f
+lTe+WtKuJu6unu/Befb5ep2Nb/nt4AzRZzwR/8b9amROk63eFa5fHe8RrwZa7aug
+9BGGTOWtH+PKYrqB4BAGMBsEYPEleUyED4XTc/wrCrYGXigNTxgRKAeBmxe8UMO1
+G7SzKi2sFYE=
+=dHuU
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:05.pine.asc b/share/security/advisories/FreeBSD-SA-02:05.pine.asc
new file mode 100644
index 0000000000..57ff8eb04c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:05.pine.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:05                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          pine port insecure URL handling [REVISED]
+
+Category:       ports
+Module:         pine
+Announced:      2002-01-04
+Revised:        2002-01-10
+Credits:        zen-parse <zen-parse@gmx.net>
+Affects:        Ports collection prior to the correction date
+Corrected:      2002-01-10 16:47:18 UTC
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-01-04  Initial release.
+v1.1  2002-01-10  Corrected vulnerable versions and the `Corrected details'
+                  section.
+
+I.   Background
+
+PINE is an application for reading mail and news.
+
+II.  Problem Description
+
+The pine port, versions previous to pine-4.44, handles URLs in
+messages insecurely.  PINE allows users to launch a web browser to
+visit a URL embedded in a message.  Due to a programming error, PINE
+does not properly escape meta-characters in the URL before passing it
+to the command shell as an argument to the web browser.
+
+The pine port is not installed by default, nor is it "part of FreeBSD"
+as such: it is part of the FreeBSD ports collection, which contains
+over 6000 third-party applications in a ready-to-install format. The
+ports collection shipped with FreeBSD 4.4 contains this problem since
+it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+An attacker can supply commands enclosed in single quotes ('') in a
+URL embedded in a message sent to the victim.  If the user then
+decides to view the URL, PINE will launch a command shell which will
+then execute the attacker's commands with the victim's privileges.  It
+is possible to obfuscate the URL so that it will not necessarily seem
+dangerous to the victim.
+
+IV.  Workaround
+
+1) Deinstall the pine port/package if you have it installed.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/mail/pine-4.44.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/mail/pine-4.44.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available.
+
+3) Download a new port skeleton for the pine port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the $FreeBSD$ revision numbers of each
+file that was corrected in the FreeBSD Ports Collection since
+4.4-RELEASE.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/mail/pine4/Makefile                                            1.61
+ports/mail/pine4/distinfo                                            1.20
+ports/mail/pine4/files/patch-aa                                       1.4
+ports/mail/pine4/files/patch-ac                                      1.11
+ports/mail/pine4/files/patch-af                                      1.12
+ports/mail/pine4/files/patch-ai                                      1.11
+ports/mail/pine4/files/patch-aj                                       1.5
+ports/mail/pine4/files/patch-ak                                       1.6
+ports/mail/pine4/files/patch-al                                      1.11
+ports/mail/pine4/files/patch-am                                       1.6
+ports/mail/pine4/files/patch-an                                       1.5
+ports/mail/pine4/files/patch-ap                                       1.3
+ports/mail/pine4/files/patch-at                                       1.6
+ports/mail/pine4/files/patch-au                                       1.4
+ports/mail/pine4/files/patch-ax                                       1.5
+ports/mail/pine4/files/patch-az                                       1.3
+ports/mail/pine4/files/patch-be                                       1.1
+ports/mail/pine4/files/patch-bf                                       1.1
+ports/mail/pine4/files/patch-bg                                       1.1
+ports/mail/pine4/files/patch-reply.c                                  1.2
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPD3LZlUuHi5z0oilAQH6EAP/bz0Yeydx2zCmQb0j4zmbKM5R8McyKaYb
+tl/Vo/ViCll6xKXUuAOjFpyIkQMOmHGLwHXmqjJD+XRb0hSgrsCqRmWhUicppZjH
+dY0zjvtKspbDN37ScOO+MJmGsmq1mfZGs8JUMCbYivDuLhRM/5bvnenUsigNUaQW
+hkwKI6heurk=
+=BQ0F
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:06.sudo.asc b/share/security/advisories/FreeBSD-SA-02:06.sudo.asc
new file mode 100644
index 0000000000..cbdae8968a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:06.sudo.asc
@@ -0,0 +1,103 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:06                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          sudo port may enable local privilege escalation
+
+Category:       ports
+Module:         sudo
+Announced:      2002-01-16
+Credits:        Sebastian Krahmer <krahmer@suse.de>
+Affects:        Ports collection prior to the correction date
+Corrected:      2002-01-15 02:56:33 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+Sudo is a program designed to allow a sysadmin to give limited root
+privileges to users and log root activity.
+
+II.  Problem Description
+
+The sudo port, versions prior to sudo-1.6.4.1, contains a
+vulnerability that may allow a local user to obtain superuser
+privileges.
+
+If a user who has not been authorized by the system administrator
+(listed in the `sudoers' file) attempts to use sudo, sudo will send an
+email alert.  When it does so, it invokes the system mailer with
+superuser privileges, and with most of the user's environment intact.
+
+The sudo port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 6000 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.4 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+If the system mailer's behavior can be influenced by the settings of
+environmental variables, then an attacker may obtain superuser
+privileges.  There is at least one mailer (postfix) that can be
+influenced in this fashion.
+
+IV.  Workaround
+
+1) Deinstall the sudo port/package if you have it installed.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/sudo-1.6.4.1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/sudo-1.6.4.1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available.
+
+3) Download a new port skeleton for the sudo port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/security/sudo/Makefile                                         1.43
+ports/security/sudo/distinfo                                         1.26
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPEYIq1UuHi5z0oilAQEgTAP/YXD+lSngGwbloUn09xvwgn8i5uGaEX5O
+Rj1v7XM3HRT/Gmr1CJiK7LtMbj/iilHzC2YiTAUHyxYzdEU7k9SnLgxK6rcSYNql
+5wkYL1asHQhFPYejEqQVPKejrr4L/+/bYmQbkLKc9EMdErnhYoNrw6QbN+XvmO6p
+oAzSK07ixi4=
+=rmb8
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:07.k5su.asc b/share/security/advisories/FreeBSD-SA-02:07.k5su.asc
new file mode 100644
index 0000000000..724f3453e8
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:07.k5su.asc
@@ -0,0 +1,186 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:07                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Kerberos 5 su command uses getlogin for authorization
+
+Category:       krb5, ports
+Module:         crypto/heimdal/appl/su, heimdal
+Announced:      2002-01-18
+Credits:        Aaron <lumpy@musicvision.com>
+Affects:        FreeBSD 4.4-RELEASE
+                FreeBSD 4.4-STABLE prior to the correction date
+                Ports collection prior to the correction date
+Corrected:      2002-01-15 21:52:48 UTC (RELENG_4)
+                2002-01-17 15:45:05 UTC (RELENG_4_4)
+                2001-10-31 19:58:05 UTC (heimdal port)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-01-18  Initial release
+v1.1  2002-09-09  Corrected date of heimdal port correction
+
+I.   Background
+
+The getlogin and setlogin system calls are used to manage the user
+name associated with a login session.
+
+k5su is a Kerberos 5-enabled su program.  Like su, it allows
+authorized users to `switch user' in order to obtain additional
+privileges.
+
+II.  Problem Description
+
+The setlogin system call, the use of which is restricted to the
+superuser, is used to associate a user name with a login session.  The
+getlogin system call is used to retrieve that user name.  The setlogin
+system call is typically used by applications such as login and sshd.
+
+The k5su command included with FreeBSD, versions prior to 4.5-RELEASE,
+and the su command included in the heimdal port, versions prior to
+heimdal-0.4e_2, use the getlogin system call in order to determine
+whether the currently logged-in user is `root'.  In some
+circumstances, it is possible for a non-privileged process to have
+`root' as the login name returned by getlogin.
+
+The `k5su' command may be installed as part of FreeBSD when Kerberos 5
+support is requested, or it may be installed from the FreeBSD Ports
+Collection (ports/security/heimdal), in which case it is installed
+simply as `su'.
+
+The Heimdal port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 6000 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.4 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+In some circumstances, process that have been started by root but have
+given up superuser privileges may be able to invoke `k5su' to regain
+superuser privileges.
+
+IV.  Workaround
+
+Commands to be executed as root are signified by lines starting with
+the `#' character.
+
+[Kerberos 5 in the base system]
+
+Remove the set-user-ID bit from the `k5su' executable by running the
+following command as root:
+
+# chmod u-s /usr/bin/k5su
+
+[Heimdal port]
+
+Remove the set-user-ID bit from the `su' executable by running the
+following command as root:
+
+# chmod u-s /usr/local/bin/su
+
+V.   Solution
+
+[Kerberos 5 in the base system]
+
+NOTE: If the file /usr/bin/k5su does not exist on your system,
+Kerberos 5 is not installed and you do not need to take any action.
+
+Do one of the following:
+
+1) Upgrade your system to 4.4-STABLE or the RELENG_4_4 security
+branch, dated after the respective correction dates.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.4-RELEASE
+and 4.4-STABLE dated prior to the correction date.  It may or may not
+apply to older, unsupported versions of FreeBSD.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:07/k5su.patch
+# fetch ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-02:07/k5su.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/k5su.patch
+# cd /usr/src/kerberos5/lib
+# env MAKE_KERBEROS5=yes make depend
+# env MAKE_KERBEROS5=yes make all install
+# cd /usr/src/kerberos5/usr.bin/k5su
+# env MAKE_KERBEROS5=yes make depend
+# env MAKE_KERBEROS5=yes make all install
+
+[Heimdal port]
+
+Do one of the following:
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/heimdal-0.4e_2.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/heimdal-0.4e_2.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) Download a new port skeleton for the heimdal port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+[Kerberos 5 in the base system]
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/crypto/heimdal/appl/su/su.c
+  HEAD                                                            1.1.1.4
+  RELENG_4                                                    1.1.1.1.2.2
+  RELENG_4_4                                              1.1.1.1.2.1.4.1
+  RELENG_4_3                                              1.1.1.1.2.1.2.1
+- -------------------------------------------------------------------------
+
+[Heimdal port]
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/security/heimdal/Makefile                                      1.46
+ports/security/heimdal/patch-appl::su::su.c                           1.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPXzS0lUuHi5z0oilAQEpXQP9G3KRTXz9IBC+S+VwKwIx6lqZ0omDL8Ec
+8AqhmzGyTxGikBdWL3qSZH3Ab51R9QCAd8JnN08HqrAqduzIzzG7zrmWn7r643zO
+CZQH/w/1n9bwvt4nSqG8h3xwwEKKxtSKJC1/gJSPEafvVyXumOPlrcpdDktwUBHE
+UaE0lGT+43U=
+=v8Mv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:08.exec.asc b/share/security/advisories/FreeBSD-SA-02:08.exec.asc
new file mode 100644
index 0000000000..9239a02f78
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:08.exec.asc
@@ -0,0 +1,196 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:08                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          race condition during exec may allow local root compromise
+
+Category:       core
+Module:         kernel
+Announced:      2002-01-24
+Credits:        Logan Gabriel <gersh@sonn.com>,
+                Robert Watson <rwatson@FreeBSD.org>,
+                Dag-Erling Smørgrav <des@FreeBSD.org>
+Affects:        All released versions of FreeBSD 4.x prior to 4.5-RELEASE.
+                FreeBSD 4.4-STABLE prior to the correction date.
+Corrected:      2002-01-22 17:22:59 UTC (4-STABLE, RELENG_4)
+                2002-01-23 23:05:00 UTC (4.4-RELEASE-p4, RELENG_4_4)
+                2002-01-23 23:05:53 UTC (4.3-RELEASE-p24, RELENG_4_3)
+FreeBSD only:   NO
+
+I.   Background
+
+When a process is started from a set-user-ID or set-group-ID binary,
+it is marked so that attempts to attach to it with debugging hooks
+fail.  To allow such attachments would allow a user to subvert the
+process and gain elevated privileges.
+
+II.  Problem Description
+
+A race condition exists in the FreeBSD exec system call
+implementation.  It is possible for a user to attach a debugger to a
+process while it is exec'ing, but before the kernel has determined
+that the process is set-user-ID or set-group-ID.
+
+All versions of FreeBSD 4.x prior to FreeBSD 4.5-RELEASE are
+vulnerable to this problem.  The problem has been corrected by marking
+processes that have started but not yet completed exec with an
+`in-exec' state.  Attempts to debug a process in the in-exec state
+will fail.
+
+III. Impact
+
+Local users may be able to gain increased privileges on the local
+system.
+
+IV.  Workaround
+
+None.  Do not allow untrusted users to gain access to the local
+system.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your vulnerable FreeBSD system to 4.4-STABLE, or the
+RELENG_4_3 or RELENG_4_4 security branch, dated after the respective
+correction date.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the following location:
+
+[FreeBSD 4.4-STABLE, or RELENG_4_3 and RELENG_4_4 security branches]
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:08/exec.patch
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:08/exec.patch.asc
+
+[FreeBSD 4.3-RELEASE only]
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:08/exec-43R.patch
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:08/exec-43R.patch.asc
+
+b) Verify the detached PGP signature using your PGP utility.
+
+c) Execute the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/patch
+
+Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html
+and reboot the system.
+
+3) FreeBSD 4.4-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.4-RELEASE systems only, and is
+intended for use on systems for which source patching is not practical
+or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+Since this vulnerability involves the FreeBSD kernel which is often
+locally customized on installed systems, a universal binary upgrade
+package is not feasible.  This package includes a patched version of
+the GENERIC kernel which should be suitable for use on many systems.
+Systems requiring a customized kernel must use an alternative
+solution.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-02:08/security-patch-exec-02.08.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-02:08/security-patch-exec-02.08.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-exec-02.08.tgz
+
+The new kernel is named /kernel.GENERIC to avoid conflict with the
+default kernel name (``/kernel'').  To cause the system to boot
+automatically with the new kernel, add the following line to
+/boot/loader.conf:
+
+kernel="/kernel.GENERIC"
+
+and reboot the system to load the new kernel.  The old kernel is still
+available and can be manually loaded in the boot loader in case of
+problems.
+
+VI.  Correction details
+
+The following list contains the $FreeBSD$ revision number of the
+files that were corrected in the FreeBSD source.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/sys/conf/newvers.sh
+  RELENG_4_4                                                1.44.2.17.2.5
+  RELENG_4_3                                               1.44.2.14.2.14
+src/sys/kern/kern_exec.c
+  RELENG_4                                                     1.107.2.13
+  RELENG_4_4                                                1.107.2.8.2.1
+  RELENG_4_3                                                1.107.2.5.2.2
+src/sys/kern/sys_process.c
+  RELENG_4                                                       1.51.2.3
+  RELENG_4_4                                                 1.51.2.1.4.1
+  RELENG_4_3                                                 1.51.2.1.2.1
+src/sys/miscfs/procfs/procfs.h
+  RELENG_4                                                       1.32.2.3
+  RELENG_4_4                                                 1.32.2.2.2.1
+  RELENG_4_3                                                 1.32.2.1.2.2
+src/sys/miscfs/procfs/procfs_ctl.c
+  RELENG_4                                                       1.20.2.2
+  RELENG_4_4                                                 1.20.2.1.4.1
+  RELENG_4_3                                                 1.20.2.1.2.1
+src/sys/miscfs/procfs/procfs_dbregs.c
+  RELENG_4                                                        1.4.2.3
+  RELENG_4_4                                                  1.4.2.2.2.1
+  RELENG_4_3                                                  1.4.2.1.2.1
+src/sys/miscfs/procfs/procfs_fpregs.c
+  RELENG_4                                                       1.11.2.3
+  RELENG_4_4                                                 1.11.2.2.2.1
+  RELENG_4_3                                                 1.11.2.1.2.1
+src/sys/miscfs/procfs/procfs_mem.c
+  RELENG_4                                                       1.46.2.3
+  RELENG_4_4                                                 1.46.2.2.2.1
+  RELENG_4_3                                                 1.46.2.1.2.2
+src/sys/miscfs/procfs/procfs_regs.c
+  RELENG_4                                                       1.10.2.3
+  RELENG_4_4                                                 1.10.2.2.2.1
+  RELENG_4_3                                                 1.10.2.1.2.1
+src/sys/miscfs/procfs/procfs_status.c
+  RELENG_4                                                       1.20.2.4
+  RELENG_4_4                                                 1.20.2.3.4.1
+  RELENG_4_3                                                 1.20.2.3.2.1
+src/sys/miscfs/procfs/procfs_vnops.c
+  RELENG_4                                                       1.76.2.7
+  RELENG_4_4                                                 1.76.2.5.2.1
+  RELENG_4_3                                                 1.76.2.3.2.2
+src/sys/sys/proc.h
+  RELENG_4                                                       1.99.2.6
+  RELENG_4_4                                                 1.99.2.5.4.1
+  RELENG_4_3                                                 1.99.2.5.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-001.txt.asc>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPFCAl1UuHi5z0oilAQGyiQP/V2byHL40v23S1q4PanobNUPhKUQBKsVI
+OCmBowy2r7Ka0GPDFxAko/xeXnZmM9lvZ0PqMdpy5god27txxAtXmvmJjMPc3dRK
+SbJGvfrGSrRMvXR8rrpIOugq0mkMePiXsS8RDAkcAHAXpFF0MVuQfoaQYykn+LiV
+i6D4RvGxGZw=
+=ywM6
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:09.fstatfs.asc b/share/security/advisories/FreeBSD-SA-02:09.fstatfs.asc
new file mode 100644
index 0000000000..2957e4f93c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:09.fstatfs.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:09                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          fstatfs race condition may allow local denial of
+                service via procfs
+
+Category:       core
+Module:         kernel
+Announced:      2002-02-06
+Credits:        Stefan Esser <se@FreeBSD.org>
+Affects:        All released versions of FreeBSD prior to 4.5-RELEASE
+Corrected:      2002-01-07 20:47:34 UTC (RELENG_4)
+                2002-01-17 15:46:46 UTC (RELENG_4_4)
+                2002-01-17 15:47:04 UTC (RELENG_4_3)
+FreeBSD only:   YES
+
+I.   Background
+
+fstatfs() is a function that retrieves filesystem statistics in the
+kernel.  procfs is the process filesystem, which presents a filesystem
+interface to the system process table and associated data.
+
+II.  Problem Description
+
+A race condition existed where a file could be removed between calling
+fstatfs() and the point where the file is accessed causing the file
+descriptor to become invalid.  This may allow unprivileged local users
+to cause a kernel panic.  Currently only the procfs filesystem is
+known to be vulnerable.
+
+III. Impact
+
+On vulnerable FreeBSD systems where procfs is mounted, unprivileged
+local users may be able to cause a kernel panic.
+
+IV.  Workaround
+
+Unmount all instances of the procfs filesystem using the umount(8)
+command by performing the following as root:
+
+# umount -f -a -t procfs
+
+Disable the automatic mounting of all instances of procfs in
+/etc/fstab, remove or comment out the line(s) of the following form:
+
+proc                    /proc           procfs  rw              0       0
+
+Note that unmounting procfs may have a negative impact on the
+operation of the system: under older versions of FreeBSD it is
+required for some aspects of the ps(1) command, and unmounting it may
+also break use of userland inter-process debuggers such as gdb.  Other
+installed binaries including emulated Linux binaries may require access
+to procfs for correct operation.
+
+V.   Solution
+
+1) Upgrade your vulnerable FreeBSD system to 4.5-RELEASE or
+4.5-STABLE, or the RELENG_4_5, RELENG_4_4, or RELENG_4_3 security
+branches dated after their respective correction dates.
+
+2) FreeBSD 4.x systems prior to the correction date:
+
+The following patch has been verified to apply to all FreeBSD 4.x
+releases dated prior to the correction date.  This patch may or may
+not apply to older, unsupported releases of FreeBSD.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:09/fstatfs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:09/fstatfs.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/patch
+
+If procfs is statically compiled into the kernel (i.e. the kernel
+configuration file contains the line 'options PROCFS'), rebuild
+and reinstall your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system with the new kernel for the changes to take effect.
+
+If procfs is dynamically loaded by KLD (use the kldstat command to
+verify whether this is the case) and the system securelevel has not
+been raised, the system can be patched at run-time without
+requiring a reboot by the execution of the following commands after
+patching the source as described above:
+
+# cd /usr/src/sys/modules/procfs
+# make depend && make all install
+# umount -f -a -t procfs
+# kldunload procfs
+# kldload procfs
+# mount -a -t procfs
+
+VI.  Correction details
+
+The following list contains the $FreeBSD$ revision numbers of the
+file that was corrected in the FreeBSD source.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/sys/kern/vfs_syscalls.c
+  HEAD                                                              1.216
+  RELENG_4                                                     1.151.2.13
+  RELENG_4_4                                                1.151.2.9.2.1
+  RELENG_4_3                                                1.151.2.7.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.FreeBSD.org/cgi/query-pr.cgi?pr=32681>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPGFTc1UuHi5z0oilAQGoMgP/REVJNr2Y+khbQAVX1VM+bnySdGxFKDVS
+0niQ7ZrnI/Ffs7Kw0Nf5T82kvL2gFKRKPW1F2bl+A3qwDO2CBq/mKWLPuP+Ha/Id
+oLtLeE446o/Gv6wdYpKzcdzUtPFcAhaPdD8DxSmdXyVjXuIYXgojM4wPgQcf5PVL
+YW7uAAQ2cM0=
+=T2JK
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:10.rsync.asc b/share/security/advisories/FreeBSD-SA-02:10.rsync.asc
new file mode 100644
index 0000000000..d98a530898
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:10.rsync.asc
@@ -0,0 +1,104 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:10                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          rsync port contains remotely exploitable vulnerability
+
+Category:       ports
+Module:         rsync
+Announced:      2002-02-06
+Credits:        Sebastian Krahmer <krahmer@suse.de>
+Affects:        Ports collection prior to the correction date
+Corrected:      2002-01-23 23:32:21 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+rsync is a powerful network file distribution/synchronization utility.
+
+II.  Problem Description
+
+The rsync port, versions prior to rsync-2.5.1_1, is not careful enough
+about reading integers from the network. In several places, signed and
+unsigned numbers are mixed, resulting in erroneous computations of
+buffer offsets.
+
+The rsync port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 6000 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.5 contains the
+corrected version of this port (rsync-2.5.1_1).
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A remote attacker may cause rsync to write NUL bytes onto its stack.
+This can be exploited in order to execute arbitrary code with the
+privileges of the user running rsync.  This is particularly damaging
+for sites running rsync in server mode, although a hostile server may
+also affect rsync clients.
+
+IV.  Workaround
+
+1) Deinstall the rsync ports/packages if you have them installed.
+
+V.   Solution
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/rsync-2.5.1_1.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/net/rsync-2.5.1_1.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available.
+
+3) Download a new port skeleton for the rsync port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz
+
+VI.  Correction details
+
+The following list contains the $FreeBSD$ revision numbers of each
+file that was corrected in the FreeBSD source.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/net/rsync/Makefile                                             1.61
+ports/net/rsync/files/patch-251-secfix                                1.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://rsync.samba.org/>
+<URL:http://www.securityfocus.com/advisories/3826>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPGFAr1UuHi5z0oilAQFwZwP/fssLUKJ8mnaIPZhCj4XYT1rQJStyXnVQ
+kI3OFdHX/xoYTEffohoHAJqHkGfVTeriDOgRhEFy9jCreQwsIevyqEKPnBE4Kotx
+NhdOfLRO+kKndpDj/oqc/rGzm5tuofsg88fw7ZINqZDdQy0OGpbA8mqyB18g1aEL
+DDA6wACcxbA=
+=XnJ+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:11.snmp.asc b/share/security/advisories/FreeBSD-SA-02:11.snmp.asc
new file mode 100644
index 0000000000..eacafe1589
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:11.snmp.asc
@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:11                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          ucd-snmp/net-snmp remotely exploitable vulnerabilities
+
+Category:       ports
+Module:         net-snmp
+Announced:      2002-02-12
+Credits:        OUSPG: Oulu University Secure Programming Group
+                http://www.ee.oulu.fi/research/ouspg/
+Affects:        Ports collection prior to the correction date
+Corrected:      2002-01-21 16:54:50 UTC
+FreeBSD only:   NO
+CERT:           CA-2002-03
+
+I.   Background
+
+The Net-SNMP (previously known as UCD-SNMP) package is a set of Simple
+Network Management Protocol tools, including an agent, library, and
+applications for generating and handling requests and traps.
+
+NOTE: The Net-SNMP port directory is ports/net/net-snmp, but the
+package name is still ucd-snmp.
+
+II.  Problem Description
+
+The Net-SNMP port, versions prior to 4.2.3, contains several remotely
+exploitable vulnerabilities.  The OUSPG has discovered vulnerabilities
+in many SNMPv1 implementations through their `PROTOS - Security
+Testing of Protocol Implementations' project.  The vulnerabilities are
+numerous and affect SNMPv1 request and trap handling in both managers
+and agents.  Please refer to the References section for complete
+details.
+
+The Net-SNMP port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 6000 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.5 does not
+contains this problem.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Although no exploits are known to exist at this time, the
+vulnerabilities may be exploited by a remote attacker in order to
+cause the SNMP agent to execute arbitrary code with superuser
+privileges.  Malicious agents may respond to requests with specially
+constructed replies that cause arbitrary code to be executed by the
+client.  Knowledge of the SNMP community name is unnecessary for such
+exploits to be effective.
+
+
+IV.  Workaround
+
+1) Deinstall the ucd-snmp port/package if you have it installed.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/net/ucd-snmp-4.2.3.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) Download a new port skeleton for the net-snmp port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+
+NOTE: Many other applications utilize the Net-SNMP libraries.  These
+applications may also be vulnerable.  It is recommended that such
+applications be rebuilt after upgrading Net-SNMP.  The following
+command will display applications installed by the FreeBSD ports
+collection that utilize Net-SNMP:
+
+  pkg_info -R ucd-snmp-\*
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/net/net-snmp/Makefile                                          1.59
+ports/net/net-snmp/distinfo                                          1.15
+ports/net/net-snmp/pkg-plist                                         1.18
+ports/net/net-snmp/files/freebsd4.h                             (removed)
+ports/net/net-snmp/files/patch-aclocal.m4                             1.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.cert.org/advisories/CA-2002-03.html>
+<URL:http://www.ee.oulu.fi/research/ouspg/protos/>
+<URL:http://www.kb.cert.org/vuls/id/107186>
+<URL:http://www.kb.cert.org/vuls/id/854306>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCUAwUBPGmij1UuHi5z0oilAQGFQgP4ku0xC5v8hKJBXYbiSXmwVDpHpV6WHIWP
+zuTSiyvKbUX7nKm6c9IMB+5ep2/SGdJXxWos+YZcncv8VgR5i47K1M1dYXwwniRg
+dZMY/a2lL3B8902bHQq4zpR0TrgE7Wp1IhRNAeS8SZw1pnW86pgLsQzIr6WYhpzM
+rgiaaaG+AQ==
+=VdS0
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:12.squid.asc b/share/security/advisories/FreeBSD-SA-02:12.squid.asc
new file mode 100644
index 0000000000..9f709a75a8
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:12.squid.asc
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:12                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          multiple security vulnerabilities in squid port
+
+Category:       ports
+Module:         squid24
+Announced:      2002-02-21
+Credits:        Jouko Pynnonen <jouko@solutions.fi>
+                Henrik Nordstrom <hno@squid-cache.org>
+Affects:        Ports collection prior to the correction date
+Corrected:      2002-02-19 13:46:22 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+The Squid Internet Object Cache is a web proxy/cache.
+
+II.  Problem Description
+
+The following security vulnerabilities are known to exist in versions
+of Squid prior to 2.4-STABLE4 (port version 2.4_8):
+
+1) The optional SNMP monitoring interface suffers from a memory leak.
+The FreeBSD port does not normally include this code, but it can be
+enabled with a compile-time option.
+
+2) A buffer overflow exists in the code charged with parsing the
+authentication portion of FTP URLs.
+
+3) The optional HTCP interface can not be properly disabled at
+run-time.  The FreeBSD port does not normally include this code, but
+it can be enabled with a compile-time option.
+
+The squid port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains thousands of third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.5 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+1) An attacker with the ability to send packets to the Squid SNMP port
+can cause Squid to run out of memory and crash. (NOTE: The FreeBSD
+port does not have SNMP enabled by default.)
+
+2) An authorized user of the squid proxy may submit a specially
+crafted ftp:// request in order to crash the squid process, causing a
+denial of service.  It may also be possible to cause the execution of
+arbitrary code with the privilege level of the squid process, although
+no such exploits are known to exist at this time.
+
+3) Unauthorized users may utilize cache resources by using HTCP.
+(NOTE: The FreeBSD port does not have HTCP enabled by default.)
+
+IV.  Workaround
+
+1) As regards the SNMP issue, the following configuration statement
+will disable the SNMP support altogether:
+
+        snmp_port 0
+
+2) Optionally, set up a firewall rule to block incoming packets to the
+Squid SNMP port (normally, UDP port 3401) from untrusted hosts.
+
+3) For the second vulnerability, deny forwarding of non-anonymous FTP
+URLs by inserting the following rules at the top of squid.conf, prior
+to any http_access allow lines:
+
+        acl non_anonymous_ftp url_regex -i ftp://[^/@]*@
+        http_access deny non_anonymous_ftp
+
+4) No workaround exists for the HTCP issue except to set up a firewall
+rule to block incoming packets to the Squid HTCP port (normally, UDP
+port 4827) from untrusted hosts.
+
+5) Alternatively, deinstall the squid port/package.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/
+   squid-2.4_8.tgz
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/
+   squid-2.4_8.tgz
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available.
+
+3) Download a new port skeleton for the squid port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/www/squid24/Makefile                                           1.87
+ports/www/squid24/distinfo                                           1.63
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.squid-cache.org/Versions/v2/2.4/bugs/>
+<URL:http://www.squid-cache.org/Advisories/SQUID-2002_1.txt>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPHT5kVUuHi5z0oilAQFGvwQAj+u0n0OOsV7hxxkMEgCBaZg/LBJWmOkR
+FwOCxy27eSgSdEqoZcNpZlPM+aFUf6r9bWbg5+S66R+kLb7cMOblgZX69YoU6kn7
+QedUoHyBWYuoNd5pBG1VJmyW4NZrQ4vPOM7bdfddSNxt1YpW5P0NNjPaTTmBe96E
+tZg1bT4hXhM=
+=N1OC
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:13.openssh.asc b/share/security/advisories/FreeBSD-SA-02:13.openssh.asc
new file mode 100644
index 0000000000..f0d44b375d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:13.openssh.asc
@@ -0,0 +1,213 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:13                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          OpenSSH contains exploitable off-by-one bug
+
+Category:       core, ports
+Module:         openssh, ports_openssh, openssh-portable
+Announced:      2002-03-07
+Credits:        Joost Pol <joost@pine.nl>
+Affects:        FreeBSD 4.4-RELEASE, 4.5-RELEASE
+                FreeBSD 4.5-STABLE prior to the correction date
+                openssh port prior to openssh-3.0.2_1
+                openssh-portable port prior to openssh-portable-3.0.2p1_1
+Corrected:      2002-03-06 13:57:54 UTC (RELENG_4)
+                2002-03-07 14:40:56 UTC (RELENG_4_5)
+                2002-03-07 14:40:07 UTC (RELENG_4_4)
+                2002-03-06 13:53:38 UTC (ports/security/openssh)
+                2002-03-06 13:53:39 UTC (ports/security/openssh-portable)
+CVE:            CAN-2002-0083
+FreeBSD only:   NO
+
+I.   Background
+
+OpenSSH is a free version of the SSH protocol suite of network
+connectivity tools.  OpenSSH encrypts all traffic (including
+passwords) to effectively eliminate eavesdropping, connection
+hijacking, and other network-level attacks. Additionally, OpenSSH
+provides a myriad of secure tunneling capabilities, as well as a
+variety of authentication methods. `ssh' is the client application,
+while `sshd' is the server.
+
+II.  Problem Description
+
+OpenSSH multiplexes `channels' over a single TCP connection in order
+to implement X11, TCP, and agent forwarding.  An off-by-one error in
+the code which manages channels can result in a reference to memory
+beyond that allocated for channels.  A malicious client or server may
+be able to influence the contents of the memory so referenced.
+
+III. Impact
+
+An authorized remote user (i.e. a user that can successfully
+authenticate on the target system) may be able to cause sshd to
+execute arbitrary code with superuser privileges.
+
+A malicious server may be able to cause a connecting ssh client to
+execute arbitrary code with the privileges of the client user.
+
+IV.  Workaround
+
+Do one of the following:
+
+1) The FreeBSD malloc implementation can be configured to overwrite
+   or `junk' memory that is returned to the malloc arena.  Due to the
+   details of exploiting this bug, configuring malloc to junk memory
+   will thwart the attack.
+
+   To configure a FreeBSD system to junk memory, execute the following
+   commands as root:
+
+   # ln -fs J /etc/malloc.conf
+
+   Note that this option will degrade system performance.  See the
+   malloc(3) man page for full details on malloc options.
+
+2) Disable the base system sshd by executing the following command as
+   root:
+
+   # kill `cat /var/run/sshd.pid`
+
+   Be sure that sshd is not restarted when the system is restarted
+   by adding the following line to the end of /etc/rc.conf:
+
+   sshd_enable="NO"
+
+   AND
+
+   Deinstall the openssh or openssh-portable ports if you have one of
+   them installed.
+
+V.   Solution
+
+Do one of the following:
+
+[For OpenSSH included in the base system]
+
+1) Upgrade the vulnerable system to 4.4-RELEASEp9, 4.5-RELEASEp2,
+   or 4.5-STABLE after the correction date and rebuild.
+
+2) FreeBSD 4.x systems prior to the correction date:
+
+The following patch has been verified to apply to FreeBSD 4.4-RELEASE,
+4.5-RELEASE, and 4.5-STABLE dated prior to the correction date.  It
+may or may not apply to older, unsupported versions of FreeBSD.
+
+Download the patch and the detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:13/openssh.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/sshd.patch
+# cd /usr/src/secure/lib/libssh
+# make depend && make all
+# cd /usr/src/secure/usr.sbin/sshd
+# make depend && make all install
+# cd /usr/src/secure/usr.bin/ssh
+# make depend && make all install
+
+[For the OpenSSH ports]
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the OpenSSH port.
+
+2) Deinstall the old package and install a new package obtained from
+the following directory:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/
+
+[other platforms]
+Packages are not automatically generated for other platforms at this
+time due to lack of build resources.
+
+3) Download a new port skeleton for the openssh or openssh-portable
+port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+[Base system]
+src/crypto/openssh/channels.c
+  HEAD                                                                1.8
+  RELENG_4                                                    1.1.1.1.2.6
+  RELENG_4_5                                              1.1.1.1.2.5.2.1
+  RELENG_4_4                                              1.1.1.1.2.4.4.1
+src/crypto/openssh/version.h
+  HEAD                                                               1.10
+  RELENG_4                                                    1.1.1.1.2.8
+  RELENG_4_5                                              1.1.1.1.2.7.2.1
+  RELENG_4_4                                              1.1.1.1.2.5.2.2
+src/sys/conf/newvers.sh
+  RELENG_4_5                                                1.44.2.20.2.3
+  RELENG_4_4                                                1.44.2.17.2.8
+
+[Ports]
+ports/security/openssh/Makefile                                      1.81
+ports/security/openssh/files/patch-channels.c                         1.1
+ports/security/openssh-portable/Makefile                             1.21
+ports/security/openssh-portable/files/patch-channels.c                1.1
+- -------------------------------------------------------------------------
+
+Branch                       Version string
+- -------------------------------------------------------------------------
+HEAD                         OpenSSH_2.9 FreeBSD localisations 20020307
+RELENG_4                     OpenSSH_2.9 FreeBSD localisations 20020307
+RELENG_4_5                   OpenSSH_2.9 FreeBSD localisations 20020307
+RELENG_4_4                   OpenSSH_2.3.0 FreeBSD localisations 20020307
+- -------------------------------------------------------------------------
+
+To view the version string of the OpenSSH server, execute the
+following command:
+
+  % /usr/sbin/sshd -\?
+
+The version string is also displayed when a client connects to the
+server.
+
+To view the version string of the OpenSSH client, execute the
+following command:
+
+  % /usr/bin/ssh -V
+
+VII. References
+
+<URL:http://www.pine.nl/advisories/pine-cert-20020301.txt>
+
+The Common Vulnerabilities and Exposures project (cve.mitre.org) has
+assigned the name CAN-2002-0083 to this issue.
+  <URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0083>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPId+x1UuHi5z0oilAQGvpAP+NDgcpdZAo8aB2ptAbbS7h3MzJULCnPlN
+BqnQ+AylR8HTcPt7XduF6Sh8KSpu75Y5uCJcrNvAoF2jmnH3DFa79GY4hEj7VvCl
+DiAzN3bwcTFBAPWSNaCXK6odyqCjumMOL3drgtibuMHZuQSKn5ZOvNKquVSXuaY+
+86MXQwGukUU=
+=csOr
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:14.pam-pgsql.asc b/share/security/advisories/FreeBSD-SA-02:14.pam-pgsql.asc
new file mode 100644
index 0000000000..954d3b69b8
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:14.pam-pgsql.asc
@@ -0,0 +1,103 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:14                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          pam-pgsql port authentication bypass
+
+Category:       ports
+Module:         pam-pgsql
+Announced:      2002-03-12
+Credits:        Jacques A. Vidrine <nectar@FreeBSD.org>
+Affects:        pam-pgsql port prior to pam-pgsql-0.5.2
+Corrected:      2002-01-21 20:06:05 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+pam-pgsql is a PAM module which allows PAM-enabled applications such
+as login(1) to use a PostgreSQL database for user authentication.
+
+II.  Problem Description
+
+The affected versions of the pam-pgsql port contain a vulnerability
+that may allow a remote user to cause arbitrary SQL code to be
+executed.  pam-pgsql constructs a SQL statement to be executed by the
+PostgreSQL server in order to lookup user information, verify user
+passwords, and change user passwords.  The username and password given
+by the user is inserted into the SQL statement without any quoting or
+other safety checks.
+
+The pam-pgsql port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains thousands of third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.4 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A user interacting with a PAM-enabled application may insert arbitrary
+SQL code into the username or password fields during authentication or
+while changing passwords, leading to several exploit opportunities.
+In all versions of the pam-pgsql port prior to 0.5.2, attackers may
+add or change user account records.  In addition, in versions of the
+pam-pgsql port prior to 0.3, attackers may cause pam-pgsql to
+completely bypass password authentication, allowing them to
+authenticate as any user and obtain unauthorized access using the
+PAM-enabled application.  Since common PAM applications include
+login(1) and sshd(8), both local and remote attacks are possible.
+
+IV.  Workaround
+
+1) Deinstall the pam-pgsql port/package if you have it installed.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Download a new port skeleton for the pam-pgsql port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+3) Use the portcheckout utility to automate option (2) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD Ports Collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/security/pam-pgsql/Makefile                                     1.9
+ports/security/pam-pgsql/distinfo                                     1.3
+ports/security/pam-pgsql/pkg-descr                                    1.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+This vulnerability is very similar to previous vulnerabilities
+involving Apache modules and discovered by RUS-CERT.
+<URL:http://cert.uni-stuttgart.de/advisories/apache_auth.php>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCUAwUBPI4OwVUuHi5z0oilAQGXIgP4pJSV/n8+rQG8xj69zvyquOzjaYJW3aP3
+0OvjTDmBh2NsB4y/3bxFzYnZnTH5reDEMtZnznpBGAElvibXesRN1f4NTaPa2mWo
+qpNF9ELBdNtGGqUZy6hm3kLjdgggpzTLP8luvt1tXdR4WRBgI48c8WxYxYd/u3oa
+g/gXHvFK2Q==
+=PWQc
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc b/share/security/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc
new file mode 100644
index 0000000000..965adf2b62
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:15                                           Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          cyrus-sasl library contains format string vulnerability
+
+Category:       ports
+Module:         cyrus-sasl
+Announced:      2002-03-12
+Credits:        Kari Hurtta <hurtta+zz@leija.mh.fmi.fi>
+Affects:        cyrus-sasl port prior to cyrus-sasl-1.5.24_8
+Corrected:      2001-12-09 03:07:36 UTC
+FreeBSD only:   NO
+CVE:            CAN-2001-0869
+
+I.   Background
+
+Cyrus-SASL is an implementation of RFC 2222 SASL (Simple
+Authentication and Security Layer), a method for adding authentication
+support to connection based protocols.
+
+II.  Problem Description
+
+Affected versions of the cyrus-sasl port contain a format string
+vulnerability.  The format string vulnerability occurs during a call
+to the syslog(3) function.
+
+The cyrus-sasl port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains thousands of third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.4 is vulnerable
+to this problem since it was discovered after its release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+Malicious remote users may cause an application using cyrus-sasl to
+execute arbitrary code with the privileges of the process using the
+cyrus-sasl library.  However, there are no known exploits at this
+writing, and the author of cyrus-sasl does not believe that this bug
+is exploitable.  See the `References' section for more information.
+
+If the cyrus-sasl port is not installed, then your system is not
+vulnerable to this problem.  The following command can be used to
+determine whether or not the cyrus-sasl port is installed:
+
+# pkg_info -I cyrus-sasl-\*
+
+IV.  Workaround
+
+Deinstall the cyrus-sasl port if you have installed it.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old port and install a corrected version from the
+following directories.
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+3) Download a new port skeleton for cyrus-sasl from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/security/cyrus-sasl/Makefile                                   1.30
+ports/security/cyrus-sasl/files/patch-lib::common.c                  1.1
+- -------------------------------------------------------------------------
+
+VII.  References
+
+<URL:http://www.securityfocus.com/archive/1/224148>
+<URL:http://www.iss.net/security_center/static/7443.php>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPI4Ox1UuHi5z0oilAQEqfAQAm21BK3iBrye7YKOpNIe4HhWyLx5YyPs+
+AEASVCg9J4n3vp//nhaOlpC9vQgdoBSX/vRDx5GCS8fkkw/l0R/KmTit1Kezahht
+ms4LbcSqjxKzscPBwT3ZJZt166z5JyUXkzVOsGbEG11WMgeH/jQ4oTG/Xk9cGWH9
+r+BCSjm3phw=
+=VRs8
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:16.netscape.asc b/share/security/advisories/FreeBSD-SA-02:16.netscape.asc
new file mode 100644
index 0000000000..cbf41dc1d3
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:16.netscape.asc
@@ -0,0 +1,141 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:16                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          GIF/JPEG comment vulnerability in Netscape
+
+Category:       ports
+Module:         netscape
+Announced:      2002-03-12
+Credits:        Florian Wesch <fw@dividuum.de>
+Affects:        All Netscape ports with versions prior to 4.77
+Corrected:      2001-04-07 16:41:36 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+Netscape Navigator or Communicator is a popular web browser, available
+in several versions in the FreeBSD ports collection.
+
+II.  Problem Description
+
+The GIF89a and JPEG standards permit images to have embedded comments,
+in which any kind of textual data may be stored.
+
+Versions 4.76 and earlier of the Netscape browser will execute
+JavaScript contained in such a comment block, if execution of
+JavaScript is enabled in the configuration of the browser.
+
+The Netscape browser supports a non-standard URL scheme, `about:'.
+Visiting `about:' URLs causes Navigator to display information which
+may be sensitive.  For example, `about:global' gives a listing of
+recently accessed URLs; `about:cache' shows a similar listing, but
+with the time each page was visited and the name of each corresponding
+file in the disk cache; and `about:config' displays the full
+configuration of the browser.
+
+JavaScript executed from the comment block of a maliciously
+constructed image can send information from an `about:' URL back to a
+hostile Web server.
+
+The Netscape ports are not installed by default, nor are they "part of
+FreeBSD" as such: they are part of the FreeBSD ports collection, which
+contains thousands of third-party applications in a ready-to-install
+format.  The ports collection shipped with FreeBSD 4.5 contains some
+Netscape versions which are vulnerable to these problems.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security audit
+of the most security-critical ports.
+
+III. Impact
+
+The browser can be caused to transmit sensitive information to a
+hostile Web server, if JavaScript is enabled and a page on the server
+is visited.
+
+If you have not chosen to install a Netscape port or package, your
+system is not vulnerable to this problem.
+
+IV.  Workarounds
+
+Do one of the following:
+
+1) Deinstall affected Netscape ports or packages, if any are installed.
+
+2) Disable JavaScript.  This can be done interactively by running
+Navigator, going to the Edit menu, choosing Preferences, and changing the
+setting in the Advanced section.
+
+Alternatively, append the line:
+
+user_pref("javascript.enabled", false);
+
+to the $HOME/.netscape/preferences.js of every user.  Users are likely
+to want to re-enable JavaScript, because its use is required by some
+Web sites.  If they do, they could become vulnerable again.
+
+3) Similarly, disable automatic loading of images.  The corresponding
+configuration line is:
+
+user_pref("general.always_load_images", false);
+
+Some Web sites require images.  If users enable automatic loading, or
+if they click the Images button, they could become vulnerable again.
+
+4) Install a filtering proxy, and configure it to block all images
+from untrusted sites.  The www/adzap or www/adzapper ports may be
+suitable.  Doing this will make many Web sites unviewable.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the relevant Netscape
+port, if available.  Netscape binaries for several platforms, including
+FreeBSD/i386, were discontinued before the release of 4.77.
+
+2) Deinstall the old package and install a new package, obtained from the
+following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/
+   linux-netscape-communicator-4.79.tgz
+   linux-netscape-navigator-4.79.tgz
+
+[alpha]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/alpha/packages-4-stable/www/
+   netscape-communicator-4.78.tgz
+
+3) Download a new port skeleton for the Netscape port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+NOTE: Since there are so many variations of the Netscape ports in the
+FreeBSD ports collection they are not listed separately
+here. Localized versions are also available in the respective language
+subdirectory.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+
+VI.  References
+
+<URL:http://www.securityfocus.com/archive/1/175060>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPI4O0lUuHi5z0oilAQHv/AP+PQ4rd6932o1k3UJqc/+a6jdA5rD0LH1g
+GLki733Egvx7K7ChjjBO2mmHCRVsvIBy/dIU1rlX/YM5ncXT4Mpgm34eL6EzhjQq
+CD/733AIw2jEvSICBNeG3W1ytCzj4qBetjkXlj8/wbi/1f27jyj3kW+kVZ9TX20A
+gICIJdL948I=
+=al/K
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:17.mod_frontpage.asc b/share/security/advisories/FreeBSD-SA-02:17.mod_frontpage.asc
new file mode 100644
index 0000000000..80b8a847ea
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:17.mod_frontpage.asc
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:17                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          mod_frontpage port contains exploitable buffer overflow
+
+Category:       ports
+Module:         mod_frontpage
+Announced:      2002-03-12
+Credits:        Martin Blapp <mbr@freebsd.org>
+Affects:        mod_frontpage port prior to version mod_portname-1.6.1
+Corrected:      2002-02-05 16:18:42 2002 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+mod_frontpage is a replacecement for Microsoft's frontpage apache
+patch to support FP extensions. It is installed as a DSO module.
+
+II.  Problem Description
+
+Affected versions of the mod_frontpage port contains several
+exploitable buffer overflows in the fpexec wrapper, which is installed
+setuid root.
+
+The mod_frontpage port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains over 6000 third-party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.5 contains this
+security problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A local attacker may obtain superuser privileges by exploiting the
+buffer overflow bugs in fpexec.
+
+IV.  Workaround
+
+1) Deinstall the mod_frontpage ports/packages if you have them installed.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available.
+
+3) Download a new port skeleton for the mod_frontpage port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+
+VI.  Correction details
+
+The following list contains the $FreeBSD$ revision numbers of each
+file that was corrected in the FreeBSD source.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/www/mod_frontpage/Makefile                                      1.7
+ports/www/mod_frontpage/distinfo                                      1.4
+ports/www/mod_frontpage/files/patch-Makefile.PL                       1.3
+ports/www/mod_frontpage/files/patch-Makefile.in                       1.1
+ports/www/mod_frontpage/files/patch-mod_frontpage.c                   1.4
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPI4O11UuHi5z0oilAQF43wQAlp8eUBSGRLb1ggNxDVwzvB40ZEOWrIB0
+6P3xIvUW6bFXsHgrBm+WuF7evUm8K85hs1QPp4nDUSdgWArxP9izdSXMKsJ0rtkA
+RAeDMgpMOsDoQaKl9ljDVFbf9xs3hTO6S3UsRaRuQeTvcqhsKRZNbUvOVrAULEOG
+GZ6n2CFh+Rk=
+=sCnv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:18.zlib.asc b/share/security/advisories/FreeBSD-SA-02:18.zlib.asc
new file mode 100644
index 0000000000..a74cf7f4aa
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:18.zlib.asc
@@ -0,0 +1,171 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:18                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          zlib double-free
+
+Category:       core, ports
+Module:         zlib
+Announced:      2002-03-18
+Revised:        2002-04-22
+Credits:        Matthias Clasen <maclas@gmx.de>
+                Owen Taylor <otaylor@redhat.com>
+Affects:        All released versions of FreeBSD
+                FreeBSD 4.5-STABLE prior to the correction date
+                Various ports using or including zlib
+Corrected:      2002-02-24 23:12:48 UTC (RELENG_4)
+                2002-02-24 23:22:57 UTC (RELENG_4_5)
+                2002-02-24 23:23:58 UTC (RELENG_4_4)
+                2002-02-24 23:24:46 UTC (RELENG_4_3)
+CVE:            CAN-2002-0059
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-03-18  Initial release
+v1.1  2002-04-18  Corrected ZFREE location in kernel patch
+                  Corrected deflate window size check
+v1.2  2002-04-22  Corrected advisory revision dates.
+
+I.   Background
+
+zlib is a compression library used by numerous applications to provide
+data compression/decompression routines.
+
+II.  Problem Description
+
+A programming error in zlib may cause segments of dynamically
+allocated memory to be released more than once (double-freed).
+If an attacker is able to pass a specially-crafted block of invalid
+compressed data to a program that includes zlib, the program's
+attempt to decompress the crafted data may cause the zlib routines
+to attempt to free memory multiple times.
+
+Unlike some implementations of malloc(3)/free(3), the malloc(3) and
+free(3) routines used in FreeBSD (aka phkmalloc, written by
+Poul-Henning Kamp <phk@FreeBSD.org>), are not vulnerable to this type
+of bug.  From the author:
+
+  Most mallocs keep their housekeeping data right next to the
+  allocated range.  This gives rise to all sorts of unpleassant
+  situations if programs stray outside the dotted line, free(3)
+  things twice or free(3) modified pointers.
+
+  phkmalloc(3) does not store housekeeping next to allocated data,
+  and in particular it has code that detects and complains about
+  exactly this kind of double free.
+
+When attempting to double-free an area of memory, phkmalloc will
+issue a warning:
+
+  progname in free(): error: chunk is already free
+
+and may call abort(3) if the malloc flag 'A' is used.
+
+III. Impact
+
+If an attacker is able to pass a specially-crafted block of invalid
+compressed data to an application that utilizes zlib, the attempt to
+decompress the data may cause incorrect operation of the application,
+including possibly crashing the application.  Also, the malloc
+implementation will issue warnings and, if the `A' malloc option is
+used, cause the application to abort(3).  In short, an attacker may
+cause a denial of service in applications utilizing zlib.
+
+IV.  Workaround
+
+To prevent affected programs from aborting, remove the 'A' from
+the malloc flags.  To check which malloc flags are in use, issue the
+following commands:
+
+# ls -l /etc/malloc.conf
+# echo $MALLOC_OPTIONS
+
+A nonexistent /etc/malloc.conf or MALLOC_OPTIONS environmental variable
+means that no malloc flags are in use.  See the malloc(3) man page for
+more information.
+
+V.   Solution
+
+[FreeBSD 4.x base system]
+
+1) Upgrade your vulnerable system to 4.5-STABLE or to one of the
+RELENG_4_4 or RELENG_4_5 security branches dated after the respective
+correction dates.
+
+2) To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+For FreeBSD 4.x systems that have the previous zlib patch applied:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:18/zlib.v1.1.corrected.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:18/zlib.v1.1.corrected.patch.asc
+
+For FreeBSD 4.x systems that do not have the previous zlib patch
+applied:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:18/zlib.v1.1.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:18/zlib.v1.1.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+This patch has been verified to apply to all FreeBSD 4.x versions.
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# cd lib/libz
+# make depend && make all install
+
+Then rebuild and reinstall your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system with the new kernel for the changes to take effect.
+
+[ports]
+
+Various ports may statically link zlib or contain their own versions
+of zlib that have not been corrected by updating the FreeBSD libz.
+Efforts are underway to identify and correct these ports.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/lib/libz/deflate.c
+  RELENG_4                                                        1.5.2.1
+  RELENG_4_5                                                      1.5.8.1
+  RELENG_4_4                                                      1.5.6.1
+  RELENG_4_3                                                      1.5.4.1
+src/lib/libz/infblock.c
+  RELENG_4                                                    1.1.1.4.6.1
+  RELENG_4_5                                                 1.1.1.4.12.1
+  RELENG_4_4                                                 1.1.1.4.10.1
+  RELENG_4_3                                                  1.1.1.4.8.1
+src/sys/net/zlib.c
+  RELENG_4                                                       1.10.2.3
+  RELENG_4_5                                                     1.10.8.2
+  RELENG_4_4                                                     1.10.6.2
+  RELENG_4_3                                                     1.10.4.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://online.securityfocus.com/archive/1/261205>
+
+The Common Vulnerabilities and Exposures project (cve.mitre.org) has
+assigned the name CAN-2002-0059 to this issue.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPMQkDVUuHi5z0oilAQEWKAP+OT1w4Nilf/mfBjXu9xFPeRRyyKaq8ALX
+Hmm2XQ3plhUsqjFupYxdss5+PuIhT7OiLoc8n+B7n8DjjTtGEK/Ds7/iBlox+b+3
+JhhE4HBbwLDMpQ9VSI36iV4qr7YuNZbpCCrAG85bOIhWQDRdc+IWkdxW4P0flhAm
+42eaFTWtbB4=
+=QAcg
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:19.squid.asc b/share/security/advisories/FreeBSD-SA-02:19.squid.asc
new file mode 100644
index 0000000000..1e3b9e1d4c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:19.squid.asc
@@ -0,0 +1,105 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:19                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          squid heap buffer overflow in DNS handling
+
+Category:       ports
+Module:         squid24
+Announced:      2002-03-26
+Credits:        zen-parse <zen-parse@gmx.net>
+Affects:        squid port prior to version 2.4_9
+Corrected:      2002-03-22 00:19:55 UTC
+FreeBSD only:   NO
+
+I.   Background
+
+The Squid Internet Object Cache is a web proxy/cache.
+
+II.  Problem Description
+
+Incorrect handling of compressed DNS responses could result in a
+heap buffer overflow.
+
+The squid port is not installed by default, nor is it "part of
+FreeBSD" as such: it is part of the FreeBSD ports collection, which
+contains thousands of third- party applications in a ready-to-install
+format. The ports collection shipped with FreeBSD 4.5 contains this
+problem since it was discovered after the release.
+
+FreeBSD makes no claim about the security of these third-party
+applications, although an effort is underway to provide a security
+audit of the most security-critical ports.
+
+III. Impact
+
+A malicious DNS server (or an attacker spoofing a DNS server) could
+respond to DNS requests from squid with a specially crafted answer
+that would trigger the heap buffer overflow bug.  This could crash the
+squid process.  This bug is not known to be exploitable.
+
+IV.  Workaround
+
+1) Deinstall the squid port/package if you have it installed.
+
+V.   Solution
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/www/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/www/
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available.
+
+3) Download a new port skeleton for the squid port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/www/squid24/Makefile                                           1.89
+ports/www/squid24/distinfo                                           1.64
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.squid-cache.org/Advisories/SQUID-2002_2.txt>
+<URL:http://www.squid-cache.org/cgi-bin/cvsweb.cgi/squid/lib/rfc1035.c#rev1.24>
+<URL:http://www.squid-cache.org/cgi-bin/cvsweb.cgi/squid/lib/rfc1035.c#rev1.23>
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPKDNPVUuHi5z0oilAQGQJQP+KfkRVCuIlwzQazMv7K6+KAIAwBkm2EdZ
+lVA2MCnzfxtWW23ZGIRnE6gW2gzzT4C3Ccrkg4llriVCIj4rdQ08UOSqF9JAZBWV
+2RfYdTMUSeHEgYbkn0od9xeGc8zW3VltCH/I3ky/StWmMZv5eH9j6mPBddEeQG/y
+Nuz/Ms0oJrI=
+=m4VV
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:20.syncache.asc b/share/security/advisories/FreeBSD-SA-02:20.syncache.asc
new file mode 100644
index 0000000000..69cb866943
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:20.syncache.asc
@@ -0,0 +1,111 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:20                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          syncache/syncookies denial of service
+
+Category:       core
+Module:         net
+Announced:      2002-04-16
+Credits:        Alan Judge <Alan.Judge@eircom.net>
+                Dima Ruban <dima@FreeBSD.org>
+Affects:        FreeBSD 4.5-RELEASE
+                FreeBSD 4.4-STABLE after 2001-12-14 19:53:01 UTC
+                FreeBSD 4.5-STABLE prior to the correction date
+Corrected:      2002-02-20 16:48:49 UTC (RELENG_4)
+                2002-02-21 16:38:39 UTC (RELENG_4_5, 4.5-RELEASE-p1)
+FreeBSD only:   YES
+
+I.   Background
+
+The SYN cache ("syncache") and SYN cookie mechanism ("syncookie") are
+features of the TCP/IP stack intended to improve resistance to a class
+of denial of service attacks known as SYN floods.
+
+II.  Problem Description
+
+Two related problems with syncache were triggered when syncookies were
+implemented.
+
+1) When a SYN was accepted via a syncookie, it used an uninitialized
+pointer to find the TCP options for the new socket.  This pointer may
+be a null pointer, which will cause the machine to crash.
+
+2) A syncache entry is created when a SYN arrives on a listen socket.
+If the application which created the listen socket was killed and
+restarted --- and therefore recreated the listen socket with a
+different inpcb --- an ACK (or duplicate SYN) which later arrived and
+matched the existing syncache entry would cause a reference to the old
+inpcb pointer.  Depending on the pointer's contents, this might result
+in a system crash.
+
+Because syncache/syncookies support was added prior to the release of
+FreeBSD 4.5-RELEASE, no other releases are affected.
+
+III. Impact
+
+Legitimate TCP/IP traffic may cause the machine to crash.
+
+IV.  Workaround
+
+The first issue described may be worked around by disabling syncookies
+using sysctl.  Issue the following command as root:
+
+  # sysctl -w net.inet.tcp.syncookies=0
+
+However, there is no workaround for the second issue.
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.5-STABLE or the RELENG_4_5
+security branch dated after the respective correction dates.
+
+2) To patch your present system: download the relevant patch from the
+below location, and execute the following commands as root:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:20/syncache.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:20/syncache.patch.asc
+
+This patch has been verified to apply to 4.5-RELEASE only.
+
+Verify the detached PGP signature using your PGP utility.
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch -p < /path/to/patch
+
+Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/sys/conf/newvers.sh
+  RELENG_4_5                                                1.44.2.20.2.2
+src/sys/netinet/tcp_syncache.c
+  RELENG_4                                                        1.5.2.5
+  RELENG_4_5                                                  1.5.2.4.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.FreeBSD.org/cgi/query-pr.cgi?pr=34658>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPLw9nVUuHi5z0oilAQFwpAP9EJludFfmQfMWU4supMdZ1K//qeqgtJVn
+XrEX3TZjqOxRSnlzUUibbO2agnW7yCd8i2Qq0/3KyvMrcS4qSLmcvhQPsZxc26Bx
+Xakz3uvCRIA0XlpJAd/HirsdPHQ94q0JMdnx6C1kW+EMQzM/0KKLpVNsdnFopy0m
+mtPNSZRYgHk=
+=9qwI
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:21.tcpip.asc b/share/security/advisories/FreeBSD-SA-02:21.tcpip.asc
new file mode 100644
index 0000000000..262a6dfe3a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:21.tcpip.asc
@@ -0,0 +1,104 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:21.tcpip                                      Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          routing table memory leak
+
+Category:       core
+Module:         net
+Announced:      2002-04-17
+Credits:        Jayanth Vijayaraghavan <jayanth@FreeBSD.org>
+                Ruslan Ermilov <ru@FreeBSD.org>
+Affects:        FreeBSD 4.5-RELEASE
+                FreeBSD 4-STABLE after 2001-12-07 09:23:11 UTC
+                    and prior to the correction date
+Corrected:      2002-03-22 16:54:19 UTC (RELENG_4)
+                2002-04-15 17:12:08 UTC (RELENG_4_5)
+FreeBSD only:   YES
+
+I.   Background
+
+The TCP/IP stack's routing table records information about how to
+reach various destinations.  The first time a TCP connection is
+established with a particular host, a so-called "cloned route" entry
+for that host is automatically derived from one of the predefined
+routes and added to the table.  Each entry has a reference count that
+indicates how many existing connections use that entry; when the
+reference count reaches zero, the entry is removed from the table.
+
+II.  Problem Description
+
+A bug was introduced into ip_output() wherein the processing of an
+ICMP echo reply message would cause a reference count on a routing
+table entry to never be decremented.  Thus, memory allocated for the
+routing table entry was never deallocated.
+
+III. Impact
+
+This bug could be exploited to effect a remote denial of service
+attack.  An attacker could cause new routing table entries (for
+example, by taking advantage of TCP's route cloning behavior) and
+then utilize this bug to cause the route entry to never be
+deallocated.  In this fashion, the target system's memory can be
+exhausted.
+
+IV.  Workaround
+
+Use a packet filter (see ipf(8) or ipfw(8)) to deny ICMP echo
+messages.
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.5-STABLE, 4.5-RELEASE-p3, or
+the RELENG_4_5 security branch dated after the respective correction
+dates.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[4.5-RELEASE,
+ 4-STABLE between 2001-12-28 10:08:33 UTC and 2002-02-20 14:57:41 UTC]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:21/tcpip.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:21/tcpip.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+sys/netinet/ip_icmp.c
+  RELENG_4                                                      1.39.2.16
+  RELENG_4_5                                                1.39.2.14.2.1
+sys/netinet/ip_mroute.c
+  RELENG_4                                                       1.56.2.4
+  RELENG_4_5                                                 1.56.2.3.2.1
+sys/netinet/ip_output.c
+  RELENG_4                                                      1.99.2.29
+  RELENG_4_5                                                1.99.2.24.2.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPL3IEFUuHi5z0oilAQE56AP/X0tJA/Q0y42JDqxI2A0NRnKyR5YWoH8D
+i3izr0MxMTyPnuWg+uZHZhr/ve2AS2mTfNi7do0Ehdw0U2CEMnPKEVLMqt7kMFmL
+i+ib4HCijb4RWn3WEC6ueO14SQDCB+X9w/yCVEfeHMWd2PrQWtDoCPmurOuQCz4W
+IFu9kJLMhMA=
+=qsYz
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:22.mmap.asc b/share/security/advisories/FreeBSD-SA-02:22.mmap.asc
new file mode 100644
index 0000000000..7c0612ad86
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:22.mmap.asc
@@ -0,0 +1,87 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:22.mmap                                       Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          mmap/msync denial of service
+
+Category:       core
+Module:         net
+Announced:      2002-04-18
+Credits:        Harry Newton <harry_newton@telinco.co.uk>
+                Matt Dillon <dillon@FreeBSD.org>
+Affects:        All releases of FreeBSD up to and including 4.5-RELEASE
+                4.5-STABLE prior to the correction date
+Corrected:      2002-03-08 17:22:20 UTC (RELENG_4)
+                2002-04-15 17:14:28 UTC (RELENG_4_5)
+                2002-04-15 17:18:12 UTC (RELENG_4_4)
+FreeBSD only:   YES
+
+I.   Background
+
+The mmap(2) and msync(2) system calls are part of the memory mapped
+I/O API.
+
+II.  Problem Description
+
+A bug existed in the virtual memory management system involving a
+failure to check for the existence of a VM object during page
+invalidation.  This bug could be triggered by calling msync(2) on an
+anonymous, asynchronous memory map (i.e. created using the mmap flags
+MAP_ANON and MAP_NOSYNC) which had not been accessed previously.
+
+III. Impact
+
+Local users may cause the system to crash.
+
+IV.  Workaround
+
+None.
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the
+RELENG_4_5 (4.5-RELEASE-p3) or RELENG_4_4 (4.4-RELEASE-p10) security
+branches dated after the respective correction dates.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:22/mmap.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:22/mmap.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD ports collection.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+sys/vm/vm_map.c
+  RELENG_4                                                     1.187.2.13
+  RELENG_4_5                                               1.187.2.12.2.1
+  RELENG_4_4                                                1.187.2.9.2.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPL8Rs1UuHi5z0oilAQFlZwP8CUMHSJ7p0ODbcPty+ugWwOTgYeiI9A2K
+P3ezU/PZmEU3Opb864q+J2lhudBUW0NSmVCW4PWdiaPq7Rbhic5QZ7J4eCMPbyKe
+IjSVmSsqvJhjEcHW8i7w0PCe1+hKWWRm1Z2X9SvWNVJqpfkggGdJQMZKNH1lJQN8
+6Dm26nElyww=
+=/H3G
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:23.stdio.asc b/share/security/advisories/FreeBSD-SA-02:23.stdio.asc
new file mode 100644
index 0000000000..d65825bbea
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:23.stdio.asc
@@ -0,0 +1,168 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:23.stdio                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          insecure handling of stdio file descriptors
+
+Category:       core
+Module:         kernel
+Announced:      2002-04-22
+Credits:        Joost Pol <joost@pine.nl>,
+                Georgi Guninski <guninski@guninski.com>
+Affects:        All releases of FreeBSD up to and including 4.6-RELEASE
+                4.6-STABLE prior to the correction date
+Corrected:      2002-07-30 15:40:46 UTC (RELENG_4)
+                2002-07-30 15:42:11 UTC (RELENG_4_6)
+                2002-07-30 15:42:46 UTC (RELENG_4_5)
+                2002-07-30 15:43:17 UTC (RELENG_4_4)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-04-22  Initial release
+v1.1  2002-04-23  Patch and revision numbers updated
+v1.2  2002-07-29  procfs issue; updated patch
+
+I.   Background
+
+By convention, POSIX systems associate file descriptors 0, 1, and 2
+with standard input, standard output, and standard error,
+respectively.  Almost all applications give these stdio file
+descriptors special significance, such as writing error messages to
+standard error (file descriptor 2).
+
+In new processes, all file descriptors are duplicated from the parent
+process.  Unless these descriptors are marked close-on-exec, they
+retain their state during an exec.
+
+All POSIX systems assign file descriptors in sequential order,
+starting with the lowest unused file descriptor.  For example, if a
+newly exec'd process has file descriptors 0 and 1 open, but file
+descriptor 2 closed, and then opens a file, the new file descriptor is
+guaranteed to be 2 (standard error).
+
+II.  Problem Description
+
+Some programs are set-user-id or set-group-id, and therefore run with
+increased privileges.  If such a program is started with some of the
+stdio file descriptors closed, the program may open a file and
+inadvertently associate it with standard input, standard output, or
+standard error.  The program may then read data from or write data to
+the file inappropriately.  If the file is one that the user would
+normally not have privileges to open, this may result in an
+opportunity for privilege escalation.
+
+The original correction for this problem (corresponding to the first
+revision of this advisory) contained an error.  Systems using procfs
+or linprocfs could still be exploited.  The dates for the original,
+incomplete correction were:
+
+Corrected:      2002-04-21 13:06:45 UTC (RELENG_4)
+                2002-04-21 13:08:57 UTC (RELENG_4_5)
+                2002-04-21 13:10:51 UTC (RELENG_4_4)
+
+III. Impact
+
+Local users may gain superuser privileges.  It is known that the
+`keyinit' set-user-id program is exploitable using this method.  There
+may be other programs that are exploitable.
+
+IV.  Workaround
+
+[FreeBSD systems earlier than 4.5-RELEASE-p4 and 4.4-RELEASE-p11]
+
+None.  The set-user-id bit may be removed from `keyinit' using the
+following command, but note that there may be other programs that can
+be exploited.
+
+# chmod 0555 /usr/bin/keyinit
+
+[FreeBSD versions 4.5-RELEASE-p4 or later, 4.4-RELEASE-p11 or later,
+ 4.6-RELEASE, and 4.6-STABLE]
+
+Unmount all instances of the procfs and linprocfs filesystems using
+the umount(8) command:
+
+# umount -f -a -t procfs
+# umount -f -a -t linprocfs
+
+V.   Solution
+
+The kernel was modified to check file descriptors 0, 1, and 2 when
+starting a set-user-ID or set-group-ID executable.  If any of these
+are not in use, they will be redirected to /dev/null.
+
+1) Upgrade your vulnerable system to 4.6-STABLE; or to any of
+the RELENG_4_6 (4.6.1-RELEASE-p1), RELENG_4_5 (4.5-RELEASE-p10), or
+RELENG_4_4 (4.4-RELEASE-p17) security branches dated after the
+respective correction dates.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+
+[FreeBSD systems earlier than 4.5-RELEASE-p4 and 4.4-RELEASE-p11]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.v1.2
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio.patch.v1.2.asc
+
+[FreeBSD versions 4.5-RELEASE-p4 or later, 4.4-RELEASE-p11 or later,
+ 4.6-RELEASE, and 4.6-STABLE]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio2.patch.v1.2
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:23/stdio2.patch.v1.2.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+sys/sys/filedesc.h
+  RELENG_4                                                       1.19.2.4
+  RELENG_4_6                                                     1.19.2.4
+  RELENG_4_5                                                 1.19.2.3.6.1
+  RELENG_4_4                                                 1.19.2.3.4.1
+sys/kern/kern_exec.c
+  RELENG_4                                                     1.107.2.15
+  RELENG_4_6                                               1.107.2.14.2.1
+  RELENG_4_5                                               1.107.2.13.2.2
+  RELENG_4_4                                                1.107.2.8.2.3
+sys/kern/kern_descrip.c
+  RELENG_4                                                      1.81.2.12
+  RELENG_4_6                                                    1.81.2.14
+  RELENG_4_5                                                 1.81.2.9.2.2
+  RELENG_4_4                                                 1.81.2.8.2.2
+sys/conf/newvers.sh
+  RELENG_4_6                                                1.44.2.23.2.6
+  RELENG_4_5                                               1.44.2.20.2.11
+  RELENG_4_4                                               1.44.2.17.2.16
+- -------------------------------------------------------------------------
+
+VII. References
+
+PINE-CERT-20020401 <URL:http://www.pine.nl/advisories/pine-cert-20020401.txt>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPUbXw1UuHi5z0oilAQFgKQP/eOnmHorw/4NVEAEKTQp4+X7Px9p1wUGq
+6OcLH5GuTbbwexd7KbCjbjzNZF7zgz1Qph2v7NQXb+W/ZaW2hEgcoURXkBomVxjl
+61oXu72P35bmgNo7GQ794v/WDHd8FymtBv0kyY/vuZqg6l99tTuwi2ryV1ZszVrh
+w21lAbhkyQo=
+=YGVw
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:24.k5su.asc b/share/security/advisories/FreeBSD-SA-02:24.k5su.asc
new file mode 100644
index 0000000000..27f91befde
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:24.k5su.asc
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:24.k5su                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          k5su utility does not honor `wheel' group
+
+Category:       kerberos5
+Module:         kerberos5/usr.bin/k5su
+Announced:      2002-05-20
+Credits:        jmallet@FreeBSD.org
+Affects:        FreeBSD 4.4-RELEASE
+                FreeBSD 4.5-RELEASE
+                FreeBSD-STABLE prior to the correction date
+Corrected:      2002-05-15 12:51:30 UTC (RELENG_4)
+                2002-05-15 12:56:21 UTC (RELENG_4_5)
+                2002-05-15 13:04:00 UTC (RELENG_4_4)
+FreeBSD only:   YES
+
+I.   Background
+
+The k5su utility is a SU utility similar to su(1), and is used to
+switch privileges after authentication using Kerberos 5 or the local
+passwd(5) file.  k5su is installed as part of the `krb5' distribution,
+or when building from source with MAKE_KERBEROS5 set.  Neither of
+these are default settings.
+
+II.  Problem Description
+
+Historically, the BSD SU utility only allows users who are members
+of group `wheel' (group-ID 0) to obtain superuser
+privileges.  The k5su utility, however, does not honor this convention
+and does not verify group membership if a user has successfully
+authenticated.
+
+k5su also lacks other features of su(1), such as checking for
+password expiration, implementing login classes, and checking
+for the target user's login shell in /etc/shells.
+
+III. Impact
+
+Contrary to the expectations of many BSD system administrators, users
+not in group `wheel' may use k5su to attempt to obtain superuser
+privileges.  Note that this would require knowledge of the root
+account password, or an explicit entry in the Kerberos 5 `.k5login'
+ACL for the root account.
+
+IV.  Solution
+
+Remove the set-user-ID bit from the k5su utility:
+
+# chmod u-s /usr/bin/k5su
+
+This will completely disable k5su.
+
+Sites which wish to use Kerberos 5 authentication for SU and are
+comfortable with its limitations may choose to leave the set-user-ID
+bit enabled.  As of the correction date, FreeBSD (including the
+upcoming 4.6-RELEASE) will install k5su if requested, but the
+set-user-ID bit will not be enabled by default.  See also the
+ENABLE_SUID_K5SU option in make.conf(5).
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/UPDATING
+  RELENG_4                                                      1.73.2.67
+  RELENG_4_5                                               1.73.2.50.2.12
+  RELENG_4_4                                               1.73.2.43.2.12
+src/etc/defaults/make.conf
+  RELENG_4                                                      1.97.2.65
+  RELENG_4_5                                                1.97.2.59.2.1
+  RELENG_4_4                                                1.97.2.58.2.1
+src/kerberos5/usr.bin/k5su/Makefile
+  RELENG_4                                                      1.73.2.67
+  RELENG_4_5                                                1.97.2.59.2.1
+  RELENG_4_4                                                  1.1.2.2.2.1
+src/share/man/man5/make.conf.5
+  RELENG_4                                                      1.12.2.16
+  RELENG_4_5                                                1.12.2.12.2.1
+  RELENG_4_4                                                1.12.2.10.2.1
+- -------------------------------------------------------------------------
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBPOkdtFUuHi5z0oilAQFd1wP8CUxrBx+DJhQZqLpOocpF4yd8IWclz4Uu
+8I8LT5RaWNKMrOt9FB6/jGthRFNqTL72XeDaezxT72IFSUHIpF9wI87aKNVDknPp
+vQxh0Pr8/8EqvOLhvT6Hu/20xKrBZe2bht/lUQ/HxrgriaZteTAMfMYL653xgP5U
+M+0f/mfSm3w=
+=lTOo
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:25.bzip2.asc b/share/security/advisories/FreeBSD-SA-02:25.bzip2.asc
new file mode 100644
index 0000000000..27b4d1ad24
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:25.bzip2.asc
@@ -0,0 +1,294 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:25                                            Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          bzip2 contains multiple security vulnerabilities
+
+Category:       core/ports
+Module:         bzip2
+Announced:      2002-05-20
+Credits:        Volker Schmidt, Philippe Troin
+Affects:        FreeBSD 4.4-RELEASE, FreeBSD 4.5-RELEASE,
+                FreeBSD 4.5-STABLE prior to the correction date.
+                bzip2 port prior to bzip2-1.0.2
+Corrected:      2002-02-18 09:12:53 UTC (4.5-STABLE, RELENG_4)
+                2002-02-23 18:28:09 UTC (4.5-RELEASE-p1, RELENG_4_5)
+                2002-02-23 18:33:18 UTC (4.4-RELEASE-p8, RELENG_4_4)
+                2002-02-22 13:21:22 UTC (bzip2 port)
+FreeBSD only:   NO
+
+I.   Background
+
+bzip2 is an advanced block-sorting file compression utility.
+
+II.  Problem Description
+
+When creating a file during decompression, the bzip2 utility failed
+to use the O_EXCL flag, potentially overwriting files without warning.
+In addition, the bzip2 utility did not securely create new files
+causing a race condition between creating the file and setting the
+correct permissions.
+
+When compressing a file pointed to by a symbolic link, the bzip2
+utility incorrectly stored the permissions of the symbolic link
+instead of the file.  This may result in potentially lax file
+permissions (rwxr-xr-x), causing the decompressed file to be
+world-readable.
+
+bzip2 was incorporated into FreeBSD prior to FreeBSD 4.4-RELEASE.
+Previous versions of FreeBSD did not contain bzip2 and are unaffected
+unless bzip2 was installed from the ports collection or manually by
+the system administrator.
+
+III. Impact
+
+1) Files may be inadvertently overwritten without warning.
+
+2) Due to the race condition between creating files and setting proper
+permissions, a local user may be able to read the contents of files
+regardless of their intended permissions.
+
+3) Decompressed files that were originally pointed to by a symbolic
+link may end up with in incorrect permissions, allowing local users
+to view their contents.
+
+IV.  Workaround
+
+1) Deinstall the bzip2 port/package if you have it installed.
+
+V.   Solution
+
+[FreeBSD 4.4 or 4.5 base system]
+
+1) Upgrade your vulnerable system to 4.5-STABLE or the RELENG_4_4 or
+RELENG_4_5 security branch dated after the respective correction dates.
+
+2) To patch your present system, download the relevant patch from the
+below location, and execute the following commands as root:
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:25/bzip2.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:25/bzip2.patch.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+This patch has been verified to apply to FreeBSD 4.4-RELEASE and
+4.5-RELEASE.
+
+# cd /usr/src
+# patch -p < /path/to/patch
+# cd lib/libbz2
+# make depend && make all install
+# cd ../../usr.bin/bzip2
+# make depend && make all install
+
+3) FreeBSD 4.4-RELEASE and 4.5-RELEASE systems:
+
+An experimental upgrade package is available for users who wish to
+provide testing and feedback on the binary upgrade process.  This
+package may be installed on FreeBSD 4.4-RELEASE and 4.5-RELEASE
+systems only, and is intended for use on systems for which source
+patching is not practical or convenient.
+
+If you use the upgrade package, feedback (positive or negative) to
+security-officer@FreeBSD.org is requested so we can improve the
+process for future advisories.
+
+During the installation procedure, backup copies are made of the files
+which are replaced by the package.  These backup copies will be
+reinstalled if the package is removed, reverting the system to a
+pre-patched state.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-02.25/security-patch-bzip2-02.25.tgz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/packages/SA-02.25/security-patch-bzip2-02.25.tgz.asc
+
+Verify the detached PGP signature using your PGP utility.
+
+# pkg_add security-patch-bzip2-02.25.tgz
+
+[ports]
+
+1) Upgrade your entire ports collection and rebuild the bzip2 port.
+
+2) Deinstall the old package and install a new package dated after the
+correction date, obtained from the following directories:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/archivers/
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/archivers/
+
+[alpha]
+Packages are not automatically generated for the alpha architecture at
+this time due to lack of build resources.
+
+NOTE: It may be several days before updated packages are available. Be
+sure to check the file creation date on the package, because the
+version number of the software has not changed.
+
+3) Download a new port skeleton for the bzip2 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+[Ports collection]
+
+Path                                                             Revision
+- -------------------------------------------------------------------------
+ports/archivers/bzip2/Makefile                                       1.36
+ports/archivers/bzip2/distinfo                                       1.10
+ports/archivers/bzip2/pkg-descr                                       1.5
+ports/archivers/bzip2/pkg-plist                                      1.14
+- -------------------------------------------------------------------------
+
+[Base system]
+
+Branch
+  Path                                                           Revision
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/bzip2/CHANGES                                   1.1.1.1.2.2
+  src/contrib/bzip2/FREEBSD-upgrade                               1.1.2.1
+  src/contrib/bzip2/LICENSE                                   1.1.1.1.2.2
+  src/contrib/bzip2/Makefile                                  1.1.1.1.2.2
+  src/contrib/bzip2/Makefile-libbz2_so                        1.1.1.1.2.2
+  src/contrib/bzip2/README                                    1.1.1.1.2.2
+  src/contrib/bzip2/README.COMPILATION.PROBLEMS               1.1.1.1.2.2
+  src/contrib/bzip2/Y2K_INFO                                  1.1.1.1.2.1
+  src/contrib/bzip2/blocksort.c                               1.1.1.1.2.2
+  src/contrib/bzip2/bzip2.1                                   1.1.1.1.2.2
+  src/contrib/bzip2/bzip2.c                                   1.1.1.1.2.2
+  src/contrib/bzip2/bzip2recover.c                            1.1.1.1.2.2
+  src/contrib/bzip2/bzlib.c                                   1.1.1.1.2.2
+  src/contrib/bzip2/bzlib.h                                   1.1.1.1.2.2
+  src/contrib/bzip2/bzlib_private.h                           1.1.1.1.2.2
+  src/contrib/bzip2/compress.c                                1.1.1.1.2.2
+  src/contrib/bzip2/crctable.c                                1.1.1.1.2.2
+  src/contrib/bzip2/decompress.c                              1.1.1.1.2.2
+  src/contrib/bzip2/dlltest.c                                 1.1.1.1.2.2
+  src/contrib/bzip2/huffman.c                                 1.1.1.1.2.2
+  src/contrib/bzip2/libbz2.def                                1.1.1.1.2.1
+  src/contrib/bzip2/makefile.msc                              1.1.1.1.2.2
+  src/contrib/bzip2/manual.texi                               1.1.1.1.2.2
+  src/contrib/bzip2/randtable.c                               1.1.1.1.2.2
+  src/contrib/bzip2/sample1.bz2.uu                            1.1.1.1.2.2
+  src/contrib/bzip2/sample1.ref.gz.uu                         1.1.1.1.2.2
+  src/contrib/bzip2/sample2.bz2.uu                            1.1.1.1.2.2
+  src/contrib/bzip2/sample2.ref.gz.uu                         1.1.1.1.2.1
+  src/contrib/bzip2/sample3.bz2.uu                            1.1.1.1.2.2
+  src/contrib/bzip2/sample3.ref.gz.uu                         1.1.1.1.2.1
+  src/contrib/bzip2/spewG.c                                   1.1.1.1.2.1
+  src/contrib/bzip2/unzcrash.c                                1.1.1.1.2.1
+  src/contrib/bzip2/words0                                    1.1.1.1.2.1
+  src/contrib/bzip2/words1                                    1.1.1.1.2.1
+  src/contrib/bzip2/words2                                    1.1.1.1.2.1
+  src/contrib/bzip2/words3                                    1.1.1.1.2.2
+RELENG_4_5
+  src/sys/conf/newvers.sh                                   1.44.2.20.2.2
+  src/contrib/bzip2/CHANGES                               1.1.1.1.2.1.4.1
+  src/contrib/bzip2/FREEBSD-upgrade                               1.1.4.1
+  src/contrib/bzip2/LICENSE                               1.1.1.1.2.1.4.1
+  src/contrib/bzip2/Makefile                              1.1.1.1.2.1.4.1
+  src/contrib/bzip2/Makefile-libbz2_so                    1.1.1.1.2.1.4.1
+  src/contrib/bzip2/README                                1.1.1.1.2.1.4.1
+  src/contrib/bzip2/README.COMPILATION.PROBLEMS           1.1.1.1.2.1.4.1
+  src/contrib/bzip2/Y2K_INFO                                  1.1.1.1.2.1
+  src/contrib/bzip2/blocksort.c                           1.1.1.1.2.1.4.1
+  src/contrib/bzip2/bzip2.1                               1.1.1.1.2.1.4.1
+  src/contrib/bzip2/bzip2.c                               1.1.1.1.2.1.4.1
+  src/contrib/bzip2/bzip2recover.c                        1.1.1.1.2.1.4.1
+  src/contrib/bzip2/bzlib.c                               1.1.1.1.2.1.4.1
+  src/contrib/bzip2/bzlib.h                               1.1.1.1.2.1.4.1
+  src/contrib/bzip2/bzlib_private.h                       1.1.1.1.2.1.4.1
+  src/contrib/bzip2/compress.c                            1.1.1.1.2.1.4.1
+  src/contrib/bzip2/crctable.c                            1.1.1.1.2.1.4.1
+  src/contrib/bzip2/decompress.c                          1.1.1.1.2.1.4.1
+  src/contrib/bzip2/dlltest.c                             1.1.1.1.2.1.4.1
+  src/contrib/bzip2/huffman.c                             1.1.1.1.2.1.4.1
+  src/contrib/bzip2/libbz2.def                                1.1.1.1.2.1
+  src/contrib/bzip2/makefile.msc                          1.1.1.1.2.1.4.1
+  src/contrib/bzip2/manual.texi                           1.1.1.1.2.1.4.1
+  src/contrib/bzip2/randtable.c                           1.1.1.1.2.1.4.1
+  src/contrib/bzip2/sample1.bz2.uu                        1.1.1.1.2.1.4.1
+  src/contrib/bzip2/sample1.ref.gz.uu                     1.1.1.1.2.1.4.1
+  src/contrib/bzip2/sample2.bz2.uu                        1.1.1.1.2.1.4.1
+  src/contrib/bzip2/sample2.ref.gz.uu                         1.1.1.1.2.1
+  src/contrib/bzip2/sample3.bz2.uu                        1.1.1.1.2.1.4.1
+  src/contrib/bzip2/sample3.ref.gz.uu                         1.1.1.1.2.1
+  src/contrib/bzip2/spewG.c                                   1.1.1.1.2.1
+  src/contrib/bzip2/unzcrash.c                                1.1.1.1.2.1
+  src/contrib/bzip2/words0                                    1.1.1.1.2.1
+  src/contrib/bzip2/words1                                    1.1.1.1.2.1
+  src/contrib/bzip2/words2                                    1.1.1.1.2.1
+  src/contrib/bzip2/words3                                1.1.1.1.2.1.4.1
+RELENG_4_4
+  src/sys/conf/newvers.sh                                   1.44.2.17.2.7
+  src/contrib/bzip2/CHANGES                               1.1.1.1.2.1.2.1
+  src/contrib/bzip2/FREEBSD-upgrade                               1.1.6.1
+  src/contrib/bzip2/LICENSE                               1.1.1.1.2.1.2.1
+  src/contrib/bzip2/Makefile                              1.1.1.1.2.1.2.1
+  src/contrib/bzip2/Makefile-libbz2_so                    1.1.1.1.2.1.2.1
+  src/contrib/bzip2/README                                1.1.1.1.2.1.2.1
+  src/contrib/bzip2/README.COMPILATION.PROBLEMS           1.1.1.1.2.1.2.1
+  src/contrib/bzip2/Y2K_INFO                                  1.1.1.1.2.1
+  src/contrib/bzip2/blocksort.c                           1.1.1.1.2.1.2.1
+  src/contrib/bzip2/bzip2.1                               1.1.1.1.2.1.2.1
+  src/contrib/bzip2/bzip2.c                               1.1.1.1.2.1.2.1
+  src/contrib/bzip2/bzip2recover.c                        1.1.1.1.2.1.2.1
+  src/contrib/bzip2/bzlib.c                               1.1.1.1.2.1.2.1
+  src/contrib/bzip2/bzlib.h                               1.1.1.1.2.1.2.1
+  src/contrib/bzip2/bzlib_private.h                       1.1.1.1.2.1.2.1
+  src/contrib/bzip2/compress.c                            1.1.1.1.2.1.2.1
+  src/contrib/bzip2/crctable.c                            1.1.1.1.2.1.2.1
+  src/contrib/bzip2/decompress.c                          1.1.1.1.2.1.2.1
+  src/contrib/bzip2/dlltest.c                             1.1.1.1.2.1.2.1
+  src/contrib/bzip2/huffman.c                             1.1.1.1.2.1.2.1
+  src/contrib/bzip2/libbz2.def                                1.1.1.1.2.1
+  src/contrib/bzip2/makefile.msc                          1.1.1.1.2.1.2.1
+  src/contrib/bzip2/manual.texi                           1.1.1.1.2.1.2.1
+  src/contrib/bzip2/randtable.c                           1.1.1.1.2.1.2.1
+  src/contrib/bzip2/sample1.bz2.uu                        1.1.1.1.2.1.2.1
+  src/contrib/bzip2/sample1.ref.gz.uu                     1.1.1.1.2.1.2.1
+  src/contrib/bzip2/sample2.bz2.uu                        1.1.1.1.2.1.2.1
+  src/contrib/bzip2/sample2.ref.gz.uu                         1.1.1.1.2.1
+  src/contrib/bzip2/sample3.bz2.uu                        1.1.1.1.2.1.2.1
+  src/contrib/bzip2/sample3.ref.gz.uu                         1.1.1.1.2.1
+  src/contrib/bzip2/spewG.c                                   1.1.1.1.2.1
+  src/contrib/bzip2/unzcrash.c                                1.1.1.1.2.1
+  src/contrib/bzip2/words0                                    1.1.1.1.2.1
+  src/contrib/bzip2/words1                                    1.1.1.1.2.1
+  src/contrib/bzip2/words2                                    1.1.1.1.2.1
+  src/contrib/bzip2/words3                                1.1.1.1.2.1.2.1
+- -------------------------------------------------------------------------
+
+All files in src/contrib/bzip2 have identical revision numbers on
+their respective branches but do not contain the revision number in
+the source code.
+
+VII. References
+
+<URL:ftp://sources.redhat.com/pub/bzip2/docs/CHANGES>
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBPOkduVUuHi5z0oilAQHJtAP/ZoPk981NwyoAzX+BlL9EM0JAl9bYBSmp
+lgoSORQhK2Cu5DxqOt1J1GIu3748qrAU4+YkZ5JkucA6UgzDFd+mLcQbE57qrDCs
+rweqLHipm/fjQ8MXFbs5O2ZlrAPTauAiBYk60OtHEoYe5SE70By4zy8o0jzoKo8H
+5dXKGYTnve0=
+=UUGE
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:26.accept.asc b/share/security/advisories/FreeBSD-SA-02:26.accept.asc
new file mode 100644
index 0000000000..10e3c918ca
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:26.accept.asc
@@ -0,0 +1,126 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:26.accept                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Remote denial-of-service when using accept filters
+
+Category:       core
+Module:         kernel
+Announced:      2002-05-29
+Credits:        Mike Silbersack <silby@FreeBSD.org>
+Affects:        FreeBSD 4.5-RELEASE
+                FreeBSD 4-STABLE after 2001-11-22 and prior to the
+                  correction date
+Corrected:      2002-05-21 18:03:16 UTC (RELENG_4)
+                2002-05-28 18:27:55 UTC (RELENG_4_5)
+FreeBSD only:   YES
+
+I.   Background
+
+FreeBSD features an accept_filter(9) mechanism which allows an
+application to request that the kernel pre-process incoming connections.
+For example, the accf_http(9) accept filter prevents accept(2) from
+returning until a full HTTP request has been buffered.
+
+No accept filters are enabled by default.  A system administrator must
+either compile the FreeBSD kernel with a particular accept filter
+option (such as ACCEPT_FILTER_HTTP) or load the filter using
+kldload(8) in order to utilize accept filters.
+
+II.  Problem Description
+
+In the process of adding a syncache to FreeBSD, mechanisms to remove
+entries from the incomplete listen queue were removed, as only sockets
+undergoing accept filtering now use the incomplete queue.
+
+III. Impact
+
+By simply connecting to a socket using accept filtering and holding a
+few hundred sockets open (~190 with the default backlog value), one
+may deny access to a service.  In addition to malicious users, this
+affect has also been reported to be caused by worms such as Code Red
+which generate URLs that do not meet the http accept filter's
+criteria.
+
+Systems are not affected by this bug unless they have enabled accept
+filters in the kernel and are utilizing an application configured to
+take advantage of this feature.  Apache (versions 1.3.14 and later) is
+the only application known to utilize accept filters by default.
+
+IV.  Workaround
+
+Do not use accept filters.  If you have enabled the ACCEPT_FILTER_DATA
+or ACCEPT_FILTER_HTTP options in your kernel, remove these options and
+recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.  If you have loaded one of the kernel accept filters by using
+kldload(8), then you must modify your startup scripts not to load
+these modules and reboot your system.  You may list loaded kernel
+modules by using kldstat(8).  If loaded, the HTTP accept filter will
+be listed as `accf_http.ko', and the Data accept filter will be listed
+as `accf_data.ko'.
+
+For affected versions of Apache, accept filters may be disabled either
+by adding the directive ``AcceptFilter off'' to your configuration
+file, or via a compile-time option, depending upon the version.
+Please see the Apache documentation for details.
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.5-STABLE; or to the RELENG_4_5
+(4.5-RELEASE-p6) security branch dated after the respective correction
+dates.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.5-RELEASE
+and 4.5-STABLE systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:26/accept.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:26/accept.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/sys/kern/uipc_socket.c
+  RELENG_4                                                      1.68.2.21
+  RELENG_4_5                                                1.68.2.17.2.1
+src/sys/kern/uipc_socket2.c
+  RELENG_4                                                      1.55.2.15
+  RELENG_4_5                                                1.55.2.10.2.1
+src/sys/conf/newvers.sh
+  RELENG_4_5                                                1.44.2.20.2.7
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/uipc_socket.c?rev=1.116&content-type=text/x-cvsweb-markup>
+<URL:http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/kern/uipc_socket2.c?rev=1.87&content-type=text/x-cvsweb-markup>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPPUCC1UuHi5z0oilAQFApAP6ApvgOydr72UHKHXiRZnGxiwBhpyVE+mH
+5xdDP45s0GaUChA7GLbpv0hLL5syNPMavo7ygRuqD6pHFA0xpVn3hUXtLh09dhwS
+YTDWrC2VL9QJmFWIxMNzo0OXD1uDBrlGEk3Ew0jWT2ewe46QW1czpPYCeGg4Bx+i
++FzEQ9V4D8k=
+=W+BP
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:27.rc.asc b/share/security/advisories/FreeBSD-SA-02:27.rc.asc
new file mode 100644
index 0000000000..72badd7638
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:27.rc.asc
@@ -0,0 +1,107 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:27.rc                                         Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          rc uses file globbing dangerously
+
+Category:       core
+Module:         rc
+Announced:      2002-05-29
+Credits:        lumpy <lumpy@the.whole.net>
+Affects:        FreeBSD 4.4-RELEASE
+                FreeBSD 4.5-RELEASE
+                FreeBSD 4-STABLE prior to the correction date
+Corrected:      2002-05-09 17:39:01 UTC (RELENG_4)
+                2002-05-09 17:40:27 UTC (RELENG_4_5)
+                2002-05-09 17:41:05 UTC (RELENG_4_4)
+FreeBSD only:   YES
+
+I.   Background
+
+rc is the system startup script (/etc/rc).  It is run when the FreeBSD
+is booted multi-user, and performs a multitude of tasks to bring the
+system up.  One of these tasks is to remove lock files left by X
+Windows, as their existence could prevent one from restarting the X
+Windows server.
+
+II.  Problem Description
+
+When removing X Windows lock files, rc uses the rm(1) command and
+shell globbing:
+
+   rm -f /tmp/.X*-lock /tmp/.X11-unix/*
+
+Since /tmp is a world-writable directory, a user may create
+/tmp/.X11-unix as a symbolic link to an arbitrary directory.  The next
+time that rc is run (i.e. the next time the system is booted), rc will
+then remove all of the files in that directory.
+
+III. Impact
+
+Users may remove the contents of arbitrary directories if the
+/tmp/.X11-unix directory does not already exist and the system can
+be enticed to reboot (or the user can wait until the next system
+maintenance window).
+
+IV.  Workaround
+
+Find and remove or comment-out the following line in /etc/rc:
+
+   rm -f /tmp/.X*-lock /tmp/.X11-unix/*
+
+The following command executed as root will do this:
+
+   /bin/sh -c 'echo -e "/.X11-unix/s/^/#/\nw\nq\n" | /bin/ed -s /etc/rc'
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.5-STABLE; or to either of the
+RELENG_4_5 (4.5-RELEASE-p6) or RELENG_4_4 (4.4-RELEASE-p13) security
+branches dated after the respective correction dates.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:27/rc.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:27/rc.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Install the new rc script:
+
+# cd /usr/src/etc
+# install -c -o root -g wheel -m 644 rc /etc/rc
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/etc/rc
+  RELENG_4                                                     1.212.2.50
+  RELENG_4_5                                               1.212.2.38.2.1
+  RELENG_4_4                                               1.212.2.34.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.freebsd.org/cgi/cvsweb.cgi/src/etc/rc?rev=1.312&content-type=text/x-cvsweb-markup>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPPUdKVUuHi5z0oilAQExLgP/boRbYHYXHXBC9YW1sf6FFFwhaY5iOYeZ
+1JAHA+CZGyOas4RPgIBN6zxVPRX70KOdREp9flkgVvdOvODljk6k6TUjqE4xwTj9
+wi0yS81Hp04uQfx+PwJSLdFvKIR/gr/TMWn1f1KD2Vy3nzZh6IAuCdzcg0z9AKlc
+OQf5FWVpn8s=
+=NaDG
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:28.resolv.asc b/share/security/advisories/FreeBSD-SA-02:28.resolv.asc
new file mode 100644
index 0000000000..a4c50b636a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:28.resolv.asc
@@ -0,0 +1,126 @@
+=============================================================================
+FreeBSD-SA-02:28.resolv                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          buffer overflow in resolver
+
+Category:       core
+Module:         libc
+Announced:      2002-06-26
+Credits:        Joost Pol <joost@pine.nl>
+Affects:        All releases prior to and including 4.6-RELEASE
+Corrected:      2002-06-26 06:34:18 UTC (RELENG_4)
+                2002-06-26 08:44:24 UTC (RELENG_4_6)
+                2002-06-26 18:53:20 UTC (RELENG_4_5)
+                2002-06-26 21:43:44 UTC (RELENG_4_4)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-06-26  Initial release
+v1.1  2002-06-XX  Add RELENG_4_4 update and workaround
+
+I.   Background
+
+The resolver implements functions for making, sending and interpreting
+query and reply messages with Internet domain name servers.
+Hostnames, IP addresses, and other information are queried using the
+resolver.
+
+II.  Problem Description
+
+DNS messages have specific byte alignment requirements, resulting in
+padding in messages.  In a few instances in the resolver code, this
+padding is not taken into account when computing available buffer
+space.  As a result, the parsing of a DNS message may result in a
+buffer overrun of up to a few bytes for each record included in the
+message.
+
+III. Impact
+
+An attacker (either a malicious domain name server or an agent that
+can spoof DNS messages) may produce a specially crafted DNS message
+that will exploit this bug when parsed by an application using the
+resolver.  It may be possible for such an exploit to result in the
+execution of arbitrary code with the privileges of the resolver-using
+application.  Though no exploits are known to exist today, since
+practically all Internet applications utilize the resolver, the
+severity of this issue is high.
+
+IV.  Workaround
+
+By using a local caching nameserver that reconstructs all DNS responses,
+such as BIND 9, any badly formed DNS responses may be `filtered out',
+including malicious ones.  Note that the name server must be run locally
+on the same host as the resolver-using application, or other measures
+must be taken to ensure the integrity of communications between the
+name server and the application.  Failure to do so may allow the
+possibility of spoofed DNS responses which bypass the name server.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6,
+RELENG_4_5, or RELENG_4_4 security branch dated after the correction 
+date (4.6-RELEASE-p1, 4.5-RELEASE-p7, or 4.4-RELEASE-p14).
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.5,
+FreeBSD 4.4, and FreeBSD 4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:28/resolv.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating systems as described in
+<URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
+
+Note that any statically linked applications that are not part of
+the base system (i.e. from the Ports Collection or other 3rd-party
+sources) must be recompiled.
+
+All affected applications must be restarted for them to use the
+corrected library.  Though not required, rebooting may be the easiest
+way to accomplish this.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/lib/libc/net/gethostbydns.c
+  RELENG_4                                                       1.27.2.2
+  RELENG_4_6                                                    1.27.10.1
+  RELENG_4_5                                                     1.27.8.1
+  RELENG_4_4                                                     1.27.6.1
+src/lib/libc/net/getnetbydns.c
+  RELENG_4                                                       1.13.2.2
+  RELENG_4_6                                                 1.13.2.1.8.1
+  RELENG_4_5                                                 1.13.2.1.6.1
+  RELENG_4_4                                                 1.13.2.1.4.1
+src/lib/libc/net/name6.c
+  RELENG_4                                                        1.6.2.6
+  RELENG_4_6                                                  1.6.2.5.8.1
+  RELENG_4_5                                                  1.6.2.5.6.1
+  RELENG_4_4                                                  1.6.2.5.4.1
+src/sys/conf/newvers.sh
+  RELENG_4_6                                                1.44.2.23.2.2
+  RELENG_4_5                                                1.44.2.20.2.8
+  RELENG_4_4                                               1.44.2.17.2.13
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.pine.nl/advisories/pine-cert-20020601.html>
diff --git a/share/security/advisories/FreeBSD-SA-02:29.tcpdump.asc b/share/security/advisories/FreeBSD-SA-02:29.tcpdump.asc
new file mode 100644
index 0000000000..d432bcd3f6
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:29.tcpdump.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:29                                            Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Buffer overflow in tcpdump when handling NFS packets
+
+Category:       contrib
+Module:         tcpdump
+Announced:      2002-07-12
+Credits:        dwmw2@redhat.com
+Affects:        All releases prior to and including 4.6-RELEASE
+                FreeBSD 4.6-STABLE prior to the correction date
+Corrected:      2002-07-05 13:24:57 UTC (RELENG_4)
+                2002-07-12 13:29:47 UTC (RELENG_4_6)
+                2002-07-12 13:31:10 UTC (RELENG_4_5)
+                2002-07-12 13:31:44 UTC (RELENG_4_4)
+FreeBSD only:   NO
+
+I.   Background
+
+The tcpdump utility is used to capture and examining network traffic.
+
+II.  Problem Description
+
+Versions of tcpdump up to and including 3.7.1 contain a buffer
+overflow that may be triggered by badly formed NFS packets, and
+possibly other types of packets.
+
+III. Impact
+
+It is not currently known whether this buffer overflow is exploitable.
+If it were, an attacker could inject specially crafted packets into
+the network which, when processed by tcpdump, could lead to arbitrary
+code execution with the privileges of the user running tcpdump
+(typically `root').
+
+IV.  Workaround
+
+There is no workaround, other than not using tcpdump.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6,
+RELENG_4_5, or RELENG_4_4 security branch dated after the correction
+date (4.6-RELEASE-p2, 4.5-RELEASE-p8, or 4.4-RELEASE-p15).
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.4, 4.5, and
+4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:29/tcpdump.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:29/tcpdump.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/tcpdump
+# make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/contrib/tcpdump/interface.h
+  RELENG_4                                                        1.4.2.3
+  RELENG_4_6                                                  1.4.2.1.6.1
+  RELENG_4_5                                                  1.4.2.1.4.1
+  RELENG_4_4                                                  1.4.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://rhn.redhat.com/errata/RHSA-2002-094.html>
+<URL:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=55145>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPS8+yFUuHi5z0oilAQGEaAQApQpuobpvrYILjiJh9Zvfnupop9aDuQ/G
+9RvnGVv0ZXrKtD8aRiP3JrjouGvZm9WLqXsXlnf0wmTXdWWg5ibjuJK/gDtdiqjA
+iuZvq5Rx+IKD33pZpAocg74zIv3nDYv1S+3ndJXtYcSFw7EnC4QHu3mFrZK81RcQ
+6LpcUuxVTl8=
+=hQ/2
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:30.ktrace.asc b/share/security/advisories/FreeBSD-SA-02:30.ktrace.asc
new file mode 100644
index 0000000000..ace9bb5170
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:30.ktrace.asc
@@ -0,0 +1,98 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:30                                            Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Users may trace previously privileged processes
+
+Category:       core
+Module:         ktrace
+Announced:      2002-07-12
+Credits:        Theo DeRaadt <deraadt@OpenBSD.org>
+                Darren Reed <darrenr@FreeBSD.org>
+Affects:        All releases prior to and including 4.6-RELEASE
+                FreeBSD 4.6-STABLE prior to the correction date
+Corrected:      2002-07-05 22:36:38 UTC (RELENG_4)
+                2002-07-11 16:47:41 UTC (RELENG_4_6)
+                2002-07-11 16:47:55 UTC (RELENG_4_5)
+                2002-07-11 16:56:05 UTC (RELENG_4_4)
+FreeBSD only:   NO
+
+I.   Background
+
+The ktrace utility is a debugging tool that allows users to trace
+system calls, I/O, and file system lookup operations executed by or on
+behalf of a process and its children.  Since this could potentially
+reveal sensitive information, the kernel will normally only allow a
+user to trace his or her own processes, and will immediately stop
+tracing a process that gains special privileges, for instance by
+executing a setuid or setgid binary.  The ktrace utility depends on
+the KTRACE kernel option, which is enabled by default.
+
+II.  Problem Description
+
+If a process that had special privileges were to abandon them, it
+would become possible for the owner of that process to trace it.
+However, that process might still possess and / or communicate
+sensitive information that it had obtained before abandoning its
+privileges, which would then be revealed to the tracing user.
+
+III. Impact
+
+In theory, local users on systems where ktrace is enabled through
+the KTRACE kernel option might obtain sensitive information, such
+as password files or authentication keys.  No specific utility is
+currently known to be vulnerable to this particular problem.
+
+IV.  Workaround
+
+Recompile the kernel without the KTRACE option, and reboot.
+
+V.   Solution
+
+The following patch has been verified to apply to FreeBSD 4.4, 4.5, and
+4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:30/ktrace.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:30/ktrace.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/sys/kern/kern_ktrace.c
+  RELENG_4                                                       1.35.2.6
+  RELENG_4_6                                                 1.35.2.5.4.1
+  RELENG_4_5                                                 1.35.2.5.2.1
+  RELENG_4_4                                                 1.35.2.4.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.openbsd.org/errata.html#ktrace>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPS8+qFUuHi5z0oilAQH+XwQAlGxDecckzp1md5S3S3JfLSkvI3vMHzTw
+nezUkanQ+2M65kj3QUzDnhv+jR0KpgAXCfMIVFUekb+rO8fbxbVygyWZH3T501F/
+5nhoNGwkbTVdjY9x34dSOvVJHNUZ0zn9Y+aQiC5msK4ZyI2GFdrH/Kfa1Ubh7H6z
+w1/J3NNJ5Bs=
+=z5iy
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:31.openssh.asc b/share/security/advisories/FreeBSD-SA-02:31.openssh.asc
new file mode 100644
index 0000000000..8eb784f2fd
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:31.openssh.asc
@@ -0,0 +1,79 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:31                                            Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          openssh contains remote vulnerability
+
+Category:       core
+Module:         OpenSSH
+Announced:      2002-07-15
+Credits:        ISS X-Force <xforce@ISS.net>
+                Theo DeRaadt <deraadt@OpenBSD.org>
+Affects:        FreeBSD-CURRENT between 2002-03-18 and 2002-06-25
+Corrected:      2002-06-25 19:10:07 (HEAD)
+FreeBSD only:   NO
+
+I.   Background
+
+OpenSSH is a free implementation of the SSH protocol suite, and
+provides encrypted and authenticated remote login, file transfer and
+command execution.
+
+II.  Problem Description
+
+SSH clients and servers communicate by exchanging discrete messages
+with a variable number of parameters.  Due to the lack of sufficient
+integrity checks in a portion of the server code responsible for
+handling incoming SSH2_MSG_USERAUTH_INFO_RESPONSE messages, it was
+possible for a malicious client to send a message that would cause the
+server to overwrite portions of its memory with client-provided data.
+
+III. Impact
+
+An remote attacker using an SSH client modified to send carefully
+crafted SSH2_MSG_USERAUTH_INFO_RESPONSE to the server could obtain
+superuser privileges on the server.
+
+Please note that this problem only affects FreeBSD-CURRENT.  No
+versions of FreeBSD-STABLE are or were ever vulnerable to this bug.
+
+IV.  Workaround
+
+Do one of the following:
+
+1) Disable SSH entirely.
+
+2) Use a firewall to block incoming SSH connections from untrusted
+   hosts.
+
+3) Add the following line to /etc/ssh/sshd_config, and restart sshd.
+
+ChallengeResponseAuthentication no
+
+   Note that this will prevent the use of OPIE and similar challenge-
+   based authentication methods with SSH.
+
+V.   Solution
+
+Update your system to the latest -CURRENT.
+
+VI.  Correction details
+
+No correction details are provided in this advisory.
+
+VII. References
+
+<URL:http://www.openssh.com/txt/preauth.adv>
+<URL:http://www.iss.net/security_center/static/9169.php>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBPTLiBVUuHi5z0oilAQFNAwQAoF1azTbsIiUc9O2VvIah+ueT5N3//qgf
+ka+t5I5FtL8wFDKJXXf3JWx9lqf+JkscrL4SpMyY/OmL2wagvUeVHan+pE9dXRnK
+YzFjdD8hP3GMiC1g0Dvwg9StoBs8kx+qP8dascS87Ql2QYo7aYcq6aageLSoy4Nj
+iRHaJB2gZP8=
+=nSnf
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:32.pppd.asc b/share/security/advisories/FreeBSD-SA-02:32.pppd.asc
new file mode 100644
index 0000000000..9760f4754b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:32.pppd.asc
@@ -0,0 +1,109 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:32.pppd                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          exploitable race condition in pppd
+
+Category:       core
+Module:         pppd
+Announced:      2002-07-31
+Credits:        Sebastian Krahmer <krahmer@suse.de>
+Affects:        All releases of FreeBSD up to and including 4.6.1-RELEASE-p1
+Corrected:      2002-07-30 03:50:40 UTC (RELENG_4)
+                2002-07-30 19:15:52 UTC (RELENG_4_6)
+                2002-07-30 19:16:46 UTC (RELENG_4_5)
+                2002-07-30 19:17:27 UTC (RELENG_4_4)
+FreeBSD only:   NO
+
+I.   Background
+
+FreeBSD ships with several implementations of the Point-to-Point
+Protocol (PPP).  The pppd program is one of these implementations.  It
+provides basic support for negotiating a link, while encapsulation is
+done by driver code in the kernel.
+
+II.  Problem Description
+
+A race condition exists in the pppd program that may be exploited
+in order to change the permissions of an arbitrary file.  The file
+specified as the tty device is opened by pppd, and the permissions
+are recorded.  If pppd fails to initialize the tty device in some way
+(such as a failure of tcgetattr(3)), then pppd will then attempt to
+restore the original permissions by calling chmod(2).  The call to
+chmod(2) is subject to a symlink race, so that the permissions may
+`restored' on some other file.
+
+Note that the pppd program is installed set-user-ID to root, so that
+any file's permissions may be changed in this fashion.
+
+III. Impact
+
+A malicious local user may exploit the race condition to acquire write
+permissions to a critical system file, such as /etc/crontab, and
+leverage the situation to acquire escalated privileges.
+
+In FreeBSD 4.4-RELEASE and later, the local user must be in group
+`dialer' in order to run pppd and attempt to exploit this race.
+
+IV.  Workaround
+
+Remove the set-user-ID bit from pppd by executing the following
+command as root:
+
+# chmod u-s /usr/sbin/pppd
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6,
+RELENG_4_5, or RELENG_4_4 security branch dated after the correction
+date (4.6.1-RELEASE-p2, 4.5-RELEASE-p11, or 4.4-RELEASE-p18).
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.4, 4.5,
+and 4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:32/pppd.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/pppd
+# make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+usr.sbin/pppd/main.c
+  RELENG_4                                                       1.19.2.1
+  RELENG_4_6                                                    1.19.10.1
+  RELENG_4_5                                                     1.19.8.1
+  RELENG_4_4                                                     1.19.6.1
+sys/conf/newvers.sh
+  RELENG_4_6                                                1.44.2.23.2.7
+  RELENG_4_5                                               1.44.2.20.2.12
+  RELENG_4_4                                               1.44.2.17.2.17
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPUfQ4VUuHi5z0oilAQGaYwP/djtLXxRveB2xDy54hACNSArKnfAbEwEP
+PisB8Er2Zl4CmwnKx3BO8zWoV+nb7afcWGoy2eU14b/sXTLpInpx+823J8nP3BUK
+bsUInanuFxX6LfSTbzjRT+8wxxXKO4oarPFfxfVis09ekjO+FqTtm2pAV13ug/+s
+Wrb8IG4YYVA=
+=tfMD
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:33.openssl.asc b/share/security/advisories/FreeBSD-SA-02:33.openssl.asc
new file mode 100644
index 0000000000..7c223bc076
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:33.openssl.asc
@@ -0,0 +1,2018 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:33.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          openssl contains multiple vulnerabilities
+
+Category:       core
+Module:         crypto/openssl
+Announced:      2002-08-05
+Credits:        A.L. Digital Ltd
+                The Bunker <URL:http://www.thebunker.net/>
+                The OpenSSL Project <URL:http://www.openssl.org/>
+                Adi Stav <stav@mercury.co.il>
+                James Yonan <jim@ntlp.com>
+                Dr. Stephen Henson
+                Neohapsis <URL:http://www.neohapsis.com/>
+Affects:        All releases of FreeBSD up to and including 4.6.1-RELEASE-p9
+Corrected:      2002-08-05 16:27:52 UTC (RELENG_4)
+                2002-08-05 16:28:18 UTC (RELENG_4_6)
+                2002-08-05 16:28:40 UTC (RELENG_4_5)
+                2002-08-05 16:28:58 UTC (RELENG_4_4)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-07-31  Initial release
+v1.1  2002-08-05  Corrected patch; updated list of affected utilities
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The
+OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured, and Open Source toolkit implementing
+the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS
+v1) protocols as well as a full-strength general purpose cryptography
+library.
+
+II.  Problem Description
+
+The OpenSSL libraries contain multiple buffer overflows, including
+errors in the handling of the client master key in the SSL2 protocol
+implementation; the handling of the session ID in the SSL3 protocol;
+and in the handling of buffers used for representing integers in
+ASCII on 64-bit platforms.  In addition, arbitrary or intentionally
+malicious data passed to the ASN.1 decoder may cause undefined
+behavior.
+
+Please see the OpenSSL Security Advisory in the `References' section
+for more details.
+
+The original correction for this problem (corresponding to the first
+revision of this advisory) contained a typo and introduced another
+bug.  The dates for the original correction were:
+
+Corrected:      2002-07-30 22:04:59 UTC (RELENG_4)
+                2002-07-31 02:54:36 UTC (RELENG_4_6)
+                2002-07-31 14:04:45 UTC (RELENG_4_5)
+                2002-07-31 16:40:30 UTC (RELENG_4_4)
+
+III. Impact
+
+At least one of the buffer overflows is known to be exploitable, and
+the others may be as well.  A successful exploit of an application
+using OpenSSL may result in arbitrary code execution.  Both clients
+and servers may be attacked.
+
+IV.  Workaround
+
+Disabling the SSL2 protocol in server applications should render
+server exploits harmless.  There is no known workaround for client
+applications.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6,
+RELENG_4_5, or RELENG_4_4 security branch dated after the correction
+date (4.6.1-RELEASE-p10, 4.5-RELEASE-p18, or 4.4-RELEASE-p25).
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.4, 4.5,
+and 4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD versions earlier than 4.6-RELEASE-p3, 4.5-RELEASE-p13, or
+4.6-RELEASE-p20]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:33/openssl.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:33/openssl.patch.asc
+
+[FreeBSD versions 4.6-RELEASE-p3 or later, 4.5-RELEASE-p14 or later,
+4.6-RELEASE-p20 or later, and 4.6-STABLE]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:33/openssl2.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:33/openssl2.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# find crypto/openssl -size 0c -delete
+
+c) Recompile the operating system as described in
+<URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
+
+Note that any statically linked applications that are not part of
+the base system (i.e. from the Ports Collection or other 3rd-party
+sources) must be recompiled if they use OpenSSL (libssl or libcrypto).
+
+All affected applications must be restarted in order to use the
+corrected library.  Though it is not required, rebooting may be the
+easiest way to accomplish this.
+
+The following components of the FreeBSD base system are known to
+utilize OpenSSL's libssl or libcrypto.  System administrators may
+choose to recompile only these applications rather than the entire
+operating system, though it is not recommended.
+
+bin/rcp
+gnu/usr.bin/cvs/cvs
+kerberos5/libexec/hprop
+kerberos5/libexec/hpropd
+kerberos5/libexec/ipropd-master
+kerberos5/libexec/ipropd-slave
+kerberos5/libexec/k5admind
+kerberos5/libexec/k5passwdd
+kerberos5/libexec/kdc
+kerberos5/libexec/telnetd
+kerberos5/usr.bin/k5admin
+kerberos5/usr.bin/k5destroy
+kerberos5/usr.bin/k5init
+kerberos5/usr.bin/k5list
+kerberos5/usr.bin/k5passwd
+kerberos5/usr.bin/k5su
+kerberos5/usr.bin/telnet
+kerberos5/usr.sbin/k5stash
+kerberos5/usr.sbin/ktutil
+kerberosIV/libexec/kauthd
+kerberosIV/libexec/kipd
+kerberosIV/libexec/kpropd
+kerberosIV/libexec/telnetd
+kerberosIV/usr.bin/kadmin
+kerberosIV/usr.bin/kauth
+kerberosIV/usr.bin/kdestroy
+kerberosIV/usr.bin/kinit
+kerberosIV/usr.bin/klist
+kerberosIV/usr.bin/telnet
+kerberosIV/usr.sbin/ext_srvtab
+kerberosIV/usr.sbin/kadmind
+kerberosIV/usr.sbin/kdb_destroy
+kerberosIV/usr.sbin/kdb_edit
+kerberosIV/usr.sbin/kdb_init
+kerberosIV/usr.sbin/kdb_util
+kerberosIV/usr.sbin/kerberos
+kerberosIV/usr.sbin/kip
+kerberosIV/usr.sbin/kprop
+kerberosIV/usr.sbin/ksrvutil
+kerberosIV/usr.sbin/kstash
+lib/libpam/modules/pam_kerberosIV
+lib/libpam/modules/pam_krb5
+lib/libpam/modules/pam_ssh
+sbin/dump
+sbin/md5
+sbin/mount_nfs
+sbin/nfsd
+sbin/restore
+secure/lib/libssh
+secure/libexec/sftp-server
+secure/libexec/ssh-keysign
+secure/libexec/telnetd
+secure/usr.bin/sftp
+secure/usr.bin/ssh
+secure/usr.bin/ssh-add
+secure/usr.bin/ssh-agent
+secure/usr.bin/ssh-keygen
+secure/usr.bin/ssh-keyscan
+secure/usr.bin/telnet
+secure/usr.sbin/sshd
+usr.bin/passwd
+usr.bin/rlogin
+usr.bin/rsh
+usr.bin/su
+usr.sbin/pkg_install/sign
+usr.sbin/ppp
+usr.sbin/pppd
+usr.sbin/sendmail
+usr.sbin/tcpdump/tcpdump
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/openssl/CHANGES                                  1.1.1.1.2.3
+  src/crypto/openssl/Configure                                1.1.1.1.2.3
+  src/crypto/openssl/FAQ                                      1.1.1.1.2.4
+  src/crypto/openssl/FREEBSD-Xlist                                1.1.2.3
+  src/crypto/openssl/INSTALL                                  1.1.1.1.2.3
+  src/crypto/openssl/LICENSE                                  1.1.1.1.2.3
+  src/crypto/openssl/Makefile.org                             1.1.1.1.2.4
+  src/crypto/openssl/Makefile.ssl                             1.1.1.1.2.4
+  src/crypto/openssl/NEWS                                     1.1.1.1.2.4
+  src/crypto/openssl/PROBLEMS                                 1.1.1.1.2.1
+  src/crypto/openssl/README                                   1.1.1.1.2.4
+  src/crypto/openssl/README.ENGINE                            1.1.1.1.2.2
+  src/crypto/openssl/STATUS                                       Removed
+  src/crypto/openssl/TABLE                                        Removed
+  src/crypto/openssl/apps/CA.pl                               1.1.1.1.2.3
+  src/crypto/openssl/apps/Makefile.save                           Removed
+  src/crypto/openssl/apps/Makefile.ssl                        1.1.1.1.2.4
+  src/crypto/openssl/apps/apps.c                              1.1.1.1.2.3
+  src/crypto/openssl/apps/asn1pars.c                          1.1.1.1.2.3
+  src/crypto/openssl/apps/ca.c                                1.1.1.1.2.3
+  src/crypto/openssl/apps/der_chop                            1.1.1.1.2.2
+  src/crypto/openssl/apps/dgst.c                              1.1.1.1.2.3
+  src/crypto/openssl/apps/dsaparam.c                          1.1.1.1.2.4
+  src/crypto/openssl/apps/eay.c                                   Removed
+  src/crypto/openssl/apps/enc.c                               1.1.1.1.2.3
+  src/crypto/openssl/apps/openssl.c                           1.1.1.1.2.3
+  src/crypto/openssl/apps/openssl.cnf                         1.1.1.1.2.5
+  src/crypto/openssl/apps/pem_mail.c                              Removed
+  src/crypto/openssl/apps/pkcs12.c                            1.1.1.1.2.3
+  src/crypto/openssl/apps/pkcs7.c                             1.1.1.1.2.3
+  src/crypto/openssl/apps/req.c                               1.1.1.1.2.4
+  src/crypto/openssl/apps/rsa/01.pem                              Removed
+  src/crypto/openssl/apps/rsa/1.txt                               Removed
+  src/crypto/openssl/apps/rsa/SecureServer.pem                    Removed
+  src/crypto/openssl/apps/rsa/s.txt                               Removed
+  src/crypto/openssl/apps/s_client.c                          1.1.1.1.2.4
+  src/crypto/openssl/apps/s_time.c                            1.1.1.1.2.2
+  src/crypto/openssl/apps/smime.c                             1.1.1.1.2.3
+  src/crypto/openssl/apps/speed.c                                 1.3.2.4
+  src/crypto/openssl/apps/tkca                                    Removed
+  src/crypto/openssl/apps/x509.c                              1.1.1.1.2.4
+  src/crypto/openssl/certs/rsa-ssca.pem                           Removed
+  src/crypto/openssl/config                                   1.1.1.1.2.4
+  src/crypto/openssl/crypto/Makefile.save                         Removed
+  src/crypto/openssl/crypto/Makefile.ssl                      1.1.1.1.2.4
+  src/crypto/openssl/crypto/asn1/Makefile.save                    Removed
+  src/crypto/openssl/crypto/asn1/Makefile.ssl                 1.1.1.1.2.4
+  src/crypto/openssl/crypto/asn1/a_bitstr.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/a_enum.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/a_gentm.c                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/a_int.c                      1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/a_set.c                      1.1.1.1.2.2
+  src/crypto/openssl/crypto/asn1/a_sign.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/a_strnid.c                   1.1.1.1.2.4
+  src/crypto/openssl/crypto/asn1/a_time.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/a_utctm.c                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/asn1.h                       1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/asn1_lib.c                   1.1.1.1.2.5
+  src/crypto/openssl/crypto/asn1/d2i_dhp.c                    1.1.1.1.2.2
+  src/crypto/openssl/crypto/asn1/d2i_dsap.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/d2i_r_pr.c                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/asn1/pkcs8.c                          Removed
+  src/crypto/openssl/crypto/asn1/t_pkey.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/t_x509.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/asn1/x_pubkey.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/bf/Makefile.save                      Removed
+  src/crypto/openssl/crypto/bf/Makefile.uni                       Removed
+  src/crypto/openssl/crypto/bio/Makefile.save                     Removed
+  src/crypto/openssl/crypto/bio/Makefile.ssl                  1.1.1.1.2.4
+  src/crypto/openssl/crypto/bio/b_print.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/bio/b_sock.c                      1.1.1.1.2.4
+  src/crypto/openssl/crypto/bio/bf_buff.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/bio/bf_lbuf.c                     1.1.1.1.2.2
+  src/crypto/openssl/crypto/bio/bf_nbio.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/bio/bio.h                         1.1.1.1.2.3
+  src/crypto/openssl/crypto/bio/bss_bio.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/bio/bss_log.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/bn/Makefile.save                      Removed
+  src/crypto/openssl/crypto/bn/Makefile.ssl                   1.1.1.1.2.4
+  src/crypto/openssl/crypto/bn/asm/ia64.S                     1.1.1.1.2.1
+  src/crypto/openssl/crypto/bn/asm/mips3.s                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/bn/bn.h                           1.1.1.1.2.4
+  src/crypto/openssl/crypto/bn/bn_comba.c                         Removed
+  src/crypto/openssl/crypto/bn/bn_div.c                       1.1.1.1.2.4
+  src/crypto/openssl/crypto/bn/bn_gcd.c                       1.1.1.1.2.2
+  src/crypto/openssl/crypto/bn/bn_mont.c                      1.1.1.1.2.3
+  src/crypto/openssl/crypto/bn/bn_mul.c                       1.1.1.1.2.3
+  src/crypto/openssl/crypto/bn/bn_opts.c                          Removed
+  src/crypto/openssl/crypto/bn/bn_prime.c                     1.1.1.1.2.2
+  src/crypto/openssl/crypto/bn/bn_rand.c                      1.1.1.1.2.4
+  src/crypto/openssl/crypto/bn/bn_sqr.c                       1.1.1.1.2.3
+  src/crypto/openssl/crypto/bn/comba.pl                           Removed
+  src/crypto/openssl/crypto/bn/d.c                                Removed
+  src/crypto/openssl/crypto/bn/new                                Removed
+  src/crypto/openssl/crypto/bn/old/b_sqr.c                        Removed
+  src/crypto/openssl/crypto/bn/old/bn_com.c                       Removed
+  src/crypto/openssl/crypto/bn/old/bn_high.c                      Removed
+  src/crypto/openssl/crypto/bn/old/bn_ka.c                        Removed
+  src/crypto/openssl/crypto/bn/old/bn_low.c                       Removed
+  src/crypto/openssl/crypto/bn/old/bn_m.c                         Removed
+  src/crypto/openssl/crypto/bn/old/bn_mul.c.works                 Removed
+  src/crypto/openssl/crypto/bn/old/bn_wmul.c                      Removed
+  src/crypto/openssl/crypto/bn/old/build                          Removed
+  src/crypto/openssl/crypto/bn/old/info                           Removed
+  src/crypto/openssl/crypto/bn/old/test.works                     Removed
+  src/crypto/openssl/crypto/buffer/Makefile.save                  Removed
+  src/crypto/openssl/crypto/buffer/buffer.h                   1.1.1.1.2.1
+  src/crypto/openssl/crypto/cast/Makefile.save                    Removed
+  src/crypto/openssl/crypto/cast/Makefile.uni                     Removed
+  src/crypto/openssl/crypto/comp/Makefile.save                    Removed
+  src/crypto/openssl/crypto/comp/Makefile.ssl                 1.1.1.1.2.3
+  src/crypto/openssl/crypto/comp/comp.h                       1.1.1.1.2.3
+  src/crypto/openssl/crypto/conf/Makefile.save                    Removed
+  src/crypto/openssl/crypto/conf/Makefile.ssl                 1.1.1.1.2.3
+  src/crypto/openssl/crypto/conf/conf.c                           Removed
+  src/crypto/openssl/crypto/conf/conf.h                       1.1.1.1.2.4
+  src/crypto/openssl/crypto/conf/conf_api.c                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/conf/conf_def.c                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/conf/conf_def.h                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/conf/conf_lcl.h                       Removed
+  src/crypto/openssl/crypto/conf/keysets.pl                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/cryptlib.c                        1.1.1.1.2.3
+  src/crypto/openssl/crypto/cryptlib.h                        1.1.1.1.2.2
+  src/crypto/openssl/crypto/crypto.h                          1.1.1.1.2.4
+  src/crypto/openssl/crypto/des/DES.pod                           Removed
+  src/crypto/openssl/crypto/des/MODES.DES                         Removed
+  src/crypto/openssl/crypto/des/Makefile.PL                       Removed
+  src/crypto/openssl/crypto/des/Makefile.lit                      Removed
+  src/crypto/openssl/crypto/des/Makefile.save                     Removed
+  src/crypto/openssl/crypto/des/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/des/PC1                               Removed
+  src/crypto/openssl/crypto/des/PC2                               Removed
+  src/crypto/openssl/crypto/des/des.h                             1.2.2.4
+  src/crypto/openssl/crypto/des/des.man                           Removed
+  src/crypto/openssl/crypto/des/des.pl                            Removed
+  src/crypto/openssl/crypto/des/des_crypt.man                     Removed
+  src/crypto/openssl/crypto/des/doIP                              Removed
+  src/crypto/openssl/crypto/des/doPC1                             Removed
+  src/crypto/openssl/crypto/des/doPC2                             Removed
+  src/crypto/openssl/crypto/des/fcrypt.c                      1.1.1.1.2.2
+  src/crypto/openssl/crypto/des/podd.h                            Removed
+  src/crypto/openssl/crypto/des/read_pwd.c                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/des/rnd_keys.c                        1.1.2.3
+  src/crypto/openssl/crypto/des/shifts.pl                         Removed
+  src/crypto/openssl/crypto/des/sk.h                              Removed
+  src/crypto/openssl/crypto/des/supp.c                            Removed
+  src/crypto/openssl/crypto/des/testdes.pl                        Removed
+  src/crypto/openssl/crypto/dh/Makefile.save                      Removed
+  src/crypto/openssl/crypto/dh/dh.h                           1.1.1.1.2.3
+  src/crypto/openssl/crypto/dh/dh_err.c                       1.1.1.1.2.2
+  src/crypto/openssl/crypto/dh/dh_gen.c                       1.1.1.1.2.2
+  src/crypto/openssl/crypto/dh/dh_key.c                       1.1.1.1.2.4
+  src/crypto/openssl/crypto/dh/dh_lib.c                       1.1.1.1.2.4
+  src/crypto/openssl/crypto/dh/dhtest.c                       1.1.1.1.2.3
+  src/crypto/openssl/crypto/dsa/Makefile.save                     Removed
+  src/crypto/openssl/crypto/dsa/dsa.h                         1.1.1.1.2.3
+  src/crypto/openssl/crypto/dsa/dsa_asn1.c                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/dsa/dsa_err.c                     1.1.1.1.2.2
+  src/crypto/openssl/crypto/dsa/dsa_lib.c                     1.1.1.1.2.4
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                    1.1.1.1.2.4
+  src/crypto/openssl/crypto/dso/dso.h                         1.1.1.1.2.2
+  src/crypto/openssl/crypto/dso/dso_dlfcn.c                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/ebcdic.c                          1.1.1.1.2.3
+  src/crypto/openssl/crypto/err/Makefile.save                     Removed
+  src/crypto/openssl/crypto/err/Makefile.ssl                  1.1.1.1.2.4
+  src/crypto/openssl/crypto/err/err.c                         1.1.1.1.2.4
+  src/crypto/openssl/crypto/err/err.h                         1.1.1.1.2.3
+  src/crypto/openssl/crypto/err/err_all.c                         1.2.2.4
+  src/crypto/openssl/crypto/evp/Makefile.save                     Removed
+  src/crypto/openssl/crypto/evp/bio_b64.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/evp/bio_enc.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/evp/c_allc.c                      1.1.1.1.2.2
+  src/crypto/openssl/crypto/evp/c_alld.c                      1.1.1.1.2.3
+  src/crypto/openssl/crypto/evp/e_bf.c                        1.1.1.1.2.2
+  src/crypto/openssl/crypto/evp/e_cbc_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/encode.c                      1.1.1.1.2.3
+  src/crypto/openssl/crypto/evp/evp.h                             1.2.2.4
+  src/crypto/openssl/crypto/evp/evp_key.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/evp/m_md4.c                       1.1.1.1.2.2
+  src/crypto/openssl/crypto/hmac/Makefile.save                    Removed
+  src/crypto/openssl/crypto/idea/Makefile.save                    Removed
+  src/crypto/openssl/crypto/idea/Makefile.ssl                     1.4.2.4
+  src/crypto/openssl/crypto/idea/Makefile.uni                     Removed
+  src/crypto/openssl/crypto/idea/i_cbc.c                          1.4.2.4
+  src/crypto/openssl/crypto/idea/i_cfb64.c                        1.4.2.4
+  src/crypto/openssl/crypto/idea/i_ecb.c                          1.4.2.4
+  src/crypto/openssl/crypto/idea/i_ofb64.c                        1.4.2.4
+  src/crypto/openssl/crypto/idea/i_skey.c                         1.4.2.4
+  src/crypto/openssl/crypto/idea/idea.h                           1.4.2.4
+  src/crypto/openssl/crypto/idea/idea_lcl.h                       1.4.2.4
+  src/crypto/openssl/crypto/idea/idea_spd.c                       1.4.2.4
+  src/crypto/openssl/crypto/idea/ideatest.c                       1.4.2.4
+  src/crypto/openssl/crypto/idea/version                          1.4.2.4
+  src/crypto/openssl/crypto/lhash/Makefile.save                   Removed
+  src/crypto/openssl/crypto/lhash/lh_test.c                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/md2/Makefile.save                     Removed
+  src/crypto/openssl/crypto/md2/Makefile.ssl                  1.1.1.1.2.4
+  src/crypto/openssl/crypto/md32_common.h                     1.1.1.1.2.2
+  src/crypto/openssl/crypto/md4/md4_locl.h                    1.1.1.1.2.2
+  src/crypto/openssl/crypto/md5/Makefile.save                     Removed
+  src/crypto/openssl/crypto/md5/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/md5/md5_locl.h                    1.1.1.1.2.2
+  src/crypto/openssl/crypto/mdc2/Makefile.save                    Removed
+  src/crypto/openssl/crypto/objects/Makefile.save                 Removed
+  src/crypto/openssl/crypto/objects/Makefile.ssl              1.1.1.1.2.4
+  src/crypto/openssl/crypto/objects/o_names.c                 1.1.1.1.2.3
+  src/crypto/openssl/crypto/objects/obj_dat.c                 1.1.1.1.2.3
+  src/crypto/openssl/crypto/objects/obj_dat.h                 1.1.1.1.2.3
+  src/crypto/openssl/crypto/objects/obj_dat.pl                1.1.1.1.2.3
+  src/crypto/openssl/crypto/objects/obj_mac.h                 1.1.1.1.2.2
+  src/crypto/openssl/crypto/objects/obj_mac.num               1.1.1.1.2.2
+  src/crypto/openssl/crypto/objects/objects.h                 1.1.1.1.2.3
+  src/crypto/openssl/crypto/objects/objects.pl                1.1.1.1.2.2
+  src/crypto/openssl/crypto/objects/objects.txt               1.1.1.1.2.2
+  src/crypto/openssl/crypto/opensslv.h                        1.1.1.1.2.4
+  src/crypto/openssl/crypto/pem/Makefile.save                     Removed
+  src/crypto/openssl/crypto/pem/pem.h                         1.1.1.1.2.3
+  src/crypto/openssl/crypto/pem/pem2.h                        1.1.1.1.2.2
+  src/crypto/openssl/crypto/pem/pem_info.c                    1.1.1.1.2.4
+  src/crypto/openssl/crypto/pem/pem_lib.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/perlasm/x86nasm.pl                1.1.1.1.2.1
+  src/crypto/openssl/crypto/perlasm/x86unix.pl                1.1.1.1.2.2
+  src/crypto/openssl/crypto/pkcs12/Makefile.save                  Removed
+  src/crypto/openssl/crypto/pkcs12/pkcs12.h                   1.1.1.1.2.4
+  src/crypto/openssl/crypto/pkcs7/Makefile.save                   Removed
+  src/crypto/openssl/crypto/pkcs7/Makefile.ssl                1.1.1.1.2.4
+  src/crypto/openssl/crypto/pkcs7/README                          Removed
+  src/crypto/openssl/crypto/pkcs7/pk7_attr.c                  1.1.1.1.2.3
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                  1.1.1.1.2.4
+  src/crypto/openssl/crypto/pkcs7/pkcs7.h                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/pkcs7/verify.c                    1.1.1.1.2.2
+  src/crypto/openssl/crypto/rand/Makefile.save                    Removed
+  src/crypto/openssl/crypto/rand/md_rand.c                    1.1.1.1.2.5
+  src/crypto/openssl/crypto/rand/rand.h                       1.1.1.1.2.4
+  src/crypto/openssl/crypto/rand/rand_egd.c                   1.1.1.1.2.4
+  src/crypto/openssl/crypto/rand/rand_win.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/rand/randfile.c                   1.1.1.1.2.4
+  src/crypto/openssl/crypto/rc2/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc2/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/rc4/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc4/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/rc5/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc5/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/ripemd/Makefile.save                  Removed
+  src/crypto/openssl/crypto/ripemd/Makefile.uni                   Removed
+  src/crypto/openssl/crypto/ripemd/rmd_locl.h                 1.1.1.1.2.2
+  src/crypto/openssl/crypto/rsa/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rsa/rsa.h                             1.2.2.5
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                         1.2.4.3
+  src/crypto/openssl/crypto/rsa/rsa_err.c                     1.1.1.1.2.2
+  src/crypto/openssl/crypto/rsa/rsa_lib.c                         1.2.2.4
+  src/crypto/openssl/crypto/rsa/rsa_oaep.c                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/rsa/rsa_oaep_test.c                   Removed
+  src/crypto/openssl/crypto/sha/Makefile.save                     Removed
+  src/crypto/openssl/crypto/sha/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/sha/sha_locl.h                    1.1.1.1.2.2
+  src/crypto/openssl/crypto/stack/Makefile.save                   Removed
+  src/crypto/openssl/crypto/tmdiff.c                          1.1.1.1.2.2
+  src/crypto/openssl/crypto/txt_db/Makefile.save                  Removed
+  src/crypto/openssl/crypto/txt_db/txt_db.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/x509/Makefile.save                    Removed
+  src/crypto/openssl/crypto/x509/Makefile.ssl                 1.1.1.1.2.4
+  src/crypto/openssl/crypto/x509/x509.h                       1.1.1.1.2.3
+  src/crypto/openssl/crypto/x509/x509_obj.c                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/x509/x509_trs.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/x509/x509_txt.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/x509/x509_vfy.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/x509/x509_vfy.h                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/x509v3/Makefile.save                  Removed
+  src/crypto/openssl/crypto/x509v3/Makefile.ssl               1.1.1.1.2.4
+  src/crypto/openssl/crypto/x509v3/README                         Removed
+  src/crypto/openssl/crypto/x509v3/v3_ia5.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/x509v3/v3_utl.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/x509v3/x509v3.h                   1.1.1.1.2.3
+  src/crypto/openssl/demos/b64.c                              1.1.1.1.2.2
+  src/crypto/openssl/demos/maurice/example1.c                 1.1.1.1.2.1
+  src/crypto/openssl/demos/maurice/loadkeys.c                 1.1.1.1.2.1
+  src/crypto/openssl/dep/crypto.txt                               Removed
+  src/crypto/openssl/dep/files                                    Removed
+  src/crypto/openssl/dep/gen.pl                                   Removed
+  src/crypto/openssl/dep/ssl.txt                                  Removed
+  src/crypto/openssl/doc/apps/ca.pod                          1.1.1.1.2.3
+  src/crypto/openssl/doc/apps/crl2pkcs7.pod                   1.1.1.1.2.2
+  src/crypto/openssl/doc/apps/enc.pod                         1.1.1.1.2.2
+  src/crypto/openssl/doc/apps/openssl.pod                     1.1.1.1.2.3
+  src/crypto/openssl/doc/apps/rsautl.pod                      1.1.1.1.2.2
+  src/crypto/openssl/doc/apps/s_server.pod                    1.1.1.1.2.3
+  src/crypto/openssl/doc/apps/smime.pod                       1.1.1.1.2.3
+  src/crypto/openssl/doc/apps/verify.pod                      1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto.pod                               Removed
+  src/crypto/openssl/doc/crypto/BN_bn2bin.pod                 1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/BN_rand.pod                   1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod       1.1.1.1.2.2
+  src/crypto/openssl/doc/crypto/EVP_DigestInit.pod            1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/EVP_EncryptInit.pod           1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/EVP_SignInit.pod              1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/EVP_VerifyInit.pod            1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod    1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/RSA_check_key.pod             1.1.1.1.2.2
+  src/crypto/openssl/doc/crypto/RSA_generate_key.pod          1.1.1.1.2.2
+  src/crypto/openssl/doc/crypto/bio.pod                       1.1.1.1.2.2
+  src/crypto/openssl/doc/crypto/blowfish.pod                  1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/bn.pod                        1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/crypto.pod                    1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/des_modes.pod                 1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/err.pod                       1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/rand.pod                      1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/rsa.pod                       1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/threads.pod                   1.1.1.1.2.3
+  src/crypto/openssl/doc/openssl.pod                              Removed
+  src/crypto/openssl/doc/ssl.pod                                  Removed
+  src/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod 1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod                 1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_free.pod                 1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod     1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod 1.1.1.2.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_new.pod                  1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod  1.1.1.2.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod      1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod       1.1.1.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod 1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod      1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod   1.1.1.2.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod   1.1.1.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod 1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod    1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod             1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod          1.1.1.2.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod   1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod          1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod  1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod           1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod      1.1.1.2.2.2
+  src/crypto/openssl/doc/ssl/SSL_SESSION_free.pod             1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod 1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod         1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_accept.pod                   1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_alert_type_string.pod        1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_clear.pod                    1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_connect.pod                  1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_do_handshake.pod             1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod              1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod       1.1.1.2.2.2
+  src/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod      1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_get_error.pod                1.1.1.1.2.4
+  src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod         1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod     1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_get_session.pod              1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_new.pod                      1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_read.pod                     1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_rstate_string.pod            1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_session_reused.pod           1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_set_connect_state.pod        1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_set_session.pod              1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_set_shutdown.pod             1.1.1.1.2.2
+  src/crypto/openssl/doc/ssl/SSL_shutdown.pod                 1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/SSL_state_string.pod             1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_want.pod                     1.1.1.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_write.pod                    1.1.1.1.2.3
+  src/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod              1.1.1.2.2.2
+  src/crypto/openssl/doc/ssl/ssl.pod                          1.1.1.1.2.4
+  src/crypto/openssl/doc/ssleay.txt                           1.1.1.1.2.3
+  src/crypto/openssl/e_os.h                                   1.1.1.1.2.4
+  src/crypto/openssl/e_os2.h                                  1.1.1.1.2.2
+  src/crypto/openssl/mt/README                                    Removed
+  src/crypto/openssl/mt/mttest.c                                  Removed
+  src/crypto/openssl/mt/profile.sh                                Removed
+  src/crypto/openssl/mt/pthread.sh                                Removed
+  src/crypto/openssl/mt/purify.sh                                 Removed
+  src/crypto/openssl/mt/solaris.sh                                Removed
+  src/crypto/openssl/openssl.spec                             1.1.1.1.2.3
+  src/crypto/openssl/shlib/Makefile.hpux10-cc                     Removed
+  src/crypto/openssl/shlib/hpux10-cc.sh                           Removed
+  src/crypto/openssl/shlib/irix.sh                                Removed
+  src/crypto/openssl/shlib/solaris-sc4.sh                         Removed
+  src/crypto/openssl/shlib/solaris.sh                             Removed
+  src/crypto/openssl/shlib/sun.sh                                 Removed
+  src/crypto/openssl/ssl/Makefile.save                            Removed
+  src/crypto/openssl/ssl/Makefile.ssl                         1.1.1.1.2.4
+  src/crypto/openssl/ssl/s23_clnt.c                               1.2.2.4
+  src/crypto/openssl/ssl/s23_lib.c                                1.2.2.4
+  src/crypto/openssl/ssl/s23_pkt.c                            1.1.1.1.2.2
+  src/crypto/openssl/ssl/s23_srvr.c                               1.2.2.4
+  src/crypto/openssl/ssl/s2_clnt.c                                1.2.2.4
+  src/crypto/openssl/ssl/s2_enc.c                                 1.2.2.4
+  src/crypto/openssl/ssl/s2_lib.c                                 1.2.2.4
+  src/crypto/openssl/ssl/s2_meth.c                                1.2.2.4
+  src/crypto/openssl/ssl/s2_pkt.c                                 1.2.2.4
+  src/crypto/openssl/ssl/s2_srvr.c                                1.2.2.4
+  src/crypto/openssl/ssl/s3_both.c                            1.1.1.1.2.4
+  src/crypto/openssl/ssl/s3_clnt.c                            1.1.1.1.2.4
+  src/crypto/openssl/ssl/s3_enc.c                             1.1.1.1.2.4
+  src/crypto/openssl/ssl/s3_lib.c                             1.1.1.1.2.4
+  src/crypto/openssl/ssl/s3_pkt.c                             1.1.1.1.2.4
+  src/crypto/openssl/ssl/s3_srvr.c                            1.1.1.1.2.4
+  src/crypto/openssl/ssl/ssl.h                                1.1.1.1.2.4
+  src/crypto/openssl/ssl/ssl2.h                               1.1.1.1.2.4
+  src/crypto/openssl/ssl/ssl3.h                               1.1.1.1.2.3
+  src/crypto/openssl/ssl/ssl_asn1.c                           1.1.1.1.2.3
+  src/crypto/openssl/ssl/ssl_cert.c                           1.1.1.1.2.4
+  src/crypto/openssl/ssl/ssl_err.c                            1.1.1.1.2.4
+  src/crypto/openssl/ssl/ssl_lib.c                            1.1.1.1.2.4
+  src/crypto/openssl/ssl/ssl_locl.h                           1.1.1.1.2.4
+  src/crypto/openssl/ssl/ssl_sess.c                           1.1.1.1.2.4
+  src/crypto/openssl/ssl/ssl_stat.c                           1.1.1.1.2.2
+  src/crypto/openssl/ssl/ssltest.c                            1.1.1.1.2.3
+  src/crypto/openssl/ssl/t1_enc.c                             1.1.1.1.2.4
+  src/crypto/openssl/test/Makefile.save                           Removed
+  src/crypto/openssl/test/Makefile.ssl                        1.1.1.1.2.4
+  src/crypto/openssl/test/bctest                              1.1.1.2.2.2
+  src/crypto/openssl/test/dsa-ca.pem                              Removed
+  src/crypto/openssl/test/dsa-pca.pem                             Removed
+  src/crypto/openssl/test/testss                              1.1.1.1.2.2
+  src/crypto/openssl/tools/c89.sh                             1.1.1.1.2.1
+  src/crypto/openssl/tools/c_rehash                           1.1.1.1.2.3
+  src/crypto/openssl/util/dirname.pl                          1.1.1.1.2.1
+  src/crypto/openssl/util/domd                                1.1.1.1.2.2
+  src/crypto/openssl/util/libeay.num                          1.1.1.1.2.4
+  src/crypto/openssl/util/mk1mf.pl                            1.1.1.1.2.3
+  src/crypto/openssl/util/mkdef.pl                            1.1.1.1.2.4
+  src/crypto/openssl/util/mkerr.pl                            1.1.1.1.2.3
+  src/crypto/openssl/util/pl/BC-32.pl                         1.1.1.1.2.3
+  src/crypto/openssl/util/pl/Mingw32.pl                       1.1.1.1.2.4
+  src/crypto/openssl/util/pl/VC-32.pl                         1.1.1.1.2.3
+  src/crypto/openssl/util/pod2man.pl                          1.1.1.1.2.3
+  src/crypto/openssl/util/pod2mantest                         1.1.1.1.2.1
+  src/crypto/openssl/util/pod2mantest.pod                     1.1.1.1.2.1
+  src/crypto/openssl/util/selftest.pl                         1.1.1.1.2.3
+  src/crypto/openssl/util/sep_lib.sh                              Removed
+  src/crypto/openssl/util/ssleay.num                          1.1.1.1.2.3
+  src/secure/lib/libcrypto/Makefile                             1.15.2.13
+  src/secure/lib/libcrypto/des_crypt.3                        1.1.1.2.2.1
+  src/secure/lib/libcrypto/opensslconf-alpha.h                    1.1.2.3
+RELENG_4_6
+  src/crypto/openssl/CHANGES                              1.1.1.1.2.2.6.1
+  src/crypto/openssl/Configure                            1.1.1.1.2.2.6.1
+  src/crypto/openssl/FAQ                                  1.1.1.1.2.3.6.1
+  src/crypto/openssl/FREEBSD-Xlist                            1.1.2.2.6.1
+  src/crypto/openssl/INSTALL                              1.1.1.1.2.2.8.1
+  src/crypto/openssl/LICENSE                              1.1.1.1.2.2.6.1
+  src/crypto/openssl/Makefile.org                         1.1.1.1.2.3.6.1
+  src/crypto/openssl/Makefile.ssl                         1.1.1.1.2.3.6.1
+  src/crypto/openssl/NEWS                                 1.1.1.1.2.3.6.1
+  src/crypto/openssl/README                               1.1.1.1.2.3.6.1
+  src/crypto/openssl/README.ENGINE                        1.1.1.1.2.1.8.1
+  src/crypto/openssl/STATUS                                       Removed
+  src/crypto/openssl/TABLE                                        Removed
+  src/crypto/openssl/apps/CA.pl                           1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/Makefile.save                           Removed
+  src/crypto/openssl/apps/Makefile.ssl                    1.1.1.1.2.3.6.1
+  src/crypto/openssl/apps/apps.c                          1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/asn1pars.c                      1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/ca.c                            1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/der_chop                        1.1.1.1.2.1.8.1
+  src/crypto/openssl/apps/dgst.c                          1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/dsaparam.c                      1.1.1.1.2.3.6.1
+  src/crypto/openssl/apps/eay.c                                   Removed
+  src/crypto/openssl/apps/enc.c                           1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/openssl.c                       1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/pem_mail.c                              Removed
+  src/crypto/openssl/apps/pkcs12.c                        1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/pkcs7.c                         1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/req.c                           1.1.1.1.2.3.6.1
+  src/crypto/openssl/apps/rsa/01.pem                              Removed
+  src/crypto/openssl/apps/rsa/1.txt                               Removed
+  src/crypto/openssl/apps/rsa/SecureServer.pem                    Removed
+  src/crypto/openssl/apps/rsa/s.txt                               Removed
+  src/crypto/openssl/apps/s_client.c                      1.1.1.1.2.3.6.1
+  src/crypto/openssl/apps/s_time.c                        1.1.1.1.2.1.8.1
+  src/crypto/openssl/apps/smime.c                         1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/speed.c                             1.3.2.3.6.1
+  src/crypto/openssl/apps/tkca                                    Removed
+  src/crypto/openssl/apps/x509.c                          1.1.1.1.2.3.6.1
+  src/crypto/openssl/certs/rsa-ssca.pem                           Removed
+  src/crypto/openssl/config                               1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/Makefile.save                         Removed
+  src/crypto/openssl/crypto/Makefile.ssl                  1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/asn1/Makefile.save                    Removed
+  src/crypto/openssl/crypto/asn1/Makefile.ssl             1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/asn1/a_bitstr.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/a_enum.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/a_gentm.c                1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/a_int.c                  1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/a_set.c                  1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/asn1/a_sign.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/a_strnid.c               1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/asn1/a_time.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/a_utctm.c                1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/asn1.h                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/asn1_lib.c               1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/asn1/d2i_dhp.c                1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/asn1/d2i_dsap.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/d2i_r_pr.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/asn1/pkcs8.c                          Removed
+  src/crypto/openssl/crypto/asn1/t_pkey.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/t_x509.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/x_pubkey.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bf/Makefile.save                      Removed
+  src/crypto/openssl/crypto/bf/Makefile.uni                       Removed
+  src/crypto/openssl/crypto/bio/Makefile.save                     Removed
+  src/crypto/openssl/crypto/bio/Makefile.ssl              1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/bio/b_print.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bio/b_sock.c                  1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/bio/bf_buff.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bio/bf_lbuf.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/bio/bf_nbio.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bio/bio.h                     1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bio/bss_bio.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bio/bss_log.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bn/Makefile.save                      Removed
+  src/crypto/openssl/crypto/bn/Makefile.ssl               1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/bn/asm/mips3.s                1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bn/bn.h                       1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/bn/bn_comba.c                         Removed
+  src/crypto/openssl/crypto/bn/bn_div.c                   1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/bn/bn_gcd.c                   1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/bn/bn_mont.c                  1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bn/bn_mul.c                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bn/bn_opts.c                          Removed
+  src/crypto/openssl/crypto/bn/bn_prime.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/bn/bn_rand.c                  1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/bn/bn_sqr.c                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bn/comba.pl                           Removed
+  src/crypto/openssl/crypto/bn/d.c                                Removed
+  src/crypto/openssl/crypto/bn/new                                Removed
+  src/crypto/openssl/crypto/bn/old/b_sqr.c                        Removed
+  src/crypto/openssl/crypto/bn/old/bn_com.c                       Removed
+  src/crypto/openssl/crypto/bn/old/bn_high.c                      Removed
+  src/crypto/openssl/crypto/bn/old/bn_ka.c                        Removed
+  src/crypto/openssl/crypto/bn/old/bn_low.c                       Removed
+  src/crypto/openssl/crypto/bn/old/bn_m.c                         Removed
+  src/crypto/openssl/crypto/bn/old/bn_mul.c.works                 Removed
+  src/crypto/openssl/crypto/bn/old/bn_wmul.c                      Removed
+  src/crypto/openssl/crypto/bn/old/build                          Removed
+  src/crypto/openssl/crypto/bn/old/info                           Removed
+  src/crypto/openssl/crypto/bn/old/test.works                     Removed
+  src/crypto/openssl/crypto/buffer/Makefile.save                  Removed
+  src/crypto/openssl/crypto/buffer/buffer.h                  1.1.1.1.10.1
+  src/crypto/openssl/crypto/cast/Makefile.save                    Removed
+  src/crypto/openssl/crypto/cast/Makefile.uni                     Removed
+  src/crypto/openssl/crypto/comp/Makefile.save                    Removed
+  src/crypto/openssl/crypto/comp/Makefile.ssl             1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/comp/comp.h                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/conf/Makefile.save                    Removed
+  src/crypto/openssl/crypto/conf/Makefile.ssl             1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/conf/conf.c                           Removed
+  src/crypto/openssl/crypto/conf/conf.h                   1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/conf/conf_api.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/conf/conf_def.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/conf/conf_def.h               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/conf/conf_lcl.h                       Removed
+  src/crypto/openssl/crypto/conf/keysets.pl               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/cryptlib.c                    1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/cryptlib.h                    1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/crypto.h                      1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/des/DES.pod                           Removed
+  src/crypto/openssl/crypto/des/MODES.DES                         Removed
+  src/crypto/openssl/crypto/des/Makefile.PL                       Removed
+  src/crypto/openssl/crypto/des/Makefile.lit                      Removed
+  src/crypto/openssl/crypto/des/Makefile.save                     Removed
+  src/crypto/openssl/crypto/des/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/des/PC1                               Removed
+  src/crypto/openssl/crypto/des/PC2                               Removed
+  src/crypto/openssl/crypto/des/des.h                         1.2.2.3.6.1
+  src/crypto/openssl/crypto/des/des.man                           Removed
+  src/crypto/openssl/crypto/des/des.pl                            Removed
+  src/crypto/openssl/crypto/des/des_crypt.man                     Removed
+  src/crypto/openssl/crypto/des/doIP                              Removed
+  src/crypto/openssl/crypto/des/doPC1                             Removed
+  src/crypto/openssl/crypto/des/doPC2                             Removed
+  src/crypto/openssl/crypto/des/fcrypt.c                  1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/des/podd.h                            Removed
+  src/crypto/openssl/crypto/des/read_pwd.c                1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/des/shifts.pl                         Removed
+  src/crypto/openssl/crypto/des/sk.h                              Removed
+  src/crypto/openssl/crypto/des/supp.c                            Removed
+  src/crypto/openssl/crypto/des/testdes.pl                        Removed
+  src/crypto/openssl/crypto/dh/Makefile.save                      Removed
+  src/crypto/openssl/crypto/dh/dh.h                       1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/dh/dh_err.c                   1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/dh/dh_gen.c                   1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/dh/dh_key.c                   1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/dh/dh_lib.c                   1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/dh/dhtest.c                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/dsa/Makefile.save                     Removed
+  src/crypto/openssl/crypto/dsa/dsa.h                     1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/dsa/dsa_asn1.c                1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/dsa/dsa_err.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/dsa/dsa_lib.c                 1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/dso/dso.h                     1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/dso/dso_dlfcn.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/ebcdic.c                      1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/err/Makefile.save                     Removed
+  src/crypto/openssl/crypto/err/Makefile.ssl              1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/err/err.c                     1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/err/err.h                     1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/evp/Makefile.save                     Removed
+  src/crypto/openssl/crypto/evp/bio_b64.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/evp/bio_enc.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/evp/c_allc.c                  1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/evp/c_alld.c                  1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/evp/e_bf.c                    1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/evp/e_cbc_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/encode.c                  1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/evp/evp.h                         1.2.2.3.6.1
+  src/crypto/openssl/crypto/evp/evp_key.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/evp/m_md4.c                   1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/hmac/Makefile.save                    Removed
+  src/crypto/openssl/crypto/idea/Makefile.save                    Removed
+  src/crypto/openssl/crypto/idea/Makefile.uni                     Removed
+  src/crypto/openssl/crypto/lhash/Makefile.save                   Removed
+  src/crypto/openssl/crypto/lhash/lh_test.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/md2/Makefile.save                     Removed
+  src/crypto/openssl/crypto/md2/Makefile.ssl              1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/md32_common.h                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/md4/md4_locl.h                1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/md5/Makefile.save                     Removed
+  src/crypto/openssl/crypto/md5/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/md5/md5_locl.h                1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/mdc2/Makefile.save                    Removed
+  src/crypto/openssl/crypto/objects/Makefile.save                 Removed
+  src/crypto/openssl/crypto/objects/Makefile.ssl          1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/objects/o_names.c             1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/objects/obj_dat.c             1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/objects/obj_dat.h             1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/objects/obj_dat.pl            1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/objects/obj_mac.h             1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/objects/obj_mac.num           1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/objects/objects.h             1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/objects/objects.pl            1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/objects/objects.txt           1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/opensslv.h                    1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/pem/Makefile.save                     Removed
+  src/crypto/openssl/crypto/pem/pem.h                     1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/pem/pem2.h                    1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/pem/pem_info.c                1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/pem/pem_lib.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/perlasm/x86nasm.pl               1.1.1.1.10.1
+  src/crypto/openssl/crypto/perlasm/x86unix.pl            1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/pkcs12/Makefile.save                  Removed
+  src/crypto/openssl/crypto/pkcs12/pkcs12.h               1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/pkcs7/Makefile.save                   Removed
+  src/crypto/openssl/crypto/pkcs7/Makefile.ssl            1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/pkcs7/README                          Removed
+  src/crypto/openssl/crypto/pkcs7/pk7_attr.c              1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c              1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/pkcs7/pkcs7.h                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/pkcs7/verify.c                1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/rand/Makefile.save                    Removed
+  src/crypto/openssl/crypto/rand/md_rand.c                1.1.1.1.2.4.6.1
+  src/crypto/openssl/crypto/rand/rand.h                   1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/rand/rand_egd.c               1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/rand/rand_win.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/rand/randfile.c               1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/rc2/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc2/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/rc4/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc4/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/rc5/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc5/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/ripemd/Makefile.save                  Removed
+  src/crypto/openssl/crypto/ripemd/Makefile.uni                   Removed
+  src/crypto/openssl/crypto/ripemd/rmd_locl.h             1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/rsa/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rsa/rsa.h                         1.2.2.4.6.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                     1.2.4.2.6.1
+  src/crypto/openssl/crypto/rsa/rsa_err.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/rsa/rsa_oaep.c                1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/rsa/rsa_oaep_test.c                   Removed
+  src/crypto/openssl/crypto/sha/Makefile.save                     Removed
+  src/crypto/openssl/crypto/sha/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/sha/sha_locl.h                1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/stack/Makefile.save                   Removed
+  src/crypto/openssl/crypto/tmdiff.c                      1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/txt_db/Makefile.save                  Removed
+  src/crypto/openssl/crypto/txt_db/txt_db.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/x509/Makefile.save                    Removed
+  src/crypto/openssl/crypto/x509/Makefile.ssl             1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/x509/x509.h                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/x509/x509_obj.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/x509/x509_trs.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/x509/x509_txt.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/x509/x509_vfy.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/x509/x509_vfy.h               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/x509v3/Makefile.save                  Removed
+  src/crypto/openssl/crypto/x509v3/Makefile.ssl           1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/x509v3/README                         Removed
+  src/crypto/openssl/crypto/x509v3/v3_ia5.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/x509v3/v3_utl.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/x509v3/x509v3.h               1.1.1.1.2.2.8.1
+  src/crypto/openssl/demos/b64.c                          1.1.1.1.2.1.8.1
+  src/crypto/openssl/demos/maurice/example1.c                1.1.1.1.10.1
+  src/crypto/openssl/demos/maurice/loadkeys.c                1.1.1.1.10.1
+  src/crypto/openssl/dep/crypto.txt                               Removed
+  src/crypto/openssl/dep/files                                    Removed
+  src/crypto/openssl/dep/gen.pl                                   Removed
+  src/crypto/openssl/dep/ssl.txt                                  Removed
+  src/crypto/openssl/doc/apps/ca.pod                      1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/apps/crl2pkcs7.pod               1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/apps/enc.pod                     1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/apps/openssl.pod                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/apps/rsautl.pod                  1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/apps/s_server.pod                1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/apps/smime.pod                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/apps/verify.pod                  1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto.pod                               Removed
+  src/crypto/openssl/doc/crypto/BN_bn2bin.pod             1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/BN_rand.pod               1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod   1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/EVP_DigestInit.pod        1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/EVP_EncryptInit.pod       1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/EVP_SignInit.pod          1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/EVP_VerifyInit.pod        1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod 1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/RSA_check_key.pod         1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/RSA_generate_key.pod      1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/bio.pod                   1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/blowfish.pod              1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/bn.pod                    1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/crypto.pod                1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/des_modes.pod             1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/err.pod                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/rand.pod                  1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/rsa.pod                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/threads.pod               1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/openssl.pod                              Removed
+  src/crypto/openssl/doc/ssl.pod                                  Removed
+  src/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod 1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod                 1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_free.pod             1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod 1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod 1.1.1.2.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_new.pod              1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod 1.1.1.2.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod  1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod       1.1.1.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod 1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod  1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod 1.1.1.2.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod   1.1.1.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod 1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod    1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod         1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod      1.1.1.2.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod   1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod      1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod  1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod       1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod  1.1.1.2.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_SESSION_free.pod         1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod 1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod     1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_accept.pod               1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_alert_type_string.pod        1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_clear.pod                1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_connect.pod              1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_do_handshake.pod             1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod              1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod   1.1.1.2.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod      1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_get_error.pod            1.1.1.1.2.3.6.1
+  src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod     1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod 1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_get_session.pod          1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_new.pod                  1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_read.pod                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_rstate_string.pod            1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_session_reused.pod           1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_set_connect_state.pod    1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_set_session.pod          1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_set_shutdown.pod         1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_shutdown.pod             1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_state_string.pod             1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_want.pod                     1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_write.pod                1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod          1.1.1.2.2.1.6.1
+  src/crypto/openssl/doc/ssl/ssl.pod                      1.1.1.1.2.3.6.1
+  src/crypto/openssl/doc/ssleay.txt                       1.1.1.1.2.2.6.1
+  src/crypto/openssl/e_os.h                               1.1.1.1.2.3.6.1
+  src/crypto/openssl/e_os2.h                              1.1.1.1.2.1.8.1
+  src/crypto/openssl/mt/README                                    Removed
+  src/crypto/openssl/mt/mttest.c                                  Removed
+  src/crypto/openssl/mt/profile.sh                                Removed
+  src/crypto/openssl/mt/pthread.sh                                Removed
+  src/crypto/openssl/mt/purify.sh                                 Removed
+  src/crypto/openssl/mt/solaris.sh                                Removed
+  src/crypto/openssl/openssl.spec                         1.1.1.1.2.2.6.1
+  src/crypto/openssl/shlib/Makefile.hpux10-cc                     Removed
+  src/crypto/openssl/shlib/hpux10-cc.sh                           Removed
+  src/crypto/openssl/shlib/irix.sh                                Removed
+  src/crypto/openssl/shlib/solaris-sc4.sh                         Removed
+  src/crypto/openssl/shlib/solaris.sh                             Removed
+  src/crypto/openssl/shlib/sun.sh                                 Removed
+  src/crypto/openssl/ssl/Makefile.save                            Removed
+  src/crypto/openssl/ssl/Makefile.ssl                     1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/s23_clnt.c                           1.2.2.3.6.1
+  src/crypto/openssl/ssl/s23_pkt.c                        1.1.1.1.2.1.8.1
+  src/crypto/openssl/ssl/s23_srvr.c                           1.2.2.3.6.1
+  src/crypto/openssl/ssl/s2_clnt.c                            1.2.2.3.6.1
+  src/crypto/openssl/ssl/s2_enc.c                             1.2.2.3.6.1
+  src/crypto/openssl/ssl/s2_lib.c                             1.2.2.3.6.1
+  src/crypto/openssl/ssl/s2_pkt.c                             1.2.2.3.6.1
+  src/crypto/openssl/ssl/s2_srvr.c                            1.2.2.3.6.1
+  src/crypto/openssl/ssl/s3_both.c                        1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/s3_clnt.c                        1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/s3_enc.c                         1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/s3_lib.c                         1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/s3_pkt.c                         1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/ssl.h                            1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/ssl2.h                           1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/ssl3.h                           1.1.1.1.2.2.8.1
+  src/crypto/openssl/ssl/ssl_asn1.c                       1.1.1.1.2.2.8.1
+  src/crypto/openssl/ssl/ssl_cert.c                       1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/ssl_err.c                        1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/ssl_lib.c                        1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/ssl_locl.h                       1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/ssl_sess.c                       1.1.1.1.2.3.6.1
+  src/crypto/openssl/ssl/ssl_stat.c                       1.1.1.1.2.1.8.1
+  src/crypto/openssl/ssl/ssltest.c                        1.1.1.1.2.2.8.1
+  src/crypto/openssl/ssl/t1_enc.c                         1.1.1.1.2.3.6.1
+  src/crypto/openssl/test/Makefile.save                           Removed
+  src/crypto/openssl/test/Makefile.ssl                    1.1.1.1.2.3.6.1
+  src/crypto/openssl/test/bctest                          1.1.1.2.2.1.6.1
+  src/crypto/openssl/test/dsa-ca.pem                              Removed
+  src/crypto/openssl/test/dsa-pca.pem                             Removed
+  src/crypto/openssl/test/testss                          1.1.1.1.2.1.8.1
+  src/crypto/openssl/tools/c89.sh                             1.1.1.1.4.1
+  src/crypto/openssl/tools/c_rehash                       1.1.1.1.2.2.6.1
+  src/crypto/openssl/util/dirname.pl                          1.1.1.1.4.1
+  src/crypto/openssl/util/domd                            1.1.1.1.2.1.8.1
+  src/crypto/openssl/util/libeay.num                      1.1.1.1.2.3.6.1
+  src/crypto/openssl/util/mk1mf.pl                        1.1.1.1.2.2.8.1
+  src/crypto/openssl/util/mkdef.pl                        1.1.1.1.2.3.6.1
+  src/crypto/openssl/util/mkerr.pl                        1.1.1.1.2.2.8.1
+  src/crypto/openssl/util/pl/BC-32.pl                     1.1.1.1.2.2.8.1
+  src/crypto/openssl/util/pl/VC-32.pl                     1.1.1.1.2.2.8.1
+  src/crypto/openssl/util/pod2man.pl                      1.1.1.1.2.2.6.1
+  src/crypto/openssl/util/pod2mantest                         1.1.1.1.4.1
+  src/crypto/openssl/util/pod2mantest.pod                     1.1.1.1.4.1
+  src/crypto/openssl/util/selftest.pl                     1.1.1.1.2.2.8.1
+  src/crypto/openssl/util/sep_lib.sh                              Removed
+  src/crypto/openssl/util/ssleay.num                      1.1.1.1.2.2.8.1
+  src/secure/lib/libcrypto/Makefile                         1.15.2.11.6.1
+  src/secure/lib/libcrypto/des_crypt.3                       1.1.1.2.10.1
+  src/secure/lib/libcrypto/opensslconf-alpha.h                1.1.2.2.6.1
+  src/sys/conf/newvers.sh                                   1.44.2.23.2.8
+RELENG_4_5
+  src/crypto/openssl/CHANGES                              1.1.1.1.2.2.4.1
+  src/crypto/openssl/Configure                            1.1.1.1.2.2.4.1
+  src/crypto/openssl/FAQ                                  1.1.1.1.2.3.4.1
+  src/crypto/openssl/FREEBSD-Xlist                            1.1.2.2.4.1
+  src/crypto/openssl/INSTALL                              1.1.1.1.2.2.6.1
+  src/crypto/openssl/LICENSE                              1.1.1.1.2.2.4.1
+  src/crypto/openssl/Makefile.org                         1.1.1.1.2.3.4.1
+  src/crypto/openssl/Makefile.ssl                         1.1.1.1.2.3.4.1
+  src/crypto/openssl/NEWS                                 1.1.1.1.2.3.4.1
+  src/crypto/openssl/README                               1.1.1.1.2.3.4.1
+  src/crypto/openssl/README.ENGINE                        1.1.1.1.2.1.6.1
+  src/crypto/openssl/STATUS                                       Removed
+  src/crypto/openssl/TABLE                                        Removed
+  src/crypto/openssl/apps/CA.pl                           1.1.1.1.2.2.6.1
+  src/crypto/openssl/apps/Makefile.save                           Removed
+  src/crypto/openssl/apps/Makefile.ssl                    1.1.1.1.2.3.4.1
+  src/crypto/openssl/apps/apps.c                          1.1.1.1.2.2.6.1
+  src/crypto/openssl/apps/asn1pars.c                      1.1.1.1.2.2.6.1
+  src/crypto/openssl/apps/ca.c                            1.1.1.1.2.2.6.1
+  src/crypto/openssl/apps/der_chop                        1.1.1.1.2.1.6.1
+  src/crypto/openssl/apps/dgst.c                          1.1.1.1.2.2.6.1
+  src/crypto/openssl/apps/dsaparam.c                      1.1.1.1.2.3.4.1
+  src/crypto/openssl/apps/eay.c                                   Removed
+  src/crypto/openssl/apps/enc.c                           1.1.1.1.2.2.6.1
+  src/crypto/openssl/apps/openssl.c                       1.1.1.1.2.2.6.1
+  src/crypto/openssl/apps/pem_mail.c                              Removed
+  src/crypto/openssl/apps/pkcs12.c                        1.1.1.1.2.2.6.1
+  src/crypto/openssl/apps/pkcs7.c                         1.1.1.1.2.2.6.1
+  src/crypto/openssl/apps/req.c                           1.1.1.1.2.3.4.1
+  src/crypto/openssl/apps/rsa/01.pem                              Removed
+  src/crypto/openssl/apps/rsa/1.txt                               Removed
+  src/crypto/openssl/apps/rsa/SecureServer.pem                    Removed
+  src/crypto/openssl/apps/rsa/s.txt                               Removed
+  src/crypto/openssl/apps/s_client.c                      1.1.1.1.2.3.4.1
+  src/crypto/openssl/apps/s_time.c                        1.1.1.1.2.1.6.1
+  src/crypto/openssl/apps/smime.c                         1.1.1.1.2.2.6.1
+  src/crypto/openssl/apps/speed.c                             1.3.2.3.4.1
+  src/crypto/openssl/apps/tkca                                    Removed
+  src/crypto/openssl/apps/x509.c                          1.1.1.1.2.3.4.1
+  src/crypto/openssl/certs/rsa-ssca.pem                           Removed
+  src/crypto/openssl/config                               1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/Makefile.save                         Removed
+  src/crypto/openssl/crypto/Makefile.ssl                  1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/asn1/Makefile.save                    Removed
+  src/crypto/openssl/crypto/asn1/Makefile.ssl             1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/asn1/a_bitstr.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/a_enum.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/a_gentm.c                1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/a_int.c                  1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/a_set.c                  1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/asn1/a_sign.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/a_strnid.c               1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/asn1/a_time.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/a_utctm.c                1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/asn1.h                   1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/asn1_lib.c               1.1.1.1.2.3.4.2
+  src/crypto/openssl/crypto/asn1/d2i_dhp.c                1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/asn1/d2i_dsap.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/d2i_r_pr.c               1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/asn1/pkcs8.c                          Removed
+  src/crypto/openssl/crypto/asn1/t_pkey.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/t_x509.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/asn1/x_pubkey.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bf/Makefile.save                      Removed
+  src/crypto/openssl/crypto/bf/Makefile.uni                       Removed
+  src/crypto/openssl/crypto/bio/Makefile.save                     Removed
+  src/crypto/openssl/crypto/bio/Makefile.ssl              1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/bio/b_print.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bio/b_sock.c                  1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/bio/bf_buff.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bio/bf_lbuf.c                 1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/bio/bf_nbio.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bio/bio.h                     1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bio/bss_bio.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bio/bss_log.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bn/Makefile.save                      Removed
+  src/crypto/openssl/crypto/bn/Makefile.ssl               1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/bn/asm/mips3.s                1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bn/bn.h                       1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/bn/bn_comba.c                         Removed
+  src/crypto/openssl/crypto/bn/bn_div.c                   1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/bn/bn_gcd.c                   1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/bn/bn_mont.c                  1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bn/bn_mul.c                   1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bn/bn_opts.c                          Removed
+  src/crypto/openssl/crypto/bn/bn_prime.c                 1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/bn/bn_rand.c                  1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/bn/bn_sqr.c                   1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bn/comba.pl                           Removed
+  src/crypto/openssl/crypto/bn/d.c                                Removed
+  src/crypto/openssl/crypto/bn/new                                Removed
+  src/crypto/openssl/crypto/bn/old/b_sqr.c                        Removed
+  src/crypto/openssl/crypto/bn/old/bn_com.c                       Removed
+  src/crypto/openssl/crypto/bn/old/bn_high.c                      Removed
+  src/crypto/openssl/crypto/bn/old/bn_ka.c                        Removed
+  src/crypto/openssl/crypto/bn/old/bn_low.c                       Removed
+  src/crypto/openssl/crypto/bn/old/bn_m.c                         Removed
+  src/crypto/openssl/crypto/bn/old/bn_mul.c.works                 Removed
+  src/crypto/openssl/crypto/bn/old/bn_wmul.c                      Removed
+  src/crypto/openssl/crypto/bn/old/build                          Removed
+  src/crypto/openssl/crypto/bn/old/info                           Removed
+  src/crypto/openssl/crypto/bn/old/test.works                     Removed
+  src/crypto/openssl/crypto/buffer/Makefile.save                  Removed
+  src/crypto/openssl/crypto/buffer/buffer.h                   1.1.1.1.8.1
+  src/crypto/openssl/crypto/cast/Makefile.save                    Removed
+  src/crypto/openssl/crypto/cast/Makefile.uni                     Removed
+  src/crypto/openssl/crypto/comp/Makefile.save                    Removed
+  src/crypto/openssl/crypto/comp/Makefile.ssl             1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/comp/comp.h                   1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/conf/Makefile.save                    Removed
+  src/crypto/openssl/crypto/conf/Makefile.ssl             1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/conf/conf.c                           Removed
+  src/crypto/openssl/crypto/conf/conf.h                   1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/conf/conf_api.c               1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/conf/conf_def.c               1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/conf/conf_def.h               1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/conf/conf_lcl.h                       Removed
+  src/crypto/openssl/crypto/conf/keysets.pl               1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/cryptlib.c                    1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/cryptlib.h                    1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/crypto.h                      1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/des/DES.pod                           Removed
+  src/crypto/openssl/crypto/des/MODES.DES                         Removed
+  src/crypto/openssl/crypto/des/Makefile.PL                       Removed
+  src/crypto/openssl/crypto/des/Makefile.lit                      Removed
+  src/crypto/openssl/crypto/des/Makefile.save                     Removed
+  src/crypto/openssl/crypto/des/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/des/PC1                               Removed
+  src/crypto/openssl/crypto/des/PC2                               Removed
+  src/crypto/openssl/crypto/des/des.h                         1.2.2.3.4.1
+  src/crypto/openssl/crypto/des/des.man                           Removed
+  src/crypto/openssl/crypto/des/des.pl                            Removed
+  src/crypto/openssl/crypto/des/des_crypt.man                     Removed
+  src/crypto/openssl/crypto/des/doIP                              Removed
+  src/crypto/openssl/crypto/des/doPC1                             Removed
+  src/crypto/openssl/crypto/des/doPC2                             Removed
+  src/crypto/openssl/crypto/des/fcrypt.c                  1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/des/podd.h                            Removed
+  src/crypto/openssl/crypto/des/read_pwd.c                1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/des/shifts.pl                         Removed
+  src/crypto/openssl/crypto/des/sk.h                              Removed
+  src/crypto/openssl/crypto/des/supp.c                            Removed
+  src/crypto/openssl/crypto/des/testdes.pl                        Removed
+  src/crypto/openssl/crypto/dh/Makefile.save                      Removed
+  src/crypto/openssl/crypto/dh/dh.h                       1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/dh/dh_err.c                   1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/dh/dh_gen.c                   1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/dh/dh_key.c                   1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/dh/dh_lib.c                   1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/dh/dhtest.c                   1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/dsa/Makefile.save                     Removed
+  src/crypto/openssl/crypto/dsa/dsa.h                     1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/dsa/dsa_asn1.c                1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/dsa/dsa_err.c                 1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/dsa/dsa_lib.c                 1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/dso/dso.h                     1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/dso/dso_dlfcn.c               1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/ebcdic.c                      1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/err/Makefile.save                     Removed
+  src/crypto/openssl/crypto/err/Makefile.ssl              1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/err/err.c                     1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/err/err.h                     1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/evp/Makefile.save                     Removed
+  src/crypto/openssl/crypto/evp/bio_b64.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/evp/bio_enc.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/evp/c_allc.c                  1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/evp/c_alld.c                  1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/evp/e_bf.c                    1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/evp/e_cbc_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/encode.c                  1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/evp/evp.h                         1.2.2.3.4.1
+  src/crypto/openssl/crypto/evp/evp_key.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/evp/m_md4.c                   1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/hmac/Makefile.save                    Removed
+  src/crypto/openssl/crypto/idea/Makefile.save                    Removed
+  src/crypto/openssl/crypto/idea/Makefile.uni                     Removed
+  src/crypto/openssl/crypto/lhash/Makefile.save                   Removed
+  src/crypto/openssl/crypto/lhash/lh_test.c               1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/md2/Makefile.save                     Removed
+  src/crypto/openssl/crypto/md2/Makefile.ssl              1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/md32_common.h                 1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/md4/md4_locl.h                1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/md5/Makefile.save                     Removed
+  src/crypto/openssl/crypto/md5/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/md5/md5_locl.h                1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/mdc2/Makefile.save                    Removed
+  src/crypto/openssl/crypto/objects/Makefile.save                 Removed
+  src/crypto/openssl/crypto/objects/Makefile.ssl          1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/objects/o_names.c             1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/objects/obj_dat.c             1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/objects/obj_dat.h             1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/objects/obj_dat.pl            1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/objects/obj_mac.h             1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/objects/obj_mac.num           1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/objects/objects.h             1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/objects/objects.pl            1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/objects/objects.txt           1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/opensslv.h                    1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/pem/Makefile.save                     Removed
+  src/crypto/openssl/crypto/pem/pem.h                     1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/pem/pem2.h                    1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/pem/pem_info.c                1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/pem/pem_lib.c                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/perlasm/x86nasm.pl                1.1.1.1.8.1
+  src/crypto/openssl/crypto/perlasm/x86unix.pl            1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/pkcs12/Makefile.save                  Removed
+  src/crypto/openssl/crypto/pkcs12/pkcs12.h               1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/pkcs7/Makefile.save                   Removed
+  src/crypto/openssl/crypto/pkcs7/Makefile.ssl            1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/pkcs7/README                          Removed
+  src/crypto/openssl/crypto/pkcs7/pk7_attr.c              1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c              1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/pkcs7/pkcs7.h                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/pkcs7/verify.c                1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/rand/Makefile.save                    Removed
+  src/crypto/openssl/crypto/rand/md_rand.c                1.1.1.1.2.4.4.1
+  src/crypto/openssl/crypto/rand/rand.h                   1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/rand/rand_egd.c               1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/rand/rand_win.c               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/rand/randfile.c               1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/rc2/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc2/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/rc4/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc4/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/rc5/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc5/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/ripemd/Makefile.save                  Removed
+  src/crypto/openssl/crypto/ripemd/Makefile.uni                   Removed
+  src/crypto/openssl/crypto/ripemd/rmd_locl.h             1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/rsa/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rsa/rsa.h                         1.2.2.4.4.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                     1.2.4.2.4.1
+  src/crypto/openssl/crypto/rsa/rsa_err.c                 1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/rsa/rsa_oaep.c                1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/rsa/rsa_oaep_test.c                   Removed
+  src/crypto/openssl/crypto/sha/Makefile.save                     Removed
+  src/crypto/openssl/crypto/sha/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/sha/sha_locl.h                1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/stack/Makefile.save                   Removed
+  src/crypto/openssl/crypto/tmdiff.c                      1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/txt_db/Makefile.save                  Removed
+  src/crypto/openssl/crypto/txt_db/txt_db.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/x509/Makefile.save                    Removed
+  src/crypto/openssl/crypto/x509/Makefile.ssl             1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/x509/x509.h                   1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/x509/x509_obj.c               1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/x509/x509_trs.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/x509/x509_txt.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/x509/x509_vfy.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/x509/x509_vfy.h               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/x509v3/Makefile.save                  Removed
+  src/crypto/openssl/crypto/x509v3/Makefile.ssl           1.1.1.1.2.3.4.1
+  src/crypto/openssl/crypto/x509v3/README                         Removed
+  src/crypto/openssl/crypto/x509v3/v3_ia5.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/x509v3/v3_utl.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/x509v3/x509v3.h               1.1.1.1.2.2.6.1
+  src/crypto/openssl/demos/b64.c                          1.1.1.1.2.1.6.1
+  src/crypto/openssl/demos/maurice/example1.c                 1.1.1.1.8.1
+  src/crypto/openssl/demos/maurice/loadkeys.c                 1.1.1.1.8.1
+  src/crypto/openssl/dep/crypto.txt                               Removed
+  src/crypto/openssl/dep/files                                    Removed
+  src/crypto/openssl/dep/gen.pl                                   Removed
+  src/crypto/openssl/dep/ssl.txt                                  Removed
+  src/crypto/openssl/doc/apps/ca.pod                      1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/apps/crl2pkcs7.pod               1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/apps/enc.pod                     1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/apps/openssl.pod                 1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/apps/rsautl.pod                  1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/apps/s_server.pod                1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/apps/smime.pod                   1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/apps/verify.pod                  1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto.pod                               Removed
+  src/crypto/openssl/doc/crypto/BN_bn2bin.pod             1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/BN_rand.pod               1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod   1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/crypto/EVP_DigestInit.pod        1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/EVP_EncryptInit.pod       1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/EVP_SignInit.pod          1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/EVP_VerifyInit.pod        1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod 1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/RSA_check_key.pod         1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/crypto/RSA_generate_key.pod      1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/crypto/bio.pod                   1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/crypto/blowfish.pod              1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/bn.pod                    1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/crypto.pod                1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/des_modes.pod             1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/err.pod                   1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/rand.pod                  1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/rsa.pod                   1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/crypto/threads.pod               1.1.1.1.2.2.6.1
+  src/crypto/openssl/doc/openssl.pod                              Removed
+  src/crypto/openssl/doc/ssl.pod                                  Removed
+  src/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod 1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod                 1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_free.pod             1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod 1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod 1.1.1.2.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_new.pod              1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod 1.1.1.2.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod  1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod       1.1.1.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod 1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod  1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod 1.1.1.2.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod   1.1.1.2.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod 1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod    1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod         1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod      1.1.1.2.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod   1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod      1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod  1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod       1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod  1.1.1.2.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_SESSION_free.pod         1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod 1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod     1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_accept.pod               1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_alert_type_string.pod        1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_clear.pod                1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_connect.pod              1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_do_handshake.pod             1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod              1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod   1.1.1.2.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod      1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_get_error.pod            1.1.1.1.2.3.4.1
+  src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod     1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod 1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_get_session.pod          1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_new.pod                  1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_read.pod                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_rstate_string.pod            1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_session_reused.pod           1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_set_connect_state.pod    1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_set_session.pod          1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_set_shutdown.pod         1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_shutdown.pod             1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/SSL_state_string.pod             1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_want.pod                     1.1.1.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_write.pod                1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod          1.1.1.2.2.1.4.1
+  src/crypto/openssl/doc/ssl/ssl.pod                      1.1.1.1.2.3.4.1
+  src/crypto/openssl/doc/ssleay.txt                       1.1.1.1.2.2.4.1
+  src/crypto/openssl/e_os.h                               1.1.1.1.2.3.4.1
+  src/crypto/openssl/e_os2.h                              1.1.1.1.2.1.6.1
+  src/crypto/openssl/mt/README                                    Removed
+  src/crypto/openssl/mt/mttest.c                                  Removed
+  src/crypto/openssl/mt/profile.sh                                Removed
+  src/crypto/openssl/mt/pthread.sh                                Removed
+  src/crypto/openssl/mt/purify.sh                                 Removed
+  src/crypto/openssl/mt/solaris.sh                                Removed
+  src/crypto/openssl/openssl.spec                         1.1.1.1.2.2.4.1
+  src/crypto/openssl/shlib/Makefile.hpux10-cc                     Removed
+  src/crypto/openssl/shlib/hpux10-cc.sh                           Removed
+  src/crypto/openssl/shlib/irix.sh                                Removed
+  src/crypto/openssl/shlib/solaris-sc4.sh                         Removed
+  src/crypto/openssl/shlib/solaris.sh                             Removed
+  src/crypto/openssl/shlib/sun.sh                                 Removed
+  src/crypto/openssl/ssl/Makefile.save                            Removed
+  src/crypto/openssl/ssl/Makefile.ssl                     1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/s23_clnt.c                           1.2.2.3.4.1
+  src/crypto/openssl/ssl/s23_pkt.c                        1.1.1.1.2.1.6.1
+  src/crypto/openssl/ssl/s23_srvr.c                           1.2.2.3.4.1
+  src/crypto/openssl/ssl/s2_clnt.c                            1.2.2.3.4.1
+  src/crypto/openssl/ssl/s2_enc.c                             1.2.2.3.4.1
+  src/crypto/openssl/ssl/s2_lib.c                             1.2.2.3.4.1
+  src/crypto/openssl/ssl/s2_pkt.c                             1.2.2.3.4.1
+  src/crypto/openssl/ssl/s2_srvr.c                            1.2.2.3.4.1
+  src/crypto/openssl/ssl/s3_both.c                        1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/s3_clnt.c                        1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/s3_enc.c                         1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/s3_lib.c                         1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/s3_pkt.c                         1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/ssl.h                            1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/ssl2.h                           1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/ssl3.h                           1.1.1.1.2.2.6.1
+  src/crypto/openssl/ssl/ssl_asn1.c                       1.1.1.1.2.2.6.1
+  src/crypto/openssl/ssl/ssl_cert.c                       1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/ssl_err.c                        1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/ssl_lib.c                        1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/ssl_locl.h                       1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/ssl_sess.c                       1.1.1.1.2.3.4.1
+  src/crypto/openssl/ssl/ssl_stat.c                       1.1.1.1.2.1.6.1
+  src/crypto/openssl/ssl/ssltest.c                        1.1.1.1.2.2.6.1
+  src/crypto/openssl/ssl/t1_enc.c                         1.1.1.1.2.3.4.1
+  src/crypto/openssl/test/Makefile.save                           Removed
+  src/crypto/openssl/test/Makefile.ssl                    1.1.1.1.2.3.4.1
+  src/crypto/openssl/test/bctest                          1.1.1.2.2.1.4.1
+  src/crypto/openssl/test/dsa-ca.pem                              Removed
+  src/crypto/openssl/test/dsa-pca.pem                             Removed
+  src/crypto/openssl/test/testss                          1.1.1.1.2.1.6.1
+  src/crypto/openssl/tools/c89.sh                             1.1.1.1.6.1
+  src/crypto/openssl/tools/c_rehash                       1.1.1.1.2.2.4.1
+  src/crypto/openssl/util/dirname.pl                          1.1.1.1.6.1
+  src/crypto/openssl/util/domd                            1.1.1.1.2.1.6.1
+  src/crypto/openssl/util/libeay.num                      1.1.1.1.2.3.4.1
+  src/crypto/openssl/util/mk1mf.pl                        1.1.1.1.2.2.6.1
+  src/crypto/openssl/util/mkdef.pl                        1.1.1.1.2.3.4.1
+  src/crypto/openssl/util/mkerr.pl                        1.1.1.1.2.2.6.1
+  src/crypto/openssl/util/pl/BC-32.pl                     1.1.1.1.2.2.6.1
+  src/crypto/openssl/util/pl/VC-32.pl                     1.1.1.1.2.2.6.1
+  src/crypto/openssl/util/pod2man.pl                      1.1.1.1.2.2.4.1
+  src/crypto/openssl/util/pod2mantest                         1.1.1.1.6.1
+  src/crypto/openssl/util/pod2mantest.pod                     1.1.1.1.6.1
+  src/crypto/openssl/util/selftest.pl                     1.1.1.1.2.2.6.1
+  src/crypto/openssl/util/sep_lib.sh                              Removed
+  src/crypto/openssl/util/ssleay.num                      1.1.1.1.2.2.6.1
+  src/secure/lib/libcrypto/Makefile                         1.15.2.11.4.1
+  src/secure/lib/libcrypto/des_crypt.3                        1.1.1.2.8.1
+  src/secure/lib/libcrypto/opensslconf-alpha.h                1.1.2.2.4.1
+  src/sys/conf/newvers.sh                                  1.44.2.20.2.14
+RELENG_4_4
+  src/crypto/openssl/CHANGES                              1.1.1.1.2.2.2.1
+  src/crypto/openssl/Configure                            1.1.1.1.2.2.2.1
+  src/crypto/openssl/FAQ                                  1.1.1.1.2.3.2.1
+  src/crypto/openssl/FREEBSD-Xlist                            1.1.2.2.2.1
+  src/crypto/openssl/INSTALL                              1.1.1.1.2.2.4.1
+  src/crypto/openssl/LICENSE                              1.1.1.1.2.2.2.1
+  src/crypto/openssl/Makefile.org                         1.1.1.1.2.3.2.1
+  src/crypto/openssl/Makefile.ssl                         1.1.1.1.2.3.2.1
+  src/crypto/openssl/NEWS                                 1.1.1.1.2.3.2.1
+  src/crypto/openssl/README                               1.1.1.1.2.3.2.1
+  src/crypto/openssl/README.ENGINE                        1.1.1.1.2.1.4.1
+  src/crypto/openssl/STATUS                                       Removed
+  src/crypto/openssl/TABLE                                        Removed
+  src/crypto/openssl/apps/CA.pl                           1.1.1.1.2.2.4.1
+  src/crypto/openssl/apps/Makefile.save                           Removed
+  src/crypto/openssl/apps/Makefile.ssl                    1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/apps.c                          1.1.1.1.2.2.4.1
+  src/crypto/openssl/apps/asn1pars.c                      1.1.1.1.2.2.4.1
+  src/crypto/openssl/apps/ca.c                            1.1.1.1.2.2.4.1
+  src/crypto/openssl/apps/der_chop                        1.1.1.1.2.1.4.1
+  src/crypto/openssl/apps/dgst.c                          1.1.1.1.2.2.4.1
+  src/crypto/openssl/apps/dsaparam.c                      1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/eay.c                                   Removed
+  src/crypto/openssl/apps/enc.c                           1.1.1.1.2.2.4.1
+  src/crypto/openssl/apps/openssl.c                       1.1.1.1.2.2.4.1
+  src/crypto/openssl/apps/pem_mail.c                              Removed
+  src/crypto/openssl/apps/pkcs12.c                        1.1.1.1.2.2.4.1
+  src/crypto/openssl/apps/pkcs7.c                         1.1.1.1.2.2.4.1
+  src/crypto/openssl/apps/req.c                           1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/rsa/01.pem                              Removed
+  src/crypto/openssl/apps/rsa/1.txt                               Removed
+  src/crypto/openssl/apps/rsa/SecureServer.pem                    Removed
+  src/crypto/openssl/apps/rsa/s.txt                               Removed
+  src/crypto/openssl/apps/s_client.c                      1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/s_time.c                        1.1.1.1.2.1.4.1
+  src/crypto/openssl/apps/smime.c                         1.1.1.1.2.2.4.1
+  src/crypto/openssl/apps/speed.c                             1.3.2.3.2.1
+  src/crypto/openssl/apps/tkca                                    Removed
+  src/crypto/openssl/apps/x509.c                          1.1.1.1.2.3.2.1
+  src/crypto/openssl/certs/rsa-ssca.pem                           Removed
+  src/crypto/openssl/config                               1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/Makefile.save                         Removed
+  src/crypto/openssl/crypto/Makefile.ssl                  1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/asn1/Makefile.save                    Removed
+  src/crypto/openssl/crypto/asn1/Makefile.ssl             1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/asn1/a_bitstr.c               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/a_enum.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/a_gentm.c                1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/a_int.c                  1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/a_set.c                  1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/asn1/a_sign.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/a_strnid.c               1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/asn1/a_time.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/a_utctm.c                1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/asn1.h                   1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/asn1_lib.c               1.1.1.1.2.3.2.2
+  src/crypto/openssl/crypto/asn1/d2i_dhp.c                1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/asn1/d2i_dsap.c               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/d2i_r_pr.c               1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/asn1/pkcs8.c                          Removed
+  src/crypto/openssl/crypto/asn1/t_pkey.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/t_x509.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/asn1/x_pubkey.c               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bf/Makefile.save                      Removed
+  src/crypto/openssl/crypto/bf/Makefile.uni                       Removed
+  src/crypto/openssl/crypto/bio/Makefile.save                     Removed
+  src/crypto/openssl/crypto/bio/Makefile.ssl              1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/bio/b_print.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bio/b_sock.c                  1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/bio/bf_buff.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bio/bf_lbuf.c                 1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/bio/bf_nbio.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bio/bio.h                     1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bio/bss_bio.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bio/bss_log.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bn/Makefile.save                      Removed
+  src/crypto/openssl/crypto/bn/Makefile.ssl               1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/bn/asm/mips3.s                1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/bn/bn.h                       1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/bn/bn_comba.c                         Removed
+  src/crypto/openssl/crypto/bn/bn_div.c                   1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/bn/bn_gcd.c                   1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/bn/bn_mont.c                  1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bn/bn_mul.c                   1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bn/bn_opts.c                          Removed
+  src/crypto/openssl/crypto/bn/bn_prime.c                 1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/bn/bn_rand.c                  1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/bn/bn_sqr.c                   1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/bn/comba.pl                           Removed
+  src/crypto/openssl/crypto/bn/d.c                                Removed
+  src/crypto/openssl/crypto/bn/new                                Removed
+  src/crypto/openssl/crypto/bn/old/b_sqr.c                        Removed
+  src/crypto/openssl/crypto/bn/old/bn_com.c                       Removed
+  src/crypto/openssl/crypto/bn/old/bn_high.c                      Removed
+  src/crypto/openssl/crypto/bn/old/bn_ka.c                        Removed
+  src/crypto/openssl/crypto/bn/old/bn_low.c                       Removed
+  src/crypto/openssl/crypto/bn/old/bn_m.c                         Removed
+  src/crypto/openssl/crypto/bn/old/bn_mul.c.works                 Removed
+  src/crypto/openssl/crypto/bn/old/bn_wmul.c                      Removed
+  src/crypto/openssl/crypto/bn/old/build                          Removed
+  src/crypto/openssl/crypto/bn/old/info                           Removed
+  src/crypto/openssl/crypto/bn/old/test.works                     Removed
+  src/crypto/openssl/crypto/buffer/Makefile.save                  Removed
+  src/crypto/openssl/crypto/buffer/buffer.h                   1.1.1.1.6.1
+  src/crypto/openssl/crypto/cast/Makefile.save                    Removed
+  src/crypto/openssl/crypto/cast/Makefile.uni                     Removed
+  src/crypto/openssl/crypto/comp/Makefile.save                    Removed
+  src/crypto/openssl/crypto/comp/Makefile.ssl             1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/comp/comp.h                   1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/conf/Makefile.save                    Removed
+  src/crypto/openssl/crypto/conf/Makefile.ssl             1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/conf/conf.c                           Removed
+  src/crypto/openssl/crypto/conf/conf.h                   1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/conf/conf_api.c               1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/conf/conf_def.c               1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/conf/conf_def.h               1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/conf/conf_lcl.h                       Removed
+  src/crypto/openssl/crypto/conf/keysets.pl               1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/cryptlib.c                    1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/cryptlib.h                    1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/crypto.h                      1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/des/DES.pod                           Removed
+  src/crypto/openssl/crypto/des/MODES.DES                         Removed
+  src/crypto/openssl/crypto/des/Makefile.PL                       Removed
+  src/crypto/openssl/crypto/des/Makefile.lit                      Removed
+  src/crypto/openssl/crypto/des/Makefile.save                     Removed
+  src/crypto/openssl/crypto/des/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/des/PC1                               Removed
+  src/crypto/openssl/crypto/des/PC2                               Removed
+  src/crypto/openssl/crypto/des/des.h                         1.2.2.3.2.1
+  src/crypto/openssl/crypto/des/des.man                           Removed
+  src/crypto/openssl/crypto/des/des.pl                            Removed
+  src/crypto/openssl/crypto/des/des_crypt.man                     Removed
+  src/crypto/openssl/crypto/des/doIP                              Removed
+  src/crypto/openssl/crypto/des/doPC1                             Removed
+  src/crypto/openssl/crypto/des/doPC2                             Removed
+  src/crypto/openssl/crypto/des/fcrypt.c                  1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/des/podd.h                            Removed
+  src/crypto/openssl/crypto/des/read_pwd.c                1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/des/shifts.pl                         Removed
+  src/crypto/openssl/crypto/des/sk.h                              Removed
+  src/crypto/openssl/crypto/des/supp.c                            Removed
+  src/crypto/openssl/crypto/des/testdes.pl                        Removed
+  src/crypto/openssl/crypto/dh/Makefile.save                      Removed
+  src/crypto/openssl/crypto/dh/dh.h                       1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/dh/dh_err.c                   1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/dh/dh_gen.c                   1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/dh/dh_key.c                   1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/dh/dh_lib.c                   1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/dh/dhtest.c                   1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/dsa/Makefile.save                     Removed
+  src/crypto/openssl/crypto/dsa/dsa.h                     1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/dsa/dsa_asn1.c                1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/dsa/dsa_err.c                 1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/dsa/dsa_lib.c                 1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/dso/dso.h                     1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/dso/dso_dlfcn.c               1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/ebcdic.c                      1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/err/Makefile.save                     Removed
+  src/crypto/openssl/crypto/err/Makefile.ssl              1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/err/err.c                     1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/err/err.h                     1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/evp/Makefile.save                     Removed
+  src/crypto/openssl/crypto/evp/bio_b64.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/evp/bio_enc.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/evp/c_allc.c                  1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/evp/c_alld.c                  1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/evp/e_bf.c                    1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/evp/e_cbc_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cbc_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cbc_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_cfb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_cfb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ecb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ecb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_3d.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_bf.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_c.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_d.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_i.c                         Removed
+  src/crypto/openssl/crypto/evp/e_ofb_r2.c                        Removed
+  src/crypto/openssl/crypto/evp/e_ofb_r5.c                        Removed
+  src/crypto/openssl/crypto/evp/encode.c                  1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/evp/evp.h                         1.2.2.3.2.1
+  src/crypto/openssl/crypto/evp/evp_key.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/evp/m_md4.c                   1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/hmac/Makefile.save                    Removed
+  src/crypto/openssl/crypto/idea/Makefile.save                    Removed
+  src/crypto/openssl/crypto/idea/Makefile.uni                     Removed
+  src/crypto/openssl/crypto/lhash/Makefile.save                   Removed
+  src/crypto/openssl/crypto/lhash/lh_test.c               1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/md2/Makefile.save                     Removed
+  src/crypto/openssl/crypto/md2/Makefile.ssl              1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/md32_common.h                 1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/md4/md4_locl.h                1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/md5/Makefile.save                     Removed
+  src/crypto/openssl/crypto/md5/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/md5/md5_locl.h                1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/mdc2/Makefile.save                    Removed
+  src/crypto/openssl/crypto/objects/Makefile.save                 Removed
+  src/crypto/openssl/crypto/objects/Makefile.ssl          1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/objects/o_names.c             1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/objects/obj_dat.c             1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/objects/obj_dat.h             1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/objects/obj_dat.pl            1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/objects/obj_mac.h             1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/objects/obj_mac.num           1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/objects/objects.h             1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/objects/objects.pl            1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/objects/objects.txt           1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/opensslv.h                    1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/pem/Makefile.save                     Removed
+  src/crypto/openssl/crypto/pem/pem.h                     1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/pem/pem2.h                    1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/pem/pem_info.c                1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/pem/pem_lib.c                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/perlasm/x86nasm.pl                1.1.1.1.6.1
+  src/crypto/openssl/crypto/perlasm/x86unix.pl            1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/pkcs12/Makefile.save                  Removed
+  src/crypto/openssl/crypto/pkcs12/pkcs12.h               1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/pkcs7/Makefile.save                   Removed
+  src/crypto/openssl/crypto/pkcs7/Makefile.ssl            1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/pkcs7/README                          Removed
+  src/crypto/openssl/crypto/pkcs7/pk7_attr.c              1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c              1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/pkcs7/pkcs7.h                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/pkcs7/verify.c                1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/rand/Makefile.save                    Removed
+  src/crypto/openssl/crypto/rand/md_rand.c                1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/rand/rand.h                   1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/rand/rand_egd.c               1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/rand/rand_win.c               1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/rand/randfile.c               1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/rc2/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc2/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/rc4/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc4/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/rc5/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rc5/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/ripemd/Makefile.save                  Removed
+  src/crypto/openssl/crypto/ripemd/Makefile.uni                   Removed
+  src/crypto/openssl/crypto/ripemd/rmd_locl.h             1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/rsa/Makefile.save                     Removed
+  src/crypto/openssl/crypto/rsa/rsa.h                         1.2.2.4.2.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                     1.2.4.2.2.1
+  src/crypto/openssl/crypto/rsa/rsa_err.c                 1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/rsa/rsa_oaep.c                1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/rsa/rsa_oaep_test.c                   Removed
+  src/crypto/openssl/crypto/sha/Makefile.save                     Removed
+  src/crypto/openssl/crypto/sha/Makefile.uni                      Removed
+  src/crypto/openssl/crypto/sha/sha_locl.h                1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/stack/Makefile.save                   Removed
+  src/crypto/openssl/crypto/tmdiff.c                      1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/txt_db/Makefile.save                  Removed
+  src/crypto/openssl/crypto/txt_db/txt_db.c               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/x509/Makefile.save                    Removed
+  src/crypto/openssl/crypto/x509/Makefile.ssl             1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/x509/x509.h                   1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/x509/x509_obj.c               1.1.1.1.2.1.4.1
+  src/crypto/openssl/crypto/x509/x509_trs.c               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/x509/x509_txt.c               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/x509/x509_vfy.c               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/x509/x509_vfy.h               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/x509v3/Makefile.save                  Removed
+  src/crypto/openssl/crypto/x509v3/Makefile.ssl           1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/x509v3/README                         Removed
+  src/crypto/openssl/crypto/x509v3/v3_ia5.c               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/x509v3/v3_utl.c               1.1.1.1.2.2.4.1
+  src/crypto/openssl/crypto/x509v3/x509v3.h               1.1.1.1.2.2.4.1
+  src/crypto/openssl/demos/b64.c                          1.1.1.1.2.1.4.1
+  src/crypto/openssl/demos/maurice/example1.c                 1.1.1.1.6.1
+  src/crypto/openssl/demos/maurice/loadkeys.c                 1.1.1.1.6.1
+  src/crypto/openssl/dep/crypto.txt                               Removed
+  src/crypto/openssl/dep/files                                    Removed
+  src/crypto/openssl/dep/gen.pl                                   Removed
+  src/crypto/openssl/dep/ssl.txt                                  Removed
+  src/crypto/openssl/doc/apps/ca.pod                      1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/apps/crl2pkcs7.pod               1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/apps/enc.pod                     1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/apps/openssl.pod                 1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/apps/rsautl.pod                  1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/apps/s_server.pod                1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/apps/smime.pod                   1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/apps/verify.pod                  1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto.pod                               Removed
+  src/crypto/openssl/doc/crypto/BN_bn2bin.pod             1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/BN_rand.pod               1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod   1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/crypto/EVP_DigestInit.pod        1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/EVP_EncryptInit.pod       1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/EVP_SignInit.pod          1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/EVP_VerifyInit.pod        1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod 1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/RSA_check_key.pod         1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/crypto/RSA_generate_key.pod      1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/crypto/bio.pod                   1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/crypto/blowfish.pod              1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/bn.pod                    1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/crypto/crypto.pod                1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/des_modes.pod             1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/err.pod                   1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/rand.pod                  1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/crypto/rsa.pod                   1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/crypto/threads.pod               1.1.1.1.2.2.4.1
+  src/crypto/openssl/doc/openssl.pod                              Removed
+  src/crypto/openssl/doc/ssl.pod                                  Removed
+  src/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod 1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod 1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod                 1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_free.pod             1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod 1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod 1.1.1.2.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_new.pod              1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod 1.1.1.2.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod  1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod       1.1.1.2.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod 1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod  1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod 1.1.1.2.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod   1.1.1.2.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod 1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod    1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod         1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod      1.1.1.2.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod   1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod      1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod  1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod 1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod       1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod  1.1.1.2.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_SESSION_free.pod         1.1.1.1.2.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod 1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod     1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_accept.pod               1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_alert_type_string.pod        1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_clear.pod                1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_connect.pod              1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_do_handshake.pod             1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod              1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod   1.1.1.2.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod      1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_get_error.pod            1.1.1.1.2.3.2.1
+  src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod     1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod 1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_get_session.pod          1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_new.pod                  1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_read.pod                 1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_rstate_string.pod            1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_session_reused.pod           1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_set_connect_state.pod    1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_set_session.pod          1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_set_shutdown.pod         1.1.1.1.2.1.2.1
+  src/crypto/openssl/doc/ssl/SSL_shutdown.pod             1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_state_string.pod             1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_want.pod                     1.1.1.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_write.pod                1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod          1.1.1.2.2.1.2.1
+  src/crypto/openssl/doc/ssl/ssl.pod                      1.1.1.1.2.3.2.1
+  src/crypto/openssl/doc/ssleay.txt                       1.1.1.1.2.2.2.1
+  src/crypto/openssl/e_os.h                               1.1.1.1.2.3.2.1
+  src/crypto/openssl/e_os2.h                              1.1.1.1.2.1.4.1
+  src/crypto/openssl/mt/README                                    Removed
+  src/crypto/openssl/mt/mttest.c                                  Removed
+  src/crypto/openssl/mt/profile.sh                                Removed
+  src/crypto/openssl/mt/pthread.sh                                Removed
+  src/crypto/openssl/mt/purify.sh                                 Removed
+  src/crypto/openssl/mt/solaris.sh                                Removed
+  src/crypto/openssl/openssl.spec                         1.1.1.1.2.2.2.1
+  src/crypto/openssl/shlib/Makefile.hpux10-cc                     Removed
+  src/crypto/openssl/shlib/hpux10-cc.sh                           Removed
+  src/crypto/openssl/shlib/irix.sh                                Removed
+  src/crypto/openssl/shlib/solaris-sc4.sh                         Removed
+  src/crypto/openssl/shlib/solaris.sh                             Removed
+  src/crypto/openssl/shlib/sun.sh                                 Removed
+  src/crypto/openssl/ssl/Makefile.save                            Removed
+  src/crypto/openssl/ssl/Makefile.ssl                     1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/s23_clnt.c                           1.2.2.3.2.1
+  src/crypto/openssl/ssl/s23_pkt.c                        1.1.1.1.2.1.4.1
+  src/crypto/openssl/ssl/s23_srvr.c                           1.2.2.3.2.1
+  src/crypto/openssl/ssl/s2_clnt.c                            1.2.2.3.2.1
+  src/crypto/openssl/ssl/s2_enc.c                             1.2.2.3.2.1
+  src/crypto/openssl/ssl/s2_lib.c                             1.2.2.3.2.1
+  src/crypto/openssl/ssl/s2_pkt.c                             1.2.2.3.2.1
+  src/crypto/openssl/ssl/s2_srvr.c                            1.2.2.3.2.1
+  src/crypto/openssl/ssl/s3_both.c                        1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/s3_clnt.c                        1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/s3_enc.c                         1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/s3_lib.c                         1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/s3_pkt.c                         1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/ssl.h                            1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/ssl2.h                           1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/ssl3.h                           1.1.1.1.2.2.4.1
+  src/crypto/openssl/ssl/ssl_asn1.c                       1.1.1.1.2.2.4.1
+  src/crypto/openssl/ssl/ssl_cert.c                       1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/ssl_err.c                        1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/ssl_lib.c                        1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/ssl_locl.h                       1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/ssl_sess.c                       1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/ssl_stat.c                       1.1.1.1.2.1.4.1
+  src/crypto/openssl/ssl/ssltest.c                        1.1.1.1.2.2.4.1
+  src/crypto/openssl/ssl/t1_enc.c                         1.1.1.1.2.3.2.1
+  src/crypto/openssl/test/Makefile.save                           Removed
+  src/crypto/openssl/test/Makefile.ssl                    1.1.1.1.2.3.2.1
+  src/crypto/openssl/test/bctest                          1.1.1.2.2.1.2.1
+  src/crypto/openssl/test/dsa-ca.pem                              Removed
+  src/crypto/openssl/test/dsa-pca.pem                             Removed
+  src/crypto/openssl/test/testss                          1.1.1.1.2.1.4.1
+  src/crypto/openssl/tools/c89.sh                             1.1.1.1.8.1
+  src/crypto/openssl/tools/c_rehash                       1.1.1.1.2.2.2.1
+  src/crypto/openssl/util/dirname.pl                          1.1.1.1.8.1
+  src/crypto/openssl/util/domd                            1.1.1.1.2.1.4.1
+  src/crypto/openssl/util/libeay.num                      1.1.1.1.2.3.2.1
+  src/crypto/openssl/util/mk1mf.pl                        1.1.1.1.2.2.4.1
+  src/crypto/openssl/util/mkdef.pl                        1.1.1.1.2.3.2.1
+  src/crypto/openssl/util/mkerr.pl                        1.1.1.1.2.2.4.1
+  src/crypto/openssl/util/pl/BC-32.pl                     1.1.1.1.2.2.4.1
+  src/crypto/openssl/util/pl/VC-32.pl                     1.1.1.1.2.2.4.1
+  src/crypto/openssl/util/pod2man.pl                      1.1.1.1.2.2.2.1
+  src/crypto/openssl/util/pod2mantest                         1.1.1.1.8.1
+  src/crypto/openssl/util/pod2mantest.pod                     1.1.1.1.8.1
+  src/crypto/openssl/util/selftest.pl                     1.1.1.1.2.2.4.1
+  src/crypto/openssl/util/sep_lib.sh                              Removed
+  src/crypto/openssl/util/ssleay.num                      1.1.1.1.2.2.4.1
+  src/secure/lib/libcrypto/Makefile                         1.15.2.11.2.1
+  src/secure/lib/libcrypto/des_crypt.3                        1.1.1.2.6.1
+  src/secure/lib/libcrypto/opensslconf-alpha.h                1.1.2.2.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.17.2.19
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.openssl.org/news/secadv_20020730.txt>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0655>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0656>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0657>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0659>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPU6q91UuHi5z0oilAQF3nQP+MH41YT4ubm4E2JvtYVi4x/Si1YZXxvJh
+UdaOz5iHRj79yfbLlr6tDdpcZNG7qlF1MRPCKS9da2LumF+XR5+7+hgEZ5sPx2XA
+IA0HJImGp5gdb7rQsFBdFC2uVpBcw7IWWM+rascbCqGNGiQerA9KcYt6M12pecyb
+6Do272kW3/w=
+=tD16
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:34.rpc.asc b/share/security/advisories/FreeBSD-SA-02:34.rpc.asc
new file mode 100644
index 0000000000..3e1a21d7cc
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:34.rpc.asc
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:34.rpc                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Sun RPC XDR decoder contains buffer overflow
+
+Category:       core
+Module:         libc
+Announced:      2002-08-01
+Credits:        ISS X-Force
+Affects:        All releases of FreeBSD up to and including 4.6.1-RELEASE-p5
+Corrected:      2002-08-01 12:23:20 UTC (RELENG_4)
+                2002-08-01 12:23:40 UTC (RELENG_4_6)
+                2002-08-01 12:23:58 UTC (RELENG_4_5)
+                2002-08-01 12:24:20 UTC (RELENG_4_4)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-07-31  Initial release
+v1.1  2002-08-01  Corrected patch
+
+I.   Background
+
+Sun RPC is a remote procedure call framework which allows clients
+to invoke procedures in a server process over a network somewhat
+transparently.  XDR is a mechanism for encoding data structures for
+use with RPC.  NFS, NIS, and many other network services are built
+upon Sun RPC.
+
+The FreeBSD C runtime library (libc) contains an XDR encoder/decoder
+derived from Sun's RPC implementation.
+
+II.  Problem Description
+
+An error in the calculation of memory needed for unpacking arrays in
+the XDR decoder can result in a heap buffer overflow.
+
+III. Impact
+
+Any application using Sun RPC may be vulnerable to the heap buffer
+overflow.  Depending upon the application, this vulnerability may be
+exploitable and lead to arbitrary code execution.
+
+Though no exploits are known to exist currently, many RPC-based
+services run as the superuser (such as NFS, the NIS server, rpc.statd,
+and others) and thus this vulnerability should be considered
+high-risk.
+
+No RPC-based services are enabled by default in FreeBSD installations.
+
+IV.  Workaround
+
+Do not run any RPC-based services.  The RPC-based services running
+on a machine may be determined by:
+
+  # rpcinfo -p <hostname>
+
+To disable any RPC-based services at next boot, add (or change if it
+is already present) the following lines in /etc/rc.conf:
+
+  portmap_enable="NO"
+  nfs_client_enable="NO"
+  nfs_server_enable="NO"
+  nis_client_enable="NO"
+  nis_server_enable="NO"
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6,
+RELENG_4_5, or RELENG_4_4 security branch dated after the correction
+date (4.6.1-RELEASE-p6, 4.5-RELEASE-p15, or 4.4-RELEASE-p22).
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.4, 4.5,
+and 4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:34/rpc.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:34/rpc.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
+
+Note that any statically linked applications that are not part of
+the base system (i.e. from the Ports Collection or other 3rd-party
+sources) must be recompiled if they use Sun RPC.
+
+All affected applications must be restarted in order to use the
+corrected library.  Though it is not required, rebooting may be the
+easiest way to accomplish this.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/lib/libc/xdr/xdr_array.c
+  RELENG_4                                                        1.8.2.3
+  RELENG_4_6                                                     1.8.10.4
+  RELENG_4_5                                                      1.8.8.3
+  RELENG_4_4                                                      1.8.6.3
+src/sys/conf/newvers.sh
+  RELENG_4_6                                               1.44.2.23.2.11
+  RELENG_4_5                                               1.44.2.20.2.16
+  RELENG_4_4                                               1.44.2.17.2.21
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://online.securityfocus.com/archive/1/285308>
+<URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPUkpkFUuHi5z0oilAQF7TQP9H50V3qUsZcWC5nemnMO9CL+QBmIuuGkE
+C7p3mBxcH6mS5EmUU4zFOum4QSaEh9J47I7CGcS+sNg7JN5lfK1oSwsE9JidbZz4
+kx9cQrx+rppQuQyK9tK4TXVXz0PiUdZMs3vgytJDuAOu38bg3ttUd4jhTIKHnLGh
+NMjQMH2vNUk=
+=yP62
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:35.ffs.asc b/share/security/advisories/FreeBSD-SA-02:35.ffs.asc
new file mode 100644
index 0000000000..a71b9b3ce8
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:35.ffs.asc
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:35.ffs                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          local users may read and write arbitrary blocks on
+                an FFS filesystem
+
+Category:       core
+Module:         kernel
+Announced:      2002-08-05
+Credits:        Matt Dillon <dillon@FreeBSD.org>,
+                Ian Dowse <iedowse@FreeBSD.org>,
+                Tor Egge <tegge@FreeBSD.org>
+Affects:        All releases of FreeBSD up to and including 4.6.1-RELEASE-p4
+                4.6-STABLE prior to the correction date
+Corrected:      2002-06-23 22:34:52 UTC (RELENG_4)
+                2002-07-31 17:55:22 UTC (RELENG_4_6)
+                2002-07-31 17:55:11 UTC (RELENG_4_5)
+                2002-07-31 17:54:57 UTC (RELENG_4_4)
+FreeBSD only:   YES
+
+I.   Background
+
+The Berkeley Fast File System (FFS) is the default filesystem used by
+FreeBSD.
+
+II.  Problem Description
+
+A bug in the calculation of the maximum permitted FFS file size
+allows users to create files that are larger than FreeBSD's virtual
+memory system can handle. The integer overflows that result when such
+files are accessed may map filesystem metadata into the user file,
+permitting access to arbitrary filesystem blocks.
+
+The bug is encountered only on FFS filesystems with a block size of
+16k or greater on the i386 architecture, or 32k or greater on the
+alpha architecture.  Also, the filesystem must have at least 6 blocks
+of free space, and the user must have write access to at least one
+file in the filesystem.
+
+The default FreeBSD FFS filesystem block size was changed from 8k to
+16k on all architectures just before 4.5-RELEASE.
+
+III. Impact
+
+Local attackers may cause a denial of service by simply corrupting the
+filesystem.  A local attacker may also be able to read and write
+arbitrary files on local filesystems, allowing them to gain superuser
+privileges.
+
+FFS filesystems with a block size less than 16k (on the i386
+architecture) or 32k (on the alpha architecture), such as those
+created using the default FFS filesystem block size prior to
+4.5-RELEASE, are not vulnerable.
+
+The following command can be used to determine the block size
+used on a given filesystem:
+
+  # dumpfs /some/filesystem | grep '^bsize'
+
+IV.  Workaround
+
+On filesystems with 16k blocks, the bug cannot be exploited when a
+process has a file size resource limit (RLIMIT_FSIZE) of 63 MB or
+less.  This can be most easily accomplished by modifying
+/etc/login.conf so that the appropriate login classes (typically
+`default') contain a field entry such as the following:
+
+        :filesize=63m:\
+
+After editing /etc/login.conf, the corresponding capability database
+must be rebuilt with the following command:
+
+   # cap_mkdb /etc/login.conf
+
+Please see login.conf(5) for details.  Note that this will not affect
+currently running processes, nor new processes started by users who
+are already logged in.
+
+The corresponding limit appropriate for filesystems with 32k or larger
+blocks is not known at this time, and might be smaller or larger than
+63 MB.
+
+It is the responsibility of applications such as `login' and `sshd' to
+read and honor login.conf.  Be aware that 3rd party applications that
+provide login functionality may or may not honor login.conf.
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.6-STABLE; or to any of the
+RELENG_4_6 (4.6.1-RELEASE-p5), RELENG_4_5 (4.5-RELEASE-p14), or
+RELENG_4_4 (4.4-RELEASE-p21) security branches dated after the
+respective correction dates.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.  The following patch
+has been tested to apply to all FreeBSD 4.x releases.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:35/ffs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:35/ffs.patch.asc
+
+b) Recompile your kernel as described in
+http://www.freebsd.org/handbook/kernelconfig.html and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+sys/ufs/ffs/ffs_vfsops.c
+  RELENG_4                                                     1.117.2.10
+  RELENG_4_6                                                1.117.2.9.2.1
+  RELENG_4_5                                                1.117.2.7.2.1
+  RELENG_4_4                                                1.117.2.3.2.1
+sys/conf/newvers.sh
+  RELENG_4_6                                               1.44.2.23.2.10
+  RELENG_4_5                                               1.44.2.20.2.15
+  RELENG_4_4                                               1.44.2.17.2.20
+- -------------------------------------------------------------------------
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPU8ML1UuHi5z0oilAQGkWQP/fJvzkrl2ptG87Qn2pIa24kLyax5WCnca
+uPhq9JxIhXIxAqdIZcrEbbTyeRo/ygtsLzxDKOP0G+A2VxilVL9Ld3a32OSM+nzM
+uiSnVHTIxPtmkyZnwdmyTcrBki290p/W3LnZhxzfAt1vdIRD+ibOkBXNAaXFxDRz
+T1UzIarVqgM=
+=wq5s
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:36.nfs.asc b/share/security/advisories/FreeBSD-SA-02:36.nfs.asc
new file mode 100644
index 0000000000..9e5b9a3bd5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:36.nfs.asc
@@ -0,0 +1,101 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:36.nfs                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Bug in NFS server code allows remote denial of service
+
+Category:       core
+Module:         nfs
+Announced:      2002-08-05
+Credits:        Mike Junk <junk@isilon.com>
+Affects:        All releases prior to 4.6.1-RELEASE-p7
+                4.6-STABLE prior to the correction date
+Corrected:      2002-07-19 17:19:53 UTC (RELENG_4)
+                2002-08-01 19:31:55 UTC (RELENG_4_6)
+                2002-08-01 19:31:54 UTC (RELENG_4_5)
+                2002-08-01 19:31:54 UTC (RELENG_4_4)
+FreeBSD only:   NO
+
+I.   Background
+
+The Network File System (NFS) allows a host to export some or all of
+its filesystems, or parts of them, so that other hosts can access them
+over the network and mount them as if they were on local disks.  NFS is
+built on top of the Sun Remote Procedure Call (RPC) framework.
+
+II.  Problem Description
+
+A part of the NFS server code charged with handling incoming RPC
+messages had an error which, when the server received a message with a
+zero-length payload, would cause it to reference the payload from the
+previous message, creating a loop in the message chain.  This would
+later cause an infinite loop in a different part of the NFS server
+code which tried to traverse the chain.
+
+III. Impact
+
+Certain Linux implementations of NFS produce zero-length RPC messages
+in some cases.  A FreeBSD system running an NFS server may lock up
+when such clients connect.
+
+An attacker in a position to send RPC messages to an affected FreeBSD
+system can construct a sequence of malicious RPC messages that cause
+the target system to lock up.
+
+IV.  Workaround
+
+1) Disable the NFS server: set the nfs_server_enable variable to "NO"
+   in /etc/rc.conf, and reboot.
+
+   Alternatively, if there are no active NFS clients (as listed by the
+   showmount(8) utility), just killing the mountd and nfsd processes
+   should suffice.
+
+2) Add firewall rules to block RPC traffic to the NFS server from
+   untrusted hosts.
+
+V.   Solution
+
+The following patch has been verified to apply to FreeBSD 4.4, 4.5, and
+4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:36/nfs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:36/nfs.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel and modules as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/sys/nfs/nfs_socket.c
+  RELENG_4                                                       1.60.2.5
+  RELENG_4_6                                                 1.60.2.3.2.1
+  RELENG_4_5                                                 1.60.2.1.6.1
+  RELENG_4_4                                                 1.60.2.3.4.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPU8NTVUuHi5z0oilAQHMZAP+L80QudeELKHfZYxG5PPf6cuWkreACavl
+LP1oJDHLWuw32K4tM0Y+v505t+U2/wGnl2dSqwkfemzxlhzfsmrbubQx8EFgO6sb
+nhEEtSfu4t81ylHTY+qEWFtRweB5A1tGJaYV67wybWZxulkYJ9qnRLKF4PToc0E3
+T1Y/CN0DNYA=
+=2YSa
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:37.kqueue.asc b/share/security/advisories/FreeBSD-SA-02:37.kqueue.asc
new file mode 100644
index 0000000000..c0385e9981
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:37.kqueue.asc
@@ -0,0 +1,93 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:37.kqueue                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          local users can panic the system using the kqueue mechanism
+
+Category:       core
+Module:         kqueue
+Announced:      2002-08-05
+Credits:        Mark Delany <markd@bushwire.net>
+Affects:        FreeBSD 4.3-RELEASE
+                FreeBSD 4.4-RELEASE
+                FreeBSD 4.5-RELEASE
+                FreeBSD 4.6-RELEASE
+                FreeBSD 4.6-STABLE prior to the correction date
+Corrected:      2002-08-05 15:05:15 (RELENG_4)
+                2002-08-05 15:13:48 (RELENG_4_6)
+                2002-08-05 15:13:44 (RELENG_4_5)
+                2002-08-05 15:13:40 (RELENG_4_4)
+FreeBSD only:   YES
+
+I.   Background
+
+The kqueue mechanism allows a process to register interest in
+particular events on particular file descriptors, and receive
+asynchronous notification when these events occur on the selected
+descriptors.
+
+II.  Problem Description
+
+If a pipe was created with the pipe(2) system call, and one end of the
+pipe was closed, registering an EVFILT_WRITE filter on the other end
+would cause a kernel panic.
+
+A common scenario in which this could occur is when a process uses a
+pipe to communicate with a child and uses kqueue to monitor the pipe,
+and the child dies shortly after the fork(2) call, before the parent
+has had time to register the filter.
+
+III. Impact
+
+A local attacker may cause the system to panic by executing their own
+malicious application.
+
+IV.  Workaround
+
+There is no known workaround.
+
+V.   Solution
+
+The following patch has been verified to apply to FreeBSD 4.4, 4.5, and
+4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:37/kqueue.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:37/kqueue.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+sys/kern/sys_pipe.c
+  RELENG_4                                                      1.60.2.13
+  RELENG_4_6                                                1.60.2.12.2.1
+  RELENG_4_5                                                1.60.2.11.2.1
+  RELENG_4_4                                                1.60.2.10.2.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPU8OFlUuHi5z0oilAQFTugP/S+2u/BK8Oz53oFTcTY84ReNRJZMEJ8dX
+PVHMWZ7xl4stYoeo8iX+moq+R2riZqEfzT+lx1lYZBkYkkmIwGxI+6qJgBqkPriL
+acswOhfdzLSgwIoXNJsGdO9vlYwsNqiRsf5Yay+gKDqRUxCPA27X528uc1jhtAdd
+UzagA6Lhrk8=
+=uTZC
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:38.signed-error.asc b/share/security/advisories/FreeBSD-SA-02:38.signed-error.asc
new file mode 100644
index 0000000000..652e21529f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:38.signed-error.asc
@@ -0,0 +1,105 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:38.signed-error                               Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Boundary checking errors involving signed integers
+
+Category:       core
+Module:         sys
+Announced:      2002-08-19
+Credits:        Silvio Cesare <silvio@qualys.com>
+Affects:        All releases of FreeBSD up to and including 4.6.1-RELEASE-p10
+Corrected:      2002-08-13 02:42:32 UTC (RELENG_4)
+                2002-08-13 12:12:36 UTC (RELENG_4_6)
+                2002-08-13 12:13:05 UTC (RELENG_4_5)
+                2002-08-13 12:13:49 UTC (RELENG_4_4)
+FreeBSD only:   YES
+
+I.   Background
+
+The issue described in this advisory affects the accept(2),
+getsockname(2), and getpeername(2) system calls, and the vesa(4)
+FBIO_GETPALETTE ioctl(2).
+
+II.  Problem Description
+
+A few system calls were identified that contained assumptions that
+a given argument was always a positive integer, while in fact the
+argument was handled as a signed integer.  As a result, the boundary
+checking code would fail if the system call were entered with a
+negative argument.
+
+III. Impact
+
+The affected system calls could be called with large negative
+arguments, causing the kernel to return a large portion of kernel
+memory.  Such memory might contain sensitive information, such as
+portions of the file cache or terminal buffers.  This information
+might be directly useful, or it might be leveraged to obtain elevated
+privileges in some way.  For example, a terminal buffer might include
+a user-entered password.
+
+IV.  Workaround
+
+None.
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.6.2-RELEASE or 4.6-STABLE;
+or to any of the RELENG_4_6 (4.6.1-RELEASE-p11), RELENG_4_5
+(4.5-RELEASE-p19), or RELENG_4_4 (4.4-RELEASE-p26) security branches
+dated after the respective correction dates.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.  The following patch
+has been tested to apply to all FreeBSD 4.x releases.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:38/signed-error.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html>
+and reboot the system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/sys/i386/isa/vesa.c
+  RELENG_4                                                       1.32.2.1
+  RELENG_4_6                                                    1.32.10.1
+  RELENG_4_5                                                     1.32.8.1
+  RELENG_4_4                                                     1.32.6.1
+src/sys/kern/uipc_syscalls.c
+  RELENG_4                                                      1.65.2.12
+  RELENG_4_6                                                 1.65.2.9.6.1
+  RELENG_4_5                                                 1.65.2.9.4.1
+  RELENG_4_4                                                 1.65.2.9.2.1
+src/sys/conf/newvers.sh
+  RELENG_4_6                                               1.44.2.23.2.16
+  RELENG_4_5                                               1.44.2.20.2.20
+  RELENG_4_4                                               1.44.2.17.2.25
+- -------------------------------------------------------------------------
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPWDpxFUuHi5z0oilAQHCWgP+PmomqbDBiBHKG6JWrx8Kz8M6gnrg4omw
+w/vH5uK2lHGL6ZGecwvhJOTbV4bKXt1C1dKoUyA7WH7l9nQi+1CrZwT/D5mkteU+
+XEqtNfRhiaDokj/5I8MA0OM80+jryeAimxYDEi2vm315RIOMeR/sdP7m7H2vl9cZ
+V8rt/2zD2wc=
+=LpMd
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:39.libkvm.asc b/share/security/advisories/FreeBSD-SA-02:39.libkvm.asc
new file mode 100644
index 0000000000..d34885f5ed
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:39.libkvm.asc
@@ -0,0 +1,123 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:39.libkvm                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Applications using libkvm may leak sensitive descriptors
+
+Category:       core
+Module:         libkvm
+Announced:      2002-09-16
+Credits:        David Endler <DEndler@iDefense.com>,
+                <badc0ded@badc0ded.com>
+Affects:        All releases prior to and including 4.6.2-RELEASE.
+                Security branch releases prior to 4.4-RELEASE-p27,
+                4.5-RELEASE-p20, and 4.6.2-RELEASE-p2.
+Corrected:      2002-09-13 14:53:43 UTC (RELENG_4)
+                2002-09-13 15:04:22 UTC (RELENG_4_6)
+                2002-09-13 15:07:26 UTC (RELENG_4_5)
+                2002-09-13 15:09:07 UTC (RELENG_4_4)
+FreeBSD only:   NO
+
+I.   Background
+
+The kvm(3) library provides a uniform interface for accessing kernel
+virtual memory images, including live systems and crash dumps.  Access
+to live systems is via /dev/mem and /dev/kmem.  Memory can be read and
+written, kernel symbol addresses can be looked up efficiently, and
+information about user processes can be gathered.
+
+The kvm_openfiles(3) function opens the special device files /dev/mem
+and /dev/kmem, and returns an opaque handle that must be passed
+to the other library functions.
+
+II.  Problem Description
+
+Applications that wish to present system information such as swap
+utilization, virtual memory utilization, CPU utilization, and
+so on may use the kvm(3) library to read kernel memory directly
+and gather this information.  Such applications typically must
+be run set-group-ID kmem so that the call to kvm_openfiles(3)
+can access /dev/mem and /dev/kmem.
+
+If the application then uses exec(2) to start another application,
+the new application will continue to have open file descriptors to
+/dev/mem and /dev/kmem.  This is usually avoided by marking file
+descriptors as close-on-exec, but since the handle returned by
+kvm_openfiles(3) is opaque, there is no direct way for the application
+to determine what file descriptors have been opened by the library.
+As a result, application writers may neglect to take these file
+descriptors into account.
+
+III. Impact
+
+Set-group-ID kmem applications which use kvm(3) and start other
+applications may leak /dev/mem and /dev/kmem file descriptors.  If
+those applications can be specified by a local user, they may be
+used to read kernel memory, resulting in disclosure of sensitive
+information such as file, network, and tty buffers, authentication
+tokens, and so on.
+
+Several applications in the FreeBSD Ports Collection were identified
+that are affected: asmon, ascpu, bubblemon, wmmon, and wmnet2.  There
+may be other applications as well.
+
+IV.  Workaround
+
+Remove the set-group-ID bit on affected applications.  This will
+result in the applications losing some functionality.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.6-STABLE; or to the RELENG_4_6,
+RELENG_4_5, or RELENG_4_4 security branch dated after the correction
+date (4.6.2-RELEASE-p2, 4.5-RELEASE-p20, or 4.4-RELEASE-p27).
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.4, FreeBSD
+4.5, FreeBSD 4.6, and FreeBSD 4.6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:39/libkvm.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libkvm
+# make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/lib/libkvm/kvm.c
+  RELENG_4                                                       1.12.2.3
+  RELENG_4_6                                                 1.12.2.2.8.1
+  RELENG_4_5                                                 1.12.2.2.6.1
+  RELENG_4_4                                                 1.12.2.2.4.1
+src/sys/conf/newvers.sh
+  RELENG_4_6                                               1.44.2.23.2.19
+  RELENG_4_5                                               1.44.2.20.2.21
+  RELENG_4_4                                               1.44.2.17.2.26
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPYXz/1UuHi5z0oilAQGNGAP/cpg8s9L034EbrJriQDicHptv/2QgSnrw
+2BvOaUXRIEweDz7FAoLstbxDFVE3Hx9+zN4gn7S49WIbFjATFRcL2FT/1yBhrbBx
+Yp20/gveFQSU+AnjsriKVDrH9ksBO4/ZX6lBxjvxD0Hbyj4ATd027jNAXl7WeLbq
+2DN6Lf4FB1Y=
+=699Y
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:40.kadmind.asc b/share/security/advisories/FreeBSD-SA-02:40.kadmind.asc
new file mode 100644
index 0000000000..32d6c3e673
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:40.kadmind.asc
@@ -0,0 +1,191 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:40.kadmind                                  Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Buffer overflow in kadmind daemon
+
+Category:       core, ports
+Module:         crypto_heimdal, crypto_kerberosIV, heimdal, krb5
+Announced:      2002-11-12
+Credits:        Johan Danielsson <joda@pdc.kth.se>,
+                Sam Hartman <hartmans@mit.edu>,
+                Love Hoernquist-Astrand <lha@stacken.kth.se>,
+                Tom Yu <tlyu@mit.edu>
+Affects:        All releases prior to and including FreeBSD 4.7-RELEASE.
+Corrected:      2002-10-23 13:07:44 UTC (RELENG_4)
+                2002-10-23 13:21:32 UTC (RELENG_4_7)
+                2002-10-23 13:21:02 UTC (RELENG_4_6)
+                2002-10-23 13:20:19 UTC (RELENG_4_5)
+                2002-10-23 13:19:46 UTC (RELENG_4_4)
+                2002-10-24 02:52:00 UTC (RELENG_3)
+                2002-10-23 22:30:39 UTC (krb5 port, krb5-1.2.6_1)
+                2002-10-24 15:01:11 UTC (heimdal port, heimdal-0.5.1)
+FreeBSD only:   NO
+
+I.   Background
+
+The Kerberos 4 administrative server, kadmind, runs on the Kerberos
+Key Distribution Center (KDC) and provides administrative access to
+the Kerberos database.  It is part of the KTH Kerberos 4
+implementation.  The Kerberos 5 administrative server, k5admind,
+provides the same function in the Heimdal Kerberos 5 implementation,
+and includes a Kerberos 4 compatibility feature.
+
+The k5admind server is installed as part of the `krb5' distribution,
+or when building from source with MAKE_KERBEROS5 set.  The kadmind
+server is installed as part of the `krb4' distribution, or when
+building from source with MAKE_KERBEROS4 set.  Neither is installed by
+default.
+
+The Heimdal Kerberos 5 administrative server is also available as part
+of the heimdal port (ports/security/heimdal).  The MIT Kerberos 5
+implementation also includes a Kerberos 5 administrative server
+(ports/security/krb5).  The MIT Kerberos 5 administrative server is
+named `kadmind'.
+
+II.  Problem Description
+
+A stack buffer overflow is present in the Kerberos 4 administrative
+server, kadmind, and in the Kerberos 4 compatibility layer of the
+Kerberos 5 administrative server, k5admind.
+
+III. Impact
+
+A remote attacker may send a specially formatted request to k5admind
+or kadmind, triggering the stack buffer overflow and potentially
+causing the administrative server to execute arbitrary code as root on
+the KDC.  The attacker need not be authenticated in order to trigger
+the bug.  Compromise of the KDC has an especially large impact, as
+theft of the Kerberos database could allow an attacker to impersonate
+any Kerberos principal in the realm(s) present in the database.
+
+IMPORTANT NOTE: According to the MIT security team, there is evidence
+that this bug is being actively exploited.
+
+IV.  Workaround
+
+Perform one of the following:
+
+1) Disable kadmind and/or k5admind by performing the following:
+
+    Set kadmind_server_enable (for kadmind) and kadmind5_server_enable
+    (for k5admind) to "NO" in /etc/rc.conf.
+
+    Check /etc/inetd.conf to verify that kadmind and k5admind are
+    not being started from inetd.
+
+    Check that kadmind is not running as a service by executing the
+    following command:
+
+      # ps axlwww | egrep 'kadmind|k5admind'
+
+    If kadmind or k5admind are running, kill them by executing the
+    following command as root:
+
+      # kill <process id of kadmind or k5admind>
+
+2) Deinstall the heimdal or krb5 port/packages if installed.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.7-STABLE; or to the RELENG_4_7,
+RELENG_4_6, RELENG_4_5, or RELENG_4_4 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.4, FreeBSD
+4.5, FreeBSD 4.6, and FreeBSD 4.7 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:40/kadmin.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:40/kadmin.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/kerberos5/libexec/k5admind
+# make depend && make all install
+# cd /usr/src/kerberosIV/usr.sbin/kadmind
+# make depend && make all install
+
+If you have the `heimdal' or `krb5' port/package installed, then do
+one of the following:
+
+1) Upgrade your entire ports collection and rebuild the port.
+
+2) Download a new port skeleton for the heimdal or krb5 port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+3) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/crypto/heimdal/kadmin/version4.c
+  RELENG_4                                                    1.1.1.1.2.4
+  RELENG_4_7                                              1.1.1.1.2.3.2.1
+  RELENG_4_6                                              1.1.1.1.2.1.8.1
+  RELENG_4_5                                              1.1.1.1.2.1.6.1
+  RELENG_4_4                                              1.1.1.1.2.1.4.1
+src/crypto/kerberosIV/kadmin/kadm_ser_wrap.c
+  RELENG_4                                                    1.1.1.3.2.1
+  RELENG_4_7                                                 1.1.1.3.12.1
+  RELENG_4_6                                                 1.1.1.3.10.1
+  RELENG_4_5                                                  1.1.1.3.8.1
+  RELENG_4_4                                                  1.1.1.3.6.1
+src/kerberosIV/include/version.h
+  RELENG_4                                                        1.3.2.1
+  RELENG_4_7                                                     1.3.12.1
+  RELENG_4_6                                                     1.3.10.1
+  RELENG_4_5                                                      1.3.8.1
+  RELENG_4_4                                                      1.3.6.1
+src/kerberos5/include/version.h
+  RELENG_4                                                        1.2.2.6
+  RELENG_4_7                                                  1.2.2.5.2.1
+  RELENG_4_6                                                  1.2.2.3.2.1
+  RELENG_4_5                                                  1.2.2.2.4.1
+  RELENG_4_4                                                  1.2.2.2.2.1
+- -------------------------------------------------------------------------
+
+For Heimdal Kerberos 5 and MIT Kerberos 5 found in the FreeBSD Ports
+Collection, the first corrected versions are:
+
+ports/security/heimdal   heimdal-0.5.1
+ports/security/krb5      krb5-1.2.6_1
+
+VII. References
+
+<URL:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt>
+<URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-026.txt.asc>
+<URL:http://www.pdc.kth.se/heimdal/>
+<URL:http://www.pdc.kth.se/kth-krb/>
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iQCVAwUBPdFHs1UuHi5z0oilAQFH2wP/X8LODwBJpU07idHIJoxoaSeVnISEKz1o
+580Koss/zgt/vcItvqssdGDBaBMa0XFz4JQaUOX4WYEACuguR+1wAxmiMseqyzyK
+EHXPO5Igqb3V+5J2SBl3Skwx3Z5QEDlBQXRpVBPYl6HBPTV2QBjjBY9L0B/6hPao
+74KIgvrEix0=
+=oVsJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:41.smrsh.asc b/share/security/advisories/FreeBSD-SA-02:41.smrsh.asc
new file mode 100644
index 0000000000..c2ab42a829
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:41.smrsh.asc
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:41.smrsh                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          smrsh restrictions can be bypassed [REVISED]
+
+Category:       core
+Module:         contrib_sendmail
+Announced:      2002-11-15
+Credits:        zen-parse <zen-parse@gmx.net>,
+                Pedram Amini <pamini@idefense.com>,
+                iDEFENSE <URL:http://www.idefense.com/>
+Affects:        All releases prior to FreeBSD 4.7-RELEASE
+Corrected:      2002-10-08 00:53:31 UTC (RELENG_4)
+                2002-10-08 00:57:20 UTC (RELENG_4_7)
+                2002-10-26 21:11:30 UTC (RELENG_4_6)
+                2002-10-26 21:10:59 UTC (RELENG_4_5)
+                2002-10-26 21:10:22 UTC (RELENG_4_4)
+                2002-10-26 21:08:42 UTC (RELENG_4_3)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-11-12  Initial release.
+v1.1  2002-11-15  Correct patch instructions.  Update workaround.
+                      Add CVE reference.
+
+I.   Background
+
+The sendmail Restricted Shell command (smrsh) is intended as a
+replacement for the system shell (/bin/sh) for use by sendmail.  It
+limits the set of programs that can be executed through sendmail to
+those in a single directory, and limits shell built-in commands.
+
+II.  Problem Description
+
+Errors in smrsh's handling of command arguments with "||" or spaces
+may allow the execution of commands outside of those in its target
+directory.  Since command arguments may be specified in local users'
+`.forward' files, the smrsh restrictions may be bypassed using such
+files that are specially crafted.
+
+III. Impact
+
+Users with a local account and the ability to create or modify their
+`.forward' files can circumvent the smrsh restrictions.  This is
+mostly of consequence to systems which have local users that are not
+normally allowed access to a login shell, as such users may abuse this
+bug in order to execute arbitrary commands with normal privileges.
+
+IV.  Workaround
+
+[The workaround described in revision 1.0 of this advisory was
+ effective, but disabled more functionality than was necessary.]
+
+Disable sendmail delivery to programs.  To do so, add the following line
+to the sendmail.mc file, regenerate the sendmail.cf configuration file,
+and restart sendmail.
+
+    MODIFY_MAILER_FLAGS(`LOCAL', `-|')
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.7-STABLE; or to the RELENG_4_7,
+RELENG_4_6, RELENG_4_5, RELENG_4_4, or RELENG_4_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.4, FreeBSD
+4.5, and FreeBSD 4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[For FreeBSD 4.6 systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh.patch.asc
+
+[For FreeBSD 4.3, 4.4, and 4.5 systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh2.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:41/smrsh2.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+[The following two steps apply only to FreeBSD 4.6 systems.]
+# cd /usr/src/lib/libsm
+# make depend && make
+
+# cd /usr/src/lib/libsmutil
+# make depend && make
+# cd /usr/src/libexec/smrsh
+# make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/contrib/sendmail/smrsh/smrsh.c
+  RELENG_4                                                        1.3.6.9
+  RELENG_4_7                                                  1.3.6.8.2.1
+  RELENG_4_6                                                  1.3.6.6.2.1
+  RELENG_4_5                                                  1.3.6.5.4.1
+  RELENG_4_4                                                  1.3.6.5.2.1
+  RELENG_4_3                                                  1.3.6.4.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.idefense.com/advisory/10.01.02.txt>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1165>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iQCUAwUBPdUXEVUuHi5z0oilAQEIAQP49AjM5zG8qH0/XzOFA2IDBp5djGIs3H1R
+2demoBwF4W71AiUXURZvMwNpqV6+gRenCaOAzMis2pyOkW9aheT+eGoL4YWjQR/E
+aQsuX0j3XgXEVss+wQ9DPgkS+IyiYkPMrjpCNJbkQHuhwAQJj9VXrs0pbvl5NQLv
+JUcPZ70k3Q==
+=k1dg
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:42.resolv.asc b/share/security/advisories/FreeBSD-SA-02:42.resolv.asc
new file mode 100644
index 0000000000..5db5853e8e
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:42.resolv.asc
@@ -0,0 +1,123 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:42.resolv                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          buffer overrun in resolver
+
+Category:       core
+Module:         libc
+Announced:      2002-11-12
+Credits:        KOZUKA Masahiro <kozuka@masahiro.mbox.media.kyoto-u.ac.jp>,
+                Mark Andrews <mark.andrews@isc.org>
+Affects:        All releases prior to 4.7-RELEASE
+Corrected:      2002-09-22 12:20:23 2002 UTC (RELENG_4)
+                2002-10-23 14:48:21 2002 UTC (RELENG_4_6)
+                2002-10-23 14:50:52 2002 UTC (RELENG_4_5)
+FreeBSD only:   NO
+
+I.   Background
+
+The resolver implements functions for making, sending and interpreting
+query and reply messages with Internet domain name servers.
+Hostnames, IP addresses, and other information are queried using the
+resolver.
+
+II.  Problem Description
+
+Several libc functions --- including getaddrinfo(), gethostbyname(),
+getnetbyname(), and others --- utilize the DNS resolver functions
+res_search, res_query, and/or res_send.  These resolver functions all
+return the length of the query response received, which may be larger
+than the buffer supplied to hold the response.  When this is the case,
+the resolver-calling function may attempt to read and parse data
+beyond the bounds of the buffer it supplied.
+
+III. Impact
+
+A malicious attacker could spoof DNS queries with specially crafted
+responses that will not fit in the supplied buffer.  This might cause
+some applications to fail (denial-of-service).
+
+IV.  Workaround
+
+There is no known workaround.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.7-RELEASE or 4.7-STABLE; or to
+the RELENG_4_7, RELENG_4_6 (4.6-RELEASE-p4), or RELENG_4_5
+(4.5-RELEASE-p22) security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.5 and
+FreeBSD 4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:42/resolv.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:42/resolv.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
+
+Note that any statically linked applications that are not part of
+the base system (i.e. from the Ports Collection or other 3rd-party
+sources) must be recompiled.
+
+All affected applications must be restarted for them to use the
+corrected library.  Though not required, rebooting may be the easiest
+way to accomplish this.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/lib/libc/net/getaddrinfo.c
+  RELENG_4                                                       1.9.2.11
+  RELENG_4_6                                                  1.9.2.9.2.1
+  RELENG_4_5                                                  1.9.2.8.4.1
+src/lib/libc/net/gethostbydns.c
+  RELENG_4                                                       1.27.2.3
+  RELENG_4_6                                                    1.27.10.2
+  RELENG_4_5                                                     1.27.8.2
+src/lib/libc/net/getnetbydns.c
+  RELENG_4                                                       1.13.2.3
+  RELENG_4_6                                                 1.13.2.1.8.2
+  RELENG_4_5                                                 1.13.2.1.6.2
+src/lib/libc/net/name6.c
+  RELENG_4                                                        1.6.2.7
+  RELENG_4_6                                                  1.6.2.5.8.2
+  RELENG_4_5                                                  1.6.2.5.6.2
+src/lib/libc/net/res_mkquery.c
+  RELENG_4                                                       1.15.2.2
+  RELENG_4_6                                                 1.15.2.1.6.1
+  RELENG_4_5                                                 1.15.2.1.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.kb.cert.org/vuls/id/738331>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iQCVAwUBPdF49FUuHi5z0oilAQHQyQQAq4hmcQAMIRiQNS9auxWO+Q+xKZyDwpE/
+Pm3SnkJ6TBQGqoYGioDKN1b4P1jPNWsfm8RKO2GLogLYjwl5VfrEhYJAqj/MvxzM
+poDp2PE7EEGk/yXfnTOOdMcBQjqYev+iUYUfvY9tgXbl83O/0iPlxtCHyfbxDQFy
+aICe2zMdmX8=
+=BceR
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:43.bind.asc b/share/security/advisories/FreeBSD-SA-02:43.bind.asc
new file mode 100644
index 0000000000..45d5d99aea
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:43.bind.asc
@@ -0,0 +1,218 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-02:43.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          multiple vulnerabilities in BIND [REVISED]
+
+Category:       core
+Module:         bind
+Announced:      2002-11-15
+Credits:        ISS X-Force <xforce@iss.net>
+Affects:        All released versions of FreeBSD
+Corrected:      2002-11-14 05:15:15 UTC (RELENG_4)
+                2002-11-14 02:05:57 UTC (RELENG_4_7)
+                2002-11-14 03:18:41 UTC (RELENG_4_6)
+                2002-11-14 04:05:12 UTC (RELENG_4_5)
+                2002-11-14 05:11:57 UTC (RELENG_4_4)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2002-11-14  Initial release.
+v1.1  2002-11-15  Correct patch instructions.  Clarify workaround.
+                      Add CVE references.
+
+I.   Background
+
+BIND 8 is an implementation of the Domain Name System (DNS) protocols.
+
+II.  Problem Description
+
+ISS X-Force has disclosed several vulnerabilities affecting BIND 8.
+The names which ISS has given each vulnerability are used in this
+advisory.  The first is a buffer overflow in the BIND 8 code
+responsible for creating DNS responses which include SIG resource
+records (RRs) from its internal cache (`BIND SIG Cached RR Overflow
+Vulnerability').  The second is an error in the BIND 8 code which
+constructs a response to an EDNS query (i.e. a query containing OPT
+RRs) with a large packet size.  A miscalculation triggers an assertion
+failure (`BIND OPT DoS').  The third is a problem in the verification
+of SIG RR expiry times, which can result in a null pointer dereference
+(`BIND SIG Expiry Time DoS').
+
+III. Impact
+
+BIND SIG Cached RR Overflow Vulnerability:  A remote attacker may be
+able to cause a name server with recursion enabled to execute
+arbitrary code with the privileges of the name server process.
+
+BIND OPT DoS and BIND SIG Expiry Time DoS: A remote attacker may be
+able to cause the name server process to crash.
+
+IV.  Workaround
+
+BIND 9 is not affected by these vulnerabilities.  For those who have
+the option, upgrading to BIND 9 is recommended.  BIND 9 is available
+in the FreeBSD Ports Collection (ports/net/bind9).  The bind9 port
+includes migration notes in /usr/local/share/doc/bind9/misc/migration.
+
+Name servers with recursion disabled are not vulnerable to the `BIND
+SIG Cached RR Overflow Vulnerability' nor to the `BIND SIG Expiry Time
+DoS'.  To disable recursion, edit the BIND 8 configuration file
+(default path /etc/namedb/named.conf) to add `recursion no;' and
+`fetch-glue no;' to the options statement.  e.g.,
+
+   options {
+       recursion no;
+       fetch-glue no;
+       /* ... other options ... */
+   };
+
+Restart the name server after editing the configuration file.
+NOTE: This workaround is only appropriate for name servers
+which are authoritative only.  Caching name servers will no longer
+function correctly if recursion is disabled.
+
+Restricting recursion to only your own organization's clients (by
+means of the `allow-recursion' directive) limits, but does not
+eliminate, the impact of these vulnerabilities by making them harder
+to exploit.  Restricting recursion in this fashion is generally
+recommended.  To restrict recursion, edit the BIND 8 configuration
+file to include an `allow-recursion' statement and an address list
+appropriate for your organization.  e.g.,
+
+    options {
+        allow-recursion { 10.0.0.0/8; };
+        /* ... other options ... */
+    };
+
+Running BIND 8 as a non-privileged user (rather than as the superuser)
+may reduce the impact should the name server be compromised via the
+`BIND SIG Cached RR Overflow Vulnerability'.  Running as a
+non-privileged user is generally recommended.  Likewise, running BIND
+8 in a chroot environment may reduce the impact and is generally
+recommended.
+
+V.  Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.7-STABLE; or to the RELENG_4_7,
+RELENG_4_6, RELENG_4_5, or RELENG_4_4 security branch dated after the
+correction date (4.7-RELEASE-p2, 4.6.2-RELEASE-p5, 4.5-RELEASE-p23,
+4.4-RELEASE-p30).
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.4, 4.5,
+4.6, and 4.7 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:43/bind.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:43/bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libbind
+# make depend && make
+# cd /usr/src/lib/libisc
+# make depend && make
+# cd /usr/src/usr.sbin/named
+# make depend && make && make install
+# cd /usr/src/libexec/named-xfer
+# make depend && make && make install
+
+After upgrading or patching your system, you must restart named.
+Execute the following command as root:
+
+# ndc restart
+
+VI.  Correction details
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/contrib/bind/CHANGES
+  RELENG_4                                                    1.1.1.7.2.8
+  RELENG_4_7                                              1.1.1.7.2.7.2.1
+  RELENG_4_6                                              1.1.1.7.2.6.2.2
+  RELENG_4_5                                              1.1.1.7.2.4.4.2
+  RELENG_4_4                                              1.1.1.7.2.4.2.2
+src/contrib/bind/bin/named/db_defs.h
+  RELENG_4                                                    1.1.1.2.2.6
+  RELENG_4_7                                              1.1.1.2.2.5.2.1
+  RELENG_4_6                                              1.1.1.2.2.4.2.2
+  RELENG_4_5                                              1.1.1.2.2.3.4.2
+  RELENG_4_4                                              1.1.1.2.2.3.2.2
+src/contrib/bind/bin/named/db_sec.c
+  RELENG_4                                                    1.1.1.1.4.4
+  RELENG_4_7                                              1.1.1.1.4.3.4.1
+  RELENG_4_6                                              1.1.1.1.4.3.2.1
+  RELENG_4_5                                              1.1.1.1.4.2.6.2
+  RELENG_4_4                                              1.1.1.1.4.2.4.2
+src/contrib/bind/bin/named/ns_defs.h
+  RELENG_4                                                    1.1.1.3.2.7
+  RELENG_4_7                                              1.1.1.3.2.6.2.1
+  RELENG_4_6                                              1.1.1.3.2.5.2.2
+  RELENG_4_5                                              1.1.1.3.2.3.4.2
+  RELENG_4_4                                              1.1.1.3.2.3.2.2
+src/contrib/bind/bin/named/ns_ncache.c
+  RELENG_4                                                    1.1.1.2.2.3
+  RELENG_4_7                                              1.1.1.2.2.2.4.1
+  RELENG_4_6                                              1.1.1.2.2.2.2.1
+  RELENG_4_5                                              1.1.1.2.2.1.6.2
+  RELENG_4_4                                              1.1.1.2.2.1.4.2
+src/contrib/bind/bin/named/ns_req.c
+  RELENG_4                                                   1.1.1.2.2.11
+  RELENG_4_7                                             1.1.1.2.2.10.2.1
+  RELENG_4_6                                              1.1.1.2.2.9.2.2
+  RELENG_4_5                                              1.1.1.2.2.7.4.2
+  RELENG_4_4                                              1.1.1.2.2.7.2.2
+src/contrib/bind/bin/named/ns_resp.c
+  RELENG_4                                                    1.1.1.2.2.8
+  RELENG_4_7                                              1.1.1.2.2.7.2.1
+  RELENG_4_6                                              1.1.1.2.2.6.2.2
+  RELENG_4_5                                              1.1.1.2.2.4.4.2
+  RELENG_4_4                                              1.1.1.2.2.4.2.2
+src/contrib/bind/lib/nameser/ns_name.c
+  RELENG_4                                                    1.1.1.2.2.4
+  RELENG_4_7                                              1.1.1.2.2.3.2.1
+  RELENG_4_6                                              1.1.1.2.2.2.2.2
+  RELENG_4_5                                              1.1.1.2.2.1.6.2
+  RELENG_4_4                                              1.1.1.2.2.1.4.2
+src/contrib/bind/lib/nameser/ns_samedomain.c
+  RELENG_4                                                    1.1.1.1.4.1
+  RELENG_4_7                                                 1.1.1.1.14.1
+  RELENG_4_6                                                 1.1.1.1.12.1
+  RELENG_4_5                                                 1.1.1.1.10.1
+  RELENG_4_4                                                  1.1.1.1.8.1
+src/sys/conf/newvers.sh
+  RELENG_4_7                                                1.44.2.26.2.4
+  RELENG_4_6                                               1.44.2.23.2.22
+  RELENG_4_5                                               1.44.2.20.2.24
+  RELENG_4_4                                               1.44.2.17.2.29
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1219>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1220>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1221>
+<URL:http://www.isc.org/products/BIND/bind-security.html>
+<URL:http://www.isc.org/products/BIND/patches/>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iQCVAwUBPdT59FUuHi5z0oilAQEQaAP+O167paqmU92KUMlxKIcjhJeV0eIQST5Y
+X3K9VaKBrfE0TCMjJd8j5QnPlRkjPVy8A4wEFrZpEp1Ah94ns8JjyEoiluyA0TFF
+Fx6EXnUw5rtOpyKqmdL7FPFSwcJTcv3Zs1eEsaQvRc3E9ygF6e9TJCCayfxB7qMn
+SECyOVkopuA=
+=9Y+6
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-02:44.filedesc.asc b/share/security/advisories/FreeBSD-SA-02:44.filedesc.asc
new file mode 100644
index 0000000000..121fe0961f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-02:44.filedesc.asc
@@ -0,0 +1,107 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-02:44.filedesc                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          file descriptor leak in fpathconf
+
+Category:       core
+Module:         kernel
+Announced:      2003-01-07
+Credits:        Joost Pol <joost@pine.nl>
+Affects:        FreeBSD 4.3-RELEASE and later versions
+Corrected:      2002-11-11 01:43:31 UTC (RELENG_4)
+                2003-01-06 12:37:52 UTC (RELENG_4_7)
+                2003-01-06 12:38:21 UTC (RELENG_4_6)
+                2003-01-07 15:17:16 UTC (RELENG_4_5)
+                2003-01-07 15:17:40 UTC (RELENG_4_4)
+                2003-01-06 21:20:54 UTC (RELENG_5_0)
+FreeBSD only:   YES
+
+0.   Revision History
+
+2003-01-06  v1.0  Initial release.
+2003-01-07  v1.1  Added information regarding bug in FreeBSD 5.x.
+                  Added correction details for RELENG_4_5, RELENG_4_4.
+
+I.   Background
+
+The fpathconf system call provides a method for applications to
+determine the current value of a configurable system limit or option
+variable associated with a pathname or file descriptor.
+
+II.  Problem Description
+
+A programming error in the fpathconf system call can result in the
+given file descriptor's reference count being erroneously incremented.
+
+A similar problem exists in the developer preview versions of FreeBSD
+5.0, affecting the lseek(2), dup(2), and other system calls.
+
+III. Impact
+
+A local attacker may cause the operating system to crash by repeatedly
+calling fpathconf on a file descriptor until the reference count wraps
+to a negative value, and then calling close on that file descriptor.
+
+Similarly, it may be possible to cause a file descriptor to reference
+unallocated kernel memory, but remain valid.  If a new file is later
+opened and the kernel allocates the new file structure at the same
+memory location, then an attacker may be able to gain read or write
+access to that file.  This may in turn lead to privilege escalation.
+
+IV.  Workaround
+
+There is no workaround.
+
+V.   Solution
+
+The following patch has been verified to apply to FreeBSD 4.4, 4.5,
+4.6, and 4.7 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-02:44/filedesc.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/sys/kern/kern_descrip.c
+  RELENG_4                                                      1.81.2.15
+  RELENG_4_7                                                1.81.2.14.4.1
+  RELENG_4_6                                                1.81.2.14.2.1
+  RELENG_4_5                                                 1.81.2.9.2.3
+  RELENG_4_4                                                 1.81.2.8.2.3
+  RELENG_5_0                                                    1.169.2.2
+src/sys/kern/vfs_syscalls.c
+  RELENG_5_0                                                    1.297.2.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.pine.nl/press/pine-cert-20030101.txt>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQE+GxDCFdaIBMps37IRAkDtAJ9Ma79bfwhHHBMe1v0gVgvzrFtoMgCgmh/v
+iyuKtTozFxmSATQP1w5VEWg=
+=MWcN
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:01.cvs.asc b/share/security/advisories/FreeBSD-SA-03:01.cvs.asc
new file mode 100644
index 0000000000..2888a3b406
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:01.cvs.asc
@@ -0,0 +1,110 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:01.cvs                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          remotely exploitable vulnerability in cvs server
+
+Category:       contrib
+Module:         contrib_cvs
+Announced:      2003-02-04
+Credits:        Stefan Esser <s.esser@e-matters.de>
+Affects:        All FreeBSD versions prior to 4.6-RELEASE-p7, 4.7-RELEASE-p4,
+                5.0-RELEASE-p1
+Corrected:      2003-01-21 22:26:46 UTC (RELENG_4)
+                2003-02-04 18:05:07 UTC (RELENG_5_0)
+                2003-02-04 18:07:20 UTC (RELENG_4_7)
+                2003-02-04 18:08:26 UTC (RELENG_4_6)
+FreeBSD only:   NO
+
+I.   Background
+
+The Concurrent Versions System (CVS) is a version control system.  It
+may be used to access a repository locally, or to access a `remote
+repository' using several different methods, including `ext' (rsh),
+and `pserver' (password-authenticated server).  When accessing a
+remote repository, the target machine runs the CVS server to fulfill
+client requests.
+
+II.  Problem Description
+
+The implementation of the CVS server contains a programming error which
+can lead to a block of memory being freed more than once (i.e. a
+double-free bug).
+
+Separately, the CVS server allows clients with write access to specify
+arbitrary commands to execute as part of an update (update-prog) or
+commit (checkin-prog).  This is a dangerous feature that is generally
+not needed: there are other, safer methods of triggering program
+execution.
+
+III. Impact
+
+An attacker may exploit the double-free bug in order to bypass write
+access checks.  Combined with the update-prog/checkin-prog feature,
+the attacker may be able to execute arbitrary commands with the
+privileges of the CVS server.  The impact is most severe when running
+the CVS server in `pserver' mode to provide read-only access to the
+world (anoncvs).
+
+IV.  Workaround
+
+Do not use `pserver' mode directly.  Instead, use one of the safer
+methods described in the following online resources:
+
+<URL:http://openbsd.sunsite.ualberta.ca/papers/anoncvs-paper.ps>
+<URL:http://www.netsys.com/library/papers/chrooted-ssh-cvs-server.txt>
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.7-STABLE; or to the RELENG_4_7
+(4.7-RELEASE-p4), RELENG_4_6 (4.6-RELEASE-p7), or RELENG_5_0
+(5.0-RELEASE-p1) security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.6, 4.7, and
+5.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:01/cvs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:01/cvs.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/cvs
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/contrib/cvs/src/server.c
+  RELENG_5_0                                                     1.17.2.1
+  RELENG_4_7                                                 1.13.2.2.6.1
+  RELENG_4_6                                                 1.13.2.2.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://online.securityfocus.com/archive/1/72584>
+<URL:http://security.e-matters.de/advisories/012003.html>
+<URL:http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51>
+<URL:http://www.kb.cert.org/vuls/id/650937>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQE+QAU9FdaIBMps37IRAvYzAKCeaZ1eWwiWNxRqgNRwnn4TwuwPPACdGF8T
+0Ym2kCQxU0sJSRxmgAA/yM4=
+=9+5m
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:02.openssl.asc b/share/security/advisories/FreeBSD-SA-03:02.openssl.asc
new file mode 100644
index 0000000000..f81a92f977
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:02.openssl.asc
@@ -0,0 +1,1602 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:02.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSL timing-based SSL/TLS attack
+
+Category:       core
+Module:         openssl
+Announced:      2003-02-25
+Credits:        Brice Canvel (EPFL), Alain Hiltgen (UBS),
+                Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion)
+Affects:        All FreeBSD versions prior to 4.6.2-RELEASE-p8,
+                4.7-RELEASE-p5, 5.0-RELEASE-p2
+Corrected:      2003-02-20 15:07:20 UTC (RELENG_4)
+                2003-02-20 17:14:09 UTC (RELENG_5_0)
+                2003-02-20 20:42:04 UTC (RELENG_4_7)
+                2003-02-21 16:32:47 UTC (RELENG_4_6)
+FreeBSD only:   NO
+
+0.  Revision History
+
+2003-02-24  v1.0  Initial release
+2003-02-25  v1.1  Updated patches; corrected URLs
+
+I.  Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL
+Project is a collaborative effort to develop a robust, commercial-
+grade, full-featured, and Open Source toolkit implementing the Secure
+Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography
+library.
+
+II.  Problem Description
+
+- From the OpenSSL Project advisory (see references):
+
+  In an upcoming paper, Brice Canvel (EPFL), Alain Hiltgen (UBS), Serge
+  Vaudenay (EPFL), and Martin Vuagnoux (EPFL, Ilion) describe and
+  demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS.
+
+  The attack assumes that multiple SSL or TLS connections involve a
+  common fixed plaintext block, such as a password.  An active attacker
+  can substitute specifically made-up ciphertext blocks for blocks sent
+  by legitimate SSL/TLS parties and measure the time until a response
+  arrives: SSL/TLS includes data authentication to ensure that such
+  modified ciphertext blocks will be rejected by the peer (and the
+  connection aborted), but the attacker may be able to use timing
+  observations to distinguish between two different error cases, namely
+  block cipher padding errors and MAC verification errors.  This is
+  sufficient for an adaptive attack that finally can obtain the complete
+  plaintext block.
+
+III.  Impact
+
+A powerful attacker (one who can intercept and replace network
+messages between a client and a server) may be able to obtain
+plaintext data from encrypted data streams in TLS/SSL using block
+ciphers in CBC mode.
+
+IV.  Workaround
+
+Disable the use of ciphersuites which use CBC mode in SSL or TLS.  The
+method of adjusting the list of acceptable ciphersuites varies from
+application to application.  See the application's documentation for
+details.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_4_7
+(4.7-RELEASE-p5), RELENG_4_6 (4.6.2-RELEASE-p8), or RELENG_5_0
+(5.0-RELEASE-p2) security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.6.2, 4.7,
+and 5.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.7-STABLE systems after 2003/02/14 and 4.8-PRERELEASE systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl4s.patch.gz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl4s.patch.gz.asc
+
+[FreeBSD 5.0 systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl50.patch.gz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl50.patch.gz.asc
+
+[FreeBSD 4.7 systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl47.patch.gz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl47.patch.gz.asc
+
+[FreeBSD 4.6.2 systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl462.patch.gz
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:02/openssl462.patch.gz.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# gunzip -c /path/to/patch | patch -E
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >.
+
+Note that any statically linked applications that are not part of the
+base system (i.e. from the Ports Collection or other 3rd-party sources)
+must be recompiled.
+
+All affected applications must be restarted for them to use the
+corrected library.  Though not required, rebooting may be the easiest
+way to accomplish this.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/openssl/CHANGES                                  1.1.1.1.2.6
+  src/crypto/openssl/Configure                                1.1.1.1.2.6
+  src/crypto/openssl/FAQ                                      1.1.1.1.2.7
+  src/crypto/openssl/FREEBSD-Xlist                                1.1.2.5
+  src/crypto/openssl/INSTALL                                  1.1.1.1.2.5
+  src/crypto/openssl/Makefile.org                             1.1.1.1.2.7
+  src/crypto/openssl/Makefile.ssl                             1.1.1.1.2.7
+  src/crypto/openssl/NEWS                                     1.1.1.1.2.7
+  src/crypto/openssl/PROBLEMS                                 1.1.1.1.2.4
+  src/crypto/openssl/README                                   1.1.1.1.2.7
+  src/crypto/openssl/apps/Makefile.ssl                        1.1.1.1.2.6
+  src/crypto/openssl/apps/apps.c                              1.1.1.1.2.5
+  src/crypto/openssl/apps/apps.h                              1.1.1.1.2.4
+  src/crypto/openssl/apps/ca.c                                1.1.1.1.2.5
+  src/crypto/openssl/apps/dgst.c                              1.1.1.1.2.5
+  src/crypto/openssl/apps/dh.c                                1.1.1.1.2.4
+  src/crypto/openssl/apps/dhparam.c                           1.1.1.1.2.4
+  src/crypto/openssl/apps/dsa.c                               1.1.1.1.2.4
+  src/crypto/openssl/apps/dsaparam.c                          1.1.1.1.2.6
+  src/crypto/openssl/apps/enc.c                               1.1.1.1.2.5
+  src/crypto/openssl/apps/engine.c                            1.1.1.1.2.2
+  src/crypto/openssl/apps/gendh.c                             1.1.1.1.2.4
+  src/crypto/openssl/apps/gendsa.c                            1.1.1.1.2.4
+  src/crypto/openssl/apps/genrsa.c                            1.1.1.1.2.4
+  src/crypto/openssl/apps/ocsp.c                              1.1.1.1.2.2
+  src/crypto/openssl/apps/openssl.c                           1.1.1.1.2.5
+  src/crypto/openssl/apps/pkcs12.c                            1.1.1.1.2.5
+  src/crypto/openssl/apps/pkcs7.c                             1.1.1.1.2.5
+  src/crypto/openssl/apps/pkcs8.c                             1.1.1.1.2.4
+  src/crypto/openssl/apps/progs.h                             1.1.1.1.2.4
+  src/crypto/openssl/apps/rand.c                              1.1.1.1.2.4
+  src/crypto/openssl/apps/req.c                               1.1.1.1.2.6
+  src/crypto/openssl/apps/rsa.c                               1.1.1.1.2.4
+  src/crypto/openssl/apps/rsautl.c                            1.1.1.1.2.4
+  src/crypto/openssl/apps/s_client.c                          1.1.1.1.2.6
+  src/crypto/openssl/apps/s_server.c                          1.1.1.1.2.5
+  src/crypto/openssl/apps/smime.c                             1.1.1.1.2.5
+  src/crypto/openssl/apps/speed.c                                 1.3.2.6
+  src/crypto/openssl/apps/spkac.c                             1.1.1.1.2.4
+  src/crypto/openssl/apps/verify.c                            1.1.1.1.2.4
+  src/crypto/openssl/apps/x509.c                              1.1.1.1.2.6
+  src/crypto/openssl/config                                   1.1.1.1.2.7
+  src/crypto/openssl/crypto/aes/aes_core.c                    1.1.1.1.2.2
+  src/crypto/openssl/crypto/asn1/a_time.c                     1.1.1.1.2.5
+  src/crypto/openssl/crypto/asn1/asn1.h                       1.1.1.1.2.5
+  src/crypto/openssl/crypto/asn1/asn1_err.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/bf/Makefile.ssl                   1.1.1.1.2.5
+  src/crypto/openssl/crypto/bio/b_sock.c                      1.1.1.1.2.6
+  src/crypto/openssl/crypto/bio/bio.h                         1.1.1.1.2.5
+  src/crypto/openssl/crypto/bio/bio_lib.c                     1.1.1.1.2.4
+  src/crypto/openssl/crypto/bn/Makefile.ssl                   1.1.1.1.2.6
+  src/crypto/openssl/crypto/bn/asm/ia64.S                     1.1.1.1.2.2
+  src/crypto/openssl/crypto/bn/asm/pa-risc2.s                 1.1.1.1.2.3
+  src/crypto/openssl/crypto/bn/bn_lcl.h                       1.1.1.1.2.4
+  src/crypto/openssl/crypto/bn/bn_prime.c                     1.1.1.1.2.4
+  src/crypto/openssl/crypto/cast/Makefile.ssl                 1.1.1.1.2.4
+  src/crypto/openssl/crypto/conf/conf_mall.c                  1.1.1.1.2.2
+  src/crypto/openssl/crypto/conf/conf_sap.c                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/des/Makefile.ssl                  1.1.1.1.2.5
+  src/crypto/openssl/crypto/des/asm/crypt586.pl               1.1.1.1.2.2
+  src/crypto/openssl/crypto/des/asm/des-586.pl                1.1.1.1.2.3
+  src/crypto/openssl/crypto/des/cbc_cksm.c                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/des/des_locl.h                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/des/destest.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/dh/dh_key.c                       1.1.1.1.2.6
+  src/crypto/openssl/crypto/dh/dh_lib.c                       1.1.1.1.2.6
+  src/crypto/openssl/crypto/dsa/dsa_lib.c                     1.1.1.1.2.6
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                    1.1.1.1.2.6
+  src/crypto/openssl/crypto/dsa/dsa_sign.c                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/dsa/dsa_vrf.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/dsa/dsagen.c                      1.1.1.1.2.1
+  src/crypto/openssl/crypto/dsa/dsatest.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/dso/dso_dl.c                      1.1.1.1.2.4
+  src/crypto/openssl/crypto/ec/ec.h                           1.1.1.1.2.2
+  src/crypto/openssl/crypto/ec/ec_err.c                       1.1.1.1.2.2
+  src/crypto/openssl/crypto/ec/ec_lib.c                       1.1.1.1.2.2
+  src/crypto/openssl/crypto/ec/ec_mult.c                      1.1.1.1.2.2
+  src/crypto/openssl/crypto/ec/ectest.c                       1.1.1.1.2.2
+  src/crypto/openssl/crypto/engine/Makefile.ssl               1.1.1.1.2.2
+  src/crypto/openssl/crypto/engine/engine.h                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/engine/enginetest.c               1.1.1.1.2.2
+  src/crypto/openssl/crypto/err/err.c                         1.1.1.1.2.6
+  src/crypto/openssl/crypto/err/err_all.c                         1.2.2.6
+  src/crypto/openssl/crypto/evp/digest.c                      1.1.1.1.2.2
+  src/crypto/openssl/crypto/evp/evp_acnf.c                    1.1.1.1.2.2
+  src/crypto/openssl/crypto/evp/evp_enc.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/evp/evp_test.c                    1.1.1.1.2.2
+  src/crypto/openssl/crypto/krb5/Makefile.ssl                 1.1.1.1.2.2
+  src/crypto/openssl/crypto/md2/md2test.c                     1.1.1.1.2.3
+  src/crypto/openssl/crypto/md4/md4.c                         1.1.1.1.2.3
+  src/crypto/openssl/crypto/md5/Makefile.ssl                  1.1.1.1.2.5
+  src/crypto/openssl/crypto/md5/md5.c                         1.1.1.1.2.1
+  src/crypto/openssl/crypto/md5/md5.h                         1.1.1.1.2.3
+  src/crypto/openssl/crypto/mem.c                             1.1.1.1.2.5
+  src/crypto/openssl/crypto/o_time.c                          1.1.1.1.2.2
+  src/crypto/openssl/crypto/objects/obj_dat.h                 1.1.1.1.2.5
+  src/crypto/openssl/crypto/objects/obj_mac.h                 1.1.1.1.2.4
+  src/crypto/openssl/crypto/objects/objects.txt               1.1.1.1.2.4
+  src/crypto/openssl/crypto/ocsp/Makefile.ssl                 1.1.1.1.2.2
+  src/crypto/openssl/crypto/opensslv.h                        1.1.1.1.2.7
+  src/crypto/openssl/crypto/perlasm/x86asm.pl                 1.1.1.1.2.3
+  src/crypto/openssl/crypto/perlasm/x86ms.pl                  1.1.1.1.2.3
+  src/crypto/openssl/crypto/perlasm/x86nasm.pl                1.1.1.1.2.3
+  src/crypto/openssl/crypto/perlasm/x86unix.pl                1.1.1.1.2.4
+  src/crypto/openssl/crypto/rand/rand.h                       1.1.1.1.2.6
+  src/crypto/openssl/crypto/rand/rand_lib.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/rc4/Makefile.ssl                  1.1.1.1.2.4
+  src/crypto/openssl/crypto/rc5/Makefile.ssl                  1.1.1.1.2.4
+  src/crypto/openssl/crypto/rc5/rc5_locl.h                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/ripemd/Makefile.ssl               1.1.1.1.2.5
+  src/crypto/openssl/crypto/ripemd/rmd160.c                   1.1.1.1.2.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                         1.2.4.5
+  src/crypto/openssl/crypto/rsa/rsa_lib.c                         1.2.2.6
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                    1.1.1.1.2.4
+  src/crypto/openssl/crypto/rsa/rsa_test.c                    1.1.1.1.2.3
+  src/crypto/openssl/crypto/sha/Makefile.ssl                  1.1.1.1.2.4
+  src/crypto/openssl/crypto/ui/Makefile.ssl                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/ui/ui_openssl.c                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/x509v3/ext_dat.h                  1.1.1.1.2.3
+  src/crypto/openssl/crypto/x509v3/v3_ocsp.c                  1.1.1.1.2.2
+  src/crypto/openssl/crypto/x509v3/v3_purp.c                  1.1.1.1.2.5
+  src/crypto/openssl/crypto/x509v3/v3conf.c                   1.1.1.1.2.2
+  src/crypto/openssl/crypto/x509v3/x509v3.h                   1.1.1.1.2.5
+  src/crypto/openssl/demos/x509/mkcert.c                      1.1.1.1.2.2
+  src/crypto/openssl/demos/x509/mkreq.c                       1.1.1.1.2.2
+  src/crypto/openssl/doc/HOWTO/certificates.txt               1.1.1.1.2.2
+  src/crypto/openssl/doc/apps/ca.pod                          1.1.1.1.2.5
+  src/crypto/openssl/doc/apps/dhparam.pod                     1.1.1.1.2.3
+  src/crypto/openssl/doc/apps/dsa.pod                         1.1.1.1.2.2
+  src/crypto/openssl/doc/apps/dsaparam.pod                    1.1.1.1.2.3
+  src/crypto/openssl/doc/apps/gendsa.pod                      1.1.1.1.2.3
+  src/crypto/openssl/doc/apps/genrsa.pod                      1.1.1.1.2.3
+  src/crypto/openssl/doc/apps/pkcs7.pod                       1.1.1.1.2.3
+  src/crypto/openssl/doc/apps/pkcs8.pod                       1.1.1.1.2.2
+  src/crypto/openssl/doc/apps/req.pod                         1.1.1.1.2.4
+  src/crypto/openssl/doc/apps/rsa.pod                         1.1.1.1.2.4
+  src/crypto/openssl/doc/apps/spkac.pod                       1.1.1.1.2.2
+  src/crypto/openssl/doc/apps/x509.pod                        1.1.1.1.2.4
+  src/crypto/openssl/doc/crypto/BN_generate_prime.pod         1.1.1.1.2.3
+  src/crypto/openssl/doc/crypto/EVP_SealInit.pod              1.1.1.1.2.4
+  src/crypto/openssl/doc/standards.txt                        1.1.1.1.2.3
+  src/crypto/openssl/openssl.spec                             1.1.1.1.2.6
+  src/crypto/openssl/ssl/bio_ssl.c                            1.1.1.1.2.4
+  src/crypto/openssl/ssl/s2_clnt.c                                1.2.2.7
+  src/crypto/openssl/ssl/s3_both.c                            1.1.1.1.2.6
+  src/crypto/openssl/ssl/s3_enc.c                             1.1.1.1.2.6
+  src/crypto/openssl/ssl/s3_pkt.c                             1.1.1.1.2.6
+  src/crypto/openssl/ssl/ssl.h                                1.1.1.1.2.7
+  src/crypto/openssl/ssl/ssl_cert.c                           1.1.1.1.2.6
+  src/crypto/openssl/ssl/ssl_lib.c                            1.1.1.1.2.6
+  src/crypto/openssl/ssl/ssltest.c                            1.1.1.1.2.5
+  src/crypto/openssl/test/Makefile.ssl                        1.1.1.1.2.6
+  src/crypto/openssl/test/testgen                             1.1.1.1.2.3
+  src/crypto/openssl/util/bat.sh                              1.1.1.1.2.1
+  src/crypto/openssl/util/libeay.num                          1.1.1.1.2.6
+  src/crypto/openssl/util/mk1mf.pl                            1.1.1.1.2.5
+  src/crypto/openssl/util/mkdef.pl                            1.1.1.1.2.6
+  src/crypto/openssl/util/ssleay.num                          1.1.1.1.2.5
+  src/secure/lib/libcrypto/Makefile.inc                          1.7.2.11
+  src/secure/lib/libcrypto/man/ASN1_OBJECT_new.3                  1.2.2.2
+  src/secure/lib/libcrypto/man/ASN1_STRING_length.3               1.2.2.2
+  src/secure/lib/libcrypto/man/ASN1_STRING_new.3                  1.2.2.2
+  src/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3             1.2.2.2
+  src/secure/lib/libcrypto/man/BIO_ctrl.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_f_base64.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_f_buffer.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_f_cipher.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_f_md.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_f_null.3                       1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_f_ssl.3                        1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_find_type.3                    1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_new.3                          1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_push.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_read.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_s_accept.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_s_bio.3                        1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_s_connect.3                    1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_s_fd.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_s_file.3                       1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_s_mem.3                        1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_s_null.3                       1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_s_socket.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_set_callback.3                 1.3.2.2
+  src/secure/lib/libcrypto/man/BIO_should_retry.3                 1.3.2.2
+  src/secure/lib/libcrypto/man/BN_CTX_new.3                       1.3.2.2
+  src/secure/lib/libcrypto/man/BN_CTX_start.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/BN_add.3                           1.3.2.2
+  src/secure/lib/libcrypto/man/BN_add_word.3                      1.3.2.2
+  src/secure/lib/libcrypto/man/BN_bn2bin.3                        1.3.2.2
+  src/secure/lib/libcrypto/man/BN_cmp.3                           1.3.2.2
+  src/secure/lib/libcrypto/man/BN_copy.3                          1.3.2.2
+  src/secure/lib/libcrypto/man/BN_generate_prime.3                1.3.2.2
+  src/secure/lib/libcrypto/man/BN_mod_inverse.3                   1.3.2.2
+  src/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3            1.3.2.2
+  src/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3            1.3.2.2
+  src/secure/lib/libcrypto/man/BN_new.3                           1.3.2.2
+  src/secure/lib/libcrypto/man/BN_num_bytes.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/BN_rand.3                          1.3.2.2
+  src/secure/lib/libcrypto/man/BN_set_bit.3                       1.3.2.2
+  src/secure/lib/libcrypto/man/BN_swap.3                          1.2.2.2
+  src/secure/lib/libcrypto/man/BN_zero.3                          1.3.2.2
+  src/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3               1.3.2.2
+  src/secure/lib/libcrypto/man/DH_generate_key.3                  1.3.2.2
+  src/secure/lib/libcrypto/man/DH_generate_parameters.3           1.3.2.2
+  src/secure/lib/libcrypto/man/DH_get_ex_new_index.3              1.3.2.2
+  src/secure/lib/libcrypto/man/DH_new.3                           1.3.2.2
+  src/secure/lib/libcrypto/man/DH_set_method.3                    1.3.2.2
+  src/secure/lib/libcrypto/man/DH_size.3                          1.3.2.2
+  src/secure/lib/libcrypto/man/DSA_SIG_new.3                      1.3.2.2
+  src/secure/lib/libcrypto/man/DSA_do_sign.3                      1.3.2.2
+  src/secure/lib/libcrypto/man/DSA_dup_DH.3                       1.3.2.2
+  src/secure/lib/libcrypto/man/DSA_generate_key.3                 1.3.2.2
+  src/secure/lib/libcrypto/man/DSA_generate_parameters.3          1.3.2.2
+  src/secure/lib/libcrypto/man/DSA_get_ex_new_index.3             1.3.2.2
+  src/secure/lib/libcrypto/man/DSA_new.3                          1.3.2.2
+  src/secure/lib/libcrypto/man/DSA_set_method.3                   1.3.2.2
+  src/secure/lib/libcrypto/man/DSA_sign.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/DSA_size.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/ERR_GET_LIB.3                      1.3.2.2
+  src/secure/lib/libcrypto/man/ERR_clear_error.3                  1.3.2.2
+  src/secure/lib/libcrypto/man/ERR_error_string.3                 1.3.2.2
+  src/secure/lib/libcrypto/man/ERR_get_error.3                    1.3.2.2
+  src/secure/lib/libcrypto/man/ERR_load_crypto_strings.3          1.3.2.2
+  src/secure/lib/libcrypto/man/ERR_load_strings.3                 1.3.2.2
+  src/secure/lib/libcrypto/man/ERR_print_errors.3                 1.3.2.2
+  src/secure/lib/libcrypto/man/ERR_put_error.3                    1.3.2.2
+  src/secure/lib/libcrypto/man/ERR_remove_state.3                 1.3.2.2
+  src/secure/lib/libcrypto/man/EVP_BytesToKey.3                   1.2.2.2
+  src/secure/lib/libcrypto/man/EVP_DigestInit.3                   1.3.2.2
+  src/secure/lib/libcrypto/man/EVP_EncryptInit.3                  1.3.2.2
+  src/secure/lib/libcrypto/man/EVP_OpenInit.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/EVP_PKEY_new.3                     1.2.2.2
+  src/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3                1.2.2.2
+  src/secure/lib/libcrypto/man/EVP_SealInit.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/EVP_SignInit.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/EVP_VerifyInit.3                   1.3.2.2
+  src/secure/lib/libcrypto/man/OBJ_nid2obj.3                      1.2.2.2
+  src/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3           1.3.2.2
+  src/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3       1.3.2.2
+  src/secure/lib/libcrypto/man/PKCS12_create.3                    1.2.2.2
+  src/secure/lib/libcrypto/man/PKCS12_parse.3                     1.2.2.2
+  src/secure/lib/libcrypto/man/PKCS7_decrypt.3                    1.2.2.2
+  src/secure/lib/libcrypto/man/PKCS7_encrypt.3                    1.2.2.2
+  src/secure/lib/libcrypto/man/PKCS7_sign.3                       1.2.2.2
+  src/secure/lib/libcrypto/man/PKCS7_verify.3                     1.2.2.2
+  src/secure/lib/libcrypto/man/RAND_add.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/RAND_bytes.3                       1.3.2.2
+  src/secure/lib/libcrypto/man/RAND_cleanup.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/RAND_egd.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/RAND_load_file.3                   1.3.2.2
+  src/secure/lib/libcrypto/man/RAND_set_rand_method.3             1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_blinding_on.3                  1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_check_key.3                    1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_generate_key.3                 1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_get_ex_new_index.3             1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_new.3                          1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3     1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_print.3                        1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_private_encrypt.3              1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_public_encrypt.3               1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_set_method.3                   1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_sign.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3       1.3.2.2
+  src/secure/lib/libcrypto/man/RSA_size.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/SMIME_read_PKCS7.3                 1.2.2.2
+  src/secure/lib/libcrypto/man/SMIME_write_PKCS7.3                1.2.2.2
+  src/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3       1.2.2.2
+  src/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3       1.2.2.2
+  src/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3       1.2.2.2
+  src/secure/lib/libcrypto/man/X509_NAME_print_ex.3               1.2.2.2
+  src/secure/lib/libcrypto/man/X509_new.3                         1.2.2.2
+  src/secure/lib/libcrypto/man/bio.3                              1.3.2.2
+  src/secure/lib/libcrypto/man/blowfish.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/bn.3                               1.3.2.2
+  src/secure/lib/libcrypto/man/bn_internal.3                      1.3.2.2
+  src/secure/lib/libcrypto/man/buffer.3                           1.3.2.2
+  src/secure/lib/libcrypto/man/crypto.3                           1.3.2.2
+  src/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3                  1.2.2.2
+  src/secure/lib/libcrypto/man/d2i_DHparams.3                     1.3.2.2
+  src/secure/lib/libcrypto/man/d2i_DSAPublicKey.3                 1.2.2.2
+  src/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3              1.2.2.2
+  src/secure/lib/libcrypto/man/d2i_RSAPublicKey.3                 1.3.2.2
+  src/secure/lib/libcrypto/man/d2i_X509.3                         1.2.2.2
+  src/secure/lib/libcrypto/man/d2i_X509_ALGOR.3                   1.2.2.2
+  src/secure/lib/libcrypto/man/d2i_X509_CRL.3                     1.2.2.2
+  src/secure/lib/libcrypto/man/d2i_X509_NAME.3                    1.2.2.2
+  src/secure/lib/libcrypto/man/d2i_X509_REQ.3                     1.2.2.2
+  src/secure/lib/libcrypto/man/d2i_X509_SIG.3                     1.2.2.2
+  src/secure/lib/libcrypto/man/des.3                              1.3.2.2
+  src/secure/lib/libcrypto/man/dh.3                               1.3.2.2
+  src/secure/lib/libcrypto/man/dsa.3                              1.3.2.2
+  src/secure/lib/libcrypto/man/engine.3                           1.2.2.2
+  src/secure/lib/libcrypto/man/err.3                              1.3.2.2
+  src/secure/lib/libcrypto/man/evp.3                              1.3.2.2
+  src/secure/lib/libcrypto/man/hmac.3                             1.3.2.2
+  src/secure/lib/libcrypto/man/lh_stats.3                         1.3.2.2
+  src/secure/lib/libcrypto/man/lhash.3                            1.3.2.2
+  src/secure/lib/libcrypto/man/md5.3                              1.3.2.2
+  src/secure/lib/libcrypto/man/mdc2.3                             1.3.2.2
+  src/secure/lib/libcrypto/man/pem.3                              1.2.2.2
+  src/secure/lib/libcrypto/man/rand.3                             1.3.2.2
+  src/secure/lib/libcrypto/man/rc4.3                              1.3.2.2
+  src/secure/lib/libcrypto/man/ripemd.3                           1.3.2.2
+  src/secure/lib/libcrypto/man/rsa.3                              1.3.2.2
+  src/secure/lib/libcrypto/man/sha.3                              1.3.2.2
+  src/secure/lib/libcrypto/man/threads.3                          1.3.2.2
+  src/secure/lib/libcrypto/man/ui.3                               1.2.2.2
+  src/secure/lib/libcrypto/man/ui_compat.3                        1.2.2.2
+  src/secure/lib/libssl/man/SSL_CIPHER_get_name.3                 1.2.2.2
+  src/secure/lib/libssl/man/SSL_COMP_add_compression_method.3     1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3        1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_add_session.3                 1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_ctrl.3                        1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_flush_sessions.3              1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_free.3                        1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3            1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3             1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3       1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_new.3                         1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_sess_number.3                 1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3         1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3             1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_sessions.3                    1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_cert_store.3              1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3    1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3             1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3          1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3          1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3       1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3     1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_info_callback.3           1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3           1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_mode.3                    1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3            1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_options.3                 1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3          1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3      1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3      1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3             1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_timeout.3                 1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3         1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3        1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_set_verify.3                  1.2.2.2
+  src/secure/lib/libssl/man/SSL_CTX_use_certificate.3             1.2.2.2
+  src/secure/lib/libssl/man/SSL_SESSION_free.3                    1.2.2.2
+  src/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3        1.2.2.2
+  src/secure/lib/libssl/man/SSL_SESSION_get_time.3                1.2.2.2
+  src/secure/lib/libssl/man/SSL_accept.3                          1.2.2.2
+  src/secure/lib/libssl/man/SSL_alert_type_string.3               1.2.2.2
+  src/secure/lib/libssl/man/SSL_clear.3                           1.2.2.2
+  src/secure/lib/libssl/man/SSL_connect.3                         1.2.2.2
+  src/secure/lib/libssl/man/SSL_do_handshake.3                    1.2.2.2
+  src/secure/lib/libssl/man/SSL_free.3                            1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_SSL_CTX.3                     1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_ciphers.3                     1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_client_CA_list.3              1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_current_cipher.3              1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_default_timeout.3             1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_error.3                       1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3  1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_ex_new_index.3                1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_fd.3                          1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_peer_cert_chain.3             1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_peer_certificate.3            1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_rbio.3                        1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_session.3                     1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_verify_result.3               1.2.2.2
+  src/secure/lib/libssl/man/SSL_get_version.3                     1.2.2.2
+  src/secure/lib/libssl/man/SSL_library_init.3                    1.2.2.2
+  src/secure/lib/libssl/man/SSL_load_client_CA_file.3             1.2.2.2
+  src/secure/lib/libssl/man/SSL_new.3                             1.2.2.2
+  src/secure/lib/libssl/man/SSL_pending.3                         1.2.2.2
+  src/secure/lib/libssl/man/SSL_read.3                            1.2.2.2
+  src/secure/lib/libssl/man/SSL_rstate_string.3                   1.2.2.2
+  src/secure/lib/libssl/man/SSL_session_reused.3                  1.2.2.2
+  src/secure/lib/libssl/man/SSL_set_bio.3                         1.2.2.2
+  src/secure/lib/libssl/man/SSL_set_connect_state.3               1.2.2.2
+  src/secure/lib/libssl/man/SSL_set_fd.3                          1.2.2.2
+  src/secure/lib/libssl/man/SSL_set_session.3                     1.2.2.2
+  src/secure/lib/libssl/man/SSL_set_shutdown.3                    1.2.2.2
+  src/secure/lib/libssl/man/SSL_set_verify_result.3               1.2.2.2
+  src/secure/lib/libssl/man/SSL_shutdown.3                        1.2.2.2
+  src/secure/lib/libssl/man/SSL_state_string.3                    1.2.2.2
+  src/secure/lib/libssl/man/SSL_want.3                            1.2.2.2
+  src/secure/lib/libssl/man/SSL_write.3                           1.2.2.2
+  src/secure/lib/libssl/man/d2i_SSL_SESSION.3                     1.2.2.2
+  src/secure/lib/libssl/man/ssl.3                                 1.2.2.2
+  src/secure/usr.bin/openssl/man/CA.pl.1                          1.2.2.2
+  src/secure/usr.bin/openssl/man/asn1parse.1                      1.2.2.2
+  src/secure/usr.bin/openssl/man/ca.1                             1.2.2.2
+  src/secure/usr.bin/openssl/man/ciphers.1                        1.2.2.2
+  src/secure/usr.bin/openssl/man/crl.1                            1.2.2.2
+  src/secure/usr.bin/openssl/man/crl2pkcs7.1                      1.2.2.2
+  src/secure/usr.bin/openssl/man/dgst.1                           1.2.2.2
+  src/secure/usr.bin/openssl/man/dhparam.1                        1.2.2.2
+  src/secure/usr.bin/openssl/man/dsa.1                            1.2.2.2
+  src/secure/usr.bin/openssl/man/dsaparam.1                       1.2.2.2
+  src/secure/usr.bin/openssl/man/enc.1                            1.2.2.2
+  src/secure/usr.bin/openssl/man/gendsa.1                         1.2.2.2
+  src/secure/usr.bin/openssl/man/genrsa.1                         1.2.2.2
+  src/secure/usr.bin/openssl/man/nseq.1                           1.2.2.2
+  src/secure/usr.bin/openssl/man/ocsp.1                           1.2.2.2
+  src/secure/usr.bin/openssl/man/openssl.1                        1.2.2.2
+  src/secure/usr.bin/openssl/man/passwd.1                         1.2.2.2
+  src/secure/usr.bin/openssl/man/pkcs12.1                         1.2.2.2
+  src/secure/usr.bin/openssl/man/pkcs7.1                          1.2.2.2
+  src/secure/usr.bin/openssl/man/pkcs8.1                          1.2.2.2
+  src/secure/usr.bin/openssl/man/rand.1                           1.2.2.2
+  src/secure/usr.bin/openssl/man/req.1                            1.2.2.2
+  src/secure/usr.bin/openssl/man/rsa.1                            1.2.2.2
+  src/secure/usr.bin/openssl/man/rsautl.1                         1.2.2.2
+  src/secure/usr.bin/openssl/man/s_client.1                       1.2.2.2
+  src/secure/usr.bin/openssl/man/s_server.1                       1.2.2.2
+  src/secure/usr.bin/openssl/man/sess_id.1                        1.2.2.2
+  src/secure/usr.bin/openssl/man/smime.1                          1.2.2.2
+  src/secure/usr.bin/openssl/man/speed.1                          1.2.2.2
+  src/secure/usr.bin/openssl/man/spkac.1                          1.2.2.2
+  src/secure/usr.bin/openssl/man/verify.1                         1.2.2.2
+  src/secure/usr.bin/openssl/man/version.1                        1.2.2.2
+  src/secure/usr.bin/openssl/man/x509.1                           1.2.2.2
+RELENG_5_0
+  src/UPDATING                                                  1.229.2.7
+  src/crypto/openssl/CHANGES                                 1.1.1.11.2.1
+  src/crypto/openssl/Configure                               1.1.1.10.2.1
+  src/crypto/openssl/FAQ                                      1.1.1.9.2.1
+  src/crypto/openssl/INSTALL                                  1.1.1.6.2.1
+  src/crypto/openssl/Makefile.org                            1.1.1.11.2.1
+  src/crypto/openssl/Makefile.ssl                            1.1.1.10.2.1
+  src/crypto/openssl/NEWS                                    1.1.1.10.2.1
+  src/crypto/openssl/PROBLEMS                                 1.1.1.2.2.1
+  src/crypto/openssl/README                                  1.1.1.10.2.1
+  src/crypto/openssl/config                                  1.1.1.10.2.1
+  src/crypto/openssl/e_os.h                                   1.1.1.8.2.1
+  src/crypto/openssl/openssl.spec                             1.1.1.7.2.1
+  src/crypto/openssl/apps/Makefile.ssl                        1.1.1.6.2.1
+  src/crypto/openssl/apps/apps.h                              1.1.1.3.2.1
+  src/crypto/openssl/apps/asn1pars.c                          1.1.1.4.2.1
+  src/crypto/openssl/apps/ca.c                                1.1.1.6.2.1
+  src/crypto/openssl/apps/ciphers.c                           1.1.1.3.2.1
+  src/crypto/openssl/apps/crl.c                               1.1.1.3.2.1
+  src/crypto/openssl/apps/crl2p7.c                            1.1.1.3.2.1
+  src/crypto/openssl/apps/dgst.c                              1.1.1.5.2.1
+  src/crypto/openssl/apps/dh.c                                1.1.1.3.2.1
+  src/crypto/openssl/apps/dhparam.c                           1.1.1.2.2.1
+  src/crypto/openssl/apps/dsa.c                               1.1.1.3.2.1
+  src/crypto/openssl/apps/dsaparam.c                          1.1.1.5.2.1
+  src/crypto/openssl/apps/enc.c                               1.1.1.5.2.1
+  src/crypto/openssl/apps/errstr.c                            1.1.1.3.2.1
+  src/crypto/openssl/apps/gendh.c                             1.1.1.3.2.1
+  src/crypto/openssl/apps/gendsa.c                            1.1.1.3.2.1
+  src/crypto/openssl/apps/genrsa.c                            1.1.1.3.2.1
+  src/crypto/openssl/apps/nseq.c                              1.1.1.3.2.1
+  src/crypto/openssl/apps/openssl.c                           1.1.1.4.2.1
+  src/crypto/openssl/apps/openssl.cnf                             1.3.2.1
+  src/crypto/openssl/apps/passwd.c                            1.1.1.4.2.1
+  src/crypto/openssl/apps/pkcs12.c                            1.1.1.4.2.1
+  src/crypto/openssl/apps/pkcs7.c                             1.1.1.4.2.1
+  src/crypto/openssl/apps/pkcs8.c                             1.1.1.3.2.1
+  src/crypto/openssl/apps/rand.c                              1.1.1.2.2.1
+  src/crypto/openssl/apps/req.c                               1.1.1.6.2.1
+  src/crypto/openssl/apps/rsa.c                               1.1.1.3.2.1
+  src/crypto/openssl/apps/s_client.c                          1.1.1.5.2.1
+  src/crypto/openssl/apps/s_server.c                          1.1.1.4.2.1
+  src/crypto/openssl/apps/s_time.c                            1.1.1.3.2.1
+  src/crypto/openssl/apps/sess_id.c                           1.1.1.3.2.1
+  src/crypto/openssl/apps/speed.c                                 1.9.2.1
+  src/crypto/openssl/apps/spkac.c                             1.1.1.2.2.1
+  src/crypto/openssl/apps/verify.c                            1.1.1.3.2.1
+  src/crypto/openssl/apps/version.c                           1.1.1.2.2.1
+  src/crypto/openssl/apps/x509.c                              1.1.1.5.2.1
+  src/crypto/openssl/crypto/Makefile.ssl                      1.1.1.7.2.1
+  src/crypto/openssl/crypto/cryptlib.c                        1.1.1.7.2.1
+  src/crypto/openssl/crypto/crypto.h                          1.1.1.5.2.1
+  src/crypto/openssl/crypto/md32_common.h                     1.1.1.3.2.1
+  src/crypto/openssl/crypto/mem.c                             1.1.1.4.2.1
+  src/crypto/openssl/crypto/mem_clr.c                         1.1.1.1.4.1
+  src/crypto/openssl/crypto/mem_dbg.c                         1.1.1.4.2.1
+  src/crypto/openssl/crypto/opensslv.h                       1.1.1.11.2.1
+  src/crypto/openssl/crypto/tmdiff.c                          1.1.1.3.2.1
+  src/crypto/openssl/crypto/uid.c                             1.1.1.1.4.1
+  src/crypto/openssl/crypto/asn1/Makefile.ssl                 1.1.1.5.2.1
+  src/crypto/openssl/crypto/asn1/a_sign.c                     1.1.1.4.2.1
+  src/crypto/openssl/crypto/asn1/a_strex.c                    1.1.1.1.4.1
+  src/crypto/openssl/crypto/asn1/a_utctm.c                    1.1.1.5.2.1
+  src/crypto/openssl/crypto/asn1/a_verify.c                   1.1.1.3.2.1
+  src/crypto/openssl/crypto/asn1/n_pkey.c                     1.1.1.3.2.1
+  src/crypto/openssl/crypto/asn1/p8_pkey.c                    1.1.1.3.2.1
+  src/crypto/openssl/crypto/bf/Makefile.ssl                   1.1.1.4.2.1
+  src/crypto/openssl/crypto/bf/bftest.c                       1.1.1.3.2.1
+  src/crypto/openssl/crypto/bio/Makefile.ssl                  1.1.1.5.2.1
+  src/crypto/openssl/crypto/bio/bio.h                         1.1.1.5.2.1
+  src/crypto/openssl/crypto/bn/Makefile.ssl                   1.1.1.5.2.1
+  src/crypto/openssl/crypto/bn/bn.h                           1.1.1.7.2.1
+  src/crypto/openssl/crypto/bn/bn_lib.c                       1.1.1.4.2.1
+  src/crypto/openssl/crypto/bn/bn_rand.c                      1.1.1.6.2.1
+  src/crypto/openssl/crypto/bn/bn_word.c                      1.1.1.3.2.1
+  src/crypto/openssl/crypto/bn/bntest.c                       1.1.1.4.2.1
+  src/crypto/openssl/crypto/bn/exptest.c                      1.1.1.2.2.1
+  src/crypto/openssl/crypto/buffer/Makefile.ssl               1.1.1.4.2.1
+  src/crypto/openssl/crypto/cast/Makefile.ssl                 1.1.1.3.2.1
+  src/crypto/openssl/crypto/cast/casttest.c                   1.1.1.2.2.1
+  src/crypto/openssl/crypto/comp/Makefile.ssl                 1.1.1.4.2.1
+  src/crypto/openssl/crypto/conf/Makefile.ssl                 1.1.1.5.2.1
+  src/crypto/openssl/crypto/conf/conf_def.c                   1.1.1.2.2.1
+  src/crypto/openssl/crypto/des/Makefile.ssl                  1.1.1.4.2.1
+  src/crypto/openssl/crypto/des/des.c                         1.1.1.3.2.1
+  src/crypto/openssl/crypto/des/read2pwd.c                   1.1.1.1.14.1
+  src/crypto/openssl/crypto/des/read_pwd.c                    1.1.1.4.2.1
+  src/crypto/openssl/crypto/des/str2key.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/dh/Makefile.ssl                   1.1.1.4.2.1
+  src/crypto/openssl/crypto/dh/dhtest.c                       1.1.1.4.2.1
+  src/crypto/openssl/crypto/dsa/Makefile.ssl                  1.1.1.4.2.1
+  src/crypto/openssl/crypto/dsa/dsatest.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/dso/Makefile.ssl                  1.1.1.2.2.1
+  src/crypto/openssl/crypto/err/Makefile.ssl                  1.1.1.5.2.1
+  src/crypto/openssl/crypto/err/err_all.c                         1.5.2.1
+  src/crypto/openssl/crypto/evp/Makefile.ssl                  1.1.1.4.2.1
+  src/crypto/openssl/crypto/evp/bio_enc.c                     1.1.1.4.2.1
+  src/crypto/openssl/crypto/evp/bio_ok.c                      1.1.1.3.2.1
+  src/crypto/openssl/crypto/evp/c_allc.c                      1.1.1.2.2.1
+  src/crypto/openssl/crypto/evp/c_alld.c                      1.1.1.3.2.1
+  src/crypto/openssl/crypto/evp/e_idea.c                      1.1.1.1.4.1
+  src/crypto/openssl/crypto/evp/evp.h                            1.11.2.1
+  src/crypto/openssl/crypto/evp/evp_key.c                     1.1.1.4.2.1
+  src/crypto/openssl/crypto/evp/p5_crpt.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/evp/p5_crpt2.c                    1.1.1.2.2.1
+  src/crypto/openssl/crypto/evp/p_open.c                      1.1.1.3.2.1
+  src/crypto/openssl/crypto/hmac/Makefile.ssl                 1.1.1.3.2.1
+  src/crypto/openssl/crypto/hmac/hmactest.c                   1.1.1.2.2.1
+  src/crypto/openssl/crypto/idea/Makefile.ssl                     1.5.2.1
+  src/crypto/openssl/crypto/idea/i_cbc.c                          1.5.2.1
+  src/crypto/openssl/crypto/idea/i_cfb64.c                        1.5.2.1
+  src/crypto/openssl/crypto/idea/i_ecb.c                          1.5.2.1
+  src/crypto/openssl/crypto/idea/i_ofb64.c                        1.5.2.1
+  src/crypto/openssl/crypto/idea/i_skey.c                         1.5.2.1
+  src/crypto/openssl/crypto/idea/idea.h                           1.5.2.1
+  src/crypto/openssl/crypto/idea/idea_lcl.h                       1.4.4.1
+  src/crypto/openssl/crypto/idea/idea_spd.c                       1.4.4.1
+  src/crypto/openssl/crypto/idea/ideatest.c                       1.4.4.1
+  src/crypto/openssl/crypto/idea/version                          1.4.4.1
+  src/crypto/openssl/crypto/lhash/Makefile.ssl                1.1.1.4.2.1
+  src/crypto/openssl/crypto/md2/Makefile.ssl                  1.1.1.5.2.1
+  src/crypto/openssl/crypto/md2/md2_dgst.c                    1.1.1.2.2.1
+  src/crypto/openssl/crypto/md2/md2_one.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/md2/md2test.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/md4/Makefile.ssl                  1.1.1.2.2.1
+  src/crypto/openssl/crypto/md4/md4_one.c                     1.1.1.1.4.1
+  src/crypto/openssl/crypto/md4/md4test.c                     1.1.1.1.4.1
+  src/crypto/openssl/crypto/md5/Makefile.ssl                  1.1.1.4.2.1
+  src/crypto/openssl/crypto/md5/md5_one.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/md5/md5test.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/mdc2/Makefile.ssl                 1.1.1.4.2.1
+  src/crypto/openssl/crypto/mdc2/mdc2_one.c                   1.1.1.2.2.1
+  src/crypto/openssl/crypto/mdc2/mdc2test.c                   1.1.1.2.2.1
+  src/crypto/openssl/crypto/objects/Makefile.ssl              1.1.1.6.2.1
+  src/crypto/openssl/crypto/objects/obj_dat.c                 1.1.1.5.2.1
+  src/crypto/openssl/crypto/objects/obj_dat.h                 1.1.1.4.2.1
+  src/crypto/openssl/crypto/objects/obj_mac.h                 1.1.1.3.2.1
+  src/crypto/openssl/crypto/objects/obj_mac.num               1.1.1.2.2.1
+  src/crypto/openssl/crypto/objects/objects.txt               1.1.1.4.2.1
+  src/crypto/openssl/crypto/pem/Makefile.ssl                  1.1.1.3.2.1
+  src/crypto/openssl/crypto/pem/pem_info.c                    1.1.1.5.2.1
+  src/crypto/openssl/crypto/pem/pem_lib.c                     1.1.1.5.2.1
+  src/crypto/openssl/crypto/pem/pem_seal.c                    1.1.1.3.2.1
+  src/crypto/openssl/crypto/pkcs12/Makefile.ssl               1.1.1.4.2.1
+  src/crypto/openssl/crypto/pkcs12/p12_crpt.c                 1.1.1.2.2.1
+  src/crypto/openssl/crypto/pkcs12/p12_decr.c                 1.1.1.3.2.1
+  src/crypto/openssl/crypto/pkcs12/p12_key.c                  1.1.1.5.2.1
+  src/crypto/openssl/crypto/pkcs7/Makefile.ssl                1.1.1.5.2.1
+  src/crypto/openssl/crypto/pkcs7/bio_ber.c                   1.1.1.3.2.1
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                  1.1.1.7.2.1
+  src/crypto/openssl/crypto/rand/Makefile.ssl                 1.1.1.4.2.1
+  src/crypto/openssl/crypto/rand/md_rand.c                    1.1.1.6.2.1
+  src/crypto/openssl/crypto/rand/rand_egd.c                   1.1.1.4.2.1
+  src/crypto/openssl/crypto/rand/rand_win.c                   1.1.1.4.2.1
+  src/crypto/openssl/crypto/rand/randfile.c                   1.1.1.6.2.1
+  src/crypto/openssl/crypto/rand/randtest.c                   1.1.1.2.2.1
+  src/crypto/openssl/crypto/rc2/Makefile.ssl                  1.1.1.2.2.1
+  src/crypto/openssl/crypto/rc2/rc2test.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/rc4/Makefile.ssl                  1.1.1.3.2.1
+  src/crypto/openssl/crypto/rc4/rc4.c                        1.1.1.1.14.1
+  src/crypto/openssl/crypto/rc4/rc4test.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/rc5/Makefile.ssl                  1.1.1.3.2.1
+  src/crypto/openssl/crypto/rc5/rc5test.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/ripemd/Makefile.ssl               1.1.1.4.2.1
+  src/crypto/openssl/crypto/ripemd/rmd_one.c                  1.1.1.2.2.1
+  src/crypto/openssl/crypto/ripemd/rmdtest.c                  1.1.1.2.2.1
+  src/crypto/openssl/crypto/rsa/Makefile.ssl                  1.1.1.4.2.1
+  src/crypto/openssl/crypto/rsa/rsa.h                             1.8.2.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                         1.8.2.1
+  src/crypto/openssl/crypto/rsa/rsa_lib.c                         1.6.2.1
+  src/crypto/openssl/crypto/rsa/rsa_pk1.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/rsa/rsa_saos.c                    1.1.1.3.2.1
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                    1.1.1.3.2.1
+  src/crypto/openssl/crypto/sha/Makefile.ssl                  1.1.1.3.2.1
+  src/crypto/openssl/crypto/sha/sha1_one.c                   1.1.1.1.14.1
+  src/crypto/openssl/crypto/sha/sha1test.c                    1.1.1.2.2.1
+  src/crypto/openssl/crypto/sha/sha_one.c                    1.1.1.1.14.1
+  src/crypto/openssl/crypto/sha/shatest.c                     1.1.1.2.2.1
+  src/crypto/openssl/crypto/stack/Makefile.ssl                1.1.1.4.2.1
+  src/crypto/openssl/crypto/threads/mttest.c                  1.1.1.3.2.1
+  src/crypto/openssl/crypto/txt_db/Makefile.ssl               1.1.1.4.2.1
+  src/crypto/openssl/crypto/x509/Makefile.ssl                 1.1.1.5.2.1
+  src/crypto/openssl/crypto/x509/by_file.c                    1.1.1.2.2.1
+  src/crypto/openssl/crypto/x509/x509_cmp.c                   1.1.1.4.2.1
+  src/crypto/openssl/crypto/x509/x509_vfy.c                   1.1.1.4.2.1
+  src/crypto/openssl/crypto/x509v3/Makefile.ssl               1.1.1.5.2.1
+  src/crypto/openssl/demos/selfsign.c                         1.1.1.2.2.1
+  src/crypto/openssl/doc/c-indentation.el                     1.1.1.3.2.1
+  src/crypto/openssl/doc/openssl.txt                          1.1.1.3.2.1
+  src/crypto/openssl/doc/apps/passwd.pod                      1.1.1.2.2.1
+  src/crypto/openssl/doc/apps/req.pod                         1.1.1.2.2.1
+  src/crypto/openssl/doc/apps/smime.pod                       1.1.1.3.2.1
+  src/crypto/openssl/doc/apps/x509.pod                        1.1.1.2.2.1
+  src/crypto/openssl/doc/crypto/BN_CTX_new.pod                1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/BN_add.pod                    1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/BN_add_word.pod               1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/BN_bn2bin.pod                 1.1.1.3.2.1
+  src/crypto/openssl/doc/crypto/BN_copy.pod                   1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/BN_generate_prime.pod         1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/BN_mod_inverse.pod            1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod     1.1.1.2.2.1
+  src/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod     1.1.1.2.2.1
+  src/crypto/openssl/doc/crypto/BN_new.pod                    1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/BN_rand.pod                   1.1.1.5.2.1
+  src/crypto/openssl/doc/crypto/DH_generate_key.pod           1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/DH_generate_parameters.pod    1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/DH_new.pod                    1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/DSA_SIG_new.pod               1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/DSA_do_sign.pod               1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/DSA_dup_DH.pod                1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/DSA_generate_key.pod          1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/DSA_generate_parameters.pod   1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/DSA_new.pod                   1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/DSA_sign.pod                  1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/EVP_SealInit.pod              1.1.1.2.2.1
+  src/crypto/openssl/doc/crypto/RAND_bytes.pod                1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/RSA_check_key.pod             1.1.1.2.2.1
+  src/crypto/openssl/doc/crypto/RSA_generate_key.pod          1.1.1.2.2.1
+  src/crypto/openssl/doc/crypto/RSA_print.pod                 1.1.1.2.2.1
+  src/crypto/openssl/doc/crypto/RSA_private_encrypt.pod       1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/RSA_public_encrypt.pod        1.1.1.2.2.1
+  src/crypto/openssl/doc/crypto/RSA_sign.pod                  1.1.1.1.4.1
+  src/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod          1.1.1.1.4.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.4.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod           1.1.1.2.2.1
+  src/crypto/openssl/doc/ssl/ssl.pod                          1.1.1.7.2.1
+  src/crypto/openssl/ssl/Makefile.ssl                         1.1.1.6.2.1
+  src/crypto/openssl/ssl/s23_clnt.c                               1.6.2.1
+  src/crypto/openssl/ssl/s23_lib.c                                1.5.2.1
+  src/crypto/openssl/ssl/s23_meth.c                           1.1.1.2.2.1
+  src/crypto/openssl/ssl/s23_srvr.c                               1.6.2.1
+  src/crypto/openssl/ssl/s2_clnt.c                                1.9.2.1
+  src/crypto/openssl/ssl/s2_enc.c                                 1.7.2.1
+  src/crypto/openssl/ssl/s2_lib.c                                 1.8.2.1
+  src/crypto/openssl/ssl/s2_meth.c                                1.4.2.1
+  src/crypto/openssl/ssl/s2_pkt.c                                 1.7.2.1
+  src/crypto/openssl/ssl/s2_srvr.c                                1.9.2.1
+  src/crypto/openssl/ssl/s3_clnt.c                            1.1.1.8.2.1
+  src/crypto/openssl/ssl/s3_enc.c                             1.1.1.8.2.1
+  src/crypto/openssl/ssl/s3_lib.c                             1.1.1.7.2.1
+  src/crypto/openssl/ssl/s3_meth.c                           1.1.1.1.14.1
+  src/crypto/openssl/ssl/s3_pkt.c                             1.1.1.6.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                            1.1.1.9.2.1
+  src/crypto/openssl/ssl/ssl.h                                1.1.1.9.2.1
+  src/crypto/openssl/ssl/ssl_lib.c                            1.1.1.7.2.1
+  src/crypto/openssl/ssl/ssl_sess.c                           1.1.1.7.2.1
+  src/crypto/openssl/ssl/ssltest.c                            1.1.1.4.2.1
+  src/crypto/openssl/ssl/t1_clnt.c                           1.1.1.1.14.1
+  src/crypto/openssl/ssl/t1_enc.c                             1.1.1.8.2.1
+  src/crypto/openssl/ssl/t1_meth.c                           1.1.1.1.14.1
+  src/crypto/openssl/ssl/t1_srvr.c                           1.1.1.1.14.1
+  src/crypto/openssl/test/Makefile.ssl                        1.1.1.8.2.1
+  src/crypto/openssl/test/methtest.c                         1.1.1.1.14.1
+  src/crypto/openssl/test/testssl                             1.1.1.2.2.1
+  src/crypto/openssl/tools/c_rehash                           1.1.1.5.2.1
+  src/crypto/openssl/tools/c_rehash.in                        1.1.1.3.2.1
+  src/crypto/openssl/util/libeay.num                          1.1.1.7.2.1
+  src/crypto/openssl/util/mk1mf.pl                            1.1.1.4.2.1
+  src/crypto/openssl/util/mkcerts.sh                         1.1.1.1.14.1
+  src/crypto/openssl/util/pod2mantest                        1.1.1.1.10.1
+  src/crypto/openssl/util/pl/BC-32.pl                         1.1.1.4.2.1
+  src/crypto/openssl/util/pl/Mingw32.pl                           1.4.2.1
+  src/secure/lib/libcrypto/Makefile                              1.51.2.1
+  src/secure/lib/libcrypto/man/BIO_ctrl.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_f_base64.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_f_buffer.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_f_cipher.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_f_md.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_f_null.3                   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_f_ssl.3                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_find_type.3                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_new.3                      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/BIO_new_bio_pair.3       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_push.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_read.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_s_accept.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_s_bio.3                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_s_connect.3                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_s_fd.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_s_file.3                   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_s_mem.3                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_s_null.3                   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_s_socket.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_set_callback.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BIO_should_retry.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_CTX_new.3                   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_CTX_start.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_add.3                       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_add_word.3                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_bn2bin.3                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_cmp.3                       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_copy.3                      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_generate_prime.3            1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_mod_inverse.3               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3        1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3        1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_new.3                       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_num_bytes.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_rand.3                      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_set_bit.3                   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/BN_zero.3                      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/CA.pl.1                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3           1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DH_generate_key.3              1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DH_generate_parameters.3       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DH_get_ex_new_index.3          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DH_new.3                       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DH_set_method.3                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DH_size.3                      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DSA_SIG_new.3                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DSA_do_sign.3                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DSA_dup_DH.3                   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DSA_generate_key.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DSA_generate_parameters.3      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DSA_get_ex_new_index.3         1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DSA_new.3                      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DSA_set_method.3               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DSA_sign.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/DSA_size.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/ERR_GET_LIB.3                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/ERR_clear_error.3              1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/ERR_error_string.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/ERR_get_error.3                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/ERR_load_crypto_strings.3      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/ERR_load_strings.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/ERR_print_errors.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/ERR_put_error.3                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/ERR_remove_state.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/EVP_DigestInit.3               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/EVP_EncryptInit.3              1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/EVP_OpenInit.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/EVP_SealInit.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/EVP_SignInit.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/EVP_VerifyInit.3               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RAND_add.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RAND_bytes.3                   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RAND_cleanup.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RAND_egd.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RAND_load_file.3               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RAND_set_rand_method.3         1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_blinding_on.3              1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_check_key.3                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_generate_key.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_get_ex_new_index.3         1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_new.3                      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_print.3                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_private_encrypt.3          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_public_encrypt.3           1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_set_method.3               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_sign.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/RSA_size.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CIPHER_get_name.3    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_COMP_add_compression_method.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_add_extra_chain_cert.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_add_session.3    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_ctrl.3           1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_flush_sessions.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_free.3           1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_get_ex_new_index.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_get_verify_mode.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_load_verify_locations.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_new.3            1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_sess_number.3    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_sess_set_cache_size.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_sess_set_get_cb.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_sessions.3       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_cert_store.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_cert_verify_callback.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_cipher_list.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_client_CA_list.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_client_cert_cb.3 1.1.1.1.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_default_passwd_cb.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_info_callback.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_mode.3       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_options.3    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_quiet_shutdown.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_session_cache_mode.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_session_id_context.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_ssl_version.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_timeout.3    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_tmp_dh_callback.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_tmp_rsa_callback.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_set_verify.3     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_CTX_use_certificate.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_SESSION_free.3       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_SESSION_get_ex_new_index.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_SESSION_get_time.3   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_accept.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_alert_type_string.3  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_clear.3              1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_connect.3            1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_do_handshake.3       1.1.1.1.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_free.3               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_SSL_CTX.3        1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_ciphers.3        1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_client_CA_list.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_current_cipher.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_default_timeout.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_error.3          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_ex_data_X509_STORE_CTX_idx.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_ex_new_index.3   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_fd.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_peer_cert_chain.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_peer_certificate.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_rbio.3           1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_session.3        1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_verify_result.3  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_get_version.3        1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_library_init.3       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_load_client_CA_file.3 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_new.3                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_pending.3            1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_read.3               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_rstate_string.3      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_session_reused.3     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_set_bio.3            1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_set_connect_state.3  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_set_fd.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_set_session.3        1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_set_shutdown.3       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_set_verify_result.3  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_shutdown.3           1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_state_string.3       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_want.3               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/SSL_write.3              1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/asn1parse.1              1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/bio.3                          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/blowfish.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/bn.3                           1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/bn_internal.3                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/buffer.3                       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/ca.1                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/ciphers.1                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/config.1                 1.1.1.1.2.1
+  src/secure/lib/libcrypto/man/Attic/config.5                 1.1.1.1.2.1
+  src/secure/lib/libcrypto/man/Attic/crl.1                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/crl2pkcs7.1              1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/crypto.3                       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/d2i_DHparams.3                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/d2i_RSAPublicKey.3             1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/d2i_SSL_SESSION.3        1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/des.3                          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/des_modes.3                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/dgst.1                   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/dh.3                           1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/dhparam.1                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/dsa.1                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/dsa.3                          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/dsaparam.1               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/enc.1                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/err.3                          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/evp.3                          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/gendsa.1                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/genrsa.1                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/hmac.3                         1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/lh_stats.3                     1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/lhash.3                        1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/md5.3                          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/mdc2.3                         1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/nseq.1                   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/openssl.1                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/passwd.1                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/pkcs12.1                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/pkcs7.1                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/pkcs8.1                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/rand.1                   1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/rand.3                         1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/rc4.3                          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/req.1                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/ripemd.3                       1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/rsa.1                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/rsa.3                          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/rsautl.1                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/s_client.1               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/s_server.1               1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/sess_id.1                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/sha.3                          1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/smime.1                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/speed.1                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/spkac.1                  1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/ssl.3                    1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/threads.3                      1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/verify.1                 1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/version.1                1.1.1.2.2.1
+  src/secure/lib/libcrypto/man/Attic/x509.1                   1.1.1.2.2.1
+  src/sys/conf/newvers.sh                                        1.48.2.3
+RELENG_4_7
+  src/UPDATING                                              1.73.2.74.2.7
+  src/crypto/openssl/CHANGES                              1.1.1.1.2.4.2.1
+  src/crypto/openssl/Configure                            1.1.1.1.2.4.2.1
+  src/crypto/openssl/FAQ                                  1.1.1.1.2.5.2.1
+  src/crypto/openssl/INSTALL                              1.1.1.1.2.3.2.1
+  src/crypto/openssl/Makefile.org                         1.1.1.1.2.5.2.1
+  src/crypto/openssl/Makefile.ssl                         1.1.1.1.2.5.2.1
+  src/crypto/openssl/NEWS                                 1.1.1.1.2.5.2.1
+  src/crypto/openssl/PROBLEMS                             1.1.1.1.2.2.2.1
+  src/crypto/openssl/README                               1.1.1.1.2.5.2.1
+  src/crypto/openssl/config                               1.1.1.1.2.5.2.1
+  src/crypto/openssl/e_os.h                               1.1.1.1.2.4.2.1
+  src/crypto/openssl/openssl.spec                         1.1.1.1.2.4.2.1
+  src/crypto/openssl/apps/CA.pl                           1.1.1.1.2.4.2.1
+  src/crypto/openssl/apps/Makefile.ssl                    1.1.1.1.2.4.2.1
+  src/crypto/openssl/apps/apps.h                         1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/asn1pars.c                      1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/ca.c                            1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/ciphers.c                      1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/crl.c                          1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/crl2p7.c                       1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/der_chop                        1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/dgst.c                          1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/dh.c                           1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/dhparam.c                      1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/dsa.c                          1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/dsaparam.c                      1.1.1.1.2.4.2.1
+  src/crypto/openssl/apps/enc.c                           1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/errstr.c                       1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/gendh.c                        1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/gendsa.c                       1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/genrsa.c                       1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/nseq.c                         1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/openssl.c                       1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/openssl.cnf                     1.1.1.1.2.5.2.1
+  src/crypto/openssl/apps/passwd.c                        1.1.1.1.2.3.8.1
+  src/crypto/openssl/apps/pkcs12.c                        1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/pkcs7.c                         1.1.1.1.2.3.2.1
+  src/crypto/openssl/apps/pkcs8.c                        1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/rand.c                         1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/req.c                           1.1.1.1.2.4.2.1
+  src/crypto/openssl/apps/rsa.c                          1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/s_client.c                      1.1.1.1.2.4.2.1
+  src/crypto/openssl/apps/s_server.c                      1.1.1.1.2.3.8.1
+  src/crypto/openssl/apps/s_time.c                        1.1.1.1.2.2.2.1
+  src/crypto/openssl/apps/sess_id.c                      1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/speed.c                             1.3.2.4.2.1
+  src/crypto/openssl/apps/spkac.c                        1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/verify.c                       1.1.1.1.2.2.10.1
+  src/crypto/openssl/apps/version.c                      1.1.1.1.2.1.10.1
+  src/crypto/openssl/apps/x509.c                          1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/Makefile.ssl                  1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/cryptlib.c                    1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/crypto.h                      1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/md32_common.h                 1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/mem.c                         1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/mem_clr.c                         1.1.1.1.6.1
+  src/crypto/openssl/crypto/mem_dbg.c                     1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/opensslconf.h                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/opensslv.h                    1.1.1.1.2.5.2.1
+  src/crypto/openssl/crypto/tmdiff.c                      1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/uid.c                         1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/asn1/Makefile.ssl             1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/asn1/a_sign.c                 1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/asn1/a_strex.c               1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/asn1/a_utctm.c                1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/asn1/a_verify.c              1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/asn1/n_pkey.c                1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/asn1/p8_pkey.c               1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/bf/Makefile.ssl               1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/bf/bftest.c                  1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/bio/Makefile.ssl              1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/bio/bio.h                     1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/bn/Makefile.ssl               1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/bn/bn.h                       1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/bn/bn_lib.c                   1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/bn/bn_rand.c                  1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/bn/bn_word.c                 1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/bn/bntest.c                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bn/exptest.c                 1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/buffer/Makefile.ssl           1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/cast/Makefile.ssl             1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/cast/casttest.c              1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/comp/Makefile.ssl             1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/conf/Makefile.ssl             1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/conf/conf_def.c               1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/des/Makefile.ssl              1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/des/des.c                    1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/des/read2pwd.c                   1.1.1.1.12.1
+  src/crypto/openssl/crypto/des/read_pwd.c                1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/des/str2key.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/dh/Makefile.ssl               1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/dh/dhtest.c                   1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/dsa/Makefile.ssl              1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/dsa/dsatest.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/dso/Makefile.ssl              1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/err/Makefile.ssl              1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/err/err_all.c                     1.2.2.4.2.1
+  src/crypto/openssl/crypto/evp/Makefile.ssl              1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/evp/bio_enc.c                 1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/evp/bio_ok.c                 1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/evp/c_allc.c                  1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/evp/c_alld.c                  1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/evp/e_idea.c                 1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/evp/evp.h                         1.2.2.4.2.1
+  src/crypto/openssl/crypto/evp/evp_key.c                 1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/evp/p5_crpt.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/evp/p5_crpt2.c               1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/evp/p_open.c                 1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/hmac/Makefile.ssl             1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/hmac/hmactest.c              1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/idea/Makefile.ssl                 1.4.2.4.2.1
+  src/crypto/openssl/crypto/idea/i_cbc.c                      1.4.2.4.2.1
+  src/crypto/openssl/crypto/idea/i_cfb64.c                    1.4.2.4.2.1
+  src/crypto/openssl/crypto/idea/i_ecb.c                      1.4.2.4.2.1
+  src/crypto/openssl/crypto/idea/i_ofb64.c                    1.4.2.4.2.1
+  src/crypto/openssl/crypto/idea/i_skey.c                     1.4.2.4.2.1
+  src/crypto/openssl/crypto/idea/idea.h                       1.4.2.4.2.1
+  src/crypto/openssl/crypto/idea/idea_lcl.h                   1.4.2.4.2.1
+  src/crypto/openssl/crypto/idea/idea_spd.c                   1.4.2.4.2.1
+  src/crypto/openssl/crypto/idea/ideatest.c                   1.4.2.4.2.1
+  src/crypto/openssl/crypto/idea/version                      1.4.2.4.2.1
+  src/crypto/openssl/crypto/lhash/Makefile.ssl            1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/md2/Makefile.ssl              1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/md2/md2_dgst.c               1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/md2/md2_one.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/md2/md2test.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/md4/Makefile.ssl              1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/md4/md4_one.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/md4/md4test.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/md5/Makefile.ssl              1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/md5/md5_one.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/md5/md5test.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/mdc2/Makefile.ssl             1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/mdc2/mdc2_one.c              1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/mdc2/mdc2test.c              1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/objects/Makefile.ssl          1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/objects/obj_dat.c             1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/objects/obj_dat.h             1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/objects/obj_mac.h             1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/objects/obj_mac.num           1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/objects/objects.txt           1.1.1.1.2.2.2.1
+  src/crypto/openssl/crypto/pem/Makefile.ssl              1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/pem/pem_info.c                1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/pem/pem_lib.c                 1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/pem/pem_seal.c               1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/pkcs12/Makefile.ssl           1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/pkcs12/p12_crpt.c            1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/pkcs12/p12_decr.c            1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/pkcs12/p12_key.c              1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/pkcs7/Makefile.ssl            1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/pkcs7/bio_ber.c              1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c              1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/rand/Makefile.ssl             1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/rand/md_rand.c                1.1.1.1.2.5.2.1
+  src/crypto/openssl/crypto/rand/rand_egd.c               1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/rand/rand_win.c               1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/rand/randfile.c               1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/rand/randtest.c              1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/rc2/Makefile.ssl              1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/rc2/rc2test.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/rc4/Makefile.ssl              1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/rc4/rc4.c                        1.1.1.1.12.1
+  src/crypto/openssl/crypto/rc4/rc4test.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/rc5/Makefile.ssl              1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/rc5/rc5test.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/ripemd/Makefile.ssl           1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/ripemd/rmd_one.c             1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/ripemd/rmdtest.c             1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/rsa/Makefile.ssl              1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/rsa/rsa.h                         1.2.2.5.2.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                     1.2.4.3.2.1
+  src/crypto/openssl/crypto/rsa/rsa_lib.c                     1.2.2.4.2.1
+  src/crypto/openssl/crypto/rsa/rsa_pk1.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/rsa/rsa_saos.c               1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/rsa/rsa_sign.c               1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/sha/Makefile.ssl              1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/sha/sha1_one.c                   1.1.1.1.12.1
+  src/crypto/openssl/crypto/sha/sha1test.c               1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/sha/sha_one.c                    1.1.1.1.12.1
+  src/crypto/openssl/crypto/sha/shatest.c                1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/stack/Makefile.ssl            1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/threads/mttest.c             1.1.1.1.2.2.10.1
+  src/crypto/openssl/crypto/txt_db/Makefile.ssl           1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/x509/Makefile.ssl             1.1.1.1.2.4.2.1
+  src/crypto/openssl/crypto/x509/by_file.c               1.1.1.1.2.1.10.1
+  src/crypto/openssl/crypto/x509/x509_cmp.c               1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/x509/x509_vfy.c               1.1.1.1.2.3.2.1
+  src/crypto/openssl/crypto/x509v3/Makefile.ssl           1.1.1.1.2.4.2.1
+  src/crypto/openssl/demos/selfsign.c                    1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/c-indentation.el                1.1.1.1.2.2.10.1
+  src/crypto/openssl/doc/openssl.txt                     1.1.1.1.2.2.10.1
+  src/crypto/openssl/doc/apps/passwd.pod                 1.1.1.1.2.2.10.1
+  src/crypto/openssl/doc/apps/req.pod                    1.1.1.1.2.2.10.1
+  src/crypto/openssl/doc/apps/smime.pod                   1.1.1.1.2.3.2.1
+  src/crypto/openssl/doc/apps/x509.pod                   1.1.1.1.2.2.10.1
+  src/crypto/openssl/doc/crypto/BN_CTX_new.pod           1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/BN_add.pod               1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/BN_add_word.pod          1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/BN_bn2bin.pod             1.1.1.1.2.3.2.1
+  src/crypto/openssl/doc/crypto/BN_copy.pod              1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/BN_generate_prime.pod    1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/BN_mod_inverse.pod       1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod 1.1.1.1.2.2.10.1
+  src/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod 1.1.1.1.2.2.10.1
+  src/crypto/openssl/doc/crypto/BN_new.pod               1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/BN_rand.pod               1.1.1.1.2.3.2.1
+  src/crypto/openssl/doc/crypto/DH_generate_key.pod      1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/DH_generate_parameters.pod 1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/DH_new.pod               1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/DSA_SIG_new.pod          1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/DSA_do_sign.pod          1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/DSA_dup_DH.pod           1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/DSA_generate_key.pod     1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/DSA_generate_parameters.pod 1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/DSA_new.pod              1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/DSA_sign.pod             1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/EVP_SealInit.pod         1.1.1.1.2.2.10.1
+  src/crypto/openssl/doc/crypto/RAND_bytes.pod           1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/RSA_check_key.pod         1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/crypto/RSA_generate_key.pod      1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/crypto/RSA_print.pod            1.1.1.1.2.2.10.1
+  src/crypto/openssl/doc/crypto/RSA_private_encrypt.pod  1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/RSA_public_encrypt.pod   1.1.1.1.2.2.10.1
+  src/crypto/openssl/doc/crypto/RSA_sign.pod             1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 1.1.1.1.2.1.10.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod      1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.2.2.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod       1.1.1.1.2.2.2.1
+  src/crypto/openssl/doc/ssl/ssl.pod                      1.1.1.1.2.4.2.1
+  src/crypto/openssl/ssl/Makefile.ssl                     1.1.1.1.2.4.2.1
+  src/crypto/openssl/ssl/s23_clnt.c                           1.2.2.4.2.1
+  src/crypto/openssl/ssl/s23_lib.c                            1.2.2.4.2.1
+  src/crypto/openssl/ssl/s23_meth.c                       1.1.1.1.2.1.8.1
+  src/crypto/openssl/ssl/s23_srvr.c                           1.2.2.4.2.1
+  src/crypto/openssl/ssl/s2_clnt.c                            1.2.2.5.2.1
+  src/crypto/openssl/ssl/s2_enc.c                             1.2.2.5.2.1
+  src/crypto/openssl/ssl/s2_lib.c                             1.2.2.5.2.1
+  src/crypto/openssl/ssl/s2_meth.c                            1.2.2.4.2.1
+  src/crypto/openssl/ssl/s2_pkt.c                             1.2.2.4.2.1
+  src/crypto/openssl/ssl/s2_srvr.c                            1.2.2.5.2.1
+  src/crypto/openssl/ssl/s3_clnt.c                        1.1.1.1.2.5.2.1
+  src/crypto/openssl/ssl/s3_enc.c                         1.1.1.1.2.4.2.1
+  src/crypto/openssl/ssl/s3_lib.c                         1.1.1.1.2.4.2.1
+  src/crypto/openssl/ssl/s3_meth.c                           1.1.1.1.12.1
+  src/crypto/openssl/ssl/s3_pkt.c                         1.1.1.1.2.4.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.5.2.1
+  src/crypto/openssl/ssl/ssl.h                            1.1.1.1.2.5.2.1
+  src/crypto/openssl/ssl/ssl_lib.c                        1.1.1.1.2.4.2.1
+  src/crypto/openssl/ssl/ssl_sess.c                       1.1.1.1.2.5.2.1
+  src/crypto/openssl/ssl/ssltest.c                        1.1.1.1.2.3.2.1
+  src/crypto/openssl/ssl/t1_clnt.c                           1.1.1.1.12.1
+  src/crypto/openssl/ssl/t1_enc.c                         1.1.1.1.2.4.2.1
+  src/crypto/openssl/ssl/t1_meth.c                           1.1.1.1.12.1
+  src/crypto/openssl/ssl/t1_srvr.c                           1.1.1.1.12.1
+  src/crypto/openssl/test/Makefile.ssl                    1.1.1.1.2.4.2.1
+  src/crypto/openssl/test/methtest.c                         1.1.1.1.12.1
+  src/crypto/openssl/test/testssl                        1.1.1.1.2.1.10.1
+  src/crypto/openssl/tools/c_rehash                       1.1.1.1.2.4.2.1
+  src/crypto/openssl/tools/c_rehash.in                    1.1.1.1.2.2.8.1
+  src/crypto/openssl/util/libeay.num                      1.1.1.1.2.4.2.1
+  src/crypto/openssl/util/mk1mf.pl                        1.1.1.1.2.3.2.1
+  src/crypto/openssl/util/mkcerts.sh                         1.1.1.1.12.1
+  src/crypto/openssl/util/pod2mantest                     1.1.1.1.2.1.2.1
+  src/crypto/openssl/util/pl/BC-32.pl                     1.1.1.1.2.3.2.1
+  src/crypto/openssl/util/pl/Mingw32.pl                   1.1.1.1.2.4.2.1
+  src/secure/lib/libcrypto/Makefile                         1.15.2.13.2.1
+  src/sys/conf/newvers.sh                                   1.44.2.26.2.7
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.35
+  src/crypto/openssl/CHANGES                              1.1.1.1.2.2.6.2
+  src/crypto/openssl/Configure                            1.1.1.1.2.2.6.2
+  src/crypto/openssl/FAQ                                  1.1.1.1.2.3.6.2
+  src/crypto/openssl/INSTALL                              1.1.1.1.2.2.8.2
+  src/crypto/openssl/Makefile.org                         1.1.1.1.2.3.6.2
+  src/crypto/openssl/Makefile.ssl                         1.1.1.1.2.3.6.2
+  src/crypto/openssl/NEWS                                 1.1.1.1.2.3.6.2
+  src/crypto/openssl/README                               1.1.1.1.2.3.6.2
+  src/crypto/openssl/config                               1.1.1.1.2.3.6.2
+  src/crypto/openssl/e_os.h                               1.1.1.1.2.3.6.2
+  src/crypto/openssl/openssl.spec                         1.1.1.1.2.2.6.2
+  src/crypto/openssl/apps/Makefile.ssl                    1.1.1.1.2.3.6.2
+  src/crypto/openssl/apps/apps.h                          1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/asn1pars.c                      1.1.1.1.2.2.8.2
+  src/crypto/openssl/apps/ca.c                            1.1.1.1.2.2.8.2
+  src/crypto/openssl/apps/ciphers.c                       1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/crl.c                           1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/crl2p7.c                        1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/dgst.c                          1.1.1.1.2.2.8.2
+  src/crypto/openssl/apps/dh.c                            1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/dhparam.c                       1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/dsa.c                           1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/dsaparam.c                      1.1.1.1.2.3.6.2
+  src/crypto/openssl/apps/enc.c                           1.1.1.1.2.2.8.2
+  src/crypto/openssl/apps/errstr.c                        1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/gendh.c                         1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/gendsa.c                        1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/genrsa.c                        1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/nseq.c                          1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/openssl.c                       1.1.1.1.2.2.8.2
+  src/crypto/openssl/apps/openssl.cnf                     1.1.1.1.2.4.6.1
+  src/crypto/openssl/apps/passwd.c                        1.1.1.1.2.3.6.1
+  src/crypto/openssl/apps/pkcs12.c                        1.1.1.1.2.2.8.2
+  src/crypto/openssl/apps/pkcs7.c                         1.1.1.1.2.2.8.2
+  src/crypto/openssl/apps/pkcs8.c                         1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/rand.c                          1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/req.c                           1.1.1.1.2.3.6.2
+  src/crypto/openssl/apps/rsa.c                           1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/s_client.c                      1.1.1.1.2.3.6.2
+  src/crypto/openssl/apps/s_server.c                      1.1.1.1.2.3.6.1
+  src/crypto/openssl/apps/s_time.c                        1.1.1.1.2.1.8.2
+  src/crypto/openssl/apps/sess_id.c                       1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/speed.c                             1.3.2.3.6.2
+  src/crypto/openssl/apps/spkac.c                         1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/verify.c                        1.1.1.1.2.2.8.1
+  src/crypto/openssl/apps/version.c                       1.1.1.1.2.1.8.1
+  src/crypto/openssl/apps/x509.c                          1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/Makefile.ssl                  1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/cryptlib.c                    1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/cryptlib.h                    1.1.1.1.2.1.8.2
+  src/crypto/openssl/crypto/crypto.h                      1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/md32_common.h                 1.1.1.1.2.1.8.2
+  src/crypto/openssl/crypto/mem.c                         1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/mem_clr.c                         1.1.1.1.8.1
+  src/crypto/openssl/crypto/mem_dbg.c                     1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/opensslconf.h                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/opensslv.h                    1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/tmdiff.c                      1.1.1.1.2.1.8.2
+  src/crypto/openssl/crypto/uid.c                         1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/asn1/Makefile.ssl             1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/asn1/a_sign.c                 1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/asn1/a_strex.c                1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/asn1/a_utctm.c                1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/asn1/a_verify.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/asn1_lib.c               1.1.1.1.2.3.6.3
+  src/crypto/openssl/crypto/asn1/n_pkey.c                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/asn1/p8_pkey.c                1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bf/Makefile.ssl               1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/bf/bftest.c                   1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bio/Makefile.ssl              1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/bio/b_print.c                 1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/bio/bio.h                     1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/bn/Makefile.ssl               1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/bn/bn.h                       1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/bn/bn_lib.c                   1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/bn/bn_rand.c                  1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/bn/bn_word.c                  1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/bn/bntest.c                   1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/bn/exptest.c                  1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/buffer/Makefile.ssl           1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/cast/Makefile.ssl             1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/cast/casttest.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/comp/Makefile.ssl             1.1.1.1.2.2.6.2
+  src/crypto/openssl/crypto/conf/Makefile.ssl             1.1.1.1.2.2.6.2
+  src/crypto/openssl/crypto/conf/conf_def.c               1.1.1.1.2.1.8.2
+  src/crypto/openssl/crypto/des/Makefile.ssl              1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/des/des.c                     1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/des/read2pwd.c                   1.1.1.1.10.1
+  src/crypto/openssl/crypto/des/read_pwd.c                1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/des/str2key.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/dh/Makefile.ssl               1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/dh/dhtest.c                   1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/dsa/Makefile.ssl              1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/dsa/dsatest.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/dso/Makefile.ssl              1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/err/Makefile.ssl              1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/err/err_all.c                     1.2.2.3.6.1
+  src/crypto/openssl/crypto/evp/Makefile.ssl              1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/evp/bio_enc.c                 1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/evp/bio_ok.c                  1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/evp/c_allc.c                  1.1.1.1.2.1.8.2
+  src/crypto/openssl/crypto/evp/c_alld.c                  1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/evp/e_idea.c                  1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/evp/evp.h                         1.2.2.3.6.2
+  src/crypto/openssl/crypto/evp/evp_key.c                 1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/evp/p5_crpt.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/evp/p5_crpt2.c                1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/evp/p_open.c                  1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/hmac/Makefile.ssl             1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/hmac/hmactest.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/idea/Makefile.ssl                 1.4.2.3.6.1
+  src/crypto/openssl/crypto/idea/i_cbc.c                      1.4.2.3.6.1
+  src/crypto/openssl/crypto/idea/i_cfb64.c                    1.4.2.3.6.1
+  src/crypto/openssl/crypto/idea/i_ecb.c                      1.4.2.3.6.1
+  src/crypto/openssl/crypto/idea/i_ofb64.c                    1.4.2.3.6.1
+  src/crypto/openssl/crypto/idea/i_skey.c                     1.4.2.3.6.1
+  src/crypto/openssl/crypto/idea/idea.h                       1.4.2.3.6.1
+  src/crypto/openssl/crypto/idea/idea_lcl.h                   1.4.2.3.6.1
+  src/crypto/openssl/crypto/idea/idea_spd.c                   1.4.2.3.6.1
+  src/crypto/openssl/crypto/idea/ideatest.c                   1.4.2.3.6.1
+  src/crypto/openssl/crypto/idea/version                      1.4.2.3.6.1
+  src/crypto/openssl/crypto/lhash/Makefile.ssl            1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/md2/Makefile.ssl              1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/md2/md2_dgst.c                1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/md2/md2_one.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/md2/md2test.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/md4/Makefile.ssl              1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/md4/md4_one.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/md4/md4test.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/md5/Makefile.ssl              1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/md5/md5_one.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/md5/md5test.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/mdc2/Makefile.ssl             1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/mdc2/mdc2_one.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/mdc2/mdc2test.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/objects/Makefile.ssl          1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/objects/obj_dat.c             1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/objects/obj_dat.h             1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/objects/obj_mac.h             1.1.1.1.2.1.8.2
+  src/crypto/openssl/crypto/objects/obj_mac.num           1.1.1.1.2.1.8.2
+  src/crypto/openssl/crypto/objects/objects.txt           1.1.1.1.2.1.8.2
+  src/crypto/openssl/crypto/pem/Makefile.ssl              1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/pem/pem_info.c                1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/pem/pem_lib.c                 1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/pem/pem_seal.c                1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/pkcs12/Makefile.ssl           1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/pkcs12/p12_crpt.c             1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/pkcs12/p12_decr.c             1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/pkcs12/p12_key.c              1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/pkcs7/Makefile.ssl            1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/pkcs7/bio_ber.c               1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c              1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/rand/Makefile.ssl             1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/rand/md_rand.c                1.1.1.1.2.4.6.2
+  src/crypto/openssl/crypto/rand/rand_egd.c               1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/rand/rand_win.c               1.1.1.1.2.2.6.2
+  src/crypto/openssl/crypto/rand/randfile.c               1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/rand/randtest.c               1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/rc2/Makefile.ssl              1.1.1.1.2.1.6.1
+  src/crypto/openssl/crypto/rc2/rc2test.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/rc4/Makefile.ssl              1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/rc4/rc4.c                        1.1.1.1.10.1
+  src/crypto/openssl/crypto/rc4/rc4test.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/rc5/Makefile.ssl              1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/rc5/rc5test.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/ripemd/Makefile.ssl           1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/ripemd/rmd_one.c              1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/ripemd/rmdtest.c              1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/rsa/Makefile.ssl              1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/rsa/rsa.h                         1.2.2.4.6.2
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                     1.2.4.2.6.2
+  src/crypto/openssl/crypto/rsa/rsa_lib.c                     1.2.2.3.6.1
+  src/crypto/openssl/crypto/rsa/rsa_pk1.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/rsa/rsa_saos.c                1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/sha/Makefile.ssl              1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/sha/sha1_one.c                   1.1.1.1.10.1
+  src/crypto/openssl/crypto/sha/sha1test.c                1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/sha/sha_one.c                    1.1.1.1.10.1
+  src/crypto/openssl/crypto/sha/shatest.c                 1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/stack/Makefile.ssl            1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/threads/mttest.c              1.1.1.1.2.2.8.1
+  src/crypto/openssl/crypto/txt_db/Makefile.ssl           1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/x509/Makefile.ssl             1.1.1.1.2.3.6.2
+  src/crypto/openssl/crypto/x509/by_file.c                1.1.1.1.2.1.8.1
+  src/crypto/openssl/crypto/x509/x509_cmp.c               1.1.1.1.2.3.6.1
+  src/crypto/openssl/crypto/x509/x509_vfy.c               1.1.1.1.2.2.8.2
+  src/crypto/openssl/crypto/x509v3/Makefile.ssl           1.1.1.1.2.3.6.2
+  src/crypto/openssl/demos/selfsign.c                     1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/c-indentation.el                 1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/openssl.txt                      1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/apps/passwd.pod                  1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/apps/req.pod                     1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/apps/smime.pod                   1.1.1.1.2.2.8.2
+  src/crypto/openssl/doc/apps/x509.pod                    1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/BN_CTX_new.pod            1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/BN_add.pod                1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/BN_add_word.pod           1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/BN_bn2bin.pod             1.1.1.1.2.2.8.2
+  src/crypto/openssl/doc/crypto/BN_copy.pod               1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/BN_generate_prime.pod     1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/BN_mod_inverse.pod        1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod 1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod 1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/BN_new.pod                1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/BN_rand.pod               1.1.1.1.2.2.6.2
+  src/crypto/openssl/doc/crypto/DH_generate_key.pod       1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/DH_generate_parameters.pod 1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod   1.1.1.1.2.1.8.2
+  src/crypto/openssl/doc/crypto/DH_new.pod                1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/DSA_SIG_new.pod           1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/DSA_do_sign.pod           1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/DSA_dup_DH.pod            1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/DSA_generate_key.pod      1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/DSA_generate_parameters.pod 1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/DSA_new.pod               1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/DSA_sign.pod              1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/EVP_SealInit.pod          1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/RAND_bytes.pod            1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/RSA_check_key.pod         1.1.1.1.2.1.8.2
+  src/crypto/openssl/doc/crypto/RSA_generate_key.pod      1.1.1.1.2.1.8.2
+  src/crypto/openssl/doc/crypto/RSA_print.pod             1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/RSA_private_encrypt.pod   1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/RSA_public_encrypt.pod    1.1.1.1.2.2.8.1
+  src/crypto/openssl/doc/crypto/RSA_sign.pod              1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod 1.1.1.1.2.1.8.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod      1.1.1.1.2.1.6.1
+  src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod 1.1.1.1.2.1.6.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_new.pod              1.1.1.1.2.2.6.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod 1.1.1.2.2.1.6.2
+  src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod       1.1.1.1.2.1.6.2
+  src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod 1.1.1.1.2.1.6.2
+  src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod     1.1.1.1.2.1.6.2
+  src/crypto/openssl/doc/ssl/SSL_new.pod                  1.1.1.1.2.2.6.2
+  src/crypto/openssl/doc/ssl/ssl.pod                      1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/Makefile.ssl                     1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/s23_clnt.c                           1.2.2.3.6.2
+  src/crypto/openssl/ssl/s23_lib.c                            1.2.2.3.6.1
+  src/crypto/openssl/ssl/s23_meth.c                       1.1.1.1.2.1.6.1
+  src/crypto/openssl/ssl/s23_srvr.c                           1.2.2.3.6.2
+  src/crypto/openssl/ssl/s2_clnt.c                            1.2.2.3.6.2
+  src/crypto/openssl/ssl/s2_enc.c                             1.2.2.3.6.2
+  src/crypto/openssl/ssl/s2_lib.c                             1.2.2.3.6.2
+  src/crypto/openssl/ssl/s2_meth.c                            1.2.2.3.6.1
+  src/crypto/openssl/ssl/s2_pkt.c                             1.2.2.3.6.2
+  src/crypto/openssl/ssl/s2_srvr.c                            1.2.2.3.6.2
+  src/crypto/openssl/ssl/s3_clnt.c                        1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/s3_enc.c                         1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/s3_lib.c                         1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/s3_meth.c                           1.1.1.1.10.1
+  src/crypto/openssl/ssl/s3_pkt.c                         1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/ssl.h                            1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/ssl_asn1.c                       1.1.1.1.2.2.8.2
+  src/crypto/openssl/ssl/ssl_err.c                        1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/ssl_lib.c                        1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/ssl_locl.h                       1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/ssl_sess.c                       1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/ssltest.c                        1.1.1.1.2.2.8.2
+  src/crypto/openssl/ssl/t1_clnt.c                           1.1.1.1.10.1
+  src/crypto/openssl/ssl/t1_enc.c                         1.1.1.1.2.3.6.2
+  src/crypto/openssl/ssl/t1_meth.c                           1.1.1.1.10.1
+  src/crypto/openssl/ssl/t1_srvr.c                           1.1.1.1.10.1
+  src/crypto/openssl/test/Makefile.ssl                    1.1.1.1.2.3.6.2
+  src/crypto/openssl/test/methtest.c                         1.1.1.1.10.1
+  src/crypto/openssl/test/testssl                         1.1.1.1.2.1.8.1
+  src/crypto/openssl/tools/c_rehash                       1.1.1.1.2.2.6.2
+  src/crypto/openssl/tools/c_rehash.in                    1.1.1.1.2.2.6.1
+  src/crypto/openssl/util/libeay.num                      1.1.1.1.2.3.6.2
+  src/crypto/openssl/util/mk1mf.pl                        1.1.1.1.2.2.8.2
+  src/crypto/openssl/util/mkcerts.sh                         1.1.1.1.10.1
+  src/crypto/openssl/util/mkerr.pl                        1.1.1.1.2.2.8.2
+  src/crypto/openssl/util/pod2mantest                         1.1.1.1.4.2
+  src/crypto/openssl/util/pl/BC-32.pl                     1.1.1.1.2.2.8.2
+  src/crypto/openssl/util/pl/Mingw32.pl                   1.1.1.1.2.3.6.1
+  src/secure/lib/libcrypto/Makefile                         1.15.2.11.6.2
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.25
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL: http://www.openssl.org/news/secadv_20030219.txt>
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078>
+<URL: http://www.openssl.org/~bodo/tls-cbc.txt>
+<URL: http://lasecwww.epfl.ch/memo_ssl.shtml>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQE+W8BdFdaIBMps37IRApXfAJwMznR8VTdjX+8epBw0R2Pqwx7l/QCePFlB
+mOHuSwtsik0LHq79iRCwYU0=
+=Za02
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:03.syncookies.asc b/share/security/advisories/FreeBSD-SA-03:03.syncookies.asc
new file mode 100644
index 0000000000..2be421f685
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:03.syncookies.asc
@@ -0,0 +1,120 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:03.syncookies                                 Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Brute force attack on SYN cookies
+
+Category:       core
+Module:         sys_netinet
+Announced:      2003-02-24
+Credits:        Mike Silbersack <silby@FreeBSD.org>
+Affects:        FreeBSD 4.5-RELEASE
+                FreeBSD 4.6-RELEASE prior to 4.6.2-RELEASE-p9
+                FreeBSD 4.7-RELEASE prior to 4.7-RELEASE-p6
+                FreeBSD 4.7-STABLE prior to the correction date
+                FreeBSD 5.0-RELEASE prior to 5.0-RELEASE-p3
+Corrected:      2003-02-23 19:04:58 UTC (RELENG_4)
+                2003-02-23 20:18:48 UTC (RELENG_5_0)
+                2003-02-23 20:19:29 UTC (RELENG_4_7)
+                2003-02-24 02:42:06 UTC (RELENG_4_6)
+FreeBSD only:   YES
+
+I.  Background
+
+SYN cookies are a technique used to mitigate the effects of SYN flood
+attacks by choosing initial TCP sequence numbers (ISNs) that can be
+verified cryptographically.  FreeBSD implements this technique in the
+TCP stack (where it is referred to as `syncookies') by default.
+
+II.  Problem Description
+
+The FreeBSD syncookie implementation protects the generated ISN using
+a MAC that is keyed on one of several internal secret keys which are
+rotated periodically.  However, the keys are only 32 bits in length,
+allowing brute force attacks on the secrets to be feasible.
+
+III.  Impact
+
+Once a syncookie key has been recovered, an attacker may construct
+valid ISNs until the key is rotated (typically up to four seconds).
+The ability to construct a valid ISN may be used to spoof a TCP
+connection in exactly the same way as in the well-known ISN prediction
+attacks (see `References').  Spoofing may allow an attacker to bypass
+IP-based access control lists such as those implemented by
+tcp_wrappers and many firewalls.  Similarly, SMTP and other
+connections may be forged, increasing the difficulty of tracing
+abusers.  Recovery of a syncookie key will also allow the attacker to
+reset TCP connections initiated within the same 31.25ms window.
+
+IV.  Workaround
+
+syncookies may be disabled using the `net.inet.tcp.syncookies'
+sysctl(8).  Execute the following command as root:
+
+  # sysctl net.inet.tcp.syncookies=0
+
+To disable syncookies at system startup time, add the following line
+to sysctl.conf(5):
+
+  net.inet.tcp.syncookies=0
+
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_4_7
+(4.7-RELEASE-p6), RELENG_4_6 (4.6.2-RELEASE-p9), or RELENG_5_0
+(5.0-RELEASE-p3) security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.6, 4.7, and
+5.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:03/syncookie.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:03/syncookie.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html >
+and reboot the system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/sys/conf/newvers.sh
+  RELENG_5_0                                                     1.48.2.4
+  RELENG_4_7                                                1.44.2.26.2.8
+  RELENG_4_6                                               1.44.2.23.2.26
+src/sys/netinet/tcp_syncache.c
+  RELENG_4                                                       1.5.2.13
+  RELENG_5_0                                                     1.28.2.3
+  RELENG_4_7                                                  1.5.2.8.2.1
+  RELENG_4_6                                                  1.5.2.6.2.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL: http://cr.yp.to/syncookies.html >
+<URL: http://www.cert.org/advisories/CA-2001-09.html >
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQE+Whc6FdaIBMps37IRAgP9AJ4npQ6fYrxATBWOx8AdlKA/03GsggCcC4Br
+GBDcKjEcnHInChHZVuXYg58=
+=LfP+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:04.sendmail.asc b/share/security/advisories/FreeBSD-SA-03:04.sendmail.asc
new file mode 100644
index 0000000000..38e1b1ab97
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:04.sendmail.asc
@@ -0,0 +1,254 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:04.sendmail                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          sendmail header parsing buffer overflow
+
+Category:       contrib
+Module:         contrib_sendmail
+Announced:      2003-03-03
+Revised:        2003-03-04
+Credits:        Mark Dowd (ISS)
+Affects:        All releases prior to 4.8-RELEASE and 5.0-RELEASE-p4
+                FreeBSD 4-STABLE prior to the correction date
+Corrected:      2003-03-03 18:03:18 UTC (RELENG_4)
+                2003-03-03 17:19:49 UTC (RELENG_5_0)
+                2003-03-03 17:20:23 UTC (RELENG_4_7)
+                2003-03-03 17:21:58 UTC (RELENG_4_6)
+                2003-03-03 17:22:07 UTC (RELENG_4_5)
+                2003-03-03 17:22:16 UTC (RELENG_4_4)
+                2003-03-03 17:22:26 UTC (RELENG_4_3)
+                2003-03-03 17:23:11 UTC (RELENG_3)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2003-03-03  Initial release
+v1.1  2003-03-04  Added correction details for each branch.
+
+I.   Background
+
+FreeBSD includes sendmail(8), a general purpose internetwork mail
+routing facility, as the default Mail Transfer Agent (MTA).
+
+II.  Problem Description
+
+ISS has identified a buffer overflow that may occur during header
+parsing in all versions of sendmail after version 5.79.
+
+In addition, Sendmail, Inc. has identified and corrected a defect in
+buffer handling within sendmail's RFC 1413 ident protocol support.
+
+III. Impact
+
+A remote attacker could create a specially crafted message that may
+cause sendmail to execute arbitrary code with the privileges of the
+user running sendmail, typically root.  The malicious message might be
+handled (and therefore the vulnerability triggered) by the initial
+sendmail MTA, any relaying sendmail MTA, or by the delivering sendmail
+process.  Exploiting this defect is particularly difficult, but is
+believed to be possible.
+
+The defect in the ident routines is not believed to be exploitable.
+
+IV.  Workaround
+
+There is no workaround, other than not using sendmail.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_0,
+RELENG_4_7, or RELENG_4_6 security branch dated after the correction
+date (5.0-RELEASE-p4, 4.7-RELEASE-p7, or 4.6.2-RELEASE-p10,
+respectively).
+
+[NOTE: At the time of this writing, the FreeBSD 4-STABLE branch is
+ labeled `4.8-RC1'.]
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 5.0, 4.7,
+and 4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libsm
+# make obj && make depend && make
+# cd /usr/src/lib/libsmutil
+# make obj && make depend && make
+# cd /usr/src/usr.sbin/sendmail
+# make obj && make depend && make && make install
+
+c) Restart sendmail.  Execute the following command as root.
+
+# /bin/sh /etc/rc.sendmail restart
+
+3) For i386 systems only, a patched sendmail binary is available.
+Select the correct binary based on your FreeBSD version and whether or
+not you want STARTTLS support.  If you want STARTTLS support, you must
+have the crypto distribution installed.
+
+a) Download the relevant binary from the location below, and verify
+the detached PGP signature using your PGP utility.
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz.asc
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz.asc
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz.asc
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz.asc
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz.asc
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz.asc
+
+b) Install the binary.  Execute the following commands as root.
+Note that these examples utilizes the FreeBSD 4.7 crypto binary.
+Substitute BINARYGZ with the file name which you downloaded in
+step (a).
+
+# BINARYGZ=/path/to/sendmail-4.7-i386-crypto.bin.gz
+# gunzip ${BINARYGZ}
+# install -s -o root -g smmsp -m 2555 ${BINARYGZ%.gz} /usr/libexec/sendmail/sendmail
+
+c) Restart sendmail.  Execute the following command as root.
+
+# /bin/sh /etc/rc.sendmail restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/sendmail/FREEBSD-upgrade                           1.1.2.15
+  src/contrib/sendmail/PGPKEYS                                1.1.1.1.2.5
+  src/contrib/sendmail/RELEASE_NOTES                         1.1.1.3.2.14
+  src/contrib/sendmail/cf/README                             1.1.1.3.2.14
+  src/contrib/sendmail/cf/cf/submit.cf                        1.1.1.1.2.7
+  src/contrib/sendmail/cf/m4/version.m4                      1.1.1.3.2.14
+  src/contrib/sendmail/cf/ostype/bsd4.4.m4                        1.3.6.2
+  src/contrib/sendmail/contrib/bitdomain.c                        1.2.6.2
+  src/contrib/sendmail/doc/op/op.me                          1.1.1.3.2.14
+  src/contrib/sendmail/libmilter/comm.c                       1.1.1.1.2.8
+  src/contrib/sendmail/libmilter/docs/smfi_setreply.html      1.1.1.1.2.3
+  src/contrib/sendmail/libmilter/handler.c                    1.1.1.1.2.6
+  src/contrib/sendmail/libmilter/libmilter.h                  1.1.1.1.2.9
+  src/contrib/sendmail/libmilter/listener.c                  1.1.1.1.2.11
+  src/contrib/sendmail/libmilter/main.c                       1.1.1.1.2.9
+  src/contrib/sendmail/libsm/stdio.c                          1.1.1.1.2.4
+  src/contrib/sendmail/libsmdb/smdb2.c                        1.1.1.1.2.8
+  src/contrib/sendmail/mail.local/mail.local.c                   1.6.6.13
+  src/contrib/sendmail/makemap/makemap.c                          1.3.6.6
+  src/contrib/sendmail/praliases/praliases.c                      1.3.6.7
+  src/contrib/sendmail/smrsh/smrsh.c                             1.3.6.11
+  src/contrib/sendmail/src/README                            1.1.1.3.2.13
+  src/contrib/sendmail/src/TUNING                             1.1.1.1.2.3
+  src/contrib/sendmail/src/conf.c                                1.5.2.13
+  src/contrib/sendmail/src/conf.h                                1.6.2.13
+  src/contrib/sendmail/src/daemon.c                          1.1.1.3.2.12
+  src/contrib/sendmail/src/deliver.c                         1.1.1.3.2.13
+  src/contrib/sendmail/src/domain.c                           1.1.1.3.2.8
+  src/contrib/sendmail/src/err.c                                  1.3.6.7
+  src/contrib/sendmail/src/headers.c                              1.4.2.9
+  src/contrib/sendmail/src/main.c                            1.1.1.3.2.14
+  src/contrib/sendmail/src/mci.c                                 1.3.6.10
+  src/contrib/sendmail/src/milter.c                          1.1.1.1.2.15
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.2.6.12
+  src/contrib/sendmail/src/queue.c                           1.1.1.3.2.13
+  src/contrib/sendmail/src/savemail.c                            1.4.2.10
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.4.2.14
+  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.2.6.13
+  src/contrib/sendmail/src/tls.c                              1.1.1.1.2.4
+  src/contrib/sendmail/src/version.c                         1.1.1.3.2.14
+RELENG_5_0
+  src/UPDATING                                                  1.229.2.9
+  src/contrib/sendmail/src/daemon.c                          1.1.1.14.2.1
+  src/contrib/sendmail/src/headers.c                             1.12.2.1
+  src/contrib/sendmail/src/main.c                            1.1.1.15.2.1
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.14.2.1
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.17.2.1
+  src/sys/conf/newvers.sh                                        1.48.2.5
+RELENG_4_7
+  src/UPDATING                                              1.73.2.74.2.9
+  src/contrib/sendmail/src/daemon.c                      1.1.1.3.2.10.2.1
+  src/contrib/sendmail/src/headers.c                          1.4.2.7.2.1
+  src/contrib/sendmail/src/main.c                        1.1.1.3.2.12.2.1
+  src/contrib/sendmail/src/parseaddr.c                   1.1.1.2.6.10.2.1
+  src/contrib/sendmail/src/sendmail.h                    1.1.1.4.2.12.2.1
+  src/sys/conf/newvers.sh                                   1.44.2.26.2.9
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.37
+  src/contrib/sendmail/src/daemon.c                       1.1.1.3.2.8.2.1
+  src/contrib/sendmail/src/headers.c                          1.4.2.6.2.1
+  src/contrib/sendmail/src/main.c                         1.1.1.3.2.9.2.1
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.8.2.1
+  src/contrib/sendmail/src/sendmail.h                     1.1.1.4.2.9.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.27
+RELENG_4_5
+  src/UPDATING                                             1.73.2.50.2.41
+  src/contrib/sendmail/src/daemon.c                       1.1.1.3.2.6.4.1
+  src/contrib/sendmail/src/headers.c                          1.4.2.5.4.1
+  src/contrib/sendmail/src/main.c                         1.1.1.3.2.6.4.1
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.6.4.1
+  src/contrib/sendmail/src/sendmail.h                     1.1.1.4.2.7.4.1
+  src/sys/conf/newvers.sh                                  1.44.2.20.2.26
+RELENG_4_4
+  src/UPDATING                                             1.73.2.43.2.40
+  src/contrib/sendmail/src/daemon.c                       1.1.1.3.2.6.2.1
+  src/contrib/sendmail/src/headers.c                          1.4.2.5.2.1
+  src/contrib/sendmail/src/main.c                         1.1.1.3.2.6.2.1
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.6.2.1
+  src/contrib/sendmail/src/sendmail.h                     1.1.1.4.2.7.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.17.2.32
+RELENG_4_3
+  src/UPDATING                                             1.73.2.28.2.29
+  src/contrib/sendmail/src/daemon.c                       1.1.1.3.2.4.2.1
+  src/contrib/sendmail/src/headers.c                          1.4.2.4.2.1
+  src/contrib/sendmail/src/main.c                         1.1.1.3.2.4.2.1
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.4.2.1
+  src/contrib/sendmail/src/sendmail.h                     1.1.1.4.2.4.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.14.2.20
+RELENG_3
+  src/contrib/sendmail/src/daemon.c                           1.1.1.2.2.2
+  src/contrib/sendmail/src/headers.c                              1.3.2.2
+  src/contrib/sendmail/src/main.c                             1.1.1.2.2.2
+  src/contrib/sendmail/src/parseaddr.c                        1.1.1.2.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL: http://www.kb.cert.org/vuls/id/398025 >
+<URL: http://www.iss.net/issEn/delivery/xforce/alerts.jsp?type=Advisories >
+<URL: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1337 >
+<URL: http://www.sendmail.org/8.12.8.html >
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQE+ZOcUFdaIBMps37IRAkunAJwO8ydi9lqBz0C7Rx2KQnspXehBkACfVTxs
+1uOVHk3rXuMEgmwRoXoEKkA=
+=IwY2
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:05.xdr.asc b/share/security/advisories/FreeBSD-SA-03:05.xdr.asc
new file mode 100644
index 0000000000..1822815fa1
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:05.xdr.asc
@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:05.xdr                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          remote denial-of-service in XDR encoder/decoder
+
+Category:       core
+Module:         libc
+Announced:      2003-03-20
+Credits:        Riley Hassell, eEye
+                Todd Miller <millert@OpenBSD.org>
+Affects:        All releases of FreeBSD prior to 4.6-RELEASE-p11,
+                4.7-RELEASE-p8, 4.8-RELEASE and 5.0-RELEASE-p5
+Corrected:      2003-03-20 12:59:55 UTC (RELENG_4)
+                2003-03-20 13:05:04 UTC (RELENG_4_6)
+                2003-03-20 13:05:27 UTC (RELENG_4_7)
+                2003-03-20 13:04:46 UTC (RELENG_5_0)
+FreeBSD only:   NO
+
+I.   Background
+
+XDR (eXternal Data Representation) is a standard developed by Sun
+Microsystems for platform-independent encoding of data types.  It is
+widely used by the Sun RPC (Remote Procedure Call) protocol and other
+protocols.  FreeBSD's standard C library includes routines for encoding
+and decoding XDR, derived from a library originally distributed by
+Sun Microsystems.
+
+II.  Problem Description
+
+The xdrmem XDR stream object does incorrect bounds-checking.  An
+internal variable used for tracking bounds is a signed integer.
+Bounds-checking is performed by subtracting the object length from
+this signed integer, and then testing for a negative result.  However,
+if the object length is sufficiently large, the internal variable will
+wrap and the result will be positive.
+
+III. Impact
+
+For some operations on the xdrmem XDR stream object, the
+bounds-checking is followed by a memory copy.  If the bounds-checking
+error is exploited, then the memory copy will operate on a huge region
+of memory, resulting in a segmentation violation.  Thus, it may be
+possible for an attacker to send maliciously formatted messages to a
+service which utilizes the xdrmem XDR stream object and cause a
+denial-of-service.
+
+IV.  Workaround
+
+None known.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to the FreeBSD 4-STABLE branch; or
+to the RELENG_4_7 (4.7-RELEASE-p8), RELENG_4_6 (4.6-RELEASE-p11), or
+RELENG_5_0 (5.0-RELEASE-p5) security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.6, and 4.7
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-4.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-4.patch.asc
+
+The following patch has been verified to apply to FreeBSD 5.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-5.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:05/xdr-5.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
+
+Note that any statically linked applications that are not part of
+the base system (i.e. from the Ports Collection or other 3rd-party
+sources) must be recompiled.
+
+All affected applications must be restarted for them to use the
+corrected library.  Though not required, rebooting may be the easiest
+way to accomplish this.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/include/rpc/xdr.h                                          1.14.2.1
+  src/lib/libc/xdr/xdr_mem.c                                      1.8.2.1
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.38
+  src/include/rpc/xdr.h                                         1.14.10.1
+  src/lib/libc/xdr/xdr_mem.c                                     1.8.10.1
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.28
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.10
+  src/include/rpc/xdr.h                                         1.14.12.1
+  src/lib/libc/xdr/xdr_mem.c                                     1.8.12.1
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.10
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.10
+  src/include/rpc/xdr.h                                          1.21.2.1
+  src/lib/libc/xdr/xdr_mem.c                                     1.11.2.1
+  src/sys/conf/newvers.sh                                        1.48.2.6
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL: http://www.cert.org/advisories/CA-2003-10.html >
+<URL: http://www.eeye.com/html/Research/Advisories/AD20030318.html >
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0028 >
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.0 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iD8DBQE+eb5xFdaIBMps37IRAiG+AJ4yWC/mnLQJAinaxAgt/CfvHY2wrQCfeaCR
+W5v39BKPf1fGIK5T3/Rwcp8=
+=MXpP
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:06.openssl.asc b/share/security/advisories/FreeBSD-SA-03:06.openssl.asc
new file mode 100644
index 0000000000..3940438661
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:06.openssl.asc
@@ -0,0 +1,160 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:06.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSL timing-based SSL/TLS attack
+
+Category:       crypto
+Module:         openssl
+Announced:      2003-03-21
+Credits:        Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa
+Affects:        All FreeBSD versions prior to 4.6-RELEASE-p12,
+                4.7-RELEASE-p9, 5.0-RELEASE-p6
+Corrected:      2003-03-20 21:07:20 UTC (RELENG_4)
+                2003-03-21 16:12:34 UTC (RELENG_4_7)
+                2003-03-21 16:12:03 UTC (RELENG_4_6)
+                2003-03-21 16:13:06 UTC (RELENG_5_0)
+FreeBSD only:   NO
+
+I.  Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL
+Project is a collaborative effort to develop a robust, commercial-
+grade, full-featured, and Open Source toolkit implementing the Secure
+Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography
+library.
+
+II.  Problem Description
+
+This advisory addresses two separate flaws recently fixed in OpenSSL:
+ (1) an RSA timing attack, and (2) the Klima-Pokorny-Rosa attack.
+
+- - - From the OpenSSL Project advisories (see references):
+
+(1) Researchers have discovered a timing attack on RSA keys, to which
+    OpenSSL is generally vulnerable, unless RSA blinding has been
+    turned on.
+
+(2) Czech cryptologists Vlastimil Klima, Ondrej Pokorny, and Tomas Rosa
+    have come up with an extension of the "Bleichenbacher attack" on
+    RSA with PKCS #1 v1.5 padding as used in SSL 3.0 and TLS 1.0.
+    Their attack requires the attacker to open millions of SSL/TLS
+    connections to the server under attack; the server's behaviour
+    when faced with specially made-up RSA ciphertexts can reveal
+    information that in effect allows the attacker to perform a single
+    RSA private key operation on a ciphertext of its choice using the
+    server's RSA key.  Note that the server's RSA key is not
+    compromised in this attack.
+
+III.  Impact
+
+RSA timing attack:
+  An RSA private key may be compromised.
+
+Klima-Pokorny-Rosa attack:
+  A vulnerable server, when faced with specially made-up RSA
+  ciphertexts, can reveal information that in effect allows the
+  attacker to perform a single RSA private key operation on a
+  ciphertext of its choice using the server's RSA key.  Note that the
+  server's RSA key is not compromised in this attack.
+
+IV.  Workaround
+
+RSA timing attack:
+  Disable the use of RSA or enable RSA blinding in OpenSSL using the
+  RSA_blinding_on() function.  The method of adjusting the list of
+  acceptable ciphersuites varies from application to application.  See
+  the application's documentation for details.
+
+Klima-Pokorny-Rosa attack:
+  Disable the use of ciphersuites which use PKCS #1 v1.5 padding in SSL
+  or TLS.  The method of adjusting the list of acceptable ciphersuites
+  varies from application to application.  See the application's
+  documentation for details.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_4_7
+(4.7-RELEASE-p9), RELENG_4_6 (4.6-RELEASE-p12), or RELENG_5_0
+(5.0-RELEASE-p6) security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.6, 4.7,
+and 5.0 systems which have already been patched for the issues resolved
+in FreeBSD-SA-03:02.openssl.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:06/openssl.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:06/openssl.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >.
+
+Note that any statically linked applications that are not part of the
+base system (i.e. from the Ports Collection or other 3rd-party sources)
+must be recompiled.
+
+All affected applications must be restarted for them to use the
+corrected library.  Though not required, rebooting may be the easiest
+way to accomplish this.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Patch
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                         1.2.4.6
+  src/crypto/openssl/crypto/rsa/rsa_lib.c                         1.2.2.7
+  src/crypto/openssl/ssl/s3_srvr.c                            1.1.1.1.2.7
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.39
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                     1.2.4.2.6.3
+  src/crypto/openssl/crypto/rsa/rsa_lib.c                     1.2.2.3.6.2
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.3.6.3
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.29
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.11
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                     1.2.4.3.2.2
+  src/crypto/openssl/crypto/rsa/rsa_lib.c                     1.2.2.4.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.5.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.11
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.11
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                         1.8.2.2
+  src/crypto/openssl/crypto/rsa/rsa_lib.c                         1.6.2.2
+  src/crypto/openssl/ssl/s3_srvr.c                            1.1.1.9.2.2
+  src/sys/conf/newvers.sh                                         1.6.2.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131 >
+<URL: http://eprint.iacr.org/2003/052/ >
+<URL: http://www.openssl.org/news/secadv_20030317.txt >
+<URL: http://www.openssl.org/news/secadv_20030319.txt >
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.0 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iD8DBQE+e3s9FdaIBMps37IRAufUAKCTht2X617uI3AB8G/RnRLNvmuFUwCffDNW
+wMVBJ2SE2dSq6JcNdCFT9jA=
+=PBbA
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:07.sendmail.asc b/share/security/advisories/FreeBSD-SA-03:07.sendmail.asc
new file mode 100644
index 0000000000..f2141821e5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:07.sendmail.asc
@@ -0,0 +1,256 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:07.sendmail                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          a second sendmail header parsing buffer overflow
+
+Category:       contrib
+Module:         contrib_sendmail
+Announced:      2003-03-30
+Credits:        Michal Zalewski <lcamtuf@ghettot.org>
+Affects:        All releases prior to 4.8-RELEASE and 5.0-RELEASE-p7
+                FreeBSD 4-STABLE prior to the correction date
+Corrected:      2003-03-29 19:34:13 UTC (RELENG_4)
+                2003-03-29 21:58:11 UTC (RELENG_5_0)
+                2003-03-29 21:58:05 UTC (RELENG_4_7)
+                2003-03-29 21:57:58 UTC (RELENG_4_6)
+                2003-03-29 21:57:52 UTC (RELENG_4_5)
+                2003-03-29 21:57:45 UTC (RELENG_4_4)
+                2003-03-29 21:57:36 UTC (RELENG_4_3)
+                2003-03-29 20:09:48 UTC (RELENG_3)
+FreeBSD only:   NO
+
+I.   Background
+
+FreeBSD includes sendmail(8), a general purpose internetwork mail
+routing facility, as the default Mail Transfer Agent (MTA).
+
+II.  Problem Description
+
+A buffer overflow that may occur during header parsing was identified.
+The overflow is possible due to a programming error involving type
+conversions in the C programming language.
+
+NOTE WELL:  This issue is distinct from the issue described in
+`FreeBSD-SA-03:04.sendmail', although the impact is very similar.
+
+III. Impact
+
+A remote attacker could create a specially crafted message that may
+cause sendmail to execute arbitrary code with the privileges of the
+user running sendmail, typically root.  The malicious message might be
+handled (and the vulnerability triggered) by the initial
+sendmail MTA, by any relaying sendmail MTA, or by the delivering sendmail
+process.  Exploiting this defect is particularly difficult, but is
+believed to be possible.
+
+The defect in the ident routines is not believed to be exploitable.
+
+IV.  Workaround
+
+There is no workaround, other than not using sendmail.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 4.8-RELEASE; or
+to the RELENG_5_0, RELENG_4_7, or RELENG_4_6 security branch dated
+after the correction date (5.0-RELEASE-p7, 4.7-RELEASE-p10, or
+4.6.2-RELEASE-p13, respectively).
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 5.0, 4.7,
+and 4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail.patch
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libsm
+# make obj && make depend && make
+# cd /usr/src/lib/libsmutil
+# make obj && make depend && make
+# cd /usr/src/usr.sbin/sendmail
+# make obj && make depend && make && make install
+
+c) Restart sendmail.  Execute the following command as root.
+
+# /bin/sh /etc/rc.sendmail restart
+
+3) For i386 systems only, a patched sendmail binary is available.
+Select the correct binary based on your FreeBSD version and whether or
+not you want STARTTLS support.  If you want STARTTLS support, you must
+have the crypto distribution installed.
+
+a) Download the relevant binary from the location below, and verify
+the detached PGP signature using your PGP utility.
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz.asc
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz.asc
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz.asc
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz.asc
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz.asc
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz.asc
+
+b) Install the binary.  Execute the following commands as root.
+Note that these examples utilizes the FreeBSD 4.7 crypto binary.
+Substitute BINARYGZ with the name of the file which you downloaded in
+step (a).
+
+# BINARYGZ=/path/to/sendmail-4.7-i386-crypto.bin.gz
+# gunzip ${BINARYGZ}
+# install -s -o root -g smmsp -m 2555 ${BINARYGZ%.gz} /usr/libexec/sendmail/sendmail
+
+c) Restart sendmail.  Execute the following command as root.
+
+# /bin/sh /etc/rc.sendmail restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/sendmail/FREEBSD-upgrade                           1.1.2.16
+  src/contrib/sendmail/RELEASE_NOTES                         1.1.1.3.2.15
+  src/contrib/sendmail/cf/README                             1.1.1.3.2.15
+  src/contrib/sendmail/cf/cf/submit.cf                        1.1.1.1.2.8
+  src/contrib/sendmail/cf/m4/cfhead.m4                            1.3.6.8
+  src/contrib/sendmail/cf/m4/proto.m4                        1.1.1.4.2.13
+  src/contrib/sendmail/cf/m4/version.m4                      1.1.1.3.2.15
+  src/contrib/sendmail/cf/mailer/usenet.m4                    1.1.1.2.6.3
+  src/contrib/sendmail/contrib/buildvirtuser                  1.1.1.1.2.5
+  src/contrib/sendmail/doc/op/op.me                          1.1.1.3.2.15
+  src/contrib/sendmail/editmap/editmap.8                      1.1.1.1.2.2
+  src/contrib/sendmail/include/sm/bdb.h                       1.1.1.1.2.2
+  src/contrib/sendmail/include/sm/conf.h                      1.1.1.1.2.7
+  src/contrib/sendmail/libmilter/docs/api.html                1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/design.html             1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/index.html              1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/installation.html       1.1.1.1.2.3
+  src/contrib/sendmail/libmilter/docs/other.html              1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/overview.html           1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/sample.html             1.1.1.1.2.3
+  src/contrib/sendmail/libmilter/docs/smfi_addheader.html     1.1.1.1.2.3
+  src/contrib/sendmail/libmilter/docs/smfi_addrcpt.html       1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/smfi_chgheader.html     1.1.1.1.2.3
+  src/contrib/sendmail/libmilter/docs/smfi_delrcpt.html       1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/smfi_getpriv.html       1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/smfi_getsymval.html     1.1.1.1.2.3
+  src/contrib/sendmail/libmilter/docs/smfi_main.html          1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/smfi_register.html      1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/smfi_replacebody.html   1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/smfi_setbacklog.html    1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/smfi_setconn.html       1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/smfi_setpriv.html       1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/smfi_setreply.html      1.1.1.1.2.4
+  src/contrib/sendmail/libmilter/docs/smfi_settimeout.html    1.1.1.1.2.3
+  src/contrib/sendmail/libmilter/docs/xxfi_abort.html         1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/xxfi_body.html          1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/xxfi_close.html         1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/xxfi_connect.html       1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/xxfi_envfrom.html       1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/xxfi_envrcpt.html       1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/xxfi_eoh.html           1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/xxfi_eom.html           1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/xxfi_header.html        1.1.1.1.2.2
+  src/contrib/sendmail/libmilter/docs/xxfi_helo.html          1.1.1.1.2.2
+  src/contrib/sendmail/libsm/clock.c                          1.1.1.1.2.5
+  src/contrib/sendmail/libsm/config.c                         1.1.1.1.2.3
+  src/contrib/sendmail/mail.local/mail.local.c                   1.6.6.14
+  src/contrib/sendmail/src/README                            1.1.1.3.2.14
+  src/contrib/sendmail/src/collect.c                         1.1.1.4.2.12
+  src/contrib/sendmail/src/conf.c                                1.5.2.14
+  src/contrib/sendmail/src/deliver.c                         1.1.1.3.2.14
+  src/contrib/sendmail/src/headers.c                             1.4.2.10
+  src/contrib/sendmail/src/main.c                            1.1.1.3.2.15
+  src/contrib/sendmail/src/milter.c                          1.1.1.1.2.16
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.2.6.13
+  src/contrib/sendmail/src/queue.c                           1.1.1.3.2.14
+  src/contrib/sendmail/src/readcf.c                          1.1.1.4.2.14
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.4.2.15
+  src/contrib/sendmail/src/sm_resolve.c                       1.1.1.1.2.3
+  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.2.6.14
+  src/contrib/sendmail/src/tls.c                              1.1.1.1.2.5
+  src/contrib/sendmail/src/usersmtp.c                        1.1.1.3.2.12
+  src/contrib/sendmail/src/version.c                         1.1.1.3.2.15
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.13
+  src/contrib/sendmail/src/conf.c                                1.18.2.1
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.14.2.2
+  src/contrib/sendmail/src/version.c                         1.1.1.16.2.1
+  src/sys/conf/newvers.sh                                        1.48.2.8
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.13
+  src/contrib/sendmail/src/conf.c                            1.5.2.11.2.1
+  src/contrib/sendmail/src/parseaddr.c                   1.1.1.2.6.10.2.2
+  src/contrib/sendmail/src/version.c                     1.1.1.3.2.12.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.12
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.41
+  src/contrib/sendmail/src/conf.c                             1.5.2.8.2.1
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.8.2.2
+  src/contrib/sendmail/src/version.c                      1.1.1.3.2.9.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.30
+RELENG_4_5
+  src/UPDATING                                             1.73.2.50.2.43
+  src/contrib/sendmail/src/conf.c                             1.5.2.6.4.1
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.6.4.2
+  src/contrib/sendmail/src/version.c                      1.1.1.3.2.7.4.1
+  src/sys/conf/newvers.sh                                  1.44.2.20.2.27
+RELENG_4_4
+  src/UPDATING                                             1.73.2.43.2.43
+  src/contrib/sendmail/src/conf.c                             1.5.2.6.2.1
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.6.2.2
+  src/contrib/sendmail/src/version.c                      1.1.1.3.2.7.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.17.2.34
+RELENG_4_3
+  src/UPDATING                                             1.73.2.28.2.31
+  src/contrib/sendmail/src/conf.c                             1.5.2.4.2.1
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.4.2.2
+  src/contrib/sendmail/src/version.c                      1.1.1.3.2.4.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.14.2.21
+RELENG_3
+  src/contrib/sendmail/src/conf.c                                 1.3.2.3
+  src/contrib/sendmail/src/parseaddr.c                        1.1.1.2.2.2
+  src/contrib/sendmail/src/version.c                          1.1.1.2.2.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL: http://www.cert.org/advisories/CA-2003-12.html >
+<URL: http://www.sendmail.com/security/ >
+<URL: http://lists.netsys.com/pipermail/full-disclosure/2003-March/008973.html >
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0161 >
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQE+h18lFdaIBMps37IRAg7lAJ9hJLEHlLsXV9Nq20Yw3E3470ZqdQCfX1Sv
+BBClV+coK1zwzq/zWcfejME=
+=eDvb
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:08.realpath.asc b/share/security/advisories/FreeBSD-SA-03:08.realpath.asc
new file mode 100644
index 0000000000..4eedf89b5c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:08.realpath.asc
@@ -0,0 +1,336 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:08.realpath                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Single byte buffer overflow in realpath(3)
+
+Category:       core
+Module:         libc
+Announced:      2003-08-03
+Credits:        Janusz Niewiadomski <funkysh@isec.pl>,
+                Wojciech Purczynski <cliph@isec.pl>,
+                CERT/CC
+Affects:        All releases of FreeBSD up to and including 4.8-RELEASE
+                and 5.0-RELEASE
+                FreeBSD 4-STABLE prior to May 22 17:11:44 2003 UTC
+Corrected:      2003-08-03 23:46:24 UTC (RELENG_5_0)
+                2003-08-03 23:43:43 UTC (RELENG_4_8)
+                2003-08-03 23:44:12 UTC (RELENG_4_7)
+                2003-08-03 23:44:36 UTC (RELENG_4_6)
+                2003-08-03 23:44:56 UTC (RELENG_4_5)
+                2003-08-03 23:45:41 UTC (RELENG_4_4)
+                2003-08-03 23:46:03 UTC (RELENG_4_3)
+                2003-08-03 23:47:39 UTC (RELENG_3)
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2003-08-03  Initial release
+v1.1  2003-08-04  Updated information for lukemftpd
+
+I.   Background
+
+The realpath(3) function is used to determine the canonical,
+absolute pathname from a given pathname which may contain extra
+``/'' characters, references to ``/./'' or ``/../'', or references
+to symbolic links.  The realpath(3) function is part of the FreeBSD
+Standard C Library.
+
+II.  Problem Description
+
+An off-by-one error exists in a portion of realpath(3) that computes
+the length of the resolved pathname.  As a result, if the resolved
+path name is exactly 1024 characters long and contains at least
+two directory separators, the buffer passed to realpath(3) will be
+overwritten by a single NUL byte.
+
+III. Impact
+
+Applications using realpath(3) MAY be vulnerable to denial of service
+attacks, remote code execution, and/or privilege escalation.  The
+impact on an individual application is highly dependent upon the
+source of the pathname passed to realpath, the position of the output
+buffer on the stack, the architecture on which the application is
+running, and other factors.
+
+Within the FreeBSD base system, several applications use realpath(3).
+Two applications which are negatively impacted are:
+
+(1) lukemftpd(8), an alternative FTP server: realpath(3) is used to
+    process the MLST and MLSD commands.  The vulnerability may be
+    exploitable, leading to code execution with superuser privileges.
+
+    lukemftpd(8) was installed (but not enabled) by default in
+    4.7-RELEASE and in 4-STABLE dated Jun 20 21:13:33 2002 UTC through
+    Nov 12 17:32:47 2002 UTC. It is not built or installed by default
+    in any other release.
+
+    If the `-r' option to lukemftpd is used (as suggested by the
+    example /etc/inetd.conf supplied in 4.7-RELEASE), then successful
+    exploitation leads to code execution with the privileges of
+    the authenticated user (rather than superuser privileges).
+
+(2) sftp-server(8), part of OpenSSH: realpath(3) is used to process
+    chdir commands.  This vulnerability may be exploitable, leading
+    to code execution with the privileges of the authenticated user.
+
+At the time of 4.8-RELEASE, the FreeBSD Ports Collection contained
+the following applications which appear to use realpath(3).  These
+applications have not been audited, and may or may not be vulnerable.
+There may be additional applications in the FreeBSD Ports Collection
+that use realpath(3), particularly statically-linked applications and
+applications added since 4.8-RELEASE.
+
+BitchX-1.0c19_1
+Mowitz-0.2.1_1
+XFree86-clients-4.3.0_1
+abcache-0.14
+aim-1.5.234
+analog-5.24,1
+anjuta-1.0.1_1
+aolserver-3.4.2
+argus-2.0.5
+arm-rtems-gdb-5.2_1
+avr-gdb-5.2.1
+ccache-2.1.1
+cdparanoia-3.9.8_4
+cfengine-1.6.3_4
+cfengine2-2.0.3
+cmake-1.4.7
+comserv-1.4.3
+criticalmass-0.97
+dedit-0.6.2.3_1
+drweb_postfix-4.29.10a
+drweb-4.29.2
+drweb_sendmail-4.29.10a
+edonkey-gui-gtk-0.5.0
+enca-0.10.7
+epic4-1.0.1_2
+evolution-1.2.2_1
+exim-3.36_1
+exim-4.12_5
+exim-ldap-4.12_5
+exim-ldap2-4.12_5
+exim-mysql-4.12_5
+exim-postgresql-4.12_5
+fam-2.6.9_2
+fastdep-0.15
+feh-1.2.4_1
+ferite-0.99.6
+fileutils-4.1_1
+finfo-0.1
+firebird-1.0.2
+firebird-1.0.r2
+frontpage-5.0.2.2623_1
+galeon-1.2.8
+galeon2-1.3.2_1
+gdb-5.3_20030311
+gdb-5.2.1_1
+gdm2-2.4.1.3
+gecc-20021119
+gentoo-0.11.34
+gkrellmvolume-2.1.7
+gltron-0.61
+global-4.5.1
+gnat-3.15p
+gnomelibs-1.4.2_1
+gprolog-1.2.16
+gracula-3.0
+gringotts-1.2.3
+gtranslator-0.43_1
+gvd-1.2.5
+hercules-2.16.5
+hte-0.7.0
+hugs98-200211
+i386-rtems-gdb-5.2_1
+i960-rtems-gdb-5.2_1
+installwatch-0.5.6
+ivtools-1.0.6
+ja-epic4-1.0.1_2
+ja-gnomelibs-1.4.2_1
+ja-msdosfs-20001027
+ja-samba-2.2.7a.j1.1_1
+kdebase-3.1_1
+kdelibs-3.1
+kermit-8.0.206
+ko-BitchX-1.0c16_3
+ko-msdosfs-20001027
+leocad-0.73
+libfpx-1.2.0.4_1
+libgnomeui-2.2.0.1
+libpdel-0.3.4
+librep-0.16.1_1
+linux-beonex-0.8.1
+linux-divxplayer-0.2.0
+linux-edonkey-gui-gtk-0.2.0.a.2002.02.22
+linux-gnomelibs-1.2.8_2
+linux-mozilla-1.2
+linux-netscape-communicator-4.8
+linux-netscape-navigator-4.8
+linux-phoenix-0.3
+linux_base-6.1_4
+linux_base-7.1_2
+lsh-1.5.1
+lukemftpd-1.1_1
+m68k-rtems-gdb-5.2_1
+mips-rtems-gdb-5.2_1
+mod_php4-4.3.1
+moscow_ml-2.00_1
+mozilla-1.0.2_1
+mozilla-1.2.1_1,2
+mozilla-1.2.1_2
+mozilla-1.3b,1
+mozilla-1.3b
+mozilla-embedded-1.0.2_1
+mozilla-embedded-1.2.1_1,2
+mozilla-embedded-1.3b,1
+msyslog-1.08f_1
+netraider-0.0.2
+openag-1.1.1_1
+openssh-portable-3.5p1_1
+openssh-3.5
+p5-PPerl-0.23
+paragui-1.0.2_2
+powerpc-rtems-gdb-5.2_1
+psim-freebsd-5.2.1
+ptypes-1.7.4
+pure-ftpd-1.0.14
+qiv-1.8
+readlink-20010616
+reed-5.4
+rox-1.3.6_1
+rox-session-0.1.18_1
+rpl-1.4.0
+rpm-3.0.6_6
+samba-2.2.8
+samba-3.0a20
+scrollkeeper-0.3.11_8,1
+sh-rtems-gdb-5.2_1
+sharity-light-1.2_1
+siag-3.4.10
+skipstone-0.8.3
+sparc-rtems-gdb-5.2_1
+squeak-2.7
+squeak-3.2
+swarm-2.1.1
+tcl-8.2.3_2
+tcl-8.3.5
+tcl-8.4.1,1
+tcl-thread-8.1.b1
+teTeX-2.0.2_1
+wine-2003.02.19
+wml-2.0.8
+worker-2.7.0
+xbubble-0.2
+xerces-c2-2.1.0_1
+xerces_c-1.7.0
+xnview-1.50
+xscreensaver-gnome-4.08
+xscreensaver-4.08
+xworld-2.0
+yencode-0.46_1
+zh-cle_base-0.9p1
+zh-tcl-8.3.0
+zh-tw-BitchX-1.0c19_3
+zh-ve-1.0
+zh-xemacs-20.4_1
+
+IV.  Workaround
+
+There is no generally applicable workaround.
+
+OpenSSH's sftp-server(8) may be disabled by editing
+/etc/ssh/sshd_config and commenting out the following line by
+inserting a `#' as the first character:
+
+  Subsystem       sftp    /usr/libexec/sftp-server
+
+lukemftpd(8) may be replaced by the default ftpd(8).
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.8-STABLE
+or to any of the RELENG_5_1 (5.1-RELEASE), RELENG_4_8
+(4.8-RELEASE-p1), or RELENG_4_7 (4.7-RELEASE-p11) security branches
+dated after the respective correction dates.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.  The following patch
+has been tested to apply to all FreeBSD 4.x releases and to FreeBSD
+5.0-RELEASE.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:08/realpath.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:08/realpath.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your operating system as described in
+<URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
+
+NOTE WELL:  Any statically linked applications that are not part of
+the base system (i.e. from the Ports Collection or other 3rd-party
+sources) must be recompiled.
+
+All affected applications must be restarted for them to use the
+corrected library.  Though not required, rebooting may be the easiest
+way to accomplish this.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_3
+  src/lib/libc/stdlib/realpath.c                                  1.6.2.1
+RELENG_4_3
+  src/UPDATING                                             1.73.2.28.2.32
+  src/lib/libc/stdlib/realpath.c                                  1.9.4.1
+  src/sys/conf/newvers.sh                                  1.44.2.14.2.22
+RELENG_4_4
+  src/UPDATING                                             1.73.2.43.2.45
+  src/lib/libc/stdlib/realpath.c                                  1.9.6.1
+  src/sys/conf/newvers.sh                                  1.44.2.17.2.36
+RELENG_4_5
+  src/UPDATING                                             1.73.2.50.2.44
+  src/lib/libc/stdlib/realpath.c                                  1.9.8.1
+  src/sys/conf/newvers.sh                                  1.44.2.20.2.28
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.42
+  src/lib/libc/stdlib/realpath.c                                 1.9.10.1
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.31
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.14
+  src/lib/libc/stdlib/realpath.c                                 1.9.12.1
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.13
+RELENG_4_8
+  src/UPDATING                                              1.73.2.80.2.3
+  src/lib/libc/stdlib/realpath.c                                 1.9.14.1
+  src/sys/conf/newvers.sh                                   1.44.2.29.2.2
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.14
+  src/lib/libc/stdlib/realpath.c                                 1.11.2.1
+  src/sys/conf/newvers.sh                                        1.48.2.9
+- -------------------------------------------------------------------------
+
+VII.  References
+
+<URL:http://isec.pl/vulnerabilities/isec-0011-wu-ftpd.txt>
+<URL:http://www.kb.cert.org/vuls/id/743092>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQE/L/fQFdaIBMps37IRAkxPAJ9QDmqcmkxrlYaOw7prB/Qwlu5w7QCfVQiV
+VpAcmS4V3Y0oE0WC92bBw+k=
+=gDXa
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:09.signal.asc b/share/security/advisories/FreeBSD-SA-03:09.signal.asc
new file mode 100644
index 0000000000..efe733fa28
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:09.signal.asc
@@ -0,0 +1,197 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:09.signal                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Insufficient range checking of signal numbers
+
+Category:       core
+Module:         sys
+Announced:      2003-08-10
+Affects:        All releases of FreeBSD up to and including 4.8-RELEASE-p1,
+                5.1-RELEASE (but see `Impact' below)
+                FreeBSD 4-STABLE prior to the correction date
+Corrected:      2003-08-10 23:09:28 UTC (RELENG_4)
+                2003-08-10 23:14:08 UTC (RELENG_5_1)
+                2003-08-10 23:17:48 UTC (RELENG_5_0)
+                2003-08-10 23:19:35 UTC (RELENG_4_8)
+                2003-08-11 10:14:38 UTC (RELENG_4_7)
+                2003-08-11 10:16:35 UTC (RELENG_4_6)
+                2003-08-12 20:23:24 UTC (RELENG_4_5)
+                2003-08-12 20:23:51 UTC (RELENG_4_4)
+                2003-08-12 20:24:13 UTC (RELENG_4_3)
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0  2003-08-10  Initial release
+v1.1  2003-08-11  Updated correction details for RELENG_4_7,
+                  RELENG_4_6, RELENG_4_5, RELENG_4_4, RELENG_4_3
+                  branches.  Corrected an internal section reference.
+                  Corrected a source file path name.
+
+I.   Background
+
+Signals are a UNIX mechanism for handling asynchronous events such as
+pressing the terminal interrupt key (e.g. Ctrl-C), job control, memory
+access violations, I/O completion, and many others.  Each signal is
+assigned a positive number.  There are a number of mechanisms by which
+a process may cause a signal to be sent, including using the kill(2)
+system call or registering with certain device drivers.
+
+II.  Problem Description
+
+Some mechanisms for causing a signal to be sent did not properly
+validate the signal number, in some cases allowing the kernel to
+attempt to deliver a negative or out-of-range signal number.  Such
+errors were present in the ptrace(2) system call and the `spigot'
+video capture device driver.
+
+The error in ptrace(2) was introduced in FreeBSD version 4.2-RELEASE
+(4-STABLE dated Oct 26 04:34:41 2000 UTC).
+
+The `spigot' device driver (including the error) was introduced in
+FreeBSD 2.0.5.  It has never been included in the kernel installed by
+default, nor in the GENERIC kernel configuration.  Only systems with
+`device spigot' added to the kernel configuration are affected by this
+instance of the error.
+
+III. Impact
+
+In most cases, attempted delivery of a negative or out-of-range signal
+number will trigger an assertion failure and panic, thereby crashing
+the system.  A malicious local user could use this vulnerability
+as a local denial-of-service attack.
+
+However, in FreeBSD 5.x, the assertion code is not present if the
+`INVARIANTS' kernel option is not used.  In FreeBSD 5.0-RELEASE and
+5.1-RELEASE, `INVARIANTS' is not enabled by default.  In this
+configuration, a malicious local user could use this vulnerability
+to modify kernel memory, potentially leading to complete system
+compromise.  (FreeBSD 4.x is not vulnerable in this way.)
+
+IV.  Workaround
+
+There is no workaround for the local denial-of-service attack.
+
+The more severe impact, present only in FreeBSD 5.x systems, can be
+avoided by uncommenting or adding the `INVARIANTS' line to your kernel
+configuration:
+
+  options       INVARIANTS              #Enable calls of extra sanity checking
+
+Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html>
+and reboot the system.
+
+NOTE WELL:  This workaround is only for FreeBSD 5.x systems.  This
+workaround does not eliminate the possibility of a local
+denial-of-service attack.
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.8-STABLE, or to any of the
+RELENG_4_8 (4.8-RELEASE-p2), RELENG_4_7 (4.7-RELEASE-p12), or
+RELENG_5_1 (5.1-RELEASE-p1) security branches dated after the
+respective correction dates.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 5.1-RELEASE]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal51.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal51.patch.asc
+
+[FreeBSD 5.0-RELEASE]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal50.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal50.patch.asc
+
+[FreeBSD 4.8-RELEASE, 4.8-STABLE, 4.7-STABLE dated Jan 2 20:39:13 2003 UTC
+ or later]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal4s.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal4s.patch.asc
+
+[FreeBSD 4.3-RELEASE through 4.7-RELEASE, 4.7-STABLE dated before
+ Jan 2 20:39:13 2003 UTC]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal47.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:09/signal47.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html>
+and reboot the system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+src/sys/UPDATING
+  RELENG_5_1                                                    1.251.2.2
+  RELENG_5_0                                                   1.229.2.15
+  RELENG_4_8                                                1.73.2.80.2.4
+  RELENG_4_7                                               1.73.2.74.2.15
+  RELENG_4_6                                               1.73.2.68.2.43
+  RELENG_4_5                                               1.73.2.50.2.45
+  RELENG_4_4                                               1.73.2.43.2.46
+  RELENG_4_3                                               1.73.2.28.2.33
+src/sys/conf/newvers.sh
+  RELENG_5_1                                                     1.50.2.3
+  RELENG_5_0                                                    1.48.2.10
+  RELENG_4_8                                                1.44.2.29.2.3
+  RELENG_4_7                                               1.44.2.26.2.14
+  RELENG_4_6                                               1.44.2.23.2.32
+  RELENG_4_5                                               1.44.2.20.2.29
+  RELENG_4_4                                               1.44.2.17.2.37
+  RELENG_4_3                                               1.44.2.14.2.23
+src/sys/i386/isa/spigot.c
+  RELENG_4                                                       1.44.2.1
+  RELENG_5_1                                                     1.58.2.1
+  RELENG_5_0                                                     1.55.2.1
+  RELENG_4_8                                                    1.44.14.1
+  RELENG_4_7                                                    1.44.12.1
+  RELENG_4_6                                                    1.44.10.1
+  RELENG_4_5                                                     1.44.8.1
+  RELENG_4_4                                                     1.44.6.1
+  RELENG_4_3                                                     1.44.4.1
+src/sys/kern/sys_process.c
+  RELENG_4                                                       1.51.2.7
+  RELENG_5_1                                                    1.108.2.1
+  RELENG_5_0                                                    1.104.2.1
+  RELENG_4_8                                                 1.51.2.6.2.1
+  RELENG_4_7                                                 1.51.2.4.2.2
+  RELENG_4_6                                                 1.51.2.3.4.2
+  RELENG_4_5                                                 1.51.2.3.2.2
+  RELENG_4_4                                                 1.51.2.1.4.3
+  RELENG_4_3                                                 1.51.2.1.2.3
+src/sys/kern/kern_sig.c
+  RELENG_5_1                                                    1.239.2.1
+  RELENG_5_0                                                    1.197.2.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQE/OVDMFdaIBMps37IRAsaBAJ4zAzw4sDcu2oc/M7iiXfLQzg8WogCeNqeF
+Di+jeJfFrpGAh+/JxUAW/60=
+=qXMR
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:10.ibcs2.asc b/share/security/advisories/FreeBSD-SA-03:10.ibcs2.asc
new file mode 100644
index 0000000000..580ebbbe34
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:10.ibcs2.asc
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:10.ibcs2                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Kernel memory disclosure via ibcs2
+
+Category:       core
+Module:         sys
+Announced:      2003-08-10
+Credits:        David Rhodus <drhodus@catpa.com>
+Affects:        All FreeBSD releases up to and including 4.8-RELEASE-p2,
+                5.1-RELEASE-p1
+Corrected:      2003-08-10 23:30:18 UTC (RELENG_4)
+                2003-08-10 23:28:16 UTC (RELENG_5_1)
+                2003-08-10 23:29:10 UTC (RELENG_5_0)
+                2003-08-10 23:31:11 UTC (RELENG_4_8)
+                2003-08-10 23:31:51 UTC (RELENG_4_7)
+                2003-08-10 23:32:22 UTC (RELENG_4_6)
+                2003-08-10 23:32:44 UTC (RELENG_4_5)
+                2003-08-10 23:33:18 UTC (RELENG_4_4)
+                2003-08-10 23:33:50 UTC (RELENG_4_3)
+                2003-08-10 23:35:21 UTC (RELENG_3)
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+FreeBSD contains a kernel option (IBCS2) and kernel loadable module
+(ibcs2.ko) that provide system call translation for running Intel
+Binary Compatibility Specification 2 (iBCS2) compliant programs.
+It is not enabled in FreeBSD by default.
+
+II.  Problem Description
+
+The iBCS2 system call translator for statfs(2) erroneously used the
+user-supplied length parameter when copying a kernel data structure
+into userland.  If the length parameter were larger than required,
+then instead of copying only the statfs-related data structure,
+additional kernel memory would also be made available to the user.
+
+III. Impact
+
+If iBCS2 support were enabled, a malicious user could call the iBCS2
+version of statfs(2) with an arbitrarily large length parameter,
+causing the kernel to return a large portion of kernel memory.  Such
+memory might contain sensitive information, such as portions of the
+file cache or terminal buffers.  This information might be directly
+useful, or it might be leveraged to obtain elevated privileges in some
+way.  For example, a terminal buffer might include a user-entered
+password.
+
+iBCS2 support is only present if the system administrator has enabled
+it by including `option IBCS2' in the kernel configuration file, or
+loaded it dynamically using kldload(8) or by setting `ibcs2_enable' in
+rc.conf(5).
+
+IV.  Workaround
+
+Disable iBCS2 support if it is enabled.
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4.8-STABLE, or to any of the
+RELENG_4_8 (4.8-RELEASE-p3), RELENG_4_7 (4.7-RELEASE-p13), or
+RELENG_5_1 (5.1-RELEASE-p2) security branches dated after the
+respective correction dates.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.  The following patch
+has been tested to apply to all FreeBSD 3.x, 4.x, and 5.x releases.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:10/ibcs2.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:10/ibcs2.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html>
+and reboot the system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/UPDATING
+  RELENG_5_1                                                    1.251.2.3
+  RELENG_5_0                                                   1.229.2.16
+  RELENG_4_8                                                1.73.2.80.2.5
+  RELENG_4_7                                               1.73.2.74.2.16
+  RELENG_4_6                                               1.73.2.68.2.44
+  RELENG_4_5                                               1.73.2.50.2.46
+  RELENG_4_4                                               1.73.2.43.2.47
+  RELENG_4_3                                               1.73.2.28.2.34
+src/sys/conf/newvers.sh
+  RELENG_5_1                                                     1.50.2.4
+  RELENG_5_0                                                    1.48.2.11
+  RELENG_4_8                                                1.44.2.29.2.4
+  RELENG_4_7                                               1.44.2.26.2.15
+  RELENG_4_6                                               1.44.2.23.2.33
+  RELENG_4_5                                               1.44.2.20.2.30
+  RELENG_4_4                                               1.44.2.17.2.38
+  RELENG_4_3                                               1.44.2.14.2.24
+src/sys/i386/ibcs2/ibcs2_stat.c
+  RELENG_4                                                       1.10.2.1
+  RELENG_5_1                                                     1.21.2.1
+  RELENG_5_0                                                     1.16.2.2
+  RELENG_4_8                                                    1.10.14.1
+  RELENG_4_7                                                    1.10.12.1
+  RELENG_4_6                                                    1.10.10.1
+  RELENG_4_5                                                     1.10.8.1
+  RELENG_4_4                                                     1.10.6.1
+  RELENG_4_3                                                     1.10.4.1
+  RELENG_3                                                        1.8.2.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQE/Nt6YFdaIBMps37IRAtuMAJ4r2aUyHWiYDuUvrVyRlh0n7mF6FQCgmDiw
+GOMr9asJmVzpRozE11KvtaE=
+=cLnc
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:11.sendmail.asc b/share/security/advisories/FreeBSD-SA-03:11.sendmail.asc
new file mode 100644
index 0000000000..0eacb78f4a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:11.sendmail.asc
@@ -0,0 +1,126 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:11.sendmail                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          sendmail DNS map problem
+
+Category:       contrib
+Module:         contrib_sendmail
+Announced:      2003-08-26
+Credits:        Oleg Bulyzhin <oleg@rinet.ru>
+Affects:        4.6-RELEASE (up to -p16), 4.7-RELEASE (up to -p13),
+                4.8-RELEASE (up to -p3), 5.0-RELEASE (up to -p11)
+                4-STABLE prior to Mar 29 19:33:18 2003 UTC
+Corrected:      2003-08-25 22:33:14 UTC (RELENG_5_0)
+                2003-08-25 22:35:23 UTC (RELENG_4_8)
+                2003-08-25 22:36:10 UTC (RELENG_4_7)
+                2003-08-25 22:38:53 UTC (RELENG_4_6)
+FreeBSD only:   NO
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+FreeBSD includes sendmail(8), a general purpose internetwork mail
+routing facility, as the default Mail Transfer Agent (MTA).
+
+II.  Problem Description
+
+Some versions of sendmail (8.12.0 through 8.12.8) contain a
+programming error in the code that implements DNS maps.  A malformed
+DNS reply packet may cause sendmail to call `free()' on an
+uninitialized pointer.
+
+NOTE: The default sendmail configuration in FreeBSD does not utilize
+DNS maps.
+
+III. Impact
+
+Calling `free()' on an uninitialized pointer may result in a sendmail
+child process crashing.  It may also be possible for an attacker to
+somehow influence the value of the `uninitialized pointer' and cause
+an arbitrary memory chunk to be freed.  This could further lead to
+some other exploitable vulnerability, although no such cases are known
+at this time.
+
+IV.  Workaround
+
+Do not use DNS maps.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5.1-RELEASE, or to the
+RELENG_5_1, RELENG_4_8, or RELENG_4_7 security branch dated after the
+correction date (5.1-RELEASE-p2, 4.8-RELEASE-p4, or 4.7-RELEASE-p14,
+respectively).
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 5.0, 4.8,
+4.7, and 4.6 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:11/sendmail.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libsm
+# make obj && make depend && make
+# cd /usr/src/lib/libsmutil
+# make obj && make depend && make
+# cd /usr/src/usr.sbin/sendmail
+# make obj && make depend && make && make install
+
+c) Restart sendmail.  Execute the following command as root.
+
+# /bin/sh /etc/rc.sendmail restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+src/UPDATING
+  RELENG_5_0                                                   1.229.2.17
+  RELENG_4_8                                                1.73.2.80.2.6
+  RELENG_4_7                                               1.73.2.74.2.17
+  RELENG_4_6                                               1.73.2.68.2.45
+src/sys/conf/newvers.sh
+  RELENG_5_0                                                    1.48.2.12
+  RELENG_4_8                                                1.44.2.29.2.5
+  RELENG_4_7                                               1.44.2.26.2.16
+  RELENG_4_6                                               1.44.2.23.2.34
+src/contrib/sendmail/src/sm_resolve.c
+  RELENG_5_0                                                  1.1.1.4.2.1
+  RELENG_4_8                                              1.1.1.1.2.2.4.1
+  RELENG_4_7                                              1.1.1.1.2.2.2.1
+  RELENG_4_6                                              1.1.1.1.2.1.2.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.sendmail.org/dnsmap1.html>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0688>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQE/S5yPFdaIBMps37IRAlrjAJwPNdxh0GeZQUVk7WYHHefQ6qAnGgCfRi9B
+7p9xVP++yIsd0W4UXnKde2k=
+=aFZp
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:12.openssh.asc b/share/security/advisories/FreeBSD-SA-03:12.openssh.asc
new file mode 100644
index 0000000000..17f85ddd30
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:12.openssh.asc
@@ -0,0 +1,323 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:12                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          OpenSSH buffer management error
+
+Category:       core, ports
+Module:         openssh, ports_openssh, openssh-portable
+Announced:      2003-09-16
+Credits:        The OpenSSH Project <openssh@openssh.org>
+Affects:        All FreeBSD releases after 4.0-RELEASE
+                FreeBSD 4-STABLE prior to the correction date
+                openssh port prior to openssh-3.6.1_3
+                openssh-portable port prior to openssh-portable-3.6.1p2_3
+Corrected:      2003-09-17 16:24:02 UTC (RELENG_4, 4.9-PRERELEASE)
+                2003-09-17 14:46:58 UTC (RELENG_5_1, 5.1-RELEASE-p4)
+                2003-09-17 14:50:14 UTC (RELENG_5_0, 5.0-RELEASE-p13)
+                2003-09-17 14:51:09 UTC (RELENG_4_8, 4.8-RELEASE-p6)
+                2003-09-17 14:51:37 UTC (RELENG_4_7, 4.7-RELEASE-p16)
+                2003-09-17 14:52:08 UTC (RELENG_4_6, 4.6-RELEASE-p19)
+                2003-09-17 14:52:42 UTC (RELENG_4_5, 4.5-RELEASE-p31)
+                2003-09-17 14:57:32 UTC (RELENG_4_4, 4.4-RELEASE-p41)
+                2003-09-17 14:58:56 UTC (RELENG_4_3, 4.3-RELEASE-p37)
+                2003-09-17 16:07:48 UTC (ports/security/openssh)
+                2003-09-17 16:07:48 UTC (ports/security/openssh-portable)
+CVE:            CAN-2003-0693, CAN-2003-0695, CAN-2003-0682
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2003-09-16  Initial release
+v1.1  2003-09-17  Typo in instructions for restarting sshd
+                  Additional buffer management errors corrected
+
+I.   Background
+
+OpenSSH is a free version of the SSH protocol suite of network
+connectivity tools.  OpenSSH encrypts all traffic (including
+passwords) to effectively eliminate eavesdropping, connection
+hijacking, and other network-level attacks. Additionally, OpenSSH
+provides a myriad of secure tunneling capabilities, as well as a
+variety of authentication methods. `ssh' is the client application,
+while `sshd' is the server.
+
+II.  Problem Description
+
+Several operations within OpenSSH require dynamic memory allocation
+or reallocation.  Examples are: the receipt of a packet larger
+than available space in a currently allocated buffer; creation of
+additional channels beyond the currently allocated maximum; and
+allocation of new sockets beyond the currently allocated maximum.
+Many of these operations can fail either due to `out of memory' or
+due to explicit checks for ridiculously sized requests.  However, the
+failure occurs after the allocation size has already been updated, so
+that the bookkeeping data structures are in an inconsistent state (the
+recorded size is larger than the actual allocation).  Furthermore,
+the detection of these failures causes OpenSSH to invoke several
+`fatal_cleanup' handlers, some of which may then attempt to use these
+inconsistent data structures.  For example, a handler may zero and
+free a buffer in this state, and as a result memory outside of the
+allocated area will be overwritten with NUL bytes.
+
+III. Impact
+
+A remote attacker can cause OpenSSH to crash.  The bug is not believed
+to be exploitable for code execution on FreeBSD.
+
+IV.  Workaround
+
+Do one of the following:
+
+1) Disable the base system sshd by executing the following command as
+   root:
+
+   # kill `cat /var/run/sshd.pid`
+
+   Be sure that sshd is not restarted when the system is restarted
+   by adding the following line to the end of /etc/rc.conf:
+
+   sshd_enable="NO"
+
+   AND
+
+   Deinstall the openssh or openssh-portable ports if you have one of
+   them installed.
+
+V.   Solution
+
+Do one of the following:
+
+[For OpenSSH included in the base system]
+
+1) Upgrade your vulnerable system to 4-STABLE or to the RELENG_5_1,
+   RELENG_4_8, or RELENG_4_7 security branch dated after
+   the correction date (5.1-RELEASE-p3, 4.8-RELEASE-p5, or
+   4.7-RELEASE-p15, respectively).
+
+2) FreeBSD systems prior to the correction date:
+
+The following patches have been verified to apply to FreeBSD 4.x and
+FreeBSD 5.x systems prior to the correction date.
+
+Download the appropriate patch and detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+[FreeBSD 4.3 and 4.4]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer44.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer44.patch.asc
+
+[FreeBSD 4.5]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer45.patch.asc
+
+[FreeBSD 4.6 and later, FreeBSD 5.0 and later]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:12/buffer46.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/sshd.patch
+# cd /usr/src/secure/lib/libssh
+# make depend && make all install
+# cd /usr/src/secure/usr.sbin/sshd
+# make depend && make all install
+# cd /usr/src/secure/usr.bin/ssh
+# make depend && make all install
+
+Be sure to restart `sshd' after updating.
+
+# kill `cat /var/run/sshd.pid`
+# /usr/sbin/sshd
+
+[For the OpenSSH ports]
+
+One of the following:
+
+1) Upgrade your entire ports collection and rebuild the OpenSSH port.
+
+2) Deinstall the old package and install a new package obtained from
+the following directory:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/
+
+[other platforms]
+Packages are not automatically generated for other platforms at this
+time due to lack of build resources.
+
+3) Download a new port skeleton for the openssh or openssh-portable
+port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz
+
+Be sure to restart `sshd' after updating.
+
+# kill `cat /var/run/sshd.pid`
+# test -x /usr/local/etc/rc.d/sshd.sh && sh /usr/local/etc/rc.d/sshd.sh start
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in the FreeBSD base system and ports collection.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+[Base system]
+RELENG_4
+  src/crypto/openssh/buffer.c                                 1.1.1.1.2.7
+  src/crypto/openssh/channels.c                              1.1.1.1.2.10
+  src/crypto/openssh/deattack.c                               1.1.1.1.2.5
+  src/crypto/openssh/misc.c                                   1.1.1.1.2.3
+  src/crypto/openssh/session.c                                   1.4.2.18
+  src/crypto/openssh/ssh-agent.c                                 1.2.2.11
+  src/crypto/openssh/version.h                               1.1.1.1.2.12
+RELENG_5_1
+  src/UPDATING                                                  1.251.2.5
+  src/crypto/openssh/buffer.c                                 1.1.1.6.4.2
+  src/crypto/openssh/channels.c                                  1.15.2.1
+  src/crypto/openssh/deattack.c                               1.1.1.5.4.1
+  src/crypto/openssh/misc.c                                   1.1.1.4.2.1
+  src/crypto/openssh/session.c                                   1.40.2.1
+  src/crypto/openssh/ssh-agent.c                                 1.18.2.1
+  src/crypto/openssh/version.h                                   1.20.2.2
+  src/sys/conf/newvers.sh                                        1.50.2.6
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.19
+  src/crypto/openssh/buffer.c                                 1.1.1.6.2.2
+  src/crypto/openssh/channels.c                                  1.13.2.1
+  src/crypto/openssh/deattack.c                               1.1.1.5.2.1
+  src/crypto/openssh/misc.c                                   1.1.1.3.2.1
+  src/crypto/openssh/session.c                                   1.38.2.1
+  src/crypto/openssh/ssh-agent.c                                 1.16.2.1
+  src/crypto/openssh/version.h                                   1.18.2.2
+  src/sys/conf/newvers.sh                                       1.48.2.14
+RELENG_4_8
+  src/UPDATING                                              1.73.2.80.2.8
+  src/crypto/openssh/buffer.c                             1.1.1.1.2.4.4.2
+  src/crypto/openssh/channels.c                           1.1.1.1.2.8.2.1
+  src/crypto/openssh/deattack.c                           1.1.1.1.2.4.4.1
+  src/crypto/openssh/misc.c                               1.1.1.1.2.2.4.1
+  src/crypto/openssh/session.c                               1.4.2.17.2.1
+  src/crypto/openssh/ssh-agent.c                             1.2.2.10.2.1
+  src/crypto/openssh/version.h                           1.1.1.1.2.10.2.2
+  src/sys/conf/newvers.sh                                   1.44.2.29.2.7
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.19
+  src/crypto/openssh/buffer.c                             1.1.1.1.2.4.2.2
+  src/crypto/openssh/channels.c                           1.1.1.1.2.7.2.1
+  src/crypto/openssh/deattack.c                           1.1.1.1.2.4.2.1
+  src/crypto/openssh/misc.c                               1.1.1.1.2.2.2.1
+  src/crypto/openssh/session.c                               1.4.2.16.2.1
+  src/crypto/openssh/ssh-agent.c                              1.2.2.8.2.1
+  src/crypto/openssh/version.h                            1.1.1.1.2.9.2.2
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.18
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.47
+  src/crypto/openssh/buffer.c                             1.1.1.1.2.3.4.3
+  src/crypto/openssh/channels.c                           1.1.1.1.2.6.2.2
+  src/crypto/openssh/deattack.c                           1.1.1.1.2.3.4.2
+  src/crypto/openssh/misc.c                               1.1.1.1.2.1.4.2
+  src/crypto/openssh/session.c                               1.4.2.12.2.2
+  src/crypto/openssh/ssh-agent.c                              1.2.2.7.4.2
+  src/crypto/openssh/version.h                            1.1.1.1.2.8.2.3
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.36
+RELENG_4_5
+  src/UPDATING                                             1.73.2.50.2.48
+  src/crypto/openssh/buffer.c                             1.1.1.1.2.3.2.2
+  src/crypto/openssh/channels.c                           1.1.1.1.2.5.2.2
+  src/crypto/openssh/deattack.c                           1.1.1.1.2.3.2.1
+  src/crypto/openssh/scp.c                                1.1.1.1.2.4.2.1
+  src/crypto/openssh/session.c                               1.4.2.11.2.1
+  src/crypto/openssh/ssh-agent.c                              1.2.2.7.2.1
+  src/crypto/openssh/version.h                            1.1.1.1.2.7.2.3
+  src/sys/conf/newvers.sh                                  1.44.2.20.2.32
+RELENG_4_4
+  src/UPDATING                                             1.73.2.43.2.49
+  src/crypto/openssh/buffer.c                             1.1.1.1.2.2.4.2
+  src/crypto/openssh/channels.c                           1.1.1.1.2.4.4.2
+  src/crypto/openssh/deattack.c                           1.1.1.1.2.2.4.1
+  src/crypto/openssh/scp.c                                1.1.1.1.2.3.4.1
+  src/crypto/openssh/session.c                                1.4.2.8.4.2
+  src/crypto/openssh/ssh-agent.c                              1.2.2.6.4.1
+  src/crypto/openssh/version.h                            1.1.1.1.2.5.2.4
+  src/sys/conf/newvers.sh                                  1.44.2.17.2.40
+RELENG_4_3
+  src/UPDATING                                             1.73.2.28.2.36
+  src/crypto/openssh/buffer.c                             1.1.1.1.2.2.2.2
+  src/crypto/openssh/channels.c                           1.1.1.1.2.4.2.2
+  src/crypto/openssh/deattack.c                           1.1.1.1.2.2.2.1
+  src/crypto/openssh/scp.c                                1.1.1.1.2.3.2.1
+  src/crypto/openssh/session.c                                1.4.2.8.2.2
+  src/crypto/openssh/ssh-agent.c                              1.2.2.6.2.1
+  src/crypto/openssh/version.h                            1.1.1.1.2.4.2.4
+  src/sys/conf/newvers.sh                                  1.44.2.14.2.26
+[Ports]
+  ports/security/openssh-portable/Makefile                           1.75
+  ports/security/openssh-portable/files/patch-buffer.c                1.2
+  ports/security/openssh-portable/files/patch-deattack.c              1.1
+  ports/security/openssh-portable/files/patch-misc.c                  1.3
+  ports/security/openssh-portable/files/patch-session.c              1.16
+  ports/security/openssh-portable/files/patch-ssh-agent.c             1.1
+  ports/security/openssh/Makefile                                   1.122
+  ports/security/openssh/files/patch-buffer.c                         1.2
+  ports/security/openssh/files/patch-deattack.c                       1.1
+  ports/security/openssh/files/patch-misc.c                           1.3
+  ports/security/openssh/files/patch-session.c                       1.15
+  ports/security/openssh/files/patch-ssh-agent.c                      1.1
+- -------------------------------------------------------------------------
+
+Branch                       Version string
+- -------------------------------------------------------------------------
+HEAD                         OpenSSH_3.6.1p1 FreeBSD-20030917
+RELENG_4                     OpenSSH_3.5p1 FreeBSD-20030917
+RELENG_5_1                   OpenSSH_3.6.1p1 FreeBSD-20030917
+RELENG_4_8                   OpenSSH_3.5p1 FreeBSD-20030917
+RELENG_4_7                   OpenSSH_3.4p1 FreeBSD-20030917
+RELENG_4_6                   OpenSSH_3.4p1 FreeBSD-20030917
+RELENG_4_5                   OpenSSH_2.9 FreeBSD localisations 20030917
+RELENG_4_4                   OpenSSH_2.3.0 FreeBSD localisations 20030917
+RELENG_4_3                   OpenSSH_2.3.0 green@FreeBSD.org 20030917
+- -------------------------------------------------------------------------
+
+To view the version string of the OpenSSH server, execute the
+following command:
+
+  % /usr/sbin/sshd -\?
+
+The version string is also displayed when a client connects to the
+server.
+
+To view the version string of the OpenSSH client, execute the
+following command:
+
+  % /usr/bin/ssh -V
+
+VII. References
+
+<URL:http://www.mindrot.org/pipermail/openssh-unix-announce/2003-September/000063.html>
+
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0693>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0695>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0682>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQE/aKuVFdaIBMps37IRAj/nAJ9x7UQj1Mp0vTAZBHnjGsp/9LQLlQCfVybJ
+AVHLwTVUmQXV9S2naBBX14I=
+=JhlR
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:13.sendmail.asc b/share/security/advisories/FreeBSD-SA-03:13.sendmail.asc
new file mode 100644
index 0000000000..447ed89770
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:13.sendmail.asc
@@ -0,0 +1,163 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:13.sendmail                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          a third sendmail header parsing buffer overflow
+
+Category:       contrib
+Module:         contrib_sendmail
+Announced:      2003-09-17
+Credits:        Michal Zalewski <lcamtuf@dione.ids.pl>
+                Todd C. Miller <Todd.Miller@courtesan.com>
+Affects:        All releases of FreeBSD
+                FreeBSD 4-STABLE prior to the correction date
+Corrected:      2003-09-17 15:18:20 UTC (RELENG_4, 4.9-PRERELEASE)
+                2003-09-17 20:19:00 UTC (RELENG_5_1, 5.1-RELEASE-p5)
+                2003-09-17 20:19:22 UTC (RELENG_5_0, 5.0-RELEASE-p14)
+                2003-09-17 20:19:52 UTC (RELENG_4_8, 4.8-RELEASE-p7)
+                2003-09-17 20:20:08 UTC (RELENG_4_7, 4.7-RELEASE-p17)
+                2003-09-17 20:20:31 UTC (RELENG_4_6, 4.6-RELEASE-p20)
+                2003-09-17 20:20:54 UTC (RELENG_4_5, 4.5-RELEASE-p32)
+                2003-09-17 20:21:15 UTC (RELENG_4_4, 4.4-RELEASE-p42)
+                2003-09-17 20:21:40 UTC (RELENG_4_3, 4.3-RELEASE-p38)
+                2003-09-17 20:22:03 UTC (RELENG_3)
+FreeBSD only:   NO
+
+I.   Background
+
+FreeBSD includes sendmail(8), a general purpose internetwork mail
+routing facility, as the default Mail Transfer Agent (MTA).
+
+II.  Problem Description
+
+A buffer overflow that may occur during header parsing was identified.
+
+NOTE WELL:  This issue is distinct from the issue described in
+`FreeBSD-SA-03:04.sendmail' and `FreeBSD-SA-03:07.sendmail', although
+the impact is very similar.
+
+III. Impact
+
+An attacker could create a specially crafted message that may cause
+sendmail to execute arbitrary code with the privileges of the user
+running sendmail, typically root.  The malicious message might be
+handled (and the vulnerability triggered) by the initial sendmail MTA,
+by any relaying sendmail MTA, or by the delivering sendmail process.
+
+IV.  Workaround
+
+Disable sendmail by executing the following commands as root:
+
+  # sh /etc/rc.sendmail stop
+  # chmod 0 /usr/libexec/sendmail/sendmail
+
+Be sure that sendmail is not restarted when the system is restarted
+by adding the following line to the end of /etc/rc.conf:
+
+  sendmail_enable="NO"
+  sendmail_submit_enable="NO"
+  sendmail_outbound_enable="NO"
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_1,
+RELENG_4_8, or RELENG_4_7 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 5.1, 4.8,
+and 4.7 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:13/sendmail.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libsm
+# make obj && make depend && make
+# cd /usr/src/lib/libsmutil
+# make obj && make depend && make
+# cd /usr/src/usr.sbin/sendmail
+# make obj && make depend && make && make install
+
+c) Restart sendmail.  Execute the following command as root.
+
+# /bin/sh /etc/rc.sendmail restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.2.6.14
+RELENG_5_1
+  src/UPDATING                                                  1.251.2.6
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.17.2.1
+  src/contrib/sendmail/src/version.c                         1.1.1.19.2.1
+  src/sys/conf/newvers.sh                                        1.50.2.7
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.20
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.14.2.3
+  src/contrib/sendmail/src/version.c                         1.1.1.16.2.2
+  src/sys/conf/newvers.sh                                       1.48.2.15
+RELENG_4_8
+  src/UPDATING                                              1.73.2.80.2.9
+  src/contrib/sendmail/src/parseaddr.c                   1.1.1.2.6.12.2.2
+  src/contrib/sendmail/src/version.c                     1.1.1.3.2.14.2.2
+  src/sys/conf/newvers.sh                                   1.44.2.29.2.8
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.20
+  src/contrib/sendmail/src/parseaddr.c                   1.1.1.2.6.10.2.3
+  src/contrib/sendmail/src/version.c                     1.1.1.3.2.12.2.2
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.19
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.48
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.8.2.3
+  src/contrib/sendmail/src/version.c                      1.1.1.3.2.9.2.2
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.37
+RELENG_4_5
+  src/UPDATING                                             1.73.2.50.2.49
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.6.4.3
+  src/contrib/sendmail/src/version.c                      1.1.1.3.2.7.4.2
+  src/sys/conf/newvers.sh                                  1.44.2.20.2.33
+RELENG_4_4
+  src/UPDATING                                             1.73.2.43.2.50
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.6.2.3
+  src/contrib/sendmail/src/version.c                      1.1.1.3.2.7.2.2
+  src/sys/conf/newvers.sh                                  1.44.2.17.2.41
+RELENG_4_3
+  src/UPDATING                                             1.73.2.28.2.37
+  src/contrib/sendmail/src/parseaddr.c                    1.1.1.2.6.4.2.3
+  src/contrib/sendmail/src/version.c                      1.1.1.3.2.4.2.2
+  src/sys/conf/newvers.sh                                  1.44.2.14.2.27
+RELENG_3
+  src/contrib/sendmail/src/parseaddr.c                        1.1.1.2.2.3
+  src/contrib/sendmail/src/version.c                          1.1.1.2.2.3
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL: http://lists.netsys.com/pipermail/full-disclosure/2003-September/010287.html >
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0694 >
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQE/aOHgFdaIBMps37IRAl09AKCVMKQCzC62EF7vZFnsZVoaGWpIMACfVGq0
+0df1GogdqBVYUXzNBdHrwYA=
+=4xqj
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:14.arp.asc b/share/security/advisories/FreeBSD-SA-03:14.arp.asc
new file mode 100644
index 0000000000..401b07d05f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:14.arp.asc
@@ -0,0 +1,172 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:14.arp                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          denial of service due to ARP resource starvation
+
+Category:       core
+Module:         sys
+Announced:      2003-09-25
+Credits:        Apple Product Security <product-security@apple.com>
+Affects:        All releases of FreeBSD
+                FreeBSD 4-STABLE prior to the correction date
+Corrected:      2003-09-24 21:48:00 UTC (RELENG_4, 4.9-PRERELEASE)
+                2003-09-25 13:33:01 UTC (RELENG_5_1, 5.1-RELEASE-p8)
+                2003-09-25 13:33:29 UTC (RELENG_5_0, 5.0-RELEASE-p16)
+                2003-09-25 13:34:14 UTC (RELENG_4_8, 4.8-RELEASE-p10)
+                2003-09-25 13:34:31 UTC (RELENG_4_7, 4.7-RELEASE-p20)
+                2003-09-25 13:34:52 UTC (RELENG_4_6, 4.6-RELEASE-p23)
+                2003-09-25 13:35:18 UTC (RELENG_4_5, 4.5-RELEASE-p34)
+                2003-09-25 13:35:33 UTC (RELENG_4_4, 4.4-RELEASE-p44)
+                2003-09-25 13:35:48 UTC (RELENG_4_3, 4.3-RELEASE-p40)
+CVE Name:       CAN-2003-0804
+FreeBSD only:   NO
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0  2003-09-23  Initial release.
+v1.1  2003-09-25  Initial patch was incorrect.
+
+I.   Background
+
+The Address Resolution Protocol (ARP) is fundamental to the operation
+of IP with a variety of network technologies, such as Ethernet and
+WLAN.  It is used to map IP addresses to MAC addresses, which enables
+hosts on a local network segment to communicate with each other
+directly.  These mappings are stored in the system's ARP cache.
+
+FreeBSD's ARP cache is implemented within the kernel routing table as
+a set of routes for the address family in use that have the LLINFO
+flag set.  This is most commonly often AF_INET (for IPv4).  Normally,
+when a FreeBSD system receives an ARP request for a network address
+configured on one of its interfaces from a system on a local network,
+it adds a reciprocal ARP entry to the cache for the system from where
+the request originated.  Expiry timers are used to purge unused
+entries from the ARP cache.  A reference count is maintained for each
+ARP entry.  If the reciprocal ARP entry is not in use by an upper
+layer protocol, the reference count will be zero.
+
+II.  Problem Description
+
+Under certain circumstances, it is possible for an attacker to flood a
+FreeBSD system with spoofed ARP requests, causing resource starvation
+which eventually results in a system panic.  (The critical condition
+is that a route exists for the apparent source of the ARP request.
+This is always the case if the system has a default route configured
+for that protocol family.)
+
+If a large number of ARP requests with different network protocol
+addresses are sent in a small space of time, resource starvation can
+result, as the arplookup() function does not delete unnecessary ARP
+entries cached as the result of responding to an ARP request.
+
+NOTE WELL: Other BSD-derived systems may also be affected, as the
+affected code dates well back to the CSRG branches.
+
+III. Impact
+
+An attacker on the local network may be able to cause the system to
+hang or crash.  The attacker must have physical access to the shared
+network medium.  In the case of a wireless network obtaining this
+access may be trivial.  Networks where proxy ARP is used to direct
+traffic between LANs may be particularly vulnerable to the attack,
+as the spoofed ARP requests could be bounced through to the target
+via routers implementing proxy ARP.
+
+Because the attack operates at Layer 2, the use of strong encryption
+technologies such as IPsec cannot protect a system against the attack.
+
+IV.  Workaround
+
+There is no known workaround at this time.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_1,
+RELENG_5_0, RELENG_4_8, or RELENG_4_7 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 5-CURRENT,
+4.9-PRERELEASE, and 4.8 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:14/arp.patch
+ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:14/arp.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Rebuild your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html>
+and reboot the system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/netinet/if_ether.c                                    1.64.2.26
+RELENG_5_1
+  src/UPDATING                                                 1.251.2.10
+  src/sys/conf/newvers.sh                                       1.50.2.10
+  src/sys/netinet/if_ether.c                                    1.104.2.2
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.22
+  src/sys/conf/newvers.sh                                       1.48.2.17
+  src/sys/netinet/if_ether.c                                     1.96.2.2
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.12
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.11
+  src/sys/netinet/if_ether.c                                1.64.2.22.2.2
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.23
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.22
+  src/sys/netinet/if_ether.c                                1.64.2.19.2.2
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.52
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.40
+  src/sys/netinet/if_ether.c                                1.64.2.18.2.2
+RELENG_4_5
+  src/UPDATING                                             1.73.2.50.2.51
+  src/sys/conf/newvers.sh                                  1.44.2.20.2.35
+  src/sys/netinet/if_ether.c                                1.64.2.15.2.2
+RELENG_4_4
+  src/UPDATING                                             1.73.2.43.2.52
+  src/sys/conf/newvers.sh                                  1.44.2.17.2.43
+  src/sys/netinet/if_ether.c                                1.64.2.11.2.2
+RELENG_4_3
+  src/UPDATING                                             1.73.2.28.2.39
+  src/sys/conf/newvers.sh                                  1.44.2.14.2.29
+  src/sys/netinet/if_ether.c                                1.64.2.10.2.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://docs.info.apple.com/article.html?artnum=61798>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFASR8CFdaIBMps37IRAtGVAJ48U580/BpCE2RQ+Ukc//rTiKmdvgCfY0xa
+DUu77Exj44DsCAJJSPfSHag=
+=nR5L
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:15.openssh.asc b/share/security/advisories/FreeBSD-SA-03:15.openssh.asc
new file mode 100644
index 0000000000..c7d96082b2
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:15.openssh.asc
@@ -0,0 +1,335 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:15.openssh                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSH PAM challenge/authentication error
+
+Category:       core
+Module:         openssh
+Announced:      2003-10-05
+Credits:        The OpenSSH Project <openssh@openssh.org>
+Affects:        FreeBSD releases 4.6.2-RELEASE and later
+                FreeBSD 4-STABLE prior to the correction date
+                openssh port prior to openssh-3.6.1_4
+                openssh-portable port prior to openssh-portable-3.6.1p2_5
+Corrected:      2003-09-24 21:06:28 UTC (RELENG_5_1, 5.1-RELEASE-p7)
+                2003-09-24 18:25:31 UTC (RELENG_4, 4.9-PRERELEASE)
+                2003-09-24 21:06:22 UTC (RELENG_4_8, 4.8-RELEASE-p9)
+                2003-09-24 21:06:15 UTC (RELENG_4_7, 4.7-RELEASE-p19)
+                2003-09-24 21:05:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p22)
+                2003-10-03 20:55:14 UTC (openssh-3.6.1_5)
+                2003-09-26 02:42:39 UTC (openssh-portable-3.6.1p2_5)
+FreeBSD only:   NO
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+OpenSSH is a free version of the SSH protocol suite of network
+connectivity tools.  OpenSSH encrypts all traffic (including
+passwords) to effectively eliminate eavesdropping, connection
+hijacking, and other network-level attacks.  Additionally, OpenSSH
+provides a myriad of secure tunneling capabilities, as well as a
+variety of authentication methods.
+
+The SSH protocol exists in two versions, hereafter named simply `ssh1'
+and `ssh2'.  The ssh1 protocol is a legacy protocol for which there
+exists no formal specification, while the ssh2 protocol is the product
+of the IETF SECSH working group and is defined by a series of IETF
+draft standards.
+
+The ssh2 protocol supports a wide range of authentication
+mechanisms, including a generic challenge / response mechanism, called
+`keyboard-interactive' or `kbdint', which can be adapted to serve any
+authentication scheme in which the server and client exchange a
+arbitrarily long series of challenges and responses.  In particular,
+this mechanism is used in OpenSSH to support PAM authentication.
+
+The ssh1 protocol, on the other hand, supports a much narrower range
+of authentication mechanisms.  Its challenge / response mechanisms,
+called `TIS', allows for only one challenge from the server and one
+response from the client.  OpenSSH contains interface code which
+allows kbdint authentication back-ends to be used for ssh1 TIS
+authentication, provided they only emit one challenge and expect only
+one response.
+
+Finally, recent versions of OpenSSH implement a mechanism called
+`privilege separation' in which the task of communicating with the
+client is delegated to an unprivileged child process, while the
+privileged parent process performs the actual authentication and
+double-checks every important decision taken by its unprivileged
+child.
+
+II.  Problem Description
+
+1) Insufficient checking in the ssh1 challenge / response interface
+   code, combined with a peculiarity of the PAM kbdint back-end,
+   causes OpenSSH to ignore a negative result from PAM (but not from
+   any other kbdint back-end).
+
+2) A variable used by the PAM conversation function to store
+   challenges and the associated client responses is incorrectly
+   interpreted as an array of pointers to structures instead of a
+   pointer to an array of structures.
+
+3) When challenge / response authentication is used with protocol
+   version 1, and a legitimate user interrupts challenge / response
+   authentication but successfully authenticates through some other
+   mechanism (such as password authentication), the server fails to
+   reclaim resources allocated by the challenge / response mechanism,
+   including the child process used for PAM authentication.  When a
+   certain number of leaked processes is reached, the master server
+   process will refuse subsequent client connections.
+
+III. Impact
+
+1) If privilege separation is disabled, no additional checks are
+   performed and an ssh1 client will be successfully authenticated
+   even if its response to PAM's challenge is patently wrong.  On the
+   other hand, if privilege separation is enabled (which it is by
+   default), the monitor process will notice the discrepancy, refuse
+   to proceed, and kill the faulty child process.
+
+2) If more than one challenge is issued in a single call to the PAM
+   conversation function, stack corruption will result.  The most
+   likely outcome will be a segmentation fault leading to termination
+   of the process, but there is a possibility that an attacker may
+   succeed in executing arbitrary code in a privileged process.
+
+   Note that none of the PAM modules provided in the FreeBSD base
+   system ever issue more than one challenge in a single call to the
+   conversation function; nor, to our knowledge, do any third-party
+   modules provided in the FreeBSD ports collection.
+
+3) Legitimate users may cause a denial-of-service condition in which
+   the SSH server refuses client connections until it is restarted.
+   Note that this vulnerability is not exploitable by attackers who do
+   not have a valid account on the target system.
+
+IV.  Workaround
+
+Do both of the following:
+
+1) Make sure that privilege separation is enabled.  This is the
+   default; look for `UsePrivilegeSeparation' in /etc/ssh/sshd_config
+   or /usr/local/etc/ssh/sshd_config as appropriate and make sure that
+   any occurrence of that keyword is commented out and/or followed by
+   the keyword `yes'.  The stock version of this file is safe to use.
+
+2) Make sure that the PAM configuration for OpenSSH does not reference
+   any modules which pass more than one challenge in a single call to
+   the conversation function.  In FreeBSD 4.x, the PAM configuration
+   for OpenSSH consists of the lines in /etc/pam.conf which begin with
+   `sshd'; in FreeBSD 5.x, it is located in /etc/pam.d/sshd.  The
+   stock versions of these files are safe to use.
+
+   The following PAM modules from the FreeBSD ports collection are
+   known to be safe with regard to problem 2) above:
+
+    - pam_mysql.so (security/pam-mysql)
+    - pam_pgsql.so (security/pam-pgsql)
+    - pam_alreadyloggedin.so (security/pam_alreadyloggedin)
+    - pam_ldap.so (security/pam_ldap)
+    - pam_pop3.so (security/pam_pop3)
+    - pam_pwdfile.so (security/pam_pwdfile)
+    - pam_smb.so (security/pam_smb)
+
+   pam_krb5.so from ports (security/pam_krb5) is known to use multiple
+   prompts with the conversation function if the user's password is
+   expired in order to change the user password.
+
+3) Disable challenge / response authentication, or disable protocol
+   version 1.
+
+   To disable challenge / response authentication, add the line:
+     ChallengeResponseAuthentication no
+   to sshd_config(5) and restart sshd.
+
+   To disable protocol version 1, add the line
+     Protocol 2
+   to sshd_config(5) and restart sshd.
+
+V.   Solution
+
+Do one of the following:
+
+[For OpenSSH included in the base system]
+
+The following patches have been verified to apply to FreeBSD 4.6, 4.7,
+4.8, and 5.1 systems prior to the correction date.
+
+Download the appropriate patch and detached PGP signature from the following
+locations, and verify the signature using your PGP utility.
+
+[FreeBSD 4.6]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh46.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh46.patch.asc
+
+[FreeBSD 4.7]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh47.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh47.patch.asc
+
+[FreeBSD 4.8]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch.asc
+
+[FreeBSD 5.1]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh48.patch.asc
+
+[FreeBSD 4.8-STABLE / 4.9-PRERELEASE / 4.9-RC]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh4s.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:15/openssh4s.patch.asc
+
+Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/sshd.patch
+# cd /usr/src/secure/usr.sbin/sshd
+# make obj && make depend && make all install
+
+Be sure to restart `sshd' after updating.
+
+# kill `cat /var/run/sshd.pid`
+# /usr/sbin/sshd
+
+or, in FreeBSD 5.x:
+
+# /etc/rc.d/sshd restart
+
+[For the OpenSSH ports]
+
+Do one of the following:
+
+1) Upgrade your entire ports collection and rebuild the OpenSSH port.
+
+2) Deinstall the old package and install a new package obtained from
+the following directory:
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/
+
+[other platforms]
+Packages are not automatically generated for other platforms at this
+time due to lack of build resources.
+
+3) Download a new port skeleton for the openssh or openssh-portable
+port from:
+
+http://www.freebsd.org/ports/
+
+and use it to rebuild the port.
+
+4) Use the portcheckout utility to automate option (3) above. The
+portcheckout port is available in /usr/ports/devel/portcheckout or the
+package can be obtained from:
+
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/Latest/portcheckout.tgz
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/Latest/portcheckout.tgz
+
+Be sure to restart `sshd' after updating.
+
+# kill `cat /var/run/sshd.pid`
+# test -x /usr/local/etc/rc.d/sshd.sh && sh /usr/local/etc/rc.d/sshd.sh start
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Path                                                             Revision
+  Branch
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/openssh/auth-chall.c                                 1.2.2.6
+  src/crypto/openssh/auth.h                                   1.1.1.1.2.7
+  src/crypto/openssh/auth1.c                                     1.3.2.10
+  src/crypto/openssh/auth2-pam-freebsd.c                          1.1.2.8
+  src/crypto/openssh/ssh_config                                   1.2.2.9
+  src/crypto/openssh/ssh_config.5                                 1.4.2.5
+  src/crypto/openssh/sshd_config                                 1.4.2.13
+  src/crypto/openssh/sshd_config.5                                1.5.2.6
+  src/crypto/openssh/version.h                               1.1.1.1.2.13
+RELENG_5_1
+  src/crypto/openssh/auth-chall.c                                 1.6.2.1
+  src/crypto/openssh/auth2-pam-freebsd.c                         1.11.2.1
+  src/crypto/openssh/ssh_config                                  1.21.2.1
+  src/crypto/openssh/ssh_config.5                                 1.9.2.1
+  src/crypto/openssh/sshd_config                                 1.32.2.1
+  src/crypto/openssh/sshd_config.5                               1.11.2.1
+  src/crypto/openssh/version.h                                   1.20.2.3
+RELENG_4_8
+  src/crypto/openssh/auth-chall.c                             1.2.2.4.2.2
+  src/crypto/openssh/auth.h                               1.1.1.1.2.6.2.1
+  src/crypto/openssh/auth1.c                                  1.3.2.9.2.1
+  src/crypto/openssh/auth2-pam-freebsd.c                      1.1.2.5.2.2
+  src/crypto/openssh/ssh_config                               1.2.2.8.2.1
+  src/crypto/openssh/ssh_config.5                             1.4.2.4.2.1
+  src/crypto/openssh/sshd_config                             1.4.2.12.2.1
+  src/crypto/openssh/version.h                           1.1.1.1.2.10.2.3
+RELENG_4_7
+  src/crypto/openssh/auth-chall.c                             1.2.2.3.2.1
+  src/crypto/openssh/auth.h                               1.1.1.1.2.5.2.1
+  src/crypto/openssh/auth1.c                                  1.3.2.8.2.1
+  src/crypto/openssh/auth2-pam-freebsd.c                      1.1.2.2.2.2
+  src/crypto/openssh/ssh_config                               1.2.2.6.2.1
+  src/crypto/openssh/sshd_config                             1.4.2.10.2.1
+  src/crypto/openssh/version.h                            1.1.1.1.2.9.2.3
+RELENG_4_6
+  src/crypto/openssh/auth-chall.c                             1.2.2.2.2.2
+  src/crypto/openssh/auth.h                               1.1.1.1.2.4.4.2
+  src/crypto/openssh/auth1.c                                  1.3.2.7.4.2
+  src/crypto/openssh/auth2-pam-freebsd.c                          1.2.2.4
+  src/crypto/openssh/ssh_config                               1.2.2.4.4.2
+  src/crypto/openssh/sshd_config                              1.4.2.8.2.2
+  src/crypto/openssh/version.h                            1.1.1.1.2.8.2.4
+[Ports]
+  ports/security/openssh/Makefile                                   1.125
+  ports/security/openssh/auth-pam.c                                   1.2
+  ports/security/openssh/auth-pam.h                                   1.2
+  ports/security/openssh/auth2-pam.c                                  1.2
+  ports/security/openssh/patch-auth-chall.c                           1.1
+  ports/security/openssh-portable/Makefile                           1.78
+  ports/security/openssh-portable/auth2-pam-freebsd.c                 1.5
+  ports/security/openssh-portable/patch-auth-chall.c                  1.1
+  ports/security/openssh-portable/patch-auth-pam.c                    1.1
+  ports/security/openssh-portable/patch-auth-pam.h                    1.1
+- -------------------------------------------------------------------------
+
+Branch                       Version string
+- -------------------------------------------------------------------------
+RELENG_4                     OpenSSH_3.5p1 FreeBSD-20030924
+RELENG_5_1                   OpenSSH_3.6.1p1 FreeBSD-20030924
+RELENG_4_8                   OpenSSH_3.5p1 FreeBSD-20030924
+RELENG_4_7                   OpenSSH_3.4p1 FreeBSD-20030924
+RELENG_4_6                   OpenSSH_3.4p1 FreeBSD-20030924
+- -------------------------------------------------------------------------
+
+To view the version string of the OpenSSH server, execute the
+following command:
+
+  % /usr/sbin/sshd -\?
+
+or for OpenSSH from the ports collection:
+
+  % /usr/local/sbin/sshd -\?
+
+The version string is also displayed when a client connects to the
+server.
+
+VII. References
+
+<URL:http://www.openssh.com/txt/sshpam.adv>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQE/gFCoFdaIBMps37IRApUWAJ9BZoW/uBY1Q0Phr3iQGBq8/I14dgCaAzvc
+7gHHrB5lxeBXWIB37CXpM5s=
+=DC+H
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:16.filedesc.asc b/share/security/advisories/FreeBSD-SA-03:16.filedesc.asc
new file mode 100644
index 0000000000..215c741975
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:16.filedesc.asc
@@ -0,0 +1,122 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:16.filedesc                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          file descriptor leak in readv
+
+Category:       core
+Module:         kernel
+Announced:      2003-10-02
+Credits:        Joost Pol <joost@pine.nl>
+Affects:        FreeBSD 4.3-RELEASE through 4.8-RELEASE
+                4-STABLE prior to the correction date
+Corrected:      2003-10-02 15:08:01 UTC (RELENG_4, 4.9-RC)
+                2003-10-02 15:54:48 UTC (RELENG_4_8, 4.8-RELEASE-p11)
+                2003-10-02 15:55:54 UTC (RELENG_4_7, 4.7-RELEASE-p21)
+                2003-10-02 15:56:56 UTC (RELENG_4_6, 4.6-RELEASE-p24)
+                2003-10-02 15:57:48 UTC (RELENG_4_5, 4.5-RELEASE-p35)
+                2003-10-02 15:58:53 UTC (RELENG_4_4, 4.4-RELEASE-p45)
+                2003-10-02 16:05:44 UTC (RELENG_4_3, 4.3-RELEASE-p41)
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The readv(2) system call performs a scatter read: it reads from the
+input file descriptor and stores the data into multiple buffers as
+instructed by the caller.
+
+II.  Problem Description
+
+A programming error in the readv system call can result in the given
+file descriptor's reference count being erroneously incremented.
+
+III. Impact
+
+A local attacker may cause the operating system to crash by repeatedly
+calling readv on a file descriptor until the reference count wraps to
+a negative value, and then calling close on that file descriptor.
+
+Similarly, it may be possible to cause a file descriptor to reference
+unallocated kernel memory, but remain valid.  If a new file is later
+opened and the kernel allocates the new file structure at the same
+memory location, then an attacker may be able to gain read or write
+access to that file.  This may in turn lead to privilege escalation.
+
+IV.  Workaround
+
+There is no workaround.
+
+V.   Solution
+
+The following patch has been verified to apply to FreeBSD 4.3, 4.4,
+4.5, 4.6, 4.7, and 4.8 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:16/filedesc.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:16/filedesc.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/kern/sys_generic.c                                    1.55.2.11
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.13
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.12
+  src/sys/kern/sys_generic.c                               1.55.2.10.12.1
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.24
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.23
+  src/sys/kern/sys_generic.c                               1.55.2.10.10.1
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.53
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.41
+  src/sys/kern/sys_generic.c                                1.55.2.10.8.1
+RELENG_4_5
+  src/UPDATING                                             1.73.2.50.2.52
+  src/sys/conf/newvers.sh                                  1.44.2.20.2.36
+  src/sys/kern/sys_generic.c                                1.55.2.10.6.1
+RELENG_4_4
+  src/UPDATING                                             1.73.2.43.2.53
+  src/sys/conf/newvers.sh                                  1.44.2.17.2.44
+  src/sys/kern/sys_generic.c                                1.55.2.10.4.1
+RELENG_4_3
+  src/UPDATING                                             1.73.2.28.2.40
+  src/sys/conf/newvers.sh                                  1.44.2.14.2.30
+  src/sys/kern/sys_generic.c                                1.55.2.10.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.pine.nl/press/pine-cert-20030901.txt>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQE/fGDRFdaIBMps37IRAnkpAKCFM8MrujjJN1tc4lZwii573usNvgCfdBeP
+APcFpW5FsH+sLkWczgjj6eE=
+=6zO7
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:17.procfs.asc b/share/security/advisories/FreeBSD-SA-03:17.procfs.asc
new file mode 100644
index 0000000000..11d749c57d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:17.procfs.asc
@@ -0,0 +1,221 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:17.procfs                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          kernel memory disclosure via procfs
+
+Category:       core
+Module:         sys
+Announced:      2003-10-03
+Credits:        Joost Pol <joost@pine.nl>
+Affects:        All FreeBSD releases
+Corrected:      2003-10-03 12:03:50 UTC (RELENG_4, 4.9-RC)
+                2003-10-03 13:02:17 UTC (RELENG_5_1, 5.1-RELEASE-p9)
+                2003-10-03 16:57:38 UTC (RELENG_5_0, 5.0-RELEASE-p17)
+                2003-10-03 13:03:44 UTC (RELENG_4_8, 4.8-RELEASE-p12)
+                2003-10-03 13:04:19 UTC (RELENG_4_7, 4.7-RELEASE-p22)
+                2003-10-03 13:05:05 UTC (RELENG_4_6, 4.6-RELEASE-p25)
+                2003-10-03 13:05:44 UTC (RELENG_4_5, 4.5-RELEASE-p36)
+                2003-10-03 13:06:32 UTC (RELENG_4_4, 4.4-RELEASE-p46)
+                2003-10-03 13:07:37 UTC (RELENG_4_3, 4.3-RELEASE-p42)
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The process file system, procfs(5), implements a view of the system
+process table inside the file system.  It is normally mounted on
+/proc, and is required for the complete operation of programs such as
+ps(1) and w(1).
+
+The Linux process file system, linprocfs(5), emulates a subset of
+Linux's process file system and is required for the complete operation
+of some Linux binaries.
+
+II.  Problem Description
+
+The procfs and linprocfs implementations use uiomove(9) and the
+related `struct uio' in order to fulfill read and write requests.
+Several cases were identified where members of `struct uio' were not
+properly validated before being used.  In particular, the `uio_offset'
+member may be negative or extremely large, and was used to compute the
+region of kernel memory to be returned to the user.
+
+III. Impact
+
+A malicious local user could arrange to use a negative or extremely
+large offset when reading from a procfs ``file'', causing a system
+crash, or causing the kernel to return a large portion of kernel
+memory.  Such memory might contain sensitive information, such as
+portions of the file cache or terminal buffers.  This information
+might be directly useful, or it might be leveraged to obtain elevated
+privileges in some way.  For example, a terminal buffer might include
+a user-entered password.
+
+IV.  Workaround
+
+Unmount the procfs and linprocfs filesystems if they are mounted.
+Execute the following command as root:
+
+  umount -a -t procfs,linprocfs
+
+Also, remove or comment out any lines in fstab(5) that reference
+`procfs' or `linprocfs', so that they will not be re-mounted at next
+reboot.
+
+V.   Solution
+
+1) Upgrade your vulnerable system to 4-STABLE, or to the
+RELENG_5_1, RELENG_4_8, or RELENG_4_7 security branch dated
+after the correction date.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.3]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs43.patch.asc
+
+[FreeBSD 4.4 and later 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs4x.patch.asc
+
+[FreeBSD 5.0]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs50.patch.asc
+
+[FreeBSD 5.1]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:17/procfs51.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html>
+and reboot the system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/i386/linux/linprocfs/linprocfs_misc.c                   1.3.2.9
+  src/sys/kern/kern_subr.c                                       1.31.2.3
+  src/sys/miscfs/procfs/procfs_dbregs.c                           1.4.2.4
+  src/sys/miscfs/procfs/procfs_fpregs.c                          1.11.2.4
+  src/sys/miscfs/procfs/procfs_regs.c                            1.10.2.4
+  src/sys/miscfs/procfs/procfs_rlimit.c                           1.5.2.1
+  src/sys/miscfs/procfs/procfs_status.c                          1.20.2.5
+  src/sys/sys/uio.h                                              1.11.2.2
+RELENG_5_1
+  src/UPDATING                                                 1.251.2.11
+  src/sys/conf/newvers.sh                                       1.50.2.11
+  src/sys/fs/procfs/procfs_dbregs.c                              1.22.2.1
+  src/sys/fs/procfs/procfs_fpregs.c                              1.28.2.1
+  src/sys/fs/procfs/procfs_regs.c                                1.27.2.1
+  src/sys/fs/pseudofs/pseudofs_vnops.c                           1.35.2.1
+  src/sys/kern/kern_subr.c                                       1.74.2.1
+  src/sys/sys/uio.h                                              1.27.2.1
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.23
+  src/sys/conf/newvers.sh                                       1.48.2.18
+  src/sys/fs/procfs/procfs_dbregs.c                              1.21.2.1
+  src/sys/fs/procfs/procfs_fpregs.c                              1.27.2.1
+  src/sys/fs/procfs/procfs_regs.c                                1.26.2.1
+  src/sys/fs/pseudofs/pseudofs_vnops.c                           1.32.2.1
+  src/sys/kern/kern_subr.c                                       1.63.2.2
+  src/sys/sys/uio.h                                              1.23.2.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.14
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.13
+  src/sys/i386/linux/linprocfs/linprocfs_misc.c              1.3.2.8.10.1
+  src/sys/kern/kern_subr.c                                   1.31.2.2.6.1
+  src/sys/miscfs/procfs/procfs_dbregs.c                       1.4.2.3.8.1
+  src/sys/miscfs/procfs/procfs_fpregs.c                      1.11.2.3.8.1
+  src/sys/miscfs/procfs/procfs_regs.c                        1.10.2.3.8.1
+  src/sys/miscfs/procfs/procfs_rlimit.c                          1.5.14.1
+  src/sys/miscfs/procfs/procfs_status.c                      1.20.2.4.8.1
+  src/sys/sys/uio.h                                          1.11.2.1.8.1
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.25
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.24
+  src/sys/i386/linux/linprocfs/linprocfs_misc.c               1.3.2.8.8.1
+  src/sys/kern/kern_subr.c                                   1.31.2.2.4.1
+  src/sys/miscfs/procfs/procfs_dbregs.c                       1.4.2.3.6.1
+  src/sys/miscfs/procfs/procfs_fpregs.c                      1.11.2.3.6.1
+  src/sys/miscfs/procfs/procfs_regs.c                        1.10.2.3.6.1
+  src/sys/miscfs/procfs/procfs_rlimit.c                          1.5.12.1
+  src/sys/miscfs/procfs/procfs_status.c                      1.20.2.4.6.1
+  src/sys/sys/uio.h                                          1.11.2.1.6.1
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.54
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.42
+  src/sys/i386/linux/linprocfs/linprocfs_misc.c               1.3.2.8.6.1
+  src/sys/kern/kern_subr.c                                   1.31.2.2.2.1
+  src/sys/miscfs/procfs/procfs_dbregs.c                       1.4.2.3.4.1
+  src/sys/miscfs/procfs/procfs_fpregs.c                      1.11.2.3.4.1
+  src/sys/miscfs/procfs/procfs_regs.c                        1.10.2.3.4.1
+  src/sys/miscfs/procfs/procfs_rlimit.c                          1.5.10.1
+  src/sys/miscfs/procfs/procfs_status.c                      1.20.2.4.4.1
+  src/sys/sys/uio.h                                          1.11.2.1.4.1
+RELENG_4_5
+  src/UPDATING                                             1.73.2.50.2.53
+  src/sys/conf/newvers.sh                                  1.44.2.20.2.37
+  src/sys/i386/linux/linprocfs/linprocfs_misc.c               1.3.2.8.4.1
+  src/sys/kern/kern_subr.c                                   1.31.2.1.2.1
+  src/sys/miscfs/procfs/procfs_dbregs.c                       1.4.2.3.2.1
+  src/sys/miscfs/procfs/procfs_fpregs.c                      1.11.2.3.2.1
+  src/sys/miscfs/procfs/procfs_regs.c                        1.10.2.3.2.1
+  src/sys/miscfs/procfs/procfs_rlimit.c                           1.5.8.1
+  src/sys/miscfs/procfs/procfs_status.c                      1.20.2.4.2.1
+  src/sys/sys/uio.h                                          1.11.2.1.2.1
+RELENG_4_4
+  src/UPDATING                                             1.73.2.43.2.54
+  src/sys/conf/newvers.sh                                  1.44.2.17.2.45
+  src/sys/i386/linux/linprocfs/linprocfs_misc.c               1.3.2.8.2.1
+  src/sys/kern/kern_subr.c                                       1.31.6.1
+  src/sys/miscfs/procfs/procfs_dbregs.c                       1.4.2.2.2.2
+  src/sys/miscfs/procfs/procfs_fpregs.c                      1.11.2.2.2.2
+  src/sys/miscfs/procfs/procfs_regs.c                        1.10.2.2.2.2
+  src/sys/miscfs/procfs/procfs_rlimit.c                           1.5.6.1
+  src/sys/miscfs/procfs/procfs_status.c                      1.20.2.3.4.2
+  src/sys/sys/uio.h                                              1.11.6.1
+RELENG_4_3
+  src/UPDATING                                             1.73.2.28.2.41
+  src/sys/conf/newvers.sh                                  1.44.2.14.2.31
+  src/sys/i386/linux/linprocfs/linprocfs_misc.c               1.3.2.5.2.1
+  src/sys/kern/kern_subr.c                                       1.31.4.1
+  src/sys/miscfs/procfs/procfs_dbregs.c                       1.4.2.1.2.2
+  src/sys/miscfs/procfs/procfs_fpregs.c                      1.11.2.1.2.2
+  src/sys/miscfs/procfs/procfs_regs.c                        1.10.2.1.2.2
+  src/sys/miscfs/procfs/procfs_rlimit.c                           1.5.4.1
+  src/sys/miscfs/procfs/procfs_status.c                      1.20.2.3.2.2
+  src/sys/sys/uio.h                                              1.11.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.pine.nl/press/pine-cert-20030902.txt>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQE/fa1iFdaIBMps37IRAphTAJ9TRQEq6siz4yCRJhASpXds5tA9DwCfYUmi
+n+9SLOWPfqDZuOxwO+WwsxI=
+=AyWS
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:18.openssl.asc b/share/security/advisories/FreeBSD-SA-03:18.openssl.asc
new file mode 100644
index 0000000000..be4693f51c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:18.openssl.asc
@@ -0,0 +1,178 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:18.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSL vulnerabilities in ASN.1 parsing
+
+Category:       crypto
+Module:         openssl
+Announced:      2003-10-03
+Credits:        NISCC <URL:http://www.niscc.gov.uk>
+                Dr. Stephen Henson <steve@openssl.org>
+Affects:        FreeBSD versions 4.0-RELEASE through 4.8-RELEASE,
+                5.0-RELEASE, and 5.1-RELEASE
+                4-STABLE prior to the correction date
+Corrected:      2003-10-03 01:32:13 UTC (RELENG_4, 4.9-RC)
+                2003-10-03 18:13:19 UTC (RELENG_5_1, 5.1-RELEASE-p10)
+                2003-10-03 20:22:27 UTC (RELENG_5_0, 5.0-RELEASE-p18)
+                2003-10-03 18:14:26 UTC (RELENG_4_8, 4.8-RELEASE-p13)
+                2003-10-03 20:24:31 UTC (RELENG_4_7, 4.7-RELEASE-p23)
+                2003-10-03 20:24:59 UTC (RELENG_4_6, 4.6.2-RELEASE-p26)
+FreeBSD only:   NO
+
+I.  Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL
+Project is a collaborative effort to develop a robust, commercial-
+grade, full-featured, and Open Source toolkit implementing the Secure
+Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography
+library.
+
+II.  Problem Description
+
+This advisory addresses four separate flaws recently fixed in OpenSSL.
+The flaws are described in the following excerpt from the OpenSSL.org
+advisory (see references):
+
+  1. Certain ASN.1 encodings that are rejected as invalid by the
+  parser can trigger a bug in the deallocation of the corresponding
+  data structure, corrupting the stack. This can be used as a denial
+  of service attack. It is currently unknown whether this can be
+  exploited to run malicious code. This issue does not affect OpenSSL
+  0.9.6.
+
+  2. Unusual ASN.1 tag values can cause an out of bounds read
+  under certain circumstances, resulting in a denial of service
+  vulnerability.
+
+  3. A malformed public key in a certificate will crash the verify
+  code if it is set to ignore public key decoding errors. Public
+  key decode errors are not normally ignored, except for
+  debugging purposes, so this is unlikely to affect production
+  code. Exploitation of an affected application would result in a
+  denial of service vulnerability.
+
+  4. Due to an error in the SSL/TLS protocol handling, a server
+  will parse a client certificate when one is not specifically
+  requested. This by itself is not strictly speaking a vulnerability
+  but it does mean that *all* SSL/TLS servers that use OpenSSL can be
+  attacked using vulnerabilities 1, 2 and 3 even if they don't enable
+  client authentication.
+
+III.  Impact
+
+A remote attacker may create a malicious ASN.1 encoded message that
+will cause an OpenSSL-using application to crash, or even perhaps
+execute arbitrary code with the privileges of the application.
+
+Only applications that use OpenSSL's ASN.1 or X.509 handling code
+are affected.  Applications that use other portions of OpenSSL
+are unaffected (e.g. Apache+mod_ssl is affected, while OpenSSH is
+unaffected).
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_1,
+RELENG_4_8, or RELENG_4_7 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.6, 4.7,
+4.8, 5.0, and 5.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.6, 4.7, 5.0 -- be sure you have previously applied the
+ patches for advisories FreeBSD-SA-03:02 and FreeBSD-SA-03:06 before
+ applying this patch.]
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl96.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl96.patch.asc
+
+[FreeBSD 4.8, 5.1]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl97.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:18/openssl97.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >.
+
+Note that any statically linked applications that are not part of the
+base system (i.e. from the Ports Collection or other 3rd-party sources)
+must be recompiled.
+
+All affected applications must be restarted for them to use the
+corrected library.  Though not required, rebooting may be the easiest
+way to accomplish this.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5_1
+  src/UPDATING                                                 1.251.2.12
+  src/crypto/openssl/crypto/asn1/asn1_lib.c                   1.1.1.8.2.1
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                   1.1.1.1.4.1
+  src/crypto/openssl/crypto/x509/x509_vfy.c                   1.1.1.5.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.11.2.1
+  src/sys/conf/newvers.sh                                       1.50.2.12
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.24
+  src/crypto/openssl/crypto/asn1/asn1_lib.c                   1.1.1.7.2.1
+  src/crypto/openssl/crypto/x509/x509_vfy.c                   1.1.1.4.2.2
+  src/crypto/openssl/ssl/s3_srvr.c                            1.1.1.9.2.3
+  src/sys/conf/newvers.sh                                       1.48.2.19
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.15
+  src/crypto/openssl/crypto/asn1/asn1_lib.c               1.1.1.1.2.7.2.1
+  src/crypto/openssl/crypto/asn1/tasn_dec.c               1.1.1.1.2.1.2.1
+  src/crypto/openssl/crypto/x509/x509_vfy.c               1.1.1.1.2.4.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.7.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.14
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.26
+  src/crypto/openssl/crypto/asn1/asn1_lib.c               1.1.1.1.2.6.2.1
+  src/crypto/openssl/crypto/x509/x509_vfy.c               1.1.1.1.2.3.2.2
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.5.2.3
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.25
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.55
+  src/crypto/openssl/crypto/asn1/asn1_lib.c               1.1.1.1.2.3.6.4
+  src/crypto/openssl/crypto/x509/x509_vfy.c               1.1.1.1.2.2.8.3
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.3.6.4
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.43
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL: http://www.openssl.org/news/secadv_20030930.txt >
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0545 >
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543 >
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544 >
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD4DBQE/fe+bFdaIBMps37IRAmp8AKCDqpNf+MCJ6K1eFyWPul/cnjSzTgCY8hd6
+IIOxA/5Hl4quuh64va5/5A==
+=1DI+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-03:19.bind.asc b/share/security/advisories/FreeBSD-SA-03:19.bind.asc
new file mode 100644
index 0000000000..a224aa1183
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-03:19.bind.asc
@@ -0,0 +1,176 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-03:19.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          bind8 negative cache poison attack
+
+Category:       contrib
+Module:         contrib_bind
+Announced:      2003-11-28
+Credits:        Internet Software Consortium
+Affects:        FreeBSD versions through 4.9-RELEASE and 5.1-RELEASE
+                4-STABLE prior to the correction date
+Corrected:      2003-11-28 22:13:47 UTC (RELENG_4, 4.9-STABLE)
+                2003-11-27 00:54:53 UTC (RELENG_5_1, 5.1-RELEASE-p11)
+                2003-11-27 16:54:01 UTC (RELENG_5_0, 5.0-RELEASE-p19)
+                2003-11-27 00:56:06 UTC (RELENG_4_9, 4.9-RELEASE-p1)
+                2003-11-27 16:34:22 UTC (RELENG_4_8, 4.8-RELEASE-p14)
+                2003-11-27 16:35:06 UTC (RELENG_4_7, 4.7-RELEASE-p24)
+                2003-11-27 16:37:00 UTC (RELENG_4_6, 4.6.2-RELEASE-p27)
+                2003-11-27 16:38:36 UTC (RELENG_4_5, 4.5-RELEASE-p37)
+                2003-11-27 16:40:03 UTC (RELENG_4_4, 4.4-RELEASE-p47)
+CVE Name:       CAN-2003-0914
+FreeBSD only:   NO
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+BIND 8 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is the Internet domain name server.
+
+II.  Problem Description
+
+A programming error in BIND 8 named can result in a DNS message being
+incorrectly cached as a negative response.
+
+III. Impact
+
+An attacker may arrange for malicious DNS messages to be delivered
+to a target name server, and cause that name server to cache a
+negative response for some target domain name.  The name server would
+thereafter respond negatively to legitimate queries for that domain
+name, resulting in a denial-of-service for applications that require
+DNS.  Almost all Internet applications require DNS, such as the Web,
+email, and chat networks.
+
+IV.  Workaround
+
+No workaround is known.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.9-STABLE; or to the RELENG_5_1,
+RELENG_4_9, RELENG_4_8, or RELENG_4_7 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.9 and -STABLE systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-836.patch.asc
+
+[FreeBSD 4.8 and 5.1 systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-834.patch.asc
+
+[FreeBSD 4.4, 4.5, 4.6, 4.7, and 5.0 systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-03:19/bind-833.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libbind
+# make obj && make depend && make
+# cd /usr/src/lib/libisc
+# make obj && make depend && make
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+# cd /usr/src/libexec/named-xfer
+# make obj && make depend && make && make install
+
+After upgrading or patching your system, you must restart named.
+Execute the following command as root:
+
+# ndc restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/bind/CHANGES                                   1.1.1.7.2.11
+  src/contrib/bind/README                                     1.1.1.7.2.9
+  src/contrib/bind/Version                                   1.1.1.3.2.10
+  src/contrib/bind/bin/named-xfer/named-xfer.c                    1.3.2.8
+  src/contrib/bind/bin/named/Makefile                             1.3.2.6
+  src/contrib/bind/bin/named/ns_init.c                        1.1.1.2.2.6
+  src/contrib/bind/bin/named/ns_resp.c                       1.1.1.2.2.11
+  src/contrib/bind/bin/nslookup/commands.l                        1.4.2.5
+  src/contrib/bind/bin/nslookup/debug.c                           1.3.2.6
+  src/contrib/bind/bin/nslookup/getinfo.c                         1.3.2.9
+  src/contrib/bind/bin/nslookup/main.c                            1.3.2.7
+  src/contrib/bind/doc/man/dig.1                                  1.3.2.4
+  src/contrib/bind/doc/man/host.1                                 1.3.2.5
+  src/contrib/bind/doc/man/nslookup.8                             1.2.2.5
+  src/contrib/bind/port/freebsd/include/port_after.h              1.6.2.9
+  src/contrib/bind/port/freebsd/include/port_before.h         1.1.1.2.2.6
+RELENG_5_1
+  src/UPDATING                                                 1.251.2.13
+  src/sys/conf/newvers.sh                                       1.50.2.13
+  src/contrib/bind/Version                                   1.1.1.11.2.1
+  src/contrib/bind/bin/named/ns_resp.c                       1.1.1.11.2.1
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.25
+  src/sys/conf/newvers.sh                                       1.48.2.20
+  src/contrib/bind/Version                                   1.1.1.10.2.1
+  src/contrib/bind/bin/named/ns_resp.c                       1.1.1.10.2.1
+RELENG_4_9
+  src/UPDATING                                              1.73.2.89.2.2
+  src/sys/conf/newvers.sh                                   1.44.2.32.2.2
+  src/contrib/bind/Version                                1.1.1.3.2.9.2.1
+  src/contrib/bind/bin/named/ns_resp.c                   1.1.1.2.2.10.2.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.16
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.15
+  src/contrib/bind/Version                                1.1.1.3.2.8.2.1
+  src/contrib/bind/bin/named/ns_resp.c                    1.1.1.2.2.9.2.1
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.27
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.26
+  src/contrib/bind/Version                                1.1.1.3.2.7.2.1
+  src/contrib/bind/bin/named/ns_resp.c                    1.1.1.2.2.7.2.2
+RELENG_4_6
+  src/UPDATING                                             1.73.2.68.2.56
+  src/sys/conf/newvers.sh                                  1.44.2.23.2.44
+  src/contrib/bind/Version                                1.1.1.3.2.6.2.2
+  src/contrib/bind/bin/named/ns_resp.c                    1.1.1.2.2.6.2.3
+RELENG_4_5
+  src/UPDATING                                             1.73.2.50.2.54
+  src/sys/conf/newvers.sh                                  1.44.2.20.2.38
+  src/contrib/bind/Version                                1.1.1.3.2.4.4.2
+  src/contrib/bind/bin/named/ns_resp.c                    1.1.1.2.2.4.4.3
+RELENG_4_4
+  src/UPDATING                                             1.73.2.43.2.55
+  src/sys/conf/newvers.sh                                  1.44.2.17.2.46
+  src/contrib/bind/Version                                1.1.1.3.2.4.2.2
+  src/contrib/bind/bin/named/ns_resp.c                    1.1.1.2.2.4.2.3
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.kb.cert.org/vuls/id/734644>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQE/x8/PFdaIBMps37IRAsl8AJ9zgqn4QmO08d9zj9de8/uGKIQBNgCfeHKC
+tM9nSOzoCrM+O+TpNn6ewt4=
+=PJi2
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc b/share/security/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc
new file mode 100644
index 0000000000..a7777500cb
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc
@@ -0,0 +1,135 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:01.mksnap_ffs                                 Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          mksnap_ffs clears file system options
+
+Category:       core
+Module:         mksnap_ffs
+Announced:      2004-01-30
+Credits:        Kimura Fuyuki <fuyuki@nigredo.org>
+                Wiktor Niesiobedzki <bsd@w.evip.pl>
+Affects:        FreeBSD 5.1-RELEASE
+                FreeBSD 5.2-RELEASE
+Corrected:      2004-01-27 19:33:16 UTC (RELENG_5_1, 5.1-RELEASE-p12)
+                2004-01-29 22:54:31 UTC (RELENG_5_2, 5.2-RELEASE-p1)
+CVE Name:       CAN-2004-0099
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+Mounted filesystems can have a variety of flags set on them.  Some
+flags affect performance and reliability, while others enable or
+disable particular security-related features such as the ability to
+execute a binary stored on the filesystem or the use of access control
+lists to complement normal Unix file permissions.
+
+The mksnap_ffs(8) command creates a `snapshot' of a filesystem.  A
+`snapshot' is a static representation of the state of the filesystem
+at a particular point in time.  Snapshots have a variety of uses,
+but their primary purpose is to make it possible to run fsck(8) and
+dump(8) on live filesystems.
+
+II.  Problem Description
+
+The kernel interface for creating a snapshot of a filesystem is the
+same as that for changing the flags on that filesystem.  Due to an
+oversight, the mksnap_ffs(8) command called that interface with only
+the snapshot flag set, causing all other flags to be reset to the
+default value.
+
+III. Impact
+
+A regularly scheduled backup of a live filesystem, or any other
+process that uses the mksnap_ffs(8) command (for instance, to provide
+a rough undelete functionality on a file server), will clear any flags
+in effect on the filesystem being snapshot.  Possible consequences
+depend on local usage, but can include disabling extended access
+control lists or enabling the use of setuid executables stored on an
+untrusted filesystem.
+
+The mksnap_ffs(8) command is normally only available to the superuser
+and members of the `operator' group.  There is therefore no risk
+of a user gaining elevated privileges directly through use of the
+mksnap_ffs(8) command unless it has been intentionally made available
+to unprivileged users.
+
+IV.  Workaround
+
+Do not use the mksnap_ffs(8) command, nor the -L option of the dump(8)
+command.
+
+It is recommended that you delete the mksnap_ffs(8) command from your
+system to prevent accidental use:
+
+# rm /sbin/mksnap_ffs
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to the RELENG_5_1 or RELENG_5_2
+security branch dated after the correction date.
+
+NOTE WELL: Due to release engineering in progress at the time of this
+           writing, the RELENG_5_2 security branch (5.2-RELEASE-p1)
+           also includes numerous other critical bug fixes, most of
+           which are not security related.  Please read src/UPDATING
+           for details on these changes.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 5.1 systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:01/mksnap_ffs_5_1.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:01/mksnap_ffs_5_1.patch.asc
+
+[FreeBSD 5.2 systems]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:01/mksnap_ffs_5_2.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:01/mksnap_ffs_5_2.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/sbin/mksnap_ffs
+# make obj && make depend && make && make install
+
+You are strongly encouraged to verify that all your filesystems have
+the correct flags set.  The mount(8) command can list currently mounted
+filesystems and flags.  Run the following command as root:
+
+# mount
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5_1
+  src/sbin/mksnap_ffs/mksnap_ffs.c                                1.2.2.1
+  src/sys/conf/newvers.sh                                       1.50.2.14
+RELENG_5_2
+  src/sbin/mksnap_ffs/mksnap_ffs.c                                1.5.2.1
+  src/sys/conf/newvers.sh                                        1.56.2.3
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAGn6pFdaIBMps37IRApSKAJ9XfweoblldFos1o7QlaDRVVIdFCACePueA
+1jXllY/GB8cAeEQ8oaYYPTU=
+=6qi5
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:02.shmat.asc b/share/security/advisories/FreeBSD-SA-04:02.shmat.asc
new file mode 100644
index 0000000000..c05a75d9f3
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:02.shmat.asc
@@ -0,0 +1,166 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:02.shmat                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          shmat reference counting bug
+
+Category:       core
+Module:         kernel
+Announced:      2004-02-05
+Credits:        Joost Pol <joost@pine.nl>
+Affects:        All FreeBSD releases
+Corrected:      2004-02-04 18:00:40 UTC (RELENG_4)
+                2004-02-04 18:00:47 UTC (RELENG_5_2, 5.2-RELEASE-p2)
+                2004-02-04 18:00:55 UTC (RELENG_5_1, 5.1-RELEASE-p14)
+                2004-02-04 18:01:03 UTC (RELENG_5_0, 5.0-RELEASE-p20)
+                2004-02-04 18:01:10 UTC (RELENG_4_9, 4.9-RELEASE-p2)
+                2004-02-04 18:01:18 UTC (RELENG_4_8, 4.8-RELEASE-p15)
+                2004-02-04 18:01:25 UTC (RELENG_4_7, 4.7-RELEASE-p25)
+CVE Name:       CAN-2004-0114
+FreeBSD only:   NO
+
+I.   Background
+
+The System V Shared Memory interface provides primitives for sharing
+memory segments between separate processes.  FreeBSD supports this
+interface when the kernel is built with SYSVSHM option, or the sysvshm
+module is loaded.  By default, the FreeBSD kernel is built with the
+SYSVSHM option.
+
+The shmat(2) system call, which is part of the System V Shared Memory
+interface, is used to attach a shared memory segment to the calling
+process's address space.
+
+II.  Problem Description
+
+A programming error in the shmat(2) system call can result in a shared
+memory segment's reference count being erroneously incremented.
+
+III. Impact
+
+It may be possible to cause a shared memory segment to reference
+unallocated kernel memory, but remain valid.  This could allow a local
+attacker to gain read or write access to a portion of kernel memory,
+resulting in sensitive information disclosure, bypass of access
+control mechanisms, or privilege escalation.
+
+IV.  Workaround
+
+NOTE: These workarounds could cause applications that use shared
+memory, such as the X Window System, to exhibit erratic behavior or to
+fail completely.
+
+Do one of the following:
+
+1) Disable the System V Shared Memory interface entirely by following
+these steps:
+
+   - Remove or comment out any lines mentioning `SYSVSHM' from your
+     kernel configuration file, and recompile your kernel as described
+     in <URL:http://www.freebsd.org/handbook/kernelconfig.html>.
+
+   - Remove or comment out any lines mentioning `sysvshm' from
+     /boot/loader.conf and /etc/rc.conf.
+
+   - On FreeBSD 5.x systems only , System V Shared Memory support may
+     be provided as a kld(4).  To be absolutely safe, remove any files
+     named `sysvshm.ko' in /modules, /boot, and any subdirectories.
+
+   - Finally, reboot your system.
+
+OR
+
+2) Configure the System V Shared Memory parameters so that no new
+shared memory segments may be created, terminate all processes using
+shared memory, and delete all existing shared memory segments.  Run
+the following commands as root:
+
+   # sysctl -w kern.ipc.shmmax=0
+   # echo 'kern.ipc.shmmax=0' >> /etc/sysctl.conf
+   # ipcs | awk '/^m/ { print $2 }' | xargs -n 1 ipcrm -m
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2,
+RELENG_5_1, RELENG_4_9, or RELENG_4_8 security branch dated after the
+correction date.
+
+NOTE WELL: Due to release engineering in progress at the time of this
+           writing, the RELENG_5_2 security branch (5.2-RELEASE-p2)
+           also includes numerous other critical bug fixes, most of
+           which are not security related.  Please read src/UPDATING
+           for details on these changes.
+
+OR
+
+2) Patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.x and 5.x
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:02/shmat.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:02/shmat.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/kern/sysv_shm.c                                        1.45.2.8
+RELENG_5_2
+  src/UPDATING                                                  1.282.2.5
+  src/sys/conf/newvers.sh                                        1.56.2.5
+  src/sys/kern/sysv_shm.c                                        1.89.2.1
+RELENG_5_1
+  src/UPDATING                                                 1.251.2.15
+  src/sys/conf/newvers.sh                                       1.50.2.15
+  src/sys/kern/sysv_shm.c                                        1.83.2.1
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.26
+  src/sys/conf/newvers.sh                                       1.48.2.21
+  src/sys/kern/sysv_shm.c                                        1.74.2.1
+RELENG_4_9
+  src/UPDATING                                              1.73.2.89.2.3
+  src/sys/conf/newvers.sh                                   1.44.2.32.2.3
+  src/sys/kern/sysv_shm.c                                    1.45.2.6.4.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.18
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.16
+  src/sys/kern/sysv_shm.c                                    1.45.2.6.2.1
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.29
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.27
+  src/sys/kern/sysv_shm.c                                    1.45.2.5.6.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.pine.nl/press/pine-cert-20040201.txt>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAIpysFdaIBMps37IRAhx0AJ4zEQlvLeN+GfSA6jsudJNF/9zMOwCbBTwh
+iBh78EKtn3hLcD6Qn4Lr7jY=
+=+NrA
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:03.jail.asc b/share/security/advisories/FreeBSD-SA-04:03.jail.asc
new file mode 100644
index 0000000000..7f3860d062
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:03.jail.asc
@@ -0,0 +1,111 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:03.jail                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Jailed processes can attach to other jails
+
+Category:       core
+Module:         kernel
+Announced:      2004-02-25
+Credits:        JAS Group (http://www.cs.mu.oz.au/jas/)
+Affects:        FreeBSD 5.1-RELEASE
+                FreeBSD 5.2-RELEASE
+Corrected:      2004-02-19 23:26:39 UTC (RELENG_5_2, 5.2.1-RC2)
+                2004-02-25 20:03:35 UTC (RELENG_5_1, 5.1-RELEASE-p14)
+CVE Name:       CAN-2004-0126
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The jail(2) system call allows a system administrator to lock up a
+process and all its descendants inside a closed environment with very
+limited ability to affect the system outside that environment, even
+for processes with superuser privileges.  It is an extension of, but
+far more stringent than, the traditional Unix chroot(2) system call.
+
+The jail_attach(2) system call, which was introduced in FreeBSD 5
+before 5.1-RELEASE, allows a non-jailed process to permanently move
+into an existing jail.
+
+II.  Problem Description
+
+A programming error has been found in the jail_attach(2) system call
+which affects the way that system call verifies the privilege
+level of the calling process.  Instead of failing immediately if the
+calling process was already jailed, the jail_attach(2) system call
+would fail only after changing the calling process's root directory.
+
+III. Impact
+
+A process with superuser privileges inside a jail could change its
+root directory to that of a different jail, and thus gain full read
+and write access to files and directories within the target jail.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 5.2.1-RELEASE, or to the
+RELENG_5_2 or RELENG_5_1 security branch dated after the correction
+date.
+
+OR
+
+2) Patch your present system:
+
+The following patch has been verified to apply to FreeBSD 5.1 and 5.2
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:03/jail.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:03/jail.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5_2
+  src/sys/kern/kern_jail.c                                       1.34.2.1
+RELENG_5_1
+  src/UPDATING                                                 1.251.2.16
+  src/sys/conf/newvers.sh                                       1.50.2.16
+  src/sys/kern/kern_jail.c                                       1.33.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.cs.mu.oz.au/jas/>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAP4xVFdaIBMps37IRArw1AJ9jNZIsJHYlKt+NEsOgp5cti/Cs+gCdFa0j
+3cvPHMce6awUESculjC3Z/I=
+=LQo0
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:04.tcp.asc b/share/security/advisories/FreeBSD-SA-04:04.tcp.asc
new file mode 100644
index 0000000000..751f582940
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:04.tcp.asc
@@ -0,0 +1,154 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:04.tcp                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          many out-of-sequence TCP packets denial-of-service
+
+Category:       core
+Module:         kernel
+Announced:      2004-03-02
+Revised:        2004-03-16
+Credits:        iDEFENSE, Alexander Cuttergo
+Affects:        All FreeBSD releases
+Corrected:      2004-03-02 17:19:18 UTC (RELENG_4)
+                2004-03-16 13:47:33 UTC (RELENG_5_2, 5.2.1-RELEASE-p2)
+                2004-03-15 20:02:06 UTC (RELENG_5_1, 5.1-RELEASE-p15)
+                2004-03-02 17:26:33 UTC (RELENG_4_9, 4.9-RELEASE-p3)
+                2004-03-02 17:27:47 UTC (RELENG_4_8, 4.8-RELEASE-p16)
+                2004-03-17 10:50:45 UTC (RELENG_4_7, 4.7-RELEASE-p26)
+CVE Name:       CAN-2004-0171
+FreeBSD only:   NO
+
+0.   Revision History
+
+v1.0  2004-03-02  Initial release.
+v1.1  2004-03-17  Fix minor performance issue in 5.2.1 patch.
+                  Corrections for RELENG_5_1 and RELENG_4_7 added.
+                  Note Alexander Cuttergo as the discoverer of this issue.
+
+I.   Background
+
+The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
+provides a connection-oriented, reliable, sequence-preserving data
+stream service.  When network packets making up a TCP stream (``TCP
+segments'') are received out-of-sequence, they are maintained in a
+reassembly queue by the destination system until they can be re-ordered
+and re-assembled.
+
+II.  Problem Description
+
+FreeBSD does not limit the number of TCP segments that may be held in a
+reassembly queue.
+
+III. Impact
+
+A remote attacker may conduct a low-bandwidth denial-of-service attack
+against a machine providing services based on TCP (there are many such
+services, including HTTP, SMTP, and FTP).  By sending many
+out-of-sequence TCP segments, the attacker can cause the target machine
+to consume all available memory buffers (``mbufs''), likely leading to
+a system crash.
+
+IV.  Workaround
+
+It may be possible to mitigate some denial-of-service attacks by
+implementing timeouts at the application level.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, or to the RELENG_5_2,
+RELENG_4_9, or RELENG_4_8 security branch dated after the correction
+date.
+
+OR
+
+2) Patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.x and 5.x
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 5.2]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp52.patch.asc
+
+[FreeBSD 5.1]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp51.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp51.patch.asc
+
+[FreeBSD 4.7, 4.8, 4.9]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:04/tcp47.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/UPDATING                                                  1.73.2.90
+  src/sys/conf/newvers.sh                                       1.44.2.33
+  src/sys/netinet/tcp_input.c                                  1.107.2.40
+  src/sys/netinet/tcp_subr.c                                    1.73.2.33
+  src/sys/netinet/tcp_var.h                                     1.56.2.15
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.10
+  src/sys/conf/newvers.sh                                        1.56.2.9
+  src/sys/netinet/tcp_input.c                                   1.217.2.3
+  src/sys/netinet/tcp_subr.c                                    1.169.2.4
+  src/sys/netinet/tcp_var.h                                      1.93.2.2
+RELENG_5_1
+  src/UPDATING                                                 1.251.2.17
+  src/sys/conf/newvers.sh                                       1.50.2.17
+  src/sys/netinet/tcp_input.c                                   1.205.2.1
+  src/sys/netinet/tcp_subr.c                                    1.160.2.1
+  src/sys/netinet/tcp_var.h                                      1.89.2.1
+RELENG_4_9
+  src/UPDATING                                              1.73.2.89.2.4
+  src/sys/conf/newvers.sh                                   1.44.2.32.2.4
+  src/sys/netinet/tcp_input.c                              1.107.2.38.2.1
+  src/sys/netinet/tcp_subr.c                                1.73.2.31.4.1
+  src/sys/netinet/tcp_var.h                                 1.56.2.13.4.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.19
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.17
+  src/sys/netinet/tcp_input.c                              1.107.2.37.2.1
+  src/sys/netinet/tcp_subr.c                                1.73.2.31.2.1
+  src/sys/netinet/tcp_var.h                                 1.56.2.13.2.1
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.30
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.28
+  src/sys/netinet/tcp_input.c                              1.107.2.32.2.1
+  src/sys/netinet/tcp_subr.c                                1.73.2.28.2.1
+  src/sys/netinet/tcp_var.h                                 1.56.2.12.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.idefense.com/application/poi/display?id=78&type=vulnerabilities>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAWC4yFdaIBMps37IRAgulAJ93O5yH4Z49oTx4HEdRJK+6sLco2gCfYCEZ
+NpPTCWlG1oyLjOL2y6zKBfs=
+=Naox
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:05.openssl.asc b/share/security/advisories/FreeBSD-SA-04:05.openssl.asc
new file mode 100644
index 0000000000..327bd7f36a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:05.openssl.asc
@@ -0,0 +1,134 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:05.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Denial-of-service vulnerability in OpenSSL
+
+Category:       crypto
+Module:         openssl
+Announced:      2004-03-17
+Credits:        OpenSSL Project <URL:http://www.openssl.org>
+                Codenomicon Ltd <URL:http://www.codenomicon.com>
+Affects:        All FreeBSD 4.x and 5.x releases
+Corrected:      2004-03-17 12:23:51 UTC (RELENG_4, 4.9-STABLE)
+                2004-03-17 12:14:12 UTC (RELENG_5_2, 5.2.1-RELEASE-p3)
+                2004-03-17 12:14:56 UTC (RELENG_5_1, 5.1-RELEASE-p16)
+                2004-03-17 12:17:13 UTC (RELENG_4_9, 4.9-RELEASE-p4)
+                2004-03-17 12:18:23 UTC (RELENG_4_8, 4.8-RELEASE-p17)
+CVE Name:       CAN-2004-0079
+FreeBSD only:   NO
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL
+Project is a collaborative effort to develop a robust, commercial-
+grade, full-featured, and Open Source toolkit implementing the Secure
+Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography
+library.
+
+II.  Problem Description
+
+When processing an SSL/TLS ChangeCipherSpec message, OpenSSL may fail to
+check that a new cipher has been previously negotiated.  This may result
+in a null pointer dereference.
+
+III. Impact
+
+A remote attacker could perform a specially crafted SSL/TLS handshake
+with an application that utilizes OpenSSL, triggering the null pointer
+dereference and causing the application to crash.  Depending upon the
+specifics of the application, this may result in an effective
+denial-of-service.
+
+IV.  Workaround
+
+No workaround is known.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2,
+RELENG_4_9, or RELENG_4_8 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8,
+4.9, 5.1, and 5.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:05/openssl.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:05/openssl.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >.
+
+Note that any statically linked applications that are not part of the
+base system (i.e. from the Ports Collection or other 3rd-party sources)
+must be recompiled.
+
+All affected applications must be restarted for them to use the
+corrected library.  Though not required, rebooting may be the easiest
+way to accomplish this.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/openssl/crypto/opensslv.h                        1.1.1.1.2.9
+  src/crypto/openssl/ssl/s3_pkt.c                             1.1.1.1.2.7
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.11
+  src/crypto/openssl/crypto/opensslv.h                       1.1.1.14.2.1
+  src/crypto/openssl/ssl/s3_pkt.c                             1.1.1.8.4.1
+  src/sys/conf/newvers.sh                                       1.56.2.10
+RELENG_5_1
+  src/UPDATING                                                 1.251.2.18
+  src/crypto/openssl/crypto/opensslv.h                       1.1.1.13.2.1
+  src/crypto/openssl/ssl/s3_pkt.c                             1.1.1.8.2.1
+  src/sys/conf/newvers.sh                                       1.50.2.18
+RELENG_4_9
+  src/UPDATING                                              1.73.2.89.2.5
+  src/crypto/openssl/crypto/opensslv.h                    1.1.1.1.2.8.2.1
+  src/crypto/openssl/ssl/s3_pkt.c                         1.1.1.1.2.6.4.1
+  src/sys/conf/newvers.sh                                   1.44.2.32.2.5
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.20
+  src/crypto/openssl/crypto/opensslv.h                    1.1.1.1.2.7.2.1
+  src/crypto/openssl/ssl/s3_pkt.c                         1.1.1.1.2.6.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.18
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL: http://www.openssl.org/news/secadv_20040317.txt >
+<URL: http://cvs.openssl.org/chngview?cn=12033 >
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAWH8nFdaIBMps37IRAgsZAKCPXaoTb16c8JGJL+Uz7eOX8/864ACbB059
+AIfN8fbeiGJ3fdG0pKAMwMw=
+=2f24
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:06.ipv6.asc b/share/security/advisories/FreeBSD-SA-04:06.ipv6.asc
new file mode 100644
index 0000000000..a614a8e091
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:06.ipv6.asc
@@ -0,0 +1,119 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:06.ipv6                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          setsockopt(2) IPv6 sockets input validation error
+
+Category:       core
+Module:         kernel
+Announced:      2004-03-29
+Credits:        Katsuhisa ABE, Colin Percival
+Affects:        FreeBSD 5.2-RELEASE
+Corrected:      2004-03-29 14:01:33 UTC (RELENG_5_2, 5.2.1-RELEASE-p4)
+CVE Name:       CAN-2004-0370
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+IPv6 is a new Internet Protocol, designed to replace (and avoid many of
+the problems with) the current Internet Protocol (version 4).  FreeBSD
+uses the KAME Project IPv6 implementation.
+
+Applications may manipulate the behavior of an IPv6 socket using the
+setsockopt(2) system call.
+
+II.  Problem Description
+
+A programming error in the handling of some IPv6 socket options within
+the setsockopt(2) system call may result in memory locations being
+accessed without proper validation.  While the problem originates in
+code from the KAME Project, it does not affect other operating systems.
+
+III. Impact
+
+It may be possible for a local attacker to read portions of kernel
+memory, resulting in disclosure of sensitive information.  A local
+attacker can cause a system panic.
+
+IV.  Workaround
+
+Do one of the following:
+
+1) Disable IPv6 entirely by following these steps:
+
+   - Remove or comment out any lines mentioning `INET6' from your
+     kernel configuration file, and recompile your kernel as described
+     in <URL:http://www.freebsd.org/handbook/kernelconfig.html>.
+
+   - Reboot your system.
+
+2) If all untrusted users are confined within a jail(8), ensure that
+the security.jail.socket_unixiproute_only sysctl is set to 1 and
+verify that no IPv6 sockets are currently open:
+
+# sysctl security.jail.socket_unixiproute_only=1
+# sockstat -6
+
+This will restrict jailed processes to creating UNIX domain, IPv4, and
+routing sockets, which are not vulnerable to this problem; note however
+that processes inside a jail may still be able to inherit IPv6 sockets
+from outside the jail, so this may not be sufficient for all systems.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to the RELENG_5_2 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:06/ipv6.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:06/ipv6.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+d) Install updated kernel headers.
+
+# cd /usr/src/include
+# make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.12
+  src/sys/netinet6/ip6_output.c                                  1.71.2.2
+  src/sys/netinet/ip6.h                                          1.10.2.1
+  src/sys/conf/newvers.sh                                       1.56.2.11
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAaC6kFdaIBMps37IRAiCBAJ9ATb8FTKysuJvwlU8E0YOArWwP1gCcCCpw
+rK7VXiZuLwD1zZmBepSHCt4=
+=FLqJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:07.cvs.asc b/share/security/advisories/FreeBSD-SA-04:07.cvs.asc
new file mode 100644
index 0000000000..5a11c79744
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:07.cvs.asc
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:07.cvs                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          CVS path validation errors
+
+Category:       contrib
+Module:         contrib_cvs
+Announced:      2004-04-15
+Revised:        2004-04-16
+Credits:        Sebastian Krahmer <krahmer@suse.de>
+                Derek Robert Price <derek@ximbiot.com>
+Affects:        All FreeBSD versions prior to 4.10-RELEASE
+Corrected:      2004-04-15 15:35:26 UTC (RELENG_4, 4.10-BETA)
+                2004-04-15 15:42:50 UTC (RELENG_5_2, 5.2.1-RELEASE-p5)
+                2004-04-15 15:59:05 UTC (RELENG_4_9, 4.9-RELEASE-p5)
+                2004-04-15 15:59:54 UTC (RELENG_4_8, 4.8-RELEASE-p18)
+CVE Name:       CAN-2004-0180, CAN-2004-0405
+FreeBSD only:   NO
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0 2004-04-14  Initial release.
+v1.1 2004-04-15  Added additional CVE name.  Corrected affected release
+                 names.  Reworded `Workaround' section.
+
+I.   Background
+
+The Concurrent Versions System (CVS) is a version control system.  It
+may be used to access a repository locally, or to access a `remote
+repository' using a number of different methods.  When accessing a
+remote repository, the target machine runs the CVS server to fulfill
+client requests.
+
+II.  Problem Description
+
+Two programming errors were discovered in which path names handled by
+CVS were not properly validated.  In one case, CAN-2004-0180, the CVS
+client accepts absolute path names from the server when determining
+which files to update.  In another case, CAN-2004-0405, the CVS server
+accepts relative path names from the client when determining which
+files to transmit, including those containing references to parent
+directories (`../').
+
+III. Impact
+
+These programming errors generally only have a security impact when
+dealing with remote CVS repositories.
+
+A malicious CVS server may cause a CVS client to overwrite arbitrary
+files on the client's system.
+
+A CVS client may request RCS files from a remote system other than
+those in the repository specified by $CVSROOT.  These RCS files need
+not be part of any CVS repository themselves.
+
+IV.  Workaround
+
+Users of CVS clients should avoid accessing remote repositories.
+Administrators of CVS repositories should disable remote access.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2,
+RELENG_4_9, or RELENG_4_8 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8,
+4.9, 5.1, and 5.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:07/cvs.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/cvs
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/cvs/src/client.c                                    1.2.2.7
+  src/contrib/cvs/src/modules.c                               1.1.1.5.2.4
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.13
+  src/sys/conf/newvers.sh                                       1.56.2.12
+  src/contrib/cvs/src/client.c                                   1.10.4.1
+  src/contrib/cvs/src/modules.c                               1.1.1.8.6.2
+RELENG_4_9
+  src/UPDATING                                              1.73.2.89.2.6
+  src/sys/conf/newvers.sh                                   1.44.2.32.2.6
+  src/contrib/cvs/src/client.c                                1.2.2.6.4.1
+  src/contrib/cvs/src/modules.c                           1.1.1.5.2.3.4.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.21
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.19
+  src/contrib/cvs/src/client.c                                1.2.2.6.2.1
+  src/contrib/cvs/src/modules.c                           1.1.1.5.2.3.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://ccvs.cvshome.org/servlets/NewsItemView?newsID=102
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAf9JjFdaIBMps37IRAvX1AKCLBj7AKXeH0H+MQdQPOOlQESzi+wCZAV0I
+NMgLCxOS/j9H34OJlYOLflU=
+=W0D4
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:08.heimdal.asc b/share/security/advisories/FreeBSD-SA-04:08.heimdal.asc
new file mode 100644
index 0000000000..8c8b7b5786
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:08.heimdal.asc
@@ -0,0 +1,170 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:08.heimdal                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          heimdal cross-realm trust vulnerability
+
+Category:       core
+Module:         crypto_heimdal
+Announced:      2004-05-05
+Credits:        Heimdal project
+Affects:        FreeBSD 4 with Kerberos 5 installed, and FreeBSD 5
+Corrected:      2004-05-05 19:49:41 UTC (RELENG_4, 4.10-PRERELEASE)
+                2004-05-05 19:55:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p6)
+                2004-05-05 20:48:19 UTC (RELENG_4_10, 4.10-RELEASE-RC)
+                2004-05-05 20:01:06 UTC (RELENG_4_9, 4.9-RELEASE-p6)
+                2004-05-05 20:06:30 UTC (RELENG_4_8, 4.8-RELEASE-p19)
+CVE Name:       CAN-2004-0371
+FreeBSD only:   NO
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+Heimdal implements the Kerberos 5 network authentication protocols.
+Principals (i.e. users and services) represented in Kerberos are
+grouped into separate, autonomous realms.  Unidirectional or
+bidirectional trust relationships may be established between realms to
+allow the principals in one realm to recognize the authenticity of
+principals in another.  These trust relationships may be transitive.
+An authentication path is the ordered list of realms (and therefore
+KDCs) that were involved in the authentication process.  The
+authentication path is recorded in Kerberos tickets as the `transited'
+field.
+
+It is possible for the Key Distribution Center (KDC) of a realm to
+forge part or all of the `transited' field.  KDCs should validate this
+field before accepting authentication results, checking that each
+realm in the authentication path is trusted and that the path conforms
+to local policy.  Applications are required to perform this type of
+checking if the KDC has not already done so.
+
+Prior to FreeBSD 5.1, Kerberos 5 was an optional component of FreeBSD,
+and was not installed by default.
+
+II.  Problem Description
+
+Some versions of Heimdal do not perform appropriate checking of the
+`transited' field.
+
+III. Impact
+
+For sites that have established trust relationships with other realms,
+it is possible for the administrator(s) of those other realms to
+impersonate any Kerberos principal in any other realm.
+
+IV.  Workaround
+
+Disable all inter-realm trust relationships.  The Heimdal advisory
+listed in the References section below provides details for checking
+for trust relationships and disabling them.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2,
+RELENG_4_9, or RELENG_4_8 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8,
+4.9, 5.1, and 5.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.8, 4.9, 5.1 with Heimdal 0.5.1]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:08/heimdal51.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:08/heimdal51.patch.asc
+
+[FreeBSD 5.2 with Heimdal 0.6]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:08/heimdal6.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:08/heimdal6.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/secure/lib/libcrypto
+# make obj && make depend && make
+# cd /usr/src/kerberos5
+# make obj && make depend && make && make install
+
+Be sure to restart any running services that use Kerberos, such as
+kdc(8) or sshd(8).  Perhaps the simplest way to ensure all such
+applications are restarted is to reboot the system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/heimdal/kdc/config.c                             1.1.1.2.2.4
+  src/crypto/heimdal/kdc/kdc.8                                1.1.1.2.2.5
+  src/crypto/heimdal/kdc/kdc_locl.h                           1.1.1.2.2.4
+  src/crypto/heimdal/kdc/kerberos5.c                          1.1.1.2.2.5
+  src/crypto/heimdal/lib/krb5/krb5-protos.h                   1.1.1.3.2.5
+  src/crypto/heimdal/lib/krb5/rd_req.c                        1.1.1.3.2.3
+  src/crypto/heimdal/lib/krb5/transited.c                     1.1.1.3.2.3
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.14
+  src/crypto/heimdal/kdc/config.c                             1.1.1.7.2.1
+  src/crypto/heimdal/kdc/kdc.8                                1.1.1.7.2.1
+  src/crypto/heimdal/kdc/kdc_locl.h                           1.1.1.6.2.1
+  src/crypto/heimdal/kdc/kerberos5.c                          1.1.1.8.2.1
+  src/crypto/heimdal/lib/krb5/krb5-protos.h                   1.1.1.9.2.1
+  src/crypto/heimdal/lib/krb5/rd_req.c                        1.1.1.6.6.1
+  src/crypto/heimdal/lib/krb5/transited.c                     1.1.1.6.2.1
+  src/sys/conf/newvers.sh                                       1.56.2.13
+RELENG_4_10
+  src/crypto/heimdal/kdc/config.c                         1.1.1.2.2.3.8.1
+  src/crypto/heimdal/kdc/kdc.8                            1.1.1.2.2.4.8.1
+  src/crypto/heimdal/kdc/kdc_locl.h                       1.1.1.2.2.3.8.1
+  src/crypto/heimdal/kdc/kerberos5.c                      1.1.1.2.2.4.8.1
+  src/crypto/heimdal/lib/krb5/krb5-protos.h               1.1.1.3.2.4.8.1
+  src/crypto/heimdal/lib/krb5/rd_req.c                   1.1.1.3.2.2.10.1
+  src/crypto/heimdal/lib/krb5/transited.c                 1.1.1.3.2.2.8.1
+RELENG_4_9
+  src/UPDATING                                              1.73.2.89.2.7
+  src/crypto/heimdal/kdc/config.c                         1.1.1.2.2.3.6.1
+  src/crypto/heimdal/kdc/kdc.8                            1.1.1.2.2.4.6.1
+  src/crypto/heimdal/kdc/kdc_locl.h                       1.1.1.2.2.3.6.1
+  src/crypto/heimdal/kdc/kerberos5.c                      1.1.1.2.2.4.6.1
+  src/crypto/heimdal/lib/krb5/krb5-protos.h               1.1.1.3.2.4.6.1
+  src/crypto/heimdal/lib/krb5/rd_req.c                    1.1.1.3.2.2.8.1
+  src/crypto/heimdal/lib/krb5/transited.c                 1.1.1.3.2.2.6.1
+  src/sys/conf/newvers.sh                                   1.44.2.32.2.7
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.22
+  src/crypto/heimdal/kdc/config.c                         1.1.1.2.2.3.4.1
+  src/crypto/heimdal/kdc/kdc.8                            1.1.1.2.2.4.4.1
+  src/crypto/heimdal/kdc/kdc_locl.h                       1.1.1.2.2.3.4.1
+  src/crypto/heimdal/kdc/kerberos5.c                      1.1.1.2.2.4.4.1
+  src/crypto/heimdal/lib/krb5/krb5-protos.h               1.1.1.3.2.4.4.1
+  src/crypto/heimdal/lib/krb5/rd_req.c                    1.1.1.3.2.2.6.1
+  src/crypto/heimdal/lib/krb5/transited.c                 1.1.1.3.2.2.4.1
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.20
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://www.pdc.kth.se/heimdal/advisory/2004-04-01/>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAmVTvFdaIBMps37IRAkhZAKCQZmbxNkicz82VEcPeDO/840uNxwCfQ/0U
+NYT36OgpzsBI9Jc0cpDXTA4=
+=i17O
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:09.kadmind.asc b/share/security/advisories/FreeBSD-SA-04:09.kadmind.asc
new file mode 100644
index 0000000000..20806d82b7
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:09.kadmind.asc
@@ -0,0 +1,121 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:09.kadmind                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          heimdal kadmind remote heap buffer overflow
+
+Category:       contrib
+Module:         crypto_heimdal
+Announced:      2004-05-05
+Credits:        Evgeny Demidov, VulnDisco, Love Hornquist-Astrand
+Affects:        FreeBSD 4 systems built with both Kerberos 4 and Kerberos 5.
+                FreeBSD 5 systems prior to 5.1 built with both Kerberos 4 and
+                Kerberos 5.
+Corrected:      2004-05-05 20:19:48 UTC (RELENG_4, 4.10-PRERELEASE)
+                2004-05-05 20:48:57 UTC (RELENG_4_10, 4.10-RELEASE-RC)
+                2004-05-05 20:15:56 UTC (RELENG_4_9, 4.9-RELEASE-p7)
+                2004-05-05 20:17:51 UTC (RELENG_4_8, 4.8-RELEASE-p20)
+CVE Name:       CAN-2004-0434
+FreeBSD only:   NO
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+Heimdal implements the Kerberos 5 network authentication protocols.
+The k5admind(8) daemon provides the administrative interface to the
+Kerberos Key Distribution Center (KDC).  In some configurations,
+k5admind also includes Kerberos 4 compatibility.
+
+NOTE: FreeBSD versions prior to 5.1-RELEASE contain optional Kerberos
+4 support.  FreeBSD versions 5.1-RELEASE and later do not include
+Kerberos 4 support of any kind.
+
+II.  Problem Description
+
+An input validation error was discovered in the k5admind code that
+handles the framing of Kerberos 4 compatibility administration
+requests.  The code assumed that the length given in the framing was
+always two or more bytes.  Smaller lengths will cause k5admind to read
+an arbitrary amount of data into a minimally-sized buffer on the heap.
+
+Note that this code is not present unless k5admind has been compiled
+with Kerberos 4 support.  This will occur if a FreeBSD system is
+compiled with both of the WITH_KERBEROS4 and WITH_KERBEROS5 build flags.
+These flags are never simultaneously set during the FreeBSD binary
+release process; consequently, binary installs of FreeBSD (even with
+Kerberos support installed) are not affected.
+
+III. Impact
+
+A remote attacker may send a specially formatted message to k5admind,
+causing it to crash or possibly resulting in arbitrary code execution.
+
+IV.  Workaround
+
+Disable the Kerberos 4 support in k5admind by running it with the
+`--no-kerberos4' option.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_4_9 or
+RELENG_4_8 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8 and
+4.9.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:09/kadmind.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:09/kadmind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/kerberos5/tools
+# make obj && make depend && make
+# cd /usr/src/kerberos5/lib
+# make obj && make depend && make
+# cd /usr/src/kerberos5/libexec/k5admind
+# make obj && make depend && make all install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/heimdal/kadmin/version4.c                        1.1.1.1.2.6
+RELENG_4_10
+  src/crypto/heimdal/kadmin/version4.c                    1.1.1.1.2.5.6.1
+RELENG_4_9
+  src/UPDATING                                              1.73.2.89.2.8
+  src/crypto/heimdal/kadmin/version4.c                    1.1.1.1.2.5.4.1
+  src/sys/conf/newvers.sh                                   1.44.2.32.2.8
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.23
+  src/crypto/heimdal/kadmin/version4.c                    1.1.1.1.2.5.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.21
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAmVp/FdaIBMps37IRArWAAJ9wsAaSmpmkdisZ7dKCdUqtjzi5/ACfQx91
+Rl2JAQ/JrZyoOlwYRea1SLc=
+=gQfq
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:10.cvs.asc b/share/security/advisories/FreeBSD-SA-04:10.cvs.asc
new file mode 100644
index 0000000000..d777d49558
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:10.cvs.asc
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:10.cvs                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          CVS pserver protocol parser errors
+
+Category:       contrib
+Module:         contrib_cvs
+Announced:      2004-05-19
+Revised:        2004-05-20
+Credits:        Stefan Esser <s.esser@e-matters.de>
+Affects:        All FreeBSD versions
+Corrected:      2004-05-20 13:17:16 UTC (RELENG_4, 4.10-PRERELEASE)
+                2004-05-20 13:17:42 UTC (RELENG_4_10, 4.10-RC)
+                2004-05-20 13:18:08 UTC (RELENG_4_9, 4.9-RELEASE-p8)
+                2004-05-20 13:18:07 UTC (RELENG_4_8, 4.8-RELEASE-p21)
+                2004-05-20 13:18:06 UTC (RELENG_4_7, 4.7-RELEASE-p27)
+                2004-05-20 13:18:10 UTC (RELENG_5_2, 5.2.1-RELEASE-p7)
+                2004-05-20 13:18:09 UTC (RELENG_5_1, 5.1-RELEASE-p17)
+                2004-05-20 13:18:09 UTC (RELENG_5_0, 5.0-RELEASE-p21)
+CVE Name:       CAN-2004-0396
+FreeBSD only:   NO
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0 2004-05-19  Initial release.
+v1.1 2004-05-19  Adjusted correction dates and reference URL.
+v1.2 2004-05-20  Updated patch to work around bugs in some CVS clients.
+v1.3 2004-06-05  Corrected the workaround section.
+
+I.   Background
+
+The Concurrent Versions System (CVS) is a version control system.  It
+may be used to access a repository locally, or to access a `remote
+repository' using a number of different methods.  When accessing a
+remote repository, the target machine runs the CVS server to fulfill
+client requests.
+
+II.  Problem Description
+
+Due to a programming error in code used to parse data received from
+the client, malformed data can cause a heap buffer to overflow,
+allowing the client to overwrite arbitrary portions of the server's
+memory.
+
+III. Impact
+
+A malicious CVS client may run arbitrary code on the server at the
+privilege level of the CVS server software.
+
+IV.  Workaround
+
+Administrators of CVS repositories should disable anonymous remote
+access.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2,
+RELENG_4_9, or RELENG_4_8 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.7, 4.8,
+4.9, 4.10, 5.0, 5.1, and 5.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:10/cvs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:10/cvs.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/cvs
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/cvs/src/server.c                                   1.13.2.7
+RELENG_4_10
+  src/contrib/cvs/src/server.c                               1.13.2.5.6.2
+RELENG_4_9
+  src/UPDATING                                              1.73.2.89.2.9
+  src/sys/conf/newvers.sh                                   1.44.2.32.2.9
+  src/contrib/cvs/src/server.c                               1.13.2.5.4.2
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.24
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.22
+  src/contrib/cvs/src/server.c                               1.13.2.5.2.2
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.31
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.29
+  src/contrib/cvs/src/server.c                               1.13.2.2.6.3
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.15
+  src/sys/conf/newvers.sh                                       1.56.2.14
+  src/contrib/cvs/src/server.c                                   1.19.4.3
+RELENG_5_1
+  src/UPDATING                                                 1.251.2.19
+  src/sys/conf/newvers.sh                                       1.50.2.19
+  src/contrib/cvs/src/server.c                                   1.19.2.2
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.27
+  src/sys/conf/newvers.sh                                       1.48.2.22
+  src/contrib/cvs/src/server.c                                   1.17.2.3
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://ccvs.cvshome.org/servlets/NewsItemView?newsID=107
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAwfk9FdaIBMps37IRAhNIAJ4twfnzkcUWj+NfaEO7QBl4/J5tmgCggrvR
+HPugjWZJCBGmSguSQj9X8PY=
+=BWOO
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:11.msync.asc b/share/security/advisories/FreeBSD-SA-04:11.msync.asc
new file mode 100644
index 0000000000..17f675c882
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:11.msync.asc
@@ -0,0 +1,118 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:11.msync                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          buffer cache invalidation implementation issues
+
+Category:       core
+Module:         sys
+Announced:      2004-05-26
+Credits:        Stephan Uphoff <ups@tree.com>
+                Matt Dillon <dillon@apollo.backplane.com>
+Affects:        All FreeBSD versions prior to the correction date
+Corrected:      2004-05-25 22:46:38 UTC (RELENG_4, 4.10-STABLE)
+                2004-05-25 23:07:55 UTC (RELENG_5_2, 5.2.1-RELEASE-p8)
+                2004-05-22 23:09:19 UTC (RELENG_4_10, 4.10-RELEASE)
+                2004-05-25 23:01:21 UTC (RELENG_4_9, 4.9-RELEASE-p9)
+                2004-05-25 23:01:19 UTC (RELENG_4_8, 4.8-RELEASE-p22)
+CVE Name:       CAN-2004-0435
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The msync(2) system call is used by applications to request that
+modified memory pages are written to permanent storage.
+
+II.  Problem Description
+
+Programming errors in the implementation of the msync(2) system call
+involving the MS_INVALIDATE operation lead to cache consistency
+problems between the virtual memory system and on-disk contents.
+
+III. Impact
+
+In some situations, a user with read access to a file may be able to
+prevent changes to that file from being committed to disk.
+
+IV.  Workaround
+
+There is no workaround.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2,
+RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8, 4.9,
+4.10 and 5.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 5.2]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync5.patch.asc
+
+[FreeBSD 4.8, 4.9, 4.10]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:11/msync4.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/ufs/ufs/ufs_readwrite.c                               1.65.2.16
+  src/sys/vm/vm_map.c                                          1.187.2.30
+RELENG_4_10
+  src/sys/ufs/ufs/ufs_readwrite.c                           1.65.2.14.4.1
+  src/sys/vm/vm_map.c                                      1.187.2.24.2.4
+RELENG_4_9
+  src/UPDATING                                             1.73.2.89.2.10
+  src/sys/conf/newvers.sh                                  1.44.2.32.2.10
+  src/sys/ufs/ufs/ufs_readwrite.c                           1.65.2.14.2.1
+  src/sys/vm/vm_map.c                                      1.187.2.23.2.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.25
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.23
+  src/sys/ufs/ufs/ufs_readwrite.c                           1.65.2.13.2.1
+  src/sys/vm/vm_map.c                                      1.187.2.17.2.1
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.16
+  src/sys/conf/newvers.sh                                       1.56.2.15
+  src/sys/ufs/ffs/ffs_vnops.c                                   1.119.2.1
+  src/sys/vm/vm_object.c                                        1.317.2.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAtH2pFdaIBMps37IRAmycAJ0cv/iG6NlGBsC1xT4gg/Gx3lF8DwCghfHl
+G2wdUNyfvhz0u3kFB9pH41c=
+=SK1u
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:12.jailroute.asc b/share/security/advisories/FreeBSD-SA-04:12.jailroute.asc
new file mode 100644
index 0000000000..40e96d1c7f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:12.jailroute.asc
@@ -0,0 +1,110 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:12.jailroute                                  Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Jailed processes can manipulate host routing tables
+
+Category:       core
+Module:         kernel
+Announced:      2004-06-07
+Credits:        Pawel Malachowski
+Affects:        FreeBSD 4.8-RELEASE
+                FreeBSD 4.9-RELEASE
+Corrected:      2004-04-06 20:11:53 UTC (RELENG_4)
+                2004-06-07 17:44:44 UTC (RELENG_4_9, 4.9-RELEASE-p10)
+                2004-06-07 17:42:42 UTC (RELENG_4_8, 4.8-RELEASE-p23)
+CVE Name:       CAN-2004-0125
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The jail(2) system call allows a system administrator to lock up a
+process and all its descendants inside a closed environment with very
+limited ability to affect the system outside that environment, even
+for processes with superuser privileges.  It is an extension of, but
+far more stringent than, the traditional Unix chroot(2) system call.
+
+The FreeBSD kernel maintains internal routing tables for the purpose
+of determining which interface should be used to transmit packets.
+These routing tables can be manipulated by user processes running
+with superuser privileges by sending messages over a routing socket.
+
+II.  Problem Description
+
+A programming error resulting in a failure to verify that an attempt
+to manipulate routing tables originated from a non-jailed process.
+
+III. Impact
+
+Jailed processes running with superuser privileges could modify host
+routing tables.  This could result in a variety of consequences including
+packets being sent via an incorrect network interface and packets being
+discarded entirely.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to 4.10-RELEASE, or to the RELENG_4_8
+or RELENG_4_9 security branch dated after the correction date.
+
+OR
+
+2) Patch your present system:
+
+The following patch has been verified to apply to the FreeBSD 4.8 and
+4.9 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:12/jailroute.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:12/jailroute.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/net/rtsock.c                                          1.44.2.13
+RELENG_4_9
+  src/UPDATING                                             1.73.2.89.2.11
+  src/sys/conf/newvers.sh                                  1.44.2.32.2.11
+  src/sys/net/rtsock.c                                      1.44.2.11.4.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.26
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.24
+  src/sys/net/rtsock.c                                      1.44.2.11.2.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFAxNyTFdaIBMps37IRAkTtAJ9LL92gdrIr3drFL7+EzgIz3Tp3EQCgl3XM
+FySjBz6+a74mtEX89hLRcBI=
+=dWI/
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:13.linux.asc b/share/security/advisories/FreeBSD-SA-04:13.linux.asc
new file mode 100644
index 0000000000..7cacb6f0b6
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:13.linux.asc
@@ -0,0 +1,164 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:13.linux                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Linux binary compatibility mode input validation error
+
+Category:       core
+Module:         kernel
+Announced:      2004-06-30
+Credits:        Tim Robbins
+Affects:        All 4.x and 5.x releases
+Corrected:      2004-06-30 17:31:44 UTC (RELENG_4)
+                2004-06-30 17:34:38 UTC (RELENG_5_2, 5.2.1-RELEASE-p9)
+                2004-06-30 17:33:59 UTC (RELENG_4_10, 4.10-RELEASE-p2)
+                2004-06-30 17:33:24 UTC (RELENG_4_9, 4.9-RELEASE-p11)
+                2004-06-30 17:32:24 UTC (RELENG_4_8, 4.8-RELEASE-p24)
+CVE Name:       CAN-2004-0602
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+FreeBSD is binary-compatible with the Linux operating system through a
+loadable kernel module/optional kernel component.
+
+II.  Problem Description
+
+A programming error in the handling of some Linux system calls may
+result in memory locations being accessed without proper validation.
+
+III. Impact
+
+It may be possible for a local attacker to read and/or overwrite
+portions of kernel memory, resulting in disclosure of sensitive
+information or potential privilege escalation.  A local attacker can
+cause a system panic.
+
+IV.  Workaround
+
+The only known workaround is to disable the linux binary compatibility 
+layer and prevent it from being (re)loaded.  Note that step (a) must be
+performed before step (b).
+
+a) To prevent the linux compatibility layer being (re)loaded, remove the
+/boot/kernel/linux.ko file (on FreeBSD 5.x) or the /modules/linux.ko
+file (on FreeBSD 4.x), and add or change the following line in
+/etc/rc.conf:
+
+linux_enable="NO"       # Linux binary compatibility loaded at startup (or NO).
+
+Add or change the following lines in /boot/loader.conf:
+
+linux_load="NO"                 # Linux emulation
+linprocfs_load="NO"
+
+In addition, remove any linprocfs file system listed in /etc/fstab.
+
+b) To disable the linux binary compatibility layer, first determine if
+it is loaded:
+
+# kldstat -v | grep linuxelf
+
+If no output is produced, the linux compatibility layer is not loaded;
+stop here.
+
+If the linux compatibility layer is loaded, determine if it is compiled
+into the kernel or loaded as a module:
+
+# kldstat | grep linux.ko
+
+If no output is produced, the linux compatibility layer is compiled
+into the kernel.  Remove the line
+
+options         COMPAT_LINUX
+
+from your kernel configuration file and recompile the kernel as
+described in 
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+If output is produced, then the linux compatibility layer is loaded as
+a kernel module.  If the module is not currently being used (by a
+process running under linux emulation, for example) then it may be
+possible to unload it:
+
+# kldunload linux
+# kldstat | grep linux.ko
+
+If this does not successfully unload the module, reboot the system.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE; or to the RELENG_5_2,
+RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8, 4.9,
+4.10 and 5.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 5.2]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux5.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux5.patch.asc
+
+[FreeBSD 4.8, 4.9, 4.10]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux4.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:13/linux4.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/compat/linux/linux_ioctl.c                            1.55.2.13
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.17
+  src/sys/compat/linux/linux_ioctl.c                            1.112.2.1
+  src/sys/conf/newvers.sh                                       1.56.2.16
+RELENG_4_10
+  src/UPDATING                                              1.73.2.90.2.3
+  src/sys/compat/linux/linux_ioctl.c                        1.55.2.12.4.1
+  src/sys/conf/newvers.sh                                   1.44.2.34.2.4
+RELENG_4_9
+  src/UPDATING                                             1.73.2.89.2.12
+  src/sys/compat/linux/linux_ioctl.c                        1.55.2.12.2.1
+  src/sys/conf/newvers.sh                                  1.44.2.32.2.12
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.27
+  src/sys/compat/linux/linux_ioctl.c                        1.55.2.10.6.1
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.25
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQFA48FqFdaIBMps37IRArpeAKCP1G1bFmYiD0v3Qdg8pq5zkV7JywCcDUHn
+dz5yJTOovQSmIaLVD/Ei8Xw=
+=SVrJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:14.cvs.asc b/share/security/advisories/FreeBSD-SA-04:14.cvs.asc
new file mode 100644
index 0000000000..d9611faea5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:14.cvs.asc
@@ -0,0 +1,182 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:14.cvs.asc                                  Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          CVS
+
+Category:       contrib
+Module:         cvs
+Announced:      2004-09-19
+Credits:        Stefan Esser, Sebastian Krahmer, Derek Price
+                iDEFENSE
+Affects:        All FreeBSD versions
+Corrected:      2004-06-29 16:10:50 UTC (RELENG_4)
+                2004-09-19 22:26:22 UTC (RELENG_4_10, 4.10-RELEASE-p3)
+                2004-09-19 22:27:36 UTC (RELENG_4_9, 4.9-RELEASE-p12)
+                2004-09-19 22:28:14 UTC (RELENG_4_8, 4.8-RELEASE-p25)
+                2004-09-19 22:37:10 UTC (RELENG_5_2, 5.2.1-RELEASE-p10)
+CVE Name:       CAN-2004-0414, CAN-2004-0416, CAN-2004-0417, CAN-2004-0418,
+                CAN-2004-0778
+FreeBSD only:   NO
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The Concurrent Versions System (CVS) is a version control system.  It
+may be used to access a repository locally, or to access a `remote
+repository' using a number of different methods.  When accessing a
+remote repository, the target machine runs the CVS server to fulfill
+client requests.
+
+II.  Problem Description
+
+A number of vulnerabilities were discovered in CVS by Stefan Esser,
+Sebastian Krahmer, and Derek Price.
+
+ . Insufficient input validation while processing "Entry" lines.
+   (CAN-2004-0414)
+
+ . A double-free resulting from erroneous state handling while
+   processing "Argumentx" commands. (CAN-2004-0416)
+
+ . Integer overflow while processing "Max-dotdot" commands.
+   (CAN-2004-0417)
+
+ . Erroneous handling of empty entries handled while processing
+   "Notify" commands. (CAN-2004-0418)
+
+ . A format string bug while processing CVS wrappers.
+
+ . Single-byte buffer underflows while processing configuration files
+   from CVSROOT.
+
+ . Various other integer overflows.
+
+Additionally, iDEFENSE reports an undocumented command-line flag used
+in debugging does not perform input validation on the given path
+names.
+
+III. Impact
+
+CVS servers ("cvs server" or :pserver: modes) are affected by these
+vulnerabilities.  They vary in impact but include information disclosure
+(the iDEFENSE-reported bug), denial-of-service (CAN-2004-0414,
+CAN-2004-0416, CAN-2004-0417 and other bugs), or possibly arbitrary code
+execution (CAN-2004-0418).  In very special situations where the
+attacker may somehow influence the contents of CVS configuration files
+in CVSROOT, additional attacks may be possible.
+
+IV.  Workaround
+
+Disable the use of remote CVS repositories.
+
+V.   Solution
+
+Do one of the following:
+
+1) Upgrade your vulnerable system to the RELENG_4 stable branch, or to
+the RELENG_5_2, RELENG_4_10, RELENG_4_9, or RELENG_4_8 security branch
+dated after the correction date.
+
+OR
+
+2) Patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8, 4.9,
+4.10 and 5.2.1 systems.  Note that one *must* have previously applied
+the patches pertaining to FreeBSD-SA-04:10.cvs in order to use these
+patches.
+
+Note that FreeBSD 4.10-STABLE systems built from sources dated
+2004-06-29 16:20:00 UTC or later include cvs 1.11.17, which has all
+of these issues fixed.  These patches should not be applied to those
+systems.
+
+a) Download the relevant patches from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:14/cvs.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/cvs
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4_10
+  src/UPDATING                                              1.73.2.90.2.4
+  src/sys/conf/newvers.sh                                   1.44.2.34.2.5
+  src/contrib/cvs/lib/xsize.h                                 1.1.1.1.6.1
+  src/contrib/cvs/src/commit.c                                1.8.2.5.6.1
+  src/contrib/cvs/src/cvs.h                                  1.11.2.6.6.1
+  src/contrib/cvs/src/filesubr.c                              1.6.2.4.6.1
+  src/contrib/cvs/src/history.c                           1.1.1.6.2.4.6.1
+  src/contrib/cvs/src/modules.c                           1.1.1.5.2.4.2.1
+  src/contrib/cvs/src/server.c                               1.13.2.5.6.3
+  src/contrib/cvs/src/wrapper.c                           1.1.1.7.2.3.6.1
+  src/gnu/usr.bin/cvs/lib/config.h.proto                     1.16.2.1.6.1
+RELENG_4_9
+  src/UPDATING                                             1.73.2.89.2.13
+  src/sys/conf/newvers.sh                                  1.44.2.32.2.13
+  src/contrib/cvs/lib/xsize.h                                 1.1.1.1.8.1
+  src/contrib/cvs/src/commit.c                                1.8.2.5.4.1
+  src/contrib/cvs/src/cvs.h                                  1.11.2.6.4.1
+  src/contrib/cvs/src/filesubr.c                              1.6.2.4.4.1
+  src/contrib/cvs/src/history.c                           1.1.1.6.2.4.4.1
+  src/contrib/cvs/src/modules.c                           1.1.1.5.2.3.4.2
+  src/contrib/cvs/src/server.c                               1.13.2.5.4.3
+  src/contrib/cvs/src/wrapper.c                           1.1.1.7.2.3.4.1
+  src/gnu/usr.bin/cvs/lib/config.h.proto                     1.16.2.1.4.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.28
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.26
+  src/contrib/cvs/lib/xsize.h                                1.1.1.1.10.1
+  src/contrib/cvs/src/commit.c                                1.8.2.5.2.1
+  src/contrib/cvs/src/cvs.h                                  1.11.2.6.2.1
+  src/contrib/cvs/src/filesubr.c                              1.6.2.4.2.1
+  src/contrib/cvs/src/history.c                           1.1.1.6.2.4.2.1
+  src/contrib/cvs/src/modules.c                           1.1.1.5.2.3.2.2
+  src/contrib/cvs/src/server.c                               1.13.2.5.2.3
+  src/contrib/cvs/src/wrapper.c                           1.1.1.7.2.3.2.1
+  src/gnu/usr.bin/cvs/lib/config.h.proto                     1.16.2.1.2.1
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.18
+  src/sys/conf/newvers.sh                                       1.56.2.17
+  src/contrib/cvs/lib/xsize.h                                1.1.1.1.12.1
+  src/contrib/cvs/src/commit.c                                   1.13.4.1
+  src/contrib/cvs/src/cvs.h                                      1.17.4.1
+  src/contrib/cvs/src/filesubr.c                                 1.10.6.1
+  src/contrib/cvs/src/history.c                              1.1.1.10.6.1
+  src/contrib/cvs/src/modules.c                               1.1.1.8.6.3
+  src/contrib/cvs/src/server.c                                   1.19.4.4
+  src/contrib/cvs/src/wrapper.c                              1.1.1.10.6.1
+  src/gnu/usr.bin/cvs/lib/config.h.proto                         1.17.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL: http://security.e-matters.de/advisories/092004.html >
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.5 (FreeBSD)
+
+iD8DBQFBTterFdaIBMps37IRAlkjAJ9jZ40PME0gr8b6DyS+h6zVHCxGTgCfdJN/
+JiKgPD2YDy378kBO3hYd8Ao=
+=qzxJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:15.syscons.asc b/share/security/advisories/FreeBSD-SA-04:15.syscons.asc
new file mode 100644
index 0000000000..cb54813d6a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:15.syscons.asc
@@ -0,0 +1,104 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:15.syscons                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Boundary checking errors in syscons
+
+Category:       core
+Module:         sys_dev_syscons
+Announced:      2004-10-04
+Credits:        Christer Oberg
+Affects:        FreeBSD 5.x releases
+Corrected:      2004-09-30 17:49:15 UTC (RELENG_5, 5.3-BETA6)
+                2004-10-04 17:04:25 UTC (RELENG_5_2, 5.2.1-RELEASE-p11)
+CVE Name:       CAN-2004-0919
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+syscons(4) is the default console driver for FreeBSD.  Using the
+physical keyboard and screen, it provides multiple virtual terminals
+which appear as if they were separate terminals.  One virtual terminal
+is considered current and exclusively occupies the screen and the
+keyboard; the other virtual terminals are placed in the background.
+
+II.  Problem Description
+
+The syscons CONS_SCRSHOT ioctl(2) does insufficient validation of
+its input arguments.  In particular, negative coordinates or large
+coordinates may cause unexpected behavior.
+
+III. Impact
+
+It may be possible to cause the CONS_SCRSHOT ioctl to return portions of
+kernel memory.  Such memory might contain sensitive information, such as
+portions of the file cache or terminal buffers.  This information might
+be directly useful, or it might be leveraged to obtain elevated
+privileges in some way.  For example, a terminal buffer might include a
+user-entered password.
+
+IV.  Workaround
+
+There is no known workaround.  However, this bug is only exploitable
+by users who have access to the physical console or can otherwise open
+a /dev/ttyv* device node.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to the RELENG_5_2 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.2
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:15/syscons.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:15/syscons.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.19
+  src/sys/conf/newvers.sh                                       1.56.2.18
+  src/sys/dev/syscons/syscons.c                                 1.409.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+<URL:http://cvsweb.freebsd.org/src/sys/dev/syscons/syscons.c.diff?r1=1.428&r2=1.429>
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.6 (FreeBSD)
+
+iD8DBQFBYYMTFdaIBMps37IRAuNbAJ4jbPnqo3vvEeD33ItW09r3zAuh5QCghq5v
+SN4Y+OCpzJ7Szy3s++slzeQ=
+=FlYi
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:16.fetch.asc b/share/security/advisories/FreeBSD-SA-04:16.fetch.asc
new file mode 100644
index 0000000000..96c9fe53c4
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:16.fetch.asc
@@ -0,0 +1,158 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:16.fetch                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Overflow error in fetch
+
+Category:       core
+Module:         fetch
+Announced:      2004-11-18
+Credits:        Colin Percival
+Affects:        All FreeBSD versions.
+Corrected:      2004-11-18 12:02:13 UTC (RELENG_5, 5.3-STABLE)
+                2004-11-18 12:03:05 UTC (RELENG_5_3, 5.3-RELEASE-p1)
+                2004-11-18 12:04:29 UTC (RELENG_5_2, 5.2.1-RELEASE-p12)
+                2004-11-18 12:05:36 UTC (RELENG_5_1, 5.1-RELEASE-p18)
+                2004-11-18 12:05:50 UTC (RELENG_5_0, 5.0-RELEASE-p22)
+                2004-11-18 12:02:29 UTC (RELENG_4, 4.10-STABLE)
+                2004-11-18 12:06:06 UTC (RELENG_4_10, 4.10-RELEASE-p4)
+                2004-11-18 12:06:22 UTC (RELENG_4_9, 4.9-RELEASE-p13)
+                2004-11-18 12:06:36 UTC (RELENG_4_8, 4.8-RELEASE-p26)
+                2004-11-18 12:06:52 UTC (RELENG_4_7, 4.7-RELEASE-p28)
+CVE Name:       CAN-2004-1053
+FreeBSD only:   YES
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0  2004-11-18  Initial release.
+v1.1  2004-11-20  Added missing CVE name; removed empty references section.
+
+I.   Background
+
+The fetch(1) utility is a tool for fetching files via FTP, HTTP, and HTTPS.
+
+II.  Problem Description
+
+An integer overflow condition in the processing of HTTP headers can result
+in a buffer overflow.
+
+III. Impact
+
+A malicious server or CGI script can respond to an HTTP or HTTPS request in
+such a manner as to cause arbitrary portions of the client's memory to be
+overwritten, allowing for arbitrary code execution.
+
+IV.  Workaround
+
+There is no known workaround for the affected application, although
+the ftp(1) application in the FreeBSD base system, and several 
+applications in the FreeBSD Ports collection provide similar 
+functionality and could be used in place of fetch(1).
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated
+after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8, 4.10,
+5.2, and 5.3 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# ftp ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch
+# ftp ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:16/fetch.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.bin/fetch
+# make obj && make depend && make && make install
+
+3) IMPORTANT NOTE to users of FreeBSD Update:
+
+FreeBSD Update (security/freebsd-update in the FreeBSD Ports collection)
+is a binary security update system for the FreeBSD base system.  It is 
+not supported or endorsed by the FreeBSD Security team, but its author
+has requested that the following note be included in this advisory:
+
+  FreeBSD Update uses the fetch(1) utility for downloading security
+  updates to the FreeBSD base system.  While these updates are 
+  cryptographically signed, and FreeBSD Update is therefore immune from
+  most attacks, it is exposed to this vulnerability since the files
+  must be fetched before their integrity can be verified.
+
+  As a workaround, FreeBSD Update can be made to use the ftp(1) utility
+  for downloading updates as follows:
+
+  # sed -i.bak -e 's/fetch -qo/ftp -o/' /usr/local/sbin/freebsd-update
+  # freebsd-update fetch
+  # mv /usr/local/sbin/freebsd-update.bak /usr/local/sbin/freebsd-update
+  # freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/usr.bin/fetch/fetch.c                                     1.10.2.28
+RELENG_4_10
+  src/UPDATING                                              1.73.2.90.2.5
+  src/sys/conf/newvers.sh                                   1.44.2.34.2.6
+  src/usr.bin/fetch/fetch.c                                 1.10.2.23.2.1
+RELENG_4_9
+  src/UPDATING                                             1.73.2.89.2.14
+  src/sys/conf/newvers.sh                                  1.44.2.32.2.14
+  src/usr.bin/fetch/fetch.c                                 1.10.2.21.2.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.29
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.27
+  src/usr.bin/fetch/fetch.c                                 1.10.2.20.2.1
+RELENG_4_7
+  src/UPDATING                                             1.73.2.74.2.32
+  src/sys/conf/newvers.sh                                  1.44.2.26.2.30
+  src/usr.bin/fetch/fetch.c                                 1.10.2.18.2.1
+RELENG_5
+  src/usr.bin/fetch/fetch.c                                      1.72.2.2
+RELENG_5_3
+  src/UPDATING                                             1.342.2.13.2.4
+  src/sys/conf/newvers.sh                                   1.62.2.15.2.6
+  src/usr.bin/fetch/fetch.c                                  1.72.2.1.2.1
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.20
+  src/sys/conf/newvers.sh                                       1.56.2.19
+  src/usr.bin/fetch/fetch.c                                      1.62.4.1
+RELENG_5_1
+  src/UPDATING                                                 1.251.2.20
+  src/sys/conf/newvers.sh                                       1.50.2.20
+  src/usr.bin/fetch/fetch.c                                      1.62.2.1
+RELENG_5_0
+  src/UPDATING                                                 1.229.2.28
+  src/sys/conf/newvers.sh                                       1.48.2.23
+  src/usr.bin/fetch/fetch.c                                      1.58.2.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.6 (FreeBSD)
+
+iD8DBQFBn6qYFdaIBMps37IRAkOZAJ4+DJtAK+I8lEvskiiFH10UOQHTUACfVn46
+g/AoLZ0r9AI8zW/trV2RRO8=
+=HXQL
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-04:17.procfs.asc b/share/security/advisories/FreeBSD-SA-04:17.procfs.asc
new file mode 100644
index 0000000000..0042ad0a0f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-04:17.procfs.asc
@@ -0,0 +1,147 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-04:17.procfs                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Kernel memory disclosure in procfs and linprocfs
+
+Category:       core
+Module:         sys
+Announced:      2004-12-01
+Credits:        Bryan Fulton, Ted Unangst, and the SWAT analysis tool
+                Coverity, Inc.
+Affects:        All FreeBSD releases
+Corrected:      2004-12-01 21:33:35 UTC (RELENG_5, 5.3-STABLE)
+                2004-12-01 21:34:23 UTC (RELENG_5_3, 5.3-RELEASE-p2)
+                2004-12-01 21:34:43 UTC (RELENG_5_2, 5.2.1-RELEASE-p13)
+                2004-12-01 21:33:57 UTC (RELENG_4, 4.10-STABLE)
+                2004-12-01 21:35:10 UTC (RELENG_4_10, 4.10-RELEASE-p5)
+                2004-12-01 21:35:57 UTC (RELENG_4_8, 4.8-RELEASE-p27)
+CVE Name:       CAN-2004-1066
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The process file system, procfs(5), implements a view of the system
+process table inside the file system.  It is normally mounted on
+/proc, and is required for the complete operation of programs such as
+ps(1) and w(1).
+
+The Linux process file system, linprocfs(5), emulates a subset of
+Linux's process file system and is required for the complete operation
+of some Linux binaries.
+
+II.  Problem Description
+
+The implementation of the /proc/curproc/cmdline pseudofile in the procfs(5)
+file system on FreeBSD 4.x and 5.x, and of the /proc/self/cmdline
+pseudofile in the linprocfs(5) file system on FreeBSD 5.x reads a process'
+argument vector from the process address space.  During this operation,
+a pointer was dereferenced directly without the necessary validation
+steps being performed.
+
+III. Impact
+
+A malicious local user could perform a local denial of service attack by
+causing a system panic; or he could read parts of kernel memory.  Such
+memory might contain sensitive information, such as portions of the file
+cache or terminal buffers.  This information might be directly useful, or
+it might be leveraged to obtain elevated privileges in some way.  For
+example, a terminal buffer might contain a user-entered password.
+
+FreeBSD 4.x does not implement the /proc/self/cmdline pseudofile in
+its linprocfs(5) file system, and is therefore only affected if the
+procfs(5) file system is mounted.
+
+In its default configuration, FreeBSD 5.x does not utilize procfs(5)
+or linprocfs(5) and will therefore be unaffected by this vulnerability
+unless the configuration is changed.
+
+IV.  Workaround
+
+Unmount the procfs and linprocfs file systems if they are mounted.
+Execute the following command as root:
+
+  umount -A -t procfs,linprocfs
+
+Also, remove or comment out any lines in fstab(5) that reference
+`procfs' or `linprocfs', so that they will not be re-mounted at next
+reboot.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_3, RELENG_5_2, RELENG_4_10, or RELENG_4_8 security branch dated
+after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8, 4.10,
+5.2, and 5.3 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs4.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs4.patch.asc
+
+[FreeBSD 5.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs5.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-04:17/procfs5.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/miscfs/procfs/procfs_status.c                          1.20.2.6
+RELENG_4_10
+  src/UPDATING                                              1.73.2.90.2.6
+  src/sys/conf/newvers.sh                                   1.44.2.34.2.7
+  src/sys/miscfs/procfs/procfs_status.c                      1.20.2.5.4.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.30
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.28
+  src/sys/miscfs/procfs/procfs_status.c                      1.20.2.4.8.2
+RELENG_5
+  src/sys/compat/linprocfs/linprocfs.c                           1.84.2.1
+  src/sys/fs/procfs/procfs_status.c                              1.52.2.1
+RELENG_5_3
+  src/UPDATING                                             1.342.2.13.2.5
+  src/sys/compat/linprocfs/linprocfs.c                           1.84.4.1
+  src/sys/conf/newvers.sh                                   1.62.2.15.2.7
+  src/sys/fs/procfs/procfs_status.c                              1.52.4.1
+RELENG_5_2
+  src/UPDATING                                                 1.282.2.21
+  src/sys/compat/linprocfs/linprocfs.c                           1.78.2.1
+  src/sys/conf/newvers.sh                                       1.56.2.20
+  src/sys/fs/procfs/procfs_status.c                              1.49.2.1
+- -------------------------------------------------------------------------
+-----BEGIN PGP SIGNATURE-----
+
+iD8DBQFBrlpUFdaIBMps37IRAkqSAJ9bJt5VXd0g+OpZq76O84LGEtw3HgCfayws
+iuc0B5+J0K67LvDIUA6+wck=
+=2l7f
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:01.telnet.asc b/share/security/advisories/FreeBSD-SA-05:01.telnet.asc
new file mode 100644
index 0000000000..c5155609d4
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:01.telnet.asc
@@ -0,0 +1,142 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:01.telnet                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          telnet client buffer overflows
+
+Category:       contrib
+Module:         contrib/telnet
+Announced:      2005-03-28
+Credits:        iDEFENSE
+Affects:        All FreeBSD releases prior to 5.4-RELEASE
+Corrected:      2005-03-28 15:50:00 UTC (RELENG_5, 5.4-PRERELEASE)
+                2005-03-28 15:48:00 UTC (RELENG_4, 4.11-STABLE)
+                2005-03-28 15:52:00 UTC (RELENG_5_3, 5.3-RELEASE-p6)
+                2005-03-28 15:57:00 UTC (RELENG_4_11, 4.11-RELEASE-p1)
+                2005-03-28 15:58:00 UTC (RELENG_4_10, 4.10-RELEASE-p6)
+                2005-03-28 16:00:00 UTC (RELENG_4_8, 4.8-RELEASE-p28)
+CVE Name:       CAN-2005-0468 CAN-2005-0469
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The telnet(1) command is a TELNET protocol client, used primarily to
+establish terminal sessions across a network.
+
+II.  Problem Description
+
+Buffer overflows were discovered in the env_opt_add() and
+slc_add_reply() functions of the telnet(1) command.  TELNET protocol
+commands, options, and data are copied from the network to a
+fixed-sized buffer.  In the case of env_opt_add (CAN-2005-0468), the
+buffer is located on the heap.  In the case of slc_add_reply
+(CAN-2005-0469), the buffer is global uninitialized data (BSS).
+
+III. Impact
+
+These buffer overflows may be triggered when connecting to a malicious
+server, or by an active attacker in the network path between the
+client and server.  Specially crafted TELNET command sequences may
+cause the execution of arbitrary code with the privileges of the user
+invoking telnet(1).
+
+IV.  Workaround
+
+Do not use telnet(1) to connect to untrusted machines or over an
+untrusted network.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_3, RELENG_4_11, RELENG_4_10, or RELENG_4_8 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8, 4.10,
+4.11, and 5.3 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet4.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet4.patch.asc
+
+[FreeBSD 5.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet5.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:01/telnet5.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Rebuild the operating system as described in
+<URL:http://www.freebsd.org/doc/handbook/makeworld.html>.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/heimdal/appl/telnet/telnet/telnet.c              1.1.1.1.2.4
+  src/crypto/kerberosIV/appl/telnet/telnet/telnet.c           1.1.1.1.2.1
+  src/crypto/telnet/telnet/telnet.c                               1.4.2.6
+  src/usr.bin/telnet/telnet.c                                     1.8.2.4
+RELENG_4_11
+  src/UPDATING                                              1.73.2.91.2.2
+  src/crypto/heimdal/appl/telnet/telnet/telnet.c         1.1.1.1.2.3.10.1
+  src/crypto/kerberosIV/appl/telnet/telnet/telnet.c          1.1.1.1.22.1
+  src/crypto/telnet/telnet/telnet.c                          1.4.2.5.12.1
+  src/sys/conf/newvers.sh                                   1.44.2.39.2.5
+  src/usr.bin/telnet/telnet.c                                1.8.2.3.12.1
+RELENG_4_10
+  src/UPDATING                                              1.73.2.90.2.7
+  src/crypto/heimdal/appl/telnet/telnet/telnet.c          1.1.1.1.2.3.8.1
+  src/crypto/kerberosIV/appl/telnet/telnet/telnet.c          1.1.1.1.20.1
+  src/crypto/telnet/telnet/telnet.c                          1.4.2.5.10.1
+  src/sys/conf/newvers.sh                                   1.44.2.34.2.8
+  src/usr.bin/telnet/telnet.c                                1.8.2.3.10.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.32
+  src/crypto/heimdal/appl/telnet/telnet/telnet.c          1.1.1.1.2.3.4.1
+  src/crypto/kerberosIV/appl/telnet/telnet/telnet.c          1.1.1.1.16.1
+  src/crypto/telnet/telnet/telnet.c                           1.4.2.5.6.1
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.29
+  src/usr.bin/telnet/telnet.c                                 1.8.2.3.6.1
+RELENG_5
+  src/contrib/telnet/telnet/telnet.c                             1.14.6.1
+RELENG_5_3
+  src/UPDATING                                             1.342.2.13.2.9
+  src/contrib/telnet/telnet/telnet.c                             1.14.8.1
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.11
+- -------------------------------------------------------------------------
+
+VII. References
+
+[IDEF0866] Multiple Telnet Client slc_add_reply() Buffer Overflow
+http://www.idefense.com/application/poi/display?id=220&type=vulnerabilities
+
+[IDEF0867] Multiple Telnet Client env_opt_add() Buffer Overflow
+http://www.idefense.com/application/poi/display?id=221&type=vulnerabilities
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0
+
+iD8DBQFCSECrFdaIBMps37IRAnRJAJ0VbP6TyaX7SLE2EwSrIYU25JSD9wCfYoe9
+Qg2Lw/6QFLOgYG1jPuzogEs=
+=0rFv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:02.sendfile.asc b/share/security/advisories/FreeBSD-SA-05:02.sendfile.asc
new file mode 100644
index 0000000000..2626045fd0
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:02.sendfile.asc
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:02.sendfile                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          sendfile kernel memory disclosure
+
+Category:       core
+Module:         sys_kern
+Announced:      2005-04-04
+Credits:        Sven Berkvens <sven@berkvens.net>
+                Marc Olzheim <zlo@zlo.nu>
+Affects:        All FreeBSD 4.x releases
+                All FreeBSD 5.x releases prior to 5.4-RELEASE
+Corrected:      2005-04-04 23:52:02 UTC (RELENG_5, 5.4-STABLE)
+                2005-04-04 23:52:35 UTC (RELENG_5_4, 5.4-RELEASE)
+                2005-04-04 23:53:24 UTC (RELENG_5_3, 5.3-RELEASE-p7)
+                2005-04-04 23:53:36 UTC (RELENG_4, 4.11-STABLE)
+                2005-04-04 23:53:56 UTC (RELENG_4_11, 4.11-RELEASE-p2)
+                2005-04-04 23:54:13 UTC (RELENG_4_10, 4.10-RELEASE-p7)
+                2005-04-04 23:54:33 UTC (RELENG_4_8, 4.8-RELEASE-p29)
+CVE Name:       CAN-2005-0708
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The sendfile(2) system call allows a server application (such as an HTTP
+or FTP server) to transmit the contents of a file over a network
+connection without first copying it to application memory.  High
+performance servers such as Apache and ftpd use sendfile.
+
+II.  Problem Description
+
+If the file being transmitted is truncated after the transfer has
+started but before it completes, sendfile(2) will transfer the contents
+of more or less random portions of kernel memory in lieu of the
+missing part of the file.
+
+III. Impact
+
+A local user could create a large file and truncate it while
+transferring it to himself, thus obtaining a copy of portions of system
+memory to which he would normally not have access.  Such memory might
+contain sensitive information, such as portions of the file cache or
+terminal buffers.  This information might be directly useful, or it 
+might be leveraged to obtain elevated privileges in some way.  For 
+example, a terminal buffer might include a user-entered password.
+
+IV.  Workaround
+
+No known workaround.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_3, RELENG_4_11, RELENG_4_10, or RELENG_4_8 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.8, 4.10,
+4.11, and 5.3 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_4.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_4.patch.asc
+
+[FreeBSD 5.3]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_5.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:02/sendfile_5.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/ufs/ffs/ffs_inode.c                                    1.56.2.6
+RELENG_4_11
+  src/UPDATING                                              1.73.2.91.2.3
+  src/sys/conf/newvers.sh                                   1.44.2.39.2.6
+  src/sys/ufs/ffs/ffs_inode.c                               1.56.2.5.12.1
+RELENG_4_10
+  src/UPDATING                                              1.73.2.90.2.8
+  src/sys/conf/newvers.sh                                   1.44.2.34.2.8
+  src/sys/ufs/ffs/ffs_inode.c                               1.56.2.5.10.1
+RELENG_4_8
+  src/UPDATING                                             1.73.2.80.2.33
+  src/sys/conf/newvers.sh                                  1.44.2.29.2.29
+  src/sys/ufs/ffs/ffs_inode.c                                1.56.2.5.6.1
+RELENG_5
+  src/sys/ufs/ffs/ffs_inode.c                                    1.93.2.2
+RELENG_5_4
+  src/UPDATING                                             1.342.2.24.2.1
+  src/sys/ufs/ffs/ffs_inode.c                                1.93.2.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.10
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.12
+  src/sys/ufs/ffs/ffs_inode.c                                    1.93.4.1
+- -------------------------------------------------------------------------
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/CERT/advisories/FreeBSD-SA-05:02.sendfile.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQFCUdSBFdaIBMps37IRAkJQAJ9jiw22zHygE8ui8ksl3T5jo12L6gCgkq5i
+CYhVGcVxiWOU9Yu1Muwi1Xw=
+=83NE
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:03.amd64.asc b/share/security/advisories/FreeBSD-SA-05:03.amd64.asc
new file mode 100644
index 0000000000..2b71af52bf
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:03.amd64.asc
@@ -0,0 +1,105 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:03.amd64                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          unprivileged hardware access on amd64
+
+Category:       core
+Module:         sys_amd64
+Announced:      2005-04-06
+Credits:        Jari Kirma
+Affects:        All FreeBSD/amd64 5.x releases prior to 5.4-RELEASE
+Corrected:      2005-04-06 01:05:51 UTC (RELENG_5, 5.4-STABLE)
+                2005-04-06 01:06:15 UTC (RELENG_5_4, 5.4-RELEASE)
+                2005-04-06 01:06:44 UTC (RELENG_5_3, 5.3-RELEASE-p8)
+CVE Name:       CAN-2005-1036
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The AMD64 architecture has two mechanisms for permitting processes to
+access hardware: Kernel code can access hardware directly by reason of
+its elevated privilege level, while user code can access a subset of
+hardware determined by a bitmap.
+
+II.  Problem Description
+
+The bitmap which determines which hardware can be accessed by unprivileged
+processes was not initialized properly.
+
+III. Impact
+
+Unprivileged users on amd64 systems can gain direct access to some
+hardware, allowing for denial of service, disclosure of sensitive
+information, or possible privilege escalation.
+
+IV.  Workaround
+
+No workaround is known for amd64 systems; other platforms are not
+affected by this issue.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE or to the RELENG_5_3
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+a) Download the patch from the location below, and verify the detached
+PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:03/amd64.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:03/amd64.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/amd64/amd64/machdep.c                                1.618.2.10
+  src/sys/amd64/amd64/mp_machdep.c                              1.242.2.8
+  src/sys/amd64/include/tss.h                                    1.16.2.1
+RELENG_5_4
+  src/UPDATING                                             1.342.2.24.2.2
+  src/sys/amd64/amd64/machdep.c                             1.618.2.9.2.1
+  src/sys/amd64/amd64/mp_machdep.c                          1.242.2.7.2.1
+  src/sys/amd64/include/tss.h                                    1.16.6.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.11
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.13
+  src/sys/amd64/amd64/machdep.c                             1.618.2.1.2.1
+  src/sys/amd64/amd64/mp_machdep.c                          1.242.2.2.2.1
+  src/sys/amd64/include/tss.h                                    1.16.4.1
+- -------------------------------------------------------------------------
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:03.amd64.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCdsQfFdaIBMps37IRAnIGAJ453F2kq8j86y2MDS0JqZ0JBS5+AwCbBU8t
+RPLxihOwLQuoTtKykfrgeBA=
+=UEL1
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:04.ifconf.asc b/share/security/advisories/FreeBSD-SA-05:04.ifconf.asc
new file mode 100644
index 0000000000..e32a03bcfc
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:04.ifconf.asc
@@ -0,0 +1,124 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:04.ifconf                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Kernel memory disclosure in ifconf()
+
+Category:       core
+Module:         sys_net
+Announced:      2005-04-15
+Credits:        Ilja van Sprundel
+Affects:        All FreeBSD 4.x releases
+                All FreeBSD 5.x releases prior to 5.4-RELEASE
+Corrected:      2005-04-15 01:51:44 UTC (RELENG_5, 5.4-STABLE)
+                2005-04-15 01:52:03 UTC (RELENG_5_4, 5.4-RELEASE)
+                2005-04-15 01:52:25 UTC (RELENG_5_3, 5.3-RELEASE-p9)
+                2005-04-15 01:52:40 UTC (RELENG_4, 4.11-STABLE)
+                2005-04-15 01:52:57 UTC (RELENG_4_11, 4.11-RELEASE-p3)
+                2005-04-15 01:53:14 UTC (RELENG_4_10, 4.10-RELEASE-p8)
+CVE Name:       CAN-2005-1126
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The SIOCGIFCONF ioctl allows a user process to ask the kernel to produce
+a list of the existing network interfaces and copy it into a buffer
+provided by the user process.
+
+II.  Problem Description
+
+In generating the list of network interfaces, the kernel writes into a
+portion of a buffer without first zeroing it.  As a result, the prior
+contents of the buffer will be disclosed to the calling process.
+
+III. Impact
+
+Up to 12 bytes of kernel memory may be disclosed to the user process.
+Such memory might contain sensitive information, such as portions of
+the file cache or terminal buffers.  This information might be directly
+useful, or it might be leveraged to obtain elevated privileges in some
+way.  For example, a terminal buffer might include a user-entered
+password.
+
+IV.  Workaround
+
+No known workaround.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10, 4.11,
+and 5.3 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf4.patch.asc
+
+[FreeBSD 5.3]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:04/ifconf5.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/net/if.c                                              1.85.2.29
+RELENG_4_11
+  src/UPDATING                                              1.73.2.91.2.4
+  src/sys/conf/newvers.sh                                   1.44.2.39.2.7
+  src/sys/net/if.c                                          1.85.2.28.2.1
+RELENG_4_10
+  src/UPDATING                                              1.73.2.90.2.9
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.10
+  src/sys/net/if.c                                          1.85.2.25.2.1
+RELENG_5
+  src/sys/net/if.c                                             1.199.2.15
+RELENG_5_4
+  src/UPDATING                                             1.342.2.24.2.3
+  src/sys/net/if.c                                         1.199.2.14.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.12
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.14
+  src/sys/net/if.c                                          1.199.2.7.2.3
+- -------------------------------------------------------------------------
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:04.ifconf.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCdsQnFdaIBMps37IRAqv+AJ4iFgJn+lud8kW+IPTuDe/fRNaKWwCeIMwY
+llpfOaeaHq82l+ndg0F3uUM=
+=NwqA
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:05.cvs.asc b/share/security/advisories/FreeBSD-SA-05:05.cvs.asc
new file mode 100644
index 0000000000..5572831db0
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:05.cvs.asc
@@ -0,0 +1,143 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:05.cvs                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple vulnerabilities in CVS
+
+Category:       contrib
+Module:         cvs
+Announced:      2005-04-22
+Credits:        Alen Zukich
+Affects:        All FreeBSD 4.x releases
+                All FreeBSD 5.x releases prior to 5.4-RELEASE
+Corrected:      2005-04-22 18:01:04 UTC (RELENG_5, 5.4-STABLE)
+                2005-04-22 18:03:18 UTC (RELENG_5_4, 5.4-RELEASE)
+                2005-04-22 18:07:10 UTC (RELENG_5_3, 5.3-RELEASE-p10)
+                2005-04-22 18:13:30 UTC (RELENG_4, 4.11-STABLE)
+                2005-04-22 18:17:22 UTC (RELENG_4_11, 4.11-RELEASE-p4)
+                2005-04-22 18:16:15 UTC (RELENG_4_10, 4.10-RELEASE-p9)
+CVE Name:       CAN-2005-0753
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The Concurrent Versions System (CVS) is a version control system.  It
+may be used to access a repository locally, or to access a `remote
+repository' using a number of different methods.  When accessing a
+remote repository, the target machine runs the CVS server to fulfill
+client requests.
+
+II.  Problem Description
+
+Multiple programming errors were found in CVS.  In one case, variable
+length strings are copied into a fixed length buffer without adequate
+checks being made; other errors include NULL pointer dereferences,
+possible use of uninitialized variables, and memory leaks.
+
+III. Impact
+
+CVS servers ("cvs server" or :pserver: modes) are affected by these
+problems.  The buffer overflow may potentially be exploited to execute
+arbitrary code on the CVS server, either in the context of the
+authenticated user or in the context of the CVS server, depending on
+the access method used.  The other errors may lead to a denial of
+service.
+
+IV.  Workaround
+
+No workaround is available for cvs servers; cvs clients are unaffected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, and 5.3 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.10]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs410.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs410.patch.asc
+
+[FreeBSD 4.11 and 5.3]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:05/cvs.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/cvs
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/cvs/src/login.c                                     1.3.2.6
+  src/contrib/cvs/src/patch.c                                 1.1.1.7.2.7
+  src/contrib/cvs/src/rcs.c                                      1.19.2.7
+RELENG_4_11
+  src/UPDATING                                              1.73.2.91.2.5
+  src/sys/conf/newvers.sh                                   1.44.2.39.2.8
+  src/contrib/cvs/src/login.c                                 1.3.2.5.2.1
+  src/contrib/cvs/src/patch.c                             1.1.1.7.2.6.2.1
+  src/contrib/cvs/src/rcs.c                                  1.19.2.6.2.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.10
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.11
+  src/contrib/cvs/src/login.c                                 1.3.2.4.6.1
+  src/contrib/cvs/src/patch.c                             1.1.1.7.2.5.6.1
+  src/contrib/cvs/src/rcs.c                                  1.19.2.5.6.1
+RELENG_5
+  src/contrib/cvs/src/login.c                                     1.8.2.1
+  src/contrib/cvs/src/patch.c                                1.1.1.13.2.1
+  src/contrib/cvs/src/rcs.c                                      1.27.2.1
+RELENG_5_4
+  src/UPDATING                                             1.342.2.24.2.4
+  src/contrib/cvs/src/login.c                                     1.8.6.1
+  src/contrib/cvs/src/patch.c                                1.1.1.13.6.1
+  src/contrib/cvs/src/rcs.c                                      1.27.6.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.13
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.15
+  src/contrib/cvs/src/login.c                                     1.8.4.1
+  src/contrib/cvs/src/patch.c                                1.1.1.13.4.1
+  src/contrib/cvs/src/rcs.c                                      1.27.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0753
+http://secunia.com/advisories/14976/
+http://xforce.iss.net/xforce/xfdb/20148
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:05.cvs.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQFCaUaaFdaIBMps37IRAvkoAJ47xsv+CGE12jJxGRMZrS8nFgx9XQCfVs5W
+ZqGIq4p/ylx2yUZvZTjh34o=
+=ldk9
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:06.iir.asc b/share/security/advisories/FreeBSD-SA-05:06.iir.asc
new file mode 100644
index 0000000000..a0b793fb00
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:06.iir.asc
@@ -0,0 +1,138 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:06.iir                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Incorrect permissions on /dev/iir
+
+Category:       core
+Module:         sys_dev
+Announced:      2005-05-06
+Credits:        Christian S.J. Peron
+                Andre Guibert de Bruet
+Affects:        All FreeBSD 4.x releases since 4.6-RELEASE
+                All FreeBSD 5.x releases prior to 5.4-RELEASE
+Corrected:      2005-05-06 02:33:46 UTC (RELENG_5, 5.4-STABLE)
+                2005-05-06 02:34:18 UTC (RELENG_5_4, 5.4-RELEASE)
+                2005-05-06 02:34:01 UTC (RELENG_5_3, 5.3-RELEASE-p11)
+                2005-05-06 02:32:54 UTC (RELENG_4, 4.11-STABLE)
+                2005-05-06 02:33:28 UTC (RELENG_4_11, 4.11-RELEASE-p5)
+                2005-05-06 02:33:12 UTC (RELENG_4_10, 4.10-RELEASE-p10)
+CVE Name:       CAN-2005-1399
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0 2005-05-06  Initial release.
+v1.1 2005-05-07  Updated credits to include Andre Guibert de Bruet, who
+                 was inadvertantly omitted from the original advisory.
+
+I.   Background
+
+The iir(4) driver provides support for the Intel Integrated RAID
+controllers and ICP Vortex RAID controllers.
+
+II.  Problem Description
+
+The default permissions on the /dev/iir device node allow unprivileged
+local users to open the device and execute ioctl calls.
+
+III. Impact
+
+Unprivileged local users can send commands to the hardware supported by
+the iir(4) driver, allowing destruction of data and possible disclosure
+of data.
+
+IV.  Workaround
+
+Systems without hardware supported by the iir(4) driver are not affected
+by this issue.  On systems which are affected, as a workaround, the
+permissions on /dev/iir can be changed manually.
+
+As root, execute the following command:
+
+# chmod 0600 /dev/iir*
+
+On 5.x, the following commands are also needed to ensure that the
+correct permissions are used after rebooting.
+
+# echo 'perm iir* 0600' >> /etc/devfs.conf
+# echo 'devfs_enable="YES"' >> /etc/rc.conf
+
+If the administrator has created additional device nodes, or mounted
+additional instances of devfs(5) elsewhere in the file system name
+space, attention should be paid to ensure that either the iir device
+node is not visible in those name spaces, or is similarly protected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after
+the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, and 5.3 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:06/iir.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/dev/iir/iir_ctrl.c                                      1.2.2.5
+RELENG_4_11
+  src/UPDATING                                              1.73.2.91.2.6
+  src/sys/conf/newvers.sh                                   1.44.2.39.2.9
+  src/sys/dev/iir/iir_ctrl.c                                 1.2.2.4.12.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.11
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.12
+  src/sys/dev/iir/iir_ctrl.c                                 1.2.2.4.10.1
+RELENG_5
+  src/sys/dev/iir/iir_ctrl.c                                     1.15.2.2
+RELENG_5_4
+  src/UPDATING                                             1.342.2.24.2.5
+  src/sys/dev/iir/iir_ctrl.c                                 1.15.2.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.14
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.16
+  src/sys/dev/iir/iir_ctrl.c                                     1.15.4.1
+- -------------------------------------------------------------------------
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:06.iir.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCfEXyFdaIBMps37IRAu6WAJ9qBjsIfH7GGPRiHsvXwlkuau5kswCfXhan
+YhoUBZ4gHuIXJFM1gOEAyVk=
+=zRAR
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:07.ldt.asc b/share/security/advisories/FreeBSD-SA-05:07.ldt.asc
new file mode 100644
index 0000000000..6f413c334e
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:07.ldt.asc
@@ -0,0 +1,125 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:07.ldt                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Local kernel memory disclosure in i386_get_ldt
+
+Category:       core
+Module:         sys_i386
+Announced:      2005-05-06
+Credits:        Christer Oberg
+Affects:        All FreeBSD/i386 4.x releases since 4.7-RELEASE
+                All FreeBSD/i386 5.x and FreeBSD/amd64 5.x releases
+                prior to 5.4-RELEASE
+Corrected:      2005-05-06 02:40:19 UTC (RELENG_5, 5.4-STABLE)
+                2005-05-06 02:40:49 UTC (RELENG_5_4, 5.4-RELEASE)
+                2005-05-06 02:40:32 UTC (RELENG_5_3, 5.3-RELEASE-p12)
+                2005-05-06 02:39:35 UTC (RELENG_4, 4.11-STABLE)
+                2005-05-06 02:40:05 UTC (RELENG_4_11, 4.11-RELEASE-p6)
+                2005-05-06 02:39:52 UTC (RELENG_4_10, 4.10-RELEASE-p11)
+CVE Name:       CAN-2005-1400
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The i386_get_ldt(2) system call allows a process to request that a
+portion of its Local Descriptor Table be copied from the kernel into
+userland.
+
+II.  Problem Description
+
+The i386_get_ldt(2) syscall performs insufficient validation of its
+input arguments.  In particular, negative or very large values may
+allow inappropriate data to be copied from the kernel.
+
+III. Impact
+
+Kernel memory may be disclosed to the user process.  Such memory might
+contain sensitive information, such as portions of the file cache or
+terminal buffers.  This information might be directly useful, or it
+might be leveraged to obtain elevated privileges in some way.  For
+example, a terminal buffer might include a user-entered password.
+
+IV.  Workaround
+
+No workaround is known for i386 and amd64 systems; other platforms are
+not affected by this issue.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after
+the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, and 5.3 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt4.patch.asc
+
+[FreeBSD 5.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:07/ldt5.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/i386/i386/sys_machdep.c                                1.47.2.4
+RELENG_4_11
+  src/UPDATING                                              1.73.2.91.2.7
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.10
+  src/sys/i386/i386/sys_machdep.c                            1.47.2.3.8.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.12
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.13
+  src/sys/i386/i386/sys_machdep.c                            1.47.2.3.6.1
+RELENG_5
+  src/sys/i386/i386/sys_machdep.c                                1.92.2.3
+RELENG_5_4
+  src/UPDATING                                             1.342.2.24.2.6
+  src/sys/i386/i386/sys_machdep.c                            1.92.2.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.15
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.17
+  src/sys/i386/i386/sys_machdep.c                                1.92.4.1
+- -------------------------------------------------------------------------
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCetz/FdaIBMps37IRAsGyAJ0e/186b85KV2w0iqXy+eZe4aoGMwCfSlRm
+TqqVUL/yrYbXxlyzJZNEjPs=
+=/YXX
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:08.kmem.asc b/share/security/advisories/FreeBSD-SA-05:08.kmem.asc
new file mode 100644
index 0000000000..943c49ec15
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:08.kmem.asc
@@ -0,0 +1,168 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:08.kmem                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Local kernel memory disclosure
+
+Category:       core
+Module:         sys
+Announced:      2005-05-06
+Credits:        Christian S.J. Peron
+                Uwe Doering
+Affects:        All FreeBSD releases prior to 5.4-RELEASE
+Corrected:      2005-05-08 10:19:37 UTC (RELENG_5, 5.4-STABLE)
+                2005-05-07 03:58:26 UTC (RELENG_5_4, 5.4-RELEASE)
+                2005-05-08 10:23:52 UTC (RELENG_5_3, 5.3-RELEASE-p14)
+                2005-05-08 10:26:42 UTC (RELENG_4, 4.11-STABLE)
+                2005-05-08 10:29:54 UTC (RELENG_4_11, 4.11-RELEASE-p8)
+                2005-05-08 10:35:56 UTC (RELENG_4_10, 4.10-RELEASE-p13)
+CVE Name:       CAN-2005-1406
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0 2005-05-06  Initial release.
+v1.1 2005-05-07  Updated patch to include related issues reported by
+                 Uwe Doering.
+
+I.   Background
+
+In many parts of the FreeBSD kernel, names (of mount points, devices,
+files, etc.) are manipulated as NULL-terminated strings, but are provided
+to applications within fixed-length buffers.
+
+II.  Problem Description
+
+In several places, variable-length strings were copied into fixed-length
+buffers without zeroing the unused portion of the buffer.
+
+III. Impact
+
+The previous contents of part of the fixed-length buffers will be
+disclosed to applications.  Such memory might contain sensitive
+information, such as portions of the file cache or terminal buffers.
+This information might be directly useful, or it might be leveraged to
+obtain elevated privileges in some way.  For example, a terminal buffer
+might include a user-entered password.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch dated after
+the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, and 5.3 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4x.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem4x.patch.asc
+
+[FreeBSD 5.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5x.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:08/kmem5x.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/kern/uipc_usrreq.c                                    1.54.2.11
+  src/sys/kern/vfs_subr.c                                      1.249.2.32
+  src/sys/net/if_mib.c                                            1.8.2.3
+  src/sys/netinet/ip_divert.c                                    1.42.2.8
+  src/sys/netinet/raw_ip.c                                      1.64.2.20
+  src/sys/netinet/tcp_subr.c                                    1.73.2.34
+  src/sys/netinet/udp_usrreq.c                                  1.64.2.20
+RELENG_4_11
+  src/UPDATING                                              1.72.2.91.2.9
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.12
+  src/sys/kern/uipc_usrreq.c                                1.54.2.10.8.1
+  src/sys/kern/vfs_subr.c                                  1.249.2.31.6.1
+  src/sys/net/if_mib.c                                        1.8.2.2.2.1
+  src/sys/netinet/ip_divert.c                                1.42.2.7.2.1
+  src/sys/netinet/raw_ip.c                                  1.64.2.19.2.1
+  src/sys/netinet/tcp_subr.c                                1.73.2.33.4.1
+  src/sys/netinet/udp_usrreq.c                              1.64.2.19.6.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.14
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.15
+  src/sys/kern/uipc_usrreq.c                                1.54.2.10.6.1
+  src/sys/kern/vfs_subr.c                                  1.249.2.31.4.1
+  src/sys/net/if_mib.c                                       1.8.2.1.16.2
+  src/sys/netinet/ip_divert.c                                1.42.2.6.6.1
+  src/sys/netinet/raw_ip.c                                  1.64.2.18.4.1
+  src/sys/netinet/tcp_subr.c                                1.73.2.33.2.1
+  src/sys/netinet/udp_usrreq.c                              1.64.2.19.4.1
+RELENG_5
+  src/sys/kern/subr_bus.c                                       1.156.2.7
+  src/sys/kern/uipc_usrreq.c                                   1.138.2.14
+  src/sys/kern/vfs_subr.c                                       1.522.2.5
+  src/sys/net/if_mib.c                                           1.13.4.2
+  src/sys/netinet/ip_divert.c                                    1.98.2.3
+  src/sys/netinet/raw_ip.c                                      1.142.2.5
+  src/sys/netinet/tcp_subr.c                                   1.201.2.18
+  src/sys/netinet/udp_usrreq.c                                  1.162.2.8
+RELENG_5_4
+  src/UPDATING                                             1.342.2.24.2.9
+  src/sys/kern/subr_bus.c                                   1.156.2.5.2.1
+  src/sys/kern/uipc_usrreq.c                               1.138.2.13.2.1
+  src/sys/kern/vfs_subr.c                                   1.522.2.4.2.1
+  src/sys/net/if_mib.c                                       1.13.4.1.2.1
+  src/sys/netinet/ip_divert.c                                1.98.2.2.2.1
+  src/sys/netinet/raw_ip.c                                  1.142.2.4.2.1
+  src/sys/netinet/tcp_subr.c                               1.201.2.15.2.1
+  src/sys/netinet/udp_usrreq.c                              1.162.2.7.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.17
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.19
+  src/sys/kern/subr_bus.c                                   1.156.2.2.2.1
+  src/sys/kern/uipc_usrreq.c                                1.138.2.2.2.2
+  src/sys/kern/vfs_subr.c                                   1.522.2.1.2.1
+  src/sys/net/if_mib.c                                           1.13.6.1
+  src/sys/netinet/ip_divert.c                                    1.98.4.1
+  src/sys/netinet/raw_ip.c                                  1.142.2.2.2.1
+  src/sys/netinet/tcp_subr.c                                1.201.2.1.2.2
+  src/sys/netinet/udp_usrreq.c                              1.162.2.3.2.1
+- -------------------------------------------------------------------------
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:08.kmem.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCfe9TFdaIBMps37IRAoANAJ9SvXgbD8c2Pw4akOWba95PklG1NgCeOPce
+Ib7DiBQuu7LR2ZG70BP+eKQ=
+=8wrv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:09.htt.asc b/share/security/advisories/FreeBSD-SA-05:09.htt.asc
new file mode 100644
index 0000000000..4f7170389f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:09.htt.asc
@@ -0,0 +1,178 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:09.htt                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          information disclosure when using HTT
+
+Category:       core
+Module:         sys
+Announced:      2005-05-13
+Revised:        2005-05-13
+Credits:        Colin Percival
+Affects:        All FreeBSD/i386 and FreeBSD/amd64 releases.
+Corrected:      2005-05-13 00:13:00 UTC (RELENG_5, 5.4-STABLE)
+                2005-05-13 00:13:00 UTC (RELENG_5_4, 5.4-RELEASE-p1)
+                2005-05-13 00:13:00 UTC (RELENG_5_3, 5.3-RELEASE-p15)
+                2005-05-13 00:13:00 UTC (RELENG_4, 4.11-STABLE)
+                2005-05-13 00:13:00 UTC (RELENG_4_11, 4.11-RELEASE-p9)
+                2005-05-13 00:13:00 UTC (RELENG_4_10, 4.10-RELEASE-p14)
+CVE Name:       CAN-2005-0109
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0 2005-05-13  Initial release.
+v1.1 2005-05-13  Additional details.
+
+I.   Background
+
+Sharing the execution resources of a superscalar processor between
+multiple execution threads is referred to as "simultaneous
+multithreading".  "Hyper-Threading Technology" or HTT is the name used
+for the implementation of simultaneous multithreading on Intel Pentium
+4, Mobile Pentium 4, and Xeon processors.  HTT involves sharing
+certain CPU resources between multiple threads, including memory
+caches.  FreeBSD supports HTT when using a kernel compiled with
+the SMP option.
+
+II.  Problem Description
+
+When running on processors supporting Hyper-Threading Technology, it is
+possible for a malicious thread to monitor the execution of another
+thread.
+
+NOTE:  Similar problems may exist in other simultaneous multithreading
+implementations, or even some systems in the absence of simultaneous
+multithreading.  However, current research has only demonstrated this
+flaw in Hyper-Threading Technology, where shared memory caches are used.
+
+III. Impact
+
+Information may be disclosed to local users, allowing in many cases for
+privilege escalation.  For example, on a multi-user system, it may be
+possible to steal cryptographic keys used in applications such as OpenSSH
+or SSL-enabled web servers.
+
+IV.  Workaround
+
+Systems not using processors with Hyper-Threading Technology support are
+not affected by this issue.  On systems which are affected, the security
+flaw can be eliminated by setting the "machdep.hlt_logical_cpus" tunable:
+
+# echo "machdep.hlt_logical_cpus=1" >> /boot/loader.conf
+
+The system must be rebooted in order for tunables to take effect.
+
+Use of this workaround is not recommended on "dual-core" systems, as
+this workaround will also disable one of the processor cores.
+
+V.   Solution
+
+Disable Hyper-Threading Technology on processors that support it.
+
+NOTE:  It is expected that future work in cryptographic libraries and
+operating system schedulers may remedy this problem for many or most
+users, without necessitating the disabling of Hyper-Threading
+Technology.  Future advisories will address individual cases.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, and 5.4 systems.
+
+a) Download the relevant patch from the location below and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.10]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt410.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt410.patch.asc
+
+[FreeBSD 4.11]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt411.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt411.patch.asc
+
+[FreeBSD 5.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt5.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:09/htt5.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+NOTE:  For users that are certain that their environment is not affected
+by this vulnerability, such as single-user systems, Hyper-Threading
+Technology may be re-enabled by setting the tunable
+"machdep.hyperthreading_allowed".
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/i386/i386/mp_machdep.c                               1.115.2.23
+  src/sys/i386/include/cpufunc.h                                 1.96.2.4
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.10
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.13
+  src/sys/i386/i386/mp_machdep.c                           1.115.2.22.2.1
+  src/sys/i386/include/cpufunc.h                            1.96.2.3.12.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.15
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.16
+  src/sys/i386/i386/mp_machdep.c                           1.115.2.20.2.1
+  src/sys/i386/include/cpufunc.h                            1.96.2.3.10.1
+RELENG_5
+  src/sys/amd64/amd64/mp_machdep.c                             1.242.2.11
+  src/sys/amd64/include/cpufunc.h                               1.145.2.1
+  src/sys/i386/i386/mp_machdep.c                               1.235.2.10
+  src/sys/i386/include/cpufunc.h                                1.142.2.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.10
+  src/sys/amd64/amd64/mp_machdep.c                          1.242.2.7.2.4
+  src/sys/amd64/include/cpufunc.h                               1.145.6.1
+  src/sys/conf/newvers.sh                                   1.62.2.18.2.6
+  src/sys/i386/i386/mp_machdep.c                            1.235.2.6.2.3
+  src/sys/i386/include/cpufunc.h                                1.142.6.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.18
+  src/sys/amd64/amd64/mp_machdep.c                          1.242.2.2.2.2
+  src/sys/amd64/include/cpufunc.h                               1.145.4.1
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.20
+  src/sys/i386/i386/mp_machdep.c                            1.235.2.3.2.2
+  src/sys/i386/include/cpufunc.h                                1.142.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.daemonology.net/hyperthreading-considered-harmful/
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:09.htt.asc
+-----BEGIN PGP SIGNATURE-----
+
+iD8DBQFChJA4FdaIBMps37IRAo8nAJ9w7xtIF0atnxiKDhFOpBXEZQDtZQCghWdM
+qc5lGST7l+iJEYN/7zTNUPY=
+=WqEa
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:10.tcpdump.asc b/share/security/advisories/FreeBSD-SA-05:10.tcpdump.asc
new file mode 100644
index 0000000000..ea6bb178e1
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:10.tcpdump.asc
@@ -0,0 +1,116 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:10.tcpdump                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Infinite loops in tcpdump protocol decoding
+
+Category:       contrib
+Module:         tcpdump
+Announced:      2005-06-09
+Credits:        "Vade 79", Simon L. Nielsen
+Affects:        FreeBSD 5.3-RELEASE and FreeBSD 5.4-RELEASE
+Corrected:      2005-06-08 21:26:27 UTC (RELENG_5, 5.4-STABLE)
+                2005-06-08 21:27:44 UTC (RELENG_5_4, 5.4-RELEASE-p2)
+                2005-06-08 21:29:15 UTC (RELENG_5_3, 5.3-RELEASE-p16)
+CVE Name:       CAN-2005-1267, CAN-2005-1278, CAN-2005-1279, CAN-2005-1280
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The tcpdump utility is used to capture and examine network traffic.
+
+II.  Problem Description
+
+Several tcpdump protocol decoders contain programming errors which can
+cause them to go into infinite loops.
+
+III. Impact
+
+An attacker can inject specially crafted packets into the network
+which, when processed by tcpdump, could lead to a denial-of-service.
+After the attack, tcpdump would no longer capture traffic, and would
+potentially use all available processor time.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4
+or RELENG_5_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.3 and
+5.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:10/tcpdump.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:10/tcpdump.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/tcpdump/tcpdump
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/contrib/tcpdump/print-bgp.c                             1.1.1.5.2.1
+  src/contrib/tcpdump/print-isoclns.c                            1.12.2.1
+  src/contrib/tcpdump/print-ldp.c                             1.1.1.1.2.1
+  src/contrib/tcpdump/print-rsvp.c                            1.1.1.1.2.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.11
+  src/sys/conf/newvers.sh                                   1.62.2.18.2.7
+  src/contrib/tcpdump/print-bgp.c                             1.1.1.5.6.1
+  src/contrib/tcpdump/print-isoclns.c                            1.12.6.1
+  src/contrib/tcpdump/print-ldp.c                             1.1.1.1.6.1
+  src/contrib/tcpdump/print-rsvp.c                            1.1.1.1.6.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.19
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.21
+  src/contrib/tcpdump/print-bgp.c                             1.1.1.5.4.1
+  src/contrib/tcpdump/print-isoclns.c                            1.12.4.1
+  src/contrib/tcpdump/print-ldp.c                             1.1.1.1.4.1
+  src/contrib/tcpdump/print-rsvp.c                            1.1.1.1.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1267
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1278
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1279
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1280
+http://marc.theaimsgroup.com/?l=bugtraq&m=111454406222040
+http://marc.theaimsgroup.com/?l=bugtraq&m=111454461300644
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:10.tcpdump.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCqBbUFdaIBMps37IRAlxdAJ9AsT7o5k1woMpE3DlC+HBebZlLKACfYFjD
+0VOBWDzUFdR8IErJEYU2+9w=
+=1cKJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:11.gzip.asc b/share/security/advisories/FreeBSD-SA-05:11.gzip.asc
new file mode 100644
index 0000000000..6fd27161b3
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:11.gzip.asc
@@ -0,0 +1,132 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:11.gzip                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          gzip directory traversal and permission race vulnerabilities
+
+Category:       contrib
+Module:         gzip
+Announced:      2005-06-09
+Credits:        Ulf Harnhammar, Imran Ghory
+Affects:        All FreeBSD releases
+Corrected:      2005-06-08 21:26:27 UTC (RELENG_5, 5.4-STABLE)
+                2005-06-08 21:27:44 UTC (RELENG_5_4, 5.4-RELEASE-p2)
+                2005-06-08 21:29:15 UTC (RELENG_5_3, 5.3-RELEASE-p16)
+                2005-06-08 21:29:53 UTC (RELENG_4, 4.11-STABLE)
+                2005-06-08 21:30:43 UTC (RELENG_4_11, 4.11-RELEASE-p10)
+                2005-06-08 21:31:16 UTC (RELENG_4_10, 4.10-RELEASE-p15)
+CVE Name:       CAN-2005-0988, CAN-2005-1228
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+gzip is a file compression utility.
+
+II.  Problem Description
+
+Two problems related to extraction of files exist in gzip:
+
+The first problem is that gzip does not properly sanitize filenames
+containing "/" when uncompressing files using the -N command line
+option.
+
+The second problem is that gzip does not set permissions on newly
+extracted files until after the file has been created and the file
+descriptor has been closed.
+
+III. Impact
+
+The first problem can allow an attacker to overwrite arbitrary local
+files when uncompressing a file using the -N command line option.
+
+The second problem can allow a local attacker to change the
+permissions of arbitrary local files, on the same partition as the one
+the user is uncompressing a file on, by removing the file the user is
+uncompressing and replacing it with a hardlink before the uncompress
+operation is finished.
+
+IV.  Workaround
+
+Do not use the -N command line option on untrusted files and do not
+uncompress files in directories where untrusted users have write
+access.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, and 5.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:11/gzip.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:11/gzip.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/gzip
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/gnu/usr.bin/gzip/gzip.c                                    1.10.2.1
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.11
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.14
+  src/gnu/usr.bin/gzip/gzip.c                                   1.10.26.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.16
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.17
+  src/gnu/usr.bin/gzip/gzip.c                                   1.10.24.1
+RELENG_5
+  src/gnu/usr.bin/gzip/gzip.c                                    1.11.2.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.11
+  src/sys/conf/newvers.sh                                   1.62.2.18.2.7
+  src/gnu/usr.bin/gzip/gzip.c                                    1.11.6.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.19
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.21
+  src/gnu/usr.bin/gzip/gzip.c                                    1.11.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0988
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1228
+http://marc.theaimsgroup.com/?l=bugtraq&m=111271860708210
+http://marc.theaimsgroup.com/?l=bugtraq&m=111402732406477
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:11.gzip.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCqBbGFdaIBMps37IRAttLAJ41WPmKXczZAZgrBGBP1GorSM7E1gCfc8w9
+KFbns+zs2umrId0mCg1SjVk=
+=6MzW
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:12.bind9.asc b/share/security/advisories/FreeBSD-SA-05:12.bind9.asc
new file mode 100644
index 0000000000..e4bdd15a88
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:12.bind9.asc
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:12.bind9                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          BIND 9 DNSSEC remote denial of service vulnerability
+
+Category:       core
+Module:         bind9
+Announced:      2005-06-09
+Credits:        Internet Systems Consortium
+Affects:        FreeBSD 5.3
+Corrected:      2005-03-23 18:16:29 UTC (RELENG_5, 5.3-STABLE)
+                2005-06-08 21:29:15 UTC (RELENG_5_3, 5.3-RELEASE-p16)
+CVE Name:       CAN-2005-0034
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is the Internet domain name server.  DNS Security
+Extensions (DNSSEC) are additional protocol options that add
+authentication and integrity to the DNS protocols.
+
+DNSSEC is not enabled by default in any FreeBSD release.  A system
+administrator must take special action to enable DNSSEC.
+
+II.  Problem Description
+
+A DNSSEC-related validator function in BIND 9.3.0 contains an
+inappropriate internal consistency test.  When this test is triggered,
+named(8) will exit.
+
+III. Impact
+
+On systems with DNSSEC enabled, a remote attacker may be able to inject
+a specially crafted packet that will cause the internal consistency test
+to trigger, and named(8) to terminate.  As a result, the name server
+will no longer be available to service requests.
+
+IV.  Workaround
+
+DNSSEC is not enabled by default, and the "dnssec-enable" directive is
+not normally present.  If DNSSEC has been enabled, disable it by
+changing the "dnssec-enable" directive to "dnssec-enable no;" in the
+named.conf(5) configuration file.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_3
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.3
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:12/bind9.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:12/bind9.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src/
+# patch < /path/to/patch
+# cd /usr/src/lib/bind
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/contrib/bind9/lib/dns/validator.c                       1.1.1.1.2.2
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.19
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.21
+  src/contrib/bind9/lib/dns/validator.c                   1.1.1.1.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0034
+http://www.kb.cert.org/vuls/id/938617
+http://www.isc.org/index.pl?/sw/bind/bind-security.php
+http://www.isc.org/index.pl?/sw/bind/bind9.php
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:12.bind9.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCqBbfFdaIBMps37IRAiphAKCG8CX6eNFMNQYhahAER4gFVFc54wCfRZye
+2C6LIcrq47xn5SRRV3T9ZL4=
+=gFcD
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:13.ipfw.asc b/share/security/advisories/FreeBSD-SA-05:13.ipfw.asc
new file mode 100644
index 0000000000..60ebb7dd86
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:13.ipfw.asc
@@ -0,0 +1,117 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:13.ipfw                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          ipfw packet matching errors with address tables
+
+Category:       core
+Module:         netinet
+Announced:      2005-06-29
+Credits:        Max Laier
+Affects:        FreeBSD 5.4-RELEASE
+Corrected:      2005-06-29 21:38:48 UTC (RELENG_5, 5.4-STABLE)
+                2005-06-29 21:41:03 UTC (RELENG_5_4, 5.4-RELEASE-p3)
+CVE Name:       CAN-2005-2019
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+ipfw(8) is a system facility which allows IP packet filtering,
+redirecting, and traffic accounting.  ipfw lookup tables are a way to
+specify many IP addresses which can be used for packet matching in an
+efficient manner.
+
+II.  Problem Description
+
+The ipfw tables lookup code caches the result of the last query.  The
+kernel may process multiple packets concurrently, performing several
+concurrent table lookups.  Due to an insufficient locking, a cached
+result can become corrupted that could cause some addresses to be
+incorrectly matched against a lookup table.
+
+III. Impact
+
+When lookup tables are used with ipfw, packets may on very rare
+occasions incorrectly match a lookup table.  This could result in a
+packet being treated contrary to the defined packet filtering ruleset.
+For example, a packet may be allowed to pass through when it should
+have been discarded.
+
+The problem can only occur on Symmetric Multi-Processor (SMP) systems,
+or on Uni Processor (UP) systems with the PREEMPTION kernel option
+enabled (not the default).
+
+IV.  Workaround
+
+a) Do not use lookup tables.
+
+OR
+
+b) Disable concurrent processing of packets in the network stack by
+   setting the "debug.mpsafenet=0" tunable:
+
+   # echo "debug.mpsafenet=0" >> /boot/loader.conf
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.4
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:13/ipfw.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:13/ipfw.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/netinet/ip_fw2.c                                      1.70.2.14
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.12
+  src/sys/conf/newvers.sh                                   1.62.2.18.2.8
+  src/sys/netinet/ip_fw2.c                                  1.70.2.10.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2019
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:13.ipfw.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCwxeeFdaIBMps37IRAkOAAJ0cCLsoqdUsfTfPNxocl1/TSORXnwCeIq0L
+wM2hw6x90lSyoEVYnxfAg2s=
+=khtV
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:14.bzip2.asc b/share/security/advisories/FreeBSD-SA-05:14.bzip2.asc
new file mode 100644
index 0000000000..4923cd4340
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:14.bzip2.asc
@@ -0,0 +1,156 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:14.bzip2                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          bzip2 denial of service and permission race vulnerabilities
+
+Category:       contrib
+Module:         contrib_bzip2
+Announced:      2005-06-29
+Credits:        Imran Ghory, Chris Evans
+Affects:        All FreeBSD releases
+Corrected:      2005-06-29 21:38:48 UTC (RELENG_5, 5.4-STABLE)
+                2005-06-29 21:41:03 UTC (RELENG_5_4, 5.4-RELEASE-p3)
+                2005-06-29 21:42:33 UTC (RELENG_5_3, 5.3-RELEASE-p17)
+                2005-06-29 21:43:42 UTC (RELENG_4, 4.11-STABLE)
+                2005-06-29 21:45:14 UTC (RELENG_4_11, 4.11-RELEASE-p11)
+                2005-06-29 21:46:15 UTC (RELENG_4_10, 4.10-RELEASE-p16)
+CVE Name:       CAN-2005-0953, CAN-2005-1260
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+bzip2 is a block-sorting file compression utility.
+
+II.  Problem Description
+
+Two problems have been discovered relating to the extraction of
+bzip2-compressed files.  First, a carefully constructed invalid bzip2
+archive can cause bzip2 to enter an infinite loop.  Second, when
+creating a new file, bzip2 closes the file before setting its
+permissions.
+
+III. Impact
+
+The first problem can cause bzip2 to extract a bzip2 archive to an
+infinitely large file.  If bzip2 is used in automated processing of
+untrusted files this could be exploited by an attacker to create an
+denial-of-service situation by exhausting disk space or by consuming
+all available cpu time.
+
+The second problem can allow a local attacker to change the
+permissions of local files owned by the user executing bzip2 providing
+that they have write access to the directory in which the file is
+being extracted.
+
+IV.  Workaround
+
+Do not uncompress bzip2 archives from untrusted sources and do not
+uncompress files in directories where untrusted users have write
+access.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, and 5.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:14/bzip2.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:14/bzip2.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libbz2
+# make obj && make depend && make && make install
+# cd /usr/src/usr.bin/bzip2
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  contrib/bzip2/bzip2.c                                       1.1.1.1.2.3
+  contrib/bzip2/bzlib.c                                       1.1.1.1.2.3
+  contrib/bzip2/compress.c                                    1.1.1.1.2.3
+  contrib/bzip2/decompress.c                                  1.1.1.1.2.3
+  contrib/bzip2/huffman.c                                     1.1.1.1.2.3
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.12
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.15
+  contrib/bzip2/bzip2.c                                  1.1.1.1.2.2.12.1
+  contrib/bzip2/bzlib.c                                  1.1.1.1.2.2.12.1
+  contrib/bzip2/compress.c                               1.1.1.1.2.2.12.1
+  contrib/bzip2/decompress.c                             1.1.1.1.2.2.12.1
+  contrib/bzip2/huffman.c                                1.1.1.1.2.2.12.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.17
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.18
+  contrib/bzip2/bzip2.c                                  1.1.1.1.2.2.10.1
+  contrib/bzip2/bzlib.c                                  1.1.1.1.2.2.10.1
+  contrib/bzip2/compress.c                               1.1.1.1.2.2.10.1
+  contrib/bzip2/decompress.c                             1.1.1.1.2.2.10.1
+  contrib/bzip2/huffman.c                                1.1.1.1.2.2.10.1
+RELENG_5
+  contrib/bzip2/bzip2.c                                       1.1.1.2.8.1
+  contrib/bzip2/bzlib.c                                       1.1.1.2.8.1
+  contrib/bzip2/compress.c                                    1.1.1.2.8.1
+  contrib/bzip2/decompress.c                                  1.1.1.2.8.1
+  contrib/bzip2/huffman.c                                     1.1.1.2.8.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.12
+  src/sys/conf/newvers.sh                                   1.62.2.18.2.8
+  contrib/bzip2/bzip2.c                                      1.1.1.2.12.1
+  contrib/bzip2/bzlib.c                                      1.1.1.2.12.1
+  contrib/bzip2/compress.c                                   1.1.1.2.12.1
+  contrib/bzip2/decompress.c                                 1.1.1.2.12.1
+  contrib/bzip2/huffman.c                                    1.1.1.2.12.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.20
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.22
+  contrib/bzip2/bzip2.c                                      1.1.1.2.10.1
+  contrib/bzip2/bzlib.c                                      1.1.1.2.10.1
+  contrib/bzip2/compress.c                                   1.1.1.2.10.1
+  contrib/bzip2/decompress.c                                 1.1.1.2.10.1
+  contrib/bzip2/huffman.c                                    1.1.1.2.10.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0953
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1260
+http://marc.theaimsgroup.com/?l=bugtraq&m=111229375217633
+http://scary.beasts.org/security/CESA-2005-002.txt
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:14.bzip.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCwxenFdaIBMps37IRAsYxAJ9K8pFrImuACPxauHUqGqumKs2nLQCfQ0ne
+SQ0RlXP6MiG88y/2B2wF7aA=
+=TvEK
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:15.tcp.asc b/share/security/advisories/FreeBSD-SA-05:15.tcp.asc
new file mode 100644
index 0000000000..254e5c42ae
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:15.tcp.asc
@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:15.tcp                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          TCP connection stall denial of service
+
+Category:       core
+Module:         inet
+Announced:      2005-06-29
+Credits:        Noritoshi Demizu
+Affects:        All FreeBSD releases.
+Corrected:      2005-06-29 21:38:48 UTC (RELENG_5, 5.4-STABLE)
+                2005-06-29 21:41:03 UTC (RELENG_5_4, 5.4-RELEASE-p3)
+                2005-06-29 21:42:33 UTC (RELENG_5_3, 5.3-RELEASE-p17)
+                2005-06-29 21:43:42 UTC (RELENG_4, 4.11-STABLE)
+                2005-06-29 21:45:14 UTC (RELENG_4_11, 4.11-RELEASE-p11)
+                2005-06-29 21:46:15 UTC (RELENG_4_10, 4.10-RELEASE-p16)
+CVE Name:       CAN-2005-0356, CAN-2005-2068
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The Transmission Control Protocol (TCP) of the TCP/IP protocol suite
+provides a connection-oriented, reliable, sequence-preserving data
+stream service.  TCP timestamps are used to measure Round-Trip Time
+and in the Protect Against Wrapped Sequences (PAWS) algorithm.  TCP
+packets with the SYN flag set are used during setup of new TCP
+connections.
+
+II.  Problem Description
+
+Two problems have been discovered in the FreeBSD TCP stack.
+
+First, when a TCP packets containing a timestamp is received, inadequate
+checking of sequence numbers is performed, allowing an attacker to
+artificially increase the internal "recent" timestamp for a connection.
+
+Second, a TCP packet with the SYN flag set is accepted for established
+connections, allowing an attacker to overwrite certain TCP options.
+
+III. Impact
+
+Using either of the two problems an attacker with knowledge of the
+local and remote IP and port numbers associated with a connection
+can cause a denial of service situation by stalling the TCP connection.
+The stalled TCP connection my be closed after some time by the other
+host.
+
+IV.  Workaround
+
+In some cases it may be possible to defend against these attacks by
+blocking the attack packets using a firewall.  Packets used to effect
+either of these attacks would have spoofed source IP addresses.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, and 5.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:15/tcp4.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:15/tcp4.patch.asc
+
+[FreeBSD 5.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:15/tcp.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:15/tcp.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/netinet/tcp_input.c                                  1.107.2.44
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.12
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.15
+  src/sys/netinet/tcp_input.c                              1.107.2.41.4.3
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.17
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.18
+  src/sys/netinet/tcp_input.c                              1.107.2.41.2.1
+RELENG_5
+  src/sys/netinet/tcp_input.c                                  1.252.2.16
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.12
+  src/sys/conf/newvers.sh                                   1.62.2.18.2.8
+  src/sys/netinet/tcp_input.c                              1.252.2.14.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.20
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.22
+  src/sys/netinet/tcp_input.c                                   1.252.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0356
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2068
+http://www.kb.cert.org/vuls/id/637934
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCwxe7FdaIBMps37IRAi39AJ9ss6PVEwloS4SlKEWi5S1hpHnzmACeJF7H
+rKmK2NtleJ98dTLWW4QLMn4=
+=6fBH
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:16.zlib.asc b/share/security/advisories/FreeBSD-SA-05:16.zlib.asc
new file mode 100644
index 0000000000..c26c38197b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:16.zlib.asc
@@ -0,0 +1,103 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:16.zlib                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Buffer overflow in zlib
+
+Category:       core
+Module:         libz
+Announced:      2005-07-06
+Credits:        Tavis Ormandy
+Affects:        FreeBSD 5.3, FreeBSD 5.4
+Corrected:      2005-07-06 14:01:11 UTC (RELENG_5, 5.4-STABLE)
+                2005-07-06 14:01:30 UTC (RELENG_5_4, 5.4-RELEASE-p4)
+                2005-07-06 14:01:52 UTC (RELENG_5_3, 5.3-RELEASE-p18)
+CVE Name:       CAN-2005-2096
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+zlib is a compression library used by numerous applications to provide
+data compression/decompression routines.
+
+II.  Problem Description
+
+An error in the handling of corrupt compressed data streams can result
+in a buffer being overflowed.
+
+III. Impact
+
+By carefully crafting a corrupt compressed data stream, an attacker can
+overwrite data structures in a zlib-using application.  This may cause
+the application to halt, causing a denial of service; or it may result
+in the attacker gaining elevated privileges.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 or
+RELENG_5_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 5.3 and 5.4
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:16/zlib.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libz/
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/lib/libz/inftrees.c                                         1.4.2.2
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.13
+  src/sys/conf/newvers.sh                                   1.62.2.18.2.9
+  src/lib/libz/inftrees.c                                         1.4.6.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.21
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.23
+  src/lib/libz/inftrees.c                                         1.4.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:16.zlib.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFCy+TYFdaIBMps37IRAqB2AJ4j+wdqj1zJJZdTjskufo7rrsHhcwCgi0SZ
+wXRUgGbgl/DtNzyvHi7t/bc=
+=anun
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:17.devfs.asc b/share/security/advisories/FreeBSD-SA-05:17.devfs.asc
new file mode 100644
index 0000000000..84ee9dfc20
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:17.devfs.asc
@@ -0,0 +1,135 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:17.devfs                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          devfs ruleset bypass
+
+Category:       core
+Module:         devfs
+Announced:      2005-07-20
+Credits:        Robert Watson
+Affects:        All FreeBSD 5.x releases
+Corrected:      2005-07-20 13:35:44 UTC (RELENG_5, 5.4-STABLE)
+                2005-07-20 13:36:32 UTC (RELENG_5_4, 5.4-RELEASE-p5)
+                2005-07-20 13:37:27 UTC (RELENG_5_3, 5.3-RELEASE-p19)
+CVE Name:       CAN-2005-2218
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The jail(2) system call allows a system administrator to lock a process
+and all of its descendants inside an environment with a very limited
+ability to affect the system outside that environment, even for
+processes with superuser privileges.  It is an extension of, but
+far more powerful than, the traditional UNIX chroot(2) system call.
+
+The device file system, or devfs(5), provides access to kernel's device
+namespace in the global file system namespace.  This includes access to
+to system devices such as storage devices, kernel and system memory
+devices, BPF devices, and serial port devices.  Devfs is is generally
+mounted as /dev.  Devfs rulesets allow an administrator to hide
+certain device nodes; this is most commonly applied to a devfs mounted
+for use inside a jail, in order to make devices inaccessible to
+processes within that jail.
+
+II.  Problem Description
+
+Due to insufficient parameter checking of the node type during device
+creation, any user can expose hidden device nodes on devfs mounted
+file systems within their jail.  Device nodes will be created in the
+jail with their normal default access permissions.
+
+III. Impact
+
+Jailed processes can get access to restricted resources on the host
+system.  For jailed processes running with superuser privileges this
+implies access to all devices on the system.  This level of access
+can lead to information leakage and privilege escalation.
+
+IV.  Workaround
+
+Unmount device file systems mounted inside jails.  Note that certain
+device nodes, such as /dev/null, may be required for some software to
+function correctly.
+
+This can be done by executing the following command as root:
+
+  umount -A -t devfs
+
+Also, remove or comment out any lines in fstab(5) that reference
+`devfs' and has a mount point within a jail, so that they will not be
+re-mounted at next reboot.
+
+Some device file systems might be busy, including the host's main /dev
+file system, and processes accessing these must be shut down before
+the device file system can be unmounted.  The hosts main device file
+system, mounted as /dev, should not be unmounted since it is required
+for normal system operation.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4,
+or RELENG_5_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.3, and
+5.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:17/devfs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:17/devfs.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/fs/devfs/devfs_vnops.c                                 1.73.2.2
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.14
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.10
+  src/sys/fs/devfs/devfs_vnops.c                             1.73.2.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.22
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.24
+  src/sys/fs/devfs/devfs_vnops.c                                 1.73.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2218
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:17.devfs.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFC3lYgFdaIBMps37IRAldmAJ458s06z3gkHNjn04R2Rq8XXwRKiQCffeJP
+m9n3bmuoX0WJvckcdR8EhU4=
+=2iFe
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:18.zlib.asc b/share/security/advisories/FreeBSD-SA-05:18.zlib.asc
new file mode 100644
index 0000000000..c72fdf778f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:18.zlib.asc
@@ -0,0 +1,112 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:18.zlib                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Buffer overflow in zlib
+
+Category:       core
+Module:         libz
+Announced:      2005-07-27
+Credits:        Markus Oberhumer
+Affects:        FreeBSD 5.3, FreeBSD 5.4
+Corrected:      2005-07-27 08:41:44 UTC (RELENG_6, 6.0-BETA2)
+                2005-07-27 08:41:56 UTC (RELENG_5, 5.4-STABLE)
+                2005-07-27 08:42:16 UTC (RELENG_5_4, 5.4-RELEASE-p6)
+                2005-07-27 08:42:38 UTC (RELENG_5_3, 5.3-RELEASE-p20)
+CVE Name:       CAN-2005-1849
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+NOTE WELL: The issue discussed in this advisory is distinct from the
+issue discussed in the earlier advisory FreeBSD-SA-05:16.zlib, although
+the impact is very similar.
+
+I.   Background
+
+zlib is a compression library used by numerous applications to provide
+data compression/decompression routines.
+
+II.  Problem Description
+
+A fixed-size buffer is used in the decompression of data streams.  Due
+to erronous analysis performed when zlib was written, this buffer,
+which was belived to be sufficiently large to handle any possible input
+stream, is in fact too small.
+
+III. Impact
+
+A carefully constructed compressed data stream can result in zlib
+overwriting some data structures.  This may cause applications to halt,
+resulting in a denial of service; or it may result in an attacker
+gaining elevated privileges.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 or
+RELENG_5_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.3, and 5.4
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:18/zlib.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:18/zlib.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libz/
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/lib/libz/inftrees.h                                     1.1.1.5.2.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.15
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.11
+  src/lib/libz/inftrees.h                                     1.1.1.5.6.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.23
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.25
+  src/lib/libz/inftrees.h                                     1.1.1.5.4.1
+RELENG_6
+  src/lib/libz/inftrees.h                                     1.1.1.5.8.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1849
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:18.zlib.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD4DBQFC50oLFdaIBMps37IRAg/1AJjTCluaNxJuBbSalLtgF34iey8DAJ9BGJmr
+9NNdJfcjbm4qucvUYdsOqA==
+=XDop
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:19.ipsec.asc b/share/security/advisories/FreeBSD-SA-05:19.ipsec.asc
new file mode 100644
index 0000000000..8216481ece
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:19.ipsec.asc
@@ -0,0 +1,116 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:19.ipsec                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Incorrect key usage in AES-XCBC-MAC
+
+Category:       core
+Module:         netinet6
+Announced:      2005-07-27
+Credits:        Yukiyo Akisada, Yokogawa Electric Corporation
+Affects:        FreeBSD 5.3, FreeBSD 5.4
+Corrected:      2005-07-27 08:41:44 UTC (RELENG_6, 6.0-BETA2)
+                2005-07-27 08:41:56 UTC (RELENG_5, 5.4-STABLE)
+                2005-07-27 08:42:16 UTC (RELENG_5_4, 5.4-RELEASE-p6)
+                2005-07-27 08:42:38 UTC (RELENG_5_3, 5.3-RELEASE-p20)
+CVE Name:       CAN-2005-2359
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+IPsec is a security protocol for the Internet Protocol networking
+layer.  It provides a combination of encryption and authentication of
+system, using several possible cryptography algorithms.
+
+II.  Problem Description
+
+A programming error in the implementation of the AES-XCBC-MAC algorithm
+for authentication resulted in a constant key being used instead of the
+key specified by the system administrator.
+
+III. Impact
+
+If the AES-XCBC-MAC algorithm is used for authentication in the absence
+of any encryption, then an attacker may be able to forge packets which
+appear to originate from a different system and thereby succeed in
+establishing an IPsec session.  If access to sensitive information or
+systems is controlled based on the identity of the source system, this
+may result in information disclosure or privilege escalation.
+
+IV.  Workaround
+
+Do not use the AES-XCBC-MAC algorithm for authentication, or use it
+together with some form of IPsec encryption.
+
+Systems which do not use IPsec, use other algorithms, or have IPsec
+encryption enabled are unaffected by this issue.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_4 or
+RELENG_5_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.3 and 5.4
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:19/ipsec.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:19/ipsec.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/netinet6/ah_aesxcbcmac.c                                1.1.4.2
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.15
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.11
+  src/sys/netinet6/ah_aesxcbcmac.c                            1.1.4.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.23
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.25
+  src/sys/netinet6/ah_aesxcbcmac.c                                1.1.6.1
+RELENG_6
+  src/sys/netinet6/ah_aesxcbcmac.c                                1.2.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2359
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:19.ipsec.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFC50oTFdaIBMps37IRAt3IAJ9tqRnoO5+6u/+3Nn8/Cos1cS1/ygCdHmzs
++LPbiS3Bye0Vdvssh7b6vYE=
+=v16f
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:20.cvsbug.asc b/share/security/advisories/FreeBSD-SA-05:20.cvsbug.asc
new file mode 100644
index 0000000000..4fd9d69f35
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:20.cvsbug.asc
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:20.cvsbug                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Race condition in cvsbug
+
+Category:       contrib
+Module:         contrib_cvs
+Announced:      2005-09-07
+Credits:        Marcus Meissner
+Affects:        All FreeBSD releases
+Corrected:      2005-09-07 13:43:05 UTC (RELENG_6, 6.0-BETA5)
+                2005-09-07 13:43:23 UTC (RELENG_5, 5.4-STABLE)
+                2005-09-07 13:43:36 UTC (RELENG_5_4, 5.4-RELEASE-p7)
+                2005-09-09 19:26:19 UTC (RELENG_5_3, 5.3-RELEASE-p22)
+                2005-09-07 13:44:06 UTC (RELENG_4, 4.11-STABLE)
+                2005-09-07 13:44:20 UTC (RELENG_4_11, 4.11-RELEASE-p12)
+                2005-09-09 19:24:22 UTC (RELENG_4_10, 4.10-RELEASE-p18)
+CVE Name:       CAN-2005-2693
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0 2005-07-07  Initial release.
+v1.1 2005-07-09  Additional related issues fixed in FreeBSD 4.10 and 5.3.
+
+I.   Background
+
+cvsbug(1) is a utility for reporting problems in the CVS revision
+control system.  It is based on the GNATS send-pr(1) utility.
+
+II.  Problem Description
+
+A temporary file is created, used, deleted, and then re-created with
+the same name.  This creates a window during which an attacker could
+replace the file with a link to another file.  While cvsbug(1) is based
+on the send-pr(1) utility, this problem does not exist in the version
+of send-pr(1) distributed with FreeBSD.
+
+In FreeBSD 4.10 and 5.3, some additional problems exist concerning
+temporary file usage in both cvsbug(1) and send-pr(1).
+
+III. Impact
+
+A local attacker could cause data to be written to any file to which
+the user running cvsbug(1) (or send-pr(1) in FreeBSD 4.10 and 5.3) has
+write access.  This may cause damage in itself (e.g., by destroying
+important system files or documents) or may be used to obtain elevated
+privileges.
+
+IV.  Workaround
+
+Do not use the cvsbug(1) utility on any system with untrusted users.
+
+Do not use the send-pr(1) utility on a FreeBSD 4.10 or 5.3 system with
+untrusted users.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10, 
+4.11, 5.3, and 5.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.10]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug410.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug410.patch.asc
+
+[FreeBSD 5.3]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug53.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug53.patch.asc
+
+[FreeBSD 4.11 and 5.4]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:20/cvsbug.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/cvs/cvsbug
+# make obj && make depend && make && make install
+# cd /usr/src/gnu/usr.bin/send-pr
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/cvs/src/cvsbug.in                               1.1.1.1.2.4
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.13
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.16
+  src/contrib/cvs/src/cvsbug.in                           1.1.1.1.2.3.2.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.19
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.20
+  src/contrib/cvs/src/cvsbug.in                           1.1.1.1.2.2.6.2
+  src/gnu/usr.bin/send-pr/send-pr.sh                        1.13.2.13.2.1
+RELENG_5
+  src/contrib/cvs/src/cvsbug.in                               1.1.1.3.2.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.16
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.12
+  src/contrib/cvs/src/cvsbug.in                               1.1.1.3.6.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.25
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.27
+  src/contrib/cvs/src/cvsbug.in                               1.1.1.3.4.1
+  src/gnu/usr.bin/send-pr/send-pr.sh                             1.35.6.1
+RELENG_6
+  src/contrib/cvs/src/cvsbug.in                               1.1.1.3.8.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2693
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQFDIeKFFdaIBMps37IRApOpAJ9RRKHLnuyFOuaM1pN09Sn3Rysv4gCgiF+/
+QJ1c9krguLbujP/YL4LaDP0=
+=5W0R
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-05:21.openssl.asc b/share/security/advisories/FreeBSD-SA-05:21.openssl.asc
new file mode 100644
index 0000000000..23e9f079e7
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-05:21.openssl.asc
@@ -0,0 +1,165 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-05:21.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Potential SSL 2.0 rollback
+
+Category:       contrib
+Module:         openssl
+Announced:      2005-10-11
+Credits:        Yutaka Oiwa
+Affects:        All FreeBSD releases.
+Corrected:      2005-10-11 11:52:46 UTC (RELENG_6, 6.0-STABLE)
+                2005-10-11 11:53:03 UTC (RELENG_6_0, 6.0-RELEASE)
+                2005-10-11 11:52:01 UTC (RELENG_5, 5.4-STABLE)
+                2005-10-11 11:52:28 UTC (RELENG_5_4, 5.4-RELEASE-p8)
+                2005-10-11 11:52:13 UTC (RELENG_5_3, 5.3-RELEASE-p23)
+                2005-10-11 11:50:50 UTC (RELENG_4, 4.11-STABLE)
+                2005-10-11 11:51:45 UTC (RELENG_4_11, 4.11-RELEASE-p13)
+                2005-10-11 11:51:20 UTC (RELENG_4_10, 4.10-RELEASE-p19)
+CVE Name:       CAN-2005-2969
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The OpenSSL library implements the Secure Sockets Layer and Transport
+Layer Security protocols, as well as providing a large number of basic
+cryptographic functions.
+
+The Secure Sockets Layer protocol exists in two versions and includes a
+mechanism for negotiating the protocol version to be used.  If the
+protocol is executed correctly, it is impossible for a client and
+server both capable of the newer version of the protocol (SSLv3) to end
+up using the older version of the protocol (SSLv2).
+
+II.  Problem Description
+
+In order to provide bug-for-bug compatibility with Microsoft Internet
+Explorer 3.02, a verification step required by the Secure Sockets Layer
+protocol can be disabled by using the SSL_OP_MSIE_SSLV2_RSA_PADDING
+option in OpenSSL.  This option is implied by the frequently-used
+SSL_OP_ALL option.
+
+III. Impact
+
+If the SSL_OP_MSIE_SSLV2_RSA_PADDING option is enabled in a server
+application using OpenSSL, an attacker who is able to intercept and
+tamper with packets transmitted between a client and the server can
+cause the protocol version negotiation to result in SSLv2 being used
+even when both the client and the server support SSLv3.  Due to a
+number of weaknesses in the SSLv2 protocol, this may allow the attacker
+to read or tamper with the encrypted data being sent.
+
+Applications which do not support SSLv2, have been configured to not
+permit the use of SSLv2, or do not use the SSL_OP_MSIE_SSLV2_RSA_PADDING
+or SSL_OP_ALL options are not affected.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+NOTE WELL: The solution described below causes OpenSSL to ignore the
+SSL_OP_MSIE_SSLV2_RSA_PADDING option and hence to require conformance
+with the Secure Sockets Layer protocol.  As a result, this solution
+will reintroduce incompatibility with Microsoft Internet Explorer 3.02
+and any other applications which exhibit the same protocol violation.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE or 5-STABLE, or to the
+RELENG_5_4, RELENG_5_3, RELENG_4_11, or RELENG_4_10 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, and 5.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:21/openssl.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-05:21/openssl.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/makeworld.html >.
+
+Note that any statically linked applications that are not part of the
+base system (i.e. from the Ports Collection or other 3rd-party sources)
+must be recompiled.
+
+All affected applications must be restarted for them to use the
+corrected library.  Though not required, rebooting may be the easiest
+way to accomplish this.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/openssl/crypto/opensslv.h                       1.1.1.1.2.11
+  src/crypto/openssl/ssl/s23_srvr.c                               1.2.2.6
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.14
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.17
+  src/crypto/openssl/crypto/opensslv.h                   1.1.1.1.2.10.4.1
+  src/crypto/openssl/ssl/s23_srvr.c                           1.2.2.5.8.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.20
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.21
+  src/crypto/openssl/crypto/opensslv.h                   1.1.1.1.2.10.2.1
+  src/crypto/openssl/ssl/s23_srvr.c                           1.2.2.5.6.1
+RELENG_5
+  src/crypto/openssl/crypto/opensslv.h                     1.1.1.1.15.2.2
+  src/crypto/openssl/ssl/s23_srvr.c                               1.7.6.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.17
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.13
+  src/crypto/openssl/crypto/opensslv.h                   1.1.1.15.2.1.2.1
+  src/crypto/openssl/ssl/s23_srvr.c                              1.7.10.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.26
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.28
+  src/crypto/openssl/crypto/opensslv.h                       1.1.1.15.4.1
+  src/crypto/openssl/ssl/s23_srvr.c                               1.7.8.1
+RELENG_6
+  src/crypto/openssl/ssl/s23_srvr.c                              1.7.12.1
+  src/crypto/openssl/crypto/opensslv.h                       1.1.1.16.2.1
+RELENG_6_0
+  src/UPDATING                                              1.416.2.3.2.1
+  src/crypto/openssl/crypto/opensslv.h                       1.1.1.16.4.1
+  src/crypto/openssl/ssl/s23_srvr.c                              1.7.14.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.openssl.org/news/secadv_20051011.txt
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2969
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:21.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFDThqmFdaIBMps37IRAuh+AJ4wt03pXt8g+9okQLaChhwrLgT+DQCfaBwg
+NQ1AyadfK+gC7adAcuLBQ2k=
+=a1sE
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:01.texindex.asc b/share/security/advisories/FreeBSD-SA-06:01.texindex.asc
new file mode 100644
index 0000000000..245d5cbb20
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:01.texindex.asc
@@ -0,0 +1,143 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:01.texindex                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Texindex temporary file privilege escalation
+
+Category:       contrib
+Module:         texinfo
+Announced:      2006-01-11
+Credits:        Frank Lichtenheld
+Affects:        All FreeBSD releases.
+Corrected:      2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE)
+                2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2)
+                2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE)
+                2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9)
+                2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24)
+                2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE)
+                2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14)
+                2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20)
+CVE Name:       CAN-2005-3011
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History.
+
+v1.0 2006-01-11  Initial release.
+v1.1 2006-01-11  Corrected instructions for rebuilding texindex.
+
+I.   Background
+
+TeX is a document typesetting system which is popular in the mathematics,
+physics, and computer science realms because of its ability to typeset
+complex mathematical formulas.  texindex(1) is a utility which is often
+used to generate a sorted index of a TeX file.
+
+II.  Problem Description
+
+The "sort_offline" function used by texindex(1) employs the "maketempname"
+function, which produces predictable file names and fails to validate that
+the paths do not exist.
+
+III. Impact
+
+These predictable temporary file names are problematic because they
+allow an attacker to take advantage of a race condition in order to
+execute a symlink attack, which could enable them to overwrite files
+on the system in the context of the user running the texindex(1) utility.
+
+IV.  Workaround
+
+No workaround is available, but the problematic code is only executed
+if the input file being processed is 500kB or more in length; as a
+result, users working with documents of less than several hundred pages
+are very unlikely to be affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
+RELENG_4_10 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, 5.4, and 6.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x and 5.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex5x.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex5x.patch.asc
+
+[FreeBSD 6.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:01/texindex.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/texinfo/libtxi
+# make obj && make depend && make
+# cd /usr/src/gnu/usr.bin/texinfo/texindex
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  contrib/texinfo/util/texindex.c                             1.1.1.3.2.4
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.15
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.18
+  contrib/texinfo/util/texindex.c                         1.1.1.3.2.3.6.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.21
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.22
+  contrib/texinfo/util/texindex.c                         1.1.1.3.2.3.4.1
+RELENG_5
+  contrib/texinfo/util/texindex.c                             1.1.1.7.4.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.18
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.14
+  contrib/texinfo/util/texindex.c                             1.1.1.7.8.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.27
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.29
+  contrib/texinfo/util/texindex.c                             1.1.1.7.6.1
+RELENG_6
+  contrib/texinfo/util/texindex.c                             1.1.1.8.2.1
+RELENG_6_0
+  src/UPDATING                                              1.416.2.3.2.7
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.3
+  contrib/texinfo/util/texindex.c                             1.1.1.8.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-3011
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:01.texindex.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFDxNZZFdaIBMps37IRAkQ5AKCayEHnnoglWAyY2wA22huF9xmIxgCdFwpn
+ePrdykp4BUjKqAMYCUupMK8=
+=q74p
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:02.ee.asc b/share/security/advisories/FreeBSD-SA-06:02.ee.asc
new file mode 100644
index 0000000000..73067f8d4b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:02.ee.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:02.ee                                         Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          ee temporary file privilege escalation
+
+Category:       core
+Module:         ee
+Announced:      2006-01-11
+Credits:        Christian S.J. Peron
+Affects:        All FreeBSD versions
+Corrected:      2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE)
+                2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2)
+                2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE)
+                2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9)
+                2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24)
+                2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE)
+                2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14)
+                2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20)
+CVE Name:       CVE-2006-0055
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The ee utility is a simple screen oriented text editor. This editor is
+popular with a lot of users due to its ease of use.
+
+II.  Problem Description
+
+The ispell_op function used by ee(1) while executing spell check
+operations employs an insecure method of temporary file generation.
+This method produces predictable file names based on the process ID
+and fails to confirm which path will be over written with the user.
+
+It should be noted that ispell does not have to be installed in order
+for this to be exploited.  The option simply needs to be selected.
+
+III. Impact
+
+These predictable temporary file names are problematic because they
+allow an attacker to take advantage of a race condition in order to
+execute a symlink attack, which could allow them to overwrite files
+on the system in the context of the user running the ee(1) editor.
+
+IV.  Workaround
+
+Instead of invoking ispell through ee(1), invoke it directly.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
+RELENG_4_10 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, 5.4, and 6.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:02/ee.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:02/ee.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.bin/ee
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  usr.bin/ee/ee.c                                                1.16.2.9
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.15
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.18
+  usr.bin/ee/ee.c                                            1.16.2.7.6.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.21
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.22
+  usr.bin/ee/ee.c                                            1.16.2.7.4.1
+RELENG_5
+  usr.bin/ee/ee.c                                                1.31.4.2
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.18
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.14
+  usr.bin/ee/ee.c                                            1.31.4.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.27
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.29
+  usr.bin/ee/ee.c                                                1.31.6.1
+RELENG_6
+  usr.bin/ee/ee.c                                                1.32.2.1
+RELENG_6_0
+  src/UPDATING                                              1.416.2.3.2.7
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.3
+  usr.bin/ee/ee.c                                                1.32.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0055
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:02.ee.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFDxL4YFdaIBMps37IRAlL2AJ4x+2WoVU3OJMEab2ch6sbBRaLoogCglFSE
+n4bkyDA2e6afV7tG4ja8foA=
+=42lw
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:03.cpio.asc b/share/security/advisories/FreeBSD-SA-06:03.cpio.asc
new file mode 100644
index 0000000000..128c40b901
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:03.cpio.asc
@@ -0,0 +1,203 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:03.cpio                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple vulnerabilities cpio
+
+Category:       contrib
+Module:         contrib_cpio
+Announced:      2006-01-11
+Credits:        Imran Ghory, Richard Harms
+Affects:        All FreeBSD releases.
+Corrected:      2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE)
+                2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2)
+                2006-01-11 08:03:55 UTC (RELENG_5, 5.4-STABLE)
+                2006-01-11 08:04:33 UTC (RELENG_5_4, 5.4-RELEASE-p9)
+                2006-01-11 08:05:54 UTC (RELENG_5_3, 5.3-RELEASE-p24)
+                2006-01-11 08:06:47 UTC (RELENG_4, 4.11-STABLE)
+                2006-01-11 08:07:18 UTC (RELENG_4_11, 4.11-RELEASE-p14)
+                2006-01-11 08:08:08 UTC (RELENG_4_10, 4.10-RELEASE-p20)
+CVE Name:       CVE-2005-1111, CVE-2005-1229, CVE-2005-4268
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The cpio utility copies files into or out of a cpio or tar archive.
+
+II.  Problem Description
+
+A number of issues has been discovered in cpio:
+
+  . When creating a new file, cpio closes the file before setting its
+    permissions. (CVE-2005-1111)
+
+  . When extracting files cpio does not properly sanitize file names
+    to filter out ".." components, even if the --no-absolute-filenames
+    option is used. (CVE-2005-1229)
+
+  . When adding large files (larger than 4 GB) to a cpio archive on
+    64-bit platforms an internal buffer might overflow. (CVE-2005-4268)
+
+III. Impact
+
+  . The first problem can allow a local attacker to change the
+    permissions of files owned by the user executing cpio providing
+    that they have write access to the directory in which the file is
+    being extracted. (CVE-2005-1111)
+
+  . The lack of proper file name sanitation can allow an attacker to
+    overwrite arbitrary local files when extracting files from a cpio
+    a archive. (CVE-2005-1229)
+
+  . The buffer-overflow on 64-bit platforms could lead cpio to a
+    Denial-of-Service situation (crash) or possibly execute arbitrary
+    code with the permissions of the user running
+    cpio. (CVE-2005-4268)
+
+IV.  Workaround
+
+Use a different utility to create and extract cpio archives, for
+example pax(1) or (on FreeBSD 5.3 or later) tar(1).  If this is not
+possible, do not extract untrusted archives and when running on 64-bit
+platforms do not add untrusted files to cpio archives.
+
+V.   Solution
+
+NOTE WELL: The solution described below causes cpio to not exact files
+with absolute paths by default anymore.  If it is required that cpio
+exact files with absolute names, use the --absolute-filenames
+parameter.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
+RELENG_4_10 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, 5.4, and 6.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:03/cpio.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/cpio
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  contrib/cpio/copyin.c                                           1.6.6.2
+  contrib/cpio/copyout.c                                          1.2.8.1
+  contrib/cpio/cpio.1                                             1.3.6.1
+  contrib/cpio/extern.h                                           1.2.8.1
+  contrib/cpio/global.c                                       1.1.1.1.8.1
+  contrib/cpio/main.c                                             1.3.2.1
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.15
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.18
+  contrib/cpio/copyin.c                                      1.6.6.1.12.1
+  contrib/cpio/copyout.c                                         1.2.36.1
+  contrib/cpio/cpio.1                                            1.3.34.1
+  contrib/cpio/extern.h                                          1.2.36.1
+  contrib/cpio/global.c                                      1.1.1.1.36.1
+  contrib/cpio/main.c                                            1.3.30.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.21
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.22
+  contrib/cpio/copyin.c                                      1.6.6.1.10.1
+  contrib/cpio/copyout.c                                         1.2.30.1
+  contrib/cpio/cpio.1                                            1.3.28.1
+  contrib/cpio/extern.h                                          1.2.30.1
+  contrib/cpio/global.c                                      1.1.1.1.30.1
+  contrib/cpio/main.c                                            1.3.24.1
+RELENG_5
+  contrib/cpio/copyin.c                                           1.7.8.1
+  contrib/cpio/copyout.c                                         1.2.32.1
+  contrib/cpio/cpio.1                                            1.3.30.1
+  contrib/cpio/extern.h                                          1.2.32.1
+  contrib/cpio/global.c                                      1.1.1.1.32.1
+  contrib/cpio/main.c                                            1.3.26.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.18
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.14
+  contrib/cpio/copyin.c                                          1.7.12.1
+  contrib/cpio/copyout.c                                         1.2.38.1
+  contrib/cpio/cpio.1                                            1.3.36.1
+  contrib/cpio/extern.h                                          1.2.38.1
+  contrib/cpio/global.c                                      1.1.1.1.38.1
+  contrib/cpio/main.c                                            1.3.32.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.27
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.29
+  contrib/cpio/copyin.c                                          1.7.10.1
+  contrib/cpio/copyout.c                                         1.2.34.1
+  contrib/cpio/cpio.1                                            1.3.32.1
+  contrib/cpio/extern.h                                          1.2.34.1
+  contrib/cpio/global.c                                      1.1.1.1.34.1
+  contrib/cpio/main.c                                            1.3.28.1
+RELENG_6
+  contrib/cpio/copyin.c                                          1.7.14.1
+  contrib/cpio/copyout.c                                         1.2.40.1
+  contrib/cpio/cpio.1                                            1.3.38.1
+  contrib/cpio/extern.h                                          1.2.40.1
+  contrib/cpio/global.c                                      1.1.1.1.40.1
+  contrib/cpio/main.c                                            1.3.34.1
+RELENG_6_0
+  src/UPDATING                                              1.416.2.3.2.7
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.3
+  contrib/cpio/copyin.c                                          1.7.16.1
+  contrib/cpio/copyout.c                                         1.2.42.1
+  contrib/cpio/cpio.1                                            1.3.40.1
+  contrib/cpio/extern.h                                          1.2.42.1
+  contrib/cpio/global.c                                      1.1.1.1.42.1
+  contrib/cpio/main.c                                            1.3.36.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+[CVE-2005-1111]
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1111
+http://marc.theaimsgroup.com/?l=bugtraq&m=111342664116120
+https://savannah.gnu.org/patch/?func=detailitem&item_id=4006
+https://savannah.gnu.org/patch/?func=detailitem&item_id=4007
+
+[CVE-2005-1229]
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1229
+http://marc.theaimsgroup.com/?l=bugtraq&m=111403177526312
+https://savannah.gnu.org/patch/?func=detailitem&item_id=4005
+
+[CVE-2005-4268]
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4268
+https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172669
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFDxL4mFdaIBMps37IRAqQnAJ9Js/Joq8LJJT1kX6DXStgJMliqJQCfdZCx
+bxuCX+ps+C0MR5UcLOExHvM=
+=7laG
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:04.ipfw.asc b/share/security/advisories/FreeBSD-SA-06:04.ipfw.asc
new file mode 100644
index 0000000000..f051d6478d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:04.ipfw.asc
@@ -0,0 +1,105 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:04.ipfw                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          ipfw IP fragment denial of service
+
+Category:       core
+Module:         ipfw
+Announced:      2006-01-11
+Credits:        Oleg Bulyzhin
+Affects:        FreeBSD 6.0-RELEASE
+Corrected:      2006-01-11 08:02:16 UTC (RELENG_6, 6.0-STABLE)
+                2006-01-11 08:03:18 UTC (RELENG_6_0, 6.0-RELEASE-p2)
+CVE Name:       CVE-2006-0054
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+ipfw(8) is a system facility which provides IP packet filtering,
+accounting, and redirection. Among the many features, while discarding
+packets it can perform actions defined by the user, such as sending
+back TCP reset or ICMP unreachable packets. These operations can be
+performed by using the reset, reject or uncreach actions.
+
+II.  Problem Description
+
+The firewall maintains a pointer to layer 4 header information in the
+event that it needs to send a TCP reset or ICMP error message to
+discard packets.  Due to incorrect handling of IP fragments, this
+pointer fails to get initialized.
+
+III. Impact
+
+An attacker can cause the firewall to crash by sending ICMP IP
+fragments to or through firewalls which match any reset, reject or
+unreach actions.
+
+IV.  Workaround
+
+Change any reset, reject or unreach actions to deny. It should be
+noted that this will result in packets being silently discarded.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE or to the RELENG_6_0
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.0
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:04/ipfw.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:04/ipfw.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/netinet/ip_fw2.c                                      1.106.2.6
+RELENG_6_0
+  src/UPDATING                                              1.416.2.3.2.7
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.3
+  src/sys/netinet/ip_fw2.c                                  1.106.2.3.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2006-0054
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:04.ipfw.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFDxL4vFdaIBMps37IRAmrZAJ4qRzdR0zR0u9ZY5RTTsMF5ZcGBUACfa5Gn
+9kbuhOTex8BBlNFRHYCd9e4=
+=WcS+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:05.80211.asc b/share/security/advisories/FreeBSD-SA-06:05.80211.asc
new file mode 100644
index 0000000000..c004a08a26
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:05.80211.asc
@@ -0,0 +1,101 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:05.80211                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          IEEE 802.11 buffer overflow
+
+Category:       core
+Module:         net80211
+Announced:      2006-01-18
+Credits:        Karl Janmar
+Affects:        FreeBSD 6.0
+Corrected:      2006-01-18 09:03:15 UTC (RELENG_6, 6.0-STABLE)
+                2006-01-18 09:03:36 UTC (RELENG_6_0, 6.0-RELEASE-p3)
+CVE Name:       CVE-2006-0226
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The IEEE 802.11 network subsystem of FreeBSD implements the protocol
+negotiation used for wireless networking.
+
+II.  Problem Description
+
+An integer overflow in the handling of corrupt IEEE 802.11 beacon or
+probe response frames when scanning for existing wireless networks can
+result in the frame overflowing a buffer.
+
+III. Impact
+
+An attacker able broadcast a carefully crafted beacon or probe response
+frame may be able to execute arbitrary code within the context of the
+FreeBSD kernel on any system scanning for wireless networks.
+
+IV.  Workaround
+
+No workaround is available, but systems without IEEE 802.11 hardware or
+drivers loaded are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE or to the RELENG_6_0
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:05/80211.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:05/80211.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/net80211/ieee80211_ioctl.c                             1.25.2.9
+RELENG_6_0
+  src/UPDATING                                              1.416.2.3.2.8
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.4
+  src/sys/net80211/ieee80211_ioctl.c                         1.25.2.3.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.signedness.org/advisories/sps-0x1.txt
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0226
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:05.80211.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFDzgUEFdaIBMps37IRAnB4AJ9btdO5oRpjDyksIQKhimmnAvaqSgCfdqZJ
+q5gy4Ec/4lhZjoaGCbUuncU=
+=XgsT
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:06.kmem.asc b/share/security/advisories/FreeBSD-SA-06:06.kmem.asc
new file mode 100644
index 0000000000..6da88213d7
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:06.kmem.asc
@@ -0,0 +1,116 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:06.kmem                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Local kernel memory disclosure
+
+Category:       core
+Module:         kernel
+Announced:      2006-01-25
+Credits:        Xin LI, Karl Janmar
+Affects:        FreeBSD 5.4-STABLE and FreeBSD 6.0
+Corrected:      2006-01-25 10:00:59 UTC (RELENG_6, 6.0-STABLE)
+                2006-01-25 10:01:26 UTC (RELENG_6_0, 6.0-RELEASE-p4)
+                2006-01-25 10:01:47 UTC (RELENG_5, 5.4-STABLE)
+CVE Name:       CVE-2006-0379, CVE-2006-0380
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The network sub-system commonly utilizes the ioctl(2) mechanism to pass
+information regarding the current state and statistics of logical and
+physical network devices.
+
+II.  Problem Description
+
+A buffer allocated from the kernel stack may not be completely
+initialized before being copied to userland. [CVE-2006-0379]
+
+A logic error in computing a buffer length may allow too much data to
+be copied into userland. [CVE-2006-0380]
+
+III. Impact
+
+Portions of kernel memory may be disclosed to local users.  Such
+memory might contain sensitive information, such as portions of the
+file cache or terminal buffers. This information might be directly
+useful, or it might be leveraged to obtain elevated privileges in
+some way.  For example, a terminal buffer might include a user-entered
+password.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE or 6-STABLE, or to the
+RELENG_6_0 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.4 and 6.0
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 5.4-STABLE and 6.0-STABLE]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem.patch.asc
+
+[FreeBSD 6.0-RELEASE]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem60.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:06/kmem60.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/net/if_bridge.c                                        1.23.2.7
+RELENG_6
+  src/sys/net/if_bridge.c                                       1.11.2.24
+RELENG_6_0
+  src/UPDATING                                              1.416.2.3.2.9
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.5
+  src/sys/net/if_bridge.c                                   1.11.2.12.2.4
+  src/sys/net80211/ieee80211_ioctl.c                         1.25.2.3.2.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0379
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0380
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFD105UFdaIBMps37IRArxMAJ9fS+dok28f9PsFvJwH8fUkkVOiawCfV6HM
++qRRPaBQCOX9XRXwB35y7h8=
+=pLt2
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:07.pf.asc b/share/security/advisories/FreeBSD-SA-06:07.pf.asc
new file mode 100644
index 0000000000..8e0ed49818
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:07.pf.asc
@@ -0,0 +1,120 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:07.pf                                         Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          IP fragment handling panic in pf(4)
+
+Category:       contrib
+Module:         sys_contrib
+Announced:      2006-01-25
+Credits:        Jakob Schlyter, Daniel Hartmeier
+Affects:        FreeBSD 5.3, FreeBSD 5.4, and FreeBSD 6.0
+Corrected:      2006-01-25 10:00:59 UTC (RELENG_6, 6.0-STABLE)
+                2006-01-25 10:01:26 UTC (RELENG_6_0, 6.0-RELEASE-p4)
+                2006-01-25 10:01:47 UTC (RELENG_5, 5.4-STABLE)
+                2006-01-25 10:02:07 UTC (RELENG_5_4, 5.4-RELEASE-p10)
+                2006-01-25 10:02:27 UTC (RELENG_5_3, 5.3-RELEASE-p25)
+CVE Name:       CVE-2006-0381
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+pf is an Internet Protocol packet filter originally written for OpenBSD.
+In addition to filtering packets, it also has packet normalization
+capabilities.
+
+II.  Problem Description
+
+A logic bug in pf's IP fragment cache may result in a packet fragment
+being inserted twice, violating a kernel invariant.
+
+III. Impact
+
+By sending carefully crafted sequence of IP packet fragments, a remote
+attacker can cause a system running pf with a ruleset containing a
+'scrub fragment crop' or 'scrub fragment drop-ovl' rule to crash.
+
+IV.  Workaround
+
+Do not use 'scrub fragment crop' or 'scrub fragment drop-ovl' rules
+on systems running pf.  In most cases, such rules can be replaced by
+'scrub fragment reassemble' rules; see the pf.conf(5) manual page for
+more details.
+
+Systems which do not use pf, or use pf but do not use the aforementioned
+rules, are not affected by this issue.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE or 6-STABLE, or to the
+RELENG_6_0, RELENG_5_4, or RELENG_5_3 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.3, 5.4,
+and 6.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:07/pf.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:07/pf.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/contrib/pf/net/pf_norm.c                               1.10.2.2
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.19
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.15
+  src/sys/contrib/pf/net/pf_norm.c                               1.10.6.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.28
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.30
+  src/sys/contrib/pf/net/pf_norm.c                               1.10.4.1
+RELENG_6
+  src/sys/contrib/pf/net/pf_norm.c                               1.11.2.3
+RELENG_6_0
+  src/UPDATING                                              1.416.2.3.2.9
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.5
+  src/sys/contrib/pf/net/pf_norm.c                           1.11.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0381
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:07.pf.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFD105kFdaIBMps37IRAth+AKCPd0puGZJ1u1/gbFRgYMQpQs8TiQCcD1ai
+56HQEqlhvzoW09g/05mbPCk=
+=hyeL
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:08.sack.asc b/share/security/advisories/FreeBSD-SA-06:08.sack.asc
new file mode 100644
index 0000000000..e8f09198ce
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:08.sack.asc
@@ -0,0 +1,109 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:08.sack                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Infinite loop in SACK handling
+
+Category:       core
+Module:         netinet
+Announced:      2006-02-01
+Credits:        Scott Wood
+Affects:        FreeBSD 5.3 and 5.4
+Corrected:      2006-01-24 01:16:18 UTC (RELENG_5, 5.4-STABLE)
+                2006-02-01 19:43:10 UTC (RELENG_5_4, 5.4-RELEASE-p11)
+                2006-02-01 19:43:36 UTC (RELENG_5_3, 5.3-RELEASE-p26)
+CVE Name:       CVE-2006-0433
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+SACK (Selective Acknowledgement) is an extension to the TCP/IP protocol
+that allows hosts to acknowledge the receipt of some, but not all, of
+the packets sent, thereby reducing the cost of retransmissions.
+
+II.  Problem Description
+
+When insufficient memory is available to handle an incoming selective
+acknowledgement, the TCP/IP stack may enter an infinite loop.
+
+III. Impact
+
+By opening a TCP connection and sending a carefully crafted series of
+packets, an attacker may be able to cause a denial of service.
+
+IV.  Workaround
+
+On FreeBSD 5.4, the net.inet.tcp.sack.enable sysctl can be used to
+disable the use of SACK:
+
+# sysctl net.inet.tcp.sack.enable=0
+
+No workaround is available for FreeBSD 5.3.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE or to the RELENG_5_4 or
+RELENG_5_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch have been verified to apply to FreeBSD 5.3 and
+5.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:08/sack.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:08/sack.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/netinet/tcp_sack.c                                     1.3.2.10
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.20
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.16
+  src/sys/netinet/tcp_sack.c                                  1.3.2.5.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.29
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.31
+  src/sys/netinet/tcp_sack.c                                      1.3.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0433
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:08.sack.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFD4RCIFdaIBMps37IRAplNAJ9sEJf5VkMOJaWO7P/wNHEzzW1aqACfcAfL
+e95PJAa1af/klNC+fZEipnY=
+=yZbN
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:09.openssh.asc b/share/security/advisories/FreeBSD-SA-06:09.openssh.asc
new file mode 100644
index 0000000000..fc2d6ef96c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:09.openssh.asc
@@ -0,0 +1,183 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:09.openssh                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Remote denial of service in OpenSSH
+
+Category:       contrib
+Module:         OpenSSH
+Announced:      2006-03-01
+Affects:        FreeBSD 5.3 and 5.4
+Corrected:      2006-03-01 14:19:48 UTC (RELENG_5, 5.5-PRERELEASE)
+                2006-03-01 14:21:01 UTC (RELENG_5_4, 5.4-RELEASE-p12)
+                2006-03-01 14:24:52 UTC (RELENG_5_3, 5.3-RELEASE-p27)
+CVE Name:       CVE-2006-0883
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+0.   Revision History
+
+v1.0 2006-03-01  Initial release.
+v1.1 2006-03-01  Corrected workaround instructions.
+v1.2 2006-03-03  Further correction to workaround.
+
+I.   Background
+
+OpenSSH is an implementation of the SSH protocol suite, providing an
+encrypted, authenticated transport for a variety of services,
+including remote shell access.
+
+Privilege separation is a mechanism used by OpenSSH to protect itself
+against possible future vulnerabilities.  It works by splitting the
+server process in two: the child process drops its privileges and
+carries on the conversation with the client, while the parent retains
+its privileges, monitors the child, and performs privileged operations
+on behalf of the child when it is satisified that everything is in
+order.  Privilege separation is enabled by default in FreeBSD.
+
+OpenPAM is an implementation of the PAM framework, which allows the
+use of loadable modules to implement user authentication and session
+management in a manner defined by the administrator.  It is used by
+OpenSSH and numerous other applications in FreeBSD to provide a
+consistent and configurable authentication system.
+
+II.  Problem Description
+
+Because OpenSSH and OpenPAM have conflicting designs (one is event-
+driven while the other is callback-driven), it is necessary for
+OpenSSH to fork a child process to handle calls to the PAM framework.
+However, if the unprivileged child terminates while PAM authentication
+is under way, the parent process incorrectly believes that the PAM
+child also terminated.  The parent process then terminates, and the
+PAM child is left behind.
+
+Due to the way OpenSSH performs internal accounting, these orphaned
+PAM children are counted as pending connections by the master OpenSSH
+server process.  Once a certain number of orphans has accumulated, the
+master decides that it is overloaded and stops accepting client
+connections.
+
+III. Impact
+
+By repeatedly connecting to a vulnerable server, waiting for a
+password prompt, and closing the connection, an attacker can cause
+OpenSSH to stop accepting client connections until the system restarts
+or an administrator manually kills the orphaned PAM processes.
+
+IV.  Workaround
+
+The following command will show a list of orphaned PAM processes:
+
+# pgrep -lf 'sshd.*\[pam\]'
+
+The following command will kill orphaned PAM processes:
+
+# pkill -f 'sshd.*\[pam\]'
+
+To prevent OpenSSH from leaving orphaned PAM processes behind, perform
+one of the following:
+
+1) Disable PAM authentication in OpenSSH.  Users will still be able to
+   log in using their Unix password, OPIE or SSH keys.
+
+   To do this, execute the following commands as root:
+
+# echo 'UsePAM no' >>/etc/ssh/sshd_config
+# echo 'PasswordAuthentication yes' >>/etc/ssh/sshd_config
+# /etc/rc.d/sshd restart
+
+2) If disabling PAM is not an option - if, for instance, you use
+   RADIUS authentication, or store user passwords in an SQL database -
+   you may instead disable privilege separation.  However, this may
+   leave OpenSSH vulnerable to hitherto unknown bugs, and should be
+   considered a last resort.
+
+   To do this, execute the following commands as root:
+
+# echo 'UsePrivilegeSeparation no' >>/etc/ssh/sshd_config
+# /etc/rc.d/sshd restart
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE or to the RELENG_5_4 or
+   RELENG_5_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.3 and
+5.4 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:09/openssh.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:09/openssh.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/secure/lib/libssh
+# make obj && make depend && make && make install
+# cd /usr/src/secure/usr.sbin/sshd
+# make obj && make depend && make && make install
+# /etc/rc.d/sshd restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/crypto/openssh/auth-pam.c                                  1.14.2.1
+  src/crypto/openssh/ssh_config                                  1.25.2.1
+  src/crypto/openssh/ssh_config.5                                1.15.2.1
+  src/crypto/openssh/sshd_config                                 1.40.2.1
+  src/crypto/openssh/sshd_config.5                               1.21.2.1
+  src/crypto/openssh/version.h                                   1.27.2.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.21
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.17
+  src/crypto/openssh/auth-pam.c                                  1.14.6.1
+  src/crypto/openssh/ssh_config                                  1.25.6.1
+  src/crypto/openssh/ssh_config.5                                1.15.6.1
+  src/crypto/openssh/sshd_config                                 1.40.6.1
+  src/crypto/openssh/sshd_config.5                               1.21.6.1
+  src/crypto/openssh/version.h                                   1.27.6.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.30
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.32
+  src/crypto/openssh/auth-pam.c                                  1.14.4.1
+  src/crypto/openssh/ssh_config                                  1.25.4.1
+  src/crypto/openssh/ssh_config.5                                1.15.4.1
+  src/crypto/openssh/sshd_config                                 1.40.4.1
+  src/crypto/openssh/sshd_config.5                               1.21.4.1
+  src/crypto/openssh/version.h                                   1.27.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=248125
+http://bugzilla.mindrot.org/show_bug.cgi?id=839
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0883
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:09.openssh.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFECDAWFdaIBMps37IRAsP2AKCRL3EiifNuRKn57ro4w4oUc1yuKQCbBh5K
+7lGPx1iUFg1HWQ9ssOqOP7Q=
+=4dj+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:10.nfs.asc b/share/security/advisories/FreeBSD-SA-06:10.nfs.asc
new file mode 100644
index 0000000000..9eee448f2b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:10.nfs.asc
@@ -0,0 +1,143 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:10.nfs                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Remote denial of service in NFS server
+
+Category:       core
+Module:         sys_nfsserver
+Announced:      2006-03-01
+Credits:        Evgeny Legerov
+Affects:        All FreeBSD releases.
+Corrected:      2006-03-01 14:18:11 UTC (RELENG_6, 6.1-PRERELEASE)
+                2006-03-01 14:18:46 UTC (RELENG_6_0, 6.0-RELEASE-p5)
+                2006-03-01 14:19:48 UTC (RELENG_5, 5.5-PRERELEASE)
+                2006-03-01 14:21:01 UTC (RELENG_5_4, 5.4-RELEASE-p12)
+                2006-03-01 14:24:52 UTC (RELENG_5_3, 5.3-RELEASE-p27)
+                2006-03-01 14:21:56 UTC (RELENG_4, 4.11-STABLE)
+                2006-03-01 14:22:30 UTC (RELENG_4_11, 4.11-RELEASE-p15)
+                2006-03-01 14:23:07 UTC (RELENG_4_10, 4.10-RELEASE-p21)
+CVE Name:       CVE-2006-0900
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The Network File System (NFS) allows a host to export some or all of
+its filesystems so that other hosts can access them over the network
+and mount them as if they were on local disks.  NFS is built on top of
+the Sun Remote Procedure Call (RPC) framework.
+
+II.  Problem Description
+
+A part of the NFS server code charged with handling incoming RPC
+messages via TCP had an error which, when the server received a
+message with a zero-length payload, would cause a NULL pointer
+dereference which results in a kernel panic.  The kernel will only
+process the RPC messages if a userland nfsd daemon is running.
+
+III. Impact
+
+The NULL pointer deference allows a remote attacker capable of sending
+RPC messages to an affected FreeBSD system to crash the FreeBSD system.
+
+IV.  Workaround
+
+1) Disable the NFS server: set the nfs_server_enable variable to "NO"
+   in /etc/rc.conf, and reboot.
+
+   Alternatively, if there are no active NFS clients (as listed by the
+   showmount(8) utility), simply killing the mountd and nfsd processes
+   should suffice.
+
+2) Add firewall rules to block RPC traffic to the NFS server from
+   untrusted hosts.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
+RELENG_4_10 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, 5.4, and 6.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:10/nfs4.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:10/nfs4.patch.asc
+
+[FreeBSD 5.x and 6.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:10/nfs.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:10/nfs.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/nfs/nfs_socket.c                                       1.60.2.7
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.16
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.19
+  src/sys/nfs/nfs_socket.c                                   1.60.2.6.6.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.22
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.23
+  src/sys/nfs/nfs_socket.c                                   1.60.2.6.4.1
+RELENG_5
+  src/sys/nfsserver/nfs_srvsock.c                                1.92.2.2
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.21
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.17
+  src/sys/nfsserver/nfs_srvsock.c                            1.92.2.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.30
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.32
+  src/sys/nfsserver/nfs_srvsock.c                                1.92.4.1
+RELENG_6
+  src/sys/nfsserver/nfs_srvsock.c                                1.94.2.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.10
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.6
+  src/sys/nfsserver/nfs_srvsock.c                                1.94.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0900
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:10.nfs.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQFEBbOIFdaIBMps37IRAgmUAJ0fYEjr1gk8KpHGbcmhpPwh+GqI3ACcDH5X
+dN3ngWsO1Z91GdTjJe0e7VE=
+=GCDX
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:11.ipsec.asc b/share/security/advisories/FreeBSD-SA-06:11.ipsec.asc
new file mode 100644
index 0000000000..7085128887
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:11.ipsec.asc
@@ -0,0 +1,134 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:11.ipsec                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          IPsec replay attack vulnerability
+
+Category:       core
+Module:         sys_netipsec
+Announced:      2006-03-22
+Credits:        Pawel Jakub Dawidek
+Affects:        All FreeBSD releases since 4.8-RELEASE
+Corrected:      2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE)
+                2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6)
+                2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE)
+                2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13)
+                2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28)
+                2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE)
+                2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16)
+                2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22)
+CVE Name:       CVE-2006-0905
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+IPsec is a set of protocols, including ESP (Encapsulating Security Payload)
+and AH (Authentication Header), that provide security services for IP
+datagrams.  ESP protects IP payloads from wire-tapping by encrypting them
+using secret key cryptography algorithms.  AH guarantees the integrity of IP
+packets and protects them from intermediate alteration or impersonation by
+attaching a cryptographic checksum computed using one-way hash functions.
+
+II.  Problem Description
+
+IPsec provides an anti-replay service which when enabled prevents an attacker
+from successfully executing a replay attack.  This is done through the
+verification of sequence numbers.  A programming error in the fast_ipsec(4)
+implementation results in the sequence number associated with a Security
+Association not being updated, allowing packets to unconditionally pass
+sequence number verification checks.
+
+III. Impact
+
+An attacker able to to intercept IPSec packets can replay them.  If higher
+level protocols which do not provide any protection against packet replays
+(e.g., UDP) are used, this may have a variety of effects.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
+RELENG_4_10 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, 5.4, and 6.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:11/ipsec.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/netipsec/xform_esp.c                                    1.2.2.4
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.17
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.20
+  src/sys/netipsec/xform_esp.c                                1.2.2.3.6.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.23
+  src/sys/conf/newvers.sh                                  1.33.2.34.2.24
+  src/sys/netipsec/xform_esp.c                                1.2.2.3.4.1
+RELENG_5
+  src/sys/netipsec/xform_esp.c                                    1.9.2.2
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.22
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.18
+  src/sys/netipsec/xform_esp.c                                1.9.2.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.31
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.33
+  src/sys/netipsec/xform_esp.c                                    1.9.4.1
+RELENG_6
+  src/sys/netipsec/xform_esp.c                                   1.10.2.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.11
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.7
+  src/sys/netipsec/xform_esp.c                                   1.10.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0905
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:11.ipsec.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2.2 (FreeBSD)
+
+iD8DBQFEIXZEFdaIBMps37IRAuqlAJ9ri+xFH1TGs96vNt788uo6plbu1ACcDau4
+dm/4Df3zy7GguI+Ekp/hHuQ=
+=+iZv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:12.opie.asc b/share/security/advisories/FreeBSD-SA-06:12.opie.asc
new file mode 100644
index 0000000000..1ddf0d1752
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:12.opie.asc
@@ -0,0 +1,144 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:12.opie                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OPIE arbitrary password change
+
+Category:       contrib
+Module:         contrib_opie
+Announced:      2006-03-22
+Credits:        Mykola Zubach
+Affects:        All FreeBSD releases.
+Corrected:      2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE)
+                2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6)
+                2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE)
+                2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13)
+                2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28)
+                2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE)
+                2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16)
+                2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22)
+CVE Name:       CVE-2006-1283
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+OPIE is a one-time password system designed to help to secure a system
+against replay attacks.  It does so using a secure hash function and a
+challenge/response system.  The opiepasswd(1) program is used to set
+up OPIE authentication for a user.  OPIE is enabled by default on
+FreeBSD through PAM.
+
+II.  Problem Description
+
+The opiepasswd(1) program uses getlogin(2) to identify the user
+calling opiepasswd(1).  In some circumstances getlogin(2) will return
+"root" even when running as an unprivileged user.  This causes
+opiepasswd(1) to allow an unpriviled user to configure OPIE
+authentication for the root user.
+
+III. Impact
+
+In certain cases an attacker able to run commands as a non privileged
+users which have not explicitly logged in, for example CGI scripts run
+by a web server, is able to configure OPIE access for the root user.
+If the attacker is able to authenticate as root using OPIE
+authentication, for example if "PermitRootLogin" is set to "yes" in
+sshd_config or the attacker has access to a local user in the "wheel"
+group, the attacker can gain root privileges.
+
+IV.  Workaround
+
+Disable OPIE authentication in PAM:
+
+# sed -i "" -e /opie/s/^/#/ /etc/pam.d/*
+
+or
+
+Remove the setuid bit from opiepasswd:
+
+# chflags noschg /usr/bin/opiepasswd
+# chmod 555 /usr/bin/opiepasswd
+# chflags schg /usr/bin/opiepasswd
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
+RELENG_4_10 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, 5.4, and 6.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:12/opie.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:12/opie.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.bin/opiepasswd
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/opie/opiepasswd.c                               1.1.1.2.6.4
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.17
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.20
+  src/contrib/opie/opiepasswd.c                          1.1.1.2.6.3.10.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.23
+  src/sys/conf/newvers.sh                                  1.33.2.34.2.24
+  src/contrib/opie/opiepasswd.c                           1.1.1.2.6.3.8.1
+RELENG_5
+  src/contrib/opie/opiepasswd.c                                   1.3.8.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.22
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.18
+  src/contrib/opie/opiepasswd.c                                  1.3.12.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.31
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.33
+  src/contrib/opie/opiepasswd.c                                  1.3.10.1
+RELENG_6
+  src/contrib/opie/opiepasswd.c                                  1.3.14.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.11
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.7
+  src/contrib/opie/opiepasswd.c                                  1.3.16.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1283
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:12.opie.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2.2 (FreeBSD)
+
+iD8DBQFEIXZNFdaIBMps37IRAoChAJ9ZFa+7jKF11vpUOKxmh8FqcG3EXgCfYOqj
+/M5ncIaa4gs6P9wihbZ1vZc=
+=fccv
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:13.sendmail.asc b/share/security/advisories/FreeBSD-SA-06:13.sendmail.asc
new file mode 100644
index 0000000000..a806300f68
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:13.sendmail.asc
@@ -0,0 +1,262 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:13.sendmail                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Race condition in sendmail
+
+Category:       contrib
+Module:         contrib_sendmail
+Announced:      2006-03-22
+Affects:        All FreeBSD releases.
+Corrected:      2006-03-22 16:01:08 UTC (RELENG_6, 6.1-STABLE)
+                2006-03-22 16:01:38 UTC (RELENG_6_0, 6.0-RELEASE-p6)
+                2006-03-22 16:01:56 UTC (RELENG_5, 5.5-STABLE)
+                2006-03-22 16:02:17 UTC (RELENG_5_4, 5.4-RELEASE-p13)
+                2006-03-22 16:02:35 UTC (RELENG_5_3, 5.3-RELEASE-p28)
+                2006-03-22 16:02:49 UTC (RELENG_4, 4.11-STABLE)
+                2006-03-22 16:03:05 UTC (RELENG_4_11, 4.11-RELEASE-p16)
+                2006-03-22 16:03:25 UTC (RELENG_4_10, 4.10-RELEASE-p22)
+CVE Name:       CVE-2006-0058
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+NOTE: The issue discussed in this advisory was reported to the FreeBSD
+Security Team, and the patch which corrects it was supplied, by the
+Sendmail Consortium via CERT.  Due to the limited information available
+concerning the nature of the vulnerability, the FreeBSD Security Team
+has not been able to evaluate the effectiveness of the fixes, nor the
+possibility of other workarounds.
+
+I.   Background
+
+FreeBSD includes sendmail(8), a general purpose internetwork mail
+routing facility, as the default Mail Transfer Agent (MTA).
+
+II.  Problem Description
+
+A race condition has been reported to exist in the handling by sendmail
+of asynchronous signals.
+
+III. Impact
+
+A remote attacker may be able to execute arbitrary code with the
+privileges of the user running sendmail, typically root.
+
+IV.  Workaround
+
+There is no known workaround other than disabling sendmail.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
+RELENG_4_10 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, 5.4, and 6.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.10]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail410.patch.asc
+
+[FreeBSD 4.11 and FreeBSD 5.3]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail411.patch.asc
+
+[FreeBSD 5.4, and FreeBSD 6.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:13/sendmail.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libsm
+# make obj && make depend && make
+# cd /usr/src/lib/libsmutil
+# make obj && make depend && make
+# cd /usr/src/usr.sbin/sendmail
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/sendmail/libsm/fflush.c                         1.1.1.1.2.1
+  src/contrib/sendmail/libsm/local.h                          1.1.1.1.2.6
+  src/contrib/sendmail/libsm/refill.c                         1.1.1.1.2.4
+  src/contrib/sendmail/src/collect.c                         1.1.1.4.2.17
+  src/contrib/sendmail/src/conf.c                                1.5.2.20
+  src/contrib/sendmail/src/deliver.c                         1.1.1.3.2.20
+  src/contrib/sendmail/src/headers.c                             1.4.2.16
+  src/contrib/sendmail/src/mime.c                            1.1.1.3.2.10
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.2.6.20
+  src/contrib/sendmail/src/savemail.c                            1.4.2.13
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.4.2.22
+  src/contrib/sendmail/src/sfsasl.c                          1.1.1.1.2.16
+  src/contrib/sendmail/src/sfsasl.h                           1.1.1.1.2.3
+  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.2.6.20
+  src/contrib/sendmail/src/usersmtp.c                        1.1.1.3.2.17
+  src/contrib/sendmail/src/util.c                            1.1.1.3.2.15
+RELENG_4_11
+  src/contrib/sendmail/libsm/fflush.c                    1.1.1.1.2.1.12.1
+  src/contrib/sendmail/libsm/local.h                      1.1.1.1.2.5.2.1
+  src/contrib/sendmail/libsm/refill.c                     1.1.1.1.2.3.2.1
+  src/contrib/sendmail/src/collect.c                     1.1.1.4.2.14.2.1
+  src/contrib/sendmail/src/conf.c                            1.5.2.17.2.1
+  src/contrib/sendmail/src/deliver.c                     1.1.1.3.2.17.2.1
+  src/contrib/sendmail/src/headers.c                         1.4.2.14.2.1
+  src/contrib/sendmail/src/mime.c                         1.1.1.3.2.8.2.1
+  src/contrib/sendmail/src/parseaddr.c                   1.1.1.2.6.17.2.1
+  src/contrib/sendmail/src/savemail.c                        1.4.2.11.2.1
+  src/contrib/sendmail/src/sendmail.h                    1.1.1.4.2.19.2.1
+  src/contrib/sendmail/src/sfsasl.c                      1.1.1.1.2.14.2.1
+  src/contrib/sendmail/src/sfsasl.h                      1.1.1.1.2.2.12.1
+  src/contrib/sendmail/src/srvrsmtp.c                    1.1.1.2.6.17.2.1
+  src/contrib/sendmail/src/usersmtp.c                    1.1.1.3.2.14.2.1
+  src/contrib/sendmail/src/util.c                        1.1.1.3.2.13.2.1
+  src/UPDATING                                             1.73.2.91.2.17
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.20
+RELENG_4_10
+  src/contrib/sendmail/libsm/fflush.c                    1.1.1.1.2.1.10.1
+  src/contrib/sendmail/libsm/local.h                      1.1.1.1.2.4.2.1
+  src/contrib/sendmail/libsm/refill.c                     1.1.1.1.2.2.6.1
+  src/contrib/sendmail/src/collect.c                     1.1.1.4.2.13.2.1
+  src/contrib/sendmail/src/conf.c                            1.5.2.16.2.1
+  src/contrib/sendmail/src/deliver.c                     1.1.1.3.2.16.2.1
+  src/contrib/sendmail/src/headers.c                         1.4.2.13.2.1
+  src/contrib/sendmail/src/mime.c                         1.1.1.3.2.7.2.1
+  src/contrib/sendmail/src/parseaddr.c                   1.1.1.2.6.16.2.1
+  src/contrib/sendmail/src/savemail.c                        1.4.2.10.6.1
+  src/contrib/sendmail/src/sendmail.h                    1.1.1.4.2.18.2.1
+  src/contrib/sendmail/src/sfsasl.c                      1.1.1.1.2.13.2.1
+  src/contrib/sendmail/src/sfsasl.h                      1.1.1.1.2.2.10.1
+  src/contrib/sendmail/src/srvrsmtp.c                    1.1.1.2.6.16.2.1
+  src/contrib/sendmail/src/usersmtp.c                    1.1.1.3.2.13.2.1
+  src/contrib/sendmail/src/util.c                        1.1.1.3.2.12.2.1
+  src/UPDATING                                             1.73.2.90.2.23
+  src/sys/conf/newvers.sh                                  1.33.2.34.2.24
+RELENG_5
+  src/contrib/sendmail/libsm/fflush.c                         1.1.1.3.8.1
+  src/contrib/sendmail/libsm/local.h                          1.1.1.7.2.1
+  src/contrib/sendmail/libsm/refill.c                         1.1.1.5.2.1
+  src/contrib/sendmail/src/collect.c                         1.1.1.19.2.3
+  src/contrib/sendmail/src/conf.c                                1.26.2.3
+  src/contrib/sendmail/src/deliver.c                         1.1.1.21.2.3
+  src/contrib/sendmail/src/headers.c                             1.20.2.2
+  src/contrib/sendmail/src/mime.c                            1.1.1.12.2.2
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.20.2.3
+  src/contrib/sendmail/src/savemail.c                            1.16.2.2
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.23.2.3
+  src/contrib/sendmail/src/sfsasl.c                          1.1.1.14.2.2
+  src/contrib/sendmail/src/sfsasl.h                           1.1.1.4.8.1
+  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.20.2.3
+  src/contrib/sendmail/src/usersmtp.c                        1.1.1.18.2.3
+  src/contrib/sendmail/src/util.c                            1.1.1.17.2.2
+RELENG_5_4
+  src/contrib/sendmail/libsm/fflush.c                        1.1.1.3.12.1
+  src/contrib/sendmail/libsm/local.h                          1.1.1.7.6.1
+  src/contrib/sendmail/libsm/refill.c                         1.1.1.5.6.1
+  src/contrib/sendmail/src/collect.c                     1.1.1.19.2.1.2.1
+  src/contrib/sendmail/src/conf.c                            1.26.2.1.2.1
+  src/contrib/sendmail/src/deliver.c                     1.1.1.21.2.1.2.1
+  src/contrib/sendmail/src/headers.c                         1.20.2.1.2.1
+  src/contrib/sendmail/src/mime.c                        1.1.1.12.2.1.2.1
+  src/contrib/sendmail/src/parseaddr.c                   1.1.1.20.2.1.2.1
+  src/contrib/sendmail/src/savemail.c                        1.16.2.1.2.1
+  src/contrib/sendmail/src/sendmail.h                    1.1.1.23.2.1.2.1
+  src/contrib/sendmail/src/sfsasl.c                      1.1.1.14.2.1.2.1
+  src/contrib/sendmail/src/sfsasl.h                          1.1.1.4.12.1
+  src/contrib/sendmail/src/srvrsmtp.c                    1.1.1.20.2.1.2.1
+  src/contrib/sendmail/src/usersmtp.c                    1.1.1.18.2.1.2.1
+  src/contrib/sendmail/src/util.c                        1.1.1.17.2.1.2.1
+  src/UPDATING                                            1.342.2.24.2.22
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.18
+RELENG_5_3
+  src/contrib/sendmail/libsm/fflush.c                        1.1.1.3.10.1
+  src/contrib/sendmail/libsm/local.h                          1.1.1.7.4.1
+  src/contrib/sendmail/libsm/refill.c                         1.1.1.5.4.1
+  src/contrib/sendmail/src/collect.c                         1.1.1.19.4.1
+  src/contrib/sendmail/src/conf.c                                1.26.4.1
+  src/contrib/sendmail/src/deliver.c                         1.1.1.21.4.1
+  src/contrib/sendmail/src/headers.c                             1.20.4.1
+  src/contrib/sendmail/src/mime.c                            1.1.1.12.4.1
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.20.4.1
+  src/contrib/sendmail/src/savemail.c                            1.16.4.1
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.23.4.1
+  src/contrib/sendmail/src/sfsasl.c                          1.1.1.14.4.1
+  src/contrib/sendmail/src/sfsasl.h                          1.1.1.4.10.1
+  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.20.4.1
+  src/contrib/sendmail/src/usersmtp.c                        1.1.1.18.4.1
+  src/contrib/sendmail/src/util.c                            1.1.1.17.4.1
+  src/UPDATING                                            1.342.2.13.2.31
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.33
+RELENG_6
+  src/contrib/sendmail/libsm/fflush.c                        1.1.1.3.14.1
+  src/contrib/sendmail/libsm/local.h                          1.1.1.7.8.1
+  src/contrib/sendmail/libsm/refill.c                         1.1.1.5.8.1
+  src/contrib/sendmail/src/collect.c                         1.1.1.21.2.1
+  src/contrib/sendmail/src/conf.c                                1.28.2.1
+  src/contrib/sendmail/src/deliver.c                         1.1.1.23.2.1
+  src/contrib/sendmail/src/headers.c                             1.21.2.1
+  src/contrib/sendmail/src/mime.c                            1.1.1.13.2.1
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.22.2.1
+  src/contrib/sendmail/src/savemail.c                            1.17.2.1
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.26.2.1
+  src/contrib/sendmail/src/sfsasl.c                          1.1.1.15.2.1
+  src/contrib/sendmail/src/sfsasl.h                          1.1.1.4.14.1
+  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.22.2.1
+  src/contrib/sendmail/src/usersmtp.c                        1.1.1.21.2.1
+  src/contrib/sendmail/src/util.c                            1.1.1.18.2.1
+RELENG_6_0
+  src/contrib/sendmail/libsm/fflush.c                        1.1.1.3.16.1
+  src/contrib/sendmail/libsm/local.h                         1.1.1.7.10.1
+  src/contrib/sendmail/libsm/refill.c                        1.1.1.5.10.1
+  src/contrib/sendmail/src/collect.c                         1.1.1.21.4.1
+  src/contrib/sendmail/src/conf.c                                1.28.4.1
+  src/contrib/sendmail/src/deliver.c                         1.1.1.23.4.1
+  src/contrib/sendmail/src/headers.c                             1.21.4.1
+  src/contrib/sendmail/src/mime.c                            1.1.1.13.4.1
+  src/contrib/sendmail/src/parseaddr.c                       1.1.1.22.4.1
+  src/contrib/sendmail/src/savemail.c                            1.17.4.1
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.26.4.1
+  src/contrib/sendmail/src/sfsasl.c                          1.1.1.15.4.1
+  src/contrib/sendmail/src/sfsasl.h                          1.1.1.4.16.1
+  src/contrib/sendmail/src/srvrsmtp.c                        1.1.1.22.4.1
+  src/contrib/sendmail/src/usersmtp.c                        1.1.1.21.4.1
+  src/contrib/sendmail/src/util.c                            1.1.1.18.4.1
+  src/UPDATING                                             1.416.2.3.2.11
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.7
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0058
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:13.sendmail.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2.2 (FreeBSD)
+
+iD8DBQFEIXZWFdaIBMps37IRAldYAJ9nd+wQMJlQObUuio5tBEFwD0ULwwCbB2eI
+u3JkyVwHx4WOgmZkg9QKang=
+=d3RW
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:14-amd.txt b/share/security/advisories/FreeBSD-SA-06:14-amd.txt
new file mode 100644
index 0000000000..bd538ffe8b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:14-amd.txt
@@ -0,0 +1,208 @@
+
+		AMD Background/Response
+		Rich Brunner, AMD Fellow
+
+AMD appreciates  the security community  contacting us about
+this issue and giving us a chance to respond. Many thanks to
+Jan Beulich and Andi Kleen for first  alerting us to the  
+concern around this issue and trying out several solutions.
+
+
+Introduction
+============
+To summarize the issue from AMD's perspective, AMD documents
+the  operation of  the  FXSAVE and  FXRSTOR instructions  as
+follows  in  the  "AMD64  Architecture  Programmer's  Manual
+Volume 5:  64-Bit Media and  x87 Floating-Point Instructions
+Rev 3.06":
+
+(http://www.amd.com/us-en/assets/content_type/white_papers_and_tech_docs/26569.pdf)
+
+  + FXRSTOR (pg 350):
+
+    "FXRSTOR does  not restore the x87  error pointers (last
+     instruction  pointer,  last   data  pointer,  and  last
+     opcode), except  in the relatively rare  cases in which
+     the exception  summary (ES) bit in the  x87 status word
+     is set to 1,  indicating that an unmasked x87 exception
+     has occurred."
+
+  + FXSAVE (pg 352):
+
+    "FXSAVE does  not save  the x87 pointer  registers (last
+     instruction  pointer,  last   data  pointer,  and  last
+     opcode), except  in the relatively rare  cases in which
+     the exception  summary (ES) bit in the  x87 status word
+     is set to 1,  indicating that an unmasked x87 exception
+     has occurred."
+
+AMD purposely designed the  implementation of the FXSAVE and
+FXRSTOR  instructions in the  above manner  to significantly
+improve the  performance of context-switching.   AMD did not
+want to  penalize the performance of  these instructions for
+all operating systems for  the relatively rare case when the
+exception summary  bit was set  or the unlikely case  of the
+x87  exceptions pointers being  successfully exploited  in a
+real  customer  environment.    Instead,  AMD  designed  the
+instructions to optimize performance for the common case.
+
+As a  result of the operation  of FXSAVE and  FXRSTOR, it is
+theoretically possible  for one process  (reader) to observe
+the  x87  exception  pointers  of another  process  (writer)
+provided that:
+
+  + no  other x87 instructions are executed  that affect the
+    x87 exception  pointers between  the time the  writer is
+    swapped out and the reader is swapped in; and
+
+  + the  reader does not  have a pending x87  exception when
+    swapped back in; and
+
+  + the   reader  does    not  issue  any   non-control  x87
+    instructions when  swapped back in  before examining x87
+    exception pointers.
+
+Operating  systems can employ one of several simple software 
+methods to remove the possibility of exploitation as 
+described  below. In some cases, these methods may actually 
+*improve* the performance of an operating-system's 
+context-switching code.
+
+
+Software Methods
+================
+There  are  a number  of  methods,  "Clear Sequences",  that
+software can  use to ensure that the  x87 exception pointers
+(ip, dp,  opcode) are initialized to benign  values on every
+context  switch.  Below  are just  a few  examples  of those
+methods.
+
+Critical to  the first two methods is  an OS-dependent "safe
+address":  this  is  some  location which  can  be  accessed
+without  faulting   and  whose   value  is  likely   in  the
+processor's L1 data cache. This location will be loaded into
+the x87 stack to ensure  that the x87 exception pointers are
+set to a benign value.
+
+[Note  that the  Data  Segment Descriptor  (DS)  that is  in
+effect  when  the  kernel  executes the  clear  sequence  is
+recorded in the x87  exception pointers. Depending on the OS
+kernel  and its  mode,  this  DS may  be  from the  previous
+process.  To prevent this,  the kernel should ensure that DS
+is loaded with a  benign value before executing FXSAVE.  For
+example, recent  32-bit Linux  kernels already reload  DS on
+kernel entry.]
+ 
+
+
+  + "FXRSTOR-centric" method
+
+    This method sets the  x87 exception pointers to a benign
+    state  just before  executing an  FXRSTOR.  It  makes no
+    assumption about the state  of the current x87 exception
+    pointers before executing  the restore sequence.  In the
+    normal case, where ES is not set before the FXRSTOR, the
+    "Clear  Sequence"  takes  approximately  14  cycles  (as
+    measured on  an AMD Opteron). 
+ 
+ 
+
+  ## Restore Code ...
+
+  ## Begin_Clear_Sequence
+	fnstsw	%ax		# Grab x87 ES bit
+	ffree	st(7)		# Clear tag bit to remove
+				#  -possible stack overflow
+	bt	$7,%ax		# Test ES bit
+	jnc	1f		# Jump if ES=0
+	fnclex			# ES=1, so clear it so fild
+				#  -can't trap
+1:	fildl	safe_address	# Dummy Load from OS-dependent
+				#  -"safe address" changes all
+				#  -x87 exception pointers.
+  ## End_Clear_Sequence
+	fxrstor ...		# Now swap in process state
+
+
+      
+  + "FXSAVE-centric" method
+
+    This  method  may not  apply  to  all operating  systems
+    because  it requires  certain guarantees  between FXSAVE
+    and a  subsequent FXRSTOR;  however, this is  the method
+    that Linux  will likely choose.  This  approach sets the
+    x87  exception pointers  to  a benign  state just  after
+    executing an FXSAVE.  Between  that point and entry into
+    another x87-using  process, the requirement  is that the
+    x87 state  remains benign.  If anything  changes the x87
+    exception  pointers in the  interim, then  software must
+    clear  out or  save/restore the  state  explicitly again
+    before executing an FXRSTOR.
+
+    In  the normal  case,  where  ES is  not  set after  the
+    FXSAVE,  the  "Clear  Sequence"  takes  approximately  7
+    cycles (as  measured on  an AMD Opteron).   However, the
+    added cycles  to the  FXSAVE code may  be much  less for
+    operating systems, like  Linux, which currently place an
+    unconditional  FNCLEX  after  the  FXSAVE.   The  "Clear
+    Sequence"  replaces  the  unconditional  FNCLEX  with  a
+    conditional one and may  actually *reduce* the number of
+    cycles used for the FXSAVE code.
+
+
+  ## FXSAVE Code
+	fxsave save_image		# save old process state. 
+
+  ## Begin_Clear_Sequence
+	bt	$7,save_image.fsw	# Test saved ES bit
+	jnc	1f			# Jump if ES=0
+	fnclex				# ES=1, so clear it so fild
+					#  -can't trap
+1:	ffree	st(7)			# Clear tag bit to remove
+					#  -possible stack overflow
+	fildl	safe_address		# Dummy Load from OS-dependent
+					#  -"safe address" changes all
+					#  -x87 exception pointers.
+  ## End_Clear_Sequence
+	...
+  ## Restore Code
+	fxrstor ...			# Now swap in process state
+
+
+
+  + FNSAVE and FRSTOR
+
+    32-bit Operating  Systems can  use FNSAVE and  FRSTOR to
+    always  save  and  restore  the complete  x87  execution
+    state.   However,  because  these  instructions  do  not
+    save/restore XMM registers or associated state, software
+    must  explicitly perform  this operation.   In addition,
+    because FSAVE/FNSAVE  do not  save the full  64-bit data
+    and   instruction  pointers   for   x87  state,   64-bit
+    applications  should  use  FXSAVE/FXRSTOR,  rather  than
+    FSAVE/FRSTOR.
+
+
+
+Processors Affected 
+=================== 
+It  is  AMD's  intent  that all  future  "AuthenticAMD"  AMD
+processors  (those  that  return  "AuthenticAMD"  for  CPUID
+vendor  string)  will  follow  the behavior  of  FXSAVE  and
+FXRSTOR   as   documented   in   the   "AMD64   Architecture
+Programmer's   Manual  Volume  5:   64-Bit  Media   and  x87
+Floating-Point Instructions  Rev 3.06".  In  addition, these
+CPUID Families of  "AuthenticAMD" AMD processors also follow
+this behavior:
+
+ + Family=06h:	All 7th generation AMD  processors (such as
+		AMD Athlon, AMD Duron, AMD Athlon MP, 
+		AMD Athlon XP, and AMD Sempron).
+      
+ + Family=0Fh:	All 8th generation AMD  processors (such as
+		AMD Athlon64, AMD Athlon64 FX, AMD Opteron, 
+		AMD Turion, and AMD Sempron).
+
+AMD processors which return "Geode by NSCe" for CPUID vendor
+string do not follow this behavior.
+
diff --git a/share/security/advisories/FreeBSD-SA-06:14.fpu.asc b/share/security/advisories/FreeBSD-SA-06:14.fpu.asc
new file mode 100644
index 0000000000..1d09a13b69
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:14.fpu.asc
@@ -0,0 +1,170 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:14.fpu                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          FPU information disclosure
+
+Category:       core
+Module:         sys
+Announced:      2006-04-19
+Credits:        Jan Beulich
+Affects:        All FreeBSD/i386 and FreeBSD/amd64 releases.
+Corrected:      2006-04-19 07:00:35 UTC (RELENG_6, 6.1-STABLE)
+                2006-04-19 07:00:50 UTC (RELENG_6_1, 6.1-RELEASE)
+                2006-04-19 07:01:12 UTC (RELENG_6_0, 6.0-RELEASE-p7)
+                2006-04-19 07:01:30 UTC (RELENG_5, 5.5-STABLE)
+                2006-04-19 07:01:53 UTC (RELENG_5_4, 5.4-RELEASE-p14)
+                2006-04-19 07:02:23 UTC (RELENG_5_3, 5.3-RELEASE-p29)
+                2006-04-19 07:02:43 UTC (RELENG_4, 4.11-STABLE)
+                2006-04-19 07:03:01 UTC (RELENG_4_11, 4.11-RELEASE-p17)
+                2006-04-19 07:03:14 UTC (RELENG_4_10, 4.10-RELEASE-p23)
+CVE Name:       CVE-2006-1056
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The floating-point unit (FPU) of i386 and amd64 processors is derived from
+the original 8087 floating-point co-processor.  As a result, the FPU
+contains the same debugging registers FOP, FIP, and FDP which store the
+opcode, instruction address, and data address of the instruction most
+recently executed by the FPU.
+
+On processors implementing the "SSE" instruction set, a new pair of
+instructions fxsave/fxrstor replaces the earlier fsave/frstor pair used
+for saving and restoring the FPU state.  These new instructions also
+save and restore the contents of the additional registers used by SSE
+instructions.
+
+II.  Problem Description
+
+On "7th generation" and "8th generation" processors manufactured by AMD,
+including the AMD Athlon, Duron, Athlon MP, Athlon XP, Athlon64, Athlon64
+FX, Opteron, Turion, and Sempron, the fxsave and fxrstor instructions do
+not save and restore the FOP, FIP, and FDP registers unless the exception
+summary bit (ES) in the x87 status word is set to 1, indicating that an
+unmasked x87 exception has occurred.
+
+This behaviour is consistent with documentation provided by AMD, but is
+different from processors from other vendors, which save and restore the
+FOP, FIP, and FDP registers regardless of the value of the ES bit.  As a
+result of this discrepancy remaining unnoticed until now, the FreeBSD
+kernel does not restore the contents of the FOP, FIP, and FDP registers
+between context switches.
+
+III. Impact
+
+On affected processors, a local attacker can monitor the execution path
+of a process which uses floating-point operations.  This may allow an
+attacker to steal cryptographic keys or other sensitive information.
+
+IV.  Workaround
+
+No workaround is available, but systems which do not use AMD Athlon, Duron,
+Athlon MP, Athlon XP, Athlon64, Athlon64 FX, Opteron, Turion, or Sempron
+processors are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_0, RELENG_5_4, RELENG_5_3, RELENG_4_11, or
+RELENG_4_10 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, 5.4, and 6.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:14/fpu4x.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:14/fpu4x.patch.asc
+
+[FreeBSD 5.x and 6.x]
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:14/fpu.patch
+# fetch ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/patches/SA-06:14/fpu.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/i386/isa/npx.c                                         1.80.2.4
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.18
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.21
+  src/sys/i386/isa/npx.c                                    1.80.2.3.14.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.24
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.25
+  src/sys/i386/isa/npx.c                                    1.80.2.3.12.1
+RELENG_5
+  src/sys/amd64/amd64/fpu.c                                     1.154.2.2
+  src/sys/i386/isa/npx.c                                        1.152.2.4
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.23
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.19
+  src/sys/amd64/amd64/fpu.c                                 1.154.2.1.2.1
+  src/sys/i386/isa/npx.c                                    1.152.2.3.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.32
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.34
+  src/sys/amd64/amd64/fpu.c                                     1.154.4.1
+  src/sys/i386/isa/npx.c                                        1.152.4.1
+RELENG_6
+  src/sys/amd64/amd64/fpu.c                                     1.157.2.1
+  src/sys/i386/isa/npx.c                                        1.162.2.2
+RELENG_6_1
+  src/UPDATING                                             1.416.2.22.2.1
+  src/sys/conf/newvers.sh                                   1.69.2.11.2.1
+  src/sys/amd64/amd64/fpu.c                                     1.157.6.1
+  src/sys/i386/isa/npx.c                                    1.162.2.1.2.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.12
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.8
+  src/sys/amd64/amd64/fpu.c                                     1.157.4.1
+  src/sys/i386/isa/npx.c                                        1.162.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1056
+
+The latest revision of this advisory is available at
+ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:14.fpu.asc
+
+VIII. Acknowledgements
+
+The FreeBSD Security Team would like to thank AMD, and Richard Brunner
+specifically, for responding promptly to this issue and providing an
+extensive response analyzing the problem.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQFEReGUFdaIBMps37IRAnmUAJ4lsl3bpH6duA5u/wssIa01o98BlwCgleWn
+a1vJCiLwkkfqHtmBDKxaQ+A=
+=4yls
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:15.ypserv.asc b/share/security/advisories/FreeBSD-SA-06:15.ypserv.asc
new file mode 100644
index 0000000000..942010338d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:15.ypserv.asc
@@ -0,0 +1,130 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:15.ypserv                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Inoperative access controls in ypserv(8)
+
+Category:       core
+Module:         ypserv
+Announced:      2006-05-31
+Credits:        Hokan
+Affects:        All FreeBSD 5.x and FreeBSD 6.x releases
+Corrected:      2006-05-31 22:31:21 UTC (RELENG_6, 6.1-STABLE)
+                2006-05-31 22:31:42 UTC (RELENG_6_1, 6.1-RELEASE-p1)
+                2006-05-31 22:32:04 UTC (RELENG_6_0, 6.0-RELEASE-p8)
+                2006-05-31 22:32:22 UTC (RELENG_5, 5.5-STABLE)
+                2006-05-31 22:32:49 UTC (RELENG_5_5, 5.5-RELEASE-p1)
+                2006-05-31 22:33:17 UTC (RELENG_5_4, 5.4-RELEASE-p15)
+                2006-05-31 22:33:41 UTC (RELENG_5_3, 5.3-RELEASE-p30)
+CVE Name:       CVE-2006-2655
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+The ypserv(8) utility is a server which distributes NIS databases to client
+systems within an NIS domain.
+
+II.  Problem Description
+
+There are two documented methods of restricting access to NIS maps through
+ypserv(8): through the use of the /var/yp/securenets file, and through the
+/etc/hosts.allow file.  While both mechanisms are implemented in the server,
+a change in the build process caused the "securenets" access restrictions
+to be inadvertantly disabled.
+
+III. Impact
+
+ypserv(8) will not load or process any of the networks or hosts specified in
+the /var/yp/securenets file, rendering those access controls ineffective.
+
+IV.  Workaround
+
+One possible workaround is to use /etc/hosts.allow for access control, as
+shown by examples in that file.
+
+Another workaround is to use a firewall (e.g., ipfw(4), ipf(4), or pf(4))
+to limit access to RPC functions from untrusted systems or networks, but
+due to the complexities of RPC, it might be difficult to create a set of
+firewall rules which accomplish this without blocking all access to the
+machine in question.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE or 6-STABLE, or to the
+RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, or RELENG_5_3 security
+branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.3, 5.4,
+5.5, 6.0, and 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-06:15/ypserv.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:15/ypserv.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/ypserv
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/usr.sbin/ypserv/yp_access.c                                1.22.6.1
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.1
+  src/sys/conf/newvers.sh                                   1.62.2.21.2.3
+  src/usr.sbin/ypserv/yp_access.c                               1.22.18.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.24
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.20
+  src/usr.sbin/ypserv/yp_access.c                               1.22.10.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.33
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.35
+  src/usr.sbin/ypserv/yp_access.c                                1.22.8.1
+RELENG_6
+  src/usr.sbin/ypserv/yp_access.c                               1.22.12.1
+RELENG_6_1
+  src/UPDATING                                             1.416.2.22.2.3
+  src/sys/conf/newvers.sh                                   1.69.2.11.2.3
+  src/usr.sbin/ypserv/yp_access.c                               1.22.16.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.13
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.9
+  src/usr.sbin/ypserv/yp_access.c                               1.22.14.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2655
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:15.ypserv.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQFEfhuUFdaIBMps37IRAhH5AJ9cpTLcR+aWSRPUa1zUDYThhKDqowCggYr1
+4OyjFHW/C+NB9nMIX8Wf7IE=
+=NNUN
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:16.smbfs.asc b/share/security/advisories/FreeBSD-SA-06:16.smbfs.asc
new file mode 100644
index 0000000000..749a8192ef
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:16.smbfs.asc
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:16.smbfs                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          smbfs chroot escape
+
+Category:       core
+Module:         smbfs
+Announced:      2006-05-31
+Credits:        Mark Moseley
+Affects:        All FreeBSD releases.
+Corrected:      2006-05-31 22:31:21 UTC (RELENG_6, 6.1-STABLE)
+                2006-05-31 22:31:42 UTC (RELENG_6_1, 6.1-RELEASE-p1)
+                2006-05-31 22:32:04 UTC (RELENG_6_0, 6.0-RELEASE-p8)
+                2006-05-31 22:32:22 UTC (RELENG_5, 5.5-STABLE)
+                2006-05-31 22:32:49 UTC (RELENG_5_5, 5.5-RELEASE-p1)
+                2006-05-31 22:33:17 UTC (RELENG_5_4, 5.4-RELEASE-p15)
+                2006-05-31 22:33:41 UTC (RELENG_5_3, 5.3-RELEASE-p30)
+                2006-05-31 22:34:32 UTC (RELENG_4, 4.11-STABLE)
+                2006-05-31 22:34:53 UTC (RELENG_4_11, 4.11-RELEASE-p18)
+                2006-05-31 22:35:32 UTC (RELENG_4_10, 4.10-RELEASE-p24)
+CVE Name:       CVE-2006-2654
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://www.freebsd.org/security/>.
+
+I.   Background
+
+smbfs is a network file-system used to access file servers using the
+SMB/CIFS protocol.  chroot(2) is system call designed to limit a
+process's access to a particular subset of a file-system.
+
+II.  Problem Description
+
+smbfs does not properly sanitize paths containing a backslash
+character; in particular the directory name '..\' is interpreted as
+the parent directory by the SMB/CIFS server, but smbfs handles it in
+the same manner as any other directory.
+
+III. Impact
+
+When inside a chroot environment which resides on a smbfs mounted
+file-system it is possible for an attacker to escape out of this
+chroot to any other directory on the smbfs mounted file-system.
+
+IV.  Workaround
+
+Mount the smbfs file-systems which need to be used with chroot on top,
+in a way so the chroot directory is exactly on the mount point and not
+a sub directory.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3,
+RELENG_4_11, or RELENG_4_10 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.10,
+4.11, 5.3, 5.4, 5.5, 6.0, and 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-06:16/smbfs.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:16/smbfs.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/fs/smbfs/smbfs_vnops.c                                 1.2.2.11
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.19
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.22
+  src/sys/fs/smbfs/smbfs_vnops.c                             1.2.2.10.4.1
+RELENG_4_10
+  src/UPDATING                                             1.73.2.90.2.25
+  src/sys/conf/newvers.sh                                  1.44.2.34.2.26
+  src/sys/fs/smbfs/smbfs_vnops.c                             1.2.2.10.2.1
+RELENG_5
+  src/sys/fs/smbfs/smbfs_vnops.c                                 1.46.2.2
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.1
+  src/sys/conf/newvers.sh                                   1.62.2.21.2.3
+  src/sys/fs/smbfs/smbfs_vnops.c                             1.46.2.1.4.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.24
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.20
+  src/sys/fs/smbfs/smbfs_vnops.c                             1.46.2.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.33
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.35
+  src/sys/fs/smbfs/smbfs_vnops.c                                 1.46.4.1
+RELENG_6
+  src/sys/fs/smbfs/smbfs_vnops.c                                 1.61.2.2
+RELENG_6_1
+  src/UPDATING                                             1.416.2.22.2.3
+  src/sys/conf/newvers.sh                                   1.69.2.11.2.3
+  src/sys/fs/smbfs/smbfs_vnops.c                             1.61.2.1.2.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.13
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.9
+  src/sys/fs/smbfs/smbfs_vnops.c                                 1.61.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2654
+
+The following three references correspond to independent bugs which
+affect the Linux kernel but have the same impact:
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1863
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1864
+https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189434
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:16.smbfs.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQFEfhueFdaIBMps37IRAquuAJ0eCPAahUu19kdTjKpVHrrtQ9q16gCfZ5sC
+xknjanFlpMxJAZ7iYSxBvcI=
+=PvoL
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:17.sendmail.asc b/share/security/advisories/FreeBSD-SA-06:17.sendmail.asc
new file mode 100644
index 0000000000..e84e39e23c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:17.sendmail.asc
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:17.sendmail                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Incorrect multipart message handling in Sendmail
+
+Category:       contrib
+Module:         contrib_sendmail
+Announced:      2006-06-14
+Affects:        All FreeBSD releases.
+Corrected:      2006-06-14 15:58:23 UTC (RELENG_6, 6.1-STABLE)
+                2006-06-14 15:59:28 UTC (RELENG_6_1, 6.1-RELEASE-p2)
+                2006-06-14 15:59:37 UTC (RELENG_6_0, 6.0-RELEASE-p9)
+                2006-06-14 16:00:02 UTC (RELENG_5, 5.5-STABLE)
+                2006-06-14 16:00:22 UTC (RELENG_5_5, 5.5-RELEASE-p2)
+                2006-06-14 16:00:42 UTC (RELENG_5_4, 5.4-RELEASE-p16)
+                2006-06-14 16:00:56 UTC (RELENG_5_3, 5.3-RELEASE-p31)
+                2006-06-14 16:01:06 UTC (RELENG_4, 4.11-STABLE)
+                2006-06-14 16:01:21 UTC (RELENG_4_11, 4.11-RELEASE-p19)
+CVE Name:       CVE-2006-1173
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+FreeBSD includes sendmail(8), a general purpose internetwork mail
+routing facility, as the default Mail Transfer Agent (MTA).
+
+II.  Problem Description
+
+A suitably malformed multipart MIME message can cause sendmail to exceed
+predefined limits on its stack usage.
+
+III. Impact
+
+An attacker able to send mail to, or via, a server can cause queued
+messages on the system to not be delivered, by causing the sendmail process
+which handles queued messages to crash.  Note that this will not stop new
+messages from entering the queue (either from local processes, or incoming
+via SMTP).
+
+IV.  Workaround
+
+No workaround is available, but systems which do not receive email from
+untrusted sources are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3,
+or RELENG_4_11 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.11, 5.3,
+5.4, 5.5, 6.0, and 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-06:17/sendmail.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:17/sendmail.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libsm
+# make obj && make depend && make
+# cd /usr/src/lib/libsmutil
+# make obj && make depend && make
+# cd /usr/src/usr.sbin/sendmail
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/sendmail/src/deliver.c                         1.1.1.3.2.24
+  src/contrib/sendmail/src/mime.c                            1.1.1.3.2.14
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.4.2.31
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.19
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.22
+  src/contrib/sendmail/src/deliver.c                     1.1.1.3.2.17.2.2
+  src/contrib/sendmail/src/mime.c                         1.1.1.3.2.8.2.2
+  src/contrib/sendmail/src/sendmail.h                    1.1.1.4.2.19.2.2
+RELENG_5
+  src/contrib/sendmail/src/deliver.c                         1.1.1.21.2.6
+  src/contrib/sendmail/src/mime.c                            1.1.1.12.2.5
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.23.2.6
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.1
+  src/sys/conf/newvers.sh                                   1.62.2.21.2.3
+  src/contrib/sendmail/src/deliver.c                     1.1.1.21.2.4.2.1
+  src/contrib/sendmail/src/mime.c                        1.1.1.12.2.3.2.1
+  src/contrib/sendmail/src/sendmail.h                    1.1.1.23.2.4.2.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.24
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.20
+  src/contrib/sendmail/src/deliver.c                     1.1.1.21.2.1.2.2
+  src/contrib/sendmail/src/mime.c                        1.1.1.12.2.1.2.2
+  src/contrib/sendmail/src/sendmail.h                    1.1.1.23.2.1.2.2
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.33
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.35
+  src/contrib/sendmail/src/deliver.c                         1.1.1.21.4.2
+  src/contrib/sendmail/src/mime.c                            1.1.1.12.4.2
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.23.4.2
+RELENG_6
+  src/contrib/sendmail/src/deliver.c                         1.1.1.23.2.3
+  src/contrib/sendmail/src/mime.c                            1.1.1.13.2.3
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.26.2.3
+RELENG_6_1
+  src/UPDATING                                             1.416.2.22.2.3
+  src/sys/conf/newvers.sh                                   1.69.2.11.2.3
+  src/contrib/sendmail/src/deliver.c                     1.1.1.23.2.2.2.1
+  src/contrib/sendmail/src/mime.c                        1.1.1.13.2.2.2.1
+  src/contrib/sendmail/src/sendmail.h                    1.1.1.26.2.2.2.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.13
+  src/sys/conf/newvers.sh                                    1.69.2.8.2.9
+  src/contrib/sendmail/src/deliver.c                         1.1.1.23.4.2
+  src/contrib/sendmail/src/mime.c                            1.1.1.13.4.2
+  src/contrib/sendmail/src/sendmail.h                        1.1.1.26.4.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1173
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:17.sendmail.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQFEkDVJFdaIBMps37IRAqUCAJwKg8UZ2a5oO9XLXpPwgsBi+YdQcACgj2IY
+D5jN+o1IfjomEK4IIY+xiR8=
+=t7Wz
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:18.ppp.asc b/share/security/advisories/FreeBSD-SA-06:18.ppp.asc
new file mode 100644
index 0000000000..160de81443
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:18.ppp.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:08.ppp                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Buffer overflow in sppp(4)
+
+Category:       core
+Module:         sys_net
+Announced:      2006-08-23
+Credits:        Martin Husemann, Pavel Cahyna
+Affects:        All FreeBSD releases.
+Corrected:      2006-08-23 22:01:44 UTC (RELENG_6, 6.1-STABLE)
+                2006-08-23 22:02:25 UTC (RELENG_6_1, 6.1-RELEASE-p4)
+                2006-08-23 22:02:52 UTC (RELENG_6_0, 6.0-RELEASE-p10)
+                2006-08-23 22:03:55 UTC (RELENG_5, 5.5-STABLE)
+                2006-08-23 22:04:28 UTC (RELENG_5_5, 5.5-RELEASE-p3)
+                2006-08-23 22:04:58 UTC (RELENG_5_4, 5.4-RELEASE-p17)
+                2006-08-23 22:05:49 UTC (RELENG_5_3, 5.3-RELEASE-p32)
+                2006-08-23 22:06:08 UTC (RELENG_4, 4.11-STABLE)
+                2006-08-23 22:06:40 UTC (RELENG_4_11, 4.11-RELEASE-p20)
+CVE Name:       CVE-2006-4304
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+0.   Revision History
+
+v1.0 2006-08-23  Initial release.
+v1.1 2006-08-25  Corrected name of affected driver.
+
+NOTE WELL: The original version of this advisory identified the affected
+driver as ppp(4).  This is incorrect; the problem occurs in the sppp(4)
+driver instead.
+
+I.   Background
+
+The sppp(4) driver implements the state machine and the Link Control
+Protocol (LCP) of the Point-to-Point Protocol (PPP) and is used in
+combination with underlying drivers which provide synchronous
+point-to-point connections.  In particular, sppp(4) is commonly used
+with i4bisppp(4) and ng_sppp(4).
+
+II.  Problem Description
+
+While processing Link Control Protocol (LCP) configuration options received
+from the remote host, sppp(4) fails to correctly validate option lengths.
+This may result in data being read or written beyond the allocated kernel
+memory buffer.
+
+III. Impact
+
+An attacker able to send LCP packets, including the remote end of a sppp(4)
+connection, can cause the FreeBSD kernel to panic.  Such an attacker may
+also be able to obtain sensitive information or gain elevated privileges.
+
+IV.  Workaround
+
+No workaround is available, but systems which do not use sppp(4) are not
+vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3,
+or RELENG_4_11 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.11, 5.3,
+5.4, 5.5, 6.0, and 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.x]
+# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp4x.patch.asc
+
+[FreeBSD 5.3]
+# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp53.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp53.patch.asc
+
+[FreeBSD 5.4, 5.5, and 6.x]
+# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:18/ppp.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.freebsd.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/net/if_spppsubr.c                                     1.59.2.15
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.21
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.24
+  src/sys/net/if_spppsubr.c                                1.59.2.13.10.1
+RELENG_5
+  src/sys/net/if_spppsubr.c                                     1.113.2.3
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.3
+  src/sys/conf/newvers.sh                                   1.62.2.21.2.5
+  src/sys/net/if_spppsubr.c                                 1.113.2.2.4.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.26
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.22
+  src/sys/net/if_spppsubr.c                                 1.113.2.2.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.35
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.37
+  src/sys/net/if_spppsubr.c                                 1.113.2.1.2.1
+RELENG_6
+  src/sys/net/if_spppsubr.c                                     1.119.2.3
+RELENG_6_1
+  src/UPDATING                                             1.416.2.22.2.6
+  src/sys/conf/newvers.sh                                   1.69.2.11.2.6
+  src/sys/net/if_spppsubr.c                                 1.119.2.2.2.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.15
+  src/sys/conf/newvers.sh                                   1.69.2.8.2.11
+  src/sys/net/if_spppsubr.c                                 1.119.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4304
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:18.ppp.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQFE7u0+FdaIBMps37IRAhmDAKCVpSUMmugw8j5HEjMfSTln+3KdjwCeNKmx
+Qna3jib3T9pASUWraImZYL0=
+=XAoj
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:19.openssl.asc b/share/security/advisories/FreeBSD-SA-06:19.openssl.asc
new file mode 100644
index 0000000000..9678d9c995
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:19.openssl.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:19.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Incorrect PKCS#1 v1.5 padding validation in crypto(3)
+
+Category:       contrib
+Module:         openssl
+Announced:      2006-09-06
+Affects:        All FreeBSD releases.
+Corrected:      2006-09-06 21:18:26 UTC (RELENG_6, 6.1-STABLE)
+                2006-09-06 21:19:21 UTC (RELENG_6_1, 6.1-RELEASE-p6)
+                2006-09-06 21:20:08 UTC (RELENG_6_0, 6.0-RELEASE-p11)
+                2006-09-06 21:20:54 UTC (RELENG_5, 5.5-STABLE)
+                2006-09-06 21:21:50 UTC (RELENG_5_5, 5.5-RELEASE-p4)
+                2006-09-06 21:22:39 UTC (RELENG_5_4, 5.4-RELEASE-p18)
+                2006-09-06 21:23:16 UTC (RELENG_5_3, 5.3-RELEASE-p33)
+                2006-09-06 21:24:04 UTC (RELENG_4, 4.11-STABLE)
+                2006-09-06 21:24:54 UTC (RELENG_4_11, 4.11-RELEASE-p21)
+CVE Name:       CVE-2006-4339
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured,
+and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+PKCS#1 v1.5 is a standard for "padding" data before performing a
+cryptographic operation using the RSA algorithm.  PKCS#1 v1.5 signatures
+are for example used in X.509 certificates.
+
+RSA public keys may use a variety of public exponents, of which 3, 17, and
+65537 are most common.  As a result of a number of known attacks, most keys
+generated recently use a public exponent of at least 65537.
+
+II.  Problem Description
+
+When verifying a PKCS#1 v1.5 signature, OpenSSL ignores any bytes which
+follow the cryptographic hash being signed.  In a valid signature there
+will be no such bytes.
+
+III. Impact
+
+OpenSSL will incorrectly report some invalid signatures as valid.  When
+an RSA public exponent of 3 is used, or more generally when a small public
+exponent is used with a relatively large modulus (e.g., a public exponent
+of 17 with a 4096-bit modulus), an attacker can construct a signature which
+OpenSSL will accept as a valid PKCS#1 v1.5 signature.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3,
+or RELENG_4_11 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.11, 5.3,
+5.4, 5.5, 6.0, and 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-06:19/openssl.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:19/openssl.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the
+system.
+
+NOTE: Any third-party applications, including those installed from the
+FreeBSD ports collection, which are statically linked to libcrypto(3)
+should be recompiled in order to use the corrected code.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                    1.1.1.1.2.6
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.22
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.25
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                1.1.1.1.2.5.6.1
+RELENG_5
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                    1.1.1.6.4.1
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.4
+  src/sys/conf/newvers.sh                                   1.62.2.21.2.6
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                   1.1.1.6.16.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.27
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.23
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                    1.1.1.6.8.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.36
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.38
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                    1.1.1.6.6.1
+RELENG_6
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                   1.1.1.6.10.1
+RELENG_6_1
+  src/UPDATING                                             1.416.2.22.2.8
+  src/sys/conf/newvers.sh                                   1.69.2.11.2.8
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                   1.1.1.6.14.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.16
+  src/sys/conf/newvers.sh                                   1.69.2.8.2.12
+  src/crypto/openssl/crypto/rsa/rsa_sign.c                   1.1.1.6.12.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.openssl.org/news/secadv_20060905.txt
+http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:19.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQFE/0FzFdaIBMps37IRApq5AJ9LYe7MpHgG+fGWs9zNaFWrTd5mFQCgj5k8
+0lBDO5lDb8jCB5vrjvfhyGY=
+=ihRT
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:20.bind.asc b/share/security/advisories/FreeBSD-SA-06:20.bind.asc
new file mode 100644
index 0000000000..71d9ef42c5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:20.bind.asc
@@ -0,0 +1,156 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:20.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Denial of Service in named(8)
+
+Category:       contrib
+Module:         bind
+Announced:      2006-09-06
+Credits:        The Measurement Factory
+Affects:        FreeBSD 5.3 and later.
+Corrected:      2006-09-06 21:18:26 UTC (RELENG_6, 6.1-STABLE)
+                2006-09-06 21:19:21 UTC (RELENG_6_1, 6.1-RELEASE-p6)
+                2006-09-06 21:20:08 UTC (RELENG_6_0, 6.0-RELEASE-p11)
+                2006-09-06 21:20:54 UTC (RELENG_5, 5.5-STABLE)
+                2006-09-06 21:21:50 UTC (RELENG_5_5, 5.5-RELEASE-p4)
+                2006-09-06 21:22:39 UTC (RELENG_5_4, 5.4-RELEASE-p18)
+                2006-09-06 21:23:16 UTC (RELENG_5_3, 5.3-RELEASE-p33)
+CVE Name:       CVE-2006-4095, CVE-2006-4096
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit
+<URL:http://security.freebsd.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet domain name server.  DNS Security
+Extensions (DNSSEC) are additional protocol options that add
+authentication and integrity to the DNS protocols.
+
+II.  Problem Description
+
+For a recursive DNS server, a remote attacker sending enough recursive
+queries for the replies to arrive after all the interested clients
+have left the recursion queue will trigger an INSIST failure in the
+named(8) daemon.  Also for a recursive DNS server, an assertion
+failure can occur when processing a query whose reply will contain
+more than one SIG(covered) RRset.
+
+For an authoritative DNS server serving a RFC 2535 DNSSEC zone which
+is queried for the SIG records where there are multiple SIG(covered)
+RRsets (e.g. a zone apex), named(8) will trigger an assertion failure
+when it tries to construct the response.
+
+III. Impact
+
+An attacker who can perform recursive lookups on a DNS server and is able
+to send a sufficiently large number of recursive queries, or is able to
+get the DNS server to return more than one SIG(covered) RRsets can stop
+the functionality of the DNS service.
+
+An attacker querying an authoritative DNS server serving a RFC 2535
+DNSSEC zone may be able to crash the DNS server.
+
+All of the above issues will result in a Denial of Service situation.
+
+IV.  Workaround
+
+A possible workaround is to only allow trusted clients to perform recursive
+queries.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
+RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, or RELENG_5_3 security
+branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.3, 5.4,
+5.5, 6.0, and 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-06:20/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:20/bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+
+c) Restart the named application:
+
+# /etc/rc.d/named restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/contrib/bind9/bin/named/query.c                         1.1.1.1.2.3
+  src/contrib/bind9/lib/dns/resolver.c                        1.1.1.1.2.5
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.4
+  src/sys/conf/newvers.sh                                   1.62.2.21.2.6
+  src/contrib/bind9/bin/named/query.c                     1.1.1.1.2.2.2.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.1.2.4.2.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.27
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.23
+  src/contrib/bind9/bin/named/query.c                     1.1.1.1.2.1.4.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.1.2.2.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.36
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.38
+  src/contrib/bind9/bin/named/query.c                     1.1.1.1.2.1.2.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.1.2.1.2.1
+RELENG_6
+  src/contrib/bind9/bin/named/query.c                         1.1.1.1.4.2
+  src/contrib/bind9/lib/dns/resolver.c                        1.1.1.2.2.3
+RELENG_6_1
+  src/UPDATING                                             1.416.2.22.2.8
+  src/sys/conf/newvers.sh                                   1.69.2.11.2.8
+  src/contrib/bind9/bin/named/query.c                     1.1.1.1.4.1.2.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.2.2.2.2.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.16
+  src/sys/conf/newvers.sh                                   1.69.2.8.2.12
+  src/contrib/bind9/bin/named/query.c                         1.1.1.1.6.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.2.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4095
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4096
+http://www.kb.cert.org/vuls/id/697164
+http://www.kb.cert.org/vuls/id/915404
+http://www.niscc.gov.uk/niscc/docs/re-20060905-00590.pdf?lang=en
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:20.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQFFDQK8FdaIBMps37IRAj2LAJ0Y0zC/Soyr6GOLnYalU7ztpTzSpwCdExZy
+j+Wxxc1IGOtrIYhV0sKTIEU=
+=Gk4P
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:21.gzip.asc b/share/security/advisories/FreeBSD-SA-06:21.gzip.asc
new file mode 100644
index 0000000000..e235145045
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:21.gzip.asc
@@ -0,0 +1,162 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:21.gzip                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple vulnerabilities in gzip
+
+Category:       contrib
+Module:         gzip
+Announced:      2006-09-19
+Credits:        Tavis Ormandy, Google Security Team
+Affects:        All FreeBSD releases.
+Corrected:      2006-09-19 14:02:30 UTC (RELENG_6, 6.2-PRERELEASE)
+                2006-09-19 14:03:26 UTC (RELENG_6_1, 6.1-RELEASE-p7)
+                2006-09-19 14:04:13 UTC (RELENG_6_0, 6.0-RELEASE-p12)
+                2006-09-19 14:06:21 UTC (RELENG_5, 5.5-STABLE)
+                2006-09-19 14:07:13 UTC (RELENG_5_5, 5.5-RELEASE-p5)
+                2006-09-19 14:08:10 UTC (RELENG_5_4, 5.4-RELEASE-p19)
+                2006-09-19 14:09:09 UTC (RELENG_5_3, 5.3-RELEASE-p34)
+                2006-09-19 14:11:35 UTC (RELENG_4, 4.11-STABLE)
+                2006-09-19 14:13:53 UTC (RELENG_4_11, 4.11-RELEASE-p22)
+CVE Name:       CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337,
+                CVE-2006-4338
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+gzip is a file compression utility.
+
+II.  Problem Description
+
+Multiple programming errors have been found in gzip which can be
+triggered when gzip is decompressing files.  These errors include
+insufficient bounds checks in buffer use, a NULL pointer dereference,
+and a potential infinite loop.
+
+III. Impact
+
+The insufficient bounds checks in buffer use can cause gzip to crash,
+and may permit the execution of arbitrary code.  The NULL pointer
+deference can cause gzip to crash.  The infinite loop can cause a
+Denial-of-Service situation where gzip uses all available CPU time.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3,
+or RELENG_4_11 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.11, 5.3,
+5.4, 5.5, 6.0, and 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-06:21/gzip.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:21/gzip.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/gzip
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/gnu/usr.bin/gzip/gzip.h                                    1.3.12.1
+  src/gnu/usr.bin/gzip/inflate.c                                  1.8.2.2
+  src/gnu/usr.bin/gzip/unlzh.c                                    1.5.2.1
+  src/gnu/usr.bin/gzip/unpack.c                                   1.6.2.1
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.23
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.26
+  src/gnu/usr.bin/gzip/gzip.h                                    1.3.36.1
+  src/gnu/usr.bin/gzip/inflate.c                              1.8.2.1.2.1
+  src/gnu/usr.bin/gzip/unlzh.c                                   1.5.30.1
+  src/gnu/usr.bin/gzip/unpack.c                                  1.6.30.1
+RELENG_5
+  src/gnu/usr.bin/gzip/gzip.h                                     1.4.2.1
+  src/gnu/usr.bin/gzip/inflate.c                                  1.9.2.1
+  src/gnu/usr.bin/gzip/unlzh.c                                   1.5.26.1
+  src/gnu/usr.bin/gzip/unpack.c                                  1.6.26.1
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.5
+  src/sys/conf/newvers.sh                                   1.62.2.21.2.7
+  src/gnu/usr.bin/gzip/gzip.h                                    1.4.14.1
+  src/gnu/usr.bin/gzip/inflate.c                                 1.9.14.1
+  src/gnu/usr.bin/gzip/unlzh.c                                   1.5.40.1
+  src/gnu/usr.bin/gzip/unpack.c                                  1.6.40.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.28
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.24
+  src/gnu/usr.bin/gzip/gzip.h                                     1.4.6.1
+  src/gnu/usr.bin/gzip/inflate.c                                  1.9.6.1
+  src/gnu/usr.bin/gzip/unlzh.c                                   1.5.32.1
+  src/gnu/usr.bin/gzip/unpack.c                                  1.6.32.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.37
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.39
+  src/gnu/usr.bin/gzip/gzip.h                                     1.4.4.1
+  src/gnu/usr.bin/gzip/inflate.c                                  1.9.4.1
+  src/gnu/usr.bin/gzip/unlzh.c                                   1.5.28.1
+  src/gnu/usr.bin/gzip/unpack.c                                  1.6.28.1
+RELENG_6
+  src/gnu/usr.bin/gzip/gzip.h                                     1.4.8.1
+  src/gnu/usr.bin/gzip/inflate.c                                  1.9.8.1
+  src/gnu/usr.bin/gzip/unlzh.c                                   1.5.34.1
+  src/gnu/usr.bin/gzip/unpack.c                                  1.6.34.1
+RELENG_6_1
+  src/UPDATING                                             1.416.2.22.2.9
+  src/sys/conf/newvers.sh                                   1.69.2.11.2.9
+  src/gnu/usr.bin/gzip/gzip.h                                    1.4.12.1
+  src/gnu/usr.bin/gzip/inflate.c                                 1.9.12.1
+  src/gnu/usr.bin/gzip/unlzh.c                                   1.5.38.1
+  src/gnu/usr.bin/gzip/unpack.c                                  1.6.38.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.17
+  src/sys/conf/newvers.sh                                   1.69.2.8.2.13
+  src/gnu/usr.bin/gzip/gzip.h                                    1.4.10.1
+  src/gnu/usr.bin/gzip/inflate.c                                 1.9.10.1
+  src/gnu/usr.bin/gzip/unlzh.c                                   1.5.36.1
+  src/gnu/usr.bin/gzip/unpack.c                                  1.6.36.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4334
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4335
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4336
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4337
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4338
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:21.gzip.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQFFD/6bFdaIBMps37IRAgMGAJ9f7rYLs32ZEAKWwhcPqAWrp6fNwACgg2Wj
+fw3izMEcpupfqNkkQKizV5g=
+=xYxa
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:22.openssh.asc b/share/security/advisories/FreeBSD-SA-06:22.openssh.asc
new file mode 100644
index 0000000000..5294f2e563
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:22.openssh.asc
@@ -0,0 +1,273 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:22.openssh                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple vulnerabilities in OpenSSH
+
+Category:       contrib
+Module:         openssh
+Announced:      2006-09-30
+Credits:        Tavis Ormandy, Mark Dowd
+Affects:        All FreeBSD releases.
+Corrected:      2006-09-30 19:50:57 UTC (RELENG_6, 6.2-PRERELEASE)
+                2006-09-30 19:51:56 UTC (RELENG_6_1, 6.1-RELEASE-p10)
+                2006-09-30 19:53:21 UTC (RELENG_6_0, 6.0-RELEASE-p15)
+                2006-09-30 19:54:03 UTC (RELENG_5, 5.5-STABLE)
+                2006-09-30 19:54:58 UTC (RELENG_5_5, 5.5-RELEASE-p8)
+                2006-09-30 19:55:52 UTC (RELENG_5_4, 5.4-RELEASE-p22)
+                2006-09-30 19:56:38 UTC (RELENG_5_3, 5.3-RELEASE-p37)
+                2006-09-30 19:57:15 UTC (RELENG_4, 4.11-STABLE)
+                2006-09-30 19:58:07 UTC (RELENG_4_11, 4.11-RELEASE-p25)
+CVE Name:       CVE-2006-4924, CVE-2006-5051
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+OpenSSH is an implementation of the SSH protocol suite, providing an
+encrypted, authenticated transport for a variety of services,
+including remote shell access.
+
+II.  Problem Description
+
+The CRC compensation attack detector in the sshd(8) daemon, upon receipt
+of duplicate blocks, uses CPU time cubic in the number of duplicate
+blocks received.  [CVE-2006-4924]
+
+A race condition exists in a signal handler used by the sshd(8) daemon
+to handle the LoginGraceTime option, which can potentially cause some
+cleanup routines to be executed multiple times.  [CVE-2006-5051]
+
+III. Impact
+
+An attacker sending specially crafted packets to sshd(8) can cause a
+Denial of Service by using 100% of CPU time until a connection timeout
+occurs.  Since this attack can be performed over multiple connections
+simultaneously, it is possible to cause up to MaxStartups (10 by default)
+sshd processes to use all the CPU time they can obtain.  [CVE-2006-4924]
+
+The OpenSSH project believe that the race condition can lead to a Denial
+of Service or potentially remote code execution, but the FreeBSD Security
+Team has been unable to verify the exact impact.  [CVE-2006-5051]
+
+IV.  Workaround
+
+The attack against the CRC compensation attack detector can be avoided
+by disabling SSH Protocol version 1 support in sshd_config(5).
+
+There is no workaround for the second issue.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3,
+or RELENG_4_11 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.11, 5.3,
+5.4, 5.5, 6.0, and 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 4.11]
+# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh4x.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh4x.patch.asc
+
+[FreeBSD 5.x]
+# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh5x.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh5x.patch.asc
+
+[FreeBSD 6.x]
+# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh6x.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:22/openssh6x.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/secure/lib/libssh
+# make obj && make depend && make && make install
+# cd /usr/src/secure/usr.sbin/sshd
+# make obj && make depend && make && make install
+
+c) Restart the SSH daemon.  On FreeBSD 5.x and 6.x, this can be done via
+
+# /etc/rc.d/sshd restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/openssh/deattack.c                               1.1.1.1.2.6
+  src/crypto/openssh/deattack.h                               1.1.1.1.2.3
+  src/crypto/openssh/defines.h                                1.1.1.2.2.3
+  src/crypto/openssh/log.c                                    1.1.1.1.2.6
+  src/crypto/openssh/log.h                                    1.1.1.1.2.4
+  src/crypto/openssh/packet.c                                 1.1.1.1.2.7
+  src/crypto/openssh/ssh_config                                  1.2.2.10
+  src/crypto/openssh/ssh_config.5                                 1.4.2.6
+  src/crypto/openssh/sshd.c                                      1.6.2.12
+  src/crypto/openssh/sshd_config                                 1.4.2.14
+  src/crypto/openssh/sshd_config.5                                1.5.2.8
+  src/crypto/openssh/version.h                               1.1.1.1.2.14
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.26
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.29
+  src/crypto/openssh/deattack.c                           1.1.1.1.2.5.6.1
+  src/crypto/openssh/deattack.h                          1.1.1.1.2.2.10.1
+  src/crypto/openssh/defines.h                            1.1.1.2.2.2.8.1
+  src/crypto/openssh/log.c                                1.1.1.1.2.5.8.1
+  src/crypto/openssh/log.h                                1.1.1.1.2.3.8.1
+  src/crypto/openssh/packet.c                             1.1.1.1.2.6.8.1
+  src/crypto/openssh/ssh_config                               1.2.2.9.6.1
+  src/crypto/openssh/ssh_config.5                             1.4.2.5.6.1
+  src/crypto/openssh/sshd.c                                  1.6.2.11.8.1
+  src/crypto/openssh/sshd_config                             1.4.2.13.6.1
+  src/crypto/openssh/sshd_config.5                            1.5.2.7.4.1
+  src/crypto/openssh/version.h                           1.1.1.1.2.13.6.1
+RELENG_5
+  src/crypto/openssh/auth.h                                      1.13.2.1
+  src/crypto/openssh/deattack.c                               1.1.1.7.2.1
+  src/crypto/openssh/deattack.h                               1.1.1.3.8.1
+  src/crypto/openssh/defines.h                                1.1.1.7.2.1
+  src/crypto/openssh/log.c                                   1.1.1.10.2.1
+  src/crypto/openssh/log.h                                        1.5.2.1
+  src/crypto/openssh/packet.c                                1.1.1.14.2.1
+  src/crypto/openssh/session.c                                   1.44.2.1
+  src/crypto/openssh/ssh_config                                  1.25.2.2
+  src/crypto/openssh/ssh_config.5                                1.15.2.2
+  src/crypto/openssh/sshd.c                                      1.37.2.1
+  src/crypto/openssh/sshd_config                                 1.40.2.2
+  src/crypto/openssh/sshd_config.5                               1.21.2.2
+  src/crypto/openssh/version.h                                   1.27.2.2
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.8
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.10
+  src/crypto/openssh/auth.h                                      1.13.8.1
+  src/crypto/openssh/deattack.c                              1.1.1.7.14.1
+  src/crypto/openssh/deattack.h                              1.1.1.3.20.1
+  src/crypto/openssh/defines.h                                1.1.1.7.8.1
+  src/crypto/openssh/log.c                                   1.1.1.10.8.1
+  src/crypto/openssh/log.h                                        1.5.8.1
+  src/crypto/openssh/packet.c                                1.1.1.14.8.1
+  src/crypto/openssh/session.c                                   1.44.8.1
+  src/crypto/openssh/ssh_config                              1.25.2.1.2.1
+  src/crypto/openssh/ssh_config.5                            1.15.2.1.2.1
+  src/crypto/openssh/sshd.c                                      1.37.8.1
+  src/crypto/openssh/sshd_config                             1.40.2.1.2.1
+  src/crypto/openssh/sshd_config.5                           1.21.2.1.2.1
+  src/crypto/openssh/version.h                               1.27.2.1.2.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.31
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.27
+  src/crypto/openssh/auth.h                                      1.13.6.1
+  src/crypto/openssh/deattack.c                               1.1.1.7.6.1
+  src/crypto/openssh/deattack.h                              1.1.1.3.12.1
+  src/crypto/openssh/defines.h                                1.1.1.7.6.1
+  src/crypto/openssh/log.c                                   1.1.1.10.6.1
+  src/crypto/openssh/log.h                                        1.5.6.1
+  src/crypto/openssh/packet.c                                1.1.1.14.6.1
+  src/crypto/openssh/session.c                                   1.44.6.1
+  src/crypto/openssh/ssh_config                                  1.25.6.2
+  src/crypto/openssh/ssh_config.5                                1.15.6.2
+  src/crypto/openssh/sshd.c                                      1.37.6.1
+  src/crypto/openssh/sshd_config                                 1.40.6.2
+  src/crypto/openssh/sshd_config.5                               1.21.6.2
+  src/crypto/openssh/version.h                                   1.27.6.2
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.40
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.42
+  src/crypto/openssh/auth.h                                      1.13.4.1
+  src/crypto/openssh/deattack.c                               1.1.1.7.4.1
+  src/crypto/openssh/deattack.h                              1.1.1.3.10.1
+  src/crypto/openssh/defines.h                                1.1.1.7.4.1
+  src/crypto/openssh/log.c                                   1.1.1.10.4.1
+  src/crypto/openssh/log.h                                        1.5.4.1
+  src/crypto/openssh/packet.c                                1.1.1.14.4.1
+  src/crypto/openssh/session.c                                   1.44.4.1
+  src/crypto/openssh/ssh_config                                  1.25.4.2
+  src/crypto/openssh/ssh_config.5                                1.15.4.2
+  src/crypto/openssh/sshd.c                                      1.37.4.1
+  src/crypto/openssh/sshd_config                                 1.40.4.2
+  src/crypto/openssh/sshd_config.5                               1.21.4.2
+  src/crypto/openssh/version.h                                   1.27.4.2
+RELENG_6
+  src/crypto/openssh/auth.h                                      1.15.2.2
+  src/crypto/openssh/deattack.c                               1.1.1.7.8.1
+  src/crypto/openssh/deattack.h                              1.1.1.3.14.1
+  src/crypto/openssh/defines.h                                1.1.1.9.2.2
+  src/crypto/openssh/log.c                                   1.1.1.13.2.1
+  src/crypto/openssh/log.h                                        1.6.2.1
+  src/crypto/openssh/packet.c                                1.1.1.16.2.2
+  src/crypto/openssh/session.c                                   1.46.2.2
+  src/crypto/openssh/ssh_config                                  1.27.2.2
+  src/crypto/openssh/ssh_config.5                                1.17.2.2
+  src/crypto/openssh/sshd.c                                      1.39.2.2
+  src/crypto/openssh/sshd_config                                 1.42.2.2
+  src/crypto/openssh/sshd_config.5                               1.23.2.2
+  src/crypto/openssh/version.h                                   1.30.2.2
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.12
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.12
+  src/crypto/openssh/auth.h                                  1.15.2.1.4.1
+  src/crypto/openssh/deattack.c                              1.1.1.7.12.1
+  src/crypto/openssh/deattack.h                              1.1.1.3.18.1
+  src/crypto/openssh/defines.h                            1.1.1.9.2.1.4.1
+  src/crypto/openssh/log.c                                   1.1.1.13.6.1
+  src/crypto/openssh/log.h                                        1.6.6.1
+  src/crypto/openssh/packet.c                            1.1.1.16.2.1.4.1
+  src/crypto/openssh/session.c                               1.46.2.1.4.1
+  src/crypto/openssh/ssh_config                              1.27.2.1.4.1
+  src/crypto/openssh/ssh_config.5                            1.17.2.1.4.1
+  src/crypto/openssh/sshd.c                                  1.39.2.1.4.1
+  src/crypto/openssh/sshd_config                             1.42.2.1.4.1
+  src/crypto/openssh/sshd_config.5                           1.23.2.1.4.1
+  src/crypto/openssh/version.h                               1.30.2.1.4.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.20
+  src/sys/conf/newvers.sh                                   1.69.2.8.2.16
+  src/crypto/openssh/auth.h                                  1.15.2.1.2.1
+  src/crypto/openssh/deattack.c                              1.1.1.7.10.1
+  src/crypto/openssh/deattack.h                              1.1.1.3.16.1
+  src/crypto/openssh/defines.h                            1.1.1.9.2.1.2.1
+  src/crypto/openssh/log.c                                   1.1.1.13.4.1
+  src/crypto/openssh/log.h                                        1.6.4.1
+  src/crypto/openssh/packet.c                            1.1.1.16.2.1.2.1
+  src/crypto/openssh/session.c                               1.46.2.1.2.1
+  src/crypto/openssh/ssh_config                              1.27.2.1.2.1
+  src/crypto/openssh/ssh_config.5                            1.17.2.1.2.1
+  src/crypto/openssh/sshd.c                                  1.39.2.1.2.1
+  src/crypto/openssh/sshd_config                             1.42.2.1.2.1
+  src/crypto/openssh/sshd_config.5                           1.23.2.1.2.1
+  src/crypto/openssh/version.h                               1.30.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.openssh.com/txt/release-4.4
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4924
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5051
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:22.openssh.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQFFHtD+FdaIBMps37IRAhw8AJ0dNrOCiYVEmqQqePByx/KUrdi+AACeNcB0
+T5VfZGGXDv31Py3yxejjhlw=
+=f1ch
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:23.openssl.asc b/share/security/advisories/FreeBSD-SA-06:23.openssl.asc
new file mode 100644
index 0000000000..c0997813bf
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:23.openssl.asc
@@ -0,0 +1,287 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:23.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple problems in crypto(3)
+
+Category:       contrib
+Module:         openssl
+Announced:      2006-09-28
+Credits:        Dr S N Henson, Tavis Ormandy, Will Drewry
+                Stephen Kiernan (Juniper SIRT)
+Affects:        All FreeBSD releases.
+Corrected:      2006-09-29 13:44:03 UTC (RELENG_6, 6.2-PRERELEASE)
+                2006-09-29 13:44:31 UTC (RELENG_6_1, 6.1-RELEASE-p9)
+                2006-09-29 13:44:45 UTC (RELENG_6_0, 6.0-RELEASE-p14)
+                2006-09-29 13:45:01 UTC (RELENG_5, 5.5-STABLE)
+                2006-09-29 13:45:43 UTC (RELENG_5_5, 5.5-RELEASE-p7)
+                2006-09-29 13:45:59 UTC (RELENG_5_4, 5.4-RELEASE-p21)
+                2006-09-29 13:46:10 UTC (RELENG_5_3, 5.3-RELEASE-p36)
+                2006-09-29 13:46:23 UTC (RELENG_4, 4.11-STABLE)
+                2006-09-29 13:46:41 UTC (RELENG_4_11, 4.11-RELEASE-p24)
+CVE Name:       CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4343
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+0.   Revision History
+
+v1.0 2006-09-28  Initial release.
+v1.1 2006-09-29  Corrected patch.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured,
+and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+Several problems have been found in OpenSSL:
+
+1. During the parsing of certain invalid ASN1 structures an error condition
+is mishandled, possibly resulting in an infinite loop.  [CVE-2006-2937]
+
+2. A buffer overflow exists in the SSL_get_shared_ciphers function.
+[CVE-2006-3738]
+
+3. A NULL pointer may be dereferenced in the SSL version 2 client code.
+[CVE-2006-4343]
+
+In addition, many applications using OpenSSL do not perform any validation
+of the lengths of public keys being used. [CVE-2006-2940]
+
+III. Impact
+
+Servers which parse ASN1 data from untrusted sources may be vulnerable to
+a denial of service attack. [CVE-2006-2937]
+
+An attacker accessing a server which uses SSL version 2 may be able to
+execute arbitrary code with the privileges of that server.  [CVE-2006-3738]
+
+A malicious SSL server can cause clients connecting using SSL version 2 to
+crash. [CVE-2006-4343]
+
+Applications which perform public key operations using untrusted keys may
+be vulnerable to a denial of service attack. [CVE-2006-2940]
+
+IV.  Workaround
+
+No workaround is available, but not all of the vulnerabilities mentioned
+affect all applications.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, RELENG_5_4, RELENG_5_3,
+or RELENG_4_11 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 4.11, 5.3,
+5.4, 5.5, 6.0, and 6.1 systems.
+
+a) Download the patch from the location below, and verify the detached
+PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl.patch.asc
+
+NOTE: The patch distributed at the time of the original advisory was
+incorrect.  Systems to which the original patch was applied should be
+patched with the following corrective patch, which contains only the
+changes between the original and updated patch:
+
+# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl-correction.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:23/openssl-correction.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the
+system.
+
+NOTE: Any third-party applications, including those installed from the
+FreeBSD ports collection, which are statically linked to libcrypto(3)
+should be recompiled in order to use the corrected code.
+
+NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by
+prohibiting the use of exceptionally large public keys.  It is believed
+that no existing applications legitimately use such key lengths as would
+be affected by this change.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                   1.1.1.1.2.3
+  src/crypto/openssl/crypto/dh/dh.h                           1.1.1.1.2.5
+  src/crypto/openssl/crypto/dh/dh_err.c                       1.1.1.1.2.4
+  src/crypto/openssl/crypto/dh/dh_key.c                       1.1.1.1.2.9
+  src/crypto/openssl/crypto/dsa/dsa.h                         1.1.1.1.2.5
+  src/crypto/openssl/crypto/dsa/dsa_err.c                     1.1.1.1.2.4
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                    1.1.1.1.2.8
+  src/crypto/openssl/crypto/rsa/rsa.h                             1.2.2.9
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                         1.2.4.9
+  src/crypto/openssl/crypto/rsa/rsa_err.c                     1.1.1.1.2.4
+  src/crypto/openssl/ssl/s2_clnt.c                                1.2.2.9
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.1.2.10
+  src/crypto/openssl/ssl/ssl_lib.c                            1.1.1.1.2.9
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.25
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.28
+  src/crypto/openssl/crypto/asn1/tasn_dec.c               1.1.1.1.2.2.6.1
+  src/crypto/openssl/crypto/dh/dh.h                       1.1.1.1.2.4.8.1
+  src/crypto/openssl/crypto/dh/dh_err.c                   1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/dh/dh_key.c                   1.1.1.1.2.7.6.2
+  src/crypto/openssl/crypto/dsa/dsa.h                     1.1.1.1.2.4.8.1
+  src/crypto/openssl/crypto/dsa/dsa_err.c                 1.1.1.1.2.3.8.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                1.1.1.1.2.7.6.1
+  src/crypto/openssl/crypto/rsa/rsa.h                         1.2.2.8.4.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                     1.2.4.8.4.1
+  src/crypto/openssl/crypto/rsa/rsa_err.c                 1.1.1.1.2.3.8.1
+  src/crypto/openssl/ssl/s2_clnt.c                            1.2.2.8.4.1
+  src/crypto/openssl/ssl/s3_srvr.c                        1.1.1.1.2.9.4.1
+  src/crypto/openssl/ssl/ssl_lib.c                        1.1.1.1.2.8.4.1
+RELENG_5
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                   1.1.1.2.4.1
+  src/crypto/openssl/crypto/dh/dh.h                           1.1.1.6.6.1
+  src/crypto/openssl/crypto/dh/dh_err.c                       1.1.1.4.6.2
+  src/crypto/openssl/crypto/dh/dh_key.c                       1.1.1.8.4.3
+  src/crypto/openssl/crypto/dsa/dsa.h                         1.1.1.6.6.2
+  src/crypto/openssl/crypto/dsa/dsa_err.c                     1.1.1.4.6.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                    1.1.1.7.4.2
+  src/crypto/openssl/crypto/rsa/rsa.h                            1.10.4.2
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                        1.12.4.2
+  src/crypto/openssl/crypto/rsa/rsa_err.c                     1.1.1.4.6.1
+  src/crypto/openssl/ssl/s2_clnt.c                               1.12.2.2
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.13.2.2
+  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.11.2.2
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.7
+  src/sys/conf/newvers.sh                                   1.62.2.21.2.9
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                  1.1.1.2.16.1
+  src/crypto/openssl/crypto/dh/dh.h                          1.1.1.6.18.1
+  src/crypto/openssl/crypto/dh/dh_err.c                   1.1.1.4.6.1.4.1
+  src/crypto/openssl/crypto/dh/dh_key.c                   1.1.1.8.4.1.4.2
+  src/crypto/openssl/crypto/dsa/dsa.h                     1.1.1.6.6.1.4.1
+  src/crypto/openssl/crypto/dsa/dsa_err.c                    1.1.1.4.18.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                1.1.1.7.4.1.4.1
+  src/crypto/openssl/crypto/rsa/rsa.h                        1.10.4.1.4.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                    1.12.4.1.4.1
+  src/crypto/openssl/crypto/rsa/rsa_err.c                    1.1.1.4.18.1
+  src/crypto/openssl/ssl/s2_clnt.c                           1.12.2.1.4.1
+  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.13.2.1.4.1
+  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.11.2.1.4.1
+RELENG_5_4
+  src/UPDATING                                            1.342.2.24.2.30
+  src/sys/conf/newvers.sh                                  1.62.2.18.2.26
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                   1.1.1.2.8.1
+  src/crypto/openssl/crypto/dh/dh.h                          1.1.1.6.10.1
+  src/crypto/openssl/crypto/dh/dh_err.c                   1.1.1.4.6.1.2.1
+  src/crypto/openssl/crypto/dh/dh_key.c                   1.1.1.8.4.1.2.2
+  src/crypto/openssl/crypto/dsa/dsa.h                     1.1.1.6.6.1.2.1
+  src/crypto/openssl/crypto/dsa/dsa_err.c                    1.1.1.4.10.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                1.1.1.7.4.1.2.1
+  src/crypto/openssl/crypto/rsa/rsa.h                        1.10.4.1.2.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                    1.12.4.1.2.1
+  src/crypto/openssl/crypto/rsa/rsa_err.c                    1.1.1.4.10.1
+  src/crypto/openssl/ssl/s2_clnt.c                           1.12.2.1.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.13.2.1.2.1
+  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.11.2.1.2.1
+RELENG_5_3
+  src/UPDATING                                            1.342.2.13.2.39
+  src/sys/conf/newvers.sh                                  1.62.2.15.2.41
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                   1.1.1.2.6.1
+  src/crypto/openssl/crypto/dh/dh.h                           1.1.1.6.8.1
+  src/crypto/openssl/crypto/dh/dh_err.c                       1.1.1.4.8.1
+  src/crypto/openssl/crypto/dh/dh_key.c                       1.1.1.8.6.2
+  src/crypto/openssl/crypto/dsa/dsa.h                         1.1.1.6.8.1
+  src/crypto/openssl/crypto/dsa/dsa_err.c                     1.1.1.4.8.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                    1.1.1.7.6.1
+  src/crypto/openssl/crypto/rsa/rsa.h                            1.10.6.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                        1.12.6.1
+  src/crypto/openssl/crypto/rsa/rsa_err.c                     1.1.1.4.8.1
+  src/crypto/openssl/ssl/s2_clnt.c                               1.12.4.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.13.4.1
+  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.11.4.1
+RELENG_6
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                  1.1.1.2.10.1
+  src/crypto/openssl/crypto/dh/dh.h                          1.1.1.6.12.1
+  src/crypto/openssl/crypto/dh/dh_err.c                       1.1.1.5.2.1
+  src/crypto/openssl/crypto/dh/dh_key.c                       1.1.1.9.2.2
+  src/crypto/openssl/crypto/dsa/dsa.h                         1.1.1.7.2.1
+  src/crypto/openssl/crypto/dsa/dsa_err.c                    1.1.1.4.12.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                    1.1.1.8.2.1
+  src/crypto/openssl/crypto/rsa/rsa.h                            1.11.2.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                        1.13.2.1
+  src/crypto/openssl/crypto/rsa/rsa_err.c                    1.1.1.4.12.1
+  src/crypto/openssl/ssl/s2_clnt.c                               1.13.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.14.2.1
+  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.2.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.11
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.11
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                  1.1.1.2.14.1
+  src/crypto/openssl/crypto/dh/dh.h                          1.1.1.6.16.1
+  src/crypto/openssl/crypto/dh/dh_err.c                       1.1.1.5.6.1
+  src/crypto/openssl/crypto/dh/dh_key.c                       1.1.1.9.6.2
+  src/crypto/openssl/crypto/dsa/dsa.h                         1.1.1.7.6.1
+  src/crypto/openssl/crypto/dsa/dsa_err.c                    1.1.1.4.16.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                    1.1.1.8.6.1
+  src/crypto/openssl/crypto/rsa/rsa.h                            1.11.6.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                        1.13.6.1
+  src/crypto/openssl/crypto/rsa/rsa_err.c                    1.1.1.4.16.1
+  src/crypto/openssl/ssl/s2_clnt.c                               1.13.6.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.14.6.1
+  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.6.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.19
+  src/sys/conf/newvers.sh                                   1.69.2.8.2.15
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                  1.1.1.2.12.1
+  src/crypto/openssl/crypto/dh/dh.h                          1.1.1.6.14.1
+  src/crypto/openssl/crypto/dh/dh_err.c                       1.1.1.5.4.1
+  src/crypto/openssl/crypto/dh/dh_key.c                       1.1.1.9.4.2
+  src/crypto/openssl/crypto/dsa/dsa.h                         1.1.1.7.4.1
+  src/crypto/openssl/crypto/dsa/dsa_err.c                    1.1.1.4.14.1
+  src/crypto/openssl/crypto/dsa/dsa_ossl.c                    1.1.1.8.4.1
+  src/crypto/openssl/crypto/rsa/rsa.h                            1.11.4.1
+  src/crypto/openssl/crypto/rsa/rsa_eay.c                        1.13.4.1
+  src/crypto/openssl/crypto/rsa/rsa_err.c                    1.1.1.4.14.1
+  src/crypto/openssl/ssl/s2_clnt.c                               1.13.4.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.14.4.1
+  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:23.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQFFHSVwFdaIBMps37IRApTZAJ9YY6pldJ52FwtYHbMxsW5363NUgwCgl4tb
+3jFuSkTKR6xVJ6ui4POBjkI=
+=Bn+e
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:24.libarchive.asc b/share/security/advisories/FreeBSD-SA-06:24.libarchive.asc
new file mode 100644
index 0000000000..cb45bbc343
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:24.libarchive.asc
@@ -0,0 +1,94 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:24.libarchive                                 Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Infinite loop in corrupt archives handling in libarchive(3)
+
+Category:       core
+Module:         libarchive
+Announced:      2006-11-08
+Credits:        Rink Springer
+Affects:        FreeBSD 6-STABLE after 2006-09-05 05:23:51 UTC
+Corrected:      2006-11-08 14:05:40 UTC (RELENG_6, 6.2-RC1)
+CVE Name:       CVE-2006-5680
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The libarchive library provides a flexible interface for reading and
+writing streaming archive files such as tar and cpio, and has been the
+basis for FreeBSD's implementation of the tar(1) utility since FreeBSD 5.3.
+
+II.  Problem Description
+
+If the end of an archive is reached while attempting to "skip" past a
+region of an archive, libarchive will enter an infinite loop wherein it
+repeatedly attempts (and fails) to read further data.
+
+III. Impact
+
+An attacker able to cause a system to extract (via "tar -x" or another
+application which uses libarchive) or list the contents (via "tar -t" or
+another libarchive-using application) of an archive provided by the
+attacker can cause libarchive to enter an infinite loop and use all
+available CPU time.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to affected systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:24/libarchive.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libarchive
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/lib/libarchive/archive_read_support_compression_none.c      1.6.2.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5680
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:24.libarchive.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQFFUeSvFdaIBMps37IRAug+AKCWT9WdFvuqPZS0o7fp3f9GKd8/aQCfVcQE
+WODSvmI0ArwZOcWIESQOnIQ=
+=SDvI
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:25.kmem.asc b/share/security/advisories/FreeBSD-SA-06:25.kmem.asc
new file mode 100644
index 0000000000..0137d383f1
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:25.kmem.asc
@@ -0,0 +1,135 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:25.kmem                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Kernel memory disclosure in firewire(4)
+
+Category:       core
+Module:         sys_dev
+Announced:      2006-12-06
+Credits:        Rodrigo Rubira Branco
+Affects:        All FreeBSD releases.
+Corrected:      2006-12-06 09:13:51 UTC (RELENG_6, 6.2-STABLE)
+                2006-12-06 09:14:23 UTC (RELENG_6_2, 6.2-RC2)
+                2006-12-06 09:14:59 UTC (RELENG_6_1, 6.1-RELEASE-p11)
+                2006-12-06 09:15:40 UTC (RELENG_6_0, 6.0-RELEASE-p16)
+                2006-12-06 09:16:17 UTC (RELENG_5, 5.5-STABLE)
+                2006-12-06 09:16:41 UTC (RELENG_5_5, 5.5-RELEASE-p9)
+                2006-12-06 09:17:09 UTC (RELENG_4, 4.11-STABLE)
+                2006-12-06 09:18:02 UTC (RELENG_4_11, 4.11-RELEASE-p26)
+CVE Name:       CVE-2006-6013
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The firewire(4) driver provides support for IEEE 1394 ("FireWire")
+interfaces.  This driver provides some of its functionality via the
+ioctl(2) system call.
+
+II.  Problem Description
+
+In the FW_GCROM ioctl, a signed integer comparison is used instead of
+an unsigned integer comparison when computing the length of a buffer
+to be copied from the kernel into the calling application.
+
+III. Impact
+
+A user in the "operator" group can read the contents of kernel memory.
+Such memory might contain sensitive information, such as portions of
+the file cache or terminal buffers.  This information might be directly
+useful, or it might be leveraged to obtain elevated privileges in some
+way; for example, a terminal buffer might include a user-entered
+password.
+
+IV.  Workaround
+
+No workaround is available, but systems without IEEE 1394 ("FireWire")
+interfaces are not vulnerable.  (Note that systems with IEEE 1394
+interfaces are affected regardless of whether any devices are attached.)
+
+Note also that FreeBSD does not have any non-root users in the "operator"
+group by default; systems on which no users have been added to this group
+are therefore also not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, 5-STABLE, or 6-STABLE,
+or to the RELENG_6_1, RELENG_6_0, RELENG_5_5, or RELENG_4_11 security
+branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.11, 5.5,
+6.0, and 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-06:25/kmem.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:25/kmem.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/sys/dev/firewire/fwdev.c                                   1.2.4.17
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.27
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.30
+  src/sys/dev/firewire/fwdev.c                               1.2.4.16.4.1
+RELENG_5
+  src/sys/dev/firewire/fwdev.c                                   1.44.2.2
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.9
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.11
+  src/sys/dev/firewire/fwdev.c                               1.44.2.1.4.1
+RELENG_6
+  src/sys/dev/firewire/fwdev.c                                   1.46.2.2
+RELENG_6_2
+  src/UPDATING                                             1.416.2.29.2.1
+  src/sys/dev/firewire/fwdev.c                               1.46.2.1.6.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.13
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.13
+  src/sys/dev/firewire/fwdev.c                               1.46.2.1.4.1
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.21
+  src/sys/conf/newvers.sh                                   1.69.2.8.2.17
+  src/sys/dev/firewire/fwdev.c                               1.46.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6013
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:25.kmem.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQFFdo1QFdaIBMps37IRAj4vAJ4vzhNk4MBkhAxsmeIAA0UgnXXOwACfY+Oe
+WhWIJLjTgqq+T3ZpySyRCNo=
+=FbZj
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-06:26.gtar.asc b/share/security/advisories/FreeBSD-SA-06:26.gtar.asc
new file mode 100644
index 0000000000..2f0c638293
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-06:26.gtar.asc
@@ -0,0 +1,129 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-06:26.gtar                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          gtar name mangling symlink vulnerability
+
+Category:       contrib
+Module:         contrib_tar
+Announced:      2006-12-06
+Credits:        Teemu Salmela
+Affects:        FreeBSD 4.x and 5.x releases
+Corrected:      2006-12-06 09:16:17 UTC (RELENG_5, 5.5-STABLE)
+                2006-12-06 09:16:41 UTC (RELENG_5_5, 5.5-RELEASE-p9)
+                2006-12-06 09:17:09 UTC (RELENG_4, 4.11-STABLE)
+                2006-12-06 09:18:02 UTC (RELENG_4_11, 4.11-RELEASE-p26)
+CVE Name:       CVE-2006-6097
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+GNU tar (gtar) is a utility to create and extract "tape archives",
+commonly known as tar files.  GNU tar is included in FreeBSD 4.x as
+/usr/bin/tar, and in FreeBSD 5.x as /usr/bin/gtar.
+
+II.  Problem Description
+
+Symlinks created using the "GNUTYPE_NAMES" tar extension can be
+absolute due to lack of proper sanity checks.
+
+III. Impact
+
+If an attacker can get a user to extract a specially crafted tar
+archive the attacker can overwrite arbitrary files with the
+permissions of the user running gtar.  If file system permissions
+allow it, this may allow the attacker to overwrite important system
+file (if gtar is being run as root), or important user configuration
+files such as .tcshrc or .bashrc, which would allow the attacker to
+run arbitrary commands.
+
+IV.  Workaround
+
+Use "bsdtar", which is the default tar implementation in FreeBSD 5.3
+and higher.  For FreeBSD 4.x, bsdtar is available in the FreeBSD Ports
+Collection as ports/archivers/libarchive.
+
+V.   Solution
+
+NOTE: The solution described below causes GNU tar to exit with an error
+when handling an archive with GNUTYPE_NAMES entries.  The FreeBSD
+Security Team does not consider this to be a significant regression,
+since GNUTYPE_NAMES has not been used for many years and is not
+supported by other archival software such as libarchive(3); but the
+original (insecure) behaviour can be retained by running GNU tar with
+the newly added --allow-name-mangling option.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 4-STABLE, or 5-STABLE, or to the
+RELENG_5_5 or RELENG_4_11 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 4.11 and
+5.5 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-06:26/gtar.patch
+# fetch http://security.FreeBSD.org/patches/SA-06:26/gtar.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/tar
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_4
+  src/contrib/tar/src/common.h                                    1.2.2.2
+  src/contrib/tar/src/extract.c                                   1.4.2.4
+  src/contrib/tar/src/tar.c                                       1.2.2.3
+RELENG_4_11
+  src/UPDATING                                             1.73.2.91.2.27
+  src/sys/conf/newvers.sh                                  1.44.2.39.2.30
+  src/contrib/tar/src/common.h                               1.2.2.1.10.1
+  src/contrib/tar/src/extract.c                               1.4.2.3.8.1
+  src/contrib/tar/src/tar.c                                   1.2.2.2.6.1
+RELENG_5
+  src/contrib/tar/src/common.h                                   1.2.10.1
+  src/contrib/tar/src/extract.c                                   1.6.8.1
+  src/contrib/tar/src/tar.c                                       1.3.4.1
+RELENG_5_5
+  src/UPDATING                                             1.342.2.35.2.9
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.11
+  src/contrib/tar/src/common.h                                   1.2.22.1
+  src/contrib/tar/src/extract.c                                  1.6.20.1
+  src/contrib/tar/src/tar.c                                      1.3.16.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://marc.theaimsgroup.com/?l=full-disclosure&m=116414883029517
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6097
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:26.gtar.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQFFdo1YFdaIBMps37IRAsqUAKCFRV7yICNP8NyC/3+uHUTOKDrxWQCeIJ5a
+HsY0N8aR6FoEiFYV/y5fO4k=
+=0/ws
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-07:01.jail.asc b/share/security/advisories/FreeBSD-SA-07:01.jail.asc
new file mode 100644
index 0000000000..9b204f860f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-07:01.jail.asc
@@ -0,0 +1,192 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-07:01.jail                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Jail rc.d script privilege escalation
+
+Category:       core
+Module:         etc_rc.d
+Announced:      2007-01-11
+Credits:        Dirk Engling
+Affects:        All FreeBSD releases since 5.3
+Corrected:      2007-01-11 18:16:58 UTC (RELENG_6, 6.2-STABLE)
+                2007-01-11 18:17:24 UTC (RELENG_6_2, 6.2-RELEASE)
+                2007-01-11 18:18:08 UTC (RELENG_6_1, 6.1-RELEASE-p12)
+                2007-01-11 18:18:35 UTC (RELENG_6_0, 6.0-RELEASE-p17)
+                2007-08-01 20:47:13 UTC (RELENG_5, 5.5-STABLE)
+                2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15)
+CVE Name:       CVE-2007-0166
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+0.   Revision History
+
+v1.0 2007-01-11  Initial release.
+v1.1 2007-08-01  Corrected patch for FreeBSD 5.5.
+
+I.   Background
+
+The jail(2) system call allows a system administrator to lock a process
+and all of its descendants inside an environment with a very limited
+ability to affect the system outside that environment, even for
+processes with superuser privileges.  It is an extension of, but
+far more powerful than, the traditional UNIX chroot(2) system call.
+
+The host's jail rc.d(8) script can be used to start and stop jails
+automatically on system boot/shutdown.
+
+II.  Problem Description
+
+In multiple situations the host's jail rc.d(8) script does not check if
+a path inside the jail file system structure is a symbolic link before
+using the path.  In particular this is the case when writing the
+output from the jail start-up to /var/log/console.log and when
+mounting and unmounting file systems inside the jail directory
+structure.
+
+III. Impact
+
+Due to the lack of handling of potential symbolic links the host's jail
+rc.d(8) script is vulnerable to "symlink attacks".  By replacing
+/var/log/console.log inside the jail with a symbolic link it is
+possible for the superuser (root) inside the jail to overwrite files
+on the host system outside the jail with arbitrary content.  This in
+turn can be used to execute arbitrary commands with non-jailed
+superuser privileges.
+
+Similarly, by changing directory mount points inside the jail file
+system structure into symbolic links, it may be possible for a jailed
+attacker to mount file systems which were meant to be mounted inside
+the jail at arbitrary points in the host file system structure, or to
+unmount arbitrary file systems on the host system.
+
+NOTE WELL: The above vulnerabilities occur only when a jail is being
+started or stopped using the host's jail rc.d(8) script; once started
+(and until stopped), running jails cannot exploit this.
+
+IV.  Workaround
+
+If the sysctl(8) variable security.jail.chflags_allowed is set to 0
+(the default), setting the "sunlnk" system flag on /var, /var/log,
+/var/log/console.log, and all file system mount points and their
+parent directories inside the jail(s) will ensure that the console
+log file and mount points are not replaced by symbolic links.  If
+this is done while jails are running, the administrator must check
+that an attacker has not replaced any directories with symlinks
+after setting the "sunlnk" flag.
+
+V.   Solution
+
+NOTE WELL: The solution described changes the default location of the
+"console.log" for jails from /var/log/console.log inside each jail to
+/var/log/jail_${jail_name}_console.log on host system.  If this is a
+problem, it may be possible to create a hard link from the new position
+of the console log file to a location inside the jail.  A new rc.conf(5)
+variable, jail_${jail_name}_consolelog, can be used to change the
+location of console.log files on a per-jail basis.
+
+In addition, the solution described below does not fully secure jail
+configurations where two jails have overlapping directory trees and a
+file system is mounted inside the overlap.  Overlapping directory
+trees can occur when jails share the same root directory; when a jail
+has a root directory which is a subdirectory of another jail's root
+directory; or when a part of the file system space of one jail is
+mounted inside the file system space of another jail, e.g., using
+nullfs or unionfs.
+
+To handle overlapping jails safely the administrator must set the
+sysctl(8) variable security.jail.chflags_allowed to 0 (the default)
+and manually set the "sunlnk" file/directory flag on all mount points
+and all parent directories of mount points.  If this is done while
+jails are running, the adminstrator must check that an attacker has
+not replaced any directories with symlinks after setting the "sunlnk"
+flag.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
+RELENG_6_1, RELENG_6_0, or RELENG_5_5 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5, 6.0,
+and 6.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 5.5]
+# fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:01/jail5.patch.asc
+
+[FreeBSD 6.0]
+# fetch http://security.FreeBSD.org/patches/SA-07:01/jail60.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:01/jail60.patch.asc
+
+[FreeBSD 6.1]
+# fetch http://security.FreeBSD.org/patches/SA-07:01/jail61.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:01/jail61.patch.asc
+
+NOTE: The patch distributed at the time of the original advisory was
+incorrect for FreeBSD 5.5 (both RELENG_5 and RELENG_5_5).  Systems to
+which the original patch was applied should be patched with the
+following corrective patch, which contains only the changes between
+the original and updated patch:
+
+# fetch http://security.FreeBSD.org/patches/SA-07:01/jail5-correction.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:01/jail5-correction.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# install -o root -g wheel -m 555 etc/rc.d/jail /etc/rc.d
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/etc/rc.d/jail                                              1.15.2.7
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.15
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.17
+  src/etc/rc.d/jail                                          1.15.2.5.2.2
+RELENG_6
+  src/etc/rc.d/jail                                              1.23.2.9
+RELENG_6_2
+  src/UPDATING                                             1.416.2.29.2.2
+  src/etc/rc.d/jail                                          1.23.2.7.2.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.14
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.14
+  src/etc/rc.d/jail                                          1.23.2.3.2.3
+RELENG_6_0
+  src/UPDATING                                             1.416.2.3.2.22
+  src/sys/conf/newvers.sh                                   1.69.2.8.2.18
+  src/etc/rc.d/jail                                          1.23.2.2.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0166
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-07:01.jail.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFGsPfrFdaIBMps37IRAgksAJ4yGy3zTBcr2N+TbDoTlN3aHUA8QQCgi/8B
+It4pOMoA0QMzAp8HxUWo+xU=
+=9tTT
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-07:02.bind.asc b/share/security/advisories/FreeBSD-SA-07:02.bind.asc
new file mode 100644
index 0000000000..1c19e43366
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-07:02.bind.asc
@@ -0,0 +1,144 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-07:02.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Multiple Denial of Service vulnerabilities in named(8)
+
+Category:       contrib
+Module:         bind
+Announced:      2007-02-09
+Affects:        FreeBSD 5.3 and later.
+Corrected:      2007-02-07 00:42:09 UTC (RELENG_6, 6.2-STABLE)
+                2007-02-09 20:24:15 UTC (RELENG_6_2, 6.2-RELEASE-p1)
+                2007-02-09 20:23:29 UTC (RELENG_6_1, 6.1-RELEASE-p13)
+                2007-02-07 00:46:35 UTC (RELENG_5, 5.5-STABLE)
+                2007-02-09 20:22:44 UTC (RELENG_5_5, 5.5-RELEASE-p11)
+CVE Name:       CVE-2007-0493, CVE-2007-0494
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet domain name server.  DNS Security
+Extensions (DNSSEC) are additional protocol options that add
+authentication and integrity to the DNS protocols.
+
+II.  Problem Description
+
+A type * (ANY) query response containing multiple RRsets can trigger an
+assertion failure.
+
+Certain recursive queries can cause the nameserver to crash by using memory
+which has already been freed.
+
+III. Impact
+
+A remote attacker sending a type * (ANY) query to an authoritative DNS
+server for a DNSSEC signed zone can cause the named(8) daemon to exit,
+resulting in a Denial of Service.
+
+A remote attacker sending recursive queries can cause the nameserver to
+crash, resulting in a Denial of Service.
+
+IV.  Workaround
+
+There is no workaround available, but systems which are not authoritative
+servers for DNSSEC signed zones are not affected by the first issue; and
+systems which do not permit untrusted users to perform recursive DNS
+resolution are not affected by the second issue.  Note that the default
+configuration for named(8) in FreeBSD allows local access only (which on
+many systems is equivalent to refusing access to untrusted users).
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
+RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5, 6.1,
+and 6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 5.5, FreeBSD 6.1]
+# fetch http://security.FreeBSD.org/patches/SA-07:02/bind61.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:02/bind61.patch.asc
+
+[FreeBSD 6.2]
+# fetch http://security.FreeBSD.org/patches/SA-07:02/bind62.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:02/bind62.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+
+c) Restart the named application:
+
+# /etc/rc.d/named restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/contrib/bind9/lib/dns/resolver.c                        1.1.1.1.2.8
+  src/contrib/bind9/lib/dns/validator.c                       1.1.1.1.2.5
+  src/contrib/bind9/lib/dns/include/dns/validator.h           1.1.1.1.2.4
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.11
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.13
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.1.2.4.2.2
+  src/contrib/bind9/lib/dns/validator.c                   1.1.1.1.2.3.2.1
+  src/contrib/bind9/lib/dns/include/dns/validator.h       1.1.1.1.2.2.2.1
+RELENG_6
+  src/contrib/bind9/lib/dns/resolver.c                        1.1.1.2.2.6
+  src/contrib/bind9/lib/dns/validator.c                       1.1.1.2.2.3
+  src/contrib/bind9/lib/dns/include/dns/validator.h           1.1.1.1.4.3
+RELENG_6_2
+  src/UPDATING                                             1.416.2.29.2.4
+  src/sys/conf/newvers.sh                                   1.69.2.13.2.4
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.2.2.4.2.2
+  src/contrib/bind9/lib/dns/validator.c                   1.1.1.2.2.1.4.2
+  src/contrib/bind9/lib/dns/include/dns/validator.h       1.1.1.1.4.1.4.2
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.15
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.15
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.2.2.2.2.2
+  src/contrib/bind9/lib/dns/validator.c                   1.1.1.2.2.1.2.1
+  src/contrib/bind9/lib/dns/include/dns/validator.h       1.1.1.1.4.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0493
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0494
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-07:02.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQFFzNnpFdaIBMps37IRAsCVAJ9qvyFe04YWnkvYkFQPsSTIP+SLYgCfUhO8
+alXiQEsy1iSwSI66d/e7gSk=
+=HmF6
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-07:03.ipv6.asc b/share/security/advisories/FreeBSD-SA-07:03.ipv6.asc
new file mode 100644
index 0000000000..2f011db4b7
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-07:03.ipv6.asc
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-07:03.ipv6                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          IPv6 Routing Header 0 is dangerous
+
+Category:       core
+Module:         ipv6
+Announced:      2007-04-26
+Credits:        Philippe Biondi, Arnaud Ebalard, Jun-ichiro itojun Hagino
+Affects:        All FreeBSD releases.
+Corrected:      2007-04-24 11:42:42 UTC (RELENG_6, 6.2-STABLE)
+                2007-04-26 23:42:23 UTC (RELENG_6_2, 6.2-RELEASE-p4)
+                2007-04-26 23:41:59 UTC (RELENG_6_1, 6.1-RELEASE-p16)
+                2007-04-24 11:44:23 UTC (RELENG_5, 5.5-STABLE)
+                2007-04-26 23:41:27 UTC (RELENG_5_5, 5.5-RELEASE-p12)
+CVE Name:       CVE-2007-2242
+
+I.   Background
+
+IPv6 provides a routing header option which allows a packet sender to
+indicate how the packet should be routed, overriding the routing knowledge
+present in a network.  This functionality is roughly equivalent to the
+"source routing" option in IPv4.  All nodes in an IPv6 network -- both
+routers and hosts -- are required by RFC 2460 to process such headers.
+
+II.  Problem Description
+
+There is no mechanism for preventing IPv6 routing headers from being used
+to route packets over the same link(s) many times.
+
+III. Impact
+
+An attacker can "amplify" a denial of service attack against a link between
+two vulnerable hosts; that is, by sending a small volume of traffic the
+attacker can consume a much larger amount of bandwidth between the two
+vulnerable hosts.
+
+An attacker can use vulnerable hosts to "concentrate" a denial of service
+attack against a victim host or network; that is, a set of packets sent
+over a period of 30 seconds or more could be constructed such that they
+all arrive at the victim within a period of 1 second or less.
+
+Other attacks may also be possible.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+NOTE WELL: The solution described below causes IPv6 type 0 routing headers
+to be ignored.  Support for IPv6 type 0 routing headers can be re-enabled
+if required by setting the newly added net.inet6.ip6.rthdr0_allowed sysctl
+to a non-zero value.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
+RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5, 6.1,
+and 6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:03/ipv6.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/netinet6/in6.h                                         1.35.2.5
+  src/sys/netinet6/in6_proto.c                                   1.29.2.5
+  src/sys/netinet6/route6.c                                      1.10.4.2
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.12
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.14
+  src/sys/netinet6/in6.h                                     1.35.2.3.2.1
+  src/sys/netinet6/in6_proto.c                               1.29.2.4.2.1
+  src/sys/netinet6/route6.c                                  1.10.4.1.4.1
+RELENG_6
+  src/sys/netinet6/in6.h                                         1.36.2.8
+  src/sys/netinet6/in6_proto.c                                   1.32.2.6
+  src/sys/netinet6/route6.c                                      1.11.2.2
+RELENG_6_2
+  src/UPDATING                                             1.416.2.29.2.7
+  src/sys/conf/newvers.sh                                   1.69.2.13.2.7
+  src/sys/netinet6/in6.h                                     1.36.2.7.2.1
+  src/sys/netinet6/in6_proto.c                               1.32.2.5.2.1
+  src/sys/netinet6/route6.c                                  1.11.2.1.4.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.18
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.18
+  src/sys/netinet6/in6.h                                     1.36.2.6.2.1
+  src/sys/netinet6/in6_proto.c                               1.32.2.4.2.1
+  src/sys/netinet6/route6.c                                  1.11.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2242
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-07:03.ipv6.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQFGM8/CFdaIBMps37IRAu30AJ9nDSBQetafO6QPf8pJSA7Fwk6qlQCePVg0
+2T4oPjAuyPYX9bkmP0EAdfs=
+=MGTg
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-07:04.file.asc b/share/security/advisories/FreeBSD-SA-07:04.file.asc
new file mode 100644
index 0000000000..bec1ea24a3
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-07:04.file.asc
@@ -0,0 +1,133 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-07:04.file                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Heap overflow in file(1)
+
+Category:       contrib
+Module:         file
+Announced:      2007-05-23
+Affects:        All FreeBSD releases.
+Corrected:      2007-05-23 16:12:51 UTC (RELENG_6, 6.2-STABLE)
+                2007-05-23 16:13:07 UTC (RELENG_6_2, 6.2-RELEASE-p5)
+                2007-05-23 16:13:20 UTC (RELENG_6_1, 6.1-RELEASE-p17)
+                2007-05-23 16:12:10 UTC (RELENG_5, 5.5-STABLE)
+                2007-05-23 16:12:35 UTC (RELENG_5_5, 5.5-RELEASE-p13)
+CVE Name:       CVE-2007-1536
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The file(1) utility attempts to classify file system objects based on
+filesystem, magic number and language tests.
+
+The libmagic(3) library provides most of the functionality of file(1)
+and may be used by other applications.
+
+II.  Problem Description
+
+When writing data into a buffer in the file_printf function, the length
+of the unused portion of the buffer is not correctly tracked, resulting
+in a buffer overflow when processing certain files.
+
+III. Impact
+
+An attacker who can cause file(1) to be run on a maliciously constructed
+input can cause file(1) to crash.  It may be possible for such an attacker
+to execute arbitrary code with the privileges of the user running file(1).
+
+The above also applies to any other applications using the libmagic(3)
+library.
+
+IV.  Workaround
+
+No workaround is available, but systems where file(1) and other
+libmagic(3)-using applications are never run on untrusted input are not
+vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
+RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5, 6.1,
+and 6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 5.5]
+# fetch http://security.FreeBSD.org/patches/SA-07:04/file5.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:04/file5.patch.asc
+
+[FreeBSD 6.1 and 6.2]
+# fetch http://security.FreeBSD.org/patches/SA-07:04/file6.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:04/file6.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libmagic
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/contrib/file/file.h                                     1.1.1.7.2.1
+  src/contrib/file/funcs.c                                    1.1.1.1.2.1
+  src/contrib/file/magic.c                                    1.1.1.1.2.1
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.13
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.15
+  src/contrib/file/file.h                                     1.1.1.7.8.1
+  src/contrib/file/funcs.c                                    1.1.1.1.8.1
+  src/contrib/file/magic.c                                    1.1.1.1.8.1
+RELENG_6
+  src/contrib/file/file.h                                     1.1.1.8.2.1
+  src/contrib/file/funcs.c                                    1.1.1.2.2.1
+  src/contrib/file/magic.c                                    1.1.1.2.2.1
+RELENG_6_2
+  src/UPDATING                                             1.416.2.29.2.8
+  src/sys/conf/newvers.sh                                   1.69.2.13.2.8
+  src/contrib/file/file.h                                     1.1.1.8.8.1
+  src/contrib/file/funcs.c                                    1.1.1.2.8.1
+  src/contrib/file/magic.c                                    1.1.1.2.8.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.19
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.19
+  src/contrib/file/file.h                                     1.1.1.8.6.1
+  src/contrib/file/funcs.c                                    1.1.1.2.6.1
+  src/contrib/file/magic.c                                    1.1.1.2.6.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1536
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-07:04.file.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFGVGjhFdaIBMps37IRAgogAJ9o/0yCxtRi527rgvhg/BoC/AvEsQCfcwMX
+ABl7JIb1XiY6QKWQ6UfwlGA=
+=meQ0
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-07:05.libarchive.asc b/share/security/advisories/FreeBSD-SA-07:05.libarchive.asc
new file mode 100644
index 0000000000..282d73028f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-07:05.libarchive.asc
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-07:05.libarchive                                 Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Errors handling corrupt tar files in libarchive(3)
+
+Category:       core
+Module:         libarchive
+Announced:      2007-07-12
+Credits:        CPNI, CERT-FI, Tim Kientzle, Colin Percival
+Affects:        FreeBSD 5.3 and later.
+Corrected:      2007-07-12 15:00:44 UTC (RELENG_6, 6.2-STABLE)
+                2007-07-12 15:01:14 UTC (RELENG_6_2, 6.2-RELEASE-p6)
+                2007-07-12 15:01:32 UTC (RELENG_6_1, 6.1-RELEASE-p18)
+                2007-07-12 15:01:42 UTC (RELENG_5, 5.5-STABLE)
+                2007-07-12 15:01:56 UTC (RELENG_5_5, 5.5-RELEASE-p14)
+CVE Name:       CVE-2007-3641, CVE-2007-3644, CVE-2007-3645
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The libarchive library provides a flexible interface for reading and
+writing streaming archive files such as tar and cpio, and has been the
+basis for FreeBSD's implementation of the tar(1) utility since FreeBSD 5.3.
+
+II.  Problem Description
+
+Several problems have been found in the code used to parse the tar and
+pax interchange formats.  These include entering an infinite loop if an
+archive prematurely ends within a pax extension header or if certain
+types of corruption occur in pax extension headers [CVE-2007-3644];
+dereferencing a NULL pointer if an archive prematurely ends within a
+tar header immediately following a pax extension header or if certain
+other types of corruption occur in pax extension headers [CVE-2007-3645];
+and miscomputing the length of a buffer resulting in a buffer overflow
+if yet another type of corruption occurs in a pax extension header
+[CVE-2007-3641].
+
+III. Impact
+
+An attacker who can cause a corrupt archive of his choice to be parsed
+by libarchive, including by having "tar -x" (extract) or "tar -t" (list
+entries) run on it, can cause libarchive to enter an infinite loop, to
+core dump, or possibly to execute arbitrary code provided by the
+attacker.
+
+IV.  Workaround
+
+No workaround is available, but systems which do not read tar or pax
+extension archives provided by untrusted sources are not vulnerable.
+Note that while these issues do not affect libarchive's ability to
+parse cpio, ISO9660, or zip format archives, libarchive automatically
+detects the format of an archive, so external metadata (e.g., a file
+name) is not sufficient to ensure that a file will not be parsed using
+the vulnerable tar/pax format parser.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
+RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5, 6.1,
+and 6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-07:05/libarchive.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:05/libarchive.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libarchive
+# make obj && make depend && make && make install
+# cd /usr/src/rescue
+# make obj && make depend && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.freebsd.org/handbook/makeworld.html>
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/lib/libarchive/archive_read_support_format_tar.c           1.26.2.8
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.14
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.16
+  src/lib/libarchive/archive_read_support_format_tar.c       1.26.2.7.2.1
+RELENG_6
+  src/lib/libarchive/archive_read_support_format_tar.c           1.32.2.5
+RELENG_6_2
+  src/UPDATING                                             1.416.2.29.2.9
+  src/sys/conf/newvers.sh                                   1.69.2.13.2.9
+  src/lib/libarchive/archive_read_support_format_tar.c       1.32.2.2.2.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.20
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.20
+  src/lib/libarchive/archive_read_support_format_tar.c           1.32.6.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3641
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3644
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3645
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-07:05.libarchive.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD4DBQFGlkN5FdaIBMps37IRAl/vAJ4vKkZ9eXBW4PPljvbgALUlAPdxCQCXRMzY
+4hKO09Xhj1akwPufFXJS2w==
+=sRGA
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc b/share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc
new file mode 100644
index 0000000000..92c3567d3d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-07:06.tcpdump.asc
@@ -0,0 +1,113 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-07:06.tcpdump                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Buffer overflow in tcpdump(1)
+
+Category:       contrib
+Module:         tcpdump
+Announced:      2007-08-01
+Credits:        "mu-b"
+Affects:        All supported versions of FreeBSD
+Corrected:      2007-08-01 20:42:48 UTC (RELENG_6, 6.2-STABLE)
+                2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7)
+                2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19)
+                2007-08-01 20:47:13 UTC (RELENG_5, 5.5-STABLE)
+                2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15)
+CVE Name:       CVE-2007-3798
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+Tcpdump is a commonly used network diagnostic utility which decodes packets
+received on the wire into human readable format.
+
+II.  Problem Description
+
+An un-checked return value in the BGP dissector code can result in an integer
+overflow.  This value is used in subsequent buffer management operations,
+resulting in a stack based buffer overflow under certain circumstances.
+
+III. Impact
+
+By crafting malicious BGP packets, an attacker could exploit this vulnerability
+to execute code or crash the tcpdump process on the target system.  This
+code would be executed in the context of the user running tcpdump(1).
+It should be noted that tcpdump(1) requires privileges in order to open live
+network interfaces.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
+RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5, 6.1,
+and 6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-07:06/tcpdump.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:06/tcpdump.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/tcpdump/tcpdump
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/contrib/tcpdump/print-bgp.c                             1.1.1.5.2.2
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.15
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.17
+  src/contrib/tcpdump/print-bgp.c                         1.1.1.5.2.1.2.1
+RELENG_6
+  src/contrib/tcpdump/print-bgp.c                             1.1.1.8.2.1
+RELENG_6_2
+  src/UPDATING                                            1.416.2.29.2.10
+  src/sys/conf/newvers.sh                                  1.69.2.13.2.10
+  src/contrib/tcpdump/print-bgp.c                             1.1.1.8.8.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.21
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.21
+  src/contrib/tcpdump/print-bgp.c                             1.1.1.8.6.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3798
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-07:06.tcpdump.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFGsPfwFdaIBMps37IRAmK/AJ0adsy8zlOOXaJhJJdcX6A0Uy+bSQCfQYVi
+4qk7MNSrKFZotejLEXKMCYI=
+=JIZh
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-07:07.bind.asc b/share/security/advisories/FreeBSD-SA-07:07.bind.asc
new file mode 100644
index 0000000000..99b152fc66
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-07:07.bind.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-07:07.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Predictable query ids in named(8)
+
+Category:       contrib
+Module:         bind
+Announced:      2007-08-01
+Credits:        Amit Klein
+Affects:        FreeBSD 5.3 and later.
+Corrected:      2007-07-25 08:23:08 UTC (RELENG_6, 6.2-STABLE)
+                2007-08-01 20:44:58 UTC (RELENG_6_2, 6.2-RELEASE-p7)
+                2007-08-01 20:45:49 UTC (RELENG_6_1, 6.1-RELEASE-p19)
+                2007-07-25 08:24:40 UTC (RELENG_5, 5.5-STABLE)
+                2007-08-01 20:48:19 UTC (RELENG_5_5, 5.5-RELEASE-p15)
+CVE Name:       CVE-2007-2926
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.  DNS requests
+contain a query id which is used match a DNS request with the response
+and to make it harder for anybody but the DNS server which received the
+request to send a valid response.
+
+II.  Problem Description
+
+When named(8) is operating as a recursive DNS server or sending NOTIFY
+requests to slave DNS servers, named(8) uses a predictable query id.
+
+III. Impact
+
+An attacker who can see the query id for some request(s) sent by named(8)
+is likely to be able to perform DNS cache poisoning by predicting the
+query id for other request(s).
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
+RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5, 6.1,
+and 6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:07/bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/contrib/bind9/bin/named/client.c                        1.1.1.1.2.5
+  src/contrib/bind9/lib/dns/dispatch.c                        1.1.1.1.2.3
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h            1.1.1.1.2.2
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.15
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.17
+  src/contrib/bind9/bin/named/client.c                    1.1.1.1.2.3.2.1
+  src/contrib/bind9/lib/dns/dispatch.c                    1.1.1.1.2.1.6.1
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h        1.1.1.1.2.1.6.1
+RELENG_6
+  src/contrib/bind9/bin/named/client.c                        1.1.1.2.2.3
+  src/contrib/bind9/lib/dns/dispatch.c                        1.1.1.1.4.2
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h            1.1.1.1.4.1
+RELENG_6_2
+  src/UPDATING                                            1.416.2.29.2.10
+  src/sys/conf/newvers.sh                                  1.69.2.13.2.10
+  src/contrib/bind9/bin/named/client.c                    1.1.1.2.2.1.4.2
+  src/contrib/bind9/lib/dns/dispatch.c                       1.1.1.1.10.2
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h           1.1.1.1.10.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.21
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.21
+  src/contrib/bind9/bin/named/client.c                    1.1.1.2.2.1.2.1
+  src/contrib/bind9/lib/dns/dispatch.c                        1.1.1.1.8.1
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h            1.1.1.1.8.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
+http://www.isc.org/sw/bind/bind-security.php
+http://www.trusteer.com/docs/bind9dns_s.html
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-07:07.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFGsPfzFdaIBMps37IRAgIfAJ9cO2LUUc0eb8T+6pltpha91wR2IgCeITpx
+H3SHyAkPMSICqnT9nY/UBE8=
+=Fop4
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-07:08.openssl.asc b/share/security/advisories/FreeBSD-SA-07:08.openssl.asc
new file mode 100644
index 0000000000..36316f73db
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-07:08.openssl.asc
@@ -0,0 +1,117 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-07:08.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Buffer overflow in OpenSSL SSL_get_shared_ciphers()
+
+Category:       contrib
+Module:         openssl
+Announced:      2007-10-03
+Credits:        Moritz Jodeit
+Affects:        All FreeBSD releases.
+Corrected:      2007-10-03 21:39:43 UTC (RELENG_6, 6.2-STABLE)
+                2007-10-03 21:40:35 UTC (RELENG_6_2, 6.2-RELEASE-p8)
+                2007-10-03 21:41:22 UTC (RELENG_6_1, 6.1-RELEASE-p20)
+                2007-10-03 21:42:00 UTC (RELENG_5, 5.5-STABLE)
+                2007-10-03 21:42:32 UTC (RELENG_5_5, 5.5-RELEASE-p16)
+CVE Name:       CVE-2007-5135
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured,
+and Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+A buffer overflow addressed in FreeBSD-SA-06:23.openssl has been found
+to be incorrectly fixed.
+
+III. Impact
+
+For applications using the SSL_get_shared_ciphers() function, the
+buffer overflow could allow an attacker to crash or potentially
+execute arbitrary code with the permissions of the user running the
+application.
+
+IV.  Workaround
+
+No workaround is available, but only applications using the
+SSL_get_shared_ciphers() function are affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
+RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patch have been verified to apply to FreeBSD 5.5, 6.1,
+and 6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:08/openssl.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/secure/lib/libssl
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.11.2.3
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.16
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.18
+  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.11.2.1.4.2
+RELENG_6
+  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.2.2
+RELENG_6_2
+  src/UPDATING                                            1.416.2.29.2.11
+  src/sys/conf/newvers.sh                                  1.69.2.13.2.11
+  src/crypto/openssl/ssl/ssl_lib.c                       1.1.1.12.2.1.2.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.22
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.22
+  src/crypto/openssl/ssl/ssl_lib.c                           1.1.1.12.6.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://marc.info/?l=bugtraq&m=119091888624735
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5135
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-07:08.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFHBA+HFdaIBMps37IRAtTQAJ0bFBZt7DVJzhQkUcu7VdNS7Kj8cwCeMQaS
+cNFjW3j2eolZhlee83l3blo=
+=zwC2
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-07:09.random.asc b/share/security/advisories/FreeBSD-SA-07:09.random.asc
new file mode 100644
index 0000000000..f395090345
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-07:09.random.asc
@@ -0,0 +1,122 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-07:09.random                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Random value disclosure
+
+Category:       core
+Module:         sys_dev_random
+Announced:      2007-11-29
+Credits:        Robert Woolley
+Affects:        All supported versions of FreeBSD
+Corrected:      2007-11-29 16:05:38 UTC (RELENG_7, 7.0-BETA4)
+                2007-11-29 16:06:12 UTC (RELENG_6, 6.3-PRERELEASE)
+                2007-11-29 16:06:54 UTC (RELENG_6_3, 6.3-RC2)
+                2007-11-29 16:07:30 UTC (RELENG_6_2, 6.2-RELEASE-p9)
+                2007-11-29 16:07:54 UTC (RELENG_6_1, 6.1-RELEASE-p21)
+                2007-11-29 16:08:54 UTC (RELENG_5, 5.5-STABLE)
+                2007-11-29 16:09:26 UTC (RELENG_5_5, 5.5-RELEASE-p17)
+CVE Name:       CVE-2007-6150
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The random(4) and urandom(4) devices return an endless supply of
+pseudo-random bytes when read.  Cryptographic algorithms often depend
+on the secrecy of these pseudo-random values for security.
+
+II.  Problem Description
+
+Under certain circumstances, a bug in the internal state tracking on
+the random(4) and urandom(4) devices can be exploited to allow replaying
+of data distributed during subsequent reads.
+
+III. Impact
+
+This could enable an adversary to determine fragments of random values
+previously read, allowing them to defeat certain security mechanisms.
+Note that the attacker has to be in close proximity to the source of
+the pseudo-randomness, which typically means local access to the system.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or 6-STABLE, or to the
+RELENG_6_2, RELENG_6_1, or RELENG_5_5 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5, 6.1,
+and 6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-07:09/random.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:09/random.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/dev/random/yarrow.c                                    1.44.2.1
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.17
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.19
+  src/sys/dev/random/yarrow.c                                    1.44.8.1
+RELENG_6
+  src/sys/dev/random/yarrow.c                                    1.45.2.2
+RELENG_6_3
+  src/UPDATING                                             1.416.2.37.2.2
+  src/sys/dev/random/yarrow.c                                1.45.2.1.6.1
+RELENG_6_2
+  src/UPDATING                                            1.416.2.29.2.12
+  src/sys/conf/newvers.sh                                  1.69.2.13.2.12
+  src/sys/dev/random/yarrow.c                                1.45.2.1.4.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.23
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.23
+  src/sys/dev/random/yarrow.c                                1.45.2.1.2.1
+RELENG_7
+  src/sys/dev/random/yarrow.c                                    1.47.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6150
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-07:09.random.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFHTuezFdaIBMps37IRAhp3AJ0UHJiYycOQCEai3Aid2uT6Jf3WZwCfdR65
+Ozmn0Qn6Ru54NRriBJG1o4g=
+=95t9
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-07:10.gtar.asc b/share/security/advisories/FreeBSD-SA-07:10.gtar.asc
new file mode 100644
index 0000000000..eed42569d9
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-07:10.gtar.asc
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-07:10.gtar                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          gtar directory traversal vulnerability
+
+Category:       contrib
+Module:         contrib_tar
+Announced:      2007-11-29
+Credits:        Dmitry V. Levinx
+Affects:        FreeBSD 5.x releases
+Corrected:      2007-11-29 16:08:54 UTC (RELENG_5, 5.5-STABLE)
+                2007-11-29 16:09:26 UTC (RELENG_5_5, 5.5-RELEASE-p17)
+CVE Name:       CVE-2007-4131
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+GNU tar (gtar) is a utility to create and extract "tape archives",
+commonly known as tar files.  GNU tar is included in FreeBSD 5.x as
+/usr/bin/gtar.
+
+II.  Problem Description
+
+Insufficient sanity checking of paths containing '.' and '..' allows
+gtar to overwrite arbitrary files on the system.
+
+III. Impact
+
+An attacker who can convince an user to extract a specially crafted
+archive can overwrite arbitrary files with the permissions of the user
+running gtar.  If that user is root, the attacker can overwrite any
+file on the system.
+
+IV.  Workaround
+
+Use "bsdtar", which has been the default tar implementation since
+FreeBSD 5.3.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_5
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-07:10/gtar.patch
+# fetch http://security.FreeBSD.org/patches/SA-07:10/gtar.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/gnu/usr.bin/tar
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/contrib/tar/src/misc.c                                      1.3.8.1
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.17
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.19
+  src/contrib/tar/src/misc.c                                     1.3.20.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4131
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-07:10.gtar.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFHTue3FdaIBMps37IRAgzFAKCMswqo5lH2+bb0yGRN+qhPqfBYlACfQ4+j
+Dq8Gbv9wz/AwDyAEZq2+1eQ=
+=1e8b
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:01.pty.asc b/share/security/advisories/FreeBSD-SA-08:01.pty.asc
new file mode 100644
index 0000000000..f62f34fac1
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:01.pty.asc
@@ -0,0 +1,170 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:01.pty                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          pty snooping
+
+Category:       core
+Module:         libc_stdlib / libutil
+Announced:      2008-01-14
+Credits:        John Baldwin
+Affects:        FreeBSD 5.0 and later.
+Corrected:      2008-01-14 22:57:45 UTC (RELENG_7, 7.0-PRERELEASE)
+                2008-01-14 22:55:54 UTC (RELENG_7_0, 7.0-RC2)
+                2008-01-14 22:56:05 UTC (RELENG_6, 6.3-PRERELEASE)
+                2008-01-14 22:56:18 UTC (RELENG_6_3, 6.3-RELEASE)
+                2008-01-14 22:56:44 UTC (RELENG_6_2, 6.2-RELEASE-p10)
+                2008-01-14 22:56:56 UTC (RELENG_6_1, 6.1-RELEASE-p22)
+                2008-01-14 22:57:06 UTC (RELENG_5, 5.5-STABLE)
+                2008-01-14 22:57:19 UTC (RELENG_5_5, 5.5-RELEASE-p18)
+CVE Name:       CVE-2008-0216, CVE-2008-0217
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+pt_chown is a setuid root support utility used by grantpt(3) to change
+ownership of a tty.
+
+openpty(3) is a support function in libutil which is used to obtain a
+pseudo-terminal.
+
+script(1) is a utility which makes a typescript of everything printed
+on a terminal.
+
+II.  Problem Description
+
+Two issues exist in the FreeBSD pty handling.
+
+If openpty(3) is called as non-root user the newly created
+pseudo-terminal is world readable and writeable.  While this is
+documented to be the case, script(1) still uses openpty(3) and
+script(1) may be used by non-root users [CVE-2008-0217].
+
+The ptsname(3) function incorrectly extracts two characters from the
+name of a device node in /dev without verifying that it's actually
+operating on a valid pty which the calling user owns.  pt_chown uses
+the bad result from ptsname(3) to change ownership of a pty to the
+user calling pt_chown [CVE-2008-0216].
+
+III. Impact
+
+If an unprivileged user is running script(1), or another program which
+uses openpty(3), an attacker may snoop text which is printed to the
+users terminal.
+
+If a malicious user has read access to a device node with characters
+in the device name that match the name of a pty, then the malicious user
+can read the content of the pty from another user.  The malicious user
+can open a lot of tty's resulting in a high probabilty of a new user
+obtaining the pty name of a "vulnerable" pty.
+
+NOTE WELL: If a user snoops a pty the snooped text will not be shown
+to the real user, which in many cases mean the real owner of the pty
+will be able to know the attack is taking place.
+
+IV.  Workaround
+
+Do not run script(1) as a non-root user.
+
+The ptsname(3) issue only affects FreeBSD 6.0 and newer.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, 6-STABLE, or
+7.0-PRERELEASE, or to the RELENG_7_0, RELENG_6_3, RELENG_6_2,
+RELENG_6_1, or RELENG_5_5 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5, 6.1,
+6.2, 6.3, and 7.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 5.5]
+# fetch http://security.FreeBSD.org/patches/SA-08:01/pty5.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:01/pty5.patch.asc
+
+[FreeBSD 6.x]
+# fetch http://security.FreeBSD.org/patches/SA-08:01/pty6.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:01/pty6.patch.asc
+
+[FreeBSD 7.0]
+# fetch http://security.FreeBSD.org/patches/SA-08:01/pty7.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:01/pty7.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/lib/libutil/pty.c                                          1.15.4.1
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.18
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.20
+  src/lib/libutil/pty.c                                         1.15.16.1
+RELENG_6
+  src/lib/libc/stdlib/grantpt.c                                   1.4.2.2
+  src/lib/libutil/pty.c                                         1.15.10.2
+RELENG_6_3
+  src/UPDATING                                             1.416.2.37.2.3
+  src/sys/conf/newvers.sh                                   1.69.2.15.2.3
+  src/lib/libc/stdlib/grantpt.c                                  1.4.10.2
+  src/lib/libutil/pty.c                                         1.15.20.2
+RELENG_6_2
+  src/UPDATING                                            1.416.2.29.2.13
+  src/sys/conf/newvers.sh                                  1.69.2.13.2.13
+  src/lib/libc/stdlib/grantpt.c                                   1.4.8.1
+  src/lib/libutil/pty.c                                         1.15.18.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.24
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.24
+  src/lib/libc/stdlib/grantpt.c                                   1.4.6.1
+  src/lib/libutil/pty.c                                         1.15.14.1
+RELENG_7
+  src/lib/libc/stdlib/grantpt.c                                   1.7.2.4
+  src/lib/libutil/pty.c                                          1.17.2.3
+RELENG_7_0
+  src/UPDATING                                              1.507.2.3.2.1
+  src/sys/conf/newvers.sh                                    1.72.2.5.2.2
+  src/lib/libc/stdlib/grantpt.c                               1.7.2.2.2.2
+  src/lib/libutil/pty.c                                      1.17.2.2.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0216
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0217
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:01.pty.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFHi+nfFdaIBMps37IRAhtUAJ9GXtRjTIxcbrCOxoMnO50ZLc5mAgCdGSyO
+D83MVnUtP9rhzD2JfOPbaOw=
+=V/kt
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:02.libc.asc b/share/security/advisories/FreeBSD-SA-08:02.libc.asc
new file mode 100644
index 0000000000..c2ca59ea13
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:02.libc.asc
@@ -0,0 +1,121 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:02.libc                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          inet_network() buffer overflow
+
+Category:       core
+Module:         libc
+Announced:      2008-01-14
+Credits:        Bjoern A. Zeeb and Nate Eldredge
+Affects:        FreeBSD 6.2
+Corrected:      2008-01-14 22:57:45 UTC (RELENG_7, 7.0-PRERELEASE)
+                2008-01-14 22:55:54 UTC (RELENG_7_0, 7.0-RC2)
+                2008-01-14 22:56:05 UTC (RELENG_6, 6.3-PRERELEASE)
+                2008-01-14 22:56:18 UTC (RELENG_6_3, 6.3-RELEASE)
+                2008-01-14 22:56:44 UTC (RELENG_6_2, 6.2-RELEASE-p10)
+CVE Name:       CVE-2008-0122
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The resolver is the part of libc that resolves hostnames (example.com) to
+internet protocol (IP) addresses (192.0.2.1) and vice versa.
+
+The inet_network() function returns an in_addr_t representing the network
+address of the IP address given to inet_network() as a character string in
+the dot-notation.
+
+II.  Problem Description
+
+An off-by-one error in the inet_network() function could lead to memory
+corruption with certain inputs.
+
+III. Impact
+
+For programs which passes untrusted data to inet_network(), an
+attacker may be able to overwrite a region of memory with user defined
+data by causing specially crafted input to be passed to
+inet_network().
+
+Depending on the region of memory the attacker is able to overwrite,
+this might lead to a denial of service or potentially code execution
+in the program using inet_network().
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7.0-PRERELEASE, or 6-STABLE, or
+to the, RELENG_7_0, RELENG_6_3, or RELENG_6_2 security branch dated
+after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 7.0, 6.3,
+or 6.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-08:02/libc.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:02/libc.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/lib/libc/inet/inet_network.c                                1.2.2.2
+RELENG_6_3
+  src/UPDATING                                             1.416.2.37.2.3
+  src/sys/conf/newvers.sh                                   1.69.2.15.2.3
+  src/lib/libc/inet/inet_network.c                            1.2.2.1.4.1
+RELENG_6_2
+  src/UPDATING                                            1.416.2.29.2.13
+  src/sys/conf/newvers.sh                                  1.69.2.13.2.13
+  src/lib/libc/inet/inet_network.c                            1.2.2.1.2.1
+RELENG_7
+  src/lib/libc/inet/inet_network.c                                1.4.2.1
+RELENG_7_0
+  src/UPDATING                                              1.507.2.3.2.1
+  src/sys/conf/newvers.sh                                    1.72.2.5.2.2
+  src/lib/libc/inet/inet_network.c                                1.4.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0122
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:02.libc.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFHi+ntFdaIBMps37IRAr+GAJ9YxPIsD5OeyYkrwo5auWKgQwZRywCdHSrY
+NsNxcHsgdo7divn+LEkQ9po=
+=3RQQ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:03.sendfile.asc b/share/security/advisories/FreeBSD-SA-08:03.sendfile.asc
new file mode 100644
index 0000000000..d8f7866c36
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:03.sendfile.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:03.sendfile                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          sendfile(2) write-only file permission bypass
+
+Category:       core
+Module:         sys_kern
+Announced:      2008-02-14
+Credits:        Kostik Belousov
+Affects:        All supported versions of FreeBSD
+Corrected:      2008-02-14 11:45:00 UTC (RELENG_7, 7.0-PRERELEASE)
+                2008-02-14 11:45:41 UTC (RELENG_7_0, 7.0-RELEASE)
+                2008-02-14 11:46:08 UTC (RELENG_6, 6.3-STABLE)
+                2008-02-14 11:46:41 UTC (RELENG_6_3, 6.3-RELEASE-p1)
+                2008-02-14 11:47:06 UTC (RELENG_6_2, 6.2-RELEASE-p11)
+                2008-02-14 11:47:39 UTC (RELENG_6_1, 6.1-RELEASE-p23)
+                2008-02-14 11:49:39 UTC (RELENG_5, 5.5-STABLE)
+                2008-02-14 11:50:28 UTC (RELENG_5_5, 5.5-RELEASE-p19)
+CVE Name:       CVE-2008-0777
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The sendfile(2) system call allows a server application (such as a
+HTTP or FTP server) to transmit the contents of a file over a network
+connection without first copying it to application memory.  High
+performance servers such as the Apache HTTP Server and ftpd use sendfile.
+
+II.  Problem Description
+
+When a process opens a file (and other file system objects, such as
+directories), it specifies access flags indicating its intent to read,
+write, or perform other operations.  These flags are checked against
+file system permissions, and then stored in the resulting file
+descriptor to validate future operations against.
+
+The sendfile(2) system call does not check the file descriptor access
+flags before sending data from a file.
+
+III. Impact
+
+If a file is write-only, a user process can open the file and use
+sendfile to send the content of the file over a socket, even though the
+user does not have read access to the file, resulting in possible
+disclosure of sensitive information.
+
+IV.  Workaround
+
+No workaround is available, but systems are only vulnerable if
+write-only files exist, which are not widely used.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, 6-STABLE, or
+7.0-PRERELEASE, or to the RELENG_7_0, RELENG_6_3, RELENG_6_2,
+RELENG_6_1, or RELENG_5_5 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5, 6.1,
+6.2, 6.3, and 7.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 6.2, 6.3, and 7.0]
+# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile.patch.asc
+
+[FreeBSD 6.1]
+# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile61.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile61.patch.asc
+
+[FreeBSD 5.5]
+# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile55.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:03/sendfile55.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/kern/kern_descrip.c                                  1.243.2.11
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.20
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.21
+  src/sys/kern/kern_descrip.c                               1.243.2.9.2.1
+RELENG_6
+  src/sys/kern/kern_descrip.c                                  1.279.2.16
+  src/sys/kern/uipc_syscalls.c                                  1.221.2.5
+RELENG_6_3
+  src/UPDATING                                             1.416.2.37.2.5
+  src/sys/conf/newvers.sh                                   1.69.2.15.2.4
+  src/sys/kern/kern_descrip.c                              1.279.2.15.2.1
+  src/sys/kern/uipc_syscalls.c                              1.221.2.4.4.1
+RELENG_6_2
+  src/UPDATING                                            1.416.2.29.2.15
+  src/sys/conf/newvers.sh                                  1.69.2.13.2.14
+  src/sys/kern/kern_descrip.c                               1.279.2.9.2.1
+  src/sys/kern/uipc_syscalls.c                              1.221.2.4.2.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.26
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.25
+  src/sys/kern/kern_descrip.c                               1.279.2.6.2.1
+  src/sys/kern/uipc_syscalls.c                              1.221.2.1.2.1
+RELENG_7
+  src/sys/kern/kern_descrip.c                                   1.313.2.1
+  src/sys/kern/uipc_syscalls.c                                  1.259.2.2
+RELENG_7_0
+  src/UPDATING                                              1.507.2.3.2.3
+  src/sys/kern/kern_descrip.c                                   1.313.4.1
+  src/sys/kern/uipc_syscalls.c                                  1.259.4.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0777
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:03.sendfile.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.8 (FreeBSD)
+
+iD8DBQFHtC0DFdaIBMps37IRAqp8AJ91+flnCIUSvKoFQyXfD1YTnPnuqgCcDiPJ
+SR4X1dNFENsHMq9ROrQhr1c=
+=TX1R
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:04.ipsec.asc b/share/security/advisories/FreeBSD-SA-08:04.ipsec.asc
new file mode 100644
index 0000000000..8986177770
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:04.ipsec.asc
@@ -0,0 +1,104 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:04.ipsec                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          IPsec null pointer dereference panic
+
+Category:       core
+Module:         ipsec
+Announced:      2008-02-14
+Credits:        Takashi Sogabe, Tatuya Jinmei
+Affects:        FreeBSD 5.5
+Corrected:      2008-02-14 11:49:39 UTC (RELENG_5, 5.5-STABLE)
+                2008-02-14 11:50:28 UTC (RELENG_5_5, 5.5-RELEASE-p19)
+CVE Name:       CVE-2008-0177
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The IPsec suite of protocols provide network level security for IPv4
+and IPv6 packets.  FreeBSD includes software originally developed by
+the KAME project which implements the various protocols that make up
+IPsec.
+
+II.  Problem Description
+
+There is an improper reference to a data structure in the processing of
+IPsec packets, which can result in a NULL pointer being dereferenced.
+
+III. Impact
+
+A single specifically crafted IPv6 packet could cause the kernel to panic,
+when the kernel had been configured to process IPsec and IPv6 traffic.
+
+This requires IPSEC to be compiled into the kernel, it does not necessarily
+have to be configured at that point.
+
+IV.  Workaround
+
+No workaround is available, but kernels which does not include IPsec
+support are not vulnerable.  The GENERIC and SMP kernel configurations
+distributed with FreeBSD releases do not include IPsec support.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, or to the RELENG_5_5
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 5.5 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-08:04/ipsec.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:04/ipsec.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/sys/netinet6/ipcomp_input.c                                 1.7.4.2
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.20
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.21
+  src/sys/netinet6/ipcomp_input.c                             1.7.4.1.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.kb.cert.org/vuls/id/110947
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0177
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:04.ipsec.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.8 (FreeBSD)
+
+iD8DBQFHtC0HFdaIBMps37IRAt5gAKCGnYEX3r7n0Dsypmfv2m1J9pgICwCfd6uH
+Gy2w6OYNovnfrb7EN0jWCjM=
+=jHy3
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:05.openssh.asc b/share/security/advisories/FreeBSD-SA-08:05.openssh.asc
new file mode 100644
index 0000000000..a532eaf368
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:05.openssh.asc
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:05.openssh                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSH X11-forwarding privilege escalation
+
+Category:       contrib
+Module:         openssh
+Announced:      2008-04-17
+Credits:        Timo Juhani Lindfors
+Affects:        All supported versions of FreeBSD
+Corrected:      2008-04-16 23:58:33 UTC (RELENG_7, 7.0-STABLE)
+                2008-04-16 23:58:52 UTC (RELENG_7_0, 7.0-RELEASE-p1)
+                2008-04-16 23:59:35 UTC (RELENG_6, 6.3-STABLE)
+                2008-04-16 23:59:48 UTC (RELENG_6_3, 6.3-RELEASE-p2)
+                2008-04-17 00:00:04 UTC (RELENG_6_2, 6.2-RELEASE-p12)
+                2008-04-17 00:00:28 UTC (RELENG_6_1, 6.1-RELEASE-p24)
+                2008-04-17 00:00:41 UTC (RELENG_5, 5.5-STABLE)
+                2008-04-17 00:00:54 UTC (RELENG_5_5, 5.5-RELEASE-p20)
+CVE Name:       CVE-2008-1483
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+OpenSSH is an implementation of the SSH protocol suite, providing an
+encrypted and authenticated transport for a variety of services,
+including remote shell access.  The OpenSSH server daemon (sshd)
+provides support for the X11 protocol by binding to a port on the
+server and forwarding any connections which are made to that port.
+
+II.  Problem Description
+
+When logging in via SSH with X11-forwarding enabled, sshd(8) fails to
+correctly handle the case where it fails to bind to an IPv4 port but
+successfully binds to an IPv6 port.  In this case, applications which
+use X11 will connect to the IPv4 port, even though it had not been
+bound by sshd(8) and is therefore not being securely forwarded.
+
+III. Impact
+
+A malicious user could listen for X11 connections on a unused IPv4
+port, e.g tcp port 6010.  When an unaware user logs in and sets up X11
+fowarding the malicious user can capture all X11 data send over the
+port, potentially disclosing sensitive information or allowing the
+execution of commands with the privileges of the user using the
+X11 forwarding.
+
+NOTE WELL: FreeBSD ships with IPv6 enabled by default in the GENERIC
+and SMP kernels, so users are vulnerable even they have not explicitly
+enabled IPv6 networking.
+
+IV.  Workaround
+
+Disable support for IPv6 in the sshd(8) daemon by setting the option
+"AddressFamily inet" in /etc/ssh/sshd_config.
+
+Disable support for X11 forwarding in the sshd(8) daemon by setting
+the option "X11Forwarding no" in /etc/ssh/sshd_config.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 5-STABLE, 6-STABLE, or 7-STABLE,
+or to the RELENG_7_0, RELENG_6_3, RELENG_6_2, RELENG_6_1, RELENG_5_5
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 5.5, 6.1,
+6.2, 6.3, and 7.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-08:05/openssh.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:05/openssh.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/secure/lib/libssh
+# make obj && make depend && make && make install
+# cd /usr/src/secure/usr.sbin/sshd
+# make obj && make depend && make && make install
+# /etc/rc.d/sshd restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_5
+  src/crypto/openssh/channels.c                                  1.18.2.1
+RELENG_5_5
+  src/UPDATING                                            1.342.2.35.2.21
+  src/sys/conf/newvers.sh                                  1.62.2.21.2.22
+  src/crypto/openssh/channels.c                                  1.18.8.1
+RELENG_6
+  src/crypto/openssh/channels.c                                  1.20.2.3
+RELENG_6_3
+  src/UPDATING                                             1.416.2.37.2.6
+  src/sys/conf/newvers.sh                                   1.69.2.15.2.5
+  src/crypto/openssh/channels.c                              1.20.2.2.4.1
+RELENG_6_2
+  src/UPDATING                                            1.416.2.29.2.16
+  src/sys/conf/newvers.sh                                  1.69.2.13.2.15
+  src/crypto/openssh/channels.c                              1.20.2.2.2.1
+RELENG_6_1
+  src/UPDATING                                            1.416.2.22.2.27
+  src/sys/conf/newvers.sh                                  1.69.2.11.2.26
+  src/crypto/openssh/channels.c                              1.20.2.1.4.1
+RELENG_7
+  src/crypto/openssh/channels.c                                  1.23.2.1
+RELENG_7_0
+  src/UPDATING                                              1.507.2.3.2.5
+  src/sys/conf/newvers.sh                                    1.72.2.5.2.5
+  src/crypto/openssh/channels.c                                  1.23.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463011
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1483
+http://www.openssh.com/txt/release-5.0
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:05.openssh.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQFICXCKFdaIBMps37IRAnTEAJ9vVF3ShIpmOes+FB4TGzIZeBB85gCdFOc5
+zHQV1Flg2JpAARha1Yz2q98=
+=P9XX
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:06.bind.asc b/share/security/advisories/FreeBSD-SA-08:06.bind.asc
new file mode 100644
index 0000000000..4d81e8aca0
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:06.bind.asc
@@ -0,0 +1,163 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:06.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          DNS cache poisoning
+
+Category:       contrib
+Module:         bind
+Announced:      2008-07-13
+Credits:        Dan Kaminsky
+Affects:        All supported FreeBSD versions.
+Corrected:      2008-07-12 10:07:33 UTC (RELENG_6, 6.3-STABLE)
+                2008-07-13 18:42:38 UTC (RELENG_6_3, 6.3-RELEASE-p3)
+                2008-07-13 18:42:38 UTC (RELENG_7, 7.0-STABLE)
+                2008-07-13 18:42:38 UTC (RELENG_7_0, 7.0-RELEASE-p3)
+CVE Name:       CVE-2008-1447
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.  DNS requests
+contain a query id which is used to match a DNS request with the response
+and to make it harder for anybody but the DNS server which received the
+request to send a valid response.
+
+II.  Problem Description
+
+The BIND DNS implementation does not randomize the UDP source port when 
+doing remote queries, and the query id alone does not provide adequate
+randomization.
+
+III. Impact
+
+The lack of source port randomization reduces the amount of data the
+attacker needs to guess in order to successfully execute a DNS cache
+poisoning attack.  This allows the attacker to influence or control
+the results of DNS queries being returned to users from target systems.
+
+IV.  Workaround
+
+Limiting the group of machines that can do recursive queries on the DNS
+server will make it more difficult, but not impossible, for this
+vulnerability to be exploited.
+
+To limit the machines able to perform recursive queries, add an ACL in
+named.conf and limit recursion like the following:
+
+acl example-acl {
+   192.0.2.0/24;
+};
+
+options {
+	recursion yes;
+	allow-recursion { example-acl; };
+};
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE or 7-STABLE, or to the
+RELENG_7_0 or RELENG_6_3 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3 and
+7.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 6.3]
+# fetch http://security.FreeBSD.org/patches/SA-08:06/bind63.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:06/bind63.patch.asc
+
+[FreeBSD 7.0]
+# fetch http://security.FreeBSD.org/patches/SA-08:06/bind7.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:06/bind7.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+
+NOTE WELL: This update causes BIND to choose a new, random UDP port for
+each new query; this may cause problems for some network configurations,
+particularly if firewall(s) block incoming UDP packets on particular
+ports.  The avoid-v4-udp-ports and avoid-v6-udp-ports options should be
+used to avoid selecting random port numbers within a blocked range.
+
+NOTE WELL: If a port number is specified via the query-source or
+query-source-v6 options to BIND, randomized port selection will not be
+used.  Consequently it is strongly recommended that these options not
+be used to specify fixed port numbers.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/contrib/bind9/bin/named/client.c                        1.1.1.2.2.5
+  src/contrib/bind9/bin/named/server.c                        1.1.1.2.2.4
+  src/contrib/bind9/lib/dns/api                               1.1.1.2.2.5
+  src/contrib/bind9/lib/dns/dispatch.c                        1.1.1.1.4.4
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h            1.1.1.1.4.3
+  src/contrib/bind9/lib/dns/resolver.c                        1.1.1.2.2.8
+RELENG_6_3
+  src/UPDATING                                             1.416.2.37.2.8
+  src/sys/conf/newvers.sh                                   1.69.2.15.2.7
+  src/contrib/bind9/bin/named/client.c                    1.1.1.2.2.3.2.1
+  src/contrib/bind9/bin/named/server.c                    1.1.1.2.2.2.2.1
+  src/contrib/bind9/lib/dns/api                           1.1.1.2.2.3.2.1
+  src/contrib/bind9/lib/dns/dispatch.c                    1.1.1.1.4.2.2.1
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h        1.1.1.1.4.1.2.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.2.2.6.2.1
+RELENG_7
+  src/contrib/bind9/bin/named/client.c                        1.1.1.6.2.2
+  src/contrib/bind9/bin/named/server.c                        1.1.1.6.2.2
+  src/contrib/bind9/lib/dns/api                               1.1.1.6.2.2
+  src/contrib/bind9/lib/dns/dispatch.c                        1.1.1.4.2.2
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h            1.1.1.3.2.2
+  src/contrib/bind9/lib/dns/resolver.c                        1.1.1.9.2.2
+RELENG_7_0
+  src/UPDATING                                              1.507.2.3.2.7
+  src/sys/conf/newvers.sh                                    1.72.2.5.2.7
+  src/contrib/bind9/bin/named/client.c                    1.1.1.6.2.1.2.1
+  src/contrib/bind9/bin/named/server.c                    1.1.1.6.2.1.2.1
+  src/contrib/bind9/lib/dns/api                           1.1.1.6.2.1.2.1
+  src/contrib/bind9/lib/dns/dispatch.c                    1.1.1.4.2.1.2.1
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h        1.1.1.3.2.1.2.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.9.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
+http://www.kb.cert.org/vuls/id/800113
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:06.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkh6UiMACgkQFdaIBMps37IE5ACfYzpWMhEXgWNdjwVlzd7JTwBS
+Eu0AnRIogMIJ3fjQF4hcymtdwR6buRNc
+=shnR
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:07.amd64.asc b/share/security/advisories/FreeBSD-SA-08:07.amd64.asc
new file mode 100644
index 0000000000..70b1e7375e
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:07.amd64.asc
@@ -0,0 +1,140 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:07.amd64                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          amd64 swapgs local privilege escalation
+
+Category:       core
+Module:         sys_amd64_amd64
+Announced:      2008-09-03
+Credits:        Nate Eldredge
+Affects:        All supported FreeBSD/amd64 versions.
+Corrected:      2008-08-21 09:58:18 UTC (RELENG_7, 7.0-STABLE)
+                2008-09-03 19:09:47 UTC (RELENG_7_0, 7.0-RELEASE-p4)
+                2008-09-03 19:09:47 UTC (RELENG_6, 6.4-PRERELEASE)
+                2008-09-03 19:09:47 UTC (RELENG_6_3, 6.3-RELEASE-p4)
+CVE Name:       CVE-2008-3890
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD/amd64 is commonly used on 64bit systems with AMD and Intel
+CPU's.  For Intel CPU's this architecture is known as EM64T or Intel
+64.
+
+The gs segment CPU register is used by both user processes and the
+kernel to convieniently access state data.  User processes use it to
+manage per-thread data, and the kernel uses it to manage per-processor
+data.  As the processor enters and leaves the kernel it uses the
+'swapgs' instruction to toggle between the kernel and user values for
+the gs register.
+
+The kernel stores critical information in its per-processor data
+block.  This includes the currently executing process and its
+credentials.
+
+As the processor switches between user and kernel level, a number of
+checks are performed in order to implement the privilege protection
+system.  If the processor detects a problem while attempting to switch
+privilege levels it generates a trap - typically general protection
+fault (GPF).  In that case, the processor aborts the return to the
+user level process and re-enters the kernel.  The FreeBSD kernel
+allows the user process to be notified of such an event by a signal
+(SIGSEGV or SIGBUS).
+
+II.  Problem Description
+
+If a General Protection Fault happens on a FreeBSD/amd64 system while
+it is returning from an interrupt, trap or system call, the swapgs CPU
+instruction may be called one extra time when it should not resulting
+in userland and kernel state being mixed.
+
+III. Impact
+
+A local attacker can by causing a General Protection Fault while the
+kernel is returning from an interrupt, trap or system call while
+manipulating stack frames and, run arbitrary code with kernel
+privileges.
+
+The vulnerability can be used to gain kernel / supervisor privilege.
+This can for example be used by normal users to gain root privileges,
+to break out of jails, or bypass Mandatory Access Control (MAC)
+restrictions.
+
+IV.  Workaround
+
+No workaround is available, but only systems running the 64 bit
+FreeSD/amd64 kernels are vulnerable.
+
+Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386
+kernel are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_0, or RELENG_6_3 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3 and
+7.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-08:07/amd64.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:07/amd64.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/amd64/amd64/exception.S                               1.125.2.3
+RELENG_6_3
+  src/UPDATING                                             1.416.2.37.2.9
+  src/sys/conf/newvers.sh                                   1.69.2.15.2.8
+  src/sys/amd64/amd64/exception.S                           1.125.2.2.2.1
+RELENG_7
+  src/sys/amd64/amd64/exception.S                               1.129.2.2
+RELENG_7_0
+  src/UPDATING                                              1.507.2.3.2.8
+  src/sys/conf/newvers.sh                                    1.72.2.5.2.8
+  src/sys/amd64/amd64/exception.S                           1.129.2.1.2.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3890
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:07.amd64.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQFIvu2TFdaIBMps37IRAqt8AJsGd/2WDuMZYUeOcVKekHEHZWRoMACdGnVs
+0JZMykjScj7GbrsOlOW3uQg=
+=bs1z
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:08.nmount.asc b/share/security/advisories/FreeBSD-SA-08:08.nmount.asc
new file mode 100644
index 0000000000..4408af1c5f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:08.nmount.asc
@@ -0,0 +1,113 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:08.nmount                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          nmount(2) local arbitrary code execution
+
+Category:       core
+Module:         sys_kern
+Announced:      2008-09-03
+Credits:        James Gritton
+Affects:        FreeBSD 7.0-RELEASE, FreeBSD 7.0-STABLE
+Corrected:      2008-09-03 19:09:47 UTC (RELENG_7, 7.1-PRERELEASE)
+                2008-09-03 19:09:47 UTC (RELENG_7_0, 7.0-RELEASE-p4)
+CVE Name:       CVE-2008-3531
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The mount(2) and nmount(2) system calls are used by various utilities
+in the base system to graft a file system object on to the file system
+tree to a given mount point.  It is possible to allow unprivileged
+users to utililize these system calls by setting the vfs.usermount
+sysctl(8) variable.
+
+II.  Problem Description
+
+Various user defined input such as mount points, devices, and mount
+options are prepared and passed as arguments to nmount(2) into the
+kernel.  Under certain error conditions, user defined data will be
+copied into a stack allocated buffer stored in the kernel without
+sufficient bounds checking.
+
+III. Impact
+
+If the system is configured to allow unprivileged users to mount file
+systems, it is possible for a local adversary to exploit this
+vulnerability and execute code in the context of the kernel.
+
+IV.  Workaround
+
+It is possible to work around this issue by allowing only privileged
+users to mount file systems by running the following sysctl(8)
+command:
+
+# sysctl vfs.usermount=0
+
+V.   Solution
+
+NOTE WELL: Even with this fix allowing users to mount arbitrary media
+should not be considered safe.  Most of the file systems in FreeBSD
+was not built to protect safeguard against malicious devices.  While
+such bugs in file systems are fixed when found, a complete audit has
+not been perfomed on the file system code.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_0
+security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 7.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-08:08/nmount.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:08/nmount.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/kern/vfs_mount.c                                     1.265.2.10
+RELENG_7_0
+  src/UPDATING                                              1.507.2.3.2.8
+  src/sys/conf/newvers.sh                                    1.72.2.5.2.8
+  src/sys/kern/vfs_mount.c                                  1.265.2.1.2.2
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3531
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:08.nmount.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQFIvu2eFdaIBMps37IRAl9BAJ9Jnp+agN06pBkzPDwEnOT83MNd6QCghOFX
+yvNI1gVmhAQ7MXOUvPoLcLk=
+=EsCn
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:09.icmp6.asc b/share/security/advisories/FreeBSD-SA-08:09.icmp6.asc
new file mode 100644
index 0000000000..6dbf95a80f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:09.icmp6.asc
@@ -0,0 +1,113 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:09.icmp6                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Remote kernel panics on IPv6 connections
+
+Category:       core
+Module:         sys_netinet6
+Announced:      2008-09-03
+Credits:        Tom Parker, Bjoern A. Zeeb
+Affects:        All supported versions of FreeBSD.
+Corrected:      2008-09-03 19:09:47 UTC (RELENG_7, 7.1-PRERELEASE)
+                2008-09-03 19:09:47 UTC (RELENG_7_0, 7.0-RELEASE-p4)
+                2008-09-03 19:09:47 UTC (RELENG_6, 6.4-PRERELEASE)
+                2008-09-03 19:09:47 UTC (RELENG_6_3, 6.3-RELEASE-p4)
+CVE Name:       CVE-2008-3530
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+IPv6 nodes use ICMPv6 amongst other things to report errors encountered
+while processing packets.  The 'Packet Too Big Message' is sent in
+case a node cannot forward a packet because the size of the packet is
+larger than the MTU of next-hop link.
+
+II.  Problem Description
+
+In case of an incoming ICMPv6 'Packet Too Big Message', there is an
+insufficient check on the proposed new MTU for a path to the destination.
+
+III. Impact
+
+When the kernel is configured to process IPv6 packets and has active
+IPv6 TCP sockets, a specifically crafted ICMPv6 'Packet Too Big
+Message' could cause the TCP stack of the kernel to panic,
+
+IV.  Workaround
+
+Systems without INET6 / IPv6 support are not vulnerable and neither
+are systems which do not listen on any IPv6 TCP sockets and have no
+active IPv6 connections.
+
+Filter ICMPv6 'Packet Too Big Messages' using a firewall, but this
+will at the same time break PMTU support for IPv6 connections.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE or 7-STABLE, or to the
+RELENG_6_3 or RELENG_7_0 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3 and
+FreeBSD 7.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-08:09/icmp6.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:09/icmp6.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/netinet6/icmp6.c                                      1.62.2.11
+RELENG_6_3
+  src/UPDATING                                             1.416.2.37.2.9
+  src/sys/conf/newvers.sh                                   1.69.2.15.2.8
+  src/sys/netinet6/icmp6.c                                   1.62.2.9.2.1
+RELENG_7
+  src/sys/netinet6/icmp6.c                                       1.80.2.7
+RELENG_7_0
+  src/UPDATING                                              1.507.2.3.2.8
+  src/sys/conf/newvers.sh                                    1.72.2.5.2.8
+  src/sys/netinet6/icmp6.c                                       1.80.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3530
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:09.icmp6.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQFIvu2hFdaIBMps37IRAjxxAJwIIXP+ALAZkvG5m687PC+92BtXTwCfUZdS
+AvvrO0r+UAa6bn1H9mFf9So=
+=MBB1
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:10.nd6.asc b/share/security/advisories/FreeBSD-SA-08:10.nd6.asc
new file mode 100644
index 0000000000..19945b1592
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:10.nd6.asc
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:10.nd6                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          IPv6 Neighbor Discovery Protocol routing vulnerability
+
+Category:       core
+Module:         sys_netinet6
+Announced:      2008-10-01
+Credits:        David Miles
+Affects:        All supported versions of FreeBSD.
+Corrected:      2008-10-01 00:32:59 UTC (RELENG_7, 7.1-PRERELEASE)
+                2008-10-01 00:32:59 UTC (RELENG_7_0, 7.0-RELEASE-p5)
+                2008-10-01 00:32:59 UTC (RELENG_6, 6.4-PRERELEASE)
+                2008-10-01 00:32:59 UTC (RELENG_6_3, 6.3-RELEASE-p5)
+CVE Name:       CVE-2008-2476
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+IPv6 nodes use the Neighbor Discovery protocol to determine the link-layer
+address of other nodes, find routers, and maintain reachability information.
+The Neighbor Discovery protocol uses Neighbor Solicitation (ICMPv6 type 135)
+to query target nodes for their link-layer addresses.
+
+II.  Problem Description
+
+IPv6 routers may allow "on-link" IPv6 nodes to create and update the
+router's neighbor cache and forwarding information.  A malicious IPv6 node
+sharing a common router but on a different physical segment from another
+node may be able to spoof Neighbor Discovery messages, allowing it to update
+router information for the victim node.
+
+III. Impact
+
+An attacker on a different physical network connected to the same IPv6
+router as another node could redirect IPv6 traffic intended for that node.
+This could lead to denial of service or improper access to private network
+traffic.
+
+IV.  Workaround
+
+Firewall packet filters can be used to filter incoming Neighbor
+Solicitation messages but may interfere with normal IPv6 operation if not
+configured carefully.
+
+Reverse path forwarding checks could be used to make gateways, such as
+routers or firewalls, drop Neighbor Solicitation messages from
+nodes with unexpected source addresses on a particular interface.
+
+IPv6 router administrators are encouraged to read RFC 3756 for further
+discussion of Neighbor Discovery security implications.
+
+V.   Solution
+
+NOTE WELL: The solution described below causes IPv6 Neighbor Discovery
+Neighbor Solicitation messages from non-neighbors to be ignored.
+This can be re-enabled if required by setting the newly added
+net.inet6.icmp6.nd6_onlink_ns_rfc4861 sysctl to a non-zero value.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_0, or RELENG_6_3 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3 and
+7.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 6.3]
+# fetch http://security.FreeBSD.org/patches/SA-08:10/nd6-6.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:10/nd6-6.patch.asc
+
+[FreeBSD 7.0]
+# fetch http://security.FreeBSD.org/patches/SA-08:10/nd6-7.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:10/nd6-7.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/netinet6/in6.h                                        1.36.2.10
+  src/sys/netinet6/in6_proto.c                                  1.32.2.10
+  src/sys/netinet6/nd6.h                                         1.19.2.4
+  src/sys/netinet6/nd6_nbr.c                                    1.29.2.11
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.10
+  src/sys/conf/newvers.sh                                   1.69.2.15.2.9
+  src/sys/netinet6/in6.h                                     1.36.2.8.2.1
+  src/sys/netinet6/in6_proto.c                               1.32.2.8.2.1
+  src/sys/netinet6/nd6.h                                     1.19.2.2.6.1
+  src/sys/netinet6/nd6_nbr.c                                 1.29.2.9.2.1
+RELENG_7
+  src/sys/netinet6/in6.h                                         1.51.2.2
+  src/sys/netinet6/in6_proto.c                                   1.46.2.3
+  src/sys/netinet6/nd6.h                                         1.21.2.2
+  src/sys/netinet6/nd6_nbr.c                                     1.47.2.3
+RELENG_7_0
+  src/UPDATING                                              1.507.2.3.2.9
+  src/sys/conf/newvers.sh                                    1.72.2.5.2.9
+  src/sys/netinet6/in6.h                                         1.51.4.1
+  src/sys/netinet6/in6_proto.c                                   1.46.4.1
+  src/sys/netinet6/nd6.h                                         1.21.4.1
+  src/sys/netinet6/nd6_nbr.c                                     1.47.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2476
+http://www.kb.cert.org/vuls/id/472363
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:10.nd6.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkjkF2cACgkQFdaIBMps37KWWgCZAfug94zPIdkzW0tdIdSDzH/0
+j18AnjypvJrRtzeQqhJkRU9wQWozgWvj
+=ieTi
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:11.arc4random.asc b/share/security/advisories/FreeBSD-SA-08:11.arc4random.asc
new file mode 100644
index 0000000000..a2097ba77b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:11.arc4random.asc
@@ -0,0 +1,168 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08.11.arc4random                                 Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          arc4random(9) predictable sequence vulnerability
+
+Category:       core
+Module:         sys
+Announced:      2008-11-24
+Credits:        Robert Woolley, Mark Murray, Maxim Dounin, Ruslan Ermilov
+Affects:        All supported versions of FreeBSD.
+Corrected:      2008-11-24 17:39:39 UTC (RELENG_7, 7.1-PRERELEASE)
+                2008-11-24 17:39:39 UTC (RELENG_7_0, 7.0-RELEASE-p6)
+                2008-11-24 17:39:39 UTC (RELENG_6, 6.4-STABLE)
+                2008-11-24 17:39:39 UTC (RELENG_6_4, 6.4-RELEASE)
+                2008-11-24 17:39:39 UTC (RELENG_6_3, 6.3-RELEASE-p6)
+CVE Name:       CVE-2008-5162
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+arc4random(9) is a generic-purpose random number generator based on the
+key stream generator of the RC4 cipher.  It is expected to be
+cryptographically strong, and used throughout the FreeBSD kernel for a
+variety of purposes, some of which rely on its cryptographic strength.
+arc4random(9) is periodically reseeded with entropy from the FreeBSD
+kernel's Yarrow random number generator, which gathers entropy from a
+variety of sources including hardware interrupts.  During the boot
+process, additional entropy is provided to the Yarrow random number
+generator from userland, helping to ensure that adequate entropy is
+present for cryptographic purposes.
+
+II.  Problem Description
+ 
+When the arc4random(9) random number generator is initialized, there may
+be inadequate entropy to meet the needs of kernel systems which rely on
+arc4random(9); and it may take up to 5 minutes before arc4random(9) is
+reseeded with secure entropy from the Yarrow random number generator.
+
+III. Impact
+
+All security-related kernel subsystems that rely on a quality random
+number generator are subject to a wide range of possible attacks for the
+300 seconds after boot or until 64k of random data is consumed.  The list
+includes:
+
+* GEOM ELI providers with onetime keys.  When a provider is configured in
+  a way so that it gets attached at the same time during boot (e.g. it
+  uses the rc subsystem to initialize) it might be possible for an
+  attacker to recover the encrypted data.
+
+* GEOM shsec providers.  The GEOM shsec subsytem is used to split a shared
+  secret between two providers so that it can be recovered when both of
+  them are present.  This is done by writing the random sequence to one
+  of providers while appending the result of the random sequence on the
+  other host to the original data.  If the provider was created within the
+  first 300 seconds after booting, it might be possible for an attacker
+  to extract the original data with access to only one of the two providers
+  between which the secret data is split.
+
+* System processes started early after boot may receive predictable IDs.
+
+* The 802.11 network stack uses arc4random(9) to generate initial vectors
+  (IV) for WEP encryption when operating in client mode and WEP
+  authentication challenges when operating in hostap mode, which may be
+  insecure.
+
+* The IPv4, IPv6 and TCP/UDP protocol implementations rely on a quality
+  random number generator to produce unpredictable IP packet identifiers,
+  initial TCP sequence numbers and outgoing port numbers.  During the
+  first 300 seconds after booting, it may be easier for an attacker to
+  execute IP session hijacking, OS fingerprinting, idle scanning, or in
+  some cases DNS cache poisoning and blind TCP data injection attacks.
+
+* The kernel RPC code uses arc4random(9) to retrieve transaction
+  identifiers, which might make RPC clients vulnerable to hijacking
+  attacks.
+
+IV.  Workaround
+
+No workaround is available for affected systems.
+
+V.   Solution
+
+NOTE WELL: Any GEOM shsec providers which were created or written to
+during the first 300 seconds after booting should be re-created after
+applying this security update.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_0, or RELENG_6_3 security branch dated after the correction
+date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3 and
+7.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 7.x]
+# fetch http://security.FreeBSD.org/patches/SA-08:11/arc4random.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:11/arc4random.patch.asc
+
+[FreeBSD 6.x]
+# fetch http://security.FreeBSD.org/patches/SA-08:11/arc4random6x.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:11/arc4random6x.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/dev/random/randomdev.c                                 1.59.2.2
+  src/sys/dev/random/randomdev_soft.c                            1.11.2.3
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.2
+  src/sys/dev/random/randomdev.c                             1.59.2.1.8.2
+  src/sys/dev/random/randomdev_soft.c                        1.11.2.2.6.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.11
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.10
+  src/sys/dev/random/randomdev.c                             1.59.2.1.6.1
+  src/sys/dev/random/randomdev_soft.c                        1.11.2.2.4.1
+RELENG_7
+  src/sys/dev/random/randomdev.c                                 1.61.2.1
+  src/sys/dev/random/randomdev_soft.c                            1.15.2.1
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.10
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.10
+  src/sys/dev/random/randomdev.c                                 1.61.4.1
+  src/sys/dev/random/randomdev_soft.c                            1.15.4.1
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5162
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:11.arc4random.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkkq550ACgkQFdaIBMps37K3SwCfcj0iiFxH2tljR1N7/qhXWiW1
+N/cAoIjgcsh6sZG/upobud4TVme9QJPf
+=SKuK
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:12.ftpd.asc b/share/security/advisories/FreeBSD-SA-08:12.ftpd.asc
new file mode 100644
index 0000000000..b1609720b2
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:12.ftpd.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:12.ftpd                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Cross-site request forgery in ftpd(8)
+
+Category:       core
+Module:         ftpd
+Announced:      2008-12-23
+Credits:        Maksymilian Arciemowicz
+Affects:        All supported versions of FreeBSD.
+Corrected:      2008-12-23 01:23:09 UTC (RELENG_7, 7.1-PRERELEASE)
+                2008-12-23 01:23:09 UTC (RELENG_7_1, 7.1-RC2)
+                2008-12-23 01:23:09 UTC (RELENG_7_0, 7.0-RELEASE-p7)
+                2008-12-23 01:23:09 UTC (RELENG_6, 6.4-STABLE)
+                2008-12-23 01:23:09 UTC (RELENG_6_4, 6.4-RELEASE-p1)
+                2008-12-23 01:23:09 UTC (RELENG_6_3, 6.3-RELEASE-p7)
+CVE Name:       CVE-2008-4247
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+ftpd(8) is a general-purpose implementation of File Transfer Protocol (FTP)
+server that is shipped with the FreeBSD base system.  It is not enabled
+in default installations but can be enabled as either an inetd(8) server,
+or a standard-alone server.
+
+A cross-site request forgery attack is a type of malicious exploit that is
+mainly targeted to a web browser, by tricking a user trusted by the site
+into visiting a specially crafted URL, which in turn executes a command
+which performs some privileged operations on behalf of the trusted user
+on the victim site.
+
+II.  Problem Description
+
+The ftpd(8) server splits long commands into several requests.  This
+may result in the server executing a command which is hidden inside
+another very long command.
+
+III. Impact
+
+This could, with a specifically crafted command, be used in a
+cross-site request forgery attack.
+
+FreeBSD systems running ftpd(8) server could act as a point of privilege
+escalation in an attack against users using web browser to access trusted
+FTP sites.
+
+IV.  Workaround
+
+No workaround is available, but systems not running FTP servers are
+not vulnerable.  Systems not running the FreeBSD ftp(8) server are not
+affected, but users of other ftp daemons are advised to take care
+since several other ftp daemons are known to have related bugs.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.0, and 7.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-08:12/ftpd.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:12/ftpd.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/libexec/ftpd
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/libexec/ftpd/ftpcmd.y                                      1.64.2.3
+  src/libexec/ftpd/extern.h                                     1.19.14.1
+  src/libexec/ftpd/ftpd.c                                       1.206.2.4
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.4
+  src/sys/conf/newvers.sh                                   1.69.2.18.2.7
+  src/libexec/ftpd/ftpcmd.y                                  1.64.2.2.4.2
+  src/libexec/ftpd/extern.h                                     1.19.30.2
+  src/libexec/ftpd/ftpd.c                                   1.206.2.3.4.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.12
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.11
+  src/libexec/ftpd/ftpcmd.y                                  1.64.2.2.2.1
+  src/libexec/ftpd/extern.h                                     1.19.26.1
+  src/libexec/ftpd/ftpd.c                                   1.206.2.3.2.1
+RELENG_7
+  src/libexec/ftpd/ftpcmd.y                                      1.66.2.1
+  src/libexec/ftpd/extern.h                                     1.19.24.1
+  src/libexec/ftpd/ftpd.c                                       1.212.2.1
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.2
+  src/libexec/ftpd/ftpcmd.y                                      1.66.6.2
+  src/libexec/ftpd/extern.h                                     1.19.32.2
+  src/libexec/ftpd/ftpd.c                                       1.212.6.2
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.11
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.11
+  src/libexec/ftpd/ftpcmd.y                                      1.66.4.1
+  src/libexec/ftpd/extern.h                                     1.19.28.1
+  src/libexec/ftpd/ftpd.c                                       1.212.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r186405
+releng/6.4/                                                       r186405
+releng/6.3/                                                       r186405
+stable/7/                                                         r186405
+releng/7.1/                                                       r186405
+releng/7.0/                                                       r186405
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4247
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:12.ftpd.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAklQP8wACgkQFdaIBMps37ITvgCePP8oVI6cffvQu229Qg7eNshN
+A0kAn3A6kjr+QovEwOVKNzjow1aCtU8K
+=sDxD
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-08:13.protosw.asc b/share/security/advisories/FreeBSD-SA-08:13.protosw.asc
new file mode 100644
index 0000000000..ccb88d914c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-08:13.protosw.asc
@@ -0,0 +1,146 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-08:13.protosw                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          netgraph / bluetooth privilege escalation
+
+Category:       core
+Module:         sys_kern
+Announced:      2008-12-23
+Credits:        Christer Oberg
+Affects:        All FreeBSD releases
+Corrected:      2008-12-23 01:23:09 UTC (RELENG_7, 7.1-PRERELEASE)
+                2008-12-23 01:23:09 UTC (RELENG_7_1, 7.1-RC2)
+                2008-12-23 01:23:09 UTC (RELENG_7_0, 7.0-RELEASE-p7)
+                2008-12-23 01:23:09 UTC (RELENG_6, 6.4-STABLE)
+                2008-12-23 01:23:09 UTC (RELENG_6_4, 6.4-RELEASE-p1)
+                2008-12-23 01:23:09 UTC (RELENG_6_3, 6.3-RELEASE-p7)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The FreeBSD kernel provides support for a variety of different types of
+communications sockets, including IPv4, IPv6, ISDN, ATM, routing protocol,
+link-layer, netgraph(4), and bluetooth sockets.  As an early form of
+object-oriented design, much of the functionality specific to different
+types of sockets is abstracted via function pointers.
+
+II.  Problem Description
+
+Some function pointers for netgraph and bluetooth sockets are not
+properly initialized.
+
+III. Impact
+
+A local user can cause the FreeBSD kernel to execute arbitrary code.
+This could be used by an attacker directly; or it could be used to gain
+root privilege or to escape from a jail.
+
+IV.  Workaround
+
+No workaround is available, but systems without local untrusted users
+are not vulnerable.  Furthermore, systems are not vulnerable if they
+have neither the ng_socket nor ng_bluetooth kernel modules loaded or
+compiled into the kernel.
+
+Systems with the security.jail.socket_unixiproute_only sysctl set to
+1 (the default) are only vulnerable if they have local untrusted users
+outside of jails.
+
+If the command
+# kldstat -v | grep ng_
+produces no output, the system is not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+and 7.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 6.x]
+# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw6x.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw6x.patch.asc
+
+[FreeBSD 7.x]
+# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw.patch
+# fetch http://security.FreeBSD.org/patches/SA-08:13/protosw.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/kern/uipc_domain.c                                     1.44.2.4
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.4
+  src/sys/conf/newvers.sh                                   1.69.2.18.2.7
+  src/sys/kern/uipc_domain.c                                 1.44.2.3.6.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.12
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.11
+  src/sys/kern/uipc_domain.c                                 1.44.2.3.4.1
+RELENG_7
+  src/sys/kern/uipc_domain.c                                     1.51.2.2
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.2
+  src/sys/kern/uipc_domain.c                                 1.51.2.1.2.2
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.11
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.11
+  src/sys/kern/uipc_domain.c                                     1.51.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r186405
+releng/6.4/                                                       r186405
+releng/6.3/                                                       r186405
+stable/7/                                                         r186405
+releng/7.1/                                                       r186405
+releng/7.0/                                                       r186405
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-08:13.protosw.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAklQP9QACgkQFdaIBMps37KL2gCfRlQ7kTB24DYnDEGRUC+px4bX
+214AoJJrJjaeS6ITyk73AL/OK+rNAM4u
+=7qyU
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:01.lukemftpd.asc b/share/security/advisories/FreeBSD-SA-09:01.lukemftpd.asc
new file mode 100644
index 0000000000..2d7083dd06
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:01.lukemftpd.asc
@@ -0,0 +1,160 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:01.lukemftpd                                  Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Cross-site request forgery in lukemftpd(8)
+
+Category:       core
+Module:         lukemftpd
+Announced:      2009-01-07
+Credits:        Maksymilian Arciemowicz
+Affects:        All supported versions of FreeBSD.
+Corrected:      2009-01-07 20:17:55 UTC (RELENG_7, 7.1-STABLE)
+                2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1)
+                2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8)
+                2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE)
+                2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2)
+                2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8)
+CVE Name:       CVE-2008-4247
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+lukemftpd(8) is a general-purpose implementation of File Transfer Protocol
+(FTP) server that is shipped with the FreeBSD base system.  It is not enabled
+in default installations but can be enabled as either an inetd(8) server,
+or a standard-alone server.
+
+A cross-site request forgery attack is a type of malicious exploit that is
+mainly targeted to a web browser, by tricking a user trusted by the site
+into visiting a specially crafted URL, which in turn executes a command
+which performs some privileged operations on behalf of the trusted user
+on the victim site.
+
+II.  Problem Description
+
+The lukemftpd(8) server splits long commands into several requests.  This
+may result in the server executing a command which is hidden inside
+another very long command.
+
+III. Impact
+
+This could, with a specifically crafted command, be used in a
+cross-site request forgery attack.
+
+FreeBSD systems running lukemftpd(8) server could act as a point of privilege
+escalation in an attack against users using web browser to access trusted
+FTP sites.
+
+IV.  Workaround
+
+No workaround is available, but systems not running FTP servers are
+not vulnerable.  Systems not running the FreeBSD lukemftpd(8) server are not
+affected, but users of other ftp daemons are advised to take care since
+several other ftp daemons are known to have related bugs.
+
+NOTE WELL: lukemftpd(8) is a different implementation of an FTP server
+than ftpd(8).
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.0, and 7.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:01/lukemftpd.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:01/lukemftpd.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/libexec/lukemftpd
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/contrib/lukemftpd/src/ftpcmd.y                          1.1.1.5.2.2
+  src/contrib/lukemftpd/src/extern.h                          1.1.1.4.2.2
+  src/contrib/lukemftpd/src/ftpd.c                                1.4.2.2
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.5
+  src/sys/conf/newvers.sh                                   1.69.2.18.2.8
+  src/contrib/lukemftpd/src/ftpcmd.y                      1.1.1.5.2.1.6.1
+  src/contrib/lukemftpd/src/extern.h                      1.1.1.4.2.1.6.1
+  src/contrib/lukemftpd/src/ftpd.c                            1.4.2.1.6.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.13
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.12
+  src/contrib/lukemftpd/src/ftpcmd.y                      1.1.1.5.2.1.4.1
+  src/contrib/lukemftpd/src/extern.h                      1.1.1.4.2.1.4.1
+  src/contrib/lukemftpd/src/ftpd.c                            1.4.2.1.4.1
+RELENG_7
+  src/contrib/lukemftpd/src/ftpcmd.y                          1.1.1.6.2.1
+  src/contrib/lukemftpd/src/extern.h                          1.1.1.5.2.1
+  src/contrib/lukemftpd/src/ftpd.c                                1.5.2.1
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.4
+  src/sys/conf/newvers.sh                                    1.72.2.9.2.5
+  src/contrib/lukemftpd/src/ftpcmd.y                          1.1.1.6.6.1
+  src/contrib/lukemftpd/src/extern.h                          1.1.1.5.6.1
+  src/contrib/lukemftpd/src/ftpd.c                                1.5.6.2
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.12
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.12
+  src/contrib/lukemftpd/src/ftpcmd.y                          1.1.1.6.4.1
+  src/contrib/lukemftpd/src/extern.h                          1.1.1.5.4.1
+  src/contrib/lukemftpd/src/ftpd.c                                1.5.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r186872
+releng/6.4/                                                       r186872
+releng/6.3/                                                       r186872
+stable/7/                                                         r186872
+releng/7.1/                                                       r186872
+releng/7.0/                                                       r186872
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4247
+http://security.freebsd.org/advisories/FreeBSD-SA-08:12.ftpd.asc
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:01.lukemftpd.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQFJZR5UFdaIBMps37IRApUJAKCEGZggeEjPC67j5Tmxl2fEDJ9sIQCfTAKn
+vpOXC5jix3XiB7wxGKrvNJM=
+=qPEc
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:02.openssl.asc b/share/security/advisories/FreeBSD-SA-09:02.openssl.asc
new file mode 100644
index 0000000000..3bd71aeb30
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:02.openssl.asc
@@ -0,0 +1,201 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:02.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSL incorrectly checks for malformed signatures
+
+Category:       contrib
+Module:         openssl
+Announced:      2009-01-07
+Credits:        Google Security Team
+Affects:        All FreeBSD releases
+Corrected:      2009-01-07 21:03:41 UTC (RELENG_7, 7.1-STABLE)
+                2009-01-07 20:17:55 UTC (RELENG_7_1, 7.1-RELEASE-p1)
+                2009-01-07 20:17:55 UTC (RELENG_7_0, 7.0-RELEASE-p8)
+                2009-01-07 20:17:55 UTC (RELENG_6, 6.4-STABLE)
+                2009-01-07 20:17:55 UTC (RELENG_6_4, 6.4-RELEASE-p2)
+                2009-01-07 20:17:55 UTC (RELENG_6_3, 6.3-RELEASE-p8)
+CVE Name:       CVE-2008-5077
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+The EVP_VerifyFinal() function from OpenSSL is used to determine if a
+digital signature is valid.  The SSL layer in OpenSSL uses
+EVP_VerifyFinal(), which in several places checks the return value
+incorrectly and treats verification errors as a good signature.  This
+is only a problem for DSA and ECDSA keys.
+
+III. Impact
+
+For applications using OpenSSL for SSL connections, an invalid SSL
+certificate may be interpreted as valid.  This could for example be
+used by an attacker to perform a man-in-the-middle attack.
+
+Other applications which use the OpenSSL EVP API may similarly be
+affected.
+
+IV.  Workaround
+
+For a server an RSA signed certificate may be used instead of DSA or
+ECDSA based certificate.
+
+Note that Mozilla Firefox does not use OpenSSL and thus is not
+affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.0, and 7.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 7.x]
+# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl.patch.asc
+
+[FreeBSD 6.x]
+# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:02/openssl6.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/secure/lib/libssl
+# make obj && make depend && make && make install
+# cd /usr/src/secure/usr.bin/openssl
+# make obj && make depend && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/crypto/openssl/apps/speed.c                                1.13.2.1
+  src/crypto/openssl/apps/verify.c                           1.1.1.5.12.1
+  src/crypto/openssl/apps/x509.c                             1.1.1.10.2.1
+  src/crypto/openssl/apps/spkac.c                            1.1.1.4.12.1
+  src/crypto/openssl/ssl/s2_srvr.c                               1.12.2.1
+  src/crypto/openssl/ssl/s3_clnt.c                           1.1.1.12.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.14.2.2
+  src/crypto/openssl/ssl/s2_clnt.c                               1.13.2.2
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.5
+  src/sys/conf/newvers.sh                                   1.69.2.18.2.8
+  src/crypto/openssl/apps/speed.c                               1.13.12.1
+  src/crypto/openssl/apps/verify.c                           1.1.1.5.24.1
+  src/crypto/openssl/apps/x509.c                            1.1.1.10.12.1
+  src/crypto/openssl/apps/spkac.c                            1.1.1.4.24.1
+  src/crypto/openssl/ssl/s2_srvr.c                              1.12.12.1
+  src/crypto/openssl/ssl/s3_clnt.c                          1.1.1.12.12.1
+  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.14.2.1.6.1
+  src/crypto/openssl/ssl/s2_clnt.c                           1.13.2.1.6.1
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.13
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.12
+  src/crypto/openssl/apps/speed.c                               1.13.10.1
+  src/crypto/openssl/apps/verify.c                           1.1.1.5.22.1
+  src/crypto/openssl/apps/x509.c                            1.1.1.10.10.1
+  src/crypto/openssl/apps/spkac.c                            1.1.1.4.22.1
+  src/crypto/openssl/ssl/s2_srvr.c                              1.12.10.1
+  src/crypto/openssl/ssl/s3_clnt.c                          1.1.1.12.10.1
+  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.14.2.1.4.1
+  src/crypto/openssl/ssl/s2_clnt.c                           1.13.2.1.4.1
+RELENG_7
+  src/crypto/openssl/apps/speed.c                                1.15.2.1
+  src/crypto/openssl/apps/verify.c                            1.1.1.6.2.1
+  src/crypto/openssl/apps/x509.c                             1.1.1.11.2.1
+  src/crypto/openssl/apps/spkac.c                             1.1.1.5.2.1
+  src/crypto/openssl/ssl/s2_srvr.c                               1.13.2.1
+  src/crypto/openssl/ssl/s3_clnt.c                           1.1.1.14.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.2.1
+  src/crypto/openssl/ssl/ssltest.c                           1.1.1.10.2.1
+  src/crypto/openssl/ssl/s2_clnt.c                               1.15.2.1
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.4
+  src/sys/conf/newvers.sh                                    1.72.2.9.2.5
+  src/crypto/openssl/apps/speed.c                                1.15.6.1
+  src/crypto/openssl/apps/verify.c                            1.1.1.6.6.1
+  src/crypto/openssl/apps/x509.c                             1.1.1.11.6.1
+  src/crypto/openssl/apps/spkac.c                             1.1.1.5.6.1
+  src/crypto/openssl/ssl/s2_srvr.c                               1.13.6.1
+  src/crypto/openssl/ssl/s3_clnt.c                           1.1.1.14.6.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.6.1
+  src/crypto/openssl/ssl/ssltest.c                           1.1.1.10.6.1
+  src/crypto/openssl/ssl/s2_clnt.c                               1.15.6.1
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.12
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.12
+  src/crypto/openssl/apps/speed.c                                1.15.4.1
+  src/crypto/openssl/apps/verify.c                            1.1.1.6.4.1
+  src/crypto/openssl/apps/x509.c                             1.1.1.11.4.1
+  src/crypto/openssl/apps/spkac.c                             1.1.1.5.4.1
+  src/crypto/openssl/ssl/s2_srvr.c                               1.13.4.1
+  src/crypto/openssl/ssl/s3_clnt.c                           1.1.1.14.4.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.4.1
+  src/crypto/openssl/ssl/ssltest.c                           1.1.1.10.4.1
+  src/crypto/openssl/ssl/s2_clnt.c                               1.15.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r186873
+releng/6.4/                                                       r186872
+releng/6.3/                                                       r186872
+stable/7/                                                         r186872
+releng/7.1/                                                       r186872
+releng/7.0/                                                       r186872
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5077
+http://www.openssl.org/news/secadv_20090107.txt
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQFJZR5ZFdaIBMps37IRAofJAJ4lm2jGfsMo28c0W4zRkhZrKmttGwCgmdd9
+IvNUwk47W24SwhQAGH5+Ggw=
+=UHSl
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:03.ntpd.asc b/share/security/advisories/FreeBSD-SA-09:03.ntpd.asc
new file mode 100644
index 0000000000..cb1784b565
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:03.ntpd.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:03.ntpd                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          ntpd cryptographic signature bypass
+
+Category:       contrib
+Module:         ntpd
+Announced:      2009-01-13
+Credits:        Google Security Team
+Affects:        All FreeBSD releases
+Corrected:      2009-01-13 21:19:27 UTC (RELENG_7, 7.1-STABLE)
+                2009-01-13 21:19:27 UTC (RELENG_7_1, 7.1-RELEASE-p2)
+                2009-01-13 21:19:27 UTC (RELENG_7_0, 7.0-RELEASE-p9)
+                2009-01-13 21:19:27 UTC (RELENG_6, 6.4-STABLE)
+                2009-01-13 21:19:27 UTC (RELENG_6_4, 6.4-RELEASE-p3)
+                2009-01-13 21:19:27 UTC (RELENG_6_3, 6.3-RELEASE-p9)
+CVE Name:       CVE-2009-0021
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The ntpd daemon is an implementation of the Network Time Protocol
+(NTP) used to synchronize the time of a computer system to a reference
+time source.
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL
+Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography
+library.
+
+II.  Problem Description
+
+The EVP_VerifyFinal() function from OpenSSL is used to determine if a
+digital signature is valid.  When ntpd(8) is set to cryptographically
+authenticate NTP data it incorrectly checks the return value from
+EVP_VerifyFinal().
+
+III. Impact
+
+An attacker which can send NTP packets to ntpd, which uses
+cryptographic authentication of NTP data, may be able to inject
+malicious time data causing the system clock to be set incorrectly.
+
+IV.  Workaround
+
+Use IP based restrictions in ntpd itself or in IP firewalls to
+restrict which systems can send NTP packets to ntpd.
+
+NOTE WELL: If ntpd is not explicitly set to use cryptographic
+authentication of NTP data the setup is not vulnerable to the issue
+as described in this Security Advisory.
+
+V.   Solution
+
+NOTE WELL: Due to an error in building the updates, this fix is not
+available via freebsd-update at the time of this advisory.  We expect
+that this will be fixed within the next 48 hours.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.0, and 7.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 6.4 and 7.1]
+# fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd.patch.asc
+
+[FreeBSD 6.3 and 7.0]
+# fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd63.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:03/ntpd63.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/ntp/ntpd
+# make obj && make depend && make && make install
+# /etc/rc.d/ntpd restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/contrib/ntp/ntpd/ntp_crypto.c                           1.1.1.3.8.2
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.6
+  src/sys/conf/newvers.sh                                   1.69.2.18.2.9
+  src/contrib/ntp/ntpd/ntp_crypto.c                       1.1.1.3.8.1.2.1
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.14
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.13
+  src/contrib/ntp/ntpd/ntp_crypto.c                          1.1.1.3.20.1
+RELENG_7
+  src/contrib/ntp/ntpd/ntp_crypto.c                          1.1.1.3.18.2
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.5
+  src/sys/conf/newvers.sh                                    1.72.2.9.2.6
+  src/contrib/ntp/ntpd/ntp_crypto.c                      1.1.1.3.18.1.2.1
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.13
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.13
+  src/contrib/ntp/ntpd/ntp_crypto.c                          1.1.1.3.22.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r187194
+releng/6.4/                                                       r187194
+releng/6.3/                                                       r187194
+stable/7/                                                         r187194
+releng/7.1/                                                       r187194
+releng/7.0/                                                       r187194
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0021
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:03.ntpd.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQFJbRUfFdaIBMps37IRAqdjAJ42YSH0bjaAJBEVyMM7/em/tu0xUQCfVPrs
+IrH0Qxo4slvboQHsy1PbkN4=
+=Q4rn
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:04.bind.asc b/share/security/advisories/FreeBSD-SA-09:04.bind.asc
new file mode 100644
index 0000000000..a73bdb56e8
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:04.bind.asc
@@ -0,0 +1,452 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:04.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          BIND DNSSEC incorrect checks for malformed signatures
+
+Category:       contrib
+Module:         bind
+Announced:      2009-01-13
+Credits:        Google Security Team
+Affects:        All supported FreeBSD versions
+Corrected:      2009-01-10 03:00:21 UTC (RELENG_7, 7.1-STABLE)
+                2009-01-13 21:19:27 UTC (RELENG_7_1, 7.1-RELEASE-p2)
+                2009-01-13 21:19:27 UTC (RELENG_7_0, 7.0-RELEASE-p9)
+                2009-01-10 04:30:27 UTC (RELENG_6, 6.4-STABLE)
+                2009-01-13 21:19:27 UTC (RELENG_6_4, 6.4-RELEASE-p3)
+                2009-01-13 21:19:27 UTC (RELENG_6_3, 6.3-RELEASE-p9)
+CVE Name:       CVE-2009-0025
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.  DNS Security
+Extensions (DNSSEC) are additional protocol options that add
+authentication as part of responses to DNS queries.
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL
+Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured Open Source toolkit implementing the
+Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1)
+protocols as well as a full-strength general purpose cryptography
+library.
+
+II.  Problem Description
+
+The DSA_do_verify() function from OpenSSL is used to determine if a
+DSA digital signature is valid.  When DNSSEC is used within BIND it
+uses DSA_do_verify() to verify DSA signatures, but checks the function
+return value incorrectly.
+
+III. Impact
+
+It is in theory possible to spoof a DNS reply even though DNSSEC
+is set up to validate answers.  This could be used by an attacker for
+man-in-the-middle or other spoofing attacks.
+
+IV.  Workaround
+
+Disable the the DSA algorithm in named.conf.  This will cause answers
+from zones signed only with DSA to be treated as insecure.  Add the
+following to the options section of named.conf:
+
+	disable-algorithms . { DSA; };
+
+NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup is
+not vulnerable to the issue as described in this Security Advisory.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.0, and 7.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:04/bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+# /etc/rc.d/named restart
+
+c) Install and use a fixed version of BIND from the FreeBSD Ports
+Collection.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/contrib/bind9/CHANGES                                  1.1.1.3.2.10
+  src/contrib/bind9/FAQ                                       1.1.1.2.2.5
+  src/contrib/bind9/FAQ.xml                                   1.1.1.1.2.5
+  src/contrib/bind9/README                                    1.1.1.2.2.6
+  src/contrib/bind9/aclocal.m4                                    1.1.4.1
+  src/contrib/bind9/bin/dig/dig.1                             1.1.1.1.4.4
+  src/contrib/bind9/bin/dig/dig.c                             1.1.1.2.2.4
+  src/contrib/bind9/bin/dig/dig.docbook                       1.1.1.1.4.3
+  src/contrib/bind9/bin/dig/dig.html                          1.1.1.1.4.4
+  src/contrib/bind9/bin/dig/dighost.c                         1.1.1.2.2.5
+  src/contrib/bind9/bin/dig/host.1                            1.1.1.1.4.4
+  src/contrib/bind9/bin/dig/host.docbook                      1.1.1.1.4.3
+  src/contrib/bind9/bin/dig/host.html                         1.1.1.1.4.4
+  src/contrib/bind9/bin/dnssec/dnssec-keygen.8                1.1.1.1.4.4
+  src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook          1.1.1.1.4.3
+  src/contrib/bind9/bin/dnssec/dnssec-keygen.html             1.1.1.1.4.4
+  src/contrib/bind9/bin/dnssec/dnssec-signzone.8              1.1.1.1.4.4
+  src/contrib/bind9/bin/dnssec/dnssec-signzone.c              1.1.1.2.2.4
+  src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook        1.1.1.1.4.3
+  src/contrib/bind9/bin/dnssec/dnssec-signzone.html           1.1.1.1.4.4
+  src/contrib/bind9/bin/named/client.c                        1.1.1.2.2.7
+  src/contrib/bind9/bin/named/config.c                        1.1.1.2.2.4
+  src/contrib/bind9/bin/named/controlconf.c                   1.1.1.1.4.4
+  src/contrib/bind9/bin/named/include/named/globals.h         1.1.1.1.4.2
+  src/contrib/bind9/bin/named/interfacemgr.c                  1.1.1.1.4.4
+  src/contrib/bind9/bin/named/lwresd.8                        1.1.1.1.4.4
+  src/contrib/bind9/bin/named/lwresd.c                        1.1.1.1.4.3
+  src/contrib/bind9/bin/named/lwresd.docbook                  1.1.1.1.4.3
+  src/contrib/bind9/bin/named/lwresd.html                     1.1.1.1.4.4
+  src/contrib/bind9/bin/named/main.c                          1.1.1.2.2.3
+  src/contrib/bind9/bin/named/named.8                         1.1.1.1.4.4
+  src/contrib/bind9/bin/named/named.conf.5                    1.1.1.2.2.4
+  src/contrib/bind9/bin/named/named.conf.docbook              1.1.1.2.2.5
+  src/contrib/bind9/bin/named/named.conf.html                 1.1.1.2.2.4
+  src/contrib/bind9/bin/named/named.docbook                   1.1.1.1.4.4
+  src/contrib/bind9/bin/named/named.html                      1.1.1.1.4.4
+  src/contrib/bind9/bin/named/query.c                         1.1.1.1.4.6
+  src/contrib/bind9/bin/named/server.c                        1.1.1.2.2.6
+  src/contrib/bind9/bin/named/unix/include/named/os.h         1.1.1.2.2.2
+  src/contrib/bind9/bin/named/unix/os.c                       1.1.1.2.2.4
+  src/contrib/bind9/bin/named/update.c                        1.1.1.2.2.4
+  src/contrib/bind9/bin/nsupdate/Makefile.in                  1.1.1.1.4.2
+  src/contrib/bind9/bin/nsupdate/nsupdate.1                       1.1.4.1
+  src/contrib/bind9/bin/nsupdate/nsupdate.8                   1.1.1.1.4.4
+  src/contrib/bind9/bin/nsupdate/nsupdate.docbook             1.1.1.1.4.3
+  src/contrib/bind9/bin/nsupdate/nsupdate.html                1.1.1.1.4.4
+  src/contrib/bind9/bin/rndc/rndc-confgen.c                   1.1.1.2.2.1
+  src/contrib/bind9/bin/rndc/rndc.c                           1.1.1.3.2.3
+  src/contrib/bind9/config.h.in                                   1.1.4.1
+  src/contrib/bind9/configure.in                              1.1.1.2.2.6
+  src/contrib/bind9/lib/bind/aclocal.m4                       1.1.1.2.2.2
+  src/contrib/bind9/lib/bind/api                              1.1.1.2.2.4
+  src/contrib/bind9/lib/bind/bsd/Makefile.in                  1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/bsd/strerror.c                   1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/bsd/strtoul.c                    1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/config.h.in                      1.1.1.2.2.4
+  src/contrib/bind9/lib/bind/configure.in                     1.1.1.2.2.5
+  src/contrib/bind9/lib/bind/dst/Makefile.in                  1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/dst/dst_api.c                    1.1.1.2.2.4
+  src/contrib/bind9/lib/bind/dst/hmac_link.c                  1.1.1.1.4.4
+  src/contrib/bind9/lib/bind/dst/support.c                    1.1.1.1.4.2
+  src/contrib/bind9/lib/bind/include/arpa/nameser.h           1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/include/isc/assertions.h         1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/include/isc/misc.h               1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/include/resolv.h                 1.1.1.1.4.2
+  src/contrib/bind9/lib/bind/inet/Makefile.in                 1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/inet/inet_net_pton.c             1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/irs/Makefile.in                  1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/irs/dns_ho.c                     1.1.1.1.4.4
+  src/contrib/bind9/lib/bind/irs/irp.c                        1.1.1.1.4.2
+  src/contrib/bind9/lib/bind/isc/Makefile.in                  1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/isc/assertions.c                 1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/isc/bitncmp.c                    1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/isc/ctl_clnt.c                   1.1.1.1.4.2
+  src/contrib/bind9/lib/bind/isc/ctl_srvr.c                   1.1.1.1.4.2
+  src/contrib/bind9/lib/bind/nameser/Makefile.in              1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/port_after.h.in                  1.1.1.2.2.4
+  src/contrib/bind9/lib/bind/resolv/Makefile.in               1.1.1.1.4.2
+  src/contrib/bind9/lib/bind/resolv/res_debug.c               1.1.1.1.4.2
+  src/contrib/bind9/lib/bind/resolv/res_mkquery.c             1.1.1.1.4.1
+  src/contrib/bind9/lib/bind/resolv/res_query.c               1.1.1.1.4.1
+  src/contrib/bind9/lib/bind9/api                             1.1.1.2.2.4
+  src/contrib/bind9/lib/bind9/check.c                         1.1.1.2.2.4
+  src/contrib/bind9/lib/dns/adb.c                             1.1.1.2.2.4
+  src/contrib/bind9/lib/dns/api                               1.1.1.2.2.7
+  src/contrib/bind9/lib/dns/cache.c                           1.1.1.1.4.3
+  src/contrib/bind9/lib/dns/dispatch.c                        1.1.1.1.4.6
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h            1.1.1.1.4.5
+  src/contrib/bind9/lib/dns/journal.c                         1.1.1.2.2.3
+  src/contrib/bind9/lib/dns/masterdump.c                      1.1.1.1.4.2
+  src/contrib/bind9/lib/dns/message.c                         1.1.1.1.4.5
+  src/contrib/bind9/lib/dns/openssldsa_link.c                 1.1.1.1.4.3
+  src/contrib/bind9/lib/dns/opensslrsa_link.c                 1.1.1.1.4.3
+  src/contrib/bind9/lib/dns/rbt.c                             1.1.1.2.2.3
+  src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c           1.1.1.1.4.1
+  src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h           1.1.1.1.4.1
+  src/contrib/bind9/lib/dns/rdata/generic/txt_16.c            1.1.1.1.4.2
+  src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c             1.1.1.1.4.1
+  src/contrib/bind9/lib/dns/request.c                         1.1.1.1.4.4
+  src/contrib/bind9/lib/dns/resolver.c                       1.1.1.2.2.10
+  src/contrib/bind9/lib/dns/validator.c                       1.1.1.2.2.5
+  src/contrib/bind9/lib/dns/view.c                            1.1.1.1.4.2
+  src/contrib/bind9/lib/dns/xfrin.c                           1.1.1.2.2.5
+  src/contrib/bind9/lib/isc/Makefile.in                       1.1.1.1.4.1
+  src/contrib/bind9/lib/isc/api                               1.1.1.2.2.5
+  src/contrib/bind9/lib/isc/assertions.c                      1.1.1.1.4.1
+  src/contrib/bind9/lib/isc/include/isc/assertions.h          1.1.1.1.4.1
+  src/contrib/bind9/lib/isc/include/isc/mem.h                 1.1.1.2.2.2
+  src/contrib/bind9/lib/isc/include/isc/msgs.h                1.1.1.1.4.1
+  src/contrib/bind9/lib/isc/include/isc/platform.h.in         1.1.1.1.4.2
+  src/contrib/bind9/lib/isc/include/isc/portset.h                 1.1.4.1
+  src/contrib/bind9/lib/isc/include/isc/resource.h            1.1.1.1.4.2
+  src/contrib/bind9/lib/isc/include/isc/socket.h              1.1.1.1.4.3
+  src/contrib/bind9/lib/isc/include/isc/timer.h               1.1.1.1.4.4
+  src/contrib/bind9/lib/isc/include/isc/types.h               1.1.1.1.4.1
+  src/contrib/bind9/lib/isc/mem.c                             1.1.1.1.4.3
+  src/contrib/bind9/lib/isc/portset.c                             1.1.4.1
+  src/contrib/bind9/lib/isc/print.c                           1.1.1.1.4.2
+  src/contrib/bind9/lib/isc/pthreads/mutex.c                  1.1.1.1.4.3
+  src/contrib/bind9/lib/isc/timer.c                           1.1.1.1.4.5
+  src/contrib/bind9/lib/isc/unix/app.c                        1.1.1.1.4.3
+  src/contrib/bind9/lib/isc/unix/include/isc/net.h            1.1.1.1.4.1
+  src/contrib/bind9/lib/isc/unix/net.c                        1.1.1.1.4.3
+  src/contrib/bind9/lib/isc/unix/resource.c                   1.1.1.1.4.3
+  src/contrib/bind9/lib/isc/unix/socket.c                     1.1.1.2.2.5
+  src/contrib/bind9/lib/isc/unix/socket_p.h                   1.1.1.1.4.2
+  src/contrib/bind9/lib/isc/unix/time.c                       1.1.1.1.4.1
+  src/contrib/bind9/lib/isccfg/api                            1.1.1.2.2.4
+  src/contrib/bind9/lib/isccfg/namedconf.c                    1.1.1.2.2.5
+  src/contrib/bind9/version                                  1.1.1.3.2.10
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.6
+  src/sys/conf/newvers.sh                                   1.69.2.18.2.9
+  src/contrib/bind9/lib/dns/opensslrsa_link.c             1.1.1.1.4.2.4.1
+  src/contrib/bind9/lib/dns/openssldsa_link.c             1.1.1.1.4.2.2.1
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.14
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.13
+  src/contrib/bind9/lib/dns/opensslrsa_link.c             1.1.1.1.4.2.2.1
+  src/contrib/bind9/lib/dns/openssldsa_link.c             1.1.1.1.4.1.2.1
+RELENG_7
+  src/contrib/bind9/CHANGES                                  1.1.1.10.2.4
+  src/contrib/bind9/COPYRIGHT                                 1.1.1.4.2.3
+  src/contrib/bind9/FAQ                                       1.1.1.6.2.2
+  src/contrib/bind9/FAQ.xml                                   1.1.1.4.2.2
+  src/contrib/bind9/README                                    1.1.1.7.2.2
+  src/contrib/bind9/aclocal.m4                                    1.1.2.1
+  src/contrib/bind9/bin/check/check-tool.c                    1.1.1.3.2.2
+  src/contrib/bind9/bin/check/named-checkconf.c               1.1.1.4.2.1
+  src/contrib/bind9/bin/check/named-checkzone.c               1.1.1.3.2.2
+  src/contrib/bind9/bin/dig/dig.1                             1.1.1.4.2.2
+  src/contrib/bind9/bin/dig/dig.c                             1.1.1.5.2.2
+  src/contrib/bind9/bin/dig/dig.docbook                       1.1.1.3.2.2
+  src/contrib/bind9/bin/dig/dig.html                          1.1.1.4.2.2
+  src/contrib/bind9/bin/dig/dighost.c                         1.1.1.5.2.3
+  src/contrib/bind9/bin/dig/host.1                            1.1.1.4.2.2
+  src/contrib/bind9/bin/dig/host.docbook                      1.1.1.3.2.2
+  src/contrib/bind9/bin/dig/host.html                         1.1.1.4.2.2
+  src/contrib/bind9/bin/dnssec/dnssec-keygen.8                1.1.1.4.2.2
+  src/contrib/bind9/bin/dnssec/dnssec-keygen.docbook          1.1.1.3.2.2
+  src/contrib/bind9/bin/dnssec/dnssec-keygen.html             1.1.1.4.2.2
+  src/contrib/bind9/bin/dnssec/dnssec-signzone.8              1.1.1.4.2.2
+  src/contrib/bind9/bin/dnssec/dnssec-signzone.c              1.1.1.5.2.2
+  src/contrib/bind9/bin/dnssec/dnssec-signzone.docbook        1.1.1.3.2.2
+  src/contrib/bind9/bin/dnssec/dnssec-signzone.html           1.1.1.4.2.2
+  src/contrib/bind9/bin/named/client.c                        1.1.1.6.2.4
+  src/contrib/bind9/bin/named/config.c                        1.1.1.4.2.3
+  src/contrib/bind9/bin/named/controlconf.c                   1.1.1.3.2.2
+  src/contrib/bind9/bin/named/include/named/globals.h         1.1.1.3.2.1
+  src/contrib/bind9/bin/named/interfacemgr.c                  1.1.1.3.2.2
+  src/contrib/bind9/bin/named/lwaddr.c                        1.1.1.2.2.1
+  src/contrib/bind9/bin/named/lwdgnba.c                       1.1.1.2.2.1
+  src/contrib/bind9/bin/named/lwdnoop.c                       1.1.1.2.2.1
+  src/contrib/bind9/bin/named/lwresd.8                        1.1.1.4.2.2
+  src/contrib/bind9/bin/named/lwresd.c                        1.1.1.3.2.2
+  src/contrib/bind9/bin/named/lwresd.docbook                  1.1.1.3.2.2
+  src/contrib/bind9/bin/named/lwresd.html                     1.1.1.4.2.2
+  src/contrib/bind9/bin/named/main.c                          1.1.1.5.2.1
+  src/contrib/bind9/bin/named/named.8                         1.1.1.4.2.2
+  src/contrib/bind9/bin/named/named.conf.5                    1.1.1.5.2.2
+  src/contrib/bind9/bin/named/named.conf.docbook              1.1.1.5.2.3
+  src/contrib/bind9/bin/named/named.conf.html                 1.1.1.5.2.2
+  src/contrib/bind9/bin/named/named.docbook                   1.1.1.4.2.2
+  src/contrib/bind9/bin/named/named.html                      1.1.1.4.2.2
+  src/contrib/bind9/bin/named/query.c                         1.1.1.6.2.2
+  src/contrib/bind9/bin/named/server.c                        1.1.1.6.2.4
+  src/contrib/bind9/bin/named/unix/include/named/os.h         1.1.1.3.2.1
+  src/contrib/bind9/bin/named/unix/os.c                       1.1.1.5.2.1
+  src/contrib/bind9/bin/named/update.c                        1.1.1.5.2.2
+  src/contrib/bind9/bin/nsupdate/Makefile.in                  1.1.1.2.2.1
+  src/contrib/bind9/bin/nsupdate/nsupdate.1                       1.1.2.1
+  src/contrib/bind9/bin/nsupdate/nsupdate.8                   1.1.1.4.2.2
+  src/contrib/bind9/bin/nsupdate/nsupdate.c                   1.1.1.5.2.2
+  src/contrib/bind9/bin/nsupdate/nsupdate.docbook             1.1.1.3.2.2
+  src/contrib/bind9/bin/nsupdate/nsupdate.html                1.1.1.4.2.2
+  src/contrib/bind9/bin/rndc/rndc-confgen.c                   1.1.1.3.2.1
+  src/contrib/bind9/bin/rndc/rndc.8                           1.1.1.4.2.2
+  src/contrib/bind9/bin/rndc/rndc.c                           1.1.1.6.2.2
+  src/contrib/bind9/bin/rndc/rndc.docbook                     1.1.1.3.2.2
+  src/contrib/bind9/bin/rndc/rndc.html                        1.1.1.4.2.2
+  src/contrib/bind9/config.h.in                                   1.1.2.1
+  src/contrib/bind9/configure.in                              1.1.1.6.2.3
+  src/contrib/bind9/lib/bind/aclocal.m4                      1.1.1.2.10.2
+  src/contrib/bind9/lib/bind/api                              1.1.1.5.2.2
+  src/contrib/bind9/lib/bind/bsd/Makefile.in                  1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/bsd/strerror.c                   1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/bsd/strtoul.c                    1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/config.h.in                      1.1.1.4.2.3
+  src/contrib/bind9/lib/bind/configure.in                     1.1.1.5.2.3
+  src/contrib/bind9/lib/bind/dst/Makefile.in                  1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/dst/dst_api.c                    1.1.1.5.2.2
+  src/contrib/bind9/lib/bind/dst/hmac_link.c                  1.1.1.4.2.2
+  src/contrib/bind9/lib/bind/dst/support.c                    1.1.1.3.2.1
+  src/contrib/bind9/lib/bind/include/Makefile.in              1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/include/arpa/nameser.h           1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/include/isc/assertions.h         1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/include/isc/eventlib.h           1.1.1.3.2.1
+  src/contrib/bind9/lib/bind/include/isc/misc.h               1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/include/isc/platform.h.in            1.2.2.1
+  src/contrib/bind9/lib/bind/include/netdb.h                  1.1.1.4.2.1
+  src/contrib/bind9/lib/bind/include/resolv.h                 1.1.1.3.2.1
+  src/contrib/bind9/lib/bind/inet/Makefile.in                 1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/inet/inet_net_pton.c             1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/inet/inet_network.c              1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/irs/Makefile.in                  1.1.1.3.2.1
+  src/contrib/bind9/lib/bind/irs/dns_ho.c                     1.1.1.4.2.1
+  src/contrib/bind9/lib/bind/irs/getnetgrent.c                1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/irs/getnetgrent_r.c              1.1.1.4.2.1
+  src/contrib/bind9/lib/bind/irs/irp.c                        1.1.1.3.2.1
+  src/contrib/bind9/lib/bind/isc/Makefile.in                  1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/isc/assertions.c                 1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/isc/bitncmp.c                    1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/isc/ctl_clnt.c                   1.1.1.2.2.2
+  src/contrib/bind9/lib/bind/isc/ctl_srvr.c                   1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/isc/logging.c                    1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/nameser/Makefile.in              1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/port_after.h.in                  1.1.1.4.2.1
+  src/contrib/bind9/lib/bind/port_before.h.in                 1.1.1.4.2.2
+  src/contrib/bind9/lib/bind/resolv/Makefile.in               1.1.1.3.2.1
+  src/contrib/bind9/lib/bind/resolv/res_debug.c               1.1.1.3.2.1
+  src/contrib/bind9/lib/bind/resolv/res_mkquery.c             1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/resolv/res_query.c               1.1.1.2.2.1
+  src/contrib/bind9/lib/bind/resolv/res_send.c                1.1.1.4.2.1
+  src/contrib/bind9/lib/bind9/api                             1.1.1.5.2.2
+  src/contrib/bind9/lib/bind9/check.c                         1.1.1.5.2.4
+  src/contrib/bind9/lib/dns/acache.c                          1.1.1.1.2.1
+  src/contrib/bind9/lib/dns/adb.c                             1.1.1.5.2.2
+  src/contrib/bind9/lib/dns/api                               1.1.1.6.2.4
+  src/contrib/bind9/lib/dns/cache.c                           1.1.1.4.2.1
+  src/contrib/bind9/lib/dns/dispatch.c                        1.1.1.4.2.4
+  src/contrib/bind9/lib/dns/dst_parse.c                       1.1.1.2.2.1
+  src/contrib/bind9/lib/dns/dst_parse.h                       1.1.1.2.2.1
+  src/contrib/bind9/lib/dns/include/dns/dispatch.h            1.1.1.3.2.4
+  src/contrib/bind9/lib/dns/journal.c                         1.1.1.4.2.2
+  src/contrib/bind9/lib/dns/master.c                          1.1.1.2.2.2
+  src/contrib/bind9/lib/dns/masterdump.c                      1.1.1.3.2.1
+  src/contrib/bind9/lib/dns/message.c                         1.1.1.4.2.2
+  src/contrib/bind9/lib/dns/openssldsa_link.c                 1.1.1.3.2.2
+  src/contrib/bind9/lib/dns/opensslrsa_link.c                 1.1.1.4.2.1
+  src/contrib/bind9/lib/dns/rbt.c                             1.1.1.4.2.1
+  src/contrib/bind9/lib/dns/rbtdb.c                           1.1.1.4.2.2
+  src/contrib/bind9/lib/dns/rdata/generic/nsec_47.c           1.1.1.2.2.1
+  src/contrib/bind9/lib/dns/rdata/generic/nsec_47.h           1.1.1.2.2.1
+  src/contrib/bind9/lib/dns/rdata/generic/txt_16.c            1.1.1.2.2.1
+  src/contrib/bind9/lib/dns/rdata/in_1/apl_42.c               1.1.1.2.2.1
+  src/contrib/bind9/lib/dns/rdata/in_1/naptr_35.c             1.1.1.2.2.1
+  src/contrib/bind9/lib/dns/request.c                         1.1.1.3.2.2
+  src/contrib/bind9/lib/dns/resolver.c                        1.1.1.9.2.4
+  src/contrib/bind9/lib/dns/rootns.c                          1.1.1.2.2.2
+  src/contrib/bind9/lib/dns/sdb.c                             1.1.1.2.2.2
+  src/contrib/bind9/lib/dns/tkey.c                            1.1.1.4.2.1
+  src/contrib/bind9/lib/dns/tsig.c                            1.1.1.4.2.2
+  src/contrib/bind9/lib/dns/validator.c                       1.1.1.6.2.2
+  src/contrib/bind9/lib/dns/view.c                            1.1.1.2.2.2
+  src/contrib/bind9/lib/dns/xfrin.c                           1.1.1.5.2.3
+  src/contrib/bind9/lib/dns/zone.c                            1.1.1.5.2.2
+  src/contrib/bind9/lib/isc/Makefile.in                       1.1.1.2.2.2
+  src/contrib/bind9/lib/isc/api                               1.1.1.5.2.3
+  src/contrib/bind9/lib/isc/assertions.c                      1.1.1.2.2.1
+  src/contrib/bind9/lib/isc/include/isc/assertions.h          1.1.1.2.2.1
+  src/contrib/bind9/lib/isc/include/isc/lex.h                 1.1.1.2.2.1
+  src/contrib/bind9/lib/isc/include/isc/mem.h                 1.1.1.3.2.1
+  src/contrib/bind9/lib/isc/include/isc/msgs.h                1.1.1.2.2.1
+  src/contrib/bind9/lib/isc/include/isc/platform.h.in         1.1.1.2.2.2
+  src/contrib/bind9/lib/isc/include/isc/portset.h                 1.1.2.1
+  src/contrib/bind9/lib/isc/include/isc/resource.h            1.1.1.2.2.2
+  src/contrib/bind9/lib/isc/include/isc/socket.h              1.1.1.2.2.2
+  src/contrib/bind9/lib/isc/include/isc/timer.h               1.1.1.3.2.2
+  src/contrib/bind9/lib/isc/include/isc/types.h               1.1.1.2.2.1
+  src/contrib/bind9/lib/isc/mem.c                             1.1.1.3.2.2
+  src/contrib/bind9/lib/isc/portset.c                             1.1.2.1
+  src/contrib/bind9/lib/isc/print.c                           1.1.1.3.2.1
+  src/contrib/bind9/lib/isc/pthreads/mutex.c                  1.1.1.3.2.1
+  src/contrib/bind9/lib/isc/timer.c                           1.1.1.4.2.3
+  src/contrib/bind9/lib/isc/unix/app.c                        1.1.1.2.2.2
+  src/contrib/bind9/lib/isc/unix/include/isc/net.h            1.1.1.2.2.1
+  src/contrib/bind9/lib/isc/unix/net.c                        1.1.1.3.2.2
+  src/contrib/bind9/lib/isc/unix/resource.c                   1.1.1.2.2.2
+  src/contrib/bind9/lib/isc/unix/socket.c                     1.1.1.5.2.3
+  src/contrib/bind9/lib/isc/unix/socket_p.h                   1.1.1.2.2.2
+  src/contrib/bind9/lib/isc/unix/time.c                       1.1.1.2.2.1
+  src/contrib/bind9/lib/isccfg/api                            1.1.1.4.2.3
+  src/contrib/bind9/lib/isccfg/namedconf.c                    1.1.1.5.2.2
+  src/contrib/bind9/lib/lwres/api                             1.1.1.5.2.2
+  src/contrib/bind9/make/rules.in                             1.1.1.4.2.2
+  src/contrib/bind9/version                                  1.1.1.10.2.4
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.5
+  src/sys/conf/newvers.sh                                    1.72.2.9.2.6
+  src/contrib/bind9/lib/dns/opensslrsa_link.c                 1.1.1.4.6.1
+  src/contrib/bind9/lib/dns/openssldsa_link.c             1.1.1.3.2.1.4.1
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.13
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.13
+  src/contrib/bind9/lib/dns/opensslrsa_link.c                 1.1.1.4.4.1
+  src/contrib/bind9/lib/dns/openssldsa_link.c             1.1.1.3.2.1.2.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r187002
+releng/6.4/                                                       r187194
+releng/6.3/                                                       r187194
+stable/7/                                                         r186997
+releng/7.1/                                                       r187194
+releng/7.0/                                                       r187194
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0025
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:02.openssl.asc
+https://www.isc.org/node/373
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:04.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQFJbRUmFdaIBMps37IRAonEAJsFQFtZGTz6tXFc5TSRMLhB1hxb6QCeI0Pd
+ZFPKsX8/XspOTzRWA1h3QPk=
+=dpqG
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:05.telnetd.asc b/share/security/advisories/FreeBSD-SA-09:05.telnetd.asc
new file mode 100644
index 0000000000..db18b8c247
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:05.telnetd.asc
@@ -0,0 +1,124 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:05.telnetd                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          telnetd code execution vulnerability
+
+Category:       core
+Module:         contrib
+Announced:      2009-02-16
+Affects:        FreeBSD 7.x
+Corrected:      2009-02-16 21:56:17 UTC (RELENG_7, 7.1-STABLE)
+                2009-02-16 21:56:17 UTC (RELENG_7_1, 7.1-RELEASE-p3)
+                2009-02-16 21:56:17 UTC (RELENG_7_0, 7.0-RELEASE-p10)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The FreeBSD telnet daemon, telnetd(8), implements the server side of the
+TELNET virtual terminal protocol.  It has been disabled by default in
+FreeBSD since August 2001, and due to the lack of cryptographic security
+in the TELNET protocol, it is strongly recommended that the SSH protocol
+be used instead.  The FreeBSD telnet daemon can be enabled via the
+/etc/inetd.conf configuration file and the inetd(8) daemon.
+
+The TELNET protocol allows a connecting client to specify environment
+variables which should be set in any created login session; this is used,
+for example, to specify terminal settings.
+
+II.  Problem Description
+
+In order to prevent environment variable based attacks, telnetd(8) "scrubs"
+its environment; however, recent changes in FreeBSD's environment-handling
+code rendered telnetd's scrubbing inoperative, thereby allowing potentially
+harmful environment variables to be set.
+
+III. Impact
+
+An attacker who can place a specially-constructed file onto a target system
+(either by legitimately logging into the system or by exploiting some other
+service on the system) can execute arbitrary code with the privileges of
+the user running the telnet daemon (usually root).
+
+IV.  Workaround
+
+No workaround is available, but systems which are not running the telnet
+daemon are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1 or
+RELENG_7_0 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 7.0 and 7.1
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:05/telnetd.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:05/telnetd.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libtelnet
+# make obj && make depend && make
+# cd /usr/src/libexec/telnetd
+# make obj && make depend && make && make install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/contrib/telnet/telnetd/sys_term.c                         1.18.22.1
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.6
+  src/sys/conf/newvers.sh                                    1.72.2.9.2.7
+  src/contrib/telnet/telnetd/sys_term.c                         1.18.30.2
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.14
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.14
+  src/contrib/telnet/telnetd/sys_term.c                         1.18.26.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r188699
+releng/7.1/                                                       r188699
+releng/7.0/                                                       r188699
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://lists.grok.org.uk/pipermail/full-disclosure/2009-February/067954.html
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:05.telnetd.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkmZ5xkACgkQFdaIBMps37L1/gCgid6+mQr/h3kHKq6bUL8TW+St
+TBUAoIFSFbE0PsTtt1nrwlSAZwvvDL0s
+=y6p4
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:06.ktimer.asc b/share/security/advisories/FreeBSD-SA-09:06.ktimer.asc
new file mode 100644
index 0000000000..c5e5319508
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:06.ktimer.asc
@@ -0,0 +1,117 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:06.ktimer                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Local privilege escalation
+
+Category:       core
+Module:         kern
+Announced:      2009-03-23
+Affects:        FreeBSD 7.x
+Corrected:      2009-03-23 00:00:50 UTC (RELENG_7, 7.2-PRERELEASE)
+                2009-03-23 00:00:50 UTC (RELENG_7_1, 7.1-RELEASE-p4)
+                2009-03-23 00:00:50 UTC (RELENG_7_0, 7.0-RELEASE-p11)
+CVE Name:       CVE-2009-1041
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+In FreeBSD 7.0, support was introduced for per-process timers as defined
+in the POSIX realtime extensions.  This allows a process to have a limited
+number of timers running at once, with various actions taken when each
+timer reaches zero.
+
+II.  Problem Description
+
+An integer which specifies which timer a process wishes to operate upon is
+not properly bounds-checked.
+
+III. Impact
+
+An unprivileged process can overwrite an arbitrary location in kernel
+memory.  This could be used to change the user ID of the process (in order
+to "become root"), to escape from a jail, or to bypass security mechanisms
+in other ways.
+
+IV.  Workaround
+
+No workaround is available, but systems without untrusted local users are
+not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE, or to the RELENG_7_1
+or RELENG_7_0 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 7.0 and 7.1
+systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:06/ktimer.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:06/ktimer.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/kern/kern_time.c                                      1.142.2.3
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.7
+  src/sys/conf/newvers.sh                                    1.72.2.9.2.8
+  src/sys/kern/kern_time.c                                  1.142.2.2.2.2
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.15
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.15
+  src/sys/kern/kern_time.c                                      1.142.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r190301
+releng/7.1/                                                       r190301
+releng/7.0/                                                       r190301
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1041
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-06:09.ktimer.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAknG0hQACgkQFdaIBMps37JA4gCfaznvIWKB/AU0cv6ojZUhheD4
+MuYAnAp3wuz3E7gIX6VK7PeUVnPp/41o
+=MPIX
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:07.libc.asc b/share/security/advisories/FreeBSD-SA-09:07.libc.asc
new file mode 100644
index 0000000000..a73538b5cc
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:07.libc.asc
@@ -0,0 +1,156 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:07.libc                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Information leak in db(3)
+
+Category:       core
+Module:         libc
+Announced:      2009-04-22
+Credits:        Jaakko Heinonen, Xin LI
+Affects:        All supported versions of FreeBSD.
+Corrected:      2009-04-11 15:19:26 UTC (RELENG_7, 7.2-PRERELEASE)
+                2009-04-22 14:07:14 UTC (RELENG_7_1, 7.1-RELEASE-p5)
+                2009-04-22 14:07:14 UTC (RELENG_7_0, 7.0-RELEASE-p12)
+                2009-04-11 15:21:11 UTC (RELENG_6, 6.4-STABLE)
+                2009-04-22 14:07:14 UTC (RELENG_6_4, 6.4-RELEASE-p4)
+                2009-04-22 14:07:14 UTC (RELENG_6_3, 6.3-RELEASE-p10)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD's C library (libc) contains code for creating and accessing
+Berkeley DB 1.85 database files.  Such databases are used extensively
+in FreeBSD; for example, the system password files (/etc/passwd and
+/etc/master.passwd) are normally accessed via their database files
+(/etc/pwd.db and /etc/spwd.db).
+
+II.  Problem Description
+
+Some data structures used by the database interface code are not properly
+initialized when allocated.
+
+III. Impact
+
+Programs using the db(3) interface to create Berkeley database files may
+"leak" sensitive information into database files.  If those files can be
+read by other users, this may result in the disclosure of sensitive
+information such as login credentials.
+
+IV.  Workaround
+
+No workaround is available, but systems without untrusted local users are
+probably not affected (since remote attackers will in most cases not be
+able to read such database files).
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.0, and 7.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:07/libc.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:07/libc.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libc
+# make obj && make depend && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+NOTE: System administrators may wish to rebuild any system database files
+which were created prior to applying this patch in case they contain
+sensitive information.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/lib/libc/db/btree/bt_split.c                                1.7.2.1
+  src/lib/libc/db/btree/bt_open.c                               1.11.14.1
+  src/lib/libc/db/hash/hash_buf.c                                1.7.14.1
+  src/lib/libc/db/mpool/mpool.c                                  1.12.2.1
+  src/lib/libc/db/README                                         1.1.40.1
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.8
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.10
+  src/lib/libc/db/btree/bt_split.c                               1.7.12.2
+  src/lib/libc/db/hash/hash_buf.c                                1.7.26.2
+  src/lib/libc/db/mpool/mpool.c                                 1.12.12.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.15
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.14
+  src/lib/libc/db/btree/bt_split.c                               1.7.10.1
+  src/lib/libc/db/hash/hash_buf.c                                1.7.24.1
+  src/lib/libc/db/mpool/mpool.c                                 1.12.10.1
+RELENG_7
+  src/lib/libc/db/btree/bt_split.c                                1.8.2.1 
+  src/lib/libc/db/btree/bt_open.c                                1.12.2.1
+  src/lib/libc/db/hash/hash_buf.c                                 1.8.2.1
+  src/lib/libc/db/mpool/mpool.c                                  1.13.2.1 
+  src/lib/libc/db/README                                         1.1.50.1
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.8
+  src/sys/conf/newvers.sh                                    1.72.2.9.2.9
+  src/lib/libc/db/btree/bt_split.c                                1.8.6.2
+  src/lib/libc/db/hash/hash_buf.c                                 1.8.6.2
+  src/lib/libc/db/mpool/mpool.c                                  1.13.6.2
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.16
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.16
+  src/lib/libc/db/btree/bt_split.c                                1.8.4.1
+  src/lib/libc/db/hash/hash_buf.c                                 1.8.4.1
+  src/lib/libc/db/mpool/mpool.c                                  1.13.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r190940
+releng/6.4/                                                       r191381
+releng/6.3/                                                       r191381
+stable/7/                                                         r190939
+releng/7.1/                                                       r191381
+releng/7.0/                                                       r191381
+- -------------------------------------------------------------------------
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:07.libc.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAknvJlkACgkQFdaIBMps37JcyACggmDk96JTy3G5gGlzMlNuVsV7
+s5wAoIT2G2c3T6bYa7GeftWLpGGFo2Rp
+=rdqD
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:08.openssl.asc b/share/security/advisories/FreeBSD-SA-09:08.openssl.asc
new file mode 100644
index 0000000000..456fde582a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:08.openssl.asc
@@ -0,0 +1,171 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:08.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Remotely exploitable crash in OpenSSL
+
+Category:       contrib
+Module:         openssl
+Announced:      2009-04-22
+Affects:        All supported versions of FreeBSD.
+Corrected:      2009-04-22 14:07:14 UTC (RELENG_7, 7.2-PRERELEASE)
+                2009-04-22 14:07:14 UTC (RELENG_7_2, 7.2-RC2)
+                2009-04-22 14:07:14 UTC (RELENG_7_1, 7.1-RELEASE-p5)
+                2009-04-22 14:07:14 UTC (RELENG_7_0, 7.0-RELEASE-p12)
+                2009-04-22 14:07:14 UTC (RELENG_6, 6.4-STABLE)
+                2009-04-22 14:07:14 UTC (RELENG_6_4, 6.4-RELEASE-p4)
+                2009-04-22 14:07:14 UTC (RELENG_6_3, 6.3-RELEASE-p10)
+CVE Name:       CVE-2009-0590
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+The function ASN1_STRING_print_ex is often used to print the contents of
+an SSL certificate.
+
+II.  Problem Description
+
+The function ASN1_STRING_print_ex does not properly validate the lengths
+of BMPString or UniversalString objects before attempting to print them.
+
+III. Impact
+
+An application which attempts to print a BMPString or UniversalString
+which has an invalid length will crash as a result of OpenSSL accessing
+invalid memory locations.  This could be used by an attacker to crash a
+remote application.
+
+IV.  Workaround
+
+No workaround is available, but applications which do not use the
+ASN1_STRING_print_ex function (either directly or indirectly) are not
+affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_2, RELENG_7_1, RELENG_7_0, RELENG_6_4, or RELENG_6_3 security
+branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.0, 7.1, and 7.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 7.x]
+# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl.patch.asc
+
+[FreeBSD 6.x]
+# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl6.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:08/openssl6.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/secure/lib/libcrypto
+# make obj && make depend && make includes && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/crypto/openssl/crypto/asn1/asn1_err.c                  1.1.1.4.12.1
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                  1.1.1.2.10.2
+  src/crypto/openssl/crypto/asn1/asn1.h                      1.1.1.7.10.1
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.8
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.10
+  src/crypto/openssl/crypto/asn1/asn1_err.c                  1.1.1.4.24.1
+  src/crypto/openssl/crypto/asn1/tasn_dec.c              1.1.1.2.10.1.6.1
+  src/crypto/openssl/crypto/asn1/asn1.h                      1.1.1.7.22.1
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.15
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.14
+  src/crypto/openssl/crypto/asn1/asn1_err.c                  1.1.1.4.22.1
+  src/crypto/openssl/crypto/asn1/tasn_dec.c              1.1.1.2.10.1.4.1
+  src/crypto/openssl/crypto/asn1/asn1.h                      1.1.1.7.20.1
+RELENG_7
+  src/crypto/openssl/crypto/asn1/asn1_err.c                   1.1.1.6.2.1
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                   1.1.1.5.2.1
+  src/crypto/openssl/crypto/asn1/asn1.h                           1.2.2.1
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.2
+  src/crypto/openssl/crypto/asn1/asn1_err.c                   1.1.1.6.8.1
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                   1.1.1.5.8.1
+  src/crypto/openssl/crypto/asn1/asn1.h                           1.2.8.1
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.8
+  src/sys/conf/newvers.sh                                    1.72.2.9.2.9
+  src/crypto/openssl/crypto/asn1/asn1_err.c                   1.1.1.6.6.1
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                   1.1.1.5.6.1
+  src/crypto/openssl/crypto/asn1/asn1.h                           1.2.6.1
+RELENG_7_0
+  src/UPDATING                                             1.507.2.3.2.16
+  src/sys/conf/newvers.sh                                   1.72.2.5.2.16
+  src/crypto/openssl/crypto/asn1/asn1_err.c                   1.1.1.6.4.1
+  src/crypto/openssl/crypto/asn1/tasn_dec.c                   1.1.1.5.4.1
+  src/crypto/openssl/crypto/asn1/asn1.h                           1.2.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r191381
+releng/6.4/                                                       r191381
+releng/6.3/                                                       r191381
+stable/7/                                                         r191381
+releng/7.2/                                                       r191381
+releng/7.1/                                                       r191381
+releng/7.0/                                                       r191381
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://openssl.org/news/secadv_20090325.txt
+[Note that two of the issues mentioned in the OpenSSL advisory do
+not affect FreeBSD.]
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0590
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:08.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAknvJegACgkQFdaIBMps37LB4gCffpTTOSdqyLK6ravrv6h8LqWE
+MDcAn2SIjNmRL8Oktk0l9hLz0mhtcxWP
+=Q7Zz
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:09.pipe.asc b/share/security/advisories/FreeBSD-SA-09:09.pipe.asc
new file mode 100644
index 0000000000..5fd0eb8d69
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:09.pipe.asc
@@ -0,0 +1,144 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:09.pipe                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Local information disclosure via direct pipe writes
+
+Category:       core
+Module:         kern
+Announced:      2009-06-10
+Credits:        Pieter de Boer
+Affects:        All supported versions of FreeBSD.
+Corrected:      2009-06-10 10:31:11 UTC (RELENG_7, 7.2-STABLE)
+                2009-06-10 10:31:11 UTC (RELENG_7_2, 7.2-RELEASE-p1)
+                2009-06-10 10:31:11 UTC (RELENG_7_1, 7.1-RELEASE-p6)
+                2009-06-10 10:31:11 UTC (RELENG_6, 6.4-STABLE)
+                2009-06-10 10:31:11 UTC (RELENG_6_4, 6.4-RELEASE-p5)
+                2009-06-10 10:31:11 UTC (RELENG_6_3, 6.3-RELEASE-p11)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+One of the most commonly used forms of interprocess communication on
+FreeBSD and other UNIX-like systems is the (anonymous) pipe.  In this
+mechanism, a pair of file descriptors is created, and data written to
+one descriptor can be read from the other.
+
+FreeBSD's pipe implementation contains an optimization known as "direct
+writes".  In this optimization, rather than copying data into kernel
+memory when the write(2) system call is invoked and then copying the
+data again when the read(2) system call is invoked, the FreeBSD kernel
+takes advantage of virtual memory mapping to allow the data to be copied
+directly between processes.
+
+II.  Problem Description
+
+An integer overflow in computing the set of pages containing data to be
+copied can result in virtual-to-physical address lookups not being
+performed.
+
+III. Impact
+
+An unprivileged process can read pages of memory which belong to other
+processes or to the kernel.  These may contain information which is
+sensitive in itself; or may contain passwords or cryptographic keys
+which can be indirectly exploited to gain sensitive information or
+access.
+
+IV.  Workaround
+
+No workaround is available, but systems without untrusted local users
+are not vulnerable.  System administrators are reminded that even if a
+system is not intended to have untrusted local users, it may be possible
+for an attacker to exploit some other vulnerability to obtain local user
+access to a system.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.1, and 7.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:09/pipe.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:09/pipe.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/kern/sys_pipe.c                                       1.184.2.5
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.9
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.11
+  src/sys/kern/sys_pipe.c                                   1.184.2.4.2.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.16
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.15
+  src/sys/kern/sys_pipe.c                                   1.184.2.2.6.2
+RELENG_7
+  src/sys/kern/sys_pipe.c                                       1.191.2.5
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.4
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.5
+  src/sys/kern/sys_pipe.c                                   1.191.2.3.4.2
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.9
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.10
+  src/sys/kern/sys_pipe.c                                   1.191.2.3.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r193893
+releng/6.4/                                                       r193893
+releng/6.3/                                                       r193893
+stable/7/                                                         r193893
+releng/7.2/                                                       r193893
+releng/7.1/                                                       r193893
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:09.pipe.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkovjN0ACgkQFdaIBMps37JkXwCgmLcEMOMAEIXRoJ220zwZhMKn
+f+gAn1bZyLMhfZU7TI0xxhizwetDwMVI
+=J37B
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:10.ipv6.asc b/share/security/advisories/FreeBSD-SA-09:10.ipv6.asc
new file mode 100644
index 0000000000..6f4cbddae7
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:10.ipv6.asc
@@ -0,0 +1,136 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:10.ipv6                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Missing permission check on SIOCSIFINFO_IN6 ioctl
+
+Category:       core
+Module:         netinet6
+Announced:      2009-06-10
+Credits:        Hiroki Sato
+Affects:        All supported versions of FreeBSD.
+Corrected:      2009-06-10 10:31:11 UTC (RELENG_7, 7.2-STABLE)
+                2009-06-10 10:31:11 UTC (RELENG_7_2, 7.2-RELEASE-p1)
+                2009-06-10 10:31:11 UTC (RELENG_7_1, 7.1-RELEASE-p6)
+                2009-06-10 10:31:11 UTC (RELENG_6, 6.4-STABLE)
+                2009-06-10 10:31:11 UTC (RELENG_6_4, 6.4-RELEASE-p5)
+                2009-06-10 10:31:11 UTC (RELENG_6_3, 6.3-RELEASE-p11)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+IPv6 is a new Internet Protocol, designed to replace (and avoid many of
+the problems with) the current Internet Protocol (version 4).  Many
+properties of the FreeBSD IPv6 network stack can be configured via the
+ioctl(2) interface.
+
+II.  Problem Description
+
+The SIOCSIFINFO_IN6 ioctl is missing a necessary permissions check.
+
+III. Impact
+
+Local users, including non-root users and users inside jails, can set
+some IPv6 interface properties.  These include changing the link MTU
+and disabling interfaces entirely.  Note that this affects IPv6 only;
+IPv4 functionality cannot be affected by exploiting this vulnerability.
+
+IV.  Workaround
+
+No workaround is available, but systems without local untrusted users
+are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.1, and 7.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 6.x]
+# fetch http://security.FreeBSD.org/patches/SA-09:10/ipv6-6.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:10/ipv6-6.patch.asc
+
+[FreeBSD 7.x]
+# fetch http://security.FreeBSD.org/patches/SA-09:10/ipv6.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:10/ipv6.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/netinet6/in6.c                                        1.51.2.13
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.9
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.11
+  src/sys/netinet6/in6.c                                    1.51.2.12.2.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.16
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.15
+  src/sys/netinet6/in6.c                                    1.51.2.11.2.1
+RELENG_7
+  src/sys/netinet6/in6.c                                         1.73.2.7
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.4
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.5
+  src/sys/netinet6/in6.c                                     1.73.2.6.2.2
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.9
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.10
+  src/sys/netinet6/in6.c                                     1.73.2.4.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r193893
+releng/6.4/                                                       r193893
+releng/6.3/                                                       r193893
+stable/7/                                                         r193893
+releng/7.2/                                                       r193893
+releng/7.1/                                                       r193893
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:10.ipv6.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkovjOUACgkQFdaIBMps37IFxwCgj0o1r4IQMIEvp3y4oIqhQwxe
+cI8AoIlxweqjakKxu/A/Z4+xjoGmqUdF
+=/kNi
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:11.ntpd.asc b/share/security/advisories/FreeBSD-SA-09:11.ntpd.asc
new file mode 100644
index 0000000000..385a8e3d4c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:11.ntpd.asc
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:11.ntpd                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          ntpd stack-based buffer-overflow vulnerability
+
+Category:       contrib
+Module:         ntpd
+Announced:      2009-06-10
+Credits:        Chris Ries
+Affects:        All supported versions of FreeBSD.
+Corrected:      2009-06-10 10:31:11 UTC (RELENG_7, 7.2-STABLE)
+                2009-06-10 10:31:11 UTC (RELENG_7_2, 7.2-RELEASE-p1)
+                2009-06-10 10:31:11 UTC (RELENG_7_1, 7.1-RELEASE-p6)
+                2009-06-10 10:31:11 UTC (RELENG_6, 6.4-STABLE)
+                2009-06-10 10:31:11 UTC (RELENG_6_4, 6.4-RELEASE-p5)
+                2009-06-10 10:31:11 UTC (RELENG_6_3, 6.3-RELEASE-p11)
+CVE Name:       CVE-2009-1252
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
+used to synchronize the time of a computer system to a reference time
+source.
+
+Autokey is a security model for authenticating Network Time Protocol
+(NTP) servers to clients, using public key cryptography.
+
+II.  Problem Description
+
+The ntpd(8) daemon is prone to a stack-based buffer-overflow when it is
+configured to use the 'autokey' security model.
+
+III. Impact
+
+This issue could be exploited to execute arbitrary code in the context of
+the service daemon, or crash the service daemon, causing denial-of-service
+conditions.
+
+IV.  Workaround
+
+Use IP based restrictions in ntpd(8) itself or in IP firewalls to
+restrict which systems can send NTP packets to ntpd(8).
+
+Note that systems will only be affected if they have the "autokey" option
+set in /etc/ntp.conf; FreeBSD does not ship with a default ntp.conf file,
+so will not be affected unless this option has been explicitly enabled by
+the system administrator.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.1, and 7.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 6.3]
+# fetch http://security.FreeBSD.org/patches/SA-09:11/ntpd63.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:11/ntpd63.patch.asc
+
+[FreeBSD 6.4 and 7.x]
+# fetch http://security.FreeBSD.org/patches/SA-09:11/ntpd.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:11/ntpd.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/ntp/ntpd
+# make obj && make depend && make && make install
+# /etc/rc.d/ntpd restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/contrib/ntp/ntpd/ntp_crypto.c                           1.1.1.3.8.3
+RELENG_6_4
+  src/UPDATING                                             1.416.2.40.2.9
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.11
+  src/contrib/ntp/ntpd/ntp_crypto.c                       1.1.1.3.8.1.2.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.16
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.15
+  src/contrib/ntp/ntpd/ntp_crypto.c                          1.1.1.3.20.2
+RELENG_7
+  src/contrib/ntp/ntpd/ntp_crypto.c                          1.1.1.3.18.3
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.4
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.5
+  src/contrib/ntp/ntpd/ntp_crypto.c                      1.1.1.3.18.2.2.1
+RELENG_7_1
+  src/UPDATING                                             1.507.2.13.2.9
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.10
+  src/contrib/ntp/ntpd/ntp_crypto.c                      1.1.1.3.18.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r193893
+releng/6.4/                                                       r193893
+releng/6.3/                                                       r193893
+stable/7/                                                         r193893
+releng/7.2/                                                       r193893
+releng/7.1/                                                       r193893
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1252
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:11.ntpd.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEARECAAYFAkovjOwACgkQFdaIBMps37KRpwCfaQF9q8KhElv6LqgFv3DX2h9c
+hbEAn2Q0X8Qv8r5OySnhlAw2pMxlxkXK
+=Mh2u
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:12.bind.asc b/share/security/advisories/FreeBSD-SA-09:12.bind.asc
new file mode 100644
index 0000000000..82ea67adab
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:12.bind.asc
@@ -0,0 +1,153 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:12.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          BIND named(8) dynamic update message remote DoS
+
+Category:       contrib
+Module:         bind
+Announced:      2009-07-29
+Credits:        Matthias Urlichs
+Affects:        All supported versions of FreeBSD
+Corrected:      2009-07-28 23:59:22 UTC (RELENG_7, 7.2-STABLE)
+                2009-07-29 00:14:14 UTC (RELENG_7_2, 7.2-RELEASE-p3)
+                2009-07-29 00:14:14 UTC (RELENG_7_1, 7.1-RELEASE-p7)
+                2009-07-29 00:13:47 UTC (RELENG_6, 6.4-STABLE)
+                2009-07-29 00:14:14 UTC (RELENG_6_4, 6.4-RELEASE-p6)
+                2009-07-29 00:14:14 UTC (RELENG_6_3, 6.3-RELEASE-p12)
+CVE Name:       CVE-2009-0696
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+NOTE: Due to this issue being accidentally disclosed early, updated
+binaries are yet not available via freebsd-update at the time this
+advisory is being published.  Email will be sent to the freebsd-security
+mailing list when the binaries are available via freebsd-update.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+Dynamic update messages may be used to update records in a master zone
+on a nameserver.
+
+II.  Problem Description
+
+When named(8) receives a specially crafted dynamic update message an
+internal assertion check is triggered which causes named(8) to exit.
+
+To trigger the problem, the dynamic update message must contains a
+record of type "ANY" and at least one resource record set (RRset) for
+this fully qualified domain name (FQDN) must exist on the server.
+
+III. Impact
+
+An attacker which can send DNS requests to a nameserver can cause it to
+exit, thus creating a Denial of Service situation.
+
+IV.  Workaround
+
+No generally applicable workaround is available, but some firewalls
+may be able to prevent nsupdate DNS packets from reaching the
+nameserver.
+
+NOTE WELL: Merely configuring named(8) to ignore dynamic updates is NOT
+sufficient to protect it from this vulnerability.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.1, and 7.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:12/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:12/bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+# /etc/rc.d/named restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/contrib/bind9/bin/named/update.c                        1.1.1.2.2.5
+RELENG_6_4
+  src/UPDATING                                            1.416.2.40.2.10
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.12
+  src/contrib/bind9/bin/named/update.c                    1.1.1.2.2.3.2.1
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.17
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.16
+  src/contrib/bind9/bin/named/update.c                    1.1.1.2.2.2.2.1
+RELENG_7
+  src/contrib/bind9/bin/named/update.c                        1.1.1.5.2.3
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.6
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.7
+  src/contrib/bind9/bin/named/update.c                    1.1.1.5.2.2.2.1
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.10
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.11
+  src/contrib/bind9/bin/named/update.c                    1.1.1.5.2.1.4.1
+HEAD
+  src/contrib/bind9/bin/named/update.c                                1.4
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+head/                                                             r195936
+stable/6/                                                         r195934
+releng/6.4/                                                       r195935
+releng/6.3/                                                       r195935
+stable/7/                                                         r195933
+releng/7.2/                                                       r195935
+releng/7.1/                                                       r195935
+- -------------------------------------------------------------------------
+
+VII. References
+
+https://www.isc.org/node/474
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538975
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0696
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:12.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQFKb5koFdaIBMps37IRAglLAKCFGXI+MAsksnK5TZB/8L3UFhPS1gCgl7q5
+6fCpOeBcf7f83dVfKRDVF0I=
+=akJW
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:13.pipe.asc b/share/security/advisories/FreeBSD-SA-09:13.pipe.asc
new file mode 100644
index 0000000000..feab3dca5d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:13.pipe.asc
@@ -0,0 +1,131 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:13.pipe                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          kqueue pipe race conditions
+Category:       core
+Module:         kern
+Announced:      2009-10-02
+Credits:        Przemyslaw Frasunek
+Affects:        FreeBSD 6.x
+Corrected:      2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE)
+                2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7)
+                2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+Pipes are a form of inter-process communication (IPC) provided by the
+FreeBSD kernel.  kqueue is an event management API that applications can
+use to monitor pipes and other kernel services.
+
+II.  Problem Description
+
+A race condition exists in the pipe close() code relating to kqueues,
+causing use-after-free for kernel memory, which may lead to an
+exploitable NULL pointer vulnerability in the kernel, kernel memory
+corruption, and other unpredictable results.
+
+III. Impact
+
+Successful exploitation of the race condition can lead to local kernel
+privilege escalation, kernel data corruption and/or crash.
+
+To exploit this vulnerability, an attacker must be able to run code on
+the target system.
+
+IV.  Workaround
+
+An errata notice, FreeBSD-EN-09:05.null has been released simultaneously to
+this advisory, and contains a kernel patch implementing a workaround for a
+more broad class of vulnerabilities.  However, prior to those changes, no
+workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or to the RELENG_6_4, or
+RELENG_6_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3 and 6.4.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:13/pipe.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:13/pipe.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/kern/kern_event.c                                      1.93.2.7
+  src/sys/kern/kern_fork.c                                      1.252.2.8
+  src/sys/kern/sys_pipe.c                                       1.184.2.6
+  src/sys/sys/event.h                                            1.32.2.1
+  src/sys/sys/pipe.h                                             1.29.2.1
+RELENG_6_4
+  src/UPDATING                                            1.416.2.40.2.11
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.13
+  src/sys/kern/kern_event.c                                  1.93.2.6.6.2
+  src/sys/kern/kern_fork.c                                  1.252.2.7.4.2
+  src/sys/kern/sys_pipe.c                                   1.184.2.4.2.3
+  src/sys/sys/event.h                                           1.32.12.2
+  src/sys/sys/pipe.h                                            1.29.16.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.18
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.17
+  src/sys/kern/kern_event.c                                  1.93.2.6.4.1
+  src/sys/kern/kern_fork.c                                  1.252.2.7.2.1
+  src/sys/kern/sys_pipe.c                                   1.184.2.2.6.3
+  src/sys/sys/event.h                                           1.32.10.1
+  src/sys/sys/pipe.h                                            1.29.12.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r197715
+releng/6.4/                                                       r197715
+releng/6.3/                                                       r197715
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://svn.freebsd.org/viewvc/base?view=revision&revision=179243
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:13.pipe.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQFKxlthFdaIBMps37IRAlk2AJ9mUrNPd1RMztbzO4w7g+AxosqJzgCgmr5l
+FKxrbF0G4v9P6SyyfAdVOFY=
+=TWhC
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:14.devfs.asc b/share/security/advisories/FreeBSD-SA-09:14.devfs.asc
new file mode 100644
index 0000000000..79d0a7f02e
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:14.devfs.asc
@@ -0,0 +1,141 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:14.devfs                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Devfs / VFS NULL pointer race condition
+
+Category:       core
+Module:         kern
+Announced:      2009-10-02
+Credits:        Przemyslaw Frasunek
+Affects:        FreeBSD 6.x and 7.x
+Corrected:      2009-05-18 10:41:59 UTC (RELENG_7, 7.2-STABLE)
+                2009-10-02 18:09:56 UTC (RELENG_7_2, 7.2-RELEASE-p4)
+                2009-10-02 18:09:56 UTC (RELENG_7_1, 7.1-RELEASE-p8)
+                2009-10-02 18:09:56 UTC (RELENG_6, 6.4-STABLE)
+                2009-10-02 18:09:56 UTC (RELENG_6_4, 6.4-RELEASE-p7)
+                2009-10-02 18:09:56 UTC (RELENG_6_3, 6.3-RELEASE-p13)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The device file system (devfs) provides access to system devices, such as
+storage devices and serial ports, via the file system namespace.
+
+VFS is the Virtual File System, which abstracts file system operations in
+the kernel from the actual underlying file system.
+
+II.  Problem Description
+
+Due to the interaction between devfs and VFS, a race condition exists
+where the kernel might dereference a NULL pointer.
+
+III. Impact
+
+Successful exploitation of the race condition can lead to local kernel
+privilege escalation, kernel data corruption and/or crash.
+
+To exploit this vulnerability, an attacker must be able to run code with user
+privileges on the target system.
+
+IV.  Workaround
+
+An errata note, FreeBSD-EN-09:05.null has been released simultaneously to
+this advisory, and contains a kernel patch implementing a workaround for a
+more broad class of vulnerabilities.  However, prior to those changes, no
+workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, or 7-STABLE, or to the
+RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security branch
+dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.1, and 7.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 6.x]
+# fetch http://security.FreeBSD.org/patches/SA-09:14/devfs6.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:14/devfs6.patch.asc
+
+[FreeBSD 7.x]
+# fetch http://security.FreeBSD.org/patches/SA-09:14/devfs7.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:14/devfs7.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/sys/fs/devfs/devfs_vnops.c                               1.114.2.17
+RELENG_6_4
+  src/UPDATING                                            1.416.2.40.2.11
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.13
+  src/sys/fs/devfs/devfs_vnops.c                           1.114.2.16.2.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.18
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.17
+  src/sys/fs/devfs/devfs_vnops.c                           1.114.2.15.2.1
+RELENG_7
+  src/sys/fs/devfs/devfs_vnops.c                                1.149.2.9
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.7
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.8
+  src/sys/fs/devfs/devfs_vnops.c                            1.149.2.8.2.2
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.11
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.12
+  src/sys/fs/devfs/devfs_vnops.c                            1.149.2.4.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r197715
+releng/6.4/                                                       r197715
+releng/6.3/                                                       r197715
+stable/7/                                                         r192301
+releng/7.2/                                                       r197715
+releng/7.1/                                                       r197715
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:14.devfs.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQFKxltlFdaIBMps37IRAp4zAJwJEwIySGqxH4EXwc0wjkDXlcTb1wCfTltO
+Syds53GSM0YbsMNUVMGsLaU=
+=exPZ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:15.ssl.asc b/share/security/advisories/FreeBSD-SA-09:15.ssl.asc
new file mode 100644
index 0000000000..561fdbf67f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:15.ssl.asc
@@ -0,0 +1,184 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:15.ssl                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          SSL protocol flaw
+
+Category:       contrib
+Module:         openssl
+Announced:      2009-12-03
+Credits:        Marsh Ray, Steve Dispensa
+Affects:        All supported versions of FreeBSD.
+Corrected:      2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE)
+                2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1)
+                2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE)
+                2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5)
+                2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9)
+                2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE)
+                2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8)
+                2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14)
+CVE Name:       CVE-2009-3555
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+0.   Revision History
+
+v1.0 2009-12-03  Initial release.
+v1.1 2009-12-03  Corrected instructions in section V.2)b).
+
+I.   Background
+
+The SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols
+provide a secure communications layer over which other protocols can be
+utilized.  The most widespread use of SSL/TLS is to add security to the
+HTTP protocol, thus producing HTTPS.
+
+FreeBSD includes software from the OpenSSL Project which implements SSL
+and TLS.
+
+II.  Problem Description
+
+The SSL version 3 and TLS protocols support session renegotiation without
+cryptographically tying the new session parameters to the old parameters.
+
+III. Impact
+
+An attacker who can intercept a TCP connection being used for SSL or TLS
+can cause the initial session negotiation to take the place of a session
+renegotiation.  This can be exploited in several ways, including:
+ * Causing a server to interpret incoming messages as having been sent
+under the auspices of a client SSL key when in fact they were not;
+ * Causing a client request to be appended to an attacker-supplied
+request, potentially revealing to the attacker the contents of the client
+request (including any authentication parameters); and
+ * Causing a client to receive a response to an attacker-supplied request
+instead of a response to the request sent by the client.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+NOTE WELL: This update causes OpenSSL to reject any attempt to renegotiate
+SSL / TLS session parameters.  As a result, connections in which the other
+party attempts to renegotiate session parameters will break.  In practice,
+however, session renegotiation is a rarely-used feature, so disabling this
+functionality is unlikely to cause problems for most systems.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE, or 8-STABLE, or to
+the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or RELENG_6_3 security
+branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.1, 7.2, and 8.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:15/ssl.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/secure/lib/libssl
+# make obj && make depend && make includes && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/crypto/openssl/ssl/s3_pkt.c                            1.1.1.10.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.14.2.3
+  src/crypto/openssl/ssl/s3_lib.c                            1.1.1.10.2.1
+RELENG_6_4
+  src/UPDATING                                            1.416.2.40.2.12
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.14
+  src/crypto/openssl/ssl/s3_pkt.c                           1.1.1.10.12.1
+  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.14.2.1.6.2
+  src/crypto/openssl/ssl/s3_lib.c                           1.1.1.10.12.1
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.19
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.18
+  src/crypto/openssl/ssl/s3_pkt.c                           1.1.1.10.10.1
+  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.14.2.1.4.2
+  src/crypto/openssl/ssl/s3_lib.c                           1.1.1.10.10.1
+RELENG_7
+  src/crypto/openssl/ssl/s3_pkt.c                            1.1.1.12.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.2.2
+  src/crypto/openssl/ssl/s3_lib.c                            1.1.1.13.2.1
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.8
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.9
+  src/crypto/openssl/ssl/s3_pkt.c                            1.1.1.12.8.1
+  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.17.2.1.2.1
+  src/crypto/openssl/ssl/s3_lib.c                            1.1.1.13.8.1
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.12
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.13
+  src/crypto/openssl/ssl/s3_pkt.c                            1.1.1.12.6.1
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.6.2
+  src/crypto/openssl/ssl/s3_lib.c                            1.1.1.13.6.1
+RELENG_8
+  src/crypto/openssl/ssl/s3_pkt.c                                 1.2.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                                1.3.2.1
+  src/crypto/openssl/ssl/s3_lib.c                                 1.2.2.1
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.4
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.4
+  src/crypto/openssl/ssl/s3_pkt.c                                 1.2.4.1
+  src/crypto/openssl/ssl/s3_srvr.c                                1.3.4.1
+  src/crypto/openssl/ssl/s3_lib.c                                 1.2.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r200054
+releng/6.4/                                                       r200054
+releng/6.3/                                                       r200054
+stable/7/                                                         r200054
+releng/7.2/                                                       r200054
+releng/7.1/                                                       r200054
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://extendedsubset.com/Renegotiating_TLS.pdf
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:15.ssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEARECAAYFAksYIm4ACgkQFdaIBMps37J5jwCZAQurPSu2CyGz2thi8ljb+MlF
+LcwAnjSLYWT1nV5G9a46n9zcrpEqydJ3
+=XuZD
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:16.rtld.asc b/share/security/advisories/FreeBSD-SA-09:16.rtld.asc
new file mode 100644
index 0000000000..fa05c27e71
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:16.rtld.asc
@@ -0,0 +1,145 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:16.rtld                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Improper environment sanitization in rtld(1)
+
+Category:       core
+Module:         rtld
+Announced:      2009-12-03
+Affects:        FreeBSD 7.0 and later.
+Corrected:      2009-12-01 02:59:22 UTC (RELENG_8, 8.0-STABLE)
+                2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1)
+                2009-12-01 03:00:16 UTC (RELENG_7, 7.2-STABLE)
+                2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5)
+                2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9)
+CVE Name:       CVE-2009-4146, CVE-2009-4147
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The run-time link-editor, rtld, links dynamic executable with their
+needed libraries at run-time.  It also allows users to explicitly
+load libraries via various LD_ environmental variables.
+
+II.  Problem Description
+
+When running setuid programs rtld will normally remove potentially
+dangerous environment variables.  Due to recent changes in FreeBSD
+environment variable handling code, a corrupt environment may
+result in attempts to unset environment variables failing.
+
+III. Impact
+
+An unprivileged user who can execute programs on a system can gain
+the privileges of any setuid program which he can run.  On most
+systems configurations, this will allow a local attacker to execute
+code as the root user.
+
+IV.  Workaround
+
+No workaround is available, but systems without untrusted local users,
+where all the untrusted local users are jailed superusers, and/or where
+untrusted users cannot execute arbitrary code (e.g., due to use of read
+only and noexec mount options) are not affected.
+
+Note that "untrusted local users" include users with the ability to
+upload and execute web scripts (CGI, PHP, Python, Perl etc.), as they
+may be able to exploit this issue.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE,
+or to the RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated
+after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 7.1, 7.2,
+and 8.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 7.x]
+# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld7.patch.asc
+
+[FreeBSD 8.0]
+# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:16/rtld.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/libexec/rtld-elf
+# make obj && make depend && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+ld-elf32.so.1 (i386 compatibility) run-time link-editor (rtld).  On
+amd64 systems where the i386 rtld are installed, the operating system
+should instead be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/libexec/rtld-elf/rtld.c                                   1.124.2.7
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.8
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.9
+  src/libexec/rtld-elf/rtld.c                               1.124.2.4.2.2
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.12
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.13
+  src/libexec/rtld-elf/rtld.c                               1.124.2.3.2.2
+RELENG_8
+  src/libexec/rtld-elf/rtld.c                                   1.139.2.4
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.4
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.4
+  src/libexec/rtld-elf/rtld.c                               1.139.2.2.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r199981
+releng/7.2/                                                       r200054
+releng/7.1/                                                       r200054
+stable/8/                                                         r199980
+releng/8.0/                                                       r200054
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4146
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4147
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:16.rtld.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEUEARECAAYFAksXg/IACgkQFdaIBMps37KrLwCdH4JsCrvdS1RGoGj7MlNgV3+/
+nhYAliVcz9tL8Ll6pYKpIalR740sZ5s=
+=jK/a
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-09:17.freebsd-update.asc b/share/security/advisories/FreeBSD-SA-09:17.freebsd-update.asc
new file mode 100644
index 0000000000..786e62e16a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-09:17.freebsd-update.asc
@@ -0,0 +1,162 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-09:17.freebsd-update                             Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Inappropriate directory permissions in freebsd-update(8)
+
+Category:       core
+Module:         usr.sbin
+Announced:      2009-12-03
+Credits:        KAMADA Ken'ichi
+Affects:        All supported versions of FreeBSD.
+Corrected:      2009-12-03 09:18:40 UTC (RELENG_8, 8.0-STABLE)
+                2009-12-03 09:18:40 UTC (RELENG_8_0, 8.0-RELEASE-p1)
+                2009-12-03 09:18:40 UTC (RELENG_7, 7.2-STABLE)
+                2009-12-03 09:18:40 UTC (RELENG_7_2, 7.2-RELEASE-p5)
+                2009-12-03 09:18:40 UTC (RELENG_7_1, 7.1-RELEASE-p9)
+                2009-12-03 09:18:40 UTC (RELENG_6, 6.4-STABLE)
+                2009-12-03 09:18:40 UTC (RELENG_6_4, 6.4-RELEASE-p8)
+                2009-12-03 09:18:40 UTC (RELENG_6_3, 6.3-RELEASE-p14)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The freebsd-update(8) utility is used to fetch, install, and rollback
+updates to the FreeBSD base system, and also to upgrade from one FreeBSD
+release to another.
+
+II.  Problem Description
+
+When downloading updates to FreeBSD via 'freebsd-update fetch' or
+'freebsd-update upgrade', the freebsd-update(8) utility copies currently
+installed files into its working directory (/var/db/freebsd-update by
+default) both for the purpose of merging changes to configuration files
+and in order to be able to roll back installed updates.
+
+The default working directory used by freebsd-update(8) is normally
+created during the installation of FreeBSD with permissions which allow
+all local users to see its contents, and freebsd-update(8) does not take
+any steps to restrict access to files stored in said directory.
+
+III. Impact
+
+A local user can read files which have been updated by freebsd-update(8),
+even if those files have permissions which would normally not allow users
+to read them.  In particular, on systems which have been upgraded using
+'freebsd-update upgrade', local users can read freebsd-update's backed-up
+copy of the master password file.
+
+IV.  Workaround
+
+Set the permissions on the freebsd-update(8) working directory to not
+allow unprivileged users to read said directory:
+
+# chmod 0700 /var/db/freebsd-update
+
+Note that if freebsd-update(8) is run using the '-d workdir' option, the
+directory which should have its permissions adjusted will be different.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,
+or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or
+RELENG_6_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patch has been verified to apply to FreeBSD 6.3, 6.4,
+7.1, 7.2, and 8.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch
+# fetch http://security.FreeBSD.org/patches/SA-09:17/freebsd-update.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/freebsd-update
+# make obj && make depend && make && make install
+# chmod 0700 /var/db/freebsd-update
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/usr.sbin/freebsd-update/freebsd-update.sh                  1.2.2.11
+  src/etc/mtree/BSD.var.dist                                     1.71.2.4
+RELENG_6_4
+  src/UPDATING                                            1.416.2.40.2.12
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.14
+  src/usr.sbin/freebsd-update/freebsd-update.sh              1.2.2.10.2.2
+  src/etc/mtree/BSD.var.dist                                 1.71.2.3.6.2
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.19
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.18
+  src/usr.sbin/freebsd-update/freebsd-update.sh               1.2.2.8.2.1
+  src/etc/mtree/BSD.var.dist                                 1.71.2.3.4.1
+RELENG_7
+  src/usr.sbin/freebsd-update/freebsd-update.sh                   1.8.2.5
+  src/etc/mtree/BSD.var.dist                                     1.75.2.1
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.8
+  src/sys/conf/newvers.sh                                   1.72.2.11.2.9
+  src/usr.sbin/freebsd-update/freebsd-update.sh               1.8.2.4.4.2
+  src/etc/mtree/BSD.var.dist                                     1.75.8.2
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.12
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.13
+  src/usr.sbin/freebsd-update/freebsd-update.sh               1.8.2.4.2.2
+  src/etc/mtree/BSD.var.dist                                     1.75.6.2
+RELENG_8
+  src/usr.sbin/freebsd-update/freebsd-update.sh                  1.16.2.3
+  src/etc/mtree/BSD.var.dist                                    1.75.10.2
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.4
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.4
+  src/usr.sbin/freebsd-update/freebsd-update.sh              1.16.2.2.2.2
+  src/etc/mtree/BSD.var.dist                                1.75.10.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r200054
+releng/6.4/                                                       r200054
+releng/6.3/                                                       r200054
+stable/7/                                                         r200054
+releng/7.2/                                                       r200054
+releng/7.1/                                                       r200054
+stable/8/                                                         r200054
+releng/8.0/                                                       r200054
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-09:17.freebsd-update.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEARECAAYFAksXhA0ACgkQFdaIBMps37Lg+wCfSK5sMXpsxTW9jpgwwcqx+24z
+zzwAniR50V8K8/vI0qshCUaKwryEYDuK
+=/lsC
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-10:01.bind.asc b/share/security/advisories/FreeBSD-SA-10:01.bind.asc
new file mode 100644
index 0000000000..6152d4c578
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-10:01.bind.asc
@@ -0,0 +1,212 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-10:01.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          BIND named(8) cache poisoning with DNSSEC validation
+
+Category:       contrib
+Module:         bind
+Announced:      2010-01-06
+Credits:        Michael Sinatra
+Affects:        All supported versions of FreeBSD.
+Corrected:      2009-12-11 01:23:58 UTC (RELENG_8, 8.0-STABLE)
+                2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)
+                2009-12-11 02:23:04 UTC (RELENG_7, 7.2-STABLE)
+                2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6)
+                2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10)
+                2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE)
+                2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9)
+                2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15)
+CVE Name:       CVE-2009-4022
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+DNS Security Extensions (DNSSEC) provides data integrity, origin
+authentication and authenticated denial of existence to resolvers.
+
+II.  Problem Description
+
+If a client requests DNSSEC records with the Checking Disabled (CD) flag
+set, BIND may cache the unvalidated responses.  These responses may later
+be returned to another client that has not set the CD flag.
+
+III. Impact
+
+If a client can send such queries to a server, it can exploit this
+problem to mount a cache poisoning attack, seeding the cache with
+unvalidated information.
+
+IV.  Workaround
+
+Disabling DNSSEC validation will prevent BIND from caching unvalidated
+records, but also prevent DNSSEC authentication of records.  Systems not
+using DNSSEC validation are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,
+or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or
+RELENG_6_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.1, 7.2, and 8.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 6.3]
+# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-63.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-63.patch.asc
+
+[FreeBSD 6.4]
+# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-64.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-64.patch.asc
+
+[FreeBSD 7.1]
+# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-71.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-71.patch.asc
+
+[FreeBSD 7.2]
+# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-72.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-72.patch.asc
+
+[FreeBSD 8.0]
+# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-80.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:01/bind9-80.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+# /etc/rc.d/named restart
+
+NOTE WELL: Users running FreeBSD 6 and using DNSSEC are advised to get
+a more recent BIND version with more complete DNSSEC support.  This
+can be done either by upgrading to FreeBSD 7.x or later, or installing
+BIND for the FreeBSD Ports Collection.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/contrib/bind9/lib/dns/rbtdb.c                           1.1.1.1.4.4
+  src/contrib/bind9/lib/dns/include/dns/types.h               1.1.1.1.4.2
+  src/contrib/bind9/lib/dns/resolver.c                       1.1.1.2.2.11
+  src/contrib/bind9/lib/dns/masterdump.c                      1.1.1.1.4.3
+  src/contrib/bind9/lib/dns/validator.c                       1.1.1.2.2.6
+  src/contrib/bind9/bin/named/query.c                         1.1.1.1.4.7
+RELENG_6_4
+  src/UPDATING                                            1.416.2.40.2.13
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.15
+  src/contrib/bind9/lib/dns/rbtdb.c                       1.1.1.1.4.3.2.1
+  src/contrib/bind9/lib/dns/include/dns/types.h           1.1.1.1.4.1.4.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.2.2.9.2.1
+  src/contrib/bind9/lib/dns/masterdump.c                  1.1.1.1.4.1.4.1
+  src/contrib/bind9/lib/dns/validator.c                   1.1.1.2.2.4.2.1
+  src/contrib/bind9/bin/named/query.c                     1.1.1.1.4.5.2.1
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.20
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.19
+  src/contrib/bind9/lib/dns/rbtdb.c                       1.1.1.1.4.2.2.1
+  src/contrib/bind9/lib/dns/include/dns/types.h           1.1.1.1.4.1.2.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.2.2.6.2.2
+  src/contrib/bind9/lib/dns/masterdump.c                  1.1.1.1.4.1.2.1
+  src/contrib/bind9/lib/dns/validator.c                   1.1.1.2.2.3.2.1
+  src/contrib/bind9/bin/named/query.c                     1.1.1.1.4.4.2.1
+RELENG_7
+  src/contrib/bind9/lib/dns/rbtdb.c                           1.1.1.4.2.4
+  src/contrib/bind9/lib/dns/include/dns/types.h               1.1.1.3.2.2
+  src/contrib/bind9/lib/dns/resolver.c                        1.1.1.9.2.6
+  src/contrib/bind9/lib/dns/masterdump.c                      1.1.1.3.2.3
+  src/contrib/bind9/lib/dns/validator.c                       1.1.1.6.2.5
+  src/contrib/bind9/bin/named/query.c                         1.1.1.6.2.4
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.9
+  src/sys/conf/newvers.sh                                  1.72.2.11.2.10
+  src/contrib/bind9/lib/dns/rbtdb.c                       1.1.1.4.2.2.2.1
+  src/contrib/bind9/lib/dns/include/dns/types.h               1.1.1.3.8.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.9.2.4.2.1
+  src/contrib/bind9/lib/dns/masterdump.c                  1.1.1.3.2.1.2.1
+  src/contrib/bind9/lib/dns/validator.c                   1.1.1.6.2.3.2.1
+  src/contrib/bind9/bin/named/query.c                     1.1.1.6.2.2.2.1
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.13
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.14
+  src/contrib/bind9/lib/dns/rbtdb.c                       1.1.1.4.2.1.4.1
+  src/contrib/bind9/lib/dns/include/dns/types.h               1.1.1.3.6.1
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.9.2.3.2.1
+  src/contrib/bind9/lib/dns/masterdump.c                      1.1.1.3.6.1
+  src/contrib/bind9/lib/dns/validator.c                   1.1.1.6.2.1.4.1
+  src/contrib/bind9/bin/named/query.c                     1.1.1.6.2.1.4.1
+RELENG_8
+  src/contrib/bind9/lib/dns/rbtdb.c                               1.3.2.2
+  src/contrib/bind9/lib/dns/include/dns/types.h                   1.2.2.2
+  src/contrib/bind9/lib/dns/resolver.c                            1.6.2.2
+  src/contrib/bind9/lib/dns/masterdump.c                          1.3.2.2
+  src/contrib/bind9/lib/dns/validator.c                           1.4.2.2
+  src/contrib/bind9/bin/named/query.c                             1.3.2.2
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.5
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.5
+  src/contrib/bind9/lib/dns/rbtdb.c                               1.3.4.1
+  src/contrib/bind9/lib/dns/include/dns/types.h                   1.2.4.1
+  src/contrib/bind9/lib/dns/resolver.c                            1.6.4.1
+  src/contrib/bind9/lib/dns/masterdump.c                          1.3.4.1
+  src/contrib/bind9/lib/dns/validator.c                           1.4.4.1
+  src/contrib/bind9/bin/named/query.c                             1.3.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r200394
+releng/6.4/                                                       r201679
+releng/6.3/                                                       r201679
+stable/7/                                                         r200393
+releng/7.2/                                                       r201679
+releng/7.1/                                                       r201679
+stable/8/                                                         r200383
+releng/8.0/                                                       r201679
+head/                                                             r199958
+- -------------------------------------------------------------------------
+
+VII. References
+
+https://www.isc.org/node/504
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4022
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-10:01.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQFLRQ9dFdaIBMps37IRAip+AJ0S55AYqLsrwrLLMo8Qi6fGxoH7EQCfU/6K
+RUb5Kn+O1qc/FUzEQ12AmrA=
+=Pfoo
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-10:02.ntpd.asc b/share/security/advisories/FreeBSD-SA-10:02.ntpd.asc
new file mode 100644
index 0000000000..9dadde3c2f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-10:02.ntpd.asc
@@ -0,0 +1,148 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-10:02.ntpd                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          ntpd mode 7 denial of service
+
+Category:       contrib
+Module:         ntpd
+Announced:      2010-01-06
+Affects:        All supported versions of FreeBSD.
+Corrected:      2010-01-06 21:45:30 UTC (RELENG_8, 8.0-STABLE)
+                2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)
+                2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE)
+                2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6)
+                2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10)
+                2010-01-06 21:45:30 UTC (RELENG_6, 6.4-STABLE)
+                2010-01-06 21:45:30 UTC (RELENG_6_4, 6.4-RELEASE-p9)
+                2010-01-06 21:45:30 UTC (RELENG_6_3, 6.3-RELEASE-p15)
+CVE Name:       CVE-2009-3563
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The ntpd(8) daemon is an implementation of the Network Time Protocol (NTP)
+used to synchronize the time of a computer system to a reference time
+source.
+
+II.  Problem Description
+
+If ntpd receives a mode 7 (MODE_PRIVATE) request or error response
+from a source address not listed in either a 'restrict ... noquery'
+or a 'restrict ... ignore' section it will log the even and send
+a mode 7 error response.
+
+III. Impact
+
+If an attacker can spoof such a packet from a source IP of an affected
+ntpd to the same or a different affected ntpd, the host(s) will endlessly
+send error responses to each other and log each event, consuming network
+bandwidth, CPU and possibly disk space.
+
+IV.  Workaround
+
+Proper filtering of mode 7 NTP packets by a firewall can limit the
+number of systems used to attack your resources.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,
+or to the RELENG_8_0, RELENG_7_2, RELENG_7_1, RELENG_6_4, or
+RELENG_6_3 security branch dated after the correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 6.3, 6.4,
+7.1, 7.2, and 8.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:02/ntpd.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/ntp/ntpd
+# make obj && make depend && make && make install
+# /etc/rc.d/ntpd restart
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/contrib/ntp/ntpd/ntp_request.c                          1.1.1.4.8.2
+RELENG_6_4
+  src/UPDATING                                            1.416.2.40.2.13
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.15
+  src/contrib/ntp/ntpd/ntp_request.c                      1.1.1.4.8.1.2.1
+RELENG_6_3
+  src/UPDATING                                            1.416.2.37.2.20
+  src/sys/conf/newvers.sh                                  1.69.2.15.2.19
+  src/contrib/ntp/ntpd/ntp_request.c                         1.1.1.4.20.1
+RELENG_7
+  src/contrib/ntp/ntpd/ntp_request.c                         1.1.1.4.18.2
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.9
+  src/sys/conf/newvers.sh                                  1.72.2.11.2.10
+  src/contrib/ntp/ntpd/ntp_request.c                     1.1.1.4.18.1.4.1
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.13
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.14
+  src/contrib/ntp/ntpd/ntp_request.c                     1.1.1.4.18.1.2.1
+RELENG_8
+  src/contrib/ntp/ntpd/ntp_request.c                              1.2.2.1
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.5
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.5
+  src/contrib/ntp/ntpd/ntp_request.c                              1.2.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r201679
+releng/6.4/                                                       r201679
+releng/6.3/                                                       r201679
+stable/7/                                                         r201679
+releng/7.2/                                                       r201679
+releng/7.1/                                                       r201679
+stable/8/                                                         r201679
+releng/8.0/                                                       r201679
+head/                                                             r200576
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://support.ntp.org/bin/view/Main/SecurityNotice#DoS_attack_from_certain_NTP_mode
+https://support.ntp.org/bugs/show_bug.cgi?id=1331
+http://www.kb.cert.org/vuls/id/568372
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3563
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-10:02.ntpd.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQFLRQ9gFdaIBMps37IRAuH1AJ9eOII8McK5332jhuBHEMxAUbWKNQCghYfs
+y66+ElAr2uZrrXwerlVETPc=
+=yJm1
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-10:03.zfs.asc b/share/security/advisories/FreeBSD-SA-10:03.zfs.asc
new file mode 100644
index 0000000000..4e4c37cf98
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-10:03.zfs.asc
@@ -0,0 +1,152 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-10:03.zfs                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          ZFS ZIL playback with insecure permissions
+
+Category:       contrib
+Module:         zfs
+Announced:      2010-01-06
+Credits:        Pawel Jakub Dawidek
+Affects:        FreeBSD 7.0 and later.
+Corrected:      2009-11-14 11:59:59 UTC (RELENG_8, 8.0-STABLE)
+                2010-01-06 21:45:30 UTC (RELENG_8_0, 8.0-RELEASE-p2)
+                2010-01-06 21:45:30 UTC (RELENG_7, 7.2-STABLE)
+                2010-01-06 21:45:30 UTC (RELENG_7_2, 7.2-RELEASE-p6)
+                2010-01-06 21:45:30 UTC (RELENG_7_1, 7.1-RELEASE-p10)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+ZFS is a file-system originally developed by Sun Microsystems.
+
+The ZFS Intent Log ("ZIL") is a mechanism that gathers together in memory
+transactions of writes, and is flushed onto disk when synchronous
+semantics is necessary.  In the event of crash or power failure, the
+log is examined and the uncommitted transaction would be replayed to
+maintain the synchronous semantics.
+
+II.  Problem Description
+
+When replaying setattr transaction, the replay code would set the
+attributes with certain insecure defaults, when the logged
+transaction did not touch these attributes.
+
+III. Impact
+
+A system crash or power fail would leave some file with mode set
+to 07777.  This could leak sensitive information or cause privilege
+escalation.
+
+IV.  Workaround
+
+No workaround is available, but systems not using ZFS are not
+vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the
+RELENG_8_0, RELENG_7_2, or RELENG_7_1 security branch dated after the
+correction date.
+
+2) To patch your present system:
+
+The following patches have been verified to apply to FreeBSD 7.1, 7.2,
+and 8.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 7.x]
+# fetch http://security.FreeBSD.org/patches/SA-10:03/zfs712.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:03/zfs712.patch.asc
+
+[FreeBSD 8.0]
+# fetch http://security.FreeBSD.org/patches/SA-10:03/zfs.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:03/zfs.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) Examine the system and look for affected files.
+
+These files can be identified with the following command:
+
+# find / -perm -7777 -print0 | xargs -0 ls -ld
+
+The system administrator will have to correct these problems if there
+is any files with such permission modes.  For example:
+
+# find / -perm -7777 -print0 | xargs -0 chmod u=rwx,go=
+
+Will reset access mode bits to be readable, writable and executable
+by the owner only.  The system administrator should determine the
+appropriate mode bits wisely.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c 1.6.2.3
+RELENG_7_2
+  src/UPDATING                                             1.507.2.23.2.9
+  src/sys/conf/newvers.sh                                  1.72.2.11.2.10
+  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
+                                                              1.6.2.1.4.1
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.13
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.14
+  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
+                                                              1.6.2.1.2.1
+RELENG_8
+  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c 1.8.2.2
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.5
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.5
+  src/sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c 1.8.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r201679
+releng/7.2/                                                       r201679
+releng/7.1/                                                       r201679
+stable/8/                                                         r199266
+releng/8.0/                                                       r201679
+head/                                                             r199157
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-10:03.zfs.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQFLRRILFdaIBMps37IRAnI3AJ9ioK1Bbg++DpPYW/RX9wnujAeJxACff+Ph
+oEIfaiJ5y/DoGhklcAJdXTU=
+=JPje
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-10:04.jail.asc b/share/security/advisories/FreeBSD-SA-10:04.jail.asc
new file mode 100644
index 0000000000..505a74791d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-10:04.jail.asc
@@ -0,0 +1,137 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-10:04.jail                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Insufficient environment sanitization in jail(8)
+
+Category:       core
+Module:         jail
+Announced:      2010-05-27
+Credits:        Aaron D. Gifford
+Affects:        FreeBSD 8.0
+Corrected:      2010-05-27 03:15:04 UTC (RELENG_8, 8.1-PRERELEASE)
+                2010-05-27 03:15:04 UTC (RELENG_8_0, 8.0-RELEASE-p3)
+CVE Name:       CVE-2010-2022
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The jail(2) system call allows a system administrator to lock a process
+and all of its descendants inside an environment with a very limited
+ability to affect the system outside that environment, even for
+processes with superuser privileges.  It is an extension of, but
+far more powerful than, the traditional UNIX chroot(2) system call.
+
+By design, neither the chroot(2) nor the jail(2) system call modify
+existing open file descriptors of the calling process, in order to
+allow programmers to make fine grained access control and privilege
+separation.
+
+The jail(8) utility creates a new jail or modifies an existing jail,
+optionally imprisoning the current process (and future descendants)
+inside it.
+
+II.  Problem Description
+
+The jail(8) utility does not change the current working directory while
+imprisoning.  The current working directory can be accessed by its
+descendants.
+
+III. Impact
+
+Access to arbitrary files may be possible if an attacker managed to obtain
+the descriptor of the current working directory before the jail call.
+Such descriptor would be inherited by all descendants of the first process
+that starts the jail, unless an intermediate process changes the current
+working directory inside the jail.
+
+By default, the FreeBSD /etc/rc.d/jail script, which can be enabled
+using the jail_* rc.conf(5) variables, is not affected by this issue.
+This is due to the default jail flags ("-l -U root") used to start a
+jail as these flags will result in jail(8) performing a chdir(2) call.
+If the rc.conf(5) variables jail_flags or jail_<jname>_flags has been
+set, and do not include '-l -U root', the jails are affected by the
+vulnerability.
+
+IV.  Workaround
+
+Include the "-l -U root" arguments to the jail(8) command when
+starting the jail.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 8-STABLE, or to the RELENG_8_0
+security branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 8.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-10:04/jail.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:04/jail.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/jail
+# make obj && make depend && make && make install
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 8.0-RELEASE on the i386 or amd64 platforms can be
+updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_8
+  src/usr.sbin/jail/jail.c                                       1.33.2.2
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.6
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.6
+  src/usr.sbin/jail/jail.c                                   1.33.2.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r208586
+releng/8.0/                                                       r208586
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2022
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-10:04.jail.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEARECAAYFAkv95RAACgkQFdaIBMps37ImPgCfRS7pcslVSb89JluACMlg8ZBa
+PmAAn0jq693qHOXK+Z2ljpQdc+EpTTja
+=9o7h
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-10:05.opie.asc b/share/security/advisories/FreeBSD-SA-10:05.opie.asc
new file mode 100644
index 0000000000..97eb90e0c0
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-10:05.opie.asc
@@ -0,0 +1,166 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-10:05.opie                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OPIE off-by-one stack overflow
+
+Category:       contrib
+Module:         contrib_opie
+Announced:      2010-05-27
+Credits:        Maksymilian Arciemowicz and Adam Zabrocki
+Affects:        All supported versions of FreeBSD
+Corrected:      2010-05-27 03:15:04 UTC (RELENG_8, 8.1-PRERELEASE)
+                2010-05-27 03:15:04 UTC (RELENG_8_0, 8.0-RELEASE-p3)
+                2010-05-27 03:15:04 UTC (RELENG_7, 7.3-STABLE)
+                2010-05-27 03:15:04 UTC (RELENG_7_3, 7.3-RELEASE-p1)
+                2010-05-27 03:15:04 UTC (RELENG_7_2, 7.2-RELEASE-p8)
+                2010-05-27 03:15:04 UTC (RELENG_7_1, 7.1-RELEASE-p12)
+                2010-05-27 03:15:04 UTC (RELENG_6, 6.4-STABLE)
+                2010-05-27 03:15:04 UTC (RELENG_6_4, 6.4-RELEASE-p10)
+CVE Name:       CVE-2010-1938
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+OPIE is a one-time password system designed to help to secure a system
+against replay attacks.  It does so using a secure hash function and a
+challenge/response system.
+
+OPIE is enabled by default on FreeBSD.
+
+II.  Problem Description
+
+A programming error in the OPIE library could allow an off-by-one buffer
+overflow to write a single zero byte beyond the end of an on-stack buffer.
+
+III. Impact
+
+An attacker can remotely crash a service process which uses OPIE when
+stack protector is enabled.
+
+Note that this can happen even if OPIE is not enabled on the system,
+for instance the base system ftpd(8) is affected by this.  Depending
+on the design and usage of OPIE, this may either affect only the
+process that handles the user authentication, or cause a Denial of
+Service condition.
+
+It is possible but very unlikely that an attacker could exploit this to
+gain access to a system.
+
+IV.  Workaround
+
+No workaround is available, but systems without OPIE capable services
+running are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,
+or to the RELENG_8_0, RELENG_7_3, RELENG_7_2, RELENG_7_1, RELENG_6_4
+security branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 6.4,
+7.1, 7.2, 7.3, and 8.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-10:05/opie.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:05/opie.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libopie
+# make obj && make depend && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 6.4-RELEASE, 7.1-RELEASE, 7.2-RELEASE, 7.3-RELEASE or
+8.0-RELEASE on the i386 or amd64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/contrib/opie/libopie/readrec.c                         1.1.1.4.14.1
+RELENG_6_4
+  src/UPDATING                                            1.416.2.40.2.14
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.16
+  src/contrib/opie/libopie/readrec.c                         1.1.1.4.26.1
+RELENG_7
+  src/contrib/opie/libopie/readrec.c                              1.2.2.1
+RELENG_7_3
+  src/UPDATING                                             1.507.2.34.2.3
+  src/sys/conf/newvers.sh                                   1.72.2.16.2.5
+  src/contrib/opie/libopie/readrec.c                             1.2.12.2
+RELENG_7_2
+  src/UPDATING                                            1.507.2.23.2.11
+  src/sys/conf/newvers.sh                                  1.72.2.11.2.12
+  src/contrib/opie/libopie/readrec.c                              1.2.8.2
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.15
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.16
+  src/contrib/opie/libopie/readrec.c                              1.2.6.2
+RELENG_8
+  src/contrib/opie/libopie/readrec.c                             1.2.10.2
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.6
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.6
+  src/contrib/opie/libopie/readrec.c                         1.2.10.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r208586
+releng/6.4/                                                       r208586
+stable/7/                                                         r208586
+releng/7.3/                                                       r208586
+releng/7.2/                                                       r208586
+releng/7.1/                                                       r208586
+stable/8/                                                         r208586
+releng/8.0/                                                       r208586
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1938
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-10:05.opie.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEARECAAYFAkv+sTQACgkQFdaIBMps37IDOACfReDDYdDp06vHNNxoovTPeVv2
+ZBwAniPhGUNiWSa1hYFcW8RTIkJZNVcE
+=UFal
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-10:06.nfsclient.asc b/share/security/advisories/FreeBSD-SA-10:06.nfsclient.asc
new file mode 100644
index 0000000000..e4fe21311a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-10:06.nfsclient.asc
@@ -0,0 +1,159 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-10:06.nfsclient                                  Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Unvalidated input in nfsclient
+
+Category:       core
+Module:         nfsclient
+Announced:      2010-05-27
+Credits:        Patroklos Argyroudis
+Affects:        FreeBSD 7.2 and later.
+Corrected:      2010-05-27 03:15:04 UTC (RELENG_8, 8.1-PRERELEASE)
+                2010-05-27 03:15:04 UTC (RELENG_8_0, 8.0-RELEASE-p3)
+                2010-05-27 03:15:04 UTC (RELENG_7, 7.3-STABLE)
+                2010-05-27 03:15:04 UTC (RELENG_7_3, 7.3-RELEASE-p1)
+                2010-05-27 03:15:04 UTC (RELENG_7_2, 7.2-RELEASE-p8)
+CVE Name:       CVE-2010-2020
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The Network File System (NFS) allows a host to export some or all of its
+file systems so that other hosts can access them over the network and mount
+them as if they were on local disks.  FreeBSD includes server and client
+implementations of NFS.
+
+II.  Problem Description
+
+The NFS client subsystem fails to correctly validate the length of a
+parameter provided by the user when a filesystem is mounted.
+
+III. Impact
+
+A user who can mount filesystems can execute arbitrary code in the kernel.
+On systems where the non-default vfs.usermount feature has been enabled,
+unprivileged users may be able to gain superuser ("root") privileges.
+
+IV.  Workaround
+
+Do not allow untrusted users to mount filesystems.  To prevent unprivileged
+users from mounting filesystems, set the vfs.usermount sysctl variable to
+zero:
+
+# sysctl vfs.usermount=0
+
+Note that the default value of this variable is zero, i.e., FreeBSD is not
+affected by this vulnerability in its default configuration, and FreeBSD
+system administrators are strongly encouraged not to change this setting.
+
+V.   Solution
+
+NOTE WELL: Even with this fix allowing users to mount arbitrary media
+should not be considered safe.  Most of the file systems in FreeBSD were
+not built to protect safeguard against malicious devices.  While such bugs
+in file systems are fixed when found, a complete audit has not been
+perfomed on the file system code.
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the
+RELENG_8_0, RELENG_7_3, or RELENG_7_2 security branch dated after the
+correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.2, 7.3
+and 8.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-10:06/nfsclient.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:06/nfsclient.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.2-RELEASE, 7.3-RELEASE, or 8.0-RELEASE on the i386 or
+amd64 platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/nfsclient/nfs_vfsops.c                                1.193.2.7
+  src/lib/libc/sys/mount.2                                       1.45.2.1
+RELENG_7_3
+  src/UPDATING                                             1.507.2.34.2.3
+  src/sys/conf/newvers.sh                                   1.72.2.16.2.5
+  src/sys/nfsclient/nfs_vfsops.c                            1.193.2.5.4.2
+  src/lib/libc/sys/mount.2                                      1.45.12.2
+RELENG_7_2
+  src/UPDATING                                            1.507.2.23.2.11
+  src/sys/conf/newvers.sh                                  1.72.2.11.2.12
+  src/sys/nfsclient/nfs_vfsops.c                            1.193.2.5.2.2
+  src/lib/libc/sys/mount.2                                       1.45.8.2
+RELENG_8
+  src/sys/nfsclient/nfs_vfsops.c                                1.226.2.7
+  src/lib/libc/sys/mount.2                                      1.45.10.2
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.6
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.6
+  src/sys/nfsclient/nfs_vfsops.c                            1.226.2.2.2.2
+  src/lib/libc/sys/mount.2                                  1.45.10.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r208586
+releng/6.4/                                                       r208586
+stable/7/                                                         r208586
+releng/7.3/                                                       r208586
+releng/7.2/                                                       r208586
+releng/7.1/                                                       r208586
+stable/8/                                                         r208586
+releng/8.0/                                                       r208586
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2020
+
+http://census-labs.com/news/2010/05/26/freebsd-kernel-nfsclient/
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-10:06.nfsclient.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEARECAAYFAkv95SUACgkQFdaIBMps37Km5gCdG4RNPkwuDsx05w3CfwLd/aM1
+NusAn0dzFUcuGlMgNb9V43yUFVFa+NbX
+=zMAI
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-10:07.mbuf.asc b/share/security/advisories/FreeBSD-SA-10:07.mbuf.asc
new file mode 100644
index 0000000000..ed29c55bbe
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-10:07.mbuf.asc
@@ -0,0 +1,156 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-10:07.mbuf                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Lost mbuf flag resulting in data corruption
+
+Category:       core
+Module:         kern
+Announced:      2010-07-13
+Credits:        Ming Fu
+Affects:        FreeBSD 7.x and later.
+Corrected:      2010-07-13 02:45:17 UTC (RELENG_8, 8.1-PRERELEASE)
+                2010-07-13 02:45:17 UTC (RELENG_8_1, 8.1-RELEASE)
+                2010-07-13 02:45:17 UTC (RELENG_8_0, 8.0-RELEASE-p4)
+                2010-07-13 02:45:17 UTC (RELENG_7, 7.3-STABLE)
+                2010-07-13 02:45:17 UTC (RELENG_7_3, 7.3-RELEASE-p2)
+                2010-07-13 02:45:17 UTC (RELENG_7_1, 7.1-RELEASE-p13)
+CVE Name:       CVE-2010-2693
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+An mbuf is a basic unit of memory management in the FreeBSD kernel
+inter-process communication and networking subsystem.  Network packets
+and socket buffers are dependent on mbufs for their storage.
+
+Data can be embedded directly in mbufs, or mbufs can instead reference
+external buffers.  The sendfile(2) system call uses external mbuf storage
+to directly map the contents of a file into a chain of mbufs for
+transmission purposes.  The mbuf object supports a read-only flag that
+must be honored to prevent modification or writes to buffer data in
+cases like these.
+
+II.  Problem Description
+
+The read-only flag is not correctly copied when a mbuf buffer reference
+is duplicated.  When the sendfile(2) system call is used to transmit
+data over the loopback interface, this can result in the backing pages
+for the transmitted file being modified, causing data corruption.
+
+III. Impact
+
+This data corruption can be exploited by an local attacker to escalate
+their privilege by carefully controlling the corruption of system files.
+It should be noted that the attacker can corrupt any file they have read
+access to.
+
+NOTE: While systems without untrusted local users are not affected by
+the security aspects of this issue, the potential for data corruption
+implies that this should still be treated as a critical erratum.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the
+RELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch dated
+after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.1, 7.3,
+8.0 and 8.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-10:07/mbuf.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:07/mbuf.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.1-RELEASE, 7.3-RELEASE, or 8.0-RELEASE on the i386 or
+amd64 platforms can be updated via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+Now reboot the system.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/kern/uipc_mbuf.c                                      1.174.2.4
+RELENG_7_3
+  src/UPDATING                                             1.507.2.34.2.4
+  src/sys/conf/newvers.sh                                   1.72.2.16.2.6
+  src/sys/kern/uipc_mbuf.c                                  1.174.2.3.4.2
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.16
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.17
+  src/sys/kern/uipc_mbuf.c                                  1.174.2.2.2.2
+RELENG_8
+  src/sys/kern/uipc_mbuf.c                                      1.185.2.3
+RELENG_8_1
+  src/UPDATING                                             1.632.2.14.2.2
+  src/sys/conf/newvers.sh                                   1.83.2.10.2.4
+  src/sys/kern/uipc_mbuf.c                                  1.185.2.2.2.2
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.7
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.7
+  src/sys/kern/uipc_mbuf.c                                  1.185.2.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r209964
+releng/7.3/                                                       r209964
+releng/7.1/                                                       r209964
+stable/8/                                                         r209964
+releng/8.0/                                                       r209964
+releng/8.1/                                                       r209964
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2693
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-10:07.mbuf.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEARECAAYFAkw71A0ACgkQFdaIBMps37JOOACff8w8qvsgopj11FFAPQdwyPLB
+JEQAniRHbomY2hJVw5FmrdQv3SP+ZziI
+=Reds
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-10:08.bzip2.asc b/share/security/advisories/FreeBSD-SA-10:08.bzip2.asc
new file mode 100644
index 0000000000..cfc8ede202
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-10:08.bzip2.asc
@@ -0,0 +1,162 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-10:08.bzip2                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Integer overflow in bzip2 decompression
+
+Category:       contrib
+Module:         bzip2
+Announced:      2010-09-20
+Credits:        Mikolaj Izdebski
+Affects:        All supported versions of FreeBSD.
+Corrected:      2010-09-20 14:58:08 UTC (RELENG_8, 8.1-STABLE)
+                2010-09-20 14:58:08 UTC (RELENG_8_1, 8.1-RELEASE-p1)
+                2010-09-20 14:58:08 UTC (RELENG_8_0, 8.0-RELEASE-p5)
+                2010-09-20 14:58:08 UTC (RELENG_7, 7.3-STABLE)
+                2010-09-20 14:58:08 UTC (RELENG_7_3, 7.3-RELEASE-p3)
+                2010-09-20 14:58:08 UTC (RELENG_7_1, 7.1-RELEASE-p14)
+                2010-09-20 14:58:08 UTC (RELENG_6, 6.4-STABLE)
+                2010-09-20 14:58:08 UTC (RELENG_6_4, 6.4-RELEASE-p11)
+CVE Name:       CVE-2010-0405
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The bzip2/bunzip2 utilities and the libbz2 library compress and decompress
+files using an algorithm based on the Burrows-Wheeler transform.  They are
+generally slower than Lempel-Ziv compressors such as gzip, but usually
+provide a greater compression ratio.
+
+II.  Problem Description
+
+When decompressing data, the run-length encoded values are not adequately
+sanity-checked, allowing for an integer overflow.
+
+III. Impact
+
+An attacker who can cause maliciously chosen inputs to be decompressed can
+cause the decompressor to crash.  It is suspected that such an attacker
+can cause arbitrary code to be executed, but this is not known for certain.
+
+Note that some utilities, including the tar archiver and the bspatch
+binary patching utility (used in portsnap and freebsd-update) decompress
+bzip2-compressed data internally; system administrators should assume that
+their systems will at some point decompress bzip2-compressed data even if
+they never explicitly invoke the bunzip2 utility.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 6-STABLE, 7-STABLE or 8-STABLE,
+or to the RELENG_8_1, RELENG_8_0, RELENG_7_3, RELENG_7_1, or
+RELENG_6_4 security branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 6.4, 7.1,
+7.3, 8.0 and 8.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:08/bzip2.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libbz2
+# make obj && make depend && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 6.4-RELEASE, 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or
+8.1-RELEASE on the i386 or amd64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_6
+  src/contrib/bzip2/decompress.c                              1.1.1.3.2.3
+RELENG_6_4
+  src/UPDATING                                            1.416.2.40.2.15
+  src/sys/conf/newvers.sh                                  1.69.2.18.2.17
+  src/contrib/bzip2/decompress.c                          1.1.1.3.2.2.2.1
+RELENG_7
+  src/contrib/bzip2/decompress.c                              1.1.1.4.2.2
+RELENG_7_3
+  src/UPDATING                                             1.507.2.34.2.5
+  src/sys/conf/newvers.sh                                   1.72.2.16.2.7
+  src/contrib/bzip2/decompress.c                          1.1.1.4.2.1.6.1
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.17
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.18
+  src/contrib/bzip2/decompress.c                          1.1.1.4.2.1.2.1
+RELENG_8
+  src/contrib/bzip2/decompress.c                              1.1.1.5.2.1
+RELENG_8_1
+  src/UPDATING                                             1.632.2.14.2.4
+  src/sys/conf/newvers.sh                                   1.83.2.10.2.5
+  src/contrib/bzip2/decompress.c                              1.1.1.5.6.1
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.8
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.8
+  src/contrib/bzip2/decompress.c                              1.1.1.5.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/6/                                                         r212901
+releng/6.4/                                                       r212901
+stable/7/                                                         r212901
+releng/7.3/                                                       r212901
+releng/7.1/                                                       r212901
+stable/8/                                                         r212901
+releng/8.0/                                                       r212901
+releng/8.1/                                                       r212901
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-10:08.bzip2.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEARECAAYFAkyXd3QACgkQFdaIBMps37JekgCfcYbIYtG1ZXKsfrFC8RKNl8uV
+PhsAniSinLogV/Nfj67AcPnoKoyhrXY2
+=Qop+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-10:09.pseudofs.asc b/share/security/advisories/FreeBSD-SA-10:09.pseudofs.asc
new file mode 100644
index 0000000000..55fa79fa45
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-10:09.pseudofs.asc
@@ -0,0 +1,134 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-10:09.pseudofs                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Spurious mutex unlock
+
+Category:       core
+Module:         pseudofs
+Announced:      2010-11-10
+Credits:        Przemyslaw Frasunek
+Affects:        FreeBSD 7.x prior to 7.3-RELEASE, 8.x prior to 8.0-RC1
+Corrected:      2009-09-05 13:10:54 UTC (RELENG_8, 8.0-RC1)
+                2009-09-05 13:31:16 UTC (RELENG_7, 7.2-STABLE)
+                2010-11-10 23:36:13 UTC (RELENG_7_1, 7.1-RELEASE-p15)
+CVE Name:       CVE-2010-4210
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+pseudofs offers an abstract API for pseudo file systems which is utilized by
+procfs(5) and linprocfs(5).  It provides generic file system services such
+as ACLs, extended attributes which interface with VFS and which are otherwise
+onerous to implement.  This enables pseudo file system authors to add this
+functionality to their file systems with minimal effort.
+
+II.  Problem Description
+
+The pfs_getextattr(9) function, used by pseudofs for handling extended
+attributes, attempts to unlock a mutex which was not previously locked.
+
+III. Impact
+
+On systems where a pseudofs-using filesystem is mounted and NULL page
+mapping is allowed, an attacker can overwrite arbitrary memory locations
+in the kernel with zero, and in certain cases execute arbitrary code in
+the context of the kernel.
+
+On systems which do not allow NULL page mapping, an attacker can cause the
+FreeBSD kernel to panic.
+
+IV.  Workaround
+
+Exploiting this vulnerability requires that the adversary can open a file
+on a file system which uses pseudofs.  This includes procfs(5) or 
+linprocfs(5).  Un-mounting these file systems will mitigate the risk
+associated with this vulnerability.
+
+Providing that the patch associated with the FreeBSD-EN-09:05.null errata
+notice has been applied, setting the security.bsd.map_at_zero sysctl to 0
+will prevent arbitrary code execution (but a kernel panic will still be
+possible).
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the
+RELENG_7_1 security branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patch has been verified to apply to FreeBSD 7.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-10:09/pseudofs.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:09/pseudofs.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.1-RELEASE on the i386 or amd64 platforms can be updated
+via the freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/fs/pseudofs/pseudofs_vnops.c                           1.65.2.6
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.17
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.18
+  src/sys/fs/pseudofs/pseudofs_vnops.c                           1.65.6.2
+RELENG_8
+  src/sys/fs/pseudofs/pseudofs_vnops.c                           1.79.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r196860
+releng/7.1/                                                       r205103
+stable/8/                                                         r196859
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4210
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-10:09.pseudofs.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEARECAAYFAkzbLQ0ACgkQFdaIBMps37JDAgCeMM8ohrCVs0bfTOIMAnK4Hlxc
+o90An3z5EH6uYuF7Bbt7BUIVQaPgxnhR
+=+88k
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-10:10.openssl.asc b/share/security/advisories/FreeBSD-SA-10:10.openssl.asc
new file mode 100644
index 0000000000..f4ddb04168
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-10:10.openssl.asc
@@ -0,0 +1,168 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-10:10.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSL multiple vulnerabilities
+
+Category:       contrib
+Module:         openssl
+Announced:      2010-11-29
+Credits:        Georgi Guninski, Rob Hulswit
+Affects:        FreeBSD 7.0 and later
+Corrected:      2010-11-26 22:50:58 UTC (RELENG_8, 8.1-STABLE)
+                2010-11-29 20:43:06 UTC (RELENG_8_1, 8.1-RELEASE-p2)
+                2010-11-29 20:43:06 UTC (RELENG_8_0, 8.0-RELEASE-p6)
+                2010-11-28 13:45:51 UTC (RELENG_7, 7.3-STABLE)
+                2010-11-29 20:43:06 UTC (RELENG_7_3, 7.3-RELEASE-p4)
+                2010-11-29 20:43:06 UTC (RELENG_7_1, 7.1-RELEASE-p16)
+CVE Name:       CVE-2010-2939, CVE-2010-3864
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+A race condition exists in the OpenSSL TLS server extension code
+parsing when used in a multi-threaded application, which uses
+OpenSSL's internal caching mechanism.  The race condition can lead to
+a buffer overflow. [CVE-2010-3864]
+
+A double free exists in the SSL client ECDH handling code, when
+processing specially crafted public keys with invalid prime
+numbers. [CVE-2010-2939]
+
+III. Impact
+
+For affected server applications, an attacker may be able to utilize
+the buffer overflow to crash the application or potentially run
+arbitrary code with the privileges of the application. [CVE-2010-3864].
+
+It may be possible to cause a DoS or potentially execute arbitrary in
+the context of the user connection to a malicious SSL server.
+[CVE-2010-2939]
+
+IV.  Workaround
+
+No workaround is available, but CVE-2010-3864 only affects FreeBSD 8.0
+and later.
+
+It should also be noted that CVE-2010-3864 affects neither the Apache
+HTTP server nor Stunnel.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the
+RELENG_8_1, RELENG_8_0, RELENG_7_3, or RELENG_7_1 security branch
+dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.1, 7.3,
+8.0 and 8.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 7.x]
+# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl7.patch.asc
+
+[FreeBSD 8.x]
+# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch
+# fetch http://security.FreeBSD.org/patches/SA-10:10/openssl.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/secure/lib/libssl
+# make obj && make depend && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.1-RELEASE, 7.3-RELEASE, 8.0-RELEASE or 8.1-RELEASE
+on the i386 or amd64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7_3
+  src/UPDATING                                             1.507.2.34.2.6
+  src/sys/conf/newvers.sh                                   1.72.2.16.2.8
+  src/crypto/openssl/ssl/s3_clnt.c                       1.1.1.14.2.1.4.1
+RELENG_7_1
+  src/UPDATING                                            1.507.2.13.2.19
+  src/sys/conf/newvers.sh                                   1.72.2.9.2.20
+  src/crypto/openssl/ssl/s3_clnt.c                           1.1.1.14.6.2
+RELENG_8_1
+  src/UPDATING                                             1.632.2.14.2.5
+  src/sys/conf/newvers.sh                                   1.83.2.10.2.6
+  src/crypto/openssl/ssl/s3_clnt.c                            1.3.2.1.2.1
+  src/crypto/openssl/ssl/t1_lib.c                             1.2.2.1.2.1
+RELENG_8_0
+  src/UPDATING                                              1.632.2.7.2.9
+  src/sys/conf/newvers.sh                                    1.83.2.6.2.9
+  src/crypto/openssl/ssl/s3_clnt.c                                1.3.4.1
+  src/crypto/openssl/ssl/t1_lib.c                                 1.2.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r215997
+releng/7.3/                                                       r216063
+releng/7.1/                                                       r216063
+stable/8/                                                         r215912
+releng/8.0/                                                       r216063
+releng/8.1/                                                       r216063
+- -------------------------------------------------------------------------
+
+VII. References
+
+https://bugzilla.redhat.com/show_bug.cgi?id=649304
+http://www.openssl.org/news/secadv_20101116.txt
+http://www.mail-archive.com/openssl-dev@openssl.org/msg28043.html
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2939
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3864
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-10:10.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9
+
+iEYEARECAAYFAkz0FdsACgkQFdaIBMps37JjAgCcC7NSDXR7P4d2y4XFF/Ce9sG1
+Bs8An36Pjplsfovx6Im/NCnVgHtVgj5x
+=xU/h
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-11:01.mountd.asc b/share/security/advisories/FreeBSD-SA-11:01.mountd.asc
new file mode 100644
index 0000000000..d4ca759c0e
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-11:01.mountd.asc
@@ -0,0 +1,150 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-11:01.mountd                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Network ACL mishandling in mountd(8)
+
+Category:       core
+Module:         mountd
+Announced:      2011-04-20
+Credits:        Ruslan Ermilov
+Affects:        All supported versions of FreeBSD
+Corrected:      2011-04-20 21:00:24 UTC (RELENG_7, 7.4-STABLE)
+                2011-04-20 21:00:24 UTC (RELENG_7_3, 7.3-RELEASE-p5)
+                2011-04-20 21:00:24 UTC (RELENG_7_4, 7.4-RELEASE-p1)
+                2011-04-20 21:00:24 UTC (RELENG_8, 8.2-STABLE)
+                2011-04-20 21:00:24 UTC (RELENG_8_1, 8.1-RELEASE-p3)
+                2011-04-20 21:00:24 UTC (RELENG_8_2, 8.2-RELEASE-p1)
+CVE Name:       CVE-2011-1739
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The mountd(8) daemon services NFS mount requests from other client
+machines.  When mountd is started, it loads the export host addresses
+and options into the kernel using the mount(2) system call.
+
+II.  Problem Description
+
+While parsing the exports(5) table, a network mask in the form of
+"-network=netname/prefixlength" results in an incorrect network mask
+being computed if the prefix length is not a multiple of 8.
+
+For example, specifying the ACL for an export as "-network 192.0.2.0/23"
+would result in a netmask of 255.255.127.0 being used instead of the
+correct netmask of 255.255.254.0.
+
+III. Impact
+
+When using a prefix length which is not multiple of 8, access would be
+granted to the wrong client systems.
+
+IV.  Workaround
+
+For IPv4-only systems, using the -netmask option instead of CIDR notion
+for -network circumvents this bug.
+
+A firewall such as pf(4) can (and probably should) be used to restrict
+access to the NFS server.
+
+Systems not providing NFS service, or using a prefix length which is a
+multiple of 8 in all ACLs, are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the
+RELENG_8_2, RELENG_8_1, RELENG_7_4, RELENG_7_3 security branch dated
+after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.3, 7.4,
+8.1 and 8.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-11:01/mountd.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:01/mountd.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.sbin/mountd
+# make obj && make depend && make && make install
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE or 8.2-RELEASE on
+the i386 or amd64 platforms can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/usr.sbin/mountd/mountd.c                                   1.94.2.3
+RELENG_7_4
+  src/UPDATING                                             1.507.2.36.2.3
+  src/sys/conf/newvers.sh                                   1.72.2.18.2.6
+  src/usr.sbin/mountd/mountd.c                               1.94.2.2.8.2
+RELENG_7_3
+  src/UPDATING                                             1.507.2.34.2.7
+  src/sys/conf/newvers.sh                                   1.72.2.16.2.9
+  src/usr.sbin/mountd/mountd.c                               1.94.2.2.6.2
+RELENG_8
+  src/usr.sbin/mountd/mountd.c                                  1.105.2.3
+RELENG_8_2
+  src/UPDATING                                             1.632.2.19.2.3
+  src/sys/conf/newvers.sh                                   1.83.2.12.2.6
+  src/usr.sbin/mountd/mountd.c                              1.105.2.2.4.2
+RELENG_8_1
+  src/UPDATING                                             1.632.2.14.2.6
+  src/sys/conf/newvers.sh                                   1.83.2.10.2.7
+  src/usr.sbin/mountd/mountd.c                              1.105.2.2.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r220901
+releng/7.3/                                                       r220901
+releng/7.4/                                                       r220901
+stable/8/                                                         r220901
+releng/8.1/                                                       r220901
+releng/8.2/                                                       r220901
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1739
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-11:01.mountd.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (FreeBSD)
+
+iEYEARECAAYFAk2vSjwACgkQFdaIBMps37J91ACfbj6PbStDVBISUx/jC8/3n0uS
++oUAnj9TdPvwezLnrej/XMahWlHQHK1N
+=Hv1Y
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-11:02.bind.asc b/share/security/advisories/FreeBSD-SA-11:02.bind.asc
new file mode 100644
index 0000000000..8c0c97e31d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-11:02.bind.asc
@@ -0,0 +1,152 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-11:02.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          BIND remote DoS with large RRSIG RRsets and negative caching
+
+Category:       contrib
+Module:         bind
+Announced:      2011-05-28
+Credits:        Frank Kloeker, Michael Sinatra.
+Affects:        All supported versions of FreeBSD.
+Corrected:      2011-05-28 00:58:19 UTC (RELENG_7, 7.4-STABLE)
+                2011-05-28 08:44:39 UTC (RELENG_7_3, 7.3-RELEASE-p6)
+                2011-05-28 08:44:39 UTC (RELENG_7_4, 7.4-RELEASE-p2)
+                2011-05-28 00:33:06 UTC (RELENG_8, 8.2-STABLE)
+                2011-05-28 08:44:39 UTC (RELENG_8_1, 8.1-RELEASE-p4)
+                2011-05-28 08:44:39 UTC (RELENG_8_2, 8.2-RELEASE-p2)
+CVE Name:       CVE-2011-1910
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+DNS Security Extensions (DNSSEC) provides data integrity, origin
+authentication and authenticated denial of existence to resolvers.
+
+II.  Problem Description
+
+Very large RRSIG RRsets included in a negative response can trigger
+an assertion failure that will crash named(8) due to an off-by-one error
+in a buffer size check.
+
+III. Impact
+
+If named(8) is being used as a recursive resolver, an attacker who
+controls a DNS zone being resolved can cause named(8) to crash,
+resulting in a denial of (DNS resolving) service.
+
+DNSSEC does not need to be enabled on the resolver for it to be
+vulnerable.
+
+IV.  Workaround
+
+No workaround is available, but systems not running the BIND DNS server
+or using it exclusively as an authoritative name server (i.e., not as a
+caching resolver) are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE,
+or to the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3
+security branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD
+7.3, 7.4, 8.1 and 8.2 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-11:02/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:02/bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+# /etc/rc.d/named restart
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.3-RELEASE, 7.4-RELEASE, 8.1-RELEASE, or 8.2-RELEASE
+on the i386 or amd64 platforms can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/contrib/bind9/lib/dns/ncache.c                          1.1.1.2.2.3
+RELENG_7_4
+  src/UPDATING                                             1.507.2.36.2.4
+  src/sys/conf/newvers.sh                                   1.72.2.18.2.7
+  src/contrib/bind9/lib/dns/ncache.c                      1.1.1.2.2.2.2.1
+RELENG_7_3
+  src/UPDATING                                             1.507.2.34.2.8
+  src/sys/conf/newvers.sh                                  1.72.2.16.2.10
+  src/contrib/bind9/lib/dns/ncache.c                         1.1.1.2.10.1
+RELENG_8
+  src/contrib/bind9/lib/dns/ncache.c                              1.2.2.4
+RELENG_8_2
+  src/UPDATING                                             1.632.2.19.2.4
+  src/sys/conf/newvers.sh                                   1.83.2.12.2.7
+  src/contrib/bind9/lib/dns/ncache.c                          1.2.2.2.2.1
+RELENG_8_1
+  src/UPDATING                                             1.632.2.14.2.7
+  src/sys/conf/newvers.sh                                   1.83.2.10.2.8
+  src/contrib/bind9/lib/dns/ncache.c                          1.2.2.1.2.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r222399
+releng/7.4/                                                       r222416
+releng/7.3/                                                       r222416
+stable/8/                                                         r222396
+releng/8.2/                                                       r222416
+releng/8.1/                                                       r222416
+head/                                                             r222395
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.isc.org/software/bind/advisories/cve-2011-1910
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1910
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-11:02.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9
+
+iEYEARECAAYFAk3gvuQACgkQFdaIBMps37L2iACgizZK4QS3rOaY0x7evMuyWIop
+OaoAn3Pku/9HCSUULC2xurSnGU3AtJcz
+=aG4/
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-11:03.bind.asc b/share/security/advisories/FreeBSD-SA-11:03.bind.asc
new file mode 100644
index 0000000000..7042b4dbb2
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-11:03.bind.asc
@@ -0,0 +1,86 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-11:03.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:    	Remote packet Denial of Service against named(8) servers
+
+Category:       contrib
+Module:         bind
+Announced:      2011-09-28
+Credits:        Roy Arends
+Affects:        8.2-STABLE after 2011-05-28 and prior to the correction date
+Corrected:      2011-07-06 00:50:54 UTC (RELENG_8, 8.2-STABLE)
+CVE Name:       CVE-2011-2464
+
+Note: This advisory concerns a vulnerability which existed only in
+the FreeBSD 8-STABLE branch and was fixed over two months prior to the
+date of this advisory.
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+II.  Problem Description
+
+A logic error in the BIND code causes the BIND daemon to accept bogus
+data, which could cause the daemon to crash.
+
+III. Impact
+
+An attacker able to send traffic to the BIND daemon can cause it to
+crash, resulting in a denial of service.
+
+IV.  Workaround
+
+No workaround is available, but systems not running the BIND name server
+are not affected.
+
+V.   Solution
+
+Upgrade your vulnerable system to 8-STABLE dated after the correction
+date.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_8
+  src/contrib/bind9/lib/dns/message.c                             1.3.2.3
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      
+Revision
+- -------------------------------------------------------------------------
+stable/8/                                                         r223815
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.isc.org/software/bind/advisories/cve-2011-2464
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-11:03.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEARECAAYFAk6C4CYACgkQFdaIBMps37LwQgCeIDVGsCWOLoVdmWogOOaPC1UG
+9G8AoJPlRbNmkEWMg7uoOYrvjWlRRdlK
+=aUvD
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-11:04.compress.asc b/share/security/advisories/FreeBSD-SA-11:04.compress.asc
new file mode 100644
index 0000000000..6763fd223e
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-11:04.compress.asc
@@ -0,0 +1,158 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-11:04.compress                                   Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Errors handling corrupt compress file in compress(1)
+                and gzip(1)
+
+Category:       core
+Module:         compress
+Announced:      2011-09-28
+Credits:        Tomas Hoger, Joerg Sonnenberger
+Affects:        All supported versions of FreeBSD.
+Corrected:      2011-09-28 08:47:17 UTC (RELENG_7, 7.4-STABLE)
+                2011-09-28 08:47:17 UTC (RELENG_7_4, 7.4-RELEASE-p3)
+                2011-09-28 08:47:17 UTC (RELENG_7_3, 7.3-RELEASE-p7)
+                2011-09-28 08:47:17 UTC (RELENG_8, 8.2-STABLE)
+                2011-09-28 08:47:17 UTC (RELENG_8_2, 8.2-RELEASE-p3)
+                2011-09-28 08:47:17 UTC (RELENG_8_1, 8.1-RELEASE-p5)
+                2011-09-28 08:47:17 UTC (RELENG_9, 9.0-RC1)
+CVE Name:       CVE-2011-2895
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The compress utility reduces the size of files using adaptive Lempel-Ziv
+coding, or LZW coding, a lossless data compression algorithm.
+
+Both compress(1) and gzip(1) uses code derived from 4.3BSD compress(1).
+
+II.  Problem Description
+
+The code used to decompress a file created by compress(1) does not do
+sufficient boundary checks on compressed code words, allowing reference
+beyond the decompression table, which may result in a stack overflow or
+an infinite loop when the decompressor encounters a corrupted file.
+
+III. Impact
+
+An attacker who can cause a corrupt archive of his choice to be parsed
+by uncompress(1) or gunzip(1), can cause these utilities to enter an
+infinite loop, to core dump, or possibly to execute arbitrary code
+provided by the attacker.
+
+IV.  Workaround
+
+No workaround is available, but systems not handling adaptive Lempel-Ziv
+compressed files (.Z) from untrusted source are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to
+the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security
+branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4, 7.3,
+8.2 and 8.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-11:04/compress.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:04/compress.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/usr.bin/compress
+# make obj && make depend && make && make install
+# cd /usr/src/usr.bin/gzip
+# make obj && make depend && make && make install
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
+the i386 or amd64 platforms can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/usr.bin/compress/zopen.c                                  1.12.10.1
+  src/usr.bin/gzip/zuncompress.c                                  1.1.4.3
+RELENG_7_4
+  src/UPDATING                                             1.507.2.36.2.5
+  src/sys/conf/newvers.sh                                   1.72.2.18.2.8
+  src/usr.bin/compress/zopen.c                                  1.12.26.2
+  src/usr.bin/gzip/zuncompress.c                              1.1.4.1.4.2
+RELENG_7_3
+  src/UPDATING                                             1.507.2.34.2.9
+  src/sys/conf/newvers.sh                                  1.72.2.16.2.11
+  src/usr.bin/compress/zopen.c                                  1.12.24.2
+  src/usr.bin/gzip/zuncompress.c                              1.1.4.1.2.2
+RELENG_8
+  src/usr.bin/compress/zopen.c                                  1.12.22.2
+  src/usr.bin/gzip/zuncompress.c                                  1.2.2.3
+RELENG_8_2
+  src/UPDATING                                             1.632.2.19.2.5
+  src/sys/conf/newvers.sh                                   1.83.2.12.2.8
+  src/usr.bin/compress/zopen.c                              1.12.22.1.6.2
+  src/usr.bin/gzip/zuncompress.c                              1.2.2.1.6.2
+RELENG_8_1
+  src/UPDATING                                             1.632.2.14.2.8
+  src/sys/conf/newvers.sh                                   1.83.2.10.2.9
+  src/usr.bin/compress/zopen.c                              1.12.22.1.4.2
+  src/usr.bin/gzip/zuncompress.c                              1.2.2.1.4.2
+RELENG_9
+  src/usr.bin/compress/zopen.c                                   1.16.2.2
+  src/usr.bin/gzip/zuncompress.c                                  1.4.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r225827
+releng/7.4/                                                       r225827
+releng/7.3/                                                       r225827
+stable/8/                                                         r225827
+releng/8.2/                                                       r225827
+releng/8.1/                                                       r225827
+stable/9/                                                         r225827
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2895
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-11:04.compress.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEARECAAYFAk6C4nIACgkQFdaIBMps37LymQCgmW2YYsSqvjxhiuHXt0bCcCgd
+K5YAnA0/Z8++C6TKtUJ5Bzogd80a9OEd
+=I+0k
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-11:05.unix.asc b/share/security/advisories/FreeBSD-SA-11:05.unix.asc
new file mode 100644
index 0000000000..17567fad68
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-11:05.unix.asc
@@ -0,0 +1,182 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-11:05.unix                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Buffer overflow in handling of UNIX socket addresses
+
+Category:       core
+Module:         kern
+Announced:      2011-09-28
+Credits:        Mateusz Guzik
+Affects:        All supported versions of FreeBSD.
+Corrected:      2011-10-04 19:07:38 UTC (RELENG_7, 7.4-STABLE)
+                2011-10-04 19:07:38 UTC (RELENG_7_4, 7.4-RELEASE-p4)
+                2011-10-04 19:07:38 UTC (RELENG_7_3, 7.3-RELEASE-p8)
+                2011-10-04 19:07:38 UTC (RELENG_8, 8.2-STABLE)
+                2011-10-04 19:07:38 UTC (RELENG_8_2, 8.2-RELEASE-p4)
+                2011-10-04 19:07:38 UTC (RELENG_8_1, 8.1-RELEASE-p6)
+                2011-10-04 19:07:38 UTC (RELENG_9, 9.0-RC1)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+0.   Revision History
+
+v1.0  2011-09-28 Initial release.
+v1.1  2011-10-04 Updated patch to add linux emulation bug fix.
+
+I.   Background
+
+UNIX-domain sockets, also known as "local" sockets, are a mechanism for
+interprocess communication.  They are similar to Internet sockets (and
+utilize the same system calls) but instead of relying on IP addresses
+and port numbers, UNIX-domain sockets have addresses in the local file
+system address space.
+
+FreeBSD contains "linux emulation" support via system call translation
+in order to make it possible to use certain linux applications without
+recompilation.
+
+II.  Problem Description
+
+When a UNIX-domain socket is attached to a location using the bind(2)
+system call, the length of the provided path is not validated.  Later,
+when this address was returned via other system calls, it is copied into
+a fixed-length buffer.
+
+Linux uses a larger socket address structure for UNIX-domain sockets
+than FreeBSD, and the FreeBSD's linux emulation code did not translate
+UNIX-domain socket addresses into the correct size of structure.
+
+III. Impact
+
+A local user can cause the FreeBSD kernel to panic.  It may also be
+possible to execute code with elevated privileges ("gain root"), escape
+from a jail, or to bypass security mechanisms in other ways.
+
+The patch provided with the initial version of this advisory exposed
+the pre-existing bug in FreeBSD's linux emulation code, resulting in
+attempts to use UNIX sockets from linux applications failing.  The most
+common instance where UNIX sockets were used by linux applications is
+in the context of the X windowing system, including the widely used
+linux "flash" web browser plugin.
+
+IV.  Workaround
+
+No workaround is available, but systems without untrusted local users
+are not vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to
+the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security
+branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patch has been verified to apply to FreeBSD 7.4, 7.3,
+8.2 and 8.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-11:05/unix2.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:05/unix2.patch.asc
+
+NOTE: The patch distributed at the time of the original advisory fixed
+the security vulnerability but exposed the pre-existing bug in the linux
+emulation subsystem.  Systems to which the original patch was applied
+should be patched with the following corrective patch, which contains
+only the additional changes required to fix the newly-exposed linux
+emulation bug:
+
+# fetch http://security.FreeBSD.org/patches/SA-11:05/unix-linux.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:05/unix-linux.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
+the i386 or amd64 platforms can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/kern/uipc_usrreq.c                                   1.206.2.13
+  src/sys/compat/linux/linux_socket.c                           1.74.2.15
+RELENG_7_4
+  src/UPDATING                                             1.507.2.36.2.5
+  src/sys/conf/newvers.sh                                   1.72.2.18.2.8
+  src/sys/kern/uipc_usrreq.c                               1.206.2.11.4.2
+  src/sys/compat/linux/linux_socket.c                       1.74.2.13.2.2
+RELENG_7_3
+  src/UPDATING                                             1.507.2.34.2.9
+  src/sys/conf/newvers.sh                                  1.72.2.16.2.11
+  src/sys/kern/uipc_usrreq.c                               1.206.2.11.2.2
+  src/sys/compat/linux/linux_socket.c                       1.74.2.12.2.2
+RELENG_8
+  src/sys/kern/uipc_usrreq.c                                    1.233.2.6
+  src/sys/compat/linux/linux_socket.c                           1.101.2.5
+RELENG_8_2
+  src/UPDATING                                             1.632.2.19.2.5
+  src/sys/conf/newvers.sh                                   1.83.2.12.2.8
+  src/sys/kern/uipc_usrreq.c                                1.233.2.2.2.2
+  src/sys/compat/linux/linux_socket.c                       1.101.2.3.4.2
+RELENG_8_1
+  src/UPDATING                                             1.632.2.14.2.8
+  src/sys/conf/newvers.sh                                   1.83.2.10.2.9
+  src/sys/kern/uipc_usrreq.c                                1.233.2.1.4.2
+  src/sys/compat/linux/linux_socket.c                       1.101.2.3.2.2
+RELENG_9
+  src/sys/kern/uipc_usrreq.c                                    1.244.2.2
+  src/sys/compat/linux/linux_socket.c                           1.108.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r226023
+releng/7.4/                                                       r226023
+releng/7.3/                                                       r226023
+stable/8/                                                         r226023
+releng/8.2/                                                       r226023
+releng/8.1/                                                       r226023
+stable/9/                                                         r226023
+- -------------------------------------------------------------------------
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-11:05.unix.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEARECAAYFAk6LWp4ACgkQFdaIBMps37LlGQCgl5uCTA/QydDSsIuBR/TOxTRD
+Bg0AnjL43sOhR5yIp8xNAkMZxwfl3YiE
+=Df+l
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-11:06.bind.asc b/share/security/advisories/FreeBSD-SA-11:06.bind.asc
new file mode 100644
index 0000000000..a998899222
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-11:06.bind.asc
@@ -0,0 +1,181 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-11:06.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Remote packet Denial of Service against named(8) servers
+
+Category:       contrib
+Module:         bind
+Announced:      2011-12-23
+Affects:        All supported versions of FreeBSD.
+Corrected:      2011-11-17 01:10:16 UTC (RELENG_7, 7.4-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
+                2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
+                2011-11-17 00:36:10 UTC (RELENG_8, 8.2-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
+                2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
+                2011-12-01 21:13:41 UTC (RELENG_9, 9.0-STABLE)
+                2011-12-01 21:17:59 UTC (RELENG_9_0, 9.0-RC3)
+                2011-11-16 23:41:13 UTC (ports tree)
+CVE Name:       CVE-2011-4313
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+II.  Problem Description
+
+A remote attacker could cause the BIND resolver to cache an invalid
+record, which could cause the BIND daemon to crash when that record
+is being queried.
+
+III. Impact
+
+An attacker that is able to send an specifically crafted response to the
+BIND daemon can cause it to crash, resulting in a denial of service.
+
+Note that due to the nature of this vulnerability, the attacker does
+not necessarily have to have query access to the victim server.  The
+vulnerability can be triggered by tricking legitimate clients, for
+instance spam filtering systems or an end user browser, which can be
+made to the query on their behalf.
+
+IV.  Workaround
+
+No workaround is available, but systems not running the BIND resolving
+name server are not affected.
+
+Servers that are running in authoritative-only mode appear not to be
+affected by this vulnerability.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the
+RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security branch dated
+after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4, 7.3,
+8.2 and 8.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 7.3-RELEASE and 7.4-RELEASE]
+# fetch http://security.FreeBSD.org/patches/SA-11:06/bind7.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:06/bind7.patch.asc
+
+[FreeBSD 8.1-RELEASE and 8.2-RELEASE]
+# fetch http://security.FreeBSD.org/patches/SA-11:06/bind8.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:06/bind8.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind/
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
+the i386 or amd64 platforms can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+4) Install and run BIND from the Ports Collection after the correction
+date.  The following versions and newer versions of BIND installed from
+the Ports Collection already have the mitigation measure:
+
+        bind96-9.6.3.1.ESV.R5.1
+        bind97-9.7.4.1
+        bind98-9.8.1.1
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/contrib/bind9/lib/dns/rbtdb.c                           1.1.1.4.2.9
+  src/contrib/bind9/bin/named/query.c                         1.1.1.6.2.8
+RELENG_7_4
+  src/UPDATING                                             1.507.2.36.2.7
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.10
+  src/contrib/bind9/lib/dns/rbtdb.c                       1.1.1.4.2.6.2.1
+  src/contrib/bind9/bin/named/query.c                     1.1.1.6.2.6.2.1
+RELENG_7_3
+  src/UPDATING                                            1.507.2.34.2.11
+  src/sys/conf/newvers.sh                                  1.72.2.16.2.13
+  src/contrib/bind9/lib/dns/rbtdb.c                       1.1.1.4.2.3.2.2
+  src/contrib/bind9/bin/named/query.c                     1.1.1.6.2.3.2.2
+RELENG_8
+  src/contrib/bind9/lib/dns/rbtdb.c                               1.3.2.9
+  src/contrib/bind9/bin/named/query.c                             1.3.2.8
+RELENG_8_2
+  src/UPDATING                                             1.632.2.19.2.7
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.10
+  src/contrib/bind9/lib/dns/rbtdb.c                           1.3.2.5.2.1
+  src/contrib/bind9/bin/named/query.c                         1.3.2.5.2.1
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.10
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.11
+  src/contrib/bind9/lib/dns/rbtdb.c                           1.3.2.3.2.1
+  src/contrib/bind9/bin/named/query.c                         1.3.2.3.2.1
+RELENG_9
+  src/contrib/bind9/lib/dns/rbtdb.c                              1.13.2.1
+  src/contrib/bind9/bin/named/query.c                            1.11.2.1
+RELENG_9_0
+  src/contrib/bind9/lib/dns/rbtdb.c                              1.13.4.1
+  src/contrib/bind9/bin/named/query.c                            1.11.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r227603
+releng/7.4/                                                       r228843
+releng/7.3/                                                       r228843
+stable/8/                                                         r227599
+releng/8.2/                                                       r228843
+releng/8.1/                                                       r228843
+stable/9/                                                         r228189
+releng/9.0/                                                       r228190
+- -------------------------------------------------------------------------
+
+VII. References
+
+https://www.isc.org/software/bind/advisories/cve-2011-4313
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4313
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-11:06.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEARECAAYFAk70nOoACgkQFdaIBMps37K18wCeLYPkREXJsMXYdzt+guRFcPZR
+VY4AoII3kmCzRX/gYRmPW7lwGqWIgwlM
+=wMSJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-11:07.chroot.asc b/share/security/advisories/FreeBSD-SA-11:07.chroot.asc
new file mode 100644
index 0000000000..30f775710b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-11:07.chroot.asc
@@ -0,0 +1,232 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-11:07.chroot                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Code execution via chrooted ftpd
+
+Category:       core
+Module:         libc
+Announced:      2011-12-23
+Affects:        All supported versions of FreeBSD.
+Corrected:      2011-12-23 15:00:37 UTC (RELENG_7, 7.4-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
+                2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
+                2011-12-23 15:00:37 UTC (RELENG_8, 8.2-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
+                2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
+                2011-12-23 15:00:37 UTC (RELENG_9, 9.0-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_9_0, 9.0-RELEASE)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+Chroot is an operation that changes the apparent root directory for the
+current process and its children.  The chroot(2) system call is widely
+used in many applications as a measure of limiting a process's access to
+the file system, as part of implementing privilege separation.
+
+The nsdispatch(3) API implementation has a feature to reload its
+configuration on demand.  This feature may also load shared libraries
+and run code provided by the library when requested by the configuration
+file.
+
+II.  Problem Description
+
+The nsdispatch(3) API has no mechanism to alert it to whether it is
+operating within a chroot environment in which the standard paths for
+configuration files and shared libraries may be untrustworthy.
+
+The FreeBSD ftpd(8) daemon can be configured to use chroot(2), and
+also uses the nsdispatch(3) API.
+
+III. Impact
+
+If ftpd is configured to place a user in a chroot environment, then an
+attacker who can log in as that user may be able to run arbitrary code
+with elevated ("root") privileges.
+
+IV.  Workaround
+
+Don't use ftpd with the chroot option.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to
+the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security
+branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4, 7.3,
+8.2 and 8.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 7.3 and 7.4]
+# fetch http://security.FreeBSD.org/patches/SA-11:07/chroot7.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:07/chroot7.patch.asc
+
+[FreeBSD 8.1 and 8.2]
+# fetch http://security.FreeBSD.org/patches/SA-11:07/chroot8.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:07/chroot8.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
+the i386 or amd64 platforms can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+4) This update adds a new API, __FreeBSD_libc_enter_restricted_mode()
+to the C library, which completely disables loading of shared libraries
+upon return.  Applications doing chroot(2) jails need to be updated
+to call this API explicitly right after the chroot(2) operation as a
+safety measure.
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/include/unistd.h                                           1.80.2.4
+  src/lib/libc/include/libc_private.h                            1.17.2.4
+  src/lib/libc/Versions.def                                       1.3.2.3
+  src/lib/libc/net/nsdispatch.c                                  1.14.2.3
+  src/lib/libc/gen/Symbol.map                                     1.6.2.7
+  src/lib/libc/gen/Makefile.inc                                 1.128.2.6
+  src/lib/libc/gen/libc_dlopen.c                                  1.2.2.2
+  src/libexec/ftpd/popen.c                                      1.26.10.2
+  src/libexec/ftpd/ftpd.c                                       1.212.2.2
+RELENG_7_4
+  src/UPDATING                                             1.507.2.36.2.7
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.10
+  src/include/unistd.h                                       1.80.2.3.4.2
+  src/lib/libc/include/libc_private.h                        1.17.2.3.4.2
+  src/lib/libc/Versions.def                                   1.3.2.2.4.2
+  src/lib/libc/net/nsdispatch.c                              1.14.2.2.2.2
+  src/lib/libc/gen/Symbol.map                                 1.6.2.6.4.2
+  src/lib/libc/gen/Makefile.inc                             1.128.2.5.4.2
+  src/lib/libc/gen/libc_dlopen.c                                  1.2.4.2
+  src/libexec/ftpd/popen.c                                  1.26.10.1.2.2
+  src/libexec/ftpd/ftpd.c                                   1.212.2.1.6.2
+RELENG_7_3
+  src/UPDATING                                            1.507.2.34.2.11
+  src/sys/conf/newvers.sh                                  1.72.2.16.2.13
+  src/include/unistd.h                                       1.80.2.3.2.2
+  src/lib/libc/include/libc_private.h                        1.17.2.3.2.2
+  src/lib/libc/Versions.def                                   1.3.2.2.2.2
+  src/lib/libc/net/nsdispatch.c                              1.14.2.1.6.2
+  src/lib/libc/gen/Symbol.map                                 1.6.2.6.2.2
+  src/lib/libc/gen/Makefile.inc                             1.128.2.5.2.2
+  src/lib/libc/gen/libc_dlopen.c                                  1.1.2.1
+  src/libexec/ftpd/popen.c                                      1.26.24.2
+  src/libexec/ftpd/ftpd.c                                   1.212.2.1.4.2
+RELENG_8
+  src/include/unistd.h                                           1.95.2.2
+  src/lib/libc/include/libc_private.h                            1.20.2.3
+  src/lib/libc/Versions.def                                       1.8.2.3
+  src/lib/libc/net/nsdispatch.c                                  1.18.2.3
+  src/lib/libc/gen/Symbol.map                                    1.21.2.6
+  src/lib/libc/gen/Makefile.inc                                 1.144.2.7
+  src/lib/libc/gen/libc_dlopen.c                                  1.1.4.2
+  src/libexec/ftpd/popen.c                                      1.26.22.3
+  src/libexec/ftpd/ftpd.c                                       1.214.2.3
+RELENG_8_2
+  src/UPDATING                                             1.632.2.19.2.7
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.10
+  src/include/unistd.h                                       1.95.2.1.6.2
+  src/lib/libc/include/libc_private.h                        1.20.2.2.4.2
+  src/lib/libc/Versions.def                                   1.8.2.2.4.2
+  src/lib/libc/net/nsdispatch.c                              1.18.2.2.2.2
+  src/lib/libc/gen/Symbol.map                                1.21.2.5.2.2
+  src/lib/libc/gen/Makefile.inc                             1.144.2.6.2.2
+  src/lib/libc/gen/libc_dlopen.c                                  1.2.8.2
+  src/libexec/ftpd/popen.c                                  1.26.22.2.4.2
+  src/libexec/ftpd/ftpd.c                                   1.214.2.1.6.2
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.10
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.11
+  src/include/unistd.h                                       1.95.2.1.4.2
+  src/lib/libc/include/libc_private.h                        1.20.2.2.2.2
+  src/lib/libc/Versions.def                                   1.8.2.2.2.2
+  src/lib/libc/net/nsdispatch.c                              1.18.2.1.4.2
+  src/lib/libc/gen/Symbol.map                                1.21.2.3.2.2
+  src/lib/libc/gen/Makefile.inc                             1.144.2.4.2.2
+  src/lib/libc/gen/libc_dlopen.c                                 1.2.10.2
+  src/libexec/ftpd/popen.c                                  1.26.22.2.2.2
+  src/libexec/ftpd/ftpd.c                                   1.214.2.1.4.2
+RELENG_9
+  src/include/unistd.h                                          1.101.2.2
+  src/lib/libc/include/libc_private.h                            1.26.2.2
+  src/lib/libc/Versions.def                                       1.9.2.2
+  src/lib/libc/net/nsdispatch.c                                  1.19.2.2
+  src/lib/libc/gen/Symbol.map                                    1.38.2.2
+  src/lib/libc/gen/Makefile.inc                                 1.159.2.2
+  src/lib/libc/gen/libc_dlopen.c                                  1.1.6.2
+  src/lib/libc/iconv/citrus_module.c                              1.1.2.2
+  src/libexec/ftpd/popen.c                                       1.27.2.2
+  src/libexec/ftpd/ftpd.c                                       1.220.2.2
+RELENG_9_0
+  src/include/unistd.h                                      1.101.2.1.2.2
+  src/lib/libc/include/libc_private.h                        1.26.2.1.2.2
+  src/lib/libc/Versions.def                                   1.9.2.1.2.2
+  src/lib/libc/net/nsdispatch.c                              1.19.2.1.2.2
+  src/lib/libc/gen/Symbol.map                                1.38.2.1.2.2
+  src/lib/libc/gen/Makefile.inc                             1.159.2.1.2.2
+  src/lib/libc/gen/libc_dlopen.c                                  1.2.6.2
+  src/lib/libc/iconv/citrus_module.c                          1.1.2.1.2.2
+  src/libexec/ftpd/popen.c                                   1.27.2.1.2.2
+  src/libexec/ftpd/ftpd.c                                   1.220.2.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r228843
+releng/7.4/                                                       r228843
+releng/7.3/                                                       r228843
+stable/8/                                                         r228843
+releng/8.2/                                                       r228843
+releng/8.1/                                                       r228843
+stable/9/                                                         r228843
+releng/9.0/                                                       r228843
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-11:07.chroot.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEARECAAYFAk70nOoACgkQFdaIBMps37ILmgCgjVxRH+NsPpnXOVdwWmuxlSDp
+h9wAniE0tokORcqQlFJim5Pc1Z65ybwl
+=45yE
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-11:08.telnetd.asc b/share/security/advisories/FreeBSD-SA-11:08.telnetd.asc
new file mode 100644
index 0000000000..e5c837feca
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-11:08.telnetd.asc
@@ -0,0 +1,173 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-11:08.telnetd                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          telnetd code execution vulnerability
+
+Category:       core
+Module:         contrib
+Announced:      2011-12-23
+Affects:        All supported versions of FreeBSD.
+Corrected:      2011-12-23 15:00:37 UTC (RELENG_7, 7.4-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
+                2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
+                2011-12-23 15:00:37 UTC (RELENG_8, 8.2-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
+                2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
+                2011-12-23 15:00:37 UTC (RELENG_9, 9.0-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_9_0, 9.0-RELEASE)
+CVE Name:       CVE-2011-4862
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The FreeBSD telnet daemon, telnetd(8), implements the server side of the
+TELNET virtual terminal protocol.  It has been disabled by default in
+FreeBSD since August 2001, and due to the lack of cryptographic security
+in the TELNET protocol, it is strongly recommended that the SSH protocol
+be used instead.  The FreeBSD telnet daemon can be enabled via the
+/etc/inetd.conf configuration file and the inetd(8) daemon.
+
+The TELNET protocol has a mechanism for encryption of the data stream
+(but it is not cryptographically strong and should not be relied upon
+in any security-critical applications).
+
+II.  Problem Description
+
+When an encryption key is supplied via the TELNET protocol, its length
+is not validated before the key is copied into a fixed-size buffer.
+
+III. Impact
+
+An attacker who can connect to the telnetd daemon can execute arbitrary
+code with the privileges of the daemon (which is usually the "root"
+superuser).
+
+IV.  Workaround
+
+No workaround is available, but systems not running the telnet daemon
+are not vulnerable.
+
+Note that the telnet daemon is usually run via inetd, and consequently
+will not show up in a process listing unless a connection is currently
+active; to determine if it is enabled, run
+
+$ ps ax | grep telnetd | grep -v grep
+$ grep telnetd /etc/inetd.conf | grep -vE '^#'
+
+If any output is produced, your system may be vulnerable.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to the
+RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security branch dated
+after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4, 7.3,
+8.2, and 8.1  systems.
+
+a) Download the patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-11:08/telnetd.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:08/telnetd.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libtelnet
+# make obj && make depend && make && make install
+# cd /usr/src/libexec/telnetd
+# make obj && make depend && make && make install
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
+the i386 or amd64 platforms can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c         1.1.1.2.24.1
+  src/contrib/telnet/libtelnet/encrypt.c                         1.9.24.1
+RELENG_7_4
+  src/UPDATING                                             1.507.2.36.2.7
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.10
+  src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c         1.1.1.2.38.1
+  src/contrib/telnet/libtelnet/encrypt.c                         1.9.40.2
+RELENG_7_3
+  src/UPDATING                                            1.507.2.34.2.11
+  src/sys/conf/newvers.sh                                  1.72.2.16.2.13
+  src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c         1.1.1.2.36.1
+  src/contrib/telnet/libtelnet/encrypt.c                         1.9.38.2
+RELENG_8
+  src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c          1.1.1.3.2.1
+  src/contrib/telnet/libtelnet/encrypt.c                         1.9.36.2
+RELENG_8_2
+  src/UPDATING                                             1.632.2.19.2.7
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.10
+  src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c          1.1.1.3.8.1
+  src/contrib/telnet/libtelnet/encrypt.c                     1.9.36.1.6.2
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.10
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.11
+  src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c          1.1.1.3.6.1
+  src/contrib/telnet/libtelnet/encrypt.c                     1.9.36.1.4.2
+RELENG_9
+  src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c         1.1.1.3.10.1
+  src/contrib/telnet/libtelnet/encrypt.c                         1.9.42.2
+RELENG_9_0
+  src/crypto/heimdal/appl/telnet/libtelnet/encrypt.c         1.1.1.3.12.1
+  src/contrib/telnet/libtelnet/encrypt.c                     1.9.42.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r228843
+releng/7.4/                                                       r228843
+releng/7.3/                                                       r228843
+stable/8/                                                         r228843
+releng/8.2/                                                       r228843
+releng/8.1/                                                       r228843
+stable/9/                                                         r228843
+releng/9.0/                                                       r228843
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4862
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-11:08.telnetd.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEARECAAYFAk70nOoACgkQFdaIBMps37IYcwCfXn5aQTfQDe/AnS31JBg+BB1m
+HJMAmgOE5pUKTlFqLw5UBouMNFfUmu2u
+=dcyj
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-11:09.pam_ssh.asc b/share/security/advisories/FreeBSD-SA-11:09.pam_ssh.asc
new file mode 100644
index 0000000000..e093a80793
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-11:09.pam_ssh.asc
@@ -0,0 +1,185 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-11:09.pam_ssh                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          pam_ssh improperly grants access when user account has
+                unencrypted SSH private keys
+
+Category:       contrib
+Module:         pam
+Announced:      2011-12-23
+Credits:        Guy Helmer, Dag-Erling Smorgrav
+Affects:        All supported versions of FreeBSD.
+Corrected:      2011-12-11 20:40:23 UTC (RELENG_7, 7.4-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
+                2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
+                2011-12-11 20:38:36 UTC (RELENG_8, 8.2-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
+                2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
+                2011-12-11 16:57:27 UTC (RELENG_9, 9.0-STABLE)
+                2011-12-11 17:32:37 UTC (RELENG_9_0, 9.0-RELEASE)
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The PAM (Pluggable Authentication Modules) library provides a flexible
+framework for user authentication and session setup / teardown.  It is
+used not only in the base system, but also by a large number of
+third-party applications.
+
+Various authentication methods (UNIX, LDAP, Kerberos etc.) are
+implemented in modules which are loaded and executed according to
+predefined, named policies.  These policies are defined in
+/etc/pam.conf, /etc/pam.d/<policy name>, /usr/local/etc/pam.conf or
+/usr/local/etc/pam.d/<policy name>.
+
+The base system includes a module named pam_ssh which, if enabled,
+allows users to authenticate themselves by typing in the passphrase of
+one of the SSH private keys which are stored in encrypted form in the
+their .ssh directory.  Authentication is considered successful if at
+least one of these keys could be decrypted using the provided
+passphrase.
+
+By default, the pam_ssh module rejects SSH private keys with no
+passphrase.  A "nullok" option exists to allow these keys.
+
+II.  Problem Description
+
+The OpenSSL library call used to decrypt private keys ignores the
+passphrase argument if the key is not encrypted.  Because the pam_ssh
+module only checks whether the passphrase provided by the user is
+null, users with unencrypted SSH private keys may successfully
+authenticate themselves by providing a dummy passphrase.
+
+III. Impact
+
+If the pam_ssh module is enabled, attackers may be able to gain access
+to user accounts which have unencrypted SSH private keys.
+
+IV.  Workaround
+
+No workaround is available, but systems that do not have the pam_ssh module
+enabled are not vulnerable.  The pam_ssh module is not enabled in any
+of the default policies provided in the base system.
+
+The system administrator can use the following procedure to inspect all
+PAM policy files to determine whether the pam_ssh module is enabled.
+If the following command produces any output, the system may be
+vulnerable:
+
+# egrep -r '^[^#].*\<pam_ssh\>' /etc/pam.* /usr/local/etc/pam.*
+
+The following command will disable the pam_ssh module in all PAM
+policies present in the system:
+
+# sed -i '' -e '/^[^#].*pam_ssh/s/^/#/' /etc/pam.conf /etc/pam.d/* \
+    /usr/local/etc/pam.conf /usr/local/etc/pam.d/*
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to
+the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security
+branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4, 7.3,
+8.2 and 8.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-11:09/pam_ssh.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:09/pam_ssh.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libpam/modules/pam_ssh
+# make obj && make depend && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
+the i386 or amd64 platforms can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/lib/libpam/modules/pam_ssh/pam_ssh.c                       1.44.2.2
+RELENG_7_4
+  src/UPDATING                                             1.507.2.36.2.7
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.10
+  src/lib/libpam/modules/pam_ssh/pam_ssh.c                   1.44.2.1.8.2
+RELENG_7_3
+  src/UPDATING                                            1.507.2.34.2.11
+  src/sys/conf/newvers.sh                                  1.72.2.16.2.13
+  src/lib/libpam/modules/pam_ssh/pam_ssh.c                   1.44.2.1.6.2
+RELENG_8
+  src/lib/libpam/modules/pam_ssh/pam_ssh.c                       1.45.2.3
+RELENG_8_2
+  src/UPDATING                                             1.632.2.19.2.7
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.10
+  src/lib/libpam/modules/pam_ssh/pam_ssh.c                   1.45.2.2.4.2
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.10
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.11
+  src/lib/libpam/modules/pam_ssh/pam_ssh.c                   1.45.2.2.2.2
+RELENG_9
+  src/lib/libpam/modules/pam_ssh/pam_ssh.c                       1.47.2.2
+RELENG_9_0
+  src/lib/libpam/modules/pam_ssh/pam_ssh.c                   1.47.2.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r228421
+releng/7.4/                                                       r228843
+releng/7.3/                                                       r228843
+stable/8/                                                         r228420
+releng/8.2/                                                       r228843
+releng/8.1/                                                       r228843
+stable/9/                                                         r228410
+releng/9.0/                                                       r228414
+- -------------------------------------------------------------------------
+
+VII. References
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-11:09.pam_ssh.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEARECAAYFAk70nOoACgkQFdaIBMps37JTSwCfS+bmWBxv5hote7Hrcl7VZjjk
+vKMAn116aLADxmdYsyZ5WdSrfFTRt3Xm
+=Y+ar
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-11:10.pam.asc b/share/security/advisories/FreeBSD-SA-11:10.pam.asc
new file mode 100644
index 0000000000..f4b16e796d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-11:10.pam.asc
@@ -0,0 +1,186 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-11:10.pam                                        Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          pam_start() does not validate service names
+
+Category:       contrib
+Module:         pam
+Announced:      2011-12-23
+Credits:        Matthias Drochner
+Affects:        All supported versions of FreeBSD.
+Corrected:      2011-12-13 13:03:11 UTC (RELENG_7, 7.4-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5)
+                2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9)
+                2011-12-13 13:02:52 UTC (RELENG_8, 8.2-STABLE)
+                2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5)
+                2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7)
+                2011-12-13 12:59:39 UTC (RELENG_9, 9.0-STABLE)
+                2011-12-13 13:02:31 UTC (RELENG_9_0, 9.0-RELEASE)
+CVE Name:       CVE-2011-4122
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The PAM (Pluggable Authentication Modules) library provides a flexible
+framework for user authentication and session setup / teardown.  It is
+used not only in the base system, but also by a large number of
+third-party applications.
+
+Various authentication methods (UNIX, LDAP, Kerberos etc.) are
+implemented in modules which are loaded and executed according to
+predefined, named policies.  These policies are defined in
+/etc/pam.conf, /etc/pam.d/<policy name>, /usr/local/etc/pam.conf or
+/usr/local/etc/pam.d/<policy name>.
+
+The PAM API is a de facto industry standard which has been implemented
+by several parties.  FreeBSD uses the OpenPAM implementation.
+
+II.  Problem Description
+
+Some third-party applications, including KDE's kcheckpass command,
+allow the user to specify the name of the policy on the command line.
+Since OpenPAM treats the policy name as a path relative to /etc/pam.d
+or /usr/local/etc/pam.d, users who are permitted to run such an
+application can craft their own policies and cause the application
+to load and execute their own modules.
+
+III. Impact
+
+If an application that runs with root privileges allows the user to
+specify the name of the PAM policy to load, users who are permitted to
+run that application will be able to execute arbitrary code with root
+privileges.
+
+There are no vulnerable applications in the base system.
+
+IV.  Workaround
+
+No workaround is available, but systems without untrusted users are
+not vulnerable.
+
+Inspect any third-party setuid / setgid binaries which use the PAM
+library and ascertain whether they allow the user to specify the
+policy name, then either change the binary's permissions to prevent
+its use or remove it altogether.
+
+The following command will output a non-zero number if a dynamically
+linked binary uses libpam:
+
+# ldd /usr/local/bin/suspicious_binary | grep -c libpam
+
+The following command will output a non-zero number if a statically
+linked binary uses libpam:
+
+# grep -acF "/etc/pam.d/" /usr/local/bin/suspicious_binary
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE or 8-STABLE, or to
+the RELENG_8_2, RELENG_8_1, RELENG_7_4, or RELENG_7_3 security
+branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4, 7.3,
+8.2 and 8.1 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-11:10/pam.patch
+# fetch http://security.FreeBSD.org/patches/SA-11:10/pam.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libpam
+# make obj && make depend && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 7.3-RELEASE, 8.2-RELEASE, or 8.1-RELEASE on
+the i386 or amd64 platforms can be updated via the freebsd-update(8)
+utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/contrib/openpam/lib/openpam_configure.c                1.1.1.7.20.2
+RELENG_7_4
+  src/UPDATING                                             1.507.2.36.2.7
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.10
+  src/contrib/openpam/lib/openpam_configure.c            1.1.1.7.20.1.8.1
+RELENG_7_3
+  src/UPDATING                                            1.507.2.34.2.11
+  src/sys/conf/newvers.sh                                  1.72.2.16.2.13
+  src/contrib/openpam/lib/openpam_configure.c            1.1.1.7.20.1.6.1
+RELENG_8
+  src/contrib/openpam/lib/openpam_configure.c                 1.1.1.8.2.1
+RELENG_8_2
+  src/UPDATING                                             1.632.2.19.2.7
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.10
+  src/contrib/openpam/lib/openpam_configure.c                 1.1.1.8.8.1
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.10
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.11
+  src/contrib/openpam/lib/openpam_configure.c                 1.1.1.8.6.1
+RELENG_9
+  src/contrib/openpam/lib/openpam_configure.c                1.1.1.8.10.1
+RELENG_9_0
+  src/contrib/openpam/lib/openpam_configure.c                1.1.1.8.12.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r228467
+releng/7.4/                                                       r228843
+releng/7.3/                                                       r228843
+stable/8/                                                         r228466
+releng/8.2/                                                       r228843
+releng/8.1/                                                       r228843
+stable/9/                                                         r228464
+releng/9.0/                                                       r228465
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4122
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-11:10.pam.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEARECAAYFAk70nOoACgkQFdaIBMps37KEWgCgiD/7EymFrnFueD7yyLiI3hLV
+lU4An2FUTQRJ0GakViobm9ejHdfmf2Vb
+=9COS
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-12:01.openssl.asc b/share/security/advisories/FreeBSD-SA-12:01.openssl.asc
new file mode 100644
index 0000000000..a6f6f32eda
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-12:01.openssl.asc
@@ -0,0 +1,320 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-12:01.openssl                                    Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          OpenSSL multiple vulnerabilities
+
+Category:       contrib
+Module:         openssl
+Announced:      2012-05-03
+Credits:        Adam Langley, George Kadianakis, Ben Laurie,
+                Ivan Nestlerode, Tavis Ormandy
+Affects:        All supported versions of FreeBSD.
+Corrected:      2012-05-30 12:01:28 UTC (RELENG_7, 7.4-STABLE)
+                2012-05-30 12:01:28 UTC (RELENG_7_4, 7.4-RELEASE-p8)
+                2012-05-30 12:01:28 UTC (RELENG_8, 8.3-STABLE)
+                2012-05-30 12:01:28 UTC (RELENG_8_3, 8.3-RELEASE-p2)
+                2012-05-30 12:01:28 UTC (RELENG_8_2, 8.2-RELEASE-p8)
+                2012-05-30 12:01:28 UTC (RELENG_8_1, 8.1-RELEASE-p10)
+                2012-05-30 12:01:28 UTC (RELENG_9, 9.0-STABLE)
+                2012-05-30 12:01:28 UTC (RELENG_9_0, 9.0-RELEASE-p2)
+CVE Name:       CVE-2011-4576, CVE-2011-4619, CVE-2011-4109,
+                CVE-2012-0884, CVE-2012-2110
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+0.   Revision History
+
+v1.0  2012-05-02 Initial release.
+v1.1  2012-05-30 Updated patch to add SGC and BUF_MEM_grow_clean(3) bug
+                 fixes.
+
+I.   Background
+
+FreeBSD includes software from the OpenSSL Project.  The OpenSSL Project is
+a collaborative effort to develop a robust, commercial-grade, full-featured
+Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3)
+and Transport Layer Security (TLS v1) protocols as well as a full-strength
+general purpose cryptography library.
+
+II.  Problem Description
+
+OpenSSL fails to clear the bytes used as block cipher padding in SSL 3.0
+records when operating as a client or a server that accept SSL 3.0
+handshakes.  As a result, in each record, up to 15 bytes of uninitialized
+memory may be sent, encrypted, to the SSL peer.  This could include
+sensitive contents of previously freed memory. [CVE-2011-4576]
+
+OpenSSL support for handshake restarts for server gated cryptography (SGC)
+can be used in a denial-of-service attack. [CVE-2011-4619]
+
+If an application uses OpenSSL's certificate policy checking when
+verifying X509 certificates, by enabling the X509_V_FLAG_POLICY_CHECK
+flag, a policy check failure can lead to a double-free. [CVE-2011-4109]
+
+A weakness in the OpenSSL PKCS #7 code can be exploited using
+Bleichenbacher's attack on PKCS #1 v1.5 RSA padding also known as the
+million message attack (MMA). [CVE-2012-0884]
+
+The asn1_d2i_read_bio() function, used by the d2i_*_bio and d2i_*_fp
+functions, in OpenSSL contains multiple integer errors that can cause
+memory corruption when parsing encoded ASN.1 data.  This error can occur
+on systems that parse untrusted ASN.1 data, such as X.509 certificates
+or RSA public keys. [CVE-2012-2110]
+
+III. Impact
+
+Sensitive contents of the previously freed memory can be exposed
+when communicating with a SSL 3.0 peer.  However, FreeBSD OpenSSL
+version does not support SSL_MODE_RELEASE_BUFFERS SSL mode and
+therefore have a single write buffer per connection.  That write buffer
+is partially filled with non-sensitive, handshake data at the beginning
+of the connection and, thereafter, only records which are longer than
+any previously sent record leak any non-encrypted data.  This, combined
+with the small number of bytes leaked per record, serves to limit to
+severity of this issue. [CVE-2011-4576]
+
+Denial of service can be caused in the OpenSSL server application
+supporting server gated cryptography by performing multiple handshake
+restarts. [CVE-2011-4619]
+
+The double-free, when an application performs X509 certificate policy
+checking, can lead to denial of service in that application.
+[CVE-2011-4109]
+
+A weakness in the OpenSSL PKCS #7 code can lead to a successful
+Bleichenbacher attack.  Only users of PKCS #7 decryption operations are
+affected.  A successful attack needs on average 2^20 messages. In
+practice only automated systems will be affected as humans will not be
+willing to process this many messages.  SSL/TLS applications are not
+affected. [CVE-2012-0884]
+
+The vulnerability in the asn1_d2i_read_bio() OpenSSL function can lead
+to a potentially exploitable attack via buffer overflow.  The SSL/TLS
+code in OpenSSL is not affected by this issue, nor are applications
+using the memory based ASN.1 functions.  There are no applications in
+FreeBSD base system affected by this issue, though some 3rd party
+consumers of these functions might be vulnerable when processing
+untrusted ASN.1 data.  [CVE-2012-2110]
+
+The patch provided with the initial version of this advisory introduced
+bug to the Server Gated Cryptography (SGC) handshake code, that could
+cause SGC handshake to fail for a legitimate client.  The updated patch
+also fixes the return error code in the BUF_MEM_grow_clean(3) function in the
+buffer size check code introduced by the CVE-2012-2110 fix.
+
+IV.  Workaround
+
+No workaround is available.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE or 9-STABLE,
+or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, RELENG_9_0
+security branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4, 8.3,
+8.2, 8.1, and 9.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl2.patch
+# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl2.patch.asc
+
+NOTE: The patch distributed at the time of the original advisory fixed
+the security vulnerability, but introduced a bug to the SGC handshake
+code that can cause the SGC handshake to fail for a legitimate client.
+Systems to which the original patch was applied should be patched with
+the following corrective patch, which contains only the additional
+changes required to fix the newly-introduced SGC handshake bug.  The
+updated patch also corrects an error code for an error check introduced
+in the original patch.
+
+# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl-sgc-fix.patch
+# fetch http://security.FreeBSD.org/patches/SA-12:01/openssl-sgc-fix.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile the operating system as described in
+<URL: http://www.freebsd.org/handbook/makeworld.html> and reboot the
+system.
+
+NOTE: Any third-party applications, including those installed from the
+FreeBSD ports collection, which are statically linked to libcrypto(3)
+should be recompiled in order to use the corrected code.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE or
+9.0-RELEASE on the i386 or amd64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/crypto/openssl/crypto/buffer/buffer.c                   1.1.1.4.2.3
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                 1.1.1.13.2.2
+  src/crypto/openssl/crypto/mem.c                             1.1.1.8.2.2
+  src/crypto/openssl/crypto/x509v3/pcy_map.c                  1.1.1.1.2.2
+  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.1.1.2.2.2
+  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                   1.1.1.3.2.1
+  src/crypto/openssl/ssl/ssl.h                               1.1.1.16.2.3
+  src/crypto/openssl/ssl/ssl_err.c                           1.1.1.11.2.3
+  src/crypto/openssl/ssl/s3_enc.c                            1.1.1.13.2.2
+  src/crypto/openssl/ssl/s3_srvr.c                           1.1.1.17.2.8
+  src/crypto/openssl/ssl/ssl3.h                               1.1.1.6.2.2
+RELENG_7_4
+  src/UPDATING                                            1.507.2.36.2.10
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.13
+  src/crypto/openssl/crypto/buffer/buffer.c               1.1.1.4.2.1.2.2
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c             1.1.1.13.2.1.2.1
+  src/crypto/openssl/crypto/mem.c                         1.1.1.8.2.1.2.1
+  src/crypto/openssl/crypto/x509v3/pcy_map.c              1.1.1.1.2.1.2.1
+  src/crypto/openssl/crypto/x509v3/pcy_tree.c             1.1.1.2.2.1.2.1
+  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.20.1
+  src/crypto/openssl/ssl/ssl.h                           1.1.1.16.2.2.2.1
+  src/crypto/openssl/ssl/ssl_err.c                       1.1.1.11.2.2.2.1
+  src/crypto/openssl/ssl/s3_enc.c                        1.1.1.13.2.1.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                       1.1.1.17.2.5.2.2
+  src/crypto/openssl/ssl/ssl3.h                           1.1.1.6.2.1.2.1
+RELENG_8
+  src/crypto/openssl/crypto/buffer/buffer.c                       1.2.2.2
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                1.1.1.13.10.2
+  src/crypto/openssl/crypto/mem.c                                 1.2.2.1
+  src/crypto/openssl/crypto/x509v3/pcy_map.c                      1.2.2.1
+  src/crypto/openssl/crypto/x509v3/pcy_tree.c                     1.2.2.2
+  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.10.1
+  src/crypto/openssl/ssl/ssl.h                                    1.2.2.2
+  src/crypto/openssl/ssl/ssl_err.c                                1.2.2.2
+  src/crypto/openssl/ssl/s3_enc.c                                 1.2.2.2
+  src/crypto/openssl/ssl/s3_srvr.c                                1.3.2.6
+  src/crypto/openssl/ssl/ssl3.h                                   1.2.2.2
+RELENG_8_3
+  src/UPDATING                                             1.632.2.26.2.4
+  src/sys/conf/newvers.sh                                   1.83.2.15.2.6
+  src/crypto/openssl/crypto/buffer/buffer.c                      1.2.14.2
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c            1.1.1.13.10.1.4.1
+  src/crypto/openssl/crypto/mem.c                                1.2.14.1
+  src/crypto/openssl/crypto/x509v3/pcy_map.c                     1.2.14.1
+  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.2.2.1.6.1
+  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.26.1
+  src/crypto/openssl/ssl/ssl.h                                1.2.2.1.6.1
+  src/crypto/openssl/ssl/ssl_err.c                            1.2.2.1.6.1
+  src/crypto/openssl/ssl/s3_enc.c                             1.2.2.1.4.1
+  src/crypto/openssl/ssl/s3_srvr.c                            1.3.2.4.2.2
+  src/crypto/openssl/ssl/ssl3.h                               1.2.2.1.6.1
+RELENG_8_2
+  src/UPDATING                                            1.632.2.19.2.10
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.13
+  src/crypto/openssl/crypto/buffer/buffer.c                       1.2.8.2
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c            1.1.1.13.10.1.2.1
+  src/crypto/openssl/crypto/mem.c                                 1.2.8.1
+  src/crypto/openssl/crypto/x509v3/pcy_map.c                      1.2.8.1
+  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.2.2.1.4.1
+  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.18.1
+  src/crypto/openssl/ssl/ssl.h                                1.2.2.1.4.1
+  src/crypto/openssl/ssl/ssl_err.c                            1.2.2.1.4.1
+  src/crypto/openssl/ssl/s3_enc.c                             1.2.2.1.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                            1.3.2.3.2.2
+  src/crypto/openssl/ssl/ssl3.h                               1.2.2.1.4.1
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.13
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.14
+  src/crypto/openssl/crypto/buffer/buffer.c                       1.2.6.2
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                1.1.1.13.16.1
+  src/crypto/openssl/crypto/mem.c                                 1.2.6.1
+  src/crypto/openssl/crypto/x509v3/pcy_map.c                      1.2.6.1
+  src/crypto/openssl/crypto/x509v3/pcy_tree.c                 1.2.2.1.2.1
+  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.16.1
+  src/crypto/openssl/ssl/ssl.h                                1.2.2.1.2.1
+  src/crypto/openssl/ssl/ssl_err.c                            1.2.2.1.2.1
+  src/crypto/openssl/ssl/s3_enc.c                                 1.2.6.1
+  src/crypto/openssl/ssl/s3_srvr.c                            1.3.2.2.2.2
+  src/crypto/openssl/ssl/ssl3.h                               1.2.2.1.2.1
+RELENG_9
+  src/crypto/openssl/crypto/buffer/buffer.c                      1.2.10.2
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                      1.2.2.1
+  src/crypto/openssl/crypto/mem.c                                1.2.10.1
+  src/crypto/openssl/crypto/x509v3/pcy_map.c                     1.2.10.1
+  src/crypto/openssl/crypto/x509v3/pcy_tree.c                     1.3.2.1
+  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.22.1
+  src/crypto/openssl/ssl/ssl.h                                    1.3.2.1
+  src/crypto/openssl/ssl/ssl_err.c                                1.3.2.1
+  src/crypto/openssl/ssl/s3_enc.c                                 1.3.2.1
+  src/crypto/openssl/ssl/s3_srvr.c                                1.7.2.2
+  src/crypto/openssl/ssl/ssl3.h                                   1.3.2.1
+RELENG_9_0
+  src/UPDATING                                              1.702.2.4.2.4
+  src/sys/conf/newvers.sh                                    1.95.2.4.2.6
+  src/crypto/openssl/crypto/buffer/buffer.c                      1.2.12.2
+  src/crypto/openssl/crypto/pkcs7/pk7_doit.c                      1.2.4.1
+  src/crypto/openssl/crypto/mem.c                                1.2.12.1
+  src/crypto/openssl/crypto/x509v3/pcy_map.c                     1.2.12.1
+  src/crypto/openssl/crypto/x509v3/pcy_tree.c                     1.3.4.1
+  src/crypto/openssl/crypto/asn1/a_d2i_fp.c                  1.1.1.3.24.1
+  src/crypto/openssl/ssl/ssl.h                                    1.3.4.1
+  src/crypto/openssl/ssl/ssl_err.c                                1.3.4.1
+  src/crypto/openssl/ssl/s3_enc.c                                 1.3.4.1
+  src/crypto/openssl/ssl/s3_srvr.c                                1.7.4.2
+  src/crypto/openssl/ssl/ssl3.h                                   1.3.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r236304
+releng/7.4/                                                       r236304
+stable/8/                                                         r236304
+releng/8.3/                                                       r236304
+releng/8.2/                                                       r236304
+releng/8.1/                                                       r236304
+stable/9/                                                         r236304
+releng/9.0/                                                       r236304
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://www.openssl.org/news/secadv_20120419.txt
+http://www.openssl.org/news/secadv_20120312.txt
+http://www.openssl.org/news/secadv_20120104.txt
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4576
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4619
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4109
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0884
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2110
+http://lists.openwall.net/full-disclosure/2012/04/19/4
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-12:01.openssl.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEARECAAYFAk/GEsMACgkQFdaIBMps37IOkwCgj6lSWidx+sk/C/seNNBmQfN8
+36sAn2OQg0TEYq9xPf8yd0hrPICuDyGK
+=T8ip
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-12:02.crypt.asc b/share/security/advisories/FreeBSD-SA-12:02.crypt.asc
new file mode 100644
index 0000000000..8ef7f56745
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-12:02.crypt.asc
@@ -0,0 +1,155 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-12:02.crypt                                      Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Incorrect crypt() hashing
+
+Category:       core
+Module:         libcrypt
+Announced:      2012-05-30
+Credits:        Rubin Xu, Joseph Bonneau, Donting Yu
+Affects:        All supported versions of FreeBSD.
+Corrected:      2012-05-30 12:01:28 UTC (RELENG_7, 7.4-STABLE)
+                2012-05-30 12:01:28 UTC (RELENG_7_4, 7.4-RELEASE-p8)
+                2012-05-30 12:01:28 UTC (RELENG_8, 8.3-STABLE)
+                2012-05-30 12:01:28 UTC (RELENG_8_3, 8.3-RELEASE-p2)
+                2012-05-30 12:01:28 UTC (RELENG_8_2, 8.2-RELEASE-p8)
+                2012-05-30 12:01:28 UTC (RELENG_8_1, 8.1-RELEASE-p10)
+                2012-05-30 12:01:28 UTC (RELENG_9, 9.0-STABLE)
+                2012-05-30 12:01:28 UTC (RELENG_9_0, 9.0-RELEASE-p2)
+CVE Name:       CVE-2012-2143
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+The crypt(3) function performs password hashing with additional code added
+to deter key search attempts.
+
+II.  Problem Description
+
+There is a programming error in the DES implementation used in crypt()
+when handling input which contains characters that can not be represented
+with 7-bit ASCII.
+
+III. Impact
+
+When the input contains characters with only the most significant bit set
+(0x80), that character and all characters after it will be ignored.
+
+IV.  Workaround
+
+No workaround is available, but systems not using crypt(), or which only
+use it to handle 7-bit ASCII are not vulnerable.  Note that, because
+DES does not have the computational complexity to defeat brute force
+search on modern computers, it is not recommended for new applications.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
+or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
+security branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4,
+8.3, 8.2, 8.1 and 9.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-12:02/crypt.patch
+# fetch http://security.FreeBSD.org/patches/SA-12:02/crypt.patch.asc
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/libcrypt
+# make obj && make depend && make && make install
+
+NOTE: On the amd64 platform, the above procedure will not update the
+lib32 (i386 compatibility) libraries.  On amd64 systems where the i386
+compatibility libraries are used, the operating system should instead
+be recompiled as described in
+<URL:http://www.FreeBSD.org/handbook/makeworld.html>
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
+or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/secure/lib/libcrypt/crypt-des.c                           1.16.24.1
+RELENG_7_4
+  src/UPDATING                                            1.507.2.36.2.10
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.13
+  src/secure/lib/libcrypt/crypt-des.c                           1.16.40.2
+RELENG_8
+  src/secure/lib/libcrypt/crypt-des.c                           1.16.36.2
+RELENG_8_3
+  src/UPDATING                                             1.632.2.26.2.4
+  src/sys/conf/newvers.sh                                   1.83.2.15.2.6
+  src/secure/lib/libcrypt/crypt-des.c                       1.16.36.1.8.2
+RELENG_8_2
+  src/UPDATING                                            1.632.2.19.2.10
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.13
+  src/secure/lib/libcrypt/crypt-des.c                       1.16.36.1.6.2
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.13
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.14
+  src/secure/lib/libcrypt/crypt-des.c                       1.16.36.1.4.2
+RELENG_9
+  src/secure/lib/libcrypt/crypt-des.c                           1.16.42.2
+RELENG_9_0
+  src/UPDATING                                              1.702.2.4.2.4
+  src/sys/conf/newvers.sh                                    1.95.2.4.2.6
+  src/secure/lib/libcrypt/crypt-des.c                       1.16.42.1.2.2
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r236304
+releng/7.4/                                                       r236304
+stable/8/                                                         r236304
+releng/8.3/                                                       r236304
+releng/8.2/                                                       r236304
+releng/8.1/                                                       r236304
+stable/9/                                                         r236304
+releng/9.0/                                                       r236304
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2143
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-12:02.crypt.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEARECAAYFAk/GEsoACgkQFdaIBMps37JSYQCfZGZceQY4D53qgR9JbI79ZNht
+/GIAnjnhxlCnF27cWOhqxkkTWM6f45IM
+=7CVu
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-12:03.bind.asc b/share/security/advisories/FreeBSD-SA-12:03.bind.asc
new file mode 100644
index 0000000000..fbef9f5ec3
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-12:03.bind.asc
@@ -0,0 +1,176 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-12:03.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Incorrect handling of zero-length RDATA fields in named(8)
+
+Category:       contrib
+Module:         bind
+Announced:      2012-06-12
+Credits:        Dan Luther, Jeffrey A. Spain
+Affects:        All supported versions of FreeBSD
+Corrected:      2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
+                2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
+                2012-06-04 22:21:55 UTC (RELENG_8, 8.3-STABLE)
+                2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
+                2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
+                2012-06-12 12:10:10 UTC (RELENG_8_1, 8.1-RELEASE-p11)
+                2012-06-04 22:14:33 UTC (RELENG_9, 9.0-STABLE)
+                2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
+CVE Name:       CVE-2012-1667
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+II.  Problem Description
+
+The named(8) server does not properly handle DNS resource records where
+the RDATA field is zero length, which may cause various issues for the
+servers handling them.
+
+III. Impact
+
+Resolving servers may crash or disclose some portion of memory to the
+client.  Authoritative servers may crash on restart after transferring a
+zone containing records with zero-length RDATA fields.  These would
+result in a denial of service, or leak of sensitive information.
+
+IV.  Workaround
+
+No workaround is available, but systems not running the BIND name
+server are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
+or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
+security branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4,
+8.3, 8.2, 8.1 and 9.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[FreeBSD 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, and 8.1-RELEASE]
+# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-12:03/bind.patch.asc
+
+[FreeBSD 9.0-RELEASE]
+# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch
+# fetch http://security.FreeBSD.org/patches/SA-12:03/bind-90.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind/
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
+or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+4) Install and run BIND from the Ports Collection after the correction
+date.  The following versions and newer versions of BIND installed from
+the Ports Collection are not affected by this vulnerability:
+
+        bind96-9.6.3.1.ESV.R7.1
+        bind97-9.7.6.1
+        bind98-9.8.3.1
+        bind99-9.9.1.1
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/contrib/bind9/lib/dns/rdata.c                           1.1.1.5.2.4
+  src/contrib/bind9/lib/dns/rdataslab.c                       1.1.1.2.2.5
+RELENG_7_4
+  src/UPDATING                                            1.507.2.36.2.11
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.14
+  src/contrib/bind9/lib/dns/rdata.c                       1.1.1.5.2.1.2.1
+  src/contrib/bind9/lib/dns/rdataslab.c                   1.1.1.2.2.3.2.1
+RELENG_8
+  src/contrib/bind9/lib/dns/rdata.c                               1.2.2.4
+  src/contrib/bind9/lib/dns/rdataslab.c                           1.2.2.5
+RELENG_8_3
+  src/UPDATING                                             1.632.2.26.2.5
+  src/sys/conf/newvers.sh                                   1.83.2.15.2.7
+  src/contrib/bind9/lib/dns/rdata.c                           1.2.2.2.2.1
+  src/contrib/bind9/lib/dns/rdataslab.c                       1.2.2.3.2.1
+RELENG_8_2
+  src/UPDATING                                            1.632.2.19.2.11
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.14
+  src/contrib/bind9/lib/dns/rdata.c                               1.2.8.1
+  src/contrib/bind9/lib/dns/rdataslab.c                       1.2.2.2.2.1
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.14
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.15
+  src/contrib/bind9/lib/dns/rdata.c                               1.2.6.1
+  src/contrib/bind9/lib/dns/rdataslab.c                       1.2.2.1.2.1
+RELENG_9
+  src/contrib/bind9/lib/dns/rdata.c                               1.5.2.2
+  src/contrib/bind9/lib/dns/rdataslab.c                           1.7.2.2
+RELENG_9_0
+  src/UPDATING                                              1.702.2.4.2.5
+  src/sys/conf/newvers.sh                                    1.95.2.4.2.7
+  src/contrib/bind9/lib/dns/rdata.c                               1.5.4.1
+  src/contrib/bind9/lib/dns/rdataslab.c                           1.7.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r236953
+releng/7.4/                                                       r236953
+stable/8/                                                         r236590
+releng/8.3/                                                       r236953
+releng/8.2/                                                       r236953
+releng/8.1/                                                       r236953
+stable/9/                                                         r236587
+releng/9.0/                                                       r236953
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1667
+http://www.isc.org/software/bind/advisories/cve-2012-1667
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-12:03.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEARECAAYFAk/XQGEACgkQFdaIBMps37LU+gCfcP1MdQy8s5gjNWJfW+BiP6oI
+CWkAnRZzIRxAKWgD2spPAuBu04S9ZQkA
+=aI2g
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-12:04.sysret.asc b/share/security/advisories/FreeBSD-SA-12:04.sysret.asc
new file mode 100644
index 0000000000..14a4d1263c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-12:04.sysret.asc
@@ -0,0 +1,177 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-12:04.sysret                                     Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          Privilege escalation when returning from kernel
+
+Category:       core
+Module:         sys_amd64
+Announced:      2012-06-12
+Credits:        Rafal Wojtczuk, John Baldwin
+Affects:        All supported versions of FreeBSD
+Corrected:      2012-06-12 12:10:10 UTC (RELENG_7, 7.4-STABLE)
+                2012-06-12 12:10:10 UTC (RELENG_7_4, 7.4-RELEASE-p9)
+                2012-06-12 12:10:10 UTC (RELENG_8, 8.3-STABLE)
+                2012-06-12 12:10:10 UTC (RELENG_8_3, 8.3-RELEASE-p3)
+                2012-06-12 12:10:10 UTC (RELENG_8_2, 8.2-RELEASE-p9)
+                2012-06-18 21:00:54 UTC (RELENG_8_1, 8.1-RELEASE-p12)
+                2012-06-12 12:10:10 UTC (RELENG_9, 9.0-STABLE)
+                2012-06-12 12:10:10 UTC (RELENG_9_0, 9.0-RELEASE-p3)
+CVE Name:       CVE-2012-0217
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+0.   Revision History
+
+v1.0  2012-06-12 Initial release.
+v1.1  2012-06-19 Corrected patch FreeBSD 8.1.
+
+I.   Background
+
+The FreeBSD operating system implements a rings model of security, where
+privileged operations are done in the kernel, and most applications
+request access to these operations by making a system call, which puts
+the CPU into the required privilege level and passes control to the
+kernel.
+
+II.  Problem Description
+
+FreeBSD/amd64 runs on CPUs from different vendors.  Due to varying
+behaviour of CPUs in 64 bit mode a sanity check of the kernel may be
+insufficient when returning from a system call.
+
+III. Impact
+
+Successful exploitation of the problem can lead to local kernel privilege
+escalation, kernel data corruption and/or crash.
+
+To exploit this vulnerability, an attacker must be able to run code with user
+privileges on the target system.
+
+IV.  Workaround
+
+No workaround is available.
+
+However FreeBSD/amd64 running on AMD CPUs is not vulnerable to this
+particular problem.
+
+Systems with 64 bit capable CPUs, but running the 32 bit FreeBSD/i386
+kernel are not vulnerable, nor are systems running on different
+processor architectures.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
+or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
+security branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4,
+8.3, 8.2, 8.1 and 9.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+[7.4, 8.3, 8.2, 9.0]
+# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch
+# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret.patch.asc
+
+[8.1]
+# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch
+# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81.patch.asc
+
+[8.1 if original sysret.patch has been applied]
+# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch
+# fetch http://security.FreeBSD.org/patches/SA-12:04/sysret-81-correction.patch.asc
+
+b) Apply the patch.
+
+# cd /usr/src
+# patch < /path/to/patch
+
+c) Recompile your kernel as described in
+<URL:http://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
+system.
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
+or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/sys/amd64/amd64/trap.c                                   1.319.2.14
+RELENG_7_4
+  src/UPDATING                                            1.507.2.36.2.11
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.14
+  src/sys/amd64/amd64/trap.c                               1.319.2.12.2.2
+RELENG_8
+  src/sys/amd64/amd64/trap.c                                   1.332.2.24
+RELENG_8_3
+  src/UPDATING                                             1.632.2.26.2.5
+  src/sys/conf/newvers.sh                                   1.83.2.15.2.7
+  src/sys/amd64/amd64/trap.c                               1.332.2.21.2.2
+RELENG_8_2
+  src/UPDATING                                            1.632.2.19.2.11
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.14
+  src/sys/amd64/amd64/trap.c                               1.332.2.14.2.2
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.15
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.16
+  src/sys/amd64/amd64/trap.c                               1.332.2.10.2.3
+RELENG_9
+  src/sys/amd64/amd64/trap.c                                    1.357.2.9
+RELENG_9_0
+  src/UPDATING                                              1.702.2.4.2.5
+  src/sys/conf/newvers.sh                                    1.95.2.4.2.7
+  src/sys/amd64/amd64/trap.c                                1.357.2.2.2.3
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r236953
+releng/7.4/                                                       r236953
+stable/8/                                                         r236953
+releng/8.3/                                                       r236953
+releng/8.2/                                                       r236953
+releng/8.1/                                                       r237242
+stable/9/                                                         r236953
+releng/9.0/                                                       r236953
+- -------------------------------------------------------------------------
+
+VII. References
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0217
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-12:04.sysret.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9
+
+iEYEARECAAYFAk/gjHQACgkQFdaIBMps37KutQCgkcp+lqFuJ3/fQKUemn80suW5
+u/wAn2VLxY5LoUPNsN2eUHYB4GMz0AHl
+=tQOk
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-12:05.bind.asc b/share/security/advisories/FreeBSD-SA-12:05.bind.asc
new file mode 100644
index 0000000000..7d23439592
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-12:05.bind.asc
@@ -0,0 +1,176 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SA-12:05.bind                                       Security Advisory
+                                                          The FreeBSD Project
+
+Topic:          named(8) DNSSEC validation Denial of Service
+
+Category:       contrib
+Module:         bind
+Announced:      2012-08-06
+Credits:        Einar Lonn of IIS.se
+Affects:        All supported versions of FreeBSD
+Corrected:      2012-08-06 21:33:11 UTC (RELENG_7, 7.4-STABLE)
+                2012-08-06 21:33:11 UTC (RELENG_7_4, 7.4-RELEASE-p10)
+                2012-07-24 19:04:35 UTC (RELENG_8, 8.3-STABLE)
+                2012-08-06 21:33:11 UTC (RELENG_8_3, 8.3-RELEASE-p4)
+                2012-08-06 21:33:11 UTC (RELENG_8_2, 8.2-RELEASE-p10)
+                2012-08-06 21:33:11 UTC (RELENG_8_1, 8.1-RELEASE-p13)
+                2012-07-24 22:32:03 UTC (RELENG_9, 9.1-PRERELEASE)
+                2012-08-06 21:33:11 UTC (RELENG_9_0, 9.0-RELEASE-p4)
+CVE Name:       CVE-2012-3817
+
+For general information regarding FreeBSD Security Advisories,
+including descriptions of the fields above, security branches, and the
+following sections, please visit <URL:http://security.FreeBSD.org/>.
+
+I.   Background
+
+BIND 9 is an implementation of the Domain Name System (DNS) protocols.
+The named(8) daemon is an Internet Domain Name Server.
+
+DNS Security Extensions (DNSSEC) provides data integrity, origin
+authentication and authenticated denial of existence to resolvers.
+
+II.  Problem Description
+
+BIND 9 stores a cache of query names that are known to be failing due
+to misconfigured name servers or a broken chain of trust.  Under high
+query loads, when DNSSEC validation is active, it is possible for a
+condition to arise in which data from this cache of failing queries
+could be used before it was fully initialized, triggering an assertion
+failure.
+
+III. Impact
+
+A remote attacker that is able to generate high volume of DNSSEC
+validation enabled queries can trigger the assertion failure that causes
+it to crash, resulting in a denial of service.
+
+IV.  Workaround
+
+No workaround is available, but systems not running the BIND resolving
+name server with dnssec-validation enabled are not affected.
+
+V.   Solution
+
+Perform one of the following:
+
+1) Upgrade your vulnerable system to 7-STABLE, 8-STABLE, or 9-STABLE,
+or to the RELENG_7_4, RELENG_8_3, RELENG_8_2, RELENG_8_1, or RELENG_9_0
+security branch dated after the correction date.
+
+2) To update your vulnerable system via a source code patch:
+
+The following patches have been verified to apply to FreeBSD 7.4,
+8.3, 8.2, 8.1 and 9.0 systems.
+
+a) Download the relevant patch from the location below, and verify the
+detached PGP signature using your PGP utility.
+
+# fetch http://security.FreeBSD.org/patches/SA-12:05/bind.patch
+# fetch http://security.FreeBSD.org/patches/SA-12:05/bind.patch.asc
+
+b) Execute the following commands as root:
+
+# cd /usr/src
+# patch < /path/to/patch
+# cd /usr/src/lib/bind/dns
+# make obj && make depend && make && make install
+# cd /usr/src/usr.sbin/named
+# make obj && make depend && make && make install
+
+3) To update your vulnerable system via a binary patch:
+
+Systems running 7.4-RELEASE, 8.3-RELEASE, 8.2-RELEASE, 8.1-RELEASE,
+or 9.0-RELEASE on the i386 or amd64 platforms can be updated via the
+freebsd-update(8) utility:
+
+# freebsd-update fetch
+# freebsd-update install
+
+4) Install and run BIND from the Ports Collection after the correction
+date.  The following versions and newer versions of BIND installed from
+the Ports Collection are not affected by this vulnerability:
+
+        bind96-9.6.3.1.ESV.R7.2
+        bind97-9.7.6.2
+        bind98-9.8.3.2
+        bind99-9.9.1.2
+
+VI.  Correction details
+
+The following list contains the revision numbers of each file that was
+corrected in FreeBSD.
+
+CVS:
+
+Branch                                                           Revision
+  Path
+- -------------------------------------------------------------------------
+RELENG_7
+  src/contrib/bind9/lib/dns/resolver.c                       1.1.1.9.2.11
+RELENG_7_4
+  src/UPDATING                                            1.507.2.36.2.12
+  src/sys/conf/newvers.sh                                  1.72.2.18.2.15
+  src/contrib/bind9/lib/dns/resolver.c                    1.1.1.9.2.8.2.1
+RELENG_8
+  src/contrib/bind9/CHANGES                                      1.9.2.15
+  src/contrib/bind9/lib/dns/resolver.c                            1.3.2.6
+  src/contrib/bind9/lib/dns/zone.c                               1.6.2.10
+  src/contrib/bind9/lib/isc/random.c                              1.2.2.4
+  src/contrib/bind9/version                                      1.9.2.15
+RELENG_8_3
+  src/UPDATING                                             1.632.2.26.2.6
+  src/sys/conf/newvers.sh                                   1.83.2.15.2.8
+  src/contrib/bind9/lib/dns/resolver.c                        1.6.2.7.2.1
+RELENG_8_2
+  src/UPDATING                                            1.632.2.19.2.12
+  src/sys/conf/newvers.sh                                  1.83.2.12.2.15
+  src/contrib/bind9/lib/dns/resolver.c                        1.6.2.4.2.1
+RELENG_8_1
+  src/UPDATING                                            1.632.2.14.2.16
+  src/sys/conf/newvers.sh                                  1.83.2.10.2.17
+  src/contrib/bind9/lib/dns/resolver.c                        1.6.2.3.2.1
+RELENG_9
+  src/contrib/bind9/CHANGES                                      1.21.2.5
+  src/contrib/bind9/lib/dns/resolver.c                           1.15.2.3
+  src/contrib/bind9/lib/dns/zone.c                                1.7.2.3
+  src/contrib/bind9/version                                      1.21.2.5
+RELENG_9_0
+  src/UPDATING                                              1.702.2.4.2.6
+  src/sys/conf/newvers.sh                                    1.95.2.4.2.8
+  src/contrib/bind9/lib/dns/resolver.c                           1.15.4.1
+- -------------------------------------------------------------------------
+
+Subversion:
+
+Branch/path                                                      Revision
+- -------------------------------------------------------------------------
+stable/7/                                                         r239108
+releng/7.4/                                                       r239108
+stable/8/                                                         r238749
+releng/8.3/                                                       r239108
+releng/8.2/                                                       r239108
+releng/8.1/                                                       r239108
+stable/9/                                                         r238756
+releng/9.0/                                                       r239108
+- -------------------------------------------------------------------------
+
+VII. References
+
+https://kb.isc.org/article/AA-00729
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3817
+
+The latest revision of this advisory is available at
+http://security.FreeBSD.org/advisories/FreeBSD-SA-12:05.bind.asc
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9
+
+iEYEARECAAYFAlAgP6kACgkQFdaIBMps37KLuQCfdF1xHFsD5vgeWKeTfPo1z0UG
+XN8AnRZQy5itaoFPFALXoDy3ZnZ5qA1t
+=hvTi
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:01.sliplogin.asc b/share/security/advisories/FreeBSD-SA-96:01.sliplogin.asc
new file mode 100644
index 0000000000..d4b6031a8f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:01.sliplogin.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:01					    Security Advisory
+Revised: Wed May 22 00:18:51 PDT 1996				FreeBSD, Inc.
+
+Topic:		sliplogin unauthorized access vulnerability
+
+Category:	core
+Module:		sliplogin
+Announced:	1996-04-21
+Affects:	FreeBSD 2.0.5 and 2.1.0 systems where sliplogin may
+		be invoked as a user shell (in /etc/passwd entries).
+Corrected:	1996-04-21 -stable and -current sources
+Source:		Generic BSD bug
+FreeBSD only:	no
+
+Reference:	AUSCERT Advisory correspondence
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:01/
+
+=============================================================================
+
+I.   Background    
+
+     A bug was found in the sliplogin program.  The program did
+     not properly restrict the environment used when invoking
+     child processes.  This problem is present in all source code
+     and binary distributions of FreeBSD version 2.0.5 and 2.1
+     released before 1996-04-21.
+
+
+II.  Problem Description
+
+     The sliplogin program is used to allow a remote user to dial
+     into a FreeBSD system and start a SLIP connection.  The sliplogin
+     program is typically used as replacement user "shell" in this
+     application.  The sliplogin program invokes a child process that
+     may be compromised through the passing of certain environment
+     variables.
+
+
+III. Impact
+
+     The problem could allow local users to gain unauthorized access
+     to a system or provide unauthorized access to remote users.
+     This problem is only exploitable on systems where the sliplogin
+     program has been configured to be invoked at login time (e.g. as
+     a user shell in /etc/passwd entries).
+
+IV. Solution(s)
+
+     The following patch to sliplogin.c eliminates this vulnerability.
+
+    *** sliplogin.c	1996/01/06 07:19:55	1.3.4.1
+    --- sliplogin.c	1996/04/24 20:20:00	1.3.4.2
+    ***************
+    *** 88,93 ****
+    --- 88,100 ----
+      #include <signal.h>
+      #include "pathnames.h"
+      
+    + extern char **environ;
+    + 
+    + static char *restricted_environ[] = {
+    + 	"PATH=" _PATH_STDPATH,
+    + 	NULL
+    + };
+    + 
+      int	unit;
+      int	slip_mode;
+      speed_t speed;
+    ***************
+    *** 123,128 ****
+    --- 130,137 ----
+	    char user[16];
+	    char buf[128];
+	    int i, j, n;
+    + 
+    + 	environ = restricted_environ; /* minimal protection for system() */
+      
+	    (void)strcpy(loginname, name);
+	    if ((fp = fopen(_PATH_ACCESS, "r")) == NULL) {
+
+
+V. Workaround
+
+     This vulnerability can quickly and easily be limited by disabling
+     any account that has sliplogin as the user shell in /etc/passwd or
+     by disabling access to the sliplogin command.
+
+     As root, execute the command:
+
+	  # chmod 000 /usr/sbin/mount_union
+
+     then verify that all access permission to the file has been
+     disabled.  The permissions array should read "----------" as
+     shown here:
+
+	   # ls -l /usr/sbin/sliplogin
+	   ----------  1 root  bin  16384 Apr 26 04:47 /usr/sbin/sliplogin
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+	modifications caused by digital signature or mailer software.
+	Please reference the URL listed at the top of this document
+	for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMaLAiVUuHi5z0oilAQFjMQQAlBJ/nnV0+FpmAdxkn1e3wr97oXPoGLfz
+hKbTHbQACcsYAJBZXItC8gGxwbDze0H06PidR81anVOch8pkthRbam6rYNWUsAwZ
+2PyWy7Q8pmeBz0vVhUYKQgLFWFzSdibvPJQjNA53uUvKymJHvEUeDj8MigQdxcvh
+2MkW1XGtVyQ=
+=8oT/
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:02.apache.asc b/share/security/advisories/FreeBSD-SA-96:02.apache.asc
new file mode 100644
index 0000000000..9b59c7780a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:02.apache.asc
@@ -0,0 +1,93 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:02					    Security Advisory
+								FreeBSD, Inc.
+
+Topic:		apache httpd meta-character escaping
+
+Category:	port
+Module:		apache
+Announced:	1996-04-22
+Affects:	FreeBSD 2.0.5 and 2.1.0 ports/packages distributions
+		with apache http daemon installed an enabled
+Corrected:	1996-04-21 ports source code
+Source:		Generic apache distribution bug
+FreeBSD only:	no
+
+Reference:	CERT Advisory CA-96.06.cgi_example_code
+		(warning: CERT's advisory is incomplete)
+
+Patches:	no patches available, see below for update
+
+=============================================================================
+
+I.   Background    
+
+     A bug was found in the apache daemon that may allow remote
+     users to obtain unauthorized access to a machine running
+     apache httpd.
+
+
+II.  Problem Description
+
+     Versions of the apache http daemon before release 1.05 do
+     not properly restrict shell meta-characters transmitted to
+     the daemon via form input (via GET or POST).
+
+
+III. Impact
+
+     The problem could allow remote users to gain unauthorized access
+     to a system.  This problem is only exploitable on systems where
+     the apache http daemon has been installed and is enabled.
+
+     The apache http daemon is not installed or enabled by default
+     but is a common package that many FreeBSD users may have chosen
+     to install.
+
+IV. Solution(s)
+
+     The Apache Group released version 1.05 of the daemon which fixes
+     this vulnerability.  The FreeBSD Project updated the ports and
+     packages system to use this new daemon.
+
+     Interested parties may obtain an updated pre-compiled FreeBSD
+     package from:
+
+     ftp://ftp.freebsd.org/pub/FreeBSD/packages-current/www/apache-1.0.5.tgz
+
+     and an updated "automatic port" from the directory hierarchy:
+
+     ftp://ftp.freebsd.org/pub/FreeBSD/ports-current/www/apache.tar.gz
+
+V. Workaround
+
+     This vulnerability can only be eliminated by updating to a more recent
+     version of apache or by disabling apache httpd.
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+	modifications caused by digital signature or mailer software.
+	Please reference the URL listed at the top of this document
+	for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMaLAi1UuHi5z0oilAQHqiQP/VKL3RhyNc3jmYyH6ydteiQUQ1+t7boqr
+304LP9g3ifq/cdxDwjbR4joiVjTNsqvOE1LQryI0qHq6nFPqGBsnHZI+thYGNYdI
+rjKOMRPF2VbzFx0W7mdvnQLxfCcU8Ma3A0zlub5hhqvN2gg3RVTXNYnF2FHIFL77
+cVdx+nVibo8=
+=tNpA
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:03.sendmail-suggestion.asc b/share/security/advisories/FreeBSD-SA-96:03.sendmail-suggestion.asc
new file mode 100644
index 0000000000..e1fcc266d9
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:03.sendmail-suggestion.asc
@@ -0,0 +1,113 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:03					    Security Advisory
+								FreeBSD, Inc.
+
+Topic:		*suggested action only* sendmail smrsh now available
+
+Category:	core
+Module:		sendmail
+Announced:	1996-04-20
+Affects:	FreeBSD 2.1.0 and earlier distributions
+Corrected:	1996-04-21 2.2-current and 2.1-stable sources
+FreeBSD only:	no
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:03/
+
+=============================================================================
+
+I.   Background    
+
+     The sendmail mail transfer agent has a rather poor reputation
+     for security related problems.  FreeBSD ships a version of
+     sendmail that has all known security problems fixed, but this
+     doesn't mean there won't be more found in the future.
+
+     The author of sendmail recognized this posibility and has
+     included a new utility called "smrsh".  The FreeBSD Project
+     would like to encourage system administrators to use this
+     utility as a hedge against future possible security holes.
+
+
+II.  Problem Description
+
+     Sendmail has the ability to deliver mail to a program on the
+     local system via a pipe.  This feature is often used to
+     support automatic mail filtering and vacation programs.
+
+     This provides a very flexible way to deliver information to
+     an automated task running on a mailserver.  Unfortunately,
+     this allows unprivileged users to write tasks that may not
+     properly check for common attacks via the program delivery
+     system.
+
+     The next release of FreeBSD will now install the sendmail
+     restricted shell utility, smrsh in /usr/libexec and create
+     the directory /usr/libexec/sm.bin to hold programs that
+     may be executed by sendmail to deliver mail to pipes.
+
+
+III. Impact
+
+     There is no known security impact on FreeBSD systems at the
+     of this document's publication.  There is no direct requirement
+     to install the smrsh utility.
+
+     The FreeBSD Project suggests using smrsh in conjunction with
+     sendmail in environments where the local system administrator
+     believes there is a need to protect against as-of-yet undiscovered
+     security holes in sendmail.
+
+     Use of this utility is /not/ enabled by default in standard
+     sendmail configuration files distributed by FreeBSD to retain
+     backwards compatibility with previous sendmail operation.  Use
+     of this utility may break functionality that users expect.
+     Please read the smrsh(8) manual page and/or the README file in
+     /usr/src/usr.sbin/sendmail/smrsh BEFORE attempting to use smrsh.
+
+
+IV. Solution(s)
+
+     This program is available in the 2.1-stable and 2.2-current
+     source code distributions.  It is not compiled, installed,
+     or enabled in FreeBSD 2.1.0 by default.
+
+     The Apache Group released version 1.05 of the daemon which fixes
+     this vulnerability.  The FreeBSD Project updated the ports and
+     packages system to use this new daemon.
+
+     Interested parties may obtain an updated pre-compiled FreeBSD
+     package from:
+
+     ftp://ftp.freebsd.org/pub/FreeBSD/packages-current/www/apache-1.0.5.tgz
+
+     and an updated "automatic port" from the directory hierarchy:
+
+     ftp://ftp.freebsd.org/pub/FreeBSD/ports-current/www/apache.tar.gz
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+	modifications caused by digital signature or mailer software.
+	Please reference the URL listed at the top of this document
+	for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMaLAjlUuHi5z0oilAQFXzAP/ZV0BgEsoyM2xylQgTPWWTh4pZl6kMtqn
+lFaxkgkcO7d8nAVfLNcmhkIGtEU471uR1qb13MST7QQQ2oNBq63955aomMcNbphY
+LqXx0IpLbYZWjR5A3bbFRmxKZGkNQOzOpZCAF1GA5+ElTw4fpJ2kWRmRiZLAdPWe
+btD3OFRGXIM=
+=yYqF
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:08.syslog.asc b/share/security/advisories/FreeBSD-SA-96:08.syslog.asc
new file mode 100644
index 0000000000..64dc9a4e7a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:08.syslog.asc
@@ -0,0 +1,77 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:08					    Security Advisory
+								FreeBSD, Inc.
+
+Topic:		syslog vulnerability
+
+Category:	core
+Module:		libc
+Announced:	1996-04-21
+Affects:	FreeBSD 2.0 and 2.0.5
+Corrected:	1995-10-15 2.2-current and 2.1.0-release sources
+Source:		Generic BSD bug
+FreeBSD only:	no
+
+Reference:	CERT CA-95:13.syslog.vul
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:08/
+
+=============================================================================
+
+I.   Background    
+
+     A problem was found in the syslog(3) library call that affects
+     FreeBSD 2.0 and FreeBSD 2.0.5 releases.  This problem was
+     fixed prior to the release of FreeBSD 2.1.
+
+     The FreeBSD project is not aware of active exploits of this
+     vulnerability.
+
+     All FreeBSD users are encouraged to upgrade to a version of
+     FreeBSD with this vulnerability fixed.
+
+
+II.  Problem Description
+
+     Bounds checking for syslog error messages was not being
+     performed properly.
+
+
+III. Impact
+
+     The problem could be exploited to gain unauthorized access to
+     a system running sendmail.
+
+
+IV. Solution(s)
+
+     Update operating system sources and binaries to FreeBSD 2.1 or
+     a later release or apply the patches available at the URL
+     listed at the top of this bulletin and re-install the C library.
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMaLAkFUuHi5z0oilAQFxEwP/aKhjlldITj2TRdejyyVTyrbLLc8EG3Ws
+e8VLwYYfaciMGf9jihZop2MxdVB/wlIR+iy2i04ULV5TUar3aiq0fmRsIxspT4vt
+/HcjtrsYX52rzAqkibTTMLRPn3vU9LES1gBZZDPteA4vk43Yo+brJk/bTuxloQTY
+PGw0ifIAHHM=
+=KBgt
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:09.vfsload.asc b/share/security/advisories/FreeBSD-SA-96:09.vfsload.asc
new file mode 100644
index 0000000000..f65fac7a7e
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:09.vfsload.asc
@@ -0,0 +1,141 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:09					    Security Advisory
+Revised: Wed May 22 00:20:09 PDT 1996				FreeBSD, Inc.
+
+Topic:		unauthorized access via mount_union / mount_msdos (vfsload)
+
+Category:	core
+Module:		libc
+Announced:	1996-05-17
+Affects:	FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current
+Corrected:	1996-05-17 2.1-stable and 2.2-current sources
+Source:		FreeBSD native bug
+FreeBSD only:	yes
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:09/
+
+=============================================================================
+
+I.   Background    
+
+     A bug was found in the vfsload(3) library call that affects all
+     versions of FreeBSD from 2.0 through 2.2-CURRENT that caused a
+     system vulnerability.  This problem is present in all source
+     code and binary distributions of FreeBSD version 2.x released
+     before 1996-05-18.
+
+     The FreeBSD project is aware of active exploits of this
+     vulnerability.
+
+     All FreeBSD users are encouraged to use the workaround provided
+     until they can update their operating system to a version with
+     this vulnerability fixed.
+
+
+II.  Problem Description
+
+     The mount_union and mount_msdos programs invoke another system
+     utility in an insecure fashion while setuid root.
+
+
+III. Impact
+
+     The problem could allow local users to gain unauthorized
+     permissions.
+
+     This vulnerability can only be exploited by users with a valid
+     account on the local system.
+
+
+IV. Solution(s)
+
+     Update operating system sources and binaries to FreeBSD 2.1-stable
+     or FreeBSD 2.2-current as distributed later than 1996-05-18 or
+     if you are currently running 2.1 or later, you may apply the
+     solution patches available at the URL listed at the top of this
+     message.
+
+     The OS updates fix the actual problem in the vfsload(3) library
+     routine.  Once the vfsload() library routine is fixed, the
+     workaround listed below is not necessary to solve this problem.
+     However, an additional stability problem has come to light
+     (ref. FreeBSD SA-96:10) so the FreeBSD project suggests
+     using both the setuid workaround and the solution for best results.
+
+V. Workaround
+
+     This vulnerability can quickly and easily be limited by removing
+     the setuid permission bit from the mount_union and mount_msdos
+     program.  This workaround will work for all versions of FreeBSD
+     affected by this problem.
+     
+     As root, execute the command:
+
+	  # chmod u-s /sbin/mount_union /sbin/mount_msdos
+
+     then verify that the setuid permissions of the files have been
+     removed.  The permissions array should read "-r-xr-xr-x" as
+     shown here:
+
+	  # ls -l /sbin/mount_union /sbin/mount_msdos
+	  -r-xr-xr-x  1 root  bin  151552 Apr 26 04:41 /sbin/mount_msdos
+	  -r-xr-xr-x  1 root  bin   53248 Apr 26 04:40 /sbin/mount_union
+
+     In addition to changing the permissions on the executable files,
+     if you have the source code installed, we suggest patching the
+     sources so that mount_union will not be installed with the
+     setuid bit set:
+
+    *** /usr/src/sbin/mount_union/Makefile	Sun Nov 20 14:47:52 1994
+    --- /usr/src/sbin/mount_union/Makefile	Fri May 17 10:36:09 1996
+    ***************
+    *** 8,14 ****
+      CFLAGS+= -I${.CURDIR}/../../sys -I${MOUNT}
+      .PATH:	${MOUNT}
+      
+    - BINOWN= root
+    - BINMODE=4555
+    - 
+      .include <bsd.prog.mk>
+    --- 8,11 ----
+    *** /usr/src/sbin/i386/mount_msdos/Makefile	Sun Dec  4 00:01:24 1994
+    --- /usr/src/sbin/i386/mount_msdos/Makefile	Fri May 17 11:31:57 1996
+    ***************
+    *** 6,14 ****
+      SRCS=	mount_msdos.c getmntopts.c
+      MAN8=	mount_msdos.8
+      
+    - BINOWN=	root
+    - BINMODE= 4555
+    - 
+      MOUNT=	${.CURDIR}/../../mount
+      CFLAGS+= -I${MOUNT}
+      .PATH:	${MOUNT}
+    --- 6,11 ----
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMaLAklUuHi5z0oilAQG+WgQAnuOvfxwqZOD4fXqGNHiON6klobB6c1mR
+8b09G2Thj7BrXgQjHYp+pbOBIbwIXvfbL8rG3FahqtrJpPLZmtQAqVn3LWZ8YAUz
+4ne5LDW8domwukynGSKRzjYxEIcYbfIYIBCT+UVYlHdwUBu9xFEWHpheNOanXLsS
++t3DoHXTHtA=
+=H0Cg
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:10.mount_union.asc b/share/security/advisories/FreeBSD-SA-96:10.mount_union.asc
new file mode 100644
index 0000000000..250714e1bc
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:10.mount_union.asc
@@ -0,0 +1,121 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:10					    Security Advisory
+Revised: Wed May 22 00:20:23 PDT 1996				FreeBSD, Inc.
+
+Topic:		system stability compromise via mount_union program
+
+Category:	core
+Module:		unionfs
+Announced:	1996-05-17
+Affects:	FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current
+Corrected:	(workaround) 2.1-stable and 2.2-current as of 1996-05-17
+Source:		4.4BSD (lite)
+FreeBSD only:	no
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:10/
+
+=============================================================================
+
+I.   Background    
+
+     A bug was found in the union file system code which can allow
+     an unprivileged local user to compromise system stability.
+     This problem is present in all source code and binary
+     distributions of FreeBSD version 2.x released before 1996-05-18.
+
+     All FreeBSD users are encouraged to use the workaround provided
+     until the FreeBSD Project distributes a full solution.
+
+
+II.  Problem Description
+
+     The union filesystem code had problems with certain mount ordering
+     problems.  By executing a certain sequence of mount_union commands,
+     an unprivileged local user may cause a system reload.
+
+     NOTE: This is a different problem than the one discussed in
+     FreeBSD SA-96:09.  The workaround for this vulnerability is
+     similar to the one discussed in 96:09, but the proper solution
+     for the unauthorized access problem in 96:09 does not address
+     this vulnerability.
+
+
+III. Impact
+
+     The problem could allow local users to compromise system stability.
+
+     This vulnerability can only be exploited by users with a valid
+     account on the local system.
+
+
+IV. Solution(s)
+
+     The FreeBSD project is currently developing a solution to this
+     problem,  however the proper solution will not be available until
+     a future FreeBSD release.  We do not anticipate releasing patches
+     for previous versions of FreeBSD due to the extensive nature of this
+     fix.  This security advisory will be updated as new information is
+     made available.
+
+V. Workaround
+
+     This vulnerability can quickly and easily be limited by removing
+     the setuid permission bit from the mount_union program.  This
+     workaround will work for all versions of FreeBSD affected by
+     this problem.
+     
+     As root, execute the command:
+
+	  % chmod u-s /sbin/mount_union
+
+     then verify that the setuid permissions of the files have been
+     removed.  The permissions array should read "-r-xr-xr-x" as
+     shown here:
+
+	   % ls -l /sbin/mount_union
+	   -r-xr-xr-x  1 root  bin   53248 Apr 26 04:40 /sbin/mount_union
+
+     In addition to changing the permissions on the executable files,
+     if you have the source code installed, we suggest patching the
+     sources so that mount_union will not be installed with the
+     setuid bit set:
+
+    *** /usr/src/sbin/mount_union/Makefile	Sun Nov 20 14:47:52 1994
+    --- /usr/src/sbin/mount_union/Makefile	Fri May 17 10:36:09 1996
+    ***************
+    *** 8,14 ****
+      CFLAGS+= -I${.CURDIR}/../../sys -I${MOUNT}
+      .PATH:	${MOUNT}
+      
+    - BINOWN= root
+    - BINMODE=4555
+    - 
+      .include <bsd.prog.mk>
+    --- 8,11 ----
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMaLAlFUuHi5z0oilAQEuBAP/ZEUqmnMnEybcJTdwLxheDbOyM7hK6Bvn
+Ygc1P1qfrta1vbqZhJX/IxrvEi/igoyvCWOx+8CA6qkDnOVGkzMwhDdy1vmEcRnb
+T6Ws6w1nSF2DmDnD+otkIgGVDHgYmJ0V/2g5scPk8EqSdzFTuaUgRIwaqfIS+X7m
+aA1Nk+kKso8=
+=LE03
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:11.man.asc b/share/security/advisories/FreeBSD-SA-96:11.man.asc
new file mode 100644
index 0000000000..1b6a26b13b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:11.man.asc
@@ -0,0 +1,118 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:11					    Security Advisory
+Revised: Wed May 22 00:11:46 PDT 1996		        	FreeBSD, Inc.
+
+Topic:		security compromise from man page utility
+
+Category:	core
+Module:		man
+Announced:	1996-05-21
+Affects:	FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current
+Corrected:	2.1-stable and 2.2-current as of 1996-05-21
+FreeBSD only:	yes
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:11/
+
+=============================================================================
+
+I.   Background    
+
+     FreeBSD replaced the standard BSD manual page reader with
+     code developed by a third party to support compressed manual
+     pages.  A bug was found in the manual page reader which can
+     allow an unprivileged local user to compromise system security
+     in a limited fashion.  This problem is present in all source
+     code and binary distributions of FreeBSD version 2.x released
+     before 1996-05-21.
+
+
+II.  Problem Description
+
+     The man program is setuid to the "man" user.  By executing a
+     particular sequence of commands, an unprivileged local user
+     may gain the access privileges of the "man" user.  However,
+     root access could be obtained with further work.
+
+
+III. Impact
+
+     The "man" user has no particular special privileges, it is
+     the owner of the /usr/share/man/cat[0-9] directory hierarchy.
+     Unformatted system manual pages are owned by the "bin" user.
+     However, further exploits once "man" is obtained could
+     possibly allow a local user to obtain unlimited access via
+     a trojan horse.
+
+     This vulnerability can only be exploited by users with a valid
+     account on the local system.
+
+
+IV. Workaround
+
+     One may simply disable the setuid bit on the /usr/bin/man file.
+     This will disable caching of formatted manual pages, no system
+     functionality will be lost.  This workaround will suffice for
+     all versions of FreeBSD affected by this problem.
+     
+     As root, execute the command:
+
+	 # chmod u-s /usr/bin/man
+
+     then verify that the setuid permissions of the files have been
+     removed.  The permissions array should read "-r-xr-xr-x" as
+     shown here:
+
+	 # ls -l /usr/bin/man
+	 -r-xr-xr-x  1 man  bin  28672 May 19 20:38 /usr/bin/man
+
+     We also suggest applying the following patch to the source
+     distribution so that the man program will not be installed
+     setuid man should you rebuild from sources:
+
+    *** /usr/src/gnu/usr.bin/man/man/Makefile	Sun Feb 25 13:39:52 1996
+    --- /usr/src/gnu/usr.bin/man/man/Makefile	Wed May 22 00:13:05 1996
+    ***************
+    *** 1,7 ****
+      PROG=	man
+      SRCS=	man.c manpath.c glob.c
+    - BINMODE=4555
+    - BINOWN=	man
+      
+      .if exists(${.CURDIR}/../lib/obj)
+      LDADD=  -L${.CURDIR}/../lib/obj -lman
+    --- 1,5 ----
+
+V. Solution
+
+     The FreeBSD team is in the process of rewriting portions of
+     the manual program to avoid this and similar vulnerabilities.
+     This security advisory will be updated when a complete solution
+     is available.
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMaLAllUuHi5z0oilAQFblwP/atY+PmOBakOsKhWywcPu5LvjaAAH5m8B
+3KGrtM/CBGEeFvk4qth8aeoTxLfhNtwrsvvnAAKFvqWbdHNU8CnlRgPKbzpyq+cs
+JB5NAaUYiCI9/87qRajpbjNLxJuDiCOUKcuvU/lgKLvr4oZ86ZVSu5uPieVXaJ8L
+RVKCjkRnUw8=
+=IMYL
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:12.perl.asc b/share/security/advisories/FreeBSD-SA-96:12.perl.asc
new file mode 100644
index 0000000000..7688f8a8f3
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:12.perl.asc
@@ -0,0 +1,144 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:12					    Security Advisory
+						        	FreeBSD, Inc.
+
+Topic:		security compromise from perl (suidperl) utility
+
+Category:	core and ports
+Module:		perl
+Announced:	1996-06-28
+Affects:	FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current
+Corrected:	2.1-stable and 2.2-current as of 1996-06-03
+FreeBSD only:	no
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:12/
+
+=============================================================================
+
+I.   Background    
+
+     FreeBSD ships perl version 4 as part of the base level system,
+     in addition, a port for perl version 5 is also provided with
+     a similar vulnerability.  The vulnerability is specific to the
+     suidperl flavors of perl installed on the system.
+
+     This problem is present in all source code and binary
+     distributions of FreeBSD version 2.0.5 and later released
+     before 1996-05-21.  This problem is not present in FreeBSD
+     2.0 and earlier versions of FreeBSD.
+
+II.  Problem Description
+
+     The authors of perl provide a "suidperl" program for proper
+     processing of setuid perl scripts on systems where race
+     conditions where setuid scripts could be exploited to gain
+     unauthorized access.  FreeBSD installs this suidperl program
+     (and a link) as part of the standard installation.  However,
+     privilege processing done by this program does not take into
+     account recent functionality extensions in the seteuid/setegid
+     system calls.
+
+
+III. Impact
+
+     This vulnerability can only be exploited by users with a valid
+     account on the local system to easily obtain superuser access.
+
+     This vulnerability is present on all systems with the
+     _POSIX_SAVED_IDS functionality extension where suidperl
+     has been installed.
+
+
+IV. Workaround
+
+     One may simply disable the setuid bit on all copies of the setuid
+     version of perl.  This will close the vulnerability but render
+     inoperable setuid perl scripts.  No software currently shipping
+     as part of FreeBSD relies on this functionality so the impact is
+     only to third party software.
+
+     As root, execute the commands:
+
+	 # chmod 111 /usr/bin/suidperl
+	 # chmod 111 /usr/bin/sperl4.036
+
+     In addition, if you have installed the perl5 port:
+	 # chmod 111 /usr/local/bin/suidperl
+	 # chmod 111 /usr/local/bin/sperl5.001
+
+     then verify that the setuid permissions of the files have been
+     removed.  The permissions array should read "-r-xr-xr-x" as
+     shown here:
+
+	 # ls -l /usr/bin/s*perl*
+	 ---x--x--x  2 root  bin  307200 Jun  1 17:16 /usr/bin/sperl4.036
+	 ---x--x--x  2 root  bin  307200 Jun  1 17:16 /usr/bin/suidperl
+
+     and for the perl5 port:
+
+	 # ls -l /usr/local/bin/s*perl*
+	 ---x--x--x  2 root  bin  397312 Jan 22 15:15 /usr/local/bin/sperl5.001
+	 ---x--x--x  2 root  bin  397312 Jan 22 15:15 /usr/local/bin/suidperl
+
+
+V. Solution
+
+     *NOTE* A patch for perl is available directly from Larry Wall
+     (the author of perl) which solves this vulnerability in a
+     different fashion than the FreeBSD patches.  You may apply
+     either the FreeBSD patches, or Larry's patches, or both.
+     The patches solve the problem via two different mechanisms.
+
+     Patches are available which eliminate this vulnerability.
+     The following patch should be applied to the system sources and
+     suidperl should be rebuilt and reinstalled.
+
+     Apply the patch, then:
+	# cd /usr/src/gnu/usr.bin/perl/sperl
+	# make depend
+	# make all
+	# make install
+
+     A similar patch is also available for the perl5 port.
+     Apply the following patch by moving it into the patch
+     directory for the port distribution and rebuilding and
+     installing perl5:
+
+	# cd /usr/ports/lang/perl5
+	# cp <location of new patches>/patch-a[ab] patches
+	# make all
+	# make install
+
+     NOTE: These patches do NOT solve the vulnerability for FreeBSD 2.0
+	   or 2.0.5.  These only solve the problem for 2.1 and later.
+	   Patches specific to FreeBSD 2.0 and 2.0.5 are available at
+	   the URL listed at the top of this file.
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBMdOTfFUuHi5z0oilAQEVkAP/cVHgqsW4GNpShs4RDQYvAphA31vTNiE8
+vrfyjpA1GQET/KycQe0xdQWaQ7FF6FwG5ieahHFypqFN2Ze8VW10EuWN/EFhfjh5
+vFnCqOW5r84DraP3ttkdR6WKyQXDwt61QBGiO7FYa03Kz29v3n9TO7W0LS+pAhB1
+cZZwEwUN318=
+=M6FK
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:13.comsat.asc b/share/security/advisories/FreeBSD-SA-96:13.comsat.asc
new file mode 100644
index 0000000000..73699a140d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:13.comsat.asc
@@ -0,0 +1,141 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:13					    Security Advisory
+						        	FreeBSD, Inc.
+
+Topic:		unauthorized mail reading via comsat
+
+Category:	core
+Module:		comsat
+Announced:	1996-06-05
+Affects:	All FreeBSD versions
+Corrected:	2.1-stable and 2.2-current as of 1996-06-04
+FreeBSD only:	yes
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:13/
+
+=============================================================================
+
+I.   Background    
+
+     FreeBSD made an extension to the comsat daemon to support
+     e-mail in alternate locations.  A bug was found in this
+     extension which allows an unprivileged local user to read
+     portions of other users' mail.
+
+     This problem is present in all source code and binary
+     distributions of FreeBSD released before 1996-06-03.
+
+
+II.  Problem Description
+
+     The comsat daemon does not properly set privileges before
+     attempting to read mail files for display on a user terminal.
+
+
+III. Impact
+
+     The comsat daemon may be used to read portions of files
+     in /var/mail that would not normally be accessible to a
+     particular user.  This ability is limited to the /var/mail
+     directory hierarchy.
+
+     This vulnerability can only be exploited by users with a valid
+     account on the local system.
+
+
+IV. Workaround
+
+     One may simply disable the comsat daemon in /etc/inetd.conf.
+     This will disable asynchronous notification of received mail
+     (biff messages).  This workaround will suffice for
+     all versions of FreeBSD affected by this problem.
+     
+     As root, edit the file /etc/inetd.conf and change the line
+
+     comsat	dgram	udp	wait	root	/usr/libexec/comsat	comsat
+
+     to read
+
+     #comsat	dgram	udp	wait	root	/usr/libexec/comsat	comsat
+
+     and then reboot the system or restart the inetd daemon and kill
+     off any active comsat daemons.
+
+V. Solution
+
+     The following patch fixes the permissions problem.  It should
+     apply cleanly to all FreeBSD 2.x systems.  It has not been tested
+     with FreeBSD 1.x but this change, if applied by hand, should work.
+
+    --- comsat.c	Mon Jun  3 09:07:49 1996
+    +++ comsat.c	Mon Jun  3 09:17:11 1996
+    @@ -73,7 +73,7 @@
+     time_t	lastmsgtime;
+     int	nutmp, uf;
+     
+    -void jkfprintf __P((FILE *, char[], off_t));
+    +void jkfprintf __P((FILE *, char[], char[], off_t));
+     void mailfor __P((char *));
+     void notify __P((struct utmp *, char[], off_t, int));
+     void onalrm __P((int));
+    @@ -238,15 +238,16 @@
+		cr, name, (int)sizeof(hostname), hostname,
+		folder ? cr : "", folder ? "to " : "", folder ? file : "",
+		cr, cr);
+    -	jkfprintf(tp, file, offset);
+    +	jkfprintf(tp, name, file, offset);
+	    (void)fclose(tp);
+	    _exit(0);
+     }
+     
+     void
+    -jkfprintf(tp, name, offset)
+    +jkfprintf(tp, user, file, offset)
+	    register FILE *tp;
+    -	char name[];
+    +	char user[];
+    +	char file[];
+	    off_t offset;
+     {
+	    register char *cp, ch;
+    @@ -256,10 +257,10 @@
+	    char line[BUFSIZ];
+     
+	    /* Set effective uid to user in case mail drop is on nfs */
+    -	if ((p = getpwnam(name)) != NULL)
+    +	if ((p = getpwnam(user)) != NULL)
+		    (void) setuid(p->pw_uid);
+     
+    -	if ((fi = fopen(name, "r")) == NULL)
+    +	if ((fi = fopen(file, "r")) == NULL)
+		    return;
+     
+	    (void)fseek(fi, offset, L_SET);
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMeXtDFUuHi5z0oilAQG7zAP/ZfgIUqi+yBcLTBhoRh0bAeB9GJNlppF/
+rqLtJUdBpDTELjjdE21b+510Uv3j1n9/xKiXgcFRcyV0BuUTyJGA+KbOHAuy5EjZ
+3AyoIHC3bAhydQIvDYl9N3RbaH/xbmG4MZoXtIxI7peo+FbMWwRCsDCjjMggk8x1
+s69nLC+n2iw=
+=xA6e
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:14.ipfw.asc b/share/security/advisories/FreeBSD-SA-96:14.ipfw.asc
new file mode 100644
index 0000000000..c7b15dfeb1
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:14.ipfw.asc
@@ -0,0 +1,246 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:14					    Security Advisory
+						        	FreeBSD, Inc.
+
+Topic:		Firewall filter leak with user level ipfw
+
+Category:	core
+Module:		ipfw
+Announced:	1996-06-24
+Affects:        FreeBSD -current Feb 24 1996 and later (ipfw.c rev 1.20)
+                FreeBSD -stable Feb 26 1996 and later (ipfw.c rev 1.15.4.2)
+Corrected:      Both FreeBSD -current and -stable as of Jun 23 1996
+FreeBSD only:   yes
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:14/
+
+=============================================================================
+
+I.   Background
+
+     FreeBSD is shipped with packet filtering code. This is implemented
+     by kernel level modules and user level programs. The user level
+     program ipfw, used to control the packet filtering code in the
+     kernel, has a bug in the way packet filter rules are interpreted.
+
+
+II.  Problem Description
+
+     A potential problem exists when users specify mask addresses to
+     ipfw(8) using the address:mask syntax.  Specifically, whenever the ':'
+     syntax is used, the resulting mask is always 0xffffffff.
+
+
+III. Impact
+
+     Whenever the address:mask syntax is used, the actual packet filtering
+     will differ from the expected filtering thus allowing or denying
+     more packets through the filter than intended.
+
+
+IV. Workaround
+
+     There is a simple workaround for this problem: Do not use the
+     address:mask syntax. In stead, use the address/mask syntax. The
+     implementation of the latter way of specifying masks does not suffer
+     from the mentioned bug.
+
+V. Solution
+
+     Apply one of the patches below, depending on your version of
+     FreeBSD. The patch is against /usr/src/sbin/ipfw/ipfw.c
+
+     The following patch applies to -stable:
+
+
+Index: ipfw.c
+===================================================================
+RCS file: /home/ncvs/src/sbin/ipfw/ipfw.c,v
+retrieving revision 1.15.4.4
+retrieving revision 1.15.4.5
+diff -u -r1.15.4.4 -r1.15.4.5
+- --- ipfw.c	1996/06/18 02:03:29	1.15.4.4
++++ ipfw.c	1996/06/23 20:51:37	1.15.4.5
+@@ -15,7 +15,7 @@
+  *
+  * NEW command line interface for IP firewall facility
+  *
+- - * $Id: FreeBSD-SA-96:14.ipfw.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
++ * $Id: FreeBSD-SA-96:14.ipfw.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+  *
+  */
+ 
+@@ -200,7 +200,7 @@
+ 	}
+ 
+ 	if (chain->fw_flg & IP_FW_F_FRAG)
+- -		printf("frag ");
++		printf(" frag ");
+ 
+ 	if (chain->fw_ipopt || chain->fw_ipnopt) {
+ 		int 	_opt_printed = 0;
+@@ -321,12 +321,22 @@
+ 
+ 		if (!inet_aton(*av,ipno))
+ 			show_usage("ip number\n");
+- -		if (md == ':' && !inet_aton(p,mask))
+- -			show_usage("ip number\n");
+- -		else if (md == '/') 
+- -			mask->s_addr = htonl(0xffffffff << (32 - atoi(p)));
+- -		else 
+- -			mask->s_addr = htonl(0xffffffff);
++		switch (md) {
++			case ':':
++				if (!inet_aton(p,mask))
++					show_usage("ip number\n");
++				break;
++			case '/':
++				if (atoi(p) == 0) {
++					mask->s_addr = 0;
++				} else {
++					mask->s_addr = htonl(0xffffffff << (32 - atoi(p)));
++				}
++				break;
++			default:
++				mask->s_addr = htonl(0xffffffff);
++				break;
++		}
+ 		av++;
+ 		ac--;
+ 	}
+@@ -611,10 +621,9 @@
+ 			break;
+ 		case 'N':
+ 	 		do_resolv=1;
+- -        		break;
+- -        	case '?':
+- -         	default:
+- -            		show_usage(NULL);
++			break;
++		default:
++			show_usage(NULL);
+ 	}
+ 
+ 	ac -= optind;
+@@ -645,7 +654,7 @@
+ 	} else {
+ 		show_usage(NULL);
+ 	}
+- -        return 0;
++	return 0;
+ }
+ 
+ int 
+
+
+     This one applies to -current:
+
+
+Index: ipfw.c
+===================================================================
+RCS file: /home/ncvs/src/sbin/ipfw/ipfw.c,v
+retrieving revision 1.26
+retrieving revision 1.27
+diff -u -r1.26 -r1.27
+- --- ipfw.c	1996/06/18 01:46:34	1.26
++++ ipfw.c	1996/06/23 20:47:51	1.27
+@@ -16,7 +16,7 @@
+  *
+  * NEW command line interface for IP firewall facility
+  *
+- - * $Id: FreeBSD-SA-96:14.ipfw.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
++ * $Id: FreeBSD-SA-96:14.ipfw.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+  *
+  */
+ 
+@@ -256,7 +256,7 @@
+ 	}
+ 
+ 	if (chain->fw_flg & IP_FW_F_FRAG)
+- -		printf("frag ");
++		printf(" frag ");
+ 
+ 	if (chain->fw_ipopt || chain->fw_ipnopt) {
+ 		int 	_opt_printed = 0;
+@@ -408,12 +408,23 @@
+ 
+ 		if (lookup_host(*av,ipno) != 0)
+ 			show_usage("ip number\n");
+- -		if (md == ':' && !inet_aton(p,mask))
+- -			show_usage("ip number\n");
+- -		else if (md == '/') 
+- -			mask->s_addr = htonl(0xffffffff << (32 - atoi(p)));
+- -		else 
+- -			mask->s_addr = htonl(0xffffffff);
++		switch (md) {
++			case ':':
++				if (!inet_aton(p,mask))
++					show_usage("ip number\n");
++				break;
++			case '/':
++				if (atoi(p) == 0) {
++					mask->s_addr = 0;
++				} else {
++					mask->s_addr = htonl(0xffffffff << (32 - atoi(p)));
++				}
++				break;
++			default:
++				mask->s_addr = htonl(0xffffffff);
++				break;
++		}
++		ipno->s_addr &= mask->s_addr;
+ 		av++;
+ 		ac--;
+ 	}
+@@ -788,10 +799,9 @@
+ 			break;
+ 		case 'N':
+ 	 		do_resolv=1;
+- -        		break;
+- -        	case '?':
+- -         	default:
+- -            		show_usage("Unrecognised switch");
++			break;
++		default:
++			show_usage("Unrecognised switch");
+ 	}
+ 
+ 	ac -= optind;
+@@ -818,7 +828,7 @@
+ 	} else {
+ 		show_usage("Bad arguments");
+ 	}
+- -        return 0;
++	return 0;
+ }
+ 
+ int 
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBMc22kFUuHi5z0oilAQEOBwP/WCVQZdHqv3ITppwCee3qNbe49nbNM4gc
++s3DX4qMe4olAvpd2izhNzPJH3mrOXzKKJTrZOeouZFDUm099lS67xQnc7F343v8
+iAJMtIZVlA58BmcQcSlmjqh9eqTgNyRIYpgYoefDKkgKE6eukWylariorUo+ppKe
+Tnpol2BUTXo=
+=Ut0+
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:15.ppp.asc b/share/security/advisories/FreeBSD-SA-96:15.ppp.asc
new file mode 100644
index 0000000000..dd82e38282
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:15.ppp.asc
@@ -0,0 +1,235 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:15					    Security Advisory
+						        	FreeBSD, Inc.
+
+Topic:		security compromise from ppp
+
+Category:	core
+Module:		ppp
+Announced:	1996-07-04
+Affects:	FreeBSD 2.0.5, 2.1, 2.1-stable, and 2.2-current
+Corrected:	2.1-stable and 2.2-current as of 1996-06-10
+FreeBSD only:	unknown
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:15/
+
+=============================================================================
+
+I.   Background    
+
+     FreeBSD ships a userland ppp program that can be used by users
+     to set up ppp connections.
+     This program is also known as ijppp.
+     The ppp program has a vulnerability that allows any user to run
+     commands under root privileges.
+
+II.  Problem Description
+
+     The ppp program does not properly manage user privileges, allowing
+     users to run any program with root privileges.
+
+III. Impact
+
+     This vulnerability can only be exploited by users with a valid
+     account on the local system to easily obtain superuser access.
+
+IV. Workaround
+
+     One may simply disable the setuid bit on all copies of the ppp
+     program.  This will close the vulnerability but will only allow
+     the superuser to set up ppp connections.
+
+     As root, execute the commands:
+
+	 # chmod 555 /usr/sbin/ppp
+
+     then verify that the setuid permissions of the files have been
+     removed.  The permissions array should read "-r-xr-xr-x" as
+     shown here:
+
+	 # ls -l /usr/sbin/ppp
+	 -r-xr-xr-x  1 root  bin  86016 Nov 16  1995 /usr/sbin/ppp
+
+V. Solution
+
+     Patches are available which eliminate this vulnerability.
+     The following patch should be applied to the system sources and
+     ppp should be rebuilt and reinstalled. The first patch is against
+     the FreeBSD 2.1 and FreeBSD-stable source tree. The second patch
+     is for FreeBSD-current (version before 1996-06-10).
+
+     Apply the patch, then (being superuser):
+	# cd /usr/src/usr.sbin/ppp
+	# make depend
+	# make all
+	# make install
+
+     Index: command.c
+     ===================================================================
+     RCS file: /home/ncvs/src/usr.sbin/ppp/command.c,v
+     retrieving revision 1.5.4.3
+     retrieving revision 1.5.4.4
+     diff -u -r1.5.4.3 -r1.5.4.4
+     --- command.c	1996/02/05 17:02:52	1.5.4.3
+     +++ command.c	1996/06/10 09:41:49	1.5.4.4
+     @@ -17,7 +17,7 @@
+       * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+       * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+       *
+     - * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       *
+       */
+      #include <sys/types.h>
+     @@ -187,9 +187,14 @@
+            * We are running setuid, we should change to
+            * real user for avoiding security problems.
+            */
+     -     setgid( getgid() );
+     -     setuid( getuid() );
+     -
+     +     if (setgid(getgid()) < 0) {
+     +	perror("setgid");
+     +	exit(1);
+     +     }
+     +     if (setuid(getuid()) < 0) {
+     +	perror("setuid");
+     +	exit(1);
+     +     }
+           TtyOldMode();
+           if(argc > 0)
+             execvp(argv[0], argv);
+     Index: chat.c
+     ===================================================================
+     RCS file: /home/ncvs/src/usr.sbin/ppp/chat.c,v
+     retrieving revision 1.4.4.1
+     retrieving revision 1.4.4.2
+     diff -u -r1.4.4.1 -r1.4.4.2
+     --- chat.c	1995/10/06 11:24:31	1.4.4.1
+     +++ chat.c	1996/06/10 09:41:45	1.4.4.2
+     @@ -18,7 +18,7 @@
+       *		Columbus, OH  43221
+       *		(614)451-1883
+       *
+     - * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       *
+       *  TODO:
+       *	o Support more UUCP compatible control sequences.
+     @@ -331,6 +331,15 @@
+          nb = open("/dev/tty", O_RDWR);
+          dup2(nb, 0);
+      LogPrintf(LOG_CHAT, "exec: %s\n", command);
+     +    /* switch back to original privileges */
+     +    if (setgid(getgid()) < 0) {
+     +      LogPrintf(LOG_CHAT, "setgid: %s\n", strerror(errno));
+     +      exit(1);
+     +    }
+     +    if (setuid(getuid()) < 0) {
+     +      LogPrintf(LOG_CHAT, "setuid: %s\n", strerror(errno));
+     +      exit(1);
+     +    }
+          pid = execvp(command, vector);
+          LogPrintf(LOG_CHAT, "execvp failed for (%d/%d): %s\n", pid, errno, command);
+          exit(127);
+     
+     
+     Patch for FreeBSd-current before 1996-06-10:
+     
+     
+     Index: command.c
+     ===================================================================
+     RCS file: /home/ncvs/src/usr.sbin/ppp/command.c,v
+     retrieving revision 1.17
+     retrieving revision 1.18
+     diff -u -r1.17 -r1.18
+     --- command.c	1996/05/11 20:48:22	1.17
+     +++ command.c	1996/06/09 20:40:58	1.18
+     @@ -17,7 +17,7 @@
+       * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+       * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
+       *
+     - * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       *
+       */
+      #include <sys/types.h>
+     @@ -190,9 +190,14 @@
+            * We are running setuid, we should change to
+            * real user for avoiding security problems.
+            */
+     -     setgid( getgid() );
+     -     setuid( getuid() );
+     -
+     +     if (setgid(getgid()) < 0) {
+     +	perror("setgid");
+     +	exit(1);
+     +     }
+     +     if (setuid(getuid()) < 0) {
+     +	perror("setuid");
+     +	exit(1);
+     +     }
+           TtyOldMode();
+           if(argc > 0)
+             execvp(argv[0], argv);
+     Index: chat.c
+     ===================================================================
+     RCS file: /home/ncvs/src/usr.sbin/ppp/chat.c,v
+     retrieving revision 1.10
+     retrieving revision 1.11
+     diff -u -r1.10 -r1.11
+     --- chat.c	1996/05/11 20:48:20	1.10
+     +++ chat.c	1996/06/09 20:40:56	1.11
+     @@ -18,7 +18,7 @@
+       *		Columbus, OH  43221
+       *		(614)451-1883
+       *
+     - * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + * $Id: FreeBSD-SA-96:15.ppp.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       *
+       *  TODO:
+       *	o Support more UUCP compatible control sequences.
+     @@ -393,6 +393,15 @@
+          nb = open("/dev/tty", O_RDWR);
+          dup2(nb, 0);
+      LogPrintf(LOG_CHAT_BIT, "exec: %s\n", command);
+     +    /* switch back to original privileges */
+     +    if (setgid(getgid()) < 0) {
+     +      LogPrintf(LOG_CHAT_BIT, "setgid: %s\n", strerror(errno));
+     +      exit(1);
+     +    }
+     +    if (setuid(getuid()) < 0) {
+     +      LogPrintf(LOG_CHAT_BIT, "setuid: %s\n", strerror(errno));
+     +      exit(1);
+     +    }
+          pid = execvp(command, vector);
+          LogPrintf(LOG_CHAT_BIT, "execvp failed for (%d/%d): %s\n", pid, errno, command);
+          exit(127);
+     
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBMdwL31UuHi5z0oilAQEqsQP7BgWUN3uwGk9bSTO0dE/SKUtPDVk+ZVyc
+yKF1NadOm8CaM93i2zAsMhEMPHKUS3RWaNhyyBJe0OC9eQthm+OrA6wHvs2mdJ36
+e0bG8j2FwqKyThc+NWlvQJWOnbAOrveCPeEv4ZvZ95rukICRCy4DeaQHL2qg5xv2
+k75uFnuSVBs=
+=t+pA
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:16.rdist.asc b/share/security/advisories/FreeBSD-SA-96:16.rdist.asc
new file mode 100644
index 0000000000..39a5c76691
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:16.rdist.asc
@@ -0,0 +1,118 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:16					    Security Advisory
+Revised: Fri Jul 12 09:32:53 PDT 1996				FreeBSD, Inc.
+
+Topic:		security vulnerability in rdist
+
+Category:	core
+Module:		rdist
+Announced:	1996-07-12
+Affects:	FreeBSD 2.0, 2.0.5, 2.1, 2.1-stable, and 2.2-current
+Corrected:	2.1-stable and 2.2-current as of 1996-07-11
+Source:		4.4BSD (lite)
+FreeBSD only:	no
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:16/
+Reference:	[8lgm]-Advisory-26.UNIX.rdist.20-3-1996
+
+=============================================================================
+
+I.   Background    
+
+     A bug was found in the BSD rdist utility which can allow
+     an unprivileged local user to gain unauthorized access.
+     This problem is present in all source code and binary
+     distributions of FreeBSD version 2.x released before 1996-07-12.
+
+     rdist has been the subject of security vulnerabilities in the past.
+     This is a newly discovered vulnerability not related to previous
+     race conditions fixed in rdist.
+
+
+II.  Problem Description
+
+     rdist creates an error message based on a user provided string,        
+     without checking bounds on the buffer used.  This buffer is            
+     on the stack, and can therefore be used to execute arbitrary           
+     instructions.
+
+
+III. Impact
+
+     This vulnerability can allow a local user to obtain superuser
+     privileges.  It may only be exploited by users with a valid
+     account on the local system.  It is present in almost all BSD
+     derived operating systems with a "setuid" rdist program.
+
+
+IV. Workaround
+
+     The rdist program must be setuid root to function properly.
+     This vulnerability can be eliminated by making rdist not
+     executable by unprivileged users.  Since this limits the
+     usefulness of the program, a software update is advised.
+
+     This workaround will work for all versions of FreeBSD affected
+     by this problem.
+     
+     As root, execute the commands:
+
+	# chflags noschg /usr/bin/rdist
+	# chmod u-s,go-rx /usr/bin/rdist
+
+     then verify that the setuid permissions of the files have been
+     removed.  The permissions array should read "-r-x------" as
+     shown here:
+
+	# ls -l /usr/bin/rdist
+	-r-x------  1 root  bin  49152 Jun 16 10:46 rdist
+
+
+V. Solution(s)
+
+     Apply the available via FTP from the patch directory noted
+     at the top of this message.  Recompile, and reinstall the
+     rdist program.  This patch is known to apply to all
+     FreeBSD 2.x systems, it has not been tested with FreeBSD 1.x.
+
+     The [8lgm] organization correctly points out that this program
+     does not have a particularly good security "history."  While
+     the patch for this vulnerability does solve this particular
+     problem, it's not clear if other security issues involving rdist
+     will appear in the future.
+
+     Administrators should consider whether it is appropriate to
+     remove the standard rdist program and upgrade to rdist
+     version 6, which is available as a FreeBSD port.
+
+     FreeBSD, Inc. has not replaced the standard BSD rdist with
+     the newer code because the new rdist is not protocol-compatible
+     with the original version.
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMeaC1FUuHi5z0oilAQHtzQP/U1f9y0R+upwCs5IFeBCUBVkFWUeJ/Wwb
+CJPFmsBr54quI6Aie/LXa/Qw8EdrL54GIiNDZYkAzb9XvWOehOsmtoYN4oj0JAbJ
+lesq746xOEfNMtpL866T8dxJRTsK98VMSaZK5IU8fVpVYUURcVDv+y+bqfL72Mst
+3ajof2ieNxE=
+=j2z5
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:17.rzsz.asc b/share/security/advisories/FreeBSD-SA-96:17.rzsz.asc
new file mode 100644
index 0000000000..b21d44b12b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:17.rzsz.asc
@@ -0,0 +1,139 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:17					    Security Advisory
+Revised: Tue Jul 16 21:44:54 PDT 1996				FreeBSD, Inc.
+
+Topic:		"Trojan Horse" vulnerability via rz program
+
+Category:	ports
+Module:		rzsz
+Announced:	1996-07-16
+Affects:	All FreeBSD ports collections released before 2.1.5-RELEASE
+Corrected:	ports collection as of 1996-07-06
+Source:		rzsz shareware package
+FreeBSD only:	no
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:17/
+
+=============================================================================
+
+I.   Background    
+
+     All existing versions of the rz program (a program for receiving
+     files over serial lines using the Z-Modem protocol) are equipped
+     with a feature that allows the sender of a file to request the
+     execution of arbitrary commands on the receiver's side.  The user
+     using rz does not have any control over this feature.
+
+     The workaround is to have rz never execute any command, and
+     always pretend a successful execution.
+
+     All FreeBSD users are encouraged to use the workaround provided.
+     Since the intent of the Z-Modem protocol is to provide a reliable
+     connection between systems of a vastly different architecture,
+     the execution of local commands at request of the sending side
+     cannot even be considered a useful feature at all.
+
+
+II.  Problem Description
+
+     The Z-Modem protocol specifies a mechanism which allows the
+     transmitter of a file to execute an arbitrary command string
+     as part of the file transfer.  This is typically used to rename
+     files or eliminate temporary files.  A malicious "trusted" sender
+     could send down a command that could damage a user's environment.
+
+
+III. Impact
+
+     The rzsz package is an optional port that made be installed on
+     some FreeBSD systems.  This program is not installed by default.
+     Systems without this program are not vulnerable.
+
+     rz allows "Trojan Horse" type attacks against unsuspecting users.
+     Since the rz executable does not run with special privileges,
+     the vulnerability is limited to changes in the operating environment
+     that the user could willingly perform.
+
+     This vulnerability is a fundamental flaw in the Z-Modem protocol.
+     Other operating systems and other implementations of the Z-Modem
+     protocol may also suffer similar vulnerabilities.
+
+IV.  Workaround
+
+     Disable the rz program.  If it has been installed, it would
+     typically be found in /usr/local/bin.
+
+	# chmod 000 /usr/local/bin/rz
+	# ls -l /usr/local/bin/rz
+	----------  1 root  wheel  23203 Mar  4 23:12 /usr/local/bin/rz
+
+
+V. Solution(s)
+
+     This feature is a relatively unknown part of the Z-Modem protocol.
+     It is not critical to file transfers in general.  The safest
+     approach is to disable this feature in the receiving program.
+
+     Any rzsz port that is obtained from the official ports collection
+     after 1996-07-06 includes the following patch to disable this feature.
+     This patch applies to rzsz v3.42, if you have an earlier version
+     of the rzsz sources, please upgrade to the latest version first.
+
+    *** rz.c.orig	Sat Jul  6 17:34:26 1996
+    --- rz.c	Sat Jul  6 17:44:52 1996
+    ***************
+    *** 1020,1039 ****
+    --- 1020,1045 ----
+		    case ZCOMMAND:
+			    cmdzack1flg = Rxhdr[ZF0];
+			    if (zrdata(secbuf, 1024) == GOTCRCW) {
+    + #ifdef BIG_SECURITY_HOLE
+				    void exec2();
+      
+				    if (cmdzack1flg & ZCACK1)
+					    stohdr(0L);
+				    else
+					    stohdr((long)sys2(secbuf));
+    + #else
+    + 				stohdr(0L);
+    + #endif
+				    purgeline();	/* dump impatient questions */
+				    do {
+					    zshhdr(4,ZCOMPL, Txhdr);
+				    }
+				    while (++errors<20 && zgethdr(Rxhdr) != ZFIN);
+				    ackbibi();
+    + #ifdef BIG_SECURITY_HOLE
+				    if (cmdzack1flg & ZCACK1)
+					    exec2(secbuf);
+    + #endif
+				    return ZCOMPL;
+			    }
+			    zshhdr(4,ZNAK, Txhdr); goto again;
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMexwFlUuHi5z0oilAQFY8wQAmIkv2scipc+ABrQCfHpSWapM+v2J7s8S
+7pqt4ZIdkt5jwBatY4NnsScDAIIYO/chP29hn3sNiHohv/4j1DXoXE57fLCeBkrh
+SbcY20X5YqpuUqScVTEsJBm40GNf7k98GNtgmLwd/NojRgchIdbx4zJSVo/3H1yK
+oJdvhrzsGpE=
+=mZ88
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:18.lpr.asc b/share/security/advisories/FreeBSD-SA-96:18.lpr.asc
new file mode 100644
index 0000000000..0b864cbd3d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:18.lpr.asc
@@ -0,0 +1,89 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:18					    Security Advisory
+						        	FreeBSD, Inc.
+
+Topic:		Buffer overflow in lpr (revised)
+
+Category:	core
+Module:		lpr
+Announced:	1996-11-25
+Affects:	FreeBSD 2.0, 2.0.5, 2.1, 2.1.5
+Corrected:	FreeBSD-current as of 1996/10/27
+		FreeBSD-stable as of 1996/11/01
+		FreeBSD 2.2 and 2.1.6 releases
+FreeBSD only:	no
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:18/
+
+=============================================================================
+
+I.   Background    
+
+     The lpr program is used to print files. It is standard software
+     in the FreeBSD operating system.
+
+     This advisory is based on AUSCERT's advisory AA-96.12. The FreeBSD
+     security-officers would like to thank AUSCERT for their efforts.
+
+     This is a revised advisory, issued to state clearly exactly which
+     versions of FreeBSD are vulnerable.
+
+II.  Problem Description
+
+     Due to its nature, the lpr program is setuid root. Unfortunately,
+     the program does not do sufficient bounds checking on arguments which
+     are supplied by users.  As a result it is possible to overwrite the
+     internal stack space of the program while it's executing.  This can
+     allow an intruder to execute arbitrary code by crafting a carefully
+     designed argument to lpr.  As lpr runs as root this allows intruders
+     to run arbitrary commands as root.
+
+
+III. Impact
+     Local users can gain root privileges.
+
+
+IV. Workaround
+
+     AUSCERT has developed a wrapper to help prevent lpr being exploited
+     using this vulnerability.  This wrapper, including installation
+     instructions, can be found in 
+		ftp://ftp.auscert.org.au/pub/auscert/advisory/
+			AA-96.12.lpr.buffer.overrun.vul
+
+V. Solution
+
+     Apply one of the following patches. Patches are provided for 
+     FreeBSD-current (before 1996/10/27) (SA-96:18-solution.current)
+     FreeBSD-2.0.5, FreeBSD-2.1.0, FreeBSD-2.1.5 and 
+	FreeBSd-stable (before 1996/11/01) (SA-96:18-solution.2xx)
+
+     Patches can be found on ftp://freebsd.org/pub/CERT/patches/SA-96:18
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMptSe1UuHi5z0oilAQEWJwP5AZbCK/p+LJLDTOp68CARC18JB8+VF4DI
+2qeGrMRxtWRJXD+MWV2llWbQBvX0iE53zzb7su0KYuq38zmVyoN6GM5KaRgRbHJC
+tjEYrQ5AQK0an3C8ACOEy5Tt4PU10BPZlssWHWotTOpPeVIzjj7RZqSJLywSwoIh
+wGzvSrEpYSk=
+=r1Lc
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:19.modstat.asc b/share/security/advisories/FreeBSD-SA-96:19.modstat.asc
new file mode 100644
index 0000000000..2dfe0ea91e
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:19.modstat.asc
@@ -0,0 +1,109 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:19					    Security Advisory
+						        	FreeBSD, Inc.
+
+Topic:		Buffer overflow in modstat
+
+Category:	core
+Module:		modstat
+Announced:	1996-12-10
+Affects:	FreeBSD 2.0, 2.0.5, 2.1, 2.1.5, 2.1.6, 2.1.6.1
+Corrected:	FreeBSD-current as of 1996/08/08
+FreeBSD only:	no
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:19/
+
+=============================================================================
+
+I.   Background    
+
+     The modstat program is used to display status of loaded kernel modules.
+     It is standard software in the FreeBSD operating system.
+
+II.  Problem Description
+
+     The modstat program has always been installed setuid kmem. Within
+     the program, a buffer overflow can occur.
+
+
+III. Impact
+     Local users can gain kmem privileges.
+
+
+IV.  Workaround
+
+     Modstat does not need to be setuid kmem. It is thus sufficient to
+     do the following:
+	su
+	cd /usr/bin
+	chmod 555 modstat
+     This effectively clears the setuid bit on the modstat program.
+
+V.   Solution
+
+     Apply the following patch:
+     (This patch can also be found on 
+	ftp://freebsd.org/pub/CERT/patches/SA-96:19)
+
+Index: Makefile
+===================================================================
+RCS file: /home/freebsd/CVS/src/usr.bin/modstat/Makefile,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -r1.1 -r1.2
+- --- Makefile	1994/08/19 12:14:02	1.1
++++ Makefile	1996/05/30 02:19:03	1.2
+@@ -38,7 +38,5 @@
+ 
+ PROG=	modstat
+ MAN8=	modstat.8
+- -BINGRP=	kmem
+- -BINMODE=2555
+ 
+ .include <bsd.prog.mk>
+Index: modstat.c
+===================================================================
+RCS file: /home/freebsd/CVS/src/usr.bin/modstat/modstat.c,v
+retrieving revision 1.3
+retrieving revision 1.4
+diff -u -r1.3 -r1.4
+- --- modstat.c	1995/04/20 05:08:53	1.3
++++ modstat.c	1996/08/08 07:58:07	1.4
+@@ -72,8 +72,9 @@
+ {
+ 	struct lmc_stat	sbuf;
+ 
++	sbuf.name[MAXLKMNAME - 1] = '\0'; /* In case strncpy limits the string. */
+ 	if (modname != NULL)
+- -		strcpy(sbuf.name, modname);
++		strncpy(sbuf.name, modname, MAXLKMNAME - 1);
+ 
+ 	sbuf.id = modnum;
+ 
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMq2381UuHi5z0oilAQE99wP+NktTxugo1lrVDm0FVcmqd8c3zu6s95Wt
+WCvM9GLECCVB+sFbssbikQc35SvgzEjnE4lZ3J4VBrAoThG3tLOmO5si0csM8dwE
+QPGMyR/fdU7DpYXEK/XKuDxre1TDJ0uOwU9DfBewgy0o5OiybRR5dxj3nsJIznnd
+F5O6NNppKb0=
+=qcrF
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:20.stack-overflow.asc b/share/security/advisories/FreeBSD-SA-96:20.stack-overflow.asc
new file mode 100644
index 0000000000..ed57375e0a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:20.stack-overflow.asc
@@ -0,0 +1,272 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:20					    Security Advisory
+						        	FreeBSD, Inc.
+
+Topic:		unauthorized access via buffer overruns
+		cron, crontab, ppp
+
+Category:	core
+Module:		cron, crontab, ppp
+Announced:	1996-12-16
+Affects:	1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1
+Corrected:	2.2-current as of various dates (see below)
+		2.1-stable  as of various dates (see below)
+FreeBSD only:	yes
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:20/
+
+=============================================================================
+
+I.   Background    
+
+     Buffer overrun (aka stack overflow) exploits in system
+     supplied and locally installed utilities are commonly
+     used by individuals wishing to obtain unauthorized access to
+     computer systems.  The FreeBSD team has been reviewing and
+     fixing the source code pool to eliminate potential exploits
+     based on this technique.  We've found several such exploits
+     (and more have been reported by other sources) and strongly
+     suggest that all operators of FreeBSD machines upgrade to
+     the latest version of FreeBSD (2.1.6.1 at the time of this
+     advisory) if there is a possibility for untrustworthy users
+     to have standard user level access to the system.
+
+     Most of these problems were fixed with the release of
+     FreeBSD 2.1.6.1, however the following were not:
+
+     In August of 1996, exploits were discovered in the
+     cron and crontab utilities in FreeBSD.  These were fixed
+     in the -current source code pool in August of 1996, but
+     due to a clerical error, were not repaired in the older
+     -stable source code pool used to generate the FreeBSD
+     2.1.X distributions until 16-Dec-1996.
+     Recently, yet another buffer overrun was discovered
+     in the cron and crontab utilities in FreeBSD. The problem
+     was corrected on 16-Dec-1996 in both -current and -stable.
+
+     Also recently, a similar overrun has been discovered in the
+     ppp utility.  This was fixed in both -current and
+     -stable source code pools on 16-Dec-1996.
+
+
+II.  Problem Description
+
+     The programs in question store user-supplied information
+     in internal buffers.  There is no range checking on length
+     of the data copied into these buffers.  A malicious user
+     may be able to overflow these buffers through the use of
+     command line options or via enviornment variables and
+     insert and execute their own code fragment which could
+     be used to obtain unauthorized access to the system
+
+
+III. Impact
+
+     The programs in question may be subverted to allow an
+     unprivileged user to gain root access to the system.
+
+     These vulnerability can only be exploited by individuals
+     with access to the local system.
+
+
+IV. Workaround
+
+     Setuid programs invoked by the user may have their setuid
+     permissions removed, or their protection attributes modified
+     so unprivileged users may not operate them at all.
+     This may reduce or eliminate some functionality provided by
+     these programs to normal users.
+
+     To remove setuid privileges:
+
+     crontab:		# chmod ug-s /usr/bin/crontab
+     ppp:		# chmod ug-s /usr/bin/ppp
+
+     The cron program is started by the system on every boot.
+     This auto-start may be temporarily disabled, and the running
+     cron program stopped.  However, cron is a valuable system
+     utility,  so we suggest this as a temporary workaround only.
+
+     To stop cron from executing on system boot, edit the /etc/rc
+     file and change the line:
+		echo -n ' cron'; cron
+     so it reads:
+		# echo -n ' cron'; cron.
+
+     To turn off a running cron, use the ps program to determine
+     the PID of the currently running cron (use "ps") and type:
+
+		# kill <pid of running cron>
+
+V. Solution
+
+     The following patches fixes the vulnerabilities.  It should
+     apply cleanly to all FreeBSD 2.1.x systems.  It has not been
+     tested with FreeBSD 1.x.
+
+     After applying these patches, recompile and re-install the
+     affected utilities.
+
+
+    *** usr.sbin/cron/cron/database.c	1994/08/27 13:43:03	1.1.1.1
+    --- usr.sbin/cron/cron/database.c	1996/09/10 03:38:20	1.3
+    ***************
+    *** 112,119 ****
+      		if (dp->d_name[0] == '.')
+      			continue;
+      
+    ! 		(void) strcpy(fname, dp->d_name);
+    ! 		sprintf(tabname, CRON_TAB(fname));
+      
+      		process_crontab(fname, fname, tabname,
+      				&statbuf, &new_db, old_db);
+    --- 112,119 ----
+      		if (dp->d_name[0] == '.')
+      			continue;
+      
+    ! 		(void)snprintf(fname, sizeof fname, "%s", dp->d_name);
+    ! 		(void)snprintf(tabname, sizeof tabname, CRON_TAB(fname));
+      
+      		process_crontab(fname, fname, tabname,
+      				&statbuf, &new_db, old_db);
+    
+    *** usr.sbin/cron/crontab/crontab.c	1996/04/09 21:23:11	1.3.4.1
+    --- usr.sbin/cron/crontab/crontab.c	1996/08/05 00:50:02	1.6
+    ***************
+    *** 167,173 ****
+      					ProgramName, optarg);
+      				exit(ERROR_EXIT);
+      			}
+    ! 			(void) strcpy(User, optarg);
+      			break;
+      		case 'l':
+      			if (Option != opt_unknown)
+    --- 165,171 ----
+      					ProgramName, optarg);
+      				exit(ERROR_EXIT);
+      			}
+    ! 			(void) snprintf(User, sizeof(user), "%s", optarg);
+      			break;
+      		case 'l':
+      			if (Option != opt_unknown)
+    ***************
+    *** 198,204 ****
+      	} else {
+      		if (argv[optind] != NULL) {
+      			Option = opt_replace;
+    ! 			(void) strcpy (Filename, argv[optind]);
+      		} else {
+      			usage("file name must be specified for replace");
+      		}
+    --- 196,203 ----
+      	} else {
+      		if (argv[optind] != NULL) {
+      			Option = opt_replace;
+    ! 			(void) snprintf(Filename, sizeof(Filename), "%s",
+    ! 					argv[optind]);
+      		} else {
+      			usage("file name must be specified for replace");
+      		}
+    ***************
+    *** 480,486 ****
+      			ProgramName, Filename);
+      		goto done;
+      	default:
+    ! 		fprintf(stderr, "%s: panic: bad switch() in replace_cmd()\n");
+      		goto fatal;
+      	}
+       remove:
+    --- 479,486 ----
+      			ProgramName, Filename);
+      		goto done;
+      	default:
+    ! 		fprintf(stderr, "%s: panic: bad switch() in replace_cmd()\n",
+    ! 			ProgramName);
+      		goto fatal;
+      	}
+       remove:
+    
+    --- usr.sbin/cron/lib/env.c	1994/08/27 13:43:02	1.1.1.1
+    +++ usr.sbin/cron/lib/env.c	1996/12/16 18:11:57
+    @@ -115,7 +115,7 @@
+     {
+     	long	filepos;
+     	int	fileline;
+    -	char	name[MAX_TEMPSTR], val[MAX_ENVSTR];
+    +	char	name[MAX_ENVSTR], val[MAX_ENVSTR];
+     	int	fields;
+     
+     	filepos = ftell(f);
+    
+    
+    --- usr.sbin/ppp/chat.c	1996/06/10 09:41:45	1.4.4.2
+    +++ usr.sbin/ppp/chat.c	1996/12/15 20:40:26
+    @@ -315,7 +315,7 @@
+         }
+         cp--;
+       }
+    -  sprintf(tmp, "%s %s", command, cp);
+    +  snprintf(tmp, sizeof tmp, "%s %s", command, cp);
+       (void) MakeArgs(tmp, &vector);
+     
+       pipe(fids);
+    
+    --- usr.sbin/ppp/systems.c	1995/05/30 03:50:58	1.5
+    +++ usr.sbin/ppp/systems.c	1996/12/15 20:40:26
+    @@ -75,12 +75,12 @@
+       cp = getenv("HOME");
+       if (cp) {
+         SetUserId();
+    -    sprintf(line, "%s/.%s", cp, file);
+    +    snprintf(line, sizeof line, "%s/.%s", cp, file);
+         fp = fopen(line, "r");
+       }
+       if (fp == NULL) {
+         SetPppId();
+    -    sprintf(line, "%s/%s",_PATH_PPP, file);
+    +    snprintf(line, sizeof line, "%s/%s", _PATH_PPP, file);
+         fp = fopen(line, "r");
+       }
+       if (fp == NULL) {
+    @@ -115,12 +115,12 @@
+       cp = getenv("HOME");
+       if (cp) {
+         SetUserId();
+    -    sprintf(line, "%s/.%s", cp, file);
+    +    snprintf(line, sizeof line, "%s/.%s", cp, file);
+         fp = fopen(line, "r");
+       }
+       if (fp == NULL) {
+         SetPppId();		/* fix from pdp@ark.jr3uom.iijnet.or.jp */
+    -    sprintf(line, "%s/%s",_PATH_PPP, file);
+    +    snprintf(line, sizeof line, "%s/%s", _PATH_PPP, file);
+         fp = fopen(line, "r");
+       }
+       if (fp == NULL) {
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMrb4FlUuHi5z0oilAQGCjQP/TcKygSf3CLwfJcPSnsQnc0k5fkF3QZvk
+Lp4K7FTua7M0AHHMn4gjpZEqB0+eqxMEGuZ+VXISSoESWyaOSz+hVLmLU2UZDLO0
+WWZWw3MM3UeWAzLLXwRPTLN0tQlpQJyqPNH1okb4c/Lx9IugN1wcGfbiTnOF3NaC
+d8lhtqcQoi4=
+=zAKC
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-96:21.talkd.asc b/share/security/advisories/FreeBSD-SA-96:21.talkd.asc
new file mode 100644
index 0000000000..36e9cfea6b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-96:21.talkd.asc
@@ -0,0 +1,357 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-96:21					    Security Advisory
+						        	FreeBSD, Inc.
+
+Topic:		unauthorized access via buffer overrun in talkd
+
+Category:	core
+Module:		talkd
+Announced:	1997-01-18
+Affects:	1.0, 1.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1
+Corrected:	2.2-current as of 1997-01-18
+		2.1-stable  as of 1197-01-18
+FreeBSD only:	no
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-96:21/
+References:	AUSCERT AA-97.01 (Australian CERT organization),
+		SEI CERT VU#5942 (internal tracking reference only)
+
+=============================================================================
+
+I.   Background    
+
+     Buffer overrun (aka stack overflow) exploits in system
+     supplied and locally installed utilities are commonly
+     used by individuals wishing to obtain unauthorized access to
+     computer systems.  The FreeBSD team has been reviewing and
+     fixing the source code pool to eliminate potential exploits
+     based on this technique.
+
+     Recently, the Australian CERT organization received information
+     of a buffer-overrun vulnerability in the talkd daemon shipped in
+     most modern BSD based systems.
+
+
+II.  Problem Description
+
+     To quote AUSCERT:
+
+	talk is a communication program which copies text from one
+	users terminal to that of another, possibly remote, user.
+	talkd is the daemon that notifies a user that someone else wishes
+	to initiate a conversation.
+
+	As part of the talk connection, talkd does a DNS lookup
+	for the hostname of the host where the connection is being
+	initiating from.  Due to insufficient bounds checking on
+	the buffer where the hostname is stored, it is possible to
+	overwrite the internal stack space of talkd.  By carefully
+	manipulating the hostname information, it is possible to
+	force talkd to execute arbitrary commands.  As talkd runs
+	with root privileges, this may allow intruders to remotely
+	execute arbitrary commands with these privileges.
+
+	This attack requires an intruder to be able to make a
+	network connection to a vulnerable talkd program and provide
+	corrupt DNS information to that host.
+
+	This type of attack is a particular instance of the problem
+	described in CERT advisory CA-96.04 "Corrupt Information
+	from Network Servers".  This advisory is available from:
+
+		ftp://info.cert.org/pub/cert_advisories/
+
+     Recent versions of FreeBSD 2.2 -current may not be affected
+     with this vulnerability due to improved security in
+     new versions of BIND, which sanity-check the results of
+     reverse name lookups performed by the DNS system.
+
+
+III. Impact
+
+
+     Intruders may be able to remotely execute arbitrary commands
+     with root privileges.
+
+     Access to a valid user account on the local system is not
+     required.
+
+
+IV. Workaround
+
+     Disable the ntalkd program found in /etc/inetd.conf by
+     commenting the appropriate line out and reconfiguring inetd.
+
+     # grep -i ntalk /etc/inetd.conf
+     ntalk   dgram   udp     wait    root    /usr/libexec/ntalkd     ntalkd
+
+     After editing /etc/inetd.conf, reconfigure inetd by sending
+     it a HUP signal.
+
+     # kill -HUP `cat /var/run/inetd.pid`
+
+V. Solution
+
+     The patches found at the following URL fix this vulnerability.
+     Patches are available for FreeBSD 2.1.x (-stable) and -current.
+
+     Acknowledgment:
+
+	 These patches were based off of published work provided by
+	 BSDI, Inc.
+
+     After applying these patches, recompile and re-install the
+     affected utilities.
+
+     For FreeBSD -current (2.2 prerelease and 3.0 prerelease)
+     systems:
+
+    Index: announce.c
+    ===================================================================
+    RCS file: /cvs/freebsd/src/libexec/talkd/announce.c,v
+    retrieving revision 1.6
+    diff -u -r1.6 announce.c
+    --- announce.c	1997/01/14 06:20:58	1.6
+    +++ announce.c	1997/01/18 08:27:04
+    @@ -34,7 +34,7 @@
+      */
+     
+     #ifndef lint
+    -static char sccsid[] = "@(#)announce.c	8.2 (Berkeley) 1/7/94";
+    +static char sccsid[] = "@(#)announce.c	8.3 (Berkeley) 4/28/95";
+     #endif /* not lint */
+     
+     #include <sys/types.h>
+    @@ -43,13 +43,17 @@
+     #include <sys/time.h>
+     #include <sys/wait.h>
+     #include <sys/socket.h>
+    +
+     #include <protocols/talkd.h>
+    +
+     #include <errno.h>
+    -#include <syslog.h>
+    -#include <unistd.h>
+    +#include <paths.h>
+     #include <stdio.h>
+    +#include <stdlib.h>
+     #include <string.h>
+    -#include <paths.h>
+    +#include <syslog.h>
+    +#include <unistd.h>
+    +#include <vis.h>
+     
+     extern char hostname[];
+     
+    @@ -78,7 +82,7 @@
+     
+     #define max(a,b) ( (a) > (b) ? (a) : (b) )
+     #define N_LINES 5
+    -#define N_CHARS 120
+    +#define N_CHARS 256
+     
+     /*
+      * Build a block of characters containing the message.
+    @@ -100,33 +104,37 @@
+	    char line_buf[N_LINES][N_CHARS];
+	    int sizes[N_LINES];
+	    char big_buf[N_LINES*N_CHARS];
+    -	char *bptr, *lptr, *ttymsg();
+    +	char *bptr, *lptr, *vis_user;
+	    int i, j, max_size;
+     
+	    i = 0;
+	    max_size = 0;
+	    gettimeofday(&clock, &zone);
+	    localclock = localtime( &clock.tv_sec );
+    -	(void)sprintf(line_buf[i], " ");
+    +	(void)snprintf(line_buf[i], N_CHARS, " ");
+	    sizes[i] = strlen(line_buf[i]);
+	    max_size = max(max_size, sizes[i]);
+	    i++;
+    -	(void)sprintf(line_buf[i], "Message from Talk_Daemon@%s at %d:%02d ...",
+    -	hostname, localclock->tm_hour , localclock->tm_min );
+    +	(void)snprintf(line_buf[i], N_CHARS,
+    +		"Message from Talk_Daemon@%s at %d:%02d ...",
+    +		hostname, localclock->tm_hour , localclock->tm_min );
+	    sizes[i] = strlen(line_buf[i]);
+	    max_size = max(max_size, sizes[i]);
+	    i++;
+    -	(void)sprintf(line_buf[i], "talk: connection requested by %s@%s",
+    -		request->l_name, remote_machine);
+    +
+    +	vis_user = malloc(strlen(request->l_name) * 4 + 1);
+    +	strvis(vis_user, request->l_name, VIS_CSTYLE);
+    +	(void)snprintf(line_buf[i], N_CHARS,
+    +	    "talk: connection requested by %s@%s", vis_user, remote_machine);
+	    sizes[i] = strlen(line_buf[i]);
+	    max_size = max(max_size, sizes[i]);
+	    i++;
+    -	(void)sprintf(line_buf[i], "talk: respond with:  talk %s@%s",
+    -		request->l_name, remote_machine);
+    +	(void)snprintf(line_buf[i], N_CHARS, "talk: respond with:  talk %s@%s",
+    +	    vis_user, remote_machine);
+	    sizes[i] = strlen(line_buf[i]);
+	    max_size = max(max_size, sizes[i]);
+	    i++;
+    -	(void)sprintf(line_buf[i], " ");
+    +	(void)snprintf(line_buf[i], N_CHARS, " ");
+	    sizes[i] = strlen(line_buf[i]);
+	    max_size = max(max_size, sizes[i]);
+	    i++;
+    Index: talkd.c
+    ===================================================================
+    RCS file: /cvs/freebsd/src/libexec/talkd/talkd.c,v
+    retrieving revision 1.5
+    diff -u -r1.5 talkd.c
+    --- talkd.c	1997/01/14 06:21:01	1.5
+    +++ talkd.c	1997/01/18 08:26:44
+    @@ -71,7 +71,7 @@
+     void	timeout();
+     long	lastmsgtime;
+     
+    -char    hostname[MAXHOSTNAMELEN];
+    +char    hostname[MAXHOSTNAMELEN + 1];
+     
+     #define TIMEOUT 30
+     #define MAXIDLE 120
+
+    For FreeBSD 2.1 based systems:
+
+    --- announce.c	1995/05/30 05:46:38	1.3
+    +++ announce.c	1997/01/18 08:33:55	1.3.4.1
+    @@ -32,7 +32,7 @@
+      */
+     
+     #ifndef lint
+    -static char sccsid[] = "@(#)announce.c	8.2 (Berkeley) 1/7/94";
+    +static char sccsid[] = "@(#)announce.c	8.3 (Berkeley) 4/28/95";
+     #endif /* not lint */
+     
+     #include <sys/types.h>
+    @@ -41,15 +41,18 @@
+     #include <sys/time.h>
+     #include <sys/wait.h>
+     #include <sys/socket.h>
+    +
+     #include <protocols/talkd.h>
+    -#include <sgtty.h>
+    +
+     #include <errno.h>
+    -#include <syslog.h>
+    -#include <unistd.h>
+    +#include <paths.h>
+     #include <stdio.h>
+    +#include <stdlib.h>
+     #include <string.h>
+    -#include <paths.h>
+    -
+    +#include <syslog.h>
+    +#include <unistd.h>
+    +#include <vis.h>
+    +  
+     extern char hostname[];
+     
+     /*
+    @@ -77,7 +80,7 @@
+     
+     #define max(a,b) ( (a) > (b) ? (a) : (b) )
+     #define N_LINES 5
+    -#define N_CHARS 120
+    +#define N_CHARS 256
+     
+     /*
+      * Build a block of characters containing the message.
+    @@ -99,33 +102,37 @@
+	    char line_buf[N_LINES][N_CHARS];
+	    int sizes[N_LINES];
+	    char big_buf[N_LINES*N_CHARS];
+    -	char *bptr, *lptr, *ttymsg();
+    +	char *bptr, *lptr, *vis_user;
+	    int i, j, max_size;
+     
+	    i = 0;
+	    max_size = 0;
+	    gettimeofday(&clock, &zone);
+	    localclock = localtime( &clock.tv_sec );
+    -	(void)sprintf(line_buf[i], " ");
+    +	(void)snprintf(line_buf[i], N_CHARS, " ");
+	    sizes[i] = strlen(line_buf[i]);
+	    max_size = max(max_size, sizes[i]);
+	    i++;
+    -	(void)sprintf(line_buf[i], "Message from Talk_Daemon@%s at %d:%02d ...",
+    -	hostname, localclock->tm_hour , localclock->tm_min );
+    +	(void)snprintf(line_buf[i], N_CHARS,
+    +		"Message from Talk_Daemon@%s at %d:%02d ...",
+    +		hostname, localclock->tm_hour , localclock->tm_min );
+	    sizes[i] = strlen(line_buf[i]);
+	    max_size = max(max_size, sizes[i]);
+	    i++;
+    -	(void)sprintf(line_buf[i], "talk: connection requested by %s@%s",
+    -		request->l_name, remote_machine);
+    +
+    +	vis_user = malloc(strlen(request->l_name) * 4 + 1);
+    +	strvis(vis_user, request->l_name, VIS_CSTYLE);
+    +	(void)snprintf(line_buf[i], N_CHARS,
+    +	    "talk: connection requested by %s@%s", vis_user, remote_machine);
+	    sizes[i] = strlen(line_buf[i]);
+	    max_size = max(max_size, sizes[i]);
+	    i++;
+    -	(void)sprintf(line_buf[i], "talk: respond with:  talk %s@%s",
+    -		request->l_name, remote_machine);
+    +	(void)snprintf(line_buf[i], N_CHARS, "talk: respond with:  talk %s@%s",
+    +	    vis_user, remote_machine);
+	    sizes[i] = strlen(line_buf[i]);
+	    max_size = max(max_size, sizes[i]);
+	    i++;
+    -	(void)sprintf(line_buf[i], " ");
+    +	(void)snprintf(line_buf[i], N_CHARS, " ");
+	    sizes[i] = strlen(line_buf[i]);
+	    max_size = max(max_size, sizes[i]);
+	    i++;
+    Index: talkd.c
+    ===================================================================
+    RCS file: /home/ncvs/src/libexec/talkd/talkd.c,v
+    retrieving revision 1.3
+    retrieving revision 1.3.4.1
+    diff -u -r1.3 -r1.3.4.1
+    --- talkd.c	1995/05/30 05:46:44	1.3
+    +++ talkd.c	1997/01/18 08:33:56	1.3.4.1
+    @@ -69,7 +69,7 @@
+     void	timeout();
+     long	lastmsgtime;
+     
+    -char    hostname[MAXHOSTNAMELEN];
+    +char    hostname[MAXHOSTNAMELEN + 1];
+     
+     #define TIMEOUT 30
+     #define MAXIDLE 120
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBMuCVAVUuHi5z0oilAQGx7gQAiiptKNx7xoeHec1jmBFLsoGBrxO9H3TC
+0FHl4n3p/MQEO3OEfChepC5coTAe00SjOEpnAZIinHbtVzNaodPs0hyMbQ7UnpPq
+wIRlxsPhxVuS+rbrY62pvn1Iagr4SaMAaseGK18f+Tq2Lbwc6//1bTOBn+Ms980F
+VaXsIaKYinQ=
+=yj1H
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-97:01.setlocale.asc b/share/security/advisories/FreeBSD-SA-97:01.setlocale.asc
new file mode 100644
index 0000000000..fb9383c407
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-97:01.setlocale.asc
@@ -0,0 +1,208 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-97:01					    Security Advisory
+Revised: Wed Feb 05 09:58:56 PDT 1997				FreeBSD, Inc.
+
+Topic:		setlocale() bug in all released versions of FreeBSD
+
+Category:	core
+Module:		libc
+Announced:	1997-02-05
+Affects:	FreeBSD 2.1.6 and earlier systems suffer from this
+                vulnerability for all binaries due to setlocale() being
+                called from crt0.o.
+
+Corrected:	1997-02-05 -stable, 1996-11-27 -current and RELENG_2_2 sources
+Source:		FreeBSD specific bug
+FreeBSD only:	unknown
+
+Patches:	ftp://freebsd.org/pub/CERT/patches/SA-97:01/
+
+=============================================================================
+
+I.   Background
+
+     The setlocale() call contains a number of potential exploits through
+     string overflows during environment variable expansion.  Because
+     the 2.1.6 and earlier versions of FreeBSD called setlocale() in
+     the C runtime code, the problem is especially acute there in that it
+     essentially effects all binaries on the system.
+
+     In FreeBSD 2.2 BETA and later releases, the setlocale() call was
+     removed from crt0.c and the exploit closed through additional checks.
+
+     There has also been some confusion over the implications of loading
+     locale data by privileged programs.  The facility for a user to supply
+     their own (possibly corrupt or abused) locale data to non-privileged
+     processes was removed in all releases on 1997-02-04.  This was
+     originally a debugging facility that got little use and the user can now
+     only direct system binaries to load system administrator sanctioned
+     locale files.
+
+     This problem is present in all source code and binary distributions of
+     FreeBSD released on or before 1996-11-27.
+
+
+II.  Problem Description
+
+     The setlocale() library function looks for the environment variable
+     "PATH_LOCALE" in the current process's environment, and if it exists,
+     later copies the contents of this variable to a stack buffer without
+     doing proper bounds checking. If the environment variable was specially
+     initialized with the proper amount and type of data prior to running a
+     setuid program, it is possible to cause the program to overflow its stack
+     and execute arbitrary code which could allow the user to become root.
+
+
+III. Impact
+
+     Any binary linked on a system with setlocale() built into crt0.c (see
+     list of affected releases in section I above) or which calls setlocale()
+     directly has the buffer overrun vulnerability.
+
+     If this binary has the setuid or setgid bits set, or is called by
+     another setuid/setgid binary (even if that other setuid/setgid binary
+     does not have this vulnerability), unauthorized access may be allowed.
+
+     
+IV. Solution(s)
+
+     Recompiling libc with the following patches and then recompiling all
+     staticly linked binaries (all in /sbin and /bin as well as chflags,
+     gunzip, gzcat, gzip, ld, tar and zcat in /usr/bin) eliminates this
+     vulnerability in FreeBSD 2.1.6 and earlier releases:
+
+	 However, a full solution may require a re-link of all setuid/setgid
+	 local binaries or all local binaries likely to be called from another
+	 setuid/setgid program that were originally linked statically under
+	 one of the affected OSs.  Dynamically linked executables will benefit
+	 directly from this patch once libc is rebuilt and reinstalled and
+	 do not need to be relinked.
+
+     Because of the severity of this security hole, a full update release for
+     FreeBSD 2.1.6 will also be released very shortly, that release being
+     provisionally assigned the version number of 2.1.7.
+
+     Index: lib/libc/locale/collate.c
+     ===================================================================
+     RCS file: /home/ncvs/src/lib/libc/locale/collate.c,v
+     retrieving revision 1.4.4.2
+     diff -c -r1.4.4.2 collate.c
+     *** collate.c	1996/06/05 02:47:55	1.4.4.2
+     --- collate.c	1997/02/05 10:21:59
+     ***************
+     *** 64,70 ****
+       	__collate_load_error = 1;
+       	if (!encoding)
+       		return -1;
+     ! 	if (!path_locale && !(path_locale = getenv("PATH_LOCALE")))
+       		path_locale = _PATH_LOCALE;
+       	strcpy(buf, path_locale);
+       	strcat(buf, "/");
+     --- 64,70 ----
+       	__collate_load_error = 1;
+       	if (!encoding)
+       		return -1;
+     ! 	if (!path_locale)
+       		path_locale = _PATH_LOCALE;
+       	strcpy(buf, path_locale);
+       	strcat(buf, "/");
+     Index: lib/libc/locale/rune.c
+     ===================================================================
+     RCS file: /home/ncvs/src/lib/libc/locale/rune.c,v
+     retrieving revision 1.2.6.3
+     diff -c -r1.2.6.3 rune.c
+     *** rune.c	1996/06/05 02:47:59	1.2.6.3
+     --- rune.c	1997/02/05 10:22:00
+     ***************
+     *** 71,77 ****
+       		return(0);
+       	}
+       
+     ! 	if (!PathLocale && !(PathLocale = getenv("PATH_LOCALE")))
+       		PathLocale = _PATH_LOCALE;
+       
+       	(void) strcpy(name, PathLocale);
+     --- 71,77 ----
+       		return(0);
+       	}
+       
+     ! 	if (!PathLocale)
+       		PathLocale = _PATH_LOCALE;
+       
+       	(void) strcpy(name, PathLocale);
+     Index: lib/libc/locale/setlocale.c
+     ===================================================================
+     RCS file: /home/ncvs/src/lib/libc/locale/setlocale.c,v
+     retrieving revision 1.3.4.2.2.1
+     diff -c -r1.3.4.2.2.1 setlocale.c
+     *** setlocale.c	1996/06/05 02:48:03	1.3.4.2.2.1
+     --- setlocale.c	1997/02/05 10:22:00
+     ***************
+     *** 58,64 ****
+       	int found, i, len;
+       	char *env, *r;
+       
+     ! 	if (!PathLocale && !(PathLocale = getenv("PATH_LOCALE")))
+       		PathLocale = _PATH_LOCALE;
+       
+       	if (category < 0 || category >= _LC_LAST)
+     --- 58,64 ----
+       	int found, i, len;
+       	char *env, *r;
+       
+     ! 	if (!PathLocale)
+       		PathLocale = _PATH_LOCALE;
+       
+       	if (category < 0 || category >= _LC_LAST)
+     Index: lib/libc/locale/startup_setlocale.c
+     ===================================================================
+     RCS file: /home/ncvs/src/lib/libc/locale/Attic/startup_setlocale.c,v
+     retrieving revision 1.2.4.2
+     diff -c -r1.2.4.2 startup_setlocale.c
+     *** startup_setlocale.c	1995/08/28 05:06:50	1.2.4.2
+     --- startup_setlocale.c	1997/02/05 10:22:00
+     ***************
+     *** 23,29 ****
+       	int found, i, len;
+       	char *env, *r;
+       
+     ! 	if (!PathLocale && !(PathLocale = getenv("PATH_LOCALE")))
+       		PathLocale = _PATH_LOCALE;
+       
+       	if (category < 0 || category >= _LC_LAST)
+     --- 23,29 ----
+       	int found, i, len;
+       	char *env, *r;
+       
+     ! 	if (!PathLocale)
+       		PathLocale = _PATH_LOCALE;
+       
+       	if (category < 0 || category >= _LC_LAST)
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+	modifications caused by digital signature or mailer software.
+	Please reference the URL listed at the top of this document
+	for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBMvmSjFUuHi5z0oilAQEqfQP/dDbKxFn2i1jr2mfd2RNoqhi+v7iu8+Gx
+Tt9rKtPebjA+/I3qWkt9nLs7W/2pnOJ1Wb7O8zvbvN0zdvqkKkCoV5j6U41TmSde
+oLKdUu9LyUSOQRlDVDtgVB0SskyIRxGdES4tTaT5qRBaZ7XPOtKWsz+jhch8zYyu
+iHaVnXN8u9I=
+=XSmz
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-97:02.lpd.asc b/share/security/advisories/FreeBSD-SA-97:02.lpd.asc
new file mode 100644
index 0000000000..91a8bc84ff
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-97:02.lpd.asc
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-97:02                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Buffer overflow in lpd
+
+Category:       core
+Module:         lpd
+Announced:      1997-03-26
+Affects:        FreeBSD 2.1.7 and earlier and FreeBSD 2.2 snapshots
+		before 1997/02/25 suffer from this problem.
+Corrected:      FreeBSD-current as of 1997/02/25
+		FreeBSD 2.2 as of 1997/02/25
+		FreeBSD 2.1.x as of 1997/02/25
+FreeBSD only:   yes
+
+Patches:        ftp://freebsd.org/pub/CERT/patches/SA-97:02/
+
+=============================================================================
+
+I.   Background    
+
+     The lpd program is used to print local and remote print jobs.  It
+     is standard software in the FreeBSD operating system.
+
+II.  Problem Description
+
+     The lpd program runs as root.  A remote attacker can exploit a
+     buffer overflow to obtain root privs.
+
+III. Impact
+     
+     Remote users can gain root privs.
+
+IV.  Workaround
+
+     The only workaround is to disable lpd, which will have the effect
+     of removing the printing functionality from the system.  Since
+     the buffer overflow happens before the connection is authenticated,
+     using lpd's authentication methods will not affect the system
+     vulnerability.
+
+V.   Solution
+
+     Apply the following patch, rebuild and install libc:
+
+     (This patch can also be found on
+	ftp://freebsd.org/pub/CERT/patches/SA-97:02/)
+
+    Index: rcmd.c
+    ===================================================================
+    RCS file: /home/imp/FreeBSD/CVS/src/lib/libc/net/rcmd.c,v
+    retrieving revision 1.3.4.4
+    retrieving revision 1.3.4.5
+    diff -u -r1.3.4.4 -r1.3.4.5
+    --- rcmd.c	1997/02/09 06:57:54	1.3.4.4
+    +++ rcmd.c	1997/02/26 06:14:11	1.3.4.5
+    @@ -377,7 +377,8 @@
+     	if ((hp = gethostbyaddr((char *)&raddr, sizeof(u_long),
+     							AF_INET)) == NULL)
+     		return (-1);
+    -	strcpy(hname, hp->h_name);
+    +	strncpy(hname, hp->h_name, sizeof(hname));
+    +	hname[sizeof(hname) - 1] = '\0';
+     
+     	while (fgets(buf, sizeof(buf), hostf)) {
+     		p = buf;
+
+VI.   Thanks
+
+     This problem was brought to light by Oliver Friedrichs
+     <oliver@SECNET.COM>.
+     
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+PGP Key:                        ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBMznCN1UuHi5z0oilAQFZ4QQAjlb006zWQrHqeihPP6Z9Dt+d3GmMIOzC
+E/JHqxblF+GJuhmAmlJ4SCLvi7lKP8jiL9VdKOjK2dKW1XSDGuzH9BvCXtRaAaMJ
+pO9icPi1D71qYEwRrhDG2/p2WxcXAXzSgfEPBAHMdfA6Ivg1v50t4mBcDemryrw1
+721tD7zYq68=
+=iXDD
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-97:03.sysinstall.asc b/share/security/advisories/FreeBSD-SA-97:03.sysinstall.asc
new file mode 100644
index 0000000000..122cc9bdfe
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-97:03.sysinstall.asc
@@ -0,0 +1,106 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-97:03					    Security Advisory
+							    FreeBSD, Inc.
+
+Topic:		sysinstall bug
+
+Category:	core
+Module:		sysinstall
+Announced:	1997-04-07
+Affects:	FreeBSD 2.1, FreeBSD 2.1.5, FreeBSD 2.1.6 and FreeBSD 2.1.7
+		FreeBSD 2.2 and FreeBSD 2.2.1.
+
+Corrected:	all versions as of 1997-04-01. This includes the installation			floppies for FreeBSD 2.2.1 found on:
+		ftp://ftp.FreeBSD.org/pub/FreeBSD/2.2.1-RELEASE/floppies/newer/
+		Also the CDROM of FreeBSD 2.2.1 has this problem corrected.
+Source:		FreeBSD
+FreeBSD only:	yes
+
+Patches:	
+
+=============================================================================
+
+I.   Background
+
+     Sysinstall is used both for fresh installations of FreeBSD as
+     well as post installation updates, like installing packages
+     from CDROM or ftp sites.
+
+II.  Problem Description
+
+     One of the port installation options in sysinstall is to install
+     an anonymous ftp setup on the system. In such a setup, an extra
+     user needs to be created on the system, with username 'ftp'.
+     This user is created with the shell equal to '/bin/date' and an
+     empty password.
+
+III. Impact
+
+     Under some circumstances, this will allow unauthorized access
+     of system resources.
+
+IV. Solution(s)
+
+     Change the entry of the ftp user such that is has an invalid password
+     and an invalid shell. This can be done by becoming the superuser,
+     and use the vipw command. Go to the line that starts with ftp::
+     and change ftp:: to ftp:*: 
+     Also change, on the same line, the shell from /bin/date to /nonexistent.
+
+     If you have not yet used sysinstall to create an anonymous ftp setup,
+     but are planning to, please apply one of the following patches:
+
+     Patch for FreeBSD 2.1.5, 2.1.6, 2.2 and 2.2.1:
+
+    --- anonFTP.c	1996/04/28 03:26:42	1.14
+    +++ anonFTP.c	1997/04/07 17:20:16
+    @@ -195,7 +195,7 @@
+     	return (DITEM_SUCCESS); 	/* succeeds if already exists */
+         }
+         
+    -    sprintf(pwline, "%s::%s:%d::0:0:%s:%s:/bin/date\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir);
+    +    sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir);
+         
+         fptr = fopen(_PATH_MASTERPASSWD,"a");
+         if (! fptr) {
+
+    Patch for FreeBSD 2.1:
+    
+    --- anonFTP.c	1995/11/12 07:27:55	1.6
+    +++ anonFTP.c	1997/04/03 19:29:21
+    @@ -201,7 +201,7 @@
+         return (RET_SUCCESS); 	/* succeeds if already exists */
+        }
+     
+    -   sprintf(pwline, "%s::%s:%d::0:0:%s:%s:/bin/date\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir);
+    +   sprintf(pwline, "%s:*:%s:%d::0:0:%s:%s:/nonexistent\n", FTP_NAME, tconf.uid, gid, tconf.comment, tconf.homedir);
+     
+        fptr = fopen(_PATH_MASTERPASSWD,"a");
+        if (! fptr) {
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:			http://www.freebsd.org/
+Confidential contacts:		security-officer@freebsd.org
+PGP Key:			ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:		security-notifications@freebsd.org
+Security public discussion:	security@freebsd.org
+    
+Notice: Any patches in this document may not apply cleanly due to
+	modifications caused by digital signature or mailer software.
+	Please reference the URL listed at the top of this document
+	for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBM0kvaFUuHi5z0oilAQHzVgP/TwmyRgBAF1Hs/jSihpAzFTRfHXdX/8+r
+7mO7OHtM8vBTX1SPaYOr+DdSI2PkcSU4Y8O2OsdR3O4asV52LT5d/qWqJVQbN8bM
+majL9ufeH3WotZHEJAo6nHf0/Cw+Aml2MytnaBiOHhvtiiY9aAEiYQve5TEwVbhE
+92/GUaLo3uY=
+=VjRL
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-97:04.procfs.asc b/share/security/advisories/FreeBSD-SA-97:04.procfs.asc
new file mode 100644
index 0000000000..41cb1f8438
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-97:04.procfs.asc
@@ -0,0 +1,445 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+
+=============================================================================
+FreeBSD-SA-97:04                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          security compromise via procfs
+
+Category:       core
+Module:         procfs
+Announced:      1997-08-19
+Affects:        FreeBSD 2.1.*, FreeBSD 2.2.*,
+		FreeBSD-stable and FreeBSD-current 
+		before 1997/08/12 suffer from this problem.
+Corrected:      FreeBSD-current as of 1997/08/12
+		FreeBSD-stable as of 1997/08/12
+		FreeBSD 2.1-stable as of 1997/08/25
+FreeBSD only:   no (also other BSD systems may be affected)
+
+Patches:        ftp://freebsd.org/pub/CERT/patches/SA-97:04/
+
+=============================================================================
+
+I.   Background    
+
+     Procfs provides a filesystem interface to processes on a system.
+     Among others it is used by ps(1) and gdb(1).
+
+II.  Problem Description
+
+     A problem exists in the procfs kernel code that allows processes
+     to write memory of other processes where it should have been prohibited.
+     
+III. Impact
+     
+     The hole can be used by any user on the system to gain root privileges.
+
+IV.  Workaround
+
+     A workaround is to disable the mounting of procfs. To achieve this,
+     edit the file /etc/fstab and put a '#' in front of the line
+	proc		/proc		procfs	rw 0 0
+     Note that when you do that, some utilities may either not work anymore
+     or have a limited functionality.
+
+V.   Solution
+
+     Apply one of the following patches in /usr/src/sys/miscfs/procfs,
+     rebuild your kernel, install it and reboot your system.
+
+     For 2.1 and 2.2 systems:
+     
+     Index: procfs_regs.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_regs.c,v
+     retrieving revision 1.3
+     retrieving revision 1.3.4.1
+     diff -u -r1.3 -r1.3.4.1
+     --- procfs_regs.c	1996/01/24 18:41:25	1.3
+     +++ procfs_regs.c	1997/08/12 04:45:25	1.3.4.1
+     @@ -36,7 +36,7 @@
+       *
+       *	@(#)procfs_regs.c	8.3 (Berkeley) 1/27/94
+       *
+     - *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       */
+      
+      #include <sys/param.h>
+     @@ -62,6 +62,8 @@
+      	char *kv;
+      	int kl;
+      
+     +	if (!CHECKIO(curp, p))
+     +		return EPERM;
+      	kl = sizeof(r);
+      	kv = (char *) &r;
+      
+     Index: procfs.h
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs.h,v
+     retrieving revision 1.12
+     retrieving revision 1.12.2.1
+     diff -u -r1.12 -r1.12.2.1
+     --- procfs.h	1996/07/02 13:38:07	1.12
+     +++ procfs.h	1997/08/12 04:45:20	1.12.2.1
+     @@ -36,7 +36,7 @@
+       *
+       *	@(#)procfs.h	8.6 (Berkeley) 2/3/94
+       *
+     - *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       */
+      
+      /*
+     @@ -83,6 +83,18 @@
+      	  (bcmp((s), (cnp)->cn_nameptr, (len)) == 0))
+      
+      #define KMEM_GROUP 2
+     +
+     +/*
+     + * Check to see whether access to target process is allowed
+     + * Evaluates to 1 if access is allowed.
+     + */
+     +#define CHECKIO(p1, p2) \
+     +     ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \
+     +       ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \
+     +       ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \
+     +       ((p2)->p_flag & P_SUGID) == 0) || \
+     +      (suser((p1)->p_cred->pc_ucred, &(p1)->p_acflag) == 0))
+     +      
+      /*
+       * Format of a directory entry in /proc, ...
+       * This must map onto struct dirent (see <dirent.h>)
+     Index: procfs_mem.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_mem.c,v
+     retrieving revision 1.20
+     retrieving revision 1.20.2.1
+     diff -u -r1.20 -r1.20.2.1
+     --- procfs_mem.c	1996/10/24 02:47:05	1.20
+     +++ procfs_mem.c	1997/08/12 04:45:23	1.20.2.1
+     @@ -37,7 +37,7 @@
+       *
+       *	@(#)procfs_mem.c	8.4 (Berkeley) 1/21/94
+       *
+     - *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       */
+      
+      /*
+     @@ -300,6 +300,23 @@
+      	if (uio->uio_resid == 0)
+      		return (0);
+      
+     + 	/*
+     + 	 * XXX
+     + 	 * We need to check for KMEM_GROUP because ps is sgid kmem;
+     + 	 * not allowing it here causes ps to not work properly.  Arguably,
+     + 	 * this is a bug with what ps does.  We only need to do this
+     + 	 * for Pmem nodes, and only if it's reading.  This is still not
+     + 	 * good, as it may still be possible to grab illicit data if
+     + 	 * a process somehow gets to be KMEM_GROUP.  Note that this also
+     + 	 * means that KMEM_GROUP can't change without editing procfs.h!
+     + 	 * All in all, quite yucky.
+     + 	 */
+     +  
+     +	if (!CHECKIO(curp, p) &&
+     + 	    !(curp->p_cred->pc_ucred->cr_gid == KMEM_GROUP &&
+     + 	      uio->uio_rw == UIO_READ))
+     +  		return EPERM;
+     + 
+      	error = procfs_rwmem(p, uio);
+      
+      	return (error);
+     Index: procfs_vnops.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_vnops.c,v
+     retrieving revision 1.24
+     retrieving revision 1.24.2.1
+     diff -u -r1.24 -r1.24.2.1
+     --- procfs_vnops.c	1996/09/03 14:23:10	1.24
+     +++ procfs_vnops.c	1997/08/12 04:45:27	1.24.2.1
+     @@ -36,7 +36,7 @@
+       *
+       *	@(#)procfs_vnops.c	8.6 (Berkeley) 2/7/94
+       *
+     - *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       */
+      
+      /*
+     @@ -120,16 +120,21 @@
+      	struct vop_open_args *ap;
+      {
+      	struct pfsnode *pfs = VTOPFS(ap->a_vp);
+     +	struct proc *p1 = ap->a_p, *p2 = PFIND(pfs->pfs_pid);
+     +
+     +	if (p2 == NULL)
+     +		return ENOENT;
+      
+      	switch (pfs->pfs_type) {
+      	case Pmem:
+     -		if (PFIND(pfs->pfs_pid) == 0)
+     -			return (ENOENT);	/* was ESRCH, jsp */
+     -
+      		if (((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL)) ||
+      			((pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE)))
+      			return (EBUSY);
+      
+     +		if (!CHECKIO(p1, p2) &&
+     +		    (p1->p_cred->pc_ucred->cr_gid != KMEM_GROUP))
+     +			return EPERM;
+     +
+      
+      		if (ap->a_mode & FWRITE)
+      			pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL);
+     @@ -176,7 +181,6 @@
+      procfs_ioctl(ap)
+      	struct vop_ioctl_args *ap;
+      {
+     -
+      	return (ENOTTY);
+      }
+      
+     Index: procfs_fpregs.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_fpregs.c,v
+     retrieving revision 1.3
+     retrieving revision 1.3.4.1
+     diff -u -r1.3 -r1.3.4.1
+     --- procfs_fpregs.c	1996/01/24 18:40:56	1.3
+     +++ procfs_fpregs.c	1997/08/12 05:24:20	1.3.4.1
+     @@ -36,7 +36,7 @@
+       *
+       *	@(#)procfs_fpregs.c	8.1 (Berkeley) 1/27/94
+       *
+     - *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       */
+      
+      #include <sys/param.h>
+     @@ -62,6 +62,8 @@
+      	char *kv;
+      	int kl;
+      
+     +	if (!CHECKIO(curp, p))
+     +		return EPERM;
+      	kl = sizeof(r);
+      	kv = (char *) &r;
+     
+     For FreeBSd-current systems:
+      
+     Index: procfs_regs.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_regs.c,v
+     retrieving revision 1.7
+     retrieving revision 1.8
+     diff -u -r1.7 -r1.8
+     --- procfs_regs.c	1997/08/02 14:32:16	1.7
+     +++ procfs_regs.c	1997/08/12 04:34:29	1.8
+     @@ -37,7 +37,7 @@
+       *	@(#)procfs_regs.c	8.4 (Berkeley) 6/15/94
+       *
+       * From:
+     - *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       */
+      
+      #include <sys/param.h>
+     @@ -60,6 +60,8 @@
+      	char *kv;
+      	int kl;
+      
+     +	if (!CHECKIO(curp, p))
+     +		return EPERM;
+      	kl = sizeof(r);
+      	kv = (char *) &r;
+      
+     Index: procfs.h
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs.h,v
+     retrieving revision 1.15
+     retrieving revision 1.16
+     diff -u -r1.15 -r1.16
+     --- procfs.h	1997/02/22 09:40:26	1.15
+     +++ procfs.h	1997/08/12 04:34:27	1.16
+     @@ -37,7 +37,7 @@
+       *	@(#)procfs.h	8.9 (Berkeley) 5/14/95
+       *
+       * From:
+     - *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       */
+      
+      /*
+     @@ -85,6 +85,18 @@
+      	  (bcmp((s), (cnp)->cn_nameptr, (len)) == 0))
+      
+      #define KMEM_GROUP 2
+     +
+     +/*
+     + * Check to see whether access to target process is allowed
+     + * Evaluates to 1 if access is allowed.
+     + */
+     +#define CHECKIO(p1, p2) \
+     +     ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \
+     +       ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \
+     +       ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \
+     +       ((p2)->p_flag & P_SUGID) == 0) || \
+     +      (suser((p1)->p_cred->pc_ucred, &(p1)->p_acflag) == 0))
+     +      
+      /*
+       * Format of a directory entry in /proc, ...
+       * This must map onto struct dirent (see <dirent.h>)
+     Index: procfs_mem.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_mem.c,v
+     retrieving revision 1.26
+     retrieving revision 1.27
+     diff -u -r1.26 -r1.27
+     --- procfs_mem.c	1997/08/02 14:32:14	1.26
+     +++ procfs_mem.c	1997/08/12 04:34:28	1.27
+     @@ -37,7 +37,7 @@
+       *
+       *	@(#)procfs_mem.c	8.5 (Berkeley) 6/15/94
+       *
+     - *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       */
+      
+      /*
+     @@ -276,6 +276,23 @@
+      
+      	if (uio->uio_resid == 0)
+      		return (0);
+     +
+     + 	/*
+     + 	 * XXX
+     + 	 * We need to check for KMEM_GROUP because ps is sgid kmem;
+     + 	 * not allowing it here causes ps to not work properly.  Arguably,
+     + 	 * this is a bug with what ps does.  We only need to do this
+     + 	 * for Pmem nodes, and only if it's reading.  This is still not
+     + 	 * good, as it may still be possible to grab illicit data if
+     + 	 * a process somehow gets to be KMEM_GROUP.  Note that this also
+     + 	 * means that KMEM_GROUP can't change without editing procfs.h!
+     + 	 * All in all, quite yucky.
+     + 	 */
+     + 
+     + 	if (!CHECKIO(curp, p) &&
+     +	    !(curp->p_cred->pc_ucred->cr_gid == KMEM_GROUP &&
+     +	      uio->uio_rw == UIO_READ))
+     + 		return EPERM;
+      
+      	return (procfs_rwmem(p, uio));
+      }
+     Index: procfs_vnops.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_vnops.c,v
+     retrieving revision 1.30
+     retrieving revision 1.31
+     diff -u -r1.30 -r1.31
+     --- procfs_vnops.c	1997/08/02 14:32:20	1.30
+     +++ procfs_vnops.c	1997/08/12 04:34:30	1.31
+     @@ -36,7 +36,7 @@
+       *
+       *	@(#)procfs_vnops.c	8.18 (Berkeley) 5/21/95
+       *
+     - *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       */
+      
+      /*
+     @@ -127,16 +127,21 @@
+      	} */ *ap;
+      {
+      	struct pfsnode *pfs = VTOPFS(ap->a_vp);
+     +	struct proc *p1 = ap->a_p, *p2 = PFIND(pfs->pfs_pid);
+     +
+     +	if (p2 == NULL)
+     +		return ENOENT;
+      
+      	switch (pfs->pfs_type) {
+      	case Pmem:
+     -		if (PFIND(pfs->pfs_pid) == 0)
+     -			return (ENOENT);	/* was ESRCH, jsp */
+     -
+      		if ((pfs->pfs_flags & FWRITE) && (ap->a_mode & O_EXCL) ||
+      		    (pfs->pfs_flags & O_EXCL) && (ap->a_mode & FWRITE))
+      			return (EBUSY);
+      
+     +		if (!CHECKIO(p1, p2) &&
+     +		    (p1->p_cred->pc_ucred->cr_gid != KMEM_GROUP))
+     +			return EPERM;
+     +
+      		if (ap->a_mode & FWRITE)
+      			pfs->pfs_flags = ap->a_mode & (FWRITE|O_EXCL);
+      
+     @@ -194,7 +199,6 @@
+      		struct proc *a_p;
+      	} */ *ap;
+      {
+     -
+      	return (ENOTTY);
+      }
+      
+     Index: procfs_fpregs.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/miscfs/procfs/procfs_fpregs.c,v
+     retrieving revision 1.7
+     retrieving revision 1.8
+     diff -u -r1.7 -r1.8
+     --- procfs_fpregs.c	1997/08/02 14:32:11	1.7
+     +++ procfs_fpregs.c	1997/08/12 05:23:51	1.8
+     @@ -37,7 +37,7 @@
+       *	@(#)procfs_fpregs.c	8.2 (Berkeley) 6/15/94
+       *
+       * From:
+     - *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+     + *	$Id: FreeBSD-SA-97:04.procfs.asc,v 1.1 2001/09/02 00:04:38 kris Exp $
+       */
+      
+      #include <sys/param.h>
+     @@ -60,6 +60,8 @@
+      	char *kv;
+      	int kl;
+      
+     +	if (!CHECKIO(curp, p))
+     +		return EPERM;
+      	kl = sizeof(r);
+      	kv = (char *) &r;
+      
+     (These patches can also be found on
+	ftp://freebsd.org/pub/CERT/patches/SA-97:04/)
+     
+VI.   Thanks
+
+     This problem was brought to light by Brian Mitchell
+     <brian@firehouse.net>
+     
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+PGP Key:                        ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBNAMWLFUuHi5z0oilAQHmrQQAoXR/BUliLCJgtDx/tG4lSNMpY2+wYWtw
+PNiPjLfHHbA2yOXoJxv5ANw0Z6zeovCP1rHTKbG0vGNQe45d34kC+qY1hSKhYxjV
+BGeEKzCUyfGn0ovrfWjmW6FL3n2Kq76yJbhR5tiev5vaM9+kvWKs8aK5c1maAEOv
+PxYm/nzJg04=
+=aC0v
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-97:05.open.asc b/share/security/advisories/FreeBSD-SA-97:05.open.asc
new file mode 100644
index 0000000000..1bfecfc74b
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-97:05.open.asc
@@ -0,0 +1,168 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+
+=============================================================================
+FreeBSD-SA-97:05                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          security compromise via open()
+
+Category:       core
+Module:         kern
+Announced:      1997-10-29
+Affects:        FreeBSD 2.1.*, FreeBSD 2.2.*,
+		FreeBSD-stable and FreeBSD-current 
+Corrected:      FreeBSD-current as of 1997/10/23 (partly even on 1997/04/14)
+		FreeBSD-stable as of 1997/10/24
+		FreeBSD 2.1-stable as of 1997/10/29
+FreeBSD only:   yes
+
+Patches:        ftp://freebsd.org/pub/CERT/patches/SA-97:05/
+
+=============================================================================
+
+I.   Background    
+
+     In FreeBSD, the open() system call is used in normal file operations.
+     When calling open(), the caller should specify if the file is
+     to be opened for reading, for writing or for both.
+     The right to reading from and/or writing to a file is controlled
+     by the file's mode bits in the filesystem.
+     In FreeBSD, open() is also used to obtain the right to do
+     privileged io instructions.
+     
+
+II.  Problem Description
+
+     A problem exists in the open() syscall that allows processes
+     to obtain a valid file descriptor without having read or write
+     permissions on the file being opened. This is normally not a
+     problem. The FreeBSD way of obtaining the right to do io
+     instructions however, is based on the right to open a specific
+     file (/dev/io).
+     
+III. Impact
+     
+     The problem can be used by any user on the system to do unauthorised
+     io instructions.
+     
+
+IV.  Workaround
+
+     No workaround is available.
+
+V.   Solution
+
+     Apply the following patches. The first one in /usr/src/sys/kern,
+     and the second one in /usr/src/sys/i386/i386,
+     Rebuild your kernel, install it and reboot your system.
+
+     patch 1:
+     For FreeBSD-current before 1997/10/23:
+
+     Index: vfs_syscalls.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/kern/vfs_syscalls.c,v
+     retrieving revision 1.76
+     retrieving revision 1.77
+     diff -u -r1.76 -r1.77
+     --- vfs_syscalls.c	1997/10/12 20:24:27	1.76
+     +++ vfs_syscalls.c	1997/10/22 07:28:51	1.77
+     @@ -863,11 +863,13 @@
+      	struct flock lf;
+      	struct nameidata nd;
+      
+     +	flags = FFLAGS(SCARG(uap, flags));
+     +	if ((flags & FREAD + FWRITE) == 0)
+     +		return (EINVAL);
+      	error = falloc(p, &nfp, &indx);
+      	if (error)
+      		return (error);
+      	fp = nfp;
+     -	flags = FFLAGS(SCARG(uap, flags));
+      	cmode = ((SCARG(uap, mode) &~ fdp->fd_cmask) & ALLPERMS) &~ S_ISTXT;
+      	NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, SCARG(uap, path), p);
+      	p->p_dupfd = -indx - 1;			/* XXX check for fdopen */
+     
+
+     For FreeBSD 2.1.* and 2.2.*:
+
+     Index: vfs_syscalls.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/kern/vfs_syscalls.c,v
+     retrieving revision 1.51.2.5
+     diff -u -r1.51.2.5 vfs_syscalls.c
+     --- vfs_syscalls.c	1997/10/01 06:23:48	1.51.2.5
+     +++ vfs_syscalls.c	1997/10/28 22:04:43
+     @@ -688,11 +688,13 @@
+      	struct flock lf;
+      	struct nameidata nd;
+      
+     +	flags = FFLAGS(uap->flags);
+     +	if ((flags & FREAD + FWRITE) == 0)
+     +		return (EINVAL);
+      	error = falloc(p, &nfp, &indx);
+      	if (error)
+      		return (error);
+      	fp = nfp;
+     -	flags = FFLAGS(uap->flags);
+      	cmode = ((uap->mode &~ fdp->fd_cmask) & ALLPERMS) &~ S_ISTXT;
+      	NDINIT(&nd, LOOKUP, FOLLOW, UIO_USERSPACE, uap->path, p);
+      	p->p_dupfd = -indx - 1;			/* XXX check for fdopen */
+
+     patch 2:
+     For FreeBSD 2.1.* and 2.2.* and For FreeBSD-current before 1997/04/14:
+
+     Index: mem.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/i386/i386/mem.c,v
+     retrieving revision 1.38
+     retrieving revision 1.38.2.1
+     diff -u -r1.38 -r1.38.2.1
+     --- mem.c	1996/09/27 13:25:06	1.38
+     +++ mem.c	1997/10/23 22:14:24	1.38.2.1
+     @@ -169,6 +169,7 @@
+      	int fmt;
+      	struct proc *p;
+      {
+     +	int error;
+      	struct trapframe *fp;
+      
+      	switch (minor(dev)) {
+     @@ -179,6 +180,11 @@
+      		return ENODEV;
+      #endif
+      	case 14:
+     +		error = suser(p->p_ucred, &p->p_acflag);
+     +		if (error != 0)
+     +			return (error);
+     +		if (securelevel > 0)
+     +			return (EPERM);
+      		fp = (struct trapframe *)curproc->p_md.md_regs;
+      		fp->tf_eflags |= PSL_IOPL;
+      		break;
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+PGP Key:                        ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBNFeHI1UuHi5z0oilAQEtvAQAgMrMQvRpBOiV1nWzPzDSsnQOz4bBppcT
+SMEssoeRrr0cQQACZ4su3vlb71XJzgXi3bakEvvZgsMSSKb3sNxEl0RHR93cDNlE
+L9x3sDjbY7l1q2W4BldTly7W4WDjnJt5KEVbi7DKhXb+SuxgaSN0lsow5Cgd54jX
+skpX4qluhBM=
+=47P3
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-97:06.f00f.asc b/share/security/advisories/FreeBSD-SA-97:06.f00f.asc
new file mode 100644
index 0000000000..74c95f0e44
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-97:06.f00f.asc
@@ -0,0 +1,234 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-97:06                                            Security Advisory
+                                                                FreeBSD, Inc.
+     
+Topic:          Pentium processors have flaw allowing unpriviledged crashes
+
+Category:       core
+Module:         kern
+Announced:      1997-12-09
+Affects:        FreeBSD 2.1.*, FreeBSD 2.2.*,
+		FreeBSD-stable and FreeBSD-current 
+Corrected:      FreeBSD-current as of 1997-12-04
+		FreeBSD-stable as of 1997-12-04
+FreeBSD only:   no
+
+Patches:        ftp://freebsd.org/pub/CERT/patches/SA-97:06/
+
+=============================================================================
+
+I.   Background
+
+     Intel processors have instruction combiniations that, when
+     executed, produce illegal instruction traps.  This is a normal
+     part of every cpu manufactured and is how new instructions are
+     generally emulated on older hardware.
+
+II.  Problem Description
+
+     A specific sequence of instructions, starting with the byte codes
+     F0 0F (hex) cause Pentium processors to lock up.  This lockup
+     wedges the entire system, requiring a hard reset to correct.
+     Systems that allow users to run arbitrary code are vulnerable to
+     this attack.
+
+III. Impact
+
+     An unpriviledged user can crash your system.
+     
+IV.  Workaround
+
+     None is available.
+
+V.   Solution
+
+     The following patch corrects the problem for FreeBSD-current
+     systems before 1997-12-04, for FreeBSD 2.2-stable before
+     1997-12-04 and for FreeBSD 2.2.5.
+
+     We urge users of FreeBSD 2.1.* to upgrade to the more stable and
+     more powerfull FreeBSD 2.2.5 release.
+
+
+     Index: identcpu.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/i386/i386/identcpu.c,v
+     retrieving revision 1.33
+     retrieving revision 1.35
+     diff -u -r1.33 -r1.35
+     --- identcpu.c	1997/11/07 08:52:27	1.33
+     +++ identcpu.c	1997/12/04 14:35:38	1.35
+     @@ -107,6 +107,10 @@
+      	);
+      }
+      
+     +#if defined(I586_CPU) && !defined(NO_F00F_HACK)
+     +int has_f00f_bug = 0;
+     +#endif
+     +
+      void
+      printcpuinfo(void)
+      {
+     @@ -136,6 +140,14 @@
+      				break;
+      			case 0x500:
+      				strcat(cpu_model, "Pentium"); /* nb no space */
+     +#if defined(I586_CPU) && !defined(NO_F00F_HACK)
+     +				/*
+     +				 * XXX - If/when Intel fixes the bug, this
+     +				 * should also check the version of the
+     +				 * CPU, not just that it's a Pentium.
+     +				 */
+     +				has_f00f_bug = 1;
+     +#endif
+      				break;
+      			case 0x600:
+      				strcat(cpu_model, "Pentium Pro");
+     Index: machdep.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/i386/i386/machdep.c,v
+     retrieving revision 1.274
+     retrieving revision 1.278
+     diff -u -r1.274 -r1.278
+     --- machdep.c	1997/11/24 18:35:11	1.274
+     +++ machdep.c	1997/12/04 21:21:24	1.278
+     @@ -866,6 +867,11 @@
+      #endif /* VM86 */
+      #endif
+      
+     +#if defined(I586_CPU) && !defined(NO_F00F_HACK)
+     +struct gate_descriptor *t_idt;
+     +extern int has_f00f_bug;
+     +#endif
+     +
+      static struct i386tss dblfault_tss;
+      static char dblfault_stack[PAGE_SIZE];
+      
+     @@ -1533,6 +1539,40 @@
+      	proc0.p_addr->u_pcb.pcb_mpnest = 1;
+      	proc0.p_addr->u_pcb.pcb_ext = 0;
+      }
+     +
+     +#if defined(I586_CPU) && !defined(NO_F00F_HACK)
+     +void f00f_hack(void);
+     +SYSINIT(f00f_hack, SI_SUB_INTRINSIC, SI_ORDER_FIRST, f00f_hack, NULL);
+     +
+     +void
+     +f00f_hack(void) {
+     +	struct region_descriptor r_idt;
+     +	unsigned char *tmp;
+     +	int i;
+     +
+     +	if (!has_f00f_bug)
+     +		return;
+     +
+     +	printf("Intel Pentium F00F detected, installing workaround\n");
+     +
+     +	r_idt.rd_limit = sizeof(idt) - 1;
+     +
+     +	tmp = kmem_alloc(kernel_map, PAGE_SIZE * 2);
+     +	if (tmp == 0)
+     +		panic("kmem_alloc returned 0");
+     +	if (((unsigned int)tmp & (PAGE_SIZE-1)) != 0)
+     +		panic("kmem_alloc returned non-page-aligned memory");
+     +	/* Put the first seven entries in the lower page */
+     +	t_idt = (struct gate_descriptor*)(tmp + PAGE_SIZE - (7*8));
+     +	bcopy(idt, t_idt, sizeof(idt));
+     +	r_idt.rd_base = (int)t_idt;
+     +	lidt(&r_idt);
+     +	if (vm_map_protect(kernel_map, tmp, tmp + PAGE_SIZE,
+     +			   VM_PROT_READ, FALSE) != KERN_SUCCESS)
+     +		panic("vm_map_protect failed");
+     +	return;
+     +}
+     +#endif /* defined(I586_CPU) && !NO_F00F_HACK */
+      
+      int
+      ptrace_set_pc(p, addr)
+     Index: trap.c
+     ===================================================================
+     RCS file: /home/cvsup/freebsd/CVS/src/sys/i386/i386/trap.c,v
+     retrieving revision 1.115
+     retrieving revision 1.118
+     diff -u -r1.115 -r1.118
+     --- trap.c	1997/11/24 13:25:37	1.115
+     +++ trap.c	1997/12/04 21:21:26	1.118
+     @@ -142,6 +143,11 @@
+      static void userret __P((struct proc *p, struct trapframe *frame,
+      			 u_quad_t oticks));
+      
+     +#if defined(I586_CPU) && !defined(NO_F00F_HACK)
+     +extern struct gate_descriptor *t_idt;
+     +extern int has_f00f_bug;
+     +#endif
+     +
+      static inline void
+      userret(p, frame, oticks)
+      	struct proc *p;
+     @@ -211,6 +217,9 @@
+      	u_long eva;
+      #endif
+      
+     +#if defined(I586_CPU) && !defined(NO_F00F_HACK)
+     +restart:
+     +#endif
+      	type = frame.tf_trapno;
+      	code = frame.tf_err;
+      
+     @@ -276,6 +285,10 @@
+      			i = trap_pfault(&frame, TRUE);
+      			if (i == -1)
+      				return;
+     +#if defined(I586_CPU) && !defined(NO_F00F_HACK)
+     +			if (i == -2)
+     +				goto restart;
+     +#endif
+      			if (i == 0)
+      				goto out;
+      
+     @@ -642,7 +655,18 @@
+      	if (va >= KERNBASE) {
+      		/*
+      		 * Don't allow user-mode faults in kernel address space.
+     +		 * An exception:  if the faulting address is the invalid
+     +		 * instruction entry in the IDT, then the Intel Pentium
+     +		 * F00F bug workaround was triggered, and we need to
+     +		 * treat it is as an illegal instruction, and not a page
+     +		 * fault.
+      		 */
+     +#if defined(I586_CPU) && !defined(NO_F00F_HACK)
+     +		if ((eva == (unsigned int)&t_idt[6]) && has_f00f_bug) {
+     +			frame->tf_trapno = T_PRIVINFLT;
+     +			return -2;
+     +		}
+     +#endif
+      		if (usermode)
+      			goto nogo;
+      
+     
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+PGP Key:                        ftp://freebsd.org/pub/CERT/public_key.asc
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBNI2g9VUuHi5z0oilAQGFnAP/R4bArrM7+NZKbrJEK+9UpNYBPhsakAF6
+4/U1wJJdbBJPl5j4udZki8ZUEPJvM2mSnrs9UevQMYGSoirl92h/0SEgVgjIfhcJ
+tcyY97Js6biHAZzib4i/TKoN47wBNjgRLF6SfafuIxfVQYk6RMFB5EUdYBdseVz/
+5RgYqQz4m/k=
+=xvTs
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-98:01.land.asc b/share/security/advisories/FreeBSD-SA-98:01.land.asc
new file mode 100644
index 0000000000..a6c29b2e3d
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-98:01.land.asc
@@ -0,0 +1,219 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-98:01                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          LAND attack can cause harm to running FreeBSD systems
+
+Category:       core
+Module:         kern
+Announced:      1997-12-01
+Affects:        FreeBSD 2.1.*, FreeBSD 2.2.0R, 2.2.1R, 2.2.5R
+		FreeBSD-stable and FreeBSD-current 
+Doesn't Affect:	FreeBSD 2.2.2R
+Corrected:      FreeBSD 2.2.6R, FreeBSD-current as of Jan 21, 1998
+		FreeBSD-stable as of Jan 30, 1998
+FreeBSD only:   no
+
+Patches:        ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:01/
+
+=============================================================================
+IMPORTANT MESSAGE: The FreeBSD advisory archive has moved from
+ftp://freebsd.org/pub/CERT to ftp://ftp.freebsd.org/pub/CERT
+=============================================================================
+
+I.   Background
+
+     In most TCP stacks state is kept based on the source and
+     destination address of a packet received.
+
+II.  Problem Description
+
+     A problem exists in most FreeBSD derived stacks that allows a
+     malicious user to send a packet that causes the sytsem to lock
+     up, thus producing a denial of service attack.
+
+III. Impact
+
+     Any person on the Internet who can send a FreeBSD machine a
+     packet can cause it to lock up and be taken out of service.
+     
+IV.  Workaround
+
+     A firewall can be used to filter packets from the Internet that
+     appear to be from your local network.  This will not eliminate
+     the threat, but will eliminate external attacks.
+
+V.   Solution
+
+     Apply the enclosed patch.  There are two patches, one for FreeBSD
+     -current, and another for FreeBSD 2.2-stable.
+
+    patch for -current prior to Jan 21, 1998.  Found in land-current.
+
+    Index: tcp_input.c
+    ===================================================================
+    RCS file: /home/imp/FreeBSD/CVS/src/sys/netinet/tcp_input.c,v
+    retrieving revision 1.67
+    retrieving revision 1.68
+    diff -u -r1.67 -r1.68
+    --- tcp_input.c	1997/12/19 23:46:15	1.67
+    +++ tcp_input.c	1998/01/21 02:05:59	1.68
+    @@ -626,6 +613,7 @@
+     	 * If the state is LISTEN then ignore segment if it contains an RST.
+     	 * If the segment contains an ACK then it is bad and send a RST.
+     	 * If it does not contain a SYN then it is not interesting; drop it.
+    +	 * If it is from this socket, drop it, it must be forged.
+     	 * Don't bother responding if the destination was a broadcast.
+     	 * Otherwise initialize tp->rcv_nxt, and tp->irs, select an initial
+     	 * tp->iss, and send a segment:
+    @@ -644,6 +632,9 @@
+     			goto dropwithreset;
+     		if ((tiflags & TH_SYN) == 0)
+     			goto drop;
+    +		if ((ti->ti_dport == ti->ti_sport) &&
+    +		    (ti->ti_dst.s_addr == ti->ti_src.s_addr))
+    +			goto drop;
+     		/*
+     		 * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
+     		 * in_broadcast() should never return true on a received
+    @@ -762,6 +753,23 @@
+     		}
+     
+     	/*
+    +	 * If the state is SYN_RECEIVED:
+    +	 *	if seg contains SYN/ACK, send a RST.
+    +	 *	if seg contains an ACK, but not for our SYN/ACK, send a RST.
+    +	 */
+    +	case TCPS_SYN_RECEIVED:
+    +		if (tiflags & TH_ACK) {
+    +			if (tiflags & TH_SYN) {
+    +				tcpstat.tcps_badsyn++;
+    +				goto dropwithreset;
+    +			}
+    +			if (SEQ_LEQ(ti->ti_ack, tp->snd_una) ||
+    +			    SEQ_GT(ti->ti_ack, tp->snd_max))
+    +				goto dropwithreset;
+    +		}
+    +		break;
+    +
+    +	/*
+     	 * If the state is SYN_SENT:
+     	 *	if seg contains an ACK, but not for our SYN, drop the input.
+     	 *	if seg contains a RST, then drop the connection.
+    @@ -1176,14 +1184,11 @@
+     	switch (tp->t_state) {
+     
+     	/*
+    -	 * In SYN_RECEIVED state if the ack ACKs our SYN then enter
+    -	 * ESTABLISHED state and continue processing, otherwise
+    -	 * send an RST.
+    +	 * In SYN_RECEIVED state, the ack ACKs our SYN, so enter
+    +	 * ESTABLISHED state and continue processing.
+    +	 * The ACK was checked above.
+     	 */
+     	case TCPS_SYN_RECEIVED:
+    -		if (SEQ_GT(tp->snd_una, ti->ti_ack) ||
+    -		    SEQ_GT(ti->ti_ack, tp->snd_max))
+    -			goto dropwithreset;
+     
+     		tcpstat.tcps_connects++;
+     		soisconnected(so);
+
+    patch for 2.2.5 and 2.2.5-stable before Jan 30, 1998 found in land-22
+
+    Index: tcp_input.c
+    ===================================================================
+    RCS file: /home/imp/FreeBSD/CVS/src/sys/netinet/tcp_input.c,v
+    retrieving revision 1.54.2.6
+    retrieving revision 1.54.2.7
+    diff -u -r1.54.2.6 -r1.54.2.7
+    --- tcp_input.c	1997/11/20 21:45:34	1.54.2.6
+    +++ tcp_input.c	1998/01/30 19:13:55	1.54.2.7
+    @@ -627,6 +614,7 @@
+     	 * If the state is LISTEN then ignore segment if it contains an RST.
+     	 * If the segment contains an ACK then it is bad and send a RST.
+     	 * If it does not contain a SYN then it is not interesting; drop it.
+    +	 * If it is from this socket, drop it, it must be forged.
+     	 * Don't bother responding if the destination was a broadcast.
+     	 * Otherwise initialize tp->rcv_nxt, and tp->irs, select an initial
+     	 * tp->iss, and send a segment:
+    @@ -646,6 +634,9 @@
+     			goto dropwithreset;
+     		if ((tiflags & TH_SYN) == 0)
+     			goto drop;
+    +		if ((ti->ti_dport == ti->ti_sport) &&
+    +		    (ti->ti_dst.s_addr == ti->ti_src.s_addr))
+    +			goto drop;
+     		/*
+     		 * RFC1122 4.2.3.10, p. 104: discard bcast/mcast SYN
+     		 * in_broadcast() should never return true on a received
+    @@ -765,6 +756,23 @@
+     		}
+     
+     	/*
+    +	 * If the state is SYN_RECEIVED:
+    +	 *	if seg contains SYN/ACK, send a RST.
+    +	 *	if seg contains an ACK, but not for our SYN/ACK, send a RST.
+    +	 */
+    +	case TCPS_SYN_RECEIVED:
+    +		if (tiflags & TH_ACK) {
+    +			if (tiflags & TH_SYN) {
+    +				tcpstat.tcps_badsyn++;
+    +				goto dropwithreset;
+    +			}
+    +			if (SEQ_LEQ(ti->ti_ack, tp->snd_una) ||
+    +			    SEQ_GT(ti->ti_ack, tp->snd_max))
+    +				goto dropwithreset;
+    +		}
+    +		break;
+    +
+    +	/*
+     	 * If the state is SYN_SENT:
+     	 *	if seg contains an ACK, but not for our SYN, drop the input.
+     	 *	if seg contains a RST, then drop the connection.
+    @@ -1179,14 +1187,11 @@
+     	switch (tp->t_state) {
+     
+     	/*
+    -	 * In SYN_RECEIVED state if the ack ACKs our SYN then enter
+    -	 * ESTABLISHED state and continue processing, otherwise
+    -	 * send an RST.
+    +	 * In SYN_RECEIVED state, the ack ACKs our SYN, so enter
+    +	 * ESTABLISHED state and continue processing.
+    +	 * The ACK was checked above.
+     	 */
+     	case TCPS_SYN_RECEIVED:
+    -		if (SEQ_GT(tp->snd_una, ti->ti_ack) ||
+    -		    SEQ_GT(ti->ti_ack, tp->snd_max))
+    -			goto dropwithreset;
+     
+     		tcpstat.tcps_connects++;
+     		soisconnected(so);
+    
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+PGP Key:                        ftp://ftp.freebsd.org/pub/CERT/public_key.asc
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBNQg21FUuHi5z0oilAQFsYAP/TSdBmRb90H9/JqCvM/7pn1FOngoJgLPV
+GzEBEKe1cbeY5tOY/rCLPVX3g+JjRjPFkMICaTYk0JdFEO29CLhw5qoX/OAm4M+M
+erMJvXUJ3SPaEAEgK7zh5c73t9I4573Rbp1IxU3uZiqVSc3myJxCtFa4ZW2O6zkm
+G57fsHlGRKo=
+=4fC3
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-98:02.mmap.asc b/share/security/advisories/FreeBSD-SA-98:02.mmap.asc
new file mode 100644
index 0000000000..4f2d258632
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-98:02.mmap.asc
@@ -0,0 +1,239 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-98:02                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          security compromise via mmap
+
+Category:       core
+Module:         kernel
+Announced:      1998-03-12
+Affects:        FreeBSD 2.2.*, FreeBSD-stable and FreeBSD-current 
+		before 1998/03/11 suffer from this problem.
+Corrected:      FreeBSD-current as of 1998/03/11
+		FreeBSD-stable as of 1998/03/11
+FreeBSD only:   no (also other 4.4BSD based systems may be affected)
+
+Patches:        ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:02/
+
+=============================================================================
+IMPORTANT MESSAGE: The FreeBSD advisory archive has moved from
+ftp://freebsd.org/pub/CERT to ftp://ftp.freebsd.org/pub/CERT
+=============================================================================
+
+I.   Background    
+
+     The 4.4BSD VM system allows files to be "memory mapped", which
+     causes the specified contents of a file to be made available
+     to a process via its address space. Manipulations of that file
+     can then be performed simply by manipulating memory, rather
+     than using filesystem I/O calls.  This technique is used to
+     simplify code, speed up access to files, and provide interprocess
+     communication.
+
+II.  Problem Description
+
+     Due to a 4.4BSD VM system problem, it is possible to memory-map
+     a read-only descriptor to a character device in read-write
+     mode.
+
+III. Impact
+     
+     The hole can be used by members of group kmem to gain superuser
+     privileges. It also allows the superuser to lower the system
+     securelevel.
+
+IV.  Workaround
+
+     No workaround is known.
+
+V.   Solution
+
+
+     Apply one of the following patches, rebuild your kernel,
+     install it and reboot your system.
+
+     The patches below can be found on
+	ftp://ftp.freebsd.org/pub/CERT/patches/SA-98:02/
+
+
+     Patch for 3.0-current systems:
+
+  Index: vm_mmap.c
+  ===================================================================
+  RCS file: /home/cvsup/freebsd/CVS/src/sys/vm/vm_mmap.c,v
+  retrieving revision 1.74
+  diff -u -r1.74 vm_mmap.c
+  --- vm_mmap.c	1998/03/07 21:37:01	1.74
+  +++ vm_mmap.c	1998/03/10 21:51:30
+  @@ -162,6 +162,7 @@
+   	vm_prot_t prot, maxprot;
+   	void *handle;
+   	int flags, error;
+  +	int disablexworkaround;
+   	off_t pos;
+   
+   	addr = (vm_offset_t) uap->addr;
+  @@ -252,6 +253,26 @@
+   			pos = 0;
+   		} else {
+   			/*
+  +			 * cdevs does not provide private mappings of any kind.
+  +			 */
+  +			/*
+  +			 * However, for XIG X server to continue to work,
+  +			 * we should allow the superuser to do it anyway.
+  +			 * We only allow it at securelevel < 1.
+  +			 * (Because the XIG X server writes directly to video
+  +			 * memory via /dev/mem, it should never work at any
+  +			 * other securelevel.
+  +			 * XXX this will have to go
+  +			 */
+  +			if (securelevel >= 1)
+  +				disablexworkaround = 1;
+  +			else
+  +				disablexworkaround = suser(p->p_ucred,
+  +							   &p->p_acflag);
+  +			if (vp->v_type == VCHR && disablexworkaround &&
+  +				(flags & (MAP_PRIVATE|MAP_COPY)))
+  +				 return (EINVAL);
+  +			/*
+   			 * Ensure that file and memory protections are
+   			 * compatible.  Note that we only worry about
+   			 * writability if mapping is shared; in this case,
+  @@ -265,12 +286,20 @@
+   				maxprot |= VM_PROT_READ;
+   			else if (prot & PROT_READ)
+   				return (EACCES);
+  -			if (flags & MAP_SHARED) {
+  -				if (fp->f_flag & FWRITE)
+  -					maxprot |= VM_PROT_WRITE;
+  -				else if (prot & PROT_WRITE)
+  -					return (EACCES);
+  -			} else
+  +			/*
+  +			 * If we are sharing potential changes (either via
+  +			 * MAP_SHARED or via the implicit sharing of character
+  +			 * device mappings), and we are trying to get write
+  +			 * permission although we opened it without asking
+  +			 * for it, bail out.  Check for superuser, only if
+  +			 * we're at securelevel < 1, to allow the XIG X server
+  +			 * to continue to work.
+  +			 */
+  +			if (((flags & MAP_SHARED) != 0 ||
+  +				(vp->v_type == VCHR && disablexworkaround)) &&
+  +				(fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0)
+  +				return (EACCES);
+  +			else
+   				maxprot |= VM_PROT_WRITE;
+   			handle = (void *)vp;
+   		}
+
+     Patch for 2.2 systems:
+
+  Index: vm_mmap.c
+  ===================================================================
+  RCS file: /home/cvsup/freebsd/CVS/src/sys/vm/vm_mmap.c,v
+  retrieving revision 1.53.2.2
+  diff -u -r1.53.2.2 vm_mmap.c
+  --- vm_mmap.c	1997/03/25 04:54:29	1.53.2.2
+  +++ vm_mmap.c	1998/03/10 21:50:46
+  @@ -157,6 +157,9 @@
+   	vm_prot_t prot, maxprot;
+   	caddr_t handle;
+   	int flags, error;
+  +	int disablexworkaround;
+  +  
+  +  	addr = (vm_offset_t) uap->addr;
+   
+   	prot = uap->prot & VM_PROT_ALL;
+   	flags = uap->flags;
+  @@ -230,6 +233,26 @@
+   			flags |= MAP_ANON;
+   		} else {
+   			/*
+  +			 * cdevs does not provide private mappings of any kind.
+  +			 */
+  +			/*
+  +			 * However, for XIG X server to continue to work,
+  +			 * we should allow the superuser to do it anyway.
+  +			 * We only allow it at securelevel < 1.
+  +			 * (Because the XIG X server writes directly to video
+  +			 * memory via /dev/mem, it should never work at any
+  +			 * other securelevel.
+  +			 * XXX this will have to go
+  +			 */
+  +			if (securelevel >= 1)
+  +				disablexworkaround = 1;
+  +			else
+  +				disablexworkaround = suser(p->p_ucred,
+  +							   &p->p_acflag);
+  +			if (vp->v_type == VCHR && disablexworkaround &&
+  +				(flags & (MAP_PRIVATE|MAP_COPY)))
+  +				 return (EINVAL);
+  +			/*
+   			 * Ensure that file and memory protections are
+   			 * compatible.  Note that we only worry about
+   			 * writability if mapping is shared; in this case,
+  @@ -243,12 +266,20 @@
+   				maxprot |= VM_PROT_READ;
+   			else if (prot & PROT_READ)
+   				return (EACCES);
+  -			if (flags & MAP_SHARED) {
+  -				if (fp->f_flag & FWRITE)
+  -					maxprot |= VM_PROT_WRITE;
+  -				else if (prot & PROT_WRITE)
+  -					return (EACCES);
+  -			} else
+  +			/*
+  +			 * If we are sharing potential changes (either via
+  +			 * MAP_SHARED or via the implicit sharing of character
+  +			 * device mappings), and we are trying to get write
+  +			 * permission although we opened it without asking
+  +			 * for it, bail out.  Check for superuser, only if
+  +			 * we're at securelevel < 1, to allow the XIG X server
+  +			 * to continue to work.
+  +			 */
+  +			if (((flags & MAP_SHARED) != 0 ||
+  +				(vp->v_type == VCHR && disablexworkaround)) &&
+  +				(fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0)
+  +				return (EACCES);
+  +			else
+   				maxprot |= VM_PROT_WRITE;
+   			handle = (caddr_t) vp;
+   		}
+
+VI.   Thanks
+
+     This advisory is based on the OpenBSD Security Advisory, dated
+     February 20 2, 1998.  Thanks to "Thomas H. Ptacek" <tqbf@enteract.com>
+     for allowing this.
+
+     Thanks to "Cy Schubert" <cschuber@uumail.gov.bc.ca> for porting the
+     OpenBSD patch to FreeBSD.
+     
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+PGP Key:                        ftp://ftp.freebsd.org/pub/CERT/public_key.asc
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     security@freebsd.org
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.2
+
+iQCVAwUBNQg5QlUuHi5z0oilAQGxJQP/YRbQ4Ox0R7zELYIfiYY4ZTec53DlkNTm
++NWLqqMJWFAQQ2BfTLmcxJdcaUlPkZmKU21ZUFVxKFuCjjp1MSiFApLJRcXuX6u6
+ZYgwvrrLB5ppU2L/uWG+mlJKrf/j6R28B/NQ7b/OB9hcRlNdOFyu7K44M+yKxaPb
+SRJ4LR1rQKk=
+=qDrb
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-98:03.ttcp.asc b/share/security/advisories/FreeBSD-SA-98:03.ttcp.asc
new file mode 100644
index 0000000000..4e9e4ab61f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-98:03.ttcp.asc
@@ -0,0 +1,114 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-98:03                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Problems with TTCP
+
+Category:       core
+Module:         kernel
+Announced:      1998-05-14, revised at 1998-05-18
+Affects:        FreeBSD 2.1.*
+		FreeBSD 2.2.*,
+		FreeBSD-2.2-stable before 1998/05/14 and
+		FreeBSD-3.0-current before 1998/05/05 suffer from this problem.
+Corrected:      FreeBSD-3.0-current as of 1998/05/14
+		FreeBSD-2.2-stable as of 1998/05/05
+		FreeBSD-2.1-stable as of 1998/05/18
+FreeBSD only:   No. Any other system incorporating TTCP extentions may be
+                affected.
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:03/
+
+I.   Background    
+
+
+     RFC 1644 provides an extension to TCP called TCP Extensions for
+     Transactions, or shortly T/TCP. It provides a way of bypassing
+     the standard three-way handshake found in TCP, thus speeding up
+     transactions.
+     T/TCP has been incorporated in FreeBSD since FreeBSD 2.0.5.
+
+II.  Problem Description
+
+     An accelerated open is initiated by a client by sending a new
+     TCP option, called CC, to the server.  The kernel keeps a
+     special cache for each host it communicated with, among others
+     containing the value of the last CC option used by the client.
+     A new accelerated open is allowed when the CC sent is larger
+     than the one in the per-host cache. Thus one can spoof complete
+     connections.
+     
+III. Impact
+     
+     The hole can be used to obtain unauthorized acces to the system
+     by spoofing connections to the r*-services. This can only be
+     done in the case where an .rhost file and/or a host.equiv file
+     is used as the sole method of authentication.
+
+IV.  Workaround
+
+     Disable all r-* services. Note that setting the kernel variable
+     net.inet.tcp.rfc1644 to 0 does not solve the problem. This
+     variable controls whether the system will initiate rfc1644
+     based connections and does not affect the ability to receive
+     such connections.
+
+V.   Solution
+
+
+     Apply the following patch, rebuild your kernel, install it
+     and reboot your system. The patch is valid for 2.1.* systems,
+     for 2.1-stable, for 2.2.* systems, for 2.2-stable and for 3.0-current.
+
+     The patch below can be found on
+	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:03/
+
+   
+  Index: tcp_input.c
+  ===================================================================
+  RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v
+  retrieving revision 1.74
+  retrieving revision 1.77
+  diff -u -r1.74 -r1.77
+  --- tcp_input.c	1998/04/24 10:08:57	1.74
+  +++ tcp_input.c	1998/05/18 17:11:24	1.77
+  @@ -680,7 +680,9 @@
+   		 * - otherwise do a normal 3-way handshake.
+   		 */
+   		if ((to.to_flag & TOF_CC) != 0) {
+  -		    if (taop->tao_cc != 0 && CC_GT(to.to_cc, taop->tao_cc)) {
+  +		    if (((tp->t_flags & TF_NOPUSH) != 0) &&
+  +			taop->tao_cc != 0 && CC_GT(to.to_cc, taop->tao_cc)) {
+  +
+   			taop->tao_cc = to.to_cc;
+   			tp->t_state = TCPS_ESTABLISHED;
+   
+    
+    
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=========================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBNWBuSFUuHi5z0oilAQG0WwP+KUCgtui/1BAz4DbtAcm5sodoTVpzhQyG
+NOfhKKgoopaMtbFFVTtCaC3+QL8xqsQX3GfcF1QRn16KDojLmG2em0yrA6Ad4Mwn
+Jup5U4Vur5CQSOuhyZAnRIBeTdC2nCraWee/tGxoiamximqI/bZKpjn/4HwB0XVh
+ZwvupaQ4y9c=
+=n3/i
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-98:04.mmap.asc b/share/security/advisories/FreeBSD-SA-98:04.mmap.asc
new file mode 100644
index 0000000000..00754df03a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-98:04.mmap.asc
@@ -0,0 +1,201 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-98:04                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          security compromise via mmap
+
+Category:       core
+Module:         kernel
+Announced:      1998-06-02
+Affects:        FreeBSD 2.2.*, FreeBSD-stable before 1998/05/24
+		and FreeBSD-current before 1998/05/19 suffer from
+		this problem.
+Corrected:      FreeBSD-current as of 1998/05/19
+		FreeBSD-stable as of 1998/05/24
+FreeBSD only:   no (also other 4.4BSD based systems may be affected)
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:04/
+
+=============================================================================
+IMPORTANT MESSAGE: The FreeBSD security officer now uses the policy
+ftp://freebsd.org/pub/CERT to ftp://ftp.freebsd.org/pub/FreeBSD/POLICY
+for sending out advisories.
+=============================================================================
+
+I.   Background    
+
+     The 4.4BSD VM system allows files to be "memory mapped", which
+     causes the specified contents of a file to be made available
+     to a process via its address space. Manipulations of that file
+     can then be performed simply by manipulating memory, rather
+     than using filesystem I/O calls.  This technique is used to
+     simplify code, speed up access to files, and provide interprocess
+     communication.
+
+     In 4.4BSD, 4 new FFS flags were added that give the possibility
+     to mark files as append-only or immutable.
+
+II.  Problem Description
+
+     It is possible for a process to open an append-only file
+     according to the limitations of the flags, and then mmap the
+     file shared with write permission even when the file is marked
+     as append-only or immutable. This circumvents the concept of
+     the the append-only flag.
+
+III. Impact
+     
+     It is possible to change the contents of append-only files.
+
+IV.  Workaround
+
+     No workaround is known.
+
+V.   Solution
+
+
+     Apply one of the following patches, rebuild your kernel,
+     install it and reboot your system.
+
+     The patches below can be found on
+	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:04/
+
+     NOTE: Users of FreeBSD 2.2.5 or FreeBSD-current or FreeBSD-stable
+     dated before 1998/03/12 will need to apply the patch mentioned in
+     FreeBSD advisory SA-98:02.
+
+
+     Patch for 3.0-current systems:
+
+  Index: vm_mmap.c
+  ===================================================================
+  RCS file: /home/cvsup/freebsd/CVS/src/sys/vm/vm_mmap.c,v
+  retrieving revision 1.75
+  retrieving revision 1.77
+  diff -u -r1.75 -r1.77
+  --- vm_mmap.c	1998/03/12 19:36:18	1.75
+  +++ vm_mmap.c	1998/05/19 07:13:21	1.77
+  @@ -58,6 +58,7 @@
+   #include <sys/file.h>
+   #include <sys/mman.h>
+   #include <sys/conf.h>
+  +#include <sys/stat.h>
+   #include <sys/vmmeter.h>
+   
+   #include <miscfs/specfs/specdev.h>
+  @@ -295,12 +296,25 @@
+   			 * we're at securelevel < 1, to allow the XIG X server
+   			 * to continue to work.
+   			 */
+  -			if (((flags & MAP_SHARED) != 0 ||
+  -				(vp->v_type == VCHR && disablexworkaround)) &&
+  -				(fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0)
+  -				return (EACCES);
+  -			else
+  +
+  +			if ((flags & MAP_SHARED) != 0 ||
+  +			    (vp->v_type == VCHR && disablexworkaround)) {
+  +				if ((fp->f_flag & FWRITE) != 0) {
+  +					struct vattr va;
+  +					if ((error =
+  +					    VOP_GETATTR(vp, &va,
+  +						        p->p_ucred, p)))
+  +						return (error);
+  +					if ((va.va_flags &
+  +					    (IMMUTABLE|APPEND)) == 0)
+  +						maxprot |= VM_PROT_WRITE;
+  +					else if (prot & PROT_WRITE)
+  +						return (EPERM);
+  +				} else if ((prot & PROT_WRITE) != 0)
+  +					return (EACCES);
+  +			} else
+   				maxprot |= VM_PROT_WRITE;
+  +
+   			handle = (void *)vp;
+   		}
+   	}
+
+     Patch for 2.2 systems:
+
+  Index: vm_mmap.c
+  ===================================================================
+  RCS file: /home/cvsup/freebsd/CVS/src/sys/vm/vm_mmap.c,v
+  retrieving revision 1.53.2.3
+  retrieving revision 1.53.2.4
+  diff -u -r1.53.2.3 -r1.53.2.4
+  --- vm_mmap.c	1998/03/12 19:36:50	1.53.2.3
+  +++ vm_mmap.c	1998/05/24 19:47:02	1.53.2.4
+  @@ -57,6 +57,7 @@
+   #include <sys/file.h>
+   #include <sys/mman.h>
+   #include <sys/conf.h>
+  +#include <sys/stat.h>
+   #include <sys/vmmeter.h>
+   
+   #include <miscfs/specfs/specdev.h>
+  @@ -275,12 +276,26 @@
+   			 * we're at securelevel < 1, to allow the XIG X server
+   			 * to continue to work.
+   			 */
+  -			if (((flags & MAP_SHARED) != 0 ||
+  -				(vp->v_type == VCHR && disablexworkaround)) &&
+  -				(fp->f_flag & FWRITE) == 0 && (prot & PROT_WRITE) != 0)
+  -				return (EACCES);
+  -			else
+  +
+  +			if ((flags & MAP_SHARED) != 0 ||
+  +			    (vp->v_type == VCHR && disablexworkaround)) {
+  +				if ((fp->f_flag & FWRITE) != 0) {
+  +					struct vattr va;
+  +
+  +					if ((error =
+  +					    VOP_GETATTR(vp, &va,
+  +						        p->p_ucred, p)))
+  +						return (error);
+  +					if ((va.va_flags &
+  +					    (IMMUTABLE|APPEND)) == 0)
+  +						maxprot |= VM_PROT_WRITE;
+  +					else if (prot & PROT_WRITE)
+  +						return (EPERM);
+  +				} else if ((prot & PROT_WRITE) != 0)
+  +					return (EACCES);
+  +			} else
+   				maxprot |= VM_PROT_WRITE;
+  +
+   			handle = (caddr_t) vp;
+   		}
+   	}
+
+VI.   Thanks
+
+     This advisory is based on NetBSD Security Advisory 1998-003.
+     In porting the NetBSD patch, we accidentally mentioned that we
+     obtained the patch from OpenBSD, which was evidently wrong.
+     
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBNXWJC1UuHi5z0oilAQG3nAP9GjmOtlc1WxPJjcbRwvXmKzhRInCfuVTL
+f5k7dAyFmUmo6wnyQwsBoQUsa7d/kS0YCnfTIkFYrGkFvBa8hnw/i9VVdMFaUFFV
+kTo6YLQfgG35znTxftACAs4uzjeRbh/6dr1YsERYxWNW0PabKbYfjMQapmY5GUVm
+px3WF/jRI5k=
+=Umgx
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-98:05.nfs.asc b/share/security/advisories/FreeBSD-SA-98:05.nfs.asc
new file mode 100644
index 0000000000..f2e77fdd68
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-98:05.nfs.asc
@@ -0,0 +1,127 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-98:05                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          system crash with NFS
+
+Category:       core
+Module:         kernel
+Announced:      1998-06-04
+Affects:        FreeBSD 2.2.* and FreeBSD-stable before 1998/05/31
+		this problem.
+Corrected:      FreeBSD-current as of 1998/05/31
+FreeBSD only:   no (also other 4.4BSD based systems may be affected)
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:05/
+
+=============================================================================
+IMPORTANT MESSAGE: The FreeBSD security officer now uses the policy
+ftp://ftp.freebsd.org/pub/FreeBSD/POLICY.asc for sending out advisories.
+=============================================================================
+
+I.   Background    
+
+     NFS can be used to mount remote file systems. Apart from being
+     remote, it acts like a normal UFS file system. Among others,
+     This means that creating hard links can be done in NFS
+     file systems
+
+II.  Problem Description
+
+     When creating hard links on file systems, the kernel checks that
+     both the original file and the link to it are located on the same
+     file system. Unfortunately, there is an error in the NFS kernel code
+     in FreeBSD 2.2.* systems that performs this check.
+
+III. Impact
+     
+     It is possible to crash a FreeBSD 2.2.* system by hard linking
+     a device special files to a file on an NFS mounted file system.
+
+     FreeBSD-current is not vulnerable.
+
+IV.  Workaround
+
+     No real work around is known (except for unmounting your NFS
+     file systems).
+
+V.   Solution
+
+     Apply one of the following patches, rebuild your kernel,
+     install it and reboot your system.
+
+     The patches below can be found on
+	ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:05/
+
+
+     Patch for 2.2.5 and 2.2.6 systems:
+
+
+  Index: nfs_vnops.c
+  ===================================================================
+  RCS file: /home/cvsup/freebsd/CVS/src/sys/nfs/nfs_vnops.c,v
+  retrieving revision 1.36.2.6
+  retrieving revision 1.36.2.7
+  diff -u -r1.36.2.6 -r1.36.2.7
+  --- nfs_vnops.c	1998/05/13 05:48:45	1.36.2.6
+  +++ nfs_vnops.c	1998/05/31 00:07:29	1.36.2.7
+  @@ -1755,17 +1755,8 @@
+   		struct componentname *a_cnp;
+   	} */ *ap;
+   {
+  -#if defined(__NetBSD__)
+  -	/*
+  -	 * Since the args are reversed in the VOP_LINK() calls,
+  -	 * switch them back. Argh!
+  -	 */
+  -	register struct vnode *vp = ap->a_tdvp;
+  -	register struct vnode *tdvp = ap->a_vp;
+  -#else
+   	register struct vnode *vp = ap->a_vp;
+   	register struct vnode *tdvp = ap->a_tdvp;
+  -#endif
+   	register struct componentname *cnp = ap->a_cnp;
+   	register u_long *tl;
+   	register caddr_t cp;
+  @@ -1776,11 +1767,8 @@
+   	int v3 = NFS_ISV3(vp);
+   
+   	if (vp->v_mount != tdvp->v_mount) {
+  -		VOP_ABORTOP(vp, cnp);
+  -		if (tdvp == vp)
+  -			vrele(tdvp);
+  -		else
+  -			vput(tdvp);
+  +		VOP_ABORTOP(tdvp, cnp);
+  +		vput(tdvp);
+   		return (EXDEV);
+   	}
+   
+ 
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBNXbehFUuHi5z0oilAQHS8gQAgIgUrioo3hT+mJLyxUp//ASoFPSf2+vw
+fmq2D9qEYyV5Od/HLBnzgb3jz5xyqWDLBx6pNV3QIPAimw3+S0oHOUYG+UCn96yD
+58kEx6mc8KanEHs0lzdgoqFi6ioVkPzCplxzqy+QfQvDCJPE+w7BbFkwVXhJHNof
+4JvVbewoA9c=
+=ILgB
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-98:06.icmp.asc b/share/security/advisories/FreeBSD-SA-98:06.icmp.asc
new file mode 100644
index 0000000000..bf90e234bd
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-98:06.icmp.asc
@@ -0,0 +1,128 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-98:06                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          smurf attack
+
+Category:       core
+Module:         kernel
+Announced:      1998-06-10
+Affects:        FreeBSD 2.2.*, FreeBSD-stable and FreeBSD-current 
+		before 1998/05/26 suffer from this problem.
+Corrected:      FreeBSD-current as of 1998/05/26
+		FreeBSD-stable as of 1998/05/26
+FreeBSD only:   yes
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:06/
+
+=============================================================================
+IMPORTANT MESSAGE: The FreeBSD security officer now uses the policy
+ftp://ftp.freebsd.org/pub/FreeBSD/POLICY.asc for sending out
+advisories.
+=============================================================================
+
+I.   Background    
+
+     As can be read in CERT advisory CA-98.01.smurf, there exists
+     a denial of service attack called "smurfing". This attack sends
+     ICMP echo requests to the broadcast address of a network. This
+     results in the source address of the ICMP packets being flooded
+     with ICMP echo replies. Of course, the source address is
+     spoofed.
+      
+
+II.  Problem Description
+
+     A solution at the intermediate network being abused to generate
+     the ICMP echo replies is to either block ICMP echo requests
+     directed to a broadcast address or to configure the hosts on
+     that network not to respond to such an ICMP request.  In the
+     CERT advisory, the following was reported:
+
+       In FreeBSD 2.2.5 and up, the tcp/ip stack does not respond
+       to ICMP echo requests destined for broadcast and multicast
+       addresses by default. This behavior can be changed via the
+       sysctl command via mib net.inet.icmp.bmcastecho.
+
+     Unfortunately, an error was made with the implementation of
+     this functionality and, despite the text in the CERT
+     advisory, the net.inet.icmp.bmcastecho sysctl variable default
+     is to respond to ICMP packets sent to the networks broadcast
+     address. You should explicitly run the command
+	sysctl -w net.inet.icmp.bmcastecho=0
+     to disable this.
+
+III. Impact
+
+     Your network can suffer performance degradation when a
+     large amount of spoofed ICMP is sent to your broadcast address.
+
+IV.  Workaround
+
+     Block ICMP echo requests to broadcast addresses in your kernel
+     using ipfw(8).  See CERT advisory CA-98.01.smurf for more
+     workarounds.
+
+V.   Solution
+
+     Apply the following patch:
+
+     Patch for 3.0-current, 2.2-stable, 2.2.5 and 2.2.6 systems:
+
+  Index: ip_icmp.c
+  ===================================================================
+  RCS file: /home/cvsup/freebsd/CVS/src/sys/netinet/ip_icmp.c,v
+  retrieving revision 1.29
+  retrieving revision 1.30
+  diff -u -r1.29 -r1.30
+  --- ip_icmp.c	1997/08/25 16:29:27	1.29
+  +++ ip_icmp.c	1998/05/26 11:34:30	1.30
+  @@ -375,8 +375,7 @@
+   
+   	case ICMP_ECHO:
+   		if (!icmpbmcastecho
+  -		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0
+  -		    && IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
+  +		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
+   			icmpstat.icps_bmcastecho++;
+   			break;
+   		}
+  @@ -385,8 +384,7 @@
+   
+   	case ICMP_TSTAMP:
+   		if (!icmpbmcastecho
+  -		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0
+  -		    && IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
+  +		    && (m->m_flags & (M_MCAST | M_BCAST)) != 0) {
+   			icmpstat.icps_bmcasttstamp++;
+   			break;
+   		}
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBNX7QUlUuHi5z0oilAQEBMQP6Avlv1dEMtH7thC510f17to9UNcDAobz4
+83Fd5qVfwjBy5G0AxSLOLYb4/9ZI137aNtsLRcvx3J4CRGPBCpA7UXptID/QuTHO
+6Z0sqix21OAigcrdX0Aegx2JBvY+NLgBSK4NrWbpp5sAjjW1i4OS/wzGQmhXFDjU
+JGoIZMmYKXU=
+=VFXs
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-98:07.rst.asc b/share/security/advisories/FreeBSD-SA-98:07.rst.asc
new file mode 100644
index 0000000000..e4dc9cfc75
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-98:07.rst.asc
@@ -0,0 +1,508 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-98:07                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          TCP RST denial of sevice
+
+Category:       core
+Module:         kernel
+Announced:      1998-10-13
+Affects:        FreeBSD 2.2.* (before 2.2.8R), FreeBSD-stable and
+		FreeBSD-current before the correction date.
+Corrected:      FreeBSD-current as of 1998/09/11
+		FreeBSD-stable as of 1998/09/16
+FreeBSD only:   Yes
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:07/
+
+Vulnerable:
+
+
+I.   Background    
+
+TCP/IP connections are controlled through a series of packets that are
+receieved by the two computers involved in the connection.  Old, stale
+connections are reset with a packet called a RST packet.  The RST
+packets have a sequence number in them that must be valid according to
+certain rules in the standards.
+
+
+II.  Problem Description
+
+A denail of service attack can be launched against FreeBSD systems
+running without one of the patches supplied later in this message.
+Using a flaw in the interpreation of sequence numbers in the RST
+packet, malicious users can terminate connections of other users at
+will.
+
+
+III. Impact
+
+Some TCP connections will be broken.  This can range from a minor
+inconvenience to a major problem depending on the nature of the
+attackers and what they attack.  This attack requires knowledge of the
+TCP connection 4-tuple (source IP, source port, destination IP and
+destination port).  If even one of these items is unknown, then the
+attack will not succeed.  Users without priviledge of the destination
+machine, however, can find the source IP and source port numbers with
+the netstat command and can effect this attack.  Also, intruders that
+are able to capture raw network traffic on the network the target
+machine resides will also have enough information to launch this
+attack.  It is also possible for an attacker to send a huge flood of
+packets, hoping that they will get lucky just once (which is all they
+need to attack a specific connection).
+
+This vulnerability has been discussed in the security list called
+BUGTRAQ and exploit programs are circulating to take advantage of this
+flaw.
+
+This attack has been reported most often as being used against people
+connected to irc servers.
+
+IV.  Workaround
+
+None.
+
+V.   Solution
+
+Here is the patch that will apply to 2.2-stable systems from before
+September 16, 1998.  -stable systems after that date do not suffer
+from this problem. It will also apply to FreeBSD 2.2.6 and 2.2.7.
+
+
+    Index: tcp_input.c
+    ===================================================================
+    RCS file: /home/cvsup/freebsd/CVS/src/sys/netinet/tcp_input.c,v
+    retrieving revision 1.54.2.10
+    retrieving revision 1.54.2.11
+    diff -u -r1.54.2.10 -r1.54.2.11
+    --- tcp_input.c	1998/05/18 17:12:44	1.54.2.10
+    +++ tcp_input.c	1998/09/16 17:35:17	1.54.2.11
+    @@ -972,17 +972,99 @@
+     
+     	/*
+     	 * States other than LISTEN or SYN_SENT.
+    -	 * First check timestamp, if present.
+    +	 * First check the RST flag and sequence number since reset segments
+    +	 * are exempt from the timestamp and connection count tests.  This
+    +	 * fixes a bug introduced by the Stevens, vol. 2, p. 960 bugfix
+    +	 * below which allowed reset segments in half the sequence space
+    +	 * to fall though and be processed (which gives forged reset
+    +	 * segments with a random sequence number a 50 percent chance of
+    +	 * killing a connection).
+    +	 * Then check timestamp, if present.
+     	 * Then check the connection count, if present.
+     	 * Then check that at least some bytes of segment are within
+     	 * receive window.  If segment begins before rcv_nxt,
+     	 * drop leading data (and SYN); if nothing left, just ack.
+     	 *
+    +	 *
+    +	 * If the RST bit is set, check the sequence number to see
+    +	 * if this is a valid reset segment.
+    +	 * RFC 793 page 37:
+    +	 *   In all states except SYN-SENT, all reset (RST) segments
+    +	 *   are validated by checking their SEQ-fields.  A reset is
+    +	 *   valid if its sequence number is in the window.
+    +	 * Note: this does not take into account delayed ACKs, so
+    +	 *   we should test against last_ack_sent instead of rcv_nxt.
+    +	 *   Also, it does not make sense to allow reset segments with
+    +	 *   sequence numbers greater than last_ack_sent to be processed
+    +	 *   since these sequence numbers are just the acknowledgement
+    +	 *   numbers in our outgoing packets being echoed back at us,
+    +	 *   and these acknowledgement numbers are monotonically
+    +	 *   increasing.
+    +	 * If we have multiple segments in flight, the intial reset
+    +	 * segment sequence numbers will be to the left of last_ack_sent,
+    +	 * but they will eventually catch up.
+    +	 * In any case, it never made sense to trim reset segments to
+    +	 * fit the receive window since RFC 1122 says:
+    +	 *   4.2.2.12  RST Segment: RFC-793 Section 3.4
+    +	 *
+    +	 *    A TCP SHOULD allow a received RST segment to include data.
+    +	 *
+    +	 *    DISCUSSION
+    +	 *         It has been suggested that a RST segment could contain
+    +	 *         ASCII text that encoded and explained the cause of the
+    +	 *         RST.  No standard has yet been established for such
+    +	 *         data.
+    +	 *
+    +	 * If the reset segment passes the sequence number test examine
+    +	 * the state:
+    +	 *    SYN_RECEIVED STATE:
+    +	 *	If passive open, return to LISTEN state.
+    +	 *	If active open, inform user that connection was refused.
+    +	 *    ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT STATES:
+    +	 *	Inform user that connection was reset, and close tcb.
+    +	 *    CLOSING, LAST_ACK, TIME_WAIT STATES
+    +	 *	Close the tcb.
+    +	 *    TIME_WAIT state:
+    +	 *	Drop the segment - see Stevens, vol. 2, p. 964 and
+    +	 *      RFC 1337.
+    +	 */
+    +	if (tiflags & TH_RST) {
+    +		if (tp->last_ack_sent == ti->ti_seq) {
+    +			switch (tp->t_state) {
+    +
+    +			case TCPS_SYN_RECEIVED:
+    +				so->so_error = ECONNREFUSED;
+    +				goto close;
+    +
+    +			case TCPS_ESTABLISHED:
+    +			case TCPS_FIN_WAIT_1:
+    +			case TCPS_FIN_WAIT_2:
+    +			case TCPS_CLOSE_WAIT:
+    +				so->so_error = ECONNRESET;
+    +			close:
+    +				tp->t_state = TCPS_CLOSED;
+    +				tcpstat.tcps_drops++;
+    +				tp = tcp_close(tp);
+    +				break;
+    +
+    +			case TCPS_CLOSING:
+    +			case TCPS_LAST_ACK:
+    +				tp = tcp_close(tp);
+    +				break;
+    +
+    +			case TCPS_TIME_WAIT:
+    +				break;
+    +			}
+    +		}
+    +		goto drop;
+    +	}
+    +
+    +	/*
+     	 * RFC 1323 PAWS: If we have a timestamp reply on this segment
+     	 * and it's less than ts_recent, drop it.
+     	 */
+    -	if ((to.to_flag & TOF_TS) != 0 && (tiflags & TH_RST) == 0 &&
+    -	    tp->ts_recent && TSTMP_LT(to.to_tsval, tp->ts_recent)) {
+    +	if ((to.to_flag & TOF_TS) != 0 && tp->ts_recent &&
+    +	    TSTMP_LT(to.to_tsval, tp->ts_recent)) {
+     
+     		/* Check to see if ts_recent is over 24 days old.  */
+     		if ((int)(tcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) {
+    @@ -1013,10 +1095,19 @@
+     	 *   RST segments do not have to comply with this.
+     	 */
+     	if ((tp->t_flags & (TF_REQ_CC|TF_RCVD_CC)) == (TF_REQ_CC|TF_RCVD_CC) &&
+    -	    ((to.to_flag & TOF_CC) == 0 || tp->cc_recv != to.to_cc) &&
+    -	    (tiflags & TH_RST) == 0)
+    +	    ((to.to_flag & TOF_CC) == 0 || tp->cc_recv != to.to_cc))
+      		goto dropafterack;
+     
+    +	/*
+    +	 * In the SYN-RECEIVED state, validate that the packet belongs to
+    +	 * this connection before trimming the data to fit the receive
+    +	 * window.  Check the sequence number versus IRS since we know
+    +	 * the sequence numbers haven't wrapped.  This is a partial fix
+    +	 * for the "LAND" DoS attack.
+    +	 */
+    +	if (tp->t_state == TCPS_SYN_RECEIVED && SEQ_LT(ti->ti_seq, tp->irs))
+    +		goto dropwithreset;
+    +
+     	todrop = tp->rcv_nxt - ti->ti_seq;
+     	if (todrop > 0) {
+     		if (tiflags & TH_SYN) {
+    @@ -1128,40 +1219,6 @@
+     	}
+     
+     	/*
+    -	 * If the RST bit is set examine the state:
+    -	 *    SYN_RECEIVED STATE:
+    -	 *	If passive open, return to LISTEN state.
+    -	 *	If active open, inform user that connection was refused.
+    -	 *    ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT STATES:
+    -	 *	Inform user that connection was reset, and close tcb.
+    -	 *    CLOSING, LAST_ACK, TIME_WAIT STATES
+    -	 *	Close the tcb.
+    -	 */
+    -	if (tiflags&TH_RST) switch (tp->t_state) {
+    -
+    -	case TCPS_SYN_RECEIVED:
+    -		so->so_error = ECONNREFUSED;
+    -		goto close;
+    -
+    -	case TCPS_ESTABLISHED:
+    -	case TCPS_FIN_WAIT_1:
+    -	case TCPS_FIN_WAIT_2:
+    -	case TCPS_CLOSE_WAIT:
+    -		so->so_error = ECONNRESET;
+    -	close:
+    -		tp->t_state = TCPS_CLOSED;
+    -		tcpstat.tcps_drops++;
+    -		tp = tcp_close(tp);
+    -		goto drop;
+    -
+    -	case TCPS_CLOSING:
+    -	case TCPS_LAST_ACK:
+    -	case TCPS_TIME_WAIT:
+    -		tp = tcp_close(tp);
+    -		goto drop;
+    -	}
+    -
+    -	/*
+     	 * If a SYN is in the window, then this is an
+     	 * error and we send an RST and drop the connection.
+     	 */
+    @@ -1667,9 +1724,22 @@
+     	/*
+     	 * Generate an ACK dropping incoming segment if it occupies
+     	 * sequence space, where the ACK reflects our state.
+    -	 */
+    -	if (tiflags & TH_RST)
+    -		goto drop;
+    +	 *
+    +	 * We can now skip the test for the RST flag since all
+    +	 * paths to this code happen after packets containing
+    +	 * RST have been dropped.
+    +	 *
+    +	 * In the SYN-RECEIVED state, don't send an ACK unless the
+    +	 * segment we received passes the SYN-RECEIVED ACK test.
+    +	 * If it fails send a RST.  This breaks the loop in the
+    +	 * "LAND" DoS attack, and also prevents an ACK storm
+    +	 * between two listening ports that have been sent forged
+    +	 * SYN segments, each with the source address of the other.
+    +	 */
+    +	if (tp->t_state == TCPS_SYN_RECEIVED && (tiflags & TH_ACK) &&
+    +	    (SEQ_GT(tp->snd_una, ti->ti_ack) ||
+    +	     SEQ_GT(ti->ti_ack, tp->snd_max)) )
+    +		goto dropwithreset;
+     #ifdef TCPDEBUG
+     	if (so->so_options & SO_DEBUG)
+     		tcp_trace(TA_DROP, ostate, tp, &tcp_saveti, 0);
+
+Here is the patch to apply to 3.0-current systems from before
+September 11, 1998.  This patch is known to apply to systems just
+before this date, but as you move farther back in the 3.0-current
+branch, it may become more difficult for this patch to apply.
+
+
+    Index: tcp_input.c
+    ===================================================================
+    RCS file: /home/cvsup/freebsd/CVS/src/sys/netinet/tcp_input.c,v
+    retrieving revision 1.80
+    retrieving revision 1.81
+    diff -u -r1.80 -r1.81
+    --- tcp_input.c	1998/08/24 07:47:39	1.80
+    +++ tcp_input.c	1998/09/11 16:04:03	1.81
+    @@ -979,17 +979,99 @@
+     
+     	/*
+     	 * States other than LISTEN or SYN_SENT.
+    -	 * First check timestamp, if present.
+    +	 * First check the RST flag and sequence number since reset segments
+    +	 * are exempt from the timestamp and connection count tests.  This
+    +	 * fixes a bug introduced by the Stevens, vol. 2, p. 960 bugfix
+    +	 * below which allowed reset segments in half the sequence space
+    +	 * to fall though and be processed (which gives forged reset
+    +	 * segments with a random sequence number a 50 percent chance of
+    +	 * killing a connection).
+    +	 * Then check timestamp, if present.
+     	 * Then check the connection count, if present.
+     	 * Then check that at least some bytes of segment are within
+     	 * receive window.  If segment begins before rcv_nxt,
+     	 * drop leading data (and SYN); if nothing left, just ack.
+     	 *
+    +	 *
+    +	 * If the RST bit is set, check the sequence number to see
+    +	 * if this is a valid reset segment.
+    +	 * RFC 793 page 37:
+    +	 *   In all states except SYN-SENT, all reset (RST) segments
+    +	 *   are validated by checking their SEQ-fields.  A reset is
+    +	 *   valid if its sequence number is in the window.
+    +	 * Note: this does not take into account delayed ACKs, so
+    +	 *   we should test against last_ack_sent instead of rcv_nxt.
+    +	 *   Also, it does not make sense to allow reset segments with
+    +	 *   sequence numbers greater than last_ack_sent to be processed
+    +	 *   since these sequence numbers are just the acknowledgement
+    +	 *   numbers in our outgoing packets being echoed back at us,
+    +	 *   and these acknowledgement numbers are monotonically
+    +	 *   increasing.
+    +	 * If we have multiple segments in flight, the intial reset
+    +	 * segment sequence numbers will be to the left of last_ack_sent,
+    +	 * but they will eventually catch up.
+    +	 * In any case, it never made sense to trim reset segments to
+    +	 * fit the receive window since RFC 1122 says:
+    +	 *   4.2.2.12  RST Segment: RFC-793 Section 3.4
+    +	 *
+    +	 *    A TCP SHOULD allow a received RST segment to include data.
+    +	 *
+    +	 *    DISCUSSION
+    +	 *         It has been suggested that a RST segment could contain
+    +	 *         ASCII text that encoded and explained the cause of the
+    +	 *         RST.  No standard has yet been established for such
+    +	 *         data.
+    +	 *
+    +	 * If the reset segment passes the sequence number test examine
+    +	 * the state:
+    +	 *    SYN_RECEIVED STATE:
+    +	 *	If passive open, return to LISTEN state.
+    +	 *	If active open, inform user that connection was refused.
+    +	 *    ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT STATES:
+    +	 *	Inform user that connection was reset, and close tcb.
+    +	 *    CLOSING, LAST_ACK, TIME_WAIT STATES
+    +	 *	Close the tcb.
+    +	 *    TIME_WAIT state:
+    +	 *	Drop the segment - see Stevens, vol. 2, p. 964 and
+    +	 *      RFC 1337.
+    +	 */
+    +	if (tiflags & TH_RST) {
+    +		if (tp->last_ack_sent == ti->ti_seq) {
+    +			switch (tp->t_state) {
+    +
+    +			case TCPS_SYN_RECEIVED:
+    +				so->so_error = ECONNREFUSED;
+    +				goto close;
+    +
+    +			case TCPS_ESTABLISHED:
+    +			case TCPS_FIN_WAIT_1:
+    +			case TCPS_FIN_WAIT_2:
+    +			case TCPS_CLOSE_WAIT:
+    +				so->so_error = ECONNRESET;
+    +			close:
+    +				tp->t_state = TCPS_CLOSED;
+    +				tcpstat.tcps_drops++;
+    +				tp = tcp_close(tp);
+    +				break;
+    +
+    +			case TCPS_CLOSING:
+    +			case TCPS_LAST_ACK:
+    +				tp = tcp_close(tp);
+    +				break;
+    +
+    +			case TCPS_TIME_WAIT:
+    +				break;
+    +			}
+    +		}
+    +		goto drop;
+    +	}
+    +
+    +	/*
+     	 * RFC 1323 PAWS: If we have a timestamp reply on this segment
+     	 * and it's less than ts_recent, drop it.
+     	 */
+    -	if ((to.to_flag & TOF_TS) != 0 && (tiflags & TH_RST) == 0 &&
+    -	    tp->ts_recent && TSTMP_LT(to.to_tsval, tp->ts_recent)) {
+    +	if ((to.to_flag & TOF_TS) != 0 && tp->ts_recent &&
+    +	    TSTMP_LT(to.to_tsval, tp->ts_recent)) {
+     
+     		/* Check to see if ts_recent is over 24 days old.  */
+     		if ((int)(tcp_now - tp->ts_recent_age) > TCP_PAWS_IDLE) {
+    @@ -1020,10 +1102,19 @@
+     	 *   RST segments do not have to comply with this.
+     	 */
+     	if ((tp->t_flags & (TF_REQ_CC|TF_RCVD_CC)) == (TF_REQ_CC|TF_RCVD_CC) &&
+    -	    ((to.to_flag & TOF_CC) == 0 || tp->cc_recv != to.to_cc) &&
+    -	    (tiflags & TH_RST) == 0)
+    +	    ((to.to_flag & TOF_CC) == 0 || tp->cc_recv != to.to_cc))
+      		goto dropafterack;
+     
+    +	/*
+    +	 * In the SYN-RECEIVED state, validate that the packet belongs to
+    +	 * this connection before trimming the data to fit the receive
+    +	 * window.  Check the sequence number versus IRS since we know
+    +	 * the sequence numbers haven't wrapped.  This is a partial fix
+    +	 * for the "LAND" DoS attack.
+    +	 */
+    +	if (tp->t_state == TCPS_SYN_RECEIVED && SEQ_LT(ti->ti_seq, tp->irs))
+    +		goto dropwithreset;
+    +
+     	todrop = tp->rcv_nxt - ti->ti_seq;
+     	if (todrop > 0) {
+     		if (tiflags & TH_SYN) {
+    @@ -1135,40 +1226,6 @@
+     	}
+     
+     	/*
+    -	 * If the RST bit is set examine the state:
+    -	 *    SYN_RECEIVED STATE:
+    -	 *	If passive open, return to LISTEN state.
+    -	 *	If active open, inform user that connection was refused.
+    -	 *    ESTABLISHED, FIN_WAIT_1, FIN_WAIT2, CLOSE_WAIT STATES:
+    -	 *	Inform user that connection was reset, and close tcb.
+    -	 *    CLOSING, LAST_ACK, TIME_WAIT STATES
+    -	 *	Close the tcb.
+    -	 */
+    -	if (tiflags&TH_RST) switch (tp->t_state) {
+    -
+    -	case TCPS_SYN_RECEIVED:
+    -		so->so_error = ECONNREFUSED;
+    -		goto close;
+    -
+    -	case TCPS_ESTABLISHED:
+    -	case TCPS_FIN_WAIT_1:
+    -	case TCPS_FIN_WAIT_2:
+    -	case TCPS_CLOSE_WAIT:
+    -		so->so_error = ECONNRESET;
+    -	close:
+    -		tp->t_state = TCPS_CLOSED;
+    -		tcpstat.tcps_drops++;
+    -		tp = tcp_close(tp);
+    -		goto drop;
+    -
+    -	case TCPS_CLOSING:
+    -	case TCPS_LAST_ACK:
+    -	case TCPS_TIME_WAIT:
+    -		tp = tcp_close(tp);
+    -		goto drop;
+    -	}
+    -
+    -	/*
+     	 * If a SYN is in the window, then this is an
+     	 * error and we send an RST and drop the connection.
+     	 */
+    @@ -1673,9 +1730,22 @@
+     	/*
+     	 * Generate an ACK dropping incoming segment if it occupies
+     	 * sequence space, where the ACK reflects our state.
+    -	 */
+    -	if (tiflags & TH_RST)
+    -		goto drop;
+    +	 *
+    +	 * We can now skip the test for the RST flag since all
+    +	 * paths to this code happen after packets containing
+    +	 * RST have been dropped.
+    +	 *
+    +	 * In the SYN-RECEIVED state, don't send an ACK unless the
+    +	 * segment we received passes the SYN-RECEIVED ACK test.
+    +	 * If it fails send a RST.  This breaks the loop in the
+    +	 * "LAND" DoS attack, and also prevents an ACK storm
+    +	 * between two listening ports that have been sent forged
+    +	 * SYN segments, each with the source address of the other.
+    +	 */
+    +	if (tp->t_state == TCPS_SYN_RECEIVED && (tiflags & TH_ACK) &&
+    +	    (SEQ_GT(tp->snd_una, ti->ti_ack) ||
+    +	     SEQ_GT(ti->ti_ack, tp->snd_max)) )
+    +		goto dropwithreset;
+     #ifdef TCPDEBUG
+     	if (so->so_options & SO_DEBUG)
+     		tcp_trace(TA_DROP, ostate, tp, &tcp_saveti, 0);
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBNiOat1UuHi5z0oilAQHd+gP/ejply8nSa1eZ4Fntvs7AI0J4+A00INa6
+taew67WuQt2a6vMfjtqjYMjt09BCaxWgrKftWfb/sn9vF3WNIZ313xOf0NBpdLAm
+mTctCLssy/1fw1wmeNBrrA2XyhsmiobZ6KPDOzqKR+xHF9gLQh7ygDc8dBsXUQMp
+3kejs4imNb4=
+=cP5N
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-98:08.fragment.asc b/share/security/advisories/FreeBSD-SA-98:08.fragment.asc
new file mode 100644
index 0000000000..c2af44052c
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-98:08.fragment.asc
@@ -0,0 +1,96 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-98:08                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          IP fragmentation denial of service
+
+Category:       core
+Module:         kernel
+Announced:      1998-11-04
+Affects:        FreeBSD 3.0 and
+		FreeBSD-current before the correction date.
+Corrected:      FreeBSD-3.0 and FreeBSD-current as of 1998/10/27
+FreeBSD only:   Yes
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-98:08/
+
+I.   Background    
+
+IP connections are controlled through a series of packets that are
+received by the two computers involved in the connection.  
+When packets are too large to be sent in a single IP packet (due to
+interface hardware limitations for example), they can be fragmented
+(unless prohibited by the Don't Fragment flag).
+The final destination will reassemble all the fragments of an IP packet
+and pass it to higher protocol layers (like TCP or UDP).
+
+II.  Problem Description
+
+There is a bug in the IP fragment reassembly code that might lead
+to a kernel panic. An attacker can create and send a pair of
+malformed IP packets which are then reassembled into an invalid
+UDP datagram. Such an UDP datagram would then cause a server to
+panic and crash.
+
+
+III. Impact
+
+When this bug is exploited the operating system will panic. This results
+in a reboot of the system.
+This vulnerability has been discussed in public security forums and
+exploit programs are circulating to take advantage of this bug.
+
+
+IV.  Workaround
+
+None.
+
+V.   Solution
+
+
+    Index: ip_input.c
+    ===================================================================
+    RCS file: /home/cvsup/freebsd/CVS/src/sys/netinet/ip_input.c,v
+    retrieving revision 1.102
+    retrieving revision 1.103
+    diff -u -u -r1.102 -r1.103
+    --- ip_input.c	1998/10/16 03:55:01	1.102
+    +++ ip_input.c	1998/10/27 09:11:41	1.103
+    @@ -750,7 +750,7 @@
+     	 * if they are completely covered, dequeue them.
+     	 */
+     	for (; q != NULL && ip->ip_off + ip->ip_len > GETIP(q)->ip_off;
+    -	     p = q, q = nq) {
+    +	     q = nq) {
+     		i = (ip->ip_off + ip->ip_len) -
+     		    GETIP(q)->ip_off;
+     		if (i < GETIP(q)->ip_len) {
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+
+iQCVAwUBNkCrf1UuHi5z0oilAQE0GgQAga3x91fd4QU8/vXKkPp8h2hUmHifhdIc
+K4PynSKtqP8IQFzMzGApMU5MLCV2s6cXLj2cznAuCcHiF6xWsTIf1JoqgtaYZaTS
+pBtW9Dxp+5OYlVnGHfijUbO8sop2PpAqaBpVv2CnxYvFz3sMbM8z1H7wkWEHvL7Z
+MHXYAJ2Apfk=
+=fOyn
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-99:01.chflags.asc b/share/security/advisories/FreeBSD-SA-99:01.chflags.asc
new file mode 100644
index 0000000000..020df03294
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-99:01.chflags.asc
@@ -0,0 +1,183 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-99:01                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          BSD File Flags and Programming Techniques
+
+Category:       core
+Module:         kernel
+Announced:      1999-09-04
+Affects:        FreeBSD 3.2 (and earlier)
+		FreeBSD-current before the correction date.
+Corrected:      FreeBSD-3.3 RELEASE
+		FreeBSD-current as of 1999/08/02
+		FreeBSD-3.2-stable as of 1999/08/02
+		FreeBSD-2.2.8-stable as of 1999/08/04
+FreeBSD only:   NO
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:01/
+
+I.   Background    
+
+BSD 4.4 added various flags to files in the file system.  These flags
+control various aspects of which operations are permitted on those
+files.  Historically, root has been been able to do all of these
+operations so many programs that knew they were running as root didn't
+check to make sure that these operations succeeded.
+
+II.  Problem Description
+
+A user can set flags and mode on the device which they logged into.
+Since a bug in login and other similar programs causes the normal
+chown to fail, this first user will own the terminal of any login.
+
+III. Impact
+
+Local users can execute a man-in-the-middle attack against any other
+user (including root) when the other users logs in.  This give them
+the ability to snoop and alter all text that the user writes.  Results
+of this include the ability to execute commands as the user, and
+stealing the user's password (and anything else the users writes over
+the connection, including passwords for other machines).
+
+IV.  Workaround
+
+None.
+
+V.   Solution
+
+    FreeBSD-current
+
+        Index: kern/vfs_syscalls.c
+        ===================================================================
+        RCS file: /home/imp/FreeBSD/CVS/src/sys/kern/vfs_syscalls.c,v
+        retrieving revision 1.125
+        retrieving revision 1.128
+        diff -u -r1.125 -r1.128
+        --- vfs_syscalls.c	1999/07/29 17:02:56	1.125
+        +++ vfs_syscalls.c	1999/08/04 04:52:18	1.128
+        @@ -1892,13 +1892,23 @@
+                int error;
+                struct vattr vattr;
+
+        +	/*
+        +	 * Prevent non-root users from setting flags on devices.  When
+        +	 * a device is reused, users can retain ownership of the device
+        +	 * if they are allowed to set flags and programs assume that
+        +	 * chown can't fail when done as root.
+        +	 */
+        +	if ((vp->v_type == VCHR || vp->v_type == VBLK) && 
+        +	    ((error = suser_xxx(p->p_ucred, p, PRISON_ROOT)) != 0))
+        +		return (error);
+        +
+                VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
+                vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
+                VATTR_NULL(&vattr);
+                vattr.va_flags = flags;
+                error = VOP_SETATTR(vp, &vattr, p->p_ucred, p);
+                VOP_UNLOCK(vp, 0, p);
+        -	return error;
+        +	return (error);
+         }
+
+         /*
+
+    FreeBSD-3.2-stable
+
+        Index: kern/vfs_syscalls.c
+        ===================================================================
+        RCS file: /home/imp/FreeBSD/CVS/src/sys/kern/vfs_syscalls.c,v
+        retrieving revision 1.112.2.3
+        retrieving revision 1.112.2.5
+        diff -u -r1.112.2.3 -r1.112.2.5
+        --- vfs_syscalls.c	1999/07/30 01:07:23	1.112.2.3
+        +++ vfs_syscalls.c	1999/08/11 21:39:50	1.112.2.5
+        @@ -1839,13 +1839,23 @@
+                int error;
+                struct vattr vattr;
+
+        +  	/*
+        +	 * Prevent non-root users from setting flags on devices.  When
+        +	 * a device is reused, users can retain ownership of the device
+        +	 * if they are allowed to set flags and programs assume that
+        +	 * chown can't fail when done as root.
+        +	 */
+        +	if ((vp->v_type == VCHR || vp->v_type == VBLK) && 
+        +	    ((error = suser(p->p_ucred, &p->p_acflag)) != 0))
+        +		return (error);
+        +
+                VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE);
+                vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p);
+                VATTR_NULL(&vattr);
+                vattr.va_flags = flags;
+                error = VOP_SETATTR(vp, &vattr, p->p_ucred, p);
+                VOP_UNLOCK(vp, 0, p);
+        -	return error;
+        +	return (error);
+         }
+
+         /*
+
+    FreeBSD 2.2.8-stable:
+
+        Index: kern/vfs_syscalls.c
+        ===================================================================
+        RCS file: /home/imp/FreeBSD/CVS/src/sys/kern/vfs_syscalls.c,v
+        retrieving revision 1.51.2.7
+        retrieving revision 1.51.2.8
+        diff -u -r1.51.2.7 -r1.51.2.8
+        --- vfs_syscalls.c	1998/07/03 03:50:31	1.51.2.7
+        +++ vfs_syscalls.c	1999/08/04 18:58:56	1.51.2.8
+        @@ -1439,6 +1439,17 @@
+                if (error)
+                        return (error);
+                vp = nd.ni_vp;
+        +	if ((error = VOP_GETATTR(vp, &vattr, p->p_ucred, p)))
+        +		return (error);
+        +	/*
+        +	 * Prevent non-root users from setting flags on devices.  When
+        +	 * a device is reused, users can retain ownership of the device
+        +	 * if they are allowed to set flags and programs assume that
+        +	 * chown can't fail when done as root.
+        +	 */
+        +	if ((vp->v_type == VCHR || vp->v_type == VBLK) &&
+        +	    ((error = suser(p->p_ucred, &p->p_acflag)) != 0))
+        +		return (error);
+                LEASE_CHECK(vp, p, p->p_ucred, LEASE_WRITE);
+                VOP_LOCK(vp);
+                VATTR_NULL(&vattr);
+
+VI.  Credits
+
+Theo de Raadt came up with the firewalling solution presented here.
+
+lumpy@blue.9mm.com brought this problem to light.
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
+
+iQCVAwUBN9CAHFUuHi5z0oilAQEJPwP/XhzCOs4ipJkZIPWlSDvsvPLcJWXzb3HK
+Fs8gLV3CPnW7YdSpveosI3hBY9WNCVAFx9WkM5+n+FBSRfbRzFJkkblN85ZCz7pI
++RXg6Sv5vuzy6SRxMRK2vu1FXuwZevVQaMq4ANUXpdo5MyUE8rMGb9PLWdxOxdf5
+s6zlG0oFyvI=
+=CqoX
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-99:02.profil.asc b/share/security/advisories/FreeBSD-SA-99:02.profil.asc
new file mode 100644
index 0000000000..9188813f47
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-99:02.profil.asc
@@ -0,0 +1,94 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-99:02                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Profiling Across Exec Calls
+
+Category:       core
+Module:         kernel
+Announced:      1999-09-04
+Affects:        FreeBSD 3.2 (and earlier)
+		FreeBSD-current before the correction date.
+Corrected:      FreeBSD-3.3 RELEASE
+		FreeBSD-current as of August 11, 1999
+		FreeBSD-3.2-stable as of August 22, 1999
+FreeBSD only:   No
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:02/
+
+I.   Background
+
+FreeBSD provides a mechanism to profile a running executable to aid in
+performance tuning.  This can be accomplished via a kernel mechanism
+to statistically sample the program counter of the program under
+profile.
+
+II.  Problem Description
+
+A flaw exists in the implementation which allows an attacker to cause
+arbitrary locations in program executed by the attacker.
+
+III. Impact
+
+No attacks against using this vulnerability this are known at this
+time.  An attacker could theoretically gain root access from a
+carefully crafted attack.
+
+IV.  Workaround
+
+Since profiling is done in the kernel via the profil(2) system call,
+one must patch the kernel so no workaround is possible.
+
+V.   Solution
+
+Apply the following patch.  It will apply to both FreeBSD-current before
+the resolution date and to 3.2-stable before the resolution date.
+
+    Index: kern_exec.c
+    ===================================================================
+    RCS file: /home/imp/FreeBSD/CVS/src/sys/kern/kern_exec.c,v
+    retrieving revision 1.99
+    retrieving revision 1.100
+    diff -u -r1.99 -r1.100
+    --- kern_exec.c	1999/04/27 11:15:55	1.99
+    +++ kern_exec.c	1999/08/11 20:35:38	1.100
+    @@ -228,6 +228,9 @@
+     		fdfree(p);
+     		p->p_fd = tmp;
+     	}
+    +
+    +	/* Stop profiling */
+    +	stopprofclock(p);
+     
+     	/* close files on exec */
+     	fdcloseexec(p);
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
+
+iQCVAwUBN9P1W1UuHi5z0oilAQFlZAQAmlNRAyLLiS1u22U/2+KeljeXqlkOtKUy
+iao/qY4Gp8cnzU3cTt0kEoBKi3htfo8LbW0xJwfdAn62+j9m7av8vv35QpayQnVN
+Z8RuLFHiSgF9ZSWUHY63hzKgGyImYyaTadg8Y0yURuULOUt6K0C8e5iLW6jFAXbn
+aNvXOImEY5Q=
+=IxuE
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-99:03.ftpd.asc b/share/security/advisories/FreeBSD-SA-99:03.ftpd.asc
new file mode 100644
index 0000000000..8695a54ab0
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-99:03.ftpd.asc
@@ -0,0 +1,110 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-99:03                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Three ftp daemons in ports vulnerable to attack.
+
+Category:       ports
+Module:         wu-ftpd and proftpd
+Announced:      1999-09-05
+Reissued:	1999-09-15
+Affects:        FreeBSD 3.2 (and earlier)
+		FreeBSD-current and -stable before the correction date.
+Corrected:      FreeBSD-3.3 RELEASE
+		FreeBSD as of 1999/08/30 for wuftpd only
+		(Note: there is only one ports tree which is shared with
+		 all FreeBSD branches, so if you are running a -stable
+		 version of FreeBSD you will also be impacted.)
+FreeBSD only:   NO
+Bugtraq Id:	proftpd: 612
+
+Patches:        NONE
+
+I.   Background    
+
+wuftpd, beroftpd and proftpd are all optional portions of the system
+designed to replace the stock ftpd on a FreeBSD system.  They are
+written and maintained by third parties and are included in the
+FreeBSD ports collection.
+
+II.  Problem Description
+
+There are different security problems which can lead to remote root
+access in these ports or packages.
+
+The standard ftp daemon which ships with FreeBSD is not impacted by
+either of these problems.
+
+III. Impact
+
+Remote users can gain root.
+
+IV.  Workaround
+
+Disable the ftp daemon until you can upgrade your system, or use the
+stock ftpd that comes with FreeBSD.
+
+V.   Solution
+
+Upgrade your wu-ftpd port to the version in the cvs repository after
+August 30, 1999.  If you are not using the wu-ftpd port, then you
+should visit their web site and follow instructions there to patch
+your existing version.
+
+beroftpd, which was listed in the original wu-ftpd group's advisory as
+having a similar problem, has not been corrected as of September 15,
+1999.  It will not be in the 3.3 release.  The port has been marked
+forbidden and will remain so until the security problems have been
+corrected.  If you are running beroftpd you are encouraged to find if
+patches are available for it which corrects these problems before
+enabling it on your system.
+
+proftpd, which had different security problems, has not been updated
+to a safe version as of September 15, 1999.  It will not be in the 3.3
+release.  It will not be in the 3.3 release.  The port has been marked
+forbidden and will remain so until the security problems have been
+corrected.  If you are running proftpd, you are encouraged to find out
+if there are patches which correct these problems before reenabling it
+on your system.
+
+The previous advisory suggested that any FreeBSD ports version of
+proftpd after August 30 had the security problems corrected.  This has
+proven to not be the case and was the primary reason for reissuing
+this advisory.  While reissuing the advisory, we added beroftpd since
+it shares a code history with wu-ftpd.  The original advisory
+mistakenly asserted that proftpd also shared a code history with
+wuftpd, which is not the case.
+
+VI.  Credits and Pointers
+
+The wu-ftpd advisory can be found at
+	ftp://ftp.wu-ftpd.org/pub/wu-ftpd/2.5.0.Security.Update.asc
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
+
+iQCVAwUBN+BmhFUuHi5z0oilAQFlOAQAiU3kAPurRruiFGfG33OsM3ni86HFpKPZ
+Hb9pINkP9Fu8qdKD/JKYYSxCLRhJLoqojSHXXpVvhJUOQx+1RVaiVCVNvZhV0ypx
+0M/+VEg1IpusbxkTRbNFE6cUrMwAiHvbZepYp41slTiA2MwDV7cqX1yvv1InGU1z
+HSfQSOB/Kfs=
+=NPAs
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-99:04.core.asc b/share/security/advisories/FreeBSD-SA-99:04.core.asc
new file mode 100644
index 0000000000..20e9a582ea
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-99:04.core.asc
@@ -0,0 +1,284 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-99:04                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          Coredumps and symbolic links
+
+Category:       core
+Module:         kernel
+Announced:      1999-09-15
+Affects:        FreeBSD 3.2 (and earlier)
+		FreeBSD-current before the correction date.
+		FreeBSD 3.2-stable before the correction date.
+		FreeBSD 2.2.8-stable before the correction date.
+Corrected:      FreeBSD-3.3 RELEASE
+		FreeBSD-current as of 1999/08/26
+		FreeBSD-3.2-stable as of 1999/08/26
+		FreeBSD-2.2.8-stable as of 1999/08/29
+		The FreeBSD-3.3-RC series of releases are not affected.
+FreeBSD only:   NO
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:04/
+
+I.   Background
+
+As a diagnostic aid to help programmers find bugs in their programs,
+the system creates core files when an illegal instruction or other
+fatal error happens.  A flaw in the kernel allowed it to follow
+symbolic links when creating core files.
+
+II.  Problem Description
+
+The fts library functions had a flaw in them where which would lead to
+a core dump when periodic ran the security checking scripts (or other
+scripts which traverse trees that can be controlled by users).
+periodic(3) should limit core size to zero to disable core dumps while
+it is executing commands, but does not do so.  In addition, the kernel
+should not follow symbolic links.
+
+All three of these problems caused a situation where it was possible
+for an attacker could create or overwrite an arbitrary file on the
+system with a moderate degree of controll of its contents to cause a
+problem.
+
+III. Impact
+
+Local users could gain root access.
+
+IV.  Workaround
+
+One can workaround this problem by preventing core dumps for periodic.
+This solution is less than completely satisfying, since it only plugs
+the known exploit hole.  None the less, this may provide a short term
+stopgap solution until a new kernel and/or userland can be installed.
+
+    # mv /usr/sbin/periodic /usr/sbin/periodic.bin
+    # cat > /usr/sbin/periodic
+    #!/bin/sh
+    ulimit -c 0
+    /usr/sbin/periodic.bin $*
+    ^D
+    # chmod 555 /usr/sbin/periodic
+
+Another alternative would be to update the fts routines to a version
+newer than 1999/09/02 (for -current or 3.3-stable) or 1999/09/04 (for
+2.2.8-stable).  However, this requires that you rebuild via "make
+world" to take effect.
+
+V.   Solution
+
+Please note: there is a separate advisory describing the fts problem
+and solution.  Please see FreeBSD-SA-99:05.fts.asc in the advisories
+directory for additional information about the fts patch.
+
+Apply the following patches to your kernel.  They will disallow
+following symbolic links when creating core files.  This will stop
+this attack, and all similar such attacks.
+
+Here's the patch for freebsd-current:
+
+    *** kern/imgact_elf.c	1999/07/09 19:10:14	1.61
+    --- kern/imgact_elf.c	1999/08/26 17:32:48	1.62
+    ***************
+    *** 722,729 ****
+	    if (name == NULL)
+		    return (EFAULT);	/* XXX -- not the best error */
+
+    ! 	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p);
+    ! 	error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR);
+	    free(name, M_TEMP);
+	    if (error)
+		    return (error);
+    --- 722,729 ----
+	    if (name == NULL)
+		    return (EFAULT);	/* XXX -- not the best error */
+
+    ! 	NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p);
+    ! 	error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR);
+	    free(name, M_TEMP);
+	    if (error)
+		    return (error);
+    *** kern/imgact_aout.c	1999/05/17 00:53:36	1.52
+    --- kern/imgact_aout.c	1999/08/26 17:32:48	1.53
+    ***************
+    *** 264,271 ****
+	    name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid);
+	    if (name == NULL)
+		    return (EFAULT);	/* XXX -- not the best error */
+    ! 	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p);
+    ! 	error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR);
+	    free(name, M_TEMP);
+	    if (error)
+		    return (error);
+    --- 264,271 ----
+	    name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid);
+	    if (name == NULL)
+		    return (EFAULT);	/* XXX -- not the best error */
+    ! 	NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p);
+    ! 	error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR);
+	    free(name, M_TEMP);
+	    if (error)
+		    return (error);
+
+Here's the patch for freebsd-3.2-stable:
+
+    *** kern/imgact_elf.c	1999/07/15 13:01:54	1.44.2.4
+    --- kern/imgact_elf.c	1999/08/26 17:35:03	1.44.2.5
+    ***************
+    *** 699,706 ****
+	    if (name == NULL)
+		    return (EFAULT);	/* XXX -- not the best error */
+
+    ! 	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p);
+    ! 	error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR);
+	    free(name, M_TEMP);
+	    if (error)
+		    return (error);
+    --- 699,706 ----
+	    if (name == NULL)
+		    return (EFAULT);	/* XXX -- not the best error */
+
+    ! 	NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p);
+    ! 	error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR);
+	    free(name, M_TEMP);
+	    if (error)
+		    return (error);
+    *** kern/imgact_aout.c	1999/04/14 04:55:22	1.44.2.1
+    --- kern/imgact_aout.c	1999/08/26 17:35:02	1.44.2.2
+    ***************
+    *** 259,266 ****
+	    name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid);
+	    if (name == NULL)
+		    return (EFAULT);	/* XXX -- not the best error */
+    ! 	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p);
+    ! 	error = vn_open(&nd, O_CREAT | FWRITE, S_IRUSR | S_IWUSR);
+	    free(name, M_TEMP);
+	    if (error)
+		    return (error);
+    --- 259,266 ----
+	    name = expand_name(p->p_comm, p->p_ucred->cr_uid, p->p_pid);
+	    if (name == NULL)
+		    return (EFAULT);	/* XXX -- not the best error */
+    ! 	NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p);
+    ! 	error = vn_open(&nd, O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR);
+	    free(name, M_TEMP);
+	    if (error)
+		    return (error);
+
+Here's the patch for FreeBSD-2.2.8-stable
+
+    *** sys/LINK/fcntl.h	Wed Dec 18 05:08:08 1996
+    --- sys/fcntl.h	Fri Aug 27 14:39:26 1999
+    ***************
+    *** 84,89 ****
+    --- 84,90 ----
+      #define	O_EXLOCK	0x0020		/* open with exclusive file lock */
+      #define	O_ASYNC		0x0040		/* signal pgrp when data ready */
+      #define	O_FSYNC		0x0080		/* synchronous writes */
+    + #define	O_NOFOLLOW	0x0100		/* don't follow symlinks */
+      #endif
+      #define	O_CREAT		0x0200		/* create if nonexistent */
+      #define	O_TRUNC		0x0400		/* truncate to zero length */
+    *** kern/LINK/kern_sig.c	Sat Dec 21 10:57:24 1996
+    --- kern/kern_sig.c	Fri Aug 27 14:38:25 1999
+    ***************
+    *** 1241,1249 ****
+		p->p_rlimit[RLIMIT_CORE].rlim_cur)
+		    return (EFAULT);
+	    sprintf(name, "%s.core", p->p_comm);
+    ! 	NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, name, p);
+	    if ((error = vn_open(&nd,
+    ! 	    O_CREAT | FWRITE, S_IRUSR | S_IWUSR)))
+		    return (error);
+	    vp = nd.ni_vp;
+
+    --- 1241,1249 ----
+		p->p_rlimit[RLIMIT_CORE].rlim_cur)
+		    return (EFAULT);
+	    sprintf(name, "%s.core", p->p_comm);
+    ! 	NDINIT(&nd, LOOKUP, NOFOLLOW, UIO_SYSSPACE, name, p);
+	    if ((error = vn_open(&nd,
+    ! 	    O_CREAT | FWRITE | O_NOFOLLOW, S_IRUSR | S_IWUSR)))
+		    return (error);
+	    vp = nd.ni_vp;
+
+    *** kern/LINK/vfs_vnops.c	Sat Mar  8 07:16:18 1997
+    --- kern/vfs_vnops.c	Fri Aug 27 14:37:01 1999
+    ***************
+    *** 87,93 ****
+	    if (fmode & O_CREAT) {
+		    ndp->ni_cnd.cn_nameiop = CREATE;
+		    ndp->ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF;
+    ! 		if ((fmode & O_EXCL) == 0)
+			    ndp->ni_cnd.cn_flags |= FOLLOW;
+		    error = namei(ndp);
+		    if (error)
+    --- 87,93 ----
+	    if (fmode & O_CREAT) {
+		    ndp->ni_cnd.cn_nameiop = CREATE;
+		    ndp->ni_cnd.cn_flags = LOCKPARENT | LOCKLEAF;
+    ! 		if ((fmode & O_EXCL) == 0 && (fmode & O_NOFOLLOW) == 0)
+			    ndp->ni_cnd.cn_flags |= FOLLOW;
+		    error = namei(ndp);
+		    if (error)
+    ***************
+    *** 119,125 ****
+		    }
+	    } else {
+		    ndp->ni_cnd.cn_nameiop = LOOKUP;
+    ! 		ndp->ni_cnd.cn_flags = FOLLOW | LOCKLEAF;
+		    error = namei(ndp);
+		    if (error)
+			    return (error);
+    --- 119,126 ----
+		    }
+	    } else {
+		    ndp->ni_cnd.cn_nameiop = LOOKUP;
+    ! 		ndp->ni_cnd.cn_flags =
+    ! 		    ((fmode & O_NOFOLLOW) ? NOFOLLOW : FOLLOW) | LOCKLEAF;
+		    error = namei(ndp);
+		    if (error)
+			    return (error);
+    *** kern/LINK/vfs_syscalls.c	Wed Aug  4 12:44:30 1999
+    --- kern/vfs_syscalls.c	Sat Aug 28 10:48:51 1999
+    ***************
+    *** 694,699 ****
+    --- 694,701 ----
+	    flags = FFLAGS(uap->flags);
+	    if ((flags & FREAD + FWRITE) == 0)
+		    return (EINVAL);
+    + 	if (flags & O_NOFOLLOW)
+    + 		flags &= ~O_NOFOLLOW;
+	    error = falloc(p, &nfp, &indx);
+	    if (error)
+		    return (error);
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
+
+iQCVAwUBN+B44VUuHi5z0oilAQHkwwP9HeLkRJY/iXIYXUx8/A38EAxM/TAqxoiI
+ym7ZyktNtuCbum8ovCIfmkpnafaFyXmVSDhCX77LbIy+1clEBnelyueJ9TbKpBgU
+KWjTWmfj/7QsU2Ya/f7FK80ee8y7GjTTYxilnxxzTmM8ihHzFXrPHudoO4lTR7Op
+2VII3pQVxOM=
+=bJXX
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-99:05.fts.asc b/share/security/advisories/FreeBSD-SA-99:05.fts.asc
new file mode 100644
index 0000000000..277ff934d5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-99:05.fts.asc
@@ -0,0 +1,152 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-99:05                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          fts library routine vulnerability
+
+Category:       core
+Module:         kernel
+Announced:      1999-09-15
+Affects:        FreeBSD 3.2 (and earlier)
+		FreeBSD-current before the correction date.
+		FreeBSD 3.2-stable before the correction date.
+Corrected:      FreeBSD-3.3 RELEASE
+		FreeBSD-current as of 1999/08/26
+		FreeBSD-3.2-stable as of 1999/08/26
+		The FreeBSD-3.3-RC series of releases are not affected.
+FreeBSD only:   NO
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:05/
+
+I.   Background
+
+The fts library routines provide a convenient way for a program to
+walk a hierarchy of files.
+
+II.  Problem Description
+
+The fts library functions had a buffer overflow in them where which
+would lead to a core dump when periodic ran the security checking
+scripts (or other scripts which traverse trees that can be controlled
+by users).  periodic(3) should limit core size to zero to disable core
+dumps while it is executing commands, but does not do so.  In
+addition, the kernel should not follow symbolic links.
+
+All three of these problems caused a situation where it was possible
+for an attacker could create or overwrite an arbitrary file on the
+system with a moderate degree of controll of its contents to cause a
+problem.
+
+III. Impact
+
+Local users could gain root access.
+
+IV.  Workaround
+
+One can workaround this problem by preventing core dumps for periodic.
+This solution is less than completely satisfying, since it only plugs
+the known exploit hole.  None the less, this may provide a short term
+stopgap solution until a new kernel and userland can be installed.
+
+    # mv /usr/sbin/periodic /usr/sbin/periodic.bin
+    # cat > /usr/sbin/periodic
+    #!/bin/sh
+    ulimit -c 0
+    /usr/sbin/periodic.bin $*
+    ^D
+    # chmod 555 /usr/sbin/periodic
+
+V.   Solution
+
+Apply the following patches to libc and do a make world.  Please also
+see the companion advisory FreeBSD-SA-99:04.core.asc in the advisories
+directory of our ftp site for details on the kernel portions of this
+fix.
+
+    Index: lib/libc/gen/fts.c
+    ===================================================================
+    RCS file: /home/imp/FreeBSD/CVS/src/lib/libc/gen/fts.c,v
+    retrieving revision 1.10
+    retrieving revision 1.11
+    diff -u -r1.10 -r1.11
+    --- fts.c	1999/08/15 19:21:29	1.10
+    +++ fts.c	1999/09/02 07:45:07	1.11
+    @@ -963,6 +963,24 @@
+	    return (sp->fts_path == NULL);
+     }
+
+    +static void
+    +ADJUST(p, addr)
+    +	FTSENT *p;
+    +	void *addr;
+    +{
+    +	if ((p)->fts_accpath >= (p)->fts_path &&			
+    +	    (p)->fts_accpath < (p)->fts_path + (p)->fts_pathlen) {
+    +		if (p->fts_accpath != p->fts_path)
+    +			errx(1, "fts ADJUST: accpath %p path %p",
+    +			    p->fts_accpath, p->fts_path);
+    +		if (p->fts_level != 0)
+    +			errx(1, "fts ADJUST: level %d not 0", p->fts_level);
+    +		(p)->fts_accpath =					
+    +		    (char *)addr + ((p)->fts_accpath - (p)->fts_path);	
+    +	}
+    +	(p)->fts_path = addr;						
+    +}
+    +
+     /*
+      * When the path is realloc'd, have to fix all of the pointers in structures
+      * already returned.
+    @@ -974,18 +992,18 @@
+     {
+	    FTSENT *p;
+
+    -#define	ADJUST(p) {							\
+    -	(p)->fts_accpath =						\
+    -	    (char *)addr + ((p)->fts_accpath - (p)->fts_path);		\
+    +#define	ADJUST1(p) {							\
+    +	if ((p)->fts_accpath == (p)->fts_path)				\
+    +		(p)->fts_accpath = (addr);				\
+	    (p)->fts_path = addr;						\
+     }
+	    /* Adjust the current set of children. */
+	    for (p = sp->fts_child; p; p = p->fts_link)
+    -		ADJUST(p);
+    +		ADJUST(p, addr);
+
+	    /* Adjust the rest of the tree. */
+	    for (p = sp->fts_cur; p->fts_level >= FTS_ROOTLEVEL;) {
+    -		ADJUST(p);
+    +		ADJUST(p, addr);
+		    p = p->fts_link ? p->fts_link : p->fts_parent;
+	    }
+     }
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
+
+iQCVAwUBN+B9rFUuHi5z0oilAQHGYgP+IwrmdUBtCw1r8J/lt/wBrxH5wug70K1V
+t2graun2wIWvtkh+kmwKJP4tonzlxi/YhyqqATh4pFIZb5CUEtCR2/gcpHPwB4NX
+oNuIGGBtKftrrFnPf9aArFu/XFjrxyUPetYoXtfgGc5y6VlI6mupDnwt9oj34EeY
+VIb92qSfH+c=
+=tPng
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SA-99:06.amd.asc b/share/security/advisories/FreeBSD-SA-99:06.amd.asc
new file mode 100644
index 0000000000..498a14a197
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SA-99:06.amd.asc
@@ -0,0 +1,187 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SA-99:06                                            Security Advisory
+                                                                FreeBSD, Inc.
+
+Topic:          remote amd attack
+
+Category:       core
+Module:         kernel
+Announced:      1999-09-16
+Affects:        FreeBSD 3.2 (and earlier)
+		FreeBSD-current before the correction date.
+		FreeBSD 3.2-stable before the correction date.
+Corrected:      FreeBSD-3.3 RELEASE
+		FreeBSD-current as of September 7, 1999
+		FreeBSD-3.2-stable as of August 25, 1999
+		The FreeBSD-3.3-RC series of releases are not affected.
+FreeBSD only:   NO
+Bugtraq Id:	614 (variation)
+CERT ID:	CA-99.12
+
+Patches:        ftp://ftp.freebsd.org/pub/FreeBSD/CERT/patches/SA-99:06/
+
+I.   Background
+
+The amd program allows for a very flexible array of remote and local
+file systems to be mounted automatically on an as needed basis.  Amd
+is an optional untility that system administrators must explicitly
+enable.  If amd is not enabled on your system, then your system is not
+vulnerable.
+
+II.  Problem Description
+
+There are two buffer overflow vulnerabilities in the the amd daemon.
+
+III. Impact
+
+Remote users could execute arbitrary code as root in the amd daemon
+context.
+
+IV.  Workaround
+
+The only way to avoid these problems are to upgrade or not run the amd
+daemon.  That leaves disabling the amd deamon as your only workaround.
+
+V.   Solution
+
+Upgrade your system to one that is listed above as having the problem
+resolved, or you may patch your present systems.
+
+To patch your present system apply the following patches to amd,
+rebuild, install and restart amd (or reboot).
+
+Patches for 3.2-stable and -current systems before the resolution date:
+
+    Index: xutil.c
+    ===================================================================
+    RCS file: /home/ncvs/src/contrib/amd/libamu/xutil.c,v
+    retrieving revision 1.1.1.3
+    retrieving revision 1.1.1.3.2.1
+    diff -u -r1.1.1.3 -r1.1.1.3.2.1
+    --- xutil.c	1999/01/13 19:20:33	1.1.1.3
+    +++ xutil.c	1999/08/25 18:59:39	1.1.1.3.2.1
+    @@ -272,16 +272,18 @@
+
+     /*
+      * Take a log format string and expand occurrences of %m
+    - * with the current error code taken from errno.
+    + * with the current error code taken from errno.  Make sure
+    + * 'e' never gets longer than maxlen characters.
+      */
+     static void
+    -expand_error(char *f, char *e)
+    +expand_error(char *f, char *e, int maxlen)
+     {
+       extern int sys_nerr;
+    -  char *p;
+    +  char *p, *q;
+       int error = errno;
+    +  int len = 0;
+
+    -  for (p = f; (*e = *p); e++, p++) {
+    +  for (p = f, q = e; (*q = *p) && len < maxlen; len++, q++, p++) {
+	 if (p[0] == '%' && p[1] == 'm') {
+	   const char *errstr;
+	   if (error < 0 || error >= sys_nerr)
+    @@ -289,13 +291,15 @@
+	   else
+	    errstr = sys_errlist[error];
+	   if (errstr)
+    -	strcpy(e, errstr);
+    +	strcpy(q, errstr);
+	   else
+    -	sprintf(e, "Error %d", error);
+    -      e += strlen(e) - 1;
+    +	sprintf(q, "Error %d", error);
+    +      len += strlen(q) - 1;
+    +      q += strlen(q) - 1;
+	   p++;
+	 }
+       }
+    +  e[maxlen-1] = '\0';		/* null terminate, to be sure */
+     }
+
+
+    @@ -401,9 +405,15 @@
+       checkup_mem();
+     #endif /* DEBUG_MEM */
+
+    -  expand_error(fmt, efmt);
+    +  expand_error(fmt, efmt, 1024);
+
+    +  /*
+    +   * XXX: ptr is 1024 bytes long.  It is possible to write into it
+    +   * more than 1024 bytes, if efmt is already large, and vargs expand
+    +   * as well.
+    +   */
+       vsprintf(ptr, efmt, vargs);
+    +  msg[1023] = '\0';		/* null terminate, to be sure */
+
+       ptr += strlen(ptr);
+       if (ptr[-1] == '\n')
+    Index: amq_subr.c
+    ===================================================================
+    RCS file: /home/imp/FreeBSD/CVS/src/contrib/amd/amd/amq_subr.c,v
+    retrieving revision 1.3
+    retrieving revision 1.4
+    diff -u -r1.3 -r1.4
+    --- amq_subr.c	1999/01/13 20:03:54	1.3
+    +++ amq_subr.c	1999/09/07 23:07:03	1.4
+    @@ -204,11 +204,24 @@
+     int *
+     amqproc_mount_1_svc(voidp argp, struct svc_req *rqstp)
+     {
+    -  static int rc;
+    -  char *s = *(amq_string *) argp;
+    +  static int rc = EINVAL;
+    +  char s[AMQ_STRLEN];
+       char *cp;
+    +  char dq[20];
+    +  struct sockaddr_in *sin;
+    +
+    +  if ((sin = amu_svc_getcaller(rqstp->rq_xprt)) == NULL) {
+    +    plog(XLOG_ERROR, "amu_svc_getcaller returned NULL");
+    +    return &rc;
+    +  }
+    +
+    +  strncpy(s, *(amq_string *) argp, AMQ_STRLEN-1);
+    +  s[AMQ_STRLEN-1] = '\0';	/* null terminate, to be sure */
+    +  plog(XLOG_ERROR,
+    +       "amq requested mount of %s from %s.%d",
+    +       s, inet_dquad(dq, sin->sin_addr.s_addr),
+    +       ntohs(sin->sin_port));
+
+    -  plog(XLOG_INFO, "amq requested mount of %s", s);
+       /*
+	* Minimalist security check.
+	*/
+
+
+=============================================================================
+FreeBSD, Inc.
+
+Web Site:                       http://www.freebsd.org/
+Confidential contacts:          security-officer@freebsd.org
+Security notifications:         security-notifications@freebsd.org
+Security public discussion:     freebsd-security@freebsd.org
+PGP Key:                ftp://ftp.freebsd.org/pub/FreeBSD/CERT/public_key.asc
+
+Notice: Any patches in this document may not apply cleanly due to
+        modifications caused by digital signature or mailer software.
+        Please reference the URL listed at the top of this document
+        for original copies of all patches if necessary.
+=============================================================================
+
+-----BEGIN PGP SIGNATURE-----
+Version: 2.6.3ia
+Charset: noconv
+Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
+
+iQCVAwUBN+aDyFUuHi5z0oilAQHyLQP/fohJFzI6h9g8ApbdjQJNu+sunEd7cehd
+IWuvFWuiTzRRqfj7tc9+Y7FEleFKv66WM98k9zBHzU8ZVzCQ5jlf1CcM1DegEqKc
+i8j71gpoKFQyrxsW3AdR2UESnUxYw8bDvimuVHyCVSvjrpvZ+5b5wXMqbvDNMo5I
+UgTaLUhzQEg=
+=0ohw
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SN-02:01.asc b/share/security/advisories/FreeBSD-SN-02:01.asc
new file mode 100644
index 0000000000..f56ecf192f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SN-02:01.asc
@@ -0,0 +1,157 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SN-02:01                                              Security Notice
+                                                                FreeBSD, Inc.
+
+Topic:          security issues in ports
+Announced:      2002-03-30
+
+I.   Introduction
+
+Several ports in the FreeBSD Ports Collection are affected by security
+issues.  These are listed below with references and affected versions.
+All versions given refer to the FreeBSD port/package version numbers.
+
+These ports are not installed by default, nor are they ``part of
+FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
+third-party applications in a ready-to-install format.  FreeBSD makes
+no claim about the security of these third-party applications.  See
+<URL:http://www.freebsd.org/ports/> for more information about the
+FreeBSD Ports Collection.
+
+II.  Ports
+
++------------------------------------------------------------------------+
+Port name:      acroread, acroread-chsfont, acroread-chtfont,
+                  acroread-commfont, acroread4, linux-mozilla,
+                  linux-netscape6, linux_base, linux_base-7
+Affected:       versions < linux_base-6.1_1 (linux_base port)
+                versions < linux_base-7.1_2 (linux_base-7 port)
+                versions < linux_mozilla-0.9.9_1
+                all versions of all acroread ports
+                all versions of linux-netscape6
+Status:         Fixed: linux_base, linux_base-7, linux-mozilla.
+                Not fixed: acroread, acroread-chsfont, acroread-chtfont,
+                  acroread-commfont, acroread4, linux-netscape6.
+These Linux binaries utilize versions of zlib which may contain an
+exploitable double-free bug.
+<URL:http://www.redhat.com/support/errata/RHSA-2002-026.html>
+<URL:http://www.mozilla.org/releases/mozilla0.9.9/>
+<URL:http://www.redhat.com/support/errata/RHSA-2002-027.html>
+<URL:http://www.gzip.org/zlib/advisory-2002-03-11.txt>
+<URL:http://online.securityfocus.com/archive/1/261205>
+<URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:18.zlib.asc>
++------------------------------------------------------------------------+
+Port name:      apache13-ssl, apache13-modssl
+Affected:       all versions of apache+ssl
+                versions < apache+mod_ssl-1.3.24+2.8.8
+Status:         Fixed: apache13-modssl.
+		Not fixed: apache13-ssl.
+Buffer overflows in SSL session cache handling.
+<URL:http://www.apache-ssl.org/advisory-20020301.txt>
+<URL:http://archives.neohapsis.com/archives/bugtraq/2002-02/0313.html>
++------------------------------------------------------------------------+
+Port name:      bulk_mailer
+Affected:       all versions
+Status:         Not yet fixed.
+Buffer overflows, temporary file race.
+<URL:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=112007>
++------------------------------------------------------------------------+
+Port name:      cups, cups-base, cups-lpr
+Affected:       versions < cups-1.1.14
+                versions < cups-base-1.1.14
+                versions < cups-lpr-1.1.14
+Status:         Fixed.
+Buffer overflows in IPP code.
+<URL:http://www.cups.org/news.php?V66>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0063>
++------------------------------------------------------------------------+
+Port name:      fileutils
+Affected:       all versions
+Status:         Not yet fixed.
+Race condition in directory removal.
+<URL:http://online.securityfocus.com/bind/4266>
++------------------------------------------------------------------------+
+Port name:      imlib
+Affected:       versions < imlib-1.9.13
+Status:         Fixed.
+Heap corruption in image handling.
+<URL:http://online.securityfocus.com/bid/4336>
++------------------------------------------------------------------------+
+Port name:      listar, ecartis
+Affected:       versions < ecartis-1.0.0b
+                all versions of listar
+Status:         Fixed: ecartis.
+                Not fixed: listar.
+Local and remote buffer overflows, incorrect privilege handling.
+<URL:http://online.securityfocus.com/bid/4176>
+<URL:http://online.securityfocus.com/bid/4277>
+<URL:http://online.securityfocus.com/bid/4271>
++------------------------------------------------------------------------+
+Port name:      mod_php3, mod_php4
+Affected:       versions < mod_php3-3.0.18_3
+                versions < mod_php4-4.1.2
+Status:         Fixed.
+Vulnerabilities in file upload handling.
+<URL:http://security.e-matters.de/advisories/012002.html>
++------------------------------------------------------------------------+
+Port name:      ntop
+Affected:       all versions
+Status:         Not yet fixed.
+Remote format string vulnerability.
+<URL:http://packetstormsecurity.nl/advisories/misc/H20020304.txt>
+<URL:http://online.securityfoucs.com/bid/4225>
++------------------------------------------------------------------------+
+Port name:      rsync
+Affected:       versions < rsync-2.5.4
+Status:         Fixed.
+Incorrect group privilege handling, zlib double-free bug.
+<URL:http://online.securityfocus.com/bid/4285>
+<URL:http://www.rsync.org/>
++------------------------------------------------------------------------+
+Port name:      xchat, xchat-devel
+Affected:       all versions
+Status:         Not yet fixed.
+Malicious server may cause xchat to execute arbitrary commands.
+<URL:http://online.securityfocus.com/archive/1/264380>
++------------------------------------------------------------------------+
+
+III. Upgrading Ports/Packages
+
+Do one of the following:
+
+1) Upgrade your Ports Collection and rebuild and reinstall the port.
+Several tools are available in the Ports Collection to make this
+easier.  See:
+  /usr/ports/devel/portcheckout
+  /usr/ports/misc/porteasy
+  /usr/ports/sysutils/portupgrade
+
+2) Deinstall the old package and install a new package obtained from
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
+
+Packages are not automatically generated for other architectures at
+this time.
+
+
++------------------------------------------------------------------------+
+FreeBSD Security Notices are communications from the Security Officer
+intended to inform the user community about potential security issues,
+such as bugs in the third-party applications found in the Ports
+Collection, which will not be addressed in a FreeBSD Security
+Advisory.
+
+Feedback on Security Notices is welcome at <security-officer@FreeBSD.org>.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPK28lVUuHi5z0oilAQGUuQP/aBo4NQLKF4qiFxvy6+Z0FyMGChECbZYr
+3TR2OLdPks0xuoIgbpPAstrTeFbCRe7m59zCibdbRCpUd167QAUEF72nICmcQmYa
++ZEFGUHcMxNg09LUd7MxDg1LbczBX7L1SFKFaZOCGuzPa6SrsbvPFbXO7hUu+nSI
+nH5M1Y1F9rk=
+=hHhx
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SN-02:02.asc b/share/security/advisories/FreeBSD-SN-02:02.asc
new file mode 100644
index 0000000000..57c2a2efee
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SN-02:02.asc
@@ -0,0 +1,182 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SN-02:02                                              Security Notice
+                                                          The FreeBSD Project
+
+Topic:          security issues in ports
+Announced:      2002-05-13
+
+I.   Introduction
+
+Several ports in the FreeBSD Ports Collection are affected by security
+issues.  These are listed below with references and affected versions.
+All versions given refer to the FreeBSD port/package version numbers.
+The listed vulnerabilities are not specific to FreeBSD unless
+otherwise noted.
+
+These ports are not installed by default, nor are they ``part of
+FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
+third-party applications in a ready-to-install format.  FreeBSD makes
+no claim about the security of these third-party applications.  See
+<URL:http://www.freebsd.org/ports/> for more information about the
+FreeBSD Ports Collection.
+
+II.  Ports
+
++------------------------------------------------------------------------+
+Port name:      analog
+Affected:       versions < analog-5.22
+Status:         Fixed
+Cross-site scripting attack.
+<URL:http://www.analog.cx/security4.html>
++------------------------------------------------------------------------+
+Port name:      ascend-radius, freeradius-devel, icradius, radius-basic,
+                  radiusclient, radiusd-cistron, xtradius
+Affected:       versions < radiusd-cistron-1.6.6
+                all versions of ascend-radius, freeradius-devel, icradius,
+                  radius-basic, radiusclient
+Status:         Fixed: radiusd-cistron
+                Not fixed: all others
+Digest Calculation buffer overflow and/or insufficient validation of
+attribute lengths.
+<URL:http://www.security.nnov.ru/advisories>
++------------------------------------------------------------------------+
+Port name:      dnews
+Affected:       versions < dnews-5.5h2
+Status:         Fixed
+``Security fault.''
+<URL:http://netwinsite.com/cgi/dnewsweb.cgi?cmd=article&group=netwin.dnews&item=7223&utag=>
++------------------------------------------------------------------------+
+Port name:      ethereal
+Affected:       versions < ethereal-0.9.3
+Status:         Fixed
+SNMP vulnerability: malformed SNMP packets may cause ethereal to crash.
+<URL:http://www.ethereal.com/appnotes/enpa-sa-00003.html>
++------------------------------------------------------------------------+
+Port name:      icecast
+Affected:       versions < icecast-1.3.12
+Status:         Fixed
+Directory traversal vulnerability.
+Remote attackers may cause a denial of service via a URL that ends in
+. (dot), / (forward slash), or \ (backward slash).
+Buffer overflows may allow remote attackers to execute arbitrary code or
+cause a denial of service.
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0784>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1083>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1229>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1230>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0177>
++------------------------------------------------------------------------+
+Port name:      isc-dhcp3
+Affected:       versions < dhcp-3.0.1.r8_1
+Status:         Fixed
+Format string vulnerability when logging DNS-update request transactions.
+<URL:http://www.cert.org/advisories/CA-2002-12.html>
+<URL:http://www.ngsec.com/docs/advisories/NGSEC-2002-2.txt>
++------------------------------------------------------------------------+
+Port name:      jdk, jdk12-beta
+Affected:       all versions
+Status:         Not fixed
+``A vulnerability in the Java(TM) Runtime Environment may allow an
+untrusted applet to monitor requests to and responses from an HTTP
+proxy server when a persistent connection is used between a client and
+an HTTP proxy server.''
+<URL:http://sunsolve.sun.com/security> (Bulletin 216)
++------------------------------------------------------------------------+
+Port name:      linux-mozilla, mozilla
+Affected:       versions < linux-mozilla-0.9.9.2002050810
+                versions < mozilla-1.0.rc1_3,1
+Status:         Fixed
+Buffer overflow in Chatzilla.  XMLHttpRequest allows reading of local
+files.
+<URL:http://online.securityfocus.com/archive/1/270807>
++------------------------------------------------------------------------+
+Port name:      mod_python
+Affected:       versions < mod_python-2.7.8
+Status:         Fixed
+A publisher may access an indirectly imported module allowing a remote
+attacker to call functions from that module.
+<URL:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html>
++------------------------------------------------------------------------+
+Port name:      ntop
+Affected:       all versions
+Status:         Not fixed
+``Preauthentication Remote Root Hole in NTOP''
+<URL:http://online.securityfocus.com/archive/1/267053>
+<URL:http://online.securityfocus.com/archive/1/267180>
++------------------------------------------------------------------------+
+Port name:      p5-SOAP-Lite
+Affected:       versions < p5-SOAP-Lite-0.55
+Status:         Fixed
+Client may call any procedure on server.
+<URL:http://use.perl.org/articles/02/04/09/000212.shtml?tid=5>
+<URL:http://www.phrack.com/show.php?p=58&a=9>
+<URL:http://www.soaplite.com/>
++------------------------------------------------------------------------+
+Port name:      puf
+Affected:       versions < puf-0.93.1
+Status:         Fixed
+Format string vulnerability in error output.
+<URL:http://puf.sourceforge.net/ChangeLog>
++------------------------------------------------------------------------+
+Port name:      sudo
+Affected:       versions < sudo-1.6.6
+Status:         Fixed
+Heap overflow may allow local users to gain root access.
+<URL:http://www.globalintersec.com/adv/sudo-2002041701.txt>
++------------------------------------------------------------------------+
+Port name:      webalizer
+Affected:       versions < webalizer-2.1.10
+Status:         Fixed
+Buffer overflow in the DNS resolver code.
+<URL:http://www.mrunix.net/webalizer/news.html>
+<URL:http://online.securityfocus.com/archive/1/267551>
+<URL:http://online.securityfocus.com/bid/4504>
++------------------------------------------------------------------------+
+Port name:      xpilot
+Affected:       versions < xpilot-4.5.2
+Status:         Fixed
+Stack buffer overflow in server.
+<URL:http://www.debian.org/security/2002/dsa-127>
++------------------------------------------------------------------------+
+
+III. Upgrading Ports/Packages
+
+To upgrade a fixed port/packages, perform one of the following:
+
+1) Upgrade your Ports Collection and rebuild and reinstall the port.
+Several tools are available in the Ports Collection to make this
+easier.  See:
+  /usr/ports/devel/portcheckout
+  /usr/ports/misc/porteasy
+  /usr/ports/sysutils/portupgrade
+
+2) Deinstall the old package and install a new package obtained from
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
+
+Packages are not automatically generated for other architectures at
+this time.
+
+
++------------------------------------------------------------------------+
+FreeBSD Security Notices are communications from the Security Officer
+intended to inform the user community about potential security issues,
+such as bugs in the third-party applications found in the Ports
+Collection, which will not be addressed in a FreeBSD Security
+Advisory.
+
+Feedback on Security Notices is welcome at <security-officer@FreeBSD.org>.
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBPN/CwlUuHi5z0oilAQERywP/dSqt97FPlLlDJE7tYpA5625FSjqbrWod
+KsoKIBHM2ZIHAjnhAyF82tUT4ivMvJwepk1NE+W9YX77K7n5LHkfqY4kzCaVZJrY
+gkaR63Dw+M5gqJ5FjO0RkSDxsltsKjSa6ZzKxWdAeRwDPbE7CwsjTI2AoS/kzaLw
+ex+PhdbYjbc=
+=fK1t
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SN-02:03.asc b/share/security/advisories/FreeBSD-SN-02:03.asc
new file mode 100644
index 0000000000..e4f5e0ab59
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SN-02:03.asc
@@ -0,0 +1,146 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SN-02:03                                              Security Notice
+                                                          The FreeBSD Project
+
+Topic:          security issues in ports
+Announced:      2002-05-28
+
+I.   Introduction
+
+Several ports in the FreeBSD Ports Collection are affected by security
+issues.  These are listed below with references and affected versions.
+All versions given refer to the FreeBSD port/package version numbers.
+The listed vulnerabilities are not specific to FreeBSD unless
+otherwise noted.
+
+These ports are not installed by default, nor are they ``part of
+FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
+third-party applications in a ready-to-install format.  FreeBSD makes
+no claim about the security of these third-party applications.  See
+<URL:http://www.freebsd.org/ports/> for more information about the
+FreeBSD Ports Collection.
+
+II.  Ports
+
++------------------------------------------------------------------------+
+Port name:      amanda
+Affected:       versions <= amanda-2.3.0.4
+Status:         Port removed
+Obsolete versions of Amanda contain multiple buffer overflows.
+<URL:http://online.securityfocus.com/archive/1/274215>
++------------------------------------------------------------------------+
+Port name:      fetchmail
+Affected:       versions < fetchmail-5.9.11
+Status:         Fixed
+<URL:http://tuxedo.org/~esr/fetchmail/NEWS>
+<URL:http://rhn.redhat.com/errata/RHSA-2002-047.html>
++------------------------------------------------------------------------+
+Port name:      gaim
+Affected:       versions < gaim-0.58
+Status:         Fixed
+World-readable temp files allow access to gaim users' hotmail
+accounts.
+<URL:http://online.securityfocus.com/archive/1/272180>
++------------------------------------------------------------------------+
+Port name:      gnokii
+Affected:       versions < gnokii-0.4.0.p20,1
+Status:         Fixed
+Write access to any file in the filesystem.
+<URL:http://www.gnokii.org/news.shtml>
++------------------------------------------------------------------------+
+Port name:      horde
+Affected:       versions < horde-1.2.8
+Status:         Fixed
+Cross-site scripting attacks.
++------------------------------------------------------------------------+
+Port name:      imap-uw
+Affected:       all versions
+Status:         Not fixed
+Only when compiled with RFC 1730 support (make -DWITH_RFC1730):
+Remote buffer overflow yielding non-privileged shell access.
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0379>
+<URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102107222100529&w=2>
++------------------------------------------------------------------------+
+Port name:      imp
+Affected:       versions < imp-2.2.8
+Status:         Fixed
+Cross-site scripting attacks.
++------------------------------------------------------------------------+
+Port name:      linux-netscape6
+Affected:       versions < 6.2.3
+Status:         Fixed
+XMLHttpRequest allows reading of local files.
+<URL:http://online.securityfocus.com/archive/1/270807>
++------------------------------------------------------------------------+
+Port name:      mnogosearch
+Affected:       versions < mnogosearch-3.1.19_2
+Status:         Fixed
+Long query can be abused to execute code with webserver privileges.
+<URL:http://online.securityfocus.com/archive/1/272025>
++------------------------------------------------------------------------+
+Port name:      mpg321
+Affected:       versions < mpg321-0.2.9
+Status:         Fixed
+Buffer overflow may allow remote attackers to execute arbitrary code via
+streaming data.
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0272>
++------------------------------------------------------------------------+
+Port name:      ssh2
+Affected:       all versions
+Status:         Not fixed
+Password authentication may be used even if password authentication
+is disabled.
+<URL:http://www.ssh.com/products/ssh/advisories/authentication.cfm>
++------------------------------------------------------------------------+
+Port name:      tinyproxy
+Affected:       versions < tinyproxy-1.5.0
+Status:         Fixed
+Invalid query could allow execution of arbitrary code.
+<URL:http://tinyproxy.sourceforge.net/NEWS>
++------------------------------------------------------------------------+
+Port name:      webmin
+Affected:       versions < webmin-0.970
+Status:         Fixed
+Remote attacker can login to Webmin as any user.
+<URL:http://www.webmin.com/webmin/changes.html>
++------------------------------------------------------------------------+
+
+III. Upgrading Ports/Packages
+
+To upgrade a fixed port/package, perform one of the following:
+
+1) Upgrade your Ports Collection and rebuild and reinstall the port.
+Several tools are available in the Ports Collection to make this
+easier.  See:
+  /usr/ports/devel/portcheckout
+  /usr/ports/misc/porteasy
+  /usr/ports/sysutils/portupgrade
+
+2) Deinstall the old package and install a new package obtained from
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
+
+Packages are not automatically generated for other architectures at
+this time.
+
+
++------------------------------------------------------------------------+
+FreeBSD Security Notices are communications from the Security Officer
+intended to inform the user community about potential security issues,
+such as bugs in the third-party applications found in the Ports
+Collection, which will not be addressed in a FreeBSD Security
+Advisory.
+
+Feedback on Security Notices is welcome at <security-officer@FreeBSD.org>.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPPPEdFUuHi5z0oilAQFW8wP8CXG3dQyI5VPLp0m6frS4BtNtlkjOpq87
+R/8FrDizVNGQ88+NzdPPPYWh8joAPGJZSXrWrSWKSge2dqEDK4CTpJ5BFzpQsxUZ
+kexaZ43DRxrUMQN1AWDyarE+/y8uCk3BnJTWhNLOf2HeOYNekOn/BHQ53ucpoaKs
+QQEX171+Jnk=
+=Z1i5
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SN-02:04.asc b/share/security/advisories/FreeBSD-SN-02:04.asc
new file mode 100644
index 0000000000..ee0212fc3f
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SN-02:04.asc
@@ -0,0 +1,166 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SN-02:04                                              Security Notice
+                                                          The FreeBSD Project
+
+Topic:          security issues in ports
+Announced:      2002-06-19
+
+I.   Introduction
+
+Several ports in the FreeBSD Ports Collection are affected by security
+issues.  These are listed below with references and affected versions.
+All versions given refer to the FreeBSD port/package version numbers.
+The listed vulnerabilities are not specific to FreeBSD unless
+otherwise noted.
+
+These ports are not installed by default, nor are they ``part of
+FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
+third-party applications in a ready-to-install format.  FreeBSD makes
+no claim about the security of these third-party applications.  See
+<URL:http://www.freebsd.org/ports/> for more information about the
+FreeBSD Ports Collection.
+
+II.  Ports
+
++------------------------------------------------------------------------+
+Port name:      apache13, apache13-modssl, apache13-ssl,
+                apache13+ipv6, apache13-fp, apache2
+Affected:       versions < apache-2.0.39 (apache2)
+                versions < apache-1.3.26 (apache13)
+		versions < apache+mod_ssl-1.3.26+2.8.9 (apache13-modssl)
+                All versions (others)
+Status:         Fixed (apache2, apache13, apache13-modssl)
+                Not fixed (others)
+Denial-of-service involving chunked encoding.
+<URL:http://httpd.apache.org/info/security_bulletin_20020617.txt>
+<URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20502>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0392>
++------------------------------------------------------------------------+
+Port name:      bind9
+Affected:       versions < bind9-9.2.1
+Status:         Fixed
+Denial-of-service vulnerability in named.
+<URL:http://www.cert.org/advisories/CA-2002-15.html>
++------------------------------------------------------------------------+
+Port name:      courier-imap
+Affected:       versions < courier-imap-1.4.3_1
+Status:         Fixed
+Remote denial-of-service attack (CPU utilization).
+<URL:http://www.security.nnov.ru/advisories/courier.asp>
++------------------------------------------------------------------------+
+Port name:      ethereal
+Affected:       versions < ethereal-0.9.4
+Status:         Fixed
+Buffer overflows in SMB, X11, DNS, and GIOP dissectors.
+<URL:http://www.ethereal.com/appnotes/enpa-sa-00004.html>
++------------------------------------------------------------------------+
+Port name:      fakebo
+Affected:       versions < fakebo-0.4.1_1
+Status:         Fixed
+Format string vulnerability.
+<URL:http://cvsweb.freebsd.org/ports/security/fakebo/files/patch-aa>
+<URL:http://cvsweb.freebsd.org/ports/security/fakebo/files/patch-ab>
++------------------------------------------------------------------------+
+Port name:      fragroute
+Affected:       versions < fragroute-1.2_1
+Status:         Fixed
+The distribution file with MD5 checksum 65edbfc51f8070517f14ceeb8f721075
+was trojaned.
+<URL:http://online.securityfocus.com/archive/1/274892>
++------------------------------------------------------------------------+
+Port name:      ghostscript-gnu
+Affected:       versions < ghostscript-6.53
+Status:         Fixed
+A PostScript file can cause arbitrary commands to be executed as
+the user running ghostscript.
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0363>
++------------------------------------------------------------------------+
+Port name:      icmpmonitor
+Affected:       versions < icmpmonitor-1.11_1
+Status:         Fixed
+Format string vulnerability (syslog).
+<URL:http://cvsweb.freebsd.org/ports/net/icmpmonitor/files/patch-aa>
++------------------------------------------------------------------------+
+Port name:      imap-uw
+Affected:       All versions
+Status:         Not fixed
+Locally exploitable stack buffer overflow when compiled with
+WITH_RFC1730 (which is not the default).
+<URL:http://online.securityfocus.com/archive/1/271958>
+<URL:http://online.securityfocus.com/archive/1/272030>
++------------------------------------------------------------------------+
+Port name:      mnews
+Affected:       All versions
+Status:         Not fixed
+Remotely exploitable buffer overflows.
+<URL:http://online.securityfocus.com/archive/1/275012>
+<URL:http://online.securityfocus.com/archive/1/275125>
++------------------------------------------------------------------------+
+Port name:      nn
+Affected:       versions < nn-6.6.2_1
+Status:         Fixed
+Remotely exploitable format string vulnerability.
+Reproduce using netcat:
+  perl -e 'printf("100 %s\n", "%x" x 800);' | nc -l -p 119
+  env NNTPSERVER="localhost" nn
++------------------------------------------------------------------------+
+Port name:      sharity-light
+Affected:       versions < sharity-light-1.2_1
+Status:         Fixed
+Stack buffer overflow when copying the username and password from the
+environment (variables USER, LOGNAME, and PASSWD).  Reported by
+Niels Heinen <niels.heinen@ubizen.com>.
++------------------------------------------------------------------------+
+Port name:      slurp
+Affected:       versions < slurp-1.10_1
+Status:         Fixed
+Remotely exploitable format string vulnerability.
+<URL:http://online.securityfocus.com/archive/1/275397>
++------------------------------------------------------------------------+
+Port name:      xchat
+Affected:       versions < xchat-1.8.9
+Status:         Fixed
+An IRC server may execute arbitrary commands with the privileges
+of the user running xchat.
+<URL:http://online.securityfocus.com/bid/4376>
++------------------------------------------------------------------------+
+
+III. Upgrading Ports/Packages
+
+To upgrade a fixed port/package, perform one of the following:
+
+1) Upgrade your Ports Collection and rebuild and reinstall the port.
+Several tools are available in the Ports Collection to make this
+easier.  See:
+  /usr/ports/devel/portcheckout
+  /usr/ports/misc/porteasy
+  /usr/ports/sysutils/portupgrade
+
+2) Deinstall the old package and install a new package obtained from
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
+
+Packages are not automatically generated for other architectures at
+this time.
+
+
++------------------------------------------------------------------------+
+FreeBSD Security Notices are communications from the Security Officer
+intended to inform the user community about potential security issues,
+such as bugs in the third-party applications found in the Ports
+Collection, which will not be addressed in a FreeBSD Security
+Advisory.
+
+Feedback on Security Notices is welcome at <security-officer@FreeBSD.org>.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPRD6MlUuHi5z0oilAQFmSwP9Hs95CGjDL8PF95Z9bAxana0X9JTUYvaN
+qxPWiovTzED5Ityt46TySpoOcwdQkzO0ugu3/Q7zCppEDdIjXBUxARv8qvnLG7Oz
+f5SPItOW//5P7hmq6c9XGQrfq4XLYnv61JbgK9Cm0tGU8iVhOwm+ztpZS2FG5x+3
+F4W/AphEyi8=
+=W9sm
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SN-02:05.asc b/share/security/advisories/FreeBSD-SN-02:05.asc
new file mode 100644
index 0000000000..e8e3fd597a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SN-02:05.asc
@@ -0,0 +1,271 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SN-02:05                                              Security Notice
+                                                          The FreeBSD Project
+
+Topic:          security issues in ports
+Announced:      2002-08-28
+
+I.   Introduction
+
+Several ports in the FreeBSD Ports Collection are affected by security
+issues.  These are listed below with references and affected versions.
+All versions given refer to the FreeBSD port/package version numbers.
+The listed vulnerabilities are not specific to FreeBSD unless
+otherwise noted.
+
+These ports are not installed by default, nor are they ``part of
+FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
+third-party applications in a ready-to-install format.  FreeBSD makes
+no claim about the security of these third-party applications.  See
+<URL:http://www.freebsd.org/ports/> for more information about the
+FreeBSD Ports Collection.
+
+II.  Ports
+
++------------------------------------------------------------------------+
+Port name:      acroread5
+Affected:       versions < acroread-5.06
+Status:         Fixed
+Insecure temporary file handling.  The acrobatviewer, acroread4,
+ghostscript, gv, mgv and xpdf ports can also display PDF files.
+<URL:http://online.securityfocus.com/archive/1/278984>
+<URL:http://online.securityfocus.com/archive/1/284263>
++------------------------------------------------------------------------+
+Port name:      aide
+Affected:       versions < aide-0.7_1
+Status:         Fixed
+The default aide.conf silently fails to check subdirectories, even
+though it appears to be configured to do so.
++------------------------------------------------------------------------+
+Port name:      apache+mod_ssl
+Affected:       versions < 1.3.26+2.8.10
+Status:         Fixed
+A child process of the Apache server can crash if it receives a
+request for the contents of a directory in which a maliciously
+constructed .htaccess file has been placed.  In the default
+configuration, another child will be spawned, and the crash will
+be logged.  Therefore the bug should be insignificant for most
+users.
+<URL:http://marc.theaimsgroup.com/?l=vuln-dev&m=102477330617604&w=2>
++------------------------------------------------------------------------+
+Port name:      bugzilla
+Affected:       versions < bugzilla-2.14.2
+Status:         Fixed
+"Various security issues of varying importance."
+<URL:http://online.securityfocus.com/archive/1/276031>
++------------------------------------------------------------------------+
+Port name:      Canna
+Affected:       versions < ja-Canna-3.5b2_3
+Status:         Fixed
+A remotely exploitable buffer overflow exists in the cannaserver
+daemon.  Although previously corrected, the patch containing the
+correction was inadvertently removed from the port skeleton.
+<URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A31.canna.asc.v1.1>
+<URL:http://www.shadowpenguin.org/sc_advisories/advisory038.html>
+<URL:http://online.securityfocus.com/bid/1445/info/>
++------------------------------------------------------------------------+
+Port name:      ethereal
+Affected:       versions < ethereal-0.9.6
+Status:         Fixed
+Buffer overflows in BGP, IS-IS, and WCP dissectors.
+<URL:http://www.ethereal.com/appnotes/enpa-sa-00005.html>
+<URL:http://www.ethereal.com/appnotes/enpa-sa-00006.html>
++------------------------------------------------------------------------+
+Port name:      fam
+Affected:       versions < fam-2.6.8
+Status:         Fixed
+"Unprivileged users can potentially learn names of files that only
+users in root's group should be able to view."
+<URL:ftp://oss.sgi.com/projects/fam/download/ChangeLog>
+<URL:http://www.debian.org/security/2002/dsa-154>
++------------------------------------------------------------------------+
+Port name:      isakmpd
+Affected:       versions < isakmpd-20020403_1
+Status:         Fixed
+``Receiving IKE payloads out of sequence can cause isakmpd(8) to
+crash.''
+<URL:http://www.openbsd.org/errata.html#isakmpd>
+<URL:http://www.kb.cert.org/vuls/id/287771>
++------------------------------------------------------------------------+
+Port name:      irssi
+Affected:       versions < irssi-0.8.5
+Status:         Fixed
+Maliciously long topic can crash program remotely.
+<URL:http://online.securityfocus.com/bid/5055>
++------------------------------------------------------------------------+
+Port name:      kdelibs2 and kdelibs3
+Affected:       versions < kdelibs2-2.2.2_1
+                versions < kdelibs3-3.0.2_4
+Status:         Fixed
+A man-in-the-middle attack is possible against Konqueror and other
+KDE applications which use SSL.
+<URL:http://www.kde.org/info/security/advisory-20020818-1.txt>
++------------------------------------------------------------------------+
+Port name:      krb5
+Affected:       versions < krb5-1.2.5_2
+Status:         Fixed
+Contains an overflow in Sun RPC XDR decoder.
+<URL:http://online.securityfocus.com/archive/1/285308>
+<URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823>
+<URL:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-001-xdr.txt>
++------------------------------------------------------------------------+
+Port name:      linux-netscape6, netscape7, linux-mozilla, and mozilla
+Affected:       versions < mozilla-1.0_1,1 (mozilla)
+                versions < linux-mozilla-1.1 (linux-mozilla)
+                All versions (others)
+Status:         Fixed (linux-mozilla and mozilla)
+                Not fixed (others)
+Malicious Web pages or files can cause loss of X session.
+When the X server receives a request to display an enormously large
+scalable font, the server exits abruptly, killing all its clients.
+This has been confirmed only with XFree86 4.2.0, but there is
+evidence that XFree86 3.3.6, the X font server, and Xvnc behave the
+same way.  Unpatched Netscape (major version 6 or 7) and Mozilla
+browsers do not limit the size of fonts which Web pages or files
+can specify, thus triggering the bug.
+Scalable fonts may be disabled as a workaround.
+<URL:http://bugzilla.mozilla.org/show_bug.cgi?id=150339>
++------------------------------------------------------------------------+
+Port name:      mm
+Affected:       versions < mm-1.2.0
+Status:         Fixed
+May allow the local Apache user to gain privileges via temporary files.
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0658>
++------------------------------------------------------------------------+
+Port name:      mpack
+Affected:       versions < mpack-1.5_2
+Status:         Fixed
+Buffer overflow which might be triggered when mpack is used to process
+data from a remote source (email, news, and so on).
+<URL:http://www.linuxsecurity.com/advisories/debian_advisory-2241.html>
++------------------------------------------------------------------------+
+Port name:      mozilla, linux-mozilla
+Affected:       versions < mozilla-1.0.rc1_2,1 (mozilla)
+                versions < linux-mozilla-1.0_1 (linux-mozilla)
+Status:         Not fixed
+An overflow exists in the Chatzilla IRC client.  It can cause Mozilla
+to crash even if the demonstration page does not cause the crash.
+According to Robert Ginda, the bug does not allow execution of
+malicious code.
+<URL:http://jscript.dk/2002/4/moz1rc1tests/ircbufferoverrun.html>
+<URL:http://bugzilla.mozilla.org/show_bug.cgi?id=163588>
+<URL:http://bugzilla.mozilla.org/show_bug.cgi?id=94448>
++------------------------------------------------------------------------+
+Port name:      newsx
+Affected:       versions < newsx-1.4.8
+Status:         Fixed
+Format string bug reported by Niels Heinen <niels.heinen@ubizen.com>.
++------------------------------------------------------------------------+
+Port name:      openssh, openssh-portable
+Affected:       versions < openssh-3.4 (openssh)
+                versions < openssh-3.4p1 (openssh-portable)
+Status:         Fixed
+Buffer overflow can lead to denial of service or root compromise.
+<URL:http://www.openssh.com/txt/preauth.adv>
++------------------------------------------------------------------------+
+Port name:      php
+Affected:       versions mod_php4-4.2.0 and mod_php4-4.2.1
+                versions php4-4.2.0 and php4-4.2.1
+Status:         Fixed
+On i386 architecture, may be remotely crashed; on other architectures,
+may allow execution of arbitrary code with the privileges of the
+Web server by anyone who can send HTTP POST requests.
+<http://security.e-matters.de/advisories/022002.html>
+<http://www.php.net/release_4_2_2.php>
++------------------------------------------------------------------------+
+Port name:      linux-png and png
+Affected:       versions < linux-png-1.0.14
+                versions < png-1.2.4
+Status:         Fixed
+Malformed images (for example, in Web pages) can cause applications
+to crash.  Execution of malicious code may be possible.
+<URL:ftp://swrinde.nde.swri.edu/pub/png-group/archives/png-list.200207>
+<URL:http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=98528>
+<URL:http://rhn.redhat.com/errata/RHSA-2002-151.html>
+<URL:http://rhn.redhat.com/errata/RHSA-2002-152.html>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0660>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0728>
++------------------------------------------------------------------------+
+Port name:      postgresql7
+Affected:       versions < postgresql7-7.2.2
+Status:         Fixed
+Multiple buffer overruns may allow execution of malicious code.
+Remote attack is possible only when the server is configured to
+accept TCP/IP connections, which is not the default.
+<URL:http://www3.us.postgresql.org/news.html>
+<URL:http://online.securityfocus.com/archive/1/288998/2002-08-23/2002-08-29/0>
+<URL:http://online.securityfocus.com/archive/1/288334/2002-08-16/2002-08-22/0>
+<URL:http://online.securityfocus.com/archive/1/288305/2002-08-16/2002-08-22/0>
++------------------------------------------------------------------------+
+Port name:      samba
+Affected:       versions < samba-2.2.5
+Status:         Fixed
+Possible buffer overflow.
+<URL:http://lists.samba.org/pipermail/samba-technical/2002-June/037400.html>
++------------------------------------------------------------------------+
+Port name:      squid24
+Affected:       versions < squid-2.4_10
+Status:         Fixed
+Buffer overflows may allow remote execution of code.
+<URL:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt>
++------------------------------------------------------------------------+
+Port name:      super
+Affected:       versions < super-3.20.0
+Status:         Fixed
+Local root exploit.
+<URL:http://online.securityfocus.com/archive/1/285241>
++------------------------------------------------------------------------+
+Port name:      webmin
+Affected:       versions < webmin-0.990_3
+Status:         Fixed
+"If a webmin user is able to view print jobs, he can execute any
+command as root."
+<URL:http://www.webmin.com/updates.html>
++------------------------------------------------------------------------+
+Port name:      zmailer
+Affected:       versions < zmailer-2.99.51_1
+Status:         Fixed
+When using IPv6, a remote buffer overflow during the processing of
+the HELO command is possible.
+Reported by 3APA3A <3APA3A@SECURITY.NNOV.RU>.
++------------------------------------------------------------------------+
+
+III. Upgrading Ports/Packages
+
+To upgrade a fixed port/package, perform one of the following:
+
+1) Upgrade your Ports Collection and rebuild and reinstall the port.
+Several tools are available in the Ports Collection to make this
+easier.  See:
+  /usr/ports/devel/portcheckout
+  /usr/ports/misc/porteasy
+  /usr/ports/sysutils/portupgrade
+
+2) Deinstall the old package and install a new package obtained from
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
+
+Packages are not automatically generated for other architectures at
+this time.
+
+
++------------------------------------------------------------------------+
+FreeBSD Security Notices are communications from the Security Officer
+intended to inform the user community about potential security issues,
+such as bugs in the third-party applications found in the Ports
+Collection, which will not be addressed in a FreeBSD Security
+Advisory.
+
+Feedback on Security Notices is welcome at <security-officer@FreeBSD.org>.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUBPWz8glUuHi5z0oilAQGD3wP/XLvIayMoXfSUuuw4VVr84c3vqVk0t0rL
+qZmLe+GaQ6Z5Fu/DfEta3HXhAPrlZx6dMWQfAbhjSyLfW8RpVkBlhbKR2ZImiddz
+t2vz9LaADnWIdyRkI+4zpd9xIgpzB3MQwrkh6ZnnE3pqQ12S4TwfAKqwGm7DSShg
+Ymz4mxfkiug=
+=J67P
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SN-02:06.asc b/share/security/advisories/FreeBSD-SN-02:06.asc
new file mode 100644
index 0000000000..617a4ccd5a
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SN-02:06.asc
@@ -0,0 +1,225 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+=============================================================================
+FreeBSD-SN-02:06                                              Security Notice
+                                                          The FreeBSD Project
+
+Topic:          security issues in ports
+Announced:      2002-10-10
+
+I.   Introduction
+
+Several ports in the FreeBSD Ports Collection are affected by security
+issues.  These are listed below with references and affected versions.
+All versions given refer to the FreeBSD port/package version numbers.
+The listed vulnerabilities are not specific to FreeBSD unless
+otherwise noted.
+
+These ports are not installed by default, nor are they ``part of
+FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
+third-party applications in a ready-to-install format.  FreeBSD makes
+no claim about the security of these third-party applications.  See
+<URL:http://www.freebsd.org/ports/> for more information about the
+FreeBSD Ports Collection.
+
+II.  Ports
+
++------------------------------------------------------------------------+
+Port name:      apache13, apache13+ipv6, apache13-fp, apache13-modssl and
+                apache13-ssl 
+Status:         Fixed (apache13, apache13+ipv6, apache13-fp and apache13-modssl)
+                Not fixed (apache13-ssl)
+Affected:       versions < apache+ipv6-1.3.27 
+                versions < apache+mod_ssl-1.3.27+2.8.11
+                versions < apache-1.3.27
+                versions < apache_fp-1.3.27
+                versions < ru-apache-1.3.27.30.16 
+Attackers can cause httpd to spawn new processes, or can kill other
+processes, resulting in denial of service.
+<URL:http://www.apache.org/dist/httpd/Announcement.html>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0839>
++------------------------------------------------------------------------+
+Port name:      gaim
+Affected:       versions < gaim-0.59.1
+Status:         Fixed
+The URL handler in the manual browser option for Gaim before 0.59.1
+fails to escape shell metacharacters in links.
+<URL:http://gaim.sourceforge.net/ChangeLog>
++------------------------------------------------------------------------+
+Port name:      gallery
+Affected:       versions < gallery-1.3.1
+Status:         Fixed
+Remotely exploitable.
+<URL:http://www.freebsd.org/cgi/query-pr.cgi?pr=41465>
+<URL:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/gallery/gallery/errors/configmode.php>
+<URL:http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/gallery/gallery/captionator.php>
++------------------------------------------------------------------------+
+Port name:      gtar 
+Affected:       versions < gtar-1.13.25_5
+Status:         Fixed
+Directory traversal bug allows files to be overwritten unexpectedly
+when an archive is extracted.
+<URL:http://www.security.nnov.ru/advisories/archdt.asp>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0399>
++------------------------------------------------------------------------+
+Port name:      hylafax
+Affected:       versions < hylafax-4.1.3
+Status:         Fixed
+Format string vulnerability and buffer overflow resulting in potential
+denial of service attack, arbitrary code execution as root, and elevation
+of privilege.
+<URL:http://www.hylafax.org/4.1.3.html>
++------------------------------------------------------------------------+
+Port name:      linux_base-6
+Affected:       versions < linux_base-6.1_2
+Status:         Fixed
+multiple vulnerabilities in Xlib
+<URL:http://rhn.redhat.com/errata/RHSA-2001-071.html>
++------------------------------------------------------------------------+
+Port name:      linux_base and linux_base-6
+Affected:       versions < linux_base-7.1_1 (linux_base)
+                versions < linux_base-6.1_2 (linux_base-6)
+Status:         Fixed
+XDR RPC and resolver buffer overflows in glibc
+<URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02%3A28.resolv.asc>
+<URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02%3A34.rpc.asc>
+<URL:http://rhn.redhat.com/errata/RHSA-2002-139.html>
+<URL:http://rhn.redhat.com/errata/RHSA-2002-166.html>
++------------------------------------------------------------------------+
+Port name:      linux-flashplugin
+Affected:       versions < linux-flashplugin-5.0r50
+Status:         Fixed
+A buffer overflow allowed execution of arbitrary code.  Another bug
+allowed the contents of users' files to be sent to a malicious Web
+server.
+<URL:http://www.macromedia.com/v1/handlers/index.cfm?ID=23294&Method=Full&Title=MPSB02%2D10%20%2D%20Macromedia%20Flash%20URL%20Modification%20Issue>
+<URL:http://www.macromedia.com/v1/handlers/index.cfm?ID=23293&Method=Full&Title=MPSB02%2D09%20%2D%20Macromedia%20Flash%20Malformed%20Header%20Vulnerability%20Issue>
++------------------------------------------------------------------------+
+Port name:      mozilla, mozilla-devel
+Affected:       versions < mozilla-1.0.1_1,2 (mozilla)
+                versions < linux-mozilla-1.0_1 (mozilla-devel)
+Status:         Not fixed
+An overflow exists in the Chatzilla IRC client.  It can cause Mozilla
+to crash even if the demonstration page does not cause the crash.
+According to Robert Ginda, the bug does not allow execution of
+malicious code.  Chatzilla had been disabled in the affected ports,
+but it was inadvertently enabled again.  The presence of Chatzilla
+is indicated by an icon in the status bar, by an item in the Window
+menu, and by the existence of the chatzilla.jar file.  As a workaround,
+remove chatzilla.jar.
+<URL:http://jscript.dk/2002/4/moz1rc1tests/ircbufferoverrun.html>
+<URL:http://bugzilla.mozilla.org/show_bug.cgi?id=163588>
+<URL:http://bugzilla.mozilla.org/show_bug.cgi?id=94448>
++------------------------------------------------------------------------+
+Port name:      opera
+Affected:       versions < opera-6.03.20020813
+Status:         Fixed
+Buffer overflows in OpenSSL may allow execution of arbitrary code.
+<URL:http://www.opera.com/pressreleases/en/2002/08/20020816.html>
+<URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02%3A33.openssl.asc>
++------------------------------------------------------------------------+
+Port name:      php
+Affected:       versions mod_php4-4.0.5 to mod_php4-4.2.2
+                versions >= php4-4.0.5 to php4-4.2.2
+Status:         Fixed
+possible execution of arbitrary code via mail() function
+<URL:http://online.securityfocus.com/archive/1/194425>
+<URL:http://online.securityfocus.com/archive/1/288804>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1246>
+<URL:http://www.php.net/ChangeLog-4.php>
++------------------------------------------------------------------------+
+Port name:      pkzip
+Affected:       all versions
+Status:         Not Fixed
+If the -rec option is used when extracting an archive, files with
+"/" as the first character in the path, or with "../" may be
+extracted.
+<URL:http://www.security.nnov.ru/advisories/archdt.asp>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1270>
++------------------------------------------------------------------------+
+Port name:      qmailadmin
+Affected:       versions < qmailadmin-1.0.6
+Status:         Fixed
+Installs setuid with exploitable buffer overflow leading to
+privileges of `vpopmail' user.
+<URL:http://security-archive.merton.ox.ac.uk/bugtraq-200208/0117.html>
++------------------------------------------------------------------------+
+Port name:      unzip
+Affected:       versions < unzip-5.50
+Status:         Fixed
+Files with "/" as the first character in the path, or with "../"
+in the path may be extracted from an archive.
+<URL:http://www.security.nnov.ru/advisories/archdt.asp>
+<URL:http://www.info-zip.org/UnZip.html>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1268>
+<URL:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1269>
+<URL:http://online.securityfocus.com/archive/1/196445>
+<URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00206.html>
++------------------------------------------------------------------------+
+Port name:      webmin
+Affected:       versions < webmin-1.020
+Status:         Fixed
+A prepackaged SSL key was identical for every installation, allowing
+sessions to be hijacked.
+<URL:http://www.webmin.com/changes.html>
++------------------------------------------------------------------------+
+Port name:      XFree86-4, XFree86-4-Server, XFree86-4-NestServer,
+                XFree86-4-VirtualFramebufferServer, XFree86-4-libraries,
+                XFree86-4-clients
+Affected:       versions < XFree86-Server-4.2.1_1
+                versions < XFree86-libraries-4.2.1_1
+                versions < XFree86-clients-4.2.1_1
+                versions < XFree86-NestServer-4.2.1
+                versions < XFree86-VirtualFramebufferServer-4.2.1
+Status:         Fixed
+Arbitrary code execution in privileged clients; overwriting restricted
+shared memory segments; others.
+<URL:http://www.xfree.org/security/>
++------------------------------------------------------------------------+
+Port name:      xinetd
+Affected:       versions < xinetd-2.3.7
+Status:         Fixed
+A file descriptor leak in xinetd could give an unprivileged process
+the ability to terminate the master xinetd process.
+<URL:http://www.xinetd.org/>
++------------------------------------------------------------------------+
+
+III. Upgrading Ports/Packages
+
+To upgrade a fixed port/package, perform one of the following:
+
+1) Upgrade your Ports Collection and rebuild and reinstall the port.
+Several tools are available in the Ports Collection to make this
+easier.  See:
+  /usr/ports/devel/portcheckout
+  /usr/ports/misc/porteasy
+  /usr/ports/sysutils/portupgrade
+
+2) Deinstall the old package and install a new package obtained from
+
+[i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
+
+Packages are not automatically generated for other architectures at
+this time.
+
+
++------------------------------------------------------------------------+
+FreeBSD Security Notices are communications from the Security Officer
+intended to inform the user community about potential security issues,
+such as bugs in the third-party applications found in the Ports
+Collection, which will not be addressed in a FreeBSD Security
+Advisory.
+
+Feedback on Security Notices is welcome at <security-officer@FreeBSD.org>.
+
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUBPaTD11UuHi5z0oilAQEXHgP9HR2gmVgRwAvKCqmlQVAEA6N3TwLFu1g/
+QXOlOZB0asu4XCFzj7effNVrCMob93ZOMSjDo4+SdKdp11TX3SaOrP3mPUcaimbs
+owHZD77Rqb4fhajWVPjezYzXpJX0C7qb4HS7SnCzNde98PG+acVcvyGyqmY/9Yuy
+pVMUC9fjkFY=
+=ybhF
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SN-03:01.asc b/share/security/advisories/FreeBSD-SN-03:01.asc
new file mode 100644
index 0000000000..d00e375cc1
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SN-03:01.asc
@@ -0,0 +1,111 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SN-03:01                                              Security Notice
+                                                          The FreeBSD Project
+
+Topic:          security issue in samba ports
+Announced:      2003-04-07
+
+I.   Introduction
+
+Several ports in the FreeBSD Ports Collection are affected by security
+issues.  These are listed below with references and affected versions.
+All versions given refer to the FreeBSD port/package version numbers.
+The listed vulnerabilities are not specific to FreeBSD unless
+otherwise noted.
+
+These ports are not installed by default, nor are they ``part of
+FreeBSD'' as such.  The FreeBSD Ports Collection contains thousands of
+third-party applications in a ready-to-install format.  FreeBSD makes
+no claim about the security of these third-party applications.  See
+<URL:http://www.freebsd.org/ports/> for more information about the
+FreeBSD Ports Collection.
+
+II.  Ports
+
++------------------------------------------------------------------------+
+Port name:      net/samba
+Affected:       versions < samba-2.2.8_2, samba-2.2.8a
+Status:         Fixed
+
+Two vulnerabilities recently:
+
+(1) Sebastian Krahmer of the SuSE Security Team identified
+vulnerabilities that could lead to arbitrary code execution as root,
+as well as a race condition that could allow overwriting of system
+files.  (This vulnerability was previously fixed in Samba 2.2.8.)
+
+(2) Digital Defense, Inc. reports: ``This vulnerability, if exploited
+correctly, leads to an anonymous user gaining root access on a Samba
+serving system. All versions of Samba up to and including Samba 2.2.8
+are vulnerable. Alpha versions of Samba 3.0 and above are *NOT*
+vulnerable.''
+
+<URL: http://us1.samba.org/samba/whatsnew/samba-2.2.8.html >
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0085 >
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0086 >
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0196 >
+<URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0201 >
++------------------------------------------------------------------------+
+Port name:      net/samba-tng
+Affected:       all versions
+Status:         Not fixed
+
+Some or all of the vulnerabilities affecting Samba may also affect
+Samba-TNG.  No confirmation or official patches are available at the
+time of this security notice.
++------------------------------------------------------------------------+
+
+III. Upgrading Ports/Packages
+
+To upgrade a fixed port/package, perform one of the following:
+
+1) Upgrade your Ports Collection and rebuild and reinstall the port.
+Several tools are available in the Ports Collection to make this
+easier.  See:
+  /usr/ports/devel/portcheckout
+  /usr/ports/misc/porteasy
+  /usr/ports/sysutils/portupgrade
+
+2) Deinstall the old package and install a new package obtained from
+
+[FreeBSD 4.x, i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/All/
+
+[FreeBSD 5.x, i386]
+ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/
+
+Packages are not automatically generated for other architectures at
+this time.
+
+Note that new, official packages may not be available on all mirrors
+immediately.  In the interim, Security Officer-generated packages (and
+detached digital signatures) are available for the i386 architecture
+at:
+
+[FreeBSD 4.x, i386]
+ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz
+ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-4-stable/samba-2.2.8_2.tgz.asc
+
+[FreeBSD 5.x]
+ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz
+ftp://ftp2.FreeBSD.org/pub/FreeBSD/security-officer/ports/i386/packages-5-current/samba-2.2.8_2.tbz.asc
+
+
++------------------------------------------------------------------------+
+FreeBSD Security Notices are communications from the Security Officer
+intended to inform the user community about potential security issues,
+such as bugs in the third-party applications found in the Ports
+Collection, which will not be addressed in a FreeBSD Security
+Advisory.
+
+Feedback on Security Notices is welcome at <security-team@FreeBSD.org>.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQE+kX+vFdaIBMps37IRAtkmAJ4ruhx4WQLeSPSPgfmzrVW4uYvVJACfRxem
+4q3eO8IxTujzRR2QwH4eyK4=
+=/4KW
+-----END PGP SIGNATURE-----
diff --git a/share/security/advisories/FreeBSD-SN-03:02.asc b/share/security/advisories/FreeBSD-SN-03:02.asc
new file mode 100644
index 0000000000..cd59d479d5
--- /dev/null
+++ b/share/security/advisories/FreeBSD-SN-03:02.asc
@@ -0,0 +1,60 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA1
+
+=============================================================================
+FreeBSD-SN-03:02                                              Security Notice
+                                                          The FreeBSD Project
+
+Topic:          security issue in SETI@home client
+Announced:      2003-04-08
+
+I.   Introduction
+
+A port in the FreeBSD Ports Collection is affected by a security
+issue.  Summary information is given below with references and
+affected versions.  All versions given refer to the FreeBSD
+port/package version numbers.  The listed vulnerabilities are not
+specific to FreeBSD unless otherwise noted.
+
+This port is not installed by default, nor is it ``part of FreeBSD''
+as such.  The FreeBSD Ports Collection contains thousands of
+third-party applications in a ready-to-install format.  FreeBSD makes
+no claim about the security of these third-party applications.  See
+<URL:http://www.freebsd.org/ports/> for more information about the
+FreeBSD Ports Collection.
+
+II.  Ports
+
++------------------------------------------------------------------------+
+Port name:      astro/setiathome
+Affected:       All versions
+Status:         Not fixed
+
+Excerpt from Berend-Jan Wever a.k.a. SkyLined's advisory:
+``There is a bufferoverflow in the server responds handler. Sending
+an overly large string followed by a newline ('\n') character to the
+client will trigger this overflow. This has been tested with various
+versions of the client. All versions are presumed to have this flaw in
+some form.''
+Example exploits for FreeBSD and other systems exist.
+A new version of SETI@home for FreeBSD is not available at the time
+of this security notice.
+
+<URL: http://spoor12.edup.tudelft.nl/ >
+<URL: http://setiathome.berkeley.edu/version308.html >
++------------------------------------------------------------------------+
+
+FreeBSD Security Notices are communications from the Security Officer
+intended to inform the user community about potential security issues,
+such as bugs in the third-party applications found in the Ports
+Collection, which will not be addressed in a FreeBSD Security
+Advisory.
+
+Feedback on Security Notices is welcome at <security-team@FreeBSD.org>.
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQE+kruuFdaIBMps37IRAksIAKCXua4QQz3P3Y4qysYW8/ftjQhozQCfVnNw
+PZAo0yzuFpYydTgYrodW+4Q=
+=DQki
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-04:01/twe.patch b/share/security/patches/EN-04:01/twe.patch
new file mode 100644
index 0000000000..b154bb4b8f
--- /dev/null
+++ b/share/security/patches/EN-04:01/twe.patch
@@ -0,0 +1,195 @@
+Index: sys/dev/twe/twe.c
+===================================================================
+RCS file: /home/ncvs/src/sys/dev/twe/twe.c,v
+retrieving revision 1.1.2.8.2.1
+retrieving revision 1.1.2.8.2.2
+diff -u -r1.1.2.8.2.1 -r1.1.2.8.2.2
+--- sys/dev/twe/twe.c	12 May 2004 03:37:43 -0000	1.1.2.8.2.1
++++ sys/dev/twe/twe.c	26 Jun 2004 02:22:24 -0000	1.1.2.8.2.2
+@@ -26,7 +26,7 @@
+  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  * SUCH DAMAGE.
+  *
+- *	$FreeBSD: src/sys/dev/twe/twe.c,v 1.1.2.8.2.1 2004/05/12 03:37:43 vkashyap Exp $
++ *	$FreeBSD: src/sys/dev/twe/twe.c,v 1.1.2.8.2.2 2004/06/26 02:22:24 kensmith Exp $
+  */
+ 
+ /*
+@@ -382,7 +382,7 @@
+ 
+     debug_called(4);
+ 
+-    if (sc->twe_state & TWE_STATE_FRZN)
++    if (sc->twe_state & (TWE_STATE_CTLR_BUSY | TWE_STATE_FRZN))
+ 	    return;
+ 
+     /* spin until something prevents us from doing any work */
+@@ -433,6 +433,8 @@
+ 	error = twe_map_request(tr);
+ 
+ 	if (error != 0) {
++	    if (error == EBUSY)
++		break;
+ 	    tr->tr_status = TWE_CMD_ERROR;
+ 	    if (tr->tr_private != NULL) {
+ 		bp = (twe_bio *)(tr->tr_private);
+@@ -758,7 +760,7 @@
+     } else {
+ 	tr->tr_complete = func;
+ 	error = twe_map_request(tr);
+-	if (error == 0)
++	if ((error == 0) || (error == EBUSY))
+ 	    return(func);
+     }
+ 
+@@ -924,8 +926,10 @@
+ 
+     debug_called(4);
+ 
++    tr->tr_status = TWE_CMD_BUSY;
+     if ((error = twe_map_request(tr)) != 0)
+-	return(error);
++	if (error != EBUSY)
++	    return(error);
+     while (tr->tr_status == TWE_CMD_BUSY){
+ 	twe_done(tr->tr_sc);
+     }
+@@ -1117,6 +1121,7 @@
+ 	    /* move to completed queue */
+ 	    twe_remove_busy(tr);
+ 	    twe_enqueue_complete(tr);
++	    sc->twe_state &= ~TWE_STATE_CTLR_BUSY;
+ 	} else {
+ 	    break;					/* no response ready */
+ 	}
+Index: sys/dev/twe/twe_freebsd.c
+===================================================================
+RCS file: /home/ncvs/src/sys/dev/twe/twe_freebsd.c,v
+retrieving revision 1.2.2.8
+retrieving revision 1.2.2.8.2.1
+diff -u -r1.2.2.8 -r1.2.2.8.2.1
+--- sys/dev/twe/twe_freebsd.c	7 Apr 2004 22:18:00 -0000	1.2.2.8
++++ sys/dev/twe/twe_freebsd.c	26 Jun 2004 02:22:24 -0000	1.2.2.8.2.1
+@@ -26,7 +26,7 @@
+  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  * SUCH DAMAGE.
+  *
+- * $FreeBSD: src/sys/dev/twe/twe_freebsd.c,v 1.2.2.8 2004/04/07 22:18:00 vkashyap Exp $
++ * $FreeBSD: src/sys/dev/twe/twe_freebsd.c,v 1.2.2.8.2.1 2004/06/26 02:22:24 kensmith Exp $
+  */
+ 
+ /*
+@@ -999,8 +999,10 @@
+ 	    bcopy(tr->tr_realdata, tr->tr_data, tr->tr_length);
+ 	bus_dmamap_sync(tr->tr_sc->twe_buffer_dmat, tr->tr_dmamap, BUS_DMASYNC_PREWRITE);
+     }
+-    if (twe_start(tr) == EBUSY)
++    if (twe_start(tr) == EBUSY) {
++	tr->tr_sc->twe_state |= TWE_STATE_CTLR_BUSY;
+ 	twe_requeue_ready(tr);
++    }
+ }
+ 
+ static void
+@@ -1022,8 +1024,10 @@
+ 
+     debug_called(4);
+ 
+-    if (sc->twe_state & TWE_STATE_FRZN)
++    if (sc->twe_state & (TWE_STATE_CTLR_BUSY | TWE_STATE_FRZN)) {
++	twe_requeue_ready(tr);
+ 	return (EBUSY);
++    }
+ 
+     /*
+      * Map the command into bus space.
+@@ -1061,8 +1065,8 @@
+ 	}
+     } else {
+ 	if ((error = twe_start(tr)) == EBUSY) {
++	    sc->twe_state |= TWE_STATE_CTLR_BUSY;
+ 	    twe_requeue_ready(tr);
+-	    error = 0;
+ 	}
+     }
+ 
+Index: sys/dev/twe/twevar.h
+===================================================================
+RCS file: /home/ncvs/src/sys/dev/twe/twevar.h,v
+retrieving revision 1.1.2.6.2.1
+retrieving revision 1.1.2.6.2.2
+diff -u -r1.1.2.6.2.1 -r1.1.2.6.2.2
+--- sys/dev/twe/twevar.h	12 May 2004 03:37:43 -0000	1.1.2.6.2.1
++++ sys/dev/twe/twevar.h	26 Jun 2004 02:22:24 -0000	1.1.2.6.2.2
+@@ -26,10 +26,10 @@
+  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  * SUCH DAMAGE.
+  *
+- *	$FreeBSD: src/sys/dev/twe/twevar.h,v 1.1.2.6.2.1 2004/05/12 03:37:43 vkashyap Exp $
++ *	$FreeBSD: src/sys/dev/twe/twevar.h,v 1.1.2.6.2.2 2004/06/26 02:22:24 kensmith Exp $
+  */
+ 
+-#define TWE_DRIVER_VERSION_STRING	"1.40.01.001"
++#define TWE_DRIVER_VERSION_STRING	"1.40.01.002"
+ #define TWE_CDEV_MAJOR			146
+ #define TWED_CDEV_MAJOR			147
+ 
+@@ -149,7 +149,8 @@
+ #define TWE_STATE_SHUTDOWN	(1<<1)	/* controller is shut down */
+ #define TWE_STATE_OPEN		(1<<2)	/* control device is open */
+ #define TWE_STATE_SUSPEND	(1<<3)	/* controller is suspended */
+-#define TWE_STATE_FRZN		(1<<4)
++#define TWE_STATE_FRZN		(1<<4)	/* got EINPROGRESS */
++#define TWE_STATE_CTLR_BUSY	(1<<5)	/* controller cmd queue full */
+     int			twe_host_id;
+     struct twe_qstat	twe_qstat[TWEQ_COUNT];	/* queue statistics */
+ 
+Index: sys/conf/newvers.sh
+===================================================================
+RCS file: /home/ncvs/src/sys/conf/newvers.sh,v
+retrieving revision 1.44.2.34.2.2
+retrieving revision 1.44.2.34.2.3
+diff -u -r1.44.2.34.2.2 -r1.44.2.34.2.3
+--- sys/conf/newvers.sh	25 May 2004 05:30:47 -0000	1.44.2.34.2.2
++++ sys/conf/newvers.sh	26 Jun 2004 02:22:24 -0000	1.44.2.34.2.3
+@@ -32,11 +32,11 @@
+ # SUCH DAMAGE.
+ #
+ #	@(#)newvers.sh	8.1 (Berkeley) 4/20/94
+-# $FreeBSD: src/sys/conf/newvers.sh,v 1.44.2.34.2.2 2004/05/25 05:30:47 scottl Exp $
++# $FreeBSD: src/sys/conf/newvers.sh,v 1.44.2.34.2.3 2004/06/26 02:22:24 kensmith Exp $
+ 
+ TYPE="FreeBSD"
+ REVISION="4.10"
+-BRANCH="RELEASE"
++BRANCH="RELEASE-p1"
+ RELEASE="${REVISION}-${BRANCH}"
+ VERSION="${TYPE} ${RELEASE}"
+ 
+Index: UPDATING
+===================================================================
+RCS file: /home/ncvs/src/UPDATING,v
+retrieving revision 1.73.2.90
+retrieving revision 1.73.2.90.2.2
+diff -u -r1.73.2.90 -r1.73.2.90.2.2
+--- UPDATING	31 Oct 2003 16:40:39 -0000	1.73.2.90
++++ UPDATING	26 Jun 2004 04:39:46 -0000	1.73.2.90.2.2
+@@ -8,6 +8,12 @@
+ the common items quick how-tos, followed by entries for versions of
+ -current prior to 4.0 Release.
+ 
++20040626:	p1	FreeBSD-EN-04:01.twe
++	Fix a bug in twe(4) that could cause kernel lockups.
++	
++20040527:
++	FreeBSD 4.10-RELEASE.
++
+ 20031028:
+ 	FreeBSD 4.9-RELEASE.
+ 
+@@ -1185,4 +1191,4 @@
+ If you find this document useful, and you want to, you may buy the
+ author a beer.
+ 
+-$FreeBSD: src/UPDATING,v 1.73.2.90 2003/10/31 16:40:39 simon Exp $
++$FreeBSD: src/UPDATING,v 1.73.2.90.2.2 2004/06/26 04:39:46 kensmith Exp $
diff --git a/share/security/patches/EN-04:01/twe.patch.asc b/share/security/patches/EN-04:01/twe.patch.asc
new file mode 100644
index 0000000000..cee96bd11f
--- /dev/null
+++ b/share/security/patches/EN-04:01/twe.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBA3ZP5/G14VSmup/YRAuN6AJ9G+6K9TDb5MKs/UDPbMx5GMrCFigCdFe7r
+KQQazp5kZ+tOF3fvj+zOK6k=
+=qczL
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-06:02/net.patch b/share/security/patches/EN-06:02/net.patch
new file mode 100644
index 0000000000..32cc9ba746
--- /dev/null
+++ b/share/security/patches/EN-06:02/net.patch
@@ -0,0 +1,141 @@
+Index: sys/netinet/ip_output.c
+===================================================================
+RCS file: /home/cvs/src/sys/netinet/ip_output.c,v
+retrieving revision 1.242.2.8
+diff -u -r1.242.2.8 ip_output.c
+--- sys/netinet/ip_output.c	31 Jan 2006 16:06:05 -0000	1.242.2.8
++++ sys/netinet/ip_output.c	25 Aug 2006 15:07:44 -0000
+@@ -1162,6 +1162,9 @@
+ 		return (EINVAL);
+ 	}
+ 
++	if (inp == NULL)
++		return (EINVAL);
++
+ 	switch (sopt->sopt_dir) {
+ 	case SOPT_SET:
+ 		switch (sopt->sopt_name) {
+Index: sys/netinet6/in6.c
+===================================================================
+RCS file: /home/cvs/src/sys/netinet6/in6.c,v
+retrieving revision 1.51.2.8
+diff -u -r1.51.2.8 in6.c
+--- sys/netinet6/in6.c	9 Mar 2006 11:59:03 -0000	1.51.2.8
++++ sys/netinet6/in6.c	25 Aug 2006 15:07:56 -0000
+@@ -1720,20 +1720,55 @@
+ 
+ 	/* we could do in(6)_socktrim here, but just omit it at this moment. */
+ 
++	if (newhost && nd6_need_cache(ifp) != 0) {
++		/* set the rtrequest function to create llinfo */
++		ia->ia_ifa.ifa_rtrequest = nd6_rtrequest;
++	}
++
+ 	/*
+ 	 * Special case:
+ 	 * If a new destination address is specified for a point-to-point
+ 	 * interface, install a route to the destination as an interface
+-	 * direct route.
++	 * direct route.  In addition, if the link is expected to have neighbor
++	 * cache entries, specify RTF_LLINFO so that a cache entry for the
++	 * destination address will be created.
++	 * created
+ 	 * XXX: the logic below rejects assigning multiple addresses on a p2p
+-	 * interface that share a same destination.
++	 * interface that share the same destination.
+ 	 */
+ 	plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
+ 	if (!(ia->ia_flags & IFA_ROUTE) && plen == 128 &&
+ 	    ia->ia_dstaddr.sin6_family == AF_INET6) {
+-		if ((error = rtinit(&(ia->ia_ifa), (int)RTM_ADD,
+-				    RTF_UP | RTF_HOST)) != 0)
++		int rtflags = RTF_UP | RTF_HOST;
++		struct rtentry *rt = NULL, **rtp = NULL;
++
++		if (nd6_need_cache(ifp) != 0) {
++			rtflags |= RTF_LLINFO;
++			rtp = &rt;
++		}
++
++		error = rtrequest(RTM_ADD, (struct sockaddr *)&ia->ia_dstaddr,
++		    (struct sockaddr *)&ia->ia_addr,
++		    (struct sockaddr *)&ia->ia_prefixmask,
++		    ia->ia_flags | rtflags, rtp);
++		if (error != 0)
+ 			return (error);
++		if (rt != NULL) {
++			struct llinfo_nd6 *ln;
++
++			RT_LOCK(rt);
++			ln = (struct llinfo_nd6 *)rt->rt_llinfo;
++			if (ln != NULL) {
++				/*
++				 * Set the state to STALE because we don't
++				 * have to perform address resolution on this
++				 * link.
++				 */
++				ln->ln_state = ND6_LLINFO_STALE;
++			}
++			RT_REMREF(rt);
++			RT_UNLOCK(rt);
++		}
+ 		ia->ia_flags |= IFA_ROUTE;
+ 	}
+ 	if (plen < 128) {
+@@ -1744,11 +1779,8 @@
+ 	}
+ 
+ 	/* Add ownaddr as loopback rtentry, if necessary (ex. on p2p link). */
+-	if (newhost) {
+-		/* set the rtrequest function to create llinfo */
+-		ia->ia_ifa.ifa_rtrequest = nd6_rtrequest;
++	if (newhost)
+ 		in6_ifaddloop(&(ia->ia_ifa));
+-	}
+ 
+ 	return (error);
+ }
+Index: sys/netinet6/nd6.c
+===================================================================
+RCS file: /home/cvs/src/sys/netinet6/nd6.c,v
+retrieving revision 1.48.2.12
+diff -u -r1.48.2.12 nd6.c
+--- sys/netinet6/nd6.c	29 Mar 2006 21:05:11 -0000	1.48.2.12
++++ sys/netinet6/nd6.c	25 Aug 2006 15:08:02 -0000
+@@ -512,6 +512,19 @@
+ 			ln->ln_asked++;
+ 			nd6_llinfo_settimer(ln, (long)ndi->retrans * hz / 1000);
+ 			nd6_ns_output(ifp, dst, dst, ln, 0);
++		} else if (rt->rt_ifa != NULL &&
++		    rt->rt_ifa->ifa_addr->sa_family == AF_INET6 &&
++		    (((struct in6_ifaddr *)rt->rt_ifa)->ia_flags & IFA_ROUTE)) {
++			/*
++			 * This is an unreachable neighbor whose address is
++			 * specified as the destination of a p2p interface
++			 * (see in6_ifinit()).  We should not free the entry
++			 * since this is sort of a "static" entry generated
++			 * via interface address configuration. 
++			 */
++			ln->ln_asked = 0;
++			ln->ln_expire = 0; /* make it permanent */
++			ln->ln_state = ND6_LLINFO_STALE;
+ 		} else {
+ 			(void)nd6_free(rt, 0);
+ 			ln = NULL;
+Index: sys/vm/uma_core.c
+===================================================================
+RCS file: /home/cvs/src/sys/vm/uma_core.c,v
+retrieving revision 1.119.2.15
+diff -u -r1.119.2.15 uma_core.c
+--- sys/vm/uma_core.c	14 Feb 2006 03:37:58 -0000	1.119.2.15
++++ sys/vm/uma_core.c	25 Aug 2006 15:08:12 -0000
+@@ -2417,8 +2417,7 @@
+ 	 * If nothing else caught this, we'll just do an internal free.
+ 	 */
+ zfree_internal:
+-	uma_zfree_internal(zone, item, udata, SKIP_DTOR, ZFREE_STATFAIL |
+-	    ZFREE_STATFREE);
++	uma_zfree_internal(zone, item, udata, SKIP_DTOR, ZFREE_STATFREE);
+ 
+ 	return;
+ }
diff --git a/share/security/patches/EN-06:02/net.patch.asc b/share/security/patches/EN-06:02/net.patch.asc
new file mode 100644
index 0000000000..c194b28af0
--- /dev/null
+++ b/share/security/patches/EN-06:02/net.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBE8prKFdaIBMps37IRAuHyAKCBRw+mApcAzb52n1tdrhPOZcMofACeO+o+
+/CTfpmIx85OL7CCSG9WQ9Yw=
+=wRb+
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-07:01/nfs60.patch b/share/security/patches/EN-07:01/nfs60.patch
new file mode 100644
index 0000000000..6a6294c55e
--- /dev/null
+++ b/share/security/patches/EN-07:01/nfs60.patch
@@ -0,0 +1,421 @@
+Index: sys/nfsserver/nfs_serv.c
+===================================================================
+RCS file: /home/ncvs/src/sys/nfsserver/nfs_serv.c,v
+retrieving revision 1.156
+diff -u -r1.156 nfs_serv.c
+--- sys/nfsserver/nfs_serv.c	17 Apr 2005 16:25:36 -0000	1.156
++++ sys/nfsserver/nfs_serv.c	13 Feb 2007 20:43:09 -0000
+@@ -569,6 +569,10 @@
+
+ 			error = lookup(&ind);
+ 			ind.ni_dvp = NULL;
++			if (ind.ni_cnd.cn_flags & GIANTHELD) {
++				mtx_unlock(&Giant);
++				ind.ni_cnd.cn_flags &= ~GIANTHELD;
++			}
+
+ 			if (error == 0) {
+ 				/*
+@@ -599,15 +603,9 @@
+ 		}
+ 	}
+
+-	if (dirp) {
+-		vrele(dirp);
+-		dirp = NULL;
+-	}
+-
+ 	/*
+ 	 * Resources at this point:
+ 	 *	ndp->ni_vp	may not be NULL
+-	 *
+ 	 */
+
+ 	if (error) {
+@@ -621,15 +619,6 @@
+ 	}
+
+ 	/*
+-	 * Clear out some resources prior to potentially blocking.  This
+-	 * is not as critical as ni_dvp resources in other routines, but
+-	 * it helps.
+-	 */
+-	vrele(ndp->ni_startdir);
+-	ndp->ni_startdir = NULL;
+-	NDFREE(&nd, NDF_ONLY_PNBUF);
+-
+-	/*
+ 	 * Get underlying attribute, then release remaining resources ( for
+ 	 * the same potential blocking reason ) and reply.
+ 	 */
+@@ -641,8 +630,12 @@
+ 		error = VOP_GETATTR(vp, vap, cred, td);
+
+ 	vput(vp);
+-	mtx_unlock(&Giant);	/* VFS */
++	vrele(ndp->ni_startdir);
++	vrele(dirp);
+ 	ndp->ni_vp = NULL;
++	ndp->ni_startdir = NULL;
++	dirp = NULL;
++	mtx_unlock(&Giant);	/* VFS */
+ 	NFSD_LOCK();
+ 	nfsm_reply(NFSX_SRVFH(v3) + NFSX_POSTOPORFATTR(v3) + NFSX_POSTOPATTR(v3));
+ 	if (error) {
+@@ -662,17 +655,19 @@
+
+ nfsmout:
+ 	NFSD_LOCK_ASSERT();
+-	NFSD_UNLOCK();
+-	mtx_lock(&Giant);	/* VFS */
+-	if (dirp)
+-		vrele(dirp);
++	if (ndp->ni_vp || dirp || ndp->ni_startdir) {
++		NFSD_UNLOCK();
++		mtx_lock(&Giant);	/* VFS */
++		if (ndp->ni_vp)
++			vput(ndp->ni_vp);
++		if (dirp)
++			vrele(dirp);
++		if (ndp->ni_startdir)
++			vrele(ndp->ni_startdir);
++		mtx_unlock(&Giant);	/* VFS */
++		NFSD_LOCK();
++	}
+ 	NDFREE(&nd, NDF_ONLY_PNBUF);
+-	if (ndp->ni_startdir)
+-		vrele(ndp->ni_startdir);
+-	if (ndp->ni_vp)
+-		vput(ndp->ni_vp);
+-	mtx_unlock(&Giant);	/* VFS */
+-	NFSD_LOCK();
+ 	return (error);
+ }
+
+@@ -1924,6 +1919,10 @@
+
+ 			error = lookup(&nd);
+ 			nd.ni_dvp = NULL;
++			if (nd.ni_cnd.cn_flags & GIANTHELD) {
++				mtx_unlock(&Giant);
++				nd.ni_cnd.cn_flags &= ~GIANTHELD;
++			}
+ 			if (error)
+ 				goto ereply;
+
+@@ -2004,13 +2003,6 @@
+ 	NFSD_LOCK_ASSERT();
+ 	NFSD_UNLOCK();
+ 	mtx_lock(&Giant);	/* VFS */
+-	if (nd.ni_startdir) {
+-		vrele(nd.ni_startdir);
+-		nd.ni_startdir = NULL;
+-	}
+-	if (dirp)
+-		vrele(dirp);
+-	NDFREE(&nd, NDF_ONLY_PNBUF);
+ 	if (nd.ni_dvp) {
+ 		if (nd.ni_dvp == nd.ni_vp)
+ 			vrele(nd.ni_dvp);
+@@ -2019,6 +2011,13 @@
+ 	}
+ 	if (nd.ni_vp)
+ 		vput(nd.ni_vp);
++	if (nd.ni_startdir) {
++		vrele(nd.ni_startdir);
++		nd.ni_startdir = NULL;
++	}
++	if (dirp)
++		vrele(dirp);
++	NDFREE(&nd, NDF_ONLY_PNBUF);
+ 	vn_finished_write(mp);
+ 	mtx_unlock(&Giant);	/* VFS */
+ 	NFSD_LOCK();
+@@ -2092,6 +2091,8 @@
+ 	tl = nfsm_dissect_nonblock(u_int32_t *, NFSX_UNSIGNED);
+ 	vtyp = nfsv3tov_type(*tl);
+ 	if (vtyp != VCHR && vtyp != VBLK && vtyp != VSOCK && vtyp != VFIFO) {
++		NFSD_UNLOCK();
++		mtx_lock(&Giant);	/* VFS */
+ 		error = NFSERR_BADTYPE;
+ 		goto out;
+ 	}
+@@ -2108,6 +2109,8 @@
+ 	 * Iff doesn't exist, create it.
+ 	 */
+ 	if (nd.ni_vp) {
++		NFSD_UNLOCK();
++		mtx_lock(&Giant);	/* VFS */
+ 		error = EEXIST;
+ 		goto out;
+ 	}
+@@ -2146,6 +2149,10 @@
+
+ 		error = lookup(&nd);
+ 		nd.ni_dvp = NULL;
++		if (nd.ni_cnd.cn_flags & GIANTHELD) {
++			mtx_unlock(&Giant);
++			nd.ni_cnd.cn_flags &= ~GIANTHELD;
++		}
+
+ 		if (error)
+ 			goto out;
+@@ -2158,18 +2165,6 @@
+ 	 */
+ out:
+ 	NFSD_UNLOCK_ASSERT();
+-	if (nd.ni_startdir) {
+-		vrele(nd.ni_startdir);
+-		nd.ni_startdir = NULL;
+-	}
+-	NDFREE(&nd, NDF_ONLY_PNBUF);
+-	if (nd.ni_dvp) {
+-		if (nd.ni_dvp == nd.ni_vp)
+-			vrele(nd.ni_dvp);
+-		else
+-			vput(nd.ni_dvp);
+-		nd.ni_dvp = NULL;
+-	}
+ 	vp = nd.ni_vp;
+ 	if (!error) {
+ 		bzero((caddr_t)fhp, sizeof(nfh));
+@@ -2178,11 +2173,23 @@
+ 		if (!error)
+ 			error = VOP_GETATTR(vp, vap, cred, td);
+ 	}
++	if (nd.ni_dvp) {
++		if (nd.ni_dvp == nd.ni_vp)
++			vrele(nd.ni_dvp);
++		else
++			vput(nd.ni_dvp);
++		nd.ni_dvp = NULL;
++	}
+ 	if (vp) {
+ 		vput(vp);
+ 		vp = NULL;
+ 		nd.ni_vp = NULL;
+ 	}
++	if (nd.ni_startdir) {
++		vrele(nd.ni_startdir);
++		nd.ni_startdir = NULL;
++	}
++	NDFREE(&nd, NDF_ONLY_PNBUF);
+ 	if (dirp) {
+ 		vn_lock(dirp, LK_EXCLUSIVE | LK_RETRY, td);
+ 		diraft_ret = VOP_GETATTR(dirp, &diraft, cred, td);
+@@ -2210,11 +2217,6 @@
+ 	NFSD_LOCK_ASSERT();
+ 	NFSD_UNLOCK();
+ 	mtx_lock(&Giant);	/* VFS */
+-	if (dirp)
+-		vrele(dirp);
+-	if (nd.ni_startdir)
+-		vrele(nd.ni_startdir);
+-	NDFREE(&nd, NDF_ONLY_PNBUF);
+ 	if (nd.ni_dvp) {
+ 		if (nd.ni_dvp == nd.ni_vp)
+ 			vrele(nd.ni_dvp);
+@@ -2223,6 +2225,11 @@
+ 	}
+ 	if (nd.ni_vp)
+ 		vput(nd.ni_vp);
++	if (dirp)
++		vrele(dirp);
++	if (nd.ni_startdir)
++		vrele(nd.ni_startdir);
++	NDFREE(&nd, NDF_ONLY_PNBUF);
+ 	vn_finished_write(mp);
+ 	mtx_unlock(&Giant);	/* VFS */
+ 	NFSD_LOCK();
+@@ -2519,8 +2526,8 @@
+ 		tond.ni_dvp = NULL;
+ 		tond.ni_vp = NULL;
+ 		if (error) {
+-			fromnd.ni_cnd.cn_flags &= ~HASBUF;
+-			tond.ni_cnd.cn_flags &= ~HASBUF;
++			NDFREE(&fromnd, NDF_ONLY_PNBUF);
++			NDFREE(&tond, NDF_ONLY_PNBUF);
+ 		}
+ 	} else {
+ 		if (error == -1)
+@@ -2573,11 +2580,6 @@
+ 	NFSD_LOCK_ASSERT();
+ 	NFSD_UNLOCK();
+ 	mtx_lock(&Giant);	/* VFS */
+-	if (tdirp)
+-		vrele(tdirp);
+-	if (tond.ni_startdir)
+-		vrele(tond.ni_startdir);
+-	NDFREE(&tond, NDF_ONLY_PNBUF);
+ 	if (tond.ni_dvp) {
+ 		if (tond.ni_dvp == tond.ni_vp)
+ 			vrele(tond.ni_dvp);
+@@ -2586,7 +2588,11 @@
+ 	}
+ 	if (tond.ni_vp)
+ 		vput(tond.ni_vp);
+-
++	if (tdirp)
++		vrele(tdirp);
++	if (tond.ni_startdir)
++		vrele(tond.ni_startdir);
++	NDFREE(&tond, NDF_ONLY_PNBUF);
+ 	/*
+ 	 * Clear out fromnd related fields
+ 	 */
+@@ -2747,8 +2753,6 @@
+ 	NFSD_UNLOCK();
+ 	mtx_lock(&Giant);	/* VFS */
+ 	NDFREE(&nd, NDF_ONLY_PNBUF);
+-	if (dirp)
+-		vrele(dirp);
+ 	if (vp)
+ 		vput(vp);
+ 	if (nd.ni_dvp) {
+@@ -2757,6 +2761,8 @@
+ 		else
+ 			vput(nd.ni_dvp);
+ 	}
++	if (dirp)
++		vrele(dirp);
+ 	if (nd.ni_vp)
+ 		vrele(nd.ni_vp);
+ 	vn_finished_write(mp);
+@@ -2815,6 +2821,12 @@
+ 	nd.ni_cnd.cn_flags = LOCKPARENT | SAVESTART;
+ 	error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
+ 		&dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
++	if (error == 0) {
++		VATTR_NULL(vap);
++		if (v3)
++			nfsm_srvsattr(vap);
++		nfsm_srvpathsiz(len2);
++	}
+ 	NFSD_UNLOCK();
+ 	mtx_lock(&Giant);	/* VFS */
+ 	if (dirp && !v3) {
+@@ -2824,10 +2836,6 @@
+ 	if (error)
+ 		goto out;
+
+-	VATTR_NULL(vap);
+-	if (v3)
+-		nfsm_srvsattr(vap);
+-	nfsm_srvpathsiz(len2);
+ 	MALLOC(pathcp, caddr_t, len2 + 1, M_TEMP, M_WAITOK);
+ 	iv.iov_base = pathcp;
+ 	iv.iov_len = len2;
+@@ -2884,6 +2892,10 @@
+
+ 		error = lookup(&nd);
+ 		nd.ni_dvp = NULL;
++		if (nd.ni_cnd.cn_flags & GIANTHELD) {
++			mtx_unlock(&Giant);
++			nd.ni_cnd.cn_flags &= ~GIANTHELD;
++		}
+
+ 		if (error == 0) {
+ 			bzero((caddr_t)fhp, sizeof(nfh));
+@@ -3113,8 +3125,6 @@
+ 	NFSD_LOCK_ASSERT();
+ 	NFSD_UNLOCK();
+ 	mtx_lock(&Giant);	/* VFS */
+-	if (dirp)
+-		vrele(dirp);
+ 	if (nd.ni_dvp) {
+ 		NDFREE(&nd, NDF_ONLY_PNBUF);
+ 		if (nd.ni_dvp == nd.ni_vp && vpexcl)
+@@ -3128,6 +3138,8 @@
+ 		else
+ 			vrele(nd.ni_vp);
+ 	}
++	if (dirp)
++		vrele(dirp);
+ 	vn_finished_write(mp);
+ 	mtx_unlock(&Giant);	/* VFS */
+ 	NFSD_LOCK();
+@@ -3255,8 +3267,6 @@
+ 	NFSD_UNLOCK();
+ 	mtx_lock(&Giant);	/* VFS */
+ 	NDFREE(&nd, NDF_ONLY_PNBUF);
+-	if (dirp)
+-		vrele(dirp);
+ 	if (nd.ni_dvp) {
+ 		if (nd.ni_dvp == nd.ni_vp)
+ 			vrele(nd.ni_dvp);
+@@ -3265,6 +3275,8 @@
+ 	}
+ 	if (nd.ni_vp)
+ 		vput(nd.ni_vp);
++	if (dirp)
++		vrele(dirp);
+
+ 	vn_finished_write(mp);
+ 	mtx_unlock(&Giant);	/* VFS */
+Index: sys/nfsserver/nfs_srvsubs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/nfsserver/nfs_srvsubs.c,v
+retrieving revision 1.136
+diff -u -r1.136 nfs_srvsubs.c
+--- sys/nfsserver/nfs_srvsubs.c	28 Mar 2005 18:51:58 -0000	1.136
++++ sys/nfsserver/nfs_srvsubs.c	13 Feb 2007 20:43:09 -0000
+@@ -875,6 +875,10 @@
+ 	}
+ 	if (!lockleaf)
+ 		cnp->cn_flags &= ~LOCKLEAF;
++	if (cnp->cn_flags & GIANTHELD) {
++		mtx_unlock(&Giant);
++		cnp->cn_flags &= ~GIANTHELD;
++	}
+
+ 	/*
+ 	 * nfs_namei() guarentees that fields will not contain garbage
+@@ -1331,6 +1335,24 @@
+ 	return 0;
+ }
+
++int
++nfsm_srvnamesiz0_xx(int *s, int m, struct mbuf **md, caddr_t *dpos)
++{
++	u_int32_t *tl;
++
++	NFSD_LOCK_DONTCARE();
++
++	tl = nfsm_dissect_xx_nonblock(NFSX_UNSIGNED, md, dpos);
++	if (tl == NULL)
++		return EBADRPC;
++	*s = fxdr_unsigned(int32_t, *tl);
++	if (*s > m)
++		return NFSERR_NAMETOL;
++	if (*s < 0)
++		return EBADRPC;
++	return 0;
++}
++
+ void
+ nfsm_clget_xx(u_int32_t **tl, struct mbuf *mb, struct mbuf **mp,
+     char **bp, char **be, caddr_t bpos, int droplock)
+Index: sys/nfsserver/nfsm_subs.h
+===================================================================
+RCS file: /home/ncvs/src/sys/nfsserver/nfsm_subs.h,v
+retrieving revision 1.37
+diff -u -r1.37 nfsm_subs.h
+--- sys/nfsserver/nfsm_subs.h	7 Jan 2005 01:45:51 -0000	1.37
++++ sys/nfsserver/nfsm_subs.h	13 Feb 2007 20:43:09 -0000
+@@ -74,6 +74,7 @@
+
+ int	nfsm_srvstrsiz_xx(int *s, int m, struct mbuf **md, caddr_t *dpos);
+ int	nfsm_srvnamesiz_xx(int *s, int m, struct mbuf **md, caddr_t *dpos);
++int	nfsm_srvnamesiz0_xx(int *s, int m, struct mbuf **md, caddr_t *dpos);
+ int	nfsm_srvmtofh_xx(fhandle_t *f, struct nfsrv_descript *nfsd,
+ 	    struct mbuf **md, caddr_t *dpos);
+ int	nfsm_srvsattr_xx(struct vattr *a, struct mbuf **md, caddr_t *dpos);
+@@ -101,7 +102,7 @@
+ #define	nfsm_srvpathsiz(s) \
+ do { \
+ 	int t1; \
+-	t1 = nfsm_srvnamesiz_xx(&(s), NFS_MAXPATHLEN, &md, &dpos); \
++	t1 = nfsm_srvnamesiz0_xx(&(s), NFS_MAXPATHLEN, &md, &dpos); \
+ 	if (t1) { \
+ 		error = t1; \
+ 		nfsm_reply(0); \
diff --git a/share/security/patches/EN-07:01/nfs60.patch.asc b/share/security/patches/EN-07:01/nfs60.patch.asc
new file mode 100644
index 0000000000..d621987e63
--- /dev/null
+++ b/share/security/patches/EN-07:01/nfs60.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBF043pFdaIBMps37IRAmCuAJ4l0MHSa2YR4IjsHNBWh9Vb/2RZkwCgmlGn
+ddJ3A3AU0f92UYhLv2QffEk=
+=Fp8p
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-07:01/nfs61.patch b/share/security/patches/EN-07:01/nfs61.patch
new file mode 100644
index 0000000000..643fb3f534
--- /dev/null
+++ b/share/security/patches/EN-07:01/nfs61.patch
@@ -0,0 +1,153 @@
+Index: sys/nfsserver/nfs_serv.c
+===================================================================
+RCS file: /home/ncvs/src/sys/nfsserver/nfs_serv.c,v
+retrieving revision 1.156.2.2
+diff -u -r1.156.2.2 nfs_serv.c
+--- sys/nfsserver/nfs_serv.c	13 Mar 2006 03:06:49 -0000	1.156.2.2
++++ sys/nfsserver/nfs_serv.c	3 Jan 2007 17:14:55 -0000
+@@ -569,6 +569,10 @@
+
+ 			error = lookup(&ind);
+ 			ind.ni_dvp = NULL;
++			if (ind.ni_cnd.cn_flags & GIANTHELD) {
++				mtx_unlock(&Giant);
++				ind.ni_cnd.cn_flags &= ~GIANTHELD;
++			}
+
+ 			if (error == 0) {
+ 				/*
+@@ -1915,6 +1919,10 @@
+
+ 			error = lookup(&nd);
+ 			nd.ni_dvp = NULL;
++			if (nd.ni_cnd.cn_flags & GIANTHELD) {
++				mtx_unlock(&Giant);
++				nd.ni_cnd.cn_flags &= ~GIANTHELD;
++			}
+ 			if (error)
+ 				goto ereply;
+
+@@ -2141,6 +2149,10 @@
+
+ 		error = lookup(&nd);
+ 		nd.ni_dvp = NULL;
++		if (nd.ni_cnd.cn_flags & GIANTHELD) {
++			mtx_unlock(&Giant);
++			nd.ni_cnd.cn_flags &= ~GIANTHELD;
++		}
+
+ 		if (error)
+ 			goto out;
+@@ -2514,8 +2526,8 @@
+ 		tond.ni_dvp = NULL;
+ 		tond.ni_vp = NULL;
+ 		if (error) {
+-			fromnd.ni_cnd.cn_flags &= ~HASBUF;
+-			tond.ni_cnd.cn_flags &= ~HASBUF;
++			NDFREE(&fromnd, NDF_ONLY_PNBUF);
++			NDFREE(&tond, NDF_ONLY_PNBUF);
+ 		}
+ 	} else {
+ 		if (error == -1)
+@@ -2809,6 +2821,12 @@
+ 	nd.ni_cnd.cn_flags = LOCKPARENT | SAVESTART;
+ 	error = nfs_namei(&nd, fhp, len, slp, nam, &md, &dpos,
+ 		&dirp, v3, &dirfor, &dirfor_ret, td, FALSE);
++	if (error == 0) {
++		VATTR_NULL(vap);
++		if (v3)
++			nfsm_srvsattr(vap);
++		nfsm_srvpathsiz(len2);
++	}
+ 	NFSD_UNLOCK();
+ 	mtx_lock(&Giant);	/* VFS */
+ 	if (dirp && !v3) {
+@@ -2818,10 +2836,6 @@
+ 	if (error)
+ 		goto out;
+
+-	VATTR_NULL(vap);
+-	if (v3)
+-		nfsm_srvsattr(vap);
+-	nfsm_srvpathsiz(len2);
+ 	MALLOC(pathcp, caddr_t, len2 + 1, M_TEMP, M_WAITOK);
+ 	iv.iov_base = pathcp;
+ 	iv.iov_len = len2;
+@@ -2878,6 +2892,10 @@
+
+ 		error = lookup(&nd);
+ 		nd.ni_dvp = NULL;
++		if (nd.ni_cnd.cn_flags & GIANTHELD) {
++			mtx_unlock(&Giant);
++			nd.ni_cnd.cn_flags &= ~GIANTHELD;
++		}
+
+ 		if (error == 0) {
+ 			bzero((caddr_t)fhp, sizeof(nfh));
+Index: sys/nfsserver/nfs_srvsubs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/nfsserver/nfs_srvsubs.c,v
+retrieving revision 1.136.2.2
+diff -u -r1.136.2.2 nfs_srvsubs.c
+--- sys/nfsserver/nfs_srvsubs.c	4 Apr 2006 15:29:51 -0000	1.136.2.2
++++ sys/nfsserver/nfs_srvsubs.c	2 Jan 2007 19:20:02 -0000
+@@ -875,6 +875,10 @@
+ 	}
+ 	if (!lockleaf)
+ 		cnp->cn_flags &= ~LOCKLEAF;
++	if (cnp->cn_flags & GIANTHELD) {
++		mtx_unlock(&Giant);
++		cnp->cn_flags &= ~GIANTHELD;
++	}
+
+ 	/*
+ 	 * nfs_namei() guarentees that fields will not contain garbage
+@@ -1331,6 +1335,24 @@
+ 	return 0;
+ }
+
++int
++nfsm_srvnamesiz0_xx(int *s, int m, struct mbuf **md, caddr_t *dpos)
++{
++	u_int32_t *tl;
++
++	NFSD_LOCK_DONTCARE();
++
++	tl = nfsm_dissect_xx_nonblock(NFSX_UNSIGNED, md, dpos);
++	if (tl == NULL)
++		return EBADRPC;
++	*s = fxdr_unsigned(int32_t, *tl);
++	if (*s > m)
++		return NFSERR_NAMETOL;
++	if (*s < 0)
++		return EBADRPC;
++	return 0;
++}
++
+ void
+ nfsm_clget_xx(u_int32_t **tl, struct mbuf *mb, struct mbuf **mp,
+     char **bp, char **be, caddr_t bpos, int droplock)
+Index: sys/nfsserver/nfsm_subs.h
+===================================================================
+RCS file: /home/ncvs/src/sys/nfsserver/nfsm_subs.h,v
+retrieving revision 1.37
+diff -u -r1.37 nfsm_subs.h
+--- sys/nfsserver/nfsm_subs.h	7 Jan 2005 01:45:51 -0000	1.37
++++ sys/nfsserver/nfsm_subs.h	2 Jan 2007 19:16:30 -0000
+@@ -74,6 +74,7 @@
+
+ int	nfsm_srvstrsiz_xx(int *s, int m, struct mbuf **md, caddr_t *dpos);
+ int	nfsm_srvnamesiz_xx(int *s, int m, struct mbuf **md, caddr_t *dpos);
++int	nfsm_srvnamesiz0_xx(int *s, int m, struct mbuf **md, caddr_t *dpos);
+ int	nfsm_srvmtofh_xx(fhandle_t *f, struct nfsrv_descript *nfsd,
+ 	    struct mbuf **md, caddr_t *dpos);
+ int	nfsm_srvsattr_xx(struct vattr *a, struct mbuf **md, caddr_t *dpos);
+@@ -101,7 +102,7 @@
+ #define	nfsm_srvpathsiz(s) \
+ do { \
+ 	int t1; \
+-	t1 = nfsm_srvnamesiz_xx(&(s), NFS_MAXPATHLEN, &md, &dpos); \
++	t1 = nfsm_srvnamesiz0_xx(&(s), NFS_MAXPATHLEN, &md, &dpos); \
+ 	if (t1) { \
+ 		error = t1; \
+ 		nfsm_reply(0); \
diff --git a/share/security/patches/EN-07:01/nfs61.patch.asc b/share/security/patches/EN-07:01/nfs61.patch.asc
new file mode 100644
index 0000000000..22a5d23972
--- /dev/null
+++ b/share/security/patches/EN-07:01/nfs61.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBF043yFdaIBMps37IRAiHmAKCehp94osYf1bZpf1zI+UOGGj5JXgCfb2yt
+rkB/cWlWmQ4jAc/rnD8xlX0=
+=FwJj
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-07:02/net.patch b/share/security/patches/EN-07:02/net.patch
new file mode 100644
index 0000000000..23cb15651b
--- /dev/null
+++ b/share/security/patches/EN-07:02/net.patch
@@ -0,0 +1,16 @@
+Index: sys/netinet6/nd6.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/nd6.c,v
+retrieving revision 1.48.2.15
+diff -u -r1.48.2.15 nd6.c
+--- sys/netinet6/nd6.c	7 Oct 2006 18:31:27 -0000	1.48.2.15
++++ sys/netinet6/nd6.c	15 Feb 2007 02:34:00 -0000
+@@ -1315,7 +1315,7 @@
+ 		callout_init(&ln->ln_timer_ch, 0);
+ 
+ 		/* this is required for "ndp" command. - shin */
+-		if (req == RTM_ADD && (rt->rt_flags & RTF_STATIC)) {
++		if (req == RTM_ADD) {
+ 		        /*
+ 			 * gate should have some valid AF_LINK entry,
+ 			 * and ln->ln_expire should have some lifetime
diff --git a/share/security/patches/EN-07:02/net.patch.asc b/share/security/patches/EN-07:02/net.patch.asc
new file mode 100644
index 0000000000..1c920f5366
--- /dev/null
+++ b/share/security/patches/EN-07:02/net.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBF5cumFdaIBMps37IRAjg8AJ9YpbkjiTVndRYBqVOvl2Vxr1eesQCfWOWv
+hifkdl6HGlzOui2NubF3Py8=
+=GOWU
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-07:03/rc.d_jail.patch b/share/security/patches/EN-07:03/rc.d_jail.patch
new file mode 100644
index 0000000000..aa477efabf
--- /dev/null
+++ b/share/security/patches/EN-07:03/rc.d_jail.patch
@@ -0,0 +1,18 @@
+Index: etc/rc.d/jail
+===================================================================
+RCS file: /home/ncvs/src/etc/rc.d/jail,v
+retrieving revision 1.23.2.7.2.1
+diff -u -d -r1.23.2.7.2.1 jail
+--- etc/rc.d/jail	11 Jan 2007 18:17:24 -0000	1.23.2.7.2.1
++++ etc/rc.d/jail	27 Feb 2007 20:47:59 -0000
+@@ -331,8 +331,8 @@
+ 				echo ${_jail_id} > /var/run/jail_${_jail}.id
+ 			else
+ 				jail_umount_fs
+-				if [ -n "${jail_interface}" ]; then
+-					ifconfig ${jail_interface} -alias ${jail_ip}
++				if [ -n "${_interface}" ]; then
++					ifconfig ${_interface} -alias ${_ip}
+ 				fi
+ 				echo " cannot start jail \"${_jail}\": "
+ 				tail +2 ${_tmp_jail}
diff --git a/share/security/patches/EN-07:03/rc.d_jail.patch.asc b/share/security/patches/EN-07:03/rc.d_jail.patch.asc
new file mode 100644
index 0000000000..117a62ebb0
--- /dev/null
+++ b/share/security/patches/EN-07:03/rc.d_jail.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBF5cusFdaIBMps37IRAl/RAJ4nLd+NpcuyhaGHeLqz4ZOenBcLmwCfYMa/
+EaHn/GLTNlJPBlQq1bEpDi4=
+=Ygy7
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-07:04/zoneinfo.patch b/share/security/patches/EN-07:04/zoneinfo.patch
new file mode 100644
index 0000000000..8e8085f3ec
--- /dev/null
+++ b/share/security/patches/EN-07:04/zoneinfo.patch
@@ -0,0 +1,3705 @@
+Index: share/misc/iso3166
+===================================================================
+RCS file: /home/ncvs/src/share/misc/iso3166,v
+retrieving revision 1.13
+diff -u -r1.13 iso3166
+--- share/misc/iso3166	14 Jun 2004 02:38:55 -0000	1.13
++++ share/misc/iso3166	27 Feb 2007 12:36:01 -0000
+@@ -106,6 +106,7 @@
+ GP	GLP	312	Guadeloupe
+ GU	GUM	316	Guam
+ GT	GTM	320	Guatemala
++GG	GGY	831	Guernsey
+ GN	GIN	324	Guinea
+ GW	GNB	624	Guinea-Bissau
+ GY	GUY	328	Guyana
+@@ -120,10 +121,12 @@
+ IR	IRN	364	Iran
+ IQ	IRQ	368	Iraq
+ IE	IRL	372	Ireland
++IM	IMN	833	Isle of Man
+ IL	ISR	376	Israel
+ IT	ITA	380	Italy
+ JM	JAM	388	Jamaica
+ JP	JPN	392	Japan
++JE	JEY	832	Jersey
+ JO	JOR	400	Jordan
+ KZ	KAZ	398	Kazakhstan
+ KE	KEN	404	Kenya
+@@ -159,6 +162,7 @@
+ MD	MDA	498	Moldova
+ MC	MCO	492	Monaco
+ MN	MNG	496	Mongolia
++ME	MNE	499	Montenegro
+ MS	MSR	500	Montserrat
+ MA	MAR	504	Morocco
+ MZ	MOZ	508	Mozambique
+@@ -203,7 +207,7 @@
+ ST	STP	678	Sao Tome and Principe
+ SA	SAU	682	Saudi Arabia
+ SN	SEN	686	Senegal
+-CS	SCG	891	Serbia and Montenegro
++RS	SRB	688	Serbia
+ SC	SYC	690	Seychelles
+ SL	SLE	694	Sierra Leone
+ SG	SGP	702	Singapore
+@@ -494,7 +498,7 @@
+ #  ALAND ISLANDS (AX) added as a new entry.  In the official newsletter,
+ #  this territory is shown with the correct (Swedish) orthography.  As this
+ #  file is restricted to the ASCII character set, we have substituted the
+-#  letter `A' for the Swedish letter \xc5.  (The Finnish name for this
++#  letter `A' for the Swedish letter U+00C5.  (The Finnish name for this
+ #  semi-autonomous territory is Ahvenanmaa, but the official place-names
+ #  in the territory are Swedish-only.)  Note that the standard collation
+ #  order for Swedish in Finland would sort this letter after Z.
+@@ -502,3 +506,10 @@
+ # Newsletter V-10 2004-04-26
+ #  Name changes not relevant to this file.
+ #
++# Newsletter V-11 2006-03-29
++#  GUERNSEY (GG), ISLE OF MAN (IM), and JERSEY (JE) added as new entries.
++#  These territories were previously included as a part of the UNITED
++#  KINGDOM (GB).
++#
++# Newsletter V-12 2006-09-26
++#  Removed SERBIA AND MONTENEGRO (CS).  Added SERBIA (RS) and MONTENEGRO (ME).
+Index: share/zoneinfo/Makefile
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/Makefile,v
+retrieving revision 1.20
+diff -u -r1.20 Makefile
+--- share/zoneinfo/Makefile	19 Oct 2004 20:38:49 -0000	1.20
++++ share/zoneinfo/Makefile	25 Feb 2007 03:26:56 -0000
+@@ -9,11 +9,11 @@
+ .endif
+ 
+ TZFILES=	africa antarctica asia australasia etcetera europe \
+-		factory northamerica southamerica systemv
++		factory northamerica southamerica
+ POSIXRULES=	America/New_York
+ 
+ .if defined(OLDTIMEZONES)
+-TZFILES+=	backward
++TZFILES+=	backward systemv
+ .endif
+ 
+ all: yearistype
+Index: share/zoneinfo/africa
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/africa,v
+retrieving revision 1.14.14.2
+diff -u -r1.14.14.2 africa
+--- share/zoneinfo/africa	27 Dec 2005 19:56:24 -0000	1.14.14.2
++++ share/zoneinfo/africa	25 Feb 2007 03:26:56 -0000
+@@ -1,15 +1,15 @@
+-# @(#)africa	7.40
++# @(#)africa	8.5
+ # <pre>
+ 
+ # This data is by no means authoritative; if you think you know better,
+ # go ahead and edit the file (and please send any changes to
+ # tz@elsie.nci.nih.gov for general use in the future).
+ 
+-# From Paul Eggert (1999-03-22):
++# From Paul Eggert (2006-03-22):
+ #
+ # A good source for time zone historical data outside the U.S. is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -17,8 +17,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1990,
+-# and IATA SSIM is the source for entries after 1990.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1990, and IATA SSIM is the source for entries afterwards.
+ #
+ # Another source occasionally used is Edward W. Whitman, World Time Differences,
+ # Whitman Publishing Co, 2 Niagara Av, Ealing, London (undated), which
+@@ -65,7 +65,7 @@
+ # Algeria
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Algeria	1916	only	-	Jun	14	23:00s	1:00	S
+-Rule	Algeria	1916	1919	-	Oct	Sun<=7	23:00s	0	-
++Rule	Algeria	1916	1919	-	Oct	Sun>=1	23:00s	0	-
+ Rule	Algeria	1917	only	-	Mar	24	23:00s	1:00	S
+ Rule	Algeria	1918	only	-	Mar	 9	23:00s	1:00	S
+ Rule	Algeria	1919	only	-	Mar	 1	23:00s	1:00	S
+@@ -75,7 +75,7 @@
+ Rule	Algeria	1921	only	-	Jun	21	23:00s	0	-
+ Rule	Algeria	1939	only	-	Sep	11	23:00s	1:00	S
+ Rule	Algeria	1939	only	-	Nov	19	 1:00	0	-
+-Rule	Algeria	1944	1945	-	Apr	Mon<=7	 2:00	1:00	S
++Rule	Algeria	1944	1945	-	Apr	Mon>=1	 2:00	1:00	S
+ Rule	Algeria	1944	only	-	Oct	 8	 2:00	0	-
+ Rule	Algeria	1945	only	-	Sep	16	 1:00	0	-
+ Rule	Algeria	1971	only	-	Apr	25	23:00s	1:00	S
+@@ -86,7 +86,8 @@
+ Rule	Algeria	1978	only	-	Sep	22	 3:00	0	-
+ Rule	Algeria	1980	only	-	Apr	25	 0:00	1:00	S
+ Rule	Algeria	1980	only	-	Oct	31	 2:00	0	-
+-# Shanks gives 0:09 for Paris Mean Time; go with Howse's more precise 0:09:21.
++# Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's
++# more precise 0:09:21.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Africa/Algiers	0:12:12 -	LMT	1891 Mar 15 0:01
+ 			0:09:21	-	PMT	1911 Mar 11    # Paris Mean Time
+@@ -106,7 +107,8 @@
+ 			1:00	-	WAT
+ 
+ # Benin
+-# Whitman says they switched to 1:00 in 1946, not 1934; go with Shanks.
++# Whitman says they switched to 1:00 in 1946, not 1934;
++# go with Shanks & Pottenger.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone Africa/Porto-Novo	0:10:28	-	LMT	1912
+ 			0:00	-	GMT	1934 Feb 26
+@@ -130,7 +132,7 @@
+ 			2:00	-	CAT
+ 
+ # Cameroon
+-# Whitman says they switched to 1:00 in 1920; go with Shanks.
++# Whitman says they switched to 1:00 in 1920; go with Shanks & Pottenger.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Africa/Douala	0:38:48	-	LMT	1912
+ 			1:00	-	WAT
+@@ -209,7 +211,14 @@
+ # IATA (after 1990) says transitions are at 0:00.
+ # Go with IATA starting in 1995, except correct 1995 entry from 09-30 to 09-29.
+ Rule	Egypt	1995	max	-	Apr	lastFri	 0:00s	1:00	S
+-Rule	Egypt	1995	max	-	Sep	lastThu	23:00s	0	-
++Rule	Egypt	1995	2005	-	Sep	lastThu	23:00s	0	-
++# From Steffen Thorsen (2006-09-19):
++# The Egyptian Gazette, issue 41,090 (2006-09-18), page 1, reports:
++# Egypt will turn back clocks by one hour at the midnight of Thursday
++# after observing the daylight saving time since May.
++# http://news.gom.com.eg/gazette/pdf/2006/09/18/01.pdf
++Rule	Egypt	2006	only	-	Sep	21	23:00s	0	-
++Rule	Egypt	2007	max	-	Sep	lastThu	23:00s	0	-
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Africa/Cairo	2:05:00 -	LMT	1900 Oct
+@@ -229,9 +238,9 @@
+ 			3:00	-	EAT
+ 
+ # Ethiopia
+-# From Paul Eggert (1997-10-05):
+-# Shanks writes that Ethiopia had six narrowly-spaced time zones between
+-# 1870 and 1890, and that they merged to 38E50 (2:35:20) in 1890.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that Ethiopia had six narrowly-spaced time zones
++# between 1870 and 1890, and that they merged to 38E50 (2:35:20) in 1890.
+ # We'll guess that 38E50 is for Adis Dera.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone Africa/Addis_Ababa	2:34:48 -	LMT	1870
+@@ -252,7 +261,8 @@
+ 
+ # Ghana
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-# Whitman says DST was observed from 1931 to ``the present''; go with Shanks.
++# Whitman says DST was observed from 1931 to ``the present'';
++# go with Shanks & Pottenger.
+ Rule	Ghana	1936	1942	-	Sep	 1	0:00	0:20	GHST
+ Rule	Ghana	1936	1942	-	Dec	31	0:00	0	GMT
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -288,13 +298,14 @@
+ 			2:00	-	SAST
+ 
+ # Liberia
+-# From Paul Eggert (2001-07-17):
++# From Paul Eggert (2006-03-22):
+ # In 1972 Liberia was the last country to switch
+ # from a UTC offset that was not a multiple of 15 or 20 minutes.
+ # Howse reports that it was in honor of their president's birthday.
+-# Shanks reports the date as May 1, whereas Howse reports Jan; go with Shanks.
+-# For Liberia before 1972, Shanks reports -0:44, whereas Howse and Whitman
+-# each report -0:44:30; go with the more precise figure.
++# Shank & Pottenger report the date as May 1, whereas Howse reports Jan;
++# go with Shanks & Pottenger.
++# For Liberia before 1972, Shanks & Pottenger report -0:44, whereas Howse and
++# Whitman each report -0:44:30; go with the more precise figure.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Africa/Monrovia	-0:43:08 -	LMT	1882
+ 			-0:43:08 -	MMT	1919 Mar # Monrovia Mean Time
+@@ -324,7 +335,7 @@
+ 			1:00	Libya	CE%sT	1959
+ 			2:00	-	EET	1982
+ 			1:00	Libya	CE%sT	1990 May  4
+-# The following entries are all from Shanks;
++# The following entries are from Shanks & Pottenger;
+ # the IATA SSIM data contain some obvious errors.
+ 			2:00	-	EET	1996 Sep 30
+ 			1:00	-	CET	1997 Apr  4
+@@ -403,8 +414,8 @@
+ 			2:00	-	CAT
+ 
+ # Namibia
+-# The 1994-04-03 transition is from Shanks.
+-# Shanks reports no DST after 1998-04; go with IATA.
++# The 1994-04-03 transition is from Shanks & Pottenger.
++# Shanks & Pottenger report no DST after 1998-04; go with IATA.
+ # RULE	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Namibia	1994	max	-	Sep	Sun>=1	2:00	1:00	S
+ Rule	Namibia	1995	max	-	Apr	Sun>=1	2:00	0	-
+@@ -488,7 +499,7 @@
+ 
+ # Sierra Leone
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-# Whitman gives Mar 31 - Aug 31 for 1931 on; go with Shanks.
++# Whitman gives Mar 31 - Aug 31 for 1931 on; go with Shanks & Pottenger.
+ Rule	SL	1935	1942	-	Jun	 1	0:00	0:40	SLST
+ Rule	SL	1935	1942	-	Oct	 1	0:00	0	WAT
+ Rule	SL	1957	1962	-	Jun	 1	0:00	1:00	SLST
+@@ -557,7 +568,6 @@
+ # Tunisia
+ 
+ # From Gwillim Law (2005-04-30):
+-#
+ # My correspondent, Risto Nykanen, has alerted me to another adoption of DST,
+ # this time in Tunisia.  According to Yahoo France News
+ # <http://fr.news.yahoo.com/050426/5/4dumk.html>, in a story attributed to AP
+@@ -571,6 +581,12 @@
+ # <http://www.lapresse.tn/archives/archives280405/actualites/lheure.html>
+ # ... DST for 2005: on: Sun May 1 0h standard time, off: Fri Sept. 30,
+ # 1h standard time.
++#
++# From Atef Loukil (2006-03-28):
++# The daylight saving time will be the same each year:
++# Beginning      : the last Sunday of March at 02:00
++# Ending         : the last Sunday of October at 03:00 ...
++# http://www.tap.info.tn/en/index.php?option=com_content&task=view&id=1188&Itemid=50
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Tunisia	1939	only	-	Apr	15	23:00s	1:00	S
+@@ -596,8 +612,11 @@
+ Rule	Tunisia	1990	only	-	May	 1	 0:00s	1:00	S
+ Rule	Tunisia	2005	only	-	May	 1	 0:00s	1:00	S
+ Rule	Tunisia	2005	only	-	Sep	30	 1:00s	0	-
+-# Shanks gives 0:09 for Paris Mean Time; go with Howse's more precise 0:09:21.
+-# Shanks says the 1911 switch occurred on Mar 9; go with Howse's Mar 11.
++Rule	Tunisia	2006	max	-	Mar	lastSun	 2:00s	1:00	S
++Rule	Tunisia	2006	max	-	Oct	lastSun	 2:00s	0	-
++# Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's
++# more precise 0:09:21.
++# Shanks & Pottenger say the 1911 switch was on Mar 9; go with Howse's Mar 11.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Africa/Tunis	0:40:44 -	LMT	1881 May 12
+ 			0:09:21	-	PMT	1911 Mar 11    # Paris Mean Time
+Index: share/zoneinfo/antarctica
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/antarctica,v
+retrieving revision 1.1.2.10.12.2
+diff -u -r1.1.2.10.12.2 antarctica
+--- share/zoneinfo/antarctica	27 Dec 2005 19:56:24 -0000	1.1.2.10.12.2
++++ share/zoneinfo/antarctica	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)antarctica	7.30
++# @(#)antarctica	8.2
+ # <pre>
+ 
+ # From Paul Eggert (1999-11-15):
+@@ -34,12 +34,12 @@
+ Rule	ArgAQ	1964	1966	-	Mar	 1	0:00	0	-
+ Rule	ArgAQ	1964	1966	-	Oct	15	0:00	1:00	S
+ Rule	ArgAQ	1967	only	-	Apr	 1	0:00	0	-
+-Rule	ArgAQ	1967	1968	-	Oct	Sun<=7	0:00	1:00	S
+-Rule	ArgAQ	1968	1969	-	Apr	Sun<=7	0:00	0	-
++Rule	ArgAQ	1967	1968	-	Oct	Sun>=1	0:00	1:00	S
++Rule	ArgAQ	1968	1969	-	Apr	Sun>=1	0:00	0	-
+ Rule	ArgAQ	1974	only	-	Jan	23	0:00	1:00	S
+ Rule	ArgAQ	1974	only	-	May	 1	0:00	0	-
+-Rule	ArgAQ	1974	1976	-	Oct	Sun<=7	0:00	1:00	S
+-Rule	ArgAQ	1975	1977	-	Apr	Sun<=7	0:00	0	-
++Rule	ArgAQ	1974	1976	-	Oct	Sun>=1	0:00	1:00	S
++Rule	ArgAQ	1975	1977	-	Apr	Sun>=1	0:00	0	-
+ Rule	ChileAQ	1966	1997	-	Oct	Sun>=9	0:00	1:00	S
+ Rule	ChileAQ	1967	1998	-	Mar	Sun>=9	0:00	0	-
+ Rule	ChileAQ	1998	only	-	Sep	27	0:00	1:00	S
+Index: share/zoneinfo/asia
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/asia,v
+retrieving revision 1.25.2.2
+diff -u -r1.25.2.2 asia
+--- share/zoneinfo/asia	27 Dec 2005 19:56:24 -0000	1.25.2.2
++++ share/zoneinfo/asia	25 Feb 2007 03:26:56 -0000
+@@ -1,15 +1,15 @@
+-# @(#)asia	7.90
++# %W%
+ # <pre>
+ 
+ # This data is by no means authoritative; if you think you know better,
+ # go ahead and edit the file (and please send any changes to
+ # tz@elsie.nci.nih.gov for general use in the future).
+ 
+-# From Paul Eggert (1999-03-22):
++# From Paul Eggert (2006-03-22):
+ #
+ # A good source for time zone historical data outside the U.S. is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -17,8 +17,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1990,
+-# and IATA SSIM is the source for entries after 1990.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1990, and IATA SSIM is the source for entries afterwards.
+ #
+ # Another source occasionally used is Edward W. Whitman, World Time Differences,
+ # Whitman Publishing Co, 2 Niagara Av, Ealing, London (undated), which
+@@ -61,6 +61,7 @@
+ # These rules are stolen from the `europe' file.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	EUAsia	1981	max	-	Mar	lastSun	 1:00u	1:00	S
++Rule	EUAsia	1979	1995	-	Sep	lastSun	 1:00u	0	-
+ Rule	EUAsia	1996	max	-	Oct	lastSun	 1:00u	0	-
+ Rule E-EurAsia	1981	max	-	Mar	lastSun	 0:00	1:00	S
+ Rule E-EurAsia	1979	1995	-	Sep	lastSun	 0:00	0	-
+@@ -82,10 +83,11 @@
+ 			4:30	-	AFT
+ 
+ # Armenia
+-# From Paul Eggert (1999-10-29):
+-# Shanks has Yerevan switching to 3:00 (with Russian DST) in spring 1991,
+-# then to 4:00 with no DST in fall 1995, then readopting Russian DST in 1997.
+-# Go with Shanks, even when he disagrees with others.  Edgar Der-Danieliantz
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger have Yerevan switching to 3:00 (with Russian DST)
++# in spring 1991, then to 4:00 with no DST in fall 1995, then
++# readopting Russian DST in 1997.  Go with Shanks & Pottenger, even
++# when they disagree with others.  Edgar Der-Danieliantz
+ # reported (1996-05-04) that Yerevan probably wouldn't use DST
+ # in 1996, though it did use DST in 1995.  IATA SSIM (1991/1998) reports that
+ # Armenia switched from 3:00 to 4:00 in 1998 and observed DST after 1991,
+@@ -194,13 +196,15 @@
+ # CHINA               8 H  AHEAD OF UTC  ALL OF CHINA, INCL TAIWAN
+ # CHINA               9 H  AHEAD OF UTC  APR 17 - SEP 10
+ 
+-# From Paul Eggert (1995-12-19):
+-# Shanks writes that China has had a single time zone since 1980 May 1,
+-# observing summer DST from 1986 through 1991; this contradicts Devine's
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that China (except for Hong Kong and Macau)
++# has had a single time zone since 1980 May 1, observing summer DST
++# from 1986 through 1991; this contradicts Devine's
+ # note about Time magazine, though apparently _something_ happened in 1986.
+-# Go with Shanks for now.  I made up names for the other pre-1980 time zones.
++# Go with Shanks & Pottenger for now.  I made up names for the other
++# pre-1980 time zones.
+ 
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Shang	1940	only	-	Jun	 3	0:00	1:00	D
+ Rule	Shang	1940	1941	-	Oct	 1	0:00	0	S
+@@ -208,14 +212,27 @@
+ Rule	PRC	1986	only	-	May	 4	0:00	1:00	D
+ Rule	PRC	1986	1991	-	Sep	Sun>=11	0:00	0	S
+ Rule	PRC	1987	1991	-	Apr	Sun>=10	0:00	1:00	D
+-#
+-# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-#
++
+ # From Anthony Fok (2001-12-20):
+ # BTW, I did some research on-line and found some info regarding these five
+ # historic timezones from some Taiwan websites.  And yes, there are official
+-# Chinese names for these locales (before 1949):
++# Chinese names for these locales (before 1949).
++# 
++# From Jesper Norgaard Welen (2006-07-14):
++# I have investigated the timezones around 1970 on the
++# http://www.astro.com/atlas site [with provinces and county
++# boundaries summarized below]....  A few other exceptions were two
++# counties on the Sichuan side of the Xizang-Sichuan border,
++# counties Dege and Baiyu which lies on the Sichuan side and are
++# therefore supposed to be GMT+7, Xizang region being GMT+6, but Dege
++# county is GMT+8 according to astro.com while Baiyu county is GMT+6
++# (could be true), for the moment I am assuming that those two
++# counties are mistakes in the astro.com data.
++
++
++# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ # Changbai Time ("Long-white Time", Long-white = Heilongjiang area)
++# Heilongjiang (except Mohe county), Jilin
+ Zone	Asia/Harbin	8:26:44	-	LMT	1928 # or Haerbin
+ 			8:30	-	CHAT	1932 Mar # Changbai Time
+ 			8:00	-	CST	1940
+@@ -223,18 +240,35 @@
+ 			8:30	-	CHAT	1980 May
+ 			8:00	PRC	C%sT
+ # Zhongyuan Time ("Central plain Time")
++# most of China
+ Zone	Asia/Shanghai	8:05:52	-	LMT	1928
+ 			8:00	Shang	C%sT	1949
+ 			8:00	PRC	C%sT
+ # Long-shu Time (probably due to Long and Shu being two names of that area)
++# Guangxi, Guizhou, Hainan, Ningxia, Sichuan, Shaanxi, and Yunnan;
++# most of Gansu; west Inner Mongolia; west Qinghai; and the Guangdong
++# counties Deqing, Enping, Kaiping, Luoding, Taishan, Xinxing,
++# Yangchun, Yangjiang, Yu'nan, and Yunfu.
+ Zone	Asia/Chongqing	7:06:20	-	LMT	1928 # or Chungking
+ 			7:00	-	LONT	1980 May # Long-shu Time
+ 			8:00	PRC	C%sT
+ # Xin-zang Time ("Xinjiang-Tibet Time")
++# The Gansu counties Aksay, Anxi, Dunhuang, Subei; west Qinghai;
++# the Guangdong counties  Xuwen, Haikang, Suixi, Lianjiang,
++# Zhanjiang, Wuchuan, Huazhou, Gaozhou, Maoming, Dianbai, and Xinyi;
++# east Tibet, including Lhasa, Chamdo, Shigaise, Jimsar, Shawan and Hutubi;
++# east Xinjiang, including Urumqi, Turpan, Karamay, Korla, Minfeng, Jinghe,
++# Wusu, Qiemo, Xinyan, Wulanwusu, Jinghe, Yumin, Tacheng, Tuoli, Emin,
++# Shihezi, Changji, Yanqi, Heshuo, Tuokexun, Tulufan, Shanshan, Hami,
++# Fukang, Kuitun, Kumukuli, Miquan, Qitai, and Turfan.
+ Zone	Asia/Urumqi	5:50:20	-	LMT	1928 # or Urumchi
+ 			6:00	-	URUT	1980 May # Urumqi Time
+ 			8:00	PRC	C%sT
+ # Kunlun Time
++# West Tibet, including Pulan, Aheqi, Shufu, Shule;
++# West Xinjiang, including Aksu, Atushi, Yining, Hetian, Cele, Luopu, Nileke,
++# Zhaosu, Tekesi, Gongliu, Chabuchaer, Huocheng, Bole, Pishan, Suiding,
++# and Yarkand.
+ Zone	Asia/Kashgar	5:03:56	-	LMT	1928 # or Kashi or Kaxgar
+ 			5:30	-	KAST	1940	 # Kashgar Time
+ 			5:00	-	KAST	1980 May
+@@ -266,7 +300,7 @@
+ 
+ # Taiwan
+ 
+-# Shanks writes that Taiwan observed DST during 1945, when it
++# Shanks & Pottenger write that Taiwan observed DST during 1945, when it
+ # was still controlled by Japan.  This is hard to believe, but we don't
+ # have any other information.
+ 
+@@ -423,7 +457,7 @@
+ 
+ # Indonesia
+ #
+-# From Gwillim Law (2001-05-28), overriding Shanks:
++# From Gwillim Law (2001-05-28), overriding Shanks & Pottenger:
+ # <http://www.sumatera-inc.com/go_to_invest/about_indonesia.asp#standtime>
+ # says that Indonesia's time zones changed on 1988-01-01.  Looking at some
+ # time zone maps, I think that must refer to Western Borneo (Kalimantan Barat
+@@ -431,7 +465,7 @@
+ #
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone Asia/Jakarta	7:07:12 -	LMT	1867 Aug 10
+-# Shanks says the next transition was at 1924 Jan 1 0:13,
++# Shanks & Pottenger say the next transition was at 1924 Jan 1 0:13,
+ # but this must be a typo.
+ 			7:07:12	-	JMT	1923 Dec 31 23:47:12 # Jakarta
+ 			7:20	-	JAVT	1932 Nov	 # Java Time
+@@ -498,8 +532,8 @@
+ # leap year calculation involved.  There has never been any serious
+ # plan to change that law....
+ #
+-# From Paul Eggert (2005-04-05):
+-# Go with Shanks before September 1991, and with Pournader thereafter.
++# From Paul Eggert (2006-03-22):
++# Go with Shanks & Pottenger before Sept. 1991, and with Pournader thereafter.
+ # I used Ed Reingold's cal-persia in GNU Emacs 21.2 to check Persian dates,
+ # stopping after 2037 when 32-bit time_t's overflow.
+ # That cal-persia used Birashk's approximation, which disagrees with the solar
+@@ -519,6 +553,14 @@
+ # Reingold's/Dershowitz' calculator gives correctly the Gregorian date
+ # 2058-03-21 for 1 Farvardin 1437 (astronomical).
+ #
++# From Paul Eggert (2006-03-22):
++# The above comments about post-2006 transitions may become relevant again,
++# if Iran ever resuscitates DST, so we'll leave the comments in.
++#
++# From Steffen Thorsen (2006-03-22):
++# Several of my users have reported that Iran will not observe DST anymore:
++# http://www.irna.ir/en/news/view/line-17/0603193812164948.htm
++#
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Iran	1978	1980	-	Mar	21	0:00	1:00	D
+ Rule	Iran	1978	only	-	Oct	21	0:00	0	S
+@@ -537,38 +579,8 @@
+ Rule	Iran	2001	2003	-	Sep	22	0:00	0	S
+ Rule	Iran	2004	only	-	Mar	21	0:00	1:00	D
+ Rule	Iran	2004	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2005	2007	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2005	2007	-	Sep	22	0:00	0	S
+-Rule	Iran	2008	only	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2008	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2009	2011	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2009	2011	-	Sep	22	0:00	0	S
+-Rule	Iran	2012	only	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2012	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2013	2015	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2013	2015	-	Sep	22	0:00	0	S
+-Rule	Iran	2016	only	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2016	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2017	2019	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2017	2019	-	Sep	22	0:00	0	S
+-Rule	Iran	2020	only	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2020	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2021	2023	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2021	2023	-	Sep	22	0:00	0	S
+-Rule	Iran	2024	only	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2024	only	-	Sep	21	0:00	0	S
+-Rule	Iran	2025	2027	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2025	2027	-	Sep	22	0:00	0	S
+-Rule	Iran	2028	2029	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2028	2029	-	Sep	21	0:00	0	S
+-Rule	Iran	2030	2031	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2030	2031	-	Sep	22	0:00	0	S
+-Rule	Iran	2032	2033	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2032	2033	-	Sep	21	0:00	0	S
+-Rule	Iran	2034	2035	-	Mar	22	0:00	1:00	D
+-Rule	Iran	2034	2035	-	Sep	22	0:00	0	S
+-Rule	Iran	2036	2037	-	Mar	21	0:00	1:00	D
+-Rule	Iran	2036	2037	-	Sep	21	0:00	0	S
++Rule	Iran	2005	only	-	Mar	22	0:00	1:00	D
++Rule	Iran	2005	only	-	Sep	22	0:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Tehran	3:25:44	-	LMT	1916
+ 			3:25:44	-	TMT	1946	# Tehran Mean Time
+@@ -601,7 +613,8 @@
+ Rule	Iraq	1985	1990	-	Sep	lastSun	1:00s	0	S
+ Rule	Iraq	1986	1990	-	Mar	lastSun	1:00s	1:00	D
+ # IATA SSIM (1991/1996) says Apr 1 12:01am UTC; guess the `:01' is a typo.
+-# Shanks says Iraq did not observe DST 1992/1997 or 1999 on; ignore this.
++# Shanks & Pottenger say Iraq did not observe DST 1992/1997; ignore this.
++# 
+ Rule	Iraq	1991	max	-	Apr	 1	3:00s	1:00	D
+ Rule	Iraq	1991	max	-	Oct	 1	3:00s	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -635,7 +648,7 @@
+ # high on my favorite-country list (and not only because my wife's
+ # family is from India).
+ 
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Zion	1940	only	-	Jun	 1	0:00	1:00	D
+ Rule	Zion	1942	1944	-	Nov	 1	0:00	0	S
+@@ -874,14 +887,15 @@
+ # of the Japanese wanted to scrap daylight-saving time, as opposed to 30% who
+ # wanted to keep it.)
+ 
+-# Shanks writes that daylight saving in Japan during those years was as follows:
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that DST in Japan during those years was as follows:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Japan	1948	only	-	May	Sun>=1	2:00	1:00	D
+ Rule	Japan	1948	1951	-	Sep	Sat>=8	2:00	0	S
+ Rule	Japan	1949	only	-	Apr	Sun>=1	2:00	1:00	D
+ Rule	Japan	1950	1951	-	May	Sun>=1	2:00	1:00	D
+ # but the only locations using it (for birth certificates, presumably, since
+-# Shanks's audience is astrologers) were US military bases.  For now, assume
++# their audience is astrologers) were US military bases.  For now, assume
+ # that for most purposes daylight-saving time was observed; otherwise, what
+ # would have been the point of the 1951 poll?
+ 
+@@ -906,8 +920,9 @@
+ # I wrote "ordinance" above, but I don't know how to translate.
+ # In Japanese it's "chokurei", which means ordinance from emperor.
+ 
+-# Shanks claims JST in use since 1896, and that a few places (e.g. Ishigaki)
+-# use +0800; go with Suzuki.  Guess that all ordinances took effect on Jan 1.
++# Shanks & Pottenger claim JST in use since 1896, and that a few
++# places (e.g. Ishigaki) use +0800; go with Suzuki.  Guess that all
++# ordinances took effect on Jan 1.
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Tokyo	9:18:59	-	LMT	1887 Dec 31 15:00u
+@@ -934,6 +949,14 @@
+ # From Paul Eggert (2005-11-22):
+ # Starting 2003 transitions are from Steffen Thorsen's web site timeanddate.com.
+ #
++# From Steffen Thorsen (2005-11-23):
++# For Jordan I have received multiple independent user reports every year
++# about DST end dates, as the end-rule is different every year.
++#
++# From Steffen Thorsen (2006-10-01), after a heads-up from Hilal Malawi:
++# http://www.petranews.gov.jo/nepras/2006/Sep/05/4000.htm
++# "Jordan will switch to winter time on Friday, October 27".
++#
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Jordan	1973	only	-	Jun	6	0:00	1:00	S
+ Rule	Jordan	1973	1975	-	Oct	1	0:00	0	-
+@@ -960,7 +983,8 @@
+ Rule	Jordan	2000	max	-	Mar	lastThu	0:00s	1:00	S
+ Rule	Jordan	2003	only	-	Oct	24	0:00s	0	-
+ Rule	Jordan	2004	only	-	Oct	15	0:00s	0	-
+-Rule	Jordan	2005	max	-	Sep	lastFri	0:00s	0	-
++Rule	Jordan	2005	only	-	Sep	lastFri	0:00s	0	-
++Rule	Jordan	2006	max	-	Oct	lastFri	0:00s	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Amman	2:23:44 -	LMT	1931
+ 			2:00	Jordan	EE%sT
+@@ -975,11 +999,11 @@
+ # Guess that Aqtau and Aqtobe diverged in 1995, since that's the first time
+ # IATA SSIM mentions a third time zone in Kazakhstan.
+ 
+-# From Paul Eggert (2001-10-18):
++# From Paul Eggert (2006-03-22):
+ # German Iofis, ELSI, Almaty (2001-10-09) reports that Kazakhstan uses
+ # RussiaAsia rules, instead of switching at 00:00 as the IATA has it.
+-# Go with Shanks, who has them always using RussiaAsia rules.
+-# Also go with the following claims of Shanks:
++# Go with Shanks & Pottenger, who have them always using RussiaAsia rules.
++# Also go with the following claims of Shanks & Pottenger:
+ #
+ # - Kazakhstan did not observe DST in 1991.
+ # - Qyzylorda switched from +5:00 to +6:00 on 1992-01-19 02:00.
+@@ -1059,7 +1083,7 @@
+ 			5:00	-	ORAT
+ 
+ # Kyrgyzstan (Kirgizstan)
+-# Transitions through 1991 are from Shanks.
++# Transitions through 1991 are from Shanks & Pottenger.
+ 
+ # From Paul Eggert (2005-08-15):
+ # According to an article dated today in the Kyrgyzstan Development Gateway
+@@ -1087,17 +1111,19 @@
+ 
+ # Korea (North and South)
+ 
+-# From Guy Harris:
+-# According to someone at the Korean Times in San Francisco,
+-# Daylight Savings Time was not observed until 1987.  He did not know
+-# at what time of day DST starts or ends.
++# From Annie I. Bang (2006-07-10) in
++# <http://www.koreaherald.co.kr/SITE/data/html_dir/2006/07/10/200607100012.asp>:
++# The Ministry of Commerce, Industry and Energy has already
++# commissioned a research project [to reintroduce DST] and has said
++# the system may begin as early as 2008....  Korea ran a daylight
++# saving program from 1949-61 but stopped it during the 1950-53 Korean War.
+ 
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	ROK	1960	only	-	May	15	0:00	1:00	D
+ Rule	ROK	1960	only	-	Sep	13	0:00	0	S
+-Rule	ROK	1987	1988	-	May	Sun<=14	0:00	1:00	D
+-Rule	ROK	1987	1988	-	Oct	Sun<=14	0:00	0	S
++Rule	ROK	1987	1988	-	May	Sun>=8	0:00	1:00	D
++Rule	ROK	1987	1988	-	Oct	Sun>=8	0:00	0	S
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Seoul	8:27:52	-	LMT	1890
+@@ -1180,8 +1206,8 @@
+ 			7:30	-	MALT	1982 Jan  1
+ 			8:00	-	MYT	# Malaysia Time
+ # Sabah & Sarawak
+-# From Paul Eggert (2003-11-01):
+-# The data here are mostly from Shanks, but the 1942, 1945 and 1982
++# From Paul Eggert (2006-03-22):
++# The data here are mostly from Shanks & Pottenger, but the 1942, 1945 and 1982
+ # transition dates are from Mok Ly Yng.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone Asia/Kuching	7:21:20	-	LMT	1926 Mar
+@@ -1199,8 +1225,8 @@
+ 
+ # Mongolia
+ 
+-# Shanks says that Mongolia has three time zones, but usno1995 and the CIA map
+-# Standard Time Zones of the World (1997-01)
++# Shanks & Pottenger say that Mongolia has three time zones, but
++# usno1995 and the CIA map Standard Time Zones of the World (2005-03)
+ # both say that it has just one.
+ 
+ # From Oscar van Vlijmen (1999-12-11):
+@@ -1270,11 +1296,19 @@
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Mongol	1983	1984	-	Apr	1	0:00	1:00	S
+ Rule	Mongol	1983	only	-	Oct	1	0:00	0	-
+-# IATA SSIM says 1990s switches occurred at 00:00, but Shanks (1995) lists
+-# them at 02:00s, and McDow says the 2001 switches also occurred at 02:00.
+-# Also, IATA SSIM (1996-09) says 1996-10-25.  Go with Shanks through 1998.
+-Rule	Mongol	1985	1998	-	Mar	lastSun	2:00s	1:00	S
+-Rule	Mongol	1984	1998	-	Sep	lastSun	2:00s	0	-
++# Shanks & Pottenger and IATA SSIM say 1990s switches occurred at 00:00,
++# but McDow says the 2001 switches occurred at 02:00.  Also, IATA SSIM
++# (1996-09) says 1996-10-25.  Go with Shanks & Pottenger through 1998.
++#
++# Shanks & Pottenger say that the Sept. 1984 through Sept. 1990 switches
++# in Choibalsan (more precisely, in Dornod and Sukhbaatar) took place
++# at 02:00 standard time, not at 00:00 local time as in the rest of
++# the country.  That would be odd, and possibly is a result of their
++# correction of 02:00 (in the previous edition) not being done correctly
++# in the latest edition; so ignore it for now.
++
++Rule	Mongol	1985	1998	-	Mar	lastSun	0:00	1:00	S
++Rule	Mongol	1984	1998	-	Sep	lastSun	0:00	0	-
+ # IATA SSIM (1999-09) says Mongolia no longer observes DST.
+ Rule	Mongol	2001	only	-	Apr	lastSat	2:00	1:00	S
+ Rule	Mongol	2001	max	-	Sep	lastSat	2:00	0	-
+@@ -1400,8 +1434,8 @@
+ # I guess more info may be available from the PA's web page (if/when they
+ # have one).
+ 
+-# From Paul Eggert (1998-02-25):
+-# Shanks writes that Gaza did not observe DST until 1957, but we'll go
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that Gaza did not observe DST until 1957, but go
+ # with Shapir and assume that it observed DST from 1940 through 1947,
+ # and that it used Jordanian rules starting in 1996.
+ # We don't yet need a separate entry for the West Bank, since
+@@ -1433,6 +1467,29 @@
+ # From Paul Eggert (2005-11-22):
+ # Starting 2004 transitions are from Steffen Thorsen's web site timeanddate.com.
+ 
++# From Steffen Thorsen (2005-11-23):
++# A user from Gaza reported that Gaza made the change early because of
++# the Ramadan.  Next year Ramadan will be even earlier, so I think
++# there is a good chance next year's end date will be around two weeks
++# earlier--the same goes for Jordan.
++
++# From Steffen Thorsen (2006-08-17):
++# I was informed by a user in Bethlehem that in Bethlehem it started the
++# same day as Israel, and after checking with other users in the area, I
++# was informed that they started DST one day after Israel.  I was not
++# able to find any authoritative sources at the time, nor details if
++# Gaza changed as well, but presumed Gaza to follow the same rules as
++# the West Bank.
++
++# From Steffen Thorsen (2006-09-26):
++# according to the Palestine News Network (2006-09-19):
++# http://english.pnn.ps/index.php?option=com_content&task=view&id=596&Itemid=5
++# > The Council of Ministers announced that this year its winter schedule
++# > will begin early, as of midnight Thursday.  It is also time to turn
++# > back the clocks for winter.  Friday will begin an hour late this week.
++# I guess it is likely that next year's date will be moved as well,
++# because of the Ramadan.
++
+ # The rules for Egypt are stolen from the `africa' file.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule EgyptAsia	1957	only	-	May	10	0:00	1:00	S
+@@ -1442,10 +1499,13 @@
+ Rule EgyptAsia	1959	1965	-	Sep	30	3:00	0	-
+ Rule EgyptAsia	1966	only	-	Oct	 1	3:00	0	-
+ 
+-Rule Palestine	1999	max	-	Apr	Fri>=15	0:00	1:00	S
++Rule Palestine	1999	2005	-	Apr	Fri>=15	0:00	1:00	S
+ Rule Palestine	1999	2003	-	Oct	Fri>=15	0:00	0	-
+ Rule Palestine	2004	only	-	Oct	 1	1:00	0	-
+-Rule Palestine	2005	max	-	Oct	 4	1:00	0	-
++Rule Palestine	2005	only	-	Oct	 4	2:00	0	-
++Rule Palestine	2006	max	-	Apr	 1	0:00	1:00	S
++Rule Palestine	2006	only	-	Sep	22	0:00	0	-
++Rule Palestine	2007	max	-	Oct	Fri>=15	0:00	0	-
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Gaza	2:17:52	-	LMT	1900 Oct
+@@ -1463,7 +1523,21 @@
+ # Philippines, issued a proclamation announcing that 1844-12-30 was to
+ # be immediately followed by 1845-01-01.  Robert H. van Gent has a
+ # transcript of the decree in <http://www.phys.uu.nl/~vgent/idl/idl.htm>.
+-# The rest of this data is from Shanks.
++# The rest of the data are from Shanks & Pottenger.
++
++# From Paul Eggert (2006-04-25):
++# Tomorrow's Manila Standard reports that the Philippines Department of
++# Trade and Industry is considering adopting DST this June when the
++# rainy season begins.  See
++# <http://www.manilastandardtoday.com/?page=politics02_april26_2006>.
++# For now, we'll ignore this, since it's not definite and we lack details.
++#
++# From Jesper Norgaard Welen (2006-04-26):
++# ... claims that Philippines had DST last time in 1990:
++# http://story.philippinetimes.com/p.x/ct/9/id/145be20cc6b121c0/cid/3e5bbccc730d258c/
++# [a story dated 2006-04-25 by Cris Larano of Dow Jones Newswires,
++# but no details]
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Phil	1936	only	-	Nov	1	0:00	1:00	S
+ Rule	Phil	1937	only	-	Feb	1	0:00	0	-
+@@ -1523,6 +1597,49 @@
+ # With effect from 12.30 a.m. on 26th October 1996
+ # Sri Lanka will be six (06) hours ahead of GMT.
+ 
++# From Jesper Norgaard Welen (2006-04-14), quoting Sri Lanka News Online
++# <http://news.sinhalaya.com/wmview.php?ArtID=11002> (2006-04-13):
++# 0030 hrs on April 15, 2006 (midnight of April 14, 2006 +30 minutes)
++# at present, become 2400 hours of April 14, 2006 (midnight of April 14, 2006).
++
++# From Peter Apps and Ranga Sirila of Reuters (2006-04-12) in:
++# <http://today.reuters.co.uk/news/newsArticle.aspx?type=scienceNews&storyID=2006-04-12T172228Z_01_COL295762_RTRIDST_0_SCIENCE-SRILANKA-TIME-DC.XML>
++# [The Tamil Tigers] never accepted the original 1996 time change and simply
++# kept their clocks set five and a half hours ahead of Greenwich Mean
++# Time (GMT), in line with neighbor India.
++# From Paul Eggert (2006-04-18):
++# People who live in regions under Tamil control can use TZ='Asia/Calcutta',
++# as that zone has agreed with the Tamil areas since our cutoff date of 1970.
++
++# From K Sethu (2006-04-25):
++# I think the abbreviation LKT originated from the world of computers at
++# the time of or subsequent to the time zone changes by SL Government
++# twice in 1996 and probably SL Government or its standardization
++# agencies never declared an abbreviation as a national standard.
++#
++# I recollect before the recent change the government annoucemments
++# mentioning it as simply changing Sri Lanka Standard Time or Sri Lanka
++# Time and no mention was made about the abbreviation.
++#
++# If we look at Sri Lanka Department of Government's "Official News
++# Website of Sri Lanka" ... http://www.news.lk/ we can see that they
++# use SLT as abbreviation in time stamp at the beginning of each news
++# item....
++#
++# Within Sri Lanka I think LKT is well known among computer users and
++# adminsitrators.  In my opinion SLT may not be a good choice because the
++# nation's largest telcom / internet operator Sri Lanka Telcom is well
++# known by that abbreviation - simply as SLT (there IP domains are
++# slt.lk and sltnet.lk).
++#
++# But if indeed our government has adopted SLT as standard abbreviation
++# (that we have not known so far) then  it is better that it be used for
++# all computers.
++
++# From Paul Eggert (2006-04-25):
++# One possibility is that we wait for a bit for the dust to settle down
++# and then see what people actually say in practice.
++
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Colombo	5:19:24 -	LMT	1880
+ 			5:19:32	-	MMT	1906	# Moratuwa Mean Time
+@@ -1531,7 +1648,8 @@
+ 			5:30	1:00	IST	1945 Oct 16 2:00
+ 			5:30	-	IST	1996 May 25 0:00
+ 			6:30	-	LKT	1996 Oct 26 0:30
+-			6:00	-	LKT
++			6:00	-	LKT	2006 Apr 15 0:30
++			5:30	-	IST
+ 
+ # Syria
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+@@ -1566,17 +1684,24 @@
+ # IATA SSIM (1998-02) says 1998-04-02;
+ # (1998-09) says 1999-03-29 and 1999-09-29; (1999-02) says 1999-04-02,
+ # 2000-04-02, and 2001-04-02; (1999-09) says 2000-03-31 and 2001-03-31;
+-# ignore all these claims and go with Shanks.
++# (2006) says 2006-03-31 and 2006-09-22;
++# for now ignore all these claims and go with Shanks & Pottenger,
++# except for the 2006-09-22 claim (which seems right for Ramadan).
+ Rule	Syria	1994	1996	-	Apr	 1	0:00	1:00	S
+-Rule	Syria	1994	max	-	Oct	 1	0:00	0	-
++Rule	Syria	1994	2005	-	Oct	 1	0:00	0	-
+ Rule	Syria	1997	1998	-	Mar	lastMon	0:00	1:00	S
+ Rule	Syria	1999	max	-	Apr	 1	0:00	1:00	S
++# From Stephen Colebourne (2006-09-18):
++# According to IATA data, Syria will change DST on 21st September [21:00 UTC]
++# this year [only]....  This is probably related to Ramadan, like Egypt.
++Rule	Syria	2006	only	-	Sep	22	0:00	0	-
++Rule	Syria	2007	max	-	Oct	 1	0:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Damascus	2:25:12 -	LMT	1920	# Dimashq
+ 			2:00	Syria	EE%sT
+ 
+ # Tajikistan
+-# From Shanks.
++# From Shanks & Pottenger.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Dushanbe	4:35:12 -	LMT	1924 May  2
+ 			5:00	-	DUST	1930 Jun 21 # Dushanbe Time
+@@ -1591,13 +1716,13 @@
+ 			7:00	-	ICT
+ 
+ # Turkmenistan
+-# From Shanks.
++# From Shanks & Pottenger.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Ashgabat	3:53:32 -	LMT	1924 May  2 # or Ashkhabad
+ 			4:00	-	ASHT	1930 Jun 21 # Ashkhabad Time
+ 			5:00 RussiaAsia	ASH%sT	1991 Mar 31 2:00
+ 			4:00 RussiaAsia	ASH%sT	1991 Oct 27 # independence
+-			4:00 RussiaAsia TM%sT	1992 Jan 19 2:00
++			4:00 RussiaAsia	TM%sT	1992 Jan 19 2:00
+ 			5:00	-	TMT
+ 
+ # United Arab Emirates
+@@ -1611,24 +1736,24 @@
+ 			4:00	-	SAMT	1930 Jun 21 # Samarkand Time
+ 			5:00	-	SAMT	1981 Apr  1
+ 			5:00	1:00	SAMST	1981 Oct  1
+-			6:00 RussiaAsia TAS%sT	1991 Mar 31 2:00 # Tashkent Time
+-			5:00 RussiaAsia	TAS%sT	1991 Sep  1 # independence
++			6:00	-	TAST	1982 Apr  1 # Tashkent Time
++			5:00 RussiaAsia	SAM%sT	1991 Sep  1 # independence
+ 			5:00 RussiaAsia	UZ%sT	1992
+-			5:00 RussiaAsia	UZ%sT	1993
+ 			5:00	-	UZT
+ Zone	Asia/Tashkent	4:37:12 -	LMT	1924 May  2
+ 			5:00	-	TAST	1930 Jun 21 # Tashkent Time
+-			6:00 RussiaAsia TAS%sT	1991 Mar 31 2:00s
++			6:00 RussiaAsia	TAS%sT	1991 Mar 31 2:00
+ 			5:00 RussiaAsia	TAS%sT	1991 Sep  1 # independence
+ 			5:00 RussiaAsia	UZ%sT	1992
+-			5:00 RussiaAsia	UZ%sT	1993
+ 			5:00	-	UZT
+ 
+ # Vietnam
++
+ # From Paul Eggert (1993-11-18):
+ # Saigon's official name is Thanh-Pho Ho Chi Minh, but it's too long.
+ # We'll stick with the traditional name for now.
+-# From Shanks:
++
++# From Shanks & Pottenger:
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Asia/Saigon	7:06:40 -	LMT	1906 Jun  9
+ 			7:06:20	-	SMT	1911 Mar 11 0:01 # Saigon MT?
+Index: share/zoneinfo/australasia
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/australasia,v
+retrieving revision 1.25.10.2
+diff -u -r1.25.10.2 australasia
+--- share/zoneinfo/australasia	27 Dec 2005 19:56:24 -0000	1.25.10.2
++++ share/zoneinfo/australasia	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)australasia	7.78
++# @(#)australasia	8.3
+ # <pre>
+ 
+ # This file also includes Pacific islands.
+@@ -210,7 +210,7 @@
+ 			7:00	-	CXT	# Christmas Island Time
+ 
+ # Cook Is
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Cook	1978	only	-	Nov	12	0:00	0:30	HS
+ Rule	Cook	1979	1991	-	Mar	Sun>=1	0:00	0	-
+@@ -308,7 +308,7 @@
+ Rule	NC	1977	1978	-	Dec	Sun>=1	0:00	1:00	S
+ Rule	NC	1978	1979	-	Feb	27	0:00	0	-
+ Rule	NC	1996	only	-	Dec	 1	2:00s	1:00	S
+-# Shanks says the following was at 2:00; go with IATA.
++# Shanks & Pottenger say the following was at 2:00; go with IATA.
+ Rule	NC	1997	only	-	Mar	 2	2:00s	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Pacific/Noumea	11:05:48 -	LMT	1912 Jan 13
+@@ -507,10 +507,10 @@
+ # go ahead and edit the file (and please send any changes to
+ # tz@elsie.nci.nih.gov for general use in the future).
+ 
+-# From Paul Eggert (1999-10-29):
++# From Paul Eggert (2006-03-22):
+ # A good source for time zone historical data outside the U.S. is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -518,8 +518,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1990,
+-# and IATA SSIM is the source for entries after 1990.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1990, and IATA SSIM is the source for entries afterwards.
+ #
+ # Another source occasionally used is Edward W. Whitman, World Time Differences,
+ # Whitman Publishing Co, 2 Niagara Av, Ealing, London (undated), which
+@@ -587,6 +587,12 @@
+ #	WST	for any place operating at a GMTOFF of 8:00
+ #	EST	for any place operating at a GMTOFF of 10:00
+ 
++# From Chuck Soper (2006-06-01):
++# I recently found this Australian government web page on time zones:
++# <http://www.australia.gov.au/about-australia-13time>
++# And this government web page lists time zone names and abbreviations:
++# <http://www.bom.gov.au/climate/averages/tables/daysavtm.shtml>
++
+ # From Paul Eggert (2001-04-05), summarizing a long discussion about "EST"
+ # versus "AEST" etc.:
+ #
+@@ -669,7 +675,7 @@
+ #   understood in Australia.
+ 
+ # From Paul Eggert (1995-12-19):
+-# Shanks reports 2:00 for all autumn changes in Australia and New Zealand.
++# Shanks & Pottenger report 2:00 for all autumn changes in Australia and NZ.
+ # Mark Prior writes that his newspaper
+ # reports that NSW's fall 1995 change will occur at 2:00,
+ # but Robert Elz says it's been 3:00 in Victoria since 1970
+@@ -842,14 +848,14 @@
+ # current DST ending dates, no worries.
+ #
+ # Rule	Oz	1971	1985	-	Oct	lastSun	2:00	1:00	-
+-# Rule	Oz	1986	max	-	Oct	Sun<=24	2:00	1:00	-
++# Rule	Oz	1986	max	-	Oct	Sun>=18	2:00	1:00	-
+ # Rule	Oz	1972	only	-	Feb	27	3:00	0	-
+ # Rule	Oz	1973	1986	-	Mar	Sun>=1	3:00	0	-
+-# Rule	Oz	1987	max	-	Mar	Sun<=21	3:00	0	-
++# Rule	Oz	1987	max	-	Mar	Sun>=15	3:00	0	-
+ # Zone	Australia/Tasmania	10:00	Oz	EST
+ # Zone	Australia/South		9:30	Oz	CST
+ # Zone	Australia/Victoria	10:00	Oz	EST	1985 Oct lastSun 2:00
+-#				10:00	1:00	EST	1986 Mar Sun<=21 3:00
++#				10:00	1:00	EST	1986 Mar Sun>=15 3:00
+ #				10:00	Oz	EST
+ 
+ # From Robert Elz (1991-03-06):
+@@ -875,7 +881,7 @@
+ # ...
+ # Rule	 AS	1971	max	-	Oct	lastSun	2:00	1:00	D
+ # Rule	 AS	1972	1985	-	Mar	Sun>=1	3:00	0	C
+-# Rule	 AS	1986	1990	-	Mar	Sun<=21	3:00	0	C
++# Rule	 AS	1986	1990	-	Mar	Sun>=15	3:00	0	C
+ # Rule	 AS	1991	max	-	Mar	Sun>=1	3:00	0	C
+ 
+ # From Bradley White (1992-03-11):
+@@ -1068,9 +1074,9 @@
+ # shown on clocks on LHI. I guess this means that for 30 minutes at the start
+ # of DST, LHI is actually 1 hour ahead of the rest of NSW.
+ 
+-# From Paul Eggert (2001-02-09):
+-# For Lord Howe dates we use Shanks through 1989, and Lonergan thereafter.
+-# For times we use Lonergan.
++# From Paul Eggert (2006-03-22):
++# For Lord Howe dates we use Shanks & Pottenger through 1989, and
++# Lonergan thereafter.  For times we use Lonergan.
+ 
+ ###############################################################################
+ 
+@@ -1101,16 +1107,16 @@
+ # rather than the October 1 value.
+ 
+ # From Paul Eggert (1995-12-19);
+-# Shanks reports 2:00 for all autumn changes in Australia and New Zealand.
++# Shank & Pottenger report 2:00 for all autumn changes in Australia and NZ.
+ # Robert Uzgalis writes that the New Zealand Daylight
+ # Savings Time Order in Council dated 1990-06-18 specifies 2:00 standard
+ # time on both the first Sunday in October and the third Sunday in March.
+ # As with Australia, we'll assume the tradition is 2:00s, not 2:00.
+ #
+-# From Paul Eggert (2003-05-26):
++# From Paul Eggert (2006-03-22):
+ # The Department of Internal Affairs (DIA) maintains a brief history,
+ # as does Carol Squires; see tz-link.htm for the full references.
+-# Use these sources in preference to Shanks.
++# Use these sources in preference to Shanks & Pottenger.
+ #
+ # For Chatham, IATA SSIM (1991/1999) gives the NZ rules but with
+ # transitions at 2:45 local standard time; this confirms that Chatham
+@@ -1185,8 +1191,8 @@
+ # ``I am certain, having lived there for the past decade, that "Truk"
+ # (now properly known as Chuuk) ... is in the time zone GMT+10.''
+ #
+-# Shanks writes that Truk switched from UTC+10 to UTC+11 on 1978-10-01;
+-# ignore this for now.
++# Shanks & Pottenger write that Truk switched from UTC+10 to UTC+11
++# on 1978-10-01; ignore this for now.
+ 
+ # From Paul Eggert (1999-10-29):
+ # The Federated States of Micronesia Visitors Board writes in
+@@ -1279,8 +1285,8 @@
+ # on the World Day of Prayer, you would be the first people on Earth
+ # to say your prayers in the morning."
+ 
+-# From Paul Eggert (1999-08-12):
+-# Shanks says the transition was on 1968-10-01; go with Mundell.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger say the transition was on 1968-10-01; go with Mundell.
+ 
+ # From Eric Ulevik (1999-05-03):
+ # Tonga's director of tourism, who is also secretary of the National Millenium
+Index: share/zoneinfo/backward
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/backward,v
+retrieving revision 1.1.2.11.2.2
+diff -u -r1.1.2.11.2.2 backward
+--- share/zoneinfo/backward	27 Dec 2005 19:56:24 -0000	1.1.2.11.2.2
++++ share/zoneinfo/backward	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)backward	7.30
++# @(#)backward	8.2
+ 
+ # This file provides links between current names for time zones
+ # and their old names.  Many names changed in late 1993.
+@@ -8,6 +8,7 @@
+ Link	America/Adak		America/Atka
+ Link	America/Argentina/Buenos_Aires	America/Buenos_Aires
+ Link	America/Argentina/Catamarca	America/Catamarca
++Link	America/Atikokan	America/Coral_Harbour
+ Link	America/Argentina/Cordoba	America/Cordoba
+ Link	America/Tijuana		America/Ensenada
+ Link	America/Indiana/Indianapolis	America/Fort_Wayne
+Index: share/zoneinfo/etcetera
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/etcetera,v
+retrieving revision 1.1.2.5.14.1
+diff -u -r1.1.2.5.14.1 etcetera
+--- share/zoneinfo/etcetera	22 Dec 2005 23:47:26 -0000	1.1.2.5.14.1
++++ share/zoneinfo/etcetera	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)etcetera	7.12
++# @(#)etcetera	8.1
+ 
+ # These entries are mostly present for historical reasons, so that
+ # people in areas not otherwise covered by the tz files could "zic -l"
+Index: share/zoneinfo/europe
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/europe,v
+retrieving revision 1.29.2.2
+diff -u -r1.29.2.2 europe
+--- share/zoneinfo/europe	27 Dec 2005 19:56:24 -0000	1.29.2.2
++++ share/zoneinfo/europe	25 Feb 2007 03:26:56 -0000
+@@ -1,14 +1,14 @@
+-# @(#)europe	7.96
++# @(#)europe	8.6
+ # <pre>
+ 
+ # This data is by no means authoritative; if you think you know better,
+ # go ahead and edit the file (and please send any changes to
+ # tz@elsie.nci.nih.gov for general use in the future).
+ 
+-# From Paul Eggert (1999-10-29):
++# From Paul Eggert (2006-03-22):
+ # A good source for time zone historical data outside the U.S. is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -16,8 +16,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1991,
+-# and IATA SSIM is the source for entries afterwards.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1991, and IATA SSIM is the source for entries afterwards.
+ #
+ # Other sources occasionally used include:
+ #
+@@ -221,11 +221,12 @@
+ # (Lords Hansard 11 June 1997 columns 964 to 976)
+ # </a>.
+ 
+-# From Paul Eggert (2001-07-18):
++# From Paul Eggert (2006-03-22):
+ #
+-# For lack of other data, we'll follow Shanks for Eire in 1940-1948.
++# For lack of other data, follow Shanks & Pottenger for Eire in 1940-1948.
+ #
+-# Given Ilieve and Myers's data, the following claims by Shanks are incorrect:
++# Given Ilieve and Myers's data, the following claims by Shanks & Pottenger
++# are incorrect:
+ #     * Wales did not switch from GMT to daylight saving time until
+ #	1921 Apr 3, when they began to conform with the rest of Great Britain.
+ # Actually, Wales was identical after 1880.
+@@ -237,18 +238,19 @@
+ # Actually, that date saw the usual switch to summer time.
+ # Standard time was not changed until 1968-10-27 (the clocks didn't change).
+ #
+-# Here is another incorrect claim by Shanks:
++# Here is another incorrect claim by Shanks & Pottenger:
+ #     * Jersey, Guernsey, and the Isle of Man did not switch from GMT
+ #	to daylight saving time until 1921 Apr 3, when they began to
+ #	conform with Great Britain.
+ # S.R.&O. 1916, No. 382 and HO 45/10811/312364 (quoted above) say otherwise.
+ #
+-# The following claim by Shanks is possible though doubtful;
++# The following claim by Shanks & Pottenger is possible though doubtful;
+ # we'll ignore it for now.
+ #     * Dublin's 1971-10-31 switch was at 02:00, even though London's was 03:00.
+ #
+ #
+-# Whitman says Dublin Mean Time was -0:25:21, which is more precise than Shanks.
++# Whitman says Dublin Mean Time was -0:25:21, which is more precise than
++# Shanks & Pottenger.
+ # Perhaps this was Dunsink Observatory Time, as Dunsink Observatory
+ # (8 km NW of Dublin's center) seemingly was to Dublin as Greenwich was
+ # to London.  For example:
+@@ -418,11 +420,14 @@
+ # See EU for rules starting in 1996.
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone	Europe/London	-0:01:15 -	LMT	1847 Dec  1
++Zone	Europe/London	-0:01:15 -	LMT	1847 Dec  1 0:00s
+ 			 0:00	GB-Eire	%s	1968 Oct 27
+ 			 1:00	-	BST	1971 Oct 31 2:00u
+ 			 0:00	GB-Eire	%s	1996
+ 			 0:00	EU	GMT/BST
++Link	Europe/London	Europe/Jersey
++Link	Europe/London	Europe/Guernsey
++Link	Europe/London	Europe/Isle_of_Man
+ Zone	Europe/Dublin	-0:25:00 -	LMT	1880 Aug  2
+ 			-0:25:21 -	DMT	1916 May 21 2:00
+ 			-0:25:21 1:00	IST	1916 Oct  1 2:00s
+@@ -476,7 +481,7 @@
+ Rule	C-Eur	1943	only	-	Mar	29	 2:00s	1:00	S
+ Rule	C-Eur	1943	only	-	Oct	 4	 2:00s	0	-
+ Rule	C-Eur	1944	only	-	Apr	 3	 2:00s	1:00	S
+-# Whitman gives 1944 Oct 7; go with Shanks.
++# Whitman gives 1944 Oct 7; go with Shanks & Pottenger.
+ Rule	C-Eur	1944	only	-	Oct	 2	 2:00s	0	-
+ Rule	C-Eur	1977	1980	-	Apr	Sun>=1	 2:00s	1:00	S
+ Rule	C-Eur	1977	only	-	Sep	lastSun	 2:00s	0	-
+@@ -596,12 +601,12 @@
+ 
+ # Austria
+ 
+-# From Paul Eggert (2003-02-28): Shanks gives 1918-06-16 and
++# From Paul Eggert (2006-03-22): Shanks & Pottenger give 1918-06-16 and
+ # 1945-11-18, but the Austrian Federal Office of Metrology and
+ # Surveying (BEV) gives 1918-09-16 and for Vienna gives the "alleged"
+ # date of 1945-04-12 with no time.  For the 1980-04-06 transition
+-# Shanks gives 02:00, the BEV 00:00.  Go with the BEV, and guess 02:00
+-# for 1945-04-12.
++# Shanks & Pottenger give 02:00, the BEV 00:00.  Go with the BEV,
++# and guess 02:00 for 1945-04-12.
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Austria	1920	only	-	Apr	 5	2:00s	1:00	S
+@@ -701,7 +706,7 @@
+ 			1:00	EU	CE%sT
+ 
+ # Bosnia and Herzegovina
+-# see Serbia and Montenegro
++# see Serbia
+ 
+ # Bulgaria
+ #
+@@ -713,7 +718,7 @@
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Bulg	1979	only	-	Mar	31	23:00	1:00	S
+ Rule	Bulg	1979	only	-	Oct	 1	 1:00	0	-
+-Rule	Bulg	1980	1982	-	Apr	Sat<=7	23:00	1:00	S
++Rule	Bulg	1980	1982	-	Apr	Sat>=1	23:00	1:00	S
+ Rule	Bulg	1980	only	-	Sep	29	 1:00	0	-
+ Rule	Bulg	1981	only	-	Sep	27	 2:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -728,7 +733,7 @@
+ 			2:00	EU	EE%sT
+ 
+ # Croatia
+-# see Serbia and Montenegro
++# see Serbia
+ 
+ # Cyprus
+ # Please see the `asia' file for Asia/Nicosia.
+@@ -813,10 +818,10 @@
+ # East Greenland and Franz Josef Land, but we don't know their time zones.
+ # My source for this is Wilhelm Dege's book mentioned under Svalbard.
+ #
+-# From Paul Eggert (1996-11-22):
++# From Paul Eggert (2006-03-22):
+ # Greenland joined the EU as part of Denmark, obtained home rule on 1979-05-01,
+ # and left the EU on 1985-02-01.  It therefore should have been using EU
+-# rules at least through 1984.  Shanks says Scoresbysund and Godthab
++# rules at least through 1984.  Shanks & Pottenger say Scoresbysund and Godthab
+ # used C-Eur rules after 1980, but IATA SSIM (1991/1996) says they use EU
+ # rules since at least 1991.  Assume EU rules since 1980.
+ 
+@@ -871,24 +876,28 @@
+ # I heard back from someone stationed at Thule; the time change took place
+ # there at 2:00 AM.
+ 
+-# From Paul Eggert (2001-11-19):
+-# The 1997 CIA map shows Danmarkshavn on GMT; the 1995 map as like Godthab.
++# From Paul Eggert (2006-03-22):
++# From 1997 on the CIA map shows Danmarkshavn on GMT;
++# the 1995 map as like Godthab.
+ # For lack of better info, assume they were like Godthab before 1996.
+ # startkart.no says Thule does not observe DST, but this is clearly an error,
+-# so go with Shanks for all Thule transitions.
++# so go with Shanks & Pottenger for Thule transitions until this year.
++# For 2007 on assume Thule will stay in sync with US DST rules.
+ #
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Thule	1991	1992	-	Mar	lastSun	2:00	1:00	D
+ Rule	Thule	1991	1992	-	Sep	lastSun	2:00	0	S
+-Rule	Thule	1993	max	-	Apr	Sun>=1	2:00	1:00	D
+-Rule	Thule	1993	max	-	Oct	lastSun	2:00	0	S
++Rule	Thule	1993	2006	-	Apr	Sun>=1	2:00	1:00	D
++Rule	Thule	1993	2006	-	Oct	lastSun	2:00	0	S
++Rule	Thule	2007	max	-	Mar	Sun>=8	2:00	1:00	D
++Rule	Thule	2007	max	-	Nov	Sun>=1	2:00	0	S
+ #
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Danmarkshavn -1:14:40 -	LMT	1916 Jul 28
+ 			-3:00	-	WGT	1980 Apr  6 2:00
+ 			-3:00	EU	WG%sT	1996
+ 			0:00	-	GMT
+-Zone America/Scoresbysund -1:29:00 -	LMT	1916 Jul 28 # Ittoqqortoormiit
++Zone America/Scoresbysund -1:27:52 -	LMT	1916 Jul 28 # Ittoqqortoormiit
+ 			-2:00	-	CGT	1980 Apr  6 2:00
+ 			-2:00	C-Eur	CG%sT	1981 Mar 29
+ 			-1:00	EU	EG%sT
+@@ -963,13 +972,13 @@
+ 
+ # Finland
+ #
+-# From Hannu Strang (25 Sep 1994 06:03:37 UTC):
++# From Hannu Strang (1994-09-25 06:03:37 UTC):
+ # Well, here in Helsinki we're just changing from summer time to regular one,
+ # and it's supposed to change at 4am...
+ #
+-# From Paul Eggert (25 Sep 1994):
+-# Shanks says Finland has switched at 02:00 standard time since 1981.
+-# Go with Strang instead.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger say Finland has switched at 02:00 standard time
++# since 1981.  Go with Strang instead.
+ #
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Finland	1942	only	-	Apr	3	0:00	1:00	S
+@@ -999,7 +1008,7 @@
+ 
+ 
+ #
+-# Shanks seems to use `24:00' ambiguously; we resolve it with Whitman.
++# Shank & Pottenger seem to use `24:00' ambiguously; resolve it with Whitman.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	France	1916	only	-	Jun	14	23:00s	1:00	S
+ Rule	France	1916	1919	-	Oct	Sun>=1	23:00s	0	-
+@@ -1013,7 +1022,7 @@
+ Rule	France	1922	only	-	Mar	25	23:00s	1:00	S
+ # DSH writes that a law of 1923-05-24 specified 3rd Sat in Apr at 23:00 to 1st
+ # Sat in Oct at 24:00; and that in 1930, because of Easter, the transitions
+-# were Apr 12 and Oct 5.  Go with Shanks.
++# were Apr 12 and Oct 5.  Go with Shanks & Pottenger.
+ Rule	France	1922	1938	-	Oct	Sat>=1	23:00s	0	-
+ Rule	France	1923	only	-	May	26	23:00s	1:00	S
+ Rule	France	1924	only	-	Mar	29	23:00s	1:00	S
+@@ -1034,8 +1043,8 @@
+ Rule	France	1939	only	-	Apr	15	23:00s	1:00	S
+ Rule	France	1939	only	-	Nov	18	23:00s	0	-
+ Rule	France	1940	only	-	Feb	25	 2:00	1:00	S
+-# The French rules for 1941-1944 were not used in Paris, but Shanks writes
+-# that they were used in Monaco and in many French locations.
++# The French rules for 1941-1944 were not used in Paris, but Shanks & Pottenger
++# write that they were used in Monaco and in many French locations.
+ # Le Corre writes that the upper limit of the free zone was Arneguy, Orthez,
+ # Mont-de-Marsan, Bazas, Langon, Lamotte-Montravel, Marouil, La
+ # Rochefoucault, Champagne-Mouton, La Roche-Posay, La Haye-Decartes,
+@@ -1043,7 +1052,7 @@
+ # Paray-le-Monial, Montceau-les-Mines, Chalons-sur-Saone, Arbois,
+ # Dole, Morez, St-Claude, and Collognes (Haute-Savioe).
+ Rule	France	1941	only	-	May	 5	 0:00	2:00	M # Midsummer
+-# Shanks says this transition occurred at Oct 6 1:00,
++# Shanks & Pottenger say this transition occurred at Oct 6 1:00,
+ # but go with Denis Excoffier (1997-12-12),
+ # who quotes the Ephemerides Astronomiques for 1998 from Bureau des Longitudes
+ # as saying 5/10/41 22hUT.
+@@ -1056,21 +1065,21 @@
+ Rule	France	1944	only	-	Oct	 8	 1:00	1:00	S
+ Rule	France	1945	only	-	Apr	 2	 2:00	2:00	M
+ Rule	France	1945	only	-	Sep	16	 3:00	0	-
+-# Shanks gives Mar 28 2:00 and Sep 26 3:00;
++# Shanks & Pottenger give Mar 28 2:00 and Sep 26 3:00;
+ # go with Excoffier's 28/3/76 0hUT and 25/9/76 23hUT.
+ Rule	France	1976	only	-	Mar	28	 1:00	1:00	S
+ Rule	France	1976	only	-	Sep	26	 1:00	0	-
+-# Shanks gives 0:09 for Paris Mean Time, and Whitman gives 0:09:05,
++# Shanks & Pottenger give 0:09:20 for Paris Mean Time, and Whitman 0:09:05,
+ # but Howse quotes the actual French legislation as saying 0:09:21.
+ # Go with Howse.  Howse writes that the time in France was officially based
+ # on PMT-0:09:21 until 1978-08-09, when the time base finally switched to UTC.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Europe/Paris	0:09:21 -	LMT	1891 Mar 15  0:01
+ 			0:09:21	-	PMT	1911 Mar 11  0:01  # Paris MT
+-# Shanks gives 1940 Jun 14 0:00; go with Excoffier and Le Corre.
++# Shanks & Pottenger give 1940 Jun 14 0:00; go with Excoffier and Le Corre.
+ 			0:00	France	WE%sT	1940 Jun 14 23:00
+ # Le Corre says Paris stuck with occupied-France time after the liberation;
+-# go with Shanks.
++# go with Shanks & Pottenger.
+ 			1:00	C-Eur	CE%sT	1944 Aug 25
+ 			0:00	France	WE%sT	1945 Sep 16  3:00
+ 			1:00	France	CE%sT	1977
+@@ -1121,23 +1130,23 @@
+ 
+ # Gibraltar
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone Europe/Gibraltar	-0:21:24 -	LMT	1880 Aug  2
++Zone Europe/Gibraltar	-0:21:24 -	LMT	1880 Aug  2 0:00s
+ 			0:00	GB-Eire	%s	1957 Apr 14 2:00
+ 			1:00	-	CET	1982
+ 			1:00	EU	CE%sT
+ 
+ # Greece
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-# Whitman gives 1932 Jul 5 - Nov 1; go with Shanks.
++# Whitman gives 1932 Jul 5 - Nov 1; go with Shanks & Pottenger.
+ Rule	Greece	1932	only	-	Jul	 7	0:00	1:00	S
+ Rule	Greece	1932	only	-	Sep	 1	0:00	0	-
+-# Whitman gives 1941 Apr 25 - ?; go with Shanks.
++# Whitman gives 1941 Apr 25 - ?; go with Shanks & Pottenger.
+ Rule	Greece	1941	only	-	Apr	 7	0:00	1:00	S
+-# Whitman gives 1942 Feb 2 - ?; go with Shanks.
++# Whitman gives 1942 Feb 2 - ?; go with Shanks & Pottenger.
+ Rule	Greece	1942	only	-	Nov	 2	3:00	0	-
+ Rule	Greece	1943	only	-	Mar	30	0:00	1:00	S
+ Rule	Greece	1943	only	-	Oct	 4	0:00	0	-
+-# Whitman gives 1944 Oct 3 - Oct 31; go with Shanks.
++# Whitman gives 1944 Oct 3 - Oct 31; go with Shanks & Pottenger.
+ Rule	Greece	1952	only	-	Jul	 1	0:00	1:00	S
+ Rule	Greece	1952	only	-	Nov	 2	0:00	0	-
+ Rule	Greece	1975	only	-	Apr	12	0:00s	1:00	S
+@@ -1157,7 +1166,7 @@
+ 			2:00	Greece	EE%sT	1941 Apr 30
+ 			1:00	Greece	CE%sT	1944 Apr  4
+ 			2:00	Greece	EE%sT	1981
+-			# Shanks says they switched to C-Eur in 1981;
++			# Shanks & Pottenger say it switched to C-Eur in 1981;
+ 			# go with EU instead, since Greece joined it on Jan 1.
+ 			2:00	EU	EE%sT
+ 
+@@ -1220,10 +1229,10 @@
+ # might be a reference to the Julian calendar as opposed to Gregorian, or it
+ # might mean something else (???).
+ #
+-# From Paul Eggert (1999-10-29):
+-# The Iceland Almanak, Shanks and Whitman disagree on many points.
+-# We go with the Almanak, except for one claim from Shanks, namely that
+-# Reykavik was 21W57 from 1837 to 1908, local mean time before that.
++# From Paul Eggert (2006-03-22):
++# The Iceland Almanak, Shanks & Pottenger, and Whitman disagree on many points.
++# We go with the Almanak, except for one claim from Shanks & Pottenger, namely
++# that Reykavik was 21W57 from 1837 to 1908, local mean time before that.
+ #
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Iceland	1917	1918	-	Feb	19	23:00	1:00	S
+@@ -1261,15 +1270,16 @@
+ # But these events all occurred before the 1970 cutoff,
+ # so record only the time in Rome.
+ #
+-# From Paul Eggert (1996-05-06):
+-# For Italian DST we have three sources: Shanks, Whitman, and F. Pollastri
++# From Paul Eggert (2006-03-22):
++# For Italian DST we have three sources: Shanks & Pottenger, Whitman, and
++# F. Pollastri
+ # <a href="http://toi.iriti.cnr.it/uk/ienitlt.html">
+-# Day-light Saving Time in Italy (1996-03-14)
++# Day-light Saving Time in Italy (2006-02-03)
+ # </a>
+ # (`FP' below), taken from an Italian National Electrotechnical Institute
+ # publication. When the three sources disagree, guess who's right, as follows:
+ #
+-# year	FP	Shanks (S)	Whitman (W)	Go with:
++# year	FP	Shanks&P. (S)	Whitman (W)	Go with:
+ # 1916	06-03	06-03 24:00	06-03 00:00	FP & W
+ #	09-30	09-30 24:00	09-30 01:00	FP; guess 24:00s
+ # 1917	04-01	03-31 24:00	03-31 00:00	FP & S
+@@ -1325,7 +1335,7 @@
+ Rule	Italy	1979	only	-	Sep	30	0:00s	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Europe/Rome	0:49:56 -	LMT	1866 Sep 22
+-			0:49:56	-	RMT	1893 Nov	# Rome Mean Time
++			0:49:56	-	RMT	1893 Nov  1 0:00s # Rome Mean
+ 			1:00	Italy	CE%sT	1942 Nov  2 2:00s
+ 			1:00	C-Eur	CE%sT	1944 Jul
+ 			1:00	Italy	CE%sT	1980
+@@ -1467,7 +1477,8 @@
+ 			2:00	EU	EE%sT
+ 
+ # Luxembourg
+-# Whitman disagrees with most of these dates in minor ways; go with Shanks.
++# Whitman disagrees with most of these dates in minor ways;
++# go with Shanks & Pottenger.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Lux	1916	only	-	May	14	23:00	1:00	S
+ Rule	Lux	1916	only	-	Oct	 1	 1:00	0	-
+@@ -1502,7 +1513,7 @@
+ 			1:00	EU	CE%sT
+ 
+ # Macedonia
+-# see Serbia and Montenegro
++# see Serbia
+ 
+ # Malta
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+@@ -1514,7 +1525,7 @@
+ Rule	Malta	1975	1980	-	Sep	Sun>=15	2:00	0	-
+ Rule	Malta	1980	only	-	Mar	31	2:00	1:00	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone	Europe/Malta	0:58:04 -	LMT	1893 Nov  2	# Valletta
++Zone	Europe/Malta	0:58:04 -	LMT	1893 Nov  2 0:00s # Valletta
+ 			1:00	Italy	CE%sT	1942 Nov  2 2:00s
+ 			1:00	C-Eur	CE%sT	1945 Apr  2 2:00s
+ 			1:00	Italy	CE%sT	1973 Mar 31
+@@ -1523,9 +1534,9 @@
+ 
+ # Moldova
+ 
+-# From Paul Eggert (2001-02-11):
+-# A previous version of this database followed Shanks, who writes that
+-# Tiraspol switched to Moscow time on 1992-01-19 at 02:00.
++# From Paul Eggert (2006-03-22):
++# A previous version of this database followed Shanks & Pottenger, who write
++# that Tiraspol switched to Moscow time on 1992-01-19 at 02:00.
+ # However, this is most likely an error, as Moldova declared independence
+ # on 1991-08-27 (the 1992-01-19 date is that of a Russian decree).
+ # In early 1992 there was large-scale interethnic violence in the area
+@@ -1550,7 +1561,8 @@
+ 			2:00	EU	EE%sT
+ 
+ # Monaco
+-# Shanks gives 0:09 for Paris Mean Time; go with Howse's more precise 0:09:21.
++# Shanks & Pottenger give 0:09:20 for Paris Mean Time; go with Howse's
++# more precise 0:09:21.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Europe/Monaco	0:29:32 -	LMT	1891 Mar 15
+ 			0:09:21	-	PMT	1911 Mar 11    # Paris Mean Time
+@@ -1558,6 +1570,9 @@
+ 			1:00	France	CE%sT	1977
+ 			1:00	EU	CE%sT
+ 
++# Montenegro
++# see Serbia
++
+ # Netherlands
+ 
+ # Howse writes that the Netherlands' railways used GMT between 1892 and 1940,
+@@ -1633,7 +1648,8 @@
+ 			1:00	EU	CE%sT
+ 
+ # Norway
+-# http://met.no/met/met_lex/q_u/sommertid.html (2004-01) agrees with Shanks.
++# http://met.no/met/met_lex/q_u/sommertid.html (2004-01) agrees with Shanks &
++# Pottenger.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Norway	1916	only	-	May	22	1:00	1:00	S
+ Rule	Norway	1916	only	-	Sep	30	0:00	0	-
+@@ -1704,9 +1720,10 @@
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Poland	1918	1919	-	Sep	16	2:00s	0	-
+ Rule	Poland	1919	only	-	Apr	15	2:00s	1:00	S
+-# Whitman gives 1944 Nov 30; go with Shanks.
++Rule	Poland	1944	only	-	Apr	 3	2:00s	1:00	S
++# Whitman gives 1944 Nov 30; go with Shanks & Pottenger.
+ Rule	Poland	1944	only	-	Oct	 4	2:00	0	-
+-# For 1944-1948 Whitman gives the previous day; go with Shanks.
++# For 1944-1948 Whitman gives the previous day; go with Shanks & Pottenger.
+ Rule	Poland	1945	only	-	Apr	29	0:00	1:00	S
+ Rule	Poland	1945	only	-	Nov	 1	0:00	0	-
+ # For 1946 on the source is Kazimierz Borkowski,
+@@ -1762,9 +1779,9 @@
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ # DSH writes that despite Decree 1,469 (1915), the change to the clocks was not
+ # done every year, depending on what Spain did, because of railroad schedules.
+-# Go with Shanks.
++# Go with Shanks & Pottenger.
+ Rule	Port	1916	only	-	Jun	17	23:00	1:00	S
+-# Whitman gives 1916 Oct 31; go with Shanks.
++# Whitman gives 1916 Oct 31; go with Shanks & Pottenger.
+ Rule	Port	1916	only	-	Nov	 1	 1:00	0	-
+ Rule	Port	1917	only	-	Feb	28	23:00s	1:00	S
+ Rule	Port	1917	1921	-	Oct	14	23:00s	0	-
+@@ -1780,24 +1797,23 @@
+ Rule	Port	1928	only	-	Apr	14	23:00s	1:00	S
+ Rule	Port	1929	only	-	Apr	20	23:00s	1:00	S
+ Rule	Port	1931	only	-	Apr	18	23:00s	1:00	S
+-# Whitman gives 1931 Oct 8; go with Shanks.
++# Whitman gives 1931 Oct 8; go with Shanks & Pottenger.
+ Rule	Port	1931	1932	-	Oct	Sat>=1	23:00s	0	-
+ Rule	Port	1932	only	-	Apr	 2	23:00s	1:00	S
+-# Shanks gives 1934 Apr 4; go with Whitman.
+ Rule	Port	1934	only	-	Apr	 7	23:00s	1:00	S
+-# Whitman gives 1934 Oct 5; go with Shanks.
++# Whitman gives 1934 Oct 5; go with Shanks & Pottenger.
+ Rule	Port	1934	1938	-	Oct	Sat>=1	23:00s	0	-
+-# Shanks gives 1935 Apr 30; go with Whitman.
++# Shanks & Pottenger give 1935 Apr 30; go with Whitman.
+ Rule	Port	1935	only	-	Mar	30	23:00s	1:00	S
+ Rule	Port	1936	only	-	Apr	18	23:00s	1:00	S
+-# Whitman gives 1937 Apr 2; go with Shanks.
++# Whitman gives 1937 Apr 2; go with Shanks & Pottenger.
+ Rule	Port	1937	only	-	Apr	 3	23:00s	1:00	S
+ Rule	Port	1938	only	-	Mar	26	23:00s	1:00	S
+ Rule	Port	1939	only	-	Apr	15	23:00s	1:00	S
+-# Whitman gives 1939 Oct 7; go with Shanks.
++# Whitman gives 1939 Oct 7; go with Shanks & Pottenger.
+ Rule	Port	1939	only	-	Nov	18	23:00s	0	-
+ Rule	Port	1940	only	-	Feb	24	23:00s	1:00	S
+-# Shanks gives 1940 Oct 7; go with Whitman.
++# Shanks & Pottenger give 1940 Oct 7; go with Whitman.
+ Rule	Port	1940	1941	-	Oct	 5	23:00s	0	-
+ Rule	Port	1941	only	-	Apr	 5	23:00s	1:00	S
+ Rule	Port	1942	1945	-	Mar	Sat>=8	23:00s	1:00	S
+@@ -1811,8 +1827,8 @@
+ Rule	Port	1946	only	-	Oct	Sat>=1	23:00s	0	-
+ Rule	Port	1947	1949	-	Apr	Sun>=1	 2:00s	1:00	S
+ Rule	Port	1947	1949	-	Oct	Sun>=1	 2:00s	0	-
+-# Shanks says DST was observed in 1950; go with Whitman.
+-# Whitman gives Oct lastSun for 1952 on; go with Shanks.
++# Shanks & Pottenger say DST was observed in 1950; go with Whitman.
++# Whitman gives Oct lastSun for 1952 on; go with Shanks & Pottenger.
+ Rule	Port	1951	1965	-	Apr	Sun>=1	 2:00s	1:00	S
+ Rule	Port	1951	1965	-	Oct	Sun>=1	 2:00s	0	-
+ Rule	Port	1977	only	-	Mar	27	 0:00s	1:00	S
+@@ -1824,7 +1840,7 @@
+ Rule	Port	1981	1982	-	Mar	lastSun	 1:00s	1:00	S
+ Rule	Port	1983	only	-	Mar	lastSun	 2:00s	1:00	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-# Shanks says that the transition from LMT to WET occurred 1911-05-24;
++# Shanks & Pottenger say the transition from LMT to WET occurred 1911-05-24;
+ # Willett says 1912-01-01.  Go with Willett.
+ Zone	Europe/Lisbon	-0:36:32 -	LMT	1884
+ 			-0:36:32 -	LMT	1912 Jan  1  # Lisbon Mean Time
+@@ -1877,11 +1893,12 @@
+ 
+ # Russia
+ 
+-# From Paul Eggert (1999-11-12):
++# From Paul Eggert (2006-03-22):
+ # Except for Moscow after 1919-07-01, I invented the time zone abbreviations.
+ # Moscow time zone abbreviations after 1919-07-01, and Moscow rules after 1991,
+-# are from Andrey A. Chernov.  The rest is from Shanks, except we follow
+-# Chernov's report that 1992 DST transitions were Sat 23:00, not Sun 02:00s.
++# are from Andrey A. Chernov.  The rest is from Shanks & Pottenger,
++# except we follow Chernov's report that 1992 DST transitions were Sat
++# 23:00, not Sun 02:00s.
+ #
+ # From Stanislaw A. Kuzikowski (1994-06-29):
+ # But now it is some months since Novosibirsk is 3 hours ahead of Moscow!
+@@ -1926,20 +1943,20 @@
+ 			 2:00	Russia	EE%sT
+ #
+ # From Oscar van Vlijmen (2001-08-25): [This region consists of]
+-# Respublika Adygeya, Arkhangel'skaya oblast', Astrakhanskaya oblast',
++# Respublika Adygeya, Arkhangel'skaya oblast',
+ # Belgorodskaya oblast', Bryanskaya oblast', Vladimirskaya oblast',
+-# Volgogradskaya oblast', Vologodskaya oblast', Voronezhskaya oblast',
++# Vologodskaya oblast', Voronezhskaya oblast',
+ # Respublika Dagestan, Ivanovskaya oblast', Respublika Ingushetiya,
+ # Kabarbino-Balkarskaya Respublika, Respublika Kalmykiya,
+ # Kalyzhskaya oblast', Respublika Karachaevo-Cherkessiya,
+-# Respublika Kareliya, Kirovskaya oblast', Respublika Komi,
++# Respublika Kareliya, Respublika Komi,
+ # Kostromskaya oblast', Krasnodarskij kraj, Kurskaya oblast',
+ # Leningradskaya oblast', Lipetskaya oblast', Respublika Marij El,
+ # Respublika Mordoviya, Moskva, Moskovskaya oblast',
+ # Murmanskaya oblast', Nenetskij avtonomnyj okrug,
+ # Nizhegorodskaya oblast', Novgorodskaya oblast', Orlovskaya oblast',
+ # Penzenskaya oblast', Pskovskaya oblast', Rostovskaya oblast',
+-# Ryazanskaya oblast', Sankt-Peterburg, Saratovskaya oblast',
++# Ryazanskaya oblast', Sankt-Peterburg,
+ # Respublika Severnaya Osetiya, Smolenskaya oblast',
+ # Stavropol'skij kraj, Tambovskaya oblast', Respublika Tatarstan,
+ # Tverskaya oblast', Tyl'skaya oblast', Ul'yanovskaya oblast',
+@@ -1954,11 +1971,25 @@
+ 			 2:00	Russia	EE%sT	1992 Jan 19 2:00s
+ 			 3:00	Russia	MSK/MSD
+ #
++# Astrakhanskaya oblast', Kirovskaya oblast', Saratovskaya oblast',
++# Volgogradskaya oblast'.  Shanks & Pottenger say Kirov is still at +0400
++# but Wikipedia (2006-05-09) says +0300.  Perhaps it switched after the
++# others?  But we have no data.
++Zone Europe/Volgograd	 2:57:40 -	LMT	1920 Jan  3
++			 3:00	-	TSAT	1925 Apr  6 # Tsaritsyn Time
++			 3:00	-	STAT	1930 Jun 21 # Stalingrad Time
++			 4:00	-	STAT	1961 Nov 11
++			 4:00	Russia	VOL%sT	1989 Mar 26 2:00s # Volgograd T
++			 3:00	Russia	VOL%sT	1991 Mar 31 2:00s
++			 4:00	-	VOLT	1992 Mar 29 2:00s
++			 3:00	Russia	VOL%sT
++#
+ # From Oscar van Vlijmen (2001-08-25): [This region consists of]
+ # Samarskaya oblast', Udmyrtskaya respublika
+ Zone Europe/Samara	 3:20:36 -	LMT	1919 Jul  1 2:00
+-			 3:00	-	KUYT	1930 Jun 21 # Kuybyshev
+-			 4:00	Russia	KUY%sT	1989 Mar 26 2:00s
++			 3:00	-	SAMT	1930 Jun 21
++			 4:00	-	SAMT	1935 Jan 27
++			 4:00	Russia	KUY%sT	1989 Mar 26 2:00s # Kuybyshev
+ 			 3:00	Russia	KUY%sT	1991 Mar 31 2:00s
+ 			 2:00	Russia	KUY%sT	1991 Sep 29 2:00s
+ 			 3:00	-	KUYT	1991 Oct 20 3:00
+@@ -1984,17 +2015,19 @@
+ 			 5:00	Russia	OMS%sT	1992 Jan 19 2:00s
+ 			 6:00	Russia	OMS%sT
+ #
+-# Novosibirskaya oblast'.
++# From Paul Eggert (2006-08-19): I'm guessing about Tomsk here; it's
++# not clear when it switched from +7 to +6.
++# Novosibirskaya oblast', Tomskaya oblast'.
+ Zone Asia/Novosibirsk	 5:31:40 -	LMT	1919 Dec 14 6:00
+ 			 6:00	-	NOVT	1930 Jun 21 # Novosibirsk Time
+ 			 7:00	Russia	NOV%sT	1991 Mar 31 2:00s
+ 			 6:00	Russia	NOV%sT	1992 Jan 19 2:00s
+-			 7:00	Russia	NOV%sT	1993 May 23 # says Shanks
++			 7:00	Russia	NOV%sT	1993 May 23 # say Shanks & P.
+ 			 6:00	Russia	NOV%sT
+ #
+ # From Oscar van Vlijmen (2001-08-25): [This region consists of]
+ # Kemerovskaya oblast', Krasnoyarskij kraj,
+-# Tajmyrskij (Dolgano-Nenetskij) avtonomnyj okrug, Tomskaya oblast',
++# Tajmyrskij (Dolgano-Nenetskij) avtonomnyj okrug,
+ # Respublika Tuva, Respublika Khakasiya, Evenkijskij avtonomnyj okrug.
+ Zone Asia/Krasnoyarsk	 6:11:20 -	LMT	1920 Jan  6
+ 			 6:00	-	KRAT	1930 Jun 21 # Krasnoyarsk Time
+@@ -2077,7 +2110,7 @@
+ 			11:00	Russia	ANA%sT	1992 Jan 19 2:00s
+ 			12:00	Russia	ANA%sT
+ 
+-# Serbia and Montenegro
++# Serbia
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	Europe/Belgrade	1:22:00	-	LMT	1884
+ 			1:00	-	CET	1941 Apr 18 23:00
+@@ -2085,10 +2118,11 @@
+ 			1:00	1:00	CEST	1945 Sep 16  2:00s
+ # Metod Kozelj reports that the legal date of
+ # transition to EU rules was 1982-11-27, for all of Yugoslavia at the time.
+-# Shanks doesn't give as much detail, so go with Kozelj.
++# Shanks & Pottenger don't give as much detail, so go with Kozelj.
+ 			1:00	-	CET	1982 Nov 27
+ 			1:00	EU	CE%sT
+ Link Europe/Belgrade Europe/Ljubljana	# Slovenia
++Link Europe/Belgrade Europe/Podgorica	# Montenegro
+ Link Europe/Belgrade Europe/Sarajevo	# Bosnia and Herzegovina
+ Link Europe/Belgrade Europe/Skopje	# Macedonia
+ Link Europe/Belgrade Europe/Zagreb	# Croatia
+@@ -2097,32 +2131,34 @@
+ Link Europe/Prague Europe/Bratislava
+ 
+ # Slovenia
+-# see Serbia and Montenegro
++# see Serbia
+ 
+ # Spain
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-# For 1917-1919 Whitman gives Apr Sat>=1 - Oct Sat>=1; go with Shanks.
++# For 1917-1919 Whitman gives Apr Sat>=1 - Oct Sat>=1;
++# go with Shanks & Pottenger.
+ Rule	Spain	1917	only	-	May	 5	23:00s	1:00	S
+ Rule	Spain	1917	1919	-	Oct	 6	23:00s	0	-
+ Rule	Spain	1918	only	-	Apr	15	23:00s	1:00	S
+ Rule	Spain	1919	only	-	Apr	 5	23:00s	1:00	S
+-# Whitman gives 1921 Feb 28 - Oct 14; go with Shanks.
++# Whitman gives 1921 Feb 28 - Oct 14; go with Shanks & Pottenger.
+ Rule	Spain	1924	only	-	Apr	16	23:00s	1:00	S
+-# Whitman gives 1924 Oct 14; go with Shanks.
++# Whitman gives 1924 Oct 14; go with Shanks & Pottenger.
+ Rule	Spain	1924	only	-	Oct	 4	23:00s	0	-
+ Rule	Spain	1926	only	-	Apr	17	23:00s	1:00	S
+-# Whitman says no DST in 1929; go with Shanks.
++# Whitman says no DST in 1929; go with Shanks & Pottenger.
+ Rule	Spain	1926	1929	-	Oct	Sat>=1	23:00s	0	-
+ Rule	Spain	1927	only	-	Apr	 9	23:00s	1:00	S
+ Rule	Spain	1928	only	-	Apr	14	23:00s	1:00	S
+ Rule	Spain	1929	only	-	Apr	20	23:00s	1:00	S
+-# Whitman gives 1937 Jun 16, 1938 Apr 16, 1940 Apr 13; go with Shanks.
++# Whitman gives 1937 Jun 16, 1938 Apr 16, 1940 Apr 13;
++# go with Shanks & Pottenger.
+ Rule	Spain	1937	only	-	May	22	23:00s	1:00	S
+ Rule	Spain	1937	1939	-	Oct	Sat>=1	23:00s	0	-
+ Rule	Spain	1938	only	-	Mar	22	23:00s	1:00	S
+ Rule	Spain	1939	only	-	Apr	15	23:00s	1:00	S
+ Rule	Spain	1940	only	-	Mar	16	23:00s	1:00	S
+-# Whitman says no DST 1942-1945; go with Shanks.
++# Whitman says no DST 1942-1945; go with Shanks & Pottenger.
+ Rule	Spain	1942	only	-	May	 2	22:00s	2:00	M # Midsummer
+ Rule	Spain	1942	only	-	Sep	 1	22:00s	1:00	S
+ Rule	Spain	1943	1946	-	Apr	Sat>=13	22:00s	2:00	M
+@@ -2149,7 +2185,7 @@
+ Rule SpainAfrica 1978	only	-	Jun	 1	 0:00	1:00	S
+ Rule SpainAfrica 1978	only	-	Aug	 4	 0:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone	Europe/Madrid	-0:14:44 -	LMT	1901
++Zone	Europe/Madrid	-0:14:44 -	LMT	1901 Jan  1  0:00s
+ 			 0:00	Spain	WE%sT	1946 Sep 30
+ 			 1:00	Spain	CE%sT	1979
+ 			 1:00	EU	CE%sT
+@@ -2171,7 +2207,7 @@
+ 
+ # Sweden
+ 
+-# From Ivan Nilsson (2001-04-13), superseding Shanks:
++# From Ivan Nilsson (2001-04-13), superseding Shanks & Pottenger:
+ #
+ # The law "Svensk forfattningssamling 1878, no 14" about standard time in 1879:
+ # From the beginning of 1879 (that is 01-01 00:00) the time for all
+@@ -2232,7 +2268,7 @@
+ # From Whitman (who writes ``Midnight?''):
+ Rule	Swiss	1940	only	-	Nov	 2	0:00	1:00	S
+ Rule	Swiss	1940	only	-	Dec	31	0:00	0	-
+-# From Shanks:
++# From Shanks & Pottenger:
+ Rule	Swiss	1941	1942	-	May	Sun>=1	2:00	1:00	S
+ Rule	Swiss	1941	1942	-	Oct	Sun>=1	0:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -2251,7 +2287,8 @@
+ Rule	Turkey	1921	only	-	Oct	 3	0:00	0	-
+ Rule	Turkey	1922	only	-	Mar	26	0:00	1:00	S
+ Rule	Turkey	1922	only	-	Oct	 8	0:00	0	-
+-# Whitman gives 1923 Apr 28 - Sep 16 and no DST in 1924-1925; go with Shanks.
++# Whitman gives 1923 Apr 28 - Sep 16 and no DST in 1924-1925;
++# go with Shanks & Pottenger.
+ Rule	Turkey	1924	only	-	May	13	0:00	1:00	S
+ Rule	Turkey	1924	1925	-	Oct	 1	0:00	0	-
+ Rule	Turkey	1925	only	-	May	 1	0:00	1:00	S
+@@ -2260,7 +2297,8 @@
+ Rule	Turkey	1940	only	-	Dec	 1	0:00	1:00	S
+ Rule	Turkey	1941	only	-	Sep	21	0:00	0	-
+ Rule	Turkey	1942	only	-	Apr	 1	0:00	1:00	S
+-# Whitman omits the next two transition and gives 1945 Oct 1; go with Shanks.
++# Whitman omits the next two transition and gives 1945 Oct 1;
++# go with Shanks & Pottenger.
+ Rule	Turkey	1942	only	-	Nov	 1	0:00	0	-
+ Rule	Turkey	1945	only	-	Apr	 2	0:00	1:00	S
+ Rule	Turkey	1945	only	-	Oct	 8	0:00	0	-
+@@ -2357,11 +2395,13 @@
+ 			3:00	Russia	MSK/MSD	1990
+ 			3:00	-	MSK	1990 Jul  1 2:00
+ 			2:00	-	EET	1992
+-# From Paul Eggert (1999-11-12):
++# From Paul Eggert (2006-03-22):
+ # The _Economist_ (1994-05-28, p 45) reports that central Crimea switched
+ # from Kiev to Moscow time sometime after the January 1994 elections.
+-# Shanks says ``date of change uncertain'', but implies that it happened
+-# sometime between the 1994 DST switches.  For now, guess it changed in May.
++# Shanks (1999) says ``date of change uncertain'', but implies that it happened
++# sometime between the 1994 DST switches.  Shanks & Pottenger simply say
++# 1994-09-25 03:00, but that can't be right.  For now, guess it
++# changed in May.
+ 			2:00	E-Eur	EE%sT	1994 May
+ # From IATA SSIM (1994/1997), which also says that Kerch is still like Kiev.
+ 			3:00	E-Eur	MSK/MSD	1996 Mar 31 3:00s
+Index: share/zoneinfo/factory
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/factory,v
+retrieving revision 1.5
+diff -u -r1.5 factory
+--- share/zoneinfo/factory	21 Jan 1999 21:55:55 -0000	1.5
++++ share/zoneinfo/factory	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)factory	7.3
++# @(#)factory	8.1
+ 
+ # For companies who don't want to put time zone specification in
+ # their installation procedures.  When users run date, they'll get the message.
+Index: share/zoneinfo/leapseconds
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/leapseconds,v
+retrieving revision 1.13.2.1
+diff -u -r1.13.2.1 leapseconds
+--- share/zoneinfo/leapseconds	22 Dec 2005 23:47:26 -0000	1.13.2.1
++++ share/zoneinfo/leapseconds	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)leapseconds	7.20
++# @(#)leapseconds	8.1
+ 
+ # Allowance for leapseconds added to each timezone file.
+ 
+@@ -50,7 +50,7 @@
+ # SERVICE INTERNATIONAL DE LA ROTATION TERRESTRE ET DES SYSTEMES DE REFERENCE
+ #
+ # SERVICE DE LA ROTATION TERRESTRE
+-# OBSERVATOIRE DE PARIS                                   
++# OBSERVATOIRE DE PARIS
+ # 61, Av. de l'Observatoire 75014 PARIS (France)
+ # Tel.      : 33 (0) 1 40 51 22 26
+ # FAX       : 33 (0) 1 40 51 22 91
+Index: share/zoneinfo/northamerica
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/northamerica,v
+retrieving revision 1.25.2.2
+diff -u -r1.25.2.2 northamerica
+--- share/zoneinfo/northamerica	27 Dec 2005 19:56:24 -0000	1.25.2.2
++++ share/zoneinfo/northamerica	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)northamerica	7.87
++# @(#)northamerica	8.9
+ # <pre>
+ 
+ # also includes Central America and the Caribbean
+@@ -30,12 +30,12 @@
+ # That 1883 transition occurred at 12:00 new time, not at 12:00 old time.
+ # See p 46 of David Prerau, Seize the daylight, Thunder's Mouth Press (2005).
+ 
+-# From Paul Eggert (1995-12-19):
++# From Paul Eggert (2006-03-22):
+ # A good source for time zone historical data in the US is
+ # Thomas G. Shanks, The American Atlas (5th edition),
+ # San Diego: ACS Publications, Inc. (1991).
+ # Make sure you have the errata sheet; the book is somewhat useless without it.
+-# It is the source for most of the pre-1991 US and Puerto Rico entries below.
++# It is the source for most of the pre-1991 US entries below.
+ 
+ # From Paul Eggert (2001-03-06):
+ # Daylight Saving Time was first suggested as a joke by Benjamin Franklin
+@@ -229,7 +229,7 @@
+ # Public law 106-564 (2000-12-23) introduced the abbreviation
+ # "Chamorro Standard Time" for time in Guam and the Northern Marianas.
+ # See the file "australasia".
+- 
++
+ # From Arthur David Olson, 2005-08-09
+ # The following was signed into law on 2005-08-08.
+ #
+@@ -274,7 +274,7 @@
+ # set their watches and clocks on Eastern time."  It quotes H.H. "Bubba"
+ # Roberts, city administrator in Phenix City. as saying "We are in the Central
+ # time zone, but we do go by the Eastern time zone because so many people work
+-# in Columbus." 
++# in Columbus."
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
+ Rule	NYC	1920	only	-	Mar	lastSun	2:00	1:00	D
+@@ -301,6 +301,13 @@
+ # Nebraska, eastern North Dakota, Oklahoma, eastern South Dakota,
+ # western Tennessee, most of Texas, Wisconsin
+ 
++# From Larry M. Smith (2006-04-26) re Wisconsin:
++# http://www.legis.state.wi.us/statutes/Stat0175.pdf ...
++# is currently enforced at the 01:00 time of change.  Because the local
++# "bar time" in the state corresponds to 02:00, a number of citations
++# are issued for the "sale of class 'B' alcohol after prohibited
++# hours" within the deviated hour of this change every year....
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
+ Rule	Chicago	1920	only	-	Jun	13	2:00	1:00	D
+ Rule	Chicago	1920	1921	-	Oct	lastSun	2:00	0	S
+@@ -321,6 +328,16 @@
+ Zone America/North_Dakota/Center -6:45:12 - LMT	1883 Nov 18 12:14:48
+ 			-7:00	US	M%sT	1992 Oct 25 02:00
+ 			-6:00	US	C%sT
++# Morton County, ND, switched from mountain to central time on
++# 2003-10-26, except for the area around Mandan which was already central time.
++# See <http://dmses.dot.gov/docimages/p63/135818.pdf>.
++# Officially this switch also included part of Sioux County, and
++# Jones, Mellette, and Todd Counties in South Dakota;
++# but in practice these other counties were already observing central time.
++# See <http://www.epa.gov/fedrgstr/EPA-IMPACT/2003/October/Day-28/i27056.htm>.
++Zone America/North_Dakota/New_Salem -6:45:39 - LMT 1883 Nov 18 12:14:21
++			-7:00	US	M%sT	2003 Oct 26 02:00
++			-6:00	US	C%sT
+ 
+ # US mountain time, represented by Denver
+ #
+@@ -399,7 +416,8 @@
+ Zone America/Anchorage	 14:00:24 -	LMT	1867 Oct 18
+ 			 -9:59:36 -	LMT	1900 Aug 20 12:00
+ 			-10:00	-	CAT	1942
+-			-10:00	US	CAT/CAWT 1946
++			-10:00	US	CAT/CAWT 1945 Aug 14 23:00u
++			-10:00	US	CAT/CAPT 1946 # Peace
+ 			-10:00	-	CAT	1967 Apr
+ 			-10:00	-	AHST	1969
+ 			-10:00	US	AH%sT	1983 Oct 30 2:00
+@@ -519,9 +537,9 @@
+ # For a map of Indiana's time zone regions, see:
+ # <a href="http://www.mccsc.edu/time.html">
+ # What time is it in Indiana?
+-# </a> (2005-05-03)
++# </a> (2006-03-01)
+ #
+-# From Paul Eggert (2005-08-22):
++# From Paul Eggert (2006-03-22):
+ # Since 1970, most of Indiana has been like America/Indiana/Indianapolis,
+ # with the following exceptions:
+ #
+@@ -533,11 +551,15 @@
+ # - Clark, Floyd, and Harrison counties have been like
+ #   America/Kentucky/Louisville.
+ #
+-# - Crawford, Starke, and Switzerland counties have their own time zone
++# - Daviess, Dubois, Knox, Martin, Perry, and Pulaski counties
++#   have been like America/Indiana/Vincennes.
++#
++# - Crawford, Pike, Starke, and Switzerland counties have their own time zone
+ #   histories as noted below.
+ #
+-# Shanks partitions Indiana into 345 regions, each with its own time history,
+-# and writes ``Even newspaper reports present contradictory information.''
++# Shanks partitioned Indiana into 345 regions, each with its own time history,
++# and wrote ``Even newspaper reports present contradictory information.''
++# Those Hoosiers!  Such a flighty and changeable people!
+ # Fortunately, most of the complexity occurred before our cutoff date of 1970.
+ #
+ # Other than Indianapolis, the Indiana place names are so nondescript
+@@ -545,11 +567,21 @@
+ # So we reluctantly put them all in a subdirectory `America/Indiana'.
+ 
+ # From Paul Eggert (2005-08-16):
+-# http://www.mccsc.edu/time.html says that Indiana will use DST starting 2006,
+-# and that many counties may switch either to Central or to Eastern time.
+-# The county-by-county decisions have not been made yet, so for now assume
+-# that no counties will switch: this assumption is most likely wrong,
+-# but it's the best we can do for now.
++# http://www.mccsc.edu/time.html says that Indiana will use DST starting 2006.
++
++# From Nathan Stratton Treadway (2006-03-30):
++# http://www.dot.gov/affairs/dot0406.htm [3705 B]
++# From Deborah Goldsmith (2006-01-18):
++# http://dmses.dot.gov/docimages/pdf95/382329_web.pdf [2.9 MB]
++# From Paul Eggert (2006-01-20):
++# It says "DOT is relocating the time zone boundary in Indiana to move Starke,
++# Pulaski, Knox, Daviess, Martin, Pike, Dubois, and Perry Counties from the
++# Eastern Time Zone to the Central Time Zone.... The effective date of
++# this rule is 2:OO a.m. EST Sunday, April 2, 2006, which is the
++# changeover date from standard time to Daylight Saving Time."
++# Strictly speaking, this means the affected counties will change their
++# clocks twice that night, but this obviously is in error.  The intent
++# is that 01:59:59 EST be followed by 02:00:00 CDT.
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
+ Rule Indianapolis 1941	only	-	Jun	22	2:00	1:00	D
+@@ -568,8 +600,8 @@
+ 			-5:00	-	EST	2006
+ 			-5:00	US	E%sT
+ #
+-# Part of Crawford County, Indiana, last observed DST in 1975,
+-# and left its clocks alone in 1974.
++# Eastern Crawford County, Indiana, left its clocks alone in 1974,
++# as well as from 1976 through 2005.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
+ Rule	Marengo	1951	only	-	Apr	lastSun	2:00	1:00	D
+ Rule	Marengo	1951	only	-	Sep	lastSun	2:00	0	S
+@@ -586,7 +618,45 @@
+ 			-5:00	-	EST	2006
+ 			-5:00	US	E%sT
+ #
+-# Starke County, Indiana
++# Daviess, Dubois, Knox, Martin, Perry, and Pulaski Counties, Indiana,
++# switched from eastern to central time in April 2006.
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
++Rule Vincennes	1946	only	-	Apr	lastSun	2:00	1:00	D
++Rule Vincennes	1946	only	-	Sep	lastSun	2:00	0	S
++Rule Vincennes	1953	1954	-	Apr	lastSun	2:00	1:00	D
++Rule Vincennes	1953	1959	-	Sep	lastSun	2:00	0	S
++Rule Vincennes	1955	only	-	May	 1	0:00	1:00	D
++Rule Vincennes	1956	1963	-	Apr	lastSun	2:00	1:00	D
++Rule Vincennes	1960	only	-	Oct	lastSun	2:00	0	S
++Rule Vincennes	1961	only	-	Sep	lastSun	2:00	0	S
++Rule Vincennes	1962	1963	-	Oct	lastSun	2:00	0	S
++# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
++Zone America/Indiana/Vincennes -5:50:07 - LMT	1883 Nov 18 12:09:53
++			-6:00	US	C%sT	1946
++			-6:00 Vincennes	C%sT	1964 Apr 26 2:00
++			-5:00	-	EST	1969
++			-5:00	US	E%sT	1971
++			-5:00	-	EST	2006 Apr  2 2:00
++			-6:00	US	C%sT
++#
++# Pike County, Indiana moved from central to eastern time in 1977,
++# then switched back in 2006.
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
++Rule	Pike	1955	only	-	May	 1	0:00	1:00	D
++Rule	Pike	1955	1960	-	Sep	lastSun	2:00	0	S
++Rule	Pike	1956	1964	-	Apr	lastSun	2:00	1:00	D
++Rule	Pike	1961	1964	-	Oct	lastSun	2:00	0	S
++# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
++Zone America/Indiana/Petersburg -5:49:07 - LMT	1883 Nov 18 12:10:53
++			-6:00	US	C%sT	1955
++			-6:00	Pike	C%sT	1965 Apr 25 2:00
++			-5:00	-	EST	1966 Oct 30 2:00
++			-6:00	US	C%sT	1977 Oct 30 2:00
++			-5:00	-	EST	2006 Apr  2 2:00
++			-6:00	US	C%sT
++#
++# Starke County, Indiana moved from central to eastern time in 1991,
++# then switched back in 2006.
+ # From Arthur David Olson (1991-10-28):
+ # An article on page A3 of the Sunday, 1991-10-27 Washington Post
+ # notes that Starke County switched from Central time to Eastern time as of
+@@ -603,10 +673,10 @@
+ 			-6:00	Starke	C%sT	1962 Apr 29 2:00
+ 			-5:00	-	EST	1963 Oct 27 2:00
+ 			-6:00	US	C%sT	1991 Oct 27 2:00
+-			-5:00	-	EST	2006
+-			-5:00	US	E%sT
++			-5:00	-	EST	2006 Apr  2 2:00
++			-6:00	US	C%sT
+ #
+-# Switzerland County, Indiana, last observed DST in 1972.
++# Switzerland County, Indiana, did not observe DST from 1973 through 2005.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Indiana/Vevay -5:40:16 -	LMT	1883 Nov 18 12:19:44
+ 			-6:00	US	C%sT	1954 Apr 25 2:00
+@@ -636,7 +706,7 @@
+ 			-6:00	1:00	CDT	1974 Oct 27 2:00
+ 			-5:00	US	E%sT
+ #
+-# Wayne, Clinton, and Russell Counties, Kentucky
++# Wayne County, Kentucky
+ #
+ # From
+ # <a href="http://www.lake-cumberland.com/life/archive/news990129time.shtml">
+@@ -733,7 +803,8 @@
+ 			-5:00	-	EST	1975 Apr 27 2:00
+ 			-5:00	US	E%sT
+ #
+-# The Michigan border with Wisconsin switched from EST to CST/CDT in 1973.
++# Dickinson, Gogebic, Iron, and Menominee Counties, Michigan,
++# switched from EST to CST/CDT in 1973.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER
+ Rule Menominee	1946	only	-	Apr	lastSun	2:00	1:00	D
+ Rule Menominee	1946	only	-	Sep	lastSun	2:00	0	S
+@@ -760,10 +831,10 @@
+ ################################################################################
+ 
+ 
+-# From Paul Eggert (1999-10-29):
+-# A good source for time zone historical data outside the US is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# From Paul Eggert (2006-03-22):
++# A good source for time zone historical data outside the U.S. is
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -771,8 +842,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1990,
+-# and IATA SSIM is the source for entries after 1990.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1990, and IATA SSIM is the source for entries afterwards.
+ #
+ # Other sources occasionally used include:
+ #
+@@ -820,9 +891,51 @@
+ # From Paul Eggert (1994-11-22):
+ # Alas, this sort of thing must be handled by localization software.
+ 
+-# Unless otherwise specified, the data for Canada are all from Shanks.
++# Unless otherwise specified, the data for Canada are all from Shanks
++# & Pottenger.
+ 
+-# From Paul Eggert (2005-12-21):
++# From Chris Walton (2006-04-01):
++# The British Columbia government announced yesterday that it will
++# adjust daylight savings next year to align with changes in the
++# U.S. and the rest of Canada....
++# http://www2.news.gov.bc.ca/news_releases_2005-2009/2006AG0014-000330.htm
++
++# From Chris Walton (2006-04-25):
++# Daylight saving time will be extended by four weeks starting in 2007....
++# Here is a news release which was issued today by the Nova Scotia government:
++# http://www.gov.ns.ca/news/details.asp?id=20060425004
++
++# From Chris Walton (2006-06-26):
++# [For New Brunswick] the new legislation dictates that the time change is to
++# be done at 02:00 instead of 00:01.
++# http://www.gnb.ca/0062/acts/BBA-2006/Chap-19.pdf
++# ...
++# Manitoba has traditionally changed the clock every fall at 03:00.
++# As of 2006, the transition is to take place one hour earlier at 02:00.
++# http://web2.gov.mb.ca/laws/statutes/ccsm/o030e.php
++# ...
++# [Alberta, Ontario, Quebec] will follow US rules.
++# http://www.qp.gov.ab.ca/documents/Acts/2006CH03_UNPR.cfm?frm_isbn=0779744934
++# http://www.e-laws.gov.on.ca/DBLaws/Source/Regs/English/2006/R06111_e.htm
++# http://www.assnat.qc.ca/eng/37legislature2/Projets-loi/Publics/06-a002.htm
++# ...
++# P.E.I. will follow US rules.  The new legislation is not law yet.
++# It passed first reading on April 20....
++# http://www.assembly.pe.ca/bills/pdf_first/62/3/bill-101.pdf
++# ...
++# Province of Newfoundland and Labrador.... The change is being considered.
++# http://www.releases.gov.nl.ca/releases/2006/mpa/0331n01.htm
++# ...
++# N.W.T. will follow US rules.  Whoever maintains the government web site
++# does not seem to believe in bookmarks.  To see the news release, click the
++# following link and search for "Daylight Savings Time Change".  Press the
++# "Daylight Savings Time Change" link; it will fire off a popup using
++# JavaScript.
++# http://www.exec.gov.nt.ca/currentnews/currentPR.asp?mode=archive
++
++
++
++# From Paul Eggert (2006-04-25):
+ # H. David Matthews and Mary Vincent's map
+ # <a href="http://www.canadiangeographic.ca/Magazine/SO98/geomap.asp">
+ # "It's about TIME", _Canadian Geographic_ (September-October 1998)
+@@ -834,25 +947,10 @@
+ # information about standard and daylight saving time zones in Canada.
+ # </a> (updated periodically).
+ # Its unofficial information is often taken from Matthews and Vincent.
+-#
+-# CBC News reported that Ontario and Manitoba have announced plans to
+-# follow the US change, and that Nova Scotia is considering it; see
+-# <http://www.cbc.ca/news/background/daylightsavingtime/> (2005-10-21).
+-# CBC news also reported that Prince Edward Island is the first
+-# province in Atlantic Canada to follow the US change, and that Quebec
+-# had agreed; see <http://www.cbc.ca/pei/story/pe_daylight_20051207.html>
+-# (2005-12-07).
+-#
+-# To reflect all this, the Canada and Winn rules have been adjusted to
+-# agree with the 2007 US change.  This means we assume most of Canada
+-# will fall into line.  However, Alberta, British Columbia,
+-# Newfoundland, Northwest Territories, and Yukon already have separate
+-# rules in our database, so for now we'll leave them alone, which
+-# means that we currently assume these regions will not change their
+-# rules and will disagree with the US starting in 2007.  This
+-# assumption is probably incorrect, with the possible exception of
+-# Newfoundland.  We plan to adjust the Edm, Vanc, StJohns, and NT_YK
+-# rules as the corresponding provinces make their announcements.
++
++# From Paul Eggert (2006-06-27):
++# For now, assume all of DST-observing Canada will fall into line with the
++# new US DST rules,
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Canada	1918	only	-	Apr	14	2:00	1:00	D
+@@ -867,7 +965,7 @@
+ Rule	Canada	2007	max	-	Nov	Sun>=1	2:00	0	S
+ 
+ 
+-# Newfoundland (and far southeast Labrador)
++# Newfoundland and Labrador
+ 
+ # From Paul Eggert (2000-10-02):
+ # Matthews and Vincent (1998) write that Labrador should use NST/NDT,
+@@ -878,20 +976,21 @@
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	StJohns	1917	only	-	Apr	 8	2:00	1:00	D
+ Rule	StJohns	1917	only	-	Sep	17	2:00	0	S
+-# Whitman gives 1919 Apr 5 and 1920 Apr 5; go with Shanks.
++# Whitman gives 1919 Apr 5 and 1920 Apr 5; go with Shanks & Pottenger.
+ Rule	StJohns	1919	only	-	May	 5	23:00	1:00	D
+ Rule	StJohns	1919	only	-	Aug	12	23:00	0	S
+-# For 1931-1935 Whitman gives Apr same date; go with Shanks.
++# For 1931-1935 Whitman gives Apr same date; go with Shanks & Pottenger.
+ Rule	StJohns	1920	1935	-	May	Sun>=1	23:00	1:00	D
+ Rule	StJohns	1920	1935	-	Oct	lastSun	23:00	0	S
+-# For 1936-1941 Whitman gives May Sun>=8 and Oct Sun>=1; go with Shanks.
++# For 1936-1941 Whitman gives May Sun>=8 and Oct Sun>=1; go with Shanks &
++# Pottenger.
+ Rule	StJohns	1936	1941	-	May	Mon>=9	0:00	1:00	D
+ Rule	StJohns	1936	1941	-	Oct	Mon>=2	0:00	0	S
+ # Whitman gives the following transitions:
+ # 1942 03-01/12-31, 1943 05-30/09-05, 1944 07-10/09-02, 1945 01-01/10-07
+-# but go with Shanks and assume they used Canadian rules.
++# but go with Shanks & Pottenger and assume they used Canadian rules.
+ # For 1946-9 Whitman gives May 5,4,9,1 - Oct 1,5,3,2, and for 1950 he gives
+-# Apr 30 - Sep 24; go with Shanks.
++# Apr 30 - Sep 24; go with Shanks & Pottenger.
+ Rule	StJohns	1946	1950	-	May	Sun>=8	2:00	1:00	D
+ Rule	StJohns	1946	1950	-	Oct	Sun>=2	2:00	0	S
+ Rule	StJohns	1951	1986	-	Apr	lastSun	2:00	1:00	D
+@@ -901,9 +1000,12 @@
+ # INMS (2000-09-12) says that, since 1988 at least, Newfoundland switches
+ # at 00:01 local time.  For now, assume it started in 1987.
+ Rule	StJohns	1987	only	-	Apr	Sun>=1	0:01	1:00	D
+-Rule	StJohns	1987	max	-	Oct	lastSun	0:01	0	S
++Rule	StJohns	1987	2006	-	Oct	lastSun	0:01	0	S
+ Rule	StJohns	1988	only	-	Apr	Sun>=1	0:01	2:00	DD
+-Rule	StJohns	1989	max	-	Apr	Sun>=1	0:01	1:00	D
++Rule	StJohns	1989	2006	-	Apr	Sun>=1	0:01	1:00	D
++Rule	StJohns	2007	max	-	Mar	Sun>=8	0:01	1:00	D
++Rule	StJohns	2007	max	-	Nov	Sun>=1	0:01	0	S
++#
+ # St John's has an apostrophe, but Posix file names can't have apostrophes.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/St_Johns	-3:30:52 -	LMT	1884
+@@ -929,62 +1031,58 @@
+ 			-4:00	StJohns	A%sT
+ 
+ 
+-# west Labrador, New Brunswick, Nova Scotia, Prince Edward I
++# west Labrador, Nova Scotia, Prince Edward I
+ 
+-# From Paul Eggert (1996-06-12):
+-# Shanks writes that since 1970 most of this region has been like Halifax.
+-# Many locales did not observe peacetime DST until 1972;
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that since 1970 most of this region has been like
++# Halifax.  Many locales did not observe peacetime DST until 1972;
+ # Glace Bay, NS is the largest that we know of.
+-# Shanks also writes that Liverpool, NS was the only town in Canada to observe
+-# DST in 1971 but not 1970; for now we'll assume this is a typo.
+-
+-# From Paul Eggert (2000-10-02):
+-# INMS (2000-09-12) says that, since 1988 at least, New Brunswick switches
+-# at 00:01 local time.  FIXME: verify and create a new Zone for this.
+-
+-
+-# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-Rule Halifax	1916	only	-	Apr	 1	0:00	1:00	D
+-Rule Halifax	1916	only	-	Oct	 1	0:00	0	S
+-Rule Halifax	1920	only	-	May	 9	0:00	1:00	D
+-Rule Halifax	1920	only	-	Aug	29	0:00	0	S
+-Rule Halifax	1921	only	-	May	 6	0:00	1:00	D
+-Rule Halifax	1921	1922	-	Sep	 5	0:00	0	S
+-Rule Halifax	1922	only	-	Apr	30	0:00	1:00	D
+-Rule Halifax	1923	1925	-	May	Sun>=1	0:00	1:00	D
+-Rule Halifax	1923	only	-	Sep	 4	0:00	0	S
+-Rule Halifax	1924	only	-	Sep	15	0:00	0	S
+-Rule Halifax	1925	only	-	Sep	28	0:00	0	S
+-Rule Halifax	1926	only	-	May	16	0:00	1:00	D
+-Rule Halifax	1926	only	-	Sep	13	0:00	0	S
+-Rule Halifax	1927	only	-	May	 1	0:00	1:00	D
+-Rule Halifax	1927	only	-	Sep	26	0:00	0	S
+-Rule Halifax	1928	1931	-	May	Sun>=8	0:00	1:00	D
+-Rule Halifax	1928	only	-	Sep	 9	0:00	0	S
+-Rule Halifax	1929	only	-	Sep	 3	0:00	0	S
+-Rule Halifax	1930	only	-	Sep	15	0:00	0	S
+-Rule Halifax	1931	1932	-	Sep	Mon>=24	0:00	0	S
+-Rule Halifax	1932	only	-	May	 1	0:00	1:00	D
+-Rule Halifax	1933	only	-	Apr	30	0:00	1:00	D
+-Rule Halifax	1933	only	-	Oct	 2	0:00	0	S
+-Rule Halifax	1934	only	-	May	20	0:00	1:00	D
+-Rule Halifax	1934	only	-	Sep	16	0:00	0	S
+-Rule Halifax	1935	only	-	Jun	 2	0:00	1:00	D
+-Rule Halifax	1935	only	-	Sep	30	0:00	0	S
+-Rule Halifax	1936	only	-	Jun	 1	0:00	1:00	D
+-Rule Halifax	1936	only	-	Sep	14	0:00	0	S
+-Rule Halifax	1937	1938	-	May	Sun>=1	0:00	1:00	D
+-Rule Halifax	1937	1941	-	Sep	Mon>=24	0:00	0	S
+-Rule Halifax	1939	only	-	May	28	0:00	1:00	D
+-Rule Halifax	1940	1941	-	May	Sun>=1	0:00	1:00	D
+-Rule Halifax	1946	1949	-	Sep	lastSun	2:00	0	S
+-Rule Halifax	1946	1949	-	Apr	lastSun	2:00	1:00	D
+-Rule Halifax	1951	1954	-	Sep	lastSun	2:00	0	S
+-Rule Halifax	1951	1954	-	Apr	lastSun	2:00	1:00	D
+-Rule Halifax	1956	1959	-	Sep	lastSun	2:00	0	S
+-Rule Halifax	1956	1959	-	Apr	lastSun	2:00	1:00	D
+-Rule Halifax	1962	1973	-	Apr	lastSun	2:00	1:00	D
+-Rule Halifax	1962	1973	-	Oct	lastSun	2:00	0	S
++# Shanks & Pottenger also write that Liverpool, NS was the only town
++# in Canada to observe DST in 1971 but not 1970; for now we'll assume
++# this is a typo.
++
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
++Rule	Halifax	1916	only	-	Apr	 1	0:00	1:00	D
++Rule	Halifax	1916	only	-	Oct	 1	0:00	0	S
++Rule	Halifax	1920	only	-	May	 9	0:00	1:00	D
++Rule	Halifax	1920	only	-	Aug	29	0:00	0	S
++Rule	Halifax	1921	only	-	May	 6	0:00	1:00	D
++Rule	Halifax	1921	1922	-	Sep	 5	0:00	0	S
++Rule	Halifax	1922	only	-	Apr	30	0:00	1:00	D
++Rule	Halifax	1923	1925	-	May	Sun>=1	0:00	1:00	D
++Rule	Halifax	1923	only	-	Sep	 4	0:00	0	S
++Rule	Halifax	1924	only	-	Sep	15	0:00	0	S
++Rule	Halifax	1925	only	-	Sep	28	0:00	0	S
++Rule	Halifax	1926	only	-	May	16	0:00	1:00	D
++Rule	Halifax	1926	only	-	Sep	13	0:00	0	S
++Rule	Halifax	1927	only	-	May	 1	0:00	1:00	D
++Rule	Halifax	1927	only	-	Sep	26	0:00	0	S
++Rule	Halifax	1928	1931	-	May	Sun>=8	0:00	1:00	D
++Rule	Halifax	1928	only	-	Sep	 9	0:00	0	S
++Rule	Halifax	1929	only	-	Sep	 3	0:00	0	S
++Rule	Halifax	1930	only	-	Sep	15	0:00	0	S
++Rule	Halifax	1931	1932	-	Sep	Mon>=24	0:00	0	S
++Rule	Halifax	1932	only	-	May	 1	0:00	1:00	D
++Rule	Halifax	1933	only	-	Apr	30	0:00	1:00	D
++Rule	Halifax	1933	only	-	Oct	 2	0:00	0	S
++Rule	Halifax	1934	only	-	May	20	0:00	1:00	D
++Rule	Halifax	1934	only	-	Sep	16	0:00	0	S
++Rule	Halifax	1935	only	-	Jun	 2	0:00	1:00	D
++Rule	Halifax	1935	only	-	Sep	30	0:00	0	S
++Rule	Halifax	1936	only	-	Jun	 1	0:00	1:00	D
++Rule	Halifax	1936	only	-	Sep	14	0:00	0	S
++Rule	Halifax	1937	1938	-	May	Sun>=1	0:00	1:00	D
++Rule	Halifax	1937	1941	-	Sep	Mon>=24	0:00	0	S
++Rule	Halifax	1939	only	-	May	28	0:00	1:00	D
++Rule	Halifax	1940	1941	-	May	Sun>=1	0:00	1:00	D
++Rule	Halifax	1946	1949	-	Apr	lastSun	2:00	1:00	D
++Rule	Halifax	1946	1949	-	Sep	lastSun	2:00	0	S
++Rule	Halifax	1951	1954	-	Apr	lastSun	2:00	1:00	D
++Rule	Halifax	1951	1954	-	Sep	lastSun	2:00	0	S
++Rule	Halifax	1956	1959	-	Apr	lastSun	2:00	1:00	D
++Rule	Halifax	1956	1959	-	Sep	lastSun	2:00	0	S
++Rule	Halifax	1962	1973	-	Apr	lastSun	2:00	1:00	D
++Rule	Halifax	1962	1973	-	Oct	lastSun	2:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Halifax	-4:14:24 -	LMT	1902 Jun 15
+ 			-4:00	Halifax	A%sT	1918
+@@ -1000,12 +1098,110 @@
+ 			-4:00	Halifax	A%sT	1974
+ 			-4:00	Canada	A%sT
+ 
++# New Brunswick
+ 
+-# Ontario, Quebec
++# From Paul Eggert (2006-01-20):
++# New Brunswick's Time Definition Act
++# <http://www.gnb.ca/0062/PDF-acts/t-06.pdf> says they change at 00:01, and
++# <http://www.canlii.org/nb/laws/sta/t-6/20030127/whole.html> makes it
++# clear that this has been the case since at least 1993.
++# For now, assume it started in 1993.
++
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
++Rule	Moncton	1933	1935	-	Jun	Sun>=8	1:00	1:00	D
++Rule	Moncton	1933	1935	-	Sep	Sun>=8	1:00	0	S
++Rule	Moncton	1936	1938	-	Jun	Sun>=1	1:00	1:00	D
++Rule	Moncton	1936	1938	-	Sep	Sun>=1	1:00	0	S
++Rule	Moncton	1939	only	-	May	27	1:00	1:00	D
++Rule	Moncton	1939	1941	-	Sep	Sat>=21	1:00	0	S
++Rule	Moncton	1940	only	-	May	19	1:00	1:00	D
++Rule	Moncton	1941	only	-	May	 4	1:00	1:00	D
++Rule	Moncton	1946	1972	-	Apr	lastSun	2:00	1:00	D
++Rule	Moncton	1946	1956	-	Sep	lastSun	2:00	0	S
++Rule	Moncton	1957	1972	-	Oct	lastSun	2:00	0	S
++Rule	Moncton	1993	2006	-	Apr	Sun>=1	0:01	1:00	D
++Rule	Moncton	1993	2006	-	Oct	lastSun	0:01	0	S
++# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
++Zone America/Moncton	-4:19:08 -	LMT	1883 Dec  9
++			-5:00	-	EST	1902 Jun 15
++			-4:00	Canada	A%sT	1933
++			-4:00	Moncton	A%sT	1942
++			-4:00	Canada	A%sT	1946
++			-4:00	Moncton	A%sT	1973
++			-4:00	Canada	A%sT	1993
++			-4:00	Moncton	A%sT	2007
++			-4:00	Canada	A%sT
+ 
+-# From Paul Eggert (1996-06-12):
+-# Shanks writes that since 1970 most of Ontario has been like Toronto,
+-# and most of Quebec has been like Montreal.
++# Quebec
++
++# From Paul Eggert (2006-07-09):
++# Shanks & Pottenger write that since 1970 most of Quebec has been
++# like Montreal.
++
++# From Paul Eggert (2006-06-27):
++# Matthews and Vincent (1998) also write that Quebec east of the -63
++# meridian is supposed to observe AST, but residents as far east as
++# Natashquan use EST/EDT, and residents east of Natashquan use AST.
++# In "Official time in Quebec" the Quebec department of justice writes in
++# http://www.justice.gouv.qc.ca/english/publications/generale/temps-regl-1-a.htm
++# that "The residents of the Municipality of the
++# Cote-Nord-du-Golfe-Saint-Laurent and the municipalities of Saint-Augustin,
++# Bonne-Esperance and Blanc-Sablon apply the Official Time Act as it is
++# written and use Atlantic standard time all year round. The same applies to
++# the residents of the Native facilities along the lower North Shore."
++# <http://www.assnat.qc.ca/eng/37legislature2/Projets-loi/Publics/06-a002.htm>
++# says this common practice was codified into law as of 2007.
++# For lack of better info, guess this practice began around 1970, contra to
++# Shanks & Pottenger who have this region observing AST/ADT.
++
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
++Rule	Mont	1917	only	-	Mar	25	2:00	1:00	D
++Rule	Mont	1917	only	-	Apr	24	0:00	0	S
++Rule	Mont	1919	only	-	Mar	31	2:30	1:00	D
++Rule	Mont	1919	only	-	Oct	25	2:30	0	S
++Rule	Mont	1920	only	-	May	 2	2:30	1:00	D
++Rule	Mont	1920	1922	-	Oct	Sun>=1	2:30	0	S
++Rule	Mont	1921	only	-	May	 1	2:00	1:00	D
++Rule	Mont	1922	only	-	Apr	30	2:00	1:00	D
++Rule	Mont	1924	only	-	May	17	2:00	1:00	D
++Rule	Mont	1924	1926	-	Sep	lastSun	2:30	0	S
++Rule	Mont	1925	1926	-	May	Sun>=1	2:00	1:00	D
++# The 1927-to-1937 rules can be expressed more simply as
++# Rule	Mont	1927	1937	-	Apr	lastSat	24:00	1:00	D
++# Rule	Mont	1927	1937	-	Sep	lastSat	24:00	0	S
++# The rules below avoid use of 24:00
++# (which pre-1998 versions of zic cannot handle).
++Rule	Mont	1927	only	-	May	1	0:00	1:00	D
++Rule	Mont	1927	1932	-	Sep	lastSun	0:00	0	S
++Rule	Mont	1928	1931	-	Apr	lastSun	0:00	1:00	D
++Rule	Mont	1932	only	-	May	1	0:00	1:00	D
++Rule	Mont	1933	1940	-	Apr	lastSun	0:00	1:00	D
++Rule	Mont	1933	only	-	Oct	1	0:00	0	S
++Rule	Mont	1934	1939	-	Sep	lastSun	0:00	0	S
++Rule	Mont	1946	1973	-	Apr	lastSun	2:00	1:00	D
++Rule	Mont	1945	1948	-	Sep	lastSun	2:00	0	S
++Rule	Mont	1949	1950	-	Oct	lastSun	2:00	0	S
++Rule	Mont	1951	1956	-	Sep	lastSun	2:00	0	S
++Rule	Mont	1957	1973	-	Oct	lastSun	2:00	0	S
++
++# Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
++Zone America/Blanc-Sablon -3:48:28 -	LMT	1884
++			-4:00	Canada	A%sT	1970
++			-4:00	-	AST
++Zone America/Montreal	-4:54:16 -	LMT	1884
++			-5:00	Mont	E%sT	1918
++			-5:00	Canada	E%sT	1919
++			-5:00	Mont	E%sT	1942 Feb  9 2:00s
++			-5:00	Canada	E%sT	1946
++			-5:00	Mont	E%sT	1974
++			-5:00	Canada	E%sT
++
++
++# Ontario
++
++# From Paul Eggert (2006-07-09):
++# Shanks & Pottenger write that since 1970 most of Ontario has been like
++# Toronto.
+ # Thunder Bay skipped DST in 1973.
+ # Many smaller locales did not observe peacetime DST until 1974;
+ # Nipigon (EST) and Rainy River (CST) are the largest that we know of.
+@@ -1035,50 +1231,46 @@
+ # says that Ontario east of 90W uses EST/EDT, and west of 90W uses CST/CDT.
+ # Officially Atikokan is therefore on CST/CDT, and most likely this report
+ # concerns a non-official time observed as a matter of local practice.
+-# For what it's worth, Shanks says that Atikokan has agreed with
+-# Rainy River ever since standard time was introduced.
+-
++#
+ # From Paul Eggert (2000-10-02):
+ # Matthews and Vincent (1998) write that Atikokan, Pickle Lake, and
+ # New Osnaburgh observe CST all year, that Big Trout Lake observes
+ # CST/CDT, and that Upsala and Shebandowan observe EST/EDT, all in
+ # violation of the official Ontario rules.
+-# They also write that Quebec east of the -63 meridian is supposed to
+-# observe AST, but residents as far east as Natashquan use EST/EDT,
+-# and residents east of Natashquan use AST.
+-# We probably need Zones for far east Quebec and for Atikokan,
+-# but we don't know when their practices started.
++#
++# From Paul Eggert (2006-07-09):
++# Chris Walton (2006-07-06) mentioned an article by Stephanie MacLellan in the
++# 2005-07-21 Chronicle-Journal, which said:
++#
++#	The clocks in Atikokan stay set on standard time year-round.
++#	This means they spend about half the time on central time and
++#	the other half on eastern time.
++#
++#	For the most part, the system works, Mayor Dennis Brown said.
++#
++#	"The majority of businesses in Atikokan deal more with Eastern
++#	Canada, but there are some that deal with Western Canada," he
++#	said.  "I don't see any changes happening here."
++#
++# Walton also writes "Supposedly Pickle Lake and Mishkeegogamang
++# [New Osnaburgh] follow the same practice."
++
++# From Garry McKinnon (2006-07-14) via Chris Walton:
++# I chatted with a member of my board who has an outstanding memory
++# and a long history in Atikokan (and in the telecom industry) and he
++# can say for certain that Atikokan has been practicing the current
++# time keeping since 1952, at least.
++
++# From Paul Eggert (2006-07-17):
++# Shanks & Pottenger say that Atikokan has agreed with Rainy River
++# ever since standard time was introduced, but the information from
++# McKinnon sounds more authoritative.  For now, assume that Atikokan
++# switched to EST immediately after WWII era daylight saving time
++# ended.  This matches the old (less-populous) America/Coral_Harbour
++# entry since our cutoff date of 1970, so we can move
++# America/Coral_Harbour to the 'backward' file.
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-Rule	Mont	1917	only	-	Mar	25	2:00	1:00	D
+-Rule	Mont	1917	only	-	Apr	24	0:00	0	S
+-Rule	Mont	1919	only	-	Mar	31	2:30	1:00	D
+-Rule	Mont	1919	only	-	Oct	25	2:30	0	S
+-Rule	Mont	1920	only	-	May	 2	2:30	1:00	D
+-Rule	Mont	1920	1922	-	Oct	Sun>=1	2:30	0	S
+-Rule	Mont	1921	only	-	May	 1	2:00	1:00	D
+-Rule	Mont	1922	only	-	Apr	30	2:00	1:00	D
+-Rule	Mont	1924	only	-	May	17	2:00	1:00	D
+-Rule	Mont	1924	1926	-	Sep	lastSun	2:30	0	S
+-Rule	Mont	1925	1926	-	May	Sun>=1	2:00	1:00	D
+-# The 1927-to-1937 rules can be expressed more simply as
+-# Rule	Mont	1927	1937	-	Apr	lastSat	24:00	1:00	D
+-# Rule	Mont	1927	1937	-	Sep	lastSat	24:00	0	S
+-# The rules below avoid use of 24:00
+-# (which pre-1998 versions of zic cannot handle).
+-Rule	Mont	1927	only	-	May	1	0:00	1:00	D
+-Rule	Mont	1927	1932	-	Sep	lastSun	0:00	0	S
+-Rule	Mont	1928	1931	-	Apr	lastSun	0:00	1:00	D
+-Rule	Mont	1932	only	-	May	1	0:00	1:00	D
+-Rule	Mont	1933	1940	-	Apr	lastSun	0:00	1:00	D
+-Rule	Mont	1933	only	-	Oct	1	0:00	0	S
+-Rule	Mont	1934	1939	-	Sep	lastSun	0:00	0	S
+-Rule	Mont	1946	1973	-	Apr	lastSun	2:00	1:00	D
+-Rule	Mont	1945	1948	-	Sep	lastSun	2:00	0	S
+-Rule	Mont	1949	1950	-	Oct	lastSun	2:00	0	S
+-Rule	Mont	1951	1956	-	Sep	lastSun	2:00	0	S
+-Rule	Mont	1957	1973	-	Oct	lastSun	2:00	0	S
+-
+ Rule	Toronto	1919	only	-	Mar	30	23:30	1:00	D
+ Rule	Toronto	1919	only	-	Oct	26	0:00	0	S
+ Rule	Toronto	1920	only	-	May	 2	2:00	1:00	D
+@@ -1086,7 +1278,8 @@
+ Rule	Toronto	1921	only	-	May	15	2:00	1:00	D
+ Rule	Toronto	1921	only	-	Sep	15	2:00	0	S
+ Rule	Toronto	1922	1923	-	May	Sun>=8	2:00	1:00	D
+-# Shanks says 1923-09-19; assume it's a typo and that "-16" was meant.
++# Shanks & Pottenger say 1923-09-19; assume it's a typo and that "-16"
++# was meant.
+ Rule	Toronto	1922	1926	-	Sep	Sun>=15	2:00	0	S
+ Rule	Toronto	1924	1927	-	May	Sun>=1	2:00	1:00	D
+ # The 1927-to-1939 rules can be expressed more simply as
+@@ -1110,9 +1303,10 @@
+ Rule	Toronto	1950	1973	-	Apr	lastSun	2:00	1:00	D
+ Rule	Toronto	1950	only	-	Nov	lastSun	2:00	0	S
+ Rule	Toronto	1951	1956	-	Sep	lastSun	2:00	0	S
+-# Shanks says Toronto ended DST a week early in 1971, namely on 1971-10-24,
+-# but Mark Brader wrote (2003-05-31) that he checked the 1971-10-30 issue
+-# of the Toronto Star, and it said that DST ended 1971-10-31 as usual.
++# Shanks & Pottenger say Toronto ended DST a week early in 1971,
++# namely on 1971-10-24, but Mark Brader wrote (2003-05-31) that this
++# is wrong, and that he had confirmed it by checking the 1971-10-30
++# Toronto Star, which said that DST was ending 1971-10-31 as usual.
+ Rule	Toronto	1957	1973	-	Oct	lastSun	2:00	0	S
+ 
+ # From Paul Eggert (2003-07-27):
+@@ -1134,13 +1328,6 @@
+ # months for the remainder of the war years.
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone America/Montreal	-4:54:16 -	LMT	1884
+-			-5:00	Mont	E%sT	1918
+-			-5:00	Canada	E%sT	1919
+-			-5:00	Mont	E%sT	1942 Feb  9 2:00s
+-			-5:00	Canada	E%sT	1946
+-			-5:00	Mont	E%sT	1974
+-			-5:00	Canada	E%sT
+ Zone America/Toronto	-5:17:32 -	LMT	1895
+ 			-5:00	Canada	E%sT	1919
+ 			-5:00	Toronto	E%sT	1942 Feb  9 2:00s
+@@ -1158,14 +1345,38 @@
+ 			-5:00	Canada	E%sT	1940 Sep 29
+ 			-5:00	1:00	EDT	1942 Feb  9 2:00s
+ 			-5:00	Canada	E%sT
+-Zone America/Rainy_River -6:17:56 -	LMT	1895
++Zone America/Rainy_River -6:18:16 -	LMT	1895
+ 			-6:00	Canada	C%sT	1940 Sep 29
+ 			-6:00	1:00	CDT	1942 Feb  9 2:00s
+ 			-6:00	Canada	C%sT
++Zone America/Atikokan	-6:06:28 -	LMT	1895
++			-6:00	Canada	C%sT	1940 Sep 29
++			-6:00	1:00	CDT	1942 Feb  9 2:00s
++			-6:00	Canada	C%sT	1945 Sep 30 2:00
++			-5:00	-	EST
+ 
+ 
+ # Manitoba
+ 
++# From Rob Douglas (2006-04-06):
++# the old Manitoba Time Act - as amended by Bill 2, assented to
++# March 27, 1987 ... said ...
++# "between two o'clock Central Standard Time in the morning of
++# the first Sunday of April of each year and two o'clock Central
++# Standard Time in the morning of the last Sunday of October next
++# following, one hour in advance of Central Standard Time."...
++# I believe that the English legislation [of the old time act] had =
++# been assented to (March 22, 1967)....
++# Also, as far as I can tell, there was no order-in-council varying
++# the time of Daylight Saving Time for 2005 and so the provisions of
++# the 1987 version would apply - the changeover was at 2:00 Central
++# Standard Time (i.e. not until 3:00 Central Daylight Time).
++
++# From Paul Eggert (2006-04-10):
++# Shanks & Pottenger say Manitoba switched at 02:00 (not 02:00s)
++# starting 1966.  Since 02:00s is clearly correct for 1967 on, assume
++# it was also 02:00s in 1966.
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Winn	1916	only	-	Apr	23	0:00	1:00	D
+ Rule	Winn	1916	only	-	Sep	17	0:00	0	S
+@@ -1188,18 +1399,13 @@
+ Rule	Winn	1960	only	-	Sep	lastSun	2:00	0	S
+ Rule	Winn	1963	only	-	Apr	lastSun	2:00	1:00	D
+ Rule	Winn	1963	only	-	Sep	22	2:00	0	S
+-Rule	Winn	1966	1986	-	Apr	lastSun	2:00	1:00	D
+-Rule	Winn	1966	1986	-	Oct	lastSun	2:00	0	S
+-Rule	Winn	1987	2006	-	Apr	Sun>=1	2:00s	1:00	D
+-# From Paul Eggert (2000-10-02):
+-# INMS (2000-09-12) says that, since 1988 at least, Manitoba switches from
+-# DST at 03:00 local time.  For now, assume it started in 1987.
+-Rule	Winn	1987	2006	-	Oct	lastSun	2:00s	0	S
+-Rule	Winn	2007	max	-	Mar	Sun>=8	2:00s	1:00	D
+-Rule	Winn	2007	max	-	Nov	Sun>=1	2:00s	0	S
++Rule	Winn	1966	1986	-	Apr	lastSun	2:00s	1:00	D
++Rule	Winn	1966	2005	-	Oct	lastSun	2:00s	0	S
++Rule	Winn	1987	2005	-	Apr	Sun>=1	2:00s	1:00	D
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Winnipeg	-6:28:36 -	LMT	1887 Jul 16
+-			-6:00	Winn	C%sT
++			-6:00	Winn	C%sT	2006
++			-6:00	Canada	C%sT
+ 
+ 
+ # Saskatchewan
+@@ -1218,8 +1424,8 @@
+ # Willett (1914-03) notes that DST "has been in operation ... in the
+ # City of Moose Jaw, Saskatchewan, for one year."
+ 
+-# From Paul Eggert (2000-10-02):
+-# Shanks writes that since 1970 most of this region has been like Regina.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger say that since 1970 this region has mostly been as Regina.
+ # Some western towns (e.g. Swift Current) switched from MST/MDT to CST in 1972.
+ # Other western towns (e.g. Lloydminster) are like Edmonton.
+ # Matthews and Vincent (1998) write that Denare Beach and Creighton
+@@ -1251,6 +1457,11 @@
+ # rules any more; all other districts appear to have used CST year round
+ # since sometime in the 1960s.
+ 
++# From Chris Walton (2006-06-26):
++# The Saskatchewan time act which was last updated in 1996 is about 30 pages
++# long and rather painful to read.
++# http://www.qp.gov.sk.ca/documents/English/Statutes/Statutes/T14.pdf
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Regina	1918	only	-	Apr	14	2:00	1:00	D
+ Rule	Regina	1918	only	-	Oct	31	2:00	0	S
+@@ -1305,17 +1516,18 @@
+ Rule	Edm	1969	only	-	Apr	lastSun	2:00	1:00	D
+ Rule	Edm	1969	only	-	Oct	lastSun	2:00	0	S
+ Rule	Edm	1972	1986	-	Apr	lastSun	2:00	1:00	D
+-Rule	Edm	1972	max	-	Oct	lastSun	2:00	0	S
+-Rule	Edm	1987	max	-	Apr	Sun>=1	2:00	1:00	D
++Rule	Edm	1972	2006	-	Oct	lastSun	2:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Edmonton	-7:33:52 -	LMT	1906 Sep
+-			-7:00	Edm	M%sT
++			-7:00	Edm	M%sT	1987
++			-7:00	Canada	M%sT
+ 
+ 
+ # British Columbia
+ 
+-# From Paul Eggert (2000-10-02):
+-# Shanks writes that since 1970 most of this region has been like Vancouver.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger write that since 1970 most of this region has
++# been like Vancouver.
+ # Dawson Creek uses MST.  Much of east BC is like Edmonton.
+ # Matthews and Vincent (1998) write that Creston is like Dawson Creek.
+ 
+@@ -1328,11 +1540,11 @@
+ Rule	Vanc	1946	1986	-	Apr	lastSun	2:00	1:00	D
+ Rule	Vanc	1946	only	-	Oct	13	2:00	0	S
+ Rule	Vanc	1947	1961	-	Sep	lastSun	2:00	0	S
+-Rule	Vanc	1962	max	-	Oct	lastSun	2:00	0	S
+-Rule	Vanc	1987	max	-	Apr	Sun>=1	2:00	1:00	D
++Rule	Vanc	1962	2006	-	Oct	lastSun	2:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Vancouver	-8:12:28 -	LMT	1884
+-			-8:00	Vanc	P%sT
++			-8:00	Vanc	P%sT	1987
++			-8:00	Canada	P%sT
+ Zone America/Dawson_Creek -8:00:56 -	LMT	1884
+ 			-8:00	Canada	P%sT	1947
+ 			-8:00	Vanc	P%sT	1972 Aug 30 2:00
+@@ -1341,7 +1553,7 @@
+ 
+ # Northwest Territories, Nunavut, Yukon
+ 
+-# From Paul Eggert (1999-10-29):
++# From Paul Eggert (2006-03-22):
+ # Dawson switched to PST in 1973.  Inuvik switched to MST in 1979.
+ # Mathew Englander (1996-10-07) gives the following refs:
+ #	* 1967. Paragraph 28(34)(g) of the Interpretation Act, S.C. 1967-68,
+@@ -1350,7 +1562,12 @@
+ #	* C.O. 1973/214 switched Yukon to PST on 1973-10-28 00:00.
+ #	* O.I.C. 1980/02 established DST.
+ #	* O.I.C. 1987/056 changed DST to Apr firstSun 2:00 to Oct lastSun 2:00.
+-# Shanks says Yukon's 1973-10-28 switch was at 2:00; go with Englander.
++# Shanks & Pottenger say Yukon's 1973-10-28 switch was at 2:00; go
++# with Englander.
++# From Chris Walton (2006-06-26):
++# Here is a link to the old daylight saving portion of the interpretation
++# act which was last updated in 1987:
++# http://www.gov.yk.ca/legislation/regs/oic1987_056.pdf
+ 
+ # From Rives McDow (1999-09-04):
+ # Nunavut ... moved ... to incorporate the whole territory into one time zone.
+@@ -1459,6 +1676,10 @@
+ # For lack of better information, assume that Southampton Island observed
+ # daylight saving only during wartime.
+ 
++# From Chris Walton (2006-07-19):
++# The government of Yukon Territory ... recently announced it will extend
++# daylight saving in 2007....  http://www.gov.yk.ca/news/2006/06-164.html
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	NT_YK	1918	only	-	Apr	14	2:00	1:00	D
+ Rule	NT_YK	1918	only	-	Oct	27	2:00	0	S
+@@ -1470,8 +1691,8 @@
+ Rule	NT_YK	1965	only	-	Apr	lastSun	0:00	2:00	DD
+ Rule	NT_YK	1965	only	-	Oct	lastSun	2:00	0	S
+ Rule	NT_YK	1980	1986	-	Apr	lastSun	2:00	1:00	D
+-Rule	NT_YK	1980	max	-	Oct	lastSun	2:00	0	S
+-Rule	NT_YK	1987	max	-	Apr	Sun>=1	2:00	1:00	D
++Rule	NT_YK	1980	2006	-	Oct	lastSun	2:00	0	S
++Rule	NT_YK	1987	2006	-	Apr	Sun>=1	2:00	1:00	D
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Pangnirtung -4:22:56 -	LMT	1884
+ 			-4:00	NT_YK	A%sT	1995 Apr Sun>=1 2:00
+@@ -1482,10 +1703,11 @@
+ 			-5:00	NT_YK	E%sT	1999 Oct 31 2:00
+ 			-6:00	Canada	C%sT	2000 Oct 29 2:00
+ 			-5:00	Canada	E%sT
+-Zone America/Coral_Harbour -5:32:40 -	LMT	1884
+-			-5:00	NT_YK	E%sT	1946
+-			-5:00	-	EST
+-Zone America/Rankin_Inlet -6:08:40 -	LMT	1884
++# Now subsumed by America/Atikokan.
++#Zone America/Coral_Harbour -5:32:40 -	LMT	1884
++#			-5:00	NT_YK	E%sT	1946
++#			-5:00	-	EST
++Zone America/Rankin_Inlet -6:08:20 -	LMT	1884
+ 			-6:00	NT_YK	C%sT	2000 Oct 29 2:00
+ 			-5:00	-	EST	2001 Apr  1 3:00
+ 			-6:00	Canada	C%sT
+@@ -1496,16 +1718,20 @@
+ 			-6:00	-	CST	2001 Apr  1 3:00
+ 			-7:00	Canada	M%sT
+ Zone America/Yellowknife -7:37:24 -	LMT	1884
+-			-7:00	NT_YK	M%sT
+-Zone America/Inuvik	-8:54:00 -	LMT	1884
++			-7:00	NT_YK	M%sT	1980
++			-7:00	Canada	M%sT
++Zone America/Inuvik	-8:54:52 -	LMT	1884
+ 			-8:00	NT_YK	P%sT	1979 Apr lastSun 2:00
+-			-7:00	NT_YK	M%sT
++			-7:00	NT_YK	M%sT	1980
++			-7:00	Canada	M%sT
+ Zone America/Whitehorse	-9:00:12 -	LMT	1900 Aug 20
+ 			-9:00	NT_YK	Y%sT	1966 Jul 1 2:00
+-			-8:00	NT_YK	P%sT
++			-8:00	NT_YK	P%sT	1980
++			-8:00	Canada	P%sT
+ Zone America/Dawson	-9:17:40 -	LMT	1900 Aug 20
+ 			-9:00	NT_YK	Y%sT	1973 Oct 28 0:00
+-			-8:00	NT_YK	P%sT
++			-8:00	NT_YK	P%sT	1980
++			-8:00	Canada	P%sT
+ 
+ 
+ ###############################################################################
+@@ -1519,16 +1745,12 @@
+ # history of Mexican local time (in Spanish)
+ # </a>.
+ #
+-# Here are the discrepancies between Shanks and the MLoC.
++# Here are the discrepancies between Shanks & Pottenger (S&P) and the MLoC.
+ # (In all cases we go with the MLoC.)
+-# Shanks reports that Baja was at -8:00 in 1922/1923.
+-# Shanks says the 1930 transition in Baja was 1930-11-16.
+-# Shanks reports no DST during summer 1931.
+-# Shanks reports a transition at 1932-03-30 23:00, not 1932-04-01.
+-# Shanks does not report transitions for Baja in 1945 or 1948.
+-# Shanks reports southern Mexico transitions on 1981-12-01, not 12-23.
+-# Shanks says Quintana Roo switched to -6:00 on 1982-12-02, and to -5:00
+-# on 1997-10-26 at 02:00.
++# S&P report that Baja was at -8:00 in 1922/1923.
++# S&P say the 1930 transition in Baja was 1930-11-16.
++# S&P report no DST during summer 1931.
++# S&P report a transition at 1932-03-30 23:00, not 1932-04-01.
+ 
+ # From Gwillim Law (2001-02-20):
+ # There are some other discrepancies between the Decrees page and the
+@@ -1536,10 +1758,6 @@
+ # the researchers who prepared the Decrees page failed to find some of
+ # the relevant documents.
+ 
+-# From Paul Eggert (2000-07-26):
+-# Shanks gives 1942-04-01 instead of 1942-04-24, and omits the 1981
+-# and 1988 DST experiments.  Go with spin.com.mx.
+-
+ # From Alan Perry (1996-02-15):
+ # A guy from our Mexico subsidiary finally found the Presidential Decree
+ # outlining the timezone changes in Mexico.
+@@ -1739,7 +1957,8 @@
+ 			-8:00	-	PST	1931 Apr  1
+ 			-8:00	1:00	PDT	1931 Sep 30
+ 			-8:00	-	PST	1942 Apr 24
+-			-8:00	1:00	PWT	1945 Nov 12
++			-8:00	1:00	PWT	1945 Aug 14 23:00u
++			-8:00	1:00	PPT	1945 Nov 12 # Peace
+ 			-8:00	-	PST	1948 Apr  5
+ 			-8:00	1:00	PDT	1949 Jan 14
+ 			-8:00	-	PST	1954
+@@ -1749,12 +1968,13 @@
+ 			-8:00	Mexico	P%sT	2001
+ 			-8:00	US	P%sT	2002 Feb 20
+ 			-8:00	Mexico	P%sT
+-# From Paul Eggert (2001-03-05):
++# From Paul Eggert (2006-03-22):
+ # Formerly there was an America/Ensenada zone, which differed from
+ # America/Tijuana only in that it did not observe DST from 1976
+-# through 1995.  This was as per Shanks.  However, Guy Harris reports
++# through 1995.  This was as per Shanks (1999).  But Shanks & Pottenger say
++# Ensenada did not observe DST from 1948 through 1975.  Guy Harris reports
+ # that the 1987 OAG says "Only Ensenada, Mexicale, San Felipe and
+-# Tijuana observe DST," which contradicts Shanks but does imply that
++# Tijuana observe DST," which agrees with Shanks & Pottenger but implies that
+ # DST-observance was a town-by-town matter back then.  This concerns
+ # data after 1970 so most likely there should be at least one Zone
+ # other than America/Tijuana for Baja, but it's not clear yet what its
+@@ -1798,7 +2018,7 @@
+ 			-4:00	Barb	A%sT
+ 
+ # Belize
+-# Whitman entirely disagrees with Shanks; go with Shanks.
++# Whitman entirely disagrees with Shanks; go with Shanks & Pottenger.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Belize	1918	1942	-	Oct	Sun>=2	0:00	0:30	HD
+ Rule	Belize	1919	1943	-	Feb	Sun>=9	0:00	0	S
+@@ -1811,10 +2031,20 @@
+ 			-6:00	Belize	C%sT
+ 
+ # Bermuda
++
++# From Dan Jones, reporting in The Royal Gazette (2006-06-26):
++
++# Next year, however, clocks in the US will go forward on the second Sunday
++# in March, until the first Sunday in November.  And, after the Time Zone
++# (Seasonal Variation) Bill 2006 was passed in the House of Assembly on
++# Friday, the same thing will happen in Bermuda.
++# http://www.theroyalgazette.com/apps/pbcs.dll/article?AID=/20060529/NEWS/105290135
++
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone Atlantic/Bermuda	-4:19:04 -	LMT	1930 Jan  1 2:00    # Hamilton
+ 			-4:00	-	AST	1974 Apr 28 2:00
+-			-4:00	Bahamas	A%sT
++			-4:00	Bahamas	A%sT	1976
++			-4:00	US	A%sT
+ 
+ # Cayman Is
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -1827,7 +2057,8 @@
+ Rule	CR	1979	1980	-	Feb	lastSun	0:00	1:00	D
+ Rule	CR	1979	1980	-	Jun	Sun>=1	0:00	0	S
+ Rule	CR	1991	1992	-	Jan	Sat>=15	0:00	1:00	D
+-# IATA SSIM (1991-09) says the following was at 1:00; go with Shanks.
++# IATA SSIM (1991-09) says the following was at 1:00;
++# go with Shanks & Pottenger.
+ Rule	CR	1991	only	-	Jul	 1	0:00	0	S
+ Rule	CR	1992	only	-	Mar	15	0:00	0	S
+ # There are too many San Joses elsewhere, so we'll use `Costa Rica'.
+@@ -1853,18 +2084,23 @@
+ 
+ # From Evert van der Veer via Steffen Thorsen (2004-10-28):
+ # Cuba is not going back to standard time this year.
+-# From Paul Eggert (2004-10-28):
++# From Paul Eggert (2006-03-22):
+ # http://www.granma.cu/ingles/2004/septiembre/juev30/41medid-i.html
+ # says that it's due to a problem at the Antonio Guiteras
+ # thermoelectric plant, and says "This October there will be no return
+ # to normal hours (after daylight saving time)".
+-# For now, let's assume that it's a one-year temporary measure.
++# For now, let's assume that it's a temporary measure.
+ 
+ # From Carlos A. Carnero Delgado (2005-11-12):
+ # This year (just like in 2004-2005) there's no change in time zone
+ # adjustment in Cuba.  We will stay in daylight saving time:
+ # http://www.granma.cu/espanol/2005/noviembre/mier9/horario.html
+ 
++# From Steffen Thorsen (2006-08-17):
++# It is likely that they are not reverting back to standard time this
++# year either, based on the number of responses I have got from users
++# (when my site claimed Cuba will end DST on lastSun/October)
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Cuba	1928	only	-	Jun	10	0:00	1:00	D
+ Rule	Cuba	1928	only	-	Oct	10	0:00	0	S
+@@ -1895,7 +2131,7 @@
+ Rule	Cuba	1998	1999	-	Mar	lastSun	0:00s	1:00	D
+ Rule	Cuba	1998	2003	-	Oct	lastSun	0:00s	0	S
+ Rule	Cuba	2000	max	-	Apr	Sun>=1	0:00s	1:00	D
+-Rule	Cuba	2006	max	-	Oct	lastSun	0:00s	0	S
++Rule	Cuba	2007	max	-	Oct	lastSun	0:00s	0	S
+ 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	America/Havana	-5:29:28 -	LMT	1890
+@@ -1943,6 +2179,7 @@
+ 			-4:00	-	AST
+ 
+ # El Salvador
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Salv	1987	1988	-	May	Sun>=1	0:00	1:00	D
+ Rule	Salv	1987	1988	-	Sep	lastSun	0:00	0	S
+@@ -1963,6 +2200,19 @@
+ 			-4:00	-	AST
+ 
+ # Guatemala
++#
++# From Gwillim Law (2006-04-22), after a heads-up from Oscar van Vlijmen:
++# Diario Co Latino, at
++# http://www.diariocolatino.com/internacionales/detalles.asp?NewsID=8079,
++# says in an article dated 2006-04-19 that the Guatemalan government had
++# decided on that date to advance official time by 60 minutes, to lessen the
++# impact of the elevated cost of oil....  Daylight saving time will last from
++# 2006-04-29 24:00 (Guatemalan standard time) to 2006-09-30 (time unspecified).
++# From Paul Eggert (2006-06-22):
++# The Ministry of Energy and Mines, press release CP-15/2006
++# (2006-04-19), says DST ends at 24:00.  See
++# <http://www.sieca.org.gt/Sitio_publico/Energeticos/Doc/Medidas/Cambio_Horario_Nac_190406.pdf>.
++
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Guat	1973	only	-	Nov	25	0:00	1:00	D
+ Rule	Guat	1974	only	-	Feb	24	0:00	0	S
+@@ -1970,6 +2220,8 @@
+ Rule	Guat	1983	only	-	Sep	22	0:00	0	S
+ Rule	Guat	1991	only	-	Mar	23	0:00	1:00	D
+ Rule	Guat	1991	only	-	Sep	 7	0:00	0	S
++Rule	Guat	2006	only	-	Apr	30	0:00	1:00	D
++Rule	Guat	2006	only	-	Oct	 1	0:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Guatemala	-6:02:04 -	LMT	1918 Oct 5
+ 			-6:00	Guat	C%sT
+@@ -1994,26 +2246,67 @@
+ #   October 2005.
+ #
+ #  "Port-au-Prince, March 31, 2005"
++#
++# From Steffen Thorsen (2006-04-04):
++# I have been informed by users that Haiti observes DST this year like
++# last year, so the current "only" rule for 2005 might be changed to a
++# "max" rule or to last until 2006. (Who knows if they will observe DST
++# next year or if they will extend their DST like US/Canada next year).
++#
++# I have found this article about it (in French):
++# http://www.haitipressnetwork.com/news.cfm?articleID=7612
++#
++# The reason seems to be an energy crisis.
++
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Haiti	1983	only	-	May	8	0:00	1:00	D
+ Rule	Haiti	1984	1987	-	Apr	lastSun	0:00	1:00	D
+ Rule	Haiti	1983	1987	-	Oct	lastSun	0:00	0	S
+-# Shanks says AT is 2:00, but IATA SSIM (1991/1997) says 1:00s.  Go with IATA.
++# Shanks & Pottenger say AT is 2:00, but IATA SSIM (1991/1997) says 1:00s.
++# Go with IATA.
+ Rule	Haiti	1988	1997	-	Apr	Sun>=1	1:00s	1:00	D
+ Rule	Haiti	1988	1997	-	Oct	lastSun	1:00s	0	S
+-Rule	Haiti	2005	only	-	Apr	Sun>=1	0:00	1:00	D
+-Rule	Haiti	2005	only	-	Oct	lastSun	0:00	0	S
++Rule	Haiti	2005	max	-	Apr	Sun>=1	0:00	1:00	D
++Rule	Haiti	2005	max	-	Oct	lastSun	0:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Port-au-Prince -4:49:20 -	LMT	1890
+ 			-4:49	-	PPMT	1917 Jan 24 12:00 # P-a-P MT
+ 			-5:00	Haiti	E%sT
+ 
+ # Honduras
+-# Shanks says 1921 Jan 1; go with Whitman's more precise Apr 1.
++# Shanks & Pottenger say 1921 Jan 1; go with Whitman's more precise Apr 1.
++
++# From Paul Eggert (2006-05-05):
++# worldtimezone.com reports a 2006-05-02 Spanish-language AP article
++# saying Honduras will start using DST midnight Saturday, effective 4
++# months until September.  La Tribuna reported today
++# <http://www.latribuna.hn/99299.html> that Manuel Zelaya, the president
++# of Honduras, refused to back down on this.
++
++# From Jesper Norgaard Welen (2006-08-08):
++# It seems that Honduras has returned from DST to standard time this Monday at
++# 00:00 hours (prolonging Sunday to 25 hours duration).
++# http://www.worldtimezone.com/dst_news/dst_news_honduras04.html
++
++# From Paul Eggert (2006-08-08):
++# Also see Diario El Heraldo, The country returns to standard time (2006-08-08)
++# <http://www.elheraldo.hn/nota.php?nid=54941&sec=12>.
++# It mentions executive decree 18-2006.
++
++# From Steffen Thorsen (2006-08-17):
++# Honduras will observe DST from 2007 to 2009, exact dates are not
++# published, I have located this authoritative source:
++# http://www.presidencia.gob.hn/noticia.aspx?nId=47
++
++# Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
++Rule	Hond	1987	1988	-	May	Sun>=1	0:00	1:00	D
++Rule	Hond	1987	1988	-	Sep	lastSun	0:00	0	S
++Rule	Hond	2006	2009	-	May	Sun>=1	0:00	1:00	D
++Rule	Hond	2006	2009	-	Aug	Mon>=1	0:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Tegucigalpa -5:48:52 -	LMT	1921 Apr
+-			-6:00	Salv	C%sT
++			-6:00	Hond	C%sT
+ #
+ # Great Swan I ceded by US to Honduras in 1972
+ 
+@@ -2025,7 +2318,7 @@
+ # From U. S. Naval Observatory (1989-01-19):
+ # JAMAICA             5 H  BEHIND UTC
+ 
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	America/Jamaica	-5:07:12 -	LMT	1890		# Kingston
+ 			-5:07:12 -	KMT	1912 Feb    # Kingston Mean Time
+@@ -2042,18 +2335,16 @@
+ 			-4:00	-	AST
+ 
+ # Montserrat
+-# From Paul Eggert (1997-08-31):
+-# Recent volcanic eruptions have forced evacuation of Plymouth, the capital.
+-# Luckily, Olveston, the current de facto capital, has the same longitude.
++# From Paul Eggert (2006-03-22):
++# In 1995 volcanic eruptions forced evacuation of Plymouth, the capital.
++# world.gazetteer.com says Cork Hill is the most populous location now.
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+-Zone America/Montserrat	-4:08:52 -	LMT	1911 Jul 1 0:01   # Olveston
++Zone America/Montserrat	-4:08:52 -	LMT	1911 Jul 1 0:01   # Cork Hill
+ 			-4:00	-	AST
+ 
+ # Nicaragua
+ #
+-# From Steffen Thorsen (1998-12-29):
+-# Nicaragua seems to be back at -6:00 but I have not been able to find when
+-# they changed from -5:00.
++# This uses Shanks & Pottenger for times before 2005.
+ #
+ # From Steffen Thorsen (2005-04-12):
+ # I've got reports from 8 different people that Nicaragua just started
+@@ -2067,8 +2358,7 @@
+ #
+ # From Paul Eggert (2005-05-01):
+ # The decree doesn't say anything about daylight saving, but for now let's
+-# assume that it is daylight saving and that they'll switch back on the
+-# 3rd Sunday in September.
++# assume that it is daylight saving....
+ #
+ # From Gwillim Law (2005-04-21):
+ # The Associated Press story on the time change, which can be found at
+@@ -2086,20 +2376,35 @@
+ # http://www.presidencia.gob.ni/presidencia/files_index/secretaria/comunicados/2005/septiembre/26septiembre-cambio-hora.htm
+ # (2005-09-26)
+ #
++# From Jesper Norgaard Welen (2006-05-05):
++# http://www.elnuevodiario.com.ni/2006/05/01/nacionales/18410
++# (my informal translation)
++# By order of the president of the republic, Enrique Bolanos, Nicaragua
++# advanced by sixty minutes their official time, yesterday at 2 in the
++# morning, and will stay that way until 30.th. of september.
++#
++# From Jesper Norgaard Welen (2006-09-30):
++# http://www.presidencia.gob.ni/buscador_gaceta/BD/DECRETOS/2006/D-063-2006P-PRN-Cambio-Hora.pdf
++# My informal translation runs:
++# The natural sun time is restored in all the national territory, in that the
++# time is returned one hour at 01:00 am of October 1 of 2006.
++#
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Nic	1979	1980	-	Mar	Sun>=16	0:00	1:00	D
+ Rule	Nic	1979	1980	-	Jun	Mon>=23	0:00	0	S
+-Rule	Nic	1992	only	-	Jan	 1	4:00	1:00	D
+-Rule	Nic	1992	only	-	Sep	24	0:00	0	S
+ Rule	Nic	2005	only	-	Apr	10	0:00	1:00	D
+-Rule	Nic	2005	only	-	Oct	 2	0:00	0	S
++Rule	Nic	2005	only	-	Oct	Sun>=1	0:00	0	S
++Rule	Nic	2006	only	-	Apr	30	2:00	1:00	D
++Rule	Nic	2006	only	-	Oct	Sun>=1	1:00	0	S
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	America/Managua	-5:45:08 -	LMT	1890
+ 			-5:45:12 -	MMT	1934 Jun 23 # Managua Mean Time?
+ 			-6:00	-	CST	1973 May
+ 			-5:00	-	EST	1975 Feb 16
+-			-6:00	Nic	C%sT	1993 Jan 1 4:00
+-			-5:00	-	EST	1998 Dec
++			-6:00	Nic	C%sT	1992 Jan  1 4:00
++			-5:00	-	EST	1992 Sep 24
++			-6:00	-	CST	1993
++			-5:00	-	EST	1997
+ 			-6:00	Nic	C%sT
+ 
+ # Panama
+@@ -2113,7 +2418,7 @@
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Puerto_Rico -4:24:25 -	LMT	1899 Mar 28 12:00    # San Juan
+ 			-4:00	-	AST	1942 May  3
+-			-4:00	1:00	AWT	1945 Sep 30  2:00
++			-4:00	US	A%sT	1946
+ 			-4:00	-	AST
+ 
+ # St Kitts-Nevis
+@@ -2142,8 +2447,8 @@
+ 			-4:00	-	AST
+ 
+ # Turks and Caicos
+-# From Paul Eggert (1998-08-06):
+-# Shanks says they use US DST rules, but IATA SSIM (1991/1998)
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger say they use US DST rules, but IATA SSIM (1991/1998)
+ # says they switch at midnight.  Go with IATA SSIM.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	TC	1979	1986	-	Apr	lastSun	0:00	1:00	D
+Index: share/zoneinfo/southamerica
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/southamerica,v
+retrieving revision 1.24.2.2
+diff -u -r1.24.2.2 southamerica
+--- share/zoneinfo/southamerica	27 Dec 2005 19:56:24 -0000	1.24.2.2
++++ share/zoneinfo/southamerica	25 Feb 2007 03:26:56 -0000
+@@ -1,14 +1,14 @@
+-# @(#)southamerica	7.66
++# %W%
+ # <pre>
+ 
+ # This data is by no means authoritative; if you think you know better,
+ # go ahead and edit the file (and please send any changes to
+ # tz@elsie.nci.nih.gov for general use in the future).
+ 
+-# From Paul Eggert (1999-07-07):
++# From Paul Eggert (2006-03-22):
+ # A good source for time zone historical data outside the U.S. is
+-# Thomas G. Shanks, The International Atlas (5th edition),
+-# San Diego: ACS Publications, Inc. (1999).
++# Thomas G. Shanks and Rique Pottenger, The International Atlas (6th edition),
++# San Diego: ACS Publications, Inc. (2003).
+ #
+ # Gwillim Law writes that a good source
+ # for recent time zone data is the International Air Transport
+@@ -16,8 +16,8 @@
+ # published semiannually.  Law sent in several helpful summaries
+ # of the IATA's data after 1990.
+ #
+-# Except where otherwise noted, Shanks is the source for entries through 1990,
+-# and IATA SSIM is the source for entries after 1990.
++# Except where otherwise noted, Shanks & Pottenger is the source for
++# entries through 1990, and IATA SSIM is the source for entries afterwards.
+ #
+ # Earlier editions of these tables used the North American style (e.g. ARST and
+ # ARDT for Argentine Standard and Daylight Time), but the following quote
+@@ -92,8 +92,6 @@
+ # obtaining the data from the:
+ # Talleres de Hidrografia Naval Argentina
+ # (Argentine Naval Hydrography Institute)
+-#
+-# Shanks stops after 1992-03-01; go with Otero.
+ Rule	Arg	1989	1993	-	Mar	Sun>=1	0:00	0	-
+ Rule	Arg	1989	1992	-	Oct	Sun>=15	0:00	1:00	S
+ #
+@@ -150,12 +148,12 @@
+ # It's Law No. 7,210.  This change is due to a public power emergency, so for
+ # now we'll assume it's for this year only.
+ #
+-# From Paul Eggert (2002-01-22):
++# From Paul Eggert (2006-03-22):
+ # <a href="http://www.spicasc.net/horvera.html">
+-# Hora de verano para la Republica Argentina (2000-10-01)
++# Hora de verano para la Republica Argentina (2003-06-08)
+ # </a> says that standard time in Argentina from 1894-10-31
+ # to 1920-05-01 was -4:16:48.25.  Go with this more-precise value
+-# over Shanks.
++# over Shanks & Pottenger.
+ #
+ # From Mariano Absatz (2004-06-05):
+ # These media articles from a major newspaper mostly cover the current state:
+@@ -202,8 +200,8 @@
+ # http://www.sanjuan.gov.ar/prensa/archivo/000426.html
+ # http://www.sanjuan.gov.ar/prensa/archivo/000441.html
+ 
+-# Unless otherwise specified, data are from Shanks through 1992, from
+-# the IATA otherwise.  As noted below, Shanks says that
++# Unless otherwise specified, data are from Shanks & Pottenger through 1992,
++# from the IATA otherwise.  As noted below, Shanks & Pottenger say that
+ # America/Cordoba split into 6 subregions during 1991/1992, but we
+ # haven't verified this yet so for now we'll keep it a single region.
+ #
+@@ -222,7 +220,7 @@
+ # Formosa (FM), Salta (SA), Santiago del Estero (SE), Cordoba (CB),
+ # San Luis (SL), La Pampa (LP), Neuquen (NQ), Rio Negro (RN)
+ #
+-# Shanks also makes the following claims, which we haven't verified:
++# Shanks & Pottenger also make the following claims, which we haven't verified:
+ # - Formosa switched to -3:00 on 1991-01-07.
+ # - Misiones switched to -3:00 on 1990-12-29.
+ # - Chaco switched to -3:00 on 1991-01-04.
+@@ -430,11 +428,7 @@
+ # The official decrees referenced below are mostly taken from
+ # <a href="http://pcdsh01.on.br/DecHV.html">
+ # Decretos sobre o Horario de Verao no Brasil
+-# </a> (2001-09-20, in Portuguese).
+-# The official site for all decrees, including those not related to time, is
+-# <a href="http://www.presidencia.gov.br/CCIVIL/decreto/principal_ano.htm">
+-# Presidencia da Republica, Subchefia para Assuntos Juridicos, Decretos
+-# </a> (in Portuguese).
++# </a>.
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ # Decree <a href="http://pcdsh01.on.br/HV20466.htm">20,466</a> (1931-10-01)
+@@ -550,7 +544,7 @@
+ # Decree <a href="http://pcdsh01.on.br/figuras/HV3916.gif">3,916</a>
+ # (2001-09-13) reestablishes DST in AL, CE, MA, PB, PE, PI, RN, SE.
+ Rule	Brazil	2000	2001	-	Oct	Sun>=8	 0:00	1:00	S
+-Rule	Brazil	2001	max	-	Feb	Sun>=15	 0:00	0	-
++Rule	Brazil	2001	2006	-	Feb	Sun>=15	 0:00	0	-
+ # Decree 4,399 (2002-10-01) repeals DST in AL, CE, MA, PB, PE, PI, RN, SE.
+ # <a href="http://www.presidencia.gov.br/CCIVIL/decreto/2002/D4399.htm"></a>
+ Rule	Brazil	2002	only	-	Nov	 3	 0:00	1:00	S
+@@ -562,10 +556,14 @@
+ Rule	Brazil	2004	only	-	Nov	 2	 0:00	1:00	S
+ # Decree <a href="http://pcdsh01.on.br/DecHV5539.gif">5,539</a> (2005-09-19),
+ # adopted by the same states as before.
+-Rule	Brazil	2005	max	-	Oct	Sun>=15	 0:00	1:00	S
++Rule	Brazil	2005	only	-	Oct	16	 0:00	1:00	S
++# Decree <a href="http://www.planalto.gov.br/ccivil_03/_Ato2004-2006/2006/Decreto/D5920.htm">5,920</a>
++# (2006-10-03), adopted by the same states as before.
++Rule	Brazil	2006	max	-	Nov	Sun>=1	 0:00	1:00	S
++Rule	Brazil	2007	max	-	Feb	lastSun	 0:00	0	-
+ # The latest ruleset listed above says that the following states observe DST:
+ # DF, ES, GO, MG, MS, MT, PR, RJ, RS, SC, SP.
+-# For dates after mid-2006, the above rules with TO="max" are guesses
++# For dates after mid-2007, the above rules with TO="max" are guesses
+ # and are quite possibly wrong, but are more likely than no DST at all.
+ 
+ 
+@@ -712,7 +710,7 @@
+ # It clearly confirms my earlier suggestion, that DST begins at 22:00
+ # on Easter Island....  But it also seems to be saying that the
+ # observance of DST in Chile began in 1966, rather than 1969 as
+-# ... [Shanks] has it....
++# ... [Shanks & Pottenger have] it....
+ #
+ # My translation:
+ #
+@@ -724,8 +722,8 @@
+ # to Easter Island and Sala y Gomez Island, will be set forward at
+ # midnight and at 22:00, respectively, by 20 minutes."
+ 
+-# From Paul Eggert (2001-05-04):
+-# Go with this article in preference to Shanks's 1969 date for modern DST.
++# From Paul Eggert (2006-03-22):
++# Go with Law in preference to Shanks & Pottenger's 1969 date for modern DST.
+ # Assume this rule has been used since DST was introduced in the islands.
+ 
+ # From Paul Eggert (2002-10-24):
+@@ -752,7 +750,7 @@
+ 			-4:00	Chile	CL%sT
+ Zone Pacific/Easter	-7:17:28 -	LMT	1890	    # Mataveri
+ 			-7:17:28 -	MMT	1932 Sep    # Mataveri Mean Time
+-			-7:00	Chile	EAS%sT	1982 Mar 14 # Easter I Time
++			-7:00	Chile	EAS%sT	1982 Mar 13 21:00 # Easter I Time
+ 			-6:00	Chile	EAS%sT
+ #
+ # Sala y Gomez Island is like Pacific/Easter.
+@@ -760,11 +758,9 @@
+ # San Felix, and Antarctic bases, are like America/Santiago.
+ 
+ # Colombia
+-# Shanks specifies 24:00 for 1992 transition times; go with IATA,
+-# as it seems implausible to change clocks at midnight New Year's Eve.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-Rule	CO	1992	only	-	May	 2	0:00	1:00	S
+-Rule	CO	1992	only	-	Dec	31	0:00	0	-
++Rule	CO	1992	only	-	May	 3	0:00	1:00	S
++Rule	CO	1993	only	-	Apr	 4	0:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	America/Bogota	-4:56:20 -	LMT	1884 Mar 13
+ 			-4:56:20 -	BMT	1914 Nov 23 # Bogota Mean Time
+@@ -773,10 +769,21 @@
+ # no information; probably like America/Bogota
+ 
+ # Curacao
+-# Shanks says that Bottom and Oranjestad have been at -4:00 since
+-# standard time was introduced on 1912-03-02; and that Kralendijk and Rincon
+-# used Kralendijk Mean Time (-4:33:08) from 1912-02-02 to 1965-01-01.
+-# This all predates our 1970 cutoff, though.
++#
++# From Paul Eggert (2006-03-22): 
++# Shanks & Pottenger say that The Bottom and Philipsburg have been at
++# -4:00 since standard time was introduced on 1912-03-02; and that
++# Kralendijk and Rincon used Kralendijk Mean Time (-4:33:08) from
++# 1912-02-02 to 1965-01-01.  The former is dubious, since S&P also say
++# Saba Island has been like Curacao.
++# This all predates our 1970 cutoff, though.  
++#
++# By July 2007 Curacao and St Maarten are planned to become
++# associated states within the Netherlands, much like Aruba;
++# Bonaire, Saba and St Eustatius would become directly part of the
++# Netherlands as Kingdom Islands.  This won't affect their time zones
++# though, as far as we know.
++# 
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone	America/Curacao	-4:35:44 -	LMT	1912 Feb 12	# Willemstad
+ 			-4:30	-	ANT	1965 # Netherlands Antilles Time
+@@ -793,9 +800,9 @@
+ 
+ # Falklands
+ 
+-# From Paul Eggert (2001-03-05):
+-# Between 1990 and 2000 inclusive, Shanks and the IATA agree except
+-# the IATA gives 1996-09-08.  Go with Shanks.
++# From Paul Eggert (2006-03-22):
++# Between 1990 and 2000 inclusive, Shanks & Pottenger and the IATA agree except
++# the IATA gives 1996-09-08.  Go with Shanks & Pottenger.
+ 
+ # From Falkland Islands Government Office, London (2001-01-22)
+ # via Jesper Norgaard:
+@@ -878,9 +885,9 @@
+ 			-4:00	-	GYT
+ 
+ # Paraguay
+-# From Paul Eggert (1999-10-29):
+-# Shanks (1999) says that spring transitions are from 01:00 -> 02:00,
+-# and autumn transitions are from 00:00 -> 23:00.  Go with earlier
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger say that spring transitions are from 01:00 -> 02:00,
++# and autumn transitions are from 00:00 -> 23:00.  Go with pre-1999
+ # editions of Shanks, and with the IATA, who say transitions occur at 00:00.
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Para	1975	1988	-	Oct	 1	0:00	1:00	S
+@@ -915,9 +922,9 @@
+ # http://gateway.abc.com.py:8000/pub/pag04.mbr/artic?FHA=2001-03-03-02.24.52.900592
+ #
+ Rule	Para	1996	2001	-	Oct	Sun>=1	0:00	1:00	S
+-# IATA SSIM (1997-09) says Mar 1; go with Shanks.
++# IATA SSIM (1997-09) says Mar 1; go with Shanks & Pottenger.
+ Rule	Para	1997	only	-	Feb	lastSun	0:00	0	-
+-# Shanks says 1999-02-28; IATA SSIM (1999-02) says 1999-02-27, but
++# Shanks & Pottenger say 1999-02-28; IATA SSIM (1999-02) says 1999-02-27, but
+ # (1999-09) reports no date; go with above sources and Gerd Knops (2001-02-27).
+ Rule	Para	1998	2001	-	Mar	Sun>=1	0:00	0	-
+ # From Rives McDow (2002-02-28):
+@@ -949,8 +956,8 @@
+ # When we were in Peru in 1985-1986, they apparently switched over
+ # sometime between December 29 and January 3 while we were on the Amazon.
+ #
+-# From Paul Eggert (2003-11-02):
+-# Shanks doesn't have this transition.  Assume 1986 was like 1987.
++# From Paul Eggert (2006-03-22):
++# Shanks & Pottenger don't have this transition.  Assume 1986 was like 1987.
+ 
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+ Rule	Peru	1938	only	-	Jan	 1	0:00	1:00	S
+@@ -961,7 +968,7 @@
+ Rule	Peru	1986	1987	-	Apr	 1	0:00	0	-
+ Rule	Peru	1990	only	-	Jan	 1	0:00	1:00	S
+ Rule	Peru	1990	only	-	Apr	 1	0:00	0	-
+-# IATA is ambiguous for 1993/1995; go with Shanks.
++# IATA is ambiguous for 1993/1995; go with Shanks & Pottenger.
+ Rule	Peru	1994	only	-	Jan	 1	0:00	1:00	S
+ Rule	Peru	1994	only	-	Apr	 1	0:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+@@ -994,23 +1001,23 @@
+ # Uruguay
+ # From Paul Eggert (1993-11-18):
+ # Uruguay wins the prize for the strangest peacetime manipulation of the rules.
+-# From Shanks:
++# From Shanks & Pottenger:
+ # Rule	NAME	FROM	TO	TYPE	IN	ON	AT	SAVE	LETTER/S
+-# Whitman gives 1923 Oct 1; go with Shanks.
++# Whitman gives 1923 Oct 1; go with Shanks & Pottenger.
+ Rule	Uruguay	1923	only	-	Oct	 2	 0:00	0:30	HS
+ Rule	Uruguay	1924	1926	-	Apr	 1	 0:00	0	-
+ Rule	Uruguay	1924	1925	-	Oct	 1	 0:00	0:30	HS
+ Rule	Uruguay	1933	1935	-	Oct	lastSun	 0:00	0:30	HS
+-# Shanks gives 1935 Apr 1 0:00 and 1936 Mar 30 0:00; go with Whitman.
++# Shanks & Pottenger give 1935 Apr 1 0:00 & 1936 Mar 30 0:00; go with Whitman.
+ Rule	Uruguay	1934	1936	-	Mar	Sat>=25	23:30s	0	-
+ Rule	Uruguay	1936	only	-	Nov	 1	 0:00	0:30	HS
+ Rule	Uruguay	1937	1941	-	Mar	lastSun	 0:00	0	-
+-# Whitman gives 1937 Oct 3; go with Shanks.
++# Whitman gives 1937 Oct 3; go with Shanks & Pottenger.
+ Rule	Uruguay	1937	1940	-	Oct	lastSun	 0:00	0:30	HS
+ # Whitman gives 1941 Oct 24 - 1942 Mar 27, 1942 Dec 14 - 1943 Apr 13,
+-# and 1943 Apr 13 ``to present time''; go with Shanks.
+-Rule	Uruguay	1941	only	-	Aug	 1	 0:00	0	-
+-Rule	Uruguay	1942	only	-	Jan	 1	 0:00	0:30	HS
++# and 1943 Apr 13 ``to present time''; go with Shanks & Pottenger.
++Rule	Uruguay	1941	only	-	Aug	 1	 0:00	0:30	HS
++Rule	Uruguay	1942	only	-	Jan	 1	 0:00	0	-
+ Rule	Uruguay	1942	only	-	Dec	14	 0:00	1:00	S
+ Rule	Uruguay	1943	only	-	Mar	14	 0:00	0	-
+ Rule	Uruguay	1959	only	-	May	24	 0:00	1:00	S
+@@ -1036,7 +1043,7 @@
+ Rule	Uruguay	1988	only	-	Dec	11	 0:00	1:00	S
+ Rule	Uruguay	1989	only	-	Mar	12	 0:00	0	-
+ Rule	Uruguay	1989	only	-	Oct	29	 0:00	1:00	S
+-# Shanks says no DST was observed in 1990/1 and 1991/2,
++# Shanks & Pottenger say no DST was observed in 1990/1 and 1991/2,
+ # and that 1992/3's DST was from 10-25 to 03-01.  Go with IATA.
+ Rule	Uruguay	1990	1992	-	Mar	Sun>=1	 0:00	0	-
+ Rule	Uruguay	1990	1991	-	Oct	Sun>=21	 0:00	1:00	S
+@@ -1057,6 +1064,10 @@
+ # 02:00 local time, official time in Uruguay will be at GMT -2.
+ Rule	Uruguay	2005	only	-	Oct	 9	 2:00	1:00	S
+ Rule	Uruguay	2006	only	-	Mar	12	 2:00	0	-
++# From Jesper Norgaard Welen (2006-09-06):
++# http://www.presidencia.gub.uy/_web/decretos/2006/09/CM%20210_08%2006%202006_00001.PDF
++Rule	Uruguay	2006	max	-	Oct	Sun>=1	 2:00	1:00	S
++Rule	Uruguay	2007	max	-	Mar	Sun>=8	 2:00	0	-
+ # Zone	NAME		GMTOFF	RULES	FORMAT	[UNTIL]
+ Zone America/Montevideo	-3:44:44 -	LMT	1898 Jun 28
+ 			-3:44:44 -	MMT	1920 May  1	# Montevideo MT
+Index: share/zoneinfo/systemv
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/systemv,v
+retrieving revision 1.1.2.2.14.1
+diff -u -r1.1.2.2.14.1 systemv
+--- share/zoneinfo/systemv	22 Dec 2005 23:47:26 -0000	1.1.2.2.14.1
++++ share/zoneinfo/systemv	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)systemv	7.5
++# @(#)systemv	8.1
+ 
+ # Old rules, should the need arise.
+ # No attempt is made to handle Newfoundland, since it cannot be expressed
+Index: share/zoneinfo/yearistype.sh
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/yearistype.sh,v
+retrieving revision 1.1.2.5.14.1
+diff -u -r1.1.2.5.14.1 yearistype.sh
+--- share/zoneinfo/yearistype.sh	22 Dec 2005 23:47:26 -0000	1.1.2.5.14.1
++++ share/zoneinfo/yearistype.sh	25 Feb 2007 03:26:56 -0000
+@@ -1,6 +1,9 @@
+ #! /bin/sh
+ 
+-: '@(#)yearistype.sh	7.8'
++: 'This file is in the public domain, so clarified as of'
++: '2006-07-17 by Arthur David Olson.'
++
++: '@(#)yearistype.sh	8.2'
+ 
+ case $#-$1 in
+ 	2-|2-0*|2-*[!0-9]*)
+Index: share/zoneinfo/zone.tab
+===================================================================
+RCS file: /home/ncvs/src/share/zoneinfo/zone.tab,v
+retrieving revision 1.17.2.1
+diff -u -r1.17.2.1 zone.tab
+--- share/zoneinfo/zone.tab	22 Dec 2005 23:47:26 -0000	1.17.2.1
++++ share/zoneinfo/zone.tab	25 Feb 2007 03:26:56 -0000
+@@ -1,4 +1,4 @@
+-# @(#)zone.tab	1.32
++# @(#)zone.tab	8.5
+ #
+ # TZ zone descriptions
+ #
+@@ -44,7 +44,7 @@
+ AR	-3436-05827	America/Argentina/Buenos_Aires	Buenos Aires (BA, CF)
+ AR	-3124-06411	America/Argentina/Cordoba	most locations (CB, CC, CN, ER, FM, LP, MN, NQ, RN, SA, SE, SF, SL)
+ AR	-2411-06518	America/Argentina/Jujuy	Jujuy (JY)
+-AR	-3124-06411	America/Argentina/Tucuman	Tucuman (TM)
++AR	-2649-06513	America/Argentina/Tucuman	Tucuman (TM)
+ AR	-2828-06547	America/Argentina/Catamarca	Catamarca (CT), Chubut (CH)
+ AR	-2926-06651	America/Argentina/La_Rioja	La Rioja (LR)
+ AR	-3132-06831	America/Argentina/San_Juan	San Juan (SJ)
+@@ -99,26 +99,28 @@
+ BW	-2545+02555	Africa/Gaborone
+ BY	+5354+02734	Europe/Minsk
+ BZ	+1730-08812	America/Belize
+-CA	+4734-05243	America/St_Johns	Newfoundland Island
+-CA	+4439-06336	America/Halifax	Atlantic Time - Nova Scotia (most places), NB, W Labrador, E Quebec & PEI
++CA	+4734-05243	America/St_Johns	Newfoundland Time, including SE Labrador
++CA	+4439-06336	America/Halifax	Atlantic Time - Nova Scotia (most places), PEI
+ CA	+4612-05957	America/Glace_Bay	Atlantic Time - Nova Scotia - places that did not observe DST 1966-1971
+-CA	+5320-06025	America/Goose_Bay	Atlantic Time - E Labrador
++CA	+4606-06447	America/Moncton	Atlantic Time - New Brunswick
++CA	+5320-06025	America/Goose_Bay	Atlantic Time - Labrador - most locations
++CA	+5125-05707	America/Blanc-Sablon	Atlantic Standard Time - Quebec - Lower North Shore
+ CA	+4531-07334	America/Montreal	Eastern Time - Quebec - most locations
+ CA	+4339-07923	America/Toronto	Eastern Time - Ontario - most locations
+ CA	+4901-08816	America/Nipigon	Eastern Time - Ontario & Quebec - places that did not observe DST 1967-1973
+ CA	+4823-08915	America/Thunder_Bay	Eastern Time - Thunder Bay, Ontario
+ CA	+6608-06544	America/Pangnirtung	Eastern Time - Pangnirtung, Nunavut
+ CA	+6344-06828	America/Iqaluit	Eastern Time - east Nunavut
+-CA	+6408-08310	America/Coral_Harbour	Eastern Standard Time - Southampton Island
+-CA	+6245-09210	America/Rankin_Inlet	Central Time - central Nunavut
++CA	+484531-0913718	America/Atikokan	Eastern Standard Time - Atikokan, Ontario and Southampton I, Nunavut
++CA	+624900-0920459	America/Rankin_Inlet	Central Time - central Nunavut
+ CA	+4953-09709	America/Winnipeg	Central Time - Manitoba & west Ontario
+-CA	+4843-09429	America/Rainy_River	Central Time - Rainy River & Fort Frances, Ontario
++CA	+4843-09434	America/Rainy_River	Central Time - Rainy River & Fort Frances, Ontario
+ CA	+6903-10505	America/Cambridge_Bay	Central Time - west Nunavut
+ CA	+5024-10439	America/Regina	Central Standard Time - Saskatchewan - most locations
+ CA	+5017-10750	America/Swift_Current	Central Standard Time - Saskatchewan - midwest
+ CA	+5333-11328	America/Edmonton	Mountain Time - Alberta, east British Columbia & west Saskatchewan
+ CA	+6227-11421	America/Yellowknife	Mountain Time - central Northwest Territories
+-CA	+6825-11330	America/Inuvik	Mountain Time - west Northwest Territories
++CA	+682059-1334300	America/Inuvik	Mountain Time - west Northwest Territories
+ CA	+5946-12014	America/Dawson_Creek	Mountain Standard Time - Dawson Creek & Fort Saint John, British Columbia
+ CA	+4916-12307	America/Vancouver	Pacific Time - west British Columbia
+ CA	+6043-13503	America/Whitehorse	Pacific Time - south Yukon
+@@ -135,13 +137,12 @@
+ CL	-2710-10927	Pacific/Easter	Easter Island & Sala y Gomez
+ CM	+0403+00942	Africa/Douala
+ CN	+3114+12128	Asia/Shanghai	east China - Beijing, Guangdong, Shanghai, etc.
+-CN	+4545+12641	Asia/Harbin	Heilongjiang
+-CN	+2934+10635	Asia/Chongqing	central China - Gansu, Guizhou, Sichuan, Yunnan, etc.
+-CN	+4348+08735	Asia/Urumqi	Tibet & most of Xinjiang Uyghur
+-CN	+3929+07559	Asia/Kashgar	southwest Xinjiang Uyghur
++CN	+4545+12641	Asia/Harbin	Heilongjiang (except Mohe), Jilin
++CN	+2934+10635	Asia/Chongqing	central China - Sichuan, Yunnan, Guangxi, Shaanxi, Guizhou, etc.
++CN	+4348+08735	Asia/Urumqi	most of Tibet & Xinjiang
++CN	+3929+07559	Asia/Kashgar	west Tibet & Xinjiang
+ CO	+0436-07405	America/Bogota
+ CR	+0956-08405	America/Costa_Rica
+-CS	+4450+02030	Europe/Belgrade
+ CU	+2308-08222	America/Havana
+ CV	+1455-02331	Atlantic/Cape_Verde
+ CX	-1025+10543	Indian/Christmas
+@@ -176,11 +177,12 @@
+ GD	+1203-06145	America/Grenada
+ GE	+4143+04449	Asia/Tbilisi
+ GF	+0456-05220	America/Cayenne
++GG	+4927-00232	Europe/Guernsey
+ GH	+0533-00013	Africa/Accra
+ GI	+3608-00521	Europe/Gibraltar
+ GL	+6411-05144	America/Godthab	most locations
+ GL	+7646-01840	America/Danmarkshavn	east coast, north of Scoresbysund
+-GL	+7030-02215	America/Scoresbysund	Scoresbysund / Ittoqqortoormiit
++GL	+7029-02158	America/Scoresbysund	Scoresbysund / Ittoqqortoormiit
+ GL	+7634-06847	America/Thule	Thule / Pituffik
+ GM	+1328-01639	Africa/Banjul
+ GN	+0931-01343	Africa/Conakry
+@@ -203,12 +205,14 @@
+ ID	-0232+14042	Asia/Jayapura	Irian Jaya & the Moluccas
+ IE	+5320-00615	Europe/Dublin
+ IL	+3146+03514	Asia/Jerusalem
++IM	+5409-00428	Europe/Isle_of_Man
+ IN	+2232+08822	Asia/Calcutta
+ IO	-0720+07225	Indian/Chagos
+ IQ	+3321+04425	Asia/Baghdad
+ IR	+3540+05126	Asia/Tehran
+ IS	+6409-02151	Atlantic/Reykjavik
+ IT	+4154+01229	Europe/Rome
++JE	+4912-00237	Europe/Jersey
+ JM	+1800-07648	America/Jamaica
+ JO	+3157+03556	Asia/Amman
+ JP	+353916+1394441	Asia/Tokyo
+@@ -243,6 +247,7 @@
+ MA	+3339-00735	Africa/Casablanca
+ MC	+4342+00723	Europe/Monaco
+ MD	+4700+02850	Europe/Chisinau
++ME	+4247+01928	Europe/Podgorica
+ MG	-1855+04731	Indian/Antananarivo
+ MH	+0709+17112	Pacific/Majuro	most locations
+ MH	+0905+16720	Pacific/Kwajalein	Kwajalein
+@@ -256,7 +261,7 @@
+ MP	+1512+14545	Pacific/Saipan
+ MQ	+1436-06105	America/Martinique
+ MR	+1806-01557	Africa/Nouakchott
+-MS	+1644-06213	America/Montserrat
++MS	+1643-06213	America/Montserrat
+ MT	+3554+01431	Europe/Malta
+ MU	-2010+05730	Indian/Mauritius
+ MV	+0410+07330	Indian/Maldives
+@@ -307,9 +312,11 @@
+ QA	+2517+05132	Asia/Qatar
+ RE	-2052+05528	Indian/Reunion
+ RO	+4426+02606	Europe/Bucharest
++RS	+4450+02030	Europe/Belgrade
+ RU	+5443+02030	Europe/Kaliningrad	Moscow-01 - Kaliningrad
+ RU	+5545+03735	Europe/Moscow	Moscow+00 - west Russia
+-RU	+5312+05009	Europe/Samara	Moscow+01 - Caspian Sea
++RU	+4844+04425	Europe/Volgograd	Moscow+00 - Caspian Sea
++RU	+5312+05009	Europe/Samara	Moscow+01 - Samara, Udmurtia
+ RU	+5651+06036	Asia/Yekaterinburg	Moscow+02 - Urals
+ RU	+5500+07324	Asia/Omsk	Moscow+03 - west Siberia
+ RU	+5502+08255	Asia/Novosibirsk	Moscow+03 - Novosibirsk
+@@ -370,13 +377,16 @@
+ US	+421953-0830245	America/Detroit	Eastern Time - Michigan - most locations
+ US	+381515-0854534	America/Kentucky/Louisville	Eastern Time - Kentucky - Louisville area
+ US	+364947-0845057	America/Kentucky/Monticello	Eastern Time - Kentucky - Wayne County
+-US	+394606-0860929	America/Indiana/Indianapolis	Eastern Standard Time - Indiana - most locations
+-US	+382232-0862041	America/Indiana/Marengo	Eastern Standard Time - Indiana - Crawford County
+-US	+411745-0863730	America/Indiana/Knox	Eastern Standard Time - Indiana - Starke County
+-US	+384452-0850402	America/Indiana/Vevay	Eastern Standard Time - Indiana - Switzerland County
++US	+394606-0860929	America/Indiana/Indianapolis	Eastern Time - Indiana - most locations
++US	+382232-0862041	America/Indiana/Marengo	Eastern Time - Indiana - Crawford County
++US	+411745-0863730	America/Indiana/Knox	Eastern Time - Indiana - Starke County
++US	+384452-0850402	America/Indiana/Vevay	Eastern Time - Indiana - Switzerland County
+ US	+415100-0873900	America/Chicago	Central Time
+-US	+450628-0873651	America/Menominee	Central Time - Michigan - Wisconsin border
++US	+384038-0873143	America/Indiana/Vincennes	Central Time - Indiana - Daviess, Dubois, Knox, Martin, Perry & Pulaski Counties
++US	+382931-0871643	America/Indiana/Petersburg	Central Time - Indiana - Pike County
++US	+450628-0873651	America/Menominee	Central Time - Michigan - Dickinson, Gogebic, Iron & Menominee Counties
+ US	+470659-1011757	America/North_Dakota/Center	Central Time - North Dakota - Oliver County
++US	+465042-1012439	America/North_Dakota/New_Salem	Central Time - North Dakota - Morton County (except Mandan area)
+ US	+394421-1045903	America/Denver	Mountain Time
+ US	+433649-1161209	America/Boise	Mountain Time - south Idaho & east Oregon
+ US	+364708-1084111	America/Shiprock	Mountain Time - Navajo
diff --git a/share/security/patches/EN-07:04/zoneinfo.patch.asc b/share/security/patches/EN-07:04/zoneinfo.patch.asc
new file mode 100644
index 0000000000..519ec9b3b7
--- /dev/null
+++ b/share/security/patches/EN-07:04/zoneinfo.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBF5cuwFdaIBMps37IRAl89AJ9pDcJKyAjgRv2/UDLKy/edOCdYDwCeO/pc
+z5kWfxOzLr9x7nAkGNWqJHY=
+=cD/F
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-07:05/freebsd-update.patch b/share/security/patches/EN-07:05/freebsd-update.patch
new file mode 100644
index 0000000000..05c98945f2
--- /dev/null
+++ b/share/security/patches/EN-07:05/freebsd-update.patch
@@ -0,0 +1,43 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/freebsd-update/freebsd-update.sh,v
+retrieving revision 1.2.2.2.2.1
+diff -u -I__FBSDID -I$FreeBSD -r1.2.2.2.2.1 freebsd-update.sh
+--- usr.sbin/freebsd-update/freebsd-update.sh	27 Nov 2006 21:27:33 -0000	1.2.2.2.2.1
++++ usr.sbin/freebsd-update/freebsd-update.sh	13 Mar 2007 12:56:06 -0000
+@@ -499,6 +499,24 @@
+ 		exit 1
+ 	fi
+ 
++	# Figure out what kernel configuration is running.  We start with
++	# the output of `uname -i`, and then make the following adjustments:
++	# 1. Replace "SMP-GENERIC" with "SMP".  Why the SMP kernel config
++	# file says "ident SMP-GENERIC", I don't know...
++	# 2. If the kernel claims to be GENERIC _and_ ${ARCH} is "amd64"
++	# _and_ `sysctl kern.version` contains a line which ends "/SMP", then
++	# we're running an SMP kernel.  This mis-identification is a bug
++	# which was fixed in 6.2-STABLE.
++	KERNCONF=`uname -i`
++	if [ ${KERNCONF} = "SMP-GENERIC" ]; then
++		KERNCONF=SMP
++	fi
++	if [ ${KERNCONF} = "GENERIC" ] && [ ${ARCH} = "amd64" ]; then
++		if sysctl kern.version | grep -qE '/SMP$'; then
++			KERNCONF=SMP
++		fi
++	fi
++
+ 	# Define some paths
+ 	BSPATCH=/usr/bin/bspatch
+ 	SHA256=/sbin/sha256
+@@ -1084,8 +1102,8 @@
+ # /boot/kernel
+ # (or more generally, `sysctl -n kern.bootfile` minus the trailing "/kernel").
+ fetch_filter_kernel_names () {
+-	grep ^/boot/`uname -i` $1 |
+-	    sed -e "s,/boot/`uname -i`,${KERNELDIR}," |
++	grep ^/boot/${KERNCONF} $1 |
++	    sed -e "s,/boot/${KERNCONF},${KERNELDIR},g" |
+ 	    sort - $1 > $1.tmp
+ 	mv $1.tmp $1
+ }
diff --git a/share/security/patches/EN-07:05/freebsd-update.patch.asc b/share/security/patches/EN-07:05/freebsd-update.patch.asc
new file mode 100644
index 0000000000..b156050002
--- /dev/null
+++ b/share/security/patches/EN-07:05/freebsd-update.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBF+P8ZFdaIBMps37IRAqxzAKCTDjO7OwfOeeJWmJcRQRFa8JKdcgCbBpOh
+PZdqv11rfmEwbRItUd5PKhc=
+=VO6K
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-08:01/libpthread.patch b/share/security/patches/EN-08:01/libpthread.patch
new file mode 100644
index 0000000000..1aca263f83
--- /dev/null
+++ b/share/security/patches/EN-08:01/libpthread.patch
@@ -0,0 +1,85 @@
+Index: lib/libpthread/sys/lock.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libpthread/sys/Attic/lock.c,v
+retrieving revision 1.9.2.1
+diff -u -r1.9.2.1 lock.c
+--- lib/libpthread/sys/lock.c	5 Aug 2005 19:43:56 -0000	1.9.2.1
++++ lib/libpthread/sys/lock.c	12 Mar 2008 19:18:47 -0000
+@@ -117,14 +117,23 @@
+ {
+ 	if (lu == NULL)
+ 		return (-1);
+-	/*
+-	 * All lockusers keep their watch request and drop their
+-	 * own (lu_myreq) request.  Their own request is either
+-	 * some other lockuser's watch request or is the head of
+-	 * the lock.
+-	 */
+-	lu->lu_myreq = lu->lu_watchreq;
+-	if (lu->lu_myreq == NULL)
++
++	if (lu->lu_watchreq != NULL) {
++		/*
++		 * In this case the lock is active.  All lockusers
++		 * keep their watch request and drop their own
++		 * (lu_myreq) request.  Their own request is either
++		 * some other lockuser's watch request or is the
++		 * head of the lock.
++		 */
++		lu->lu_myreq = lu->lu_watchreq;
++		lu->lu_watchreq = NULL;
++       }
++       if (lu->lu_myreq == NULL)
++		/*
++		 * Oops, something isn't quite right.  Try to
++		 * allocate one.
++		 */
+ 		return (_lockuser_init(lu, priv));
+ 	else {
+ 		lu->lu_myreq->lr_locked = 1;
+Index: lib/libpthread/thread/thr_kern.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libpthread/thread/Attic/thr_kern.c,v
+retrieving revision 1.116.2.1
+diff -u -r1.116.2.1 thr_kern.c
+--- lib/libpthread/thread/thr_kern.c	16 Mar 2006 23:29:07 -0000	1.116.2.1
++++ lib/libpthread/thread/thr_kern.c	12 Mar 2008 19:19:05 -0000
+@@ -345,6 +345,17 @@
+ 		_LCK_SET_PRIVATE2(&curthread->kse->k_lockusers[i], NULL);
+ 	}
+ 	curthread->kse->k_locklevel = 0;
++
++	/*
++	 * Reinitialize the thread and signal locks so that
++	 * sigaction() will work after a fork().
++	 */
++	_lock_reinit(&curthread->lock, LCK_ADAPTIVE, _thr_lock_wait,
++	    _thr_lock_wakeup);
++	_lock_reinit(&_thread_signal_lock, LCK_ADAPTIVE, _kse_lock_wait,
++	    _kse_lock_wakeup);
++
++ 
+ 	_thr_spinlock_init();
+ 	if (__isthreaded) {
+ 		_thr_rtld_fini();
+@@ -354,6 +365,20 @@
+ 	curthread->kse->k_kcb->kcb_kmbx.km_curthread = NULL;
+ 	curthread->attr.flags |= PTHREAD_SCOPE_SYSTEM;
+ 
++	/*
++	 * After a fork, it is possible that an upcall occurs in
++	 * the parent KSE that fork()'d before the child process
++	 * is fully created and before its vm space is copied.
++	 * During the upcall, the tcb is set to null or to another
++	 * thread, and this is what gets copied in the child process
++	 * when the vm space is cloned sometime after the upcall
++	 * occurs.  Note that we shouldn't have to set the kcb, but
++	 * we do it for completeness.
++	 */
++	_kcb_set(curthread->kse->k_kcb);
++	_tcb_set(curthread->kse->k_kcb, curthread->tcb);
++ 
++
+ 	/* After a fork(), there child should have no pending signals. */
+ 	sigemptyset(&curthread->sigpend);
+ 
diff --git a/share/security/patches/EN-08:01/libpthread.patch.asc b/share/security/patches/EN-08:01/libpthread.patch.asc
new file mode 100644
index 0000000000..306968cf55
--- /dev/null
+++ b/share/security/patches/EN-08:01/libpthread.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBIBpWwFdaIBMps37IRAjY3AJ9Y1FnKdbOSG4mG29vgCQoaO91XWgCfTkHI
+YcunTDmJ4bJK2WJybC3JLiY=
+=kgMF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-08:02/tcp.patch b/share/security/patches/EN-08:02/tcp.patch
new file mode 100644
index 0000000000..b976841b0e
--- /dev/null
+++ b/share/security/patches/EN-08:02/tcp.patch
@@ -0,0 +1,94 @@
+Index: sys/netinet/tcp.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp.h,v
+retrieving revision 1.40
+diff -p -u -I__FBSDID -I$FreeBSD -r1.40 tcp.h
+--- sys/netinet/tcp.h	25 May 2007 21:28:49 -0000	1.40
++++ sys/netinet/tcp.h	18 Jun 2008 05:36:20 -0000
+@@ -78,6 +78,8 @@ struct tcphdr {
+ 
+ #define	TCPOPT_EOL		0
+ #define	   TCPOLEN_EOL			1
++#define	TCPOPT_PAD		0		/* padding after EOL */
++#define	   TCPOLEN_PAD			1
+ #define	TCPOPT_NOP		1
+ #define	   TCPOLEN_NOP			1
+ #define	TCPOPT_MAXSEG		2
+Index: sys/netinet/tcp_output.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_output.c,v
+retrieving revision 1.141.2.3
+diff -p -u -I__FBSDID -I$FreeBSD -r1.141.2.3 tcp_output.c
+--- sys/netinet/tcp_output.c	5 Dec 2007 10:37:17 -0000	1.141.2.3
++++ sys/netinet/tcp_output.c	18 Jun 2008 05:36:21 -0000
+@@ -1280,12 +1280,16 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 	for (mask = 1; mask < TOF_MAXOPT; mask <<= 1) {
+ 		if ((to->to_flags & mask) != mask)
+ 			continue;
++		if (optlen == TCP_MAXOLEN)
++			break;
+ 		switch (to->to_flags & mask) {
+ 		case TOF_MSS:
+ 			while (optlen % 4) {
+ 				optlen += TCPOLEN_NOP;
+ 				*optp++ = TCPOPT_NOP;
+ 			}
++			if (TCP_MAXOLEN - optlen < TCPOLEN_MAXSEG)
++				continue;
+ 			optlen += TCPOLEN_MAXSEG;
+ 			*optp++ = TCPOPT_MAXSEG;
+ 			*optp++ = TCPOLEN_MAXSEG;
+@@ -1298,6 +1302,8 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 				optlen += TCPOLEN_NOP;
+ 				*optp++ = TCPOPT_NOP;
+ 			}
++			if (TCP_MAXOLEN - optlen < TCPOLEN_WINDOW)
++				continue;
+ 			optlen += TCPOLEN_WINDOW;
+ 			*optp++ = TCPOPT_WINDOW;
+ 			*optp++ = TCPOLEN_WINDOW;
+@@ -1308,6 +1314,8 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 				optlen += TCPOLEN_NOP;
+ 				*optp++ = TCPOPT_NOP;
+ 			}
++			if (TCP_MAXOLEN - optlen < TCPOLEN_SACK_PERMITTED)
++				continue;
+ 			optlen += TCPOLEN_SACK_PERMITTED;
+ 			*optp++ = TCPOPT_SACK_PERMITTED;
+ 			*optp++ = TCPOLEN_SACK_PERMITTED;
+@@ -1317,6 +1325,8 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 				optlen += TCPOLEN_NOP;
+ 				*optp++ = TCPOPT_NOP;
+ 			}
++			if (TCP_MAXOLEN - optlen < TCPOLEN_TIMESTAMP)
++				continue;
+ 			optlen += TCPOLEN_TIMESTAMP;
+ 			*optp++ = TCPOPT_TIMESTAMP;
+ 			*optp++ = TCPOLEN_TIMESTAMP;
+@@ -1355,7 +1365,7 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 				optlen += TCPOLEN_NOP;
+ 				*optp++ = TCPOPT_NOP;
+ 			}
+-			if (TCP_MAXOLEN - optlen < 2 + TCPOLEN_SACK)
++			if (TCP_MAXOLEN - optlen < TCPOLEN_SACKHDR + TCPOLEN_SACK)
+ 				continue;
+ 			optlen += TCPOLEN_SACKHDR;
+ 			*optp++ = TCPOPT_SACK;
+@@ -1386,9 +1396,15 @@ tcp_addoptions(struct tcpopt *to, u_char
+ 		optlen += TCPOLEN_EOL;
+ 		*optp++ = TCPOPT_EOL;
+ 	}
++	/*
++	 * According to RFC 793 (STD0007):
++	 *   "The content of the header beyond the End-of-Option option
++	 *    must be header padding (i.e., zero)."
++	 *   and later: "The padding is composed of zeros."
++	 */
+ 	while (optlen % 4) {
+-		optlen += TCPOLEN_NOP;
+-		*optp++ = TCPOPT_NOP;
++		optlen += TCPOLEN_PAD;
++		*optp++ = TCPOPT_PAD;
+ 	}
+ 
+ 	KASSERT(optlen <= TCP_MAXOLEN, ("%s: TCP options too long", __func__));
diff --git a/share/security/patches/EN-08:02/tcp.patch.asc b/share/security/patches/EN-08:02/tcp.patch.asc
new file mode 100644
index 0000000000..98fccc70fe
--- /dev/null
+++ b/share/security/patches/EN-08:02/tcp.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkhaAbEACgkQFdaIBMps37JfRwCaApLyCI5mJehBgAF8wRO+lksS
+nTsAnjGpywM73zz5w03V+5ZyCDCfCLdf
+=InBN
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:01/kenv.patch b/share/security/patches/EN-09:01/kenv.patch
new file mode 100644
index 0000000000..91b01fbd9e
--- /dev/null
+++ b/share/security/patches/EN-09:01/kenv.patch
@@ -0,0 +1,33 @@
+Index: sys/kern/kern_environment.c
+===================================================================
+--- sys/kern/kern_environment.c	(revision 190221)
++++ sys/kern/kern_environment.c	(working copy)
+@@ -87,7 +87,7 @@
+ 	} */ *uap;
+ {
+ 	char *name, *value, *buffer = NULL;
+-	size_t len, done, needed;
++	size_t len, done, needed, buflen;
+ 	int error, i;
+ 
+ 	KASSERT(dynamic_kenv, ("kenv: dynamic_kenv = 0"));
+@@ -100,13 +100,17 @@
+ 			return (error);
+ #endif
+ 		done = needed = 0;
++		buflen = uap->len;
++		if (buflen > KENV_SIZE * (KENV_MNAMELEN + KENV_MVALLEN + 2))
++			buflen = KENV_SIZE * (KENV_MNAMELEN +
++			    KENV_MVALLEN + 2);
+ 		if (uap->len > 0 && uap->value != NULL)
+-			buffer = malloc(uap->len, M_TEMP, M_WAITOK|M_ZERO);
++			buffer = malloc(buflen, M_TEMP, M_WAITOK|M_ZERO);
+ 		mtx_lock(&kenv_lock);
+ 		for (i = 0; kenvp[i] != NULL; i++) {
+ 			len = strlen(kenvp[i]) + 1;
+ 			needed += len;
+-			len = min(len, uap->len - done);
++			len = min(len, buflen - done);
+ 			/*
+ 			 * If called with a NULL or insufficiently large
+ 			 * buffer, just keep computing the required size.
diff --git a/share/security/patches/EN-09:01/kenv.patch.asc b/share/security/patches/EN-09:01/kenv.patch.asc
new file mode 100644
index 0000000000..5c06a5c717
--- /dev/null
+++ b/share/security/patches/EN-09:01/kenv.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAknG0QcACgkQFdaIBMps37IpIgCeNjioYnV6CA50+R69NGzBdxaW
+MLYAn3aaBz6RvftdoueVrTbpipov6qF8
+=T1gU
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:02/bce.patch b/share/security/patches/EN-09:02/bce.patch
new file mode 100644
index 0000000000..8e8b889e90
--- /dev/null
+++ b/share/security/patches/EN-09:02/bce.patch
@@ -0,0 +1,18 @@
+Index: sys/dev/bce/if_bce.c
+===================================================================
+RCS file: /home/ncvs/src/sys/dev/bce/if_bce.c,v
+retrieving revision 1.34.2.7
+retrieving revision 1.34.2.8
+diff -p -I __FBSDID -I $FreeBSD -u -u -r1.34.2.7 -r1.34.2.8
+--- sys/dev/bce/if_bce.c	31 Mar 2009 01:01:01 -0000	1.34.2.7
++++ sys/dev/bce/if_bce.c	20 May 2009 21:13:49 -0000	1.34.2.8
+@@ -5895,6 +5895,9 @@ bce_rx_intr(struct bce_softc *sc)
+ 			/* Set the total packet length. */
+ 			m0->m_pkthdr.len = m0->m_len = pkt_len;
+ 		}
++#else
++        /* Set the total packet length. */
++		m0->m_pkthdr.len = m0->m_len = pkt_len;
+ #endif
+ 
+ 		/* Remove the trailing Ethernet FCS. */
diff --git a/share/security/patches/EN-09:02/bce.patch.asc b/share/security/patches/EN-09:02/bce.patch.asc
new file mode 100644
index 0000000000..9b5af6e125
--- /dev/null
+++ b/share/security/patches/EN-09:02/bce.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkpBvDIACgkQFdaIBMps37IJYgCfSNVhNC3Q3VntDhACkNQVzXIk
+xwYAoJ09ggqZb3RMUtkTaTvuw1tBfYBn
+=2/ty
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:03/fxp.patch b/share/security/patches/EN-09:03/fxp.patch
new file mode 100644
index 0000000000..78a6dcc062
--- /dev/null
+++ b/share/security/patches/EN-09:03/fxp.patch
@@ -0,0 +1,18 @@
+Index: sys/dev/fxp/if_fxp.c
+===================================================================
+RCS file: /home/ncvs/src/sys/dev/fxp/if_fxp.c,v
+retrieving revision 1.266.2.14
+retrieving revision 1.266.2.15
+diff -p -I __FBSDID -I $FreeBSD -u -u -r1.266.2.14 -r1.266.2.15
+--- sys/dev/fxp/if_fxp.c	9 Feb 2009 04:02:53 -0000	1.266.2.14
++++ sys/dev/fxp/if_fxp.c	7 May 2009 01:14:59 -0000	1.266.2.15
+@@ -1486,7 +1486,8 @@ fxp_encap(struct fxp_softc *sc, struct m
+ 		 * checksum in the first frame driver should compute it.
+ 		 */
+ 		ip->ip_sum = 0;
+-		ip->ip_len = htons(ifp->if_mtu);
++		ip->ip_len = htons(m->m_pkthdr.tso_segsz + (ip->ip_hl << 2) +
++		    (tcp->th_off << 2));
+ 		tcp->th_sum = in_pseudo(ip->ip_src.s_addr, ip->ip_dst.s_addr,
+ 		    htons(IPPROTO_TCP + (tcp->th_off << 2) +
+ 		    m->m_pkthdr.tso_segsz));
diff --git a/share/security/patches/EN-09:03/fxp.patch.asc b/share/security/patches/EN-09:03/fxp.patch.asc
new file mode 100644
index 0000000000..7d655029ee
--- /dev/null
+++ b/share/security/patches/EN-09:03/fxp.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkpBvEYACgkQFdaIBMps37JrcwCglYooOKhztZsZ5K4ZUcJa5thi
+SfAAoJYhVrpC0XNYWj7IBTtH2ra9Ty0U
+=Gqnr
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:04/fork.patch b/share/security/patches/EN-09:04/fork.patch
new file mode 100644
index 0000000000..5253074ce8
--- /dev/null
+++ b/share/security/patches/EN-09:04/fork.patch
@@ -0,0 +1,82 @@
+Index: lib/libc/stdlib/malloc.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/stdlib/malloc.c,v
+retrieving revision 1.147.2.6.2.1
+retrieving revision 1.147.2.7
+diff -p -I __FBSDID -I $FreeBSD -u -r1.147.2.6.2.1 -r1.147.2.7
+--- lib/libc/stdlib/malloc.c	15 Apr 2009 03:14:26 -0000	1.147.2.6.2.1
++++ lib/libc/stdlib/malloc.c	3 May 2009 17:51:38 -0000	1.147.2.7
+@@ -4715,16 +4715,41 @@ _malloc_thread_cleanup(void)
+ void
+ _malloc_prefork(void)
+ {
+-	unsigned i;
++	bool again;
++	unsigned i, j;
++	arena_t *larenas[narenas], *tarenas[narenas];
+ 
+ 	/* Acquire all mutexes in a safe order. */
+ 
+-	malloc_spin_lock(&arenas_lock);
+-	for (i = 0; i < narenas; i++) {
+-		if (arenas[i] != NULL)
+-			malloc_spin_lock(&arenas[i]->lock);
+-	}
+-	malloc_spin_unlock(&arenas_lock);
++	/*
++	 * arenas_lock must be acquired after all of the arena mutexes, in
++	 * order to avoid potential deadlock with arena_lock_balance[_hard]().
++	 * Since arenas_lock protects the arenas array, the following code has
++	 * to race with arenas_extend() callers until it succeeds in locking
++	 * all arenas before locking arenas_lock.
++	 */
++	memset(larenas, 0, sizeof(arena_t *) * narenas);
++	do {
++		again = false;
++
++		malloc_spin_lock(&arenas_lock);
++		for (i = 0; i < narenas; i++) {
++			if (arenas[i] != larenas[i]) {
++				memcpy(tarenas, arenas, sizeof(arena_t *) *
++				    narenas);
++				malloc_spin_unlock(&arenas_lock);
++				for (j = 0; j < narenas; j++) {
++					if (larenas[j] != tarenas[j]) {
++						larenas[j] = tarenas[j];
++						malloc_spin_lock(
++						    &larenas[j]->lock);
++					}
++				}
++				again = true;
++				break;
++			}
++		}
++	} while (again);
+ 
+ 	malloc_mutex_lock(&base_mtx);
+ 
+@@ -4739,6 +4764,7 @@ void
+ _malloc_postfork(void)
+ {
+ 	unsigned i;
++	arena_t *larenas[narenas];
+ 
+ 	/* Release all mutexes, now that fork() has completed. */
+ 
+@@ -4750,12 +4776,12 @@ _malloc_postfork(void)
+ 
+ 	malloc_mutex_unlock(&base_mtx);
+ 
+-	malloc_spin_lock(&arenas_lock);
++	memcpy(larenas, arenas, sizeof(arena_t *) * narenas);
++	malloc_spin_unlock(&arenas_lock);
+ 	for (i = 0; i < narenas; i++) {
+-		if (arenas[i] != NULL)
+-			malloc_spin_unlock(&arenas[i]->lock);
++		if (larenas[i] != NULL)
++			malloc_spin_unlock(&larenas[i]->lock);
+ 	}
+-	malloc_spin_unlock(&arenas_lock);
+ }
+ 
+ /*
diff --git a/share/security/patches/EN-09:04/fork.patch.asc b/share/security/patches/EN-09:04/fork.patch.asc
new file mode 100644
index 0000000000..e37065933f
--- /dev/null
+++ b/share/security/patches/EN-09:04/fork.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkpBvE4ACgkQFdaIBMps37L/TACeIZGhYlLc66lcKfiN1nz7h45D
+o4oAn35f0hR6fA5xceu2R719qMqyoO6e
+=tsCf
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:05/null.patch b/share/security/patches/EN-09:05/null.patch
new file mode 100644
index 0000000000..765f536298
--- /dev/null
+++ b/share/security/patches/EN-09:05/null.patch
@@ -0,0 +1,45 @@
+Index: sys/kern/kern_exec.c
+===================================================================
+--- sys/kern/kern_exec.c	(revision 197682)
++++ sys/kern/kern_exec.c	(working copy)
+@@ -122,6 +122,11 @@
+ SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, 
+     &ps_arg_cache_limit, 0, "");
+ 
++static int map_at_zero = 1;
++TUNABLE_INT("security.bsd.map_at_zero", &map_at_zero);
++SYSCTL_INT(_security_bsd, OID_AUTO, map_at_zero, CTLFLAG_RW, &map_at_zero, 0,
++    "Permit processes to map an object at virtual address 0.");
++
+ static int
+ sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
+ {
+@@ -939,7 +944,7 @@
+ 	int error;
+ 	struct proc *p = imgp->proc;
+ 	struct vmspace *vmspace = p->p_vmspace;
+-	vm_offset_t stack_addr;
++	vm_offset_t sv_minuser, stack_addr;
+ 	vm_map_t map;
+ 	u_long ssiz;
+ 
+@@ -955,13 +960,17 @@
+ 	 * not disrupted
+ 	 */
+ 	map = &vmspace->vm_map;
+-	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
++	if (map_at_zero)
++		sv_minuser = sv->sv_minuser;
++	else
++		sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE);
++	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv_minuser &&
+ 	    vm_map_max(map) == sv->sv_maxuser) {
+ 		shmexit(vmspace);
+ 		pmap_remove_pages(vmspace_pmap(vmspace));
+ 		vm_map_remove(map, vm_map_min(map), vm_map_max(map));
+ 	} else {
+-		error = vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
++		error = vmspace_exec(p, sv_minuser, sv->sv_maxuser);
+ 		if (error)
+ 			return (error);
+ 		vmspace = p->p_vmspace;
diff --git a/share/security/patches/EN-09:05/null.patch.asc b/share/security/patches/EN-09:05/null.patch.asc
new file mode 100644
index 0000000000..3894755d92
--- /dev/null
+++ b/share/security/patches/EN-09:05/null.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBKxlu9FdaIBMps37IRAuOyAJ4j6HtxtoDHpdG69OA3T3Wc2xK7ogCfVdJf
+cL3WVf03oVhNc1I5k1eXKXM=
+=CsiD
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-09:05/null6.patch b/share/security/patches/EN-09:05/null6.patch
new file mode 100644
index 0000000000..95c0b0cbbe
--- /dev/null
+++ b/share/security/patches/EN-09:05/null6.patch
@@ -0,0 +1,48 @@
+Index: sys/kern/kern_exec.c
+===================================================================
+--- sys/kern/kern_exec.c	(revision 197682)
++++ sys/kern/kern_exec.c	(working copy)
+@@ -104,6 +104,13 @@
+ SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, 
+     &ps_arg_cache_limit, 0, "");
+ 
++SYSCTL_DECL(_security_bsd);
++
++static int map_at_zero = 1;
++TUNABLE_INT("security.bsd.map_at_zero", &map_at_zero);
++SYSCTL_INT(_security_bsd, OID_AUTO, map_at_zero, CTLFLAG_RW, &map_at_zero, 0,
++    "Permit processes to map an object at virtual address 0.");
++
+ static int
+ sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
+ {
+@@ -914,7 +921,7 @@
+ 	int error;
+ 	struct proc *p = imgp->proc;
+ 	struct vmspace *vmspace = p->p_vmspace;
+-	vm_offset_t stack_addr;
++	vm_offset_t sv_minuser, stack_addr;
+ 	vm_map_t map;
+ 
+ 	imgp->vmspace_destroyed = 1;
+@@ -928,14 +935,18 @@
+ 	 * not disrupted
+ 	 */
+ 	map = &vmspace->vm_map;
+-	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
++	if (map_at_zero)
++		sv_minuser = sv->sv_minuser;
++	else
++		sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE);
++	if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv_minuser &&
+ 	    vm_map_max(map) == sv->sv_maxuser) {
+ 		shmexit(vmspace);
+ 		pmap_remove_pages(vmspace_pmap(vmspace), vm_map_min(map),
+ 		    vm_map_max(map));
+ 		vm_map_remove(map, vm_map_min(map), vm_map_max(map));
+ 	} else {
+-		vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
++		vmspace_exec(p, sv_minuser, sv->sv_maxuser);
+ 		vmspace = p->p_vmspace;
+ 		map = &vmspace->vm_map;
+ 	}
diff --git a/share/security/patches/EN-09:05/null6.patch.asc b/share/security/patches/EN-09:05/null6.patch.asc
new file mode 100644
index 0000000000..26285f1aeb
--- /dev/null
+++ b/share/security/patches/EN-09:05/null6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBKxlvAFdaIBMps37IRAnuCAJ9VpkLz06gqrjlIdfoYwo1yW+iBggCeNyEL
+e/REZLpRe7LVWJA/V2lxUWA=
+=/hWS
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/mcinit.patch b/share/security/patches/EN-10:01/mcinit.patch
new file mode 100644
index 0000000000..d559e080fd
--- /dev/null
+++ b/share/security/patches/EN-10:01/mcinit.patch
@@ -0,0 +1,20 @@
+Index: sys/netinet/ip_mroute.c
+===================================================================
+--- sys/netinet/ip_mroute.c	(revision 201431)
++++ sys/netinet/ip_mroute.c	(working copy)
+@@ -1384,6 +1384,15 @@ fail:
+ 	    rt->mfc_rp.s_addr = INADDR_ANY;
+ 	    rt->mfc_bw_meter = NULL;
+ 
++	    /* initialize pkt counters per src-grp */
++	    rt->mfc_pkt_cnt = 0;
++	    rt->mfc_byte_cnt = 0;
++	    rt->mfc_wrong_if = 0;
++	    timevalclear(&rt->mfc_last_assert);
++
++	    TAILQ_INIT(&rt->mfc_stall);
++	    rt->mfc_nstall = 0;
++
+ 	    /* link into table */
+ 	    LIST_INSERT_HEAD(&mfchashtbl[hash], rt, mfc_hash);
+ 	    TAILQ_INSERT_HEAD(&rt->mfc_stall, rte, rte_link);
diff --git a/share/security/patches/EN-10:01/mcinit.patch.asc b/share/security/patches/EN-10:01/mcinit.patch.asc
new file mode 100644
index 0000000000..7aef3ada9a
--- /dev/null
+++ b/share/security/patches/EN-10:01/mcinit.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ97FdaIBMps37IRAiZJAJ9Py2iMOvav27vV5asuH/0hBYRVogCePJ/r
+K03edeiH7Tql3ZHfeRo8yko=
+=aa1V
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/multicast.patch b/share/security/patches/EN-10:01/multicast.patch
new file mode 100644
index 0000000000..1ca1de6c52
--- /dev/null
+++ b/share/security/patches/EN-10:01/multicast.patch
@@ -0,0 +1,100 @@
+Index: sys/netinet/raw_ip.c
+===================================================================
+--- sys/netinet/raw_ip.c	(revision 200583)
++++ sys/netinet/raw_ip.c	(working copy)
+@@ -343,17 +343,35 @@ rip_input(struct mbuf *m, int off)
+ 		 */
+ 		if (inp->inp_moptions != NULL &&
+ 		    IN_MULTICAST(ntohl(ip->ip_dst.s_addr))) {
+-			struct sockaddr_in group;
++			/*
++			 * If the incoming datagram is for IGMP, allow it
++			 * through unconditionally to the raw socket.
++			 *
++			 * In the case of IGMPv2, we may not have explicitly
++			 * joined the group, and may have set IFF_ALLMULTI
++			 * on the interface. imo_multi_filter() may discard
++			 * control traffic we actually need to see.
++			 *
++			 * Userland multicast routing daemons should continue
++			 * filter the control traffic appropriately.
++			 */
+ 			int blocked;
+ 
+-			bzero(&group, sizeof(struct sockaddr_in));
+-			group.sin_len = sizeof(struct sockaddr_in);
+-			group.sin_family = AF_INET;
+-			group.sin_addr = ip->ip_dst;
++			blocked = MCAST_PASS;
++			if (proto != IPPROTO_IGMP) {
++				struct sockaddr_in group;
+ 
+-			blocked = imo_multi_filter(inp->inp_moptions, ifp,
+-			    (struct sockaddr *)&group,
+-			    (struct sockaddr *)&ripsrc);
++				bzero(&group, sizeof(struct sockaddr_in));
++				group.sin_len = sizeof(struct sockaddr_in);
++				group.sin_family = AF_INET;
++				group.sin_addr = ip->ip_dst;
++
++				blocked = imo_multi_filter(inp->inp_moptions,
++				    ifp,
++				    (struct sockaddr *)&group,
++				    (struct sockaddr *)&ripsrc);
++			}
++
+ 			if (blocked != MCAST_PASS) {
+ 				IPSTAT_INC(ips_notmember);
+ 				continue;
+Index: sys/netinet6/raw_ip6.c
+===================================================================
+--- sys/netinet6/raw_ip6.c	(revision 200583)
++++ sys/netinet6/raw_ip6.c	(working copy)
+@@ -213,17 +213,39 @@ rip6_input(struct mbuf **mp, int *offp, int proto)
+ 		 */
+ 		if (in6p->in6p_moptions &&
+ 		    IN6_IS_ADDR_MULTICAST(&ip6->ip6_dst)) {
+-			struct sockaddr_in6 mcaddr;
++			/*
++			 * If the incoming datagram is for MLD, allow it
++			 * through unconditionally to the raw socket.
++			 *
++			 * Use the M_RTALERT_MLD flag to check for MLD
++			 * traffic without having to inspect the mbuf chain
++			 * more deeply, as all MLDv1/v2 host messages MUST
++			 * contain the Router Alert option.
++			 *
++			 * In the case of MLDv1, we may not have explicitly
++			 * joined the group, and may have set IFF_ALLMULTI
++			 * on the interface. im6o_mc_filter() may discard
++			 * control traffic we actually need to see.
++			 *
++			 * Userland multicast routing daemons should continue
++			 * filter the control traffic appropriately.
++			 */
+ 			int blocked;
+ 
+-			bzero(&mcaddr, sizeof(struct sockaddr_in6));
+-			mcaddr.sin6_len = sizeof(struct sockaddr_in6);
+-			mcaddr.sin6_family = AF_INET6;
+-			mcaddr.sin6_addr = ip6->ip6_dst;
++			blocked = MCAST_PASS;
++			if ((m->m_flags & M_RTALERT_MLD) == 0) {
++				struct sockaddr_in6 mcaddr;
+ 
+-			blocked = im6o_mc_filter(in6p->in6p_moptions, ifp,
+-			    (struct sockaddr *)&mcaddr,
+-			    (struct sockaddr *)&fromsa);
++				bzero(&mcaddr, sizeof(struct sockaddr_in6));
++				mcaddr.sin6_len = sizeof(struct sockaddr_in6);
++				mcaddr.sin6_family = AF_INET6;
++				mcaddr.sin6_addr = ip6->ip6_dst;
++
++				blocked = im6o_mc_filter(in6p->in6p_moptions,
++				    ifp,
++				    (struct sockaddr *)&mcaddr,
++				    (struct sockaddr *)&fromsa);
++			}
+ 			if (blocked != MCAST_PASS) {
+ 				IP6STAT_INC(ip6s_notmember);
+ 				continue;
diff --git a/share/security/patches/EN-10:01/multicast.patch.asc b/share/security/patches/EN-10:01/multicast.patch.asc
new file mode 100644
index 0000000000..5c465c38e2
--- /dev/null
+++ b/share/security/patches/EN-10:01/multicast.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ9/FdaIBMps37IRAuT6AJ49tONO/rrRaYM2zCY309CdPW3GNwCgnxls
+mSkLO892pvQKqaFTgjFof0w=
+=e/N4
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/nfsreconnect.patch b/share/security/patches/EN-10:01/nfsreconnect.patch
new file mode 100644
index 0000000000..61dfbb2cfb
--- /dev/null
+++ b/share/security/patches/EN-10:01/nfsreconnect.patch
@@ -0,0 +1,27 @@
+Index: sys/rpc/clnt_vc.c
+===================================================================
+--- sys/rpc/clnt_vc.c	(revision 200583)
++++ sys/rpc/clnt_vc.c	(working copy)
+@@ -413,6 +413,22 @@ call_again:
+ 
+ 	cr->cr_xid = xid;
+ 	mtx_lock(&ct->ct_lock);
++	/*
++	 * Check to see if the other end has already started to close down
++	 * the connection. The upcall will have set ct_error.re_status
++	 * to RPC_CANTRECV if this is the case.
++	 * If the other end starts to close down the connection after this
++	 * point, it will be detected later when cr_error is checked,
++	 * since the request is in the ct_pending queue.
++	 */
++	if (ct->ct_error.re_status == RPC_CANTRECV) {
++		if (errp != &ct->ct_error) {
++			errp->re_errno = ct->ct_error.re_errno;
++			errp->re_status = RPC_CANTRECV;
++		}
++		stat = RPC_CANTRECV;
++		goto out;
++	}
+ 	TAILQ_INSERT_TAIL(&ct->ct_pending, cr, cr_link);
+ 	mtx_unlock(&ct->ct_lock);
+ 
diff --git a/share/security/patches/EN-10:01/nfsreconnect.patch.asc b/share/security/patches/EN-10:01/nfsreconnect.patch.asc
new file mode 100644
index 0000000000..66509664a5
--- /dev/null
+++ b/share/security/patches/EN-10:01/nfsreconnect.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ+CFdaIBMps37IRAgxzAJ9whBL/OL5Iz3q5VxVFYSYtPh8INgCfVup2
+Vcul/i1E5SPCyfjeu11LWSI=
+=T7Kh
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/rename.patch b/share/security/patches/EN-10:01/rename.patch
new file mode 100644
index 0000000000..ef70801f8b
--- /dev/null
+++ b/share/security/patches/EN-10:01/rename.patch
@@ -0,0 +1,17 @@
+Index: sys/kern/vfs_lookup.c
+===================================================================
+--- sys/kern/vfs_lookup.c	(revision 200583)
++++ sys/kern/vfs_lookup.c	(working copy)
+@@ -552,6 +552,12 @@ dirloop:
+ 	else
+ 		cnp->cn_flags &= ~ISLASTCN;
+ 
++	if ((cnp->cn_flags & ISLASTCN) != 0 &&
++	    cnp->cn_namelen == 1 && cnp->cn_nameptr[0] == '.' &&
++	    (cnp->cn_nameiop == DELETE || cnp->cn_nameiop == RENAME)) {
++		error = EINVAL;
++		goto bad;
++	}
+ 
+ 	/*
+ 	 * Check for degenerate name (e.g. / or "")
diff --git a/share/security/patches/EN-10:01/rename.patch.asc b/share/security/patches/EN-10:01/rename.patch.asc
new file mode 100644
index 0000000000..f7bf8d9e29
--- /dev/null
+++ b/share/security/patches/EN-10:01/rename.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ+GFdaIBMps37IRAsHrAJ9g66jI3fSGB4fINVFNE0snEzke8ACcDN0B
+181UsnOfrdrQVLHJiytzX2E=
+=LxDa
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/sctp.patch b/share/security/patches/EN-10:01/sctp.patch
new file mode 100644
index 0000000000..7543c42d2b
--- /dev/null
+++ b/share/security/patches/EN-10:01/sctp.patch
@@ -0,0 +1,14 @@
+Index: sys/netinet/sctp_input.c
+===================================================================
+--- sys/netinet/sctp_input.c	(revision 200583)
++++ sys/netinet/sctp_input.c	(working copy)
+@@ -834,6 +834,9 @@ sctp_handle_shutdown(struct sctp_shutdown_chunk *c
+ 		return;
+ 	} else {
+ 		sctp_update_acked(stcb, cp, net, abort_flag);
++		if (*abort_flag) {
++			return;
++		}
+ 	}
+ 	if (asoc->control_pdapi) {
+ 		/*
diff --git a/share/security/patches/EN-10:01/sctp.patch.asc b/share/security/patches/EN-10:01/sctp.patch.asc
new file mode 100644
index 0000000000..3ea667c7fa
--- /dev/null
+++ b/share/security/patches/EN-10:01/sctp.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ+KFdaIBMps37IRAucUAJ9tjhRHdgEPJCzgo+RqqbByqdnHBQCeIMX0
+ASUbaYhkffhO7sAJONHEg68=
+=GJHF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/zfsmac.patch b/share/security/patches/EN-10:01/zfsmac.patch
new file mode 100644
index 0000000000..286e3959fe
--- /dev/null
+++ b/share/security/patches/EN-10:01/zfsmac.patch
@@ -0,0 +1,78 @@
+Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c
+===================================================================
+--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c	(revision 200583)
++++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_znode.c	(working copy)
+@@ -143,16 +143,19 @@ zfs_znode_cache_constructor(void *buf, void *arg,
+ 
+ 	POINTER_INVALIDATE(&zp->z_zfsvfs);
+ 	ASSERT(!POINTER_IS_VALID(zp->z_zfsvfs));
+-	ASSERT(vfsp != NULL);
+ 
+-	error = getnewvnode("zfs", vfsp, &zfs_vnodeops, &vp);
+-	if (error != 0 && (kmflags & KM_NOSLEEP))
+-		return (-1);
+-	ASSERT(error == 0);
+-	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
+-	zp->z_vnode = vp;
+-	vp->v_data = (caddr_t)zp;
+-	VN_LOCK_AREC(vp);
++	if (vfsp != NULL) {
++		error = getnewvnode("zfs", vfsp, &zfs_vnodeops, &vp);
++		if (error != 0 && (kmflags & KM_NOSLEEP))
++			return (-1);
++		ASSERT(error == 0);
++		vn_lock(vp, LK_EXCLUSIVE | LK_RETRY);
++		zp->z_vnode = vp;
++		vp->v_data = (caddr_t)zp;
++		VN_LOCK_AREC(vp);
++	} else {
++		zp->z_vnode = NULL;
++	}
+ 
+ 	list_link_init(&zp->z_link_node);
+ 
+@@ -1435,7 +1438,7 @@ zfs_create_fs(objset_t *os, cred_t *cr, nvlist_t *
+ 	nvpair_t	*elem;
+ 	int		error;
+ 	znode_t		*rootzp = NULL;
+-	vnode_t		*vp;
++	vnode_t		vnode;
+ 	vattr_t		vattr;
+ 	znode_t		*zp;
+ 
+@@ -1504,13 +1507,13 @@ zfs_create_fs(objset_t *os, cred_t *cr, nvlist_t *
+ 	vattr.va_gid = crgetgid(cr);
+ 
+ 	rootzp = kmem_cache_alloc(znode_cache, KM_SLEEP);
+-	zfs_znode_cache_constructor(rootzp, &zfsvfs, 0);
++	zfs_znode_cache_constructor(rootzp, NULL, 0);
+ 	rootzp->z_unlinked = 0;
+ 	rootzp->z_atime_dirty = 0;
+ 
+-	vp = ZTOV(rootzp);
+-	vp->v_type = VDIR;
+-	VN_LOCK_ASHARE(vp);
++	vnode.v_type = VDIR;
++	vnode.v_data = rootzp;
++	rootzp->z_vnode = &vnode;
+ 
+ 	bzero(&zfsvfs, sizeof (zfsvfs_t));
+ 
+@@ -1539,16 +1542,10 @@ zfs_create_fs(objset_t *os, cred_t *cr, nvlist_t *
+ 	ASSERT(error == 0);
+ 	POINTER_INVALIDATE(&rootzp->z_zfsvfs);
+ 
+-	VI_LOCK(vp);
+-	ZTOV(rootzp)->v_data = NULL;
+-	ZTOV(rootzp)->v_count = 0;
+-	ZTOV(rootzp)->v_holdcnt = 0;
+-	rootzp->z_vnode = NULL;
+-	VOP_UNLOCK(vp, 0);
+-	vdestroy(vp);
+ 	dmu_buf_rele(rootzp->z_dbuf, NULL);
+ 	rootzp->z_dbuf = NULL;
+ 	mutex_destroy(&zfsvfs.z_znodes_lock);
++	rootzp->z_vnode = NULL;
+ 	kmem_cache_free(znode_cache, rootzp);
+ }
+ 
diff --git a/share/security/patches/EN-10:01/zfsmac.patch.asc b/share/security/patches/EN-10:01/zfsmac.patch.asc
new file mode 100644
index 0000000000..ff2d98cb29
--- /dev/null
+++ b/share/security/patches/EN-10:01/zfsmac.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ+OFdaIBMps37IRAoKrAJ96Nx1lSfC0pQG6vXgBP15kl13VOwCfVnT4
+GDh8Jy+GHTH56I82n4SgoaA=
+=DMKc
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:01/zfsvaccess.patch b/share/security/patches/EN-10:01/zfsvaccess.patch
new file mode 100644
index 0000000000..4a47391171
--- /dev/null
+++ b/share/security/patches/EN-10:01/zfsvaccess.patch
@@ -0,0 +1,72 @@
+Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c
+===================================================================
+--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	(revision 200583)
++++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_vnops.c	(working copy)
+@@ -3981,21 +3981,33 @@ zfs_freebsd_access(ap)
+ 		struct thread *a_td;
+ 	} */ *ap;
+ {
++	accmode_t accmode;
++	int error = 0;
+ 
+ 	/*
+-	 * ZFS itself only knowns about VREAD, VWRITE and VEXEC, the rest
+-	 * we have to handle by calling vaccess().
++	 * ZFS itself only knowns about VREAD, VWRITE, VEXEC and VAPPEND,
+ 	 */
+-	if ((ap->a_accmode & ~(VREAD|VWRITE|VEXEC)) != 0) {
+-		vnode_t *vp = ap->a_vp;
+-		znode_t *zp = VTOZ(vp);
+-		znode_phys_t *zphys = zp->z_phys;
++	accmode = ap->a_accmode & (VREAD|VWRITE|VEXEC|VAPPEND);
++	if (accmode != 0)
++		error = zfs_access(ap->a_vp, accmode, 0, ap->a_cred, NULL);
+ 
+-		return (vaccess(vp->v_type, zphys->zp_mode, zphys->zp_uid,
+-		    zphys->zp_gid, ap->a_accmode, ap->a_cred, NULL));
++	/*
++	 * VADMIN has to be handled by vaccess().
++	 */
++	if (error == 0) {
++		accmode = ap->a_accmode & ~(VREAD|VWRITE|VEXEC|VAPPEND);
++		if (accmode != 0) {
++			vnode_t *vp = ap->a_vp;
++			znode_t *zp = VTOZ(vp);
++			znode_phys_t *zphys = zp->z_phys;
++
++			error = vaccess(vp->v_type, zphys->zp_mode,
++			    zphys->zp_uid, zphys->zp_gid, accmode, ap->a_cred,
++			    NULL);
++		}
+ 	}
+ 
+-	return (zfs_access(ap->a_vp, ap->a_accmode, 0, ap->a_cred, NULL));
++	return (error);
+ }
+ 
+ static int
+Index: sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h
+===================================================================
+--- sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h	(revision 200583)
++++ sys/cddl/contrib/opensolaris/uts/common/sys/vnode.h	(working copy)
+@@ -304,7 +304,6 @@ typedef struct xvattr {
+  * VOP_ACCESS flags
+  */
+ #define	V_ACE_MASK	0x1	/* mask represents  NFSv4 ACE permissions */
+-#define	V_APPEND	0x2	/* want to do append only check */
+ 
+ /*
+  * Flags for vnode operations.
+Index: sys/cddl/compat/opensolaris/sys/vnode.h
+===================================================================
+--- sys/cddl/compat/opensolaris/sys/vnode.h	(revision 200583)
++++ sys/cddl/compat/opensolaris/sys/vnode.h	(working copy)
+@@ -57,6 +57,8 @@ typedef	struct vop_vector	vnodeops_t;
+ 
+ #define	v_count	v_usecount
+ 
++#define	V_APPEND	VAPPEND
++
+ static __inline int
+ vn_is_readonly(vnode_t *vp)
+ {
diff --git a/share/security/patches/EN-10:01/zfsvaccess.patch.asc b/share/security/patches/EN-10:01/zfsvaccess.patch.asc
new file mode 100644
index 0000000000..3d295b1d99
--- /dev/null
+++ b/share/security/patches/EN-10:01/zfsvaccess.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRQ+RFdaIBMps37IRAutJAJ9kWtj/5fk1Ng6qmDRdb2qbX00/RwCgg631
++1Gsl+PGrFamz+iU2fTcfFA=
+=IAmh
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-10:02/sched_ule.patch b/share/security/patches/EN-10:02/sched_ule.patch
new file mode 100644
index 0000000000..0ec8e23fe1
--- /dev/null
+++ b/share/security/patches/EN-10:02/sched_ule.patch
@@ -0,0 +1,38 @@
+Index: sys/kern/sched_ule.c
+===================================================================
+--- sys/kern/sched_ule.c	(revision 202744)
++++ sys/kern/sched_ule.c	(working copy)
+@@ -1822,18 +1822,24 @@
+ 	 */
+ 	spinlock_enter();
+ 	thread_block_switch(td);	/* This releases the lock on tdq. */
+-	TDQ_LOCK(tdn);
+-	tdq_add(tdn, td, flags);
+-	tdq_notify(td->td_sched);
++
+ 	/*
+-	 * After we unlock tdn the new cpu still can't switch into this
+-	 * thread until we've unblocked it in cpu_switch().  The lock
+-	 * pointers may match in the case of HTT cores.  Don't unlock here
+-	 * or we can deadlock when the other CPU runs the IPI handler.
++	 * Acquire both run-queue locks before placing the thread on the new
++	 * run-queue to avoid deadlocks created by placing a thread with a
++	 * blocked lock on the run-queue of a remote processor.  The deadlock
++	 * occurs when a third processor attempts to lock the two queues in
++	 * question while the target processor is spinning with its own
++	 * run-queue lock held while waiting for the blocked lock to clear.
+ 	 */
+-	if (TDQ_LOCKPTR(tdn) != TDQ_LOCKPTR(tdq)) {
++	if (TDQ_LOCKPTR(tdn) == TDQ_LOCKPTR(tdq)) {
++		TDQ_LOCK(tdq);
++		tdq_add(tdn, td, flags);
++		tdq_notify(td->td_sched);
++	} else {
++		tdq_lock_pair(tdn, tdq);
++		tdq_add(tdn, td, flags);
++		tdq_notify(td->td_sched);
+ 		TDQ_UNLOCK(tdn);
+-		TDQ_LOCK(tdq);
+ 	}
+ 	spinlock_exit();
+ #endif
diff --git a/share/security/patches/EN-10:02/sched_ule.patch.asc b/share/security/patches/EN-10:02/sched_ule.patch.asc
new file mode 100644
index 0000000000..fd5acbd170
--- /dev/null
+++ b/share/security/patches/EN-10:02/sched_ule.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAkuI+2cACgkQFdaIBMps37I9nACfb7RXdJIvRAFy0ElvUKGQsLl5
+yA8Ani0yxIBPwQiwJdq8rNR3UbMMuPxG
+=rF8H
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-12:01/freebsd-update.patch b/share/security/patches/EN-12:01/freebsd-update.patch
new file mode 100644
index 0000000000..981e7d964b
--- /dev/null
+++ b/share/security/patches/EN-12:01/freebsd-update.patch
@@ -0,0 +1,13 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+--- usr.sbin/freebsd-update/freebsd-update.sh	(revision 226649)
++++ usr.sbin/freebsd-update/freebsd-update.sh	(revision 226650)
+@@ -1200,7 +1200,7 @@
+ 	# Some aliases to save space later: ${P} is a character which can
+ 	# appear in a path; ${M} is the four numeric metadata fields; and
+ 	# ${H} is a sha256 hash.
+-	P="[-+./:=_[[:alnum:]]"
++	P="[-+./:=%@_[[:alnum:]]"
+ 	M="[0-9]+\|[0-9]+\|[0-9]+\|[0-9]+"
+ 	H="[0-9a-f]{64}"
+ 
diff --git a/share/security/patches/EN-12:01/freebsd-update.patch.asc b/share/security/patches/EN-12:01/freebsd-update.patch.asc
new file mode 100644
index 0000000000..ff0a4db7c4
--- /dev/null
+++ b/share/security/patches/EN-12:01/freebsd-update.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk8E5YoACgkQFdaIBMps37KtdACfZ9/XDtViOAhdW6xNeAsBoNmN
+d6UAnRzpcJ8Ld4kRuasQ6iO25WOXS4hB
+=+OUY
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-12:02/ipv6refcount-83.patch b/share/security/patches/EN-12:02/ipv6refcount-83.patch
new file mode 100644
index 0000000000..66d07c61bf
--- /dev/null
+++ b/share/security/patches/EN-12:02/ipv6refcount-83.patch
@@ -0,0 +1,110 @@
+Index: sys/netinet6/in6.c
+===================================================================
+--- sys/netinet6/in6.c.orig
++++ sys/netinet6/in6.c
+@@ -1667,14 +1667,19 @@ in6_lifaddr_ioctl(struct socket *so, u_long cmd, c
+ 			hostid = IFA_IN6(ifa);
+ 
+ 			/* prefixlen must be <= 64. */
+-			if (64 < iflr->prefixlen)
++			if (64 < iflr->prefixlen) {
++				if (ifa != NULL)
++					ifa_free(ifa);
+ 				return EINVAL;
++			}
+ 			prefixlen = iflr->prefixlen;
+ 
+ 			/* hostid part must be zero. */
+ 			sin6 = (struct sockaddr_in6 *)&iflr->addr;
+ 			if (sin6->sin6_addr.s6_addr32[2] != 0 ||
+ 			    sin6->sin6_addr.s6_addr32[3] != 0) {
++				if (ifa != NULL)
++					ifa_free(ifa);
+ 				return EINVAL;
+ 			}
+ 		} else
+@@ -2265,14 +2265,20 @@ in6_ifawithifp(struct ifnet *ifp, struct in6_addr
+ 		IF_ADDR_UNLOCK(ifp);
+ 		return (struct in6_ifaddr *)ifa;
+ 	}
+-	IF_ADDR_UNLOCK(ifp);
+ 
+ 	/* use the last-resort values, that are, deprecated addresses */
+-	if (dep[0])
++	if (dep[0]) {
++		ifa_ref((struct ifaddr *)dep[0]);
++		IF_ADDR_UNLOCK(ifp);
+ 		return dep[0];
+-	if (dep[1])
++	}
++	if (dep[1]) {
++		ifa_ref((struct ifaddr *)dep[1]);
++		IF_ADDR_UNLOCK(ifp);
+ 		return dep[1];
++	}
+ 
++	IF_ADDR_UNLOCK(ifp);
+ 	return NULL;
+ }
+ 
+Index: sys/netinet6/ip6_input.c
+===================================================================
+--- sys/netinet6/ip6_input.c.orig
++++ sys/netinet6/ip6_input.c
+@@ -879,19 +879,23 @@ passin:
+ 	 * as our interface address (e.g. multicast addresses, addresses
+ 	 * within FAITH prefixes and such).
+ 	 */
+-	if (deliverifp && !ip6_getdstifaddr(m)) {
++	if (deliverifp) {
+ 		struct in6_ifaddr *ia6;
+ 
+-		ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
+-		if (ia6) {
+-			if (!ip6_setdstifaddr(m, ia6)) {
+-				/*
+-				 * XXX maybe we should drop the packet here,
+-				 * as we could not provide enough information
+-				 * to the upper layers.
+-				 */
++ 		if ((ia6 = ip6_getdstifaddr(m)) != NULL) {
++			ifa_free(&ia6->ia_ifa);
++		} else {
++			ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
++			if (ia6) {
++				if (!ip6_setdstifaddr(m, ia6)) {
++					/*
++					 * XXX maybe we should drop the packet here,
++					 * as we could not provide enough information
++					 * to the upper layers.
++					 */
++				}
++				ifa_free(&ia6->ia_ifa);
+ 			}
+-			ifa_free(&ia6->ia_ifa);
+ 		}
+ 	}
+ 
+Index: sys/netinet/tcp_input.c
+===================================================================
+--- sys/netinet/tcp_input.c.orig
++++ sys/netinet/tcp_input.c
+@@ -512,6 +512,8 @@ tcp6_input(struct mbuf **mp, int *offp, int proto)
+ 			    (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);
+ 		return IPPROTO_DONE;
+ 	}
++	if (ia6)
++		ifa_free(&ia6->ia_ifa);
+ 
+ 	tcp_input(m, *offp);
+ 	return IPPROTO_DONE;
+@@ -1240,7 +1242,8 @@ relocked:
+ 				rstreason = BANDLIM_RST_OPENPORT;
+ 				goto dropwithreset;
+ 			}
+-			ifa_free(&ia6->ia_ifa);
++			if (ia6)
++				ifa_free(&ia6->ia_ifa);
+ 		}
+ #endif /* INET6 */
+ 		/*
diff --git a/share/security/patches/EN-12:02/ipv6refcount-83.patch.asc b/share/security/patches/EN-12:02/ipv6refcount-83.patch.asc
new file mode 100644
index 0000000000..a982cc54bb
--- /dev/null
+++ b/share/security/patches/EN-12:02/ipv6refcount-83.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAk/XKOMACgkQFdaIBMps37LfUQCfbv+dBpZkOEKahx6U5Yz1+EW+
+4FUAoJOh8xtmVU+03ym+Jryyi/zTz8//
+=s9mN
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/EN-12:02/ipv6refcount.patch b/share/security/patches/EN-12:02/ipv6refcount.patch
new file mode 100644
index 0000000000..f0984f6776
--- /dev/null
+++ b/share/security/patches/EN-12:02/ipv6refcount.patch
@@ -0,0 +1,128 @@
+Index: sys/netinet6/in6.c
+===================================================================
+--- sys/netinet6/in6.c.orig
++++ sys/netinet6/in6.c
+@@ -1369,6 +1369,8 @@ in6_purgeaddr(struct ifaddr *ifa)
+ 	}
+ 
+ cleanup:
++	if (ifa0 != NULL)
++		ifa_free(ifa0);
+ 
+ 	plen = in6_mask2len(&ia->ia_prefixmask.sin6_addr, NULL); /* XXX */
+ 	if ((ia->ia_flags & IFA_ROUTE) && plen == 128) {
+@@ -1393,8 +1395,6 @@ cleanup:
+ 			return;
+ 		ia->ia_flags &= ~IFA_ROUTE;
+ 	}
+-	if (ifa0 != NULL)
+-		ifa_free(ifa0);
+ 
+ 	in6_unlink_ifa(ia, ifp);
+ }
+@@ -1667,14 +1667,19 @@ in6_lifaddr_ioctl(struct socket *so, u_long cmd, c
+ 			hostid = IFA_IN6(ifa);
+ 
+ 			/* prefixlen must be <= 64. */
+-			if (64 < iflr->prefixlen)
++			if (64 < iflr->prefixlen) {
++				if (ifa != NULL)
++					ifa_free(ifa);
+ 				return EINVAL;
++			}
+ 			prefixlen = iflr->prefixlen;
+ 
+ 			/* hostid part must be zero. */
+ 			sin6 = (struct sockaddr_in6 *)&iflr->addr;
+ 			if (sin6->sin6_addr.s6_addr32[2] != 0 ||
+ 			    sin6->sin6_addr.s6_addr32[3] != 0) {
++				if (ifa != NULL)
++					ifa_free(ifa);
+ 				return EINVAL;
+ 			}
+ 		} else
+@@ -2265,14 +2265,20 @@ in6_ifawithifp(struct ifnet *ifp, struct in6_addr
+ 		IN6_IFADDR_RUNLOCK();
+ 		return (struct in6_ifaddr *)ifa;
+ 	}
+-	IN6_IFADDR_RUNLOCK();
+ 
+ 	/* use the last-resort values, that are, deprecated addresses */
+-	if (dep[0])
++	if (dep[0]) {
++		ifa_ref((struct ifaddr *)dep[0]);
++		IN6_IFADDR_RUNLOCK();
+ 		return dep[0];
+-	if (dep[1])
++	}
++	if (dep[1]) {
++		ifa_ref((struct ifaddr *)dep[1]);
++		IN6_IFADDR_RUNLOCK();
+ 		return dep[1];
++	}
+ 
++	IN6_IFADDR_RUNLOCK();
+ 	return NULL;
+ }
+ 
+Index: sys/netinet6/ip6_input.c
+===================================================================
+--- sys/netinet6/ip6_input.c.orig
++++ sys/netinet6/ip6_input.c
+@@ -879,19 +879,23 @@ passin:
+ 	 * as our interface address (e.g. multicast addresses, addresses
+ 	 * within FAITH prefixes and such).
+ 	 */
+-	if (deliverifp && !ip6_getdstifaddr(m)) {
++	if (deliverifp) {
+ 		struct in6_ifaddr *ia6;
+ 
+-		ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
+-		if (ia6) {
+-			if (!ip6_setdstifaddr(m, ia6)) {
+-				/*
+-				 * XXX maybe we should drop the packet here,
+-				 * as we could not provide enough information
+-				 * to the upper layers.
+-				 */
++ 		if ((ia6 = ip6_getdstifaddr(m)) != NULL) {
++			ifa_free(&ia6->ia_ifa);
++		} else {
++			ia6 = in6_ifawithifp(deliverifp, &ip6->ip6_dst);
++			if (ia6) {
++				if (!ip6_setdstifaddr(m, ia6)) {
++					/*
++					 * XXX maybe we should drop the packet here,
++					 * as we could not provide enough information
++					 * to the upper layers.
++					 */
++				}
++				ifa_free(&ia6->ia_ifa);
+ 			}
+-			ifa_free(&ia6->ia_ifa);
+ 		}
+ 	}
+ 
+Index: sys/netinet/tcp_input.c
+===================================================================
+--- sys/netinet/tcp_input.c.orig
++++ sys/netinet/tcp_input.c
+@@ -512,6 +512,8 @@ tcp6_input(struct mbuf **mp, int *offp, int proto)
+ 			    (caddr_t)&ip6->ip6_dst - (caddr_t)ip6);
+ 		return IPPROTO_DONE;
+ 	}
++	if (ia6)
++		ifa_free(&ia6->ia_ifa);
+ 
+ 	tcp_input(m, *offp);
+ 	return IPPROTO_DONE;
+@@ -1240,7 +1242,8 @@ relocked:
+ 				rstreason = BANDLIM_RST_OPENPORT;
+ 				goto dropwithreset;
+ 			}
+-			ifa_free(&ia6->ia_ifa);
++			if (ia6)
++				ifa_free(&ia6->ia_ifa);
+ 		}
+ #endif /* INET6 */
+ 		/*
diff --git a/share/security/patches/EN-12:02/ipv6refcount.patch.asc b/share/security/patches/EN-12:02/ipv6refcount.patch.asc
new file mode 100644
index 0000000000..1cecb8a73d
--- /dev/null
+++ b/share/security/patches/EN-12:02/ipv6refcount.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAk/XKOYACgkQFdaIBMps37L1xgCghv0nKCAbvnsZ1y1Ng79Vkehw
+lZoAn31zYDwpQv2cNI7Qnm3wIhri3g0l
+=nLtR
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:01/make.patch b/share/security/patches/SA-00:01/make.patch
new file mode 100644
index 0000000000..d10c7ecb94
--- /dev/null
+++ b/share/security/patches/SA-00:01/make.patch
@@ -0,0 +1,146 @@
+    Index: job.c
+    ===================================================================
+    RCS file: /home/ncvs/src/usr.bin/make/job.c,v
+    retrieving revision 1.16
+    diff -u -r1.16 job.c
+    --- job.c	1999/09/11 13:08:01	1.16
+    +++ job.c	2000/01/17 01:42:57
+    @@ -163,14 +163,6 @@
+     #define JOB_STOPPED	3   	/* The job is stopped */
+     
+     /*
+    - * tfile is the name of a file into which all shell commands are put. It is
+    - * used over by removing it before the child shell is executed. The XXXXXXXXXX
+    - * in the string are replaced by mkstemp(3).
+    - */
+    -static char     tfile[sizeof(TMPPAT)];
+    -
+    -
+    -/*
+      * Descriptions for various shells.
+      */
+     static Shell    shells[] = {
+    @@ -993,7 +985,7 @@
+     	/*
+     	 * If we are aborting and the job table is now empty, we finish.
+     	 */
+    -	(void) eunlink(tfile);
+    +	(void) eunlink(job->tfile);
+     	Finish(errors);
+         }
+     }
+    @@ -1668,6 +1660,7 @@
+         Boolean	  cmdsOK;     /* true if the nodes commands were all right */
+         Boolean 	  local;      /* Set true if the job was run locally */
+         Boolean 	  noExec;     /* Set true if we decide not to run the job */
+    +    int		  tfd;	      /* File descriptor for temp file */
+     
+         if (previous != NULL) {
+     	previous->flags &= ~(JOB_FIRST|JOB_IGNERR|JOB_SILENT|JOB_REMOTE);
+    @@ -1697,6 +1690,12 @@
+         }
+         job->flags |= flags;
+     
+    +    (void) strcpy(job->tfile, TMPPAT);
+    +    if ((tfd = mkstemp(job->tfile)) == -1)
+    +	Punt("cannot create temp file: %s", strerror(errno));
+    +    else
+    +	(void) close(tfd);
+    +
+         /*
+          * Check the commands now so any attributes from .DEFAULT have a chance
+          * to migrate to the node
+    @@ -1722,9 +1721,9 @@
+     	    DieHorribly();
+     	}
+     
+    -	job->cmdFILE = fopen(tfile, "w+");
+    +	job->cmdFILE = fopen(job->tfile, "w+");
+     	if (job->cmdFILE == NULL) {
+    -	    Punt("Could not open %s", tfile);
+    +	    Punt("Could not open %s", job->tfile);
+     	}
+     	(void) fcntl(FILENO(job->cmdFILE), F_SETFD, 1);
+     	/*
+    @@ -1830,7 +1829,7 @@
+     	 * Unlink and close the command file if we opened one
+     	 */
+     	if (job->cmdFILE != stdout) {
+    -	    (void) eunlink(tfile);
+    +	    (void) eunlink(job->tfile);
+     	    if (job->cmdFILE != NULL)
+     		(void) fclose(job->cmdFILE);
+     	} else {
+    @@ -1859,7 +1858,7 @@
+     	}
+         } else {
+     	(void) fflush(job->cmdFILE);
+    -	(void) eunlink(tfile);
+    +	(void) eunlink(job->tfile);
+         }
+     
+         /*
+    @@ -2403,13 +2402,6 @@
+     			     * be running at once. */
+     {
+         GNode         *begin;     /* node for commands to do at the very start */
+    -    int	          tfd;
+    -
+    -    (void) strcpy(tfile, TMPPAT);
+    -    if ((tfd = mkstemp(tfile)) == -1)
+    -	Punt("cannot create temp file: %s", strerror(errno));
+    -    else
+    -	(void) close(tfd);
+     
+         jobs =  	  Lst_Init(FALSE);
+         stoppedJobs = Lst_Init(FALSE);
+    @@ -2914,7 +2906,7 @@
+     	    }
+     	}
+         }
+    -    (void) eunlink(tfile);
+    +    (void) eunlink(job->tfile);
+     }
+     
+     /*
+    @@ -2948,7 +2940,6 @@
+     	    }
+     	}
+         }
+    -    (void) eunlink(tfile);
+         return(errors);
+     }
+     
+    @@ -3024,6 +3015,7 @@
+     	    KILL(job->pid, SIGINT);
+     	    KILL(job->pid, SIGKILL);
+     #endif /* RMT_WANTS_SIGNALS */
+    +	    (void) eunlink(job->tfile);
+     	}
+         }
+     
+    @@ -3032,7 +3024,6 @@
+          */
+         while (waitpid((pid_t) -1, &foo, WNOHANG) > 0)
+     	continue;
+    -    (void) eunlink(tfile);
+     }
+     
+     #ifdef REMOTE
+    Index: job.h
+    ===================================================================
+    RCS file: /home/ncvs/src/usr.bin/make/job.h,v
+    retrieving revision 1.10
+    diff -u -r1.10 job.h
+    --- job.h	1999/08/28 01:03:31	1.10
+    +++ job.h	2000/01/17 01:42:31
+    @@ -93,6 +93,8 @@
+     #define JOB_BUFSIZE	1024
+     typedef struct Job {
+         int       	pid;	    /* The child's process ID */
+    +    char	tfile[sizeof(TMPPAT)];
+    +			    /* Temporary file to use for job */
+         GNode    	*node;      /* The target the child is making */
+         LstNode 	tailCmds;   /* The node of the first command to be
+     			     * saved when the job has been run */
+    
diff --git a/share/security/patches/SA-00:01/make.patch.asc b/share/security/patches/SA-00:01/make.patch.asc
new file mode 100644
index 0000000000..d1d1d90edf
--- /dev/null
+++ b/share/security/patches/SA-00:01/make.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.3ia
+
+iQCVAwUAOIVvN1UuHi5z0oilAQG8iAQAndtRYoXTIegxqIMf4kBXENyzCf6J1m6D
+7jSr54VhPhPW4nEu8jDXGvSn9EahkDEKy7LNZqx5QyNPvHJa+KrHp6V1tISrKA6k
+9XDXqfwEELFRMQ74MYfyLWt16QzjcWW2fJWZ0O55+F0ed5p1rej0DwFfSN0Qb8OF
+DTLhIMGRXI8=
+=7AWu
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:02/procfs.patch b/share/security/patches/SA-00:02/procfs.patch
new file mode 100644
index 0000000000..ae725eaea4
--- /dev/null
+++ b/share/security/patches/SA-00:02/procfs.patch
@@ -0,0 +1,100 @@
+Index: sys/filedesc.h
+===================================================================
+RCS file: /base/FreeBSD-CVS/src/sys/sys/filedesc.h,v
+retrieving revision 1.15.2.1
+diff -u -r1.15.2.1 filedesc.h
+--- filedesc.h	1999/08/29 16:32:22	1.15.2.1
++++ filedesc.h	2000/01/20 21:39:29
+@@ -139,6 +139,7 @@
+ int	fsetown __P((pid_t, struct sigio **));
+ void	funsetown __P((struct sigio *));
+ void	funsetownlst __P((struct sigiolst *));
++void	setugidsafety __P((struct proc *p));
+ #endif
+ 
+ #endif
+Index: kern/kern_descrip.c
+===================================================================
+RCS file: /base/FreeBSD-CVS/src/sys/kern/kern_descrip.c,v
+retrieving revision 1.58.2.3
+diff -u -r1.58.2.3 kern_descrip.c
+--- kern_descrip.c	1999/11/18 08:09:08	1.58.2.3
++++ kern_descrip.c	2000/01/20 21:40:00
+@@ -984,6 +984,62 @@
+ }
+ 
+ /*
++ * For setuid/setgid programs we don't want to people to use that setuidness
++ * to generate error messages which write to a file which otherwise would
++ * otherwise be off limits to the proces.
++ *
++ * This is a gross hack to plug the hole.  A better solution would involve
++ * a special vop or other form of generalized access control mechanism.  We
++ * go ahead and just reject all procfs file systems accesses as dangerous.
++ *
++ * Since setugidsafety calls this only for fd 0, 1 and 2, this check is
++ * sufficient.  We also don't for setugidness since we know we are.
++ */
++static int
++is_unsafe(struct file *fp)
++{
++	if (fp->f_type == DTYPE_VNODE && 
++	    ((struct vnode *)(fp->f_data))->v_tag == VT_PROCFS)
++		return (1);
++	return (0);
++}
++
++/*
++ * Make this setguid thing safe, if at all possible.
++ */
++void
++setugidsafety(p)
++	struct proc *p;
++{
++	struct filedesc *fdp = p->p_fd;
++	struct file **fpp;
++	char *fdfp;
++	register int i;
++
++	/* Certain daemons might not have file descriptors. */
++	if (fdp == NULL)
++		return;
++
++	fpp = fdp->fd_ofiles;
++	fdfp = fdp->fd_ofileflags;
++	for (i = 0; i <= fdp->fd_lastfile; i++, fpp++, fdfp++) {
++		if (i > 2)
++			break;
++		if (*fpp != NULL && is_unsafe(*fpp)) {
++			if (*fdfp & UF_MAPPED)
++				(void) munmapfd(p, i);
++			(void) closef(*fpp, p);
++			*fpp = NULL;
++			*fdfp = 0;
++			if (i < fdp->fd_freefile)
++				fdp->fd_freefile = i;
++		}
++	}
++	while (fdp->fd_lastfile > 0 && fdp->fd_ofiles[fdp->fd_lastfile] == NULL)
++		fdp->fd_lastfile--;
++}
++
++/*
+  * Close any files on exec?
+  */
+ void
+Index: kern/kern_exec.c
+===================================================================
+RCS file: /base/FreeBSD-CVS/src/sys/kern/kern_exec.c,v
+retrieving revision 1.93.2.3
+diff -u -r1.93.2.3 kern_exec.c
+--- kern_exec.c	1999/08/29 16:25:58	1.93.2.3
++++ kern_exec.c	2000/01/20 21:39:29
+@@ -281,6 +281,7 @@
+ 		if (attr.va_mode & VSGID)
+ 			p->p_ucred->cr_gid = attr.va_gid;
+ 		setsugid(p);
++		setugidsafety(p);
+ 	} else {
+ 		if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
+ 		    p->p_ucred->cr_gid == p->p_cred->p_rgid)
diff --git a/share/security/patches/SA-00:02/procfs.patch.asc b/share/security/patches/SA-00:02/procfs.patch.asc
new file mode 100644
index 0000000000..a4c821015d
--- /dev/null
+++ b/share/security/patches/SA-00:02/procfs.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.3ia
+
+iQCVAwUAOIeGS1UuHi5z0oilAQH9fQP9FZux7s1+AG5B/iULG2gA5ZU6G9dGX77n
+BlNuuiIru24NdDYS4D+ckr6DZHBfsEUAcYi40fjI+GDryuaYZw7zHvuiauNgafQM
+BGjP5nA2d2Uwzjy0KtwlHeosJ43rN7YBHUeiG54iDtakaRajT7hp+oabLRXHta6z
+Cs/4Sg2k1RE=
+=MpfY
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:17/libmytinfo.patch b/share/security/patches/SA-00:17/libmytinfo.patch
new file mode 100644
index 0000000000..fcca8080d4
--- /dev/null
+++ b/share/security/patches/SA-00:17/libmytinfo.patch
@@ -0,0 +1,25 @@
+Index: findterm.c
+===================================================================
+RCS file: /usr/cvs/src/lib/libmytinfo/Attic/findterm.c,v
+retrieving revision 1.3
+diff -u -r1.3 findterm.c
+--- findterm.c	1997/08/13 01:21:36	1.3
++++ findterm.c	2000/04/25 16:58:19
+@@ -242,7 +242,7 @@
+ 			} else {
+ 				s = path->file;
+ 				d = buf;
+-				while(*s != '\0' && *s != ':')
++				while(*s != '\0' && *s != ':' && d - buf < MAX_LINE - 1)
+ 					*d++ = *s++;
+ 				*d = '\0';
+ 				if (_tmatch(buf, name)) {
+@@ -259,7 +259,7 @@
+ 			} else {
+ 				s = path->file;
+ 				d = buf;
+-				while(*s != '\0' && *s != ',')
++				while(*s != '\0' && *s != ',' && d - buf < MAX_LINE - 1)
+ 					*d++ = *s++;
+ 				*d = '\0';
+ 				if (_tmatch(buf, name)) {
diff --git a/share/security/patches/SA-00:17/libmytinfo.patch.asc b/share/security/patches/SA-00:17/libmytinfo.patch.asc
new file mode 100644
index 0000000000..0b59297d43
--- /dev/null
+++ b/share/security/patches/SA-00:17/libmytinfo.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.3ia
+
+iQCVAwUAORd4FFUuHi5z0oilAQFzoAP8C5qyJYm8BNHhN94f9R9pS2uK0xFHd7bq
+M9ywC64FaJRKtlWxt4R8SvewuTM4rOFw1VwbXT6g8bL1tA2etYmKh5fY/GAmrlAx
+WCUw2Y8O1i5lBLSaJtinOOGzx9/uR+Ig63zFyg4eZBeVSE/9drC+t3ERwmwCewEo
+98LRakEsV7I=
+=pN1t
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:19/semconfig.patch b/share/security/patches/SA-00:19/semconfig.patch
new file mode 100644
index 0000000000..5b9d59d1cf
--- /dev/null
+++ b/share/security/patches/SA-00:19/semconfig.patch
@@ -0,0 +1,285 @@
+--- sys/kern/syscalls.master	2000/01/19 06:01:07	1.72
++++ sys/kern/syscalls.master	2000/05/01 11:15:10	1.72.2.1
+@@ -342,7 +342,7 @@
+ 221	STD	BSD	{ int semget(key_t key, int nsems, int semflg); }
+ 222	STD	BSD	{ int semop(int semid, struct sembuf *sops, \
+ 			    u_int nsops); }
+-223	STD	BSD	{ int semconfig(int flag); }
++223	UNIMPL	NOHIDE	semconfig
+ 224	STD	BSD	{ int msgctl(int msqid, int cmd, \
+ 			    struct msqid_ds *buf); }
+ 225	STD	BSD	{ int msgget(key_t key, int msgflg); }
+--- sys/kern/init_sysent.c	2000/01/19 06:02:29	1.79
++++ sys/kern/init_sysent.c	2000/05/01 11:15:56	1.79.2.1
+@@ -243,7 +243,7 @@
+ 	{ 4, (sy_call_t *)__semctl },			/* 220 = __semctl */
+ 	{ 3, (sy_call_t *)semget },			/* 221 = semget */
+ 	{ 3, (sy_call_t *)semop },			/* 222 = semop */
+-	{ 1, (sy_call_t *)semconfig },			/* 223 = semconfig */
++	{ 0, (sy_call_t *)nosys },			/* 223 = semconfig */
+ 	{ 3, (sy_call_t *)msgctl },			/* 224 = msgctl */
+ 	{ 2, (sy_call_t *)msgget },			/* 225 = msgget */
+ 	{ 4, (sy_call_t *)msgsnd },			/* 226 = msgsnd */
+--- sys/kern/syscalls.c	2000/01/19 06:02:29	1.71
++++ sys/kern/syscalls.c	2000/05/01 11:15:56	1.71.2.1
+@@ -230,7 +230,7 @@
+ 	"__semctl",			/* 220 = __semctl */
+ 	"semget",			/* 221 = semget */
+ 	"semop",			/* 222 = semop */
+-	"semconfig",			/* 223 = semconfig */
++	"#223",			/* 223 = semconfig */
+ 	"msgctl",			/* 224 = msgctl */
+ 	"msgget",			/* 225 = msgget */
+ 	"msgsnd",			/* 226 = msgsnd */
+--- sys/kern/sysv_ipc.c	2000/02/29 22:58:59	1.13
++++ sys/kern/sysv_ipc.c	2000/05/01 11:15:56	1.13.2.1
+@@ -107,15 +107,6 @@
+ semsys(p, uap)
+ 	struct proc *p;
+ 	struct semsys_args *uap;
+-{
+-	sysv_nosys(p, "SYSVSEM");
+-	return nosys(p, (struct nosys_args *)uap);
+-};
+-
+-int
+-semconfig(p, uap)
+-	struct proc *p;
+-	struct semconfig_args *uap;
+ {
+ 	sysv_nosys(p, "SYSVSEM");
+ 	return nosys(p, (struct nosys_args *)uap);
+--- sys/kern/sysv_sem.c	2000/04/02 08:47:08	1.24.2.1
++++ sys/kern/sysv_sem.c	2000/05/01 11:15:56	1.24.2.2
+@@ -26,8 +26,6 @@
+ int semget __P((struct proc *p, struct semget_args *uap));
+ struct semop_args;
+ int semop __P((struct proc *p, struct semop_args *uap));
+-struct semconfig_args;
+-int semconfig __P((struct proc *p, struct semconfig_args *uap));
+ #endif
+ 
+ static struct sem_undo *semu_alloc __P((struct proc *p));
+@@ -38,7 +36,7 @@
+ /* XXX casting to (sy_call_t *) is bogus, as usual. */
+ static sy_call_t *semcalls[] = {
+ 	(sy_call_t *)__semctl, (sy_call_t *)semget,
+-	(sy_call_t *)semop, (sy_call_t *)semconfig
++	(sy_call_t *)semop
+ };
+ 
+ static int	semtot = 0;
+@@ -47,8 +45,6 @@
+ static struct sem_undo *semu_list; 	/* list of active undo structures */
+ int	*semu;			/* undo structure pool */
+ 
+-static struct proc *semlock_holder = NULL;
+-
+ void
+ seminit(dummy)
+ 	void *dummy;
+@@ -87,64 +83,12 @@
+ 	} */ *uap;
+ {
+ 
+-	while (semlock_holder != NULL && semlock_holder != p)
+-		(void) tsleep((caddr_t)&semlock_holder, (PZERO - 4), "semsys", 0);
+-
+ 	if (uap->which >= sizeof(semcalls)/sizeof(semcalls[0]))
+ 		return (EINVAL);
+ 	return ((*semcalls[uap->which])(p, &uap->a2));
+ }
+ 
+ /*
+- * Lock or unlock the entire semaphore facility.
+- *
+- * This will probably eventually evolve into a general purpose semaphore
+- * facility status enquiry mechanism (I don't like the "read /dev/kmem"
+- * approach currently taken by ipcs and the amount of info that we want
+- * to be able to extract for ipcs is probably beyond what the capability
+- * of the getkerninfo facility.
+- *
+- * At the time that the current version of semconfig was written, ipcs is
+- * the only user of the semconfig facility.  It uses it to ensure that the
+- * semaphore facility data structures remain static while it fishes around
+- * in /dev/kmem.
+- */
+-
+-#ifndef _SYS_SYSPROTO_H_
+-struct semconfig_args {
+-	semconfig_ctl_t	flag;
+-};
+-#endif
+-
+-int
+-semconfig(p, uap)
+-	struct proc *p;
+-	struct semconfig_args *uap;
+-{
+-	int eval = 0;
+-
+-	switch (uap->flag) {
+-	case SEM_CONFIG_FREEZE:
+-		semlock_holder = p;
+-		break;
+-
+-	case SEM_CONFIG_THAW:
+-		semlock_holder = NULL;
+-		wakeup((caddr_t)&semlock_holder);
+-		break;
+-
+-	default:
+-		printf("semconfig: unknown flag parameter value (%d) - ignored\n",
+-		    uap->flag);
+-		eval = EINVAL;
+-		break;
+-	}
+-
+-	p->p_retval[0] = 0;
+-	return(eval);
+-}
+-
+-/*
+  * Allocate a new sem_undo structure for a process
+  * (returns ptr to structure or NULL if no more room)
+  */
+@@ -873,17 +817,6 @@
+ 	register struct sem_undo **supptr;
+ 	int did_something;
+ 
+-	/*
+-	 * If somebody else is holding the global semaphore facility lock
+-	 * then sleep until it is released.
+-	 */
+-	while (semlock_holder != NULL && semlock_holder != p) {
+-#ifdef SEM_DEBUG
+-		printf("semaphore facility locked - sleeping ...\n");
+-#endif
+-		(void) tsleep((caddr_t)&semlock_holder, (PZERO - 4), "semext", 0);
+-	}
+-
+ 	did_something = 0;
+ 
+ 	/*
+@@ -898,7 +831,7 @@
+ 	}
+ 
+ 	if (suptr == NULL)
+-		goto unlock;
++		return;
+ 
+ #ifdef SEM_DEBUG
+ 	printf("proc @%08x has undo structure with %d entries\n", p,
+@@ -955,14 +888,4 @@
+ #endif
+ 	suptr->un_proc = NULL;
+ 	*supptr = suptr->un_next;
+-
+-unlock:
+-	/*
+-	 * If the exiting process is holding the global semaphore facility
+-	 * lock then release it.
+-	 */
+-	if (semlock_holder == p) {
+-		semlock_holder = NULL;
+-		wakeup((caddr_t)&semlock_holder);
+-	}
+ }
+
+--- sys/sys/sem.h	1999/12/29 04:24:46	1.20
++++ sys/sys/sem.h	2000/05/01 11:15:58	1.20.2.1
+@@ -163,13 +163,5 @@
+  * Process sem_undo vectors at proc exit.
+  */
+ void	semexit __P((struct proc *p));
+-
+-/*
+- * Parameters to the semconfig system call
+- */
+-typedef enum {
+-	SEM_CONFIG_FREEZE,	/* Freeze the semaphore facility. */
+-	SEM_CONFIG_THAW		/* Thaw the semaphore facility. */
+-} semconfig_ctl_t;
+ #endif /* _KERNEL */
+ 
+--- sys/sys/syscall-hide.h	2000/01/19 06:02:31	1.65
++++ sys/sys/syscall-hide.h	2000/05/01 11:15:58	1.65.2.1
+@@ -191,7 +191,6 @@
+ HIDE_BSD(__semctl)
+ HIDE_BSD(semget)
+ HIDE_BSD(semop)
+-HIDE_BSD(semconfig)
+ HIDE_BSD(msgctl)
+ HIDE_BSD(msgget)
+ HIDE_BSD(msgsnd)
+--- sys/sys/syscall.h	2000/01/19 06:02:31	1.69
++++ sys/sys/syscall.h	2000/05/01 11:15:59	1.69.2.1
+@@ -196,7 +196,6 @@
+ #define	SYS___semctl	220
+ #define	SYS_semget	221
+ #define	SYS_semop	222
+-#define	SYS_semconfig	223
+ #define	SYS_msgctl	224
+ #define	SYS_msgget	225
+ #define	SYS_msgsnd	226
+--- sys/sys/syscall.mk	2000/01/19 06:07:34	1.23
++++ sys/sys/syscall.mk	2000/05/01 11:15:59	1.23.2.1
+@@ -148,7 +148,6 @@
+ 	__semctl.o \
+ 	semget.o \
+ 	semop.o \
+-	semconfig.o \
+ 	msgctl.o \
+ 	msgget.o \
+ 	msgsnd.o \
+--- sys/sys/sysproto.h	2000/01/19 06:02:31	1.59
++++ sys/sys/sysproto.h	2000/05/01 11:16:00	1.59.2.1
+@@ -662,9 +662,6 @@
+ 	struct sembuf *	sops;	char sops_[PAD_(struct sembuf *)];
+ 	u_int	nsops;	char nsops_[PAD_(u_int)];
+ };
+-struct	semconfig_args {
+-	int	flag;	char flag_[PAD_(int)];
+-};
+ struct	msgctl_args {
+ 	int	msqid;	char msqid_[PAD_(int)];
+ 	int	cmd;	char cmd_[PAD_(int)];
+@@ -1158,7 +1155,6 @@
+ int	__semctl __P((struct proc *, struct __semctl_args *));
+ int	semget __P((struct proc *, struct semget_args *));
+ int	semop __P((struct proc *, struct semop_args *));
+-int	semconfig __P((struct proc *, struct semconfig_args *));
+ int	msgctl __P((struct proc *, struct msgctl_args *));
+ int	msgget __P((struct proc *, struct msgget_args *));
+ int	msgsnd __P((struct proc *, struct msgsnd_args *));
+--- usr.bin/ipcs/ipcs.c	1999/12/29 05:05:32	1.12
++++ usr.bin/ipcs/ipcs.c	2000/05/01 10:51:37	1.12.2.1
+@@ -56,7 +56,6 @@
+ struct shminfo	shminfo;
+ struct shmid_ds	*shmsegs;
+ 
+-int	semconfig __P((int,...));
+ void	usage __P((void));
+ 
+ static struct nlist symbols[] = {
+@@ -420,11 +419,6 @@
+ 			    seminfo.semaem);
+ 		}
+ 		if (display & SEMINFO) {
+-			if (semconfig(SEM_CONFIG_FREEZE) != 0) {
+-				perror("semconfig");
+-				fprintf(stderr,
+-				    "Can't lock semaphore facility - winging it...\n");
+-			}
+ 			kvm_read(kd, symbols[X_SEMA].n_value, &sema, sizeof(sema));
+ 			xsema = malloc(sizeof(struct semid_ds) * seminfo.semmni);
+ 			kvm_read(kd, (u_long) sema, xsema, sizeof(struct semid_ds) * seminfo.semmni);
+@@ -470,8 +464,6 @@
+ 					printf("\n");
+ 				}
+ 			}
+-
+-			(void) semconfig(SEM_CONFIG_THAW);
+ 
+ 			printf("\n");
+ 		}
diff --git a/share/security/patches/SA-00:19/semconfig.patch.asc b/share/security/patches/SA-00:19/semconfig.patch.asc
new file mode 100644
index 0000000000..2f7f89f730
--- /dev/null
+++ b/share/security/patches/SA-00:19/semconfig.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUAOSrRUFUuHi5z0oilAQGgYQQAn9T3+cF/21pNGoGBruTws7QRopIomccF
+z4aZiJZEwJLvLWDFuIeIgVUJtT9Xj/MWJVEgjaLEF8MOZgKqkPlouxkgNwwH15bs
+PtpMt38kzVwtcVChbP7PoF0ufgEY12IFpMrllcI3sWg4Dvyuw+bIicVulnrR5U4L
+JG8tNGgy4Xw=
+=9TbQ
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:23/ip-options.diff b/share/security/patches/SA-00:23/ip-options.diff
new file mode 100644
index 0000000000..8e781fd7dc
--- /dev/null
+++ b/share/security/patches/SA-00:23/ip-options.diff
@@ -0,0 +1,71 @@
+Index: ip_icmp.c
+===================================================================
+RCS file: /ncvs/src/sys/netinet/ip_icmp.c,v
+retrieving revision 1.39
+diff -u -r1.39 ip_icmp.c
+--- ip_icmp.c	2000/01/28 06:13:09	1.39
++++ ip_icmp.c	2000/06/08 15:26:39
+@@ -662,8 +662,11 @@
+ 			    if (opt == IPOPT_NOP)
+ 				    len = 1;
+ 			    else {
++				    if (cnt < IPOPT_OLEN + sizeof(*cp))
++					    break;
+ 				    len = cp[IPOPT_OLEN];
+-				    if (len <= 0 || len > cnt)
++				    if (len < IPOPT_OLEN + sizeof(*cp) ||
++				        len > cnt)
+ 					    break;
+ 			    }
+ 			    /*
+Index: ip_input.c
+===================================================================
+RCS file: /ncvs/src/sys/netinet/ip_input.c,v
+retrieving revision 1.130
+diff -u -r1.130 ip_input.c
+--- ip_input.c	2000/02/23 20:11:57	1.130
++++ ip_input.c	2000/06/08 15:25:46
+@@ -1067,8 +1067,12 @@
+ 		if (opt == IPOPT_NOP)
+ 			optlen = 1;
+ 		else {
++			if (cnt < IPOPT_OLEN + sizeof(*cp)) {
++				code = &cp[IPOPT_OLEN] - (u_char *)ip;
++				goto bad;
++			}
+ 			optlen = cp[IPOPT_OLEN];
+-			if (optlen <= 0 || optlen > cnt) {
++			if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt) {
+ 				code = &cp[IPOPT_OLEN] - (u_char *)ip;
+ 				goto bad;
+ 			}
+@@ -1174,6 +1178,10 @@
+ 			break;
+ 
+ 		case IPOPT_RR:
++			if (optlen < IPOPT_OFFSET + sizeof(*cp)) {
++				code = &cp[IPOPT_OFFSET] - (u_char *)ip;
++				goto bad;
++			}
+ 			if ((off = cp[IPOPT_OFFSET]) < IPOPT_MINOFF) {
+ 				code = &cp[IPOPT_OFFSET] - (u_char *)ip;
+ 				goto bad;
+Index: ip_output.c
+===================================================================
+RCS file: /ncvs/src/sys/netinet/ip_output.c,v
+retrieving revision 1.99
+diff -u -r1.99 ip_output.c
+--- ip_output.c	2000/03/09 14:57:15	1.99
++++ ip_output.c	2000/06/08 15:27:08
+@@ -1302,8 +1302,10 @@
+ 		if (opt == IPOPT_NOP)
+ 			optlen = 1;
+ 		else {
++			if (cnt < IPOPT_OLEN + sizeof(*cp))
++				goto bad;
+ 			optlen = cp[IPOPT_OLEN];
+-			if (optlen <= IPOPT_OLEN || optlen > cnt)
++			if (optlen < IPOPT_OLEN + sizeof(*cp) || optlen > cnt)
+ 				goto bad;
+ 		}
+ 		switch (opt) {
diff --git a/share/security/patches/SA-00:23/ip-options.diff.asc b/share/security/patches/SA-00:23/ip-options.diff.asc
new file mode 100644
index 0000000000..4df8da30ce
--- /dev/null
+++ b/share/security/patches/SA-00:23/ip-options.diff.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUAOUneq1UuHi5z0oilAQHwgwQAov+zPJolPt2+SXJ5L7jzQqFjyOtaqi+m
+1Ml+C+8eLptWfZtu2+Jdm3hON+PY57T5AEKyJzLaTBwZshv2yYAiqLmukBmJEFdy
+lsDyA/Zl77v+jzMtV4k/FvfdxH0S6NKMAKdxtzrqh5KzKYmrXdnVbNmjcdJ6c34K
+/734lHAJaEw=
+=+RZn
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:24/libedit.patch b/share/security/patches/SA-00:24/libedit.patch
new file mode 100644
index 0000000000..e154405bd6
--- /dev/null
+++ b/share/security/patches/SA-00:24/libedit.patch
@@ -0,0 +1,20 @@
+--- el.c	1999/08/20 01:17:12	1.6
++++ el.c	2000/05/22 06:01:31	1.8
+@@ -290,13 +294,10 @@
+     char *ptr, path[MAXPATHLEN];
+ 
+     if (fname == NULL) {
+-	fname = &elpath[1];
+-	if ((fp = fopen(fname, "r")) == NULL) {
+-	    if (issetugid() != 0 || (ptr = getenv("HOME")) == NULL)
+-		return -1;
+-	    (void)snprintf(path, sizeof(path), "%s%s", ptr, elpath);
+-	    fname = path;
+-	}
++	if (issetugid() != 0 || (ptr = getenv("HOME")) == NULL)
++	    return -1;
++	(void) snprintf(path, sizeof(path), "%s%s", ptr, elpath);
++	fname = path;
+     }
+ 
+     if ((fp = fopen(fname, "r")) == NULL)
diff --git a/share/security/patches/SA-00:24/libedit.patch.asc b/share/security/patches/SA-00:24/libedit.patch.asc
new file mode 100644
index 0000000000..7e54701059
--- /dev/null
+++ b/share/security/patches/SA-00:24/libedit.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOWGnSFUuHi5z0oilAQFE5AP9HQuDGMTki2errGwWys5iBPcuXieIEw4d
+u1HX3HE2/T1a2FkJsknO9V3UuRQZ4EkZhYc6z7I+9OEh8iTIzMqAByfMSBoc57A3
+h30bOQQBKm/tXUqvNmlBsA7CTK10B4UZXL/cnmCm9ckVIqQIwgJ/T3VGTaaksCan
+rE4cjCSNikY=
+=GktL
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:25/kernel.gz b/share/security/patches/SA-00:25/kernel.gz
new file mode 100644
index 0000000000..1c2542cd33
--- /dev/null
+++ b/share/security/patches/SA-00:25/kernel.gz
diff --git a/share/security/patches/SA-00:25/kernel.gz.asc b/share/security/patches/SA-00:25/kernel.gz.asc
new file mode 100644
index 0000000000..ba987c1215
--- /dev/null
+++ b/share/security/patches/SA-00:25/kernel.gz.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUAOTyRS1UuHi5z0oilAQGO+QP/TV/5d7w3F/6+uvh6VaiftAwq4lhZzpYJ
+LNuo13imYmj49lttLKModkZVDnNdQFK/ND5lsWkZpx82w3S7lY7jazmy50nlgUXw
+pBNE3aNLsDmmqZ19LMkF258IBDTkObDjSFfzaqxiQxsUT6feegqCiLZZfS27uyEz
+l1aAcB1gf34=
+=wRPS
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:25/kernel.sys.diff b/share/security/patches/SA-00:25/kernel.sys.diff
new file mode 100644
index 0000000000..dbaea82179
--- /dev/null
+++ b/share/security/patches/SA-00:25/kernel.sys.diff
@@ -0,0 +1,1289 @@
+Index: sys/alpha/alpha/machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/alpha/alpha/machdep.c,v
+retrieving revision 1.68
+diff -u -r1.68 machdep.c
+--- sys/alpha/alpha/machdep.c	2000/02/29 08:48:08	1.68
++++ sys/alpha/alpha/machdep.c	2000/05/24 05:47:57
+@@ -112,6 +112,7 @@
+ #include <sys/sysctl.h>
+ #include <sys/uio.h>
+ #include <sys/linker.h>
++#include <sys/random.h>
+ #include <net/netisr.h>
+ #include <vm/vm.h>
+ #include <vm/vm_kern.h>
+@@ -996,6 +997,11 @@
+ 	proc0.p_md.md_tf =
+ 	    (struct trapframe *)proc0paddr->u_pcb.pcb_hw.apcb_ksp;
+ 
++ 	/*
++	 * Initialise entropy pool.
++	 */
++	rand_initialize();
++
+ 	/*
+ 	 * Look at arguments passed to us and compute boothowto.
+ 	 */
+@@ -2110,14 +2116,4 @@
+ 	}
+ 
+ 	p->p_md.md_flags |= MDP_FPUSED;
+-}
+-
+-/*
+- * dummy version of read_random() until the random driver is ported.
+- */
+-int read_random __P((void));
+-int
+-read_random(void)
+-{
+-	return (0);
+ }
+Index: sys/alpha/alpha/mem.c
+===================================================================
+RCS file: /home/ncvs/src/sys/alpha/alpha/mem.c,v
+retrieving revision 1.19
+diff -u -r1.19 mem.c
+--- sys/alpha/alpha/mem.c	1999/11/07 12:01:27	1.19
++++ sys/alpha/alpha/mem.c	2000/05/24 05:43:52
+@@ -55,9 +55,10 @@
+ #include <sys/malloc.h>
+ #include <sys/proc.h>
+ #include <sys/msgbuf.h>
++#include <sys/random.h>
++#include <sys/signalvar.h>
+ 
+ #include <machine/frame.h>
+-/* #include <machine/random.h>*/
+ #include <machine/psl.h>
+ #ifdef PERFMON
+ #include <machine/perfmon.h>
+@@ -67,7 +68,7 @@
+ #include <vm/pmap.h>
+ #include <vm/vm_extern.h>
+ 
+-static caddr_t zeropage;
++static caddr_t zbuf;
+ 
+ static	d_open_t	mmopen;
+ static	d_close_t	mmclose;
+@@ -94,7 +95,19 @@
+ 	/* bmaj */	-1
+ };
+ 
++/*
++	XXX  the below should be used.  However there is too much "16"
++	hardcodeing in kern_random.c right now. -- obrien
++#if NHWI > 0
++#define	ICU_LEN (NHWI)
++#else
++#define	ICU_LEN (NSWI)
++#endif
++*/
++#define	ICU_LEN 16
+ 
++static struct random_softc random_softc[ICU_LEN];
++static int random_ioctl __P((dev_t, u_long, caddr_t, int, struct proc *));
+ 
+ static int
+ mmclose(dev, flags, fmt, p)
+@@ -151,7 +164,11 @@
+ 	register int c;
+ 	register struct iovec *iov;
+ 	int error = 0, rw;
++	u_int poolsize;
++	caddr_t buf;
+ 
++	buf = NULL;
++
+ 	while (uio->uio_resid > 0 && !error) {
+ 		iov = uio->uio_iov;
+ 		if (iov->iov_len == 0) {
+@@ -171,6 +188,7 @@
+ 			rw = (uio->uio_rw == UIO_READ) ? VM_PROT_READ : VM_PROT_WRITE;
+ 			if ((alpha_pa_access(v) & rw) != rw) {
+ 				error = EFAULT;
++				c = 0;
+ 				break;
+ 			}
+ 
+@@ -178,7 +196,7 @@
+ 			c = min(uio->uio_resid, (int)(PAGE_SIZE - o));
+ 			error =
+ 			    uiomove((caddr_t)ALPHA_PHYS_TO_K0SEG(v), c, uio);
+-			break;
++			continue;
+ 
+ /* minor device 1 is kernel memory */
+ 		case 1: {
+@@ -212,38 +230,92 @@
+ 				return (EFAULT);
+ #endif
+ 			error = uiomove((caddr_t)v, c, uio);
+-			break;
++			continue;
+ 		}
+ 
+ /* minor device 2 is EOF/rathole */
+ 		case 2:
+-			if (uio->uio_rw == UIO_WRITE)
+-				uio->uio_resid = 0;
+-			return (0);
++			if (uio->uio_rw == UIO_READ)
++				return (0);
++			c = iov->iov_len;
++			break;
++
++/* minor device 3 (/dev/random) is source of filth on read, rathole on write */
++		case 3:
++			if (uio->uio_rw == UIO_WRITE) {
++				c = iov->iov_len;
++				break;
++			}
++			if (buf == NULL)
++				buf = (caddr_t)
++				    malloc(PAGE_SIZE, M_TEMP, M_WAITOK);
++			c = min(iov->iov_len, PAGE_SIZE);
++			poolsize = read_random(buf, c);
++			if (poolsize == 0) {
++				if (buf)
++					free(buf, M_TEMP);
++				return (0);
++			}
++			c = min(c, poolsize);
++			error = uiomove(buf, c, uio);
++			continue;
++
++/* minor device 4 (/dev/urandom) is source of muck on read, rathole on write */
++		case 4:
++			if (uio->uio_rw == UIO_WRITE) {
++				c = iov->iov_len;
++				break;
++			}
++			if (CURSIG(curproc) != 0) {
++				/*
++				 * Use tsleep() to get the error code right.
++				 * It should return immediately.
++				 */
++				error = tsleep(&random_softc[0],
++				    PZERO | PCATCH, "urand", 1);
++				if (error != 0 && error != EWOULDBLOCK)
++					continue;
++			}
++			if (buf == NULL)
++				buf = (caddr_t)
++				    malloc(PAGE_SIZE, M_TEMP, M_WAITOK);
++			c = min(iov->iov_len, PAGE_SIZE);
++			poolsize = read_random_unlimited(buf, c);
++			c = min(c, poolsize);
++			error = uiomove(buf, c, uio);
++			continue;
+ 
+ /* minor device 12 (/dev/zero) is source of nulls on read, rathole on write */
+ 		case 12:
+ 			if (uio->uio_rw == UIO_WRITE) {
+-				uio->uio_resid = 0;
+-				return (0);
++				c = iov->iov_len;
++				break;
+ 			}
+ 			/*
+ 			 * On the first call, allocate and zero a page
+ 			 * of memory for use with /dev/zero.
+ 			 */
+-			if (zeropage == NULL) {
+-				zeropage = (caddr_t)
++			if (zbuf == NULL) {
++				zbuf = (caddr_t)
+ 				    malloc(PAGE_SIZE, M_TEMP, M_WAITOK);
+-				bzero(zeropage, PAGE_SIZE);
++				bzero(zbuf, PAGE_SIZE);
+ 			}
+ 			c = min(iov->iov_len, PAGE_SIZE);
+-			error = uiomove(zeropage, c, uio);
+-			break;
++			error = uiomove(zbuf, c, uio);
++			continue;
+ 
+ 		default:
+ 			return (ENXIO);
+ 		}
++		if (error)
++			break;
++		iov->iov_base += c;
++		iov->iov_len -= c;
++		uio->uio_offset += c;
++		uio->uio_resid -= c;
+ 	}
++	if (buf)
++		free(buf, M_TEMP);
+ 	return (error);
+ }
+ 
+@@ -293,7 +365,7 @@
+ 	switch(minor(dev)) {
+ 	case 3:
+ 	case 4:
+-		break;
++		return random_ioctl(dev, cmd, cmdarg, flags, p);
+ 
+ #ifdef PERFMON
+ 	case 32:
+@@ -399,5 +471,15 @@
+ #endif /* PERFMON */
+ }
+ 
+-SYSINIT(memdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,mem_drvinit,NULL)
++static int 
++random_ioctl(dev, cmd, data, flags, p)
++	dev_t dev;
++	u_long cmd;
++	caddr_t data;
++	int flags;
++	struct proc *p;
++{
++	return (0);
++}
+ 
++SYSINIT(memdev,SI_SUB_DRIVERS,SI_ORDER_MIDDLE+CDEV_MAJOR,mem_drvinit,NULL)
+Index: sys/alpha/include/types.h
+===================================================================
+RCS file: /home/ncvs/src/sys/alpha/include/types.h,v
+retrieving revision 1.11
+diff -u -r1.11 types.h
+--- sys/alpha/include/types.h	1999/12/29 04:28:00	1.11
++++ sys/alpha/include/types.h	2000/05/24 04:43:30
+@@ -67,7 +67,7 @@
+ /* Interrupt mask (spl, xxx_imask, etc) */
+ typedef __uint32_t		intrmask_t;
+ 
+-/* Interrupt handler function type - arg should be "void *" one day */
+-typedef void			inthand2_t(int _unit);
++/* Interrupt handler function type */
++typedef void			inthand2_t(void *);
+ 
+ #endif	/* _MACHTYPES_H_ */
+Index: sys/conf/files
+===================================================================
+RCS file: /home/ncvs/src/sys/conf/files,v
+retrieving revision 1.340
+diff -u -r1.340 files
+--- sys/conf/files	2000/03/08 16:17:06	1.340
++++ sys/conf/files	2000/05/24 04:36:43
+@@ -423,6 +423,7 @@
+ kern/kern_physio.c	standard
+ kern/kern_proc.c	standard
+ kern/kern_prot.c	standard
++kern/kern_random.c	standard
+ kern/kern_resource.c	standard
+ kern/kern_shutdown.c	standard
+ kern/kern_sig.c		standard
+Index: sys/conf/files.i386
+===================================================================
+RCS file: /home/ncvs/src/sys/conf/files.i386,v
+retrieving revision 1.307
+diff -u -r1.307 files.i386
+--- sys/conf/files.i386	2000/02/21 02:10:01	1.307
++++ sys/conf/files.i386	2000/05/24 04:37:37
+@@ -240,7 +240,6 @@
+ i386/isa/pcvt/pcvt_sup.c	optional	vt
+ i386/isa/pcvt/pcvt_vtf.c	optional	vt
+ i386/isa/prof_machdep.c		optional	profiling-routine
+-i386/isa/random_machdep.c	standard
+ i386/isa/rc.c			optional	rc
+ i386/isa/rp.c			optional	rp
+ i386/isa/scd.c			optional	scd
+Index: sys/conf/files.pc98
+===================================================================
+RCS file: /home/ncvs/src/sys/conf/files.pc98,v
+retrieving revision 1.140
+diff -u -r1.140 files.pc98
+--- sys/conf/files.pc98	2000/03/01 08:50:05	1.140
++++ sys/conf/files.pc98	2000/05/24 04:37:34
+@@ -228,7 +228,6 @@
+ i386/isa/pcvt/pcvt_vtf.c	optional	vt
+ pc98/pc98/ppc.c			optional	ppc
+ i386/isa/prof_machdep.c		optional	profiling-routine
+-i386/isa/random_machdep.c	standard
+ i386/isa/rc.c			optional	rc
+ i386/isa/rp.c			optional	rp
+ i386/isa/scd.c			optional	scd
+Index: sys/i386/include/random.h
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/include/Attic/random.h,v
+retrieving revision 1.18
+diff -u -r1.18 random.h
+--- sys/i386/include/random.h	1999/12/29 04:33:06	1.18
++++ sys/i386/include/random.h	2000/05/24 04:33:20
+@@ -1,90 +0,0 @@
+-/*
+- * random.h -- A strong random number generator
+- *
+- * $FreeBSD: src/sys/i386/include/random.h,v 1.18 1999/12/29 04:33:06 peter Exp $
+- *
+- * Version 0.95, last modified 18-Oct-95
+- * 
+- * Copyright Theodore Ts'o, 1994, 1995.  All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- *    notice, and the entire permission notice in its entirety,
+- *    including the disclaimer of warranties.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. The name of the author may not be used to endorse or promote
+- *    products derived from this software without specific prior
+- *    written permission.
+- * 
+- * ALTERNATIVELY, this product may be distributed under the terms of
+- * the GNU Public License, in which case the provisions of the GPL are
+- * required INSTEAD OF the above restrictions.  (This clause is
+- * necessary due to a potential bad interaction between the GPL and
+- * the restrictions contained in a BSD-style copyright.)
+- * 
+- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+- * OF THE POSSIBILITY OF SUCH DAMAGE.
+- *
+- */
+-
+-/*
+- * Many kernel routines will have a use for good random numbers,
+- * for example, for truely random TCP sequence numbers, which prevent
+- * certain forms of TCP spoofing attacks.
+- * 
+- */
+-
+-#ifndef	_MACHINE_RANDOM_H_
+-#define	_MACHINE_RANDOM_H_
+-
+-#include <sys/ioccom.h>
+-
+-#define	MEM_SETIRQ	_IOW('r', 1, u_int16_t)	/* set interrupt */
+-#define	MEM_CLEARIRQ	_IOW('r', 2, u_int16_t)	/* clear interrupt */
+-#define	MEM_RETURNIRQ	_IOR('r', 3, u_int16_t)	/* return interrupt */
+-
+-#ifdef _KERNEL
+-
+-/* Type of the cookie passed to add_interrupt_randomness. */
+-
+-struct random_softc {
+-	inthand2_t	*sc_handler;
+-	void		*sc_arg;
+-	int		sc_intr;
+-};
+-
+-/* Exported functions */
+-
+-void rand_initialize(void);
+-void add_keyboard_randomness(u_char scancode);
+-inthand2_t add_interrupt_randomness;
+-#ifdef notused
+-void add_blkdev_randomness(int major);
+-#endif
+-
+-#ifdef notused
+-void get_random_bytes(void *buf, u_int nbytes);
+-#endif
+-u_int read_random(void *buf, u_int size);
+-u_int read_random_unlimited(void *buf, u_int size);
+-#ifdef notused
+-u_int write_random(const char *buf, u_int nbytes);
+-#endif
+-int random_poll(dev_t dev, int events, struct proc *p);
+-
+-#endif /* _KERNEL */
+-
+-#endif /* !_MACHINE_RANDOM_H_ */
+Index: sys/i386/isa/random_machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/isa/Attic/random_machdep.c,v
+retrieving revision 1.33
+diff -u -r1.33 random_machdep.c
+--- sys/i386/isa/random_machdep.c	1999/10/11 15:00:09	1.33
++++ sys/i386/isa/random_machdep.c	2000/05/24 04:33:11
+@@ -1,378 +0,0 @@
+-/*
+- * random_machdep.c -- A strong random number generator
+- *
+- * $FreeBSD: src/sys/i386/isa/random_machdep.c,v 1.33 1999/10/11 15:00:09 peter Exp $
+- *
+- * Version 0.95, last modified 18-Oct-95
+- * 
+- * Copyright Theodore Ts'o, 1994, 1995.  All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- *    notice, and the entire permission notice in its entirety,
+- *    including the disclaimer of warranties.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. The name of the author may not be used to endorse or promote
+- *    products derived from this software without specific prior
+- *    written permission.
+- * 
+- * ALTERNATIVELY, this product may be distributed under the terms of
+- * the GNU Public License, in which case the provisions of the GPL are
+- * required INSTEAD OF the above restrictions.  (This clause is
+- * necessary due to a potential bad interaction between the GPL and
+- * the restrictions contained in a BSD-style copyright.)
+- * 
+- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
+- * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+- * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
+- * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+- * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+- * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+- * OF THE POSSIBILITY OF SUCH DAMAGE.
+- */
+-
+-#include <sys/param.h>
+-#include <sys/systm.h>
+-#include <sys/kernel.h>
+-#include <sys/select.h>
+-#include <sys/poll.h>
+-#include <sys/md5.h>
+-
+-#include <machine/random.h>
+-
+-#include <i386/isa/icu.h>
+-
+-#define MAX_BLKDEV 4
+-
+-/*
+- * The pool is stirred with a primitive polynomial of degree 128
+- * over GF(2), namely x^128 + x^99 + x^59 + x^31 + x^9 + x^7 + 1.
+- * For a pool of size 64, try x^64+x^62+x^38+x^10+x^6+x+1.
+- */
+-#define POOLWORDS 128    /* Power of 2 - note that this is 32-bit words */
+-#define POOLBITS (POOLWORDS*32)
+-
+-#if POOLWORDS == 128
+-#define TAP1    99     /* The polynomial taps */
+-#define TAP2    59
+-#define TAP3    31
+-#define TAP4    9
+-#define TAP5    7
+-#elif POOLWORDS == 64
+-#define TAP1    62      /* The polynomial taps */
+-#define TAP2    38
+-#define TAP3    10
+-#define TAP4    6
+-#define TAP5    1
+-#else
+-#error No primitive polynomial available for chosen POOLWORDS
+-#endif
+-
+-#define WRITEBUFFER 512 /* size in bytes */
+-
+-/* There is actually only one of these, globally. */
+-struct random_bucket {
+-	u_int	add_ptr;
+-	u_int	entropy_count;
+-	int	input_rotate;
+-	u_int32_t *pool;
+-	struct	selinfo rsel;
+-};
+-
+-/* There is one of these per entropy source */
+-struct timer_rand_state {
+-	u_long	last_time;
+-	int 	last_delta;
+-	int 	nbits;
+-};
+-
+-static struct random_bucket random_state;
+-static u_int32_t random_pool[POOLWORDS];
+-static struct timer_rand_state keyboard_timer_state;
+-static struct timer_rand_state extract_timer_state;
+-static struct timer_rand_state irq_timer_state[ICU_LEN];
+-#ifdef notyet
+-static struct timer_rand_state blkdev_timer_state[MAX_BLKDEV];
+-#endif
+-static struct wait_queue *random_wait;
+-
+-#ifndef MIN
+-#define MIN(a,b) (((a) < (b)) ? (a) : (b))
+-#endif
+-	
+-void
+-rand_initialize(void)
+-{
+-	random_state.add_ptr = 0;
+-	random_state.entropy_count = 0;
+-	random_state.pool = random_pool;
+-	random_wait = NULL;
+-	random_state.rsel.si_flags = 0;
+-	random_state.rsel.si_pid = 0;
+-}
+-
+-/*
+- * This function adds an int into the entropy "pool".  It does not
+- * update the entropy estimate.  The caller must do this if appropriate.
+- *
+- * The pool is stirred with a primitive polynomial of degree 128
+- * over GF(2), namely x^128 + x^99 + x^59 + x^31 + x^9 + x^7 + 1.
+- * For a pool of size 64, try x^64+x^62+x^38+x^10+x^6+x+1.
+- * 
+- * We rotate the input word by a changing number of bits, to help
+- * assure that all bits in the entropy get toggled.  Otherwise, if we
+- * consistently feed the entropy pool small numbers (like ticks and
+- * scancodes, for example), the upper bits of the entropy pool don't
+- * get affected. --- TYT, 10/11/95
+- */
+-static __inline void
+-add_entropy_word(struct random_bucket *r, const u_int32_t input)
+-{
+-	u_int i;
+-	u_int32_t w;
+-
+-	w = (input << r->input_rotate) | (input >> (32 - r->input_rotate));
+-	i = r->add_ptr = (r->add_ptr - 1) & (POOLWORDS-1);
+-	if (i)
+-		r->input_rotate = (r->input_rotate + 7) & 31;
+-	else
+-		/*
+-		 * At the beginning of the pool, add an extra 7 bits
+-		 * rotation, so that successive passes spread the
+-		 * input bits across the pool evenly.
+-		 */
+-		r->input_rotate = (r->input_rotate + 14) & 31;
+-
+-	/* XOR in the various taps */
+-	w ^= r->pool[(i+TAP1)&(POOLWORDS-1)];
+-	w ^= r->pool[(i+TAP2)&(POOLWORDS-1)];
+-	w ^= r->pool[(i+TAP3)&(POOLWORDS-1)];
+-	w ^= r->pool[(i+TAP4)&(POOLWORDS-1)];
+-	w ^= r->pool[(i+TAP5)&(POOLWORDS-1)];
+-	w ^= r->pool[i];
+-	/* Rotate w left 1 bit (stolen from SHA) and store */
+-	r->pool[i] = (w << 1) | (w >> 31);
+-}
+-
+-/*
+- * This function adds entropy to the entropy "pool" by using timing
+- * delays.  It uses the timer_rand_state structure to make an estimate
+- * of how  any bits of entropy this call has added to the pool.
+- *
+- * The number "num" is also added to the pool - it should somehow describe
+- * the type of event which just happened.  This is currently 0-255 for
+- * keyboard scan codes, and 256 upwards for interrupts.
+- * On the i386, this is assumed to be at most 16 bits, and the high bits
+- * are used for a high-resolution timer.
+- */
+-static void
+-add_timer_randomness(struct random_bucket *r, struct timer_rand_state *state,
+-	u_int num)
+-{
+-	int		delta, delta2;
+-	u_int		nbits;
+-	u_int32_t	time;
+-
+-	num ^= timecounter->tc_get_timecount(timecounter) << 16;
+-	r->entropy_count += 2;
+-		
+-	time = ticks;
+-
+-	add_entropy_word(r, (u_int32_t) num);
+-	add_entropy_word(r, time);
+-
+-	/*
+-	 * Calculate number of bits of randomness we probably
+-	 * added.  We take into account the first and second order
+-	 * deltas in order to make our estimate.
+-	 */
+-	delta = time - state->last_time;
+-	state->last_time = time;
+-
+-	delta2 = delta - state->last_delta;
+-	state->last_delta = delta;
+-
+-	if (delta < 0) delta = -delta;
+-	if (delta2 < 0) delta2 = -delta2;
+-	delta = MIN(delta, delta2) >> 1;
+-	for (nbits = 0; delta; nbits++)
+-		delta >>= 1;
+-
+-	r->entropy_count += nbits;
+-	
+-	/* Prevent overflow */
+-	if (r->entropy_count > POOLBITS)
+-		r->entropy_count = POOLBITS;
+-
+-	if (r->entropy_count >= 8)
+-		selwakeup(&random_state.rsel);
+-}
+-
+-void
+-add_keyboard_randomness(u_char scancode)
+-{
+-	add_timer_randomness(&random_state, &keyboard_timer_state, scancode);
+-}
+-
+-void
+-add_interrupt_randomness(void *vsc)
+-{
+-	int intr;
+-	struct random_softc *sc = vsc;
+-
+-	(sc->sc_handler)(sc->sc_arg);
+-	intr = sc->sc_intr;
+-	add_timer_randomness(&random_state, &irq_timer_state[intr], intr);
+-}
+-
+-#ifdef notused
+-void
+-add_blkdev_randomness(int major)
+-{
+-	if (major >= MAX_BLKDEV)
+-		return;
+-
+-	add_timer_randomness(&random_state, &blkdev_timer_state[major],
+-			     0x200+major);
+-}
+-#endif /* notused */
+-
+-#if POOLWORDS % 16
+-#error extract_entropy() assumes that POOLWORDS is a multiple of 16 words.
+-#endif
+-/*
+- * This function extracts randomness from the "entropy pool", and
+- * returns it in a buffer.  This function computes how many remaining
+- * bits of entropy are left in the pool, but it does not restrict the
+- * number of bytes that are actually obtained.
+- */
+-static __inline int
+-extract_entropy(struct random_bucket *r, char *buf, int nbytes)
+-{
+-	int ret, i;
+-	u_int32_t tmp[4];
+-	
+-	add_timer_randomness(r, &extract_timer_state, nbytes);
+-	
+-	/* Redundant, but just in case... */
+-	if (r->entropy_count > POOLBITS) 
+-		r->entropy_count = POOLBITS;
+-	/* Why is this here?  Left in from Ted Ts'o.  Perhaps to limit time. */
+-	if (nbytes > 32768)
+-		nbytes = 32768;
+-
+-	ret = nbytes;
+-	if (r->entropy_count / 8 >= nbytes)
+-		r->entropy_count -= nbytes*8;
+-	else
+-		r->entropy_count = 0;
+-
+-	while (nbytes) {
+-		/* Hash the pool to get the output */
+-		tmp[0] = 0x67452301;
+-		tmp[1] = 0xefcdab89;
+-		tmp[2] = 0x98badcfe;
+-		tmp[3] = 0x10325476;
+-		for (i = 0; i < POOLWORDS; i += 16)
+-			MD5Transform(tmp, (char *)(r->pool+i));
+-		/* Modify pool so next hash will produce different results */
+-		add_entropy_word(r, tmp[0]);
+-		add_entropy_word(r, tmp[1]);
+-		add_entropy_word(r, tmp[2]);
+-		add_entropy_word(r, tmp[3]);
+-		/*
+-		 * Run the MD5 Transform one more time, since we want
+-		 * to add at least minimal obscuring of the inputs to
+-		 * add_entropy_word().  --- TYT
+-		 */
+-		MD5Transform(tmp, (char *)(r->pool));
+-		
+-		/* Copy data to destination buffer */
+-		i = MIN(nbytes, 16);
+-		bcopy(tmp, buf, i);
+-		nbytes -= i;
+-		buf += i;
+-	}
+-
+-	/* Wipe data from memory */
+-	bzero(tmp, sizeof(tmp));
+-	
+-	return ret;
+-}
+-
+-#ifdef notused /* XXX NOT the exported kernel interface */
+-/*
+- * This function is the exported kernel interface.  It returns some
+- * number of good random numbers, suitable for seeding TCP sequence
+- * numbers, etc.
+- */
+-void
+-get_random_bytes(void *buf, u_int nbytes)
+-{
+-	extract_entropy(&random_state, (char *) buf, nbytes);
+-}
+-#endif /* notused */
+-
+-u_int
+-read_random(void *buf, u_int nbytes)
+-{
+-	if ((nbytes * 8) > random_state.entropy_count)
+-		nbytes = random_state.entropy_count / 8;
+-	
+-	return extract_entropy(&random_state, (char *)buf, nbytes);
+-}
+-
+-u_int
+-read_random_unlimited(void *buf, u_int nbytes)
+-{
+-	return extract_entropy(&random_state, (char *)buf, nbytes);
+-}
+-
+-#ifdef notused
+-u_int
+-write_random(const char *buf, u_int nbytes)
+-{
+-	u_int i;
+-	u_int32_t word, *p;
+-
+-	for (i = nbytes, p = (u_int32_t *)buf;
+-	     i >= sizeof(u_int32_t);
+-	     i-= sizeof(u_int32_t), p++)
+-		add_entropy_word(&random_state, *p);
+-	if (i) {
+-		word = 0;
+-		bcopy(p, &word, i);
+-		add_entropy_word(&random_state, word);
+-	}
+-	return nbytes;
+-}
+-#endif /* notused */
+-
+-int
+-random_poll(dev_t dev, int events, struct proc *p)
+-{
+-	int s;
+-	int revents = 0;
+-
+-	s = splhigh();
+-	if (events & (POLLIN | POLLRDNORM)) {
+-		if (random_state.entropy_count >= 8)
+-			revents |= events & (POLLIN | POLLRDNORM);
+-		else
+-			selrecord(p, &random_state.rsel);
+-	}
+-	splx(s);
+-	if (events & (POLLOUT | POLLWRNORM))
+-		revents |= events & (POLLOUT | POLLWRNORM);	/* heh */
+-
+-	return (revents);
+-}
+-
+
+
+
+--- /dev/null	Tue May 23 22:48:55 2000
++++ sys/kern/kern_random.c	Tue May 23 21:09:05 2000
+@@ -0,0 +1,392 @@
++/*
++ * kern_random.c -- A strong random number generator
++ *
++ * $FreeBSD: src/sys/kern/kern_random.c,v 1.36.2.1 2000/05/10 02:04:49 obrien Exp $
++ *
++ * Version 0.95, last modified 18-Oct-95
++ * 
++ * Copyright Theodore Ts'o, 1994, 1995.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, and the entire permission notice in its entirety,
++ *    including the disclaimer of warranties.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote
++ *    products derived from this software without specific prior
++ *    written permission.
++ * 
++ * ALTERNATIVELY, this product may be distributed under the terms of
++ * the GNU Public License, in which case the provisions of the GPL are
++ * required INSTEAD OF the above restrictions.  (This clause is
++ * necessary due to a potential bad interaction between the GPL and
++ * the restrictions contained in a BSD-style copyright.)
++ * 
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ */
++
++#include <sys/param.h>
++#include <sys/systm.h>
++#include <sys/kernel.h>
++#include <sys/select.h>
++#include <sys/poll.h>
++#include <sys/md5.h>
++#include <sys/random.h>
++
++#ifdef __i386__
++#include <i386/isa/icu.h>
++#endif
++#ifdef __alpha__
++/*
++	XXX  the below should be used.  However there is too much "16"
++	hardcodeing in kern_random.c right now. -- obrien
++#include <machine/ipl.h>
++#if NHWI > 0
++#define	ICU_LEN (NHWI)
++#else
++#define	ICU_LEN (NSWI)
++#endif
++*/
++#define	ICU_LEN 16
++#endif
++
++#define MAX_BLKDEV 4
++
++/*
++ * The pool is stirred with a primitive polynomial of degree 128
++ * over GF(2), namely x^128 + x^99 + x^59 + x^31 + x^9 + x^7 + 1.
++ * For a pool of size 64, try x^64+x^62+x^38+x^10+x^6+x+1.
++ */
++#define POOLWORDS 128    /* Power of 2 - note that this is 32-bit words */
++#define POOLBITS (POOLWORDS*32)
++
++#if POOLWORDS == 128
++#define TAP1    99     /* The polynomial taps */
++#define TAP2    59
++#define TAP3    31
++#define TAP4    9
++#define TAP5    7
++#elif POOLWORDS == 64
++#define TAP1    62      /* The polynomial taps */
++#define TAP2    38
++#define TAP3    10
++#define TAP4    6
++#define TAP5    1
++#else
++#error No primitive polynomial available for chosen POOLWORDS
++#endif
++
++#define WRITEBUFFER 512 /* size in bytes */
++
++/* There is actually only one of these, globally. */
++struct random_bucket {
++	u_int	add_ptr;
++	u_int	entropy_count;
++	int	input_rotate;
++	u_int32_t *pool;
++	struct	selinfo rsel;
++};
++
++/* There is one of these per entropy source */
++struct timer_rand_state {
++	u_long	last_time;
++	int 	last_delta;
++	int 	nbits;
++};
++
++static struct random_bucket random_state;
++static u_int32_t random_pool[POOLWORDS];
++static struct timer_rand_state keyboard_timer_state;
++static struct timer_rand_state extract_timer_state;
++static struct timer_rand_state irq_timer_state[ICU_LEN];
++#ifdef notyet
++static struct timer_rand_state blkdev_timer_state[MAX_BLKDEV];
++#endif
++static struct wait_queue *random_wait;
++
++#ifndef MIN
++#define MIN(a,b) (((a) < (b)) ? (a) : (b))
++#endif
++	
++void
++rand_initialize(void)
++{
++	random_state.add_ptr = 0;
++	random_state.entropy_count = 0;
++	random_state.pool = random_pool;
++	random_wait = NULL;
++	random_state.rsel.si_flags = 0;
++	random_state.rsel.si_pid = 0;
++}
++
++/*
++ * This function adds an int into the entropy "pool".  It does not
++ * update the entropy estimate.  The caller must do this if appropriate.
++ *
++ * The pool is stirred with a primitive polynomial of degree 128
++ * over GF(2), namely x^128 + x^99 + x^59 + x^31 + x^9 + x^7 + 1.
++ * For a pool of size 64, try x^64+x^62+x^38+x^10+x^6+x+1.
++ * 
++ * We rotate the input word by a changing number of bits, to help
++ * assure that all bits in the entropy get toggled.  Otherwise, if we
++ * consistently feed the entropy pool small numbers (like ticks and
++ * scancodes, for example), the upper bits of the entropy pool don't
++ * get affected. --- TYT, 10/11/95
++ */
++static __inline void
++add_entropy_word(struct random_bucket *r, const u_int32_t input)
++{
++	u_int i;
++	u_int32_t w;
++
++	w = (input << r->input_rotate) | (input >> (32 - r->input_rotate));
++	i = r->add_ptr = (r->add_ptr - 1) & (POOLWORDS-1);
++	if (i)
++		r->input_rotate = (r->input_rotate + 7) & 31;
++	else
++		/*
++		 * At the beginning of the pool, add an extra 7 bits
++		 * rotation, so that successive passes spread the
++		 * input bits across the pool evenly.
++		 */
++		r->input_rotate = (r->input_rotate + 14) & 31;
++
++	/* XOR in the various taps */
++	w ^= r->pool[(i+TAP1)&(POOLWORDS-1)];
++	w ^= r->pool[(i+TAP2)&(POOLWORDS-1)];
++	w ^= r->pool[(i+TAP3)&(POOLWORDS-1)];
++	w ^= r->pool[(i+TAP4)&(POOLWORDS-1)];
++	w ^= r->pool[(i+TAP5)&(POOLWORDS-1)];
++	w ^= r->pool[i];
++	/* Rotate w left 1 bit (stolen from SHA) and store */
++	r->pool[i] = (w << 1) | (w >> 31);
++}
++
++/*
++ * This function adds entropy to the entropy "pool" by using timing
++ * delays.  It uses the timer_rand_state structure to make an estimate
++ * of how  any bits of entropy this call has added to the pool.
++ *
++ * The number "num" is also added to the pool - it should somehow describe
++ * the type of event which just happened.  This is currently 0-255 for
++ * keyboard scan codes, and 256 upwards for interrupts.
++ * On the i386, this is assumed to be at most 16 bits, and the high bits
++ * are used for a high-resolution timer.
++ */
++static void
++add_timer_randomness(struct random_bucket *r, struct timer_rand_state *state,
++	u_int num)
++{
++	int		delta, delta2;
++	u_int		nbits;
++	u_int32_t	time;
++
++	num ^= timecounter->tc_get_timecount(timecounter) << 16;
++	r->entropy_count += 2;
++		
++	time = ticks;
++
++	add_entropy_word(r, (u_int32_t) num);
++	add_entropy_word(r, time);
++
++	/*
++	 * Calculate number of bits of randomness we probably
++	 * added.  We take into account the first and second order
++	 * deltas in order to make our estimate.
++	 */
++	delta = time - state->last_time;
++	state->last_time = time;
++
++	delta2 = delta - state->last_delta;
++	state->last_delta = delta;
++
++	if (delta < 0) delta = -delta;
++	if (delta2 < 0) delta2 = -delta2;
++	delta = MIN(delta, delta2) >> 1;
++	for (nbits = 0; delta; nbits++)
++		delta >>= 1;
++
++	r->entropy_count += nbits;
++	
++	/* Prevent overflow */
++	if (r->entropy_count > POOLBITS)
++		r->entropy_count = POOLBITS;
++
++	if (r->entropy_count >= 8)
++		selwakeup(&random_state.rsel);
++}
++
++void
++add_keyboard_randomness(u_char scancode)
++{
++	add_timer_randomness(&random_state, &keyboard_timer_state, scancode);
++}
++
++void
++add_interrupt_randomness(void *vsc)
++{
++	int intr;
++	struct random_softc *sc = vsc;
++
++	(sc->sc_handler)(sc->sc_arg);
++	intr = sc->sc_intr;
++	add_timer_randomness(&random_state, &irq_timer_state[intr], intr);
++}
++
++#ifdef notused
++void
++add_blkdev_randomness(int major)
++{
++	if (major >= MAX_BLKDEV)
++		return;
++
++	add_timer_randomness(&random_state, &blkdev_timer_state[major],
++			     0x200+major);
++}
++#endif /* notused */
++
++#if POOLWORDS % 16
++#error extract_entropy() assumes that POOLWORDS is a multiple of 16 words.
++#endif
++/*
++ * This function extracts randomness from the "entropy pool", and
++ * returns it in a buffer.  This function computes how many remaining
++ * bits of entropy are left in the pool, but it does not restrict the
++ * number of bytes that are actually obtained.
++ */
++static __inline int
++extract_entropy(struct random_bucket *r, char *buf, int nbytes)
++{
++	int ret, i;
++	u_int32_t tmp[4];
++	
++	add_timer_randomness(r, &extract_timer_state, nbytes);
++	
++	/* Redundant, but just in case... */
++	if (r->entropy_count > POOLBITS) 
++		r->entropy_count = POOLBITS;
++	/* Why is this here?  Left in from Ted Ts'o.  Perhaps to limit time. */
++	if (nbytes > 32768)
++		nbytes = 32768;
++
++	ret = nbytes;
++	if (r->entropy_count / 8 >= nbytes)
++		r->entropy_count -= nbytes*8;
++	else
++		r->entropy_count = 0;
++
++	while (nbytes) {
++		/* Hash the pool to get the output */
++		tmp[0] = 0x67452301;
++		tmp[1] = 0xefcdab89;
++		tmp[2] = 0x98badcfe;
++		tmp[3] = 0x10325476;
++		for (i = 0; i < POOLWORDS; i += 16)
++			MD5Transform(tmp, (char *)(r->pool+i));
++		/* Modify pool so next hash will produce different results */
++		add_entropy_word(r, tmp[0]);
++		add_entropy_word(r, tmp[1]);
++		add_entropy_word(r, tmp[2]);
++		add_entropy_word(r, tmp[3]);
++		/*
++		 * Run the MD5 Transform one more time, since we want
++		 * to add at least minimal obscuring of the inputs to
++		 * add_entropy_word().  --- TYT
++		 */
++		MD5Transform(tmp, (char *)(r->pool));
++		
++		/* Copy data to destination buffer */
++		i = MIN(nbytes, 16);
++		bcopy(tmp, buf, i);
++		nbytes -= i;
++		buf += i;
++	}
++
++	/* Wipe data from memory */
++	bzero(tmp, sizeof(tmp));
++	
++	return ret;
++}
++
++#ifdef notused /* XXX NOT the exported kernel interface */
++/*
++ * This function is the exported kernel interface.  It returns some
++ * number of good random numbers, suitable for seeding TCP sequence
++ * numbers, etc.
++ */
++void
++get_random_bytes(void *buf, u_int nbytes)
++{
++	extract_entropy(&random_state, (char *) buf, nbytes);
++}
++#endif /* notused */
++
++u_int
++read_random(void *buf, u_int nbytes)
++{
++	if ((nbytes * 8) > random_state.entropy_count)
++		nbytes = random_state.entropy_count / 8;
++	
++	return extract_entropy(&random_state, (char *)buf, nbytes);
++}
++
++u_int
++read_random_unlimited(void *buf, u_int nbytes)
++{
++	return extract_entropy(&random_state, (char *)buf, nbytes);
++}
++
++#ifdef notused
++u_int
++write_random(const char *buf, u_int nbytes)
++{
++	u_int i;
++	u_int32_t word, *p;
++
++	for (i = nbytes, p = (u_int32_t *)buf;
++	     i >= sizeof(u_int32_t);
++	     i-= sizeof(u_int32_t), p++)
++		add_entropy_word(&random_state, *p);
++	if (i) {
++		word = 0;
++		bcopy(p, &word, i);
++		add_entropy_word(&random_state, word);
++	}
++	return nbytes;
++}
++#endif /* notused */
++
++int
++random_poll(dev_t dev, int events, struct proc *p)
++{
++	int s;
++	int revents = 0;
++
++	s = splhigh();
++	if (events & (POLLIN | POLLRDNORM)) {
++		if (random_state.entropy_count >= 8)
++			revents |= events & (POLLIN | POLLRDNORM);
++		else
++			selrecord(p, &random_state.rsel);
++	}
++	splx(s);
++	if (events & (POLLOUT | POLLWRNORM))
++		revents |= events & (POLLOUT | POLLWRNORM);	/* heh */
++
++	return (revents);
++}
++
+
+
+--- /dev/null	Tue May 23 22:48:55 2000
++++ sys/sys/random.h	Tue May 23 21:11:04 2000
+@@ -0,0 +1,91 @@
++/*
++ * random.h -- A strong random number generator
++ *
++ * $FreeBSD: src/sys/sys/random.h,v 1.19.2.1 2000/05/10 02:04:52 obrien Exp $
++ *
++ * Version 0.95, last modified 18-Oct-95
++ * 
++ * Copyright Theodore Ts'o, 1994, 1995.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, and the entire permission notice in its entirety,
++ *    including the disclaimer of warranties.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ * 3. The name of the author may not be used to endorse or promote
++ *    products derived from this software without specific prior
++ *    written permission.
++ * 
++ * ALTERNATIVELY, this product may be distributed under the terms of
++ * the GNU Public License, in which case the provisions of the GPL are
++ * required INSTEAD OF the above restrictions.  (This clause is
++ * necessary due to a potential bad interaction between the GPL and
++ * the restrictions contained in a BSD-style copyright.)
++ * 
++ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED
++ * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
++ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
++ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
++ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
++ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ *
++ */
++
++/*
++ * Many kernel routines will have a use for good random numbers,
++ * for example, for truely random TCP sequence numbers, which prevent
++ * certain forms of TCP spoofing attacks.
++ * 
++ */
++
++#ifndef	_SYS_RANDOM_H_
++#define	_SYS_RANDOM_H_
++
++#include <sys/ioccom.h>
++
++#define	MEM_SETIRQ	_IOW('r', 1, u_int16_t)	/* set interrupt */
++#define	MEM_CLEARIRQ	_IOW('r', 2, u_int16_t)	/* clear interrupt */
++#define	MEM_RETURNIRQ	_IOR('r', 3, u_int16_t)	/* return interrupt */
++
++#ifdef _KERNEL
++
++/* Type of the cookie passed to add_interrupt_randomness. */
++
++struct random_softc {
++	inthand2_t	*sc_handler;
++	void		*sc_arg;
++	int		sc_intr;
++};
++
++/* Exported functions */
++
++void rand_initialize(void);
++void add_keyboard_randomness(u_char scancode);
++inthand2_t add_interrupt_randomness;
++#ifdef notused
++void add_blkdev_randomness(int major);
++#endif
++
++#ifdef notused
++void get_random_bytes(void *buf, u_int nbytes);
++#endif
++u_int read_random(void *buf, u_int size);
++u_int read_random_unlimited(void *buf, u_int size);
++#ifdef notused
++u_int write_random(const char *buf, u_int nbytes);
++#endif
++struct proc;
++int random_poll(dev_t dev, int events, struct proc *p);
++
++#endif /* _KERNEL */
++
++#endif /* !_SYS_RANDOM_H_ */
diff --git a/share/security/patches/SA-00:25/kernel.sys.diff.asc b/share/security/patches/SA-00:25/kernel.sys.diff.asc
new file mode 100644
index 0000000000..f1e591265b
--- /dev/null
+++ b/share/security/patches/SA-00:25/kernel.sys.diff.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUAOTyRWFUuHi5z0oilAQGgGwQAgvu2lHGPcfhDiDAGltItN1pq6lXzItC1
+STZkQLso/UjqyPu88tALvsZtAUKXmNm7jDIcCXuz2ONMMvLKrRaNTONlV/rNJP5d
+cKbtr3JUHr4XcALvBGDsC8cY5CEFqbLT9y/bBeh/DqI0JdJ524DGsv/JSEqG4Yje
+pwdsMhVRK+k=
+=yEEg
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:30/sshd.patch b/share/security/patches/SA-00:30/sshd.patch
new file mode 100644
index 0000000000..6be08e94a2
--- /dev/null
+++ b/share/security/patches/SA-00:30/sshd.patch
@@ -0,0 +1,21 @@
+Index: sshd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd.c,v
+retrieving revision 1.6
+diff -u -r1.6 sshd.c
+--- sshd.c	2000/03/09 14:52:31	1.6
++++ sshd.c	2000/07/04 09:27:02
+@@ -2564,7 +2564,13 @@
+ 	char *argv[10];
+ #ifdef LOGIN_CAP
+ 	login_cap_t *lc;
++#endif
+ 
++	/* login(1) is only called if we execute the login shell */
++	if (options.use_login && command != NULL)
++		options.use_login = 0;
++
++#ifdef LOGIN_CAP
+ 	lc = login_getpwclass(pw);
+ 	if (lc == NULL)
+ 		lc = login_getclassbyname(NULL, pw);
diff --git a/share/security/patches/SA-00:30/sshd.patch.asc b/share/security/patches/SA-00:30/sshd.patch.asc
new file mode 100644
index 0000000000..f1e0db06c2
--- /dev/null
+++ b/share/security/patches/SA-00:30/sshd.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOWGuGlUuHi5z0oilAQGCFwP7BEac7VMQxiOZ3Qv82kq23Wlf92IvGp9f
+HzLSbeEtjZ3DcxAeCtGEozv4oa3gFA/UAyXaWUYBa5dgVoYZ6AyhmUaQmFrRTbPL
+FQB/dGwJY65pJabc3i4OCCRBZkFL8qJRmjYGUvb86Y/SSB/BvTvKgSyvlfZfFzkw
+w6G/6VjCIwk=
+=3gHq
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:41/elf.patch b/share/security/patches/SA-00:41/elf.patch
new file mode 100644
index 0000000000..e95b3570e3
--- /dev/null
+++ b/share/security/patches/SA-00:41/elf.patch
@@ -0,0 +1,65 @@
+--- imgact_elf.c	2000/04/30 18:51:39	1.75
++++ imgact_elf.c	2000/07/23 22:19:49	1.78
+@@ -190,6 +190,21 @@
+ 	object = vp->v_object;
+ 	error = 0;
+ 
++	/*
++	 * It's necessary to fail if the filsz + offset taken from the
++	 * header is greater than the actual file pager object's size.
++	 * If we were to allow this, then the vm_map_find() below would
++	 * walk right off the end of the file object and into the ether.
++	 *
++	 * While I'm here, might as well check for something else that
++	 * is invalid: filsz cannot be greater than memsz.
++	 */
++	if ((off_t)filsz + offset > object->un_pager.vnp.vnp_size ||
++	    filsz > memsz) {
++		uprintf("elf_load_section: truncated ELF file\n");
++		return (ENOEXEC);
++	}
++
+ 	map_addr = trunc_page((vm_offset_t)vmaddr);
+ 	file_addr = trunc_page(offset);
+ 
+@@ -341,6 +356,12 @@
+ 	}
+ 
+ 	error = exec_map_first_page(imgp);
++	/*
++	 * Also make certain that the interpreter stays the same, so set
++	 * its VTEXT flag, too.
++	 */
++	if (error == 0)
++		nd.ni_vp->v_flag |= VTEXT;
+ 	VOP_UNLOCK(nd.ni_vp, 0, p);
+ 	if (error)
+                 goto fail;
+@@ -449,6 +470,17 @@
+ 	/*
+ 	 * From this point on, we may have resources that need to be freed.
+ 	 */
++
++	/*
++	 * Yeah, I'm paranoid.  There is every reason in the world to get
++	 * VTEXT now since from here on out, there are places we can have
++	 * a context switch.  Better safe than sorry; I really don't want
++	 * the file to change while it's being loaded.
++	 */
++	simple_lock(&imgp->vp->v_interlock);
++	imgp->vp->v_flag |= VTEXT;
++	simple_unlock(&imgp->vp->v_interlock);
++
+ 	if ((error = exec_extract_strings(imgp)) != 0)
+ 		goto fail;
+ 
+@@ -610,9 +642,6 @@
+ 	imgp->auxargs = elf_auxargs;
+ 	imgp->interpreted = 0;
+ 
+-	/* don't allow modifying the file while we run it */
+-	imgp->vp->v_flag |= VTEXT;
+-	
+ fail:
+ 	return error;
+ }
diff --git a/share/security/patches/SA-00:41/elf.patch.asc b/share/security/patches/SA-00:41/elf.patch.asc
new file mode 100644
index 0000000000..47b156ef98
--- /dev/null
+++ b/share/security/patches/SA-00:41/elf.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOaNqdVUuHi5z0oilAQHJkQP/VRcVMXJdLCj+cekKYAPpF7a3l5Y9Fzuc
+Ejh9xtOG5hFJaUUzARkXmIKtZynNgKcRzT4OmfVkSejsu8YSl5CdYBCD/OzbtQZm
+9+f/AAN+lmCD1OSvVlePLhIAjiUOh379mCC4griS0emDHEplmJ0sUelugp5Ma0xX
+yqwRz9NZlZI=
+=1h8o
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:42/linux.patch b/share/security/patches/SA-00:42/linux.patch
new file mode 100644
index 0000000000..41290b6045
--- /dev/null
+++ b/share/security/patches/SA-00:42/linux.patch
@@ -0,0 +1,83 @@
+Index: linux_misc.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/linux/linux_misc.c,v
+retrieving revision 1.77.2.3
+retrieving revision 1.77.2.4
+diff -u -r1.77.2.3 -r1.77.2.4
+--- linux_misc.c	2000/07/20 05:31:56	1.77.2.3
++++ linux_misc.c	2000/07/30 05:36:11	1.77.2.4
+@@ -954,6 +954,8 @@
+ 	tv[1].tv_usec = 0;
+ 	/* so that utimes can copyin */
+ 	tvp = (struct timeval *)stackgap_alloc(&sg, sizeof(tv));
++	if (tvp == NULL)
++		return (ENAMETOOLONG);
+ 	if ((error = copyout(tv, tvp, sizeof(tv))))
+ 	    return error;
+ 	bsdutimes.tptr = tvp;
+Index: linux_util.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/linux/linux_util.c,v
+retrieving revision 1.9.2.1
+retrieving revision 1.9.2.2
+diff -u -r1.9.2.1 -r1.9.2.2
+--- linux_util.c	2000/07/07 01:23:45	1.9.2.1
++++ linux_util.c	2000/07/30 05:36:11	1.9.2.2
+@@ -162,7 +162,10 @@
+ 	else {
+ 		sz = &ptr[len] - buf;
+ 		*pbuf = stackgap_alloc(sgp, sz + 1);
+-		error = copyout(buf, *pbuf, sz);
++		if (*pbuf != NULL)
++			error = copyout(buf, *pbuf, sz);
++		else
++			error = ENAMETOOLONG;
+ 		free(buf, M_TEMP);
+ 	}
+ 
+Index: linux_util.h
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/linux/linux_util.h,v
+retrieving revision 1.10
+retrieving revision 1.10.2.1
+diff -u -r1.10 -r1.10.2.1
+--- linux_util.h	1999/12/04 11:10:22	1.10
++++ linux_util.h	2000/07/30 05:36:11	1.10.2.1
+@@ -56,29 +56,27 @@
+ static __inline caddr_t stackgap_init(void);
+ static __inline void *stackgap_alloc(caddr_t *, size_t);
+ 
++#define szsigcode (*(curproc->p_sysent->sv_szsigcode))
++
+ static __inline caddr_t
+ stackgap_init()
+ {
+-#define szsigcode (*(curproc->p_sysent->sv_szsigcode))
+ 	return (caddr_t)(PS_STRINGS - szsigcode - SPARE_USRSPACE);
+ }
+ 
+-
+ static __inline void *
+ stackgap_alloc(sgp, sz)
+ 	caddr_t	*sgp;
+ 	size_t   sz;
+ {
+-	void	*p = (void *) *sgp;
+-	*sgp += ALIGN(sz);
++	void *p = (void *) *sgp;
++
++	sz = ALIGN(sz);
++	if (*sgp + sz > (caddr_t)(PS_STRINGS - szsigcode))
++		return NULL;
++	*sgp += sz;
+ 	return p;
+ }
+-
+-#ifdef DEBUG_LINUX
+-#define DPRINTF(a)      printf a;
+-#else
+-#define DPRINTF(a)
+-#endif
+ 
+ extern const char linux_emul_path[];
+ 
diff --git a/share/security/patches/SA-00:42/linux.patch.asc b/share/security/patches/SA-00:42/linux.patch.asc
new file mode 100644
index 0000000000..9c65289e28
--- /dev/null
+++ b/share/security/patches/SA-00:42/linux.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOaNrFVUuHi5z0oilAQGKLAP+JuAxZQJF6AUSfm5ea46QYYk9xjn/nawP
+6VLKz9lRWqVX12s5NiGTM22EgVPUKfdQJtw+15dH/GT48xIdgmrCm2k0BXqCRiGB
+OPcZYXm/ArdCxZATMVI/7MGONfa0RQhj9O6kRtRL/jB7DnaYqWSO67b2ijnCtGF7
+IWwea/2reKw=
+=QF1u
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:52/tcp-iss-3.x.patch b/share/security/patches/SA-00:52/tcp-iss-3.x.patch
new file mode 100644
index 0000000000..481915f8c7
--- /dev/null
+++ b/share/security/patches/SA-00:52/tcp-iss-3.x.patch
@@ -0,0 +1,196 @@
+Index: tcp_seq.h
+===================================================================
+RCS file: /usr2/ncvs/src/sys/netinet/tcp_seq.h,v
+retrieving revision 1.11
+retrieving revision 1.12
+diff -u -r1.11 -r1.12
+--- netinet/tcp_seq.h	1999/12/29 04:41:02	1.11
++++ netinet/tcp_seq.h	2000/09/29 01:37:19	1.12
+@@ -91,7 +91,7 @@
+  * number in the range [0-0x3ffff] that is hard to predict.
+  */
+ #ifndef tcp_random18
+-#define	tcp_random18()	((random() >> 14) & 0x3ffff)
++#define	tcp_random18()	(arc4random() & 0x3ffff)
+ #endif
+ #define	TCP_ISSINCR	(122*1024 + tcp_random18())
+ 
+Index: tcp_subr.c
+===================================================================
+RCS file: /usr2/ncvs/src/sys/netinet/tcp_subr.c,v
+retrieving revision 1.80
+retrieving revision 1.81
+diff -u -r1.80 -r1.81
+--- netinet/tcp_subr.c	2000/09/25 23:40:22	1.80
++++ netinet/tcp_subr.c	2000/09/29 01:37:19	1.81
+@@ -178,7 +178,7 @@
+ {
+ 	int hashsize;
+ 	
+-	tcp_iss = random();	/* wrong, but better than a constant */
++	tcp_iss = arc4random();	/* wrong, but better than a constant */
+ 	tcp_ccgen = 1;
+ 	tcp_cleartaocache();
+ 
+Index: sys/alpha/conf/files.alpha
+===================================================================
+RCS file: /usr2/ncvs/src/sys/alpha/conf/Attic/files.alpha,v
+retrieving revision 1.15.2.3
+retrieving revision 1.15.2.4
+diff -u -u -r1.15.2.3 -r1.15.2.4
+--- alpha/conf/files.alpha	1999/12/06 21:03:17	1.15.2.3
++++ alpha/conf/files.alpha	2000/09/29 22:07:27	1.15.2.4
+@@ -120,6 +120,7 @@
+ alpha/isa/isa.c			optional	isa
+ alpha/isa/mcclock_isa.c		optional	isa
+ alpha/alpha/elf_machdep.c	standard
++libkern/arc4random.c		standard
+ libkern/bcd.c			standard
+ libkern/bcmp.c			standard
+ libkern/ffs.c			standard
+Index: sys/i386/conf/files.i386
+===================================================================
+RCS file: /usr2/ncvs/src/sys/i386/conf/Attic/files.i386,v
+retrieving revision 1.220.2.17
+retrieving revision 1.220.2.18
+diff -u -u -r1.220.2.17 -r1.220.2.18
+--- i386/conf/files.i386	1999/12/06 21:03:19	1.220.2.17
++++ i386/conf/files.i386	2000/09/29 22:07:28	1.220.2.18
+@@ -330,6 +330,7 @@
+ i4b/layer1/i4b_elsa_qs1i.c	optional	isic	device-driver
+ i4b/layer1/i4b_elsa_qs1p.c	optional	isic	device-driver
+ i4b/layer1/i4b_siemens_isurf.c	optional	isic	device-driver
++libkern/arc4random.c		standard
+ libkern/bcd.c			standard
+ libkern/divdi3.c		standard
+ libkern/inet_ntoa.c		standard
+Index: sys/sys/libkern.h
+===================================================================
+RCS file: /usr2/ncvs/src/sys/sys/libkern.h,v
+retrieving revision 1.16.4.1
+retrieving revision 1.16.4.2
+diff -u -u -r1.16.4.1 -r1.16.4.2
+--- sys/libkern.h	1999/08/29 16:32:28	1.16.4.1
++++ sys/libkern.h	2000/09/29 22:07:29	1.16.4.2
+@@ -61,6 +61,7 @@
+ static __inline u_long ulmin(u_long a, u_long b) { return (a < b ? a : b); }
+ 
+ /* Prototypes for non-quad routines. */
++u_int32_t arc4random __P((void));
+ int	 bcmp __P((const void *, const void *, size_t));
+ #ifndef HAVE_INLINE_FFS
+ int	 ffs __P((int));
+--- /dev/null	Thu Oct  5 03:00:27 2000
++++ libkern/arc4random.c	Fri Sep 29 15:07:29 2000
+@@ -0,0 +1,111 @@
++/*-
++ * THE BEER-WARE LICENSE
++ *
++ * <dan@FreeBSD.ORG> wrote this file.  As long as you retain this notice you
++ * can do whatever you want with this stuff.  If we meet some day, and you
++ * think this stuff is worth it, you can buy me a beer in return.
++ *
++ * Dan Moschuk
++ *
++ * $FreeBSD: src/sys/libkern/arc4random.c,v 1.6.2.1 2000/09/29 22:07:29 kris Exp $
++ */
++
++#include <sys/libkern.h>
++
++#define	ARC4_MAXRUNS 64
++
++static u_int8_t arc4_i, arc4_j;
++static int arc4_initialized = 0;
++static int arc4_numruns = 0;
++static u_int8_t arc4_sbox[256];
++
++extern u_int read_random (void *, u_int);
++
++static __inline void
++arc4_swap(u_int8_t *a, u_int8_t *b)
++{
++	u_int8_t c;
++
++	c = *a;
++	*a = *b;
++	*b = c;
++}	
++
++/*
++ * Stir our S-box.
++ */
++static void
++arc4_randomstir (void)
++{
++	u_int8_t key[256];
++	int r, n;
++
++	r = read_random(key, sizeof(key));
++	/* if r == 0 || -1, just use what was on the stack */
++	if (r > 0)
++	{
++		for (n = r; n < sizeof(key); n++)
++			key[n] = key[n % r];
++	}
++
++	for (n = 0; n < 256; n++)
++	{
++		arc4_j = (arc4_j + arc4_sbox[n] + key[n]) % 256;
++		arc4_swap(&arc4_sbox[n], &arc4_sbox[arc4_j]);
++	}
++}
++
++/*
++ * Initialize our S-box to its beginning defaults.
++ */
++static void
++arc4_init(void)
++{
++	int n;
++
++	arc4_i = arc4_j = 0;
++	for (n = 0; n < 256; n++)
++		arc4_sbox[n] = (u_int8_t) n;
++
++	arc4_randomstir();
++	arc4_initialized = 1;
++}
++
++/*
++ * Generate a random byte.
++ */
++static u_int8_t
++arc4_randbyte(void)
++{
++	u_int8_t arc4_t;
++
++	arc4_i = (arc4_i + 1) % 256;
++	arc4_j = (arc4_j + arc4_sbox[arc4_i]) % 256;
++
++	arc4_swap(&arc4_sbox[arc4_i], &arc4_sbox[arc4_j]);
++
++	arc4_t = (arc4_sbox[arc4_i] + arc4_sbox[arc4_j]) % 256;
++	return arc4_sbox[arc4_t];
++}
++
++u_int32_t
++arc4random(void)
++{
++	u_int32_t ret;
++
++	/* Initialize array if needed. */
++	if (!arc4_initialized)
++		arc4_init();
++	if (++arc4_numruns > ARC4_MAXRUNS)
++	{
++		arc4_randomstir();
++		arc4_numruns = 0;
++	}
++
++	ret = arc4_randbyte();
++	ret |= arc4_randbyte() << 8;
++	ret |= arc4_randbyte() << 16;
++	ret |= arc4_randbyte() << 24;
++
++	return ret;
++}
diff --git a/share/security/patches/SA-00:52/tcp-iss-3.x.patch.asc b/share/security/patches/SA-00:52/tcp-iss-3.x.patch.asc
new file mode 100644
index 0000000000..9d0ea3e8c9
--- /dev/null
+++ b/share/security/patches/SA-00:52/tcp-iss-3.x.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOd47wFUuHi5z0oilAQERNgP/evIr0dVIcdgynQGpVq84Tq7TT26gq4mu
+sf4vRw1KZUH/Nvv4Ni5DQD/X5Acait2xeVWkHjMAqO8CqRZG/VDV8B4eHDg73ln8
+I9QNsH/TMKtJ9oWNSw6B7IGIOYOS40NVAsTLHjIVraPkuq9f/JzqLbS9DDdKMfhr
+OqMX3zCTvQE=
+=jnjA
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:52/tcp-iss.patch b/share/security/patches/SA-00:52/tcp-iss.patch
new file mode 100644
index 0000000000..0587a621dd
--- /dev/null
+++ b/share/security/patches/SA-00:52/tcp-iss.patch
@@ -0,0 +1,52 @@
+Index: tcp_seq.h
+===================================================================
+RCS file: /usr2/ncvs/src/sys/netinet/tcp_seq.h,v
+retrieving revision 1.11
+retrieving revision 1.12
+diff -u -r1.11 -r1.12
+--- tcp_seq.h	1999/12/29 04:41:02	1.11
++++ tcp_seq.h	2000/09/29 01:37:19	1.12
+@@ -31,7 +31,7 @@
+  * SUCH DAMAGE.
+  *
+  *	@(#)tcp_seq.h	8.3 (Berkeley) 6/21/95
+- * $FreeBSD: src/sys/netinet/tcp_seq.h,v 1.11 1999/12/29 04:41:02 peter Exp $
++ * $FreeBSD: src/sys/netinet/tcp_seq.h,v 1.12 2000/09/29 01:37:19 kris Exp $
+  */
+ 
+ #ifndef _NETINET_TCP_SEQ_H_
+@@ -91,7 +91,7 @@
+  * number in the range [0-0x3ffff] that is hard to predict.
+  */
+ #ifndef tcp_random18
+-#define	tcp_random18()	((random() >> 14) & 0x3ffff)
++#define	tcp_random18()	(arc4random() & 0x3ffff)
+ #endif
+ #define	TCP_ISSINCR	(122*1024 + tcp_random18())
+ 
+Index: tcp_subr.c
+===================================================================
+RCS file: /usr2/ncvs/src/sys/netinet/tcp_subr.c,v
+retrieving revision 1.80
+retrieving revision 1.81
+diff -u -r1.80 -r1.81
+--- tcp_subr.c	2000/09/25 23:40:22	1.80
++++ tcp_subr.c	2000/09/29 01:37:19	1.81
+@@ -31,7 +31,7 @@
+  * SUCH DAMAGE.
+  *
+  *	@(#)tcp_subr.c	8.2 (Berkeley) 5/24/95
+- * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.80 2000/09/25 23:40:22 bmilekic Exp $
++ * $FreeBSD: src/sys/netinet/tcp_subr.c,v 1.81 2000/09/29 01:37:19 kris Exp $
+  */
+ 
+ #include "opt_compat.h"
+@@ -178,7 +178,7 @@
+ {
+ 	int hashsize;
+ 	
+-	tcp_iss = random();	/* wrong, but better than a constant */
++	tcp_iss = arc4random();	/* wrong, but better than a constant */
+ 	tcp_ccgen = 1;
+ 	tcp_cleartaocache();
+ 
diff --git a/share/security/patches/SA-00:52/tcp-iss.patch.asc b/share/security/patches/SA-00:52/tcp-iss.patch.asc
new file mode 100644
index 0000000000..3391ad98b3
--- /dev/null
+++ b/share/security/patches/SA-00:52/tcp-iss.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOd47yFUuHi5z0oilAQGe5QQArLhAD+h3wI1AHPLiinZyP2iMf6ndwDKn
+Qb5MsNcGdupkcFl/OBjzODjcDnEo6Zazn/35CaB4W5AR67XOuMC+AqneyjwVWQJA
+2UwzT+wNqQ+nGBAeOckvrM7n7sMxdTS+74cg21Aqr/B8gFjonNV9wUwUplgpe7np
+ZlSm5BNxafQ=
+=R+/o
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:54/fingerd.patch b/share/security/patches/SA-00:54/fingerd.patch
new file mode 100644
index 0000000000..8fb01b656c
--- /dev/null
+++ b/share/security/patches/SA-00:54/fingerd.patch
@@ -0,0 +1,40 @@
+Index: finger.c
+===================================================================
+RCS file: /home/ncvs/src/usr.bin/finger/finger.c,v
+retrieving revision 1.15.2.3
+retrieving revision 1.21
+diff -u -r1.15.2.3 -r1.21
+--- finger.c	2000/09/15 21:51:00	1.15.2.3
++++ finger.c	2000/10/05 15:56:13	1.21
+@@ -293,6 +293,16 @@
+ 		goto net;
+ 
+ 	/*
++	 * Mark any arguments beginning with '/' as invalid so that we 
++	 * don't accidently confuse them with expansions from finger.conf
++	 */
++	for (p = argv, ip = used; *p; ++p, ++ip)
++	    if (**p == '/') {
++		*ip = 1;
++		warnx("%s: no such user", *p);
++	    }
++
++	/*
+ 	 * Traverse the finger alias configuration file of the form
+ 	 * alias:(user|alias), ignoring comment lines beginning '#'.
+ 	 */
+@@ -323,11 +333,11 @@
+ 	 * gathering the traditional finger information.
+ 	 */
+ 	if (mflag)
+-		for (p = argv; *p; ++p) {
+-			if (**p != '/' || !show_text("", *p, "")) {
++		for (p = argv, ip = used; *p; ++p, ++ip) {
++			if (**p != '/' || *ip == 1 || !show_text("", *p, "")) {
+ 				if (((pw = getpwnam(*p)) != NULL) && !hide(pw))
+ 					enter_person(pw);
+-			   	else
++				else if (!*ip)
+ 					warnx("%s: no such user", *p);
+ 			}
+ 		}
diff --git a/share/security/patches/SA-00:54/fingerd.patch.asc b/share/security/patches/SA-00:54/fingerd.patch.asc
new file mode 100644
index 0000000000..0578b9257f
--- /dev/null
+++ b/share/security/patches/SA-00:54/fingerd.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP MESSAGE-----
+Version: 2.6.2
+
+iQCVAwUBOebB81UuHi5z0oilAQFBMQP/bahC+beM4tuxjhi5gcUkFdUD7iF/3qNr
+MbcAk6i2ym7AnEiQE6t1giAVywNPCNleYbim1e2n0w6XXwptprBRhnmp8Z6eGCBc
+SU2hzWnf7MJl4n7XEjRxdp63kWFVpjrR9NXqcm6Wt7MVUZsS64KwmKlaG8BBJb1J
+bWX9LzSqfeI=
+=Upao
+-----END PGP MESSAGE-----
diff --git a/share/security/patches/SA-00:58/vipw.patch b/share/security/patches/SA-00:58/vipw.patch
new file mode 100644
index 0000000000..5ef74e83fe
--- /dev/null
+++ b/share/security/patches/SA-00:58/vipw.patch
@@ -0,0 +1,17 @@
+Index: pw_util.c
+===================================================================
+RCS file: /usr/home/ncvs/src/usr.sbin/vipw/pw_util.c,v
+retrieving revision 1.17
+retrieving revision 1.18
+diff -u -r1.17 -r1.18
+--- pw_util.c	1999/08/28 01:20:31	1.17
++++ pw_util.c	2000/07/12 00:49:40	1.18
+@@ -250,7 +250,7 @@
+ 	extern int _use_yp;
+ #endif /* YP */
+ 	if (err)
+-		warn(name);
++		warn("%s", name);
+ #ifdef YP
+ 	if (_use_yp)
+ 		warnx("NIS information unchanged");
diff --git a/share/security/patches/SA-00:58/vipw.patch.asc b/share/security/patches/SA-00:58/vipw.patch.asc
new file mode 100644
index 0000000000..53284fa4de
--- /dev/null
+++ b/share/security/patches/SA-00:58/vipw.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOf39jVUuHi5z0oilAQE0fAP/QXFEPIPAt5Uwzcf8b8O4ZPvF0T0ig5xC
+HY4H947WLLgM91YvlLb15jH9tWQ+pFwUFN+7cu5RYb63mdUKtcgxuC1oMjymJG9G
+qafYmeoF6iLEcqv1uRn+3L5CW9e7GI9cBInpV1C42M0POzsoU0R06RDgUiixUnzy
+MTPZKPJQMkQ=
+=Mwt7
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:61/tcpdump-3.x.patch b/share/security/patches/SA-00:61/tcpdump-3.x.patch
new file mode 100644
index 0000000000..b47201b417
--- /dev/null
+++ b/share/security/patches/SA-00:61/tcpdump-3.x.patch
@@ -0,0 +1,256 @@
+Index: addrtoname.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/addrtoname.c,v
+retrieving revision 1.5
+diff -u -r1.5 addrtoname.c
+--- addrtoname.c	1998/09/15 19:46:59	1.5
++++ addrtoname.c	2000/10/30 22:45:58
+@@ -525,7 +525,7 @@
+ 	tp->addr = i;
+ 	tp->nxt = newhnamemem();
+ 
+-	(void)sprintf(buf, "%u", i);
++	(void)snprintf(buf, sizeof(buf), "%u", i);
+ 	tp->name = savestr(buf);
+ 	return (tp->name);
+ }
+@@ -551,7 +551,7 @@
+ 		while (table->name)
+ 			table = table->nxt;
+ 		if (nflag) {
+-			(void)sprintf(buf, "%d", port);
++			(void)snprintf(buf, sizeof(buf), "%d", port);
+ 			table->name = savestr(buf);
+ 		} else
+ 			table->name = savestr(sv->s_name);
+Index: print-atalk.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-atalk.c,v
+retrieving revision 1.6
+diff -u -r1.6 print-atalk.c
+--- print-atalk.c	1998/09/15 19:46:59	1.6
++++ print-atalk.c	2000/10/30 22:46:07
+@@ -495,7 +495,7 @@
+ {
+ 	register struct hnamemem *tp, *tp2;
+ 	register int i = (atnet << 8) | athost;
+-	char nambuf[256];
++	char nambuf[MAXHOSTNAMELEN + 20];
+ 	static int first = 1;
+ 	FILE *fp;
+ 
+@@ -540,7 +540,7 @@
+ 		if (tp2->addr == i) {
+ 			tp->addr = (atnet << 8) | athost;
+ 			tp->nxt = newhnamemem();
+-			(void)sprintf(nambuf, "%s.%d", tp2->name, athost);
++			(void)snprintf(nambuf, sizeof(nambuf), "%s.%d", tp2->name, athost);
+ 			tp->name = savestr(nambuf);
+ 			return (tp->name);
+ 		}
+Index: print-fr.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-fr.c,v
+retrieving revision 1.2
+diff -u -r1.2 print-fr.c
+--- print-fr.c	1998/01/01 04:13:43	1.2
++++ print-fr.c	2000/10/30 22:46:08
+@@ -395,12 +395,12 @@
+ 		    break;
+ 		case LINK_VERIFY_IE_91:
+ 		case LINK_VERIFY_IE_94:
+-		    sprintf(temp_str,"TX Seq: %3d, RX Seq: %3d",
++		    snprintf(temp_str, sizeof(temp_str), "TX Seq: %3d, RX Seq: %3d",
+ 			    ptemp[2], ptemp[3]);
+ 		    decode_str = temp_str;
+ 		    break;
+ 		case PVC_STATUS_IE:
+-		    sprintf(temp_str,"DLCI %d: status %s %s",
++		    snprintf(temp_str,sizeof(temp_str), "DLCI %d: status %s %s",
+ 			    ((ptemp[2]&0x3f)<<4)+ ((ptemp[3]&0x78)>>3), 
+ 			    ptemp[4] & 0x8 ?"new,":" ",
+ 			    ptemp[4] & 0x2 ?"Active":"Inactive");
+Index: print-icmp.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-icmp.c,v
+retrieving revision 1.3
+diff -u -r1.3 print-icmp.c
+--- print-icmp.c	1997/05/27 02:17:32	1.3
++++ print-icmp.c	2000/10/30 22:46:08
+@@ -172,7 +172,7 @@
+ 	register const struct ip *oip;
+ 	register const struct udphdr *ouh;
+ 	register u_int hlen, dport, mtu;
+-	char buf[256];
++	char buf[MAXHOSTNAMELEN + 100];
+ 
+ 	dp = (struct icmp *)bp;
+ 	ip = (struct ip *)bp2;
+@@ -191,7 +191,7 @@
+ 
+ 		case ICMP_UNREACH_PROTOCOL:
+ 			TCHECK(dp->icmp_ip.ip_p);
+-			(void)sprintf(buf, "%s protocol %d unreachable",
++			(void)snprintf(buf, sizeof(buf), "%s protocol %d unreachable",
+ 				       ipaddr_string(&dp->icmp_ip.ip_dst),
+ 				       dp->icmp_ip.ip_p);
+ 			break;
+@@ -205,21 +205,21 @@
+ 			switch (oip->ip_p) {
+ 
+ 			case IPPROTO_TCP:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s tcp port %s unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					tcpport_string(dport));
+ 				break;
+ 
+ 			case IPPROTO_UDP:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s udp port %s unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					udpport_string(dport));
+ 				break;
+ 
+ 			default:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s protocol %d port %d unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					oip->ip_p, dport);
+@@ -234,11 +234,11 @@
+ 			mp = (struct mtu_discovery *)&dp->icmp_void;
+                         mtu = EXTRACT_16BITS(&mp->nexthopmtu);
+                         if (mtu)
+-			    (void)sprintf(buf,
++			    (void)snprintf(buf, sizeof(buf),
+ 				"%s unreachable - need to frag (mtu %d)",
+ 				ipaddr_string(&dp->icmp_ip.ip_dst), mtu);
+                         else
+-			    (void)sprintf(buf,
++			    (void)snprintf(buf, sizeof(buf),
+ 				"%s unreachable - need to frag",
+ 				ipaddr_string(&dp->icmp_ip.ip_dst));
+ 			}
+@@ -247,7 +247,7 @@
+ 		default:
+ 			fmt = tok2str(unreach2str, "#%d %%s unreachable",
+ 			    dp->icmp_code);
+-			(void)sprintf(buf, fmt,
++			(void)snprintf(buf, sizeof(buf), fmt,
+ 			    ipaddr_string(&dp->icmp_ip.ip_dst));
+ 			break;
+ 		}
+@@ -257,7 +257,7 @@
+ 		TCHECK(dp->icmp_ip.ip_dst);
+ 		fmt = tok2str(type2str, "redirect-#%d %%s to net %%s",
+ 		    dp->icmp_code);
+-		(void)sprintf(buf, fmt,
++		(void)snprintf(buf, sizeof(buf), fmt,
+ 		    ipaddr_string(&dp->icmp_ip.ip_dst),
+ 		    ipaddr_string(&dp->icmp_gwaddr));
+ 		break;
+@@ -277,30 +277,30 @@
+ 		cp = buf + strlen(buf);
+ 		lifetime = EXTRACT_16BITS(&ihp->ird_lifetime);
+ 		if (lifetime < 60)
+-			(void)sprintf(cp, "%u", lifetime);
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u", lifetime);
+ 		else if (lifetime < 60 * 60)
+-			(void)sprintf(cp, "%u:%02u",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u",
+ 			    lifetime / 60, lifetime % 60);
+ 		else
+-			(void)sprintf(cp, "%u:%02u:%02u",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u:%02u",
+ 			    lifetime / 3600,
+ 			    (lifetime % 3600) / 60,
+ 			    lifetime % 60);
+ 		cp = buf + strlen(buf);
+ 
+ 		num = ihp->ird_addrnum;
+-		(void)sprintf(cp, " %d:", num);
++		(void)snprintf(cp, sizeof(buf) - strlen(buf), " %d:", num);
+ 		cp = buf + strlen(buf);
+ 
+ 		size = ihp->ird_addrsiz;
+ 		if (size != 2) {
+-			(void)sprintf(cp, " [size %d]", size);
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), " [size %d]", size);
+ 			break;
+ 		}
+ 		idp = (struct id_rdiscovery *)&dp->icmp_data;
+ 		while (num-- > 0) {
+ 			TCHECK(*idp);
+-			(void)sprintf(cp, " {%s %u}",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), " {%s %u}",
+ 			    ipaddr_string(&idp->ird_addr),
+ 			    EXTRACT_32BITS(&idp->ird_pref));
+ 			cp = buf + strlen(buf);
+@@ -321,25 +321,25 @@
+ 			break;
+ 
+ 		default:
+-			(void)sprintf(buf, "time exceeded-#%d", dp->icmp_code);
++			(void)snprintf(buf, sizeof(buf), "time exceeded-#%d", dp->icmp_code);
+ 			break;
+ 		}
+ 		break;
+ 
+ 	case ICMP_PARAMPROB:
+ 		if (dp->icmp_code)
+-			(void)sprintf(buf, "parameter problem - code %d",
++			(void)snprintf(buf, sizeof(buf), "parameter problem - code %d",
+ 					dp->icmp_code);
+ 		else {
+ 			TCHECK(dp->icmp_pptr);
+-			(void)sprintf(buf, "parameter problem - octet %d",
++			(void)snprintf(buf, sizeof(buf), "parameter problem - octet %d",
+ 					dp->icmp_pptr);
+ 		}
+ 		break;
+ 
+ 	case ICMP_MASKREPLY:
+ 		TCHECK(dp->icmp_mask);
+-		(void)sprintf(buf, "address mask is 0x%08x",
++		(void)snprintf(buf, sizeof(buf), "address mask is 0x%08x",
+ 		    (u_int32_t)ntohl(dp->icmp_mask));
+ 		break;
+ 
+Index: print-sunrpc.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/print-sunrpc.c,v
+retrieving revision 1.4
+diff -u -r1.4 print-sunrpc.c
+--- print-sunrpc.c	1998/09/15 19:46:59	1.4
++++ print-sunrpc.c	2000/10/30 22:46:09
+@@ -126,7 +126,9 @@
+ 	rp = getrpcbynumber(prog);
+ 	if (rp == NULL)
+ 		(void) sprintf(buf, "#%u", prog);
+-	else
+-		strcpy(buf, rp->r_name);
++	else {
++		strncpy(buf, rp->r_name, sizeof(buf)-1);
++		buf[sizeof(buf)-1] = '\0';
++	}
+ 	return (buf);
+ }
+Index: util.c
+===================================================================
+RCS file: /usr/home/ncvs/src/contrib/tcpdump/util.c,v
+retrieving revision 1.1.1.3
+diff -u -r1.1.1.3 util.c
+--- util.c	1998/09/15 19:36:31	1.1.1.3
++++ util.c	2000/10/30 22:46:09
+@@ -154,7 +154,7 @@
+ 	}
+ 	if (fmt == NULL)
+ 		fmt = "#%d";
+-	(void)sprintf(buf, fmt, v);
++	(void)snprintf(buf, sizeof(buf), fmt, v);
+ 	return (buf);
+ }
+ 
diff --git a/share/security/patches/SA-00:61/tcpdump-3.x.patch.asc b/share/security/patches/SA-00:61/tcpdump-3.x.patch.asc
new file mode 100644
index 0000000000..88c559a384
--- /dev/null
+++ b/share/security/patches/SA-00:61/tcpdump-3.x.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOf36/VUuHi5z0oilAQG+/gP/SlS9tVQ8OgLRuk5n457kj+8KV05LDl/6
+LlIS/cE7DLeiLcmM460W1hQdmKqHp7RjIVEw9YyOz91I93WPPrZRc5AmIn7Oio1W
+Fdo7F0w0N+ay71YrAjPteBZ3y0SqQSzPdaXbNhSoJJY8rFKMMSsTZOPisqHnQIyq
+HZmDjtjLB0g=
+=jZvy
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1 b/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1
new file mode 100644
index 0000000000..3cd4a3a03e
--- /dev/null
+++ b/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1
@@ -0,0 +1,479 @@
+Index: addrtoname.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/addrtoname.c,v
+retrieving revision 1.7
+retrieving revision 1.8
+diff -u -u -r1.7 -r1.8
+--- addrtoname.c	2000/03/08 02:24:10	1.7
++++ addrtoname.c	2000/10/05 02:49:48	1.8
+@@ -559,7 +559,7 @@
+ 	tp->addr = i;
+ 	tp->nxt = newhnamemem();
+ 
+-	(void)sprintf(buf, "%u", i);
++	(void)snprintf(buf, sizeof(buf), "%u", i);
+ 	tp->name = savestr(buf);
+ 	return (tp->name);
+ }
+@@ -578,7 +578,7 @@
+ 	tp->addr = i;
+ 	tp->nxt = newhnamemem();
+ 
+-	(void)sprintf(buf, "%u", i);
++	(void)snprintf(buf, sizeof(buf), "%u", i);
+ 	tp->name = savestr(buf);
+ 	return (tp->name);
+ }
+@@ -604,7 +604,7 @@
+ 		while (table->name)
+ 			table = table->nxt;
+ 		if (nflag) {
+-			(void)sprintf(buf, "%d", port);
++			(void)snprintf(buf, sizeof(buf), "%d", port);
+ 			table->name = savestr(buf);
+ 		} else
+ 			table->name = savestr(sv->s_name);
+Index: print-atalk.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-atalk.c,v
+retrieving revision 1.7
+retrieving revision 1.8
+diff -u -u -r1.7 -r1.8
+--- print-atalk.c	2000/01/30 01:00:51	1.7
++++ print-atalk.c	2000/10/05 02:49:48	1.8
+@@ -500,7 +500,7 @@
+ {
+ 	register struct hnamemem *tp, *tp2;
+ 	register int i = (atnet << 8) | athost;
+-	char nambuf[256];
++	char nambuf[MAXHOSTNAMELEN + 20];
+ 	static int first = 1;
+ 	FILE *fp;
+ 
+@@ -545,7 +545,7 @@
+ 		if (tp2->addr == i) {
+ 			tp->addr = (atnet << 8) | athost;
+ 			tp->nxt = newhnamemem();
+-			(void)sprintf(nambuf, "%s.%d", tp2->name, athost);
++			(void)snprintf(nambuf, sizeof(nambuf), "%s.%d", tp2->name, athost);
+ 			tp->name = savestr(nambuf);
+ 			return (tp->name);
+ 		}
+Index: print-bgp.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-bgp.c,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -u -r1.1 -r1.2
+--- print-bgp.c	2000/01/30 00:45:33	1.1
++++ print-bgp.c	2000/10/05 02:49:48	1.2
+@@ -240,7 +242,7 @@
+ {
+ 	static char buf[20];
+ 	if (value < 0 || siz <= value || table[value] == NULL) {
+-		sprintf(buf, "#%d", value);
++		snprintf(buf, sizeof(buf), "#%d", value);
+ 		return buf;
+ 	} else
+ 		return table[value];
+@@ -266,7 +268,7 @@
+ 	} else
+ 		p = NULL;
+ 	if (p == NULL) {
+-		sprintf(buf, "#%d", minor);
++		snprintf(buf, sizeof(buf), "#%d", minor);
+ 		return buf;
+ 	} else
+ 		return p;
+@@ -288,7 +290,7 @@
+ 		((u_char *)&addr)[(plen + 7) / 8 - 1] &=
+ 			((0xff00 >> (plen % 8)) & 0xff);
+ 	}
+-	sprintf(buf, "%s/%d", getname((char *)&addr), plen);
++	snprintf(buf, buflen, "%s/%d", getname((char *)&addr), plen);
+ 	return 1 + (plen + 7) / 8;
+ }
+ 
+@@ -309,7 +311,7 @@
+ 		addr.s6_addr[(plen + 7) / 8 - 1] &=
+ 			((0xff00 >> (plen % 8)) & 0xff);
+ 	}
+-	sprintf(buf, "%s/%d", getname6((char *)&addr), plen);
++	snprintf(buf, buflen, "%s/%d", getname6((char *)&addr), plen);
+ 	return 1 + (plen + 7) / 8;
+ }
+ #endif
+@@ -323,7 +325,7 @@
+ 	int advance;
+ 	int tlen;
+ 	const u_char *p;
+-	char buf[256];
++	char buf[MAXHOSTNAMELEN + 100];
+ 
+ 	p = dat;
+ 
+@@ -608,7 +610,7 @@
+ 	if (dat + length > p) {
+ 		printf("(NLRI:");	/* ) */
+ 		while (dat + length > p) {
+-			char buf[256];
++			char buf[MAXHOSTNAMELEN + 100];
+ 			i = decode_prefix4(p, buf, sizeof(buf));
+ 			printf(" %s", buf);
+ 			if (i < 0)
+Index: print-fr.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-fr.c,v
+retrieving revision 1.2
+retrieving revision 1.3
+diff -u -u -r1.2 -r1.3
+--- print-fr.c	1998/01/01 04:13:43	1.2
++++ print-fr.c	2000/10/05 02:49:48	1.3
+@@ -395,12 +397,12 @@
+ 		    break;
+ 		case LINK_VERIFY_IE_91:
+ 		case LINK_VERIFY_IE_94:
+-		    sprintf(temp_str,"TX Seq: %3d, RX Seq: %3d",
++		    snprintf(temp_str, sizeof(temp_str), "TX Seq: %3d, RX Seq: %3d",
+ 			    ptemp[2], ptemp[3]);
+ 		    decode_str = temp_str;
+ 		    break;
+ 		case PVC_STATUS_IE:
+-		    sprintf(temp_str,"DLCI %d: status %s %s",
++		    snprintf(temp_str,sizeof(temp_str), "DLCI %d: status %s %s",
+ 			    ((ptemp[2]&0x3f)<<4)+ ((ptemp[3]&0x78)>>3), 
+ 			    ptemp[4] & 0x8 ?"new,":" ",
+ 			    ptemp[4] & 0x2 ?"Active":"Inactive");
+Index: print-icmp.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-icmp.c,v
+retrieving revision 1.4
+retrieving revision 1.5
+diff -u -u -r1.4 -r1.5
+--- print-icmp.c	2000/01/30 01:00:52	1.4
++++ print-icmp.c	2000/10/05 02:49:48	1.5
+@@ -177,7 +177,7 @@
+ 	register const struct ip *oip;
+ 	register const struct udphdr *ouh;
+ 	register u_int hlen, dport, mtu;
+-	char buf[256];
++	char buf[MAXHOSTNAMELEN + 100];
+ 
+ 	dp = (struct icmp *)bp;
+ 	ip = (struct ip *)bp2;
+@@ -198,7 +198,7 @@
+ 
+ 		case ICMP_UNREACH_PROTOCOL:
+ 			TCHECK(dp->icmp_ip.ip_p);
+-			(void)sprintf(buf, "%s protocol %d unreachable",
++			(void)snprintf(buf, sizeof(buf), "%s protocol %d unreachable",
+ 				       ipaddr_string(&dp->icmp_ip.ip_dst),
+ 				       dp->icmp_ip.ip_p);
+ 			break;
+@@ -212,21 +212,21 @@
+ 			switch (oip->ip_p) {
+ 
+ 			case IPPROTO_TCP:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s tcp port %s unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					tcpport_string(dport));
+ 				break;
+ 
+ 			case IPPROTO_UDP:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s udp port %s unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					udpport_string(dport));
+ 				break;
+ 
+ 			default:
+-				(void)sprintf(buf,
++				(void)snprintf(buf, sizeof(buf),
+ 					"%s protocol %d port %d unreachable",
+ 					ipaddr_string(&oip->ip_dst),
+ 					oip->ip_p, dport);
+@@ -241,11 +241,11 @@
+ 			mp = (struct mtu_discovery *)&dp->icmp_void;
+                         mtu = EXTRACT_16BITS(&mp->nexthopmtu);
+                         if (mtu)
+-			    (void)sprintf(buf,
++			    (void)snprintf(buf, sizeof(buf),
+ 				"%s unreachable - need to frag (mtu %d)",
+ 				ipaddr_string(&dp->icmp_ip.ip_dst), mtu);
+                         else
+-			    (void)sprintf(buf,
++			    (void)snprintf(buf, sizeof(buf),
+ 				"%s unreachable - need to frag",
+ 				ipaddr_string(&dp->icmp_ip.ip_dst));
+ 			}
+@@ -254,7 +254,7 @@
+ 		default:
+ 			fmt = tok2str(unreach2str, "#%d %%s unreachable",
+ 			    dp->icmp_code);
+-			(void)sprintf(buf, fmt,
++			(void)snprintf(buf, sizeof(buf), fmt,
+ 			    ipaddr_string(&dp->icmp_ip.ip_dst));
+ 			break;
+ 		}
+@@ -264,7 +264,7 @@
+ 		TCHECK(dp->icmp_ip.ip_dst);
+ 		fmt = tok2str(type2str, "redirect-#%d %%s to net %%s",
+ 		    dp->icmp_code);
+-		(void)sprintf(buf, fmt,
++		(void)snprintf(buf, sizeof(buf), fmt,
+ 		    ipaddr_string(&dp->icmp_ip.ip_dst),
+ 		    ipaddr_string(&dp->icmp_gwaddr));
+ 		break;
+@@ -284,30 +284,30 @@
+ 		cp = buf + strlen(buf);
+ 		lifetime = EXTRACT_16BITS(&ihp->ird_lifetime);
+ 		if (lifetime < 60)
+-			(void)sprintf(cp, "%u", lifetime);
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u", lifetime);
+ 		else if (lifetime < 60 * 60)
+-			(void)sprintf(cp, "%u:%02u",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u",
+ 			    lifetime / 60, lifetime % 60);
+ 		else
+-			(void)sprintf(cp, "%u:%02u:%02u",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), "%u:%02u:%02u",
+ 			    lifetime / 3600,
+ 			    (lifetime % 3600) / 60,
+ 			    lifetime % 60);
+ 		cp = buf + strlen(buf);
+ 
+ 		num = ihp->ird_addrnum;
+-		(void)sprintf(cp, " %d:", num);
++		(void)snprintf(cp, sizeof(buf) - strlen(buf), " %d:", num);
+ 		cp = buf + strlen(buf);
+ 
+ 		size = ihp->ird_addrsiz;
+ 		if (size != 2) {
+-			(void)sprintf(cp, " [size %d]", size);
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), " [size %d]", size);
+ 			break;
+ 		}
+ 		idp = (struct id_rdiscovery *)&dp->icmp_data;
+ 		while (num-- > 0) {
+ 			TCHECK(*idp);
+-			(void)sprintf(cp, " {%s %u}",
++			(void)snprintf(cp, sizeof(buf) - strlen(buf), " {%s %u}",
+ 			    ipaddr_string(&idp->ird_addr),
+ 			    EXTRACT_32BITS(&idp->ird_pref));
+ 			cp = buf + strlen(buf);
+@@ -328,25 +328,25 @@
+ 			break;
+ 
+ 		default:
+-			(void)sprintf(buf, "time exceeded-#%d", dp->icmp_code);
++			(void)snprintf(buf, sizeof(buf), "time exceeded-#%d", dp->icmp_code);
+ 			break;
+ 		}
+ 		break;
+ 
+ 	case ICMP_PARAMPROB:
+ 		if (dp->icmp_code)
+-			(void)sprintf(buf, "parameter problem - code %d",
++			(void)snprintf(buf, sizeof(buf), "parameter problem - code %d",
+ 					dp->icmp_code);
+ 		else {
+ 			TCHECK(dp->icmp_pptr);
+-			(void)sprintf(buf, "parameter problem - octet %d",
++			(void)snprintf(buf, sizeof(buf), "parameter problem - octet %d",
+ 					dp->icmp_pptr);
+ 		}
+ 		break;
+ 
+ 	case ICMP_MASKREPLY:
+ 		TCHECK(dp->icmp_mask);
+-		(void)sprintf(buf, "address mask is 0x%08x",
++		(void)snprintf(buf, sizeof(buf), "address mask is 0x%08x",
+ 		    (u_int32_t)ntohl(dp->icmp_mask));
+ 		break;
+ 
+Index: print-rx.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-rx.c,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -u -r1.1 -r1.2
+--- print-rx.c	2000/01/30 00:45:46	1.1
++++ print-rx.c	2000/10/05 02:49:49	1.2
+@@ -341,7 +342,7 @@
+ 
+ static void fs_print(const u_char *, int);
+ static void fs_reply_print(const u_char *, int, int32_t);
+-static void acl_print(u_char *, u_char *);
++static void acl_print(u_char *, int, u_char *);
+ static void cb_print(const u_char *, int);
+ static void cb_reply_print(const u_char *, int, int32_t);
+ static void prot_print(const u_char *, int);
+@@ -754,7 +755,7 @@
+ 			TRUNC(i);
+ 			strncpy(a, bp, min(AFSOPAQUEMAX, i));
+ 			a[i] = '\0';
+-			acl_print((u_char *) a, (u_char *) a + i);
++			acl_print((u_char *) a, sizeof(a), (u_char *) a + i);
+ 			break;
+ 		}
+ 		case 137:	/* Create file */
+@@ -865,7 +866,7 @@
+ 			TRUNC(i);
+ 			strncpy(a, bp, min(AFSOPAQUEMAX, i));
+ 			a[i] = '\0';
+-			acl_print((u_char *) a, (u_char *) a + i);
++			acl_print((u_char *) a, sizeof(a), (u_char *) a + i);
+ 			break;
+ 		}
+ 		case 137:	/* Create file */
+@@ -912,19 +913,22 @@
+  */
+ 
+ static void
+-acl_print(u_char *s, u_char *end)
++acl_print(u_char *s, int maxsize, u_char *end)
+ {
+ 	int pos, neg, acl;
+ 	int n, i;
+-	char user[128];
++	char *user;
+ 
+-	if (sscanf((char *) s, "%d %d\n%n", &pos, &neg, &n) != 2)
++	if ((user = (char *)malloc(maxsize)) == NULL)
+ 		return;
++
++	if (sscanf((char *) s, "%d %d\n%n", &pos, &neg, &n) != 2)
++		goto finish;
+ 	
+ 	s += n;
+ 
+ 	if (s > end)
+-		return;
++		goto finish;
+ 
+ 	/*
+ 	 * This wacky order preserves the order used by the "fs" command
+@@ -948,25 +952,29 @@
+ 
+ 	for (i = 0; i < pos; i++) {
+ 		if (sscanf((char *) s, "%s %d\n%n", user, &acl, &n) != 2)
+-			return;
++			goto finish;
+ 		s += n;
+ 		printf(" +{%s ", user);
+ 		ACLOUT(acl);
+ 		printf("}");
+ 		if (s > end)
+-			return;
++			goto finish;
+ 	}
+ 
+ 	for (i = 0; i < neg; i++) {
+ 		if (sscanf((char *) s, "%s %d\n%n", user, &acl, &n) != 2)
+-			return;
++			goto finish;
+ 		s += n;
+ 		printf(" -{%s ", user);
+ 		ACLOUT(acl);
+ 		printf("}");
+ 		if (s > end)
+-			return;
++			goto finish;
+ 	}
++
++finish:
++	free(user);
++	return;
+ }
+ 
+ #undef ACLOUT
+Index: print-sunrpc.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-sunrpc.c,v
+retrieving revision 1.5
+retrieving revision 1.6
+diff -u -u -r1.5 -r1.6
+--- print-sunrpc.c	2000/01/30 01:00:54	1.5
++++ print-sunrpc.c	2000/10/05 02:49:49	1.6
+@@ -132,7 +132,9 @@
+ 	rp = getrpcbynumber(prog);
+ 	if (rp == NULL)
+ 		(void) sprintf(buf, "#%u", prog);
+-	else
+-		strcpy(buf, rp->r_name);
++	else {
++		strncpy(buf, rp->r_name, sizeof(buf)-1);
++		buf[sizeof(buf)-1] = '\0';
++	}
+ 	return (buf);
+ }
+Index: print-telnet.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/print-telnet.c,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -u -r1.1 -r1.2
+--- print-telnet.c	2000/01/30 00:45:48	1.1
++++ print-telnet.c	2000/10/05 02:49:49	1.2
+@@ -128,10 +130,10 @@
+ 				x = *sp++; /* option */
+ 				length--;
+ 				if (x >= 0 && x < NTELOPTS) {
+-					(void)sprintf(tnet, "%s %s",
++					(void)snprintf(tnet, sizeof(tnet), "%s %s",
+ 						      telcmds[i], telopts[x]);
+ 				} else {
+-					(void)sprintf(tnet, "%s %#x",
++					(void)snprintf(tnet, sizeof(tnet), "%s %#x",
+ 						      telcmds[i], x);
+ 				}
+ 				break;
+Index: smbutil.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/smbutil.c,v
+retrieving revision 1.1
+retrieving revision 1.2
+diff -u -u -r1.1 -r1.2
+--- smbutil.c	2000/01/30 00:45:52	1.1
++++ smbutil.c	2000/10/05 02:49:49	1.2
+@@ -680,17 +682,17 @@
+ 	    for (j=0;err[j].name;j++)
+ 	      if (num == err[j].code)
+ 		{
+-		  sprintf(ret,"%s - %s (%s)",err_classes[i].class,
++		  snprintf(ret, sizeof(ret), "%s - %s (%s)",err_classes[i].class,
+ 			  err[j].name,err[j].message);
+ 		  return ret;
+ 		}
+ 	  }
+ 
+-	sprintf(ret,"%s - %d",err_classes[i].class,num);
++	snprintf(ret, sizeof(ret), "%s - %d",err_classes[i].class,num);
+ 	return ret;
+       }
+   
+-  sprintf(ret,"ERROR: Unknown error (%d,%d)",class,num);
++  snprintf(ret, sizeof(ret), "ERROR: Unknown error (%d,%d)",class,num);
+   return(ret);
+ }
+ 
+Index: util.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcpdump/util.c,v
+retrieving revision 1.1.1.4
+retrieving revision 1.2
+diff -u -r1.1.1.4 -r1.2
+--- util.c	2000/01/30 00:45:54	1.1.1.4
++++ util.c	2000/10/05 02:49:49	1.2
+@@ -205,7 +207,7 @@
+ 	}
+ 	if (fmt == NULL)
+ 		fmt = "#%d";
+-	(void)sprintf(buf, fmt, v);
++	(void)snprintf(buf, sizeof(buf), fmt, v);
+ 	return (buf);
+ }
+ 
diff --git a/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc b/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc
new file mode 100644
index 0000000000..4cf15dd002
--- /dev/null
+++ b/share/security/patches/SA-00:61/tcpdump-4.x.patch.v1.1.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOgX1DlUuHi5z0oilAQG5mAQAhovkBIg8HapqGCnLeBKQIwH8HO4fZ+d7
+6ljhg90s/vX+LTB2uTjEm9hx3EBZgJLyhGQQcxgp8OP+xjhczPZkHuorCB7b7iRL
+i5zdQYmbnoRCsHCmxjFRFz8qsttucPCmpuxENYqOSK3efiqBJ9Sf26AS7ptkwVI5
+JnUeFNXb1Do=
+=aKk4
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:62/top.patch.v1.1 b/share/security/patches/SA-00:62/top.patch.v1.1
new file mode 100644
index 0000000000..256ba5ad7e
--- /dev/null
+++ b/share/security/patches/SA-00:62/top.patch.v1.1
@@ -0,0 +1,51 @@
+Index: display.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/top/display.c,v
+retrieving revision 1.4
+retrieving revision 1.5
+diff -u -r1.4 -r1.5
+--- display.c	1999/01/09 20:20:33	1.4
++++ display.c	2000/10/04 23:34:16	1.5
+@@ -829,7 +831,7 @@
+     register int i;
+ 
+     /* first, format the message */
+-    (void) sprintf(next_msg, msgfmt, a1, a2, a3);
++    (void) snprintf(next_msg, sizeof(next_msg), msgfmt, a1, a2, a3);
+ 
+     if (msglen > 0)
+     {
+Index: top.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/top/top.c,v
+retrieving revision 1.4
+retrieving revision 1.5
+diff -u -r1.4 -r1.5
+--- top.c	1999/01/09 20:20:34	1.4
++++ top.c	2000/10/04 23:34:16	1.5
+@@ -807,7 +809,7 @@
+ 				{
+ 				    if ((errmsg = kill_procs(tempbuf2)) != NULL)
+ 				    {
+-					new_message(MT_standout, errmsg);
++					new_message(MT_standout, "%s", errmsg);
+ 					putchar('\r');
+ 					no_command = Yes;
+ 				    }
+Index: top.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/top/top.c,v
+retrieving revision 1.5
+retrieving revision 1.6
+diff -u -r1.5 -r1.6
+--- top.c	2000/10/04 23:34:16	1.5
++++ top.c	2000/11/03 22:00:10	1.6
+@@ -826,7 +826,7 @@
+ 				{
+ 				    if ((errmsg = renice_procs(tempbuf2)) != NULL)
+ 				    {
+-					new_message(MT_standout, errmsg);
++					new_message(MT_standout, "%s", errmsg);
+ 					putchar('\r');
+ 					no_command = Yes;
+ 				    }
diff --git a/share/security/patches/SA-00:62/top.patch.v1.1.asc b/share/security/patches/SA-00:62/top.patch.v1.1.asc
new file mode 100644
index 0000000000..a4cf321ed5
--- /dev/null
+++ b/share/security/patches/SA-00:62/top.patch.v1.1.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOgX4s1UuHi5z0oilAQGxJgP7BiN9uaPy9pXRVAIN0gNEXaVlDmbgSfJx
+rsH1UPOv3GOW325bC8YlacBnWytPdh8lZFHSX6x2fuShxXECI2LoPjOyQ/V78pne
+HrxH45EY0gNRlx6L/f5JILXqs4uJ9mCM9Gf8M60cW0c7AuwolG405T0shLHqnblL
+9Jz8Vuch/40=
+=OBL2
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:63/getnameinfo.patch b/share/security/patches/SA-00:63/getnameinfo.patch
new file mode 100644
index 0000000000..cf3ab9333c
--- /dev/null
+++ b/share/security/patches/SA-00:63/getnameinfo.patch
@@ -0,0 +1,26 @@
+--- net/getnameinfo.c	2000/07/05 05:09:17	1.5
++++ net/getnameinfo.c	2000/09/25 23:04:36	1.6
+@@ -154,12 +153,12 @@
+ 				(flags & NI_DGRAM) ? "udp" : "tcp");
+ 		}
+ 		if (sp) {
+-			if (strlen(sp->s_name) > servlen)
++			if (strlen(sp->s_name) + 1 > servlen)
+ 				return ENI_MEMORY;
+ 			strcpy(serv, sp->s_name);
+ 		} else {
+ 			snprintf(numserv, sizeof(numserv), "%d", ntohs(port));
+-			if (strlen(numserv) > servlen)
++			if (strlen(numserv) + 1 > servlen)
+ 				return ENI_MEMORY;
+ 			strcpy(serv, numserv);
+ 		}
+@@ -253,7 +252,7 @@
+ 					*p = '\0';
+ 			}
+ #endif
+-			if (strlen(hp->h_name) > hostlen) {
++			if (strlen(hp->h_name) + 1 > hostlen) {
+ 				freehostent(hp);
+ 				return ENI_MEMORY;
+ 			}
diff --git a/share/security/patches/SA-00:63/getnameinfo.patch.asc b/share/security/patches/SA-00:63/getnameinfo.patch.asc
new file mode 100644
index 0000000000..469b88055f
--- /dev/null
+++ b/share/security/patches/SA-00:63/getnameinfo.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOgCeCVUuHi5z0oilAQFKcQP+I7dT/NGJEB29bn0nwvMb4GPFy4lDBEtk
+rP1Om8GOOPtP2BTS+yj4U/8cZjNcCKYlr9DJhF/5yuBxQLMgHd+Cx7wl3LRhbqOY
+QM+ClNMoi0VyhQcYlcXx1zkqRg6hp7rgqeCfJ9TazDy7A5o2/QU5anWpGTBXQ+8o
+WmEuNwdtkCY=
+=vL+t
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:68/ncurses.tar.gz b/share/security/patches/SA-00:68/ncurses.tar.gz
new file mode 100644
index 0000000000..47c810aaab
--- /dev/null
+++ b/share/security/patches/SA-00:68/ncurses.tar.gz
diff --git a/share/security/patches/SA-00:68/ncurses.tar.gz.asc b/share/security/patches/SA-00:68/ncurses.tar.gz.asc
new file mode 100644
index 0000000000..7cd3c07af5
--- /dev/null
+++ b/share/security/patches/SA-00:68/ncurses.tar.gz.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOg+TeFUuHi5z0oilAQElpQP/TuoUO9brmRrLq6NhuW/o3iI7bc4aMjEK
+a9WMqX779gb8S2NkhBNMhIj/5QAPstAMJUuY7ZMp8Cjl/Q24xaOi2lneI/9pMZcF
+rztjmry5rc3Lv1WlmdW0i1z7Fgs/ombcZ5VQ60EqkJDLfHHXw44FeDq/62Ektkfy
+mWlnS7+nInU=
+=vg/t
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:69/telnetd.patch.v1.1 b/share/security/patches/SA-00:69/telnetd.patch.v1.1
new file mode 100644
index 0000000000..8907b73d90
--- /dev/null
+++ b/share/security/patches/SA-00:69/telnetd.patch.v1.1
@@ -0,0 +1,116 @@
+Index: ext.h
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v
+retrieving revision 1.7
+retrieving revision 1.8
+diff -u -r1.7 -r1.8
+--- ext.h	1999/08/28 00:10:22	1.7
++++ ext.h	2000/11/19 10:01:27	1.8
+@@ -87,7 +87,7 @@
+ #endif
+ 
+ extern int	pty, net;
+-extern char	*line;
++extern char	line[16];
+ extern int	SYNCHing;		/* we are in TELNET SYNCH mode */
+ 
+ #ifndef	P
+Index: sys_term.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v
+retrieving revision 1.24
+retrieving revision 1.26
+diff -u -r1.24 -r1.26
+--- sys_term.c	1999/08/28 00:10:24	1.24
++++ sys_term.c	2000/11/19 10:01:27	1.26
+@@ -480,14 +480,10 @@
+  *
+  * Returns the file descriptor of the opened pty.
+  */
+-#ifndef	__GNUC__
+-char *line = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+-#else
+-static char Xline[] = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
+-char *line = Xline;
+-#endif
+ #ifdef	CRAY
+-char *myline = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
++char myline[16];
++#else
++char line[16];
+ #endif	/* CRAY */
+ 
+ 	int
+@@ -1799,6 +1795,13 @@
+ 		    strncmp(*cpp, "_RLD_", 5) &&
+ 		    strncmp(*cpp, "LIBPATH=", 8) &&
+ #endif
++		    strncmp(*cpp, "LOCALDOMAIN=", 12) &&
++		    strncmp(*cpp, "RES_OPTIONS=", 12) &&
++		    strncmp(*cpp, "TERMINFO=", 9) &&
++		    strncmp(*cpp, "TERMINFO_DIRS=", 14) &&
++		    strncmp(*cpp, "TERMPATH=", 9) &&
++		    strncmp(*cpp, "TERMCAP=/", 9) &&
++		    strncmp(*cpp, "ENV=", 4) &&
+ 		    strncmp(*cpp, "IFS=", 4))
+ 			*cpp2++ = *cpp;
+ 	}
+Index: telnetd.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v
+retrieving revision 1.22
+retrieving revision 1.24
+diff -u -r1.22 -r1.24
+--- telnetd.c	2000/01/25 14:52:00	1.22
++++ telnetd.c	2000/11/19 10:01:27	1.24
+@@ -805,13 +805,12 @@
+ #else
+ 	for (;;) {
+ 		char *lp;
+-		extern char *line, *getpty();
+ 
+ 		if ((lp = getpty()) == NULL)
+ 			fatal(net, "Out of ptys");
+ 
+ 		if ((pty = open(lp, 2)) >= 0) {
+-			strcpy(line,lp);
++			strlcpy(line,lp,sizeof(line));
+ 			line[5] = 't';
+ 			break;
+ 		}
+@@ -1115,7 +1114,7 @@
+ 		IM = Getstr("im", &cp);
+ 		IF = Getstr("if", &cp);
+ 		if (HN && *HN)
+-			(void) strcpy(host_name, HN);
++			(void) strlcpy(host_name, HN, sizeof(host_name));
+ 		if (IF && (if_fd = open(IF, O_RDONLY, 000)) != -1)
+ 			IM = 0;
+ 		if (IM == 0)
+Index: utility.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v
+retrieving revision 1.13
+retrieving revision 1.14
+diff -u -r1.13 -r1.14
+--- utility.c	1999/08/28 00:10:25	1.13
++++ utility.c	2000/10/31 05:29:54	1.14
+@@ -330,7 +330,7 @@
+ {
+ 	char buf[BUFSIZ];
+ 
+-	(void) sprintf(buf, "telnetd: %s.\r\n", msg);
++	(void) snprintf(buf, sizeof(buf), "telnetd: %s.\r\n", msg);
+ 	(void) write(f, buf, (int)strlen(buf));
+ 	sleep(1);	/*XXX*/
+ 	exit(1);
+@@ -343,7 +343,7 @@
+ {
+ 	char buf[BUFSIZ], *strerror();
+ 
+-	(void) sprintf(buf, "%s: %s", msg, strerror(errno));
++	(void) snprintf(buf, sizeof(buf), "%s: %s", msg, strerror(errno));
+ 	fatal(f, buf);
+ }
+ 
+
diff --git a/share/security/patches/SA-00:69/telnetd.patch.v1.1.asc b/share/security/patches/SA-00:69/telnetd.patch.v1.1.asc
new file mode 100644
index 0000000000..c18e14feca
--- /dev/null
+++ b/share/security/patches/SA-00:69/telnetd.patch.v1.1.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOhmY21UuHi5z0oilAQH6lQP9GKUMWX5dfvvR/4sD1aUdAQwUAVs5Yr4F
+cy2e6i7D/DufkJ0BlNBac5hyJg4yRz7BC64GL4lpidxset28XPsQrd7rRg8ohQ6Q
+S+5J/crvXJib+s7O4zA+uMCJIV64Ke9e9oktFLj5QiYg9EFwRoXmjBbpLZcudqg7
+rJnWDPnJkYE=
+=8RTL
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:70/ppp.patch b/share/security/patches/SA-00:70/ppp.patch
new file mode 100644
index 0000000000..12ce483905
--- /dev/null
+++ b/share/security/patches/SA-00:70/ppp.patch
@@ -0,0 +1,21 @@
+Index: nat_cmd.c
+===================================================================
+RCS file: /mnt/ncvs/src/usr.sbin/ppp/nat_cmd.c,v
+retrieving revision 1.49
+retrieving revision 1.50
+diff -u -r1.49 -r1.50
+--- nat_cmd.c	2000/07/11 22:11:31	1.49
++++ nat_cmd.c	2000/10/30 18:02:01	1.50
+@@ -421,7 +421,11 @@
+       break;
+ 
+     case PKT_ALIAS_IGNORED:
+-      if (log_IsKept(LogTCPIP)) {
++      if (PacketAliasSetMode(0, 0) & PKT_ALIAS_DENY_INCOMING) {
++        log_Printf(LogTCPIP, "NAT engine denied data:\n");
++        m_freem(bp);
++        bp = NULL;
++      } else if (log_IsKept(LogTCPIP)) {
+         log_Printf(LogTCPIP, "NAT engine ignored data:\n");
+         PacketCheck(bundle, MBUF_CTOP(bp), bp->m_len, NULL, NULL, NULL);
+       }
diff --git a/share/security/patches/SA-00:70/ppp.patch.asc b/share/security/patches/SA-00:70/ppp.patch.asc
new file mode 100644
index 0000000000..0966e4091e
--- /dev/null
+++ b/share/security/patches/SA-00:70/ppp.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOhG8OlUuHi5z0oilAQGv0gP/XADlMPzcJMCJ+tKyFjLLvQZs0bVSApzE
+KvcRWFZNuGlEugUrJC66nMlkmmIC9AHMQZVr6XpTBqkjNKvX9YjfMl84lc/wHhkS
+6lUlgWJ1PNto2MlH8+AIsygNTvXhQznT+qYyLxMsWjREO3+Oyhk+KyQU/BvLTE2Y
+8y/PjkT1c8E=
+=V4OA
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:76/csh.patch b/share/security/patches/SA-00:76/csh.patch
new file mode 100644
index 0000000000..0264e7513e
--- /dev/null
+++ b/share/security/patches/SA-00:76/csh.patch
@@ -0,0 +1,42 @@
+Index: dol.c
+===================================================================
+RCS file: /mnt/ncvs/src/bin/csh/Attic/dol.c,v
+retrieving revision 1.8.2.1
+retrieving revision 1.8.2.2
+diff -u -r1.8.2.1 -r1.8.2.2
+--- dol.c	1999/08/29 14:11:42	1.8.2.1
++++ dol.c	2000/11/05 21:34:27	1.8.2.2
+@@ -40,6 +40,7 @@
+ #endif
+ #endif /* not lint */
+ 
++#include <sys/time.h>
+ #include <sys/types.h>
+ #include <fcntl.h>
+ #include <errno.h>
+@@ -850,13 +851,20 @@
+     Char  **vp;
+     bool    quoted;
+     char   *tmp;
++    struct timeval tv;
+ 
+-    if (creat(tmp = short2str(shtemp), 0600) < 0)
+-	stderror(ERR_SYSTEM, tmp, strerror(errno));
+-    (void) close(0);
+-    if (open(tmp, O_RDWR) < 0) {
++again:
++    tmp = short2str(shtemp);
++    if (open(tmp, O_RDWR|O_CREAT|O_TRUNC|O_EXCL, 0600) < 0) {
+ 	int     oerrno = errno;
+-
++	if (errno == EEXIST) {
++	    if (unlink(tmp) == -1) {
++		(void) gettimeofday(&tv, NULL);
++		shtemp = Strspl(STRtmpsh, putn((((int)tv.tv_sec) ^
++		    ((int)tv.tv_usec) ^ ((int)getpid())) & 0x00ffffff));
++	    }
++	    goto again;
++	}
+ 	(void) unlink(tmp);
+ 	errno = oerrno;
+ 	stderror(ERR_SYSTEM, tmp, strerror(errno));
diff --git a/share/security/patches/SA-00:76/csh.patch.asc b/share/security/patches/SA-00:76/csh.patch.asc
new file mode 100644
index 0000000000..8a8c989b07
--- /dev/null
+++ b/share/security/patches/SA-00:76/csh.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOhmef1UuHi5z0oilAQEEbAP9FNtaBoBiU6PW3QmJjRL8Q+P0V/GqJhMm
+Vhli4THgOd3X4UmwUbEUoHAb3cC/EEjnMe1WBH9Ja4GDb7ooD8JHLkrckyQKHbIf
+QN3GtYTqAJwP85DoIoIdw6+hgn5dDiVb6CyEbfhLASuUgNG4LLZsZBfESGnWRZ1Q
+xxCe/8+nIFU=
+=10JT
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:76/tcsh.patch b/share/security/patches/SA-00:76/tcsh.patch
new file mode 100644
index 0000000000..01630b6cdb
--- /dev/null
+++ b/share/security/patches/SA-00:76/tcsh.patch
@@ -0,0 +1,69 @@
+Index: sh.dol.c
+===================================================================
+RCS file: /mnt/ncvs/src/contrib/tcsh/sh.dol.c,v
+retrieving revision 1.1.1.3
+retrieving revision 1.1.1.4
+diff -u -r1.1.1.3 -r1.1.1.4
+--- sh.dol.c	2000/06/10 22:07:52	1.1.1.3
++++ sh.dol.c	2000/11/04 22:23:19	1.1.1.4
+@@ -1,4 +1,4 @@
+-/* $Header: /src/pub/tcsh/sh.dol.c,v 3.40 2000/06/10 21:36:06 kim Exp $ */
++/* $Header: /src/pub/tcsh/sh.dol.c,v 3.42 2000/10/31 16:55:52 christos Exp $ */
+ /*
+  * sh.dol.c: Variable substitutions
+  */
+@@ -36,7 +36,7 @@
+  */
+ #include "sh.h"
+ 
+-RCSID("$Id: sh.dol.c,v 3.40 2000/06/10 21:36:06 kim Exp $")
++RCSID("$Id: sh.dol.c,v 3.42 2000/10/31 16:55:52 christos Exp $")
+ 
+ /*
+  * C shell
+@@ -1017,7 +1017,7 @@
+ heredoc(term)
+     Char   *term;
+ {
+-    register int c;
++    int c;
+     Char   *Dv[2];
+     Char    obuf[BUFSIZE], lbuf[BUFSIZE], mbuf[BUFSIZE];
+     int     ocnt, lcnt, mcnt;
+@@ -1025,7 +1025,9 @@
+     Char  **vp;
+     bool    quoted;
+     char   *tmp;
++    struct timeval tv;
+ 
++again:
+     tmp = short2str(shtemp);
+ #ifndef O_CREAT
+ # define O_CREAT 0
+@@ -1036,12 +1038,22 @@
+ #ifndef O_TEMPORARY
+ # define O_TEMPORARY 0
+ #endif
+-    if (open(tmp, O_RDWR|O_CREAT|O_TEMPORARY) < 0) {
+-	int     oerrno = errno;
+-
++#ifndef O_EXCL
++# define O_EXCL 0
++#endif
++    if (open(tmp, O_RDWR|O_CREAT|O_EXCL|O_TEMPORARY) == -1) {
++	int oerrno = errno;
++	if (errno == EEXIST) {
++	    if (unlink(tmp) == -1) {
++		(void) gettimeofday(&tv, NULL);
++		shtemp = Strspl(STRtmpsh, putn((((int)tv.tv_sec) ^ 
++		    ((int)tv.tv_usec) ^ ((int)doldol)) & 0x00ffffff));
++	    }
++	    goto again;
++	}
+ 	(void) unlink(tmp);
+ 	errno = oerrno;
+-	stderror(ERR_SYSTEM, tmp, strerror(errno));
++ 	stderror(ERR_SYSTEM, tmp, strerror(errno));
+     }
+     (void) unlink(tmp);		/* 0 0 inode! */
+     Dv[0] = term;
diff --git a/share/security/patches/SA-00:76/tcsh.patch.asc b/share/security/patches/SA-00:76/tcsh.patch.asc
new file mode 100644
index 0000000000..5847e4ee62
--- /dev/null
+++ b/share/security/patches/SA-00:76/tcsh.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOhmehFUuHi5z0oilAQHsVwP/VoyUVkQKfZDlP+Cnh5WxzLEtp2GHPBBo
+6KSPcNNo3PBe3gPbGZ7t7rc42b5SEv1uG9fKIbPTQ1lv2bZeUymB9XoQFtY3MKEG
+4nVjB6eq4zJwZ/YsRZ4c1ACOV9d5CCqvE2L+tKAwDVJ3whp7U8o+JSB5wgxEwEK5
+xHHB3q7dmXg=
+=a4f8
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:77/procfs.3.5.1.patch.v1.1 b/share/security/patches/SA-00:77/procfs.3.5.1.patch.v1.1
new file mode 100644
index 0000000000..33105d4b51
--- /dev/null
+++ b/share/security/patches/SA-00:77/procfs.3.5.1.patch.v1.1
@@ -0,0 +1,184 @@
+Index: i386/i386/pmap.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/i386/pmap.c,v
+retrieving revision 1.250.2.6
+retrieving revision 1.250.2.7
+diff -u -r1.250.2.6 -r1.250.2.7
+--- i386/i386/pmap.c	2000/09/30 02:49:32	1.250.2.6
++++ i386/i386/pmap.c	2000/11/07 18:32:15	1.250.2.7
+@@ -2322,8 +2322,11 @@
+ 		return;
+ 	}
+ 
+-	if (psize + pindex > object->size)
++	if (psize + pindex > object->size) {
++		if (object->size < pindex)
++			return;		  
+ 		psize = object->size - pindex;
++	}
+ 
+ 	mpte = NULL;
+ 	/*
+Index: miscfs/procfs/procfs_ctl.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_ctl.c,v
+retrieving revision 1.17.2.1
+retrieving revision 1.17.2.2
+diff -u -r1.17.2.1 -r1.17.2.2
+--- miscfs/procfs/procfs_ctl.c	1999/08/29 16:26:51	1.17.2.1
++++ miscfs/procfs/procfs_ctl.c	2000/12/18 20:56:05	1.17.2.2
+@@ -111,6 +111,19 @@
+ {
+ 	int error;
+ 
++	/* Authorization check: rely on normal debugging protection, except
++	 * allow processes to disecgage debugging on a process onto which
++	 * they have previously attached, but no longer have permission to
++	 * debug.
++	 */
++	if (op != PROCFS_CTL_DETACH) {
++		if (securelevel > 0 && p->p_pid == 1)
++			return (EPERM);
++
++                if (!CHECKIO(curp, p) || !procfs_kmemaccess(curp))
++                        return (EPERM);
++	}
++
+ 	/*
+ 	 * Attach - attaches the target process for debugging
+ 	 * by the calling process.
+@@ -123,10 +136,6 @@
+ 		/* can't trace yourself! */
+ 		if (p->p_pid == curp->p_pid)
+ 			return (EINVAL);
+-
+-		/* can't trace init when securelevel > 0 */
+-		if (securelevel > 0 && p->p_pid == 1)
+-			return (EPERM);
+ 
+ 		/*
+ 		 * Go ahead and set the trace flag.
+Index: miscfs/procfs/procfs_status.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_status.c,v
+retrieving revision 1.12.2.3
+retrieving revision 1.12.2.4
+diff -u -r1.12.2.3 -r1.12.2.4
+--- miscfs/procfs/procfs_status.c	1999/12/27 16:05:11	1.12.2.3
++++ miscfs/procfs/procfs_status.c	2000/11/29 10:15:00	1.12.2.4
+@@ -53,6 +53,7 @@
+ #include <vm/vm_param.h>
+ #include <sys/exec.h>
+ 
++#define DOCHECK() do { if (ps >= psbuf+sizeof(psbuf)) goto bailout; } while (0)
+ int
+ procfs_dostatus(curp, p, pfs, uio)
+ 	struct proc *curp;
+@@ -83,63 +84,82 @@
+ /* comm pid ppid pgid sid maj,min ctty,sldr start ut st wmsg 
+                                 euid ruid rgid,egid,groups[1 .. NGROUPS]
+ */
++	KASSERT(sizeof(psbuf) > MAXCOMLEN,
++			("Too short buffer for new MAXCOMLEN"));
++
+ 	ps = psbuf;
+ 	bcopy(p->p_comm, ps, MAXCOMLEN);
+ 	ps[MAXCOMLEN] = '\0';
+ 	ps += strlen(ps);
+-	ps += sprintf(ps, " %d %d %d %d ", pid, ppid, pgid, sid);
++
++	DOCHECK();
++	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++	    " %d %d %d %d ", pid, ppid, pgid, sid);
++	DOCHECK();
+ 
+ 	if ((p->p_flag&P_CONTROLT) && (tp = sess->s_ttyp))
+-		ps += sprintf(ps, "%d,%d ", major(tp->t_dev), minor(tp->t_dev));
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++		    "%d,%d ", major(tp->t_dev), minor(tp->t_dev));
+ 	else
+-		ps += sprintf(ps, "%d,%d ", -1, -1);
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++		    "%d,%d ", -1, -1);
+ 
+ 	sep = "";
+ 	if (sess->s_ttyvp) {
+-		ps += sprintf(ps, "%sctty", sep);
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "%sctty", sep);
+ 		sep = ",";
++		DOCHECK();
+ 	}
+ 	if (SESS_LEADER(p)) {
+-		ps += sprintf(ps, "%ssldr", sep);
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "%ssldr", sep);
+ 		sep = ",";
++		DOCHECK();
++	}
++	if (*sep != ',') {
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "noflags");
++		DOCHECK();
+ 	}
+-	if (*sep != ',')
+-		ps += sprintf(ps, "noflags");
+ 
+ 	if (p->p_flag & P_INMEM)
+-		ps += sprintf(ps, " %ld,%ld",
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " %ld,%ld",
+ 			p->p_stats->p_start.tv_sec,
+ 			p->p_stats->p_start.tv_usec);
+ 	else
+-		ps += sprintf(ps, " -1,-1");
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " -1,-1");
+ 
+ 	{
+ 		struct timeval ut, st;
+ 
+ 		calcru(p, &ut, &st, (void *) 0);
+-		ps += sprintf(ps, " %ld,%ld %ld,%ld",
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, 
++		    " %ld,%ld %ld,%ld",
+ 			ut.tv_sec,
+ 			ut.tv_usec,
+ 			st.tv_sec,
+ 			st.tv_usec);
+ 	}
+ 
+-	ps += sprintf(ps, " %s",
++	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " %s",
+ 		(p->p_wchan && p->p_wmesg) ? p->p_wmesg : "nochan");
+ 
+ 	cr = p->p_ucred;
+ 
+-	ps += sprintf(ps, " %lu %lu %lu", 
++	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " %lu %lu %lu", 
+ 		(u_long)cr->cr_uid,
+ 		(u_long)p->p_cred->p_ruid,
+ 		(u_long)p->p_cred->p_rgid);
++	DOCHECK();
+ 
+ 	/* egid (p->p_cred->p_svgid) is equal to cr_ngroups[0] 
+ 	   see also getegid(2) in /sys/kern/kern_prot.c */
+ 
+-	for (i = 0; i < cr->cr_ngroups; i++)
+-		ps += sprintf(ps, ",%lu", (u_long)cr->cr_groups[i]);
+-	ps += sprintf(ps, "\n");
++	for (i = 0; i < cr->cr_ngroups; i++) {
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++		     ",%lu", (u_long)cr->cr_groups[i]);
++		DOCHECK();
++	}
++	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "\n");
++	DOCHECK();
+ 
+ 	xlen = ps - psbuf;
+ 	xlen -= uio->uio_offset;
+@@ -151,6 +171,9 @@
+ 		error = uiomove(ps, xlen, uio);
+ 
+ 	return (error);
++
++bailout:
++	return (ENOMEM);
+ }
+ 
+ int
diff --git a/share/security/patches/SA-00:77/procfs.3.5.1.patch.v1.1.asc b/share/security/patches/SA-00:77/procfs.3.5.1.patch.v1.1.asc
new file mode 100644
index 0000000000..f71a57c23a
--- /dev/null
+++ b/share/security/patches/SA-00:77/procfs.3.5.1.patch.v1.1.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOkyn7VUuHi5z0oilAQHTMgP+JW3H0Ws5unhHoaHKjiXQHNNXCxrTtk8Q
+FVrIZ2lNZjS4bRop7FfXDn0j5WtcGF97pWZBPM2+Rldnl2/KRZaQzbTw+6jwXwVS
+yMwPVRivkChoLFEUakCMd6F9EJ+Yo/84Z/B152yxAXl+K2IESTUvWdpk0geHiwB9
+ozPjdyW265Y=
+=EViD
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:77/procfs.4.1.patch b/share/security/patches/SA-00:77/procfs.4.1.patch
new file mode 100644
index 0000000000..6d99a2521f
--- /dev/null
+++ b/share/security/patches/SA-00:77/procfs.4.1.patch
@@ -0,0 +1,334 @@
+Index: miscfs/procfs/procfs.h
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs.h,v
+retrieving revision 1.32
+retrieving revision 1.32.2.1
+diff -u -r1.32 -r1.32.2.1
+--- miscfs/procfs/procfs.h	1999/12/29 04:54:46	1.32
++++ miscfs/procfs/procfs.h	2000/11/01 20:19:48	1.32.2.1
+@@ -95,6 +95,13 @@
+ 			((type) + 2) : \
+ 			((((pid)+1) << 4) + ((int) (type))))
+ 
++#define CHECKIO(p1, p2) \
++     ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \
++       ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \
++       ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \
++       ((p2)->p_flag & P_SUGID) == 0) || \
++      (suser_xxx((p1)->p_cred->pc_ucred, (p1), PRISON_ROOT) == 0))
++
+ /*
+  * Convert between pfsnode vnode
+  */
+Index: miscfs/procfs/procfs_ctl.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_ctl.c,v
+retrieving revision 1.20
+retrieving revision 1.20.2.1
+diff -u -r1.20 -r1.20.2.1
+--- miscfs/procfs/procfs_ctl.c	1999/12/08 08:59:36	1.20
++++ miscfs/procfs/procfs_ctl.c	2000/12/17 03:13:05	1.20.2.1
+@@ -111,6 +111,20 @@
+ 	int error;
+ 
+ 	/*
++	 * Authorization check: rely on normal debugging protection, except
++	 * allow processes to disengage debugging on a process onto which
++	 * they have previously attached, but no longer have permission to
++	 * debug.
++	 */
++	if (op != PROCFS_CTL_DETACH) {
++		if (securelevel > 0 && p->p_pid == 1)
++			return (EPERM);
++
++		if (!CHECKIO(curp, p) || p_trespass(curp, p))
++			return (EPERM);
++	}
++
++	/*
+ 	 * Attach - attaches the target process for debugging
+ 	 * by the calling process.
+ 	 */
+@@ -122,10 +136,6 @@
+ 		/* can't trace yourself! */
+ 		if (p->p_pid == curp->p_pid)
+ 			return (EINVAL);
+-
+-		/* can't trace init when securelevel > 0 */
+-		if (securelevel > 0 && p->p_pid == 1)
+-			return (EPERM);
+ 
+ 		/*
+ 		 * Go ahead and set the trace flag.
+Index: miscfs/procfs/procfs_dbregs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_dbregs.c,v
+retrieving revision 1.4
+retrieving revision 1.4.2.1
+diff -u -r1.4 -r1.4.2.1
+--- miscfs/procfs/procfs_dbregs.c	1999/12/08 08:59:36	1.4
++++ miscfs/procfs/procfs_dbregs.c	2000/11/01 20:19:48	1.4.2.1
+@@ -62,7 +62,7 @@
+ 	char *kv;
+ 	int kl;
+ 
+-	if (p_trespass(curp, p))
++	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+ 		return (EPERM);
+ 	kl = sizeof(r);
+ 	kv = (char *) &r;
+Index: miscfs/procfs/procfs_fpregs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_fpregs.c,v
+retrieving revision 1.11
+retrieving revision 1.11.2.1
+diff -u -r1.11 -r1.11.2.1
+--- miscfs/procfs/procfs_fpregs.c	1999/12/08 08:59:37	1.11
++++ miscfs/procfs/procfs_fpregs.c	2000/11/01 20:19:48	1.11.2.1
+@@ -59,7 +59,7 @@
+ 	char *kv;
+ 	int kl;
+ 
+-	if (p_trespass(curp, p))
++	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+ 		return EPERM;
+ 	kl = sizeof(r);
+ 	kv = (char *) &r;
+Index: miscfs/procfs/procfs_mem.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_mem.c,v
+retrieving revision 1.46
+retrieving revision 1.46.2.1
+diff -u -r1.46 -r1.46.2.1
+--- miscfs/procfs/procfs_mem.c	1999/12/20 18:26:58	1.46
++++ miscfs/procfs/procfs_mem.c	2000/11/01 20:19:48	1.46.2.1
+@@ -256,7 +256,7 @@
+  	 * All in all, quite yucky.
+  	 */
+  
+- 	if (p_trespass(curp, p) &&
++ 	if ((!CHECKIO(curp, p) || p_trespass(curp, p)) &&
+ 	    !(uio->uio_rw == UIO_READ &&
+ 	      procfs_kmemaccess(curp)))
+  		return EPERM;
+Index: miscfs/procfs/procfs_regs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_regs.c,v
+retrieving revision 1.10
+retrieving revision 1.10.2.1
+diff -u -r1.10 -r1.10.2.1
+--- miscfs/procfs/procfs_regs.c	1999/11/21 19:03:19	1.10
++++ miscfs/procfs/procfs_regs.c	2000/11/01 20:19:48	1.10.2.1
+@@ -60,7 +60,7 @@
+ 	char *kv;
+ 	int kl;
+ 
+-	if (p_trespass(curp, p))
++	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+ 		return EPERM;
+ 	kl = sizeof(r);
+ 	kv = (char *) &r;
+Index: miscfs/procfs/procfs_status.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_status.c,v
+retrieving revision 1.20
+retrieving revision 1.20.2.3
+diff -u -r1.20 -r1.20.2.3
+--- miscfs/procfs/procfs_status.c	1999/12/27 16:03:38	1.20
++++ miscfs/procfs/procfs_status.c	2000/11/16 13:50:00	1.20.2.3
+@@ -55,6 +55,7 @@
+ #include <vm/vm_param.h>
+ #include <sys/exec.h>
+ 
++#define DOCHECK() do { if (ps >= psbuf+sizeof(psbuf)) goto bailout; } while (0)
+ int
+ procfs_dostatus(curp, p, pfs, uio)
+ 	struct proc *curp;
+@@ -71,7 +72,7 @@
+ 	int i;
+ 	int xlen;
+ 	int error;
+-	char psbuf[256];		/* XXX - conservative */
++	char psbuf[256];	/* XXX - conservative */
+ 
+ 	if (uio->uio_rw != UIO_READ)
+ 		return (EOPNOTSUPP);
+@@ -85,62 +86,85 @@
+ /* comm pid ppid pgid sid maj,min ctty,sldr start ut st wmsg 
+                                 euid ruid rgid,egid,groups[1 .. NGROUPS]
+ */
++	KASSERT(sizeof(psbuf) > MAXCOMLEN,
++			("Too short buffer for new MAXCOMLEN"));
++
+ 	ps = psbuf;
+ 	bcopy(p->p_comm, ps, MAXCOMLEN);
+ 	ps[MAXCOMLEN] = '\0';
+ 	ps += strlen(ps);
+-	ps += sprintf(ps, " %d %d %d %d ", pid, ppid, pgid, sid);
+-
++	DOCHECK();
++	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++	    " %d %d %d %d ", pid, ppid, pgid, sid);
++	DOCHECK();
+ 	if ((p->p_flag&P_CONTROLT) && (tp = sess->s_ttyp))
+-		ps += sprintf(ps, "%d,%d ", major(tp->t_dev), minor(tp->t_dev));
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++		    "%d,%d ", major(tp->t_dev), minor(tp->t_dev));
+ 	else
+-		ps += sprintf(ps, "%d,%d ", -1, -1);
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++		    "%d,%d ", -1, -1);
++	DOCHECK();
+ 
+ 	sep = "";
+ 	if (sess->s_ttyvp) {
+-		ps += sprintf(ps, "%sctty", sep);
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "%sctty", sep);
+ 		sep = ",";
++		DOCHECK();
+ 	}
+ 	if (SESS_LEADER(p)) {
+-		ps += sprintf(ps, "%ssldr", sep);
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "%ssldr", sep);
+ 		sep = ",";
++		DOCHECK();
++	}
++	if (*sep != ',') {
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "noflags");
++		DOCHECK();
+ 	}
+-	if (*sep != ',')
+-		ps += sprintf(ps, "noflags");
+ 
+ 	if (p->p_flag & P_INMEM) {
+ 		struct timeval ut, st;
+ 
+ 		calcru(p, &ut, &st, (struct timeval *) NULL);
+-		ps += sprintf(ps, " %ld,%ld %ld,%ld %ld,%ld",
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++		    " %ld,%ld %ld,%ld %ld,%ld",
+ 		    p->p_stats->p_start.tv_sec,
+ 		    p->p_stats->p_start.tv_usec,
+ 		    ut.tv_sec, ut.tv_usec,
+ 		    st.tv_sec, st.tv_usec);
+ 	} else
+-		ps += sprintf(ps, " -1,-1 -1,-1 -1,-1");
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++		    " -1,-1 -1,-1 -1,-1");
++	DOCHECK();
+ 
+-	ps += sprintf(ps, " %s",
++	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " %s",
+ 		(p->p_wchan && p->p_wmesg) ? p->p_wmesg : "nochan");
++	DOCHECK();
+ 
+ 	cr = p->p_ucred;
+ 
+-	ps += sprintf(ps, " %lu %lu %lu", 
++	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " %lu %lu %lu", 
+ 		(u_long)cr->cr_uid,
+ 		(u_long)p->p_cred->p_ruid,
+ 		(u_long)p->p_cred->p_rgid);
++	DOCHECK();
+ 
+ 	/* egid (p->p_cred->p_svgid) is equal to cr_ngroups[0] 
+ 	   see also getegid(2) in /sys/kern/kern_prot.c */
+ 
+-	for (i = 0; i < cr->cr_ngroups; i++)
+-		ps += sprintf(ps, ",%lu", (u_long)cr->cr_groups[i]);
++	for (i = 0; i < cr->cr_ngroups; i++) {
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++		    ",%lu", (u_long)cr->cr_groups[i]);
++		DOCHECK();
++	}
+ 
+ 	if (p->p_prison)
+-		ps += sprintf(ps, " %s", p->p_prison->pr_host);
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps,
++		    " %s", p->p_prison->pr_host);
+ 	else
+-		ps += sprintf(ps, " -");
+-	ps += sprintf(ps, "\n");
++		ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, " -");
++	DOCHECK();
++	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "\n");
++	DOCHECK();
+ 
+ 	xlen = ps - psbuf;
+ 	xlen -= uio->uio_offset;
+@@ -152,6 +176,9 @@
+ 		error = uiomove(ps, xlen, uio);
+ 
+ 	return (error);
++
++bailout:
++	return (ENOMEM);
+ }
+ 
+ int
+@@ -183,7 +210,8 @@
+ 	 * Linux behaviour is to return zero-length in this case.
+ 	 */
+ 
+-	if (p->p_args && (ps_argsopen ||!p_trespass(curp, p))) {
++	if (p->p_args &&
++	    (ps_argsopen || (CHECKIO(curp, p) && !p_trespass(curp, p)))) {
+ 		bp = p->p_args->ar_args;
+ 		buflen = p->p_args->ar_length;
+ 		buf = 0;
+Index: miscfs/procfs/procfs_vnops.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_vnops.c,v
+retrieving revision 1.76.2.1
+retrieving revision 1.76.2.3
+diff -u -r1.76.2.1 -r1.76.2.3
+--- miscfs/procfs/procfs_vnops.c	2000/06/21 09:33:43	1.76.2.1
++++ miscfs/procfs/procfs_vnops.c	2000/11/07 23:40:07	1.76.2.3
+@@ -148,7 +148,7 @@
+ 			return (EBUSY);
+ 
+ 		p1 = ap->a_p;
+-		if (p_trespass(p1, p2) &&
++		if ((!CHECKIO(p1, p2) || p_trespass(p1, p2)) &&
+ 		    !procfs_kmemaccess(p1))
+ 			return (EPERM);
+ 
+@@ -240,7 +240,7 @@
+ 		return ENOTTY;
+ 	}
+ 
+-	if (p_trespass(p, procp))
++	if (!CHECKIO(p, procp) || p_trespass(p, procp))
+ 		return EPERM;
+ 
+ 	switch (ap->a_command) {
+@@ -901,7 +901,7 @@
+ 				dp->d_fileno = PROCFS_FILENO(p->p_pid, Pproc);
+ 				dp->d_namlen = sprintf(dp->d_name, "%ld",
+ 				    (long)p->p_pid);
+-				dp->d_type = DT_REG;
++				dp->d_type = DT_DIR;
+ 				p = p->p_list.le_next;
+ 				break;
+ 			}
+Index: i386/i386/pmap.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/i386/pmap.c,v
+retrieving revision 1.250.2.6
+retrieving revision 1.250.2.7
+diff -u -r1.250.2.6 -r1.250.2.7
+--- i386/i386/pmap.c	2000/09/30 02:49:32	1.250.2.6
++++ i386/i386/pmap.c	2000/11/07 18:32:15	1.250.2.7
+@@ -2322,8 +2322,11 @@
+ 		return;
+ 	}
+ 
+-	if (psize + pindex > object->size)
++	if (psize + pindex > object->size) {
++		if (object->size < pindex)
++			return;		  
+ 		psize = object->size - pindex;
++	}
+ 
+ 	mpte = NULL;
+ 	/*
diff --git a/share/security/patches/SA-00:77/procfs.4.1.patch.asc b/share/security/patches/SA-00:77/procfs.4.1.patch.asc
new file mode 100644
index 0000000000..de2e831c34
--- /dev/null
+++ b/share/security/patches/SA-00:77/procfs.4.1.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOj4ollUuHi5z0oilAQH57AP/RxzRDuu2LOnl0UzW+RO2/Y0q3mweo0id
+qKsyGtBnN4Z/RUJjfmuL0OjFpzpHYpedwm64ckaEDyBF+ocgV3PMQRA8UfMDo+eH
+yz5lzV3BuYg0gA4wWlQZEE0038NB0uWuvhQsvMFiGZHF56kEiLYlgh4UzvgHLgQS
+5vMoJieh8wc=
+=ApML
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-00:77/procfs.4.2.patch b/share/security/patches/SA-00:77/procfs.4.2.patch
new file mode 100644
index 0000000000..a518e18ff7
--- /dev/null
+++ b/share/security/patches/SA-00:77/procfs.4.2.patch
@@ -0,0 +1,40 @@
+Index: miscfs/procfs/procfs_ctl.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/procfs_ctl.c,v
+retrieving revision 1.20
+retrieving revision 1.20.2.1
+diff -u -r1.20 -r1.20.2.1
+--- miscfs/procfs/procfs_ctl.c	1999/12/08 08:59:36	1.20
++++ miscfs/procfs/procfs_ctl.c	2000/12/17 03:13:05	1.20.2.1
+@@ -111,6 +111,20 @@
+ 	int error;
+ 
+ 	/*
++	 * Authorization check: rely on normal debugging protection, except
++	 * allow processes to disengage debugging on a process onto which
++	 * they have previously attached, but no longer have permission to
++	 * debug.
++	 */
++	if (op != PROCFS_CTL_DETACH) {
++		if (securelevel > 0 && p->p_pid == 1)
++			return (EPERM);
++
++		if (!CHECKIO(curp, p) || p_trespass(curp, p))
++			return (EPERM);
++	}
++
++	/*
+ 	 * Attach - attaches the target process for debugging
+ 	 * by the calling process.
+ 	 */
+@@ -122,10 +136,6 @@
+ 		/* can't trace yourself! */
+ 		if (p->p_pid == curp->p_pid)
+ 			return (EINVAL);
+-
+-		/* can't trace init when securelevel > 0 */
+-		if (securelevel > 0 && p->p_pid == 1)
+-			return (EPERM);
+ 
+ 		/*
+ 		 * Go ahead and set the trace flag.
diff --git a/share/security/patches/SA-00:77/procfs.4.2.patch.asc b/share/security/patches/SA-00:77/procfs.4.2.patch.asc
new file mode 100644
index 0000000000..3f01d4a904
--- /dev/null
+++ b/share/security/patches/SA-00:77/procfs.4.2.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOj4onVUuHi5z0oilAQHjUAP/eIKGK3mIPG7EZpO0c1xcYuQarPlgvLyS
++s9PcEXGQun8RfF+KxzZEtEhTiBDY3xJirMi+uymtbrJcWev6pVJhpDgg82u3JtW
+x0dFTcmBOFRbTcQGDsimTc085IyyFivxtVyluhT3jBQXUCTFSJWTXnNkoog3yXcD
+bqw2GiOxryM=
+=p6bP
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:01/openssh.patch b/share/security/patches/SA-01:01/openssh.patch
new file mode 100644
index 0000000000..2deb15ff91
--- /dev/null
+++ b/share/security/patches/SA-01:01/openssh.patch
@@ -0,0 +1,50 @@
+Index: clientloop.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/clientloop.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 clientloop.c
+--- clientloop.c	2000/10/28 23:00:47	1.1.1.1.2.2
++++ clientloop.c	2000/12/19 22:57:31
+@@ -75,6 +75,8 @@
+ #include "buffer.h"
+ #include "bufaux.h"
+ 
++extern Options options;
++
+ /* Flag indicating that stdin should be redirected from /dev/null. */
+ extern int stdin_null_flag;
+ 
+@@ -793,7 +795,6 @@
+ int
+ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id)
+ {
+-	extern Options options;
+ 	double start_time, total_time;
+ 	int len;
+ 	char buf[100];
+@@ -1036,7 +1037,7 @@
+ 	debug("client_input_channel_open: ctype %s rchan %d win %d max %d",
+ 	    ctype, rchan, rwindow, rmaxpack);
+ 
+-	if (strcmp(ctype, "x11") == 0) {
++	if (strcmp(ctype, "x11") == 0 && options.forward_x11) {
+ 		int sock;
+ 		char *originator;
+ 		int originator_port;
+@@ -1108,11 +1109,14 @@
+ 	dispatch_set(SSH_MSG_CHANNEL_OPEN_CONFIRMATION, &channel_input_open_confirmation);
+ 	dispatch_set(SSH_MSG_CHANNEL_OPEN_FAILURE, &channel_input_open_failure);
+ 	dispatch_set(SSH_MSG_PORT_OPEN, &channel_input_port_open);
+-	dispatch_set(SSH_SMSG_AGENT_OPEN, &auth_input_open_request);
+ 	dispatch_set(SSH_SMSG_EXITSTATUS, &client_input_exit_status);
+ 	dispatch_set(SSH_SMSG_STDERR_DATA, &client_input_stderr_data);
+ 	dispatch_set(SSH_SMSG_STDOUT_DATA, &client_input_stdout_data);
+-	dispatch_set(SSH_SMSG_X11_OPEN, &x11_input_open);
++
++	dispatch_set(SSH_SMSG_AGENT_OPEN, options.forward_agent ?
++	    &auth_input_open_request : NULL);
++	dispatch_set(SSH_SMSG_X11_OPEN, options.forward_x11 ?
++	    &x11_input_open : NULL);
+ }
+ void
+ client_init_dispatch_15()
diff --git a/share/security/patches/SA-01:01/openssh.patch.asc b/share/security/patches/SA-01:01/openssh.patch.asc
new file mode 100644
index 0000000000..b1d87f6dd2
--- /dev/null
+++ b/share/security/patches/SA-01:01/openssh.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOkC63VUuHi5z0oilAQEjqwP+Nksr/Mwc0iVkp8YZ2EdQweNm7P9DmaRN
+2Y8X05nhTeXFybKFVOQ5VEJHy0GsBi7YpKKAQlcXhqOV2GSt8JJECt+LfJYShDK+
+zLcNvJoFcJcFRpIFq31agIq2LI9/o5oGKoVJSGL/H+DSFSpMlYUIOr22TLcdud9I
+5teImaxlin4=
+=vouT
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:08/ipfw-3.x.patch b/share/security/patches/SA-01:08/ipfw-3.x.patch
new file mode 100644
index 0000000000..e2cfcf88d0
--- /dev/null
+++ b/share/security/patches/SA-01:08/ipfw-3.x.patch
@@ -0,0 +1,122 @@
+Index: sys/netinet/ip_fw.c
+===================================================================
+RCS file: /usr/home/ncvs/src/sys/netinet/ip_fw.c,v
+retrieving revision 1.103.2.12
+retrieving revision 1.103.2.13
+diff -u -r1.103.2.12 -r1.103.2.13
+--- sys/netinet/ip_fw.c	2000/05/12 07:22:57	1.103.2.12
++++ sys/netinet/ip_fw.c	2001/01/13 02:44:21	1.103.2.13
+@@ -246,10 +246,16 @@
+ tcpflg_match(struct tcphdr *tcp, struct ip_fw *f)
+ {
+ 	u_char		flg_set, flg_clr;
+-	
+-	if ((f->fw_tcpf & IP_FW_TCPF_ESTAB) &&
+-	    (tcp->th_flags & (IP_FW_TCPF_RST | IP_FW_TCPF_ACK)))
+-		return 1;
++
++	/*
++	 * If an established connection is required, reject packets that
++	 * have only SYN of RST|ACK|SYN set.  Otherwise, fall through to
++	 * other flag requirements.
++	 */
++	if ((f->fw_ipflg & IP_FW_IF_TCPEST) &&
++	    ((tcp->th_flags & (IP_FW_TCPF_RST | IP_FW_TCPF_ACK |
++	    IP_FW_TCPF_SYN)) == IP_FW_TCPF_SYN))
++		return 0;
+ 
+ 	flg_set = tcp->th_flags & f->fw_tcpf;
+ 	flg_clr = tcp->th_flags & f->fw_tcpnf;
+@@ -1171,7 +1177,9 @@
+ 				break;
+ 			}
+ 			tcp = (struct tcphdr *) ((u_int32_t *)ip + ip->ip_hl);
+-			if (f->fw_tcpf != f->fw_tcpnf && !tcpflg_match(tcp, f))
++			if (((f->fw_tcpf != f->fw_tcpnf) ||
++			    (f->fw_ipflg & IP_FW_IF_TCPEST)) &&
++			    !tcpflg_match(tcp, f))
+ 				continue;
+ 			goto check_ports;
+ 		    }
+Index: sys/netinet/ip_fw.h
+===================================================================
+RCS file: /usr/home/ncvs/src/sys/netinet/ip_fw.h,v
+retrieving revision 1.36.2.5
+retrieving revision 1.36.2.6
+diff -u -r1.36.2.5 -r1.36.2.6
+--- sys/netinet/ip_fw.h	2000/02/13 12:18:36	1.36.2.5
++++ sys/netinet/ip_fw.h	2001/01/13 02:44:21	1.36.2.6
+@@ -63,6 +63,7 @@
+ #define IP_FW_ICMPTYPES_DIM	(IP_FW_ICMPTYPES_MAX / (sizeof(unsigned) * 8))
+ 	unsigned fw_icmptypes[IP_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */
+ 	} fw_uar;
++    u_char fw_ipflg;			/* IP flags word */
+     u_char fw_ipopt,fw_ipnopt;		/* IP options set/unset */
+     u_char fw_tcpf,fw_tcpnf;		/* TCP flags set/unset */
+     long timestamp;			/* timestamp (tv_sec) of last match */
+@@ -207,6 +208,12 @@
+ #define IP_FW_F_MASK	0x1FFFFFFF	/* All possible flag bits mask		*/
+ 
+ /*
++ * Flags for the 'fw_ipflg' field, for comparing values of IP and its protocols
++ */
++#define	IP_FW_IF_TCPEST	0x00000020	/* established TCP connection */
++#define	IP_FW_IF_TCPMSK	0x00000020	/* mask of all TCP values */
++
++/*
+  * For backwards compatibility with rules specifying "via iface" but
+  * not restricted to only "in" or "out" packets, we define this combination
+  * of bits to represent this configuration.
+@@ -237,7 +244,6 @@
+ #define IP_FW_TCPF_PSH		TH_PUSH
+ #define IP_FW_TCPF_ACK		TH_ACK
+ #define IP_FW_TCPF_URG		TH_URG
+-#define IP_FW_TCPF_ESTAB	0x40
+ 
+ /*
+  * Main firewall chains definitions and global var's definitions.
+Index: sys/netinet/tcp.h
+===================================================================
+RCS file: /usr/home/ncvs/src/sys/netinet/tcp.h,v
+retrieving revision 1.10.2.1
+retrieving revision 1.10.2.2
+diff -u -r1.10.2.1 -r1.10.2.2
+--- sys/netinet/tcp.h	1999/08/29 16:29:52	1.10.2.1
++++ sys/netinet/tcp.h	2001/01/13 02:44:21	1.10.2.2
+@@ -64,7 +64,9 @@
+ #define	TH_PUSH	0x08
+ #define	TH_ACK	0x10
+ #define	TH_URG	0x20
+-#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG)
++#define	TH_ECE	0x40
++#define	TH_CWR	0x80
++#define	TH_FLAGS	(TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
+ 
+ 	u_short	th_win;			/* window */
+ 	u_short	th_sum;			/* checksum */
+Index: sbin/ipfw/ipfw.c
+===================================================================
+RCS file: /usr/home/ncvs/src/sbin/ipfw/ipfw.c,v
+retrieving revision 1.64.2.12
+retrieving revision 1.64.2.13
+diff -u -r1.64.2.12 -r1.64.2.13
+--- sbin/ipfw/ipfw.c	2000/02/13 12:19:54	1.64.2.12
++++ sbin/ipfw/ipfw.c	2001/01/13 02:44:21	1.64.2.13
+@@ -424,7 +424,7 @@
+ 		if (chain->fw_ipnopt & IP_FW_IPOPT_TS)   PRINTOPT("!ts");
+ 	} 
+ 
+-	if (chain->fw_tcpf & IP_FW_TCPF_ESTAB) 
++	if (chain->fw_ipflg & IP_FW_IF_TCPEST)
+ 		printf(" established");
+ 	else if (chain->fw_tcpf == IP_FW_TCPF_SYN &&
+ 	    chain->fw_tcpnf == IP_FW_TCPF_ACK)
+@@ -1628,7 +1628,7 @@
+ 		}
+ 		if (rule.fw_prot == IPPROTO_TCP) {
+ 			if (!strncmp(*av,"established",strlen(*av))) { 
+-				rule.fw_tcpf  |= IP_FW_TCPF_ESTAB;
++				rule.fw_ipflg |= IP_FW_IF_TCPEST;
+ 				av++; ac--; continue;
+ 			}
+ 			if (!strncmp(*av,"setup",strlen(*av))) { 
diff --git a/share/security/patches/SA-01:08/ipfw-3.x.patch.asc b/share/security/patches/SA-01:08/ipfw-3.x.patch.asc
new file mode 100644
index 0000000000..6d8d2d02e2
--- /dev/null
+++ b/share/security/patches/SA-01:08/ipfw-3.x.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOmz7RlUuHi5z0oilAQEm8AP/WJKXu3QNU3iWrPssZFZmAXKeR+iv0ss+
+jXQoMgl/1cFZjZO41caU2w87PhwMQLIyk1S+0iGToEZnlCP0vSUyAeI/t++56raP
++aiksH4zQhuXBUIfA9P6pE7ek88vrkTrk9cuS7Pmd6NjB8u2dtgo6WJVNMDFrdHa
+W+JE2AIHqec=
+=ESr3
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:08/ipfw-4.2-regression.patch b/share/security/patches/SA-01:08/ipfw-4.2-regression.patch
new file mode 100644
index 0000000000..6b6aa78479
--- /dev/null
+++ b/share/security/patches/SA-01:08/ipfw-4.2-regression.patch
@@ -0,0 +1,19 @@
+Index: ip_fw.c
+===================================================================
+RCS file: /mnt/ncvs/src/sys/netinet/ip_fw.c,v
+retrieving revision 1.131.2.13
+retrieving revision 1.131.2.14
+diff -u -r1.131.2.13 -r1.131.2.14
+--- ip_fw.c	2001/02/01 20:25:09	1.131.2.13
++++ ip_fw.c	2001/02/04 05:48:59	1.131.2.14
+@@ -1222,7 +1222,9 @@
+ 
+ 			if (f->fw_tcpopt != f->fw_tcpnopt && !tcpopts_match(tcp, f))
+ 				continue;
+-			if (f->fw_tcpf != f->fw_tcpnf && !tcpflg_match(tcp, f))
++			if (((f->fw_tcpf != f->fw_tcpnf) ||
++			    (f->fw_ipflg & IP_FW_IF_TCPEST)) &&
++			    !tcpflg_match(tcp, f))
+ 				continue;
+ 			goto check_ports;
+ 		    }
diff --git a/share/security/patches/SA-01:08/ipfw-4.2-regression.patch.asc b/share/security/patches/SA-01:08/ipfw-4.2-regression.patch.asc
new file mode 100644
index 0000000000..715b321142
--- /dev/null
+++ b/share/security/patches/SA-01:08/ipfw-4.2-regression.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOoGiTlUuHi5z0oilAQGX9gP+LELsoak1R2BHiuJJoAI8e71DWU/dX3bf
+UIYVmQrZA6sp+4cflxViDXyexI3w8HV827fkNV5Rfg99bLrKktI0cS/pd5ODOs7b
+Esraj+5h2vy5wFaRUaJgzShXzNBwHyHhmAE2e1xLR6xPVYwIrK2U2yM/1DAFxNHJ
+9Z+UGJMW3VU=
+=RGHO
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:08/ipfw-4.x.patch b/share/security/patches/SA-01:08/ipfw-4.x.patch
new file mode 100644
index 0000000000..7f61f0d24b
--- /dev/null
+++ b/share/security/patches/SA-01:08/ipfw-4.x.patch
@@ -0,0 +1,220 @@
+Index: sbin/ip6fw/ip6fw.c
+===================================================================
+RCS file: /usr/home/ncvs/src/sbin/ip6fw/ip6fw.c,v
+retrieving revision 1.1
+diff -u -r1.1 ip6fw.c
+--- sbin/ip6fw/ip6fw.c	2000/01/29 13:54:44	1.1
++++ sbin/ip6fw/ip6fw.c	2001/01/22 19:43:54
+@@ -363,7 +363,7 @@
+ 		if (chain->fw_ip6nopt & IPV6_FW_IP6OPT_OPTS)   PRINTOPT("!opts");
+ 	}
+ 
+-	if (chain->fw_tcpf & IPV6_FW_TCPF_ESTAB)
++	if (chain->fw_ipflg & IPV6_FW_IF_TCPEST)
+ 		printf(" established");
+ 	else if (chain->fw_tcpf == IPV6_FW_TCPF_SYN &&
+ 	    chain->fw_tcpnf == IPV6_FW_TCPF_ACK)
+@@ -1052,7 +1052,7 @@
+ 		}
+ 		if (rule.fw_prot == IPPROTO_TCP) {
+ 			if (!strncmp(*av,"established",strlen(*av))) {
+-				rule.fw_tcpf  |= IPV6_FW_TCPF_ESTAB;
++				rule.fw_ipflg |= IPV6_FW_IF_TCPEST;
+ 				av++; ac--; continue;
+ 			}
+ 			if (!strncmp(*av,"setup",strlen(*av))) {
+Index: sys/netinet6/ip6_fw.c
+===================================================================
+RCS file: /usr/home/ncvs/src/sys/netinet6/ip6_fw.c,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 ip6_fw.c
+--- sys/netinet6/ip6_fw.c	2000/10/24 19:27:39	1.2.2.3
++++ sys/netinet6/ip6_fw.c	2001/01/22 19:43:54
+@@ -149,9 +149,15 @@
+ {
+ 	u_char		flg_set, flg_clr;
+ 	
+-	if ((f->fw_tcpf & IPV6_FW_TCPF_ESTAB) &&
+-	    (tcp6->th_flags & (IPV6_FW_TCPF_RST | IPV6_FW_TCPF_ACK)))
+-		return 1;
++	/*
++	 * If an established connection is required, reject packets that
++	 * have only SYN of RST|ACK|SYN set.  Otherwise, fall through to
++	 * other flag requirements.
++	 */
++	if ((f->fw_ipflg & IPV6_FW_IF_TCPEST) &&
++	    ((tcp6->th_flags & (IPV6_FW_TCPF_RST | IPV6_FW_TCPF_ACK |
++	    IPV6_FW_TCPF_SYN)) == IPV6_FW_TCPF_SYN))
++		return 0;
+ 
+ 	flg_set = tcp6->th_flags & f->fw_tcpf;
+ 	flg_clr = tcp6->th_flags & f->fw_tcpnf;
+@@ -571,7 +577,9 @@
+ 			}
+ 			PULLUP_TO(off + 14);
+ 			tcp6 = (struct tcphdr *) ((caddr_t)ip6 + off);
+-			if (f->fw_tcpf != f->fw_tcpnf && !tcp6flg_match(tcp6, f))
++			if (((f->fw_tcpf != f->fw_tcpnf) ||
++			   (f->fw_ipflg & IPV6_FW_IF_TCPEST))  &&
++			   !tcp6flg_match(tcp6, f))
+ 				continue;
+ 			src_port = ntohs(tcp6->th_sport);
+ 			dst_port = ntohs(tcp6->th_dport);
+Index: sys/netinet6/ip6_fw.h
+===================================================================
+RCS file: /usr/home/ncvs/src/sys/netinet6/ip6_fw.h,v
+retrieving revision 1.3.2.2
+diff -u -r1.3.2.2 ip6_fw.h
+--- sys/netinet6/ip6_fw.h	2000/10/24 19:27:39	1.3.2.2
++++ sys/netinet6/ip6_fw.h	2001/01/22 19:43:54
+@@ -59,6 +59,7 @@
+     u_short fw_number;			/* Rule number */
+     u_short fw_flg;			/* Flags word */
+ #define IPV6_FW_MAX_PORTS	10	/* A reasonable maximum */
++    u_int fw_ipflg;			/* IP flags word */
+     u_short fw_pts[IPV6_FW_MAX_PORTS];	/* Array of port numbers to match */
+     u_char fw_ip6opt,fw_ip6nopt;	/* IPv6 options set/unset */
+     u_char fw_tcpf,fw_tcpnf;		/* TCP flags set/unset */
+@@ -137,6 +138,11 @@
+ 
+ #define IPV6_FW_F_MASK	0xFFFF	/* All possible flag bits mask		*/
+ 
++/* 
++ * Flags for the 'fw_ipflg' field, for comparing values of ip and its protocols. */
++#define	IPV6_FW_IF_TCPEST 0x00000020	/* established TCP connection	*/
++#define IPV6_FW_IF_TCPMSK 0x00000020	/* mask of all TCP values */
++
+ /*
+  * For backwards compatibility with rules specifying "via iface" but
+  * not restricted to only "in" or "out" packets, we define this combination
+@@ -171,7 +177,6 @@
+ #define IPV6_FW_TCPF_PSH	TH_PUSH
+ #define IPV6_FW_TCPF_ACK	TH_ACK
+ #define IPV6_FW_TCPF_URG	TH_URG
+-#define IPV6_FW_TCPF_ESTAB	0x40
+ 
+ /*
+  * Main firewall chains definitions and global var's definitions.
+
+Index: sbin/ipfw/ipfw.c
+===================================================================
+RCS file: /usr/home/ncvs/src/sbin/ipfw/ipfw.c,v
+retrieving revision 1.80.2.7
+retrieving revision 1.80.2.8
+diff -u -r1.80.2.7 -r1.80.2.8
+--- sbin/ipfw/ipfw.c	2000/10/17 13:44:55	1.80.2.7
++++ sbin/ipfw/ipfw.c	2001/01/10 03:43:33	1.80.2.8
+@@ -426,7 +426,7 @@
+ 		if (chain->fw_ipnopt & IP_FW_IPOPT_TS)   PRINTOPT("!ts");
+ 	} 
+ 
+-	if (chain->fw_tcpf & IP_FW_TCPF_ESTAB) 
++	if (chain->fw_ipflg & IP_FW_IF_TCPEST)
+ 		printf(" established");
+ 	else if (chain->fw_tcpf == IP_FW_TCPF_SYN &&
+ 	    chain->fw_tcpnf == IP_FW_TCPF_ACK)
+@@ -1893,7 +1893,7 @@
+ 		}
+ 		if (rule.fw_prot == IPPROTO_TCP) {
+ 			if (!strncmp(*av,"established",strlen(*av))) { 
+-				rule.fw_tcpf  |= IP_FW_TCPF_ESTAB;
++				rule.fw_ipflg |= IP_FW_IF_TCPEST;
+ 				av++; ac--; continue;
+ 			}
+ 			if (!strncmp(*av,"setup",strlen(*av))) { 
+Index: sys/netinet/ip_fw.c
+===================================================================
+RCS file: /usr/home/ncvs/src/sys/netinet/ip_fw.c,v
+retrieving revision 1.131.2.10
+retrieving revision 1.131.2.11
+diff -u -r1.131.2.10 -r1.131.2.11
+--- sys/netinet/ip_fw.c	2000/11/07 09:50:58	1.131.2.10
++++ sys/netinet/ip_fw.c	2001/01/10 03:43:34	1.131.2.11
+@@ -244,10 +244,16 @@
+ tcpflg_match(struct tcphdr *tcp, struct ip_fw *f)
+ {
+ 	u_char		flg_set, flg_clr;
+-	
+-	if ((f->fw_tcpf & IP_FW_TCPF_ESTAB) &&
+-	    (tcp->th_flags & (IP_FW_TCPF_RST | IP_FW_TCPF_ACK)))
+-		return 1;
++
++	/*
++	 * If an established connection is required, reject packets that
++	 * have only SYN of RST|ACK|SYN set.  Otherwise, fall through to
++	 * other flag requirements.
++	 */
++	if ((f->fw_ipflg & IP_FW_IF_TCPEST) &&
++	    ((tcp->th_flags & (IP_FW_TCPF_RST | IP_FW_TCPF_ACK |
++	    IP_FW_TCPF_SYN)) == IP_FW_TCPF_SYN))
++		return 0;
+ 
+ 	flg_set = tcp->th_flags & f->fw_tcpf;
+ 	flg_clr = tcp->th_flags & f->fw_tcpnf;
+@@ -1208,7 +1214,9 @@
+ 
+ 			if (f->fw_tcpopt != f->fw_tcpnopt && !tcpopts_match(tcp, f))
+ 				continue;
+-			if (f->fw_tcpf != f->fw_tcpnf && !tcpflg_match(tcp, f))
++			if (((f->fw_tcpf != f->fw_tcpnf) ||
++			    (f->fw_ipflg & IP_FW_IF_TCPEST))  &&
++			    !tcpflg_match(tcp, f))
+ 				continue;
+ 			goto check_ports;
+ 		    }
+Index: sys/netinet/tcp.h
+===================================================================
+RCS file: /usr/home/ncvs/src/sys/netinet/tcp.h,v
+retrieving revision 1.13
+retrieving revision 1.13.2.2
+diff -u -r1.13 -r1.13.2.2
+--- sys/netinet/tcp.h	2000/01/09 19:17:25	1.13
++++ sys/netinet/tcp.h	2001/01/09 18:25:18	1.13.2.2
+@@ -67,7 +67,9 @@
+ #define	TH_PUSH	0x08
+ #define	TH_ACK	0x10
+ #define	TH_URG	0x20
+-#define TH_FLAGS (TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG)
++#define	TH_ECE	0x40
++#define	TH_CWR	0x80
++#define	TH_FLAGS	(TH_FIN|TH_SYN|TH_RST|TH_ACK|TH_URG|TH_ECE|TH_CWR)
+ 
+ 	u_short	th_win;			/* window */
+ 	u_short	th_sum;			/* checksum */
+Index: sys/netinet/ip_fw.h
+===================================================================
+RCS file: /usr/home/ncvs/src/sys/netinet/ip_fw.h,v
+retrieving revision 1.47.2.3
+retrieving revision 1.47.2.5
+diff -u -r1.47.2.3 -r1.47.2.5
+--- sys/netinet/ip_fw.h	2000/08/22 00:33:18	1.47.2.3
++++ sys/netinet/ip_fw.h	2001/01/10 03:43:34	1.47.2.5
+@@ -62,6 +62,7 @@
+ #define IP_FW_ICMPTYPES_DIM	(IP_FW_ICMPTYPES_MAX / (sizeof(unsigned) * 8))
+ 	unsigned fw_icmptypes[IP_FW_ICMPTYPES_DIM]; /* ICMP types bitmap */
+ 	} fw_uar;
++    u_int fw_ipflg;			/* IP flags word */
+     u_char fw_ipopt,fw_ipnopt;		/* IP options set/unset */
+     u_char fw_tcpopt,fw_tcpnopt;	/* TCP options set/unset */
+     u_char fw_tcpf,fw_tcpnf;		/* TCP flags set/unset */
+@@ -208,6 +209,12 @@
+ #define IP_FW_F_MASK	0x1FFFFFFF	/* All possible flag bits mask		*/
+ 
+ /*
++ * Flags for the 'fw_ipflg' field, for comparing values of ip and its protocols.
++ */
++#define	IP_FW_IF_TCPEST	0x00000020	/* established TCP connection */
++#define	IP_FW_IF_TCPMSK	0x00000020	/* mask of all TCP values */
++
++/*
+  * For backwards compatibility with rules specifying "via iface" but
+  * not restricted to only "in" or "out" packets, we define this combination
+  * of bits to represent this configuration.
+@@ -247,7 +254,6 @@
+ #define IP_FW_TCPF_PSH		TH_PUSH
+ #define IP_FW_TCPF_ACK		TH_ACK
+ #define IP_FW_TCPF_URG		TH_URG
+-#define IP_FW_TCPF_ESTAB	0x40
+ 
+ /*
+  * Main firewall chains definitions and global var's definitions.
diff --git a/share/security/patches/SA-01:08/ipfw-4.x.patch.asc b/share/security/patches/SA-01:08/ipfw-4.x.patch.asc
new file mode 100644
index 0000000000..8244d059b0
--- /dev/null
+++ b/share/security/patches/SA-01:08/ipfw-4.x.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOm48HVUuHi5z0oilAQFSWgP8D/pfp3DC7KM4h7kj8L+Cgf+DHvDIptUZ
+zR2fl1/E3B16aHL6DX9m0A01SaIbYasGtzMnMRrKCjuM8Q+w+0M5R3deey4HZ4Rx
+A53JokriLZXfQ6kIxplUJ0dnoAdEvmGeFtjtH8tiCZNJIy9zmMkOY+/BzC/Vxgl5
+5BvHtzD+KQk=
+=EcZC
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:09/crontab-4.x.patch b/share/security/patches/SA-01:09/crontab-4.x.patch
new file mode 100644
index 0000000000..2652d393ed
--- /dev/null
+++ b/share/security/patches/SA-01:09/crontab-4.x.patch
@@ -0,0 +1,100 @@
+Index: usr.sbin/cron/crontab/crontab.1
+===================================================================
+RCS file: /usr/home/ncvs/src/usr.sbin/cron/crontab/crontab.1,v
+retrieving revision 1.7
+retrieving revision 1.8
+diff -u -r1.7 -r1.8
+--- usr.sbin/cron/crontab/crontab.1	1999/08/28 01:15:52	1.7
++++ usr.sbin/cron/crontab/crontab.1	2000/11/06 11:17:37	1.8
+@@ -89,7 +89,12 @@
+ .Ev VISUAL
+ or
+ .Ev EDITOR
+-environment variables.  After you exit
++environment variables.
++The specified editor
++.Em must
++edit the file in place;
++any editor that unlinks the file and recreates it cannot be used.
++After you exit
+ from the editor, the modified crontab will be installed automatically.
+ .El
+ .Sh SEE ALSO
+Index: usr.sbin/cron/crontab/crontab.c
+===================================================================
+RCS file: /usr/home/ncvs/src/usr.sbin/cron/crontab/crontab.c,v
+retrieving revision 1.13
+retrieving revision 1.14
+diff -u -r1.13 -r1.14
+--- usr.sbin/cron/crontab/crontab.c	2000/10/15 00:35:34	1.13
++++ usr.sbin/cron/crontab/crontab.c	2000/11/06 11:17:37	1.14
+@@ -285,7 +285,7 @@
+ 	char		n[MAX_FNAME], q[MAX_TEMPSTR], *editor;
+ 	FILE		*f;
+ 	int		ch, t, x;
+-	struct stat	statbuf;
++	struct stat	statbuf, fsbuf;
+ 	time_t		mtime;
+ 	WAIT_T		waiter;
+ 	PID_T		pid, xpid;
+@@ -317,7 +317,7 @@
+ 		warn("fchown");
+ 		goto fatal;
+ 	}
+-	if (!(NewCrontab = fdopen(t, "w"))) {
++	if (!(NewCrontab = fdopen(t, "r+"))) {
+ 		warn("fdopen");
+ 		goto fatal;
+ 	}
+@@ -347,14 +347,20 @@
+ 		while (EOF != (ch = get_char(f)))
+ 			putc(ch, NewCrontab);
+ 	fclose(f);
+-	if (fclose(NewCrontab))
++	if (fflush(NewCrontab))
+ 		err(ERROR_EXIT, "%s", Filename);
++	if (fstat(t, &fsbuf) < 0) {
++		warn("unable to fstat temp file");
++		goto fatal;
++	}
+  again:
+ 	if (stat(Filename, &statbuf) < 0) {
+ 		warn("stat");
+  fatal:		unlink(Filename);
+ 		exit(ERROR_EXIT);
+ 	}
++	if (statbuf.st_dev != fsbuf.st_dev || statbuf.st_ino != fsbuf.st_ino)
++		errx(ERROR_EXIT, "temp file must be edited in place");
+ 	mtime = statbuf.st_mtime;
+ 
+ 	if ((!(editor = getenv("VISUAL")))
+@@ -419,15 +425,13 @@
+ 		warn("stat");
+ 		goto fatal;
+ 	}
++	if (statbuf.st_dev != fsbuf.st_dev || statbuf.st_ino != fsbuf.st_ino)
++		errx(ERROR_EXIT, "temp file must be edited in place");
+ 	if (mtime == statbuf.st_mtime) {
+ 		warnx("no changes made to crontab");
+ 		goto remove;
+ 	}
+ 	warnx("installing new crontab");
+-	if (!(NewCrontab = fopen(Filename, "r"))) {
+-		warn("%s", Filename);
+-		goto fatal;
+-	}
+ 	switch (replace_cmd()) {
+ 	case 0:
+ 		break;
+@@ -497,10 +501,10 @@
+ 
+ 	/* copy the crontab to the tmp
+ 	 */
++	rewind(NewCrontab);
+ 	Set_LineNum(1)
+ 	while (EOF != (ch = get_char(NewCrontab)))
+ 		putc(ch, tmp);
+-	fclose(NewCrontab);
+ 	ftruncate(fileno(tmp), ftell(tmp));
+ 	fflush(tmp);  rewind(tmp);
+ 
diff --git a/share/security/patches/SA-01:09/crontab-4.x.patch.asc b/share/security/patches/SA-01:09/crontab-4.x.patch.asc
new file mode 100644
index 0000000000..31bdf10632
--- /dev/null
+++ b/share/security/patches/SA-01:09/crontab-4.x.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOm33MFUuHi5z0oilAQHwJQP+PB71z/Jo3Vee4WLzgjgKF/Ct59KRPMC+
+2XNcGHgxmiVmAZ0IyzhY+IZ/y+CmOqhEwefn1vc0SVXKTVenj5//fnzgIZ7mbv7u
+AZrLfkoUzf8gOBRcEnH5O/kE+pLlrmUaUTLWUvgbFfyl2jrCs6lKciwMugDn7rG4
+2eRQ+yssh8Q=
+=b8gB
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:11/inetd-3.5.1.patch b/share/security/patches/SA-01:11/inetd-3.5.1.patch
new file mode 100644
index 0000000000..09371defe2
--- /dev/null
+++ b/share/security/patches/SA-01:11/inetd-3.5.1.patch
@@ -0,0 +1,18 @@
+Index: builtins.c
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/inetd/builtins.c,v
+retrieving revision 1.14.2.1
+diff -u -r1.14.2.1 builtins.c
+--- builtins.c	1999/11/18 09:33:47	1.14.2.1
++++ builtins.c	2001/01/03 23:47:00
+@@ -473,8 +473,9 @@
+ 		 * open any files we have no permission to open, especially
+ 		 * symbolic links to sensitive root-owned files or devices.
+ 		 */
++		if (initgroups(pw->pw_name, pw->pw_gid) == -1)
++			iderror(lport, fport, s, errno);
+ 		seteuid(pw->pw_uid);
+-		setegid(pw->pw_gid);
+ 		/*
+ 		 * If we were to lstat() here, it would do no good, since it
+ 		 * would introduce a race condition and could be defeated.
diff --git a/share/security/patches/SA-01:11/inetd-3.5.1.patch.asc b/share/security/patches/SA-01:11/inetd-3.5.1.patch.asc
new file mode 100644
index 0000000000..bae4126d21
--- /dev/null
+++ b/share/security/patches/SA-01:11/inetd-3.5.1.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOnXnglUuHi5z0oilAQGK/QP6Am7SZYDZS53R1xcjMHKIti3NNg5uQCCI
+UKIPDV8tuugtRVbdoAXjRPk0+deLbEuOZtAaK6Qv5ntJ3QfQNYnJYVqUIeBiLhLT
+jM72LA0B4THI2g0v4jcdcnjqrxAB0J+H2Bn9QCwyGhMwM/JfUc31HlhxXyOHAQ3g
+I/WC+iBfYKo=
+=yYtz
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:11/inetd-4.2.patch b/share/security/patches/SA-01:11/inetd-4.2.patch
new file mode 100644
index 0000000000..1b1b9a7f69
--- /dev/null
+++ b/share/security/patches/SA-01:11/inetd-4.2.patch
@@ -0,0 +1,74 @@
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/inetd/builtins.c,v
+retrieving revision 1.19.2.2
+retrieving revision 1.19.2.3
+diff -u -p -r1.19.2.2 -r1.19.2.3
+--- src/usr.sbin/inetd/builtins.c	2000/10/24 19:18:29	1.19.2.2
++++ src/usr.sbin/inetd/builtins.c	2000/11/25 04:14:14	1.19.2.3
+@@ -40,6 +40,7 @@
+ #include <ctype.h>
+ #include <err.h>
+ #include <errno.h>
++#include <fcntl.h>
+ #include <limits.h>
+ #include <pwd.h>
+ #include <signal.h>
+@@ -575,6 +576,7 @@ ident_stream(s, sep)		/* Ident service (
+ 	 */
+ 	if (fflag && !usedfallback) {
+ 		FILE *fakeid = NULL;
++		int fakeid_fd;
+ 
+ 		if (asprintf(&p, "%s/.fakeid", pw->pw_dir) == -1)
+ 			iderror(lport, fport, s, errno);
+@@ -583,8 +585,9 @@ ident_stream(s, sep)		/* Ident service (
+ 		 * open any files we have no permission to open, especially
+ 		 * symbolic links to sensitive root-owned files or devices.
+ 		 */
++		if (initgroups(pw->pw_name, pw->pw_gid) == -1)
++			iderror(lport, fport, s, errno);
+ 		seteuid(pw->pw_uid);
+-		setegid(pw->pw_gid);
+ 		/*
+ 		 * If we were to lstat() here, it would do no good, since it
+ 		 * would introduce a race condition and could be defeated.
+@@ -592,9 +595,9 @@ ident_stream(s, sep)		/* Ident service (
+ 		 * and if it's not a regular file, we close it and end up
+ 		 * returning the user's real username.
+ 		 */
+-		fakeid = fopen(p, "r");
++		fakeid_fd = open(p, O_RDONLY | O_NONBLOCK);
+ 		free(p);
+-		if (fakeid != NULL &&
++		if ((fakeid = fdopen(fakeid_fd, "r")) != NULL &&
+ 		    fstat(fileno(fakeid), &sb) != -1 && S_ISREG(sb.st_mode)) {
+ 			buf[sizeof(buf) - 1] = '\0';
+ 			if (fgets(buf, sizeof(buf), fakeid) == NULL) {
+@@ -605,7 +608,7 @@ ident_stream(s, sep)		/* Ident service (
+ 			fclose(fakeid);
+ 			/*
+ 			 * Usually, the file will have the desired identity
+-			 * in the form "identity\n", so we use strtok() to
++			 * in the form "identity\n", so we use strcspn() to
+ 			 * end the string (which fgets() doesn't do.)
+ 			 */
+ 			buf[strcspn(buf, "\r\n")] = '\0';
+@@ -624,10 +627,16 @@ ident_stream(s, sep)		/* Ident service (
+ 			 * we will return their real identity instead.
+ 			 */
+ 			
+-			if (!*cp || getpwnam(cp))
+-				cp = getpwuid(uc.cr_uid)->pw_name;
++			if (!*cp || getpwnam(cp)) {
++				pw = getpwuid(uc.cr_uid);
++				if (pw == NULL)
++					iderror(lport, fport, s, errno);
++				cp = pw->pw_name;
++			}
+ 		} else
+ 			cp = pw->pw_name;
++		if (fakeid_fd != -1)
++			close(fakeid_fd);
+ 	} else if (!usedfallback)
+ 		cp = pw->pw_name;
+ 	else
diff --git a/share/security/patches/SA-01:11/inetd-4.2.patch.asc b/share/security/patches/SA-01:11/inetd-4.2.patch.asc
new file mode 100644
index 0000000000..2f61954655
--- /dev/null
+++ b/share/security/patches/SA-01:11/inetd-4.2.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOnXnfFUuHi5z0oilAQH5kwP9HWJxW6iOYTT8dsjFxvXN1sXe61EW9JEj
+aMw+eGcAqjoVoRq/oEiydPi3v5XLec2dEvFoeE0jkoI7sV1F3wMfARUwhBBFkYi5
+ToMgMoEDYbGIIY+GSI3WFzvIZX9TytvNZk5xWmye1GIXbqGWpEx2jdmDdf8NA0z3
+RFfIAbD8PPY=
+=MIt2
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:12/periodic.patch b/share/security/patches/SA-01:12/periodic.patch
new file mode 100644
index 0000000000..98adbdb24e
--- /dev/null
+++ b/share/security/patches/SA-01:12/periodic.patch
@@ -0,0 +1,30 @@
+Index: periodic.sh
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/periodic/periodic.sh,v
+retrieving revision 1.9.2.5
+diff -u -r1.9.2.5 periodic.sh
+--- periodic.sh	2000/09/20 20:17:21	1.9.2.5
++++ periodic.sh	2000/12/20 14:44:22
+@@ -27,7 +27,7 @@
+ 
+ host=`hostname`
+ export host
+-tmp_output=${TMPDIR:-/tmp}/periodic.$$
++tmp_output=`mktemp ${TMPDIR:-/tmp}/periodic.XXXXXXXXXX`
+ 
+ # Execute each executable file in the directory list.  If the x bit is not
+ # set, assume the user didn't really want us to muck with it (it's a
+@@ -89,7 +89,7 @@
+                       esac
+                       [ $output = TRUE ] && { cat $tmp_output; empty=FALSE; }
+                     fi
+-                    rm -f $tmp_output
++		    cp /dev/null $tmp_output
+                 fi
+             done
+         done
+@@ -100,3 +100,4 @@
+         fi
+     } | eval $pipe
+ done
++rm -f $tmp_output
diff --git a/share/security/patches/SA-01:12/periodic.patch.asc b/share/security/patches/SA-01:12/periodic.patch.asc
new file mode 100644
index 0000000000..da87459440
--- /dev/null
+++ b/share/security/patches/SA-01:12/periodic.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOnXXXFUuHi5z0oilAQEEIAP/VTVoDoGek6rbEO3J44fYENCMVOu0+kZp
+xKfB2FI84esmRsIC/+CjADj75dQCsfDjXtD6Qhsp+6ZohHVqmva7JUsceQc4T3r1
+1ugs1yqbO7J/ChQXnnIqBFbXLn+hl7CGR/MeQAu7a3Vpap/ANZqOcLVnKKGOxbJ3
+tV3FsSrFlWs=
+=gTQC
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:13/sort-3.5.1.patch b/share/security/patches/SA-01:13/sort-3.5.1.patch
new file mode 100644
index 0000000000..9a387a2f82
--- /dev/null
+++ b/share/security/patches/SA-01:13/sort-3.5.1.patch
@@ -0,0 +1,49 @@
+Index: sort.c
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/sort/sort.c,v
+retrieving revision 1.11
+diff -u -r1.11 sort.c
+--- sort.c	1998/03/06 19:00:26	1.11
++++ sort.c	2000/12/26 23:01:23
+@@ -369,7 +369,7 @@
+   FILE *fp;
+   int fd;
+ 
+-  fd = open (file, O_EXCL | O_WRONLY | O_CREAT | O_TRUNC, 0600);
++  fd = open (file, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+   if (fd < 0 || (fp = fdopen (fd, "w")) == NULL)
+     {
+       error (0, errno, "%s", file);
+@@ -449,22 +449,24 @@
+ static char *
+ tempname (void)
+ {
+-  static unsigned int seq;
++  int fd;
+   int len = strlen (temp_file_prefix);
+   char *name = xmalloc (len + 1 + sizeof ("sort") - 1 + 5 + 5 + 1);
+   struct tempnode *node;
+ 
+   node = (struct tempnode *) xmalloc (sizeof (struct tempnode));
+   sprintf (name,
+-	   "%s%ssort%5.5d%5.5d",
++	   "%s%ssortXXXXXX",
+ 	   temp_file_prefix,
+-	   (len && temp_file_prefix[len - 1] != '/') ? "/" : "",
+-	   (unsigned int) getpid () & 0xffff, seq);
++	   (len && temp_file_prefix[len - 1] != '/') ? "/" : "");
+ 
+-  /* Make sure that SEQ's value fits in 5 digits.  */
+-  ++seq;
+-  if (seq >= 100000)
+-    seq = 0;
++  if ((fd = mkstemp(name)) == -1)
++    {
++      error (0, errno, _("mkstemp error"));
++      cleanup ();
++      exit (2);
++    }
++  close(fd);
+ 
+   node->name = name;
+   node->next = temphead.next;
diff --git a/share/security/patches/SA-01:13/sort-3.5.1.patch.asc b/share/security/patches/SA-01:13/sort-3.5.1.patch.asc
new file mode 100644
index 0000000000..e87b17807f
--- /dev/null
+++ b/share/security/patches/SA-01:13/sort-3.5.1.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOnXds1UuHi5z0oilAQGn6gP/YhSNSGBpNMadoo2zAFCo5/Rcj5dytZN+
++jifF6l1P6qfybcuKTxWaRWbuq+xDBXjz7/axW7wv1faLS18Iqvjci4szmve/Qjc
+0FZvFNWAn2c3jkDhNpXWR/apMy0Xdtx+q1QYkX/GZxyq806JqWxREAbeRWz5HVXD
+Q+7kTli/J0s=
+=oJgd
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:13/sort-4.1.1.patch b/share/security/patches/SA-01:13/sort-4.1.1.patch
new file mode 100644
index 0000000000..89813931dd
--- /dev/null
+++ b/share/security/patches/SA-01:13/sort-4.1.1.patch
@@ -0,0 +1,49 @@
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/sort/sort.c,v
+retrieving revision 1.15.2.1
+retrieving revision 1.15.2.2
+diff -u -p -r1.15.2.1 -r1.15.2.2
+--- src/gnu/usr.bin/sort/sort.c	2000/08/17 06:56:30	1.15.2.1
++++ src/gnu/usr.bin/sort/sort.c	2000/11/11 09:29:31	1.15.2.2
+@@ -340,7 +340,7 @@ xtmpfopen (const char *file)
+   FILE *fp;
+   int fd;
+ 
+-  fd = open (file, O_EXCL | O_WRONLY | O_CREAT | O_TRUNC, 0600);
++  fd = open (file, O_WRONLY | O_CREAT | O_TRUNC, 0600);
+   if (fd < 0 || (fp = fdopen (fd, "w")) == NULL)
+     {
+       error (0, errno, "%s", file);
+@@ -420,22 +420,24 @@ xfwrite (const char *buf, int size, int 
+ static char *
+ tempname (void)
+ {
+-  static unsigned int seq;
++  int fd;
+   int len = strlen (temp_file_prefix);
+   char *name = xmalloc (len + 1 + sizeof ("sort") - 1 + 5 + 5 + 1);
+   struct tempnode *node;
+ 
+   node = (struct tempnode *) xmalloc (sizeof (struct tempnode));
+   sprintf (name,
+-	   "%s%ssort%5.5d%5.5d",
++	   "%s%ssortXXXXXXXXXX",
+ 	   temp_file_prefix,
+-	   (len && temp_file_prefix[len - 1] != '/') ? "/" : "",
+-	   (unsigned int) getpid () & 0xffff, seq);
++	   (len && temp_file_prefix[len - 1] != '/') ? "/" : "");
+ 
+-  /* Make sure that SEQ's value fits in 5 digits.  */
+-  ++seq;
+-  if (seq >= 100000)
+-    seq = 0;
++  if ((fd = mkstemp(name)) == -1)
++    {
++      error (0, errno, _("mkstemp error"));
++      cleanup ();
++      exit (2);
++    }
++  close(fd);
+ 
+   node->name = name;
+   node->next = temphead.next;
diff --git a/share/security/patches/SA-01:13/sort-4.1.1.patch.asc b/share/security/patches/SA-01:13/sort-4.1.1.patch.asc
new file mode 100644
index 0000000000..62141cd75f
--- /dev/null
+++ b/share/security/patches/SA-01:13/sort-4.1.1.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOnXdrlUuHi5z0oilAQGEKwQAnJ39wY+Sk3efGgaNcIge9+qAVN02JeOX
+W/zNaqStLn5/KWpWjlZQb7+FEOrtY6I2Yx94lkCjlAX0A9S1HuumZp6mbturwira
+2nQOB403hB0cvfUXD+tfPi+12DNWKsD6PhimJF+UMGoSKGN0XbTlC4TU363mCKec
+SJI95ogoUx8=
+=/lRB
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:24/sshd-4.2-release.patch b/share/security/patches/SA-01:24/sshd-4.2-release.patch
new file mode 100644
index 0000000000..cb88672644
--- /dev/null
+++ b/share/security/patches/SA-01:24/sshd-4.2-release.patch
@@ -0,0 +1,210 @@
+Index: deattack.c
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/deattack.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 deattack.c
+--- deattack.c	2000/10/28 23:00:48	1.1.1.1.2.1
++++ deattack.c	2001/02/13 00:28:07
+@@ -85,7 +85,7 @@
+ detect_attack(unsigned char *buf, u_int32_t len, unsigned char *IV)
+ {
+ 	static u_int16_t *h = (u_int16_t *) NULL;
+-	static u_int16_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
++	static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ 	register u_int32_t i, j;
+ 	u_int32_t l;
+ 	register unsigned char *c;
+Index: rsa.c
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/rsa.c,v
+retrieving revision 1.1.1.1.2.4
+diff -u -r1.1.1.1.2.4 rsa.c
+--- rsa.c	2000/10/28 23:00:49	1.1.1.1.2.4
++++ rsa.c	2001/02/13 00:28:47
+@@ -161,7 +161,7 @@
+ 	xfree(inbuf);
+ }
+ 
+-void
++int
+ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
+ {
+ 	unsigned char *inbuf, *outbuf;
+@@ -175,15 +175,16 @@
+ 	BN_bn2bin(in, inbuf);
+ 
+ 	if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
+-	    RSA_PKCS1_PADDING)) <= 0)
+-		fatal("rsa_private_decrypt() failed.");
+-
+-	BN_bin2bn(outbuf, len, out);
+-
++	    RSA_PKCS1_PADDING)) <= 0) {
++		error("rsa_private_decrypt() failed");
++	} else {
++		BN_bin2bn(outbuf, len, out);
++	}
+ 	memset(outbuf, 0, olen);
+ 	memset(inbuf, 0, ilen);
+ 	xfree(outbuf);
+ 	xfree(inbuf);
++	return len;
+ }
+ 
+ /* Set whether to output verbose messages during key generation. */
+Index: rsa.h
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/rsa.h,v
+retrieving revision 1.2.2.2
+diff -u -r1.2.2.2 rsa.h
+--- rsa.h	2000/10/28 23:00:49	1.2.2.2
++++ rsa.h	2001/02/13 00:28:09
+@@ -32,6 +32,6 @@
+ int rsa_alive __P((void));
+ 
+ void rsa_public_encrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
+-void rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
++int rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
+ 
+ #endif				/* RSA_H */
+Index: ssh-agent.c
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/ssh-agent.c,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 ssh-agent.c
+--- ssh-agent.c	2000/10/28 23:00:49	1.2.2.3
++++ ssh-agent.c	2001/02/13 00:28:09
+@@ -191,7 +191,8 @@
+ 	private = lookup_private_key(key, NULL, 1);
+ 	if (private != NULL) {
+ 		/* Decrypt the challenge using the private key. */
+-		rsa_private_decrypt(challenge, challenge, private->rsa);
++		if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0)
++			goto failure;
+ 
+ 		/* The response is MD5 of decrypted challenge plus session id. */
+ 		len = BN_num_bytes(challenge);
+Index: sshconnect1.c
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/sshconnect1.c,v
+retrieving revision 1.2.2.2
+diff -u -r1.2.2.2 sshconnect1.c
+--- sshconnect1.c	2000/10/28 23:00:51	1.2.2.2
++++ sshconnect1.c	2001/02/13 00:28:09
+@@ -153,14 +153,17 @@
+ 	int i, len;
+ 
+ 	/* Decrypt the challenge using the private key. */
+-	rsa_private_decrypt(challenge, challenge, prv);
++	/* XXX think about Bleichenbacher, too */
++	if (rsa_private_decrypt(challenge, challenge, prv) <= 0)
++		packet_disconnect(
++		    "respond_to_rsa_challenge: rsa_private_decrypt failed");
+ 
+ 	/* Compute the response. */
+ 	/* The response is MD5 of decrypted challenge plus session id. */
+ 	len = BN_num_bytes(challenge);
+ 	if (len <= 0 || len > sizeof(buf))
+-		packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
+-				  len);
++		packet_disconnect(
++		    "respond_to_rsa_challenge: bad challenge length %d", len);
+ 
+ 	memset(buf, 0, sizeof(buf));
+ 	BN_bn2bin(challenge, buf + sizeof(buf) - len);
+Index: sshd.c
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/sshd.c,v
+retrieving revision 1.6.2.3
+diff -u -r1.6.2.3 sshd.c
+--- sshd.c	2000/10/28 23:00:51	1.6.2.3
++++ sshd.c	2001/02/13 00:28:09
+@@ -1149,6 +1149,7 @@
+ {
+ 	int i, len;
+ 	int plen, slen;
++	int rsafail = 0;
+ 	BIGNUM *session_key_int;
+ 	unsigned char session_key[SSH_SESSION_KEY_LENGTH];
+ 	unsigned char cookie[8];
+@@ -1270,7 +1271,7 @@
+ 	 * with larger modulus first).
+ 	 */
+ 	if (BN_cmp(sensitive_data.private_key->n, sensitive_data.host_key->n) > 0) {
+-		/* Private key has bigger modulus. */
++		/* Server key has bigger modulus. */
+ 		if (BN_num_bits(sensitive_data.private_key->n) <
+ 		    BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) {
+ 			fatal("do_connection: %s: private_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
+@@ -1279,10 +1280,12 @@
+ 			      BN_num_bits(sensitive_data.host_key->n),
+ 			      SSH_KEY_BITS_RESERVED);
+ 		}
+-		rsa_private_decrypt(session_key_int, session_key_int,
+-				    sensitive_data.private_key);
+-		rsa_private_decrypt(session_key_int, session_key_int,
+-				    sensitive_data.host_key);
++		if (rsa_private_decrypt(session_key_int, session_key_int,
++		    sensitive_data.private_key) <= 0)
++			rsafail++;
++		if (rsa_private_decrypt(session_key_int, session_key_int,
++		    sensitive_data.host_key) <= 0)
++			rsafail++;
+ 	} else {
+ 		/* Host key has bigger modulus (or they are equal). */
+ 		if (BN_num_bits(sensitive_data.host_key->n) <
+@@ -1293,10 +1296,12 @@
+ 			      BN_num_bits(sensitive_data.private_key->n),
+ 			      SSH_KEY_BITS_RESERVED);
+ 		}
+-		rsa_private_decrypt(session_key_int, session_key_int,
+-				    sensitive_data.host_key);
+-		rsa_private_decrypt(session_key_int, session_key_int,
+-				    sensitive_data.private_key);
++		if (rsa_private_decrypt(session_key_int, session_key_int,
++		    sensitive_data.host_key) < 0)
++			rsafail++;
++		if (rsa_private_decrypt(session_key_int, session_key_int,
++		    sensitive_data.private_key) < 0)
++			rsafail++;
+ 	}
+ 
+ 	compute_session_id(session_id, cookie,
+@@ -1311,14 +1316,29 @@
+ 	 * least significant 256 bits of the integer; the first byte of the
+ 	 * key is in the highest bits.
+ 	 */
+-	BN_mask_bits(session_key_int, sizeof(session_key) * 8);
+-	len = BN_num_bytes(session_key_int);
+-	if (len < 0 || len > sizeof(session_key))
+-		fatal("do_connection: bad len from %s: session_key_int %d > sizeof(session_key) %d",
+-		      get_remote_ipaddr(),
+-		      len, sizeof(session_key));
+-	memset(session_key, 0, sizeof(session_key));
+-	BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len);
++	if (!rsafail) {
++		BN_mask_bits(session_key_int, sizeof(session_key) * 8);
++		len = BN_num_bytes(session_key_int);
++		if (len < 0 || len > sizeof(session_key)) {
++			error("do_connection: bad session key len from %s: "
++			    "session_key_int %d > sizeof(session_key) %d",
++			    get_remote_ipaddr(), len, sizeof(session_key));
++			rsafail++;
++		} else {
++			memset(session_key, 0, sizeof(session_key));
++			BN_bn2bin(session_key_int,
++			    session_key + sizeof(session_key) - len);
++		}
++	}
++	if (rsafail) {
++		log("do_connection: generating a fake encryption key");
++		for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
++			if (i % 4 == 0)
++				rand = arc4random();
++			session_key[i] = rand & 0xff;
++			rand >>= 8;
++		}
++	}
+ 
+ 	/* Destroy the decrypted integer.  It is no longer needed. */
+ 	BN_clear_free(session_key_int);
diff --git a/share/security/patches/SA-01:24/sshd-4.2-release.patch.asc b/share/security/patches/SA-01:24/sshd-4.2-release.patch.asc
new file mode 100644
index 0000000000..4ef31ea7e4
--- /dev/null
+++ b/share/security/patches/SA-01:24/sshd-4.2-release.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOoiAllUuHi5z0oilAQHssgP/Zd/Y8i86Ne7EyJvbr/nHikuWNDVvP/G1
+ExWcg5CSblqUFMJEQNdlAb7f3azJV1X/lkzWoypJZLha/tBT3zcN/brFT0cjxgJB
+JF51duNQw//3HxeN28dikIf9Z8RlJLynRw4d6g4w6acJry325OE1NTtbwZFaF4hU
+rFdzgEma4XI=
+=XdNZ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:24/sshd-4.2-stable.patch b/share/security/patches/SA-01:24/sshd-4.2-stable.patch
new file mode 100644
index 0000000000..a0d574aaaf
--- /dev/null
+++ b/share/security/patches/SA-01:24/sshd-4.2-stable.patch
@@ -0,0 +1,194 @@
+Index: rsa.c
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/rsa.c,v
+retrieving revision 1.1.1.1.2.5
+diff -u -r1.1.1.1.2.5 rsa.c
+--- rsa.c	2001/01/12 04:25:57	1.1.1.1.2.5
++++ rsa.c	2001/02/12 04:04:41
+@@ -161,7 +161,7 @@
+ 	xfree(inbuf);
+ }
+ 
+-void
++int
+ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
+ {
+ 	unsigned char *inbuf, *outbuf;
+@@ -175,15 +175,16 @@
+ 	BN_bn2bin(in, inbuf);
+ 
+ 	if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
+-	    RSA_PKCS1_PADDING)) <= 0)
+-		fatal("rsa_private_decrypt() failed.");
+-
+-	BN_bin2bn(outbuf, len, out);
+-
++	    RSA_PKCS1_PADDING)) <= 0) {
++		error("rsa_private_decrypt() failed");
++	} else {
++		BN_bin2bn(outbuf, len, out);
++	}
+ 	memset(outbuf, 0, olen);
+ 	memset(inbuf, 0, ilen);
+ 	xfree(outbuf);
+ 	xfree(inbuf);
++	return len;
+ }
+ 
+ /* Set whether to output verbose messages during key generation. */
+Index: rsa.h
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/rsa.h,v
+retrieving revision 1.2.2.2
+diff -u -r1.2.2.2 rsa.h
+--- rsa.h	2000/10/28 23:00:49	1.2.2.2
++++ rsa.h	2001/02/12 04:03:40
+@@ -32,6 +32,6 @@
+ int rsa_alive __P((void));
+ 
+ void rsa_public_encrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
+-void rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
++int rsa_private_decrypt __P((BIGNUM * out, BIGNUM * in, RSA * prv));
+ 
+ #endif				/* RSA_H */
+Index: ssh-agent.c
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/ssh-agent.c,v
+retrieving revision 1.2.2.5
+diff -u -r1.2.2.5 ssh-agent.c
+--- ssh-agent.c	2001/02/04 20:24:33	1.2.2.5
++++ ssh-agent.c	2001/02/12 04:03:40
+@@ -194,7 +194,8 @@
+ 	private = lookup_private_key(key, NULL, 1);
+ 	if (private != NULL) {
+ 		/* Decrypt the challenge using the private key. */
+-		rsa_private_decrypt(challenge, challenge, private->rsa);
++		if (rsa_private_decrypt(challenge, challenge, private->rsa) <= 0)
++			goto failure;
+ 
+ 		/* The response is MD5 of decrypted challenge plus session id. */
+ 		len = BN_num_bytes(challenge);
+Index: sshconnect1.c
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/sshconnect1.c,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 sshconnect1.c
+--- sshconnect1.c	2001/01/12 04:25:58	1.2.2.3
++++ sshconnect1.c	2001/02/12 04:03:40
+@@ -152,14 +152,17 @@
+ 	int i, len;
+ 
+ 	/* Decrypt the challenge using the private key. */
+-	rsa_private_decrypt(challenge, challenge, prv);
++	/* XXX think about Bleichenbacher, too */
++	if (rsa_private_decrypt(challenge, challenge, prv) <= 0)
++		packet_disconnect(
++		    "respond_to_rsa_challenge: rsa_private_decrypt failed");
+ 
+ 	/* Compute the response. */
+ 	/* The response is MD5 of decrypted challenge plus session id. */
+ 	len = BN_num_bytes(challenge);
+ 	if (len <= 0 || len > sizeof(buf))
+-		packet_disconnect("respond_to_rsa_challenge: bad challenge length %d",
+-				  len);
++		packet_disconnect(
++		    "respond_to_rsa_challenge: bad challenge length %d", len);
+ 
+ 	memset(buf, 0, sizeof(buf));
+ 	BN_bn2bin(challenge, buf + sizeof(buf) - len);
+Index: sshd.c
+===================================================================
+RCS file: /usr2/ncvs/src/crypto/openssh/sshd.c,v
+retrieving revision 1.6.2.5
+diff -u -r1.6.2.5 sshd.c
+--- sshd.c	2001/01/18 22:36:53	1.6.2.5
++++ sshd.c	2001/02/12 04:09:43
+@@ -1108,6 +1108,7 @@
+ {
+ 	int i, len;
+ 	int plen, slen;
++	int rsafail = 0;
+ 	BIGNUM *session_key_int;
+ 	unsigned char session_key[SSH_SESSION_KEY_LENGTH];
+ 	unsigned char cookie[8];
+@@ -1229,7 +1230,7 @@
+ 	 * with larger modulus first).
+ 	 */
+ 	if (BN_cmp(sensitive_data.private_key->n, sensitive_data.host_key->n) > 0) {
+-		/* Private key has bigger modulus. */
++		/* Server key has bigger modulus. */
+ 		if (BN_num_bits(sensitive_data.private_key->n) <
+ 		    BN_num_bits(sensitive_data.host_key->n) + SSH_KEY_BITS_RESERVED) {
+ 			fatal("do_connection: %s: private_key %d < host_key %d + SSH_KEY_BITS_RESERVED %d",
+@@ -1238,10 +1239,12 @@
+ 			      BN_num_bits(sensitive_data.host_key->n),
+ 			      SSH_KEY_BITS_RESERVED);
+ 		}
+-		rsa_private_decrypt(session_key_int, session_key_int,
+-				    sensitive_data.private_key);
+-		rsa_private_decrypt(session_key_int, session_key_int,
+-				    sensitive_data.host_key);
++		if (rsa_private_decrypt(session_key_int, session_key_int,
++		    sensitive_data.private_key) <= 0)
++			rsafail++;
++		if (rsa_private_decrypt(session_key_int, session_key_int,
++		    sensitive_data.host_key) <= 0)
++			rsafail++;
+ 	} else {
+ 		/* Host key has bigger modulus (or they are equal). */
+ 		if (BN_num_bits(sensitive_data.host_key->n) <
+@@ -1252,10 +1255,12 @@
+ 			      BN_num_bits(sensitive_data.private_key->n),
+ 			      SSH_KEY_BITS_RESERVED);
+ 		}
+-		rsa_private_decrypt(session_key_int, session_key_int,
+-				    sensitive_data.host_key);
+-		rsa_private_decrypt(session_key_int, session_key_int,
+-				    sensitive_data.private_key);
++		if (rsa_private_decrypt(session_key_int, session_key_int,
++		    sensitive_data.host_key) < 0)
++			rsafail++;
++		if (rsa_private_decrypt(session_key_int, session_key_int,
++		    sensitive_data.private_key) < 0)
++			rsafail++;
+ 	}
+ 
+ 	compute_session_id(session_id, cookie,
+@@ -1270,14 +1275,29 @@
+ 	 * least significant 256 bits of the integer; the first byte of the
+ 	 * key is in the highest bits.
+ 	 */
+-	BN_mask_bits(session_key_int, sizeof(session_key) * 8);
+-	len = BN_num_bytes(session_key_int);
+-	if (len < 0 || len > sizeof(session_key))
+-		fatal("do_connection: bad len from %s: session_key_int %d > sizeof(session_key) %d",
+-		      get_remote_ipaddr(),
+-		      len, sizeof(session_key));
+-	memset(session_key, 0, sizeof(session_key));
+-	BN_bn2bin(session_key_int, session_key + sizeof(session_key) - len);
++	if (!rsafail) {
++		BN_mask_bits(session_key_int, sizeof(session_key) * 8);
++		len = BN_num_bytes(session_key_int);
++		if (len < 0 || len > sizeof(session_key)) {
++			error("do_connection: bad session key len from %s: "
++			    "session_key_int %d > sizeof(session_key) %d",
++			    get_remote_ipaddr(), len, sizeof(session_key));
++			rsafail++;
++		} else {
++			memset(session_key, 0, sizeof(session_key));
++			BN_bn2bin(session_key_int,
++			    session_key + sizeof(session_key) - len);
++		}
++	}
++	if (rsafail) {
++		log("do_connection: generating a fake encryption key");
++		for (i = 0; i < SSH_SESSION_KEY_LENGTH; i++) {
++			if (i % 4 == 0)
++				rand = arc4random();
++			session_key[i] = rand & 0xff;
++			rand >>= 8;
++		}
++	}
+ 
+ 	/* Destroy the decrypted integer.  It is no longer needed. */
+ 	BN_clear_free(session_key_int);
diff --git a/share/security/patches/SA-01:24/sshd-4.2-stable.patch.asc b/share/security/patches/SA-01:24/sshd-4.2-stable.patch.asc
new file mode 100644
index 0000000000..94c43c959c
--- /dev/null
+++ b/share/security/patches/SA-01:24/sshd-4.2-stable.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOoiAkFUuHi5z0oilAQHfXgP/bXe4M/cp6PrZRGGCxcRZNDbFzQKT7SCV
+iCyEtcyvKAvCUX5M3j7ko36IzNmebTuDBEcorwzrXcHTIOLJzJuodKP2voMWEr2l
+nrggvEzI9e88ru27N+TvmZXX0Ulqh9nBDcPd59bccwIAyVCDXm6fI3j2xQlCqFiC
+AqL5GlR0cS8=
+=btX1
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch b/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch
new file mode 100644
index 0000000000..7e8013db7f
--- /dev/null
+++ b/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch
@@ -0,0 +1,247 @@
+Index: crypto/kerberosIV/lib/krb/kdc_reply.c
+===================================================================
+RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/kdc_reply.c,v
+retrieving revision 1.1.1.1.4.1
+retrieving revision 1.1.1.1.4.2
+diff -u -u -r1.1.1.1.4.1 -r1.1.1.1.4.2
+--- crypto/kerberosIV/lib/krb/kdc_reply.c	2000/07/04 15:04:26	1.1.1.1.4.1
++++ crypto/kerberosIV/lib/krb/kdc_reply.c	2000/12/15 03:02:19	1.1.1.1.4.2
+@@ -121,6 +121,9 @@
+     p += krb_get_int(p, &exp_date, 4, little_endian);
+     p++; /* master key version number */
+     p += krb_get_int(p, &clen, 2, little_endian);
++    if (reply->length - (p - reply->dat) < clen)
++	return INTK_PROT;
++
+     cip->length = clen;
+     memcpy(cip->dat, p, clen);
+     p += clen;
+Index: crypto/kerberosIV/lib/krb/tf_util.c
+===================================================================
+RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/tf_util.c,v
+retrieving revision 1.1.1.1.4.1
+retrieving revision 1.1.1.1.4.2
+diff -u -u -r1.1.1.1.4.1 -r1.1.1.1.4.2
+--- crypto/kerberosIV/lib/krb/tf_util.c	2000/07/04 15:04:27	1.1.1.1.4.1
++++ crypto/kerberosIV/lib/krb/tf_util.c	2000/12/15 03:01:31	1.1.1.1.4.2
+@@ -249,20 +249,6 @@
+ int
+ tf_create(char *tf_name)
+ {
+-  struct stat statbuf;
+-  char garbage[BUFSIZ];
+-
+-  fd = open(tf_name, O_RDWR | O_BINARY, 0);
+-  if (fd >= 0) {
+-    if (fstat (fd, &statbuf) == 0) {
+-      int i;
+-
+-      for (i = 0; i < statbuf.st_size; i += sizeof(garbage))
+-	write (fd, garbage, sizeof(garbage));
+-    }
+-    close (fd);
+-  }
+-
+   if (unlink (tf_name) && errno != ENOENT)
+     return TKT_FIL_ACC;
+ 
+Index: crypto/kerberosIV/lib/krb/extra.c
+===================================================================
+RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/extra.c,v
+retrieving revision 1.1.1.2.4.1
+retrieving revision 1.1.1.2.4.2
+diff -u -u -r1.1.1.2.4.1 -r1.1.1.2.4.2
+--- crypto/kerberosIV/lib/krb/extra.c	2000/07/04 15:04:25	1.1.1.2.4.1
++++ crypto/kerberosIV/lib/krb/extra.c	2000/12/15 03:01:04	1.1.1.2.4.2
+@@ -70,30 +70,6 @@
+ 
+ #ifndef WIN32
+ 
+-struct obsolete {
+-    const char *from;
+-    const char *to;
+-} obsolete [] = {
+-    { "KDC_TIMESYNC", "kdc_timesync" },
+-    { "KRB_REVERSE_DIRECTION", "reverse_lsb_test"},
+-    { "krb4_proxy", "krb4_proxy"},
+-    { NULL, NULL }
+-};
+-    
+-static void
+-check_obsolete(void)
+-{
+-    struct obsolete *r;
+-    for(r = obsolete; r->from; r++) {
+-	if(getenv(r->from)) {
+-	    krb_warning("The environment variable `%s' is obsolete;\n"
+-			"set `%s' in your `krb.extra' file instead\n", 
+-			r->from, r->to);
+-	    define_variable(r->to, getenv(r->from));
+-	}
+-    }
+-}
+-
+ static int
+ read_extra_file(void)
+ {
+@@ -103,7 +79,6 @@
+     if(_krb_extra_read)
+ 	return 0;
+     _krb_extra_read = 1;
+-    check_obsolete();
+     while(krb_get_krbextra(i++, file, sizeof(file)) == 0) {
+ 	FILE *f = fopen(file, "r");
+ 	if(f == NULL)
+Index: crypto/telnet/telnetd/sys_term.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/telnet/telnetd/sys_term.c,v
+retrieving revision 1.5.2.2
+retrieving revision 1.5.2.3
+diff -u -r1.5.2.2 -r1.5.2.3
+--- crypto/telnet/telnetd/sys_term.c	1999/08/29 16:18:10	1.5.2.2
++++ crypto/telnet/telnetd/sys_term.c	2000/12/15 03:00:11	1.5.2.3
+@@ -1839,27 +1839,48 @@
+ /*
+  * scrub_env()
+  *
+- * Remove a few things from the environment that
+- * don't need to be there.
++ * We only accept the environment variables listed below.
+  */
+ 	void
+ scrub_env()
+ {
+-	register char **cpp, **cpp2;
++	static const char *reject[] = {
++		"TERMCAP=/",
++		NULL
++	};
+ 
+-	for (cpp2 = cpp = environ; *cpp; cpp++) {
+-#ifdef __FreeBSD__
+-		if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
+-		    strncmp(*cpp, "LD_PRELOAD=", 11) &&
+-#else
+-		if (strncmp(*cpp, "LD_", 3) &&
+-		    strncmp(*cpp, "_RLD_", 5) &&
+-		    strncmp(*cpp, "LIBPATH=", 8) &&
+-#endif
+-		    strncmp(*cpp, "IFS=", 4))
+-			*cpp2++ = *cpp;
+-	}
+-	*cpp2 = 0;
++	static const char *accept[] = {
++		"XAUTH=", "XAUTHORITY=", "DISPLAY=",
++		"TERM=",
++		"EDITOR=",
++		"PAGER=",
++		"LOGNAME=",
++		"POSIXLY_CORRECT=",
++		"PRINTER=",
++		NULL
++	};
++
++	char **cpp, **cpp2;
++	const char **p;
++ 
++ 	for (cpp2 = cpp = environ; *cpp; cpp++) {
++		int reject_it = 0;
++
++		for(p = reject; *p; p++)
++			if(strncmp(*cpp, *p, strlen(*p)) == 0) {
++				reject_it = 1;
++				break;
++			}
++		if (reject_it)
++			continue;
++
++		for(p = accept; *p; p++)
++			if(strncmp(*cpp, *p, strlen(*p)) == 0)
++				break;
++		if(*p != NULL)
++ 			*cpp2++ = *cpp;
++ 	}
++	*cpp2 = NULL;
+ }
+ 
+ /*
+Index: libexec/telnetd/sys_term.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/sys_term.c,v
+retrieving revision 1.20.2.4
+retrieving revision 1.20.2.5
+diff -u -r1.20.2.4 -r1.20.2.5
+--- libexec/telnetd/sys_term.c	2000/11/20 03:09:37	1.20.2.4
++++ libexec/telnetd/sys_term.c	2000/12/15 02:59:15	1.20.2.5
+@@ -1778,34 +1778,48 @@
+ /*
+  * scrub_env()
+  *
+- * Remove a few things from the environment that
+- * don't need to be there.
++ * We only accept the environment variables listed below.
+  */
+ 	void
+ scrub_env()
+ {
+-	register char **cpp, **cpp2;
++	static const char *reject[] = {
++		"TERMCAP=/",
++		NULL
++	};
+ 
+-	for (cpp2 = cpp = environ; *cpp; cpp++) {
+-#ifdef __FreeBSD__
+-		if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
+-		    strncmp(*cpp, "LD_PRELOAD=", 11) &&
+-#else
+-		if (strncmp(*cpp, "LD_", 3) &&
+-		    strncmp(*cpp, "_RLD_", 5) &&
+-		    strncmp(*cpp, "LIBPATH=", 8) &&
+-#endif
+-		    strncmp(*cpp, "LOCALDOMAIN=", 12) &&
+-		    strncmp(*cpp, "RES_OPTIONS=", 12) &&
+-		    strncmp(*cpp, "TERMINFO=", 9) &&
+-		    strncmp(*cpp, "TERMINFO_DIRS=", 14) &&
+-		    strncmp(*cpp, "TERMPATH=", 9) &&
+-		    strncmp(*cpp, "TERMCAP=/", 9) &&
+-		    strncmp(*cpp, "ENV=", 4) &&
+-		    strncmp(*cpp, "IFS=", 4))
+-			*cpp2++ = *cpp;
+-	}
+-	*cpp2 = 0;
++	static const char *accept[] = {
++		"XAUTH=", "XAUTHORITY=", "DISPLAY=",
++		"TERM=",
++		"EDITOR=",
++		"PAGER=",
++		"LOGNAME=",
++		"POSIXLY_CORRECT=",
++		"PRINTER=",
++		NULL
++	};
++
++	char **cpp, **cpp2;
++	const char **p;
++ 
++ 	for (cpp2 = cpp = environ; *cpp; cpp++) {
++		int reject_it = 0;
++
++		for(p = reject; *p; p++)
++			if(strncmp(*cpp, *p, strlen(*p)) == 0) {
++				reject_it = 1;
++				break;
++			}
++		if (reject_it)
++			continue;
++
++		for(p = accept; *p; p++)
++			if(strncmp(*cpp, *p, strlen(*p)) == 0)
++				break;
++		if(*p != NULL)
++ 			*cpp2++ = *cpp;
++ 	}
++	*cpp2 = NULL;
+ }
+ 
+ /*
diff --git a/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch.asc b/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch.asc
new file mode 100644
index 0000000000..6241b7cdad
--- /dev/null
+++ b/share/security/patches/SA-01:25/telnetd-krb.3.5.1.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOopfPFUuHi5z0oilAQFDqwQAjHGF/msHy+cpVFUxPoHFF8tuuH8MndOm
+G8onJCiWdlRMC7U5oZ7cWWrYTY32BNMxREjpLxIbrT2ZGSihIhumqepzBcT743LV
+TCl8IJDhFkvPr2zGEIhF62NjgA3XSuHFw+8/jwCiM0wy3b+2NWK7U1ebpwCEgcmU
+3IW56iGH7ek=
+=1ddc
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:25/telnetd-krb.4.2.patch b/share/security/patches/SA-01:25/telnetd-krb.4.2.patch
new file mode 100644
index 0000000000..66e87549cd
--- /dev/null
+++ b/share/security/patches/SA-01:25/telnetd-krb.4.2.patch
@@ -0,0 +1,247 @@
+Index: crypto/kerberosIV/lib/krb/tf_util.c
+===================================================================
+RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/tf_util.c,v
+retrieving revision 1.1.1.3
+retrieving revision 1.1.1.3.2.1
+diff -u -u -r1.1.1.3 -r1.1.1.3.2.1
+--- crypto/kerberosIV/lib/krb/tf_util.c	2000/01/09 08:29:11	1.1.1.3
++++ crypto/kerberosIV/lib/krb/tf_util.c	2000/12/12 03:07:56	1.1.1.3.2.1
+@@ -249,20 +249,6 @@
+ int
+ tf_create(char *tf_name)
+ {
+-  struct stat statbuf;
+-  char garbage[BUFSIZ];
+-
+-  fd = open(tf_name, O_RDWR | O_BINARY, 0);
+-  if (fd >= 0) {
+-    if (fstat (fd, &statbuf) == 0) {
+-      int i;
+-
+-      for (i = 0; i < statbuf.st_size; i += sizeof(garbage))
+-	write (fd, garbage, sizeof(garbage));
+-    }
+-    close (fd);
+-  }
+-
+   if (unlink (tf_name) && errno != ENOENT)
+     return TKT_FIL_ACC;
+ 
+Index: crypto/kerberosIV/lib/krb/kdc_reply.c
+===================================================================
+RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/kdc_reply.c,v
+retrieving revision 1.1.1.3
+retrieving revision 1.1.1.3.2.1
+diff -u -u -r1.1.1.3 -r1.1.1.3.2.1
+--- crypto/kerberosIV/lib/krb/kdc_reply.c	2000/01/09 08:28:38	1.1.1.3
++++ crypto/kerberosIV/lib/krb/kdc_reply.c	2000/12/12 03:07:17	1.1.1.3.2.1
+@@ -121,6 +121,9 @@
+     p += krb_get_int(p, &exp_date, 4, little_endian);
+     p++; /* master key version number */
+     p += krb_get_int(p, &clen, 2, little_endian);
++    if (reply->length - (p - reply->dat) < clen)
++	return INTK_PROT;
++
+     cip->length = clen;
+     memcpy(cip->dat, p, clen);
+     p += clen;
+Index: crypto/kerberosIV/lib/krb/extra.c
+===================================================================
+RCS file: /mnt/ncvs/src/crypto/kerberosIV/lib/krb/extra.c,v
+retrieving revision 1.1.1.2
+retrieving revision 1.1.1.2.2.1
+diff -u -u -r1.1.1.2 -r1.1.1.2.2.1
+--- crypto/kerberosIV/lib/krb/extra.c	2000/01/09 08:28:26	1.1.1.2
++++ crypto/kerberosIV/lib/krb/extra.c	2000/12/12 03:06:34	1.1.1.2.2.1
+@@ -70,30 +70,6 @@
+ 
+ #ifndef WIN32
+ 
+-struct obsolete {
+-    const char *from;
+-    const char *to;
+-} obsolete [] = {
+-    { "KDC_TIMESYNC", "kdc_timesync" },
+-    { "KRB_REVERSE_DIRECTION", "reverse_lsb_test"},
+-    { "krb4_proxy", "krb4_proxy"},
+-    { NULL, NULL }
+-};
+-    
+-static void
+-check_obsolete(void)
+-{
+-    struct obsolete *r;
+-    for(r = obsolete; r->from; r++) {
+-	if(getenv(r->from)) {
+-	    krb_warning("The environment variable `%s' is obsolete;\n"
+-			"set `%s' in your `krb.extra' file instead\n", 
+-			r->from, r->to);
+-	    define_variable(r->to, getenv(r->from));
+-	}
+-    }
+-}
+-
+ static int
+ read_extra_file(void)
+ {
+@@ -103,7 +79,6 @@
+     if(_krb_extra_read)
+ 	return 0;
+     _krb_extra_read = 1;
+-    check_obsolete();
+     while(krb_get_krbextra(i++, file, sizeof(file)) == 0) {
+ 	FILE *f = fopen(file, "r");
+ 	if(f == NULL)
+Index: libexec/telnetd/sys_term.c
+===================================================================
+RCS file: /mnt/ncvs/src/libexec/telnetd/sys_term.c,v
+retrieving revision 1.24.2.3
+retrieving revision 1.24.2.4
+diff -u -u -r1.24.2.3 -r1.24.2.4
+--- libexec/telnetd/sys_term.c	2000/12/11 01:03:23	1.24.2.3
++++ libexec/telnetd/sys_term.c	2000/12/12 03:10:49	1.24.2.4
+@@ -1780,34 +1780,48 @@
+ /*
+  * scrub_env()
+  *
+- * Remove a few things from the environment that
+- * don't need to be there.
++ * We only accept the environment variables listed below.
+  */
+ 	void
+ scrub_env()
+ {
+-	register char **cpp, **cpp2;
++	static const char *reject[] = {
++		"TERMCAP=/",
++		NULL
++	};
+ 
+-	for (cpp2 = cpp = environ; *cpp; cpp++) {
+-#ifdef __FreeBSD__
+-		if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
+-		    strncmp(*cpp, "LD_PRELOAD=", 11) &&
+-#else
+-		if (strncmp(*cpp, "LD_", 3) &&
+-		    strncmp(*cpp, "_RLD_", 5) &&
+-		    strncmp(*cpp, "LIBPATH=", 8) &&
+-#endif
+-		    strncmp(*cpp, "LOCALDOMAIN=", 12) &&
+-		    strncmp(*cpp, "RES_OPTIONS=", 12) &&
+-		    strncmp(*cpp, "TERMINFO=", 9) &&
+-		    strncmp(*cpp, "TERMINFO_DIRS=", 14) &&
+-		    strncmp(*cpp, "TERMPATH=", 9) &&
+-		    strncmp(*cpp, "TERMCAP=/", 9) &&
+-		    strncmp(*cpp, "ENV=", 4) &&
+-		    strncmp(*cpp, "IFS=", 4))
+-			*cpp2++ = *cpp;
+-	}
+-	*cpp2 = 0;
++	static const char *accept[] = {
++		"XAUTH=", "XAUTHORITY=", "DISPLAY=",
++		"TERM=",
++		"EDITOR=",
++		"PAGER=",
++		"LOGNAME=",
++		"POSIXLY_CORRECT=",
++		"PRINTER=",
++		NULL
++	};
++
++	char **cpp, **cpp2;
++	const char **p;
++ 
++ 	for (cpp2 = cpp = environ; *cpp; cpp++) {
++		int reject_it = 0;
++
++		for(p = reject; *p; p++)
++			if(strncmp(*cpp, *p, strlen(*p)) == 0) {
++				reject_it = 1;
++				break;
++			}
++		if (reject_it)
++			continue;
++
++		for(p = accept; *p; p++)
++			if(strncmp(*cpp, *p, strlen(*p)) == 0)
++				break;
++		if(*p != NULL)
++ 			*cpp2++ = *cpp;
++ 	}
++	*cpp2 = NULL;
+ }
+ 
+ /*
+Index: crypto/telnet/telnetd/sys_term.c
+===================================================================
+RCS file: /mnt/ncvs/src/crypto/telnet/telnetd/sys_term.c,v
+retrieving revision 1.7.2.2
+retrieving revision 1.7.2.3
+diff -u -u -r1.7.2.2 -r1.7.2.3
+--- crypto/telnet/telnetd/sys_term.c	2000/12/10 20:27:54	1.7.2.2
++++ crypto/telnet/telnetd/sys_term.c	2000/12/12 03:09:35	1.7.2.3
+@@ -1839,27 +1839,48 @@
+ /*
+  * scrub_env()
+  *
+- * Remove a few things from the environment that
+- * don't need to be there.
++ * We only accept the environment variables listed below.
+  */
+ 	void
+ scrub_env()
+ {
+-	register char **cpp, **cpp2;
++	static const char *reject[] = {
++		"TERMCAP=/",
++		NULL
++	};
+ 
+-	for (cpp2 = cpp = environ; *cpp; cpp++) {
+-#ifdef __FreeBSD__
+-		if (strncmp(*cpp, "LD_LIBRARY_PATH=", 16) &&
+-		    strncmp(*cpp, "LD_PRELOAD=", 11) &&
+-#else
+-		if (strncmp(*cpp, "LD_", 3) &&
+-		    strncmp(*cpp, "_RLD_", 5) &&
+-		    strncmp(*cpp, "LIBPATH=", 8) &&
+-#endif
+-		    strncmp(*cpp, "IFS=", 4))
+-			*cpp2++ = *cpp;
+-	}
+-	*cpp2 = 0;
++	static const char *accept[] = {
++		"XAUTH=", "XAUTHORITY=", "DISPLAY=",
++		"TERM=",
++		"EDITOR=",
++		"PAGER=",
++		"LOGNAME=",
++		"POSIXLY_CORRECT=",
++		"PRINTER=",
++		NULL
++	};
++
++	char **cpp, **cpp2;
++	const char **p;
++ 
++ 	for (cpp2 = cpp = environ; *cpp; cpp++) {
++		int reject_it = 0;
++
++		for(p = reject; *p; p++)
++			if(strncmp(*cpp, *p, strlen(*p)) == 0) {
++				reject_it = 1;
++				break;
++			}
++		if (reject_it)
++			continue;
++
++		for(p = accept; *p; p++)
++			if(strncmp(*cpp, *p, strlen(*p)) == 0)
++				break;
++		if(*p != NULL)
++ 			*cpp2++ = *cpp;
++ 	}
++	*cpp2 = NULL;
+ }
+ 
+ /*
diff --git a/share/security/patches/SA-01:25/telnetd-krb.4.2.patch.asc b/share/security/patches/SA-01:25/telnetd-krb.4.2.patch.asc
new file mode 100644
index 0000000000..4bb0cf5875
--- /dev/null
+++ b/share/security/patches/SA-01:25/telnetd-krb.4.2.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOopcblUuHi5z0oilAQFpQwP9GXx6qYXEhCRXs3HDEpWRV0xJi+PfOgLK
+JqH4BrLCuuvd3JjGG/v2TgHg+0w00hua++jN0yzXiT4NLzwNDuqT0lPAN+pI+wDo
+PpsoTa5deVRIhWC5quJ0DNBanpv4R6H4orxbbpGmsAH0X0/JUk0crA+8FNtIRogT
+sSvdTszUUiU=
+=41HQ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:28/timed.patch b/share/security/patches/SA-01:28/timed.patch
new file mode 100644
index 0000000000..c544902c29
--- /dev/null
+++ b/share/security/patches/SA-01:28/timed.patch
@@ -0,0 +1,65 @@
+Index: readmsg.c
+===================================================================
+RCS file: /mnt/ncvs/src/usr.sbin/timed/timed/readmsg.c,v
+retrieving revision 1.5
+retrieving revision 1.7
+diff -u -r1.5 -r1.7
+--- readmsg.c	1999/08/28 01:20:18	1.5
++++ readmsg.c	2001/01/01 18:43:21	1.7
+@@ -88,6 +88,7 @@
+ 	struct tsplist *prev;
+ 	register struct netinfo *ntp;
+ 	register struct tsplist *ptr;
++	ssize_t n;
+ 
+ 	if (trace) {
+ 		fprintf(fd, "readmsg: looking for %s from %s, %s\n",
+@@ -206,11 +207,18 @@
+ 			continue;
+ 		}
+ 		length = sizeof(from);
+-		if (recvfrom(sock, (char *)&msgin, sizeof(struct tsp), 0,
+-			     (struct sockaddr*)&from, &length) < 0) {
++		if ((n = recvfrom(sock, (char *)&msgin, sizeof(struct tsp), 0,
++			     (struct sockaddr*)&from, &length)) < 0) {
+ 			syslog(LOG_ERR, "recvfrom: %m");
+ 			exit(1);
+ 		}
++		if (n < (ssize_t)sizeof(struct tsp)) {
++			syslog(LOG_NOTICE,
++			    "short packet (%u/%u bytes) from %s",
++			      n, sizeof(struct tsp),
++			      inet_ntoa(from.sin_addr));
++			continue;
++		}
+ 		(void)gettimeofday(&from_when, (struct timezone *)0);
+ 		bytehostorder(&msgin);
+ 
+@@ -222,6 +230,13 @@
+ 			continue;
+ 		}
+ 
++		if (memchr(msgin.tsp_name,
++		    '\0', sizeof msgin.tsp_name) == NULL) {
++			syslog(LOG_NOTICE, "hostname field not NUL terminated "
++			    "in packet from %s", inet_ntoa(from.sin_addr));
++			continue;
++		}
++
+ 		fromnet = NULL;
+ 		for (ntp = nettab; ntp != NULL; ntp = ntp->next)
+ 			if ((ntp->mask & from.sin_addr.s_addr) ==
+@@ -436,6 +451,13 @@
+ {
+ 	char tm[26];
+ 	time_t tsp_time_sec;
++
++	if (msg->tsp_type >= TSPTYPENUMBER) {
++		fprintf(fd, "bad type (%u) on packet from %s\n",
++		  msg->tsp_type, inet_ntoa(addr->sin_addr));
++		return;
++	}
++
+ 	switch (msg->tsp_type) {
+ 
+ 	case TSP_LOOP:
diff --git a/share/security/patches/SA-01:28/timed.patch.asc b/share/security/patches/SA-01:28/timed.patch.asc
new file mode 100644
index 0000000000..13e36b63cf
--- /dev/null
+++ b/share/security/patches/SA-01:28/timed.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOq1eqlUuHi5z0oilAQFk0AP/Ua/xd6m6yjYdgSgbedwwq1XgTzblzW9h
+CIjk7ClwfBEtUr5AVrntEKrzFfOYN0OzAtD0ieA84vVCahYyptXbCrzJHayLZN/x
+tzuVc1PuTBP+ReoHlo58B5BWnIQGVmHCJcnXPdO/m4fnt/KFL3fqUrloRchDDRc7
++YPZg14orFE=
+=SBhk
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:29/rwhod.patch b/share/security/patches/SA-01:29/rwhod.patch
new file mode 100644
index 0000000000..121eb1341f
--- /dev/null
+++ b/share/security/patches/SA-01:29/rwhod.patch
@@ -0,0 +1,43 @@
+Index: rwhod.c
+===================================================================
+RCS file: /mnt/ncvs/src/usr.sbin/rwhod/rwhod.c,v
+retrieving revision 1.14
+retrieving revision 1.15
+diff -u -r1.14 -r1.15
+--- rwhod.c	2000/07/12 00:47:33	1.14
++++ rwhod.c	2000/12/22 21:30:15	1.15
+@@ -56,6 +56,7 @@
+ #include <net/if_dl.h>
+ #include <net/route.h>
+ #include <netinet/in.h>
++#include <arpa/inet.h>
+ #include <protocols/rwhod.h>
+ 
+ #include <ctype.h>
+@@ -277,17 +278,22 @@
+ 			continue;
+ 		}
+ 		if (from.sin_port != sp->s_port && !insecure_mode) {
+-			syslog(LOG_WARNING, "%d: bad from port",
+-				ntohs(from.sin_port));
++			syslog(LOG_WARNING, "%d: bad source port from %s",
++			    ntohs(from.sin_port), inet_ntoa(from.sin_addr));
+ 			continue;
+ 		}
++		if (cc < WHDRSIZE) {
++			syslog(LOG_WARNING, "short packet from %s",
++			    inet_ntoa(from.sin_addr));
++			continue;
++		}
+ 		if (wd.wd_vers != WHODVERSION)
+ 			continue;
+ 		if (wd.wd_type != WHODTYPE_STATUS)
+ 			continue;
+ 		if (!verify(wd.wd_hostname, sizeof wd.wd_hostname)) {
+-			syslog(LOG_WARNING, "malformed host name from %x",
+-				from.sin_addr);
++			syslog(LOG_WARNING, "malformed host name from %s",
++			    inet_ntoa(from.sin_addr));
+ 			continue;
+ 		}
+ 		(void) snprintf(path, sizeof path, "whod.%s", wd.wd_hostname);
diff --git a/share/security/patches/SA-01:29/rwhod.patch.asc b/share/security/patches/SA-01:29/rwhod.patch.asc
new file mode 100644
index 0000000000..565925800e
--- /dev/null
+++ b/share/security/patches/SA-01:29/rwhod.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOq1fZlUuHi5z0oilAQFtYAP/V1epQfD+B33eF2nuvLR7aKfrsvOVOqxU
+mHug7WtFHEuVAm7vkCMIgSTJ4kiq3shfYNKCJo20FnIBKFUkU16HtnhBRFBg7aS8
+59UKJUmodOXFjh08uEpZZ8ZPdjF2xxwVZ862j6Ep+OHD2+lXW72XHrsvCFBrUTKn
+fvF0R7BQuJ0=
+=wrBz
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:30/fs.patch b/share/security/patches/SA-01:30/fs.patch
new file mode 100644
index 0000000000..b932527f7d
--- /dev/null
+++ b/share/security/patches/SA-01:30/fs.patch
@@ -0,0 +1,56 @@
+Index: sys/ufs/ufs/ufs_readwrite.c
+===================================================================
+RCS file: /usr2/ncvs/src/sys/ufs/ufs/ufs_readwrite.c,v
+retrieving revision 1.65.2.4
+retrieving revision 1.65.2.5
+diff -u -r1.65.2.4 -r1.65.2.5
+--- sys/ufs/ufs/ufs_readwrite.c	2000/12/11 07:33:22	1.65.2.4
++++ sys/ufs/ufs/ufs_readwrite.c	2000/12/22 18:44:34	1.65.2.5
+@@ -468,10 +468,19 @@
+ 		if (uio->uio_offset + xfersize > ip->i_size)
+ 			vnode_pager_setsize(vp, uio->uio_offset + xfersize);
+ 
++		/*      
++		 * Avoid a data-consistency race between write() and mmap()
++		 * by ensuring that newly allocated blocks are zerod.  The
++		 * race can occur even in the case where the write covers
++		 * the entire block.
++		 */
++		flags |= B_CLRBUF;
++#if 0
+ 		if (fs->fs_bsize > xfersize)
+ 			flags |= B_CLRBUF;
+ 		else
+ 			flags &= ~B_CLRBUF;
++#endif
+ /* XXX is uio->uio_offset the right thing here? */
+ 		error = VOP_BALLOC(vp, uio->uio_offset, xfersize,
+ 		    ap->a_cred, flags, &bp);
+Index: sys/gnu/ext2fs/ext2_readwrite.c
+===================================================================
+RCS file: /usr2/ncvs/src/sys/gnu/ext2fs/ext2_readwrite.c,v
+retrieving revision 1.18.2.1
+retrieving revision 1.18.2.2
+diff -u -r1.18.2.1 -r1.18.2.2
+--- sys/gnu/ext2fs/ext2_readwrite.c	2000/04/26 20:36:30	1.18.2.1
++++ sys/gnu/ext2fs/ext2_readwrite.c	2000/12/22 18:44:33	1.18.2.2
+@@ -238,10 +238,19 @@
+ 		if (uio->uio_offset + xfersize > ip->i_size)
+ 			vnode_pager_setsize(vp, uio->uio_offset + xfersize);
+ 
++		/*  
++		 * Avoid a data-consistency race between write() and mmap()
++		 * by ensuring that newly allocated blocks are zerod.  The
++		 * race can occur even in the case where the write covers
++		 * the entire block.
++		 */
++		flags |= B_CLRBUF;
++#if 0
+ 		if (fs->s_frag_size > xfersize)
+ 			flags |= B_CLRBUF;
+ 		else
+ 			flags &= ~B_CLRBUF;
++#endif
+ 
+ 		error = ext2_balloc(ip,
+ 		    lbn, blkoffset + xfersize, ap->a_cred, &bp, flags);
diff --git a/share/security/patches/SA-01:30/fs.patch.asc b/share/security/patches/SA-01:30/fs.patch.asc
new file mode 100644
index 0000000000..9fd408ab8e
--- /dev/null
+++ b/share/security/patches/SA-01:30/fs.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOrpp6lUuHi5z0oilAQGBjAQAqVGl+9Y/Fbx2bFkZJf7FRo6Y033wG1r1
+EMyrKfLRI0AmPiwBPrNOLE/s0zJ+HJGt5YYBoPettArH19btOurNNyG2YMAj6gye
+lTXSZMMX++zKfg9HEsmadvJluC2JiG5QuiLAENFEw3gSkkg4Vm0BRNjffRq/6FWI
+OHHC804l3cc=
+=khDA
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:31/ntpd-3.x.patch b/share/security/patches/SA-01:31/ntpd-3.x.patch
new file mode 100644
index 0000000000..d365e4b43e
--- /dev/null
+++ b/share/security/patches/SA-01:31/ntpd-3.x.patch
@@ -0,0 +1,47 @@
+Index: usr.sbin/xntpd/xntpd/ntp_control.c
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/xntpd/xntpd/Attic/ntp_control.c,v
+retrieving revision 1.6
+diff -u -r1.6 ntp_control.c
+--- usr.sbin/xntpd/xntpd/ntp_control.c	1995/05/30 03:54:35	1.6
++++ usr.sbin/xntpd/xntpd/ntp_control.c	2001/04/06 19:36:45
+@@ -1684,7 +1684,7 @@
+ 	/*
+ 	 * Delete leading commas and white space
+ 	 */
+-	while (reqpt < reqend && (*reqpt == ',' || isspace(*reqpt))) {
++	while (reqpt < reqend && (*reqpt == ',' || isspace((unsigned char)*reqpt))) {
+ 		reqpt++;
+ 	}
+ 
+@@ -1708,7 +1708,7 @@
+ 				tp++;
+ 			}
+ 			if ((*tp == '\0') || (*tp == '=')) {
+-				while (cp < reqend && isspace(*cp))
++				while (cp < reqend && isspace((unsigned char)*cp))
+ 					cp++;
+ 				if (cp == reqend || *cp == ',') {
+ 					buf[0] = '\0';
+@@ -1721,14 +1721,18 @@
+ 				if (*cp == '=') {
+ 					cp++;
+ 					tp = buf;
+-					while (cp < reqend && isspace(*cp))
++					while (cp < reqend && isspace((unsigned char)*cp))
+ 						cp++;
+-					while (cp < reqend && *cp != ',')
++					while (cp < reqend && *cp != ',') {
+ 						*tp++ = *cp++;
++						if (tp >= buf + sizeof(buf))
++							return (0);
++					}
+ 					if (cp < reqend)
+ 						cp++;
+ 					*tp = '\0';
+-					while (isspace(*(tp-1)))
++					while (tp != buf &&
++					    isspace((unsigned char)*(tp-1)))
+ 						*(--tp) = '\0';
+ 					reqpt = cp;
+ 					*data = buf;
diff --git a/share/security/patches/SA-01:31/ntpd-3.x.patch.asc b/share/security/patches/SA-01:31/ntpd-3.x.patch.asc
new file mode 100644
index 0000000000..ee097d77ec
--- /dev/null
+++ b/share/security/patches/SA-01:31/ntpd-3.x.patch.asc
diff --git a/share/security/patches/SA-01:31/ntpd-4.x.patch b/share/security/patches/SA-01:31/ntpd-4.x.patch
new file mode 100644
index 0000000000..c4e50d6ae6
--- /dev/null
+++ b/share/security/patches/SA-01:31/ntpd-4.x.patch
@@ -0,0 +1,46 @@
+Index: contrib/ntp/ntpd/ntp_control.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/ntp/ntpd/ntp_control.c,v
+retrieving revision 1.1.1.2
+diff -u -r1.1.1.2 ntp_control.c
+--- contrib/ntp/ntpd/ntp_control.c	2000/01/28 14:53:03	1.1.1.2
++++ contrib/ntp/ntpd/ntp_control.c	2001/04/06 19:34:50
+@@ -1610,7 +1610,7 @@
+ 	/*
+ 	 * Delete leading commas and white space
+ 	 */
+-	while (reqpt < reqend && (*reqpt == ',' || isspace((int)*reqpt))) {
++	while (reqpt < reqend && (*reqpt == ',' || isspace((unsigned char)*reqpt))) {
+ 		reqpt++;
+ 	}
+ 
+@@ -1634,7 +1634,7 @@
+ 				tp++;
+ 			}
+ 			if ((*tp == '\0') || (*tp == '=')) {
+-				while (cp < reqend && isspace((int)*cp))
++				while (cp < reqend && isspace((unsigned char)*cp))
+ 					cp++;
+ 				if (cp == reqend || *cp == ',') {
+ 					buf[0] = '\0';
+@@ -1647,14 +1647,17 @@
+ 				if (*cp == '=') {
+ 					cp++;
+ 					tp = buf;
+-					while (cp < reqend && isspace((int)*cp))
++					while (cp < reqend && isspace((unsigned char)*cp))
+ 						cp++;
+-					while (cp < reqend && *cp != ',')
++					while (cp < reqend && *cp != ',') {
+ 						*tp++ = *cp++;
++						if (tp >= buf + sizeof(buf))
++							return (0);
++					}
+ 					if (cp < reqend)
+ 						cp++;
+ 					*tp = '\0';
+-					while (isspace((int)(*(tp-1))))
++					while (tp != buf && isspace((unsigned char)(*(tp-1))))
+ 						*(--tp) = '\0';
+ 					reqpt = cp;
+ 					*data = buf;
diff --git a/share/security/patches/SA-01:31/ntpd-4.x.patch.asc b/share/security/patches/SA-01:31/ntpd-4.x.patch.asc
new file mode 100644
index 0000000000..b24ffdf052
--- /dev/null
+++ b/share/security/patches/SA-01:31/ntpd-4.x.patch.asc
diff --git a/share/security/patches/SA-01:32/ipfilter.patch b/share/security/patches/SA-01:32/ipfilter.patch
new file mode 100644
index 0000000000..b75534e1dc
--- /dev/null
+++ b/share/security/patches/SA-01:32/ipfilter.patch
@@ -0,0 +1,169 @@
+Index: sys/netinet/ip_frag.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_frag.c,v
+retrieving revision 1.10.2.3
+diff -u -r1.10.2.3 ip_frag.c
+--- sys/netinet/ip_frag.c	2001/02/17 20:42:07	1.10.2.3
++++ sys/netinet/ip_frag.c	2001/04/08 13:22:50
+@@ -142,12 +142,15 @@
+ u_int pass;
+ ipfr_t *table[];
+ {
+-	ipfr_t	**fp, *fra, frag;
+-	u_int	idx;
++	ipfr_t **fp, *fra, frag;
++	u_int idx, off;
+ 
+ 	if (ipfr_inuse >= IPFT_SIZE)
+ 		return NULL;
+ 
++	if (!(fin->fin_fi.fi_fl & FI_FRAG))
++		return NULL;
++
+ 	frag.ipfr_p = ip->ip_p;
+ 	idx = ip->ip_p;
+ 	frag.ipfr_id = ip->ip_id;
+@@ -201,7 +204,10 @@
+ 	/*
+ 	 * Compute the offset of the expected start of the next packet.
+ 	 */
+-	fra->ipfr_off = (ip->ip_off & IP_OFFMASK) + (fin->fin_dlen >> 3);
++	off = ip->ip_off & IP_OFFMASK;
++	if (!off)
++		fra->ipfr_seen0 = 1;
++	fra->ipfr_off = off + (fin->fin_dlen >> 3);
+ 	ATOMIC_INCL(ipfr_stats.ifs_new);
+ 	ATOMIC_INC32(ipfr_inuse);
+ 	return fra;
+@@ -257,6 +263,9 @@
+ 	ipfr_t	*f, frag;
+ 	u_int	idx;
+ 
++	if (!(fin->fin_fi.fi_fl & FI_FRAG))
++		return NULL;
++
+ 	/*
+ 	 * For fragments, we record protocol, packet id, TOS and both IP#'s
+ 	 * (these should all be the same for all fragments of a packet).
+@@ -284,6 +293,19 @@
+ 			  IPFR_CMPSZ)) {
+ 			u_short	atoff, off;
+ 
++			/*
++			 * XXX - We really need to be guarding against the
++			 * retransmission of (src,dst,id,offset-range) here
++			 * because a fragmented packet is never resent with
++			 * the same IP ID#.
++			 */
++			off = ip->ip_off & IP_OFFMASK;
++			if (f->ipfr_seen0) {
++				if (!off || (fin->fin_fi.fi_fl & FI_SHORT))
++					continue;
++			} else if (!off)
++				f->ipfr_seen0 = 1;
++
+ 			if (f != table[idx]) {
+ 				/*
+ 				 * move fragment info. to the top of the list
+@@ -296,7 +318,6 @@
+ 				f->ipfr_prev = NULL;
+ 				table[idx] = f;
+ 			}
+-			off = ip->ip_off & IP_OFFMASK;
+ 			atoff = off + (fin->fin_dlen >> 3);
+ 			/*
+ 			 * If we've follwed the fragments, and this is the
+Index: sys/netinet/ip_frag.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_frag.h,v
+retrieving revision 1.7.2.2
+diff -u -r1.7.2.2 ip_frag.h
+--- sys/netinet/ip_frag.h	2001/02/17 20:42:07	1.7.2.2
++++ sys/netinet/ip_frag.h	2001/04/08 13:22:50
+@@ -25,7 +25,8 @@
+ 	u_char	ipfr_p;
+ 	u_char	ipfr_tos;
+ 	u_short	ipfr_off;
+-	u_short	ipfr_ttl;
++	u_char	ipfr_ttl;
++	u_char	ipfr_seen0;
+ 	frentry_t *ipfr_rule;
+ } ipfr_t;
+ 
+@@ -41,7 +42,8 @@
+ 	struct	ipfr	**ifs_nattab;
+ } ipfrstat_t;
+ 
+-#define	IPFR_CMPSZ	(4 + 4 + 2 + 1 + 1)
++#define	IPFR_CMPSZ	(offsetof(ipfr_t, ipfr_off) - \
++			 offsetof(ipfr_t, ipfr_src))
+ 
+ extern	int	fr_ipfrttl;
+ extern	int	fr_frag_lock;
+Index: sys/netinet/ip_nat.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_nat.c,v
+retrieving revision 1.12.2.3
+diff -u -r1.12.2.3 ip_nat.c
+--- sys/netinet/ip_nat.c	2001/02/17 20:42:07	1.12.2.3
++++ sys/netinet/ip_nat.c	2001/04/08 13:22:50
+@@ -2284,7 +2284,8 @@
+ 	 */
+ 	if (nat) {
+ 		np = nat->nat_ptr;
+-		if (natadd && fin->fin_fi.fi_fl & FI_FRAG)
++		if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) &&
++		    np && (np->in_flags & IPN_FRAG))
+ 			ipfr_nat_newfrag(ip, fin, 0, nat);
+ 		MUTEX_ENTER(&nat->nat_lock);
+ 		nat->nat_age = fr_defnatage;
+@@ -2489,7 +2490,8 @@
+ 	if (nat) {
+ 		np = nat->nat_ptr;
+ 		fin->fin_fr = nat->nat_fr;
+-		if (natadd && fin->fin_fi.fi_fl & FI_FRAG)
++		if (natadd && (fin->fin_fi.fi_fl & FI_FRAG) &&
++		    np && (np->in_flags & IPN_FRAG))
+ 			ipfr_nat_newfrag(ip, fin, 0, nat);
+ 		if ((np->in_apr != NULL) && (np->in_dport == 0 ||
+ 		    (tcp != NULL && sport == np->in_dport))) {
+Index: sys/netinet/ip_nat.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_nat.h,v
+retrieving revision 1.8.2.3
+diff -u -r1.8.2.3 ip_nat.h
+--- sys/netinet/ip_nat.h	2001/02/17 20:42:07	1.8.2.3
++++ sys/netinet/ip_nat.h	2001/04/08 13:22:50
+@@ -227,6 +227,7 @@
+ #define	IPN_ROUNDR	0x100
+ #define	IPN_NOTSRC	0x080000
+ #define	IPN_NOTDST	0x100000
++#define	IPN_FRAG	0x200000
+ 
+ 
+ typedef	struct	natlog {
+Index: sys/netinet/ip_state.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_state.c,v
+retrieving revision 1.13.2.5
+diff -u -r1.13.2.5 ip_state.c
+--- sys/netinet/ip_state.c	2001/02/17 20:42:07	1.13.2.5
++++ sys/netinet/ip_state.c	2001/04/08 13:22:50
+@@ -688,7 +688,7 @@
+ #endif
+ 	RWLOCK_EXIT(&ipf_state);
+ 	fin->fin_rev = IP6NEQ(is->is_dst, fin->fin_fi.fi_dst);
+-	if (fin->fin_fi.fi_fl & FI_FRAG)
++	if ((fin->fin_fi.fi_fl & FI_FRAG) && (pass & FR_KEEPFRAG))
+ 		ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE);
+ 	return is;
+ }
+@@ -1345,7 +1345,7 @@
+ 		fr_delstate(is);
+ #endif
+ 	RWLOCK_EXIT(&ipf_state);
+-	if (fin->fin_fi.fi_fl & FI_FRAG)
++	if ((fin->fin_fi.fi_fl & FI_FRAG) && (pass & FR_KEEPFRAG))
+ 		ipfr_newfrag(ip, fin, pass ^ FR_KEEPSTATE);
+ 	return fr;
+ }
diff --git a/share/security/patches/SA-01:32/ipfilter.patch.asc b/share/security/patches/SA-01:32/ipfilter.patch.asc
new file mode 100644
index 0000000000..abeca0c611
--- /dev/null
+++ b/share/security/patches/SA-01:32/ipfilter.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOttJK1UuHi5z0oilAQHrYwP+PfJ8zd4jKoZwyED6RALA2I+GNOqSsNc7
+kVmDnqdQsM3KE9sn9so/JU4/XC8C95E62qMCmx4uEBNFcAzURsXJwkoaC4CknO2m
+H9EwxgbFA7ljnbBqPuV4rIZqbFKxT1Pr1+aht2xGTG2NMXcvmFbHoWj5J3c/h4yI
+DohleRp7Az0=
+=fuZ3
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:33/glob.3.x.patch b/share/security/patches/SA-01:33/glob.3.x.patch
new file mode 100644
index 0000000000..ca73fb5c34
--- /dev/null
+++ b/share/security/patches/SA-01:33/glob.3.x.patch
@@ -0,0 +1,559 @@
+Index: include/glob.h
+===================================================================
+RCS file: /home/ncvs/src/include/glob.h,v
+--- include/glob.h	1998/02/25 02:15:59	1.3
++++ include/glob.h	2001/03/21 14:33:56	1.3.6.1
+@@ -76,9 +77,11 @@ typedef struct {
+ #define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
+ #define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
+ #define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
++#define	GLOB_MAXPATH	0x1000	/* limit number of returned paths */
+ 
+ #define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
+ #define	GLOB_ABEND	(-2)	/* Unignored error. */
++#define	GLOB_LIMIT	(-3)	/* Path limit was hit. */
+ 
+ __BEGIN_DECLS
+ int	glob __P((const char *, int, int (*)(const char *, int), glob_t *));
+Index: lib/libc/gen/glob.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/gen/glob.c,v
+--- lib/libc/gen/glob.c	1998/02/20 07:54:56	1.11
++++ lib/libc/gen/glob.c	2001/04/07 21:00:20
+@@ -129,7 +129,7 @@
+ 
+ 
+ static int	 compare __P((const void *, const void *));
+-static void	 g_Ctoc __P((const Char *, char *));
++static int	 g_Ctoc __P((const Char *, char *, u_int));
+ static int	 g_lstat __P((Char *, struct stat *, glob_t *));
+ static DIR	*g_opendir __P((Char *, glob_t *));
+ static Char	*g_strchr __P((Char *, int));
+@@ -137,14 +137,15 @@
+ static Char	*g_strcat __P((Char *, const Char *));
+ #endif
+ static int	 g_stat __P((Char *, struct stat *, glob_t *));
+-static int	 glob0 __P((const Char *, glob_t *));
+-static int	 glob1 __P((Char *, glob_t *));
+-static int	 glob2 __P((Char *, Char *, Char *, glob_t *));
+-static int	 glob3 __P((Char *, Char *, Char *, Char *, glob_t *));
+-static int	 globextend __P((const Char *, glob_t *));
+-static const Char *	 globtilde __P((const Char *, Char *, size_t, glob_t *));
+-static int	 globexp1 __P((const Char *, glob_t *));
+-static int	 globexp2 __P((const Char *, const Char *, glob_t *, int *));
++static int	 glob0 __P((const Char *, glob_t *, int *));
++static int	 glob1 __P((Char *, glob_t *, int *));
++static int	 glob2 __P((Char *, Char *, Char *, Char *, glob_t *, int *));
++static int	 glob3 __P((Char *, Char *, Char *, Char *, Char *, glob_t *, int *));
++static int	 globextend __P((const Char *, glob_t *, int *));
++static const Char *	
++		 globtilde __P((const Char *, Char *, size_t, glob_t *));
++static int	 globexp1 __P((const Char *, glob_t *, int *));
++static int	 globexp2 __P((const Char *, const Char *, glob_t *, int *, int *));
+ static int	 match __P((Char *, Char *, Char *));
+ #ifdef DEBUG
+ static void	 qprintf __P((const char *, Char *));
+@@ -157,8 +158,8 @@
+ 	glob_t *pglob;
+ {
+ 	const u_char *patnext;
+-	int c;
+-	Char *bufnext, *bufend, patbuf[MAXPATHLEN+1];
++	int c, limit;
++	Char *bufnext, *bufend, patbuf[MAXPATHLEN];
+ 
+ 	patnext = (u_char *) pattern;
+ 	if (!(flags & GLOB_APPEND)) {
+@@ -167,12 +168,16 @@
+ 		if (!(flags & GLOB_DOOFFS))
+ 			pglob->gl_offs = 0;
+ 	}
++	if (flags & GLOB_MAXPATH)
++		limit = pglob->gl_matchc;
++	else
++		limit = 0;
+ 	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+ 	pglob->gl_errfunc = errfunc;
+ 	pglob->gl_matchc = 0;
+ 
+ 	bufnext = patbuf;
+-	bufend = bufnext + MAXPATHLEN;
++	bufend = bufnext + MAXPATHLEN - 1;
+ 	if (flags & GLOB_QUOTE) {
+ 		/* Protect the quoted characters. */
+ 		while (bufnext < bufend && (c = *patnext++) != EOS)
+@@ -192,9 +197,9 @@
+ 	*bufnext = EOS;
+ 
+ 	if (flags & GLOB_BRACE)
+-	    return globexp1(patbuf, pglob);
++	    return globexp1(patbuf, pglob, &limit);
+ 	else
+-	    return glob0(patbuf, pglob);
++	    return glob0(patbuf, pglob, &limit);
+ }
+ 
+ /*
+@@ -202,22 +207,24 @@
+  * invoke the standard globbing routine to glob the rest of the magic
+  * characters
+  */
+-static int globexp1(pattern, pglob)
++static int
++globexp1(pattern, pglob, limit)
+ 	const Char *pattern;
+ 	glob_t *pglob;
++	int *limit;
+ {
+ 	const Char* ptr = pattern;
+ 	int rv;
+ 
+ 	/* Protect a single {}, for find(1), like csh */
+ 	if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS)
+-		return glob0(pattern, pglob);
++		return glob0(pattern, pglob, limit);
+ 
+ 	while ((ptr = (const Char *) g_strchr((Char *) ptr, LBRACE)) != NULL)
+-		if (!globexp2(ptr, pattern, pglob, &rv))
++		if (!globexp2(ptr, pattern, pglob, &rv, limit))
+ 			return rv;
+ 
+-	return glob0(pattern, pglob);
++	return glob0(pattern, pglob, limit);
+ }
+ 
+ 
+@@ -226,19 +233,21 @@
+  * If it succeeds then it invokes globexp1 with the new pattern.
+  * If it fails then it tries to glob the rest of the pattern and returns.
+  */
+-static int globexp2(ptr, pattern, pglob, rv)
++static int
++globexp2(ptr, pattern, pglob, rv, limit)
+ 	const Char *ptr, *pattern;
+ 	glob_t *pglob;
+-	int *rv;
++	int *rv, *limit;
+ {
+ 	int     i;
+ 	Char   *lm, *ls;
+ 	const Char *pe, *pm, *pl;
+-	Char    patbuf[MAXPATHLEN + 1];
++	Char    patbuf[MAXPATHLEN];
+ 
+ 	/* copy part up to the brace */
+ 	for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+ 		continue;
++	*lm = EOS;
+ 	ls = lm;
+ 
+ 	/* Find the balanced brace */
+@@ -265,7 +274,7 @@
+ 
+ 	/* Non matching braces; just glob the pattern */
+ 	if (i != 0 || *pe == EOS) {
+-		*rv = glob0(patbuf, pglob);
++		*rv = glob0(patbuf, pglob, limit);
+ 		return 0;
+ 	}
+ 
+@@ -312,7 +321,7 @@
+ #ifdef DEBUG
+ 				qprintf("globexp2:", patbuf);
+ #endif
+-				*rv = globexp1(patbuf, pglob);
++				*rv = globexp1(patbuf, pglob, limit);
+ 
+ 				/* move after the comma, to the next string */
+ 				pl = pm + 1;
+@@ -406,16 +415,16 @@
+  * to find no matches.
+  */
+ static int
+-glob0(pattern, pglob)
++glob0(pattern, pglob, limit)
+ 	const Char *pattern;
+ 	glob_t *pglob;
++	int *limit;
+ {
+ 	const Char *qpatnext;
+ 	int c, err, oldpathc;
+-	Char *bufnext, patbuf[MAXPATHLEN+1];
++	Char *bufnext, patbuf[MAXPATHLEN];
+ 
+-	qpatnext = globtilde(pattern, patbuf, sizeof(patbuf) / sizeof(Char), 
+-	    pglob);
++	qpatnext = globtilde(pattern, patbuf, MAXPATHLEN, pglob);
+ 	oldpathc = pglob->gl_pathc;
+ 	bufnext = patbuf;
+ 
+@@ -471,7 +480,7 @@
+ 	qprintf("glob0:", patbuf);
+ #endif
+ 
+-	if ((err = glob1(patbuf, pglob)) != 0)
++	if ((err = glob1(patbuf, pglob, limit)) != 0)
+ 		return(err);
+ 
+ 	/*
+@@ -484,7 +493,7 @@
+ 	    ((pglob->gl_flags & GLOB_NOCHECK) ||
+ 	      ((pglob->gl_flags & GLOB_NOMAGIC) &&
+ 	       !(pglob->gl_flags & GLOB_MAGCHAR))))
+-		return(globextend(pattern, pglob));
++		return(globextend(pattern, pglob, limit));
+ 	else if (!(pglob->gl_flags & GLOB_NOSORT))
+ 		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+ 		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+@@ -499,16 +508,18 @@
+ }
+ 
+ static int
+-glob1(pattern, pglob)
++glob1(pattern, pglob, limit)
+ 	Char *pattern;
+ 	glob_t *pglob;
++	int *limit;
+ {
+-	Char pathbuf[MAXPATHLEN+1];
++	Char pathbuf[MAXPATHLEN];
+ 
+ 	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
+ 	if (*pattern == EOS)
+ 		return(0);
+-	return(glob2(pathbuf, pathbuf, pattern, pglob));
++	return(glob2(pathbuf, pathbuf, pathbuf + MAXPATHLEN - 1,
++	    pattern, pglob, limit));
+ }
+ 
+ /*
+@@ -517,9 +528,10 @@
+  * meta characters.
+  */
+ static int
+-glob2(pathbuf, pathend, pattern, pglob)
+-	Char *pathbuf, *pathend, *pattern;
++glob2(pathbuf, pathend, pathend_last, pattern, pglob, limit)
++	Char *pathbuf, *pathend, *pathend_last, *pattern;
+ 	glob_t *pglob;
++	int *limit;
+ {
+ 	struct stat sb;
+ 	Char *p, *q;
+@@ -540,11 +552,13 @@
+ 			    || (S_ISLNK(sb.st_mode) &&
+ 			    (g_stat(pathbuf, &sb, pglob) == 0) &&
+ 			    S_ISDIR(sb.st_mode)))) {
++				if (pathend + 1 > pathend_last)
++					return (1);
+ 				*pathend++ = SEP;
+ 				*pathend = EOS;
+ 			}
+ 			++pglob->gl_matchc;
+-			return(globextend(pathbuf, pglob));
++			return(globextend(pathbuf, pglob, limit));
+ 		}
+ 
+ 		/* Find end of next segment, copy tentatively to pathend. */
+@@ -553,24 +567,31 @@
+ 		while (*p != EOS && *p != SEP) {
+ 			if (ismeta(*p))
+ 				anymeta = 1;
++			if (q + 1 > pathend_last)
++				return (1);
+ 			*q++ = *p++;
+ 		}
+ 
+ 		if (!anymeta) {		/* No expansion, do next segment. */
+ 			pathend = q;
+ 			pattern = p;
+-			while (*pattern == SEP)
++			while (*pattern == SEP) {
++				if (pathend + 1 > pathend_last)
++					return (1);
+ 				*pathend++ = *pattern++;
++			}
+ 		} else			/* Need expansion, recurse. */
+-			return(glob3(pathbuf, pathend, pattern, p, pglob));
++			return(glob3(pathbuf, pathend, pathend_last, pattern, p,
++			    pglob, limit));
+ 	}
+ 	/* NOTREACHED */
+ }
+ 
+ static int
+-glob3(pathbuf, pathend, pattern, restpattern, pglob)
+-	Char *pathbuf, *pathend, *pattern, *restpattern;
++glob3(pathbuf, pathend, pathend_last, pattern, restpattern, pglob, limit)
++	Char *pathbuf, *pathend, *pathend_last, *pattern, *restpattern;
+ 	glob_t *pglob;
++	int *limit;
+ {
+ 	register struct dirent *dp;
+ 	DIR *dirp;
+@@ -585,13 +606,16 @@
+ 	 */
+ 	struct dirent *(*readdirfunc)();
+ 
++	if (pathend > pathend_last)
++		return (1);
+ 	*pathend = EOS;
+ 	errno = 0;
+ 
+ 	if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
+ 		/* TODO: don't call for ENOENT or ENOTDIR? */
+ 		if (pglob->gl_errfunc) {
+-			g_Ctoc(pathbuf, buf);
++			if (g_Ctoc(pathbuf, buf, sizeof(buf)))
++				return (GLOB_ABEND);
+ 			if (pglob->gl_errfunc(buf, errno) ||
+ 			    pglob->gl_flags & GLOB_ERR)
+ 				return (GLOB_ABEND);
+@@ -612,15 +636,17 @@
+ 
+ 		/* Initial DOT must be matched literally. */
+ 		if (dp->d_name[0] == DOT && *pattern != DOT)
+-			continue;
+-		for (sc = (u_char *) dp->d_name, dc = pathend;
+-		     (*dc++ = *sc++) != EOS;)
+ 			continue;
++		dc = pathend;
++		sc = (u_char *) dp->d_name;
++		while (dc < pathend_last && (*dc++ = *sc++) != EOS)
++			;
+ 		if (!match(pathend, pattern, restpattern)) {
+ 			*pathend = EOS;
+ 			continue;
+ 		}
+-		err = glob2(pathbuf, --dc, restpattern, pglob);
++		err = glob2(pathbuf, --dc, pathend_last, restpattern,
++		    pglob, limit);
+ 		if (err)
+ 			break;
+ 	}
+@@ -648,22 +674,31 @@
+  *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
+  */
+ static int
+-globextend(path, pglob)
++globextend(path, pglob, limit)
+ 	const Char *path;
+ 	glob_t *pglob;
++	int *limit;
+ {
+ 	register char **pathv;
+ 	register int i;
+-	u_int newsize;
++	u_int newsize, len;
+ 	char *copy;
+ 	const Char *p;
+ 
++	if (*limit && pglob->gl_pathc > *limit)
++		return (GLOB_LIMIT);
++
+ 	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
+ 	pathv = pglob->gl_pathv ?
+ 		    realloc((char *)pglob->gl_pathv, newsize) :
+ 		    malloc(newsize);
+-	if (pathv == NULL)
++	if (pathv == NULL) {
++		if (pglob->gl_pathv) {
++			free(pglob->gl_pathv);
++			pglob->gl_pathv = NULL;
++		}
+ 		return(GLOB_NOSPACE);
++	}
+ 
+ 	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
+ 		/* first time around -- clear initial gl_offs items */
+@@ -675,8 +710,12 @@
+ 
+ 	for (p = path; *p++;)
+ 		continue;
+-	if ((copy = malloc(p - path)) != NULL) {
+-		g_Ctoc(path, copy);
++	len = (size_t)(p - path);
++	if ((copy = malloc(len)) != NULL) {
++		if (g_Ctoc(path, copy, len)) {
++			free(copy);
++			return (GLOB_NOSPACE);
++		}
+ 		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
+ 	}
+ 	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+@@ -752,6 +791,7 @@
+ 			if (*pp)
+ 				free(*pp);
+ 		free(pglob->gl_pathv);
++		pglob->gl_pathv = NULL;
+ 	}
+ }
+ 
+@@ -764,8 +804,10 @@
+ 
+ 	if (!*str)
+ 		strcpy(buf, ".");
+-	else
+-		g_Ctoc(str, buf);
++	else {
++		if (g_Ctoc(str, buf, sizeof(buf)))
++			return (NULL);
++	}
+ 
+ 	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ 		return((*pglob->gl_opendir)(buf));
+@@ -781,7 +823,10 @@
+ {
+ 	char buf[MAXPATHLEN];
+ 
+-	g_Ctoc(fn, buf);
++	if (g_Ctoc(fn, buf, sizeof(buf))) {
++		errno = ENAMETOOLONG;
++		return (-1);
++	}
+ 	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ 		return((*pglob->gl_lstat)(buf, sb));
+ 	return(lstat(buf, sb));
+@@ -795,7 +840,10 @@
+ {
+ 	char buf[MAXPATHLEN];
+ 
+-	g_Ctoc(fn, buf);
++	if (g_Ctoc(fn, buf, sizeof(buf))) {
++		errno = ENAMETOOLONG;
++		return (-1);
++	}
+ 	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ 		return((*pglob->gl_stat)(buf, sb));
+ 	return(stat(buf, sb));
+@@ -812,34 +860,19 @@
+ 	} while (*str++);
+ 	return (NULL);
+ }
+-
+-#ifdef notdef
+-static Char *
+-g_strcat(dst, src)
+-	Char *dst;
+-	const Char* src;
+-{
+-	Char *sdst = dst;
+-
+-	while (*dst++)
+-		continue;
+-	--dst;
+-	while((*dst++ = *src++) != EOS)
+-	    continue;
+-
+-	return (sdst);
+-}
+-#endif
+ 
+-static void
+-g_Ctoc(str, buf)
+-	register const Char *str;
++static int
++g_Ctoc(str, buf, len)
++	const Char *str;
+ 	char *buf;
++	u_int len;
+ {
+-	register char *dc;
+ 
+-	for (dc = buf; (*dc++ = *str++) != EOS;)
+-		continue;
++	while (len--) {
++		if ((*buf++ = *str++) == '\0')
++			return (0);
++	}
++	return (1);
+ }
+ 
+ #ifdef DEBUG
+Index: libexec/ftpd/popen.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/ftpd/popen.c,v
+--- libexec/ftpd/popen.c	2000/09/20 09:57:58	1.18.2.1
++++ libexec/ftpd/popen.c	2001/04/07 21:08:09
+@@ -107,6 +107,8 @@
+ 		int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ 
+ 		memset(&gl, 0, sizeof(gl));
++		gl.gl_matchc = MAXGLOBARGS;
++		flags |= GLOB_MAXPATH;
+ 		if (glob(argv[argc], flags, NULL, &gl))
+ 			gargv[gargc++] = strdup(argv[argc]);
+ 		else
+===================================================================
+RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v
+--- libexec/ftpd/ftpd.c	2001/03/11 13:20:44	1.73
++++ libexec/ftpd/ftpd.c	2001/03/19 19:11:00
+@@ -189,6 +189,13 @@ static int	auth_pam __P((struct passwd**
+ char	*pid_file = NULL;
+ 
+ /*
++ * Limit number of pathnames that glob can return.
++ * A limit of 0 indicates the number of pathnames is unlimited.
++ */
++#define MAXGLOBARGS	16384
++#
++
++/*
+  * Timeout intervals for retrying connections
+  * to hosts that don't accept PORT cmds.  This
+  * is a kludge, but given the problems with TCP...
+@@ -2621,6 +2628,8 @@ send_file_list(whichf)
+ 		int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ 
+ 		memset(&gl, 0, sizeof(gl));
++		gl.gl_matchc = MAXGLOBARGS;
++		flags |= GLOB_MAXPATH;
+ 		freeglob = 1;
+ 		if (glob(whichf, flags, 0, &gl)) {
+ 			reply(550, "not found");
+Index: libexec/ftpd/ftpcmd.y
+===================================================================
+RCS file: /home/ncvs/src/libexec/ftpd/ftpcmd.y,v
+--- libexec/ftpd/ftpcmd.y	1999/08/29 15:03:11	1.13.2.1
++++ libexec/ftpd/ftpcmd.y	2001/04/17 17:58:51
+@@ -287,7 +287,7 @@
+ 			if ($2)
+ 				retrieve("/bin/ls -lgA", "");
+ 		}
+-	| LIST check_login SP pathname CRLF
++	| LIST check_login SP pathstring CRLF
+ 		{
+ 			if ($2 && $4 != NULL)
+ 				retrieve("/bin/ls -lgA %s", $4);
+@@ -681,16 +681,21 @@
+ 			 * processing, but only gives a 550 error reply.
+ 			 * This is a valid reply in some cases but not in others.
+ 			 */
+-			if (logged_in && $1 && *$1 == '~') {
++			if (logged_in && $1) {
+ 				glob_t gl;
+ 				int flags =
+ 				 GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ 
+ 				memset(&gl, 0, sizeof(gl));
++				flags |= GLOB_MAXPATH;
++				gl.gl_matchc = MAXGLOBARGS;
+ 				if (glob($1, flags, NULL, &gl) ||
+ 				    gl.gl_pathc == 0) {
+ 					reply(550, "not found");
+ 					$$ = NULL;
++				} else if (gl.gl_pathc > 1) {
++					reply(550, "ambiguous");
++					$$ = NULL;
+ 				} else {
+ 					$$ = strdup(gl.gl_pathv[0]);
+ 				}
+@@ -757,6 +762,8 @@
+ #define	ZSTR2	6	/* optional STRING after SP */
+ #define	SITECMD	7	/* SITE command */
+ #define	NSTR	8	/* Number followed by a string */
++
++#define	MAXGLOBARGS	1000
+ 
+ struct tab {
+ 	char	*name;
diff --git a/share/security/patches/SA-01:33/glob.3.x.patch.asc b/share/security/patches/SA-01:33/glob.3.x.patch.asc
new file mode 100644
index 0000000000..c9e1fda80b
--- /dev/null
+++ b/share/security/patches/SA-01:33/glob.3.x.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOt83ilUuHi5z0oilAQGiIQQAlPaLkd80JsQkavcA3uutHSpHH88hn91L
+8TZVTpQbSlR4EUlh85WbES/Ut19/qiM8lrZ7+v3ypcgeM9EaLGtxFa0c0K3oak0w
+lYrxq6lFYG90E4cbO1AFmNq6XnW78MAZ1AY6yh3tYr7mRH+215zv50zcJ9zJkzyr
+JGXzlHOzzuM=
+=OxXj
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:33/glob.4.x.patch b/share/security/patches/SA-01:33/glob.4.x.patch
new file mode 100644
index 0000000000..93ad7acefc
--- /dev/null
+++ b/share/security/patches/SA-01:33/glob.4.x.patch
@@ -0,0 +1,567 @@
+Index: include/glob.h
+===================================================================
+RCS file: /home/ncvs/src/include/glob.h,v
+--- include/glob.h	1998/02/25 02:15:59	1.3
++++ include/glob.h	2001/03/21 14:33:56	1.3.6.1
+@@ -76,9 +77,11 @@ typedef struct {
+ #define	GLOB_NOMAGIC	0x0200	/* GLOB_NOCHECK without magic chars (csh). */
+ #define	GLOB_QUOTE	0x0400	/* Quote special chars with \. */
+ #define	GLOB_TILDE	0x0800	/* Expand tilde names from the passwd file. */
++#define	GLOB_MAXPATH	0x1000	/* limit number of returned paths */
+ 
+ #define	GLOB_NOSPACE	(-1)	/* Malloc call failed. */
+ #define	GLOB_ABEND	(-2)	/* Unignored error. */
++#define	GLOB_LIMIT	(-3)	/* Path limit was hit. */
+ 
+ __BEGIN_DECLS
+ int	glob __P((const char *, int, int (*)(const char *, int), glob_t *));
+Index: lib/libc/gen/glob.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/gen/glob.c,v
+--- lib/libc/gen/glob.c	1998/02/20 07:54:56	1.11
++++ lib/libc/gen/glob.c	2001/04/07 21:00:20
+@@ -129,7 +129,7 @@
+ 
+ 
+ static int	 compare __P((const void *, const void *));
+-static void	 g_Ctoc __P((const Char *, char *));
++static int	 g_Ctoc __P((const Char *, char *, u_int));
+ static int	 g_lstat __P((Char *, struct stat *, glob_t *));
+ static DIR	*g_opendir __P((Char *, glob_t *));
+ static Char	*g_strchr __P((Char *, int));
+@@ -137,14 +137,15 @@
+ static Char	*g_strcat __P((Char *, const Char *));
+ #endif
+ static int	 g_stat __P((Char *, struct stat *, glob_t *));
+-static int	 glob0 __P((const Char *, glob_t *));
+-static int	 glob1 __P((Char *, glob_t *));
+-static int	 glob2 __P((Char *, Char *, Char *, glob_t *));
+-static int	 glob3 __P((Char *, Char *, Char *, Char *, glob_t *));
+-static int	 globextend __P((const Char *, glob_t *));
+-static const Char *	 globtilde __P((const Char *, Char *, size_t, glob_t *));
+-static int	 globexp1 __P((const Char *, glob_t *));
+-static int	 globexp2 __P((const Char *, const Char *, glob_t *, int *));
++static int	 glob0 __P((const Char *, glob_t *, int *));
++static int	 glob1 __P((Char *, glob_t *, int *));
++static int	 glob2 __P((Char *, Char *, Char *, Char *, glob_t *, int *));
++static int	 glob3 __P((Char *, Char *, Char *, Char *, Char *, glob_t *, int *));
++static int	 globextend __P((const Char *, glob_t *, int *));
++static const Char *	
++		 globtilde __P((const Char *, Char *, size_t, glob_t *));
++static int	 globexp1 __P((const Char *, glob_t *, int *));
++static int	 globexp2 __P((const Char *, const Char *, glob_t *, int *, int *));
+ static int	 match __P((Char *, Char *, Char *));
+ #ifdef DEBUG
+ static void	 qprintf __P((const char *, Char *));
+@@ -157,8 +158,8 @@
+ 	glob_t *pglob;
+ {
+ 	const u_char *patnext;
+-	int c;
+-	Char *bufnext, *bufend, patbuf[MAXPATHLEN+1];
++	int c, limit;
++	Char *bufnext, *bufend, patbuf[MAXPATHLEN];
+ 
+ 	patnext = (u_char *) pattern;
+ 	if (!(flags & GLOB_APPEND)) {
+@@ -167,12 +168,16 @@
+ 		if (!(flags & GLOB_DOOFFS))
+ 			pglob->gl_offs = 0;
+ 	}
++	if (flags & GLOB_MAXPATH)
++		limit = pglob->gl_matchc;
++	else
++		limit = 0;
+ 	pglob->gl_flags = flags & ~GLOB_MAGCHAR;
+ 	pglob->gl_errfunc = errfunc;
+ 	pglob->gl_matchc = 0;
+ 
+ 	bufnext = patbuf;
+-	bufend = bufnext + MAXPATHLEN;
++	bufend = bufnext + MAXPATHLEN - 1;
+ 	if (flags & GLOB_QUOTE) {
+ 		/* Protect the quoted characters. */
+ 		while (bufnext < bufend && (c = *patnext++) != EOS)
+@@ -192,9 +197,9 @@
+ 	*bufnext = EOS;
+ 
+ 	if (flags & GLOB_BRACE)
+-	    return globexp1(patbuf, pglob);
++	    return globexp1(patbuf, pglob, &limit);
+ 	else
+-	    return glob0(patbuf, pglob);
++	    return glob0(patbuf, pglob, &limit);
+ }
+ 
+ /*
+@@ -202,22 +207,24 @@
+  * invoke the standard globbing routine to glob the rest of the magic
+  * characters
+  */
+-static int globexp1(pattern, pglob)
++static int
++globexp1(pattern, pglob, limit)
+ 	const Char *pattern;
+ 	glob_t *pglob;
++	int *limit;
+ {
+ 	const Char* ptr = pattern;
+ 	int rv;
+ 
+ 	/* Protect a single {}, for find(1), like csh */
+ 	if (pattern[0] == LBRACE && pattern[1] == RBRACE && pattern[2] == EOS)
+-		return glob0(pattern, pglob);
++		return glob0(pattern, pglob, limit);
+ 
+ 	while ((ptr = (const Char *) g_strchr((Char *) ptr, LBRACE)) != NULL)
+-		if (!globexp2(ptr, pattern, pglob, &rv))
++		if (!globexp2(ptr, pattern, pglob, &rv, limit))
+ 			return rv;
+ 
+-	return glob0(pattern, pglob);
++	return glob0(pattern, pglob, limit);
+ }
+ 
+ 
+@@ -226,19 +233,21 @@
+  * If it succeeds then it invokes globexp1 with the new pattern.
+  * If it fails then it tries to glob the rest of the pattern and returns.
+  */
+-static int globexp2(ptr, pattern, pglob, rv)
++static int
++globexp2(ptr, pattern, pglob, rv, limit)
+ 	const Char *ptr, *pattern;
+ 	glob_t *pglob;
+-	int *rv;
++	int *rv, *limit;
+ {
+ 	int     i;
+ 	Char   *lm, *ls;
+ 	const Char *pe, *pm, *pl;
+-	Char    patbuf[MAXPATHLEN + 1];
++	Char    patbuf[MAXPATHLEN];
+ 
+ 	/* copy part up to the brace */
+ 	for (lm = patbuf, pm = pattern; pm != ptr; *lm++ = *pm++)
+ 		continue;
++	*lm = EOS;
+ 	ls = lm;
+ 
+ 	/* Find the balanced brace */
+@@ -265,7 +274,7 @@
+ 
+ 	/* Non matching braces; just glob the pattern */
+ 	if (i != 0 || *pe == EOS) {
+-		*rv = glob0(patbuf, pglob);
++		*rv = glob0(patbuf, pglob, limit);
+ 		return 0;
+ 	}
+ 
+@@ -312,7 +321,7 @@
+ #ifdef DEBUG
+ 				qprintf("globexp2:", patbuf);
+ #endif
+-				*rv = globexp1(patbuf, pglob);
++				*rv = globexp1(patbuf, pglob, limit);
+ 
+ 				/* move after the comma, to the next string */
+ 				pl = pm + 1;
+@@ -406,16 +415,16 @@
+  * to find no matches.
+  */
+ static int
+-glob0(pattern, pglob)
++glob0(pattern, pglob, limit)
+ 	const Char *pattern;
+ 	glob_t *pglob;
++	int *limit;
+ {
+ 	const Char *qpatnext;
+ 	int c, err, oldpathc;
+-	Char *bufnext, patbuf[MAXPATHLEN+1];
++	Char *bufnext, patbuf[MAXPATHLEN];
+ 
+-	qpatnext = globtilde(pattern, patbuf, sizeof(patbuf) / sizeof(Char), 
+-	    pglob);
++	qpatnext = globtilde(pattern, patbuf, MAXPATHLEN, pglob);
+ 	oldpathc = pglob->gl_pathc;
+ 	bufnext = patbuf;
+ 
+@@ -471,7 +480,7 @@
+ 	qprintf("glob0:", patbuf);
+ #endif
+ 
+-	if ((err = glob1(patbuf, pglob)) != 0)
++	if ((err = glob1(patbuf, pglob, limit)) != 0)
+ 		return(err);
+ 
+ 	/*
+@@ -484,7 +493,7 @@
+ 	    ((pglob->gl_flags & GLOB_NOCHECK) ||
+ 	      ((pglob->gl_flags & GLOB_NOMAGIC) &&
+ 	       !(pglob->gl_flags & GLOB_MAGCHAR))))
+-		return(globextend(pattern, pglob));
++		return(globextend(pattern, pglob, limit));
+ 	else if (!(pglob->gl_flags & GLOB_NOSORT))
+ 		qsort(pglob->gl_pathv + pglob->gl_offs + oldpathc,
+ 		    pglob->gl_pathc - oldpathc, sizeof(char *), compare);
+@@ -499,16 +508,18 @@
+ }
+ 
+ static int
+-glob1(pattern, pglob)
++glob1(pattern, pglob, limit)
+ 	Char *pattern;
+ 	glob_t *pglob;
++	int *limit;
+ {
+-	Char pathbuf[MAXPATHLEN+1];
++	Char pathbuf[MAXPATHLEN];
+ 
+ 	/* A null pathname is invalid -- POSIX 1003.1 sect. 2.4. */
+ 	if (*pattern == EOS)
+ 		return(0);
+-	return(glob2(pathbuf, pathbuf, pattern, pglob));
++	return(glob2(pathbuf, pathbuf, pathbuf + MAXPATHLEN - 1,
++	    pattern, pglob, limit));
+ }
+ 
+ /*
+@@ -517,9 +528,10 @@
+  * meta characters.
+  */
+ static int
+-glob2(pathbuf, pathend, pattern, pglob)
+-	Char *pathbuf, *pathend, *pattern;
++glob2(pathbuf, pathend, pathend_last, pattern, pglob, limit)
++	Char *pathbuf, *pathend, *pathend_last, *pattern;
+ 	glob_t *pglob;
++	int *limit;
+ {
+ 	struct stat sb;
+ 	Char *p, *q;
+@@ -540,11 +552,13 @@
+ 			    || (S_ISLNK(sb.st_mode) &&
+ 			    (g_stat(pathbuf, &sb, pglob) == 0) &&
+ 			    S_ISDIR(sb.st_mode)))) {
++				if (pathend + 1 > pathend_last)
++					return (1);
+ 				*pathend++ = SEP;
+ 				*pathend = EOS;
+ 			}
+ 			++pglob->gl_matchc;
+-			return(globextend(pathbuf, pglob));
++			return(globextend(pathbuf, pglob, limit));
+ 		}
+ 
+ 		/* Find end of next segment, copy tentatively to pathend. */
+@@ -553,24 +567,31 @@
+ 		while (*p != EOS && *p != SEP) {
+ 			if (ismeta(*p))
+ 				anymeta = 1;
++			if (q + 1 > pathend_last)
++				return (1);
+ 			*q++ = *p++;
+ 		}
+ 
+ 		if (!anymeta) {		/* No expansion, do next segment. */
+ 			pathend = q;
+ 			pattern = p;
+-			while (*pattern == SEP)
++			while (*pattern == SEP) {
++				if (pathend + 1 > pathend_last)
++					return (1);
+ 				*pathend++ = *pattern++;
++			}
+ 		} else			/* Need expansion, recurse. */
+-			return(glob3(pathbuf, pathend, pattern, p, pglob));
++			return(glob3(pathbuf, pathend, pathend_last, pattern, p,
++			    pglob, limit));
+ 	}
+ 	/* NOTREACHED */
+ }
+ 
+ static int
+-glob3(pathbuf, pathend, pattern, restpattern, pglob)
+-	Char *pathbuf, *pathend, *pattern, *restpattern;
++glob3(pathbuf, pathend, pathend_last, pattern, restpattern, pglob, limit)
++	Char *pathbuf, *pathend, *pathend_last, *pattern, *restpattern;
+ 	glob_t *pglob;
++	int *limit;
+ {
+ 	register struct dirent *dp;
+ 	DIR *dirp;
+@@ -585,13 +606,16 @@
+ 	 */
+ 	struct dirent *(*readdirfunc)();
+ 
++	if (pathend > pathend_last)
++		return (1);
+ 	*pathend = EOS;
+ 	errno = 0;
+ 
+ 	if ((dirp = g_opendir(pathbuf, pglob)) == NULL) {
+ 		/* TODO: don't call for ENOENT or ENOTDIR? */
+ 		if (pglob->gl_errfunc) {
+-			g_Ctoc(pathbuf, buf);
++			if (g_Ctoc(pathbuf, buf, sizeof(buf)))
++				return (GLOB_ABEND);
+ 			if (pglob->gl_errfunc(buf, errno) ||
+ 			    pglob->gl_flags & GLOB_ERR)
+ 				return (GLOB_ABEND);
+@@ -612,15 +636,17 @@
+ 
+ 		/* Initial DOT must be matched literally. */
+ 		if (dp->d_name[0] == DOT && *pattern != DOT)
+-			continue;
+-		for (sc = (u_char *) dp->d_name, dc = pathend;
+-		     (*dc++ = *sc++) != EOS;)
+ 			continue;
++		dc = pathend;
++		sc = (u_char *) dp->d_name;
++		while (dc < pathend_last && (*dc++ = *sc++) != EOS)
++			;
+ 		if (!match(pathend, pattern, restpattern)) {
+ 			*pathend = EOS;
+ 			continue;
+ 		}
+-		err = glob2(pathbuf, --dc, restpattern, pglob);
++		err = glob2(pathbuf, --dc, pathend_last, restpattern,
++		    pglob, limit);
+ 		if (err)
+ 			break;
+ 	}
+@@ -648,22 +674,31 @@
+  *	gl_pathv points to (gl_offs + gl_pathc + 1) items.
+  */
+ static int
+-globextend(path, pglob)
++globextend(path, pglob, limit)
+ 	const Char *path;
+ 	glob_t *pglob;
++	int *limit;
+ {
+ 	register char **pathv;
+ 	register int i;
+-	u_int newsize;
++	u_int newsize, len;
+ 	char *copy;
+ 	const Char *p;
+ 
++	if (*limit && pglob->gl_pathc > *limit)
++		return (GLOB_LIMIT);
++
+ 	newsize = sizeof(*pathv) * (2 + pglob->gl_pathc + pglob->gl_offs);
+ 	pathv = pglob->gl_pathv ?
+ 		    realloc((char *)pglob->gl_pathv, newsize) :
+ 		    malloc(newsize);
+-	if (pathv == NULL)
++	if (pathv == NULL) {
++		if (pglob->gl_pathv) {
++			free(pglob->gl_pathv);
++			pglob->gl_pathv = NULL;
++		}
+ 		return(GLOB_NOSPACE);
++	}
+ 
+ 	if (pglob->gl_pathv == NULL && pglob->gl_offs > 0) {
+ 		/* first time around -- clear initial gl_offs items */
+@@ -675,8 +710,12 @@
+ 
+ 	for (p = path; *p++;)
+ 		continue;
+-	if ((copy = malloc(p - path)) != NULL) {
+-		g_Ctoc(path, copy);
++	len = (size_t)(p - path);
++	if ((copy = malloc(len)) != NULL) {
++		if (g_Ctoc(path, copy, len)) {
++			free(copy);
++			return (GLOB_NOSPACE);
++		}
+ 		pathv[pglob->gl_offs + pglob->gl_pathc++] = copy;
+ 	}
+ 	pathv[pglob->gl_offs + pglob->gl_pathc] = NULL;
+@@ -752,6 +791,7 @@
+ 			if (*pp)
+ 				free(*pp);
+ 		free(pglob->gl_pathv);
++		pglob->gl_pathv = NULL;
+ 	}
+ }
+ 
+@@ -764,8 +804,10 @@
+ 
+ 	if (!*str)
+ 		strcpy(buf, ".");
+-	else
+-		g_Ctoc(str, buf);
++	else {
++		if (g_Ctoc(str, buf, sizeof(buf)))
++			return (NULL);
++	}
+ 
+ 	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ 		return((*pglob->gl_opendir)(buf));
+@@ -781,7 +823,10 @@
+ {
+ 	char buf[MAXPATHLEN];
+ 
+-	g_Ctoc(fn, buf);
++	if (g_Ctoc(fn, buf, sizeof(buf))) {
++		errno = ENAMETOOLONG;
++		return (-1);
++	}
+ 	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ 		return((*pglob->gl_lstat)(buf, sb));
+ 	return(lstat(buf, sb));
+@@ -795,7 +840,10 @@
+ {
+ 	char buf[MAXPATHLEN];
+ 
+-	g_Ctoc(fn, buf);
++	if (g_Ctoc(fn, buf, sizeof(buf))) {
++		errno = ENAMETOOLONG;
++		return (-1);
++	}
+ 	if (pglob->gl_flags & GLOB_ALTDIRFUNC)
+ 		return((*pglob->gl_stat)(buf, sb));
+ 	return(stat(buf, sb));
+@@ -812,34 +860,19 @@
+ 	} while (*str++);
+ 	return (NULL);
+ }
+-
+-#ifdef notdef
+-static Char *
+-g_strcat(dst, src)
+-	Char *dst;
+-	const Char* src;
+-{
+-	Char *sdst = dst;
+-
+-	while (*dst++)
+-		continue;
+-	--dst;
+-	while((*dst++ = *src++) != EOS)
+-	    continue;
+-
+-	return (sdst);
+-}
+-#endif
+ 
+-static void
+-g_Ctoc(str, buf)
+-	register const Char *str;
++static int
++g_Ctoc(str, buf, len)
++	const Char *str;
+ 	char *buf;
++	u_int len;
+ {
+-	register char *dc;
+ 
+-	for (dc = buf; (*dc++ = *str++) != EOS;)
+-		continue;
++	while (len--) {
++		if ((*buf++ = *str++) == '\0')
++			return (0);
++	}
++	return (1);
+ }
+ 
+ #ifdef DEBUG
+Index: libexec/ftpd/popen.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/ftpd/popen.c,v
+--- libexec/ftpd/popen.c	2000/09/20 09:57:58	1.18.2.1
++++ libexec/ftpd/popen.c	2001/04/07 21:08:09
+@@ -107,6 +107,8 @@
+ 		int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ 
+ 		memset(&gl, 0, sizeof(gl));
++		gl.gl_matchc = MAXGLOBARGS;
++		flags |= GLOB_MAXPATH;
+ 		if (glob(argv[argc], flags, NULL, &gl))
+ 			gargv[gargc++] = strdup(argv[argc]);
+ 		else
+===================================================================
+RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v
+--- libexec/ftpd/ftpd.c	2001/03/11 13:20:44	1.73
++++ libexec/ftpd/ftpd.c	2001/03/19 19:11:00
+@@ -189,6 +189,13 @@ static int	auth_pam __P((struct passwd**
+ char	*pid_file = NULL;
+ 
+ /*
++ * Limit number of pathnames that glob can return.
++ * A limit of 0 indicates the number of pathnames is unlimited.
++ */
++#define MAXGLOBARGS	16384
++#
++
++/*
+  * Timeout intervals for retrying connections
+  * to hosts that don't accept PORT cmds.  This
+  * is a kludge, but given the problems with TCP...
+@@ -2621,6 +2628,8 @@ send_file_list(whichf)
+ 		int flags = GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ 
+ 		memset(&gl, 0, sizeof(gl));
++		gl.gl_matchc = MAXGLOBARGS;
++		flags |= GLOB_MAXPATH;
+ 		freeglob = 1;
+ 		if (glob(whichf, flags, 0, &gl)) {
+ 			reply(550, "not found");
+===================================================================
+RCS file: /home/ncvs/src/libexec/ftpd/ftpcmd.y,v
+--- libexec/ftpd/ftpcmd.y	2001/04/16 22:20:26	1.23
++++ libexec/ftpd/ftpcmd.y	2001/04/17 03:03:45
+@@ -138,7 +138,7 @@ extern int epsvall;
+ %type	<i> check_login_ro octal_number byte_size
+ %type	<i> check_login_epsv octal_number byte_size
+ %type	<i> struct_code mode_code type_code form_code
+-%type	<s> pathstring pathname password username ext_arg
++%type	<s> pathstring pathname password username
+ %type	<s> ALL
+ 
+ %start	cmd_list
+@@ -475,7 +475,7 @@ cmd
+ 			if ($2)
+ 				retrieve("/bin/ls -lgA", "");
+ 		}
+-	| LIST check_login SP pathname CRLF
++	| LIST check_login SP pathstring CRLF
+ 		{
+ 			if ($2 && $4 != NULL)
+ 				retrieve("/bin/ls -lgA %s", $4);
+@@ -941,16 +941,21 @@ pathname
+ 			 * processing, but only gives a 550 error reply.
+ 			 * This is a valid reply in some cases but not in others.
+ 			 */
+-			if (logged_in && $1 && *$1 == '~') {
++			if (logged_in && $1) {
+ 				glob_t gl;
+ 				int flags =
+ 				 GLOB_BRACE|GLOB_NOCHECK|GLOB_QUOTE|GLOB_TILDE;
+ 
+ 				memset(&gl, 0, sizeof(gl));
++				flags |= GLOB_MAXPATH;
++				gl.gl_matchc = MAXGLOBARGS;
+ 				if (glob($1, flags, NULL, &gl) ||
+ 				    gl.gl_pathc == 0) {
+ 					reply(550, "not found");
+ 					$$ = NULL;
++				} else if (gl.gl_pathc > 1) {
++					reply(550, "ambiguous");
++					$$ = NULL;
+ 				} else {
+ 					$$ = strdup(gl.gl_pathv[0]);
+ 				}
+@@ -1036,6 +1041,8 @@ extern jmp_buf errcatch;
+ #define	ZSTR2	6	/* optional STRING after SP */
+ #define	SITECMD	7	/* SITE command */
+ #define	NSTR	8	/* Number followed by a string */
++
++#define	MAXGLOBARGS	1000
+ 
+ struct tab {
+ 	char	*name;
diff --git a/share/security/patches/SA-01:33/glob.4.x.patch.asc b/share/security/patches/SA-01:33/glob.4.x.patch.asc
new file mode 100644
index 0000000000..11648527ce
--- /dev/null
+++ b/share/security/patches/SA-01:33/glob.4.x.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.4 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAOt83glUuHi5z0oilAQFVOQP/fK8G+u5g2qHEbcHbrQRfYmPeL8GqDzyf
+dyXqgvH2D3DCtLmeCTap7tfMJl+QGaQGdkWScHdI2IlGXVHKe0QrE9lXfmlEgoe1
+B9XdE3joAA5s/VPnZVkxMT9NN5x39SQtCZz7PbpaDhBzA0R9qEMRa/cURBEjyw8M
+doInV9JJ0HA=
+=p75K
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:40/fts.patch b/share/security/patches/SA-01:40/fts.patch
new file mode 100644
index 0000000000..ebc64b4fd0
--- /dev/null
+++ b/share/security/patches/SA-01:40/fts.patch
@@ -0,0 +1,98 @@
+Index: gen/fts.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/gen/fts.c,v
+retrieving revision 1.14.2.1
+diff -u -r1.14.2.1 fts.c
+--- gen/fts.c	2001/03/05 04:44:42	1.14.2.1
++++ gen/fts.c	2001/08/18 23:21:03
+@@ -63,7 +63,7 @@
+ static int	 fts_palloc __P((FTS *, size_t));
+ static FTSENT	*fts_sort __P((FTS *, FTSENT *, int));
+ static u_short	 fts_stat __P((FTS *, FTSENT *, int));
+-static int	 fts_safe_changedir __P((FTS *, FTSENT *, int));
++static int	 fts_safe_changedir __P((FTS *, FTSENT *, int, char *));
+ 
+ #define	ISDOT(a)	(a[0] == '.' && (!a[1] || (a[1] == '.' && !a[2])))
+ 
+@@ -71,7 +71,6 @@
+ #define	ISSET(opt)	(sp->fts_options & (opt))
+ #define	SET(opt)	(sp->fts_options |= (opt))
+ 
+-#define	CHDIR(sp, path)	(!ISSET(FTS_NOCHDIR) && chdir(path))
+ #define	FCHDIR(sp, fd)	(!ISSET(FTS_NOCHDIR) && fchdir(fd))
+ 
+ /* fts_build flags */
+@@ -275,6 +274,7 @@
+ fts_read(sp)
+ 	register FTS *sp;
+ {
++	struct stat sb;
+ 	register FTSENT *p, *tmp;
+ 	register int instr;
+ 	register char *t;
+@@ -351,7 +351,7 @@
+ 		 * FTS_STOP or the fts_info field of the node.
+ 		 */
+ 		if (sp->fts_child != NULL) {
+-			if (fts_safe_changedir(sp, p, -1)) {
++			if (fts_safe_changedir(sp, p, -1, p->fts_accpath)) {
+ 				p->fts_errno = errno;
+ 				p->fts_flags |= FTS_DONTCHDIR;
+ 				for (p = sp->fts_child; p != NULL; 
+@@ -449,11 +449,10 @@
+ 			return (NULL);
+ 		}
+ 		(void)_close(p->fts_symfd);
+-	} else if (!(p->fts_flags & FTS_DONTCHDIR)) {
+-		if (CHDIR(sp, "..")) {
+-			SET(FTS_STOP);
+-			return (NULL);
+-		}
++	} else if (!(p->fts_flags & FTS_DONTCHDIR) &&
++		   fts_safe_changedir(sp, p->fts_parent, -1, "..")) {
++		SET(FTS_STOP);
++		return (NULL);
+ 	}
+ 	p->fts_info = p->fts_errno ? FTS_ERR : FTS_DP;
+ 	return (sp->fts_cur = p);
+@@ -640,7 +639,7 @@
+ 	 */
+ 	cderrno = 0;
+ 	if (nlinks || type == BREAD) {
+-		if (fts_safe_changedir(sp, cur, dirfd(dirp))) {
++		if (fts_safe_changedir(sp, cur, dirfd(dirp), NULL)) {
+ 			if (nlinks && type == BREAD)
+ 				cur->fts_errno = errno;
+ 			cur->fts_flags |= FTS_DONTCHDIR;
+@@ -806,7 +805,8 @@
+ 	 */
+ 	if (descend && (type == BCHILD || !nitems) &&
+ 	    (cur->fts_level == FTS_ROOTLEVEL ?
+-	    FCHDIR(sp, sp->fts_rfd) : CHDIR(sp, ".."))) {
++	    FCHDIR(sp, sp->fts_rfd) :
++	    fts_safe_changedir(sp, cur->fts_parent, -1, ".."))) {
+ 		cur->fts_info = FTS_ERR;
+ 		SET(FTS_STOP);
+ 		return (NULL);
+@@ -1069,10 +1069,11 @@
+  * Assumes p->fts_dev and p->fts_ino are filled in.
+  */
+ static int
+-fts_safe_changedir(sp, p, fd)
++fts_safe_changedir(sp, p, fd, path)
+ 	FTS *sp;
+ 	FTSENT *p;
+ 	int fd;
++	char *path;
+ {
+ 	int ret, oerrno, newfd;
+ 	struct stat sb;
+@@ -1080,7 +1081,7 @@
+ 	newfd = fd;
+ 	if (ISSET(FTS_NOCHDIR))
+ 		return (0);
+-	if (fd < 0 && (newfd = _open(p->fts_accpath, O_RDONLY, 0)) < 0)
++	if (fd < 0 && (newfd = _open(path, O_RDONLY, 0)) < 0)
+ 		return (-1);
+ 	if (fstat(newfd, &sb)) {
+ 		ret = -1;
diff --git a/share/security/patches/SA-01:40/fts.patch.asc b/share/security/patches/SA-01:40/fts.patch.asc
new file mode 100644
index 0000000000..6c8d829c26
--- /dev/null
+++ b/share/security/patches/SA-01:40/fts.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUAO375aVUuHi5z0oilAQEH6gP/c1/Br4lvQZ7xxuSfWNLquu9HEqgyXxmO
+vWrdagiD9X5WvPzFuWynjQIZrdGlGRnWQb3CWdkL8SBEYkrGcbNYP32Rg4tyBnZ+
+Uqck1t3mQP/AYjQBoman91wvEkanYr7VQkxkXxHDum/KIIPrDdxn6jEys56J0n/n
+bgDO4Am/YaE=
+=GihW
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:42/signal-4.3.patch b/share/security/patches/SA-01:42/signal-4.3.patch
new file mode 100644
index 0000000000..34fa916b91
--- /dev/null
+++ b/share/security/patches/SA-01:42/signal-4.3.patch
@@ -0,0 +1,64 @@
+Index: kern_exec.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v
+retrieving revision 1.107.2.7
+diff -u -r1.107.2.7 kern_exec.c
+--- kern_exec.c	2001/06/16 23:39:08	1.107.2.7
++++ kern_exec.c	2001/07/10 00:43:48
+@@ -29,7 +29,6 @@
+ #include <sys/param.h>
+ #include <sys/systm.h>
+ #include <sys/sysproto.h>
+-#include <sys/signalvar.h>
+ #include <sys/kernel.h>
+ #include <sys/mount.h>
+ #include <sys/filedesc.h>
+@@ -39,9 +38,10 @@
+ #include <sys/imgact.h>
+ #include <sys/imgact_elf.h>
+ #include <sys/wait.h>
++#include <sys/malloc.h>
+ #include <sys/proc.h>
++#include <sys/signalvar.h>
+ #include <sys/pioctl.h>
+-#include <sys/malloc.h>
+ #include <sys/namei.h>
+ #include <sys/sysent.h>
+ #include <sys/shm.h>
+@@ -59,6 +59,7 @@
+ #include <vm/vm_object.h>
+ #include <vm/vm_pager.h>
+ 
++#include <sys/user.h>
+ #include <machine/reg.h>
+ 
+ MALLOC_DEFINE(M_PARGS, "proc-args", "Process arguments");
+@@ -244,6 +245,28 @@
+ 		tmp = fdcopy(p);
+ 		fdfree(p);
+ 		p->p_fd = tmp;
++	}
++
++	/*
++	 * For security and other reasons, signal handlers cannot
++	 * be shared after an exec. The new proces gets a copy of the old
++	 * handlers. In execsigs(), the new process wll have its signals
++	 * reset.
++	 */
++	if (p->p_procsig->ps_refcnt > 1) {
++		struct procsig *newprocsig;
++
++		MALLOC(newprocsig, struct procsig *, sizeof(struct procsig),
++		       M_SUBPROC, M_WAITOK);
++		bcopy(p->p_procsig, newprocsig, sizeof(*newprocsig));
++		p->p_procsig->ps_refcnt--;
++		p->p_procsig = newprocsig;
++		p->p_procsig->ps_refcnt = 1;
++		if (p->p_sigacts == &p->p_addr->u_sigacts)
++			panic("shared procsig but private sigacts?\n");
++
++		p->p_addr->u_sigacts = *p->p_sigacts;
++		p->p_sigacts = &p->p_addr->u_sigacts;
+ 	}
+ 
+ 	/* Stop profiling */
diff --git a/share/security/patches/SA-01:42/signal-4.3.patch.asc b/share/security/patches/SA-01:42/signal-4.3.patch.asc
new file mode 100644
index 0000000000..439cb27f34
--- /dev/null
+++ b/share/security/patches/SA-01:42/signal-4.3.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUAO0sEGlUuHi5z0oilAQGYigP/WpjuQho0tjhgmLjYOHpDGqquv+TscvrL
+Xxf3z1QCWSfbqoSF5Zywa5igKp1pib3Ga5pWQgmyBszooW9T1WKxmmo49i2HqfLW
+xhxL+Skv3oO21Jgu48AEauOfOJ5Gz6HYp7pjdfSuv5OZ6tJR50Ukt/ZU1sm+Rwgg
+8z+JtkUujvs=
+=vTOK
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:48/tcpdump-4.x.patch b/share/security/patches/SA-01:48/tcpdump-4.x.patch
new file mode 100644
index 0000000000..e713d78ebc
--- /dev/null
+++ b/share/security/patches/SA-01:48/tcpdump-4.x.patch
@@ -0,0 +1,64 @@
+Index: print-rx.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/tcpdump/print-rx.c,v
+retrieving revision 1.1.1.1.2.1
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.1 -r1.1.1.1.2.2
+--- print-rx.c	2000/10/05 02:56:32	1.1.1.1.2.1
++++ print-rx.c	2001/07/09 01:44:11	1.1.1.1.2.2
+@@ -580,14 +580,16 @@
+ 			printf(" fid %d/%d/%d", (int) n1, (int) n2, (int) n3); \
+ 		}
+ 
+-#define STROUT(MAX) { int i; \
++#define STROUT(MAX) { unsigned int i; \
+ 			TRUNC(sizeof(int32_t)); \
+-			i = (int) ntohl(*((int *) bp)); \
++			i = ntohl(*((int *) bp)); \
++			if (i > MAX) \
++				goto trunc; \
+ 			bp += sizeof(int32_t); \
+-			TRUNC(i); \
+-			strncpy(s, bp, min(MAX, i)); \
+-			s[i] = '\0'; \
+-			printf(" \"%s\"", s); \
++			printf(" \""); \
++			if (fn_printn(bp, i, snapend)) \
++				goto trunc; \
++			printf("\""); \
+ 			bp += ((i + sizeof(int32_t) - 1) / sizeof(int32_t)) * sizeof(int32_t); \
+ 		}
+ 
+@@ -672,7 +674,9 @@
+ 				bp += sizeof(int32_t); \
+ 			} \
+ 			s[MAX] = '\0'; \
+-			printf(" \"%s\"", s); \
++			printf(" \""); \
++			fn_print(s, NULL); \
++			printf("\""); \
+ 		}
+ 
+ /*
+@@ -954,7 +958,9 @@
+ 		if (sscanf((char *) s, "%s %d\n%n", user, &acl, &n) != 2)
+ 			goto finish;
+ 		s += n;
+-		printf(" +{%s ", user);
++		printf(" +{");
++		fn_print(user, NULL);
++		printf(" ");
+ 		ACLOUT(acl);
+ 		printf("}");
+ 		if (s > end)
+@@ -965,7 +971,9 @@
+ 		if (sscanf((char *) s, "%s %d\n%n", user, &acl, &n) != 2)
+ 			goto finish;
+ 		s += n;
+-		printf(" -{%s ", user);
++		printf(" -{");
++		fn_print(user, NULL);
++		printf(" ");
+ 		ACLOUT(acl);
+ 		printf("}");
+ 		if (s > end)
diff --git a/share/security/patches/SA-01:48/tcpdump-4.x.patch.asc b/share/security/patches/SA-01:48/tcpdump-4.x.patch.asc
new file mode 100644
index 0000000000..92320e1978
--- /dev/null
+++ b/share/security/patches/SA-01:48/tcpdump-4.x.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO1SmZ1UuHi5z0oilAQHCrgQAhmjoAvfwWC1IFpvSfg2L1XbmBg8NTHPK
++QPyn8vQKmlBSPutDG/2HgUYiUrhHHKyueYA0gms1mcAopVoKLns9pxjLJWLlYiY
+IJxvFkZXVN+LMgljGPI+dMeqgFG0jAhSg8t6U7K2GxuxEnElSZ4EpOFh1xcc5TmE
+5nMDCUeqSHU=
+=T2oP
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:49/telnetd-crypto.patch b/share/security/patches/SA-01:49/telnetd-crypto.patch
new file mode 100644
index 0000000000..41bc004459
--- /dev/null
+++ b/share/security/patches/SA-01:49/telnetd-crypto.patch
@@ -0,0 +1,2651 @@
+Index: libexec/telnetd/ext.h
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v
+retrieving revision 1.8
+retrieving revision 1.10
+diff -u -r1.8 -r1.10
+--- libexec/telnetd/ext.h	2000/11/19 10:01:27	1.8
++++ libexec/telnetd/ext.h	2001/07/23 22:00:51	1.10
+@@ -76,7 +76,7 @@
+ 
+ extern char	netibuf[BUFSIZ], *netip;
+ 
+-extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
++extern char	netobuf[BUFSIZ], *nfrontp, *nbackp;
+ extern char	*neturg;		/* one past last bye of urgent data */
+ 
+ extern int	pcc, ncc;
+@@ -189,8 +189,10 @@
+ 	tty_setsofttab P((int)),
+ 	tty_tspeed P((int)),
+ 	willoption P((int)),
+-	wontoption P((int)),
+-	writenet P((unsigned char *, int));
++	wontoption P((int));
++
++int	output_data __P((const char *, ...)) __printflike(1, 2);
++void	output_datalen __P((const char *, int));
+ 
+ 
+ 
+Index: libexec/telnetd/slc.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/slc.c,v
+retrieving revision 1.9
+retrieving revision 1.11
+diff -u -r1.9 -r1.11
+--- libexec/telnetd/slc.c	2001/02/07 22:18:58	1.9
++++ libexec/telnetd/slc.c	2001/07/23 22:00:51	1.11
+@@ -176,7 +176,6 @@
+ 	register unsigned char **bufp;
+ {
+ 	register int len;
+-	void netflush();
+ 
+ 	/*
+ 	 * If a change has occured, store the new terminal control
+@@ -204,7 +203,7 @@
+ 			(void) sprintf((char *)slcptr, "%c%c", IAC, SE);
+ 			slcptr += 2;
+ 			len = slcptr - slcbuf;
+-			writenet(slcbuf, len);
++			output_datalen(slcbuf, len);
+ 			netflush();  /* force it out immediately */
+ 			DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2););
+ 		}
+Index: libexec/telnetd/state.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/state.c,v
+retrieving revision 1.12
+retrieving revision 1.14
+diff -u -r1.12 -r1.14
+--- libexec/telnetd/state.c	2001/02/18 10:25:15	1.12
++++ libexec/telnetd/state.c	2001/07/23 22:00:51	1.14
+@@ -39,6 +39,7 @@
+   "$FreeBSD$";
+ #endif /* not lint */
+ 
++#include <stdarg.h>
+ #include "telnetd.h"
+ #if	defined(AUTHENTICATION)
+ #include <libtelnet/auth.h>
+@@ -190,8 +191,7 @@
+ 				}
+ 
+ 				netclear();	/* clear buffer back */
+-				*nfrontp++ = IAC;
+-				*nfrontp++ = DM;
++				output_data("%c%c", IAC, DM);
+ 				neturg = nfrontp-1; /* off by one XXX */
+ 				DIAG(TD_OPTIONS,
+ 					printoption("td: send IAC", DM));
+@@ -444,8 +444,7 @@
+ 			set_his_want_state_will(option);
+ 		do_dont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)doopt, option);
+-	nfrontp += sizeof (dont) - 2;
++	output_data((const char *)doopt, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send do", option));
+ }
+@@ -650,8 +649,7 @@
+ 		set_his_want_state_wont(option);
+ 		do_dont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)dont, option);
+-	nfrontp += sizeof (doopt) - 2;
++	output_data((const char *)dont, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send dont", option));
+ }
+@@ -800,8 +798,7 @@
+ 		set_my_want_state_will(option);
+ 		will_wont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)will, option);
+-	nfrontp += sizeof (doopt) - 2;
++	output_data((const char *)will, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send will", option));
+ }
+@@ -954,8 +951,7 @@
+ 		set_my_want_state_wont(option);
+ 		will_wont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)wont, option);
+-	nfrontp += sizeof (wont) - 2;
++	output_data((const char *)wont, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send wont", option));
+ }
+@@ -1351,9 +1347,8 @@
+ 	    env_ovar_wrong:
+ 			env_ovar = OLD_ENV_VALUE;
+ 			env_ovalue = OLD_ENV_VAR;
+-			DIAG(TD_OPTIONS, {sprintf(nfrontp,
+-				"ENVIRON VALUE and VAR are reversed!\r\n");
+-				nfrontp += strlen(nfrontp);});
++			DIAG(TD_OPTIONS,
++			    output_data("ENVIRON VALUE and VAR are reversed!\r\n"));
+ 
+ 		}
+ 	    }
+@@ -1542,9 +1537,55 @@
+ 	ADD(IAC);
+ 	ADD(SE);
+ 
+-	writenet(statusbuf, ncp - statusbuf);
++	output_datalen(statusbuf, ncp - statusbuf);
+ 	netflush();	/* Send it on its way */
+ 
+ 	DIAG(TD_OPTIONS,
+ 		{printsub('>', statusbuf, ncp - statusbuf); netflush();});
++}
++
++/*
++ * This function appends data to nfrontp and advances nfrontp.
++ * Returns the number of characters written altogether (the
++ * buffer may have been flushed in the process).
++ */
++
++int
++output_data(const char *format, ...)
++{
++	va_list args;
++	int len;
++	char *buf;
++
++	va_start(args, format);
++	if ((len = vasprintf(&buf, format, args)) == -1)
++		return -1;
++	output_datalen(buf, len);
++	va_end(args);
++	free(buf);
++	return (len);
++}
++
++void
++output_datalen(const char *buf, int len)
++{
++	int remaining, copied;
++	
++	remaining = BUFSIZ - (nfrontp - netobuf);
++	while (len > 0) {
++		/* Free up enough space if the room is too low*/
++		if ((len > BUFSIZ ? BUFSIZ : len) > remaining) {
++			netflush();
++			remaining = BUFSIZ - (nfrontp - netobuf);
++		}
++
++		/* Copy out as much as will fit */
++		copied = remaining > len ? len : remaining;
++		memmove(nfrontp, buf, copied);
++		nfrontp += copied;
++		len -= copied;
++		remaining -= copied;
++		buf += copied;
++	}
++	return;
+ }
+Index: libexec/telnetd/telnetd.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v
+retrieving revision 1.27
+retrieving revision 1.29
+diff -u -r1.27 -r1.29
+--- libexec/telnetd/telnetd.c	2001/02/06 09:24:52	1.27
++++ libexec/telnetd/telnetd.c	2001/07/23 22:00:51	1.29
+@@ -644,34 +644,29 @@
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
+ 
+-	bcopy(sb, nfrontp, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+     }
+     if (his_state_is_will(TELOPT_XDISPLOC)) {
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
+ 
+-	bcopy(sb, nfrontp, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+     }
+     if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
+ 
+-	bcopy(sb, nfrontp, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+     }
+     else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
+ 
+-	bcopy(sb, nfrontp, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+     }
+     if (his_state_is_will(TELOPT_TTYPE)) {
+ 
+-	bcopy(ttytype_sbbuf, nfrontp, sizeof ttytype_sbbuf);
+-	nfrontp += sizeof ttytype_sbbuf;
++	output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf);
+     }
+     if (his_state_is_will(TELOPT_TSPEED)) {
+ 	while (sequenceIs(tspeedsubopt, baseline))
+@@ -748,8 +743,7 @@
+     if (his_state_is_wont(TELOPT_TTYPE))
+ 	return;
+     settimer(baseline);
+-    bcopy(ttytype_sbbuf, nfrontp, sizeof ttytype_sbbuf);
+-    nfrontp += sizeof ttytype_sbbuf;
++    output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf);
+     while (sequenceIs(ttypesubopt, baseline))
+ 	ttloop();
+ }
+@@ -915,8 +909,6 @@
+ 	int if_fd;
+ 	struct stat statbuf;
+ 
+-	void netflush();
+-
+ 	/*
+ 	 * Initialize the slc mapping table.
+ 	 */
+@@ -1000,9 +992,7 @@
+ 	 * mode, which we do not want.
+ 	 */
+ 	if (his_want_state_is_will(TELOPT_ECHO)) {
+-		DIAG(TD_OPTIONS,
+-			{sprintf(nfrontp, "td: simulating recv\r\n");
+-			 nfrontp += strlen(nfrontp);});
++		DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n"));
+ 		willoption(TELOPT_ECHO);
+ 	}
+ 
+@@ -1148,9 +1138,7 @@
+ 	localstat();
+ #endif	/* LINEMODE */
+ 
+-	DIAG(TD_REPORT,
+-		{sprintf(nfrontp, "td: Entering processing loop\r\n");
+-		 nfrontp += strlen(nfrontp);});
++	DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n"));
+ 
+ 	/*
+ 	 * Startup the login process on the slave side of the terminal
+@@ -1278,8 +1266,7 @@
+ 			netip = netibuf;
+ 		    }
+ 		    DIAG((TD_REPORT | TD_NETDATA),
+-			    {sprintf(nfrontp, "td: netread %d chars\r\n", ncc);
+-			     nfrontp += strlen(nfrontp);});
++			output_data("td: netread %d chars\r\n", ncc));
+ 		    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
+ 		}
+ 
+@@ -1326,8 +1313,7 @@
+ 					 * royally if we send them urgent
+ 					 * mode data.
+ 					 */
+-					*nfrontp++ = IAC;
+-					*nfrontp++ = DM;
++					output_data("%c%c", IAC, DM);
+ 					neturg = nfrontp-1; /* off by one XXX */
+ #endif
+ 				}
+@@ -1338,13 +1324,11 @@
+ 					    ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
+ 					if (newflow != flowmode) {
+ 						flowmode = newflow;
+-						(void) sprintf(nfrontp,
+-							"%c%c%c%c%c%c",
++						output_data("%c%c%c%c%c%c",
+ 							IAC, SB, TELOPT_LFLOW,
+ 							flowmode ? LFLOW_ON
+ 								 : LFLOW_OFF,
+ 							IAC, SE);
+-						nfrontp += 6;
+ 					}
+ 				}
+ 				pcc--;
+@@ -1367,19 +1351,19 @@
+ 				break;
+ 			c = *ptyip++ & 0377, pcc--;
+ 			if (c == IAC)
+-				*nfrontp++ = c;
++				output_data("%c", c);
+ #if	defined(CRAY2) && defined(UNICOS5)
+ 			else if (c == '\n' &&
+ 				     my_state_is_wont(TELOPT_BINARY) && newmap)
+-				*nfrontp++ = '\r';
++				output_data("\r");
+ #endif	/* defined(CRAY2) && defined(UNICOS5) */
+-			*nfrontp++ = c;
++			output_data("%c", c);
+ 			if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
+ 				if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
+-					*nfrontp++ = *ptyip++ & 0377;
++					output_data("%c", *ptyip++ & 0377);
+ 					pcc--;
+ 				} else
+-					*nfrontp++ = '\0';
++					output_data("%c", '\0');
+ 			}
+ 		}
+ #if	defined(CRAY2) && defined(UNICOS5)
+@@ -1564,8 +1548,7 @@
+ 		return;
+ 	}
+ #endif
+-	(void) strcpy(nfrontp, "\r\n[Yes]\r\n");
+-	nfrontp += 9;
++	output_data("\r\n[Yes]\r\n");
+ }
+ 
+ 	void
+Index: libexec/telnetd/termstat.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/termstat.c,v
+retrieving revision 1.10
+retrieving revision 1.12
+diff -u -r1.10 -r1.12
+--- libexec/telnetd/termstat.c	2001/02/06 10:39:24	1.10
++++ libexec/telnetd/termstat.c	2001/07/23 22:00:51	1.12
+@@ -136,7 +136,6 @@
+ 	void
+ localstat()
+ {
+-	void netflush();
+ 	int need_will_echo = 0;
+ 
+ #if	defined(CRAY2) && defined(UNICOS5)
+@@ -279,10 +278,9 @@
+ # endif	/* KLUDGELINEMODE */
+ 			send_do(TELOPT_LINEMODE, 1);
+ 			/* send along edit modes */
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
++			output_data("%c%c%c%c%c%c%c", IAC, SB,
+ 				TELOPT_LINEMODE, LM_MODE, useeditmode,
+ 				IAC, SE);
+-			nfrontp += 7;
+ 			editmode = useeditmode;
+ # ifdef	KLUDGELINEMODE
+ 		}
+@@ -308,10 +306,9 @@
+ 			/*
+ 			 * Send along appropriate edit mode mask.
+ 			 */
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
++			output_data("%c%c%c%c%c%c%c", IAC, SB,
+ 				TELOPT_LINEMODE, LM_MODE, useeditmode,
+ 				IAC, SE);
+-			nfrontp += 7;
+ 			editmode = useeditmode;
+ 		}
+ 
+@@ -355,20 +352,18 @@
+ 	if (his_state_is_will(TELOPT_LFLOW)) {
+ 		if (tty_flowmode() != flowmode) {
+ 			flowmode = tty_flowmode();
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c",
++			output_data("%c%c%c%c%c%c",
+ 					IAC, SB, TELOPT_LFLOW,
+ 					flowmode ? LFLOW_ON : LFLOW_OFF,
+ 					IAC, SE);
+-			nfrontp += 6;
+ 		}
+ 		if (tty_restartany() != restartany) {
+ 			restartany = tty_restartany();
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c",
++			output_data("%c%c%c%c%c%c",
+ 					IAC, SB, TELOPT_LFLOW,
+ 					restartany ? LFLOW_RESTART_ANY
+ 						   : LFLOW_RESTART_XON,
+ 					IAC, SE);
+-			nfrontp += 6;
+ 		}
+ 	}
+ }
+@@ -385,7 +380,6 @@
+ clientstat(code, parm1, parm2)
+ 	register int code, parm1, parm2;
+ {
+-	void netflush();
+ 
+ 	/*
+ 	 * Get a copy of terminal characteristics.
+@@ -441,10 +435,9 @@
+ 					useeditmode |= MODE_SOFT_TAB;
+ 				if (tty_islitecho())
+ 					useeditmode |= MODE_LIT_ECHO;
+-				(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
++				output_data("%c%c%c%c%c%c%c", IAC,
+ 					SB, TELOPT_LINEMODE, LM_MODE,
+ 							useeditmode, IAC, SE);
+-				nfrontp += 7;
+ 				editmode = useeditmode;
+ 			}
+ 
+@@ -500,11 +493,10 @@
+ 			set_termbuf();
+ 
+  			if (!ack) {
+- 				(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
++				output_data("%c%c%c%c%c%c%c", IAC,
+ 					SB, TELOPT_LINEMODE, LM_MODE,
+  					useeditmode|MODE_ACK,
+  					IAC, SE);
+- 				nfrontp += 7;
+  			}
+ 
+ 			editmode = useeditmode;
+Index: libexec/telnetd/utility.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v
+retrieving revision 1.14
+retrieving revision 1.16
+diff -u -r1.14 -r1.16
+--- libexec/telnetd/utility.c	2000/10/31 05:29:54	1.14
++++ libexec/telnetd/utility.c	2001/07/23 22:00:51	1.16
+@@ -62,11 +62,9 @@
+     void
+ ttloop()
+ {
+-    void netflush();
+ 
+-    DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n");
+-		     nfrontp += strlen(nfrontp);});
+-    if (nfrontp-nbackp) {
++    DIAG(TD_REPORT, output_data("td: ttloop\r\n"));
++    if (nfrontp - nbackp > 0) {
+ 	netflush();
+     }
+     ncc = read(net, netibuf, sizeof netibuf);
+@@ -77,8 +75,7 @@
+ 	syslog(LOG_INFO, "ttloop:  peer died: %m");
+ 	exit(1);
+     }
+-    DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc);
+-		     nfrontp += strlen(nfrontp);});
++    DIAG(TD_REPORT, output_data("td: ttloop read %d chars\r\n", ncc));
+     netip = netibuf;
+     telrcv();			/* state machine */
+     if (ncc > 0) {
+@@ -121,9 +118,8 @@
+ 	int n;
+ 
+ 	if ((n = pfrontp - pbackp) > 0) {
+-		DIAG((TD_REPORT | TD_PTYDATA),
+-			{ sprintf(nfrontp, "td: ptyflush %d chars\r\n", n);
+-			  nfrontp += strlen(nfrontp); });
++		DIAG(TD_REPORT | TD_PTYDATA,
++		    output_data("td: ptyflush %d chars\r\n", n));
+ 		DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
+ 		n = write(pty, pbackp, n);
+ 	}
+@@ -245,12 +241,13 @@
+     int n;
+     extern int not42;
+ 
+-    if ((n = nfrontp - nbackp) > 0) {
+-	DIAG(TD_REPORT,
+-	    { sprintf(nfrontp, "td: netflush %d chars\r\n", n);
+-	      n += strlen(nfrontp);  /* get count first */
+-	      nfrontp += strlen(nfrontp);  /* then move pointer */
+-	    });
++    while ((n = nfrontp - nbackp) > 0) {
++#if 0
++	/* XXX This causes output_data() to recurse and die */
++	DIAG(TD_REPORT, {
++	    n += output_data("td: netflush %d chars\r\n", n);
++	});
++#endif
+ 	/*
+ 	 * if no urgent data, or if the other side appears to be an
+ 	 * old 4.2 client (and thus unable to survive TCP urgent data),
+@@ -274,51 +271,25 @@
+ 		n = send(net, nbackp, n, MSG_OOB);	/* URGENT data */
+ 	    }
+ 	}
+-    }
+-    if (n < 0) {
+-	if (errno == EWOULDBLOCK || errno == EINTR)
+-		return;
+-	cleanup(0);
+-    }
+-    nbackp += n;
+-    if (nbackp >= neturg) {
+-	neturg = 0;
+-    }
+-    if (nbackp == nfrontp) {
+-	nbackp = nfrontp = netobuf;
++	if (n == -1) {
++	    if (errno == EWOULDBLOCK || errno == EINTR)
++		continue;
++	    cleanup(0);
++	    /* NOTREACHED */
++	}
++	nbackp += n;
++	if (nbackp >= neturg) {
++	    neturg = 0;
++	}
++	if (nbackp == nfrontp) {
++	    nbackp = nfrontp = netobuf;
++	}
+     }
+     return;
+ }  /* end of netflush */
+ 
+ 
+ /*
+- * writenet
+- *
+- * Just a handy little function to write a bit of raw data to the net.
+- * It will force a transmit of the buffer if necessary
+- *
+- * arguments
+- *    ptr - A pointer to a character string to write
+- *    len - How many bytes to write
+- */
+-	void
+-writenet(ptr, len)
+-	register unsigned char *ptr;
+-	register int len;
+-{
+-	/* flush buffer if no room for new data) */
+-	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
+-		/* if this fails, don't worry, buffer is a little big */
+-		netflush();
+-	}
+-
+-	bcopy(ptr, nfrontp, len);
+-	nfrontp += len;
+-
+-}  /* end of writenet */
+-
+-
+-/*
+  * miscellaneous functions doing a variety of little jobs follow ...
+  */
+ 
+@@ -513,12 +484,11 @@
+ 	register int option;
+ {
+ 	if (TELOPT_OK(option))
+-		sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option));
++		output_data("%s %s\r\n", fmt, TELOPT(option));
+ 	else if (TELCMD_OK(option))
+-		sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option));
++		output_data("%s %s\r\n", fmt, TELCMD(option));
+ 	else
+-		sprintf(nfrontp, "%s %d\r\n", fmt, option);
+-	nfrontp += strlen(nfrontp);
++		output_data("%s %d\r\n", fmt, option);
+ 	return;
+ }
+ 
+@@ -534,9 +504,8 @@
+ 		return;
+ 
+ 	if (direction) {
+-	    sprintf(nfrontp, "td: %s suboption ",
++	    output_data("td: %s suboption ",
+ 					direction == '<' ? "recv" : "send");
+-	    nfrontp += strlen(nfrontp);
+ 	    if (length >= 3) {
+ 		register int j;
+ 
+@@ -544,232 +513,192 @@
+ 		j = pointer[length-1];
+ 
+ 		if (i != IAC || j != SE) {
+-		    sprintf(nfrontp, "(terminated by ");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(terminated by ");
+ 		    if (TELOPT_OK(i))
+-			sprintf(nfrontp, "%s ", TELOPT(i));
++			output_data("%s ", TELOPT(i));
+ 		    else if (TELCMD_OK(i))
+-			sprintf(nfrontp, "%s ", TELCMD(i));
++			output_data("%s ", TELCMD(i));
+ 		    else
+-			sprintf(nfrontp, "%d ", i);
+-		    nfrontp += strlen(nfrontp);
++			output_data("%d ", i);
+ 		    if (TELOPT_OK(j))
+-			sprintf(nfrontp, "%s", TELOPT(j));
++			output_data("%s", TELOPT(j));
+ 		    else if (TELCMD_OK(j))
+-			sprintf(nfrontp, "%s", TELCMD(j));
++			output_data("%s", TELCMD(j));
+ 		    else
+-			sprintf(nfrontp, "%d", j);
+-		    nfrontp += strlen(nfrontp);
+-		    sprintf(nfrontp, ", not IAC SE!) ");
+-		    nfrontp += strlen(nfrontp);
++			output_data("%d", j);
++		    output_data(", not IAC SE!) ");
+ 		}
+ 	    }
+ 	    length -= 2;
+ 	}
+ 	if (length < 1) {
+-	    sprintf(nfrontp, "(Empty suboption??\?)");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("(Empty suboption??\?)");
+ 	    return;
+ 	}
+ 	switch (pointer[0]) {
+ 	case TELOPT_TTYPE:
+-	    sprintf(nfrontp, "TERMINAL-TYPE ");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("TERMINAL-TYPE ");
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
++		output_data("IS \"%.*s\"", length-2, (char *)pointer+2);
+ 		break;
+ 	    case TELQUAL_SEND:
+-		sprintf(nfrontp, "SEND");
++		output_data("SEND");
+ 		break;
+ 	    default:
+-		sprintf(nfrontp,
++		output_data(
+ 				"- unknown qualifier %d (0x%x).",
+ 				pointer[1], pointer[1]);
+ 	    }
+-	    nfrontp += strlen(nfrontp);
+ 	    break;
+ 	case TELOPT_TSPEED:
+-	    sprintf(nfrontp, "TERMINAL-SPEED");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("TERMINAL-SPEED");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2);
+-		nfrontp += strlen(nfrontp);
++		output_data(" IS %.*s", length-2, (char *)pointer+2);
+ 		break;
+ 	    default:
+ 		if (pointer[1] == 1)
+-		    sprintf(nfrontp, " SEND");
++		    output_data(" SEND");
+ 		else
+-		    sprintf(nfrontp, " %d (unknown)", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		    output_data(" %d (unknown)", pointer[1]);
+ 		for (i = 2; i < length; i++) {
+-		    sprintf(nfrontp, " ?%d?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?%d?", pointer[i]);
+ 		}
+ 		break;
+ 	    }
+ 	    break;
+ 
+ 	case TELOPT_LFLOW:
+-	    sprintf(nfrontp, "TOGGLE-FLOW-CONTROL");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("TOGGLE-FLOW-CONTROL");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case LFLOW_OFF:
+-		sprintf(nfrontp, " OFF"); break;
++		output_data(" OFF"); break;
+ 	    case LFLOW_ON:
+-		sprintf(nfrontp, " ON"); break;
++		output_data(" ON"); break;
+ 	    case LFLOW_RESTART_ANY:
+-		sprintf(nfrontp, " RESTART-ANY"); break;
++		output_data(" RESTART-ANY"); break;
+ 	    case LFLOW_RESTART_XON:
+-		sprintf(nfrontp, " RESTART-XON"); break;
++		output_data(" RESTART-XON"); break;
+ 	    default:
+-		sprintf(nfrontp, " %d (unknown)", pointer[1]);
++		output_data(" %d (unknown)", pointer[1]);
+ 	    }
+-	    nfrontp += strlen(nfrontp);
+ 	    for (i = 2; i < length; i++) {
+-		sprintf(nfrontp, " ?%d?", pointer[i]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[i]);
+ 	    }
+ 	    break;
+ 
+ 	case TELOPT_NAWS:
+-	    sprintf(nfrontp, "NAWS");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("NAWS");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    if (length == 2) {
+-		sprintf(nfrontp, " ?%d?", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[1]);
+ 		break;
+ 	    }
+-	    sprintf(nfrontp, " %d %d (%d)",
++	    output_data(" %d %d (%d)",
+ 		pointer[1], pointer[2],
+ 		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
+-	    nfrontp += strlen(nfrontp);
+ 	    if (length == 4) {
+-		sprintf(nfrontp, " ?%d?", pointer[3]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[3]);
+ 		break;
+ 	    }
+-	    sprintf(nfrontp, " %d %d (%d)",
++	    output_data(" %d %d (%d)",
+ 		pointer[3], pointer[4],
+ 		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
+-	    nfrontp += strlen(nfrontp);
+ 	    for (i = 5; i < length; i++) {
+-		sprintf(nfrontp, " ?%d?", pointer[i]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[i]);
+ 	    }
+ 	    break;
+ 
+ 	case TELOPT_LINEMODE:
+-	    sprintf(nfrontp, "LINEMODE ");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("LINEMODE ");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case WILL:
+-		sprintf(nfrontp, "WILL ");
++		output_data("WILL ");
+ 		goto common;
+ 	    case WONT:
+-		sprintf(nfrontp, "WONT ");
++		output_data("WONT ");
+ 		goto common;
+ 	    case DO:
+-		sprintf(nfrontp, "DO ");
++		output_data("DO ");
+ 		goto common;
+ 	    case DONT:
+-		sprintf(nfrontp, "DONT ");
++		output_data("DONT ");
+ 	    common:
+-		nfrontp += strlen(nfrontp);
+ 		if (length < 3) {
+-		    sprintf(nfrontp, "(no option??\?)");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(no option??\?)");
+ 		    break;
+ 		}
+ 		switch (pointer[2]) {
+ 		case LM_FORWARDMASK:
+-		    sprintf(nfrontp, "Forward Mask");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("Forward Mask");
+ 		    for (i = 3; i < length; i++) {
+-			sprintf(nfrontp, " %x", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" %x", pointer[i]);
+ 		    }
+ 		    break;
+ 		default:
+-		    sprintf(nfrontp, "%d (unknown)", pointer[2]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data("%d (unknown)", pointer[2]);
+ 		    for (i = 3; i < length; i++) {
+-			sprintf(nfrontp, " %d", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" %d", pointer[i]);
+ 		    }
+ 		    break;
+ 		}
+ 		break;
+ 
+ 	    case LM_SLC:
+-		sprintf(nfrontp, "SLC");
+-		nfrontp += strlen(nfrontp);
++		output_data("SLC");
+ 		for (i = 2; i < length - 2; i += 3) {
+ 		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+-			sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
++			output_data(" %s", SLC_NAME(pointer[i+SLC_FUNC]));
+ 		    else
+-			sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]);
+-		    nfrontp += strlen(nfrontp);
++			output_data(" %d", pointer[i+SLC_FUNC]);
+ 		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+ 		    case SLC_NOSUPPORT:
+-			sprintf(nfrontp, " NOSUPPORT"); break;
++			output_data(" NOSUPPORT"); break;
+ 		    case SLC_CANTCHANGE:
+-			sprintf(nfrontp, " CANTCHANGE"); break;
++			output_data(" CANTCHANGE"); break;
+ 		    case SLC_VARIABLE:
+-			sprintf(nfrontp, " VARIABLE"); break;
++			output_data(" VARIABLE"); break;
+ 		    case SLC_DEFAULT:
+-			sprintf(nfrontp, " DEFAULT"); break;
++			output_data(" DEFAULT"); break;
+ 		    }
+-		    nfrontp += strlen(nfrontp);
+-		    sprintf(nfrontp, "%s%s%s",
++		    output_data("%s%s%s",
+ 			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+ 			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+ 			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+-		    nfrontp += strlen(nfrontp);
+ 		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+ 						SLC_FLUSHOUT| SLC_LEVELBITS)) {
+-			sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]);
+-			nfrontp += strlen(nfrontp);
++			output_data("(0x%x)", pointer[i+SLC_FLAGS]);
+ 		    }
+-		    sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" %d;", pointer[i+SLC_VALUE]);
+ 		    if ((pointer[i+SLC_VALUE] == IAC) &&
+ 			(pointer[i+SLC_VALUE+1] == IAC))
+ 				i++;
+ 		}
+ 		for (; i < length; i++) {
+-		    sprintf(nfrontp, " ?%d?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?%d?", pointer[i]);
+ 		}
+ 		break;
+ 
+ 	    case LM_MODE:
+-		sprintf(nfrontp, "MODE ");
+-		nfrontp += strlen(nfrontp);
++		output_data("MODE ");
+ 		if (length < 3) {
+-		    sprintf(nfrontp, "(no mode??\?)");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(no mode??\?)");
+ 		    break;
+ 		}
+ 		{
+@@ -780,24 +709,19 @@
+ 			pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+ 			pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+ 			pointer[2]&MODE_ACK ? "|ACK" : "");
+-		    sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("%s", tbuf[1] ? &tbuf[1] : "0");
+ 		}
+ 		if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
+-		    sprintf(nfrontp, " (0x%x)", pointer[2]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" (0x%x)", pointer[2]);
+ 		}
+ 		for (i = 3; i < length; i++) {
+-		    sprintf(nfrontp, " ?0x%x?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?0x%x?", pointer[i]);
+ 		}
+ 		break;
+ 	    default:
+-		sprintf(nfrontp, "%d (unknown)", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		output_data("%d (unknown)", pointer[1]);
+ 		for (i = 2; i < length; i++) {
+-		    sprintf(nfrontp, " %d", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" %d", pointer[i]);
+ 		}
+ 	    }
+ 	    break;
+@@ -806,24 +730,20 @@
+ 	    register char *cp;
+ 	    register int j, k;
+ 
+-	    sprintf(nfrontp, "STATUS");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("STATUS");
+ 
+ 	    switch (pointer[1]) {
+ 	    default:
+ 		if (pointer[1] == TELQUAL_SEND)
+-		    sprintf(nfrontp, " SEND");
++		    output_data(" SEND");
+ 		else
+-		    sprintf(nfrontp, " %d (unknown)", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		    output_data(" %d (unknown)", pointer[1]);
+ 		for (i = 2; i < length; i++) {
+-		    sprintf(nfrontp, " ?%d?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?%d?", pointer[i]);
+ 		}
+ 		break;
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, " IS\r\n");
+-		nfrontp += strlen(nfrontp);
++		output_data(" IS\r\n");
+ 
+ 		for (i = 2; i < length; i++) {
+ 		    switch(pointer[i]) {
+@@ -834,18 +754,15 @@
+ 		    common2:
+ 			i++;
+ 			if (TELOPT_OK(pointer[i]))
+-			    sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i]));
++			    output_data(" %s %s", cp, TELOPT(pointer[i]));
+ 			else
+-			    sprintf(nfrontp, " %s %d", cp, pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			    output_data(" %s %d", cp, pointer[i]);
+ 
+-			sprintf(nfrontp, "\r\n");
+-			nfrontp += strlen(nfrontp);
++			output_data("\r\n");
+ 			break;
+ 
+ 		    case SB:
+-			sprintf(nfrontp, " SB ");
+-			nfrontp += strlen(nfrontp);
++			output_data(" SB ");
+ 			i++;
+ 			j = k = i;
+ 			while (j < length) {
+@@ -861,20 +778,17 @@
+ 			}
+ 			printsub(0, &pointer[i], k - i);
+ 			if (i < length) {
+-			    sprintf(nfrontp, " SE");
+-			    nfrontp += strlen(nfrontp);
++			    output_data(" SE");
+ 			    i = j;
+ 			} else
+ 			    i = j - 1;
+ 
+-			sprintf(nfrontp, "\r\n");
+-			nfrontp += strlen(nfrontp);
++			output_data("\r\n");
+ 
+ 			break;
+ 
+ 		    default:
+-			sprintf(nfrontp, " %d", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" %d", pointer[i]);
+ 			break;
+ 		    }
+ 		}
+@@ -884,86 +798,77 @@
+ 	  }
+ 
+ 	case TELOPT_XDISPLOC:
+-	    sprintf(nfrontp, "X-DISPLAY-LOCATION ");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("X-DISPLAY-LOCATION ");
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
++		output_data("IS \"%.*s\"", length-2, (char *)pointer+2);
+ 		break;
+ 	    case TELQUAL_SEND:
+-		sprintf(nfrontp, "SEND");
++		output_data("SEND");
+ 		break;
+ 	    default:
+-		sprintf(nfrontp, "- unknown qualifier %d (0x%x).",
++		output_data("- unknown qualifier %d (0x%x).",
+ 				pointer[1], pointer[1]);
+ 	    }
+-	    nfrontp += strlen(nfrontp);
+ 	    break;
+ 
+ 	case TELOPT_NEW_ENVIRON:
+-	    sprintf(nfrontp, "NEW-ENVIRON ");
++	    output_data("NEW-ENVIRON ");
+ 	    goto env_common1;
+ 	case TELOPT_OLD_ENVIRON:
+-	    sprintf(nfrontp, "OLD-ENVIRON");
++	    output_data("OLD-ENVIRON");
+ 	env_common1:
+-	    nfrontp += strlen(nfrontp);
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, "IS ");
++		output_data("IS ");
+ 		goto env_common;
+ 	    case TELQUAL_SEND:
+-		sprintf(nfrontp, "SEND ");
++		output_data("SEND ");
+ 		goto env_common;
+ 	    case TELQUAL_INFO:
+-		sprintf(nfrontp, "INFO ");
++		output_data("INFO ");
+ 	    env_common:
+-		nfrontp += strlen(nfrontp);
+ 		{
+ 		    register int noquote = 2;
+ 		    for (i = 2; i < length; i++ ) {
+ 			switch (pointer[i]) {
+ 			case NEW_ENV_VAR:
+-			    sprintf(nfrontp, "\" VAR " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" VAR " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case NEW_ENV_VALUE:
+-			    sprintf(nfrontp, "\" VALUE " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" VALUE " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case ENV_ESC:
+-			    sprintf(nfrontp, "\" ESC " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" ESC " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case ENV_USERVAR:
+-			    sprintf(nfrontp, "\" USERVAR " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" USERVAR " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			default:
+ 			    if (isprint(pointer[i]) && pointer[i] != '"') {
+ 				if (noquote) {
+-				    *nfrontp++ = '"';
++				    output_data("\"");
+ 				    noquote = 0;
+ 				}
+-				*nfrontp++ = pointer[i];
++				output_data("%c", pointer[i]);
+ 			    } else {
+-				sprintf(nfrontp, "\" %03o " + noquote,
++				output_data("\" %03o " + noquote,
+ 							pointer[i]);
+-				nfrontp += strlen(nfrontp);
+ 				noquote = 2;
+ 			    }
+ 			    break;
+ 			}
+ 		    }
+ 		    if (!noquote)
+-			*nfrontp++ = '"';
++			output_data("\"");
+ 		    break;
+ 		}
+ 	    }
+@@ -971,83 +876,66 @@
+ 
+ #if	defined(AUTHENTICATION)
+ 	case TELOPT_AUTHENTICATION:
+-	    sprintf(nfrontp, "AUTHENTICATION");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("AUTHENTICATION");
+ 
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_REPLY:
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ?
++		output_data(" %s ", (pointer[1] == TELQUAL_IS) ?
+ 							"IS" : "REPLY");
+-		nfrontp += strlen(nfrontp);
+ 		if (AUTHTYPE_NAME_OK(pointer[2]))
+-		    sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2]));
++		    output_data("%s ", AUTHTYPE_NAME(pointer[2]));
+ 		else
+-		    sprintf(nfrontp, "%d ", pointer[2]);
+-		nfrontp += strlen(nfrontp);
++		    output_data("%d ", pointer[2]);
+ 		if (length < 3) {
+-		    sprintf(nfrontp, "(partial suboption??\?)");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(partial suboption??\?)");
+ 		    break;
+ 		}
+-		sprintf(nfrontp, "%s|%s",
++		output_data("%s|%s",
+ 			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+ 			"CLIENT" : "SERVER",
+ 			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+ 			"MUTUAL" : "ONE-WAY");
+-		nfrontp += strlen(nfrontp);
+ 
+     		{
+ 		    char buf[512];
+ 		    auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+-		    sprintf(nfrontp, "%s", buf);
++		    output_data("%s", buf);
+ 		}
+-		nfrontp += strlen(nfrontp);
+ 		break;
+ 
+ 	    case TELQUAL_SEND:
+ 		i = 2;
+-		sprintf(nfrontp, " SEND ");
+-		nfrontp += strlen(nfrontp);
++		output_data(" SEND ");
+ 		while (i < length) {
+ 		    if (AUTHTYPE_NAME_OK(pointer[i]))
+-			sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i]));
++			output_data("%s ", AUTHTYPE_NAME(pointer[i]));
+ 		    else
+-			sprintf(nfrontp, "%d ", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++			output_data("%d ", pointer[i]);
+ 		    if (++i >= length) {
+-			sprintf(nfrontp, "(partial suboption??\?)");
+-			nfrontp += strlen(nfrontp);
++			output_data("(partial suboption??\?)");
+ 			break;
+ 		    }
+-		    sprintf(nfrontp, "%s|%s ",
++		    output_data("%s|%s ",
+ 			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+ 							"CLIENT" : "SERVER",
+ 			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+ 							"MUTUAL" : "ONE-WAY");
+-		    nfrontp += strlen(nfrontp);
+ 		    ++i;
+ 		}
+ 		break;
+ 
+ 	    case TELQUAL_NAME:
+-		i = 2;
+-		sprintf(nfrontp, " NAME \"");
+-		nfrontp += strlen(nfrontp);
+-		while (i < length)
+-		    *nfrontp += pointer[i++];
+-		*nfrontp += '"';
++		output_data(" NAME \"%.*s\"", length - 2, pointer + 2);
+ 		break;
+ 
+ 	    default:
+ 		    for (i = 2; i < length; i++) {
+-			sprintf(nfrontp, " ?%d?", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" ?%d?", pointer[i]);
+ 		    }
+ 		    break;
+ 	    }
+@@ -1057,18 +945,15 @@
+ 
+ 	default:
+ 	    if (TELOPT_OK(pointer[0]))
+-	        sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0]));
++	        output_data("%s (unknown)", TELOPT(pointer[0]));
+ 	    else
+-	        sprintf(nfrontp, "%d (unknown)", pointer[i]);
+-	    nfrontp += strlen(nfrontp);
++	        output_data("%d (unknown)", pointer[i]);
+ 	    for (i = 1; i < length; i++) {
+-		sprintf(nfrontp, " %d", pointer[i]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" %d", pointer[i]);
+ 	    }
+ 	    break;
+ 	}
+-	sprintf(nfrontp, "\r\n");
+-	nfrontp += strlen(nfrontp);
++	output_data("\r\n");
+ }
+ 
+ /*
+@@ -1090,26 +975,22 @@
+ 		}
+ 
+ 		/* add a line of output */
+-		sprintf(nfrontp, "%s: ", tag);
+-		nfrontp += strlen(nfrontp);
++		output_data("%s: ", tag);
+ 		for (i = 0; i < 20 && cnt; i++) {
+-			sprintf(nfrontp, "%02x", *ptr);
+-			nfrontp += strlen(nfrontp);
++			output_data("%02x", *ptr);
+ 			if (isprint(*ptr)) {
+ 				xbuf[i] = *ptr;
+ 			} else {
+ 				xbuf[i] = '.';
+ 			}
+ 			if (i % 2) {
+-				*nfrontp = ' ';
+-				nfrontp++;
++				output_data(" ");
+ 			}
+ 			cnt--;
+ 			ptr++;
+ 		}
+ 		xbuf[i] = '\0';
+-		sprintf(nfrontp, " %s\r\n", xbuf );
+-		nfrontp += strlen(nfrontp);
++		output_data(" %s\r\n", xbuf );
+ 	}
+ }
+ #endif /* DIAGNOSTICS */
+Index: crypto/telnet/telnetd/authenc.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/telnet/telnetd/authenc.c,v
+retrieving revision 1.5
+retrieving revision 1.6
+diff -u -r1.5 -r1.6
+--- crypto/telnet/telnetd/authenc.c	2000/07/16 05:52:45	1.5
++++ crypto/telnet/telnetd/authenc.c	2001/07/19 17:48:57	1.6
+@@ -49,8 +49,7 @@
+ 	int len;
+ {
+ 	if (nfrontp + len < netobuf + BUFSIZ) {
+-		memmove((void *)nfrontp, (void *)str, len);
+-		nfrontp += len;
++		output_datalen(str, len);
+ 		return(len);
+ 	}
+ 	return(0);
+Index: crypto/telnet/telnetd/ext.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/telnet/telnetd/ext.h,v
+retrieving revision 1.4
+retrieving revision 1.7
+diff -u -r1.4 -r1.7
+--- crypto/telnet/telnetd/ext.h	2000/07/16 05:52:45	1.4
++++ crypto/telnet/telnetd/ext.h	2001/07/23 21:52:26	1.7
+@@ -74,7 +74,7 @@
+ 
+ extern char	netibuf[BUFSIZ], *netip;
+ 
+-extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
++extern char	netobuf[BUFSIZ], *nfrontp, *nbackp;
+ extern char	*neturg;		/* one past last bye of urgent data */
+ 
+ extern int	pcc, ncc;
+@@ -187,8 +187,10 @@
+ 	tty_setsofttab P((int)),
+ 	tty_tspeed P((int)),
+ 	willoption P((int)),
+-	wontoption P((int)),
+-	writenet P((unsigned char *, int));
++	wontoption P((int));
++
++int	output_data __P((const char *, ...)) __printflike(1, 2);
++void	output_datalen __P((const char *, int));
+ 
+ #ifdef	ENCRYPTION
+ extern void	(*encrypt_output) P((unsigned char *, int));
+Index: crypto/telnet/telnetd/slc.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/telnet/telnetd/slc.c,v
+retrieving revision 1.5
+retrieving revision 1.7
+diff -u -r1.5 -r1.7
+--- crypto/telnet/telnetd/slc.c	2000/07/16 05:52:45	1.5
++++ crypto/telnet/telnetd/slc.c	2001/07/23 21:52:26	1.7
+@@ -176,7 +176,6 @@
+ 	register unsigned char **bufp;
+ {
+ 	register int len;
+-	void netflush();
+ 
+ 	/*
+ 	 * If a change has occured, store the new terminal control
+@@ -204,7 +203,7 @@
+ 			(void) sprintf((char *)slcptr, "%c%c", IAC, SE);
+ 			slcptr += 2;
+ 			len = slcptr - slcbuf;
+-			writenet(slcbuf, len);
++			output_datalen(slcbuf, len);
+ 			netflush();  /* force it out immediately */
+ 			DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2););
+ 		}
+Index: crypto/telnet/telnetd/state.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/telnet/telnetd/state.c,v
+retrieving revision 1.5
+retrieving revision 1.9
+diff -u -r1.5 -r1.9
+--- crypto/telnet/telnetd/state.c	2000/07/16 05:52:45	1.5
++++ crypto/telnet/telnetd/state.c	2001/07/23 21:52:26	1.9
+@@ -39,6 +39,7 @@
+   "$FreeBSD$";
+ #endif /* not lint */
+ 
++#include <stdarg.h>
+ #include "telnetd.h"
+ #if	defined(AUTHENTICATION)
+ #include <libtelnet/auth.h>
+@@ -205,8 +206,7 @@
+ 				}
+ 
+ 				netclear();	/* clear buffer back */
+-				*nfrontp++ = IAC;
+-				*nfrontp++ = DM;
++				output_data("%c%c", IAC, DM);
+ 				neturg = nfrontp-1; /* off by one XXX */
+ 				DIAG(TD_OPTIONS,
+ 					printoption("td: send IAC", DM));
+@@ -459,8 +459,7 @@
+ 			set_his_want_state_will(option);
+ 		do_dont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)doopt, option);
+-	nfrontp += sizeof (dont) - 2;
++	output_data((const char *)doopt, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send do", option));
+ }
+@@ -679,8 +678,7 @@
+ 		set_his_want_state_wont(option);
+ 		do_dont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)dont, option);
+-	nfrontp += sizeof (doopt) - 2;
++	output_data((const char *)dont, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send dont", option));
+ }
+@@ -828,8 +826,7 @@
+ 		set_my_want_state_will(option);
+ 		will_wont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)will, option);
+-	nfrontp += sizeof (doopt) - 2;
++	output_data((const char *)will, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send will", option));
+ }
+@@ -987,8 +984,7 @@
+ 		set_my_want_state_wont(option);
+ 		will_wont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)wont, option);
+-	nfrontp += sizeof (wont) - 2;
++	output_data((const char *)wont, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send wont", option));
+ }
+@@ -1384,9 +1380,8 @@
+ 	    env_ovar_wrong:
+ 			env_ovar = OLD_ENV_VALUE;
+ 			env_ovalue = OLD_ENV_VAR;
+-			DIAG(TD_OPTIONS, {sprintf(nfrontp,
+-				"ENVIRON VALUE and VAR are reversed!\r\n");
+-				nfrontp += strlen(nfrontp);});
++			DIAG(TD_OPTIONS,
++			    output_data("ENVIRON VALUE and VAR are reversed!\r\n"));
+ 
+ 		}
+ 	    }
+@@ -1611,9 +1606,55 @@
+ 	ADD(IAC);
+ 	ADD(SE);
+ 
+-	writenet(statusbuf, ncp - statusbuf);
++	output_datalen(statusbuf, ncp - statusbuf);
+ 	netflush();	/* Send it on its way */
+ 
+ 	DIAG(TD_OPTIONS,
+ 		{printsub('>', statusbuf, ncp - statusbuf); netflush();});
++}
++
++/*
++ * This function appends data to nfrontp and advances nfrontp.
++ * Returns the number of characters written altogether (the
++ * buffer may have been flushed in the process).
++ */
++
++int
++output_data(const char *format, ...)
++{
++	va_list args;
++	int len;
++	char *buf;
++
++	va_start(args, format);
++	if ((len = vasprintf(&buf, format, args)) == -1)
++		return -1;
++	output_datalen(buf, len);
++	va_end(args);
++	free(buf);
++	return (len);
++}
++
++void
++output_datalen(const char *buf, int len)
++{
++	int remaining, copied;
++	
++	remaining = BUFSIZ - (nfrontp - netobuf);
++	while (len > 0) {
++		/* Free up enough space if the room is too low*/
++		if ((len > BUFSIZ ? BUFSIZ : len) > remaining) {
++			netflush();
++			remaining = BUFSIZ - (nfrontp - netobuf);
++		}
++
++		/* Copy out as much as will fit */
++		copied = remaining > len ? len : remaining;
++		memmove(nfrontp, buf, copied);
++		nfrontp += copied;
++		len -= copied;
++		remaining -= copied;
++		buf += copied;
++	}
++	return;
+ }
+Index: crypto/telnet/telnetd/telnetd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/telnet/telnetd/telnetd.c,v
+retrieving revision 1.15
+retrieving revision 1.17
+diff -u -r1.15 -r1.17
+--- crypto/telnet/telnetd/telnetd.c	2001/02/06 09:32:26	1.15
++++ crypto/telnet/telnetd/telnetd.c	2001/07/23 21:52:26	1.17
+@@ -683,38 +683,33 @@
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
+ 
+-	memmove(nfrontp, sb, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+ 	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+     }
+     if (his_state_is_will(TELOPT_XDISPLOC)) {
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
+ 
+-	memmove(nfrontp, sb, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+ 	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+     }
+     if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
+ 
+-	memmove(nfrontp, sb, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+ 	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+     }
+     else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
+ 
+-	memmove(nfrontp, sb, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+ 	DIAG(TD_OPTIONS, printsub('>', sb + 2, sizeof sb - 2););
+     }
+     if (his_state_is_will(TELOPT_TTYPE)) {
+ 
+-	memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
+-	nfrontp += sizeof ttytype_sbbuf;
++	output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf);
+ 	DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
+ 					sizeof ttytype_sbbuf - 2););
+     }
+@@ -793,8 +788,7 @@
+     if (his_state_is_wont(TELOPT_TTYPE))
+ 	return;
+     settimer(baseline);
+-    memmove(nfrontp, ttytype_sbbuf, sizeof ttytype_sbbuf);
+-    nfrontp += sizeof ttytype_sbbuf;
++    output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf);
+     DIAG(TD_OPTIONS, printsub('>', ttytype_sbbuf + 2,
+ 					sizeof ttytype_sbbuf - 2););
+     while (sequenceIs(ttypesubopt, baseline))
+@@ -958,7 +952,6 @@
+ 	char *HE;
+ 	char *HN;
+ 	char *IM;
+-	void netflush();
+ 	int nfd;
+ 
+ 	/*
+@@ -1044,9 +1037,7 @@
+ 	 * mode, which we do not want.
+ 	 */
+ 	if (his_want_state_is_will(TELOPT_ECHO)) {
+-		DIAG(TD_OPTIONS,
+-			{sprintf(nfrontp, "td: simulating recv\r\n");
+-			 nfrontp += strlen(nfrontp);});
++		DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n"));
+ 		willoption(TELOPT_ECHO);
+ 	}
+ 
+@@ -1181,9 +1172,7 @@
+ 	localstat();
+ #endif	/* LINEMODE */
+ 
+-	DIAG(TD_REPORT,
+-		{sprintf(nfrontp, "td: Entering processing loop\r\n");
+-		 nfrontp += strlen(nfrontp);});
++	DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n"));
+ 
+ 	/*
+ 	 * Startup the login process on the slave side of the terminal
+@@ -1312,8 +1301,7 @@
+ 			netip = netibuf;
+ 		    }
+ 		    DIAG((TD_REPORT | TD_NETDATA),
+-			    {sprintf(nfrontp, "td: netread %d chars\r\n", ncc);
+-			     nfrontp += strlen(nfrontp);});
++			output_data("td: netread %d chars\r\n", ncc));
+ 		    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
+ 		}
+ 
+@@ -1360,8 +1348,7 @@
+ 					 * royally if we send them urgent
+ 					 * mode data.
+ 					 */
+-					*nfrontp++ = IAC;
+-					*nfrontp++ = DM;
++					output_data("%c%c", IAC, DM);
+ 					neturg = nfrontp-1; /* off by one XXX */
+ 					DIAG(TD_OPTIONS,
+ 					    printoption("td: send IAC", DM));
+@@ -1375,13 +1362,11 @@
+ 					    ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
+ 					if (newflow != flowmode) {
+ 						flowmode = newflow;
+-						(void) sprintf(nfrontp,
+-							"%c%c%c%c%c%c",
++						output_data("%c%c%c%c%c%c",
+ 							IAC, SB, TELOPT_LFLOW,
+ 							flowmode ? LFLOW_ON
+ 								 : LFLOW_OFF,
+ 							IAC, SE);
+-						nfrontp += 6;
+ 						DIAG(TD_OPTIONS, printsub('>',
+ 						    (unsigned char *)nfrontp-4,
+ 						    4););
+@@ -1407,19 +1392,19 @@
+ 				break;
+ 			c = *ptyip++ & 0377, pcc--;
+ 			if (c == IAC)
+-				*nfrontp++ = c;
++				output_data("%c", c);
+ #if	defined(CRAY2) && defined(UNICOS5)
+ 			else if (c == '\n' &&
+ 				     my_state_is_wont(TELOPT_BINARY) && newmap)
+-				*nfrontp++ = '\r';
++				output_data("\r");
+ #endif	/* defined(CRAY2) && defined(UNICOS5) */
+-			*nfrontp++ = c;
++			output_data("%c", c);
+ 			if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
+ 				if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
+-					*nfrontp++ = *ptyip++ & 0377;
++					output_data("%c", *ptyip++ & 0377);
+ 					pcc--;
+ 				} else
+-					*nfrontp++ = '\0';
++					output_data("%c", '\0');
+ 			}
+ 		}
+ #if	defined(CRAY2) && defined(UNICOS5)
+@@ -1613,8 +1598,7 @@
+ 		return;
+ 	}
+ #endif
+-	(void) strcpy(nfrontp, "\r\n[Yes]\r\n");
+-	nfrontp += 9;
++	output_data("\r\n[Yes]\r\n");
+ }
+ 
+ 	void
+Index: crypto/telnet/telnetd/termstat.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/telnet/telnetd/termstat.c,v
+retrieving revision 1.6
+retrieving revision 1.8
+diff -u -r1.6 -r1.8
+--- crypto/telnet/telnetd/termstat.c	2001/02/06 10:38:58	1.6
++++ crypto/telnet/telnetd/termstat.c	2001/07/23 21:52:26	1.8
+@@ -140,7 +140,6 @@
+ 	void
+ localstat()
+ {
+-	void netflush();
+ 	int need_will_echo = 0;
+ 
+ #if	defined(CRAY2) && defined(UNICOS5)
+@@ -302,10 +301,9 @@
+ # endif	/* KLUDGELINEMODE */
+ 			send_do(TELOPT_LINEMODE, 1);
+ 			/* send along edit modes */
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
++			output_data("%c%c%c%c%c%c%c", IAC, SB,
+ 				TELOPT_LINEMODE, LM_MODE, useeditmode,
+ 				IAC, SE);
+-			nfrontp += 7;
+ 			editmode = useeditmode;
+ # ifdef	KLUDGELINEMODE
+ 		}
+@@ -331,10 +329,9 @@
+ 			/*
+ 			 * Send along appropriate edit mode mask.
+ 			 */
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
++			output_data("%c%c%c%c%c%c%c", IAC, SB,
+ 				TELOPT_LINEMODE, LM_MODE, useeditmode,
+ 				IAC, SE);
+-			nfrontp += 7;
+ 			editmode = useeditmode;
+ 		}
+ 
+@@ -378,20 +375,18 @@
+ 	if (his_state_is_will(TELOPT_LFLOW)) {
+ 		if (tty_flowmode() != flowmode) {
+ 			flowmode = tty_flowmode();
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c",
++			output_data("%c%c%c%c%c%c",
+ 					IAC, SB, TELOPT_LFLOW,
+ 					flowmode ? LFLOW_ON : LFLOW_OFF,
+ 					IAC, SE);
+-			nfrontp += 6;
+ 		}
+ 		if (tty_restartany() != restartany) {
+ 			restartany = tty_restartany();
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c",
++			output_data("%c%c%c%c%c%c",
+ 					IAC, SB, TELOPT_LFLOW,
+ 					restartany ? LFLOW_RESTART_ANY
+ 						   : LFLOW_RESTART_XON,
+ 					IAC, SE);
+-			nfrontp += 6;
+ 		}
+ 	}
+ }
+@@ -408,7 +403,6 @@
+ clientstat(code, parm1, parm2)
+ 	register int code, parm1, parm2;
+ {
+-	void netflush();
+ 
+ 	/*
+ 	 * Get a copy of terminal characteristics.
+@@ -464,10 +458,9 @@
+ 					useeditmode |= MODE_SOFT_TAB;
+ 				if (tty_islitecho())
+ 					useeditmode |= MODE_LIT_ECHO;
+-				(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
++				output_data("%c%c%c%c%c%c%c", IAC,
+ 					SB, TELOPT_LINEMODE, LM_MODE,
+ 							useeditmode, IAC, SE);
+-				nfrontp += 7;
+ 				editmode = useeditmode;
+ 			}
+ 
+@@ -523,11 +516,10 @@
+ 			set_termbuf();
+ 
+  			if (!ack) {
+- 				(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
++				output_data("%c%c%c%c%c%c%c", IAC,
+ 					SB, TELOPT_LINEMODE, LM_MODE,
+  					useeditmode|MODE_ACK,
+  					IAC, SE);
+- 				nfrontp += 7;
+  			}
+ 
+ 			editmode = useeditmode;
+Index: crypto/telnet/telnetd/utility.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/telnet/telnetd/utility.c,v
+retrieving revision 1.7
+retrieving revision 1.10
+diff -u -r1.7 -r1.10
+--- crypto/telnet/telnetd/utility.c	2000/11/30 10:55:25	1.7
++++ crypto/telnet/telnetd/utility.c	2001/07/23 21:52:26	1.10
+@@ -69,11 +69,9 @@
+     void
+ ttloop()
+ {
+-    void netflush();
+ 
+-    DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n");
+-		     nfrontp += strlen(nfrontp);});
+-    if (nfrontp-nbackp) {
++    DIAG(TD_REPORT, output_data("td: ttloop\r\n"));
++    if (nfrontp - nbackp > 0) {
+ 	netflush();
+     }
+     ncc = read(net, netibuf, sizeof netibuf);
+@@ -84,8 +82,7 @@
+ 	syslog(LOG_INFO, "ttloop:  peer died: %m");
+ 	exit(1);
+     }
+-    DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc);
+-		     nfrontp += strlen(nfrontp);});
++    DIAG(TD_REPORT, output_data("td: ttloop read %d chars\r\n", ncc));
+     netip = netibuf;
+     telrcv();			/* state machine */
+     if (ncc > 0) {
+@@ -128,9 +125,8 @@
+ 	int n;
+ 
+ 	if ((n = pfrontp - pbackp) > 0) {
+-		DIAG((TD_REPORT | TD_PTYDATA),
+-			{ sprintf(nfrontp, "td: ptyflush %d chars\r\n", n);
+-			  nfrontp += strlen(nfrontp); });
++		DIAG(TD_REPORT | TD_PTYDATA,
++		    output_data("td: ptyflush %d chars\r\n", n));
+ 		DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
+ 		n = write(pty, pbackp, n);
+ 	}
+@@ -260,12 +256,13 @@
+     int n;
+     extern int not42;
+ 
+-    if ((n = nfrontp - nbackp) > 0) {
+-	DIAG(TD_REPORT,
+-	    { sprintf(nfrontp, "td: netflush %d chars\r\n", n);
+-	      n += strlen(nfrontp);  /* get count first */
+-	      nfrontp += strlen(nfrontp);  /* then move pointer */
+-	    });
++    while ((n = nfrontp - nbackp) > 0) {
++#if 0
++	/* XXX This causes output_data() to recurse and die */
++	DIAG(TD_REPORT, {
++	    n += output_data("td: netflush %d chars\r\n", n);
++	});
++#endif
+ #ifdef	ENCRYPTION
+ 	if (encrypt_output) {
+ 		char *s = nclearto ? nclearto : nbackp;
+@@ -298,58 +295,32 @@
+ 		n = send(net, nbackp, n, MSG_OOB);	/* URGENT data */
+ 	    }
+ 	}
+-    }
+-    if (n < 0) {
+-	if (errno == EWOULDBLOCK || errno == EINTR)
+-		return;
+-	cleanup(0);
+-    }
+-    nbackp += n;
++	if (n == -1) {
++	    if (errno == EWOULDBLOCK || errno == EINTR)
++		continue;
++	    cleanup(0);
++	    /* NOTREACHED */
++	}
++	nbackp += n;
+ #ifdef	ENCRYPTION
+-    if (nbackp > nclearto)
+-	nclearto = 0;
++	if (nbackp > nclearto)
++	    nclearto = 0;
+ #endif	/* ENCRYPTION */
+-    if (nbackp >= neturg) {
+-	neturg = 0;
+-    }
+-    if (nbackp == nfrontp) {
+-	nbackp = nfrontp = netobuf;
++	if (nbackp >= neturg) {
++	    neturg = 0;
++	}
++	if (nbackp == nfrontp) {
++	    nbackp = nfrontp = netobuf;
+ #ifdef	ENCRYPTION
+-	nclearto = 0;
++	    nclearto = 0;
+ #endif	/* ENCRYPTION */
++	}
+     }
+     return;
+ }  /* end of netflush */
+ 
+ 
+ /*
+- * writenet
+- *
+- * Just a handy little function to write a bit of raw data to the net.
+- * It will force a transmit of the buffer if necessary
+- *
+- * arguments
+- *    ptr - A pointer to a character string to write
+- *    len - How many bytes to write
+- */
+-	void
+-writenet(ptr, len)
+-	register unsigned char *ptr;
+-	register int len;
+-{
+-	/* flush buffer if no room for new data) */
+-	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
+-		/* if this fails, don't worry, buffer is a little big */
+-		netflush();
+-	}
+-
+-	memmove(nfrontp, ptr, len);
+-	nfrontp += len;
+-
+-}  /* end of writenet */
+-
+-
+-/*
+  * miscellaneous functions doing a variety of little jobs follow ...
+  */
+ 
+@@ -554,12 +525,11 @@
+ 	register int option;
+ {
+ 	if (TELOPT_OK(option))
+-		sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option));
++		output_data("%s %s\r\n", fmt, TELOPT(option));
+ 	else if (TELCMD_OK(option))
+-		sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option));
++		output_data("%s %s\r\n", fmt, TELCMD(option));
+ 	else
+-		sprintf(nfrontp, "%s %d\r\n", fmt, option);
+-	nfrontp += strlen(nfrontp);
++		output_data("%s %d\r\n", fmt, option);
+ 	return;
+ }
+ 
+@@ -575,9 +545,8 @@
+ 		return;
+ 
+ 	if (direction) {
+-	    sprintf(nfrontp, "td: %s suboption ",
++	    output_data("td: %s suboption ",
+ 					direction == '<' ? "recv" : "send");
+-	    nfrontp += strlen(nfrontp);
+ 	    if (length >= 3) {
+ 		register int j;
+ 
+@@ -585,232 +554,192 @@
+ 		j = pointer[length-1];
+ 
+ 		if (i != IAC || j != SE) {
+-		    sprintf(nfrontp, "(terminated by ");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(terminated by ");
+ 		    if (TELOPT_OK(i))
+-			sprintf(nfrontp, "%s ", TELOPT(i));
++			output_data("%s ", TELOPT(i));
+ 		    else if (TELCMD_OK(i))
+-			sprintf(nfrontp, "%s ", TELCMD(i));
++			output_data("%s ", TELCMD(i));
+ 		    else
+-			sprintf(nfrontp, "%d ", i);
+-		    nfrontp += strlen(nfrontp);
++			output_data("%d ", i);
+ 		    if (TELOPT_OK(j))
+-			sprintf(nfrontp, "%s", TELOPT(j));
++			output_data("%s", TELOPT(j));
+ 		    else if (TELCMD_OK(j))
+-			sprintf(nfrontp, "%s", TELCMD(j));
++			output_data("%s", TELCMD(j));
+ 		    else
+-			sprintf(nfrontp, "%d", j);
+-		    nfrontp += strlen(nfrontp);
+-		    sprintf(nfrontp, ", not IAC SE!) ");
+-		    nfrontp += strlen(nfrontp);
++			output_data("%d", j);
++		    output_data(", not IAC SE!) ");
+ 		}
+ 	    }
+ 	    length -= 2;
+ 	}
+ 	if (length < 1) {
+-	    sprintf(nfrontp, "(Empty suboption??\?)");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("(Empty suboption??\?)");
+ 	    return;
+ 	}
+ 	switch (pointer[0]) {
+ 	case TELOPT_TTYPE:
+-	    sprintf(nfrontp, "TERMINAL-TYPE ");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("TERMINAL-TYPE ");
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
++		output_data("IS \"%.*s\"", length-2, (char *)pointer+2);
+ 		break;
+ 	    case TELQUAL_SEND:
+-		sprintf(nfrontp, "SEND");
++		output_data("SEND");
+ 		break;
+ 	    default:
+-		sprintf(nfrontp,
++		output_data(
+ 				"- unknown qualifier %d (0x%x).",
+ 				pointer[1], pointer[1]);
+ 	    }
+-	    nfrontp += strlen(nfrontp);
+ 	    break;
+ 	case TELOPT_TSPEED:
+-	    sprintf(nfrontp, "TERMINAL-SPEED");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("TERMINAL-SPEED");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2);
+-		nfrontp += strlen(nfrontp);
++		output_data(" IS %.*s", length-2, (char *)pointer+2);
+ 		break;
+ 	    default:
+ 		if (pointer[1] == 1)
+-		    sprintf(nfrontp, " SEND");
++		    output_data(" SEND");
+ 		else
+-		    sprintf(nfrontp, " %d (unknown)", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		    output_data(" %d (unknown)", pointer[1]);
+ 		for (i = 2; i < length; i++) {
+-		    sprintf(nfrontp, " ?%d?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?%d?", pointer[i]);
+ 		}
+ 		break;
+ 	    }
+ 	    break;
+ 
+ 	case TELOPT_LFLOW:
+-	    sprintf(nfrontp, "TOGGLE-FLOW-CONTROL");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("TOGGLE-FLOW-CONTROL");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case LFLOW_OFF:
+-		sprintf(nfrontp, " OFF"); break;
++		output_data(" OFF"); break;
+ 	    case LFLOW_ON:
+-		sprintf(nfrontp, " ON"); break;
++		output_data(" ON"); break;
+ 	    case LFLOW_RESTART_ANY:
+-		sprintf(nfrontp, " RESTART-ANY"); break;
++		output_data(" RESTART-ANY"); break;
+ 	    case LFLOW_RESTART_XON:
+-		sprintf(nfrontp, " RESTART-XON"); break;
++		output_data(" RESTART-XON"); break;
+ 	    default:
+-		sprintf(nfrontp, " %d (unknown)", pointer[1]);
++		output_data(" %d (unknown)", pointer[1]);
+ 	    }
+-	    nfrontp += strlen(nfrontp);
+ 	    for (i = 2; i < length; i++) {
+-		sprintf(nfrontp, " ?%d?", pointer[i]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[i]);
+ 	    }
+ 	    break;
+ 
+ 	case TELOPT_NAWS:
+-	    sprintf(nfrontp, "NAWS");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("NAWS");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    if (length == 2) {
+-		sprintf(nfrontp, " ?%d?", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[1]);
+ 		break;
+ 	    }
+-	    sprintf(nfrontp, " %d %d (%d)",
++	    output_data(" %d %d (%d)",
+ 		pointer[1], pointer[2],
+ 		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
+-	    nfrontp += strlen(nfrontp);
+ 	    if (length == 4) {
+-		sprintf(nfrontp, " ?%d?", pointer[3]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[3]);
+ 		break;
+ 	    }
+-	    sprintf(nfrontp, " %d %d (%d)",
++	    output_data(" %d %d (%d)",
+ 		pointer[3], pointer[4],
+ 		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
+-	    nfrontp += strlen(nfrontp);
+ 	    for (i = 5; i < length; i++) {
+-		sprintf(nfrontp, " ?%d?", pointer[i]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[i]);
+ 	    }
+ 	    break;
+ 
+ 	case TELOPT_LINEMODE:
+-	    sprintf(nfrontp, "LINEMODE ");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("LINEMODE ");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case WILL:
+-		sprintf(nfrontp, "WILL ");
++		output_data("WILL ");
+ 		goto common;
+ 	    case WONT:
+-		sprintf(nfrontp, "WONT ");
++		output_data("WONT ");
+ 		goto common;
+ 	    case DO:
+-		sprintf(nfrontp, "DO ");
++		output_data("DO ");
+ 		goto common;
+ 	    case DONT:
+-		sprintf(nfrontp, "DONT ");
++		output_data("DONT ");
+ 	    common:
+-		nfrontp += strlen(nfrontp);
+ 		if (length < 3) {
+-		    sprintf(nfrontp, "(no option??\?)");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(no option??\?)");
+ 		    break;
+ 		}
+ 		switch (pointer[2]) {
+ 		case LM_FORWARDMASK:
+-		    sprintf(nfrontp, "Forward Mask");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("Forward Mask");
+ 		    for (i = 3; i < length; i++) {
+-			sprintf(nfrontp, " %x", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" %x", pointer[i]);
+ 		    }
+ 		    break;
+ 		default:
+-		    sprintf(nfrontp, "%d (unknown)", pointer[2]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data("%d (unknown)", pointer[2]);
+ 		    for (i = 3; i < length; i++) {
+-			sprintf(nfrontp, " %d", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" %d", pointer[i]);
+ 		    }
+ 		    break;
+ 		}
+ 		break;
+ 
+ 	    case LM_SLC:
+-		sprintf(nfrontp, "SLC");
+-		nfrontp += strlen(nfrontp);
++		output_data("SLC");
+ 		for (i = 2; i < length - 2; i += 3) {
+ 		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+-			sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
++			output_data(" %s", SLC_NAME(pointer[i+SLC_FUNC]));
+ 		    else
+-			sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]);
+-		    nfrontp += strlen(nfrontp);
++			output_data(" %d", pointer[i+SLC_FUNC]);
+ 		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+ 		    case SLC_NOSUPPORT:
+-			sprintf(nfrontp, " NOSUPPORT"); break;
++			output_data(" NOSUPPORT"); break;
+ 		    case SLC_CANTCHANGE:
+-			sprintf(nfrontp, " CANTCHANGE"); break;
++			output_data(" CANTCHANGE"); break;
+ 		    case SLC_VARIABLE:
+-			sprintf(nfrontp, " VARIABLE"); break;
++			output_data(" VARIABLE"); break;
+ 		    case SLC_DEFAULT:
+-			sprintf(nfrontp, " DEFAULT"); break;
++			output_data(" DEFAULT"); break;
+ 		    }
+-		    nfrontp += strlen(nfrontp);
+-		    sprintf(nfrontp, "%s%s%s",
++		    output_data("%s%s%s",
+ 			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+ 			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+ 			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+-		    nfrontp += strlen(nfrontp);
+ 		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+ 						SLC_FLUSHOUT| SLC_LEVELBITS)) {
+-			sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]);
+-			nfrontp += strlen(nfrontp);
++			output_data("(0x%x)", pointer[i+SLC_FLAGS]);
+ 		    }
+-		    sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" %d;", pointer[i+SLC_VALUE]);
+ 		    if ((pointer[i+SLC_VALUE] == IAC) &&
+ 			(pointer[i+SLC_VALUE+1] == IAC))
+ 				i++;
+ 		}
+ 		for (; i < length; i++) {
+-		    sprintf(nfrontp, " ?%d?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?%d?", pointer[i]);
+ 		}
+ 		break;
+ 
+ 	    case LM_MODE:
+-		sprintf(nfrontp, "MODE ");
+-		nfrontp += strlen(nfrontp);
++		output_data("MODE ");
+ 		if (length < 3) {
+-		    sprintf(nfrontp, "(no mode??\?)");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(no mode??\?)");
+ 		    break;
+ 		}
+ 		{
+@@ -821,24 +750,19 @@
+ 			pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+ 			pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+ 			pointer[2]&MODE_ACK ? "|ACK" : "");
+-		    sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("%s", tbuf[1] ? &tbuf[1] : "0");
+ 		}
+ 		if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
+-		    sprintf(nfrontp, " (0x%x)", pointer[2]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" (0x%x)", pointer[2]);
+ 		}
+ 		for (i = 3; i < length; i++) {
+-		    sprintf(nfrontp, " ?0x%x?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?0x%x?", pointer[i]);
+ 		}
+ 		break;
+ 	    default:
+-		sprintf(nfrontp, "%d (unknown)", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		output_data("%d (unknown)", pointer[1]);
+ 		for (i = 2; i < length; i++) {
+-		    sprintf(nfrontp, " %d", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" %d", pointer[i]);
+ 		}
+ 	    }
+ 	    break;
+@@ -847,24 +771,20 @@
+ 	    register char *cp;
+ 	    register int j, k;
+ 
+-	    sprintf(nfrontp, "STATUS");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("STATUS");
+ 
+ 	    switch (pointer[1]) {
+ 	    default:
+ 		if (pointer[1] == TELQUAL_SEND)
+-		    sprintf(nfrontp, " SEND");
++		    output_data(" SEND");
+ 		else
+-		    sprintf(nfrontp, " %d (unknown)", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		    output_data(" %d (unknown)", pointer[1]);
+ 		for (i = 2; i < length; i++) {
+-		    sprintf(nfrontp, " ?%d?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?%d?", pointer[i]);
+ 		}
+ 		break;
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, " IS\r\n");
+-		nfrontp += strlen(nfrontp);
++		output_data(" IS\r\n");
+ 
+ 		for (i = 2; i < length; i++) {
+ 		    switch(pointer[i]) {
+@@ -875,18 +795,15 @@
+ 		    common2:
+ 			i++;
+ 			if (TELOPT_OK(pointer[i]))
+-			    sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i]));
++			    output_data(" %s %s", cp, TELOPT(pointer[i]));
+ 			else
+-			    sprintf(nfrontp, " %s %d", cp, pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			    output_data(" %s %d", cp, pointer[i]);
+ 
+-			sprintf(nfrontp, "\r\n");
+-			nfrontp += strlen(nfrontp);
++			output_data("\r\n");
+ 			break;
+ 
+ 		    case SB:
+-			sprintf(nfrontp, " SB ");
+-			nfrontp += strlen(nfrontp);
++			output_data(" SB ");
+ 			i++;
+ 			j = k = i;
+ 			while (j < length) {
+@@ -902,20 +819,17 @@
+ 			}
+ 			printsub(0, &pointer[i], k - i);
+ 			if (i < length) {
+-			    sprintf(nfrontp, " SE");
+-			    nfrontp += strlen(nfrontp);
++			    output_data(" SE");
+ 			    i = j;
+ 			} else
+ 			    i = j - 1;
+ 
+-			sprintf(nfrontp, "\r\n");
+-			nfrontp += strlen(nfrontp);
++			output_data("\r\n");
+ 
+ 			break;
+ 
+ 		    default:
+-			sprintf(nfrontp, " %d", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" %d", pointer[i]);
+ 			break;
+ 		    }
+ 		}
+@@ -925,86 +839,77 @@
+ 	  }
+ 
+ 	case TELOPT_XDISPLOC:
+-	    sprintf(nfrontp, "X-DISPLAY-LOCATION ");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("X-DISPLAY-LOCATION ");
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
++		output_data("IS \"%.*s\"", length-2, (char *)pointer+2);
+ 		break;
+ 	    case TELQUAL_SEND:
+-		sprintf(nfrontp, "SEND");
++		output_data("SEND");
+ 		break;
+ 	    default:
+-		sprintf(nfrontp, "- unknown qualifier %d (0x%x).",
++		output_data("- unknown qualifier %d (0x%x).",
+ 				pointer[1], pointer[1]);
+ 	    }
+-	    nfrontp += strlen(nfrontp);
+ 	    break;
+ 
+ 	case TELOPT_NEW_ENVIRON:
+-	    sprintf(nfrontp, "NEW-ENVIRON ");
++	    output_data("NEW-ENVIRON ");
+ 	    goto env_common1;
+ 	case TELOPT_OLD_ENVIRON:
+-	    sprintf(nfrontp, "OLD-ENVIRON");
++	    output_data("OLD-ENVIRON");
+ 	env_common1:
+-	    nfrontp += strlen(nfrontp);
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, "IS ");
++		output_data("IS ");
+ 		goto env_common;
+ 	    case TELQUAL_SEND:
+-		sprintf(nfrontp, "SEND ");
++		output_data("SEND ");
+ 		goto env_common;
+ 	    case TELQUAL_INFO:
+-		sprintf(nfrontp, "INFO ");
++		output_data("INFO ");
+ 	    env_common:
+-		nfrontp += strlen(nfrontp);
+ 		{
+ 		    register int noquote = 2;
+ 		    for (i = 2; i < length; i++ ) {
+ 			switch (pointer[i]) {
+ 			case NEW_ENV_VAR:
+-			    sprintf(nfrontp, "\" VAR " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" VAR " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case NEW_ENV_VALUE:
+-			    sprintf(nfrontp, "\" VALUE " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" VALUE " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case ENV_ESC:
+-			    sprintf(nfrontp, "\" ESC " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" ESC " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case ENV_USERVAR:
+-			    sprintf(nfrontp, "\" USERVAR " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" USERVAR " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			default:
+ 			    if (isprint(pointer[i]) && pointer[i] != '"') {
+ 				if (noquote) {
+-				    *nfrontp++ = '"';
++				    output_data("\"");
+ 				    noquote = 0;
+ 				}
+-				*nfrontp++ = pointer[i];
++				output_data("%c", pointer[i]);
+ 			    } else {
+-				sprintf(nfrontp, "\" %03o " + noquote,
++				output_data("\" %03o " + noquote,
+ 							pointer[i]);
+-				nfrontp += strlen(nfrontp);
+ 				noquote = 2;
+ 			    }
+ 			    break;
+ 			}
+ 		    }
+ 		    if (!noquote)
+-			*nfrontp++ = '"';
++			output_data("\"");
+ 		    break;
+ 		}
+ 	    }
+@@ -1012,83 +917,66 @@
+ 
+ #if	defined(AUTHENTICATION)
+ 	case TELOPT_AUTHENTICATION:
+-	    sprintf(nfrontp, "AUTHENTICATION");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("AUTHENTICATION");
+ 
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_REPLY:
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ?
++		output_data(" %s ", (pointer[1] == TELQUAL_IS) ?
+ 							"IS" : "REPLY");
+-		nfrontp += strlen(nfrontp);
+ 		if (AUTHTYPE_NAME_OK(pointer[2]))
+-		    sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2]));
++		    output_data("%s ", AUTHTYPE_NAME(pointer[2]));
+ 		else
+-		    sprintf(nfrontp, "%d ", pointer[2]);
+-		nfrontp += strlen(nfrontp);
++		    output_data("%d ", pointer[2]);
+ 		if (length < 3) {
+-		    sprintf(nfrontp, "(partial suboption??\?)");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(partial suboption??\?)");
+ 		    break;
+ 		}
+-		sprintf(nfrontp, "%s|%s",
++		output_data("%s|%s",
+ 			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+ 			"CLIENT" : "SERVER",
+ 			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+ 			"MUTUAL" : "ONE-WAY");
+-		nfrontp += strlen(nfrontp);
+ 
+     		{
+ 		    char buf[512];
+ 		    auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+-		    sprintf(nfrontp, "%s", buf);
++		    output_data("%s", buf);
+ 		}
+-		nfrontp += strlen(nfrontp);
+ 		break;
+ 
+ 	    case TELQUAL_SEND:
+ 		i = 2;
+-		sprintf(nfrontp, " SEND ");
+-		nfrontp += strlen(nfrontp);
++		output_data(" SEND ");
+ 		while (i < length) {
+ 		    if (AUTHTYPE_NAME_OK(pointer[i]))
+-			sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i]));
++			output_data("%s ", AUTHTYPE_NAME(pointer[i]));
+ 		    else
+-			sprintf(nfrontp, "%d ", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++			output_data("%d ", pointer[i]);
+ 		    if (++i >= length) {
+-			sprintf(nfrontp, "(partial suboption??\?)");
+-			nfrontp += strlen(nfrontp);
++			output_data("(partial suboption??\?)");
+ 			break;
+ 		    }
+-		    sprintf(nfrontp, "%s|%s ",
++		    output_data("%s|%s ",
+ 			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+ 							"CLIENT" : "SERVER",
+ 			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+ 							"MUTUAL" : "ONE-WAY");
+-		    nfrontp += strlen(nfrontp);
+ 		    ++i;
+ 		}
+ 		break;
+ 
+ 	    case TELQUAL_NAME:
+-		i = 2;
+-		sprintf(nfrontp, " NAME \"");
+-		nfrontp += strlen(nfrontp);
+-		while (i < length)
+-		    *nfrontp += pointer[i++];
+-		*nfrontp += '"';
++		output_data(" NAME \"%.*s\"", length - 2, pointer + 2);
+ 		break;
+ 
+ 	    default:
+ 		    for (i = 2; i < length; i++) {
+-			sprintf(nfrontp, " ?%d?", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" ?%d?", pointer[i]);
+ 		    }
+ 		    break;
+ 	    }
+@@ -1097,89 +985,73 @@
+ 
+ #ifdef	ENCRYPTION
+ 	case TELOPT_ENCRYPT:
+-	    sprintf(nfrontp, "ENCRYPT");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("ENCRYPT");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case ENCRYPT_START:
+-		sprintf(nfrontp, " START");
+-		nfrontp += strlen(nfrontp);
++		output_data(" START");
+ 		break;
+ 
+ 	    case ENCRYPT_END:
+-		sprintf(nfrontp, " END");
+-		nfrontp += strlen(nfrontp);
++		output_data(" END");
+ 		break;
+ 
+ 	    case ENCRYPT_REQSTART:
+-		sprintf(nfrontp, " REQUEST-START");
+-		nfrontp += strlen(nfrontp);
++		output_data(" REQUEST-START");
+ 		break;
+ 
+ 	    case ENCRYPT_REQEND:
+-		sprintf(nfrontp, " REQUEST-END");
+-		nfrontp += strlen(nfrontp);
++		output_data(" REQUEST-END");
+ 		break;
+ 
+ 	    case ENCRYPT_IS:
+ 	    case ENCRYPT_REPLY:
+-		sprintf(nfrontp, " %s ", (pointer[1] == ENCRYPT_IS) ?
++		output_data(" %s ", (pointer[1] == ENCRYPT_IS) ?
+ 							"IS" : "REPLY");
+-		nfrontp += strlen(nfrontp);
+ 		if (length < 3) {
+-		    sprintf(nfrontp, " (partial suboption??\?)");
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" (partial suboption??\?)");
+ 		    break;
+ 		}
+ 		if (ENCTYPE_NAME_OK(pointer[2]))
+-		    sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[2]));
++		    output_data("%s ", ENCTYPE_NAME(pointer[2]));
+ 		else
+-		    sprintf(nfrontp, " %d (unknown)", pointer[2]);
+-		nfrontp += strlen(nfrontp);
++		    output_data(" %d (unknown)", pointer[2]);
+ 
+ 		{
+ 		    char buf[512];
+ 		    encrypt_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+-		    sprintf(nfrontp, "%s", buf);
++		    output_data("%s", buf);
+ 		}
+-		nfrontp += strlen(nfrontp);
+ 		break;
+ 
+ 	    case ENCRYPT_SUPPORT:
+ 		i = 2;
+-		sprintf(nfrontp, " SUPPORT ");
+-		nfrontp += strlen(nfrontp);
++		output_data(" SUPPORT ");
+ 		while (i < length) {
+ 		    if (ENCTYPE_NAME_OK(pointer[i]))
+-			sprintf(nfrontp, "%s ", ENCTYPE_NAME(pointer[i]));
++			output_data("%s ", ENCTYPE_NAME(pointer[i]));
+ 		    else
+-			sprintf(nfrontp, "%d ", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++			output_data("%d ", pointer[i]);
+ 		    i++;
+ 		}
+ 		break;
+ 
+ 	    case ENCRYPT_ENC_KEYID:
+-		sprintf(nfrontp, " ENC_KEYID");
+-		nfrontp += strlen(nfrontp);
++		output_data(" ENC_KEYID");
+ 		goto encommon;
+ 
+ 	    case ENCRYPT_DEC_KEYID:
+-		sprintf(nfrontp, " DEC_KEYID");
+-		nfrontp += strlen(nfrontp);
++		output_data(" DEC_KEYID");
+ 		goto encommon;
+ 
+ 	    default:
+-		sprintf(nfrontp, " %d (unknown)", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" %d (unknown)", pointer[1]);
+ 	    encommon:
+ 		for (i = 2; i < length; i++) {
+-		    sprintf(nfrontp, " %d", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" %d", pointer[i]);
+ 		}
+ 		break;
+ 	    }
+@@ -1188,18 +1060,15 @@
+ 
+ 	default:
+ 	    if (TELOPT_OK(pointer[0]))
+-		sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0]));
++		output_data("%s (unknown)", TELOPT(pointer[0]));
+ 	    else
+-		sprintf(nfrontp, "%d (unknown)", pointer[i]);
+-	    nfrontp += strlen(nfrontp);
++		output_data("%d (unknown)", pointer[i]);
+ 	    for (i = 1; i < length; i++) {
+-		sprintf(nfrontp, " %d", pointer[i]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" %d", pointer[i]);
+ 	    }
+ 	    break;
+ 	}
+-	sprintf(nfrontp, "\r\n");
+-	nfrontp += strlen(nfrontp);
++	output_data("\r\n");
+ }
+ 
+ /*
+@@ -1221,26 +1090,22 @@
+ 		}
+ 
+ 		/* add a line of output */
+-		sprintf(nfrontp, "%s: ", tag);
+-		nfrontp += strlen(nfrontp);
++		output_data("%s: ", tag);
+ 		for (i = 0; i < 20 && cnt; i++) {
+-			sprintf(nfrontp, "%02x", *ptr);
+-			nfrontp += strlen(nfrontp);
++			output_data("%02x", *ptr);
+ 			if (isprint(*ptr)) {
+ 				xbuf[i] = *ptr;
+ 			} else {
+ 				xbuf[i] = '.';
+ 			}
+ 			if (i % 2) {
+-				*nfrontp = ' ';
+-				nfrontp++;
++				output_data(" ");
+ 			}
+ 			cnt--;
+ 			ptr++;
+ 		}
+ 		xbuf[i] = '\0';
+-		sprintf(nfrontp, " %s\r\n", xbuf );
+-		nfrontp += strlen(nfrontp);
++		output_data(" %s\r\n", xbuf );
+ 	}
+ }
+ #endif /* DIAGNOSTICS */
diff --git a/share/security/patches/SA-01:49/telnetd-crypto.patch.asc b/share/security/patches/SA-01:49/telnetd-crypto.patch.asc
new file mode 100644
index 0000000000..cbaca44f21
--- /dev/null
+++ b/share/security/patches/SA-01:49/telnetd-crypto.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO1ykVlUuHi5z0oilAQFiBgP+LZNUkBw5q25J7SA8+Yq85C+F2QdNyuko
+wT5JNyoiwTcf8cuceS4d8clX4udhvMBcGfVaTHQd0M0kNOGiNvnTqrGCE9Iflu4r
+kGPZrQ70dWnV/ZloNFd7CwJlwqogdoqfHYvqMklZBJUntMkjqmCKe7ykS325/2Xe
+gbyoKzUmYN4=
+=KNvZ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:49/telnetd.patch b/share/security/patches/SA-01:49/telnetd.patch
new file mode 100644
index 0000000000..bf93d76696
--- /dev/null
+++ b/share/security/patches/SA-01:49/telnetd.patch
@@ -0,0 +1,1256 @@
+Index: libexec/telnetd/ext.h
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/ext.h,v
+retrieving revision 1.8
+retrieving revision 1.10
+diff -u -r1.8 -r1.10
+--- libexec/telnetd/ext.h	2000/11/19 10:01:27	1.8
++++ libexec/telnetd/ext.h	2001/07/23 22:00:51	1.10
+@@ -76,7 +76,7 @@
+ 
+ extern char	netibuf[BUFSIZ], *netip;
+ 
+-extern char	netobuf[BUFSIZ+NETSLOP], *nfrontp, *nbackp;
++extern char	netobuf[BUFSIZ], *nfrontp, *nbackp;
+ extern char	*neturg;		/* one past last bye of urgent data */
+ 
+ extern int	pcc, ncc;
+@@ -189,8 +189,10 @@
+ 	tty_setsofttab P((int)),
+ 	tty_tspeed P((int)),
+ 	willoption P((int)),
+-	wontoption P((int)),
+-	writenet P((unsigned char *, int));
++	wontoption P((int));
++
++int	output_data __P((const char *, ...)) __printflike(1, 2);
++void	output_datalen __P((const char *, int));
+ 
+ 
+ 
+Index: libexec/telnetd/slc.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/slc.c,v
+retrieving revision 1.9
+retrieving revision 1.11
+diff -u -r1.9 -r1.11
+--- libexec/telnetd/slc.c	2001/02/07 22:18:58	1.9
++++ libexec/telnetd/slc.c	2001/07/23 22:00:51	1.11
+@@ -176,7 +176,6 @@
+ 	register unsigned char **bufp;
+ {
+ 	register int len;
+-	void netflush();
+ 
+ 	/*
+ 	 * If a change has occured, store the new terminal control
+@@ -204,7 +203,7 @@
+ 			(void) sprintf((char *)slcptr, "%c%c", IAC, SE);
+ 			slcptr += 2;
+ 			len = slcptr - slcbuf;
+-			writenet(slcbuf, len);
++			output_datalen(slcbuf, len);
+ 			netflush();  /* force it out immediately */
+ 			DIAG(TD_OPTIONS, printsub('>', slcbuf+2, len-2););
+ 		}
+Index: libexec/telnetd/state.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/state.c,v
+retrieving revision 1.12
+retrieving revision 1.14
+diff -u -r1.12 -r1.14
+--- libexec/telnetd/state.c	2001/02/18 10:25:15	1.12
++++ libexec/telnetd/state.c	2001/07/23 22:00:51	1.14
+@@ -39,6 +39,7 @@
+   "$FreeBSD$";
+ #endif /* not lint */
+ 
++#include <stdarg.h>
+ #include "telnetd.h"
+ #if	defined(AUTHENTICATION)
+ #include <libtelnet/auth.h>
+@@ -190,8 +191,7 @@
+ 				}
+ 
+ 				netclear();	/* clear buffer back */
+-				*nfrontp++ = IAC;
+-				*nfrontp++ = DM;
++				output_data("%c%c", IAC, DM);
+ 				neturg = nfrontp-1; /* off by one XXX */
+ 				DIAG(TD_OPTIONS,
+ 					printoption("td: send IAC", DM));
+@@ -444,8 +444,7 @@
+ 			set_his_want_state_will(option);
+ 		do_dont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)doopt, option);
+-	nfrontp += sizeof (dont) - 2;
++	output_data((const char *)doopt, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send do", option));
+ }
+@@ -650,8 +649,7 @@
+ 		set_his_want_state_wont(option);
+ 		do_dont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)dont, option);
+-	nfrontp += sizeof (doopt) - 2;
++	output_data((const char *)dont, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send dont", option));
+ }
+@@ -800,8 +798,7 @@
+ 		set_my_want_state_will(option);
+ 		will_wont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)will, option);
+-	nfrontp += sizeof (doopt) - 2;
++	output_data((const char *)will, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send will", option));
+ }
+@@ -954,8 +951,7 @@
+ 		set_my_want_state_wont(option);
+ 		will_wont_resp[option]++;
+ 	}
+-	(void) sprintf(nfrontp, (char *)wont, option);
+-	nfrontp += sizeof (wont) - 2;
++	output_data((const char *)wont, option);
+ 
+ 	DIAG(TD_OPTIONS, printoption("td: send wont", option));
+ }
+@@ -1351,9 +1347,8 @@
+ 	    env_ovar_wrong:
+ 			env_ovar = OLD_ENV_VALUE;
+ 			env_ovalue = OLD_ENV_VAR;
+-			DIAG(TD_OPTIONS, {sprintf(nfrontp,
+-				"ENVIRON VALUE and VAR are reversed!\r\n");
+-				nfrontp += strlen(nfrontp);});
++			DIAG(TD_OPTIONS,
++			    output_data("ENVIRON VALUE and VAR are reversed!\r\n"));
+ 
+ 		}
+ 	    }
+@@ -1542,9 +1537,55 @@
+ 	ADD(IAC);
+ 	ADD(SE);
+ 
+-	writenet(statusbuf, ncp - statusbuf);
++	output_datalen(statusbuf, ncp - statusbuf);
+ 	netflush();	/* Send it on its way */
+ 
+ 	DIAG(TD_OPTIONS,
+ 		{printsub('>', statusbuf, ncp - statusbuf); netflush();});
++}
++
++/*
++ * This function appends data to nfrontp and advances nfrontp.
++ * Returns the number of characters written altogether (the
++ * buffer may have been flushed in the process).
++ */
++
++int
++output_data(const char *format, ...)
++{
++	va_list args;
++	int len;
++	char *buf;
++
++	va_start(args, format);
++	if ((len = vasprintf(&buf, format, args)) == -1)
++		return -1;
++	output_datalen(buf, len);
++	va_end(args);
++	free(buf);
++	return (len);
++}
++
++void
++output_datalen(const char *buf, int len)
++{
++	int remaining, copied;
++	
++	remaining = BUFSIZ - (nfrontp - netobuf);
++	while (len > 0) {
++		/* Free up enough space if the room is too low*/
++		if ((len > BUFSIZ ? BUFSIZ : len) > remaining) {
++			netflush();
++			remaining = BUFSIZ - (nfrontp - netobuf);
++		}
++
++		/* Copy out as much as will fit */
++		copied = remaining > len ? len : remaining;
++		memmove(nfrontp, buf, copied);
++		nfrontp += copied;
++		len -= copied;
++		remaining -= copied;
++		buf += copied;
++	}
++	return;
+ }
+Index: libexec/telnetd/telnetd.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/telnetd.c,v
+retrieving revision 1.27
+retrieving revision 1.29
+diff -u -r1.27 -r1.29
+--- libexec/telnetd/telnetd.c	2001/02/06 09:24:52	1.27
++++ libexec/telnetd/telnetd.c	2001/07/23 22:00:51	1.29
+@@ -644,34 +644,29 @@
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_TSPEED, TELQUAL_SEND, IAC, SE };
+ 
+-	bcopy(sb, nfrontp, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+     }
+     if (his_state_is_will(TELOPT_XDISPLOC)) {
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_XDISPLOC, TELQUAL_SEND, IAC, SE };
+ 
+-	bcopy(sb, nfrontp, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+     }
+     if (his_state_is_will(TELOPT_NEW_ENVIRON)) {
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_NEW_ENVIRON, TELQUAL_SEND, IAC, SE };
+ 
+-	bcopy(sb, nfrontp, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+     }
+     else if (his_state_is_will(TELOPT_OLD_ENVIRON)) {
+ 	static unsigned char sb[] =
+ 			{ IAC, SB, TELOPT_OLD_ENVIRON, TELQUAL_SEND, IAC, SE };
+ 
+-	bcopy(sb, nfrontp, sizeof sb);
+-	nfrontp += sizeof sb;
++	output_datalen(sb, sizeof sb);
+     }
+     if (his_state_is_will(TELOPT_TTYPE)) {
+ 
+-	bcopy(ttytype_sbbuf, nfrontp, sizeof ttytype_sbbuf);
+-	nfrontp += sizeof ttytype_sbbuf;
++	output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf);
+     }
+     if (his_state_is_will(TELOPT_TSPEED)) {
+ 	while (sequenceIs(tspeedsubopt, baseline))
+@@ -748,8 +743,7 @@
+     if (his_state_is_wont(TELOPT_TTYPE))
+ 	return;
+     settimer(baseline);
+-    bcopy(ttytype_sbbuf, nfrontp, sizeof ttytype_sbbuf);
+-    nfrontp += sizeof ttytype_sbbuf;
++    output_datalen(ttytype_sbbuf, sizeof ttytype_sbbuf);
+     while (sequenceIs(ttypesubopt, baseline))
+ 	ttloop();
+ }
+@@ -915,8 +909,6 @@
+ 	int if_fd;
+ 	struct stat statbuf;
+ 
+-	void netflush();
+-
+ 	/*
+ 	 * Initialize the slc mapping table.
+ 	 */
+@@ -1000,9 +992,7 @@
+ 	 * mode, which we do not want.
+ 	 */
+ 	if (his_want_state_is_will(TELOPT_ECHO)) {
+-		DIAG(TD_OPTIONS,
+-			{sprintf(nfrontp, "td: simulating recv\r\n");
+-			 nfrontp += strlen(nfrontp);});
++		DIAG(TD_OPTIONS, output_data("td: simulating recv\r\n"));
+ 		willoption(TELOPT_ECHO);
+ 	}
+ 
+@@ -1148,9 +1138,7 @@
+ 	localstat();
+ #endif	/* LINEMODE */
+ 
+-	DIAG(TD_REPORT,
+-		{sprintf(nfrontp, "td: Entering processing loop\r\n");
+-		 nfrontp += strlen(nfrontp);});
++	DIAG(TD_REPORT, output_data("td: Entering processing loop\r\n"));
+ 
+ 	/*
+ 	 * Startup the login process on the slave side of the terminal
+@@ -1278,8 +1266,7 @@
+ 			netip = netibuf;
+ 		    }
+ 		    DIAG((TD_REPORT | TD_NETDATA),
+-			    {sprintf(nfrontp, "td: netread %d chars\r\n", ncc);
+-			     nfrontp += strlen(nfrontp);});
++			output_data("td: netread %d chars\r\n", ncc));
+ 		    DIAG(TD_NETDATA, printdata("nd", netip, ncc));
+ 		}
+ 
+@@ -1326,8 +1313,7 @@
+ 					 * royally if we send them urgent
+ 					 * mode data.
+ 					 */
+-					*nfrontp++ = IAC;
+-					*nfrontp++ = DM;
++					output_data("%c%c", IAC, DM);
+ 					neturg = nfrontp-1; /* off by one XXX */
+ #endif
+ 				}
+@@ -1338,13 +1324,11 @@
+ 					    ptyibuf[0] & TIOCPKT_DOSTOP ? 1 : 0;
+ 					if (newflow != flowmode) {
+ 						flowmode = newflow;
+-						(void) sprintf(nfrontp,
+-							"%c%c%c%c%c%c",
++						output_data("%c%c%c%c%c%c",
+ 							IAC, SB, TELOPT_LFLOW,
+ 							flowmode ? LFLOW_ON
+ 								 : LFLOW_OFF,
+ 							IAC, SE);
+-						nfrontp += 6;
+ 					}
+ 				}
+ 				pcc--;
+@@ -1367,19 +1351,19 @@
+ 				break;
+ 			c = *ptyip++ & 0377, pcc--;
+ 			if (c == IAC)
+-				*nfrontp++ = c;
++				output_data("%c", c);
+ #if	defined(CRAY2) && defined(UNICOS5)
+ 			else if (c == '\n' &&
+ 				     my_state_is_wont(TELOPT_BINARY) && newmap)
+-				*nfrontp++ = '\r';
++				output_data("\r");
+ #endif	/* defined(CRAY2) && defined(UNICOS5) */
+-			*nfrontp++ = c;
++			output_data("%c", c);
+ 			if ((c == '\r') && (my_state_is_wont(TELOPT_BINARY))) {
+ 				if (pcc > 0 && ((*ptyip & 0377) == '\n')) {
+-					*nfrontp++ = *ptyip++ & 0377;
++					output_data("%c", *ptyip++ & 0377);
+ 					pcc--;
+ 				} else
+-					*nfrontp++ = '\0';
++					output_data("%c", '\0');
+ 			}
+ 		}
+ #if	defined(CRAY2) && defined(UNICOS5)
+@@ -1564,8 +1548,7 @@
+ 		return;
+ 	}
+ #endif
+-	(void) strcpy(nfrontp, "\r\n[Yes]\r\n");
+-	nfrontp += 9;
++	output_data("\r\n[Yes]\r\n");
+ }
+ 
+ 	void
+Index: libexec/telnetd/termstat.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/termstat.c,v
+retrieving revision 1.10
+retrieving revision 1.12
+diff -u -r1.10 -r1.12
+--- libexec/telnetd/termstat.c	2001/02/06 10:39:24	1.10
++++ libexec/telnetd/termstat.c	2001/07/23 22:00:51	1.12
+@@ -136,7 +136,6 @@
+ 	void
+ localstat()
+ {
+-	void netflush();
+ 	int need_will_echo = 0;
+ 
+ #if	defined(CRAY2) && defined(UNICOS5)
+@@ -279,10 +278,9 @@
+ # endif	/* KLUDGELINEMODE */
+ 			send_do(TELOPT_LINEMODE, 1);
+ 			/* send along edit modes */
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
++			output_data("%c%c%c%c%c%c%c", IAC, SB,
+ 				TELOPT_LINEMODE, LM_MODE, useeditmode,
+ 				IAC, SE);
+-			nfrontp += 7;
+ 			editmode = useeditmode;
+ # ifdef	KLUDGELINEMODE
+ 		}
+@@ -308,10 +306,9 @@
+ 			/*
+ 			 * Send along appropriate edit mode mask.
+ 			 */
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC, SB,
++			output_data("%c%c%c%c%c%c%c", IAC, SB,
+ 				TELOPT_LINEMODE, LM_MODE, useeditmode,
+ 				IAC, SE);
+-			nfrontp += 7;
+ 			editmode = useeditmode;
+ 		}
+ 
+@@ -355,20 +352,18 @@
+ 	if (his_state_is_will(TELOPT_LFLOW)) {
+ 		if (tty_flowmode() != flowmode) {
+ 			flowmode = tty_flowmode();
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c",
++			output_data("%c%c%c%c%c%c",
+ 					IAC, SB, TELOPT_LFLOW,
+ 					flowmode ? LFLOW_ON : LFLOW_OFF,
+ 					IAC, SE);
+-			nfrontp += 6;
+ 		}
+ 		if (tty_restartany() != restartany) {
+ 			restartany = tty_restartany();
+-			(void) sprintf(nfrontp, "%c%c%c%c%c%c",
++			output_data("%c%c%c%c%c%c",
+ 					IAC, SB, TELOPT_LFLOW,
+ 					restartany ? LFLOW_RESTART_ANY
+ 						   : LFLOW_RESTART_XON,
+ 					IAC, SE);
+-			nfrontp += 6;
+ 		}
+ 	}
+ }
+@@ -385,7 +380,6 @@
+ clientstat(code, parm1, parm2)
+ 	register int code, parm1, parm2;
+ {
+-	void netflush();
+ 
+ 	/*
+ 	 * Get a copy of terminal characteristics.
+@@ -441,10 +435,9 @@
+ 					useeditmode |= MODE_SOFT_TAB;
+ 				if (tty_islitecho())
+ 					useeditmode |= MODE_LIT_ECHO;
+-				(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
++				output_data("%c%c%c%c%c%c%c", IAC,
+ 					SB, TELOPT_LINEMODE, LM_MODE,
+ 							useeditmode, IAC, SE);
+-				nfrontp += 7;
+ 				editmode = useeditmode;
+ 			}
+ 
+@@ -500,11 +493,10 @@
+ 			set_termbuf();
+ 
+  			if (!ack) {
+- 				(void) sprintf(nfrontp, "%c%c%c%c%c%c%c", IAC,
++				output_data("%c%c%c%c%c%c%c", IAC,
+ 					SB, TELOPT_LINEMODE, LM_MODE,
+  					useeditmode|MODE_ACK,
+  					IAC, SE);
+- 				nfrontp += 7;
+  			}
+ 
+ 			editmode = useeditmode;
+Index: libexec/telnetd/utility.c
+===================================================================
+RCS file: /home/ncvs/src/libexec/telnetd/utility.c,v
+retrieving revision 1.14
+retrieving revision 1.16
+diff -u -r1.14 -r1.16
+--- libexec/telnetd/utility.c	2000/10/31 05:29:54	1.14
++++ libexec/telnetd/utility.c	2001/07/23 22:00:51	1.16
+@@ -62,11 +62,9 @@
+     void
+ ttloop()
+ {
+-    void netflush();
+ 
+-    DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop\r\n");
+-		     nfrontp += strlen(nfrontp);});
+-    if (nfrontp-nbackp) {
++    DIAG(TD_REPORT, output_data("td: ttloop\r\n"));
++    if (nfrontp - nbackp > 0) {
+ 	netflush();
+     }
+     ncc = read(net, netibuf, sizeof netibuf);
+@@ -77,8 +75,7 @@
+ 	syslog(LOG_INFO, "ttloop:  peer died: %m");
+ 	exit(1);
+     }
+-    DIAG(TD_REPORT, {sprintf(nfrontp, "td: ttloop read %d chars\r\n", ncc);
+-		     nfrontp += strlen(nfrontp);});
++    DIAG(TD_REPORT, output_data("td: ttloop read %d chars\r\n", ncc));
+     netip = netibuf;
+     telrcv();			/* state machine */
+     if (ncc > 0) {
+@@ -121,9 +118,8 @@
+ 	int n;
+ 
+ 	if ((n = pfrontp - pbackp) > 0) {
+-		DIAG((TD_REPORT | TD_PTYDATA),
+-			{ sprintf(nfrontp, "td: ptyflush %d chars\r\n", n);
+-			  nfrontp += strlen(nfrontp); });
++		DIAG(TD_REPORT | TD_PTYDATA,
++		    output_data("td: ptyflush %d chars\r\n", n));
+ 		DIAG(TD_PTYDATA, printdata("pd", pbackp, n));
+ 		n = write(pty, pbackp, n);
+ 	}
+@@ -245,12 +241,13 @@
+     int n;
+     extern int not42;
+ 
+-    if ((n = nfrontp - nbackp) > 0) {
+-	DIAG(TD_REPORT,
+-	    { sprintf(nfrontp, "td: netflush %d chars\r\n", n);
+-	      n += strlen(nfrontp);  /* get count first */
+-	      nfrontp += strlen(nfrontp);  /* then move pointer */
+-	    });
++    while ((n = nfrontp - nbackp) > 0) {
++#if 0
++	/* XXX This causes output_data() to recurse and die */
++	DIAG(TD_REPORT, {
++	    n += output_data("td: netflush %d chars\r\n", n);
++	});
++#endif
+ 	/*
+ 	 * if no urgent data, or if the other side appears to be an
+ 	 * old 4.2 client (and thus unable to survive TCP urgent data),
+@@ -274,51 +271,25 @@
+ 		n = send(net, nbackp, n, MSG_OOB);	/* URGENT data */
+ 	    }
+ 	}
+-    }
+-    if (n < 0) {
+-	if (errno == EWOULDBLOCK || errno == EINTR)
+-		return;
+-	cleanup(0);
+-    }
+-    nbackp += n;
+-    if (nbackp >= neturg) {
+-	neturg = 0;
+-    }
+-    if (nbackp == nfrontp) {
+-	nbackp = nfrontp = netobuf;
++	if (n == -1) {
++	    if (errno == EWOULDBLOCK || errno == EINTR)
++		continue;
++	    cleanup(0);
++	    /* NOTREACHED */
++	}
++	nbackp += n;
++	if (nbackp >= neturg) {
++	    neturg = 0;
++	}
++	if (nbackp == nfrontp) {
++	    nbackp = nfrontp = netobuf;
++	}
+     }
+     return;
+ }  /* end of netflush */
+ 
+ 
+ /*
+- * writenet
+- *
+- * Just a handy little function to write a bit of raw data to the net.
+- * It will force a transmit of the buffer if necessary
+- *
+- * arguments
+- *    ptr - A pointer to a character string to write
+- *    len - How many bytes to write
+- */
+-	void
+-writenet(ptr, len)
+-	register unsigned char *ptr;
+-	register int len;
+-{
+-	/* flush buffer if no room for new data) */
+-	if ((&netobuf[BUFSIZ] - nfrontp) < len) {
+-		/* if this fails, don't worry, buffer is a little big */
+-		netflush();
+-	}
+-
+-	bcopy(ptr, nfrontp, len);
+-	nfrontp += len;
+-
+-}  /* end of writenet */
+-
+-
+-/*
+  * miscellaneous functions doing a variety of little jobs follow ...
+  */
+ 
+@@ -513,12 +484,11 @@
+ 	register int option;
+ {
+ 	if (TELOPT_OK(option))
+-		sprintf(nfrontp, "%s %s\r\n", fmt, TELOPT(option));
++		output_data("%s %s\r\n", fmt, TELOPT(option));
+ 	else if (TELCMD_OK(option))
+-		sprintf(nfrontp, "%s %s\r\n", fmt, TELCMD(option));
++		output_data("%s %s\r\n", fmt, TELCMD(option));
+ 	else
+-		sprintf(nfrontp, "%s %d\r\n", fmt, option);
+-	nfrontp += strlen(nfrontp);
++		output_data("%s %d\r\n", fmt, option);
+ 	return;
+ }
+ 
+@@ -534,9 +504,8 @@
+ 		return;
+ 
+ 	if (direction) {
+-	    sprintf(nfrontp, "td: %s suboption ",
++	    output_data("td: %s suboption ",
+ 					direction == '<' ? "recv" : "send");
+-	    nfrontp += strlen(nfrontp);
+ 	    if (length >= 3) {
+ 		register int j;
+ 
+@@ -544,232 +513,192 @@
+ 		j = pointer[length-1];
+ 
+ 		if (i != IAC || j != SE) {
+-		    sprintf(nfrontp, "(terminated by ");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(terminated by ");
+ 		    if (TELOPT_OK(i))
+-			sprintf(nfrontp, "%s ", TELOPT(i));
++			output_data("%s ", TELOPT(i));
+ 		    else if (TELCMD_OK(i))
+-			sprintf(nfrontp, "%s ", TELCMD(i));
++			output_data("%s ", TELCMD(i));
+ 		    else
+-			sprintf(nfrontp, "%d ", i);
+-		    nfrontp += strlen(nfrontp);
++			output_data("%d ", i);
+ 		    if (TELOPT_OK(j))
+-			sprintf(nfrontp, "%s", TELOPT(j));
++			output_data("%s", TELOPT(j));
+ 		    else if (TELCMD_OK(j))
+-			sprintf(nfrontp, "%s", TELCMD(j));
++			output_data("%s", TELCMD(j));
+ 		    else
+-			sprintf(nfrontp, "%d", j);
+-		    nfrontp += strlen(nfrontp);
+-		    sprintf(nfrontp, ", not IAC SE!) ");
+-		    nfrontp += strlen(nfrontp);
++			output_data("%d", j);
++		    output_data(", not IAC SE!) ");
+ 		}
+ 	    }
+ 	    length -= 2;
+ 	}
+ 	if (length < 1) {
+-	    sprintf(nfrontp, "(Empty suboption??\?)");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("(Empty suboption??\?)");
+ 	    return;
+ 	}
+ 	switch (pointer[0]) {
+ 	case TELOPT_TTYPE:
+-	    sprintf(nfrontp, "TERMINAL-TYPE ");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("TERMINAL-TYPE ");
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
++		output_data("IS \"%.*s\"", length-2, (char *)pointer+2);
+ 		break;
+ 	    case TELQUAL_SEND:
+-		sprintf(nfrontp, "SEND");
++		output_data("SEND");
+ 		break;
+ 	    default:
+-		sprintf(nfrontp,
++		output_data(
+ 				"- unknown qualifier %d (0x%x).",
+ 				pointer[1], pointer[1]);
+ 	    }
+-	    nfrontp += strlen(nfrontp);
+ 	    break;
+ 	case TELOPT_TSPEED:
+-	    sprintf(nfrontp, "TERMINAL-SPEED");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("TERMINAL-SPEED");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, " IS %.*s", length-2, (char *)pointer+2);
+-		nfrontp += strlen(nfrontp);
++		output_data(" IS %.*s", length-2, (char *)pointer+2);
+ 		break;
+ 	    default:
+ 		if (pointer[1] == 1)
+-		    sprintf(nfrontp, " SEND");
++		    output_data(" SEND");
+ 		else
+-		    sprintf(nfrontp, " %d (unknown)", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		    output_data(" %d (unknown)", pointer[1]);
+ 		for (i = 2; i < length; i++) {
+-		    sprintf(nfrontp, " ?%d?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?%d?", pointer[i]);
+ 		}
+ 		break;
+ 	    }
+ 	    break;
+ 
+ 	case TELOPT_LFLOW:
+-	    sprintf(nfrontp, "TOGGLE-FLOW-CONTROL");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("TOGGLE-FLOW-CONTROL");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case LFLOW_OFF:
+-		sprintf(nfrontp, " OFF"); break;
++		output_data(" OFF"); break;
+ 	    case LFLOW_ON:
+-		sprintf(nfrontp, " ON"); break;
++		output_data(" ON"); break;
+ 	    case LFLOW_RESTART_ANY:
+-		sprintf(nfrontp, " RESTART-ANY"); break;
++		output_data(" RESTART-ANY"); break;
+ 	    case LFLOW_RESTART_XON:
+-		sprintf(nfrontp, " RESTART-XON"); break;
++		output_data(" RESTART-XON"); break;
+ 	    default:
+-		sprintf(nfrontp, " %d (unknown)", pointer[1]);
++		output_data(" %d (unknown)", pointer[1]);
+ 	    }
+-	    nfrontp += strlen(nfrontp);
+ 	    for (i = 2; i < length; i++) {
+-		sprintf(nfrontp, " ?%d?", pointer[i]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[i]);
+ 	    }
+ 	    break;
+ 
+ 	case TELOPT_NAWS:
+-	    sprintf(nfrontp, "NAWS");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("NAWS");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    if (length == 2) {
+-		sprintf(nfrontp, " ?%d?", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[1]);
+ 		break;
+ 	    }
+-	    sprintf(nfrontp, " %d %d (%d)",
++	    output_data(" %d %d (%d)",
+ 		pointer[1], pointer[2],
+ 		(int)((((unsigned int)pointer[1])<<8)|((unsigned int)pointer[2])));
+-	    nfrontp += strlen(nfrontp);
+ 	    if (length == 4) {
+-		sprintf(nfrontp, " ?%d?", pointer[3]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[3]);
+ 		break;
+ 	    }
+-	    sprintf(nfrontp, " %d %d (%d)",
++	    output_data(" %d %d (%d)",
+ 		pointer[3], pointer[4],
+ 		(int)((((unsigned int)pointer[3])<<8)|((unsigned int)pointer[4])));
+-	    nfrontp += strlen(nfrontp);
+ 	    for (i = 5; i < length; i++) {
+-		sprintf(nfrontp, " ?%d?", pointer[i]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" ?%d?", pointer[i]);
+ 	    }
+ 	    break;
+ 
+ 	case TELOPT_LINEMODE:
+-	    sprintf(nfrontp, "LINEMODE ");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("LINEMODE ");
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case WILL:
+-		sprintf(nfrontp, "WILL ");
++		output_data("WILL ");
+ 		goto common;
+ 	    case WONT:
+-		sprintf(nfrontp, "WONT ");
++		output_data("WONT ");
+ 		goto common;
+ 	    case DO:
+-		sprintf(nfrontp, "DO ");
++		output_data("DO ");
+ 		goto common;
+ 	    case DONT:
+-		sprintf(nfrontp, "DONT ");
++		output_data("DONT ");
+ 	    common:
+-		nfrontp += strlen(nfrontp);
+ 		if (length < 3) {
+-		    sprintf(nfrontp, "(no option??\?)");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(no option??\?)");
+ 		    break;
+ 		}
+ 		switch (pointer[2]) {
+ 		case LM_FORWARDMASK:
+-		    sprintf(nfrontp, "Forward Mask");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("Forward Mask");
+ 		    for (i = 3; i < length; i++) {
+-			sprintf(nfrontp, " %x", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" %x", pointer[i]);
+ 		    }
+ 		    break;
+ 		default:
+-		    sprintf(nfrontp, "%d (unknown)", pointer[2]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data("%d (unknown)", pointer[2]);
+ 		    for (i = 3; i < length; i++) {
+-			sprintf(nfrontp, " %d", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" %d", pointer[i]);
+ 		    }
+ 		    break;
+ 		}
+ 		break;
+ 
+ 	    case LM_SLC:
+-		sprintf(nfrontp, "SLC");
+-		nfrontp += strlen(nfrontp);
++		output_data("SLC");
+ 		for (i = 2; i < length - 2; i += 3) {
+ 		    if (SLC_NAME_OK(pointer[i+SLC_FUNC]))
+-			sprintf(nfrontp, " %s", SLC_NAME(pointer[i+SLC_FUNC]));
++			output_data(" %s", SLC_NAME(pointer[i+SLC_FUNC]));
+ 		    else
+-			sprintf(nfrontp, " %d", pointer[i+SLC_FUNC]);
+-		    nfrontp += strlen(nfrontp);
++			output_data(" %d", pointer[i+SLC_FUNC]);
+ 		    switch (pointer[i+SLC_FLAGS]&SLC_LEVELBITS) {
+ 		    case SLC_NOSUPPORT:
+-			sprintf(nfrontp, " NOSUPPORT"); break;
++			output_data(" NOSUPPORT"); break;
+ 		    case SLC_CANTCHANGE:
+-			sprintf(nfrontp, " CANTCHANGE"); break;
++			output_data(" CANTCHANGE"); break;
+ 		    case SLC_VARIABLE:
+-			sprintf(nfrontp, " VARIABLE"); break;
++			output_data(" VARIABLE"); break;
+ 		    case SLC_DEFAULT:
+-			sprintf(nfrontp, " DEFAULT"); break;
++			output_data(" DEFAULT"); break;
+ 		    }
+-		    nfrontp += strlen(nfrontp);
+-		    sprintf(nfrontp, "%s%s%s",
++		    output_data("%s%s%s",
+ 			pointer[i+SLC_FLAGS]&SLC_ACK ? "|ACK" : "",
+ 			pointer[i+SLC_FLAGS]&SLC_FLUSHIN ? "|FLUSHIN" : "",
+ 			pointer[i+SLC_FLAGS]&SLC_FLUSHOUT ? "|FLUSHOUT" : "");
+-		    nfrontp += strlen(nfrontp);
+ 		    if (pointer[i+SLC_FLAGS]& ~(SLC_ACK|SLC_FLUSHIN|
+ 						SLC_FLUSHOUT| SLC_LEVELBITS)) {
+-			sprintf(nfrontp, "(0x%x)", pointer[i+SLC_FLAGS]);
+-			nfrontp += strlen(nfrontp);
++			output_data("(0x%x)", pointer[i+SLC_FLAGS]);
+ 		    }
+-		    sprintf(nfrontp, " %d;", pointer[i+SLC_VALUE]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" %d;", pointer[i+SLC_VALUE]);
+ 		    if ((pointer[i+SLC_VALUE] == IAC) &&
+ 			(pointer[i+SLC_VALUE+1] == IAC))
+ 				i++;
+ 		}
+ 		for (; i < length; i++) {
+-		    sprintf(nfrontp, " ?%d?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?%d?", pointer[i]);
+ 		}
+ 		break;
+ 
+ 	    case LM_MODE:
+-		sprintf(nfrontp, "MODE ");
+-		nfrontp += strlen(nfrontp);
++		output_data("MODE ");
+ 		if (length < 3) {
+-		    sprintf(nfrontp, "(no mode??\?)");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(no mode??\?)");
+ 		    break;
+ 		}
+ 		{
+@@ -780,24 +709,19 @@
+ 			pointer[2]&MODE_SOFT_TAB ? "|SOFT_TAB" : "",
+ 			pointer[2]&MODE_LIT_ECHO ? "|LIT_ECHO" : "",
+ 			pointer[2]&MODE_ACK ? "|ACK" : "");
+-		    sprintf(nfrontp, "%s", tbuf[1] ? &tbuf[1] : "0");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("%s", tbuf[1] ? &tbuf[1] : "0");
+ 		}
+ 		if (pointer[2]&~(MODE_EDIT|MODE_TRAPSIG|MODE_ACK)) {
+-		    sprintf(nfrontp, " (0x%x)", pointer[2]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" (0x%x)", pointer[2]);
+ 		}
+ 		for (i = 3; i < length; i++) {
+-		    sprintf(nfrontp, " ?0x%x?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?0x%x?", pointer[i]);
+ 		}
+ 		break;
+ 	    default:
+-		sprintf(nfrontp, "%d (unknown)", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		output_data("%d (unknown)", pointer[1]);
+ 		for (i = 2; i < length; i++) {
+-		    sprintf(nfrontp, " %d", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" %d", pointer[i]);
+ 		}
+ 	    }
+ 	    break;
+@@ -806,24 +730,20 @@
+ 	    register char *cp;
+ 	    register int j, k;
+ 
+-	    sprintf(nfrontp, "STATUS");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("STATUS");
+ 
+ 	    switch (pointer[1]) {
+ 	    default:
+ 		if (pointer[1] == TELQUAL_SEND)
+-		    sprintf(nfrontp, " SEND");
++		    output_data(" SEND");
+ 		else
+-		    sprintf(nfrontp, " %d (unknown)", pointer[1]);
+-		nfrontp += strlen(nfrontp);
++		    output_data(" %d (unknown)", pointer[1]);
+ 		for (i = 2; i < length; i++) {
+-		    sprintf(nfrontp, " ?%d?", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++		    output_data(" ?%d?", pointer[i]);
+ 		}
+ 		break;
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, " IS\r\n");
+-		nfrontp += strlen(nfrontp);
++		output_data(" IS\r\n");
+ 
+ 		for (i = 2; i < length; i++) {
+ 		    switch(pointer[i]) {
+@@ -834,18 +754,15 @@
+ 		    common2:
+ 			i++;
+ 			if (TELOPT_OK(pointer[i]))
+-			    sprintf(nfrontp, " %s %s", cp, TELOPT(pointer[i]));
++			    output_data(" %s %s", cp, TELOPT(pointer[i]));
+ 			else
+-			    sprintf(nfrontp, " %s %d", cp, pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			    output_data(" %s %d", cp, pointer[i]);
+ 
+-			sprintf(nfrontp, "\r\n");
+-			nfrontp += strlen(nfrontp);
++			output_data("\r\n");
+ 			break;
+ 
+ 		    case SB:
+-			sprintf(nfrontp, " SB ");
+-			nfrontp += strlen(nfrontp);
++			output_data(" SB ");
+ 			i++;
+ 			j = k = i;
+ 			while (j < length) {
+@@ -861,20 +778,17 @@
+ 			}
+ 			printsub(0, &pointer[i], k - i);
+ 			if (i < length) {
+-			    sprintf(nfrontp, " SE");
+-			    nfrontp += strlen(nfrontp);
++			    output_data(" SE");
+ 			    i = j;
+ 			} else
+ 			    i = j - 1;
+ 
+-			sprintf(nfrontp, "\r\n");
+-			nfrontp += strlen(nfrontp);
++			output_data("\r\n");
+ 
+ 			break;
+ 
+ 		    default:
+-			sprintf(nfrontp, " %d", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" %d", pointer[i]);
+ 			break;
+ 		    }
+ 		}
+@@ -884,86 +798,77 @@
+ 	  }
+ 
+ 	case TELOPT_XDISPLOC:
+-	    sprintf(nfrontp, "X-DISPLAY-LOCATION ");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("X-DISPLAY-LOCATION ");
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, "IS \"%.*s\"", length-2, (char *)pointer+2);
++		output_data("IS \"%.*s\"", length-2, (char *)pointer+2);
+ 		break;
+ 	    case TELQUAL_SEND:
+-		sprintf(nfrontp, "SEND");
++		output_data("SEND");
+ 		break;
+ 	    default:
+-		sprintf(nfrontp, "- unknown qualifier %d (0x%x).",
++		output_data("- unknown qualifier %d (0x%x).",
+ 				pointer[1], pointer[1]);
+ 	    }
+-	    nfrontp += strlen(nfrontp);
+ 	    break;
+ 
+ 	case TELOPT_NEW_ENVIRON:
+-	    sprintf(nfrontp, "NEW-ENVIRON ");
++	    output_data("NEW-ENVIRON ");
+ 	    goto env_common1;
+ 	case TELOPT_OLD_ENVIRON:
+-	    sprintf(nfrontp, "OLD-ENVIRON");
++	    output_data("OLD-ENVIRON");
+ 	env_common1:
+-	    nfrontp += strlen(nfrontp);
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, "IS ");
++		output_data("IS ");
+ 		goto env_common;
+ 	    case TELQUAL_SEND:
+-		sprintf(nfrontp, "SEND ");
++		output_data("SEND ");
+ 		goto env_common;
+ 	    case TELQUAL_INFO:
+-		sprintf(nfrontp, "INFO ");
++		output_data("INFO ");
+ 	    env_common:
+-		nfrontp += strlen(nfrontp);
+ 		{
+ 		    register int noquote = 2;
+ 		    for (i = 2; i < length; i++ ) {
+ 			switch (pointer[i]) {
+ 			case NEW_ENV_VAR:
+-			    sprintf(nfrontp, "\" VAR " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" VAR " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case NEW_ENV_VALUE:
+-			    sprintf(nfrontp, "\" VALUE " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" VALUE " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case ENV_ESC:
+-			    sprintf(nfrontp, "\" ESC " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" ESC " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			case ENV_USERVAR:
+-			    sprintf(nfrontp, "\" USERVAR " + noquote);
+-			    nfrontp += strlen(nfrontp);
++			    output_data("\" USERVAR " + noquote);
+ 			    noquote = 2;
+ 			    break;
+ 
+ 			default:
+ 			    if (isprint(pointer[i]) && pointer[i] != '"') {
+ 				if (noquote) {
+-				    *nfrontp++ = '"';
++				    output_data("\"");
+ 				    noquote = 0;
+ 				}
+-				*nfrontp++ = pointer[i];
++				output_data("%c", pointer[i]);
+ 			    } else {
+-				sprintf(nfrontp, "\" %03o " + noquote,
++				output_data("\" %03o " + noquote,
+ 							pointer[i]);
+-				nfrontp += strlen(nfrontp);
+ 				noquote = 2;
+ 			    }
+ 			    break;
+ 			}
+ 		    }
+ 		    if (!noquote)
+-			*nfrontp++ = '"';
++			output_data("\"");
+ 		    break;
+ 		}
+ 	    }
+@@ -971,83 +876,66 @@
+ 
+ #if	defined(AUTHENTICATION)
+ 	case TELOPT_AUTHENTICATION:
+-	    sprintf(nfrontp, "AUTHENTICATION");
+-	    nfrontp += strlen(nfrontp);
++	    output_data("AUTHENTICATION");
+ 
+ 	    if (length < 2) {
+-		sprintf(nfrontp, " (empty suboption??\?)");
+-		nfrontp += strlen(nfrontp);
++		output_data(" (empty suboption??\?)");
+ 		break;
+ 	    }
+ 	    switch (pointer[1]) {
+ 	    case TELQUAL_REPLY:
+ 	    case TELQUAL_IS:
+-		sprintf(nfrontp, " %s ", (pointer[1] == TELQUAL_IS) ?
++		output_data(" %s ", (pointer[1] == TELQUAL_IS) ?
+ 							"IS" : "REPLY");
+-		nfrontp += strlen(nfrontp);
+ 		if (AUTHTYPE_NAME_OK(pointer[2]))
+-		    sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[2]));
++		    output_data("%s ", AUTHTYPE_NAME(pointer[2]));
+ 		else
+-		    sprintf(nfrontp, "%d ", pointer[2]);
+-		nfrontp += strlen(nfrontp);
++		    output_data("%d ", pointer[2]);
+ 		if (length < 3) {
+-		    sprintf(nfrontp, "(partial suboption??\?)");
+-		    nfrontp += strlen(nfrontp);
++		    output_data("(partial suboption??\?)");
+ 		    break;
+ 		}
+-		sprintf(nfrontp, "%s|%s",
++		output_data("%s|%s",
+ 			((pointer[3] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+ 			"CLIENT" : "SERVER",
+ 			((pointer[3] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+ 			"MUTUAL" : "ONE-WAY");
+-		nfrontp += strlen(nfrontp);
+ 
+     		{
+ 		    char buf[512];
+ 		    auth_printsub(&pointer[1], length - 1, buf, sizeof(buf));
+-		    sprintf(nfrontp, "%s", buf);
++		    output_data("%s", buf);
+ 		}
+-		nfrontp += strlen(nfrontp);
+ 		break;
+ 
+ 	    case TELQUAL_SEND:
+ 		i = 2;
+-		sprintf(nfrontp, " SEND ");
+-		nfrontp += strlen(nfrontp);
++		output_data(" SEND ");
+ 		while (i < length) {
+ 		    if (AUTHTYPE_NAME_OK(pointer[i]))
+-			sprintf(nfrontp, "%s ", AUTHTYPE_NAME(pointer[i]));
++			output_data("%s ", AUTHTYPE_NAME(pointer[i]));
+ 		    else
+-			sprintf(nfrontp, "%d ", pointer[i]);
+-		    nfrontp += strlen(nfrontp);
++			output_data("%d ", pointer[i]);
+ 		    if (++i >= length) {
+-			sprintf(nfrontp, "(partial suboption??\?)");
+-			nfrontp += strlen(nfrontp);
++			output_data("(partial suboption??\?)");
+ 			break;
+ 		    }
+-		    sprintf(nfrontp, "%s|%s ",
++		    output_data("%s|%s ",
+ 			((pointer[i] & AUTH_WHO_MASK) == AUTH_WHO_CLIENT) ?
+ 							"CLIENT" : "SERVER",
+ 			((pointer[i] & AUTH_HOW_MASK) == AUTH_HOW_MUTUAL) ?
+ 							"MUTUAL" : "ONE-WAY");
+-		    nfrontp += strlen(nfrontp);
+ 		    ++i;
+ 		}
+ 		break;
+ 
+ 	    case TELQUAL_NAME:
+-		i = 2;
+-		sprintf(nfrontp, " NAME \"");
+-		nfrontp += strlen(nfrontp);
+-		while (i < length)
+-		    *nfrontp += pointer[i++];
+-		*nfrontp += '"';
++		output_data(" NAME \"%.*s\"", length - 2, pointer + 2);
+ 		break;
+ 
+ 	    default:
+ 		    for (i = 2; i < length; i++) {
+-			sprintf(nfrontp, " ?%d?", pointer[i]);
+-			nfrontp += strlen(nfrontp);
++			output_data(" ?%d?", pointer[i]);
+ 		    }
+ 		    break;
+ 	    }
+@@ -1057,18 +945,15 @@
+ 
+ 	default:
+ 	    if (TELOPT_OK(pointer[0]))
+-	        sprintf(nfrontp, "%s (unknown)", TELOPT(pointer[0]));
++	        output_data("%s (unknown)", TELOPT(pointer[0]));
+ 	    else
+-	        sprintf(nfrontp, "%d (unknown)", pointer[i]);
+-	    nfrontp += strlen(nfrontp);
++	        output_data("%d (unknown)", pointer[i]);
+ 	    for (i = 1; i < length; i++) {
+-		sprintf(nfrontp, " %d", pointer[i]);
+-		nfrontp += strlen(nfrontp);
++		output_data(" %d", pointer[i]);
+ 	    }
+ 	    break;
+ 	}
+-	sprintf(nfrontp, "\r\n");
+-	nfrontp += strlen(nfrontp);
++	output_data("\r\n");
+ }
+ 
+ /*
+@@ -1090,26 +975,22 @@
+ 		}
+ 
+ 		/* add a line of output */
+-		sprintf(nfrontp, "%s: ", tag);
+-		nfrontp += strlen(nfrontp);
++		output_data("%s: ", tag);
+ 		for (i = 0; i < 20 && cnt; i++) {
+-			sprintf(nfrontp, "%02x", *ptr);
+-			nfrontp += strlen(nfrontp);
++			output_data("%02x", *ptr);
+ 			if (isprint(*ptr)) {
+ 				xbuf[i] = *ptr;
+ 			} else {
+ 				xbuf[i] = '.';
+ 			}
+ 			if (i % 2) {
+-				*nfrontp = ' ';
+-				nfrontp++;
++				output_data(" ");
+ 			}
+ 			cnt--;
+ 			ptr++;
+ 		}
+ 		xbuf[i] = '\0';
+-		sprintf(nfrontp, " %s\r\n", xbuf );
+-		nfrontp += strlen(nfrontp);
++		output_data(" %s\r\n", xbuf );
+ 	}
+ }
+ #endif /* DIAGNOSTICS */
diff --git a/share/security/patches/SA-01:49/telnetd.patch.asc b/share/security/patches/SA-01:49/telnetd.patch.asc
new file mode 100644
index 0000000000..9c4552214a
--- /dev/null
+++ b/share/security/patches/SA-01:49/telnetd.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO1ykWVUuHi5z0oilAQFzbgP9EwlfICZ9Q0VB+5Q1YUzudzFBlBS5ilbH
+QRTSTW5P2DUvtKKNt0TeTCm5gdX/a5aX+kaq2/SFS6SM4mWvlkGuoLwgA7mwvwiQ
+l/GxRjb5OLcPJLdFF3J/mi35PVGAkMtwUJXhiWgHD1inZrTAyQHsgw5JadfRswgy
+1baMhnHpBpU=
+=tAc+
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:51/openssl.patch b/share/security/patches/SA-01:51/openssl.patch
new file mode 100644
index 0000000000..c8bc317e96
--- /dev/null
+++ b/share/security/patches/SA-01:51/openssl.patch
@@ -0,0 +1,86 @@
+Index: crypto/openssl/crypto/rand/md_rand.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rand/md_rand.c,v
+retrieving revision 1.1.1.1.2.2
+retrieving revision 1.1.1.1.2.2.2.1
+diff -u -r1.1.1.1.2.2 -r1.1.1.1.2.2.2.1
+--- crypto/openssl/crypto/rand/md_rand.c	2000/11/26 11:33:48	1.1.1.1.2.2
++++ crypto/openssl/crypto/rand/md_rand.c	2001/07/19 21:01:08	1.1.1.1.2.2.2.1
+@@ -308,6 +308,7 @@
+ 	{
+ 	static volatile int stirred_pool = 0;
+ 	int i,j,k,st_num,st_idx;
++	int num_ceil;
+ 	int ok;
+ 	long md_c[2];
+ 	unsigned char local_md[MD_DIGEST_LENGTH];
+@@ -328,6 +329,12 @@
+ 		}
+ #endif
+ 
++	if (num <= 0)
++		return 1;
++	
++	/* round upwards to multiple of MD_DIGEST_LENGTH/2 */
++	num_ceil = (1 + (num-1)/(MD_DIGEST_LENGTH/2)) * (MD_DIGEST_LENGTH/2);
++
+ 	/*
+ 	 * (Based on the rand(3) manpage:)
+ 	 *
+@@ -409,11 +416,11 @@
+ 	md_c[1] = md_count[1];
+ 	memcpy(local_md, md, sizeof md);
+ 
+-	state_index+=num;
++	state_index+=num_ceil;
+ 	if (state_index > state_num)
+ 		state_index %= state_num;
+ 
+-	/* state[st_idx], ..., state[(st_idx + num - 1) % st_num]
++	/* state[st_idx], ..., state[(st_idx + num_ceil - 1) % st_num]
+ 	 * are now ours (but other threads may use them too) */
+ 
+ 	md_count[0] += 1;
+@@ -424,6 +431,7 @@
+ 
+ 	while (num > 0)
+ 		{
++		/* num_ceil -= MD_DIGEST_LENGTH/2 */
+ 		j=(num >= MD_DIGEST_LENGTH/2)?MD_DIGEST_LENGTH/2:num;
+ 		num-=j;
+ 		MD_Init(&m);
+@@ -434,27 +442,28 @@
+ 			curr_pid = 0;
+ 			}
+ #endif
+-		MD_Update(&m,&(local_md[MD_DIGEST_LENGTH/2]),MD_DIGEST_LENGTH/2);
++		MD_Update(&m,local_md,MD_DIGEST_LENGTH);
+ 		MD_Update(&m,(unsigned char *)&(md_c[0]),sizeof(md_c));
+ #ifndef PURIFY
+ 		MD_Update(&m,buf,j); /* purify complains */
+ #endif
+-		k=(st_idx+j)-st_num;
++		k=(st_idx+MD_DIGEST_LENGTH/2)-st_num;
+ 		if (k > 0)
+ 			{
+-			MD_Update(&m,&(state[st_idx]),j-k);
++			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2-k);
+ 			MD_Update(&m,&(state[0]),k);
+ 			}
+ 		else
+-			MD_Update(&m,&(state[st_idx]),j);
++			MD_Update(&m,&(state[st_idx]),MD_DIGEST_LENGTH/2);
+ 		MD_Final(local_md,&m);
+ 
+-		for (i=0; i<j; i++)
++		for (i=0; i<MD_DIGEST_LENGTH/2; i++)
+ 			{
+ 			state[st_idx++]^=local_md[i]; /* may compete with other threads */
+-			*(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
+ 			if (st_idx >= st_num)
+ 				st_idx=0;
++			if (i < j)
++				*(buf++)=local_md[i+MD_DIGEST_LENGTH/2];
+ 			}
+ 		}
+ 
diff --git a/share/security/patches/SA-01:51/openssl.patch.asc b/share/security/patches/SA-01:51/openssl.patch.asc
new file mode 100644
index 0000000000..73a71a4586
--- /dev/null
+++ b/share/security/patches/SA-01:51/openssl.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO2Xm3VUuHi5z0oilAQGy2wP/fb6sztF2QLKV/GH94st7tIq+CH/J0U39
+Msk6gFB5ZPf2gzQ+RqkzUJ9KnkY2pqKUPp7BcoVM50MJZzCmxuuBJd5w+ftndQNq
+DDl4xe8nQ85K5pb3/375XBURoAbuB0N0kj6slCJkZV4g2cNVfwvbz/edHQX2Agr5
+ttevvf76WVA=
+=MUJO
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:52/frag-3.x.patch b/share/security/patches/SA-01:52/frag-3.x.patch
new file mode 100644
index 0000000000..7b31156a39
--- /dev/null
+++ b/share/security/patches/SA-01:52/frag-3.x.patch
@@ -0,0 +1,84 @@
+Index: sys/netinet/ip_input.c
+===================================================================
+RCS file: /mnt/ncvs/src/sys/netinet/ip_input.c,v
+retrieving revision 1.111.2.9
+retrieving revision 1.111.2.10
+diff -u -r1.111.2.9 -r1.111.2.10
+--- sys/netinet/ip_input.c	2000/06/13 07:12:34	1.111.2.9
++++ sys/netinet/ip_input.c	2001/08/06 09:20:57	1.111.2.10
+@@ -175,6 +175,12 @@
+ #endif
+ 
+ 
++static int	ip_nfragpackets = 0;
++static int	ip_maxfragpackets;	/* initialized in ip_init() */
++SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_RW,
++	&ip_maxfragpackets, 0,
++	"Maximum number of IPv4 fragment reassembly queue entries");
++
+ /*
+  * We need to save the IP options in case a protocol wants to respond
+  * to an incoming packet over the same route if the packet got here
+@@ -235,7 +241,8 @@
+ 	for (i = 0; i < IPREASS_NHASH; i++)
+ 	    ipq[i].next = ipq[i].prev = &ipq[i];
+ 
+-	maxnipq = nmbclusters/4;
++	maxnipq = nmbclusters / 4;
++	ip_maxfragpackets = nmbclusters / 4;
+ 
+ 	ip_id = time_second & 0xffff;
+ 	ipintrq.ifq_maxlen = ipqmaxlen;
+@@ -766,6 +773,15 @@
+ 	 * If first fragment to arrive, create a reassembly queue.
+ 	 */
+ 	if (fp == 0) {
++		/*
++		 * Enforce upper bound on number of fragmented packets
++		 * for which we attempt reassembly;
++		 * If maxfrag is 0, never accept fragments.
++		 * If maxfrag is -1, accept all fragments without limitation.
++		 */
++		if ((ip_maxfragpackets >= 0) && (ip_nfragpackets >= ip_maxfragpackets))
++			goto dropfrag;
++		ip_nfragpackets++;
+ 		if ((t = m_get(M_DONTWAIT, MT_FTABLE)) == NULL)
+ 			goto dropfrag;
+ 		fp = mtod(t, struct ipq *);
+@@ -908,6 +924,7 @@
+ 	remque(fp);
+ 	nipq--;
+ 	(void) m_free(dtom(fp));
++	ip_nfragpackets--;
+ 	m->m_len += (IP_VHL_HL(ip->ip_vhl) << 2);
+ 	m->m_data -= (IP_VHL_HL(ip->ip_vhl) << 2);
+ 	/* some debugging cruft by sklower, below, will go away soon */
+@@ -948,6 +965,7 @@
+ 	}
+ 	remque(fp);
+ 	(void) m_free(dtom(fp));
++	ip_nfragpackets--;
+ 	nipq--;
+ }
+ 
+@@ -973,6 +991,20 @@
+ 			if (fp->prev->ipq_ttl == 0) {
+ 				ipstat.ips_fragtimeout++;
+ 				ip_freef(fp->prev);
++			}
++		}
++	}
++	/*
++	 * If we are over the maximum number of fragments
++	 * (due to the limit being lowered), drain off
++	 * enough to get down to the new limit.
++	 */
++	for (i = 0; i < IPREASS_NHASH; i++) {
++		if (ip_maxfragpackets >= 0) {
++			while ((ip_nfragpackets > ip_maxfragpackets) &&
++				(ipq[i].next != &ipq[i])) {
++				ipstat.ips_fragdropped++;
++				ip_freef(ipq[i].next);
+ 			}
+ 		}
+ 	}
diff --git a/share/security/patches/SA-01:52/frag-3.x.patch.asc b/share/security/patches/SA-01:52/frag-3.x.patch.asc
new file mode 100644
index 0000000000..fa7f8d1172
--- /dev/null
+++ b/share/security/patches/SA-01:52/frag-3.x.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO28VPFUuHi5z0oilAQHf/gP/dpk9wAkorjYzldAHkIhyowuyHUeOdddg
+hBjLaDSlQYr+ZwlvyWGHGkNr7u4MDuw9dk8hb9FP14Jd6FBIEiTnKVYQNqx2atG0
+Um7CS0ENIQCuLtVYZak9pCQaTNAAmrB7+U4QQNtz7BsmSR7HOrqBGuM4v3XISKgn
+XOAaIZ0ZLmc=
+=N3FF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:52/frag-4.x.patch b/share/security/patches/SA-01:52/frag-4.x.patch
new file mode 100644
index 0000000000..680ab97b6e
--- /dev/null
+++ b/share/security/patches/SA-01:52/frag-4.x.patch
@@ -0,0 +1,118 @@
+Index: sys/netinet/ip_input.c
+===================================================================
+RCS file: /mnt/ncvs/src/sys/netinet/ip_input.c,v
+retrieving revision 1.130.2.21
+retrieving revision 1.130.2.22
+diff -u -r1.130.2.21 -r1.130.2.22
+--- sys/netinet/ip_input.c	2001/03/08 23:14:54	1.130.2.21
++++ sys/netinet/ip_input.c	2001/06/16 23:48:04	1.130.2.22
+@@ -122,6 +122,12 @@
+ 	&ip_keepfaith,	0,
+ 	"Enable packet capture for FAITH IPv4->IPv6 translater daemon");
+ 
++static int	ip_nfragpackets = 0;
++static int	ip_maxfragpackets;	/* initialized in ip_init() */
++SYSCTL_INT(_net_inet_ip, OID_AUTO, maxfragpackets, CTLFLAG_RW,
++	&ip_maxfragpackets, 0,
++	"Maximum number of IPv4 fragment reassembly queue entries");
++
+ /*
+  * XXX - Setting ip_checkinterface mostly implements the receive side of
+  * the Strong ES model described in RFC 1122, but since the routing table
+@@ -248,7 +254,8 @@
+ 	for (i = 0; i < IPREASS_NHASH; i++)
+ 	    ipq[i].next = ipq[i].prev = &ipq[i];
+ 
+-	maxnipq = nmbclusters/4;
++	maxnipq = nmbclusters / 4;
++	ip_maxfragpackets = nmbclusters / 4;
+ 
+ 	ip_id = time_second & 0xffff;
+ 	ipintrq.ifq_maxlen = ipqmaxlen;
+@@ -861,6 +868,15 @@
+ 	 * If first fragment to arrive, create a reassembly queue.
+ 	 */
+ 	if (fp == 0) {
++		/*
++		 * Enforce upper bound on number of fragmented packets
++		 * for which we attempt reassembly;
++		 * If maxfrag is 0, never accept fragments.
++		 * If maxfrag is -1, accept all fragments without limitation.
++		 */
++		if ((ip_maxfragpackets >= 0) && (ip_nfragpackets >= ip_maxfragpackets))
++			goto dropfrag;
++		ip_nfragpackets++;
+ 		if ((t = m_get(M_DONTWAIT, MT_FTABLE)) == NULL)
+ 			goto dropfrag;
+ 		fp = mtod(t, struct ipq *);
+@@ -1009,6 +1025,7 @@
+ 	remque(fp);
+ 	nipq--;
+ 	(void) m_free(dtom(fp));
++	ip_nfragpackets--;
+ 	m->m_len += (IP_VHL_HL(ip->ip_vhl) << 2);
+ 	m->m_data -= (IP_VHL_HL(ip->ip_vhl) << 2);
+ 	/* some debugging cruft by sklower, below, will go away soon */
+@@ -1049,6 +1066,7 @@
+ 	}
+ 	remque(fp);
+ 	(void) m_free(dtom(fp));
++	ip_nfragpackets--;
+ 	nipq--;
+ }
+ 
+@@ -1074,6 +1092,20 @@
+ 			if (fp->prev->ipq_ttl == 0) {
+ 				ipstat.ips_fragtimeout++;
+ 				ip_freef(fp->prev);
++			}
++		}
++	}
++	/*
++	 * If we are over the maximum number of fragments
++	 * (due to the limit being lowered), drain off
++	 * enough to get down to the new limit.
++	 */
++	for (i = 0; i < IPREASS_NHASH; i++) {
++		if (ip_maxfragpackets >= 0) {
++			while ((ip_nfragpackets > ip_maxfragpackets) &&
++				(ipq[i].next != &ipq[i])) {
++				ipstat.ips_fragdropped++;
++				ip_freef(ipq[i].next);
+ 			}
+ 		}
+ 	}
+Index: sys/netinet6/frag6.c
+===================================================================
+RCS file: /mnt/ncvs/src/sys/netinet6/frag6.c,v
+retrieving revision 1.2.2.3
+retrieving revision 1.2.2.4
+diff -u -r1.2.2.3 -r1.2.2.4
+--- sys/netinet6/frag6.c	2001/05/23 09:47:24	1.2.2.3
++++ sys/netinet6/frag6.c	2001/06/16 23:48:11	1.2.2.4
+@@ -81,6 +81,8 @@
+ {
+ 	struct timeval tv;
+ 
++	ip6_maxfragpackets = nmbclusters / 4;
++
+ 	/*
+ 	 * in many cases, random() here does NOT return random number
+ 	 * as initialization during bootstrap time occur in fixed order.
+Index: sys/netinet6/in6_proto.c
+===================================================================
+RCS file: /mnt/ncvs/src/sys/netinet6/in6_proto.c,v
+retrieving revision 1.6.2.3
+retrieving revision 1.6.2.4
+diff -u -r1.6.2.3 -r1.6.2.4
+--- sys/netinet6/in6_proto.c	2001/03/05 13:09:04	1.6.2.3
++++ sys/netinet6/in6_proto.c	2001/06/16 23:48:11	1.6.2.4
+@@ -286,7 +286,7 @@
+ int	ip6_defhlim = IPV6_DEFHLIM;
+ int	ip6_defmcasthlim = IPV6_DEFAULT_MULTICAST_HOPS;
+ int	ip6_accept_rtadv = 0;	/* "IPV6FORWARDING ? 0 : 1" is dangerous */
+-int	ip6_maxfragpackets = 200;
++int	ip6_maxfragpackets;	/* initialized in frag6.c:frag6_init() */
+ int	ip6_log_interval = 5;
+ int	ip6_hdrnestlimit = 50;	/* appropriate? */
+ int	ip6_dad_count = 1;	/* DupAddrDetectionTransmits */
diff --git a/share/security/patches/SA-01:52/frag-4.x.patch.asc b/share/security/patches/SA-01:52/frag-4.x.patch.asc
new file mode 100644
index 0000000000..6bbf1b137c
--- /dev/null
+++ b/share/security/patches/SA-01:52/frag-4.x.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO28VQFUuHi5z0oilAQHeQgP/dhT2lAwO1rPBGyzxDf+e3QMxfigSdwzt
+Y7xaKXQ8MJD0lmZZchvmCMTvI55+ywrtrzycj/BU5i2h+bA2MOHLN6LUAC56k3LU
+6Y3PZplOT+zG6kwaoklOoqmTSASO68/Oein/I2ItpTq6viMBm3EUnhPfZPPlZRGL
+4Xh29x0o47g=
+=7Kta
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:53/ipfw.patch b/share/security/patches/SA-01:53/ipfw.patch
new file mode 100644
index 0000000000..b33730856e
--- /dev/null
+++ b/share/security/patches/SA-01:53/ipfw.patch
@@ -0,0 +1,75 @@
+Index: sys/netinet/in_var.h
+===================================================================
+RCS file: /usr2/ncvs/src/sys/netinet/in_var.h,v
+retrieving revision 1.33.2.1
+retrieving revision 1.33.2.2
+diff -u -r1.33.2.1 -r1.33.2.2
+--- sys/netinet/in_var.h	2001/05/14 08:23:49	1.33.2.1
++++ sys/netinet/in_var.h	2001/07/17 10:50:01	1.33.2.2
+@@ -94,20 +94,11 @@
+ 	/* struct in_addr addr; */ \
+ 	/* struct ifnet *ifp; */ \
+ { \
+-	register struct in_ifaddr *ia; \
++	struct in_ifaddr *ia; \
+ \
+-	for (ia = in_ifaddrhead.tqh_first; \
+-	    ia != NULL && ((ia->ia_ifp->if_flags & IFF_POINTOPOINT)? \
+-		IA_DSTSIN(ia):IA_SIN(ia))->sin_addr.s_addr != (addr).s_addr; \
+-	    ia = ia->ia_link.tqe_next) \
+-		 continue; \
+-	if (ia == NULL) \
+-	    for (ia = in_ifaddrhead.tqh_first; \
+-		ia != NULL; \
+-		ia = ia->ia_link.tqe_next) \
+-		    if (ia->ia_ifp->if_flags & IFF_POINTOPOINT && \
+-			IA_SIN(ia)->sin_addr.s_addr == (addr).s_addr) \
+-			    break; \
++	TAILQ_FOREACH(ia, &in_ifaddrhead, ia_link) \
++		if (IA_SIN(ia)->sin_addr.s_addr == (addr).s_addr) \
++			break; \
+ 	(ifp) = (ia == NULL) ? NULL : ia->ia_ifp; \
+ }
+ 
+@@ -119,9 +110,9 @@
+ 	/* struct ifnet *ifp; */ \
+ 	/* struct in_ifaddr *ia; */ \
+ { \
+-	for ((ia) = in_ifaddrhead.tqh_first; \
++	for ((ia) = TAILQ_FIRST(&in_ifaddrhead); \
+ 	    (ia) != NULL && (ia)->ia_ifp != (ifp); \
+-	    (ia) = (ia)->ia_link.tqe_next) \
++	    (ia) = TAILQ_NEXT((ia), ia_link)) \
+ 		continue; \
+ }
+ #endif
+@@ -182,10 +173,9 @@
+ 	/* struct ifnet *ifp; */ \
+ 	/* struct in_multi *inm; */ \
+ do { \
+-	register struct ifmultiaddr *ifma; \
++	struct ifmultiaddr *ifma; \
+ \
+-	for (ifma = (ifp)->if_multiaddrs.lh_first; ifma; \
+-	     ifma = ifma->ifma_link.le_next) { \
++	LIST_FOREACH(ifma, &((ifp)->if_multiaddrs), ifma_link) { \
+ 		if (ifma->ifma_addr->sa_family == AF_INET \
+ 		    && ((struct sockaddr_in *)ifma->ifma_addr)->sin_addr.s_addr == \
+ 		    (addr).s_addr) \
+@@ -206,14 +196,14 @@
+ 	/* struct in_multi *inm; */ \
+ do { \
+ 	if (((inm) = (step).i_inm) != NULL) \
+-		(step).i_inm = (step).i_inm->inm_link.le_next; \
++		(step).i_inm = LIST_NEXT((step).i_inm, inm_link); \
+ } while(0)
+ 
+ #define IN_FIRST_MULTI(step, inm) \
+ 	/* struct in_multistep step; */ \
+ 	/* struct in_multi *inm; */ \
+ do { \
+-	(step).i_inm = in_multihead.lh_first; \
++	(step).i_inm = LIST_FIRST(&in_multihead); \
+ 	IN_NEXT_MULTI((step), (inm)); \
+ } while(0)
+ 
diff --git a/share/security/patches/SA-01:53/ipfw.patch.asc b/share/security/patches/SA-01:53/ipfw.patch.asc
new file mode 100644
index 0000000000..5e8b779055
--- /dev/null
+++ b/share/security/patches/SA-01:53/ipfw.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO32JhVUuHi5z0oilAQGtTAP+LnvpjavYkjORJLGLhhGFOwG8fFU0Q55e
+2K1qwQjQK2iO+bX+XuNA2jyeQAllgQLpKL7YJevsdc1+NTIJn+DCWki0MFQz5Eu7
+DlBH7IhdoBo9faF5Yc8zYrlpgUh7W4iYQLeQ1MNkQgqnqLHoBoTmzgWUn37Uu54z
+jpyFEndOXhU=
+=mPAH
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:55/procfs.patch b/share/security/patches/SA-01:55/procfs.patch
new file mode 100644
index 0000000000..56c50b1dfa
--- /dev/null
+++ b/share/security/patches/SA-01:55/procfs.patch
@@ -0,0 +1,181 @@
+Index: sys/i386/linux/linprocfs/linprocfs_vnops.c
+===================================================================
+RCS file: /usr2/ncvs/src/sys/i386/linux/linprocfs/Attic/linprocfs_vnops.c,v
+retrieving revision 1.3.2.4
+retrieving revision 1.3.2.5
+diff -u -r1.3.2.4 -r1.3.2.5
+--- sys/i386/linux/linprocfs/linprocfs_vnops.c	2001/06/25 19:46:47	1.3.2.4
++++ sys/i386/linux/linprocfs/linprocfs_vnops.c	2001/08/12 14:29:19	1.3.2.5
+@@ -64,7 +64,6 @@
+ #include <sys/pioctl.h>
+ 
+ extern struct vnode *procfs_findtextvp __P((struct proc *));
+-extern int	procfs_kmemaccess __P((struct proc *));
+ 
+ static int	linprocfs_access __P((struct vop_access_args *));
+ static int	linprocfs_badop __P((void));
+@@ -143,8 +142,7 @@
+ 			return (EBUSY);
+ 
+ 		p1 = ap->a_p;
+-		if (p_trespass(p1, p2) &&
+-		    !procfs_kmemaccess(p1))
++		if (p_trespass(p1, p2))
+ 			return (EPERM);
+ 
+ 		if (ap->a_mode & FWRITE)
+@@ -455,21 +453,6 @@
+ 	vap->va_atime = vap->va_mtime = vap->va_ctime;
+ 
+ 	/*
+-	 * If the process has exercised some setuid or setgid
+-	 * privilege, then rip away read/write permission so
+-	 * that only root can gain access.
+-	 */
+-	switch (pfs->pfs_type) {
+-	case Pmem:
+-		/* Retain group kmem readablity. */
+-		if (procp->p_flag & P_SUGID)
+-			vap->va_mode &= ~(VREAD|VWRITE);
+-		break;
+-	default:
+-		break;
+-	}
+-
+-	/*
+ 	 * now do the object specific fields
+ 	 *
+ 	 * The size could be set from struct reg, but it's hardly
+@@ -545,7 +528,6 @@
+ 			vap->va_uid = 0;
+ 		else
+ 			vap->va_uid = procp->p_ucred->cr_uid;
+-		vap->va_gid = KMEM_GROUP;
+ 		break;
+ 
+ 	case Pprocstat:
+Index: sys/miscfs/procfs/procfs.h
+===================================================================
+RCS file: /usr2/ncvs/src/sys/miscfs/procfs/Attic/procfs.h,v
+retrieving revision 1.32.2.1
+retrieving revision 1.32.2.2
+diff -u -r1.32.2.1 -r1.32.2.2
+--- sys/miscfs/procfs/procfs.h	2000/11/01 20:19:48	1.32.2.1
++++ sys/miscfs/procfs/procfs.h	2001/08/12 14:29:19	1.32.2.2
+@@ -88,8 +88,6 @@
+ 	 ((cnp)->cn_namelen == (len) && \
+ 	  (bcmp((s), (cnp)->cn_nameptr, (len)) == 0))
+ 
+-#define KMEM_GROUP 2
+-
+ #define PROCFS_FILENO(pid, type) \
+ 	(((type) < Pproc) ? \
+ 			((type) + 2) : \
+@@ -147,9 +145,6 @@
+ int procfs_dotype __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio));
+ int procfs_docmdline __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio));
+ int procfs_dorlimit __P((struct proc *, struct proc *, struct pfsnode *pfsp, struct uio *uio));
+-
+-/* Return 1 if process has special kernel digging privileges */
+-int procfs_kmemaccess __P((struct proc *));
+ 
+ /* functions to check whether or not files should be displayed */
+ int procfs_validfile __P((struct proc *));
+Index: sys/miscfs/procfs/procfs_mem.c
+===================================================================
+RCS file: /usr2/ncvs/src/sys/miscfs/procfs/Attic/procfs_mem.c,v
+retrieving revision 1.46.2.1
+retrieving revision 1.46.2.2
+diff -u -r1.46.2.1 -r1.46.2.2
+--- sys/miscfs/procfs/procfs_mem.c	2000/11/01 20:19:48	1.46.2.1
++++ sys/miscfs/procfs/procfs_mem.c	2001/08/12 14:29:19	1.46.2.2
+@@ -244,21 +244,7 @@
+ 	if (uio->uio_resid == 0)
+ 		return (0);
+ 
+- 	/*
+- 	 * XXX
+- 	 * We need to check for KMEM_GROUP because ps is sgid kmem;
+- 	 * not allowing it here causes ps to not work properly.  Arguably,
+- 	 * this is a bug with what ps does.  We only need to do this
+- 	 * for Pmem nodes, and only if it's reading.  This is still not
+- 	 * good, as it may still be possible to grab illicit data if
+- 	 * a process somehow gets to be KMEM_GROUP.  Note that this also
+- 	 * means that KMEM_GROUP can't change without editing procfs.h!
+- 	 * All in all, quite yucky.
+- 	 */
+- 
+- 	if ((!CHECKIO(curp, p) || p_trespass(curp, p)) &&
+-	    !(uio->uio_rw == UIO_READ &&
+-	      procfs_kmemaccess(curp)))
++ 	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return EPERM;
+ 
+ 	return (procfs_rwmem(curp, p, uio));
+@@ -295,22 +281,4 @@
+ {
+ 
+ 	return (p->p_textvp);
+-}
+-
+-int procfs_kmemaccess(curp)
+-	struct proc *curp;
+-{
+-	int i;
+-	struct ucred *cred;
+-
+-	cred = curp->p_ucred;
+-	if (suser(curp))
+-		return 1;
+-
+-	/* XXX: Why isn't this done with file-perms ??? */
+-	for (i = 0; i < cred->cr_ngroups; i++)
+-		if (cred->cr_groups[i] == KMEM_GROUP)	
+-			return 1;
+-	
+-	return 0;
+ }
+Index: sys/miscfs/procfs/procfs_vnops.c
+===================================================================
+RCS file: /usr2/ncvs/src/sys/miscfs/procfs/Attic/procfs_vnops.c,v
+retrieving revision 1.76.2.4
+retrieving revision 1.76.2.5
+diff -u -r1.76.2.4 -r1.76.2.5
+--- sys/miscfs/procfs/procfs_vnops.c	2001/08/04 13:12:24	1.76.2.4
++++ sys/miscfs/procfs/procfs_vnops.c	2001/08/12 14:29:19	1.76.2.5
+@@ -148,8 +148,7 @@
+ 			return (EBUSY);
+ 
+ 		p1 = ap->a_p;
+-		if ((!CHECKIO(p1, p2) || p_trespass(p1, p2)) &&
+-		    !procfs_kmemaccess(p1))
++		if (!CHECKIO(p1, p2) || p_trespass(p1, p2))
+ 			return (EPERM);
+ 
+ 		if (ap->a_mode & FWRITE)
+@@ -477,16 +476,12 @@
+ 	case Pregs:
+ 	case Pfpregs:
+ 	case Pdbregs:
++	case Pmem:
+ 		if (procp->p_flag & P_SUGID)
+ 			vap->va_mode &= ~((VREAD|VWRITE)|
+ 					  ((VREAD|VWRITE)>>3)|
+ 					  ((VREAD|VWRITE)>>6));
+ 		break;
+-	case Pmem:
+-		/* Retain group kmem readablity. */
+-		if (procp->p_flag & P_SUGID)
+-			vap->va_mode &= ~(VREAD|VWRITE);
+-		break;
+ 	default:
+ 		break;
+ 	}
+@@ -556,7 +551,6 @@
+ 			vap->va_uid = 0;
+ 		else
+ 			vap->va_uid = procp->p_ucred->cr_uid;
+-		vap->va_gid = KMEM_GROUP;
+ 		break;
+ 
+ 	case Pregs:
diff --git a/share/security/patches/SA-01:55/procfs.patch.asc b/share/security/patches/SA-01:55/procfs.patch.asc
new file mode 100644
index 0000000000..0d6e52bc99
--- /dev/null
+++ b/share/security/patches/SA-01:55/procfs.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO4LEflUuHi5z0oilAQELEQP/T1E1wfCp9naLjNBDeTnSzLhbq8HHdf2h
+kxSlXZLL2ZWDPZCbSP5mIsC8iG51rbxT6XpswZHzGySmRrOYrjBHNv6e84xCG3HC
+Cm4r+3YIFM/RaskqSmLjPjZgMfpr0LcgyUVnUX06+nAZ63YTEVtZYhsK7ITtahwC
+yw2bv8NFdiM=
+=w0CW
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:56/tcp_wrappers.patch b/share/security/patches/SA-01:56/tcp_wrappers.patch
new file mode 100644
index 0000000000..9753312d0f
--- /dev/null
+++ b/share/security/patches/SA-01:56/tcp_wrappers.patch
@@ -0,0 +1,11 @@
+--- contrib/tcp_wrappers/socket.c	2000/09/25 00:41:55	1.5
++++ contrib/tcp_wrappers/socket.c	2001/07/04 20:16:18	1.6
+@@ -222,7 +222,7 @@
+ 	hints.ai_family = sin->sa_family;
+ 	hints.ai_socktype = SOCK_STREAM;
+ 	hints.ai_flags = AI_PASSIVE | AI_CANONNAME | AI_NUMERICHOST;
+-	if ((err = getaddrinfo(host->name, NULL, &hints, &res0) == 0)) {
++	if ((err = getaddrinfo(host->name, NULL, &hints, &res0)) == 0) {
+ 	    freeaddrinfo(res0);
+ 	    tcpd_warn("host name/name mismatch: "
+ 		      "reverse lookup results in non-FQDN %s",
diff --git a/share/security/patches/SA-01:56/tcp_wrappers.patch.asc b/share/security/patches/SA-01:56/tcp_wrappers.patch.asc
new file mode 100644
index 0000000000..24b730942f
--- /dev/null
+++ b/share/security/patches/SA-01:56/tcp_wrappers.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO4VsiFUuHi5z0oilAQEnzQP/d3pxu24lnbuKcJhach+w4ieXQL5O7oO4
+xeOi90NPgyvYjWmTwO9ez+UmD52o6OnvLGDKntzuSVTT34pixT2G3/P3D8nTqj/h
+B4WmZ9SEIV8QINfcrZPFzRAeLEjXKkTZTjasdQ1NCXKi2dldJckkv49/p/hawE8y
+GXn35mgDmvU=
+=sVkX
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:57/sendmail.patch b/share/security/patches/SA-01:57/sendmail.patch
new file mode 100644
index 0000000000..dd36cd7b8a
--- /dev/null
+++ b/share/security/patches/SA-01:57/sendmail.patch
@@ -0,0 +1,17 @@
+Index: contrib/sendmail/src/trace.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/trace.c,v
+retrieving revision 1.1.1.2.6.2
+retrieving revision 1.1.1.2.6.2.2.1
+diff -u -r1.1.1.2.6.2 -r1.1.1.2.6.2.2.1
+--- contrib/sendmail/src/trace.c	2000/10/10 05:07:28	1.1.1.2.6.2
++++ contrib/sendmail/src/trace.c	2001/08/22 05:34:11	1.1.1.2.6.2.2.1
+@@ -63,7 +63,7 @@
+ tTflag(s)
+ 	register char *s;
+ {
+-	int first, last;
++	unsigned int first, last;
+ 	register unsigned int i;
+ 
+ 	if (*s == '\0')
diff --git a/share/security/patches/SA-01:57/sendmail.patch.asc b/share/security/patches/SA-01:57/sendmail.patch.asc
new file mode 100644
index 0000000000..ea4a21994a
--- /dev/null
+++ b/share/security/patches/SA-01:57/sendmail.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO4q9u1UuHi5z0oilAQG1VwP+LHgaLqU9xY0S2hUHNURGE5eCwmozCTBT
+nnya7T64lvMazzpfjv/tRx4KnYATirzNRZrwlKIZ20bNYqJeOoYoYxy0Op1gdSdy
+LSSpkhxKAU1JglDFhoqKkrwoJ0Fq8XLlQn3ki22qB2XsGCJPHqESsURJt0YcLshe
+/ugi2V2TNa8=
+=E4zp
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:58/lpd-3.x-4.2.patch b/share/security/patches/SA-01:58/lpd-3.x-4.2.patch
new file mode 100644
index 0000000000..3f068b868f
--- /dev/null
+++ b/share/security/patches/SA-01:58/lpd-3.x-4.2.patch
@@ -0,0 +1,56 @@
+Index: usr.sbin/lpr/common_source/displayq.c
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/lpr/common_source/displayq.c,v
+retrieving revision 1.14.2.1
+retrieving revision 1.14.2.2
+diff -u -r1.14.2.1 -r1.14.2.2
+--- usr.sbin/lpr/common_source/displayq.c	1999/08/29 15:43:08	1.14.2.1
++++ usr.sbin/lpr/common_source/displayq.c	2001/08/30 09:46:44	1.14.2.2
+@@ -73,8 +73,8 @@
+ extern uid_t	uid, euid;
+ 
+ static int	col;		/* column on screen */
+-static char	current[40];	/* current file being printed */
+-static char	file[132];	/* print file name */
++static char	current[MAXNAMLEN+1];	/* current file being printed */
++static char	file[MAXNAMLEN+1];	/* print file name */
+ static int	first;		/* first file in ``files'' column? */
+ static int	garbage;	/* # of garbage cf files */
+ static int	lflag;		/* long output option */
+@@ -97,7 +97,7 @@
+ {
+ 	register struct queue *q;
+ 	register int i, nitems, fd, ret;
+-	register char	*cp;
++	char *cp, *endp;
+ 	struct queue **queue;
+ 	struct stat statb;
+ 	FILE *fp;
+@@ -158,8 +158,11 @@
+ 		else {
+ 			/* get daemon pid */
+ 			cp = current;
+-			while ((i = getc(fp)) != EOF && i != '\n')
+-				*cp++ = i;
++			endp = cp + sizeof(current) - 1;
++			while ((i = getc(fp)) != EOF && i != '\n') {
++				if (cp < endp)
++					*cp++ = i;
++			}
+ 			*cp = '\0';
+ 			i = atoi(current);
+ 			if (i <= 0) {
+@@ -174,8 +177,11 @@
+ 			} else {
+ 				/* read current file name */
+ 				cp = current;
+-				while ((i = getc(fp)) != EOF && i != '\n')
+-					*cp++ = i;
++				endp = cp + sizeof(current) - 1;
++				while ((i = getc(fp)) != EOF && i != '\n') {
++					if (cp < endp)
++						*cp++ = i;
++				}
+ 				*cp = '\0';
+ 				/*
+ 				 * Print the status file.
diff --git a/share/security/patches/SA-01:58/lpd-3.x-4.2.patch.asc b/share/security/patches/SA-01:58/lpd-3.x-4.2.patch.asc
new file mode 100644
index 0000000000..06cf44ef52
--- /dev/null
+++ b/share/security/patches/SA-01:58/lpd-3.x-4.2.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO44MXFUuHi5z0oilAQGriQP/WpPbnEUNWHt9ApguMws0k+HWR/LRWg2O
+qypCs+G7EM/t8aGCtH1ypfh0GQMo0ASZBOouCipL20By+uy+l+dlYJoxeI1bvNAV
+D91cDEI5X7c4RKQKh84rYYt3eciy/BK/sAm31QDBuCfiHmnQ/ytg5kVV6r20Y1o+
+h86aYtlA424=
+=BkxB
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:58/lpd-4.3.patch b/share/security/patches/SA-01:58/lpd-4.3.patch
new file mode 100644
index 0000000000..3321ee085a
--- /dev/null
+++ b/share/security/patches/SA-01:58/lpd-4.3.patch
@@ -0,0 +1,56 @@
+Index: usr.sbin/lpr/common_source/displayq.c
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/lpr/common_source/displayq.c,v
+retrieving revision 1.15.2.7
+retrieving revision 1.15.2.8
+diff -u -r1.15.2.7 -r1.15.2.8
+--- usr.sbin/lpr/common_source/displayq.c	2001/07/29 23:06:27	1.15.2.7
++++ usr.sbin/lpr/common_source/displayq.c	2001/08/30 09:27:41	1.15.2.8
+@@ -73,8 +73,8 @@
+ extern uid_t	uid, euid;
+ 
+ static int	col;		/* column on screen */
+-static char	current[40];	/* current file being printed */
+-static char	file[132];	/* print file name */
++static char	current[MAXNAMLEN+1];	/* current file being printed */
++static char	file[MAXNAMLEN+1];	/* print file name */
+ static int	first;		/* first file in ``files'' column? */
+ static int	garbage;	/* # of garbage cf files */
+ static int	lflag;		/* long output option */
+@@ -95,7 +95,7 @@
+ {
+ 	register struct jobqueue *q;
+ 	register int i, nitems, fd, ret;
+-	register char	*cp;
++	char *cp, *endp;
+ 	struct jobqueue **queue;
+ 	struct stat statb;
+ 	FILE *fp;
+@@ -156,8 +156,11 @@
+ 		else {
+ 			/* get daemon pid */
+ 			cp = current;
+-			while ((i = getc(fp)) != EOF && i != '\n')
+-				*cp++ = i;
++			endp = cp + sizeof(current) - 1;
++			while ((i = getc(fp)) != EOF && i != '\n') {
++				if (cp < endp)
++					*cp++ = i;
++			}
+ 			*cp = '\0';
+ 			i = atoi(current);
+ 			if (i <= 0) {
+@@ -172,8 +175,11 @@
+ 			} else {
+ 				/* read current file name */
+ 				cp = current;
+-				while ((i = getc(fp)) != EOF && i != '\n')
+-					*cp++ = i;
++				endp = cp + sizeof(current) - 1;
++				while ((i = getc(fp)) != EOF && i != '\n') {
++					if (cp < endp)
++						*cp++ = i;
++				}
+ 				*cp = '\0';
+ 				/*
+ 				 * Print the status file.
diff --git a/share/security/patches/SA-01:58/lpd-4.3.patch.asc b/share/security/patches/SA-01:58/lpd-4.3.patch.asc
new file mode 100644
index 0000000000..96bae2c1a5
--- /dev/null
+++ b/share/security/patches/SA-01:58/lpd-4.3.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO44MZFUuHi5z0oilAQFL1wP/f4aX1CnQcByNrxqYq57RMsMK+f+Ry/HA
+yBqa5meznGSTsMkcbyJCIi7X270aXHesdR9SwcrLK66ffjI0c9Q44kW5OOxYevMV
+4Z1cJKZWY4+DSBOgfUq45vaSOMTIHTe4wJ+7Dc5Zr2OyN5iTL0LfnRklSA+ziTTr
+LgB6QmdDRr4=
+=vEW4
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:59/rmuser.patch.v1.1 b/share/security/patches/SA-01:59/rmuser.patch.v1.1
new file mode 100644
index 0000000000..fb7fd3ebc1
--- /dev/null
+++ b/share/security/patches/SA-01:59/rmuser.patch.v1.1
@@ -0,0 +1,59 @@
+Index: rmuser.perl
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/adduser/rmuser.perl,v
+retrieving revision 1.8.2.2
+retrieving revision 1.8.2.2.2.2
+diff -u -r1.8.2.2 -r1.8.2.2.2.2
+--- rmuser.perl	2001/01/14 10:21:11	1.8.2.2
++++ rmuser.perl	2001/09/05 05:24:55	1.8.2.2.2.2
+@@ -34,4 +34,6 @@
+ 
++use Fcntl;
++
+ sub LOCK_SH {0x01;}
+ sub LOCK_EX {0x02;}
+ sub LOCK_NB {0x04;}
+@@ -42,7 +44,7 @@
+ umask(022);
+ $whoami = $0;
+ $passwd_file = "/etc/master.passwd";
+-$new_passwd_file = "${passwd_file}.new.$$";
++$passwd_tmp = "/etc/ptmp";
+ $group_file = "/etc/group";
+ $new_group_file = "${group_file}.new.$$";
+ $mail_dir = "/var/mail";
+@@ -311,10 +313,10 @@
+ 
+     print STDERR "Updating password file,";
+     seek(MASTER_PW, 0, 0);
+-    open(NEW_PW, ">$new_passwd_file") ||
+-	die "\n${whoami}: Error: Couldn't open file ${new_passwd_file}:\n $!\n";
+-    chmod(0600, $new_passwd_file) ||
+-	print STDERR "\n${whoami}: Warning: couldn't set mode of $new_passwd_file to 0600 ($!)\n\tcontinuing, but please check mode of /etc/master.passwd!\n";
++
++    sysopen(NEW_PW, $passwd_tmp, O_RDWR|O_CREAT|O_EXCL, 0600) ||
++	die "\n${whoami}: Error: Couldn't open file ${passwd_tmp}:\n $!\n";
++
+     $skipped = 0;
+     while (<MASTER_PW>) {
+ 	if (not /^\Q$login_name:/io) {
+@@ -329,8 +331,8 @@
+ 
+     if ($skipped == 0) {
+ 	print STDERR "\n${whoami}: Whoops! Didn't find ${login_name}'s entry second time around!\n";
+-	unlink($new_passwd_file) ||
+-	    print STDERR "\n${whoami}: Warning: couldn't unlink $new_passwd_file ($!)\n\tPlease investigate, as this file should not be left in the filesystem\n";
++	unlink($passwd_tmp) ||
++	    print STDERR "\n${whoami}: Warning: couldn't unlink $passwd_tmp ($!)\n\tPlease investigate, as this file should not be left in the filesystem\n";
+ 	&unlockpw;
+ 	exit 1;
+     }
+@@ -339,7 +341,7 @@
+     # Run pwd_mkdb to install the updated password files and databases
+ 
+     print STDERR " updating databases,";
+-    system('/usr/sbin/pwd_mkdb', '-p', ${new_passwd_file});
++    system('/usr/sbin/pwd_mkdb', '-p', ${passwd_tmp});
+     print STDERR " done.\n";
+ 
+     close(MASTER_PW);		# Not useful anymore
diff --git a/share/security/patches/SA-01:59/rmuser.patch.v1.1.asc b/share/security/patches/SA-01:59/rmuser.patch.v1.1.asc
new file mode 100644
index 0000000000..17f41fe350
--- /dev/null
+++ b/share/security/patches/SA-01:59/rmuser.patch.v1.1.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO5fqn1UuHi5z0oilAQHi0QP/TCvi4HUTFsoQedhkUPFbTMt6k0Mo0VVt
+nKPYPmguqnuTD9vD/w7k3iNc3zuoXuEL2TTmtPq+3HvJgQis68iV8kePrQEO4XVn
+Apo5fb7NC4SPCHCVL2fcp/FOAEv3xCAsh3J0xjQwTWvleIgXuW35z7hbM4EkAtkR
+/wCBkWfWLx0=
+=eECT
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:62/uucp.patch b/share/security/patches/SA-01:62/uucp.patch
new file mode 100644
index 0000000000..50eca276bc
--- /dev/null
+++ b/share/security/patches/SA-01:62/uucp.patch
@@ -0,0 +1,114 @@
+Index: gnu/libexec/uucp/cu/Makefile
+===================================================================
+RCS file: /usr2/ncvs/src/gnu/libexec/uucp/cu/Makefile,v
+retrieving revision 1.8
+retrieving revision 1.9
+diff -u -r1.8 -r1.9
+--- gnu/libexec/uucp/cu/Makefile	1999/08/27 23:33:06	1.8
++++ gnu/libexec/uucp/cu/Makefile	2001/09/09 04:54:09	1.9
+@@ -12,6 +12,7 @@
+ DPADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
+ CFLAGS+=	-I$(.CURDIR)/../common_sources\
+ 		-DVERSION=\"$(VERSION)\"
++INSTALLFLAGS+= -fschg
+ 
+ .include <bsd.prog.mk>
+ .PATH: $(.CURDIR)/../common_sources
+Index: gnu/libexec/uucp/uucp/Makefile
+===================================================================
+RCS file: /usr2/ncvs/src/gnu/libexec/uucp/uucp/Attic/Makefile,v
+retrieving revision 1.6
+retrieving revision 1.7
+diff -u -r1.6 -r1.7
+--- gnu/libexec/uucp/uucp/Makefile	1999/08/27 23:33:55	1.6
++++ gnu/libexec/uucp/uucp/Makefile	2001/09/09 04:54:10	1.7
+@@ -11,6 +11,7 @@
+ DPADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
+ CFLAGS+=	-I$(.CURDIR)/../common_sources\
+ 		-DVERSION=\"$(VERSION)\"
++INSTALLFLAGS+= -fschg
+ 
+ .include <bsd.prog.mk>
+ .PATH: $(.CURDIR)/../common_sources
+Index: gnu/libexec/uucp/uuname/Makefile
+===================================================================
+RCS file: /usr2/ncvs/src/gnu/libexec/uucp/uuname/Attic/Makefile,v
+retrieving revision 1.5
+retrieving revision 1.6
+diff -u -r1.5 -r1.6
+--- gnu/libexec/uucp/uuname/Makefile	1999/08/27 23:33:58	1.5
++++ gnu/libexec/uucp/uuname/Makefile	2001/09/09 04:54:10	1.6
+@@ -11,7 +11,7 @@
+ DPADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
+ CFLAGS+=	-I$(.CURDIR)/../common_sources\
+ 		-DVERSION=\"$(VERSION)\"
+-
++INSTALLFLAGS+= -fschg
+ 
+ .include <bsd.prog.mk>
+ .PATH: $(.CURDIR)/../common_sources
+Index: gnu/libexec/uucp/uustat/Makefile
+===================================================================
+RCS file: /usr2/ncvs/src/gnu/libexec/uucp/uustat/Attic/Makefile,v
+retrieving revision 1.5
+retrieving revision 1.6
+diff -u -r1.5 -r1.6
+--- gnu/libexec/uucp/uustat/Makefile	1999/08/27 23:34:02	1.5
++++ gnu/libexec/uucp/uustat/Makefile	2001/09/09 04:54:10	1.6
+@@ -13,6 +13,7 @@
+ CFLAGS+=	-I$(.CURDIR)/../common_sources\
+ 		-DOWNER=\"$(owner)\"\
+ 		-DVERSION=\"$(VERSION)\"
++INSTALLFLAGS+= -fschg
+ 
+ .include <bsd.prog.mk>
+ .PATH: $(.CURDIR)/../common_sources
+Index: gnu/libexec/uucp/uux/Makefile
+===================================================================
+RCS file: /usr2/ncvs/src/gnu/libexec/uucp/uux/Attic/Makefile,v
+retrieving revision 1.6
+retrieving revision 1.7
+diff -u -r1.6 -r1.7
+--- gnu/libexec/uucp/uux/Makefile	1999/08/27 23:34:05	1.6
++++ gnu/libexec/uucp/uux/Makefile	2001/09/09 04:54:10	1.7
+@@ -11,6 +11,7 @@
+ DPADD+=		$(LIBUNIX) $(LIBUUCONF) $(LIBUUCP)
+ CFLAGS+=	-I$(.CURDIR)/../common_sources\
+ 		-DVERSION=\"$(VERSION)\"
++INSTALLFLAGS+= -fschg
+ 
+ .include <bsd.prog.mk>
+ .PATH: $(.CURDIR)/../common_sources
+Index: usr.bin/tip/tip/Makefile
+===================================================================
+RCS file: /usr2/ncvs/src/usr.bin/tip/tip/Makefile,v
+retrieving revision 1.11
+retrieving revision 1.12
+diff -u -r1.11 -r1.12
+--- usr.bin/tip/tip/Makefile	2001/03/27 10:52:16	1.11
++++ usr.bin/tip/tip/Makefile	2001/09/09 04:54:09	1.12
+@@ -21,6 +21,7 @@
+ MAN=	tip.1 modems.5
+ SRCS=	acu.c acutab.c cmds.c cmdtab.c cu.c hunt.c log.c partab.c \
+ 	remote.c tip.c tipout.c value.c vars.c
++INSTALLFLAGS+= -fschg
+ 
+ BINDIR?=	/usr/bin
+ BINOWN=		uucp
+Index: etc/periodic/daily/410.status-uucp
+===================================================================
+RCS file: /usr2/ncvs/src/etc/periodic/daily/Attic/410.status-uucp,v
+retrieving revision 1.5
+retrieving revision 1.6
+diff -u -r1.5 -r1.6
+--- etc/periodic/daily/410.status-uucp	2000/09/14 17:19:10	1.5
++++ etc/periodic/daily/410.status-uucp	2001/09/09 05:53:01	1.6
+@@ -27,7 +27,7 @@
+ 	    echo ""
+ 	    echo "UUCP status:"
+ 
+-	    uustat -a && rc=0 || rc=3
++	    (echo "/usr/bin/uustat -a" | su -fm uucp ) && rc=0 || rc=3
+ 	fi;;
+ 
+     *)  rc=0;;
diff --git a/share/security/patches/SA-01:62/uucp.patch.asc b/share/security/patches/SA-01:62/uucp.patch.asc
new file mode 100644
index 0000000000..9dc18d1544
--- /dev/null
+++ b/share/security/patches/SA-01:62/uucp.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAO8IS7FUuHi5z0oilAQG6RgP9EDve2DFdhZWllwKs9in1a0JwDaC2x8cZ
+itGLouMW5RGNWW2evWFx2GcbOFZtrmgJIN6U6ltxBx06E4ab/OebTSMewH/lQYyq
+HgbnFtNTJJnfcZX7uViHuqPM1JclTE8UKyK8pOAa8a1nsN+EAEo/azGb63C4EWjq
+sD6/BVLPvRw=
+=CbJw
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-01:63/sshd.patch b/share/security/patches/SA-01:63/sshd.patch
new file mode 100644
index 0000000000..652637377d
--- /dev/null
+++ b/share/security/patches/SA-01:63/sshd.patch
@@ -0,0 +1,23 @@
+===================================================================
+RCS file: /c/ncvs/src/crypto/openssh/session.c,v
+retrieving revision 1.4.2.10
+retrieving revision 1.4.2.11
+diff -u -p -r1.4.2.10 -r1.4.2.11
+--- src/crypto/openssh/session.c	2001/11/21 10:45:15	1.4.2.10
++++ src/crypto/openssh/session.c	2001/12/03 00:53:28	1.4.2.11
+@@ -1154,6 +1154,7 @@ do_child(Session *s, const char *command
+ 		child_set_env(&env, &envsize, "TZ", getenv("TZ"));
+ 
+ 	/* Set custom environment options from RSA authentication. */
++	if (!options.use_login) {
+ 	while (custom_environment) {
+ 		struct envstring *ce = custom_environment;
+ 		char *s = ce->s;
+@@ -1166,6 +1167,7 @@ do_child(Session *s, const char *command
+ 		custom_environment = ce->next;
+ 		xfree(ce->s);
+ 		xfree(ce);
++	}
+ 	}
+ 
+ 	snprintf(buf, sizeof buf, "%.50s %d %d",
diff --git a/share/security/patches/SA-01:63/sshd.patch.asc b/share/security/patches/SA-01:63/sshd.patch.asc
new file mode 100644
index 0000000000..856671cb94
--- /dev/null
+++ b/share/security/patches/SA-01:63/sshd.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUAPAumRFUuHi5z0oilAQEnqQP/Rbg5N7r3IxCT9EOitEwSRXhFYl5jpXSV
+7cfJokMyOSrt7cew0Fqz42K1/CTaoaBg7RQREL2sLN8EeATCk9lJ7qdG4RALPgsn
+zd0xYLtbfC/GBddzFTBaPOXErciccauWDFJ79oWTFlB2ugCJpv6VQQNzU3meK7/Q
+NV5hXPAcZlM=
+=zLPL
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:01/pkg_add.patch b/share/security/patches/SA-02:01/pkg_add.patch
new file mode 100644
index 0000000000..6bb6ceda90
--- /dev/null
+++ b/share/security/patches/SA-02:01/pkg_add.patch
@@ -0,0 +1,11 @@
+--- usr.sbin/pkg_install/lib/pen.c	17 May 2001 12:33:39 -0000
++++ usr.sbin/pkg_install/lib/pen.c	7 Dec 2001 20:58:46 -0000
+@@ -106,7 +106,7 @@
+ 	cleanup(0);
+ 	errx(2, __FUNCTION__ ": can't mktemp '%s'", pen);
+     }
+-    if (chmod(pen, 0755) == FAIL) {
++    if (chmod(pen, 0700) == FAIL) {
+ 	cleanup(0);
+ 	errx(2, __FUNCTION__ ": can't mkdir '%s'", pen);
+     }
diff --git a/share/security/patches/SA-02:01/pkg_add.patch.asc b/share/security/patches/SA-02:01/pkg_add.patch.asc
new file mode 100644
index 0000000000..1c7e4f59cf
--- /dev/null
+++ b/share/security/patches/SA-02:01/pkg_add.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAPDSKM1UuHi5z0oilAQEFCQP+PVfORggMsFXId2Qy5F1XzSDfMzPugqo2
+2+POVvwo56GouDRQ1jdpWk8K2lcO7vGBT4peCeSZ9CGwBaLfAFFtAf0Sb9e4Ao1J
+8Wyw+jT08YmqQDW2qc1jrTbftdYIN2oAtJGrkgPf6aNwiX66XFkQ9tfiLMPZnr8P
+IDVoFV5f2ew=
+=Wu2N
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:02/pw.patch b/share/security/patches/SA-02:02/pw.patch
new file mode 100644
index 0000000000..08bebd45a9
--- /dev/null
+++ b/share/security/patches/SA-02:02/pw.patch
@@ -0,0 +1,11 @@
+--- usr.sbin/pw/pwupd.c	2001/08/20 15:09:34
++++ usr.sbin/pw/pwupd.c	2001/12/20 16:03:04
+@@ -176,7 +176,7 @@
+ 			 */
+ 			if (pwd != NULL)
+ 				fmtpwentry(pwbuf, pwd, PWF_MASTER);
+-			rc = fileupdate(getpwpath(_MASTERPASSWD), 0644, pwbuf, pfx, l, mode);
++			rc = fileupdate(getpwpath(_MASTERPASSWD), 0600, pwbuf, pfx, l, mode);
+ 			if (rc == 0) {
+ #ifdef HAVE_PWDB_U
+ 				if (mode == UPD_DELETE || isrename)
diff --git a/share/security/patches/SA-02:02/pw.patch.asc b/share/security/patches/SA-02:02/pw.patch.asc
new file mode 100644
index 0000000000..176ed45453
--- /dev/null
+++ b/share/security/patches/SA-02:02/pw.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAPDSJ21UuHi5z0oilAQF/RwP/bpshfpURCcK2C61mj7QxWG5+K8nL1/zn
+Zuj45ZnJZK9GMQ9p3fISWY65LCD5O53sUh+nGiVgzv6xHDk0k5kFsMw121OAaVk4
+Sm0NVi94pSVmoRlQcDH4Gd4G7Au6F998xxg/9W5LhVFR6u3NiBmHX2cj4c6RT2qa
+NeITu6MJblU=
+=ETfn
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:07/k5su.patch b/share/security/patches/SA-02:07/k5su.patch
new file mode 100644
index 0000000000..0fb8270af7
--- /dev/null
+++ b/share/security/patches/SA-02:07/k5su.patch
@@ -0,0 +1,48 @@
+Index: crypto/heimdal/appl/su/su.c
+diff -u crypto/heimdal/appl/su/su.c:1.1.1.3 crypto/heimdal/appl/su/su.c:1.1.1.4
+--- crypto/heimdal/appl/su/su.c:1.1.1.3	Wed Jun 20 22:09:39 2001
++++ crypto/heimdal/appl/su/su.c	Tue Jan 15 14:25:55 2002
+@@ -138,7 +138,11 @@
+ #ifdef KRB5
+     krb5_error_code ret;
+     krb5_principal p;
++    char *login_name = NULL;
+ 	
++#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
++    login_name = getlogin();
++#endif
+     ret = krb5_init_context (&context);
+     if (ret) {
+ #if 0
+@@ -147,9 +151,11 @@
+ 	return 1;
+     }
+ 	
++    if (login_name == NULL || strcmp (login_name, "root") == 0) 
++	login_name = login_info->pw_name;
+     if (strcmp (su_info->pw_name, "root") == 0)
+ 	ret = krb5_make_principal(context, &p, NULL, 
+-				  login_info->pw_name,
++				  login_name,
+ 				  kerberos_instance,
+ 				  NULL);
+     else
+@@ -268,7 +274,6 @@
+     int i, optind = 0;
+     char *su_user;
+     struct passwd *su_info;
+-    char *login_user = NULL;
+     struct passwd *login_info;
+ 
+     struct passwd *pwd;
+@@ -309,10 +314,6 @@
+     }
+     su_info = make_info(pwd);
+     
+-#if defined(HAVE_GETLOGIN) && !defined(POSIX_GETLOGIN)
+-    login_user = getlogin();
+-#endif
+-    if(login_user == NULL || (pwd = getpwnam(login_user)) == NULL)
+ 	pwd = getpwuid(getuid());
+     if(pwd == NULL)
+ 	errx(1, "who are you?");
diff --git a/share/security/patches/SA-02:07/k5su.patch.asc b/share/security/patches/SA-02:07/k5su.patch.asc
new file mode 100644
index 0000000000..767611cdf5
--- /dev/null
+++ b/share/security/patches/SA-02:07/k5su.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUAPEgwoFUuHi5z0oilAQFJSwP+I+4G+xnH2709eMhp80oekBkzgChT536G
+WwAn86TISEJ5gLYKvJBL6b6KIbQNHpUTRSDT37uZk1vgg9J6OHx8JeJMM0U47VXd
+kmE3RMOPnoK2xN1rJ7z2i1nuYHcAhWAlXinWeh0xRiIk06DoSYyIu5AmKy+/EIbB
+l1CW9M1D72s=
+=62+9
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:08/exec-43R.patch b/share/security/patches/SA-02:08/exec-43R.patch
new file mode 100644
index 0000000000..0d442bda7c
--- /dev/null
+++ b/share/security/patches/SA-02:08/exec-43R.patch
@@ -0,0 +1,203 @@
+Index: sys/kern/kern_exec.c
+diff -u sys/kern/kern_exec.c:1.107.2.12 src/sys/kern/kern_exec.c:1.107.2.13
+--- sys/kern/kern_exec.c:1.107.2.12	Mon Jan  7 22:13:21 2002
++++ sys/kern/kern_exec.c	Tue Jan 22 11:22:59 2002
+@@ -114,6 +114,15 @@
+ 	imgp = &image_params;
+ 
+ 	/*
++	 * Lock the process and set the P_INEXEC flag to indicate that
++	 * it should be left alone until we're done here.  This is
++	 * necessary to avoid race conditions - e.g. in ptrace() -
++	 * that might allow a local user to illicitly obtain elevated
++	 * privileges.
++	 */
++	p->p_flag |= P_INEXEC;
++
++	/*
+ 	 * Initialize part of the common data
+ 	 */
+ 	imgp->proc = p;
+@@ -348,10 +357,12 @@
+ 	VREF(ndp->ni_vp);
+ 	p->p_textvp = ndp->ni_vp;
+ 
+-	/*
+-	 * notify others that we exec'd
+-	 */
++        /*
++         * Notify others that we exec'd, and clear the P_INEXEC flag
++         * as we're now a bona fide freshly-execed process.
++         */
+ 	KNOTE(&p->p_klist, NOTE_EXEC);
++	p->p_flag &= ~P_INEXEC;
+ 
+ 	/*
+ 	 * If tracing the process, trap to debugger so breakpoints
+@@ -405,6 +416,8 @@
+ 		return (0);
+ 
+ exec_fail:
++	/* we're done here, clear P_INEXEC */
++	p->p_flag &= ~P_INEXEC;
+ 	if (imgp->vmspace_destroyed) {
+ 		/* sorry, no more process anymore. exit gracefully */
+ 		exit1(p, W_EXITCODE(0, SIGABRT));
+Index: sys/kern/sys_process.c
+diff -u sys/kern/sys_process.c:1.51.2.2 src/sys/kern/sys_process.c:1.51.2.3
+--- sys/kern/sys_process.c:1.51.2.2	Wed Oct  3 01:55:42 2001
++++ sys/kern/sys_process.c	Tue Jan 22 11:22:59 2002
+@@ -220,6 +220,10 @@
+ 	if (!PRISON_CHECK(curp, p))
+ 		return (ESRCH);
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
++
+ 	/*
+ 	 * Permissions check
+ 	 */
+Index: sys/miscfs/procfs/procfs.h
+diff -u sys/miscfs/procfs/procfs.h:1.32.2.2 src/sys/miscfs/procfs/procfs.h:1.32.2.3
+--- sys/miscfs/procfs/procfs.h:1.32.2.2	Sun Aug 12 09:29:19 2001
++++ sys/miscfs/procfs/procfs.h	Tue Jan 22 11:22:59 2002
+@@ -97,7 +97,7 @@
+      ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \
+        ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \
+        ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \
+-       ((p2)->p_flag & P_SUGID) == 0) || \
++       ((p2)->p_flag & (P_SUGID|P_INEXEC)) == 0) || \
+       (suser_xxx((p1)->p_cred->pc_ucred, (p1), PRISON_ROOT) == 0))
+ 
+ /*
+Index: sys/miscfs/procfs/procfs_ctl.c
+diff -u sys/miscfs/procfs/procfs_ctl.c:1.20.2.1 src/sys/miscfs/procfs/procfs_ctl.c:1.20.2.2
+--- sys/miscfs/procfs/procfs_ctl.c:1.20.2.1	Sat Dec 16 21:13:05 2000
++++ sys/miscfs/procfs/procfs_ctl.c	Tue Jan 22 11:22:59 2002
+@@ -110,6 +110,9 @@
+ {
+ 	int error;
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+ 	/*
+ 	 * Authorization check: rely on normal debugging protection, except
+ 	 * allow processes to disengage debugging on a process onto which
+Index: sys/miscfs/procfs/procfs_dbregs.c
+diff -u sys/miscfs/procfs/procfs_dbregs.c:1.4.2.2 src/sys/miscfs/procfs/procfs_dbregs.c:1.4.2.3
+--- sys/miscfs/procfs/procfs_dbregs.c:1.4.2.2	Sat Aug  4 08:12:24 2001
++++ sys/miscfs/procfs/procfs_dbregs.c	Tue Jan 22 11:22:59 2002
+@@ -62,6 +62,9 @@
+ 	char *kv;
+ 	int kl;
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+ 	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+ 		return (EPERM);
+ 	kl = sizeof(r);
+Index: sys/miscfs/procfs/procfs_fpregs.c
+diff -u sys/miscfs/procfs/procfs_fpregs.c:1.11.2.2 src/sys/miscfs/procfs/procfs_fpregs.c:1.11.2.3
+--- sys/miscfs/procfs/procfs_fpregs.c:1.11.2.2	Sat Aug  4 08:12:24 2001
++++ sys/miscfs/procfs/procfs_fpregs.c	Tue Jan 22 11:22:59 2002
+@@ -59,6 +59,9 @@
+ 	char *kv;
+ 	int kl;
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+ 	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+ 		return EPERM;
+ 	kl = sizeof(r);
+Index: sys/miscfs/procfs/procfs_regs.c
+diff -u sys/miscfs/procfs/procfs_regs.c:1.10.2.2 src/sys/miscfs/procfs/procfs_regs.c:1.10.2.3
+--- sys/miscfs/procfs/procfs_regs.c:1.10.2.2	Sat Aug  4 08:12:24 2001
++++ sys/miscfs/procfs/procfs_regs.c	Tue Jan 22 11:22:59 2002
+@@ -60,6 +60,9 @@
+ 	char *kv;
+ 	int kl;
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+ 	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+ 		return EPERM;
+ 	kl = sizeof(r);
+Index: sys/miscfs/procfs/procfs_status.c
+diff -u sys/miscfs/procfs/procfs_status.c:1.20.2.3 src/sys/miscfs/procfs/procfs_status.c:1.20.2.4
+--- sys/miscfs/procfs/procfs_status.c:1.20.2.3	Thu Nov 16 07:50:00 2000
++++ sys/miscfs/procfs/procfs_status.c	Tue Jan 22 11:22:59 2002
+@@ -211,7 +211,9 @@
+ 	 */
+ 
+ 	if (p->p_args &&
+-	    (ps_argsopen || (CHECKIO(curp, p) && !p_trespass(curp, p)))) {
++	    (ps_argsopen || (CHECKIO(curp, p) &&
++			     (p->p_flag & P_INEXEC) == 0 &&
++			     !p_trespass(curp, p)))) {
+ 		bp = p->p_args->ar_args;
+ 		buflen = p->p_args->ar_length;
+ 		buf = 0;
+Index: sys/sys/proc.h
+diff -u sys/sys/proc.h:1.99.2.5 src/sys/sys/proc.h:1.99.2.6
+--- sys/sys/proc.h:1.99.2.5	Thu Sep  7 14:13:54 2000
++++ sys/sys/proc.h	Tue Jan 22 11:23:02 2002
+@@ -291,6 +291,7 @@
+ #define	P_JAILED	0x1000000 /* Process is in jail */
+ #define	P_OLDMASK	0x2000000 /* need to restore mask before pause */
+ #define	P_ALTSTACK	0x4000000 /* have alternate signal stack */
++#define	P_INEXEC	0x8000000 /* Process is in execve(). */
+ 
+ /*
+  * MOVE TO ucred.h?
+Index: sys/miscfs/procfs/procfs_mem.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_mem.c,v
+retrieving revision 1.46.2.1
+diff -u -r1.46.2.1 procfs_mem.c
+--- sys/miscfs/procfs/procfs_mem.c	1 Nov 2000 20:19:48 -0000	1.46.2.1
++++ sys/miscfs/procfs/procfs_mem.c	23 Jan 2002 17:04:51 -0000
+@@ -256,7 +256,10 @@
+  	 * All in all, quite yucky.
+  	 */
+  
+- 	if ((!CHECKIO(curp, p) || p_trespass(curp, p)) &&
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
++	if ((!CHECKIO(curp, p) || p_trespass(curp, p)) &&
+ 	    !(uio->uio_rw == UIO_READ &&
+ 	      procfs_kmemaccess(curp)))
+  		return EPERM;
+Index: sys/miscfs/procfs/procfs_vnops.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_vnops.c,v
+retrieving revision 1.76.2.3
+diff -u -r1.76.2.3 procfs_vnops.c
+--- sys/miscfs/procfs/procfs_vnops.c	7 Nov 2000 23:40:07 -0000	1.76.2.3
++++ sys/miscfs/procfs/procfs_vnops.c	23 Jan 2002 17:05:44 -0000
+@@ -148,6 +148,10 @@
+ 			return (EBUSY);
+ 
+ 		p1 = ap->a_p;
++		/* Can't trace a process that's currently exec'ing. */ 
++		if ((p2->p_flag & P_INEXEC) != 0)
++			return EAGAIN;
++
+ 		if ((!CHECKIO(p1, p2) || p_trespass(p1, p2)) &&
+ 		    !procfs_kmemaccess(p1))
+ 			return (EPERM);
+@@ -240,6 +244,9 @@
+ 		return ENOTTY;
+ 	}
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((procp->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+ 	if (!CHECKIO(p, procp) || p_trespass(p, procp))
+ 		return EPERM;
+ 
diff --git a/share/security/patches/SA-02:08/exec-43R.patch.asc b/share/security/patches/SA-02:08/exec-43R.patch.asc
new file mode 100644
index 0000000000..9acb280d3d
--- /dev/null
+++ b/share/security/patches/SA-02:08/exec-43R.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUAPFBGnlUuHi5z0oilAQGBmgP+Ov0vIqcVW+LAWQ8FjAvPBFjgt0bxxPai
+YhrF9iP3ppRE6MTGl6h3Zird1tYKNgFa1W30iUlZfuP2aO41nipvFxJGWwZ+9gtG
+hg6ex1eeiOg7xan39lIkYX7Y9WWWu/m5mRyCZwJ4pw+X0TMOUUs4eNg38q6rR+Gq
+d7tD3HKIxXc=
+=S2iL
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:08/exec.patch b/share/security/patches/SA-02:08/exec.patch
new file mode 100644
index 0000000000..5755ea65a3
--- /dev/null
+++ b/share/security/patches/SA-02:08/exec.patch
@@ -0,0 +1,194 @@
+Index: sys/kern/kern_exec.c
+diff -u sys/kern/kern_exec.c:1.107.2.12 src/sys/kern/kern_exec.c:1.107.2.13
+--- sys/kern/kern_exec.c:1.107.2.12	Mon Jan  7 22:13:21 2002
++++ sys/kern/kern_exec.c	Tue Jan 22 11:22:59 2002
+@@ -114,6 +114,15 @@
+ 	imgp = &image_params;
+ 
+ 	/*
++	 * Lock the process and set the P_INEXEC flag to indicate that
++	 * it should be left alone until we're done here.  This is
++	 * necessary to avoid race conditions - e.g. in ptrace() -
++	 * that might allow a local user to illicitly obtain elevated
++	 * privileges.
++	 */
++	p->p_flag |= P_INEXEC;
++
++	/*
+ 	 * Initialize part of the common data
+ 	 */
+ 	imgp->proc = p;
+@@ -348,10 +357,12 @@
+ 	VREF(ndp->ni_vp);
+ 	p->p_textvp = ndp->ni_vp;
+ 
+-	/*
+-	 * notify others that we exec'd
+-	 */
++        /*
++         * Notify others that we exec'd, and clear the P_INEXEC flag
++         * as we're now a bona fide freshly-execed process.
++         */
+ 	KNOTE(&p->p_klist, NOTE_EXEC);
++	p->p_flag &= ~P_INEXEC;
+ 
+ 	/*
+ 	 * If tracing the process, trap to debugger so breakpoints
+@@ -405,6 +416,8 @@
+ 		return (0);
+ 
+ exec_fail:
++	/* we're done here, clear P_INEXEC */
++	p->p_flag &= ~P_INEXEC;
+ 	if (imgp->vmspace_destroyed) {
+ 		/* sorry, no more process anymore. exit gracefully */
+ 		exit1(p, W_EXITCODE(0, SIGABRT));
+Index: sys/kern/sys_process.c
+diff -u sys/kern/sys_process.c:1.51.2.2 src/sys/kern/sys_process.c:1.51.2.3
+--- sys/kern/sys_process.c:1.51.2.2	Wed Oct  3 01:55:42 2001
++++ sys/kern/sys_process.c	Tue Jan 22 11:22:59 2002
+@@ -220,6 +220,10 @@
+ 	if (!PRISON_CHECK(curp, p))
+ 		return (ESRCH);
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
++
+ 	/*
+ 	 * Permissions check
+ 	 */
+Index: sys/miscfs/procfs/procfs.h
+diff -u sys/miscfs/procfs/procfs.h:1.32.2.2 src/sys/miscfs/procfs/procfs.h:1.32.2.3
+--- sys/miscfs/procfs/procfs.h:1.32.2.2	Sun Aug 12 09:29:19 2001
++++ sys/miscfs/procfs/procfs.h	Tue Jan 22 11:22:59 2002
+@@ -97,7 +97,7 @@
+      ((((p1)->p_cred->pc_ucred->cr_uid == (p2)->p_cred->p_ruid) && \
+        ((p1)->p_cred->p_ruid == (p2)->p_cred->p_ruid) && \
+        ((p1)->p_cred->p_svuid == (p2)->p_cred->p_ruid) && \
+-       ((p2)->p_flag & P_SUGID) == 0) || \
++       ((p2)->p_flag & (P_SUGID|P_INEXEC)) == 0) || \
+       (suser_xxx((p1)->p_cred->pc_ucred, (p1), PRISON_ROOT) == 0))
+ 
+ /*
+Index: sys/miscfs/procfs/procfs_ctl.c
+diff -u sys/miscfs/procfs/procfs_ctl.c:1.20.2.1 src/sys/miscfs/procfs/procfs_ctl.c:1.20.2.2
+--- sys/miscfs/procfs/procfs_ctl.c:1.20.2.1	Sat Dec 16 21:13:05 2000
++++ sys/miscfs/procfs/procfs_ctl.c	Tue Jan 22 11:22:59 2002
+@@ -110,6 +110,9 @@
+ {
+ 	int error;
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+ 	/*
+ 	 * Authorization check: rely on normal debugging protection, except
+ 	 * allow processes to disengage debugging on a process onto which
+Index: sys/miscfs/procfs/procfs_dbregs.c
+diff -u sys/miscfs/procfs/procfs_dbregs.c:1.4.2.2 src/sys/miscfs/procfs/procfs_dbregs.c:1.4.2.3
+--- sys/miscfs/procfs/procfs_dbregs.c:1.4.2.2	Sat Aug  4 08:12:24 2001
++++ sys/miscfs/procfs/procfs_dbregs.c	Tue Jan 22 11:22:59 2002
+@@ -62,6 +62,9 @@
+ 	char *kv;
+ 	int kl;
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+ 	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+ 		return (EPERM);
+ 	kl = sizeof(r);
+Index: sys/miscfs/procfs/procfs_fpregs.c
+diff -u sys/miscfs/procfs/procfs_fpregs.c:1.11.2.2 src/sys/miscfs/procfs/procfs_fpregs.c:1.11.2.3
+--- sys/miscfs/procfs/procfs_fpregs.c:1.11.2.2	Sat Aug  4 08:12:24 2001
++++ sys/miscfs/procfs/procfs_fpregs.c	Tue Jan 22 11:22:59 2002
+@@ -59,6 +59,9 @@
+ 	char *kv;
+ 	int kl;
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+ 	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+ 		return EPERM;
+ 	kl = sizeof(r);
+Index: sys/miscfs/procfs/procfs_regs.c
+diff -u sys/miscfs/procfs/procfs_regs.c:1.10.2.2 src/sys/miscfs/procfs/procfs_regs.c:1.10.2.3
+--- sys/miscfs/procfs/procfs_regs.c:1.10.2.2	Sat Aug  4 08:12:24 2001
++++ sys/miscfs/procfs/procfs_regs.c	Tue Jan 22 11:22:59 2002
+@@ -60,6 +60,9 @@
+ 	char *kv;
+ 	int kl;
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+ 	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+ 		return EPERM;
+ 	kl = sizeof(r);
+Index: sys/miscfs/procfs/procfs_status.c
+diff -u sys/miscfs/procfs/procfs_status.c:1.20.2.3 src/sys/miscfs/procfs/procfs_status.c:1.20.2.4
+--- sys/miscfs/procfs/procfs_status.c:1.20.2.3	Thu Nov 16 07:50:00 2000
++++ sys/miscfs/procfs/procfs_status.c	Tue Jan 22 11:22:59 2002
+@@ -211,7 +211,9 @@
+ 	 */
+ 
+ 	if (p->p_args &&
+-	    (ps_argsopen || (CHECKIO(curp, p) && !p_trespass(curp, p)))) {
++	    (ps_argsopen || (CHECKIO(curp, p) &&
++			     (p->p_flag & P_INEXEC) == 0 &&
++			     !p_trespass(curp, p)))) {
+ 		bp = p->p_args->ar_args;
+ 		buflen = p->p_args->ar_length;
+ 		buf = 0;
+Index: sys/sys/proc.h
+diff -u sys/sys/proc.h:1.99.2.5 src/sys/sys/proc.h:1.99.2.6
+--- sys/sys/proc.h:1.99.2.5	Thu Sep  7 14:13:54 2000
++++ sys/sys/proc.h	Tue Jan 22 11:23:02 2002
+@@ -291,6 +291,7 @@
+ #define	P_JAILED	0x1000000 /* Process is in jail */
+ #define	P_OLDMASK	0x2000000 /* need to restore mask before pause */
+ #define	P_ALTSTACK	0x4000000 /* have alternate signal stack */
++#define	P_INEXEC	0x8000000 /* Process is in execve(). */
+ 
+ /*
+  * MOVE TO ucred.h?
+Index: sys/miscfs/procfs/procfs_mem.c
+diff -u sys/miscfs/procfs/procfs_mem.c:1.46.2.2 src/sys/miscfs/procfs/procfs_mem.c:1.46.2.3
+--- sys/miscfs/procfs/procfs_mem.c:1.46.2.2	Sun Aug 12 09:29:19 2001
++++ sys/miscfs/procfs/procfs_mem.c	Tue Jan 22 11:22:59 2002
+@@ -244,6 +244,9 @@
+ 	if (uio->uio_resid == 0)
+ 		return (0);
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((p->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return EPERM;
+ 
+Index: sys/miscfs/procfs/procfs_vnops.c
+diff -u sys/miscfs/procfs/procfs_vnops.c:1.76.2.6 src/sys/miscfs/procfs/procfs_vnops.c:1.76.2.7
+--- sys/miscfs/procfs/procfs_vnops.c:1.76.2.6	Mon Oct 29 14:15:30 2001
++++ sys/miscfs/procfs/procfs_vnops.c	Tue Jan 22 11:22:59 2002
+@@ -148,6 +148,9 @@
+ 			return (EBUSY);
+ 
+ 		p1 = ap->a_p;
++		/* Can't trace a process that's currently exec'ing. */ 
++		if ((p2->p_flag & P_INEXEC) != 0)
++			return EAGAIN;
+ 		if (!CHECKIO(p1, p2) || p_trespass(p1, p2))
+ 			return (EPERM);
+ 
+@@ -239,6 +242,9 @@
+ 		return ENOTTY;
+ 	}
+ 
++	/* Can't trace a process that's currently exec'ing. */ 
++	if ((procp->p_flag & P_INEXEC) != 0)
++		return EAGAIN;
+ 	if (!CHECKIO(p, procp) || p_trespass(p, procp))
+ 		return EPERM;
+ 
diff --git a/share/security/patches/SA-02:08/exec.patch.asc b/share/security/patches/SA-02:08/exec.patch.asc
new file mode 100644
index 0000000000..05c464985c
--- /dev/null
+++ b/share/security/patches/SA-02:08/exec.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUAPFBGkVUuHi5z0oilAQEGhwP+IUcrow/fIhMwA3FOQ6kqO4pbdplwY1wO
+PoQ3UIlEGbRUhnJGxKqoNUrRjCp75nTQFtOcoKrPbs3ddpPP1ZyVPmPlZDXAdTCU
+qerQnLSgRSU+2tmWSh4y0VnzMglFFIaOnocVVKS0e6gIqlmYDtA4B717qnQWlHT0
+Zw31MoPxTE8=
+=Lypu
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:09/fstatfs.patch b/share/security/patches/SA-02:09/fstatfs.patch
new file mode 100644
index 0000000000..8fb7dd19ef
--- /dev/null
+++ b/share/security/patches/SA-02:09/fstatfs.patch
@@ -0,0 +1,16 @@
+Index: vfs_syscalls.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/vfs_syscalls.c,v
+retrieving revision 1.151.2.9
+diff -u -r1.151.2.9 vfs_syscalls.c
+--- sys/kern/vfs_syscalls.c	12 Aug 2001 10:48:00 -0000	1.151.2.9
++++ sys/kern/vfs_syscalls.c	16 Jan 2002 22:56:04 -0000
+@@ -678,6 +678,8 @@
+ 	if ((error = getvnode(p->p_fd, SCARG(uap, fd), &fp)) != 0)
+ 		return (error);
+ 	mp = ((struct vnode *)fp->f_data)->v_mount;
++	if (mp == NULL)
++		return (EBADF);
+ 	sp = &mp->mnt_stat;
+ 	error = VFS_STATFS(mp, sp, p);
+ 	if (error)
diff --git a/share/security/patches/SA-02:09/fstatfs.patch.asc b/share/security/patches/SA-02:09/fstatfs.patch.asc
new file mode 100644
index 0000000000..43f17326a5
--- /dev/null
+++ b/share/security/patches/SA-02:09/fstatfs.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUAPGFHnFUuHi5z0oilAQHYzQP/RFfiDcDkeGPQ+09IJaFmwORnvcZ9QPS/
+mOQaCk+SliaepT2ZjEjFWTcm75C1ieUhYZ5WyhXxh51E9XuBxYXnc0aReqzw8l4x
+ZKNfHSChxvxHPD1qV/h338HbOkiqmDVLL5KY1l2cTGyg42NXgeLinMcj0IQDh5G1
+HBhrY3PuBFc=
+=OW8E
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:13/openssh.patch b/share/security/patches/SA-02:13/openssh.patch
new file mode 100644
index 0000000000..07b7a41cd4
--- /dev/null
+++ b/share/security/patches/SA-02:13/openssh.patch
@@ -0,0 +1,17 @@
+Index: channels.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/channels.c,v
+retrieving revision 1.7
+retrieving revision 1.8
+diff -u -r1.7 -r1.8
+--- crypto/openssh/channels.c	23 Jan 2002 15:06:47 -0000	1.7
++++ crypto/openssh/channels.c	5 Mar 2002 14:27:19 -0000	1.8
+@@ -151,7 +151,7 @@
+ channel_lookup(int id)
+ {
+ 	Channel *c;
+-	if (id < 0 || id > channels_alloc) {
++	if (id < 0 || id >= channels_alloc) {
+ 		log("channel_lookup: %d: bad id", id);
+ 		return NULL;
+ 	}
diff --git a/share/security/patches/SA-02:13/openssh.patch.asc b/share/security/patches/SA-02:13/openssh.patch.asc
new file mode 100644
index 0000000000..1d084c356e
--- /dev/null
+++ b/share/security/patches/SA-02:13/openssh.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUAPId+EVUuHi5z0oilAQHRmwQAhYgkR3Nl+8Yh9ftg4w3ZoFsmG7JxmQD3
+Wv2suYBjsIB1qPVOwvkBwUBojyzOuTIyDldlvmDz3oBJNDGdjPupVdtbpWE+6Nwx
+MQfIPQyqIFfpOoJVg7Z7STQp7mStsh9ZL5EI1NAGQoVwsRfXBRi75pPU5arzqTga
+S07Un449NR0=
+=TkO2
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:18/zlib.patch b/share/security/patches/SA-02:18/zlib.patch
new file mode 100644
index 0000000000..3236011579
--- /dev/null
+++ b/share/security/patches/SA-02:18/zlib.patch
@@ -0,0 +1,88 @@
+Index: lib/libz/infblock.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libz/infblock.c,v
+retrieving revision 1.2
+diff -u -r1.2 infblock.c
+--- lib/libz/infblock.c	30 Sep 2001 22:39:00 -0000	1.2
++++ lib/libz/infblock.c	17 Feb 2002 15:19:53 -0000
+@@ -252,10 +252,11 @@
+                              &s->sub.trees.tb, s->hufts, z);
+       if (t != Z_OK)
+       {
+-        ZFREE(z, s->sub.trees.blens);
+         r = t;
+-        if (r == Z_DATA_ERROR)
++        if (r == Z_DATA_ERROR) {
++          ZFREE(z, s->sub.trees.blens);
+           s->mode = BAD;
++	}
+         LEAVE
+       }
+       s->sub.trees.index = 0;
+@@ -316,11 +317,12 @@
+         t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
+                                   s->sub.trees.blens, &bl, &bd, &tl, &td,
+                                   s->hufts, z);
+-        ZFREE(z, s->sub.trees.blens);
+         if (t != Z_OK)
+         {
+-          if (t == (uInt)Z_DATA_ERROR)
++          if (t == (uInt)Z_DATA_ERROR) {
++            ZFREE(z, s->sub.trees.blens);
+             s->mode = BAD;
++	}
+           r = t;
+           LEAVE
+         }
+@@ -332,6 +334,7 @@
+         }
+         s->sub.decode.codes = c;
+       }
++      ZFREE(z, s->sub.trees.blens);
+       s->mode = CODES;
+     case CODES:
+       UPDATE
+Index: sys/net/zlib.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/zlib.c,v
+retrieving revision 1.10
+diff -u -r1.10 zlib.c
+--- sys/net/zlib.c	29 Dec 1999 04:38:38 -0000	1.10
++++ sys/net/zlib.c	17 Feb 2002 15:19:53 -0000
+@@ -3864,10 +3864,11 @@
+                              &s->sub.trees.tb, z);
+       if (t != Z_OK)
+       {
+-        ZFREE(z, s->sub.trees.blens);
+         r = t;
+-        if (r == Z_DATA_ERROR)
++        if (r == Z_DATA_ERROR) {
++          ZFREE(z, s->sub.trees.blens);
+           s->mode = BADB;
++        }
+         LEAVE
+       }
+       s->sub.trees.index = 0;
+@@ -3932,11 +3933,12 @@
+ #endif
+         t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
+                                   s->sub.trees.blens, &bl, &bd, &tl, &td, z);
+-        ZFREE(z, s->sub.trees.blens);
+         if (t != Z_OK)
+         {
+-          if (t == (uInt)Z_DATA_ERROR)
++          if (t == (uInt)Z_DATA_ERROR) {
++            ZFREE(z, s->sub.trees.blens);
+             s->mode = BADB;
++          }
+           r = t;
+           LEAVE
+         }
+@@ -3953,6 +3955,7 @@
+         s->sub.decode.tl = tl;
+         s->sub.decode.td = td;
+       }
++      ZFREE(z, s->sub.trees.blens);
+       s->mode = CODES;
+     case CODES:
+       UPDATE
diff --git a/share/security/patches/SA-02:18/zlib.patch.asc b/share/security/patches/SA-02:18/zlib.patch.asc
new file mode 100644
index 0000000000..4e92248199
--- /dev/null
+++ b/share/security/patches/SA-02:18/zlib.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUAPJXX7FUuHi5z0oilAQEJyAP9EecvblykN61PN3ItkA40uUfoUJpvBhrx
+kZJlHrkPPLsmKy/laWI1tai11exTcLHSRypXH0bRc6G3aQ6gkg3mS14dNzYYwMIx
+d+0RnGCqYYxO+QbkOPeat9zWkHdyOU+HooMKDuRGyOS2jzkNMdgluXaQMr662giD
+P2yioRhNAgo=
+=rvzM
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:18/zlib.v1.1.corrected.patch b/share/security/patches/SA-02:18/zlib.v1.1.corrected.patch
new file mode 100644
index 0000000000..2e7a2c237a
--- /dev/null
+++ b/share/security/patches/SA-02:18/zlib.v1.1.corrected.patch
@@ -0,0 +1,49 @@
+Index: lib/libz/deflate.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libz/deflate.c,v
+retrieving revision 1.5
+diff -u -r1.5 deflate.c
+--- lib/libz/deflate.c	28 Aug 1999 00:06:01 -0000	1.5
++++ lib/libz/deflate.c	21 Mar 2002 01:57:47 -0000
+@@ -242,7 +242,7 @@
+         windowBits = -windowBits;
+     }
+     if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
+-        windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
++        windowBits < 9 || windowBits > 15 || level < 0 || level > 9 ||
+ 	strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
+         return Z_STREAM_ERROR;
+     }
+Index: sys/net/zlib.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/zlib.c,v
+retrieving revision 1.10.4.1
+diff -u -r1.10.4.1 zlib.c
+--- sys/net/zlib.c	23 Feb 2002 00:16:14 -0000	1.10.4.1
++++ sys/net/zlib.c	21 Mar 2002 01:57:47 -0000
+@@ -776,7 +776,7 @@
+         windowBits = -windowBits;
+     }
+     if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
+-        windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
++        windowBits < 9 || windowBits > 15 || level < 0 || level > 9 ||
+ 	strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
+         return Z_STREAM_ERROR;
+     }
+@@ -3951,11 +3951,15 @@
+           r = Z_MEM_ERROR;
+           LEAVE
+         }
++	/*
++	 * this ZFREE must occur *BEFORE* we mess with sub.decode, because
++	 * sub.trees is union'd with sub.decode.
++	 */
++        ZFREE(z, s->sub.trees.blens);
+         s->sub.decode.codes = c;
+         s->sub.decode.tl = tl;
+         s->sub.decode.td = td;
+       }
+-      ZFREE(z, s->sub.trees.blens);
+       s->mode = CODES;
+     case CODES:
+       UPDATE
diff --git a/share/security/patches/SA-02:18/zlib.v1.1.corrected.patch.asc b/share/security/patches/SA-02:18/zlib.v1.1.corrected.patch.asc
new file mode 100644
index 0000000000..dd235d6668
--- /dev/null
+++ b/share/security/patches/SA-02:18/zlib.v1.1.corrected.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAPL7YuVUuHi5z0oilAQGS0wP+KmuLkh+X9fpxVR2giBvYUQWb2RfHRaXA
+gAAyUeCSw/jbT9Segwg1BCEr1Y7qR4t0reLM9EVPvCHSRclZ/PHdDnpvJjywqHQG
+CJ3g/qnMKEHYP+0lRuvlVgGmXNgKzNMYHQF/9z4TP73feD6I6Ird22JOgBLHX/mg
+DTgxGJeXH64=
+=owmp
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:18/zlib.v1.1.patch b/share/security/patches/SA-02:18/zlib.v1.1.patch
new file mode 100644
index 0000000000..dad0814727
--- /dev/null
+++ b/share/security/patches/SA-02:18/zlib.v1.1.patch
@@ -0,0 +1,117 @@
+Index: lib/libz/deflate.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libz/deflate.c,v
+retrieving revision 1.5
+diff -u -r1.5 deflate.c
+--- lib/libz/deflate.c	28 Aug 1999 00:06:01 -0000	1.5
++++ lib/libz/deflate.c	21 Mar 2002 01:52:14 -0000
+@@ -242,7 +242,7 @@
+         windowBits = -windowBits;
+     }
+     if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
+-        windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
++        windowBits < 9 || windowBits > 15 || level < 0 || level > 9 ||
+ 	strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
+         return Z_STREAM_ERROR;
+     }
+Index: lib/libz/infblock.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libz/infblock.c,v
+retrieving revision 1.1.1.4
+diff -u -r1.1.1.4 lib/libz/infblock.c
+--- lib/libz/infblock.c	10 Jan 1999 09:46:55 -0000	1.1.1.4
++++ lib/libz/infblock.c	21 Mar 2002 04:01:03 -0000
+@@ -249,10 +249,11 @@
+                              &s->sub.trees.tb, s->hufts, z);
+       if (t != Z_OK)
+       {
+-        ZFREE(z, s->sub.trees.blens);
+         r = t;
+-        if (r == Z_DATA_ERROR)
++        if (r == Z_DATA_ERROR) {
++          ZFREE(z, s->sub.trees.blens);
+           s->mode = BAD;
++	}
+         LEAVE
+       }
+       s->sub.trees.index = 0;
+@@ -313,11 +314,12 @@
+         t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
+                                   s->sub.trees.blens, &bl, &bd, &tl, &td,
+                                   s->hufts, z);
+-        ZFREE(z, s->sub.trees.blens);
+         if (t != Z_OK)
+         {
+-          if (t == (uInt)Z_DATA_ERROR)
++          if (t == (uInt)Z_DATA_ERROR) {
++            ZFREE(z, s->sub.trees.blens);
+             s->mode = BAD;
++	}
+           r = t;
+           LEAVE
+         }
+@@ -329,6 +331,7 @@
+         }
+         s->sub.decode.codes = c;
+       }
++      ZFREE(z, s->sub.trees.blens);
+       s->mode = CODES;
+     case CODES:
+       UPDATE
+Index: sys/net/zlib.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/zlib.c,v
+retrieving revision 1.10
+diff -u -r1.10 zlib.c
+--- sys/net/zlib.c	29 Dec 1999 04:38:38 -0000	1.10
++++ sys/net/zlib.c	21 Mar 2002 01:52:14 -0000
+@@ -776,7 +776,7 @@
+         windowBits = -windowBits;
+     }
+     if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED ||
+-        windowBits < 8 || windowBits > 15 || level < 0 || level > 9 ||
++        windowBits < 9 || windowBits > 15 || level < 0 || level > 9 ||
+ 	strategy < 0 || strategy > Z_HUFFMAN_ONLY) {
+         return Z_STREAM_ERROR;
+     }
+@@ -3864,10 +3864,11 @@
+                              &s->sub.trees.tb, z);
+       if (t != Z_OK)
+       {
+-        ZFREE(z, s->sub.trees.blens);
+         r = t;
+-        if (r == Z_DATA_ERROR)
++        if (r == Z_DATA_ERROR) {
++          ZFREE(z, s->sub.trees.blens);
+           s->mode = BADB;
++        }
+         LEAVE
+       }
+       s->sub.trees.index = 0;
+@@ -3932,11 +3933,12 @@
+ #endif
+         t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
+                                   s->sub.trees.blens, &bl, &bd, &tl, &td, z);
+-        ZFREE(z, s->sub.trees.blens);
+         if (t != Z_OK)
+         {
+-          if (t == (uInt)Z_DATA_ERROR)
++          if (t == (uInt)Z_DATA_ERROR) {
++            ZFREE(z, s->sub.trees.blens);
+             s->mode = BADB;
++          }
+           r = t;
+           LEAVE
+         }
+@@ -3949,6 +3951,11 @@
+           r = Z_MEM_ERROR;
+           LEAVE
+         }
++	/*
++	 * this ZFREE must occur *BEFORE* we mess with sub.decode, because
++	 * sub.trees is union'd with sub.decode.
++	 */
++        ZFREE(z, s->sub.trees.blens);
+         s->sub.decode.codes = c;
+         s->sub.decode.tl = tl;
+         s->sub.decode.td = td;
diff --git a/share/security/patches/SA-02:18/zlib.v1.1.patch.asc b/share/security/patches/SA-02:18/zlib.v1.1.patch.asc
new file mode 100644
index 0000000000..753ca68d11
--- /dev/null
+++ b/share/security/patches/SA-02:18/zlib.v1.1.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAPL7YwlUuHi5z0oilAQG3mQP/QV/qYKyCmWUFy/tOZ4355fX1PADideQX
+buRkllOeUOg6vo2r4oHHfRgveikhwRF9FVudaDW0x0afZv5hiFWObpacGwCibKKT
+Nf+SXvDiZE4J6ZLXj+Y5P4b9wHfIO79vyoVD2Ya2RH/8aZWQnz0tAviPToA1ghVD
+TgVdIeXqhSc=
+=F4VY
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:20/syncache.patch b/share/security/patches/SA-02:20/syncache.patch
new file mode 100644
index 0000000000..d7cb4ec77f
--- /dev/null
+++ b/share/security/patches/SA-02:20/syncache.patch
@@ -0,0 +1,28 @@
+Index: sys/netinet/tcp_syncache.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_syncache.c,v
+retrieving revision 1.5.2.4
+diff -u -r1.5.2.4 tcp_syncache.c
+--- sys/netinet/tcp_syncache.c	24 Jan 2002 16:09:08 -0000	1.5.2.4
++++ sys/netinet/tcp_syncache.c	24 Feb 2002 19:20:29 -0000
+@@ -666,7 +666,7 @@
+ 	tp->rcv_wnd = sc->sc_wnd;
+ 	tp->rcv_adv += tp->rcv_wnd;
+ 
+-	tp->t_flags = sc->sc_tp->t_flags & (TF_NOPUSH|TF_NODELAY);
++	tp->t_flags = sototcpcb(lso)->t_flags & (TF_NOPUSH|TF_NODELAY);
+ 	if (sc->sc_flags & SCF_NOOPT)
+ 		tp->t_flags |= TF_NOOPT;
+ 	if (sc->sc_flags & SCF_WINSCALE) {
+@@ -839,6 +839,11 @@
+ 		 */
+ 		if (sc->sc_flags & SCF_TIMESTAMP)
+ 			sc->sc_tsrecent = to->to_tsval;
++		/*
++		 * PCB may have changed, pick up new values.
++		 */
++		sc->sc_tp = tp;
++		sc->sc_inp_gencnt = tp->t_inpcb->inp_gencnt;
+ 		if (syncache_respond(sc, m) == 0) {
+ 		        s = splnet();
+ 			TAILQ_REMOVE(&tcp_syncache.timerq[sc->sc_rxtslot],
diff --git a/share/security/patches/SA-02:20/syncache.patch.asc b/share/security/patches/SA-02:20/syncache.patch.asc
new file mode 100644
index 0000000000..57dd5357fc
--- /dev/null
+++ b/share/security/patches/SA-02:20/syncache.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAPLwzzlUuHi5z0oilAQHWOwQAo17Ombp0U9eTeHkwGEFPk0Q9Ip2gKpda
+gcOE81W4LGk25XR8UPWio+pBWSSEalu/Xf7hhtubOSUt8ElWOa/EXqDmKtm1ToA8
+Vgq+fcaRnvqI8gJWYsCFiBN9a7Aa72qb2+pAFCqMNtKbtiOubCfIekOAgo3pysgl
+C0y1QKbFPSo=
+=5e4n
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:21/tcpip.patch b/share/security/patches/SA-02:21/tcpip.patch
new file mode 100644
index 0000000000..53af7f4993
--- /dev/null
+++ b/share/security/patches/SA-02:21/tcpip.patch
@@ -0,0 +1,82 @@
+Index: sys/netinet/ip_icmp.c
+diff -u sys/netinet/ip_icmp.c:1.39.2.14 sys/netinet/ip_icmp.c:1.39.2.14.2.1
+--- sys/netinet/ip_icmp.c:1.39.2.14	Mon Jan 14 01:54:35 2002
++++ sys/netinet/ip_icmp.c	Mon Apr 15 12:12:05 2002
+@@ -615,6 +615,8 @@
+ 	}
+ 	t = ip->ip_dst;
+ 	ip->ip_dst = ip->ip_src;
++	ro = &rt;
++	bzero(ro, sizeof(*ro));
+ 	/*
+ 	 * If the incoming packet was addressed directly to us,
+ 	 * use dst as the src for the reply.  Otherwise (broadcast
+@@ -635,8 +637,6 @@
+ 				goto match;
+ 		}
+ 	}
+-	ro = &rt;
+-	bzero(ro, sizeof(*ro));
+ 	ia = ip_rtaddr(ip->ip_dst, ro);
+ 	/* We need a route to do anything useful. */
+ 	if (ia == NULL) {
+Index: sys/netinet/ip_mroute.c
+diff -u sys/netinet/ip_mroute.c:1.56.2.3 sys/netinet/ip_mroute.c:1.56.2.3.2.1
+--- sys/netinet/ip_mroute.c:1.56.2.3	Fri Dec  7 03:23:11 2001
++++ sys/netinet/ip_mroute.c	Mon Apr 15 12:12:05 2002
+@@ -1890,6 +1890,7 @@
+ {
+     struct ip_moptions imo;
+     int error;
++    static struct route ro;
+     int s = splnet();
+ 
+     if (vifp->v_flags & VIFF_TUNNEL) {
+@@ -1908,7 +1909,7 @@
+ 	 * should get rejected because they appear to come from
+ 	 * the loopback interface, thus preventing looping.
+ 	 */
+-	error = ip_output(m, (struct mbuf *)0, NULL,
++	error = ip_output(m, (struct mbuf *)0, &ro,
+ 			  IP_FORWARDING, &imo);
+ 
+ 	if (mrtdebug & DEBUG_XMIT)
+Index: sys/netinet/ip_output.c
+diff -u sys/netinet/ip_output.c:1.99.2.24 sys/netinet/ip_output.c:1.99.2.24.2.1
+--- sys/netinet/ip_output.c:1.99.2.24	Fri Dec 28 04:08:33 2001
++++ sys/netinet/ip_output.c	Mon Apr 15 12:12:05 2002
+@@ -124,11 +124,11 @@
+ 	struct mbuf *m = m0;
+ 	int hlen = sizeof (struct ip);
+ 	int len, off, error = 0;
+-	struct route iproute;
+ 	struct sockaddr_in *dst;
+ 	struct in_ifaddr *ia = NULL;
+ 	int isbroadcast, sw_csum;
+ #ifdef IPSEC
++	struct route iproute;
+ 	struct socket *so = NULL;
+ 	struct secpolicy *sp = NULL;
+ #endif
+@@ -185,6 +185,9 @@
+ #ifdef	DIAGNOSTIC
+ 	if ((m->m_flags & M_PKTHDR) == 0)
+ 		panic("ip_output no HDR");
++	if (!ro)
++		panic("ip_output no route, proto = %d",
++		      mtod(m, struct ip *)->ip_p);
+ #endif
+ 	if (opt) {
+ 		m = ip_insertoptions(m, opt, &len);
+@@ -207,11 +210,6 @@
+ 		hlen = IP_VHL_HL(ip->ip_vhl) << 2;
+ 	}
+ 
+-	/* Route packet. */
+-	if (ro == NULL) {
+-		ro = &iproute;
+-		bzero(ro, sizeof(*ro));
+-	}
+ 	dst = (struct sockaddr_in *)&ro->ro_dst;
+ 	/*
+ 	 * If there is a cached route,
diff --git a/share/security/patches/SA-02:21/tcpip.patch.asc b/share/security/patches/SA-02:21/tcpip.patch.asc
new file mode 100644
index 0000000000..af1fe960df
--- /dev/null
+++ b/share/security/patches/SA-02:21/tcpip.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAPLxgTlUuHi5z0oilAQHWMAP/aTkbaHKMYW4TcyJh3SqlRUOgR/bBvBmw
+AO+CEeZz1UiqqYu5eB/Qczgqc9/meCU1d/ycHgCmmM/GTnZGPDf/4YCRjy2xESpv
+pr7ebONRVdKDqddSWqiMsdi2UPlm3qOeelMKOi3vCJaLIuG6FaY4Yox1ksBxLHrg
+WF/hUhqCvXw=
+=B79i
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:22/mmap.patch b/share/security/patches/SA-02:22/mmap.patch
new file mode 100644
index 0000000000..d522e35444
--- /dev/null
+++ b/share/security/patches/SA-02:22/mmap.patch
@@ -0,0 +1,17 @@
+Index: sys/vm/vm_map.c
+diff -u sys/vm/vm_map.c:1.187.2.12 sys/vm/vm_map.c:1.187.2.13
+--- sys/vm/vm_map.c:1.187.2.12	Sat Nov 10 16:27:09 2001
++++ sys/vm/vm_map.c	Fri Mar  8 11:22:20 2002
+@@ -1741,8 +1741,11 @@
+ 		 * to write out.
+ 		 * We invalidate (remove) all pages from the address space
+ 		 * anyway, for semantic correctness.
++		 *
++		 * note: certain anonymous maps, such as MAP_NOSYNC maps,
++		 * may start out with a NULL object.
+ 		 */
+-		while (object->backing_object) {
++		while (object && object->backing_object) {
+ 			object = object->backing_object;
+ 			offset += object->backing_object_offset;
+ 			if (object->size < OFF_TO_IDX( offset + size))
diff --git a/share/security/patches/SA-02:22/mmap.patch.asc b/share/security/patches/SA-02:22/mmap.patch.asc
new file mode 100644
index 0000000000..aefc42a7b6
--- /dev/null
+++ b/share/security/patches/SA-02:22/mmap.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAPLyHlVUuHi5z0oilAQFaugP/TbjMn+Pzeae+hFIeQbyMZLBQ6gKyJ3Ft
+UVKKRLppyR7az3bTSPb+EwY2ba6yj0uzXbJ0TIRC3/K0J9l1ulyn6CfYO6cGIHql
+ohn1zSl++VXK1Hsk16XktQMCqe7OIswut+HuaoaPbFLF51UZAsl3D3t2dKh3Cjex
+DfWHek8dGT8=
+=MpzF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:23/stdio.patch b/share/security/patches/SA-02:23/stdio.patch
new file mode 100644
index 0000000000..3760a1c0fd
--- /dev/null
+++ b/share/security/patches/SA-02:23/stdio.patch
@@ -0,0 +1,112 @@
+Index: sys/sys/filedesc.h
+===================================================================
+RCS file: /home/ncvs/src/sys/sys/filedesc.h,v
+retrieving revision 1.19.2.3
+diff -u -r1.19.2.3 filedesc.h
+--- sys/sys/filedesc.h	2000/11/26 02:30:08	1.19.2.3
++++ sys/sys/filedesc.h	2002/04/19 14:25:39
+@@ -142,6 +142,7 @@
+ void	fdfree __P((struct proc *p));
+ int	closef __P((struct file *fp,struct proc *p));
+ void	fdcloseexec __P((struct proc *p));
++int	fdcheckstd __P((struct proc *p));
+ struct	file *holdfp __P((struct filedesc* fdp, int fd, int flag));
+ int	getvnode __P((struct filedesc *fdp, int fd, struct file **fpp));
+ int	fdissequential __P((struct file *));
+Index: sys/kern/kern_exec.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v
+retrieving revision 1.107.2.13
+diff -u -r1.107.2.13 kern_exec.c
+--- sys/kern/kern_exec.c	2002/01/22 17:22:59	1.107.2.13
++++ sys/kern/kern_exec.c	2002/04/19 14:25:39
+@@ -328,6 +328,10 @@
+ 				vrele(vtmp);
+ 			}
+ 		}
++		/* Make sure file descriptors 0..2 are in use. */
++		error = fdcheckstd(p);
++		if (error != 0)
++			goto exec_fail_dealloc;
+ 		/*
+ 		 * Set the new credentials.
+ 		 */
+Index: sys/kern/kern_descrip.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_descrip.c,v
+retrieving revision 1.81.2.10
+diff -u -r1.81.2.10 kern_descrip.c
+--- sys/kern/kern_descrip.c	2002/02/16 09:23:37	1.81.2.10
++++ sys/kern/kern_descrip.c	2002/04/19 14:25:39
+@@ -50,6 +50,7 @@
+ #include <sys/sysctl.h>
+ #include <sys/vnode.h>
+ #include <sys/proc.h>
++#include <sys/namei.h>
+ #include <sys/file.h>
+ #include <sys/stat.h>
+ #include <sys/filio.h>
+@@ -1181,6 +1182,63 @@
+ 	}
+ 	while (fdp->fd_lastfile > 0 && fdp->fd_ofiles[fdp->fd_lastfile] == NULL)
+ 		fdp->fd_lastfile--;
++}
++
++/*
++ * It is unsafe for set[ug]id processes to be started with file
++ * descriptors 0..2 closed, as these descriptors are given implicit
++ * significance in the Standard C library.  fdcheckstd() will create a
++ * descriptor referencing /dev/null for each of stdin, stdout, and
++ * stderr that is not already open.
++ */
++int
++fdcheckstd(p)
++       struct proc *p;
++{
++       struct nameidata nd;
++       struct filedesc *fdp;
++       struct file *fp;
++       register_t retval;
++       int fd, i, error, flags, devnull;
++
++       fdp = p->p_fd;
++       if (fdp == NULL)
++               return (0);
++       devnull = -1;
++       error = 0;
++       for (i = 0; i < 3; i++) {
++               if (fdp->fd_ofiles[i] != NULL)
++                       continue;
++               if (devnull < 0) {
++                       error = falloc(p, &fp, &fd);
++                       if (error != 0)
++                               break;
++                       NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, "/dev/null",
++                           p);
++                       flags = FREAD | FWRITE;
++                       error = vn_open(&nd, flags, 0);
++                       if (error != 0) {
++                               fdp->fd_ofiles[i] = NULL;
++                               fdrop(fp, p);
++                               break;
++                       }
++                       NDFREE(&nd, NDF_ONLY_PNBUF);
++                       fp->f_data = (caddr_t)nd.ni_vp;
++                       fp->f_flag = flags;
++                       fp->f_ops = &vnops;
++                       fp->f_type = DTYPE_VNODE;
++                       VOP_UNLOCK(nd.ni_vp, 0, p);
++                       devnull = fd;
++               } else {
++                       error = fdalloc(p, 0, &fd);
++                       if (error != 0)
++                               break;
++                       error = do_dup(fdp, devnull, fd, &retval, p);
++                       if (error != 0)
++                               break;
++               }
++       }
++       return (error);
+ }
+ 
+ /*
diff --git a/share/security/patches/SA-02:23/stdio.patch.asc b/share/security/patches/SA-02:23/stdio.patch.asc
new file mode 100644
index 0000000000..aa728df96f
--- /dev/null
+++ b/share/security/patches/SA-02:23/stdio.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUAPMSB1lUuHi5z0oilAQFZ+gP5ARjSEiIem76MXolDNp0Tks1VcLD/xHBq
+gAqjQyFHNQhIb3uClJaraP1SMcJiWPBYUP2Wbkq+XmkLsw/ncXzdzdVC7U+6IfvC
+Bc8u6BkpxTJFMQULK70O2lWRxATxhfpis/VDOGKmtMtX0uVE37HkBrno58Qggupm
+J4ELzki9w9A=
+=v/6G
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:23/stdio.patch.v1.2 b/share/security/patches/SA-02:23/stdio.patch.v1.2
new file mode 100644
index 0000000000..7afd0021a8
--- /dev/null
+++ b/share/security/patches/SA-02:23/stdio.patch.v1.2
@@ -0,0 +1,109 @@
+--- sys/kern/kern_descrip.c	Fri Dec 14 13:26:24 2001
++++ sys/kern/kern_descrip.c	Mon Apr 22 16:38:20 2002
+@@ -50,6 +50,7 @@
+ #include <sys/sysctl.h>
+ #include <sys/vnode.h>
+ #include <sys/proc.h>
++#include <sys/namei.h>
+ #include <sys/file.h>
+ #include <sys/stat.h>
+ #include <sys/filio.h>
+@@ -1183,6 +1184,63 @@
+ 	}
+ 	while (fdp->fd_lastfile > 0 && fdp->fd_ofiles[fdp->fd_lastfile] == NULL)
+ 		fdp->fd_lastfile--;
++}
++
++/*
++ * It is unsafe for set[ug]id processes to be started with file
++ * descriptors 0..2 closed, as these descriptors are given implicit
++ * significance in the Standard C library.  fdcheckstd() will create a
++ * descriptor referencing /dev/null for each of stdin, stdout, and
++ * stderr that is not already open.
++ */
++int
++fdcheckstd(p)
++       struct proc *p;
++{
++       struct nameidata nd;
++       struct filedesc *fdp;
++       struct file *fp;
++       register_t retval;
++       int fd, i, error, flags, devnull;
++
++       fdp = p->p_fd;
++       if (fdp == NULL)
++               return (0);
++       devnull = -1;
++       error = 0;
++       for (i = 0; i < 3; i++) {
++               if (fdp->fd_ofiles[i] != NULL)
++                       continue;
++               if (devnull < 0) {
++                       error = falloc(p, &fp, &fd);
++                       if (error != 0)
++                               break;
++                       NDINIT(&nd, LOOKUP, FOLLOW, UIO_SYSSPACE, "/dev/null",
++                           p);
++                       flags = FREAD | FWRITE;
++                       error = vn_open(&nd, flags, 0);
++                       if (error != 0) {
++                               fdp->fd_ofiles[i] = NULL;
++                               fdrop(fp, p);
++                               break;
++                       }
++                       NDFREE(&nd, NDF_ONLY_PNBUF);
++                       fp->f_data = (caddr_t)nd.ni_vp;
++                       fp->f_flag = flags;
++                       fp->f_ops = &vnops;
++                       fp->f_type = DTYPE_VNODE;
++                       VOP_UNLOCK(nd.ni_vp, 0, p);
++                       devnull = fd;
++               } else {
++                       error = fdalloc(p, 0, &fd);
++                       if (error != 0)
++                               break;
++                       error = do_dup(fdp, devnull, fd, &retval, p);
++                       if (error != 0)
++                               break;
++               }
++       }
++       return (error);
+ }
+ 
+ /*
+diff --exclude=CVS -ruN sys/kern/kern_exec.c sys/kern/kern_exec.c
+--- sys/kern/kern_exec.c	Tue Jan 22 11:22:59 2002
++++ sys/kern/kern_exec.c	Mon Jul 29 22:21:49 2002
+@@ -328,6 +328,12 @@
+ 				vrele(vtmp);
+ 			}
+ 		}
++		/* Close any file descriptors 0..2 that reference procfs */
++		setugidsafety(p);
++		/* Make sure file descriptors 0..2 are in use. */
++		error = fdcheckstd(p);
++		if (error != 0)
++			goto exec_fail_dealloc;
+ 		/*
+ 		 * Set the new credentials.
+ 		 */
+@@ -336,7 +342,6 @@
+ 			change_euid(p, attr.va_uid);
+ 		if (attr.va_mode & VSGID)
+ 			p->p_ucred->cr_gid = attr.va_gid;
+-		setugidsafety(p);
+ 	} else {
+ 		if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
+ 		    p->p_ucred->cr_gid == p->p_cred->p_rgid)
+diff --exclude=CVS -ruN sys/sys/filedesc.h sys/sys/filedesc.h
+--- sys/sys/filedesc.h	Sat Nov 25 20:30:08 2000
++++ sys/sys/filedesc.h	Sun Apr 21 08:08:57 2002
+@@ -142,6 +142,7 @@
+ void	fdfree __P((struct proc *p));
+ int	closef __P((struct file *fp,struct proc *p));
+ void	fdcloseexec __P((struct proc *p));
++int	fdcheckstd __P((struct proc *p));
+ struct	file *holdfp __P((struct filedesc* fdp, int fd, int flag));
+ int	getvnode __P((struct filedesc *fdp, int fd, struct file **fpp));
+ int	fdissequential __P((struct file *));
diff --git a/share/security/patches/SA-02:23/stdio.patch.v1.2.asc b/share/security/patches/SA-02:23/stdio.patch.v1.2.asc
new file mode 100644
index 0000000000..634fa4724d
--- /dev/null
+++ b/share/security/patches/SA-02:23/stdio.patch.v1.2.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPUYHHFUuHi5z0oilAQGIKgP9E97/zcA+QUa4aN74bNWWHw6GYKeyiwEB
+A/pEzompjjmVEPdzOLo7A5O6ApyJhNKSG7iIAREGXPOrl3Fb2GT9haZV33Z3rPCC
+s/NmwJ71d7XEAgP11EVz5mzzeTFY4Oq+7ym5jhEWfCtmbJBT6zQ+2+H3fWuxt6yT
+ZMCOd0k1lJU=
+=pCFB
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:23/stdio2.patch.v1.2 b/share/security/patches/SA-02:23/stdio2.patch.v1.2
new file mode 100644
index 0000000000..1dde5b758b
--- /dev/null
+++ b/share/security/patches/SA-02:23/stdio2.patch.v1.2
@@ -0,0 +1,24 @@
+Index: sys/kern/kern_exec.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_exec.c,v
+retrieving revision 1.107.2.14
+diff -u -r1.107.2.14 kern_exec.c
+--- sys/kern/kern_exec.c	21 Apr 2002 13:06:23 -0000	1.107.2.14
++++ sys/kern/kern_exec.c	30 Jul 2002 02:45:30 -0000
+@@ -328,6 +328,8 @@
+ 				vrele(vtmp);
+ 			}
+ 		}
++		/* Close any file descriptors 0..2 that reference procfs */
++		setugidsafety(p);
+ 		/* Make sure file descriptors 0..2 are in use. */
+ 		error = fdcheckstd(p);
+ 		if (error != 0)
+@@ -340,7 +342,6 @@
+ 			change_euid(p, attr.va_uid);
+ 		if (attr.va_mode & VSGID)
+ 			p->p_ucred->cr_gid = attr.va_gid;
+-		setugidsafety(p);
+ 	} else {
+ 		if (p->p_ucred->cr_uid == p->p_cred->p_ruid &&
+ 		    p->p_ucred->cr_gid == p->p_cred->p_rgid)
diff --git a/share/security/patches/SA-02:23/stdio2.patch.v1.2.asc b/share/security/patches/SA-02:23/stdio2.patch.v1.2.asc
new file mode 100644
index 0000000000..b9a1f0c38f
--- /dev/null
+++ b/share/security/patches/SA-02:23/stdio2.patch.v1.2.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPUYHGVUuHi5z0oilAQHyRgP9Gxea+G9htErFTEca7QF87T3Z0y+B7RB7
+MqmkKuNr/Pc3fOm0Jj/jbki7TvfLQXgxo52tdwSlNhQYsrffF7CSpcVD67cHFup6
+vJ8gsJlCkrP5GJR/nZ2r4PPhFJWdDCdxykIJ8uhyiBKLxUuyBX6k2Iang9JxOBm9
+MQP2PB6uoQ0=
+=SLWw
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:25/bzip2.patch b/share/security/patches/SA-02:25/bzip2.patch
new file mode 100644
index 0000000000..1c9c7f0dfb
--- /dev/null
+++ b/share/security/patches/SA-02:25/bzip2.patch
@@ -0,0 +1,1180 @@
+Index: contrib/bzip2/blocksort.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/blocksort.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 blocksort.c
+--- contrib/bzip2/blocksort.c	1 Aug 2001 00:13:31 -0000	1.1.1.1.2.1
++++ contrib/bzip2/blocksort.c	22 Feb 2002 13:34:04 -0000
+@@ -8,7 +8,7 @@
+   This file is a part of bzip2 and/or libbzip2, a program and
+   library for lossless, block-sorting data compression.
+ 
+-  Copyright (C) 1996-2000 Julian R Seward.  All rights reserved.
++  Copyright (C) 1996-2002 Julian R Seward.  All rights reserved.
+ 
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+@@ -981,7 +981,14 @@
+          }
+       }
+ 
+-      AssertH ( copyStart[ss]-1 == copyEnd[ss], 1007 );
++      AssertH ( (copyStart[ss]-1 == copyEnd[ss])
++                || 
++                /* Extremely rare case missing in bzip2-1.0.0 and 1.0.1.
++                   Necessity for this case is demonstrated by compressing 
++                   a sequence of approximately 48.5 million of character 
++                   251; 1.0.0/1.0.1 will then die here. */
++                (copyStart[ss] == 0 && copyEnd[ss] == nblock-1),
++                1007 )
+ 
+       for (j = 0; j <= 255; j++) ftab[(j << 8) + ss] |= SETMASK;
+ 
+Index: contrib/bzip2/bzip2.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/bzip2.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 bzip2.c
+--- contrib/bzip2/bzip2.c	1 Aug 2001 00:13:31 -0000	1.1.1.1.2.1
++++ contrib/bzip2/bzip2.c	22 Feb 2002 13:34:04 -0000
+@@ -7,7 +7,7 @@
+   This file is a part of bzip2 and/or libbzip2, a program and
+   library for lossless, block-sorting data compression.
+ 
+-  Copyright (C) 1996-2000 Julian R Seward.  All rights reserved.
++  Copyright (C) 1996-2002 Julian R Seward.  All rights reserved.
+ 
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+@@ -113,13 +113,16 @@
+ /*--
+   Generic 32-bit Unix.
+   Also works on 64-bit Unix boxes.
++  This is the default.
+ --*/
+ #define BZ_UNIX      1
+ 
+ /*--
+   Win32, as seen by Jacob Navia's excellent
+   port of (Chris Fraser & David Hanson)'s excellent
+-  lcc compiler.
++  lcc compiler.  Or with MS Visual C.
++  This is selected automatically if compiled by a compiler which
++  defines _WIN32, not including the Cygwin GCC.
+ --*/
+ #define BZ_LCCWIN32  0
+ 
+@@ -156,6 +159,7 @@
+ --*/
+ 
+ #if BZ_UNIX
++#   include <fcntl.h>
+ #   include <sys/types.h>
+ #   include <utime.h>
+ #   include <unistd.h>
+@@ -164,8 +168,9 @@
+ 
+ #   define PATH_SEP    '/'
+ #   define MY_LSTAT    lstat
+-#   define MY_S_IFREG  S_ISREG
+ #   define MY_STAT     stat
++#   define MY_S_ISREG  S_ISREG
++#   define MY_S_ISDIR  S_ISDIR
+ 
+ #   define APPEND_FILESPEC(root, name) \
+       root=snocString((root), (name))
+@@ -180,19 +185,23 @@
+ #   else
+ #      define NORETURN /**/
+ #   endif
++
+ #   ifdef __DJGPP__
+ #     include <io.h>
+ #     include <fcntl.h>
+ #     undef MY_LSTAT
++#     undef MY_STAT
+ #     define MY_LSTAT stat
++#     define MY_STAT stat
+ #     undef SET_BINARY_MODE
+ #     define SET_BINARY_MODE(fd)                        \
+         do {                                            \
+            int retVal = setmode ( fileno ( fd ),        \
+-                                 O_BINARY );            \
++                                  O_BINARY );           \
+            ERROR_IF_MINUS_ONE ( retVal );               \
+         } while ( 0 )
+ #   endif
++
+ #   ifdef __CYGWIN__
+ #     include <io.h>
+ #     include <fcntl.h>
+@@ -200,11 +209,11 @@
+ #     define SET_BINARY_MODE(fd)                        \
+         do {                                            \
+            int retVal = setmode ( fileno ( fd ),        \
+-                                 O_BINARY );            \
++                                  O_BINARY );           \
+            ERROR_IF_MINUS_ONE ( retVal );               \
+         } while ( 0 )
+ #   endif
+-#endif
++#endif /* BZ_UNIX */
+ 
+ 
+ 
+@@ -217,46 +226,23 @@
+ #   define PATH_SEP       '\\'
+ #   define MY_LSTAT       _stat
+ #   define MY_STAT        _stat
+-#   define MY_S_IFREG(x)  ((x) & _S_IFREG)
++#   define MY_S_ISREG(x)  ((x) & _S_IFREG)
++#   define MY_S_ISDIR(x)  ((x) & _S_IFDIR)
+ 
+ #   define APPEND_FLAG(root, name) \
+       root=snocString((root), (name))
+ 
+-#   if 0
+-   /*-- lcc-win32 seems to expand wildcards itself --*/
+-#   define APPEND_FILESPEC(root, spec)                \
+-      do {                                            \
+-         if ((spec)[0] == '-') {                      \
+-            root = snocString((root), (spec));        \
+-         } else {                                     \
+-            struct _finddata_t c_file;                \
+-            long hFile;                               \
+-            hFile = _findfirst((spec), &c_file);      \
+-            if ( hFile == -1L ) {                     \
+-               root = snocString ((root), (spec));    \
+-            } else {                                  \
+-               int anInt = 0;                         \
+-               while ( anInt == 0 ) {                 \
+-                  root = snocString((root),           \
+-                            &c_file.name[0]);         \
+-                  anInt = _findnext(hFile, &c_file);  \
+-               }                                      \
+-            }                                         \
+-         }                                            \
+-      } while ( 0 )
+-#   else
+ #   define APPEND_FILESPEC(root, name)                \
+       root = snocString ((root), (name))
+-#   endif
+ 
+ #   define SET_BINARY_MODE(fd)                        \
+       do {                                            \
+          int retVal = setmode ( fileno ( fd ),        \
+-                               O_BINARY );            \
++                                O_BINARY );           \
+          ERROR_IF_MINUS_ONE ( retVal );               \
+       } while ( 0 )
+ 
+-#endif
++#endif /* BZ_LCCWIN32 */
+ 
+ 
+ /*---------------------------------------------*/
+@@ -338,6 +324,7 @@
+    struct { UChar b[8]; } 
+    UInt64;
+ 
++
+ static
+ void uInt64_from_UInt32s ( UInt64* n, UInt32 lo32, UInt32 hi32 )
+ {
+@@ -351,6 +338,7 @@
+    n->b[0] = (UChar) (lo32        & 0xFF);
+ }
+ 
++
+ static
+ double uInt64_to_double ( UInt64* n )
+ {
+@@ -364,77 +352,6 @@
+    return sum;
+ }
+ 
+-static
+-void uInt64_add ( UInt64* src, UInt64* dst )
+-{
+-   Int32 i;
+-   Int32 carry = 0;
+-   for (i = 0; i < 8; i++) {
+-      carry += ( ((Int32)src->b[i]) + ((Int32)dst->b[i]) );
+-      dst->b[i] = (UChar)(carry & 0xFF);
+-      carry >>= 8;
+-   }
+-}
+-
+-static
+-void uInt64_sub ( UInt64* src, UInt64* dst )
+-{
+-   Int32 t, i;
+-   Int32 borrow = 0;
+-   for (i = 0; i < 8; i++) {
+-      t = ((Int32)dst->b[i]) - ((Int32)src->b[i]) - borrow;
+-      if (t < 0) {
+-         dst->b[i] = (UChar)(t + 256);
+-         borrow = 1;
+-      } else {
+-         dst->b[i] = (UChar)t;
+-         borrow = 0;
+-      }
+-   }
+-}
+-
+-static
+-void uInt64_mul ( UInt64* a, UInt64* b, UInt64* r_hi, UInt64* r_lo )
+-{
+-   UChar sum[16];
+-   Int32 ia, ib, carry;
+-   for (ia = 0; ia < 16; ia++) sum[ia] = 0;
+-   for (ia = 0; ia < 8; ia++) {
+-      carry = 0;
+-      for (ib = 0; ib < 8; ib++) {
+-         carry += ( ((Int32)sum[ia+ib]) 
+-                    + ((Int32)a->b[ia]) * ((Int32)b->b[ib]) );
+-         sum[ia+ib] = (UChar)(carry & 0xFF);
+-         carry >>= 8;
+-      }
+-      sum[ia+8] = (UChar)(carry & 0xFF);
+-      if ((carry >>= 8) != 0) panic ( "uInt64_mul" );
+-   }
+-
+-   for (ia = 0; ia < 8; ia++) r_hi->b[ia] = sum[ia+8];
+-   for (ia = 0; ia < 8; ia++) r_lo->b[ia] = sum[ia];
+-}
+-
+-
+-static
+-void uInt64_shr1 ( UInt64* n )
+-{
+-   Int32 i;
+-   for (i = 0; i < 8; i++) {
+-      n->b[i] >>= 1;
+-      if (i < 7 && (n->b[i+1] & 1)) n->b[i] |= 0x80;
+-   }
+-}
+-
+-static
+-void uInt64_shl1 ( UInt64* n )
+-{
+-   Int32 i;
+-   for (i = 7; i >= 0; i--) {
+-      n->b[i] <<= 1;
+-      if (i > 0 && (n->b[i-1] & 0x80)) n->b[i]++;
+-   }
+-}
+ 
+ static
+ Bool uInt64_isZero ( UInt64* n )
+@@ -445,49 +362,23 @@
+    return 1;
+ }
+ 
+-static
++
++/* Divide *n by 10, and return the remainder.  */
++static 
+ Int32 uInt64_qrm10 ( UInt64* n )
+ {
+-   /* Divide *n by 10, and return the remainder.  Long division
+-      is difficult, so we cheat and instead multiply by
+-      0xCCCC CCCC CCCC CCCD, which is 0.8 (viz, 0.1 << 3).
+-   */
++   UInt32 rem, tmp;
+    Int32  i;
+-   UInt64 tmp1, tmp2, n_orig, zero_point_eight;
+-
+-   zero_point_eight.b[1] = zero_point_eight.b[2] = 
+-   zero_point_eight.b[3] = zero_point_eight.b[4] = 
+-   zero_point_eight.b[5] = zero_point_eight.b[6] = 
+-   zero_point_eight.b[7] = 0xCC;
+-   zero_point_eight.b[0] = 0xCD;
+-
+-   n_orig = *n;
+-
+-   /* divide n by 10, 
+-      by multiplying by 0.8 and then shifting right 3 times */
+-   uInt64_mul ( n, &zero_point_eight, &tmp1, &tmp2 );
+-   uInt64_shr1(&tmp1); uInt64_shr1(&tmp1); uInt64_shr1(&tmp1); 
+-   *n = tmp1;
+-   
+-   /* tmp1 = 8*n, tmp2 = 2*n */
+-   uInt64_shl1(&tmp1); uInt64_shl1(&tmp1); uInt64_shl1(&tmp1);
+-   tmp2 = *n; uInt64_shl1(&tmp2);
+-
+-   /* tmp1 = 10*n */
+-   uInt64_add ( &tmp2, &tmp1 );
+-
+-   /* n_orig = n_orig - 10*n */
+-   uInt64_sub ( &tmp1, &n_orig );
+-
+-   /* n_orig should now hold quotient, in range 0 .. 9 */
+-   for (i = 7; i >= 1; i--) 
+-      if (n_orig.b[i] != 0) panic ( "uInt64_qrm10(1)" );
+-   if (n_orig.b[0] > 9)
+-      panic ( "uInt64_qrm10(2)" );
+-
+-   return (int)n_orig.b[0];
++   rem = 0;
++   for (i = 7; i >= 0; i--) {
++      tmp = rem * 256 + n->b[i];
++      n->b[i] = tmp / 10;
++      rem = tmp % 10;
++   }
++   return rem;
+ }
+ 
++
+ /* ... and the Whole Entire Point of all this UInt64 stuff is
+    so that we can supply the following function.
+ */
+@@ -504,7 +395,8 @@
+       nBuf++;
+    } while (!uInt64_isZero(&n_copy));
+    outbuf[nBuf] = 0;
+-   for (i = 0; i < nBuf; i++) outbuf[i] = buf[nBuf-i-1];
++   for (i = 0; i < nBuf; i++) 
++      outbuf[i] = buf[nBuf-i-1];
+ }
+ 
+ 
+@@ -566,35 +458,38 @@
+    if (ret == EOF) goto errhandler_io;
+    if (zStream != stdout) {
+       ret = fclose ( zStream );
++      outputHandleJustInCase = NULL;
+       if (ret == EOF) goto errhandler_io;
+    }
++   outputHandleJustInCase = NULL;
+    if (ferror(stream)) goto errhandler_io;
+    ret = fclose ( stream );
+    if (ret == EOF) goto errhandler_io;
+ 
+-   if (nbytes_in_lo32 == 0 && nbytes_in_hi32 == 0) 
+-      nbytes_in_lo32 = 1;
+-
+    if (verbosity >= 1) {
+-      Char   buf_nin[32], buf_nout[32];
+-      UInt64 nbytes_in,   nbytes_out;
+-      double nbytes_in_d, nbytes_out_d;
+-      uInt64_from_UInt32s ( &nbytes_in, 
+-                            nbytes_in_lo32, nbytes_in_hi32 );
+-      uInt64_from_UInt32s ( &nbytes_out, 
+-                            nbytes_out_lo32, nbytes_out_hi32 );
+-      nbytes_in_d  = uInt64_to_double ( &nbytes_in );
+-      nbytes_out_d = uInt64_to_double ( &nbytes_out );
+-      uInt64_toAscii ( buf_nin, &nbytes_in );
+-      uInt64_toAscii ( buf_nout, &nbytes_out );
+-      fprintf ( stderr, "%6.3f:1, %6.3f bits/byte, "
+-                        "%5.2f%% saved, %s in, %s out.\n",
+-                nbytes_in_d / nbytes_out_d,
+-                (8.0 * nbytes_out_d) / nbytes_in_d,
+-                100.0 * (1.0 - nbytes_out_d / nbytes_in_d),
+-                buf_nin,
+-                buf_nout
+-              );
++      if (nbytes_in_lo32 == 0 && nbytes_in_hi32 == 0) {
++	 fprintf ( stderr, " no data compressed.\n");
++      } else {
++	 Char   buf_nin[32], buf_nout[32];
++	 UInt64 nbytes_in,   nbytes_out;
++	 double nbytes_in_d, nbytes_out_d;
++	 uInt64_from_UInt32s ( &nbytes_in, 
++			       nbytes_in_lo32, nbytes_in_hi32 );
++	 uInt64_from_UInt32s ( &nbytes_out, 
++			       nbytes_out_lo32, nbytes_out_hi32 );
++	 nbytes_in_d  = uInt64_to_double ( &nbytes_in );
++	 nbytes_out_d = uInt64_to_double ( &nbytes_out );
++	 uInt64_toAscii ( buf_nin, &nbytes_in );
++	 uInt64_toAscii ( buf_nout, &nbytes_out );
++	 fprintf ( stderr, "%6.3f:1, %6.3f bits/byte, "
++		   "%5.2f%% saved, %s in, %s out.\n",
++		   nbytes_in_d / nbytes_out_d,
++		   (8.0 * nbytes_out_d) / nbytes_in_d,
++		   100.0 * (1.0 - nbytes_out_d / nbytes_in_d),
++		   buf_nin,
++		   buf_nout
++		 );
++      }
+    }
+ 
+    return;
+@@ -652,7 +547,7 @@
+ 
+       while (bzerr == BZ_OK) {
+          nread = BZ2_bzRead ( &bzerr, bzf, obuf, 5000 );
+-         if (bzerr == BZ_DATA_ERROR_MAGIC) goto errhandler;
++         if (bzerr == BZ_DATA_ERROR_MAGIC) goto trycat;
+          if ((bzerr == BZ_OK || bzerr == BZ_STREAM_END) && nread > 0)
+             fwrite ( obuf, sizeof(UChar), nread, stream );
+          if (ferror(stream)) goto errhandler_io;
+@@ -668,9 +563,9 @@
+       if (bzerr != BZ_OK) panic ( "decompress:bzReadGetUnused" );
+ 
+       if (nUnused == 0 && myfeof(zStream)) break;
+-
+    }
+ 
++   closeok:
+    if (ferror(zStream)) goto errhandler_io;
+    ret = fclose ( zStream );
+    if (ret == EOF) goto errhandler_io;
+@@ -680,11 +575,26 @@
+    if (ret != 0) goto errhandler_io;
+    if (stream != stdout) {
+       ret = fclose ( stream );
++      outputHandleJustInCase = NULL;
+       if (ret == EOF) goto errhandler_io;
+    }
++   outputHandleJustInCase = NULL;
+    if (verbosity >= 2) fprintf ( stderr, "\n    " );
+    return True;
+ 
++   trycat: 
++   if (forceOverwrite) {
++      rewind(zStream);
++      while (True) {
++      	 if (myfeof(zStream)) break;
++      	 nread = fread ( obuf, sizeof(UChar), 5000, zStream );
++      	 if (ferror(zStream)) goto errhandler_io;
++      	 if (nread > 0) fwrite ( obuf, sizeof(UChar), nread, stream );
++      	 if (ferror(stream)) goto errhandler_io;
++      }
++      goto closeok;
++   }
++  
+    errhandler:
+    BZ2_bzReadClose ( &bzerr_dummy, bzf );
+    switch (bzerr) {
+@@ -832,7 +742,7 @@
+       stderr,
+       "\nIt is possible that the compressed file(s) have become corrupted.\n"
+         "You can use the -tvv option to test integrity of such files.\n\n"
+-        "You can use the `bzip2recover' program to *attempt* to recover\n"
++        "You can use the `bzip2recover' program to attempt to recover\n"
+         "data from undamaged sections of corrupted files.\n\n"
+     );
+ }
+@@ -855,28 +765,55 @@
+ static 
+ void cleanUpAndFail ( Int32 ec )
+ {
+-   IntNative retVal;
++   IntNative      retVal;
++   struct MY_STAT statBuf;
+ 
+    if ( srcMode == SM_F2F 
+         && opMode != OM_TEST
+         && deleteOutputOnInterrupt ) {
+-      if (noisy)
+-      fprintf ( stderr, "%s: Deleting output file %s, if it exists.\n",
+-                progName, outName );
+-      if (outputHandleJustInCase != NULL)
+-         fclose ( outputHandleJustInCase );
+-      retVal = remove ( outName );
+-      if (retVal != 0)
++
++      /* Check whether input file still exists.  Delete output file
++         only if input exists to avoid loss of data.  Joerg Prante, 5
++         January 2002.  (JRS 06-Jan-2002: other changes in 1.0.2 mean
++         this is less likely to happen.  But to be ultra-paranoid, we
++         do the check anyway.)  */
++      retVal = MY_STAT ( inName, &statBuf );
++      if (retVal == 0) {
++         if (noisy)
++            fprintf ( stderr, 
++                      "%s: Deleting output file %s, if it exists.\n",
++                      progName, outName );
++         if (outputHandleJustInCase != NULL)
++            fclose ( outputHandleJustInCase );
++         retVal = remove ( outName );
++         if (retVal != 0)
++            fprintf ( stderr,
++                      "%s: WARNING: deletion of output file "
++                      "(apparently) failed.\n",
++                      progName );
++      } else {
++         fprintf ( stderr,
++                   "%s: WARNING: deletion of output file suppressed\n",
++                    progName );
+          fprintf ( stderr,
+-                   "%s: WARNING: deletion of output file (apparently) failed.\n",
++                   "%s:    since input file no longer exists.  Output file\n",
++                   progName );
++         fprintf ( stderr,
++                   "%s:    `%s' may be incomplete.\n",
++                   progName, outName );
++         fprintf ( stderr, 
++                   "%s:    I suggest doing an integrity test (bzip2 -tv)"
++                   " of it.\n",
+                    progName );
++      }
+    }
++
+    if (noisy && numFileNames > 0 && numFilesProcessed < numFileNames) {
+       fprintf ( stderr, 
+                 "%s: WARNING: some files have not been processed:\n"
+-                "\t%d specified on command line, %d not processed yet.\n\n",
+-                progName, numFileNames, 
+-                          numFileNames - numFilesProcessed );
++                "%s:    %d specified on command line, %d not processed yet.\n\n",
++                progName, progName,
++                numFileNames, numFileNames - numFilesProcessed );
+    }
+    setExit(ec);
+    exit(exitValue);
+@@ -915,14 +852,16 @@
+ static 
+ void compressedStreamEOF ( void )
+ {
+-   fprintf ( stderr,
+-             "\n%s: Compressed file ends unexpectedly;\n\t"
+-             "perhaps it is corrupted?  *Possible* reason follows.\n",
+-             progName );
+-   perror ( progName );
+-   showFileNames();
+-   cadvise();
+-   cleanUpAndFail( 2 );
++  if (noisy) {
++    fprintf ( stderr,
++	      "\n%s: Compressed file ends unexpectedly;\n\t"
++	      "perhaps it is corrupted?  *Possible* reason follows.\n",
++	      progName );
++    perror ( progName );
++    showFileNames();
++    cadvise();
++  }
++  cleanUpAndFail( 2 );
+ }
+ 
+ 
+@@ -1038,6 +977,11 @@
+ /*--- The main driver machinery                   ---*/
+ /*---------------------------------------------------*/
+ 
++/* All rather crufty.  The main problem is that input files
++   are stat()d multiple times before use.  This should be
++   cleaned up. 
++*/
++
+ /*---------------------------------------------*/
+ static 
+ void pad ( Char *s )
+@@ -1082,6 +1026,32 @@
+ 
+ 
+ /*---------------------------------------------*/
++/* Open an output file safely with O_EXCL and good permissions.
++   This avoids a race condition in versions < 1.0.2, in which
++   the file was first opened and then had its interim permissions
++   set safely.  We instead use open() to create the file with
++   the interim permissions required. (--- --- rw-).
++
++   For non-Unix platforms, if we are not worrying about
++   security issues, simple this simply behaves like fopen.
++*/
++FILE* fopen_output_safely ( Char* name, const char* mode )
++{
++#  if BZ_UNIX
++   FILE*     fp;
++   IntNative fh;
++   fh = open(name, O_WRONLY|O_CREAT|O_EXCL, S_IWUSR|S_IRUSR);
++   if (fh == -1) return NULL;
++   fp = fdopen(fh, mode);
++   if (fp == NULL) close(fh);
++   return fp;
++#  else
++   return fopen(name, mode);
++#  endif
++}
++
++
++/*---------------------------------------------*/
+ /*--
+   if in doubt, return True
+ --*/
+@@ -1093,7 +1063,7 @@
+ 
+    i = MY_LSTAT ( name, &statBuf );
+    if (i != 0) return True;
+-   if (MY_S_IFREG(statBuf.st_mode)) return False;
++   if (MY_S_ISREG(statBuf.st_mode)) return False;
+    return True;
+ }
+ 
+@@ -1115,42 +1085,66 @@
+ 
+ 
+ /*---------------------------------------------*/
++/* Copy modification date, access date, permissions and owner from the
++   source to destination file.  We have to copy this meta-info off
++   into fileMetaInfo before starting to compress / decompress it,
++   because doing it afterwards means we get the wrong access time.
++
++   To complicate matters, in compress() and decompress() below, the
++   sequence of tests preceding the call to saveInputFileMetaInfo()
++   involves calling fileExists(), which in turn establishes its result
++   by attempting to fopen() the file, and if successful, immediately
++   fclose()ing it again.  So we have to assume that the fopen() call
++   does not cause the access time field to be updated.
++
++   Reading of the man page for stat() (man 2 stat) on RedHat 7.2 seems
++   to imply that merely doing open() will not affect the access time.
++   Therefore we merely need to hope that the C library only does
++   open() as a result of fopen(), and not any kind of read()-ahead
++   cleverness.
++
++   It sounds pretty fragile to me.  Whether this carries across
++   robustly to arbitrary Unix-like platforms (or even works robustly
++   on this one, RedHat 7.2) is unknown to me.  Nevertheless ...  
++*/
++#if BZ_UNIX
++static 
++struct MY_STAT fileMetaInfo;
++#endif
++
+ static 
+-void copyDatePermissionsAndOwner ( Char *srcName, Char *dstName )
++void saveInputFileMetaInfo ( Char *srcName )
+ {
+-#if BZ_UNIX
++#  if BZ_UNIX
++   IntNative retVal;
++   /* Note use of stat here, not lstat. */
++   retVal = MY_STAT( srcName, &fileMetaInfo );
++   ERROR_IF_NOT_ZERO ( retVal );
++#  endif
++}
++
++
++static 
++void applySavedMetaInfoToOutputFile ( Char *dstName )
++{
++#  if BZ_UNIX
+    IntNative      retVal;
+-   struct MY_STAT statBuf;
+    struct utimbuf uTimBuf;
+ 
+-   retVal = MY_LSTAT ( srcName, &statBuf );
+-   ERROR_IF_NOT_ZERO ( retVal );
+-   uTimBuf.actime = statBuf.st_atime;
+-   uTimBuf.modtime = statBuf.st_mtime;
++   uTimBuf.actime = fileMetaInfo.st_atime;
++   uTimBuf.modtime = fileMetaInfo.st_mtime;
+ 
+-   retVal = chmod ( dstName, statBuf.st_mode );
++   retVal = chmod ( dstName, fileMetaInfo.st_mode );
+    ERROR_IF_NOT_ZERO ( retVal );
+ 
+    retVal = utime ( dstName, &uTimBuf );
+    ERROR_IF_NOT_ZERO ( retVal );
+ 
+-   retVal = chown ( dstName, statBuf.st_uid, statBuf.st_gid );
++   retVal = chown ( dstName, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
+    /* chown() will in many cases return with EPERM, which can
+       be safely ignored.
+    */
+-#endif
+-}
+-
+-
+-/*---------------------------------------------*/
+-static 
+-void setInterimPermissions ( Char *dstName )
+-{
+-#if BZ_UNIX
+-   IntNative      retVal;
+-   retVal = chmod ( dstName, S_IRUSR | S_IWUSR );
+-   ERROR_IF_NOT_ZERO ( retVal );
+-#endif
++#  endif
+ }
+ 
+ 
+@@ -1158,10 +1152,19 @@
+ static 
+ Bool containsDubiousChars ( Char* name )
+ {
+-   Bool cdc = False;
++#  if BZ_UNIX
++   /* On unix, files can contain any characters and the file expansion
++    * is performed by the shell.
++    */
++   return False;
++#  else /* ! BZ_UNIX */
++   /* On non-unix (Win* platforms), wildcard characters are not allowed in 
++    * filenames.
++    */
+    for (; *name != '\0'; name++)
+-      if (*name == '?' || *name == '*') cdc = True;
+-   return cdc;
++      if (*name == '?' || *name == '*') return True;
++   return False;
++#  endif /* BZ_UNIX */
+ }
+ 
+ 
+@@ -1201,6 +1204,7 @@
+    FILE  *inStr;
+    FILE  *outStr;
+    Int32 n, i;
++   struct MY_STAT statBuf;
+ 
+    deleteOutputOnInterrupt = False;
+ 
+@@ -1246,6 +1250,16 @@
+          return;
+       }
+    }
++   if ( srcMode == SM_F2F || srcMode == SM_F2O ) {
++      MY_STAT(inName, &statBuf);
++      if ( MY_S_ISDIR(statBuf.st_mode) ) {
++         fprintf( stderr,
++                  "%s: Input file %s is a directory.\n",
++                  progName,inName);
++         setExit(1);
++         return;
++      }
++   }
+    if ( srcMode == SM_F2F && !forceOverwrite && notAStandardFile ( inName )) {
+       if (noisy)
+       fprintf ( stderr, "%s: Input file %s is not a normal file.\n",
+@@ -1253,11 +1267,15 @@
+       setExit(1);
+       return;
+    }
+-   if ( srcMode == SM_F2F && !forceOverwrite && fileExists ( outName ) ) {
+-      fprintf ( stderr, "%s: Output file %s already exists.\n",
+-                progName, outName );
+-      setExit(1);
+-      return;
++   if ( srcMode == SM_F2F && fileExists ( outName ) ) {
++      if (forceOverwrite) {
++	 remove(outName);
++      } else {
++	 fprintf ( stderr, "%s: Output file %s already exists.\n",
++		   progName, outName );
++	 setExit(1);
++	 return;
++      }
+    }
+    if ( srcMode == SM_F2F && !forceOverwrite &&
+         (n=countHardLinks ( inName )) > 0) {
+@@ -1267,6 +1285,12 @@
+       return;
+    }
+ 
++   if ( srcMode == SM_F2F ) {
++      /* Save the file's meta-info before we open it.  Doing it later
++         means we mess up the access times. */
++      saveInputFileMetaInfo ( inName );
++   }
++
+    switch ( srcMode ) {
+ 
+       case SM_I2O:
+@@ -1306,7 +1330,7 @@
+ 
+       case SM_F2F:
+          inStr = fopen ( inName, "rb" );
+-         outStr = fopen ( outName, "wb" );
++         outStr = fopen_output_safely ( outName, "wb" );
+          if ( outStr == NULL) {
+             fprintf ( stderr, "%s: Can't create output file %s: %s.\n",
+                       progName, outName, strerror(errno) );
+@@ -1321,7 +1345,6 @@
+             setExit(1);
+             return;
+          };
+-         setInterimPermissions ( outName );
+          break;
+ 
+       default:
+@@ -1343,7 +1366,7 @@
+ 
+    /*--- If there was an I/O error, we won't get here. ---*/
+    if ( srcMode == SM_F2F ) {
+-      copyDatePermissionsAndOwner ( inName, outName );
++      applySavedMetaInfoToOutputFile ( outName );
+       deleteOutputOnInterrupt = False;
+       if ( !keepInputFiles ) {
+          IntNative retVal = remove ( inName );
+@@ -1364,6 +1387,7 @@
+    Int32 n, i;
+    Bool  magicNumberOK;
+    Bool  cantGuess;
++   struct MY_STAT statBuf;
+ 
+    deleteOutputOnInterrupt = False;
+ 
+@@ -1405,6 +1429,16 @@
+       setExit(1);
+       return;
+    }
++   if ( srcMode == SM_F2F || srcMode == SM_F2O ) {
++      MY_STAT(inName, &statBuf);
++      if ( MY_S_ISDIR(statBuf.st_mode) ) {
++         fprintf( stderr,
++                  "%s: Input file %s is a directory.\n",
++                  progName,inName);
++         setExit(1);
++         return;
++      }
++   }
+    if ( srcMode == SM_F2F && !forceOverwrite && notAStandardFile ( inName )) {
+       if (noisy)
+       fprintf ( stderr, "%s: Input file %s is not a normal file.\n",
+@@ -1419,11 +1453,15 @@
+                 progName, inName, outName );
+       /* just a warning, no return */
+    }   
+-   if ( srcMode == SM_F2F && !forceOverwrite && fileExists ( outName ) ) {
+-      fprintf ( stderr, "%s: Output file %s already exists.\n",
+-                progName, outName );
+-      setExit(1);
+-      return;
++   if ( srcMode == SM_F2F && fileExists ( outName ) ) {
++      if (forceOverwrite) {
++	remove(outName);
++      } else {
++        fprintf ( stderr, "%s: Output file %s already exists.\n",
++                  progName, outName );
++        setExit(1);
++        return;
++      }
+    }
+    if ( srcMode == SM_F2F && !forceOverwrite &&
+         (n=countHardLinks ( inName ) ) > 0) {
+@@ -1433,6 +1471,12 @@
+       return;
+    }
+ 
++   if ( srcMode == SM_F2F ) {
++      /* Save the file's meta-info before we open it.  Doing it later
++         means we mess up the access times. */
++      saveInputFileMetaInfo ( inName );
++   }
++
+    switch ( srcMode ) {
+ 
+       case SM_I2O:
+@@ -1463,7 +1507,7 @@
+ 
+       case SM_F2F:
+          inStr = fopen ( inName, "rb" );
+-         outStr = fopen ( outName, "wb" );
++         outStr = fopen_output_safely ( outName, "wb" );
+          if ( outStr == NULL) {
+             fprintf ( stderr, "%s: Can't create output file %s: %s.\n",
+                       progName, outName, strerror(errno) );
+@@ -1478,7 +1522,6 @@
+             setExit(1);
+             return;
+          };
+-         setInterimPermissions ( outName );
+          break;
+ 
+       default:
+@@ -1501,7 +1544,7 @@
+    /*--- If there was an I/O error, we won't get here. ---*/
+    if ( magicNumberOK ) {
+       if ( srcMode == SM_F2F ) {
+-         copyDatePermissionsAndOwner ( inName, outName );
++         applySavedMetaInfoToOutputFile ( outName );
+          deleteOutputOnInterrupt = False;
+          if ( !keepInputFiles ) {
+             IntNative retVal = remove ( inName );
+@@ -1539,6 +1582,7 @@
+ {
+    FILE *inStr;
+    Bool allOK;
++   struct MY_STAT statBuf;
+ 
+    deleteOutputOnInterrupt = False;
+ 
+@@ -1565,6 +1609,16 @@
+       setExit(1);
+       return;
+    }
++   if ( srcMode != SM_I2O ) {
++      MY_STAT(inName, &statBuf);
++      if ( MY_S_ISDIR(statBuf.st_mode) ) {
++         fprintf( stderr,
++                  "%s: Input file %s is a directory.\n",
++                  progName,inName);
++         setExit(1);
++         return;
++      }
++   }
+ 
+    switch ( srcMode ) {
+ 
+@@ -1603,6 +1657,7 @@
+    }
+ 
+    /*--- Now the input handle is sane.  Do the Biz. ---*/
++   outputHandleJustInCase = NULL;
+    allOK = testStream ( inStr );
+ 
+    if (allOK && verbosity >= 1) fprintf ( stderr, "ok\n" );
+@@ -1619,7 +1674,7 @@
+     "bzip2, a block-sorting file compressor.  "
+     "Version %s.\n"
+     "   \n"
+-    "   Copyright (C) 1996-2000 by Julian Seward.\n"
++    "   Copyright (C) 1996-2002 by Julian Seward.\n"
+     "   \n"
+     "   This program is free software; you can redistribute it and/or modify\n"
+     "   it under the terms set out in the LICENSE file, which is included\n"
+@@ -1658,6 +1713,8 @@
+       "   -V --version        display software version & license\n"
+       "   -s --small          use less memory (at most 2500k)\n"
+       "   -1 .. -9            set block size to 100k .. 900k\n"
++      "   --fast              alias for -1\n"
++      "   --best              alias for -9\n"
+       "\n"
+       "   If invoked as `bzip2', default action is to compress.\n"
+       "              as `bunzip2',  default action is to decompress.\n"
+@@ -1666,9 +1723,9 @@
+       "   If no file names are given, bzip2 compresses or decompresses\n"
+       "   from standard input to standard output.  You can combine\n"
+       "   short flags, so `-v -4' means the same as -v4 or -4v, &c.\n"
+-#if BZ_UNIX
++#     if BZ_UNIX
+       "\n"
+-#endif
++#     endif
+       ,
+ 
+       BZ2_bzlibVersion(),
+@@ -1818,11 +1875,11 @@
+ 
+    /*-- Set up signal handlers for mem access errors --*/
+    signal (SIGSEGV, mySIGSEGVorSIGBUScatcher);
+-#if BZ_UNIX
+-#ifndef __DJGPP__
++#  if BZ_UNIX
++#  ifndef __DJGPP__
+    signal (SIGBUS,  mySIGSEGVorSIGBUScatcher);
+-#endif
+-#endif
++#  endif
++#  endif
+ 
+    copyFileName ( inName,  "(none)" );
+    copyFileName ( outName, "(none)" );
+@@ -1933,6 +1990,8 @@
+       if (ISFLAG("--exponential"))       workFactor = 1;             else 
+       if (ISFLAG("--repetitive-best"))   redundant(aa->name);        else
+       if (ISFLAG("--repetitive-fast"))   redundant(aa->name);        else
++      if (ISFLAG("--fast"))              blockSize100k = 1;          else
++      if (ISFLAG("--best"))              blockSize100k = 9;          else
+       if (ISFLAG("--verbose"))           verbosity++;                else
+       if (ISFLAG("--help"))              { usage ( progName ); exit ( 0 ); }
+          else
+Index: contrib/bzip2/bzlib.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/bzlib.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 bzlib.c
+--- contrib/bzip2/bzlib.c	1 Aug 2001 00:13:32 -0000	1.1.1.1.2.1
++++ contrib/bzip2/bzlib.c	22 Feb 2002 13:34:04 -0000
+@@ -8,7 +8,7 @@
+   This file is a part of bzip2 and/or libbzip2, a program and
+   library for lossless, block-sorting data compression.
+ 
+-  Copyright (C) 1996-2000 Julian R Seward.  All rights reserved.
++  Copyright (C) 1996-2002 Julian R Seward.  All rights reserved.
+ 
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+@@ -93,10 +93,39 @@
+       "component, you should also report this bug to the author(s)\n"
+       "of that program.  Please make an effort to report this bug;\n"
+       "timely and accurate bug reports eventually lead to higher\n"
+-      "quality software.  Thanks.  Julian Seward, 21 March 2000.\n\n",
++      "quality software.  Thanks.  Julian Seward, 30 December 2001.\n\n",
+       errcode,
+       BZ2_bzlibVersion()
+    );
++
++   if (errcode == 1007) {
++   fprintf(stderr,
++      "\n*** A special note about internal error number 1007 ***\n"
++      "\n"
++      "Experience suggests that a common cause of i.e. 1007\n"
++      "is unreliable memory or other hardware.  The 1007 assertion\n"
++      "just happens to cross-check the results of huge numbers of\n"
++      "memory reads/writes, and so acts (unintendedly) as a stress\n"
++      "test of your memory system.\n"
++      "\n"
++      "I suggest the following: try compressing the file again,\n"
++      "possibly monitoring progress in detail with the -vv flag.\n"
++      "\n"
++      "* If the error cannot be reproduced, and/or happens at different\n"
++      "  points in compression, you may have a flaky memory system.\n"
++      "  Try a memory-test program.  I have used Memtest86\n"
++      "  (www.memtest86.com).  At the time of writing it is free (GPLd).\n"
++      "  Memtest86 tests memory much more thorougly than your BIOSs\n"
++      "  power-on test, and may find failures that the BIOS doesn't.\n"
++      "\n"
++      "* If the error can be repeatably reproduced, this is a bug in\n"
++      "  bzip2, and I would very much like to hear about it.  Please\n"
++      "  let me know, and, ideally, save a copy of the file causing the\n"
++      "  problem -- without which I will be unable to investigate it.\n"
++      "\n"
++   );
++   }
++
+    exit(3);
+ }
+ #endif
+@@ -1402,7 +1431,7 @@
+          smallMode = 1; break;
+       default:
+          if (isdigit((int)(*mode))) {
+-            blockSize100k = *mode-'0';
++            blockSize100k = *mode-BZ_HDR_0;
+          }
+       }
+       mode++;
+Index: contrib/bzip2/bzlib.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/bzlib.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 bzlib.h
+--- contrib/bzip2/bzlib.h	1 Aug 2001 00:13:32 -0000	1.1.1.1.2.1
++++ contrib/bzip2/bzlib.h	22 Feb 2002 13:34:04 -0000
+@@ -8,7 +8,7 @@
+   This file is a part of bzip2 and/or libbzip2, a program and
+   library for lossless, block-sorting data compression.
+ 
+-  Copyright (C) 1996-2000 Julian R Seward.  All rights reserved.
++  Copyright (C) 1996-2002 Julian R Seward.  All rights reserved.
+ 
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+@@ -110,8 +110,10 @@
+ #define BZ_EXPORT
+ #endif
+ 
++/* Need a definitition for FILE */
++#include <stdio.h>
++
+ #ifdef _WIN32
+-#   include <stdio.h>
+ #   include <windows.h>
+ #   ifdef small
+       /* windows.h define small to char */
+Index: contrib/bzip2/bzlib_private.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/bzlib_private.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 bzlib_private.h
+--- contrib/bzip2/bzlib_private.h	1 Aug 2001 00:13:32 -0000	1.1.1.1.2.1
++++ contrib/bzip2/bzlib_private.h	22 Feb 2002 13:34:04 -0000
+@@ -8,7 +8,7 @@
+   This file is a part of bzip2 and/or libbzip2, a program and
+   library for lossless, block-sorting data compression.
+ 
+-  Copyright (C) 1996-2000 Julian R Seward.  All rights reserved.
++  Copyright (C) 1996-2002 Julian R Seward.  All rights reserved.
+ 
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+@@ -76,7 +76,7 @@
+ 
+ /*-- General stuff. --*/
+ 
+-#define BZ_VERSION  "1.0.1, 23-June-2000"
++#define BZ_VERSION  "1.0.2, 30-Dec-2001"
+ 
+ typedef char            Char;
+ typedef unsigned char   Bool;
+@@ -137,6 +137,13 @@
+ #define BZFREE(ppp)  (strm->bzfree)(strm->opaque,(ppp))
+ 
+ 
++/*-- Header bytes. --*/
++
++#define BZ_HDR_B 0x42   /* 'B' */
++#define BZ_HDR_Z 0x5a   /* 'Z' */
++#define BZ_HDR_h 0x68   /* 'h' */
++#define BZ_HDR_0 0x30   /* '0' */
++  
+ /*-- Constants for the back end. --*/
+ 
+ #define BZ_MAX_ALPHA_SIZE 258
+Index: contrib/bzip2/compress.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/compress.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 compress.c
+--- contrib/bzip2/compress.c	1 Aug 2001 00:13:32 -0000	1.1.1.1.2.1
++++ contrib/bzip2/compress.c	22 Feb 2002 13:34:04 -0000
+@@ -8,7 +8,7 @@
+   This file is a part of bzip2 and/or libbzip2, a program and
+   library for lossless, block-sorting data compression.
+ 
+-  Copyright (C) 1996-2000 Julian R Seward.  All rights reserved.
++  Copyright (C) 1996-2002 Julian R Seward.  All rights reserved.
+ 
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+@@ -663,10 +663,10 @@
+    /*-- If this is the first block, create the stream header. --*/
+    if (s->blockNo == 1) {
+       BZ2_bsInitWrite ( s );
+-      bsPutUChar ( s, 'B' );
+-      bsPutUChar ( s, 'Z' );
+-      bsPutUChar ( s, 'h' );
+-      bsPutUChar ( s, (UChar)('0' + s->blockSize100k) );
++      bsPutUChar ( s, BZ_HDR_B );
++      bsPutUChar ( s, BZ_HDR_Z );
++      bsPutUChar ( s, BZ_HDR_h );
++      bsPutUChar ( s, (UChar)(BZ_HDR_0 + s->blockSize100k) );
+    }
+ 
+    if (s->nblock > 0) {
+Index: contrib/bzip2/decompress.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/decompress.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 decompress.c
+--- contrib/bzip2/decompress.c	1 Aug 2001 00:13:32 -0000	1.1.1.1.2.1
++++ contrib/bzip2/decompress.c	22 Feb 2002 13:34:04 -0000
+@@ -8,7 +8,7 @@
+   This file is a part of bzip2 and/or libbzip2, a program and
+   library for lossless, block-sorting data compression.
+ 
+-  Copyright (C) 1996-2000 Julian R Seward.  All rights reserved.
++  Copyright (C) 1996-2002 Julian R Seward.  All rights reserved.
+ 
+   Redistribution and use in source and binary forms, with or without
+   modification, are permitted provided that the following conditions
+@@ -235,18 +235,18 @@
+    switch (s->state) {
+ 
+       GET_UCHAR(BZ_X_MAGIC_1, uc);
+-      if (uc != 'B') RETURN(BZ_DATA_ERROR_MAGIC);
++      if (uc != BZ_HDR_B) RETURN(BZ_DATA_ERROR_MAGIC);
+ 
+       GET_UCHAR(BZ_X_MAGIC_2, uc);
+-      if (uc != 'Z') RETURN(BZ_DATA_ERROR_MAGIC);
++      if (uc != BZ_HDR_Z) RETURN(BZ_DATA_ERROR_MAGIC);
+ 
+       GET_UCHAR(BZ_X_MAGIC_3, uc)
+-      if (uc != 'h') RETURN(BZ_DATA_ERROR_MAGIC);
++      if (uc != BZ_HDR_h) RETURN(BZ_DATA_ERROR_MAGIC);
+ 
+       GET_BITS(BZ_X_MAGIC_4, s->blockSize100k, 8)
+-      if (s->blockSize100k < '1' || 
+-          s->blockSize100k > '9') RETURN(BZ_DATA_ERROR_MAGIC);
+-      s->blockSize100k -= '0';
++      if (s->blockSize100k < (BZ_HDR_0 + 1) || 
++          s->blockSize100k > (BZ_HDR_0 + 9)) RETURN(BZ_DATA_ERROR_MAGIC);
++      s->blockSize100k -= BZ_HDR_0;
+ 
+       if (s->smallDecompress) {
+          s->ll16 = BZALLOC( s->blockSize100k * 100000 * sizeof(UInt16) );
diff --git a/share/security/patches/SA-02:25/bzip2.patch.asc b/share/security/patches/SA-02:25/bzip2.patch.asc
new file mode 100644
index 0000000000..1c131dfb36
--- /dev/null
+++ b/share/security/patches/SA-02:25/bzip2.patch.asc
@@ -0,0 +1,10 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iQCVAwUAPOLoo1UuHi5z0oilAQGqpwP8CtFu/EOuFHSqeJUY0ZYP8Gx5rD8q83NL
+G+7iWbRRDZz5ZkTpQdRZqUh3LbOXR+ycpa2i98eD4r6C1Ski408nbwhrOru6QSJF
+7RNiFtKFyqUOGdtD68RoxHttR6Q+fS7yafjISF3xXUcR3Zgz3uVt1XrNK4lIm0rc
+gFGNO4GhP+A=
+=LNFu
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:26/accept.patch b/share/security/patches/SA-02:26/accept.patch
new file mode 100644
index 0000000000..a0d65ada9c
--- /dev/null
+++ b/share/security/patches/SA-02:26/accept.patch
@@ -0,0 +1,51 @@
+Index: sys/kern/uipc_socket.c
+diff -u sys/kern/uipc_socket.c:1.68.2.20 sys/kern/uipc_socket.c:1.68.2.21
+--- sys/kern/uipc_socket.c:1.68.2.20	Sun Apr 28 16:38:13 2002
++++ sys/kern/uipc_socket.c	Tue Apr 30 22:27:35 2002
+@@ -256,7 +256,6 @@
+ 		} else {
+ 			panic("sofree: not queued");
+ 		}
+-		head->so_qlen--;
+ 		so->so_state &= ~SS_INCOMP;
+ 		so->so_head = NULL;
+ 	}
+@@ -1641,6 +1640,6 @@
+ {
+ 	struct socket *so = (struct socket *)kn->kn_fp->f_data;
+ 
+-	kn->kn_data = so->so_qlen - so->so_incqlen;
++	kn->kn_data = so->so_qlen;
+ 	return (! TAILQ_EMPTY(&so->so_comp));
+ }
+Index: sys/kern/uipc_socket2.c
+diff -u sys/kern/uipc_socket2.c:1.55.2.13 sys/kern/uipc_socket2.c:1.55.2.15
+--- sys/kern/uipc_socket2.c:1.55.2.15	Tue Apr 30 22:26:30 2002
++++ sys/kern/uipc_socket2.c	Tue Apr 30 22:27:35 2002
+@@ -123,6 +123,7 @@
+ 		head->so_incqlen--;
+ 		so->so_state &= ~SS_INCOMP;
+ 		TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
++		head->so_qlen++;
+ 		so->so_state |= SS_COMP;
+ 		sorwakeup(head);
+ 		wakeup_one(&head->so_timeo);
+@@ -207,12 +208,17 @@
+ 	if (connstatus) {
+ 		TAILQ_INSERT_TAIL(&head->so_comp, so, so_list);
+ 		so->so_state |= SS_COMP;
++		head->so_qlen++;
+ 	} else {
++		if (head->so_incqlen > head->so_qlimit) {
++			struct socket *sp;
++			sp = TAILQ_FIRST(&head->so_incomp);
++			(void) soabort(sp);
++		}
+ 		TAILQ_INSERT_TAIL(&head->so_incomp, so, so_list);
+ 		so->so_state |= SS_INCOMP;
+ 		head->so_incqlen++;
+ 	}
+-	head->so_qlen++;
+ 	if (connstatus) {
+ 		sorwakeup(head);
+ 		wakeup((caddr_t)&head->so_timeo);
diff --git a/share/security/patches/SA-02:26/accept.patch.asc b/share/security/patches/SA-02:26/accept.patch.asc
new file mode 100644
index 0000000000..2acd530079
--- /dev/null
+++ b/share/security/patches/SA-02:26/accept.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPPPPm1UuHi5z0oilAQGNLQP/c8SAAJO6IQUHAlwqqHuWyb8XL9m1eTc/
+IfSdNkqRtT/TobLk+FLGwU7OqqiupLLdbVnfea/NUbQ9OOT1PQxK7UrlDKNKiM3+
+2KMJcNMH7IZ6JbfslQYrriEcDl7ZRtS/STqkEVYgPVlTKkJ7hvo0um4PzszT5vWL
+dm2pq4dT0Ek=
+=I3BS
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:27/rc.patch b/share/security/patches/SA-02:27/rc.patch
new file mode 100644
index 0000000000..6726c92dd0
--- /dev/null
+++ b/share/security/patches/SA-02:27/rc.patch
@@ -0,0 +1,15 @@
+Index: etc/rc
+diff -u etc/rc:1.212.2.49 etc/rc:1.212.2.50
+--- etc/rc:1.212.2.49	Sun Apr 28 17:49:59 2002
++++ etc/rc	Thu May  9 12:39:01 2002
+@@ -370,7 +370,9 @@
+ # Remove X lock files, since they will prevent you from restarting X11
+ # after a system crash.
+ #
+-rm -f /tmp/.X*-lock /tmp/.X11-unix/*
++rm -f /tmp/.X*-lock
++rm -fr /tmp/.X11-unix
++mkdir -m 1777 /tmp/.X11-unix
+ 
+ # Snapshot any kernel -c changes back to disk here <someday>.
+ # This has changed with ELF and /kernel.config.
diff --git a/share/security/patches/SA-02:27/rc.patch.asc b/share/security/patches/SA-02:27/rc.patch.asc
new file mode 100644
index 0000000000..e7e103a4f9
--- /dev/null
+++ b/share/security/patches/SA-02:27/rc.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPPPPplUuHi5z0oilAQGkLgP/XPBJdJEChqK3tQx12Tp6Bo5G3yxeMeFv
+2XMIc1ejRoC2670601yfHPLtSSsQBanDl9jMhfg1IvhZKr8sKb/MEdrD9fThtnzQ
+w36f36qb/c6+fQgg/gFX9Xet1+/3DnrMIQ0Vl9kVqHTb5BqPl9FJs4x6jyKkGy/7
+zmqOkoj8dio=
+=8DaF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:28/resolv.patch b/share/security/patches/SA-02:28/resolv.patch
new file mode 100644
index 0000000000..b984e5d724
--- /dev/null
+++ b/share/security/patches/SA-02:28/resolv.patch
@@ -0,0 +1,44 @@
+--- lib/libc/net/gethostbydns.c	16 Feb 2000 04:39:00 -0000	1.27
++++ lib/libc/net/gethostbydns.c	26 Jun 2002 06:24:29 -0000	1.27.2.2
+@@ -389,6 +389,7 @@
+ 				buflen -= nn;
+ 			}
+ 
++			buflen -= sizeof(align) - ((u_long)bp % sizeof(align));
+ 			bp += sizeof(align) - ((u_long)bp % sizeof(align));
+ 
+ 			if (bp + n >= &hostbuf[sizeof hostbuf]) {
+--- lib/libc/net/getnetbydns.c	5 Mar 2001 10:47:08 -0000	1.13.2.1
++++ lib/libc/net/getnetbydns.c	26 Jun 2002 06:34:18 -0000	1.13.2.2
+@@ -173,7 +173,9 @@
+ 			}
+ 			cp += n; 
+ 			*ap++ = bp;
+-			bp += strlen(bp) + 1;
++			n = strlen(bp) + 1;
++			bp += n;
++			buflen -= n;
+ 			net_entry.n_addrtype =
+ 				(class == C_IN) ? AF_INET : AF_UNSPEC;
+ 			haveanswer++;
+--- lib/libc/net/name6.c	19 Jul 2000 06:22:01 -0000	1.6.2.5
++++ lib/libc/net/name6.c	26 Jun 2002 06:06:43 -0000	1.6.2.6
+@@ -1024,7 +1024,7 @@
+ 	register const u_char *cp;
+ 	register int n;
+ 	const u_char *eom, *erdata;
+-	char *bp, **ap, **hap;
++	char *bp, **ap, **hap, *obp;
+ 	int type, class, buflen, ancount, qdcount;
+ 	int haveanswer, had_error;
+ 	char tbuf[MAXDNAME];
+@@ -1238,7 +1238,9 @@
+ 				bp += nn;
+ 				buflen -= nn;
+ 			}
++			obp = bp; /* ALIGN rounds up */
+ 			bp = (char *)ALIGN(bp);
++			buflen -= (bp - obp);
+ 
+ 			DNS_FATAL(bp + n < &hostbuf[sizeof hostbuf]);
+ 			DNS_ASSERT(hap < &h_addr_ptrs[MAXADDRS-1]);
diff --git a/share/security/patches/SA-02:28/resolv.patch.asc b/share/security/patches/SA-02:28/resolv.patch.asc
new file mode 100644
index 0000000000..8a08cb16a7
--- /dev/null
+++ b/share/security/patches/SA-02:28/resolv.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPRlkH1UuHi5z0oilAQFAVQQAgyT4VPoLNVydzBQsgauLylpuDwAbJU8q
+SgZhIVtqE05e3PE1QD0EKl1Xwb72PVWIZM43PgZMy1RtGmWBSQKjBqic+f+A6EH7
+Z+lw8GYPbOw+QKuUchFWrPLCig6hLYlTOEiYiIFVA8EfwjSTy5xP/xCH+1z44nmw
+zotVfp7euVo=
+=Heky
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:29/tcpdump.patch b/share/security/patches/SA-02:29/tcpdump.patch
new file mode 100644
index 0000000000..fd7648f6e7
--- /dev/null
+++ b/share/security/patches/SA-02:29/tcpdump.patch
@@ -0,0 +1,23 @@
+Index: contrib/tcpdump/interface.h
+diff -u contrib/tcpdump/interface.h:1.4.2.1 contrib/tcpdump/interface.h:1.4.2.1.6.1
+--- contrib/tcpdump/interface.h:1.4.2.1	Thu Jul 26 15:30:00 2001
++++ contrib/tcpdump/interface.h	Fri Jul 12 06:29:47 2002
+@@ -132,8 +132,16 @@
+ extern const u_char *packetp;
+ extern const u_char *snapend;
+ 
+-/* True if  "l" bytes of "var" were captured */
+-#define TTEST2(var, l) ((u_char *)&(var) <= snapend - (l))
++/*
++ * True if  "l" bytes of "var" were captured.
++ *
++ * The "snapend - (l) <= snapend" checks to make sure "l" isn't so large
++ * that "snapend - (l)" underflows.
++ *
++ * The check is for <= rather than < because "l" might be 0.
++ */
++#define TTEST2(var, l) (snapend - (l) <= snapend && \
++			(const u_char *)&(var) <= snapend - (l))
+ 
+ /* True if "var" was captured */
+ #define TTEST(var) TTEST2(var, sizeof(var))
diff --git a/share/security/patches/SA-02:29/tcpdump.patch.asc b/share/security/patches/SA-02:29/tcpdump.patch.asc
new file mode 100644
index 0000000000..622f3ea0ce
--- /dev/null
+++ b/share/security/patches/SA-02:29/tcpdump.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPS7blVUuHi5z0oilAQGsWgP+NiUD0omzqY3UH5GJjKeBxwQNYRRHUcKv
+dFJNEn4xKt2I16pvR15o0ZrJlZHo7w2LoaaoDmCZ1MOOjOq/1DaXFMRAlpxf8up8
+kpHW4Zc7mHwQGnZjP6CZJ91WqOgkKt/LgNTwy+HVXdtLLhRmscCK97y8IJNctvBX
+tcmadJAspYo=
+=N3iS
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:30/ktrace.patch b/share/security/patches/SA-02:30/ktrace.patch
new file mode 100644
index 0000000000..3d55a8be80
--- /dev/null
+++ b/share/security/patches/SA-02:30/ktrace.patch
@@ -0,0 +1,18 @@
+Index: sys/kern/kern_ktrace.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_ktrace.c,v
+retrieving revision 1.35.2.5
+retrieving revision 1.35.2.6
+diff -u -r1.35.2.5 -r1.35.2.6
+--- sys/kern/kern_ktrace.c	24 Oct 2001 19:14:51 -0000	1.35.2.5
++++ sys/kern/kern_ktrace.c	5 Jul 2002 22:36:38 -0000	1.35.2.6
+@@ -571,7 +571,8 @@
+ 	     target->p_ruid == target->p_svuid &&
+ 	     caller->p_rgid == target->p_rgid &&	/* XXX */
+ 	     target->p_rgid == target->p_svgid &&
+-	     (targetp->p_traceflag & KTRFAC_ROOT) == 0) ||
++	     (targetp->p_traceflag & KTRFAC_ROOT) == 0 &&
++	     (targetp->p_flag & P_SUGID) == 0) ||
+ 	     caller->pc_ucred->cr_uid == 0)
+ 		return (1);
+ 
diff --git a/share/security/patches/SA-02:30/ktrace.patch.asc b/share/security/patches/SA-02:30/ktrace.patch.asc
new file mode 100644
index 0000000000..aca45a9ee7
--- /dev/null
+++ b/share/security/patches/SA-02:30/ktrace.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPS7e1FUuHi5z0oilAQHqMAP/Sb0k8ASZM+CE/G28pmpsGRPlQ+AxOawE
+9q5nGzIFXkh1Oi0NmiwZLwg0BAH2AGzdOuzHGF98ghivrn+5bxqaMTT06bjjSw9f
+PSkn8jokICvA2iexcVOPa5NHQpROaJfKo/mp7ECFIr9So8XhRg2k7j/+60LggG9w
+kqZDIt2LlzM=
+=iB/c
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:32/pppd.patch b/share/security/patches/SA-02:32/pppd.patch
new file mode 100644
index 0000000000..d7a87329e1
--- /dev/null
+++ b/share/security/patches/SA-02:32/pppd.patch
@@ -0,0 +1,13 @@
+Index: usr.sbin/pppd/main.c
+diff -u usr.sbin/pppd/main.c:1.19 src/usr.sbin/pppd/main.c:1.20
+--- usr.sbin/pppd/main.c:1.19	Fri Aug 27 20:19:06 1999
++++ usr.sbin/pppd/main.c	Mon Jul 29 22:49:27 2002
+@@ -833,7 +833,7 @@
+     restore_tty(ttyfd);
+ 
+     if (tty_mode != (mode_t) -1)
+-	chmod(devnam, tty_mode);
++	fchmod(ttyfd, tty_mode);
+ 
+     close(ttyfd);
+     ttyfd = -1;
diff --git a/share/security/patches/SA-02:32/pppd.patch.asc b/share/security/patches/SA-02:32/pppd.patch.asc
new file mode 100644
index 0000000000..be6ddb791e
--- /dev/null
+++ b/share/security/patches/SA-02:32/pppd.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPUbkRFUuHi5z0oilAQEiUAP+KOmBtGgC9T4TXKMmjdcUS5WhZJYIVyhZ
+Gw9sjGAEck+5nZcTN/vs9r2c2sxS3HIfv8gbSRwstB1HmbTuFa1mtErn2suU1PAv
+Ths06SSW8j+zmCD7AU/UlXHVklxGEjO6ib9v7ZI+p0uuq/ea52ev8efS1WniHtSH
+sElw4y/o2q8=
+=7++6
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:33/openssl.patch b/share/security/patches/SA-02:33/openssl.patch
new file mode 100644
index 0000000000..c11e09d952
--- /dev/null
+++ b/share/security/patches/SA-02:33/openssl.patch
@@ -0,0 +1,50892 @@
+cvs diff: Diffing crypto/openssl
+Index: crypto/openssl/CHANGES
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/CHANGES,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 CHANGES
+--- crypto/openssl/CHANGES	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.2
++++ crypto/openssl/CHANGES	31 Jul 2002 00:46:50 -0000
+@@ -2,6 +2,530 @@
+  OpenSSL CHANGES
+  _______________
+ 
++ Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
++
++  *) Fix cipher selection routines: ciphers without encryption had no flags
++     for the cipher strength set and where therefore not handled correctly
++     by the selection routines (PR #130).
++     [Lutz Jaenicke]
++
++  *) Fix EVP_dsa_sha macro.
++     [Nils Larsch]
++
++  *) New option
++          SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
++     for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
++     that was added in OpenSSL 0.9.6d.
++
++     As the countermeasure turned out to be incompatible with some
++     broken SSL implementations, the new option is part of SSL_OP_ALL.
++     SSL_OP_ALL is usually employed when compatibility with weird SSL
++     implementations is desired (e.g. '-bugs' option to 's_client' and
++     's_server'), so the new option is automatically set in many
++     applications.
++     [Bodo Moeller]
++
++  *) Changes in security patch:
++
++     Changes marked "(CHATS)" were sponsored by the Defense Advanced
++     Research Projects Agency (DARPA) and Air Force Research Laboratory,
++     Air Force Materiel Command, USAF, under agreement number
++     F30602-01-2-0537.
++
++  *) Add various sanity checks to asn1_get_length() to reject
++     the ASN1 length bytes if they exceed sizeof(long), will appear
++     negative or the content length exceeds the length of the
++     supplied buffer.
++     [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
++
++  *) Assertions for various potential buffer overflows, not known to
++     happen in practice.
++     [Ben Laurie (CHATS)]
++
++  *) Various temporary buffers to hold ASCII versions of integers were
++     too small for 64 bit platforms. (CAN-2002-0655)
++     [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
++
++  *) Remote buffer overflow in SSL3 protocol - an attacker could
++     supply an oversized session ID to a client. (CAN-2002-0656)
++     [Ben Laurie (CHATS)]
++
++  *) Remote buffer overflow in SSL2 protocol - an attacker could
++     supply an oversized client master key. (CAN-2002-0656)
++     [Ben Laurie (CHATS)]
++
++ Changes between 0.9.6c and 0.9.6d  [9 May 2002]
++
++  *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
++     encoded as NULL) with id-dsa-with-sha1.
++     [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
++
++  *) Check various X509_...() return values in apps/req.c.
++     [Nils Larsch <nla@trustcenter.de>]
++
++  *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
++     an end-of-file condition would erronously be flagged, when the CRLF
++     was just at the end of a processed block. The bug was discovered when
++     processing data through a buffering memory BIO handing the data to a
++     BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
++     <ptsekov@syntrex.com> and Nedelcho Stanev.
++     [Lutz Jaenicke]
++
++  *) Implement a countermeasure against a vulnerability recently found
++     in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
++     before application data chunks to avoid the use of known IVs
++     with data potentially chosen by the attacker.
++     [Bodo Moeller]
++
++  *) Fix length checks in ssl3_get_client_hello().
++     [Bodo Moeller]
++
++  *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
++     to prevent ssl3_read_internal() from incorrectly assuming that
++     ssl3_read_bytes() found application data while handshake
++     processing was enabled when in fact s->s3->in_read_app_data was
++     merely automatically cleared during the initial handshake.
++     [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
++
++  *) Fix object definitions for Private and Enterprise: they were not
++     recognized in their shortname (=lowercase) representation. Extend
++     obj_dat.pl to issue an error when using undefined keywords instead
++     of silently ignoring the problem (Svenning Sorensen
++     <sss@sss.dnsalias.net>).
++     [Lutz Jaenicke]
++
++  *) Fix DH_generate_parameters() so that it works for 'non-standard'
++     generators, i.e. generators other than 2 and 5.  (Previously, the
++     code did not properly initialise the 'add' and 'rem' values to
++     BN_generate_prime().)
++
++     In the new general case, we do not insist that 'generator' is
++     actually a primitive root: This requirement is rather pointless;
++     a generator of the order-q subgroup is just as good, if not
++     better.
++     [Bodo Moeller]
++ 
++  *) Map new X509 verification errors to alerts. Discovered and submitted by
++     Tom Wu <tom@arcot.com>.
++     [Lutz Jaenicke]
++
++  *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
++     returning non-zero before the data has been completely received
++     when using non-blocking I/O.
++     [Bodo Moeller; problem pointed out by John Hughes]
++
++  *) Some of the ciphers missed the strength entry (SSL_LOW etc).
++     [Ben Laurie, Lutz Jaenicke]
++
++  *) Fix bug in SSL_clear(): bad sessions were not removed (found by
++     Yoram Zahavi <YoramZ@gilian.com>).
++     [Lutz Jaenicke]
++
++  *) Add information about CygWin 1.3 and on, and preserve proper
++     configuration for the versions before that.
++     [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
++
++  *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
++     check whether we deal with a copy of a session and do not delete from
++     the cache in this case. Problem reported by "Izhar Shoshani Levi"
++     <izhar@checkpoint.com>.
++     [Lutz Jaenicke]
++
++  *) Do not store session data into the internal session cache, if it
++     is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
++     flag is set). Proposed by Aslam <aslam@funk.com>.
++     [Lutz Jaenicke]
++
++  *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
++     value is 0.
++     [Richard Levitte]
++
++  *) [In 0.9.6c-engine release:]
++     Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
++     [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
++
++  *) Add the configuration target linux-s390x.
++     [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
++
++  *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
++     ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
++     variable as an indication that a ClientHello message has been
++     received.  As the flag value will be lost between multiple
++     invocations of ssl3_accept when using non-blocking I/O, the
++     function may not be aware that a handshake has actually taken
++     place, thus preventing a new session from being added to the
++     session cache.
++
++     To avoid this problem, we now set s->new_session to 2 instead of
++     using a local variable.
++     [Lutz Jaenicke, Bodo Moeller]
++
++  *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
++     if the SSL_R_LENGTH_MISMATCH error is detected.
++     [Geoff Thorpe, Bodo Moeller]
++
++  *) New 'shared_ldflag' column in Configure platform table.
++     [Richard Levitte]
++
++  *) Fix EVP_CIPHER_mode macro.
++     ["Dan S. Camper" <dan@bti.net>]
++
++  *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
++     type, we must throw them away by setting rr->length to 0.
++     [D P Chang <dpc@qualys.com>]
++
++ Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
++
++  *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
++     <Dominikus.Scherkl@biodata.com>.  (The previous implementation
++     worked incorrectly for those cases where  range = 10..._2  and
++     3*range  is two bits longer than  range.)
++     [Bodo Moeller]
++
++  *) Only add signing time to PKCS7 structures if it is not already
++     present.
++     [Steve Henson]
++
++  *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
++     OBJ_ld_ce should be OBJ_id_ce.
++     Also some ip-pda OIDs in crypto/objects/objects.txt were
++     incorrect (cf. RFC 3039).
++     [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
++
++  *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
++     returns early because it has nothing to do.
++     [Andy Schneider <andy.schneider@bjss.co.uk>]
++
++  *) [In 0.9.6c-engine release:]
++     Fix mutex callback return values in crypto/engine/hw_ncipher.c.
++     [Andy Schneider <andy.schneider@bjss.co.uk>]
++
++  *) [In 0.9.6c-engine release:]
++     Add support for Cryptographic Appliance's keyserver technology.
++     (Use engine 'keyclient')
++     [Cryptographic Appliances and Geoff Thorpe]
++
++  *) Add a configuration entry for OS/390 Unix.  The C compiler 'c89'
++     is called via tools/c89.sh because arguments have to be
++     rearranged (all '-L' options must appear before the first object
++     modules).
++     [Richard Shapiro <rshapiro@abinitio.com>]
++
++  *) [In 0.9.6c-engine release:]
++     Add support for Broadcom crypto accelerator cards, backported
++     from 0.9.7.
++     [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
++
++  *) [In 0.9.6c-engine release:]
++     Add support for SureWare crypto accelerator cards from 
++     Baltimore Technologies.  (Use engine 'sureware')
++     [Baltimore Technologies and Mark Cox]
++
++  *) [In 0.9.6c-engine release:]
++     Add support for crypto accelerator cards from Accelerated
++     Encryption Processing, www.aep.ie.  (Use engine 'aep')
++     [AEP Inc. and Mark Cox]
++
++  *) Add a configuration entry for gcc on UnixWare.
++     [Gary Benson <gbenson@redhat.com>]
++
++  *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
++     messages are stored in a single piece (fixed-length part and
++     variable-length part combined) and fix various bugs found on the way.
++     [Bodo Moeller]
++
++  *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
++     instead.  BIO_gethostbyname() does not know what timeouts are
++     appropriate, so entries would stay in cache even when they have
++     become invalid.
++     [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
++
++  *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
++     faced with a pathologically small ClientHello fragment that does
++     not contain client_version: Instead of aborting with an error,
++     simply choose the highest available protocol version (i.e.,
++     TLS 1.0 unless it is disabled).  In practice, ClientHello
++     messages are never sent like this, but this change gives us
++     strictly correct behaviour at least for TLS.
++     [Bodo Moeller]
++
++  *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
++     never resets s->method to s->ctx->method when called from within
++     one of the SSL handshake functions.
++     [Bodo Moeller; problem pointed out by Niko Baric]
++
++  *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
++     (sent using the client's version number) if client_version is
++     smaller than the protocol version in use.  Also change
++     ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
++     the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
++     the client will at least see that alert.
++     [Bodo Moeller]
++
++  *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
++     correctly.
++     [Bodo Moeller]
++
++  *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
++     client receives HelloRequest while in a handshake.
++     [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
++
++  *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
++     should end in 'break', not 'goto end' which circuments various
++     cleanups done in state SSL_ST_OK.   But session related stuff
++     must be disabled for SSL_ST_OK in the case that we just sent a
++     HelloRequest.
++
++     Also avoid some overhead by not calling ssl_init_wbio_buffer()
++     before just sending a HelloRequest.
++     [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
++
++  *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
++     reveal whether illegal block cipher padding was found or a MAC
++     verification error occured.  (Neither SSLerr() codes nor alerts
++     are directly visible to potential attackers, but the information
++     may leak via logfiles.)
++
++     Similar changes are not required for the SSL 2.0 implementation
++     because the number of padding bytes is sent in clear for SSL 2.0,
++     and the extra bytes are just ignored.  However ssl/s2_pkt.c
++     failed to verify that the purported number of padding bytes is in
++     the legal range.
++     [Bodo Moeller]
++
++  *) Add OpenUNIX-8 support including shared libraries
++     (Boyd Lynn Gerber <gerberb@zenez.com>).
++     [Lutz Jaenicke]
++
++  *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
++     'wristwatch attack' using huge encoding parameters (cf.
++     James H. Manger's CRYPTO 2001 paper).  Note that the
++     RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
++     encoding parameters and hence was not vulnerable.
++     [Bodo Moeller]
++
++  *) BN_sqr() bug fix.
++     [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
++
++  *) Rabin-Miller test analyses assume uniformly distributed witnesses,
++     so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
++     followed by modular reduction.
++     [Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>]
++
++  *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
++     equivalent based on BN_pseudo_rand() instead of BN_rand().
++     [Bodo Moeller]
++
++  *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
++     This function was broken, as the check for a new client hello message
++     to handle SGC did not allow these large messages.
++     (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
++     [Lutz Jaenicke]
++
++  *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
++     [Lutz Jaenicke]
++
++  *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
++     for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
++     [Lutz Jaenicke]
++
++  *) Rework the configuration and shared library support for Tru64 Unix.
++     The configuration part makes use of modern compiler features and
++     still retains old compiler behavior for those that run older versions
++     of the OS.  The shared library support part includes a variant that
++     uses the RPATH feature, and is available through the special
++     configuration target "alpha-cc-rpath", which will never be selected
++     automatically.
++     [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
++
++  *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
++     with the same message size as in ssl3_get_certificate_request().
++     Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
++     messages might inadvertently be reject as too long.
++     [Petr Lampa <lampa@fee.vutbr.cz>]
++
++  *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
++     [Andy Polyakov]
++
++  *) Modified SSL library such that the verify_callback that has been set
++     specificly for an SSL object with SSL_set_verify() is actually being
++     used. Before the change, a verify_callback set with this function was
++     ignored and the verify_callback() set in the SSL_CTX at the time of
++     the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
++     to allow the necessary settings.
++     [Lutz Jaenicke]
++
++  *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
++     explicitly to NULL, as at least on Solaris 8 this seems not always to be
++     done automatically (in contradiction to the requirements of the C
++     standard). This made problems when used from OpenSSH.
++     [Lutz Jaenicke]
++
++  *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
++     dh->length and always used
++
++          BN_rand_range(priv_key, dh->p).
++
++     BN_rand_range() is not necessary for Diffie-Hellman, and this
++     specific range makes Diffie-Hellman unnecessarily inefficient if
++     dh->length (recommended exponent length) is much smaller than the
++     length of dh->p.  We could use BN_rand_range() if the order of
++     the subgroup was stored in the DH structure, but we only have
++     dh->length.
++
++     So switch back to
++
++          BN_rand(priv_key, l, ...)
++
++     where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
++     otherwise.
++     [Bodo Moeller]
++
++  *) In
++
++          RSA_eay_public_encrypt
++          RSA_eay_private_decrypt
++          RSA_eay_private_encrypt (signing)
++          RSA_eay_public_decrypt (signature verification)
++
++     (default implementations for RSA_public_encrypt,
++     RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
++     always reject numbers >= n.
++     [Bodo Moeller]
++
++  *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
++     to synchronize access to 'locking_thread'.  This is necessary on
++     systems where access to 'locking_thread' (an 'unsigned long'
++     variable) is not atomic.
++     [Bodo Moeller]
++
++  *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
++     *before* setting the 'crypto_lock_rand' flag.  The previous code had
++     a race condition if 0 is a valid thread ID.
++     [Travis Vitek <vitek@roguewave.com>]
++
++  *) Add support for shared libraries under Irix.
++     [Albert Chin-A-Young <china@thewrittenword.com>]
++
++  *) Add configuration option to build on Linux on both big-endian and
++     little-endian MIPS.
++     [Ralf Baechle <ralf@uni-koblenz.de>]
++
++  *) Add the possibility to create shared libraries on HP-UX.
++     [Richard Levitte]
++
++ Changes between 0.9.6a and 0.9.6b  [9 Jul 2001]
++
++  *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
++     to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
++     Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
++     PRNG state recovery was possible based on the output of
++     one PRNG request appropriately sized to gain knowledge on
++     'md' followed by enough consecutive 1-byte PRNG requests
++     to traverse all of 'state'.
++
++     1. When updating 'md_local' (the current thread's copy of 'md')
++        during PRNG output generation, hash all of the previous
++        'md_local' value, not just the half used for PRNG output.
++
++     2. Make the number of bytes from 'state' included into the hash
++        independent from the number of PRNG bytes requested.
++
++     The first measure alone would be sufficient to avoid
++     Markku-Juhani's attack.  (Actually it had never occurred
++     to me that the half of 'md_local' used for chaining was the
++     half from which PRNG output bytes were taken -- I had always
++     assumed that the secret half would be used.)  The second
++     measure makes sure that additional data from 'state' is never
++     mixed into 'md_local' in small portions; this heuristically
++     further strengthens the PRNG.
++     [Bodo Moeller]
++
++  *) Fix crypto/bn/asm/mips3.s.
++     [Andy Polyakov]
++
++  *) When only the key is given to "enc", the IV is undefined. Print out
++     an error message in this case.
++     [Lutz Jaenicke]
++
++  *) Handle special case when X509_NAME is empty in X509 printing routines.
++     [Steve Henson]
++
++  *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
++     positive and less than q.
++     [Bodo Moeller]
++
++  *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
++     used: it isn't thread safe and the add_lock_callback should handle
++     that itself.
++     [Paul Rose <Paul.Rose@bridge.com>]
++
++  *) Verify that incoming data obeys the block size in
++     ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
++     [Bodo Moeller]
++
++  *) Fix OAEP check.
++     [Ulf Möller, Bodo Möller]
++
++  *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
++     RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
++     when fixing the server behaviour for backwards-compatible 'client
++     hello' messages.  (Note that the attack is impractical against
++     SSL 3.0 and TLS 1.0 anyway because length and version checking
++     means that the probability of guessing a valid ciphertext is
++     around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
++     paper.)
++
++     Before 0.9.5, the countermeasure (hide the error by generating a
++     random 'decryption result') did not work properly because
++     ERR_clear_error() was missing, meaning that SSL_get_error() would
++     detect the supposedly ignored error.
++
++     Both problems are now fixed.
++     [Bodo Moeller]
++
++  *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
++     (previously it was 1024).
++     [Bodo Moeller]
++
++  *) Fix for compatibility mode trust settings: ignore trust settings
++     unless some valid trust or reject settings are present.
++     [Steve Henson]
++
++  *) Fix for blowfish EVP: its a variable length cipher.
++     [Steve Henson]
++
++  *) Fix various bugs related to DSA S/MIME verification. Handle missing
++     parameters in DSA public key structures and return an error in the
++     DSA routines if parameters are absent.
++     [Steve Henson]
++
++  *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
++     in the current directory if neither $RANDFILE nor $HOME was set.
++     RAND_file_name() in 0.9.6a returned NULL in this case.  This has
++     caused some confusion to Windows users who haven't defined $HOME.
++     Thus RAND_file_name() is changed again: e_os.h can define a
++     DEFAULT_HOME, which will be used if $HOME is not set.
++     For Windows, we use "C:"; on other platforms, we still require
++     environment variables.
++
++  *) Move 'if (!initialized) RAND_poll()' into regions protected by
++     CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids
++     having multiple threads call RAND_poll() concurrently.
++     [Bodo Moeller]
++
++  *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
++     combination of a flag and a thread ID variable.
++     Otherwise while one thread is in ssleay_rand_bytes (which sets the
++     flag), *other* threads can enter ssleay_add_bytes without obeying
++     the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
++     that they do not hold after the first thread unsets add_do_not_lock).
++     [Bodo Moeller]
++
++  *) Change bctest again: '-x' expressions are not available in all
++     versions of 'test'.
++     [Bodo Moeller]
++
+  Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]
+ 
+   *) Fix a couple of memory leaks in PKCS7_dataDecode()
+@@ -636,7 +1160,7 @@
+      default is static libraries only, and the OpenSSL programs
+      are always statically linked for now, but there are
+      preparations for dynamic linking in place.
+-     This has been tested on Linux and True64.
++     This has been tested on Linux and Tru64.
+      [Richard Levitte]
+ 
+   *) Randomness polling function for Win9x, as described in:
+@@ -2363,7 +2887,7 @@
+                                      copied!)
+      [Bodo Moeller]
+ 
+-  *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode
++  *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
+      worked.
+ 
+   *) Fix problems with no-hmac etc.
+Index: crypto/openssl/Configure
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/Configure,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 Configure
+--- crypto/openssl/Configure	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.2
++++ crypto/openssl/Configure	31 Jul 2002 00:46:50 -0000
+@@ -10,7 +10,7 @@
+ 
+ # see INSTALL for instructions.
+ 
+-my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
++my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
+ 
+ # Options:
+ #
+@@ -23,6 +23,9 @@
+ #               default).  This needn't be set in advance, you can
+ #               just as well use "make INSTALL_PREFIX=/whatever install".
+ #
++# --test-sanity Make a number of sanity checks on the data in this file.
++#               This is a debugging tool for OpenSSL developers.
++#
+ # rsaref        use RSAref
+ # [no-]threads  [don't] try to create a library that is suitable for
+ #               multithreaded applications (default is "threads" if we
+@@ -97,7 +100,7 @@
+ # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
+ # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
+ 
+-#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
++#config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib
+ 
+ my %table=(
+ # File 'TABLE' (created by 'make TABLE') contains the data from this list,
+@@ -116,10 +119,10 @@
+ "debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+ "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
+ "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+-"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+-"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
++"debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
++"debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+ "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+-"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
++"debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
+ "dist",		"cc:-O::(unknown):::::",
+ 
+ # Basic configs that should work on any (32 and less bit) box
+@@ -132,41 +135,45 @@
+ # surrounds it with #APP #NO_APP comment pair which (at least Solaris
+ # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+ # error message.
+-"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
++#### Solaris x86 with Sun C setups
++"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ #### SPARC Solaris with GNU C setups
+-"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
+ # but keep the assembler modules.
+-"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ ####
+-"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ #### SPARC Solaris with Sun C setups
+ # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
+-"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+ # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+ # SC5.0 note: Compiler common patch 107357-01 or later is required!
+-"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
++"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+ ####
+-"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ #### SPARC Linux setups
+ "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+ # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+ # assisted with debugging of following two configs.
+-"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
++"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # it's a real mess with -mcpu=ultrasparc option under Linux, but
+ # -Wa,-Av8plus should do the trick no matter what.
+-"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
++"linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # !!!Folowing can't be even tested yet!!!
+ #    We have to wait till 64-bit glibc for SPARC is operational!!!
+ #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+@@ -177,17 +184,17 @@
+ 
+ #### IRIX 5.x configs
+ # -mips2 flag is added by ./config when appropriate.
+-"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+-"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
++"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ #### IRIX 6.x configs
+ # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+ # './Configure irix-[g]cc' manually.
+ # -mips4 flag is added by ./config when appropriate.
+-"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+-"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
++"irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # N64 ABI builds.
+-"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+-"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
++"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ #### Unified HP-UX ANSI C configs.
+ # Special notes:
+@@ -219,41 +226,45 @@
+ #
+ #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+ # Since there is mention of this in shlib/hpux10-cc.sh
+-"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+-"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+-"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",
++"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ # More attempts at unified 10.X and 11.X targets for HP C compiler.
+ #
+ # Chris Ruemmler <ruemmler@cup.hp.com>
+ # Kevin Steves <ks@hp.se>
+-"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+-"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
+-"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
+-"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
++"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ # HPUX 9.X config.
+ # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
+ # egcs.  gcc 2.8.1 is also broken.
+ 
+-"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
++"hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
+ # please report your OS and compiler version to the openssl-bugs@openssl.org
+ # mailing list.
+-"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
++"hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+-"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
++"hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # If hpux-gcc fails, try this one:
+-"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
++"hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
++# HPUX 9.X on Motorola 68k platforms with gcc
++"hpux-m68k-gcc",  "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL:::",
+ 
+ # HPUX 10.X config.  Supports threads.
+-"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
++"hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
+-"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
++"hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+-"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
++"hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ # If hpux10-gcc fails, try this one:
+-"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
++"hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ # HPUX 11.X from www.globus.org.
+ # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
+@@ -264,13 +275,43 @@
+ #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+ "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+ 
+-# Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
+-# the new compiler
++#### PARISC Linux setups
++"linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
++
++# Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
++# from the older DEC C Compiler to the newer compiler.  It's now the
++# same as the preferred entry, alpha-cc.  If you are still using the
++# older compiler (you're at 3.x or earlier, or perhaps very early 4.x)
++# you should use `alphaold-cc'.
++#
++#	"What's in a name? That which we call a rose
++#	 By any other word would smell as sweet."
++#
++# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
++#
++# For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the
++# vendor compiler, use alphaold-cc.
++# For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc.
++# For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc.
++#
++# There's also an alternate target available (which `config' will never
++# select) called alpha-cc-rpath.  This target builds an RPATH into the
++# shared libraries, which is very convenient on Tru64 since binaries
++# linked against that shared library will automatically inherit that RPATH,
++# and hence know where to look for the openssl libraries, even if they're in
++# an odd place.
++#
+ # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
+-"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
+-"alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+-"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+-"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++#
++"alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
++"alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
++"alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
++"alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
++"alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
++#
++# This probably belongs in a different section.
++#
++"FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ #### Alpha Linux with GNU C and Compaq C setups
+ # Special notes:
+@@ -285,8 +326,8 @@
+ #
+ #					<appro@fy.chalmers.se>
+ #
+-"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+ 
+@@ -295,22 +336,24 @@
+ 
+ # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
+ # bn86-elf.o file file since it is hand tweaked assembler.
+-"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
++"linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+ "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+-"linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+-"linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
++"linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
++"linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
++"linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+ "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+-"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
+-"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+ "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+-"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ "nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+ "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+ # NCR MP-RAS UNIX ver 02.03.01
+@@ -319,8 +362,11 @@
+ # QNX 4
+ "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
+ 
++# QNX 6
++"qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
++
+ # Linux on ARM
+-"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ # UnixWare 2.0x fails destest with -O
+ "unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+@@ -335,6 +381,15 @@
+ "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+ "unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+ "unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
++"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++
++# OpenUNIX 8
++"OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
++"OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
++"OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
++"OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
++"OpenUNIX-8-shared","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic",
++"OpenUNIX-8-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC",
+ 
+ # IBM's AIX.
+ "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
+@@ -343,7 +398,7 @@
+ "aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+ 
+ #
+-# Cray T90 (SDSC)
++# Cray T90 and similar (SDSC)
+ # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+ # defined.  The T90 ints and longs are 8 bytes long, and apparently the
+ # B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
+@@ -353,7 +408,10 @@
+ #'Taking the address of a bit field is not allowed. '
+ #'An expression with bit field exists as the operand of "sizeof" '
+ # (written by Wayne Schroeder <schroede@SDSC.EDU>)
+-"cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
++#
++# j90 is considered the base machine type for unicos machines,
++# so this configuration is now called "cray-j90" ...
++"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+ 
+ #
+ # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+@@ -375,9 +433,11 @@
+ 
+ # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
+ # SCO cc.
+-"sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
++"sco5-cc",  "cc:-belf::(unknown):-lsocket -lresolv:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+ "sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+ "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
++"sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
++"sco5-gcc-shared","gcc:-O3 -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
+ 
+ # Sinix/ReliantUNIX RM400
+ # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
+@@ -388,6 +448,12 @@
+ # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+ "BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+ 
++# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
++# You need to compile using the c89.sh wrapper in the tools directory, because the
++# IBM compiler does not like the -L switch after any object modules.
++#
++"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE::(unknown)::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
++
+ # Windows NT, Microsoft Visual C++ 4.0
+ 
+ "VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
+@@ -406,8 +472,12 @@
+ # and its library files in util/pl/*)
+ "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+ 
+-# CygWin32
+-"CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
++# UWIN 
++"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
++
++# Cygwin
++"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
++"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+ 
+ # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+ "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+@@ -416,22 +486,49 @@
+ ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
+ 
+ # Some OpenBSD from Bob Beck <beck@obtuse.com>
+-"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++"OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+-##### MacOS X (a.k.a. Rhapsody) setup
++##### MacOS X (a.k.a. Rhapsody or Darwin) setup
+ "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
++"darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+ 
+ ##### Sony NEWS-OS 4.x
+ "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+ 
++##### VxWorks for various targets
++"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
++
+ );
+ 
+ my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
+ 	BC-16 Mingw32);
+ 
++my $idx = 0;
++my $idx_cc = $idx++;
++my $idx_cflags = $idx++;
++my $idx_unistd = $idx++;
++my $idx_thread_cflag = $idx++;
++my $idx_lflags = $idx++;
++my $idx_bn_ops = $idx++;
++my $idx_bn_obj = $idx++;
++my $idx_des_obj = $idx++;
++my $idx_bf_obj = $idx++;
++my $idx_md5_obj = $idx++;
++my $idx_sha1_obj = $idx++;
++my $idx_cast_obj = $idx++;
++my $idx_rc4_obj = $idx++;
++my $idx_rmd160_obj = $idx++;
++my $idx_rc5_obj = $idx++;
++my $idx_dso_scheme = $idx++;
++my $idx_shared_target = $idx++;
++my $idx_shared_cflag = $idx++;
++my $idx_shared_ldflag = $idx++;
++my $idx_shared_extension = $idx++;
++my $idx_ranlib = $idx++;
++
+ my $prefix="";
+ my $openssldir="";
+ my $exe_ext="";
+@@ -504,7 +601,11 @@
+ 	foreach (@argvcopy)
+ 		{
+ 		s /^-no-/no-/; # some people just can't read the instructions
+-		if (/^no-asm$/)
++		if (/^--test-sanity$/)
++			{
++			exit(&test_sanity());
++			}
++		elsif (/^no-asm$/)
+ 		 	{
+ 			$no_asm=1;
+ 			$flags .= "-DNO_ASM ";
+@@ -633,13 +734,17 @@
+ 	exit 0;
+ }
+ 
++if ($target =~ m/^CygWin32(-.*)$/) {
++	$target = "Cygwin".$1;
++}
++
+ print "Configuring for $target\n";
+ 
+ &usage if (!defined($table{$target}));
+ 
+ my $IsWindows=scalar grep /^$target$/,@WinTargets;
+ 
+-$exe_ext=".exe" if ($target eq "CygWin32");
++$exe_ext=".exe" if ($target eq "Cygwin");
+ $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
+ $prefix=$openssldir if $prefix eq "";
+ 
+@@ -652,9 +757,29 @@
+ 
+ print "IsWindows=$IsWindows\n";
+ 
+-(my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+- $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension,my $ranlib)=
+-	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
++my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
++my $cc = $fields[$idx_cc];
++my $cflags = $fields[$idx_cflags];
++my $unistd = $fields[$idx_unistd];
++my $thread_cflag = $fields[$idx_thread_cflag];
++my $lflags = $fields[$idx_lflags];
++my $bn_ops = $fields[$idx_bn_ops];
++my $bn_obj = $fields[$idx_bn_obj];
++my $des_obj = $fields[$idx_des_obj];
++my $bf_obj = $fields[$idx_bf_obj];
++my $md5_obj = $fields[$idx_md5_obj];
++my $sha1_obj = $fields[$idx_sha1_obj];
++my $cast_obj = $fields[$idx_cast_obj];
++my $rc4_obj = $fields[$idx_rc4_obj];
++my $rmd160_obj = $fields[$idx_rmd160_obj];
++my $rc5_obj = $fields[$idx_rc5_obj];
++my $dso_scheme = $fields[$idx_dso_scheme];
++my $shared_target = $fields[$idx_shared_target];
++my $shared_cflag = $fields[$idx_shared_cflag];
++my $shared_ldflag = $fields[$idx_shared_ldflag];
++my $shared_extension = $fields[$idx_shared_extension];
++my $ranlib = $fields[$idx_ranlib];
++
+ $cflags="$flags$cflags" if ($flags ne "");
+ 
+ # The DSO code currently always implements all functions so that no
+@@ -779,6 +904,10 @@
+ 	$cflags.=" -DRMD160_ASM";
+ 	}
+ 
++# "Stringify" the C flags string.  This permits it to be made part of a string
++# and works as well on command lines.
++$cflags =~ s/([\\\"])/\\\1/g;
++
+ my $version = "unknown";
+ my $major = "unknown";
+ my $minor = "unknown";
+@@ -858,7 +987,25 @@
+ 	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+ 	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+ 	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+-	s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/);
++	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
++		{
++		my $sotmp = $1;
++		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
++		}
++	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
++		{
++		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
++		}
++	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
++		{
++		my $sotmp = $1;
++		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
++		}
++	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
++		{
++		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
++		}
++	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
+ 	print OUT $_."\n";
+ 	}
+ close(IN);
+@@ -1146,7 +1293,7 @@
+ 	my $bn_obj,my $des_obj,my $bf_obj,
+ 	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
+ 	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
+-	my $shared_extension,my $ranlib)=
++	my $shared_ldflag,my $shared_extension,my $ranlib)=
+ 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+ 			
+ 	print <<EOF
+@@ -1170,7 +1317,44 @@
+ \$dso_scheme   = $dso_scheme
+ \$shared_target= $shared_target
+ \$shared_cflag = $shared_cflag
++\$shared_ldflag = $shared_ldflag
+ \$shared_extension = $shared_extension
+ \$ranlib       = $ranlib
+ EOF
++	}
++
++sub test_sanity
++	{
++	my $errorcnt = 0;
++
++	print STDERR "=" x 70, "\n";
++	print STDERR "=== SANITY TESTING!\n";
++	print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
++	print STDERR "=" x 70, "\n";
++
++	foreach $target (sort keys %table)
++		{
++		@fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
++
++		if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
++			{
++			$errorcnt++;
++			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
++			print STDERR "              in the previous field\n";
++			}
++		elsif ($fields[$idx_dso_scheme+1] =~ /^(dl|dlfcn|win32|vms)$/)
++			{
++			$errorcnt++;
++			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
++			print STDERR "              in the following field\n";
++			}
++		elsif ($fields[$idx_dso_scheme] !~ /^(dl|dlfcn|win32|vms|)$/)
++			{
++			$errorcnt++;
++			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
++			print STDERR "              valid values are 'dl', 'dlfcn', 'win32' and 'vms'\n";
++			}
++		}
++	print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
++	return $errorcnt;
+ 	}
+Index: crypto/openssl/FAQ
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/FAQ,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 FAQ
+--- crypto/openssl/FAQ	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.3
++++ crypto/openssl/FAQ	31 Jul 2002 00:46:50 -0000
+@@ -8,6 +8,7 @@
+ * How can I contact the OpenSSL developers?
+ * Where can I get a compiled version of OpenSSL?
+ * Why aren't tools like 'autoconf' and 'libtool' used?
++* What is an 'engine' version?
+ 
+ [LEGAL] Legal questions
+ 
+@@ -17,6 +18,7 @@
+ [USER] Questions on using the OpenSSL applications
+ 
+ * Why do I get a "PRNG not seeded" error message?
++* Why do I get an "unable to write 'random state'" error message?
+ * How do I create certificates or certificate requests?
+ * Why can't I create certificate requests?
+ * Why does <SSL program> fail with a certificate verify error?
+@@ -26,15 +28,18 @@
+ * How can I remove the passphrase on a private key?
+ * Why can't I use OpenSSL certificates with SSL client authentication?
+ * Why does my browser give a warning about a mismatched hostname?
++* How do I install a CA certificate into a browser?
+ 
+ [BUILD] Questions about building and testing OpenSSL
+ 
+ * Why does the linker complain about undefined symbols?
+ * Why does the OpenSSL test fail with "bc: command not found"?
+ * Why does the OpenSSL test fail with "bc: 1 no implemented"?
+-* Why does the OpenSSL compilation fail on Alpha True64 Unix?
++* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+ * Why does the OpenSSL compilation fail with "ar: command not found"?
+ * Why does the OpenSSL compilation fail on Win32 with VC++?
++* What is special about OpenSSL on Redhat?
++* Why does the OpenSSL test suite fail on MacOS X?
+ 
+ [PROG] Questions about programming with OpenSSL
+ 
+@@ -47,6 +52,7 @@
+ * Why do I get errors about unknown algorithms?
+ * Why can't the OpenSSH configure script detect OpenSSL?
+ * Can I use OpenSSL's SSL library with non-blocking I/O?
++* Why doesn't my server application receive a client certificate?
+ 
+ ===============================================================================
+ 
+@@ -55,7 +61,7 @@
+ * Which is the current version of OpenSSL?
+ 
+ The current version is available from <URL: http://www.openssl.org>.
+-OpenSSL 0.9.6a was released on April 5th, 2001.
++OpenSSL 0.9.6e was released on 30 May, 2002.
+ 
+ In addition to the current stable release, you can also access daily
+ snapshots of the OpenSSL development version at <URL:
+@@ -119,6 +125,12 @@
+ autoconf will probably be used in future OpenSSL versions. If it was
+ less Unix-centric, it might have been used much earlier.
+ 
++* What is an 'engine' version?
++
++With version 0.9.6 OpenSSL was extended to interface to external crypto
++hardware. This was realized in a special release '0.9.6-engine'. With
++version 0.9.7 (not yet released) the changes were merged into the main
++development line, so that the special release is no longer necessary.
+ 
+ [LEGAL] =======================================================================
+ 
+@@ -144,7 +156,7 @@
+ their software on operating systems that don't normally include OpenSSL.
+ 
+ If you develop open source software that uses OpenSSL, you may find it
+-useful to choose an other license than the GPL, or state explicitely that
++useful to choose an other license than the GPL, or state explicitly that
+ "This program is released under the GPL with the additional exemption that
+ compiling, linking, and/or using OpenSSL is allowed."  If you are using
+ GPL software developed by others, you may want to ask the copyright holder
+@@ -160,6 +172,7 @@
+ device" that serves this purpose.  On other systems, applications have
+ to call the RAND_add() or RAND_seed() function with appropriate data
+ before generating keys or performing public key encryption.
++(These functions initialize the pseudo-random number generator, PRNG.)
+ 
+ Some broken applications do not do this.  As of version 0.9.5, the
+ OpenSSL functions that need randomness report an error if the random
+@@ -169,25 +182,58 @@
+ correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+ to perform potentially insecure encryption.
+ 
+-On systems without /dev/urandom, it is a good idea to use the Entropy
+-Gathering Demon; see the RAND_egd() manpage for details.
+-
+-Most components of the openssl command line tool try to use the
+-file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
+-for seeding the PRNG.  If this file does not exist or is too short,
+-the "PRNG not seeded" error message may occur.
+-
+-[Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
+-0.9.5 does not do this and will fail on systems without /dev/urandom
+-when trying to password-encrypt an RSA key!  This is a bug in the
+-library; try a later version instead.]
++On systems without /dev/urandom and /dev/random, it is a good idea to
++use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
++details.  Starting with version 0.9.7, OpenSSL will automatically look
++for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
++/etc/entropy.
++
++Most components of the openssl command line utility automatically try
++to seed the random number generator from a file.  The name of the
++default seeding file is determined as follows: If environment variable
++RANDFILE is set, then it names the seeding file.  Otherwise if
++environment variable HOME is set, then the seeding file is $HOME/.rnd.
++If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
++use file .rnd in the current directory while OpenSSL 0.9.6a uses no
++default seeding file at all.  OpenSSL 0.9.6b and later will behave
++similarly to 0.9.6a, but will use a default of "C:\" for HOME on
++Windows systems if the environment variable has not been set.
++
++If the default seeding file does not exist or is too short, the "PRNG
++not seeded" error message may occur.
++
++The openssl command line utility will write back a new state to the
++default seeding file (and create this file if necessary) unless
++there was no sufficient seeding.
++
++Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
++Use the "-rand" option of the OpenSSL command line tools instead.
++The $RANDFILE environment variable and $HOME/.rnd are only used by the
++OpenSSL command line tools. Applications using the OpenSSL library
++provide their own configuration options to specify the entropy source,
++please check out the documentation coming the with application.
+ 
+ For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+ installing the SUNski package from Sun patch 105710-01 (Sparc) which
+ adds a /dev/random device and make sure it gets used, usually through
+ $RANDFILE.  There are probably similar patches for the other Solaris
+-versions.  However, be warned that /dev/random is usually a blocking
+-device, which may have some effects on OpenSSL.
++versions.  An official statement from Sun with respect to /dev/random
++support can be found at
++  http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
++However, be warned that /dev/random is usually a blocking device, which
++may have some effects on OpenSSL.
++
++
++* Why do I get an "unable to write 'random state'" error message?
++
++
++Sometimes the openssl command line utility does not abort with
++a "PRNG not seeded" error message, but complains that it is
++"unable to write 'random state'".  This message refers to the
++default seeding file (see previous answer).  A possible reason
++is that no default filename is known because neither RANDFILE
++nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the
++current directory in this case, but this has changed with 0.9.6a.)
+ 
+ 
+ * How do I create certificates or certificate requests?
+@@ -264,7 +310,7 @@
+ reject.
+ 
+ The solution is to add the relevant CA certificate to your servers "trusted
+-CA list". How you do this depends on the server sofware in uses. You can
++CA list". How you do this depends on the server software in uses. You can
+ print out the servers list of acceptable CAs using the OpenSSL s_client tool:
+ 
+ openssl s_client -connect www.some.host:443 -prexit
+@@ -283,6 +329,26 @@
+ (CN) field of the certificate. If it does not then you get a warning.
+ 
+ 
++* How do I install a CA certificate into a browser?
++
++The usual way is to send the DER encoded certificate to the browser as
++MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
++link. On MSIE certain extensions such as .der or .cacert may also work, or you
++can import the certificate using the certificate import wizard.
++
++You can convert a certificate to DER form using the command:
++
++openssl x509 -in ca.pem -outform DER -out ca.der
++
++Occasionally someone suggests using a command such as:
++
++openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
++
++DO NOT DO THIS! This command will give away your CAs private key and
++reduces its security to zero: allowing anyone to forge certificates in
++whatever name they choose.
++
++
+ [BUILD] =======================================================================
+ 
+ * Why does the linker complain about undefined symbols?
+@@ -326,9 +392,9 @@
+ for download instructions) can be safely used, for example.
+ 
+ 
+-* Why does the OpenSSL compilation fail on Alpha True64 Unix?
++* Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+ 
+-On some Alpha installations running True64 Unix and Compaq C, the compilation
++On some Alpha installations running Tru64 Unix and Compaq C, the compilation
+ of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
+ memory to continue compilation.'  As far as the tests have shown, this may be
+ a compiler bug.  What happens is that it eats up a lot of resident memory
+@@ -390,6 +456,52 @@
+ and the changes are only valid for the current DOS session.
+ 
+ 
++* What is special about OpenSSL on Redhat?
++
++Red Hat Linux (release 7.0 and later) include a preinstalled limited
++version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
++is disabled in this version. The same may apply to other Linux distributions.
++Users may therefore wish to install more or all of the features left out.
++
++To do this you MUST ensure that you do not overwrite the openssl that is in
++/usr/bin on your Red Hat machine. Several packages depend on this file,
++including sendmail and ssh. /usr/local/bin is a good alternative choice. The
++libraries that come with Red Hat 7.0 onwards have different names and so are
++not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
++/lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
++/lib/libcrypto.so.2 respectively).
++
++Please note that we have been advised by Red Hat attempting to recompile the
++openssl rpm with all the cryptography enabled will not work. All other
++packages depend on the original Red Hat supplied openssl package. It is also
++worth noting that due to the way Red Hat supplies its packages, updates to
++openssl on each distribution never change the package version, only the
++build number. For example, on Red Hat 7.1, the latest openssl package has
++version number 0.9.6 and build number 9 even though it contains all the
++relevant updates in packages up to and including 0.9.6b.
++
++A possible way around this is to persuade Red Hat to produce a non-US
++version of Red Hat Linux.
++
++FYI: Patent numbers and expiry dates of US patents:
++MDC-2: 4,908,861 13/03/2007
++IDEA:  5,214,703 25/05/2010
++RC5:   5,724,428 03/03/2015
++
++
++* Why does the OpenSSL test suite fail on MacOS X?
++
++If the failure happens when running 'make test' and the RC4 test fails,
++it's very probable that you have OpenSSL 0.9.6b delivered with the
++operating system (you can find out by running '/usr/bin/openssl version')
++and that you were trying to build OpenSSL 0.9.6d.  The problem is that
++the loader ('ld') in MacOS X has a misfeature that's quite difficult to
++go around and has linked the programs "openssl" and the test programs
++with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
++libraries you just built.
++Look in the file PROBLEMS for a more detailed explanation and for possible
++solutions.
++
+ [PROG] ========================================================================
+ 
+ * Is OpenSSL thread-safe?
+@@ -406,10 +518,43 @@
+ 
+ * I've compiled a program under Windows and it crashes: why?
+ 
+-This is usually because you've missed the comment in INSTALL.W32. You
+-must link with the multithreaded DLL version of the VC++ runtime library
+-otherwise the conflict will cause a program to crash: typically on the
+-first BIO related read or write operation.
++This is usually because you've missed the comment in INSTALL.W32.
++Your application must link against the same version of the Win32
++C-Runtime against which your openssl libraries were linked.  The
++default version for OpenSSL is /MD - "Multithreaded DLL".
++
++If you are using Microsoft Visual C++'s IDE (Visual Studio), in
++many cases, your new project most likely defaulted to "Debug
++Singlethreaded" - /ML.  This is NOT interchangeable with /MD and your
++program will crash, typically on the first BIO related read or write
++operation.
++
++For each of the six possible link stage configurations within Win32,
++your application must link  against the same by which OpenSSL was
++built.  If you are using MS Visual C++ (Studio) this can be changed
++by:
++
++1.  Select Settings... from the Project Menu.
++2.  Select the C/C++ Tab.
++3.  Select "Code Generation from the "Category" drop down list box
++4.  Select the Appropriate library (see table below) from the "Use
++    run-time library" drop down list box.  Perform this step for both
++    your debug and release versions of your application (look at the
++    top left of the settings panel to change between the two)
++
++    Single Threaded           /ML        -  MS VC++ often defaults to
++                                            this for the release
++                                            version of a new project.
++    Debug Single Threaded     /MLd       -  MS VC++ often defaults to
++                                            this for the debug version
++                                            of a new project.
++    Multithreaded             /MT
++    Debug Multithreaded       /MTd
++    Multithreaded DLL         /MD        -  OpenSSL defaults to this.
++    Debug Multithreaded DLL   /MDd
++
++Note that debug and release libraries are NOT interchangeable.  If you
++built OpenSSL with /MD your application must use /MD and cannot use /MDd.
+ 
+ 
+ * How do I read or write a DER encoded buffer using the ASN1 functions?
+@@ -490,44 +635,16 @@
+ 
+ * Why can't the OpenSSH configure script detect OpenSSL?
+ 
+-There is a problem with OpenSSH 1.2.2p1, in that the configure script
+-can't find the installed OpenSSL libraries.  The problem is actually
+-a small glitch that is easily solved with the following patch to be
+-applied to the OpenSSH distribution:
+-
+------ snip:start -----
+---- openssh-1.2.2p1/configure.in.orig	Thu Mar 23 18:56:58 2000
+-+++ openssh-1.2.2p1/configure.in	Thu Mar 23 18:55:05 2000
+-@@ -152,10 +152,10 @@
+- AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
+- for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+- 	if test ! -z "$ssldir" ; then
+--		LIBS="$saved_LIBS -L$ssldir"
+-+		LIBS="$saved_LIBS -L$ssldir/lib"
+- 		CFLAGS="$CFLAGS -I$ssldir/include"
+- 		if test "x$need_dash_r" = "x1" ; then
+--			LIBS="$LIBS -R$ssldir"
+-+			LIBS="$LIBS -R$ssldir/lib"
+- 		fi
+- 	fi
+- 	LIBS="$LIBS -lcrypto"
+---- openssh-1.2.2p1/configure.orig	Thu Mar 23 18:55:02 2000
+-+++ openssh-1.2.2p1/configure	Thu Mar 23 18:57:08 2000
+-@@ -1890,10 +1890,10 @@
+- echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
+- for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+- 	if test ! -z "$ssldir" ; then
+--		LIBS="$saved_LIBS -L$ssldir"
+-+		LIBS="$saved_LIBS -L$ssldir/lib"
+- 		CFLAGS="$CFLAGS -I$ssldir/include"
+- 		if test "x$need_dash_r" = "x1" ; then
+--			LIBS="$LIBS -R$ssldir"
+-+			LIBS="$LIBS -R$ssldir/lib"
+- 		fi
+- 	fi
+- 	LIBS="$LIBS -lcrypto"
+------ snip:end -----
+-
++Several reasons for problems with the automatic detection exist.
++OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
++Sometimes the distribution has installed an older version in the system
++locations that is detected instead of a new one installed. The OpenSSL
++library might have been compiled for another CPU or another mode (32/64 bits).
++Permissions might be wrong.
++
++The general answer is to check the config.log file generated when running
++the OpenSSH configure script. It should contain the detailed information
++on why the OpenSSL library was not detected or considered incompatible.
+ 
+ * Can I use OpenSSL's SSL library with non-blocking I/O?
+ 
+@@ -541,6 +658,13 @@
+ request a new TLS/SSL handshake at any time during the protocol,
+ requiring a bi-directional message exchange; both SSL_read() and
+ SSL_write() will try to continue any pending handshake.
++
++
++* Why doesn't my server application receive a client certificate?
++
++Due to the TLS protocol definition, a client will only send a certificate,
++if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
++SSL_CTX_set_verify() function to enable the use of client certificates.
+ 
+ 
+ ===============================================================================
+Index: crypto/openssl/FREEBSD-Xlist
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/FREEBSD-Xlist,v
+retrieving revision 1.1.2.2
+diff -u -r1.1.2.2 FREEBSD-Xlist
+--- crypto/openssl/FREEBSD-Xlist	4 Jul 2001 23:19:08 -0000	1.1.2.2
++++ crypto/openssl/FREEBSD-Xlist	31 Jul 2002 00:46:50 -0000
+@@ -1,39 +1,30 @@
+-$FreeBSD: src/crypto/openssl/FREEBSD-Xlist,v 1.1.2.2 2001/07/04 23:19:08 kris Exp $
++$FreeBSD: src/crypto/openssl/FREEBSD-Xlist,v 1.1.2.3 2002/07/30 22:04:59 nectar Exp $
+ INSTALL.MacOS
+ INSTALL.VMS
+ INSTALL.W32
+ MacOS/
+ VMS/
+-*.bat
+ *.com
+ */*.bat
+ */*.com
+ */*/*.bat
+ */*/*.com
+ apps/openssl-vms.cnf
+-crypto/bf/asm/b-win32.asm
+-crypto/bn/asm/bn-win32.asm
++crypto/bn/asm/pa-risc2.s.old
+ crypto/bn/asm/vms.mar
+-crypto/bn/asm/x86w16.asm
+-crypto/bn/asm/x86w32.asm
+ crypto/bn/vms-helper.c
+-crypto/cast/asm/c-win32.asm
+-crypto/des/asm/d-win32.asm
+-crypto/des/asm/y-win32.asm
+-crypto/des/des-lib.com
+ crypto/dso/dso_vms.c
+ crypto/dso/dso_win32.c
+-crypto/md5/asm/m5-win32.asm
+-crypto/rc4/asm/r4-win32.asm
+-crypto/rc5/asm/r5-win32.asm
+-crypto/ripemd/asm/rm-win32.asm
+-crypto/sha/asm/s1-win32.asm
+ crypto/threads/solaris.sh
+ ms/
++rsaref/
+ shlib/Makefile.hpux10-cc
+ shlib/hpux10-cc.sh
+ shlib/irix.sh
+ shlib/solaris-sc4.sh
+ shlib/solaris.sh
+ shlib/sun.sh
+-vms/
++shlib/svr5-shared-gcc.sh
++shlib/svr5-shared-installed
++shlib/svr5-shared.sh
++util/cygwin.sh
+Index: crypto/openssl/INSTALL
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/INSTALL,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 INSTALL
+--- crypto/openssl/INSTALL	26 Nov 2000 11:32:45 -0000	1.1.1.1.2.2
++++ crypto/openssl/INSTALL	31 Jul 2002 00:46:50 -0000
+@@ -7,8 +7,11 @@
+ 
+  To install OpenSSL, you will need:
+ 
++  * make
+   * Perl 5
+   * an ANSI C compiler
++  * a development environment in form of development libraries and C
++    header files
+   * a supported Unix operating system
+ 
+  Quick Start
+@@ -43,9 +46,6 @@
+   --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+                 the library files and binaries are also installed there.
+ 
+-  rsaref        Build with RSADSI's RSAREF toolkit (this assumes that
+-                librsaref.a is in the library search path).
+-
+   no-threads    Don't try to build with support for multi-threaded
+                 applications.
+ 
+@@ -125,11 +125,14 @@
+      directory, and the binary will be in the "apps" directory.
+ 
+      If "make" fails, look at the output.  There may be reasons for
+-     the failure that isn't a problem in OpenSSL itself (like missing
++     the failure that aren't problems in OpenSSL itself (like missing
+      standard headers).  If it is a problem with OpenSSL itself, please
+      report the problem to <openssl-bugs@openssl.org> (note that your
+-     message will be forwarded to a public mailing list).  Include the
+-     output of "make report" in your message.
++     message will be recorded in the request tracker publicly readable
++     via http://www.openssl.org/rt2.html and will be forwarded to a public
++     mailing list). Include the output of "make report" in your message.
++     Please check out the request tracker. Maybe the bug was already
++     reported or has already been fixed.
+ 
+      [If you encounter assembler error messages, try the "no-asm"
+      configuration option as an immediate fix.]
+@@ -147,7 +150,8 @@
+      try removing any compiler optimization flags from the CFLAGS line
+      in Makefile.ssl and run "make clean; make". Please send a bug
+      report to <openssl-bugs@openssl.org>, including the output of
+-     "make report".
++     "make report" in order to be added to the request tracker at
++     http://www.openssl.org/rt2.html.
+ 
+   4. If everything tests ok, install OpenSSL with
+ 
+@@ -268,6 +272,11 @@
+ 
+  Note on shared libraries
+  ------------------------
++
++ Shared library is currently an experimental feature.  The only reason to
++ have them would be to conserve memory on systems where several program
++ are using OpenSSL.  Binary backward compatibility can't be guaranteed
++ before OpenSSL version 1.0.
+ 
+  For some systems, the OpenSSL Configure script knows what is needed to
+  build shared libraries for libcrypto and libssl.  On these systems,
+Index: crypto/openssl/LICENSE
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/LICENSE,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 LICENSE
+--- crypto/openssl/LICENSE	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.2
++++ crypto/openssl/LICENSE	31 Jul 2002 00:46:50 -0000
+@@ -12,7 +12,7 @@
+   ---------------
+ 
+ /* ====================================================================
+- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+Index: crypto/openssl/Makefile.org
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/Makefile.org,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.org
+--- crypto/openssl/Makefile.org	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.3
++++ crypto/openssl/Makefile.org	31 Jul 2002 00:46:50 -0000
+@@ -183,6 +183,7 @@
+ SHARED_SSL=libssl$(SHLIB_EXT)
+ SHARED_LIBS=
+ SHARED_LIBS_LINK_EXTS=
++SHARED_LDFLAGS=
+ 
+ GENERAL=        Makefile
+ BASENAME=       openssl
+@@ -235,19 +236,22 @@
+ 			done; \
+ 		fi; \
+ 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
++		if [ "$(PLATFORM)" = "Cygwin" ]; then \
++			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
++		fi; \
+ 	done
+ 
+ link-shared:
+-	@for i in $(SHLIBDIRS); do \
+-		prev=lib$$i$(SHLIB_EXT); \
+-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
++	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
++		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
++		for i in $(SHLIBDIRS); do \
++			prev=lib$$i$(SHLIB_EXT); \
+ 			for j in $${tmp:-x}; do \
+ 				( set -x; ln -f -s $$prev lib$$i$$j ); \
+ 				prev=lib$$i$$j; \
+ 			done; \
+-		fi; \
+-	done
++		done; \
++	fi
+ 
+ build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
+ 
+@@ -255,29 +259,222 @@
+ do_linux-shared: do_gnu-shared
+ do_gnu-shared:
+ 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+-	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+-		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++	( set -x; ${CC} ${SHARED_LDFLAGS} \
++		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		-Wl,-Bsymbolic \
+ 		-Wl,--whole-archive lib$$i.a \
+ 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+ 	libs="$$libs -l$$i"; \
+ 	done
+ 
+-# This assumes that GNU utilities are *not* used
+-do_tru64-shared:
++DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
++	collect2=`gcc -print-prog-name=collect2 2>&1` && \
++	[ -n "$$collect2" ] && \
++	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
++	[ -n "$$my_ld" ] && \
++	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
++
++# For Darwin AKA Mac OS/X (dyld)
++do_darwin-shared: 
+ 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+-	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
+-		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+-		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
++		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
++		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
++	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
++	echo "" ; \
++	done
++
++do_cygwin-shared:
++	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++	( set -x; ${CC}  -shared -o cyg$$i.dll \
++		-Wl,-Bsymbolic \
++		-Wl,--whole-archive lib$$i.a \
++		-Wl,--out-implib,lib$$i.dll.a \
++		-Wl,--no-whole-archive $$libs ) || exit 1; \
+ 	libs="$$libs -l$$i"; \
+ 	done
+ 
+ # This assumes that GNU utilities are *not* used
++do_alpha-osf1-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( set -x; ${CC} ${SHARED_LDFLAGS} \
++			-shared -o lib$$i.so \
++			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# This assumes that GNU utilities are *not* used
++# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
++# option passed to the linker.
++do_tru64-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( set -x; ${CC} ${SHARED_LDFLAGS} \
++			-shared -msym -o lib$$i.so \
++			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# This assumes that GNU utilities are *not* used
++# The difference between tru64-shared and tru64-shared-rpath is the
++# -rpath ${INSTALLTOP}/lib passed to the linker.
++do_tru64-shared-rpath:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( set -x; ${CC} ${SHARED_LDFLAGS} \
++			-shared -msym -o lib$$i.so \
++			-rpath  ${INSTALLTOP}/lib \
++			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++
++# This assumes that GNU utilities are *not* used
+ do_solaris-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++		  set -x; ${CC} ${SHARED_LDFLAGS} \
++			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# OpenServer 5 native compilers used
++do_svr3-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++		  find . -name "*.o" -print > allobjs ; \
++		  OBJS= ; export OBJS ; \
++		  for obj in `ar t lib$$i.a` ; do \
++		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
++		  done ; \
++		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# UnixWare 7 and OpenUNIX 8 native compilers used
++do_svr5-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++		  find . -name "*.o" -print > allobjs ; \
++		  OBJS= ; export OBJS ; \
++		  for obj in `ar t lib$$i.a` ; do \
++		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
++		  done ; \
++		  set -x; ${CC} ${SHARED_LDFLAGS} \
++			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# This assumes that GNU utilities are *not* used
++do_irix-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( set -x; ${CC} ${SHARED_LDFLAGS} \
++			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# This assumes that GNU utilities are *not* used
++do_hpux-shared:
++	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
++		+vnocompatwarnings \
++		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
++	libs="$$libs -L. -l$$i"; \
++	done
++
++# This assumes that GNU utilities are *not* used
++do_hpux64-shared:
+ 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+-	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+-	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+-		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+-		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
++		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
++	libs="$$libs -L. -l$$i"; \
++	done
++
++# The following method is said to work on all platforms.  Tests will
++# determine if that's how it's gong to be used.
++# This assumes that for all but GNU systems, GNU utilities are *not* used.
++# ALLSYMSFLAGS would be:
++#  GNU systems: --whole-archive
++#  Tru64 Unix:  -all
++#  Solaris:     -z allextract
++#  Irix:        -all
++#  HP/UX-32bit: -Fl
++#  HP/UX-64bit: +forceload
++#  AIX:		-bnogc
++# SHAREDFLAGS would be:
++#  GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
++#  Tru64 Unix:  -shared \
++#		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
++#  Solaris:     -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
++#  Irix:        -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
++#  HP/UX-32bit: +vnocompatwarnings -b -z +s \
++#		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
++#  HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
++#  AIX:		-G -bE:lib$$i.exp -bM:SRE
++# SHAREDCMD would be:
++#  GNU systems: $(CC)
++#  Tru64 Unix:  $(CC)
++#  Solaris:     $(CC)
++#  Irix:        $(CC)
++#  HP/UX-32bit: /usr/ccs/bin/ld
++#  HP/UX-64bit: /usr/ccs/bin/ld
++#  AIX:		$(CC)
++ALLSYMSFLAG=-bnogc
++SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
++SHAREDCMD=$(CC)
++do_aix-shared:
++	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++	( set -x; \
++	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
++	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
++	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
++		$$libs ${EX_LIBS} ) ) \
++	|| exit 1; \
+ 	libs="$$libs -l$$i"; \
+ 	done
+ 
+@@ -350,7 +547,7 @@
+ 
+ tests: rehash
+ 	@(cd test && echo "testing..." && \
+-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests );
++	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
+ 	@apps/openssl version -a
+ 
+ report:
+@@ -361,7 +558,7 @@
+ 	do \
+ 	if [ -d "$$i" ]; then \
+ 		(cd $$i && echo "making dependencies $$i..." && \
+-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
++		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
+ 	fi; \
+ 	done;
+ 
+@@ -384,42 +581,48 @@
+ 	done;
+ 
+ errors:
+-	perl util/mkerr.pl -recurse -write
++	$(PERL) util/mkerr.pl -recurse -write
+ 
+ stacks:
+-	perl util/mkstack.pl -write
++	$(PERL) util/mkstack.pl -write
+ 
+ util/libeay.num::
+-	perl util/mkdef.pl crypto update
++	$(PERL) util/mkdef.pl crypto update
+ 
+ util/ssleay.num::
+-	perl util/mkdef.pl ssl update
++	$(PERL) util/mkdef.pl ssl update
+ 
+ crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+-	perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
++	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
+-	perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
++	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+ 
+ TABLE: Configure
+ 	(echo 'Output of `Configure TABLE'"':"; \
+-	perl Configure TABLE) > TABLE
++	$(PERL) Configure TABLE) > TABLE
+ 
+ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+ 
++# Build distribution tar-file. As the list of files returned by "find" is
++# pretty long, on several platforms a "too many arguments" error or similar
++# would occur. Therefore the list of files is temporarily stored into a file
++# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
++# tar does not support the --files-from option.
+ tar:
+-	@$(TAR) $(TARFLAGS) -cvf - \
+-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
++	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
++	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+ 	tardy --user_number=0  --user_name=openssl \
+ 	      --group_number=0 --group_name=openssl \
+ 	      --prefix=openssl-$(VERSION) - |\
+ 	gzip --best >../$(TARFILE).gz; \
++	rm -f ../$(TARFILE).list; \
+ 	ls -l ../$(TARFILE).gz
+ 
+ dist:   
+ 	$(PERL) Configure dist
+ 	@$(MAKE) dist_pem_h
+ 	@$(MAKE) SDIRS='${SDIRS}' clean
+-	@$(MAKE) tar
++	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+ 
+ dist_pem_h:
+ 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+@@ -451,17 +654,25 @@
+ 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+ 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+-		fi \
++		fi; \
+ 	done
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
+ 		tmp="$(SHARED_LIBS)"; \
+ 		for i in $${tmp:-x}; \
+ 		do \
+-			if [ -f "$$i" ]; then \
++			if [ -f "$$i" -o -f "$$i.a" ]; then \
+ 			(       echo installing $$i; \
+-				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+-				chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+-			fi \
++				if [ "$(PLATFORM)" != "Cygwin" ]; then \
++					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
++					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
++				else \
++					c=`echo $$i | sed 's/^lib/cyg/'`; \
++					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
++					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
++					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
++					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
++				fi ); \
++			fi; \
+ 		done; \
+ 		(	here="`pwd`"; \
+ 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+@@ -474,22 +685,24 @@
+ 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+ 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+ 		$(INSTALL_PREFIX)$(MANDIR)/man7
+-	@echo installing man 1 and man 5
+ 	@for i in doc/apps/*.pod; do \
+ 		fn=`basename $$i .pod`; \
+-		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+-		(cd `dirname $$i`; \
+-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+-			 --release=$(VERSION) `basename $$i`) \
++		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
++		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
++		(cd `$(PERL) util/dirname.pl $$i`; \
++		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
++			--section=$$sec --center=OpenSSL \
++			--release=$(VERSION) `basename $$i`") \
+ 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ 	done
+-	@echo installing man 3 and man 7
+ 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ 		fn=`basename $$i .pod`; \
+-		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+-		(cd `dirname $$i`; \
+-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+-			--release=$(VERSION) `basename $$i`) \
++		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
++		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
++		(cd `$(PERL) util/dirname.pl $$i`; \
++		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
++			--section=$$sec --center=OpenSSL \
++			--release=$(VERSION) `basename $$i`") \
+ 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ 	done
+ 
+Index: crypto/openssl/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/Makefile.ssl	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.3
++++ crypto/openssl/Makefile.ssl	31 Jul 2002 00:46:50 -0000
+@@ -4,7 +4,7 @@
+ ## Makefile for OpenSSL
+ ##
+ 
+-VERSION=0.9.6a
++VERSION=0.9.6e
+ MAJOR=0
+ MINOR=9.6
+ SHLIB_VERSION_NUMBER=0.9.6
+@@ -20,7 +20,7 @@
+ # INSTALL_PREFIX is for package builders so that they can configure
+ # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+ # Normally it is left empty.
+-INSTALL_PREFIX=
++INSTALL_PREFIX=/home/nectar/SSL
+ INSTALLTOP=/usr/local/ssl
+ 
+ # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+@@ -64,7 +64,7 @@
+ EXE_EXT= 
+ AR=ar r
+ RANLIB= /usr/bin/ranlib
+-PERL= /usr/local/bin/perl
++PERL= /usr/local/bin/perl5
+ TAR= tar
+ TARFLAGS= --no-recursion
+ 
+@@ -185,6 +185,7 @@
+ SHARED_SSL=libssl$(SHLIB_EXT)
+ SHARED_LIBS=
+ SHARED_LIBS_LINK_EXTS=
++SHARED_LDFLAGS=
+ 
+ GENERAL=        Makefile
+ BASENAME=       openssl
+@@ -237,19 +238,22 @@
+ 			done; \
+ 		fi; \
+ 		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
++		if [ "$(PLATFORM)" = "Cygwin" ]; then \
++			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
++		fi; \
+ 	done
+ 
+ link-shared:
+-	@for i in $(SHLIBDIRS); do \
+-		prev=lib$$i$(SHLIB_EXT); \
+-		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+-			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
++	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
++		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
++		for i in $(SHLIBDIRS); do \
++			prev=lib$$i$(SHLIB_EXT); \
+ 			for j in $${tmp:-x}; do \
+ 				( set -x; ln -f -s $$prev lib$$i$$j ); \
+ 				prev=lib$$i$$j; \
+ 			done; \
+-		fi; \
+-	done
++		done; \
++	fi
+ 
+ build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
+ 
+@@ -257,29 +261,222 @@
+ do_linux-shared: do_gnu-shared
+ do_gnu-shared:
+ 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+-	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+-		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++	( set -x; ${CC} ${SHARED_LDFLAGS} \
++		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		-Wl,-Bsymbolic \
+ 		-Wl,--whole-archive lib$$i.a \
+ 		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+ 	libs="$$libs -l$$i"; \
+ 	done
+ 
+-# This assumes that GNU utilities are *not* used
+-do_tru64-shared:
++DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
++	collect2=`gcc -print-prog-name=collect2 2>&1` && \
++	[ -n "$$collect2" ] && \
++	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
++	[ -n "$$my_ld" ] && \
++	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
++
++# For Darwin AKA Mac OS/X (dyld)
++do_darwin-shared: 
+ 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+-	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
+-		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+-		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
++		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
++		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
++	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
++	echo "" ; \
++	done
++
++do_cygwin-shared:
++	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++	( set -x; ${CC}  -shared -o cyg$$i.dll \
++		-Wl,-Bsymbolic \
++		-Wl,--whole-archive lib$$i.a \
++		-Wl,--out-implib,lib$$i.dll.a \
++		-Wl,--no-whole-archive $$libs ) || exit 1; \
+ 	libs="$$libs -l$$i"; \
+ 	done
+ 
+ # This assumes that GNU utilities are *not* used
++do_alpha-osf1-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( set -x; ${CC} ${SHARED_LDFLAGS} \
++			-shared -o lib$$i.so \
++			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# This assumes that GNU utilities are *not* used
++# The difference between alpha-osf1-shared and tru64-shared is the `-msym'
++# option passed to the linker.
++do_tru64-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( set -x; ${CC} ${SHARED_LDFLAGS} \
++			-shared -msym -o lib$$i.so \
++			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# This assumes that GNU utilities are *not* used
++# The difference between tru64-shared and tru64-shared-rpath is the
++# -rpath ${INSTALLTOP}/lib passed to the linker.
++do_tru64-shared-rpath:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( set -x; ${CC} ${SHARED_LDFLAGS} \
++			-shared -msym -o lib$$i.so \
++			-rpath  ${INSTALLTOP}/lib \
++			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++
++# This assumes that GNU utilities are *not* used
+ do_solaris-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++		  set -x; ${CC} ${SHARED_LDFLAGS} \
++			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# OpenServer 5 native compilers used
++do_svr3-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++		  find . -name "*.o" -print > allobjs ; \
++		  OBJS= ; export OBJS ; \
++		  for obj in `ar t lib$$i.a` ; do \
++		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
++		  done ; \
++		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# UnixWare 7 and OpenUNIX 8 native compilers used
++do_svr5-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++		  find . -name "*.o" -print > allobjs ; \
++		  OBJS= ; export OBJS ; \
++		  for obj in `ar t lib$$i.a` ; do \
++		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
++		  done ; \
++		  set -x; ${CC} ${SHARED_LDFLAGS} \
++			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# This assumes that GNU utilities are *not* used
++do_irix-shared:
++	if ${DETECT_GNU_LD}; then \
++		$(MAKE) do_gnu-shared; \
++	else \
++		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++		( set -x; ${CC} ${SHARED_LDFLAGS} \
++			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
++		libs="$$libs -l$$i"; \
++		done; \
++	fi
++
++# This assumes that GNU utilities are *not* used
++do_hpux-shared:
++	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
++		+vnocompatwarnings \
++		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
++	libs="$$libs -L. -l$$i"; \
++	done
++
++# This assumes that GNU utilities are *not* used
++do_hpux64-shared:
+ 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+-	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+-	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+-		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+-		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
++		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
++	libs="$$libs -L. -l$$i"; \
++	done
++
++# The following method is said to work on all platforms.  Tests will
++# determine if that's how it's gong to be used.
++# This assumes that for all but GNU systems, GNU utilities are *not* used.
++# ALLSYMSFLAGS would be:
++#  GNU systems: --whole-archive
++#  Tru64 Unix:  -all
++#  Solaris:     -z allextract
++#  Irix:        -all
++#  HP/UX-32bit: -Fl
++#  HP/UX-64bit: +forceload
++#  AIX:		-bnogc
++# SHAREDFLAGS would be:
++#  GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
++#  Tru64 Unix:  -shared \
++#		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
++#  Solaris:     -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
++#  Irix:        -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
++#  HP/UX-32bit: +vnocompatwarnings -b -z +s \
++#		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
++#  HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
++#  AIX:		-G -bE:lib$$i.exp -bM:SRE
++# SHAREDCMD would be:
++#  GNU systems: $(CC)
++#  Tru64 Unix:  $(CC)
++#  Solaris:     $(CC)
++#  Irix:        $(CC)
++#  HP/UX-32bit: /usr/ccs/bin/ld
++#  HP/UX-64bit: /usr/ccs/bin/ld
++#  AIX:		$(CC)
++ALLSYMSFLAG=-bnogc
++SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
++SHAREDCMD=$(CC)
++do_aix-shared:
++	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++	( set -x; \
++	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
++	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
++	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
++		$$libs ${EX_LIBS} ) ) \
++	|| exit 1; \
+ 	libs="$$libs -l$$i"; \
+ 	done
+ 
+@@ -352,7 +549,7 @@
+ 
+ tests: rehash
+ 	@(cd test && echo "testing..." && \
+-	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests );
++	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
+ 	@apps/openssl version -a
+ 
+ report:
+@@ -363,7 +560,7 @@
+ 	do \
+ 	if [ -d "$$i" ]; then \
+ 		(cd $$i && echo "making dependencies $$i..." && \
+-		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
++		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
+ 	fi; \
+ 	done;
+ 
+@@ -386,42 +583,48 @@
+ 	done;
+ 
+ errors:
+-	perl util/mkerr.pl -recurse -write
++	$(PERL) util/mkerr.pl -recurse -write
+ 
+ stacks:
+-	perl util/mkstack.pl -write
++	$(PERL) util/mkstack.pl -write
+ 
+ util/libeay.num::
+-	perl util/mkdef.pl crypto update
++	$(PERL) util/mkdef.pl crypto update
+ 
+ util/ssleay.num::
+-	perl util/mkdef.pl ssl update
++	$(PERL) util/mkdef.pl ssl update
+ 
+ crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+-	perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
++	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+ crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
+-	perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
++	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+ 
+ TABLE: Configure
+ 	(echo 'Output of `Configure TABLE'"':"; \
+-	perl Configure TABLE) > TABLE
++	$(PERL) Configure TABLE) > TABLE
+ 
+ update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+ 
++# Build distribution tar-file. As the list of files returned by "find" is
++# pretty long, on several platforms a "too many arguments" error or similar
++# would occur. Therefore the list of files is temporarily stored into a file
++# and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
++# tar does not support the --files-from option.
+ tar:
+-	@$(TAR) $(TARFLAGS) -cvf - \
+-		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
++	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
++	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+ 	tardy --user_number=0  --user_name=openssl \
+ 	      --group_number=0 --group_name=openssl \
+ 	      --prefix=openssl-$(VERSION) - |\
+ 	gzip --best >../$(TARFILE).gz; \
++	rm -f ../$(TARFILE).list; \
+ 	ls -l ../$(TARFILE).gz
+ 
+ dist:   
+ 	$(PERL) Configure dist
+ 	@$(MAKE) dist_pem_h
+ 	@$(MAKE) SDIRS='${SDIRS}' clean
+-	@$(MAKE) tar
++	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+ 
+ dist_pem_h:
+ 	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+@@ -453,17 +656,25 @@
+ 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+ 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+ 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+-		fi \
++		fi; \
+ 	done
+ 	@if [ -n "$(SHARED_LIBS)" ]; then \
+ 		tmp="$(SHARED_LIBS)"; \
+ 		for i in $${tmp:-x}; \
+ 		do \
+-			if [ -f "$$i" ]; then \
++			if [ -f "$$i" -o -f "$$i.a" ]; then \
+ 			(       echo installing $$i; \
+-				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+-				chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+-			fi \
++				if [ "$(PLATFORM)" != "Cygwin" ]; then \
++					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
++					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
++				else \
++					c=`echo $$i | sed 's/^lib/cyg/'`; \
++					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
++					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
++					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
++					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
++				fi ); \
++			fi; \
+ 		done; \
+ 		(	here="`pwd`"; \
+ 			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+@@ -476,22 +687,24 @@
+ 		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+ 		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+ 		$(INSTALL_PREFIX)$(MANDIR)/man7
+-	@echo installing man 1 and man 5
+ 	@for i in doc/apps/*.pod; do \
+ 		fn=`basename $$i .pod`; \
+-		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+-		(cd `dirname $$i`; \
+-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+-			 --release=$(VERSION) `basename $$i`) \
++		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
++		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
++		(cd `$(PERL) util/dirname.pl $$i`; \
++		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
++			--section=$$sec --center=OpenSSL \
++			--release=$(VERSION) `basename $$i`") \
+ 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ 	done
+-	@echo installing man 3 and man 7
+ 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+ 		fn=`basename $$i .pod`; \
+-		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+-		(cd `dirname $$i`; \
+-		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+-			--release=$(VERSION) `basename $$i`) \
++		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
++		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
++		(cd `$(PERL) util/dirname.pl $$i`; \
++		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
++			--section=$$sec --center=OpenSSL \
++			--release=$(VERSION) `basename $$i`") \
+ 			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+ 	done
+ 
+Index: crypto/openssl/NEWS
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/NEWS,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 NEWS
+--- crypto/openssl/NEWS	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.3
++++ crypto/openssl/NEWS	31 Jul 2002 00:46:50 -0000
+@@ -5,6 +5,41 @@
+   This file gives a brief overview of the major changes between each OpenSSL
+   release. For more details please read the CHANGES file.
+ 
++  Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
++
++      o Various SSL/TLS library bugfixes.
++      o Fix DH parameter generation for 'non-standard' generators.
++
++  Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
++
++      o Various SSL/TLS library bugfixes.
++      o BIGNUM library fixes.
++      o RSA OAEP and random number generation fixes.
++      o Object identifiers corrected and added.
++      o Add assembler BN routines for IA64.
++      o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
++        MIPS Linux; shared library support for Irix, HP-UX.
++      o Add crypto accelerator support for AEP, Baltimore SureWare,
++        Broadcom and Cryptographic Appliance's keyserver
++        [in 0.9.6c-engine release].
++
++  Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
++
++      o Security fix: PRNG improvements.
++      o Security fix: RSA OAEP check.
++      o Security fix: Reinsert and fix countermeasure to Bleichbacher's
++        attack.
++      o MIPS bug fix in BIGNUM.
++      o Bug fix in "openssl enc".
++      o Bug fix in X.509 printing routine.
++      o Bug fix in DSA verification routine and DSA S/MIME verification.
++      o Bug fix to make PRNG thread-safe.
++      o Bug fix in RAND_file_name().
++      o Bug fix in compatibility mode trust settings.
++      o Bug fix in blowfish EVP.
++      o Increase default size for BIO buffering filter.
++      o Compatibility fixes in some scripts.
++
+   Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+ 
+       o Security fix: change behavior of OpenSSL to avoid using
+@@ -21,7 +56,7 @@
+       o Bug fixes for Win32, HP/UX and Irix.
+       o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+         memory checking routines.
+-      o Bug fixes for RSA operations in threaded enviroments.
++      o Bug fixes for RSA operations in threaded environments.
+       o Bug fixes in misc. openssl applications.
+       o Remove a few potential memory leaks.
+       o Add tighter checks of BIGNUM routines.
+Index: crypto/openssl/README
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/README,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 README
+--- crypto/openssl/README	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.3
++++ crypto/openssl/README	31 Jul 2002 00:46:50 -0000
+@@ -1,7 +1,7 @@
+ 
+- OpenSSL 0.9.6a 5 Apr 2001
++ OpenSSL 0.9.6e 30 July 2002
+ 
+- Copyright (c) 1998-2000 The OpenSSL Project
++ Copyright (c) 1998-2002 The OpenSSL Project
+  Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+  All rights reserved.
+ 
+@@ -62,7 +62,7 @@
+ 
+      X.509v3 certificates
+         X509 encoding/decoding into/from binary ASN1 and a PEM
+-             based ascii-binary encoding which supports encryption with a
++             based ASCII-binary encoding which supports encryption with a
+              private key.  Program to generate RSA and DSA certificate
+              requests and to generate RSA and DSA certificates.
+ 
+@@ -97,7 +97,7 @@
+  locations around the world. _YOU_ are responsible for ensuring that your use
+  of any algorithms is legal by checking if there are any patents in your
+  country.  The file contains some of the patents that we know about or are
+- rumoured to exist. This is not a definitive list.
++ rumored to exist. This is not a definitive list.
+ 
+  RSA Security holds software patents on the RC5 algorithm.  If you
+  intend to use this cipher, you must contact RSA Security for
+@@ -107,8 +107,8 @@
+  only be used with RSA Security's permission. 
+ 
+  The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+- Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
+- be contacted if that algorithm is to be used, their web page is
++ Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
++ should be contacted if that algorithm is to be used; their web page is
+  http://www.ascom.ch/.
+ 
+  INSTALLATION
+@@ -119,8 +119,15 @@
+  INSTALL.VMS.
+ 
+  Read the documentation in the doc/ directory.  It is quite rough, but it
+- lists the functions, you will probably have to look at the code to work out
+- how to used them. Look at the example programs.
++ lists the functions; you will probably have to look at the code to work out
++ how to use them. Look at the example programs.
++
++ PROBLEMS
++ --------
++
++ For some platforms, there are some known problems that may affect the user
++ or application author.  We try to collect those in doc/PROBLEMS, with current
++ thoughts on how they should be solved in a future of OpenSSL.
+ 
+  SUPPORT 
+  -------
+@@ -146,11 +153,13 @@
+     - Problem Description (steps that will reproduce the problem, if known)
+     - Stack Traceback (if the application dumps core)
+ 
+- Report the bug to the OpenSSL project at:
++ Report the bug to the OpenSSL project via the Request Tracker
++ (http://www.openssl.org/rt2.html) by mail to:
+ 
+     openssl-bugs@openssl.org
+ 
+- Note that mail to openssl-bugs@openssl.org is forwarded to a public
++ Note that mail to openssl-bugs@openssl.org is recorded in the publicly
++ readable request tracker database and is forwarded to a public
+  mailing list. Confidential mail may be sent to openssl-security@openssl.org
+  (PGP key available from the key servers).
+ 
+@@ -164,7 +173,9 @@
+  textual explanation of what your patch does.
+ 
+  Note: For legal reasons, contributions from the US can be accepted only
+- if a copy of the patch is sent to crypt@bxa.doc.gov
++ if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
++ see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
++ and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
+ 
+  The preferred format for changes is "diff -u" output. You might
+  generate it like this:
+Index: crypto/openssl/README.ENGINE
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/README.ENGINE,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 README.ENGINE
+--- crypto/openssl/README.ENGINE	26 Nov 2000 11:38:41 -0000	1.1.1.1.2.1
++++ crypto/openssl/README.ENGINE	31 Jul 2002 00:46:50 -0000
+@@ -5,7 +5,7 @@
+   With OpenSSL 0.9.6, a new component has been added to support external 
+   crypto devices, for example accelerator cards.  The component is called
+   ENGINE, and has still a pretty experimental status and almost no
+-  documentation.  It's designed to be faily easily extensible by the
++  documentation.  It's designed to be fairly easily extensible by the
+   calling programs.
+ 
+   There's currently built-in support for the following crypto devices:
+@@ -48,7 +48,7 @@
+   No external crypto device is chosen unless you say so.  You have actively
+   tell the openssl utility commands to use it through a new command line
+   switch called "-engine".  And if you want to use the ENGINE library to
+-  do something similar, you must also explicitely choose an external crypto
++  do something similar, you must also explicitly choose an external crypto
+   device, or the built-in crypto routines will be used, just as in the
+   default OpenSSL distribution.
+ 
+@@ -56,7 +56,7 @@
+   PROBLEMS
+   ========
+ 
+-  It seems like the ENGINE part doesn't work too well with Cryptoswift on
++  It seems like the ENGINE part doesn't work too well with CryptoSwift on
+   Win32.  A quick test done right before the release showed that trying
+   "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
+   an attempt is made to write at memory address 0x00000002.
+Index: crypto/openssl/STATUS
+===================================================================
+RCS file: crypto/openssl/STATUS
+diff -N crypto/openssl/STATUS
+--- crypto/openssl/STATUS	4 Jul 2001 23:22:29 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,92 +0,0 @@
+-
+-  OpenSSL STATUS                           Last modified at
+-  ______________                           $Date: 2000/09/24 15:42:34 $
+-
+-  DEVELOPMENT STATE
+-
+-    o  OpenSSL 0.9.6:  Released on September 24th, 2000
+-    o  OpenSSL 0.9.5a: Released on April      1st, 2000
+-    o  OpenSSL 0.9.5:  Released on February  28th, 2000
+-    o  OpenSSL 0.9.4:  Released on August    09th, 1999
+-    o  OpenSSL 0.9.3a: Released on May       29th, 1999
+-    o  OpenSSL 0.9.3:  Released on May       25th, 1999
+-    o  OpenSSL 0.9.2b: Released on March     22th, 1999
+-    o  OpenSSL 0.9.1c: Released on December  23th, 1998
+-
+-  RELEASE SHOWSTOPPERS
+-
+-  AVAILABLE PATCHES
+-
+-    o CA.pl patch (Damien Miller)
+-
+-  IN PROGRESS
+-
+-    o Steve is currently working on (in no particular order):
+-        ASN1 code redesign, butchery, replacement.
+-        EVP cipher enhancement.
+-        Proper (or at least usable) certificate chain verification.
+-	Private key, certificate and CRL API and implementation.
+-	Developing and bugfixing PKCS#7 (S/MIME code).
+-        Various X509 issues: character sets, certificate request extensions.
+-    o Geoff and Richard are currently working on:
+-	ENGINE (the new code that gives hardware support among others).
+-    o Richard is currently working on:
+-	UTIL (a new set of library functions to support some higher level
+-	      functionality that is currently missing).
+-	Dynamic thread-lock support.
+-	Shared library support for VMS.
+-
+-  NEEDS PATCH
+-
+-    o  non-blocking socket on AIX
+-    o  $(PERL) in */Makefile.ssl
+-    o  "Sign the certificate?" - "n" creates empty certificate file
+-
+-  OPEN ISSUES
+-
+-    o internal_verify doesn't know about X509.v3 (basicConstraints
+-      CA flag ...)
+-
+-    o  The Makefile hierarchy and build mechanism is still not a round thing:
+-
+-       1. The config vs. Configure scripts
+-          It's the same nasty situation as for Apache with APACI vs.
+-          src/Configure. It confuses.
+-          Suggestion: Merge Configure and config into a single configure
+-                      script with a Autoconf style interface ;-) and remove
+-                      Configure and config. Or even let us use GNU Autoconf
+-                      itself. Then we can avoid a lot of those platform checks
+-                      which are currently in Configure.
+-
+-    o  Support for Shared Libraries has to be added at least
+-       for the major Unix platforms. The details we can rip from the stuff
+-       Ralf has done for the Apache src/Configure script. Ben wants the
+-       solution to be really simple.
+-
+-       Status: Ralf will look how we can easily incorporate the
+-               compiler PIC and linker DSO flags from Apache
+-               into the OpenSSL Configure script.
+-
+-               Ulf: +1 for using GNU autoconf and libtool (but not automake,
+-                    which apparently is not flexible enough to generate
+-                    libcrypto)
+-
+-
+-    o  The perl/ stuff needs a major overhaul. Currently it's
+-       totally obsolete. Either we clean it up and enhance it to be up-to-date
+-       with the C code or we also could replace it with the really nice
+-       Net::SSLeay package we can find under
+-       http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
+-       longer time and it works fine and is a nice Perl module. Best would be
+-       to convince the author to work for the OpenSSL project and create a
+-       Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
+-       us.
+-
+-       Status: Ralf thinks we should both contact the author of Net::SSLeay
+-               and look how much effort it is to bring Eric's perl/ stuff up
+-               to date.
+-               Paul +1
+-
+-  WISHES
+-
+-    o 
+Index: crypto/openssl/TABLE
+===================================================================
+RCS file: crypto/openssl/TABLE
+diff -N crypto/openssl/TABLE
+--- crypto/openssl/TABLE	4 Jul 2001 23:22:29 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,2301 +0,0 @@
+-Output of `Configure TABLE':
+-
+-*** BC-16
+-$cc           = bcc
+-$cflags       = 
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** BC-32
+-$cc           = bcc32
+-$cflags       = 
+-$unistd       = 
+-$thread_cflag = 
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR RC4_INDEX
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = win32
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** BS2000-OSD
+-$cc           = c89
+-$cflags       = -O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lsocket -lnsl
+-$bn_ops       = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** CygWin32
+-$cc           = gcc
+-$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+-$unistd       = 
+-$thread_cflag = 
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = win32
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** FreeBSD
+-$cc           = gcc
+-$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-out.o asm/co86-out.o
+-$des_obj      = asm/dx86-out.o asm/yx86-out.o
+-$bf_obj       = asm/bx86-out.o
+-$md5_obj      = asm/mx86-out.o
+-$sha1_obj     = asm/sx86-out.o
+-$cast_obj     = asm/cx86-out.o
+-$rc4_obj      = asm/rx86-out.o
+-$rmd160_obj   = asm/rm86-out.o
+-$rc5_obj      = asm/r586-out.o
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** FreeBSD-alpha
+-$cc           = gcc
+-$cflags       = -DTERMIOS -O -fomit-frame-pointer
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** FreeBSD-elf
+-$cc           = gcc
+-$cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+-$bf_obj       = asm/bx86-elf.o
+-$md5_obj      = asm/mx86-elf.o
+-$sha1_obj     = asm/sx86-elf.o
+-$cast_obj     = asm/cx86-elf.o
+-$rc4_obj      = asm/rx86-elf.o
+-$rmd160_obj   = asm/rm86-elf.o
+-$rc5_obj      = asm/r586-elf.o
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** MPE/iX-gcc
+-$cc           = gcc
+-$cflags       = -D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses
+-$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** Mingw32
+-$cc           = gcc
+-$cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+-$unistd       = 
+-$thread_cflag = 
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = win32
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** NetBSD-m68
+-$cc           = gcc
+-$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** NetBSD-sparc
+-$cc           = gcc
+-$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** NetBSD-x86
+-$cc           = gcc
+-$cflags       = -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** OpenBSD
+-$cc           = gcc
+-$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** OpenBSD-alpha
+-$cc           = gcc
+-$cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** OpenBSD-mips
+-$cc           = gcc
+-$cflags       = -O2 -DL_ENDIAN
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** OpenBSD-x86
+-$cc           = gcc
+-$cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-out.o asm/co86-out.o
+-$des_obj      = asm/dx86-out.o asm/yx86-out.o
+-$bf_obj       = asm/bx86-out.o
+-$md5_obj      = asm/mx86-out.o
+-$sha1_obj     = asm/sx86-out.o
+-$cast_obj     = asm/cx86-out.o
+-$rc4_obj      = asm/rx86-out.o
+-$rmd160_obj   = asm/rm86-out.o
+-$rc5_obj      = asm/r586-out.o
+-$dso_scheme   = dlfcn
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** ReliantUNIX
+-$cc           = cc
+-$cflags       = -KPIC -g -DSNI -DTERMIOS -DB_ENDIAN
+-$unistd       = 
+-$thread_cflag = -Kthread
+-$lflags       = -lsocket -lnsl -lc -L/usr/ucblib -lucb
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** SINIX
+-$cc           = cc
+-$cflags       = -O -DSNI
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lsocket -lnsl -lc -L/usr/ucblib -lucb
+-$bn_ops       = RC4_INDEX RC4_CHAR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** SINIX-N
+-$cc           = /usr/ucb/cc
+-$cflags       = -O2 -misaligned
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lucb
+-$bn_ops       = RC4_INDEX RC4_CHAR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** VC-MSDOS
+-$cc           = cl
+-$cflags       = 
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** VC-NT
+-$cc           = cl
+-$cflags       = 
+-$unistd       = 
+-$thread_cflag = 
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC4_INDEX RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = win32
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** VC-W31-16
+-$cc           = cl
+-$cflags       = 
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** VC-W31-32
+-$cc           = cl
+-$cflags       = 
+-$unistd       = 
+-$thread_cflag = 
+-$lflags       = 
+-$bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** VC-WIN16
+-$cc           = cl
+-$cflags       = 
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** VC-WIN32
+-$cc           = cl
+-$cflags       = 
+-$unistd       = 
+-$thread_cflag = 
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC4_INDEX RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = win32
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** aix-cc
+-$cc           = cc
+-$cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC4_CHAR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** aix-gcc
+-$cc           = gcc
+-$cflags       = -O3 -DAIX -DB_ENDIAN
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC4_CHAR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** alpha-cc
+-$cc           = cc
+-$cflags       = -std1 -tune host -O4 -readonly_strings
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+-$bn_obj       = asm/alpha.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= true64-shared
+-$shared_cflag = 
+-
+-*** alpha-gcc
+-$cc           = gcc
+-$cflags       = -O3
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1
+-$bn_obj       = asm/alpha.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= true64-shared
+-$shared_cflag = 
+-
+-*** alpha164-cc
+-$cc           = cc
+-$cflags       = -std1 -tune host -fast -readonly_strings
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+-$bn_obj       = asm/alpha.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= true64-shared
+-$shared_cflag = 
+-
+-*** bsdi-elf-gcc
+-$cc           = gcc
+-$cflags       = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+-$bf_obj       = asm/bx86-elf.o
+-$md5_obj      = asm/mx86-elf.o
+-$sha1_obj     = asm/sx86-elf.o
+-$cast_obj     = asm/cx86-elf.o
+-$rc4_obj      = asm/rx86-elf.o
+-$rmd160_obj   = asm/rm86-elf.o
+-$rc5_obj      = asm/r586-elf.o
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** bsdi-gcc
+-$cc           = gcc
+-$cflags       = -O3 -ffast-math -DL_ENDIAN -DPERL5 -m486
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = RSA_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86bsdi.o asm/co86bsdi.o
+-$des_obj      = asm/dx86bsdi.o asm/yx86bsdi.o
+-$bf_obj       = asm/bx86bsdi.o
+-$md5_obj      = asm/mx86bsdi.o
+-$sha1_obj     = asm/sx86bsdi.o
+-$cast_obj     = asm/cx86bsdi.o
+-$rc4_obj      = asm/rx86bsdi.o
+-$rmd160_obj   = asm/rm86bsdi.o
+-$rc5_obj      = asm/r586bsdi.o
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** cc
+-$cc           = cc
+-$cflags       = -O
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** cray-t3e
+-$cc           = cc
+-$cflags       = -DBIT_FIELD_LIMITS -DTERMIOS
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** cray-t90-cc
+-$cc           = cc
+-$cflags       = -DBIT_FIELD_LIMITS -DTERMIOS
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug
+-$cc           = gcc
+-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lefence
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug-ben
+-$cc           = gcc
+-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug-ben-debug
+-$cc           = gcc
+-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug-ben-strict
+-$cc           = gcc
+-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug-bodo
+-$cc           = gcc
+-$cflags       = -DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+-$bf_obj       = asm/bx86-elf.o
+-$md5_obj      = asm/mx86-elf.o
+-$sha1_obj     = asm/sx86-elf.o
+-$cast_obj     = asm/cx86-elf.o
+-$rc4_obj      = asm/rx86-elf.o
+-$rmd160_obj   = asm/rm86-elf.o
+-$rc5_obj      = asm/r586-elf.o
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug-levitte-linux-elf
+-$cc           = gcc
+-$cflags       = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldl
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug-linux-elf
+-$cc           = gcc
+-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lefence -ldl
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+-$bf_obj       = asm/bx86-elf.o
+-$md5_obj      = asm/mx86-elf.o
+-$sha1_obj     = asm/sx86-elf.o
+-$cast_obj     = asm/cx86-elf.o
+-$rc4_obj      = asm/rx86-elf.o
+-$rmd160_obj   = asm/rm86-elf.o
+-$rc5_obj      = asm/r586-elf.o
+-$dso_scheme   = dlfcn
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug-linux-elf-noefence
+-$cc           = gcc
+-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldl
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+-$bf_obj       = asm/bx86-elf.o
+-$md5_obj      = asm/mx86-elf.o
+-$sha1_obj     = asm/sx86-elf.o
+-$cast_obj     = asm/cx86-elf.o
+-$rc4_obj      = asm/rx86-elf.o
+-$rmd160_obj   = asm/rm86-elf.o
+-$rc5_obj      = asm/r586-elf.o
+-$dso_scheme   = dlfcn
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug-rse
+-$cc           = cc
+-$cflags       = -DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+-$bf_obj       = asm/bx86-elf.o
+-$md5_obj      = asm/mx86-elf.o
+-$sha1_obj     = asm/sx86-elf.o
+-$cast_obj     = asm/cx86-elf.o
+-$rc4_obj      = asm/rx86-elf.o
+-$rmd160_obj   = asm/rm86-elf.o
+-$rc5_obj      = asm/r586-elf.o
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug-solaris-sparcv8-cc
+-$cc           = cc
+-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -KPIC
+-
+-*** debug-solaris-sparcv8-gcc
+-$cc           = gcc
+-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -fPIC
+-
+-*** debug-solaris-sparcv9-cc
+-$cc           = cc
+-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8plus.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = asm/md5-sparcv8plus.o
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -KPIC
+-
+-*** debug-solaris-sparcv9-gcc
+-$cc           = gcc
+-$cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8plus.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -fPIC
+-
+-*** debug-steve
+-$cc           = gcc
+-$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+-$bf_obj       = asm/bx86-elf.o
+-$md5_obj      = asm/mx86-elf.o
+-$sha1_obj     = asm/sx86-elf.o
+-$cast_obj     = asm/cx86-elf.o
+-$rc4_obj      = asm/rx86-elf.o
+-$rmd160_obj   = asm/rm86-elf.o
+-$rc5_obj      = asm/r586-elf.o
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** debug-ulf
+-$cc           = gcc
+-$cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+-$bf_obj       = asm/bx86-elf.o
+-$md5_obj      = asm/mx86-elf.o
+-$sha1_obj     = asm/sx86-elf.o
+-$cast_obj     = asm/cx86-elf.o
+-$rc4_obj      = asm/rx86-elf.o
+-$rmd160_obj   = asm/rm86-elf.o
+-$rc5_obj      = asm/r586-elf.o
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** dgux-R3-gcc
+-$cc           = gcc
+-$cflags       = -O3 -fomit-frame-pointer
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = RC4_INDEX DES_UNROLL
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** dgux-R4-gcc
+-$cc           = gcc
+-$cflags       = -O3 -fomit-frame-pointer
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lnsl -lsocket
+-$bn_ops       = RC4_INDEX
+-$bn_obj       = RC4_INDEX DES_UNROLL
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** dgux-R4-x86-gcc
+-$cc           = gcc
+-$cflags       = -O3 -fomit-frame-pointer -DL_ENDIAN
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lnsl -lsocket
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+-$bf_obj       = asm/bx86-elf.o
+-$md5_obj      = asm/mx86-elf.o
+-$sha1_obj     = asm/sx86-elf.o
+-$cast_obj     = asm/cx86-elf.o
+-$rc4_obj      = asm/rx86-elf.o
+-$rmd160_obj   = asm/rm86-elf.o
+-$rc5_obj      = asm/r586-elf.o
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** dist
+-$cc           = cc
+-$cflags       = -O
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** gcc
+-$cc           = gcc
+-$cflags       = -O3
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux-brokencc
+-$cc           = cc
+-$cflags       = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -ldld
+-$bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux-brokengcc
+-$cc           = gcc
+-$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -ldld
+-$bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux-cc
+-$cc           = cc
+-$cflags       = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -ldld
+-$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux-gcc
+-$cc           = gcc
+-$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -ldld
+-$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux-parisc-cc
+-$cc           = cc
+-$cflags       = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldld
+-$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux-parisc-cc-o4
+-$cc           = cc
+-$cflags       = -Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+-$unistd       = 
+-$thread_cflag = 
+-$lflags       = -ldld
+-$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux-parisc-gcc
+-$cc           = gcc
+-$cflags       = -O3 -DB_ENDIAN -DBN_DIV2W
+-$unistd       = 
+-$thread_cflag = 
+-$lflags       = -ldld
+-$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux-parisc1_1-cc
+-$cc           = cc
+-$cflags       = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldld
+-$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux-parisc2-cc
+-$cc           = cc
+-$cflags       = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldld
+-$bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+-$bn_obj       = asm/pa-risc2.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux10-brokencc
+-$cc           = cc
+-$cflags       = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldld
+-$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux10-brokengcc
+-$cc           = gcc
+-$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldld
+-$bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux10-cc
+-$cc           = cc
+-$cflags       = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldld
+-$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux10-gcc
+-$cc           = gcc
+-$cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldld
+-$bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dl
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux64-parisc-cc
+-$cc           = cc
+-$cflags       = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldl
+-$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** hpux64-parisc2-cc
+-$cc           = cc
+-$cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldl
+-$bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+-$bn_obj       = asm/pa-risc2W.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** irix-cc
+-$cc           = cc
+-$cflags       = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** irix-gcc
+-$cc           = gcc
+-$cflags       = -O3 -DTERMIOS -DB_ENDIAN
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** irix-mips3-cc
+-$cc           = cc
+-$cflags       = -n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+-$unistd       = 
+-$thread_cflag = -D_SGI_MP_SOURCE
+-$lflags       = 
+-$bn_ops       = DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT
+-$bn_obj       = asm/mips3.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** irix-mips3-gcc
+-$cc           = gcc
+-$cflags       = -mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+-$unistd       = 
+-$thread_cflag = -D_SGI_MP_SOURCE
+-$lflags       = 
+-$bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT
+-$bn_obj       = asm/mips3.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** irix64-mips4-cc
+-$cc           = cc
+-$cflags       = -64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+-$unistd       = 
+-$thread_cflag = -D_SGI_MP_SOURCE
+-$lflags       = 
+-$bn_ops       = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
+-$bn_obj       = asm/mips3.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** irix64-mips4-gcc
+-$cc           = gcc
+-$cflags       = -mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+-$unistd       = 
+-$thread_cflag = -D_SGI_MP_SOURCE
+-$lflags       = 
+-$bn_ops       = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
+-$bn_obj       = asm/mips3.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** linux-alpha+bwx-ccc
+-$cc           = ccc
+-$cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL
+-$bn_obj       = asm/alpha.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** linux-alpha+bwx-gcc
+-$cc           = gcc
+-$cflags       = -O3 -DL_ENDIAN -DTERMIO
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldl
+-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
+-$bn_obj       = asm/alpha.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= linux-shared
+-$shared_cflag = -fPIC
+-
+-*** linux-alpha-ccc
+-$cc           = ccc
+-$cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL
+-$bn_obj       = asm/alpha.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** linux-alpha-gcc
+-$cc           = gcc
+-$cflags       = -O3 -DL_ENDIAN -DTERMIO
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldl
+-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL
+-$bn_obj       = asm/alpha.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= linux-shared
+-$shared_cflag = -fPIC
+-
+-*** linux-aout
+-$cc           = gcc
+-$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-out.o asm/co86-out.o
+-$des_obj      = asm/dx86-out.o asm/yx86-out.o
+-$bf_obj       = asm/bx86-out.o
+-$md5_obj      = asm/mx86-out.o
+-$sha1_obj     = asm/sx86-out.o
+-$cast_obj     = asm/cx86-out.o
+-$rc4_obj      = asm/rx86-out.o
+-$rmd160_obj   = asm/rm86-out.o
+-$rc5_obj      = asm/r586-out.o
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** linux-elf
+-$cc           = gcc
+-$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -ldl
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+-$des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+-$bf_obj       = asm/bx86-elf.o
+-$md5_obj      = asm/mx86-elf.o
+-$sha1_obj     = asm/sx86-elf.o
+-$cast_obj     = asm/cx86-elf.o
+-$rc4_obj      = asm/rx86-elf.o
+-$rmd160_obj   = asm/rm86-elf.o
+-$rc5_obj      = asm/r586-elf.o
+-$dso_scheme   = dlfcn
+-$shared_target= linux-shared
+-$shared_cflag = -fPIC
+-
+-*** linux-elf-arm
+-$cc           = gcc
+-$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = BN_LLONG
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= linux-shared
+-$shared_cflag = -fPIC
+-
+-*** linux-ia64
+-$cc           = gcc
+-$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = SIXTY_FOUR_BIT_LONG
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** linux-m68k
+-$cc           = gcc
+-$cflags       = -DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = BN_LLONG
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** linux-mips
+-$cc           = gcc
+-$cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** linux-ppc
+-$cc           = gcc
+-$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = BN_LLONG
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** linux-sparcv7
+-$cc           = gcc
+-$cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** linux-sparcv8
+-$cc           = gcc
+-$cflags       = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** linux-sparcv9
+-$cc           = gcc
+-$cflags       = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8plus.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = asm/md5-sparcv8plus.o
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** ncr-scde
+-$cc           = cc
+-$cflags       = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lsocket -lnsl
+-$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** newsos4-gcc
+-$cc           = gcc
+-$cflags       = -O -DB_ENDIAN -DNEWS4
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lmld -liberty
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** nextstep
+-$cc           = cc
+-$cflags       = -O -Wall
+-$unistd       = <libc.h>
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** nextstep3.3
+-$cc           = cc
+-$cflags       = -O3 -Wall
+-$unistd       = <libc.h>
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** purify
+-$cc           = purify gcc
+-$cflags       = -g -DPURIFY -Wall
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lsocket -lnsl
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** qnx4
+-$cc           = cc
+-$cflags       = -DL_ENDIAN -DTERMIO
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** rhapsody-ppc-cc
+-$cc           = cc
+-$cflags       = -O3 -DB_ENDIAN
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** sco5-cc
+-$cc           = cc
+-$cflags       = 
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lsocket
+-$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** sco5-gcc
+-$cc           = gcc
+-$cflags       = -O3 -fomit-frame-pointer
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lsocket
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** solaris-sparc-sc3
+-$cc           = cc
+-$cflags       = -fast -O -Xa -DB_ENDIAN
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -KPIC
+-
+-*** solaris-sparcv7-cc
+-$cc           = cc
+-$cflags       = -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -KPIC
+-
+-*** solaris-sparcv7-gcc
+-$cc           = gcc
+-$cflags       = -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -fPIC
+-
+-*** solaris-sparcv8-cc
+-$cc           = cc
+-$cflags       = -xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -KPIC
+-
+-*** solaris-sparcv8-gcc
+-$cc           = gcc
+-$cflags       = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -fPIC
+-
+-*** solaris-sparcv9-cc
+-$cc           = cc
+-$cflags       = -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8plus.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = asm/md5-sparcv8plus.o
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -KPIC
+-
+-*** solaris-sparcv9-gcc
+-$cc           = gcc
+-$cflags       = -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8plus.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = asm/md5-sparcv8plus.o
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -fPIC
+-
+-*** solaris-sparcv9-gcc27
+-$cc           = gcc
+-$cflags       = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+-$bn_obj       = asm/sparcv8plus-gcc27.o
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = asm/md5-sparcv8plus-gcc27.o
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -fPIC
+-
+-*** solaris-x86-gcc
+-$cc           = gcc
+-$cflags       = -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = asm/bn86-sol.o asm/co86-sol.o
+-$des_obj      = asm/dx86-sol.o asm/yx86-sol.o
+-$bf_obj       = asm/bx86-sol.o
+-$md5_obj      = asm/mx86-sol.o
+-$sha1_obj     = asm/sx86-sol.o
+-$cast_obj     = asm/cx86-sol.o
+-$rc4_obj      = asm/rx86-sol.o
+-$rmd160_obj   = asm/rm86-sol.o
+-$rc5_obj      = asm/r586-sol.o
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -fPIC
+-
+-*** solaris64-sparcv9-cc
+-$cc           = cc
+-$cflags       = -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC
+-$unistd       = 
+-$thread_cflag = -D_REENTRANT
+-$lflags       = -lsocket -lnsl -ldl
+-$bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = asm/md5-sparcv9.o
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = dlfcn
+-$shared_target= solaris-shared
+-$shared_cflag = -KPIC
+-
+-*** sunos-gcc
+-$cc           = gcc
+-$cflags       = -O3 -mv8 -Dssize_t=int
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** ultrix-cc
+-$cc           = cc
+-$cflags       = -std1 -O -Olimit 1000 -DL_ENDIAN
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** ultrix-gcc
+-$cc           = gcc
+-$cflags       = -O3 -DL_ENDIAN
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = 
+-$bn_ops       = 
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** unixware-2.0
+-$cc           = cc
+-$cflags       = -O -DFILIO_H
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lsocket -lnsl
+-$bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** unixware-2.0-pentium
+-$cc           = cc
+-$cflags       = -O -DFILIO_H -Kpentium -Kthread
+-$unistd       = 
+-$thread_cflag = (unknown)
+-$lflags       = -lsocket -lnsl
+-$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+-
+-*** unixware-7
+-$cc           = cc
+-$cflags       = -O -DFILIO_H -Kalloca
+-$unistd       = 
+-$thread_cflag = -Kthread
+-$lflags       = -lsocket -lnsl
+-$bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+-$bn_obj       = 
+-$des_obj      = 
+-$bf_obj       = 
+-$md5_obj      = 
+-$sha1_obj     = 
+-$cast_obj     = 
+-$rc4_obj      = 
+-$rmd160_obj   = 
+-$rc5_obj      = 
+-$dso_scheme   = 
+-$shared_target= 
+-$shared_cflag = 
+Index: crypto/openssl/config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/config,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 config
+--- crypto/openssl/config	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.3
++++ crypto/openssl/config	31 Jul 2002 00:46:51 -0000
+@@ -68,6 +68,11 @@
+ 	    4.2)
+ 		echo "whatever-whatever-unixware1"; exit 0
+ 		;;
++     OpenUNIX)
++		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
++		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
++		fi
++		;;
+ 	    5)
+ 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
+ 		    echo "${MACHINE}-sco-unixware7"; exit 0
+@@ -195,15 +200,33 @@
+ 	echo "${MACHINE}-whatever-openbsd"; exit 0
+ 	;;
+ 
++    OpenUNIX:*)
++	echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
++	;;
++
+     OSF1:*:*:*alpha*)
+-	echo "${MACHINE}-dec-osf"; exit 0
++	OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
++	case "$OSFMAJOR" in
++	    4|5)
++		echo "${MACHINE}-dec-tru64"; exit 0
++		;;
++	    1|2|3)
++		echo "${MACHINE}-dec-osf"; exit 0
++		;;
++	    *)
++		echo "${MACHINE}-dec-osf"; exit 0
++		;;
++	esac
+ 	;;
+ 
+     QNX:*)
+-	case "$VERSION" in
++	case "$RELEASE" in
+ 	    4*)
+ 		echo "${MACHINE}-whatever-qnx4"
+ 		;;
++	    6*)
++		echo "${MACHINE}-whatever-qnx6"
++		;;
+ 	    *)
+ 		echo "${MACHINE}-whatever-qnx"
+ 		;;
+@@ -219,6 +242,10 @@
+ 	echo "ppc-apple-rhapsody"; exit 0
+ 	;;
+ 
++    Darwin:*)
++	echo "ppc-apple-darwin"; exit 0
++	;;
++
+     SunOS:5.*)
+ 	echo "${MACHINE}-whatever-solaris2"; exit 0
+ 	;;
+@@ -271,6 +298,25 @@
+ 	echo "mips-sony-newsos4"; exit 0;
+ 	;;
+ 
++    CYGWIN*)
++	case "$RELEASE" in
++	    [bB]*|1.0|1.[12].*)
++		echo "${MACHINE}-whatever-cygwin_pre1.3"
++		;;
++	    *)
++		echo "${MACHINE}-whatever-cygwin"
++		;;
++	esac
++	exit 0
++	;;
++
++    *"CRAY T3E")
++       echo "t3e-cray-unicosmk"; exit 0;
++       ;;
++
++    *CRAY*)
++       echo "j90-cray-unicos"; exit 0;
++       ;;
+ esac
+ 
+ #
+@@ -335,17 +381,29 @@
+ 
+ # figure out if gcc is available and if so we use it otherwise
+ # we fallback to whatever cc does on the system
+-GCCVER=`(gcc --version) 2>/dev/null`
++GCCVER=`(gcc -dumpversion) 2>/dev/null`
+ if [ "$GCCVER" != "" ]; then
+   CC=gcc
+-  # then strip off whatever prefix Cygnus prepends the number with...
+-  GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
++  # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
++  # does give us what we want though, so we use that.  We just just the
++  # major and minor version numbers.
+   # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+   GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
+ else
+   CC=cc
+ fi
+-
++if [ "$SYSTEM" = "HP-UX" ];then
++  # By default gcc is a ILP32 compiler (with long long == 64).
++  GCC_BITS="32"
++  if [ $GCCVER -ge 30 ]; then
++    # PA64 support only came in with gcc 3.0.x.
++    # We look for the preprocessor symbol __LP64__ indicating
++    # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
++    if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
++      GCC_BITS="64"
++    fi
++  fi
++fi
+ if [ "$SYSTEM" = "SunOS" ]; then
+   # check for WorkShop C, expected output is "cc: blah-blah C x.x"
+   CCVER=`(cc -V 2>&1) 2>/dev/null | \
+@@ -435,11 +493,31 @@
+ 	    esac
+ 	fi
+ 	;;
+-  mips-*-linux?) OUT="linux-mips" ;;
++  mips-*-linux?)
++          cat >dummy.c <<EOF
++#include <stdio.h>  /* for printf() prototype */
++        int main (argc, argv) int argc; char *argv[]; {
++#ifdef __MIPSEB__
++  printf ("linux-%s\n", argv[1]);
++#endif
++#ifdef __MIPSEL__
++  printf ("linux-%sel\n", argv[1]);
++#endif
++  return 0;
++}
++EOF
++	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
++	rm dummy dummy.c
++	;;
++  ppc64-*-linux2)
++	#Use the standard target for PPC architecture until we create a
++	#special one for the 64bit architecture.
++	OUT="linux-ppc" ;;
+   ppc-*-linux2) OUT="linux-ppc" ;;
+   m68k-*-linux*) OUT="linux-m68k" ;;
+   ia64-*-linux?) OUT="linux-ia64" ;;
+   ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
++  ppc-apple-darwin) OUT="darwin-ppc-cc" ;;
+   sparc64-*-linux2)
+ 	#Before we can uncomment following lines we have to wait at least
+ 	#till 64-bit glibc for SPARC is operational:-(
+@@ -456,8 +534,29 @@
+ 	sun4d)	OUT="linux-sparcv8" ;;
+ 	*)	OUT="linux-sparcv7" ;;
+ 	esac ;;
++  parisc-*-linux2)
++        CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo`
++	CPUSCHEDULE=`awk '/^cpu.[ 	]: PA/{print substr($3,3)}' /proc/cpuinfo`
++
++	# ??TODO ??  Model transformations
++	# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
++	#    assuming no further arch. identification will ever be used by GCC.
++	# 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
++	# 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
++	#    for these chips in the future.
++	#         PA7300LC -> 7100LC (1.1)
++	#         PA8200   -> 8000   (2.0)
++	#         PA8500   -> 8000   (2.0)
++	#         PA8600   -> 8000   (2.0)
++
++	CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
++	# Finish Model transformations
++
++	options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
++	OUT="linux-parisc" ;;
+   arm*-*-linux2) OUT="linux-elf-arm" ;;
+   s390-*-linux2) OUT="linux-s390" ;;
++  s390x-*-linux?) OUT="linux-s390x" ;;
+   *-*-linux2) OUT="linux-elf" ;;
+   *-*-linux1) OUT="linux-aout" ;;
+   sun4u*-*-solaris2)
+@@ -485,7 +584,15 @@
+   pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
+   *-*-openbsd) OUT="OpenBSD" ;;
+   *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
+-  *-*-osf) OUT="alpha-cc" ;;
++  *-*-osf) OUT="alphaold-cc" ;;
++  *-*-tru64) OUT="alpha-cc" ;;
++  *-*-OpenUNIX*)
++	if [ "$CC" = "gcc" ]; then
++	  OUT="OpenUNIX-8-gcc" 
++	else    
++	  OUT="OpenUNIX-8" 
++	fi
++	;;
+   *-*-unixware7) OUT="unixware-7" ;;
+   *-*-UnixWare7) OUT="unixware-7" ;;
+   *-*-Unixware7) OUT="unixware-7" ;;
+@@ -498,13 +605,27 @@
+   BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
+   RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
+   *-siemens-sysv4) OUT="SINIX" ;;
+-  *-hpux1*)	OUT="hpux-parisc-$CC"
+-		options="$options -D_REENTRANT" ;;
++  *-hpux1*)
++	if [ $CC = "gcc" ];
++	then
++	  if [ $GCC_BITS = "64" ]; then
++	    OUT="hpux64-parisc-gcc"
++	  else
++	    OUT="hpux-parisc-gcc"
++	  fi
++	else
++	  OUT="hpux-parisc-$CC"
++	fi
++	options="$options -D_REENTRANT" ;;
+   *-hpux)	OUT="hpux-parisc-$CC" ;;
+   # these are all covered by the catchall below
+   # *-aix) OUT="aix-$CC" ;;
+   # *-dgux) OUT="dgux" ;;
+   mips-sony-newsos4) OUT="newsos4-gcc" ;;
++  *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
++  *-*-cygwin) OUT="Cygwin" ;;
++  t3e-cray-unicosmk) OUT="cray-t3e" ;;
++  j90-cray-unicos) OUT="cray-j90" ;;
+   *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+ esac
+ 
+@@ -533,7 +654,7 @@
+   i386-*) options="$options 386" ;;
+ esac
+ 
+-for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
++for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+ do
+   if [ ! -d crypto/$i ]
+   then
+Index: crypto/openssl/e_os.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/e_os.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 e_os.h
+--- crypto/openssl/e_os.h	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.3
++++ crypto/openssl/e_os.h	31 Jul 2002 00:47:02 -0000
+@@ -82,6 +82,12 @@
+ #define DEVRANDOM "/dev/urandom"
+ #endif
+ 
++#if defined(VXWORKS)
++#  define NO_SYS_PARAM_H
++#  define NO_CHMOD
++#  define NO_SYSLOG
++#endif
++  
+ #if defined(__MWERKS__) && defined(macintosh)
+ # if macintosh==1
+ #  ifndef MAC_OS_GUSI_SOURCE
+@@ -108,11 +114,11 @@
+ #  define MS_STATIC
+ #endif
+ 
+-#if defined(_WIN32) && !defined(WIN32) && !defined(__CYGWIN32__)
++#if defined(_WIN32) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_UWIN)
+ #  define WIN32
+ #endif
+ 
+-#if (defined(WIN32) || defined(WIN16)) && !defined(__CYGWIN32__)
++#if (defined(WIN32) || defined(WIN16)) && !defined(__CYGWIN32__) && !defined(_UWIN)
+ #  ifndef WINDOWS
+ #    define WINDOWS
+ #  endif
+@@ -136,7 +142,8 @@
+ #define clear_sys_error()	errno=0
+ #endif
+ 
+-#if defined(WINDOWS) && !defined(__CYGWIN32__)
++#if defined(WINDOWS) && !defined(__CYGWIN32__)  && !defined(_UWIN)
++
+ #define get_last_socket_error()	WSAGetLastError()
+ #define clear_socket_error()	WSASetLastError(0)
+ #define readsocket(s,b,n)	recv((s),(b),(n),0)
+@@ -148,6 +155,13 @@
+ #define closesocket(s)		MacSocket_close(s)
+ #define readsocket(s,b,n)	MacSocket_recv((s),(b),(n),true)
+ #define writesocket(s,b,n)	MacSocket_send((s),(b),(n))
++#elif defined(VMS)
++#define get_last_socket_error() errno
++#define clear_socket_error()    errno=0
++#define ioctlsocket(a,b,c)      ioctl(a,b,c)
++#define closesocket(s)          close(s)
++#define readsocket(s,b,n)       recv((s),(b),(n),0)
++#define writesocket(s,b,n)      send((s),(b),(n),0)
+ #else
+ #define get_last_socket_error()	errno
+ #define clear_socket_error()	errno=0
+@@ -170,7 +184,7 @@
+ #  define NO_FP_API
+ #endif
+ 
+-#if (defined(WINDOWS) || defined(MSDOS)) && !defined(__CYGWIN32__)
++#if (defined(WINDOWS) || defined(MSDOS)) && !defined(__CYGWIN32__) && !defined(_UWIN)
+ 
+ #  ifndef S_IFDIR
+ #    define S_IFDIR	_S_IFDIR
+@@ -224,6 +238,7 @@
+ #  define SSLEAY_CONF	OPENSSL_CONF
+ #  define NUL_DEV	"nul"
+ #  define RFILE		".rnd"
++#  define DEFAULT_HOME  "C:"
+ 
+ #else /* The non-microsoft world world */
+ 
+@@ -347,7 +362,9 @@
+ #    ifndef NO_SYS_PARAM_H
+ #      include <sys/param.h>
+ #    endif
+-#    ifndef MPE
++#    ifdef VXWORKS
++#      include <time.h> 
++#    elif !defined(MPE)
+ #      include <sys/time.h> /* Needed under linux for FD_XXX */
+ #    endif
+ 
+@@ -412,13 +429,10 @@
+ #  endif
+ #endif
+ 
+-#if defined(THREADS) || defined(sun)
+-#ifndef _REENTRANT
+-#define _REENTRANT
+-#endif
+-#endif
+-
+ #if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
++  /* include headers first, so our defines don't break it */
++#include <stdlib.h>
++#include <string.h>
+   /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
+ # define memmove(s1,s2,n) bcopy((s2),(s1),(n))
+ # define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
+Index: crypto/openssl/e_os2.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/e_os2.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 e_os2.h
+--- crypto/openssl/e_os2.h	26 Nov 2000 11:32:45 -0000	1.1.1.1.2.1
++++ crypto/openssl/e_os2.h	31 Jul 2002 00:47:02 -0000
+@@ -23,7 +23,7 @@
+    declared explicitely with globaldef and globalref.  On other OS:es,
+    these macros are defined with something sensible. */
+ 
+-#if defined(VMS) && !defined(__DECC)
++#if defined(VMS) && !defined(__DECC) && !defined(__DECCXX)
+ # define OPENSSL_EXTERN globalref
+ # define OPENSSL_GLOBAL globaldef
+ #else
+Index: crypto/openssl/openssl.spec
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/openssl.spec,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 openssl.spec
+--- crypto/openssl/openssl.spec	4 Jul 2001 23:19:08 -0000	1.1.1.1.2.2
++++ crypto/openssl/openssl.spec	31 Jul 2002 00:47:03 -0000
+@@ -1,7 +1,7 @@
+ %define libmaj 0
+ %define libmin 9
+ %define librel 6
+-%define librev a
++%define librev d
+ Release: 1
+ 
+ %define openssldir /var/ssl
+@@ -114,7 +114,7 @@
+ install -m644 libRSAglue.a $RPM_BUILD_ROOT/usr/lib
+ 
+ # Make backwards-compatibility symlink to ssleay
+-ln -s /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
++ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
+ 
+ %clean
+ rm -rf $RPM_BUILD_ROOT
+@@ -135,14 +135,15 @@
+ %dir %attr(0750,root,root) %{openssldir}/private
+ 
+ %files devel
++%defattr(0644,root,root,0755)
+ %doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+ 
+-%defattr(0644,root,root,0755)
+ %attr(0644,root,root) /usr/lib/*.a
+ %attr(0644,root,root) /usr/include/openssl/*
+ %attr(0644,root,root) /usr/man/man[3]/*
+ 
+ %files doc
++%defattr(0644,root,root,0755)
+ %doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+ %doc doc
+ 
+cvs diff: Diffing crypto/openssl/apps
+Index: crypto/openssl/apps/CA.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/CA.pl,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 CA.pl
+--- crypto/openssl/apps/CA.pl	26 Nov 2000 11:32:46 -0000	1.1.1.1.2.2
++++ crypto/openssl/apps/CA.pl	31 Jul 2002 00:46:50 -0000
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/local/bin/perl5
+ #
+ # CA - wrapper around ca to make it easier to use ... basically ca requires
+ #      some setup stuff to be done before you can use it and this makes
+Index: crypto/openssl/apps/Makefile.save
+===================================================================
+RCS file: crypto/openssl/apps/Makefile.save
+diff -N crypto/openssl/apps/Makefile.save
+--- crypto/openssl/apps/Makefile.save	20 Aug 2000 08:48:28 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,818 +0,0 @@
+-#
+-#  apps/Makefile.ssl
+-#
+-
+-DIR=		apps
+-TOP=		..
+-CC=		cc
+-INCLUDES=	-I../include
+-CFLAG=		-g -static
+-INSTALL_PREFIX=
+-INSTALLTOP=	/usr/local/ssl
+-OPENSSLDIR=	/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-PERL=/usr/local/bin/perl
+-RM=		rm -f
+-
+-PEX_LIBS=
+-EX_LIBS= 
+-
+-CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile makeapps.com install.com
+-
+-DLIBCRYPTO=../libcrypto.a
+-DLIBSSL=../libssl.a
+-LIBCRYPTO=-L.. -lcrypto
+-LIBSSL=-L.. -lssl
+-
+-PROGRAM= openssl
+-
+-SCRIPTS=CA.sh CA.pl der_chop
+-
+-EXE= $(PROGRAM)
+-
+-E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
+-	ca crl rsa dsa dsaparam \
+-	x509 genrsa gendsa s_server s_client speed \
+-	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+-	pkcs8 spkac smime rand
+-
+-PROGS= $(PROGRAM).c
+-
+-A_OBJ=apps.o
+-A_SRC=apps.c
+-S_OBJ=	s_cb.o s_socket.o
+-S_SRC=	s_cb.c s_socket.c
+-RAND_OBJ=app_rand.o
+-RAND_SRC=app_rand.c
+-
+-E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
+-	ca.o pkcs7.o crl2p7.o crl.o \
+-	rsa.o dsa.o dsaparam.o \
+-	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
+-	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
+-	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o
+-
+-E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
+-	pkcs7.c crl2p7.c crl.c \
+-	rsa.c dsa.c dsaparam.c \
+-	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
+-	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
+-	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c
+-
+-SRC=$(E_SRC)
+-
+-EXHEADER=
+-HEADER=	apps.h progs.h s_apps.h \
+-	testdsa.h testrsa.h \
+-	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	@(cd ..; $(MAKE) DIRS=$(DIR) all)
+-
+-all:	exe
+-
+-exe:	$(EXE)
+-
+-req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
+-	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-sreq.o: req.c 
+-	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-install:
+-	@for i in $(EXE); \
+-	do  \
+-	(echo installing $$i; \
+-	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+-	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+-	 done;
+-	@for i in $(SCRIPTS); \
+-	do  \
+-	(echo installing $$i; \
+-	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+-	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+-	 done
+-	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
+-	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+-	rm -f req
+-
+-$(DLIBSSL):
+-	(cd ../ssl; $(MAKE))
+-
+-$(DLIBCRYPTO):
+-	(cd ../crypto; $(MAKE))
+-
+-$(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+-	$(RM) $(PROGRAM)
+-	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+-	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+-
+-progs.h: progs.pl
+-	$(PERL) progs.pl $(E_EXE) >progs.h
+-	$(RM) $(PROGRAM).o
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-app_rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-app_rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-app_rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-app_rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-app_rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-app_rand.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-app_rand.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-apps.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-apps.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-apps.o: ../include/openssl/stack.h ../include/openssl/x509.h
+-apps.o: ../include/openssl/x509_vfy.h apps.h
+-asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+-asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+-ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+-ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-ca.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
+-ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-ca.o: ../include/openssl/x509v3.h apps.h
+-ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+-crl.o: ../include/openssl/des.h ../include/openssl/dh.h
+-crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-crl.o: ../include/openssl/x509v3.h apps.h
+-crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+-crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+-dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+-dh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+-dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+-enc.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-enc.o: ../include/openssl/stack.h ../include/openssl/x509.h
+-enc.o: ../include/openssl/x509_vfy.h apps.h
+-errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+-errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+-gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h
+-gendh.o: ../include/openssl/x509_vfy.h apps.h
+-gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+-nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+-openssl.o: ../include/openssl/des.h ../include/openssl/dh.h
+-openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+-passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-passwd.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+-passwd.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-passwd.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+-passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-passwd.o: ../include/openssl/stack.h ../include/openssl/x509.h
+-passwd.o: ../include/openssl/x509_vfy.h apps.h
+-pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+-pkcs12.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+-pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-pkcs12.o: ../include/openssl/stack.h ../include/openssl/x509.h
+-pkcs12.o: ../include/openssl/x509_vfy.h apps.h
+-pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+-pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+-pkcs8.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+-pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h
+-pkcs8.o: ../include/openssl/x509_vfy.h apps.h
+-rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+-rand.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+-rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-rand.o: ../include/openssl/stack.h ../include/openssl/x509.h
+-rand.o: ../include/openssl/x509_vfy.h apps.h
+-req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+-req.o: ../include/openssl/des.h ../include/openssl/dh.h
+-req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-req.o: ../include/openssl/x509v3.h apps.h
+-rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
+-s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-s_client.o: s_apps.h
+-s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-s_server.o: s_apps.h
+-s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
+-s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+-s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-s_time.o: s_apps.h
+-sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+-sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-smime.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-smime.o: ../include/openssl/err.h ../include/openssl/evp.h
+-smime.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+-speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+-speed.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
+-speed.o: ./testrsa.h apps.h
+-spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+-spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
+-spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+-verify.o: ../include/openssl/des.h ../include/openssl/dh.h
+-verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-verify.o: ../include/openssl/x509v3.h apps.h
+-version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-version.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-version.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-version.o: ../include/openssl/stack.h ../include/openssl/x509.h
+-version.o: ../include/openssl/x509_vfy.h apps.h
+-x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+-x509.o: ../include/openssl/des.h ../include/openssl/dh.h
+-x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-x509.o: ../include/openssl/x509v3.h apps.h
+Index: crypto/openssl/apps/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/apps/Makefile.ssl	4 Jul 2001 23:19:09 -0000	1.1.1.1.2.3
++++ crypto/openssl/apps/Makefile.ssl	31 Jul 2002 00:46:50 -0000
+@@ -13,7 +13,7 @@
+ MAKE=		make -f Makefile.ssl
+ MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+ MAKEFILE=	Makefile.ssl
+-PERL=/usr/local/bin/perl
++PERL=		perl
+ RM=		rm -f
+ 
+ PEX_LIBS=
+@@ -128,10 +128,10 @@
+ 	rm -f req
+ 
+ $(DLIBSSL):
+-	(cd ../ssl; $(MAKE))
++	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ 
+ $(DLIBCRYPTO):
+-	(cd ../crypto; $(MAKE))
++	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ 
+ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+ 	$(RM) $(PROGRAM)
+@@ -150,797 +150,780 @@
+ app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ app_rand.o: ../include/openssl/des.h ../include/openssl/dh.h
+ app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-app_rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-app_rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+-app_rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-app_rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-app_rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++app_rand.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
++app_rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++app_rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
++app_rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
++app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
++app_rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++app_rand.o: ../include/openssl/x509_vfy.h apps.h
+ apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ apps.o: ../include/openssl/des.h ../include/openssl/dh.h
+ apps.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-apps.o: ../include/openssl/err.h ../include/openssl/evp.h
+-apps.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-apps.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-apps.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+-apps.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-apps.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-apps.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+-apps.o: ../include/openssl/x509_vfy.h apps.h
++apps.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
++apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++apps.o: ../include/openssl/md4.h ../include/openssl/md5.h
++apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++apps.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
++apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ asn1pars.o: ../include/openssl/des.h ../include/openssl/dh.h
+ asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+-asn1pars.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-asn1pars.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-asn1pars.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-asn1pars.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++asn1pars.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h
++asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h
++asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
++asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++asn1pars.o: ../include/openssl/x509_vfy.h apps.h
+ ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+-ca.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-ca.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+-ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-ca.o: ../include/openssl/x509v3.h apps.h
++ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++ca.o: ../include/openssl/err.h ../include/openssl/evp.h
++ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
++ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
++ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+ ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-ciphers.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ciphers.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ciphers.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
++ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++ciphers.o: ../include/openssl/md2.h ../include/openssl/md4.h
++ciphers.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ciphers.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++ciphers.o: ../include/openssl/x509_vfy.h apps.h
+ crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ crl.o: ../include/openssl/des.h ../include/openssl/dh.h
+ crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-crl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-crl.o: ../include/openssl/err.h ../include/openssl/evp.h
+-crl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-crl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-crl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-crl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-crl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-crl.o: ../include/openssl/x509v3.h apps.h
++crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
++crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++crl.o: ../include/openssl/md4.h ../include/openssl/md5.h
++crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
++crl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+ crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ crl2p7.o: ../include/openssl/des.h ../include/openssl/dh.h
+ crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+-crl2p7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-crl2p7.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-crl2p7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-crl2p7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++crl2p7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h
++crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h
++crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
++crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++crl2p7.o: ../include/openssl/x509_vfy.h apps.h
+ dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
+ dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+-dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++dgst.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
++dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
++dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
++dgst.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++dgst.o: ../include/openssl/x509_vfy.h apps.h
+ dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+-dh.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-dh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-dh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+-dh.o: ../include/openssl/x509_vfy.h apps.h
++dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++dh.o: ../include/openssl/err.h ../include/openssl/evp.h
++dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
++dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++dh.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++dh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++dh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+ dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++dsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
++dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
++dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
++dsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++dsa.o: ../include/openssl/x509_vfy.h apps.h
+ dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
+ dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+-dsaparam.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-dsaparam.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
++dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
++dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
++dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++dsaparam.o: ../include/openssl/x509_vfy.h apps.h
+ enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+ enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+-enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-enc.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+-enc.o: ../include/openssl/x509_vfy.h apps.h
++enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
++enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
++enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
++enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-errstr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-errstr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-errstr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
++errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++errstr.o: ../include/openssl/md2.h ../include/openssl/md4.h
++errstr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++errstr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++errstr.o: ../include/openssl/x509_vfy.h apps.h
+ gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
+ gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+-gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-gendh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+-gendh.o: ../include/openssl/x509_vfy.h apps.h
++gendh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
++gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
++gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
++gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+ gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++gendsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
++gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
++gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
++gendsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++gendsa.o: ../include/openssl/x509_vfy.h apps.h
+ genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+ genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++genrsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
++genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
++genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
++genrsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++genrsa.o: ../include/openssl/x509_vfy.h apps.h
+ nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ nseq.o: ../include/openssl/des.h ../include/openssl/dh.h
+ nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+-nseq.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-nseq.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-nseq.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-nseq.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++nseq.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h
++nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h
++nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
++nseq.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++nseq.o: ../include/openssl/x509_vfy.h apps.h
+ openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ openssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-openssl.o: progs.h s_apps.h
++openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
++openssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
++openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+ passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ passwd.o: ../include/openssl/des.h ../include/openssl/dh.h
+ passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-passwd.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+-passwd.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-passwd.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-passwd.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-passwd.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+-passwd.o: ../include/openssl/x509_vfy.h apps.h
++passwd.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h
++passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h
++passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
++passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
++passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
+ pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+-pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+-pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-pkcs12.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+-pkcs12.o: ../include/openssl/x509_vfy.h apps.h
++pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
++pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
++pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
++pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
+ pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+-pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
++pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
++pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
++pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++pkcs7.o: ../include/openssl/x509_vfy.h apps.h
+ pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
+ pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+-pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+-pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-pkcs8.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+-pkcs8.o: ../include/openssl/x509_vfy.h apps.h
++pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
++pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
++pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
++pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ rand.o: ../include/openssl/des.h ../include/openssl/dh.h
+ rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+-rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+-rand.o: ../include/openssl/x509_vfy.h apps.h
++rand.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
++rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
++rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
++rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
++rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ req.o: ../include/openssl/des.h ../include/openssl/dh.h
+ req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-req.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-req.o: ../include/openssl/err.h ../include/openssl/evp.h
+-req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-req.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-req.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-req.o: ../include/openssl/x509v3.h apps.h
++req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++req.o: ../include/openssl/evp.h ../include/openssl/idea.h
++req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++req.o: ../include/openssl/md4.h ../include/openssl/md5.h
++req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++req.o: ../include/openssl/sha.h ../include/openssl/stack.h
++req.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+ rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+ rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+-rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
++rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
++rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
++rsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++rsa.o: ../include/openssl/x509_vfy.h apps.h
+ rsautl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ rsautl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ rsautl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
+ rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-rsautl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
+-rsautl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-rsautl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-rsautl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++rsautl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
++rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
++rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
++rsautl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++rsautl.o: ../include/openssl/x509_vfy.h apps.h
+ s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-s_cb.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s_cb.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s_cb.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
++s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
++s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++s_cb.o: ../include/openssl/md2.h ../include/openssl/md4.h
++s_cb.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++s_cb.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
+ s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-s_client.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s_client.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-s_client.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
++s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
++s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
++s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
++s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
++s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
++s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
++s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
++s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++s_client.o: s_apps.h
+ s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-s_server.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s_server.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-s_server.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
++s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
++s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
++s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
++s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
++s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
++s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
++s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
++s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++s_server.o: s_apps.h
+ s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-s_socket.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
+-s_socket.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-s_socket.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-s_socket.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s_socket.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
++s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
++s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h
++s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
++s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
++s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
++s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
++s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++s_socket.o: s_apps.h
+ s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-s_time.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s_time.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s_time.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+-s_time.o: s_apps.h
++s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
++s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++s_time.o: ../include/openssl/md2.h ../include/openssl/md4.h
++s_time.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++s_time.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
+ sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-sess_id.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-sess_id.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-sess_id.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
++sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++sess_id.o: ../include/openssl/md2.h ../include/openssl/md4.h
++sess_id.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++sess_id.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++sess_id.o: ../include/openssl/x509_vfy.h apps.h
+ smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ smime.o: ../include/openssl/des.h ../include/openssl/dh.h
+ smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-smime.o: ../include/openssl/err.h ../include/openssl/evp.h
+-smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-smime.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++smime.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
++smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
++smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
++smime.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++smime.o: ../include/openssl/x509_vfy.h apps.h
+ speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ speed.o: ../include/openssl/des.h ../include/openssl/dh.h
+ speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+-speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+-speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-speed.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+-speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
+-speed.o: ./testrsa.h apps.h
++speed.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
++speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
++speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
++speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
++speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
+ spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
+ spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
+-spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
++spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
++spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
++spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
++spkac.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++spkac.o: ../include/openssl/x509_vfy.h apps.h
+ verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ verify.o: ../include/openssl/des.h ../include/openssl/dh.h
+ verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-verify.o: ../include/openssl/err.h ../include/openssl/evp.h
+-verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-verify.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-verify.o: ../include/openssl/x509v3.h apps.h
++verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
++verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
++verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
++verify.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+ version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ version.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ version.o: ../include/openssl/des.h ../include/openssl/dh.h
+ version.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-version.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-version.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+-version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-version.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-version.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+-version.o: ../include/openssl/x509_vfy.h apps.h
++version.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
++version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++version.o: ../include/openssl/md2.h ../include/openssl/md4.h
++version.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+ x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+ x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+ x509.o: ../include/openssl/des.h ../include/openssl/dh.h
+ x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-x509.o: ../include/openssl/err.h ../include/openssl/evp.h
+-x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-x509.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-x509.o: ../include/openssl/x509v3.h apps.h
++x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
++x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
++x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
++x509.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
++x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+Index: crypto/openssl/apps/apps.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/apps.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 apps.c
+--- crypto/openssl/apps/apps.c	26 Nov 2000 11:32:46 -0000	1.1.1.1.2.2
++++ crypto/openssl/apps/apps.c	31 Jul 2002 00:46:50 -0000
+@@ -228,9 +228,16 @@
+ 
+ 	q=strrchr(p,'.');
+ 	if (q == NULL)
+-		q = in+size;
+-	strncpy(out,p,q-p);
+-	out[q-p]='\0';
++		q = p + strlen(p);
++	strncpy(out,p,size-1);
++	if (q-p >= size)
++		{
++		out[size-1]='\0';
++		}
++	else
++		{
++		out[q-p]='\0';
++		}
+ 	}
+ #else
+ void program_name(char *in, char *out, int size)
+@@ -755,7 +762,7 @@
+ 
+ void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
+ {
+-	char buf[256];
++	char *buf;
+ 	char mline = 0;
+ 	int indent = 0;
+ 	if(title) BIO_puts(out, title);
+@@ -764,9 +771,10 @@
+ 		indent = 4;
+ 	}
+ 	if(lflags == XN_FLAG_COMPAT) {
+-		X509_NAME_oneline(nm,buf,256);
+-		BIO_puts(out,buf);
++		buf = X509_NAME_oneline(nm, 0, 0);
++		BIO_puts(out, buf);
+ 		BIO_puts(out, "\n");
++		OPENSSL_free(buf);
+ 	} else {
+ 		if(mline) BIO_puts(out, "\n");
+ 		X509_NAME_print_ex(out, nm, indent, lflags);
+Index: crypto/openssl/apps/asn1pars.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/asn1pars.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 asn1pars.c
+--- crypto/openssl/apps/asn1pars.c	26 Nov 2000 11:32:47 -0000	1.1.1.1.2.2
++++ crypto/openssl/apps/asn1pars.c	31 Jul 2002 00:46:50 -0000
+@@ -181,7 +181,7 @@
+ 		BIO_printf(bio_err,"where options are\n");
+ 		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+ 		BIO_printf(bio_err," -in arg       input file\n");
+-		BIO_printf(bio_err," -out arg      output file\n");
++		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
+ 		BIO_printf(bio_err," -noout arg    don't produce any output\n");
+ 		BIO_printf(bio_err," -offset arg   offset into file\n");
+ 		BIO_printf(bio_err," -length arg   length of section in file\n");
+@@ -192,7 +192,6 @@
+ 		BIO_printf(bio_err," -strparse offset\n");
+ 		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
+ 		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+-		BIO_printf(bio_err," -out filename output DER encoding to file\n");
+ 		goto end;
+ 		}
+ 
+Index: crypto/openssl/apps/ca.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/ca.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 ca.c
+--- crypto/openssl/apps/ca.c	26 Nov 2000 11:32:47 -0000	1.1.1.1.2.2
++++ crypto/openssl/apps/ca.c	31 Jul 2002 00:46:50 -0000
+@@ -82,7 +82,7 @@
+ #    else
+ #      include <unixlib.h>
+ #    endif
+-#  else
++#  elif !defined(VXWORKS)
+ #    include <sys/file.h>
+ #  endif
+ #endif
+@@ -1108,7 +1108,7 @@
+ 			}
+ 		if ((crldays == 0) && (crlhours == 0))
+ 			{
+-			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
++			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
+ 			goto err;
+ 			}
+ 
+@@ -1220,7 +1220,11 @@
+ 			X509_free(revcert);
+ 
+ 			strncpy(buf[0],dbfile,BSIZE-4);
++#ifndef VMS
+ 			strcat(buf[0],".new");
++#else
++			strcat(buf[0],"-new");
++#endif
+ 			if (BIO_write_filename(out,buf[0]) <= 0)
+ 				{
+ 				perror(dbfile);
+@@ -1230,7 +1234,11 @@
+ 			j=TXT_DB_write(out,db);
+ 			if (j <= 0) goto err;
+ 			strncpy(buf[1],dbfile,BSIZE-4);
++#ifndef VMS
+ 			strcat(buf[1],".old");
++#else
++			strcat(buf[1],"-old");
++#endif
+ 			if (rename(dbfile,buf[1]) < 0)
+ 				{
+ 				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
+Index: crypto/openssl/apps/der_chop
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/der_chop,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 der_chop
+--- crypto/openssl/apps/der_chop	20 Aug 2000 08:45:58 -0000	1.1.1.1.2.1
++++ crypto/openssl/apps/der_chop	31 Jul 2002 00:46:50 -0000
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/local/bin/perl5
+ #
+ # der_chop ... this is one total hack that Eric is really not proud of
+ #              so don't look at it and don't ask for support
+Index: crypto/openssl/apps/dgst.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/dgst.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 dgst.c
+--- crypto/openssl/apps/dgst.c	26 Nov 2000 11:32:47 -0000	1.1.1.1.2.2
++++ crypto/openssl/apps/dgst.c	31 Jul 2002 00:46:50 -0000
+@@ -73,7 +73,7 @@
+ #undef PROG
+ #define PROG	dgst_main
+ 
+-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
++void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+ 		EVP_PKEY *key, unsigned char *sigin, int siglen);
+ 
+ int MAIN(int, char **);
+@@ -87,13 +87,13 @@
+ 	BIO *bmd=NULL;
+ 	BIO *out = NULL;
+ 	const char *name;
+-#define PROG_NAME_SIZE  16
+-	char pname[PROG_NAME_SIZE];
++#define PROG_NAME_SIZE  39
++	char pname[PROG_NAME_SIZE+1];
+ 	int separator=0;
+ 	int debug=0;
+ 	const char *outfile = NULL, *keyfile = NULL;
+ 	const char *sigfile = NULL, *randfile = NULL;
+-	char out_bin = -1, want_pub = 0, do_verify = 0;
++	int out_bin = -1, want_pub = 0, do_verify = 0;
+ 	EVP_PKEY *sigkey = NULL;
+ 	unsigned char *sigbuf = NULL;
+ 	int siglen = 0;
+@@ -338,7 +338,7 @@
+ 	EXIT(err);
+ 	}
+ 
+-void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
++void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+ 			EVP_PKEY *key, unsigned char *sigin, int siglen)
+ 	{
+ 	int len;
+Index: crypto/openssl/apps/dsaparam.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/dsaparam.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 dsaparam.c
+--- crypto/openssl/apps/dsaparam.c	4 Jul 2001 23:19:09 -0000	1.1.1.1.2.3
++++ crypto/openssl/apps/dsaparam.c	31 Jul 2002 00:46:50 -0000
+@@ -176,7 +176,7 @@
+ 		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
+ 		BIO_printf(bio_err," -in arg       input file\n");
+ 		BIO_printf(bio_err," -out arg      output file\n");
+-		BIO_printf(bio_err," -text         print the key in text\n");
++		BIO_printf(bio_err," -text         print as text\n");
+ 		BIO_printf(bio_err," -C            Output C code\n");
+ 		BIO_printf(bio_err," -noout        no output\n");
+ 		BIO_printf(bio_err," -rand         files to use for random number input\n");
+Index: crypto/openssl/apps/eay.c
+===================================================================
+RCS file: crypto/openssl/apps/eay.c
+diff -N crypto/openssl/apps/eay.c
+--- crypto/openssl/apps/eay.c	10 Jan 2000 06:21:19 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,131 +0,0 @@
+-/* apps/eay.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <string.h>
+-
+-#define MONOLITH
+-#define USE_SOCKETS
+-
+-#include "openssl/e_os.h"
+-
+-#include <openssl/bio.h>
+-#include <openssl/stack.h>
+-#include <openssl/lhash.h>
+-
+-#include <openssl/err.h>
+-
+-#include <openssl/bn.h>
+-
+-#include <openssl/evp.h>
+-
+-#include <openssl/rand.h>
+-#include <openssl/conf.h>
+-#include <openssl/txt_db.h>
+-
+-#include <openssl/err.h>
+-
+-#include <openssl/x509.h>
+-#include <openssl/pkcs7.h>
+-#include <openssl/pem.h>
+-#include <openssl/asn1.h>
+-#include <openssl/objects.h>
+-
+-#define MONOLITH
+-
+-#include "openssl.c"
+-#include "apps.c"
+-#include "asn1pars.c"
+-#ifndef NO_RSA
+-#include "ca.c"
+-#include "genrsa.c"
+-#include "req.c"
+-#include "rsa.c"
+-#endif
+-#ifndef NO_DH
+-#include "gendh.c"
+-#include "dh.c"
+-#endif
+-#include "crl.c"
+-#include "crl2p7.c"
+-#include "dgst.c"
+-#include "enc.c"
+-#include "errstr.c"
+-#if !defined(NO_SSL2) || !defined(NO_SSL3)
+-#ifndef NO_SOCK
+-#include "s_cb.c"
+-#include "s_client.c"
+-#include "s_server.c"
+-#include "s_socket.c"
+-#include "s_time.c"
+-#endif
+-#endif
+-#include "speed.c"
+-#include "verify.c"
+-#include "version.c"
+-#include "x509.c"
+-#include "ciphers.c"
+-#include "sess_id.c"
+-#include "pkcs7.c"
+-#ifndef NO_DSA
+-#include "dsaparam.c"
+-#include "dsa.c"
+-#include "gendsa.c"
+-#endif
+-
+Index: crypto/openssl/apps/enc.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/enc.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 enc.c
+--- crypto/openssl/apps/enc.c	26 Nov 2000 11:32:48 -0000	1.1.1.1.2.2
++++ crypto/openssl/apps/enc.c	31 Jul 2002 00:46:50 -0000
+@@ -99,8 +99,8 @@
+ 	const EVP_CIPHER *cipher=NULL,*c;
+ 	char *inf=NULL,*outf=NULL;
+ 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+-#define PROG_NAME_SIZE  16
+-	char pname[PROG_NAME_SIZE];
++#define PROG_NAME_SIZE  39
++	char pname[PROG_NAME_SIZE+1];
+ 
+ 	apps_startup();
+ 
+@@ -513,6 +513,14 @@
+ 		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+ 			{
+ 			BIO_printf(bio_err,"invalid hex iv value\n");
++			goto end;
++			}
++		if ((hiv == NULL) && (str == NULL))
++			{
++			/* No IV was explicitly set and no IV was generated
++			 * during EVP_BytesToKey. Hence the IV is undefined,
++			 * making correct decryption impossible. */
++			BIO_printf(bio_err, "iv undefined\n");
+ 			goto end;
+ 			}
+ 		if ((hkey != NULL) && !set_hex(hkey,key,24))
+Index: crypto/openssl/apps/openssl.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/openssl.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 openssl.c
+--- crypto/openssl/apps/openssl.c	26 Nov 2000 11:32:48 -0000	1.1.1.1.2.2
++++ crypto/openssl/apps/openssl.c	31 Jul 2002 00:46:50 -0000
+@@ -88,8 +88,8 @@
+ int main(int Argc, char *Argv[])
+ 	{
+ 	ARGS arg;
+-#define PROG_NAME_SIZE	16
+-	char pname[PROG_NAME_SIZE];
++#define PROG_NAME_SIZE	39
++	char pname[PROG_NAME_SIZE+1];
+ 	FUNCTION f,*fp;
+ 	MS_STATIC char *prompt,buf[1024],config_name[256];
+ 	int n,i,ret=0;
+Index: crypto/openssl/apps/pem_mail.c
+===================================================================
+RCS file: crypto/openssl/apps/pem_mail.c
+diff -N crypto/openssl/apps/pem_mail.c
+--- crypto/openssl/apps/pem_mail.c	10 Jan 2000 06:21:19 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,170 +0,0 @@
+-/* apps/pem_mail.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_RSA
+-#include <stdio.h>
+-#include <openssl/rsa.h>
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-#include <openssl/x509.h>
+-#include <openssl/err.h>
+-#include <openssl/pem.h>
+-#include "apps.h"
+-
+-#undef PROG
+-#define PROG	pem_mail_main
+-
+-static char *usage[]={
+-"usage: pem_mail args\n",
+-"\n",
+-" -in arg         - input file - default stdin\n",
+-" -out arg        - output file - default stdout\n",
+-" -cert arg       - the certificate to use\n",
+-" -key arg        - the private key to use\n",
+-" -MIC           - sign the message\n",
+-" -enc arg        - encrypt with one of cbc-des\n",
+-NULL
+-};
+-
+-
+-typedef struct lines_St
+-	{
+-	char *line;
+-	struct lines_st *next;
+-	} LINES;
+-
+-int main(int argc, char **argv)
+-	{
+-	FILE *in;
+-	RSA *rsa=NULL;
+-	EVP_MD_CTX ctx;
+-	unsigned int mic=0,i,n;
+-	unsigned char buf[1024*15];
+-	char *prog,*infile=NULL,*outfile=NULL,*key=NULL;
+-	int badops=0;
+-
+-	apps_startup();
+-
+-	prog=argv[0];
+-	argc--;
+-	argv++;
+-	while (argc >= 1)
+-		{
+-		if (strcmp(*argv,"-key") == 0)
+-			{
+-			if (--argc < 1) goto bad;
+-			key= *(++argv);
+-			}
+-		else if (strcmp(*argv,"-in") == 0)
+-			{
+-			if (--argc < 1) goto bad;
+-			infile= *(++argv);
+-			}
+-		else if (strcmp(*argv,"-out") == 0)
+-			{
+-			if (--argc < 1) goto bad;
+-			outfile= *(++argv);
+-			}
+-		else if (strcmp(*argv,"-mic") == 0)
+-			mic=1;
+-		else
+-			{
+-			BIO_printf(bio_err,"unknown option %s\n",*argv);
+-			badops=1;
+-			break;
+-			}
+-		argc--;
+-		argv++;
+-		}
+-
+-	if (badops)
+-		{
+-bad:
+-		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+-		BIO_printf(bio_err,"where options  are\n");
+-		EXIT(1);
+-		}
+-
+-	if (key == NULL)
+-		{ BIO_printf(bio_err,"you need to specify a key\n"); EXIT(1); }
+-	in=fopen(key,"r");
+-	if (in == NULL) { perror(key); EXIT(1); }
+-	rsa=PEM_read_RSAPrivateKey(in,NULL,NULL);
+-	if (rsa == NULL)
+-		{
+-		BIO_printf(bio_err,"unable to load Private Key\n");
+-		ERR_print_errors(bio_err);
+-		EXIT(1);
+-		}
+-	fclose(in);
+-
+-	PEM_SignInit(&ctx,EVP_md5());
+-	for (;;)
+-		{
+-		i=fread(buf,1,1024*10,stdin);
+-		if (i <= 0) break;
+-		PEM_SignUpdate(&ctx,buf,i);
+-		}
+-	if (!PEM_SignFinal(&ctx,buf,&n,rsa)) goto err;
+-	BIO_printf(bio_err,"%s\n",buf);
+-	EXIT(0);
+-err:
+-	ERR_print_errors(bio_err);
+-	EXIT(1);
+-	}
+-#endif
+Index: crypto/openssl/apps/pkcs12.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/pkcs12.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 pkcs12.c
+--- crypto/openssl/apps/pkcs12.c	26 Nov 2000 11:32:48 -0000	1.1.1.1.2.2
++++ crypto/openssl/apps/pkcs12.c	31 Jul 2002 00:46:51 -0000
+@@ -749,7 +749,10 @@
+ 		print_attribs (out, bag->attrib, "Bag Attributes");
+ 		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
+ 				return 0;
+-		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
++		if (!(pkey = EVP_PKCS82PKEY (p8))) {
++			PKCS8_PRIV_KEY_INFO_free(p8);
++			return 0;
++		}
+ 		print_attribs (out, p8->attributes, "Key Attributes");
+ 		PKCS8_PRIV_KEY_INFO_free(p8);
+ 		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
+Index: crypto/openssl/apps/pkcs7.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/pkcs7.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 pkcs7.c
+--- crypto/openssl/apps/pkcs7.c	26 Nov 2000 11:32:48 -0000	1.1.1.1.2.2
++++ crypto/openssl/apps/pkcs7.c	31 Jul 2002 00:46:51 -0000
+@@ -88,7 +88,7 @@
+ 	int informat,outformat;
+ 	char *infile,*outfile,*prog;
+ 	int print_certs=0,text=0,noout=0;
+-	int ret=0;
++	int ret=1;
+ 
+ 	apps_startup();
+ 
+Index: crypto/openssl/apps/req.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/req.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 req.c
+--- crypto/openssl/apps/req.c	4 Jul 2001 23:19:09 -0000	1.1.1.1.2.3
++++ crypto/openssl/apps/req.c	31 Jul 2002 00:46:51 -0000
+@@ -283,7 +283,7 @@
+ 						goto end;
+ 						}
+ 
+-					dtmp=X509_get_pubkey(xtmp);
++					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
+ 					if (dtmp->type == EVP_PKEY_DSA)
+ 						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
+ 					EVP_PKEY_free(dtmp);
+@@ -383,8 +383,7 @@
+ 		BIO_printf(bio_err,"                the random number generator\n");
+ 		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
+ 		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
+-
+-		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
++		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
+ 		BIO_printf(bio_err," -config file   request template file.\n");
+ 		BIO_printf(bio_err," -new           new request.\n");
+ 		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
+@@ -719,17 +718,14 @@
+ 
+ 			/* Set version to V3 */
+ 			if(!X509_set_version(x509ss, 2)) goto end;
+-			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
++			if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
+ 
+-			X509_set_issuer_name(x509ss,
+-				X509_REQ_get_subject_name(req));
+-			X509_gmtime_adj(X509_get_notBefore(x509ss),0);
+-			X509_gmtime_adj(X509_get_notAfter(x509ss),
+-				(long)60*60*24*days);
+-			X509_set_subject_name(x509ss,
+-				X509_REQ_get_subject_name(req));
++			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
++			if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
++			if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
++			if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
+ 			tmppkey = X509_REQ_get_pubkey(req);
+-			X509_set_pubkey(x509ss,tmppkey);
++			if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
+ 			EVP_PKEY_free(tmppkey);
+ 
+ 			/* Set up V3 context struct */
+@@ -960,7 +956,7 @@
+ 	else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+ 	if(!i) goto err;
+ 
+-	X509_REQ_set_pubkey(req,pkey);
++	if (!X509_REQ_set_pubkey(req,pkey)) goto err;
+ 
+ 	ret=1;
+ err:
+Index: crypto/openssl/apps/s_client.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/s_client.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 s_client.c
+--- crypto/openssl/apps/s_client.c	4 Jul 2001 23:19:09 -0000	1.1.1.1.2.3
++++ crypto/openssl/apps/s_client.c	31 Jul 2002 00:46:51 -0000
+@@ -896,5 +896,7 @@
+ 	BIO_printf(bio,"---\n");
+ 	if (peer != NULL)
+ 		X509_free(peer);
++	/* flush, or debugging output gets mixed with http response */
++	BIO_flush(bio);
+ 	}
+ 
+Index: crypto/openssl/apps/s_time.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/s_time.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 s_time.c
+--- crypto/openssl/apps/s_time.c	20 Aug 2000 08:45:58 -0000	1.1.1.1.2.1
++++ crypto/openssl/apps/s_time.c	31 Jul 2002 00:46:51 -0000
+@@ -82,7 +82,7 @@
+ #include "wintext.h"
+ #endif
+ 
+-#if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
++#if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
+ #define TIMES
+ #endif
+ 
+@@ -102,7 +102,7 @@
+ #undef TIMES
+ #endif
+ 
+-#ifndef TIMES
++#if !defined(TIMES) && !defined(VXWORKS)
+ #include <sys/timeb.h>
+ #endif
+ 
+@@ -139,6 +139,8 @@
+ #undef BUFSIZZ
+ #define BUFSIZZ 1024*10
+ 
++#undef min
++#undef max
+ #define min(a,b) (((a) < (b)) ? (a) : (b))
+ #define max(a,b) (((a) > (b)) ? (a) : (b))
+ 
+@@ -368,6 +370,22 @@
+ 		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+ 		return((ret == 0.0)?1e-6:ret);
+ 	}
++#elif defined(VXWORKS)
++        {
++	static unsigned long tick_start, tick_end;
++
++	if( s == START )
++		{
++		tick_start = tickGet();
++		return 0;
++		}
++	else
++		{
++		tick_end = tickGet();
++		ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
++		return((ret == 0.0)?1e-6:ret);
++		}
++        }
+ #else /* !times() */
+ 	static struct timeb tstart,tend;
+ 	long i;
+Index: crypto/openssl/apps/smime.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/smime.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 smime.c
+--- crypto/openssl/apps/smime.c	26 Nov 2000 11:32:49 -0000	1.1.1.1.2.2
++++ crypto/openssl/apps/smime.c	31 Jul 2002 00:46:51 -0000
+@@ -290,6 +290,7 @@
+ 		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+ 		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+ 		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
++		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
+ 		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+ 		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
+ 		BIO_printf(bio_err,  "               the random number generator\n");
+@@ -413,7 +414,10 @@
+ 		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+ 	} else if(operation == SMIME_SIGN) {
+ 		p7 = PKCS7_sign(signer, key, other, in, flags);
+-		BIO_reset(in);
++		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
++		  BIO_printf(bio_err, "Can't rewind input file\n");
++		  goto end;
++		}
+ 	} else {
+ 		if(informat == FORMAT_SMIME) 
+ 			p7 = SMIME_read_PKCS7(in, &indata);
+@@ -453,9 +457,9 @@
+ 	} else if(operation == SMIME_VERIFY) {
+ 		STACK_OF(X509) *signers;
+ 		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
+-			BIO_printf(bio_err, "Verification Successful\n");
++			BIO_printf(bio_err, "Verification successful\n");
+ 		} else {
+-			BIO_printf(bio_err, "Verification Failure\n");
++			BIO_printf(bio_err, "Verification failure\n");
+ 			goto end;
+ 		}
+ 		signers = PKCS7_get0_signers(p7, other, flags);
+Index: crypto/openssl/apps/speed.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/speed.c,v
+retrieving revision 1.3.2.3
+diff -u -r1.3.2.3 speed.c
+--- crypto/openssl/apps/speed.c	4 Jul 2001 23:19:09 -0000	1.3.2.3
++++ crypto/openssl/apps/speed.c	31 Jul 2002 02:37:39 -0000
+@@ -84,12 +84,12 @@
+ #include <openssl/rand.h>
+ #include <openssl/err.h>
+ 
+-#if defined(__FreeBSD__)
++#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
+ # define USE_TOD
+-#elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
++#elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC))
+ # define TIMES
+ #endif
+-#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
++#if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS)
+ # define TIMEB
+ #endif
+ 
+@@ -117,7 +117,7 @@
+ #include <sys/timeb.h>
+ #endif
+ 
+-#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
++#if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS)
+ #error "It seems neither struct tms nor struct timeb is supported in this platform!"
+ #endif
+ 
+@@ -226,7 +226,7 @@
+ 
+ #ifdef USE_TOD
+ 	if(usertime)
+-	    {
++		{
+ 		static struct rusage tstart,tend;
+ 
+ 		if (s == START)
+@@ -286,7 +286,23 @@
+ # if defined(TIMES) && defined(TIMEB)
+ 	else
+ # endif
+-# ifdef TIMEB
++# ifdef VXWORKS
++		{
++		static unsigned long tick_start, tick_end;
++
++		if( s == START )
++			{
++			tick_start = tickGet();
++			return 0;
++			}
++		else
++			{
++			tick_end = tickGet();
++			ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
++			return((ret < 0.001)?0.001:ret);
++			}
++                }
++# elif defined(TIMEB)
+ 		{
+ 		static struct timeb tstart,tend;
+ 		long i;
+@@ -305,6 +321,7 @@
+ 			}
+ 		}
+ # endif
++
+ #endif
+ 	}
+ 
+@@ -320,7 +337,9 @@
+ #define DSA_NUM		3
+ 	long count,rsa_count;
+ 	int i,j,k;
++#ifndef NO_RSA
+ 	unsigned rsa_num;
++#endif
+ #ifndef NO_MD2
+ 	unsigned char md2[MD2_DIGEST_LENGTH];
+ #endif
+Index: crypto/openssl/apps/tkca
+===================================================================
+RCS file: crypto/openssl/apps/tkca
+diff -N crypto/openssl/apps/tkca
+--- crypto/openssl/apps/tkca	10 Jan 2000 06:21:20 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,66 +0,0 @@
+-#!/usr/local/bin/perl5
+-#
+-# This is only something I'm playing with, it does not work :-)
+-#
+-
+-use Tk;
+-
+-my $main=MainWindow->new();
+-my $f=$main->Frame(-relief => "ridge", -borderwidth => 2);
+-$f->pack(-fill => 'x');
+-
+-my $ff=$f->Frame;
+-$ff->pack(-fill => 'x');
+-my $l=$ff->Label(-text => "TkCA - SSLeay",
+-	-relief => "ridge", -borderwidth => 2);
+-$l->pack(-fill => 'x', -ipady => 5);
+-
+-my $l=$ff->Button(-text => "Certify");
+-$l->pack(-fill => 'x', -ipady => 5);
+-
+-my $l=$ff->Button(-text => "Review");
+-$l->pack(-fill => 'x', -ipady => 5);
+-
+-my $l=$ff->Button(-text => "Revoke");
+-$l->pack(-fill => 'x', -ipady => 5);
+-
+-my $l=$ff->Button(-text => "Generate CRL");
+-$l->pack(-fill => 'x', -ipady => 5);
+-
+-my($db)=&load_db("demoCA/index.txt");
+-
+-MainLoop;
+-
+-sub load_db
+-	{
+-	my(%ret);
+-	my($file)=@_;
+-	my(*IN);
+-	my(%db_serial,%db_name,@f,@db_s);
+-
+-	$ret{'serial'}=\%db_serial;
+-	$ret{'name'}=\%db_name;
+-
+-	open(IN,"<$file") || die "unable to open $file:$!\n";
+-	while (<IN>)
+-		{
+-		chop;
+-		s/([^\\])\t/\1\t\t/g;
+-		my(@f)=split(/\t\t/);
+-		die "wrong number of fields in $file, line $.\n"
+-			if ($#f != 5);
+-
+-		my(%f);
+-		$f{'type'}=$f[0];
+-		$f{'exp'}=$f[1];
+-		$f{'rev'}=$f[2];
+-		$f{'serial'}=$f[3];
+-		$f{'file'}=$f[4];
+-		$f{'name'}=$f[5];
+-		die "serial number $f{'serial'} appears twice (line $.)\n"
+-			if (defined($db{$f{'serial'}}))
+-		$db_serial{$f{'serial'}}=\%f;
+-		$db_name{$f{'name'}}.=$f{'serial'}." ";
+-		}
+-	return \%ret;
+-	}
+Index: crypto/openssl/apps/x509.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/apps/x509.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 x509.c
+--- crypto/openssl/apps/x509.c	4 Jul 2001 23:19:10 -0000	1.1.1.1.2.3
++++ crypto/openssl/apps/x509.c	31 Jul 2002 00:46:51 -0000
+@@ -233,7 +233,7 @@
+ 		else if (strcmp(*argv,"-CAkeyform") == 0)
+ 			{
+ 			if (--argc < 1) goto bad;
+-			CAformat=str2fmt(*(++argv));
++			CAkeyformat=str2fmt(*(++argv));
+ 			}
+ 		else if (strcmp(*argv,"-days") == 0)
+ 			{
+cvs diff: Diffing crypto/openssl/apps/demoCA
+cvs diff: Diffing crypto/openssl/apps/demoCA/private
+cvs diff: Diffing crypto/openssl/apps/rsa
+Index: crypto/openssl/apps/rsa/01.pem
+===================================================================
+RCS file: crypto/openssl/apps/rsa/01.pem
+diff -N crypto/openssl/apps/rsa/01.pem
+--- crypto/openssl/apps/rsa/01.pem	10 Jan 2000 06:21:21 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,15 +0,0 @@
+------BEGIN CERTIFICATE-----
+-MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+-MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+-BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+-cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+-qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+-MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+-gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+-LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+-Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+-Pjrmw2eSgbdmmdumWAcNPVbV
+------END CERTIFICATE-----
+Index: crypto/openssl/apps/rsa/1.txt
+===================================================================
+RCS file: crypto/openssl/apps/rsa/1.txt
+diff -N crypto/openssl/apps/rsa/1.txt
+--- crypto/openssl/apps/rsa/1.txt	10 Jan 2000 06:21:21 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,50 +0,0 @@
+-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+-subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com
+-Certificate:
+-    Data:
+-        Version: 1 (0x0)
+-        Serial Number:
+-            68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a
+-        Signature Algorithm: md5WithRSAEncryption
+-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+-        Validity
+-            Not Before: May 18 00:00:00 1998 GMT
+-            Not After : May 18 23:59:59 1999 GMT
+-        Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-            RSA Public Key: (1024 bit)
+-                Modulus (1024 bit):
+-                    00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e:
+-                    d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3:
+-                    83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40:
+-                    11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a:
+-                    ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb:
+-                    f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61:
+-                    75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df:
+-                    51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5:
+-                    b0:91:2d:85:ad:2a:1c:e7:f7
+-                Exponent: 65537 (0x10001)
+-    Signature Algorithm: md5WithRSAEncryption
+-        8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe:
+-        d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9:
+-        e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37:
+-        6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5:
+-        7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05:
+-        1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e:
+-        3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5
+------BEGIN CERTIFICATE-----
+-MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+-MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+-BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+-cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+-bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+-qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+-MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+-gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+-LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+-Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+-Pjrmw2eSgbdmmdumWAcNPVbV
+------END CERTIFICATE-----
+Index: crypto/openssl/apps/rsa/SecureServer.pem
+===================================================================
+RCS file: crypto/openssl/apps/rsa/SecureServer.pem
+diff -N crypto/openssl/apps/rsa/SecureServer.pem
+--- crypto/openssl/apps/rsa/SecureServer.pem	10 Jan 2000 06:21:21 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,47 +0,0 @@
+-Certificate:
+-    Data:
+-        Version: 1 (0x0)
+-        Serial Number:
+-            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+-        Signature Algorithm: md2WithRSAEncryption
+-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+-        Validity
+-            Not Before: Nov  9 00:00:00 1994 GMT
+-            Not After : Jan  7 23:59:59 2010 GMT
+-        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-            RSA Public Key: (1000 bit)
+-                Modulus (1000 bit):
+-                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+-                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+-                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+-                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+-                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+-                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+-                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+-                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+-                    dd:2d:d6:c8:1e:7b
+-                Exponent: 65537 (0x10001)
+-    Signature Algorithm: md2WithRSAEncryption
+-        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+-        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+-        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+-        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+-        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+-        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+-        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+------BEGIN CERTIFICATE-----
+-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+------END CERTIFICATE-----
+Index: crypto/openssl/apps/rsa/s.txt
+===================================================================
+RCS file: crypto/openssl/apps/rsa/s.txt
+diff -N crypto/openssl/apps/rsa/s.txt
+--- crypto/openssl/apps/rsa/s.txt	10 Jan 2000 06:21:21 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,49 +0,0 @@
+-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+-Certificate:
+-    Data:
+-        Version: 1 (0x0)
+-        Serial Number:
+-            02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+-        Signature Algorithm: md2WithRSAEncryption
+-        Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+-        Validity
+-            Not Before: Nov  9 00:00:00 1994 GMT
+-            Not After : Jan  7 23:59:59 2010 GMT
+-        Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+-        Subject Public Key Info:
+-            Public Key Algorithm: rsaEncryption
+-            RSA Public Key: (1000 bit)
+-                Modulus (1000 bit):
+-                    00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+-                    01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+-                    e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+-                    37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+-                    4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+-                    65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+-                    b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+-                    54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+-                    dd:2d:d6:c8:1e:7b
+-                Exponent: 65537 (0x10001)
+-    Signature Algorithm: md2WithRSAEncryption
+-        65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+-        c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+-        b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+-        c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+-        4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+-        16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+-        f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+------BEGIN CERTIFICATE-----
+-MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+-A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+-VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+-MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+-BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+-dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+-ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+-0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+-uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+-hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+-YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+-1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+------END CERTIFICATE-----
+cvs diff: Diffing crypto/openssl/apps/set
+cvs diff: Diffing crypto/openssl/bugs
+cvs diff: Diffing crypto/openssl/certs
+Index: crypto/openssl/certs/rsa-ssca.pem
+===================================================================
+RCS file: crypto/openssl/certs/rsa-ssca.pem
+diff -N crypto/openssl/certs/rsa-ssca.pem
+--- crypto/openssl/certs/rsa-ssca.pem	10 Jan 2000 06:21:22 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,19 +0,0 @@
+-subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+-issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+-notBefore=941109235417Z
+-notAfter =991231235417Z
+------BEGIN X509 CERTIFICATE-----
+-
+-MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+-HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+-IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+-Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+-YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+-Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+-roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+-aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+-HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+-iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+-suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+-cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+------END X509 CERTIFICATE-----
+cvs diff: Diffing crypto/openssl/certs/expired
+cvs diff: Diffing crypto/openssl/crypto
+Index: crypto/openssl/crypto/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/Makefile.save
+diff -N crypto/openssl/crypto/Makefile.save
+--- crypto/openssl/crypto/Makefile.save	26 Nov 2000 11:32:52 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,199 +0,0 @@
+-#
+-# SSLeay/crypto/Makefile
+-#
+-
+-DIR=		crypto
+-TOP=		..
+-CC=		cc
+-INCLUDE=	-I. -I../include
+-INCLUDES=	-I.. -I../../include
+-CFLAG=		-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=	/usr/local/ssl
+-MAKE=           make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=       Makefile.ssl
+-RM=             rm -f
+-AR=		ar r
+-
+-PEX_LIBS=
+-EX_LIBS=
+- 
+-CFLAGS= $(INCLUDE) $(CFLAG)
+-
+-
+-LIBS=
+-
+-SDIRS=	md2 md5 sha mdc2 hmac ripemd \
+-	des rc2 rc4 rc5 idea bf cast \
+-	bn rsa dsa dh dso \
+-	buffer bio stack lhash rand err objects \
+-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+-
+-GENERAL=Makefile README crypto-lib.com install.com
+-
+-LIB= $(TOP)/libcrypto.a
+-LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
+-LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
+-HEADER=	cryptlib.h buildinf.h md32_common.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	@(cd ..; $(MAKE) DIRS=$(DIR) all)
+-
+-all: buildinf.h lib subdirs
+-
+-buildinf.h: ../Makefile.ssl
+-	( echo "#ifndef MK1MF_BUILD"; \
+-	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+-	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+-	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+-	echo "  #define DATE \"`date`\""; \
+-	echo "#endif" ) >buildinf.h
+-
+-testapps:
+-	if echo ${SDIRS} | fgrep ' des '; \
+-	then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi
+-	cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
+-
+-subdirs:
+-	@for i in $(SDIRS) ;\
+-	do \
+-	(cd $$i && echo "making all in crypto/$$i..." && \
+-	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+-	done;
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-	@for i in $(SDIRS) ;\
+-	do \
+-	(cd $$i; echo "making 'files' in crypto/$$i..."; \
+-	$(MAKE) PERL='${PERL}' files ); \
+-	done;
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@for i in $(SDIRS); do \
+-	(cd $$i; echo "making links in crypto/$$i..."; \
+-	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
+-	done;
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-libs:
+-	@for i in $(SDIRS) ;\
+-	do \
+-	(cd $$i; echo "making libs in crypto/$$i..."; \
+-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+-	done;
+-
+-tests:
+-	@for i in $(SDIRS) ;\
+-	do \
+-	(cd $$i; echo "making tests in crypto/$$i..."; \
+-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
+-	done;
+-
+-install:
+-	@for i in $(EXHEADER) ;\
+-	do \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-	@for i in $(SDIRS) ;\
+-	do \
+-	(cd $$i; echo "making install in crypto/$$i..."; \
+-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+-	done;
+-
+-lint:
+-	@for i in $(SDIRS) ;\
+-	do \
+-	(cd $$i; echo "making lint in crypto/$$i..."; \
+-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
+-	done;
+-
+-depend:
+-	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+-	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+-	@for i in $(SDIRS) ;\
+-	do \
+-	(cd $$i; echo "making depend in crypto/$$i..."; \
+-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
+-	done;
+-
+-clean:
+-	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-	@for i in $(SDIRS) ;\
+-	do \
+-	(cd $$i; echo "making clean in crypto/$$i..."; \
+-	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
+-	done;
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-	@for i in $(SDIRS) ;\
+-	do \
+-	(cd $$i; echo "making dclean in crypto/$$i..."; \
+-	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+-	done;
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+-cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
+-cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+-cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+-cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+-cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+-cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+-cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+-cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+-cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+-cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+-cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+-cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
+-cversion.o: cryptlib.h
+-ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+-ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+-ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+-ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+-ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+-mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+-mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+-mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+-mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+-mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+-mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+-mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+-mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+-mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+-mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+-tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+-tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+-tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+-tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+-tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
+Index: crypto/openssl/crypto/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/crypto/Makefile.ssl	4 Jul 2001 23:19:11 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/Makefile.ssl	31 Jul 2002 00:46:51 -0000
+@@ -6,7 +6,7 @@
+ TOP=		..
+ CC=		cc
+ INCLUDE=	-I. -I../include
+-INCLUDES=	-I.. -I../../include
++INCLUDES=	-I.. -I../.. -I../../include
+ CFLAG=		-g
+ INSTALL_PREFIX=
+ OPENSSLDIR=     /usr/local/ssl
+@@ -51,11 +51,11 @@
+ 
+ buildinf.h: ../Makefile.ssl
+ 	( echo "#ifndef MK1MF_BUILD"; \
+-	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+-	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+-	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+-	echo "  #define DATE \"`date`\""; \
+-	echo "#endif" ) >buildinf.h
++	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
++	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
++	echo '  #define PLATFORM "$(PLATFORM)"'; \
++	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
++	echo '#endif' ) >buildinf.h
+ 
+ testapps:
+ 	if echo ${SDIRS} | fgrep ' des '; \
+@@ -134,7 +134,7 @@
+ 	@for i in $(SDIRS) ;\
+ 	do \
+ 	(cd $$i; echo "making depend in crypto/$$i..."; \
+-	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
++	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
+ 	done;
+ 
+ clean:
+Index: crypto/openssl/crypto/cryptlib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/cryptlib.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 cryptlib.c
+--- crypto/openssl/crypto/cryptlib.c	26 Nov 2000 11:32:52 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/cryptlib.c	31 Jul 2002 00:46:54 -0000
+@@ -90,6 +90,7 @@
+ 	"ssl_sess_cert",
+ 	"ssl",
+ 	"rand",
++	"rand2",
+ 	"debug_malloc",
+ 	"BIO",
+ 	"gethostbyname",
+@@ -100,7 +101,7 @@
+ 	"debug_malloc2",
+ 	"dso",
+ 	"dynlock",
+-#if CRYPTO_NUM_LOCKS != 28
++#if CRYPTO_NUM_LOCKS != 29
+ # error "Inconsistency between crypto.h and cryptlib.c"
+ #endif
+ 	};
+@@ -227,7 +228,10 @@
+ 	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+ 
+ 	if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
++		{
++		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+ 		return;
++		}
+ 	pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+ 	if (pointer != NULL)
+ 		{
+@@ -240,7 +244,7 @@
+ 			}
+ 		else
+ #endif
+-			if (--(pointer->references) <= 0)
++			if (pointer->references <= 0)
+ 				{
+ 				sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+ 				}
+@@ -399,7 +403,7 @@
+ 		struct CRYPTO_dynlock_value *pointer
+ 			= CRYPTO_get_dynlock_value(i);
+ 
+-		if (pointer)
++		if (pointer && dynlock_lock_callback)
+ 			{
+ 			dynlock_lock_callback(mode, pointer, file, line);
+ 			}
+@@ -430,7 +434,6 @@
+ 			CRYPTO_get_lock_name(type),
+ 			file,line);
+ #endif
+-		*pointer=ret;
+ 		}
+ 	else
+ 		{
+@@ -488,3 +491,11 @@
+ #endif
+ 
+ #endif
++
++void OpenSSLDie(const char *file,int line,const char *assertion)
++    {
++    fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
++	    file,line,assertion);
++    abort();
++    }
++
+Index: crypto/openssl/crypto/cryptlib.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/cryptlib.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 cryptlib.h
+--- crypto/openssl/crypto/cryptlib.h	26 Nov 2000 11:32:52 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/cryptlib.h	31 Jul 2002 00:46:54 -0000
+@@ -89,6 +89,14 @@
+ #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+ #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
+ 
++/* size of string represenations */
++#define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
++#define HEX_SIZE(type)         ((sizeof(type)*2)
++
++/* die if we have to */
++void OpenSSLDie(const char *file,int line,const char *assertion);
++#define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
++
+ #ifdef  __cplusplus
+ }
+ #endif
+Index: crypto/openssl/crypto/crypto.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/crypto.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 crypto.h
+--- crypto/openssl/crypto/crypto.h	4 Jul 2001 23:19:11 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/crypto.h	31 Jul 2002 00:46:54 -0000
+@@ -112,17 +112,18 @@
+ #define	CRYPTO_LOCK_SSL_SESS_CERT	15
+ #define	CRYPTO_LOCK_SSL			16
+ #define	CRYPTO_LOCK_RAND		17
+-#define	CRYPTO_LOCK_MALLOC		18
+-#define	CRYPTO_LOCK_BIO			19
+-#define	CRYPTO_LOCK_GETHOSTBYNAME	20
+-#define	CRYPTO_LOCK_GETSERVBYNAME	21
+-#define	CRYPTO_LOCK_READDIR		22
+-#define	CRYPTO_LOCK_RSA_BLINDING	23
+-#define	CRYPTO_LOCK_DH			24
+-#define	CRYPTO_LOCK_MALLOC2		25
+-#define	CRYPTO_LOCK_DSO			26
+-#define	CRYPTO_LOCK_DYNLOCK		27
+-#define	CRYPTO_NUM_LOCKS		28
++#define	CRYPTO_LOCK_RAND2		18
++#define	CRYPTO_LOCK_MALLOC		19
++#define	CRYPTO_LOCK_BIO			20
++#define	CRYPTO_LOCK_GETHOSTBYNAME	21
++#define	CRYPTO_LOCK_GETSERVBYNAME	22
++#define	CRYPTO_LOCK_READDIR		23
++#define	CRYPTO_LOCK_RSA_BLINDING	24
++#define	CRYPTO_LOCK_DH			25
++#define	CRYPTO_LOCK_MALLOC2		26
++#define	CRYPTO_LOCK_DSO			27
++#define	CRYPTO_LOCK_DYNLOCK		28
++#define	CRYPTO_NUM_LOCKS		29
+ 
+ #define CRYPTO_LOCK		1
+ #define CRYPTO_UNLOCK		2
+@@ -350,6 +351,9 @@
+ int CRYPTO_pop_info(void);
+ int CRYPTO_remove_all_info(void);
+ 
++
++/* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
++ * used as default in CRYPTO_MDEBUG compilations): */
+ /* The last argument has the following significance:
+  *
+  * 0:	called before the actual memory allocation has taken place
+@@ -358,18 +362,18 @@
+ void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
+ void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
+ void CRYPTO_dbg_free(void *addr,int before_p);
+-
+ /* Tell the debugging code about options.  By default, the following values
+  * apply:
+  *
+- * 0:	Clear all options.
+- * 1:	Set the "Show Time" option.
+- * 2:	Set the "Show Thread Number" option.
+- * 3:	1 + 2
++ * 0:                           Clear all options.
++ * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.
++ * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.
++ * V_CRYPTO_MDEBUG_ALL (3):     1 + 2
+  */
+ void CRYPTO_dbg_set_options(long bits);
+ long CRYPTO_dbg_get_options(void);
+ 
++
+ #ifndef NO_FP_API
+ void CRYPTO_mem_leaks_fp(FILE *);
+ #endif
+@@ -377,12 +381,11 @@
+ /* unsigned long order, char *file, int line, int num_bytes, char *addr */
+ void CRYPTO_mem_leaks_cb(void (*cb)(unsigned long, const char *, int, int, void *));
+ 
+-void ERR_load_CRYPTO_strings(void);
+-
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_CRYPTO_strings(void);
+ 
+ /* Error codes for the CRYPTO functions. */
+ 
+@@ -399,4 +402,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/ebcdic.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/ebcdic.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 ebcdic.c
+--- crypto/openssl/crypto/ebcdic.c	4 Jul 2001 23:19:11 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/ebcdic.c	31 Jul 2002 00:46:55 -0000
+@@ -211,7 +211,7 @@
+ }
+ 
+ #else /*CHARSET_EBCDIC*/
+-#if defined(PEDANTIC) || defined(VMS) || defined(__VMS)
++#if defined(PEDANTIC) || defined(VMS) || defined(__VMS) || defined(_DARWIN)
+ static void *dummy=&dummy;
+ #endif
+ #endif
+Index: crypto/openssl/crypto/md32_common.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/md32_common.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 md32_common.h
+--- crypto/openssl/crypto/md32_common.h	20 Aug 2000 08:46:04 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/md32_common.h	31 Jul 2002 00:46:57 -0000
+@@ -198,7 +198,7 @@
+    *
+    * 					<appro@fy.chalmers.se>
+    */
+-#  if defined(__i386)
++#  if defined(__i386) || defined(__i386__)
+ #   define ROTATE(a,n)	({ register unsigned int ret;	\
+ 				asm (			\
+ 				"roll %1,%0"		\
+@@ -224,7 +224,7 @@
+  */
+ # if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+   /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
+-#  if defined(__i386) && !defined(I386_ONLY)
++#  if (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
+ #   define BE_FETCH32(a)	({ register unsigned int l=(a);\
+ 				asm (			\
+ 				"bswapl %0"		\
+Index: crypto/openssl/crypto/opensslv.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/opensslv.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 opensslv.h
+--- crypto/openssl/crypto/opensslv.h	4 Jul 2001 23:19:11 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/opensslv.h	31 Jul 2002 00:46:57 -0000
+@@ -2,7 +2,7 @@
+ #define HEADER_OPENSSLV_H
+ 
+ /* Numeric release version identifier:
+- * MMNNFFPPS: major minor fix patch status
++ * MNNFFPPS: major minor fix patch status
+  * The status nibble has one of the values 0 for development, 1 to e for betas
+  * 1 to 14, and f for release.  The patch level is exactly that.
+  * For example:
+@@ -25,8 +25,8 @@
+  * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+  *  major minor fix final patch/beta)
+  */
+-#define OPENSSL_VERSION_NUMBER	0x0090601fL
+-#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6a 5 Apr 2001"
++#define OPENSSL_VERSION_NUMBER	0x0090605fL
++#define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6e 30 Jul 2002"
+ #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+ 
+ 
+@@ -44,13 +44,13 @@
+  *
+  *	libcrypto.so.0
+  *
+- * On True64 it works a little bit differently.  There, the shared library
+- * version is stored in the file, and is actually a series of versions,
+- * separated by colons.  The rightmost version present in the library when
+- * linking an application is stored in the application to be matched at
+- * run time.  When the application is run, a check is done to see if the
+- * library version stored in the application matches any of the versions
+- * in the version string of the library itself.
++ * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
++ * shared library version is stored in the file, and is actually a series
++ * of versions, separated by colons.  The rightmost version present in the
++ * library when linking an application is stored in the application to be
++ * matched at run time.  When the application is run, a check is done to
++ * see if the library version stored in the application matches any of the
++ * versions in the version string of the library itself.
+  * This version string can be constructed in any way, depending on what
+  * kind of matching is desired.  However, to implement the same scheme as
+  * the one used in the other unixen, all compatible versions, from lowest
+@@ -73,7 +73,7 @@
+  * However, it's nice and more understandable if it actually does.
+  * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+  * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+- * For the sake of True64 and any other OS that behaves in similar ways,
++ * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
+  * we need to keep a history of version numbers, which is done in the
+  * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
+  * should only keep the versions that are binary compatible with the current.
+Index: crypto/openssl/crypto/tmdiff.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/tmdiff.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 tmdiff.c
+--- crypto/openssl/crypto/tmdiff.c	26 Nov 2000 11:32:53 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/tmdiff.c	31 Jul 2002 00:46:59 -0000
+@@ -67,9 +67,11 @@
+ 
+ #ifndef MSDOS
+ #  ifndef WIN32
++#   ifndef VXWORKS
+ #    if !defined(VMS) || defined(__DECC)
+ #      define TIMES
+ #    endif
++#   endif
+ #  endif
+ #endif
+ 
+@@ -95,7 +97,7 @@
+ #include <sys/param.h>
+ #endif
+ 
+-#ifndef TIMES
++#if !defined(TIMES) && !defined(VXWORKS)
+ #include <sys/timeb.h>
+ #endif
+ 
+@@ -125,7 +127,11 @@
+ 	HANDLE thread_id;
+ 	FILETIME ms_win32;
+ #  else
++#    ifdef VXWORKS
++          unsigned long ticks;
++#    else
+ 	struct timeb ms_timeb;
++#    endif
+ #  endif
+ #endif
+ 	} MS_TM;
+@@ -163,7 +169,11 @@
+ #  ifdef WIN32
+ 	GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));
+ #  else
++#    ifdef VXWORKS
++        tm->ticks = tickGet();
++#    else
+ 	ftime(&tm->ms_timeb);
++#    endif
+ #  endif
+ #endif
+ 	}
+@@ -193,10 +203,14 @@
+ 	ret=((double)(lb-la))/1e7;
+ 	}
+ # else
++#  ifdef VXWORKS
++        ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet();
++#  else
+ 	ret=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
+ 		(((double)b->ms_timeb.millitm)-
+ 		((double)a->ms_timeb.millitm))/1000.0;
+ #  endif
++# endif
+ #endif
+ 	return((ret < 0.0000001)?0.0000001:ret);
+ 	}
+@@ -214,9 +228,13 @@
+ 	d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;
+ 	d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
+ # else
++#  ifdef VXWORKS
++        d = (b->ticks - a->ticks);
++#  else
+ 	d=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
+ 		(((double)b->ms_timeb.millitm)-(double)a->ms_timeb.millitm)/1000.0;
+ #  endif
++# endif
+ #endif
+ 	if (d == 0.0)
+ 		ret=0;
+cvs diff: Diffing crypto/openssl/crypto/asn1
+Index: crypto/openssl/crypto/asn1/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/asn1/Makefile.save
+diff -N crypto/openssl/crypto/asn1/Makefile.save
+--- crypto/openssl/crypto/asn1/Makefile.save	26 Nov 2000 11:32:57 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,1345 +0,0 @@
+-#
+-# SSLeay/crypto/asn1/Makefile
+-#
+-
+-DIR=	asn1
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile README
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+-	a_null.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
+-	a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+-	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
+-	x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
+-	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
+-	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
+-	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+-	t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
+-	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
+-	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
+-	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
+-	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+-	asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+-	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
+-LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+-	a_null.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
+-	a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+-	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
+-	x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
+-	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
+-	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
+-	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+-	t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
+-	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
+-	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
+-	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
+-	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+-	asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+-	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER=  asn1.h asn1_mac.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-test:	test.c
+-	cc -g -I../../include -c test.c
+-	cc -g -I../../include -o test test.o -L../.. -lcrypto
+-
+-pk:	pk.c
+-	cc -g -I../../include -c pk.c
+-	cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-a_bitstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_bitstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_bitstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_bitstr.o: ../cryptlib.h
+-a_bmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_bmp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_bmp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_bmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_bmp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_bmp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_bmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_bmp.o: ../cryptlib.h
+-a_bool.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_bool.o: ../cryptlib.h
+-a_bytes.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-a_bytes.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-a_d2i_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-a_d2i_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-a_d2i_fp.o: ../../include/openssl/opensslconf.h
+-a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_d2i_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_d2i_fp.o: ../cryptlib.h
+-a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-a_digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-a_digest.o: ../../include/openssl/opensslconf.h
+-a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-a_digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-a_digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-a_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-a_dup.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-a_dup.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-a_dup.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-a_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_enum.o: ../cryptlib.h
+-a_gentm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_gentm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_gentm.o: ../cryptlib.h
+-a_hdr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-a_hdr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-a_hdr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-a_i2d_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-a_i2d_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-a_i2d_fp.o: ../../include/openssl/opensslconf.h
+-a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_i2d_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_i2d_fp.o: ../cryptlib.h
+-a_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_int.o: ../cryptlib.h
+-a_mbstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_mbstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_mbstr.o: ../cryptlib.h
+-a_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_meth.o: ../cryptlib.h
+-a_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_null.o: ../cryptlib.h
+-a_object.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_object.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+-a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_object.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_object.o: ../cryptlib.h
+-a_octet.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_octet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_octet.o: ../cryptlib.h
+-a_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_print.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_print.o: ../cryptlib.h
+-a_set.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-a_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-a_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-a_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-a_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-a_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-a_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-a_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-a_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-a_sign.o: ../cryptlib.h
+-a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+-a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-a_strex.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-a_strex.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-a_strex.o: charmap.h
+-a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+-a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_strnid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_strnid.o: ../cryptlib.h
+-a_time.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_time.o: ../cryptlib.h
+-a_type.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-a_type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-a_type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-a_utctm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_utctm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_utctm.o: ../cryptlib.h
+-a_utf8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_utf8.o: ../cryptlib.h
+-a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-a_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-a_verify.o: ../../include/openssl/opensslconf.h
+-a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-a_vis.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-a_vis.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-a_vis.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-a_vis.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-a_vis.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-a_vis.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-a_vis.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-a_vis.o: ../cryptlib.h
+-asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+-asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-asn1_err.o: ../../include/openssl/opensslconf.h
+-asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-asn1_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-asn1_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-asn1_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-asn1_lib.o: ../../include/openssl/opensslconf.h
+-asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-asn1_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-asn1_lib.o: ../cryptlib.h
+-asn1_par.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-asn1_par.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+-asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-asn1_par.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-asn1_par.o: ../cryptlib.h
+-asn_pack.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-asn_pack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-asn_pack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-asn_pack.o: ../cryptlib.h
+-d2i_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-d2i_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-d2i_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-d2i_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+-d2i_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-d2i_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+-d2i_dhp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-d2i_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-d2i_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-d2i_dhp.o: ../cryptlib.h
+-d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-d2i_dsap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-d2i_dsap.o: ../../include/openssl/opensslconf.h
+-d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-d2i_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-d2i_dsap.o: ../cryptlib.h
+-d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-d2i_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-d2i_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-d2i_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-d2i_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-d2i_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-d2i_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-d2i_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-d2i_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-d2i_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-d2i_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-d2i_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-d2i_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-d2i_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-d2i_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-d2i_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-d2i_r_pr.o: ../../include/openssl/opensslconf.h
+-d2i_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+-d2i_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-d2i_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-d2i_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-d2i_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-d2i_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-d2i_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-d2i_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-d2i_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-d2i_r_pu.o: ../../include/openssl/opensslconf.h
+-d2i_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+-d2i_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-d2i_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-d2i_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-d2i_s_pr.o: ../../include/openssl/opensslconf.h
+-d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-d2i_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-d2i_s_pr.o: ../cryptlib.h
+-d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-d2i_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-d2i_s_pu.o: ../../include/openssl/opensslconf.h
+-d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-d2i_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-d2i_s_pu.o: ../cryptlib.h
+-evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-evp_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-evp_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-evp_asn1.o: ../../include/openssl/opensslconf.h
+-evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-evp_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-evp_asn1.o: ../cryptlib.h
+-f_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-f_enum.o: ../cryptlib.h
+-f_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-f_int.o: ../cryptlib.h
+-f_string.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-f_string.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-f_string.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-f_string.o: ../cryptlib.h
+-i2d_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-i2d_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-i2d_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-i2d_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+-i2d_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-i2d_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-i2d_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-i2d_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-i2d_dhp.o: ../cryptlib.h
+-i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-i2d_dsap.o: ../../include/openssl/opensslconf.h
+-i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-i2d_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-i2d_dsap.o: ../cryptlib.h
+-i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-i2d_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-i2d_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-i2d_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-i2d_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-i2d_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-i2d_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-i2d_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-i2d_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-i2d_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-i2d_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-i2d_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-i2d_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-i2d_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-i2d_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-i2d_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-i2d_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-i2d_r_pr.o: ../../include/openssl/opensslconf.h
+-i2d_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+-i2d_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-i2d_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-i2d_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-i2d_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-i2d_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-i2d_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-i2d_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-i2d_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-i2d_r_pu.o: ../../include/openssl/opensslconf.h
+-i2d_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+-i2d_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-i2d_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-i2d_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-i2d_s_pr.o: ../../include/openssl/opensslconf.h
+-i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-i2d_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-i2d_s_pr.o: ../cryptlib.h
+-i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-i2d_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-i2d_s_pu.o: ../../include/openssl/opensslconf.h
+-i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-i2d_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-i2d_s_pu.o: ../cryptlib.h
+-n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-n_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-n_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-n_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-nsseq.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-nsseq.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-nsseq.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-nsseq.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+-nsseq.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-nsseq.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-nsseq.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-nsseq.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-p5_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p5_pbe.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p5_pbe.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p5_pbe.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p5_pbe.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p5_pbe.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p5_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+-p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-p5_pbe.o: ../cryptlib.h
+-p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+-p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-p5_pbev2.o: ../cryptlib.h
+-p7_dgst.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p7_dgst.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p7_dgst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p7_dgst.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p7_dgst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p7_dgst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p7_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p7_dgst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p7_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p7_dgst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p7_dgst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p7_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p7_dgst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p7_dgst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p7_dgst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p7_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p7_dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p7_dgst.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p7_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p7_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p7_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p7_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p7_enc.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p7_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p7_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p7_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p7_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p7_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p7_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p7_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p7_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p7_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p7_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p7_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p7_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p7_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p7_enc_c.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p7_enc_c.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p7_enc_c.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p7_enc_c.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p7_enc_c.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p7_enc_c.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p7_enc_c.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p7_enc_c.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p7_enc_c.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p7_enc_c.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p7_enc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p7_enc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p7_enc_c.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p7_enc_c.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p7_enc_c.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p7_enc_c.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p7_enc_c.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p7_enc_c.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p7_evp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p7_evp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p7_evp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p7_evp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p7_evp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p7_evp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p7_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p7_evp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p7_evp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p7_evp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p7_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p7_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p7_evp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p7_evp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p7_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p7_evp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p7_evp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p7_evp.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p7_i_s.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p7_i_s.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p7_i_s.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p7_i_s.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p7_i_s.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p7_i_s.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p7_i_s.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p7_i_s.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p7_i_s.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p7_i_s.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p7_i_s.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p7_i_s.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p7_i_s.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p7_i_s.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p7_i_s.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p7_i_s.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p7_i_s.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p7_i_s.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p7_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p7_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p7_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p7_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p7_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p7_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p7_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p7_recip.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p7_recip.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p7_recip.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p7_recip.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p7_recip.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p7_recip.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p7_recip.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p7_recip.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p7_recip.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p7_recip.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p7_recip.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p7_recip.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p7_recip.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p7_recip.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p7_recip.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p7_recip.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p7_recip.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p7_recip.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p7_s_e.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p7_s_e.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p7_s_e.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p7_s_e.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p7_s_e.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p7_s_e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p7_s_e.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p7_s_e.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p7_s_e.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p7_s_e.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p7_s_e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p7_s_e.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p7_s_e.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p7_s_e.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p7_s_e.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p7_s_e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p7_s_e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p7_s_e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p7_signd.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p7_signd.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p7_signd.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p7_signd.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p7_signd.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p7_signd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p7_signd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p7_signd.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p7_signd.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p7_signd.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p7_signd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p7_signd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p7_signd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p7_signd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p7_signd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p7_signd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p7_signd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p7_signd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p7_signi.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p7_signi.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p7_signi.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p7_signi.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p7_signi.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p7_signi.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p7_signi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p7_signi.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p7_signi.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p7_signi.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p7_signi.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p7_signi.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p7_signi.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p7_signi.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p7_signi.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p7_signi.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p7_signi.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p7_signi.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p8_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-t_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-t_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-t_pkey.o: ../cryptlib.h
+-t_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-t_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-t_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-t_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-t_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-t_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-t_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-t_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-t_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-t_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_algor.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_algor.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_algor.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_algor.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_algor.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_algor.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_attrib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_cinf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_cinf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_cinf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_cinf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_cinf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_cinf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_cinf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_cinf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_cinf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_cinf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_cinf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_cinf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_cinf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_cinf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_cinf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_cinf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_cinf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_cinf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_crl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_crl.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_exten.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_exten.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_exten.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_exten.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_exten.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_exten.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_info.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_name.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_name.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_name.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_name.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_name.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_name.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_name.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_name.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_pubkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_pubkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_req.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_sig.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_sig.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_sig.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_sig.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_val.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_val.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_val.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_val.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_val.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_val.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_val.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_val.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x_x509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+-x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+-x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-x_x509.o: ../cryptlib.h
+-x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+Index: crypto/openssl/crypto/asn1/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/crypto/asn1/Makefile.ssl	4 Jul 2001 23:19:12 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/asn1/Makefile.ssl	31 Jul 2002 00:46:51 -0000
+@@ -936,40 +936,40 @@
+ t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-t_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
++t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++t_bitst.o: ../cryptlib.h
+ t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
++t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++t_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++t_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++t_crl.o: ../cryptlib.h
+ t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+ t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+ t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+@@ -985,20 +985,20 @@
+ t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
++t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++t_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++t_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++t_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++t_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++t_req.o: ../cryptlib.h
+ t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+@@ -1024,20 +1024,20 @@
+ t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
++t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++t_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++t_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++t_x509.o: ../cryptlib.h
+ t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+@@ -1310,21 +1310,20 @@
+ x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+-x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-x_x509.o: ../cryptlib.h
++x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
++x_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++x_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
++x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++x_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
++x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
++x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
++x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
++x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
+ x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+Index: crypto/openssl/crypto/asn1/a_bitstr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/a_bitstr.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 a_bitstr.c
+--- crypto/openssl/crypto/asn1/a_bitstr.c	26 Nov 2000 11:32:58 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/a_bitstr.c	31 Jul 2002 00:46:51 -0000
+@@ -89,8 +89,6 @@
+ 	if (a == NULL) return(0);
+ 
+ 	len=a->length;
+-	ret=1+len;
+-	if (pp == NULL) return(ret);
+ 
+ 	if (len > 0)
+ 		{
+@@ -118,6 +116,10 @@
+ 		}
+ 	else
+ 		bits=0;
++
++	ret=1+len;
++	if (pp == NULL) return(ret);
++
+ 	p= *pp;
+ 
+ 	*(p++)=(unsigned char)bits;
+@@ -224,6 +226,7 @@
+ 	w=n/8;
+ 	v=1<<(7-(n&0x07));
+ 	iv= ~v;
++	if (!value) v=0;
+ 
+ 	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
+ 
+Index: crypto/openssl/crypto/asn1/a_enum.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/a_enum.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 a_enum.c
+--- crypto/openssl/crypto/asn1/a_enum.c	26 Nov 2000 11:32:58 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/a_enum.c	31 Jul 2002 00:46:51 -0000
+@@ -205,7 +205,18 @@
+ 	else ret->type=V_ASN1_ENUMERATED;
+ 	j=BN_num_bits(bn);
+ 	len=((j == 0)?0:((j/8)+1));
+-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
++	if (ret->length < len+4)
++		{
++		unsigned char *new_data=
++			OPENSSL_realloc(ret->data, len+4);
++		if (!new_data)
++			{
++			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
++			goto err;
++			}
++		ret->data=new_data;
++		}
++
+ 	ret->length=BN_bn2bin(bn,ret->data);
+ 	return(ret);
+ err:
+Index: crypto/openssl/crypto/asn1/a_gentm.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/a_gentm.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 a_gentm.c
+--- crypto/openssl/crypto/asn1/a_gentm.c	26 Nov 2000 11:32:59 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/a_gentm.c	31 Jul 2002 00:46:51 -0000
+@@ -203,7 +203,7 @@
+ 	if (s == NULL)
+ 		return(NULL);
+ 
+-#if defined(THREADS) && !defined(WIN32)
++#if defined(THREADS) && !defined(WIN32) && ! defined(_DARWIN)
+ 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+ 	ts=&data;
+ #else
+Index: crypto/openssl/crypto/asn1/a_int.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/a_int.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 a_int.c
+--- crypto/openssl/crypto/asn1/a_int.c	26 Nov 2000 11:32:59 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/a_int.c	31 Jul 2002 00:46:51 -0000
+@@ -451,7 +451,16 @@
+ 	else ret->type=V_ASN1_INTEGER;
+ 	j=BN_num_bits(bn);
+ 	len=((j == 0)?0:((j/8)+1));
+-	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
++	if (ret->length < len+4)
++		{
++		unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
++		if (!new_data)
++			{
++			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
++			goto err;
++			}
++		ret->data=new_data;
++		}
+ 	ret->length=BN_bn2bin(bn,ret->data);
+ 	return(ret);
+ err:
+Index: crypto/openssl/crypto/asn1/a_set.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/a_set.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 a_set.c
+--- crypto/openssl/crypto/asn1/a_set.c	26 Nov 2000 11:32:59 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/asn1/a_set.c	31 Jul 2002 00:46:51 -0000
+@@ -116,7 +116,7 @@
+ 		}
+ 
+         pStart  = p; /* Catch the beg of Setblobs*/
+-        rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
++        if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
+ we will store the SET blobs */
+ 
+         for (i=0; i<sk_num(a); i++)
+@@ -133,7 +133,7 @@
+  /* Now we have to sort the blobs. I am using a simple algo.
+     *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
+         qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+-        pTempMem = OPENSSL_malloc(totSize);
++        if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
+ 
+ /* Copy to temp mem */
+         p = pTempMem;
+Index: crypto/openssl/crypto/asn1/a_sign.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/a_sign.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 a_sign.c
+--- crypto/openssl/crypto/asn1/a_sign.c	26 Nov 2000 11:32:59 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/a_sign.c	31 Jul 2002 00:46:51 -0000
+@@ -55,6 +55,59 @@
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
+  */
++/* ====================================================================
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
+ 
+ #include <stdio.h>
+ #include <time.h>
+@@ -87,7 +140,14 @@
+ 		else
+ 			a=algor2;
+ 		if (a == NULL) continue;
+-		if (	(a->parameter == NULL) || 
++                if (type->pkey_type == NID_dsaWithSHA1)
++			{
++			/* special case: RFC 2459 tells us to omit 'parameters'
++			 * with id-dsa-with-sha1 */
++			ASN1_TYPE_free(a->parameter);
++			a->parameter = NULL;
++			}
++		else if ((a->parameter == NULL) || 
+ 			(a->parameter->type != V_ASN1_NULL))
+ 			{
+ 			ASN1_TYPE_free(a->parameter);
+Index: crypto/openssl/crypto/asn1/a_strnid.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/a_strnid.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 a_strnid.c
+--- crypto/openssl/crypto/asn1/a_strnid.c	4 Jul 2001 23:19:12 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/asn1/a_strnid.c	31 Jul 2002 00:46:51 -0000
+@@ -105,9 +105,9 @@
+ 		mask = strtoul(p + 5, &end, 0);
+ 		if(*end) return 0;
+ 	} else if(!strcmp(p, "nombstr"))
+-			 mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING);
++		mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
+ 	else if(!strcmp(p, "pkix"))
+-			mask = ~B_ASN1_T61STRING;
++			mask = ~((unsigned long)B_ASN1_T61STRING);
+ 	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
+ 	else if(!strcmp(p, "default"))
+ 	    mask = 0xFFFFFFFFL;
+Index: crypto/openssl/crypto/asn1/a_time.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/a_time.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 a_time.c
+--- crypto/openssl/crypto/asn1/a_time.c	26 Nov 2000 11:32:59 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/a_time.c	31 Jul 2002 00:46:52 -0000
+@@ -113,7 +113,7 @@
+ ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+ 	{
+ 	struct tm *ts;
+-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
++#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
+ 	struct tm data;
+ 
+ 	gmtime_r(&t,&data);
+Index: crypto/openssl/crypto/asn1/a_utctm.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/a_utctm.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 a_utctm.c
+--- crypto/openssl/crypto/asn1/a_utctm.c	26 Nov 2000 11:32:59 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/a_utctm.c	31 Jul 2002 00:46:52 -0000
+@@ -203,7 +203,7 @@
+ 	if (s == NULL)
+ 		return(NULL);
+ 
+-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
++#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
+ 	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+ 	ts=&data;
+ #else
+@@ -270,6 +270,9 @@
+ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+ 	{
+ 	struct tm *tm;
++#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
++	struct tm data;
++#endif
+ 	int offset;
+ 	int year;
+ 
+@@ -286,8 +289,9 @@
+ 
+ 	t -= offset*60; /* FIXME: may overflow in extreme cases */
+ 
+-#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+-	{ struct tm data; gmtime_r(&t, &data); tm = &data; }
++#if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
++	gmtime_r(&t, &data);
++	tm = &data;
+ #else
+ 	tm = gmtime(&t);
+ #endif
+Index: crypto/openssl/crypto/asn1/asn1.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/asn1.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 asn1.h
+--- crypto/openssl/crypto/asn1/asn1.h	26 Nov 2000 11:32:59 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/asn1.h	31 Jul 2002 00:46:52 -0000
+@@ -834,8 +834,6 @@
+ 
+ int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+ 
+-void ERR_load_ASN1_strings(void);
+-
+ /* Not used that much at this point, except for the first two */
+ ASN1_METHOD *X509_asn1_meth(void);
+ ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
+@@ -877,6 +875,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_ASN1_strings(void);
+ 
+ /* Error codes for the ASN1 functions. */
+ 
+@@ -1148,4 +1147,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/asn1/asn1_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/asn1_lib.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 asn1_lib.c
+--- crypto/openssl/crypto/asn1/asn1_lib.c	4 Jul 2001 23:19:12 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/asn1/asn1_lib.c	31 Jul 2002 00:46:52 -0000
+@@ -124,15 +124,13 @@
+ 		(int)(omax+ *pp));
+ 
+ #endif
+-#if 0
+-	if ((p+ *plength) > (omax+ *pp))
++	if (*plength > (omax - (p - *pp)))
+ 		{
+ 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+ 		/* Set this so that even if things are not long enough
+ 		 * the values are set correctly */
+ 		ret|=0x80;
+ 		}
+-#endif
+ 	*pp=p;
+ 	return(ret|inf);
+ err:
+@@ -159,6 +157,8 @@
+ 		i= *p&0x7f;
+ 		if (*(p++) & 0x80)
+ 			{
++			if (i > sizeof(long))
++				return 0;
+ 			if (max-- == 0) return(0);
+ 			while (i-- > 0)
+ 				{
+@@ -170,6 +170,8 @@
+ 		else
+ 			ret=i;
+ 		}
++	if (ret < 0)
++		return 0;
+ 	*pp=p;
+ 	*rl=ret;
+ 	return(1);
+@@ -407,7 +409,7 @@
+ 
+ void asn1_add_error(unsigned char *address, int offset)
+ 	{
+-	char buf1[16],buf2[16];
++	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
+ 
+ 	sprintf(buf1,"%lu",(unsigned long)address);
+ 	sprintf(buf2,"%d",offset);
+Index: crypto/openssl/crypto/asn1/d2i_dhp.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/d2i_dhp.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 d2i_dhp.c
+--- crypto/openssl/crypto/asn1/d2i_dhp.c	20 Aug 2000 08:46:05 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/asn1/d2i_dhp.c	31 Jul 2002 00:46:52 -0000
+@@ -87,6 +87,7 @@
+ 		}
+ 
+ 	M_ASN1_BIT_STRING_free(bs);
++	bs = NULL;
+ 
+ 	M_ASN1_D2I_Finish_2(a);
+ 
+Index: crypto/openssl/crypto/asn1/d2i_dsap.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/d2i_dsap.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 d2i_dsap.c
+--- crypto/openssl/crypto/asn1/d2i_dsap.c	26 Nov 2000 11:33:00 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/d2i_dsap.c	31 Jul 2002 00:46:52 -0000
+@@ -84,6 +84,7 @@
+ 	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
+ 
+ 	M_ASN1_BIT_STRING_free(bs);
++	bs = NULL;
+ 
+ 	M_ASN1_D2I_Finish_2(a);
+ 
+Index: crypto/openssl/crypto/asn1/d2i_r_pr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/d2i_r_pr.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 d2i_r_pr.c
+--- crypto/openssl/crypto/asn1/d2i_r_pr.c	20 Aug 2000 08:46:05 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/asn1/d2i_r_pr.c	31 Jul 2002 00:46:52 -0000
+@@ -108,6 +108,7 @@
+ 		goto err_bn;
+ 
+ 	M_ASN1_INTEGER_free(bs);
++	bs = NULL;
+ 
+ 	M_ASN1_D2I_Finish_2(a);
+ err_bn:
+Index: crypto/openssl/crypto/asn1/pkcs8.c
+===================================================================
+RCS file: crypto/openssl/crypto/asn1/pkcs8.c
+diff -N crypto/openssl/crypto/asn1/pkcs8.c
+--- crypto/openssl/crypto/asn1/pkcs8.c	10 Jan 2000 06:21:26 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,131 +0,0 @@
+-/* crypto/asn1/pkcs8.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/asn1_mac.h>
+-#include <openssl/objects.h>
+-
+-int i2d_X509_KEY(X509 *a, unsigned char **pp)
+-	{
+-	M_ASN1_I2D_vars(a);
+-
+-	M_ASN1_I2D_len(a->cert_info,	i2d_X509_CINF);
+-	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
+-	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
+-
+-	M_ASN1_I2D_seq_total();
+-
+-	M_ASN1_I2D_put(a->cert_info,	i2d_X509_CINF);
+-	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
+-	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
+-
+-	M_ASN1_I2D_finish();
+-	}
+-
+-X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
+-	{
+-	M_ASN1_D2I_vars(a,X509 *,X509_new);
+-
+-	M_ASN1_D2I_Init();
+-	M_ASN1_D2I_start_sequence();
+-	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+-	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+-	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+-	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+-	}
+-
+-X509 *X509_KEY_new(void)
+-	{
+-	X509_KEY *ret=NULL;
+-
+-	M_ASN1_New_Malloc(ret,X509_KEY);
+-	ret->references=1;
+-	ret->type=NID
+-	M_ASN1_New(ret->cert_info,X509_CINF_new);
+-	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+-	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+-	return(ret);
+-	M_ASN1_New_Error(ASN1_F_X509_NEW);
+-	}
+-
+-void X509_KEY_free(X509 *a)
+-	{
+-	int i;
+-
+-	if (a == NULL) return;
+-
+-	i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
+-#ifdef REF_PRINT
+-	REF_PRINT("X509_KEY",a);
+-#endif
+-	if (i > 0) return;
+-#ifdef REF_CHECK
+-	if (i < 0)
+-		{
+-		fprintf(stderr,"X509_KEY_free, bad reference count\n");
+-		abort();
+-		}
+-#endif
+-
+-	X509_CINF_free(a->cert_info);
+-	X509_ALGOR_free(a->sig_alg);
+-	ASN1_BIT_STRING_free(a->signature);
+-	Free((char *)a);
+-	}
+-
+Index: crypto/openssl/crypto/asn1/t_pkey.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/t_pkey.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 t_pkey.c
+--- crypto/openssl/crypto/asn1/t_pkey.c	26 Nov 2000 11:33:01 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/t_pkey.c	31 Jul 2002 00:46:52 -0000
+@@ -96,10 +96,34 @@
+ 	char str[128];
+ 	const char *s;
+ 	unsigned char *m=NULL;
+-	int i,ret=0;
++	int ret=0;
++	size_t buf_len=0, i;
+ 
+-	i=RSA_size(x);
+-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
++	if (x->n)
++		buf_len = (size_t)BN_num_bytes(x->n);
++	if (x->e)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
++			buf_len = i;
++	if (x->d)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
++			buf_len = i;
++	if (x->p)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
++			buf_len = i;
++	if (x->q)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
++			buf_len = i;
++	if (x->dmp1)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
++			buf_len = i;
++	if (x->dmq1)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
++			buf_len = i;
++	if (x->iqmp)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
++			buf_len = i;
++
++	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+ 	if (m == NULL)
+ 		{
+ 		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+@@ -161,22 +185,25 @@
+ 	{
+ 	char str[128];
+ 	unsigned char *m=NULL;
+-	int i,ret=0;
+-	BIGNUM *bn=NULL;
++	int ret=0;
++	size_t buf_len=0,i;
+ 
+-	if (x->p != NULL)
+-		bn=x->p;
+-	else if (x->priv_key != NULL)
+-		bn=x->priv_key;
+-	else if (x->pub_key != NULL)
+-		bn=x->pub_key;
+-		
+-	/* larger than needed but what the hell :-) */
+-	if (bn != NULL)
+-		i=BN_num_bytes(bn)*2;
+-	else
+-		i=256;
+-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
++	if (x->p)
++		buf_len = (size_t)BN_num_bytes(x->p);
++	if (x->q)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
++			buf_len = i;
++	if (x->g)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
++			buf_len = i;
++	if (x->priv_key)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
++			buf_len = i;
++	if (x->pub_key)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
++			buf_len = i;
++
++	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+ 	if (m == NULL)
+ 		{
+ 		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+@@ -281,10 +308,15 @@
+ int DHparams_print(BIO *bp, DH *x)
+ 	{
+ 	unsigned char *m=NULL;
+-	int reason=ERR_R_BUF_LIB,i,ret=0;
++	int reason=ERR_R_BUF_LIB,ret=0;
++	size_t buf_len=0, i;
+ 
+-	i=BN_num_bytes(x->p);
+-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
++	if (x->p)
++		buf_len = (size_t)BN_num_bytes(x->p);
++	if (x->g)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
++			buf_len = i;
++	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+ 	if (m == NULL)
+ 		{
+ 		reason=ERR_R_MALLOC_FAILURE;
+@@ -334,10 +366,18 @@
+ int DSAparams_print(BIO *bp, DSA *x)
+ 	{
+ 	unsigned char *m=NULL;
+-	int reason=ERR_R_BUF_LIB,i,ret=0;
++	int reason=ERR_R_BUF_LIB,ret=0;
++	size_t buf_len=0, i;
+ 
+-	i=BN_num_bytes(x->p);
+-	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
++	if (x->p)
++		buf_len = (size_t)BN_num_bytes(x->p);
++	if (x->q)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
++			buf_len = i;
++	if (x->g)
++		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
++			buf_len = i;
++	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+ 	if (m == NULL)
+ 		{
+ 		reason=ERR_R_MALLOC_FAILURE;
+Index: crypto/openssl/crypto/asn1/t_x509.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/t_x509.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 t_x509.c
+--- crypto/openssl/crypto/asn1/t_x509.c	26 Nov 2000 11:33:01 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/t_x509.c	31 Jul 2002 00:46:52 -0000
+@@ -349,6 +349,8 @@
+ 	ll=80-2-obase;
+ 
+ 	s=X509_NAME_oneline(name,buf,256);
++	if (!*s)
++		return 1;
+ 	s++; /* skip the first slash */
+ 
+ 	l=ll;
+Index: crypto/openssl/crypto/asn1/x_pubkey.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/x_pubkey.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 x_pubkey.c
+--- crypto/openssl/crypto/asn1/x_pubkey.c	26 Nov 2000 11:33:02 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/asn1/x_pubkey.c	31 Jul 2002 00:46:52 -0000
+@@ -156,7 +156,7 @@
+ 		dsa->write_params=0;
+ 		ASN1_TYPE_free(a->parameter);
+ 		i=i2d_DSAparams(dsa,NULL);
+-		p=(unsigned char *)OPENSSL_malloc(i);
++		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
+ 		pp=p;
+ 		i2d_DSAparams(dsa,&pp);
+ 		a->parameter=ASN1_TYPE_new();
+@@ -234,7 +234,7 @@
+ 	a=key->algor;
+ 	if (ret->type == EVP_PKEY_DSA)
+ 		{
+-		if (a->parameter->type == V_ASN1_SEQUENCE)
++		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+ 			{
+ 			ret->pkey.dsa->write_params=0;
+ 			p=a->parameter->value.sequence->data;
+cvs diff: Diffing crypto/openssl/crypto/bf
+Index: crypto/openssl/crypto/bf/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/bf/Makefile.save
+diff -N crypto/openssl/crypto/bf/Makefile.save
+--- crypto/openssl/crypto/bf/Makefile.save	26 Nov 2000 11:33:09 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,118 +0,0 @@
+-#
+-# SSLeay/crypto/blowfish/Makefile
+-#
+-
+-DIR=	bf
+-TOP=	../..
+-CC=	cc
+-CPP=	$(CC) -E
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-BF_ENC=		bf_enc.o
+-# or use
+-#DES_ENC=	bx86-elf.o
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=bftest.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+-LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= blowfish.h
+-HEADER=	bf_pi.h bf_locl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-# elf
+-asm/bx86-elf.o: asm/bx86unix.cpp
+-	$(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o
+-
+-# solaris
+-asm/bx86-sol.o: asm/bx86unix.cpp
+-	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+-	as -o asm/bx86-sol.o asm/bx86-sol.s
+-	rm -f asm/bx86-sol.s
+-
+-# a.out
+-asm/bx86-out.o: asm/bx86unix.cpp
+-	$(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o
+-
+-# bsdi
+-asm/bx86bsdi.o: asm/bx86unix.cpp
+-	$(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o
+-
+-asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+-	(cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp)
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install: installs
+-
+-installs:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-bf_cfb64.o: ../../include/openssl/blowfish.h
+-bf_cfb64.o: ../../include/openssl/opensslconf.h bf_locl.h
+-bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+-bf_ecb.o: ../../include/openssl/opensslv.h bf_locl.h
+-bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+-bf_enc.o: bf_locl.h
+-bf_ofb64.o: ../../include/openssl/blowfish.h
+-bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h
+-bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+-bf_skey.o: bf_locl.h bf_pi.h
+Index: crypto/openssl/crypto/bf/Makefile.uni
+===================================================================
+RCS file: crypto/openssl/crypto/bf/Makefile.uni
+diff -N crypto/openssl/crypto/bf/Makefile.uni
+--- crypto/openssl/crypto/bf/Makefile.uni	10 Jan 2000 06:21:27 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,157 +0,0 @@
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-# make x86-elf  - linux-elf etc
+-# make x86-out  - linux-a.out, FreeBSD etc
+-# make x86-solaris
+-# make x86-bdsi
+-
+-DIR=	bf
+-TOP=	.
+-# use BF_PTR2 for intel boxes,
+-# BF_PTR for sparc and MIPS/SGI
+-# use nothing for Alpha and HP.
+-
+-# There are 3 possible performance options, experiment :-)
+-#OPTS= -DBF_PTR  # usr for sparc and MIPS/SGI
+-#OPTS= -DBF_PTR2 # use for pentium
+-OPTS=		 # use for pentium pro, Alpha and HP
+-
+-MAKE=make -f Makefile
+-#CC=cc
+-#CFLAG= -O
+-
+-CC=gcc
+-#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+-CFLAG= -O3 -fomit-frame-pointer
+-
+-CFLAGS=$(OPTS) $(CFLAG)
+-CPP=$(CC) -E
+-AS=as
+-RANLIB=ranlib
+-
+-# Assember version of bf_encrypt().
+-BF_ENC=bf_enc.o		# normal C version
+-#BF_ENC=asm/bx86-elf.o	# elf format x86
+-#BF_ENC=asm/bx86-out.o	# a.out format x86
+-#BF_ENC=asm/bx86-sol.o	# solaris format x86 
+-#BF_ENC=asm/bx86bsdi.o	# bsdi format x86 
+-
+-LIBDIR=/usr/local/lib
+-BINDIR=/usr/local/bin
+-INCDIR=/usr/local/include
+-MANDIR=/usr/local/man
+-MAN1=1
+-MAN3=3
+-SHELL=/bin/sh
+-LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+-LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
+-
+-GENERAL=Makefile Makefile.ssl Makefile.uni asm bf_locl.org README \
+-	COPYRIGHT blowfish.doc INSTALL
+-
+-TESTING=    bftest bfspeed bf_opts
+-TESTING_SRC=bftest.c bfspeed.c bf_opts.c
+-HEADERS=bf_locl.h blowfish.h bf_pi.h
+-
+-ALL=	$(GENERAL) $(TESTING_SRC) $(LIBSRC) $(HEADERS)
+-
+-BLIB=	libblowfish.a
+-
+-all: $(BLIB) $(TESTING)
+-
+-cc:
+-	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+-
+-gcc:
+-	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+-
+-x86-elf:
+-	$(MAKE) BF_ENC='asm/bx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+-
+-x86-out:
+-	$(MAKE) BF_ENC='asm/bx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+-
+-x86-solaris:
+-	$(MAKE) BF_ENC='asm/bx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+-
+-x86-bsdi:
+-	$(MAKE) BF_ENC='asm/bx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+-
+-# elf
+-asm/bx86-elf.o: asm/bx86unix.cpp
+-	$(CPP) -DELF asm/bx86unix.cpp | $(AS) -o asm/bx86-elf.o
+-
+-# solaris
+-asm/bx86-sol.o: asm/bx86unix.cpp
+-	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+-	as -o asm/bx86-sol.o asm/bx86-sol.s
+-	rm -f asm/bx86-sol.s
+-
+-# a.out
+-asm/bx86-out.o: asm/bx86unix.cpp
+-	$(CPP) -DOUT asm/bx86unix.cpp | $(AS) -o asm/bx86-out.o
+-
+-# bsdi
+-asm/bx86bsdi.o: asm/bx86unix.cpp
+-	$(CPP) -DBSDI asm/bx86unix.cpp | $(AS) -o asm/bx86bsdi.o
+-
+-asm/bx86unix.cpp:
+-	(cd asm; perl bf-586.pl cpp >bx86unix.cpp)
+-	
+-test:	all
+-	./bftest
+-
+-$(BLIB): $(LIBOBJ)
+-	/bin/rm -f $(BLIB)
+-	ar cr $(BLIB) $(LIBOBJ)
+-	$(RANLIB) $(BLIB)
+-
+-bftest: bftest.o $(BLIB)
+-	$(CC) $(CFLAGS) -o bftest bftest.o $(BLIB)
+-
+-bfspeed: bfspeed.o $(BLIB)
+-	$(CC) $(CFLAGS) -o bfspeed bfspeed.o $(BLIB)
+-
+-bf_opts: bf_opts.o $(BLIB)
+-	$(CC) $(CFLAGS) -o bf_opts bf_opts.o $(BLIB)
+-
+-tags:
+-	ctags $(TESTING_SRC) $(LIBBF)
+-
+-tar:
+-	tar chf libbf.tar $(ALL)
+-
+-shar:
+-	shar $(ALL) >libbf.shar
+-
+-depend:
+-	makedepend $(LIBBF) $(TESTING_SRC)
+-
+-clean:
+-	/bin/rm -f *.o tags core $(TESTING) $(BLIB) .nfs* *.old *.bak asm/*.o 
+-
+-dclean:
+-	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+-	mv -f Makefile.new Makefile
+-
+-# Eric is probably going to choke when he next looks at this --tjh
+-install: $(BLIB)
+-	if test $(INSTALLTOP); then \
+-	    echo SSL style install; \
+-	    cp $(BLIB) $(INSTALLTOP)/lib; \
+-		$(RANLIB) $(BLIB); \
+-	    chmod 644 $(INSTALLTOP)/lib/$(BLIB); \
+-	    cp blowfish.h $(INSTALLTOP)/include; \
+-	    chmod 644 $(INSTALLTOP)/include/blowfish.h; \
+-	else \
+-	    echo Standalone install; \
+-	    cp $(BLIB) $(LIBDIR)/$(BLIB); \
+-		$(RANLIB) $(BLIB); \
+-	    chmod 644 $(LIBDIR)/$(BLIB); \
+-	    cp blowfish.h $(INCDIR)/blowfish.h; \
+-	    chmod 644 $(INCDIR)/blowfish.h; \
+-	fi
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+cvs diff: Diffing crypto/openssl/crypto/bf/asm
+cvs diff: Diffing crypto/openssl/crypto/bio
+Index: crypto/openssl/crypto/bio/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/bio/Makefile.save
+diff -N crypto/openssl/crypto/bio/Makefile.save
+--- crypto/openssl/crypto/bio/Makefile.save	26 Nov 2000 11:33:09 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,241 +0,0 @@
+-#
+-# SSLeay/crypto/bio/Makefile
+-#
+-
+-DIR=	bio
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC= bio_lib.c bio_cb.c bio_err.c \
+-	bss_mem.c bss_null.c bss_fd.c \
+-	bss_file.c bss_sock.c bss_conn.c \
+-	bf_null.c bf_buff.c b_print.c b_dump.c \
+-	b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+-LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
+-	bss_mem.o bss_null.o bss_fd.o \
+-	bss_file.o bss_sock.o bss_conn.o \
+-	bf_null.o bf_buff.o b_print.o b_dump.o \
+-	b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= bio.h
+-HEADER=	bss_file.c $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER); \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-b_dump.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-b_dump.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-b_dump.o: ../cryptlib.h
+-b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-b_print.o: ../cryptlib.h
+-b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-b_sock.o: ../cryptlib.h
+-bf_buff.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-bf_buff.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-bf_buff.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-bf_buff.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-bf_buff.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bf_buff.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-bf_buff.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-bf_buff.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-bf_buff.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-bf_buff.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-bf_buff.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bf_buff.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-bf_buff.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-bf_buff.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-bf_buff.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-bf_nbio.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-bf_nbio.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-bf_nbio.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-bf_nbio.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-bf_nbio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bf_nbio.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-bf_nbio.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-bf_nbio.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-bf_nbio.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-bf_nbio.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-bf_nbio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+-bf_nbio.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-bf_nbio.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-bf_nbio.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bf_nbio.o: ../cryptlib.h
+-bf_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-bf_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-bf_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-bf_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-bf_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bf_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-bf_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-bf_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-bf_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-bf_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-bf_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bf_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-bf_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-bf_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-bf_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-bio_cb.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-bio_cb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bio_cb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bio_cb.o: ../cryptlib.h
+-bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+-bio_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bio_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bio_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-bio_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bio_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bio_lib.o: ../cryptlib.h
+-bss_acpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-bss_acpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bss_acpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bss_acpt.o: ../cryptlib.h
+-bss_bio.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+-bss_bio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bss_bio.o: ../../include/openssl/symhacks.h
+-bss_conn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-bss_conn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bss_conn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bss_conn.o: ../cryptlib.h
+-bss_fd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-bss_fd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bss_fd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bss_fd.o: ../cryptlib.h bss_sock.c
+-bss_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-bss_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bss_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bss_file.o: ../cryptlib.h
+-bss_log.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-bss_log.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bss_log.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bss_log.o: ../cryptlib.h
+-bss_mem.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-bss_mem.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bss_mem.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bss_mem.o: ../cryptlib.h
+-bss_null.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-bss_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bss_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bss_null.o: ../cryptlib.h
+-bss_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-bss_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bss_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bss_sock.o: ../cryptlib.h
+Index: crypto/openssl/crypto/bio/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bio/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/crypto/bio/Makefile.ssl	4 Jul 2001 23:19:13 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/bio/Makefile.ssl	31 Jul 2002 00:46:52 -0000
+@@ -96,13 +96,13 @@
+ b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+ b_dump.o: ../cryptlib.h
+-b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-b_print.o: ../cryptlib.h
++b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
++b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
++b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
++b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
++b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
++b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h
+ b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+ b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+Index: crypto/openssl/crypto/bio/b_print.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bio/b_print.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 b_print.c
+--- crypto/openssl/crypto/bio/b_print.c	26 Nov 2000 11:33:10 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/bio/b_print.c	31 Jul 2002 00:46:52 -0000
+@@ -56,6 +56,13 @@
+  * [including the GNU Public Licence.]
+  */
+ 
++/* disable assert() unless BIO_DEBUG has been defined */
++#ifndef BIO_DEBUG
++# ifndef NDEBUG
++#  define NDEBUG
++# endif
++#endif
++
+ /* 
+  * Stolen from tjh's ssl/ssl_trc.c stuff.
+  */
+@@ -69,6 +76,7 @@
+ #ifndef NO_SYS_TYPES_H
+ #include <sys/types.h>
+ #endif
++#include <openssl/bn.h>         /* To get BN_LLONG properly defined */
+ #include <openssl/bio.h>
+ 
+ #ifdef BN_LLONG
+@@ -108,7 +116,11 @@
+ #endif
+ 
+ #if HAVE_LONG_LONG
+-#define LLONG long long
++# if defined(WIN32) && !defined(__GNUC__)
++# define LLONG _int64
++# else
++# define LLONG long long
++# endif
+ #else
+ #define LLONG long
+ #endif
+@@ -151,7 +163,7 @@
+ 
+ /* some handy macros */
+ #define char_to_int(p) (p - '0')
+-#define MAX(p,q) ((p >= q) ? p : q)
++#define OSSL_MAX(p,q) ((p >= q) ? p : q)
+ 
+ static void
+ _dopr(
+@@ -502,13 +514,13 @@
+     convert[place] = 0;
+ 
+     zpadlen = max - place;
+-    spadlen = min - MAX(max, place) - (signvalue ? 1 : 0);
++    spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
+     if (zpadlen < 0)
+         zpadlen = 0;
+     if (spadlen < 0)
+         spadlen = 0;
+     if (flags & DP_F_ZERO) {
+-        zpadlen = MAX(zpadlen, spadlen);
++        zpadlen = OSSL_MAX(zpadlen, spadlen);
+         spadlen = 0;
+     }
+     if (flags & DP_F_MINUS)
+@@ -564,7 +576,7 @@
+ }
+ 
+ static long
+-round(LDOUBLE value)
++roundv(LDOUBLE value)
+ {
+     long intpart;
+     intpart = (long) value;
+@@ -616,7 +628,7 @@
+ 
+     /* we "cheat" by converting the fractional part to integer by
+        multiplying by a factor of 10 */
+-    fracpart = round((pow10(max)) * (ufvalue - intpart));
++    fracpart = roundv((pow10(max)) * (ufvalue - intpart));
+ 
+     if (fracpart >= pow10(max)) {
+         intpart++;
+@@ -640,7 +652,7 @@
+             (caps ? "0123456789ABCDEF"
+               : "0123456789abcdef")[fracpart % 10];
+         fracpart = (fracpart / 10);
+-    } while (fracpart && (fplace < 20));
++    } while (fplace < max);
+     if (fplace == 20)
+         fplace--;
+     fconvert[fplace] = 0;
+@@ -711,12 +723,13 @@
+     if (buffer) {
+ 	while (*currlen >= *maxlen) {
+ 	    if (*buffer == NULL) {
+-		assert(*sbuffer != NULL);
+ 		if (*maxlen == 0)
+ 		    *maxlen = 1024;
+ 		*buffer = OPENSSL_malloc(*maxlen);
+-		if (*currlen > 0)
++		if (*currlen > 0) {
++		    assert(*sbuffer != NULL);
+ 		    memcpy(*buffer, *sbuffer, *currlen);
++		}
+ 		*sbuffer = NULL;
+ 	    } else {
+ 		*maxlen += 1024;
+@@ -756,7 +769,9 @@
+ 	{
+ 	int ret;
+ 	size_t retlen;
+-	MS_STATIC char hugebuf[1024*10];
++	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable
++				   in small-stack environments, like threads
++				   or DOS programs. */
+ 	char *hugebufp = hugebuf;
+ 	size_t hugebufsize = sizeof(hugebuf);
+ 	char *dynbuf = NULL;
+Index: crypto/openssl/crypto/bio/b_sock.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bio/b_sock.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 b_sock.c
+--- crypto/openssl/crypto/bio/b_sock.c	4 Jul 2001 23:19:13 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/bio/b_sock.c	31 Jul 2002 00:46:52 -0000
+@@ -72,9 +72,9 @@
+ #endif
+ 
+ #ifdef SO_MAXCONN
+-#define MAX_LISTEN  SOMAXCONN
+-#elif defined(SO_MAXCONN)
+ #define MAX_LISTEN  SO_MAXCONN
++#elif defined(SOMAXCONN)
++#define MAX_LISTEN  SOMAXCONN
+ #else
+ #define MAX_LISTEN  32
+ #endif
+@@ -95,8 +95,10 @@
+ 	} ghbn_cache[GHBN_NUM];
+ 
+ static int get_ip(const char *str,unsigned char *ip);
++#if 0
+ static void ghbn_free(struct hostent *a);
+ static struct hostent *ghbn_dup(struct hostent *a);
++#endif
+ int BIO_get_host_ip(const char *str, unsigned char *ip)
+ 	{
+ 	int i;
+@@ -266,6 +268,7 @@
+ 	return(1);
+ 	}
+ 
++#if 0
+ static struct hostent *ghbn_dup(struct hostent *a)
+ 	{
+ 	struct hostent *ret;
+@@ -342,21 +345,27 @@
+ 	if (a->h_name != NULL) OPENSSL_free(a->h_name);
+ 	OPENSSL_free(a);
+ 	}
++#endif
+ 
+ struct hostent *BIO_gethostbyname(const char *name)
+ 	{
++#if 1
++	/* Caching gethostbyname() results forever is wrong,
++	 * so we have to let the true gethostbyname() worry about this */
++	return gethostbyname(name);
++#else
+ 	struct hostent *ret;
+ 	int i,lowi=0,j;
+ 	unsigned long low= (unsigned long)-1;
+ 
+-/*	return(gethostbyname(name)); */
+ 
+-#if 0 /* It doesn't make sense to use locking here: The function interface
+-	   * is not thread-safe, because threads can never be sure when
+-	   * some other thread destroys the data they were given a pointer to.
+-	   */
++#  if 0
++	/* It doesn't make sense to use locking here: The function interface
++	 * is not thread-safe, because threads can never be sure when
++	 * some other thread destroys the data they were given a pointer to.
++	 */
+ 	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+-#endif
++#  endif
+ 	j=strlen(name);
+ 	if (j < 128)
+ 		{
+@@ -384,20 +393,21 @@
+ 		 * parameter is 'char *', instead of 'const char *'
+ 		 */
+ 		ret=gethostbyname(
+-#ifndef CONST_STRICT
++#  ifndef CONST_STRICT
+ 		    (char *)
+-#endif
++#  endif
+ 		    name);
+ 
+ 		if (ret == NULL)
+ 			goto end;
+ 		if (j > 128) /* too big to cache */
+ 			{
+-#if 0 /* If we were trying to make this function thread-safe (which
+-	   * is bound to fail), we'd have to give up in this case
+-	   * (or allocate more memory). */
++#  if 0
++			/* If we were trying to make this function thread-safe (which
++			 * is bound to fail), we'd have to give up in this case
++			 * (or allocate more memory). */
+ 			ret = NULL;
+-#endif
++#  endif
+ 			goto end;
+ 			}
+ 
+@@ -421,11 +431,13 @@
+ 		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
+ 		}
+ end:
+-#if 0
++#  if 0
+ 	CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+-#endif
++#  endif
+ 	return(ret);
++#endif
+ 	}
++
+ 
+ int BIO_sock_init(void)
+ 	{
+Index: crypto/openssl/crypto/bio/bf_buff.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bio/bf_buff.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bf_buff.c
+--- crypto/openssl/crypto/bio/bf_buff.c	26 Nov 2000 11:33:10 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/bio/bf_buff.c	31 Jul 2002 00:46:52 -0000
+@@ -70,7 +70,7 @@
+ static int buffer_new(BIO *h);
+ static int buffer_free(BIO *data);
+ static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+-#define DEFAULT_BUFFER_SIZE	1024
++#define DEFAULT_BUFFER_SIZE	4096
+ 
+ static BIO_METHOD methods_buffer=
+ 	{
+Index: crypto/openssl/crypto/bio/bf_lbuf.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bio/bf_lbuf.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 bf_lbuf.c
+--- crypto/openssl/crypto/bio/bf_lbuf.c	26 Nov 2000 11:38:42 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/bio/bf_lbuf.c	31 Jul 2002 00:46:52 -0000
+@@ -200,7 +200,7 @@
+ 					}
+ 				}
+ 
+-#ifdef DEBUG
++#if 0
+ BIO_write(b->next_bio, "<*<", 3);
+ #endif
+ 			i=BIO_write(b->next_bio,
+@@ -210,13 +210,13 @@
+ 				ctx->obuf_len = orig_olen;
+ 				BIO_copy_next_retry(b);
+ 
+-#ifdef DEBUG
++#if 0
+ BIO_write(b->next_bio, ">*>", 3);
+ #endif
+ 				if (i < 0) return((num > 0)?num:i);
+ 				if (i == 0) return(num);
+ 				}
+-#ifdef DEBUG
++#if 0
+ BIO_write(b->next_bio, ">*>", 3);
+ #endif
+ 			if (i < ctx->obuf_len)
+@@ -229,20 +229,20 @@
+ 		   buffer if a NL was found and there is anything to write. */
+ 		if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
+ 			{
+-#ifdef DEBUG
++#if 0
+ BIO_write(b->next_bio, "<*<", 3);
+ #endif
+ 			i=BIO_write(b->next_bio,in,p - in);
+ 			if (i <= 0)
+ 				{
+ 				BIO_copy_next_retry(b);
+-#ifdef DEBUG
++#if 0
+ BIO_write(b->next_bio, ">*>", 3);
+ #endif
+ 				if (i < 0) return((num > 0)?num:i);
+ 				if (i == 0) return(num);
+ 				}
+-#ifdef DEBUG
++#if 0
+ BIO_write(b->next_bio, ">*>", 3);
+ #endif
+ 			num+=i;
+Index: crypto/openssl/crypto/bio/bf_nbio.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bio/bf_nbio.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bf_nbio.c
+--- crypto/openssl/crypto/bio/bf_nbio.c	26 Nov 2000 11:33:10 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/bio/bf_nbio.c	31 Jul 2002 00:46:52 -0000
+@@ -104,7 +104,7 @@
+ 	{
+ 	NBIO_TEST *nt;
+ 
+-	nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
++	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
+ 	nt->lrn= -1;
+ 	nt->lwn= -1;
+ 	bi->ptr=(char *)nt;
+Index: crypto/openssl/crypto/bio/bio.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bio/bio.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bio.h
+--- crypto/openssl/crypto/bio/bio.h	26 Nov 2000 11:33:10 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/bio/bio.h	31 Jul 2002 00:46:52 -0000
+@@ -356,8 +356,8 @@
+ #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+ #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+ #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+-#define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
+-#define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
++#define BIO_get_conn_ip(b) 		 BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
++#define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
+ 
+ 
+ #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+@@ -431,7 +431,7 @@
+ #define BIO_set_ssl_renegotiate_bytes(b,num) \
+ 	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+ #define BIO_get_num_renegotiates(b) \
+-	BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
++	BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
+ #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+ 	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+ 
+@@ -588,8 +588,6 @@
+ void BIO_sock_cleanup(void);
+ int BIO_set_tcp_ndelay(int sock,int turn_on);
+ 
+-void ERR_load_BIO_strings(void );
+-
+ BIO *BIO_new_socket(int sock, int close_flag);
+ BIO *BIO_new_fd(int fd, int close_flag);
+ BIO *BIO_new_connect(char *host_port);
+@@ -615,6 +613,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_BIO_strings(void);
+ 
+ /* Error codes for the BIO functions. */
+ 
+@@ -684,4 +683,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/bio/bss_bio.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bio/bss_bio.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bss_bio.c
+--- crypto/openssl/crypto/bio/bss_bio.c	26 Nov 2000 11:33:11 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/bio/bss_bio.c	31 Jul 2002 00:46:52 -0000
+@@ -7,9 +7,18 @@
+  * for which no specific BIO method is available.
+  * See ssl/ssltest.c for some hints on how this can be used. */
+ 
++/* BIO_DEBUG implies BIO_PAIR_DEBUG */
++#ifdef BIO_DEBUG
++# ifndef BIO_PAIR_DEBUG
++#  define BIO_PAIR_DEBUG
++# endif
++#endif
++
++/* disable assert() unless BIO_PAIR_DEBUG has been defined */
+ #ifndef BIO_PAIR_DEBUG
+-# undef NDEBUG /* avoid conflicting definitions */
+-# define NDEBUG
++# ifndef NDEBUG
++#  define NDEBUG
++# endif
+ #endif
+ 
+ #include <assert.h>
+@@ -23,7 +32,12 @@
+ #include <openssl/crypto.h>
+ 
+ #include "openssl/e_os.h"
+-#ifndef SSIZE_MAX
++
++/* VxWorks defines SSiZE_MAX with an empty value causing compile errors */
++#if defined(VXWORKS)
++# undef SSIZE_MAX
++# define SSIZE_MAX INT_MAX
++#elif !defined(SSIZE_MAX)
+ # define SSIZE_MAX INT_MAX
+ #endif
+ 
+@@ -474,7 +488,8 @@
+ 		break;
+ 
+ 	case BIO_C_GET_WRITE_BUF_SIZE:
+-		num = (long) b->size;
++		ret = (long) b->size;
++		break;
+ 
+ 	case BIO_C_MAKE_BIO_PAIR:
+ 		{
+Index: crypto/openssl/crypto/bio/bss_log.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bio/bss_log.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bss_log.c
+--- crypto/openssl/crypto/bio/bss_log.c	26 Nov 2000 11:33:12 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/bio/bss_log.c	31 Jul 2002 00:46:52 -0000
+@@ -75,7 +75,7 @@
+ #  include <starlet.h>
+ #elif defined(__ultrix)
+ #  include <sys/syslog.h>
+-#elif !defined(MSDOS) /* Unix */
++#elif !defined(MSDOS) && !defined(VXWORKS) /* Unix */
+ #  include <syslog.h>
+ #endif
+ 
+cvs diff: Diffing crypto/openssl/crypto/bn
+Index: crypto/openssl/crypto/bn/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/bn/Makefile.save
+diff -N crypto/openssl/crypto/bn/Makefile.save
+--- crypto/openssl/crypto/bn/Makefile.save	26 Nov 2000 11:33:17 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,312 +0,0 @@
+-#
+-# SSLeay/crypto/bn/Makefile
+-#
+-
+-DIR=	bn
+-TOP=	../..
+-CC=	cc
+-CPP=    $(CC) -E
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-BN_ASM=		bn_asm.o
+-# or use
+-#BN_ASM=	bn86-elf.o
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-# We let the C compiler driver to take care of .s files. This is done in
+-# order to be excused from maintaining a separate set of architecture
+-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+-# gcc, then the driver will automatically translate it to -xarch=v8plus
+-# and pass it down to assembler.
+-AS=$(CC) -c
+-ASFLAGS=$(CFLAGS)
+-
+-GENERAL=Makefile
+-TEST=bntest.c exptest.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
+-	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+-	bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c \
+-	bn_mpi.c bn_exp2.c
+-
+-LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o \
+-	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+-	bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) bn_recp.o bn_mont.o \
+-	bn_mpi.o bn_exp2.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= bn.h
+-HEADER=	bn_lcl.h bn_prime.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-bn_prime.h: bn_prime.pl
+-	$(PERL) bn_prime.pl >bn_prime.h
+-
+-divtest: divtest.c ../../libcrypto.a
+-	cc -I../../include divtest.c -o divtest ../../libcrypto.a
+-
+-bnbug: bnbug.c ../../libcrypto.a top
+-	cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-# elf
+-asm/bn86-elf.o: asm/bn86unix.cpp
+-	$(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o
+-
+-asm/co86-elf.o: asm/co86unix.cpp
+-	$(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o
+-
+-# solaris
+-asm/bn86-sol.o: asm/bn86unix.cpp
+-	$(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
+-	as -o asm/bn86-sol.o asm/bn86-sol.s
+-	rm -f asm/bn86-sol.s
+-
+-asm/co86-sol.o: asm/co86unix.cpp
+-	$(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s
+-	as -o asm/co86-sol.o asm/co86-sol.s
+-	rm -f asm/co86-sol.s
+-
+-# a.out
+-asm/bn86-out.o: asm/bn86unix.cpp
+-	$(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
+-
+-asm/co86-out.o: asm/co86unix.cpp
+-	$(CPP) -DOUT asm/co86unix.cpp | as -o asm/co86-out.o
+-
+-# bsdi
+-asm/bn86bsdi.o: asm/bn86unix.cpp
+-	$(CPP) -DBSDI asm/bn86unix.cpp | sed 's/ :/:/' | as -o asm/bn86bsdi.o
+-
+-asm/co86bsdi.o: asm/co86unix.cpp
+-	$(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o
+-
+-asm/bn86unix.cpp: asm/bn-586.pl ../perlasm/x86asm.pl
+-	(cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp )
+-
+-asm/co86unix.cpp: asm/co-586.pl ../perlasm/x86asm.pl
+-	(cd asm; $(PERL) co-586.pl cpp >co86unix.cpp )
+-
+-asm/sparcv8.o: asm/sparcv8.S
+-
+-asm/sparcv8plus.o: asm/sparcv8plus.S
+-
+-# Old GNU assembler doesn't understand V9 instructions, so we
+-# hire /usr/ccs/bin/as to do the job. Note that option is called
+-# *-gcc27, but even gcc 2>=8 users may experience similar problem
+-# if they didn't bother to upgrade GNU assembler. Such users should
+-# not choose this option, but be adviced to *remove* GNU assembler
+-# or upgrade it.
+-asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
+-	$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
+-		/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-exptest:
+-	rm -f exptest
+-	gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+-
+-div:
+-	rm -f a.out
+-	gcc -I.. -g div.c ../../libcrypto.a
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-bn_add.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_add.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_asm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_asm.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_asm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_asm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_blind.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_blind.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_blind.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_blind.o: ../../include/openssl/opensslconf.h
+-bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bn_blind.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bn_blind.o: ../cryptlib.h bn_lcl.h
+-bn_ctx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_ctx.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_ctx.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_ctx.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-bn_div.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_div.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_div.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_div.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+-bn_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-bn_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bn_exp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_exp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_exp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_exp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_exp2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_exp2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_exp2.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_exp2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_gcd.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_gcd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_gcd.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_gcd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_mont.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_mont.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_mont.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_mpi.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_mpi.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_mpi.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_mpi.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_mul.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_mul.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_mul.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_mul.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_prime.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_prime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_prime.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_prime.o: ../../include/openssl/opensslconf.h
+-bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-bn_prime.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_prime.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_prime.h
+-bn_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_print.o: ../../include/openssl/opensslconf.h
+-bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bn_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bn_print.o: ../cryptlib.h bn_lcl.h
+-bn_rand.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+-bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bn_rand.o: ../cryptlib.h bn_lcl.h
+-bn_recp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_recp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_recp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_recp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_shift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_shift.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_shift.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_shift.o: ../../include/openssl/opensslconf.h
+-bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-bn_shift.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bn_shift.o: ../cryptlib.h bn_lcl.h
+-bn_sqr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_sqr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_sqr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_sqr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+-bn_word.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-bn_word.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bn_word.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-bn_word.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+Index: crypto/openssl/crypto/bn/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bn/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/crypto/bn/Makefile.ssl	4 Jul 2001 23:19:14 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/bn/Makefile.ssl	31 Jul 2002 00:46:52 -0000
+@@ -124,6 +124,8 @@
+ 	$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
+ 		/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
+ 
++asm/ia64.o: asm/ia64.S
++
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+ 
+Index: crypto/openssl/crypto/bn/bn.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bn/bn.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 bn.h
+--- crypto/openssl/crypto/bn/bn.h	4 Jul 2001 23:19:14 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/bn/bn.h	31 Jul 2002 00:46:52 -0000
+@@ -90,7 +90,9 @@
+  * be on.  Again this in only really a problem on machines
+  * using "long long's", are 32bit, and are not using my assembler code. */
+ #if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux)
+-#define BN_DIV2W
++# ifndef BN_DIV2W
++#  define BN_DIV2W
++# endif
+ #endif
+ 
+ /* assuming long is 64bit - this is the DEC Alpha
+@@ -153,7 +155,7 @@
+ #define BN_BYTES	4
+ #define BN_BITS2	32
+ #define BN_BITS4	16
+-#ifdef WIN32
++#ifdef _MSC_VER
+ /* VC++ doesn't like the LL suffix */
+ #define BN_MASK		(0xffffffffffffffffL)
+ #else
+@@ -329,6 +331,7 @@
+ int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
+ int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+ int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);
++int	BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+ int	BN_num_bits(const BIGNUM *a);
+ int	BN_num_bits_word(BN_ULONG);
+ BIGNUM *BN_new(void);
+@@ -403,7 +406,6 @@
+ int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
+ 		void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
+ 		int do_trial_division);
+-void	ERR_load_BN_strings(void );
+ 
+ BN_MONT_CTX *BN_MONT_CTX_new(void );
+ void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+@@ -474,6 +476,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_BN_strings(void);
+ 
+ /* Error codes for the BN functions. */
+ 
+@@ -517,4 +520,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/bn/bn_comba.c
+===================================================================
+RCS file: crypto/openssl/crypto/bn/bn_comba.c
+diff -N crypto/openssl/crypto/bn/bn_comba.c
+--- crypto/openssl/crypto/bn/bn_comba.c	10 Jan 2000 06:21:28 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,345 +0,0 @@
+-/* crypto/bn/bn_comba.c */
+-#include <stdio.h>
+-#include "bn_lcl.h"
+-/* Auto generated from crypto/bn/comba.pl
+- */
+-
+-#undef bn_mul_comba8
+-#undef bn_mul_comba4
+-#undef bn_sqr_comba8
+-#undef bn_sqr_comba4
+-
+-#ifdef BN_LLONG
+-#define mul_add_c(a,b,c0,c1,c2) \
+-	t=(BN_ULLONG)a*b; \
+-	t1=(BN_ULONG)Lw(t); \
+-	t2=(BN_ULONG)Hw(t); \
+-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define mul_add_c2(a,b,c0,c1,c2) \
+-	t=(BN_ULLONG)a*b; \
+-	tt=(t+t)&BN_MASK; \
+-	if (tt < t) c2++; \
+-	t1=(BN_ULONG)Lw(tt); \
+-	t2=(BN_ULONG)Hw(tt); \
+-	c0=(c0+t1)&BN_MASK2;  \
+-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define sqr_add_c(a,i,c0,c1,c2) \
+-	t=(BN_ULLONG)a[i]*a[i]; \
+-	t1=(BN_ULONG)Lw(t); \
+-	t2=(BN_ULONG)Hw(t); \
+-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define sqr_add_c2(a,i,j,c0,c1,c2) \
+-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+-#else
+-#define mul_add_c(a,b,c0,c1,c2) \
+-	t1=LBITS(a); t2=HBITS(a); \
+-	bl=LBITS(b); bh=HBITS(b); \
+-	mul64(t1,t2,bl,bh); \
+-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define mul_add_c2(a,b,c0,c1,c2) \
+-	t1=LBITS(a); t2=HBITS(a); \
+-	bl=LBITS(b); bh=HBITS(b); \
+-	mul64(t1,t2,bl,bh); \
+-	if (t2 & BN_TBIT) c2++; \
+-	t2=(t2+t2)&BN_MASK2; \
+-	if (t1 & BN_TBIT) t2++; \
+-	t1=(t1+t1)&BN_MASK2; \
+-	c0=(c0+t1)&BN_MASK2;  \
+-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define sqr_add_c(a,i,c0,c1,c2) \
+-	sqr64(t1,t2,(a)[i]); \
+-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define sqr_add_c2(a,i,j,c0,c1,c2) \
+-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+-#endif
+-
+-void bn_mul_comba88(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+-void bn_mul_comba44(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+-void bn_sqr_comba88(BN_ULONG *r,BN_ULONG *a);
+-void bn_sqr_comba44(BN_ULONG *r,BN_ULONG *a);
+-
+-void bn_mul_comba88(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+-	{
+-#ifdef BN_LLONG
+-	BN_ULLONG t;
+-#else
+-	BN_ULONG bl,bh;
+-#endif
+-	BN_ULONG t1,t2;
+-	BN_ULONG c1,c2,c3;
+-
+-	c1=0;
+-	c2=0;
+-	c3=0;
+-	mul_add_c(a[0],b[0],c1,c2,c3);
+-	r[0]=c1;
+-	c1=0;
+-	mul_add_c(a[0],b[1],c2,c3,c1);
+-	mul_add_c(a[1],b[0],c2,c3,c1);
+-	r[1]=c2;
+-	c2=0;
+-	mul_add_c(a[2],b[0],c3,c1,c2);
+-	mul_add_c(a[1],b[1],c3,c1,c2);
+-	mul_add_c(a[0],b[2],c3,c1,c2);
+-	r[2]=c3;
+-	c3=0;
+-	mul_add_c(a[0],b[3],c1,c2,c3);
+-	mul_add_c(a[1],b[2],c1,c2,c3);
+-	mul_add_c(a[2],b[1],c1,c2,c3);
+-	mul_add_c(a[3],b[0],c1,c2,c3);
+-	r[3]=c1;
+-	c1=0;
+-	mul_add_c(a[4],b[0],c2,c3,c1);
+-	mul_add_c(a[3],b[1],c2,c3,c1);
+-	mul_add_c(a[2],b[2],c2,c3,c1);
+-	mul_add_c(a[1],b[3],c2,c3,c1);
+-	mul_add_c(a[0],b[4],c2,c3,c1);
+-	r[4]=c2;
+-	c2=0;
+-	mul_add_c(a[0],b[5],c3,c1,c2);
+-	mul_add_c(a[1],b[4],c3,c1,c2);
+-	mul_add_c(a[2],b[3],c3,c1,c2);
+-	mul_add_c(a[3],b[2],c3,c1,c2);
+-	mul_add_c(a[4],b[1],c3,c1,c2);
+-	mul_add_c(a[5],b[0],c3,c1,c2);
+-	r[5]=c3;
+-	c3=0;
+-	mul_add_c(a[6],b[0],c1,c2,c3);
+-	mul_add_c(a[5],b[1],c1,c2,c3);
+-	mul_add_c(a[4],b[2],c1,c2,c3);
+-	mul_add_c(a[3],b[3],c1,c2,c3);
+-	mul_add_c(a[2],b[4],c1,c2,c3);
+-	mul_add_c(a[1],b[5],c1,c2,c3);
+-	mul_add_c(a[0],b[6],c1,c2,c3);
+-	r[6]=c1;
+-	c1=0;
+-	mul_add_c(a[0],b[7],c2,c3,c1);
+-	mul_add_c(a[1],b[6],c2,c3,c1);
+-	mul_add_c(a[2],b[5],c2,c3,c1);
+-	mul_add_c(a[3],b[4],c2,c3,c1);
+-	mul_add_c(a[4],b[3],c2,c3,c1);
+-	mul_add_c(a[5],b[2],c2,c3,c1);
+-	mul_add_c(a[6],b[1],c2,c3,c1);
+-	mul_add_c(a[7],b[0],c2,c3,c1);
+-	r[7]=c2;
+-	c2=0;
+-	mul_add_c(a[7],b[1],c3,c1,c2);
+-	mul_add_c(a[6],b[2],c3,c1,c2);
+-	mul_add_c(a[5],b[3],c3,c1,c2);
+-	mul_add_c(a[4],b[4],c3,c1,c2);
+-	mul_add_c(a[3],b[5],c3,c1,c2);
+-	mul_add_c(a[2],b[6],c3,c1,c2);
+-	mul_add_c(a[1],b[7],c3,c1,c2);
+-	r[8]=c3;
+-	c3=0;
+-	mul_add_c(a[2],b[7],c1,c2,c3);
+-	mul_add_c(a[3],b[6],c1,c2,c3);
+-	mul_add_c(a[4],b[5],c1,c2,c3);
+-	mul_add_c(a[5],b[4],c1,c2,c3);
+-	mul_add_c(a[6],b[3],c1,c2,c3);
+-	mul_add_c(a[7],b[2],c1,c2,c3);
+-	r[9]=c1;
+-	c1=0;
+-	mul_add_c(a[7],b[3],c2,c3,c1);
+-	mul_add_c(a[6],b[4],c2,c3,c1);
+-	mul_add_c(a[5],b[5],c2,c3,c1);
+-	mul_add_c(a[4],b[6],c2,c3,c1);
+-	mul_add_c(a[3],b[7],c2,c3,c1);
+-	r[10]=c2;
+-	c2=0;
+-	mul_add_c(a[4],b[7],c3,c1,c2);
+-	mul_add_c(a[5],b[6],c3,c1,c2);
+-	mul_add_c(a[6],b[5],c3,c1,c2);
+-	mul_add_c(a[7],b[4],c3,c1,c2);
+-	r[11]=c3;
+-	c3=0;
+-	mul_add_c(a[7],b[5],c1,c2,c3);
+-	mul_add_c(a[6],b[6],c1,c2,c3);
+-	mul_add_c(a[5],b[7],c1,c2,c3);
+-	r[12]=c1;
+-	c1=0;
+-	mul_add_c(a[6],b[7],c2,c3,c1);
+-	mul_add_c(a[7],b[6],c2,c3,c1);
+-	r[13]=c2;
+-	c2=0;
+-	mul_add_c(a[7],b[7],c3,c1,c2);
+-	r[14]=c3;
+-	r[15]=c1;
+-	}
+-
+-void bn_mul_comba44(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+-	{
+-#ifdef BN_LLONG
+-	BN_ULLONG t;
+-#else
+-	BN_ULONG bl,bh;
+-#endif
+-	BN_ULONG t1,t2;
+-	BN_ULONG c1,c2,c3;
+-
+-	c1=0;
+-	c2=0;
+-	c3=0;
+-	mul_add_c(a[0],b[0],c1,c2,c3);
+-	r[0]=c1;
+-	c1=0;
+-	mul_add_c(a[0],b[1],c2,c3,c1);
+-	mul_add_c(a[1],b[0],c2,c3,c1);
+-	r[1]=c2;
+-	c2=0;
+-	mul_add_c(a[2],b[0],c3,c1,c2);
+-	mul_add_c(a[1],b[1],c3,c1,c2);
+-	mul_add_c(a[0],b[2],c3,c1,c2);
+-	r[2]=c3;
+-	c3=0;
+-	mul_add_c(a[0],b[3],c1,c2,c3);
+-	mul_add_c(a[1],b[2],c1,c2,c3);
+-	mul_add_c(a[2],b[1],c1,c2,c3);
+-	mul_add_c(a[3],b[0],c1,c2,c3);
+-	r[3]=c1;
+-	c1=0;
+-	mul_add_c(a[3],b[1],c2,c3,c1);
+-	mul_add_c(a[2],b[2],c2,c3,c1);
+-	mul_add_c(a[1],b[3],c2,c3,c1);
+-	r[4]=c2;
+-	c2=0;
+-	mul_add_c(a[2],b[3],c3,c1,c2);
+-	mul_add_c(a[3],b[2],c3,c1,c2);
+-	r[5]=c3;
+-	c3=0;
+-	mul_add_c(a[3],b[3],c1,c2,c3);
+-	r[6]=c1;
+-	r[7]=c2;
+-	}
+-
+-void bn_sqr_comba88(BN_ULONG *r, BN_ULONG *a)
+-	{
+-#ifdef BN_LLONG
+-	BN_ULLONG t,tt;
+-#else
+-	BN_ULONG bl,bh;
+-#endif
+-	BN_ULONG t1,t2;
+-	BN_ULONG c1,c2,c3;
+-
+-	c1=0;
+-	c2=0;
+-	c3=0;
+-	sqr_add_c(a,0,c1,c2,c3);
+-	r[0]=c1;
+-	c1=0;
+-	sqr_add_c2(a,1,0,c2,c3,c1);
+-	r[1]=c2;
+-	c2=0;
+-	sqr_add_c(a,1,c3,c1,c2);
+-	sqr_add_c2(a,2,0,c3,c1,c2);
+-	r[2]=c3;
+-	c3=0;
+-	sqr_add_c2(a,3,0,c1,c2,c3);
+-	sqr_add_c2(a,2,1,c1,c2,c3);
+-	r[3]=c1;
+-	c1=0;
+-	sqr_add_c(a,2,c2,c3,c1);
+-	sqr_add_c2(a,3,1,c2,c3,c1);
+-	sqr_add_c2(a,4,0,c2,c3,c1);
+-	r[4]=c2;
+-	c2=0;
+-	sqr_add_c2(a,5,0,c3,c1,c2);
+-	sqr_add_c2(a,4,1,c3,c1,c2);
+-	sqr_add_c2(a,3,2,c3,c1,c2);
+-	r[5]=c3;
+-	c3=0;
+-	sqr_add_c(a,3,c1,c2,c3);
+-	sqr_add_c2(a,4,2,c1,c2,c3);
+-	sqr_add_c2(a,5,1,c1,c2,c3);
+-	sqr_add_c2(a,6,0,c1,c2,c3);
+-	r[6]=c1;
+-	c1=0;
+-	sqr_add_c2(a,7,0,c2,c3,c1);
+-	sqr_add_c2(a,6,1,c2,c3,c1);
+-	sqr_add_c2(a,5,2,c2,c3,c1);
+-	sqr_add_c2(a,4,3,c2,c3,c1);
+-	r[7]=c2;
+-	c2=0;
+-	sqr_add_c(a,4,c3,c1,c2);
+-	sqr_add_c2(a,5,3,c3,c1,c2);
+-	sqr_add_c2(a,6,2,c3,c1,c2);
+-	sqr_add_c2(a,7,1,c3,c1,c2);
+-	r[8]=c3;
+-	c3=0;
+-	sqr_add_c2(a,7,2,c1,c2,c3);
+-	sqr_add_c2(a,6,3,c1,c2,c3);
+-	sqr_add_c2(a,5,4,c1,c2,c3);
+-	r[9]=c1;
+-	c1=0;
+-	sqr_add_c(a,5,c2,c3,c1);
+-	sqr_add_c2(a,6,4,c2,c3,c1);
+-	sqr_add_c2(a,7,3,c2,c3,c1);
+-	r[10]=c2;
+-	c2=0;
+-	sqr_add_c2(a,7,4,c3,c1,c2);
+-	sqr_add_c2(a,6,5,c3,c1,c2);
+-	r[11]=c3;
+-	c3=0;
+-	sqr_add_c(a,6,c1,c2,c3);
+-	sqr_add_c2(a,7,5,c1,c2,c3);
+-	r[12]=c1;
+-	c1=0;
+-	sqr_add_c2(a,7,6,c2,c3,c1);
+-	r[13]=c2;
+-	c2=0;
+-	sqr_add_c(a,7,c3,c1,c2);
+-	r[14]=c3;
+-	r[15]=c1;
+-	}
+-
+-void bn_sqr_comba44(BN_ULONG *r, BN_ULONG *a)
+-	{
+-#ifdef BN_LLONG
+-	BN_ULLONG t,tt;
+-#else
+-	BN_ULONG bl,bh;
+-#endif
+-	BN_ULONG t1,t2;
+-	BN_ULONG c1,c2,c3;
+-
+-	c1=0;
+-	c2=0;
+-	c3=0;
+-	sqr_add_c(a,0,c1,c2,c3);
+-	r[0]=c1;
+-	c1=0;
+-	sqr_add_c2(a,1,0,c2,c3,c1);
+-	r[1]=c2;
+-	c2=0;
+-	sqr_add_c(a,1,c3,c1,c2);
+-	sqr_add_c2(a,2,0,c3,c1,c2);
+-	r[2]=c3;
+-	c3=0;
+-	sqr_add_c2(a,3,0,c1,c2,c3);
+-	sqr_add_c2(a,2,1,c1,c2,c3);
+-	r[3]=c1;
+-	c1=0;
+-	sqr_add_c(a,2,c2,c3,c1);
+-	sqr_add_c2(a,3,1,c2,c3,c1);
+-	r[4]=c2;
+-	c2=0;
+-	sqr_add_c2(a,3,2,c3,c1,c2);
+-	r[5]=c3;
+-	c3=0;
+-	sqr_add_c(a,3,c1,c2,c3);
+-	r[6]=c1;
+-	r[7]=c2;
+-	}
+Index: crypto/openssl/crypto/bn/bn_div.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bn/bn_div.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 bn_div.c
+--- crypto/openssl/crypto/bn/bn_div.c	4 Jul 2001 23:19:14 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/bn/bn_div.c	31 Jul 2002 00:46:52 -0000
+@@ -128,7 +128,7 @@
+ 
+ #if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W)
+ # if defined(__GNUC__) && __GNUC__>=2
+-#  if defined(__i386)
++#  if defined(__i386) || defined (__i386__)
+    /*
+     * There were two reasons for implementing this template:
+     * - GNU C generates a call to a function (__udivdi3 to be exact)
+@@ -190,10 +190,10 @@
+ 
+ 	/* First we normalise the numbers */
+ 	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
+-	BN_lshift(sdiv,divisor,norm_shift);
++	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
+ 	sdiv->neg=0;
+ 	norm_shift+=BN_BITS2;
+-	BN_lshift(snum,num,norm_shift);
++	if (!(BN_lshift(snum,num,norm_shift))) goto err;
+ 	snum->neg=0;
+ 	div_n=sdiv->top;
+ 	num_n=snum->top;
+@@ -315,7 +315,7 @@
+ 		tmp->top=j;
+ 
+ 		j=wnum.top;
+-		BN_sub(&wnum,&wnum,tmp);
++		if (!BN_sub(&wnum,&wnum,tmp)) goto err;
+ 
+ 		snum->top=snum->top+wnum.top-j;
+ 
+@@ -323,7 +323,7 @@
+ 			{
+ 			q--;
+ 			j=wnum.top;
+-			BN_add(&wnum,&wnum,sdiv);
++			if (!BN_add(&wnum,&wnum,sdiv)) goto err;
+ 			snum->top+=wnum.top-j;
+ 			}
+ 		*(resp--)=q;
+Index: crypto/openssl/crypto/bn/bn_gcd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bn/bn_gcd.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 bn_gcd.c
+--- crypto/openssl/crypto/bn/bn_gcd.c	20 Aug 2000 08:46:15 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/bn/bn_gcd.c	31 Jul 2002 00:46:52 -0000
+@@ -168,8 +168,8 @@
+ 		R=in;
+ 	if (R == NULL) goto err;
+ 
+-	BN_zero(X);
+-	BN_one(Y);
++	if (!BN_zero(X)) goto err;
++	if (!BN_one(Y)) goto err;
+ 	if (BN_copy(A,a) == NULL) goto err;
+ 	if (BN_copy(B,n) == NULL) goto err;
+ 	sign=1;
+Index: crypto/openssl/crypto/bn/bn_mont.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bn/bn_mont.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bn_mont.c
+--- crypto/openssl/crypto/bn/bn_mont.c	26 Nov 2000 11:33:18 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/bn/bn_mont.c	31 Jul 2002 00:46:53 -0000
+@@ -224,7 +224,7 @@
+ 
+ 	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
+ 	if (!BN_add(t2,a,t1)) goto err;
+-	BN_rshift(ret,t2,mont->ri);
++	if (!BN_rshift(ret,t2,mont->ri)) goto err;
+ #endif /* MONT_WORD */
+ 
+ 	if (BN_ucmp(ret, &(mont->N)) >= 0)
+@@ -284,8 +284,8 @@
+ 		BN_ULONG buf[2];
+ 
+ 		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+-		BN_zero(R);
+-		BN_set_bit(R,BN_BITS2);			/* R */
++		if (!(BN_zero(R))) goto err;
++		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
+ 
+ 		buf[0]=mod->d[0]; /* tmod = N mod word size */
+ 		buf[1]=0;
+@@ -296,36 +296,44 @@
+ 							/* Ri = R^-1 mod N*/
+ 		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
+ 			goto err;
+-		BN_lshift(&Ri,&Ri,BN_BITS2);		/* R*Ri */
++		/* R*Ri */
++		if (!(BN_lshift(&Ri,&Ri,BN_BITS2))) goto err;
+ 		if (!BN_is_zero(&Ri))
+-			BN_sub_word(&Ri,1);
++			{
++		   	if (!BN_sub_word(&Ri,1)) goto err;
++			}
+ 		else /* if N mod word size == 1 */
+-			BN_set_word(&Ri,BN_MASK2);  /* Ri-- (mod word size) */
+-		BN_div(&Ri,NULL,&Ri,&tmod,ctx);	/* Ni = (R*Ri-1)/N,
+-		                                 * keep only least significant word: */
++		   	/* Ri-- (mod word size) */
++			{
++			if (!BN_set_word(&Ri,BN_MASK2)) goto err;
++			}
++		/* Ni = (R*Ri-1)/N, keep only least significant word: */
++                if (!(BN_div(&Ri,NULL,&Ri,&tmod,ctx))) goto err;
+ 		mont->n0=Ri.d[0];
+ 		BN_free(&Ri);
+ 		}
+ #else /* !MONT_WORD */
+ 		{ /* bignum version */
+ 		mont->ri=BN_num_bits(mod);
+-		BN_zero(R);
+-		BN_set_bit(R,mont->ri);			/* R = 2^ri */
++		if (!(BN_zero(R))) goto err;
++		/* R = 2^ri */
++		if (!(BN_set_bit(R,mont->ri))) goto err;
+ 							/* Ri = R^-1 mod N*/
+ 		if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
+ 			goto err;
+-		BN_lshift(&Ri,&Ri,mont->ri);		/* R*Ri */
+-		BN_sub_word(&Ri,1);
++		/* R*Ri */
++		if (!(BN_lshift(&Ri,&Ri,mont->ri))) goto err;
++		if (!(BN_sub_word(&Ri,1))) goto err;
+ 							/* Ni = (R*Ri-1) / N */
+-		BN_div(&(mont->Ni),NULL,&Ri,mod,ctx);
++		if (!(BN_div(&(mont->Ni),NULL,&Ri,mod,ctx))) goto err;
+ 		BN_free(&Ri);
+ 		}
+ #endif
+ 
+ 	/* setup RR for conversions */
+-	BN_zero(&(mont->RR));
+-	BN_set_bit(&(mont->RR),mont->ri*2);
+-	BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx);
++	if (!(BN_zero(&(mont->RR)))) goto err;
++	if (!(BN_set_bit(&(mont->RR),mont->ri*2))) goto err;
++	if (!(BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx))) goto err;
+ 
+ 	return(1);
+ err:
+@@ -336,9 +344,9 @@
+ 	{
+ 	if (to == from) return(to);
+ 
+-	BN_copy(&(to->RR),&(from->RR));
+-	BN_copy(&(to->N),&(from->N));
+-	BN_copy(&(to->Ni),&(from->Ni));
++	if (!(BN_copy(&(to->RR),&(from->RR)))) return NULL;
++	if (!(BN_copy(&(to->N),&(from->N)))) return NULL;
++	if (!(BN_copy(&(to->Ni),&(from->Ni)))) return NULL;
+ 	to->ri=from->ri;
+ 	to->n0=from->n0;
+ 	return(to);
+Index: crypto/openssl/crypto/bn/bn_mul.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bn/bn_mul.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bn_mul.c
+--- crypto/openssl/crypto/bn/bn_mul.c	26 Nov 2000 11:33:18 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/bn/bn_mul.c	31 Jul 2002 00:46:53 -0000
+@@ -634,7 +634,7 @@
+ 
+ 	if ((al == 0) || (bl == 0))
+ 		{
+-		BN_zero(r);
++		if (!BN_zero(r)) goto err;
+ 		return(1);
+ 		}
+ 	top=al+bl;
+@@ -677,14 +677,14 @@
+ 		{
+ 		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+ 			{
+-			bn_wexpand(b,al);
++			if (bn_wexpand(b,al) == NULL) goto err;
+ 			b->d[bl]=0;
+ 			bl++;
+ 			i--;
+ 			}
+ 		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+ 			{
+-			bn_wexpand(a,bl);
++			if (bn_wexpand(a,bl) == NULL) goto err;
+ 			a->d[al]=0;
+ 			al++;
+ 			i++;
+@@ -699,16 +699,16 @@
+ 			t = BN_CTX_get(ctx);
+ 			if (al == j) /* exact multiple */
+ 				{
+-				bn_wexpand(t,k*2);
+-				bn_wexpand(rr,k*2);
++				if (bn_wexpand(t,k*2) == NULL) goto err;
++				if (bn_wexpand(rr,k*2) == NULL) goto err;
+ 				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+ 				}
+ 			else
+ 				{
+-				bn_wexpand(a,k);
+-				bn_wexpand(b,k);
+-				bn_wexpand(t,k*4);
+-				bn_wexpand(rr,k*4);
++				if (bn_wexpand(a,k) == NULL ) goto err;
++				if (bn_wexpand(b,k) == NULL ) goto err;
++				if (bn_wexpand(t,k*4) == NULL ) goto err;
++				if (bn_wexpand(rr,k*4) == NULL ) goto err;
+ 				for (i=a->top; i<k; i++)
+ 					a->d[i]=0;
+ 				for (i=b->top; i<k; i++)
+Index: crypto/openssl/crypto/bn/bn_opts.c
+===================================================================
+RCS file: crypto/openssl/crypto/bn/bn_opts.c
+diff -N crypto/openssl/crypto/bn/bn_opts.c
+--- crypto/openssl/crypto/bn/bn_opts.c	10 Jan 2000 06:21:29 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,324 +0,0 @@
+-/* crypto/bn/expspeed.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-/* most of this code has been pilfered from my libdes speed.c program */
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <signal.h>
+-#include <string.h>
+-#include <openssl/crypto.h>
+-#include <openssl/tmdiff.h>
+-#include <openssl/bn.h>
+-#include <openssl/err.h>
+-
+-#define DEFAULT_SIZE	512
+-#define DEFAULT_TIME	3
+-
+-int verbose=1;
+-
+-typedef struct parms_st
+-	{
+-	char *name;
+-	void (*func)();
+-	BIGNUM r;
+-	BIGNUM a;
+-	BIGNUM b;
+-	BIGNUM c;
+-	BIGNUM low;
+-	BN_CTX *ctx;
+-	BN_MONT_CTX *mont;
+-	int w;
+-	} PARMS;
+-
+-void do_mul_exp(int num,PARMS *p);
+-void do_mul(int num,PARMS *p);
+-void do_sqr(int num,PARMS *p);
+-void do_mul_low(int num,PARMS *p);
+-void do_mul_high(int num,PARMS *p);
+-void do_from_montgomery(int num,PARMS *p);
+-int time_it(int sec, PARMS *p);
+-void do_it(int sec, PARMS *p);
+-
+-#define P_EXP	1
+-#define P_MUL	2
+-#define P_SQR	3
+-#define P_MULL	4
+-#define P_MULH	5
+-#define P_MRED	6
+-
+-int main(int argc, char **argv)
+-	{
+-	PARMS p;
+-	BN_MONT_CTX *mont;
+-	int size=0,num;
+-	char *name;
+-	int type=P_EXP;
+-
+-	mont=BN_MONT_CTX_new();
+-	p.mont=NULL;
+-	p.ctx=BN_CTX_new();
+-	BN_init(&p.r);
+-	BN_init(&p.a);
+-	BN_init(&p.b);
+-	BN_init(&p.c);
+-	BN_init(&p.low);
+-	p.w=0;
+-
+-	for (;;)
+-		{
+-		if (argc > 1)
+-			{
+-			if (argv[1][0] == '-')
+-				{
+-				switch(argv[1][1])
+-					{
+-				case 'e': type=P_EXP; break;
+-				case 'm': type=P_MUL; break;
+-				case 's': type=P_SQR; break;
+-				case 'l': type=P_MULL; break;
+-				case 'h': type=P_MULH; break;
+-				case 'r': type=P_MRED; break;
+-				default:
+-					fprintf(stderr,"options: -[emslhr]\n");
+-					exit(1);
+-					}
+-				}
+-			else
+-				{
+-				size=atoi(argv[1]);
+-				}
+-			argc--;
+-			argv++;
+-			}
+-		else
+-			break;
+-		}
+-	if (size == 0)
+-		size=DEFAULT_SIZE;
+-
+-	printf("bit size:%5d\n",size);
+-
+-	BN_rand(&p.a,size,1,0);
+-	BN_rand(&p.b,size,1,0);
+-	BN_rand(&p.c,size,1,1);
+-	BN_mod(&p.a,&p.a,&p.c,p.ctx);
+-	BN_mod(&p.b,&p.b,&p.c,p.ctx);
+-	p.w=(p.a.top+1)/2;
+-
+-	BN_mul(&p.low,&p.a,&p.b,p.ctx);
+-	p.low.top=p.a.top;
+-	
+-	switch(type)
+-		{
+-	case P_EXP:
+-		p.name="r=a^b%c";
+-		p.func=do_mul_exp;
+-		p.mont=mont;
+-		break;
+-	case P_MUL:
+-		p.name="r=a*b";
+-		p.func=do_mul;
+-		break;
+-	case P_SQR:
+-		p.name="r=a*a";
+-		p.func=do_sqr;
+-		break;
+-	case P_MULL:
+-		p.name="r=low(a*b)";
+-		p.func=do_mul_low;
+-		break;
+-	case P_MULH:
+-		p.name="r=high(a*b)";
+-		p.func=do_mul_high;
+-		break;
+-	case P_MRED:
+-		p.name="r=montgomery_reduction(a)";
+-		p.func=do_from_montgomery;
+-		p.mont=mont;
+-		break;
+-	default:
+-		fprintf(stderr,"options: -[emslhr]\n");
+-		exit(1);
+-		}
+-
+-	num=time_it(DEFAULT_TIME,&p);
+-	do_it(num,&p);
+-	}
+-
+-void do_it(int num, PARMS *p)
+-	{
+-	char *start,*end;
+-	int i,j,number;
+-	double d;
+-
+-	start=ms_time_new();
+-	end=ms_time_new();
+-
+-	number=BN_num_bits_word((BN_ULONG)BN_num_bits(&(p->c)))-
+-		BN_num_bits_word(BN_BITS2)+2;
+-	for (i=number-1; i >=0; i--)
+-		{
+-		if (i == 1) continue;
+-		BN_set_params(i,i,i,1);
+-		if (p->mont != NULL)
+-			BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
+-
+-		printf("Timing %5d (%2d bit) %2d %2d %2d %2d :",
+-			(1<<i)*BN_BITS2,i,
+-				BN_get_params(0),
+-				BN_get_params(1),
+-				BN_get_params(2),
+-				BN_get_params(3));
+-		fflush(stdout);
+-
+-		ms_time_get(start);
+-		p->func(num,p);
+-		ms_time_get(end);
+-		d=ms_time_diff(start,end);
+-		printf("%6.6f sec, or %d in %.4f seconds\n",
+-			(double)d/num,num,d);
+-		}
+-	}
+-
+-int time_it(int sec, PARMS *p)
+-	{
+-	char *start,*end;
+-	int i,j;
+-	double d;
+-
+-	if (p->mont != NULL)
+-		BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
+-
+-	start=ms_time_new();
+-	end=ms_time_new();
+-
+-	i=1;
+-	for (;;)
+-		{
+-		if (verbose)
+-			printf("timing %s for %d interations\n",p->name,i);
+-
+-		ms_time_get(start);
+-		p->func(i,p);
+-		ms_time_get(end);
+-		d=ms_time_diff(start,end);
+-
+-		if 	(d < 0.01) i*=100;
+-		else if (d < 0.1 ) i*=10;
+-		else if (d > (double)sec) break;
+-		else
+-			{
+-			i=(int)(1.0*i*sec/d);
+-			break;
+-			}
+-		}
+-	if (verbose)
+-		printf("using %d interations\n",i);
+-	return(i);
+-	}
+-
+-void do_mul_exp(int num, PARMS *p)
+-	{
+-	int i;
+-
+-	for (i=0; i<num; i++)
+-		BN_mod_exp_mont(&(p->r),&(p->a),&(p->b),&(p->c),
+-			p->ctx,p->mont);
+-	}
+-
+-void do_mul(int num, PARMS *p)
+-	{
+-	int i;
+-
+-	for (i=0; i<num; i++)
+-		BN_mul(&(p->r),&(p->a),&(p->b),p->ctx);
+-	}
+-
+-void do_sqr(int num, PARMS *p)
+-	{
+-	int i;
+-
+-	for (i=0; i<num; i++)
+-			BN_sqr(&(p->r),&(p->a),p->ctx);
+-	}
+-
+-void do_mul_low(int num, PARMS *p)
+-	{
+-	int i;
+-	
+-	for (i=0; i<num; i++)
+-		BN_mul_low(&(p->r),&(p->a),&(p->b),p->w,p->ctx);
+-	}
+-
+-void do_mul_high(int num, PARMS *p)
+-	{
+-	int i;
+-
+-	for (i=0; i<num; i++)
+-		BN_mul_low(&(p->r),&(p->a),&(p->b),&(p->low),p->w,p->ctx);
+-	}
+-
+-void do_from_montgomery(int num, PARMS *p)
+-	{
+-	int i;
+-	
+-	for (i=0; i<num; i++)
+-		BN_from_montgomery(&(p->r),&(p->a),p->mont,p->ctx);
+-	}
+-
+Index: crypto/openssl/crypto/bn/bn_prime.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bn/bn_prime.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 bn_prime.c
+--- crypto/openssl/crypto/bn/bn_prime.c	20 Aug 2000 08:46:15 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/bn/bn_prime.c	31 Jul 2002 00:46:53 -0000
+@@ -225,12 +225,15 @@
+ 	BN_MONT_CTX *mont = NULL;
+ 	const BIGNUM *A = NULL;
+ 
++	if (BN_cmp(a, BN_value_one()) <= 0)
++		return 0;
++	
+ 	if (checks == BN_prime_checks)
+ 		checks = BN_prime_checks_for_size(BN_num_bits(a));
+ 
+ 	/* first look for small factors */
+ 	if (!BN_is_odd(a))
+-		return(0);
++		return 0;
+ 	if (do_trial_division)
+ 		{
+ 		for (i = 1; i < NUMPRIMES; i++)
+@@ -289,11 +292,8 @@
+ 	
+ 	for (i = 0; i < checks; i++)
+ 		{
+-		if (!BN_pseudo_rand(check, BN_num_bits(A1), 0, 0))
++		if (!BN_pseudo_rand_range(check, A1))
+ 			goto err;
+-		if (BN_cmp(check, A1) >= 0)
+-			if (!BN_sub(check, check, A1))
+-				goto err;
+ 		if (!BN_add_word(check, 1))
+ 			goto err;
+ 		/* now 1 <= check < A */
+Index: crypto/openssl/crypto/bn/bn_rand.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bn/bn_rand.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 bn_rand.c
+--- crypto/openssl/crypto/bn/bn_rand.c	4 Jul 2001 23:19:14 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/bn/bn_rand.c	31 Jul 2002 00:46:53 -0000
+@@ -55,6 +55,59 @@
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
+  */
++/* ====================================================================
++ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
+ 
+ #include <stdio.h>
+ #include <time.h>
+@@ -172,8 +225,9 @@
+ #endif
+ 
+ /* random number r:  0 <= r < range */
+-int	BN_rand_range(BIGNUM *r, BIGNUM *range)
++static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
+ 	{
++	int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
+ 	int n;
+ 
+ 	if (range->neg || BN_is_zero(range))
+@@ -184,26 +238,19 @@
+ 
+ 	n = BN_num_bits(range); /* n > 0 */
+ 
++	/* BN_is_bit_set(range, n - 1) always holds */
++
+ 	if (n == 1)
+ 		{
+ 		if (!BN_zero(r)) return 0;
+ 		}
+-	else if (BN_is_bit_set(range, n - 2))
+-		{
+-		do
+-			{
+-			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
+-			if (!BN_rand(r, n, -1, 0)) return 0;
+-			}
+-		while (BN_cmp(r, range) >= 0);
+-		}
+-	else
++	else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
+ 		{
+-		/* range = 10..._2,
++		/* range = 100..._2,
+ 		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
+ 		do
+ 			{
+-			if (!BN_rand(r, n + 1, -1, 0)) return 0;
++			if (!bn_rand(r, n + 1, -1, 0)) return 0;
+ 			/* If  r < 3*range,  use  r := r MOD range
+ 			 * (which is either  r, r - range,  or  r - 2*range).
+ 			 * Otherwise, iterate once more.
+@@ -218,6 +265,26 @@
+ 			}
+ 		while (BN_cmp(r, range) >= 0);
+ 		}
++	else
++		{
++		do
++			{
++			/* range = 11..._2  or  range = 101..._2 */
++			if (!bn_rand(r, n, -1, 0)) return 0;
++			}
++		while (BN_cmp(r, range) >= 0);
++		}
+ 
+ 	return 1;
++	}
++
++
++int	BN_rand_range(BIGNUM *r, BIGNUM *range)
++	{
++	return bn_rand_range(0, r, range);
++	}
++
++int	BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
++	{
++	return bn_rand_range(1, r, range);
+ 	}
+Index: crypto/openssl/crypto/bn/bn_sqr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bn/bn_sqr.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bn_sqr.c
+--- crypto/openssl/crypto/bn/bn_sqr.c	26 Nov 2000 11:33:19 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/bn/bn_sqr.c	31 Jul 2002 00:46:53 -0000
+@@ -245,7 +245,7 @@
+ 	if (!zero)
+ 		bn_sqr_recursive(&(t[n2]),t,n,p);
+ 	else
+-		memset(&(t[n2]),0,n*sizeof(BN_ULONG));
++		memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
+ 	bn_sqr_recursive(r,a,n,p);
+ 	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+ 
+Index: crypto/openssl/crypto/bn/comba.pl
+===================================================================
+RCS file: crypto/openssl/crypto/bn/comba.pl
+diff -N crypto/openssl/crypto/bn/comba.pl
+--- crypto/openssl/crypto/bn/comba.pl	10 Jan 2000 06:21:29 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,285 +0,0 @@
+-#!/usr/local/bin/perl
+-
+-$num=8;
+-$num2=8/2;
+-
+-print <<"EOF";
+-/* crypto/bn/bn_comba.c */
+-#include <stdio.h>
+-#include "bn_lcl.h"
+-/* Auto generated from crypto/bn/comba.pl
+- */
+-
+-#undef bn_mul_comba8
+-#undef bn_mul_comba4
+-#undef bn_sqr_comba8
+-#undef bn_sqr_comba4
+-
+-#ifdef BN_LLONG
+-#define mul_add_c(a,b,c0,c1,c2) \\
+-	t=(BN_ULLONG)a*b; \\
+-	t1=(BN_ULONG)Lw(t); \\
+-	t2=(BN_ULONG)Hw(t); \\
+-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define mul_add_c2(a,b,c0,c1,c2) \\
+-	t=(BN_ULLONG)a*b; \\
+-	tt=(t+t)&BN_MASK; \\
+-	if (tt < t) c2++; \\
+-	t1=(BN_ULONG)Lw(tt); \\
+-	t2=(BN_ULONG)Hw(tt); \\
+-	c0=(c0+t1)&BN_MASK2;  \\
+-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define sqr_add_c(a,i,c0,c1,c2) \\
+-	t=(BN_ULLONG)a[i]*a[i]; \\
+-	t1=(BN_ULONG)Lw(t); \\
+-	t2=(BN_ULONG)Hw(t); \\
+-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define sqr_add_c2(a,i,j,c0,c1,c2) \\
+-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+-#else
+-#define mul_add_c(a,b,c0,c1,c2) \\
+-	t1=LBITS(a); t2=HBITS(a); \\
+-	bl=LBITS(b); bh=HBITS(b); \\
+-	mul64(t1,t2,bl,bh); \\
+-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define mul_add_c2(a,b,c0,c1,c2) \\
+-	t1=LBITS(a); t2=HBITS(a); \\
+-	bl=LBITS(b); bh=HBITS(b); \\
+-	mul64(t1,t2,bl,bh); \\
+-	if (t2 & BN_TBIT) c2++; \\
+-	t2=(t2+t2)&BN_MASK2; \\
+-	if (t1 & BN_TBIT) t2++; \\
+-	t1=(t1+t1)&BN_MASK2; \\
+-	c0=(c0+t1)&BN_MASK2;  \\
+-	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define sqr_add_c(a,i,c0,c1,c2) \\
+-	sqr64(t1,t2,(a)[i]); \\
+-	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+-	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+-
+-#define sqr_add_c2(a,i,j,c0,c1,c2) \\
+-	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+-#endif
+-
+-void bn_mul_comba${num}(r,a,b)
+-BN_ULONG *r,*a,*b;
+-	{
+-#ifdef BN_LLONG
+-	BN_ULLONG t;
+-#else
+-	BN_ULONG bl,bh;
+-#endif
+-	BN_ULONG t1,t2;
+-	BN_ULONG c1,c2,c3;
+-
+-EOF
+-$ret=&combas_mul("r","a","b",$num,"c1","c2","c3");
+-printf <<"EOF";
+-	}
+-
+-void bn_mul_comba${num2}(r,a,b)
+-BN_ULONG *r,*a,*b;
+-	{
+-#ifdef BN_LLONG
+-	BN_ULLONG t;
+-#else
+-	BN_ULONG bl,bh;
+-#endif
+-	BN_ULONG t1,t2;
+-	BN_ULONG c1,c2,c3;
+-
+-EOF
+-$ret=&combas_mul("r","a","b",$num2,"c1","c2","c3");
+-printf <<"EOF";
+-	}
+-
+-void bn_sqr_comba${num}(r,a)
+-BN_ULONG *r,*a;
+-	{
+-#ifdef BN_LLONG
+-	BN_ULLONG t,tt;
+-#else
+-	BN_ULONG bl,bh;
+-#endif
+-	BN_ULONG t1,t2;
+-	BN_ULONG c1,c2,c3;
+-
+-EOF
+-$ret=&combas_sqr("r","a",$num,"c1","c2","c3");
+-printf <<"EOF";
+-	}
+-
+-void bn_sqr_comba${num2}(r,a)
+-BN_ULONG *r,*a;
+-	{
+-#ifdef BN_LLONG
+-	BN_ULLONG t,tt;
+-#else
+-	BN_ULONG bl,bh;
+-#endif
+-	BN_ULONG t1,t2;
+-	BN_ULONG c1,c2,c3;
+-
+-EOF
+-$ret=&combas_sqr("r","a",$num2,"c1","c2","c3");
+-printf <<"EOF";
+-	}
+-EOF
+-
+-sub bn_str
+-	{
+-	local($var,$val)=@_;
+-	print "\t$var=$val;\n";
+-	}
+-
+-sub bn_ary
+-	{
+-	local($var,$idx)=@_;
+-	return("${var}[$idx]");
+-	}
+-
+-sub bn_clr
+-	{
+-	local($var)=@_;
+-
+-	print "\t$var=0;\n";
+-	}
+-
+-sub bn_mad
+-	{
+-	local($a,$b,$c0,$c1,$c2,$num)=@_;
+-
+-	if ($num == 2)
+-		{ printf("\tmul_add_c2($a,$b,$c0,$c1,$c2);\n"); }
+-	else
+-		{ printf("\tmul_add_c($a,$b,$c0,$c1,$c2);\n"); }
+-	}
+-
+-sub bn_sad
+-	{
+-	local($a,$i,$j,$c0,$c1,$c2,$num)=@_;
+-
+-	if ($num == 2)
+-		{ printf("\tsqr_add_c2($a,$i,$j,$c0,$c1,$c2);\n"); }
+-	else
+-		{ printf("\tsqr_add_c($a,$i,$c0,$c1,$c2);\n"); }
+-	}
+-
+-sub combas_mul
+-	{
+-	local($r,$a,$b,$num,$c0,$c1,$c2)=@_;
+-	local($i,$as,$ae,$bs,$be,$ai,$bi);
+-	local($tot,$end);
+-
+-	$as=0;
+-	$ae=0;
+-	$bs=0;
+-	$be=0;
+-	$tot=$num+$num-1;
+-	&bn_clr($c0);
+-	&bn_clr($c1);
+-	for ($i=0; $i<$tot; $i++)
+-		{
+-		$ai=$as;
+-		$bi=$bs;
+-		$end=$be+1;
+-		@numa=@numb=();
+-
+-#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
+-		for ($j=$bs; $j<$end; $j++)
+-			{
+-			push(@numa,$ai);
+-			push(@numb,$bi);
+-			$ai--;
+-			$bi++;
+-			}
+-
+-		if ($i & 1)
+-			{
+-			@numa=reverse(@numa);
+-			@numb=reverse(@numb);
+-			}
+-
+-		&bn_clr($c2);
+-		for ($j=0; $j<=$#numa; $j++)
+-			{
+-			&bn_mad(&bn_ary($a,$numa[$j]),
+-				&bn_ary($b,$numb[$j]),$c0,$c1,$c2,1);
+-			}
+-		&bn_str(&bn_ary($r,$i),$c0);
+-		($c0,$c1,$c2)=($c1,$c2,$c0);
+-
+-		$as++ if ($i < ($num-1));
+-		$ae++ if ($i >= ($num-1));
+-
+-		$bs++ if ($i >= ($num-1));
+-		$be++ if ($i < ($num-1));
+-		}
+-	&bn_str(&bn_ary($r,$i),$c0);
+-	}
+-
+-sub combas_sqr
+-	{
+-	local($r,$a,$num,$c0,$c1,$c2)=@_;
+-	local($i,$as,$ae,$bs,$be,$ai,$bi);
+-	local($b,$tot,$end,$half);
+-
+-	$b=$a;
+-	$as=0;
+-	$ae=0;
+-	$bs=0;
+-	$be=0;
+-	$tot=$num+$num-1;
+-	&bn_clr($c0);
+-	&bn_clr($c1);
+-	for ($i=0; $i<$tot; $i++)
+-		{
+-		$ai=$as;
+-		$bi=$bs;
+-		$end=$be+1;
+-		@numa=@numb=();
+-
+-#print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
+-		for ($j=$bs; $j<$end; $j++)
+-			{
+-			push(@numa,$ai);
+-			push(@numb,$bi);
+-			$ai--;
+-			$bi++;
+-			last if ($ai < $bi);
+-			}
+-		if (!($i & 1))
+-			{
+-			@numa=reverse(@numa);
+-			@numb=reverse(@numb);
+-			}
+-
+-		&bn_clr($c2);
+-		for ($j=0; $j <= $#numa; $j++)
+-			{
+-			if ($numa[$j] == $numb[$j])
+-				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,1);}
+-			else
+-				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,2);}
+-			}
+-		&bn_str(&bn_ary($r,$i),$c0);
+-		($c0,$c1,$c2)=($c1,$c2,$c0);
+-
+-		$as++ if ($i < ($num-1));
+-		$ae++ if ($i >= ($num-1));
+-
+-		$bs++ if ($i >= ($num-1));
+-		$be++ if ($i < ($num-1));
+-		}
+-	&bn_str(&bn_ary($r,$i),$c0);
+-	}
+Index: crypto/openssl/crypto/bn/d.c
+===================================================================
+RCS file: crypto/openssl/crypto/bn/d.c
+diff -N crypto/openssl/crypto/bn/d.c
+--- crypto/openssl/crypto/bn/d.c	10 Jan 2000 06:21:29 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,72 +0,0 @@
+-#include <stdio.h>
+-#include <openssl/bio.h>
+-#include "bn_lcl.h"
+-
+-#define SIZE_A (100*4+4)
+-#define SIZE_B (13*4)
+-
+-main(argc,argv)
+-int argc;
+-char *argv[];
+-	{
+-	BN_CTX ctx;
+-	BN_RECP_CTX recp;
+-	BIGNUM a,b,dd,d,r,rr,t,l;
+-	int i;
+-
+-	MemCheck_start();
+-	MemCheck_on();
+-	BN_CTX_init(&ctx);
+-	BN_RECP_CTX_init(&recp);
+-
+-	BN_init(&r);
+-	BN_init(&rr);
+-	BN_init(&d);
+-	BN_init(&dd);
+-	BN_init(&a);
+-	BN_init(&b);
+-
+-	{
+-	BN_rand(&a,SIZE_A,0,0);
+-	BN_rand(&b,SIZE_B,0,0);
+-
+-	a.neg=1;
+-	BN_RECP_CTX_set(&recp,&b,&ctx);
+-
+-	BN_print_fp(stdout,&a); printf(" a\n");
+-	BN_print_fp(stdout,&b); printf(" b\n");
+-
+-	BN_print_fp(stdout,&recp.N); printf(" N\n");
+-	BN_print_fp(stdout,&recp.Nr); printf(" Nr num_bits=%d\n",recp.num_bits);
+-
+-	BN_div_recp(&r,&d,&a,&recp,&ctx);
+-
+-for (i=0; i<300; i++)
+-	BN_div(&rr,&dd,&a,&b,&ctx);
+-
+-	BN_print_fp(stdout,&r); printf(" div recp\n");
+-	BN_print_fp(stdout,&rr); printf(" div\n");
+-	BN_print_fp(stdout,&d); printf(" rem recp\n");
+-	BN_print_fp(stdout,&dd); printf(" rem\n");
+-	}
+-	BN_CTX_free(&ctx);
+-	BN_RECP_CTX_free(&recp);
+-
+-	BN_free(&r);
+-	BN_free(&rr);
+-	BN_free(&d);
+-	BN_free(&dd);
+-	BN_free(&a);
+-	BN_free(&b);
+-
+-	{
+-	BIO *out;
+-
+-	if ((out=BIO_new(BIO_s_file())) != NULL)
+-		BIO_set_fp(out,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+-
+-        CRYPTO_mem_leaks(out);
+-	BIO_free(out);
+-	}
+-
+-	}
+Index: crypto/openssl/crypto/bn/new
+===================================================================
+RCS file: crypto/openssl/crypto/bn/new
+diff -N crypto/openssl/crypto/bn/new
+--- crypto/openssl/crypto/bn/new	10 Jan 2000 06:21:30 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,23 +0,0 @@
+-void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+-BN_RECP_CTX *BN_RECP_CTX_new();
+-void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+-int BN_RECP_CTX_set(BN_RECP_CTX *recp,BIGNUM *div,BN_CTX *ctx);
+-
+-int BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
+-	BN_RECP_CTX *recp,BN_CTX *ctx);
+-
+-int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d,
+-	BN_RECP_CTX *recp, BN_CTX *ctx);
+-int BN_mod_recp(BIGNUM *rem, BIGNUM *m, BIGNUM *d,
+-	BN_RECP_CTX *recp, BN_CTX *ctx);
+-int BN_mod_mul_recp(BIGNUM *ret,BIGNUM *a,BIGNUM *b,BIGNUM *m
+-
+-int BN_mod_exp_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *p,
+-	BN_MONT_CTX *m_ctx,BN_CTX *ctx);
+-int BN_mod_exp2_montgomery(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
+-                BIGNUM *p2,BN_MONT_CTX *m_ctx,BN_CTX *ctx);
+-
+-
+-bn_div64 -> bn_div_words
+-
+-
+cvs diff: Diffing crypto/openssl/crypto/bn/asm
+Index: crypto/openssl/crypto/bn/asm/mips3.s
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/bn/asm/mips3.s,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 mips3.s
+--- crypto/openssl/crypto/bn/asm/mips3.s	4 Jul 2001 23:19:15 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/bn/asm/mips3.s	31 Jul 2002 00:46:52 -0000
+@@ -1,5 +1,5 @@
+ .rdata
+-.asciiz "mips3.s, Version 1.0"
++.asciiz	"mips3.s, Version 1.1"
+ .asciiz	"MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+ 
+ /*
+@@ -849,6 +849,7 @@
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
++	sltu	c_3,c_2,t_2
+ 	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -856,7 +857,8 @@
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
+-	sltu	c_3,c_2,t_2
++	sltu	AT,c_2,t_2
++	daddu	c_3,AT
+ 	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -884,6 +886,7 @@
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
++	sltu	c_1,c_3,t_2
+ 	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -891,7 +894,8 @@
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
++	sltu	AT,c_3,t_2
++	daddu	c_1,AT
+ 	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -928,6 +932,7 @@
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
++	sltu	c_2,c_1,t_2
+ 	dmultu	a_1,b_4		/* mul_add_c(a[1],b[4],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -935,7 +940,8 @@
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
+-	sltu	c_2,c_1,t_2
++	sltu	AT,c_1,t_2
++	daddu	c_2,AT
+ 	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -981,6 +987,7 @@
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
++	sltu	c_3,c_2,t_2
+ 	dmultu	a_5,b_1		/* mul_add_c(a[5],b[1],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -988,7 +995,8 @@
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
+-	sltu	c_3,c_2,t_2
++	sltu	AT,c_2,t_2
++	daddu	c_3,AT
+ 	dmultu	a_4,b_2		/* mul_add_c(a[4],b[2],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1043,6 +1051,7 @@
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
++	sltu	c_1,c_3,t_2
+ 	dmultu	a_1,b_6		/* mul_add_c(a[1],b[6],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1050,7 +1059,8 @@
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
++	sltu	AT,c_3,t_2
++	daddu	c_1,AT
+ 	dmultu	a_2,b_5		/* mul_add_c(a[2],b[5],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1114,6 +1124,7 @@
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
++	sltu	c_2,c_1,t_2
+ 	dmultu	a_6,b_2		/* mul_add_c(a[6],b[2],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1121,7 +1132,8 @@
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
+-	sltu	c_2,c_1,t_2
++	sltu	AT,c_1,t_2
++	daddu	c_2,AT
+ 	dmultu	a_5,b_3		/* mul_add_c(a[5],b[3],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1176,6 +1188,7 @@
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
++	sltu	c_3,c_2,t_2
+ 	dmultu	a_3,b_6		/* mul_add_c(a[3],b[6],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1183,7 +1196,8 @@
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
+-	sltu	c_3,c_2,t_2
++	sltu	AT,c_2,t_2
++	daddu	c_3,AT
+ 	dmultu	a_4,b_5		/* mul_add_c(a[4],b[5],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1229,6 +1243,7 @@
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
++	sltu	c_1,c_3,t_2
+ 	dmultu	a_6,b_4		/* mul_add_c(a[6],b[4],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1236,7 +1251,8 @@
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
++	sltu	AT,c_3,t_2
++	daddu	c_1,AT
+ 	dmultu	a_5,b_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1273,6 +1289,7 @@
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
++	sltu	c_2,c_1,t_2
+ 	dmultu	a_5,b_6		/* mul_add_c(a[5],b[6],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1280,7 +1297,8 @@
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
+-	sltu	c_2,c_1,t_2
++	sltu	AT,c_1,t_2
++	daddu	c_2,AT
+ 	dmultu	a_6,b_5		/* mul_add_c(a[6],b[5],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1308,6 +1326,7 @@
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
++	sltu	c_3,c_2,t_2
+ 	dmultu	a_6,b_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1315,7 +1334,8 @@
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
+-	sltu	c_3,c_2,t_2
++	sltu	AT,c_2,t_2
++	daddu	c_3,AT
+ 	dmultu	a_5,b_7		/* mul_add_c(a[5],b[7],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1334,6 +1354,7 @@
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
++	sltu	c_1,c_3,t_2
+ 	dmultu	a_7,b_6		/* mul_add_c(a[7],b[6],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1341,7 +1362,8 @@
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
++	sltu	AT,c_3,t_2
++	daddu	c_1,AT
+ 	sd	c_2,104(a0)	/* r[13]=c2; */
+ 
+ 	dmultu	a_7,b_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+@@ -1430,6 +1452,7 @@
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
++	sltu	c_3,c_2,t_2
+ 	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1437,7 +1460,8 @@
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
+-	sltu	c_3,c_2,t_2
++	sltu	AT,c_2,t_2
++	daddu	c_3,AT
+ 	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1465,6 +1489,7 @@
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
++	sltu	c_1,c_3,t_2
+ 	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1472,7 +1497,8 @@
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
++	sltu	AT,c_3,t_2
++	daddu	c_1,AT
+ 	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1491,6 +1517,7 @@
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
++	sltu	c_2,c_1,t_2
+ 	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1498,7 +1525,8 @@
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
+-	sltu	c_2,c_1,t_2
++	sltu	AT,c_1,t_2
++	daddu	c_2,AT
+ 	sd	c_3,40(a0)
+ 
+ 	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+@@ -1543,28 +1571,30 @@
+ 	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
++	slt	c_1,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	c_3,t_2,AT
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	t_2,AT
+-	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
+ 	sd	c_2,8(a0)
+ 
+ 	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
++	slt	c_2,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
+-	sltu	c_2,c_1,t_2
++	sltu	AT,c_1,t_2
++	daddu	c_2,AT
+ 	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1579,24 +1609,26 @@
+ 	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
++	slt	c_3,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
+-	sltu	c_3,c_2,t_2
++	sltu	AT,c_2,t_2
++	daddu	c_3,AT
+ 	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
+-	sltu	AT,c_2,a2
++	slt	AT,t_2,zero
+ 	daddu	c_3,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+@@ -1608,24 +1640,26 @@
+ 	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_3,a2
++	slt	c_1,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
++	sltu	AT,c_3,t_2
++	daddu	c_1,AT
+ 	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_3,a2
+-	sltu	AT,c_3,a2
++	slt	AT,t_2,zero
+ 	daddu	c_1,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+@@ -1646,24 +1680,26 @@
+ 	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
++	slt	c_2,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
+-	sltu	c_2,c_1,t_2
++	sltu	AT,c_1,t_2
++	daddu	c_2,AT
+ 	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
+-	sltu	AT,c_1,a2
++	slt	AT,t_2,zero
+ 	daddu	c_2,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+@@ -1673,12 +1709,12 @@
+ 	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
+-	sltu	AT,c_1,a2
++	slt	AT,t_2,zero
+ 	daddu	c_2,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+@@ -1690,24 +1726,26 @@
+ 	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
++	slt	c_3,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
+-	sltu	c_3,c_2,t_2
++	sltu	AT,c_2,t_2
++	daddu	c_3,AT
+ 	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
+-	sltu	AT,c_2,a2
++	slt	AT,t_2,zero
+ 	daddu	c_3,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+@@ -1717,12 +1755,12 @@
+ 	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
+-	sltu	AT,c_2,a2
++	slt	AT,t_2,zero
+ 	daddu	c_3,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+@@ -1743,24 +1781,26 @@
+ 	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_3,a2
++	slt	c_1,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
++	sltu	AT,c_3,t_2
++	daddu	c_1,AT
+ 	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_3,a2
+-	sltu	AT,c_3,a2
++	slt	AT,t_2,zero
+ 	daddu	c_1,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+@@ -1770,12 +1810,12 @@
+ 	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_3,a2
+-	sltu	AT,c_3,a2
++	slt	AT,t_2,zero
+ 	daddu	c_1,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+@@ -1785,12 +1825,12 @@
+ 	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_3,a2
+-	sltu	AT,c_3,a2
++	slt	AT,t_2,zero
+ 	daddu	c_1,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+@@ -1802,24 +1842,26 @@
+ 	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
++	slt	c_2,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
+-	sltu	c_2,c_1,t_2
++	sltu	AT,c_1,t_2
++	daddu	c_2,AT
+ 	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
+-	sltu	AT,c_1,a2
++	slt	AT,t_2,zero
+ 	daddu	c_2,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+@@ -1829,12 +1871,12 @@
+ 	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
+-	sltu	AT,c_1,a2
++	slt	AT,t_2,zero
+ 	daddu	c_2,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+@@ -1855,24 +1897,26 @@
+ 	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
++	slt	c_3,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
+-	sltu	c_3,c_2,t_2
++	sltu	AT,c_2,t_2
++	daddu	c_3,AT
+ 	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
+-	sltu	AT,c_2,a2
++	slt	AT,t_2,zero
+ 	daddu	c_3,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+@@ -1882,12 +1926,12 @@
+ 	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
+-	sltu	AT,c_2,a2
++	slt	AT,t_2,zero
+ 	daddu	c_3,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+@@ -1899,24 +1943,26 @@
+ 	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_3,a2
++	slt	c_1,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
++	sltu	AT,c_3,t_2
++	daddu	c_1,AT
+ 	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_3,a2
+-	sltu	AT,c_3,a2
++	slt	AT,t_2,zero
+ 	daddu	c_1,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+@@ -1937,24 +1983,26 @@
+ 	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
++	slt	c_2,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
+-	sltu	c_2,c_1,t_2
++	sltu	AT,c_1,t_2
++	daddu	c_2,AT
+ 	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
+-	sltu	AT,c_1,a2
++	slt	AT,t_2,zero
+ 	daddu	c_2,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+@@ -1966,15 +2014,17 @@
+ 	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
++	slt	c_3,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
+-	sltu	c_3,c_2,t_2
++	sltu	AT,c_2,t_2
++	daddu	c_3,AT
+ 	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -1989,15 +2039,17 @@
+ 	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_3,a2
++	slt	c_1,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
++	sltu	AT,c_3,t_2
++	daddu	c_1,AT
+ 	sd	c_2,104(a0)
+ 
+ 	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+@@ -2028,28 +2080,30 @@
+ 	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
++	slt	c_1,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	c_3,t_2,AT
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	t_2,AT
+-	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
+ 	sd	c_2,8(a0)
+ 
+ 	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
++	slt	c_2,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
+-	sltu	c_2,c_1,t_2
++	sltu	AT,c_1,t_2
++	daddu	c_2,AT
+ 	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -2064,24 +2118,26 @@
+ 	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
++	slt	c_3,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_2,t_2
+-	sltu	c_3,c_2,t_2
++	sltu	AT,c_2,t_2
++	daddu	c_3,AT
+ 	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_1,t_1
+-	sltu	AT,c_1,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_2,a2
+-	sltu	AT,c_2,a2
++	slt	AT,t_2,zero
+ 	daddu	c_3,AT
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_1,t_1
+ 	sltu	AT,c_1,t_1
+ 	daddu	t_2,AT
+@@ -2093,15 +2149,17 @@
+ 	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_2,t_1
+-	sltu	AT,c_2,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_3,a2
++	slt	c_1,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_2,t_1
+ 	sltu	AT,c_2,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_3,t_2
+-	sltu	c_1,c_3,t_2
++	sltu	AT,c_3,t_2
++	daddu	c_1,AT
+ 	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+ 	mflo	t_1
+ 	mfhi	t_2
+@@ -2116,15 +2174,17 @@
+ 	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+ 	mflo	t_1
+ 	mfhi	t_2
+-	daddu	c_3,t_1
+-	sltu	AT,c_3,t_1
+-	daddu	a2,t_2,AT
+-	daddu	c_1,a2
++	slt	c_2,t_2,zero
++	dsll	t_2,1
++	slt	a2,t_1,zero
++	daddu	t_2,a2
++	dsll	t_1,1
+ 	daddu	c_3,t_1
+ 	sltu	AT,c_3,t_1
+ 	daddu	t_2,AT
+ 	daddu	c_1,t_2
+-	sltu	c_2,c_1,t_2
++	sltu	AT,c_1,t_2
++	daddu	c_2,AT
+ 	sd	c_3,40(a0)
+ 
+ 	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+cvs diff: Diffing crypto/openssl/crypto/bn/asm/alpha
+cvs diff: Diffing crypto/openssl/crypto/bn/asm/alpha.works
+cvs diff: Diffing crypto/openssl/crypto/bn/asm/x86
+cvs diff: Diffing crypto/openssl/crypto/bn/old
+Index: crypto/openssl/crypto/bn/old/b_sqr.c
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/b_sqr.c
+diff -N crypto/openssl/crypto/bn/old/b_sqr.c
+--- crypto/openssl/crypto/bn/old/b_sqr.c	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,199 +0,0 @@
+-/* crypto/bn/bn_mul.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include "bn_lcl.h"
+-
+-static int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
+-
+-/* r must be different to a and b */
+-/* int BN_mmul(r, a, b) */
+-int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b)
+-	{
+-	BN_ULONG *ap,*bp,*rp;
+-	BIGNUM *sk;
+-	int i,n,ret;
+-	int max,al,bl;
+-	BN_CTX ctx;
+-
+-	bn_check_top(a);
+-	bn_check_top(b);
+-
+-	al=a->top;
+-	bl=b->top;
+-	if ((al == 0) || (bl == 0))
+-		{
+-		r->top=0;
+-		return(1);
+-		}
+-#ifdef BN_MUL_DEBUG
+-printf("BN_mul(%d,%d)\n",a->top,b->top);
+-#endif
+-
+-	if (	(bn_limit_bits > 0) &&
+-		(bl > bn_limit_num) && (al > bn_limit_num))
+-		{
+-		n=(BN_num_bits_word(al|bl)-bn_limit_bits);
+-		n*=2;
+-		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
+-		memset(sk,0,sizeof(BIGNUM)*n);
+-		memset(&ctx,0,sizeof(ctx));
+-
+-		ret=bn_mm(r,a,b,&(sk[0]),&ctx);
+-		for (i=0; i<n; i+=2)
+-			{
+-			BN_clear_free(&sk[i]);
+-			BN_clear_free(&sk[i+1]);
+-			}
+-		Free(sk);
+-		return(ret);
+-		}
+-
+-	max=(al+bl);
+-	if (bn_wexpand(r,max) == NULL) return(0);
+-	r->top=max;
+-	r->neg=a->neg^b->neg;
+-	ap=a->d;
+-	bp=b->d;
+-	rp=r->d;
+-
+-	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
+-	rp++;
+-	for (i=1; i<bl; i++)
+-		{
+-		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
+-		rp++;
+-		}
+-	if ((max > 0) && (r->d[max-1] == 0)) r->top--;
+-	return(1);
+-	}
+-
+-
+-#define ahal	(sk[0])
+-#define blbh	(sk[1])
+-
+-/* r must be different to a and b */
+-int bn_mm(BIGNUM *m, BIGNUM *A, BIGNUM *B, BIGNUM *sk, BN_CTX *ctx)
+-	{
+-	int n,num,sqr=0;
+-	int an,bn;
+-	BIGNUM ah,al,bh,bl;
+-
+-	an=A->top;
+-	bn=B->top;
+-#ifdef BN_MUL_DEBUG
+-printf("bn_mm(%d,%d)\n",A->top,B->top);
+-#endif
+-
+-	if (A == B) sqr=1;
+-	num=(an>bn)?an:bn;
+-	n=(num+1)/2;
+-	/* Are going to now chop things into 'num' word chunks. */
+-
+-	BN_init(&ah);
+-	BN_init(&al);
+-	BN_init(&bh);
+-	BN_init(&bl);
+-
+-	bn_set_low (&al,A,n);
+-	bn_set_high(&ah,A,n);
+-	bn_set_low (&bl,B,n);
+-	bn_set_high(&bh,B,n);
+-
+-	BN_sub(&ahal,&ah,&al);
+-	BN_sub(&blbh,&bl,&bh);
+-
+-	if (num <= (bn_limit_num+bn_limit_num))
+-		{
+-		BN_mul(m,&ahal,&blbh);
+-		if (sqr)
+-			{
+-			BN_sqr(&ahal,&al,ctx);
+-			BN_sqr(&blbh,&ah,ctx);
+-			}
+-		else
+-			{
+-			BN_mul(&ahal,&al,&bl);
+-			BN_mul(&blbh,&ah,&bh);
+-			}
+-		}
+-	else
+-		{
+-		bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
+-		bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
+-		bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
+-		}
+-
+-	BN_add(m,m,&ahal);
+-	BN_add(m,m,&blbh);
+-
+-	BN_lshift(m,m,n*BN_BITS2);
+-	BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
+-
+-	BN_add(m,m,&ahal);
+-	BN_add(m,m,&blbh);
+-
+-	m->neg=A->neg^B->neg;
+-	return(1);
+-	}
+-#undef ahal	(sk[0])
+-#undef blbh	(sk[1])
+-
+-#include "bn_low.c"
+-#include "bn_high.c"
+Index: crypto/openssl/crypto/bn/old/bn_com.c
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/bn_com.c
+diff -N crypto/openssl/crypto/bn/old/bn_com.c
+--- crypto/openssl/crypto/bn/old/bn_com.c	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,90 +0,0 @@
+-/* crypto/bn/bn_mulw.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include "bn_lcl.h"
+-
+-#ifdef BN_LLONG 
+-
+-ab
+-12
+-   a2 b2
+-a1 b1
+-
+-abc
+-123
+-      a3 b3 c3
+-   a2 b2 c2
+-a1 b1 c1
+-
+-abcd
+-1234
+-         a4 b4 c4 d4
+-      a3 b3 c3 d3
+-   a2 b2 c2 d2
+-a1 b1 c1 d1
+-
+-abcde
+-01234
+-               a5 b5 c5 d5 e5
+-            a4 b4 c4 d4 e4
+-         a3 b3 c3 d3 e3
+-      a2 b2 c2 d2 e2
+-   a1 b1 c1 d1 e1
+-a0 b0 c0 d0 e0
+Index: crypto/openssl/crypto/bn/old/bn_high.c
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/bn_high.c
+diff -N crypto/openssl/crypto/bn/old/bn_high.c
+--- crypto/openssl/crypto/bn/old/bn_high.c	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,135 +0,0 @@
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include "bn_lcl.h"
+-
+-#undef BN_MUL_HIGH_DEBUG
+-
+-#ifdef BN_MUL_HIGH_DEBUG
+-#define debug_BN_print(a,b,c) BN_print_fp(a,b); printf(c);
+-#else
+-#define debug_BN_print(a,b,c)
+-#endif
+-
+-int BN_mul_high(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *low, int words);
+-
+-#undef t1
+-#undef t2
+-
+-int BN_mul_high(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *low, int words)
+-	{
+-	int w2,borrow=0,full=0;
+-	BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
+-	BN_ULONG ul1,ul2;
+-	
+-	BN_mul(r,a,b);
+-	BN_rshift(r,r,words*BN_BITS2);
+-	return(1);
+-
+-	w2=(words+1)/2;
+-
+-#ifdef BN_MUL_HIGH_DEBUG
+-fprintf(stdout,"words=%d w2=%d\n",words,w2);
+-#endif
+-debug_BN_print(stdout,a," a\n");
+-debug_BN_print(stdout,b," b\n");
+-debug_BN_print(stdout,low," low\n");
+-	BN_init(&al); BN_init(&ah);
+-	BN_init(&bl); BN_init(&bh);
+-	BN_init(&t1); BN_init(&t2); BN_init(&t3);
+-	BN_init(&s0); BN_init(&s1);
+-	BN_init(&h); BN_init(&m);
+-
+-	bn_set_low (&al,a,w2);
+-	bn_set_high(&ah,a,w2);
+-	bn_set_low (&bl,b,w2);
+-	bn_set_high(&bh,b,w2);
+-
+-	bn_set_low(&s0,low,w2);
+-	bn_set_high(&s1,low,w2);
+-
+-debug_BN_print(stdout,&al," al\n");
+-debug_BN_print(stdout,&ah," ah\n");
+-debug_BN_print(stdout,&bl," bl\n");
+-debug_BN_print(stdout,&bh," bh\n");
+-debug_BN_print(stdout,&s0," s0\n");
+-debug_BN_print(stdout,&s1," s1\n");
+-
+-	/* Calculate (al-ah)*(bh-bl) */
+-	BN_sub(&t1,&al,&ah);
+-	BN_sub(&t2,&bh,&bl);
+-	BN_mul(&m,&t1,&t2);
+-
+-	/* Calculate ah*bh */
+-	BN_mul(&h,&ah,&bh);
+-
+-	/* s0 == low(al*bl)
+-	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+-	 * We know s0 and s1 so the only unknown is high(al*bl)
+-	 * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
+-	 */
+-	BN_add(&m,&m,&h);
+-	BN_add(&t2,&m,&s0);
+-
+-debug_BN_print(stdout,&t2," middle value\n");
+-
+-	/* Quick and dirty mask off of high words */
+-	if (w2 < t2.top) t2.top=w2;
+-#if 0
+-	bn_set_low(&t3,&t2,w2);
+-#endif
+-
+-debug_BN_print(stdout,&t2," low middle value\n");
+-	BN_sub(&t1,&s1,&t2);
+-
+-	if (t1.neg)
+-		{
+-debug_BN_print(stdout,&t1," before\n");
+-		BN_zero(&t2);
+-		BN_set_bit(&t2,w2*BN_BITS2);
+-		BN_add(&t1,&t2,&t1);
+-		/* BN_mask_bits(&t1,w2*BN_BITS2); */
+-		/* if (words < t1.top) t1.top=words; */
+-debug_BN_print(stdout,&t1," after\n");
+-		borrow=1;
+-		}
+-
+-/* XXXXX SPEED THIS UP */
+-	/* al*bl == high(al*bl)<<words+s0 */
+-	BN_lshift(&t1,&t1,w2*BN_BITS2);
+-	BN_add(&t1,&t1,&s0);
+-	if (w2*2 < t1.top) t1.top=w2*2; /* This should not happen? */
+-	
+-	/* We now have
+-	 * al*bl			- t1
+-	 * (al-ah)*(bh-bl)+ah*bh	- m
+-	 * ah*bh			- h
+-	 */
+-#if 0
+-	BN_add(&m,&m,&t1);
+-debug_BN_print(stdout,&t1," s10\n");
+-debug_BN_print(stdout,&m," s21\n");
+-debug_BN_print(stdout,&h," s32\n");
+-	BN_lshift(&m,&m,w2*BN_BITS2);
+-	BN_lshift(&h,&h,w2*2*BN_BITS2);
+-	BN_add(r,&m,&t1);
+-	BN_add(r,r,&h);
+-	BN_rshift(r,r,w2*2*BN_BITS2);
+-#else
+-	BN_add(&m,&m,&t1); 		/* Do a cmp then +1 if needed? */
+-	bn_set_high(&t3,&t1,w2);
+-	BN_add(&m,&m,&t3);
+-	bn_set_high(&t3,&m,w2);
+-	BN_add(r,&h,&t3);
+-#endif
+-
+-#ifdef BN_MUL_HIGH_DEBUG
+-printf("carry=%d\n",borrow);
+-#endif
+-debug_BN_print(stdout,r," ret\n");
+-	BN_free(&t1); BN_free(&t2);
+-	BN_free(&m); BN_free(&h);
+-	return(1);
+-	}
+-
+-
+-
+Index: crypto/openssl/crypto/bn/old/bn_ka.c
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/bn_ka.c
+diff -N crypto/openssl/crypto/bn/old/bn_ka.c
+--- crypto/openssl/crypto/bn/old/bn_ka.c	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,567 +0,0 @@
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <strings.h>
+-#include "bn_lcl.h"
+-
+-/* r is 2*n2 words in size,
+- * a and b are both n2 words in size.
+- * n2 must be a power of 2.
+- * We multiply and return the result.
+- * t must be 2*n2 words in size
+- * We calulate
+- * a[0]*b[0]
+- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+- * a[1]*b[1]
+- */
+-void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+-	     BN_ULONG *t)
+-	{
+-	int n=n2/2;
+-	int neg,zero,c1,c2;
+-	BN_ULONG ln,lo,*p;
+-
+-#ifdef BN_COUNT
+-printf(" bn_mul_recursive %d * %d\n",n2,n2);
+-#endif
+-	if (n2 <= 8)
+-		{
+-		if (n2 == 8)
+-			bn_mul_comba8(r,a,b);
+-		else
+-			bn_mul_normal(r,a,n2,b,n2);
+-		return;
+-		}
+-
+-	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
+-		{
+-		/* This should not happen */
+-		/*abort(); */
+-		bn_mul_normal(r,a,n2,b,n2);
+-		return;
+-		}
+-	/* r=(a[0]-a[1])*(b[1]-b[0]) */
+-	c1=bn_cmp_words(a,&(a[n]),n);
+-	c2=bn_cmp_words(&(b[n]),b,n);
+-	zero=neg=0;
+-	switch (c1*3+c2)
+-		{
+-	case -4:
+-		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+-		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+-		break;
+-	case -3:
+-		zero=1;
+-		break;
+-	case -2:
+-		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+-		bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
+-		neg=1;
+-		break;
+-	case -1:
+-	case 0:
+-	case 1:
+-		zero=1;
+-		break;
+-	case 2:
+-		bn_sub_words(t,      a,      &(a[n]),n); /* + */
+-		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+-		neg=1;
+-		break;
+-	case 3:
+-		zero=1;
+-		break;
+-	case 4:
+-		bn_sub_words(t,      a,      &(a[n]),n);
+-		bn_sub_words(&(t[n]),&(b[n]),b,      n);
+-		break;
+-		}
+-
+-	if (n == 8)
+-		{
+-		if (!zero)
+-			bn_mul_comba8(&(t[n2]),t,&(t[n]));
+-		else
+-			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
+-		
+-		bn_mul_comba8(r,a,b);
+-		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
+-		}
+-	else
+-		{
+-		p= &(t[n2*2]);
+-		if (!zero)
+-			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+-		else
+-			memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+-		bn_mul_recursive(r,a,b,n,p);
+-		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
+-		}
+-
+-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+-	 * r[10] holds (a[0]*b[0])
+-	 * r[32] holds (b[1]*b[1])
+-	 */
+-
+-	c1=bn_add_words(t,r,&(r[n2]),n2);
+-
+-	if (neg) /* if t[32] is negative */
+-		{
+-		c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+-		}
+-	else
+-		{
+-		/* Might have a carry */
+-		c1+=bn_add_words(&(t[n2]),&(t[n2]),t,n2);
+-		}
+-
+-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+-	 * r[10] holds (a[0]*b[0])
+-	 * r[32] holds (b[1]*b[1])
+-	 * c1 holds the carry bits
+-	 */
+-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+-	if (c1)
+-		{
+-		p= &(r[n+n2]);
+-		lo= *p;
+-		ln=(lo+c1)&BN_MASK2;
+-		*p=ln;
+-
+-		/* The overflow will stop before we over write
+-		 * words we should not overwrite */
+-		if (ln < c1)
+-			{
+-			do	{
+-				p++;
+-				lo= *p;
+-				ln=(lo+1)&BN_MASK2;
+-				*p=ln;
+-				} while (ln == 0);
+-			}
+-		}
+-	}
+-
+-/* n+tn is the word length
+- * t needs to be n*4 is size, as does r */
+-void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
+-	     int n, BN_ULONG *t)
+-	{
+-	int n2=n*2,i,j;
+-	int c1;
+-	BN_ULONG ln,lo,*p;
+-
+-#ifdef BN_COUNT
+-printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
+-#endif
+-	if (n < 8)
+-		{
+-		i=tn+n;
+-		bn_mul_normal(r,a,i,b,i);
+-		return;
+-		}
+-
+-	/* r=(a[0]-a[1])*(b[1]-b[0]) */
+-	bn_sub_words(t,      a,      &(a[n]),n); /* + */
+-	bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+-
+-	if (n == 8)
+-		{
+-		bn_mul_comba8(&(t[n2]),t,&(t[n]));
+-		bn_mul_comba8(r,a,b);
+-		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+-		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
+-		}
+-	else
+-		{
+-		p= &(t[n2*2]);
+-		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+-		bn_mul_recursive(r,a,b,n,p);
+-		i=n/2;
+-		/* If there is only a bottom half to the number,
+-		 * just do it */
+-		j=tn-i;
+-		if (j == 0)
+-			{
+-			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
+-			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
+-			}
+-		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
+-				{
+-				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
+-					j,i,p);
+-				memset(&(r[n2+tn*2]),0,
+-					sizeof(BN_ULONG)*(n2-tn*2));
+-				}
+-		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+-			{
+-			memset(&(r[n2]),0,sizeof(BN_ULONG)*(tn*2));
+-			for (;;)
+-				{
+-				i/=2;
+-				if (i < tn)
+-					{
+-					bn_mul_part_recursive(&(r[n2]),
+-						&(a[n]),&(b[n]),
+-						tn-i,i,p);
+-					break;
+-					}
+-				else if (i == tn)
+-					{
+-					bn_mul_recursive(&(r[n2]),
+-						&(a[n]),&(b[n]),
+-						i,p);
+-					break;
+-					}
+-				}
+-			}
+-		}
+-
+-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+-	 * r[10] holds (a[0]*b[0])
+-	 * r[32] holds (b[1]*b[1])
+-	 */
+-
+-	c1=bn_add_words(t,r,&(r[n2]),n2);
+-	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+-
+-	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+-	 * r[10] holds (a[0]*b[0])
+-	 * r[32] holds (b[1]*b[1])
+-	 * c1 holds the carry bits
+-	 */
+-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+-	if (c1)
+-		{
+-		p= &(r[n+n2]);
+-		lo= *p;
+-		ln=(lo+c1)&BN_MASK2;
+-		*p=ln;
+-
+-		/* The overflow will stop before we over write
+-		 * words we should not overwrite */
+-		if (ln < c1)
+-			{
+-			do	{
+-				p++;
+-				lo= *p;
+-				ln=(lo+1)&BN_MASK2;
+-				*p=ln;
+-				} while (ln == 0);
+-			}
+-		}
+-	}
+-
+-/* r is 2*n words in size,
+- * a and b are both n words in size.
+- * n must be a power of 2.
+- * We multiply and return the result.
+- * t must be 2*n words in size
+- * We calulate
+- * a[0]*b[0]
+- * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+- * a[1]*b[1]
+- */
+-void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *t)
+-	{
+-	int n=n2/2;
+-	int zero,c1;
+-	BN_ULONG ln,lo,*p;
+-
+-#ifdef BN_COUNT
+-printf(" bn_sqr_recursive %d * %d\n",n2,n2);
+-#endif
+-	if (n2 == 4)
+-		{
+-		bn_sqr_comba4(r,a);
+-		return;
+-		}
+-	else if (n2 == 8)
+-		{
+-		bn_sqr_comba8(r,a);
+-		return;
+-		}
+-	if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
+-		{
+-		bn_sqr_normal(r,a,n2,t);
+-		return;
+-		abort();
+-		}
+-	/* r=(a[0]-a[1])*(a[1]-a[0]) */
+-	c1=bn_cmp_words(a,&(a[n]),n);
+-	zero=0;
+-	if (c1 > 0)
+-		bn_sub_words(t,a,&(a[n]),n);
+-	else if (c1 < 0)
+-		bn_sub_words(t,&(a[n]),a,n);
+-	else
+-		zero=1;
+-
+-	/* The result will always be negative unless it is zero */
+-
+-	if (n == 8)
+-		{
+-		if (!zero)
+-			bn_sqr_comba8(&(t[n2]),t);
+-		else
+-			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
+-		
+-		bn_sqr_comba8(r,a);
+-		bn_sqr_comba8(&(r[n2]),&(a[n]));
+-		}
+-	else
+-		{
+-		p= &(t[n2*2]);
+-		if (!zero)
+-			bn_sqr_recursive(&(t[n2]),t,n,p);
+-		else
+-			memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+-		bn_sqr_recursive(r,a,n,p);
+-		bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+-		}
+-
+-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+-	 * r[10] holds (a[0]*b[0])
+-	 * r[32] holds (b[1]*b[1])
+-	 */
+-
+-	c1=bn_add_words(t,r,&(r[n2]),n2);
+-
+-	/* t[32] is negative */
+-	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+-
+-	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+-	 * r[10] holds (a[0]*a[0])
+-	 * r[32] holds (a[1]*a[1])
+-	 * c1 holds the carry bits
+-	 */
+-	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+-	if (c1)
+-		{
+-		p= &(r[n+n2]);
+-		lo= *p;
+-		ln=(lo+c1)&BN_MASK2;
+-		*p=ln;
+-
+-		/* The overflow will stop before we over write
+-		 * words we should not overwrite */
+-		if (ln < c1)
+-			{
+-			do	{
+-				p++;
+-				lo= *p;
+-				ln=(lo+1)&BN_MASK2;
+-				*p=ln;
+-				} while (ln == 0);
+-			}
+-		}
+-	}
+-
+-#if 1
+-/* a and b must be the same size, which is n2.
+- * r needs to be n2 words and t needs to be n2*2
+- */
+-void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+-	     BN_ULONG *t)
+-	{
+-	int n=n2/2;
+-
+-#ifdef BN_COUNT
+-printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
+-#endif
+-
+-	bn_mul_recursive(r,a,b,n,&(t[0]));
+-	if (n > BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
+-		{
+-		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
+-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+-		bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
+-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+-		}
+-	else
+-		{
+-		bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
+-		bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
+-		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+-		bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
+-		}
+-	}
+-
+-/* a and b must be the same size, which is n2.
+- * r needs to be n2 words and t needs to be n2*2
+- * l is the low words of the output.
+- * t needs to be n2*3
+- */
+-void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+-	     BN_ULONG *t)
+-	{
+-	int j,i,n,c1,c2;
+-	int neg,oneg,zero;
+-	BN_ULONG ll,lc,*lp,*mp;
+-
+-#ifdef BN_COUNT
+-printf(" bn_mul_high %d * %d\n",n2,n2);
+-#endif
+-	n=(n2+1)/2;
+-
+-	/* Calculate (al-ah)*(bh-bl) */
+-	neg=zero=0;
+-	c1=bn_cmp_words(&(a[0]),&(a[n]),n);
+-	c2=bn_cmp_words(&(b[n]),&(b[0]),n);
+-	switch (c1*3+c2)
+-		{
+-	case -4:
+-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+-		break;
+-	case -3:
+-		zero=1;
+-		break;
+-	case -2:
+-		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+-		neg=1;
+-		break;
+-	case -1:
+-	case 0:
+-	case 1:
+-		zero=1;
+-		break;
+-	case 2:
+-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+-		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+-		neg=1;
+-		break;
+-	case 3:
+-		zero=1;
+-		break;
+-	case 4:
+-		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+-		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+-		break;
+-		}
+-		
+-	oneg=neg;
+-	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
+-	bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
+-	/* r[10] = (a[1]*b[1]) */
+-	bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
+-
+-	/* s0 == low(al*bl)
+-	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+-	 * We know s0 and s1 so the only unknown is high(al*bl)
+-	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
+-	 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
+-	 */
+-	if (l != NULL)
+-		{
+-		lp= &(t[n2+n]);
+-		c1=bn_add_words(lp,&(r[0]),&(l[0]),n);
+-		}
+-	else
+-		{
+-		c1=0;
+-		lp= &(r[0]);
+-		}
+-
+-	if (neg)
+-		neg=bn_sub_words(&(t[n2]),lp,&(t[0]),n);
+-	else
+-		{
+-		bn_add_words(&(t[n2]),lp,&(t[0]),n);
+-		neg=0;
+-		}
+-
+-	if (l != NULL)
+-		{
+-		bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
+-		}
+-	else
+-		{
+-		lp= &(t[n2+n]);
+-		mp= &(t[n2]);
+-		for (i=0; i<n; i++)
+-			lp[i]=((~mp[i])+1)&BN_MASK2;
+-		}
+-
+-	/* s[0] = low(al*bl)
+-	 * t[3] = high(al*bl)
+-	 * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
+-	 * r[10] = (a[1]*b[1])
+-	 */
+-	/* R[10] = al*bl
+-	 * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
+-	 * R[32] = ah*bh
+-	 */
+-	/* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
+-	 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
+-	 * R[3]=r[1]+(carry/borrow)
+-	 */
+-	if (l != NULL)
+-		{
+-		lp= &(t[n2]);
+-		c1= bn_add_words(lp,&(t[n2+n]),&(l[0]),n);
+-		}
+-	else
+-		{
+-		lp= &(t[n2+n]);
+-		c1=0;
+-		}
+-	c1+=bn_add_words(&(t[n2]),lp,  &(r[0]),n);
+-	if (oneg)
+-		c1-=bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n);
+-	else
+-		c1+=bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n);
+-
+-	c2 =bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n);
+-	c2+=bn_add_words(&(r[0]),&(r[0]),&(r[n]),n);
+-	if (oneg)
+-		c2-=bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n);
+-	else
+-		c2+=bn_add_words(&(r[0]),&(r[0]),&(t[n]),n);
+-	
+-	if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
+-		{
+-		i=0;
+-		if (c1 > 0)
+-			{
+-			lc=c1;
+-			do	{
+-				ll=(r[i]+lc)&BN_MASK2;
+-				r[i++]=ll;
+-				lc=(lc > ll);
+-				} while (lc);
+-			}
+-		else
+-			{
+-			lc= -c1;
+-			do	{
+-				ll=r[i];
+-				r[i++]=(ll-lc)&BN_MASK2;
+-				lc=(lc > ll);
+-				} while (lc);
+-			}
+-		}
+-	if (c2 != 0) /* Add starting at r[1] */
+-		{
+-		i=n;
+-		if (c2 > 0)
+-			{
+-			lc=c2;
+-			do	{
+-				ll=(r[i]+lc)&BN_MASK2;
+-				r[i++]=ll;
+-				lc=(lc > ll);
+-				} while (lc);
+-			}
+-		else
+-			{
+-			lc= -c2;
+-			do	{
+-				ll=r[i];
+-				r[i++]=(ll-lc)&BN_MASK2;
+-				lc=(lc > ll);
+-				} while (lc);
+-			}
+-		}
+-	}
+-#endif
+Index: crypto/openssl/crypto/bn/old/bn_low.c
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/bn_low.c
+diff -N crypto/openssl/crypto/bn/old/bn_low.c
+--- crypto/openssl/crypto/bn/old/bn_low.c	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,194 +0,0 @@
+-/* crypto/bn/bn_mul.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include "bn_lcl.h"
+-
+-static int bn_mm_low(BIGNUM *m,BIGNUM *A,BIGNUM *B, int num,
+-		BIGNUM *sk,BN_CTX *ctx);
+-int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b,int words);
+-
+-/* r must be different to a and b */
+-int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b, int num)
+-	{
+-	BN_ULONG *ap,*bp,*rp;
+-	BIGNUM *sk;
+-	int j,i,n,ret;
+-	int max,al,bl;
+-	BN_CTX ctx;
+-
+-	bn_check_top(a);
+-	bn_check_top(b);
+-
+-#ifdef BN_MUL_DEBUG
+-printf("BN_mul_low(%d,%d,%d)\n",a->top,b->top,num);
+-#endif
+-
+-	al=a->top;
+-	bl=b->top;
+-	if ((al == 0) || (bl == 0))
+-		{
+-		r->top=0;
+-		return(1);
+-		}
+-
+-	if ((bn_limit_bits_low > 0) && (num > bn_limit_num_low))
+-		{
+-		n=BN_num_bits_word(num*2)-bn_limit_bits_low;
+-		n*=2;
+-		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
+-		memset(sk,0,sizeof(BIGNUM)*n);
+-		memset(&ctx,0,sizeof(ctx));
+-
+-		ret=bn_mm_low(r,a,b,num,&(sk[0]),&ctx);
+-		for (i=0; i<n; i+=2)
+-			{
+-			BN_clear_free(&sk[i]);
+-			BN_clear_free(&sk[i+1]);
+-			}
+-		Free(sk);
+-		return(ret);
+-		}
+-
+-	max=(al+bl);
+-	if (bn_wexpand(r,max) == NULL) return(0);
+-	r->neg=a->neg^b->neg;
+-	ap=a->d;
+-	bp=b->d;
+-	rp=r->d;
+-	r->top=(max > num)?num:max;
+-
+-	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
+-	rp++;
+-	j=bl;
+-	for (i=1; i<j; i++)
+-		{
+-		if (al >= num--)
+-			{
+-			al--;
+-			if (al <= 0) break;
+-			}
+-		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
+-		rp++;
+-		}
+-	
+-	while ((r->top > 0) && (r->d[r->top-1] == 0))
+-		r->top--;
+-	return(1);
+-	}
+-
+-
+-#define t1	(sk[0])
+-#define t2	(sk[1])
+-
+-/* r must be different to a and b */
+-int bn_mm_low(BIGNUM *m, BIGNUM *A, BIGNUM *B, int num, BIGNUM *sk,
+-	     BN_CTX *ctx)
+-	{
+-	int n; /* ,sqr=0; */
+-	int an,bn;
+-	BIGNUM ah,al,bh,bl;
+-
+-	bn_wexpand(m,num+3);
+-	an=A->top;
+-	bn=B->top;
+-
+-#ifdef BN_MUL_DEBUG
+-printf("bn_mm_low(%d,%d,%d)\n",A->top,B->top,num);
+-#endif
+-
+-	n=(num+1)/2;
+-
+-	BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl);
+-
+-	bn_set_low( &al,A,n);
+-	bn_set_high(&ah,A,n);
+-	bn_set_low( &bl,B,n);
+-	bn_set_high(&bh,B,n);
+-
+-	if (num <= (bn_limit_num_low+bn_limit_num_low))
+-		{
+-		BN_mul(m,&al,&bl);
+-		BN_mul_low(&t1,&al,&bh,n);
+-		BN_mul_low(&t2,&ah,&bl,n);
+-		}
+-	else
+-		{
+-		bn_mm(m  ,&al,&bl,&(sk[2]),ctx);
+-		bn_mm_low(&t1,&al,&bh,n,&(sk[2]),ctx);
+-		bn_mm_low(&t2,&ah,&bl,n,&(sk[2]),ctx);
+-		}
+-
+-	BN_add(&t1,&t1,&t2);
+-
+-	/* We will now do an evil hack instead of
+-	 * BN_lshift(&t1,&t1,n*BN_BITS2);
+-	 * BN_add(m,m,&t1);
+-	 * BN_mask_bits(m,num*BN_BITS2);
+-	 */
+-	bn_set_high(&ah,m,n); ah.max=num+2;
+-	BN_add(&ah,&ah,&t1);
+-	m->top=num;
+-
+-	m->neg=A->neg^B->neg;
+-	return(1);
+-	}
+-
+-#undef t1	(sk[0])
+-#undef t2	(sk[1])
+Index: crypto/openssl/crypto/bn/old/bn_m.c
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/bn_m.c
+diff -N crypto/openssl/crypto/bn/old/bn_m.c
+--- crypto/openssl/crypto/bn/old/bn_m.c	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,139 +0,0 @@
+-/* crypto/bn/bn_m.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#include <stdio.h>
+-/*#include "cryptlib.h"*/
+-#include "bn_lcl.h"
+-
+-#define limit_bits 5			/* 2^5, or 32 words */
+-#define limit_num (1<<limit_bits)
+-
+-int BN_m(BIGNUM *r, BIGNUM *a, BIGNUM *b)
+-	{
+-	BIGNUM *sk;
+-	int i,n;
+-
+-	n=(BN_num_bits_word(a->top|b->top)-limit_bits);
+-	n*=2;
+-	sk=(BIGNUM *)malloc(sizeof(BIGNUM)*n);
+-	for (i=0; i<n; i++)
+-		BN_init(&(sk[i]));
+-
+-	return(BN_mm(r,a,b,&(sk[0])));
+-	}
+-
+-#define ahal	(sk[0])
+-#define blbh	(sk[1])
+-
+-/* r must be different to a and b */
+-int BN_mm(BIGNUM *m, BIGNUM *A, BIGNUM *B, BIGNUM *sk)
+-	{
+-	int i,num,anum,bnum;
+-	int an,bn;
+-	BIGNUM ah,al,bh,bl;
+-
+-	an=A->top;
+-	bn=B->top;
+-	if ((an <= limit_num) || (bn <= limit_num))
+-		{
+-		return(BN_mul(m,A,B));
+-		}
+-
+-	anum=(an>bn)?an:bn;
+-	num=(anum)/2;
+-
+-	/* Are going to now chop things into 'num' word chunks. */
+-	bnum=num*BN_BITS2;
+-
+-	BN_init(&ahal);
+-	BN_init(&blbh);
+-	BN_init(&ah);
+-	BN_init(&al);
+-	BN_init(&bh);
+-	BN_init(&bl);
+-
+-	al.top=num;
+-	al.d=A->d;
+-	ah.top=A->top-num;
+-	ah.d= &(A->d[num]);
+-
+-	bl.top=num;
+-	bl.d=B->d;
+-	bh.top=B->top-num;
+-	bh.d= &(B->d[num]);
+-
+-	BN_sub(&ahal,&ah,&al);
+-	BN_sub(&blbh,&bl,&bh);
+-
+-	BN_mm(m,&ahal,&blbh,&(sk[2]));
+-	BN_mm(&ahal,&al,&bl,&(sk[2]));
+-	BN_mm(&blbh,&ah,&bh,&(sk[2]));
+-
+-	BN_add(m,m,&ahal);
+-	BN_add(m,m,&blbh);
+-
+-	BN_lshift(m,m,bnum);
+-	BN_add(m,m,&ahal);
+-
+-	BN_lshift(&blbh,&blbh,bnum*2);
+-	BN_add(m,m,&blbh);
+-
+-	m->neg=A->neg^B->neg;
+-	return(1);
+-	}
+-
+Index: crypto/openssl/crypto/bn/old/bn_mul.c.works
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/bn_mul.c.works
+diff -N crypto/openssl/crypto/bn/old/bn_mul.c.works
+--- crypto/openssl/crypto/bn/old/bn_mul.c.works	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,219 +0,0 @@
+-/* crypto/bn/bn_mul.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include "bn_lcl.h"
+-
+-int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
+-
+-/* r must be different to a and b */
+-int BN_mul(r, a, b)
+-BIGNUM *r;
+-BIGNUM *a;
+-BIGNUM *b;
+-	{
+-	BN_ULONG *ap,*bp,*rp;
+-	BIGNUM *sk;
+-	int i,n,ret;
+-	int max,al,bl;
+-	BN_CTX ctx;
+-
+-	bn_check_top(a);
+-	bn_check_top(b);
+-
+-	al=a->top;
+-	bl=b->top;
+-	if ((al == 0) || (bl == 0))
+-		{
+-		r->top=0;
+-		return(1);
+-		}
+-#ifdef BN_MUL_DEBUG
+-printf("BN_mul(%d,%d)\n",a->top,b->top);
+-#endif
+-
+-#ifdef BN_RECURSION
+-	if (	(bn_limit_bits > 0) &&
+-		(bl > bn_limit_num) && (al > bn_limit_num))
+-		{
+-		n=(BN_num_bits_word(al|bl)-bn_limit_bits);
+-		n*=2;
+-		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
+-		memset(sk,0,sizeof(BIGNUM)*n);
+-		memset(&ctx,0,sizeof(ctx));
+-
+-		ret=bn_mm(r,a,b,&(sk[0]),&ctx);
+-		for (i=0; i<n; i+=2)
+-			{
+-			BN_clear_free(&sk[i]);
+-			BN_clear_free(&sk[i+1]);
+-			}
+-		Free(sk);
+-		return(ret);
+-		}
+-#endif
+-
+-	max=(al+bl);
+-	if (bn_wexpand(r,max) == NULL) return(0);
+-	r->top=max;
+-	r->neg=a->neg^b->neg;
+-	ap=a->d;
+-	bp=b->d;
+-	rp=r->d;
+-
+-#ifdef BN_RECURSION
+-	if ((al == bl) && (al == 8))
+-		{
+-		bn_mul_comba8(rp,ap,bp);
+-		}
+-	else
+-#endif
+-		{
+-		rp[al]=bn_mul_words(rp,ap,al,*(bp++));
+-		rp++;
+-		for (i=1; i<bl; i++)
+-			{
+-			rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
+-			rp++;
+-			}
+-		}
+-	if ((max > 0) && (r->d[max-1] == 0)) r->top--;
+-	return(1);
+-	}
+-
+-#ifdef BN_RECURSION
+-
+-#define ahal	(sk[0])
+-#define blbh	(sk[1])
+-
+-/* r must be different to a and b */
+-int bn_mm(m, A, B, sk,ctx)
+-BIGNUM *m,*A,*B;
+-BIGNUM *sk;
+-BN_CTX *ctx;
+-	{
+-	int n,num,sqr=0;
+-	int an,bn;
+-	BIGNUM ah,al,bh,bl;
+-
+-	an=A->top;
+-	bn=B->top;
+-#ifdef BN_MUL_DEBUG
+-printf("bn_mm(%d,%d)\n",A->top,B->top);
+-#endif
+-
+-	if (A == B) sqr=1;
+-	num=(an>bn)?an:bn;
+-	n=(num+1)/2;
+-	/* Are going to now chop things into 'num' word chunks. */
+-
+-	BN_init(&ah);
+-	BN_init(&al);
+-	BN_init(&bh);
+-	BN_init(&bl);
+-
+-	bn_set_low (&al,A,n);
+-	bn_set_high(&ah,A,n);
+-	bn_set_low (&bl,B,n);
+-	bn_set_high(&bh,B,n);
+-
+-	BN_sub(&ahal,&ah,&al);
+-	BN_sub(&blbh,&bl,&bh);
+-
+-	if (num <= (bn_limit_num+bn_limit_num))
+-		{
+-		BN_mul(m,&ahal,&blbh);
+-		if (sqr)
+-			{
+-			BN_sqr(&ahal,&al,ctx);
+-			BN_sqr(&blbh,&ah,ctx);
+-			}
+-		else
+-			{
+-			BN_mul(&ahal,&al,&bl);
+-			BN_mul(&blbh,&ah,&bh);
+-			}
+-		}
+-	else
+-		{
+-		bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
+-		bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
+-		bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
+-		}
+-
+-	BN_add(m,m,&ahal);
+-	BN_add(m,m,&blbh);
+-
+-	BN_lshift(m,m,n*BN_BITS2);
+-	BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
+-
+-	BN_add(m,m,&ahal);
+-	BN_add(m,m,&blbh);
+-
+-	m->neg=A->neg^B->neg;
+-	return(1);
+-	}
+-#undef ahal	(sk[0])
+-#undef blbh	(sk[1])
+-
+-#include "bn_low.c"
+-#include "bn_high.c"
+-#include "f.c"
+-
+-#endif
+Index: crypto/openssl/crypto/bn/old/bn_wmul.c
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/bn_wmul.c
+diff -N crypto/openssl/crypto/bn/old/bn_wmul.c
+--- crypto/openssl/crypto/bn/old/bn_wmul.c	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,173 +0,0 @@
+-#include <stdio.h>
+-#include "bn_lcl.h"
+-
+-#if 1
+-
+-int bn_mull(BIGNUM *r,BIGNUM *a,BIGNUM *b, BN_CTX *ctx);
+-
+-int bn_mull(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+-	{
+-	int top,i,j,k,al,bl;
+-	BIGNUM *t;
+-
+-#ifdef BN_COUNT
+-printf("bn_mull %d * %d\n",a->top,b->top);
+-#endif
+-
+-	bn_check_top(a);
+-	bn_check_top(b);
+-	bn_check_top(r);
+-
+-	al=a->top;
+-	bl=b->top;
+-	r->neg=a->neg^b->neg;
+-
+-	top=al+bl;
+-	if ((al < 4) || (bl < 4))
+-		{
+-		if (bn_wexpand(r,top) == NULL) return(0);
+-		r->top=top;
+-		bn_mul_normal(r->d,a->d,al,b->d,bl);
+-		goto end;
+-		}
+-	else if (al == bl) /* A good start, they are the same size */
+-		goto symetric;
+-	else
+-		{
+-		i=(al-bl);
+-		if ((i ==  1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+-			{
+-			bn_wexpand(b,al);
+-			b->d[bl]=0;
+-			bl++;
+-			goto symetric;
+-			}
+-		else if ((i ==  -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+-			{
+-			bn_wexpand(a,bl);
+-			a->d[al]=0;
+-			al++;
+-			goto symetric;
+-			}
+-		}
+-
+-	/* asymetric and >= 4 */ 
+-	if (bn_wexpand(r,top) == NULL) return(0);
+-	r->top=top;
+-	bn_mul_normal(r->d,a->d,al,b->d,bl);
+-
+-	if (0)
+-		{
+-		/* symetric and > 4 */
+-symetric:
+-		if (al == 4)
+-			{
+-			if (bn_wexpand(r,al*2) == NULL) return(0);
+-			r->top=top;
+-			bn_mul_comba4(r->d,a->d,b->d);
+-			goto end;
+-			}
+-		if (al == 8)
+-			{
+-			if (bn_wexpand(r,al*2) == NULL) return(0);
+-			r->top=top;
+-			bn_mul_comba8(r->d,a->d,b->d);
+-			goto end;
+-			}
+-		if (al <= BN_MULL_NORMAL_SIZE)
+-			{
+-			if (bn_wexpand(r,al*2) == NULL) return(0);
+-			r->top=top;
+-			bn_mul_normal(r->d,a->d,al,b->d,bl);
+-			goto end;
+-			}
+-		/* 16 or larger */
+-		j=BN_num_bits_word((BN_ULONG)al);
+-		j=1<<(j-1);
+-		k=j+j;
+-		t= &(ctx->bn[ctx->tos]);
+-		if (al == j) /* exact multiple */
+-			{
+-			bn_wexpand(t,k*2);
+-			bn_wexpand(r,k*2);
+-			bn_mul_recursive(r->d,a->d,b->d,al,t->d);
+-			}
+-		else
+-			{
+-			bn_wexpand(a,k);
+-			bn_wexpand(b,k);
+-			bn_wexpand(t,k*4);
+-			bn_wexpand(r,k*4);
+-			for (i=a->top; i<k; i++)
+-				a->d[i]=0;
+-			for (i=b->top; i<k; i++)
+-				b->d[i]=0;
+-			bn_mul_part_recursive(r->d,a->d,b->d,al-j,j,t->d);
+-			}
+-		r->top=top;
+-		}
+-end:
+-	bn_fix_top(r);
+-	return(1);
+-	}
+-#endif
+-
+-void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+-	{
+-	BN_ULONG *rr;
+-
+-#ifdef BN_COUNT
+-printf(" bn_mul_normal %d * %d\n",na,nb);
+-#endif
+-
+-	if (na < nb)
+-		{
+-		int itmp;
+-		BN_ULONG *ltmp;
+-
+-		itmp=na; na=nb; nb=itmp;
+-		ltmp=a;   a=b;   b=ltmp;
+-
+-		}
+-	rr= &(r[na]);
+-	rr[0]=bn_mul_words(r,a,na,b[0]);
+-
+-	for (;;)
+-		{
+-		if (--nb <= 0) return;
+-		rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
+-		if (--nb <= 0) return;
+-		rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
+-		if (--nb <= 0) return;
+-		rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
+-		if (--nb <= 0) return;
+-		rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
+-		rr+=4;
+-		r+=4;
+-		b+=4;
+-		}
+-	}
+-
+-#if 1
+-void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+-	{
+-#ifdef BN_COUNT
+-printf(" bn_mul_low_normal %d * %d\n",n,n);
+-#endif
+-	bn_mul_words(r,a,n,b[0]);
+-
+-	for (;;)
+-		{
+-		if (--n <= 0) return;
+-		bn_mul_add_words(&(r[1]),a,n,b[1]);
+-		if (--n <= 0) return;
+-		bn_mul_add_words(&(r[2]),a,n,b[2]);
+-		if (--n <= 0) return;
+-		bn_mul_add_words(&(r[3]),a,n,b[3]);
+-		if (--n <= 0) return;
+-		bn_mul_add_words(&(r[4]),a,n,b[4]);
+-		r+=4;
+-		b+=4;
+-		}
+-	}
+-#endif
+Index: crypto/openssl/crypto/bn/old/build
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/build
+diff -N crypto/openssl/crypto/bn/old/build
+--- crypto/openssl/crypto/bn/old/build	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,3 +0,0 @@
+-#!/bin/sh -x
+-
+-gcc -g -I../../include test.c -L../.. -lcrypto
+Index: crypto/openssl/crypto/bn/old/info
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/info
+diff -N crypto/openssl/crypto/bn/old/info
+--- crypto/openssl/crypto/bn/old/info	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,22 +0,0 @@
+-Given A1A0 * B1B0 == S3S2S1S0
+-
+-S0=     low(A0*B0)
+-S1=     low( (A1-A0)*(B0-B1)) +low( A1*B1) +high(A0*B0)
+-S2=     high((A1-A0)*(B0-B1)) +high(A1*B1) +low( A1*B1)
+-S3=     high(A1*B1);
+-
+-Assume we know S1 and S0, and can calulate A1*B1 and high((A1-A0)*(B0-B1))
+-
+-k0=	S0 == low(A0*B0)
+-k1=	S1
+-k2=	low( A1*B1)
+-k3=	high(A1*B1)
+-k4=	high((A1-A0)*(B0-B1))
+-
+-k1=	low((A1-A0)*(B0-B1)) +k2 +high(A0*B0)
+-S2=	k4 +k3 +k2
+-S3=	k3
+-
+-S1-k2= low((A1-A0)*(B0-B1)) +high(A0*B0)
+-
+-We potentially have a carry or a borrow from S1
+Index: crypto/openssl/crypto/bn/old/test.works
+===================================================================
+RCS file: crypto/openssl/crypto/bn/old/test.works
+diff -N crypto/openssl/crypto/bn/old/test.works
+--- crypto/openssl/crypto/bn/old/test.works	10 Jan 2000 06:21:32 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,205 +0,0 @@
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include "bn_lcl.h"
+-
+-#define SIZE	128
+-
+-#define BN_MONT_CTX_set		bn_mcs
+-#define BN_from_montgomery	bn_fm
+-#define BN_mod_mul_montgomery	bn_mmm
+-#undef BN_to_montgomery
+-#define BN_to_montgomery(r,a,mont,ctx)	bn_mmm(\
+-	r,a,(mont)->RR,(mont),ctx)
+-
+-main()
+-	{
+-	BIGNUM prime,a,b,r,A,B,R;
+-	BN_MONT_CTX *mont;
+-	BN_CTX *ctx;
+-	int i;
+-
+-	ctx=BN_CTX_new();
+-	BN_init(&prime);
+-	BN_init(&a); BN_init(&b); BN_init(&r);
+-	BN_init(&A); BN_init(&B); BN_init(&R);
+-
+-	BN_generate_prime(&prime,SIZE,0,NULL,NULL,NULL,NULL);
+-	BN_rand(&A,SIZE,1,0);
+-	BN_rand(&B,SIZE,1,0);
+-	BN_mod(&A,&A,&prime,ctx);
+-	BN_mod(&B,&B,&prime,ctx);
+-
+-	mont=BN_MONT_CTX_new();
+-	BN_MONT_CTX_set(mont,&prime,ctx);
+-
+-	BN_to_montgomery(&a,&A,mont,ctx);
+-	BN_to_montgomery(&b,&B,mont,ctx);
+-
+-	BN_mul(&r,&a,&b);
+-	BN_print_fp(stdout,&r); printf("\n");
+-	BN_from_montgomery(&r,&r,mont,ctx);
+-	BN_print_fp(stdout,&r); printf("\n");
+-	BN_from_montgomery(&r,&r,mont,ctx);
+-	BN_print_fp(stdout,&r); printf("\n");
+-
+-	BN_mod_mul(&R,&A,&B,&prime,ctx);
+-
+-	BN_print_fp(stdout,&a); printf("\n");
+-	BN_print_fp(stdout,&b); printf("\n");
+-	BN_print_fp(stdout,&prime); printf("\n");
+-	BN_print_fp(stdout,&r); printf("\n\n");
+-
+-	BN_print_fp(stdout,&A); printf("\n");
+-	BN_print_fp(stdout,&B); printf("\n");
+-	BN_print_fp(stdout,&prime); printf("\n");
+-	BN_print_fp(stdout,&R); printf("\n\n");
+-
+-	BN_mul(&r,&a,&b);
+-	BN_print_fp(stdout,&r); printf(" <- BA*DC\n");
+-	BN_copy(&A,&r);
+-	i=SIZE/2;
+-	BN_mask_bits(&A,i*2);
+-//	BN_print_fp(stdout,&A); printf(" <- low(BA*DC)\n");
+-	bn_do_lower(&r,&a,&b,&A,i);
+-//	BN_print_fp(stdout,&r); printf(" <- low(BA*DC)\n");
+-	}
+-
+-int bn_mul_low(r,a,b,low,i)
+-BIGNUM *r,*a,*b,*low;
+-int i;
+-	{
+-	int w;
+-	BIGNUM Kh,Km,t1,t2,h,ah,al,bh,bl,l,m,s0,s1;
+-
+-	BN_init(&Kh); BN_init(&Km); BN_init(&t1); BN_init(&t2); BN_init(&l);
+-	BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl); BN_init(&h);
+-	BN_init(&m); BN_init(&s0); BN_init(&s1);
+-
+-	BN_copy(&al,a); BN_mask_bits(&al,i); BN_rshift(&ah,a,i);
+-	BN_copy(&bl,b); BN_mask_bits(&bl,i); BN_rshift(&bh,b,i);
+-
+-
+-	BN_sub(&t1,&al,&ah);
+-	BN_sub(&t2,&bh,&bl);
+-	BN_mul(&m,&t1,&t2);
+-	BN_mul(&h,&ah,&bh);
+-
+-	BN_copy(&s0,low); BN_mask_bits(&s0,i);
+-	BN_rshift(&s1,low,i);
+-
+-	BN_add(&t1,&h,&m);
+-	BN_add(&t1,&t1,&s0);
+-
+-	BN_copy(&t2,&t1); BN_mask_bits(&t2,i);
+-	BN_sub(&t1,&s1,&t2);
+-	BN_lshift(&t1,&t1,i);
+-	BN_add(&t1,&t1,&s0);
+-	if (t1.neg)
+-		{
+-		BN_lshift(&t2,BN_value_one(),i*2);
+-		BN_add(&t1,&t2,&t1);
+-		BN_mask_bits(&t1,i*2);
+-		}
+-	
+-	BN_free(&Kh); BN_free(&Km); BN_free(&t1); BN_free(&t2);
+-	BN_free(&ah); BN_free(&al); BN_free(&bh); BN_free(&bl);
+-	}
+-
+-int BN_mod_mul_montgomery(r,a,b,mont,ctx)
+-BIGNUM *r,*a,*b;
+-BN_MONT_CTX *mont;
+-BN_CTX *ctx;
+-	{
+-	BIGNUM *tmp;
+-
+-        tmp= &(ctx->bn[ctx->tos++]);
+-
+-	if (a == b)
+-		{
+-		if (!BN_sqr(tmp,a,ctx)) goto err;
+-		}
+-	else
+-		{
+-		if (!BN_mul(tmp,a,b)) goto err;
+-		}
+-	/* reduce from aRR to aR */
+-	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+-	ctx->tos--;
+-	return(1);
+-err:
+-	return(0);
+-	}
+-
+-int BN_from_montgomery(r,a,mont,ctx)
+-BIGNUM *r;
+-BIGNUM *a;
+-BN_MONT_CTX *mont;
+-BN_CTX *ctx;
+-	{
+-	BIGNUM z1;
+-	BIGNUM *t1,*t2;
+-	BN_ULONG *ap,*bp,*rp;
+-	int j,i,bl,al;
+-
+-	BN_init(&z1);
+-	t1= &(ctx->bn[ctx->tos]);
+-	t2= &(ctx->bn[ctx->tos+1]);
+-
+-	if (!BN_copy(t1,a)) goto err;
+-	/* can cheat */
+-	BN_mask_bits(t1,mont->ri);
+-	if (!BN_mul(t2,t1,mont->Ni)) goto err;
+-	BN_mask_bits(t2,mont->ri);
+-
+-	if (!BN_mul(t1,t2,mont->N)) goto err;
+-	if (!BN_add(t2,t1,a)) goto err;
+-
+-	/* At this point, t2 has the bottom ri bits set to zero.
+-	 * This means that the bottom ri bits == the 1^ri minus the bottom
+-	 * ri bits of a.
+-	 * This means that only the bits above 'ri' in a need to be added,
+-	 * and XXXXXXXXXXXXXXXXXXXXXXXX
+-	 */
+-BN_print_fp(stdout,t2); printf("\n");
+-	BN_rshift(r,t2,mont->ri);
+-
+-	if (BN_ucmp(r,mont->N) >= 0)
+-		bn_qsub(r,r,mont->N);
+-
+-	return(1);
+-err:
+-	return(0);
+-	}
+-
+-int BN_MONT_CTX_set(mont,mod,ctx)
+-BN_MONT_CTX *mont;
+-BIGNUM *mod;
+-BN_CTX *ctx;
+-	{
+-	BIGNUM *Ri=NULL,*R=NULL;
+-
+-	if (mont->RR == NULL) mont->RR=BN_new();
+-	if (mont->N == NULL)  mont->N=BN_new();
+-
+-	R=mont->RR;					/* grab RR as a temp */
+-	BN_copy(mont->N,mod);				/* Set N */
+-
+-	mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+-	BN_lshift(R,BN_value_one(),mont->ri);			/* R */
+-	if ((Ri=BN_mod_inverse(NULL,R,mod,ctx)) == NULL) goto err;/* Ri */
+-	BN_lshift(Ri,Ri,mont->ri);				/* R*Ri */
+-	bn_qsub(Ri,Ri,BN_value_one());				/* R*Ri - 1 */
+-	BN_div(Ri,NULL,Ri,mod,ctx);
+-	if (mont->Ni != NULL) BN_free(mont->Ni);
+-	mont->Ni=Ri;					/* Ni=(R*Ri-1)/N */
+-
+-	/* setup RR for conversions */
+-	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
+-	BN_mod(mont->RR,mont->RR,mont->N,ctx);
+-
+-	return(1);
+-err:
+-	return(0);
+-	}
+-
+-
+cvs diff: Diffing crypto/openssl/crypto/buffer
+Index: crypto/openssl/crypto/buffer/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/buffer/Makefile.save
+diff -N crypto/openssl/crypto/buffer/Makefile.save
+--- crypto/openssl/crypto/buffer/Makefile.save	26 Nov 2000 11:33:23 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,92 +0,0 @@
+-#
+-# SSLeay/crypto/buffer/Makefile
+-#
+-
+-DIR=	buffer
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC= buffer.c buf_err.c
+-LIBOBJ= buffer.o buf_err.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= buffer.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+-buf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+-buf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-buf_err.o: ../../include/openssl/symhacks.h
+-buffer.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-buffer.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-buffer.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-buffer.o: ../cryptlib.h
+Index: crypto/openssl/crypto/buffer/buffer.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/buffer/buffer.h,v
+retrieving revision 1.1.1.1
+diff -u -r1.1.1.1 buffer.h
+--- crypto/openssl/crypto/buffer/buffer.h	10 Jan 2000 06:21:33 -0000	1.1.1.1
++++ crypto/openssl/crypto/buffer/buffer.h	31 Jul 2002 00:46:53 -0000
+@@ -75,12 +75,11 @@
+ int	BUF_MEM_grow(BUF_MEM *str, int len);
+ char *	BUF_strdup(const char *str);
+ 
+-void ERR_load_BUF_strings(void );
+-
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_BUF_strings(void);
+ 
+ /* Error codes for the BUF functions. */
+ 
+@@ -95,4 +94,3 @@
+ }
+ #endif
+ #endif
+-
+cvs diff: Diffing crypto/openssl/crypto/cast
+Index: crypto/openssl/crypto/cast/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/cast/Makefile.save
+diff -N crypto/openssl/crypto/cast/Makefile.save
+--- crypto/openssl/crypto/cast/Makefile.save	20 Aug 2000 08:48:33 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,124 +0,0 @@
+-#
+-# SSLeay/crypto/cast/Makefile
+-#
+-
+-DIR=	cast
+-TOP=	../..
+-CC=	cc
+-CPP=	$(CC) -E
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CAST_ENC=c_enc.o
+-# or use
+-#CAST_ENC=asm/cx86-elf.o
+-#CAST_ENC=asm/cx86-out.o
+-#CAST_ENC=asm/cx86-sol.o
+-#CAST_ENC=asm/cx86bdsi.o
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=casttest.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c 
+-LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= cast.h
+-HEADER=	cast_s.h cast_lcl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-# elf
+-asm/cx86-elf.o: asm/cx86unix.cpp
+-	$(CPP) -DELF -x c asm/cx86unix.cpp | as -o asm/cx86-elf.o
+-
+-# solaris
+-asm/cx86-sol.o: asm/cx86unix.cpp
+-	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+-	as -o asm/cx86-sol.o asm/cx86-sol.s
+-	rm -f asm/cx86-sol.s
+-
+-# a.out
+-asm/cx86-out.o: asm/cx86unix.cpp
+-	$(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+-
+-# bsdi
+-asm/cx86bsdi.o: asm/cx86unix.cpp
+-	$(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o
+-
+-asm/cx86unix.cpp: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+-	(cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp)
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-c_cfb64.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+-c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+-c_cfb64.o: cast_lcl.h
+-c_ecb.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+-c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+-c_ecb.o: ../../include/openssl/opensslv.h cast_lcl.h
+-c_enc.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+-c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+-c_enc.o: cast_lcl.h
+-c_ofb64.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+-c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+-c_ofb64.o: cast_lcl.h
+-c_skey.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+-c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+-c_skey.o: cast_lcl.h cast_s.h
+Index: crypto/openssl/crypto/cast/Makefile.uni
+===================================================================
+RCS file: crypto/openssl/crypto/cast/Makefile.uni
+diff -N crypto/openssl/crypto/cast/Makefile.uni
+--- crypto/openssl/crypto/cast/Makefile.uni	10 Jan 2000 06:21:33 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,124 +0,0 @@
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-# make x86-elf  - linux-elf etc
+-# make x86-out  - linux-a.out, FreeBSD etc
+-# make x86-solaris
+-# make x86-bdsi
+-
+-# There are 3 possible performance options, experiment :-)
+-#OPTS= -DBF_PTR
+-#OPTS= -DBF_PTR2
+-OPTS=
+-
+-DIR=    cast
+-TOP=    .
+-CC=     gcc
+-CFLAG=	-O3 -fomit-frame-pointer
+-
+-CPP=    $(CC) -E
+-INCLUDES=
+-INSTALLTOP=/usr/local/lib
+-MAKE=           make
+-MAKEDEPEND=     makedepend
+-MAKEFILE=       Makefile.uni
+-AR=             ar r
+-RANLIB=         ranlib
+-
+-CAST_ENC=c_enc.o
+-# or use
+-#CAST_ENC=asm/cx86-elf.o
+-#CAST_ENC=asm/cx86-out.o
+-#CAST_ENC=asm/cx86-sol.o
+-#CAST_ENC=asm/cx86bdsi.o
+-
+-CFLAGS= $(OPTS) $(INCLUDES) $(CFLAG) -DFULL_TEST
+-
+-GENERAL=Makefile
+-TEST=casttest
+-APP1=cast_spd
+-APP2=castopts
+-APPS=$(APP1) $(APP2)
+-
+-LIB=libcast.a
+-LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
+-LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= cast.h
+-HEADER= cast_lcl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-all:    $(LIB) $(TEST) $(APPS)
+-
+-$(LIB):    $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-# elf
+-asm/cx86-elf.o: asm/cx86unix.cpp
+-	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
+-
+-# solaris
+-asm/cx86-sol.o: asm/cx86unix.cpp
+-	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+-	as -o asm/cx86-sol.o asm/cx86-sol.s
+-	rm -f asm/cx86-sol.s
+-
+-# a.out
+-asm/cx86-out.o: asm/cx86unix.cpp
+-	$(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+-
+-# bsdi
+-asm/cx86bsdi.o: asm/cx86unix.cpp
+-	$(CPP) -DBSDI asm/cx86unix.cpp | as -o asm/cx86bsdi.o
+-
+-asm/cx86unix.cpp:
+-	(cd asm; perl cast-586.pl cpp >cx86unix.cpp)
+-
+-test:	$(TEST)
+-	./$(TEST)
+-
+-$(TEST): $(TEST).c $(LIB)
+-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+-
+-$(APP1): $(APP1).c $(LIB)
+-	$(CC) -o $(APP1) $(CFLAGS) $(APP1).c $(LIB)
+-
+-$(APP2): $(APP2).c $(LIB)
+-	$(CC) -o $(APP2) $(CFLAGS) $(APP2).c $(LIB)
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-cc:
+-	$(MAKE) CC="cc" CFLAG="-O" all
+-
+-gcc:
+-	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+-
+-x86-elf:
+-	$(MAKE) CAST_ENC="asm/cx86-elf.o" CFLAG="-DELF $(CFLAGS)" all
+-
+-x86-out:
+-	$(MAKE) CAST_ENC="asm/cx86-out.o" CFLAG="-DOUT $(CFLAGS)" all
+-
+-x86-solaris:
+-	$(MAKE) CAST_ENC="asm/cx86-sol.o" CFLAG="-DSOL $(CFLAGS)" all
+-
+-x86-bdsi:
+-	$(MAKE) CAST_ENC="asm/cx86-bdsi.o" CFLAG="-DBDSI $(CFLAGS)" all
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+cvs diff: Diffing crypto/openssl/crypto/cast/asm
+cvs diff: Diffing crypto/openssl/crypto/comp
+Index: crypto/openssl/crypto/comp/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/comp/Makefile.save
+diff -N crypto/openssl/crypto/comp/Makefile.save
+--- crypto/openssl/crypto/comp/Makefile.save	20 Aug 2000 08:48:34 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,99 +0,0 @@
+-#
+-# SSLeay/crypto/comp/Makefile
+-#
+-
+-DIR=	comp
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC= comp_lib.c \
+-	c_rle.c c_zlib.c
+-
+-LIBOBJ=	comp_lib.o \
+-	c_rle.o c_zlib.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= comp.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+-c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
+-c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+-c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
+-c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+-comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
+-comp_lib.o: ../../include/openssl/opensslconf.h
+-comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-comp_lib.o: ../../include/openssl/stack.h
+Index: crypto/openssl/crypto/comp/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/comp/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 Makefile.ssl
+--- crypto/openssl/crypto/comp/Makefile.ssl	4 Jul 2001 23:19:17 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/comp/Makefile.ssl	31 Jul 2002 00:46:53 -0000
+@@ -22,10 +22,10 @@
+ APPS=
+ 
+ LIB=$(TOP)/libcrypto.a
+-LIBSRC= comp_lib.c \
++LIBSRC= comp_lib.c comp_err.c \
+ 	c_rle.c c_zlib.c
+ 
+-LIBOBJ=	comp_lib.o \
++LIBOBJ=	comp_lib.o comp_err.o \
+ 	c_rle.o c_zlib.o
+ 
+ SRC= $(LIBSRC)
+@@ -94,6 +94,11 @@
+ c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
++comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
++comp_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
++comp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
++comp_err.o: ../../include/openssl/symhacks.h
+ comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+ comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h
+Index: crypto/openssl/crypto/comp/comp.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/comp/comp.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 comp.h
+--- crypto/openssl/crypto/comp/comp.h	26 Nov 2000 11:33:24 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/comp/comp.h	31 Jul 2002 00:46:53 -0000
+@@ -47,6 +47,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_COMP_strings(void);
+ 
+ /* Error codes for the COMP functions. */
+ 
+@@ -58,4 +59,3 @@
+ }
+ #endif
+ #endif
+-
+cvs diff: Diffing crypto/openssl/crypto/conf
+Index: crypto/openssl/crypto/conf/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/conf/Makefile.save
+diff -N crypto/openssl/crypto/conf/Makefile.save
+--- crypto/openssl/crypto/conf/Makefile.save	20 Aug 2000 08:48:34 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,92 +0,0 @@
+-#
+-# SSLeay/crypto/conf/Makefile
+-#
+-
+-DIR=	conf
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC= conf.c conf_err.c
+-
+-LIBOBJ=	conf.o conf_err.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= conf.h
+-HEADER=	conf_lcl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-conf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-conf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-conf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-conf.o: ../cryptlib.h conf_lcl.h
+-conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+-conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+-conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+-conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+Index: crypto/openssl/crypto/conf/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/conf/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 Makefile.ssl
+--- crypto/openssl/crypto/conf/Makefile.ssl	4 Jul 2001 23:19:17 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/conf/Makefile.ssl	31 Jul 2002 00:46:53 -0000
+@@ -93,17 +93,14 @@
+ conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+ conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-conf_def.o: conf_def.h
++conf_def.o: ../cryptlib.h conf_def.h
+ conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+-conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-conf_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
++conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
++conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
++conf_err.o: ../../include/openssl/symhacks.h
+ conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+ conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+-conf_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ conf_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-conf_lib.o: ../../include/openssl/opensslconf.h
+ conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+ conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+Index: crypto/openssl/crypto/conf/conf.c
+===================================================================
+RCS file: crypto/openssl/crypto/conf/conf.c
+diff -N crypto/openssl/crypto/conf/conf.c
+--- crypto/openssl/crypto/conf/conf.c	20 Aug 2000 08:46:19 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,730 +0,0 @@
+-/* crypto/conf/conf.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#include <stdio.h>
+-#include <errno.h>
+-#include "cryptlib.h"
+-#include <openssl/stack.h>
+-#include <openssl/lhash.h>
+-#include <openssl/conf.h>
+-#include <openssl/buffer.h>
+-#include <openssl/err.h>
+-
+-#include "conf_lcl.h"
+-
+-static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+-static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+-static unsigned long hash(CONF_VALUE *v);
+-static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b);
+-static char *eat_ws(char *p);
+-static char *eat_alpha_numeric(char *p);
+-static void clear_comments(char *p);
+-static int str_copy(LHASH *conf,char *section,char **to, char *from);
+-static char *scan_quote(char *p);
+-static CONF_VALUE *new_section(LHASH *conf,char *section);
+-static CONF_VALUE *get_section(LHASH *conf,char *section);
+-#define scan_esc(p)	((((p)[1] == '\0')?(p++):(p+=2)),p)
+-
+-const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
+-
+-
+-LHASH *CONF_load(LHASH *h, const char *file, long *line)
+-	{
+-	LHASH *ltmp;
+-	BIO *in=NULL;
+-
+-#ifdef VMS
+-	in=BIO_new_file(file, "r");
+-#else
+-	in=BIO_new_file(file, "rb");
+-#endif
+-	if (in == NULL)
+-		{
+-		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+-		return NULL;
+-		}
+-
+-	ltmp = CONF_load_bio(h, in, line);
+-	BIO_free(in);
+-
+-	return ltmp;
+-}
+-#ifndef NO_FP_API
+-LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
+-{
+-	BIO *btmp;
+-	LHASH *ltmp;
+-	if(!(btmp = BIO_new_fp(in, BIO_NOCLOSE))) {
+-		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
+-		return NULL;
+-	}
+-	ltmp = CONF_load_bio(h, btmp, line);
+-	BIO_free(btmp);
+-	return ltmp;
+-}
+-#endif
+-
+-LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
+-	{
+-	LHASH *ret=NULL;
+-#define BUFSIZE	512
+-	char btmp[16];
+-	int bufnum=0,i,ii;
+-	BUF_MEM *buff=NULL;
+-	char *s,*p,*end;
+-	int again,n;
+-	long eline=0;
+-	CONF_VALUE *v=NULL,*vv,*tv;
+-	CONF_VALUE *sv=NULL;
+-	char *section=NULL,*buf;
+-	STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
+-	char *start,*psection,*pname;
+-
+-	if ((buff=BUF_MEM_new()) == NULL)
+-		{
+-		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+-		goto err;
+-		}
+-
+-	section=(char *)Malloc(10);
+-	if (section == NULL)
+-		{
+-		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+-		goto err;
+-		}
+-	strcpy(section,"default");
+-
+-	if (h == NULL)
+-		{
+-		if ((ret=lh_new(hash,cmp_conf)) == NULL)
+-			{
+-			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+-			goto err;
+-			}
+-		}
+-	else
+-		ret=h;
+-
+-	sv=new_section(ret,section);
+-	if (sv == NULL)
+-		{
+-		CONFerr(CONF_F_CONF_LOAD_BIO,
+-					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+-		goto err;
+-		}
+-	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+-
+-	bufnum=0;
+-	for (;;)
+-		{
+-		again=0;
+-		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+-			{
+-			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+-			goto err;
+-			}
+-		p= &(buff->data[bufnum]);
+-		*p='\0';
+-		BIO_gets(in, p, BUFSIZE-1);
+-		p[BUFSIZE-1]='\0';
+-		ii=i=strlen(p);
+-		if (i == 0) break;
+-		while (i > 0)
+-			{
+-			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+-				break;
+-			else
+-				i--;
+-			}
+-		/* we removed some trailing stuff so there is a new
+-		 * line on the end. */
+-		if (i == ii)
+-			again=1; /* long line */
+-		else
+-			{
+-			p[i]='\0';
+-			eline++; /* another input line */
+-			}
+-
+-		/* we now have a line with trailing \r\n removed */
+-
+-		/* i is the number of bytes */
+-		bufnum+=i;
+-
+-		v=NULL;
+-		/* check for line continuation */
+-		if (bufnum >= 1)
+-			{
+-			/* If we have bytes and the last char '\\' and
+-			 * second last char is not '\\' */
+-			p= &(buff->data[bufnum-1]);
+-			if (	IS_ESC(p[0]) &&
+-				((bufnum <= 1) || !IS_ESC(p[-1])))
+-				{
+-				bufnum--;
+-				again=1;
+-				}
+-			}
+-		if (again) continue;
+-		bufnum=0;
+-		buf=buff->data;
+-
+-		clear_comments(buf);
+-		n=strlen(buf);
+-		s=eat_ws(buf);
+-		if (IS_EOF(*s)) continue; /* blank line */
+-		if (*s == '[')
+-			{
+-			char *ss;
+-
+-			s++;
+-			start=eat_ws(s);
+-			ss=start;
+-again:
+-			end=eat_alpha_numeric(ss);
+-			p=eat_ws(end);
+-			if (*p != ']')
+-				{
+-				if (*p != '\0')
+-					{
+-					ss=p;
+-					goto again;
+-					}
+-				CONFerr(CONF_F_CONF_LOAD_BIO,
+-					CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+-				goto err;
+-				}
+-			*end='\0';
+-			if (!str_copy(ret,NULL,&section,start)) goto err;
+-			if ((sv=get_section(ret,section)) == NULL)
+-				sv=new_section(ret,section);
+-			if (sv == NULL)
+-				{
+-				CONFerr(CONF_F_CONF_LOAD_BIO,
+-					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+-				goto err;
+-				}
+-			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+-			continue;
+-			}
+-		else
+-			{
+-			pname=s;
+-			psection=NULL;
+-			end=eat_alpha_numeric(s);
+-			if ((end[0] == ':') && (end[1] == ':'))
+-				{
+-				*end='\0';
+-				end+=2;
+-				psection=pname;
+-				pname=end;
+-				end=eat_alpha_numeric(end);
+-				}
+-			p=eat_ws(end);
+-			if (*p != '=')
+-				{
+-				CONFerr(CONF_F_CONF_LOAD_BIO,
+-						CONF_R_MISSING_EQUAL_SIGN);
+-				goto err;
+-				}
+-			*end='\0';
+-			p++;
+-			start=eat_ws(p);
+-			while (!IS_EOF(*p))
+-				p++;
+-			p--;
+-			while ((p != start) && (IS_WS(*p)))
+-				p--;
+-			p++;
+-			*p='\0';
+-
+-			if (!(v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))))
+-				{
+-				CONFerr(CONF_F_CONF_LOAD_BIO,
+-							ERR_R_MALLOC_FAILURE);
+-				goto err;
+-				}
+-			if (psection == NULL) psection=section;
+-			v->name=(char *)Malloc(strlen(pname)+1);
+-			v->value=NULL;
+-			if (v->name == NULL)
+-				{
+-				CONFerr(CONF_F_CONF_LOAD_BIO,
+-							ERR_R_MALLOC_FAILURE);
+-				goto err;
+-				}
+-			strcpy(v->name,pname);
+-			if (!str_copy(ret,psection,&(v->value),start)) goto err;
+-
+-			if (strcmp(psection,section) != 0)
+-				{
+-				if ((tv=get_section(ret,psection))
+-					== NULL)
+-					tv=new_section(ret,psection);
+-				if (tv == NULL)
+-					{
+-					CONFerr(CONF_F_CONF_LOAD_BIO,
+-					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+-					goto err;
+-					}
+-				ts=(STACK_OF(CONF_VALUE) *)tv->value;
+-				}
+-			else
+-				{
+-				tv=sv;
+-				ts=section_sk;
+-				}
+-			v->section=tv->section;	
+-			if (!sk_CONF_VALUE_push(ts,v))
+-				{
+-				CONFerr(CONF_F_CONF_LOAD_BIO,
+-							ERR_R_MALLOC_FAILURE);
+-				goto err;
+-				}
+-			vv=(CONF_VALUE *)lh_insert(ret,v);
+-			if (vv != NULL)
+-				{
+-				sk_CONF_VALUE_delete_ptr(ts,vv);
+-				Free(vv->name);
+-				Free(vv->value);
+-				Free(vv);
+-				}
+-			v=NULL;
+-			}
+-		}
+-	if (buff != NULL) BUF_MEM_free(buff);
+-	if (section != NULL) Free(section);
+-	return(ret);
+-err:
+-	if (buff != NULL) BUF_MEM_free(buff);
+-	if (section != NULL) Free(section);
+-	if (line != NULL) *line=eline;
+-	sprintf(btmp,"%ld",eline);
+-	ERR_add_error_data(2,"line ",btmp);
+-	if ((h != ret) && (ret != NULL)) CONF_free(ret);
+-	if (v != NULL)
+-		{
+-		if (v->name != NULL) Free(v->name);
+-		if (v->value != NULL) Free(v->value);
+-		if (v != NULL) Free(v);
+-		}
+-	return(NULL);
+-	}
+-
+-char *CONF_get_string(LHASH *conf, char *section, char *name)
+-	{
+-	CONF_VALUE *v,vv;
+-	char *p;
+-
+-	if (name == NULL) return(NULL);
+-	if (conf != NULL)
+-		{
+-		if (section != NULL)
+-			{
+-			vv.name=name;
+-			vv.section=section;
+-			v=(CONF_VALUE *)lh_retrieve(conf,&vv);
+-			if (v != NULL) return(v->value);
+-			if (strcmp(section,"ENV") == 0)
+-				{
+-				p=Getenv(name);
+-				if (p != NULL) return(p);
+-				}
+-			}
+-		vv.section="default";
+-		vv.name=name;
+-		v=(CONF_VALUE *)lh_retrieve(conf,&vv);
+-		if (v != NULL)
+-			return(v->value);
+-		else
+-			return(NULL);
+-		}
+-	else
+-		return(Getenv(name));
+-	}
+-
+-static CONF_VALUE *get_section(LHASH *conf, char *section)
+-	{
+-	CONF_VALUE *v,vv;
+-
+-	if ((conf == NULL) || (section == NULL)) return(NULL);
+-	vv.name=NULL;
+-	vv.section=section;
+-	v=(CONF_VALUE *)lh_retrieve(conf,&vv);
+-	return(v);
+-	}
+-
+-STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, char *section)
+-	{
+-	CONF_VALUE *v;
+-
+-	v=get_section(conf,section);
+-	if (v != NULL)
+-		return((STACK_OF(CONF_VALUE) *)v->value);
+-	else
+-		return(NULL);
+-	}
+-
+-long CONF_get_number(LHASH *conf, char *section, char *name)
+-	{
+-	char *str;
+-	long ret=0;
+-
+-	str=CONF_get_string(conf,section,name);
+-	if (str == NULL) return(0);
+-	for (;;)
+-		{
+-		if (IS_NUMER(*str))
+-			ret=ret*10+(*str -'0');
+-		else
+-			return(ret);
+-		str++;
+-		}
+-	}
+-
+-void CONF_free(LHASH *conf)
+-	{
+-	if (conf == NULL) return;
+-
+-	conf->down_load=0; 	/* evil thing to make sure the 'Free()'
+-				 * works as expected */
+-	lh_doall_arg(conf,(void (*)())value_free_hash,conf);
+-
+-	/* We now have only 'section' entries in the hash table.
+-	 * Due to problems with */
+-
+-	lh_doall_arg(conf,(void (*)())value_free_stack,conf);
+-	lh_free(conf);
+-	}
+-
+-static void value_free_hash(CONF_VALUE *a, LHASH *conf)
+-	{
+-	if (a->name != NULL)
+-		{
+-		a=(CONF_VALUE *)lh_delete(conf,a);
+-		}
+-	}
+-
+-static void value_free_stack(CONF_VALUE *a, LHASH *conf)
+-	{
+-	CONF_VALUE *vv;
+-	STACK *sk;
+-	int i;
+-
+-	if (a->name != NULL) return;
+-
+-	sk=(STACK *)a->value;
+-	for (i=sk_num(sk)-1; i>=0; i--)
+-		{
+-		vv=(CONF_VALUE *)sk_value(sk,i);
+-		Free(vv->value);
+-		Free(vv->name);
+-		Free(vv);
+-		}
+-	if (sk != NULL) sk_free(sk);
+-	Free(a->section);
+-	Free(a);
+-	}
+-
+-static void clear_comments(char *p)
+-	{
+-	char *to;
+-
+-	to=p;
+-	for (;;)
+-		{
+-		if (IS_COMMENT(*p))
+-			{
+-			*p='\0';
+-			return;
+-			}
+-		if (IS_QUOTE(*p))
+-			{
+-			p=scan_quote(p);
+-			continue;
+-			}
+-		if (IS_ESC(*p))
+-			{
+-			p=scan_esc(p);
+-			continue;
+-			}
+-		if (IS_EOF(*p))
+-			return;
+-		else
+-			p++;
+-		}
+-	}
+-
+-static int str_copy(LHASH *conf, char *section, char **pto, char *from)
+-	{
+-	int q,r,rr=0,to=0,len=0;
+-	char *s,*e,*rp,*p,*rrp,*np,*cp,v;
+-	BUF_MEM *buf;
+-
+-	if ((buf=BUF_MEM_new()) == NULL) return(0);
+-
+-	len=strlen(from)+1;
+-	if (!BUF_MEM_grow(buf,len)) goto err;
+-
+-	for (;;)
+-		{
+-		if (IS_QUOTE(*from))
+-			{
+-			q= *from;
+-			from++;
+-			while ((*from != '\0') && (*from != q))
+-				{
+-				if (*from == '\\')
+-					{
+-					from++;
+-					if (*from == '\0') break;
+-					}
+-				buf->data[to++]= *(from++);
+-				}
+-			}
+-		else if (*from == '\\')
+-			{
+-			from++;
+-			v= *(from++);
+-			if (v == '\0') break;
+-			else if (v == 'r') v='\r';
+-			else if (v == 'n') v='\n';
+-			else if (v == 'b') v='\b';
+-			else if (v == 't') v='\t';
+-			buf->data[to++]= v;
+-			}
+-		else if (*from == '\0')
+-			break;
+-		else if (*from == '$')
+-			{
+-			/* try to expand it */
+-			rrp=NULL;
+-			s= &(from[1]);
+-			if (*s == '{')
+-				q='}';
+-			else if (*s == '(')
+-				q=')';
+-			else q=0;
+-
+-			if (q) s++;
+-			cp=section;
+-			e=np=s;
+-			while (IS_ALPHA_NUMERIC(*e))
+-				e++;
+-			if ((e[0] == ':') && (e[1] == ':'))
+-				{
+-				cp=np;
+-				rrp=e;
+-				rr= *e;
+-				*rrp='\0';
+-				e+=2;
+-				np=e;
+-				while (IS_ALPHA_NUMERIC(*e))
+-					e++;
+-				}
+-			r= *e;
+-			*e='\0';
+-			rp=e;
+-			if (q)
+-				{
+-				if (r != q)
+-					{
+-					CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
+-					goto err;
+-					}
+-				e++;
+-				}
+-			/* So at this point we have
+-			 * ns which is the start of the name string which is
+-			 *   '\0' terminated. 
+-			 * cs which is the start of the section string which is
+-			 *   '\0' terminated.
+-			 * e is the 'next point after'.
+-			 * r and s are the chars replaced by the '\0'
+-			 * rp and sp is where 'r' and 's' came from.
+-			 */
+-			p=CONF_get_string(conf,cp,np);
+-			if (rrp != NULL) *rrp=rr;
+-			*rp=r;
+-			if (p == NULL)
+-				{
+-				CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
+-				goto err;
+-				}
+-			BUF_MEM_grow(buf,(strlen(p)+len-(e-from)));
+-			while (*p)
+-				buf->data[to++]= *(p++);
+-			from=e;
+-			}
+-		else
+-			buf->data[to++]= *(from++);
+-		}
+-	buf->data[to]='\0';
+-	if (*pto != NULL) Free(*pto);
+-	*pto=buf->data;
+-	Free(buf);
+-	return(1);
+-err:
+-	if (buf != NULL) BUF_MEM_free(buf);
+-	return(0);
+-	}
+-
+-static char *eat_ws(char *p)
+-	{
+-	while (IS_WS(*p) && (!IS_EOF(*p)))
+-		p++;
+-	return(p);
+-	}
+-
+-static char *eat_alpha_numeric(char *p)
+-	{
+-	for (;;)
+-		{
+-		if (IS_ESC(*p))
+-			{
+-			p=scan_esc(p);
+-			continue;
+-			}
+-		if (!IS_ALPHA_NUMERIC_PUNCT(*p))
+-			return(p);
+-		p++;
+-		}
+-	}
+-
+-static unsigned long hash(CONF_VALUE *v)
+-	{
+-	return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
+-	}
+-
+-static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b)
+-	{
+-	int i;
+-
+-	if (a->section != b->section)
+-		{
+-		i=strcmp(a->section,b->section);
+-		if (i) return(i);
+-		}
+-
+-	if ((a->name != NULL) && (b->name != NULL))
+-		{
+-		i=strcmp(a->name,b->name);
+-		return(i);
+-		}
+-	else if (a->name == b->name)
+-		return(0);
+-	else
+-		return((a->name == NULL)?-1:1);
+-	}
+-
+-static char *scan_quote(char *p)
+-	{
+-	int q= *p;
+-
+-	p++;
+-	while (!(IS_EOF(*p)) && (*p != q))
+-		{
+-		if (IS_ESC(*p))
+-			{
+-			p++;
+-			if (IS_EOF(*p)) return(p);
+-			}
+-		p++;
+-		}
+-	if (*p == q) p++;
+-	return(p);
+-	}
+-
+-static CONF_VALUE *new_section(LHASH *conf, char *section)
+-	{
+-	STACK *sk=NULL;
+-	int ok=0,i;
+-	CONF_VALUE *v=NULL,*vv;
+-
+-	if ((sk=sk_new_null()) == NULL)
+-		goto err;
+-	if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)
+-		goto err;
+-	i=strlen(section)+1;
+-	if ((v->section=(char *)Malloc(i)) == NULL)
+-		goto err;
+-
+-	memcpy(v->section,section,i);
+-	v->name=NULL;
+-	v->value=(char *)sk;
+-	
+-	vv=(CONF_VALUE *)lh_insert(conf,v);
+-	if (vv != NULL)
+-		{
+-#if !defined(NO_STDIO) && !defined(WIN16)
+-		fprintf(stderr,"internal fault\n");
+-#endif
+-		abort();
+-		}
+-	ok=1;
+-err:
+-	if (!ok)
+-		{
+-		if (sk != NULL) sk_free(sk);
+-		if (v != NULL) Free(v);
+-		v=NULL;
+-		}
+-	return(v);
+-	}
+-
+-IMPLEMENT_STACK_OF(CONF_VALUE)
+Index: crypto/openssl/crypto/conf/conf.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/conf/conf.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 conf.h
+--- crypto/openssl/crypto/conf/conf.h	4 Jul 2001 23:19:18 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/conf/conf.h	31 Jul 2002 00:46:53 -0000
+@@ -56,14 +56,13 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#ifndef  HEADER_CONF_H
++#ifndef HEADER_CONF_H
+ #define HEADER_CONF_H
+ 
+ #include <openssl/bio.h>
+ #include <openssl/lhash.h>
+ #include <openssl/stack.h>
+ #include <openssl/safestack.h>
+-#include <openssl/e_os.h>
+ 
+ #ifdef  __cplusplus
+ extern "C" {
+@@ -86,14 +85,14 @@
+ struct conf_method_st
+ 	{
+ 	const char *name;
+-	CONF *(MS_FAR *create)(CONF_METHOD *meth);
+-	int (MS_FAR *init)(CONF *conf);
+-	int (MS_FAR *destroy)(CONF *conf);
+-	int (MS_FAR *destroy_data)(CONF *conf);
+-	int (MS_FAR *load)(CONF *conf, BIO *bp, long *eline);
+-	int (MS_FAR *dump)(CONF *conf, BIO *bp);
+-	int (MS_FAR *is_number)(CONF *conf, char c);
+-	int (MS_FAR *to_int)(CONF *conf, char c);
++	CONF *(*create)(CONF_METHOD *meth);
++	int (*init)(CONF *conf);
++	int (*destroy)(CONF *conf);
++	int (*destroy_data)(CONF *conf);
++	int (*load)(CONF *conf, BIO *bp, long *eline);
++	int (*dump)(CONF *conf, BIO *bp);
++	int (*is_number)(CONF *conf, char c);
++	int (*to_int)(CONF *conf, char c);
+ 	};
+ 
+ int CONF_set_default_method(CONF_METHOD *meth);
+@@ -108,7 +107,6 @@
+ void CONF_free(LHASH *conf);
+ int CONF_dump_fp(LHASH *conf, FILE *out);
+ int CONF_dump_bio(LHASH *conf, BIO *out);
+-void ERR_load_CONF_strings(void );
+ 
+ /* New conf code.  The semantics are different from the functions above.
+    If that wasn't the case, the above functions would have been replaced */
+@@ -145,6 +143,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_CONF_strings(void);
+ 
+ /* Error codes for the CONF functions. */
+ 
+@@ -176,4 +175,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/conf/conf_api.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/conf/conf_api.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 conf_api.c
+--- crypto/openssl/crypto/conf/conf_api.c	26 Nov 2000 11:38:43 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/conf/conf_api.c	31 Jul 2002 00:46:53 -0000
+@@ -67,6 +67,7 @@
+ #include <string.h>
+ #include <openssl/conf.h>
+ #include <openssl/conf_api.h>
++#include "openssl/e_os.h"
+ 
+ static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+ static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+Index: crypto/openssl/crypto/conf/conf_def.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/conf/conf_def.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 conf_def.c
+--- crypto/openssl/crypto/conf/conf_def.c	26 Nov 2000 11:38:43 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/conf/conf_def.c	31 Jul 2002 00:46:53 -0000
+@@ -67,6 +67,7 @@
+ #include "conf_def.h"
+ #include <openssl/buffer.h>
+ #include <openssl/err.h>
++#include "cryptlib.h"
+ 
+ static char *eat_ws(CONF *conf, char *p);
+ static char *eat_alpha_numeric(CONF *conf, char *p);
+@@ -180,12 +181,12 @@
+ static int def_load(CONF *conf, BIO *in, long *line)
+ 	{
+ #define BUFSIZE	512
+-	char btmp[16];
+ 	int bufnum=0,i,ii;
+ 	BUF_MEM *buff=NULL;
+ 	char *s,*p,*end;
+ 	int again,n;
+ 	long eline=0;
++	char btmp[DECIMAL_SIZE(eline)+1];
+ 	CONF_VALUE *v=NULL,*tv;
+ 	CONF_VALUE *sv=NULL;
+ 	char *section=NULL,*buf;
+Index: crypto/openssl/crypto/conf/conf_def.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/conf/conf_def.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 conf_def.h
+--- crypto/openssl/crypto/conf/conf_def.h	26 Nov 2000 11:38:43 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/conf/conf_def.h	31 Jul 2002 00:46:53 -0000
+@@ -71,6 +71,7 @@
+ #define CONF_COMMENT		128
+ #define CONF_FCOMMENT		2048
+ #define CONF_EOF		8
++#define CONF_HIGHBIT		4096
+ #define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+ #define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+ #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+@@ -78,68 +79,102 @@
+ 
+ #define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
+ #ifndef CHARSET_EBCDIC
+-#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT)
+-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT)
+-#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_EOF)
+-#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_ESC)
+-#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER)
+-#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_WS)
+-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC)
++#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
++#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
++#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
++#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
++#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
++#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
++#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+ #define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+-				(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+-#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE)
+-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE)
++				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
++#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
++#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
++#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+ 
+ #else /*CHARSET_EBCDIC*/
+ 
+-#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT)
+-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT)
+-#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF)
+-#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC)
+-#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER)
+-#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS)
+-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
++#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
++#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
++#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
++#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
++#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
++#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
++#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+ #define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+-				(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+-#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE)
+-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE)
++				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
++#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
++#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
++#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+ #endif /*CHARSET_EBCDIC*/
+ 
+-static unsigned short CONF_type_default[128]={
+-	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+-	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+-	0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
+-	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+-	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+-	0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
+-	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+-	0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
+-	0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+-	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
++static unsigned short CONF_type_default[256]={
++	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
++	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
++	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
++	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
++	0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040,
++	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
++	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
++	0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200,
++	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
++	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
++	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
++	0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100,
++	0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
++	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
++	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
++	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+ 	};
+ 
+-static unsigned short CONF_type_win32[128]={
+-	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+-	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+-	0x010,0x200,0x400,0x000,0x000,0x200,0x200,0x000,
+-	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+-	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+-	0x001,0x001,0x000,0xA00,0x000,0x000,0x000,0x200,
+-	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+-	0x002,0x002,0x002,0x000,0x000,0x000,0x200,0x100,
+-	0x000,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+-	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
++static unsigned short CONF_type_win32[256]={
++	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
++	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
++	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
++	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
++	0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000,
++	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
++	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
++	0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200,
++	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
++	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
++	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
++	0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100,
++	0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
++	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
++	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
++	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
++	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+ 	};
+ 
+Index: crypto/openssl/crypto/conf/conf_lcl.h
+===================================================================
+RCS file: crypto/openssl/crypto/conf/conf_lcl.h
+diff -N crypto/openssl/crypto/conf/conf_lcl.h
+--- crypto/openssl/crypto/conf/conf_lcl.h	10 Jan 2000 06:21:35 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,116 +0,0 @@
+-/* crypto/conf/conf_lcl.h */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#define CONF_NUMBER		1
+-#define CONF_UPPER		2
+-#define CONF_LOWER		4
+-#define CONF_UNDER		256
+-#define CONF_PUNCTUATION	512
+-#define CONF_WS			16
+-#define CONF_ESC		32
+-#define CONF_QUOTE		64
+-#define CONF_COMMENT		128
+-#define CONF_EOF		8
+-#define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+-#define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+-#define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+-					CONF_PUNCTUATION)
+-
+-#ifndef CHARSET_EBCDIC
+-#define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[(a)&0x7f]))
+-#define IS_EOF(a)		((a) == '\0')
+-#define IS_ESC(a)		((a) == '\\')
+-#define IS_NUMER(a)		(CONF_type[(a)&0x7f]&CONF_NUMBER)
+-#define IS_WS(a)		(CONF_type[(a)&0x7f]&CONF_WS)
+-#define IS_ALPHA_NUMERIC(a)	(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+-#define IS_ALPHA_NUMERIC_PUNCT(a) \
+-				(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+-#define IS_QUOTE(a)		(CONF_type[(a)&0x7f]&CONF_QUOTE)
+-
+-#else /*CHARSET_EBCDIC*/
+-
+-#define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[os_toascii[a]&0x7f]))
+-#define IS_EOF(a)		(os_toascii[a] == '\0')
+-#define IS_ESC(a)		(os_toascii[a] == '\\')
+-#define IS_NUMER(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_NUMBER)
+-#define IS_WS(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_WS)
+-#define IS_ALPHA_NUMERIC(a)	(CONF_type[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
+-#define IS_ALPHA_NUMERIC_PUNCT(a) \
+-				(CONF_type[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+-#define IS_QUOTE(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_QUOTE)
+-#endif /*CHARSET_EBCDIC*/
+-
+-static unsigned short CONF_type[128]={
+-	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+-	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+-	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+-	0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
+-	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+-	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+-	0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
+-	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+-	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+-	0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
+-	0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+-	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+-	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
+-	};
+-
+Index: crypto/openssl/crypto/conf/keysets.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/conf/keysets.pl,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 keysets.pl
+--- crypto/openssl/crypto/conf/keysets.pl	26 Nov 2000 11:33:24 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/conf/keysets.pl	31 Jul 2002 00:46:54 -0000
+@@ -12,8 +12,9 @@
+ $COMMENT=0x80;
+ $FCOMMENT=0x800;
+ $EOF=0x08;
++$HIGHBIT=0x1000;
+ 
+-foreach (0 .. 127)
++foreach (0 .. 255)
+ 	{
+ 	$v=0;
+ 	$c=sprintf("%c",$_);
+@@ -27,11 +28,12 @@
+ 	$v|=$QUOTE	if ($c =~ /['`"]/); # for emacs: "`'}/)
+ 	$v|=$COMMENT	if ($c =~ /\#/);
+ 	$v|=$EOF	if ($c =~ /\0/);
++	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
+ 
+ 	push(@V_def,$v);
+ 	}
+ 
+-foreach (0 .. 127)
++foreach (0 .. 255)
+ 	{
+ 	$v=0;
+ 	$c=sprintf("%c",$_);
+@@ -44,6 +46,7 @@
+ 	$v|=$DQUOTE	if ($c =~ /["]/); # for emacs: "}/)
+ 	$v|=$FCOMMENT	if ($c =~ /;/);
+ 	$v|=$EOF	if ($c =~ /\0/);
++	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
+ 
+ 	push(@V_w32,$v);
+ 	}
+@@ -122,6 +125,7 @@
+ #define CONF_COMMENT		$COMMENT
+ #define CONF_FCOMMENT		$FCOMMENT
+ #define CONF_EOF		$EOF
++#define CONF_HIGHBIT		$HIGHBIT
+ #define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+ #define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+ #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
+@@ -129,51 +133,53 @@
+ 
+ #define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
+ #ifndef CHARSET_EBCDIC
+-#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT)
+-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT)
+-#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_EOF)
+-#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_ESC)
+-#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER)
+-#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_WS)
+-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC)
++#define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
++#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
++#define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
++#define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
++#define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
++#define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
++#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+ #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+-				(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+-#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE)
+-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE)
++				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
++#define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
++#define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
++#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+ 
+ #else /*CHARSET_EBCDIC*/
+ 
+-#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT)
+-#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT)
+-#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF)
+-#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC)
+-#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER)
+-#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS)
+-#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
++#define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
++#define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
++#define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
++#define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
++#define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
++#define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
++#define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+ #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+-				(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+-#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE)
+-#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE)
++				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
++#define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
++#define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
++#define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+ #endif /*CHARSET_EBCDIC*/
+ 
+ EOF
+ 
+-print "static unsigned short CONF_type_default[128]={";
++print "static unsigned short CONF_type_default[256]={";
+ 
+-for ($i=0; $i<128; $i++)
++for ($i=0; $i<256; $i++)
+ 	{
+ 	print "\n\t" if ($i % 8) == 0;
+-	printf "0x%03X,",$V_def[$i];
++	printf "0x%04X,",$V_def[$i];
+ 	}
+ 
+ print "\n\t};\n\n";
+ 
+-print "static unsigned short CONF_type_win32[128]={";
++print "static unsigned short CONF_type_win32[256]={";
+ 
+-for ($i=0; $i<128; $i++)
++for ($i=0; $i<256; $i++)
+ 	{
+ 	print "\n\t" if ($i % 8) == 0;
+-	printf "0x%03X,",$V_w32[$i];
++	printf "0x%04X,",$V_w32[$i];
+ 	}
+ 
+ print "\n\t};\n\n";
+cvs diff: Diffing crypto/openssl/crypto/des
+Index: crypto/openssl/crypto/des/DES.pod
+===================================================================
+RCS file: crypto/openssl/crypto/des/DES.pod
+diff -N crypto/openssl/crypto/des/DES.pod
+--- crypto/openssl/crypto/des/DES.pod	10 Jan 2000 06:21:35 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,16 +0,0 @@
+-crypt	<= 	crypt(buf,salt)
+-key	<=	set_odd_parity(key)
+-int	<=	is_weak_key(key)
+-keysched<=	set_key(key)
+-key	<=	ecb_encrypt(string8,ks,enc)
+-key	<=	ecb3_encrypt(input,ks1,ks2,enc)
+-string	<=	cbc_encrypt(input,ks,ivec,enc)			=> ivec 
+-string	<=	cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,enc)	=> ivec1&ivec2 
+-ck1,ck2	<=	cbc_cksum(input,ks,ivec)			=> ivec
+-string	<=	pcbc_encrypt(input,ks,ivec,enc)			=> ivec 
+-string	<=	ofb_encrypt(input,numbits,ks,ivec)		=> ivec
+-string	<=	cfb_encrypt(input,numbits,ks,ivec,enc)		=> ivec
+-key	<=	random_key()
+-key	<=	string_to_key(string)
+-key1,key2<=	string_to_2keys(string)
+-
+Index: crypto/openssl/crypto/des/MODES.DES
+===================================================================
+RCS file: crypto/openssl/crypto/des/MODES.DES
+diff -N crypto/openssl/crypto/des/MODES.DES
+--- crypto/openssl/crypto/des/MODES.DES	10 Jan 2000 06:21:35 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,84 +0,0 @@
+-Modes of DES
+-Quite a bit of the following information has been taken from
+-	AS 2805.5.2
+-	Australian Standard
+-	Electronic funds transfer - Requirements for interfaces,
+-	Part 5.2: Modes of operation for an n-bit block cipher algorithm
+-	Appendix A
+-
+-There are several different modes in which DES can be used, they are
+-as follows.
+-
+-Electronic Codebook Mode (ECB) (des_ecb_encrypt())
+-- 64 bits are enciphered at a time.
+-- The order of the blocks can be rearranged without detection.
+-- The same plaintext block always produces the same ciphertext block
+-  (for the same key) making it vulnerable to a 'dictionary attack'.
+-- An error will only affect one ciphertext block.
+-
+-Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
+-- a multiple of 64 bits are enciphered at a time.
+-- The CBC mode produces the same ciphertext whenever the same
+-  plaintext is encrypted using the same key and starting variable.
+-- The chaining operation makes the ciphertext blocks dependent on the
+-  current and all preceding plaintext blocks and therefore blocks can not
+-  be rearranged.
+-- The use of different starting variables prevents the same plaintext
+-  enciphering to the same ciphertext.
+-- An error will affect the current and the following ciphertext blocks.
+-
+-Cipher Feedback Mode (CFB) (des_cfb_encrypt())
+-- a number of bits (j) <= 64 are enciphered at a time.
+-- The CFB mode produces the same ciphertext whenever the same
+-  plaintext is encrypted using the same key and starting variable.
+-- The chaining operation makes the ciphertext variables dependent on the
+-  current and all preceding variables and therefore j-bit variables are
+-  chained together and con not be rearranged.
+-- The use of different starting variables prevents the same plaintext
+-  enciphering to the same ciphertext.
+-- The strength of the CFB mode depends on the size of k (maximal if
+-  j == k).  In my implementation this is always the case.
+-- Selection of a small value for j will require more cycles through
+-  the encipherment algorithm per unit of plaintext and thus cause
+-  greater processing overheads.
+-- Only multiples of j bits can be enciphered.
+-- An error will affect the current and the following ciphertext variables.
+-
+-Output Feedback Mode (OFB) (des_ofb_encrypt())
+-- a number of bits (j) <= 64 are enciphered at a time.
+-- The OFB mode produces the same ciphertext whenever the same
+-  plaintext enciphered using the same key and starting variable.  More
+-  over, in the OFB mode the same key stream is produced when the same
+-  key and start variable are used.  Consequently, for security reasons
+-  a specific start variable should be used only once for a given key.
+-- The absence of chaining makes the OFB more vulnerable to specific attacks.
+-- The use of different start variables values prevents the same
+-  plaintext enciphering to the same ciphertext, by producing different
+-  key streams.
+-- Selection of a small value for j will require more cycles through
+-  the encipherment algorithm per unit of plaintext and thus cause
+-  greater processing overheads.
+-- Only multiples of j bits can be enciphered.
+-- OFB mode of operation does not extend ciphertext errors in the
+-  resultant plaintext output.  Every bit error in the ciphertext causes
+-  only one bit to be in error in the deciphered plaintext.
+-- OFB mode is not self-synchronising.  If the two operation of
+-  encipherment and decipherment get out of synchronism, the system needs
+-  to be re-initialised.
+-- Each re-initialisation should use a value of the start variable
+-different from the start variable values used before with the same
+-key.  The reason for this is that an identical bit stream would be
+-produced each time from the same parameters.  This would be
+-susceptible to a 'known plaintext' attack.
+-
+-Triple ECB Mode (des_ecb3_encrypt())
+-- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
+-- As for ECB encryption but increases the effective key length to 112 bits.
+-- If both keys are the same it is equivalent to encrypting once with
+-  just one key.
+-
+-Triple CBC Mode (des_3cbc_encrypt())
+-- Encrypt with key1, decrypt with key2 and encrypt with key1 again.
+-- As for CBC encryption but increases the effective key length to 112 bits.
+-- If both keys are the same it is equivalent to encrypting once with
+-  just one key.
+Index: crypto/openssl/crypto/des/Makefile.PL
+===================================================================
+RCS file: crypto/openssl/crypto/des/Makefile.PL
+diff -N crypto/openssl/crypto/des/Makefile.PL
+--- crypto/openssl/crypto/des/Makefile.PL	10 Jan 2000 06:21:36 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,14 +0,0 @@
+-use ExtUtils::MakeMaker;
+-# See lib/ExtUtils/MakeMaker.pm for details of how to influence
+-# the contents of the Makefile being created.
+-&writeMakefile(
+-	'potential_libs' => '',   # e.g., '-lm' 
+-	'INC' => '',     # e.g., '-I/usr/include/other' 
+-	'DISTNAME' => 'DES',
+-	'VERSION' => '0.1',
+-	'DEFINE' => '-DPERL5',
+-	'OBJECT' => 'DES.o cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+-	rand_key.o set_key.o str2key.o \
+-	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+-	ecb3_enc.o ofb_enc.o cbc3_enc.o des_enc.o',
+-	);
+Index: crypto/openssl/crypto/des/Makefile.lit
+===================================================================
+RCS file: crypto/openssl/crypto/des/Makefile.lit
+diff -N crypto/openssl/crypto/des/Makefile.lit
+--- crypto/openssl/crypto/des/Makefile.lit	10 Jan 2000 06:21:36 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,250 +0,0 @@
+-# You must select the correct terminal control system to be used to
+-# turn character echo off when reading passwords.  There a 5 systems
+-# SGTTY   - the old BSD system
+-# TERMIO  - most system V boxes
+-# TERMIOS - SGI (ala IRIX).
+-# VMS     - the DEC operating system
+-# MSDOS   - we all know what it is :-)
+-# read_pwd.c makes a reasonable guess at what is correct.
+-
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-# make x86-elf  - linux-elf etc
+-# make x86-out  - linux-a.out, FreeBSD etc
+-# make x86-solaris
+-# make x86-bdsi
+-
+-# If you are on a DEC Alpha, edit des.h and change the DES_LONG
+-# define to 'unsigned int'.  I have seen this give a %20 speedup.
+-
+-OPTS0= -DLIBDES_LIT -DRAND -DTERMIO #-DNOCONST
+-
+-# Version 1.94 has changed the strings_to_key function so that it is
+-# now compatible with MITs when the string is longer than 8 characters.
+-# If you wish to keep the old version, uncomment the following line.
+-# This will affect the -E/-D options on des(1).
+-#OPTS1= -DOLD_STR_TO_KEY
+-
+-# There are 4 possible performance options
+-# -DDES_PTR
+-# -DDES_RISC1
+-# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
+-# -DDES_UNROLL
+-# after the initial build, run 'des_opts' to see which options are best
+-# for your platform.  There are some listed in options.txt
+-#OPTS2= -DDES_PTR 
+-#OPTS3= -DDES_RISC1 # or DES_RISC2
+-#OPTS4= -DDES_UNROLL
+-
+-OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
+-
+-MAKE=make -f Makefile
+-#CC=cc
+-#CFLAG= -O
+-
+-CC=gcc
+-#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+-CFLAG= -O3 -fomit-frame-pointer
+-
+-CFLAGS=$(OPTS) $(CFLAG)
+-CPP=$(CC) -E
+-AS=as
+-
+-# Assember version of des_encrypt*().
+-DES_ENC=des_enc.o fcrypt_b.o		# normal C version
+-#DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
+-#DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
+-#DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
+-#DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
+-
+-LIBDIR=/usr/local/lib
+-BINDIR=/usr/local/bin
+-INCDIR=/usr/local/include
+-MANDIR=/usr/local/man
+-MAN1=1
+-MAN3=3
+-SHELL=/bin/sh
+-OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+-OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+-	xcbc_enc.o qud_cksm.o \
+-	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
+-	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
+-	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
+-
+-GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
+-	des.doc options.txt asm
+-GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
+-	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
+-	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
+-	des.org des_locl.org
+-TESTING_LIT=	destest speed des_opts
+-TESTING_FULL=	rpw $(TESTING_LIT)
+-TESTING_SRC_LIT=destest.c speed.c des_opts.c
+-TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT)
+-HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
+-HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
+-LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
+-LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \
+-	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
+-	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
+-	rand_key.c rpc_enc.c  str2key.c  supp.c \
+-	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
+-
+-PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+-
+-OBJ=	$(OBJ_LIT)
+-GENERAL=$(GENERAL_LIT)
+-TESTING=$(TESTING_LIT)
+-TESTING_SRC=$(TESTING_SRC_LIT)
+-HEADERS=$(HEADERS_LIT)
+-LIBDES=	$(LIBDES_LIT)
+-
+-ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
+-
+-DLIB=	libdes.a
+-
+-all: $(DLIB) $(TESTING)
+-
+-cc:
+-	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+-
+-gcc:
+-	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+-
+-x86-elf:
+-	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+-
+-x86-out:
+-	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+-
+-x86-solaris:
+-	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+-
+-x86-bsdi:
+-	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+-
+-# elf
+-asm/dx86-elf.o: asm/dx86unix.cpp
+-	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
+-
+-asm/yx86-elf.o: asm/yx86unix.cpp
+-	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
+-
+-# solaris
+-asm/dx86-sol.o: asm/dx86unix.cpp
+-	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+-	as -o asm/dx86-sol.o asm/dx86-sol.s
+-	rm -f asm/dx86-sol.s
+-
+-asm/yx86-sol.o: asm/yx86unix.cpp
+-	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+-	as -o asm/yx86-sol.o asm/yx86-sol.s
+-	rm -f asm/yx86-sol.s
+-
+-# a.out
+-asm/dx86-out.o: asm/dx86unix.cpp
+-	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
+-
+-asm/yx86-out.o: asm/yx86unix.cpp
+-	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
+-
+-# bsdi
+-asm/dx86bsdi.o: asm/dx86unix.cpp
+-	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
+-
+-asm/yx86bsdi.o: asm/yx86unix.cpp
+-	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
+-
+-asm/dx86unix.cpp:
+-	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+-
+-asm/yx86unix.cpp:
+-	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+-
+-test:	all
+-	./destest
+-
+-$(DLIB): $(OBJ)
+-	/bin/rm -f $(DLIB)
+-	ar cr $(DLIB) $(OBJ)
+-	-if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
+-	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
+-	else exit 0; fi; fi
+-
+-des_opts: des_opts.o $(DLIB)
+-	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
+-
+-destest: destest.o $(DLIB)
+-	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
+-
+-rpw: rpw.o $(DLIB)
+-	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
+-
+-speed: speed.o $(DLIB)
+-	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
+-
+-des: des.o $(DLIB)
+-	$(CC) $(CFLAGS) -o des des.o $(DLIB)
+-
+-tags:
+-	ctags $(TESTING_SRC) $(LIBDES)
+-
+-tar_lit:
+-	/bin/mv Makefile Makefile.tmp
+-	/bin/cp Makefile.lit Makefile
+-	tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \
+-		$(GENERAL_LIT) $(TESTING_SRC_LIT)
+-	/bin/rm -f Makefile
+-	/bin/mv Makefile.tmp Makefile
+-
+-tar:
+-	tar chf libdes.tar $(ALL)
+-
+-shar:
+-	shar $(ALL) >libdes.shar
+-
+-depend:
+-	makedepend $(LIBDES) $(TESTING_SRC)
+-
+-clean:
+-	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
+-
+-dclean:
+-	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+-	mv -f Makefile.new Makefile
+-
+-# Eric is probably going to choke when he next looks at this --tjh
+-install:
+-	if test $(INSTALLTOP); then \
+-	    echo SSL style install; \
+-	    cp $(DLIB) $(INSTALLTOP)/lib; \
+-	    if test -s /bin/ranlib; then \
+-	        /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+-	    else \
+-		if test -s /usr/bin/ranlib; then \
+-		/usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+-	    fi; fi; \
+-	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
+-	    cp des.h $(INSTALLTOP)/include; \
+-	    chmod 644 $(INSTALLTOP)/include/des.h; \
+-	else \
+-	    echo Standalone install; \
+-	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
+-	    if test -s /bin/ranlib; then \
+-	      /bin/ranlib $(LIBDIR)/$(DLIB); \
+-	    else \
+-	      if test -s /usr/bin/ranlib; then \
+-		/usr/bin/ranlib $(LIBDIR)/$(DLIB); \
+-	      fi; \
+-	    fi; \
+-	    chmod 644 $(LIBDIR)/$(DLIB); \
+-	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+-	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+-	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+-	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+-	    cp des.h $(INCDIR)/des.h; \
+-	    chmod 644 $(INCDIR)/des.h; \
+-	fi
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+Index: crypto/openssl/crypto/des/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/des/Makefile.save
+diff -N crypto/openssl/crypto/des/Makefile.save
+--- crypto/openssl/crypto/des/Makefile.save	26 Nov 2000 11:33:25 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,211 +0,0 @@
+-#
+-# SSLeay/crypto/des/Makefile
+-#
+-
+-DIR=	des
+-TOP=	../..
+-CC=	cc
+-CPP=	$(CC) -E
+-INCLUDES=-I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-RANLIB=		ranlib
+-DES_ENC=	des_enc.o fcrypt_b.o
+-# or use
+-#DES_ENC=	dx86-elf.o yx86-elf.o
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=destest.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+-	ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+-	fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+-	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
+-	des_enc.c fcrypt_b.c read2pwd.c \
+-	xcbc_enc.c \
+-	str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c
+-
+-LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+-	ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+-	enc_read.o enc_writ.o ofb64enc.o \
+-	ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+-	${DES_ENC} read2pwd.o \
+-	fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o \
+-	ede_cbcm_enc.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= des.h
+-HEADER=	des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-des: des.o cbc3_enc.o lib
+-	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+-
+-# elf
+-asm/dx86-elf.o: asm/dx86unix.cpp
+-	$(CPP) -DELF -x c asm/dx86unix.cpp | as -o asm/dx86-elf.o
+-
+-asm/yx86-elf.o: asm/yx86unix.cpp
+-	$(CPP) -DELF -x c asm/yx86unix.cpp | as -o asm/yx86-elf.o
+-
+-# solaris
+-asm/dx86-sol.o: asm/dx86unix.cpp
+-	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+-	as -o asm/dx86-sol.o asm/dx86-sol.s
+-	rm -f asm/dx86-sol.s
+-
+-asm/yx86-sol.o: asm/yx86unix.cpp
+-	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+-	as -o asm/yx86-sol.o asm/yx86-sol.s
+-	rm -f asm/yx86-sol.s
+-
+-# a.out
+-asm/dx86-out.o: asm/dx86unix.cpp
+-	$(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+-
+-asm/yx86-out.o: asm/yx86unix.cpp
+-	$(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o
+-
+-# bsdi
+-asm/dx86bsdi.o: asm/dx86unix.cpp
+-	$(CPP) -DBSDI asm/dx86unix.cpp | sed 's/ :/:/' | as -o asm/dx86bsdi.o
+-
+-asm/yx86bsdi.o: asm/yx86unix.cpp
+-	$(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o
+-
+-asm/dx86unix.cpp: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+-	(cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp)
+-
+-asm/yx86unix.cpp: asm/crypt586.pl ../perlasm/x86asm.pl
+-	(cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp)
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(TOP)/util/point.sh ../../perlasm asm/perlasm
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install: installs
+-
+-installs:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-cbc_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+-cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-cbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h ncbc_enc.c
+-cfb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-cfb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
+-cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-cfb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
+-cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-cfb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+-des_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-des_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_locl.h ncbc_enc.c
+-ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-ecb3_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+-ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-ecb_enc.o: des_locl.h spr.h
+-ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-ede_cbcm_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+-enc_read.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-enc_read.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-enc_read.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-enc_read.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-enc_read.o: ../../include/openssl/opensslconf.h
+-enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-enc_read.o: ../cryptlib.h des_locl.h
+-enc_writ.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-enc_writ.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-enc_writ.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-enc_writ.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-enc_writ.o: ../../include/openssl/opensslconf.h
+-enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-enc_writ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-enc_writ.o: ../../include/openssl/symhacks.h ../cryptlib.h des_locl.h
+-fcrypt.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-fcrypt.o: ../../include/openssl/opensslconf.h des_locl.h
+-fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-fcrypt_b.o: ../../include/openssl/opensslconf.h des_locl.h
+-ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-ofb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
+-ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-ofb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
+-ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-ofb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+-pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-pcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+-qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+-rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+-read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
+-read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-read_pwd.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-read_pwd.o: ../../include/openssl/opensslconf.h
+-read_pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-read_pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-read_pwd.o: ../cryptlib.h des_locl.h
+-rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+-set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-set_key.o: ../../include/openssl/opensslconf.h des_locl.h
+-str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-str2key.o: ../../include/openssl/opensslconf.h des_locl.h
+-xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+Index: crypto/openssl/crypto/des/Makefile.uni
+===================================================================
+RCS file: crypto/openssl/crypto/des/Makefile.uni
+diff -N crypto/openssl/crypto/des/Makefile.uni
+--- crypto/openssl/crypto/des/Makefile.uni	10 Jan 2000 06:21:36 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,251 +0,0 @@
+-# You must select the correct terminal control system to be used to
+-# turn character echo off when reading passwords.  There a 5 systems
+-# SGTTY   - the old BSD system
+-# TERMIO  - most system V boxes
+-# TERMIOS - SGI (ala IRIX).
+-# VMS     - the DEC operating system
+-# MSDOS   - we all know what it is :-)
+-# read_pwd.c makes a reasonable guess at what is correct.
+-
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-# make x86-elf  - linux-elf etc
+-# make x86-out  - linux-a.out, FreeBSD etc
+-# make x86-solaris
+-# make x86-bdsi
+-
+-# If you are on a DEC Alpha, edit des.h and change the DES_LONG
+-# define to 'unsigned int'.  I have seen this give a %20 speedup.
+-
+-OPTS0= -DRAND -DTERMIO #-DNOCONST
+-
+-# Version 1.94 has changed the strings_to_key function so that it is
+-# now compatible with MITs when the string is longer than 8 characters.
+-# If you wish to keep the old version, uncomment the following line.
+-# This will affect the -E/-D options on des(1).
+-#OPTS1= -DOLD_STR_TO_KEY
+-
+-# There are 4 possible performance options
+-# -DDES_PTR
+-# -DDES_RISC1
+-# -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
+-# -DDES_UNROLL
+-# after the initial build, run 'des_opts' to see which options are best
+-# for your platform.  There are some listed in options.txt
+-#OPTS2= -DDES_PTR 
+-#OPTS3= -DDES_RISC1 # or DES_RISC2
+-#OPTS4= -DDES_UNROLL
+-
+-OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
+-
+-MAKE=make -f Makefile
+-#CC=cc
+-#CFLAG= -O
+-
+-CC=gcc
+-#CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+-CFLAG= -O3 -fomit-frame-pointer
+-
+-CFLAGS=$(OPTS) $(CFLAG)
+-CPP=$(CC) -E
+-AS=as
+-RANLIB=ranlib
+-
+-# Assember version of des_encrypt*().
+-DES_ENC=des_enc.o fcrypt_b.o		# normal C version
+-#DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
+-#DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
+-#DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
+-#DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
+-
+-LIBDIR=/usr/local/lib
+-BINDIR=/usr/local/bin
+-INCDIR=/usr/local/include
+-MANDIR=/usr/local/man
+-MAN1=1
+-MAN3=3
+-SHELL=/bin/sh
+-OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+-OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+-	xcbc_enc.o qud_cksm.o cbc3_enc.o \
+-	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
+-	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
+-	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
+-
+-GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
+-	des.doc options.txt asm
+-GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
+-	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
+-	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
+-	des.org des_locl.org
+-TESTING_LIT=	destest speed des_opts
+-TESTING_FULL=	rpw des $(TESTING_LIT)
+-TESTING_SRC_LIT=destest.c speed.c des_opts.c
+-TESTING_SRC_FULL=rpw.c des.c $(TESTING_SRC_LIT)
+-HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
+-HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
+-LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
+-LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c cbc3_enc.c \
+-	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
+-	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
+-	rand_key.c rpc_enc.c  str2key.c  supp.c \
+-	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
+-
+-PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+-
+-OBJ=	$(OBJ_FULL)
+-GENERAL=$(GENERAL_FULL)
+-TESTING=$(TESTING_FULL)
+-TESTING_SRC=$(TESTING_SRC_FULL)
+-HEADERS=$(HEADERS_FULL)
+-LIBDES=	$(LIBDES_FULL)
+-
+-ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
+-
+-DLIB=	libdes.a
+-
+-all: $(DLIB) $(TESTING)
+-
+-cc:
+-	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+-
+-gcc:
+-	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+-
+-x86-elf:
+-	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+-
+-x86-out:
+-	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+-
+-x86-solaris:
+-	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+-
+-x86-bsdi:
+-	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+-
+-# elf
+-asm/dx86-elf.o: asm/dx86unix.cpp
+-	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
+-
+-asm/yx86-elf.o: asm/yx86unix.cpp
+-	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
+-
+-# solaris
+-asm/dx86-sol.o: asm/dx86unix.cpp
+-	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+-	as -o asm/dx86-sol.o asm/dx86-sol.s
+-	rm -f asm/dx86-sol.s
+-
+-asm/yx86-sol.o: asm/yx86unix.cpp
+-	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+-	as -o asm/yx86-sol.o asm/yx86-sol.s
+-	rm -f asm/yx86-sol.s
+-
+-# a.out
+-asm/dx86-out.o: asm/dx86unix.cpp
+-	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
+-
+-asm/yx86-out.o: asm/yx86unix.cpp
+-	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
+-
+-# bsdi
+-asm/dx86bsdi.o: asm/dx86unix.cpp
+-	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
+-
+-asm/yx86bsdi.o: asm/yx86unix.cpp
+-	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
+-
+-asm/dx86unix.cpp:
+-	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+-
+-asm/yx86unix.cpp:
+-	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+-
+-test:	all
+-	./destest
+-
+-$(DLIB): $(OBJ)
+-	/bin/rm -f $(DLIB)
+-	ar cr $(DLIB) $(OBJ)
+-	$(RANLIB) $(DLIB)
+-
+-des_opts: des_opts.o $(DLIB)
+-	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
+-
+-destest: destest.o $(DLIB)
+-	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
+-
+-rpw: rpw.o $(DLIB)
+-	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
+-
+-speed: speed.o $(DLIB)
+-	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
+-
+-des: des.o $(DLIB)
+-	$(CC) $(CFLAGS) -o des des.o $(DLIB)
+-
+-tags:
+-	ctags $(TESTING_SRC) $(LIBDES)
+-
+-tar_lit:
+-	/bin/mv Makefile Makefile.tmp
+-	/bin/cp Makefile.lit Makefile
+-	for i in $(HEADERS_LIT) $(LIBDES_LIT) $(GENERAL_LIT) $(TESTING_SRC_LIT) ;\
+-	do \
+-		n="$$n des/$$i"; \
+-	done; \
+-	( cd .. ; tar chf - $$n )| gzip > libdes-l.tgz
+-	/bin/rm -f Makefile
+-	/bin/mv Makefile.tmp Makefile
+-
+-tar:
+-	mv Makefile Makefile.tmp
+-	/bin/cp Makefile.uni Makefile
+-	for i in $(ALL) ;\
+-	do \
+-		n="$$n des/$$i"; \
+-	done; \
+-	( cd .. ; tar chf - $$n )| gzip > libdes.tgz
+-	/bin/rm -f Makefile
+-	/bin/mv Makefile.tmp Makefile
+-
+-shar:
+-	shar $(ALL) >libdes.shar
+-
+-depend:
+-	makedepend $(LIBDES) $(TESTING_SRC)
+-
+-clean:
+-	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
+-
+-dclean:
+-	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+-	mv -f Makefile.new Makefile
+-
+-# Eric is probably going to choke when he next looks at this --tjh
+-install: des
+-	if test $(INSTALLTOP); then \
+-	    echo SSL style install; \
+-	    cp $(DLIB) $(INSTALLTOP)/lib; \
+-		$(RANLIB) $(DLIB); \
+-	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
+-	    cp des.h $(INSTALLTOP)/include; \
+-	    chmod 644 $(INSTALLTOP)/include/des.h; \
+-	else \
+-	    echo Standalone install; \
+-	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
+-		$(RANLIB) $(DLIB); \
+-	    chmod 644 $(LIBDIR)/$(DLIB); \
+-	    cp des $(BINDIR)/des; \
+-	    chmod 711 $(BINDIR)/des; \
+-	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+-	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+-	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+-	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+-	    cp des.h $(INCDIR)/des.h; \
+-	    chmod 644 $(INCDIR)/des.h; \
+-	fi
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+Index: crypto/openssl/crypto/des/PC1
+===================================================================
+RCS file: crypto/openssl/crypto/des/PC1
+diff -N crypto/openssl/crypto/des/PC1
+--- crypto/openssl/crypto/des/PC1	10 Jan 2000 06:21:36 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,28 +0,0 @@
+-#!/usr/local/bin/perl
+-
+-@PC1=(  57,49,41,33,25,17, 9,
+-	 1,58,50,42,34,26,18,
+-	10, 2,59,51,43,35,27,
+-	19,11, 3,60,52,44,36,
+-	"-","-","-","-",
+-	63,55,47,39,31,23,15,
+-	 7,62,54,46,38,30,22,
+-	14, 6,61,53,45,37,29,
+-	21,13, 5,28,20,12, 4,
+-	"-","-","-","-",
+-	);
+-
+-foreach (@PC1)
+-	{
+-	if ($_ ne "-")
+-		{
+-		$_--;
+-		$_=int($_/8)*8+7-($_%8);
+-		printf "%2d  ",$_;
+-		}
+-	else
+-		{ print "--  "; }
+-	print "\n" if (((++$i) % 8) == 0);
+-	print "\n" if ((($i) % 32) == 0);
+-	}
+-
+Index: crypto/openssl/crypto/des/PC2
+===================================================================
+RCS file: crypto/openssl/crypto/des/PC2
+diff -N crypto/openssl/crypto/des/PC2
+--- crypto/openssl/crypto/des/PC2	10 Jan 2000 06:21:36 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,57 +0,0 @@
+-#!/usr/local/bin/perl
+-
+-@PC2_C=(14,17,11,24, 1, 5,
+-	 3,28,15, 6,21,10,
+-	23,19,12, 4,26, 8,
+-	16, 7,27,20,13, 2,
+-	);
+-
+-@PC2_D=(41,52,31,37,47,55,
+-	30,40,51,45,33,48,
+-	44,49,39,56,34,53,
+-	46,42,50,36,29,32,
+-	);
+-
+-foreach (@PC2_C) {
+-	if ($_ ne "-")
+-		{
+-		$_--;
+-		printf "%2d  ",$_; }
+-	else { print "--  "; }
+-	$C{$_}=1;
+-	print "\n" if (((++$i) % 8) == 0);
+-	}
+-$i=0;
+-print "\n";
+-foreach (@PC2_D) {
+-	if ($_ ne "-")
+-		{
+-		$_-=29;
+-		printf "%2d  ",$_; }
+-	else { print "--  "; }
+-	$D{$_}=1;
+-	print "\n" if (((++$i) % 8) == 0); }
+-
+-print "\n";
+-foreach $i (0 .. 27)
+-	{
+-	$_=$C{$i};
+-	if ($_ ne "-") {printf "%2d ",$_;}
+-	else { print "--  "; }
+-	print "\n" if (((++$i) % 8) == 0);
+-	}
+-print "\n";
+-
+-print "\n";
+-foreach $i (0 .. 27)
+-	{
+-	$_=$D{$i};
+-	if ($_ ne "-") {printf "%2d  ",$_;}
+-	else { print "--  "; }
+-	print "\n" if (((++$i) % 8) == 0);
+-	}
+-print "\n";
+-sub numsort
+-	{
+-	$a-$b;
+-	}
+Index: crypto/openssl/crypto/des/des.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/des/des.h,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 des.h
+--- crypto/openssl/crypto/des/des.h	4 Jul 2001 23:19:18 -0000	1.2.2.3
++++ crypto/openssl/crypto/des/des.h	31 Jul 2002 02:37:59 -0000
+@@ -190,7 +190,7 @@
+ 		  des_cblock *iv);
+ char *des_fcrypt(const char *buf,const char *salt, char *ret);
+ char *des_crypt(const char *buf,const char *salt);
+-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
++#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN)
+ char *crypt(const char *buf,const char *salt);
+ #endif
+ void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+@@ -205,10 +205,10 @@
+ void des_init_random_number_generator(des_cblock *seed);
+ void des_rand_data(unsigned char *data, int size);
+ int des_random_key(des_cblock *ret);
+-int des_read_password(des_cblock *key,const char *prompt,int verify);
++int des_read_password(des_cblock *key,const char *_prompt,int verify);
+ int des_read_2passwords(des_cblock *key1,des_cblock *key2,
+-			const char *prompt,int verify);
+-int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
++			const char *_prompt,int verify);
++int des_read_pw_string(char *buf,int length,const char *_prompt,int verify);
+ void des_set_odd_parity(des_cblock *key);
+ int des_check_key_parity(const_des_cblock *key);
+ int des_is_weak_key(const_des_cblock *key);
+@@ -226,7 +226,7 @@
+ 		       int enc);
+ void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+ 		       des_key_schedule schedule,des_cblock *ivec,int *num);
+-int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
++int des_read_pw(char *buf,char *buff,int size,const char *_prompt,int verify);
+ 
+ /* The following definitions provide compatibility with the MIT Kerberos
+  * library. The des_key_schedule structure is not binary compatible. */
+Index: crypto/openssl/crypto/des/des.man
+===================================================================
+RCS file: crypto/openssl/crypto/des/des.man
+diff -N crypto/openssl/crypto/des/des.man
+--- crypto/openssl/crypto/des/des.man	10 Jan 2000 06:21:36 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,186 +0,0 @@
+-.TH DES 1 
+-.SH NAME
+-des - encrypt or decrypt data using Data Encryption Standard
+-.SH SYNOPSIS
+-.B des
+-(
+-.B \-e
+-|
+-.B \-E
+-) | (
+-.B \-d
+-|
+-.B \-D
+-) | (
+-.B \-\fR[\fPcC\fR][\fPckname\fR]\fP
+-) |
+-[
+-.B \-b3hfs
+-] [
+-.B \-k
+-.I key
+-]
+-] [
+-.B \-u\fR[\fIuuname\fR]
+-[
+-.I input-file
+-[
+-.I output-file
+-] ]
+-.SH DESCRIPTION
+-.B des
+-encrypts and decrypts data using the
+-Data Encryption Standard algorithm.
+-One of
+-.B \-e, \-E
+-(for encrypt) or
+-.B \-d, \-D
+-(for decrypt) must be specified.
+-It is also possible to use
+-.B \-c
+-or
+-.B \-C
+-in conjunction or instead of the a encrypt/decrypt option to generate
+-a 16 character hexadecimal checksum, generated via the
+-.I des_cbc_cksum.
+-.LP
+-Two standard encryption modes are supported by the
+-.B des
+-program, Cipher Block Chaining (the default) and Electronic Code Book
+-(specified with
+-.B \-b
+-).
+-.LP
+-The key used for the DES
+-algorithm is obtained by prompting the user unless the
+-.B `\-k
+-.I key'
+-option is given.
+-If the key is an argument to the
+-.B des
+-command, it is potentially visible to users executing
+-.BR ps (1)
+-or a derivative.  To minimise this possibility,
+-.B des
+-takes care to destroy the key argument immediately upon entry.
+-If your shell keeps a history file be careful to make sure it is not
+-world readable.
+-.LP
+-Since this program attempts to maintain compatability with sunOS's
+-des(1) command, there are 2 different methods used to convert the user
+-supplied key to a des key.
+-Whenever and one or more of
+-.B \-E, \-D, \-C
+-or
+-.B \-3
+-options are used, the key conversion procedure will not be compatible
+-with the sunOS des(1) version but will use all the user supplied
+-character to generate the des key.
+-.B des
+-command reads from standard input unless
+-.I input-file
+-is specified and writes to standard output unless
+-.I output-file
+-is given.
+-.SH OPTIONS
+-.TP
+-.B \-b
+-Select ECB
+-(eight bytes at a time) encryption mode.
+-.TP
+-.B \-3
+-Encrypt using triple encryption.
+-By default triple cbc encryption is used but if the
+-.B \-b
+-option is used then triple ecb encryption is performed.
+-If the key is less than 8 characters long, the flag has no effect.
+-.TP
+-.B \-e
+-Encrypt data using an 8 byte key in a manner compatible with sunOS
+-des(1).
+-.TP
+-.B \-E
+-Encrypt data using a key of nearly unlimited length (1024 bytes).
+-This will product a more secure encryption.
+-.TP
+-.B \-d
+-Decrypt data that was encrypted with the \-e option.
+-.TP
+-.B \-D
+-Decrypt data that was encrypted with the \-E option.
+-.TP
+-.B \-c
+-Generate a 16 character hexadecimal cbc checksum and output this to
+-stderr.
+-If a filename was specified after the
+-.B \-c
+-option, the checksum is output to that file.
+-The checksum is generated using a key generated in a sunOS compatible
+-manner.
+-.TP
+-.B \-C
+-A cbc checksum is generated in the same manner as described for the
+-.B \-c
+-option but the DES key is generated in the same manner as used for the
+-.B \-E
+-and
+-.B \-D
+-options
+-.TP
+-.B \-f
+-Does nothing - allowed for compatibility with sunOS des(1) command.
+-.TP
+-.B \-s
+-Does nothing - allowed for compatibility with sunOS des(1) command.
+-.TP
+-.B "\-k \fIkey\fP"
+-Use the encryption 
+-.I key
+-specified.
+-.TP
+-.B "\-h"
+-The
+-.I key
+-is assumed to be a 16 character hexadecimal number.
+-If the
+-.B "\-3"
+-option is used the key is assumed to be a 32 character hexadecimal
+-number.
+-.TP
+-.B \-u
+-This flag is used to read and write uuencoded files.  If decrypting,
+-the input file is assumed to contain uuencoded, DES encrypted data.
+-If encrypting, the characters following the -u are used as the name of
+-the uuencoded file to embed in the begin line of the uuencoded
+-output.  If there is no name specified after the -u, the name text.des
+-will be embedded in the header.
+-.SH SEE ALSO
+-.B ps (1)
+-.B des_crypt(3)
+-.SH BUGS
+-.LP
+-The problem with using the
+-.B -e
+-option is the short key length.
+-It would be better to use a real 56-bit key rather than an
+-ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
+-radically reduces the time necessary for a brute-force cryptographic attack.
+-My attempt to remove this problem is to add an alternative text-key to
+-DES-key function.  This alternative function (accessed via
+-.B -E, -D, -S
+-and
+-.B -3
+-)
+-uses DES to help generate the key.
+-.LP
+-Be carefully when using the -u option.  Doing des -ud <filename> will
+-not decrypt filename (the -u option will gobble the d option).
+-.LP
+-The VMS operating system operates in a world where files are always a
+-multiple of 512 bytes.  This causes problems when encrypted data is
+-send from unix to VMS since a 88 byte file will suddenly be padded
+-with 424 null bytes.  To get around this problem, use the -u option
+-to uuencode the data before it is send to the VMS system.
+-.SH AUTHOR
+-.LP
+-Eric Young (eay@cryptsoft.com)
+Index: crypto/openssl/crypto/des/des.pl
+===================================================================
+RCS file: crypto/openssl/crypto/des/des.pl
+diff -N crypto/openssl/crypto/des/des.pl
+--- crypto/openssl/crypto/des/des.pl	10 Jan 2000 06:21:36 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,552 +0,0 @@
+-#!/usr/local/bin/perl
+-# des.pl - eric young 22/11/1991 eay@cryptsoft.com
+-#
+-# Copyright (C) 1993 Eric Young
+-#
+-# 11 April 1996 - patched to circumvent Perl 5 (through 5.002) problem
+-#                 with sign-extension on right shift operations.
+-#                 Ed Kubaitis - ejk@uiuc.edu
+-#
+-# eay - 92/08/31 - I think I have fixed all problems for 64bit
+-# versions of perl but I could be wrong since I have not tested it yet :-).
+-#
+-# This is an implementation of DES in perl.
+-# The two routines (des_set_key and des_ecb_encrypt)
+-# take 8 byte objects as arguments.
+-#
+-# des_set_key takes an 8 byte string as a key and returns a key schedule
+-# for use in calls to des_ecb_encrypt.
+-# des_ecb_encrypt takes three arguments, the first is a key schedule
+-# (make sure to pass it by reference with the *), the second is 1
+-# to encrypt, 0 to decrypt.  The third argument is an 8 byte object
+-# to encrypt.  The function returns an 8 byte object that has been
+-# DES encrypted.
+-#
+-# example:
+-# require 'des.pl'
+-#
+-# $key =pack("C8",0x12,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
+-# @ks=  &des_set_key($key);
+-#
+-# $outbytes= &des_ecb_encrypt(*ks,1,$data);
+-# @enc =unpack("C8",$outbytes);
+-#
+-                 
+-package des;
+-
+-eval("use integer;") if (int($]) > 4);
+-
+-# The following 8 arrays are used in des_set_key
+-@skb0=(
+-# for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 
+-0x00000000,0x00000010,0x20000000,0x20000010,
+-0x00010000,0x00010010,0x20010000,0x20010010,
+-0x00000800,0x00000810,0x20000800,0x20000810,
+-0x00010800,0x00010810,0x20010800,0x20010810,
+-0x00000020,0x00000030,0x20000020,0x20000030,
+-0x00010020,0x00010030,0x20010020,0x20010030,
+-0x00000820,0x00000830,0x20000820,0x20000830,
+-0x00010820,0x00010830,0x20010820,0x20010830,
+-0x00080000,0x00080010,0x20080000,0x20080010,
+-0x00090000,0x00090010,0x20090000,0x20090010,
+-0x00080800,0x00080810,0x20080800,0x20080810,
+-0x00090800,0x00090810,0x20090800,0x20090810,
+-0x00080020,0x00080030,0x20080020,0x20080030,
+-0x00090020,0x00090030,0x20090020,0x20090030,
+-0x00080820,0x00080830,0x20080820,0x20080830,
+-0x00090820,0x00090830,0x20090820,0x20090830,
+-);
+-@skb1=(
+-# for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 
+-0x00000000,0x02000000,0x00002000,0x02002000,
+-0x00200000,0x02200000,0x00202000,0x02202000,
+-0x00000004,0x02000004,0x00002004,0x02002004,
+-0x00200004,0x02200004,0x00202004,0x02202004,
+-0x00000400,0x02000400,0x00002400,0x02002400,
+-0x00200400,0x02200400,0x00202400,0x02202400,
+-0x00000404,0x02000404,0x00002404,0x02002404,
+-0x00200404,0x02200404,0x00202404,0x02202404,
+-0x10000000,0x12000000,0x10002000,0x12002000,
+-0x10200000,0x12200000,0x10202000,0x12202000,
+-0x10000004,0x12000004,0x10002004,0x12002004,
+-0x10200004,0x12200004,0x10202004,0x12202004,
+-0x10000400,0x12000400,0x10002400,0x12002400,
+-0x10200400,0x12200400,0x10202400,0x12202400,
+-0x10000404,0x12000404,0x10002404,0x12002404,
+-0x10200404,0x12200404,0x10202404,0x12202404,
+-);
+-@skb2=(
+-# for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 
+-0x00000000,0x00000001,0x00040000,0x00040001,
+-0x01000000,0x01000001,0x01040000,0x01040001,
+-0x00000002,0x00000003,0x00040002,0x00040003,
+-0x01000002,0x01000003,0x01040002,0x01040003,
+-0x00000200,0x00000201,0x00040200,0x00040201,
+-0x01000200,0x01000201,0x01040200,0x01040201,
+-0x00000202,0x00000203,0x00040202,0x00040203,
+-0x01000202,0x01000203,0x01040202,0x01040203,
+-0x08000000,0x08000001,0x08040000,0x08040001,
+-0x09000000,0x09000001,0x09040000,0x09040001,
+-0x08000002,0x08000003,0x08040002,0x08040003,
+-0x09000002,0x09000003,0x09040002,0x09040003,
+-0x08000200,0x08000201,0x08040200,0x08040201,
+-0x09000200,0x09000201,0x09040200,0x09040201,
+-0x08000202,0x08000203,0x08040202,0x08040203,
+-0x09000202,0x09000203,0x09040202,0x09040203,
+-);
+-@skb3=(
+-# for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 
+-0x00000000,0x00100000,0x00000100,0x00100100,
+-0x00000008,0x00100008,0x00000108,0x00100108,
+-0x00001000,0x00101000,0x00001100,0x00101100,
+-0x00001008,0x00101008,0x00001108,0x00101108,
+-0x04000000,0x04100000,0x04000100,0x04100100,
+-0x04000008,0x04100008,0x04000108,0x04100108,
+-0x04001000,0x04101000,0x04001100,0x04101100,
+-0x04001008,0x04101008,0x04001108,0x04101108,
+-0x00020000,0x00120000,0x00020100,0x00120100,
+-0x00020008,0x00120008,0x00020108,0x00120108,
+-0x00021000,0x00121000,0x00021100,0x00121100,
+-0x00021008,0x00121008,0x00021108,0x00121108,
+-0x04020000,0x04120000,0x04020100,0x04120100,
+-0x04020008,0x04120008,0x04020108,0x04120108,
+-0x04021000,0x04121000,0x04021100,0x04121100,
+-0x04021008,0x04121008,0x04021108,0x04121108,
+-);
+-@skb4=(
+-# for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 
+-0x00000000,0x10000000,0x00010000,0x10010000,
+-0x00000004,0x10000004,0x00010004,0x10010004,
+-0x20000000,0x30000000,0x20010000,0x30010000,
+-0x20000004,0x30000004,0x20010004,0x30010004,
+-0x00100000,0x10100000,0x00110000,0x10110000,
+-0x00100004,0x10100004,0x00110004,0x10110004,
+-0x20100000,0x30100000,0x20110000,0x30110000,
+-0x20100004,0x30100004,0x20110004,0x30110004,
+-0x00001000,0x10001000,0x00011000,0x10011000,
+-0x00001004,0x10001004,0x00011004,0x10011004,
+-0x20001000,0x30001000,0x20011000,0x30011000,
+-0x20001004,0x30001004,0x20011004,0x30011004,
+-0x00101000,0x10101000,0x00111000,0x10111000,
+-0x00101004,0x10101004,0x00111004,0x10111004,
+-0x20101000,0x30101000,0x20111000,0x30111000,
+-0x20101004,0x30101004,0x20111004,0x30111004,
+-);
+-@skb5=(
+-# for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 
+-0x00000000,0x08000000,0x00000008,0x08000008,
+-0x00000400,0x08000400,0x00000408,0x08000408,
+-0x00020000,0x08020000,0x00020008,0x08020008,
+-0x00020400,0x08020400,0x00020408,0x08020408,
+-0x00000001,0x08000001,0x00000009,0x08000009,
+-0x00000401,0x08000401,0x00000409,0x08000409,
+-0x00020001,0x08020001,0x00020009,0x08020009,
+-0x00020401,0x08020401,0x00020409,0x08020409,
+-0x02000000,0x0A000000,0x02000008,0x0A000008,
+-0x02000400,0x0A000400,0x02000408,0x0A000408,
+-0x02020000,0x0A020000,0x02020008,0x0A020008,
+-0x02020400,0x0A020400,0x02020408,0x0A020408,
+-0x02000001,0x0A000001,0x02000009,0x0A000009,
+-0x02000401,0x0A000401,0x02000409,0x0A000409,
+-0x02020001,0x0A020001,0x02020009,0x0A020009,
+-0x02020401,0x0A020401,0x02020409,0x0A020409,
+-);
+-@skb6=(
+-# for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 
+-0x00000000,0x00000100,0x00080000,0x00080100,
+-0x01000000,0x01000100,0x01080000,0x01080100,
+-0x00000010,0x00000110,0x00080010,0x00080110,
+-0x01000010,0x01000110,0x01080010,0x01080110,
+-0x00200000,0x00200100,0x00280000,0x00280100,
+-0x01200000,0x01200100,0x01280000,0x01280100,
+-0x00200010,0x00200110,0x00280010,0x00280110,
+-0x01200010,0x01200110,0x01280010,0x01280110,
+-0x00000200,0x00000300,0x00080200,0x00080300,
+-0x01000200,0x01000300,0x01080200,0x01080300,
+-0x00000210,0x00000310,0x00080210,0x00080310,
+-0x01000210,0x01000310,0x01080210,0x01080310,
+-0x00200200,0x00200300,0x00280200,0x00280300,
+-0x01200200,0x01200300,0x01280200,0x01280300,
+-0x00200210,0x00200310,0x00280210,0x00280310,
+-0x01200210,0x01200310,0x01280210,0x01280310,
+-);
+-@skb7=(
+-# for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 
+-0x00000000,0x04000000,0x00040000,0x04040000,
+-0x00000002,0x04000002,0x00040002,0x04040002,
+-0x00002000,0x04002000,0x00042000,0x04042000,
+-0x00002002,0x04002002,0x00042002,0x04042002,
+-0x00000020,0x04000020,0x00040020,0x04040020,
+-0x00000022,0x04000022,0x00040022,0x04040022,
+-0x00002020,0x04002020,0x00042020,0x04042020,
+-0x00002022,0x04002022,0x00042022,0x04042022,
+-0x00000800,0x04000800,0x00040800,0x04040800,
+-0x00000802,0x04000802,0x00040802,0x04040802,
+-0x00002800,0x04002800,0x00042800,0x04042800,
+-0x00002802,0x04002802,0x00042802,0x04042802,
+-0x00000820,0x04000820,0x00040820,0x04040820,
+-0x00000822,0x04000822,0x00040822,0x04040822,
+-0x00002820,0x04002820,0x00042820,0x04042820,
+-0x00002822,0x04002822,0x00042822,0x04042822,
+-);
+-
+-@shifts2=(0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0);
+-
+-# used in ecb_encrypt
+-@SP0=(
+-0x00410100, 0x00010000, 0x40400000, 0x40410100,
+-0x00400000, 0x40010100, 0x40010000, 0x40400000,
+-0x40010100, 0x00410100, 0x00410000, 0x40000100,
+-0x40400100, 0x00400000, 0x00000000, 0x40010000,
+-0x00010000, 0x40000000, 0x00400100, 0x00010100,
+-0x40410100, 0x00410000, 0x40000100, 0x00400100,
+-0x40000000, 0x00000100, 0x00010100, 0x40410000,
+-0x00000100, 0x40400100, 0x40410000, 0x00000000,
+-0x00000000, 0x40410100, 0x00400100, 0x40010000,
+-0x00410100, 0x00010000, 0x40000100, 0x00400100,
+-0x40410000, 0x00000100, 0x00010100, 0x40400000,
+-0x40010100, 0x40000000, 0x40400000, 0x00410000,
+-0x40410100, 0x00010100, 0x00410000, 0x40400100,
+-0x00400000, 0x40000100, 0x40010000, 0x00000000,
+-0x00010000, 0x00400000, 0x40400100, 0x00410100,
+-0x40000000, 0x40410000, 0x00000100, 0x40010100,
+-);
+-@SP1=(
+-0x08021002, 0x00000000, 0x00021000, 0x08020000,
+-0x08000002, 0x00001002, 0x08001000, 0x00021000,
+-0x00001000, 0x08020002, 0x00000002, 0x08001000,
+-0x00020002, 0x08021000, 0x08020000, 0x00000002,
+-0x00020000, 0x08001002, 0x08020002, 0x00001000,
+-0x00021002, 0x08000000, 0x00000000, 0x00020002,
+-0x08001002, 0x00021002, 0x08021000, 0x08000002,
+-0x08000000, 0x00020000, 0x00001002, 0x08021002,
+-0x00020002, 0x08021000, 0x08001000, 0x00021002,
+-0x08021002, 0x00020002, 0x08000002, 0x00000000,
+-0x08000000, 0x00001002, 0x00020000, 0x08020002,
+-0x00001000, 0x08000000, 0x00021002, 0x08001002,
+-0x08021000, 0x00001000, 0x00000000, 0x08000002,
+-0x00000002, 0x08021002, 0x00021000, 0x08020000,
+-0x08020002, 0x00020000, 0x00001002, 0x08001000,
+-0x08001002, 0x00000002, 0x08020000, 0x00021000,
+-);
+-@SP2=(
+-0x20800000, 0x00808020, 0x00000020, 0x20800020,
+-0x20008000, 0x00800000, 0x20800020, 0x00008020,
+-0x00800020, 0x00008000, 0x00808000, 0x20000000,
+-0x20808020, 0x20000020, 0x20000000, 0x20808000,
+-0x00000000, 0x20008000, 0x00808020, 0x00000020,
+-0x20000020, 0x20808020, 0x00008000, 0x20800000,
+-0x20808000, 0x00800020, 0x20008020, 0x00808000,
+-0x00008020, 0x00000000, 0x00800000, 0x20008020,
+-0x00808020, 0x00000020, 0x20000000, 0x00008000,
+-0x20000020, 0x20008000, 0x00808000, 0x20800020,
+-0x00000000, 0x00808020, 0x00008020, 0x20808000,
+-0x20008000, 0x00800000, 0x20808020, 0x20000000,
+-0x20008020, 0x20800000, 0x00800000, 0x20808020,
+-0x00008000, 0x00800020, 0x20800020, 0x00008020,
+-0x00800020, 0x00000000, 0x20808000, 0x20000020,
+-0x20800000, 0x20008020, 0x00000020, 0x00808000,
+-);
+-@SP3=(
+-0x00080201, 0x02000200, 0x00000001, 0x02080201,
+-0x00000000, 0x02080000, 0x02000201, 0x00080001,
+-0x02080200, 0x02000001, 0x02000000, 0x00000201,
+-0x02000001, 0x00080201, 0x00080000, 0x02000000,
+-0x02080001, 0x00080200, 0x00000200, 0x00000001,
+-0x00080200, 0x02000201, 0x02080000, 0x00000200,
+-0x00000201, 0x00000000, 0x00080001, 0x02080200,
+-0x02000200, 0x02080001, 0x02080201, 0x00080000,
+-0x02080001, 0x00000201, 0x00080000, 0x02000001,
+-0x00080200, 0x02000200, 0x00000001, 0x02080000,
+-0x02000201, 0x00000000, 0x00000200, 0x00080001,
+-0x00000000, 0x02080001, 0x02080200, 0x00000200,
+-0x02000000, 0x02080201, 0x00080201, 0x00080000,
+-0x02080201, 0x00000001, 0x02000200, 0x00080201,
+-0x00080001, 0x00080200, 0x02080000, 0x02000201,
+-0x00000201, 0x02000000, 0x02000001, 0x02080200,
+-);
+-@SP4=(
+-0x01000000, 0x00002000, 0x00000080, 0x01002084,
+-0x01002004, 0x01000080, 0x00002084, 0x01002000,
+-0x00002000, 0x00000004, 0x01000004, 0x00002080,
+-0x01000084, 0x01002004, 0x01002080, 0x00000000,
+-0x00002080, 0x01000000, 0x00002004, 0x00000084,
+-0x01000080, 0x00002084, 0x00000000, 0x01000004,
+-0x00000004, 0x01000084, 0x01002084, 0x00002004,
+-0x01002000, 0x00000080, 0x00000084, 0x01002080,
+-0x01002080, 0x01000084, 0x00002004, 0x01002000,
+-0x00002000, 0x00000004, 0x01000004, 0x01000080,
+-0x01000000, 0x00002080, 0x01002084, 0x00000000,
+-0x00002084, 0x01000000, 0x00000080, 0x00002004,
+-0x01000084, 0x00000080, 0x00000000, 0x01002084,
+-0x01002004, 0x01002080, 0x00000084, 0x00002000,
+-0x00002080, 0x01002004, 0x01000080, 0x00000084,
+-0x00000004, 0x00002084, 0x01002000, 0x01000004,
+-);
+-@SP5=(
+-0x10000008, 0x00040008, 0x00000000, 0x10040400,
+-0x00040008, 0x00000400, 0x10000408, 0x00040000,
+-0x00000408, 0x10040408, 0x00040400, 0x10000000,
+-0x10000400, 0x10000008, 0x10040000, 0x00040408,
+-0x00040000, 0x10000408, 0x10040008, 0x00000000,
+-0x00000400, 0x00000008, 0x10040400, 0x10040008,
+-0x10040408, 0x10040000, 0x10000000, 0x00000408,
+-0x00000008, 0x00040400, 0x00040408, 0x10000400,
+-0x00000408, 0x10000000, 0x10000400, 0x00040408,
+-0x10040400, 0x00040008, 0x00000000, 0x10000400,
+-0x10000000, 0x00000400, 0x10040008, 0x00040000,
+-0x00040008, 0x10040408, 0x00040400, 0x00000008,
+-0x10040408, 0x00040400, 0x00040000, 0x10000408,
+-0x10000008, 0x10040000, 0x00040408, 0x00000000,
+-0x00000400, 0x10000008, 0x10000408, 0x10040400,
+-0x10040000, 0x00000408, 0x00000008, 0x10040008,
+-);
+-@SP6=(
+-0x00000800, 0x00000040, 0x00200040, 0x80200000,
+-0x80200840, 0x80000800, 0x00000840, 0x00000000,
+-0x00200000, 0x80200040, 0x80000040, 0x00200800,
+-0x80000000, 0x00200840, 0x00200800, 0x80000040,
+-0x80200040, 0x00000800, 0x80000800, 0x80200840,
+-0x00000000, 0x00200040, 0x80200000, 0x00000840,
+-0x80200800, 0x80000840, 0x00200840, 0x80000000,
+-0x80000840, 0x80200800, 0x00000040, 0x00200000,
+-0x80000840, 0x00200800, 0x80200800, 0x80000040,
+-0x00000800, 0x00000040, 0x00200000, 0x80200800,
+-0x80200040, 0x80000840, 0x00000840, 0x00000000,
+-0x00000040, 0x80200000, 0x80000000, 0x00200040,
+-0x00000000, 0x80200040, 0x00200040, 0x00000840,
+-0x80000040, 0x00000800, 0x80200840, 0x00200000,
+-0x00200840, 0x80000000, 0x80000800, 0x80200840,
+-0x80200000, 0x00200840, 0x00200800, 0x80000800,
+-);
+-@SP7=(
+-0x04100010, 0x04104000, 0x00004010, 0x00000000,
+-0x04004000, 0x00100010, 0x04100000, 0x04104010,
+-0x00000010, 0x04000000, 0x00104000, 0x00004010,
+-0x00104010, 0x04004010, 0x04000010, 0x04100000,
+-0x00004000, 0x00104010, 0x00100010, 0x04004000,
+-0x04104010, 0x04000010, 0x00000000, 0x00104000,
+-0x04000000, 0x00100000, 0x04004010, 0x04100010,
+-0x00100000, 0x00004000, 0x04104000, 0x00000010,
+-0x00100000, 0x00004000, 0x04000010, 0x04104010,
+-0x00004010, 0x04000000, 0x00000000, 0x00104000,
+-0x04100010, 0x04004010, 0x04004000, 0x00100010,
+-0x04104000, 0x00000010, 0x00100010, 0x04004000,
+-0x04104010, 0x00100000, 0x04100000, 0x04000010,
+-0x00104000, 0x00004010, 0x04004010, 0x04100000,
+-0x00000010, 0x04104000, 0x00104010, 0x00000000,
+-0x04000000, 0x04100010, 0x00004000, 0x00104010,
+-);
+-
+-sub main'des_set_key
+-	{
+-	local($param)=@_;
+-	local(@key);
+-	local($c,$d,$i,$s,$t);
+-	local(@ks)=();
+-
+-	# Get the bytes in the order we want.
+-	@key=unpack("C8",$param);
+-
+-	$c=	($key[0]    )|
+-		($key[1]<< 8)|
+-		($key[2]<<16)|
+-		($key[3]<<24);
+-	$d=	($key[4]    )|
+-		($key[5]<< 8)|
+-		($key[6]<<16)|
+-		($key[7]<<24);
+-
+-	&doPC1(*c,*d);
+-
+-	for $i (@shifts2)
+-		{
+-		if ($i)
+-			{
+-			$c=($c>>2)|($c<<26);
+-			$d=($d>>2)|($d<<26);
+-			}
+-		else
+-			{
+-			$c=($c>>1)|($c<<27);
+-			$d=($d>>1)|($d<<27);
+-			}
+-		$c&=0x0fffffff;
+-		$d&=0x0fffffff;
+-		$s=	$skb0[ ($c    )&0x3f                 ]|
+-			$skb1[(($c>> 6)&0x03)|(($c>> 7)&0x3c)]|
+-			$skb2[(($c>>13)&0x0f)|(($c>>14)&0x30)]|
+-			$skb3[(($c>>20)&0x01)|(($c>>21)&0x06) |
+-					     (($c>>22)&0x38)];
+-		$t=     $skb4[ ($d    )&0x3f                ]|
+-			$skb5[(($d>> 7)&0x03)|(($d>> 8)&0x3c)]|
+-			$skb6[ ($d>>15)&0x3f                 ]|
+-			$skb7[(($d>>21)&0x0f)|(($d>>22)&0x30)];
+-		push(@ks,(($t<<16)|($s&0x0000ffff))&0xffffffff);
+-		$s=      (($s>>16)&0x0000ffff)|($t&0xffff0000) ;
+-		push(@ks,(($s<<4)|(($s>>28)&0xf))&0xffffffff);
+-		}
+-	@ks;
+-	}
+-
+-sub doPC1
+-	{
+-	local(*a,*b)=@_;
+-	local($t);
+-
+-	$t=(($b>>4)^$a)&0x0f0f0f0f;
+-	$b^=($t<<4); $a^=$t;
+-	# do $a first 
+-	$t=(($a<<18)^$a)&0xcccc0000;
+-	$a=$a^$t^(($t>>18)&0x00003fff);
+-	$t=(($a<<17)^$a)&0xaaaa0000;
+-	$a=$a^$t^(($t>>17)&0x00007fff);
+-	$t=(($a<< 8)^$a)&0x00ff0000;
+-	$a=$a^$t^(($t>> 8)&0x00ffffff);
+-	$t=(($a<<17)^$a)&0xaaaa0000;
+-	$a=$a^$t^(($t>>17)&0x00007fff);
+-
+-	# now do $b
+-	$t=(($b<<24)^$b)&0xff000000;
+-	$b=$b^$t^(($t>>24)&0x000000ff);
+-	$t=(($b<< 8)^$b)&0x00ff0000;
+-	$b=$b^$t^(($t>> 8)&0x00ffffff);
+-	$t=(($b<<14)^$b)&0x33330000;
+-	$b=$b^$t^(($t>>14)&0x0003ffff);
+-	$b=(($b&0x00aa00aa)<<7)|(($b&0x55005500)>>7)|($b&0xaa55aa55);
+-	$b=(($b>>8)&0x00ffffff)|((($a&0xf0000000)>>4)&0x0fffffff);
+-	$a&=0x0fffffff;
+-	}
+-
+-sub doIP
+-	{
+-	local(*a,*b)=@_;
+-	local($t);
+-
+-	$t=(($b>> 4)^$a)&0x0f0f0f0f;
+-	$b^=($t<< 4); $a^=$t;
+-	$t=(($a>>16)^$b)&0x0000ffff;
+-	$a^=($t<<16); $b^=$t;
+-	$t=(($b>> 2)^$a)&0x33333333;
+-	$b^=($t<< 2); $a^=$t;
+-	$t=(($a>> 8)^$b)&0x00ff00ff;
+-	$a^=($t<< 8); $b^=$t;
+-	$t=(($b>> 1)^$a)&0x55555555;
+-	$b^=($t<< 1); $a^=$t;
+-	$t=$a;
+-	$a=$b&0xffffffff;
+-	$b=$t&0xffffffff;
+-	}
+-
+-sub doFP
+-	{
+-	local(*a,*b)=@_;
+-	local($t);
+-
+-	$t=(($b>> 1)^$a)&0x55555555;
+-	$b^=($t<< 1); $a^=$t;
+-	$t=(($a>> 8)^$b)&0x00ff00ff;
+-	$a^=($t<< 8); $b^=$t;
+-	$t=(($b>> 2)^$a)&0x33333333;
+-	$b^=($t<< 2); $a^=$t;
+-	$t=(($a>>16)^$b)&0x0000ffff;
+-	$a^=($t<<16); $b^=$t;
+-	$t=(($b>> 4)^$a)&0x0f0f0f0f;
+-	$b^=($t<< 4); $a^=$t;
+-	$a&=0xffffffff;
+-	$b&=0xffffffff;
+-	}
+-
+-sub main'des_ecb_encrypt
+-	{
+-	local(*ks,$encrypt,$in)=@_;
+-	local($l,$r,$i,$t,$u,@input);
+-	
+-	@input=unpack("C8",$in);
+-	# Get the bytes in the order we want.
+-	$l=	($input[0]    )|
+-		($input[1]<< 8)|
+-		($input[2]<<16)|
+-		($input[3]<<24);
+-	$r=	($input[4]    )|
+-		($input[5]<< 8)|
+-		($input[6]<<16)|
+-		($input[7]<<24);
+-
+-	$l&=0xffffffff;
+-	$r&=0xffffffff;
+-	&doIP(*l,*r);
+-	if ($encrypt)
+-		{
+-		for ($i=0; $i<32; $i+=4)
+-			{
+-			$t=((($r&0x7fffffff)<<1)|(($r>>31)&0x00000001));
+-			$u=$t^$ks[$i  ];
+-			$t=$t^$ks[$i+1];
+-			$t2=(($t&0x0000000f)<<28);
+-
+-			$t=((($t>>4)&0x0fffffff)|(($t&0x0000000f)<<28));
+-			$l^=	$SP1[ $t     &0x3f]|
+-				$SP3[($t>> 8)&0x3f]|
+-				$SP5[($t>>16)&0x3f]|
+-				$SP7[($t>>24)&0x3f]|
+-				$SP0[ $u     &0x3f]|
+-				$SP2[($u>> 8)&0x3f]|
+-				$SP4[($u>>16)&0x3f]|
+-				$SP6[($u>>24)&0x3f];
+-
+-			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
+-			$u=$t^$ks[$i+2];
+-			$t=$t^$ks[$i+3];
+-			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+-			$r^=	$SP1[ $t     &0x3f]|
+-				$SP3[($t>> 8)&0x3f]|
+-				$SP5[($t>>16)&0x3f]|
+-				$SP7[($t>>24)&0x3f]|
+-				$SP0[ $u     &0x3f]|
+-				$SP2[($u>> 8)&0x3f]|
+-				$SP4[($u>>16)&0x3f]|
+-				$SP6[($u>>24)&0x3f];
+-			}
+-		}
+-	else	
+-		{
+-		for ($i=30; $i>0; $i-=4)
+-			{
+-			$t=(($r<<1)|(($r>>31)&0x1))&0xffffffff;
+-			$u=$t^$ks[$i  ];
+-			$t=$t^$ks[$i+1];
+-			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+-			$l^=	$SP1[ $t     &0x3f]|
+-				$SP3[($t>> 8)&0x3f]|
+-				$SP5[($t>>16)&0x3f]|
+-				$SP7[($t>>24)&0x3f]|
+-				$SP0[ $u     &0x3f]|
+-				$SP2[($u>> 8)&0x3f]|
+-				$SP4[($u>>16)&0x3f]|
+-				$SP6[($u>>24)&0x3f];
+-
+-			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
+-			$u=$t^$ks[$i-2];
+-			$t=$t^$ks[$i-1];
+-			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+-			$r^=	$SP1[ $t     &0x3f]|
+-				$SP3[($t>> 8)&0x3f]|
+-				$SP5[($t>>16)&0x3f]|
+-				$SP7[($t>>24)&0x3f]|
+-				$SP0[ $u     &0x3f]|
+-				$SP2[($u>> 8)&0x3f]|
+-				$SP4[($u>>16)&0x3f]|
+-				$SP6[($u>>24)&0x3f];
+-			}
+-		}
+-	&doFP(*l,*r);
+-	pack("C8",$l&0xff, 
+-	          ($l>> 8)&0x00ffffff,
+-	          ($l>>16)&0x0000ffff,
+-		  ($l>>24)&0x000000ff,
+-		  $r&0xff,
+-	          ($r>> 8)&0x00ffffff,
+-	          ($r>>16)&0x0000ffff,
+-		  ($r>>24)&0x000000ff);
+-	}
+Index: crypto/openssl/crypto/des/des_crypt.man
+===================================================================
+RCS file: crypto/openssl/crypto/des/des_crypt.man
+diff -N crypto/openssl/crypto/des/des_crypt.man
+--- crypto/openssl/crypto/des/des_crypt.man	4 Jul 2001 23:19:18 -0000	1.2.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,509 +0,0 @@
+-.\" $FreeBSD: src/crypto/openssl/crypto/des/des_crypt.man,v 1.2.2.2 2001/07/04 23:19:18 kris Exp $
+-.TH DES_CRYPT 3 
+-.SH NAME
+-des_read_password, des_read_2password,
+-des_string_to_key, des_string_to_2key, des_read_pw_string,
+-des_random_key, des_set_key,
+-des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt,
+-des_3cbc_encrypt,
+-des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt,
+-des_cbc_cksum, des_quad_cksum,
+-des_enc_read, des_enc_write, des_set_odd_parity,
+-des_is_weak_key, crypt \- (non USA) DES encryption
+-.SH SYNOPSIS
+-.nf
+-.nj
+-.ft B
+-#include <openssl/des.h>
+-.PP
+-.B int des_read_password(key,prompt,verify)
+-des_cblock *key;
+-char *prompt;
+-int verify;
+-.PP
+-.B int des_read_2password(key1,key2,prompt,verify)
+-des_cblock *key1,*key2;
+-char *prompt;
+-int verify;
+-.PP
+-.B int des_string_to_key(str,key)
+-char *str;
+-des_cblock *key;
+-.PP
+-.B int des_string_to_2keys(str,key1,key2)
+-char *str;
+-des_cblock *key1,*key2;
+-.PP
+-.B int des_read_pw_string(buf,length,prompt,verify)
+-char *buf;
+-int length;
+-char *prompt;
+-int verify;
+-.PP
+-.B int des_random_key(key)
+-des_cblock *key;
+-.PP
+-.B int des_set_key(key,schedule)
+-des_cblock *key;
+-des_key_schedule schedule;
+-.PP
+-.B int des_key_sched(key,schedule)
+-des_cblock *key;
+-des_key_schedule schedule;
+-.PP
+-.B int des_ecb_encrypt(input,output,schedule,encrypt)
+-des_cblock *input;
+-des_cblock *output;
+-des_key_schedule schedule;
+-int encrypt;
+-.PP
+-.B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt)
+-des_cblock *input;
+-des_cblock *output;
+-des_key_schedule ks1,ks2;
+-int encrypt;
+-.PP
+-.B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
+-des_cblock *input;
+-des_cblock *output;
+-long length;
+-des_key_schedule schedule;
+-des_cblock *ivec;
+-int encrypt;
+-.PP
+-.B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt)
+-des_cblock *input;
+-des_cblock *output;
+-long length;
+-des_key_schedule sk1;
+-des_key_schedule sk2;
+-des_cblock *ivec1;
+-des_cblock *ivec2;
+-int encrypt;
+-.PP
+-.B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt)
+-des_cblock *input;
+-des_cblock *output;
+-long length;
+-des_key_schedule schedule;
+-des_cblock *ivec;
+-int encrypt;
+-.PP
+-.B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt)
+-unsigned char *input;
+-unsigned char *output;
+-int numbits;
+-long length;
+-des_key_schedule schedule;
+-des_cblock *ivec;
+-int encrypt;
+-.PP
+-.B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec)
+-unsigned char *input,*output;
+-int numbits;
+-long length;
+-des_key_schedule schedule;
+-des_cblock *ivec;
+-.PP
+-.B unsigned long des_cbc_cksum(input,output,length,schedule,ivec)
+-des_cblock *input;
+-des_cblock *output;
+-long length;
+-des_key_schedule schedule;
+-des_cblock *ivec;
+-.PP
+-.B unsigned long des_quad_cksum(input,output,length,out_count,seed)
+-des_cblock *input;
+-des_cblock *output;
+-long length;
+-int out_count;
+-des_cblock *seed;
+-.PP
+-.B int des_check_key;
+-.PP
+-.B int des_enc_read(fd,buf,len,sched,iv)
+-int fd;
+-char *buf;
+-int len;
+-des_key_schedule sched;
+-des_cblock *iv;
+-.PP
+-.B int des_enc_write(fd,buf,len,sched,iv)
+-int fd;
+-char *buf;
+-int len;
+-des_key_schedule sched;
+-des_cblock *iv;
+-.PP
+-.B extern int des_rw_mode;
+-.PP
+-.B void des_set_odd_parity(key)
+-des_cblock *key;
+-.PP
+-.B int des_is_weak_key(key)
+-des_cblock *key;
+-.PP
+-.B char *crypt(passwd,salt)
+-char *passwd;
+-char *salt;
+-.PP
+-.fi
+-.SH DESCRIPTION
+-This library contains a fast implementation of the DES encryption
+-algorithm.
+-.PP
+-There are two phases to the use of DES encryption.
+-The first is the generation of a
+-.I des_key_schedule
+-from a key,
+-the second is the actual encryption.
+-A des key is of type
+-.I des_cblock.
+-This type is made from 8 characters with odd parity.
+-The least significant bit in the character is the parity bit.
+-The key schedule is an expanded form of the key; it is used to speed the
+-encryption process.
+-.PP
+-.I des_read_password
+-writes the string specified by prompt to the standard output,
+-turns off echo and reads an input string from standard input
+-until terminated with a newline.
+-If verify is non-zero, it prompts and reads the input again and verifies
+-that both entered passwords are the same.
+-The entered string is converted into a des key by using the
+-.I des_string_to_key
+-routine.
+-The new key is placed in the
+-.I des_cblock
+-that was passed (by reference) to the routine.
+-If there were no errors,
+-.I des_read_password
+-returns 0,
+--1 is returned if there was a terminal error and 1 is returned for
+-any other error.
+-.PP
+-.I des_read_2password
+-operates in the same way as
+-.I des_read_password
+-except that it generates 2 keys by using the
+-.I des_string_to_2key
+-function.
+-.PP
+-.I des_read_pw_string
+-is called by
+-.I des_read_password
+-to read and verify a string from a terminal device.
+-The string is returned in
+-.I buf.
+-The size of
+-.I buf
+-is passed to the routine via the
+-.I length
+-parameter.
+-.PP
+-.I des_string_to_key
+-converts a string into a valid des key.
+-.PP
+-.I des_string_to_2key
+-converts a string into 2 valid des keys.
+-This routine is best suited for used to generate keys for use with
+-.I des_ecb3_encrypt.
+-.PP
+-.I des_random_key
+-returns a random key that is made of a combination of process id,
+-time and an increasing counter.
+-.PP
+-Before a des key can be used it is converted into a
+-.I des_key_schedule
+-via the
+-.I des_set_key
+-routine.
+-If the
+-.I des_check_key
+-flag is non-zero,
+-.I des_set_key
+-will check that the key passed is of odd parity and is not a week or
+-semi-weak key.
+-If the parity is wrong,
+-then -1 is returned.
+-If the key is a weak key,
+-then -2 is returned.
+-If an error is returned,
+-the key schedule is not generated.
+-.PP
+-.I des_key_sched
+-is another name for the
+-.I des_set_key
+-function.
+-.PP
+-The following routines mostly operate on an input and output stream of
+-.I des_cblock's.
+-.PP
+-.I des_ecb_encrypt
+-is the basic DES encryption routine that encrypts or decrypts a single 8-byte
+-.I des_cblock
+-in
+-.I electronic code book
+-mode.
+-It always transforms the input data, pointed to by
+-.I input,
+-into the output data,
+-pointed to by the
+-.I output
+-argument.
+-If the
+-.I encrypt
+-argument is non-zero (DES_ENCRYPT),
+-the
+-.I input
+-(cleartext) is encrypted in to the
+-.I output
+-(ciphertext) using the key_schedule specified by the
+-.I schedule
+-argument,
+-previously set via
+-.I des_set_key.
+-If
+-.I encrypt
+-is zero (DES_DECRYPT),
+-the
+-.I input
+-(now ciphertext)
+-is decrypted into the
+-.I output
+-(now cleartext).
+-Input and output may overlap.
+-No meaningful value is returned.
+-.PP
+-.I des_ecb3_encrypt
+-encrypts/decrypts the
+-.I input
+-block by using triple ecb DES encryption.
+-This involves encrypting the input with 
+-.I ks1,
+-decryption with the key schedule
+-.I ks2,
+-and then encryption with the first again.
+-This routine greatly reduces the chances of brute force breaking of
+-DES and has the advantage of if
+-.I ks1
+-and
+-.I ks2
+-are the same, it is equivalent to just encryption using ecb mode and
+-.I ks1
+-as the key.
+-.PP
+-.I des_cbc_encrypt
+-encrypts/decrypts using the
+-.I cipher-block-chaining
+-mode of DES.
+-If the
+-.I encrypt
+-argument is non-zero,
+-the routine cipher-block-chain encrypts the cleartext data pointed to by the
+-.I input
+-argument into the ciphertext pointed to by the
+-.I output
+-argument,
+-using the key schedule provided by the
+-.I schedule
+-argument,
+-and initialisation vector provided by the
+-.I ivec
+-argument.
+-If the
+-.I length
+-argument is not an integral multiple of eight bytes, 
+-the last block is copied to a temporary area and zero filled.
+-The output is always
+-an integral multiple of eight bytes.
+-To make multiple cbc encrypt calls on a large amount of data appear to
+-be one 
+-.I des_cbc_encrypt
+-call, the
+-.I ivec
+-of subsequent calls should be the last 8 bytes of the output.
+-.PP
+-.I des_3cbc_encrypt
+-encrypts/decrypts the
+-.I input
+-block by using triple cbc DES encryption.
+-This involves encrypting the input with key schedule
+-.I ks1,
+-decryption with the key schedule
+-.I ks2,
+-and then encryption with the first again.
+-2 initialisation vectors are required,
+-.I ivec1
+-and
+-.I ivec2.
+-Unlike
+-.I des_cbc_encrypt,
+-these initialisation vectors are modified by the subroutine.
+-This routine greatly reduces the chances of brute force breaking of
+-DES and has the advantage of if
+-.I ks1
+-and
+-.I ks2
+-are the same, it is equivalent to just encryption using cbc mode and
+-.I ks1
+-as the key.
+-.PP
+-.I des_pcbc_encrypt
+-encrypt/decrypts using a modified block chaining mode.
+-It provides better error propagation characteristics than cbc
+-encryption.
+-.PP
+-.I des_cfb_encrypt
+-encrypt/decrypts using cipher feedback mode.  This method takes an
+-array of characters as input and outputs and array of characters.  It
+-does not require any padding to 8 character groups.  Note: the ivec
+-variable is changed and the new changed value needs to be passed to
+-the next call to this function.  Since this function runs a complete
+-DES ecb encryption per numbits, this function is only suggested for
+-use when sending small numbers of characters.
+-.PP
+-.I des_ofb_encrypt
+-encrypt using output feedback mode.  This method takes an
+-array of characters as input and outputs and array of characters.  It
+-does not require any padding to 8 character groups.  Note: the ivec
+-variable is changed and the new changed value needs to be passed to
+-the next call to this function.  Since this function runs a complete
+-DES ecb encryption per numbits, this function is only suggested for
+-use when sending small numbers of characters.
+-.PP
+-.I des_cbc_cksum
+-produces an 8 byte checksum based on the input stream (via cbc encryption).
+-The last 4 bytes of the checksum is returned and the complete 8 bytes is
+-placed in
+-.I output.
+-.PP
+-.I des_quad_cksum
+-returns a 4 byte checksum from the input bytes.
+-The algorithm can be iterated over the input,
+-depending on
+-.I out_count,
+-1, 2, 3 or 4 times.
+-If
+-.I output
+-is non-NULL,
+-the 8 bytes generated by each pass are written into
+-.I output.
+-.PP
+-.I des_enc_write
+-is used to write
+-.I len
+-bytes
+-to file descriptor
+-.I fd
+-from buffer
+-.I buf.
+-The data is encrypted via
+-.I pcbc_encrypt
+-(default) using
+-.I sched
+-for the key and
+-.I iv
+-as a starting vector.
+-The actual data send down
+-.I fd
+-consists of 4 bytes (in network byte order) containing the length of the
+-following encrypted data.  The encrypted data then follows, padded with random
+-data out to a multiple of 8 bytes.
+-.PP
+-.I des_enc_read
+-is used to read
+-.I len
+-bytes
+-from file descriptor
+-.I fd
+-into buffer
+-.I buf.
+-The data being read from
+-.I fd
+-is assumed to have come from
+-.I des_enc_write
+-and is decrypted using
+-.I sched
+-for the key schedule and
+-.I iv
+-for the initial vector.
+-The
+-.I des_enc_read/des_enc_write
+-pair can be used to read/write to files, pipes and sockets.
+-I have used them in implementing a version of rlogin in which all
+-data is encrypted.
+-.PP
+-.I des_rw_mode
+-is used to specify the encryption mode to use with 
+-.I des_enc_read
+-and 
+-.I des_end_write.
+-If set to
+-.I DES_PCBC_MODE
+-(the default), des_pcbc_encrypt is used.
+-If set to
+-.I DES_CBC_MODE
+-des_cbc_encrypt is used.
+-These two routines and the variable are not part of the normal MIT library.
+-.PP
+-.I des_set_odd_parity
+-sets the parity of the passed
+-.I key
+-to odd.  This routine is not part of the standard MIT library.
+-.PP
+-.I des_is_weak_key
+-returns 1 is the passed key is a weak key (pick again :-),
+-0 if it is ok.
+-This routine is not part of the standard MIT library.
+-.PP
+-.I crypt
+-is a replacement for the normal system crypt.
+-It is much faster than the system crypt.
+-.PP
+-.SH FILES
+-/usr/include/openssl/des.h
+-.br
+-/usr/lib/libcrypto.a
+-.PP
+-The encryption routines have been tested on 16bit, 32bit and 64bit
+-machines of various endian and even works under VMS.
+-.PP
+-.SH BUGS
+-.PP
+-If you think this manual is sparse,
+-read the des_crypt(3) manual from the MIT kerberos (or bones outside
+-of the USA) distribution.
+-.PP
+-.I des_cfb_encrypt
+-and
+-.I des_ofb_encrypt
+-operates on input of 8 bits.  What this means is that if you set
+-numbits to 12, and length to 2, the first 12 bits will come from the 1st
+-input byte and the low half of the second input byte.  The second 12
+-bits will have the low 8 bits taken from the 3rd input byte and the
+-top 4 bits taken from the 4th input byte.  The same holds for output.
+-This function has been implemented this way because most people will
+-be using a multiple of 8 and because once you get into pulling bytes input
+-bytes apart things get ugly!
+-.PP
+-.I des_read_pw_string
+-is the most machine/OS dependent function and normally generates the
+-most problems when porting this code.
+-.PP
+-.I des_string_to_key
+-is probably different from the MIT version since there are lots
+-of fun ways to implement one-way encryption of a text string.
+-.PP
+-The routines are optimised for 32 bit machines and so are not efficient
+-on IBM PCs.
+-.PP
+-NOTE: extensive work has been done on this library since this document
+-was origionally written.  Please try to read des.doc from the libdes
+-distribution since it is far more upto date and documents more of the
+-functions.  Libdes is now also being shipped as part of SSLeay, a
+-general cryptographic library that amonst other things implements
+-netscapes SSL protocoll.  The most recent version can be found in
+-SSLeay distributions.
+-.SH AUTHOR
+-Eric Young (eay@cryptsoft.com)
+Index: crypto/openssl/crypto/des/doIP
+===================================================================
+RCS file: crypto/openssl/crypto/des/doIP
+diff -N crypto/openssl/crypto/des/doIP
+--- crypto/openssl/crypto/des/doIP	10 Jan 2000 06:21:37 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,46 +0,0 @@
+-#!/usr/local/bin/perl
+-
+-@l=(
+-	 0, 1, 2, 3, 4, 5, 6, 7,
+-	 8, 9,10,11,12,13,14,15,
+-	16,17,18,19,20,21,22,23,
+-	24,25,26,27,28,29,30,31
+-	);
+-@r=(
+-	32,33,34,35,36,37,38,39,
+-	40,41,42,43,44,45,46,47,
+-	48,49,50,51,52,53,54,55,
+-	56,57,58,59,60,61,62,63
+-	);
+-
+-require 'shifts.pl';
+-
+-sub PERM_OP
+-	{
+-	local(*a,*b,*t,$n,$m)=@_;
+-
+-	@z=&shift(*a,-$n);
+-	@z=&xor(*b,*z);
+-	@z=&and(*z,$m);
+-	@b=&xor(*b,*z);
+-	@z=&shift(*z,$n);
+-	@a=&xor(*a,*z);
+-	}
+-
+-
+-@L=@l;
+-@R=@r;
+-&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+-&PERM_OP(*L,*R,*T,16,0x0000ffff);
+-&PERM_OP(*R,*L,*T,2,0x33333333);
+-&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+-&PERM_OP(*R,*L,*T,1,0x55555555);
+-	&printit(@L);
+-	&printit(@R);
+-&PERM_OP(*R,*L,*T,1,0x55555555);
+-&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+-&PERM_OP(*R,*L,*T,2,0x33333333);
+-&PERM_OP(*L,*R,*T,16,0x0000ffff);
+-&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+-	&printit(@L);
+-	&printit(@R);
+Index: crypto/openssl/crypto/des/doPC1
+===================================================================
+RCS file: crypto/openssl/crypto/des/doPC1
+diff -N crypto/openssl/crypto/des/doPC1
+--- crypto/openssl/crypto/des/doPC1	10 Jan 2000 06:21:37 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,110 +0,0 @@
+-#!/usr/local/bin/perl
+-
+-@l=(
+-	 0, 1, 2, 3, 4, 5, 6, 7,
+-	 8, 9,10,11,12,13,14,15,
+-	16,17,18,19,20,21,22,23,
+-	24,25,26,27,28,29,30,31
+-	);
+-@r=(
+-	32,33,34,35,36,37,38,39,
+-	40,41,42,43,44,45,46,47,
+-	48,49,50,51,52,53,54,55,
+-	56,57,58,59,60,61,62,63
+-	);
+-
+-require 'shifts.pl';
+-
+-sub PERM_OP
+-	{
+-	local(*a,*b,*t,$n,$m)=@_;
+-
+-	@z=&shift(*a,-$n);
+-	@z=&xor(*b,*z);
+-	@z=&and(*z,$m);
+-	@b=&xor(*b,*z);
+-	@z=&shift(*z,$n);
+-	@a=&xor(*a,*z);
+-	}
+-
+-sub HPERM_OP2
+-	{
+-	local(*a,*t,$n,$m)=@_;
+-	local(@x,@y,$i);
+-
+-	@z=&shift(*a,16-$n);
+-	@z=&xor(*a,*z);
+-	@z=&and(*z,$m);
+-	@a=&xor(*a,*z);
+-	@z=&shift(*z,$n-16);
+-	@a=&xor(*a,*z);
+-	}
+-
+-sub HPERM_OP
+-        {
+-        local(*a,*t,$n,$m)=@_;
+-        local(@x,@y,$i);
+-
+-        for ($i=0; $i<16; $i++)
+-                {
+-                $x[$i]=$a[$i];
+-                $y[$i]=$a[16+$i];
+-                }
+-        @z=&shift(*x,-$n);
+-        @z=&xor(*y,*z);
+-        @z=&and(*z,$m);
+-        @y=&xor(*y,*z);
+-        @z=&shift(*z,$n);
+-        @x=&xor(*x,*z);
+-        for ($i=0; $i<16; $i++)
+-                {
+-                $a[$i]=$x[$i];
+-                $a[16+$i]=$y[$i];
+-                }
+-        }
+-
+-@L=@l;
+-@R=@r;
+-
+-	print "---\n"; &printit(@R);
+-&PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+-	print "---\n"; &printit(@R);
+-&HPERM_OP2(*L,*T,-2,0xcccc0000);
+-&HPERM_OP2(*R,*T,-2,0xcccc0000);
+-	print "---\n"; &printit(@R);
+-&PERM_OP(*R,*L,*T,1,0x55555555);
+-	print "---\n"; &printit(@R);
+-&PERM_OP(*L,*R,*T,8,0x00ff00ff);
+-	print "---\n"; &printit(@R);
+-&PERM_OP(*R,*L,*T,1,0x55555555);
+-	print "---\n"; &printit(@R);
+-#	&printit(@L);
+-	&printit(@R);
+-print <<"EOF";
+-==============================
+-63  55  47  39  31  23  15   7  
+-62  54  46  38  30  22  14   6  
+-61  53  45  37  29  21  13   5  
+-60  52  44  36  --  --  --  --  
+-
+-57  49  41  33  25  17   9   1  
+-58  50  42  34  26  18  10   2  
+-59  51  43  35  27  19  11   3  
+-28  20  12   4  --  --  --  --  
+-EOF
+-exit(1);
+-@A=&and(*R,0x000000ff);
+-@A=&shift(*A,16);
+-@B=&and(*R,0x0000ff00);
+-@C=&and(*R,0x00ff0000);
+-@C=&shift(*C,-16);
+-@D=&and(*L,0xf0000000);
+-@D=&shift(*D,-4);
+-@A=&or(*A,*B);
+-@B=&or(*D,*C);
+-@R=&or(*A,*B);
+-@L=&and(*L,0x0fffffff);
+-
+-	&printit(@L);
+-	&printit(@R);
+-
+Index: crypto/openssl/crypto/des/doPC2
+===================================================================
+RCS file: crypto/openssl/crypto/des/doPC2
+diff -N crypto/openssl/crypto/des/doPC2
+--- crypto/openssl/crypto/des/doPC2	10 Jan 2000 06:21:37 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,94 +0,0 @@
+-#!/usr/local/bin/perl
+-
+-@PC2_C=(14,17,11,24, 1, 5,
+-	 3,28,15, 6,21,10,
+-	23,19,12, 4,26, 8,
+-	16, 7,27,20,13, 2,
+-	);
+-
+-@PC2_D=(41,52,31,37,47,55,
+-	30,40,51,45,33,48,
+-	44,49,39,56,34,53,
+-	46,42,50,36,29,32,
+-	);
+-
+-$i=0;
+-foreach (@PC2_C) {
+-	$_--;
+-#	printf "%2d,",$_;
+-	$C{$_}=$i;
+-	++$i;
+-#	print "\n" if ((($i) % 8) == 0);
+-	}
+-$i=0;
+-#print "\n";
+-foreach (@PC2_D) {
+-	$_-=28;
+-	$_--;
+-#	printf "%2d,",$_;
+-	$D{$_}=$i;
+-	$i++;
+-#	print "\n" if ((($i) % 8) == 0);
+-	}
+-
+-#print "\n";
+-foreach $i (0 .. 27)
+-	{
+-	$_=$C{$i};
+-#	printf "%2d,",$_;
+-	$i++;
+-#	print "\n" if ((($i) % 8) == 0);
+-	}
+-#print "\n";
+-
+-#print "\n";
+-foreach $i (0 .. 27)
+-	{
+-	$_=$D{$i};
+-#	printf "%2d,",$_;
+-	$i++;
+-#	print "\n" if ((($i) % 8) == 0);
+-	}
+-#print "\n";
+-
+-print "static ulong skb[8][64]={\n";
+-&doit("C",*C, 0, 1, 2, 3, 4, 5);
+-&doit("C",*C, 6, 7, 9,10,11,12);
+-&doit("C",*C,13,14,15,16,18,19);
+-&doit("C",*C,20,22,23,25,26,27);
+-
+-&doit("D",*D, 0, 1, 2, 3, 4, 5);
+-&doit("D",*D, 7, 8,10,11,12,13);
+-&doit("D",*D,15,16,17,18,19,20);
+-&doit("D",*D,21,22,23,24,26,27);
+-print "};\n";
+-
+-sub doit
+-	{
+-	local($l,*A,@b)=@_;
+-	local(@out);
+-
+-	printf("/* for $l bits (numbered as per FIPS 46) %d %d %d %d %d %d */\n",
+-		$b[0]+1, $b[1]+1, $b[2]+1, $b[3]+1, $b[4]+1, $b[5]+1);
+-	for ($i=0; $i<64; $i++)
+-		{
+-		$out[$i]=0;
+-		$j=1;
+-#print "\n";
+-		for ($k=0; $k<6; $k++)
+-			{
+-			$l=$A{$b[$k]};
+-#print"$l - ";
+-			if ((1<<$k) & $i)
+-				{
+-				$ll=int($l/6)*8+($l%6);
+-				$out[$i]|=1<<($ll);
+-				}
+-			}
+-		$pp=$out[$i];
+-		$pp=($pp&0xff0000ff)|   (($pp&0x00ff0000)>>8)|
+-					(($pp&0x0000ff00)<<8);
+-		printf("0x%08X,",$pp);
+-		print "\n" if (($i+1) % 4 == 0);
+-		}
+-	}
+Index: crypto/openssl/crypto/des/fcrypt.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/des/fcrypt.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 fcrypt.c
+--- crypto/openssl/crypto/des/fcrypt.c	20 Aug 2000 08:46:19 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/des/fcrypt.c	31 Jul 2002 00:46:54 -0000
+@@ -61,7 +61,7 @@
+ void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+ 	DES_LONG Eswap0, DES_LONG Eswap1);
+ 
+-#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
++#if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_DARWIN)
+ char *crypt(const char *buf, const char *salt)
+ 	{
+ 	return(des_crypt(buf, salt));
+Index: crypto/openssl/crypto/des/podd.h
+===================================================================
+RCS file: crypto/openssl/crypto/des/podd.h
+diff -N crypto/openssl/crypto/des/podd.h
+--- crypto/openssl/crypto/des/podd.h	10 Jan 2000 06:21:37 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,75 +0,0 @@
+-/* crypto/des/podd.h */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-static const unsigned char odd_parity[256]={
+-  1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
+- 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+- 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+- 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+- 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+- 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+- 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+-112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+-128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+-145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+-161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+-176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+-193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+-208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+-224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+-241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
+Index: crypto/openssl/crypto/des/read_pwd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/des/read_pwd.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 read_pwd.c
+--- crypto/openssl/crypto/des/read_pwd.c	26 Nov 2000 11:33:26 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/des/read_pwd.c	31 Jul 2002 00:46:54 -0000
+@@ -56,7 +56,7 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-#if !defined(MSDOS) && !defined(VMS) && !defined(WIN32)
++#if !defined(MSDOS) && !defined(VMS) && !defined(WIN32) && !defined(VXWORKS)
+ #include <openssl/opensslconf.h>
+ #ifdef OPENSSL_UNISTD
+ # include OPENSSL_UNISTD
+@@ -133,6 +133,12 @@
+ #define SGTTY
+ #endif
+ 
++#if defined(VXWORKS)
++#undef TERMIOS
++#undef TERMIO
++#undef SGTTY
++#endif
++
+ #ifdef TERMIOS
+ #include <termios.h>
+ #define TTY_STRUCT		struct termios
+@@ -240,7 +246,7 @@
+ 	long status;
+ 	unsigned short channel = 0;
+ #else
+-#ifndef MSDOS
++#if !defined(MSDOS) && !defined(VXWORKS)
+ 	TTY_STRUCT tty_orig,tty_new;
+ #endif
+ #endif
+@@ -268,7 +274,7 @@
+ #ifdef MSDOS
+ 	if ((tty=fopen("con","r")) == NULL)
+ 		tty=stdin;
+-#elif defined(MAC_OS_pre_X)
++#elif defined(MAC_OS_pre_X) || defined(VXWORKS)
+ 	tty=stdin;
+ #else
+ #ifndef MPE
+@@ -366,7 +372,7 @@
+ 
+ error:
+ 	fprintf(stderr,"\n");
+-#ifdef DEBUG
++#if 0
+ 	perror("fgets(tty)");
+ #endif
+ 	/* What can we do if there is an error? */
+Index: crypto/openssl/crypto/des/shifts.pl
+===================================================================
+RCS file: crypto/openssl/crypto/des/shifts.pl
+diff -N crypto/openssl/crypto/des/shifts.pl
+--- crypto/openssl/crypto/des/shifts.pl	10 Jan 2000 06:21:37 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,198 +0,0 @@
+-#!/usr/local/bin/perl
+-
+-sub lab_shift
+-	{
+-	local(*a,$n)=@_;
+-	local(@r,$i,$j,$k,$d,@z);
+-
+-	@r=&shift(*a,$n);
+-	foreach $i (0 .. 31)
+-		{
+-		@z=split(/\^/,$r[$i]);
+-		for ($j=0; $j <= $#z; $j++)
+-			{
+-			($d)=($z[$j] =~ /^(..)/);
+-			($k)=($z[$j] =~ /\[(.*)\]$/);
+-			$k.=",$n" if ($k ne "");
+-			$k="$n"	  if ($k eq "");
+-			$d="$d[$k]";
+-			$z[$j]=$d;
+-			}
+-		$r[$i]=join('^',@z);
+-		}
+-	return(@r);
+-	}
+-
+-sub shift
+-	{
+-	local(*a,$n)=@_;
+-	local(@f);
+-
+-	if ($n > 0)
+-		{
+-		@f=&shiftl(*a,$n);
+-		}
+-	else
+-		{
+-		@f=&shiftr(*a,-$n);
+-		}
+-	return(@f);
+-	}
+-
+-sub rotate
+-	{
+-	local(*a,$n)=@_;
+-	local(@f);
+-
+-	if ($n > 0)
+-		{ @f=&rotatel(*a,$n); }
+-	else
+-		{ @f=&rotater(*a,-$n); }
+-	return(@f);
+-	}
+-
+-sub rotater
+-	{
+-	local(*a,$n)=@_;
+-	local(@f,@g);
+-
+-	@f=&shiftr(*a,$n);
+-	@g=&shiftl(*a,32-$n);
+-	$#f=31;
+-	$#g=31;
+-	return(&or(*f,*g));
+-	}
+-
+-sub rotatel
+-	{
+-	local(*a,$n)=@_;
+-	local(@f,@g);
+-
+-	@f=&shiftl(*a,$n);
+-	@g=&shiftr(*a,32-$n);
+-	$#f=31;
+-	$#g=31;
+-	return(&or(*f,*g));
+-	}
+-
+-sub shiftr
+-	{
+-	local(*a,$n)=@_;
+-	local(@r,$i);
+-
+-	$#r=31;
+-	foreach $i (0 .. 31)
+-		{
+-		if (($i+$n) > 31)
+-			{
+-			$r[$i]="--";
+-			}
+-		else
+-			{
+-			$r[$i]=$a[$i+$n];
+-			}
+-		}
+-	return(@r);
+-	}
+-
+-sub shiftl
+-	{
+-	local(*a,$n)=@_;
+-	local(@r,$i);
+-
+-	$#r=31;
+-	foreach $i (0 .. 31)
+-		{
+-		if ($i < $n)
+-			{
+-			$r[$i]="--";
+-			}
+-		else
+-			{
+-			$r[$i]=$a[$i-$n];
+-			}
+-		}
+-	return(@r);
+-	}
+-
+-sub printit
+-	{
+-	local(@a)=@_;
+-	local($i);
+-
+-	foreach $i (0 .. 31)
+-		{
+-		printf "%2s  ",$a[$i];
+-		print "\n" if (($i%8) == 7);
+-		}
+-	print "\n";
+-	}
+-
+-sub xor
+-	{
+-	local(*a,*b)=@_;
+-	local(@r,$i);
+-
+-	$#r=31;
+-	foreach $i (0 .. 31)
+-		{
+-		$r[$i]=&compress($a[$i].'^'.$b[$i]);
+-#		$r[$i]=$a[$i]."^".$b[$i];
+-		}
+-	return(@r);
+-	}
+-
+-sub and
+-	{
+-	local(*a,$m)=@_;
+-	local(@r,$i);
+-
+-	$#r=31;
+-	foreach $i (0 .. 31)
+-		{
+-		$r[$i]=(($m & (1<<$i))?($a[$i]):('--'));
+-		}
+-	return(@r);
+-	}
+-
+-sub or
+-	{
+-	local(*a,*b)=@_;
+-	local(@r,$i);
+-
+-	$#r=31;
+-	foreach $i (0 .. 31)
+-		{
+-		$r[$i]='--'   if (($a[$i] eq '--') && ($b[$i] eq '--'));
+-		$r[$i]=$a[$i] if (($a[$i] ne '--') && ($b[$i] eq '--'));
+-		$r[$i]=$b[$i] if (($a[$i] eq '--') && ($b[$i] ne '--'));
+-		$r[$i]='++'   if (($a[$i] ne '--') && ($b[$i] ne '--'));
+-		}
+-	return(@r);
+-	}
+-
+-sub compress
+-	{
+-	local($s)=@_;
+-	local($_,$i,@a,%a,$r);
+-
+-	$s =~ s/\^\^/\^/g;
+-	$s =~ s/^\^//;
+-	$s =~ s/\^$//;
+-	@a=split(/\^/,$s);
+-
+-	while ($#a >= 0)
+-		{
+-		$_=shift(@a);
+-		next unless /\d/;
+-		$a{$_}++;
+-		}
+-	foreach $i (sort keys %a)
+-		{
+-		next if ($a{$i}%2 == 0);
+-		$r.="$i^";
+-		}
+-	chop($r);
+-	return($r);
+-	}
+-1;
+Index: crypto/openssl/crypto/des/sk.h
+===================================================================
+RCS file: crypto/openssl/crypto/des/sk.h
+diff -N crypto/openssl/crypto/des/sk.h
+--- crypto/openssl/crypto/des/sk.h	10 Jan 2000 06:21:37 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,204 +0,0 @@
+-/* crypto/des/sk.h */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-static const DES_LONG des_skb[8][64]={
+-{
+-/* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+-0x00000000L,0x00000010L,0x20000000L,0x20000010L,
+-0x00010000L,0x00010010L,0x20010000L,0x20010010L,
+-0x00000800L,0x00000810L,0x20000800L,0x20000810L,
+-0x00010800L,0x00010810L,0x20010800L,0x20010810L,
+-0x00000020L,0x00000030L,0x20000020L,0x20000030L,
+-0x00010020L,0x00010030L,0x20010020L,0x20010030L,
+-0x00000820L,0x00000830L,0x20000820L,0x20000830L,
+-0x00010820L,0x00010830L,0x20010820L,0x20010830L,
+-0x00080000L,0x00080010L,0x20080000L,0x20080010L,
+-0x00090000L,0x00090010L,0x20090000L,0x20090010L,
+-0x00080800L,0x00080810L,0x20080800L,0x20080810L,
+-0x00090800L,0x00090810L,0x20090800L,0x20090810L,
+-0x00080020L,0x00080030L,0x20080020L,0x20080030L,
+-0x00090020L,0x00090030L,0x20090020L,0x20090030L,
+-0x00080820L,0x00080830L,0x20080820L,0x20080830L,
+-0x00090820L,0x00090830L,0x20090820L,0x20090830L,
+-},{
+-/* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+-0x00000000L,0x02000000L,0x00002000L,0x02002000L,
+-0x00200000L,0x02200000L,0x00202000L,0x02202000L,
+-0x00000004L,0x02000004L,0x00002004L,0x02002004L,
+-0x00200004L,0x02200004L,0x00202004L,0x02202004L,
+-0x00000400L,0x02000400L,0x00002400L,0x02002400L,
+-0x00200400L,0x02200400L,0x00202400L,0x02202400L,
+-0x00000404L,0x02000404L,0x00002404L,0x02002404L,
+-0x00200404L,0x02200404L,0x00202404L,0x02202404L,
+-0x10000000L,0x12000000L,0x10002000L,0x12002000L,
+-0x10200000L,0x12200000L,0x10202000L,0x12202000L,
+-0x10000004L,0x12000004L,0x10002004L,0x12002004L,
+-0x10200004L,0x12200004L,0x10202004L,0x12202004L,
+-0x10000400L,0x12000400L,0x10002400L,0x12002400L,
+-0x10200400L,0x12200400L,0x10202400L,0x12202400L,
+-0x10000404L,0x12000404L,0x10002404L,0x12002404L,
+-0x10200404L,0x12200404L,0x10202404L,0x12202404L,
+-},{
+-/* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+-0x00000000L,0x00000001L,0x00040000L,0x00040001L,
+-0x01000000L,0x01000001L,0x01040000L,0x01040001L,
+-0x00000002L,0x00000003L,0x00040002L,0x00040003L,
+-0x01000002L,0x01000003L,0x01040002L,0x01040003L,
+-0x00000200L,0x00000201L,0x00040200L,0x00040201L,
+-0x01000200L,0x01000201L,0x01040200L,0x01040201L,
+-0x00000202L,0x00000203L,0x00040202L,0x00040203L,
+-0x01000202L,0x01000203L,0x01040202L,0x01040203L,
+-0x08000000L,0x08000001L,0x08040000L,0x08040001L,
+-0x09000000L,0x09000001L,0x09040000L,0x09040001L,
+-0x08000002L,0x08000003L,0x08040002L,0x08040003L,
+-0x09000002L,0x09000003L,0x09040002L,0x09040003L,
+-0x08000200L,0x08000201L,0x08040200L,0x08040201L,
+-0x09000200L,0x09000201L,0x09040200L,0x09040201L,
+-0x08000202L,0x08000203L,0x08040202L,0x08040203L,
+-0x09000202L,0x09000203L,0x09040202L,0x09040203L,
+-},{
+-/* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+-0x00000000L,0x00100000L,0x00000100L,0x00100100L,
+-0x00000008L,0x00100008L,0x00000108L,0x00100108L,
+-0x00001000L,0x00101000L,0x00001100L,0x00101100L,
+-0x00001008L,0x00101008L,0x00001108L,0x00101108L,
+-0x04000000L,0x04100000L,0x04000100L,0x04100100L,
+-0x04000008L,0x04100008L,0x04000108L,0x04100108L,
+-0x04001000L,0x04101000L,0x04001100L,0x04101100L,
+-0x04001008L,0x04101008L,0x04001108L,0x04101108L,
+-0x00020000L,0x00120000L,0x00020100L,0x00120100L,
+-0x00020008L,0x00120008L,0x00020108L,0x00120108L,
+-0x00021000L,0x00121000L,0x00021100L,0x00121100L,
+-0x00021008L,0x00121008L,0x00021108L,0x00121108L,
+-0x04020000L,0x04120000L,0x04020100L,0x04120100L,
+-0x04020008L,0x04120008L,0x04020108L,0x04120108L,
+-0x04021000L,0x04121000L,0x04021100L,0x04121100L,
+-0x04021008L,0x04121008L,0x04021108L,0x04121108L,
+-},{
+-/* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+-0x00000000L,0x10000000L,0x00010000L,0x10010000L,
+-0x00000004L,0x10000004L,0x00010004L,0x10010004L,
+-0x20000000L,0x30000000L,0x20010000L,0x30010000L,
+-0x20000004L,0x30000004L,0x20010004L,0x30010004L,
+-0x00100000L,0x10100000L,0x00110000L,0x10110000L,
+-0x00100004L,0x10100004L,0x00110004L,0x10110004L,
+-0x20100000L,0x30100000L,0x20110000L,0x30110000L,
+-0x20100004L,0x30100004L,0x20110004L,0x30110004L,
+-0x00001000L,0x10001000L,0x00011000L,0x10011000L,
+-0x00001004L,0x10001004L,0x00011004L,0x10011004L,
+-0x20001000L,0x30001000L,0x20011000L,0x30011000L,
+-0x20001004L,0x30001004L,0x20011004L,0x30011004L,
+-0x00101000L,0x10101000L,0x00111000L,0x10111000L,
+-0x00101004L,0x10101004L,0x00111004L,0x10111004L,
+-0x20101000L,0x30101000L,0x20111000L,0x30111000L,
+-0x20101004L,0x30101004L,0x20111004L,0x30111004L,
+-},{
+-/* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+-0x00000000L,0x08000000L,0x00000008L,0x08000008L,
+-0x00000400L,0x08000400L,0x00000408L,0x08000408L,
+-0x00020000L,0x08020000L,0x00020008L,0x08020008L,
+-0x00020400L,0x08020400L,0x00020408L,0x08020408L,
+-0x00000001L,0x08000001L,0x00000009L,0x08000009L,
+-0x00000401L,0x08000401L,0x00000409L,0x08000409L,
+-0x00020001L,0x08020001L,0x00020009L,0x08020009L,
+-0x00020401L,0x08020401L,0x00020409L,0x08020409L,
+-0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
+-0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
+-0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
+-0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
+-0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
+-0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
+-0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
+-0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
+-},{
+-/* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+-0x00000000L,0x00000100L,0x00080000L,0x00080100L,
+-0x01000000L,0x01000100L,0x01080000L,0x01080100L,
+-0x00000010L,0x00000110L,0x00080010L,0x00080110L,
+-0x01000010L,0x01000110L,0x01080010L,0x01080110L,
+-0x00200000L,0x00200100L,0x00280000L,0x00280100L,
+-0x01200000L,0x01200100L,0x01280000L,0x01280100L,
+-0x00200010L,0x00200110L,0x00280010L,0x00280110L,
+-0x01200010L,0x01200110L,0x01280010L,0x01280110L,
+-0x00000200L,0x00000300L,0x00080200L,0x00080300L,
+-0x01000200L,0x01000300L,0x01080200L,0x01080300L,
+-0x00000210L,0x00000310L,0x00080210L,0x00080310L,
+-0x01000210L,0x01000310L,0x01080210L,0x01080310L,
+-0x00200200L,0x00200300L,0x00280200L,0x00280300L,
+-0x01200200L,0x01200300L,0x01280200L,0x01280300L,
+-0x00200210L,0x00200310L,0x00280210L,0x00280310L,
+-0x01200210L,0x01200310L,0x01280210L,0x01280310L,
+-},{
+-/* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+-0x00000000L,0x04000000L,0x00040000L,0x04040000L,
+-0x00000002L,0x04000002L,0x00040002L,0x04040002L,
+-0x00002000L,0x04002000L,0x00042000L,0x04042000L,
+-0x00002002L,0x04002002L,0x00042002L,0x04042002L,
+-0x00000020L,0x04000020L,0x00040020L,0x04040020L,
+-0x00000022L,0x04000022L,0x00040022L,0x04040022L,
+-0x00002020L,0x04002020L,0x00042020L,0x04042020L,
+-0x00002022L,0x04002022L,0x00042022L,0x04042022L,
+-0x00000800L,0x04000800L,0x00040800L,0x04040800L,
+-0x00000802L,0x04000802L,0x00040802L,0x04040802L,
+-0x00002800L,0x04002800L,0x00042800L,0x04042800L,
+-0x00002802L,0x04002802L,0x00042802L,0x04042802L,
+-0x00000820L,0x04000820L,0x00040820L,0x04040820L,
+-0x00000822L,0x04000822L,0x00040822L,0x04040822L,
+-0x00002820L,0x04002820L,0x00042820L,0x04042820L,
+-0x00002822L,0x04002822L,0x00042822L,0x04042822L,
+-}};
+Index: crypto/openssl/crypto/des/supp.c
+===================================================================
+RCS file: crypto/openssl/crypto/des/supp.c
+diff -N crypto/openssl/crypto/des/supp.c
+--- crypto/openssl/crypto/des/supp.c	10 Jan 2000 06:21:37 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,107 +0,0 @@
+-/* crypto/des/supp.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-/*
+- * Copyright (c) 1995
+- *	Mark Murray.  All rights reserved.
+- *
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the above copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *	This product includes software developed by Mark Murray
+- * 4. Neither the name of the author nor the names of any co-contributors
+- *    may be used to endorse or promote products derived from this software
+- *    without specific prior written permission.
+- *
+- * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- *
+- * $Id: supp.c,v 1.5 1999/05/16 12:25:45 bodo Exp $
+- */
+-
+-#include <stdio.h>
+-#include "des_locl.h"
+-
+-void des_cblock_print_file(const_des_cblock *cb, FILE *fp)
+-{
+-	int i;
+-	const unsigned int *p = (const unsigned int *)cb;
+-
+-	fprintf(fp, " 0x { ");
+-	for (i = 0; i < 8; i++) {
+-		fprintf(fp, "%x", p[i]);
+-		if (i != 7) fprintf(fp, ", ");
+-	}
+-	fprintf(fp, " }");
+-}
+Index: crypto/openssl/crypto/des/testdes.pl
+===================================================================
+RCS file: crypto/openssl/crypto/des/testdes.pl
+diff -N crypto/openssl/crypto/des/testdes.pl
+--- crypto/openssl/crypto/des/testdes.pl	10 Jan 2000 06:21:38 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,167 +0,0 @@
+-#!/usr/local/bin/perl
+-
+-# des.pl tesing code
+-
+-require 'des.pl';
+-
+-$num_tests=34;
+-@key_data=(
+-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+-	0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+-	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+-	0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57,
+-	0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E,
+-	0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86,
+-	0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+-	0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+-	0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE,
+-	0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6,
+-	0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE,
+-	0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16,
+-	0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F,
+-	0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46,
+-	0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E,
+-	0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76,
+-	0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07,
+-	0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F,
+-	0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7,
+-	0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF,
+-	0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6,
+-	0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF,
+-	0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+-	0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E,
+-	0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE,
+-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+-	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+-	);
+-
+-@plain_data=(
+-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+-	0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+-	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+-	0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42,
+-	0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA,
+-	0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72,
+-	0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A,
+-	0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2,
+-	0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A,
+-	0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2,
+-	0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A,
+-	0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02,
+-	0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A,
+-	0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32,
+-	0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA,
+-	0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62,
+-	0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2,
+-	0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA,
+-	0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92,
+-	0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A,
+-	0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2,
+-	0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A,
+-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+-	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+-	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+-	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
+-
+-@cipher_data=(
+-	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
+-	0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58,
+-	0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B,
+-	0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33,
+-	0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D,
+-	0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD,
+-	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
+-	0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4,
+-	0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B,
+-	0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71,
+-	0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A,
+-	0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A,
+-	0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95,
+-	0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B,
+-	0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09,
+-	0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A,
+-	0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F,
+-	0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88,
+-	0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77,
+-	0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A,
+-	0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56,
+-	0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56,
+-	0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56,
+-	0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC,
+-	0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A,
+-	0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41,
+-	0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93,
+-	0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00,
+-	0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06,
+-	0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7,
+-	0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51,
+-	0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE,
+-	0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D,
+-	0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2);
+-
+-print "Doing ecb tests\n";
+-for ($i=0; $i<$num_tests; $i++)
+-	{
+-	printf "Doing test $i\n";
+-	$key =pack("C8",splice(@key_data   ,0,8));
+-	$data=pack("C8",splice(@plain_data ,0,8));
+-	$res =pack("C8",splice(@cipher_data,0,8));
+-
+-	@ks=  &des_set_key($key);
+-	$out1= &des_ecb_encrypt(*ks,1,$data);
+-	$out2= &des_ecb_encrypt(*ks,0,$out1);
+-	$out3= &des_ecb_encrypt(*ks,0,$res);
+-	&eprint("encryption failure",$res,$out1)
+-		if ($out1 ne $res);
+-	&eprint("encryption/decryption failure",$data,$out2)
+-		if ($out2 ne $data);
+-	&eprint("decryption failure",$data,$out3)
+-		if ($data ne $out3);
+-	}
+-print "Done\n";
+-
+-print "doing speed test over 30 seconds\n";
+-$SIG{'ALRM'}='done';
+-sub done {$done=1;}
+-$done=0;
+-
+-$count=0;
+-$d=pack("C8",0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
+-@ks=  &des_set_key($d);
+-alarm(30);
+-$start=(times)[0];
+-while (!$done)
+-	{
+-	$count++;
+-	$d=&des_ecb_encrypt(*ks,1,$d);
+-	}
+-$end=(times)[0];
+-$t=$end-$start;
+-printf "$count DESs in %.2f seconds is %.2f DESs/sec or %.2f bytes/sec\n",
+-	1.0*$t,1.0*$count/$t,$count*8.0/$t;
+-
+-sub eprint
+-	{
+-	local($s,$c,$e)=@_;
+-	local(@k);
+-
+-	@k=unpack("C8",$c);
+-	printf "%02x%02x%02x%02x %02x%02x%02x%02x - ",unpack("C8",$c);
+-	printf "%02x%02x%02x%02x %02x%02x%02x%02x :",unpack("C8",$e);
+-	print " $s\n";
+-	}
+cvs diff: Diffing crypto/openssl/crypto/des/asm
+cvs diff: Diffing crypto/openssl/crypto/des/t
+cvs diff: Diffing crypto/openssl/crypto/des/times
+cvs diff: Diffing crypto/openssl/crypto/dh
+Index: crypto/openssl/crypto/dh/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/dh/Makefile.save
+diff -N crypto/openssl/crypto/dh/Makefile.save
+--- crypto/openssl/crypto/dh/Makefile.save	26 Nov 2000 11:33:26 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,118 +0,0 @@
+-#
+-# SSLeay/crypto/dh/Makefile
+-#
+-
+-DIR=	dh
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST= dhtest.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+-LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= dh.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-dh_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+-dh_check.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-dh_check.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-dh_check.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-dh_check.o: ../cryptlib.h
+-dh_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-dh_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+-dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-dh_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-dh_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-dh_err.o: ../../include/openssl/symhacks.h
+-dh_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+-dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-dh_gen.o: ../cryptlib.h
+-dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+-dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+-dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-dh_lib.o: ../cryptlib.h
+Index: crypto/openssl/crypto/dh/dh.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dh/dh.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 dh.h
+--- crypto/openssl/crypto/dh/dh.h	26 Nov 2000 11:33:27 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/dh/dh.h	31 Jul 2002 00:46:54 -0000
+@@ -177,12 +177,12 @@
+ #else
+ int	DHparams_print(char *bp, DH *x);
+ #endif
+-void	ERR_load_DH_strings(void );
+ 
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_DH_strings(void);
+ 
+ /* Error codes for the DH functions. */
+ 
+@@ -195,10 +195,10 @@
+ #define DH_F_DH_NEW					 105
+ 
+ /* Reason codes. */
++#define DH_R_BAD_GENERATOR				 101
+ #define DH_R_NO_PRIVATE_VALUE				 100
+ 
+ #ifdef  __cplusplus
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/dh/dh_err.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dh/dh_err.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 dh_err.c
+--- crypto/openssl/crypto/dh/dh_err.c	20 Aug 2000 08:46:21 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/dh/dh_err.c	31 Jul 2002 00:46:54 -0000
+@@ -1,6 +1,6 @@
+ /* crypto/dh/dh_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -77,6 +77,7 @@
+ 
+ static ERR_STRING_DATA DH_str_reasons[]=
+ 	{
++{DH_R_BAD_GENERATOR                      ,"bad generator"},
+ {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
+ {0,NULL}
+ 	};
+Index: crypto/openssl/crypto/dh/dh_gen.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dh/dh_gen.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 dh_gen.c
+--- crypto/openssl/crypto/dh/dh_gen.c	20 Aug 2000 08:46:21 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/dh/dh_gen.c	31 Jul 2002 00:46:54 -0000
+@@ -82,7 +82,10 @@
+  * Since DH should be using a safe prime (both p and q are prime),
+  * this generator function can take a very very long time to run.
+  */
+-
++/* Actually there is no reason to insist that 'generator' be a generator.
++ * It's just as OK (and in some sense better) to use a generator of the
++ * order-q subgroup.
++ */
+ DH *DH_generate_parameters(int prime_len, int generator,
+ 	     void (*callback)(int,int,void *), void *cb_arg)
+ 	{
+@@ -100,30 +103,43 @@
+ 	t2 = BN_CTX_get(ctx);
+ 	if (t1 == NULL || t2 == NULL) goto err;
+ 	
++	if (generator <= 1)
++		{
++		DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
++		goto err;
++		}
+ 	if (generator == DH_GENERATOR_2)
+ 		{
+-		BN_set_word(t1,24);
+-		BN_set_word(t2,11);
++		if (!BN_set_word(t1,24)) goto err;
++		if (!BN_set_word(t2,11)) goto err;
+ 		g=2;
+ 		}
+-#ifdef undef  /* does not work for safe primes */
++#if 0 /* does not work for safe primes */
+ 	else if (generator == DH_GENERATOR_3)
+ 		{
+-		BN_set_word(t1,12);
+-		BN_set_word(t2,5);
++		if (!BN_set_word(t1,12)) goto err;
++		if (!BN_set_word(t2,5)) goto err;
+ 		g=3;
+ 		}
+ #endif
+ 	else if (generator == DH_GENERATOR_5)
+ 		{
+-		BN_set_word(t1,10);
+-		BN_set_word(t2,3);
++		if (!BN_set_word(t1,10)) goto err;
++		if (!BN_set_word(t2,3)) goto err;
+ 		/* BN_set_word(t3,7); just have to miss
+ 		 * out on these ones :-( */
+ 		g=5;
+ 		}
+ 	else
++		{
++		/* in the general case, don't worry if 'generator' is a
++		 * generator or not: since we are using safe primes,
++		 * it will generate either an order-q or an order-2q group,
++		 * which both is OK */
++		if (!BN_set_word(t1,2)) goto err;
++		if (!BN_set_word(t2,1)) goto err;
+ 		g=generator;
++		}
+ 	
+ 	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
+ 	if (p == NULL) goto err;
+Index: crypto/openssl/crypto/dh/dh_key.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dh/dh_key.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 dh_key.c
+--- crypto/openssl/crypto/dh/dh_key.c	4 Jul 2001 23:19:21 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/dh/dh_key.c	31 Jul 2002 00:46:54 -0000
+@@ -99,6 +99,8 @@
+ static int generate_key(DH *dh)
+ 	{
+ 	int ok=0;
++	int generate_new_key=0;
++	unsigned l;
+ 	BN_CTX ctx;
+ 	BN_MONT_CTX *mont;
+ 	BIGNUM *pub_key=NULL,*priv_key=NULL;
+@@ -109,9 +111,7 @@
+ 		{
+ 		priv_key=BN_new();
+ 		if (priv_key == NULL) goto err;
+-		do
+-			if (!BN_rand_range(priv_key, dh->p)) goto err;
+-		while (BN_is_zero(priv_key));
++		generate_new_key=1;
+ 		}
+ 	else
+ 		priv_key=dh->priv_key;
+@@ -132,8 +132,12 @@
+ 		}
+ 	mont=(BN_MONT_CTX *)dh->method_mont_p;
+ 
+-	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
+-								goto err;
++	if (generate_new_key)
++		{
++		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
++		if (!BN_rand(priv_key, l, 0, 0)) goto err;
++		}
++	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
+ 		
+ 	dh->pub_key=pub_key;
+ 	dh->priv_key=priv_key;
+Index: crypto/openssl/crypto/dh/dh_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dh/dh_lib.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 dh_lib.c
+--- crypto/openssl/crypto/dh/dh_lib.c	4 Jul 2001 23:19:21 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/dh/dh_lib.c	31 Jul 2002 00:46:54 -0000
+@@ -63,7 +63,7 @@
+ 
+ const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+ 
+-static DH_METHOD *default_DH_method;
++static DH_METHOD *default_DH_method = NULL;
+ static int dh_meth_num = 0;
+ static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
+ 
+Index: crypto/openssl/crypto/dh/dhtest.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dh/dhtest.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 dhtest.c
+--- crypto/openssl/crypto/dh/dhtest.c	26 Nov 2000 11:33:27 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/dh/dhtest.c	31 Jul 2002 00:46:54 -0000
+@@ -66,6 +66,7 @@
+ #include <openssl/bio.h>
+ #include <openssl/bn.h>
+ #include <openssl/rand.h>
++#include <openssl/err.h>
+ 
+ #ifdef NO_DH
+ int main(int argc, char *argv[])
+@@ -112,6 +113,16 @@
+ 	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+ 	if (a == NULL) goto err;
+ 
++	if (!DH_check(a, &i)) goto err;
++	if (i & DH_CHECK_P_NOT_PRIME)
++		BIO_puts(out, "p value is not prime\n");
++	if (i & DH_CHECK_P_NOT_SAFE_PRIME)
++		BIO_puts(out, "p value is not a safe prime\n");
++	if (i & DH_UNABLE_TO_CHECK_GENERATOR)
++		BIO_puts(out, "unable to check the generator value\n");
++	if (i & DH_NOT_SUITABLE_GENERATOR)
++		BIO_puts(out, "the g value is not a generator\n");
++
+ 	BIO_puts(out,"\np    =");
+ 	BN_print(out,a->p);
+ 	BIO_puts(out,"\ng    =");
+@@ -170,6 +181,8 @@
+ 	else
+ 		ret=0;
+ err:
++	ERR_print_errors_fp(stderr);
++
+ 	if (abuf != NULL) OPENSSL_free(abuf);
+ 	if (bbuf != NULL) OPENSSL_free(bbuf);
+ 	if(b != NULL) DH_free(b);
+cvs diff: Diffing crypto/openssl/crypto/dsa
+Index: crypto/openssl/crypto/dsa/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/dsa/Makefile.save
+diff -N crypto/openssl/crypto/dsa/Makefile.save
+--- crypto/openssl/crypto/dsa/Makefile.save	26 Nov 2000 11:33:27 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,153 +0,0 @@
+-#
+-# SSLeay/crypto/dsa/Makefile
+-#
+-
+-DIR=	dsa
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=dsatest.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+-	dsa_err.c dsa_ossl.c
+-LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+-	dsa_err.o dsa_ossl.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= dsa.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-dsa_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-dsa_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-dsa_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-dsa_asn1.o: ../../include/openssl/opensslconf.h
+-dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-dsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-dsa_asn1.o: ../cryptlib.h
+-dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+-dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h
+-dsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-dsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+-dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+-dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+-dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-dsa_lib.o: ../cryptlib.h
+-dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+-dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+-dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+-dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-dsa_vrf.o: ../cryptlib.h
+Index: crypto/openssl/crypto/dsa/dsa.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dsa/dsa.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 dsa.h
+--- crypto/openssl/crypto/dsa/dsa.h	26 Nov 2000 11:33:27 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/dsa/dsa.h	31 Jul 2002 00:46:55 -0000
+@@ -178,8 +178,6 @@
+ int DSA_set_ex_data(DSA *d, int idx, void *arg);
+ void *DSA_get_ex_data(DSA *d, int idx);
+ 
+-void	ERR_load_DSA_strings(void );
+-
+ DSA *	d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+ DSA *	d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+ DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+@@ -216,6 +214,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_DSA_strings(void);
+ 
+ /* Error codes for the DSA functions. */
+ 
+@@ -236,9 +235,9 @@
+ 
+ /* Reason codes. */
+ #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
++#define DSA_R_MISSING_PARAMETERS			 101
+ 
+ #ifdef  __cplusplus
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/dsa/dsa_asn1.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dsa/dsa_asn1.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 dsa_asn1.c
+--- crypto/openssl/crypto/dsa/dsa_asn1.c	26 Nov 2000 11:33:27 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/dsa/dsa_asn1.c	31 Jul 2002 00:46:55 -0000
+@@ -84,6 +84,7 @@
+ 	if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
+ 		goto err_bn;
+ 	M_ASN1_BIT_STRING_free(bs);
++	bs = NULL;
+ 	M_ASN1_D2I_Finish_2(a);
+ 
+ err_bn:
+Index: crypto/openssl/crypto/dsa/dsa_err.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dsa/dsa_err.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 dsa_err.c
+--- crypto/openssl/crypto/dsa/dsa_err.c	20 Aug 2000 08:46:22 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/dsa/dsa_err.c	31 Jul 2002 00:46:55 -0000
+@@ -85,6 +85,7 @@
+ static ERR_STRING_DATA DSA_str_reasons[]=
+ 	{
+ {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
++{DSA_R_MISSING_PARAMETERS                ,"missing parameters"},
+ {0,NULL}
+ 	};
+ 
+Index: crypto/openssl/crypto/dsa/dsa_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dsa/dsa_lib.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 dsa_lib.c
+--- crypto/openssl/crypto/dsa/dsa_lib.c	4 Jul 2001 23:19:22 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/dsa/dsa_lib.c	31 Jul 2002 00:46:55 -0000
+@@ -66,7 +66,7 @@
+ 
+ const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+ 
+-static DSA_METHOD *default_DSA_method;
++static DSA_METHOD *default_DSA_method = NULL;
+ static int dsa_meth_num = 0;
+ static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
+ 
+Index: crypto/openssl/crypto/dsa/dsa_ossl.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dsa/dsa_ossl.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 dsa_ossl.c
+--- crypto/openssl/crypto/dsa/dsa_ossl.c	4 Jul 2001 23:19:22 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/dsa/dsa_ossl.c	31 Jul 2002 00:46:55 -0000
+@@ -105,6 +105,11 @@
+ 	int i,reason=ERR_R_BN_LIB;
+ 	DSA_SIG *ret=NULL;
+ 
++	if (!dsa->p || !dsa->q || !dsa->g)
++		{
++		reason=DSA_R_MISSING_PARAMETERS;
++		goto err;
++		}
+ 	BN_init(&m);
+ 	BN_init(&xr);
+ 	s=BN_new();
+@@ -167,6 +172,11 @@
+ 	BIGNUM k,*kinv=NULL,*r=NULL;
+ 	int ret=0;
+ 
++	if (!dsa->p || !dsa->q || !dsa->g)
++		{
++		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
++		return 0;
++		}
+ 	if (ctx_in == NULL)
+ 		{
+ 		if ((ctx=BN_CTX_new()) == NULL) goto err;
+@@ -229,6 +239,17 @@
+ 	BN_init(&u1);
+ 	BN_init(&u2);
+ 	BN_init(&t1);
++
++	if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
++		{
++		ret = 0;
++		goto err;
++		}
++	if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
++		{
++		ret = 0;
++		goto err;
++		}
+ 
+ 	/* Calculate W = inv(S) mod Q
+ 	 * save W in u2 */
+cvs diff: Diffing crypto/openssl/crypto/dso
+Index: crypto/openssl/crypto/dso/dso.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dso/dso.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 dso.h
+--- crypto/openssl/crypto/dso/dso.h	26 Nov 2000 11:33:29 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/dso/dso.h	31 Jul 2002 00:46:55 -0000
+@@ -194,12 +194,11 @@
+ /* If VMS is defined, use shared images. If not, return NULL. */
+ DSO_METHOD *DSO_METHOD_vms(void);
+ 
+-void ERR_load_DSO_strings(void);
+-
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_DSO_strings(void);
+ 
+ /* Error codes for the DSO functions. */
+ 
+@@ -247,4 +246,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/dso/dso_dlfcn.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dso/dso_dlfcn.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 dso_dlfcn.c
+--- crypto/openssl/crypto/dso/dso_dlfcn.c	26 Nov 2000 11:33:29 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/dso/dso_dlfcn.c	31 Jul 2002 00:46:55 -0000
+@@ -112,7 +112,7 @@
+  * as we don't have autoconf yet, I'm implementing a hack that could
+  * be hacked further relatively easily to deal with cases as we find
+  * them. Initially this is to cope with OpenBSD. */
+-#ifdef __OpenBSD__
++#if defined(__OpenBSD__) || defined(__NetBSD__)
+ #	ifdef DL_LAZY
+ #		define DLOPEN_FLAG DL_LAZY
+ #	else
+cvs diff: Diffing crypto/openssl/crypto/err
+Index: crypto/openssl/crypto/err/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/err/Makefile.save
+diff -N crypto/openssl/crypto/err/Makefile.save
+--- crypto/openssl/crypto/err/Makefile.save	26 Nov 2000 11:33:29 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,115 +0,0 @@
+-#
+-# SSLeay/crypto/err/Makefile
+-#
+-
+-DIR=	err
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=err.c err_all.c err_prn.c
+-LIBOBJ=err.o err_all.o err_prn.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= err.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-err.o: ../cryptlib.h
+-err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-err_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-err_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+-err_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+-err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+-err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-err_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-err_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-err_prn.o: ../cryptlib.h
+Index: crypto/openssl/crypto/err/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/err/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/crypto/err/Makefile.ssl	4 Jul 2001 23:19:23 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/err/Makefile.ssl	31 Jul 2002 00:46:55 -0000
+@@ -92,21 +92,21 @@
+ err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+-err_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+-err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+-err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-err_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++err_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem2.h
++err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
++err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
++err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
++err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
++err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++err_all.o: ../../include/openssl/x509v3.h
+ err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+ err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+ err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+Index: crypto/openssl/crypto/err/err.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/err/err.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 err.c
+--- crypto/openssl/crypto/err/err.c	4 Jul 2001 23:19:23 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/err/err.c	31 Jul 2002 00:46:55 -0000
+@@ -784,7 +784,7 @@
+ 				if (p == NULL)
+ 					{
+ 					OPENSSL_free(str);
+-					return;
++					goto err;
+ 					}
+ 				else
+ 					str=p;
+@@ -794,6 +794,7 @@
+ 		}
+ 	ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
+ 
++err:
+ 	va_end(args);
+ 	}
+ 
+Index: crypto/openssl/crypto/err/err.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/err/err.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 err.h
+--- crypto/openssl/crypto/err/err.h	26 Nov 2000 11:33:30 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/err/err.h	31 Jul 2002 00:46:55 -0000
+@@ -132,6 +132,7 @@
+ #define ERR_LIB_PKCS12		35
+ #define ERR_LIB_RAND		36
+ #define ERR_LIB_DSO		37
++#define ERR_LIB_COMP		41
+ 
+ #define ERR_LIB_USER		128
+ 
+@@ -161,6 +162,7 @@
+ #define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__)
+ #define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
+ #define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__)
++#define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),ERR_file_name,__LINE__)
+ 
+ /* Borland C seems too stupid to be able to shift and do longs in
+  * the pre-processor :-( */
+@@ -210,6 +212,7 @@
+ #define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7
+ #define ERR_R_PKCS12_LIB ERR_LIB_PKCS12
+ #define ERR_R_DSO_LIB	ERR_LIB_DSO
++#define ERR_R_COMP_LIB	ERR_LIB_COMP
+ 
+ /* fatal error */
+ #define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)
+cvs diff: Diffing crypto/openssl/crypto/evp
+Index: crypto/openssl/crypto/evp/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/evp/Makefile.save
+diff -N crypto/openssl/crypto/evp/Makefile.save
+--- crypto/openssl/crypto/evp/Makefile.save	26 Nov 2000 11:33:31 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,916 +0,0 @@
+-#
+-# SSLeay/crypto/evp/Makefile
+-#
+-
+-DIR=	evp
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
+-	e_des.c e_bf.c e_idea.c e_des3.c \
+-	e_rc4.c names.c \
+-	e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+-	m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+-	m_dss.c m_dss1.c m_mdc2.c m_ripemd.c \
+-	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+-	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+-	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+-	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+-
+-LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o \
+-	e_des.o e_bf.o e_idea.o e_des3.o \
+-	e_rc4.o names.o \
+-	e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+-	m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+-	m_dss.o m_dss1.o m_mdc2.o m_ripemd.o \
+-	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+-	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+-	c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+-	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= evp.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-bio_b64.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-bio_b64.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-bio_b64.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-bio_b64.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-bio_b64.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bio_b64.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-bio_b64.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-bio_b64.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-bio_b64.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-bio_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-bio_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-bio_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bio_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-bio_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-bio_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-bio_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-bio_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-bio_md.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-bio_md.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-bio_md.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bio_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-bio_md.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-bio_md.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-bio_md.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bio_md.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-bio_md.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-bio_md.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-bio_ok.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-bio_ok.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-bio_ok.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-bio_ok.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-bio_ok.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-bio_ok.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-bio_ok.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-bio_ok.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+-bio_ok.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-bio_ok.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-bio_ok.o: ../cryptlib.h
+-c_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-c_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-c_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-c_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-c_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-c_allc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-c_allc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-c_allc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-c_allc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-c_allc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-c_allc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-c_allc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+-c_allc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-c_allc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-c_allc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-c_alld.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-c_alld.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-c_alld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-c_alld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-c_alld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-c_alld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-c_alld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-c_alld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+-c_alld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-c_alld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-c_alld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-digest.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-e_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-e_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-e_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-e_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-e_bf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-e_bf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-e_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-e_bf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-e_bf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-e_bf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+-e_cast.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-e_cast.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-e_cast.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-e_cast.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-e_cast.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-e_cast.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-e_cast.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-e_cast.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-e_cast.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-e_cast.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+-e_des.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-e_des.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-e_des.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-e_des.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-e_des.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-e_des.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-e_des.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-e_des.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-e_des.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-e_des.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-e_des.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-e_des.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-e_des.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-e_des.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-e_des.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+-e_des3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-e_des3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-e_des3.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-e_des3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-e_des3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-e_des3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-e_des3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-e_des3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-e_des3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-e_des3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-e_des3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-e_des3.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+-e_idea.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-e_idea.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-e_idea.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-e_idea.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-e_idea.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-e_idea.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-e_idea.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-e_idea.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-e_idea.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-e_idea.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-e_idea.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+-e_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-e_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-e_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-e_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-e_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-e_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-e_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-e_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-e_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-e_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-e_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-e_rc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-e_rc2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-e_rc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-e_rc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-e_rc2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-e_rc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-e_rc2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-e_rc2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-e_rc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-e_rc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-e_rc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+-e_rc4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-e_rc4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-e_rc4.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-e_rc4.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-e_rc4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-e_rc4.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-e_rc4.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-e_rc4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-e_rc4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-e_rc5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-e_rc5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-e_rc5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-e_rc5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-e_rc5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-e_rc5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-e_rc5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-e_rc5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-e_rc5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-e_rc5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-e_rc5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-e_rc5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-e_rc5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-e_rc5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+-e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-e_xcbc_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-e_xcbc_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-e_xcbc_d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-e_xcbc_d.o: ../../include/openssl/opensslconf.h
+-e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+-e_xcbc_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-e_xcbc_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-e_xcbc_d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-e_xcbc_d.o: ../cryptlib.h
+-encode.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-encode.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-encode.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-encode.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-encode.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-encode.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-encode.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-encode.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-encode.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-encode.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-encode.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-encode.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-encode.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-encode.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-evp_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-evp_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-evp_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-evp_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-evp_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-evp_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-evp_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-evp_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-evp_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+-evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-evp_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-evp_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-evp_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+-evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-evp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-evp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-evp_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-evp_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-evp_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-evp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-evp_err.o: ../../include/openssl/symhacks.h
+-evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-evp_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-evp_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-evp_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-evp_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-evp_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-evp_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-evp_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-evp_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-evp_key.o: ../cryptlib.h
+-evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-evp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-evp_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-evp_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-evp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-evp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-evp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-evp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-evp_pbe.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-evp_pbe.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-evp_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-evp_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-evp_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-evp_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-evp_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-evp_pbe.o: ../cryptlib.h
+-evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-evp_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-evp_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-evp_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-evp_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-evp_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-evp_pkey.o: ../../include/openssl/opensslconf.h
+-evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-evp_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+-evp_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-evp_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-evp_pkey.o: ../cryptlib.h
+-m_dss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-m_dss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-m_dss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-m_dss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-m_dss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-m_dss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-m_dss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-m_dss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-m_dss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-m_dss.o: ../cryptlib.h
+-m_dss1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-m_dss1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-m_dss1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-m_dss1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-m_dss1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-m_dss1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-m_dss1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-m_dss1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-m_dss1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-m_dss1.o: ../cryptlib.h
+-m_md2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-m_md2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-m_md2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-m_md2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-m_md2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-m_md2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-m_md2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-m_md2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-m_md2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-m_md2.o: ../cryptlib.h
+-m_md4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-m_md4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-m_md4.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-m_md4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-m_md4.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-m_md4.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-m_md4.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-m_md4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-m_md4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-m_md4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-m_md4.o: ../cryptlib.h
+-m_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-m_md5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-m_md5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-m_md5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-m_md5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-m_md5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-m_md5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-m_md5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-m_md5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-m_md5.o: ../cryptlib.h
+-m_mdc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-m_mdc2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-m_mdc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-m_mdc2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-m_mdc2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-m_mdc2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-m_mdc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-m_mdc2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-m_mdc2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-m_mdc2.o: ../cryptlib.h
+-m_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-m_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-m_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-m_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-m_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-m_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-m_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-m_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-m_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-m_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-m_null.o: ../cryptlib.h
+-m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-m_ripemd.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-m_ripemd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-m_ripemd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-m_ripemd.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-m_ripemd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-m_ripemd.o: ../../include/openssl/opensslconf.h
+-m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-m_ripemd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-m_ripemd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-m_sha.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-m_sha.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-m_sha.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-m_sha.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-m_sha.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-m_sha.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-m_sha.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-m_sha.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-m_sha.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-m_sha.o: ../cryptlib.h
+-m_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-m_sha1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-m_sha1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-m_sha1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-m_sha1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-m_sha1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-m_sha1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-m_sha1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-m_sha1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-m_sha1.o: ../cryptlib.h
+-names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-names.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-names.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-names.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-names.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-names.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-names.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-names.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-names.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-names.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-names.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-names.o: ../cryptlib.h
+-p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p5_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p5_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p5_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-p5_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-p5_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p5_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p5_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-p5_crpt.o: ../cryptlib.h
+-p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p5_crpt2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p5_crpt2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p5_crpt2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+-p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p5_crpt2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p5_crpt2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p5_crpt2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p5_crpt2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p_dec.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p_dec.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p_dec.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p_dec.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p_dec.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-p_dec.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-p_dec.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+-p_dec.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p_dec.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-p_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-p_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+-p_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-p_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-p_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p_open.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p_open.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p_open.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p_open.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p_open.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p_open.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-p_open.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-p_open.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p_open.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p_open.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-p_open.o: ../cryptlib.h
+-p_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-p_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-p_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+-p_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-p_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-p_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-p_sign.o: ../cryptlib.h
+-p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-p_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-p_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-p_verify.o: ../../include/openssl/opensslconf.h
+-p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-p_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+Index: crypto/openssl/crypto/evp/bio_b64.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/bio_b64.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bio_b64.c
+--- crypto/openssl/crypto/evp/bio_b64.c	26 Nov 2000 11:33:31 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/evp/bio_b64.c	31 Jul 2002 00:46:55 -0000
+@@ -465,7 +465,8 @@
+ 		break;
+ 	case BIO_CTRL_WPENDING: /* More to write in buffer */
+ 		ret=ctx->buf_len-ctx->buf_off;
+-		if ((ret == 0) && (ctx->base64.num != 0))
++		if ((ret == 0) && (ctx->encode != B64_NONE)
++			&& (ctx->base64.num != 0))
+ 			ret=1;
+ 		else if (ret <= 0)
+ 			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+@@ -500,7 +501,7 @@
+ 				goto again;
+ 				}
+ 			}
+-		else if (ctx->base64.num != 0)
++		else if (ctx->encode != B64_NONE && ctx->base64.num != 0)
+ 			{
+ 			ctx->buf_off=0;
+ 			EVP_EncodeFinal(&(ctx->base64),
+Index: crypto/openssl/crypto/evp/bio_enc.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/bio_enc.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bio_enc.c
+--- crypto/openssl/crypto/evp/bio_enc.c	26 Nov 2000 11:33:31 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/evp/bio_enc.c	31 Jul 2002 00:46:55 -0000
+@@ -106,8 +106,8 @@
+ 	BIO_ENC_CTX *ctx;
+ 
+ 	ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
+-	EVP_CIPHER_CTX_init(&ctx->cipher);
+ 	if (ctx == NULL) return(0);
++	EVP_CIPHER_CTX_init(&ctx->cipher);
+ 
+ 	ctx->buf_len=0;
+ 	ctx->buf_off=0;
+Index: crypto/openssl/crypto/evp/c_allc.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/c_allc.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 c_allc.c
+--- crypto/openssl/crypto/evp/c_allc.c	20 Aug 2000 08:48:36 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/evp/c_allc.c	31 Jul 2002 00:46:55 -0000
+@@ -64,6 +64,10 @@
+ 
+ void OpenSSL_add_all_ciphers(void)
+ 	{
++	static int done=0;
++
++	if (done) return;
++	done=1;
+ #ifndef NO_DES
+ 	EVP_add_cipher(EVP_des_cfb());
+ 	EVP_add_cipher(EVP_des_ede_cfb());
+Index: crypto/openssl/crypto/evp/c_alld.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/c_alld.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 c_alld.c
+--- crypto/openssl/crypto/evp/c_alld.c	26 Nov 2000 11:33:32 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/evp/c_alld.c	31 Jul 2002 00:46:55 -0000
+@@ -64,6 +64,10 @@
+ 
+ void OpenSSL_add_all_digests(void)
+ 	{
++	static int done=0;
++
++	if (done) return;
++	done=1;
+ #ifndef NO_MD2
+ 	EVP_add_digest(EVP_md2());
+ #endif
+Index: crypto/openssl/crypto/evp/e_bf.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/e_bf.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 e_bf.c
+--- crypto/openssl/crypto/evp/e_bf.c	26 Nov 2000 11:38:44 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/evp/e_bf.c	31 Jul 2002 00:46:55 -0000
+@@ -67,7 +67,7 @@
+ 		       const unsigned char *iv, int enc);
+ 
+ IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
+-			0, bf_init_key, NULL, 
++			EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
+ 			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+ 	
+ static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+Index: crypto/openssl/crypto/evp/e_cbc_3d.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cbc_3d.c
+diff -N crypto/openssl/crypto/evp/e_cbc_3d.c
+--- crypto/openssl/crypto/evp/e_cbc_3d.c	20 Aug 2000 08:46:24 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,151 +0,0 @@
+-/* crypto/evp/e_cbc_3d.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_DES
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER d_cbc_ede_cipher2=
+-	{
+-	NID_des_ede_cbc,
+-	8,16,8,
+-	des_cbc_ede_init_key,
+-	des_cbc_ede_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-static EVP_CIPHER d_cbc_ede_cipher3=
+-	{
+-	NID_des_ede3_cbc,
+-	8,24,8,
+-	des_cbc_ede3_init_key,
+-	des_cbc_ede_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_des_ede_cbc(void)
+-	{
+-	return(&d_cbc_ede_cipher2);
+-	}
+-
+-EVP_CIPHER *EVP_des_ede3_cbc(void)
+-	{
+-	return(&d_cbc_ede_cipher3);
+-	}
+-	
+-static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-
+-	if (deskey != NULL)
+-		{
+-		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+-		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+-		memcpy( (char *)ctx->c.des_ede.ks3,
+-			(char *)ctx->c.des_ede.ks1,
+-			sizeof(ctx->c.des_ede.ks1));
+-		}
+-	}
+-
+-static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-
+-	if (deskey != NULL)
+-		{
+-		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+-		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+-		des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
+-		}
+-	}
+-
+-static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	des_ede3_cbc_encrypt(in,out,inl, ctx->c.des_ede.ks1,
+-		ctx->c.des_ede.ks2,ctx->c.des_ede.ks3,
+-		(des_cblock *) &(ctx->iv[0]),
+-		ctx->encrypt);
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_cbc_bf.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cbc_bf.c
+diff -N crypto/openssl/crypto/evp/e_cbc_bf.c
+--- crypto/openssl/crypto/evp/e_cbc_bf.c	10 Jan 2000 06:21:41 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,106 +0,0 @@
+-/* crypto/evp/e_cbc_bf.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_BF
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER bfish_cbc_cipher=
+-	{
+-	NID_bf_cbc,
+-	8,EVP_BLOWFISH_KEY_SIZE,8,
+-	bf_cbc_init_key,
+-	bf_cbc_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_bf_cbc(void)
+-	{
+-	return(&bfish_cbc_cipher);
+-	}
+-	
+-static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+-	}
+-
+-static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	BF_cbc_encrypt(
+-		in,out,(long)inl,
+-		&(ctx->c.bf_ks),&(ctx->iv[0]),
+-		ctx->encrypt);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_cbc_c.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cbc_c.c
+diff -N crypto/openssl/crypto/evp/e_cbc_c.c
+--- crypto/openssl/crypto/evp/e_cbc_c.c	10 Jan 2000 06:21:41 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,107 +0,0 @@
+-/* crypto/evp/e_cbc_c.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_CAST
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER cast5_cbc_cipher=
+-	{
+-	NID_cast5_cbc,
+-	8,EVP_CAST5_KEY_SIZE,8,
+-	cast_cbc_init_key,
+-	cast_cbc_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_cast5_cbc(void)
+-	{
+-	return(&cast5_cbc_cipher);
+-	}
+-	
+-static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+-	}
+-
+-static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	CAST_cbc_encrypt(
+-		in,out,(long)inl,
+-		&(ctx->c.cast_ks),&(ctx->iv[0]),
+-		ctx->encrypt);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_cbc_d.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cbc_d.c
+diff -N crypto/openssl/crypto/evp/e_cbc_d.c
+--- crypto/openssl/crypto/evp/e_cbc_d.c	20 Aug 2000 08:46:24 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,106 +0,0 @@
+-/* crypto/evp/e_cbc_d.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_DES
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER d_cbc_cipher=
+-	{
+-	NID_des_cbc,
+-	8,8,8,
+-	des_cbc_init_key,
+-	des_cbc_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_des_cbc(void)
+-	{
+-	return(&d_cbc_cipher);
+-	}
+-	
+-static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (deskey != NULL)
+-		des_set_key_unchecked(deskey,ctx->c.des_ks);
+-	}
+-
+-static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	des_ncbc_encrypt(in,out,inl,ctx->c.des_ks,
+-		(des_cblock *)&(ctx->iv[0]),
+-		ctx->encrypt);
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_cbc_i.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cbc_i.c
+diff -N crypto/openssl/crypto/evp/e_cbc_i.c
+--- crypto/openssl/crypto/evp/e_cbc_i.c	10 Jan 2000 06:21:41 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,119 +0,0 @@
+-/* crypto/evp/e_cbc_i.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_IDEA
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER i_cbc_cipher=
+-	{
+-	NID_idea_cbc,
+-	8,16,8,
+-	idea_cbc_init_key,
+-	idea_cbc_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_idea_cbc(void)
+-	{
+-	return(&i_cbc_cipher);
+-	}
+-	
+-static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		{
+-		if (enc)
+-			idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+-		else
+-			{
+-			IDEA_KEY_SCHEDULE tmp;
+-
+-			idea_set_encrypt_key(key,&tmp);
+-			idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+-			memset((unsigned char *)&tmp,0,
+-				sizeof(IDEA_KEY_SCHEDULE));
+-			}
+-		}
+-	}
+-
+-static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	idea_cbc_encrypt(
+-		in,out,(long)inl,
+-		&(ctx->c.idea_ks),&(ctx->iv[0]),
+-		ctx->encrypt);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_cbc_r2.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cbc_r2.c
+diff -N crypto/openssl/crypto/evp/e_cbc_r2.c
+--- crypto/openssl/crypto/evp/e_cbc_r2.c	10 Jan 2000 06:21:41 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,216 +0,0 @@
+-/* crypto/evp/e_cbc_r2.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_RC2
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static int rc2_meth_to_magic(const EVP_CIPHER *e);
+-static EVP_CIPHER *rc2_magic_to_meth(int i);
+-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+-
+-#define RC2_40_MAGIC	0xa0
+-#define RC2_64_MAGIC	0x78
+-#define RC2_128_MAGIC	0x3a
+-
+-static EVP_CIPHER r2_cbc_cipher=
+-	{
+-	NID_rc2_cbc,
+-	8,EVP_RC2_KEY_SIZE,8,
+-	rc2_cbc_init_key,
+-	rc2_cbc_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+-	rc2_set_asn1_type_and_iv,
+-	rc2_get_asn1_type_and_iv,
+-	};
+-
+-static EVP_CIPHER r2_64_cbc_cipher=
+-	{
+-	NID_rc2_64_cbc,
+-	8,8 /* 64 bit */,8,
+-	rc2_cbc_init_key,
+-	rc2_cbc_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+-	rc2_set_asn1_type_and_iv,
+-	rc2_get_asn1_type_and_iv,
+-	};
+-
+-static EVP_CIPHER r2_40_cbc_cipher=
+-	{
+-	NID_rc2_40_cbc,
+-	8,5 /* 40 bit */,8,
+-	rc2_cbc_init_key,
+-	rc2_cbc_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+-	rc2_set_asn1_type_and_iv,
+-	rc2_get_asn1_type_and_iv,
+-	};
+-
+-EVP_CIPHER *EVP_rc2_cbc(void)
+-	{
+-	return(&r2_cbc_cipher);
+-	}
+-
+-EVP_CIPHER *EVP_rc2_64_cbc(void)
+-	{
+-	return(&r2_64_cbc_cipher);
+-	}
+-
+-EVP_CIPHER *EVP_rc2_40_cbc(void)
+-	{
+-	return(&r2_40_cbc_cipher);
+-	}
+-	
+-static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+-			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+-	}
+-
+-static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	RC2_cbc_encrypt(
+-		in,out,(long)inl,
+-		&(ctx->c.rc2_ks),&(ctx->iv[0]),
+-		ctx->encrypt);
+-	}
+-
+-static int rc2_meth_to_magic(const EVP_CIPHER *e)
+-	{
+-	int i;
+-
+-	i=EVP_CIPHER_key_length(e);
+-	if 	(i == 16) return(RC2_128_MAGIC);
+-	else if (i == 8)  return(RC2_64_MAGIC);
+-	else if (i == 5)  return(RC2_40_MAGIC);
+-	else return(0);
+-	}
+-
+-static EVP_CIPHER *rc2_magic_to_meth(int i)
+-	{
+-	if      (i == RC2_128_MAGIC) return(EVP_rc2_cbc());
+-	else if (i == RC2_64_MAGIC)  return(EVP_rc2_64_cbc());
+-	else if (i == RC2_40_MAGIC)  return(EVP_rc2_40_cbc());
+-	else
+-		{
+-		EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
+-		return(NULL);
+-		}
+-	}
+-
+-static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+-	{
+-	long num=0;
+-	int i=0,l;
+-	EVP_CIPHER *e;
+-
+-	if (type != NULL)
+-		{
+-		l=EVP_CIPHER_CTX_iv_length(c);
+-		i=ASN1_TYPE_get_int_octetstring(type,&num,c->oiv,l);
+-		if (i != l)
+-			return(-1);
+-		else if (i > 0)
+-			memcpy(c->iv,c->oiv,l);
+-		e=rc2_magic_to_meth((int)num);
+-		if (e == NULL)
+-			return(-1);
+-		if (e != EVP_CIPHER_CTX_cipher(c))
+-			{
+-			EVP_CIPHER_CTX_cipher(c)=e;
+-			rc2_cbc_init_key(c,NULL,NULL,1);
+-			}
+-		}
+-	return(i);
+-	}
+-
+-static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+-	{
+-	long num;
+-	int i=0,j;
+-
+-	if (type != NULL)
+-		{
+-		num=rc2_meth_to_magic(EVP_CIPHER_CTX_cipher(c));
+-		j=EVP_CIPHER_CTX_iv_length(c);
+-		i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
+-		}
+-	return(i);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_cbc_r5.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cbc_r5.c
+diff -N crypto/openssl/crypto/evp/e_cbc_r5.c
+--- crypto/openssl/crypto/evp/e_cbc_r5.c	10 Jan 2000 06:21:41 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,108 +0,0 @@
+-/* crypto/evp/e_cbc_r5.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_RC5
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER rc5_32_12_16_cbc_cipher=
+-	{
+-	NID_rc5_cbc,
+-	8,EVP_RC5_32_12_16_KEY_SIZE,8,
+-	r_32_12_16_cbc_init_key,
+-	r_32_12_16_cbc_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+-	NULL,
+-	NULL,
+-	};
+-
+-EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
+-	{
+-	return(&rc5_32_12_16_cbc_cipher);
+-	}
+-	
+-static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,
+-			key,RC5_12_ROUNDS);
+-	}
+-
+-static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	RC5_32_cbc_encrypt(
+-		in,out,(long)inl,
+-		&(ctx->c.rc5_ks),&(ctx->iv[0]),
+-		ctx->encrypt);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_cfb_3d.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cfb_3d.c
+diff -N crypto/openssl/crypto/evp/e_cfb_3d.c
+--- crypto/openssl/crypto/evp/e_cfb_3d.c	20 Aug 2000 08:46:24 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,155 +0,0 @@
+-/* crypto/evp/e_cfb_3d.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_DES
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER d_ede_cfb_cipher2=
+-	{
+-	NID_des_ede_cfb64,
+-	1,16,8,
+-	des_ede_cfb_init_key,
+-	des_ede_cfb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-static EVP_CIPHER d_ede3_cfb_cipher3=
+-	{
+-	NID_des_ede3_cfb64,
+-	1,24,8,
+-	des_ede3_cfb_init_key,
+-	des_ede_cfb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_des_ede_cfb(void)
+-	{
+-	return(&d_ede_cfb_cipher2);
+-	}
+-
+-EVP_CIPHER *EVP_des_ede3_cfb(void)
+-	{
+-	return(&d_ede3_cfb_cipher3);
+-	}
+-	
+-static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (deskey != NULL)
+-		{
+-		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+-		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+-		memcpy( (char *)ctx->c.des_ede.ks3,
+-			(char *)ctx->c.des_ede.ks1,
+-			sizeof(ctx->c.des_ede.ks1));
+-		}
+-	}
+-
+-static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (deskey != NULL)
+-		{
+-		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+-		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+-		des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
+-		}
+-	}
+-
+-static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	des_ede3_cfb64_encrypt(in,out,(long)inl,
+-			       ctx->c.des_ede.ks1,
+-			       ctx->c.des_ede.ks2,
+-			       ctx->c.des_ede.ks3,
+-			       (des_cblock*)&(ctx->iv[0]),
+-			       &ctx->num,ctx->encrypt);
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_cfb_bf.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cfb_bf.c
+diff -N crypto/openssl/crypto/evp/e_cfb_bf.c
+--- crypto/openssl/crypto/evp/e_cfb_bf.c	10 Jan 2000 06:21:41 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,108 +0,0 @@
+-/* crypto/evp/e_cfb_bf.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_BF
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER bfish_cfb_cipher=
+-	{
+-	NID_bf_cfb64,
+-	1,EVP_BLOWFISH_KEY_SIZE,8,
+-	bf_cfb_init_key,
+-	bf_cfb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_bf_cfb(void)
+-	{
+-	return(&bfish_cfb_cipher);
+-	}
+-	
+-static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+-	}
+-
+-static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	BF_cfb64_encrypt(
+-		in,out,
+-		(long)inl, &(ctx->c.bf_ks),
+-		&(ctx->iv[0]),
+-		&ctx->num,ctx->encrypt);
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_cfb_c.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cfb_c.c
+diff -N crypto/openssl/crypto/evp/e_cfb_c.c
+--- crypto/openssl/crypto/evp/e_cfb_c.c	10 Jan 2000 06:21:41 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,109 +0,0 @@
+-/* crypto/evp/e_cfb_c.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_CAST
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER cast5_cfb_cipher=
+-	{
+-	NID_cast5_cfb64,
+-	1,EVP_CAST5_KEY_SIZE,8,
+-	cast_cfb_init_key,
+-	cast_cfb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_cast5_cfb(void)
+-	{
+-	return(&cast5_cfb_cipher);
+-	}
+-	
+-static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+-	}
+-
+-static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	CAST_cfb64_encrypt(
+-		in,out,
+-		(long)inl, &(ctx->c.cast_ks),
+-		&(ctx->iv[0]),
+-		&ctx->num,ctx->encrypt);
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_cfb_d.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cfb_d.c
+diff -N crypto/openssl/crypto/evp/e_cfb_d.c
+--- crypto/openssl/crypto/evp/e_cfb_d.c	20 Aug 2000 08:46:24 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,110 +0,0 @@
+-/* crypto/evp/e_cfb_d.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-#ifndef NO_DES
+-static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER d_cfb_cipher=
+-	{
+-	NID_des_cfb64,
+-	1,8,8,
+-	des_cfb_init_key,
+-	des_cfb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_des_cfb(void)
+-	{
+-	return(&d_cfb_cipher);
+-	}
+-	
+-static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (deskey != NULL)
+-		des_set_key_unchecked(deskey,ctx->c.des_ks);
+-	}
+-
+-static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	des_cfb64_encrypt(
+-		in,out,
+-		(long)inl, ctx->c.des_ks,
+-		(des_cblock *)&(ctx->iv[0]),
+-		&ctx->num,ctx->encrypt);
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_cfb_i.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cfb_i.c
+diff -N crypto/openssl/crypto/evp/e_cfb_i.c
+--- crypto/openssl/crypto/evp/e_cfb_i.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,109 +0,0 @@
+-/* crypto/evp/e_cfb_i.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_IDEA
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER i_cfb_cipher=
+-	{
+-	NID_idea_cfb64,
+-	1,IDEA_KEY_LENGTH,IDEA_BLOCK,
+-	idea_cfb_init_key,
+-	idea_cfb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_idea_cfb(void)
+-	{
+-	return(&i_cfb_cipher);
+-	}
+-
+-static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+-	}
+-
+-static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	idea_cfb64_encrypt(
+-		in,out,(long)inl,
+-		&(ctx->c.idea_ks),&(ctx->iv[0]),
+-		&ctx->num,ctx->encrypt);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_cfb_r2.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cfb_r2.c
+diff -N crypto/openssl/crypto/evp/e_cfb_r2.c
+--- crypto/openssl/crypto/evp/e_cfb_r2.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,110 +0,0 @@
+-/* crypto/evp/e_cfb_r2.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_RC2
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER r2_cfb_cipher=
+-	{
+-	NID_rc2_cfb64,
+-	1,EVP_RC2_KEY_SIZE,8,
+-	rc2_cfb_init_key,
+-	rc2_cfb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_rc2_cfb(void)
+-	{
+-	return(&r2_cfb_cipher);
+-	}
+-	
+-static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+-			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+-	}
+-
+-static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	RC2_cfb64_encrypt(
+-		in,out,
+-		(long)inl, &(ctx->c.rc2_ks),
+-		&(ctx->iv[0]),
+-		&ctx->num,ctx->encrypt);
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_cfb_r5.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_cfb_r5.c
+diff -N crypto/openssl/crypto/evp/e_cfb_r5.c
+--- crypto/openssl/crypto/evp/e_cfb_r5.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,110 +0,0 @@
+-/* crypto/evp/e_cfb_r5.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_RC5
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER rc5_cfb_cipher=
+-	{
+-	NID_rc5_cfb64,
+-	1,EVP_RC5_32_12_16_KEY_SIZE,8,
+-	rc5_32_12_16_cfb_init_key,
+-	rc5_32_12_16_cfb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+-	{
+-	return(&rc5_cfb_cipher);
+-	}
+-	
+-static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
+-			RC5_12_ROUNDS);
+-	}
+-
+-static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	RC5_32_cfb64_encrypt(
+-		in,out,
+-		(long)inl, &(ctx->c.rc5_ks),
+-		&(ctx->iv[0]),
+-		&ctx->num,ctx->encrypt);
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_ecb_3d.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ecb_3d.c
+diff -N crypto/openssl/crypto/evp/e_ecb_3d.c
+--- crypto/openssl/crypto/evp/e_ecb_3d.c	20 Aug 2000 08:46:24 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,158 +0,0 @@
+-/* crypto/evp/e_ecb_3d.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_DES
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER d_ede_cipher2=
+-	{
+-	NID_des_ede,
+-	8,16,0,
+-	des_ede_init_key,
+-	des_ede_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+-	NULL,
+-	NULL,
+-	};
+-
+-static EVP_CIPHER d_ede3_cipher3=
+-	{
+-	NID_des_ede3,
+-	8,24,0,
+-	des_ede3_init_key,
+-	des_ede_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+-	NULL,
+-	};
+-
+-EVP_CIPHER *EVP_des_ede(void)
+-	{
+-	return(&d_ede_cipher2);
+-	}
+-
+-EVP_CIPHER *EVP_des_ede3(void)
+-	{
+-	return(&d_ede3_cipher3);
+-	}
+-
+-static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	if (deskey != NULL)
+-		{
+-		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+-		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+-		memcpy( (char *)ctx->c.des_ede.ks3,
+-			(char *)ctx->c.des_ede.ks1,
+-			sizeof(ctx->c.des_ede.ks1));
+-		}
+-	}
+-
+-static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	if (deskey != NULL)
+-		{
+-		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+-		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+-		des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
+-		}
+-	}
+-
+-static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	unsigned int i;
+-	des_cblock *output   /* = (des_cblock *)out */;
+-	des_cblock *input    /* = (des_cblock *)in */;
+-
+-	if (inl < 8) return;
+-	inl-=8;
+-	for (i=0; i<=inl; i+=8)
+-		{
+-		output = (des_cblock *)(out + i);
+-		input = (des_cblock *)(in + i);
+-
+-		des_ecb3_encrypt(input,output,
+-			ctx->c.des_ede.ks1,
+-			ctx->c.des_ede.ks2,
+-			ctx->c.des_ede.ks3,
+-			ctx->encrypt);
+-
+-		/* output++; */
+-		/* input++; */
+-		}
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_ecb_bf.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ecb_bf.c
+diff -N crypto/openssl/crypto/evp/e_ecb_bf.c
+--- crypto/openssl/crypto/evp/e_ecb_bf.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,109 +0,0 @@
+-/* crypto/evp/e_ecb_bf.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_BF
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER bfish_ecb_cipher=
+-	{
+-	NID_bf_ecb,
+-	8,EVP_BLOWFISH_KEY_SIZE,0,
+-	bf_ecb_init_key,
+-	bf_ecb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+-	NULL,
+-	NULL,
+-	};
+-
+-EVP_CIPHER *EVP_bf_ecb(void)
+-	{
+-	return(&bfish_ecb_cipher);
+-	}
+-	
+-static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	if (key != NULL)
+-		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+-	}
+-
+-static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	unsigned int i;
+-
+-	if (inl < 8) return;
+-	inl-=8;
+-	for (i=0; i<=inl; i+=8)
+-		{
+-		BF_ecb_encrypt(
+-			&(in[i]),&(out[i]),
+-			&(ctx->c.bf_ks),ctx->encrypt);
+-		}
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_ecb_c.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ecb_c.c
+diff -N crypto/openssl/crypto/evp/e_ecb_c.c
+--- crypto/openssl/crypto/evp/e_ecb_c.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,110 +0,0 @@
+-/* crypto/evp/e_ecb_c.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_CAST
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER cast5_ecb_cipher=
+-	{
+-	NID_cast5_ecb,
+-	8,EVP_CAST5_KEY_SIZE,0,
+-	cast_ecb_init_key,
+-	cast_ecb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+-	NULL,
+-	NULL,
+-	};
+-
+-EVP_CIPHER *EVP_cast5_ecb(void)
+-	{
+-	return(&cast5_ecb_cipher);
+-	}
+-	
+-static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	if (key != NULL)
+-		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+-	}
+-
+-static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	unsigned int i;
+-
+-	if (inl < 8) return;
+-	inl-=8;
+-	for (i=0; i<=inl; i+=8)
+-		{
+-		CAST_ecb_encrypt(
+-			&(in[i]),&(out[i]),
+-			&(ctx->c.cast_ks),ctx->encrypt);
+-		}
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_ecb_d.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ecb_d.c
+diff -N crypto/openssl/crypto/evp/e_ecb_d.c
+--- crypto/openssl/crypto/evp/e_ecb_d.c	20 Aug 2000 08:46:24 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,118 +0,0 @@
+-/* crypto/evp/e_ecb_d.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_DES
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER d_ecb_cipher=
+-	{
+-	NID_des_ecb,
+-	8,8,0,
+-	des_ecb_init_key,
+-	des_ecb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+-	NULL,
+-	NULL,
+-	};
+-
+-EVP_CIPHER *EVP_des_ecb(void)
+-	{
+-	return(&d_ecb_cipher);
+-	}
+-	
+-static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	if (deskey != NULL)
+-		des_set_key_unchecked(deskey,ctx->c.des_ks);
+-	}
+-
+-static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	unsigned int i;
+-	des_cblock *output  /* = (des_cblock *)out */;
+-	des_cblock *input   /* = (des_cblock *)in */; 
+-
+-	if (inl < 8) return;
+-	inl-=8;
+-	for (i=0; i<=inl; i+=8)
+-		{
+-		/* Either this ... */
+-		output = (des_cblock *)(out + i);
+-		input = (des_cblock *)(in + i);
+-
+-		des_ecb_encrypt(input,output,ctx->c.des_ks,ctx->encrypt);
+-
+-		/* ... or this. */
+-		/* output++; */
+-		/* input++; */
+-		}
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_ecb_i.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ecb_i.c
+diff -N crypto/openssl/crypto/evp/e_ecb_i.c
+--- crypto/openssl/crypto/evp/e_ecb_i.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,121 +0,0 @@
+-/* crypto/evp/e_ecb_i.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_IDEA
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER i_ecb_cipher=
+-	{
+-	NID_idea_ecb,
+-	8,16,0,
+-	idea_ecb_init_key,
+-	idea_ecb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+-	NULL,
+-	NULL,
+-	};
+-
+-EVP_CIPHER *EVP_idea_ecb(void)
+-	{
+-	return(&i_ecb_cipher);
+-	}
+-	
+-static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	if (key != NULL)
+-		{
+-		if (enc)
+-			idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+-		else
+-			{
+-			IDEA_KEY_SCHEDULE tmp;
+-
+-			idea_set_encrypt_key(key,&tmp);
+-			idea_set_decrypt_key(&tmp, &(ctx->c.idea_ks));
+-			memset((unsigned char *)&tmp,0,
+-				sizeof(IDEA_KEY_SCHEDULE));
+-			}
+-		}
+-	}
+-
+-static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	unsigned int i;
+-
+-	if (inl < 8) return;
+-	inl-=8;
+-	for (i=0; i<=inl; i+=8)
+-		{
+-		idea_ecb_encrypt(
+-			&(in[i]),&(out[i]),&(ctx->c.idea_ks));
+-		}
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_ecb_r2.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ecb_r2.c
+diff -N crypto/openssl/crypto/evp/e_ecb_r2.c
+--- crypto/openssl/crypto/evp/e_ecb_r2.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,111 +0,0 @@
+-/* crypto/evp/e_ecb_r2.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_RC2
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER r2_ecb_cipher=
+-	{
+-	NID_rc2_ecb,
+-	8,EVP_RC2_KEY_SIZE,0,
+-	rc2_ecb_init_key,
+-	rc2_ecb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+-	NULL,
+-	NULL,
+-	};
+-
+-EVP_CIPHER *EVP_rc2_ecb(void)
+-	{
+-	return(&r2_ecb_cipher);
+-	}
+-	
+-static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	if (key != NULL)
+-		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+-			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+-	}
+-
+-static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	unsigned int i;
+-
+-	if (inl < 8) return;
+-	inl-=8;
+-	for (i=0; i<=inl; i+=8)
+-		{
+-		RC2_ecb_encrypt(
+-			&(in[i]),&(out[i]),
+-			&(ctx->c.rc2_ks),ctx->encrypt);
+-		}
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_ecb_r5.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ecb_r5.c
+diff -N crypto/openssl/crypto/evp/e_ecb_r5.c
+--- crypto/openssl/crypto/evp/e_ecb_r5.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,111 +0,0 @@
+-/* crypto/evp/e_ecb_r5.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_RC5
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER rc5_ecb_cipher=
+-	{
+-	NID_rc5_ecb,
+-	8,EVP_RC5_32_12_16_KEY_SIZE,0,
+-	rc5_32_12_16_ecb_init_key,
+-	rc5_32_12_16_ecb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+-	NULL,
+-	NULL,
+-	};
+-
+-EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
+-	{
+-	return(&rc5_ecb_cipher);
+-	}
+-	
+-static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	if (key != NULL)
+-		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
+-			RC5_12_ROUNDS);
+-	}
+-
+-static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	unsigned int i;
+-
+-	if (inl < 8) return;
+-	inl-=8;
+-	for (i=0; i<=inl; i+=8)
+-		{
+-		RC5_32_ecb_encrypt(
+-			&(in[i]),&(out[i]),
+-			&(ctx->c.rc5_ks),ctx->encrypt);
+-		}
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_ofb_3d.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ofb_3d.c
+diff -N crypto/openssl/crypto/evp/e_ofb_3d.c
+--- crypto/openssl/crypto/evp/e_ofb_3d.c	20 Aug 2000 08:46:24 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,152 +0,0 @@
+-/* crypto/evp/e_ofb_3d.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_DES
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER d_ede_ofb_cipher2=
+-	{
+-	NID_des_ede_ofb64,
+-	1,16,8,
+-	des_ede_ofb_init_key,
+-	des_ede_ofb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-static EVP_CIPHER d_ede3_ofb_cipher3=
+-	{
+-	NID_des_ede3_ofb64,
+-	1,24,8,
+-	des_ede3_ofb_init_key,
+-	des_ede_ofb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+-	EVP_CIPHER_set_asn1_iv,
+-        EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_des_ede_ofb(void)
+-	{
+-	return(&d_ede_ofb_cipher2);
+-	}
+-
+-EVP_CIPHER *EVP_des_ede3_ofb(void)
+-	{
+-	return(&d_ede3_ofb_cipher3);
+-	}
+-	
+-static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (deskey != NULL)
+-		{
+-		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+-		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+-		memcpy( (char *)ctx->c.des_ede.ks3,
+-			(char *)ctx->c.des_ede.ks1,
+-			sizeof(ctx->c.des_ede.ks1));
+-		}
+-	}
+-
+-static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (deskey != NULL)
+-		{
+-		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+-		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+-		des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
+-		}
+-	}
+-
+-static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	des_ede3_ofb64_encrypt(in,out,inl,ctx->c.des_ede.ks1,
+-			       ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
+-			       (des_cblock *)&(ctx->iv[0]),&ctx->num);
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_ofb_bf.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ofb_bf.c
+diff -N crypto/openssl/crypto/evp/e_ofb_bf.c
+--- crypto/openssl/crypto/evp/e_ofb_bf.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,109 +0,0 @@
+-/* crypto/evp/e_ofb_bf.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_BF
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER bfish_ofb_cipher=
+-	{
+-	NID_bf_ofb64,
+-	1,EVP_BLOWFISH_KEY_SIZE,8,
+-	bf_ofb_init_key,
+-	bf_ofb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_bf_ofb(void)
+-	{
+-	return(&bfish_ofb_cipher);
+-	}
+-	
+-static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+-	}
+-
+-static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	BF_ofb64_encrypt(
+-		in,out,
+-		(long)inl, &(ctx->c.bf_ks),
+-		&(ctx->iv[0]),
+-		&ctx->num);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_ofb_c.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ofb_c.c
+diff -N crypto/openssl/crypto/evp/e_ofb_c.c
+--- crypto/openssl/crypto/evp/e_ofb_c.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,110 +0,0 @@
+-/* crypto/evp/e_ofb_c.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_CAST
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER cast5_ofb_cipher=
+-	{
+-	NID_cast5_ofb64,
+-	1,EVP_CAST5_KEY_SIZE,8,
+-	cast_ofb_init_key,
+-	cast_ofb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_cast5_ofb(void)
+-	{
+-	return(&cast5_ofb_cipher);
+-	}
+-	
+-static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+-	}
+-
+-static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	CAST_ofb64_encrypt(
+-		in,out,
+-		(long)inl, &(ctx->c.cast_ks),
+-		&(ctx->iv[0]),
+-		&ctx->num);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_ofb_d.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ofb_d.c
+diff -N crypto/openssl/crypto/evp/e_ofb_d.c
+--- crypto/openssl/crypto/evp/e_ofb_d.c	20 Aug 2000 08:46:24 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,107 +0,0 @@
+-/* crypto/evp/e_ofb_d.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_DES
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER d_ofb_cipher=
+-	{
+-	NID_des_ofb64,
+-	1,8,8,
+-	des_ofb_init_key,
+-	des_ofb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_des_ofb(void)
+-	{
+-	return(&d_ofb_cipher);
+-	}
+-	
+-static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	des_cblock *deskey = (des_cblock *)key;
+-
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (deskey != NULL)
+-		des_set_key_unchecked(deskey,ctx->c.des_ks);
+-	}
+-
+-static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	des_ofb64_encrypt(in,out,inl,ctx->c.des_ks,
+-		(des_cblock *)&(ctx->iv[0]),&ctx->num);
+-	}
+-#endif
+Index: crypto/openssl/crypto/evp/e_ofb_i.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ofb_i.c
+diff -N crypto/openssl/crypto/evp/e_ofb_i.c
+--- crypto/openssl/crypto/evp/e_ofb_i.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,109 +0,0 @@
+-/* crypto/evp/e_ofb_i.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_IDEA
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER i_ofb_cipher=
+-	{
+-	NID_idea_ofb64,
+-	1,IDEA_KEY_LENGTH,IDEA_BLOCK,
+-	idea_ofb_init_key,
+-	idea_ofb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_idea_ofb(void)
+-	{
+-	return(&i_ofb_cipher);
+-	}
+-	
+-static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+-	}
+-
+-static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	idea_ofb64_encrypt(
+-		in,out,(long)inl,
+-		&(ctx->c.idea_ks),&(ctx->iv[0]),
+-		&ctx->num);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_ofb_r2.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ofb_r2.c
+diff -N crypto/openssl/crypto/evp/e_ofb_r2.c
+--- crypto/openssl/crypto/evp/e_ofb_r2.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,111 +0,0 @@
+-/* crypto/evp/e_ofb_r2.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_RC2
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER r2_ofb_cipher=
+-	{
+-	NID_rc2_ofb64,
+-	1,EVP_RC2_KEY_SIZE,8,
+-	rc2_ofb_init_key,
+-	rc2_ofb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_rc2_ofb(void)
+-	{
+-	return(&r2_ofb_cipher);
+-	}
+-	
+-static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+-			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+-	}
+-
+-static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	RC2_ofb64_encrypt(
+-		in,out,
+-		(long)inl, &(ctx->c.rc2_ks),
+-		&(ctx->iv[0]),
+-		&ctx->num);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/e_ofb_r5.c
+===================================================================
+RCS file: crypto/openssl/crypto/evp/e_ofb_r5.c
+diff -N crypto/openssl/crypto/evp/e_ofb_r5.c
+--- crypto/openssl/crypto/evp/e_ofb_r5.c	10 Jan 2000 06:21:42 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,111 +0,0 @@
+-/* crypto/evp/e_ofb_r5.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#ifndef NO_RC5
+-
+-#include <stdio.h>
+-#include "cryptlib.h"
+-#include <openssl/evp.h>
+-#include <openssl/objects.h>
+-
+-static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	unsigned char *iv,int enc);
+-static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	unsigned char *in, unsigned int inl);
+-static EVP_CIPHER rc5_ofb_cipher=
+-	{
+-	NID_rc5_ofb64,
+-	1,EVP_RC5_32_12_16_KEY_SIZE,8,
+-	rc5_32_12_16_ofb_init_key,
+-	rc5_32_12_16_ofb_cipher,
+-	NULL,
+-	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+-		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+-	EVP_CIPHER_set_asn1_iv,
+-	EVP_CIPHER_get_asn1_iv,
+-	};
+-
+-EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
+-	{
+-	return(&rc5_ofb_cipher);
+-	}
+-	
+-static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+-	     unsigned char *iv, int enc)
+-	{
+-	ctx->num=0;
+-
+-	if (iv != NULL)
+-		memcpy(&(ctx->oiv[0]),iv,8);
+-	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+-	if (key != NULL)
+-		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
+-			RC5_12_ROUNDS);
+-	}
+-
+-static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+-	     unsigned char *in, unsigned int inl)
+-	{
+-	RC5_32_ofb64_encrypt(
+-		in,out,
+-		(long)inl, &(ctx->c.rc5_ks),
+-		&(ctx->iv[0]),
+-		&ctx->num);
+-	}
+-
+-#endif
+Index: crypto/openssl/crypto/evp/encode.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/encode.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 encode.c
+--- crypto/openssl/crypto/evp/encode.c	26 Nov 2000 11:33:32 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/evp/encode.c	31 Jul 2002 00:46:56 -0000
+@@ -277,6 +277,13 @@
+ 			eof++;
+ 			}
+ 
++		if (v == B64_CR)
++			{
++			ln = 0;
++			if (exp_nl)
++				continue;
++			}
++
+ 		/* eoln */
+ 		if (v == B64_EOLN)
+ 			{
+Index: crypto/openssl/crypto/evp/evp.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/evp.h,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 evp.h
+--- crypto/openssl/crypto/evp/evp.h	4 Jul 2001 23:19:24 -0000	1.2.2.3
++++ crypto/openssl/crypto/evp/evp.h	31 Jul 2002 02:38:19 -0000
+@@ -230,7 +230,7 @@
+ 			EVP_rsa_octet_string(),EVP_mdc2())
+ #define EVP_dsa_sha() \
+ 		EVP_PKEY_MD_add(NID_dsaWithSHA,\
+-			EVP_dsa(),EVP_mdc2())
++			EVP_dsa(),EVP_sha())
+ #define EVP_dsa_sha1() \
+ 		EVP_PKEY_MD_add(NID_dsaWithSHA1,\
+ 			EVP_dsa(),EVP_sha1())
+@@ -501,7 +501,7 @@
+ #define EVP_CIPHER_key_length(e)	((e)->key_len)
+ #define EVP_CIPHER_iv_length(e)		((e)->iv_len)
+ #define EVP_CIPHER_flags(e)		((e)->flags)
+-#define EVP_CIPHER_mode(e)		((e)->flags) & EVP_CIPH_MODE)
++#define EVP_CIPHER_mode(e)		(((e)->flags) & EVP_CIPH_MODE)
+ 
+ #define EVP_CIPHER_CTX_cipher(e)	((e)->cipher)
+ #define EVP_CIPHER_CTX_nid(e)		((e)->cipher->nid)
+@@ -556,9 +556,9 @@
+ void	EVP_set_pw_prompt(char *prompt);
+ char *	EVP_get_pw_prompt(void);
+ 
+-int	EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
+-		unsigned char *data, int datal, int count,
+-		unsigned char *key,unsigned char *iv);
++int     EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
++		const unsigned char *salt, const unsigned char *data, int datal,
++       		int count, unsigned char *key, unsigned char *iv);
+ 
+ int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+ 		unsigned char *key, unsigned char *iv);
+@@ -605,8 +605,6 @@
+ 		char *out, int *outl);
+ int	EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+ 
+-void	ERR_load_EVP_strings(void );
+-
+ void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+ int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+@@ -779,6 +777,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_EVP_strings(void);
+ 
+ /* Error codes for the EVP functions. */
+ 
+@@ -851,4 +850,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/evp/evp_key.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/evp_key.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 evp_key.c
+--- crypto/openssl/crypto/evp/evp_key.c	26 Nov 2000 11:33:32 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/evp/evp_key.c	31 Jul 2002 00:46:56 -0000
+@@ -95,9 +95,9 @@
+ #endif
+ 	}
+ 
+-int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
+-	     unsigned char *data, int datal, int count, unsigned char *key,
+-	     unsigned char *iv)
++int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, 
++             const unsigned char *salt, const unsigned char *data, int datal, 
++             int count, unsigned char *key, unsigned char *iv)
+ 	{
+ 	EVP_MD_CTX c;
+ 	unsigned char md_buf[EVP_MAX_MD_SIZE];
+Index: crypto/openssl/crypto/evp/m_md4.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/evp/m_md4.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 m_md4.c
+--- crypto/openssl/crypto/evp/m_md4.c	26 Nov 2000 11:38:44 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/evp/m_md4.c	31 Jul 2002 00:46:56 -0000
+@@ -66,7 +66,7 @@
+ static EVP_MD md4_md=
+ 	{
+ 	NID_md4,
+-	0,
++	NID_md4WithRSAEncryption,
+ 	MD4_DIGEST_LENGTH,
+ 	MD4_Init,
+ 	MD4_Update,
+cvs diff: Diffing crypto/openssl/crypto/hmac
+Index: crypto/openssl/crypto/hmac/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/hmac/Makefile.save
+diff -N crypto/openssl/crypto/hmac/Makefile.save
+--- crypto/openssl/crypto/hmac/Makefile.save	26 Nov 2000 11:33:34 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,95 +0,0 @@
+-#
+-# SSLeay/crypto/md/Makefile
+-#
+-
+-DIR=	hmac
+-TOP=	../..
+-CC=	cc
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=hmactest.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=hmac.c
+-LIBOBJ=hmac.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= hmac.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-hmac.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-hmac.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-hmac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+-hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+-hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-hmac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+-hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+cvs diff: Diffing crypto/openssl/crypto/idea
+Index: crypto/openssl/crypto/idea/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/idea/Makefile.save
+diff -N crypto/openssl/crypto/idea/Makefile.save
+--- crypto/openssl/crypto/idea/Makefile.save	4 Jul 2001 23:19:26 -0000	1.4.2.3
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,91 +0,0 @@
+-#
+-# SSLeay/crypto/idea/Makefile
+-# $FreeBSD: src/crypto/openssl/crypto/idea/Makefile.save,v 1.4.2.3 2001/07/04 23:19:26 kris Exp $
+-#
+-
+-DIR=	idea
+-TOP=	../..
+-CC=	cc
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=ideatest.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+-LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= idea.h
+-HEADER=	idea_lcl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+-i_cbc.o: idea_lcl.h
+-i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+-i_cfb64.o: idea_lcl.h
+-i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+-i_ecb.o: ../../include/openssl/opensslv.h idea_lcl.h
+-i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+-i_ofb64.o: idea_lcl.h
+-i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+-i_skey.o: idea_lcl.h
+Index: crypto/openssl/crypto/idea/Makefile.uni
+===================================================================
+RCS file: crypto/openssl/crypto/idea/Makefile.uni
+diff -N crypto/openssl/crypto/idea/Makefile.uni
+--- crypto/openssl/crypto/idea/Makefile.uni	4 Jul 2001 23:19:26 -0000	1.4.2.3
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,74 +0,0 @@
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-# $FreeBSD: src/crypto/openssl/crypto/idea/Makefile.uni,v 1.4.2.3 2001/07/04 23:19:26 kris Exp $
+-
+-DIR=    cast
+-TOP=    .
+-CC=     gcc
+-CFLAG=	-O3 -fomit-frame-pointer
+-
+-CPP=    $(CC) -E
+-INCLUDES=
+-INSTALLTOP=/usr/local/lib
+-MAKE=           make
+-MAKEDEPEND=     makedepend
+-MAKEFILE=       Makefile.uni
+-AR=             ar r
+-RANLIB=         ranlib
+-
+-IDEA_ENC=i_cbc.o
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=ideatest
+-APPS=idea_spd
+-
+-LIB=libidea.a
+-LIBSRC=i_skey.c i_ecb.c i_cbc.c i_cfb64.c i_ofb64.c
+-LIBOBJ=i_skey.o i_ecb.o $(IDEA_ENC) i_cfb64.o i_ofb64.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= idea.h
+-HEADER= idea_lcl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-all:    $(LIB) $(TEST) $(APPS)
+-
+-$(LIB):    $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-
+-test:	$(TEST)
+-	./$(TEST)
+-
+-$(TEST): $(TEST).c $(LIB)
+-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+-
+-$(APPS): $(APPS).c $(LIB)
+-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-cc:
+-	$(MAKE) CC="cc" CFLAG="-O" all
+-
+-gcc:
+-	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+cvs diff: Diffing crypto/openssl/crypto/lhash
+Index: crypto/openssl/crypto/lhash/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/lhash/Makefile.save
+diff -N crypto/openssl/crypto/lhash/Makefile.save
+--- crypto/openssl/crypto/lhash/Makefile.save	26 Nov 2000 11:33:38 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,91 +0,0 @@
+-#
+-# SSLeay/crypto/lhash/Makefile
+-#
+-
+-DIR=	lhash
+-TOP=	../..
+-CC=	cc
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=lhash.c lh_stats.c
+-LIBOBJ=lhash.o lh_stats.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= lhash.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-lh_stats.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-lh_stats.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-lh_stats.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-lh_stats.o: ../cryptlib.h
+-lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+-lhash.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+-lhash.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-lhash.o: ../../include/openssl/symhacks.h
+Index: crypto/openssl/crypto/lhash/lh_test.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/lhash/lh_test.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 lh_test.c
+--- crypto/openssl/crypto/lhash/lh_test.c	26 Nov 2000 11:33:38 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/lhash/lh_test.c	31 Jul 2002 00:46:57 -0000
+@@ -75,7 +75,6 @@
+ 		buf[0]='\0';
+ 		fgets(buf,256,stdin);
+ 		if (buf[0] == '\0') break;
+-		buf[256]='\0';
+ 		i=strlen(buf);
+ 		p=OPENSSL_malloc(i+1);
+ 		memcpy(p,buf,i+1);
+cvs diff: Diffing crypto/openssl/crypto/md2
+Index: crypto/openssl/crypto/md2/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/md2/Makefile.save
+diff -N crypto/openssl/crypto/md2/Makefile.save
+--- crypto/openssl/crypto/md2/Makefile.save	26 Nov 2000 11:33:39 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,89 +0,0 @@
+-#
+-# SSLeay/crypto/md/Makefile
+-#
+-
+-DIR=	md
+-TOP=	../..
+-CC=	cc
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=md2test.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=md2_dgst.c md2_one.c
+-LIBOBJ=md2_dgst.o md2_one.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= md2.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+-md2_dgst.o: ../../include/openssl/opensslv.h
+-md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-md2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h
+Index: crypto/openssl/crypto/md2/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/md2/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/crypto/md2/Makefile.ssl	4 Jul 2001 23:19:28 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/md2/Makefile.ssl	31 Jul 2002 00:46:57 -0000
+@@ -2,7 +2,7 @@
+ # SSLeay/crypto/md/Makefile
+ #
+ 
+-DIR=	md
++DIR=	md2
+ TOP=	../..
+ CC=	cc
+ INCLUDES=
+cvs diff: Diffing crypto/openssl/crypto/md4
+Index: crypto/openssl/crypto/md4/md4_locl.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/md4/md4_locl.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 md4_locl.h
+--- crypto/openssl/crypto/md4/md4_locl.h	26 Nov 2000 11:33:40 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/md4/md4_locl.h	31 Jul 2002 00:46:57 -0000
+@@ -68,7 +68,7 @@
+ void md4_block_host_order (MD4_CTX *c, const void *p,int num);
+ void md4_block_data_order (MD4_CTX *c, const void *p,int num);
+ 
+-#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
++#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+ /*
+  * *_block_host_order is expected to handle aligned data while
+  * *_block_data_order - unaligned. As algorithm and host (x86)
+cvs diff: Diffing crypto/openssl/crypto/md5
+Index: crypto/openssl/crypto/md5/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/md5/Makefile.save
+diff -N crypto/openssl/crypto/md5/Makefile.save
+--- crypto/openssl/crypto/md5/Makefile.save	26 Nov 2000 11:33:40 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,133 +0,0 @@
+-#
+-# SSLeay/crypto/md5/Makefile
+-#
+-
+-DIR=    md5
+-TOP=    ../..
+-CC=     cc
+-CPP=    $(CC) -E
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=           make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=       Makefile.ssl
+-AR=             ar r
+-
+-MD5_ASM_OBJ=
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-# We let the C compiler driver to take care of .s files. This is done in
+-# order to be excused from maintaining a separate set of architecture
+-# dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+-# gcc, then the driver will automatically translate it to -xarch=v8plus
+-# and pass it down to assembler.
+-AS=$(CC) -c
+-ASFLAGS=$(CFLAGS)
+-
+-GENERAL=Makefile
+-TEST=md5test.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=md5_dgst.c md5_one.c
+-LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= md5.h
+-HEADER= md5_locl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:    lib
+-
+-lib:    $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-# elf
+-asm/mx86-elf.o: asm/mx86unix.cpp
+-	$(CPP) -DELF -x c asm/mx86unix.cpp | as -o asm/mx86-elf.o
+-
+-# solaris
+-asm/mx86-sol.o: asm/mx86unix.cpp
+-	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+-	as -o asm/mx86-sol.o asm/mx86-sol.s
+-	rm -f asm/mx86-sol.s
+-
+-# a.out
+-asm/mx86-out.o: asm/mx86unix.cpp
+-	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+-
+-# bsdi
+-asm/mx86bsdi.o: asm/mx86unix.cpp
+-	$(CPP) -DBSDI asm/mx86unix.cpp | sed 's/ :/:/' | as -o asm/mx86bsdi.o
+-
+-asm/mx86unix.cpp: asm/md5-586.pl ../perlasm/x86asm.pl
+-	(cd asm; $(PERL) md5-586.pl cpp >mx86unix.cpp)
+-
+-asm/md5-sparcv8plus.o: asm/md5-sparcv9.S
+-	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+-		-o asm/md5-sparcv8plus.o asm/md5-sparcv9.S
+-
+-# Old GNU assembler doesn't understand V9 instructions, so we
+-# hire /usr/ccs/bin/as to do the job. Note that option is called
+-# *-gcc27, but even gcc 2>=8 users may experience similar problem
+-# if they didn't bother to upgrade GNU assembler. Such users should
+-# not choose this option, but be adviced to *remove* GNU assembler
+-# or upgrade it.
+-asm/md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S
+-	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \
+-		/usr/ccs/bin/as -xarch=v8plus - -o asm/md5-sparcv8plus-gcc27.o
+-
+-asm/md5-sparcv9.o: asm/md5-sparcv9.S
+-	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+-		-o asm/md5-sparcv9.o asm/md5-sparcv9.S
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+-md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+-md5_one.o: ../../include/openssl/md5.h
+Index: crypto/openssl/crypto/md5/Makefile.uni
+===================================================================
+RCS file: crypto/openssl/crypto/md5/Makefile.uni
+diff -N crypto/openssl/crypto/md5/Makefile.uni
+--- crypto/openssl/crypto/md5/Makefile.uni	10 Jan 2000 06:21:44 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,110 +0,0 @@
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-# make x86-elf  - linux-elf etc
+-# make x86-out  - linux-a.out, FreeBSD etc
+-# make x86-solaris
+-# make x86-bdsi
+-
+-DIR=    md5
+-TOP=    .
+-CC=     gcc
+-CFLAG=	-O3 -fomit-frame-pointer
+-
+-CPP=    $(CC) -E
+-INCLUDES=
+-INSTALLTOP=/usr/local/lib
+-MAKE=           make
+-MAKEDEPEND=     makedepend
+-MAKEFILE=       Makefile.uni
+-AR=             ar r
+-RANLIB=         ranlib
+-
+-MD5_ASM_OBJ=
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=md5test
+-APPS=md5
+-
+-LIB=libmd5.a
+-LIBSRC=md5_dgst.c md5_one.c
+-LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= md5.h
+-HEADER= md5_locl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-all:    $(LIB) $(TEST) $(APPS)
+-
+-$(LIB):    $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-
+-# elf
+-asm/mx86-elf.o: asm/mx86unix.cpp
+-	$(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
+-
+-# solaris
+-asm/mx86-sol.o: asm/mx86unix.cpp
+-	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+-	as -o asm/mx86-sol.o asm/mx86-sol.s
+-	rm -f asm/mx86-sol.s
+-
+-# a.out
+-asm/mx86-out.o: asm/mx86unix.cpp
+-	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+-
+-# bsdi
+-asm/mx86bsdi.o: asm/mx86unix.cpp
+-	$(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
+-
+-asm/mx86unix.cpp:
+-	(cd asm; perl md5-586.pl cpp >mx86unix.cpp)
+-
+-test:	$(TEST)
+-	./$(TEST)
+-
+-$(TEST): $(TEST).c $(LIB)
+-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+-
+-$(APPS): $(APPS).c $(LIB)
+-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-cc:
+-	$(MAKE) MD5_ASM_OBJ="" CC="cc" CFLAG="-O" all
+-
+-gcc:
+-	$(MAKE) MD5_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+-
+-x86-elf:
+-	$(MAKE) MD5_ASM_OBJ="asm/mx86-elf.o" CFLAG="-DELF -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-x86-out:
+-	$(MAKE) MD5_ASM_OBJ="asm/mx86-out.o" CFLAG="-DOUT -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-x86-solaris:
+-	$(MAKE) MD5_ASM_OBJ="asm/mx86-sol.o" CFLAG="-DSOL -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-x86-bdsi:
+-	$(MAKE) MD5_ASM_OBJ="asm/mx86-bdsi.o" CFLAG="-DBDSI -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+Index: crypto/openssl/crypto/md5/md5_locl.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/md5/md5_locl.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 md5_locl.h
+--- crypto/openssl/crypto/md5/md5_locl.h	20 Aug 2000 08:46:29 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/md5/md5_locl.h	31 Jul 2002 00:46:57 -0000
+@@ -66,7 +66,7 @@
+ #endif
+ 
+ #ifdef MD5_ASM
+-# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
++# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+ #  define md5_block_host_order md5_block_asm_host_order
+ # elif defined(__sparc) && defined(ULTRASPARC)
+    void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
+@@ -77,7 +77,7 @@
+ void md5_block_host_order (MD5_CTX *c, const void *p,int num);
+ void md5_block_data_order (MD5_CTX *c, const void *p,int num);
+ 
+-#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
++#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+ /*
+  * *_block_host_order is expected to handle aligned data while
+  * *_block_data_order - unaligned. As algorithm and host (x86)
+cvs diff: Diffing crypto/openssl/crypto/md5/asm
+cvs diff: Diffing crypto/openssl/crypto/mdc2
+Index: crypto/openssl/crypto/mdc2/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/mdc2/Makefile.save
+diff -N crypto/openssl/crypto/mdc2/Makefile.save
+--- crypto/openssl/crypto/mdc2/Makefile.save	26 Nov 2000 11:33:41 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,90 +0,0 @@
+-#
+-# SSLeay/crypto/mdc2/Makefile
+-#
+-
+-DIR=	mdc2
+-TOP=	../..
+-CC=	cc
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST= mdc2test.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=mdc2dgst.c mdc2_one.c
+-LIBOBJ=mdc2dgst.o mdc2_one.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= mdc2.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-mdc2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-mdc2_one.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-mdc2_one.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-mdc2_one.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-mdc2_one.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+-mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-mdc2_one.o: ../cryptlib.h
+-mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+-mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+cvs diff: Diffing crypto/openssl/crypto/objects
+Index: crypto/openssl/crypto/objects/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/objects/Makefile.save
+diff -N crypto/openssl/crypto/objects/Makefile.save
+--- crypto/openssl/crypto/objects/Makefile.save	26 Nov 2000 11:33:41 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,111 +0,0 @@
+-#
+-# SSLeay/crypto/objects/Makefile
+-#
+-
+-DIR=	objects
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile README
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=	o_names.c obj_dat.c obj_lib.c obj_err.c
+-LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= objects.h obj_mac.h
+-HEADER=	$(EXHEADER) obj_dat.h
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	obj_dat.h lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+-o_names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+-o_names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-o_names.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-obj_dat.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-obj_dat.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-obj_dat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+-obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-obj_dat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-obj_dat.o: ../cryptlib.h obj_dat.h
+-obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+-obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-obj_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-obj_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-obj_err.o: ../../include/openssl/symhacks.h
+-obj_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-obj_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-obj_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+-obj_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-obj_lib.o: ../cryptlib.h
+Index: crypto/openssl/crypto/objects/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/objects/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/crypto/objects/Makefile.ssl	4 Jul 2001 23:19:30 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/objects/Makefile.ssl	31 Jul 2002 00:46:57 -0000
+@@ -14,6 +14,7 @@
+ MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+ MAKEFILE=	Makefile.ssl
+ AR=		ar r
++PERL=		perl
+ 
+ CFLAGS= $(INCLUDES) $(CFLAG)
+ 
+@@ -42,6 +43,13 @@
+ 	@echo You may get an error following this line.  Please ignore.
+ 	- $(RANLIB) $(LIB)
+ 	@touch lib
++
++obj_dat.h: obj_dat.pl obj_mac.h
++	$(PERL) obj_dat.pl obj_mac.h obj_dat.h
++
++# objects.pl both reads and writes obj_mac.num
++obj_mac.h: objects.pl objects.txt obj_mac.num
++	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
+ 
+ files:
+ 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+Index: crypto/openssl/crypto/objects/o_names.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/objects/o_names.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 o_names.c
+--- crypto/openssl/crypto/objects/o_names.c	26 Nov 2000 11:33:41 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/objects/o_names.c	31 Jul 2002 00:46:57 -0000
+@@ -61,6 +61,8 @@
+ 		{
+ 		MemCheck_off();
+ 		name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
++		MemCheck_on();
++		if (!name_funcs) return(0);
+ 		name_funcs->hash_func = lh_strhash;
+ 		name_funcs->cmp_func = (int (*)())strcmp;
+ 		name_funcs->free_func = 0; /* NULL is often declared to
+@@ -68,6 +70,7 @@
+ 					    * to Compaq C is not really
+ 					    * compatible with a function
+ 					    * pointer.  -- Richard Levitte*/
++		MemCheck_off();
+ 		sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
+ 		MemCheck_on();
+ 		}
+Index: crypto/openssl/crypto/objects/obj_dat.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/objects/obj_dat.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 obj_dat.c
+--- crypto/openssl/crypto/objects/obj_dat.c	26 Nov 2000 11:33:41 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/objects/obj_dat.c	31 Jul 2002 00:46:57 -0000
+@@ -228,7 +228,7 @@
+ 	if (added == NULL)
+ 		if (!init_added()) return(0);
+ 	if ((o=OBJ_dup(obj)) == NULL) goto err;
+-	ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
++	if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
+ 	if ((o->length != 0) && (obj->data != NULL))
+ 		ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
+ 	if (o->sn != NULL)
+@@ -428,7 +428,7 @@
+ 	unsigned long l;
+ 	unsigned char *p;
+ 	const char *s;
+-	char tbuf[32];
++	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
+ 
+ 	if (buf_len <= 0) return(0);
+ 
+@@ -437,8 +437,7 @@
+ 		return(0);
+ 	}
+ 
+-	nid=OBJ_obj2nid(a);
+-	if ((nid == NID_undef) || no_name) {
++	if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
+ 		len=a->length;
+ 		p=a->data;
+ 
+@@ -645,6 +644,8 @@
+ 		return(0);
+ 		}
+ 	i=a2d_ASN1_OBJECT(buf,i,oid,-1);
++	if (i == 0)
++		goto err;
+ 	op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
+ 	if (op == NULL) 
+ 		goto err;
+Index: crypto/openssl/crypto/objects/obj_dat.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/objects/obj_dat.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 obj_dat.h
+--- crypto/openssl/crypto/objects/obj_dat.h	26 Nov 2000 11:33:42 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/objects/obj_dat.h	31 Jul 2002 00:46:57 -0000
+@@ -1,4 +1,10 @@
+-/* lib/obj/obj_dat.h */
++/* crypto/objects/obj_dat.h */
++
++/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
++ * following command:
++ * perl obj_dat.pl objects.h obj_dat.h
++ */
++
+ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+  * All rights reserved.
+  *
+@@ -56,17 +62,12 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
+- * following command:
+- * perl obj_dat.pl objects.h obj_dat.h
+- */
++#define NUM_NID 404
++#define NUM_SN 402
++#define NUM_LN 402
++#define NUM_OBJ 376
+ 
+-#define NUM_NID 393
+-#define NUM_SN 392
+-#define NUM_LN 392
+-#define NUM_OBJ 366
+-
+-static unsigned char lvalues[2896]={
++static unsigned char lvalues[2951]={
+ 0x00,                                        /* [  0] OBJ_undef */
+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
+ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
+@@ -390,49 +391,59 @@
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2583] OBJ_id_on_personalData */
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2591] OBJ_id_pda_dateOfBirth */
+ 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2599] OBJ_id_pda_placeOfBirth */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_pseudonym */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_gender */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfCitizenship */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x06,     /* [2631] OBJ_id_pda_countryOfResidence */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2639] OBJ_id_aca_authenticationInfo */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2647] OBJ_id_aca_accessIdentity */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2655] OBJ_id_aca_chargingIdentity */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2663] OBJ_id_aca_group */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2671] OBJ_id_aca_role */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2679] OBJ_id_qcs_pkixQCSyntax_v1 */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2687] OBJ_id_cct_crs */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2695] OBJ_id_cct_PKIData */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2703] OBJ_id_cct_PKIResponse */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2711] OBJ_ad_timeStamping */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2719] OBJ_ad_dvcs */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2727] OBJ_id_pkix_OCSP_basic */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2736] OBJ_id_pkix_OCSP_Nonce */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2745] OBJ_id_pkix_OCSP_CrlID */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2754] OBJ_id_pkix_OCSP_acceptableResponses */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2763] OBJ_id_pkix_OCSP_noCheck */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2772] OBJ_id_pkix_OCSP_archiveCutoff */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2781] OBJ_id_pkix_OCSP_serviceLocator */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2790] OBJ_id_pkix_OCSP_extendedStatus */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2799] OBJ_id_pkix_OCSP_valid */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2808] OBJ_id_pkix_OCSP_path */
+-0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2817] OBJ_id_pkix_OCSP_trustRoot */
+-0x2B,0x0E,0x03,0x02,                         /* [2826] OBJ_algorithm */
+-0x2B,0x0E,0x03,0x02,0x0B,                    /* [2830] OBJ_rsaSignature */
+-0x55,0x08,                                   /* [2835] OBJ_X500algorithms */
+-0x2B,                                        /* [2837] OBJ_org */
+-0x2B,0x06,                                   /* [2838] OBJ_dod */
+-0x2B,0x06,0x01,                              /* [2840] OBJ_iana */
+-0x2B,0x06,0x01,0x01,                         /* [2843] OBJ_Directory */
+-0x2B,0x06,0x01,0x02,                         /* [2847] OBJ_Management */
+-0x2B,0x06,0x01,0x03,                         /* [2851] OBJ_Experimental */
+-0x2B,0x06,0x01,0x04,                         /* [2855] OBJ_Private */
+-0x2B,0x06,0x01,0x05,                         /* [2859] OBJ_Security */
+-0x2B,0x06,0x01,0x06,                         /* [2863] OBJ_SNMPv2 */
+-0x2B,0x06,0x01,0x07,                         /* [2867] OBJ_Mail */
+-0x01,                                        /* [2871] OBJ_Enterprises */
+-0xBA,0x82,0x58,                              /* [2872] OBJ_dcObject */
+-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2875] OBJ_domainComponent */
+-0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2885] OBJ_Domain */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_gender */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_countryOfCitizenship */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfResidence */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2631] OBJ_id_aca_authenticationInfo */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2639] OBJ_id_aca_accessIdentity */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2647] OBJ_id_aca_chargingIdentity */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2655] OBJ_id_aca_group */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2663] OBJ_id_aca_role */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2679] OBJ_id_cct_crs */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2687] OBJ_id_cct_PKIData */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2695] OBJ_id_cct_PKIResponse */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2703] OBJ_ad_timeStamping */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2711] OBJ_ad_dvcs */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */
++0x2B,0x0E,0x03,0x02,                         /* [2818] OBJ_algorithm */
++0x2B,0x0E,0x03,0x02,0x0B,                    /* [2822] OBJ_rsaSignature */
++0x55,0x08,                                   /* [2827] OBJ_X500algorithms */
++0x2B,                                        /* [2829] OBJ_org */
++0x2B,0x06,                                   /* [2830] OBJ_dod */
++0x2B,0x06,0x01,                              /* [2832] OBJ_iana */
++0x2B,0x06,0x01,0x01,                         /* [2835] OBJ_Directory */
++0x2B,0x06,0x01,0x02,                         /* [2839] OBJ_Management */
++0x2B,0x06,0x01,0x03,                         /* [2843] OBJ_Experimental */
++0x2B,0x06,0x01,0x04,                         /* [2847] OBJ_Private */
++0x2B,0x06,0x01,0x05,                         /* [2851] OBJ_Security */
++0x2B,0x06,0x01,0x06,                         /* [2855] OBJ_SNMPv2 */
++0x2B,0x06,0x01,0x07,                         /* [2859] OBJ_Mail */
++0x2B,0x06,0x01,0x04,0x01,                    /* [2863] OBJ_Enterprises */
++0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */
++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */
++0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */
++0x50,                                        /* [2897] OBJ_joint_iso_ccitt */
++0x55,0x01,0x05,                              /* [2898] OBJ_selected_attribute_types */
++0x55,0x01,0x05,0x37,                         /* [2901] OBJ_clearance */
++0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2905] OBJ_md4WithRSAEncryption */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2914] OBJ_ac_proxying */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2922] OBJ_sinfo_access */
++0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2930] OBJ_id_aca_encAttrs */
++0x55,0x04,0x48,                              /* [2938] OBJ_role */
++0x55,0x1D,0x24,                              /* [2941] OBJ_policy_constraints */
++0x55,0x1D,0x37,                              /* [2944] OBJ_target_information */
++0x55,0x1D,0x38,                              /* [2947] OBJ_no_rev_avail */
+ };
+ 
+ static ASN1_OBJECT nid_objs[NUM_NID]={
+@@ -576,7 +587,8 @@
+ {"G","givenName",NID_givenName,3,&(lvalues[535]),0},
+ {"S","surname",NID_surname,3,&(lvalues[538]),0},
+ {"I","initials",NID_initials,3,&(lvalues[541]),0},
+-{"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[544]),0},
++{"uniqueIdentifier","uniqueIdentifier",NID_uniqueIdentifier,3,
++	&(lvalues[544]),0},
+ {"crlDistributionPoints","X509v3 CRL Distribution Points",
+ 	NID_crl_distribution_points,3,&(lvalues[547]),0},
+ {"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[550]),0},
+@@ -985,66 +997,84 @@
+ 	&(lvalues[2591]),0},
+ {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
+ 	8,&(lvalues[2599]),0},
+-{"id-pda-pseudonym","id-pda-pseudonym",NID_id_pda_pseudonym,8,
+-	&(lvalues[2607]),0},
+-{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2615]),0},
++{NULL,NULL,NID_undef,0,NULL},
++{"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0},
+ {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
+-	NID_id_pda_countryOfCitizenship,8,&(lvalues[2623]),0},
++	NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0},
+ {"id-pda-countryOfResidence","id-pda-countryOfResidence",
+-	NID_id_pda_countryOfResidence,8,&(lvalues[2631]),0},
++	NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0},
+ {"id-aca-authenticationInfo","id-aca-authenticationInfo",
+-	NID_id_aca_authenticationInfo,8,&(lvalues[2639]),0},
++	NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0},
+ {"id-aca-accessIdentity","id-aca-accessIdentity",
+-	NID_id_aca_accessIdentity,8,&(lvalues[2647]),0},
++	NID_id_aca_accessIdentity,8,&(lvalues[2639]),0},
+ {"id-aca-chargingIdentity","id-aca-chargingIdentity",
+-	NID_id_aca_chargingIdentity,8,&(lvalues[2655]),0},
+-{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2663]),0},
+-{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2671]),0},
++	NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0},
++{"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0},
++{"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0},
+ {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
+-	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2679]),0},
+-{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2687]),0},
++	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0},
++{"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0},
+ {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
+-	&(lvalues[2695]),0},
++	&(lvalues[2687]),0},
+ {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
+-	&(lvalues[2703]),0},
++	&(lvalues[2695]),0},
+ {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
+-	&(lvalues[2711]),0},
+-{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2719]),0},
++	&(lvalues[2703]),0},
++{"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0},
+ {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
+-	&(lvalues[2727]),0},
+-{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2736]),0},
+-{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2745]),0},
++	&(lvalues[2719]),0},
++{"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0},
++{"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0},
+ {"acceptableResponses","Acceptable OCSP Responses",
+-	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2754]),0},
+-{"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2763]),0},
++	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0},
++{"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0},
+ {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
+-	9,&(lvalues[2772]),0},
++	9,&(lvalues[2764]),0},
+ {"serviceLocator","OCSP Service Locator",
+-	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2781]),0},
++	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0},
+ {"extendedStatus","Extended OCSP Status",
+-	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2790]),0},
+-{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2799]),0},
+-{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2808]),0},
++	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0},
++{"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0},
++{"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0},
+ {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
+-	&(lvalues[2817]),0},
+-{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2826]),0},
+-{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2830]),0},
++	&(lvalues[2809]),0},
++{"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0},
++{"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0},
+ {"X500algorithms","directory services - algorithms",
+-	NID_X500algorithms,2,&(lvalues[2835]),0},
+-{"ORG","org",NID_org,1,&(lvalues[2837]),0},
+-{"DOD","dod",NID_dod,2,&(lvalues[2838]),0},
+-{"IANA","iana",NID_iana,3,&(lvalues[2840]),0},
+-{"directory","Directory",NID_Directory,4,&(lvalues[2843]),0},
+-{"mgmt","Management",NID_Management,4,&(lvalues[2847]),0},
+-{"experimental","Experimental",NID_Experimental,4,&(lvalues[2851]),0},
+-{"private","Private",NID_Private,4,&(lvalues[2855]),0},
+-{"security","Security",NID_Security,4,&(lvalues[2859]),0},
+-{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2863]),0},
+-{"mail","Mail",NID_Mail,4,&(lvalues[2867]),0},
+-{"enterprises","Enterprises",NID_Enterprises,1,&(lvalues[2871]),0},
+-{"dcobject","dcObject",NID_dcObject,3,&(lvalues[2872]),0},
+-{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2875]),0},
+-{"domain","Domain",NID_Domain,10,&(lvalues[2885]),0},
++	NID_X500algorithms,2,&(lvalues[2827]),0},
++{"ORG","org",NID_org,1,&(lvalues[2829]),0},
++{"DOD","dod",NID_dod,2,&(lvalues[2830]),0},
++{"IANA","iana",NID_iana,3,&(lvalues[2832]),0},
++{"directory","Directory",NID_Directory,4,&(lvalues[2835]),0},
++{"mgmt","Management",NID_Management,4,&(lvalues[2839]),0},
++{"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0},
++{"private","Private",NID_Private,4,&(lvalues[2847]),0},
++{"security","Security",NID_Security,4,&(lvalues[2851]),0},
++{"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0},
++{"mail","Mail",NID_Mail,4,&(lvalues[2859]),0},
++{"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0},
++{"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0},
++{"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0},
++{"domain","Domain",NID_Domain,10,&(lvalues[2887]),0},
++{"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1,
++	&(lvalues[2897]),0},
++{"selected-attribute-types","Selected Attribute Types",
++	NID_selected_attribute_types,3,&(lvalues[2898]),0},
++{"clearance","clearance",NID_clearance,4,&(lvalues[2901]),0},
++{"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
++	&(lvalues[2905]),0},
++{"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2914]),0},
++{"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
++	&(lvalues[2922]),0},
++{"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
++	&(lvalues[2930]),0},
++{"role","role",NID_role,3,&(lvalues[2938]),0},
++{"policyConstraints","X509v3 Policy Constraints",
++	NID_policy_constraints,3,&(lvalues[2941]),0},
++{"targetInformation","X509v3 AC Targeting",NID_target_information,3,
++	&(lvalues[2944]),0},
++{"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
++	&(lvalues[2947]),0},
+ };
+ 
+ static ASN1_OBJECT *sn_objs[NUM_SN]={
+@@ -1093,6 +1123,7 @@
+ &(nid_objs[46]),/* "IDEA-OFB" */
+ &(nid_objs[181]),/* "ISO" */
+ &(nid_objs[183]),/* "ISO-US" */
++&(nid_objs[393]),/* "JOINT-ISO-CCITT" */
+ &(nid_objs[15]),/* "L" */
+ &(nid_objs[ 3]),/* "MD2" */
+ &(nid_objs[257]),/* "MD4" */
+@@ -1138,6 +1169,7 @@
+ &(nid_objs[124]),/* "RLE" */
+ &(nid_objs[19]),/* "RSA" */
+ &(nid_objs[ 7]),/* "RSA-MD2" */
++&(nid_objs[396]),/* "RSA-MD4" */
+ &(nid_objs[ 8]),/* "RSA-MD5" */
+ &(nid_objs[96]),/* "RSA-MDC2" */
+ &(nid_objs[104]),/* "RSA-NP-MD5" */
+@@ -1154,7 +1186,6 @@
+ &(nid_objs[16]),/* "ST" */
+ &(nid_objs[143]),/* "SXNetID" */
+ &(nid_objs[106]),/* "T" */
+-&(nid_objs[102]),/* "UID" */
+ &(nid_objs[ 0]),/* "UNDEF" */
+ &(nid_objs[11]),/* "X500" */
+ &(nid_objs[378]),/* "X500algorithms" */
+@@ -1164,6 +1195,7 @@
+ &(nid_objs[125]),/* "ZLIB" */
+ &(nid_objs[289]),/* "aaControls" */
+ &(nid_objs[287]),/* "ac-auditEntity" */
++&(nid_objs[397]),/* "ac-proxying" */
+ &(nid_objs[288]),/* "ac-targeting" */
+ &(nid_objs[368]),/* "acceptableResponses" */
+ &(nid_objs[363]),/* "ad_timestamping" */
+@@ -1178,6 +1210,7 @@
+ &(nid_objs[152]),/* "certBag" */
+ &(nid_objs[89]),/* "certificatePolicies" */
+ &(nid_objs[54]),/* "challengePassword" */
++&(nid_objs[395]),/* "clearance" */
+ &(nid_objs[130]),/* "clientAuth" */
+ &(nid_objs[131]),/* "codeSigning" */
+ &(nid_objs[50]),/* "contentType" */
+@@ -1204,6 +1237,7 @@
+ &(nid_objs[355]),/* "id-aca-accessIdentity" */
+ &(nid_objs[354]),/* "id-aca-authenticationInfo" */
+ &(nid_objs[356]),/* "id-aca-chargingIdentity" */
++&(nid_objs[399]),/* "id-aca-encAttrs" */
+ &(nid_objs[357]),/* "id-aca-group" */
+ &(nid_objs[358]),/* "id-aca-role" */
+ &(nid_objs[176]),/* "id-ad" */
+@@ -1275,7 +1309,6 @@
+ &(nid_objs[348]),/* "id-pda-dateOfBirth" */
+ &(nid_objs[351]),/* "id-pda-gender" */
+ &(nid_objs[349]),/* "id-pda-placeOfBirth" */
+-&(nid_objs[350]),/* "id-pda-pseudonym" */
+ &(nid_objs[175]),/* "id-pe" */
+ &(nid_objs[261]),/* "id-pkip" */
+ &(nid_objs[258]),/* "id-pkix-mod" */
+@@ -1386,6 +1419,7 @@
+ &(nid_objs[137]),/* "msSGC" */
+ &(nid_objs[173]),/* "name" */
+ &(nid_objs[369]),/* "noCheck" */
++&(nid_objs[403]),/* "noRevAvail" */
+ &(nid_objs[72]),/* "nsBaseUrl" */
+ &(nid_objs[76]),/* "nsCaPolicyUrl" */
+ &(nid_objs[74]),/* "nsCaRevocationUrl" */
+@@ -1413,9 +1447,11 @@
+ &(nid_objs[22]),/* "pkcs7-signedData" */
+ &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
+ &(nid_objs[47]),/* "pkcs9" */
++&(nid_objs[401]),/* "policyConstraints" */
+ &(nid_objs[385]),/* "private" */
+ &(nid_objs[84]),/* "privateKeyUsagePeriod" */
+ &(nid_objs[286]),/* "qcStatements" */
++&(nid_objs[400]),/* "role" */
+ &(nid_objs[ 6]),/* "rsaEncryption" */
+ &(nid_objs[377]),/* "rsaSignature" */
+ &(nid_objs[ 1]),/* "rsadsi" */
+@@ -1426,15 +1462,19 @@
+ &(nid_objs[159]),/* "sdsiCertificate" */
+ &(nid_objs[154]),/* "secretBag" */
+ &(nid_objs[386]),/* "security" */
++&(nid_objs[394]),/* "selected-attribute-types" */
+ &(nid_objs[129]),/* "serverAuth" */
+ &(nid_objs[371]),/* "serviceLocator" */
+ &(nid_objs[52]),/* "signingTime" */
+ &(nid_objs[387]),/* "snmpv2" */
+ &(nid_objs[85]),/* "subjectAltName" */
++&(nid_objs[398]),/* "subjectInfoAccess" */
+ &(nid_objs[82]),/* "subjectKeyIdentifier" */
++&(nid_objs[402]),/* "targetInformation" */
+ &(nid_objs[293]),/* "textNotice" */
+ &(nid_objs[133]),/* "timeStamping" */
+ &(nid_objs[375]),/* "trustRoot" */
++&(nid_objs[102]),/* "uniqueIdentifier" */
+ &(nid_objs[55]),/* "unstructuredAddress" */
+ &(nid_objs[49]),/* "unstructuredName" */
+ &(nid_objs[373]),/* "valid" */
+@@ -1503,12 +1543,15 @@
+ &(nid_objs[167]),/* "S/MIME Capabilities" */
+ &(nid_objs[387]),/* "SNMPv2" */
+ &(nid_objs[386]),/* "Security" */
++&(nid_objs[394]),/* "Selected Attribute Types" */
+ &(nid_objs[143]),/* "Strong Extranet ID" */
++&(nid_objs[398]),/* "Subject Information Access" */
+ &(nid_objs[130]),/* "TLS Web Client Authentication" */
+ &(nid_objs[129]),/* "TLS Web Server Authentication" */
+ &(nid_objs[133]),/* "Time Stamping" */
+ &(nid_objs[375]),/* "Trust Root" */
+ &(nid_objs[12]),/* "X509" */
++&(nid_objs[402]),/* "X509v3 AC Targeting" */
+ &(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
+ &(nid_objs[87]),/* "X509v3 Basic Constraints" */
+ &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
+@@ -1519,6 +1562,8 @@
+ &(nid_objs[126]),/* "X509v3 Extended Key Usage" */
+ &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
+ &(nid_objs[83]),/* "X509v3 Key Usage" */
++&(nid_objs[403]),/* "X509v3 No Revocation Available" */
++&(nid_objs[401]),/* "X509v3 Policy Constraints" */
+ &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
+ &(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
+ &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
+@@ -1526,6 +1571,7 @@
+ &(nid_objs[185]),/* "X9.57 CM ?" */
+ &(nid_objs[289]),/* "aaControls" */
+ &(nid_objs[287]),/* "ac-auditEntity" */
++&(nid_objs[397]),/* "ac-proxying" */
+ &(nid_objs[288]),/* "ac-targeting" */
+ &(nid_objs[364]),/* "ad dvcs" */
+ &(nid_objs[376]),/* "algorithm" */
+@@ -1539,6 +1585,7 @@
+ &(nid_objs[111]),/* "cast5-ofb" */
+ &(nid_objs[152]),/* "certBag" */
+ &(nid_objs[54]),/* "challengePassword" */
++&(nid_objs[395]),/* "clearance" */
+ &(nid_objs[13]),/* "commonName" */
+ &(nid_objs[50]),/* "contentType" */
+ &(nid_objs[53]),/* "countersignature" */
+@@ -1581,6 +1628,7 @@
+ &(nid_objs[355]),/* "id-aca-accessIdentity" */
+ &(nid_objs[354]),/* "id-aca-authenticationInfo" */
+ &(nid_objs[356]),/* "id-aca-chargingIdentity" */
++&(nid_objs[399]),/* "id-aca-encAttrs" */
+ &(nid_objs[357]),/* "id-aca-group" */
+ &(nid_objs[358]),/* "id-aca-role" */
+ &(nid_objs[176]),/* "id-ad" */
+@@ -1652,7 +1700,6 @@
+ &(nid_objs[348]),/* "id-pda-dateOfBirth" */
+ &(nid_objs[351]),/* "id-pda-gender" */
+ &(nid_objs[349]),/* "id-pda-placeOfBirth" */
+-&(nid_objs[350]),/* "id-pda-pseudonym" */
+ &(nid_objs[175]),/* "id-pe" */
+ &(nid_objs[261]),/* "id-pkip" */
+ &(nid_objs[258]),/* "id-pkix-mod" */
+@@ -1747,12 +1794,14 @@
+ &(nid_objs[46]),/* "idea-ofb" */
+ &(nid_objs[101]),/* "initials" */
+ &(nid_objs[181]),/* "iso" */
++&(nid_objs[393]),/* "joint-iso-ccitt" */
+ &(nid_objs[150]),/* "keyBag" */
+ &(nid_objs[157]),/* "localKeyID" */
+ &(nid_objs[15]),/* "localityName" */
+ &(nid_objs[ 3]),/* "md2" */
+ &(nid_objs[ 7]),/* "md2WithRSAEncryption" */
+ &(nid_objs[257]),/* "md4" */
++&(nid_objs[396]),/* "md4WithRSAEncryption" */
+ &(nid_objs[ 4]),/* "md5" */
+ &(nid_objs[114]),/* "md5-sha1" */
+ &(nid_objs[104]),/* "md5WithRSA" */
+@@ -1806,6 +1855,7 @@
+ &(nid_objs[123]),/* "rc5-ofb" */
+ &(nid_objs[117]),/* "ripemd160" */
+ &(nid_objs[119]),/* "ripemd160WithRSA" */
++&(nid_objs[400]),/* "role" */
+ &(nid_objs[19]),/* "rsa" */
+ &(nid_objs[ 6]),/* "rsaEncryption" */
+ &(nid_objs[377]),/* "rsaSignature" */
+@@ -1839,10 +1889,10 @@
+ 
+ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
+ &(nid_objs[ 0]),/* OBJ_undef                        0 */
+-&(nid_objs[389]),/* OBJ_Enterprises                   1 */
+ &(nid_objs[181]),/* OBJ_iso                          1 */
+ &(nid_objs[182]),/* OBJ_member_body                  1 2 */
+ &(nid_objs[379]),/* OBJ_org                          1 3 */
++&(nid_objs[393]),/* OBJ_joint_iso_ccitt              2 */
+ &(nid_objs[11]),/* OBJ_X500                         2 5 */
+ &(nid_objs[380]),/* OBJ_dod                          1 3 6 */
+ &(nid_objs[12]),/* OBJ_X509                         2 5 4 */
+@@ -1850,6 +1900,7 @@
+ &(nid_objs[81]),/* OBJ_id_ce                        2 5 29 */
+ &(nid_objs[183]),/* OBJ_ISO_US                       1 2 840 */
+ &(nid_objs[381]),/* OBJ_iana                         1 3 6 1 */
++&(nid_objs[394]),/* OBJ_selected_attribute_types     2 5 1 5 */
+ &(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
+ &(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
+ &(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
+@@ -1865,6 +1916,7 @@
+ &(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
+ &(nid_objs[102]),/* OBJ_uniqueIdentifier             2 5 4 45 */
+ &(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */
++&(nid_objs[400]),/* OBJ_role                         2 5 4 72 */
+ &(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
+ &(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
+ &(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
+@@ -1878,8 +1930,10 @@
+ &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
+ &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
+ &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
++&(nid_objs[401]),/* OBJ_policy_constraints           2 5 29 36 */
+ &(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
+-&(nid_objs[390]),/* OBJ_dcObject                      1466 344 */
++&(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */
++&(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */
+ &(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
+ &(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
+ &(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
+@@ -1888,10 +1942,12 @@
+ &(nid_objs[387]),/* OBJ_SNMPv2                       1 3 6 1 6 */
+ &(nid_objs[388]),/* OBJ_Mail                         1 3 6 1 7 */
+ &(nid_objs[376]),/* OBJ_algorithm                    1 3 14 3 2 */
++&(nid_objs[395]),/* OBJ_clearance                    2 5 1 5 55 */
+ &(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
+ &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+ &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
+ &(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */
++&(nid_objs[389]),/* OBJ_Enterprises                  1 3 6 1 4 1 */
+ &(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+ &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
+ &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
+@@ -1970,6 +2026,8 @@
+ &(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+ &(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+ &(nid_objs[292]),/* OBJ_sbqp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
++&(nid_objs[397]),/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
++&(nid_objs[398]),/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
+ &(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
+ &(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
+ &(nid_objs[293]),/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
+@@ -2027,15 +2085,15 @@
+ &(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+ &(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+ &(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+-&(nid_objs[350]),/* OBJ_id_pda_pseudonym             1 3 6 1 5 5 7 9 3 */
+-&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 4 */
+-&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 5 */
+-&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 6 */
++&(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
++&(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
++&(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
+ &(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+ &(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+ &(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+ &(nid_objs[357]),/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+ &(nid_objs[358]),/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
++&(nid_objs[399]),/* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
+ &(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+ &(nid_objs[360]),/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+ &(nid_objs[361]),/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+@@ -2050,6 +2108,7 @@
+ &(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+ &(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+ &(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
++&(nid_objs[396]),/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
+ &(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+ &(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+ &(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+@@ -2082,6 +2141,7 @@
+ &(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
+ &(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
+ &(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
++&(nid_objs[390]),/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
+ &(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
+ &(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
+ &(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
+Index: crypto/openssl/crypto/objects/obj_dat.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/objects/obj_dat.pl,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 obj_dat.pl
+--- crypto/openssl/crypto/objects/obj_dat.pl	26 Nov 2000 11:33:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/objects/obj_dat.pl	31 Jul 2002 00:46:57 -0000
+@@ -164,7 +164,13 @@
+ 	}
+ 
+ print OUT <<'EOF';
+-/* lib/obj/obj_dat.h */
++/* crypto/objects/obj_dat.h */
++
++/* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
++ * following command:
++ * perl obj_dat.pl objects.h obj_dat.h
++ */
++
+ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+  * All rights reserved.
+  *
+@@ -220,11 +226,6 @@
+  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
+- */
+-
+-/* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
+- * following command:
+- * perl obj_dat.pl objects.h obj_dat.h
+  */
+ 
+ EOF
+Index: crypto/openssl/crypto/objects/obj_mac.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/objects/obj_mac.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 obj_mac.h
+--- crypto/openssl/crypto/objects/obj_mac.h	26 Nov 2000 11:38:44 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/objects/obj_mac.h	31 Jul 2002 00:46:57 -0000
+@@ -1,4 +1,10 @@
+-/* lib/obj/obj_mac.h */
++/* crypto/objects/obj_mac.h */
++
++/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
++ * following command:
++ * perl objects.pl objects.txt obj_mac.num obj_mac.h
++ */
++
+ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+  * All rights reserved.
+  *
+@@ -56,11 +62,6 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+- * following command:
+- * perl objects.pl objects.txt obj_mac.num obj_mac.h
+- */
+-
+ #define SN_undef			"UNDEF"
+ #define LN_undef			"undefined"
+ #define NID_undef			0
+@@ -71,11 +72,25 @@
+ #define NID_iso		181
+ #define OBJ_iso		1L
+ 
++#define SN_joint_iso_ccitt		"JOINT-ISO-CCITT"
++#define LN_joint_iso_ccitt		"joint-iso-ccitt"
++#define NID_joint_iso_ccitt		393
++#define OBJ_joint_iso_ccitt		2L
++
+ #define SN_member_body		"member-body"
+ #define LN_member_body		"ISO Member Body"
+ #define NID_member_body		182
+ #define OBJ_member_body		OBJ_iso,2L
+ 
++#define SN_selected_attribute_types		"selected-attribute-types"
++#define LN_selected_attribute_types		"Selected Attribute Types"
++#define NID_selected_attribute_types		394
++#define OBJ_selected_attribute_types		OBJ_joint_iso_ccitt,5L,1L,5L
++
++#define SN_clearance		"clearance"
++#define NID_clearance		395
++#define OBJ_clearance		OBJ_selected_attribute_types,55L
++
+ #define SN_ISO_US		"ISO-US"
+ #define LN_ISO_US		"ISO US Member Body"
+ #define NID_ISO_US		183
+@@ -145,6 +160,11 @@
+ #define NID_md2WithRSAEncryption		7
+ #define OBJ_md2WithRSAEncryption		OBJ_pkcs1,2L
+ 
++#define SN_md4WithRSAEncryption		"RSA-MD4"
++#define LN_md4WithRSAEncryption		"md4WithRSAEncryption"
++#define NID_md4WithRSAEncryption		396
++#define OBJ_md4WithRSAEncryption		OBJ_pkcs1,3L
++
+ #define SN_md5WithRSAEncryption		"RSA-MD5"
+ #define LN_md5WithRSAEncryption		"md5WithRSAEncryption"
+ #define NID_md5WithRSAEncryption		8
+@@ -956,6 +976,15 @@
+ #define NID_sbqp_routerIdentifier		292
+ #define OBJ_sbqp_routerIdentifier		OBJ_id_pe,9L
+ 
++#define SN_ac_proxying		"ac-proxying"
++#define NID_ac_proxying		397
++#define OBJ_ac_proxying		OBJ_id_pe,10L
++
++#define SN_sinfo_access		"subjectInfoAccess"
++#define LN_sinfo_access		"Subject Information Access"
++#define NID_sinfo_access		398
++#define OBJ_sinfo_access		OBJ_id_pe,11L
++
+ #define SN_id_qt_cps		"id-qt-cps"
+ #define LN_id_qt_cps		"Policy Qualifier CPS"
+ #define NID_id_qt_cps		164
+@@ -1228,21 +1257,17 @@
+ #define NID_id_pda_placeOfBirth		349
+ #define OBJ_id_pda_placeOfBirth		OBJ_id_pda,2L
+ 
+-#define SN_id_pda_pseudonym		"id-pda-pseudonym"
+-#define NID_id_pda_pseudonym		350
+-#define OBJ_id_pda_pseudonym		OBJ_id_pda,3L
+-
+ #define SN_id_pda_gender		"id-pda-gender"
+ #define NID_id_pda_gender		351
+-#define OBJ_id_pda_gender		OBJ_id_pda,4L
++#define OBJ_id_pda_gender		OBJ_id_pda,3L
+ 
+ #define SN_id_pda_countryOfCitizenship		"id-pda-countryOfCitizenship"
+ #define NID_id_pda_countryOfCitizenship		352
+-#define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,5L
++#define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,4L
+ 
+ #define SN_id_pda_countryOfResidence		"id-pda-countryOfResidence"
+ #define NID_id_pda_countryOfResidence		353
+-#define OBJ_id_pda_countryOfResidence		OBJ_id_pda,6L
++#define OBJ_id_pda_countryOfResidence		OBJ_id_pda,5L
+ 
+ #define SN_id_aca_authenticationInfo		"id-aca-authenticationInfo"
+ #define NID_id_aca_authenticationInfo		354
+@@ -1264,6 +1289,10 @@
+ #define NID_id_aca_role		358
+ #define OBJ_id_aca_role		OBJ_id_aca,5L
+ 
++#define SN_id_aca_encAttrs		"id-aca-encAttrs"
++#define NID_id_aca_encAttrs		399
++#define OBJ_id_aca_encAttrs		OBJ_id_aca,6L
++
+ #define SN_id_qcs_pkixQCSyntax_v1		"id-qcs-pkixQCSyntax-v1"
+ #define NID_id_qcs_pkixQCSyntax_v1		359
+ #define OBJ_id_qcs_pkixQCSyntax_v1		OBJ_id_qcs,1L
+@@ -1545,7 +1574,6 @@
+ #define NID_initials		101
+ #define OBJ_initials		OBJ_X509,43L
+ 
+-#define SN_uniqueIdentifier		"UID"
+ #define LN_uniqueIdentifier		"uniqueIdentifier"
+ #define NID_uniqueIdentifier		102
+ #define OBJ_uniqueIdentifier		OBJ_X509,45L
+@@ -1555,6 +1583,11 @@
+ #define NID_dnQualifier		174
+ #define OBJ_dnQualifier		OBJ_X509,46L
+ 
++#define SN_role		"role"
++#define LN_role		"role"
++#define NID_role		400
++#define OBJ_role		OBJ_X509,72L
++
+ #define SN_X500algorithms		"X500algorithms"
+ #define LN_X500algorithms		"directory services - algorithms"
+ #define NID_X500algorithms		378
+@@ -1644,11 +1677,26 @@
+ #define NID_authority_key_identifier		90
+ #define OBJ_authority_key_identifier		OBJ_id_ce,35L
+ 
++#define SN_policy_constraints		"policyConstraints"
++#define LN_policy_constraints		"X509v3 Policy Constraints"
++#define NID_policy_constraints		401
++#define OBJ_policy_constraints		OBJ_id_ce,36L
++
+ #define SN_ext_key_usage		"extendedKeyUsage"
+ #define LN_ext_key_usage		"X509v3 Extended Key Usage"
+ #define NID_ext_key_usage		126
+ #define OBJ_ext_key_usage		OBJ_id_ce,37L
+ 
++#define SN_target_information		"targetInformation"
++#define LN_target_information		"X509v3 AC Targeting"
++#define NID_target_information		402
++#define OBJ_target_information		OBJ_id_ce,55L
++
++#define SN_no_rev_avail		"noRevAvail"
++#define LN_no_rev_avail		"X509v3 No Revocation Available"
++#define NID_no_rev_avail		403
++#define OBJ_no_rev_avail		OBJ_id_ce,56L
++
+ #define SN_netscape		"Netscape"
+ #define LN_netscape		"Netscape Communications Corp."
+ #define NID_netscape		57
+@@ -1769,12 +1817,12 @@
+ #define SN_Enterprises		"enterprises"
+ #define LN_Enterprises		"Enterprises"
+ #define NID_Enterprises		389
+-#define OBJ_Enterprises		OBJ_private,1L
++#define OBJ_Enterprises		OBJ_Private,1L
+ 
+ #define SN_dcObject		"dcobject"
+ #define LN_dcObject		"dcObject"
+ #define NID_dcObject		390
+-#define OBJ_dcObject		OBJ_enterprises,1466L,344L
++#define OBJ_dcObject		OBJ_Enterprises,1466L,344L
+ 
+ #define SN_domainComponent		"DC"
+ #define LN_domainComponent		"domainComponent"
+Index: crypto/openssl/crypto/objects/obj_mac.num
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/objects/obj_mac.num,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 obj_mac.num
+--- crypto/openssl/crypto/objects/obj_mac.num	26 Nov 2000 11:38:44 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/objects/obj_mac.num	31 Jul 2002 00:46:57 -0000
+@@ -390,3 +390,14 @@
+ dcObject		390
+ domainComponent		391
+ Domain		392
++joint_iso_ccitt		393
++selected_attribute_types		394
++clearance		395
++md4WithRSAEncryption		396
++ac_proxying		397
++sinfo_access		398
++id_aca_encAttrs		399
++role		400
++policy_constraints		401
++target_information		402
++no_rev_avail		403
+Index: crypto/openssl/crypto/objects/objects.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/objects/objects.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 objects.h
+--- crypto/openssl/crypto/objects/objects.h	26 Nov 2000 11:33:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/objects/objects.h	31 Jul 2002 00:46:57 -0000
+@@ -452,54 +452,54 @@
+ #define LN_desx_cbc			"desx-cbc"
+ #define NID_desx_cbc			80
+ 
+-#define SN_ld_ce			"ld-ce"
+-#define NID_ld_ce			81
+-#define OBJ_ld_ce			2L,5L,29L
++#define SN_id_ce			"id-ce"
++#define NID_id_ce			81
++#define OBJ_id_ce			2L,5L,29L
+ 
+ #define SN_subject_key_identifier	"subjectKeyIdentifier"
+ #define LN_subject_key_identifier	"X509v3 Subject Key Identifier"
+ #define NID_subject_key_identifier	82
+-#define OBJ_subject_key_identifier	OBJ_ld_ce,14L
++#define OBJ_subject_key_identifier	OBJ_id_ce,14L
+ 
+ #define SN_key_usage			"keyUsage"
+ #define LN_key_usage			"X509v3 Key Usage"
+ #define NID_key_usage			83
+-#define OBJ_key_usage			OBJ_ld_ce,15L
++#define OBJ_key_usage			OBJ_id_ce,15L
+ 
+ #define SN_private_key_usage_period	"privateKeyUsagePeriod"
+ #define LN_private_key_usage_period	"X509v3 Private Key Usage Period"
+ #define NID_private_key_usage_period	84
+-#define OBJ_private_key_usage_period	OBJ_ld_ce,16L
++#define OBJ_private_key_usage_period	OBJ_id_ce,16L
+ 
+ #define SN_subject_alt_name		"subjectAltName"
+ #define LN_subject_alt_name		"X509v3 Subject Alternative Name"
+ #define NID_subject_alt_name		85
+-#define OBJ_subject_alt_name		OBJ_ld_ce,17L
++#define OBJ_subject_alt_name		OBJ_id_ce,17L
+ 
+ #define SN_issuer_alt_name		"issuerAltName"
+ #define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"
+ #define NID_issuer_alt_name		86
+-#define OBJ_issuer_alt_name		OBJ_ld_ce,18L
++#define OBJ_issuer_alt_name		OBJ_id_ce,18L
+ 
+ #define SN_basic_constraints		"basicConstraints"
+ #define LN_basic_constraints		"X509v3 Basic Constraints"
+ #define NID_basic_constraints		87
+-#define OBJ_basic_constraints		OBJ_ld_ce,19L
++#define OBJ_basic_constraints		OBJ_id_ce,19L
+ 
+ #define SN_crl_number			"crlNumber"
+ #define LN_crl_number			"X509v3 CRL Number"
+ #define NID_crl_number			88
+-#define OBJ_crl_number			OBJ_ld_ce,20L
++#define OBJ_crl_number			OBJ_id_ce,20L
+ 
+ #define SN_certificate_policies		"certificatePolicies"
+ #define LN_certificate_policies		"X509v3 Certificate Policies"
+ #define NID_certificate_policies	89
+-#define OBJ_certificate_policies	OBJ_ld_ce,32L
++#define OBJ_certificate_policies	OBJ_id_ce,32L
+ 
+ #define SN_authority_key_identifier	"authorityKeyIdentifier"
+ #define LN_authority_key_identifier	"X509v3 Authority Key Identifier"
+ #define NID_authority_key_identifier	90
+-#define OBJ_authority_key_identifier	OBJ_ld_ce,35L
++#define OBJ_authority_key_identifier	OBJ_id_ce,35L
+ 
+ #define SN_bf_cbc			"BF-CBC"
+ #define LN_bf_cbc			"bf-cbc"
+@@ -560,7 +560,7 @@
+ #define SN_crl_distribution_points	"crlDistributionPoints"
+ #define LN_crl_distribution_points	"X509v3 CRL Distribution Points"
+ #define NID_crl_distribution_points	103
+-#define OBJ_crl_distribution_points	OBJ_ld_ce,31L
++#define OBJ_crl_distribution_points	OBJ_id_ce,31L
+ 
+ #define SN_md5WithRSA			"RSA-NP-MD5"
+ #define LN_md5WithRSA			"md5WithRSA"
+@@ -677,7 +677,7 @@
+ #define SN_ext_key_usage		"extendedKeyUsage"
+ #define LN_ext_key_usage		"X509v3 Extended Key Usage"
+ #define NID_ext_key_usage		126
+-#define OBJ_ext_key_usage		OBJ_ld_ce,37
++#define OBJ_ext_key_usage		OBJ_id_ce,37
+ 
+ #define SN_id_pkix			"PKIX"
+ #define NID_id_pkix			127
+@@ -751,17 +751,17 @@
+ #define SN_delta_crl			"deltaCRL"
+ #define LN_delta_crl			"X509v3 Delta CRL Indicator"
+ #define NID_delta_crl			140
+-#define OBJ_delta_crl			OBJ_ld_ce,27L
++#define OBJ_delta_crl			OBJ_id_ce,27L
+ 
+ #define SN_crl_reason			"CRLReason"
+ #define LN_crl_reason			"CRL Reason Code"
+ #define NID_crl_reason			141
+-#define OBJ_crl_reason			OBJ_ld_ce,21L
++#define OBJ_crl_reason			OBJ_id_ce,21L
+ 
+ #define SN_invalidity_date		"invalidityDate"
+ #define LN_invalidity_date		"Invalidity Date"
+ #define NID_invalidity_date		142
+-#define OBJ_invalidity_date		OBJ_ld_ce,24L
++#define OBJ_invalidity_date		OBJ_id_ce,24L
+ 
+ #define SN_sxnet			"SXNetID"
+ #define LN_sxnet			"Strong Extranet ID"
+@@ -1005,8 +1005,6 @@
+ int		OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b);
+ char *		OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)(const void *, const void *));
+ 
+-void		ERR_load_OBJ_strings(void );
+-
+ int		OBJ_new_nid(int num);
+ int		OBJ_add_object(ASN1_OBJECT *obj);
+ int		OBJ_create(char *oid,char *sn,char *ln);
+@@ -1017,6 +1015,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_OBJ_strings(void);
+ 
+ /* Error codes for the OBJ functions. */
+ 
+@@ -1035,4 +1034,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/objects/objects.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/objects/objects.pl,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 objects.pl
+--- crypto/openssl/crypto/objects/objects.pl	26 Nov 2000 11:38:45 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/objects/objects.pl	31 Jul 2002 00:46:57 -0000
+@@ -114,7 +114,13 @@
+ 
+ open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
+ print OUT <<'EOF';
+-/* lib/obj/obj_mac.h */
++/* crypto/objects/obj_mac.h */
++
++/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
++ * following command:
++ * perl objects.pl objects.txt obj_mac.num obj_mac.h
++ */
++
+ /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+  * All rights reserved.
+  *
+@@ -172,11 +178,6 @@
+  * [including the GNU Public Licence.]
+  */
+ 
+-/* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+- * following command:
+- * perl objects.pl objects.txt obj_mac.num obj_mac.h
+- */
+-
+ #define SN_undef			"UNDEF"
+ #define LN_undef			"undefined"
+ #define NID_undef			0
+@@ -207,6 +208,8 @@
+ 	if (!($a[0] =~ /^[0-9]+$/))
+ 		{
+ 		$a[0] =~ s/-/_/g;
++		if (!defined($obj{$a[0]}))
++			{ die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
+ 		$pref_oid = "OBJ_" . $a[0];
+ 		$pref_sep = ",";
+ 		shift @a;
+Index: crypto/openssl/crypto/objects/objects.txt
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/objects/objects.txt,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 objects.txt
+--- crypto/openssl/crypto/objects/objects.txt	26 Nov 2000 11:33:43 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/objects/objects.txt	31 Jul 2002 00:46:57 -0000
+@@ -1,7 +1,13 @@
+ 1			: ISO			: iso
+ 
++2			: JOINT-ISO-CCITT	: joint-iso-ccitt
++
+ iso 2			: member-body		: ISO Member Body
+ 
++joint-iso-ccitt 5 1 5	: selected-attribute-types	: Selected Attribute Types
++
++selected-attribute-types 55	: clearance
++
+ member-body 840		: ISO-US		: ISO US Member Body
+ ISO-US 10040		: X9-57			: X9.57
+ X9-57 4			: X9cm			: X9.57 CM ?
+@@ -26,6 +32,7 @@
+ pkcs 1			: pkcs1
+ pkcs1 1			:			: rsaEncryption
+ pkcs1 2			: RSA-MD2		: md2WithRSAEncryption
++pkcs1 3			: RSA-MD4		: md4WithRSAEncryption
+ pkcs1 4			: RSA-MD5		: md5WithRSAEncryption
+ pkcs1 5			: RSA-SHA1		: sha1WithRSAEncryption
+ 
+@@ -302,6 +309,9 @@
+ id-pe 7			: sbqp-ipAddrBlock
+ id-pe 8			: sbqp-autonomousSysNum
+ id-pe 9			: sbqp-routerIdentifier
++id-pe 10		: ac-proxying
++!Cname sinfo-access
++id-pe 11		: subjectInfoAccess	: Subject Information Access
+ 
+ # PKIX policyQualifiers for Internet policy qualifiers
+ id-qt 1			: id-qt-cps		: Policy Qualifier CPS
+@@ -396,17 +406,18 @@
+ # personal data attributes
+ id-pda 1		: id-pda-dateOfBirth
+ id-pda 2		: id-pda-placeOfBirth
+-id-pda 3		: id-pda-pseudonym
+-id-pda 4		: id-pda-gender
+-id-pda 5		: id-pda-countryOfCitizenship
+-id-pda 6		: id-pda-countryOfResidence
++id-pda 3		: id-pda-gender
++id-pda 4		: id-pda-countryOfCitizenship
++id-pda 5		: id-pda-countryOfResidence
+ 
+ # attribute certificate attributes
+ id-aca 1		: id-aca-authenticationInfo
+ id-aca 2		: id-aca-accessIdentity
+ id-aca 3		: id-aca-chargingIdentity
+ id-aca 4		: id-aca-group
++# attention : the following seems to be obsolete, replace by 'role'
+ id-aca 5		: id-aca-role
++id-aca 6		: id-aca-encAttrs
+ 
+ # qualified certificate statements
+ id-qcs 1		: id-qcs-pkixQCSyntax-v1
+@@ -496,8 +507,9 @@
+ X509 41			: name			: name
+ X509 42			: G			: givenName
+ X509 43			: I			: initials
+-X509 45			: UID			: uniqueIdentifier
++X509 45			: 			: uniqueIdentifier
+ X509 46			: dnQualifier		: dnQualifier
++X509 72			: role			: role
+ 
+ X500 8			: X500algorithms	: directory services - algorithms
+ X500algorithms 1 1	: RSA			: rsa
+@@ -531,8 +543,14 @@
+ id-ce 32		: certificatePolicies	: X509v3 Certificate Policies
+ !Cname authority-key-identifier
+ id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
++!Cname policy-constraints
++id-ce 36		: policyConstraints	: X509v3 Policy Constraints
+ !Cname ext-key-usage
+ id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
++!Cname target-information
++id-ce 55		: targetInformation	: X509v3 AC Targeting
++!Cname no-rev-avail
++id-ce 56		: noRevAvail		: X509v3 No Revocation Available
+ 
+ !Cname netscape
+ 2 16 840 1 113730	: Netscape		: Netscape Communications Corp.
+@@ -575,10 +593,10 @@
+ internet 6		: snmpv2		: SNMPv2
+ internet 7		: mail			: Mail
+ 
+-private 1		: enterprises		: Enterprises
++Private 1		: enterprises		: Enterprises
+ 
+ # RFC 2247
+-enterprises 1466 344	: dcobject		: dcObject
++Enterprises 1466 344	: dcobject		: dcObject
+ 
+ # Stray OIDs we don't know the full name of each step for
+ # RFC 2247
+cvs diff: Diffing crypto/openssl/crypto/pem
+Index: crypto/openssl/crypto/pem/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/pem/Makefile.save
+diff -N crypto/openssl/crypto/pem/Makefile.save
+--- crypto/openssl/crypto/pem/Makefile.save	26 Nov 2000 11:33:44 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,203 +0,0 @@
+-#
+-# SSLeay/crypto/pem/Makefile
+-#
+-
+-DIR=	pem
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
+-
+-LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= pem.h pem2.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links: $(EXHEADER)
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-pem_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-pem_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pem_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-pem_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+-pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-pem_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-pem_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-pem_all.o: ../cryptlib.h
+-pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pem_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-pem_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-pem_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-pem_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-pem_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-pem_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+-pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+-pem_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-pem_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-pem_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-pem_err.o: ../../include/openssl/x509_vfy.h
+-pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-pem_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-pem_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pem_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-pem_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-pem_info.o: ../../include/openssl/opensslconf.h
+-pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+-pem_info.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+-pem_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-pem_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-pem_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-pem_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-pem_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-pem_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-pem_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-pem_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-pem_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-pem_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+-pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+-pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+-pem_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-pem_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-pem_lib.o: ../cryptlib.h
+-pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-pem_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-pem_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-pem_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-pem_seal.o: ../../include/openssl/opensslconf.h
+-pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+-pem_seal.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+-pem_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+-pem_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-pem_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-pem_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-pem_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-pem_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-pem_seal.o: ../cryptlib.h
+-pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-pem_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-pem_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-pem_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-pem_sign.o: ../../include/openssl/opensslconf.h
+-pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+-pem_sign.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+-pem_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+-pem_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-pem_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-pem_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-pem_sign.o: ../cryptlib.h
+Index: crypto/openssl/crypto/pem/pem.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/pem/pem.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 pem.h
+--- crypto/openssl/crypto/pem/pem.h	26 Nov 2000 11:33:44 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/pem/pem.h	31 Jul 2002 00:46:57 -0000
+@@ -524,8 +524,6 @@
+ int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+ 		unsigned int *siglen, EVP_PKEY *pkey);
+ 
+-void	ERR_load_PEM_strings(void);
+-
+ void	PEM_proc_type(char *buf, int type);
+ void	PEM_dek_info(char *buf, const char *type, int len, char *str);
+ 
+@@ -614,6 +612,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_PEM_strings(void);
+ 
+ /* Error codes for the PEM functions. */
+ 
+@@ -664,4 +663,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/pem/pem2.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/pem/pem2.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 pem2.h
+--- crypto/openssl/crypto/pem/pem2.h	26 Nov 2000 11:33:44 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/pem/pem2.h	31 Jul 2002 00:46:57 -0000
+@@ -61,7 +61,9 @@
+ extern "C" {
+ #endif
+ 
++#ifndef HEADER_PEM_H
+ void ERR_load_PEM_strings(void);
++#endif
+ 
+ #ifdef __cplusplus
+ }
+Index: crypto/openssl/crypto/pem/pem_info.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/pem/pem_info.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 pem_info.c
+--- crypto/openssl/crypto/pem/pem_info.c	4 Jul 2001 23:19:31 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/pem/pem_info.c	31 Jul 2002 00:46:57 -0000
+@@ -326,7 +326,7 @@
+ 			/* create the right magic header stuff */
+ 			buf[0]='\0';
+ 			PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+-			PEM_dek_info(buf,objstr,8,(char *)iv);
++			PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
+ 
+ 			/* use the normal code to write things out */
+ 			i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
+@@ -346,7 +346,7 @@
+ 		}
+ 
+ 	/* if we have a certificate then write it out now */
+-	if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0))
++	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
+ 		goto err;
+ 
+ 	/* we are ignoring anything else that is loaded into the X509_INFO
+Index: crypto/openssl/crypto/pem/pem_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/pem/pem_lib.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 pem_lib.c
+--- crypto/openssl/crypto/pem/pem_lib.c	26 Nov 2000 11:33:44 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/pem/pem_lib.c	31 Jul 2002 00:46:57 -0000
+@@ -258,6 +258,7 @@
+ 			PKCS8_PRIV_KEY_INFO *p8inf;
+ 			p8inf=d2i_PKCS8_PRIV_KEY_INFO(
+ 					(PKCS8_PRIV_KEY_INFO **) x, &p, len);
++			if(!p8inf) goto p8err;
+ 			ret = (char *)EVP_PKCS82PKEY(p8inf);
+ 			PKCS8_PRIV_KEY_INFO_free(p8inf);
+ 		} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
+@@ -373,7 +374,7 @@
+ 			kstr=(unsigned char *)buf;
+ 			}
+ 		RAND_add(data,i,0);/* put in the RSA key. */
+-		if (RAND_pseudo_bytes(iv,8) < 0)	/* Generate a salt */
++		if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
+ 			goto err;
+ 		/* The 'iv' is used as the iv and as a salt.  It is
+ 		 * NOT taken from the BytesToKey function */
+@@ -383,7 +384,7 @@
+ 
+ 		buf[0]='\0';
+ 		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+-		PEM_dek_info(buf,objstr,8,(char *)iv);
++		PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
+ 		/* k=strlen(buf); */
+ 	
+ 		EVP_EncryptInit(&ctx,enc,key,iv);
+@@ -506,7 +507,7 @@
+ 		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
+ 		return(0);
+ 		}
+-	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0);
++	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0);
+ 
+ 	return(1);
+ 	}
+cvs diff: Diffing crypto/openssl/crypto/perlasm
+Index: crypto/openssl/crypto/perlasm/x86nasm.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/perlasm/x86nasm.pl,v
+retrieving revision 1.1.1.1
+diff -u -r1.1.1.1 x86nasm.pl
+--- crypto/openssl/crypto/perlasm/x86nasm.pl	10 Jan 2000 06:21:45 -0000	1.1.1.1
++++ crypto/openssl/crypto/perlasm/x86nasm.pl	31 Jul 2002 00:46:57 -0000
+@@ -209,7 +209,7 @@
+ 
+ sub main'file
+ 	{
+-	push(@out, "segment .text\n");
++	push(@out, "segment .text use32\n");
+ 	}
+ 
+ sub main'function_begin
+Index: crypto/openssl/crypto/perlasm/x86unix.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/perlasm/x86unix.pl,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 x86unix.pl
+--- crypto/openssl/crypto/perlasm/x86unix.pl	20 Aug 2000 08:46:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/perlasm/x86unix.pl	31 Jul 2002 00:46:58 -0000
+@@ -79,7 +79,7 @@
+ 	local($addr,$reg1,$reg2,$idx)=@_;
+ 
+ 	$ret="";
+-	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
++	$addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
+ 	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+ 	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+ 	$ret.=$addr if ($addr ne "") && ($addr ne 0);
+cvs diff: Diffing crypto/openssl/crypto/pkcs12
+Index: crypto/openssl/crypto/pkcs12/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/pkcs12/Makefile.save
+diff -N crypto/openssl/crypto/pkcs12/Makefile.save
+--- crypto/openssl/crypto/pkcs12/Makefile.save	20 Aug 2000 08:48:43 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,363 +0,0 @@
+-#
+-# SSLeay/crypto/pkcs12/Makefile
+-#
+-
+-DIR=	pkcs12
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC= p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \
+-	p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c\
+-	p12_sbag.c p12_utl.c p12_npas.c pk12err.c
+-LIBOBJ= p12_add.o p12_attr.o p12_bags.o p12_crpt.o p12_crt.o p12_decr.o \
+-	p12_init.o p12_key.o p12_kiss.o p12_lib.o p12_mac.o p12_mutl.o\
+-	p12_sbag.o p12_utl.o p12_npas.o pk12err.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER=  pkcs12.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-test:
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-p12_add.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_add.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_add.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p12_add.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p12_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p12_add.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_add.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-p12_add.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_add.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_add.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_add.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p12_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p12_attr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p12_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_attr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-p12_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p12_bags.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p12_bags.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p12_bags.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p12_bags.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p12_bags.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p12_bags.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p12_bags.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p12_bags.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p12_bags.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-p12_bags.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-p12_bags.o: ../../include/openssl/opensslconf.h
+-p12_bags.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_bags.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_bags.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_bags.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_bags.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_bags.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_bags.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p12_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p12_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p12_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_crpt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-p12_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p12_crt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p12_crt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p12_crt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_crt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-p12_crt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_crt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_crt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p12_decr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_decr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_decr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p12_decr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p12_decr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p12_decr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_decr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-p12_decr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_decr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_decr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_decr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p12_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p12_init.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p12_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_init.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-p12_init.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_init.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_init.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_init.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p12_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p12_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p12_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_key.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-p12_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_key.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p12_kiss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_kiss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_kiss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p12_kiss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p12_kiss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p12_kiss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_kiss.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-p12_kiss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_kiss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_kiss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_kiss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p12_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p12_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p12_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p12_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p12_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p12_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p12_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p12_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p12_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-p12_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-p12_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-p12_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+-p12_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p12_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p12_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p12_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p12_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-p12_lib.o: ../cryptlib.h
+-p12_mac.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p12_mac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p12_mac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p12_mac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p12_mac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p12_mac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p12_mac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p12_mac.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p12_mac.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-p12_mac.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-p12_mac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-p12_mac.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+-p12_mac.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p12_mac.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p12_mac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p12_mac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p12_mac.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-p12_mac.o: ../cryptlib.h
+-p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_mutl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p12_mutl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p12_mutl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p12_mutl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+-p12_mutl.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-p12_mutl.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-p12_mutl.o: ../../include/openssl/opensslconf.h
+-p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_mutl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+-p12_mutl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-p12_mutl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-p12_mutl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-p12_mutl.o: ../cryptlib.h
+-p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_npas.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_npas.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p12_npas.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p12_npas.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+-p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_npas.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-p12_npas.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+-p12_npas.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+-p12_npas.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_npas.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_npas.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_npas.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_npas.o: ../../include/openssl/x509_vfy.h
+-p12_sbag.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-p12_sbag.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-p12_sbag.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-p12_sbag.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-p12_sbag.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-p12_sbag.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-p12_sbag.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-p12_sbag.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-p12_sbag.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-p12_sbag.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-p12_sbag.o: ../../include/openssl/opensslconf.h
+-p12_sbag.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_sbag.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_sbag.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_sbag.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_sbag.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_sbag.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_sbag.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-p12_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-p12_utl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-p12_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-p12_utl.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-p12_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-p12_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-p12_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pk12err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pk12err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-pk12err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-pk12err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+-pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pk12err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-pk12err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+-pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-pk12err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-pk12err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-pk12err.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-pk12err.o: ../../include/openssl/x509_vfy.h
+Index: crypto/openssl/crypto/pkcs12/pkcs12.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/pkcs12/pkcs12.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 pkcs12.h
+--- crypto/openssl/crypto/pkcs12/pkcs12.h	4 Jul 2001 23:19:31 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/pkcs12/pkcs12.h	31 Jul 2002 00:46:58 -0000
+@@ -141,8 +141,8 @@
+ #define PKCS12_ERROR	0
+ #define PKCS12_OK	1
+ 
+-#define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type)
+-#define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type)
++#define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
++#define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
+ #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
+ 
+ #define M_PKCS12_x5092certbag(x509) \
+@@ -267,7 +267,6 @@
+ PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
+ 								 long length);
+ void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
+-void ERR_load_PKCS12_strings(void);
+ void PKCS12_PBE_add(void);
+ int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+ 		 STACK_OF(X509) **ca);
+@@ -284,6 +283,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_PKCS12_strings(void);
+ 
+ /* Error codes for the PKCS12 functions. */
+ 
+@@ -342,4 +342,3 @@
+ }
+ #endif
+ #endif
+-
+cvs diff: Diffing crypto/openssl/crypto/pkcs7
+Index: crypto/openssl/crypto/pkcs7/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/pkcs7/Makefile.save
+diff -N crypto/openssl/crypto/pkcs7/Makefile.save
+--- crypto/openssl/crypto/pkcs7/Makefile.save	20 Aug 2000 08:48:43 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,202 +0,0 @@
+-#
+-# SSLeay/crypto/pkcs7/Makefile
+-#
+-
+-DIR=	pkcs7
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-PEX_LIBS=
+-EX_LIBS=
+- 
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile README
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=	pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c pk7_mime.c
+-LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o pk7_mime.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER=  pkcs7.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-test:
+-
+-all:	lib
+-
+-testapps: enc dec sign verify
+-
+-enc: enc.o lib
+-	$(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+-
+-dec: dec.o lib
+-	$(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+-
+-sign: sign.o lib
+-	$(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+-
+-verify: verify.o example.o lib
+-	$(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pk7_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pk7_attr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-pk7_attr.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-pk7_attr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+-pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pk7_attr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-pk7_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+-pk7_attr.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+-pk7_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-pk7_attr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-pk7_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-pk7_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-pk7_doit.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-pk7_doit.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+-pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-pk7_doit.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-pk7_doit.o: ../cryptlib.h
+-pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-pk7_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-pk7_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-pk7_lib.o: ../cryptlib.h
+-pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pk7_mime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-pk7_mime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-pk7_mime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-pk7_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pk7_mime.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-pk7_mime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-pk7_mime.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+-pk7_mime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-pk7_mime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-pk7_smime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-pk7_smime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pk7_smime.o: ../../include/openssl/objects.h
+-pk7_smime.o: ../../include/openssl/opensslconf.h
+-pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-pk7_smime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-pk7_smime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-pk7_smime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-pkcs7err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-pkcs7err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-pkcs7err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-pkcs7err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+-pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pkcs7err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-pkcs7err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pkcs7err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-pkcs7err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-pkcs7err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-pkcs7err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-pkcs7err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-pkcs7err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+Index: crypto/openssl/crypto/pkcs7/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/pkcs7/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/crypto/pkcs7/Makefile.ssl	4 Jul 2001 23:19:32 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/pkcs7/Makefile.ssl	31 Jul 2002 00:46:58 -0000
+@@ -123,13 +123,12 @@
+ pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ pk7_doit.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-pk7_doit.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pk7_doit.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-pk7_doit.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-pk7_doit.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-pk7_doit.o: ../../include/openssl/opensslconf.h
++pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++pk7_doit.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++pk7_doit.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+ pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+@@ -183,12 +182,12 @@
+ pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ pk7_smime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-pk7_smime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-pk7_smime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-pk7_smime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-pk7_smime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++pk7_smime.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++pk7_smime.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++pk7_smime.o: ../../include/openssl/objects.h
+ pk7_smime.o: ../../include/openssl/opensslconf.h
+ pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ pk7_smime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+Index: crypto/openssl/crypto/pkcs7/README
+===================================================================
+RCS file: crypto/openssl/crypto/pkcs7/README
+diff -N crypto/openssl/crypto/pkcs7/README
+--- crypto/openssl/crypto/pkcs7/README	10 Jan 2000 06:21:47 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,5 +0,0 @@
+-WARNING
+-
+-Everything in this directory is experimental and is subject to change.
+-
+-Do not rely on the stuff in here not changing in the next release
+Index: crypto/openssl/crypto/pkcs7/pk7_attr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/pkcs7/pk7_attr.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 pk7_attr.c
+--- crypto/openssl/crypto/pkcs7/pk7_attr.c	26 Nov 2000 11:33:47 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/pkcs7/pk7_attr.c	31 Jul 2002 00:46:58 -0000
+@@ -1,9 +1,59 @@
+ /* pk7_attr.c */
+-/* S/MIME code.
+- * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com) 
+- * All Rights Reserved. 
+- * Redistribution of this code without the authors permission is expressly
+- * prohibited.
++/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
++ * project 2001.
++ */
++/* ====================================================================
++ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    licensing@OpenSSL.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
+  */
+ 
+ #include <stdio.h>
+Index: crypto/openssl/crypto/pkcs7/pk7_doit.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/pkcs7/pk7_doit.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 pk7_doit.c
+--- crypto/openssl/crypto/pkcs7/pk7_doit.c	4 Jul 2001 23:19:32 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/pkcs7/pk7_doit.c	31 Jul 2002 00:46:58 -0000
+@@ -67,6 +67,38 @@
+ 			 void *value);
+ static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+ 
++static int PKCS7_type_is_other(PKCS7* p7)
++	{
++	int isOther=1;
++	
++	int nid=OBJ_obj2nid(p7->type);
++
++	switch( nid )
++		{
++	case NID_pkcs7_data:
++	case NID_pkcs7_signed:
++	case NID_pkcs7_enveloped:
++	case NID_pkcs7_signedAndEnveloped:
++	case NID_pkcs7_digest:
++	case NID_pkcs7_encrypted:
++		isOther=0;
++		break;
++	default:
++		isOther=1;
++		}
++
++	return isOther;
++
++	}
++
++static int PKCS7_type_is_octet_string(PKCS7* p7)
++	{
++	if ( 0==PKCS7_type_is_other(p7) )
++		return 0;
++
++	return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0;
++	}
++
+ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+ 	{
+ 	int i,j;
+@@ -222,13 +254,20 @@
+ 		if (p7->detached)
+ 			bio=BIO_new(BIO_s_null());
+ 		else {
+-			if (PKCS7_type_is_signed(p7) &&
+-				PKCS7_type_is_data(p7->d.sign->contents)) {
+-				ASN1_OCTET_STRING *os;
+-				os=p7->d.sign->contents->d.data;
+-				if (os->length > 0) bio = 
+-					BIO_new_mem_buf(os->data, os->length);
+-			} 
++			if (PKCS7_type_is_signed(p7) ) { 
++				if ( PKCS7_type_is_data(p7->d.sign->contents)) {
++					ASN1_OCTET_STRING *os;
++					os=p7->d.sign->contents->d.data;
++					if (os->length > 0)
++						bio = BIO_new_mem_buf(os->data, os->length);
++				}
++				else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
++					ASN1_OCTET_STRING *os;
++					os=p7->d.sign->contents->d.other->value.octet_string;
++					if (os->length > 0)
++						bio = BIO_new_mem_buf(os->data, os->length);
++				}
++			}
+ 			if(bio == NULL) {
+ 				bio=BIO_new(BIO_s_mem());
+ 				BIO_set_mem_eof_return(bio,0);
+@@ -558,11 +597,15 @@
+ 				ASN1_UTCTIME *sign_time;
+ 				const EVP_MD *md_tmp;
+ 
+-				/* Add signing time */
+-				sign_time=X509_gmtime_adj(NULL,0);
+-				PKCS7_add_signed_attribute(si,
+-					NID_pkcs9_signingTime,
+-					V_ASN1_UTCTIME,sign_time);
++				/* Add signing time if not already present */
++				if (!PKCS7_get_signed_attribute(si,
++							NID_pkcs9_signingTime))
++					{
++					sign_time=X509_gmtime_adj(NULL,0);
++					PKCS7_add_signed_attribute(si,
++						NID_pkcs9_signingTime,
++						V_ASN1_UTCTIME,sign_time);
++					}
+ 
+ 				/* Add digest */
+ 				md_tmp=EVP_MD_CTX_md(&ctx_tmp);
+@@ -578,7 +621,7 @@
+ 				x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
+ 					   i2d_X509_ATTRIBUTE,
+ 					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+-				pp=(unsigned char *)OPENSSL_malloc(x);
++				if (!(pp=(unsigned char *)OPENSSL_malloc(x))) goto err;
+ 				p=pp;
+ 				i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
+ 				           i2d_X509_ATTRIBUTE,
+@@ -774,7 +817,7 @@
+ 		 */
+ 		i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE,
+ 			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
+-		pp=OPENSSL_malloc(i);
++		if (!(pp=OPENSSL_malloc(i))) goto err;
+ 		p=pp;
+ 		i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE,
+ 			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
+Index: crypto/openssl/crypto/pkcs7/pkcs7.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/pkcs7/pkcs7.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 pkcs7.h
+--- crypto/openssl/crypto/pkcs7/pkcs7.h	26 Nov 2000 11:33:47 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/pkcs7/pkcs7.h	31 Jul 2002 00:46:58 -0000
+@@ -353,8 +353,6 @@
+ PKCS7			*d2i_PKCS7(PKCS7 **a,
+ 				unsigned char **pp,long length);
+ 
+-void ERR_load_PKCS7_strings(void);
+-
+ 
+ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
+ 
+@@ -422,6 +420,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_PKCS7_strings(void);
+ 
+ /* Error codes for the PKCS7 functions. */
+ 
+@@ -502,4 +501,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/pkcs7/verify.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/pkcs7/verify.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 verify.c
+--- crypto/openssl/crypto/pkcs7/verify.c	20 Aug 2000 08:46:34 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/pkcs7/verify.c	31 Jul 2002 00:46:58 -0000
+@@ -179,10 +179,11 @@
+ 		{
+ 		ASN1_UTCTIME *tm;
+ 		char *str1,*str2;
++		int rc;
+ 
+ 		si=sk_PKCS7_SIGNER_INFO_value(sk,i);
+-		i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+-		if (i <= 0)
++		rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
++		if (rc <= 0)
+ 			goto err;
+ 		printf("signer info\n");
+ 		if ((tm=get_signed_time(si)) != NULL)
+cvs diff: Diffing crypto/openssl/crypto/pkcs7/p7
+cvs diff: Diffing crypto/openssl/crypto/pkcs7/t
+cvs diff: Diffing crypto/openssl/crypto/rand
+Index: crypto/openssl/crypto/rand/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/rand/Makefile.save
+diff -N crypto/openssl/crypto/rand/Makefile.save
+--- crypto/openssl/crypto/rand/Makefile.save	26 Nov 2000 11:33:48 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,107 +0,0 @@
+-#
+-# SSLeay/crypto/rand/Makefile
+-#
+-
+-DIR=	rand
+-TOP=	../..
+-CC=	cc
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST= randtest.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c rand_win.c
+-LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o rand_win.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= rand.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+-md_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-md_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+-md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-md_rand.o: ../../include/openssl/symhacks.h rand_lcl.h
+-rand_egd.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+-rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+-rand_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-rand_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-rand_err.o: ../../include/openssl/symhacks.h
+-rand_lib.o: ../../include/openssl/rand.h
+-rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-rand_win.o: ../cryptlib.h rand_lcl.h
+-randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+-randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-randfile.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-randfile.o: ../../include/openssl/symhacks.h
+Index: crypto/openssl/crypto/rand/md_rand.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rand/md_rand.c,v
+retrieving revision 1.1.1.1.2.4
+diff -u -r1.1.1.1.2.4 md_rand.c
+--- crypto/openssl/crypto/rand/md_rand.c	19 Jul 2001 21:00:45 -0000	1.1.1.1.2.4
++++ crypto/openssl/crypto/rand/md_rand.c	31 Jul 2002 00:46:58 -0000
+@@ -56,7 +56,7 @@
+  * [including the GNU Public Licence.]
+  */
+ /* ====================================================================
+- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -141,10 +141,12 @@
+ static double entropy=0;
+ static int initialized=0;
+ 
+-/* This should be set to 1 only when ssleay_rand_add() is called inside
+-   an already locked state, so it doesn't try to lock and thereby cause
+-   a hang.  And it should always be reset back to 0 before unlocking. */
+-static int add_do_not_lock=0;
++static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
++                                           * holds CRYPTO_LOCK_RAND
++                                           * (to prevent double locking) */
++/* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
++static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
++
+ 
+ #ifdef PREDICT
+ int rand_predictable=0;
+@@ -191,6 +193,7 @@
+ 	long md_c[2];
+ 	unsigned char local_md[MD_DIGEST_LENGTH];
+ 	MD_CTX m;
++	int do_not_lock;
+ 
+ 	/*
+ 	 * (Based on the rand(3) manpage)
+@@ -207,7 +210,17 @@
+          * hash function.
+ 	 */
+ 
+-	if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++	/* check if we already have the lock */
++	if (crypto_lock_rand)
++		{
++		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
++		do_not_lock = (locking_thread == CRYPTO_thread_id());
++		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
++		}
++	else
++		do_not_lock = 0;
++
++	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ 	st_idx=state_index;
+ 
+ 	/* use our own copies of the counters so that even
+@@ -239,7 +252,7 @@
+ 
+ 	md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+ 
+-	if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ 
+ 	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
+ 		{
+@@ -281,7 +294,7 @@
+ 		}
+ 	memset((char *)&m,0,sizeof(m));
+ 
+-	if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+ 	/* Don't just copy back local_md into md -- this could mean that
+ 	 * other thread's seeding remains without effect (except for
+ 	 * the incremented counter).  By XORing it we keep at least as
+@@ -292,7 +305,7 @@
+ 		}
+ 	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+ 	    entropy += add;
+-	if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ 	
+ #if !defined(THREADS) && !defined(WIN32)
+ 	assert(md_c[1] == md_count[1]);
+@@ -340,28 +353,33 @@
+ 	 *
+ 	 * For each group of 10 bytes (or less), we do the following:
+ 	 *
+-	 * Input into the hash function the top 10 bytes from the
+-	 * local 'md' (which is initialized from the global 'md'
+-	 * before any bytes are generated), the bytes that are
+-	 * to be overwritten by the random bytes, and bytes from the
+-	 * 'state' (incrementing looping index).  From this digest output
+-	 * (which is kept in 'md'), the top (up to) 10 bytes are
+-	 * returned to the caller and the bottom (up to) 10 bytes are xored
+-	 * into the 'state'.
++	 * Input into the hash function the local 'md' (which is initialized from
++	 * the global 'md' before any bytes are generated), the bytes that are to
++	 * be overwritten by the random bytes, and bytes from the 'state'
++	 * (incrementing looping index). From this digest output (which is kept
++	 * in 'md'), the top (up to) 10 bytes are returned to the caller and the
++	 * bottom 10 bytes are xored into the 'state'.
++	 * 
+ 	 * Finally, after we have finished 'num' random bytes for the
+ 	 * caller, 'count' (which is incremented) and the local and global 'md'
+ 	 * are fed into the hash function and the results are kept in the
+ 	 * global 'md'.
+ 	 */
+ 
+-	if (!initialized)
+-		RAND_poll();
+-
+ 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+-	add_do_not_lock = 1;	/* Since we call ssleay_rand_add while in
+-				   this locked state. */
+ 
+-	initialized = 1;
++	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
++	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
++	locking_thread = CRYPTO_thread_id();
++	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
++	crypto_lock_rand = 1;
++
++	if (!initialized)
++		{
++		RAND_poll();
++		initialized = 1;
++		}
++	
+ 	if (!stirred_pool)
+ 		do_stir_pool = 1;
+ 	
+@@ -387,11 +405,11 @@
+ 
+ 	if (do_stir_pool)
+ 		{
+-		/* Our output function chains only half of 'md', so we better
+-		 * make sure that the required entropy gets 'evenly distributed'
+-		 * through 'state', our randomness pool.  The input function
+-		 * (ssleay_rand_add) chains all of 'md', which makes it more
+-		 * suitable for this purpose.
++		/* In the output function only half of 'md' remains secret,
++		 * so we better make sure that the required entropy gets
++		 * 'evenly distributed' through 'state', our randomness pool.
++		 * The input function (ssleay_rand_add) chains all of 'md',
++		 * which makes it more suitable for this purpose.
+ 		 */
+ 
+ 		int n = STATE_SIZE; /* so that the complete pool gets accessed */
+@@ -425,8 +443,8 @@
+ 
+ 	md_count[0] += 1;
+ 
+-	add_do_not_lock = 0;	/* If this would ever be forgotten, we can
+-				   expect any evil god to eat our souls. */
++	/* before unlocking, we must clear 'crypto_lock_rand' */
++	crypto_lock_rand = 0;
+ 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ 
+ 	while (num > 0)
+@@ -492,11 +510,12 @@
+ static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
+ 	{
+ 	int ret;
++	unsigned long err;
+ 
+ 	ret = RAND_bytes(buf, num);
+ 	if (ret == 0)
+ 		{
+-		long err = ERR_peek_error();
++		err = ERR_peek_error();
+ 		if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
+ 		    ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
+ 			(void)ERR_get_error();
+@@ -507,14 +526,45 @@
+ static int ssleay_rand_status(void)
+ 	{
+ 	int ret;
++	int do_not_lock;
+ 
++	/* check if we already have the lock
++	 * (could happen if a RAND_poll() implementation calls RAND_status()) */
++	if (crypto_lock_rand)
++		{
++		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
++		do_not_lock = (locking_thread == CRYPTO_thread_id());
++		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
++		}
++	else
++		do_not_lock = 0;
++	
++	if (!do_not_lock)
++		{
++		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++		
++		/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
++		CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
++		locking_thread = CRYPTO_thread_id();
++		CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
++		crypto_lock_rand = 1;
++		}
++	
+ 	if (!initialized)
++		{
+ 		RAND_poll();
++		initialized = 1;
++		}
+ 
+-	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+-	initialized = 1;
+ 	ret = entropy >= ENTROPY_NEEDED;
+-	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+ 
++	if (!do_not_lock)
++		{
++		/* before unlocking, we must clear 'crypto_lock_rand' */
++		crypto_lock_rand = 0;
++		
++		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++		}
++	
+ 	return ret;
+ 	}
+Index: crypto/openssl/crypto/rand/rand.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rand/rand.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 rand.h
+--- crypto/openssl/crypto/rand/rand.h	4 Jul 2001 23:19:33 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/rand/rand.h	31 Jul 2002 00:46:58 -0000
+@@ -93,7 +93,6 @@
+ int RAND_status(void);
+ int RAND_egd(const char *path);
+ int RAND_egd_bytes(const char *path,int bytes);
+-void ERR_load_RAND_strings(void);
+ int RAND_poll(void);
+ 
+ #ifdef  __cplusplus
+@@ -115,10 +114,15 @@
+ #endif
+ #endif
+ 
++#ifdef  __cplusplus
++extern "C" {
++#endif
++
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_RAND_strings(void);
+ 
+ /* Error codes for the RAND functions. */
+ 
+@@ -128,5 +132,7 @@
+ /* Reason codes. */
+ #define RAND_R_PRNG_NOT_SEEDED				 100
+ 
++#ifdef  __cplusplus
++}
++#endif
+ #endif
+-
+Index: crypto/openssl/crypto/rand/rand_egd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rand/rand_egd.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 rand_egd.c
+--- crypto/openssl/crypto/rand/rand_egd.c	4 Jul 2001 23:19:33 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/rand/rand_egd.c	31 Jul 2002 00:46:58 -0000
+@@ -75,7 +75,11 @@
+ #include <sys/types.h>
+ #include <sys/socket.h>
+ #ifndef NO_SYS_UN_H
+-#include <sys/un.h>
++# ifdef VXWORKS
++#   include <streams/un.h>
++# else
++#   include <sys/un.h>
++# endif
+ #else
+ struct	sockaddr_un {
+ 	short	sun_family;		/* AF_UNIX */
+Index: crypto/openssl/crypto/rand/rand_win.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rand/rand_win.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 rand_win.c
+--- crypto/openssl/crypto/rand/rand_win.c	4 Jul 2001 23:19:33 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/rand/rand_win.c	31 Jul 2002 00:46:58 -0000
+@@ -311,7 +311,7 @@
+ 			if (gen(hProvider, sizeof(buf), buf) != 0)
+ 				{
+ 				RAND_add(buf, sizeof(buf), sizeof(buf));
+-#ifdef DEBUG
++#if 0
+ 				printf("randomness from PROV_RSA_FULL\n");
+ #endif
+ 				}
+@@ -324,7 +324,7 @@
+ 			if (gen(hProvider, sizeof(buf), buf) != 0)
+ 				{
+ 				RAND_add(buf, sizeof(buf), sizeof(buf));
+-#ifdef DEBUG
++#if 0
+ 				printf("randomness from PROV_INTEL_SEC\n");
+ #endif
+ 				}
+@@ -510,7 +510,7 @@
+ 		FreeLibrary(kernel);
+ 		}
+ 
+-#ifdef DEBUG
++#if 0
+ 	printf("Exiting RAND_poll\n");
+ #endif
+ 
+Index: crypto/openssl/crypto/rand/randfile.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rand/randfile.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 randfile.c
+--- crypto/openssl/crypto/rand/randfile.c	4 Jul 2001 23:19:33 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/rand/randfile.c	31 Jul 2002 00:46:58 -0000
+@@ -211,6 +211,12 @@
+ 		{
+ 		if (OPENSSL_issetugid() == 0)
+ 			s=getenv("HOME");
++#ifdef DEFAULT_HOME
++		if (s == NULL)
++			{
++			s = DEFAULT_HOME;
++			}
++#endif
+ 		if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
+ 			{
+ 			strcpy(buf,s);
+@@ -220,7 +226,7 @@
+ 			strcat(buf,RFILE);
+ 			ret=buf;
+ 			}
+-		  else
++		else
+ 		  	buf[0] = '\0'; /* no file name */
+ 		}
+ 	return(ret);
+cvs diff: Diffing crypto/openssl/crypto/rc2
+Index: crypto/openssl/crypto/rc2/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/rc2/Makefile.save
+diff -N crypto/openssl/crypto/rc2/Makefile.save
+--- crypto/openssl/crypto/rc2/Makefile.save	20 Aug 2000 08:48:44 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,90 +0,0 @@
+-#
+-# SSLeay/crypto/rc2/Makefile
+-#
+-
+-DIR=	rc2
+-TOP=	../..
+-CC=	cc
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=rc2test.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+-LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= rc2.h
+-HEADER=	rc2_locl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+-rc2_cbc.o: rc2_locl.h
+-rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-rc2_ecb.o: ../../include/openssl/rc2.h rc2_locl.h
+-rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+-rc2_skey.o: rc2_locl.h
+-rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+-rc2cfb64.o: rc2_locl.h
+-rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+-rc2ofb64.o: rc2_locl.h
+Index: crypto/openssl/crypto/rc2/Makefile.uni
+===================================================================
+RCS file: crypto/openssl/crypto/rc2/Makefile.uni
+diff -N crypto/openssl/crypto/rc2/Makefile.uni
+--- crypto/openssl/crypto/rc2/Makefile.uni	10 Jan 2000 06:21:49 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,73 +0,0 @@
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-
+-DIR=    rc2
+-TOP=    .
+-CC=     gcc
+-CFLAG=	-O3 -fomit-frame-pointer
+-
+-CPP=    $(CC) -E
+-INCLUDES=
+-INSTALLTOP=/usr/local/lib
+-MAKE=           make
+-MAKEDEPEND=     makedepend
+-MAKEFILE=       Makefile.uni
+-AR=             ar r
+-RANLIB=         ranlib
+-
+-IDEA_ENC=rc2_cbc.o
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=rc2test
+-APPS=rc2speed
+-
+-LIB=librc2.a
+-LIBSRC=rc2_skey.c rc2_ecb.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+-LIBOBJ=rc2_skey.o rc2_ecb.o $(IDEA_ENC) rc2cfb64.o rc2ofb64.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= rc2.h
+-HEADER= rc2_locl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-all:    $(LIB) $(TEST) $(APPS)
+-
+-$(LIB):    $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-
+-test:	$(TEST)
+-	./$(TEST)
+-
+-$(TEST): $(TEST).c $(LIB)
+-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+-
+-$(APPS): $(APPS).c $(LIB)
+-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-cc:
+-	$(MAKE) CC="cc" CFLAG="-O" all
+-
+-gcc:
+-	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+cvs diff: Diffing crypto/openssl/crypto/rc4
+Index: crypto/openssl/crypto/rc4/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/rc4/Makefile.save
+diff -N crypto/openssl/crypto/rc4/Makefile.save
+--- crypto/openssl/crypto/rc4/Makefile.save	26 Nov 2000 11:33:50 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,114 +0,0 @@
+-#
+-# SSLeay/crypto/rc4/Makefile
+-#
+-
+-DIR=	rc4
+-TOP=	../..
+-CC=	cc
+-CPP=    $(CC) -E
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-RC4_ENC=rc4_enc.o
+-# or use
+-#RC4_ENC=asm/rx86-elf.o
+-#RC4_ENC=asm/rx86-out.o
+-#RC4_ENC=asm/rx86-sol.o
+-#RC4_ENC=asm/rx86bdsi.o
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=rc4test.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=rc4_skey.c rc4_enc.c
+-LIBOBJ=rc4_skey.o $(RC4_ENC)
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= rc4.h
+-HEADER=	$(EXHEADER) rc4_locl.h
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-# elf
+-asm/rx86-elf.o: asm/rx86unix.cpp
+-	$(CPP) -DELF -x c asm/rx86unix.cpp | as -o asm/rx86-elf.o
+-
+-# solaris
+-asm/rx86-sol.o: asm/rx86unix.cpp
+-	$(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+-	as -o asm/rx86-sol.o asm/rx86-sol.s
+-	rm -f asm/rx86-sol.s
+-
+-# a.out
+-asm/rx86-out.o: asm/rx86unix.cpp
+-	$(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+-
+-# bsdi
+-asm/rx86bsdi.o: asm/rx86unix.cpp
+-	$(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o
+-
+-asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
+-	(cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h
+-rc4_enc.o: rc4_locl.h
+-rc4_skey.o: ../../include/openssl/opensslconf.h
+-rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
+-rc4_skey.o: rc4_locl.h
+Index: crypto/openssl/crypto/rc4/Makefile.uni
+===================================================================
+RCS file: crypto/openssl/crypto/rc4/Makefile.uni
+diff -N crypto/openssl/crypto/rc4/Makefile.uni
+--- crypto/openssl/crypto/rc4/Makefile.uni	10 Jan 2000 06:21:50 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,103 +0,0 @@
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-# make x86-elf  - linux-elf etc
+-# make x86-out  - linux-a.out, FreeBSD etc
+-# make x86-solaris
+-# make x86-bdsi
+-
+-DIR=    rc4
+-TOP=    .
+-CC=     gcc
+-CFLAG=	-O3 -fomit-frame-pointer
+-
+-CPP=    $(CC) -E
+-INCLUDES=
+-INSTALLTOP=/usr/local/lib
+-MAKE=           make
+-MAKEDEPEND=     makedepend
+-MAKEFILE=       Makefile.uni
+-AR=             ar r
+-RANLIB=         ranlib
+-
+-RC4_ENC=rc4_enc.o
+-# or use
+-#RC4_ENC=asm/rx86-elf.o
+-#RC4_ENC=asm/rx86-out.o
+-#RC4_ENC=asm/rx86-sol.o
+-#RC4_ENC=asm/rx86bdsi.o
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=rc4test
+-APPS=rc4speed
+-
+-LIB=librc4.a
+-LIBSRC=rc4_skey.c rc4_enc.c
+-LIBOBJ=rc4_skey.o $(RC4_ENC)
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= rc4.h
+-HEADER= $(EXHEADER) rc4_locl.h
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-all:    $(LIB) $(TEST) $(APPS)
+-
+-$(LIB):    $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-
+-# elf
+-asm/rx86-elf.o: asm/rx86unix.cpp
+-	$(CPP) -DELF asm/rx86unix.cpp | as -o asm/rx86-elf.o
+-
+-# solaris
+-asm/rx86-sol.o: asm/rx86unix.cpp
+-	$(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+-	as -o asm/rx86-sol.o asm/rx86-sol.s
+-	rm -f asm/rx86-sol.s
+-
+-# a.out
+-asm/rx86-out.o: asm/rx86unix.cpp
+-	$(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+-
+-# bsdi
+-asm/rx86bsdi.o: asm/rx86unix.cpp
+-	$(CPP) -DBSDI asm/rx86unix.cpp | as -o asm/rx86bsdi.o
+-
+-asm/rx86unix.cpp:
+-	(cd asm; perl rc4-586.pl cpp >rx86unix.cpp)
+-
+-test:	$(TEST)
+-	./$(TEST)
+-
+-$(TEST): $(TEST).c $(LIB)
+-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+-
+-$(APPS): $(APPS).c $(LIB)
+-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-cc:
+-	$(MAKE) CC="cc" CFLAG="-O" all
+-
+-gcc:
+-	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+cvs diff: Diffing crypto/openssl/crypto/rc4/asm
+cvs diff: Diffing crypto/openssl/crypto/rc5
+Index: crypto/openssl/crypto/rc5/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/rc5/Makefile.save
+diff -N crypto/openssl/crypto/rc5/Makefile.save
+--- crypto/openssl/crypto/rc5/Makefile.save	20 Aug 2000 08:48:44 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,112 +0,0 @@
+-#
+-# SSLeay/crypto/rc5/Makefile
+-#
+-
+-DIR=	rc5
+-TOP=	../..
+-CC=	cc
+-CPP=	$(CC) -E
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-RC5_ENC=		rc5_enc.o
+-# or use
+-#DES_ENC=	r586-elf.o
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=rc5test.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c 
+-LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= rc5.h
+-HEADER=	rc5_locl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-# elf
+-asm/r586-elf.o: asm/r586unix.cpp
+-	$(CPP) -DELF -x c asm/r586unix.cpp | as -o asm/r586-elf.o
+-
+-# solaris
+-asm/r586-sol.o: asm/r586unix.cpp
+-	$(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s
+-	as -o asm/r586-sol.o asm/r586-sol.s
+-	rm -f asm/r586-sol.s
+-
+-# a.out
+-asm/r586-out.o: asm/r586unix.cpp
+-	$(CPP) -DOUT asm/r586unix.cpp | as -o asm/r586-out.o
+-
+-# bsdi
+-asm/r586bsdi.o: asm/r586unix.cpp
+-	$(CPP) -DBSDI asm/r586unix.cpp | sed 's/ :/:/' | as -o asm/r586bsdi.o
+-
+-asm/r586unix.cpp: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+-	(cd asm; $(PERL) rc5-586.pl cpp >r586unix.cpp)
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
+-rc5_ecb.o: rc5_locl.h
+-rc5_enc.o: ../../include/openssl/rc5.h rc5_locl.h
+-rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h
+-rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h
+-rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h
+Index: crypto/openssl/crypto/rc5/Makefile.uni
+===================================================================
+RCS file: crypto/openssl/crypto/rc5/Makefile.uni
+diff -N crypto/openssl/crypto/rc5/Makefile.uni
+--- crypto/openssl/crypto/rc5/Makefile.uni	10 Jan 2000 06:21:50 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,73 +0,0 @@
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-
+-DIR=    rc2
+-TOP=    .
+-CC=     gcc
+-CFLAG=	-O3 -fomit-frame-pointer
+-
+-CPP=    $(CC) -E
+-INCLUDES=
+-INSTALLTOP=/usr/local/lib
+-MAKE=           make
+-MAKEDEPEND=     makedepend
+-MAKEFILE=       Makefile.uni
+-AR=             ar r
+-RANLIB=         ranlib
+-
+-IDEA_ENC=rc2_cbc.o
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=rc2test
+-APPS=rc2speed
+-
+-LIB=librc2.a
+-LIBSRC=rc2_skey.c rc2_ecb.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+-LIBOBJ=rc2_skey.o rc2_ecb.o $(IDEA_ENC) rc2cfb64.o rc2ofb64.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= rc2.h
+-HEADER= rc2_locl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-all:    $(LIB) $(TEST) $(APPS)
+-
+-$(LIB):    $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-
+-test:	$(TEST)
+-	./$(TEST)
+-
+-$(TEST): $(TEST).c $(LIB)
+-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+-
+-$(APPS): $(APPS).c $(LIB)
+-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-cc:
+-	$(MAKE) CC="cc" CFLAG="-O" all
+-
+-gcc:
+-	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+cvs diff: Diffing crypto/openssl/crypto/rc5/asm
+cvs diff: Diffing crypto/openssl/crypto/ripemd
+Index: crypto/openssl/crypto/ripemd/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/ripemd/Makefile.save
+diff -N crypto/openssl/crypto/ripemd/Makefile.save
+--- crypto/openssl/crypto/ripemd/Makefile.save	26 Nov 2000 11:33:51 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,108 +0,0 @@
+-#
+-# SSLeay/crypto/ripemd/Makefile
+-#
+-
+-DIR=    ripemd
+-TOP=    ../..
+-CC=     cc
+-CPP=    $(CC) -E
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=           make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=       Makefile.ssl
+-AR=             ar r
+-
+-RIP_ASM_OBJ=
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=rmdtest.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=rmd_dgst.c rmd_one.c
+-LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= ripemd.h
+-HEADER= rmd_locl.h rmdconst.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:    lib
+-
+-lib:    $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-# elf
+-asm/rm86-elf.o: asm/rm86unix.cpp
+-	$(CPP) -DELF -x c asm/rm86unix.cpp | as -o asm/rm86-elf.o
+-
+-# solaris
+-asm/rm86-sol.o: asm/rm86unix.cpp
+-	$(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s
+-	as -o asm/rm86-sol.o asm/rm86-sol.s
+-	rm -f asm/rm86-sol.s
+-
+-# a.out
+-asm/rm86-out.o: asm/rm86unix.cpp
+-	$(CPP) -DOUT asm/rm86unix.cpp | as -o asm/rm86-out.o
+-
+-# bsdi
+-asm/rm86bsdi.o: asm/rm86unix.cpp
+-	$(CPP) -DBSDI asm/rm86unix.cpp | sed 's/ :/:/' | as -o asm/rm86bsdi.o
+-
+-asm/rm86unix.cpp: asm/rmd-586.pl ../perlasm/x86asm.pl
+-	(cd asm; $(PERL) rmd-586.pl cpp >rm86unix.cpp)
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-rmd_dgst.o: ../../include/openssl/opensslconf.h
+-rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+-rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
+-rmd_one.o: ../../include/openssl/ripemd.h
+Index: crypto/openssl/crypto/ripemd/Makefile.uni
+===================================================================
+RCS file: crypto/openssl/crypto/ripemd/Makefile.uni
+diff -N crypto/openssl/crypto/ripemd/Makefile.uni
+--- crypto/openssl/crypto/ripemd/Makefile.uni	10 Jan 2000 06:21:51 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,109 +0,0 @@
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-# make x86-elf  - linux-elf etc
+-# make x86-out  - linux-a.out, FreeBSD etc
+-# make x86-solaris
+-# make x86-bdsi
+-
+-DIR=    md5
+-TOP=    .
+-CC=     gcc
+-CFLAG=	-O3 -fomit-frame-pointer
+-
+-CPP=    $(CC) -E
+-INCLUDES=
+-INSTALLTOP=/usr/local/lib
+-MAKE=           make
+-MAKEDEPEND=     makedepend
+-MAKEFILE=       Makefile.uni
+-AR=             ar r
+-
+-MD5_ASM_OBJ=
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=md5test
+-APPS=md5
+-
+-LIB=libmd5.a
+-LIBSRC=md5_dgst.c md5_one.c
+-LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= md5.h
+-HEADER= md5_locl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-all:    $(LIB) $(TEST) $(APPS)
+-
+-$(LIB):    $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-
+-# elf
+-asm/mx86-elf.o: asm/mx86unix.cpp
+-	$(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
+-
+-# solaris
+-asm/mx86-sol.o: asm/mx86unix.cpp
+-	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+-	as -o asm/mx86-sol.o asm/mx86-sol.s
+-	rm -f asm/mx86-sol.s
+-
+-# a.out
+-asm/mx86-out.o: asm/mx86unix.cpp
+-	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+-
+-# bsdi
+-asm/mx86bsdi.o: asm/mx86unix.cpp
+-	$(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
+-
+-asm/mx86unix.cpp:
+-	(cd asm; perl md5-586.pl cpp >mx86unix.cpp)
+-
+-test:	$(TEST)
+-	./$(TEST)
+-
+-$(TEST): $(TEST).c $(LIB)
+-	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+-
+-$(APPS): $(APPS).c $(LIB)
+-	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-cc:
+-	$(MAKE) MD5_ASM_OBJ="" CC="cc" CFLAG="-O" all
+-
+-gcc:
+-	$(MAKE) MD5_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+-
+-x86-elf:
+-	$(MAKE) MD5_ASM_OBJ="asm/mx86-elf.o" CFLAG="-DELF -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-x86-out:
+-	$(MAKE) MD5_ASM_OBJ="asm/mx86-out.o" CFLAG="-DOUT -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-x86-solaris:
+-	$(MAKE) MD5_ASM_OBJ="asm/mx86-sol.o" CFLAG="-DSOL -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-x86-bdsi:
+-	$(MAKE) MD5_ASM_OBJ="asm/mx86-bdsi.o" CFLAG="-DBDSI -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+Index: crypto/openssl/crypto/ripemd/rmd_locl.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/ripemd/rmd_locl.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 rmd_locl.h
+--- crypto/openssl/crypto/ripemd/rmd_locl.h	20 Aug 2000 08:46:39 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/ripemd/rmd_locl.h	31 Jul 2002 00:46:58 -0000
+@@ -71,7 +71,7 @@
+  *					<appro@fy.chalmers.se>
+  */
+ #ifdef RMD160_ASM
+-# if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
++# if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+ #  define ripemd160_block_host_order ripemd160_block_asm_host_order
+ # endif
+ #endif
+@@ -79,7 +79,7 @@
+ void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num);
+ void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num);
+ 
+-#if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
++#if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+ #define ripemd160_block_data_order ripemd160_block_host_order
+ #endif
+ 
+cvs diff: Diffing crypto/openssl/crypto/ripemd/asm
+cvs diff: Diffing crypto/openssl/crypto/rsa
+Index: crypto/openssl/crypto/rsa/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/rsa/Makefile.save
+diff -N crypto/openssl/crypto/rsa/Makefile.save
+--- crypto/openssl/crypto/rsa/Makefile.save	26 Nov 2000 11:33:51 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,199 +0,0 @@
+-#
+-# SSLeay/crypto/rsa/Makefile
+-#
+-
+-DIR=	rsa
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=rsa_test.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+-	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c
+-LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
+-	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= rsa.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-rsa_chk.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-rsa_chk.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+-rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+-rsa_chk.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-rsa_chk.o: ../../include/openssl/symhacks.h
+-rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-rsa_eay.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+-rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-rsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+-rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+-rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-rsa_err.o: ../../include/openssl/symhacks.h
+-rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-rsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-rsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-rsa_gen.o: ../cryptlib.h
+-rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-rsa_lib.o: ../cryptlib.h
+-rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-rsa_none.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-rsa_none.o: ../../include/openssl/opensslconf.h
+-rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-rsa_none.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-rsa_none.o: ../cryptlib.h
+-rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-rsa_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-rsa_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-rsa_null.o: ../../include/openssl/opensslconf.h
+-rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-rsa_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-rsa_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-rsa_null.o: ../cryptlib.h
+-rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-rsa_oaep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-rsa_oaep.o: ../../include/openssl/opensslconf.h
+-rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+-rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-rsa_oaep.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-rsa_oaep.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-rsa_pk1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-rsa_pk1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+-rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h
+-rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-rsa_saos.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-rsa_saos.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-rsa_saos.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-rsa_saos.o: ../../include/openssl/opensslconf.h
+-rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-rsa_saos.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-rsa_saos.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-rsa_saos.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-rsa_saos.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-rsa_saos.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-rsa_saos.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-rsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-rsa_sign.o: ../../include/openssl/opensslconf.h
+-rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+-rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+-rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+-rsa_ssl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+-rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+-rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h
+Index: crypto/openssl/crypto/rsa/rsa.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa.h,v
+retrieving revision 1.2.2.4
+diff -u -r1.2.2.4 rsa.h
+--- crypto/openssl/crypto/rsa/rsa.h	4 Jul 2001 23:19:36 -0000	1.2.2.4
++++ crypto/openssl/crypto/rsa/rsa.h	31 Jul 2002 02:38:42 -0000
+@@ -102,9 +102,14 @@
+  * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
+  * option is set in 'flags'.
+  */
+-	int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
++
++/* changed m_len to m_length to avoid a conflict with a #define in
++   vxworks for m_len for the mbuf code.  This only shows up in apps
++   that have USE_SOCKETS defined */
++
++	int (*rsa_sign)(int type, unsigned char *m, unsigned int m_length,
+              unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+-	int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len,
++	int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_length,
+              unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ 
+ 	} RSA_METHOD;
+@@ -203,8 +208,6 @@
+ 
+ RSA_METHOD *RSA_null_method(void);
+ 
+-void	ERR_load_RSA_strings(void );
+-
+ RSA *	d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+ int	i2d_RSAPublicKey(RSA *a, unsigned char **pp);
+ RSA *	d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+@@ -229,16 +232,16 @@
+ 
+ /* The following 2 functions sign and verify a X509_SIG ASN1 object
+  * inside PKCS#1 padded RSA encryption */
+-int RSA_sign(int type, unsigned char *m, unsigned int m_len,
++int RSA_sign(int type, unsigned char *m, unsigned int m_length,
+ 	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+-int RSA_verify(int type, unsigned char *m, unsigned int m_len,
++int RSA_verify(int type, unsigned char *m, unsigned int m_length,
+ 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ 
+ /* The following 2 function sign and verify a ASN1_OCTET_STRING
+  * object inside PKCS#1 padded RSA encryption */
+-int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
++int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_length,
+ 	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+-int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
++int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_length,
+ 	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ 
+ int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+@@ -276,6 +279,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_RSA_strings(void);
+ 
+ /* Error codes for the RSA functions. */
+ 
+@@ -317,6 +321,7 @@
+ #define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
+ #define RSA_R_DATA_TOO_LARGE				 109
+ #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
++#define RSA_R_DATA_TOO_LARGE_FOR_MODULUS		 132
+ #define RSA_R_DATA_TOO_SMALL				 111
+ #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122
+ #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
+@@ -343,4 +348,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/rsa/rsa_eay.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_eay.c,v
+retrieving revision 1.2.4.2
+diff -u -r1.2.4.2 rsa_eay.c
+--- crypto/openssl/crypto/rsa/rsa_eay.c	4 Jul 2001 23:19:36 -0000	1.2.4.2
++++ crypto/openssl/crypto/rsa/rsa_eay.c	31 Jul 2002 02:38:58 -0000
+@@ -79,8 +79,8 @@
+ static RSA_METHOD rsa_pkcs1_eay_meth={
+ 	"Eric Young's PKCS#1 RSA",
+ 	RSA_eay_public_encrypt,
+-	RSA_eay_public_decrypt,
+-	RSA_eay_private_encrypt,
++	RSA_eay_public_decrypt, /* signature verification */
++	RSA_eay_private_encrypt, /* signing */
+ 	RSA_eay_private_decrypt,
+ 	RSA_eay_mod_exp,
+ 	BN_mod_exp_mont,
+@@ -137,6 +137,13 @@
+ 
+ 	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+ 	
++	if (BN_ucmp(&f, rsa->n) >= 0)
++		{	
++		/* usually the padding functions would catch this */
++		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
++		goto err;
++		}
++
+ 	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+ 		{
+ 		BN_MONT_CTX* bn_mont_ctx;
+@@ -184,6 +191,7 @@
+ 	return(r);
+ 	}
+ 
++/* signing */
+ static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+ 	     unsigned char *to, RSA *rsa, int padding)
+ 	{
+@@ -219,6 +227,13 @@
+ 	if (i <= 0) goto err;
+ 
+ 	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
++	
++	if (BN_ucmp(&f, rsa->n) >= 0)
++		{	
++		/* usually the padding functions would catch this */
++		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
++		goto err;
++		}
+ 
+ 	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+ 		RSA_blinding_on(rsa,ctx);
+@@ -293,6 +308,12 @@
+ 	/* make data into a big number */
+ 	if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
+ 
++	if (BN_ucmp(&f, rsa->n) >= 0)
++		{
++		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
++		goto err;
++		}
++
+ 	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+ 		RSA_blinding_on(rsa,ctx);
+ 	if (rsa->flags & RSA_FLAG_BLINDING)
+@@ -353,6 +374,7 @@
+ 	return(r);
+ 	}
+ 
++/* signature verification */
+ static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+ 	     unsigned char *to, RSA *rsa, int padding)
+ 	{
+@@ -384,6 +406,13 @@
+ 		}
+ 
+ 	if (BN_bin2bn(from,flen,&f) == NULL) goto err;
++
++	if (BN_ucmp(&f, rsa->n) >= 0)
++		{
++		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
++		goto err;
++		}
++
+ 	/* do the decrypt */
+ 	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+ 		{
+@@ -448,10 +477,10 @@
+ 	int ret=0;
+ 	BN_CTX *ctx;
+ 
+-	if ((ctx=BN_CTX_new()) == NULL) goto err;
+ 	BN_init(&m1);
+ 	BN_init(&r1);
+ 	BN_init(&vrfy);
++	if ((ctx=BN_CTX_new()) == NULL) goto err;
+ 
+ 	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
+ 		{
+Index: crypto/openssl/crypto/rsa/rsa_err.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_err.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 rsa_err.c
+--- crypto/openssl/crypto/rsa/rsa_err.c	20 Aug 2000 08:46:40 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/rsa/rsa_err.c	31 Jul 2002 00:46:58 -0000
+@@ -106,6 +106,7 @@
+ {RSA_R_DATA_GREATER_THAN_MOD_LEN         ,"data greater than mod len"},
+ {RSA_R_DATA_TOO_LARGE                    ,"data too large"},
+ {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
++{RSA_R_DATA_TOO_LARGE_FOR_MODULUS        ,"data too large for modulus"},
+ {RSA_R_DATA_TOO_SMALL                    ,"data too small"},
+ {RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE       ,"data too small for key size"},
+ {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY        ,"digest too big for rsa key"},
+Index: crypto/openssl/crypto/rsa/rsa_oaep.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_oaep.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 rsa_oaep.c
+--- crypto/openssl/crypto/rsa/rsa_oaep.c	26 Nov 2000 11:33:52 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/rsa/rsa_oaep.c	31 Jul 2002 00:46:59 -0000
+@@ -2,7 +2,22 @@
+ /* Written by Ulf Moeller. This software is distributed on an "AS IS"
+    basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
+ 
+-/* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
++/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
++
++/* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
++ * <URL: http://www.shoup.net/papers/oaep.ps.Z>
++ * for problems with the security proof for the
++ * original OAEP scheme, which EME-OAEP is based on.
++ * 
++ * A new proof can be found in E. Fujisaki, T. Okamoto,
++ * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
++ * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
++ * The new proof has stronger requirements for the
++ * underlying permutation: "partial-one-wayness" instead
++ * of one-wayness.  For the RSA function, this is
++ * an equivalent notion.
++ */
++
+ 
+ #if !defined(NO_SHA) && !defined(NO_SHA1)
+ #include <stdio.h>
+@@ -12,152 +27,176 @@
+ #include <openssl/sha.h>
+ #include <openssl/rand.h>
+ 
+-int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen);
++int MGF1(unsigned char *mask, long len,
++	unsigned char *seed, long seedlen);
+ 
+ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+-	     unsigned char *from, int flen, unsigned char *param, int plen)
+-    {
+-    int i, emlen = tlen - 1;
+-    unsigned char *db, *seed;
+-    unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
+-
+-    if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
++	unsigned char *from, int flen,
++	unsigned char *param, int plen)
+ 	{
+-	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
+-	       RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+-	return (0);
+-	}
++	int i, emlen = tlen - 1;
++	unsigned char *db, *seed;
++	unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
+ 
+-    if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
+-	{
+-	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
+-	return (0);
+-	}
+-    
+-    dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+-    if (dbmask == NULL)
+-	{
+-	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+-	return (0);
+-	}
++	if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
++		{
++		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
++		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
++		return 0;
++		}
+ 
+-    to[0] = 0;
+-    seed = to + 1;
+-    db = to + SHA_DIGEST_LENGTH + 1;
+-
+-    SHA1(param, plen, db);
+-    memset(db + SHA_DIGEST_LENGTH, 0,
+-	   emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
+-    db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
+-    memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
+-    if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
+-    	return (0);
++	if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
++		{
++		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
++		return 0;
++		}
++
++	dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
++	if (dbmask == NULL)
++		{
++		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
++
++	to[0] = 0;
++	seed = to + 1;
++	db = to + SHA_DIGEST_LENGTH + 1;
++
++	SHA1(param, plen, db);
++	memset(db + SHA_DIGEST_LENGTH, 0,
++		emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
++	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
++	memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
++	if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
++		return 0;
+ #ifdef PKCS_TESTVECT
+-    memcpy(seed,
++	memcpy(seed,
+ 	   "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
+ 	   20);
+ #endif
+ 
+-    MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+-    for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
+-	db[i] ^= dbmask[i];
+-
+-    MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+-    for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+-	seed[i] ^= seedmask[i];
+-
+-    OPENSSL_free(dbmask);
+-    return (1);
+-    }
++	MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
++	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
++		db[i] ^= dbmask[i];
++
++	MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
++	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
++		seed[i] ^= seedmask[i];
++
++	OPENSSL_free(dbmask);
++	return 1;
++	}
+ 
+ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+ 	     unsigned char *from, int flen, int num, unsigned char *param,
+ 	     int plen)
+-    {
+-    int i, dblen, mlen = -1;
+-    unsigned char *maskeddb;
+-    int lzero;
+-    unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
+-
+-    if (--num < 2 * SHA_DIGEST_LENGTH + 1)
+ 	{
+-	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+-	return (-1);
+-	}
++	int i, dblen, mlen = -1;
++	unsigned char *maskeddb;
++	int lzero;
++	unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
++	int bad = 0;
++
++	if (--num < 2 * SHA_DIGEST_LENGTH + 1)
++		/* 'num' is the length of the modulus, i.e. does not depend on the
++		 * particular ciphertext. */
++		goto decoding_err;
+ 
+-    dblen = num - SHA_DIGEST_LENGTH;
+-    db = OPENSSL_malloc(dblen);
+-    if (db == NULL)
+-	{
+-	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+-	return (-1);
+-	}
++	lzero = num - flen;
++	if (lzero < 0)
++		{
++		/* lzero == -1 */
++
++		/* signalling this error immediately after detection might allow
++		 * for side-channel attacks (e.g. timing if 'plen' is huge
++		 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
++		 * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),
++		 * so we use a 'bad' flag */
++		bad = 1;
++		lzero = 0;
++		}
++	maskeddb = from - lzero + SHA_DIGEST_LENGTH;
+ 
+-    lzero = num - flen;
+-    maskeddb = from - lzero + SHA_DIGEST_LENGTH;
+-    
+-    MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+-    for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
+-	seed[i] ^= from[i - lzero];
+-  
+-    MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+-    for (i = 0; i < dblen; i++)
+-	db[i] ^= maskeddb[i];
++	dblen = num - SHA_DIGEST_LENGTH;
++	db = OPENSSL_malloc(dblen);
++	if (db == NULL)
++		{
++		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
++		return -1;
++		}
+ 
+-    SHA1(param, plen, phash);
++	MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
++	for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
++		seed[i] ^= from[i - lzero];
++
++	MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
++	for (i = 0; i < dblen; i++)
++		db[i] ^= maskeddb[i];
+ 
+-    if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
+-	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+-    else
+-	{
+-	for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
+-	    if (db[i] != 0x00)
+-		break;
+-	if (db[i] != 0x01 || i++ >= dblen)
+-	    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
+-		   RSA_R_OAEP_DECODING_ERROR);
++	SHA1(param, plen, phash);
++
++	if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
++		goto decoding_err;
+ 	else
+-	    {
+-	    mlen = dblen - i;
+-	    if (tlen < mlen)
+-		{
+-		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+-		mlen = -1;
+-		}
+-	    else
+-		memcpy(to, db + i, mlen);
+-	    }
++		{
++		for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
++			if (db[i] != 0x00)
++				break;
++		if (db[i] != 0x01 || i++ >= dblen)
++			goto decoding_err;
++		else
++			{
++			/* everything looks OK */
++
++			mlen = dblen - i;
++			if (tlen < mlen)
++				{
++				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
++				mlen = -1;
++				}
++			else
++				memcpy(to, db + i, mlen);
++			}
++		}
++	OPENSSL_free(db);
++	return mlen;
++
++decoding_err:
++	/* to avoid chosen ciphertext attacks, the error message should not reveal
++	 * which kind of decoding error happened */
++	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
++	if (db != NULL) OPENSSL_free(db);
++	return -1;
+ 	}
+-    OPENSSL_free(db);
+-    return (mlen);
+-    }
+ 
+ int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
+-    {
+-    long i, outlen = 0;
+-    unsigned char cnt[4];
+-    SHA_CTX c;
+-    unsigned char md[SHA_DIGEST_LENGTH];
+-
+-    for (i = 0; outlen < len; i++)
+ 	{
+-	cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
+-	  cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
+-	SHA1_Init(&c);
+-	SHA1_Update(&c, seed, seedlen);
+-	SHA1_Update(&c, cnt, 4);
+-	if (outlen + SHA_DIGEST_LENGTH <= len)
+-	    {
+-	    SHA1_Final(mask + outlen, &c);
+-	    outlen += SHA_DIGEST_LENGTH;
+-	    }
+-	else
+-	    {
+-	    SHA1_Final(md, &c);
+-	    memcpy(mask + outlen, md, len - outlen);
+-	    outlen = len;
+-	    }
++	long i, outlen = 0;
++	unsigned char cnt[4];
++	SHA_CTX c;
++	unsigned char md[SHA_DIGEST_LENGTH];
++
++	for (i = 0; outlen < len; i++)
++		{
++		cnt[0] = (unsigned char)((i >> 24) & 255);
++		cnt[1] = (unsigned char)((i >> 16) & 255);
++		cnt[2] = (unsigned char)((i >> 8)) & 255;
++		cnt[3] = (unsigned char)(i & 255);
++		SHA1_Init(&c);
++		SHA1_Update(&c, seed, seedlen);
++		SHA1_Update(&c, cnt, 4);
++		if (outlen + SHA_DIGEST_LENGTH <= len)
++			{
++			SHA1_Final(mask + outlen, &c);
++			outlen += SHA_DIGEST_LENGTH;
++			}
++		else
++			{
++			SHA1_Final(md, &c);
++			memcpy(mask + outlen, md, len - outlen);
++			outlen = len;
++			}
++		}
++	return 0;
+ 	}
+-    return (0);
+-    }
+ #endif
+Index: crypto/openssl/crypto/rsa/rsa_oaep_test.c
+===================================================================
+RCS file: crypto/openssl/crypto/rsa/rsa_oaep_test.c
+diff -N crypto/openssl/crypto/rsa/rsa_oaep_test.c
+--- crypto/openssl/crypto/rsa/rsa_oaep_test.c	16 Jan 2000 05:14:56 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,309 +0,0 @@
+-/* test vectors from p1ovect1.txt */
+-
+-#include <stdio.h>
+-#include <string.h>
+-
+-#include "openssl/e_os.h"
+-
+-#include <openssl/crypto.h>
+-#include <openssl/err.h>
+-#ifdef NO_RSA
+-int main(int argc, char *argv[])
+-{
+-    printf("No RSA support\n");
+-    return(0);
+-}
+-#else
+-#include <openssl/rsa.h>
+-
+-#define SetKey \
+-  key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+-  key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+-  key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+-  key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+-  key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+-  key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+-  key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+-  key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+-  memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+-  return (sizeof(ctext_ex) - 1);
+-
+-static int key1(RSA *key, unsigned char *c)
+-    {
+-    static unsigned char n[] =
+-"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+-"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+-"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+-"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+-"\xF5";
+-
+-    static unsigned char e[] = "\x11";
+-
+-    static unsigned char d[] =
+-"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+-"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+-"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+-"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+-
+-    static unsigned char p[] =
+-"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+-"\x0D";
+-    
+-    static unsigned char q[] =
+-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+-"\x89";
+-
+-    static unsigned char dmp1[] =
+-"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+-"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+-
+-    static unsigned char dmq1[] =
+-"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+-"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+-"\x51";
+-
+-    static unsigned char iqmp[] =
+-"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+-"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+-
+-    static unsigned char ctext_ex[] =
+-"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+-"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+-"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+-"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+-
+-    SetKey;
+-    }
+-
+-static int key2(RSA *key, unsigned char *c)
+-    {
+-    static unsigned char n[] =
+-"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+-"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+-"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+-"\x34\x77\xCF";
+-
+-    static unsigned char e[] = "\x3";
+-
+-    static unsigned char d[] =
+-"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+-"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+-"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+-"\xE5\xEB";
+-
+-    static unsigned char p[] =
+-"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+-"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+-
+-    static unsigned char q[] =
+-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+-    
+-    static unsigned char dmp1[] =
+-"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+-"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+-
+-    static unsigned char dmq1[] =
+-"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+-"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+-
+-    static unsigned char iqmp[] =
+-"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+-"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+-
+-    static unsigned char ctext_ex[] =
+-"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+-"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+-"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+-"\x62\x51";
+-
+-    SetKey;
+-    }
+-
+-static int key3(RSA *key, unsigned char *c)
+-    {
+-    static unsigned char n[] =
+-"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+-"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+-"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+-"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+-"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+-"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+-"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+-"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+-"\xCB";
+-
+-    static unsigned char e[] = "\x11";
+-
+-    static unsigned char d[] =
+-"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+-"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+-"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+-"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+-"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+-"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+-"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+-"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+-"\xC1";
+-
+-    static unsigned char p[] =
+-"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+-"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+-"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+-"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+-"\x99";
+-
+-    static unsigned char q[] =
+-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+-"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+-"\x03";
+-
+-    static unsigned char dmp1[] =
+-"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+-"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+-"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+-"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+-
+-    static unsigned char dmq1[] =
+-"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+-"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+-"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+-"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+-    
+-    static unsigned char iqmp[] =
+-"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+-"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+-"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+-"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+-"\xF7";
+-
+-    static unsigned char ctext_ex[] =
+-"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+-"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+-"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+-"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+-"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+-"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+-"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+-"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+-
+-    SetKey;
+-    }
+-
+-static int pad_unknown(void)
+-{
+-    unsigned long l;
+-    while ((l = ERR_get_error()) != 0)
+-      if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+-	return(1);
+-    return(0);
+-}
+-
+-int main() 
+-    {
+-    int err=0;
+-    int v;
+-    RSA *key;
+-    unsigned char ptext[256];
+-    unsigned char ctext[256];
+-    static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+-    unsigned char ctext_ex[256];
+-    int plen;
+-    int clen = 0;
+-    int num;
+-
+-    CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+-	
+-    plen = sizeof(ptext_ex) - 1;
+-
+-    for (v = 0; v < 3; v++)
+-	{
+-	key = RSA_new();
+-	switch (v) {
+-    case 0:
+-	clen = key1(key, ctext_ex);
+-	break;
+-    case 1:
+-	clen = key2(key, ctext_ex);
+-	break;
+-    case 2:
+-	clen = key3(key, ctext_ex);
+-	break;
+-	}
+-
+-	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+-				 RSA_PKCS1_PADDING);
+-	if (num != clen)
+-	    {
+-	    printf("PKCS#1 v1.5 encryption failed!\n");
+-	    err=1;
+-	    goto oaep;
+-	    }
+-  
+-	num = RSA_private_decrypt(num, ctext, ptext, key,
+-				  RSA_PKCS1_PADDING);
+-	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+-	    {
+-	    printf("PKCS#1 v1.5 decryption failed!\n");
+-	    err=1;
+-	    }
+-	else
+-	    printf("PKCS #1 v1.5 encryption/decryption ok\n");
+-
+-    oaep:
+-	ERR_clear_error();
+-	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+-				 RSA_PKCS1_OAEP_PADDING);
+-	if (num == -1 && pad_unknown())
+-	    {
+-	    printf("No OAEP support\n");
+-	    goto next;
+-	    }
+-	if (num != clen)
+-	    {
+-	    printf("OAEP encryption failed!\n");
+-	    err=1;
+-	    goto next;
+-	    }
+-  
+-	num = RSA_private_decrypt(num, ctext, ptext, key,
+-				  RSA_PKCS1_OAEP_PADDING);
+-	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+-	    {
+-	    printf("OAEP decryption (encrypted data) failed!\n");
+-	    err=1;
+-	    }
+-	else if (memcmp(ctext, ctext_ex, num) == 0)
+-	    {
+-	    printf("OAEP test vector %d passed!\n", v);
+-	    goto next;
+-	    }
+-    
+-	/* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
+-	   Try decrypting ctext_ex */
+-
+-	num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+-				  RSA_PKCS1_OAEP_PADDING);
+-
+-	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+-	    {
+-	    printf("OAEP decryption (test vector data) failed!\n");
+-	    err=1;
+-	    }
+-	else
+-	    printf("OAEP encryption/decryption ok\n");
+-    next:
+-	RSA_free(key);
+-	}
+-
+-    ERR_remove_state(0);
+-
+-    CRYPTO_mem_leaks_fp(stdout);
+-
+-    return err;
+-    }
+-#endif
+cvs diff: Diffing crypto/openssl/crypto/sha
+Index: crypto/openssl/crypto/sha/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/sha/Makefile.save
+diff -N crypto/openssl/crypto/sha/Makefile.save
+--- crypto/openssl/crypto/sha/Makefile.save	26 Nov 2000 11:33:55 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,112 +0,0 @@
+-#
+-# SSLeay/crypto/sha/Makefile
+-#
+-
+-DIR=    sha
+-TOP=    ../..
+-CC=     cc
+-CPP=    $(CC) -E
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=           make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=       Makefile.ssl
+-AR=             ar r
+-
+-SHA1_ASM_OBJ=
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=shatest.c sha1test.c
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ)
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= sha.h
+-HEADER= sha_locl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:    lib
+-
+-lib:    $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-# elf
+-asm/sx86-elf.o: asm/sx86unix.cpp
+-	$(CPP) -DELF -x c asm/sx86unix.cpp | as -o asm/sx86-elf.o
+-
+-# solaris
+-asm/sx86-sol.o: asm/sx86unix.cpp
+-	$(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
+-	as -o asm/sx86-sol.o asm/sx86-sol.s
+-	rm -f asm/sx86-sol.s
+-
+-# a.out
+-asm/sx86-out.o: asm/sx86unix.cpp
+-	$(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+-
+-# bsdi
+-asm/sx86bsdi.o: asm/sx86unix.cpp
+-	$(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o
+-
+-asm/sx86unix.cpp: asm/sha1-586.pl ../perlasm/x86asm.pl
+-	(cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp)
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-sha1_one.o: ../../include/openssl/sha.h
+-sha1dgst.o: ../../include/openssl/opensslconf.h
+-sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+-sha1dgst.o: ../md32_common.h sha_locl.h
+-sha_dgst.o: ../../include/openssl/opensslconf.h
+-sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+-sha_dgst.o: ../md32_common.h sha_locl.h
+-sha_one.o: ../../include/openssl/sha.h
+Index: crypto/openssl/crypto/sha/Makefile.uni
+===================================================================
+RCS file: crypto/openssl/crypto/sha/Makefile.uni
+diff -N crypto/openssl/crypto/sha/Makefile.uni
+--- crypto/openssl/crypto/sha/Makefile.uni	10 Jan 2000 06:21:52 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,122 +0,0 @@
+-# Targets
+-# make          - twidle the options yourself :-)
+-# make cc       - standard cc options
+-# make gcc      - standard gcc options
+-# make x86-elf  - linux-elf etc
+-# make x86-out  - linux-a.out, FreeBSD etc
+-# make x86-solaris
+-# make x86-bdsi
+-
+-DIR=    sha
+-TOP=    .
+-CC=     gcc
+-CFLAG=	-O3 -fomit-frame-pointer
+-
+-CPP=    $(CC) -E
+-INCLUDES=
+-INSTALLTOP=/usr/local/lib
+-MAKE=           make
+-MAKEDEPEND=     makedepend
+-MAKEFILE=       Makefile.uni
+-AR=             ar r
+-
+-SHA_ASM_OBJ=
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-
+-TEST1=shatest
+-TEST2=sha1test
+-APP1=sha
+-APP2=sha1
+-
+-TEST=$(TEST1) $(TEST2)
+-APPS=$(APP1) $(APP2)
+-
+-LIB=libsha.a
+-LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+-LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA_ASM_OBJ)
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= sha.h
+-HEADER= sha_locl.h $(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-all:    $(LIB) $(TEST) $(APPS)
+-
+-$(LIB): $(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-
+-# elf
+-asm/sx86-elf.o: asm/sx86unix.cpp
+-	$(CPP) -DELF asm/sx86unix.cpp | as -o asm/sx86-elf.o
+-
+-# solaris
+-asm/sx86-sol.o: asm/sx86unix.cpp
+-	$(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
+-	as -o asm/sx86-sol.o asm/sx86-sol.s
+-	rm -f asm/sx86-sol.s
+-
+-# a.out
+-asm/sx86-out.o: asm/sx86unix.cpp
+-	$(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+-
+-# bsdi
+-asm/sx86bsdi.o: asm/sx86unix.cpp
+-	$(CPP) -DBSDI asm/sx86unix.cpp | as -o asm/sx86bsdi.o
+-
+-asm/sx86unix.cpp:
+-	(cd asm; perl sha1-586.pl cpp >sx86unix.cpp)
+-
+-test:	$(TEST)
+-	./$(TEST1)
+-	./$(TEST2)
+-
+-$(TEST1): $(TEST1).c $(LIB)
+-	$(CC) -o $(TEST1) $(CFLAGS) $(TEST1).c $(LIB)
+-
+-$(TEST2): $(TEST2).c $(LIB)
+-	$(CC) -o $(TEST2) $(CFLAGS) $(TEST2).c $(LIB)
+-
+-$(APP1): $(APP1).c $(LIB)
+-	$(CC) -o $(APP1) $(CFLAGS) $(APP1).c $(LIB)
+-
+-$(APP2): $(APP2).c $(LIB)
+-	$(CC) -o $(APP2) $(CFLAGS) $(APP2).c $(LIB)
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-cc:
+-	$(MAKE) SHA_ASM_OBJ="" CC="cc" CFLAG="-O" all
+-
+-gcc:
+-	$(MAKE) SHA_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+-
+-x86-elf:
+-	$(MAKE) SHA_ASM_OBJ="asm/sx86-elf.o" CFLAG="-DELF -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-x86-out:
+-	$(MAKE) SHA_ASM_OBJ="asm/sx86-out.o" CFLAG="-DOUT -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-x86-solaris:
+-	$(MAKE) SHA_ASM_OBJ="asm/sx86-sol.o" CFLAG="-DSOL -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-x86-bdsi:
+-	$(MAKE) SHA_ASM_OBJ="asm/sx86-bdsi.o" CFLAG="-DBDSI -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+Index: crypto/openssl/crypto/sha/sha_locl.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/sha/sha_locl.h,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 sha_locl.h
+--- crypto/openssl/crypto/sha/sha_locl.h	20 Aug 2000 08:46:45 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/sha/sha_locl.h	31 Jul 2002 00:46:59 -0000
+@@ -115,7 +115,7 @@
+ # endif
+ 
+ # ifdef SHA1_ASM
+-#  if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
++#  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+ #   define sha1_block_host_order		sha1_block_asm_host_order
+ #   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+ #   define sha1_block_data_order		sha1_block_asm_data_order
+cvs diff: Diffing crypto/openssl/crypto/sha/asm
+cvs diff: Diffing crypto/openssl/crypto/stack
+Index: crypto/openssl/crypto/stack/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/stack/Makefile.save
+diff -N crypto/openssl/crypto/stack/Makefile.save
+--- crypto/openssl/crypto/stack/Makefile.save	26 Nov 2000 11:33:56 -0000	1.1.1.1.2.2
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,87 +0,0 @@
+-#
+-# SSLeay/crypto/stack/Makefile
+-#
+-
+-DIR=	stack
+-TOP=	../..
+-CC=	cc
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=stack.c
+-LIBOBJ=stack.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= stack.h safestack.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-stack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-stack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-stack.o: ../cryptlib.h
+cvs diff: Diffing crypto/openssl/crypto/threads
+cvs diff: Diffing crypto/openssl/crypto/txt_db
+Index: crypto/openssl/crypto/txt_db/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/txt_db/Makefile.save
+diff -N crypto/openssl/crypto/txt_db/Makefile.save
+--- crypto/openssl/crypto/txt_db/Makefile.save	20 Aug 2000 08:48:46 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,87 +0,0 @@
+-#
+-# SSLeay/crypto/txt_db/Makefile
+-#
+-
+-DIR=	txt_db
+-TOP=	../..
+-CC=	cc
+-INCLUDES=
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=txt_db.c
+-LIBOBJ=txt_db.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= txt_db.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-txt_db.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+-txt_db.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+-txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+-txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+-txt_db.o: ../../include/openssl/stack.h ../../include/openssl/txt_db.h
+-txt_db.o: ../cryptlib.h
+Index: crypto/openssl/crypto/txt_db/txt_db.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/txt_db/txt_db.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 txt_db.c
+--- crypto/openssl/crypto/txt_db/txt_db.c	26 Nov 2000 11:33:57 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/txt_db/txt_db.c	31 Jul 2002 00:46:59 -0000
+@@ -122,7 +122,7 @@
+ 		else
+ 			{
+ 			buf->data[offset-1]='\0'; /* blat the '\n' */
+-			p=(char *)OPENSSL_malloc(add+offset);
++			if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
+ 			offset=0;
+ 			}
+ 		pp=(char **)p;
+cvs diff: Diffing crypto/openssl/crypto/x509
+Index: crypto/openssl/crypto/x509/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/x509/Makefile.save
+diff -N crypto/openssl/crypto/x509/Makefile.save
+--- crypto/openssl/crypto/x509/Makefile.save	20 Aug 2000 08:48:46 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,473 +0,0 @@
+-#
+-# SSLeay/crypto/x509/Makefile
+-#
+-
+-DIR=	x509
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile README
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=	x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+-	x509_obj.c x509_req.c x509spki.c x509_vfy.c \
+-	x509_set.c x509rset.c x509_err.c \
+-	x509name.c x509_v3.c x509_ext.c x509_att.c \
+-	x509type.c x509_lu.c x_all.c x509_txt.c \
+-	x509_trs.c by_file.c by_dir.c 
+-LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+-	x509_obj.o x509_req.o x509spki.o x509_vfy.o \
+-	x509_set.o x509rset.o x509_err.o \
+-	x509name.o x509_v3.o x509_ext.o x509_att.o \
+-	x509type.o x509_lu.o x_all.o x509_txt.o \
+-	x509_trs.o by_file.o by_dir.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= x509.h x509_vfy.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-by_dir.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-by_dir.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-by_dir.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-by_dir.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-by_dir.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-by_dir.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-by_file.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-by_file.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-by_file.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-by_file.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+-by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_att.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509_d2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509_d2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_d2.o: ../cryptlib.h
+-x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509_def.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509_def.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_def.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_def.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_def.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_def.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_def.o: ../cryptlib.h
+-x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x509_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x509_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+-x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-x509_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_lu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509_lu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_lu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-x509_lu.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+-x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509_obj.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509_obj.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-x509_obj.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-x509_obj.o: ../../include/openssl/opensslconf.h
+-x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_obj.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_obj.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_obj.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_obj.o: ../cryptlib.h
+-x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509_r2x.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509_r2x.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_r2x.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_r2x.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_r2x.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_r2x.o: ../cryptlib.h
+-x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_req.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+-x509_req.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+-x509_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_req.o: ../cryptlib.h
+-x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509_set.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_set.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_set.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_set.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_set.o: ../cryptlib.h
+-x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_trs.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509_txt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509_txt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-x509_txt.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-x509_txt.o: ../../include/openssl/opensslconf.h
+-x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_txt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_txt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_txt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_txt.o: ../cryptlib.h
+-x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509name.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509name.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509name.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509name.o: ../cryptlib.h
+-x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509rset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509rset.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509rset.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509rset.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509rset.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509rset.o: ../cryptlib.h
+-x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-x509spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-x509spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-x509spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+-x509spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-x509spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-x509spki.o: ../../include/openssl/opensslconf.h
+-x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509spki.o: ../cryptlib.h
+-x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x509type.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x509type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509type.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x509type.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x509type.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x509type.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509type.o: ../cryptlib.h
+-x_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-x_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-x_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-x_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-x_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+-x_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-x_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-x_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x_all.o: ../cryptlib.h
+Index: crypto/openssl/crypto/x509/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/crypto/x509/Makefile.ssl	4 Jul 2001 23:19:39 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/x509/Makefile.ssl	31 Jul 2002 00:46:59 -0000
+@@ -134,13 +134,12 @@
+ x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_att.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_att.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-x509_att.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-x509_att.o: ../../include/openssl/opensslconf.h
++x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++x509_att.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++x509_att.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+@@ -155,13 +154,12 @@
+ x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_cmp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-x509_cmp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-x509_cmp.o: ../../include/openssl/opensslconf.h
++x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++x509_cmp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++x509_cmp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+@@ -232,13 +230,12 @@
+ x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-x509_ext.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-x509_ext.o: ../../include/openssl/opensslconf.h
++x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++x509_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++x509_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+@@ -349,13 +346,12 @@
+ x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_trs.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_trs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-x509_trs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-x509_trs.o: ../../include/openssl/opensslconf.h
++x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++x509_trs.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++x509_trs.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+@@ -389,33 +385,32 @@
+ x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_v3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-x509_v3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h
++x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++x509_v3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++x509_v3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++x509_v3.o: ../cryptlib.h
+ x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-x509_vfy.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-x509_vfy.o: ../../include/openssl/opensslconf.h
++x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++x509_vfy.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+Index: crypto/openssl/crypto/x509/x509.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 x509.h
+--- crypto/openssl/crypto/x509/x509.h	26 Nov 2000 11:33:58 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/x509/x509.h	31 Jul 2002 00:46:59 -0000
+@@ -810,7 +810,6 @@
+ 
+ X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+ X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
+-void ERR_load_X509_strings(void );
+ 
+ X509_ALGOR *	X509_ALGOR_new(void );
+ void		X509_ALGOR_free(X509_ALGOR *a);
+@@ -1220,6 +1219,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_X509_strings(void);
+ 
+ /* Error codes for the X509 functions. */
+ 
+@@ -1291,4 +1291,3 @@
+ }
+ #endif
+ #endif
+-
+Index: crypto/openssl/crypto/x509/x509_obj.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_obj.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 x509_obj.c
+--- crypto/openssl/crypto/x509/x509_obj.c	26 Nov 2000 11:33:58 -0000	1.1.1.1.2.1
++++ crypto/openssl/crypto/x509/x509_obj.c	31 Jul 2002 00:46:59 -0000
+@@ -214,6 +214,8 @@
+ 		}
+ 	else
+ 		p=buf;
++	if (i == 0)
++		*p = '\0';
+ 	return(p);
+ err:
+ 	X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
+Index: crypto/openssl/crypto/x509/x509_trs.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_trs.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 x509_trs.c
+--- crypto/openssl/crypto/x509/x509_trs.c	26 Nov 2000 11:33:58 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/x509/x509_trs.c	31 Jul 2002 00:46:59 -0000
+@@ -79,7 +79,7 @@
+ static X509_TRUST trstandard[] = {
+ {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+ {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
+-{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
++{X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
+ {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+ };
+ 
+@@ -228,7 +228,8 @@
+ 
+ static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+ {
+-	if(x->aux) return obj_trust(trust->arg1, x, flags);
++	if(x->aux && (x->aux->trust || x->aux->reject))
++		return obj_trust(trust->arg1, x, flags);
+ 	/* we don't have any trust settings: for compatibility
+ 	 * we return trusted if it is self signed
+ 	 */
+Index: crypto/openssl/crypto/x509/x509_txt.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_txt.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 x509_txt.c
+--- crypto/openssl/crypto/x509/x509_txt.c	26 Nov 2000 11:33:58 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/x509/x509_txt.c	31 Jul 2002 00:46:59 -0000
+@@ -95,7 +95,7 @@
+ 	case X509_V_ERR_CRL_NOT_YET_VALID:
+ 		return("CRL is not yet valid");
+ 	case X509_V_ERR_CERT_HAS_EXPIRED:
+-		return("Certificate has expired");
++		return("certificate has expired");
+ 	case X509_V_ERR_CRL_HAS_EXPIRED:
+ 		return("CRL has expired");
+ 	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+Index: crypto/openssl/crypto/x509/x509_vfy.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_vfy.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 x509_vfy.c
+--- crypto/openssl/crypto/x509/x509_vfy.c	26 Nov 2000 11:33:58 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/x509/x509_vfy.c	31 Jul 2002 00:46:59 -0000
+@@ -911,6 +911,12 @@
+ 	ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
+ 	}
+ 
++void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
++				  int (*verify_cb)(int, X509_STORE_CTX *))
++	{
++	ctx->verify_cb=verify_cb;
++	}
++
+ IMPLEMENT_STACK_OF(X509)
+ IMPLEMENT_ASN1_SET_OF(X509)
+ 
+Index: crypto/openssl/crypto/x509/x509_vfy.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_vfy.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 x509_vfy.h
+--- crypto/openssl/crypto/x509/x509_vfy.h	26 Nov 2000 11:33:59 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/x509/x509_vfy.h	31 Jul 2002 00:46:59 -0000
+@@ -382,6 +382,8 @@
+ 				int purpose, int trust);
+ void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
+ void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
++void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
++				  int (*verify_cb)(int, X509_STORE_CTX *));
+ 
+ #ifdef  __cplusplus
+ }
+cvs diff: Diffing crypto/openssl/crypto/x509v3
+Index: crypto/openssl/crypto/x509v3/Makefile.save
+===================================================================
+RCS file: crypto/openssl/crypto/x509v3/Makefile.save
+diff -N crypto/openssl/crypto/x509v3/Makefile.save
+--- crypto/openssl/crypto/x509v3/Makefile.save	20 Aug 2000 08:48:47 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,469 +0,0 @@
+-#
+-# SSLeay/crypto/x509v3/Makefile
+-#
+-
+-DIR=	x509v3
+-TOP=	../..
+-CC=	cc
+-INCLUDES= -I.. -I../../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile README
+-TEST=
+-APPS=
+-
+-LIB=$(TOP)/libcrypto.a
+-LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
+-v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
+-v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
+-LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+-v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+-v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= x509v3.h
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+-v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_akey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_akey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-v3_akey.o: ../cryptlib.h
+-v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_alt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+-v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-v3_bcons.o: ../../include/openssl/opensslconf.h
+-v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_bcons.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_conf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_conf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_conf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+-v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-v3_cpols.o: ../../include/openssl/opensslconf.h
+-v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_cpols.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+-v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_crld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_crld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-v3_crld.o: ../cryptlib.h
+-v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_extku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+-v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_genn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_genn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-v3_genn.o: ../cryptlib.h
+-v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_ia5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+-v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-v3_info.o: ../cryptlib.h
+-v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_int.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h
+-v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+-v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_pku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_pku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_pku.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+-v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-v3_pku.o: ../cryptlib.h
+-v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_prn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_skey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_skey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_skey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+-v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+-v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+-v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+-v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+-v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+-v3_sxnet.o: ../../include/openssl/opensslconf.h
+-v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_sxnet.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+-v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+-v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+-v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+-v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+-v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+-v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+-v3err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3err.o: ../../include/openssl/x509v3.h
+Index: crypto/openssl/crypto/x509v3/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509v3/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/crypto/x509v3/Makefile.ssl	4 Jul 2001 23:19:39 -0000	1.1.1.1.2.3
++++ crypto/openssl/crypto/x509v3/Makefile.ssl	31 Jul 2002 00:46:59 -0000
+@@ -89,54 +89,53 @@
+ v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+-v3_akey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_akey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-v3_akey.o: ../cryptlib.h
++v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
++v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
++v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++v3_akey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
++v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
++v3_akey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
++v3_akey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
++v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h
+ v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ v3_alt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_alt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_alt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_alt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_alt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_alt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_alt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h
++v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_alt.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_alt.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3_alt.o: ../cryptlib.h
+ v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+-v3_bcons.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_bcons.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
++v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
++v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++v3_bcons.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
++v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++v3_bcons.o: ../../include/openssl/opensslconf.h
+ v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+@@ -151,13 +150,12 @@
+ v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_bitst.o: ../../include/openssl/opensslconf.h
++v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+@@ -172,33 +170,33 @@
+ v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_conf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_conf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_conf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_conf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h
++v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_conf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_conf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++v3_conf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++v3_conf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3_conf.o: ../cryptlib.h
+ v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+-v3_cpols.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_cpols.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
++v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
++v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++v3_cpols.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
++v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++v3_cpols.o: ../../include/openssl/opensslconf.h
+ v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+@@ -213,54 +211,52 @@
+ v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+-v3_crld.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_crld.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-v3_crld.o: ../cryptlib.h
++v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
++v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
++v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++v3_crld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
++v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
++v3_crld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
++v3_crld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
++v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h
+ v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_enum.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_enum.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_enum.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h
++v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_enum.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_enum.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++v3_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++v3_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3_enum.o: ../cryptlib.h
+ v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_extku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_extku.o: ../../include/openssl/opensslconf.h
++v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_extku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_extku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+ v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+@@ -275,196 +271,193 @@
+ v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+-v3_genn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_genn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-v3_genn.o: ../cryptlib.h
++v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
++v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
++v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++v3_genn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
++v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
++v3_genn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
++v3_genn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
++v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h
+ v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ v3_ia5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_ia5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_ia5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_ia5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_ia5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_ia5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_ia5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
++v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_ia5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_ia5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3_ia5.o: ../cryptlib.h
+ v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+-v3_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-v3_info.o: ../cryptlib.h
++v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
++v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
++v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++v3_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
++v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
++v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
++v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
++v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h
+ v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_int.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_int.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_int.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_int.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_int.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h
++v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_int.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_int.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_int.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3_int.o: ../cryptlib.h
+ v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h
++v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3_lib.o: ../cryptlib.h ext_dat.h
+ v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+-v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_pku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3_pku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3_pku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3_pku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+-v3_pku.o: ../cryptlib.h
++v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
++v3_pku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++v3_pku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
++v3_pku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++v3_pku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
++v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
++v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
++v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
++v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h
+ v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ v3_prn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_prn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h
++v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_prn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_prn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3_prn.o: ../cryptlib.h
+ v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_purp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_purp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_purp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h
++v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_purp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_purp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3_purp.o: ../cryptlib.h
+ v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_skey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_skey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_skey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_skey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h
++v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_skey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_skey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++v3_skey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++v3_skey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3_skey.o: ../cryptlib.h
+ v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+-v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+-v3_sxnet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3_sxnet.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
++v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
++v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++v3_sxnet.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
++v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++v3_sxnet.o: ../../include/openssl/opensslconf.h
+ v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+@@ -479,36 +472,36 @@
+ v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3_utl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+-v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+-v3_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+-v3_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+-v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+-v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+-v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+-v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+-v3_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+-v3_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+-v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+-v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+-v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+-v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h
++v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
++v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
++v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
++v3_utl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
++v3_utl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
++v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
++v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
++v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
++v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
++v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
++v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
++v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
++v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3_utl.o: ../cryptlib.h
+ v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ v3err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ v3err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ v3err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+-v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+-v3err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+-v3err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+-v3err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+-v3err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+-v3err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+-v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+-v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+-v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+-v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+-v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+-v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+-v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+-v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
++v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
++v3err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
++v3err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
++v3err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
++v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
++v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
++v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
++v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
++v3err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
++v3err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
++v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
++v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
++v3err.o: ../../include/openssl/x509v3.h
+Index: crypto/openssl/crypto/x509v3/README
+===================================================================
+RCS file: crypto/openssl/crypto/x509v3/README
+diff -N crypto/openssl/crypto/x509v3/README
+--- crypto/openssl/crypto/x509v3/README	10 Jan 2000 06:21:53 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,4 +0,0 @@
+-WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+-
+-This is ***VERY*** new experimental code and is likely to change
+-considerably or vanish altogether.
+Index: crypto/openssl/crypto/x509v3/v3_ia5.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509v3/v3_ia5.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 v3_ia5.c
+--- crypto/openssl/crypto/x509v3/v3_ia5.c	26 Nov 2000 11:34:00 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/x509v3/v3_ia5.c	31 Jul 2002 00:46:59 -0000
+@@ -82,7 +82,7 @@
+ {
+ 	char *tmp;
+ 	if(!ia5 || !ia5->length) return NULL;
+-	tmp = OPENSSL_malloc(ia5->length + 1);
++	if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL;
+ 	memcpy(tmp, ia5->data, ia5->length);
+ 	tmp[ia5->length] = 0;
+ 	return tmp;
+Index: crypto/openssl/crypto/x509v3/v3_utl.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509v3/v3_utl.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 v3_utl.c
+--- crypto/openssl/crypto/x509v3/v3_utl.c	26 Nov 2000 11:34:01 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/x509v3/v3_utl.c	31 Jul 2002 00:46:59 -0000
+@@ -250,7 +250,7 @@
+ 				*p = 0;
+ 				ntmp = strip_spaces(q);
+ 				q = p + 1;
+-#ifdef DEBUG
++#if 0
+ 				printf("%s\n", ntmp);
+ #endif
+ 				if(!ntmp) {
+@@ -266,7 +266,7 @@
+ 				state = HDR_NAME;
+ 				*p = 0;
+ 				vtmp = strip_spaces(q);
+-#ifdef DEBUG
++#if 0
+ 				printf("%s\n", ntmp);
+ #endif
+ 				if(!vtmp) {
+@@ -283,7 +283,7 @@
+ 
+ 	if(state == HDR_VALUE) {
+ 		vtmp = strip_spaces(q);
+-#ifdef DEBUG
++#if 0
+ 		printf("%s=%s\n", ntmp, vtmp);
+ #endif
+ 		if(!vtmp) {
+@@ -293,7 +293,7 @@
+ 		X509V3_add_value(ntmp, vtmp, &values);
+ 	} else {
+ 		ntmp = strip_spaces(q);
+-#ifdef DEBUG
++#if 0
+ 		printf("%s\n", ntmp);
+ #endif
+ 		if(!ntmp) {
+Index: crypto/openssl/crypto/x509v3/x509v3.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509v3/x509v3.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 x509v3.h
+--- crypto/openssl/crypto/x509v3/x509v3.h	26 Nov 2000 11:34:01 -0000	1.1.1.1.2.2
++++ crypto/openssl/crypto/x509v3/x509v3.h	31 Jul 2002 00:46:59 -0000
+@@ -354,7 +354,6 @@
+ 
+ DECLARE_STACK_OF(X509_PURPOSE)
+ 
+-void ERR_load_X509V3_strings(void);
+ int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
+ BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
+ BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
+@@ -555,6 +554,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_X509V3_strings(void);
+ 
+ /* Error codes for the X509V3 functions. */
+ 
+@@ -650,4 +650,3 @@
+ }
+ #endif
+ #endif
+-
+cvs diff: Diffing crypto/openssl/demos
+Index: crypto/openssl/demos/b64.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/demos/b64.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 b64.c
+--- crypto/openssl/demos/b64.c	26 Nov 2000 11:34:02 -0000	1.1.1.1.2.1
++++ crypto/openssl/demos/b64.c	31 Jul 2002 00:46:59 -0000
+@@ -91,8 +91,8 @@
+ 	EVP_CIPHER *cipher=NULL,*c;
+ 	char *inf=NULL,*outf=NULL;
+ 	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+-#define PROG_NAME_SIZE  16
+-        char pname[PROG_NAME_SIZE];
++#define PROG_NAME_SIZE  39
++        char pname[PROG_NAME_SIZE+1];
+ 
+ 
+ 	apps_startup();
+cvs diff: Diffing crypto/openssl/demos/bio
+cvs diff: Diffing crypto/openssl/demos/eay
+cvs diff: Diffing crypto/openssl/demos/maurice
+Index: crypto/openssl/demos/maurice/example1.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/demos/maurice/example1.c,v
+retrieving revision 1.1.1.1
+diff -u -r1.1.1.1 example1.c
+--- crypto/openssl/demos/maurice/example1.c	10 Jan 2000 06:21:55 -0000	1.1.1.1
++++ crypto/openssl/demos/maurice/example1.c	31 Jul 2002 00:46:59 -0000
+@@ -72,7 +72,7 @@
+ 
+         pubKey[0] = ReadPublicKey(PUBFILE);
+ 
+-	if(!pubKey)
++	if(!pubKey[0])
+ 	{
+            fprintf(stderr,"Error: can't load public key");
+            exit(1);
+Index: crypto/openssl/demos/maurice/loadkeys.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/demos/maurice/loadkeys.c,v
+retrieving revision 1.1.1.1
+diff -u -r1.1.1.1 loadkeys.c
+--- crypto/openssl/demos/maurice/loadkeys.c	10 Jan 2000 06:21:55 -0000	1.1.1.1
++++ crypto/openssl/demos/maurice/loadkeys.c	31 Jul 2002 00:46:59 -0000
+@@ -33,7 +33,7 @@
+ 
+   x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
+                                    PEM_STRING_X509,
+-                                   fp, NULL, NULL);
++                                   fp, NULL, NULL, NULL);
+ 
+   if (x509 == NULL) 
+   {  
+@@ -64,7 +64,7 @@
+ 	pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
+                               PEM_STRING_EVP_PKEY,
+                               fp,
+-                              NULL, NULL);
++                              NULL, NULL, NULL);
+ 
+ 	fclose (fp);
+ 
+cvs diff: Diffing crypto/openssl/demos/pkcs12
+cvs diff: Diffing crypto/openssl/demos/prime
+cvs diff: Diffing crypto/openssl/demos/sign
+cvs diff: Diffing crypto/openssl/demos/ssl
+cvs diff: Diffing crypto/openssl/demos/state_machine
+cvs diff: Diffing crypto/openssl/dep
+Index: crypto/openssl/dep/crypto.txt
+===================================================================
+RCS file: crypto/openssl/dep/crypto.txt
+diff -N crypto/openssl/dep/crypto.txt
+--- crypto/openssl/dep/crypto.txt	10 Jan 2000 06:21:56 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,1043 +0,0 @@
+-ASN1_BIT_STRING_asn1_meth
+-ASN1_BIT_STRING_get_bit
+-ASN1_BIT_STRING_set_bit
+-ASN1_HEADER_free
+-ASN1_HEADER_new
+-ASN1_IA5STRING_asn1_meth
+-ASN1_INTEGER_get
+-ASN1_INTEGER_set
+-ASN1_INTEGER_to_BN
+-ASN1_OBJECT_create
+-ASN1_OBJECT_free
+-ASN1_OBJECT_new
+-ASN1_PRINTABLE_type
+-ASN1_STRING_cmp
+-ASN1_STRING_dup
+-ASN1_STRING_free
+-ASN1_STRING_new
+-ASN1_STRING_print
+-ASN1_STRING_set
+-ASN1_STRING_type_new
+-ASN1_TYPE_free
+-ASN1_TYPE_get
+-ASN1_TYPE_new
+-ASN1_TYPE_set
+-ASN1_UNIVERSALSTRING_to_string
+-ASN1_UTCTIME_check
+-ASN1_UTCTIME_print
+-ASN1_UTCTIME_set
+-ASN1_check_infinite_end
+-ASN1_d2i_bio
+-ASN1_d2i_fp
+-ASN1_digest
+-ASN1_dup
+-ASN1_get_object
+-ASN1_i2d_bio
+-ASN1_i2d_fp
+-ASN1_object_size
+-ASN1_parse
+-ASN1_put_object
+-ASN1_sign
+-ASN1_verify
+-BF_cbc_encrypt
+-BF_cfb64_encrypt
+-BF_decrypt
+-BF_ecb_encrypt
+-BF_encrypt
+-BF_ofb64_encrypt
+-BF_options
+-BF_set_key
+-BIO_ACCEPT_free
+-BIO_ACCEPT_new
+-BIO_CONNECT_free
+-BIO_CONNECT_new
+-BIO_accept
+-BIO_copy_next_retry
+-BIO_ctrl
+-BIO_ctrl_int
+-BIO_debug_callback
+-BIO_dump
+-BIO_dup_chain
+-BIO_f_base64
+-BIO_f_buffer
+-BIO_f_cipher
+-BIO_f_md
+-BIO_f_nbio_test
+-BIO_f_null
+-BIO_f_proxy_server
+-BIO_fd_non_fatal_error
+-BIO_fd_should_retry
+-BIO_find_type
+-BIO_free
+-BIO_free_all
+-BIO_get_accept_socket
+-BIO_get_ex_data
+-BIO_get_ex_new_index
+-BIO_get_filter_bio
+-BIO_get_host_ip
+-BIO_get_port
+-BIO_get_retry_BIO
+-BIO_get_retry_reason
+-BIO_gethostbyname
+-BIO_gets
+-BIO_ghbn_ctrl
+-BIO_new
+-BIO_new_accept
+-BIO_new_connect
+-BIO_new_fd
+-BIO_new_file
+-BIO_new_fp
+-BIO_new_socket
+-BIO_pop
+-BIO_printf
+-BIO_ptr_ctrl
+-BIO_push
+-BIO_puts
+-BIO_read
+-BIO_s_accept
+-BIO_s_connect
+-BIO_s_fd
+-BIO_s_file
+-BIO_s_mem
+-BIO_s_null
+-BIO_s_proxy_client
+-BIO_s_socket
+-BIO_set
+-BIO_set_cipher
+-BIO_set_ex_data
+-BIO_set_tcp_ndelay
+-BIO_sock_cleanup
+-BIO_sock_error
+-BIO_sock_init
+-BIO_sock_non_fatal_error
+-BIO_sock_should_retry
+-BIO_socket_ioctl
+-BIO_write
+-BN_BLINDING_convert
+-BN_BLINDING_free
+-BN_BLINDING_invert
+-BN_BLINDING_new
+-BN_BLINDING_update
+-BN_CTX_free
+-BN_CTX_new
+-BN_MONT_CTX_free
+-BN_MONT_CTX_new
+-BN_MONT_CTX_set
+-BN_add
+-BN_add_word
+-BN_bin2bn
+-BN_bn2bin
+-BN_bn2dec
+-BN_bn2hex
+-BN_bn2mpi
+-BN_clear
+-BN_clear_bit
+-BN_clear_free
+-BN_cmp
+-BN_copy
+-BN_dec2bn
+-BN_div
+-BN_div_word
+-BN_dup
+-BN_exp
+-BN_free
+-BN_from_montgomery
+-BN_gcd
+-BN_generate_prime
+-BN_get_word
+-BN_hex2bn
+-BN_is_bit_set
+-BN_is_prime
+-BN_lshift
+-BN_lshift1
+-BN_mask_bits
+-BN_mod
+-BN_mod_exp
+-BN_mod_exp_mont
+-BN_mod_exp_recp
+-BN_mod_exp_simple
+-BN_mod_inverse
+-BN_mod_mul
+-BN_mod_mul_montgomery
+-BN_mod_mul_reciprocal
+-BN_mod_word
+-BN_mpi2bn
+-BN_mul
+-BN_mul_word
+-BN_new
+-BN_num_bits
+-BN_num_bits_word
+-BN_options
+-BN_print
+-BN_print_fp
+-BN_rand
+-BN_reciprocal
+-BN_rshift
+-BN_rshift1
+-BN_set_bit
+-BN_set_word
+-BN_sqr
+-BN_sub
+-BN_sub_word
+-BN_to_ASN1_INTEGER
+-BN_ucmp
+-BN_value_one
+-BUF_MEM_free
+-BUF_MEM_grow
+-BUF_MEM_new
+-BUF_strdup
+-CAST_cbc_encrypt
+-CAST_cfb64_encrypt
+-CAST_decrypt
+-CAST_ecb_encrypt
+-CAST_encrypt
+-CAST_ofb64_encrypt
+-CAST_set_key
+-CONF_free
+-CONF_get_number
+-CONF_get_section
+-CONF_get_string
+-CONF_load
+-CRYPTO_add_lock
+-CRYPTO_dbg_free
+-CRYPTO_dbg_malloc
+-CRYPTO_dbg_realloc
+-CRYPTO_dbg_remalloc
+-CRYPTO_dup_ex_data
+-CRYPTO_free
+-CRYPTO_free_ex_data
+-CRYPTO_get_add_lock_callback
+-CRYPTO_get_ex_data
+-CRYPTO_get_ex_new_index
+-CRYPTO_get_id_callback
+-CRYPTO_get_lock_name
+-CRYPTO_get_locking_callback
+-CRYPTO_get_mem_functions
+-CRYPTO_get_new_lockid
+-CRYPTO_lock
+-CRYPTO_malloc
+-CRYPTO_mem_ctrl
+-CRYPTO_mem_leaks
+-CRYPTO_mem_leaks_cb
+-CRYPTO_mem_leaks_fp
+-CRYPTO_new_ex_data
+-CRYPTO_realloc
+-CRYPTO_remalloc
+-CRYPTO_set_add_lock_callback
+-CRYPTO_set_ex_data
+-CRYPTO_set_id_callback
+-CRYPTO_set_locking_callback
+-CRYPTO_set_mem_functions
+-CRYPTO_thread_id
+-DH_check
+-DH_compute_key
+-DH_free
+-DH_generate_key
+-DH_generate_parameters
+-DH_new
+-DH_size
+-DHparams_print
+-DHparams_print_fp
+-DSA_free
+-DSA_generate_key
+-DSA_generate_parameters
+-DSA_is_prime
+-DSA_new
+-DSA_print
+-DSA_print_fp
+-DSA_sign
+-DSA_sign_setup
+-DSA_size
+-DSA_verify
+-DSAparams_print
+-DSAparams_print_fp
+-ERR_clear_error
+-ERR_error_string
+-ERR_free_strings
+-ERR_func_error_string
+-ERR_get_err_state_table
+-ERR_get_error
+-ERR_get_error_line
+-ERR_get_next_error_library
+-ERR_get_state
+-ERR_get_string_table
+-ERR_lib_error_string
+-ERR_load_ASN1_strings
+-ERR_load_BIO_strings
+-ERR_load_BN_strings
+-ERR_load_BUF_strings
+-ERR_load_CONF_strings
+-ERR_load_CRYPTO_strings
+-ERR_load_DH_strings
+-ERR_load_DSA_strings
+-ERR_load_ERR_strings
+-ERR_load_EVP_strings
+-ERR_load_OBJ_strings
+-ERR_load_PEM_strings
+-ERR_load_PKCS7_strings
+-ERR_load_PROXY_strings
+-ERR_load_RSA_strings
+-ERR_load_X509_strings
+-ERR_load_crypto_strings
+-ERR_load_strings
+-ERR_peek_error
+-ERR_peek_error_line
+-ERR_print_errors
+-ERR_print_errors_fp
+-ERR_put_error
+-ERR_reason_error_string
+-ERR_remove_state
+-EVP_BytesToKey
+-EVP_CIPHER_CTX_cleanup
+-EVP_CIPHER_CTX_init
+-EVP_CipherFinal
+-EVP_CipherInit
+-EVP_CipherUpdate
+-EVP_DecodeBlock
+-EVP_DecodeFinal
+-EVP_DecodeInit
+-EVP_DecodeUpdate
+-EVP_DecryptFinal
+-EVP_DecryptInit
+-EVP_DecryptUpdate
+-EVP_DigestFinal
+-EVP_DigestInit
+-EVP_DigestUpdate
+-EVP_EncodeBlock
+-EVP_EncodeFinal
+-EVP_EncodeInit
+-EVP_EncodeUpdate
+-EVP_EncryptFinal
+-EVP_EncryptInit
+-EVP_EncryptUpdate
+-EVP_OpenFinal
+-EVP_OpenInit
+-EVP_PKEY_assign
+-EVP_PKEY_bits
+-EVP_PKEY_cmp_parameters
+-EVP_PKEY_copy_parameters
+-EVP_PKEY_free
+-EVP_PKEY_missing_parameters
+-EVP_PKEY_new
+-EVP_PKEY_save_parameters
+-EVP_PKEY_size
+-EVP_PKEY_type
+-EVP_SealFinal
+-EVP_SealInit
+-EVP_SignFinal
+-EVP_VerifyFinal
+-EVP_add_alias
+-EVP_add_cipher
+-EVP_add_digest
+-EVP_bf_cbc
+-EVP_bf_cfb
+-EVP_bf_ecb
+-EVP_bf_ofb
+-EVP_cast5_cbc
+-EVP_cast5_cfb
+-EVP_cast5_ecb
+-EVP_cast5_ofb
+-EVP_cleanup
+-EVP_delete_alias
+-EVP_des_cbc
+-EVP_des_cfb
+-EVP_des_ecb
+-EVP_des_ede
+-EVP_des_ede3
+-EVP_des_ede3_cbc
+-EVP_des_ede3_cfb
+-EVP_des_ede3_ofb
+-EVP_des_ede_cbc
+-EVP_des_ede_cfb
+-EVP_des_ede_ofb
+-EVP_des_ofb
+-EVP_desx_cbc
+-EVP_dss
+-EVP_dss1
+-EVP_enc_null
+-EVP_get_cipherbyname
+-EVP_get_digestbyname
+-EVP_get_pw_prompt
+-EVP_idea_cbc
+-EVP_idea_cfb
+-EVP_idea_ecb
+-EVP_idea_ofb
+-EVP_md2
+-EVP_md5
+-EVP_md_null
+-EVP_mdc2
+-EVP_rc2_40_cbc
+-EVP_rc2_cbc
+-EVP_rc2_cfb
+-EVP_rc2_ecb
+-EVP_rc2_ofb
+-EVP_rc4
+-EVP_rc4_40
+-EVP_read_pw_string
+-EVP_set_pw_prompt
+-EVP_sha
+-EVP_sha1
+-HMAC
+-HMAC_Final
+-HMAC_Init
+-HMAC_Update
+-HMAC_cleanup
+-MD2
+-MD2_Final
+-MD2_Init
+-MD2_Update
+-MD2_options
+-MD5
+-MD5_Final
+-MD5_Init
+-MD5_Transform
+-MD5_Update
+-MDC2
+-MDC2_Final
+-MDC2_Init
+-MDC2_Update
+-NETSCAPE_SPKAC_free
+-NETSCAPE_SPKAC_new
+-NETSCAPE_SPKI_free
+-NETSCAPE_SPKI_new
+-NETSCAPE_SPKI_sign
+-NETSCAPE_SPKI_verify
+-OBJ_add_object
+-OBJ_bsearch
+-OBJ_cleanup
+-OBJ_cmp
+-OBJ_create
+-OBJ_create_objects
+-OBJ_dup
+-OBJ_ln2nid
+-OBJ_new_nid
+-OBJ_nid2ln
+-OBJ_nid2obj
+-OBJ_nid2sn
+-OBJ_obj2nid
+-OBJ_sn2nid
+-OBJ_txt2nid
+-PEM_ASN1_read
+-PEM_ASN1_read_bio
+-PEM_ASN1_write
+-PEM_ASN1_write_bio
+-PEM_SealFinal
+-PEM_SealInit
+-PEM_SealUpdate
+-PEM_SignFinal
+-PEM_SignInit
+-PEM_SignUpdate
+-PEM_X509_INFO_read
+-PEM_X509_INFO_read_bio
+-PEM_X509_INFO_write_bio
+-PEM_dek_info
+-PEM_do_header
+-PEM_get_EVP_CIPHER_INFO
+-PEM_proc_type
+-PEM_read
+-PEM_read_DHparams
+-PEM_read_DSAPrivateKey
+-PEM_read_DSAparams
+-PEM_read_PKCS7
+-PEM_read_PrivateKey
+-PEM_read_RSAPrivateKey
+-PEM_read_RSAPublicKey
+-PEM_read_X509
+-PEM_read_X509_CRL
+-PEM_read_X509_REQ
+-PEM_read_bio
+-PEM_read_bio_DHparams
+-PEM_read_bio_DSAPrivateKey
+-PEM_read_bio_DSAparams
+-PEM_read_bio_PKCS7
+-PEM_read_bio_PrivateKey
+-PEM_read_bio_RSAPrivateKey
+-PEM_read_bio_RSAPublicKey
+-PEM_read_bio_X509
+-PEM_read_bio_X509_CRL
+-PEM_read_bio_X509_REQ
+-PEM_write
+-PEM_write_DHparams
+-PEM_write_DSAPrivateKey
+-PEM_write_DSAparams
+-PEM_write_PKCS7
+-PEM_write_PrivateKey
+-PEM_write_RSAPrivateKey
+-PEM_write_RSAPublicKey
+-PEM_write_X509
+-PEM_write_X509_CRL
+-PEM_write_X509_REQ
+-PEM_write_bio
+-PEM_write_bio_DHparams
+-PEM_write_bio_DSAPrivateKey
+-PEM_write_bio_DSAparams
+-PEM_write_bio_PKCS7
+-PEM_write_bio_PrivateKey
+-PEM_write_bio_RSAPrivateKey
+-PEM_write_bio_RSAPublicKey
+-PEM_write_bio_X509
+-PEM_write_bio_X509_CRL
+-PEM_write_bio_X509_REQ
+-PKCS7_DIGEST_free
+-PKCS7_DIGEST_new
+-PKCS7_ENCRYPT_free
+-PKCS7_ENCRYPT_new
+-PKCS7_ENC_CONTENT_free
+-PKCS7_ENC_CONTENT_new
+-PKCS7_ENVELOPE_free
+-PKCS7_ENVELOPE_new
+-PKCS7_ISSUER_AND_SERIAL_digest
+-PKCS7_ISSUER_AND_SERIAL_free
+-PKCS7_ISSUER_AND_SERIAL_new
+-PKCS7_RECIP_INFO_free
+-PKCS7_RECIP_INFO_new
+-PKCS7_SIGNED_free
+-PKCS7_SIGNED_new
+-PKCS7_SIGNER_INFO_free
+-PKCS7_SIGNER_INFO_new
+-PKCS7_SIGNER_INFO_set
+-PKCS7_SIGN_ENVELOPE_free
+-PKCS7_SIGN_ENVELOPE_new
+-PKCS7_add_certificate
+-PKCS7_add_crl
+-PKCS7_add_signature
+-PKCS7_add_signer
+-PKCS7_cert_from_signer_info
+-PKCS7_content_free
+-PKCS7_content_new
+-PKCS7_ctrl
+-PKCS7_dataInit
+-PKCS7_dataSign
+-PKCS7_dataVerify
+-PKCS7_dup
+-PKCS7_free
+-PKCS7_get_signer_info
+-PKCS7_new
+-PKCS7_set_content
+-PKCS7_set_type
+-PROXY_ENTRY_add_noproxy
+-PROXY_ENTRY_clear_noproxy
+-PROXY_ENTRY_free
+-PROXY_ENTRY_get_noproxy
+-PROXY_ENTRY_new
+-PROXY_ENTRY_set_server
+-PROXY_add_noproxy
+-PROXY_add_server
+-PROXY_check_by_host
+-PROXY_check_url
+-PROXY_clear_noproxy
+-PROXY_free
+-PROXY_get_noproxy
+-PROXY_get_proxies
+-PROXY_get_proxy_entry
+-PROXY_load_conf
+-PROXY_new
+-PROXY_print
+-RAND_bytes
+-RAND_cleanup
+-RAND_file_name
+-RAND_load_file
+-RAND_seed
+-RAND_write_file
+-RC2_cbc_encrypt
+-RC2_cfb64_encrypt
+-RC2_decrypt
+-RC2_ecb_encrypt
+-RC2_encrypt
+-RC2_ofb64_encrypt
+-RC2_set_key
+-RC4
+-RC4_options
+-RC4_set_key
+-RC5_32_cbc_encrypt
+-RC5_32_cfb64_encrypt
+-RC5_32_decrypt
+-RC5_32_ecb_encrypt
+-RC5_32_encrypt
+-RC5_32_ofb64_encrypt
+-RC5_32_set_key
+-RIPEMD160
+-RIPEMD160_Final
+-RIPEMD160_Init
+-RIPEMD160_Transform
+-RIPEMD160_Update
+-RSAPrivateKey_asn1_meth
+-RSAPrivateKey_dup
+-RSAPublicKey_dup
+-RSA_PKCS1_SSLeay
+-RSA_blinding_off
+-RSA_blinding_on
+-RSA_flags
+-RSA_free
+-RSA_generate_key
+-RSA_get_ex_data
+-RSA_get_ex_new_index
+-RSA_new
+-RSA_new_method
+-RSA_padding_add_PKCS1_type_1
+-RSA_padding_add_PKCS1_type_2
+-RSA_padding_add_SSLv23
+-RSA_padding_add_none
+-RSA_padding_check_PKCS1_type_1
+-RSA_padding_check_PKCS1_type_2
+-RSA_padding_check_SSLv23
+-RSA_padding_check_none
+-RSA_print
+-RSA_print_fp
+-RSA_private_decrypt
+-RSA_private_encrypt
+-RSA_public_decrypt
+-RSA_public_encrypt
+-RSA_set_default_method
+-RSA_set_ex_data
+-RSA_sign
+-RSA_sign_ASN1_OCTET_STRING
+-RSA_size
+-RSA_verify
+-RSA_verify_ASN1_OCTET_STRING
+-SHA
+-SHA1
+-SHA1_Final
+-SHA1_Init
+-SHA1_Transform
+-SHA1_Update
+-SHA_Final
+-SHA_Init
+-SHA_Transform
+-SHA_Update
+-SSLeay
+-SSLeay_add_all_algorithms
+-SSLeay_add_all_ciphers
+-SSLeay_add_all_digests
+-SSLeay_version
+-TXT_DB_create_index
+-TXT_DB_free
+-TXT_DB_get_by_index
+-TXT_DB_insert
+-TXT_DB_read
+-TXT_DB_write
+-X509_ALGOR_free
+-X509_ALGOR_new
+-X509_ATTRIBUTE_free
+-X509_ATTRIBUTE_new
+-X509_CINF_free
+-X509_CINF_new
+-X509_CRL_INFO_free
+-X509_CRL_INFO_new
+-X509_CRL_add_ext
+-X509_CRL_cmp
+-X509_CRL_delete_ext
+-X509_CRL_dup
+-X509_CRL_free
+-X509_CRL_get_ext
+-X509_CRL_get_ext_by_NID
+-X509_CRL_get_ext_by_OBJ
+-X509_CRL_get_ext_by_critical
+-X509_CRL_get_ext_count
+-X509_CRL_new
+-X509_CRL_sign
+-X509_CRL_verify
+-X509_EXTENSION_create_by_NID
+-X509_EXTENSION_create_by_OBJ
+-X509_EXTENSION_dup
+-X509_EXTENSION_free
+-X509_EXTENSION_get_critical
+-X509_EXTENSION_get_data
+-X509_EXTENSION_get_object
+-X509_EXTENSION_new
+-X509_EXTENSION_set_critical
+-X509_EXTENSION_set_data
+-X509_EXTENSION_set_object
+-X509_INFO_free
+-X509_INFO_new
+-X509_LOOKUP_by_alias
+-X509_LOOKUP_by_fingerprint
+-X509_LOOKUP_by_issuer_serial
+-X509_LOOKUP_by_subject
+-X509_LOOKUP_ctrl
+-X509_LOOKUP_file
+-X509_LOOKUP_free
+-X509_LOOKUP_hash_dir
+-X509_LOOKUP_init
+-X509_LOOKUP_new
+-X509_LOOKUP_shutdown
+-X509_NAME_ENTRY_create_by_NID
+-X509_NAME_ENTRY_create_by_OBJ
+-X509_NAME_ENTRY_dup
+-X509_NAME_ENTRY_free
+-X509_NAME_ENTRY_get_data
+-X509_NAME_ENTRY_get_object
+-X509_NAME_ENTRY_new
+-X509_NAME_ENTRY_set_data
+-X509_NAME_ENTRY_set_object
+-X509_NAME_add_entry
+-X509_NAME_cmp
+-X509_NAME_delete_entry
+-X509_NAME_digest
+-X509_NAME_dup
+-X509_NAME_entry_count
+-X509_NAME_free
+-X509_NAME_get_entry
+-X509_NAME_get_index_by_NID
+-X509_NAME_get_index_by_OBJ
+-X509_NAME_get_text_by_NID
+-X509_NAME_get_text_by_OBJ
+-X509_NAME_hash
+-X509_NAME_new
+-X509_NAME_oneline
+-X509_NAME_print
+-X509_NAME_set
+-X509_OBJECT_free_contents
+-X509_OBJECT_retrive_by_subject
+-X509_OBJECT_up_ref_count
+-X509_PKEY_free
+-X509_PKEY_new
+-X509_PUBKEY_free
+-X509_PUBKEY_get
+-X509_PUBKEY_new
+-X509_PUBKEY_set
+-X509_REQ_INFO_free
+-X509_REQ_INFO_new
+-X509_REQ_dup
+-X509_REQ_free
+-X509_REQ_get_pubkey
+-X509_REQ_new
+-X509_REQ_print
+-X509_REQ_print_fp
+-X509_REQ_set_pubkey
+-X509_REQ_set_subject_name
+-X509_REQ_set_version
+-X509_REQ_sign
+-X509_REQ_to_X509
+-X509_REQ_verify
+-X509_REVOKED_add_ext
+-X509_REVOKED_delete_ext
+-X509_REVOKED_free
+-X509_REVOKED_get_ext
+-X509_REVOKED_get_ext_by_NID
+-X509_REVOKED_get_ext_by_OBJ
+-X509_REVOKED_get_ext_by_critical
+-X509_REVOKED_get_ext_count
+-X509_REVOKED_new
+-X509_SIG_free
+-X509_SIG_new
+-X509_STORE_CTX_cleanup
+-X509_STORE_CTX_get_chain
+-X509_STORE_CTX_get_current_cert
+-X509_STORE_CTX_get_error
+-X509_STORE_CTX_get_error_depth
+-X509_STORE_CTX_get_ex_data
+-X509_STORE_CTX_get_ex_new_index
+-X509_STORE_CTX_init
+-X509_STORE_CTX_set_cert
+-X509_STORE_CTX_set_chain
+-X509_STORE_CTX_set_error
+-X509_STORE_CTX_set_ex_data
+-X509_STORE_add_cert
+-X509_STORE_add_crl
+-X509_STORE_add_lookup
+-X509_STORE_free
+-X509_STORE_get_by_subject
+-X509_STORE_load_locations
+-X509_STORE_new
+-X509_STORE_set_default_paths
+-X509_VAL_free
+-X509_VAL_new
+-X509_add_ext
+-X509_asn1_meth
+-X509_certificate_type
+-X509_check_private_key
+-X509_cmp_current_time
+-X509_delete_ext
+-X509_digest
+-X509_dup
+-X509_find_by_issuer_and_serial
+-X509_find_by_subject
+-X509_free
+-X509_get_default_cert_area
+-X509_get_default_cert_dir
+-X509_get_default_cert_dir_env
+-X509_get_default_cert_file
+-X509_get_default_cert_file_env
+-X509_get_default_private_dir
+-X509_get_ext
+-X509_get_ext_by_NID
+-X509_get_ext_by_OBJ
+-X509_get_ext_by_critical
+-X509_get_ext_count
+-X509_get_issuer_name
+-X509_get_pubkey
+-X509_get_pubkey_parameters
+-X509_get_serialNumber
+-X509_get_subject_name
+-X509_gmtime_adj
+-X509_issuer_and_serial_cmp
+-X509_issuer_and_serial_hash
+-X509_issuer_name_cmp
+-X509_issuer_name_hash
+-X509_load_cert_file
+-X509_load_crl_file
+-X509_new
+-X509_print
+-X509_print_fp
+-X509_set_issuer_name
+-X509_set_notAfter
+-X509_set_notBefore
+-X509_set_pubkey
+-X509_set_serialNumber
+-X509_set_subject_name
+-X509_set_version
+-X509_sign
+-X509_subject_name_cmp
+-X509_subject_name_hash
+-X509_to_X509_REQ
+-X509_verify
+-X509_verify_cert
+-X509_verify_cert_error_string
+-X509v3_add_ext
+-X509v3_add_extension
+-X509v3_add_netscape_extensions
+-X509v3_add_standard_extensions
+-X509v3_cleanup_extensions
+-X509v3_data_type_by_NID
+-X509v3_data_type_by_OBJ
+-X509v3_delete_ext
+-X509v3_get_ext
+-X509v3_get_ext_by_NID
+-X509v3_get_ext_by_OBJ
+-X509v3_get_ext_by_critical
+-X509v3_get_ext_count
+-X509v3_get_key_usage
+-X509v3_pack_string
+-X509v3_pack_type_by_NID
+-X509v3_pack_type_by_OBJ
+-X509v3_set_key_usage
+-X509v3_unpack_string
+-_des_crypt
+-a2d_ASN1_OBJECT
+-a2i_ASN1_INTEGER
+-a2i_ASN1_STRING
+-a2i_X509v3_key_usage
+-asn1_Finish
+-asn1_GetSequence
+-bn_add_words
+-bn_div64
+-bn_expand2
+-bn_mul_add_words
+-bn_mul_words
+-bn_qadd
+-bn_qsub
+-bn_sqr_words
+-crypt
+-d2i_ASN1_BIT_STRING
+-d2i_ASN1_BOOLEAN
+-d2i_ASN1_HEADER
+-d2i_ASN1_IA5STRING
+-d2i_ASN1_INTEGER
+-d2i_ASN1_OBJECT
+-d2i_ASN1_OCTET_STRING
+-d2i_ASN1_PRINTABLE
+-d2i_ASN1_PRINTABLESTRING
+-d2i_ASN1_SET
+-d2i_ASN1_T61STRING
+-d2i_ASN1_TYPE
+-d2i_ASN1_UTCTIME
+-d2i_ASN1_bytes
+-d2i_ASN1_type_bytes
+-d2i_DHparams
+-d2i_DSAPrivateKey
+-d2i_DSAPrivateKey_bio
+-d2i_DSAPrivateKey_fp
+-d2i_DSAPublicKey
+-d2i_DSAparams
+-d2i_NETSCAPE_SPKAC
+-d2i_NETSCAPE_SPKI
+-d2i_Netscape_RSA
+-d2i_Netscape_RSA_2
+-d2i_PKCS7
+-d2i_PKCS7_DIGEST
+-d2i_PKCS7_ENCRYPT
+-d2i_PKCS7_ENC_CONTENT
+-d2i_PKCS7_ENVELOPE
+-d2i_PKCS7_ISSUER_AND_SERIAL
+-d2i_PKCS7_RECIP_INFO
+-d2i_PKCS7_SIGNED
+-d2i_PKCS7_SIGNER_INFO
+-d2i_PKCS7_SIGN_ENVELOPE
+-d2i_PKCS7_bio
+-d2i_PKCS7_fp
+-d2i_PrivateKey
+-d2i_PublicKey
+-d2i_RSAPrivateKey
+-d2i_RSAPrivateKey_bio
+-d2i_RSAPrivateKey_fp
+-d2i_RSAPublicKey
+-d2i_RSAPublicKey_bio
+-d2i_RSAPublicKey_fp
+-d2i_X509
+-d2i_X509_ALGOR
+-d2i_X509_ATTRIBUTE
+-d2i_X509_CINF
+-d2i_X509_CRL
+-d2i_X509_CRL_INFO
+-d2i_X509_CRL_bio
+-d2i_X509_CRL_fp
+-d2i_X509_EXTENSION
+-d2i_X509_NAME
+-d2i_X509_NAME_ENTRY
+-d2i_X509_PKEY
+-d2i_X509_PUBKEY
+-d2i_X509_REQ
+-d2i_X509_REQ_INFO
+-d2i_X509_REQ_bio
+-d2i_X509_REQ_fp
+-d2i_X509_REVOKED
+-d2i_X509_SIG
+-d2i_X509_VAL
+-d2i_X509_bio
+-d2i_X509_fp
+-des_cbc_cksum
+-des_cbc_encrypt
+-des_cblock_print_file
+-des_cfb64_encrypt
+-des_cfb_encrypt
+-des_decrypt3
+-des_ecb3_encrypt
+-des_ecb_encrypt
+-des_ede3_cbc_encrypt
+-des_ede3_cfb64_encrypt
+-des_ede3_ofb64_encrypt
+-des_enc_read
+-des_enc_write
+-des_encrypt
+-des_encrypt2
+-des_encrypt3
+-des_fcrypt
+-des_is_weak_key
+-des_key_sched
+-des_ncbc_encrypt
+-des_ofb64_encrypt
+-des_ofb_encrypt
+-des_options
+-des_pcbc_encrypt
+-des_quad_cksum
+-des_random_key
+-des_random_seed
+-des_read_2passwords
+-des_read_password
+-des_read_pw
+-des_read_pw_string
+-des_set_key
+-des_set_odd_parity
+-des_string_to_2keys
+-des_string_to_key
+-des_xcbc_encrypt
+-des_xwhite_in2out
+-fcrypt_body
+-i2a_ASN1_INTEGER
+-i2a_ASN1_OBJECT
+-i2a_ASN1_STRING
+-i2a_X509v3_key_usage
+-i2d_ASN1_BIT_STRING
+-i2d_ASN1_BOOLEAN
+-i2d_ASN1_HEADER
+-i2d_ASN1_IA5STRING
+-i2d_ASN1_INTEGER
+-i2d_ASN1_OBJECT
+-i2d_ASN1_OCTET_STRING
+-i2d_ASN1_PRINTABLE
+-i2d_ASN1_SET
+-i2d_ASN1_TYPE
+-i2d_ASN1_UTCTIME
+-i2d_ASN1_bytes
+-i2d_DHparams
+-i2d_DSAPrivateKey
+-i2d_DSAPrivateKey_bio
+-i2d_DSAPrivateKey_fp
+-i2d_DSAPublicKey
+-i2d_DSAparams
+-i2d_NETSCAPE_SPKAC
+-i2d_NETSCAPE_SPKI
+-i2d_Netscape_RSA
+-i2d_PKCS7
+-i2d_PKCS7_DIGEST
+-i2d_PKCS7_ENCRYPT
+-i2d_PKCS7_ENC_CONTENT
+-i2d_PKCS7_ENVELOPE
+-i2d_PKCS7_ISSUER_AND_SERIAL
+-i2d_PKCS7_RECIP_INFO
+-i2d_PKCS7_SIGNED
+-i2d_PKCS7_SIGNER_INFO
+-i2d_PKCS7_SIGN_ENVELOPE
+-i2d_PKCS7_bio
+-i2d_PKCS7_fp
+-i2d_PrivateKey
+-i2d_PublicKey
+-i2d_RSAPrivateKey
+-i2d_RSAPrivateKey_bio
+-i2d_RSAPrivateKey_fp
+-i2d_RSAPublicKey
+-i2d_RSAPublicKey_bio
+-i2d_RSAPublicKey_fp
+-i2d_X509
+-i2d_X509_ALGOR
+-i2d_X509_ATTRIBUTE
+-i2d_X509_CINF
+-i2d_X509_CRL
+-i2d_X509_CRL_INFO
+-i2d_X509_CRL_bio
+-i2d_X509_CRL_fp
+-i2d_X509_EXTENSION
+-i2d_X509_NAME
+-i2d_X509_NAME_ENTRY
+-i2d_X509_PKEY
+-i2d_X509_PUBKEY
+-i2d_X509_REQ
+-i2d_X509_REQ_INFO
+-i2d_X509_REQ_bio
+-i2d_X509_REQ_fp
+-i2d_X509_REVOKED
+-i2d_X509_SIG
+-i2d_X509_VAL
+-i2d_X509_bio
+-i2d_X509_fp
+-i2t_ASN1_OBJECT
+-idea_cbc_encrypt
+-idea_cfb64_encrypt
+-idea_ecb_encrypt
+-idea_encrypt
+-idea_ofb64_encrypt
+-idea_options
+-idea_set_decrypt_key
+-idea_set_encrypt_key
+-lh_delete
+-lh_doall
+-lh_doall_arg
+-lh_free
+-lh_insert
+-lh_new
+-lh_node_stats
+-lh_node_stats_bio
+-lh_node_usage_stats
+-lh_node_usage_stats_bio
+-lh_retrieve
+-lh_stats
+-lh_stats_bio
+-lh_strhash
+-ripemd160_block
+-sha1_block
+-sha_block
+-sk_delete
+-sk_delete_ptr
+-sk_dup
+-sk_find
+-sk_free
+-sk_insert
+-sk_new
+-sk_pop
+-sk_pop_free
+-sk_push
+-sk_set_cmp_func
+-sk_shift
+-sk_unshift
+-sk_zero
+Index: crypto/openssl/dep/files
+===================================================================
+RCS file: crypto/openssl/dep/files
+diff -N crypto/openssl/dep/files
+--- crypto/openssl/dep/files	10 Jan 2000 06:21:56 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,566 +0,0 @@
+-./e_os.h
+-
+-./crypto/cryptall.h		CRYPTO
+-./crypto/cryptlib.h		CRYPTO
+-./crypto/crypto.c		CRYPTO
+-./crypto/cversion.c		CRYPTO
+-./crypto/date.h			CRYPTO
+-./crypto/mem.c			CRYPTO
+-./crypto/cpt_err.c		CRYPTO
+-./crypto/ex_data.c		CRYPTO
+-./crypto/crypto.h		CRYPTO
+-./crypto/cryptlib.c		CRYPTO
+-./crypto/tmdiff.c		CRYPTO
+-
+-./crypto/asn1/asn1.h		ASN1
+-./crypto/asn1/asn1_mac.h	ASN1
+-./crypto/asn1/asn1_err.c	ASN1
+-./crypto/asn1/asn1_lib.c	ASN1
+-./crypto/asn1/asn1_par.c	ASN1
+-./crypto/asn1/a_bitstr.c	ASN1
+-./crypto/asn1/a_bmp.c		ASN1
+-./crypto/asn1/a_bool.c		ASN1
+-./crypto/asn1/a_bytes.c		ASN1
+-./crypto/asn1/a_d2i_fp.c	ASN1
+-./crypto/asn1/a_digest.c	ASN1
+-./crypto/asn1/a_dup.c		ASN1
+-./crypto/asn1/a_hdr.c		ASN1
+-./crypto/asn1/a_i2d_fp.c	ASN1
+-./crypto/asn1/a_int.c		ASN1
+-./crypto/asn1/a_meth.c		ASN1
+-./crypto/asn1/a_object.c	ASN1
+-./crypto/asn1/a_octet.c		ASN1
+-./crypto/asn1/a_print.c		ASN1
+-./crypto/asn1/a_set.c		ASN1
+-./crypto/asn1/a_sign.c		ASN1
+-./crypto/asn1/a_type.c		ASN1
+-./crypto/asn1/a_utctm.c		ASN1
+-./crypto/asn1/a_verify.c	ASN1
+-./crypto/asn1/d2i_dhp.c		ASN1
+-./crypto/asn1/d2i_dsap.c	ASN1
+-./crypto/asn1/d2i_pr.c		ASN1
+-./crypto/asn1/d2i_pu.c		ASN1
+-./crypto/asn1/d2i_r_pr.c	ASN1
+-./crypto/asn1/d2i_r_pu.c	ASN1
+-./crypto/asn1/d2i_s_pr.c	ASN1
+-./crypto/asn1/d2i_s_pu.c	ASN1
+-./crypto/asn1/f_int.c		ASN1
+-./crypto/asn1/f_string.c	ASN1
+-./crypto/asn1/i2d_dhp.c		ASN1
+-./crypto/asn1/i2d_dsap.c	ASN1
+-./crypto/asn1/i2d_pr.c		ASN1
+-./crypto/asn1/i2d_pu.c		ASN1
+-./crypto/asn1/i2d_r_pr.c	ASN1
+-./crypto/asn1/i2d_r_pu.c	ASN1
+-./crypto/asn1/i2d_s_pr.c	ASN1
+-./crypto/asn1/i2d_s_pu.c	ASN1
+-./crypto/asn1/n_pkey.c		ASN1
+-./crypto/asn1/p7_dgst.c		ASN1
+-./crypto/asn1/p7_enc.c		ASN1
+-./crypto/asn1/p7_enc_c.c	ASN1
+-./crypto/asn1/p7_evp.c		ASN1
+-./crypto/asn1/p7_i_s.c		ASN1
+-./crypto/asn1/p7_lib.c		ASN1
+-./crypto/asn1/p7_recip.c	ASN1
+-./crypto/asn1/p7_signd.c	ASN1
+-./crypto/asn1/p7_signi.c	ASN1
+-./crypto/asn1/p7_s_e.c		ASN1
+-./crypto/asn1/pk.c		ASN1
+-./crypto/asn1/pkcs8.c		ASN1
+-./crypto/asn1/t_pkey.c		ASN1
+-./crypto/asn1/t_req.c		ASN1
+-./crypto/asn1/t_x509.c		ASN1
+-./crypto/asn1/x_algor.c		ASN1
+-./crypto/asn1/x_attrib.c	ASN1
+-./crypto/asn1/x_cinf.c		ASN1
+-./crypto/asn1/x_crl.c		ASN1
+-./crypto/asn1/x_exten.c		ASN1
+-./crypto/asn1/x_info.c		ASN1
+-./crypto/asn1/x_name.c		ASN1
+-./crypto/asn1/x_pkey.c		ASN1
+-./crypto/asn1/x_pubkey.c	ASN1
+-./crypto/asn1/x_req.c		ASN1
+-./crypto/asn1/x_sig.c		ASN1
+-./crypto/asn1/x_spki.c		ASN1
+-./crypto/asn1/x_val.c		ASN1
+-./crypto/asn1/x_x509.c		ASN1
+-
+-./crypto/bf/blowfish.h		BF
+-./crypto/bf/bf_pi.h		BF
+-./crypto/bf/bf_locl.h		BF
+-./crypto/bf/bfspeed.c		BF
+-./crypto/bf/bftest.c		BF
+-./crypto/bf/bf_cbc.c		BF
+-./crypto/bf/bf_cfb64.c		BF
+-./crypto/bf/bf_ecb.c		BF
+-./crypto/bf/bf_enc.c		BF
+-./crypto/bf/bf_ofb64.c		BF
+-./crypto/bf/bf_opts.c		BF
+-./crypto/bf/bf_skey.c		BF
+-
+-./crypto/bio/bio.h		BIO
+-./crypto/bio/bf_buff.c		BIO
+-./crypto/bio/bf_nbio.c		BIO
+-./crypto/bio/bf_null.c		BIO
+-./crypto/bio/bio_cb.c		BIO
+-./crypto/bio/bio_err.c		BIO
+-./crypto/bio/bio_lib.c		BIO
+-./crypto/bio/bss_acpt.c		BIO
+-./crypto/bio/bss_conn.c		BIO
+-./crypto/bio/bss_fd.c		BIO
+-./crypto/bio/bss_file.c		BIO
+-./crypto/bio/bss_mem.c		BIO
+-./crypto/bio/bss_null.c		BIO
+-./crypto/bio/bss_rtcp.c		BIO
+-./crypto/bio/bss_sock.c		BIO
+-./crypto/bio/b_dump.c		BIO
+-./crypto/bio/b_print.c		BIO
+-./crypto/bio/b_sock.c		BIO
+-
+-./crypto/bn/bn.h		BN
+-./crypto/bn/bn_lcl.h		BN
+-./crypto/bn/bn_prime.h		BN
+-./crypto/bn/bnspeed.c		BN
+-./crypto/bn/bntest.c		BN
+-./crypto/bn/bn_add.c		BN
+-./crypto/bn/bn_bld.c		BN
+-./crypto/bn/bn_blind.c		BN
+-./crypto/bn/bn_div.c		BN
+-./crypto/bn/bn_err.c		BN
+-./crypto/bn/bn_exp.c		BN
+-./crypto/bn/bn_gcd.c		BN
+-./crypto/bn/bn_lib.c		BN
+-./crypto/bn/bn_mod.c		BN
+-./crypto/bn/bn_mont.c		BN
+-./crypto/bn/bn_mul.c		BN
+-./crypto/bn/bn_mulw.c		BN
+-./crypto/bn/bn_prime.c		BN
+-./crypto/bn/bn_print.c		BN
+-./crypto/bn/bn_rand.c		BN
+-./crypto/bn/bn_recp.c		BN
+-./crypto/bn/bn_shift.c		BN
+-./crypto/bn/bn_sqr.c		BN
+-./crypto/bn/bn_sub.c		BN
+-./crypto/bn/bn_word.c		BN
+-./crypto/bn/bn_m.c		BN
+-./crypto/bn/m.c			BN
+-./crypto/bn/expspeed.c		BN
+-./crypto/bn/bn_mpi.c		BN
+-./crypto/bn/exptest.c		BN
+-
+-./crypto/buffer/buffer.c	BUFF
+-./crypto/buffer/buffer.h	BUFF
+-./crypto/buffer/buf_err.c	BUFF
+-
+-./crypto/cast/cast.h		CAST
+-./crypto/cast/castopts.c	CAST
+-./crypto/cast/casttest.c	CAST
+-./crypto/cast/cast_lcl.h	CAST
+-./crypto/cast/cast_s.h		CAST
+-./crypto/cast/cast_spd.c	CAST
+-./crypto/cast/c_cfb64.c		CAST
+-./crypto/cast/c_ecb.c		CAST
+-./crypto/cast/c_enc.c		CAST
+-./crypto/cast/c_ofb64.c		CAST
+-./crypto/cast/c_skey.c		CAST
+-
+-./crypto/conf/conf_lcl.h	CONF
+-./crypto/conf/cnf_save.c	CONF
+-./crypto/conf/conf.c		CONF
+-./crypto/conf/conf.h		CONF
+-./crypto/conf/conf_err.c	CONF
+-
+-./crypto/des/des.h		DES
+-./crypto/des/des_locl.h		DES
+-./crypto/des/spr.h		DES
+-./crypto/des/podd.h		DES
+-./crypto/des/sk.h		DES
+-./crypto/des/cbc3_enc.c		DES
+-./crypto/des/cbc_cksm.c		DES
+-./crypto/des/cbc_enc.c		DES
+-./crypto/des/cfb64ede.c		DES
+-./crypto/des/cfb64enc.c		DES
+-./crypto/des/cfb_enc.c		DES
+-./crypto/des/des.c		DES
+-./crypto/des/destest.c		DES
+-./crypto/des/des_enc.c		DES
+-./crypto/des/des_opts.c		DES
+-./crypto/des/des_ver.h		DES
+-./crypto/des/ecb3_enc.c		DES
+-./crypto/des/ecb_enc.c		DES
+-./crypto/des/ede_enc.c		DES
+-./crypto/des/enc_read.c		DES
+-./crypto/des/enc_writ.c		DES
+-./crypto/des/fcrypt.c		DES
+-./crypto/des/fcrypt_b.c		DES
+-./crypto/des/ncbc_enc.c		DES
+-./crypto/des/ofb64ede.c		DES
+-./crypto/des/ofb64enc.c		DES
+-./crypto/des/ofb_enc.c		DES
+-./crypto/des/pcbc_enc.c		DES
+-./crypto/des/qud_cksm.c		DES
+-./crypto/des/rand_key.c		DES
+-./crypto/des/read2pwd.c		DES
+-./crypto/des/read_pwd.c		DES
+-./crypto/des/rpc_des.h		DES
+-./crypto/des/rpc_enc.c		DES
+-./crypto/des/rpw.c		DES
+-./crypto/des/set_key.c		DES
+-./crypto/des/str2key.c		DES
+-./crypto/des/supp.c		DES
+-./crypto/des/xcbc_enc.c		DES
+-
+-./crypto/dh/dh.h		DH
+-./crypto/dh/dh_check.c		DH
+-./crypto/dh/dh_err.c		DH
+-./crypto/dh/dh_gen.c		DH
+-./crypto/dh/dh_key.c		DH
+-./crypto/dh/dh_lib.c		DH
+-./crypto/dh/p1024.c		DH
+-./crypto/dh/p192.c		DH
+-./crypto/dh/p512.c		DH
+-./crypto/dh/dhtest.c		DH
+-
+-./crypto/dsa/dsa.h		DSA
+-./crypto/dsa/dsagen.c		DSA
+-./crypto/dsa/dsa_err.c		DSA
+-./crypto/dsa/dsa_gen.c		DSA
+-./crypto/dsa/dsa_key.c		DSA
+-./crypto/dsa/dsa_lib.c		DSA
+-./crypto/dsa/dsa_sign.c		DSA
+-./crypto/dsa/dsa_vrf.c		DSA
+-./crypto/dsa/dsatest.c		DSA
+-
+-./crypto/err/err.c		ERR
+-./crypto/err/err.h		ERR
+-./crypto/err/err_all.c		ERR
+-./crypto/err/err_prn.c		ERR
+-
+-./crypto/evp/evp.h		EVP
+-./crypto/evp/bio_b64.c		EVP
+-./crypto/evp/bio_enc.c		EVP
+-./crypto/evp/bio_md.c		EVP
+-./crypto/evp/c_all.c		EVP
+-./crypto/evp/digest.c		EVP
+-./crypto/evp/encode.c		EVP
+-./crypto/evp/evp_enc.c		EVP
+-./crypto/evp/evp_err.c		EVP
+-./crypto/evp/evp_key.c		EVP
+-./crypto/evp/e_cbc_3d.c		EVP
+-./crypto/evp/e_cbc_bf.c		EVP
+-./crypto/evp/e_cbc_c.c		EVP
+-./crypto/evp/e_cbc_d.c		EVP
+-./crypto/evp/e_cbc_i.c		EVP
+-./crypto/evp/e_cbc_r2.c		EVP
+-./crypto/evp/e_cfb_3d.c		EVP
+-./crypto/evp/e_cfb_bf.c		EVP
+-./crypto/evp/e_cfb_c.c		EVP
+-./crypto/evp/e_cfb_d.c		EVP
+-./crypto/evp/e_cfb_i.c		EVP
+-./crypto/evp/e_cfb_r2.c		EVP
+-./crypto/evp/e_dsa.c		EVP
+-./crypto/evp/e_ecb_3d.c		EVP
+-./crypto/evp/e_ecb_bf.c		EVP
+-./crypto/evp/e_ecb_c.c		EVP
+-./crypto/evp/e_ecb_d.c		EVP
+-./crypto/evp/e_ecb_i.c		EVP
+-./crypto/evp/e_ecb_r2.c		EVP
+-./crypto/evp/e_null.c		EVP
+-./crypto/evp/e_ofb_3d.c		EVP
+-./crypto/evp/e_ofb_bf.c		EVP
+-./crypto/evp/e_ofb_c.c		EVP
+-./crypto/evp/e_ofb_d.c		EVP
+-./crypto/evp/e_ofb_i.c		EVP
+-./crypto/evp/e_ofb_r2.c		EVP
+-./crypto/evp/e_rc4.c		EVP
+-./crypto/evp/e_xcbc_d.c		EVP
+-./crypto/evp/m_dss.c		EVP
+-./crypto/evp/m_dss1.c		EVP
+-./crypto/evp/m_md2.c		EVP
+-./crypto/evp/m_md5.c		EVP
+-./crypto/evp/m_mdc2.c		EVP
+-./crypto/evp/m_null.c		EVP
+-./crypto/evp/m_sha.c		EVP
+-./crypto/evp/m_sha1.c		EVP
+-./crypto/evp/names.c		EVP
+-./crypto/evp/p_lib.c		EVP
+-./crypto/evp/p_open.c		EVP
+-./crypto/evp/p_seal.c		EVP
+-./crypto/evp/p_sign.c		EVP
+-./crypto/evp/p_verify.c		EVP
+-
+-./crypto/hmac/hmac.c		HMAC
+-./crypto/hmac/hmac.h		HMAC
+-./crypto/hmac/hmactest.c	HMAC
+-
+-./crypto/idea/ideatest.c	IDEA
+-./crypto/idea/idea_lcl.h	IDEA
+-./crypto/idea/idea_spd.c	IDEA
+-./crypto/idea/i_cbc.c		IDEA
+-./crypto/idea/i_cfb64.c		IDEA
+-./crypto/idea/i_ecb.c		IDEA
+-./crypto/idea/i_ofb64.c		IDEA
+-./crypto/idea/i_skey.c		IDEA
+-./crypto/idea/idea.h		IDEA
+-
+-./crypto/lhash/lhash.c		LHASH
+-./crypto/lhash/lhash.h		LHASH
+-./crypto/lhash/lh_stats.c	LHASH
+-./crypto/lhash/lh_test.c	LHASH
+-
+-./crypto/md2/md2.c		MD2
+-./crypto/md2/md2test.c		MD2
+-./crypto/md2/md2_dgst.c		MD2
+-./crypto/md2/md2_one.c		MD2
+-./crypto/md2/md2.h		MD2
+-
+-./crypto/md5/md5.c		MD5
+-./crypto/md5/md5.h		MD5
+-./crypto/md5/md5test.c		MD5
+-./crypto/md5/md5_dgst.c		MD5
+-./crypto/md5/md5_locl.h		MD5
+-./crypto/md5/md5_one.c		MD5
+-
+-./crypto/mdc2/mdc2.h		MDC2
+-./crypto/mdc2/mdc2dgst.c	MDC2
+-./crypto/mdc2/mdc2test.c	MDC2
+-./crypto/mdc2/mdc2_one.c	MDC2
+-
+-./crypto/objects/objects.h	OBJ
+-./crypto/objects/obj_dat.c	OBJ
+-./crypto/objects/obj_dat.h	OBJ
+-./crypto/objects/obj_err.c	OBJ
+-./crypto/objects/obj_lib.c	OBJ
+-
+-./crypto/pem/ctx_size.c		PEM
+-./crypto/pem/pem.h		PEM
+-./crypto/pem/pem_all.c		PEM
+-./crypto/pem/pem_err.c		PEM
+-./crypto/pem/pem_info.c		PEM
+-./crypto/pem/pem_lib.c		PEM
+-./crypto/pem/pem_seal.c		PEM
+-./crypto/pem/pem_sign.c		PEM
+-
+-./crypto/pkcs7/pk7_dgst.c	PKCS7
+-./crypto/pkcs7/pk7_doit.c	PKCS7
+-./crypto/pkcs7/pk7_enc.c	PKCS7
+-./crypto/pkcs7/pk7_lib.c	PKCS7
+-./crypto/pkcs7/pkcs7.h		PKCS7
+-./crypto/pkcs7/pkcs7err.c	PKCS7
+-./crypto/pkcs7/sign.c		PKCS7
+-
+-./crypto/proxy/bf_proxy.c	PROXY
+-./crypto/proxy/p2test.c		PROXY
+-./crypto/proxy/p3test.c		PROXY
+-./crypto/proxy/paccept.c	PROXY
+-./crypto/proxy/proxy.c		PROXY
+-./crypto/proxy/proxy.h		PROXY
+-./crypto/proxy/ptest.c		PROXY
+-./crypto/proxy/pxy_conf.c	PROXY
+-./crypto/proxy/pxy_err.c	PROXY
+-./crypto/proxy/pxy_txt.c	PROXY
+-
+-./crypto/rand/md_rand.c		RAND
+-./crypto/rand/rand.h		RAND
+-./crypto/rand/randfile.c	RAND
+-./crypto/rand/randtest.c	RAND
+-
+-./crypto/rc2/rc2cfb64.c		RC2
+-./crypto/rc2/rc2ofb64.c		RC2
+-./crypto/rc2/rc2speed.c		RC2
+-./crypto/rc2/rc2test.c		RC2
+-./crypto/rc2/rc2_cbc.c		RC2
+-./crypto/rc2/rc2_ecb.c		RC2
+-./crypto/rc2/rc2_locl.h		RC2
+-./crypto/rc2/rc2_skey.c		RC2
+-./crypto/rc2/rc2.h		RC2
+-
+-./crypto/rc4/rc4.c		RC4
+-./crypto/rc4/rc4speed.c		RC4
+-./crypto/rc4/rc4test.c		RC4
+-./crypto/rc4/rc4_enc.c		RC4
+-./crypto/rc4/rc4_skey.c		RC4
+-./crypto/rc4/rc4.h		RC4
+-./crypto/rc4/rc4_locl.h		RC4
+-
+-./crypto/rsa/rsa.h		RSA
+-./crypto/rsa/rsa_eay.c		RSA
+-./crypto/rsa/rsa_err.c		RSA
+-./crypto/rsa/rsa_gen.c		RSA
+-./crypto/rsa/rsa_lib.c		RSA
+-./crypto/rsa/rsa_saos.c		RSA
+-./crypto/rsa/rsa_sign.c		RSA
+-./crypto/rsa/rsa_ssl.c		RSA
+-./crypto/rsa/rsa_pk1.c		RSA
+-./crypto/rsa/rsa_none.c		RSA
+-
+-./crypto/sha/sha.h		SHA
+-./crypto/sha/sha_locl.h		SHA
+-./crypto/sha/sha.c		SHA0
+-./crypto/sha/sha_dgst.c		SHA0
+-./crypto/sha/sha_one.c		SHA0
+-./crypto/sha/sha_sgst.c		SHA0
+-./crypto/sha/shatest.c		SHA0
+-./crypto/sha/sha1.c		SHA1
+-./crypto/sha/sha1dgst.c		SHA1
+-./crypto/sha/sha1_one.c		SHA1
+-./crypto/sha/sha1test.c		SHA1
+-
+-./crypto/stack/stack.c		STACK
+-./crypto/stack/stack.h		STACK
+-
+-./crypto/txt_db/txt_db.c	TXTDB
+-./crypto/txt_db/txt_db.h	TXTDB
+-
+-./crypto/x509/by_dir.c		X509
+-./crypto/x509/by_file.c		X509
+-./crypto/x509/v3_net.c		X509
+-./crypto/x509/v3_x509.c		X509
+-./crypto/x509/x509.h		X509
+-./crypto/x509/x509name.c	X509
+-./crypto/x509/x509pack.c	X509
+-./crypto/x509/x509rset.c	X509
+-./crypto/x509/x509type.c	X509
+-./crypto/x509/x509_cmp.c	X509
+-./crypto/x509/x509_d2.c		X509
+-./crypto/x509/x509_def.c	X509
+-./crypto/x509/x509_err.c	X509
+-./crypto/x509/x509_ext.c	X509
+-./crypto/x509/x509_lu.c		X509
+-./crypto/x509/x509_obj.c	X509
+-./crypto/x509/x509_r2x.c	X509
+-./crypto/x509/x509_req.c	X509
+-./crypto/x509/x509_set.c	X509
+-./crypto/x509/x509_txt.c	X509
+-./crypto/x509/x509_v3.c		X509
+-./crypto/x509/x509_vfy.c	X509
+-./crypto/x509/x_all.c		X509
+-./crypto/x509/x509_vfy.h	X509
+-./crypto/x509v3/v3_ku.c		X509
+-./crypto/x509v3/x509v3.h	X509
+-
+-./crypto/threads/mttest.c	THREADS
+-./crypto/threads/th-lock.c	THREADS
+-
+-./crypto/ripemd/rmdtest.c	RMD160
+-./crypto/ripemd/ripemd.h	RMD160
+-./crypto/ripemd/rmdconst.h	RMD160
+-./crypto/ripemd/rmd_locl.h	RMD160
+-./crypto/ripemd/rmd_one.c	RMD160
+-./crypto/ripemd/rmd160.c	RMD160
+-./crypto/ripemd/rmd_dgst.c	RMD160
+-
+-./crypto/rc5/rc5_ecb.c		RC5
+-./crypto/rc5/rc5cfb64.c		RC5
+-./crypto/rc5/rc5ofb64.c		RC5
+-./crypto/rc5/rc5speed.c		RC5
+-./crypto/rc5/rc5test.c		RC5
+-./crypto/rc5/rc5_enc.c		RC5
+-./crypto/rc5/rc5.h		RC5
+-./crypto/rc5/rc5_locl.h		RC5
+-./crypto/rc5/rc5_skey.c		RC5
+-
+-./ssl/bio_ssl.c			SSL
+-./ssl/pxy_ssl.c			SSL
+-./ssl/s23_clnt.c		SSL
+-./ssl/s23_lib.c			SSL
+-./ssl/s23_meth.c		SSL
+-./ssl/s23_pkt.c			SSL
+-./ssl/s23_srvr.c		SSL
+-./ssl/s2_clnt.c			SSL
+-./ssl/s2_enc.c			SSL
+-./ssl/s2_lib.c			SSL
+-./ssl/s2_meth.c			SSL
+-./ssl/s2_pkt.c			SSL
+-./ssl/s2_srvr.c			SSL
+-./ssl/s3_both.c			SSL
+-./ssl/s3_clnt.c			SSL
+-./ssl/s3_enc.c			SSL
+-./ssl/s3_lib.c			SSL
+-./ssl/s3_meth.c			SSL
+-./ssl/s3_pkt.c			SSL
+-./ssl/s3_srvr.c			SSL
+-./ssl/ssl.c			SSL
+-./ssl/ssl2.h			SSL
+-./ssl/ssl23.h			SSL
+-./ssl/ssl3.h			SSL
+-./ssl/ssl_algs.c		SSL
+-./ssl/ssl_asn1.c		SSL
+-./ssl/ssl_cert.c		SSL
+-./ssl/ssl_ciph.c		SSL
+-./ssl/ssl_err.c			SSL
+-./ssl/ssl_err2.c		SSL
+-./ssl/ssl_lib.c			SSL
+-./ssl/ssl_locl.h		SSL
+-./ssl/ssl_rsa.c			SSL
+-./ssl/ssl_sess.c		SSL
+-./ssl/ssl_stat.c		SSL
+-./ssl/ssl_task.c		SSL
+-./ssl/ssl_txt.c			SSL
+-./ssl/tls1.h			SSL
+-./ssl/t1_lib.c			SSL
+-./ssl/t1_enc.c			SSL
+-./ssl/t1_meth.c			SSL
+-./ssl/t1_srvr.c			SSL
+-./ssl/t1_clnt.c			SSL
+-./ssl/ssl.h			SSL
+-./ssl/ssltest.c			SSL
+-
+-./rsaref/rsaref.c		RSAREF
+-./rsaref/rsaref.h		RSAREF
+-./rsaref/rsar_err.c		RSAREF
+-
+-./apps/apps.c			APPS
+-./apps/apps.h			APPS
+-./apps/asn1pars.c		APPS
+-./apps/bf_perm.c		APPS
+-./apps/bf_perm.h		APPS
+-./apps/ca.c			APPS
+-./apps/ciphers.c		APPS
+-./apps/crl.c			APPS
+-./apps/crl2p7.c			APPS
+-./apps/dgst.c			APPS
+-./apps/dh.c			APPS
+-./apps/dsa.c			APPS
+-./apps/dsaparam.c		APPS
+-./apps/eay.c			APPS
+-./apps/enc.c			APPS
+-./apps/errstr.c			APPS
+-./apps/speed.c			APPS
+-./apps/gendh.c			APPS
+-./apps/gendsa.c			APPS
+-./apps/genrsa.c			APPS
+-./apps/mybio_cb.c		APPS
+-./apps/pem_mail.c		APPS
+-./apps/pkcs7.c			APPS
+-./apps/progs.h			APPS
+-./apps/req.c			APPS
+-./apps/rsa.c			APPS
+-./apps/sess_id.c		APPS
+-./apps/s_apps.h			APPS
+-./apps/s_cb.c			APPS
+-./apps/s_client.c		APPS
+-./apps/s_server.c		APPS
+-./apps/s_socket.c		APPS
+-./apps/s_time.c			APPS
+-./apps/testdsa.h		APPS
+-./apps/testrsa.h		APPS
+-./apps/verify.c			APPS
+-./apps/version.c		APPS
+-./apps/x509.c			APPS
+-./apps/ssleay.c			APPS
+-./apps/sp.c			APPS
+-
+-./demos/b64.c			DEMO
+-./demos/bio/saccept.c		DEMO
+-./demos/bio/sconnect.c		DEMO
+-./demos/maurice/example1.c	DEMO
+-./demos/maurice/example2.c	DEMO
+-./demos/maurice/example3.c	DEMO
+-./demos/maurice/example4.c	DEMO
+-./demos/maurice/loadkeys.c	DEMO
+-./demos/maurice/loadkeys.h	DEMO
+-./demos/prime/prime.c		DEMO
+-./demos/selfsign.c		DEMO
+-./demos/spkigen.c		DEMO
+-
+Index: crypto/openssl/dep/gen.pl
+===================================================================
+RCS file: crypto/openssl/dep/gen.pl
+diff -N crypto/openssl/dep/gen.pl
+--- crypto/openssl/dep/gen.pl	10 Jan 2000 06:21:56 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,113 +0,0 @@
+-#!/usr/local/bin/perl
+-
+-require 'getopts.pl';
+-
+-$files="files";
+-%have=();
+-%missing=();
+-%name=();
+-%func=();
+-
+-&Getopts('Ff:');
+-
+-&load_file("files");
+-foreach $file (@ARGV)
+-	{ &do_nm($file); }
+-
+-if (defined($opt_f))
+-	{
+-	%a=();
+-	$r=&list_files($opt_f,"",*a);
+-	if ($opt_F)
+-		{
+-		foreach (sort split(/\n/,$r))
+-			{ print "$_\n"; }
+-		}
+-	else
+-		{ print $r; }
+-	}
+-else
+-	{
+-	for (sort keys %have)
+-		{
+-		print "$_:$have{$_}\n";
+-		}
+-	}
+-
+-sub list_files
+-	{
+-	local($f,$o,*done)=@_;
+-	local($a,$_,$ff,$ret);
+-
+-	return if $f =~ /^\s*$/;
+-
+-	$done{$f}=1;
+-	$ret.=$f."\n" if $opt_F;
+-	foreach (split(/ /,$have{$f}))
+-		{
+-		$ret.="$o$f:$_\n" unless $opt_F;
+-		}
+-
+-	foreach (split(/ /,$missing{$f}))
+-		{
+-		$ff=$func{$_};
+-		next if defined($done{$ff});
+-		$ret.=&list_files($ff,$o."	");
+-		}
+-	$ret;
+-	}
+-
+-sub do_nm
+-	{
+-	local($file)=@_;
+-	local($fname)="";
+-
+-	open(IN,"nm $file|") || die "unable to run 'nm $file|':$!\n";
+-	while (<IN>)
+-		{
+-		chop;
+-		next if /^\s*$/;
+-		if (/^(.*)\.o:\s*$/)
+-			{
+-			$fname="$1.c";
+-			next;
+-			}
+-		($type,$name)=/^.{8} (.) (.+)/;
+-#		print "$fname $type $name\n";
+-
+-		if ($type eq "T")
+-			{
+-			$have{$fname}.="$name ";
+-			$func{$name}=$fname;
+-			}
+-		elsif ($type eq "U")
+-			{
+-			$missing{$fname}.="$name ";
+-			}
+-		}
+-	close(IN);
+-	}
+-
+-sub load_file
+-	{
+-	local($file)=@_;
+-
+-	open(IN,"<$files") || die "unable to open $files:$!\n";
+-
+-	while (<IN>)
+-		{
+-		chop;
+-		next if /^\s*$/;
+-		($n)=/\/([^\/\s]+)\s+/;
+-		($fn)=/^(\S+)\s/;
+-#		print "$n - $fn\n";
+-		if (defined($name{$n}))
+-			{ print "$n already exists\n"; }
+-		else
+-			{ $name{$n}=$fn; }
+-		}
+-	close(IN);
+-	@name=%name;
+-	}
+-
+-
+Index: crypto/openssl/dep/ssl.txt
+===================================================================
+RCS file: crypto/openssl/dep/ssl.txt
+diff -N crypto/openssl/dep/ssl.txt
+--- crypto/openssl/dep/ssl.txt	10 Jan 2000 06:21:56 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,156 +0,0 @@
+-BIO_f_ssl
+-BIO_new_buffer_ssl_connect
+-BIO_new_ssl
+-BIO_new_ssl_connect
+-BIO_proxy_ssl_copy_session_id
+-BIO_ssl_copy_session_id
+-BIO_ssl_shutdown
+-ERR_load_SSL_strings
+-SSL_CIPHER_description
+-SSL_CIPHER_get_bits
+-SSL_CIPHER_get_name
+-SSL_CIPHER_get_version
+-SSL_CTX_add_client_CA
+-SSL_CTX_add_session
+-SSL_CTX_check_private_key
+-SSL_CTX_ctrl
+-SSL_CTX_flush_sessions
+-SSL_CTX_free
+-SSL_CTX_get_client_CA_list
+-SSL_CTX_get_ex_data
+-SSL_CTX_get_ex_new_index
+-SSL_CTX_get_quiet_shutdown
+-SSL_CTX_get_verify_callback
+-SSL_CTX_get_verify_mode
+-SSL_CTX_load_verify_locations
+-SSL_CTX_new
+-SSL_CTX_remove_session
+-SSL_CTX_set_cert_verify_cb
+-SSL_CTX_set_cipher_list
+-SSL_CTX_set_client_CA_list
+-SSL_CTX_set_default_passwd_cb
+-SSL_CTX_set_default_verify_paths
+-SSL_CTX_set_ex_data
+-SSL_CTX_set_quiet_shutdown
+-SSL_CTX_set_ssl_version
+-SSL_CTX_set_verify
+-SSL_CTX_use_PrivateKey
+-SSL_CTX_use_PrivateKey_ASN1
+-SSL_CTX_use_PrivateKey_file
+-SSL_CTX_use_RSAPrivateKey
+-SSL_CTX_use_RSAPrivateKey_ASN1
+-SSL_CTX_use_RSAPrivateKey_file
+-SSL_CTX_use_certificate
+-SSL_CTX_use_certificate_ASN1
+-SSL_CTX_use_certificate_file
+-SSL_SESSION_cmp
+-SSL_SESSION_free
+-SSL_SESSION_get_ex_data
+-SSL_SESSION_get_ex_new_index
+-SSL_SESSION_get_time
+-SSL_SESSION_get_timeout
+-SSL_SESSION_hash
+-SSL_SESSION_new
+-SSL_SESSION_print
+-SSL_SESSION_print_fp
+-SSL_SESSION_set_ex_data
+-SSL_SESSION_set_time
+-SSL_SESSION_set_timeout
+-SSL_accept
+-SSL_add_client_CA
+-SSL_alert_desc_string
+-SSL_alert_desc_string_long
+-SSL_alert_type_string
+-SSL_alert_type_string_long
+-SSL_check_private_key
+-SSL_clear
+-SSL_connect
+-SSL_copy_session_id
+-SSL_ctrl
+-SSL_do_handshake
+-SSL_dup
+-SSL_dup_CA_list
+-SSL_free
+-SSL_get_SSL_CTX
+-SSL_get_certificate
+-SSL_get_cipher_list
+-SSL_get_ciphers
+-SSL_get_client_CA_list
+-SSL_get_current_cipher
+-SSL_get_default_timeout
+-SSL_get_error
+-SSL_get_ex_data
+-SSL_get_ex_new_index
+-SSL_get_fd
+-SSL_get_info_callback
+-SSL_get_peer_cert_chain
+-SSL_get_peer_certificate
+-SSL_get_privatekey
+-SSL_get_quiet_shutdown
+-SSL_get_rbio
+-SSL_get_read_ahead
+-SSL_get_session
+-SSL_get_shared_ciphers
+-SSL_get_shutdown
+-SSL_get_ssl_method
+-SSL_get_verify_callback
+-SSL_get_verify_mode
+-SSL_get_verify_result
+-SSL_get_version
+-SSL_get_wbio
+-SSL_load_client_CA_file
+-SSL_load_error_strings
+-SSL_new
+-SSL_peek
+-SSL_pending
+-SSL_read
+-SSL_renegotiate
+-SSL_rstate_string
+-SSL_rstate_string_long
+-SSL_set_accept_state
+-SSL_set_bio
+-SSL_set_cipher_list
+-SSL_set_client_CA_list
+-SSL_set_connect_state
+-SSL_set_ex_data
+-SSL_set_fd
+-SSL_set_info_callback
+-SSL_set_quiet_shutdown
+-SSL_set_read_ahead
+-SSL_set_rfd
+-SSL_set_session
+-SSL_set_shutdown
+-SSL_set_ssl_method
+-SSL_set_verify
+-SSL_set_verify_result
+-SSL_set_wfd
+-SSL_shutdown
+-SSL_state
+-SSL_state_string
+-SSL_state_string_long
+-SSL_use_PrivateKey
+-SSL_use_PrivateKey_ASN1
+-SSL_use_PrivateKey_file
+-SSL_use_RSAPrivateKey
+-SSL_use_RSAPrivateKey_ASN1
+-SSL_use_RSAPrivateKey_file
+-SSL_use_certificate
+-SSL_use_certificate_ASN1
+-SSL_use_certificate_file
+-SSL_version
+-SSL_write
+-SSLeay_add_ssl_algorithms
+-SSLv23_client_method
+-SSLv23_method
+-SSLv23_server_method
+-SSLv2_client_method
+-SSLv2_method
+-SSLv2_server_method
+-SSLv3_client_method
+-SSLv3_method
+-SSLv3_server_method
+-TLSv1_client_method
+-TLSv1_method
+-TLSv1_server_method
+-d2i_SSL_SESSION
+-i2d_SSL_SESSION
+cvs diff: Diffing crypto/openssl/doc
+Index: crypto/openssl/doc/crypto.pod
+===================================================================
+RCS file: crypto/openssl/doc/crypto.pod
+diff -N crypto/openssl/doc/crypto.pod
+--- crypto/openssl/doc/crypto.pod	10 Jan 2000 06:21:57 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,27 +0,0 @@
+-
+-=pod
+-
+-=head1 NAME
+-
+-Crypto - OpenSSL Cryptography library
+-
+-=head1 SYNOPSIS
+-
+-=head1 DESCRIPTION
+-
+-The OpenSSL B<crypto> library implements various cryptography standards
+-related to the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
+-(TLS v1) protocols. It provides a rich API which is documented here.
+-
+-...
+-
+-=head1 SEE ALSO
+-
+-openssl(1), ssl(3)
+-
+-=head1 HISTORY
+-
+-The crypto(3) document appeared in OpenSSL 0.9.2
+-
+-=cut
+-
+Index: crypto/openssl/doc/openssl.pod
+===================================================================
+RCS file: crypto/openssl/doc/openssl.pod
+diff -N crypto/openssl/doc/openssl.pod
+--- crypto/openssl/doc/openssl.pod	10 Jan 2000 06:21:57 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,304 +0,0 @@
+-
+-=pod
+-
+-=head1 NAME
+-
+-openssl - OpenSSL command line tool
+-
+-=head1 SYNOPSIS
+-
+-B<openssl>
+-I<command>
+-[ I<command_opts> ]
+-[ I<command_args> ]
+-
+-=head1 DESCRIPTION
+-
+-OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
+-v2/v3) and Transport Layer Security (TLS v1) network protocols and related
+-cryptography standards required by them.
+-
+-The B<openssl> program is a command line tool for using the various
+-cryptography functions of OpenSSL's B<crypto> library from the shell. 
+-It can be used for 
+-
+- o  Creation of RSA, DH and DSA key parameters
+- o  Creation of X.509 certificates, CSRs and CRLs 
+- o  Calculation of Message Digests
+- o  Encryption and Decryption with Ciphers
+- o  SSL/TLS Client and Server Tests
+-
+-=head1 COMMAND SUMMARY
+-
+-The B<openssl> program provides a rich variety of commands (I<command> in the
+-SYNOPSIS above), each of which often has a wealth of options and arguments
+-(I<command_opts> and I<command_args> in the SYNOPSIS).
+-
+-=head2 STANDARD COMMANDS
+-
+-=over 10
+-
+-=item B<asn1parse> 
+-
+-Parse an ASN.1 sequence.
+-
+-=item B<ca>
+-
+-Certificate Authority (CA) Management.  
+-
+-=item B<ciphers>
+-
+-Cipher Suite Description Determination.
+-
+-=item B<crl>
+-
+-Certificate Revocation List (CRL) Management.
+-
+-=item B<crl2pkcs7>      
+-
+-CRL2 to PKCS#7 Conversion.
+-
+-=item B<dgst>
+-
+-Message Digest Calculation.
+-
+-=item B<dh>
+-
+-Diffie-Hellman Data Management.
+-
+-=item B<dsa>
+-
+-DSA Data Management.
+-
+-=item B<dsaparam>
+-
+-DSA Parameter Generation.
+-
+-=item B<enc>            
+-
+-Encoding with Ciphers.
+-
+-=item B<errstr>
+-
+-Error Number to Error String Conversion.
+-
+-=item B<gendh>
+-
+-Generation of Diffie-Hellman Parameters.
+-
+-=item B<gendsa>
+-
+-Generation of DSA Parameters.
+-
+-=item B<genrsa>
+-
+-Generation of RSA Parameters.
+-
+-=item B<pkcs7>
+-
+-PKCS#7 Data Management.
+-
+-=item B<req>
+-
+-X.509 Certificate Signing Request (CSR) Management.
+-
+-=item B<rsa>
+-
+-RSA Data Management.
+-
+-=item B<s_client>
+-
+-This implements a generic SSL/TLS client which can establish a transparent
+-connection to a remote server speaking SSL/TLS. It's intended for testing
+-purposes only and provides only rudimentary interface functionality but
+-internally uses mostly all functionality of the OpenSSL B<ssl> library.
+-
+-=item B<s_server>
+-
+-This implements a generic SSL/TLS server which accepts connections from remote
+-clients speaking SSL/TLS. It's intended for testing purposes only and provides
+-only rudimentary interface functionality but internally uses mostly all
+-functionality of the OpenSSL B<ssl> library.  It provides both an own command
+-line oriented protocol for testing SSL functions and a simple HTTP response
+-facility to emulate an SSL/TLS-aware webserver.
+-
+-=item B<s_time>        
+-
+-SSL Connection Timer.
+-
+-=item B<sess_id>
+-
+-SSL Session Data Management.
+-
+-=item B<speed>
+-
+-Algorithm Speed Measurement.
+-
+-=item B<verify>
+-
+-X.509 Certificate Verification.
+-
+-=item B<version>
+-
+-OpenSSL Version Information.
+-
+-=item B<x509>           
+-
+-X.509 Certificate Data Management.
+-
+-=back
+-
+-=head2 MESSAGE DIGEST COMMANDS
+-
+-=over 10
+-
+-=item B<md2>
+-
+-MD2 Digest
+-
+-=item B<md5>
+-
+-MD5 Digest
+-
+-=item B<mdc2>
+-
+-MDC2 Digest
+-
+-=item B<rmd160>
+-
+-RMD-160 Digest
+-
+-=item B<sha>            
+-
+-SHA Digest
+-
+-=item B<sha1>           
+-
+-SHA-1 Digest
+-
+-=back
+-
+-=head2 ENCODING AND CIPHER COMMANDS
+-
+-=over 10
+-
+-=item B<base64>
+-
+-Base64 Encoding
+-
+-=item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
+-
+-Blowfish Cipher
+-
+-=item B<cast cast-cbc>
+-
+-CAST Cipher
+-
+-=item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
+-
+-CAST5 Cipher
+-
+-=item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
+-
+-DES Cipher
+-
+-=item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
+-
+-Triple-DES Cipher
+-
+-=item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
+-
+-IDEA Cipher
+-
+-=item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
+-
+-RC2 Cipher
+-
+-=item B<rc4>
+-
+-RC4 Cipher
+-
+-=item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
+-
+-RC5 Cipher
+-
+-=back
+-
+-=head1 DETAILED COMMAND DESCRIPTION
+-
+-The following is a detailed description of every B<openssl> I<command>.
+-
+-=over 4
+-
+-=item B<openssl> B<s_client>
+-[B<-connect> I<host>B<:>I<port>]
+-[B<-verify> I<arg>]
+-[B<-cert> I<arg>]
+-[B<-key> I<arg>]
+-[B<-CApath> I<arg>]
+-[B<-CAfile> I<arg>]
+-[B<-reconnect>]
+-[B<-pause>]
+-[B<-debug>]
+-[B<-nbio_test>]
+-[B<-state>]
+-[B<-nbio>]
+-[B<-quiet>]
+-[B<-ssl2>]
+-[B<-ssl3>]
+-[B<-tls1>]
+-[B<-no_ssl2>]
+-[B<-no_ssl3>]
+-[B<-no_tls1>]
+-[B<-bugs>]
+-[B<-cipher>]
+-
+-The B<s_client> command implements a generic SSL/TLS client which can
+-establish a transparent connection to a remote I<host> and I<port> speaking
+-SSL/TLS. 
+-
+-=item B<openssl> B<s_server>
+-[B<-accept> I<port>]
+-[B<-verify> I<arg>]
+-[B<-Verify> I<arg>]
+-[B<-cert> I<arg>]
+-[B<-key> I<arg>]
+-[B<-dcert> I<arg>]
+-[B<-dkey> I<arg>]
+-[B<-nbio>]
+-[B<-nbio_test>]
+-[B<-debug>]
+-[B<-state>]
+-[B<-CApath> I<arg>]
+-[B<-CAfile> I<arg>]
+-[B<-nocert>]
+-[B<-cipher> I<arg>]
+-[B<-quiet>]
+-[B<-no_tmp_rsa>]
+-[B<-ssl2>]
+-[B<-ssl3>]
+-[B<-tls1>]
+-[B<-no_ssl2>]
+-[B<-no_ssl3>]
+-[B<-no_tls1>]
+-[B<-bugs>]
+-[B<-www>]
+-[B<-WWW>]
+-
+-The B<s_server> command implements a generic SSL/TLS server which accepts
+-connections from remote clients on I<port> speaking SSL/TLS.
+-
+-=back
+-
+-...
+-
+-=head1 SEE ALSO
+-
+-crypto(3), ssl(3)
+-
+-=head1 HISTORY
+-
+-The openssl(3) document appeared in OpenSSL 0.9.2
+-
+-=cut
+-
+Index: crypto/openssl/doc/ssl.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl.pod
+diff -N crypto/openssl/doc/ssl.pod
+--- crypto/openssl/doc/ssl.pod	10 Jan 2000 06:21:57 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,633 +0,0 @@
+-
+-=pod
+-
+-=head1 NAME
+-
+-SSL - OpenSSL SSL/TLS library
+-
+-=head1 SYNOPSIS
+-
+-=head1 DESCRIPTION
+-
+-The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
+-Transport Layer Security (TLS v1) protocols. It provides a rich API which is
+-documented here.
+-
+-=head1 HEADER FILES
+-
+-Currently the OpenSSL B<ssl> library provides the following C header files
+-containing the prototypes for the data structures and and functions:
+-
+-=over 4
+-
+-=item B<ssl.h>
+-
+-That's the common header file for the SSL/TLS API.  Include it into your
+-program to make the API of the B<ssl> library available. It internally
+-includes both more private SSL headers and headers from the B<crypto> library.
+-Whenever you need hard-core details on the internals of the SSL API, look
+-inside this header file.
+-
+-=item B<ssl2.h>
+-
+-That's the sub header file dealing with the SSLv2 protocol only.
+-I<Usually you don't have to include it explicitly because
+-it's already included by ssl.h>.
+-
+-=item B<ssl3.h>
+-
+-That's the sub header file dealing with the SSLv3 protocol only.
+-I<Usually you don't have to include it explicitly because
+-it's already included by ssl.h>.
+-
+-=item B<ssl23.h>
+-
+-That's the sub header file dealing with the combined use of the SSLv2 and
+-SSLv3 protocols.
+-I<Usually you don't have to include it explicitly because
+-it's already included by ssl.h>.
+-
+-=item B<tls1.h>
+-
+-That's the sub header file dealing with the TLSv1 protocol only.
+-I<Usually you don't have to include it explicitly because
+-it's already included by ssl.h>.
+-
+-=back
+-
+-=head1 DATA STRUCTURES
+-
+-Currently the OpenSSL B<ssl> library functions deals with the following data
+-structures:
+-
+-=over 4
+-
+-=item B<SSL_METHOD> (SSL Method)
+-
+-That's a dispatch structure describing the internal B<ssl> library
+-methods/functions which implement the various protocol versions (SSLv1, SSLv2
+-and TLSv1). It's needed to create an B<SSL_CTX>.
+-
+-=item B<SSL_CIPHER> (SSL Cipher)
+-
+-This structure holds the algorithm information for a particular cipher which
+-are a core part of the SSL/TLS protocol. The available ciphers are configured
+-on a B<SSL_CTX> basis and the actually used ones are then part of the
+-B<SSL_SESSION>.
+-
+-=item B<SSL_CTX> (SSL Context)
+-
+-That's the global context structure which is created by a server or client
+-once per program life-time and which holds mainly default values for the
+-B<SSL> structures which are later created for the connections.
+-
+-=item B<SSL_SESSION> (SSL Session)
+-
+-This is a structure containing the current SSL session details for a
+-connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
+-
+-=item B<SSL> (SSL Connection)
+-
+-That's the main SSL/TLS structure which is created by a server or client per
+-established connection. This actually is the core structure in the SSL API.
+-Under run-time the application usually deals with this structure which has
+-links to mostly all other structures.
+-
+-=back
+-
+-=head1 API FUNCTIONS
+-
+-Currently the OpenSSL B<ssl> library exports 214 API functions.
+-They are documented in the following:
+-
+-=head2 DEALING WITH PROTOCOL METHODS
+-
+-Here we document the various API functions which deal with the SSL/TLS
+-protocol methods defined in B<SSL_METHOD> structures.
+-
+-=over 4
+-
+-=item SSL_METHOD *B<SSLv2_client_method>(void);
+-
+-Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
+-
+-=item SSL_METHOD *B<SSLv2_server_method>(void);
+-
+-Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
+-
+-=item SSL_METHOD *B<SSLv2_method>(void);
+-
+-Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
+-
+-=item SSL_METHOD *B<SSLv3_client_method>(void);
+-
+-Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
+-
+-=item SSL_METHOD *B<SSLv3_server_method>(void);
+-
+-Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
+-
+-=item SSL_METHOD *B<SSLv3_method>(void);
+-
+-Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
+-
+-=item SSL_METHOD *B<TLSv1_client_method>(void);
+-
+-Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
+-
+-=item SSL_METHOD *B<TLSv1_server_method>(void);
+-
+-Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
+-
+-=item SSL_METHOD *B<TLSv1_method>(void);
+-
+-Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
+-
+-=back
+-
+-=head2 DEALING WITH CIPHERS
+-
+-Here we document the various API functions which deal with the SSL/TLS
+-ciphers defined in B<SSL_CIPHER> structures.
+-
+-=over 4
+-
+-=item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
+-
+-Write a string to I<buf> (with a maximum size of I<len>) containing a human
+-readable description of I<cipher>. Returns I<buf>.
+-
+-=item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
+-
+-Determine the number of bits in I<cipher>. Because of export crippled ciphers
+-there are two bits: The bits the algorithm supports in general (stored to
+-I<alg_bits>) and the bits which are actually used (the return value).
+-
+-=item char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
+-
+-Return the internal name of I<cipher> as a string. These are the various
+-strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
+-definitions in the header files.
+-
+-=item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
+-
+-Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the
+-SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
+-in the specification the first time).
+-
+-=back
+-
+-=head2 DEALING WITH PROTOCOL CONTEXTS
+-
+-Here we document the various API functions which deal with the SSL/TLS
+-protocol context defined in the B<SSL_CTX> structure.
+-
+-=over 4
+-
+-=item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
+-
+-=item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
+-
+-=item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
+-
+-=item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx);
+-
+-=item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
+-
+-=item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
+-
+-=item void B<SSL_CTX_free>(SSL_CTX *a);
+-
+-=item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
+-
+-=item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
+-
+-=item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx);
+-
+-=item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+-
+-=item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx);
+-
+-=item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+-
+-=item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+-
+-=item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
+-
+-=item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx);
+-
+-=item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+-
+-=item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath);
+-
+-=item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
+-
+-=item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth);
+-
+-=item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
+-
+-=item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
+-
+-=item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+-
+-=item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+-
+-=item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+-
+-=item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
+-
+-=item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
+-
+-=item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+-
+-=item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+-
+-=item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+-
+-=item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
+-
+-=item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
+-
+-=item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
+-
+-=item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+-
+-=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg)
+-
+-=item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+-
+-=item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
+-
+-=item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+-
+-=item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
+-
+-=item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
+-
+-=item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
+-
+-=item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
+-
+-=item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+-
+-=item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
+-
+-=item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+-
+-=item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
+-
+-=item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth);
+-
+-=item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
+-
+-=item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
+-
+-=item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
+-
+-=item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
+-
+-=item SSL_CTX_set_tmp_rsa_callback
+-
+-C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
+-
+-Sets the callback which will be called when a temporary private key is
+-required. The B<C<export>> flag will be set if the reason for needing
+-a temp key is that an export ciphersuite is in use, in which case,
+-B<C<keylength>> will contain the required keylength in bits. Generate a key of
+-appropriate size (using ???) and return it.
+-
+-=item SSL_set_tmp_rsa_callback
+-
+-long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+-
+-The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+-session instead of a context.
+-
+-=item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+-
+-=item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
+-
+-=item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
+-
+-=item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+-
+-=item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
+-
+-=item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
+-
+-=item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+-
+-=item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
+-
+-=item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
+-
+-=item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
+-
+-=back
+-
+-=head2 DEALING WITH SESSIONS
+-
+-Here we document the various API functions which deal with the SSL/TLS
+-sessions defined in the B<SSL_SESSION> structures.
+-
+-=over 4
+-
+-=item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b);
+-
+-=item void B<SSL_SESSION_free>(SSL_SESSION *ss);
+-
+-=item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
+-
+-=item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx);
+-
+-=item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+-
+-=item long B<SSL_SESSION_get_time>(SSL_SESSION *s);
+-
+-=item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s);
+-
+-=item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a);
+-
+-=item SSL_SESSION *B<SSL_SESSION_new>(void);
+-
+-=item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x);
+-
+-=item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x);
+-
+-=item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
+-
+-=item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
+-
+-=item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
+-
+-=item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
+-
+-=back
+-
+-=head2 DEALING WITH CONNECTIONS
+-
+-Here we document the various API functions which deal with the SSL/TLS
+-connection defined in the B<SSL> structure.
+-
+-=over 4
+-
+-=item int B<SSL_accept>(SSL *ssl);
+-
+-=item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
+-
+-=item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
+-
+-=item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
+-
+-=item char *B<SSL_alert_desc_string>(int value);
+-
+-=item char *B<SSL_alert_desc_string_long>(int value);
+-
+-=item char *B<SSL_alert_type_string>(int value);
+-
+-=item char *B<SSL_alert_type_string_long>(int value);
+-
+-=item int B<SSL_check_private_key>(SSL *ssl);
+-
+-=item void B<SSL_clear>(SSL *ssl);
+-
+-=item long B<SSL_clear_num_renegotiations>(SSL *ssl);
+-
+-=item int B<SSL_connect>(SSL *ssl);
+-
+-=item void B<SSL_copy_session_id>(SSL *t, SSL *f);
+-
+-=item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
+-
+-=item int B<SSL_do_handshake>(SSL *ssl);
+-
+-=item SSL *B<SSL_dup>(SSL *ssl);
+-
+-=item STACK *B<SSL_dup_CA_list>(STACK *sk);
+-
+-=item void B<SSL_free>(SSL *ssl);
+-
+-=item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl);
+-
+-=item char *B<SSL_get_app_data>(SSL *ssl);
+-
+-=item X509 *B<SSL_get_certificate>(SSL *ssl);
+-
+-=item SSL_CIPHER *B<SSL_get_cipher>(SSL *ssl);
+-
+-=item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits);
+-
+-=item char *B<SSL_get_cipher_list>(SSL *ssl, int n);
+-
+-=item char *B<SSL_get_cipher_name>(SSL *ssl);
+-
+-=item char *B<SSL_get_cipher_version>(SSL *ssl);
+-
+-=item STACK *B<SSL_get_ciphers>(SSL *ssl);
+-
+-=item STACK *B<SSL_get_client_CA_list>(SSL *ssl);
+-
+-=item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
+-
+-=item long B<SSL_get_default_timeout>(SSL *ssl);
+-
+-=item int B<SSL_get_error>(SSL *ssl, int i);
+-
+-=item char *B<SSL_get_ex_data>(SSL *ssl, int idx);
+-
+-=item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
+-
+-=item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+-
+-=item int B<SSL_get_fd>(SSL *ssl);
+-
+-=item void (*B<SSL_get_info_callback>(SSL *ssl);)(void)
+-
+-=item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl);
+-
+-=item X509 *B<SSL_get_peer_certificate>(SSL *ssl);
+-
+-=item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
+-
+-=item int B<SSL_get_quiet_shutdown>(SSL *ssl);
+-
+-=item BIO *B<SSL_get_rbio>(SSL *ssl);
+-
+-=item int B<SSL_get_read_ahead>(SSL *ssl);
+-
+-=item SSL_SESSION *B<SSL_get_session>(SSL *ssl);
+-
+-=item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len);
+-
+-=item int B<SSL_get_shutdown>(SSL *ssl);
+-
+-=item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
+-
+-=item int B<SSL_get_state>(SSL *ssl);
+-
+-=item long B<SSL_get_time>(SSL *ssl);
+-
+-=item long B<SSL_get_timeout>(SSL *ssl);
+-
+-=item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void)
+-
+-=item int B<SSL_get_verify_mode>(SSL *ssl);
+-
+-=item long B<SSL_get_verify_result>(SSL *ssl);
+-
+-=item char *B<SSL_get_version>(SSL *ssl);
+-
+-=item BIO *B<SSL_get_wbio>(SSL *ssl);
+-
+-=item int B<SSL_in_accept_init>(SSL *ssl);
+-
+-=item int B<SSL_in_before>(SSL *ssl);
+-
+-=item int B<SSL_in_connect_init>(SSL *ssl);
+-
+-=item int B<SSL_in_init>(SSL *ssl);
+-
+-=item int B<SSL_is_init_finished>(SSL *ssl);
+-
+-=item STACK *B<SSL_load_client_CA_file>(char *file);
+-
+-=item void B<SSL_load_error_strings>(void);
+-
+-=item SSL *B<SSL_new>(SSL_CTX *ctx);
+-
+-=item long B<SSL_num_renegotiations>(SSL *ssl);
+-
+-=item int B<SSL_peek>(SSL *ssl, char *buf, int num);
+-
+-=item int B<SSL_pending>(SSL *ssl);
+-
+-=item int B<SSL_read>(SSL *ssl, char *buf, int num);
+-
+-=item int B<SSL_renegotiate>(SSL *ssl);
+-
+-=item char *B<SSL_rstate_string>(SSL *ssl);
+-
+-=item char *B<SSL_rstate_string_long>(SSL *ssl);
+-
+-=item long B<SSL_session_reused>(SSL *ssl);
+-
+-=item void B<SSL_set_accept_state>(SSL *ssl);
+-
+-=item void B<SSL_set_app_data>(SSL *ssl, char *arg);
+-
+-=item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
+-
+-=item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
+-
+-=item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
+-
+-=item void B<SSL_set_connect_state>(SSL *ssl);
+-
+-=item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
+-
+-=item int B<SSL_set_fd>(SSL *ssl, int fd);
+-
+-=item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
+-
+-=item void B<SSL_set_options>(SSL *ssl, unsigned long op);
+-
+-=item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
+-
+-=item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
+-
+-=item int B<SSL_set_rfd>(SSL *ssl, int fd);
+-
+-=item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
+-
+-=item void B<SSL_set_shutdown>(SSL *ssl, int mode);
+-
+-=item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth);
+-
+-=item void B<SSL_set_time>(SSL *ssl, long t);
+-
+-=item void B<SSL_set_timeout>(SSL *ssl, long t);
+-
+-=item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
+-
+-=item void B<SSL_set_verify_result>(SSL *ssl, long arg);
+-
+-=item int B<SSL_set_wfd>(SSL *ssl, int fd);
+-
+-=item int B<SSL_shutdown>(SSL *ssl);
+-
+-=item int B<SSL_state>(SSL *ssl);
+-
+-=item char *B<SSL_state_string>(SSL *ssl);
+-
+-=item char *B<SSL_state_string_long>(SSL *ssl);
+-
+-=item long B<SSL_total_renegotiations>(SSL *ssl);
+-
+-=item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
+-
+-=item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
+-
+-=item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type);
+-
+-=item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
+-
+-=item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
+-
+-=item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type);
+-
+-=item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
+-
+-=item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
+-
+-=item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
+-
+-=item int B<SSL_version>(SSL *ssl);
+-
+-=item int B<SSL_want>(SSL *ssl);
+-
+-=item int B<SSL_want_nothing>(SSL *ssl);
+-
+-=item int B<SSL_want_read>(SSL *ssl);
+-
+-=item int B<SSL_want_write>(SSL *ssl);
+-
+-=item int B<SSL_want_x509_lookup>(s);
+-
+-=item int B<SSL_write>(SSL *ssl, char *buf, int num);
+-
+-=back
+-
+-=head1 SEE ALSO
+-
+-openssl(1), crypto(3)
+-
+-=head1 HISTORY
+-
+-The ssl(3) document appeared in OpenSSL 0.9.2
+-
+-=cut
+-
+Index: crypto/openssl/doc/ssleay.txt
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssleay.txt,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 ssleay.txt
+--- crypto/openssl/doc/ssleay.txt	4 Jul 2001 23:19:40 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssleay.txt	31 Jul 2002 00:47:02 -0000
+@@ -1,6 +1,22 @@
+ 
+ Bundle of old SSLeay documentation files [OBSOLETE!]
+ 
++*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***
++
++OBSOLETE means that nothing in this document should be trusted.  This
++document is provided mostly for historical purposes (it wasn't even up
++to date at the time SSLeay 0.8.1 was released) and as inspiration.  If
++you copy some snippet of code from this document, please _check_ that
++it really is correct from all points of view.  For example, you can
++check with the other documents in this directory tree, or by comparing
++with relevant parts of the include files.
++
++People have done the mistake of trusting what's written here.  Please
++don't do that.
++
++*** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***
++
++
+ ==== readme ========================================================
+ 
+ This is the old 0.6.6 docuementation.  Most of the cipher stuff is still
+cvs diff: Diffing crypto/openssl/doc/apps
+Index: crypto/openssl/doc/apps/ca.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/apps/ca.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 ca.pod
+--- crypto/openssl/doc/apps/ca.pod	26 Nov 2000 11:34:05 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/apps/ca.pod	31 Jul 2002 00:46:59 -0000
+@@ -54,6 +54,11 @@
+ 
+ specifies the configuration file to use.
+ 
++=item B<-name section>
++
++specifies the configuration file section to use (overrides
++B<default_ca> in the B<ca> section).
++
+ =item B<-in filename>
+ 
+ an input filename containing a single certificate request to be
+@@ -202,8 +207,20 @@
+ 
+ =head1 CONFIGURATION FILE OPTIONS
+ 
+-The options for B<ca> are contained in the B<ca> section of the
+-configuration file. Many of these are identical to command line
++The section of the configuration file containing options for B<ca>
++is found as follows: If the B<-name> command line option is used,
++then it names the section to be used. Otherwise the section to
++be used must be named in the B<default_ca> option of the B<ca> section
++of the configuration file (or in the default section of the
++configuration file). Besides B<default_ca>, the following options are
++read directly from the B<ca> section:
++ RANDFILE
++ preserve
++ msie_hack
++With the exception of B<RANDFILE>, this is probably a bug and may
++change in future releases.
++
++Many of the configuration file options are identical to command line
+ options. Where the option is present in the configuration file
+ and the command line the command line value is used. Where an
+ option is described as mandatory then it must be present in
+Index: crypto/openssl/doc/apps/crl2pkcs7.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/apps/crl2pkcs7.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 crl2pkcs7.pod
+--- crypto/openssl/doc/apps/crl2pkcs7.pod	20 Aug 2000 08:46:54 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/apps/crl2pkcs7.pod	31 Jul 2002 00:47:00 -0000
+@@ -6,12 +6,13 @@
+ 
+ =head1 SYNOPSIS
+ 
+-B<openssl> B<pkcs7>
++B<openssl> B<crl2pkcs7>
+ [B<-inform PEM|DER>]
+ [B<-outform PEM|DER>]
+ [B<-in filename>]
+ [B<-out filename>]
+-[B<-print_certs>]
++[B<-certfile filename>]
++[B<-nocrl>]
+ 
+ =head1 DESCRIPTION
+ 
+Index: crypto/openssl/doc/apps/enc.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/apps/enc.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 enc.pod
+--- crypto/openssl/doc/apps/enc.pod	20 Aug 2000 08:46:54 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/apps/enc.pod	31 Jul 2002 00:47:00 -0000
+@@ -96,12 +96,18 @@
+ =item B<-K key>
+ 
+ the actual key to use: this must be represented as a string comprised only
+-of hex digits.
++of hex digits. If only the key is specified, the IV must additionally specified
++using the B<-iv> option. When both a key and a password are specified, the
++key given with the B<-K> option will be used and the IV generated from the
++password will be taken. It probably does not make much sense to specify
++both key and password.
+ 
+ =item B<-iv IV>
+ 
+ the actual IV to use: this must be represented as a string comprised only
+-of hex digits.
++of hex digits. When only the key is specified using the B<-K> option, the
++IV must explicitly be defined. When a password is being specified using
++one of the other options, the IV is generated from this password.
+ 
+ =item B<-p>
+ 
+Index: crypto/openssl/doc/apps/openssl.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/apps/openssl.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 openssl.pod
+--- crypto/openssl/doc/apps/openssl.pod	26 Nov 2000 11:34:05 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/apps/openssl.pod	31 Jul 2002 00:47:00 -0000
+@@ -125,6 +125,10 @@
+ 
+ Generation of hashed passwords.
+ 
++=item L<B<pkcs12>|pkcs12(1)>
++
++PKCS#12 Data Management.
++
+ =item L<B<pkcs7>|pkcs7(1)>
+ 
+ PKCS#7 Data Management.
+Index: crypto/openssl/doc/apps/rsautl.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/apps/rsautl.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 rsautl.pod
+--- crypto/openssl/doc/apps/rsautl.pod	26 Nov 2000 11:38:49 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/apps/rsautl.pod	31 Jul 2002 00:47:00 -0000
+@@ -101,11 +101,11 @@
+ 
+ Recover the signed data
+ 
+- openssl rsautl -sign -in sig -inkey key.pem
++ openssl rsautl -verify -in sig -inkey key.pem
+ 
+ Examine the raw signed data:
+ 
+- openssl rsautl -sign -in file -inkey key.pem -raw -hexdump
++ openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
+ 
+  0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+  0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+Index: crypto/openssl/doc/apps/s_server.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/apps/s_server.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 s_server.pod
+--- crypto/openssl/doc/apps/s_server.pod	4 Jul 2001 23:19:41 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/apps/s_server.pod	31 Jul 2002 00:47:00 -0000
+@@ -7,7 +7,7 @@
+ 
+ =head1 SYNOPSIS
+ 
+-B<openssl> B<s_client>
++B<openssl> B<s_server>
+ [B<-accept port>]
+ [B<-context id>]
+ [B<-verify depth>]
+Index: crypto/openssl/doc/apps/smime.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/apps/smime.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 smime.pod
+--- crypto/openssl/doc/apps/smime.pod	26 Nov 2000 11:34:06 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/apps/smime.pod	31 Jul 2002 00:47:00 -0000
+@@ -21,7 +21,6 @@
+ [B<-certfile file>]
+ [B<-signer file>]
+ [B<-recip  file>]
+-[B<-in file>]
+ [B<-inform SMIME|PEM|DER>]
+ [B<-passin arg>]
+ [B<-inkey file>]
+Index: crypto/openssl/doc/apps/verify.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/apps/verify.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 verify.pod
+--- crypto/openssl/doc/apps/verify.pod	26 Nov 2000 11:34:06 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/apps/verify.pod	31 Jul 2002 00:47:00 -0000
+@@ -200,13 +200,13 @@
+ 
+ the certificate is not yet valid: the notBefore date is after the current time.
+ 
+-=item B<10 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
++=item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
+ 
+-the CRL is not yet valid. Unused.
++the certificate has expired: that is the notAfter date is before the current time.
+ 
+-=item B<11 X509_V_ERR_CERT_HAS_EXPIRED: Certificate has expired>
++=item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+ 
+-the certificate has expired: that is the notAfter date is before the current time.
++the CRL is not yet valid. Unused.
+ 
+ =item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+ 
+cvs diff: Diffing crypto/openssl/doc/crypto
+Index: crypto/openssl/doc/crypto/BN_bn2bin.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/BN_bn2bin.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 BN_bn2bin.pod
+--- crypto/openssl/doc/crypto/BN_bn2bin.pod	26 Nov 2000 11:34:07 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/BN_bn2bin.pod	31 Jul 2002 00:47:00 -0000
+@@ -49,7 +49,7 @@
+ B<fp>.
+ 
+ BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format
+-that consists of the number's length in bytes represented as a 3-byte
++that consists of the number's length in bytes represented as a 4-byte
+ big-endian number, and the number itself in big-endian format, where
+ the most significant bit signals a negative number (the representation
+ of numbers with the MSB set is prefixed with null byte).
+Index: crypto/openssl/doc/crypto/BN_rand.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/BN_rand.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 BN_rand.pod
+--- crypto/openssl/doc/crypto/BN_rand.pod	4 Jul 2001 23:19:41 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/BN_rand.pod	31 Jul 2002 00:47:00 -0000
+@@ -14,6 +14,8 @@
+ 
+  int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+ 
++ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
++
+ =head1 DESCRIPTION
+ 
+ BN_rand() generates a cryptographically strong pseudo-random number of
+@@ -31,6 +33,8 @@
+ 
+ BN_rand_range() generates a cryptographically strong pseudo-random
+ number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
++BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
++and hence numbers generated by it are not necessarily unpredictable.
+ 
+ The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
+ 
+@@ -49,5 +53,6 @@
+ BN_rand() is available in all versions of SSLeay and OpenSSL.
+ BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case
+ and the function BN_rand_range() were added in OpenSSL 0.9.6a.
++BN_pseudo_rand_range() was added in OpenSSL 0.9.6c.
+ 
+ =cut
+Index: crypto/openssl/doc/crypto/DH_get_ex_new_index.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 DH_get_ex_new_index.pod
+--- crypto/openssl/doc/crypto/DH_get_ex_new_index.pod	20 Aug 2000 08:46:56 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/crypto/DH_get_ex_new_index.pod	31 Jul 2002 00:47:00 -0000
+@@ -26,6 +26,42 @@
+ 
+ =head1 SEE ALSO
+ 
++L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dh(3)|dh(3)>
++
++=head1 HISTORY
++
++DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
++available since OpenSSL 0.9.5.
++
++=cut
++=pod
++
++=head1 NAME
++
++DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures
++
++=head1 SYNOPSIS
++
++ #include <openssl/dh.h>
++
++ int DH_get_ex_new_index(long argl, void *argp,
++		CRYPTO_EX_new *new_func,
++		CRYPTO_EX_dup *dup_func,
++		CRYPTO_EX_free *free_func);
++
++ int DH_set_ex_data(DH *d, int idx, void *arg);
++
++ char *DH_get_ex_data(DH *d, int idx);
++
++=head1 DESCRIPTION
++
++These functions handle application specific data in DH
++structures. Their usage is identical to that of
++RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
++as described in L<RSA_get_ex_new_index(3)>.
++
++=head1 SEE ALSO
++
+ L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)>
+ 
+ =head1 HISTORY
+Index: crypto/openssl/doc/crypto/EVP_DigestInit.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/EVP_DigestInit.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 EVP_DigestInit.pod
+--- crypto/openssl/doc/crypto/EVP_DigestInit.pod	26 Nov 2000 11:34:07 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/EVP_DigestInit.pod	31 Jul 2002 00:47:00 -0000
+@@ -192,7 +192,7 @@
+ 
+ L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+ L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+-L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
++L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+ 
+ =head1 HISTORY
+ 
+Index: crypto/openssl/doc/crypto/EVP_EncryptInit.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/EVP_EncryptInit.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 EVP_EncryptInit.pod
+--- crypto/openssl/doc/crypto/EVP_EncryptInit.pod	26 Nov 2000 11:34:08 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/EVP_EncryptInit.pod	31 Jul 2002 00:47:00 -0000
+@@ -192,7 +192,7 @@
+ EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
+ 
+ EVP_CipherInit() and EVP_CipherUpdate() return 1 for success and 0 for failure.
+-EVP_CipherFinal() returns 1 for a decryption failure or 1 for success.
++EVP_CipherFinal() returns 0 for a decryption failure or 1 for success.
+ 
+ EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
+ 
+Index: crypto/openssl/doc/crypto/EVP_SignInit.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/EVP_SignInit.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 EVP_SignInit.pod
+--- crypto/openssl/doc/crypto/EVP_SignInit.pod	26 Nov 2000 11:34:08 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/EVP_SignInit.pod	31 Jul 2002 00:47:00 -0000
+@@ -75,7 +75,7 @@
+ L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+ L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+ L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+-L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
++L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+ 
+ =head1 HISTORY
+ 
+Index: crypto/openssl/doc/crypto/EVP_VerifyInit.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/EVP_VerifyInit.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 EVP_VerifyInit.pod
+--- crypto/openssl/doc/crypto/EVP_VerifyInit.pod	26 Nov 2000 11:34:08 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/EVP_VerifyInit.pod	31 Jul 2002 00:47:00 -0000
+@@ -62,7 +62,7 @@
+ L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+ L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+ L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+-L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
++L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+ 
+ =head1 HISTORY
+ 
+Index: crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 OPENSSL_VERSION_NUMBER.pod
+--- crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod	26 Nov 2000 11:34:08 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod	31 Jul 2002 00:47:00 -0000
+@@ -2,7 +2,7 @@
+ 
+ =head1 NAME
+ 
+-OPENSSL_VERSION_NUMBER, SSLeay SSLeay_version - get OpenSSL version number
++OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number
+ 
+ =head1 SYNOPSIS
+ 
+@@ -11,7 +11,7 @@
+ 
+  #include <openssl/crypto.h>
+  long SSLeay(void);
+- char *SSLeay_version(int t);
++ const char *SSLeay_version(int t);
+ 
+ =head1 DESCRIPTION
+ 
+@@ -55,20 +55,27 @@
+ =over 4
+ 
+ =item SSLEAY_VERSION
++
+ The text variant of the version number and the release date.  For example,
+ "OpenSSL 0.9.5a 1 Apr 2000".
+ 
+ =item SSLEAY_CFLAGS
+-The flags given to the C compiler when compiling OpenSSL are returned in a
+-string.
++
++The compiler flags set for the compilation process in the form
++"compiler: ..."  if available or "compiler: information not available"
++otherwise.
++
++=item SSLEAY_BUILT_ON
++
++The date of the build process in the form "built on: ..." if available
++or "built on: date not available" otherwise.
+ 
+ =item SSLEAY_PLATFORM
+-The platform name used when OpenSSL was configured is returned.
+ 
+-=back
++The "Configure" target of the library build in the form "platform: ..."
++if available or "platform: information not available" otherwise.
+ 
+-If the data request isn't available, a text saying that the information is
+-not available is returned.
++=back
+ 
+ For an unknown B<t>, the text "not available" is returned.
+ 
+Index: crypto/openssl/doc/crypto/RSA_check_key.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/RSA_check_key.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 RSA_check_key.pod
+--- crypto/openssl/doc/crypto/RSA_check_key.pod	20 Aug 2000 08:46:57 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/crypto/RSA_check_key.pod	31 Jul 2002 00:47:00 -0000
+@@ -18,7 +18,9 @@
+ It also checks that B<d*e = 1 mod (p-1*q-1)>,
+ and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
+ 
+-The key's public components may not be B<NULL>.
++As such, this function can not be used with any arbitrary RSA key object,
++even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
++information.
+ 
+ =head1 RETURN VALUE
+ 
+@@ -27,6 +29,13 @@
+ 
+ If the key is invalid or an error occurred, the reason code can be
+ obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
++
++=head1 NOTES
++
++This function does not work on RSA public keys that have only the modulus
++and public exponent elements populated. It performs integrity checks on all
++the RSA key material, so the RSA key structure must contain all the private
++key data too.
+ 
+ =head1 SEE ALSO
+ 
+Index: crypto/openssl/doc/crypto/RSA_generate_key.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/RSA_generate_key.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 RSA_generate_key.pod
+--- crypto/openssl/doc/crypto/RSA_generate_key.pod	20 Aug 2000 08:46:57 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/crypto/RSA_generate_key.pod	31 Jul 2002 00:47:00 -0000
+@@ -19,7 +19,7 @@
+ 
+ The modulus size will be B<num> bits, and the public exponent will be
+ B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
+-The exponent is an odd number, typically 3 or 65535.
++The exponent is an odd number, typically 3, 17 or 65537.
+ 
+ A callback function may be used to provide feedback about the
+ progress of the key generation. If B<callback> is not B<NULL>, it
+Index: crypto/openssl/doc/crypto/bio.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/bio.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 bio.pod
+--- crypto/openssl/doc/crypto/bio.pod	26 Nov 2000 11:38:50 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/crypto/bio.pod	31 Jul 2002 00:47:00 -0000
+@@ -40,7 +40,7 @@
+ =head1 SEE ALSO
+ 
+ L<BIO_ctrl(3)|BIO_ctrl(3)>,
+-L<BIO_f_base64(3)|BIO_f_base64(3)>,
++L<BIO_f_base64(3)|BIO_f_base64(3)>, L<BIO_f_buffer(3)|BIO_f_buffer(3)>,
+ L<BIO_f_cipher(3)|BIO_f_cipher(3)>, L<BIO_f_md(3)|BIO_f_md(3)>,
+ L<BIO_f_null(3)|BIO_f_null(3)>, L<BIO_f_ssl(3)|BIO_f_ssl(3)>,
+ L<BIO_find_type(3)|BIO_find_type(3)>, L<BIO_new(3)|BIO_new(3)>,
+Index: crypto/openssl/doc/crypto/blowfish.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/blowfish.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 blowfish.pod
+--- crypto/openssl/doc/crypto/blowfish.pod	26 Nov 2000 11:34:09 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/blowfish.pod	31 Jul 2002 00:47:00 -0000
+@@ -27,7 +27,7 @@
+ 
+ =head1 DESCRIPTION
+ 
+-This library implements the Blowfish cipher, which is invented and described
++This library implements the Blowfish cipher, which was invented and described
+ by Counterpane (see http://www.counterpane.com/blowfish.html ).
+ 
+ Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
+@@ -57,7 +57,7 @@
+ recipient needs to know what it was initialized with, or it won't be able
+ to decrypt.  Some programs and protocols simplify this, like SSH, where
+ B<ivec> is simply initialized to zero.
+-BF_cbc_encrypt() operates of data that is a multiple of 8 bytes long, while
++BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
+ BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
+ number of bytes (the amount does not have to be an exact multiple of 8).  The
+ purpose of the latter two is to simulate stream ciphers, and therefore, they
+Index: crypto/openssl/doc/crypto/bn.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/bn.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 bn.pod
+--- crypto/openssl/doc/crypto/bn.pod	4 Jul 2001 23:19:42 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/bn.pod	31 Jul 2002 00:47:00 -0000
+@@ -61,6 +61,7 @@
+  int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+  int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+  int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
++ int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+ 
+  BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
+          BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+Index: crypto/openssl/doc/crypto/crypto.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/crypto.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 crypto.pod
+--- crypto/openssl/doc/crypto/crypto.pod	26 Nov 2000 11:34:09 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/crypto.pod	31 Jul 2002 00:47:00 -0000
+@@ -46,7 +46,8 @@
+ 
+ =item AUXILIARY FUNCTIONS
+ 
+-L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>
++L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>,
++L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)>
+ 
+ =item INPUT/OUTPUT, DATA ENCODING
+ 
+Index: crypto/openssl/doc/crypto/des_modes.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/des_modes.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 des_modes.pod
+--- crypto/openssl/doc/crypto/des_modes.pod	26 Nov 2000 11:34:09 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/des_modes.pod	31 Jul 2002 00:47:00 -0000
+@@ -204,8 +204,8 @@
+ =item *
+ 
+ If the first and last key are the same, the key length is 112 bits.
+-There are attacks that could reduce the key space to 55 bit's but it
+-requires 2^56 blocks of memory.
++There are attacks that could reduce the effective key strength
++to only slightly more than 56 bits, but these require a lot of memory.
+ 
+ =item *
+ 
+Index: crypto/openssl/doc/crypto/err.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/err.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 err.pod
+--- crypto/openssl/doc/crypto/err.pod	26 Nov 2000 11:34:09 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/err.pod	31 Jul 2002 00:47:00 -0000
+@@ -172,7 +172,7 @@
+ =head1 SEE ALSO
+ 
+ L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
+-L<CRYPTO_set_locking_callback(3)|<CRYPTO_set_locking_callback(3)>,
++L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
+ L<ERR_get_error(3)|ERR_get_error(3)>,
+ L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
+ L<ERR_clear_error(3)|ERR_clear_error(3)>,
+Index: crypto/openssl/doc/crypto/rand.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/rand.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 rand.pod
+--- crypto/openssl/doc/crypto/rand.pod	4 Jul 2001 23:19:42 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/rand.pod	31 Jul 2002 00:47:00 -0000
+@@ -127,13 +127,12 @@
+ When bytes are extracted from the RNG, the following process is used.
+ For each group of 10 bytes (or less), we do the following:
+ 
+-Input into the hash function the top 10 bytes from the local 'md'
+-(which is initialized from the global 'md' before any bytes are
+-generated), the bytes that are to be overwritten by the random bytes,
+-and bytes from the 'state' (incrementing looping index). From this
+-digest output (which is kept in 'md'), the top (up to) 10 bytes are
+-returned to the caller and the bottom (up to) 10 bytes are xored into
+-the 'state'.
++Input into the hash function the local 'md' (which is initialized from
++the global 'md' before any bytes are generated), the bytes that are to
++be overwritten by the random bytes, and bytes from the 'state'
++(incrementing looping index). From this digest output (which is kept
++in 'md'), the top (up to) 10 bytes are returned to the caller and the
++bottom 10 bytes are xored into the 'state'.
+ 
+ Finally, after we have finished 'num' random bytes for the caller,
+ 'count' (which is incremented) and the local and global 'md' are fed
+Index: crypto/openssl/doc/crypto/rsa.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/rsa.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 rsa.pod
+--- crypto/openssl/doc/crypto/rsa.pod	26 Nov 2000 11:34:09 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/rsa.pod	31 Jul 2002 00:47:00 -0000
+@@ -110,7 +110,7 @@
+ L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
+ L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+ L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+-L<RSA_sign_ASN_OCTET_STRING(3)|RSA_sign_ASN_OCTET_STRING(3)>,
++L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
+ L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
+ 
+ =cut
+Index: crypto/openssl/doc/crypto/threads.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/crypto/threads.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 threads.pod
+--- crypto/openssl/doc/crypto/threads.pod	26 Nov 2000 11:34:09 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/crypto/threads.pod	31 Jul 2002 00:47:00 -0000
+@@ -53,8 +53,10 @@
+ that at least two callback functions are set.
+ 
+ locking_function(int mode, int n, const char *file, int line) is
+-needed to perform locking on shared data structures. Multi-threaded
+-applications will crash at random if it is not set.
++needed to perform locking on shared data structures.
++(Note that OpenSSL uses a number of global data structures that
++will be implicitly shared whenever multiple threads use OpenSSL.)
++Multi-threaded applications will crash at random if it is not set.
+ 
+ locking_function() must be able to handle up to CRYPTO_num_locks()
+ different mutex locks. It sets the B<n>-th lock if B<mode> &
+cvs diff: Diffing crypto/openssl/doc/ssl
+Index: crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
+diff -N crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod	31 Jul 2002 00:47:00 -0000
+@@ -0,0 +1,70 @@
++=pod
++
++=head1 NAME
++
++SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
++
++=head1 DESCRIPTION
++
++SSL_COMP_add_compression_method() adds the compression method B<cm> with
++the identifier B<id> to the list of available compression methods. This
++list is globally maintained for all SSL operations within this application.
++It cannot be set for specific SSL_CTX or SSL objects.
++
++=head1 NOTES
++
++The TLS standard (or SSLv3) allows the integration of compression methods
++into the communication. The TLS RFC does however not specify compression
++methods or their corresponding identifiers, so there is currently no compatible
++way to integrate compression with unknown peers. It is therefore currently not
++recommended to integrate compression into applications. Applications for
++non-public use may agree on certain compression methods. Using different
++compression methods with the same identifier will lead to connection failure.
++
++An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
++will unconditionally send the list of all compression methods enabled with
++SSL_COMP_add_compression_method() to the server during the handshake.
++Unlike the mechanisms to set a cipher list, there is no method available to
++restrict the list of compression method on a per connection basis.
++
++An OpenSSL server will match the identifiers listed by a client against
++its own compression methods and will unconditionally activate compression
++when a matching identifier is found. There is no way to restrict the list
++of compression methods supported on a per connection basis.
++
++The OpenSSL library has the compression methods B<COMP_rle()> and (when
++especially enabled during compilation) B<COMP_zlib()> available.
++
++=head1 WARNINGS
++
++Once the identities of the compression methods for the TLS protocol have
++been standardized, the compression API will most likely be changed. Using
++it in the current state is not recommended.
++
++=head1 RETURN VALUES
++
++SSL_COMP_add_compression_method() may return the following values:
++
++=over 4
++
++=item 1
++
++The operation succeeded.
++
++=item 0
++
++The operation failed. Check the error queue to find out the reason.
++
++=back
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_CTX_add_extra_chain_cert.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod	4 Jul 2001 23:22:30 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod	31 Jul 2002 00:47:00 -0000
+@@ -33,6 +33,7 @@
+ 
+ L<ssl(3)|ssl(3)>,
+ L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
++L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
+ L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod
+diff -N crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod	31 Jul 2002 00:47:01 -0000
+@@ -0,0 +1,34 @@
++=pod
++
++=head1 NAME
++
++SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
++ long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
++
++ long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
++ long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
++
++=head1 DESCRIPTION
++
++The SSL_*_ctrl() family of functions is used to manipulate settings of
++the SSL_CTX and SSL objects. Depending on the command B<cmd> the arguments
++B<larg>, B<parg>, or B<fp> are evaluated. These functions should never
++be called directly. All functionalities needed are made available via
++other functions or macros.
++
++=head1 RETURN VALUES
++
++The return values of the SSL*_ctrl() functions depend on the command
++supplied via the B<cmd> parameter.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_free.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_free.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_CTX_free.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_free.pod	4 Jul 2001 23:19:42 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_CTX_free.pod	31 Jul 2002 00:47:01 -0000
+@@ -24,6 +24,8 @@
+ 
+ SSL_CTX_free() does not provide diagnostic information.
+ 
++=head1 SEE ALSO
++
+ L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_CTX_get_ex_new_index.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod	31 Jul 2002 00:47:01 -0000
+@@ -40,6 +40,59 @@
+ B<ctx>.
+ 
+ A detailed description for the B<*_get_ex_new_index()> functionality
++can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
++The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
++L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>,
++L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
++L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
++
++=cut
++=pod
++
++=head1 NAME
++
++SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data - internal application specific data functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ int SSL_CTX_get_ex_new_index(long argl, void *argp,
++                CRYPTO_EX_new *new_func,
++                CRYPTO_EX_dup *dup_func,
++                CRYPTO_EX_free *free_func);
++
++ int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg);
++
++ void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx);
++
++ typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
++                int idx, long argl, void *argp);
++ typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
++                int idx, long argl, void *argp);
++ typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
++                int idx, long argl, void *argp);
++
++=head1 DESCRIPTION
++
++Several OpenSSL structures can have application specific data attached to them.
++These functions are used internally by OpenSSL to manipulate application
++specific data attached to a specific structure.
++
++SSL_CTX_get_ex_new_index() is used to register a new index for application
++specific data.
++
++SSL_CTX_set_ex_data() is used to store application data at B<arg> for B<idx>
++into the B<ctx> object.
++
++SSL_CTX_get_ex_data() is used to retrieve the information for B<idx> from
++B<ctx>.
++
++A detailed description for the B<*_get_ex_new_index()> functionality
+ can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
+ The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+ L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+Index: crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod,v
+retrieving revision 1.1.1.2.2.1
+diff -u -r1.1.1.2.2.1 SSL_CTX_load_verify_locations.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod	4 Jul 2001 23:22:31 -0000	1.1.1.2.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod	31 Jul 2002 00:47:01 -0000
+@@ -33,10 +33,6 @@
+ The B<CAfile> is processed on execution of the SSL_CTX_load_verify_locations()
+ function.
+ 
+-If on an TLS/SSL server no special setting is performed using *client_CA_list()
+-functions, the certificates contained in B<CAfile> are listed to the client
+-as available CAs during the TLS/SSL handshake.
+-
+ If B<CApath> is not NULL, it points to a directory containing CA certificates
+ in PEM format. The files each contain one CA certificate. The files are
+ looked up by the CA subject name hash value, which must hence be available.
+@@ -50,9 +46,6 @@
+ building the certificate chain or when actually performing the verification
+ of a peer certificate.
+ 
+-On a server, the certificates in B<CApath> are not listed as available
+-CA certificates to a client during a TLS/SSL handshake.
+-
+ When looking up CA certificates, the OpenSSL library will first search the
+ certificates in B<CAfile>, then those in B<CApath>. Certificate matching
+ is done based on the subject name, the key identifier (if present), and the
+@@ -62,6 +55,13 @@
+ no other certificates for the same parameters will be searched in case of
+ failure.
+ 
++In server mode, when requesting a client certificate, the server must send
++the list of CAs of which it will accept client certificates. This list
++is not influenced by the contents of B<CAfile> or B<CApath> and must
++explicitly be set using the
++L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
++family of functions.
++
+ When building its own certificate chain, an OpenSSL client/server will
+ try to fill in missing certificates from B<CAfile>/B<CApath>, if the
+ certificate chain was not explicitly specified (see
+@@ -118,7 +118,7 @@
+ L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
+ L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+ L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+-L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+-
++L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
++L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_new.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_new.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_CTX_new.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_new.pod	4 Jul 2001 23:19:42 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_CTX_new.pod	31 Jul 2002 00:47:01 -0000
+@@ -59,6 +59,100 @@
+ 
+ =back
+ 
++The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
++SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
++B<SSL_set_options()> functions. Using these options it is possible to choose
++e.g. SSLv23_server_method() and be able to negotiate with all possible
++clients, but to only allow newer protocols like SSLv3 or TLSv1.
++
++SSL_CTX_new() initializes the list of ciphers, the session cache setting,
++the callbacks, the keys and certificates, and the options to its default
++values.
++
++=head1 RETURN VALUES
++
++The following return values can occur:
++
++=over 4
++
++=item NULL
++
++The creation of a new SSL_CTX object failed. Check the error stack to
++find out the reason.
++
++=item Pointer to an SSL_CTX object
++
++The return value points to an allocated SSL_CTX object.
++
++=back
++
++=head1 SEE ALSO
++
++L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
++L<ssl(3)|ssl(3)>,  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
++
++=cut
++=pod
++
++=head1 NAME
++
++SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
++
++=head1 DESCRIPTION
++
++SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish
++TLS/SSL enabled connections.
++
++=head1 NOTES
++
++The SSL_CTX object uses B<method> as connection method. The methods exist
++in a generic type (for client and server use), a server only type, and a
++client only type. B<method> can be of the following types:
++
++=over 4
++
++=item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
++
++A TLS/SSL connection established with these methods will only understand
++the SSLv2 protocol. A client will send out SSLv2 client hello messages
++and will also indicate that it only understand SSLv2. A server will only
++understand SSLv2 client hello messages.
++
++=item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
++
++A TLS/SSL connection established with these methods will only understand the
++SSLv3 protocol. A client will send out SSLv3 client hello messages
++and will indicate that it only understands SSLv3. A server will only understand
++SSLv3 client hello messages. This especially means, that it will
++not understand SSLv2 client hello messages which are widely used for
++compatibility reasons, see SSLv23_*_method().
++
++=item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
++
++A TLS/SSL connection established with these methods will only understand the
++TLSv1 protocol. A client will send out TLSv1 client hello messages
++and will indicate that it only understands TLSv1. A server will only understand
++TLSv1 client hello messages. This especially means, that it will
++not understand SSLv2 client hello messages which are widely used for
++compatibility reasons, see SSLv23_*_method(). It will also not understand
++SSLv3 client hello messages.
++
++=item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
++
++A TLS/SSL connection established with these methods will understand the SSLv2,
++SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
++and will indicate that it also understands SSLv3 and TLSv1. A server will
++understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
++choice when compatibility is a concern.
++
++=back
++
+ If a generic method is used, it is necessary to explicitly set client or
+ server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+ or SSL_set_accept_state().
+Index: crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod,v
+retrieving revision 1.1.1.2.2.1
+diff -u -r1.1.1.2.2.1 SSL_CTX_sess_set_cache_size.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod	4 Jul 2001 23:22:31 -0000	1.1.1.2.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod	31 Jul 2002 00:47:01 -0000
+@@ -27,7 +27,7 @@
+ 
+ When the maximum number of sessions is reached, no more new sessions are
+ added to the cache. New space may be added by calling
+-L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)> to remove
++L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> to remove
+ expired sessions.
+ 
+ If the size of the session cache is reduced and more sessions are already
+@@ -46,6 +46,6 @@
+ L<ssl(3)|ssl(3)>,
+ L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+ L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+-L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
++L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_CTX_sess_set_get_cb.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod	31 Jul 2002 00:47:01 -0000
+@@ -70,12 +70,16 @@
+ session caching was disabled. The get_session_cb() is passed the
+ B<ssl> connection, the session id of length B<length> at the memory location
+ B<data>. With the parameter B<copy> the callback can require the
+-SSL engine to increment the reference count of the SSL_SESSION object.
++SSL engine to increment the reference count of the SSL_SESSION object,
++Normally the reference count is not incremented and therefore the
++session must not be explicitly freed with
++L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
+ 
+ =head1 SEE ALSO
+ 
+ L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
+ L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+-L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
++L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
++L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod
+diff -N crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod	31 Jul 2002 00:47:01 -0000
+@@ -0,0 +1,57 @@
++=pod
++
++=head1 NAME
++
++SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
++ X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);
++
++=head1 DESCRIPTION
++
++SSL_CTX_set_cert_store() sets/replaces the certificate verification storage
++of B<ctx> to/with B<store>. If another X509_STORE object is currently
++set in B<ctx>, it will be X509_STORE_free()ed.
++
++SSL_CTX_get_cert_store() returns a pointer to the current certificate
++verification storage.
++
++=head1 NOTES
++
++In order to verify the certificates presented by the peer, trusted CA
++certificates must be accessed. These CA certificates are made available
++via lookup methods, handled inside the X509_STORE. From the X509_STORE
++the X509_STORE_CTX used when verifying certificates is created.
++
++Typically the trusted certificate store is handled indirectly via using
++L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
++Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions
++it is possible to manipulate the X509_STORE object beyond the
++L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
++call.
++
++Currently no detailed documentation on how to use the X509_STORE
++object is available. Not all members of the X509_STORE are used when
++the verification takes place. So will e.g. the verify_callback() be
++overridden with the verify_callback() set via the
++L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions.
++This document must therefore be updated when documentation about the
++X509_STORE object and its handling becomes available.
++
++=head1 RETURN VALUES
++
++SSL_CTX_set_cert_store() does not return diagnostic output.
++
++SSL_CTX_get_cert_store() returns the current setting.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>,
++L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
++L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
+diff -N crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod	31 Jul 2002 00:47:01 -0000
+@@ -0,0 +1,75 @@
++=pod
++
++=head1 NAME
++
++SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(),
++                                       char *arg);
++ int (*callback)();
++
++=head1 DESCRIPTION
++
++SSL_CTX_set_cert_verify_callback() sets the verification callback function for
++B<ctx>. SSL objects, that are created from B<ctx> inherit the setting valid at
++the time, L<SSL_new(3)|SSL_new(3)> is called. B<arg> is currently ignored.
++
++=head1 NOTES
++
++Whenever a certificate is verified during a SSL/TLS handshake, a verification
++function is called. If the application does not explicitly specify a
++verification callback function, the built-in verification function is used.
++If a verification callback B<callback> is specified via
++SSL_CTX_set_cert_verify_callback(), the supplied callback function is called
++instead. By setting B<callback> to NULL, the default behaviour is restored.
++
++When the verification must be performed, B<callback> will be called with
++the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments B<arg>
++that can be specified when setting B<callback> are currently ignored.
++
++B<callback> should return 1 to indicate verification success and 0 to
++indicate verification failure. If SSL_VERIFY_PEER is set and B<callback>
++returns 0, the handshake will fail. As the verification procedure may
++allow to continue the connection in case of failure (by always returning 1)
++the verification result must be set in any case using the B<error>
++member of B<x509_store_ctx>, so that the calling application will be informed
++about the detailed result of the verification procedure! 
++
++Within B<x509_store_ctx>, B<callback> has access to the B<verify_callback>
++function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
++
++=head1 WARNINGS
++
++Do not mix the verification callback described in this function with the
++B<verify_callback> function called during the verification process. The
++latter is set using the L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
++family of functions.
++
++Providing a complete verification procedure including certificate purpose
++settings etc is a complex task. The built-in procedure is quite powerful
++and in most cases it should be sufficient to modify its behaviour using
++the B<verify_callback> function.
++
++=head1 BUGS
++
++It is possible to specify arguments to be passed to the verification callback.
++Currently they are however not passed but ignored.
++
++The B<callback> function is not specified via a prototype, so that no
++type checking takes place.
++
++=head1 RETURN VALUES
++
++SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
++L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
++L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_CTX_set_cipher_list.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod	4 Jul 2001 23:19:42 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod	31 Jul 2002 00:47:01 -0000
+@@ -34,9 +34,25 @@
+ also sufficient. On the server side, additional restrictions apply. All ciphers
+ have additional requirements. ADH ciphers don't need a certificate, but
+ DH-parameters must have been set. All other ciphers need a corresponding
+-certificate and key. A RSA cipher can only be chosen, when a RSA certificate is
+-available, the respective is valid for DSA ciphers. Ciphers using EDH need
+-a certificate and key and DH-parameters.
++certificate and key.
++
++A RSA cipher can only be chosen, when a RSA certificate is available.
++RSA export ciphers with a keylength of 512 bits for the RSA key require
++a temporary 512 bit RSA key, as typically the supplied key has a length
++of 1024 bit (see
++L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
++RSA ciphers using EDH need a certificate and key and additional DH-parameters
++(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
++
++A DSA cipher can only be chosen, when a DSA certificate is available.
++DSA ciphers always use DH key exchange and therefore need DH-parameters
++(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
++
++When these conditions are not met for any cipher in the list (e.g. a
++client only supports export RSA ciphers with a asymmetric key length
++of 512 bits and the server is not configured to use temporary RSA
++keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
++and the handshake will fail.
+ 
+ =head1 RETURN VALUES
+ 
+@@ -47,6 +63,8 @@
+ 
+ L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
+ L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
++L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
++L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+ L<ciphers(1)|ciphers(1)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod,v
+retrieving revision 1.1.1.2.2.1
+diff -u -r1.1.1.2.2.1 SSL_CTX_set_client_CA_list.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod	4 Jul 2001 23:22:31 -0000	1.1.1.2.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod	31 Jul 2002 00:47:01 -0000
+@@ -36,25 +36,23 @@
+ 
+ When a TLS/SSL server requests a client certificate (see
+ B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
+-it will accept certificates, to the client. If no special list is provided,
+-the CAs available using the B<CAfile> option in
+-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+-are sent.
++it will accept certificates, to the client.
+ 
+-This list can be explicitly set using the SSL_CTX_set_client_CA_list() for
++This list must explicitly be set using SSL_CTX_set_client_CA_list() for
+ B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
+ specified overrides the previous setting. The CAs listed do not become
+ trusted (B<list> only contains the names, not the complete certificates); use
+ L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 
+ to additionally load them for verification.
+ 
++If the list of acceptable CAs is compiled in a file, the
++L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>
++function can be used to help importing the necessary data.
++
+ SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
+ items the list of client CAs. If no list was specified before using
+ SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
+-CA list for B<ctx> or B<ssl> (as appropriate) is opened. The CAs implicitly
+-specified using
+-L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+-are no longer used automatically.
++CA list for B<ctx> or B<ssl> (as appropriate) is opened.
+ 
+ These functions are only useful for TLS/SSL servers.
+ 
+@@ -80,11 +78,17 @@
+ 
+ =back
+ 
++=head1 EXAMPLES
++
++Scan all certificates in B<CAfile> and list them as acceptable CAs:
++
++  SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
++
+ =head1 SEE ALSO
+ 
+ L<ssl(3)|ssl(3)>,
+ L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+-L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>
++L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
+ L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
+diff -N crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod	31 Jul 2002 00:47:01 -0000
+@@ -0,0 +1,94 @@
++=pod
++
++=head1 NAME
++
++SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
++ int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
++ int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
++
++=head1 DESCRIPTION
++
++SSL_CTX_set_client_cert_cb() sets the B<client_cert_cb()> callback, that is
++called when a client certificate is requested by a server and no certificate
++was yet set for the SSL object.
++
++When B<client_cert_cb()> is NULL, no callback function is used.
++
++SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback
++function.
++
++client_cert_cb() is the application defined callback. If it wants to
++set a certificate, a certificate/private key combination must be set
++using the B<x509> and B<pkey> arguments and "1" must be returned. The
++certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
++If no certificate should be set, "0" has to be returned and no certificate
++will be sent. A negative return value will suspend the handshake and the
++handshake function will return immediatly. L<SSL_get_error(3)|SSL_get_error(3)>
++will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was
++suspended. The next call to the handshake function will again lead to the call
++of client_cert_cb(). It is the job of the client_cert_cb() to store information
++about the state of the last call, if required to continue.
++
++=head1 NOTES
++
++During a handshake (or renegotiation) a server may request a certificate
++from the client. A client certificate must only be sent, when the server
++did send the request.
++
++When a certificate was set using the
++L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> family of functions,
++it will be sent to the server. The TLS standard requires that only a
++certificate is sent, if it matches the list of acceptable CAs sent by the
++server. This constraint is violated by the default behavior of the OpenSSL
++library. Using the callback function it is possible to implement a proper
++selection routine or to allow a user interaction to choose the certificate to
++be sent.
++
++If a callback function is defined and no certificate was yet defined for the
++SSL object, the callback function will be called.
++If the callback function returns a certificate, the OpenSSL library
++will try to load the private key and certificate data into the SSL
++object using the SSL_use_certificate() and SSL_use_private_key() functions.
++Thus it will permanently install the certificate and key for this SSL
++object. It will not be reset by calling L<SSL_clear(3)|SSL_clear(3)>.
++If the callback returns no certificate, the OpenSSL library will not send
++a certificate.
++
++=head1 BUGS
++
++The client_cert_cb() cannot return a complete certificate chain, it can
++only return one client certificate. If the chain only has a length of 2,
++the root CA certificate may be omitted according to the TLS standard and
++thus a standard conforming answer can be sent to the server. For a
++longer chain, the client must send the complete chain (with the option
++to leave out the root CA certificate). This can only be accomplished by
++either adding the intermediate CA certificates into the trusted
++certificate store for the SSL_CTX object (resulting in having to add
++CA certificates that otherwise maybe would not be trusted), or by adding
++the chain certificates using the
++L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
++function, which is only available for the SSL_CTX object as a whole and that
++therefore probably can only apply for one client certificate, making
++the concept of the callback function (to allow the choice from several
++certificates) questionable.
++
++Once the SSL object has been used in conjunction with the callback function,
++the certificate will be set for the SSL object and will not be cleared
++even when L<SSL_clear(3)|SSL_clear(3)> is being called. It is therefore
++mandatory to destroy the SSL object using L<SSL_free(3)|SSL_free(3)>
++and create a new one to return to the previous state.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
++L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
++L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
++L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_CTX_set_default_passwd_cb.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod	31 Jul 2002 00:47:01 -0000
+@@ -40,6 +40,12 @@
+ password could be stored into the B<userdata> storage and the
+ pem_passwd_cb() only returns the password already stored.
+ 
++When asking for the password interactively, pem_passwd_cb() can use
++B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
++In this case the password dialog may ask for the same password twice
++for comparison in order to catch typos, that would make decryption
++impossible.
++
+ Other items in PEM formatting (certificates) can also be encrypted, it is
+ however not usual, as certificate information is considered public.
+ 
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod
+diff -N crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod	31 Jul 2002 00:47:01 -0000
+@@ -0,0 +1,153 @@
++=pod
++
++=head1 NAME
++
++SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
++ void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))();
++
++ void SSL_set_info_callback(SSL *ssl, void (*callback)());
++ void (*SSL_get_info_callback(SSL *ssl))();
++
++=head1 DESCRIPTION
++
++SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to
++obtain state information for SSL objects created from B<ctx> during connection
++setup and use. The setting for B<ctx> is overridden from the setting for
++a specific SSL object, if specified.
++When B<callback> is NULL, not callback function is used.
++
++SSL_set_info_callback() sets the B<callback> function, that can be used to
++obtain state information for B<ssl> during connection setup and use.
++When B<callback> is NULL, the callback setting currently valid for
++B<ctx> is used.
++
++SSL_CTX_get_info_callback() returns a pointer to the currently set information
++callback function for B<ctx>.
++
++SSL_get_info_callback() returns a pointer to the currently set information
++callback function for B<ssl>.
++
++=head1 NOTES
++
++When setting up a connection and during use, it is possible to obtain state
++information from the SSL/TLS engine. When set, an information callback function
++is called whenever the state changes, an alert appears, or an error occurs.
++
++The callback function is called as B<callback(SSL *ssl, int where, int ret)>.
++The B<where> argument specifies information about where (in which context)
++the callback function was called. If B<ret> is 0, an error condition occurred.
++If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
++information.
++
++B<where> is a bitmask made up of the following bits:
++
++=over 4
++
++=item SSL_CB_LOOP
++
++Callback has been called to indicate state change inside a loop.
++
++=item SSL_CB_EXIT
++
++Callback has been called to indicate error exit of a handshake function.
++(May be soft error with retry option for non-blocking setups.)
++
++=item SSL_CB_READ
++
++Callback has been called during read operation.
++
++=item SSL_CB_WRITE
++
++Callback has been called during write operation.
++
++=item SSL_CB_ALERT
++
++Callback has been called due to an alert being sent or received.
++
++=item SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
++
++=item SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
++
++=item SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
++
++=item SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
++
++=item SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
++
++=item SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
++
++=item SSL_CB_HANDSHAKE_START
++
++Callback has been called because a new handshake is started.
++
++=item SSL_CB_HANDSHAKE_DONE           0x20
++
++Callback has been called because a handshake is finished.
++
++=back
++
++The current state information can be obtained using the
++L<SSL_state_string(3)|SSL_state_string(3)> family of functions.
++
++The B<ret> information can be evaluated using the
++L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> family of functions.
++
++=head1 RETURN VALUES
++
++SSL_set_info_callback() does not provide diagnostic information.
++
++SSL_get_info_callback() returns the current setting.
++
++=head1 EXAMPLES
++
++The following example callback function prints state strings, information
++about alerts being handled and error messages to the B<bio_err> BIO.
++
++ void apps_ssl_info_callback(SSL *s, int where, int ret)
++	{
++	const char *str;
++	int w;
++
++	w=where& ~SSL_ST_MASK;
++
++	if (w & SSL_ST_CONNECT) str="SSL_connect";
++	else if (w & SSL_ST_ACCEPT) str="SSL_accept";
++	else str="undefined";
++
++	if (where & SSL_CB_LOOP)
++		{
++		BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
++		}
++	else if (where & SSL_CB_ALERT)
++		{
++		str=(where & SSL_CB_READ)?"read":"write";
++		BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
++			str,
++			SSL_alert_type_string_long(ret),
++			SSL_alert_desc_string_long(ret));
++		}
++	else if (where & SSL_CB_EXIT)
++		{
++		if (ret == 0)
++			BIO_printf(bio_err,"%s:failed in %s\n",
++				str,SSL_state_string_long(s));
++		else if (ret < 0)
++			{
++			BIO_printf(bio_err,"%s:error in %s\n",
++				str,SSL_state_string_long(s));
++			}
++		}
++	}
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_state_string(3)|SSL_state_string(3)>,
++L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_CTX_set_mode.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod	31 Jul 2002 00:47:01 -0000
+@@ -37,6 +37,9 @@
+ Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+ when just a single record has been written). When not set (the default),
+ SSL_write() will only report success once the complete chunk was written.
++Once SSL_write() returns with r, r bytes have been successfully written
++and the next call to SSL_write() must only send the n-r bytes left,
++imitating the behaviour of write().
+ 
+ =item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
+ 
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod,v
+retrieving revision 1.1.1.2.2.1
+diff -u -r1.1.1.2.2.1 SSL_CTX_set_options.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_set_options.pod	4 Jul 2001 23:22:31 -0000	1.1.1.2.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_set_options.pod	31 Jul 2002 00:47:01 -0000
+@@ -17,10 +17,10 @@
+ =head1 DESCRIPTION
+ 
+ SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
+-Options already set before are not cleared.
++Options already set before are not cleared!
+ 
+ SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
+-Options already set before are not cleared.
++Options already set before are not cleared!
+ 
+ SSL_CTX_get_options() returns the options set for B<ctx>.
+ 
+@@ -32,7 +32,12 @@
+ The options are coded as bitmasks and can be combined by a logical B<or>
+ operation (|). Options can only be added but can never be reset.
+ 
+-During a handshake, the option settings of the SSL object used. When
++SSL_CTX_set_options() and SSL_set_options() affect the (external)
++protocol behaviour of the SSL library. The (internal) behaviour of
++the API can be changed by using the similar
++L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
++
++During a handshake, the option settings of the SSL object are used. When
+ a new SSL object is created from a context using SSL_new(), the current
+ option setting is copied. Changes to B<ctx> do not affect already created
+ SSL objects. SSL_clear() does not affect the settings.
+@@ -107,14 +112,22 @@
+ same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
+ to the server's answer and violate the version rollback protection.)
+ 
++=item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
++
++Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
++vulnerability affecting CBC ciphers, which cannot be handled by some
++broken SSL implementations.  This option has no effect for connections
++using other ciphers.
++
+ =item SSL_OP_ALL
+ 
+ All of the above bug workarounds.
+ 
+ =back
+ 
+-It is save and recommended to use SSL_OP_ALL to enable the bug workaround
+-options.
++It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
++options if compatibility with somewhat broken implementations is
++desired.
+ 
+ The following B<modifying> options are available:
+ 
+@@ -122,11 +135,27 @@
+ 
+ =item SSL_OP_SINGLE_DH_USE
+ 
+-Always create a new key when using temporary DH parameters.
++Always create a new key when using temporary/ephemeral DH parameters
++(see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
++This option must be used to prevent small subgroup attacks, when
++the DH parameters were not generated using "strong" primes
++(e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
++If "strong" primes were used, it is not strictly necessary to generate
++a new DH key during each handshake but it is also recommended.
++SSL_OP_SINGLE_DH_USE should therefore be enabled whenever
++temporary/ephemeral DH parameters are used.
+ 
+ =item SSL_OP_EPHEMERAL_RSA
+ 
+-Also use the temporary RSA key when doing RSA operations.
++Always use ephemeral (temporary) RSA key when doing RSA operations
++(see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
++According to the specifications this is only done, when a RSA key
++can only be used for signature operations (namely under export ciphers
++with restricted RSA keylength). By setting this option, ephemeral
++RSA keys are always used. This option breaks compatibility with the
++SSL/TLS specifications and may lead to interoperability problems with
++clients and should therefore never be used. Ciphers with EDH (ephemeral
++Diffie-Hellman) key exchange should be used instead.
+ 
+ =item SSL_OP_PKCS1_CHECK_1
+ 
+@@ -142,11 +171,6 @@
+ non-self-sighed CA which does not have it's CA in netscape, and the
+ browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta 
+ 
+-=item SSL_OP_NON_EXPORT_FIRST
+-
+-On servers try to use non-export (stronger) ciphers first. This option does
+-not work under all circumstances (in the code it is declared "broken").
+-
+ =item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+ 
+ ...
+@@ -174,10 +198,18 @@
+ 
+ =head1 SEE ALSO
+ 
+-L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>
++L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
++L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
++L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
++L<dhparam(1)|dhparam(1)>
+ 
+ =head1 HISTORY
+ 
+ SSL_OP_TLS_ROLLBACK_BUG has been added in OpenSSL 0.9.6.
++
++B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
++Versions up to OpenSSL 0.9.6c do not include the countermeasure that
++can be disabled with this option (in OpenSSL 0.9.6d, it was always
++enabled).
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
+diff -N crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod	31 Jul 2002 00:47:01 -0000
+@@ -0,0 +1,63 @@
++=pod
++
++=head1 NAME
++
++SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
++ int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
++
++ void SSL_set_quiet_shutdown(SSL *ssl, int mode);
++ int SSL_get_quiet_shutdown(SSL *ssl);
++
++=head1 DESCRIPTION
++
++SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ctx> to be
++B<mode>. SSL objects created from B<ctx> inherit the B<mode> valid at the time
++L<SSL_new(3)|SSL_new(3)> is called. B<mode> may be 0 or 1.
++
++SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ctx>.
++
++SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ssl> to be
++B<mode>. The setting stays valid until B<ssl> is removed with
++L<SSL_free(3)|SSL_free(3)> or SSL_set_quiet_shutdown() is called again.
++It is not changed when L<SSL_clear(3)|SSL_clear(3)> is called.
++B<mode> may be 0 or 1.
++
++SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>.
++
++=head1 NOTES
++
++Normally when a SSL connection is finished, the parties must send out
++"close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)>
++for a clean shutdown.
++
++When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)|SSL_shutdown(3)>
++will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.
++(L<SSL_shutdown(3)|SSL_shutdown(3)> then behaves like
++L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> called with
++SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.)
++The session is thus considered to be shutdown, but no "close notify" alert
++is sent to the peer. This behaviour violates the TLS standard.
++
++The default is normal shutdown behaviour as described by the TLS standard.
++
++=head1 RETURN VALUES
++
++SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return
++diagnostic information.
++
++SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current
++setting.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
++L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<SSL_new(3)|SSL_new(3)>,
++L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod,v
+retrieving revision 1.1.1.2.2.1
+diff -u -r1.1.1.2.2.1 SSL_CTX_set_session_cache_mode.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod	4 Jul 2001 23:22:31 -0000	1.1.1.2.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod	31 Jul 2002 00:47:01 -0000
+@@ -97,11 +97,12 @@
+ =head1 SEE ALSO
+ 
+ L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
++L<SSL_session_reused(3)|SSL_session_reused(3)>,
+ L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+ L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+ L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+ L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+-L<SSL_CTX_set_timeout.pod(3)|SSL_CTX_set_timeout.pod(3)>,
++L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+ L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_CTX_set_timeout.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod	31 Jul 2002 00:47:01 -0000
+@@ -37,7 +37,10 @@
+ directly by the application or automatically (see
+ L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
+ 
+-The default value for session timeout is 300 seconds.
++The default value for session timeout is decided on a per protocol
++basis, see L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>.
++All currently supported protocols have the same default timeout value
++of 300 seconds.
+ 
+ =head1 RETURN VALUES
+ 
+@@ -50,6 +53,7 @@
+ L<ssl(3)|ssl(3)>,
+ L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+ L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+-L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
++L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
++L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+diff -N crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	31 Jul 2002 00:47:01 -0000
+@@ -0,0 +1,170 @@
++=pod
++
++=head1 NAME
++
++SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
++            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
++ long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
++
++ void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
++            DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
++ long SSL_set_tmp_dh(SSL *ssl, DH *dh)
++
++ DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
++
++=head1 DESCRIPTION
++
++SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
++used when a DH parameters are required to B<tmp_dh_callback>.
++The callback is inherited by all B<ssl> objects created from B<ctx>.
++
++SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>.
++The key is inherited by all B<ssl> objects created from B<ctx>.
++
++SSL_set_tmp_dh_callback() sets the callback only for B<ssl>.
++
++SSL_set_tmp_dh() sets the parameters only for B<ssl>.
++
++These functions apply to SSL/TLS servers only.
++
++=head1 NOTES
++
++When using a cipher with RSA authentication, an ephemeral DH key exchange
++can take place. Ciphers with DSA keys always use ephemeral DH keys as well.
++In these cases, the session data are negotiated using the
++ephemeral/temporary DH key and the key supplied and certified
++by the certificate chain is only used for signing.
++Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
++
++Using ephemeral DH key exchange yields forward secrecy, as the connection
++can only be decrypted, when the DH key is known. By generating a temporary
++DH key inside the server application that is lost when the application
++is left, it becomes impossible for an attacker to decrypt past sessions,
++even if he gets hold of the normal (certified) key, as this key was
++only used for signing.
++
++In order to perform a DH key exchange the server must use a DH group
++(DH parameters) and generate a DH key. The server will always generate a new
++DH key during the negotiation, when the DH parameters are supplied via
++callback and/or when the SSL_OP_SINGLE_DH_USE option of
++L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)> is set. It will
++immediately create a DH key, when DH parameters are supplied via
++SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case,
++it may happen that a key is generated on initialization without later
++being needed, while on the other hand the computer time during the
++negotiation is being saved.
++
++If "strong" primes were used to generate the DH parameters, it is not strictly
++necessary to generate a new key for each handshake but it does improve forward
++secrecy. If it is not assured, that "strong" primes were used (see especially
++the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used
++in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE
++has an impact on the computer time needed during negotiation, but it is not
++very large, so application authors/users should consider to always enable
++this option.
++
++As generating DH parameters is extremely time consuming, an application
++should not generate the parameters on the fly but supply the parameters.
++DH parameters can be reused, as the actual key is newly generated during
++the negotiation. The risk in reusing DH parameters is that an attacker
++may specialize on a very often used DH group. Applications should therefore
++generate their own DH parameters during the installation process using the
++openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer
++time needed for this generation, it is possible to use DSA parameters
++instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE
++is mandatory.
++
++Application authors may compile in DH parameters. Files dh512.pem,
++dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
++version of the OpenSSL distribution contain the 'SKIP' DH parameters,
++which use safe primes and were generated verifiably pseudo-randomly.
++These files can be converted into C code using the B<-C> option of the
++L<dhparam(1)|dhparam(1)> application.
++Authors may also generate their own set of parameters using
++L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were
++generated. The generation of DH parameters during installation is therefore
++recommended.
++
++An application may either directly specify the DH parameters or
++can supply the DH parameters via a callback function. The callback approach
++has the advantage, that the callback may supply DH parameters for different
++key lengths.
++
++The B<tmp_dh_callback> is called with the B<keylength> needed and
++the B<is_export> information. The B<is_export> flag is set, when the
++ephemeral DH key exchange is performed with an export cipher.
++
++=head1 EXAMPLES
++
++Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling
++partly left out.)
++
++ ...
++ /* Set up ephemeral DH stuff */
++ DH *dh_512 = NULL;
++ DH *dh_1024 = NULL;
++ FILE *paramfile;
++
++ ...
++ /* "openssl dhparam -out dh_param_512.pem -2 512" */
++ paramfile = fopen("dh_param_512.pem", "r");
++ if (paramfile) {
++   dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
++   fclose(paramfile);
++ }
++ /* "openssl dhparam -out dh_param_1024.pem -2 1024" */
++ paramfile = fopen("dh_param_1024.pem", "r");
++ if (paramfile) {
++   dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
++   fclose(paramfile);
++ }
++ ...
++
++ /* "openssl dhparam -C -2 512" etc... */
++ DH *get_dh512() { ... }
++ DH *get_dh1024() { ... }
++
++ DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
++ {
++    DH *dh_tmp=NULL;
++
++    switch (keylength) {
++    case 512:
++      if (!dh_512)
++        dh_512 = get_dh512();
++      dh_tmp = dh_512;
++      break;
++    case 1024:
++      if (!dh_1024) 
++        dh_1024 = get_dh1024();
++      dh_tmp = dh_1024;
++      break;
++    default:
++      /* Generating a key on the fly is very costly, so use what is there */
++      setup_dh_parameters_like_above();
++    }
++    return(dh_tmp);
++ }
++
++=head1 RETURN VALUES
++
++SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return
++diagnostic output.
++
++SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0
++on failure. Check the error queue to find out the reason of failure.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
++L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
++L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
++L<ciphers(1)|ciphers(1)>, L<dhparam(1)|dhparam(1)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
+diff -N crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod	31 Jul 2002 00:47:01 -0000
+@@ -0,0 +1,166 @@
++=pod
++
++=head1 NAME
++
++SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
++            RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
++ long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
++ long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
++
++ void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
++            RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
++ long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
++ long SSL_need_tmp_rsa(SSL *ssl)
++
++ RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
++
++=head1 DESCRIPTION
++
++SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be
++used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>.
++The callback is inherited by all SSL objects newly created from B<ctx>
++with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
++
++SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be
++B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
++with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
++
++SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
++for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
++with a keysize larger than 512 bits is installed.
++
++SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>.
++
++SSL_set_tmp_rsa() sets the key only for B<ssl>.
++
++SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
++for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
++with a keysize larger than 512 bits is installed.
++
++These functions apply to SSL/TLS servers only.
++
++=head1 NOTES
++
++When using a cipher with RSA authentication, an ephemeral RSA key exchange
++can take place. In this case the session data are negotiated using the
++ephemeral/temporary RSA key and the RSA key supplied and certified
++by the certificate chain is only used for signing.
++
++Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
++than the usual key length of 1024 bits were created. To use these ciphers
++with RSA keys of usual length, an ephemeral key exchange must be performed,
++as the normal (certified) key cannot be directly used.
++
++Using ephemeral RSA key exchange yields forward secrecy, as the connection
++can only be decrypted, when the RSA key is known. By generating a temporary
++RSA key inside the server application that is lost when the application
++is left, it becomes impossible for an attacker to decrypt past sessions,
++even if he gets hold of the normal (certified) RSA key, as this key was
++used for signing only. The downside is that creating a RSA key is
++computationally expensive.
++
++Additionally, the use of ephemeral RSA key exchange is only allowed in
++the TLS standard, when the RSA key can be used for signing only, that is
++for export ciphers. Using ephemeral RSA key exchange for other purposes
++violates the standard and can break interoperability with clients.
++It is therefore strongly recommended to not use ephemeral RSA key
++exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead
++in order to achieve forward secrecy (see
++L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
++
++On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
++and must be explicitly enabled  using the SSL_OP_EPHEMERAL_RSA option of
++L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL
++standard. When ephemeral RSA key exchange is required for export ciphers,
++it will automatically be used without this option!
++
++An application may either directly specify the key or can supply the key via
++a callback function. The callback approach has the advantage, that the
++callback may generate the key only in case it is actually needed. As the
++generation of a RSA key is however costly, it will lead to a significant
++delay in the handshake procedure.  Another advantage of the callback function
++is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA
++usage) while the explicit setting of the key is only useful for key size of
++512 bits to satisfy the export restricted ciphers and does give away key length
++if a longer key would be allowed.
++
++The B<tmp_rsa_callback> is called with the B<keylength> needed and
++the B<is_export> information. The B<is_export> flag is set, when the
++ephemeral RSA key exchange is performed with an export cipher.
++
++=head1 EXAMPLES
++
++Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the
++generation of a RSA key costs a lot of computer time, they saved for later
++reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
++respectively are generated.
++
++ ...
++ /* Set up ephemeral RSA stuff */
++ RSA *rsa_512 = NULL;
++ RSA *rsa_1024 = NULL;
++
++ rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
++ if (rsa_512 == NULL)
++     evaluate_error_queue();
++
++ rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
++ if (rsa_1024 == NULL)
++   evaluate_error_queue();
++
++ ...
++
++ RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
++ {
++    RSA *rsa_tmp=NULL;
++
++    switch (keylength) {
++    case 512:
++      if (rsa_512)
++        rsa_tmp = rsa_512;
++      else { /* generate on the fly, should not happen in this example */
++        rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
++        rsa_512 = rsa_tmp; /* Remember for later reuse */
++      }
++      break;
++    case 1024:
++      if (rsa_1024)
++        rsa_tmp=rsa_1024;
++      else
++        should_not_happen_in_this_example();
++      break;
++    default:
++      /* Generating a key on the fly is very costly, so use what is there */
++      if (rsa_1024)
++        rsa_tmp=rsa_1024;
++      else
++        rsa_tmp=rsa_512; /* Use at least a shorter key */
++    }
++    return(rsa_tmp);
++ }
++
++=head1 RETURN VALUES
++
++SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return
++diagnostic output.
++
++SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0
++on failure. Check the error queue to find out the reason of failure.
++
++SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary
++RSA key is needed and 0 otherwise.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
++L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
++L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
++L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_CTX_set_verify.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	31 Jul 2002 00:47:01 -0000
+@@ -59,14 +59,14 @@
+ 
+ B<Server mode:> the server sends a client certificate request to the client.
+ The certificate returned (if any) is checked. If the verification process
+-fails as indicated by B<verify_callback>, the TLS/SSL handshake is
++fails, the TLS/SSL handshake is
+ immediately terminated with an alert message containing the reason for
+ the verification failure.
+ The behaviour can be controlled by the additional
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags.
+ 
+ B<Client mode:> the server certificate is verified. If the verification process
+-fails as indicated by B<verify_callback>, the TLS/SSL handshake is
++fails, the TLS/SSL handshake is
+ immediately terminated with an alert message containing the reason for
+ the verification failure. If no server certificate is sent, because an
+ anonymous cipher is used, SSL_VERIFY_PEER is ignored.
+@@ -92,6 +92,15 @@
+ Exactly one of the B<mode> flags SSL_VERIFY_NONE and SSL_VERIFY_PEER must be
+ set at any time.
+ 
++The actual verification procedure is performed either using the built-in
++verification procedure or using another application provided verification
++function set with
++L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>.
++The following descriptions apply in the case of the built-in procedure. An
++application provided procedure also has access to the verify depth information
++and the verify_callback() function, but the way this information is used
++may be different.
++
+ SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up
+ to which depth certificates in a chain are used during the verification
+ procedure. If the certificate chain is longer than allowed, the certificates
+@@ -278,6 +287,7 @@
+ L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+ L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
+ L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
++L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
+ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
+ L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>
+ 
+Index: crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod,v
+retrieving revision 1.1.1.2.2.1
+diff -u -r1.1.1.2.2.1 SSL_CTX_use_certificate.pod
+--- crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod	4 Jul 2001 23:22:31 -0000	1.1.1.2.2.1
++++ crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod	31 Jul 2002 00:47:01 -0000
+@@ -149,6 +149,7 @@
+ L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
+ L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
+ L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
++L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
+ L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_SESSION_free.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_SESSION_free.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_SESSION_free.pod
+--- crypto/openssl/doc/ssl/SSL_SESSION_free.pod	26 Nov 2000 11:38:50 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_SESSION_free.pod	31 Jul 2002 00:47:01 -0000
+@@ -16,10 +16,40 @@
+ the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
+ memory, if the the reference count has reached 0.
+ 
++=head1 NOTES
++
++SSL_SESSION objects are allocated, when a TLS/SSL handshake operation
++is successfully completed. Depending on the settings, see
++L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
++the SSL_SESSION objects are internally referenced by the SSL_CTX and
++linked into its session cache. SSL objects may be using the SSL_SESSION object;
++as a session may be reused, several SSL objects may be using one SSL_SESSION
++object at the same time. It is therefore crucial to keep the reference
++count (usage information) correct and not delete a SSL_SESSION object
++that is still used, as this may lead to program failures due to
++dangling pointers. These failures may also appear delayed, e.g.
++when an SSL_SESSION object was completely freed as the reference count
++incorrectly became 0, but it is still referenced in the internal
++session cache and the cache list is processed during a
++L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> operation.
++
++SSL_SESSION_free() must only be called for SSL_SESSION objects, for
++which the reference count was explicitly incremented (e.g.
++by calling SSL_get1_session(), see L<SSL_get_session(3)|SSL_get_session(3)>)
++or when the SSL_SESSION object was generated outside a TLS handshake
++operation, e.g. by using L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>.
++It must not be called on other SSL_SESSION objects, as this would cause
++incorrect reference counts and therefore program failures.
++
+ =head1 RETURN VALUES
+ 
+ SSL_SESSION_free() does not provide diagnostic information.
+ 
+-L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>,
++L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
++L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
++ L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_SESSION_get_ex_new_index.pod
+--- crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod	31 Jul 2002 00:47:01 -0000
+@@ -40,6 +40,67 @@
+ B<session>.
+ 
+ A detailed description for the B<*_get_ex_new_index()> functionality
++can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
++The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
++L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
++
++=head1 WARNINGS
++
++The application data is only maintained for sessions held in memory. The
++application data is not included when dumping the session with
++i2d_SSL_SESSION() (and all functions indirectly calling the dump functions
++like PEM_write_SSL_SESSION() and PEM_write_bio_SSL_SESSION()) and can
++therefore not be restored.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>,
++L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
++L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
++
++=cut
++=pod
++
++=head1 NAME
++
++SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data - internal application specific data functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ int SSL_SESSION_get_ex_new_index(long argl, void *argp,
++                CRYPTO_EX_new *new_func,
++                CRYPTO_EX_dup *dup_func,
++                CRYPTO_EX_free *free_func);
++
++ int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg);
++
++ void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx);
++
++ typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
++                int idx, long argl, void *argp);
++ typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
++                int idx, long argl, void *argp);
++ typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
++                int idx, long argl, void *argp);
++
++=head1 DESCRIPTION
++
++Several OpenSSL structures can have application specific data attached to them.
++These functions are used internally by OpenSSL to manipulate application
++specific data attached to a specific structure.
++
++SSL_SESSION_get_ex_new_index() is used to register a new index for application
++specific data.
++
++SSL_SESSION_set_ex_data() is used to store application data at B<arg> for B<idx>
++into the B<session> object.
++
++SSL_SESSION_get_ex_data() is used to retrieve the information for B<idx> from
++B<session>.
++
++A detailed description for the B<*_get_ex_new_index()> functionality
+ can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
+ The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+ L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+Index: crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_SESSION_get_time.pod
+--- crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod	31 Jul 2002 00:47:01 -0000
+@@ -58,6 +58,7 @@
+ =head1 SEE ALSO
+ 
+ L<ssl(3)|ssl(3)>,
+-L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>
++L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
++L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_accept.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_accept.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_accept.pod
+--- crypto/openssl/doc/ssl/SSL_accept.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_accept.pod	31 Jul 2002 00:47:01 -0000
+@@ -37,11 +37,6 @@
+ condition. When using a buffering BIO, like a BIO pair, data must be written
+ into or retrieved out of the BIO before being able to continue.
+ 
+-When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
+-is necessary to call SSL_set_accept_state()
+-before calling SSL_accept() to explicitly switch the B<ssl> to server
+-mode.
+-
+ =head1 RETURN VALUES
+ 
+ The following return values can occur:
+@@ -74,6 +69,7 @@
+ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
+ L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+ L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
++L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+ L<SSL_CTX_new(3)|SSL_CTX_new(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_alert_type_string.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_alert_type_string.pod
+diff -N crypto/openssl/doc/ssl/SSL_alert_type_string.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_alert_type_string.pod	31 Jul 2002 00:47:01 -0000
+@@ -0,0 +1,228 @@
++=pod
++
++=head1 NAME
++
++SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ char *SSL_alert_type_string(int value);
++ char *SSL_alert_type_string_long(int value);
++
++ char *SSL_alert_desc_string(int value);
++ char *SSL_alert_desc_string_long(int value);
++
++=head1 DESCRIPTION
++
++SSL_alert_type_string() returns a one letter string indicating the
++type of the alert specified by B<value>.
++
++SSL_alert_type_string_long() returns a string indicating the type of the alert
++specified by B<value>.
++
++SSL_alert_desc_string() returns a two letter string as a short form
++describing the reason of the alert specified by B<value>.
++
++SSL_alert_desc_string_long() returns a string describing the reason
++of the alert specified by B<value>.
++
++=head1 NOTES
++
++When one side of an SSL/TLS communication wants to inform the peer about
++a special situation, it sends an alert. The alert is sent as a special message
++and does not influence the normal data stream (unless its contents results
++in the communication being canceled).
++
++A warning alert is sent, when a non-fatal error condition occurs. The
++"close notify" alert is sent as a warning alert. Other examples for
++non-fatal errors are certificate errors ("certificate expired",
++"unsupported certificate"), for which a warning alert may be sent.
++(The sending party may however decide to send a fatal error.) The
++receiving side may cancel the connection on reception of a warning
++alert on it discretion.
++
++Several alert messages must be sent as fatal alert messages as specified
++by the TLS RFC. A fatal alert always leads to a connection abort.
++
++=head1 RETURN VALUES
++
++The following strings can occur for SSL_alert_type_string() or
++SSL_alert_type_string_long():
++
++=over 4
++
++=item "W"/"warning"
++
++=item "F"/"fatal"
++
++=item "U"/"unknown"
++
++This indicates that no support is available for this alert type.
++Probably B<value> does not contain a correct alert message.
++
++=back
++
++The following strings can occur for SSL_alert_desc_string() or
++SSL_alert_desc_string_long():
++
++=over 4
++
++=item "CN"/"close notify"
++
++The connection shall be closed. This is a warning alert.
++
++=item "UM"/"unexpected message"
++
++An inappropriate message was received. This alert is always fatal
++and should never be observed in communication between proper
++implementations.
++
++=item "BM"/"bad record mac"
++
++This alert is returned if a record is received with an incorrect
++MAC. This message is always fatal.
++
++=item "DF"/"decompression failure"
++
++The decompression function received improper input (e.g. data
++that would expand to excessive length). This message is always
++fatal.
++
++=item "HF"/"handshake failure"
++
++Reception of a handshake_failure alert message indicates that the
++sender was unable to negotiate an acceptable set of security
++parameters given the options available. This is a fatal error.
++
++=item "NC"/"no certificate"
++
++A client, that was asked to send a certificate, does not send a certificate
++(SSLv3 only).
++
++=item "BC"/"bad certificate"
++
++A certificate was corrupt, contained signatures that did not
++verify correctly, etc
++
++=item "UC"/"unsupported certificate"
++
++A certificate was of an unsupported type.
++
++=item "CR"/"certificate revoked"
++
++A certificate was revoked by its signer.
++
++=item "CE"/"certificate expired"
++
++A certificate has expired or is not currently valid.
++
++=item "CU"/"certificate unknown"
++
++Some other (unspecified) issue arose in processing the
++certificate, rendering it unacceptable.
++
++=item "IP"/"illegal parameter"
++
++A field in the handshake was out of range or inconsistent with
++other fields. This is always fatal.
++
++=item "DC"/"decryption failed"
++
++A TLSCiphertext decrypted in an invalid way: either it wasn't an
++even multiple of the block length or its padding values, when
++checked, weren't correct. This message is always fatal.
++
++=item "RO"/"record overflow"
++
++A TLSCiphertext record was received which had a length more than
++2^14+2048 bytes, or a record decrypted to a TLSCompressed record
++with more than 2^14+1024 bytes. This message is always fatal.
++
++=item "CA"/"unknown CA"
++
++A valid certificate chain or partial chain was received, but the
++certificate was not accepted because the CA certificate could not
++be located or couldn't be matched with a known, trusted CA.  This
++message is always fatal.
++
++=item "AD"/"access denied"
++
++A valid certificate was received, but when access control was
++applied, the sender decided not to proceed with negotiation.
++This message is always fatal.
++
++=item "DE"/"decode error"
++
++A message could not be decoded because some field was out of the
++specified range or the length of the message was incorrect. This
++message is always fatal.
++
++=item "CY"/"decrypt error"
++
++A handshake cryptographic operation failed, including being
++unable to correctly verify a signature, decrypt a key exchange,
++or validate a finished message.
++
++=item "ER"/"export restriction"
++
++A negotiation not in compliance with export restrictions was
++detected; for example, attempting to transfer a 1024 bit
++ephemeral RSA key for the RSA_EXPORT handshake method. This
++message is always fatal.
++
++=item "PV"/"protocol version"
++
++The protocol version the client has attempted to negotiate is
++recognized, but not supported. (For example, old protocol
++versions might be avoided for security reasons). This message is
++always fatal.
++
++=item "IS"/"insufficient security"
++
++Returned instead of handshake_failure when a negotiation has
++failed specifically because the server requires ciphers more
++secure than those supported by the client. This message is always
++fatal.
++
++=item "IE"/"internal error"
++
++An internal error unrelated to the peer or the correctness of the
++protocol makes it impossible to continue (such as a memory
++allocation failure). This message is always fatal.
++
++=item "US"/"user canceled"
++
++This handshake is being canceled for some reason unrelated to a
++protocol failure. If the user cancels an operation after the
++handshake is complete, just closing the connection by sending a
++close_notify is more appropriate. This alert should be followed
++by a close_notify. This message is generally a warning.
++
++=item "NR"/"no renegotiation"
++
++Sent by the client in response to a hello request or by the
++server in response to a client hello after initial handshaking.
++Either of these would normally lead to renegotiation; when that
++is not appropriate, the recipient should respond with this alert;
++at that point, the original requester can decide whether to
++proceed with the connection. One case where this would be
++appropriate would be where a server has spawned a process to
++satisfy a request; the process might receive security parameters
++(key length, authentication, etc.) at startup and it might be
++difficult to communicate changes to these parameters after that
++point. This message is always a warning.
++
++=item "UK"/"unknown"
++
++This indicates that no description is available for this alert type.
++Probably B<value> does not contain a correct alert message.
++
++=back
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_clear.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_clear.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_clear.pod
+--- crypto/openssl/doc/ssl/SSL_clear.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_clear.pod	31 Jul 2002 00:47:01 -0000
+@@ -25,6 +25,25 @@
+ or at least L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was used to
+ set the SSL_SENT_SHUTDOWN state.
+ 
++If a session was closed cleanly, the session object will be kept and all
++settings corresponding. This explicitly means, that e.g. the special method
++used during the session will be kept for the next handshake. So if the
++session was a TLSv1 session, a SSL client object will use a TLSv1 client
++method for the next handshake and a SSL server object will use a TLSv1
++server method, even if SSLv23_*_methods were chosen on startup. This
++will might lead to connection failures (see L<SSL_new(3)|SSL_new(3)>)
++for a description of the method's properties.
++
++=head1 WARNINGS
++
++SSL_clear() resets the SSL object to allow for another connection. The
++reset operation however keeps several settings of the last sessions
++(some of these settings were made automatically during the last
++handshake). It only makes sense when opening a new session (or reusing
++an old one) with the same peer that shares these settings.
++SSL_clear() is not a short form for the sequence
++L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>; .
++
+ =head1 RETURN VALUES
+ 
+ The following return values can occur:
+@@ -44,6 +63,7 @@
+ 
+ L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>,
+ L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+-L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>
++L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>,
++L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_connect.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_connect.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_connect.pod
+--- crypto/openssl/doc/ssl/SSL_connect.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_connect.pod	31 Jul 2002 00:47:01 -0000
+@@ -34,11 +34,6 @@
+ condition. When using a buffering BIO, like a BIO pair, data must be written
+ into or retrieved out of the BIO before being able to continue.
+ 
+-When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
+-is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+-before calling SSL_connect() to explicitly switch the B<ssl> to client
+-mode.
+-
+ =head1 RETURN VALUES
+ 
+ The following return values can occur:
+@@ -71,6 +66,7 @@
+ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+ L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+ L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
++L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+ L<SSL_CTX_new(3)|SSL_CTX_new(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_do_handshake.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_do_handshake.pod
+diff -N crypto/openssl/doc/ssl/SSL_do_handshake.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_do_handshake.pod	31 Jul 2002 00:47:02 -0000
+@@ -0,0 +1,75 @@
++=pod
++
++=head1 NAME
++
++SSL_do_handshake - perform a TLS/SSL handshake
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ int SSL_do_handshake(SSL *ssl);
++
++=head1 DESCRIPTION
++
++SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the
++connection is in client mode, the handshake will be started. The handshake
++routines may have to be explicitly set in advance using either
++L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or
++L<SSL_set_accept_state(3)|SSL_set_accept_state(3)>.
++
++=head1 NOTES
++
++The behaviour of SSL_do_handshake() depends on the underlying BIO.
++
++If the underlying BIO is B<blocking>, SSL_do_handshake() will only return
++once the handshake has been finished or an error occurred, except for SGC
++(Server Gated Cryptography). For SGC, SSL_do_handshake() may return with -1,
++but SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and
++SSL_do_handshake() should be called again.
++
++If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return
++when the underlying BIO could not satisfy the needs of SSL_do_handshake()
++to continue the handshake. In this case a call to SSL_get_error() with the
++return value of SSL_do_handshake() will yield B<SSL_ERROR_WANT_READ> or
++B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
++taking appropriate action to satisfy the needs of SSL_do_handshake().
++The action depends on the underlying BIO. When using a non-blocking socket,
++nothing is to be done, but select() can be used to check for the required
++condition. When using a buffering BIO, like a BIO pair, data must be written
++into or retrieved out of the BIO before being able to continue.
++
++=head1 RETURN VALUES
++
++The following return values can occur:
++
++=over 4
++
++=item 1
++
++The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
++established.
++
++=item 0
++
++The TLS/SSL handshake was not successful but was shut down controlled and
++by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
++return value B<ret> to find out the reason.
++
++=item E<lt>0
++
++The TLS/SSL handshake was not successful because a fatal error occurred either
++at the protocol level or a connection failure occurred. The shutdown was
++not clean. It can also occur of action is need to continue the operation
++for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
++to find out the reason.
++
++=back
++
++=head1 SEE ALSO
++
++L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
++L<SSL_accept(3)|SSL_accept(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
++L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod
+diff -N crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod	31 Jul 2002 00:47:02 -0000
+@@ -0,0 +1,26 @@
++=pod
++
++=head1 NAME
++
++SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
++
++=head1 DESCRIPTION
++
++SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which
++B<ssl> was created with L<SSL_new(3)|SSL_new(3)>.
++
++=head1 RETURN VALUES
++
++The pointer to the SSL_CTX object is returned.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod,v
+retrieving revision 1.1.1.2.2.1
+diff -u -r1.1.1.2.2.1 SSL_get_client_CA_list.pod
+--- crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod	4 Jul 2001 23:22:31 -0000	1.1.1.2.2.1
++++ crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod	31 Jul 2002 00:47:02 -0000
+@@ -47,6 +47,7 @@
+ =head1 SEE ALSO
+ 
+ L<ssl(3)|ssl(3)>,
+-L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
++L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
++L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_get_default_timeout.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_get_default_timeout.pod
+diff -N crypto/openssl/doc/ssl/SSL_get_default_timeout.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_get_default_timeout.pod	31 Jul 2002 00:47:02 -0000
+@@ -0,0 +1,41 @@
++=pod
++
++=head1 NAME
++
++SSL_get_default_timeout - get default session timeout value
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ long SSL_get_default_timeout(SSL *ssl);
++
++=head1 DESCRIPTION
++
++SSL_get_default_timeout() returns the default timeout value assigned to
++SSL_SESSION objects negotiated for the protocol valid for B<ssl>.
++
++=head1 NOTES
++
++Whenever a new session is negotiated, it is assigned a timeout value,
++after which it will not be accepted for session reuse. If the timeout
++value was not explicitly set using
++L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, the hardcoded default
++timeout for the protocol will be used.
++
++SSL_get_default_timeout() return this hardcoded value, which is 300 seconds
++for all currently supported protocols (SSLv2, SSLv3, and TLSv1).
++
++=head1 RETURN VALUES
++
++See description.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>,
++L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
++L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
++L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
++L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_get_error.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_get_error.pod,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 SSL_get_error.pod
+--- crypto/openssl/doc/ssl/SSL_get_error.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.3
++++ crypto/openssl/doc/ssl/SSL_get_error.pod	31 Jul 2002 00:47:02 -0000
+@@ -13,7 +13,7 @@
+ =head1 DESCRIPTION
+ 
+ SSL_get_error() returns a result code (suitable for the C "switch"
+-statement) for a preceding call to SSL_connect(), SSL_accept(),
++statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(),
+ SSL_read(), SSL_peek(), or SSL_write() on B<ssl>.  The value returned by
+ that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
+ B<ret>.
+@@ -68,6 +68,17 @@
+ to read data.  This is mainly because TLS/SSL handshakes may occur at any
+ time during the protocol (initiated by either the client or the server);
+ SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
++
++=item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
++
++The operation did not complete; the same TLS/SSL I/O function should be
++called again later. The underlying BIO was not connected yet to the peer
++and the call would block in connect()/accept(). The SSL function should be
++called again when the connection is established. These messages can only
++appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively.
++In order to find out, when the connection has been successfully established,
++on many platforms select() or poll() for writing on the socket file descriptor
++can be used.
+ 
+ =item SSL_ERROR_WANT_X509_LOOKUP
+ 
+Index: crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_get_ex_new_index.pod
+--- crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod	31 Jul 2002 00:47:02 -0000
+@@ -40,6 +40,65 @@
+ B<ssl>.
+ 
+ A detailed description for the B<*_get_ex_new_index()> functionality
++can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
++The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
++L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
++
++=head1 EXAMPLES
++
++An example on how to use the functionality is included in the example
++verify_callback() in L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>,
++L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
++L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>,
++L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
++
++=cut
++=pod
++
++=head1 NAME
++
++SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data - internal application specific data functions
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ int SSL_get_ex_new_index(long argl, void *argp,
++                CRYPTO_EX_new *new_func,
++                CRYPTO_EX_dup *dup_func,
++                CRYPTO_EX_free *free_func);
++
++ int SSL_set_ex_data(SSL *ssl, int idx, void *arg);
++
++ void *SSL_get_ex_data(SSL *ssl, int idx);
++
++ typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
++                int idx, long argl, void *argp);
++ typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
++                int idx, long argl, void *argp);
++ typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
++                int idx, long argl, void *argp);
++
++=head1 DESCRIPTION
++
++Several OpenSSL structures can have application specific data attached to them.
++These functions are used internally by OpenSSL to manipulate application
++specific data attached to a specific structure.
++
++SSL_get_ex_new_index() is used to register a new index for application
++specific data.
++
++SSL_set_ex_data() is used to store application data at B<arg> for B<idx> into
++the B<ssl> object.
++
++SSL_get_ex_data() is used to retrieve the information for B<idx> from
++B<ssl>.
++
++A detailed description for the B<*_get_ex_new_index()> functionality
+ can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
+ The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+ L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+Index: crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_get_peer_certificate.pod
+--- crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod	31 Jul 2002 00:47:02 -0000
+@@ -17,6 +17,12 @@
+ 
+ =head1 NOTES
+ 
++Due to the protocol definition, a TLS/SSL server will always send a
++certificate, if present. A client will only send a certificate when
++explicitly requested to do so by the server (see
++L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher
++is used, no certificates are sent.
++
+ That a certificate is returned does not indicate information about the
+ verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
+ to check the verification state.
+@@ -43,6 +49,7 @@
+ 
+ =head1 SEE ALSO
+ 
+-L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
++L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
++L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_get_session.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_get_session.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_get_session.pod
+--- crypto/openssl/doc/ssl/SSL_get_session.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_get_session.pod	31 Jul 2002 00:47:02 -0000
+@@ -37,8 +37,16 @@
+ during L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>.
+ 
+ If the data is to be kept, SSL_get1_session() will increment the reference
+-count and the session will stay in memory until explicitly freed with
+-L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, regardless of its state.
++count, so that the session will not be implicitly removed by other operations
++but stays in memory. In order to remove the session
++L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> must be explicitly called once
++to decrement the reference count again.
++
++SSL_SESSION objects keep internal link information about the session cache
++list, when being inserted into one SSL_CTX object's session cache.
++One SSL_SESSION object, regardless of its reference count, must therefore
++only be used with one SSL_CTX object (and the SSL objects created
++from this SSL_CTX object).
+ 
+ =head1 RETURN VALUES
+ 
+Index: crypto/openssl/doc/ssl/SSL_new.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_new.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_new.pod
+--- crypto/openssl/doc/ssl/SSL_new.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_new.pod	31 Jul 2002 00:47:02 -0000
+@@ -38,6 +38,50 @@
+ 
+ L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+ L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
++L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
++L<ssl(3)|ssl(3)>
++
++=cut
++=pod
++
++=head1 NAME
++
++SSL_new - create a new SSL structure for a connection
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ SSL *SSL_new(SSL_CTX *ctx);
++
++=head1 DESCRIPTION
++
++SSL_new() creates a new B<SSL> structure which is needed to hold the
++data for a TLS/SSL connection. The new structure inherits the settings
++of the underlying context B<ctx>: connection method (SSLv2/v3/TLSv1),
++options, verification settings, timeout settings.
++
++=head1 RETURN VALUES
++
++The following return values can occur:
++
++=over 4
++
++=item NULL
++
++The creation of a new SSL structure failed. Check the error stack to
++find out the reason.
++
++=item Pointer to an SSL structure
++
++The return value points to an allocated SSL structure.
++
++=back
++
++=head1 SEE ALSO
++
++L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
++L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+ L<ssl(3)|ssl(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_read.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_read.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_read.pod
+--- crypto/openssl/doc/ssl/SSL_read.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_read.pod	31 Jul 2002 00:47:02 -0000
+@@ -25,11 +25,25 @@
+ underlying BIO. 
+ 
+ For the transparent negotiation to succeed, the B<ssl> must have been
+-initialized to client or server mode. This is not the case if a generic
+-method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
++initialized to client or server mode. This is being done by calling
+ L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
+-must be used before the first call to an SSL_read() or
+-L<SSL_write(3)|SSL_write(3)> function.
++before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)>
++function.
++
++SSL_read() works based on the SSL/TLS records. The data are received in
++records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
++record has been completely received, it can be processed (decryption and
++check of integrity). Therefore data that was not retrieved at the last
++call of SSL_read() can still be buffered inside the SSL layer and will be
++retrieved on the next call to SSL_read(). If B<num> is higher than the
++number of bytes buffered, SSL_read() will return with the bytes buffered.
++If no more bytes are in the buffer, SSL_read() will trigger the processing
++of the next record. Only when the record has been received and processed
++completely, SSL_read() will return reporting success. At most the contents
++of the record will be returned. As the size of an SSL/TLS record may exceed
++the maximum packet size of the underlying transport (e.g. TCP), it may
++be necessary to read several packets from the transport layer before the
++record is complete and SSL_read() can succeed.
+ 
+ If the underlying BIO is B<blocking>, SSL_read() will only return, once the
+ read operation has been finished or an error occurred, except when a
+@@ -69,9 +83,20 @@
+ 
+ =item 0
+ 
+-The read operation was not successful, probably because no data was
+-available. Call SSL_get_error() with the return value B<ret> to find out,
+-whether an error occurred.
++The read operation was not successful. The reason may either be a clean
++shutdown due to a "close notify" alert sent by the peer (in which case
++the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
++(see L<SSL_shutdown(3)|SSL_shutdown(3)>,
++L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that
++the peer simply shut down the underlying transport and the shutdown is
++incomplete. Call SSL_get_error() with the return value B<ret> to find out,
++whether an error occurred or the connection was shut down cleanly
++(SSL_ERROR_ZERO_RETURN).
++
++SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
++only be detected, whether the underlying connection was closed. It cannot
++be checked, whether the closure was initiated by the peer or by something
++else.
+ 
+ =item E<lt>0
+ 
+@@ -87,6 +112,7 @@
+ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+ L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
+ L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
++L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+ L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_rstate_string.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_rstate_string.pod
+diff -N crypto/openssl/doc/ssl/SSL_rstate_string.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_rstate_string.pod	31 Jul 2002 00:47:02 -0000
+@@ -0,0 +1,59 @@
++=pod
++
++=head1 NAME
++
++SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ char *SSL_rstate_string(SSL *ssl);
++ char *SSL_rstate_string_long(SSL *ssl);
++
++=head1 DESCRIPTION
++
++SSL_rstate_string() returns a 2 letter string indicating the current read state
++of the SSL object B<ssl>.
++
++SSL_rstate_string_long() returns a string indicating the current read state of
++the SSL object B<ssl>.
++
++=head1 NOTES
++
++When performing a read operation, the SSL/TLS engine must parse the record,
++consisting of header and body. When working in a blocking environment,
++SSL_rstate_string[_long]() should always return "RD"/"read done".
++
++This function should only seldom be needed in applications.
++
++=head1 RETURN VALUES
++
++SSL_rstate_string() and SSL_rstate_string_long() can return the following
++values:
++
++=over 4
++
++=item "RH"/"read header"
++
++The header of the record is being evaluated.
++
++=item "RB"/"read body"
++
++The body of the record is being evaluated.
++
++=item "RD"/"read done"
++
++The record has been completely processed.
++
++=item "unknown"/"unknown"
++
++The read state is unknown. This should never happen.
++
++=back
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_session_reused.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_session_reused.pod
+diff -N crypto/openssl/doc/ssl/SSL_session_reused.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_session_reused.pod	31 Jul 2002 00:47:02 -0000
+@@ -0,0 +1,45 @@
++=pod
++
++=head1 NAME
++
++SSL_session_reused - query whether a reused session was negotiated during handshake
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ int SSL_session_reused(SSL *ssl);
++
++=head1 DESCRIPTION
++
++Query, whether a reused session was negotiated during the handshake.
++
++=head1 NOTES
++
++During the negotiation, a client can propose to reuse a session. The server
++then looks up the session in its cache. If both client and server agree
++on the session, it will be reused and a flag is being set that can be
++queried by the application.
++
++=head1 RETURN VALUES
++
++The following return values can occur:
++
++=over 4
++
++=item 0
++
++A new session was negotiated.
++
++=item 1
++
++A session was reused.
++
++=back
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
++L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_set_connect_state.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_set_connect_state.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_set_connect_state.pod
+--- crypto/openssl/doc/ssl/SSL_set_connect_state.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_set_connect_state.pod	31 Jul 2002 00:47:02 -0000
+@@ -14,9 +14,9 @@
+ 
+ =head1 DESCRIPTION
+ 
+-SSL_set_connect_state() B<ssl> to work in client mode.
++SSL_set_connect_state() sets B<ssl> to work in client mode.
+ 
+-SSL_set_accept_state() B<ssl> to work in server mode.
++SSL_set_accept_state() sets B<ssl> to work in server mode.
+ 
+ =head1 NOTES
+ 
+@@ -27,12 +27,17 @@
+ L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
+ SSL_set_ssl_method().)
+ 
+-In order to successfully accomplish the handshake, the SSL routines need
+-to know whether they should act in server or client mode. If the generic
+-method was used, this is not clear from the method itself and must be set
+-with either SSL_set_connect_state() or SSL_set_accept_state(). If these
+-routines are not called, the default value set when L<SSL_new(3)|SSL_new(3)>
+-is called is server mode.
++When beginning a new handshake, the SSL engine must know whether it must
++call the connect (client) or accept (server) routines. Even though it may
++be clear from the method chosen, whether client or server mode was
++requested, the handshake routines must be explicitly set.
++
++When using the L<SSL_connect(3)|SSL_connect(3)> or
++L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake
++routines are automatically set. When performing a transparent negotiation
++using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the
++handshake routines must be explicitly set in advance using either
++SSL_set_connect_state() or SSL_set_accept_state().
+ 
+ =head1 RETURN VALUES
+ 
+@@ -42,6 +47,9 @@
+ =head1 SEE ALSO
+ 
+ L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
++L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
++L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
++L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+ L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_set_session.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_set_session.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_set_session.pod
+--- crypto/openssl/doc/ssl/SSL_set_session.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_set_session.pod	31 Jul 2002 00:47:02 -0000
+@@ -16,12 +16,21 @@
+ is to be established. SSL_set_session() is only useful for TLS/SSL clients.
+ When the session is set, the reference count of B<session> is incremented
+ by 1. If the session is not reused, the reference count is decremented
+-again during SSL_connect().
++again during SSL_connect(). Whether the session was reused can be queried
++with the L<SSL_session_reused(3)|SSL_session_reused(3)> call.
+ 
+ If there is already a session set inside B<ssl> (because it was set with
+ SSL_set_session() before or because the same B<ssl> was already used for
+ a connection), SSL_SESSION_free() will be called for that session.
+ 
++=head1 NOTES
++
++SSL_SESSION objects keep internal link information about the session cache
++list, when being inserted into one SSL_CTX object's session cache.
++One SSL_SESSION object, regardless of its reference count, must therefore
++only be used with one SSL_CTX object (and the SSL objects created
++from this SSL_CTX object).
++
+ =head1 RETURN VALUES
+ 
+ The following return values can occur:
+@@ -41,6 +50,8 @@
+ =head1 SEE ALSO
+ 
+ L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
++L<SSL_get_session(3)|SSL_get_session(3)>,
++L<SSL_session_reused(3)|SSL_session_reused(3)>,
+ L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_set_shutdown.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_set_shutdown.pod,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 SSL_set_shutdown.pod
+--- crypto/openssl/doc/ssl/SSL_set_shutdown.pod	4 Jul 2001 23:22:31 -0000	1.1.1.1.2.1
++++ crypto/openssl/doc/ssl/SSL_set_shutdown.pod	31 Jul 2002 00:47:02 -0000
+@@ -46,7 +46,10 @@
+ the ssl session. If the session is still open, when
+ L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called,
+ it is considered bad and removed according to RFC2246.
+-The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN.
++The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN
++(according to the TLS RFC, it is acceptable to only send the "close notify"
++alert but to not wait for the peer's answer, when the underlying connection
++is closed).
+ SSL_set_shutdown() can be used to set this state without sending a
+ close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>).
+ 
+@@ -63,6 +66,7 @@
+ =head1 SEE ALSO
+ 
+ L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
++L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+ L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_shutdown.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_shutdown.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_shutdown.pod
+--- crypto/openssl/doc/ssl/SSL_shutdown.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_shutdown.pod	31 Jul 2002 00:47:02 -0000
+@@ -22,10 +22,52 @@
+ a currently open session is considered closed and good and will be kept in the
+ session cache for further reuse.
+ 
+-The behaviour of SSL_shutdown() depends on the underlying BIO. 
++The shutdown procedure consists of 2 steps: the sending of the "close notify"
++shutdown alert and the reception of the peer's "close notify" shutdown
++alert. According to the TLS standard, it is acceptable for an application
++to only send its shutdown alert and then close the underlying connection
++without waiting for the peer's response (this way resources can be saved,
++as the process can already terminate or serve another connection).
++When the underlying connection shall be used for more communications, the
++complete shutdown procedure (bidirectional "close notify" alerts) must be
++performed, so that the peers stay synchronized.
++
++SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step
++behaviour.
++
++=over 4
++
++=item When the application is the first party to send the "close notify"
++alert, SSL_shutdown() will only send the alert and the set the
++SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
++be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional
++shutdown is enough (the underlying connection shall be closed anyway), this
++first call to SSL_shutdown() is sufficient. In order to complete the
++bidirectional shutdown handshake, SSL_shutdown() must be called again.
++The second call will make SSL_shutdown() wait for the peer's "close notify"
++shutdown alert. On success, the second call to SSL_shutdown() will return
++with 1.
++
++=item If the peer already sent the "close notify" alert B<and> it was
++already processed implicitly inside another function
++(L<SSL_read(3)|SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set.
++SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN
++flag and will immediately return with 1.
++Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the
++SSL_get_shutdown() (see also L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> call.
++
++=back
++
++It is therefore recommended, to check the return value of SSL_shutdown()
++and call SSL_shutdown() again, if the bidirectional shutdown is not yet
++complete (return value of the first call is 0). As the shutdown is not
++specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on
++the first call.
++
++The behaviour of SSL_shutdown() additionally depends on the underlying BIO. 
+ 
+ If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
+-handshake has been finished or an error occurred.
++handshake step has been finished or an error occurred.
+ 
+ If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return
+ when the underlying BIO could not satisfy the needs of SSL_shutdown()
+@@ -38,6 +80,12 @@
+ condition. When using a buffering BIO, like a BIO pair, data must be written
+ into or retrieved out of the BIO before being able to continue.
+ 
++SSL_shutdown() can be modified to only set the connection to "shutdown"
++state but not actually send the "close notify" alert messages,
++see L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>.
++When "quiet shutdown" is enabled, SSL_shutdown() will always succeed
++and return 1.
++
+ =head1 RETURN VALUES
+ 
+ The following return values can occur:
+@@ -46,19 +94,23 @@
+ 
+ =item 1
+ 
+-The shutdown was successfully completed.
++The shutdown was successfully completed. The "close notify" alert was sent
++and the peer's "close notify" alert was received.
+ 
+ =item 0
+ 
+-The shutdown was not successful. Call SSL_get_error() with the return
+-value B<ret> to find out the reason.
++The shutdown is not yet finished. Call SSL_shutdown() for a second time,
++if a bidirectional shutdown shall be performed.
++The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
++erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+ 
+ =item -1
+ 
+ The shutdown was not successful because a fatal error occurred either
+-at the protocol level or a connection failure occurred. It can also occur of
++at the protocol level or a connection failure occurred. It can also occur if
+ action is need to continue the operation for non-blocking BIOs.
+-Call SSL_get_error() with the return value B<ret> to find out the reason.
++Call L<SSL_get_error(3)|SSL_get_error(3)> with the return value B<ret>
++to find out the reason.
+ 
+ =back
+ 
+@@ -66,7 +118,8 @@
+ 
+ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
+ L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+-L<SSL_clear(3)|SSL_clear(3), L<SSL_free(3)|SSL_free(3)>,
++L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
++L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>,
+ L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/SSL_state_string.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_state_string.pod
+diff -N crypto/openssl/doc/ssl/SSL_state_string.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_state_string.pod	31 Jul 2002 00:47:02 -0000
+@@ -0,0 +1,45 @@
++=pod
++
++=head1 NAME
++
++SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ char *SSL_state_string(SSL *ssl);
++ char *SSL_state_string_long(SSL *ssl);
++
++=head1 DESCRIPTION
++
++SSL_state_string() returns a 6 letter string indicating the current state
++of the SSL object B<ssl>.
++
++SSL_state_string_long() returns a string indicating the current state of
++the SSL object B<ssl>.
++
++=head1 NOTES
++
++During its use, an SSL objects passes several states. The state is internally
++maintained. Querying the state information is not very informative before
++or when a connection has been established. It however can be of significant
++interest during the handshake.
++
++When using non-blocking sockets, the function call performing the handshake
++may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition,
++so that SSL_state_string[_long]() may be called.
++
++For both blocking or non-blocking sockets, the details state information
++can be used within the info_callback function set with the
++SSL_set_info_callback() call.
++
++=head1 RETURN VALUES
++
++Detailed description of possible states to be included later.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_want.pod
+===================================================================
+RCS file: crypto/openssl/doc/ssl/SSL_want.pod
+diff -N crypto/openssl/doc/ssl/SSL_want.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/doc/ssl/SSL_want.pod	31 Jul 2002 00:47:02 -0000
+@@ -0,0 +1,77 @@
++=pod
++
++=head1 NAME
++
++SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup - obtain state information TLS/SSL I/O operation
++
++=head1 SYNOPSIS
++
++ #include <openssl/ssl.h>
++
++ int SSL_want(SSL *ssl);
++ int SSL_want_nothing(SSL *ssl);
++ int SSL_want_read(SSL *ssl);
++ int SSL_want_write(SSL *ssl);
++ int SSL_want_x509_lookup(SSL *ssl);
++
++=head1 DESCRIPTION
++
++SSL_want() returns state information for the SSL object B<ssl>.
++
++The other SSL_want_*() calls are shortcuts for the possible states returned
++by SSL_want().
++
++=head1 NOTES
++
++SSL_want() examines the internal state information of the SSL object. Its
++return values are similar to that of L<SSL_get_error(3)|SSL_get_error(3)>.
++Unlike L<SSL_get_error(3)|SSL_get_error(3)>, which also evaluates the
++error queue, the results are obtained by examining an internal state flag
++only. The information must therefore only be used for normal operation under
++non-blocking I/O. Error conditions are not handled and must be treated
++using L<SSL_get_error(3)|SSL_get_error(3)>.
++
++The result returned by SSL_want() should always be consistent with
++the result of L<SSL_get_error(3)|SSL_get_error(3)>.
++
++=head1 RETURN VALUES
++
++The following return values can currently occur for SSL_want():
++
++=over 4
++
++=item SSL_NOTHING
++
++There is no data to be written or to be read.
++
++=item SSL_WRITING
++
++There are data in the SSL buffer that must be written to the underlying
++B<BIO> layer in order to complete the actual SSL_*() operation.
++A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
++SSL_ERROR_WANT_WRITE.
++
++=item SSL_READING
++
++More data must be read from the underlying B<BIO> layer in order to
++complete the actual SSL_*() operation.
++A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
++SSL_ERROR_WANT_READ.
++
++=item SSL_X509_LOOKUP
++
++The operation did not complete because an application callback set by
++SSL_CTX_set_client_cert_cb() has asked to be called again.
++A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
++SSL_ERROR_WANT_X509_LOOKUP.
++
++=back
++
++SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup()
++return 1, when the corresponding condition is true or 0 otherwise.
++
++=head1 SEE ALSO
++
++L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)>
++
++=cut
+Index: crypto/openssl/doc/ssl/SSL_write.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/SSL_write.pod,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 SSL_write.pod
+--- crypto/openssl/doc/ssl/SSL_write.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.2
++++ crypto/openssl/doc/ssl/SSL_write.pod	31 Jul 2002 00:47:02 -0000
+@@ -25,11 +25,9 @@
+ underlying BIO. 
+ 
+ For the transparent negotiation to succeed, the B<ssl> must have been
+-initialized to client or server mode. This is not the case if a generic
+-method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
++initialized to client or server mode. This is being done by calling
+ L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
+-must be used before the first call to an L<SSL_read(3)|SSL_read(3)>
+-or SSL_write() function.
++before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function.
+ 
+ If the underlying BIO is B<blocking>, SSL_write() will only return, once the
+ write operation has been finished or an error occurred, except when a
+@@ -50,12 +48,26 @@
+ for the required condition. When using a buffering BIO, like a BIO pair, data
+ must be written into or retrieved out of the BIO before being able to continue.
+ 
++SSL_write() will only return with success, when the complete contents
++of B<buf> of length B<num> has been written. This default behaviour
++can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of
++L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>. When this flag is set,
++SSL_write() will also return with success, when a partial write has been
++successfully completed. In this case the SSL_write() operation is considered
++completed. The bytes are sent and a new SSL_write() operation with a new
++buffer (with the already sent bytes removed) must be started.
++A partial write is performed with the size of a message block, which is
++16kB for SSLv3/TLSv1.
++
+ =head1 WARNING
+ 
+ When an SSL_write() operation has to be repeated because of
+ B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+ with the same arguments.
+ 
++When calling SSL_write() with num=0 bytes to be sent the behaviour is
++undefined.
++
+ =head1 RETURN VALUES
+ 
+ The following return values can occur:
+@@ -69,8 +81,14 @@
+ 
+ =item 0
+ 
+-The write operation was not successful. Call SSL_get_error() with the return
+-value B<ret> to find out, whether an error occurred.
++The write operation was not successful. Probably the underlying connection
++was closed. Call SSL_get_error() with the return value B<ret> to find out,
++whether an error occurred or the connection was shut down cleanly
++(SSL_ERROR_ZERO_RETURN).
++
++SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
++only be detected, whether the underlying connection was closed. It cannot
++be checked, why the closure happened.
+ 
+ =item E<lt>0
+ 
+Index: crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod,v
+retrieving revision 1.1.1.2.2.1
+diff -u -r1.1.1.2.2.1 d2i_SSL_SESSION.pod
+--- crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod	4 Jul 2001 23:22:31 -0000	1.1.1.2.2.1
++++ crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod	31 Jul 2002 00:47:02 -0000
+@@ -30,7 +30,17 @@
+ a binary ASN1 representation.
+ 
+ When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
+-allocated.
++allocated. The reference count is 1, so that the session must be
++explicitly removed using L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
++unless the SSL_SESSION object is completely taken over, when being called
++inside the get_session_cb() (see
++L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
++
++SSL_SESSION objects keep internal link information about the session cache
++list, when being inserted into one SSL_CTX object's session cache.
++One SSL_SESSION object, regardless of its reference count, must therefore
++only be used with one SSL_CTX object (and the SSL objects created
++from this SSL_CTX object).
+ 
+ When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
+ large enough to hold the binary representation of the session. There is no
+@@ -50,7 +60,7 @@
+ 
+ =head1 SEE ALSO
+ 
+-L<ssl(3)|ssl(3)>,
++L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+ L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
+ 
+ =cut
+Index: crypto/openssl/doc/ssl/ssl.pod
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/doc/ssl/ssl.pod,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 ssl.pod
+--- crypto/openssl/doc/ssl/ssl.pod	4 Jul 2001 23:19:43 -0000	1.1.1.1.2.3
++++ crypto/openssl/doc/ssl/ssl.pod	31 Jul 2002 00:47:02 -0000
+@@ -299,7 +299,7 @@
+ 
+ =item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+ 
+-=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg)
++=item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
+ 
+ =item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+ 
+@@ -650,8 +650,10 @@
+ L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+ L<SSL_connect(3)|SSL_connect(3)>,
+ L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>,
++L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>,
+ L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+ L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
++L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>,
+ L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+ L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>,
+ L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
+@@ -661,18 +663,30 @@
+ L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+ L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+ L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>,
++L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>,
++L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
++L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+ L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
++L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
+ L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
++L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>,
+ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
+ L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
++L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+ L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+ L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+ L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
+ L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
++L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
++L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+ L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
+ L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
++L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
++L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
++L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
+ L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
+ L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
++L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>,
+ L<SSL_get_error(3)|SSL_get_error(3)>,
+ L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
+ L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
+@@ -685,12 +699,19 @@
+ L<SSL_library_init(3)|SSL_library_init(3)>,
+ L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
+ L<SSL_new(3)|SSL_new(3)>,
+-L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
++L<SSL_pending(3)|SSL_pending(3)>,
++L<SSL_read(3)|SSL_read(3)>,
++L<SSL_rstate_string(3)|SSL_rstate_string(3)>,
++L<SSL_session_reused(3)|SSL_session_reused(3)>,
++L<SSL_set_bio(3)|SSL_set_bio(3)>,
+ L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+-L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
++L<SSL_set_fd(3)|SSL_set_fd(3)>,
+ L<SSL_set_session(3)|SSL_set_session(3)>,
+ L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+-L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>,
++L<SSL_shutdown(3)|SSL_shutdown(3)>,
++L<SSL_state_string(3)|SSL_state_string(3)>,
++L<SSL_want(3)|SSL_want(3)>,
++L<SSL_write(3)|SSL_write(3)>,
+ L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+ L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
+ L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+cvs diff: Diffing crypto/openssl/mt
+Index: crypto/openssl/mt/README
+===================================================================
+RCS file: crypto/openssl/mt/README
+diff -N crypto/openssl/mt/README
+--- crypto/openssl/mt/README	10 Jan 2000 06:21:58 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,14 +0,0 @@
+-Mutithreading testing area.
+-
+-Since this stuff is very very platorm specific, this is not part of the
+-normal build.  Have a read of doc/threads.doc.
+-
+-mttest will do some testing and will currently build under Windows NT/95,
+-Solaris and Linux.  The IRIX stuff is not finished.
+-
+-I have tested this program on a 12 CPU ultra sparc box (solaris 2.5.1)
+-and things seem to work ok.
+-
+-The Linux pthreads package can be retrieved from 
+-http://www.mit.edu:8001/people/proven/pthreads.html
+-
+Index: crypto/openssl/mt/mttest.c
+===================================================================
+RCS file: crypto/openssl/mt/mttest.c
+diff -N crypto/openssl/mt/mttest.c
+--- crypto/openssl/mt/mttest.c	10 Jan 2000 06:21:58 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,1092 +0,0 @@
+-/* mt/mttest.c */
+-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+- * All rights reserved.
+- *
+- * This package is an SSL implementation written
+- * by Eric Young (eay@cryptsoft.com).
+- * The implementation was written so as to conform with Netscapes SSL.
+- * 
+- * This library is free for commercial and non-commercial use as long as
+- * the following conditions are aheared to.  The following conditions
+- * apply to all code found in this distribution, be it the RC4, RSA,
+- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+- * included with this distribution is covered by the same copyright terms
+- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+- * 
+- * Copyright remains Eric Young's, and as such any Copyright notices in
+- * the code are not to be removed.
+- * If this package is used in a product, Eric Young should be given attribution
+- * as the author of the parts of the library used.
+- * This can be in the form of a textual message at program startup or
+- * in documentation (online or textual) provided with the package.
+- * 
+- * Redistribution and use in source and binary forms, with or without
+- * modification, are permitted provided that the following conditions
+- * are met:
+- * 1. Redistributions of source code must retain the copyright
+- *    notice, this list of conditions and the following disclaimer.
+- * 2. Redistributions in binary form must reproduce the above copyright
+- *    notice, this list of conditions and the following disclaimer in the
+- *    documentation and/or other materials provided with the distribution.
+- * 3. All advertising materials mentioning features or use of this software
+- *    must display the following acknowledgement:
+- *    "This product includes cryptographic software written by
+- *     Eric Young (eay@cryptsoft.com)"
+- *    The word 'cryptographic' can be left out if the rouines from the library
+- *    being used are not cryptographic related :-).
+- * 4. If you include any Windows specific code (or a derivative thereof) from 
+- *    the apps directory (application code) you must include an acknowledgement:
+- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+- * 
+- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+- * SUCH DAMAGE.
+- * 
+- * The licence and distribution terms for any publically available version or
+- * derivative of this code cannot be changed.  i.e. this code cannot simply be
+- * copied and put under another distribution licence
+- * [including the GNU Public Licence.]
+- */
+-
+-#include <stdio.h>
+-#include <stdlib.h>
+-#include <string.h>
+-#include <errno.h>
+-#ifdef LINUX
+-#include <typedefs.h>
+-#endif
+-#ifdef WIN32
+-#include <windows.h>
+-#endif
+-#ifdef SOLARIS
+-#include <synch.h>
+-#include <thread.h>
+-#endif
+-#ifdef IRIX
+-#include <ulocks.h>
+-#include <sys/prctl.h>
+-#endif
+-#include <openssl/lhash.h>
+-#include <openssl/crypto.h>
+-#include <openssl/buffer.h>
+-#include "../e_os.h"
+-#include <openssl/x509.h>
+-#include <openssl/ssl.h>
+-#include <openssl/err.h>
+-
+-#ifdef NO_FP_API
+-#define APPS_WIN16
+-#include "../crypto/buffer/bss_file.c"
+-#endif
+-
+-#define TEST_SERVER_CERT "../apps/server.pem"
+-#define TEST_CLIENT_CERT "../apps/client.pem"
+-
+-#define MAX_THREAD_NUMBER	100
+-
+-int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+-	int error,char *arg);
+-void thread_setup(void);
+-void thread_cleanup(void);
+-void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
+-
+-void irix_locking_callback(int mode,int type,char *file,int line);
+-void solaris_locking_callback(int mode,int type,char *file,int line);
+-void win32_locking_callback(int mode,int type,char *file,int line);
+-void pthreads_locking_callback(int mode,int type,char *file,int line);
+-
+-unsigned long irix_thread_id(void );
+-unsigned long solaris_thread_id(void );
+-unsigned long pthreads_thread_id(void );
+-
+-BIO *bio_err=NULL;
+-BIO *bio_stdout=NULL;
+-
+-static char *cipher=NULL;
+-int verbose=0;
+-#ifdef FIONBIO
+-static int s_nbio=0;
+-#endif
+-
+-int thread_number=10;
+-int number_of_loops=10;
+-int reconnect=0;
+-int cache_stats=0;
+-
+-int doit(char *ctx[4]);
+-static void print_stats(fp,ctx)
+-FILE *fp;
+-SSL_CTX *ctx;
+-{
+-	fprintf(fp,"%4ld items in the session cache\n",
+-		SSL_CTX_sess_number(ctx));
+-	fprintf(fp,"%4d client connects (SSL_connect())\n",
+-		SSL_CTX_sess_connect(ctx));
+-	fprintf(fp,"%4d client connects that finished\n",
+-		SSL_CTX_sess_connect_good(ctx));
+-	fprintf(fp,"%4d server connects (SSL_accept())\n",
+-		SSL_CTX_sess_accept(ctx));
+-	fprintf(fp,"%4d server connects that finished\n",
+-		SSL_CTX_sess_accept_good(ctx));
+-	fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
+-	fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
+-	fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
+-	}
+-
+-static void sv_usage()
+-	{
+-	fprintf(stderr,"usage: ssltest [args ...]\n");
+-	fprintf(stderr,"\n");
+-	fprintf(stderr," -server_auth  - check server certificate\n");
+-	fprintf(stderr," -client_auth  - do client authentication\n");
+-	fprintf(stderr," -v            - more output\n");
+-	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+-	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+-	fprintf(stderr," -threads arg  - number of threads\n");
+-	fprintf(stderr," -loops arg    - number of 'connections', per thread\n");
+-	fprintf(stderr," -reconnect    - reuse session-id's\n");
+-	fprintf(stderr," -stats        - server session-id cache stats\n");
+-	fprintf(stderr," -cert arg     - server certificate/key\n");
+-	fprintf(stderr," -ccert arg    - client certificate/key\n");
+-	fprintf(stderr," -ssl3         - just SSLv3n\n");
+-	}
+-
+-int main(argc, argv)
+-int argc;
+-char *argv[];
+-	{
+-	char *CApath=NULL,*CAfile=NULL;
+-	int badop=0;
+-	int ret=1;
+-	int client_auth=0;
+-	int server_auth=0;
+-	SSL_CTX *s_ctx=NULL;
+-	SSL_CTX *c_ctx=NULL;
+-	char *scert=TEST_SERVER_CERT;
+-	char *ccert=TEST_CLIENT_CERT;
+-	SSL_METHOD *ssl_method=SSLv23_method();
+-
+-	if (bio_err == NULL)
+-		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+-	if (bio_stdout == NULL)
+-		bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+-	argc--;
+-	argv++;
+-
+-	while (argc >= 1)
+-		{
+-		if	(strcmp(*argv,"-server_auth") == 0)
+-			server_auth=1;
+-		else if	(strcmp(*argv,"-client_auth") == 0)
+-			client_auth=1;
+-		else if	(strcmp(*argv,"-reconnect") == 0)
+-			reconnect=1;
+-		else if	(strcmp(*argv,"-stats") == 0)
+-			cache_stats=1;
+-		else if	(strcmp(*argv,"-ssl3") == 0)
+-			ssl_method=SSLv3_method();
+-		else if	(strcmp(*argv,"-ssl2") == 0)
+-			ssl_method=SSLv2_method();
+-		else if	(strcmp(*argv,"-CApath") == 0)
+-			{
+-			if (--argc < 1) goto bad;
+-			CApath= *(++argv);
+-			}
+-		else if	(strcmp(*argv,"-CAfile") == 0)
+-			{
+-			if (--argc < 1) goto bad;
+-			CAfile= *(++argv);
+-			}
+-		else if	(strcmp(*argv,"-cert") == 0)
+-			{
+-			if (--argc < 1) goto bad;
+-			scert= *(++argv);
+-			}
+-		else if	(strcmp(*argv,"-ccert") == 0)
+-			{
+-			if (--argc < 1) goto bad;
+-			ccert= *(++argv);
+-			}
+-		else if	(strcmp(*argv,"-threads") == 0)
+-			{
+-			if (--argc < 1) goto bad;
+-			thread_number= atoi(*(++argv));
+-			if (thread_number == 0) thread_number=1;
+-			if (thread_number > MAX_THREAD_NUMBER)
+-				thread_number=MAX_THREAD_NUMBER;
+-			}
+-		else if	(strcmp(*argv,"-loops") == 0)
+-			{
+-			if (--argc < 1) goto bad;
+-			number_of_loops= atoi(*(++argv));
+-			if (number_of_loops == 0) number_of_loops=1;
+-			}
+-		else
+-			{
+-			fprintf(stderr,"unknown option %s\n",*argv);
+-			badop=1;
+-			break;
+-			}
+-		argc--;
+-		argv++;
+-		}
+-	if (badop)
+-		{
+-bad:
+-		sv_usage();
+-		goto end;
+-		}
+-
+-	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+-
+-	SSL_load_error_strings();
+-	SSLeay_add_ssl_algorithms();
+-
+-	c_ctx=SSL_CTX_new(ssl_method);
+-	s_ctx=SSL_CTX_new(ssl_method);
+-	if ((c_ctx == NULL) || (s_ctx == NULL))
+-		{
+-		ERR_print_errors(bio_err);
+-		goto end;
+-		}
+-
+-	SSL_CTX_set_session_cache_mode(s_ctx,
+-		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+-	SSL_CTX_set_session_cache_mode(c_ctx,
+-		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+-
+-	SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM);
+-	SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM);
+-
+-	if (client_auth)
+-		{
+-		SSL_CTX_use_certificate_file(c_ctx,ccert,
+-			SSL_FILETYPE_PEM);
+-		SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
+-			SSL_FILETYPE_PEM);
+-		}
+-
+-	if (	(!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+-		(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+-		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+-		(!SSL_CTX_set_default_verify_paths(c_ctx)))
+-		{
+-		fprintf(stderr,"SSL_load_verify_locations\n");
+-		ERR_print_errors(bio_err);
+-		goto end;
+-		}
+-
+-	if (client_auth)
+-		{
+-		fprintf(stderr,"client authentication\n");
+-		SSL_CTX_set_verify(s_ctx,
+-			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+-			verify_callback);
+-		}
+-	if (server_auth)
+-		{
+-		fprintf(stderr,"server authentication\n");
+-		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+-			verify_callback);
+-		}
+-
+-	thread_setup();
+-	do_threads(s_ctx,c_ctx);
+-	thread_cleanup();
+-end:
+-	
+-	if (c_ctx != NULL) 
+-		{
+-		fprintf(stderr,"Client SSL_CTX stats then free it\n");
+-		print_stats(stderr,c_ctx);
+-		SSL_CTX_free(c_ctx);
+-		}
+-	if (s_ctx != NULL)
+-		{
+-		fprintf(stderr,"Server SSL_CTX stats then free it\n");
+-		print_stats(stderr,s_ctx);
+-		if (cache_stats)
+-			{
+-			fprintf(stderr,"-----\n");
+-			lh_stats(SSL_CTX_sessions(s_ctx),stderr);
+-			fprintf(stderr,"-----\n");
+-		/*	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+-			fprintf(stderr,"-----\n"); */
+-			lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
+-			fprintf(stderr,"-----\n");
+-			}
+-		SSL_CTX_free(s_ctx);
+-		fprintf(stderr,"done free\n");
+-		}
+-	exit(ret);
+-	return(0);
+-	}
+-
+-#define W_READ	1
+-#define W_WRITE	2
+-#define C_DONE	1
+-#define S_DONE	2
+-
+-int ndoit(ssl_ctx)
+-SSL_CTX *ssl_ctx[2];
+-	{
+-	int i;
+-	int ret;
+-	char *ctx[4];
+-
+-	ctx[0]=(char *)ssl_ctx[0];
+-	ctx[1]=(char *)ssl_ctx[1];
+-
+-	if (reconnect)
+-		{
+-		ctx[2]=(char *)SSL_new(ssl_ctx[0]);
+-		ctx[3]=(char *)SSL_new(ssl_ctx[1]);
+-		}
+-	else
+-		{
+-		ctx[2]=NULL;
+-		ctx[3]=NULL;
+-		}
+-
+-	fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
+-	for (i=0; i<number_of_loops; i++)
+-		{
+-/*		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+-			CRYPTO_thread_id(),i,
+-			ssl_ctx[0]->references,
+-			ssl_ctx[1]->references); */
+-	/*	pthread_delay_np(&tm);*/
+-
+-		ret=doit(ctx);
+-		if (ret != 0)
+-			{
+-			fprintf(stdout,"error[%d] %lu - %d\n",
+-				i,CRYPTO_thread_id(),ret);
+-			return(ret);
+-			}
+-		}
+-	fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
+-	if (reconnect)
+-		{
+-		SSL_free((SSL *)ctx[2]);
+-		SSL_free((SSL *)ctx[3]);
+-		}
+-	return(0);
+-	}
+-
+-int doit(ctx)
+-char *ctx[4];
+-	{
+-	SSL_CTX *s_ctx,*c_ctx;
+-	static char cbuf[200],sbuf[200];
+-	SSL *c_ssl=NULL;
+-	SSL *s_ssl=NULL;
+-	BIO *c_to_s=NULL;
+-	BIO *s_to_c=NULL;
+-	BIO *c_bio=NULL;
+-	BIO *s_bio=NULL;
+-	int c_r,c_w,s_r,s_w;
+-	int c_want,s_want;
+-	int i;
+-	int done=0;
+-	int c_write,s_write;
+-	int do_server=0,do_client=0;
+-
+-	s_ctx=(SSL_CTX *)ctx[0];
+-	c_ctx=(SSL_CTX *)ctx[1];
+-
+-	if (ctx[2] != NULL)
+-		s_ssl=(SSL *)ctx[2];
+-	else
+-		s_ssl=SSL_new(s_ctx);
+-
+-	if (ctx[3] != NULL)
+-		c_ssl=(SSL *)ctx[3];
+-	else
+-		c_ssl=SSL_new(c_ctx);
+-
+-	if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
+-
+-	c_to_s=BIO_new(BIO_s_mem());
+-	s_to_c=BIO_new(BIO_s_mem());
+-	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+-
+-	c_bio=BIO_new(BIO_f_ssl());
+-	s_bio=BIO_new(BIO_f_ssl());
+-	if ((c_bio == NULL) || (s_bio == NULL)) goto err;
+-
+-	SSL_set_connect_state(c_ssl);
+-	SSL_set_bio(c_ssl,s_to_c,c_to_s);
+-	BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+-
+-	SSL_set_accept_state(s_ssl);
+-	SSL_set_bio(s_ssl,c_to_s,s_to_c);
+-	BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+-
+-	c_r=0; s_r=1;
+-	c_w=1; s_w=0;
+-	c_want=W_WRITE;
+-	s_want=0;
+-	c_write=1,s_write=0;
+-
+-	/* We can always do writes */
+-	for (;;)
+-		{
+-		do_server=0;
+-		do_client=0;
+-
+-		i=(int)BIO_pending(s_bio);
+-		if ((i && s_r) || s_w) do_server=1;
+-
+-		i=(int)BIO_pending(c_bio);
+-		if ((i && c_r) || c_w) do_client=1;
+-
+-		if (do_server && verbose)
+-			{
+-			if (SSL_in_init(s_ssl))
+-				printf("server waiting in SSL_accept - %s\n",
+-					SSL_state_string_long(s_ssl));
+-			else if (s_write)
+-				printf("server:SSL_write()\n");
+-			else 
+-				printf("server:SSL_read()\n");
+-			}
+-
+-		if (do_client && verbose)
+-			{
+-			if (SSL_in_init(c_ssl))
+-				printf("client waiting in SSL_connect - %s\n",
+-					SSL_state_string_long(c_ssl));
+-			else if (c_write)
+-				printf("client:SSL_write()\n");
+-			else
+-				printf("client:SSL_read()\n");
+-			}
+-
+-		if (!do_client && !do_server)
+-			{
+-			fprintf(stdout,"ERROR IN STARTUP\n");
+-			break;
+-			}
+-		if (do_client && !(done & C_DONE))
+-			{
+-			if (c_write)
+-				{
+-				i=BIO_write(c_bio,"hello from client\n",18);
+-				if (i < 0)
+-					{
+-					c_r=0;
+-					c_w=0;
+-					if (BIO_should_retry(c_bio))
+-						{
+-						if (BIO_should_read(c_bio))
+-							c_r=1;
+-						if (BIO_should_write(c_bio))
+-							c_w=1;
+-						}
+-					else
+-						{
+-						fprintf(stderr,"ERROR in CLIENT\n");
+-						return(1);
+-						}
+-					}
+-				else if (i == 0)
+-					{
+-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+-					return(1);
+-					}
+-				else
+-					{
+-					/* ok */
+-					c_write=0;
+-					}
+-				}
+-			else
+-				{
+-				i=BIO_read(c_bio,cbuf,100);
+-				if (i < 0)
+-					{
+-					c_r=0;
+-					c_w=0;
+-					if (BIO_should_retry(c_bio))
+-						{
+-						if (BIO_should_read(c_bio))
+-							c_r=1;
+-						if (BIO_should_write(c_bio))
+-							c_w=1;
+-						}
+-					else
+-						{
+-						fprintf(stderr,"ERROR in CLIENT\n");
+-						return(1);
+-						}
+-					}
+-				else if (i == 0)
+-					{
+-					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+-					return(1);
+-					}
+-				else
+-					{
+-					done|=C_DONE;
+-#ifdef undef
+-					fprintf(stdout,"CLIENT:from server:");
+-					fwrite(cbuf,1,i,stdout);
+-					fflush(stdout);
+-#endif
+-					}
+-				}
+-			}
+-
+-		if (do_server && !(done & S_DONE))
+-			{
+-			if (!s_write)
+-				{
+-				i=BIO_read(s_bio,sbuf,100);
+-				if (i < 0)
+-					{
+-					s_r=0;
+-					s_w=0;
+-					if (BIO_should_retry(s_bio))
+-						{
+-						if (BIO_should_read(s_bio))
+-							s_r=1;
+-						if (BIO_should_write(s_bio))
+-							s_w=1;
+-						}
+-					else
+-						{
+-						fprintf(stderr,"ERROR in SERVER\n");
+-						ERR_print_errors_fp(stderr);
+-						return(1);
+-						}
+-					}
+-				else if (i == 0)
+-					{
+-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+-					return(1);
+-					}
+-				else
+-					{
+-					s_write=1;
+-					s_w=1;
+-#ifdef undef
+-					fprintf(stdout,"SERVER:from client:");
+-					fwrite(sbuf,1,i,stdout);
+-					fflush(stdout);
+-#endif
+-					}
+-				}
+-			else
+-				{
+-				i=BIO_write(s_bio,"hello from server\n",18);
+-				if (i < 0)
+-					{
+-					s_r=0;
+-					s_w=0;
+-					if (BIO_should_retry(s_bio))
+-						{
+-						if (BIO_should_read(s_bio))
+-							s_r=1;
+-						if (BIO_should_write(s_bio))
+-							s_w=1;
+-						}
+-					else
+-						{
+-						fprintf(stderr,"ERROR in SERVER\n");
+-						ERR_print_errors_fp(stderr);
+-						return(1);
+-						}
+-					}
+-				else if (i == 0)
+-					{
+-					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+-					return(1);
+-					}
+-				else
+-					{
+-					s_write=0;
+-					s_r=1;
+-					done|=S_DONE;
+-					}
+-				}
+-			}
+-
+-		if ((done & S_DONE) && (done & C_DONE)) break;
+-		}
+-
+-	SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+-	SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+-
+-#ifdef undef
+-	fprintf(stdout,"DONE\n");
+-#endif
+-err:
+-	/* We have to set the BIO's to NULL otherwise they will be
+-	 * free()ed twice.  Once when th s_ssl is SSL_free()ed and
+-	 * again when c_ssl is SSL_free()ed.
+-	 * This is a hack required because s_ssl and c_ssl are sharing the same
+-	 * BIO structure and SSL_set_bio() and SSL_free() automatically
+-	 * BIO_free non NULL entries.
+-	 * You should not normally do this or be required to do this */
+-
+-	if (s_ssl != NULL)
+-		{
+-		s_ssl->rbio=NULL;
+-		s_ssl->wbio=NULL;
+-		}
+-	if (c_ssl != NULL)
+-		{
+-		c_ssl->rbio=NULL;
+-		c_ssl->wbio=NULL;
+-		}
+-
+-	/* The SSL's are optionally freed in the following calls */
+-	if (c_to_s != NULL) BIO_free(c_to_s);
+-	if (s_to_c != NULL) BIO_free(s_to_c);
+-
+-	if (c_bio != NULL) BIO_free(c_bio);
+-	if (s_bio != NULL) BIO_free(s_bio);
+-	return(0);
+-	}
+-
+-int MS_CALLBACK verify_callback(ok, xs, xi, depth, error, arg)
+-int ok;
+-X509 *xs;
+-X509 *xi;
+-int depth;
+-int error;
+-char *arg;
+-	{
+-	char buf[256];
+-
+-	if (verbose)
+-		{
+-		X509_NAME_oneline(X509_get_subject_name(xs),buf,256);
+-		if (ok)
+-			fprintf(stderr,"depth=%d %s\n",depth,buf);
+-		else
+-			fprintf(stderr,"depth=%d error=%d %s\n",depth,error,buf);
+-		}
+-	return(ok);
+-	}
+-
+-#define THREAD_STACK_SIZE (16*1024)
+-
+-#ifdef WIN32
+-
+-static PRLOCK lock_cs[CRYPTO_NUM_LOCKS];
+-
+-void thread_setup()
+-	{
+-	int i;
+-
+-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+-		{
+-		lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
+-		}
+-
+-	CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
+-	/* id callback defined */
+-	}
+-
+-void thread_cleanup()
+-	{
+-	int i;
+-
+-	CRYPTO_set_locking_callback(NULL);
+-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+-		CloseHandle(lock_cs[i]);
+-	}
+-
+-void win32_locking_callback(mode,type,file,line)
+-int mode;
+-int type;
+-char *file;
+-int line;
+-	{
+-	if (mode & CRYPTO_LOCK)
+-		{
+-		WaitForSingleObject(lock_cs[type],INFINITE);
+-		}
+-	else
+-		{
+-		ReleaseMutex(lock_cs[type]);
+-		}
+-	}
+-
+-void do_threads(s_ctx,c_ctx)
+-SSL_CTX *s_ctx,*c_ctx;
+-	{
+-	double ret;
+-	SSL_CTX *ssl_ctx[2];
+-	DWORD thread_id[MAX_THREAD_NUMBER];
+-	HANDLE thread_handle[MAX_THREAD_NUMBER];
+-	int i;
+-	SYSTEMTIME start,end;
+-
+-	ssl_ctx[0]=s_ctx;
+-	ssl_ctx[1]=c_ctx;
+-
+-	GetSystemTime(&start);
+-	for (i=0; i<thread_number; i++)
+-		{
+-		thread_handle[i]=CreateThread(NULL,
+-			THREAD_STACK_SIZE,
+-			(LPTHREAD_START_ROUTINE)ndoit,
+-			(void *)ssl_ctx,
+-			0L,
+-			&(thread_id[i]));
+-		}
+-
+-	printf("reaping\n");
+-	for (i=0; i<thread_number; i+=50)
+-		{
+-		int j;
+-
+-		j=(thread_number < (i+50))?(thread_number-i):50;
+-
+-		if (WaitForMultipleObjects(j,
+-			(CONST HANDLE *)&(thread_handle[i]),TRUE,INFINITE)
+-			== WAIT_FAILED)
+-			{
+-			fprintf(stderr,"WaitForMultipleObjects failed:%d\n",GetLastError());
+-			exit(1);
+-			}
+-		}
+-	GetSystemTime(&end);
+-
+-	if (start.wDayOfWeek > end.wDayOfWeek) end.wDayOfWeek+=7;
+-	ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
+-
+-	ret=(ret+end.wHour-start.wHour)*60;
+-	ret=(ret+end.wMinute-start.wMinute)*60;
+-	ret=(ret+end.wSecond-start.wSecond);
+-	ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
+-
+-	printf("win32 threads done - %.3f seconds\n",ret);
+-	}
+-
+-#endif /* WIN32 */
+-
+-#ifdef SOLARIS
+-
+-static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+-/*static rwlock_t lock_cs[CRYPTO_NUM_LOCKS]; */
+-static long lock_count[CRYPTO_NUM_LOCKS];
+-
+-void thread_setup()
+-	{
+-	int i;
+-
+-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+-		{
+-		lock_count[i]=0;
+-		/* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
+-		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+-		}
+-
+-	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+-	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+-	}
+-
+-void thread_cleanup()
+-	{
+-	int i;
+-
+-	CRYPTO_set_locking_callback(NULL);
+-fprintf(stderr,"cleanup\n");
+-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+-		{
+-		/* rwlock_destroy(&(lock_cs[i])); */
+-		mutex_destroy(&(lock_cs[i]));
+-		fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
+-		}
+-fprintf(stderr,"done cleanup\n");
+-	}
+-
+-void solaris_locking_callback(mode,type,file,line)
+-int mode;
+-int type;
+-char *file;
+-int line;
+-	{
+-#ifdef undef
+-fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+-	CRYPTO_thread_id(),
+-	(mode&CRYPTO_LOCK)?"l":"u",
+-	(type&CRYPTO_READ)?"r":"w",file,line);
+-#endif
+-
+-/*
+-if (CRYPTO_LOCK_SSL_CERT == type)
+-	fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+-		CRYPTO_thread_id(),
+-		mode,file,line);
+-*/
+-	if (mode & CRYPTO_LOCK)
+-		{
+-	/*	if (mode & CRYPTO_READ)
+-			rw_rdlock(&(lock_cs[type]));
+-		else
+-			rw_wrlock(&(lock_cs[type])); */
+-
+-		mutex_lock(&(lock_cs[type]));
+-		lock_count[type]++;
+-		}
+-	else
+-		{
+-/*		rw_unlock(&(lock_cs[type]));  */
+-		mutex_unlock(&(lock_cs[type]));
+-		}
+-	}
+-
+-void do_threads(s_ctx,c_ctx)
+-SSL_CTX *s_ctx,*c_ctx;
+-	{
+-	SSL_CTX *ssl_ctx[2];
+-	thread_t thread_ctx[MAX_THREAD_NUMBER];
+-	int i;
+-
+-	ssl_ctx[0]=s_ctx;
+-	ssl_ctx[1]=c_ctx;
+-
+-	thr_setconcurrency(thread_number);
+-	for (i=0; i<thread_number; i++)
+-		{
+-		thr_create(NULL, THREAD_STACK_SIZE,
+-			(void *(*)())ndoit,
+-			(void *)ssl_ctx,
+-			0L,
+-			&(thread_ctx[i]));
+-		}
+-
+-	printf("reaping\n");
+-	for (i=0; i<thread_number; i++)
+-		{
+-		thr_join(thread_ctx[i],NULL,NULL);
+-		}
+-
+-	printf("solaris threads done (%d,%d)\n",
+-		s_ctx->references,c_ctx->references);
+-	}
+-
+-unsigned long solaris_thread_id()
+-	{
+-	unsigned long ret;
+-
+-	ret=(unsigned long)thr_self();
+-	return(ret);
+-	}
+-#endif /* SOLARIS */
+-
+-#ifdef IRIX
+-
+-
+-static usptr_t *arena;
+-static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
+-
+-void thread_setup()
+-	{
+-	int i;
+-	char filename[20];
+-
+-	strcpy(filename,"/tmp/mttest.XXXXXX");
+-	mktemp(filename);
+-
+-	usconfig(CONF_STHREADIOOFF);
+-	usconfig(CONF_STHREADMALLOCOFF);
+-	usconfig(CONF_INITUSERS,100);
+-	usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+-	arena=usinit(filename);
+-	unlink(filename);
+-
+-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+-		{
+-		lock_cs[i]=usnewsema(arena,1);
+-		}
+-
+-	CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+-	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+-	}
+-
+-void thread_cleanup()
+-	{
+-	int i;
+-
+-	CRYPTO_set_locking_callback(NULL);
+-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+-		{
+-		char buf[10];
+-
+-		sprintf(buf,"%2d:",i);
+-		usdumpsema(lock_cs[i],stdout,buf);
+-		usfreesema(lock_cs[i],arena);
+-		}
+-	}
+-
+-void irix_locking_callback(mode,type,file,line)
+-int mode;
+-int type;
+-char *file;
+-int line;
+-	{
+-	if (mode & CRYPTO_LOCK)
+-		{
+-		printf("lock %d\n",type);
+-		uspsema(lock_cs[type]);
+-		}
+-	else
+-		{
+-		printf("unlock %d\n",type);
+-		usvsema(lock_cs[type]);
+-		}
+-	}
+-
+-void do_threads(s_ctx,c_ctx)
+-SSL_CTX *s_ctx,*c_ctx;
+-	{
+-	SSL_CTX *ssl_ctx[2];
+-	int thread_ctx[MAX_THREAD_NUMBER];
+-	int i;
+-
+-	ssl_ctx[0]=s_ctx;
+-	ssl_ctx[1]=c_ctx;
+-
+-	for (i=0; i<thread_number; i++)
+-		{
+-		thread_ctx[i]=sproc((void (*)())ndoit,
+-			PR_SADDR|PR_SFDS,(void *)ssl_ctx);
+-		}
+-
+-	printf("reaping\n");
+-	for (i=0; i<thread_number; i++)
+-		{
+-		wait(NULL);
+-		}
+-
+-	printf("irix threads done (%d,%d)\n",
+-		s_ctx->references,c_ctx->references);
+-	}
+-
+-unsigned long irix_thread_id()
+-	{
+-	unsigned long ret;
+-
+-	ret=(unsigned long)getpid();
+-	return(ret);
+-	}
+-#endif /* IRIX */
+-
+-#ifdef PTHREADS
+-
+-static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+-static long lock_count[CRYPTO_NUM_LOCKS];
+-
+-void thread_setup()
+-	{
+-	int i;
+-
+-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+-		{
+-		lock_count[i]=0;
+-		pthread_mutex_init(&(lock_cs[i]),NULL);
+-		}
+-
+-	CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+-	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+-	}
+-
+-void thread_cleanup()
+-	{
+-	int i;
+-
+-	CRYPTO_set_locking_callback(NULL);
+-	fprintf(stderr,"cleanup\n");
+-	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+-		{
+-		pthread_mutex_destroy(&(lock_cs[i]));
+-		fprintf(stderr,"%8ld:%s\n",lock_count[i],
+-			CRYPTO_get_lock_name(i));
+-		}
+-	fprintf(stderr,"done cleanup\n");
+-	}
+-
+-void pthreads_locking_callback(mode,type,file,line)
+-int mode;
+-int type;
+-char *file;
+-int line;
+-      {
+-#ifdef undef
+-	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+-		CRYPTO_thread_id(),
+-		(mode&CRYPTO_LOCK)?"l":"u",
+-		(type&CRYPTO_READ)?"r":"w",file,line);
+-#endif
+-/*
+-	if (CRYPTO_LOCK_SSL_CERT == type)
+-		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+-		CRYPTO_thread_id(),
+-		mode,file,line);
+-*/
+-	if (mode & CRYPTO_LOCK)
+-		{
+-		pthread_mutex_lock(&(lock_cs[type]));
+-		lock_count[type]++;
+-		}
+-	else
+-		{
+-		pthread_mutex_unlock(&(lock_cs[type]));
+-		}
+-	}
+-
+-void do_threads(s_ctx,c_ctx)
+-SSL_CTX *s_ctx,*c_ctx;
+-	{
+-	SSL_CTX *ssl_ctx[2];
+-	pthread_t thread_ctx[MAX_THREAD_NUMBER];
+-	int i;
+-
+-	ssl_ctx[0]=s_ctx;
+-	ssl_ctx[1]=c_ctx;
+-
+-	/*
+-	thr_setconcurrency(thread_number);
+-	*/
+-	for (i=0; i<thread_number; i++)
+-		{
+-		pthread_create(&(thread_ctx[i]), NULL,
+-			(void *(*)())ndoit, (void *)ssl_ctx);
+-		}
+-
+-	printf("reaping\n");
+-	for (i=0; i<thread_number; i++)
+-		{
+-		pthread_join(thread_ctx[i],NULL);
+-		}
+-
+-	printf("pthreads threads done (%d,%d)\n",
+-	s_ctx->references,c_ctx->references);
+-	}
+-
+-unsigned long pthreads_thread_id()
+-	{
+-	unsigned long ret;
+-
+-	ret=(unsigned long)pthread_self();
+-	return(ret);
+-	}
+-
+-#endif /* PTHREADS */
+-
+-
+-
+Index: crypto/openssl/mt/profile.sh
+===================================================================
+RCS file: crypto/openssl/mt/profile.sh
+diff -N crypto/openssl/mt/profile.sh
+--- crypto/openssl/mt/profile.sh	10 Jan 2000 06:21:58 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,4 +0,0 @@
+-#!/bin/sh
+-/bin/rm -f mttest
+-cc -p -DSOLARIS -I../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
+-
+Index: crypto/openssl/mt/pthread.sh
+===================================================================
+RCS file: crypto/openssl/mt/pthread.sh
+diff -N crypto/openssl/mt/pthread.sh
+--- crypto/openssl/mt/pthread.sh	10 Jan 2000 06:21:58 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,9 +0,0 @@
+-#!/bin/sh
+-#
+-# build using pthreads
+-#
+-# http://www.mit.edu:8001/people/proven/pthreads.html
+-#
+-/bin/rm -f mttest
+-pgcc -DPTHREADS -I../include -g mttest.c -o mttest -L.. -lssl -lcrypto 
+-
+Index: crypto/openssl/mt/purify.sh
+===================================================================
+RCS file: crypto/openssl/mt/purify.sh
+diff -N crypto/openssl/mt/purify.sh
+--- crypto/openssl/mt/purify.sh	10 Jan 2000 06:21:58 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,4 +0,0 @@
+-#!/bin/sh
+-/bin/rm -f mttest
+-purify cc -DSOLARIS -I../include -g mttest.c -o mttest -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
+-
+Index: crypto/openssl/mt/solaris.sh
+===================================================================
+RCS file: crypto/openssl/mt/solaris.sh
+diff -N crypto/openssl/mt/solaris.sh
+--- crypto/openssl/mt/solaris.sh	10 Jan 2000 06:21:58 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,4 +0,0 @@
+-#!/bin/sh
+-/bin/rm -f mttest
+-cc -DSOLARIS -I../include -g mttest.c -o mttest -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
+-
+cvs diff: Diffing crypto/openssl/perl
+cvs diff: Diffing crypto/openssl/perl/t
+cvs diff: Diffing crypto/openssl/shlib
+Index: crypto/openssl/shlib/Makefile.hpux10-cc
+===================================================================
+RCS file: crypto/openssl/shlib/Makefile.hpux10-cc
+diff -N crypto/openssl/shlib/Makefile.hpux10-cc
+--- crypto/openssl/shlib/Makefile.hpux10-cc	20 Aug 2000 08:48:47 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,51 +0,0 @@
+-# Makefile.hpux-cc
+-
+-major=1
+-
+-slib=libssl
+-sh_slib=$(slib).so.$(major)
+-
+-clib=libcrypto
+-sh_clib=$(clib).so.$(major)
+-
+-all : $(clib).sl $(slib).sl
+-
+-
+-$(clib)_pic.a : $(clib).a
+-	echo "Copying $? to $@"
+-	cp -p $? $@
+-
+-$(slib)_pic.a : $(slib).a
+-	echo "Copying $? to $@"
+-	cp -p $? $@
+-
+-$(sh_clib) : $(clib)_pic.a
+-	echo "collecting all object files for $@"
+-	find . -name \*.o -print > allobjs
+-	for obj in `ar t $(clib)_pic.a`; \
+-	do \
+-		grep /$$obj allobjs; \
+-	done >objlist
+-	echo "linking $@"
+-	ld -b -s -z +h $@ -o $@ `cat objlist` -lc 
+-	rm allobjs objlist
+-
+-$(clib).sl : $(sh_clib)
+-	rm -f $@
+-	ln -s $? $@
+-
+-$(sh_slib) : $(slib)_pic.a $(clib).sl
+-	echo "collecting all object files for $@"
+-	find . -name \*.o -print > allobjs
+-	for obj in `ar t $(slib)_pic.a`; \
+-	do \
+-		grep /$$obj allobjs; \
+-	done >objlist
+-	echo "linking $@"
+-	ld -b -s -z +h $@ +b /usr/local/ssl/lib:/usr/lib -o $@ `cat objlist` \
+-			-L. -lcrypto -lc
+-	rm -f allobjs objlist
+-        
+-$(slib).sl : $(sh_slib)
+-	rm -f $@
+-	ln -s $? $@
+Index: crypto/openssl/shlib/hpux10-cc.sh
+===================================================================
+RCS file: crypto/openssl/shlib/hpux10-cc.sh
+diff -N crypto/openssl/shlib/hpux10-cc.sh
+--- crypto/openssl/shlib/hpux10-cc.sh	20 Aug 2000 08:48:47 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,90 +0,0 @@
+-#!/usr/bin/sh
+-#
+-# Run this script from the OpenSSL root directory:
+-# sh shlib/hpux10-cc.sh
+-# 
+-# HP-UX (10.20) shared library installation:
+-# Compile and install OpenSSL with best possible optimization:
+-# - shared libraries are compiled and installed with +O4 optimization
+-# - executable(s) are compiled and installed with +O4 optimization
+-# - static libraries are compiled and installed with +O3 optimization,
+-#   to avoid the time consuming +O4 link-time optimization when using
+-#   these libraries. (The shared libs are already optimized during build
+-#   at +O4.)
+-#
+-# This script must be run with appropriate privileges to install into
+-# /usr/local/ssl. HP-UX prevents used executables and shared libraries
+-# from being deleted or overwritten. Stop all processes using already
+-# installed items of OpenSSL.
+-#
+-# WARNING: At high optimization levels, HP's ANSI-C compiler can chew up
+-#          large amounts of memory and CPU time. Make sure to have at least
+-#          128MB of RAM available and that your kernel is configured to allow
+-#          at least 128MB data size (maxdsiz parameter).
+-#          The installation process can take several hours, even on fast
+-#          machines. +O4 optimization of the libcrypto.sl shared library may
+-#          take 1 hour on a C200 (200MHz PA8200 CPU), +O3 compilation of
+-#          fcrypt_b.c can take 20 minutes on this machine. Stay patient.
+-#
+-# SITEFLAGS: site specific flags. I do use +DAportable, since I have to
+-# support older PA1.1-type CPUs. Your mileage may vary.
+-# +w1 enables enhanced warnings, useful when working with snaphots.
+-#
+-SITEFLAGS="+DAportable +w1"
+-#
+-# Set the default additions to build with HP-UX.
+-# -D_REENTRANT must/should be defined on HP-UX manually, since we do call
+-# Configure directly.
+-# +Oall increases the optimization done.
+-#
+-MYFLAGS="-D_REENTRANT +Oall $SITEFLAGS"
+-
+-# Configure for pic and build the static pic libraries
+-perl5 Configure hpux-parisc-cc-o4 +z ${MYFLAGS}
+-make clean
+-make DIRS="crypto ssl"
+-# Rename the static pic libs and build dynamic libraries from them
+-# Be prepared to see a lot of warnings about shared libraries being built
+-# with optimizations higher than +O2. When using these libraries, it is
+-# not possible to replace internal library functions with functions from
+-# the program to be linked.
+-#
+-make -f shlib/Makefile.hpux10-cc
+-
+-# Copy the libraries to /usr/local/ssl/lib (they have to be in their
+-# final location when linking applications).
+-# If the directories are still there, no problem.
+-mkdir /usr/local
+-mkdir /usr/local/ssl
+-mkdir /usr/local/ssl/lib
+-chmod 444 lib*_pic.a
+-chmod 555 lib*.so.1
+-cp -p lib*_pic.a lib*.so.1 /usr/local/ssl/lib
+-(cd /usr/local/ssl/lib ; ln -sf libcrypto.so.1 libcrypto.sl ; ln -sf libssl.so.1 libssl.sl)
+-
+-# Reconfigure without pic to compile the executables. Unfortunately, while
+-# performing this task we have to recompile the library components, even
+-# though we use the already installed shared libs anyway.
+-#
+-perl5 Configure hpux-parisc-cc-o4 ${MYFLAGS}
+-
+-make clean
+-
+-# Hack the Makefiles to pick up the dynamic libraries during linking
+-#
+-sed 's/^PEX_LIBS=.*$/PEX_LIBS=-L\/usr\/local\/ssl\/lib -Wl,+b,\/usr\/local\/ssl\/lib:\/usr\/lib/' Makefile.ssl >xxx; mv xxx Makefile.ssl
+-sed 's/-L\.\.//' apps/Makefile.ssl >xxx; mv xxx apps/Makefile.ssl
+-sed 's/-L\.\.//' test/Makefile.ssl >xxx; mv xxx test/Makefile.ssl
+-# Build the static libs and the executables in one make.
+-make
+-# Install everything
+-make install
+-
+-# Finally build the static libs with +O3. This time we only need the libraries,
+-# once created, they are simply copied into place.
+-#
+-perl5 Configure hpux-parisc-cc ${MYFLAGS}
+-make clean
+-make DIRS="crypto ssl"
+-chmod 644 libcrypto.a libssl.a
+-cp -p libcrypto.a libssl.a /usr/local/ssl/lib
+Index: crypto/openssl/shlib/irix.sh
+===================================================================
+RCS file: crypto/openssl/shlib/irix.sh
+diff -N crypto/openssl/shlib/irix.sh
+--- crypto/openssl/shlib/irix.sh	10 Jan 2000 06:21:59 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,7 +0,0 @@
+-FLAGS="-DTERMIOS -O2 -mips2 -DB_ENDIAN -fomit-frame-pointer -Wall -Iinclude"
+-SHFLAGS="-DPIC -fpic"
+-
+-gcc -c -Icrypto $SHFLAGS $FLAGS -o crypto.o crypto/crypto.c
+-ld -shared -o libcrypto.so crypto.o
+-gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c
+-ld -shared -o libssl.so ssl.o
+Index: crypto/openssl/shlib/solaris-sc4.sh
+===================================================================
+RCS file: crypto/openssl/shlib/solaris-sc4.sh
+diff -N crypto/openssl/shlib/solaris-sc4.sh
+--- crypto/openssl/shlib/solaris-sc4.sh	10 Jan 2000 06:21:59 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,42 +0,0 @@
+-#!/bin/sh
+-
+-major="1"
+-
+-slib=libssl
+-sh_slib=$slib.so.$major
+-
+-clib=libcrypto
+-sh_clib=$clib.so.$major
+-
+-echo collecting all object files for $clib.so
+-OBJS=
+-find . -name \*.o -print > allobjs
+-for obj in `ar t libcrypto.a`
+-do
+-	OBJS="$OBJS `grep $obj allobjs`"
+-done
+-
+-echo linking $clib.so
+-cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
+-
+-rm -f $clib.so
+-ln -s $sh_clib $clib.so
+-
+-echo collecting all object files for $slib.so
+-OBJS=
+-for obj in `ar t libssl.a`
+-do
+-	OBJS="$OBJS `grep $obj allobjs`"
+-done
+-
+-echo linking $slib.so
+-cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
+-	
+-rm -f $slib.so
+-ln -s $sh_slib $slib.so
+-
+-rm -f allobjs
+-
+-mv libRSAglue.a libRSAglue.a.orig
+-mv libcrypto.a  libcrypto.a.orig
+-mv libssl.a     libssl.a.orig 
+Index: crypto/openssl/shlib/solaris.sh
+===================================================================
+RCS file: crypto/openssl/shlib/solaris.sh
+diff -N crypto/openssl/shlib/solaris.sh
+--- crypto/openssl/shlib/solaris.sh	10 Jan 2000 06:21:59 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,36 +0,0 @@
+-#!/bin/sh
+-
+-echo "#define DATE      \"`date`\"" >crypto/date.h
+-
+-major="0"
+-minor="8.0"
+-slib=libssl
+-clib=libcrypto
+-CC=gcc
+-CPP='gcc -E'
+-AS=as
+-#FLAGS='-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -mv8 -Wall'
+-FLAGS='-DTERMIO -g2 -ggdb -DL_ENDIAN -Wall -DREF_CHECK -DCRYPTO_MDEBUG'
+-INCLUDE='-Iinclude -Icrypto -Issl'
+-SHFLAGS='-DPIC -fpic'
+-
+-CFLAGS="$FLAGS $INCLUDE $SHFLAGS"
+-ASM_OBJ="";
+-
+-echo compiling bignum assember
+-$AS -o bn_asm.o crypto/bn/asm/sparc.s
+-CFLAGS="$CFLAGS -DBN_ASM"
+-ASM_OBJ="$ASM_OBJ bn_asm.o"
+-
+-echo compiling $clib
+-$CC -c $CFLAGS -DCFLAGS="\"$FLAGS\"" -o crypto.o crypto/crypto.c
+-
+-echo linking $clib.so
+-gcc $CFLAGS -shared -o $clib.so.$major.$minor crypto.o $ASM_OBJ -lnsl -lsocket
+-
+-echo compiling $slib.so
+-$CC -c $CFLAGS -o ssl.o ssl/ssl.c
+-
+-echo building $slib.so
+-gcc $CFLAGS -shared -o $slib.so ssl.o -L. -lcrypto
+-
+Index: crypto/openssl/shlib/sun.sh
+===================================================================
+RCS file: crypto/openssl/shlib/sun.sh
+diff -N crypto/openssl/shlib/sun.sh
+--- crypto/openssl/shlib/sun.sh	10 Jan 2000 06:21:59 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,8 +0,0 @@
+-FLAGS="-DTERMIO -O3 -DB_ENDIAN -fomit-frame-pointer -mv8 -Wall -Iinclude"
+-SHFLAGS="-DPIC -fpic"
+-
+-gcc -c -Icrypto $SHFLAGS -fpic $FLAGS -o crypto.o crypto/crypto.c
+-ld -G -z text -o libcrypto.so crypto.o
+-
+-gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c
+-ld -G -z text -o libssl.so ssl.o
+cvs diff: Diffing crypto/openssl/ssl
+Index: crypto/openssl/ssl/Makefile.save
+===================================================================
+RCS file: crypto/openssl/ssl/Makefile.save
+diff -N crypto/openssl/ssl/Makefile.save
+--- crypto/openssl/ssl/Makefile.save	20 Aug 2000 08:48:48 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,831 +0,0 @@
+-#
+-# SSLeay/ssl/Makefile
+-#
+-
+-DIR=	ssl
+-TOP=	..
+-CC=	cc
+-INCLUDES= -I../crypto -I../include
+-CFLAG=-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=/usr/local/ssl
+-MAKE=		make -f Makefile.ssl
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-MAKEFILE=	Makefile.ssl
+-AR=		ar r
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile README ssl-lib.com install.com
+-TEST=ssltest.c
+-APPS=
+-
+-LIB=$(TOP)/libssl.a
+-LIBSRC=	\
+-	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
+-	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
+-	s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
+-	t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
+-	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
+-	ssl_ciph.c ssl_stat.c ssl_rsa.c \
+-	ssl_asn1.c ssl_txt.c ssl_algs.c \
+-	bio_ssl.c ssl_err.c
+-LIBOBJ= \
+-	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
+-	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
+-	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
+-	t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
+-	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
+-	ssl_ciph.o ssl_stat.o ssl_rsa.o \
+-	ssl_asn1.o ssl_txt.o ssl_algs.o \
+-	bio_ssl.o ssl_err.o
+-
+-SRC= $(LIBSRC)
+-
+-EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h
+-HEADER=	$(EXHEADER) ssl_locl.h
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ..; $(MAKE) DIRS=$(DIR) all)
+-
+-all:	lib
+-
+-lib:	$(LIBOBJ)
+-	$(AR) $(LIB) $(LIBOBJ)
+-	$(RANLIB) $(LIB)
+-	@touch lib
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@$(TOP)/util/point.sh Makefile.ssl Makefile
+-	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+-	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+-	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+-
+-install:
+-	@for i in $(EXHEADER) ; \
+-	do  \
+-	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+-	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+-	done;
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-bio_ssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-bio_ssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-bio_ssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-bio_ssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-bio_ssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-bio_ssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-bio_ssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-bio_ssl.o: ../include/openssl/x509_vfy.h
+-s23_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s23_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s23_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s23_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s23_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-s23_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s23_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s23_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-s23_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s23_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s23_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s23_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s23_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s23_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s23_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s23_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s23_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s23_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s23_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s23_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s23_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s23_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s23_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s23_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s23_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s23_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s23_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s23_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s23_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s23_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s23_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s23_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s23_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s23_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s23_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s23_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s23_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s23_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s23_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s23_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s23_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-s23_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s23_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s23_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s2_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s2_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s2_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s2_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s2_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s2_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s2_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s2_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s2_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s2_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s2_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s2_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s2_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s2_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s2_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s2_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s2_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s2_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s2_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s2_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-s3_both.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s3_both.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s3_both.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s3_both.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s3_both.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s3_both.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s3_both.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s3_both.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s3_both.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s3_both.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-s3_both.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s3_both.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s3_both.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s3_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s3_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-s3_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s3_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s3_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s3_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s3_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s3_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s3_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s3_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s3_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s3_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s3_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s3_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s3_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s3_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s3_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s3_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s3_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s3_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s3_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s3_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s3_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s3_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s3_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s3_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s3_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s3_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s3_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s3_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s3_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s3_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s3_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s3_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s3_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s3_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-s3_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-s3_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s3_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-s3_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-ssl_algs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_algs.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-ssl_algs.o: ../include/openssl/des.h ../include/openssl/dh.h
+-ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ssl_algs.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ssl_algs.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ssl_algs.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ssl_algs.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-ssl_algs.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+-ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+-ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+-ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+-ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-ssl_cert.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_cert.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_cert.o: ../include/openssl/comp.h ../include/openssl/conf.h
+-ssl_cert.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ssl_cert.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+-ssl_cert.o: ssl_locl.h
+-ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-ssl_ciph.o: ../include/openssl/des.h ../include/openssl/dh.h
+-ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ssl_ciph.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ssl_ciph.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ssl_ciph.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_err.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_err.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_err.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-ssl_err.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-ssl_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ssl_err.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ssl_err.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ssl_err.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ssl_err.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ssl_err.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ssl_err.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-ssl_err.o: ../include/openssl/x509_vfy.h
+-ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_err2.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-ssl_err2.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-ssl_err2.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ssl_err2.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ssl_err2.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ssl_err2.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ssl_err2.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ssl_err2.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-ssl_err2.o: ../include/openssl/x509_vfy.h
+-ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+-ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ssl_lib.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-ssl_lib.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-ssl_lib.o: ../include/openssl/x509v3.h ssl_locl.h
+-ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-ssl_rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+-ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ssl_rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ssl_rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ssl_rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-ssl_sess.o: ../include/openssl/des.h ../include/openssl/dh.h
+-ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-ssl_sess.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-ssl_stat.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_stat.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-ssl_stat.o: ../include/openssl/des.h ../include/openssl/dh.h
+-ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ssl_stat.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ssl_stat.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ssl_stat.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ssl_stat.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-ssl_txt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_txt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-ssl_txt.o: ../include/openssl/des.h ../include/openssl/dh.h
+-ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ssl_txt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ssl_txt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ssl_txt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ssl_txt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-t1_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-t1_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-t1_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+-t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-t1_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-t1_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-t1_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-t1_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-t1_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-t1_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-t1_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-t1_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-t1_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+-t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+-t1_enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-t1_enc.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-t1_enc.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-t1_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-t1_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-t1_enc.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-t1_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-t1_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-t1_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-t1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-t1_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+-t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-t1_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-t1_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-t1_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-t1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-t1_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-t1_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-t1_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-t1_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-t1_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-t1_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-t1_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+-t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-t1_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-t1_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-t1_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-t1_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-t1_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-t1_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-t1_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-t1_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+-t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-t1_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-t1_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+-t1_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-t1_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-t1_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+-t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+Index: crypto/openssl/ssl/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/ssl/Makefile.ssl	4 Jul 2001 23:19:44 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/Makefile.ssl	31 Jul 2002 00:47:04 -0000
+@@ -229,12 +229,13 @@
+ s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ s23_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s2_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
++s2_clnt.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
++s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
++s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
++s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
++s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
++s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
++s2_clnt.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+ s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+@@ -274,12 +275,13 @@
+ s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s2_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
++s2_lib.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
++s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
++s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
++s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
++s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
++s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
++s2_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+ s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+@@ -340,12 +342,13 @@
+ s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s2_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
++s2_srvr.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
++s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
++s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
++s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
++s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
++s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
++s2_srvr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+ s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+@@ -386,12 +389,13 @@
+ s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+ s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+ s3_both.o: ../include/openssl/x509_vfy.h ssl_locl.h
+-s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s3_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
++s3_clnt.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
++s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
++s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
++s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
++s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
++s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
++s3_clnt.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+ s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+@@ -497,12 +501,13 @@
+ s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-s3_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+-s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
++s3_srvr.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
++s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
++s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
++s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
++s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
++s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
++s3_srvr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+ s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+@@ -542,12 +547,13 @@
+ ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+-ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+-ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+-ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+-ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
++ssl_asn1.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
++ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h
++ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
++ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h
++ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
++ssl_asn1.o: ../include/openssl/des.h ../include/openssl/dh.h
++ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+ ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+ ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+ ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+@@ -572,24 +578,23 @@
+ ssl_cert.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+ ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-ssl_cert.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ssl_cert.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-ssl_cert.o: ../include/openssl/md2.h ../include/openssl/md4.h
+-ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+-ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+-ssl_cert.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-ssl_cert.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+-ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+-ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+-ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+-ssl_cert.o: ssl_locl.h
++ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/err.h
++ssl_cert.o: ../include/openssl/evp.h ../include/openssl/idea.h
++ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h
++ssl_cert.o: ../include/openssl/md4.h ../include/openssl/md5.h
++ssl_cert.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
++ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
++ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
++ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
++ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
++ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
++ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
++ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
++ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
++ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
++ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
++ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
++ssl_cert.o: ../include/openssl/x509v3.h ssl_locl.h
+ ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+@@ -662,24 +667,23 @@
+ ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+ ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+ ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+-ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+-ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+-ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+-ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+-ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+-ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+-ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-ssl_lib.o: ../include/openssl/x509v3.h ssl_locl.h
++ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
++ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
++ssl_lib.o: ../include/openssl/idea.h ../include/openssl/lhash.h
++ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
++ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
++ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
++ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
++ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
++ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
++ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
++ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
++ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
++ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
++ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
++ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
++ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
++ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssl_locl.h
+ ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+ ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+ ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+@@ -702,12 +706,13 @@
+ ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+ ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+ ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+-ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+-ssl_sess.o: ../include/openssl/des.h ../include/openssl/dh.h
+-ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
++ssl_sess.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
++ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
++ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
++ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h
++ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h
++ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
++ssl_sess.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+ ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+ ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
+ ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+Index: crypto/openssl/ssl/s23_clnt.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s23_clnt.c,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 s23_clnt.c
+--- crypto/openssl/ssl/s23_clnt.c	4 Jul 2001 23:19:44 -0000	1.2.2.3
++++ crypto/openssl/ssl/s23_clnt.c	31 Jul 2002 02:39:32 -0000
+@@ -115,8 +115,8 @@
+ 	else if (s->ctx->info_callback != NULL)
+ 		cb=s->ctx->info_callback;
+ 	
+-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+ 	s->in_handshake++;
++	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+ 
+ 	for (;;)
+ 		{
+Index: crypto/openssl/ssl/s23_pkt.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s23_pkt.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 s23_pkt.c
+--- crypto/openssl/ssl/s23_pkt.c	20 Aug 2000 08:47:01 -0000	1.1.1.1.2.1
++++ crypto/openssl/ssl/s23_pkt.c	31 Jul 2002 00:47:04 -0000
+@@ -55,6 +55,59 @@
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
+  */
++/* ====================================================================
++ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
+ 
+ #include <stdio.h>
+ #include <errno.h>
+Index: crypto/openssl/ssl/s23_srvr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s23_srvr.c,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 s23_srvr.c
+--- crypto/openssl/ssl/s23_srvr.c	4 Jul 2001 23:19:44 -0000	1.2.2.3
++++ crypto/openssl/ssl/s23_srvr.c	31 Jul 2002 02:40:02 -0000
+@@ -57,6 +57,59 @@
+  *
+  * $FreeBSD: src/crypto/openssl/ssl/s23_srvr.c,v 1.2.2.3 2001/07/04 23:19:44 kris Exp $
+  */
++/* ====================================================================
++ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
+ 
+ #include <stdio.h>
+ #include <openssl/buffer.h>
+@@ -114,8 +167,8 @@
+ 	else if (s->ctx->info_callback != NULL)
+ 		cb=s->ctx->info_callback;
+ 	
+-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+ 	s->in_handshake++;
++	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+ 
+ 	for (;;)
+ 		{
+@@ -181,9 +234,9 @@
+ 			}
+ 		}
+ end:
++	s->in_handshake--;
+ 	if (cb != NULL)
+ 		cb(s,SSL_CB_ACCEPT_EXIT,ret);
+-	s->in_handshake--;
+ 	return(ret);
+ 	}
+ 
+@@ -354,17 +407,22 @@
+ 			/* We must look at client_version inside the Client Hello message
+ 			 * to get the correct minor version.
+ 			 * However if we have only a pathologically small fragment of the
+-			 * Client Hello message, this would be difficult, we'd have
+-			 * to read at least one additional record to find out.
+-			 * This doesn't usually happen in real life, so we just complain
+-			 * for now.
+-			 */
++			 * Client Hello message, this would be difficult, and we'd have
++			 * to read more records to find out.
++			 * No known SSL 3.0 client fragments ClientHello like this,
++			 * so we simply assume TLS 1.0 to avoid protocol version downgrade
++			 * attacks. */
+ 			if (p[3] == 0 && p[4] < 6)
+ 				{
++#if 0
+ 				SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+ 				goto err;
++#else
++				v[1] = TLS1_VERSION_MINOR;
++#endif
+ 				}
+-			v[1]=p[10]; /* minor version according to client_version */
++			else
++				v[1]=p[10]; /* minor version according to client_version */
+ 			if (v[1] >= TLS1_VERSION_MINOR)
+ 				{
+ 				if (!(s->options & SSL_OP_NO_TLSv1))
+@@ -378,10 +436,21 @@
+ 					type=3;
+ 					}
+ 				}
+-			else if (!(s->options & SSL_OP_NO_SSLv3))
++			else
+ 				{
+-				s->version=SSL3_VERSION;
+-				type=3;
++				/* client requests SSL 3.0 */
++				if (!(s->options & SSL_OP_NO_SSLv3))
++					{
++					s->version=SSL3_VERSION;
++					type=3;
++					}
++				else if (!(s->options & SSL_OP_NO_TLSv1))
++					{
++					/* we won't be able to use TLS of course,
++					 * but this will send an appropriate alert */
++					s->version=TLS1_VERSION;
++					type=3;
++					}
+ 				}
+ 			}
+ 		else if ((strncmp("GET ", (char *)p,4) == 0) ||
+Index: crypto/openssl/ssl/s2_clnt.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s2_clnt.c,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 s2_clnt.c
+--- crypto/openssl/ssl/s2_clnt.c	4 Jul 2001 23:19:44 -0000	1.2.2.3
++++ crypto/openssl/ssl/s2_clnt.c	31 Jul 2002 02:40:37 -0000
+@@ -54,8 +54,60 @@
+  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
++ */
++/* ====================================================================
++ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
+  *
+- * $FreeBSD: src/crypto/openssl/ssl/s2_clnt.c,v 1.2.2.3 2001/07/04 23:19:44 kris Exp $
++ * $FreeBSD: src/crypto/openssl/ssl/s2_clnt.c,v 1.2.2.4 2002/07/30 22:06:01 nectar Exp $
+  */
+ 
+ #include "ssl_locl.h"
+@@ -65,6 +117,7 @@
+ #include <openssl/buffer.h>
+ #include <openssl/objects.h>
+ #include <openssl/evp.h>
++#include "cryptlib.h"
+ 
+ static SSL_METHOD *ssl2_get_client_method(int ver);
+ static int get_server_finished(SSL *s);
+@@ -120,8 +173,8 @@
+ 		cb=s->ctx->info_callback;
+ 
+ 	/* init things to blank */
+-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+ 	s->in_handshake++;
++	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+ 
+ 	for (;;)
+ 		{
+@@ -289,6 +342,7 @@
+ 	unsigned char *buf;
+ 	unsigned char *p;
+ 	int i,j;
++	unsigned long len;
+ 	STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
+ 
+ 	buf=(unsigned char *)s->init_buf->data;
+@@ -298,6 +352,7 @@
+ 		i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
+ 		if (i < (11-s->init_num)) 
+ 			return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
++		s->init_num = 11;
+ 
+ 		if (*(p++) != SSL2_MT_SERVER_HELLO)
+ 			{
+@@ -326,18 +381,22 @@
+ 		n2s(p,i); s->s2->tmp.csl=i;
+ 		n2s(p,i); s->s2->tmp.conn_id_length=i;
+ 		s->state=SSL2_ST_GET_SERVER_HELLO_B;
+-		s->init_num=0;
+ 		}
+ 
+ 	/* SSL2_ST_GET_SERVER_HELLO_B */
+-	j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length
+-		- s->init_num;
+-	i=ssl2_read(s,(char *)&(buf[s->init_num]),j);
++	len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length;
++	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
++		{
++		SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG);
++		return -1;
++		}
++	j = (int)len - s->init_num;
++	i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
+ 	if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+ 
+ 	/* things are looking good */
+ 
+-	p=buf;
++	p = buf + 11;
+ 	if (s->hit)
+ 		{
+ 		if (s->s2->tmp.cert_length != 0) 
+@@ -460,6 +519,7 @@
+ 		}
+ 		
+ 	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
++	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ 	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
+ 	return(1);
+ 	}
+@@ -561,6 +621,7 @@
+ 		/* make key_arg data */
+ 		i=EVP_CIPHER_iv_length(c);
+ 		sess->key_arg_length=i;
++		die(i <= SSL_MAX_KEY_ARG_LENGTH);
+ 		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
+ 
+ 		/* make a master key */
+@@ -568,6 +629,7 @@
+ 		sess->master_key_length=i;
+ 		if (i > 0)
+ 			{
++			die(i <= sizeof sess->master_key);
+ 			if (RAND_bytes(sess->master_key,i) <= 0)
+ 				{
+ 				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+@@ -611,6 +673,7 @@
+ 		d+=enc;
+ 		karg=sess->key_arg_length;	
+ 		s2n(karg,p); /* key arg size */
++		die(karg <= sizeof sess->key_arg);
+ 		memcpy(d,sess->key_arg,(unsigned int)karg);
+ 		d+=karg;
+ 
+@@ -631,6 +694,7 @@
+ 		{
+ 		p=(unsigned char *)s->init_buf->data;
+ 		*(p++)=SSL2_MT_CLIENT_FINISHED;
++		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+ 		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
+ 
+ 		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
+@@ -647,11 +711,10 @@
+ 	unsigned char *p,*d;
+ 	int i;
+ 	unsigned int n;
+-	int cert_ch_len=0;
++	int cert_ch_len;
+ 	unsigned char *cert_ch;
+ 
+ 	buf=(unsigned char *)s->init_buf->data;
+-	cert_ch= &(buf[2]);
+ 
+ 	/* We have a cert associated with the SSL, so attach it to
+ 	 * the session if it does not have one */
+@@ -662,6 +725,7 @@
+ 			SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
+ 		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+ 			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
++		s->init_num += i;
+ 
+ 		/* type=buf[0]; */
+ 		/* type eq x509 */
+@@ -671,7 +735,6 @@
+ 			SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
+ 			return(-1);
+ 			}
+-		cert_ch_len=i-1;
+ 
+ 		if ((s->cert == NULL) ||
+ 			(s->cert->key->x509 == NULL) ||
+@@ -683,6 +746,9 @@
+ 			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
+ 		}
+ 
++	cert_ch = buf + 2;
++	cert_ch_len = s->init_num - 2;
++
+ 	if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
+ 		{
+ 		X509 *x509=NULL;
+@@ -788,7 +854,7 @@
+ static int get_server_verify(SSL *s)
+ 	{
+ 	unsigned char *p;
+-	int i;
++	int i, n, len;
+ 
+ 	p=(unsigned char *)s->init_buf->data;
+ 	if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
+@@ -796,9 +862,9 @@
+ 		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+ 		if (i < (1-s->init_num)) 
+ 			return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
++		s->init_num += i;
+ 
+ 		s->state= SSL2_ST_GET_SERVER_VERIFY_B;
+-		s->init_num=0;
+ 		if (*p != SSL2_MT_SERVER_VERIFY)
+ 			{
+ 			if (p[0] != SSL2_MT_ERROR)
+@@ -815,10 +881,13 @@
+ 		}
+ 	
+ 	p=(unsigned char *)s->init_buf->data;
+-	i=ssl2_read(s,(char *)&(p[s->init_num]),
+-		(unsigned int)s->s2->challenge_length-s->init_num);
+-	if (i < ((int)s->s2->challenge_length-s->init_num))
++	len = 1 + s->s2->challenge_length;
++	n =  len - s->init_num;
++	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
++	if (i < n)
+ 		return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
++	p += 1;
++
+ 	if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
+ 		{
+ 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+@@ -832,7 +901,7 @@
+ 	{
+ 	unsigned char *buf;
+ 	unsigned char *p;
+-	int i;
++	int i, n, len;
+ 
+ 	buf=(unsigned char *)s->init_buf->data;
+ 	p=buf;
+@@ -841,7 +910,8 @@
+ 		i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
+ 		if (i < (1-s->init_num))
+ 			return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
+-		s->init_num=i;
++		s->init_num += i;
++
+ 		if (*p == SSL2_MT_REQUEST_CERTIFICATE)
+ 			{
+ 			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
+@@ -858,14 +928,15 @@
+ 				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
+ 			return(-1);
+ 			}
+-		s->state=SSL_ST_OK;
+-		s->init_num=0;
++		s->state=SSL2_ST_GET_SERVER_FINISHED_B;
+ 		}
+ 
+-	i=ssl2_read(s,(char *)&(buf[s->init_num]),
+-		SSL2_SSL_SESSION_ID_LENGTH-s->init_num);
+-	if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num))
++	len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
++	n = len - s->init_num;
++	i = ssl2_read(s,(char *)&(buf[s->init_num]), n);
++	if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
+ 		return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
++	s->init_num += i;
+ 
+ 	if (!s->hit) /* new session */
+ 		{
+@@ -880,6 +951,8 @@
+ 		{
+ 		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+ 			{
++			die(s->session->session_id_length
++			    <= sizeof s->session->session_id);
+ 			if (memcmp(buf,s->session->session_id,
+ 				(unsigned int)s->session->session_id_length) != 0)
+ 				{
+@@ -889,6 +962,7 @@
+ 				}
+ 			}
+ 		}
++	s->state = SSL_ST_OK;
+ 	return(1);
+ 	}
+ 
+Index: crypto/openssl/ssl/s2_enc.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s2_enc.c,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 s2_enc.c
+--- crypto/openssl/ssl/s2_enc.c	4 Jul 2001 23:19:45 -0000	1.2.2.3
++++ crypto/openssl/ssl/s2_enc.c	31 Jul 2002 02:40:58 -0000
+@@ -113,8 +113,8 @@
+ 	}
+ 
+ /* read/writes from s->s2->mac_data using length for encrypt and 
+- * decrypt.  It sets the s->s2->padding, s->[rw]length and
+- * s->s2->pad_data ptr if we are encrypting */
++ * decrypt.  It sets s->s2->padding and s->[rw]length
++ * if we are encrypting */
+ void ssl2_enc(SSL *s, int send)
+ 	{
+ 	EVP_CIPHER_CTX *ds;
+Index: crypto/openssl/ssl/s2_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s2_lib.c,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 s2_lib.c
+--- crypto/openssl/ssl/s2_lib.c	4 Jul 2001 23:19:45 -0000	1.2.2.3
++++ crypto/openssl/ssl/s2_lib.c	31 Jul 2002 02:41:17 -0000
+@@ -64,6 +64,7 @@
+ #include <openssl/rsa.h>
+ #include <openssl/objects.h>
+ #include <openssl/md5.h>
++#include "cryptlib.h"
+ 
+ static long ssl2_default_timeout(void );
+ const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
+@@ -78,7 +79,8 @@
+ 	SSL2_TXT_NULL_WITH_MD5,
+ 	SSL2_CK_NULL_WITH_MD5,
+ 	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
+-	SSL_EXPORT|SSL_EXP40,
++	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
++	0,
+ 	0,
+ 	0,
+ 	SSL_ALL_CIPHERS,
+@@ -198,6 +200,7 @@
+ 	SSL2_TXT_NULL,
+ 	SSL2_CK_NULL,
+ 	0,
++	SSL_STRONG_NONE,
+ 	0,
+ 	0,
+ 	0,
+@@ -427,10 +430,14 @@
+ #endif
+ 
+ 	km=s->s2->key_material;
++ 	die(s->s2->key_material_length <= sizeof s->s2->key_material);
+ 	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
+ 		{
+ 		MD5_Init(&ctx);
+ 
++ 		die(s->session->master_key_length >= 0
++ 		    && s->session->master_key_length
++ 		    < sizeof s->session->master_key);
+ 		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
+ 		MD5_Update(&ctx,&c,1);
+ 		c++;
+@@ -465,6 +472,7 @@
+ /*	state=s->rwstate;*/
+ 	error=s->error;
+ 	s->error=0;
++	die(error >= 0 && error <= 3);
+ 	i=ssl2_write(s,&(buf[3-error]),error);
+ /*	if (i == error) s->rwstate=state; */
+ 
+Index: crypto/openssl/ssl/s2_pkt.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s2_pkt.c,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 s2_pkt.c
+--- crypto/openssl/ssl/s2_pkt.c	4 Jul 2001 23:19:45 -0000	1.2.2.3
++++ crypto/openssl/ssl/s2_pkt.c	31 Jul 2002 02:41:36 -0000
+@@ -56,7 +56,7 @@
+  * [including the GNU Public Licence.]
+  */
+ /* ====================================================================
+- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -131,7 +131,7 @@
+ 	unsigned char mac[MAX_MAC_SIZE];
+ 	unsigned char *p;
+ 	int i;
+-	unsigned int mac_size=0;
++	unsigned int mac_size;
+ 
+  ssl2_read_again:
+ 	if (SSL_in_init(s) && !s->in_handshake)
+@@ -236,17 +236,25 @@
+ 		/* Data portion */
+ 		if (s->s2->clear_text)
+ 			{
++			mac_size = 0;
+ 			s->s2->mac_data=p;
+ 			s->s2->ract_data=p;
+-			s->s2->pad_data=NULL;
++			if (s->s2->padding)
++				{
++				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
++				return(-1);
++				}
+ 			}
+ 		else
+ 			{
+ 			mac_size=EVP_MD_size(s->read_hash);
+ 			s->s2->mac_data=p;
+ 			s->s2->ract_data= &p[mac_size];
+-			s->s2->pad_data= &p[mac_size+
+-				s->s2->rlength-s->s2->padding];
++			if (s->s2->padding + mac_size > s->s2->rlength)
++				{
++				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
++				return(-1);
++				}
+ 			}
+ 
+ 		s->s2->ract_data_length=s->s2->rlength;
+@@ -594,10 +602,8 @@
+ 	s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
+ 	/* we copy the data into s->s2->wbuf */
+ 	memcpy(s->s2->wact_data,buf,len);
+-#ifdef PURIFY
+ 	if (p)
+-		memset(&(s->s2->wact_data[len]),0,p);
+-#endif
++		memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */
+ 
+ 	if (!s->s2->clear_text)
+ 		{
+@@ -646,27 +652,36 @@
+ 	unsigned char *p;
+ 	int j;
+ 
+-	/* check for error */
+-	if ((s->init_num == 0) && (i >= 3))
+-		{
+-		p=(unsigned char *)s->init_buf->data;
+-		if (p[0] == SSL2_MT_ERROR)
+-			{
+-			j=(p[1]<<8)|p[2];
+-			SSLerr((int)f,ssl_mt_error(j));
+-			}
+-		}
+-
+ 	if (i < 0)
+ 		{
+ 		/* ssl2_return_error(s); */
+ 		/* for non-blocking io,
+-		 * this is not fatal */
++		 * this is not necessarily fatal */
+ 		return(i);
+ 		}
+ 	else
+ 		{
+ 		s->init_num+=i;
++
++		/* Check for error.  While there are recoverable errors,
++		 * this function is not called when those must be expected;
++		 * any error detected here is fatal. */
++		if (s->init_num >= 3)
++			{
++			p=(unsigned char *)s->init_buf->data;
++			if (p[0] == SSL2_MT_ERROR)
++				{
++				j=(p[1]<<8)|p[2];
++				SSLerr((int)f,ssl_mt_error(j));
++				s->init_num -= 3;
++				if (s->init_num > 0)
++					memmove(p, p+3, s->init_num);
++				}
++			}
++
++		/* If it's not an error message, we have some error anyway --
++		 * the message was shorter than expected.  This too is treated
++		 * as fatal (at least if SSL_get_error is asked for its opinion). */
+ 		return(0);
+ 		}
+ 	}
+@@ -677,7 +692,9 @@
+ 
+ 	ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
+ 	if (ret == s->init_num)
++		{
+ 		return(1);
++		}
+ 	if (ret < 0)
+ 		return(-1);
+ 	s->init_off+=ret;
+Index: crypto/openssl/ssl/s2_srvr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s2_srvr.c,v
+retrieving revision 1.2.2.3
+diff -u -r1.2.2.3 s2_srvr.c
+--- crypto/openssl/ssl/s2_srvr.c	4 Jul 2001 23:19:45 -0000	1.2.2.3
++++ crypto/openssl/ssl/s2_srvr.c	31 Jul 2002 02:41:57 -0000
+@@ -54,6 +54,58 @@
+  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
++ */
++/* ====================================================================
++ * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
+  *
+  * $FreeBSD: src/crypto/openssl/ssl/s2_srvr.c,v 1.2.2.3 2001/07/04 23:19:45 kris Exp $
+  */
+@@ -65,6 +117,7 @@
+ #include <openssl/rand.h>
+ #include <openssl/objects.h>
+ #include <openssl/evp.h>
++#include "cryptlib.h"
+ 
+ static SSL_METHOD *ssl2_get_server_method(int ver);
+ static int get_client_master_key(SSL *s);
+@@ -121,8 +174,8 @@
+ 		cb=s->ctx->info_callback;
+ 
+ 	/* init things to blank */
+-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+ 	s->in_handshake++;
++	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+ 
+ 	if (s->cert == NULL)
+ 		{
+@@ -324,6 +377,7 @@
+ static int get_client_master_key(SSL *s)
+ 	{
+ 	int is_export,i,n,keya,ek;
++	unsigned long len;
+ 	unsigned char *p;
+ 	SSL_CIPHER *cp;
+ 	const EVP_CIPHER *c;
+@@ -336,6 +390,8 @@
+ 
+ 		if (i < (10-s->init_num))
+ 			return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
++		s->init_num = 10;
++
+ 		if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
+ 			{
+ 			if (p[-1] != SSL2_MT_ERROR)
+@@ -363,16 +419,29 @@
+ 		n2s(p,i); s->s2->tmp.clear=i;
+ 		n2s(p,i); s->s2->tmp.enc=i;
+ 		n2s(p,i); s->session->key_arg_length=i;
++		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
++			{
++			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
++				   SSL_R_KEY_ARG_TOO_LONG);
++			return -1;
++			}
+ 		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+-		s->init_num=0;
+ 		}
+ 
+ 	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
+ 	p=(unsigned char *)s->init_buf->data;
++	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
+ 	keya=s->session->key_arg_length;
+-	n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
+-	i=ssl2_read(s,(char *)&(p[s->init_num]),n);
++	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
++	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
++		{
++		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
++		return -1;
++		}
++	n = (int)len - s->init_num;
++	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+ 	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
++	p += 10;
+ 
+ 	memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
+ 		(unsigned int)keya);
+@@ -407,12 +476,13 @@
+ 	/* bad decrypt */
+ #if 1
+ 	/* If a bad decrypt, continue with protocol but with a
+-	 * dud master secret */
++	 * random master secret (Bleichenbacher attack) */
+ 	if ((i < 0) ||
+ 		((!is_export && (i != EVP_CIPHER_key_length(c)))
+-		|| (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
+-			EVP_CIPHER_key_length(c))))))
++		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
++			(unsigned int)EVP_CIPHER_key_length(c))))))
+ 		{
++		ERR_clear_error();
+ 		if (is_export)
+ 			i=ek;
+ 		else
+@@ -441,6 +511,7 @@
+ #endif
+ 
+ 	if (is_export) i+=s->s2->tmp.clear;
++	die(i <= SSL_MAX_MASTER_KEY_LENGTH);
+ 	s->session->master_key_length=i;
+ 	memcpy(s->session->master_key,p,(unsigned int)i);
+ 	return(1);
+@@ -449,6 +520,7 @@
+ static int get_client_hello(SSL *s)
+ 	{
+ 	int i,n;
++	unsigned long len;
+ 	unsigned char *p;
+ 	STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
+ 	STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
+@@ -468,6 +540,7 @@
+ 		i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
+ 		if (i < (9-s->init_num)) 
+ 			return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
++		s->init_num = 9;
+ 	
+ 		if (*(p++) != SSL2_MT_CLIENT_HELLO)
+ 			{
+@@ -492,15 +565,20 @@
+ 			return(-1);
+ 			}
+ 		s->state=SSL2_ST_GET_CLIENT_HELLO_C;
+-		s->init_num=0;
+ 		}
+ 
+ 	/* SSL2_ST_GET_CLIENT_HELLO_C */
+ 	p=(unsigned char *)s->init_buf->data;
+-	n=s->s2->tmp.cipher_spec_length+s->s2->challenge_length+
+-		s->s2->tmp.session_id_length-s->init_num;
+-	i=ssl2_read(s,(char *)&(p[s->init_num]),n);
++	len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
++	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
++		{
++		SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
++		return -1;
++		}
++	n = (int)len - s->init_num;
++	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+ 	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
++	p += 9;
+ 
+ 	/* get session-id before cipher stuff so we can get out session
+ 	 * structure if it is cached */
+@@ -581,6 +659,7 @@
+ 	p+=s->s2->tmp.session_id_length;
+ 
+ 	/* challenge */
++	die(s->s2->challenge_length <= sizeof s->s2->challenge);
+ 	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
+ 	return(1);
+ mem_err:
+@@ -706,7 +785,8 @@
+ static int get_client_finished(SSL *s)
+ 	{
+ 	unsigned char *p;
+-	int i;
++	int i, n;
++	unsigned long len;
+ 
+ 	p=(unsigned char *)s->init_buf->data;
+ 	if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
+@@ -714,6 +794,7 @@
+ 		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+ 		if (i < 1-s->init_num)
+ 			return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
++		s->init_num += i;
+ 
+ 		if (*p != SSL2_MT_CLIENT_FINISHED)
+ 			{
+@@ -726,16 +807,19 @@
+ 				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
+ 			return(-1);
+ 			}
+-		s->init_num=0;
+ 		s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
+ 		}
+ 
+ 	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+-	i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
+-	if (i < (int)s->s2->conn_id_length-s->init_num)
++	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
++	len = 1 + (unsigned long)s->s2->conn_id_length;
++	n = (int)len - s->init_num;
++	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
++	if (i < n)
+ 		{
+ 		return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
+ 		}
++	p += 1;
+ 	if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
+ 		{
+ 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+@@ -753,6 +837,7 @@
+ 		{
+ 		p=(unsigned char *)s->init_buf->data;
+ 		*(p++)=SSL2_MT_SERVER_VERIFY;
++		die(s->s2->challenge_length <= sizeof s->s2->challenge);
+ 		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
+ 		/* p+=s->s2->challenge_length; */
+ 
+@@ -772,6 +857,8 @@
+ 		p=(unsigned char *)s->init_buf->data;
+ 		*(p++)=SSL2_MT_SERVER_FINISHED;
+ 
++		die(s->session->session_id_length
++		    <= sizeof s->session->session_id);
+ 		memcpy(p,s->session->session_id,
+ 			(unsigned int)s->session->session_id_length);
+ 		/* p+=s->session->session_id_length; */
+@@ -791,6 +878,7 @@
+ 	unsigned char *p,*p2,*buf2;
+ 	unsigned char *ccd;
+ 	int i,j,ctype,ret= -1;
++	unsigned long len;
+ 	X509 *x509=NULL;
+ 	STACK_OF(X509) *sk=NULL;
+ 
+@@ -824,16 +912,28 @@
+ 	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
+ 		{
+ 		p=(unsigned char *)s->init_buf->data;
+-		i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num);
+-		if (i < 3)
++		i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */
++		if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3
++		                        * (probably NO-CERTIFICATE-ERROR) */
+ 			{
+ 			ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
+ 			goto end;
+ 			}
++		s->init_num += i;
+ 
+-		if ((*p == SSL2_MT_ERROR) && (i >= 3))
++		if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
+ 			{
+ 			n2s(p,i);
++			if (i != SSL2_PE_NO_CERTIFICATE)
++				{
++				/* not the error message we expected -- let ssl2_part_read handle it */
++				s->init_num -= 3;
++				ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);
++				goto end;
++				}
++
++			/* this is the one place where we can recover from an SSL 2.0 error */
++
+ 			if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+ 				{
+ 				ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
+@@ -843,12 +943,18 @@
+ 			ret=1;
+ 			goto end;
+ 			}
+-		if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (i < 6))
++		if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6))
+ 			{
+ 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+ 			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
+ 			goto end;
+ 			}
++		if (s->init_num != 6)
++			{
++			SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR);
++			goto end;
++			}
++		
+ 		/* ok we have a response */
+ 		/* certificate type, there is only one right now. */
+ 		ctype= *(p++);
+@@ -861,18 +967,24 @@
+ 		n2s(p,i); s->s2->tmp.clen=i;
+ 		n2s(p,i); s->s2->tmp.rlen=i;
+ 		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
+-		s->init_num=0;
+ 		}
+ 
+ 	/* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
+ 	p=(unsigned char *)s->init_buf->data;
+-	j=s->s2->tmp.clen+s->s2->tmp.rlen-s->init_num;
+-	i=ssl2_read(s,(char *)&(p[s->init_num]),j);
++	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
++	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
++		{
++		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
++		goto end;
++		}
++	j = (int)len - s->init_num;
++	i = ssl2_read(s,(char *)&(p[s->init_num]),j);
+ 	if (i < j) 
+ 		{
+ 		ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
+ 		goto end;
+ 		}
++	p += 6;
+ 
+ 	x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
+ 	if (x509 == NULL)
+Index: crypto/openssl/ssl/s3_both.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_both.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 s3_both.c
+--- crypto/openssl/ssl/s3_both.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/s3_both.c	31 Jul 2002 00:47:04 -0000
+@@ -56,7 +56,7 @@
+  * [including the GNU Public Licence.]
+  */
+ /* ====================================================================
+- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -383,7 +383,11 @@
+ 					 * if their format is correct. Does not count for
+ 					 * 'Finished' MAC. */
+ 					if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
++						{
++						s->init_num = 0;
+ 						skip_message = 1;
++						}
++			
+ 			}
+ 		while (skip_message);
+ 
+@@ -432,6 +436,7 @@
+ 	/* next state (stn) */
+ 	p=(unsigned char *)s->init_buf->data;
+ 	n=s->s3->tmp.message_size;
++	n -= s->init_num;
+ 	while (n > 0)
+ 		{
+ 		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
+@@ -523,6 +528,8 @@
+ 	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+ 	case X509_V_ERR_CERT_NOT_YET_VALID:
+ 	case X509_V_ERR_CRL_NOT_YET_VALID:
++	case X509_V_ERR_CERT_UNTRUSTED:
++	case X509_V_ERR_CERT_REJECTED:
+ 		al=SSL_AD_BAD_CERTIFICATE;
+ 		break;
+ 	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+@@ -544,11 +551,16 @@
+ 	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+ 	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+ 	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
++	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
++	case X509_V_ERR_INVALID_CA:
+ 		al=SSL_AD_UNKNOWN_CA;
+ 		break;
+ 	case X509_V_ERR_APPLICATION_VERIFICATION:
+ 		al=SSL_AD_HANDSHAKE_FAILURE;
+ 		break;
++	case X509_V_ERR_INVALID_PURPOSE:
++		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
++		break;
+ 	default:
+ 		al=SSL_AD_CERTIFICATE_UNKNOWN;
+ 		break;
+@@ -560,6 +572,7 @@
+ 	{
+ 	unsigned char *p;
+ 	unsigned int extra;
++	size_t len;
+ 
+ 	if (s->s3->rbuf.buf == NULL)
+ 		{
+@@ -567,18 +580,21 @@
+ 			extra=SSL3_RT_MAX_EXTRA;
+ 		else
+ 			extra=0;
+-		if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
+-			== NULL)
++		len = SSL3_RT_MAX_PACKET_SIZE + extra;
++		if ((p=OPENSSL_malloc(len)) == NULL)
+ 			goto err;
+-		s->s3->rbuf.buf=p;
++		s->s3->rbuf.buf = p;
++		s->s3->rbuf_len = len;
+ 		}
+ 
+ 	if (s->s3->wbuf.buf == NULL)
+ 		{
+-		if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE))
+-			== NULL)
++		len = SSL3_RT_MAX_PACKET_SIZE;
++		len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
++		if ((p=OPENSSL_malloc(len)) == NULL)
+ 			goto err;
+-		s->s3->wbuf.buf=p;
++		s->s3->wbuf.buf = p;
++		s->s3->wbuf_len = len;
+ 		}
+ 	s->packet= &(s->s3->rbuf.buf[0]);
+ 	return(1);
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_clnt.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 s3_clnt.c
+--- crypto/openssl/ssl/s3_clnt.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/s3_clnt.c	31 Jul 2002 00:47:04 -0000
+@@ -55,6 +55,59 @@
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
+  */
++/* ====================================================================
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
+ 
+ #include <stdio.h>
+ #include <openssl/buffer.h>
+@@ -64,6 +117,7 @@
+ #include <openssl/sha.h>
+ #include <openssl/evp.h>
+ #include "ssl_locl.h"
++#include "cryptlib.h"
+ 
+ static SSL_METHOD *ssl3_get_client_method(int ver);
+ static int ssl3_client_hello(SSL *s);
+@@ -119,8 +173,8 @@
+ 	else if (s->ctx->info_callback != NULL)
+ 		cb=s->ctx->info_callback;
+ 	
+-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+ 	s->in_handshake++;
++	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+ 
+ 	for (;;)
+ 		{
+@@ -441,9 +495,9 @@
+ 		skip=0;
+ 		}
+ end:
++	s->in_handshake--;
+ 	if (cb != NULL)
+ 		cb(s,SSL_CB_CONNECT_EXIT,ret);
+-	s->in_handshake--;
+ 	return(ret);
+ 	}
+ 
+@@ -492,6 +546,7 @@
+ 		*(p++)=i;
+ 		if (i != 0)
+ 			{
++			die(i <= sizeof s->session->session_id);
+ 			memcpy(p,s->session->session_id,i);
+ 			p+=i;
+ 			}
+@@ -573,6 +628,14 @@
+ 	/* get the session-id */
+ 	j= *(p++);
+ 
++       if(j > sizeof s->session->session_id)
++               {
++               al=SSL_AD_ILLEGAL_PARAMETER;
++               SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
++                      SSL_R_SSL3_SESSION_ID_TOO_LONG);
++               goto f_err;
++               }
++
+ 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+ 		{
+ 		/* SSLref returns 16 :-( */
+@@ -849,11 +912,17 @@
+ 	DH *dh=NULL;
+ #endif
+ 
++	/* use same message size as in ssl3_get_certificate_request()
++	 * as ServerKeyExchange message may be skipped */
+ 	n=ssl3_get_message(s,
+ 		SSL3_ST_CR_KEY_EXCH_A,
+ 		SSL3_ST_CR_KEY_EXCH_B,
+ 		-1,
+-		1024*8, /* ?? */
++#if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
++		1024*30,  /* 30k max cert list :-) */
++#else
++		1024*100, /* 100k max cert list :-) */
++#endif
+ 		&ok);
+ 
+ 	if (!ok) return((int)n);
+@@ -1308,6 +1377,7 @@
+ 		/* should contain no data */
+ 		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+ 		SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
++		return -1;
+ 		}
+ 	ret=1;
+ 	return(ret);
+Index: crypto/openssl/ssl/s3_enc.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_enc.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 s3_enc.c
+--- crypto/openssl/ssl/s3_enc.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/s3_enc.c	31 Jul 2002 00:47:04 -0000
+@@ -55,6 +55,59 @@
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
+  */
++/* ====================================================================
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
+ 
+ #include <stdio.h>
+ #include <openssl/md5.h>
+@@ -305,9 +358,28 @@
+ 
+ 	s->s3->tmp.key_block_length=num;
+ 	s->s3->tmp.key_block=p;
+-
++	
+ 	ssl3_generate_key_block(s,p,num);
++	
++	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
++		{
++		/* enable vulnerability countermeasure for CBC ciphers with
++		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
++		 */
++		s->s3->need_empty_fragments = 1;
+ 
++ 		if (s->session->cipher != NULL)
++			{
++			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
++ 				s->s3->need_empty_fragments = 0;
++ 			
++#ifndef NO_RC4
++ 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
++ 				s->s3->need_empty_fragments = 0;
++#endif
++ 			}
++ 		}
++		
+ 	return(1);
+ err:
+ 	SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+@@ -356,7 +428,7 @@
+ 	if ((s->session == NULL) || (ds == NULL) ||
+ 		(enc == NULL))
+ 		{
+-		memcpy(rec->data,rec->input,rec->length);
++		memmove(rec->data,rec->input,rec->length);
+ 		rec->input=rec->data;
+ 		}
+ 	else
+@@ -366,7 +438,6 @@
+ 
+ 		/* COMPRESS */
+ 
+-		/* This should be using (bs-1) and bs instead of 7 and 8 */
+ 		if ((bs != 1) && send)
+ 			{
+ 			i=bs-((int)l%bs);
+@@ -376,17 +447,31 @@
+ 			rec->length+=i;
+ 			rec->input[l-1]=(i-1);
+ 			}
+-
++		
++		if (!send)
++			{
++			if (l == 0 || l%bs != 0)
++				{
++				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
++				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
++				return 0;
++				}
++			}
++		
+ 		EVP_Cipher(ds,rec->data,rec->input,l);
+ 
+ 		if ((bs != 1) && !send)
+ 			{
+ 			i=rec->data[l-1]+1;
++			/* SSL 3.0 bounds the number of padding bytes by the block size;
++			 * padding bytes (except that last) are arbitrary */
+ 			if (i > bs)
+ 				{
+-				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
+-				return(0);
++				/* Incorrect padding. SSLerr() and ssl3_alert are done
++				 * by caller: we don't want to reveal whether this is
++				 * a decryption error or a MAC verification failure
++				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
++				return -1;
+ 				}
+ 			rec->length-=i;
+ 			}
+Index: crypto/openssl/ssl/s3_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_lib.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 s3_lib.c
+--- crypto/openssl/ssl/s3_lib.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/s3_lib.c	31 Jul 2002 00:47:04 -0000
+@@ -56,7 +56,7 @@
+  * [including the GNU Public Licence.]
+  */
+ /* ====================================================================
+- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -129,7 +129,7 @@
+ 	SSL3_TXT_RSA_NULL_MD5,
+ 	SSL3_CK_RSA_NULL_MD5,
+ 	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
+-	SSL_NOT_EXP,
++	SSL_NOT_EXP|SSL_STRONG_NONE,
+ 	0,
+ 	0,
+ 	0,
+@@ -142,7 +142,7 @@
+ 	SSL3_TXT_RSA_NULL_SHA,
+ 	SSL3_CK_RSA_NULL_SHA,
+ 	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+-	SSL_NOT_EXP,
++	SSL_NOT_EXP|SSL_STRONG_NONE,
+ 	0,
+ 	0,
+ 	0,
+@@ -170,7 +170,7 @@
+ 	SSL3_TXT_ADH_RC4_128_MD5,
+ 	SSL3_CK_ADH_RC4_128_MD5,
+ 	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+-	SSL_NOT_EXP,
++	SSL_NOT_EXP|SSL_MEDIUM,
+ 	0,
+ 	128,
+ 	128,
+@@ -196,7 +196,7 @@
+ 	SSL3_TXT_ADH_DES_64_CBC_SHA,
+ 	SSL3_CK_ADH_DES_64_CBC_SHA,
+ 	SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+-	SSL_NOT_EXP,
++	SSL_NOT_EXP|SSL_LOW,
+ 	0,
+ 	56,
+ 	56,
+@@ -209,7 +209,7 @@
+ 	SSL3_TXT_ADH_DES_192_CBC_SHA,
+ 	SSL3_CK_ADH_DES_192_CBC_SHA,
+ 	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+-	SSL_NOT_EXP,
++	SSL_NOT_EXP|SSL_HIGH,
+ 	0,
+ 	168,
+ 	168,
+@@ -490,7 +490,7 @@
+ 	SSL3_TXT_FZA_DMS_NULL_SHA,
+ 	SSL3_CK_FZA_DMS_NULL_SHA,
+ 	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+-	SSL_NOT_EXP,
++	SSL_NOT_EXP|SSL_STRONG_NONE,
+ 	0,
+ 	0,
+ 	0,
+@@ -504,7 +504,7 @@
+ 	SSL3_TXT_FZA_DMS_FZA_SHA,
+ 	SSL3_CK_FZA_DMS_FZA_SHA,
+ 	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
+-	SSL_NOT_EXP,
++	SSL_NOT_EXP|SSL_STRONG_NONE,
+ 	0,
+ 	0,
+ 	0,
+@@ -518,7 +518,7 @@
+ 	SSL3_TXT_FZA_DMS_RC4_SHA,
+ 	SSL3_CK_FZA_DMS_RC4_SHA,
+ 	SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+-	SSL_NOT_EXP,
++	SSL_NOT_EXP|SSL_MEDIUM,
+ 	0,
+ 	128,
+ 	128,
+@@ -612,7 +612,7 @@
+ 	    TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+ 	    TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+ 	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+-	    SSL_NOT_EXP,
++	    SSL_NOT_EXP|SSL_MEDIUM,
+ 	    0,
+ 	    128,
+ 	    128,
+@@ -693,6 +693,9 @@
+ 
+ int ssl3_pending(SSL *s)
+ 	{
++	if (s->rstate == SSL_ST_READ_BODY)
++		return 0;
++	
+ 	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
+ 	}
+ 
+@@ -737,6 +740,7 @@
+ void ssl3_clear(SSL *s)
+ 	{
+ 	unsigned char *rp,*wp;
++	size_t rlen, wlen;
+ 
+ 	ssl3_cleanup_key_block(s);
+ 	if (s->s3->tmp.ca_names != NULL)
+@@ -752,12 +756,16 @@
+ 		DH_free(s->s3->tmp.dh);
+ #endif
+ 
+-	rp=s->s3->rbuf.buf;
+-	wp=s->s3->wbuf.buf;
++	rp = s->s3->rbuf.buf;
++	wp = s->s3->wbuf.buf;
++	rlen = s->s3->rbuf_len;
++	wlen = s->s3->wbuf_len;
+ 
+ 	memset(s->s3,0,sizeof *s->s3);
+-	if (rp != NULL) s->s3->rbuf.buf=rp;
+-	if (wp != NULL) s->s3->wbuf.buf=wp;
++	s->s3->rbuf.buf = rp;
++	s->s3->wbuf.buf = wp;
++	s->s3->rbuf_len = rlen;
++	s->s3->wbuf_len = wlen;
+ 
+ 	ssl_free_wbio_buffer(s);
+ 
+@@ -1312,13 +1320,12 @@
+ 	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+ 	s->s3->in_read_app_data=1;
+ 	ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+-	if ((ret == -1) && (s->s3->in_read_app_data == 0))
++	if ((ret == -1) && (s->s3->in_read_app_data == 2))
+ 		{
+ 		/* ssl3_read_bytes decided to call s->handshake_func, which
+ 		 * called ssl3_read_bytes to read handshake data.
+ 		 * However, ssl3_read_bytes actually found application data
+-		 * and thinks that application data makes sense here (signalled
+-		 * by resetting 'in_read_app_data', strangely); so disable
++		 * and thinks that application data makes sense here; so disable
+ 		 * handshake processing and try to read application data again. */
+ 		s->in_handshake++;
+ 		ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+Index: crypto/openssl/ssl/s3_pkt.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_pkt.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 s3_pkt.c
+--- crypto/openssl/ssl/s3_pkt.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/s3_pkt.c	31 Jul 2002 00:47:04 -0000
+@@ -56,7 +56,7 @@
+  * [including the GNU Public Licence.]
+  */
+ /* ====================================================================
+- * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -117,7 +117,7 @@
+ #include "ssl_locl.h"
+ 
+ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+-			 unsigned int len);
++			 unsigned int len, int create_empty_fragment);
+ static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+ 			      unsigned int len);
+ static int ssl3_get_record(SSL *s);
+@@ -162,9 +162,7 @@
+ 
+ 	{
+ 		/* avoid buffer overflow */
+-		int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length;
+-		if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+-			max_max += SSL3_RT_MAX_EXTRA;
++		int max_max = s->s3->rbuf_len - s->packet_length;
+ 		if (max > max_max)
+ 			max = max_max;
+ 	}
+@@ -231,14 +229,15 @@
+ static int ssl3_get_record(SSL *s)
+ 	{
+ 	int ssl_major,ssl_minor,al;
+-	int n,i,ret= -1;
++	int enc_err,n,i,ret= -1;
+ 	SSL3_RECORD *rr;
+ 	SSL_SESSION *sess;
+ 	unsigned char *p;
+ 	unsigned char md[EVP_MAX_MD_SIZE];
+ 	short version;
+ 	unsigned int mac_size;
+-	int clear=0,extra;
++	int clear=0;
++	size_t extra;
+ 
+ 	rr= &(s->s3->rrec);
+ 	sess=s->session;
+@@ -247,14 +246,20 @@
+ 		extra=SSL3_RT_MAX_EXTRA;
+ 	else
+ 		extra=0;
++	if (extra != s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE)
++		{
++		/* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
++		 * set after ssl3_setup_buffers() was done */
++		SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_INTERNAL_ERROR);
++		return -1;
++		}
+ 
+ again:
+ 	/* check if we have the header */
+ 	if (	(s->rstate != SSL_ST_READ_BODY) ||
+ 		(s->packet_length < SSL3_RT_HEADER_LENGTH)) 
+ 		{
+-		n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH,
+-			SSL3_RT_MAX_PACKET_SIZE,0);
++		n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf_len, 0);
+ 		if (n <= 0) return(n); /* error or non-blocking */
+ 		s->rstate=SSL_ST_READ_BODY;
+ 
+@@ -291,8 +296,7 @@
+ 			goto err;
+ 			}
+ 
+-		if (rr->length > 
+-			(unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
++		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+ 			{
+ 			al=SSL_AD_RECORD_OVERFLOW;
+ 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
+@@ -304,7 +308,7 @@
+ 
+ 	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+ 
+-	if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
++	if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
+ 		{
+ 		/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
+ 		i=rr->length;
+@@ -332,7 +336,7 @@
+ 	 * rr->length bytes of encrypted compressed stuff. */
+ 
+ 	/* check is not needed I believe */
+-	if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
++	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+ 		{
+ 		al=SSL_AD_RECORD_OVERFLOW;
+ 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+@@ -342,16 +346,23 @@
+ 	/* decrypt in place in 'rr->input' */
+ 	rr->data=rr->input;
+ 
+-	if (!s->method->ssl3_enc->enc(s,0))
++	enc_err = s->method->ssl3_enc->enc(s,0);
++	if (enc_err <= 0)
+ 		{
+-		al=SSL_AD_DECRYPT_ERROR;
+-		goto f_err;
++		if (enc_err == 0)
++			/* SSLerr() and ssl3_send_alert() have been called */
++			goto err;
++
++		/* otherwise enc_err == -1 */
++		goto decryption_failed_or_bad_record_mac;
+ 		}
++
+ #ifdef TLS_DEBUG
+ printf("dec %d\n",rr->length);
+ { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+ printf("\n");
+ #endif
++
+ 	/* r->length is now the compressed data plus mac */
+ 	if (	(sess == NULL) ||
+ 		(s->enc_read_ctx == NULL) ||
+@@ -364,33 +375,37 @@
+ 
+ 		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
+ 			{
++#if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+ 			al=SSL_AD_RECORD_OVERFLOW;
+ 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+ 			goto f_err;
++#else
++			goto decryption_failed_or_bad_record_mac;
++#endif			
+ 			}
+ 		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+ 		if (rr->length < mac_size)
+ 			{
++#if 0 /* OK only for stream ciphers */
+ 			al=SSL_AD_DECODE_ERROR;
+ 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+ 			goto f_err;
++#else
++			goto decryption_failed_or_bad_record_mac;
++#endif
+ 			}
+ 		rr->length-=mac_size;
+ 		i=s->method->ssl3_enc->mac(s,md,0);
+ 		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+ 			{
+-			al=SSL_AD_BAD_RECORD_MAC;
+-			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE);
+-			ret= -1;
+-			goto f_err;
++			goto decryption_failed_or_bad_record_mac;
+ 			}
+ 		}
+ 
+ 	/* r->length is now just compressed */
+ 	if (s->expand != NULL)
+ 		{
+-		if (rr->length > 
+-			(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
++		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
+ 			{
+ 			al=SSL_AD_RECORD_OVERFLOW;
+ 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+@@ -404,7 +419,7 @@
+ 			}
+ 		}
+ 
+-	if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
++	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
+ 		{
+ 		al=SSL_AD_RECORD_OVERFLOW;
+ 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
+@@ -427,6 +442,15 @@
+ 	if (rr->length == 0) goto again;
+ 
+ 	return(1);
++
++decryption_failed_or_bad_record_mac:
++	/* Separate 'decryption_failed' alert was introduced with TLS 1.0,
++	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
++	 * failure is directly visible from the ciphertext anyway,
++	 * we should not reveal which kind of error occured -- this
++	 * might become visible to an attacker (e.g. via logfile) */
++	al=SSL_AD_BAD_RECORD_MAC;
++	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+ f_err:
+ 	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+ err:
+@@ -488,7 +512,7 @@
+ 		if (i == 0)
+ 			{
+ 			SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+-			return(-1);
++			return -1;
+ 			}
+ 		}
+ 
+@@ -500,18 +524,22 @@
+ 		else
+ 			nw=n;
+ 
+-		i=do_ssl3_write(s,type,&(buf[tot]),nw);
++		i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
+ 		if (i <= 0)
+ 			{
+ 			s->s3->wnum=tot;
+-			return(i);
++			return i;
+ 			}
+ 
+ 		if ((i == (int)n) ||
+ 			(type == SSL3_RT_APPLICATION_DATA &&
+ 			 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
+ 			{
+-			return(tot+i);
++			/* next chunk of data should get another prepended empty fragment
++			 * in ciphersuites with known-IV weakness: */
++			s->s3->empty_fragment_done = 0;
++			
++			return tot+i;
+ 			}
+ 
+ 		n-=i;
+@@ -520,15 +548,16 @@
+ 	}
+ 
+ static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+-			 unsigned int len)
++			 unsigned int len, int create_empty_fragment)
+ 	{
+ 	unsigned char *p,*plen;
+ 	int i,mac_size,clear=0;
++	int prefix_len = 0;
+ 	SSL3_RECORD *wr;
+ 	SSL3_BUFFER *wb;
+ 	SSL_SESSION *sess;
+ 
+-	/* first check is there is a SSL3_RECORD still being written
++	/* first check if there is a SSL3_BUFFER still being written
+ 	 * out.  This will happen with non blocking IO */
+ 	if (s->s3->wbuf.left != 0)
+ 		return(ssl3_write_pending(s,type,buf,len));
+@@ -542,7 +571,8 @@
+ 		/* if it went, fall through and send more stuff */
+ 		}
+ 
+-	if (len == 0) return(len);
++	if (len == 0 && !create_empty_fragment)
++		return 0;
+ 
+ 	wr= &(s->s3->wrec);
+ 	wb= &(s->s3->wbuf);
+@@ -558,16 +588,44 @@
+ 	else
+ 		mac_size=EVP_MD_size(s->write_hash);
+ 
+-	p=wb->buf;
++	/* 'create_empty_fragment' is true only when this function calls itself */
++	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
++		{
++		/* countermeasure against known-IV weakness in CBC ciphersuites
++		 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
++
++		if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
++			{
++			/* recursive function call with 'create_empty_fragment' set;
++			 * this prepares and buffers the data for an empty fragment
++			 * (these 'prefix_len' bytes are sent out later
++			 * together with the actual payload) */
++			prefix_len = do_ssl3_write(s, type, buf, 0, 1);
++			if (prefix_len <= 0)
++				goto err;
++
++			if (s->s3->wbuf_len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
++				{
++				/* insufficient space */
++				SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR);
++				goto err;
++				}
++			}
++		
++		s->s3->empty_fragment_done = 1;
++		}
++
++	p = wb->buf + prefix_len;
+ 
+ 	/* write the header */
++
+ 	*(p++)=type&0xff;
+ 	wr->type=type;
+ 
+ 	*(p++)=(s->version>>8);
+ 	*(p++)=s->version&0xff;
+ 
+-	/* record where we are to write out packet length */
++	/* field where we are to write out packet length */
+ 	plen=p; 
+ 	p+=2;
+ 
+@@ -618,19 +676,28 @@
+ 	wr->type=type; /* not needed but helps for debugging */
+ 	wr->length+=SSL3_RT_HEADER_LENGTH;
+ 
+-	/* Now lets setup wb */
+-	wb->left=wr->length;
+-	wb->offset=0;
++	if (create_empty_fragment)
++		{
++		/* we are in a recursive call;
++		 * just return the length, don't write out anything here
++		 */
++		return wr->length;
++		}
++
++	/* now let's set up wb */
++	wb->left = prefix_len + wr->length;
++	wb->offset = 0;
+ 
++	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */
+ 	s->s3->wpend_tot=len;
+ 	s->s3->wpend_buf=buf;
+ 	s->s3->wpend_type=type;
+ 	s->s3->wpend_ret=len;
+ 
+ 	/* we now just need to write the buffer */
+-	return(ssl3_write_pending(s,type,buf,len));
++	return ssl3_write_pending(s,type,buf,len);
+ err:
+-	return(-1);
++	return -1;
+ 	}
+ 
+ /* if s->s3->wbuf.left != 0, we need to call this */
+@@ -1056,6 +1123,7 @@
+ 		/* TLS just ignores unknown message types */
+ 		if (s->version == TLS1_VERSION)
+ 			{
++			rr->length = 0;
+ 			goto start;
+ 			}
+ #endif
+@@ -1092,7 +1160,7 @@
+ 					)
+ 				))
+ 			{
+-			s->s3->in_read_app_data=0;
++			s->s3->in_read_app_data=2;
+ 			return(-1);
+ 			}
+ 		else
+@@ -1156,6 +1224,8 @@
+ 	{
+ 	/* Map tls/ssl alert value to correct one */
+ 	desc=s->method->ssl3_enc->alert_value(desc);
++	if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
++		desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
+ 	if (desc < 0) return;
+ 	/* If a fatal one, remove from cache */
+ 	if ((level == 2) && (s->session != NULL))
+@@ -1164,7 +1234,7 @@
+ 	s->s3->alert_dispatch=1;
+ 	s->s3->send_alert[0]=level;
+ 	s->s3->send_alert[1]=desc;
+-	if (s->s3->wbuf.left == 0) /* data still being written out */
++	if (s->s3->wbuf.left == 0) /* data still being written out? */
+ 		ssl3_dispatch_alert(s);
+ 	/* else data is still being written out, we will get written
+ 	 * some time in the future */
+@@ -1176,16 +1246,16 @@
+ 	void (*cb)()=NULL;
+ 
+ 	s->s3->alert_dispatch=0;
+-	i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2);
++	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
+ 	if (i <= 0)
+ 		{
+ 		s->s3->alert_dispatch=1;
+ 		}
+ 	else
+ 		{
+-		/* If it is important, send it now.  If the message
+-		 * does not get sent due to non-blocking IO, we will
+-		 * not worry too much. */
++		/* Alert sent to BIO.  If it is important, flush it now.
++		 * If the message does not get sent due to non-blocking IO,
++		 * we will not worry too much. */
+ 		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+ 			(void)BIO_flush(s->wbio);
+ 
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_srvr.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 s3_srvr.c
+--- crypto/openssl/ssl/s3_srvr.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/s3_srvr.c	31 Jul 2002 00:47:04 -0000
+@@ -55,6 +55,59 @@
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
+  */
++/* ====================================================================
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
+ 
+ #define REUSE_CIPHER_BUG
+ #define NETSCAPE_HANG_BUG
+@@ -69,6 +122,7 @@
+ #include <openssl/evp.h>
+ #include <openssl/x509.h>
+ #include "ssl_locl.h"
++#include "cryptlib.h"
+ 
+ static SSL_METHOD *ssl3_get_server_method(int ver);
+ static int ssl3_get_client_hello(SSL *s);
+@@ -125,8 +179,8 @@
+ 		cb=s->ctx->info_callback;
+ 
+ 	/* init things to blank */
+-	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+ 	s->in_handshake++;
++	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+ 
+ 	if (s->cert == NULL)
+ 		{
+@@ -180,21 +234,23 @@
+ 				goto end;
+ 				}
+ 
+-			/* Ok, we now need to push on a buffering BIO so that
+-			 * the output is sent in a way that TCP likes :-)
+-			 */
+-			if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+-
+ 			s->init_num=0;
+ 
+ 			if (s->state != SSL_ST_RENEGOTIATE)
+ 				{
++				/* Ok, we now need to push on a buffering BIO so that
++				 * the output is sent in a way that TCP likes :-)
++				 */
++				if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
++				
+ 				ssl3_init_finished_mac(s);
+ 				s->state=SSL3_ST_SR_CLNT_HELLO_A;
+ 				s->ctx->stats.sess_accept++;
+ 				}
+ 			else
+ 				{
++				/* s->state == SSL_ST_RENEGOTIATE,
++				 * we will just send a HelloRequest */
+ 				s->ctx->stats.sess_accept_renegotiate++;
+ 				s->state=SSL3_ST_SW_HELLO_REQ_A;
+ 				}
+@@ -215,9 +271,7 @@
+ 
+ 		case SSL3_ST_SW_HELLO_REQ_C:
+ 			s->state=SSL_ST_OK;
+-			ret=1;
+-			goto end;
+-			/* break; */
++			break;
+ 
+ 		case SSL3_ST_SR_CLNT_HELLO_A:
+ 		case SSL3_ST_SR_CLNT_HELLO_B:
+@@ -226,6 +280,7 @@
+ 			s->shutdown=0;
+ 			ret=ssl3_get_client_hello(s);
+ 			if (ret <= 0) goto end;
++			s->new_session = 2;
+ 			s->state=SSL3_ST_SW_SRVR_HELLO_A;
+ 			s->init_num=0;
+ 			break;
+@@ -456,18 +511,24 @@
+ 			/* remove buffering on output */
+ 			ssl_free_wbio_buffer(s);
+ 
+-			s->new_session=0;
+ 			s->init_num=0;
+ 
+-			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+-
+-			s->ctx->stats.sess_accept_good++;
+-			/* s->server=1; */
+-			s->handshake_func=ssl3_accept;
+-			ret=1;
+-
+-			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
++			if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
++				{
++				/* actually not necessarily a 'new' session  */
++				
++				s->new_session=0;
++				
++				ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
++				
++				s->ctx->stats.sess_accept_good++;
++				/* s->server=1; */
++				s->handshake_func=ssl3_accept;
+ 
++				if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
++				}
++			
++			ret = 1;
+ 			goto end;
+ 			/* break; */
+ 
+@@ -500,9 +561,9 @@
+ end:
+ 	/* BIO_flush(s->wbio); */
+ 
++	s->in_handshake--;
+ 	if (cb != NULL)
+ 		cb(s,SSL_CB_ACCEPT_EXIT,ret);
+-	s->in_handshake--;
+ 	return(ret);
+ 	}
+ 
+@@ -533,11 +594,17 @@
+ 	int ok;
+ 	long n;
+ 
++	/* this function is called when we really expect a Certificate message,
++	 * so permit appropriate message length */
+ 	n=ssl3_get_message(s,
+ 		SSL3_ST_SR_CERT_A,
+ 		SSL3_ST_SR_CERT_B,
+ 		-1,
+-		SSL3_RT_MAX_PLAIN_LENGTH,
++#if defined(MSDOS) && !defined(WIN32)
++		1024*30, /* 30k max cert list :-) */
++#else
++		1024*100, /* 100k max cert list :-) */
++#endif
+ 		&ok);
+ 	if (!ok) return((int)n);
+ 	s->s3->tmp.reuse_message = 1;
+@@ -595,6 +662,18 @@
+ 	s->client_version=(((int)p[0])<<8)|(int)p[1];
+ 	p+=2;
+ 
++	if (s->client_version < s->version)
++		{
++		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
++		if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
++			{
++			/* similar to ssl3_get_record, send alert using remote version number */
++			s->version = s->client_version;
++			}
++		al = SSL_AD_PROTOCOL_VERSION;
++		goto f_err;
++		}
++
+ 	/* load the client random */
+ 	memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
+ 	p+=SSL3_RANDOM_SIZE;
+@@ -633,7 +712,7 @@
+ 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
+ 		goto f_err;
+ 		}
+-	if ((i+p) > (d+n))
++	if ((p+i) >= (d+n))
+ 		{
+ 		/* not enough data */
+ 		al=SSL_AD_DECODE_ERROR;
+@@ -690,6 +769,13 @@
+ 
+ 	/* compression */
+ 	i= *(p++);
++	if ((p+i) > (d+n))
++		{
++		/* not enough data */
++		al=SSL_AD_DECODE_ERROR;
++		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
++		goto f_err;
++		}
+ 	q=p;
+ 	for (j=0; j<i; j++)
+ 		{
+@@ -737,7 +823,7 @@
+ 	/* TLS does not mind if there is extra stuff */
+ 	if (s->version == SSL3_VERSION)
+ 		{
+-		if (p > (d+n))
++		if (p < (d+n))
+ 			{
+ 			/* wrong number of bytes,
+ 			 * there could be more to follow */
+@@ -863,6 +949,7 @@
+ 			s->session->session_id_length=0;
+ 
+ 		sl=s->session->session_id_length;
++		die(sl <= sizeof s->session->session_id);
+ 		*(p++)=sl;
+ 		memcpy(p,s->session->session_id,sl);
+ 		p+=sl;
+@@ -1262,7 +1349,7 @@
+ 		SSL3_ST_SR_KEY_EXCH_A,
+ 		SSL3_ST_SR_KEY_EXCH_B,
+ 		SSL3_MT_CLIENT_KEY_EXCHANGE,
+-		400, /* ???? */
++		2048, /* ???? */
+ 		&ok);
+ 
+ 	if (!ok) return((int)n);
+@@ -1322,14 +1409,15 @@
+ 
+ 		i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+ 
++		al = -1;
++		
+ 		if (i != SSL_MAX_MASTER_KEY_LENGTH)
+ 			{
+ 			al=SSL_AD_DECODE_ERROR;
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
+-			goto f_err;
+ 			}
+ 
+-		if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
++		if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
+ 			{
+ 			/* The premaster secret must contain the same version number as the
+ 			 * ClientHello to detect version rollback attacks (strangely, the
+@@ -1347,6 +1435,27 @@
+ 				}
+ 			}
+ 
++		if (al != -1)
++			{
++#if 0
++			goto f_err;
++#else
++			/* Some decryption failure -- use random value instead as countermeasure
++			 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
++			 * (see RFC 2246, section 7.4.7.1).
++			 * But note that due to length and protocol version checking, the
++			 * attack is impractical anyway (see section 5 in D. Bleichenbacher:
++			 * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
++			 * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
++			 */
++			ERR_clear_error();
++			i = SSL_MAX_MASTER_KEY_LENGTH;
++			p[0] = s->client_version >> 8;
++			p[1] = s->client_version & 0xff;
++			RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
++#endif
++			}
++	
+ 		s->session->master_key_length=
+ 			s->method->ssl3_enc->generate_master_secret(s,
+ 				s->session->master_key,
+Index: crypto/openssl/ssl/ssl.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 ssl.h
+--- crypto/openssl/ssl/ssl.h	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/ssl.h	31 Jul 2002 00:47:04 -0000
+@@ -55,6 +55,59 @@
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
+  */
++/* ====================================================================
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
+ 
+ #ifndef HEADER_SSL_H 
+ #define HEADER_SSL_H 
+@@ -297,6 +350,7 @@
+ 	struct ssl_session_st *prev,*next;
+ 	} SSL_SESSION;
+ 
++
+ #define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
+ #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
+ #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
+@@ -308,11 +362,25 @@
+ #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
+ #define SSL_OP_TLS_ROLLBACK_BUG				0x00000400L
+ 
++/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
++ * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
++ * the workaround is not needed.  Unfortunately some broken SSL/TLS
++ * implementations cannot handle it at all, which is why we include
++ * it in SSL_OP_ALL. */
++#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
++
++/* SSL_OP_ALL: various bug workarounds that should be rather harmless */
++#define SSL_OP_ALL					0x000FFFFFL
++
+ /* If set, always create a new key when using tmp_dh parameters */
+ #define SSL_OP_SINGLE_DH_USE				0x00100000L
+ /* Set to also use the tmp_rsa key when doing RSA operations. */
+ #define SSL_OP_EPHEMERAL_RSA				0x00200000L
+ 
++#define SSL_OP_NO_SSLv2					0x01000000L
++#define SSL_OP_NO_SSLv3					0x02000000L
++#define SSL_OP_NO_TLSv1					0x04000000L
++
+ /* The next flag deliberately changes the ciphertest, this is a check
+  * for the PKCS#1 attack */
+ #define SSL_OP_PKCS1_CHECK_1				0x08000000L
+@@ -321,11 +389,7 @@
+ /* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
+ #define SSL_OP_NON_EXPORT_FIRST 			0x40000000L
+ #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x80000000L
+-#define SSL_OP_ALL					0x000FFFFFL
+ 
+-#define SSL_OP_NO_SSLv2					0x01000000L
+-#define SSL_OP_NO_SSLv3					0x02000000L
+-#define SSL_OP_NO_TLSv1					0x04000000L
+ 
+ /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+  * when just a single record has been written): */
+@@ -339,6 +403,7 @@
+  * is blocking: */
+ #define SSL_MODE_AUTO_RETRY 0x00000004L
+ 
++
+ /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+  * they cannot be used to clear bits. */
+ 
+@@ -583,7 +648,11 @@
+ 
+ 	int server;	/* are we the server side? - mostly used by SSL_clear*/
+ 
+-	int new_session;/* 1 if we are to use a new session */
++	int new_session;/* 1 if we are to use a new session.
++	                 * 2 if we are a server and are inside a handshake
++	                 *   (i.e. not just sending a HelloRequest)
++	                 * NB: For servers, the 'new' session may actually be a previously
++	                 * cached session or even the previous session */
+ 	int quiet_shutdown;/* don't send shutdown packets */
+ 	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
+ 			 * for received */
+@@ -939,6 +1008,8 @@
+ const char *	SSL_CIPHER_get_name(SSL_CIPHER *c);
+ 
+ int	SSL_get_fd(SSL *s);
++int	SSL_get_rfd(SSL *s);
++int	SSL_get_wfd(SSL *s);
+ const char  * SSL_get_cipher_list(SSL *s,int n);
+ char *	SSL_get_shared_ciphers(SSL *s, char *buf, int len);
+ int	SSL_get_read_ahead(SSL * s);
+@@ -985,7 +1056,6 @@
+ 					   const char *dir);
+ #endif
+ 
+-void	ERR_load_SSL_strings(void );
+ void	SSL_load_error_strings(void );
+ char * 	SSL_state_string(SSL *s);
+ char * 	SSL_rstate_string(SSL *s);
+@@ -1403,6 +1473,7 @@
+ #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
+ #define SSL_R_DATA_LENGTH_TOO_LONG			 146
+ #define SSL_R_DECRYPTION_FAILED				 147
++#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 1109
+ #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
+ #define SSL_R_DIGEST_CHECK_FAILED			 149
+ #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
+@@ -1413,15 +1484,18 @@
+ #define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
+ #define SSL_R_HTTPS_PROXY_REQUEST			 155
+ #define SSL_R_HTTP_REQUEST				 156
++#define SSL_R_ILLEGAL_PADDING				 1110
+ #define SSL_R_INTERNAL_ERROR				 157
+ #define SSL_R_INVALID_CHALLENGE_LENGTH			 158
+ #define SSL_R_INVALID_COMMAND				 280
+ #define SSL_R_INVALID_PURPOSE				 278
+ #define SSL_R_INVALID_TRUST				 279
++#define SSL_R_KEY_ARG_TOO_LONG				 1112
+ #define SSL_R_LENGTH_MISMATCH				 159
+ #define SSL_R_LENGTH_TOO_SHORT				 160
+ #define SSL_R_LIBRARY_BUG				 274
+ #define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
++#define SSL_R_MESSAGE_TOO_LONG				 1111
+ #define SSL_R_MISSING_DH_DSA_CERT			 162
+ #define SSL_R_MISSING_DH_KEY				 163
+ #define SSL_R_MISSING_DH_RSA_CERT			 164
+@@ -1485,6 +1559,7 @@
+ #define SSL_R_SHORT_READ				 219
+ #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
+ #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
++#define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113
+ #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
+ #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
+ #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
+Index: crypto/openssl/ssl/ssl2.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl2.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 ssl2.h
+--- crypto/openssl/ssl/ssl2.h	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/ssl2.h	31 Jul 2002 00:47:04 -0000
+@@ -189,7 +189,7 @@
+ 	unsigned char *ract_data;
+ 	unsigned char *wact_data;
+ 	unsigned char *mac_data;
+-	unsigned char *pad_data;
++	unsigned char *pad_data_UNUSED; /* only for binary compatibility with 0.9.6b */
+ 
+ 	unsigned char *read_key;
+ 	unsigned char *write_key;
+@@ -209,11 +209,11 @@
+ 		unsigned int conn_id_length;
+ 		unsigned int cert_type;	
+ 		unsigned int cert_length;
+-		int csl; 
+-		int clear;
++		unsigned int csl; 
++		unsigned int clear;
+ 		unsigned int enc; 
+ 		unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
+-		int cipher_spec_length;
++		unsigned int cipher_spec_length;
+ 		unsigned int session_id_length;
+ 		unsigned int clen;
+ 		unsigned int rlen;
+Index: crypto/openssl/ssl/ssl3.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl3.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 ssl3.h
+--- crypto/openssl/ssl/ssl3.h	26 Nov 2000 11:34:15 -0000	1.1.1.1.2.2
++++ crypto/openssl/ssl/ssl3.h	31 Jul 2002 00:47:04 -0000
+@@ -55,6 +55,59 @@
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
+  */
++/* ====================================================================
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
+ 
+ #ifndef HEADER_SSL3_H 
+ #define HEADER_SSL3_H 
+@@ -201,10 +254,13 @@
+ 
+ typedef struct ssl3_buffer_st
+ 	{
+-	unsigned char *buf;	/* SSL3_RT_MAX_PACKET_SIZE bytes (more if
+-	                   	 * SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */
+-	int offset;		/* where to 'copy from' */
+-	int left;		/* how many bytes left */
++	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
++	                         * see ssl3_setup_buffers() */
++#if 0 /* put directly into SSL3_STATE for best possible binary compatibility within 0.9.6 series */
++	size_t len;             /* buffer size */
++#endif
++	int offset;             /* where to 'copy from' */
++	int left;               /* how many bytes left */
+ 	} SSL3_BUFFER;
+ 
+ #define SSL3_CT_RSA_SIGN			1
+@@ -320,6 +376,13 @@
+ #endif
+ 		int cert_request;
+ 		} tmp;
++
++	/* flags for countermeasure against known-IV weakness */
++	int need_empty_fragments;
++	int empty_fragment_done;
++
++	size_t rbuf_len;	/* substitute for rbuf.len */
++	size_t wbuf_len;	/* substitute for wbuf.len */
+ 
+ 	} SSL3_STATE;
+ 
+Index: crypto/openssl/ssl/ssl_asn1.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl_asn1.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 ssl_asn1.c
+--- crypto/openssl/ssl/ssl_asn1.c	26 Nov 2000 11:34:15 -0000	1.1.1.1.2.2
++++ crypto/openssl/ssl/ssl_asn1.c	31 Jul 2002 00:47:04 -0000
+@@ -62,6 +62,7 @@
+ #include <openssl/objects.h>
+ #include <openssl/x509.h>
+ #include "ssl_locl.h"
++#include "cryptlib.h"
+ 
+ typedef struct ssl_session_asn1_st
+ 	{
+@@ -275,6 +276,7 @@
+ 		os.length=i;
+ 
+ 	ret->session_id_length=os.length;
++	die(os.length <= sizeof ret->session_id);
+ 	memcpy(ret->session_id,os.data,os.length);
+ 
+ 	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+Index: crypto/openssl/ssl/ssl_cert.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl_cert.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 ssl_cert.c
+--- crypto/openssl/ssl/ssl_cert.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/ssl_cert.c	31 Jul 2002 00:47:04 -0000
+@@ -461,6 +461,9 @@
+ 
+ 	X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
+ 
++	if (s->verify_callback)
++		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
++
+ 	if (s->ctx->app_verify_callback != NULL)
+ 		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
+ 	else
+@@ -748,6 +751,7 @@
+ 	ret = 1;
+ 
+ err:	
++	if (d) closedir(d);
+ 	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+ 	return ret;
+ 	}
+Index: crypto/openssl/ssl/ssl_err.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl_err.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 ssl_err.c
+--- crypto/openssl/ssl/ssl_err.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/ssl_err.c	31 Jul 2002 00:47:05 -0000
+@@ -1,6 +1,6 @@
+ /* ssl/ssl_err.c */
+ /* ====================================================================
+- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
++ * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+  *
+  * Redistribution and use in source and binary forms, with or without
+  * modification, are permitted provided that the following conditions
+@@ -258,6 +258,7 @@
+ {SSL_R_DATA_BETWEEN_CCS_AND_FINISHED     ,"data between ccs and finished"},
+ {SSL_R_DATA_LENGTH_TOO_LONG              ,"data length too long"},
+ {SSL_R_DECRYPTION_FAILED                 ,"decryption failed"},
++{SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},
+ {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
+ {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
+ {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
+@@ -268,15 +269,18 @@
+ {SSL_R_GOT_A_FIN_BEFORE_A_CCS            ,"got a fin before a ccs"},
+ {SSL_R_HTTPS_PROXY_REQUEST               ,"https proxy request"},
+ {SSL_R_HTTP_REQUEST                      ,"http request"},
++{SSL_R_ILLEGAL_PADDING                   ,"illegal padding"},
+ {SSL_R_INTERNAL_ERROR                    ,"internal error"},
+ {SSL_R_INVALID_CHALLENGE_LENGTH          ,"invalid challenge length"},
+ {SSL_R_INVALID_COMMAND                   ,"invalid command"},
+ {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
+ {SSL_R_INVALID_TRUST                     ,"invalid trust"},
++{SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
+ {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
+ {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
+ {SSL_R_LIBRARY_BUG                       ,"library bug"},
+ {SSL_R_LIBRARY_HAS_NO_CIPHERS            ,"library has no ciphers"},
++{SSL_R_MESSAGE_TOO_LONG                  ,"message too long"},
+ {SSL_R_MISSING_DH_DSA_CERT               ,"missing dh dsa cert"},
+ {SSL_R_MISSING_DH_KEY                    ,"missing dh key"},
+ {SSL_R_MISSING_DH_RSA_CERT               ,"missing dh rsa cert"},
+@@ -340,6 +344,7 @@
+ {SSL_R_SHORT_READ                        ,"short read"},
+ {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
+ {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
++{SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
+ {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
+ {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
+ {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
+Index: crypto/openssl/ssl/ssl_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl_lib.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 ssl_lib.c
+--- crypto/openssl/ssl/ssl_lib.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/ssl_lib.c	31 Jul 2002 00:47:05 -0000
+@@ -85,7 +85,6 @@
+ 
+ int SSL_clear(SSL *s)
+ 	{
+-	int state;
+ 
+ 	if (s->method == NULL)
+ 		{
+@@ -93,6 +92,12 @@
+ 		return(0);
+ 		}
+ 
++	if (ssl_clear_bad_session(s))
++		{
++		SSL_SESSION_free(s->session);
++		s->session=NULL;
++		}
++
+ 	s->error=0;
+ 	s->hit=0;
+ 	s->shutdown=0;
+@@ -110,7 +115,6 @@
+ 		}
+ #endif
+ 
+-	state=s->state; /* Keep to check if we throw away the session-id */
+ 	s->type=0;
+ 
+ 	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
+@@ -131,18 +135,12 @@
+ 
+ 	ssl_clear_cipher_ctx(s);
+ 
+-	if (ssl_clear_bad_session(s))
+-		{
+-		SSL_SESSION_free(s->session);
+-		s->session=NULL;
+-		}
+-
+ 	s->first_packet=0;
+ 
+ #if 1
+ 	/* Check to see if we were changed into a different method, if
+ 	 * so, revert back if we are not doing session-id reuse. */
+-	if ((s->session == NULL) && (s->method != s->ctx->method))
++	if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
+ 		{
+ 		s->method->ssl_free(s);
+ 		s->method=s->ctx->method;
+@@ -411,6 +409,11 @@
+ 
+ int SSL_get_fd(SSL *s)
+ 	{
++	return(SSL_get_rfd(s));
++	}
++
++int SSL_get_rfd(SSL *s)
++	{
+ 	int ret= -1;
+ 	BIO *b,*r;
+ 
+@@ -421,6 +424,18 @@
+ 	return(ret);
+ 	}
+ 
++int SSL_get_wfd(SSL *s)
++	{
++	int ret= -1;
++	BIO *b,*r;
++
++	b=SSL_get_wbio(s);
++	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
++	if (r != NULL)
++		BIO_get_fd(r,&ret);
++	return(ret);
++	}
++
+ #ifndef NO_SOCK
+ int SSL_set_fd(SSL *s,int fd)
+ 	{
+@@ -778,7 +793,10 @@
+ 
+ int SSL_renegotiate(SSL *s)
+ 	{
+-	s->new_session=1;
++	if (s->new_session == 0)
++		{
++		s->new_session=1;
++		}
+ 	return(s->method->ssl_renegotiate(s));
+ 	}
+ 
+@@ -1276,8 +1294,6 @@
+ 	{
+ 	ctx->verify_mode=mode;
+ 	ctx->default_verify_callback=cb;
+-	/* This needs cleaning up EAY EAY EAY */
+-	X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
+ 	}
+ 
+ void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
+@@ -1454,9 +1470,10 @@
+ 	 * and it would be rather hard to do anyway :-) */
+ 	if (s->session->session_id_length == 0) return;
+ 
+-	if ((s->ctx->session_cache_mode & mode)
+-		&& (!s->hit)
+-		&& SSL_CTX_add_session(s->ctx,s->session)
++	i=s->ctx->session_cache_mode;
++	if ((i & mode) && (!s->hit)
++		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
++		    || SSL_CTX_add_session(s->ctx,s->session))
+ 		&& (s->ctx->new_session_cb != NULL))
+ 		{
+ 		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
+@@ -1465,7 +1482,6 @@
+ 		}
+ 
+ 	/* auto flush every 255 connections */
+-	i=s->ctx->session_cache_mode;
+ 	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
+ 		((i & mode) == mode))
+ 		{
+Index: crypto/openssl/ssl/ssl_locl.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl_locl.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 ssl_locl.h
+--- crypto/openssl/ssl/ssl_locl.h	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/ssl_locl.h	31 Jul 2002 00:47:05 -0000
+@@ -283,16 +283,17 @@
+ #define SSL_NOT_EXP		0x00000001L
+ #define SSL_EXPORT		0x00000002L
+ 
+-#define SSL_STRONG_MASK		0x0000007cL
+-#define SSL_EXP40		0x00000004L
++#define SSL_STRONG_MASK		0x000000fcL
++#define SSL_STRONG_NONE		0x00000004L
++#define SSL_EXP40		0x00000008L
+ #define SSL_MICRO		(SSL_EXP40)
+-#define SSL_EXP56		0x00000008L
++#define SSL_EXP56		0x00000010L
+ #define SSL_MINI		(SSL_EXP56)
+-#define SSL_LOW			0x00000010L
+-#define SSL_MEDIUM		0x00000020L
+-#define SSL_HIGH		0x00000040L
++#define SSL_LOW			0x00000020L
++#define SSL_MEDIUM		0x00000040L
++#define SSL_HIGH		0x00000080L
+ 
+-/* we have used 0000007f - 25 bits left to go */
++/* we have used 000000ff - 24 bits left to go */
+ 
+ /*
+  * Macros to check the export status and cipher strength for export ciphers.
+Index: crypto/openssl/ssl/ssl_sess.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl_sess.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 ssl_sess.c
+--- crypto/openssl/ssl/ssl_sess.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/ssl_sess.c	31 Jul 2002 00:47:05 -0000
+@@ -60,6 +60,7 @@
+ #include <openssl/lhash.h>
+ #include <openssl/rand.h>
+ #include "ssl_locl.h"
++#include "cryptlib.h"
+ 
+ static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+ static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
+@@ -199,6 +200,7 @@
+ 		ss->session_id_length=0;
+ 		}
+ 
++	die(s->sid_ctx_length <= sizeof ss->sid_ctx);
+ 	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
+ 	ss->sid_ctx_length=s->sid_ctx_length;
+ 	s->session=ss;
+@@ -423,10 +425,10 @@
+ 	if ((c != NULL) && (c->session_id_length != 0))
+ 		{
+ 		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+-		r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
+-		if (r != NULL)
++		if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
+ 			{
+ 			ret=1;
++			r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
+ 			SSL_SESSION_list_remove(ctx,c);
+ 			}
+ 
+Index: crypto/openssl/ssl/ssl_stat.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl_stat.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 ssl_stat.c
+--- crypto/openssl/ssl/ssl_stat.c	20 Aug 2000 08:47:02 -0000	1.1.1.1.2.1
++++ crypto/openssl/ssl/ssl_stat.c	31 Jul 2002 00:47:05 -0000
+@@ -136,7 +136,7 @@
+ case SSL3_ST_CW_KEY_EXCH_A:	str="SSLv3 write client key exchange A"; break;
+ case SSL3_ST_CW_KEY_EXCH_B:	str="SSLv3 write client key exchange B"; break;
+ case SSL3_ST_CW_CERT_VRFY_A:	str="SSLv3 write certificate verify A"; break;
+-case SSL3_ST_CW_CERT_VRFY_B:	str="SSLv3 write certificate verify A"; break;
++case SSL3_ST_CW_CERT_VRFY_B:	str="SSLv3 write certificate verify B"; break;
+ 
+ case SSL3_ST_CW_CHANGE_A:
+ case SSL3_ST_SW_CHANGE_A:	str="SSLv3 write change cipher spec A"; break;
+@@ -145,7 +145,7 @@
+ case SSL3_ST_CW_FINISHED_A:	
+ case SSL3_ST_SW_FINISHED_A:	str="SSLv3 write finished A"; break;
+ case SSL3_ST_CW_FINISHED_B:	
+-case SSL3_ST_SW_FINISHED_B:	str="SSLv3 write finished A"; break;
++case SSL3_ST_SW_FINISHED_B:	str="SSLv3 write finished B"; break;
+ case SSL3_ST_CR_CHANGE_A:	
+ case SSL3_ST_SR_CHANGE_A:	str="SSLv3 read change cipher spec A"; break;
+ case SSL3_ST_CR_CHANGE_B:	
+@@ -387,6 +387,18 @@
+ 	case SSL3_AD_CERTIFICATE_EXPIRED:	str="CE"; break;
+ 	case SSL3_AD_CERTIFICATE_UNKNOWN:	str="CU"; break;
+ 	case SSL3_AD_ILLEGAL_PARAMETER:		str="IP"; break;
++	case TLS1_AD_DECRYPTION_FAILED:		str="DC"; break;
++	case TLS1_AD_RECORD_OVERFLOW:		str="RO"; break;
++	case TLS1_AD_UNKNOWN_CA:		str="CA"; break;
++	case TLS1_AD_ACCESS_DENIED:		str="AD"; break;
++	case TLS1_AD_DECODE_ERROR:		str="DE"; break;
++	case TLS1_AD_DECRYPT_ERROR:		str="CY"; break;
++	case TLS1_AD_EXPORT_RESTRICTION:	str="ER"; break;
++	case TLS1_AD_PROTOCOL_VERSION:		str="PV"; break;
++	case TLS1_AD_INSUFFICIENT_SECURITY:	str="IS"; break;
++	case TLS1_AD_INTERNAL_ERROR:		str="IE"; break;
++	case TLS1_AD_USER_CANCELLED:		str="US"; break;
++	case TLS1_AD_NO_RENEGOTIATION:		str="NR"; break;
+ 	default:				str="UK"; break;
+ 		}
+ 	return(str);
+@@ -433,6 +445,42 @@
+ 		break;
+ 	case SSL3_AD_ILLEGAL_PARAMETER:
+ 		str="illegal parameter";
++		break;
++	case TLS1_AD_DECRYPTION_FAILED:
++		str="decryption failed";
++		break;
++	case TLS1_AD_RECORD_OVERFLOW:
++		str="record overflow";
++		break;
++	case TLS1_AD_UNKNOWN_CA:
++		str="unknown CA";
++		break;
++	case TLS1_AD_ACCESS_DENIED:
++		str="access denied";
++		break;
++	case TLS1_AD_DECODE_ERROR:
++		str="decode error";
++		break;
++	case TLS1_AD_DECRYPT_ERROR:
++		str="decrypt error";
++		break;
++	case TLS1_AD_EXPORT_RESTRICTION:
++		str="export restriction";
++		break;
++	case TLS1_AD_PROTOCOL_VERSION:
++		str="protocol version";
++		break;
++	case TLS1_AD_INSUFFICIENT_SECURITY:
++		str="insufficient security";
++		break;
++	case TLS1_AD_INTERNAL_ERROR:
++		str="internal error";
++		break;
++	case TLS1_AD_USER_CANCELLED:
++		str="user canceled";
++		break;
++	case TLS1_AD_NO_RENEGOTIATION:
++		str="no renegotiation";
+ 		break;
+ 	default: str="unknown"; break;
+ 		}
+Index: crypto/openssl/ssl/ssltest.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssltest.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 ssltest.c
+--- crypto/openssl/ssl/ssltest.c	26 Nov 2000 11:34:16 -0000	1.1.1.1.2.2
++++ crypto/openssl/ssl/ssltest.c	31 Jul 2002 00:47:05 -0000
+@@ -848,10 +848,10 @@
+ 					if (num > 1)
+ 						--num; /* test restartability even more thoroughly */
+ 					
+-					r = BIO_nwrite(io1, &dataptr, (int)num);
++					r = BIO_nwrite0(io1, &dataptr);
+ 					assert(r > 0);
+-					assert(r <= (int)num);
+-					num = r;
++					if (r < (int)num)
++						num = r;
+ 					r = BIO_read(io2, dataptr, (int)num);
+ 					if (r != (int)num) /* can't happen */
+ 						{
+@@ -860,6 +860,13 @@
+ 						goto err;
+ 						}
+ 					progress = 1;
++					r = BIO_nwrite(io1, &dataptr, (int)num);
++					if (r != (int)num) /* can't happen */
++						{
++						fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
++							"BIO_nwrite0() bytes");
++						goto err;
++						}
+ 					
+ 					if (debug)
+ 						printf((io2 == client_io) ?
+Index: crypto/openssl/ssl/t1_enc.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/t1_enc.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 t1_enc.c
+--- crypto/openssl/ssl/t1_enc.c	4 Jul 2001 23:19:45 -0000	1.1.1.1.2.3
++++ crypto/openssl/ssl/t1_enc.c	31 Jul 2002 00:47:05 -0000
+@@ -55,6 +55,59 @@
+  * copied and put under another distribution licence
+  * [including the GNU Public Licence.]
+  */
++/* ====================================================================
++ * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ *
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer. 
++ *
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in
++ *    the documentation and/or other materials provided with the
++ *    distribution.
++ *
++ * 3. All advertising materials mentioning features or use of this
++ *    software must display the following acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++ *
++ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++ *    endorse or promote products derived from this software without
++ *    prior written permission. For written permission, please contact
++ *    openssl-core@openssl.org.
++ *
++ * 5. Products derived from this software may not be called "OpenSSL"
++ *    nor may "OpenSSL" appear in their names without prior written
++ *    permission of the OpenSSL Project.
++ *
++ * 6. Redistributions of any form whatsoever must retain the following
++ *    acknowledgment:
++ *    "This product includes software developed by the OpenSSL Project
++ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++ * OF THE POSSIBILITY OF SUCH DAMAGE.
++ * ====================================================================
++ *
++ * This product includes cryptographic software written by Eric Young
++ * (eay@cryptsoft.com).  This product includes software written by Tim
++ * Hudson (tjh@cryptsoft.com).
++ *
++ */
+ 
+ #include <stdio.h>
+ #include <openssl/comp.h>
+@@ -380,6 +433,25 @@
+ { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
+ #endif
+ 
++	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
++		{
++		/* enable vulnerability countermeasure for CBC ciphers with
++		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
++		 */
++		s->s3->need_empty_fragments = 1;
++
++		if (s->session->cipher != NULL)
++			{
++			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
++				s->s3->need_empty_fragments = 0;
++			
++#ifndef NO_RC4
++			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
++				s->s3->need_empty_fragments = 0;
++#endif
++			}
++		}
++		
+ 	return(1);
+ err:
+ 	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+@@ -420,7 +492,7 @@
+ 	if ((s->session == NULL) || (ds == NULL) ||
+ 		(enc == NULL))
+ 		{
+-		memcpy(rec->data,rec->input,rec->length);
++		memmove(rec->data,rec->input,rec->length);
+ 		rec->input=rec->data;
+ 		}
+ 	else
+@@ -447,11 +519,21 @@
+ 			rec->length+=i;
+ 			}
+ 
++		if (!send)
++			{
++			if (l == 0 || l%bs != 0)
++				{
++				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
++				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
++				return 0;
++				}
++			}
++		
+ 		EVP_Cipher(ds,rec->data,rec->input,l);
+ 
+ 		if ((bs != 1) && !send)
+ 			{
+-			ii=i=rec->data[l-1];
++			ii=i=rec->data[l-1]; /* padding_length */
+ 			i++;
+ 			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+ 				{
+@@ -462,19 +544,22 @@
+ 				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+ 					i--;
+ 				}
++			/* TLS 1.0 does not bound the number of padding bytes by the block size.
++			 * All of them must have value 'padding_length'. */
+ 			if (i > (int)rec->length)
+ 				{
+-				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+-				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+-				return(0);
++				/* Incorrect padding. SSLerr() and ssl3_alert are done
++				 * by caller: we don't want to reveal whether this is
++				 * a decryption error or a MAC verification failure
++				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
++				return -1;
+ 				}
+ 			for (j=(int)(l-i); j<(int)l; j++)
+ 				{
+ 				if (rec->data[j] != ii)
+ 					{
+-					SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
+-					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+-					return(0);
++					/* Incorrect padding */
++					return -1;
+ 					}
+ 				}
+ 			rec->length-=i;
+cvs diff: Diffing crypto/openssl/test
+Index: crypto/openssl/test/Makefile.save
+===================================================================
+RCS file: crypto/openssl/test/Makefile.save
+diff -N crypto/openssl/test/Makefile.save
+--- crypto/openssl/test/Makefile.save	20 Aug 2000 08:48:48 -0000	1.1.1.1.2.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,400 +0,0 @@
+-#
+-# test/Makefile.ssl
+-#
+-
+-DIR=		test
+-TOP=		..
+-CC=		cc
+-INCLUDES=	-I../include
+-CFLAG=		-g
+-INSTALL_PREFIX=
+-OPENSSLDIR=     /usr/local/ssl
+-INSTALLTOP=	/usr/local/ssl
+-MAKEFILE=	Makefile.ssl
+-MAKE=		make -f $(MAKEFILE)
+-MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+-PERL=		perl
+-
+-PEX_LIBS=
+-EX_LIBS= #-lnsl -lsocket
+-
+-CFLAGS= $(INCLUDES) $(CFLAG)
+-
+-GENERAL=Makefile.ssl maketests.com \
+-	tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \
+-	tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \
+-	testca.com VMSca-response.1 VMSca-response.2
+-
+-DLIBCRYPTO= ../libcrypto.a
+-DLIBSSL= ../libssl.a
+-LIBCRYPTO= -L.. -lcrypto
+-LIBSSL= -L.. -lssl
+-
+-BNTEST=		bntest
+-EXPTEST=	exptest
+-IDEATEST=	ideatest
+-SHATEST=	shatest
+-SHA1TEST=	sha1test
+-MDC2TEST=	mdc2test
+-RMDTEST=	rmdtest
+-MD2TEST=	md2test
+-MD5TEST=	md5test
+-HMACTEST=	hmactest
+-RC2TEST=	rc2test
+-RC4TEST=	rc4test
+-RC5TEST=	rc5test
+-BFTEST=		bftest
+-CASTTEST=	casttest
+-DESTEST=	destest
+-RANDTEST=	randtest
+-DHTEST=		dhtest
+-DSATEST=	dsatest
+-METHTEST=	methtest
+-SSLTEST=	ssltest
+-RSATEST=	rsa_test
+-
+-EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
+-	$(RC2TEST) $(RC4TEST) $(RC5TEST) \
+-	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
+-	$(RANDTEST) $(DHTEST) \
+-	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST)
+-
+-# $(METHTEST)
+-
+-OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
+-	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+-	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+-	$(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+-	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o
+-SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
+-	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+-	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+-	$(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+-	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c
+-
+-EXHEADER= 
+-HEADER=	$(EXHEADER)
+-
+-ALL=    $(GENERAL) $(SRC) $(HEADER)
+-
+-top:
+-	(cd ..; $(MAKE) DIRS=$(DIR) all)
+-
+-all:	exe
+-
+-exe:	$(EXE)
+-
+-files:
+-	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+-
+-links:
+-	@@$(TOP)/util/point.sh Makefile.ssl Makefile
+-
+-errors:
+-
+-install:
+-
+-tags:
+-	ctags $(SRC)
+-
+-tests:	exe apps \
+-	test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
+-	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast \
+-	test_rand test_bn test_enc test_x509 test_rsa test_crl test_sid \
+-	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
+-	test_ss test_ca test_ssl
+-
+-apps:
+-	@(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
+-
+-test_des:
+-	./$(DESTEST)
+-
+-test_idea:
+-	./$(IDEATEST)
+-
+-test_sha:
+-	./$(SHATEST)
+-	./$(SHA1TEST)
+-
+-test_mdc2:
+-	./$(MDC2TEST)
+-
+-test_md5:
+-	./$(MD5TEST)
+-
+-test_hmac:
+-	./$(HMACTEST)
+-
+-test_md2:
+-	./$(MD2TEST)
+-
+-test_rmd:
+-	./$(RMDTEST)
+-
+-test_bf:
+-	./$(BFTEST)
+-
+-test_cast:
+-	./$(CASTTEST)
+-
+-test_rc2:
+-	./$(RC2TEST)
+-
+-test_rc4:
+-	./$(RC4TEST)
+-
+-test_rc5:
+-	./$(RC5TEST)
+-
+-test_rand:
+-	./$(RANDTEST)
+-
+-test_enc:
+-	@sh ./testenc
+-
+-test_x509:
+-	echo test normal x509v1 certificate
+-	sh ./tx509 2>/dev/null
+-	echo test first x509v3 certificate
+-	sh ./tx509 v3-cert1.pem 2>/dev/null
+-	echo test second x509v3 certificate
+-	sh ./tx509 v3-cert2.pem 2>/dev/null
+-
+-test_rsa:
+-	@sh ./trsa 2>/dev/null
+-	./$(RSATEST)
+-
+-test_crl:
+-	@sh ./tcrl 2>/dev/null
+-
+-test_sid:
+-	@sh ./tsid 2>/dev/null
+-
+-test_req:
+-	@sh ./treq 2>/dev/null
+-	@sh ./treq testreq2.pem 2>/dev/null
+-
+-test_pkcs7:
+-	@sh ./tpkcs7 2>/dev/null
+-	@sh ./tpkcs7d 2>/dev/null
+-
+-test_bn:
+-	@echo starting big number library test, could take a while...
+-	@./$(BNTEST) >tmp.bntest
+-	@echo quit >>tmp.bntest
+-	@echo "running bc"
+-	@bc tmp.bntest 2>&1 | $(PERL) -e 'while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} print STDERR "."; $$i++;} print STDERR "\n$$i tests passed\n"'
+-	@echo 'test a^b%c implementations'
+-	./$(EXPTEST)
+-
+-test_verify:
+-	@echo "The following command should have some OK's and some failures"
+-	@echo "There are definitly a few expired certificates"
+-	../apps/openssl verify -CApath ../certs ../certs/*.pem
+-
+-test_dh:
+-	@echo "Generate a set of DH parameters"
+-	./$(DHTEST)
+-
+-test_dsa:
+-	@echo "Generate a set of DSA parameters"
+-	./$(DSATEST)
+-	./$(DSATEST) -app2_1
+-
+-test_gen:
+-	@echo "Generate and verify a certificate request"
+-	@sh ./testgen
+-
+-test_ss keyU.ss certU.ss certCA.ss: testss
+-	@echo "Generate and certify a test certificate"
+-	@sh ./testss
+-
+-test_ssl: keyU.ss certU.ss certCA.ss
+-	@echo "test SSL protocol"
+-	@sh ./testssl keyU.ss certU.ss certCA.ss
+-
+-test_ca:
+-	@if ../apps/openssl no-rsa; then \
+-	  echo "skipping CA.sh test -- requires RSA"; \
+-	else \
+-	  echo "Generate and certify a test certificate via the 'ca' program"; \
+-	  sh ./testca; \
+- 	fi
+-
+-lint:
+-	lint -DLINT $(INCLUDES) $(SRC)>fluff
+-
+-depend:
+-	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+-
+-dclean:
+-	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+-	mv -f Makefile.new $(MAKEFILE)
+-
+-clean:
+-	rm -f .rnd tmp.bntest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+-
+-$(DLIBSSL):
+-	(cd ../ssl; $(MAKE))
+-
+-$(DLIBCRYPTO):
+-	(cd ../crypto; $(MAKE))
+-
+-$(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
+-	$(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+-
+-$(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+-	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+-
+-# DO NOT DELETE THIS LINE -- make depend depends on it.
+-
+-bftest.o: ../include/openssl/blowfish.h
+-bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-bntest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+-bntest.o: ../include/openssl/des.h ../include/openssl/dh.h
+-bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+-bntest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+-bntest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+-bntest.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-bntest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-bntest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-bntest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+-bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+-casttest.o: ../include/openssl/cast.h
+-destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+-destest.o: ../include/openssl/opensslconf.h
+-dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+-dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+-dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+-dhtest.o: ../include/openssl/stack.h
+-dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+-dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+-dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
+-dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+-dsatest.o: ../include/openssl/stack.h
+-exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+-exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
+-exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+-exptest.o: ../include/openssl/stack.h
+-hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+-hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+-hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+-hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+-hmactest.o: ../include/openssl/idea.h ../include/openssl/md2.h
+-hmactest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+-hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+-hmactest.o: ../include/openssl/opensslv.h ../include/openssl/rc2.h
+-hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+-hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+-hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+-hmactest.o: ../include/openssl/stack.h
+-ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
+-md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
+-md5test.o: ../include/openssl/md5.h
+-mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+-mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+-randtest.o: ../include/openssl/rand.h
+-rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
+-rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+-rc5test.o: ../include/openssl/rc5.h
+-rmdtest.o: ../include/openssl/ripemd.h
+-rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+-rsa_test.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-rsa_test.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
+-rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+-rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-rsa_test.o: ../include/openssl/stack.h
+-sha1test.o: ../include/openssl/sha.h
+-shatest.o: ../include/openssl/sha.h
+-ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+-ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+-ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+-ssltest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+-ssltest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+-ssltest.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+-ssltest.o: ../include/openssl/err.h ../include/openssl/evp.h
+-ssltest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+-ssltest.o: ../include/openssl/md2.h ../include/openssl/md5.h
+-ssltest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+-ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+-ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+-ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+-ssltest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+-ssltest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+-ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+-ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+-ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+-ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+-ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+-ssltest.o: ../include/openssl/x509_vfy.h
+Index: crypto/openssl/test/Makefile.ssl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/test/Makefile.ssl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 Makefile.ssl
+--- crypto/openssl/test/Makefile.ssl	4 Jul 2001 23:19:47 -0000	1.1.1.1.2.3
++++ crypto/openssl/test/Makefile.ssl	31 Jul 2002 00:47:05 -0000
+@@ -81,7 +81,7 @@
+ ALL=    $(GENERAL) $(SRC) $(HEADER)
+ 
+ top:
+-	(cd ..; $(MAKE) DIRS=$(DIR) all)
++	(cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all)
+ 
+ all:	exe
+ 
+@@ -109,7 +109,7 @@
+ 	test_ss test_ca test_ssl
+ 
+ apps:
+-	@(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
++	@(cd ../apps; $(MAKE)  CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all)
+ 
+ test_des:
+ 	./$(DESTEST)
+@@ -191,7 +191,7 @@
+ 	@./$(BNTEST) >tmp.bntest
+ 	@echo quit >>tmp.bntest
+ 	@echo "running bc"
+-	@<tmp.bntest sh -c "`sh ./bctest || true`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
++	@<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
+ 	@echo 'test a^b%c implementations'
+ 	./$(EXPTEST)
+ 
+@@ -243,10 +243,10 @@
+ 	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+ 
+ $(DLIBSSL):
+-	(cd ../ssl; $(MAKE))
++	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ 
+ $(DLIBCRYPTO):
+-	(cd ../crypto; $(MAKE))
++	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+ 
+ $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+ 	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+@@ -344,6 +344,7 @@
+ destest.o: ../include/openssl/opensslconf.h
+ dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+ dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
++dhtest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+ dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+ dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+ dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+Index: crypto/openssl/test/bctest
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/test/bctest,v
+retrieving revision 1.1.1.2.2.1
+diff -u -r1.1.1.2.2.1 bctest
+--- crypto/openssl/test/bctest	4 Jul 2001 23:22:32 -0000	1.1.1.2.2.1
++++ crypto/openssl/test/bctest	31 Jul 2002 00:47:05 -0000
+@@ -12,10 +12,22 @@
+ 
+ 
+ IFS=:
+-for dir in $PATH; do
+-    bc="$dir/bc"
++try_without_dir=true
++# First we try "bc", then "$dir/bc" for each item in $PATH.
++for dir in dummy:$PATH; do
++    if [ "$try_without_dir" = true ]; then
++      # first iteration
++      bc=bc
++      try_without_dir=false
++    else
++      # second and later iterations
++      bc="$dir/bc"
++      if [ ! -f "$bc" ]; then  # '-x' is not available on Ultrix
++        bc=''
++      fi
++    fi
+ 
+-    if [ -x "$bc" -a ! -d "$bc" ]; then
++    if [ ! "$bc" = '' ]; then
+         failure=none
+ 
+ 
+@@ -92,5 +104,8 @@
+ done
+ 
+ echo "No working bc found.  Consider installing GNU bc." >&2
+-echo "cat >/dev/null"
++if [ "$1" = ignore ]; then
++  echo "cat >/dev/null"
++  exit 0
++fi
+ exit 1
+Index: crypto/openssl/test/dsa-ca.pem
+===================================================================
+RCS file: crypto/openssl/test/dsa-ca.pem
+diff -N crypto/openssl/test/dsa-ca.pem
+--- crypto/openssl/test/dsa-ca.pem	10 Jan 2000 06:22:01 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,43 +0,0 @@
+------BEGIN DSA PRIVATE KEY-----
+-Proc-Type: 4,ENCRYPTED
+-DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+-
+-svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+-Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+-Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+-par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+-zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+-uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+-rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+-1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+-HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+-MVqOsYxGCb+kez0FoDSTgw==
+------END DSA PRIVATE KEY-----
+------BEGIN CERTIFICATE REQUEST-----
+-MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+-ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+-sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+-rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+-cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+-bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+-CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+-F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+-vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+-AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+-3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+-AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+------END CERTIFICATE REQUEST-----
+------BEGIN CERTIFICATE-----
+-MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+-CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+-ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+-AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+-ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+-MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+-MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+-C1Q=
+------END CERTIFICATE-----
+-
+Index: crypto/openssl/test/dsa-pca.pem
+===================================================================
+RCS file: crypto/openssl/test/dsa-pca.pem
+diff -N crypto/openssl/test/dsa-pca.pem
+--- crypto/openssl/test/dsa-pca.pem	10 Jan 2000 06:22:01 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,49 +0,0 @@
+------BEGIN DSA PRIVATE KEY-----
+-Proc-Type: 4,ENCRYPTED
+-DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+-
+-GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+-mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+-of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+-FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+-RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+-qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+-diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+-V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+-hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+-dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+------END DSA PRIVATE KEY-----
+------BEGIN CERTIFICATE REQUEST-----
+-MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+-ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+-MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+-lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+-Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+-5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+-aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+-kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+-QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+-6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+-yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+-z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+-nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+------END CERTIFICATE REQUEST-----
+------BEGIN CERTIFICATE-----
+-MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+-U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+-CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+-CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+-ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+-ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+-R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+-JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+-BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+-mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+-VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+-uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+-umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+-29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+-AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+-5rKUjNBhSg==
+------END CERTIFICATE-----
+-
+Index: crypto/openssl/test/testss
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/test/testss,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 testss
+--- crypto/openssl/test/testss	20 Aug 2000 08:47:04 -0000	1.1.1.1.2.1
++++ crypto/openssl/test/testss	31 Jul 2002 00:47:05 -0000
+@@ -20,6 +20,8 @@
+ echo
+ echo "make a certificate request using 'req'"
+ 
++echo "string to make the random number generator think it has entropy" >> ./.rnd
++
+ if ../apps/openssl no-rsa; then
+   req_new='-newkey dsa:../apps/dsa512.pem'
+ else
+cvs diff: Diffing crypto/openssl/times
+cvs diff: Diffing crypto/openssl/times/090
+cvs diff: Diffing crypto/openssl/times/091
+cvs diff: Diffing crypto/openssl/times/x86
+cvs diff: Diffing crypto/openssl/tools
+Index: crypto/openssl/tools/c89.sh
+===================================================================
+RCS file: crypto/openssl/tools/c89.sh
+diff -N crypto/openssl/tools/c89.sh
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/tools/c89.sh	31 Jul 2002 00:47:05 -0000
+@@ -0,0 +1,15 @@
++#!/bin/sh -k
++#
++# Re-order arguments so that -L comes first
++#
++opts=""
++lopts=""
++        
++for arg in $* ; do
++  case $arg in
++    -L*) lopts="$lopts $arg" ;;
++    *) opts="$opts $arg" ;;
++  esac
++done
++
++c89 $lopts $opts
+Index: crypto/openssl/tools/c_rehash
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/tools/c_rehash,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 c_rehash
+--- crypto/openssl/tools/c_rehash	4 Jul 2001 23:19:48 -0000	1.1.1.1.2.2
++++ crypto/openssl/tools/c_rehash	31 Jul 2002 00:47:05 -0000
+@@ -1,4 +1,4 @@
+-#!/usr/local/bin/perl
++#!/usr/local/bin/perl5
+ 
+ 
+ # Perl c_rehash script, scan all files in a directory
+cvs diff: Diffing crypto/openssl/util
+Index: crypto/openssl/util/dirname.pl
+===================================================================
+RCS file: crypto/openssl/util/dirname.pl
+diff -N crypto/openssl/util/dirname.pl
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/util/dirname.pl	31 Jul 2002 00:47:05 -0000
+@@ -0,0 +1,18 @@
++#!/usr/local/bin/perl
++
++if ($#ARGV < 0) {
++    die "dirname.pl: too few arguments\n";
++} elsif ($#ARGV > 0) {
++    die "dirname.pl: too many arguments\n";
++}
++
++my $d = $ARGV[0];
++
++if ($d =~ m|.*/.*|) {
++    $d =~ s|/[^/]*$||;
++} else {
++    $d = ".";
++}
++
++print $d,"\n";
++exit(0);
+Index: crypto/openssl/util/domd
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/util/domd,v
+retrieving revision 1.1.1.1.2.1
+diff -u -r1.1.1.1.2.1 domd
+--- crypto/openssl/util/domd	20 Aug 2000 08:47:06 -0000	1.1.1.1.2.1
++++ crypto/openssl/util/domd	31 Jul 2002 00:47:05 -0000
+@@ -7,5 +7,5 @@
+ 
+ cp Makefile.ssl Makefile.save
+ makedepend -f Makefile.ssl $@
+-perl $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
++${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+ mv Makefile.new Makefile.ssl
+Index: crypto/openssl/util/libeay.num
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/util/libeay.num,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 libeay.num
+--- crypto/openssl/util/libeay.num	4 Jul 2001 23:19:49 -0000	1.1.1.1.2.3
++++ crypto/openssl/util/libeay.num	31 Jul 2002 00:47:05 -0000
+@@ -197,7 +197,7 @@
+ DH_new                                  205	EXIST::FUNCTION:DH
+ DH_size                                 206	EXIST::FUNCTION:DH
+ DHparams_print                          207	EXIST::FUNCTION:DH
+-DHparams_print_fp                       208	EXIST::FUNCTION:DH,FP_API
++DHparams_print_fp                       208	EXIST::FUNCTION:FP_API,DH
+ DSA_free                                209	EXIST::FUNCTION:DSA
+ DSA_generate_key                        210	EXIST::FUNCTION:DSA
+ DSA_generate_parameters                 211	EXIST::FUNCTION:DSA
+@@ -301,8 +301,8 @@
+ EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
+ EVP_des_ofb                             310	EXIST::FUNCTION:DES
+ EVP_desx_cbc                            311	EXIST::FUNCTION:DES
+-EVP_dss                                 312	EXIST::FUNCTION:DSA,SHA
+-EVP_dss1                                313	EXIST::FUNCTION:DSA,SHA
++EVP_dss                                 312	EXIST::FUNCTION:SHA,DSA
++EVP_dss1                                313	EXIST::FUNCTION:SHA,DSA
+ EVP_enc_null                            314	EXIST::FUNCTION:
+ EVP_get_cipherbyname                    315	EXIST::FUNCTION:
+ EVP_get_digestbyname                    316	EXIST::FUNCTION:
+@@ -478,7 +478,7 @@
+ RSA_new                                 486	EXIST::FUNCTION:RSA
+ RSA_new_method                          487	EXIST::FUNCTION:RSA
+ RSA_print                               488	EXIST::FUNCTION:RSA
+-RSA_print_fp                            489	EXIST::FUNCTION:RSA,FP_API
++RSA_print_fp                            489	EXIST::FUNCTION:FP_API,RSA
+ RSA_private_decrypt                     490	EXIST::FUNCTION:RSA
+ RSA_private_encrypt                     491	EXIST::FUNCTION:RSA
+ RSA_public_decrypt                      492	EXIST::FUNCTION:RSA
+@@ -742,7 +742,7 @@
+ d2i_PublicKey                           749	EXIST::FUNCTION:
+ d2i_RSAPrivateKey                       750	EXIST::FUNCTION:RSA
+ d2i_RSAPrivateKey_bio                   751	EXIST::FUNCTION:RSA
+-d2i_RSAPrivateKey_fp                    752	EXIST::FUNCTION:RSA,FP_API
++d2i_RSAPrivateKey_fp                    752	EXIST::FUNCTION:FP_API,RSA
+ d2i_RSAPublicKey                        753	EXIST::FUNCTION:RSA
+ d2i_X509                                754	EXIST::FUNCTION:
+ d2i_X509_ALGOR                          755	EXIST::FUNCTION:
+@@ -844,7 +844,7 @@
+ i2d_PublicKey                           852	EXIST::FUNCTION:
+ i2d_RSAPrivateKey                       853	EXIST::FUNCTION:RSA
+ i2d_RSAPrivateKey_bio                   854	EXIST::FUNCTION:RSA
+-i2d_RSAPrivateKey_fp                    855	EXIST::FUNCTION:RSA,FP_API
++i2d_RSAPrivateKey_fp                    855	EXIST::FUNCTION:FP_API,RSA
+ i2d_RSAPublicKey                        856	EXIST::FUNCTION:RSA
+ i2d_X509                                857	EXIST::FUNCTION:
+ i2d_X509_ALGOR                          858	EXIST::FUNCTION:
+@@ -933,8 +933,8 @@
+ i2d_RSAPublicKey_bio                    946	EXIST::FUNCTION:RSA
+ PEM_read_RSAPublicKey                   947	EXIST:!WIN16:FUNCTION:RSA
+ PEM_write_RSAPublicKey                  949	EXIST:!WIN16:FUNCTION:RSA
+-d2i_RSAPublicKey_fp                     952	EXIST::FUNCTION:RSA,FP_API
+-i2d_RSAPublicKey_fp                     954	EXIST::FUNCTION:RSA,FP_API
++d2i_RSAPublicKey_fp                     952	EXIST::FUNCTION:FP_API,RSA
++i2d_RSAPublicKey_fp                     954	EXIST::FUNCTION:FP_API,RSA
+ BIO_copy_next_retry                     955	EXIST::FUNCTION:
+ RSA_flags                               956	EXIST::FUNCTION:RSA
+ X509_STORE_add_crl                      957	EXIST::FUNCTION:
+@@ -1212,7 +1212,7 @@
+ str_dup                                 1240	NOEXIST::FUNCTION:
+ i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+ i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+-BIO_s_log                               1243	EXIST:!WIN32,!WIN16,!macintosh:FUNCTION:
++BIO_s_log                               1243	EXIST:!WIN16,!WIN32,!macintosh:FUNCTION:
+ BIO_f_reliable                          1244	EXIST::FUNCTION:
+ PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+ PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+@@ -1535,7 +1535,7 @@
+ ASN1_STRING_set_def_mask_asc            1960	EXIST:VMS:FUNCTION:
+ PEM_write_bio_RSA_PUBKEY                1961	EXIST::FUNCTION:RSA
+ ASN1_INTEGER_cmp                        1963	EXIST::FUNCTION:
+-d2i_RSA_PUBKEY_fp                       1964	EXIST::FUNCTION:RSA,FP_API
++d2i_RSA_PUBKEY_fp                       1964	EXIST::FUNCTION:FP_API,RSA
+ X509_trust_set_bit_asc                  1967	NOEXIST::FUNCTION:
+ PEM_write_bio_DSA_PUBKEY                1968	EXIST::FUNCTION:
+ X509_STORE_CTX_free                     1969	EXIST::FUNCTION:
+@@ -1638,7 +1638,7 @@
+ X509_TRUST_get_count                    2110	EXIST::FUNCTION:
+ ASN1_INTEGER_free                       2111	EXIST::FUNCTION:
+ OTHERNAME_free                          2112	EXIST::FUNCTION:
+-i2d_RSA_PUBKEY_fp                       2113	EXIST::FUNCTION:RSA,FP_API
++i2d_RSA_PUBKEY_fp                       2113	EXIST::FUNCTION:FP_API,RSA
+ ASN1_INTEGER_dup                        2114	EXIST::FUNCTION:
+ d2i_X509_CERT_AUX                       2115	EXIST::FUNCTION:
+ PEM_write_bio_PUBKEY                    2117	EXIST::FUNCTION:
+@@ -1873,3 +1873,64 @@
+ BN_bntest_rand                          2464	EXIST::FUNCTION:
+ OPENSSL_issetugid                       2465	EXIST::FUNCTION:
+ BN_rand_range                           2466	EXIST::FUNCTION:
++ERR_load_ENGINE_strings                 2467	NOEXIST::FUNCTION:
++ENGINE_set_DSA                          2468	NOEXIST::FUNCTION:
++ENGINE_get_finish_function              2469	NOEXIST::FUNCTION:
++ENGINE_get_default_RSA                  2470	NOEXIST::FUNCTION:
++ENGINE_get_BN_mod_exp                   2471	NOEXIST::FUNCTION:
++DSA_get_default_openssl_method          2472	NOEXIST::FUNCTION:
++ENGINE_set_DH                           2473	NOEXIST::FUNCTION:
++ENGINE_set_def_BN_mod_exp_crt           2474	NOEXIST::FUNCTION:
++ENGINE_set_default_BN_mod_exp_crt       2474	NOEXIST::FUNCTION:
++ENGINE_init                             2475	NOEXIST::FUNCTION:
++DH_get_default_openssl_method           2476	NOEXIST::FUNCTION:
++RSA_set_default_openssl_method          2477	NOEXIST::FUNCTION:
++ENGINE_finish                           2478	NOEXIST::FUNCTION:
++ENGINE_load_public_key                  2479	NOEXIST::FUNCTION:
++ENGINE_get_DH                           2480	NOEXIST::FUNCTION:
++ENGINE_ctrl                             2481	NOEXIST::FUNCTION:
++ENGINE_get_init_function                2482	NOEXIST::FUNCTION:
++ENGINE_set_init_function                2483	NOEXIST::FUNCTION:
++ENGINE_set_default_DSA                  2484	NOEXIST::FUNCTION:
++ENGINE_get_name                         2485	NOEXIST::FUNCTION:
++ENGINE_get_last                         2486	NOEXIST::FUNCTION:
++ENGINE_get_prev                         2487	NOEXIST::FUNCTION:
++ENGINE_get_default_DH                   2488	NOEXIST::FUNCTION:
++ENGINE_get_RSA                          2489	NOEXIST::FUNCTION:
++ENGINE_set_default                      2490	NOEXIST::FUNCTION:
++ENGINE_get_RAND                         2491	NOEXIST::FUNCTION:
++ENGINE_get_first                        2492	NOEXIST::FUNCTION:
++ENGINE_by_id                            2493	NOEXIST::FUNCTION:
++ENGINE_set_finish_function              2494	NOEXIST::FUNCTION:
++ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
++ENGINE_get_def_BN_mod_exp_crt           2495	NOEXIST::FUNCTION:
++RSA_get_default_openssl_method          2496	NOEXIST::FUNCTION:
++ENGINE_set_RSA                          2497	NOEXIST::FUNCTION:
++ENGINE_load_private_key                 2498	NOEXIST::FUNCTION:
++ENGINE_set_default_RAND                 2499	NOEXIST::FUNCTION:
++ENGINE_set_BN_mod_exp                   2500	NOEXIST::FUNCTION:
++ENGINE_remove                           2501	NOEXIST::FUNCTION:
++ENGINE_free                             2502	NOEXIST::FUNCTION:
++ENGINE_get_BN_mod_exp_crt               2503	NOEXIST::FUNCTION:
++ENGINE_get_next                         2504	NOEXIST::FUNCTION:
++ENGINE_set_name                         2505	NOEXIST::FUNCTION:
++ENGINE_get_default_DSA                  2506	NOEXIST::FUNCTION:
++ENGINE_set_default_BN_mod_exp           2507	NOEXIST::FUNCTION:
++ENGINE_set_default_RSA                  2508	NOEXIST::FUNCTION:
++ENGINE_get_default_RAND                 2509	NOEXIST::FUNCTION:
++ENGINE_get_default_BN_mod_exp           2510	NOEXIST::FUNCTION:
++ENGINE_set_RAND                         2511	NOEXIST::FUNCTION:
++ENGINE_set_id                           2512	NOEXIST::FUNCTION:
++ENGINE_set_BN_mod_exp_crt               2513	NOEXIST::FUNCTION:
++ENGINE_set_default_DH                   2514	NOEXIST::FUNCTION:
++ENGINE_new                              2515	NOEXIST::FUNCTION:
++ENGINE_get_id                           2516	NOEXIST::FUNCTION:
++DSA_set_default_openssl_method          2517	NOEXIST::FUNCTION:
++ENGINE_add                              2518	NOEXIST::FUNCTION:
++DH_set_default_openssl_method           2519	NOEXIST::FUNCTION:
++ENGINE_get_DSA                          2520	NOEXIST::FUNCTION:
++ENGINE_get_ctrl_function                2521	NOEXIST::FUNCTION:
++ENGINE_set_ctrl_function                2522	NOEXIST::FUNCTION:
++BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
++X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
++ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
+Index: crypto/openssl/util/mk1mf.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/util/mk1mf.pl,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 mk1mf.pl
+--- crypto/openssl/util/mk1mf.pl	26 Nov 2000 11:34:20 -0000	1.1.1.1.2.2
++++ crypto/openssl/util/mk1mf.pl	31 Jul 2002 00:47:05 -0000
+@@ -98,7 +98,7 @@
+ $inc_def="outinc";
+ $tmp_def="tmp";
+ 
+-$mkdir="mkdir";
++$mkdir="-mkdir";
+ 
+ ($ssl,$crypto)=("ssl","crypto");
+ $RSAglue="RSAglue";
+Index: crypto/openssl/util/mkdef.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/util/mkdef.pl,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 mkdef.pl
+--- crypto/openssl/util/mkdef.pl	4 Jul 2001 23:19:49 -0000	1.1.1.1.2.3
++++ crypto/openssl/util/mkdef.pl	31 Jul 2002 00:47:05 -0000
+@@ -293,8 +293,10 @@
+ 			TRUE		=> 1,
+ 		);
+ 		my $symhacking = $file eq $symhacksfile;
++		my $begin_error_codes = 0;
+ 		while(<IN>) {
+-			last if (/BEGIN ERROR CODES/);
++			$begin_error_codes = 1 if (/BEGIN ERROR CODES/);
++			last if ($begin_error_codes && /Error codes for /);
+ 			if ($line ne '') {
+ 				$_ = $line . $_;
+ 				$line = '';
+Index: crypto/openssl/util/mkerr.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/util/mkerr.pl,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 mkerr.pl
+--- crypto/openssl/util/mkerr.pl	26 Nov 2000 11:34:20 -0000	1.1.1.1.2.2
++++ crypto/openssl/util/mkerr.pl	31 Jul 2002 00:47:05 -0000
+@@ -53,6 +53,7 @@
+ {
+ 	if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
+ 		$hinc{$1} = $2;
++		$libinc{$2} = $1;
+ 		$cskip{$3} = $1;
+ 		if($3 ne "NONE") {
+ 			$csrc{$1} = $3;
+@@ -74,7 +75,7 @@
+ # Scan each header file in turn and make a list of error codes
+ # and function names
+ 
+-while (($lib, $hdr) = each %hinc)
++while (($hdr, $lib) = each %libinc)
+ {
+ 	next if($hdr eq "NONE");
+ 	print STDERR "Scanning header file $hdr\n" if $debug; 
+@@ -257,6 +258,7 @@
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+  */
++void ERR_load_${lib}_strings(void);
+ 
+ /* Error codes for the $lib functions. */
+ 
+@@ -288,7 +290,6 @@
+ }
+ #endif
+ #endif
+-
+ EOF
+ 	close OUT;
+ 
+Index: crypto/openssl/util/pod2man.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/util/pod2man.pl,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 pod2man.pl
+--- crypto/openssl/util/pod2man.pl	4 Jul 2001 23:19:50 -0000	1.1.1.1.2.2
++++ crypto/openssl/util/pod2man.pl	31 Jul 2002 00:47:05 -0000
+@@ -416,8 +416,8 @@
+ 			warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
+ 		    }
+ 		    else {
+-			$n[0] =~ s/\n/ /;
+-			$n[1] =~ s/\n/ /;
++			$n[0] =~ s/\n/ /g;
++			$n[1] =~ s/\n/ /g;
+ 			%namedesc = @n;
+ 		    }
+ 		}
+Index: crypto/openssl/util/pod2mantest
+===================================================================
+RCS file: crypto/openssl/util/pod2mantest
+diff -N crypto/openssl/util/pod2mantest
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/util/pod2mantest	31 Jul 2002 00:47:05 -0000
+@@ -0,0 +1,53 @@
++#!/bin/sh
++
++# This script is used by test/Makefile.ssl to check whether a sane 'pod2man'
++# is installed.
++# ('make install' should not try to run 'pod2man' if it does not exist or if
++# it is a broken 'pod2man' version that is known to cause trouble. if we find
++# the system 'pod2man' to be broken, we use our own copy instead)
++#
++# In any case, output an appropriate command line for running (or not
++# running) pod2man.
++
++
++IFS=:
++try_without_dir=false
++# First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
++for dir in dummy:$PATH; do
++    if [ "$try_without_dir" = true ]; then
++      # first iteration
++      pod2man=pod2man
++      try_without_dir=false
++    else
++      # second and later iterations
++      pod2man="$dir/pod2man"
++      if [ ! -f "$pod2man" ]; then  # '-x' is not available on Ultrix
++        pod2man=''
++      fi
++    fi
++
++    if [ ! "$pod2man" = '' ]; then
++        failure=none
++
++
++	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then
++	    failure=MultilineTest
++	fi
++
++
++        if [ "$failure" = none ]; then
++            echo "$pod2man"
++            exit 0
++        fi
++
++        echo "$pod2man does not work properly ('$failure' failed).  Looking for another pod2man ..." >&2
++    fi
++done
++
++echo "No working pod2man found.  Consider installing a new version." >&2
++if [ "$1" = ignore ]; then
++  echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
++  echo "../../util/pod2man.pl"
++  exit 0
++fi
++exit 1
+Index: crypto/openssl/util/pod2mantest.pod
+===================================================================
+RCS file: crypto/openssl/util/pod2mantest.pod
+diff -N crypto/openssl/util/pod2mantest.pod
+--- /dev/null	1 Jan 1970 00:00:00 -0000
++++ crypto/openssl/util/pod2mantest.pod	31 Jul 2002 00:47:05 -0000
+@@ -0,0 +1,15 @@
++=pod
++
++=head1 NAME
++
++foo, bar,
++MARKER - test of multiline name section
++
++=head1 DESCRIPTION
++
++This is a test .pod file to see if we have a buggy pod2man or not.
++If we have a buggy implementation, we will get a line matching the
++regular expression "^ +MARKER - test of multiline name section *$"
++at the end of the resulting document.
++
++=cut
+Index: crypto/openssl/util/selftest.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/util/selftest.pl,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 selftest.pl
+--- crypto/openssl/util/selftest.pl	26 Nov 2000 11:34:20 -0000	1.1.1.1.2.2
++++ crypto/openssl/util/selftest.pl	31 Jul 2002 00:47:05 -0000
+@@ -57,7 +57,7 @@
+ 
+ if (open(IN,"<CHANGES")) {
+     while(<IN>) {
+-	if (/\*\) (.{0,55})/) {
++	if (/\*\) (.{0,55})/ && !/applies to/) {
+ 	    $last=$1;
+ 	    last;
+ 	}
+Index: crypto/openssl/util/sep_lib.sh
+===================================================================
+RCS file: crypto/openssl/util/sep_lib.sh
+diff -N crypto/openssl/util/sep_lib.sh
+--- crypto/openssl/util/sep_lib.sh	10 Jan 2000 06:22:05 -0000	1.1.1.1
++++ /dev/null	1 Jan 1970 00:00:00 -0000
+@@ -1,34 +0,0 @@
+-#!/bin/sh
+-
+-cwd=`pwd`
+-/bin/rm -fr tmp/*
+-
+-cd crypto/des
+-make -f Makefile.uni tar
+-make -f Makefile.uni tar_lit
+-/bin/mv libdes.tgz $cwd/tmp
+-/bin/mv libdes-l.tgz $cwd/tmp
+-cd $cwd
+-
+-for name in md5 sha cast bf idea rc4 rc2
+-do
+-	echo doing $name
+-	(cd crypto; tar cfh - $name)|(cd tmp; tar xf -)
+-	cd tmp/$name
+-	/bin/rm -f Makefile
+-	/bin/rm -f Makefile.ssl
+-	/bin/rm -f Makefile.ssl.orig
+-	/bin/rm -f *.old
+-	/bin/mv Makefile.uni Makefile
+-
+-	if [ -d asm ]; then
+-		mkdir asm/perlasm
+-		cp $cwd/crypto/perlasm/*.pl asm/perlasm
+-	fi
+-	cd ..
+-	tar cf - $name|gzip >$name.tgz
+-#	/bin/rm -fr $name
+-	cd $cwd
+-done
+-
+-
+Index: crypto/openssl/util/ssleay.num
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/util/ssleay.num,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 ssleay.num
+--- crypto/openssl/util/ssleay.num	26 Nov 2000 11:34:20 -0000	1.1.1.1.2.2
++++ crypto/openssl/util/ssleay.num	31 Jul 2002 00:47:05 -0000
+@@ -193,3 +193,5 @@
+ SSL_CTX_callback_ctrl                   243	EXIST::FUNCTION:
+ SSL_callback_ctrl                       244	EXIST::FUNCTION:
+ SSL_CTX_sessions                        245	EXIST::FUNCTION:
++SSL_get_rfd                             246	EXIST::FUNCTION:
++SSL_get_wfd                             247	EXIST::FUNCTION:
+cvs diff: Diffing crypto/openssl/util/pl
+Index: crypto/openssl/util/pl/BC-32.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/util/pl/BC-32.pl,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 BC-32.pl
+--- crypto/openssl/util/pl/BC-32.pl	26 Nov 2000 11:34:21 -0000	1.1.1.1.2.2
++++ crypto/openssl/util/pl/BC-32.pl	31 Jul 2002 00:47:05 -0000
+@@ -65,24 +65,24 @@
+ 
+ if (!$no_asm)
+ 	{
+-	$bn_mulw_obj='crypto\bn\asm\bn-win32.obj';
+-	$bn_mulw_src='crypto\bn\asm\bn-win32.asm';
+-	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
+-	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
+-	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
+-	$bf_enc_src='crypto\bf\asm\b-win32.asm';
+-	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
+-	$cast_enc_src='crypto\cast\asm\c-win32.asm';
+-	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
+-	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
+-	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
+-	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
+-	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
+-	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
+-	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
+-	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
+-	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
+-	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
++	$bn_mulw_obj='crypto\bn\asm\bn_win32.obj';
++	$bn_mulw_src='crypto\bn\asm\bn_win32.asm';
++	$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
++	$des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
++	$bf_enc_obj='crypto\bf\asm\b_win32.obj';
++	$bf_enc_src='crypto\bf\asm\b_win32.asm';
++	$cast_enc_obj='crypto\cast\asm\c_win32.obj';
++	$cast_enc_src='crypto\cast\asm\c_win32.asm';
++	$rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
++	$rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
++	$rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
++	$rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
++	$md5_asm_obj='crypto\md5\asm\m5_win32.obj';
++	$md5_asm_src='crypto\md5\asm\m5_win32.asm';
++	$sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
++	$sha1_asm_src='crypto\sha\asm\s1_win32.asm';
++	$rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
++	$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
+ 	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+ 	}
+ 
+Index: crypto/openssl/util/pl/VC-32.pl
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/util/pl/VC-32.pl,v
+retrieving revision 1.1.1.1.2.2
+diff -u -r1.1.1.1.2.2 VC-32.pl
+--- crypto/openssl/util/pl/VC-32.pl	26 Nov 2000 11:34:21 -0000	1.1.1.1.2.2
++++ crypto/openssl/util/pl/VC-32.pl	31 Jul 2002 00:47:05 -0000
+@@ -67,24 +67,24 @@
+ 
+ if (!$no_asm)
+ 	{
+-	$bn_asm_obj='crypto\bn\asm\bn-win32.obj';
+-	$bn_asm_src='crypto\bn\asm\bn-win32.asm';
+-	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
+-	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
+-	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
+-	$bf_enc_src='crypto\bf\asm\b-win32.asm';
+-	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
+-	$cast_enc_src='crypto\cast\asm\c-win32.asm';
+-	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
+-	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
+-	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
+-	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
+-	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
+-	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
+-	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
+-	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
+-	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
+-	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
++	$bn_asm_obj='crypto\bn\asm\bn_win32.obj';
++	$bn_asm_src='crypto\bn\asm\bn_win32.asm';
++	$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
++	$des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
++	$bf_enc_obj='crypto\bf\asm\b_win32.obj';
++	$bf_enc_src='crypto\bf\asm\b_win32.asm';
++	$cast_enc_obj='crypto\cast\asm\c_win32.obj';
++	$cast_enc_src='crypto\cast\asm\c_win32.asm';
++	$rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
++	$rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
++	$rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
++	$rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
++	$md5_asm_obj='crypto\md5\asm\m5_win32.obj';
++	$md5_asm_src='crypto\md5\asm\m5_win32.asm';
++	$sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
++	$sha1_asm_src='crypto\sha\asm\s1_win32.asm';
++	$rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
++	$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
+ 	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+ 	}
+ 
+cvs diff: Diffing secure/lib/libcrypto
+Index: secure/lib/libcrypto/Makefile
+===================================================================
+RCS file: /home/ncvs/src/secure/lib/libcrypto/Makefile,v
+retrieving revision 1.15.2.11
+diff -u -r1.15.2.11 Makefile
+--- secure/lib/libcrypto/Makefile	4 Jul 2001 23:24:41 -0000	1.15.2.11
++++ secure/lib/libcrypto/Makefile	31 Jul 2002 02:20:37 -0000
+@@ -235,7 +235,7 @@
+ 	v3_sxnet.c v3_utl.c v3err.c
+ 
+ POD1+=	apps/CA.pl.pod apps/asn1parse.pod apps/ca.pod \
+-	apps/ciphers.pod apps/config.pod apps/crl.pod \
++	apps/ciphers.pod apps/crl.pod \
+ 	apps/crl2pkcs7.pod apps/dgst.pod apps/dhparam.pod apps/dsa.pod \
+ 	apps/dsaparam.pod apps/enc.pod apps/gendsa.pod apps/genrsa.pod \
+ 	apps/nseq.pod apps/openssl.pod apps/passwd.pod apps/pkcs12.pod \
+@@ -307,37 +307,48 @@
+ 	ssl/SSL_CTX_free.pod ssl/SSL_CTX_get_ex_new_index.pod \
+ 	ssl/SSL_CTX_get_verify_mode.pod \
+ 	ssl/SSL_CTX_load_verify_locations.pod ssl/SSL_CTX_new.pod \
+-	ssl/SSL_CTX_sess_set_cache_size.pod \
+-	ssl/SSL_CTX_sess_set_get_cb.pod ssl/SSL_CTX_sessions.pod \
+-	ssl/SSL_CTX_set_cipher_list.pod \
++	ssl/SSL_CTX_sess_set_cache_size.pod ssl/SSL_CTX_sess_set_get_cb.pod \
++	ssl/SSL_CTX_sessions.pod ssl/SSL_CTX_set_cipher_list.pod \
+ 	ssl/SSL_CTX_set_client_CA_list.pod \
+-	ssl/SSL_CTX_set_default_passwd_cb.pod \
+-	ssl/SSL_CTX_set_options.pod \
++	ssl/SSL_CTX_set_client_cert_cb.pod \
++	ssl/SSL_CTX_set_default_passwd_cb.pod ssl/SSL_CTX_set_options.pod\
+ 	ssl/SSL_CTX_set_session_cache_mode.pod \
+ 	ssl/SSL_CTX_set_session_id_context.pod \
+-	ssl/SSL_CTX_set_ssl_version.pod ssl/SSL_CTX_set_timeout.pod \
+-	ssl/SSL_CTX_set_verify.pod ssl/SSL_CTX_use_certificate.pod \
+-	ssl/SSL_SESSION_free.pod ssl/SSL_SESSION_get_ex_new_index.pod \
+-	ssl/SSL_SESSION_get_time.pod ssl/SSL_accept.pod \
+-	ssl/SSL_clear.pod ssl/SSL_connect.pod ssl/SSL_free.pod \
+-	ssl/SSL_get_ciphers.pod ssl/SSL_get_client_CA_list.pod \
+-	ssl/SSL_get_current_cipher.pod ssl/SSL_get_error.pod \
+-	ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod \
++	ssl/SSL_CTX_set_ssl_version.pod \
++	ssl/SSL_CTX_set_timeout.pod ssl/SSL_CTX_set_verify.pod \
++	ssl/SSL_CTX_use_certificate.pod ssl/SSL_SESSION_free.pod \
++	ssl/SSL_SESSION_get_ex_new_index.pod \
++	ssl/SSL_SESSION_get_time.pod \
++	ssl/SSL_accept.pod ssl/SSL_clear.pod ssl/SSL_connect.pod \
++	ssl/SSL_do_handshake.pod \
++	ssl/SSL_free.pod ssl/SSL_get_ciphers.pod \
++	ssl/SSL_get_client_CA_list.pod ssl/SSL_get_current_cipher.pod \
++	ssl/SSL_get_error.pod ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod \
+ 	ssl/SSL_get_ex_new_index.pod ssl/SSL_get_fd.pod \
+-	ssl/SSL_get_peer_cert_chain.pod \
+-	ssl/SSL_get_peer_certificate.pod ssl/SSL_get_rbio.pod \
+-	ssl/SSL_get_session.pod ssl/SSL_get_verify_result.pod \
+-	ssl/SSL_library_init.pod ssl/SSL_load_client_CA_file.pod \
+-	ssl/SSL_new.pod ssl/SSL_pending.pod ssl/SSL_read.pod \
+-	ssl/SSL_set_bio.pod ssl/SSL_set_fd.pod ssl/SSL_set_session.pod \
+-	ssl/SSL_set_verify_result.pod ssl/SSL_shutdown.pod \
+-	ssl/SSL_write.pod ssl/d2i_SSL_SESSION.pod ssl/ssl.pod \
+-	ssl/SSL_CTX_sess_number.pod ssl/SSL_CTX_set_mode.pod \
++	ssl/SSL_get_peer_cert_chain.pod ssl/SSL_get_peer_certificate.pod \
++	ssl/SSL_get_rbio.pod ssl/SSL_get_session.pod \
++	ssl/SSL_get_verify_result.pod ssl/SSL_library_init.pod \
++	ssl/SSL_load_client_CA_file.pod ssl/SSL_new.pod ssl/SSL_pending.pod \
++	ssl/SSL_read.pod ssl/SSL_set_bio.pod ssl/SSL_set_fd.pod \
++	ssl/SSL_set_session.pod ssl/SSL_set_verify_result.pod \
++	ssl/SSL_shutdown.pod ssl/SSL_write.pod ssl/d2i_SSL_SESSION.pod \
++	ssl/ssl.pod ssl/SSL_CTX_sess_number.pod ssl/SSL_CTX_set_mode.pod \
+ 	ssl/SSL_get_version.pod ssl/SSL_set_connect_state.pod \
+-	ssl/SSL_set_shutdown.pod
++	ssl/SSL_set_shutdown.pod ssl/SSL_alert_type_string.pod \
++	ssl/SSL_COMP_add_compression_method.pod ssl/SSL_CTX_ctrl.pod \
++	ssl/SSL_CTX_set_cert_store.pod \
++	ssl/SSL_CTX_set_cert_verify_callback.pod \
++	ssl/SSL_CTX_set_info_callback.pod ssl/SSL_CTX_set_quiet_shutdown.pod \
++	ssl/SSL_CTX_set_tmp_dh_callback.pod \
++	ssl/SSL_CTX_set_tmp_rsa_callback.pod ssl/SSL_get_default_timeout.pod \
++	ssl/SSL_get_SSL_CTX.pod ssl/SSL_rstate_string.pod \
++	ssl/SSL_session_reused.pod ssl/SSL_state_string.pod \
++	ssl/SSL_want.pod
++
++POD5+=	apps/config.pod
+ 
+ .if defined(WANT_OPENSSL_MANPAGES)
+-.for section in 1 3
++.for section in 1 3 5
+ .for pod in ${POD${section}}
+ .for target in ${pod:T:S/.pod/.${section}/g}
+ MAN+= ${target}
+Index: secure/lib/libcrypto/des_crypt.3
+===================================================================
+RCS file: /home/ncvs/src/secure/lib/libcrypto/des_crypt.3,v
+retrieving revision 1.1.1.2
+diff -u -r1.1.1.2 des_crypt.3
+--- secure/lib/libcrypto/des_crypt.3	4 Sep 1999 12:45:35 -0000	1.1.1.2
++++ secure/lib/libcrypto/des_crypt.3	31 Jul 2002 00:47:06 -0000
+@@ -1,3 +1,4 @@
++.\" $FreeBSD: src/secure/lib/libcrypto/des_crypt.3,v 1.1.1.2.2.1 2002/07/30 22:06:11 nectar Exp $
+ .TH DES_CRYPT 3 
+ .SH NAME
+ des_read_password, des_read_2password,
+@@ -13,7 +14,7 @@
+ .nf
+ .nj
+ .ft B
+-#include <des.h>
++#include <openssl/des.h>
+ .PP
+ .B int des_read_password(key,prompt,verify)
+ des_cblock *key;
+@@ -461,9 +462,9 @@
+ It is much faster than the system crypt.
+ .PP
+ .SH FILES
+-/usr/include/des.h
++/usr/include/openssl/des.h
+ .br
+-/usr/lib/libdes.a
++/usr/lib/libcrypto.a
+ .PP
+ The encryption routines have been tested on 16bit, 32bit and 64bit
+ machines of various endian and even works under VMS.
+Index: secure/lib/libcrypto/opensslconf-alpha.h
+===================================================================
+RCS file: /home/ncvs/src/secure/lib/libcrypto/opensslconf-alpha.h,v
+retrieving revision 1.1.2.2
+diff -u -r1.1.2.2 opensslconf-alpha.h
+--- secure/lib/libcrypto/opensslconf-alpha.h	4 Jul 2001 23:24:41 -0000	1.1.2.2
++++ secure/lib/libcrypto/opensslconf-alpha.h	31 Jul 2002 02:23:22 -0000
+@@ -2,13 +2,29 @@
+ 
+ /* crypto/opensslconf.h */
+ /* WARNING: This file is autogenerated by Configure */
++/* OpenSSL was configured with the following options: */
++#ifdef OPENSSL_ALGORITHM_DEFINES
++   /* no ciphers excluded */
++#endif
++#ifdef OPENSSL_THREAD_DEFINES
++# ifndef THREADS
++#  define THREADS
++# endif
++#endif
++#ifdef OPENSSL_OTHER_DEFINES
++# ifndef NO_ASM
++#  define NO_ASM
++# endif
++#endif
++
++/* crypto/opensslconf.h.in */
+ 
+ /* Generate 80386 code? */
+ #undef I386_ONLY
+ 
+ #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+-#define OPENSSLDIR "/usr/local/ssl"
++#define OPENSSLDIR "/etc/ssl"
+ #endif
+ #endif
+ 
+@@ -27,10 +43,24 @@
+ #define RC2_INT unsigned int
+ #endif
+ 
+-#if defined(HEADER_RC4_H) && !defined(RC4_INT)
++#if defined(HEADER_RC4_H)
++#if !defined(RC4_INT)
+ /* using int types make the structure larger but make the code faster
+  * on most boxes I have tested - up to %20 faster. */
++/*
++ * I don't know what does "most" mean, but declaring "int" is a must on:
++ * - Intel P6 because partial register stalls are very expensive;
++ * - elder Alpha because it lacks byte load/store instructions;
++ */
+ #define RC4_INT unsigned int
++#endif
++#if !defined(RC4_CHUNK)
++/*
++ * This enables code handling data aligned at natural CPU word
++ * boundary. See crypto/rc4/rc4_enc.c for further details.
++ */
++#undef RC4_CHUNK
++#endif
+ #endif
+ 
+ #if defined(HEADER_DES_H) && !defined(DES_LONG)
diff --git a/share/security/patches/SA-02:33/openssl.patch.asc b/share/security/patches/SA-02:33/openssl.patch.asc
new file mode 100644
index 0000000000..92c6d42f46
--- /dev/null
+++ b/share/security/patches/SA-02:33/openssl.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPU6D41UuHi5z0oilAQHHNgP/Y4R23cUrrj+BauhzUK8q9BTtnHSzVvxk
+LY72rVVxBwbvL9qvtxXORwIoFIIDRBWeXaY9y18evCm5FzH80c13kIKpQQu/5q90
+eHqD/Zcyhvk6wT1AUAK7bKhU5/0EDzMppikJ5+5swOIgCZhXepPVaP2vhurl8y4n
+vB6LoABDjmQ=
+=CBux
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:33/openssl2.patch b/share/security/patches/SA-02:33/openssl2.patch
new file mode 100644
index 0000000000..e6fb17682b
--- /dev/null
+++ b/share/security/patches/SA-02:33/openssl2.patch
@@ -0,0 +1,11 @@
+--- crypto/openssl/crypto/asn1/asn1_lib.c	31 Jul 2002 02:54:42 -0000
++++ crypto/openssl/crypto/asn1/asn1_lib.c	2 Aug 2002 17:44:42 -0000
+@@ -124,7 +124,7 @@
+ 		(int)(omax+ *pp));
+ 
+ #endif
+-	if (*plength > (omax - (*pp - p)))
++	if (*plength > (omax - (p - *pp)))
+ 		{
+ 		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+ 		/* Set this so that even if things are not long enough
diff --git a/share/security/patches/SA-02:33/openssl2.patch.asc b/share/security/patches/SA-02:33/openssl2.patch.asc
new file mode 100644
index 0000000000..724db1983d
--- /dev/null
+++ b/share/security/patches/SA-02:33/openssl2.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPU6EElUuHi5z0oilAQFYjwP9Ezxd4UuY7dmHMaxrylaLsp9U0ZKzG8bg
+n72Y3MSUZb0rXr/LOfSHJkki2aIloSFS/qd5/T4jkaNAVIQn5tF0rzUpAbn4WATS
+ePnblgdDetJMsLIuPCZ31Bdtgzd6GMJva2/09y7XJyGOgZia3Kw3tKJPn+qcDtVm
+aOTxr44iIFg=
+=ff6N
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:34/rpc.patch b/share/security/patches/SA-02:34/rpc.patch
new file mode 100644
index 0000000000..77016bbd27
--- /dev/null
+++ b/share/security/patches/SA-02:34/rpc.patch
@@ -0,0 +1,34 @@
+--- lib/libc/xdr/xdr_array.c:1.8	Fri Aug 27 19:02:55 1999
++++ lib/libc/xdr/xdr_array.c	Wed Jul 31 10:11:59 2002
+@@ -42,6 +42,7 @@
+  * arrays.  See xdr.h for more info on the interface to xdr.
+  */
+ 
++#include <limits.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -73,11 +74,12 @@
+ 	register u_int nodesize;
+ 
+ 	/* like strings, arrays are really counted arrays */
+-	if (! xdr_u_int(xdrs, sizep)) {
++	if (!xdr_u_int(xdrs, sizep)) {
+ 		return (FALSE);
+ 	}
+ 	c = *sizep;
+-	if ((c > maxsize) && (xdrs->x_op != XDR_FREE)) {
++	if ((c > maxsize || UINT_MAX/elsize < c) &&
++	    (xdrs->x_op != XDR_FREE)) {
+ 		return (FALSE);
+ 	}
+ 	nodesize = c * elsize;
+@@ -145,7 +147,7 @@
+ 
+ 	elptr = basep;
+ 	for (i = 0; i < nelem; i++) {
+-		if (! (*xdr_elem)(xdrs, elptr, LASTUNSIGNED)) {
++		if (!(*xdr_elem)(xdrs, elptr, LASTUNSIGNED)) {
+ 			return(FALSE);
+ 		}
+ 		elptr += elemsize;
diff --git a/share/security/patches/SA-02:34/rpc.patch.asc b/share/security/patches/SA-02:34/rpc.patch.asc
new file mode 100644
index 0000000000..aa257cc7f9
--- /dev/null
+++ b/share/security/patches/SA-02:34/rpc.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPUkj3VUuHi5z0oilAQFT6gP/cPwqLd2Q8Ubdq+vyDPD0MAkBZ8SnrGdb
+ji7z2v/FcRO5wxk5KBuDnF+ekgQCC0fiUjtWS+Vseb8sdyc9tdbEThy9MHqllAro
+lFj3CXxN/UVpbB2U0scuRohw2j0FAxO8x43YZaeCgLJQpdEYcf7+zllwRuvW8OFr
+7kG+YKC7Acg=
+=yJVY
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:35/ffs.patch b/share/security/patches/SA-02:35/ffs.patch
new file mode 100644
index 0000000000..81df50f7d1
--- /dev/null
+++ b/share/security/patches/SA-02:35/ffs.patch
@@ -0,0 +1,17 @@
+===================================================================
+RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_vfsops.c,v
+retrieving revision 1.117.2.9
+retrieving revision 1.117.2.10
+diff -u -p -r1.117.2.9 -r1.117.2.10
+--- sys/ufs/ffs/ffs_vfsops.c	2002/04/08 09:39:30	1.117.2.9
++++ sys/ufs/ffs/ffs_vfsops.c	2002/06/23 22:34:52	1.117.2.10
+@@ -758,6 +758,9 @@ ffs_mountfs(devvp, mp, p, malloctype)
+ 
+ 	ump->um_savedmaxfilesize = fs->fs_maxfilesize;		/* XXX */
+ 	maxfilesize = (u_int64_t)0x40000000 * fs->fs_bsize - 1;	/* XXX */
++	/* Enforce limit caused by vm object backing (32 bits vm_pindex_t). */
++	if (maxfilesize > (u_int64_t)0x80000000u * PAGE_SIZE - 1)
++		maxfilesize = (u_int64_t)0x80000000u * PAGE_SIZE - 1;
+ 	if (fs->fs_maxfilesize > maxfilesize)			/* XXX */
+ 		fs->fs_maxfilesize = maxfilesize;		/* XXX */
+ 	if (ronly == 0) {
diff --git a/share/security/patches/SA-02:35/ffs.patch.asc b/share/security/patches/SA-02:35/ffs.patch.asc
new file mode 100644
index 0000000000..95cd2db375
--- /dev/null
+++ b/share/security/patches/SA-02:35/ffs.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPUg0blUuHi5z0oilAQG26AP+L5iC2xiu0wIVPI/+rIVXvmPkfwAuHqWH
+iMUjKSgs3dHAH61VaT4Ax/ytoF9MTOZmgV4CtOBvb/mETTh0l6m+U062/JuRIioH
+yJD2cWqkO31BYGJTMFV6bO+xfIYuBgkV+gRpgdozC3Vx2MTeA5JmIlH1+2YQaCly
+zx0XrpwOGUU=
+=ZW4Y
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:36/nfs.patch b/share/security/patches/SA-02:36/nfs.patch
new file mode 100644
index 0000000000..b118eb0719
--- /dev/null
+++ b/share/security/patches/SA-02:36/nfs.patch
@@ -0,0 +1,23 @@
+--- sys/nfs/nfs_socket.c	Thu Apr 25 19:46:07 2002
++++ sys/nfs/nfs_socket.c	Thu Aug  1 14:31:55 2002
+@@ -2154,7 +2154,7 @@
+ 	register struct mbuf *m, **mpp;
+ 	register char *cp1, *cp2;
+ 	register int len;
+-	struct mbuf *om, *m2, *recm = NULL;
++	struct mbuf *om, *m2, *recm;
+ 	u_int32_t recmark;
+ 
+ 	if (slp->ns_flag & SLP_GETSTREAM)
+@@ -2199,7 +2199,11 @@
+ 
+ 	    /*
+ 	     * Now get the record part.
++	     *
++	     * Note that slp->ns_reclen may be 0.  Linux sometimes
++	     * generates 0-length RPCs
+ 	     */
++	    recm = NULL;
+ 	    if (slp->ns_cc == slp->ns_reclen) {
+ 		recm = slp->ns_raw;
+ 		slp->ns_raw = slp->ns_rawend = (struct mbuf *)0;
diff --git a/share/security/patches/SA-02:36/nfs.patch.asc b/share/security/patches/SA-02:36/nfs.patch.asc
new file mode 100644
index 0000000000..f9837c62b4
--- /dev/null
+++ b/share/security/patches/SA-02:36/nfs.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPU5xN1UuHi5z0oilAQGl7gQAi8xF7DK1eDfN7BHMw806m7y4xTyQBEXJ
+orgmIJ1pkOP4UHAP5m+EgK3bwnRagNHDRxAdcijvROM7lnDsnGX9Ujkm541qSl2P
+xvTNgPK8lL4sBbAxx1BcfPeWHqsOcW7+auC86h0cHoHNObL15FD8YdaK9fdB+S32
+dwx20YIH29E=
+=pZFU
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:37/kqueue.patch b/share/security/patches/SA-02:37/kqueue.patch
new file mode 100644
index 0000000000..e1fb5e525a
--- /dev/null
+++ b/share/security/patches/SA-02:37/kqueue.patch
@@ -0,0 +1,18 @@
+Index: sys/kern/sys_pipe.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/sys_pipe.c,v
+retrieving revision 1.60.2.12
+retrieving revision 1.60.2.13
+diff -u -r1.60.2.12 -r1.60.2.13
+--- sys/kern/sys_pipe.c	16 Apr 2002 02:08:13 -0000	1.60.2.12
++++ sys/kern/sys_pipe.c	5 Aug 2002 15:05:15 -0000	1.60.2.13
+@@ -1237,6 +1237,9 @@
+ 	case EVFILT_WRITE:
+ 		kn->kn_fop = &pipe_wfiltops;
+ 		cpipe = cpipe->pipe_peer;
++		if (cpipe == NULL)
++			/* other end of pipe has been closed */
++			return (EBADF);
+ 		break;
+ 	default:
+ 		return (1);
diff --git a/share/security/patches/SA-02:37/kqueue.patch.asc b/share/security/patches/SA-02:37/kqueue.patch.asc
new file mode 100644
index 0000000000..d88577026d
--- /dev/null
+++ b/share/security/patches/SA-02:37/kqueue.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPU8MeVUuHi5z0oilAQGDGgQAnA28KujuZl4fSDF+GGBHuncMkM393UCD
+cgqHMEbJoq5ULTpKqENO4x5o8ZusXYzuCkomWwUvvtRWtxeLWPTsImIL7e6A3eZ5
+2/ktQwTpOJ6YR6xjHaedUtgbcnVPYysIvhsR7TdB3TIttwAKvjiqYUayOVOm1/cD
+gmNRgTOs+/c=
+=EJaV
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:38/signed-error.patch b/share/security/patches/SA-02:38/signed-error.patch
new file mode 100644
index 0000000000..68344b1d59
--- /dev/null
+++ b/share/security/patches/SA-02:38/signed-error.patch
@@ -0,0 +1,50 @@
+Index: sys/i386/isa/vesa.c
+diff -u sys/i386/isa/vesa.c:1.32 sys/i386/isa/vesa.c:1.32.10.1
+--- sys/i386/isa/vesa.c:1.32	Sat Jan 29 07:08:40 2000
++++ sys/i386/isa/vesa.c	Tue Aug 13 05:12:40 2002
+@@ -1317,7 +1317,9 @@
+ 	int bits;
+ 	int error;
+ 
+-	if ((base < 0) || (base >= 256) || (base + count > 256))
++	if ((base < 0) || (base >= 256) || (count < 0) || (count > 256))
++		return 1;
++	if (base + count > 256)
+ 		return 1;
+ 	if (!(vesa_adp_info->v_flags & V_DAC8) || !VESA_MODE(adp->va_mode))
+ 		return 1;
+Index: sys/kern/uipc_syscalls.c
+diff -u sys/kern/uipc_syscalls.c:1.65.2.9 sys/kern/uipc_syscalls.c:1.65.2.9.6.1
+--- sys/kern/uipc_syscalls.c:1.65.2.9	Tue Jul 31 03:49:39 2001
++++ sys/kern/uipc_syscalls.c	Tue Aug 13 05:12:41 2002
+@@ -206,6 +206,8 @@
+ 			sizeof (namelen));
+ 		if(error)
+ 			return (error);
++		if (namelen < 0)
++			return (EINVAL);
+ 	}
+ 	error = holdsock(fdp, uap->s, &lfp);
+ 	if (error)
+@@ -1193,6 +1195,10 @@
+ 		fdrop(fp, p);
+ 		return (error);
+ 	}
++	if (len < 0) {
++		fdrop(fp, p);
++		return (EINVAL);
++	}
+ 	so = (struct socket *)fp->f_data;
+ 	sa = 0;
+ 	error = (*so->so_proto->pr_usrreqs->pru_sockaddr)(so, &sa);
+@@ -1271,6 +1277,10 @@
+ 	if (error) {
+ 		fdrop(fp, p);
+ 		return (error);
++	}
++	if (len < 0) {
++		fdrop(fp, p);
++		return (EINVAL);
+ 	}
+ 	sa = 0;
+ 	error = (*so->so_proto->pr_usrreqs->pru_peeraddr)(so, &sa);
diff --git a/share/security/patches/SA-02:38/signed-error.patch.asc b/share/security/patches/SA-02:38/signed-error.patch.asc
new file mode 100644
index 0000000000..2834d7d2c2
--- /dev/null
+++ b/share/security/patches/SA-02:38/signed-error.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPVkUe1UuHi5z0oilAQHMMAP/SPVl4IXxqTzn7bCYoGSR9O1vT7A8C1P+
+QD8Kj6vZlisclDQKtceciKC9mXK47CZUOZOhMAIYi6e4zOaFKopSOsmsP68dinVR
+o6Z1CGFHGvRYOoUuEu81UYS4ZKbdv8lnvTj0WZbXJTK8XHN/Or99EJUnRxvTK381
+ur3U6ggo4vA=
+=Uvpb
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:39/libkvm.patch b/share/security/patches/SA-02:39/libkvm.patch
new file mode 100644
index 0000000000..9612ef7960
--- /dev/null
+++ b/share/security/patches/SA-02:39/libkvm.patch
@@ -0,0 +1,47 @@
+Index: kvm.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libkvm/kvm.c,v
+retrieving revision 1.12.2.2
+retrieving revision 1.12.2.3
+diff -c -r1.12.2.2 -r1.12.2.3
+*** lib/libkvm/kvm.c	23 Aug 2000 08:53:00 -0000	1.12.2.2
+--- lib/libkvm/kvm.c	13 Sep 2002 14:53:43 -0000	1.12.2.3
+***************
+*** 206,211 ****
+--- 206,215 ----
+  		_kvm_syserr(kd, kd->program, "%s", mf);
+  		goto failed;
+  	}
++ 	if (fcntl(kd->pmfd, F_SETFD, FD_CLOEXEC) < 0) {
++ 		_kvm_syserr(kd, kd->program, "%s", mf);
++ 		goto failed;
++ 	}
+  	if (S_ISCHR(st.st_mode)) {
+  		/*
+  		 * If this is a character special device, then check that
+***************
+*** 224,229 ****
+--- 228,237 ----
+  				_kvm_syserr(kd, kd->program, "%s", _PATH_KMEM);
+  				goto failed;
+  			}
++ 			if (fcntl(kd->vmfd, F_SETFD, FD_CLOEXEC) < 0) {
++ 				_kvm_syserr(kd, kd->program, "%s", _PATH_KMEM);
++ 				goto failed;
++ 			}
+  		}
+  	} else {
+  		/*
+***************
+*** 232,237 ****
+--- 240,249 ----
+  		 * but first setup the namelist fd.
+  		 */
+  		if ((kd->nlfd = open(uf, O_RDONLY, 0)) < 0) {
++ 			_kvm_syserr(kd, kd->program, "%s", uf);
++ 			goto failed;
++ 		}
++ 		if (fcntl(kd->nlfd, F_SETFD, FD_CLOEXEC) < 0) {
+  			_kvm_syserr(kd, kd->program, "%s", uf);
+  			goto failed;
+  		}
diff --git a/share/security/patches/SA-02:39/libkvm.patch.asc b/share/security/patches/SA-02:39/libkvm.patch.asc
new file mode 100644
index 0000000000..c63f758727
--- /dev/null
+++ b/share/security/patches/SA-02:39/libkvm.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.7 (FreeBSD)
+
+iQCVAwUAPYXyylUuHi5z0oilAQFl8QP9HFSB4h6OKxvwIPoVkhXsVvlsi4BWp1wI
+1FtB9i6euBljsMuiiiZPxpwom+WY8hdHt3vMTc/VYsxxOsJ0S6+TVmy7bFYjgxLF
+daNYK54gwa9gyKZ0w0ItCi1eQlOhW06dzlB5o2AZxWFnFoksvGzIXr4Tv3BzNVf/
+/O7pfn8sA6g=
+=m+ng
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:40/kadmind.patch b/share/security/patches/SA-02:40/kadmind.patch
new file mode 100644
index 0000000000..92c786db44
--- /dev/null
+++ b/share/security/patches/SA-02:40/kadmind.patch
@@ -0,0 +1,68 @@
+Index: crypto/heimdal/kadmin/version4.c
+diff -c crypto/heimdal/kadmin/version4.c:1.1.1.1.2.3 crypto/heimdal/kadmin/version4.c:1.1.1.1.2.4
+*** crypto/heimdal/kadmin/version4.c:1.1.1.1.2.3	Fri Sep 20 05:50:21 2002
+--- crypto/heimdal/kadmin/version4.c	Mon Oct 21 22:51:10 2002
+***************
+*** 822,827 ****
+--- 822,834 ----
+      off += _krb5_get_int(msg + off, &rlen, 4);
+      memset(&authent, 0, sizeof(authent));
+      authent.length = message.length - rlen - KADM_VERSIZE - 4;
++ 
++     if(authent.length >= MAX_KTXT_LEN) {
++ 	krb5_warnx(context, "received bad rlen (%lu)", (unsigned long)rlen);
++ 	make_you_loose_packet (KADM_LENGTH_ERROR, reply);
++ 	return;
++     }
++ 
+      memcpy(authent.dat, (char*)msg + off, authent.length);
+      off += authent.length;
+      
+Index: crypto/kerberosIV/kadmin/kadm_ser_wrap.c
+diff -c crypto/kerberosIV/kadmin/kadm_ser_wrap.c:1.1.1.3 crypto/kerberosIV/kadmin/kadm_ser_wrap.c:1.1.1.3.12.1
+*** crypto/kerberosIV/kadmin/kadm_ser_wrap.c:1.1.1.3	Sun Jan  9 02:27:52 2000
+--- crypto/kerberosIV/kadmin/kadm_ser_wrap.c	Wed Oct 23 08:21:32 2002
+***************
+*** 117,132 ****
+      u_char *retdat, *tmpdat;
+      int retval, retlen;
+  
+!     if (strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE)) {
+  	errpkt(errdat, dat, dat_len, KADM_BAD_VER);
+  	return KADM_BAD_VER;
+      }
+      in_len = KADM_VERSIZE;
+      /* get the length */
+!     if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0)
+  	return KADM_LENGTH_ERROR;
+      in_len += retc;
+      authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t);
+      memcpy(authent.dat, (char *)(*dat) + in_len, authent.length);
+      authent.mbz = 0;
+      /* service key should be set before here */
+--- 117,141 ----
+      u_char *retdat, *tmpdat;
+      int retval, retlen;
+  
+!     if (*dat_len < (KADM_VERSIZE + sizeof(u_int32_t))
+! 	|| strncmp(KADM_VERSTR, (char *)*dat, KADM_VERSIZE) != 0) {
+  	errpkt(errdat, dat, dat_len, KADM_BAD_VER);
+  	return KADM_BAD_VER;
+      }
+      in_len = KADM_VERSIZE;
+      /* get the length */
+!     if ((retc = stv_long(*dat, &r_len, in_len, *dat_len)) < 0 ||
+! 	(r_len > *dat_len - KADM_VERSIZE - sizeof(u_int32_t))) {
+! 	errpkt(errdat, dat, dat_len, KADM_LENGTH_ERROR);
+  	return KADM_LENGTH_ERROR;
++     }
++     
+      in_len += retc;
+      authent.length = *dat_len - r_len - KADM_VERSIZE - sizeof(u_int32_t);
++     if (authent.length > MAX_KTXT_LEN) {
++ 	errpkt(errdat, dat, dat_len, KADM_LENGTH_ERROR);
++ 	return KADM_LENGTH_ERROR;
++     }
+      memcpy(authent.dat, (char *)(*dat) + in_len, authent.length);
+      authent.mbz = 0;
+      /* service key should be set before here */
diff --git a/share/security/patches/SA-02:40/kadmind.patch.asc b/share/security/patches/SA-02:40/kadmind.patch.asc
new file mode 100644
index 0000000000..b1c845b0db
--- /dev/null
+++ b/share/security/patches/SA-02:40/kadmind.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iQCVAwUAPdFIWlUuHi5z0oilAQGZkwP/SCawnr6r24Em3tHj+6WUNb/5RZtgi54i
+mmKBfMMgfBcALhW2hAWArEXUNxY0ZacEJcaobo8494eS2dGuSQhVlmcjxP5xaOMr
+LjwSNpv10/jZ5xhVcec6dZM4EW+3PO/Ik/Do/peDOUVZABW6SIaqu9o/GFdDROhR
+Yakj50AIJAk=
+=bCtW
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:41/smrsh.patch b/share/security/patches/SA-02:41/smrsh.patch
new file mode 100644
index 0000000000..0638e0c553
--- /dev/null
+++ b/share/security/patches/SA-02:41/smrsh.patch
@@ -0,0 +1,66 @@
+Index: contrib/sendmail/smrsh/smrsh.c
+diff -c contrib/sendmail/smrsh/smrsh.c:1.3.6.8 contrib/sendmail/smrsh/smrsh.c:1.3.6.9
+*** contrib/sendmail/smrsh/smrsh.c:1.3.6.8	Mon Sep  2 20:50:13 2002
+--- contrib/sendmail/smrsh/smrsh.c	Mon Oct  7 19:53:31 2002
+***************
+*** 59,64 ****
+--- 59,66 ----
+  #include <sm/limits.h>
+  #include <sm/string.h>
+  #include <sys/file.h>
++ #include <sys/types.h>
++ #include <sys/stat.h>
+  #include <string.h>
+  #include <ctype.h>
+  #include <errno.h>
+***************
+*** 147,152 ****
+--- 149,155 ----
+  	char *newenv[2];
+  	char pathbuf[1000];
+  	char specialbuf[32];
++ 	struct stat st;
+  
+  #ifndef DEBUG
+  # ifndef LOG_MAIL
+***************
+*** 304,309 ****
+--- 307,344 ----
+  			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+  					     "Trying %s\n", cmdbuf);
+  #endif /* DEBUG */
++ 			if (stat(cmdbuf, &st) < 0)
++ 			{
++ 				/* can't stat it */
++ 				(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
++ 						     "%s: %s not available for sendmail programs (stat failed)\n",
++ 						      prg, cmd);
++ 				if (p != NULL)
++ 					*p = ' ';
++ #ifndef DEBUG
++ 				syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
++ 				       (int) getuid(), cmd);
++ #endif /* ! DEBUG */
++ 				exit(EX_UNAVAILABLE);
++ 			}
++ 			if (!S_ISREG(st.st_mode)
++ #ifdef S_ISLNK
++ 			    && !S_ISLNK(st.st_mode)
++ #endif /* S_ISLNK */
++ 			   )
++ 			{
++ 				/* can't stat it */
++ 				(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
++ 						     "%s: %s not available for sendmail programs (not a file)\n",
++ 						      prg, cmd);
++ 				if (p != NULL)
++ 					*p = ' ';
++ #ifndef DEBUG
++ 				syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
++ 				       (int) getuid(), cmd);
++ #endif /* ! DEBUG */
++ 				exit(EX_UNAVAILABLE);
++ 			}
+  			if (access(cmdbuf, X_OK) < 0)
+  			{
+  				/* oops....  crack attack possiblity */
diff --git a/share/security/patches/SA-02:41/smrsh.patch.asc b/share/security/patches/SA-02:41/smrsh.patch.asc
new file mode 100644
index 0000000000..faad12dbcb
--- /dev/null
+++ b/share/security/patches/SA-02:41/smrsh.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iQCVAwUAPdFIj1UuHi5z0oilAQEvpQP/bTGeg/4GA5PccO5XqDCSXCvsEj22a2n4
+kckYoIOjmLk0aVVeFw07cfn1EZYOOijaHcHnTQA4bA1cEP+y6Dj1W90ERcFJvorg
+IZEDeVtE8uzG2jBR0Ona4JVim1fosGRxGzjXxnB5OLh/Ms4JwLkNMto5VyTjLnMS
+nlD0edJ8b0o=
+=gGy7
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:41/smrsh2.patch b/share/security/patches/SA-02:41/smrsh2.patch
new file mode 100644
index 0000000000..8a08841732
--- /dev/null
+++ b/share/security/patches/SA-02:41/smrsh2.patch
@@ -0,0 +1,61 @@
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/smrsh/smrsh.c,v
+retrieving revision 1.3.6.5
+retrieving revision 1.3.6.5.4.1
+diff -u -p -r1.3.6.5 -r1.3.6.5.4.1
+--- contrib/sendmail/smrsh/smrsh.c	2001/06/09 17:40:38	1.3.6.5
++++ contrib/sendmail/smrsh/smrsh.c	2002/10/26 21:10:59	1.3.6.5.4.1
+@@ -59,6 +59,8 @@ static char id[] = "@(#)$Id: smrsh.c,v 8
+ #include <unistd.h>
+ #include <stdio.h>
+ #include <sys/file.h>
++#include <sys/types.h>
++#include <sys/stat.h>
+ #include <string.h>
+ #include <ctype.h>
+ #include <errno.h>
+@@ -156,6 +158,7 @@ main(argc, argv)
+ 	char cmdbuf[1000];
+ 	char pathbuf[1000];
+ 	char specialbuf[32];
++	struct stat st;
+ 
+ #ifndef DEBUG
+ # ifndef LOG_MAIL
+@@ -293,6 +296,36 @@ main(argc, argv)
+ #ifdef DEBUG
+ 			printf("Trying %s\n", cmdbuf);
+ #endif /* DEBUG */
++			if (stat(cmdbuf, &st) < 0)
++			{
++				/* can't stat it */
++				(void) fprintf(stderr, "%s: %s not available for sendmail programs (stat failed)\n",
++					       prg, cmd);
++				if (p != NULL)
++					*p = ' ';
++#ifndef DEBUG
++				syslog(LOG_CRIT, "uid %d: attempt to use %s (stat failed)",
++				       (int) getuid(), cmd);
++#endif /* ! DEBUG */
++				exit(EX_UNAVAILABLE);
++			}
++			if (!S_ISREG(st.st_mode)
++#ifdef S_ISLNK
++			    && !S_ISLNK(st.st_mode)
++#endif /* S_ISLNK */
++			   )
++			{
++				/* can't stat it */
++				(void) fprintf(stderr, "%s: %s not available for sendmail programs (not a file)\n",
++					       prg, cmd);
++				if (p != NULL)
++					*p = ' ';
++#ifndef DEBUG
++				syslog(LOG_CRIT, "uid %d: attempt to use %s (not a file)",
++				       (int) getuid(), cmd);
++#endif /* ! DEBUG */
++				exit(EX_UNAVAILABLE);
++			}
+ 			if (access(cmdbuf, X_OK) < 0)
+ 			{
+ 				/* oops....  crack attack possiblity */
diff --git a/share/security/patches/SA-02:41/smrsh2.patch.asc b/share/security/patches/SA-02:41/smrsh2.patch.asc
new file mode 100644
index 0000000000..b99eff276f
--- /dev/null
+++ b/share/security/patches/SA-02:41/smrsh2.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iQCVAwUAPdUV41UuHi5z0oilAQEOvQP+PN4mgE58oIlumWYWaNQHFjrQJHqsNsCY
+G273I81Ot3QjDdJCTK3cVtisUw16NzVGQzov2zkYtCf13rQGErzpCDPUIge7NXP6
+PfV8lttJbToGOKIVx2HVN0u4EsEpTnY+dPOpRERd/Nh82TJySTWy1EIIa5li+4uT
+JZO2VZcTVxg=
+=oJ2c
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:42/resolv.patch b/share/security/patches/SA-02:42/resolv.patch
new file mode 100644
index 0000000000..44c7a8137b
--- /dev/null
+++ b/share/security/patches/SA-02:42/resolv.patch
@@ -0,0 +1,686 @@
+Index: lib/libc/net/getaddrinfo.c
+diff -c lib/libc/net/getaddrinfo.c:1.9.2.9 lib/libc/net/getaddrinfo.c:1.9.2.11
+*** lib/libc/net/getaddrinfo.c:1.9.2.9	Sun Mar  3 12:45:30 2002
+--- lib/libc/net/getaddrinfo.c	Sun Sep 22 07:20:23 2002
+***************
+*** 182,192 ****
+  #define	PTON_MAX	4
+  #endif
+  
+! #if PACKETSZ > 1024
+! #define MAXPACKET	PACKETSZ
+! #else
+! #define MAXPACKET	1024
+! #endif
+  
+  typedef union {
+  	HEADER hdr;
+--- 182,188 ----
+  #define	PTON_MAX	4
+  #endif
+  
+! #define MAXPACKET	(64*1024)
+  
+  typedef union {
+  	HEADER hdr;
+***************
+*** 1407,1413 ****
+  	struct addrinfo **res;
+  {
+  	struct addrinfo *ai;
+! 	querybuf buf, buf2;
+  	const char *name;
+  	struct addrinfo sentinel, *cur;
+  	struct res_target q, q2;
+--- 1403,1409 ----
+  	struct addrinfo **res;
+  {
+  	struct addrinfo *ai;
+! 	querybuf *buf, *buf2;
+  	const char *name;
+  	struct addrinfo sentinel, *cur;
+  	struct res_target q, q2;
+***************
+*** 1417,1463 ****
+  	memset(&sentinel, 0, sizeof(sentinel));
+  	cur = &sentinel;
+  
+  	switch (pai->ai_family) {
+  	case AF_UNSPEC:
+  		/* prefer IPv6 */
+  		q.qclass = C_IN;
+  		q.qtype = T_AAAA;
+! 		q.answer = buf.buf;
+! 		q.anslen = sizeof(buf);
+  		q.next = &q2;
+  		q2.qclass = C_IN;
+  		q2.qtype = T_A;
+! 		q2.answer = buf2.buf;
+! 		q2.anslen = sizeof(buf2);
+  		break;
+  	case AF_INET:
+  		q.qclass = C_IN;
+  		q.qtype = T_A;
+! 		q.answer = buf.buf;
+! 		q.anslen = sizeof(buf);
+  		break;
+  	case AF_INET6:
+  		q.qclass = C_IN;
+  		q.qtype = T_AAAA;
+! 		q.answer = buf.buf;
+! 		q.anslen = sizeof(buf);
+  		break;
+  	default:
+  		return EAI_FAIL;
+  	}
+! 	if (res_searchN(hostname, &q) < 0)
+  		return EAI_NODATA;
+! 	ai = getanswer(&buf, q.n, q.name, q.qtype, pai);
+  	if (ai) {
+  		cur->ai_next = ai;
+  		while (cur && cur->ai_next)
+  			cur = cur->ai_next;
+  	}
+  	if (q.next) {
+! 		ai = getanswer(&buf2, q2.n, q2.name, q2.qtype, pai);
+  		if (ai)
+  			cur->ai_next = ai;
+  	}
+  	if (sentinel.ai_next == NULL)
+  		switch (h_errno) {
+  		case HOST_NOT_FOUND:
+--- 1413,1478 ----
+  	memset(&sentinel, 0, sizeof(sentinel));
+  	cur = &sentinel;
+  
++ 	buf = malloc(sizeof(*buf));
++ 	if (!buf) {
++ 		h_errno = NETDB_INTERNAL;
++ 		return EAI_MEMORY;
++ 	}
++ 	buf2 = malloc(sizeof(*buf2));
++ 	if (!buf2) {
++ 		free(buf);
++ 		h_errno = NETDB_INTERNAL;
++ 		return EAI_MEMORY;
++ 	}
++ 
+  	switch (pai->ai_family) {
+  	case AF_UNSPEC:
+  		/* prefer IPv6 */
+  		q.qclass = C_IN;
+  		q.qtype = T_AAAA;
+! 		q.answer = buf->buf;
+! 		q.anslen = sizeof(buf->buf);
+  		q.next = &q2;
+  		q2.qclass = C_IN;
+  		q2.qtype = T_A;
+! 		q2.answer = buf2->buf;
+! 		q2.anslen = sizeof(buf2->buf);
+  		break;
+  	case AF_INET:
+  		q.qclass = C_IN;
+  		q.qtype = T_A;
+! 		q.answer = buf->buf;
+! 		q.anslen = sizeof(buf->buf);
+  		break;
+  	case AF_INET6:
+  		q.qclass = C_IN;
+  		q.qtype = T_AAAA;
+! 		q.answer = buf->buf;
+! 		q.anslen = sizeof(buf->buf);
+  		break;
+  	default:
++ 		free(buf);
++ 		free(buf2);
+  		return EAI_FAIL;
+  	}
+! 	if (res_searchN(hostname, &q) < 0) {
+! 		free(buf);
+! 		free(buf2);
+  		return EAI_NODATA;
+! 	}
+! 	ai = getanswer(buf, q.n, q.name, q.qtype, pai);
+  	if (ai) {
+  		cur->ai_next = ai;
+  		while (cur && cur->ai_next)
+  			cur = cur->ai_next;
+  	}
+  	if (q.next) {
+! 		ai = getanswer(buf2, q2.n, q2.name, q2.qtype, pai);
+  		if (ai)
+  			cur->ai_next = ai;
+  	}
++ 	free(buf);
++ 	free(buf2);
+  	if (sentinel.ai_next == NULL)
+  		switch (h_errno) {
+  		case HOST_NOT_FOUND:
+***************
+*** 1662,1668 ****
+  	const char *name;	/* domain name */
+  	struct res_target *target;
+  {
+! 	u_char buf[MAXPACKET];
+  	HEADER *hp;
+  	int n;
+  	struct res_target *t;
+--- 1677,1683 ----
+  	const char *name;	/* domain name */
+  	struct res_target *target;
+  {
+! 	u_char *buf;
+  	HEADER *hp;
+  	int n;
+  	struct res_target *t;
+***************
+*** 1677,1682 ****
+--- 1692,1703 ----
+  		return (-1);
+  	}
+  
++ 	buf = malloc(MAXPACKET);
++ 	if (!buf) {
++ 		h_errno = NETDB_INTERNAL;
++ 		return (-1);
++ 	}
++ 
+  	for (t = target; t; t = t->next) {
+  		int class, type;
+  		u_char *answer;
+***************
+*** 1696,1709 ****
+  #endif
+  
+  		n = res_mkquery(QUERY, name, class, type, NULL, 0, NULL,
+! 		    buf, sizeof(buf));
+  		if (n > 0 && (_res.options & RES_USE_EDNS0) != 0)
+! 			n = res_opt(n, buf, sizeof(buf), anslen);
+  		if (n <= 0) {
+  #ifdef DEBUG
+  			if (_res.options & RES_DEBUG)
+  				printf(";; res_query: mkquery failed\n");
+  #endif
+  			h_errno = NO_RECOVERY;
+  			return (n);
+  		}
+--- 1717,1731 ----
+  #endif
+  
+  		n = res_mkquery(QUERY, name, class, type, NULL, 0, NULL,
+! 		    buf, MAXPACKET);
+  		if (n > 0 && (_res.options & RES_USE_EDNS0) != 0)
+! 			n = res_opt(n, buf, MAXPACKET, anslen);
+  		if (n <= 0) {
+  #ifdef DEBUG
+  			if (_res.options & RES_DEBUG)
+  				printf(";; res_query: mkquery failed\n");
+  #endif
++ 			free(buf);
+  			h_errno = NO_RECOVERY;
+  			return (n);
+  		}
+***************
+*** 1714,1725 ****
+  			if (_res.options & RES_DEBUG)
+  				printf(";; res_query: send error\n");
+  #endif
+  			h_errno = TRY_AGAIN;
+  			return (n);
+  		}
+  #endif
+  
+! 		if (n < 0 || hp->rcode != NOERROR || ntohs(hp->ancount) == 0) {
+  			rcode = hp->rcode;	/* record most recent error */
+  #ifdef DEBUG
+  			if (_res.options & RES_DEBUG)
+--- 1736,1750 ----
+  			if (_res.options & RES_DEBUG)
+  				printf(";; res_query: send error\n");
+  #endif
++ 			free(buf);
+  			h_errno = TRY_AGAIN;
+  			return (n);
+  		}
+  #endif
+  
+! 		if (n < 0 || n > anslen)
+! 			hp->rcode = FORMERR; /* XXX not very informative */
+! 		if (hp->rcode != NOERROR || ntohs(hp->ancount) == 0) {
+  			rcode = hp->rcode;	/* record most recent error */
+  #ifdef DEBUG
+  			if (_res.options & RES_DEBUG)
+***************
+*** 1733,1738 ****
+--- 1758,1765 ----
+  
+  		t->n = n;
+  	}
++ 
++ 	free(buf);
+  
+  	if (ancount == 0) {
+  		switch (rcode) {
+Index: lib/libc/net/gethostbydns.c
+diff -c lib/libc/net/gethostbydns.c:1.27.2.2 lib/libc/net/gethostbydns.c:1.27.2.3
+*** lib/libc/net/gethostbydns.c:1.27.2.2	Wed Jun 26 01:24:29 2002
+--- lib/libc/net/gethostbydns.c	Thu Sep 19 08:45:23 2002
+***************
+*** 584,591 ****
+  				break;
+  		}
+  
+! 	if ((n = res_search(name, C_IN, type, buf.buf, sizeof(buf))) < 0) {
+  		dprintf("res_search failed (%d)\n", n);
+  		return (NULL);
+  	}
+  	return (gethostanswer(&buf, n, name, type));
+--- 584,595 ----
+  				break;
+  		}
+  
+! 	n = res_search(name, C_IN, type, buf.buf, sizeof(buf.buf));
+! 	if (n < 0) {
+  		dprintf("res_search failed (%d)\n", n);
++ 		return (NULL);
++ 	} else if (n > sizeof(buf.buf)) {
++ 		dprintf("static buffer is too small (%d)\n", n);
+  		return (NULL);
+  	}
+  	return (gethostanswer(&buf, n, name, type));
+Index: lib/libc/net/getnetbydns.c
+diff -c lib/libc/net/getnetbydns.c:1.13.2.2 lib/libc/net/getnetbydns.c:1.13.2.3
+*** lib/libc/net/getnetbydns.c:1.13.2.2	Wed Jun 26 01:34:18 2002
+--- lib/libc/net/getnetbydns.c	Thu Sep 19 08:45:23 2002
+***************
+*** 256,262 ****
+  	if (anslen < 0) {
+  #ifdef DEBUG
+  		if (_res.options & RES_DEBUG)
+! 			printf("res_query failed\n");
+  #endif
+  		return (NULL);
+  	}
+--- 256,268 ----
+  	if (anslen < 0) {
+  #ifdef DEBUG
+  		if (_res.options & RES_DEBUG)
+! 			printf("res_search failed\n");
+! #endif
+! 		return (NULL);
+! 	} else if (anslen > sizeof(buf)) {
+! #ifdef DEBUG
+! 		if (_res.options & RES_DEBUG)
+! 			printf("res_search static buffer too small\n");
+  #endif
+  		return (NULL);
+  	}
+***************
+*** 291,297 ****
+  	if (anslen < 0) {
+  #ifdef DEBUG
+  		if (_res.options & RES_DEBUG)
+! 			printf("res_query failed\n");
+  #endif
+  		return (NULL);
+  	}
+--- 297,309 ----
+  	if (anslen < 0) {
+  #ifdef DEBUG
+  		if (_res.options & RES_DEBUG)
+! 			printf("res_search failed\n");
+! #endif
+! 		return (NULL);
+! 	} else if (anslen > sizeof(buf)) {
+! #ifdef DEBUG
+! 		if (_res.options & RES_DEBUG)
+! 			printf("res_search static buffer too small\n");
+  #endif
+  		return (NULL);
+  	}
+Index: lib/libc/net/name6.c
+diff -c lib/libc/net/name6.c:1.6.2.6 lib/libc/net/name6.c:1.6.2.7
+*** lib/libc/net/name6.c:1.6.2.6	Wed Jun 26 01:06:43 2002
+--- lib/libc/net/name6.c	Thu Sep 19 08:45:23 2002
+***************
+*** 994,1004 ****
+          int     rtl_type;
+  };
+  
+! #if PACKETSZ > 1024
+! #define	MAXPACKET	PACKETSZ
+! #else
+! #define	MAXPACKET	1024
+! #endif
+  
+  typedef union {
+  	HEADER hdr;
+--- 994,1000 ----
+          int     rtl_type;
+  };
+  
+! #define	MAXPACKET	(64*1024)
+  
+  typedef union {
+  	HEADER hdr;
+***************
+*** 1305,1311 ****
+  	int trailing_dot, ret, saved_herrno;
+  	int got_nodata = 0, got_servfail = 0, tried_as_is = 0;
+  	struct __res_type_list *rtl0 = rtl;
+! 	querybuf buf;
+  
+  	if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+  		*errp = NETDB_INTERNAL;
+--- 1301,1307 ----
+  	int trailing_dot, ret, saved_herrno;
+  	int got_nodata = 0, got_servfail = 0, tried_as_is = 0;
+  	struct __res_type_list *rtl0 = rtl;
+! 	querybuf *buf;
+  
+  	if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
+  		*errp = NETDB_INTERNAL;
+***************
+*** 1318,1334 ****
+  	if (cp > name && *--cp == '.')
+  		trailing_dot++;
+  
+  	/* If there aren't any dots, it could be a user-level alias */
+  	if (!dots && (cp = hostalias(name)) != NULL) {
+  		for(rtl = rtl0; rtl != NULL;
+  		    rtl = SLIST_NEXT(rtl, rtl_entry)) {
+! 			ret = res_query(cp, C_IN, rtl->rtl_type, buf.buf,
+! 					     sizeof(buf.buf));
+! 			if (ret > 0) {
+  				hpbuf.h_addrtype = (rtl->rtl_type == T_AAAA)
+  				    ? AF_INET6 : AF_INET;
+  				hpbuf.h_length = ADDRLEN(hpbuf.h_addrtype);
+! 				hp = getanswer(&buf, ret, name, rtl->rtl_type,
+  						    &hpbuf, errp);
+  				if (!hp)
+  					continue;
+--- 1314,1336 ----
+  	if (cp > name && *--cp == '.')
+  		trailing_dot++;
+  
++ 	buf = malloc(sizeof(*buf));
++ 	if (buf == NULL) {
++ 		*errp = NETDB_INTERNAL;
++ 		return NULL;
++ 	}
++ 
+  	/* If there aren't any dots, it could be a user-level alias */
+  	if (!dots && (cp = hostalias(name)) != NULL) {
+  		for(rtl = rtl0; rtl != NULL;
+  		    rtl = SLIST_NEXT(rtl, rtl_entry)) {
+! 			ret = res_query(cp, C_IN, rtl->rtl_type, buf->buf,
+! 					     sizeof(buf->buf));
+! 			if (ret > 0 && ret < sizeof(buf->buf)) {
+  				hpbuf.h_addrtype = (rtl->rtl_type == T_AAAA)
+  				    ? AF_INET6 : AF_INET;
+  				hpbuf.h_length = ADDRLEN(hpbuf.h_addrtype);
+! 				hp = getanswer(buf, ret, name, rtl->rtl_type,
+  						    &hpbuf, errp);
+  				if (!hp)
+  					continue;
+***************
+*** 1336,1341 ****
+--- 1338,1344 ----
+  				hp0 = _hpmerge(hp0, hp, errp);
+  			}
+  		}
++ 		free(buf);
+  		return (hp0);
+  	}
+  
+***************
+*** 1348,1359 ****
+  		for(rtl = rtl0; rtl != NULL;
+  		    rtl = SLIST_NEXT(rtl, rtl_entry)) {
+  			ret = res_querydomain(name, NULL, C_IN, rtl->rtl_type,
+! 					      buf.buf, sizeof(buf.buf));
+! 			if (ret > 0) {
+  				hpbuf.h_addrtype = (rtl->rtl_type == T_AAAA)
+  				    ? AF_INET6 : AF_INET;
+  				hpbuf.h_length = ADDRLEN(hpbuf.h_addrtype);
+! 				hp = getanswer(&buf, ret, name, rtl->rtl_type,
+  						    &hpbuf, errp);
+  				if (!hp)
+  					continue;
+--- 1351,1362 ----
+  		for(rtl = rtl0; rtl != NULL;
+  		    rtl = SLIST_NEXT(rtl, rtl_entry)) {
+  			ret = res_querydomain(name, NULL, C_IN, rtl->rtl_type,
+! 					      buf->buf, sizeof(buf->buf));
+! 			if (ret > 0 && ret < sizeof(buf->buf)) {
+  				hpbuf.h_addrtype = (rtl->rtl_type == T_AAAA)
+  				    ? AF_INET6 : AF_INET;
+  				hpbuf.h_length = ADDRLEN(hpbuf.h_addrtype);
+! 				hp = getanswer(buf, ret, name, rtl->rtl_type,
+  						    &hpbuf, errp);
+  				if (!hp)
+  					continue;
+***************
+*** 1361,1368 ****
+  				hp0 = _hpmerge(hp0, hp, errp);
+  			}
+  		}
+! 		if (hp0 != NULL)
+  			return (hp0);
+  		saved_herrno = *errp;
+  		tried_as_is++;
+  	}
+--- 1364,1373 ----
+  				hp0 = _hpmerge(hp0, hp, errp);
+  			}
+  		}
+! 		if (hp0 != NULL) {
+! 			free(buf);
+  			return (hp0);
++ 		}
+  		saved_herrno = *errp;
+  		tried_as_is++;
+  	}
+***************
+*** 1385,1396 ****
+  			    rtl = SLIST_NEXT(rtl, rtl_entry)) {
+  				ret = res_querydomain(name, *domain, C_IN,
+  						      rtl->rtl_type,
+! 						      buf.buf, sizeof(buf.buf));
+! 				if (ret > 0) {
+  					hpbuf.h_addrtype = (rtl->rtl_type == T_AAAA)
+  					    ? AF_INET6 : AF_INET;
+  					hpbuf.h_length = ADDRLEN(hpbuf.h_addrtype);
+! 					hp = getanswer(&buf, ret, name,
+  					    rtl->rtl_type, &hpbuf, errp);
+  					if (!hp)
+  						continue;
+--- 1390,1401 ----
+  			    rtl = SLIST_NEXT(rtl, rtl_entry)) {
+  				ret = res_querydomain(name, *domain, C_IN,
+  						      rtl->rtl_type,
+! 						      buf->buf, sizeof(buf->buf));
+! 				if (ret > 0 && ret < sizeof(buf->buf)) {
+  					hpbuf.h_addrtype = (rtl->rtl_type == T_AAAA)
+  					    ? AF_INET6 : AF_INET;
+  					hpbuf.h_length = ADDRLEN(hpbuf.h_addrtype);
+! 					hp = getanswer(buf, ret, name,
+  					    rtl->rtl_type, &hpbuf, errp);
+  					if (!hp)
+  						continue;
+***************
+*** 1398,1405 ****
+  					hp0 = _hpmerge(hp0, hp, errp);
+  				}
+  			}
+! 			if (hp0 != NULL)
+  				return (hp0);
+  
+  			/*
+  			 * If no server present, give up.
+--- 1403,1412 ----
+  					hp0 = _hpmerge(hp0, hp, errp);
+  				}
+  			}
+! 			if (hp0 != NULL) {
+! 				free(buf);
+  				return (hp0);
++ 			}
+  
+  			/*
+  			 * If no server present, give up.
+***************
+*** 1415,1420 ****
+--- 1422,1428 ----
+  			 * fully-qualified.
+  			 */
+  			if (errno == ECONNREFUSED) {
++ 				free(buf);
+  				*errp = TRY_AGAIN;
+  				return (NULL);
+  			}
+***************
+*** 1427,1433 ****
+  				/* keep trying */
+  				break;
+  			case TRY_AGAIN:
+! 				if (buf.hdr.rcode == SERVFAIL) {
+  					/* try next search element, if any */
+  					got_servfail++;
+  					break;
+--- 1435,1441 ----
+  				/* keep trying */
+  				break;
+  			case TRY_AGAIN:
+! 				if (buf->hdr.rcode == SERVFAIL) {
+  					/* try next search element, if any */
+  					got_servfail++;
+  					break;
+***************
+*** 1455,1466 ****
+  		for(rtl = rtl0; rtl != NULL;
+  		    rtl = SLIST_NEXT(rtl, rtl_entry)) {
+  			ret = res_querydomain(name, NULL, C_IN, rtl->rtl_type,
+! 					      buf.buf, sizeof(buf.buf));
+! 			if (ret > 0) {
+  				hpbuf.h_addrtype = (rtl->rtl_type == T_AAAA)
+  				    ? AF_INET6 : AF_INET;
+  				hpbuf.h_length = ADDRLEN(hpbuf.h_addrtype);
+! 				hp = getanswer(&buf, ret, name, rtl->rtl_type,
+  				    &hpbuf, errp);
+  				if (!hp)
+  					continue;
+--- 1463,1474 ----
+  		for(rtl = rtl0; rtl != NULL;
+  		    rtl = SLIST_NEXT(rtl, rtl_entry)) {
+  			ret = res_querydomain(name, NULL, C_IN, rtl->rtl_type,
+! 					      buf->buf, sizeof(buf->buf));
+! 			if (ret > 0 && ret < sizeof(buf->buf)) {
+  				hpbuf.h_addrtype = (rtl->rtl_type == T_AAAA)
+  				    ? AF_INET6 : AF_INET;
+  				hpbuf.h_length = ADDRLEN(hpbuf.h_addrtype);
+! 				hp = getanswer(buf, ret, name, rtl->rtl_type,
+  				    &hpbuf, errp);
+  				if (!hp)
+  					continue;
+***************
+*** 1468,1477 ****
+  				hp0 = _hpmerge(hp0, hp, errp);
+  			}
+  		}
+! 		if (hp0 != NULL)
+  			return (hp0);
+  	}
+  
+  	/* if we got here, we didn't satisfy the search.
+  	 * if we did an initial full query, return that query's h_errno
+  	 * (note that we wouldn't be here if that query had succeeded).
+--- 1476,1489 ----
+  				hp0 = _hpmerge(hp0, hp, errp);
+  			}
+  		}
+! 		if (hp0 != NULL) {
+! 			free(buf);
+  			return (hp0);
++ 		}
+  	}
+  
++ 	free(buf);
++ 
+  	/* if we got here, we didn't satisfy the search.
+  	 * if we did an initial full query, return that query's h_errno
+  	 * (note that we wouldn't be here if that query had succeeded).
+***************
+*** 1531,1537 ****
+  #ifdef INET6
+  	static const char hex[] = "0123456789abcdef";
+  #endif
+! 	querybuf buf;
+  	char qbuf[MAXDNAME+1];
+  	char *hlist[2];
+  
+--- 1543,1549 ----
+  #ifdef INET6
+  	static const char hex[] = "0123456789abcdef";
+  #endif
+! 	querybuf *buf;
+  	char qbuf[MAXDNAME+1];
+  	char *hlist[2];
+  
+***************
+*** 1584,1595 ****
+  		break;
+  	}
+  
+! 	n = res_query(qbuf, C_IN, T_PTR, buf.buf, sizeof buf.buf);
+  	if (n < 0) {
+  		*errp = h_errno;
+  		return NULL;
+  	}
+! 	hp = getanswer(&buf, n, qbuf, T_PTR, &hbuf, errp);
+  	if (!hp)
+  		return NULL;
+  	hbuf.h_addrtype = af;
+--- 1596,1622 ----
+  		break;
+  	}
+  
+! 	buf = malloc(sizeof(*buf));
+! 	if (buf == NULL) {
+! 		*errp = NETDB_INTERNAL;
+! 		return NULL;
+! 	}
+! 
+! 	n = res_query(qbuf, C_IN, T_PTR, buf->buf, sizeof buf->buf);
+  	if (n < 0) {
++ 		free(buf);
+  		*errp = h_errno;
+  		return NULL;
++ 	} else if (n > sizeof(buf->buf)) {
++ 		free(buf);
++ 		*errp = NETDB_INTERNAL;
++ #if 0
++ 		errno = ERANGE; /* XXX is it OK to set errno here? */
++ #endif
++ 		return NULL;
+  	}
+! 	hp = getanswer(buf, n, qbuf, T_PTR, &hbuf, errp);
+! 	free(buf);
+  	if (!hp)
+  		return NULL;
+  	hbuf.h_addrtype = af;
+Index: lib/libc/net/res_mkquery.c
+diff -c lib/libc/net/res_mkquery.c:1.15.2.1 lib/libc/net/res_mkquery.c:1.15.2.2
+*** lib/libc/net/res_mkquery.c:1.15.2.1	Fri Jun 15 17:08:28 2001
+--- lib/libc/net/res_mkquery.c	Fri Sep 20 05:45:35 2002
+***************
+*** 228,233 ****
+--- 228,235 ----
+  
+  	__putshort(T_OPT, cp);	/* TYPE */
+  	cp += INT16SZ;
++ 	if (anslen > 0xffff)
++ 		anslen = 0xffff;		/* limit to 16bit value */
+  	__putshort(anslen & 0xffff, cp);	/* CLASS = UDP payload size */
+  	cp += INT16SZ;
+  	*cp++ = NOERROR;	/* extended RCODE */
diff --git a/share/security/patches/SA-02:42/resolv.patch.asc b/share/security/patches/SA-02:42/resolv.patch.asc
new file mode 100644
index 0000000000..064ccc54e5
--- /dev/null
+++ b/share/security/patches/SA-02:42/resolv.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iQCVAwUAPdFIeFUuHi5z0oilAQEnNgP/f6uX+z+HalQiQCERkBvtLODMEb9+gF6c
+fIUW+io07jOlgPcWmSsfjI6u1iwKSbd+BHUE5xd3ePaCSQy+L6ox7cVPjpXvuvcw
+YvrGCPKz7NU4AaXUX8be/NNOcXpSxvyGh0kWjrFDjEKlEswyYYfLmtLyxrF2p44q
+Y+g0J/wG6mM=
+=tGoj
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:43/bind.patch b/share/security/patches/SA-02:43/bind.patch
new file mode 100644
index 0000000000..66d7f127d5
--- /dev/null
+++ b/share/security/patches/SA-02:43/bind.patch
@@ -0,0 +1,404 @@
+Index: contrib/bind/CHANGES
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/CHANGES,v
+retrieving revision 1.1.1.7.2.7
+diff -c -c -r1.1.1.7.2.7 CHANGES
+*** contrib/bind/CHANGES	7 Jul 2002 08:19:01 -0000	1.1.1.7.2.7
+--- contrib/bind/CHANGES	14 Nov 2002 01:30:48 -0000
+***************
+*** 1,3 ****
+--- 1,23 ----
++ 1469.	[bug]		buffer length calculation for PX was wrong.
++ 
++ 1468.	[bug]		ns_name_ntol() could overwite a zero length buffer.
++ 
++ 1467.	[bug]		off by one bug in ns_makecannon().
++ 
++ 1466.	[bug]		large ENDS UDP buffer size could trigger a assertion.
++ 
++ 1465.	[bug]		possible NULL pointer dereference in db_sec.c
++ 
++ 1464.	[bug]      	the buffer used to construct the -ve record was not
++ 			big enough for all possible SOA records.  use pointer
++ 			arithmetic to calculate the remaining size in this
++ 			buffer.
++ 
++ 1463.	[bug]		use serial space arithmetic to determine if a SIG is
++ 			too old, in the future or has internally constistant
++ 			times.
++ 
++ 1462.	[bug]		write buffer overflow in make_rr().
+  
+  	--- 8.3.3-REL released --- (Wed Jun 26 21:15:43 PDT 2002)
+  
+Index: contrib/bind/bin/named/db_defs.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/bin/named/db_defs.h,v
+retrieving revision 1.1.1.2.2.5
+diff -c -c -r1.1.1.2.2.5 db_defs.h
+*** contrib/bind/bin/named/db_defs.h	7 Jul 2002 08:19:13 -0000	1.1.1.2.2.5
+--- contrib/bind/bin/named/db_defs.h	14 Nov 2002 01:30:48 -0000
+***************
+*** 78,84 ****
+   */
+  
+  	/* max length of data in RR data field */
+! #define MAXDATA		(2*MAXDNAME + 5*INT32SZ)
+  
+  	/* max length of data in a TXT RR segment */
+  #define MAXCHARSTRING 255
+--- 78,84 ----
+   */
+  
+  	/* max length of data in RR data field */
+! #define MAXDATA		(3*MAXDNAME + 5*INT32SZ)
+  
+  	/* max length of data in a TXT RR segment */
+  #define MAXCHARSTRING 255
+Index: contrib/bind/bin/named/db_sec.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/bin/named/db_sec.c,v
+retrieving revision 1.1.1.1.4.3
+diff -c -c -r1.1.1.1.4.3 db_sec.c
+*** contrib/bind/bin/named/db_sec.c	17 Feb 2002 15:48:38 -0000	1.1.1.1.4.3
+--- contrib/bind/bin/named/db_sec.c	14 Nov 2002 01:30:48 -0000
+***************
+*** 479,485 ****
+  	struct sig_record *sigdata;
+  	struct dnode *sigdn;
+  	struct databuf *sigdp;
+! 	time_t now;
+  	char *signer;
+  	u_char name_n[MAXDNAME];
+  	u_char *sig, *eom;
+--- 479,487 ----
+  	struct sig_record *sigdata;
+  	struct dnode *sigdn;
+  	struct databuf *sigdp;
+! 	u_int32_t now;
+! 	u_int32_t exptime;
+! 	u_int32_t signtime;
+  	char *signer;
+  	u_char name_n[MAXDNAME];
+  	u_char *sig, *eom;
+***************
+*** 492,497 ****
+--- 494,500 ----
+  	int dnssec_failed = 0, dnssec_succeeded = 0;
+  	int return_value;
+  	int i;
++ 	int expired = 0;
+  
+  	if (rrset == NULL || rrset->rr_name == NULL) {
+  		ns_warning (ns_log_default, "verify_set: missing rrset/name");
+***************
+*** 527,537 ****
+  		 * Don't verify a set if the SIG inception time is in
+  		 * the future.  This should be fixed before 2038 (BEW)
+  		 */
+! 		if ((time_t)ntohl(sigdata->sig_time_n) > now)
+  			continue;
+  
+  		/* An expired set is dropped, but the data is not. */
+! 		if ((time_t)ntohl(sigdata->sig_exp_n) < now) {
+  			db_detach(&sigdn->dp);
+  			sigdp = NULL;
+  			continue;
+--- 530,543 ----
+  		 * Don't verify a set if the SIG inception time is in
+  		 * the future.  This should be fixed before 2038 (BEW)
+  		 */
+! 		signtime = ntohl(sigdata->sig_time_n);
+! 		if (SEQ_GT(signtime, now))
+  			continue;
+  
+  		/* An expired set is dropped, but the data is not. */
+! 		exptime = ntohl(sigdata->sig_exp_n);
+! 		if (SEQ_GT(now, exptime)) {
+! 			expired++;
+  			db_detach(&sigdn->dp);
+  			sigdp = NULL;
+  			continue;
+***************
+*** 723,729 ****
+  	}
+  
+  end:
+! 	if (dnssec_failed > 0)
+  		rrset_trim_sigs(rrset);
+  	if (trustedkey == 0 && key != NULL)
+  		dst_free_key(key);
+--- 729,735 ----
+  	}
+  
+  end:
+! 	if (dnssec_failed > 0 || expired > 0)
+  		rrset_trim_sigs(rrset);
+  	if (trustedkey == 0 && key != NULL)
+  		dst_free_key(key);
+Index: contrib/bind/bin/named/ns_defs.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/bin/named/ns_defs.h,v
+retrieving revision 1.1.1.3.2.6
+diff -c -c -r1.1.1.3.2.6 ns_defs.h
+*** contrib/bind/bin/named/ns_defs.h	7 Jul 2002 08:19:13 -0000	1.1.1.3.2.6
+--- contrib/bind/bin/named/ns_defs.h	14 Nov 2002 01:30:48 -0000
+***************
+*** 469,475 ****
+  			q_cmsglen,	/* len of cname message */
+  			q_cmsgsize;	/* allocated size of cname message */
+  	int16_t		q_dfd;		/* UDP file descriptor */
+! 	int16_t		q_udpsize;	/* UDP message size */
+  	int		q_distance;	/* distance this query is from the
+  					 * original query that the server
+  					 * received. */
+--- 469,475 ----
+  			q_cmsglen,	/* len of cname message */
+  			q_cmsgsize;	/* allocated size of cname message */
+  	int16_t		q_dfd;		/* UDP file descriptor */
+! 	u_int16_t	q_udpsize;	/* UDP message size */
+  	int		q_distance;	/* distance this query is from the
+  					 * original query that the server
+  					 * received. */
+Index: contrib/bind/bin/named/ns_ncache.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/bin/named/ns_ncache.c,v
+retrieving revision 1.1.1.2.2.2
+diff -c -c -r1.1.1.2.2.2 ns_ncache.c
+*** contrib/bind/bin/named/ns_ncache.c	17 Feb 2002 15:48:38 -0000	1.1.1.2.2.2
+--- contrib/bind/bin/named/ns_ncache.c	14 Nov 2002 01:30:48 -0000
+***************
+*** 66,72 ****
+  	u_int16_t atype;
+  	u_char *sp, *cp1;
+  	u_char data[MAXDATA];
+! 	size_t len = sizeof data;
+  #endif
+  
+  	nameserIncr(from.sin_addr, nssRcvdNXD);
+--- 66,72 ----
+  	u_int16_t atype;
+  	u_char *sp, *cp1;
+  	u_char data[MAXDATA];
+! 	u_char *eod = data + sizeof(data);
+  #endif
+  
+  	nameserIncr(from.sin_addr, nssRcvdNXD);
+***************
+*** 186,192 ****
+  		rdatap = cp;
+  
+  		/* origin */
+! 		n = dn_expand(msg, msg + msglen, cp, (char*)data, len);
+  		if (n < 0) {
+  			ns_debug(ns_log_ncache, 3,
+  				 "ncache: origin form error");
+--- 186,192 ----
+  		rdatap = cp;
+  
+  		/* origin */
+! 		n = dn_expand(msg, msg + msglen, cp, (char*)data, eod - data);
+  		if (n < 0) {
+  			ns_debug(ns_log_ncache, 3,
+  				 "ncache: origin form error");
+***************
+*** 195,203 ****
+  		cp += n;
+  		n = strlen((char*)data) + 1;
+  		cp1 = data + n;
+- 		len -= n;
+  		/* mail */
+! 		n = dn_expand(msg, msg + msglen, cp, (char*)cp1, len);
+  		if (n < 0) {
+  			ns_debug(ns_log_ncache, 3, "ncache: mail form error");
+  			return;
+--- 195,202 ----
+  		cp += n;
+  		n = strlen((char*)data) + 1;
+  		cp1 = data + n;
+  		/* mail */
+! 		n = dn_expand(msg, msg + msglen, cp, (char*)cp1, eod - cp1);
+  		if (n < 0) {
+  			ns_debug(ns_log_ncache, 3, "ncache: mail form error");
+  			return;
+***************
+*** 205,224 ****
+  		cp += n;
+  		n = strlen((char*)cp1) + 1;
+  		cp1 += n;
+- 		len -= n;
+  		n = 5 * INT32SZ;
+  		BOUNDS_CHECK(cp, n);
+  		memcpy(cp1, cp, n);
+  		/* serial, refresh, retry, expire, min */
+  		cp1 += n;
+- 		len -= n;
+  		cp += n;
+  		if (cp != rdatap + dlen) {
+  			ns_debug(ns_log_ncache, 3, "ncache: form error");
+  			return;
+  		}
+  		/* store the zone of the soa record */
+! 		n = dn_expand(msg, msg + msglen, sp, (char*)cp1, len);
+  		if (n < 0) {
+  			ns_debug(ns_log_ncache, 3, "ncache: form error 2");
+  			return;
+--- 204,223 ----
+  		cp += n;
+  		n = strlen((char*)cp1) + 1;
+  		cp1 += n;
+  		n = 5 * INT32SZ;
++ 		if (n > (eod - cp1))	/* Can't happen. See MAXDATA. */
++ 			return;
+  		BOUNDS_CHECK(cp, n);
+  		memcpy(cp1, cp, n);
+  		/* serial, refresh, retry, expire, min */
+  		cp1 += n;
+  		cp += n;
+  		if (cp != rdatap + dlen) {
+  			ns_debug(ns_log_ncache, 3, "ncache: form error");
+  			return;
+  		}
+  		/* store the zone of the soa record */
+! 		n = dn_expand(msg, msg + msglen, sp, (char*)cp1, eod - cp1);
+  		if (n < 0) {
+  			ns_debug(ns_log_ncache, 3, "ncache: form error 2");
+  			return;
+Index: contrib/bind/bin/named/ns_req.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/bin/named/ns_req.c,v
+retrieving revision 1.1.1.2.2.10
+diff -c -c -r1.1.1.2.2.10 ns_req.c
+*** contrib/bind/bin/named/ns_req.c	7 Jul 2002 08:19:13 -0000	1.1.1.2.2.10
+--- contrib/bind/bin/named/ns_req.c	14 Nov 2002 01:30:48 -0000
+***************
+*** 2195,2201 ****
+  
+  		/* first just copy over the type_covered, algorithm, */
+  		/* labels, orig ttl, two timestamps, and the footprint */
+! 		if ((dp->d_size - 18) > buflen)
+  			goto cleanup;  /* out of room! */
+  		memcpy(cp, cp1, 18);
+  		cp  += 18;
+--- 2195,2201 ----
+  
+  		/* first just copy over the type_covered, algorithm, */
+  		/* labels, orig ttl, two timestamps, and the footprint */
+! 		if (buflen < 18)
+  			goto cleanup;  /* out of room! */
+  		memcpy(cp, cp1, 18);
+  		cp  += 18;
+Index: contrib/bind/bin/named/ns_resp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/bin/named/ns_resp.c,v
+retrieving revision 1.1.1.2.2.7
+diff -c -c -r1.1.1.2.2.7 ns_resp.c
+*** contrib/bind/bin/named/ns_resp.c	7 Jul 2002 08:19:13 -0000	1.1.1.2.2.7
+--- contrib/bind/bin/named/ns_resp.c	14 Nov 2002 01:30:48 -0000
+***************
+*** 2001,2007 ****
+  		 * to BOUNDS_CHECK() here.
+  		 */
+  		cp1 += (n = strlen((char *)cp1) + 1);
+! 		n1 = sizeof(data) - n;
+  		n = dn_expand(msg, eom, cp, (char *)cp1, n1);
+  		if (n < 0) {
+  			hp->rcode = FORMERR;
+--- 2001,2007 ----
+  		 * to BOUNDS_CHECK() here.
+  		 */
+  		cp1 += (n = strlen((char *)cp1) + 1);
+! 		n1 = sizeof(data) - n - INT16SZ;
+  		n = dn_expand(msg, eom, cp, (char *)cp1, n1);
+  		if (n < 0) {
+  			hp->rcode = FORMERR;
+***************
+*** 2043,2050 ****
+  			ttl = origTTL;
+  		}
+  
+  		/* Don't let bogus signers "sign" in the future.  */
+! 		if (signtime > now) {
+  			ns_debug(ns_log_default, 3,
+  			  "ignoring SIG: signature date %s is in the future",
+  				 p_secstodate (signtime));
+--- 2043,2060 ----
+  			ttl = origTTL;
+  		}
+  
++ 		/*
++ 		 * Check that expire and signature times are internally
++ 		 * consistant.
++ 		 */
++ 		if (!SEQ_GT(exptime, signtime) && exptime != signtime) {
++ 			ns_debug(ns_log_default, 3,
++ 			"ignoring SIG: signature expires before it was signed");
++ 			return ((cp - rrp) + dlen);
++ 		}
++ 
+  		/* Don't let bogus signers "sign" in the future.  */
+! 		if (SEQ_GT(signtime, now)) {
+  			ns_debug(ns_log_default, 3,
+  			  "ignoring SIG: signature date %s is in the future",
+  				 p_secstodate (signtime));
+***************
+*** 2052,2058 ****
+  		}
+  		
+  		/* Ignore received SIG RR's that are already expired.  */
+! 		if (exptime <= now) {
+  			ns_debug(ns_log_default, 3,
+  				"ignoring SIG: expiration %s is in the past",
+  				 p_secstodate (exptime));
+--- 2062,2068 ----
+  		}
+  		
+  		/* Ignore received SIG RR's that are already expired.  */
+! 		if (SEQ_GT(now, exptime)) {
+  			ns_debug(ns_log_default, 3,
+  				"ignoring SIG: expiration %s is in the past",
+  				 p_secstodate (exptime));
+Index: contrib/bind/lib/nameser/ns_name.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/lib/nameser/ns_name.c,v
+retrieving revision 1.1.1.2.2.3
+diff -c -c -r1.1.1.2.2.3 ns_name.c
+*** contrib/bind/lib/nameser/ns_name.c	7 Jul 2002 08:19:18 -0000	1.1.1.2.2.3
+--- contrib/bind/lib/nameser/ns_name.c	14 Nov 2002 01:30:48 -0000
+***************
+*** 341,346 ****
+--- 341,350 ----
+  	dn = dst;
+  	eom = dst + dstsiz;
+  
++ 	if (dn >= eom) {
++ 		errno = EMSGSIZE;
++ 		return (-1);
++ 	}
+  	while ((n = *cp++) != 0) {
+  		if ((n & NS_CMPRSFLGS) == NS_CMPRSFLGS) {
+  			/* Some kind of compression pointer. */
+Index: contrib/bind/lib/nameser/ns_samedomain.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/lib/nameser/ns_samedomain.c,v
+retrieving revision 1.1.1.1
+diff -c -c -r1.1.1.1 ns_samedomain.c
+*** contrib/bind/lib/nameser/ns_samedomain.c	30 Nov 1999 02:42:58 -0000	1.1.1.1
+--- contrib/bind/lib/nameser/ns_samedomain.c	14 Nov 2002 01:30:49 -0000
+***************
+*** 166,172 ****
+  ns_makecanon(const char *src, char *dst, size_t dstsize) {
+  	size_t n = strlen(src);
+  
+! 	if (n + sizeof "." > dstsize) {
+  		errno = EMSGSIZE;
+  		return (-1);
+  	}
+--- 166,172 ----
+  ns_makecanon(const char *src, char *dst, size_t dstsize) {
+  	size_t n = strlen(src);
+  
+! 	if (n + sizeof "." + 1 > dstsize) {
+  		errno = EMSGSIZE;
+  		return (-1);
+  	}
diff --git a/share/security/patches/SA-02:43/bind.patch.asc b/share/security/patches/SA-02:43/bind.patch.asc
new file mode 100644
index 0000000000..6f3578e4a8
--- /dev/null
+++ b/share/security/patches/SA-02:43/bind.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iQCVAwUAPdMirVUuHi5z0oilAQGhPAP/WYEOqlxSRfYKbFh0iXpwysTXq1Ijogl1
+QmQyFp9QXIgXqM+s9famkVhnKr9JtqI9X1RLpHp43IZ1yLJAb+ICMHf0S6DmDL0L
+MuJnYwy4d0CnkN+4CloZ6UlC0Bo3GTeZ3FGGii9e+5C6ufJk8WpOBY9foAukCtMs
+rcxwYYYVXEw=
+=s9u8
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-02:44/filedesc.patch b/share/security/patches/SA-02:44/filedesc.patch
new file mode 100644
index 0000000000..00abe83fe4
--- /dev/null
+++ b/share/security/patches/SA-02:44/filedesc.patch
@@ -0,0 +1,29 @@
+Index: sys/kern/kern_descrip.c
+diff -c sys/kern/kern_descrip.c:1.81.2.14 src/sys/kern/kern_descrip.c:1.81.2.15
+*** sys/kern/kern_descrip.c:1.81.2.14	Mon Apr 29 10:14:12 2002
+--- sys/kern/kern_descrip.c	Sun Nov 10 19:43:31 2002
+***************
+*** 711,720 ****
+  	switch (fp->f_type) {
+  	case DTYPE_PIPE:
+  	case DTYPE_SOCKET:
+! 		if (uap->name != _PC_PIPE_BUF)
+! 			return (EINVAL);
+! 		p->p_retval[0] = PIPE_BUF;
+! 		error = 0;
+  		break;
+  	case DTYPE_FIFO:
+  	case DTYPE_VNODE:
+--- 711,722 ----
+  	switch (fp->f_type) {
+  	case DTYPE_PIPE:
+  	case DTYPE_SOCKET:
+! 		if (uap->name != _PC_PIPE_BUF) {
+! 			error = EINVAL;
+! 		} else {
+! 			p->p_retval[0] = PIPE_BUF;
+! 			error = 0;
+! 		}
+  		break;
+  	case DTYPE_FIFO:
+  	case DTYPE_VNODE:
diff --git a/share/security/patches/SA-02:44/filedesc.patch.asc b/share/security/patches/SA-02:44/filedesc.patch.asc
new file mode 100644
index 0000000000..a46a0adbaf
--- /dev/null
+++ b/share/security/patches/SA-02:44/filedesc.patch.asc
@@ -0,0 +1,9 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iQCVAwUAPhiFGlUuHi5z0oilAQEibwQAj3htLuNFEq0AzOI7NdCJIExMsHaOUIND
+YEQBaDz7r/369y0LhNclx+JcBSSMcwkRTv1YkNczyyPH+Kz8hr80OCsvdTRcrbUh
+4vC6yDZKw0WAHwId/pZkX2nnzIEQZzVvCqz2B4A5cG2N0/BQZqZpdqukoFt4lcY3
+yJcY5Gd1mM0=
+=8VBx
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:01/cvs.patch b/share/security/patches/SA-03:01/cvs.patch
new file mode 100644
index 0000000000..5b4bcdfc6c
--- /dev/null
+++ b/share/security/patches/SA-03:01/cvs.patch
@@ -0,0 +1,50 @@
+Index: contrib/cvs/src/server.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/server.c,v
+retrieving revision 1.13.2.2
+diff -c -r1.13.2.2 server.c
+*** server.c	28 Oct 2001 21:32:10 -0000	1.13.2.2
+--- server.c	4 Feb 2003 13:16:15 -0000
+***************
+*** 984,992 ****
+  	return;
+      }
+  
+-     if (dir_name != NULL)
+- 	free (dir_name);
+- 
+      dir_len = strlen (dir);
+  
+      /* Check for a trailing '/'.  This is not ISDIRSEP because \ in the
+--- 984,989 ----
+***************
+*** 1002,1007 ****
+--- 999,1007 ----
+  	return;
+      }
+  
++     if (dir_name != NULL)
++ 	free (dir_name);
++ 
+      dir_name = malloc (strlen (server_temp_dir) + dir_len + 40);
+      if (dir_name == NULL)
+      {
+***************
+*** 4738,4745 ****
+    REQ_LINE("Max-dotdot", serve_max_dotdot, 0),
+    REQ_LINE("Static-directory", serve_static_directory, 0),
+    REQ_LINE("Sticky", serve_sticky, 0),
+!   REQ_LINE("Checkin-prog", serve_checkin_prog, 0),
+!   REQ_LINE("Update-prog", serve_update_prog, 0),
+    REQ_LINE("Entry", serve_entry, RQ_ESSENTIAL),
+    REQ_LINE("Kopt", serve_kopt, 0),
+    REQ_LINE("Checkin-time", serve_checkin_time, 0),
+--- 4738,4745 ----
+    REQ_LINE("Max-dotdot", serve_max_dotdot, 0),
+    REQ_LINE("Static-directory", serve_static_directory, 0),
+    REQ_LINE("Sticky", serve_sticky, 0),
+!   REQ_LINE("Checkin-prog", serve_noop, 0),
+!   REQ_LINE("Update-prog", serve_noop, 0),
+    REQ_LINE("Entry", serve_entry, RQ_ESSENTIAL),
+    REQ_LINE("Kopt", serve_kopt, 0),
+    REQ_LINE("Checkin-time", serve_checkin_time, 0),
diff --git a/share/security/patches/SA-03:01/cvs.patch.asc b/share/security/patches/SA-03:01/cvs.patch.asc
new file mode 100644
index 0000000000..e4bc7ef036
--- /dev/null
+++ b/share/security/patches/SA-03:01/cvs.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+P73IFdaIBMps37IRAhgJAJwI2rxP6HYOg6hiCx6iNkGQeH2RagCggVoN
+xmA5Gk+SYuqfpaMgj2CKwR4=
+=XJvo
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl46.patch b/share/security/patches/SA-03:02/openssl46.patch
new file mode 100644
index 0000000000..d2bb0a68be
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl46.patch
@@ -0,0 +1,64610 @@
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/CHANGES ../RELENG_4_6/crypto/openssl/CHANGES
+*** crypto/openssl/CHANGES	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/CHANGES	Wed Feb 19 07:04:05 2003
+***************
+*** 2,7 ****
+--- 2,637 ----
+   OpenSSL CHANGES
+   _______________
+  
++  Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
++ 
++   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
++      via timing by performing a MAC computation even if incorrrect
++      block cipher padding has been found.  This is a countermeasure
++      against active attacks where the attacker has to distinguish
++      between bad padding and a MAC verification error. (CAN-2003-0078)
++ 
++      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
++      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
++      Martin Vuagnoux (EPFL, Ilion)]
++ 
++  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
++ 
++   *) New function OPENSSL_cleanse(), which is used to cleanse a section of
++      memory from it's contents.  This is done with a counter that will
++      place alternating values in each byte.  This can be used to solve
++      two issues: 1) the removal of calls to memset() by highly optimizing
++      compilers, and 2) cleansing with other values than 0, since those can
++      be read through on certain media, for example a swap space on disk.
++      [Geoff Thorpe]
++ 
++   *) Bugfix: client side session caching did not work with external caching,
++      because the session->cipher setting was not restored when reloading
++      from the external cache. This problem was masked, when
++      SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
++      (Found by Steve Haslam <steve@araqnid.ddts.net>.)
++      [Lutz Jaenicke]
++ 
++   *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
++      length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
++      [Zeev Lieber <zeev-l@yahoo.com>]
++ 
++   *) Undo an undocumented change introduced in 0.9.6e which caused
++      repeated calls to OpenSSL_add_all_ciphers() and 
++      OpenSSL_add_all_digests() to be ignored, even after calling
++      EVP_cleanup().
++      [Richard Levitte]
++ 
++   *) Change the default configuration reader to deal with last line not
++      being properly terminated.
++      [Richard Levitte]
++ 
++   *) Change X509_NAME_cmp() so it applies the special rules on handling
++      DN values that are of type PrintableString, as well as RDNs of type
++      emailAddress where the value has the type ia5String.
++      [stefank@valicert.com via Richard Levitte]
++ 
++   *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
++      the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
++      doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
++      the bitwise-OR of the two for use by the majority of applications
++      wanting this behaviour, and update the docs. The documented
++      behaviour and actual behaviour were inconsistent and had been
++      changing anyway, so this is more a bug-fix than a behavioural
++      change.
++      [Geoff Thorpe, diagnosed by Nadav Har'El]
++ 
++   *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
++      (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
++      [Bodo Moeller]
++ 
++   *) Fix initialization code race conditions in
++         SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
++         SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
++         SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
++         TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
++         ssl2_get_cipher_by_char(),
++         ssl3_get_cipher_by_char().
++      [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
++ 
++   *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
++      the cached sessions are flushed, as the remove_cb() might use ex_data
++      contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
++      (see [openssl.org #212]).
++      [Geoff Thorpe, Lutz Jaenicke]
++ 
++   *) Fix typo in OBJ_txt2obj which incorrectly passed the content
++      length, instead of the encoding length to d2i_ASN1_OBJECT.
++      [Steve Henson]
++ 
++  Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
++ 
++   *) [In 0.9.6g-engine release:]
++      Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
++      [Lynn Gazis <lgazis@rainbow.com>]
++ 
++  Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
++ 
++   *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
++      and get fix the header length calculation.
++      [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
++ 	Alon Kantor <alonk@checkpoint.com> (and others),
++ 	Steve Henson]
++ 
++   *) Use proper error handling instead of 'assertions' in buffer
++      overflow checks added in 0.9.6e.  This prevents DoS (the
++      assertions could call abort()).
++      [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
++ 
++  Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
++ 
++   *) Add various sanity checks to asn1_get_length() to reject
++      the ASN1 length bytes if they exceed sizeof(long), will appear
++      negative or the content length exceeds the length of the
++      supplied buffer.
++      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
++ 
++   *) Fix cipher selection routines: ciphers without encryption had no flags
++      for the cipher strength set and where therefore not handled correctly
++      by the selection routines (PR #130).
++      [Lutz Jaenicke]
++ 
++   *) Fix EVP_dsa_sha macro.
++      [Nils Larsch]
++ 
++   *) New option
++           SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
++      for disabling the SSL 3.0/TLS 1.0 CBC vulnerability countermeasure
++      that was added in OpenSSL 0.9.6d.
++ 
++      As the countermeasure turned out to be incompatible with some
++      broken SSL implementations, the new option is part of SSL_OP_ALL.
++      SSL_OP_ALL is usually employed when compatibility with weird SSL
++      implementations is desired (e.g. '-bugs' option to 's_client' and
++      's_server'), so the new option is automatically set in many
++      applications.
++      [Bodo Moeller]
++ 
++   *) Changes in security patch:
++ 
++      Changes marked "(CHATS)" were sponsored by the Defense Advanced
++      Research Projects Agency (DARPA) and Air Force Research Laboratory,
++      Air Force Materiel Command, USAF, under agreement number
++      F30602-01-2-0537.
++ 
++   *) Add various sanity checks to asn1_get_length() to reject
++      the ASN1 length bytes if they exceed sizeof(long), will appear
++      negative or the content length exceeds the length of the
++      supplied buffer. (CAN-2002-0659)
++      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
++ 
++   *) Assertions for various potential buffer overflows, not known to
++      happen in practice.
++      [Ben Laurie (CHATS)]
++ 
++   *) Various temporary buffers to hold ASCII versions of integers were
++      too small for 64 bit platforms. (CAN-2002-0655)
++      [Matthew Byng-Maddick <mbm@aldigital.co.uk> and Ben Laurie (CHATS)>
++ 
++   *) Remote buffer overflow in SSL3 protocol - an attacker could
++      supply an oversized session ID to a client. (CAN-2002-0656)
++      [Ben Laurie (CHATS)]
++ 
++   *) Remote buffer overflow in SSL2 protocol - an attacker could
++      supply an oversized client master key. (CAN-2002-0656)
++      [Ben Laurie (CHATS)]
++ 
++  Changes between 0.9.6c and 0.9.6d  [9 May 2002]
++ 
++   *) Fix crypto/asn1/a_sign.c so that 'parameters' is omitted (not
++      encoded as NULL) with id-dsa-with-sha1.
++      [Nils Larsch <nla@trustcenter.de>; problem pointed out by Bodo Moeller]
++ 
++   *) Check various X509_...() return values in apps/req.c.
++      [Nils Larsch <nla@trustcenter.de>]
++ 
++   *) Fix BASE64 decode (EVP_DecodeUpdate) for data with CR/LF ended lines:
++      an end-of-file condition would erronously be flagged, when the CRLF
++      was just at the end of a processed block. The bug was discovered when
++      processing data through a buffering memory BIO handing the data to a
++      BASE64-decoding BIO. Bug fund and patch submitted by Pavel Tsekov
++      <ptsekov@syntrex.com> and Nedelcho Stanev.
++      [Lutz Jaenicke]
++ 
++   *) Implement a countermeasure against a vulnerability recently found
++      in CBC ciphersuites in SSL 3.0/TLS 1.0: Send an empty fragment
++      before application data chunks to avoid the use of known IVs
++      with data potentially chosen by the attacker.
++      [Bodo Moeller]
++ 
++   *) Fix length checks in ssl3_get_client_hello().
++      [Bodo Moeller]
++ 
++   *) TLS/SSL library bugfix: use s->s3->in_read_app_data differently
++      to prevent ssl3_read_internal() from incorrectly assuming that
++      ssl3_read_bytes() found application data while handshake
++      processing was enabled when in fact s->s3->in_read_app_data was
++      merely automatically cleared during the initial handshake.
++      [Bodo Moeller; problem pointed out by Arne Ansper <arne@ats.cyber.ee>]
++ 
++   *) Fix object definitions for Private and Enterprise: they were not
++      recognized in their shortname (=lowercase) representation. Extend
++      obj_dat.pl to issue an error when using undefined keywords instead
++      of silently ignoring the problem (Svenning Sorensen
++      <sss@sss.dnsalias.net>).
++      [Lutz Jaenicke]
++ 
++   *) Fix DH_generate_parameters() so that it works for 'non-standard'
++      generators, i.e. generators other than 2 and 5.  (Previously, the
++      code did not properly initialise the 'add' and 'rem' values to
++      BN_generate_prime().)
++ 
++      In the new general case, we do not insist that 'generator' is
++      actually a primitive root: This requirement is rather pointless;
++      a generator of the order-q subgroup is just as good, if not
++      better.
++      [Bodo Moeller]
++  
++   *) Map new X509 verification errors to alerts. Discovered and submitted by
++      Tom Wu <tom@arcot.com>.
++      [Lutz Jaenicke]
++ 
++   *) Fix ssl3_pending() (ssl/s3_lib.c) to prevent SSL_pending() from
++      returning non-zero before the data has been completely received
++      when using non-blocking I/O.
++      [Bodo Moeller; problem pointed out by John Hughes]
++ 
++   *) Some of the ciphers missed the strength entry (SSL_LOW etc).
++      [Ben Laurie, Lutz Jaenicke]
++ 
++   *) Fix bug in SSL_clear(): bad sessions were not removed (found by
++      Yoram Zahavi <YoramZ@gilian.com>).
++      [Lutz Jaenicke]
++ 
++   *) Add information about CygWin 1.3 and on, and preserve proper
++      configuration for the versions before that.
++      [Corinna Vinschen <vinschen@redhat.com> and Richard Levitte]
++ 
++   *) Make removal from session cache (SSL_CTX_remove_session()) more robust:
++      check whether we deal with a copy of a session and do not delete from
++      the cache in this case. Problem reported by "Izhar Shoshani Levi"
++      <izhar@checkpoint.com>.
++      [Lutz Jaenicke]
++ 
++   *) Do not store session data into the internal session cache, if it
++      is never intended to be looked up (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
++      flag is set). Proposed by Aslam <aslam@funk.com>.
++      [Lutz Jaenicke]
++ 
++   *) Have ASN1_BIT_STRING_set_bit() really clear a bit when the requested
++      value is 0.
++      [Richard Levitte]
++ 
++   *) [In 0.9.6d-engine release:]
++      Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
++      [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
++ 
++   *) Add the configuration target linux-s390x.
++      [Neale Ferguson <Neale.Ferguson@SoftwareAG-USA.com> via Richard Levitte]
++ 
++   *) The earlier bugfix for the SSL3_ST_SW_HELLO_REQ_C case of
++      ssl3_accept (ssl/s3_srvr.c) incorrectly used a local flag
++      variable as an indication that a ClientHello message has been
++      received.  As the flag value will be lost between multiple
++      invocations of ssl3_accept when using non-blocking I/O, the
++      function may not be aware that a handshake has actually taken
++      place, thus preventing a new session from being added to the
++      session cache.
++ 
++      To avoid this problem, we now set s->new_session to 2 instead of
++      using a local variable.
++      [Lutz Jaenicke, Bodo Moeller]
++ 
++   *) Bugfix: Return -1 from ssl3_get_server_done (ssl3/s3_clnt.c)
++      if the SSL_R_LENGTH_MISMATCH error is detected.
++      [Geoff Thorpe, Bodo Moeller]
++ 
++   *) New 'shared_ldflag' column in Configure platform table.
++      [Richard Levitte]
++ 
++   *) Fix EVP_CIPHER_mode macro.
++      ["Dan S. Camper" <dan@bti.net>]
++ 
++   *) Fix ssl3_read_bytes (ssl/s3_pkt.c): To ignore messages of unknown
++      type, we must throw them away by setting rr->length to 0.
++      [D P Chang <dpc@qualys.com>]
++ 
++  Changes between 0.9.6b and 0.9.6c  [21 dec 2001]
++ 
++   *) Fix BN_rand_range bug pointed out by Dominikus Scherkl
++      <Dominikus.Scherkl@biodata.com>.  (The previous implementation
++      worked incorrectly for those cases where  range = 10..._2  and
++      3*range  is two bits longer than  range.)
++      [Bodo Moeller]
++ 
++   *) Only add signing time to PKCS7 structures if it is not already
++      present.
++      [Steve Henson]
++ 
++   *) Fix crypto/objects/objects.h: "ld-ce" should be "id-ce",
++      OBJ_ld_ce should be OBJ_id_ce.
++      Also some ip-pda OIDs in crypto/objects/objects.txt were
++      incorrect (cf. RFC 3039).
++      [Matt Cooper, Frederic Giudicelli, Bodo Moeller]
++ 
++   *) Release CRYPTO_LOCK_DYNLOCK when CRYPTO_destroy_dynlockid()
++      returns early because it has nothing to do.
++      [Andy Schneider <andy.schneider@bjss.co.uk>]
++ 
++   *) [In 0.9.6c-engine release:]
++      Fix mutex callback return values in crypto/engine/hw_ncipher.c.
++      [Andy Schneider <andy.schneider@bjss.co.uk>]
++ 
++   *) [In 0.9.6c-engine release:]
++      Add support for Cryptographic Appliance's keyserver technology.
++      (Use engine 'keyclient')
++      [Cryptographic Appliances and Geoff Thorpe]
++ 
++   *) Add a configuration entry for OS/390 Unix.  The C compiler 'c89'
++      is called via tools/c89.sh because arguments have to be
++      rearranged (all '-L' options must appear before the first object
++      modules).
++      [Richard Shapiro <rshapiro@abinitio.com>]
++ 
++   *) [In 0.9.6c-engine release:]
++      Add support for Broadcom crypto accelerator cards, backported
++      from 0.9.7.
++      [Broadcom, Nalin Dahyabhai <nalin@redhat.com>, Mark Cox]
++ 
++   *) [In 0.9.6c-engine release:]
++      Add support for SureWare crypto accelerator cards from 
++      Baltimore Technologies.  (Use engine 'sureware')
++      [Baltimore Technologies and Mark Cox]
++ 
++   *) [In 0.9.6c-engine release:]
++      Add support for crypto accelerator cards from Accelerated
++      Encryption Processing, www.aep.ie.  (Use engine 'aep')
++      [AEP Inc. and Mark Cox]
++ 
++   *) Add a configuration entry for gcc on UnixWare.
++      [Gary Benson <gbenson@redhat.com>]
++ 
++   *) Change ssl/s2_clnt.c and ssl/s2_srvr.c so that received handshake
++      messages are stored in a single piece (fixed-length part and
++      variable-length part combined) and fix various bugs found on the way.
++      [Bodo Moeller]
++ 
++   *) Disable caching in BIO_gethostbyname(), directly use gethostbyname()
++      instead.  BIO_gethostbyname() does not know what timeouts are
++      appropriate, so entries would stay in cache even when they have
++      become invalid.
++      [Bodo Moeller; problem pointed out by Rich Salz <rsalz@zolera.com>
++ 
++   *) Change ssl23_get_client_hello (ssl/s23_srvr.c) behaviour when
++      faced with a pathologically small ClientHello fragment that does
++      not contain client_version: Instead of aborting with an error,
++      simply choose the highest available protocol version (i.e.,
++      TLS 1.0 unless it is disabled).  In practice, ClientHello
++      messages are never sent like this, but this change gives us
++      strictly correct behaviour at least for TLS.
++      [Bodo Moeller]
++ 
++   *) Fix SSL handshake functions and SSL_clear() such that SSL_clear()
++      never resets s->method to s->ctx->method when called from within
++      one of the SSL handshake functions.
++      [Bodo Moeller; problem pointed out by Niko Baric]
++ 
++   *) In ssl3_get_client_hello (ssl/s3_srvr.c), generate a fatal alert
++      (sent using the client's version number) if client_version is
++      smaller than the protocol version in use.  Also change
++      ssl23_get_client_hello (ssl/s23_srvr.c) to select TLS 1.0 if
++      the client demanded SSL 3.0 but only TLS 1.0 is enabled; then
++      the client will at least see that alert.
++      [Bodo Moeller]
++ 
++   *) Fix ssl3_get_message (ssl/s3_both.c) to handle message fragmentation
++      correctly.
++      [Bodo Moeller]
++ 
++   *) Avoid infinite loop in ssl3_get_message (ssl/s3_both.c) if a
++      client receives HelloRequest while in a handshake.
++      [Bodo Moeller; bug noticed by Andy Schneider <andy.schneider@bjss.co.uk>]
++ 
++   *) Bugfix in ssl3_accept (ssl/s3_srvr.c): Case SSL3_ST_SW_HELLO_REQ_C
++      should end in 'break', not 'goto end' which circuments various
++      cleanups done in state SSL_ST_OK.   But session related stuff
++      must be disabled for SSL_ST_OK in the case that we just sent a
++      HelloRequest.
++ 
++      Also avoid some overhead by not calling ssl_init_wbio_buffer()
++      before just sending a HelloRequest.
++      [Bodo Moeller, Eric Rescorla <ekr@rtfm.com>]
++ 
++   *) Fix ssl/s3_enc.c, ssl/t1_enc.c and ssl/s3_pkt.c so that we don't
++      reveal whether illegal block cipher padding was found or a MAC
++      verification error occured.  (Neither SSLerr() codes nor alerts
++      are directly visible to potential attackers, but the information
++      may leak via logfiles.)
++ 
++      Similar changes are not required for the SSL 2.0 implementation
++      because the number of padding bytes is sent in clear for SSL 2.0,
++      and the extra bytes are just ignored.  However ssl/s2_pkt.c
++      failed to verify that the purported number of padding bytes is in
++      the legal range.
++      [Bodo Moeller]
++ 
++   *) Add OpenUNIX-8 support including shared libraries
++      (Boyd Lynn Gerber <gerberb@zenez.com>).
++      [Lutz Jaenicke]
++ 
++   *) Improve RSA_padding_check_PKCS1_OAEP() check again to avoid
++      'wristwatch attack' using huge encoding parameters (cf.
++      James H. Manger's CRYPTO 2001 paper).  Note that the
++      RSA_PKCS1_OAEP_PADDING case of RSA_private_decrypt() does not use
++      encoding parameters and hence was not vulnerable.
++      [Bodo Moeller]
++ 
++   *) BN_sqr() bug fix.
++      [Ulf Möller, reported by Jim Ellis <jim.ellis@cavium.com>]
++ 
++   *) Rabin-Miller test analyses assume uniformly distributed witnesses,
++      so use BN_pseudo_rand_range() instead of using BN_pseudo_rand()
++      followed by modular reduction.
++      [Bodo Moeller; pointed out by Adam Young <AYoung1@NCSUS.JNJ.COM>]
++ 
++   *) Add BN_pseudo_rand_range() with obvious functionality: BN_rand_range()
++      equivalent based on BN_pseudo_rand() instead of BN_rand().
++      [Bodo Moeller]
++ 
++   *) s3_srvr.c: allow sending of large client certificate lists (> 16 kB).
++      This function was broken, as the check for a new client hello message
++      to handle SGC did not allow these large messages.
++      (Tracked down by "Douglas E. Engert" <deengert@anl.gov>.)
++      [Lutz Jaenicke]
++ 
++   *) Add alert descriptions for TLSv1 to SSL_alert_desc_string[_long]().
++      [Lutz Jaenicke]
++ 
++   *) Fix buggy behaviour of BIO_get_num_renegotiates() and BIO_ctrl()
++      for BIO_C_GET_WRITE_BUF_SIZE ("Stephen Hinton" <shinton@netopia.com>).
++      [Lutz Jaenicke]
++ 
++   *) Rework the configuration and shared library support for Tru64 Unix.
++      The configuration part makes use of modern compiler features and
++      still retains old compiler behavior for those that run older versions
++      of the OS.  The shared library support part includes a variant that
++      uses the RPATH feature, and is available through the special
++      configuration target "alpha-cc-rpath", which will never be selected
++      automatically.
++      [Tim Mooney <mooney@dogbert.cc.ndsu.NoDak.edu> via Richard Levitte]
++ 
++   *) In ssl3_get_key_exchange (ssl/s3_clnt.c), call ssl3_get_message()
++      with the same message size as in ssl3_get_certificate_request().
++      Otherwise, if no ServerKeyExchange message occurs, CertificateRequest
++      messages might inadvertently be reject as too long.
++      [Petr Lampa <lampa@fee.vutbr.cz>]
++ 
++   *) Enhanced support for IA-64 Unix platforms (well, Linux and HP-UX).
++      [Andy Polyakov]
++ 
++   *) Modified SSL library such that the verify_callback that has been set
++      specificly for an SSL object with SSL_set_verify() is actually being
++      used. Before the change, a verify_callback set with this function was
++      ignored and the verify_callback() set in the SSL_CTX at the time of
++      the call was used. New function X509_STORE_CTX_set_verify_cb() introduced
++      to allow the necessary settings.
++      [Lutz Jaenicke]
++ 
++   *) Initialize static variable in crypto/dsa/dsa_lib.c and crypto/dh/dh_lib.c
++      explicitly to NULL, as at least on Solaris 8 this seems not always to be
++      done automatically (in contradiction to the requirements of the C
++      standard). This made problems when used from OpenSSH.
++      [Lutz Jaenicke]
++ 
++   *) In OpenSSL 0.9.6a and 0.9.6b, crypto/dh/dh_key.c ignored
++      dh->length and always used
++ 
++           BN_rand_range(priv_key, dh->p).
++ 
++      BN_rand_range() is not necessary for Diffie-Hellman, and this
++      specific range makes Diffie-Hellman unnecessarily inefficient if
++      dh->length (recommended exponent length) is much smaller than the
++      length of dh->p.  We could use BN_rand_range() if the order of
++      the subgroup was stored in the DH structure, but we only have
++      dh->length.
++ 
++      So switch back to
++ 
++           BN_rand(priv_key, l, ...)
++ 
++      where 'l' is dh->length if this is defined, or BN_num_bits(dh->p)-1
++      otherwise.
++      [Bodo Moeller]
++ 
++   *) In
++ 
++           RSA_eay_public_encrypt
++           RSA_eay_private_decrypt
++           RSA_eay_private_encrypt (signing)
++           RSA_eay_public_decrypt (signature verification)
++ 
++      (default implementations for RSA_public_encrypt,
++      RSA_private_decrypt, RSA_private_encrypt, RSA_public_decrypt),
++      always reject numbers >= n.
++      [Bodo Moeller]
++ 
++   *) In crypto/rand/md_rand.c, use a new short-time lock CRYPTO_LOCK_RAND2
++      to synchronize access to 'locking_thread'.  This is necessary on
++      systems where access to 'locking_thread' (an 'unsigned long'
++      variable) is not atomic.
++      [Bodo Moeller]
++ 
++   *) In crypto/rand/md_rand.c, set 'locking_thread' to current thread's ID
++      *before* setting the 'crypto_lock_rand' flag.  The previous code had
++      a race condition if 0 is a valid thread ID.
++      [Travis Vitek <vitek@roguewave.com>]
++ 
++   *) Add support for shared libraries under Irix.
++      [Albert Chin-A-Young <china@thewrittenword.com>]
++ 
++   *) Add configuration option to build on Linux on both big-endian and
++      little-endian MIPS.
++      [Ralf Baechle <ralf@uni-koblenz.de>]
++ 
++   *) Add the possibility to create shared libraries on HP-UX.
++      [Richard Levitte]
++ 
++  Changes between 0.9.6a and 0.9.6b  [9 Jul 2001]
++ 
++   *) Change ssleay_rand_bytes (crypto/rand/md_rand.c)
++      to avoid a SSLeay/OpenSSL PRNG weakness pointed out by
++      Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com>:
++      PRNG state recovery was possible based on the output of
++      one PRNG request appropriately sized to gain knowledge on
++      'md' followed by enough consecutive 1-byte PRNG requests
++      to traverse all of 'state'.
++ 
++      1. When updating 'md_local' (the current thread's copy of 'md')
++         during PRNG output generation, hash all of the previous
++         'md_local' value, not just the half used for PRNG output.
++ 
++      2. Make the number of bytes from 'state' included into the hash
++         independent from the number of PRNG bytes requested.
++ 
++      The first measure alone would be sufficient to avoid
++      Markku-Juhani's attack.  (Actually it had never occurred
++      to me that the half of 'md_local' used for chaining was the
++      half from which PRNG output bytes were taken -- I had always
++      assumed that the secret half would be used.)  The second
++      measure makes sure that additional data from 'state' is never
++      mixed into 'md_local' in small portions; this heuristically
++      further strengthens the PRNG.
++      [Bodo Moeller]
++ 
++   *) Fix crypto/bn/asm/mips3.s.
++      [Andy Polyakov]
++ 
++   *) When only the key is given to "enc", the IV is undefined. Print out
++      an error message in this case.
++      [Lutz Jaenicke]
++ 
++   *) Handle special case when X509_NAME is empty in X509 printing routines.
++      [Steve Henson]
++ 
++   *) In dsa_do_verify (crypto/dsa/dsa_ossl.c), verify that r and s are
++      positive and less than q.
++      [Bodo Moeller]
++ 
++   *) Don't change *pointer in CRYPTO_add_lock() is add_lock_callback is
++      used: it isn't thread safe and the add_lock_callback should handle
++      that itself.
++      [Paul Rose <Paul.Rose@bridge.com>]
++ 
++   *) Verify that incoming data obeys the block size in
++      ssl3_enc (ssl/s3_enc.c) and tls1_enc (ssl/t1_enc.c).
++      [Bodo Moeller]
++ 
++   *) Fix OAEP check.
++      [Ulf Möller, Bodo Möller]
++ 
++   *) The countermeasure against Bleichbacher's attack on PKCS #1 v1.5
++      RSA encryption was accidentally removed in s3_srvr.c in OpenSSL 0.9.5
++      when fixing the server behaviour for backwards-compatible 'client
++      hello' messages.  (Note that the attack is impractical against
++      SSL 3.0 and TLS 1.0 anyway because length and version checking
++      means that the probability of guessing a valid ciphertext is
++      around 2^-40; see section 5 in Bleichenbacher's CRYPTO '98
++      paper.)
++ 
++      Before 0.9.5, the countermeasure (hide the error by generating a
++      random 'decryption result') did not work properly because
++      ERR_clear_error() was missing, meaning that SSL_get_error() would
++      detect the supposedly ignored error.
++ 
++      Both problems are now fixed.
++      [Bodo Moeller]
++ 
++   *) In crypto/bio/bf_buff.c, increase DEFAULT_BUFFER_SIZE to 4096
++      (previously it was 1024).
++      [Bodo Moeller]
++ 
++   *) Fix for compatibility mode trust settings: ignore trust settings
++      unless some valid trust or reject settings are present.
++      [Steve Henson]
++ 
++   *) Fix for blowfish EVP: its a variable length cipher.
++      [Steve Henson]
++ 
++   *) Fix various bugs related to DSA S/MIME verification. Handle missing
++      parameters in DSA public key structures and return an error in the
++      DSA routines if parameters are absent.
++      [Steve Henson]
++ 
++   *) In versions up to 0.9.6, RAND_file_name() resorted to file ".rnd"
++      in the current directory if neither $RANDFILE nor $HOME was set.
++      RAND_file_name() in 0.9.6a returned NULL in this case.  This has
++      caused some confusion to Windows users who haven't defined $HOME.
++      Thus RAND_file_name() is changed again: e_os.h can define a
++      DEFAULT_HOME, which will be used if $HOME is not set.
++      For Windows, we use "C:"; on other platforms, we still require
++      environment variables.
++ 
++   *) Move 'if (!initialized) RAND_poll()' into regions protected by
++      CRYPTO_LOCK_RAND.  This is not strictly necessary, but avoids
++      having multiple threads call RAND_poll() concurrently.
++      [Bodo Moeller]
++ 
++   *) In crypto/rand/md_rand.c, replace 'add_do_not_lock' flag by a
++      combination of a flag and a thread ID variable.
++      Otherwise while one thread is in ssleay_rand_bytes (which sets the
++      flag), *other* threads can enter ssleay_add_bytes without obeying
++      the CRYPTO_LOCK_RAND lock (and may even illegally release the lock
++      that they do not hold after the first thread unsets add_do_not_lock).
++      [Bodo Moeller]
++ 
++   *) Change bctest again: '-x' expressions are not available in all
++      versions of 'test'.
++      [Bodo Moeller]
++ 
+   Changes between 0.9.6 and 0.9.6a  [5 Apr 2001]
+  
+    *) Fix a couple of memory leaks in PKCS7_dataDecode()
+***************
+*** 636,642 ****
+       default is static libraries only, and the OpenSSL programs
+       are always statically linked for now, but there are
+       preparations for dynamic linking in place.
+!      This has been tested on Linux and True64.
+       [Richard Levitte]
+  
+    *) Randomness polling function for Win9x, as described in:
+--- 1266,1272 ----
+       default is static libraries only, and the OpenSSL programs
+       are always statically linked for now, but there are
+       preparations for dynamic linking in place.
+!      This has been tested on Linux and Tru64.
+       [Richard Levitte]
+  
+    *) Randomness polling function for Win9x, as described in:
+***************
+*** 2363,2369 ****
+                                       copied!)
+       [Bodo Moeller]
+  
+!   *) Bugfix: SSL_set_mode ignored its parameter, only SSL_CTX_set_mode
+       worked.
+  
+    *) Fix problems with no-hmac etc.
+--- 2993,2999 ----
+                                       copied!)
+       [Bodo Moeller]
+  
+!   *) Bugfix: SSL_set_options ignored its parameter, only SSL_CTX_set_options
+       worked.
+  
+    *) Fix problems with no-hmac etc.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Configure ../RELENG_4_6/crypto/openssl/Configure
+*** crypto/openssl/Configure	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/Configure	Fri Nov 15 05:28:38 2002
+***************
+*** 10,16 ****
+  
+  # see INSTALL for instructions.
+  
+! my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] os/compiler[:flags]\n";
+  
+  # Options:
+  #
+--- 10,16 ----
+  
+  # see INSTALL for instructions.
+  
+! my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [rsaref] [no-threads] [no-asm] [no-dso] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--test-sanity] os/compiler[:flags]\n";
+  
+  # Options:
+  #
+***************
+*** 23,28 ****
+--- 23,31 ----
+  #               default).  This needn't be set in advance, you can
+  #               just as well use "make INSTALL_PREFIX=/whatever install".
+  #
++ # --test-sanity Make a number of sanity checks on the data in this file.
++ #               This is a debugging tool for OpenSSL developers.
++ #
+  # rsaref        use RSAref
+  # [no-]threads  [don't] try to create a library that is suitable for
+  #               multithreaded applications (default is "threads" if we
+***************
+*** 97,103 ****
+  # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
+  # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
+  
+! #config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag
+  
+  my %table=(
+  # File 'TABLE' (created by 'make TABLE') contains the data from this list,
+--- 100,106 ----
+  # -DB_ENDIAN slows things down on a sparc for md5, but helps sha1.
+  # So the md5_locl.h file has an undef B_ENDIAN if sun is defined
+  
+! #config-string	$cc : $cflags : $unistd : $thread_cflag : $lflags : $bn_ops : $bn_obj : $des_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib
+  
+  my %table=(
+  # File 'TABLE' (created by 'make TABLE') contains the data from this list,
+***************
+*** 116,125 ****
+  "debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+  "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
+  "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
+  "dist",		"cc:-O::(unknown):::::",
+  
+  # Basic configs that should work on any (32 and less bit) box
+--- 119,128 ----
+  "debug-ben-debug",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::",
+  "debug-ben-strict",	"gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown):::::",
+  "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "dist",		"cc:-O::(unknown):::::",
+  
+  # Basic configs that should work on any (32 and less bit) box
+***************
+*** 132,172 ****
+  # surrounds it with #APP #NO_APP comment pair which (at least Solaris
+  # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+  # error message.
+! "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### SPARC Solaris with GNU C setups
+! "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
+  # but keep the assembler modules.
+! "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  ####
+! "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:gnu-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### SPARC Solaris with Sun C setups
+  # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
+! "solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+  # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+  # SC5.0 note: Compiler common patch 107357-01 or later is required!
+! "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+  ####
+! "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### SPARC Linux setups
+  "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+  # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+  # assisted with debugging of following two configs.
+! "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o::::",
+  # it's a real mess with -mcpu=ultrasparc option under Linux, but
+  # -Wa,-Av8plus should do the trick no matter what.
+! "linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o:",
+  # !!!Folowing can't be even tested yet!!!
+  #    We have to wait till 64-bit glibc for SPARC is operational!!!
+  #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+--- 135,179 ----
+  # surrounds it with #APP #NO_APP comment pair which (at least Solaris
+  # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+  # error message.
+! "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! 
+! #### Solaris x86 with Sun C setups
+! "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### SPARC Solaris with GNU C setups
+! "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris-sparcv9-gcc","gcc:-mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris64-sparcv9-gcc31","gcc:-mcpu=ultrasparc -m64 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # gcc pre-2.8 doesn't understand -mcpu=ultrasparc, so fall down to -mv8
+  # but keep the assembler modules.
+! "solaris-sparcv9-gcc27","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus-gcc27.o:::asm/md5-sparcv8plus-gcc27.o::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  ####
+! "debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::::::::dlfcn:solaris-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### SPARC Solaris with Sun C setups
+  # DO NOT use /xO[34] on sparc with SC3.0.  It is broken, and will not pass the tests
+! "solaris-sparc-sc3","cc:-fast -O -Xa -DB_ENDIAN::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+  # SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+  # SC5.0 note: Compiler common patch 107357-01 or later is required!
+! "solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::asm/md5-sparcv9.o::::::dlfcn:solaris-shared:-KPIC:-xarch=v9:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+  ####
+! "debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC::-D_REENTRANT:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### SPARC Linux setups
+  "linux-sparcv7","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+  # Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+  # assisted with debugging of following two configs.
+! "linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # it's a real mess with -mcpu=ultrasparc option under Linux, but
+  # -Wa,-Av8plus should do the trick no matter what.
+! "linux-sparcv9","gcc:-mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:asm/sparcv8plus.o:::asm/md5-sparcv8plus.o::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # !!!Folowing can't be even tested yet!!!
+  #    We have to wait till 64-bit glibc for SPARC is operational!!!
+  #"linux64-sparcv9","sparc64-linux-gcc:-m64 -mcpu=v9 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DULTRASPARC -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::asm/md5-sparcv9.o:",
+***************
+*** 177,193 ****
+  
+  #### IRIX 5.x configs
+  # -mips2 flag is added by ./config when appropriate.
+! "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::",
+! "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:::",
+  #### IRIX 6.x configs
+  # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+  # './Configure irix-[g]cc' manually.
+  # -mips4 flag is added by ./config when appropriate.
+! "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+! "irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}",
+  # N64 ABI builds.
+! "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+! "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}",
+  
+  #### Unified HP-UX ANSI C configs.
+  # Special notes:
+--- 184,200 ----
+  
+  #### IRIX 5.x configs
+  # -mips2 flag is added by ./config when appropriate.
+! "irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  #### IRIX 6.x configs
+  # Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+  # './Configure irix-[g]cc' manually.
+  # -mips4 flag is added by ./config when appropriate.
+! "irix-mips3-gcc","gcc:-mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "irix-mips3-cc", "cc:-n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # N64 ABI builds.
+! "irix64-mips4-gcc","gcc:-mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG:${mips3_irix_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### Unified HP-UX ANSI C configs.
+  # Special notes:
+***************
+*** 219,259 ****
+  #
+  #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+  # Since there is mention of this in shlib/hpux10-cc.sh
+! "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+! "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+! "hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn",
+  
+  # More attempts at unified 10.X and 11.X targets for HP C compiler.
+  #
+  # Chris Ruemmler <ruemmler@cup.hp.com>
+  # Kevin Steves <ks@hp.se>
+! "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+! "hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl",
+! "hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn",
+! "hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl",
+  
+  # HPUX 9.X config.
+  # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
+  # egcs.  gcc 2.8.1 is also broken.
+  
+! "hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+  # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
+  # please report your OS and compiler version to the openssl-bugs@openssl.org
+  # mailing list.
+! "hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+  
+! "hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+  # If hpux-gcc fails, try this one:
+! "hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+  
+  # HPUX 10.X config.  Supports threads.
+! "hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+  # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
+! "hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+  
+! "hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+  # If hpux10-gcc fails, try this one:
+! "hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+  
+  # HPUX 11.X from www.globus.org.
+  # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
+--- 226,270 ----
+  #
+  #!#"hpux-parisc-cc","cc:-Ae +O3 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl",
+  # Since there is mention of this in shlib/hpux10-cc.sh
+! "hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W:::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux64-parisc-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # More attempts at unified 10.X and 11.X targets for HP C compiler.
+  #
+  # Chris Ruemmler <ruemmler@cup.hp.com>
+  # Kevin Steves <ks@hp.se>
+! "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT:-ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # HPUX 9.X config.
+  # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
+  # egcs.  gcc 2.8.1 is also broken.
+  
+! "hpux-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # If hpux-cc fails (e.g. during "make test"), try the next one; otherwise,
+  # please report your OS and compiler version to the openssl-bugs@openssl.org
+  # mailing list.
+! "hpux-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+! "hpux-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # If hpux-gcc fails, try this one:
+! "hpux-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown):-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! 
+! # HPUX 9.X on Motorola 68k platforms with gcc
+! "hpux-m68k-gcc",  "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::BN_LLONG DES_PTR DES_UNROLL:::",
+  
+  # HPUX 10.X config.  Supports threads.
+! "hpux10-cc",	"cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # If hpux10-cc fails, try this one (if still fails, try deleting BN_LLONG):
+! "hpux10-brokencc",	"cc:-DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+! "hpux10-gcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # If hpux10-gcc fails, try this one:
+! "hpux10-brokengcc",	"gcc:-DB_ENDIAN -DBN_DIV2W -O3::-D_REENTRANT:-ldld:DES_PTR DES_UNROLL DES_RISC1::::::::::dl:hpux-shared:-fPIC::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # HPUX 11.X from www.globus.org.
+  # Only works on PA-RISC 2.0 cpus, and not optimized.  Why?
+***************
+*** 264,276 ****
+  #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+  "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+  
+! # Dec Alpha, OSF/1 - the alpha164-cc is the flags for a 21164A with
+! # the new compiler
+  # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
+! "alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:tru64-shared::.so",
+! "alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+! "alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared::.so",
+! "FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### Alpha Linux with GNU C and Compaq C setups
+  # Special notes:
+--- 275,317 ----
+  #### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+  "MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+  
+! #### PARISC Linux setups
+! "linux-parisc","gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::",
+! 
+! # Dec Alpha, OSF/1 - the alpha164-cc is historical, for the conversion
+! # from the older DEC C Compiler to the newer compiler.  It's now the
+! # same as the preferred entry, alpha-cc.  If you are still using the
+! # older compiler (you're at 3.x or earlier, or perhaps very early 4.x)
+! # you should use `alphaold-cc'.
+! #
+! #	"What's in a name? That which we call a rose
+! #	 By any other word would smell as sweet."
+! #
+! # - William Shakespeare, "Romeo & Juliet", Act II, scene II.
+! #
+! # For OSF/1 3.2b and earlier, and Digital UNIX 3.2c - 3.2g, with the
+! # vendor compiler, use alphaold-cc.
+! # For Digital UNIX 4.0 - 4.0e, with the vendor compiler, use alpha-cc.
+! # For Tru64 UNIX 4.f - current, with the vendor compiler, use alpha-cc.
+! #
+! # There's also an alternate target available (which `config' will never
+! # select) called alpha-cc-rpath.  This target builds an RPATH into the
+! # shared libraries, which is very convenient on Tru64 since binaries
+! # linked against that shared library will automatically inherit that RPATH,
+! # and hence know where to look for the openssl libraries, even if they're in
+! # an odd place.
+! #
+  # For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
+! #
+! "alpha-gcc","gcc:-O3::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+! "alphaold-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:alpha-osf1-shared:::.so",
+! "alpha164-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
+! "alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared:::.so",
+! "alpha-cc-rpath", "cc:-std1 -tune host -fast -readonly_strings::-pthread::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${alpha_asm}:dlfcn:tru64-shared-rpath:::.so",
+! #
+! # This probably belongs in a different section.
+! #
+! "FreeBSD-alpha","gcc:-DTERMIOS -O -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### Alpha Linux with GNU C and Compaq C setups
+  # Special notes:
+***************
+*** 285,292 ****
+  #
+  #					<appro@fy.chalmers.se>
+  #
+! "linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+  "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+  
+--- 326,333 ----
+  #
+  #					<appro@fy.chalmers.se>
+  #
+! "linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${alpha_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+  "linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${alpha_asm}",
+  
+***************
+*** 295,316 ****
+  
+  # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
+  # bn86-elf.o file file since it is hand tweaked assembler.
+! "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+  "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+  "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+! "linux-mips",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+! "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+  "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+! "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+! "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::SIXTY_FOUR_BIT_LONG::",
+! "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+  "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+! "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+  "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+  # NCR MP-RAS UNIX ver 02.03.01
+--- 336,359 ----
+  
+  # The intel boxes :-), It would be worth seeing if bsdi-gcc can use the
+  # bn86-elf.o file file since it is hand tweaked assembler.
+! "linux-elf",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT:-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+  "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+! "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+! "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+! "linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+! "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
+! "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+  "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown)::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+! "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "nextstep",	"cc:-O -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+  "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+  # NCR MP-RAS UNIX ver 02.03.01
+***************
+*** 319,326 ****
+  # QNX 4
+  "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
+  
+  # Linux on ARM
+! "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # UnixWare 2.0x fails destest with -O
+  "unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+--- 362,372 ----
+  # QNX 4
+  "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown)::${x86_gcc_des} ${x86_gcc_opts}:",
+  
++ # QNX 6
++ "qnx6",	"cc:-DL_ENDIAN -DTERMIOS::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:",
++ 
+  # Linux on ARM
+! "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # UnixWare 2.0x fails destest with -O
+  "unixware-2.0","cc:-DFILIO_H::-Kthread:-lsocket -lnsl -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+***************
+*** 335,349 ****
+  "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+  "unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+  "unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+  
+  # IBM's AIX.
+  "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+  
+  #
+! # Cray T90 (SDSC)
+  # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+  # defined.  The T90 ints and longs are 8 bytes long, and apparently the
+  # B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
+--- 381,404 ----
+  "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+  "unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+  "unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
++ "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++ 
++ # OpenUNIX 8
++ "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
++ "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
++ "OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
++ "OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread:-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
++ "OpenUNIX-8-shared","cc:-O -DFILIO_H -Kalloca::-Kthread:-lsocket -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic",
++ "OpenUNIX-8-gcc-shared","gcc:-O3 -DFILIO_H -fomit-frame-pointer::-pthread:-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC",
+  
+  # IBM's AIX.
+  "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+  
+  #
+! # Cray T90 and similar (SDSC)
+  # It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+  # defined.  The T90 ints and longs are 8 bytes long, and apparently the
+  # B_ENDIAN code assumes 4 byte ints.  Fortunately, the non-B_ENDIAN and
+***************
+*** 353,359 ****
+  #'Taking the address of a bit field is not allowed. '
+  #'An expression with bit field exists as the operand of "sizeof" '
+  # (written by Wayne Schroeder <schroede@SDSC.EDU>)
+! "cray-t90-cc", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+  
+  #
+  # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+--- 408,417 ----
+  #'Taking the address of a bit field is not allowed. '
+  #'An expression with bit field exists as the operand of "sizeof" '
+  # (written by Wayne Schroeder <schroede@SDSC.EDU>)
+! #
+! # j90 is considered the base machine type for unicos machines,
+! # so this configuration is now called "cray-j90" ...
+! "cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT:::",
+  
+  #
+  # Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+***************
+*** 375,383 ****
+  
+  # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
+  # SCO cc.
+! "sco5-cc",  "cc:::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+  "sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+  "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+  
+  # Sinix/ReliantUNIX RM400
+  # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
+--- 433,443 ----
+  
+  # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
+  # SCO cc.
+! "sco5-cc",  "cc:-belf::(unknown):-lsocket -lresolv:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+  "sco5-cc-pentium",  "cc:-Kpentium::(unknown):-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+  "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown):-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
++ "sco5-cc-shared","cc:-belf:::-lsocket -lresolv -lnsl:MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr3-shared:-Kpic",
++ "sco5-gcc-shared","gcc:-O3 -fomit-frame-pointer:::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC", # the SCO assembler doesn't seem to like our assembler files ...
+  
+  # Sinix/ReliantUNIX RM400
+  # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
+***************
+*** 388,393 ****
+--- 448,459 ----
+  # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+  "BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown):-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+  
++ # OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
++ # You need to compile using the c89.sh wrapper in the tools directory, because the
++ # IBM compiler does not like the -L switch after any object modules.
++ #
++ "OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H  -D_ALL_SOURCE::(unknown)::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
++ 
+  # Windows NT, Microsoft Visual C++ 4.0
+  
+  "VC-NT","cl:::::BN_LLONG RC4_INDEX ${x86_gcc_opts}::::::::::win32",
+***************
+*** 406,413 ****
+  # and its library files in util/pl/*)
+  "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+  
+! # CygWin32
+! "CygWin32", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+  
+  # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+  "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+--- 472,483 ----
+  # and its library files in util/pl/*)
+  "Mingw32", "gcc:-DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+  
+! # UWIN 
+! "UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+! 
+! # Cygwin
+! "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+  
+  # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+  "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+***************
+*** 416,437 ****
+  ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
+  
+  # Some OpenBSD from Bob Beck <beck@obtuse.com>
+! "OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+! ##### MacOS X (a.k.a. Rhapsody) setup
+  "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+  
+  ##### Sony NEWS-OS 4.x
+  "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+  
+  );
+  
+  my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
+  	BC-16 Mingw32);
+  
+  my $prefix="";
+  my $openssldir="";
+  my $exe_ext="";
+--- 486,540 ----
+  ##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown)::::::",
+  
+  # Some OpenBSD from Bob Beck <beck@obtuse.com>
+! "OpenBSD-alpha","gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "OpenBSD-x86",  "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "OpenBSD",      "gcc:-DTERMIOS -O3 -fomit-frame-pointer::(unknown)::BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "OpenBSD-mips","gcc:-O2 -DL_ENDIAN::(unknown):BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR:::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+! ##### MacOS X (a.k.a. Rhapsody or Darwin) setup
+  "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
++ "darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
++ 
++ ##### A/UX
++ "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+  
+  ##### Sony NEWS-OS 4.x
+  "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+  
++ ##### VxWorks for various targets
++ "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
++ 
++ ##### Compaq Non-Stop Kernel (Tandem)
++ "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown)::THIRTY_TWO_BIT:::",
++ 
+  );
+  
+  my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
+  	BC-16 Mingw32);
+  
++ my $idx = 0;
++ my $idx_cc = $idx++;
++ my $idx_cflags = $idx++;
++ my $idx_unistd = $idx++;
++ my $idx_thread_cflag = $idx++;
++ my $idx_lflags = $idx++;
++ my $idx_bn_ops = $idx++;
++ my $idx_bn_obj = $idx++;
++ my $idx_des_obj = $idx++;
++ my $idx_bf_obj = $idx++;
++ my $idx_md5_obj = $idx++;
++ my $idx_sha1_obj = $idx++;
++ my $idx_cast_obj = $idx++;
++ my $idx_rc4_obj = $idx++;
++ my $idx_rmd160_obj = $idx++;
++ my $idx_rc5_obj = $idx++;
++ my $idx_dso_scheme = $idx++;
++ my $idx_shared_target = $idx++;
++ my $idx_shared_cflag = $idx++;
++ my $idx_shared_ldflag = $idx++;
++ my $idx_shared_extension = $idx++;
++ my $idx_ranlib = $idx++;
++ 
+  my $prefix="";
+  my $openssldir="";
+  my $exe_ext="";
+***************
+*** 480,485 ****
+--- 583,589 ----
+  my $target;
+  my $options;
+  my $symlink;
++ my $make_depend=0;
+  
+  my @argvcopy=@ARGV;
+  my $argvstring="";
+***************
+*** 504,510 ****
+  	foreach (@argvcopy)
+  		{
+  		s /^-no-/no-/; # some people just can't read the instructions
+! 		if (/^no-asm$/)
+  		 	{
+  			$no_asm=1;
+  			$flags .= "-DNO_ASM ";
+--- 608,618 ----
+  	foreach (@argvcopy)
+  		{
+  		s /^-no-/no-/; # some people just can't read the instructions
+! 		if (/^--test-sanity$/)
+! 			{
+! 			exit(&test_sanity());
+! 			}
+! 		elsif (/^no-asm$/)
+  		 	{
+  			$no_asm=1;
+  			$flags .= "-DNO_ASM ";
+***************
+*** 518,524 ****
+  			{ $threads=1; }
+  		elsif (/^no-shared$/)
+  			{ $no_shared=1; }
+! 		elsif (/^shared$/)
+  			{ $no_shared=0; }
+  		elsif (/^no-symlinks$/)
+  			{ $symlink=0; }
+--- 626,632 ----
+  			{ $threads=1; }
+  		elsif (/^no-shared$/)
+  			{ $no_shared=1; }
+! 		elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
+  			{ $no_shared=0; }
+  		elsif (/^no-symlinks$/)
+  			{ $symlink=0; }
+***************
+*** 633,645 ****
+  	exit 0;
+  }
+  
+  print "Configuring for $target\n";
+  
+  &usage if (!defined($table{$target}));
+  
+  my $IsWindows=scalar grep /^$target$/,@WinTargets;
+  
+! $exe_ext=".exe" if ($target eq "CygWin32");
+  $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
+  $prefix=$openssldir if $prefix eq "";
+  
+--- 741,757 ----
+  	exit 0;
+  }
+  
++ if ($target =~ m/^CygWin32(-.*)$/) {
++ 	$target = "Cygwin".$1;
++ }
++ 
+  print "Configuring for $target\n";
+  
+  &usage if (!defined($table{$target}));
+  
+  my $IsWindows=scalar grep /^$target$/,@WinTargets;
+  
+! $exe_ext=".exe" if ($target eq "Cygwin");
+  $openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
+  $prefix=$openssldir if $prefix eq "";
+  
+***************
+*** 652,660 ****
+  
+  print "IsWindows=$IsWindows\n";
+  
+! (my $cc,my $cflags,my $unistd,my $thread_cflag,my $lflags,my $bn_ops,my $bn_obj,my $des_obj,my $bf_obj,
+!  $md5_obj,$sha1_obj,my $cast_obj,my $rc4_obj,$rmd160_obj,my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,my $shared_extension,my $ranlib)=
+! 	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+  $cflags="$flags$cflags" if ($flags ne "");
+  
+  # The DSO code currently always implements all functions so that no
+--- 764,792 ----
+  
+  print "IsWindows=$IsWindows\n";
+  
+! my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+! my $cc = $fields[$idx_cc];
+! my $cflags = $fields[$idx_cflags];
+! my $unistd = $fields[$idx_unistd];
+! my $thread_cflag = $fields[$idx_thread_cflag];
+! my $lflags = $fields[$idx_lflags];
+! my $bn_ops = $fields[$idx_bn_ops];
+! my $bn_obj = $fields[$idx_bn_obj];
+! my $des_obj = $fields[$idx_des_obj];
+! my $bf_obj = $fields[$idx_bf_obj];
+! my $md5_obj = $fields[$idx_md5_obj];
+! my $sha1_obj = $fields[$idx_sha1_obj];
+! my $cast_obj = $fields[$idx_cast_obj];
+! my $rc4_obj = $fields[$idx_rc4_obj];
+! my $rmd160_obj = $fields[$idx_rmd160_obj];
+! my $rc5_obj = $fields[$idx_rc5_obj];
+! my $dso_scheme = $fields[$idx_dso_scheme];
+! my $shared_target = $fields[$idx_shared_target];
+! my $shared_cflag = $fields[$idx_shared_cflag];
+! my $shared_ldflag = $fields[$idx_shared_ldflag];
+! my $shared_extension = $fields[$idx_shared_extension];
+! my $ranlib = $fields[$idx_ranlib];
+! 
+  $cflags="$flags$cflags" if ($flags ne "");
+  
+  # The DSO code currently always implements all functions so that no
+***************
+*** 779,784 ****
+--- 911,920 ----
+  	$cflags.=" -DRMD160_ASM";
+  	}
+  
++ # "Stringify" the C flags string.  This permits it to be made part of a string
++ # and works as well on command lines.
++ $cflags =~ s/([\\\"])/\\\1/g;
++ 
+  my $version = "unknown";
+  my $major = "unknown";
+  my $minor = "unknown";
+***************
+*** 858,864 ****
+  	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+  	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+  	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+! 	s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.so.\$(SHLIB_MAJOR) .so/ if ($shared_extension ne "" && $shared_extension !~ /^\.s[ol]$/);
+  	print OUT $_."\n";
+  	}
+  close(IN);
+--- 994,1018 ----
+  	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+  	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+  	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+! 	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
+! 		{
+! 		my $sotmp = $1;
+! 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
+! 		}
+! 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
+! 		{
+! 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
+! 		}
+! 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
+! 		{
+! 		my $sotmp = $1;
+! 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
+! 		}
+! 	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
+! 		{
+! 		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
+! 		}
+! 	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
+  	print OUT $_."\n";
+  	}
+  close(IN);
+***************
+*** 1041,1051 ****
+  EOF
+  	close(OUT);
+  } else {
+! 	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
+! 		if $symlink;
+! 	### (system 'make depend') == 0 or exit $? if $depflags ne "";
+! 	# Run "make depend" manually if you want to be able to delete
+! 	# the source code files of ciphers you left out.
+  	if ( $perl =~ m@^/@) {
+  	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+--- 1195,1207 ----
+  EOF
+  	close(OUT);
+  } else {
+! 	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+! 	my $make_targets = "";
+! 	$make_targets .= " links" if $symlink;
+! 	$make_targets .= " depend" if $depflags ne "" && $make_depend;
+! 	$make_targets .= " gentests" if $symlink;
+! 	(system $make_command.$make_targets) == 0 or exit $?
+! 		if $make_targets ne "";
+  	if ( $perl =~ m@^/@) {
+  	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+***************
+*** 1055,1060 ****
+--- 1211,1225 ----
+  	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+  	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
++ 	}
++ 	if ($depflags ne "" && !$make_depend) {
++ 		print <<EOF;
++ 
++ Since you've disabled at least one algorithm, you need to do the following
++ before building:
++ 
++ 	make depend
++ EOF
+  	}	    
+  }
+  
+***************
+*** 1146,1152 ****
+  	my $bn_obj,my $des_obj,my $bf_obj,
+  	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
+  	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
+! 	my $shared_extension,my $ranlib)=
+  	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+  			
+  	print <<EOF
+--- 1311,1317 ----
+  	my $bn_obj,my $des_obj,my $bf_obj,
+  	my $md5_obj,my $sha1_obj,my $cast_obj,my $rc4_obj,my $rmd160_obj,
+  	my $rc5_obj,my $dso_scheme,my $shared_target,my $shared_cflag,
+! 	my $shared_ldflag,my $shared_extension,my $ranlib)=
+  	split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+  			
+  	print <<EOF
+***************
+*** 1170,1176 ****
+--- 1335,1378 ----
+  \$dso_scheme   = $dso_scheme
+  \$shared_target= $shared_target
+  \$shared_cflag = $shared_cflag
++ \$shared_ldflag = $shared_ldflag
+  \$shared_extension = $shared_extension
+  \$ranlib       = $ranlib
+  EOF
++ 	}
++ 
++ sub test_sanity
++ 	{
++ 	my $errorcnt = 0;
++ 
++ 	print STDERR "=" x 70, "\n";
++ 	print STDERR "=== SANITY TESTING!\n";
++ 	print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
++ 	print STDERR "=" x 70, "\n";
++ 
++ 	foreach $target (sort keys %table)
++ 		{
++ 		@fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
++ 
++ 		if ($fields[$idx_dso_scheme-1] =~ /^(dl|dlfcn|win32|vms)$/)
++ 			{
++ 			$errorcnt++;
++ 			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
++ 			print STDERR "              in the previous field\n";
++ 			}
++ 		elsif ($fields[$idx_dso_scheme+1] =~ /^(dl|dlfcn|win32|vms)$/)
++ 			{
++ 			$errorcnt++;
++ 			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] values\n";
++ 			print STDERR "              in the following field\n";
++ 			}
++ 		elsif ($fields[$idx_dso_scheme] !~ /^(dl|dlfcn|win32|vms|)$/)
++ 			{
++ 			$errorcnt++;
++ 			print STDERR "SANITY ERROR: '$target' has the dso_scheme [$idx_dso_scheme] field = ",$fields[$idx_dso_scheme],"\n";
++ 			print STDERR "              valid values are 'dl', 'dlfcn', 'win32' and 'vms'\n";
++ 			}
++ 		}
++ 	print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
++ 	return $errorcnt;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/FAQ ../RELENG_4_6/crypto/openssl/FAQ
+*** crypto/openssl/FAQ	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/FAQ	Wed Feb 19 07:34:16 2003
+***************
+*** 8,13 ****
+--- 8,15 ----
+  * How can I contact the OpenSSL developers?
+  * Where can I get a compiled version of OpenSSL?
+  * Why aren't tools like 'autoconf' and 'libtool' used?
++ * What is an 'engine' version?
++ * How do I check the authenticity of the OpenSSL distribution?
+  
+  [LEGAL] Legal questions
+  
+***************
+*** 17,22 ****
+--- 19,25 ----
+  [USER] Questions on using the OpenSSL applications
+  
+  * Why do I get a "PRNG not seeded" error message?
++ * Why do I get an "unable to write 'random state'" error message?
+  * How do I create certificates or certificate requests?
+  * Why can't I create certificate requests?
+  * Why does <SSL program> fail with a certificate verify error?
+***************
+*** 26,40 ****
+  * How can I remove the passphrase on a private key?
+  * Why can't I use OpenSSL certificates with SSL client authentication?
+  * Why does my browser give a warning about a mismatched hostname?
+  
+  [BUILD] Questions about building and testing OpenSSL
+  
+  * Why does the linker complain about undefined symbols?
+  * Why does the OpenSSL test fail with "bc: command not found"?
+  * Why does the OpenSSL test fail with "bc: 1 no implemented"?
+! * Why does the OpenSSL compilation fail on Alpha True64 Unix?
+  * Why does the OpenSSL compilation fail with "ar: command not found"?
+  * Why does the OpenSSL compilation fail on Win32 with VC++?
+  
+  [PROG] Questions about programming with OpenSSL
+  
+--- 29,47 ----
+  * How can I remove the passphrase on a private key?
+  * Why can't I use OpenSSL certificates with SSL client authentication?
+  * Why does my browser give a warning about a mismatched hostname?
++ * How do I install a CA certificate into a browser?
+  
+  [BUILD] Questions about building and testing OpenSSL
+  
+  * Why does the linker complain about undefined symbols?
+  * Why does the OpenSSL test fail with "bc: command not found"?
+  * Why does the OpenSSL test fail with "bc: 1 no implemented"?
+! * Why does the OpenSSL test fail with "bc: stack empty"?
+! * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+  * Why does the OpenSSL compilation fail with "ar: command not found"?
+  * Why does the OpenSSL compilation fail on Win32 with VC++?
++ * What is special about OpenSSL on Redhat?
++ * Why does the OpenSSL test suite fail on MacOS X?
+  
+  [PROG] Questions about programming with OpenSSL
+  
+***************
+*** 47,52 ****
+--- 54,60 ----
+  * Why do I get errors about unknown algorithms?
+  * Why can't the OpenSSH configure script detect OpenSSL?
+  * Can I use OpenSSL's SSL library with non-blocking I/O?
++ * Why doesn't my server application receive a client certificate?
+  
+  ===============================================================================
+  
+***************
+*** 55,61 ****
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.6a was released on April 5th, 2001.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+--- 63,69 ----
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.7a was released on February 19, 2003.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+***************
+*** 119,124 ****
+--- 127,151 ----
+  autoconf will probably be used in future OpenSSL versions. If it was
+  less Unix-centric, it might have been used much earlier.
+  
++ * What is an 'engine' version?
++ 
++ With version 0.9.6 OpenSSL was extended to interface to external crypto
++ hardware. This was realized in a special release '0.9.6-engine'. With
++ version 0.9.7 (not yet released) the changes were merged into the main
++ development line, so that the special release is no longer necessary.
++ 
++ * How do I check the authenticity of the OpenSSL distribution?
++ 
++ We provide MD5 digests and ASC signatures of each tarball.
++ Use MD5 to check that a tarball from a mirror site is identical:
++ 
++    md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
++ 
++ You can check authenticity using pgp or gpg. You need the OpenSSL team
++ member public key used to sign it (download it from a key server). Then
++ just do:
++ 
++    pgp TARBALL.asc
+  
+  [LEGAL] =======================================================================
+  
+***************
+*** 144,150 ****
+  their software on operating systems that don't normally include OpenSSL.
+  
+  If you develop open source software that uses OpenSSL, you may find it
+! useful to choose an other license than the GPL, or state explicitely that
+  "This program is released under the GPL with the additional exemption that
+  compiling, linking, and/or using OpenSSL is allowed."  If you are using
+  GPL software developed by others, you may want to ask the copyright holder
+--- 171,177 ----
+  their software on operating systems that don't normally include OpenSSL.
+  
+  If you develop open source software that uses OpenSSL, you may find it
+! useful to choose an other license than the GPL, or state explicitly that
+  "This program is released under the GPL with the additional exemption that
+  compiling, linking, and/or using OpenSSL is allowed."  If you are using
+  GPL software developed by others, you may want to ask the copyright holder
+***************
+*** 157,193 ****
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" that serves this purpose.  On other systems, applications have
+! to call the RAND_add() or RAND_seed() function with appropriate data
+! before generating keys or performing public key encryption.
+! 
+! Some broken applications do not do this.  As of version 0.9.5, the
+! OpenSSL functions that need randomness report an error if the random
+! number generator has not been seeded with at least 128 bits of
+! randomness.  If this error occurs, please contact the author of the
+! application you are using.  It is likely that it never worked
+! correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+! to perform potentially insecure encryption.
+! 
+! On systems without /dev/urandom, it is a good idea to use the Entropy
+! Gathering Demon; see the RAND_egd() manpage for details.
+! 
+! Most components of the openssl command line tool try to use the
+! file $HOME/.rnd (or $RANDFILE, if this environment variable is set)
+! for seeding the PRNG.  If this file does not exist or is too short,
+! the "PRNG not seeded" error message may occur.
+! 
+! [Note to OpenSSL 0.9.5 users: The command "openssl rsa" in version
+! 0.9.5 does not do this and will fail on systems without /dev/urandom
+! when trying to password-encrypt an RSA key!  This is a bug in the
+! library; try a later version instead.]
+! 
+! For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+! installing the SUNski package from Sun patch 105710-01 (Sparc) which
+! adds a /dev/random device and make sure it gets used, usually through
+! $RANDFILE.  There are probably similar patches for the other Solaris
+! versions.  However, be warned that /dev/random is usually a blocking
+! device, which may have some effects on OpenSSL.
+  
+  
+  * How do I create certificates or certificate requests?
+--- 184,256 ----
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" (/dev/urandom or /dev/random) that serves this purpose.
+! All OpenSSL versions try to use /dev/urandom by default; starting with
+! version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
+! available.
+! 
+! On other systems, applications have to call the RAND_add() or
+! RAND_seed() function with appropriate data before generating keys or
+! performing public key encryption. (These functions initialize the
+! pseudo-random number generator, PRNG.)  Some broken applications do
+! not do this.  As of version 0.9.5, the OpenSSL functions that need
+! randomness report an error if the random number generator has not been
+! seeded with at least 128 bits of randomness.  If this error occurs and
+! is not discussed in the documentation of the application you are
+! using, please contact the author of that application; it is likely
+! that it never worked correctly.  OpenSSL 0.9.5 and later make the
+! error visible by refusing to perform potentially insecure encryption.
+! 
+! If you are using Solaris 8, you can add /dev/urandom and /dev/random
+! devices by installing patch 112438 (Sparc) or 112439 (x86), which are
+! available via the Patchfinder at <URL: http://sunsolve.sun.com>
+! (Solaris 9 includes these devices by default). For /dev/random support
+! for earlier Solaris versions, see Sun's statement at
+! <URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
+! (the SUNWski package is available in patch 105710).
+! 
+! On systems without /dev/urandom and /dev/random, it is a good idea to
+! use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+! details.  Starting with version 0.9.7, OpenSSL will automatically look
+! for an EGD socket at /var/run/egd-pool, /dev/egd-pool, /etc/egd-pool and
+! /etc/entropy.
+! 
+! Most components of the openssl command line utility automatically try
+! to seed the random number generator from a file.  The name of the
+! default seeding file is determined as follows: If environment variable
+! RANDFILE is set, then it names the seeding file.  Otherwise if
+! environment variable HOME is set, then the seeding file is $HOME/.rnd.
+! If neither RANDFILE nor HOME is set, versions up to OpenSSL 0.9.6 will
+! use file .rnd in the current directory while OpenSSL 0.9.6a uses no
+! default seeding file at all.  OpenSSL 0.9.6b and later will behave
+! similarly to 0.9.6a, but will use a default of "C:\" for HOME on
+! Windows systems if the environment variable has not been set.
+! 
+! If the default seeding file does not exist or is too short, the "PRNG
+! not seeded" error message may occur.
+! 
+! The openssl command line utility will write back a new state to the
+! default seeding file (and create this file if necessary) unless
+! there was no sufficient seeding.
+! 
+! Pointing $RANDFILE to an Entropy Gathering Daemon socket does not work.
+! Use the "-rand" option of the OpenSSL command line tools instead.
+! The $RANDFILE environment variable and $HOME/.rnd are only used by the
+! OpenSSL command line tools. Applications using the OpenSSL library
+! provide their own configuration options to specify the entropy source,
+! please check out the documentation coming the with application.
+! 
+! 
+! * Why do I get an "unable to write 'random state'" error message?
+! 
+! 
+! Sometimes the openssl command line utility does not abort with
+! a "PRNG not seeded" error message, but complains that it is
+! "unable to write 'random state'".  This message refers to the
+! default seeding file (see previous answer).  A possible reason
+! is that no default filename is known because neither RANDFILE
+! nor HOME is set.  (Versions up to 0.9.6 used file ".rnd" in the
+! current directory in this case, but this has changed with 0.9.6a.)
+  
+  
+  * How do I create certificates or certificate requests?
+***************
+*** 264,270 ****
+  reject.
+  
+  The solution is to add the relevant CA certificate to your servers "trusted
+! CA list". How you do this depends on the server sofware in uses. You can
+  print out the servers list of acceptable CAs using the OpenSSL s_client tool:
+  
+  openssl s_client -connect www.some.host:443 -prexit
+--- 327,333 ----
+  reject.
+  
+  The solution is to add the relevant CA certificate to your servers "trusted
+! CA list". How you do this depends on the server software in uses. You can
+  print out the servers list of acceptable CAs using the OpenSSL s_client tool:
+  
+  openssl s_client -connect www.some.host:443 -prexit
+***************
+*** 283,288 ****
+--- 346,371 ----
+  (CN) field of the certificate. If it does not then you get a warning.
+  
+  
++ * How do I install a CA certificate into a browser?
++ 
++ The usual way is to send the DER encoded certificate to the browser as
++ MIME type application/x-x509-ca-cert, for example by clicking on an appropriate
++ link. On MSIE certain extensions such as .der or .cacert may also work, or you
++ can import the certificate using the certificate import wizard.
++ 
++ You can convert a certificate to DER form using the command:
++ 
++ openssl x509 -in ca.pem -outform DER -out ca.der
++ 
++ Occasionally someone suggests using a command such as:
++ 
++ openssl pkcs12 -export -out cacert.p12 -in cacert.pem -inkey cakey.pem
++ 
++ DO NOT DO THIS! This command will give away your CAs private key and
++ reduces its security to zero: allowing anyone to forge certificates in
++ whatever name they choose.
++ 
++ 
+  [BUILD] =======================================================================
+  
+  * Why does the linker complain about undefined symbols?
+***************
+*** 326,334 ****
+  for download instructions) can be safely used, for example.
+  
+  
+! * Why does the OpenSSL compilation fail on Alpha True64 Unix?
+  
+! On some Alpha installations running True64 Unix and Compaq C, the compilation
+  of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
+  memory to continue compilation.'  As far as the tests have shown, this may be
+  a compiler bug.  What happens is that it eats up a lot of resident memory
+--- 409,428 ----
+  for download instructions) can be safely used, for example.
+  
+  
+! * Why does the OpenSSL test fail with "bc: stack empty"?
+  
+! On some DG/ux versions, bc seems to have a too small stack for calculations
+! that the OpenSSL bntest throws at it.  This gets triggered when you run the
+! test suite (using "make test").  The message returned is "bc: stack empty".
+! 
+! The best way to deal with this is to find another implementation of bc
+! and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+! for download instructions) can be safely used, for example.
+! 
+! 
+! * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+! 
+! On some Alpha installations running Tru64 Unix and Compaq C, the compilation
+  of crypto/sha/sha_dgst.c fails with the message 'Fatal:  Insufficient virtual
+  memory to continue compilation.'  As far as the tests have shown, this may be
+  a compiler bug.  What happens is that it eats up a lot of resident memory
+***************
+*** 390,395 ****
+--- 484,535 ----
+  and the changes are only valid for the current DOS session.
+  
+  
++ * What is special about OpenSSL on Redhat?
++ 
++ Red Hat Linux (release 7.0 and later) include a preinstalled limited
++ version of OpenSSL. For patent reasons, support for IDEA, RC5 and MDC2
++ is disabled in this version. The same may apply to other Linux distributions.
++ Users may therefore wish to install more or all of the features left out.
++ 
++ To do this you MUST ensure that you do not overwrite the openssl that is in
++ /usr/bin on your Red Hat machine. Several packages depend on this file,
++ including sendmail and ssh. /usr/local/bin is a good alternative choice. The
++ libraries that come with Red Hat 7.0 onwards have different names and so are
++ not affected. (eg For Red Hat 7.2 they are /lib/libssl.so.0.9.6b and
++ /lib/libcrypto.so.0.9.6b with symlinks /lib/libssl.so.2 and
++ /lib/libcrypto.so.2 respectively).
++ 
++ Please note that we have been advised by Red Hat attempting to recompile the
++ openssl rpm with all the cryptography enabled will not work. All other
++ packages depend on the original Red Hat supplied openssl package. It is also
++ worth noting that due to the way Red Hat supplies its packages, updates to
++ openssl on each distribution never change the package version, only the
++ build number. For example, on Red Hat 7.1, the latest openssl package has
++ version number 0.9.6 and build number 9 even though it contains all the
++ relevant updates in packages up to and including 0.9.6b.
++ 
++ A possible way around this is to persuade Red Hat to produce a non-US
++ version of Red Hat Linux.
++ 
++ FYI: Patent numbers and expiry dates of US patents:
++ MDC-2: 4,908,861 13/03/2007
++ IDEA:  5,214,703 25/05/2010
++ RC5:   5,724,428 03/03/2015
++ 
++ 
++ * Why does the OpenSSL test suite fail on MacOS X?
++ 
++ If the failure happens when running 'make test' and the RC4 test fails,
++ it's very probable that you have OpenSSL 0.9.6b delivered with the
++ operating system (you can find out by running '/usr/bin/openssl version')
++ and that you were trying to build OpenSSL 0.9.6d.  The problem is that
++ the loader ('ld') in MacOS X has a misfeature that's quite difficult to
++ go around and has linked the programs "openssl" and the test programs
++ with /usr/lib/libcrypto.dylib and /usr/lib/libssl.dylib instead of the
++ libraries you just built.
++ Look in the file PROBLEMS for a more detailed explanation and for possible
++ solutions.
++ 
+  [PROG] ========================================================================
+  
+  * Is OpenSSL thread-safe?
+***************
+*** 406,415 ****
+  
+  * I've compiled a program under Windows and it crashes: why?
+  
+! This is usually because you've missed the comment in INSTALL.W32. You
+! must link with the multithreaded DLL version of the VC++ runtime library
+! otherwise the conflict will cause a program to crash: typically on the
+! first BIO related read or write operation.
+  
+  
+  * How do I read or write a DER encoded buffer using the ASN1 functions?
+--- 546,588 ----
+  
+  * I've compiled a program under Windows and it crashes: why?
+  
+! This is usually because you've missed the comment in INSTALL.W32.
+! Your application must link against the same version of the Win32
+! C-Runtime against which your openssl libraries were linked.  The
+! default version for OpenSSL is /MD - "Multithreaded DLL".
+! 
+! If you are using Microsoft Visual C++'s IDE (Visual Studio), in
+! many cases, your new project most likely defaulted to "Debug
+! Singlethreaded" - /ML.  This is NOT interchangeable with /MD and your
+! program will crash, typically on the first BIO related read or write
+! operation.
+! 
+! For each of the six possible link stage configurations within Win32,
+! your application must link  against the same by which OpenSSL was
+! built.  If you are using MS Visual C++ (Studio) this can be changed
+! by:
+! 
+! 1.  Select Settings... from the Project Menu.
+! 2.  Select the C/C++ Tab.
+! 3.  Select "Code Generation from the "Category" drop down list box
+! 4.  Select the Appropriate library (see table below) from the "Use
+!     run-time library" drop down list box.  Perform this step for both
+!     your debug and release versions of your application (look at the
+!     top left of the settings panel to change between the two)
+! 
+!     Single Threaded           /ML        -  MS VC++ often defaults to
+!                                             this for the release
+!                                             version of a new project.
+!     Debug Single Threaded     /MLd       -  MS VC++ often defaults to
+!                                             this for the debug version
+!                                             of a new project.
+!     Multithreaded             /MT
+!     Debug Multithreaded       /MTd
+!     Multithreaded DLL         /MD        -  OpenSSL defaults to this.
+!     Debug Multithreaded DLL   /MDd
+! 
+! Note that debug and release libraries are NOT interchangeable.  If you
+! built OpenSSL with /MD your application must use /MD and cannot use /MDd.
+  
+  
+  * How do I read or write a DER encoded buffer using the ASN1 functions?
+***************
+*** 490,533 ****
+  
+  * Why can't the OpenSSH configure script detect OpenSSL?
+  
+! There is a problem with OpenSSH 1.2.2p1, in that the configure script
+! can't find the installed OpenSSL libraries.  The problem is actually
+! a small glitch that is easily solved with the following patch to be
+! applied to the OpenSSH distribution:
+! 
+! ----- snip:start -----
+! --- openssh-1.2.2p1/configure.in.orig	Thu Mar 23 18:56:58 2000
+! +++ openssh-1.2.2p1/configure.in	Thu Mar 23 18:55:05 2000
+! @@ -152,10 +152,10 @@
+!  AC_MSG_CHECKING([for OpenSSL/SSLeay directory])
+!  for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+!  	if test ! -z "$ssldir" ; then
+! -		LIBS="$saved_LIBS -L$ssldir"
+! +		LIBS="$saved_LIBS -L$ssldir/lib"
+!  		CFLAGS="$CFLAGS -I$ssldir/include"
+!  		if test "x$need_dash_r" = "x1" ; then
+! -			LIBS="$LIBS -R$ssldir"
+! +			LIBS="$LIBS -R$ssldir/lib"
+!  		fi
+!  	fi
+!  	LIBS="$LIBS -lcrypto"
+! --- openssh-1.2.2p1/configure.orig	Thu Mar 23 18:55:02 2000
+! +++ openssh-1.2.2p1/configure	Thu Mar 23 18:57:08 2000
+! @@ -1890,10 +1890,10 @@
+!  echo "configure:1891: checking for OpenSSL/SSLeay directory" >&5
+!  for ssldir in "" $tryssldir /usr /usr/local/openssl /usr/lib/openssl /usr/local/ssl /usr/lib/ssl /usr/local /usr/pkg /opt /opt/openssl ; do
+!  	if test ! -z "$ssldir" ; then
+! -		LIBS="$saved_LIBS -L$ssldir"
+! +		LIBS="$saved_LIBS -L$ssldir/lib"
+!  		CFLAGS="$CFLAGS -I$ssldir/include"
+!  		if test "x$need_dash_r" = "x1" ; then
+! -			LIBS="$LIBS -R$ssldir"
+! +			LIBS="$LIBS -R$ssldir/lib"
+!  		fi
+!  	fi
+!  	LIBS="$LIBS -lcrypto"
+! ----- snip:end -----
+! 
+  
+  * Can I use OpenSSL's SSL library with non-blocking I/O?
+  
+--- 663,678 ----
+  
+  * Why can't the OpenSSH configure script detect OpenSSL?
+  
+! Several reasons for problems with the automatic detection exist.
+! OpenSSH requires at least version 0.9.5a of the OpenSSL libraries.
+! Sometimes the distribution has installed an older version in the system
+! locations that is detected instead of a new one installed. The OpenSSL
+! library might have been compiled for another CPU or another mode (32/64 bits).
+! Permissions might be wrong.
+! 
+! The general answer is to check the config.log file generated when running
+! the OpenSSH configure script. It should contain the detailed information
+! on why the OpenSSL library was not detected or considered incompatible.
+  
+  * Can I use OpenSSL's SSL library with non-blocking I/O?
+  
+***************
+*** 541,546 ****
+--- 686,698 ----
+  request a new TLS/SSL handshake at any time during the protocol,
+  requiring a bi-directional message exchange; both SSL_read() and
+  SSL_write() will try to continue any pending handshake.
++ 
++ 
++ * Why doesn't my server application receive a client certificate?
++ 
++ Due to the TLS protocol definition, a client will only send a certificate,
++ if explicitly asked by the server. Use the SSL_VERIFY_PEER flag of the
++ SSL_CTX_set_verify() function to enable the use of client certificates.
+  
+  
+  ===============================================================================
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/FREEBSD-Xlist ../RELENG_4_6/crypto/openssl/FREEBSD-Xlist
+*** crypto/openssl/FREEBSD-Xlist	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/FREEBSD-Xlist	Tue Jul 30 22:54:37 2002
+***************
+*** 4,39 ****
+  INSTALL.W32
+  MacOS/
+  VMS/
+- *.bat
+  *.com
+  */*.bat
+  */*.com
+  */*/*.bat
+  */*/*.com
+  apps/openssl-vms.cnf
+! crypto/bf/asm/b-win32.asm
+! crypto/bn/asm/bn-win32.asm
+  crypto/bn/asm/vms.mar
+- crypto/bn/asm/x86w16.asm
+- crypto/bn/asm/x86w32.asm
+  crypto/bn/vms-helper.c
+- crypto/cast/asm/c-win32.asm
+- crypto/des/asm/d-win32.asm
+- crypto/des/asm/y-win32.asm
+- crypto/des/des-lib.com
+  crypto/dso/dso_vms.c
+  crypto/dso/dso_win32.c
+- crypto/md5/asm/m5-win32.asm
+- crypto/rc4/asm/r4-win32.asm
+- crypto/rc5/asm/r5-win32.asm
+- crypto/ripemd/asm/rm-win32.asm
+- crypto/sha/asm/s1-win32.asm
+  crypto/threads/solaris.sh
+  ms/
+  shlib/Makefile.hpux10-cc
+  shlib/hpux10-cc.sh
+  shlib/irix.sh
+  shlib/solaris-sc4.sh
+  shlib/solaris.sh
+  shlib/sun.sh
+! vms/
+--- 4,30 ----
+  INSTALL.W32
+  MacOS/
+  VMS/
+  *.com
+  */*.bat
+  */*.com
+  */*/*.bat
+  */*/*.com
+  apps/openssl-vms.cnf
+! crypto/bn/asm/pa-risc2.s.old
+  crypto/bn/asm/vms.mar
+  crypto/bn/vms-helper.c
+  crypto/dso/dso_vms.c
+  crypto/dso/dso_win32.c
+  crypto/threads/solaris.sh
+  ms/
++ rsaref/
+  shlib/Makefile.hpux10-cc
+  shlib/hpux10-cc.sh
+  shlib/irix.sh
+  shlib/solaris-sc4.sh
+  shlib/solaris.sh
+  shlib/sun.sh
+! shlib/svr5-shared-gcc.sh
+! shlib/svr5-shared-installed
+! shlib/svr5-shared.sh
+! util/cygwin.sh
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/INSTALL ../RELENG_4_6/crypto/openssl/INSTALL
+*** crypto/openssl/INSTALL	Sun Nov 26 06:32:45 2000
+--- ../RELENG_4_6/crypto/openssl/INSTALL	Mon Dec  9 03:49:03 2002
+***************
+*** 7,14 ****
+--- 7,17 ----
+  
+   To install OpenSSL, you will need:
+  
++   * make
+    * Perl 5
+    * an ANSI C compiler
++   * a development environment in form of development libraries and C
++     header files
+    * a supported Unix operating system
+  
+   Quick Start
+***************
+*** 43,51 ****
+    --openssldir=DIR Directory for OpenSSL files. If no prefix is specified,
+                  the library files and binaries are also installed there.
+  
+-   rsaref        Build with RSADSI's RSAREF toolkit (this assumes that
+-                 librsaref.a is in the library search path).
+- 
+    no-threads    Don't try to build with support for multi-threaded
+                  applications.
+  
+--- 46,51 ----
+***************
+*** 125,135 ****
+       directory, and the binary will be in the "apps" directory.
+  
+       If "make" fails, look at the output.  There may be reasons for
+!      the failure that isn't a problem in OpenSSL itself (like missing
+       standard headers).  If it is a problem with OpenSSL itself, please
+       report the problem to <openssl-bugs@openssl.org> (note that your
+!      message will be forwarded to a public mailing list).  Include the
+!      output of "make report" in your message.
+  
+       [If you encounter assembler error messages, try the "no-asm"
+       configuration option as an immediate fix.]
+--- 125,138 ----
+       directory, and the binary will be in the "apps" directory.
+  
+       If "make" fails, look at the output.  There may be reasons for
+!      the failure that aren't problems in OpenSSL itself (like missing
+       standard headers).  If it is a problem with OpenSSL itself, please
+       report the problem to <openssl-bugs@openssl.org> (note that your
+!      message will be recorded in the request tracker publicly readable
+!      via http://www.openssl.org/support/rt2.html and will be forwarded to a
+!      public mailing list). Include the output of "make report" in your message.
+!      Please check out the request tracker. Maybe the bug was already
+!      reported or has already been fixed.
+  
+       [If you encounter assembler error messages, try the "no-asm"
+       configuration option as an immediate fix.]
+***************
+*** 147,153 ****
+       try removing any compiler optimization flags from the CFLAGS line
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+!      "make report".
+  
+    4. If everything tests ok, install OpenSSL with
+  
+--- 150,157 ----
+       try removing any compiler optimization flags from the CFLAGS line
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+!      "make report" in order to be added to the request tracker at
+!      http://www.openssl.org/support/rt2.html.
+  
+    4. If everything tests ok, install OpenSSL with
+  
+***************
+*** 269,274 ****
+--- 273,283 ----
+   Note on shared libraries
+   ------------------------
+  
++  Shared library is currently an experimental feature.  The only reason to
++  have them would be to conserve memory on systems where several program
++  are using OpenSSL.  Binary backward compatibility can't be guaranteed
++  before OpenSSL version 1.0.
++ 
+   For some systems, the OpenSSL Configure script knows what is needed to
+   build shared libraries for libcrypto and libssl.  On these systems,
+   the shared libraries are currently not created by default, but giving
+***************
+*** 276,278 ****
+--- 285,299 ----
+   targets for shared library creation, like linux-shared.  Those targets
+   can currently be used on their own just as well, but this is expected
+   to change in future versions of OpenSSL.
++ 
++  Note on random number generation
++  --------------------------------
++ 
++  Availability of cryptographically secure random numbers is required for
++  secret key generation. OpenSSL provides several options to seed the
++  internal PRNG. If not properly seeded, the internal PRNG will refuse
++  to deliver random bytes and a "PRNG not seeded error" will occur.
++  On systems without /dev/urandom (or similar) device, it may be necessary
++  to install additional support software to obtain random seed.
++  Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
++  and the FAQ for more information.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/LICENSE ../RELENG_4_6/crypto/openssl/LICENSE
+*** crypto/openssl/LICENSE	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/LICENSE	Fri Mar 15 05:53:21 2002
+***************
+*** 12,18 ****
+    ---------------
+  
+  /* ====================================================================
+!  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 12,18 ----
+    ---------------
+  
+  /* ====================================================================
+!  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.org ../RELENG_4_6/crypto/openssl/Makefile.org
+*** crypto/openssl/Makefile.org	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/Makefile.org	Thu Nov 14 07:40:49 2002
+***************
+*** 183,188 ****
+--- 183,189 ----
+  SHARED_SSL=libssl$(SHLIB_EXT)
+  SHARED_LIBS=
+  SHARED_LIBS_LINK_EXTS=
++ SHARED_LDFLAGS=
+  
+  GENERAL=        Makefile
+  BASENAME=       openssl
+***************
+*** 235,253 ****
+  			done; \
+  		fi; \
+  		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+  	done
+  
+  link-shared:
+! 	@for i in $(SHLIBDIRS); do \
+! 		prev=lib$$i$(SHLIB_EXT); \
+! 		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+! 			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+  			for j in $${tmp:-x}; do \
+! 				( set -x; ln -f -s $$prev lib$$i$$j ); \
+  				prev=lib$$i$$j; \
+  			done; \
+! 		fi; \
+! 	done
+  
+  build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
+  
+--- 236,258 ----
+  			done; \
+  		fi; \
+  		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
++ 		if [ "$(PLATFORM)" = "Cygwin" ]; then \
++ 			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
++ 		fi; \
+  	done
+  
+  link-shared:
+! 	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+! 		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+! 		for i in $(SHLIBDIRS); do \
+! 			prev=lib$$i$(SHLIB_EXT); \
+  			for j in $${tmp:-x}; do \
+! 				( set -x; \
+! 				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
+  				prev=lib$$i$$j; \
+  			done; \
+! 		done; \
+! 	fi
+  
+  build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
+  
+***************
+*** 255,283 ****
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+! # This assumes that GNU utilities are *not* used
+! do_tru64-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
+! 		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+! 		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
+  do_solaris-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+! 	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+--- 260,479 ----
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; ${CC} ${SHARED_LDFLAGS} \
+! 		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+! DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+! 	[ -n "$$my_ld" ] && \
+! 	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+! 
+! # For Darwin AKA Mac OS/X (dyld)
+! do_darwin-shared: 
+! 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+! 		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+! 		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+! 	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
+! 	echo "" ; \
+! 	done
+! 
+! do_cygwin-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; ${CC}  -shared -o cyg$$i.dll \
+! 		-Wl,-Bsymbolic \
+! 		-Wl,--whole-archive lib$$i.a \
+! 		-Wl,--out-implib,lib$$i.dll.a \
+! 		-Wl,--no-whole-archive $$libs ) || exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
++ do_alpha-osf1-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-shared -o lib$$i.so \
++ 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++ 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # This assumes that GNU utilities are *not* used
++ # The difference between alpha-osf1-shared and tru64-shared is the `-msym'
++ # option passed to the linker.
++ do_tru64-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-shared -msym -o lib$$i.so \
++ 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++ 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # This assumes that GNU utilities are *not* used
++ # The difference between tru64-shared and tru64-shared-rpath is the
++ # -rpath ${INSTALLTOP}/lib passed to the linker.
++ do_tru64-shared-rpath:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-shared -msym -o lib$$i.so \
++ 			-rpath  ${INSTALLTOP}/lib \
++ 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++ 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ 
++ # This assumes that GNU utilities are *not* used
+  do_solaris-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++ 		  set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # OpenServer 5 native compilers used
++ do_svr3-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++ 		  find . -name "*.o" -print > allobjs ; \
++ 		  OBJS= ; export OBJS ; \
++ 		  for obj in `ar t lib$$i.a` ; do \
++ 		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
++ 		  done ; \
++ 		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # UnixWare 7 and OpenUNIX 8 native compilers used
++ do_svr5-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++ 		  find . -name "*.o" -print > allobjs ; \
++ 		  OBJS= ; export OBJS ; \
++ 		  for obj in `ar t lib$$i.a` ; do \
++ 		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
++ 		  done ; \
++ 		  set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # This assumes that GNU utilities are *not* used
++ do_irix-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # This assumes that GNU utilities are *not* used
++ do_hpux-shared:
++ 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
++ 		+vnocompatwarnings \
++ 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++ 	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
++ 	libs="$$libs -L. -l$$i"; \
++ 	done
++ 
++ # This assumes that GNU utilities are *not* used
++ do_hpux64-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+! 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
+! 	libs="$$libs -L. -l$$i"; \
+! 	done
+! 
+! # The following method is said to work on all platforms.  Tests will
+! # determine if that's how it's gong to be used.
+! # This assumes that for all but GNU systems, GNU utilities are *not* used.
+! # ALLSYMSFLAGS would be:
+! #  GNU systems: --whole-archive
+! #  Tru64 Unix:  -all
+! #  Solaris:     -z allextract
+! #  Irix:        -all
+! #  HP/UX-32bit: -Fl
+! #  HP/UX-64bit: +forceload
+! #  AIX:		-bnogc
+! # SHAREDFLAGS would be:
+! #  GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+! #  Tru64 Unix:  -shared \
+! #		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
+! #  Solaris:     -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+! #  Irix:        -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+! #  HP/UX-32bit: +vnocompatwarnings -b -z +s \
+! #		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
+! #  HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
+! #  AIX:		-G -bE:lib$$i.exp -bM:SRE
+! # SHAREDCMD would be:
+! #  GNU systems: $(CC)
+! #  Tru64 Unix:  $(CC)
+! #  Solaris:     $(CC)
+! #  Irix:        $(CC)
+! #  HP/UX-32bit: /usr/ccs/bin/ld
+! #  HP/UX-64bit: /usr/ccs/bin/ld
+! #  AIX:		$(CC)
+! ALLSYMSFLAG=-bnogc
+! SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
+! SHAREDCMD=$(CC)
+! do_aix-shared:
+! 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; \
+! 	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
+! 	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+! 	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
+! 		$$libs ${EX_LIBS} ) ) \
+! 	|| exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+***************
+*** 331,336 ****
+--- 527,536 ----
+  	fi; \
+  	done;
+  
++ gentests:
++ 	@(cd test && echo "generating dummy tests (if needed)..." && \
++ 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
++ 
+  dclean:
+  	rm -f *.bak
+  	@for i in $(DIRS) ;\
+***************
+*** 350,356 ****
+  
+  tests: rehash
+  	@(cd test && echo "testing..." && \
+! 	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests );
+  	@apps/openssl version -a
+  
+  report:
+--- 550,556 ----
+  
+  tests: rehash
+  	@(cd test && echo "testing..." && \
+! 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
+  	@apps/openssl version -a
+  
+  report:
+***************
+*** 361,367 ****
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making dependencies $$i..." && \
+! 		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+  	fi; \
+  	done;
+  
+--- 561,567 ----
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making dependencies $$i..." && \
+! 		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
+  	fi; \
+  	done;
+  
+***************
+*** 384,425 ****
+  	done;
+  
+  errors:
+! 	perl util/mkerr.pl -recurse -write
+  
+  stacks:
+! 	perl util/mkstack.pl -write
+  
+  util/libeay.num::
+! 	perl util/mkdef.pl crypto update
+  
+  util/ssleay.num::
+! 	perl util/mkdef.pl ssl update
+  
+  crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+! 	perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+  crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
+! 	perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+  
+  TABLE: Configure
+  	(echo 'Output of `Configure TABLE'"':"; \
+! 	perl Configure TABLE) > TABLE
+  
+  update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+  
+  tar:
+! 	@$(TAR) $(TARFLAGS) -cvf - \
+! 		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
+  	tardy --user_number=0  --user_name=openssl \
+  	      --group_number=0 --group_name=openssl \
+  	      --prefix=openssl-$(VERSION) - |\
+  	gzip --best >../$(TARFILE).gz; \
+  	ls -l ../$(TARFILE).gz
+  
+  dist:   
+  	$(PERL) Configure dist
+  	@$(MAKE) dist_pem_h
+  	@$(MAKE) SDIRS='${SDIRS}' clean
+! 	@$(MAKE) tar
+  
+  dist_pem_h:
+  	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+--- 584,634 ----
+  	done;
+  
+  errors:
+! 	$(PERL) util/mkerr.pl -recurse -write
+  
+  stacks:
+! 	$(PERL) util/mkstack.pl -write
+  
+  util/libeay.num::
+! 	$(PERL) util/mkdef.pl crypto update
+  
+  util/ssleay.num::
+! 	$(PERL) util/mkdef.pl ssl update
+  
+  crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+! 	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+  crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
+! 	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+  
+  TABLE: Configure
+  	(echo 'Output of `Configure TABLE'"':"; \
+! 	$(PERL) Configure TABLE) > TABLE
+  
+  update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+  
++ # Build distribution tar-file. As the list of files returned by "find" is
++ # pretty long, on several platforms a "too many arguments" error or similar
++ # would occur. Therefore the list of files is temporarily stored into a file
++ # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
++ # tar does not support the --files-from option.
+  tar:
+! 	find . -type d -print | xargs chmod 755
+! 	find . -type f -print | xargs chmod a+r
+! 	find . -type f -perm -0100 -print | xargs chmod a+x
+! 	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+! 	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+  	tardy --user_number=0  --user_name=openssl \
+  	      --group_number=0 --group_name=openssl \
+  	      --prefix=openssl-$(VERSION) - |\
+  	gzip --best >../$(TARFILE).gz; \
++ 	rm -f ../$(TARFILE).list; \
+  	ls -l ../$(TARFILE).gz
+  
+  dist:   
+  	$(PERL) Configure dist
+  	@$(MAKE) dist_pem_h
+  	@$(MAKE) SDIRS='${SDIRS}' clean
+! 	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+  
+  dist_pem_h:
+  	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+***************
+*** 448,471 ****
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+! 		fi \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+  		tmp="$(SHARED_LIBS)"; \
+  		for i in $${tmp:-x}; \
+  		do \
+! 			if [ -f "$$i" ]; then \
+  			(       echo installing $$i; \
+! 				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 				chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+! 			fi \
+  		done; \
+  		(	here="`pwd`"; \
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			make -f $$here/Makefile link-shared ); \
+  	fi
+  
+  install_docs:
+--- 657,693 ----
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+! 		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+  		tmp="$(SHARED_LIBS)"; \
+  		for i in $${tmp:-x}; \
+  		do \
+! 			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+! 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+! 				else \
+! 					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+! 				fi ); \
+! 			fi; \
+  		done; \
+  		(	here="`pwd`"; \
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			set $(MAKE); \
+! 			$$1 -f $$here/Makefile link-shared ); \
+  	fi
+  
+  install_docs:
+***************
+*** 474,495 ****
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@echo installing man 1 and man 5
+! 	@for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+! 		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+! 		(cd `dirname $$i`; \
+! 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+! 			 --release=$(VERSION) `basename $$i`) \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+! 	done
+! 	@echo installing man 3 and man 7
+! 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+  		fn=`basename $$i .pod`; \
+! 		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+! 		(cd `dirname $$i`; \
+! 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+! 			--release=$(VERSION) `basename $$i`) \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+  	done
+  
+--- 696,720 ----
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+! 	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+! 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+! 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+! 		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+! 			--section=$$sec --center=OpenSSL \
+! 			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+! 	done; \
+! 	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+  		fn=`basename $$i .pod`; \
+! 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+! 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+! 		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+! 			--section=$$sec --center=OpenSSL \
+! 			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+  	done
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.ssl ../RELENG_4_6/crypto/openssl/Makefile.ssl
+*** crypto/openssl/Makefile.ssl	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/Makefile.ssl	Wed Feb 19 22:04:42 2003
+***************
+*** 4,26 ****
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.6a
+  MAJOR=0
+  MINOR=9.6
+  SHLIB_VERSION_NUMBER=0.9.6
+  SHLIB_VERSION_HISTORY=
+  SHLIB_MAJOR=0
+  SHLIB_MINOR=9.6
+! SHLIB_EXT=
+! PLATFORM=dist
+! OPTIONS=
+! CONFIGURE_ARGS=dist
+! SHLIB_TARGET=
+  
+  # INSTALL_PREFIX is for package builders so that they can configure
+  # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+  # Normally it is left empty.
+! INSTALL_PREFIX=
+  INSTALLTOP=/usr/local/ssl
+  
+  # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+--- 4,26 ----
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.6i
+  MAJOR=0
+  MINOR=9.6
+  SHLIB_VERSION_NUMBER=0.9.6
+  SHLIB_VERSION_HISTORY=
+  SHLIB_MAJOR=0
+  SHLIB_MINOR=9.6
+! SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+! PLATFORM=FreeBSD-elf
+! OPTIONS=386
+! CONFIGURE_ARGS=FreeBSD-elf 386
+! SHLIB_TARGET=bsd-gcc-shared
+  
+  # INSTALL_PREFIX is for package builders so that they can configure
+  # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+  # Normally it is left empty.
+! INSTALL_PREFIX=/var/tmp/ssl
+  INSTALLTOP=/usr/local/ssl
+  
+  # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+***************
+*** 55,75 ****
+  # equal 4.
+  # PKCS1_CHECK - pkcs1 tests.
+  
+! CC= cc
+  #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+! CFLAG= -O
+  DEPFLAG= 
+  PEX_LIBS= 
+  EX_LIBS= 
+  EXE_EXT= 
+  AR=ar r
+  RANLIB= /usr/bin/ranlib
+! PERL= /usr/local/bin/perl
+  TAR= tar
+  TARFLAGS= --no-recursion
+  
+  # Set BN_ASM to bn_asm.o if you want to use the C version
+! BN_ASM= bn_asm.o
+  #BN_ASM= bn_asm.o
+  #BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+  #BN_ASM= asm/bn86-sol.o # solaris
+--- 55,75 ----
+  # equal 4.
+  # PKCS1_CHECK - pkcs1 tests.
+  
+! CC= gcc
+  #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+! CFLAG= -fPIC -DTHREADS -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+  DEPFLAG= 
+  PEX_LIBS= 
+  EX_LIBS= 
+  EXE_EXT= 
+  AR=ar r
+  RANLIB= /usr/bin/ranlib
+! PERL= /usr/local/bin/perl5
+  TAR= tar
+  TARFLAGS= --no-recursion
+  
+  # Set BN_ASM to bn_asm.o if you want to use the C version
+! BN_ASM= asm/bn86-elf.o asm/co86-elf.o
+  #BN_ASM= bn_asm.o
+  #BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+  #BN_ASM= asm/bn86-sol.o # solaris
+***************
+*** 85,95 ****
+  
+  # For x86 assembler: Set PROCESSOR to 386 if you want to support
+  # the 80386.
+! PROCESSOR= 
+  
+  # Set DES_ENC to des_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! DES_ENC= des_enc.o fcrypt_b.o
+  #DES_ENC= des_enc.o fcrypt_b.o          # C
+  #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+  #DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+--- 85,95 ----
+  
+  # For x86 assembler: Set PROCESSOR to 386 if you want to support
+  # the 80386.
+! PROCESSOR= 386
+  
+  # Set DES_ENC to des_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! DES_ENC= asm/dx86-elf.o asm/yx86-elf.o
+  #DES_ENC= des_enc.o fcrypt_b.o          # C
+  #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+  #DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+***************
+*** 98,104 ****
+  
+  # Set BF_ENC to bf_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! BF_ENC= bf_enc.o
+  #BF_ENC= bf_enc.o
+  #BF_ENC= asm/bx86-elf.o # elf
+  #BF_ENC= asm/bx86-sol.o # solaris
+--- 98,104 ----
+  
+  # Set BF_ENC to bf_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! BF_ENC= asm/bx86-elf.o
+  #BF_ENC= bf_enc.o
+  #BF_ENC= asm/bx86-elf.o # elf
+  #BF_ENC= asm/bx86-sol.o # solaris
+***************
+*** 107,113 ****
+  
+  # Set CAST_ENC to c_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! CAST_ENC= c_enc.o
+  #CAST_ENC= c_enc.o
+  #CAST_ENC= asm/cx86-elf.o # elf
+  #CAST_ENC= asm/cx86-sol.o # solaris
+--- 107,113 ----
+  
+  # Set CAST_ENC to c_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! CAST_ENC= asm/cx86-elf.o
+  #CAST_ENC= c_enc.o
+  #CAST_ENC= asm/cx86-elf.o # elf
+  #CAST_ENC= asm/cx86-sol.o # solaris
+***************
+*** 116,122 ****
+  
+  # Set RC4_ENC to rc4_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC4_ENC= rc4_enc.o
+  #RC4_ENC= rc4_enc.o
+  #RC4_ENC= asm/rx86-elf.o # elf
+  #RC4_ENC= asm/rx86-sol.o # solaris
+--- 116,122 ----
+  
+  # Set RC4_ENC to rc4_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC4_ENC= asm/rx86-elf.o
+  #RC4_ENC= rc4_enc.o
+  #RC4_ENC= asm/rx86-elf.o # elf
+  #RC4_ENC= asm/rx86-sol.o # solaris
+***************
+*** 125,131 ****
+  
+  # Set RC5_ENC to rc5_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC5_ENC= rc5_enc.o
+  #RC5_ENC= rc5_enc.o
+  #RC5_ENC= asm/r586-elf.o # elf
+  #RC5_ENC= asm/r586-sol.o # solaris
+--- 125,131 ----
+  
+  # Set RC5_ENC to rc5_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC5_ENC= asm/r586-elf.o
+  #RC5_ENC= rc5_enc.o
+  #RC5_ENC= asm/r586-elf.o # elf
+  #RC5_ENC= asm/r586-sol.o # solaris
+***************
+*** 133,153 ****
+  #RC5_ENC= asm/r586bsdi.o # bsdi
+  
+  # Also need MD5_ASM defined
+! MD5_ASM_OBJ= 
+  #MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+  #MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+  #MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+  #MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+  
+  # Also need SHA1_ASM defined
+! SHA1_ASM_OBJ= 
+  #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+  #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+  #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+  #SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+  
+  # Also need RMD160_ASM defined
+! RMD160_ASM_OBJ= 
+  #RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+  #RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+  #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+--- 133,153 ----
+  #RC5_ENC= asm/r586bsdi.o # bsdi
+  
+  # Also need MD5_ASM defined
+! MD5_ASM_OBJ= asm/mx86-elf.o
+  #MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+  #MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+  #MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+  #MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+  
+  # Also need SHA1_ASM defined
+! SHA1_ASM_OBJ= asm/sx86-elf.o
+  #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+  #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+  #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+  #SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+  
+  # Also need RMD160_ASM defined
+! RMD160_ASM_OBJ= asm/rm86-elf.o
+  #RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+  #RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+  #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+***************
+*** 184,190 ****
+  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+  SHARED_SSL=libssl$(SHLIB_EXT)
+  SHARED_LIBS=
+! SHARED_LIBS_LINK_EXTS=
+  
+  GENERAL=        Makefile
+  BASENAME=       openssl
+--- 184,191 ----
+  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+  SHARED_SSL=libssl$(SHLIB_EXT)
+  SHARED_LIBS=
+! SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
+! SHARED_LDFLAGS=
+  
+  GENERAL=        Makefile
+  BASENAME=       openssl
+***************
+*** 237,255 ****
+  			done; \
+  		fi; \
+  		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
+  	done
+  
+  link-shared:
+! 	@for i in $(SHLIBDIRS); do \
+! 		prev=lib$$i$(SHLIB_EXT); \
+! 		if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+! 			tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+  			for j in $${tmp:-x}; do \
+! 				( set -x; ln -f -s $$prev lib$$i$$j ); \
+  				prev=lib$$i$$j; \
+  			done; \
+! 		fi; \
+! 	done
+  
+  build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
+  
+--- 238,260 ----
+  			done; \
+  		fi; \
+  		( set -x; rm -f lib$$i$(SHLIB_EXT) ); \
++ 		if [ "$(PLATFORM)" = "Cygwin" ]; then \
++ 			( set -x; rm -f cyg$$i$(SHLIB_EXT) lib$$i$(SHLIB_EXT).a ); \
++ 		fi; \
+  	done
+  
+  link-shared:
+! 	@if [ -n "$(SHARED_LIBS_LINK_EXTS)" ]; then \
+! 		tmp="$(SHARED_LIBS_LINK_EXTS)"; \
+! 		for i in $(SHLIBDIRS); do \
+! 			prev=lib$$i$(SHLIB_EXT); \
+  			for j in $${tmp:-x}; do \
+! 				( set -x; \
+! 				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
+  				prev=lib$$i$$j; \
+  			done; \
+! 		done; \
+! 	fi
+  
+  build-shared: clean-shared do_$(SHLIB_TARGET) link-shared
+  
+***************
+*** 257,285 ****
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; ${CC}  -shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-Wl,-S,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+! # This assumes that GNU utilities are *not* used
+! do_tru64-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; ${CC}  -shared -no_archive -o lib$$i.so \
+! 		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+! 		-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
+  do_solaris-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+! 	  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+--- 262,481 ----
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; ${CC} ${SHARED_LDFLAGS} \
+! 		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+! DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+! 	[ -n "$$my_ld" ] && \
+! 	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+! 
+! # For Darwin AKA Mac OS/X (dyld)
+! do_darwin-shared: 
+! 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+! 		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+! 		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+! 	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
+! 	echo "" ; \
+! 	done
+! 
+! do_cygwin-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; ${CC}  -shared -o cyg$$i.dll \
+! 		-Wl,-Bsymbolic \
+! 		-Wl,--whole-archive lib$$i.a \
+! 		-Wl,--out-implib,lib$$i.dll.a \
+! 		-Wl,--no-whole-archive $$libs ) || exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
++ do_alpha-osf1-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-shared -o lib$$i.so \
++ 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++ 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # This assumes that GNU utilities are *not* used
++ # The difference between alpha-osf1-shared and tru64-shared is the `-msym'
++ # option passed to the linker.
++ do_tru64-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-shared -msym -o lib$$i.so \
++ 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++ 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # This assumes that GNU utilities are *not* used
++ # The difference between tru64-shared and tru64-shared-rpath is the
++ # -rpath ${INSTALLTOP}/lib passed to the linker.
++ do_tru64-shared-rpath:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-shared -msym -o lib$$i.so \
++ 			-rpath  ${INSTALLTOP}/lib \
++ 			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
++ 			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ 
++ # This assumes that GNU utilities are *not* used
+  do_solaris-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++ 		  set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-z allextract lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # OpenServer 5 native compilers used
++ do_svr3-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++ 		  find . -name "*.o" -print > allobjs ; \
++ 		  OBJS= ; export OBJS ; \
++ 		  for obj in `ar t lib$$i.a` ; do \
++ 		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
++ 		  done ; \
++ 		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # UnixWare 7 and OpenUNIX 8 native compilers used
++ do_svr5-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
++ 		  find . -name "*.o" -print > allobjs ; \
++ 		  OBJS= ; export OBJS ; \
++ 		  for obj in `ar t lib$$i.a` ; do \
++ 		    OBJS="$${OBJS} `grep $$obj allobjs`" ; \
++ 		  done ; \
++ 		  set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # This assumes that GNU utilities are *not* used
++ do_irix-shared:
++ 	if ${DETECT_GNU_LD}; then \
++ 		$(MAKE) do_gnu-shared; \
++ 	else \
++ 		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		( set -x; ${CC} ${SHARED_LDFLAGS} \
++ 			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
++ 		libs="$$libs -l$$i"; \
++ 		done; \
++ 	fi
++ 
++ # This assumes that GNU utilities are *not* used
++ do_hpux-shared:
++ 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
++ 		+vnocompatwarnings \
++ 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
++ 		-Fl lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
++ 	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
++ 	libs="$$libs -L. -l$$i"; \
++ 	done
++ 
++ # This assumes that GNU utilities are *not* used
++ do_hpux64-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+! 		-b -z -o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+! 		+forceload lib$$i.a $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 	chmod a=rx lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} ; \
+! 	libs="$$libs -L. -l$$i"; \
+! 	done
+! 
+! # The following method is said to work on all platforms.  Tests will
+! # determine if that's how it's gong to be used.
+! # This assumes that for all but GNU systems, GNU utilities are *not* used.
+! # ALLSYMSFLAGS would be:
+! #  GNU systems: --whole-archive
+! #  Tru64 Unix:  -all
+! #  Solaris:     -z allextract
+! #  Irix:        -all
+! #  HP/UX-32bit: -Fl
+! #  HP/UX-64bit: +forceload
+! #  AIX:		-bnogc
+! # SHAREDFLAGS would be:
+! #  GNU systems: -shared -Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+! #  Tru64 Unix:  -shared \
+! #		-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}"
+! #  Solaris:     -G -h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+! #  Irix:        -shared -Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR}
+! #  HP/UX-32bit: +vnocompatwarnings -b -z +s \
+! #		+h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
+! #  HP/UX-64bit: -b -z +h lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR}
+! #  AIX:		-G -bE:lib$$i.exp -bM:SRE
+! # SHAREDCMD would be:
+! #  GNU systems: $(CC)
+! #  Tru64 Unix:  $(CC)
+! #  Solaris:     $(CC)
+! #  Irix:        $(CC)
+! #  HP/UX-32bit: /usr/ccs/bin/ld
+! #  HP/UX-64bit: /usr/ccs/bin/ld
+! #  AIX:		$(CC)
+! ALLSYMSFLAG=-bnogc
+! SHAREDFLAGS=${SHARED_LDFLAGS} -G -bE:lib$$i.exp -bM:SRE
+! SHAREDCMD=$(CC)
+! do_aix-shared:
+! 	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x; \
+! 	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
+! 	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+! 	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
+! 		$$libs ${EX_LIBS} ) ) \
+! 	|| exit 1; \
+  	libs="$$libs -l$$i"; \
+  	done
+  
+***************
+*** 333,338 ****
+--- 529,538 ----
+  	fi; \
+  	done;
+  
++ gentests:
++ 	@(cd test && echo "generating dummy tests (if needed)..." && \
++ 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
++ 
+  dclean:
+  	rm -f *.bak
+  	@for i in $(DIRS) ;\
+***************
+*** 352,358 ****
+  
+  tests: rehash
+  	@(cd test && echo "testing..." && \
+! 	$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' EXE_EXT='${EXE_EXT}' tests );
+  	@apps/openssl version -a
+  
+  report:
+--- 552,558 ----
+  
+  tests: rehash
+  	@(cd test && echo "testing..." && \
+! 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' OPENSSL_DEBUG_MEMORY=on tests );
+  	@apps/openssl version -a
+  
+  report:
+***************
+*** 363,369 ****
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making dependencies $$i..." && \
+! 		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' depend ) || exit 1; \
+  	fi; \
+  	done;
+  
+--- 563,569 ----
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making dependencies $$i..." && \
+! 		$(MAKE) SDIRS='${SDIRS}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ) || exit 1; \
+  	fi; \
+  	done;
+  
+***************
+*** 386,427 ****
+  	done;
+  
+  errors:
+! 	perl util/mkerr.pl -recurse -write
+  
+  stacks:
+! 	perl util/mkstack.pl -write
+  
+  util/libeay.num::
+! 	perl util/mkdef.pl crypto update
+  
+  util/ssleay.num::
+! 	perl util/mkdef.pl ssl update
+  
+  crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+! 	perl crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+  crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
+! 	perl crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+  
+  TABLE: Configure
+  	(echo 'Output of `Configure TABLE'"':"; \
+! 	perl Configure TABLE) > TABLE
+  
+  update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+  
+  tar:
+! 	@$(TAR) $(TARFLAGS) -cvf - \
+! 		`find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort` |\
+  	tardy --user_number=0  --user_name=openssl \
+  	      --group_number=0 --group_name=openssl \
+  	      --prefix=openssl-$(VERSION) - |\
+  	gzip --best >../$(TARFILE).gz; \
+  	ls -l ../$(TARFILE).gz
+  
+  dist:   
+  	$(PERL) Configure dist
+  	@$(MAKE) dist_pem_h
+  	@$(MAKE) SDIRS='${SDIRS}' clean
+! 	@$(MAKE) tar
+  
+  dist_pem_h:
+  	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+--- 586,636 ----
+  	done;
+  
+  errors:
+! 	$(PERL) util/mkerr.pl -recurse -write
+  
+  stacks:
+! 	$(PERL) util/mkstack.pl -write
+  
+  util/libeay.num::
+! 	$(PERL) util/mkdef.pl crypto update
+  
+  util/ssleay.num::
+! 	$(PERL) util/mkdef.pl ssl update
+  
+  crypto/objects/obj_dat.h: crypto/objects/obj_mac.h crypto/objects/obj_dat.pl
+! 	$(PERL) crypto/objects/obj_dat.pl crypto/objects/obj_mac.h crypto/objects/obj_dat.h
+  crypto/objects/obj_mac.h: crypto/objects/objects.pl crypto/objects/objects.txt 
+! 	$(PERL) crypto/objects/objects.pl crypto/objects/objects.txt crypto/objects/obj_mac.num crypto/objects/obj_mac.h
+  
+  TABLE: Configure
+  	(echo 'Output of `Configure TABLE'"':"; \
+! 	$(PERL) Configure TABLE) > TABLE
+  
+  update: depend errors stacks util/libeay.num util/ssleay.num crypto/objects/obj_dat.h TABLE
+  
++ # Build distribution tar-file. As the list of files returned by "find" is
++ # pretty long, on several platforms a "too many arguments" error or similar
++ # would occur. Therefore the list of files is temporarily stored into a file
++ # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
++ # tar does not support the --files-from option.
+  tar:
+! 	find . -type d -print | xargs chmod 755
+! 	find . -type f -print | xargs chmod a+r
+! 	find . -type f -perm -0100 -print | xargs chmod a+x
+! 	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+! 	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+  	tardy --user_number=0  --user_name=openssl \
+  	      --group_number=0 --group_name=openssl \
+  	      --prefix=openssl-$(VERSION) - |\
+  	gzip --best >../$(TARFILE).gz; \
++ 	rm -f ../$(TARFILE).list; \
+  	ls -l ../$(TARFILE).gz
+  
+  dist:   
+  	$(PERL) Configure dist
+  	@$(MAKE) dist_pem_h
+  	@$(MAKE) SDIRS='${SDIRS}' clean
+! 	@$(MAKE) TAR='${TAR}' TARFLAGS='${TARFLAGS}' tar
+  
+  dist_pem_h:
+  	(cd crypto/pem; $(MAKE) CC='${CC}' SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
+***************
+*** 450,473 ****
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+! 		fi \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+  		tmp="$(SHARED_LIBS)"; \
+  		for i in $${tmp:-x}; \
+  		do \
+! 			if [ -f "$$i" ]; then \
+  			(       echo installing $$i; \
+! 				cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 				chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+! 			fi \
+  		done; \
+  		(	here="`pwd`"; \
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			make -f $$here/Makefile link-shared ); \
+  	fi
+  
+  install_docs:
+--- 659,695 ----
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+! 		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+  		tmp="$(SHARED_LIBS)"; \
+  		for i in $${tmp:-x}; \
+  		do \
+! 			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+! 				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+! 				else \
+! 					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+! 				fi ); \
+! 			fi; \
+  		done; \
+  		(	here="`pwd`"; \
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			set $(MAKE); \
+! 			$$1 -f $$here/Makefile link-shared ); \
+  	fi
+  
+  install_docs:
+***************
+*** 476,497 ****
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@echo installing man 1 and man 5
+! 	@for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+! 		sec=`[ "$$fn" = "config" ] && echo 5 || echo 1`; \
+! 		(cd `dirname $$i`; \
+! 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+! 			 --release=$(VERSION) `basename $$i`) \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+! 	done
+! 	@echo installing man 3 and man 7
+! 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+  		fn=`basename $$i .pod`; \
+! 		sec=`[ "$$fn" = "des_modes" ] && echo 7 || echo 3`; \
+! 		(cd `dirname $$i`; \
+! 		$(PERL) ../../util/pod2man.pl --section=$$sec --center=OpenSSL \
+! 			--release=$(VERSION) `basename $$i`) \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+  	done
+  
+--- 698,722 ----
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+! 	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+! 		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+! 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+! 		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+! 			--section=$$sec --center=OpenSSL \
+! 			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+! 	done; \
+! 	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+  		fn=`basename $$i .pod`; \
+! 		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+! 		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+! 		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+! 			--section=$$sec --center=OpenSSL \
+! 			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+  	done
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/NEWS ../RELENG_4_6/crypto/openssl/NEWS
+*** crypto/openssl/NEWS	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/NEWS	Wed Feb 19 07:34:17 2003
+***************
+*** 5,10 ****
+--- 5,76 ----
+    This file gives a brief overview of the major changes between each OpenSSL
+    release. For more details please read the CHANGES file.
+  
++   Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
++ 
++       o Important security related bugfixes.
++ 
++   Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
++ 
++       o New configuration targets for Tandem OSS and A/UX.
++       o New OIDs for Microsoft attributes.
++       o Better handling of SSL session caching.
++       o Better comparison of distinguished names.
++       o Better handling of shared libraries in a mixed GNU/non-GNU environment.
++       o Support assembler code with Borland C.
++       o Fixes for length problems.
++       o Fixes for uninitialised variables.
++       o Fixes for memory leaks, some unusual crashes and some race conditions.
++       o Fixes for smaller building problems.
++       o Updates of manuals, FAQ and other instructive documents.
++ 
++   Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
++ 
++       o Important building fixes on Unix.
++ 
++   Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
++ 
++       o Various important bugfixes.
++ 
++   Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
++ 
++       o Important security related bugfixes.
++       o Various SSL/TLS library bugfixes.
++ 
++   Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
++ 
++       o Various SSL/TLS library bugfixes.
++       o Fix DH parameter generation for 'non-standard' generators.
++ 
++   Major changes between OpenSSL 0.9.6b and OpenSSL 0.9.6c:
++ 
++       o Various SSL/TLS library bugfixes.
++       o BIGNUM library fixes.
++       o RSA OAEP and random number generation fixes.
++       o Object identifiers corrected and added.
++       o Add assembler BN routines for IA64.
++       o Add support for OS/390 Unix, UnixWare with gcc, OpenUNIX 8,
++         MIPS Linux; shared library support for Irix, HP-UX.
++       o Add crypto accelerator support for AEP, Baltimore SureWare,
++         Broadcom and Cryptographic Appliance's keyserver
++         [in 0.9.6c-engine release].
++ 
++   Major changes between OpenSSL 0.9.6a and OpenSSL 0.9.6b:
++ 
++       o Security fix: PRNG improvements.
++       o Security fix: RSA OAEP check.
++       o Security fix: Reinsert and fix countermeasure to Bleichbacher's
++         attack.
++       o MIPS bug fix in BIGNUM.
++       o Bug fix in "openssl enc".
++       o Bug fix in X.509 printing routine.
++       o Bug fix in DSA verification routine and DSA S/MIME verification.
++       o Bug fix to make PRNG thread-safe.
++       o Bug fix in RAND_file_name().
++       o Bug fix in compatibility mode trust settings.
++       o Bug fix in blowfish EVP.
++       o Increase default size for BIO buffering filter.
++       o Compatibility fixes in some scripts.
++ 
+    Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.6a:
+  
+        o Security fix: change behavior of OpenSSL to avoid using
+***************
+*** 21,27 ****
+        o Bug fixes for Win32, HP/UX and Irix.
+        o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+          memory checking routines.
+!       o Bug fixes for RSA operations in threaded enviroments.
+        o Bug fixes in misc. openssl applications.
+        o Remove a few potential memory leaks.
+        o Add tighter checks of BIGNUM routines.
+--- 87,93 ----
+        o Bug fixes for Win32, HP/UX and Irix.
+        o Bug fixes in BIGNUM, SSL, PKCS#7, PKCS#12, X.509, CONF and
+          memory checking routines.
+!       o Bug fixes for RSA operations in threaded environments.
+        o Bug fixes in misc. openssl applications.
+        o Remove a few potential memory leaks.
+        o Add tighter checks of BIGNUM routines.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/README ../RELENG_4_6/crypto/openssl/README
+*** crypto/openssl/README	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/README	Wed Feb 19 07:34:17 2003
+***************
+*** 1,7 ****
+  
+!  OpenSSL 0.9.6a 5 Apr 2001
+  
+!  Copyright (c) 1998-2000 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+--- 1,7 ----
+  
+!  OpenSSL 0.9.6i Feb 19 2003
+  
+!  Copyright (c) 1998-2003 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+***************
+*** 62,68 ****
+  
+       X.509v3 certificates
+          X509 encoding/decoding into/from binary ASN1 and a PEM
+!              based ascii-binary encoding which supports encryption with a
+               private key.  Program to generate RSA and DSA certificate
+               requests and to generate RSA and DSA certificates.
+  
+--- 62,68 ----
+  
+       X.509v3 certificates
+          X509 encoding/decoding into/from binary ASN1 and a PEM
+!              based ASCII-binary encoding which supports encryption with a
+               private key.  Program to generate RSA and DSA certificate
+               requests and to generate RSA and DSA certificates.
+  
+***************
+*** 97,103 ****
+   locations around the world. _YOU_ are responsible for ensuring that your use
+   of any algorithms is legal by checking if there are any patents in your
+   country.  The file contains some of the patents that we know about or are
+!  rumoured to exist. This is not a definitive list.
+  
+   RSA Security holds software patents on the RC5 algorithm.  If you
+   intend to use this cipher, you must contact RSA Security for
+--- 97,103 ----
+   locations around the world. _YOU_ are responsible for ensuring that your use
+   of any algorithms is legal by checking if there are any patents in your
+   country.  The file contains some of the patents that we know about or are
+!  rumored to exist. This is not a definitive list.
+  
+   RSA Security holds software patents on the RC5 algorithm.  If you
+   intend to use this cipher, you must contact RSA Security for
+***************
+*** 107,114 ****
+   only be used with RSA Security's permission. 
+  
+   The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+!  Japan, Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They should
+!  be contacted if that algorithm is to be used, their web page is
+   http://www.ascom.ch/.
+  
+   INSTALLATION
+--- 107,114 ----
+   only be used with RSA Security's permission. 
+  
+   The IDEA algorithm is patented by Ascom in Austria, France, Germany, Italy,
+!  Japan, the Netherlands, Spain, Sweden, Switzerland, UK and the USA.  They
+!  should be contacted if that algorithm is to be used; their web page is
+   http://www.ascom.ch/.
+  
+   INSTALLATION
+***************
+*** 119,126 ****
+   INSTALL.VMS.
+  
+   Read the documentation in the doc/ directory.  It is quite rough, but it
+!  lists the functions, you will probably have to look at the code to work out
+!  how to used them. Look at the example programs.
+  
+   SUPPORT 
+   -------
+--- 119,133 ----
+   INSTALL.VMS.
+  
+   Read the documentation in the doc/ directory.  It is quite rough, but it
+!  lists the functions; you will probably have to look at the code to work out
+!  how to use them. Look at the example programs.
+! 
+!  PROBLEMS
+!  --------
+! 
+!  For some platforms, there are some known problems that may affect the user
+!  or application author.  We try to collect those in doc/PROBLEMS, with current
+!  thoughts on how they should be solved in a future of OpenSSL.
+  
+   SUPPORT 
+   -------
+***************
+*** 146,156 ****
+      - Problem Description (steps that will reproduce the problem, if known)
+      - Stack Traceback (if the application dumps core)
+  
+!  Report the bug to the OpenSSL project at:
+  
+      openssl-bugs@openssl.org
+  
+!  Note that mail to openssl-bugs@openssl.org is forwarded to a public
+   mailing list. Confidential mail may be sent to openssl-security@openssl.org
+   (PGP key available from the key servers).
+  
+--- 153,165 ----
+      - Problem Description (steps that will reproduce the problem, if known)
+      - Stack Traceback (if the application dumps core)
+  
+!  Report the bug to the OpenSSL project via the Request Tracker
+!  (http://www.openssl.org/rt2.html) by mail to:
+  
+      openssl-bugs@openssl.org
+  
+!  Note that mail to openssl-bugs@openssl.org is recorded in the publicly
+!  readable request tracker database and is forwarded to a public
+   mailing list. Confidential mail may be sent to openssl-security@openssl.org
+   (PGP key available from the key servers).
+  
+***************
+*** 164,170 ****
+   textual explanation of what your patch does.
+  
+   Note: For legal reasons, contributions from the US can be accepted only
+!  if a copy of the patch is sent to crypt@bxa.doc.gov
+  
+   The preferred format for changes is "diff -u" output. You might
+   generate it like this:
+--- 173,181 ----
+   textual explanation of what your patch does.
+  
+   Note: For legal reasons, contributions from the US can be accepted only
+!  if a TSA notification and a copy of the patch is sent to crypt@bis.doc.gov;
+!  see http://www.bis.doc.gov/Encryption/PubAvailEncSourceCodeNofify.html [sic]
+!  and http://w3.access.gpo.gov/bis/ear/pdf/740.pdf (EAR Section 740.13(e)).
+  
+   The preferred format for changes is "diff -u" output. You might
+   generate it like this:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/README.ENGINE ../RELENG_4_6/crypto/openssl/README.ENGINE
+*** crypto/openssl/README.ENGINE	Sun Nov 26 06:38:41 2000
+--- ../RELENG_4_6/crypto/openssl/README.ENGINE	Mon Oct  1 10:39:23 2001
+***************
+*** 5,11 ****
+    With OpenSSL 0.9.6, a new component has been added to support external 
+    crypto devices, for example accelerator cards.  The component is called
+    ENGINE, and has still a pretty experimental status and almost no
+!   documentation.  It's designed to be faily easily extensible by the
+    calling programs.
+  
+    There's currently built-in support for the following crypto devices:
+--- 5,11 ----
+    With OpenSSL 0.9.6, a new component has been added to support external 
+    crypto devices, for example accelerator cards.  The component is called
+    ENGINE, and has still a pretty experimental status and almost no
+!   documentation.  It's designed to be fairly easily extensible by the
+    calling programs.
+  
+    There's currently built-in support for the following crypto devices:
+***************
+*** 48,54 ****
+    No external crypto device is chosen unless you say so.  You have actively
+    tell the openssl utility commands to use it through a new command line
+    switch called "-engine".  And if you want to use the ENGINE library to
+!   do something similar, you must also explicitely choose an external crypto
+    device, or the built-in crypto routines will be used, just as in the
+    default OpenSSL distribution.
+  
+--- 48,54 ----
+    No external crypto device is chosen unless you say so.  You have actively
+    tell the openssl utility commands to use it through a new command line
+    switch called "-engine".  And if you want to use the ENGINE library to
+!   do something similar, you must also explicitly choose an external crypto
+    device, or the built-in crypto routines will be used, just as in the
+    default OpenSSL distribution.
+  
+***************
+*** 56,62 ****
+    PROBLEMS
+    ========
+  
+!   It seems like the ENGINE part doesn't work too well with Cryptoswift on
+    Win32.  A quick test done right before the release showed that trying
+    "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
+    an attempt is made to write at memory address 0x00000002.
+--- 56,62 ----
+    PROBLEMS
+    ========
+  
+!   It seems like the ENGINE part doesn't work too well with CryptoSwift on
+    Win32.  A quick test done right before the release showed that trying
+    "openssl speed -engine cswift" generated errors.  If the DSO gets enabled,
+    an attempt is made to write at memory address 0x00000002.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/STATUS ../RELENG_4_6/crypto/openssl/STATUS
+*** crypto/openssl/STATUS	Wed Jul  4 19:22:29 2001
+--- ../RELENG_4_6/crypto/openssl/STATUS	Wed Dec 31 19:00:00 1969
+***************
+*** 1,92 ****
+- 
+-   OpenSSL STATUS                           Last modified at
+-   ______________                           $Date: 2000/09/24 15:42:34 $
+- 
+-   DEVELOPMENT STATE
+- 
+-     o  OpenSSL 0.9.6:  Released on September 24th, 2000
+-     o  OpenSSL 0.9.5a: Released on April      1st, 2000
+-     o  OpenSSL 0.9.5:  Released on February  28th, 2000
+-     o  OpenSSL 0.9.4:  Released on August    09th, 1999
+-     o  OpenSSL 0.9.3a: Released on May       29th, 1999
+-     o  OpenSSL 0.9.3:  Released on May       25th, 1999
+-     o  OpenSSL 0.9.2b: Released on March     22th, 1999
+-     o  OpenSSL 0.9.1c: Released on December  23th, 1998
+- 
+-   RELEASE SHOWSTOPPERS
+- 
+-   AVAILABLE PATCHES
+- 
+-     o CA.pl patch (Damien Miller)
+- 
+-   IN PROGRESS
+- 
+-     o Steve is currently working on (in no particular order):
+-         ASN1 code redesign, butchery, replacement.
+-         EVP cipher enhancement.
+-         Proper (or at least usable) certificate chain verification.
+- 	Private key, certificate and CRL API and implementation.
+- 	Developing and bugfixing PKCS#7 (S/MIME code).
+-         Various X509 issues: character sets, certificate request extensions.
+-     o Geoff and Richard are currently working on:
+- 	ENGINE (the new code that gives hardware support among others).
+-     o Richard is currently working on:
+- 	UTIL (a new set of library functions to support some higher level
+- 	      functionality that is currently missing).
+- 	Dynamic thread-lock support.
+- 	Shared library support for VMS.
+- 
+-   NEEDS PATCH
+- 
+-     o  non-blocking socket on AIX
+-     o  $(PERL) in */Makefile.ssl
+-     o  "Sign the certificate?" - "n" creates empty certificate file
+- 
+-   OPEN ISSUES
+- 
+-     o internal_verify doesn't know about X509.v3 (basicConstraints
+-       CA flag ...)
+- 
+-     o  The Makefile hierarchy and build mechanism is still not a round thing:
+- 
+-        1. The config vs. Configure scripts
+-           It's the same nasty situation as for Apache with APACI vs.
+-           src/Configure. It confuses.
+-           Suggestion: Merge Configure and config into a single configure
+-                       script with a Autoconf style interface ;-) and remove
+-                       Configure and config. Or even let us use GNU Autoconf
+-                       itself. Then we can avoid a lot of those platform checks
+-                       which are currently in Configure.
+- 
+-     o  Support for Shared Libraries has to be added at least
+-        for the major Unix platforms. The details we can rip from the stuff
+-        Ralf has done for the Apache src/Configure script. Ben wants the
+-        solution to be really simple.
+- 
+-        Status: Ralf will look how we can easily incorporate the
+-                compiler PIC and linker DSO flags from Apache
+-                into the OpenSSL Configure script.
+- 
+-                Ulf: +1 for using GNU autoconf and libtool (but not automake,
+-                     which apparently is not flexible enough to generate
+-                     libcrypto)
+- 
+- 
+-     o  The perl/ stuff needs a major overhaul. Currently it's
+-        totally obsolete. Either we clean it up and enhance it to be up-to-date
+-        with the C code or we also could replace it with the really nice
+-        Net::SSLeay package we can find under
+-        http://www.neuronio.pt/SSLeay.pm.html.  Ralf uses this package for a
+-        longer time and it works fine and is a nice Perl module. Best would be
+-        to convince the author to work for the OpenSSL project and create a
+-        Net::OpenSSL or Crypt::OpenSSL package out of it and maintains it for
+-        us.
+- 
+-        Status: Ralf thinks we should both contact the author of Net::SSLeay
+-                and look how much effort it is to bring Eric's perl/ stuff up
+-                to date.
+-                Paul +1
+- 
+-   WISHES
+- 
+-     o 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/TABLE ../RELENG_4_6/crypto/openssl/TABLE
+*** crypto/openssl/TABLE	Wed Jul  4 19:22:29 2001
+--- ../RELENG_4_6/crypto/openssl/TABLE	Wed Dec 31 19:00:00 1969
+***************
+*** 1,2301 ****
+- Output of `Configure TABLE':
+- 
+- *** BC-16
+- $cc           = bcc
+- $cflags       = 
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** BC-32
+- $cc           = bcc32
+- $cflags       = 
+- $unistd       = 
+- $thread_cflag = 
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR RC4_INDEX
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = win32
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** BS2000-OSD
+- $cc           = c89
+- $cflags       = -O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lsocket -lnsl
+- $bn_ops       = THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** CygWin32
+- $cc           = gcc
+- $cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+- $unistd       = 
+- $thread_cflag = 
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = win32
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** FreeBSD
+- $cc           = gcc
+- $cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-out.o asm/co86-out.o
+- $des_obj      = asm/dx86-out.o asm/yx86-out.o
+- $bf_obj       = asm/bx86-out.o
+- $md5_obj      = asm/mx86-out.o
+- $sha1_obj     = asm/sx86-out.o
+- $cast_obj     = asm/cx86-out.o
+- $rc4_obj      = asm/rx86-out.o
+- $rmd160_obj   = asm/rm86-out.o
+- $rc5_obj      = asm/r586-out.o
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** FreeBSD-alpha
+- $cc           = gcc
+- $cflags       = -DTERMIOS -O -fomit-frame-pointer
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC2
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** FreeBSD-elf
+- $cc           = gcc
+- $cflags       = -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+- $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+- $bf_obj       = asm/bx86-elf.o
+- $md5_obj      = asm/mx86-elf.o
+- $sha1_obj     = asm/sx86-elf.o
+- $cast_obj     = asm/cx86-elf.o
+- $rc4_obj      = asm/rx86-elf.o
+- $rmd160_obj   = asm/rm86-elf.o
+- $rc5_obj      = asm/r586-elf.o
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** MPE/iX-gcc
+- $cc           = gcc
+- $cflags       = -D_ENDIAN -DBN_DIV2W -O3 -DMPE -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -L/SYSLOG/PUB -lsyslog -lsocket -lcurses
+- $bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** Mingw32
+- $cc           = gcc
+- $cflags       = -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+- $unistd       = 
+- $thread_cflag = 
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = win32
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** NetBSD-m68
+- $cc           = gcc
+- $cflags       = -DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** NetBSD-sparc
+- $cc           = gcc
+- $cflags       = -DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** NetBSD-x86
+- $cc           = gcc
+- $cflags       = -DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** OpenBSD
+- $cc           = gcc
+- $cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC2_CHAR RC4_INDEX DES_UNROLL
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** OpenBSD-alpha
+- $cc           = gcc
+- $cflags       = -DTERMIOS -O3 -fomit-frame-pointer
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** OpenBSD-mips
+- $cc           = gcc
+- $cflags       = -O2 -DL_ENDIAN
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC2 DES_PTR BF_PTR
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** OpenBSD-x86
+- $cc           = gcc
+- $cflags       = -DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -m486
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-out.o asm/co86-out.o
+- $des_obj      = asm/dx86-out.o asm/yx86-out.o
+- $bf_obj       = asm/bx86-out.o
+- $md5_obj      = asm/mx86-out.o
+- $sha1_obj     = asm/sx86-out.o
+- $cast_obj     = asm/cx86-out.o
+- $rc4_obj      = asm/rx86-out.o
+- $rmd160_obj   = asm/rm86-out.o
+- $rc5_obj      = asm/r586-out.o
+- $dso_scheme   = dlfcn
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** ReliantUNIX
+- $cc           = cc
+- $cflags       = -KPIC -g -DSNI -DTERMIOS -DB_ENDIAN
+- $unistd       = 
+- $thread_cflag = -Kthread
+- $lflags       = -lsocket -lnsl -lc -L/usr/ucblib -lucb
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** SINIX
+- $cc           = cc
+- $cflags       = -O -DSNI
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lsocket -lnsl -lc -L/usr/ucblib -lucb
+- $bn_ops       = RC4_INDEX RC4_CHAR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** SINIX-N
+- $cc           = /usr/ucb/cc
+- $cflags       = -O2 -misaligned
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lucb
+- $bn_ops       = RC4_INDEX RC4_CHAR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** VC-MSDOS
+- $cc           = cl
+- $cflags       = 
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** VC-NT
+- $cc           = cl
+- $cflags       = 
+- $unistd       = 
+- $thread_cflag = 
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC4_INDEX RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = win32
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** VC-W31-16
+- $cc           = cl
+- $cflags       = 
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** VC-W31-32
+- $cc           = cl
+- $cflags       = 
+- $unistd       = 
+- $thread_cflag = 
+- $lflags       = 
+- $bn_ops       = BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** VC-WIN16
+- $cc           = cl
+- $cflags       = 
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX THIRTY_TWO_BIT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** VC-WIN32
+- $cc           = cl
+- $cflags       = 
+- $unistd       = 
+- $thread_cflag = 
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC4_INDEX RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = win32
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** aix-cc
+- $cc           = cc
+- $cflags       = -O -DAIX -DB_ENDIAN -qmaxmem=16384
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC4_CHAR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** aix-gcc
+- $cc           = gcc
+- $cflags       = -O3 -DAIX -DB_ENDIAN
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC4_CHAR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** alpha-cc
+- $cc           = cc
+- $cflags       = -std1 -tune host -O4 -readonly_strings
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+- $bn_obj       = asm/alpha.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= true64-shared
+- $shared_cflag = 
+- 
+- *** alpha-gcc
+- $cc           = gcc
+- $cflags       = -O3
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1
+- $bn_obj       = asm/alpha.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= true64-shared
+- $shared_cflag = 
+- 
+- *** alpha164-cc
+- $cc           = cc
+- $cflags       = -std1 -tune host -fast -readonly_strings
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK
+- $bn_obj       = asm/alpha.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= true64-shared
+- $shared_cflag = 
+- 
+- *** bsdi-elf-gcc
+- $cc           = gcc
+- $cflags       = -DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+- $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+- $bf_obj       = asm/bx86-elf.o
+- $md5_obj      = asm/mx86-elf.o
+- $sha1_obj     = asm/sx86-elf.o
+- $cast_obj     = asm/cx86-elf.o
+- $rc4_obj      = asm/rx86-elf.o
+- $rmd160_obj   = asm/rm86-elf.o
+- $rc5_obj      = asm/r586-elf.o
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** bsdi-gcc
+- $cc           = gcc
+- $cflags       = -O3 -ffast-math -DL_ENDIAN -DPERL5 -m486
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = RSA_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86bsdi.o asm/co86bsdi.o
+- $des_obj      = asm/dx86bsdi.o asm/yx86bsdi.o
+- $bf_obj       = asm/bx86bsdi.o
+- $md5_obj      = asm/mx86bsdi.o
+- $sha1_obj     = asm/sx86bsdi.o
+- $cast_obj     = asm/cx86bsdi.o
+- $rc4_obj      = asm/rx86bsdi.o
+- $rmd160_obj   = asm/rm86bsdi.o
+- $rc5_obj      = asm/r586bsdi.o
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** cc
+- $cc           = cc
+- $cflags       = -O
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** cray-t3e
+- $cc           = cc
+- $cflags       = -DBIT_FIELD_LIMITS -DTERMIOS
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** cray-t90-cc
+- $cc           = cc
+- $cflags       = -DBIT_FIELD_LIMITS -DTERMIOS
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = SIXTY_FOUR_BIT_LONG DES_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug
+- $cc           = gcc
+- $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lefence
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug-ben
+- $cc           = gcc
+- $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug-ben-debug
+- $cc           = gcc
+- $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug-ben-strict
+- $cc           = gcc
+- $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug-bodo
+- $cc           = gcc
+- $cflags       = -DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+- $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+- $bf_obj       = asm/bx86-elf.o
+- $md5_obj      = asm/mx86-elf.o
+- $sha1_obj     = asm/sx86-elf.o
+- $cast_obj     = asm/cx86-elf.o
+- $rc4_obj      = asm/rx86-elf.o
+- $rmd160_obj   = asm/rm86-elf.o
+- $rc5_obj      = asm/r586-elf.o
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug-levitte-linux-elf
+- $cc           = gcc
+- $cflags       = -DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldl
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug-linux-elf
+- $cc           = gcc
+- $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lefence -ldl
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+- $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+- $bf_obj       = asm/bx86-elf.o
+- $md5_obj      = asm/mx86-elf.o
+- $sha1_obj     = asm/sx86-elf.o
+- $cast_obj     = asm/cx86-elf.o
+- $rc4_obj      = asm/rx86-elf.o
+- $rmd160_obj   = asm/rm86-elf.o
+- $rc5_obj      = asm/r586-elf.o
+- $dso_scheme   = dlfcn
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug-linux-elf-noefence
+- $cc           = gcc
+- $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldl
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+- $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+- $bf_obj       = asm/bx86-elf.o
+- $md5_obj      = asm/mx86-elf.o
+- $sha1_obj     = asm/sx86-elf.o
+- $cast_obj     = asm/cx86-elf.o
+- $rc4_obj      = asm/rx86-elf.o
+- $rmd160_obj   = asm/rm86-elf.o
+- $rc5_obj      = asm/r586-elf.o
+- $dso_scheme   = dlfcn
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug-rse
+- $cc           = cc
+- $cflags       = -DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+- $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+- $bf_obj       = asm/bx86-elf.o
+- $md5_obj      = asm/mx86-elf.o
+- $sha1_obj     = asm/sx86-elf.o
+- $cast_obj     = asm/cx86-elf.o
+- $rc4_obj      = asm/rx86-elf.o
+- $rmd160_obj   = asm/rm86-elf.o
+- $rc5_obj      = asm/r586-elf.o
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug-solaris-sparcv8-cc
+- $cc           = cc
+- $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -KPIC
+- 
+- *** debug-solaris-sparcv8-gcc
+- $cc           = gcc
+- $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -fPIC
+- 
+- *** debug-solaris-sparcv9-cc
+- $cc           = cc
+- $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8plus.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = asm/md5-sparcv8plus.o
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -KPIC
+- 
+- *** debug-solaris-sparcv9-gcc
+- $cc           = gcc
+- $cflags       = -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mcpu=ultrasparc -Wall -DB_ENDIAN
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8plus.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -fPIC
+- 
+- *** debug-steve
+- $cc           = gcc
+- $cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+- $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+- $bf_obj       = asm/bx86-elf.o
+- $md5_obj      = asm/mx86-elf.o
+- $sha1_obj     = asm/sx86-elf.o
+- $cast_obj     = asm/cx86-elf.o
+- $rc4_obj      = asm/rx86-elf.o
+- $rmd160_obj   = asm/rm86-elf.o
+- $rc5_obj      = asm/r586-elf.o
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** debug-ulf
+- $cc           = gcc
+- $cflags       = -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -g -O2 -m486 -Wall -Werror -Wshadow -pipe
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+- $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+- $bf_obj       = asm/bx86-elf.o
+- $md5_obj      = asm/mx86-elf.o
+- $sha1_obj     = asm/sx86-elf.o
+- $cast_obj     = asm/cx86-elf.o
+- $rc4_obj      = asm/rx86-elf.o
+- $rmd160_obj   = asm/rm86-elf.o
+- $rc5_obj      = asm/r586-elf.o
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** dgux-R3-gcc
+- $cc           = gcc
+- $cflags       = -O3 -fomit-frame-pointer
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = RC4_INDEX DES_UNROLL
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** dgux-R4-gcc
+- $cc           = gcc
+- $cflags       = -O3 -fomit-frame-pointer
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lnsl -lsocket
+- $bn_ops       = RC4_INDEX
+- $bn_obj       = RC4_INDEX DES_UNROLL
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** dgux-R4-x86-gcc
+- $cc           = gcc
+- $cflags       = -O3 -fomit-frame-pointer -DL_ENDIAN
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lnsl -lsocket
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+- $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+- $bf_obj       = asm/bx86-elf.o
+- $md5_obj      = asm/mx86-elf.o
+- $sha1_obj     = asm/sx86-elf.o
+- $cast_obj     = asm/cx86-elf.o
+- $rc4_obj      = asm/rx86-elf.o
+- $rmd160_obj   = asm/rm86-elf.o
+- $rc5_obj      = asm/r586-elf.o
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** dist
+- $cc           = cc
+- $cflags       = -O
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** gcc
+- $cc           = gcc
+- $cflags       = -O3
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux-brokencc
+- $cc           = cc
+- $cflags       = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -ldld
+- $bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux-brokengcc
+- $cc           = gcc
+- $cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -ldld
+- $bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux-cc
+- $cc           = cc
+- $cflags       = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -ldld
+- $bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux-gcc
+- $cc           = gcc
+- $cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -ldld
+- $bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux-parisc-cc
+- $cc           = cc
+- $cflags       = +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldld
+- $bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux-parisc-cc-o4
+- $cc           = cc
+- $cflags       = -Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY
+- $unistd       = 
+- $thread_cflag = 
+- $lflags       = -ldld
+- $bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux-parisc-gcc
+- $cc           = gcc
+- $cflags       = -O3 -DB_ENDIAN -DBN_DIV2W
+- $unistd       = 
+- $thread_cflag = 
+- $lflags       = -ldld
+- $bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux-parisc1_1-cc
+- $cc           = cc
+- $cflags       = +DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldld
+- $bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux-parisc2-cc
+- $cc           = cc
+- $cflags       = +DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldld
+- $bn_ops       = SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+- $bn_obj       = asm/pa-risc2.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux10-brokencc
+- $cc           = cc
+- $cflags       = -DB_ENDIAN -DBN_DIV2W -Ae +ESlit +O2 -z
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldld
+- $bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux10-brokengcc
+- $cc           = gcc
+- $cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldld
+- $bn_ops       = DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux10-cc
+- $cc           = cc
+- $cflags       = -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O3 -z
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldld
+- $bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux10-gcc
+- $cc           = gcc
+- $cflags       = -DB_ENDIAN -DBN_DIV2W -O3
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldld
+- $bn_ops       = BN_LLONG DES_PTR DES_UNROLL DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dl
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux64-parisc-cc
+- $cc           = cc
+- $cflags       = -Ae +DD64 +O3 +ESlit -z -DB_ENDIAN -DMD32_XARRAY
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldl
+- $bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** hpux64-parisc2-cc
+- $cc           = cc
+- $cflags       = +DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldl
+- $bn_ops       = SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT
+- $bn_obj       = asm/pa-risc2W.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** irix-cc
+- $cc           = cc
+- $cflags       = -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** irix-gcc
+- $cc           = gcc
+- $cflags       = -O3 -DTERMIOS -DB_ENDIAN
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** irix-mips3-cc
+- $cc           = cc
+- $cflags       = -n32 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+- $unistd       = 
+- $thread_cflag = -D_SGI_MP_SOURCE
+- $lflags       = 
+- $bn_ops       = DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT
+- $bn_obj       = asm/mips3.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** irix-mips3-gcc
+- $cc           = gcc
+- $cflags       = -mabi=n32 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+- $unistd       = 
+- $thread_cflag = -D_SGI_MP_SOURCE
+- $lflags       = 
+- $bn_ops       = MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT
+- $bn_obj       = asm/mips3.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** irix64-mips4-cc
+- $cc           = cc
+- $cflags       = -64 -mips4 -O2 -use_readonly_const -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+- $unistd       = 
+- $thread_cflag = -D_SGI_MP_SOURCE
+- $lflags       = 
+- $bn_ops       = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
+- $bn_obj       = asm/mips3.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** irix64-mips4-gcc
+- $cc           = gcc
+- $cflags       = -mabi=64 -mips4 -mmips-as -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W
+- $unistd       = 
+- $thread_cflag = -D_SGI_MP_SOURCE
+- $lflags       = 
+- $bn_ops       = RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG
+- $bn_obj       = asm/mips3.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** linux-alpha+bwx-ccc
+- $cc           = ccc
+- $cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL
+- $bn_obj       = asm/alpha.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** linux-alpha+bwx-gcc
+- $cc           = gcc
+- $cflags       = -O3 -DL_ENDIAN -DTERMIO
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldl
+- $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL
+- $bn_obj       = asm/alpha.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= linux-shared
+- $shared_cflag = -fPIC
+- 
+- *** linux-alpha-ccc
+- $cc           = ccc
+- $cflags       = -fast -readonly_strings -DL_ENDIAN -DTERMIO
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL
+- $bn_obj       = asm/alpha.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** linux-alpha-gcc
+- $cc           = gcc
+- $cflags       = -O3 -DL_ENDIAN -DTERMIO
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldl
+- $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL
+- $bn_obj       = asm/alpha.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= linux-shared
+- $shared_cflag = -fPIC
+- 
+- *** linux-aout
+- $cc           = gcc
+- $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-out.o asm/co86-out.o
+- $des_obj      = asm/dx86-out.o asm/yx86-out.o
+- $bf_obj       = asm/bx86-out.o
+- $md5_obj      = asm/mx86-out.o
+- $sha1_obj     = asm/sx86-out.o
+- $cast_obj     = asm/cx86-out.o
+- $rc4_obj      = asm/rx86-out.o
+- $rmd160_obj   = asm/rm86-out.o
+- $rc5_obj      = asm/r586-out.o
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** linux-elf
+- $cc           = gcc
+- $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -ldl
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-elf.o asm/co86-elf.o
+- $des_obj      = asm/dx86-elf.o asm/yx86-elf.o
+- $bf_obj       = asm/bx86-elf.o
+- $md5_obj      = asm/mx86-elf.o
+- $sha1_obj     = asm/sx86-elf.o
+- $cast_obj     = asm/cx86-elf.o
+- $rc4_obj      = asm/rx86-elf.o
+- $rmd160_obj   = asm/rm86-elf.o
+- $rc5_obj      = asm/r586-elf.o
+- $dso_scheme   = dlfcn
+- $shared_target= linux-shared
+- $shared_cflag = -fPIC
+- 
+- *** linux-elf-arm
+- $cc           = gcc
+- $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = BN_LLONG
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= linux-shared
+- $shared_cflag = -fPIC
+- 
+- *** linux-ia64
+- $cc           = gcc
+- $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = SIXTY_FOUR_BIT_LONG
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** linux-m68k
+- $cc           = gcc
+- $cflags       = -DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = BN_LLONG
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** linux-mips
+- $cc           = gcc
+- $cflags       = -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** linux-ppc
+- $cc           = gcc
+- $cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = BN_LLONG
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** linux-sparcv7
+- $cc           = gcc
+- $cflags       = -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** linux-sparcv8
+- $cc           = gcc
+- $cflags       = -mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** linux-sparcv9
+- $cc           = gcc
+- $cflags       = -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DULTRASPARC -DBN_DIV2W
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8plus.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = asm/md5-sparcv8plus.o
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** ncr-scde
+- $cc           = cc
+- $cflags       = -O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lsocket -lnsl
+- $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** newsos4-gcc
+- $cc           = gcc
+- $cflags       = -O -DB_ENDIAN -DNEWS4
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lmld -liberty
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** nextstep
+- $cc           = cc
+- $cflags       = -O -Wall
+- $unistd       = <libc.h>
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** nextstep3.3
+- $cc           = cc
+- $cflags       = -O3 -Wall
+- $unistd       = <libc.h>
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** purify
+- $cc           = purify gcc
+- $cflags       = -g -DPURIFY -Wall
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lsocket -lnsl
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** qnx4
+- $cc           = cc
+- $cflags       = -DL_ENDIAN -DTERMIO
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** rhapsody-ppc-cc
+- $cc           = cc
+- $cflags       = -O3 -DB_ENDIAN
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** sco5-cc
+- $cc           = cc
+- $cflags       = 
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lsocket
+- $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** sco5-gcc
+- $cc           = gcc
+- $cflags       = -O3 -fomit-frame-pointer
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lsocket
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** solaris-sparc-sc3
+- $cc           = cc
+- $cflags       = -fast -O -Xa -DB_ENDIAN
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -KPIC
+- 
+- *** solaris-sparcv7-cc
+- $cc           = cc
+- $cflags       = -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -KPIC
+- 
+- *** solaris-sparcv7-gcc
+- $cc           = gcc
+- $cflags       = -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -fPIC
+- 
+- *** solaris-sparcv8-cc
+- $cc           = cc
+- $cflags       = -xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -KPIC
+- 
+- *** solaris-sparcv8-gcc
+- $cc           = gcc
+- $cflags       = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -fPIC
+- 
+- *** solaris-sparcv9-cc
+- $cc           = cc
+- $cflags       = -xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W -DULTRASPARC
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8plus.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = asm/md5-sparcv8plus.o
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -KPIC
+- 
+- *** solaris-sparcv9-gcc
+- $cc           = gcc
+- $cflags       = -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8plus.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = asm/md5-sparcv8plus.o
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -fPIC
+- 
+- *** solaris-sparcv9-gcc27
+- $cc           = gcc
+- $cflags       = -mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W -DULTRASPARC
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR
+- $bn_obj       = asm/sparcv8plus-gcc27.o
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = asm/md5-sparcv8plus-gcc27.o
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -fPIC
+- 
+- *** solaris-x86-gcc
+- $cc           = gcc
+- $cflags       = -O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DNO_INLINE_ASM
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = BN_LLONG DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = asm/bn86-sol.o asm/co86-sol.o
+- $des_obj      = asm/dx86-sol.o asm/yx86-sol.o
+- $bf_obj       = asm/bx86-sol.o
+- $md5_obj      = asm/mx86-sol.o
+- $sha1_obj     = asm/sx86-sol.o
+- $cast_obj     = asm/cx86-sol.o
+- $rc4_obj      = asm/rx86-sol.o
+- $rmd160_obj   = asm/rm86-sol.o
+- $rc5_obj      = asm/r586-sol.o
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -fPIC
+- 
+- *** solaris64-sparcv9-cc
+- $cc           = cc
+- $cflags       = -xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DULTRASPARC
+- $unistd       = 
+- $thread_cflag = -D_REENTRANT
+- $lflags       = -lsocket -lnsl -ldl
+- $bn_ops       = SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = asm/md5-sparcv9.o
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = dlfcn
+- $shared_target= solaris-shared
+- $shared_cflag = -KPIC
+- 
+- *** sunos-gcc
+- $cc           = gcc
+- $cflags       = -O3 -mv8 -Dssize_t=int
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** ultrix-cc
+- $cc           = cc
+- $cflags       = -std1 -O -Olimit 1000 -DL_ENDIAN
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** ultrix-gcc
+- $cc           = gcc
+- $cflags       = -O3 -DL_ENDIAN
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = 
+- $bn_ops       = 
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** unixware-2.0
+- $cc           = cc
+- $cflags       = -O -DFILIO_H
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lsocket -lnsl
+- $bn_ops       = DES_PTR DES_RISC1 DES_UNROLL RC4_INDEX MD2_INT
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** unixware-2.0-pentium
+- $cc           = cc
+- $cflags       = -O -DFILIO_H -Kpentium -Kthread
+- $unistd       = 
+- $thread_cflag = (unknown)
+- $lflags       = -lsocket -lnsl
+- $bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+- 
+- *** unixware-7
+- $cc           = cc
+- $cflags       = -O -DFILIO_H -Kalloca
+- $unistd       = 
+- $thread_cflag = -Kthread
+- $lflags       = -lsocket -lnsl
+- $bn_ops       = MD2_CHAR RC4_INDEX DES_PTR DES_RISC1 DES_UNROLL
+- $bn_obj       = 
+- $des_obj      = 
+- $bf_obj       = 
+- $md5_obj      = 
+- $sha1_obj     = 
+- $cast_obj     = 
+- $rc4_obj      = 
+- $rmd160_obj   = 
+- $rc5_obj      = 
+- $dso_scheme   = 
+- $shared_target= 
+- $shared_cflag = 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/CA.pl ../RELENG_4_6/crypto/openssl/apps/CA.pl
+*** crypto/openssl/apps/CA.pl	Sun Nov 26 06:32:46 2000
+--- ../RELENG_4_6/crypto/openssl/apps/CA.pl	Wed Feb 19 21:57:35 2003
+***************
+*** 1,4 ****
+! #!/usr/local/bin/perl
+  #
+  # CA - wrapper around ca to make it easier to use ... basically ca requires
+  #      some setup stuff to be done before you can use it and this makes
+--- 1,4 ----
+! #!/usr/local/bin/perl5
+  #
+  # CA - wrapper around ca to make it easier to use ... basically ca requires
+  #      some setup stuff to be done before you can use it and this makes
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/Makefile.save ../RELENG_4_6/crypto/openssl/apps/Makefile.save
+*** crypto/openssl/apps/Makefile.save	Sun Aug 20 04:48:28 2000
+--- ../RELENG_4_6/crypto/openssl/apps/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,818 ****
+- #
+- #  apps/Makefile.ssl
+- #
+- 
+- DIR=		apps
+- TOP=		..
+- CC=		cc
+- INCLUDES=	-I../include
+- CFLAG=		-g -static
+- INSTALL_PREFIX=
+- INSTALLTOP=	/usr/local/ssl
+- OPENSSLDIR=	/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- PERL=/usr/local/bin/perl
+- RM=		rm -f
+- 
+- PEX_LIBS=
+- EX_LIBS= 
+- 
+- CFLAGS= -DMONOLITH $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile makeapps.com install.com
+- 
+- DLIBCRYPTO=../libcrypto.a
+- DLIBSSL=../libssl.a
+- LIBCRYPTO=-L.. -lcrypto
+- LIBSSL=-L.. -lssl
+- 
+- PROGRAM= openssl
+- 
+- SCRIPTS=CA.sh CA.pl der_chop
+- 
+- EXE= $(PROGRAM)
+- 
+- E_EXE=	verify asn1pars req dgst dh dhparam enc passwd gendh errstr \
+- 	ca crl rsa dsa dsaparam \
+- 	x509 genrsa gendsa s_server s_client speed \
+- 	s_time version pkcs7 crl2pkcs7 sess_id ciphers nseq pkcs12 \
+- 	pkcs8 spkac smime rand
+- 
+- PROGS= $(PROGRAM).c
+- 
+- A_OBJ=apps.o
+- A_SRC=apps.c
+- S_OBJ=	s_cb.o s_socket.o
+- S_SRC=	s_cb.c s_socket.c
+- RAND_OBJ=app_rand.o
+- RAND_SRC=app_rand.c
+- 
+- E_OBJ=	verify.o asn1pars.o req.o dgst.o dh.o dhparam.o enc.o passwd.o gendh.o errstr.o \
+- 	ca.o pkcs7.o crl2p7.o crl.o \
+- 	rsa.o dsa.o dsaparam.o \
+- 	x509.o genrsa.o gendsa.o s_server.o s_client.o speed.o \
+- 	s_time.o $(A_OBJ) $(S_OBJ) $(RAND_OBJ) version.o sess_id.o \
+- 	ciphers.o nseq.o pkcs12.o pkcs8.o spkac.o smime.o rand.o
+- 
+- E_SRC=	verify.c asn1pars.c req.c dgst.c dh.c enc.c passwd.c gendh.c errstr.c ca.c \
+- 	pkcs7.c crl2p7.c crl.c \
+- 	rsa.c dsa.c dsaparam.c \
+- 	x509.c genrsa.c gendsa.c s_server.c s_client.c speed.c \
+- 	s_time.c $(A_SRC) $(S_SRC) $(RAND_SRC) version.c sess_id.c \
+- 	ciphers.c nseq.c pkcs12.c pkcs8.c spkac.c smime.c rand.c
+- 
+- SRC=$(E_SRC)
+- 
+- EXHEADER=
+- HEADER=	apps.h progs.h s_apps.h \
+- 	testdsa.h testrsa.h \
+- 	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
+- 
+- all:	exe
+- 
+- exe:	$(EXE)
+- 
+- req: sreq.o $(A_OBJ) $(DLIBCRYPTO)
+- 	$(CC) -o req $(CFLAG) sreq.o $(A_OBJ) $(RAND_OBJ) $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- sreq.o: req.c 
+- 	$(CC) -c $(INCLUDES) $(CFLAG) -o sreq.o req.c
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- install:
+- 	@for i in $(EXE); \
+- 	do  \
+- 	(echo installing $$i; \
+- 	 cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
+- 	 chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i ); \
+- 	 done;
+- 	@for i in $(SCRIPTS); \
+- 	do  \
+- 	(echo installing $$i; \
+- 	 cp $$i $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i; \
+- 	 chmod 755 $(INSTALL_PREFIX)$(OPENSSLDIR)/misc/$$i ); \
+- 	 done
+- 	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR); \
+- 	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE)
+- 	rm -f req
+- 
+- $(DLIBSSL):
+- 	(cd ../ssl; $(MAKE))
+- 
+- $(DLIBCRYPTO):
+- 	(cd ../crypto; $(MAKE))
+- 
+- $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+- 	$(RM) $(PROGRAM)
+- 	$(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+- 	@(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; sh tools/c_rehash certs)
+- 
+- progs.h: progs.pl
+- 	$(PERL) progs.pl $(E_EXE) >progs.h
+- 	$(RM) $(PROGRAM).o
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- app_rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- app_rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- app_rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- app_rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- app_rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- app_rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- app_rand.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- app_rand.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+- app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- apps.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- apps.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- apps.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- apps.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- apps.o: ../include/openssl/stack.h ../include/openssl/x509.h
+- apps.o: ../include/openssl/x509_vfy.h apps.h
+- asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- asn1pars.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- asn1pars.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+- asn1pars.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+- ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+- ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+- ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- ca.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- ca.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- ca.o: ../include/openssl/stack.h ../include/openssl/txt_db.h
+- ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+- ca.o: ../include/openssl/x509v3.h apps.h
+- ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+- ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- ciphers.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- ciphers.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- ciphers.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+- crl.o: ../include/openssl/des.h ../include/openssl/dh.h
+- crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+- crl.o: ../include/openssl/x509v3.h apps.h
+- crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- crl2p7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- crl2p7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+- crl2p7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- dgst.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- dgst.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+- dgst.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- dh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- dh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+- dh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- dsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- dsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+- dsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- dsaparam.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- dsaparam.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+- dsaparam.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- enc.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- enc.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+- enc.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- enc.o: ../include/openssl/stack.h ../include/openssl/x509.h
+- enc.o: ../include/openssl/x509_vfy.h apps.h
+- errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+- errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- errstr.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- errstr.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- errstr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- gendh.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- gendh.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+- gendh.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- gendh.o: ../include/openssl/stack.h ../include/openssl/x509.h
+- gendh.o: ../include/openssl/x509_vfy.h apps.h
+- gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- gendsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- gendsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+- gendsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- genrsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- genrsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+- genrsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- nseq.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- nseq.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+- nseq.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- openssl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+- openssl.o: ../include/openssl/des.h ../include/openssl/dh.h
+- openssl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+- passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- passwd.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- passwd.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- passwd.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+- passwd.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- passwd.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+- passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- passwd.o: ../include/openssl/stack.h ../include/openssl/x509.h
+- passwd.o: ../include/openssl/x509_vfy.h apps.h
+- pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- pkcs12.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- pkcs12.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+- pkcs12.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+- pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- pkcs12.o: ../include/openssl/stack.h ../include/openssl/x509.h
+- pkcs12.o: ../include/openssl/x509_vfy.h apps.h
+- pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- pkcs7.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- pkcs7.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+- pkcs7.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- pkcs8.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- pkcs8.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+- pkcs8.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+- pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- pkcs8.o: ../include/openssl/stack.h ../include/openssl/x509.h
+- pkcs8.o: ../include/openssl/x509_vfy.h apps.h
+- rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- rand.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- rand.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+- rand.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+- rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- rand.o: ../include/openssl/stack.h ../include/openssl/x509.h
+- rand.o: ../include/openssl/x509_vfy.h apps.h
+- req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+- req.o: ../include/openssl/des.h ../include/openssl/dh.h
+- req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+- req.o: ../include/openssl/x509v3.h apps.h
+- rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- rsa.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- rsa.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+- rsa.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+- s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- s_cb.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- s_cb.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s_cb.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
+- s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+- s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- s_client.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- s_client.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s_client.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- s_client.o: s_apps.h
+- s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+- s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- s_server.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- s_server.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s_server.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- s_server.o: s_apps.h
+- s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
+- s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+- s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- s_time.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- s_time.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s_time.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- s_time.o: s_apps.h
+- sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+- sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- sess_id.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- sess_id.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- sess_id.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- smime.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- smime.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- smime.o: ../include/openssl/err.h ../include/openssl/evp.h
+- smime.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- speed.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- speed.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+- speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+- speed.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- speed.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+- speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
+- speed.o: ./testrsa.h apps.h
+- spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+- spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
+- spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+- verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+- verify.o: ../include/openssl/des.h ../include/openssl/dh.h
+- verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+- verify.o: ../include/openssl/x509v3.h apps.h
+- version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- version.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- version.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- version.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- version.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- version.o: ../include/openssl/stack.h ../include/openssl/x509.h
+- version.o: ../include/openssl/x509_vfy.h apps.h
+- x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+- x509.o: ../include/openssl/des.h ../include/openssl/dh.h
+- x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+- x509.o: ../include/openssl/x509v3.h apps.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/Makefile.ssl ../RELENG_4_6/crypto/openssl/apps/Makefile.ssl
+*** crypto/openssl/apps/Makefile.ssl	Wed Jul  4 19:19:09 2001
+--- ../RELENG_4_6/crypto/openssl/apps/Makefile.ssl	Wed Oct  9 11:12:45 2002
+***************
+*** 13,19 ****
+  MAKE=		make -f Makefile.ssl
+  MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+  MAKEFILE=	Makefile.ssl
+! PERL=/usr/local/bin/perl
+  RM=		rm -f
+  
+  PEX_LIBS=
+--- 13,19 ----
+  MAKE=		make -f Makefile.ssl
+  MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+  MAKEFILE=	Makefile.ssl
+! PERL=		perl
+  RM=		rm -f
+  
+  PEX_LIBS=
+***************
+*** 117,123 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 117,123 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 128,137 ****
+  	rm -f req
+  
+  $(DLIBSSL):
+! 	(cd ../ssl; $(MAKE))
+  
+  $(DLIBCRYPTO):
+! 	(cd ../crypto; $(MAKE))
+  
+  $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+  	$(RM) $(PROGRAM)
+--- 128,137 ----
+  	rm -f req
+  
+  $(DLIBSSL):
+! 	(cd ..; $(MAKE) DIRS=ssl all)
+  
+  $(DLIBCRYPTO):
+! 	(cd ..; $(MAKE) DIRS=crypto all)
+  
+  $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+  	$(RM) $(PROGRAM)
+***************
+*** 150,946 ****
+  app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  app_rand.o: ../include/openssl/des.h ../include/openssl/dh.h
+  app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! app_rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! app_rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! app_rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! app_rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! app_rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! app_rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! app_rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+! app_rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+! app_rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! app_rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! app_rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! app_rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! app_rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  apps.o: ../include/openssl/des.h ../include/openssl/dh.h
+  apps.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! apps.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! apps.o: ../include/openssl/err.h ../include/openssl/evp.h
+! apps.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! apps.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! apps.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! apps.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! apps.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! apps.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! apps.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+! apps.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! apps.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! apps.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! apps.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! apps.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! apps.o: ../include/openssl/x509_vfy.h apps.h
+  asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  asn1pars.o: ../include/openssl/des.h ../include/openssl/dh.h
+  asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! asn1pars.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! asn1pars.o: ../include/openssl/err.h ../include/openssl/evp.h
+! asn1pars.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! asn1pars.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! asn1pars.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! asn1pars.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! asn1pars.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! asn1pars.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! asn1pars.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! asn1pars.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! asn1pars.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! asn1pars.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! asn1pars.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! asn1pars.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+! ca.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! ca.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! ca.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! ca.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! ca.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! ca.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! ca.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! ca.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! ca.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! ca.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! ca.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! ca.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! ca.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! ca.o: ../include/openssl/symhacks.h ../include/openssl/txt_db.h
+! ca.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+! ca.o: ../include/openssl/x509v3.h apps.h
+  ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! ciphers.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! ciphers.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! ciphers.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! ciphers.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! ciphers.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! ciphers.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! ciphers.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! ciphers.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! ciphers.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! ciphers.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! ciphers.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! ciphers.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! ciphers.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! ciphers.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! ciphers.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! ciphers.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  crl.o: ../include/openssl/des.h ../include/openssl/dh.h
+  crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! crl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! crl.o: ../include/openssl/err.h ../include/openssl/evp.h
+! crl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! crl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! crl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! crl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! crl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! crl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! crl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! crl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! crl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! crl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! crl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! crl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+! crl.o: ../include/openssl/x509v3.h apps.h
+  crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  crl2p7.o: ../include/openssl/des.h ../include/openssl/dh.h
+  crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! crl2p7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! crl2p7.o: ../include/openssl/err.h ../include/openssl/evp.h
+! crl2p7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! crl2p7.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! crl2p7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! crl2p7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! crl2p7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! crl2p7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! crl2p7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! crl2p7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! crl2p7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! crl2p7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! crl2p7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! crl2p7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
+  dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! dgst.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! dgst.o: ../include/openssl/err.h ../include/openssl/evp.h
+! dgst.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! dgst.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! dgst.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! dgst.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! dgst.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dgst.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! dgst.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! dgst.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! dgst.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! dgst.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! dgst.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! dgst.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+! dh.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! dh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! dh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! dh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! dh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! dh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! dh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! dh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! dh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! dh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! dh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! dh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! dh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! dh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! dh.o: ../include/openssl/x509_vfy.h apps.h
+  dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+  dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! dsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! dsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+! dsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! dsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! dsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! dsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! dsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! dsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! dsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! dsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! dsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! dsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! dsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
+  dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! dsaparam.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! dsaparam.o: ../include/openssl/err.h ../include/openssl/evp.h
+! dsaparam.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! dsaparam.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! dsaparam.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! dsaparam.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! dsaparam.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dsaparam.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! dsaparam.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! dsaparam.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! dsaparam.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! dsaparam.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! dsaparam.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! dsaparam.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+  enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! enc.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! enc.o: ../include/openssl/err.h ../include/openssl/evp.h
+! enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! enc.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! enc.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! enc.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+! enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! enc.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! enc.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! enc.o: ../include/openssl/x509_vfy.h apps.h
+  errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! errstr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! errstr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! errstr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! errstr.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! errstr.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! errstr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! errstr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! errstr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! errstr.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! errstr.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! errstr.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! errstr.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! errstr.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! errstr.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! errstr.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! errstr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
+  gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! gendh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! gendh.o: ../include/openssl/err.h ../include/openssl/evp.h
+! gendh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! gendh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! gendh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! gendh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! gendh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! gendh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! gendh.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+! gendh.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! gendh.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! gendh.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! gendh.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! gendh.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! gendh.o: ../include/openssl/x509_vfy.h apps.h
+  gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+  gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! gendsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! gendsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+! gendsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! gendsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! gendsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! gendsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! gendsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! gendsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! gendsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! gendsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! gendsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! gendsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! gendsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! gendsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+  genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! genrsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! genrsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+! genrsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! genrsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! genrsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! genrsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! genrsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! genrsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! genrsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! genrsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! genrsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! genrsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! genrsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! genrsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  nseq.o: ../include/openssl/des.h ../include/openssl/dh.h
+  nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! nseq.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! nseq.o: ../include/openssl/err.h ../include/openssl/evp.h
+! nseq.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! nseq.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! nseq.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! nseq.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! nseq.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! nseq.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! nseq.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! nseq.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! nseq.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! nseq.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! nseq.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! nseq.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  openssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! openssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! openssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! openssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! openssl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! openssl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! openssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! openssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! openssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! openssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! openssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! openssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! openssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! openssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! openssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! openssl.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! openssl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+! openssl.o: progs.h s_apps.h
+  passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  passwd.o: ../include/openssl/des.h ../include/openssl/dh.h
+  passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! passwd.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! passwd.o: ../include/openssl/err.h ../include/openssl/evp.h
+! passwd.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! passwd.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! passwd.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! passwd.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! passwd.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! passwd.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+! passwd.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! passwd.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! passwd.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! passwd.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! passwd.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! passwd.o: ../include/openssl/x509_vfy.h apps.h
+  pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
+  pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! pkcs12.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! pkcs12.o: ../include/openssl/err.h ../include/openssl/evp.h
+! pkcs12.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! pkcs12.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! pkcs12.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! pkcs12.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! pkcs12.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! pkcs12.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! pkcs12.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+! pkcs12.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! pkcs12.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! pkcs12.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! pkcs12.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! pkcs12.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! pkcs12.o: ../include/openssl/x509_vfy.h apps.h
+  pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
+  pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! pkcs7.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! pkcs7.o: ../include/openssl/err.h ../include/openssl/evp.h
+! pkcs7.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! pkcs7.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! pkcs7.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! pkcs7.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! pkcs7.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! pkcs7.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! pkcs7.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! pkcs7.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! pkcs7.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! pkcs7.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! pkcs7.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! pkcs7.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
+  pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! pkcs8.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! pkcs8.o: ../include/openssl/err.h ../include/openssl/evp.h
+! pkcs8.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! pkcs8.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! pkcs8.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! pkcs8.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! pkcs8.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! pkcs8.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! pkcs8.o: ../include/openssl/pkcs12.h ../include/openssl/pkcs7.h
+! pkcs8.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! pkcs8.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! pkcs8.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! pkcs8.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! pkcs8.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! pkcs8.o: ../include/openssl/x509_vfy.h apps.h
+  rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  rand.o: ../include/openssl/des.h ../include/openssl/dh.h
+  rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! rand.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! rand.o: ../include/openssl/err.h ../include/openssl/evp.h
+! rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+! rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! rand.o: ../include/openssl/x509_vfy.h apps.h
+  req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  req.o: ../include/openssl/des.h ../include/openssl/dh.h
+  req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! req.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! req.o: ../include/openssl/err.h ../include/openssl/evp.h
+! req.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! req.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! req.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! req.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! req.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! req.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! req.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! req.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! req.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! req.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! req.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! req.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+! req.o: ../include/openssl/x509v3.h apps.h
+  rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+  rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! rsa.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! rsa.o: ../include/openssl/err.h ../include/openssl/evp.h
+! rsa.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! rsa.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! rsa.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! rsa.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! rsa.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! rsa.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! rsa.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! rsa.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! rsa.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! rsa.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  rsautl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  rsautl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  rsautl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
+  rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! rsautl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! rsautl.o: ../include/openssl/err.h ../include/openssl/evp.h
+! rsautl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! rsautl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! rsautl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! rsautl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! rsautl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! rsautl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! rsautl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! rsautl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! rsautl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! rsautl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! rsautl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! rsautl.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! s_cb.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! s_cb.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! s_cb.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! s_cb.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! s_cb.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! s_cb.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! s_cb.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! s_cb.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! s_cb.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! s_cb.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! s_cb.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! s_cb.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! s_cb.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! s_cb.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! s_cb.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! s_cb.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h s_apps.h
+  s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! s_client.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! s_client.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! s_client.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! s_client.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! s_client.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! s_client.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! s_client.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! s_client.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! s_client.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+! s_client.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! s_client.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! s_client.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! s_client.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! s_client.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! s_client.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! s_client.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! s_client.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
+  s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! s_server.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! s_server.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! s_server.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! s_server.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! s_server.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! s_server.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! s_server.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! s_server.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! s_server.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+! s_server.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! s_server.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! s_server.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! s_server.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! s_server.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! s_server.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! s_server.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! s_server.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
+  s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! s_socket.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
+! s_socket.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! s_socket.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! s_socket.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! s_socket.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! s_socket.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! s_socket.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! s_socket.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! s_socket.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! s_socket.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! s_socket.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! s_socket.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! s_socket.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! s_socket.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! s_socket.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! s_socket.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
+  s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! s_time.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! s_time.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! s_time.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! s_time.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! s_time.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! s_time.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! s_time.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! s_time.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! s_time.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! s_time.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! s_time.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! s_time.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! s_time.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! s_time.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! s_time.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! s_time.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+! s_time.o: s_apps.h
+  sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! sess_id.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! sess_id.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! sess_id.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! sess_id.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! sess_id.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! sess_id.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! sess_id.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! sess_id.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! sess_id.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! sess_id.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! sess_id.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! sess_id.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! sess_id.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! sess_id.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! sess_id.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! sess_id.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  smime.o: ../include/openssl/des.h ../include/openssl/dh.h
+  smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! smime.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! smime.o: ../include/openssl/err.h ../include/openssl/evp.h
+! smime.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! smime.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! smime.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! smime.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! smime.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! smime.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! smime.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! smime.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! smime.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! smime.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! smime.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! smime.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  speed.o: ../include/openssl/des.h ../include/openssl/dh.h
+  speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! speed.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! speed.o: ../include/openssl/err.h ../include/openssl/evp.h
+! speed.o: ../include/openssl/hmac.h ../include/openssl/idea.h
+! speed.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! speed.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! speed.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! speed.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! speed.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+! speed.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+! speed.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! speed.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! speed.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! speed.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! speed.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ./testdsa.h
+! speed.o: ./testrsa.h apps.h
+  spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
+  spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! spkac.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! spkac.o: ../include/openssl/err.h ../include/openssl/evp.h
+! spkac.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! spkac.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! spkac.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! spkac.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! spkac.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! spkac.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! spkac.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! spkac.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! spkac.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! spkac.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! spkac.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! spkac.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  verify.o: ../include/openssl/des.h ../include/openssl/dh.h
+  verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! verify.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! verify.o: ../include/openssl/err.h ../include/openssl/evp.h
+! verify.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! verify.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! verify.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! verify.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! verify.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! verify.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! verify.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! verify.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! verify.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! verify.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! verify.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! verify.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+! verify.o: ../include/openssl/x509v3.h apps.h
+  version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  version.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  version.o: ../include/openssl/des.h ../include/openssl/dh.h
+  version.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! version.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! version.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! version.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! version.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! version.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! version.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! version.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+! version.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! version.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! version.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! version.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! version.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! version.o: ../include/openssl/x509_vfy.h apps.h
+  x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  x509.o: ../include/openssl/des.h ../include/openssl/dh.h
+  x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! x509.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! x509.o: ../include/openssl/err.h ../include/openssl/evp.h
+! x509.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! x509.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! x509.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! x509.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! x509.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! x509.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! x509.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! x509.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! x509.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! x509.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! x509.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! x509.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+! x509.o: ../include/openssl/x509v3.h apps.h
+--- 150,929 ----
+  app_rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  app_rand.o: ../include/openssl/des.h ../include/openssl/dh.h
+  app_rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! app_rand.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
+! app_rand.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! app_rand.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! app_rand.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! app_rand.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! app_rand.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! app_rand.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+! app_rand.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! app_rand.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! app_rand.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! app_rand.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! app_rand.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! app_rand.o: ../include/openssl/x509_vfy.h apps.h
+  apps.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  apps.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  apps.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  apps.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  apps.o: ../include/openssl/des.h ../include/openssl/dh.h
+  apps.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! apps.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! apps.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! apps.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! apps.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! apps.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! apps.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! apps.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! apps.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+! apps.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! apps.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! apps.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! apps.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! apps.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! apps.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  asn1pars.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  asn1pars.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  asn1pars.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  asn1pars.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  asn1pars.o: ../include/openssl/des.h ../include/openssl/dh.h
+  asn1pars.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! asn1pars.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! asn1pars.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! asn1pars.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! asn1pars.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! asn1pars.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! asn1pars.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! asn1pars.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! asn1pars.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! asn1pars.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! asn1pars.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! asn1pars.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! asn1pars.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! asn1pars.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! asn1pars.o: ../include/openssl/x509_vfy.h apps.h
+  ca.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ca.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ca.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  ca.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  ca.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+! ca.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! ca.o: ../include/openssl/err.h ../include/openssl/evp.h
+! ca.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! ca.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! ca.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! ca.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! ca.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! ca.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! ca.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! ca.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! ca.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! ca.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! ca.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ca.o: ../include/openssl/txt_db.h ../include/openssl/x509.h
+! ca.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+  ciphers.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ciphers.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ciphers.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  ciphers.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  ciphers.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  ciphers.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! ciphers.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! ciphers.o: ../include/openssl/err.h ../include/openssl/evp.h
+! ciphers.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! ciphers.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! ciphers.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! ciphers.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! ciphers.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! ciphers.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! ciphers.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! ciphers.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! ciphers.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! ciphers.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! ciphers.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! ciphers.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! ciphers.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ciphers.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! ciphers.o: ../include/openssl/x509_vfy.h apps.h
+  crl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  crl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  crl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  crl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  crl.o: ../include/openssl/des.h ../include/openssl/dh.h
+  crl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! crl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! crl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! crl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! crl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! crl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! crl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! crl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! crl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! crl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! crl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! crl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! crl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! crl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! crl.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+  crl2p7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  crl2p7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  crl2p7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  crl2p7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  crl2p7.o: ../include/openssl/des.h ../include/openssl/dh.h
+  crl2p7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! crl2p7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! crl2p7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! crl2p7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! crl2p7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! crl2p7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! crl2p7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! crl2p7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! crl2p7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! crl2p7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! crl2p7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! crl2p7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! crl2p7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! crl2p7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! crl2p7.o: ../include/openssl/x509_vfy.h apps.h
+  dgst.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  dgst.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  dgst.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  dgst.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  dgst.o: ../include/openssl/des.h ../include/openssl/dh.h
+  dgst.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! dgst.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! dgst.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! dgst.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! dgst.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! dgst.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! dgst.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! dgst.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! dgst.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! dgst.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! dgst.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! dgst.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! dgst.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! dgst.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! dgst.o: ../include/openssl/x509_vfy.h apps.h
+  dh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  dh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  dh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  dh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  dh.o: ../include/openssl/des.h ../include/openssl/dh.h ../include/openssl/dsa.h
+! dh.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! dh.o: ../include/openssl/err.h ../include/openssl/evp.h
+! dh.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! dh.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! dh.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! dh.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! dh.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dh.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! dh.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! dh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! dh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! dh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! dh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! dh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  dsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  dsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  dsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  dsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  dsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+  dsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! dsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! dsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! dsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! dsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! dsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! dsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! dsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! dsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! dsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! dsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! dsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! dsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! dsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! dsa.o: ../include/openssl/x509_vfy.h apps.h
+  dsaparam.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  dsaparam.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  dsaparam.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  dsaparam.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  dsaparam.o: ../include/openssl/des.h ../include/openssl/dh.h
+  dsaparam.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! dsaparam.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! dsaparam.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! dsaparam.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! dsaparam.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! dsaparam.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! dsaparam.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! dsaparam.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! dsaparam.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! dsaparam.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! dsaparam.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! dsaparam.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! dsaparam.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! dsaparam.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! dsaparam.o: ../include/openssl/x509_vfy.h apps.h
+  enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  enc.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+  enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! enc.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! enc.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! enc.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+! enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! enc.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  errstr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  errstr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  errstr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  errstr.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  errstr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  errstr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! errstr.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! errstr.o: ../include/openssl/err.h ../include/openssl/evp.h
+! errstr.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! errstr.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! errstr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! errstr.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! errstr.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! errstr.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! errstr.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! errstr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! errstr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! errstr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! errstr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! errstr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! errstr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! errstr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! errstr.o: ../include/openssl/x509_vfy.h apps.h
+  gendh.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  gendh.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  gendh.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  gendh.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  gendh.o: ../include/openssl/des.h ../include/openssl/dh.h
+  gendh.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! gendh.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! gendh.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! gendh.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! gendh.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! gendh.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! gendh.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! gendh.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! gendh.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! gendh.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+! gendh.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! gendh.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! gendh.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! gendh.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! gendh.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  gendsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  gendsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  gendsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  gendsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  gendsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+  gendsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! gendsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! gendsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! gendsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! gendsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! gendsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! gendsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! gendsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! gendsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! gendsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! gendsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! gendsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! gendsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! gendsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! gendsa.o: ../include/openssl/x509_vfy.h apps.h
+  genrsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  genrsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  genrsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  genrsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  genrsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+  genrsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! genrsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! genrsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! genrsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! genrsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! genrsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! genrsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! genrsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! genrsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! genrsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! genrsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! genrsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! genrsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! genrsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! genrsa.o: ../include/openssl/x509_vfy.h apps.h
+  nseq.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  nseq.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  nseq.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  nseq.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  nseq.o: ../include/openssl/des.h ../include/openssl/dh.h
+  nseq.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! nseq.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! nseq.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! nseq.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! nseq.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! nseq.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! nseq.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! nseq.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! nseq.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! nseq.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! nseq.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! nseq.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! nseq.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! nseq.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! nseq.o: ../include/openssl/x509_vfy.h apps.h
+  openssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  openssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  openssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  openssl.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  openssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  openssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! openssl.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! openssl.o: ../include/openssl/err.h ../include/openssl/evp.h
+! openssl.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! openssl.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! openssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! openssl.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! openssl.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! openssl.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! openssl.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! openssl.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! openssl.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! openssl.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! openssl.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! openssl.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! openssl.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! openssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! openssl.o: ../include/openssl/x509_vfy.h apps.h progs.h s_apps.h
+  passwd.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  passwd.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  passwd.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  passwd.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  passwd.o: ../include/openssl/des.h ../include/openssl/dh.h
+  passwd.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! passwd.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! passwd.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! passwd.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! passwd.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! passwd.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! passwd.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! passwd.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+! passwd.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+! passwd.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! passwd.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! passwd.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! passwd.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! passwd.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  pkcs12.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  pkcs12.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  pkcs12.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  pkcs12.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  pkcs12.o: ../include/openssl/des.h ../include/openssl/dh.h
+  pkcs12.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! pkcs12.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! pkcs12.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! pkcs12.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! pkcs12.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! pkcs12.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! pkcs12.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! pkcs12.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! pkcs12.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+! pkcs12.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! pkcs12.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! pkcs12.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! pkcs12.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! pkcs12.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! pkcs12.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  pkcs7.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  pkcs7.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  pkcs7.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  pkcs7.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  pkcs7.o: ../include/openssl/des.h ../include/openssl/dh.h
+  pkcs7.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! pkcs7.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! pkcs7.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! pkcs7.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! pkcs7.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! pkcs7.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! pkcs7.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! pkcs7.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! pkcs7.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! pkcs7.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! pkcs7.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! pkcs7.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! pkcs7.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! pkcs7.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! pkcs7.o: ../include/openssl/x509_vfy.h apps.h
+  pkcs8.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  pkcs8.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  pkcs8.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  pkcs8.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  pkcs8.o: ../include/openssl/des.h ../include/openssl/dh.h
+  pkcs8.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! pkcs8.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! pkcs8.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! pkcs8.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! pkcs8.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! pkcs8.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! pkcs8.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! pkcs8.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! pkcs8.o: ../include/openssl/pem2.h ../include/openssl/pkcs12.h
+! pkcs8.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! pkcs8.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! pkcs8.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! pkcs8.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! pkcs8.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! pkcs8.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  rand.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  rand.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  rand.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  rand.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  rand.o: ../include/openssl/des.h ../include/openssl/dh.h
+  rand.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! rand.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! rand.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! rand.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! rand.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! rand.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! rand.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! rand.o: ../include/openssl/opensslv.h ../include/openssl/pkcs7.h
+! rand.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+! rand.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! rand.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! rand.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! rand.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! rand.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  req.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  req.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  req.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  req.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  req.o: ../include/openssl/des.h ../include/openssl/dh.h
+  req.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! req.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! req.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! req.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! req.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! req.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! req.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! req.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! req.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! req.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! req.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! req.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! req.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! req.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! req.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+  rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  rsa.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+  rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! rsa.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! rsa.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! rsa.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! rsa.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! rsa.o: ../include/openssl/x509_vfy.h apps.h
+  rsautl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  rsautl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  rsautl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  rsautl.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  rsautl.o: ../include/openssl/des.h ../include/openssl/dh.h
+  rsautl.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! rsautl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! rsautl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! rsautl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! rsautl.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! rsautl.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! rsautl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! rsautl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! rsautl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! rsautl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! rsautl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! rsautl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! rsautl.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! rsautl.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! rsautl.o: ../include/openssl/x509_vfy.h apps.h
+  s_cb.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  s_cb.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  s_cb.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  s_cb.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  s_cb.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  s_cb.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s_cb.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! s_cb.o: ../include/openssl/err.h ../include/openssl/evp.h
+! s_cb.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! s_cb.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! s_cb.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! s_cb.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! s_cb.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! s_cb.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! s_cb.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! s_cb.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! s_cb.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! s_cb.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! s_cb.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! s_cb.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! s_cb.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! s_cb.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! s_cb.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
+  s_client.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  s_client.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  s_client.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  s_client.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  s_client.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  s_client.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s_client.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! s_client.o: ../include/openssl/err.h ../include/openssl/evp.h
+! s_client.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! s_client.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! s_client.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! s_client.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! s_client.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! s_client.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! s_client.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+! s_client.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! s_client.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! s_client.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! s_client.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! s_client.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! s_client.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! s_client.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! s_client.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+! s_client.o: s_apps.h
+  s_server.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  s_server.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  s_server.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  s_server.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  s_server.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  s_server.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s_server.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! s_server.o: ../include/openssl/err.h ../include/openssl/evp.h
+! s_server.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! s_server.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! s_server.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! s_server.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! s_server.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! s_server.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! s_server.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+! s_server.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! s_server.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! s_server.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! s_server.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! s_server.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! s_server.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! s_server.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! s_server.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+! s_server.o: s_apps.h
+  s_socket.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  s_socket.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  s_socket.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  s_socket.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  s_socket.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  s_socket.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s_socket.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! s_socket.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! s_socket.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! s_socket.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! s_socket.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! s_socket.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! s_socket.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! s_socket.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! s_socket.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! s_socket.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! s_socket.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! s_socket.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! s_socket.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! s_socket.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! s_socket.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! s_socket.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+! s_socket.o: s_apps.h
+  s_time.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  s_time.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  s_time.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  s_time.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  s_time.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  s_time.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s_time.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! s_time.o: ../include/openssl/err.h ../include/openssl/evp.h
+! s_time.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! s_time.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! s_time.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! s_time.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! s_time.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! s_time.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! s_time.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! s_time.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! s_time.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! s_time.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! s_time.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! s_time.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! s_time.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! s_time.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! s_time.o: ../include/openssl/x509_vfy.h apps.h s_apps.h
+  sess_id.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  sess_id.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  sess_id.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  sess_id.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  sess_id.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  sess_id.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! sess_id.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! sess_id.o: ../include/openssl/err.h ../include/openssl/evp.h
+! sess_id.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! sess_id.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! sess_id.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! sess_id.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! sess_id.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! sess_id.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! sess_id.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! sess_id.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! sess_id.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! sess_id.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! sess_id.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! sess_id.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! sess_id.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! sess_id.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! sess_id.o: ../include/openssl/x509_vfy.h apps.h
+  smime.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  smime.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  smime.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  smime.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  smime.o: ../include/openssl/des.h ../include/openssl/dh.h
+  smime.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! smime.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! smime.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! smime.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! smime.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! smime.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! smime.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! smime.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! smime.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! smime.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! smime.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! smime.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! smime.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! smime.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! smime.o: ../include/openssl/x509_vfy.h apps.h
+  speed.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  speed.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  speed.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  speed.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  speed.o: ../include/openssl/des.h ../include/openssl/dh.h
+  speed.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! speed.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! speed.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+! speed.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! speed.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! speed.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! speed.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! speed.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! speed.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+! speed.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! speed.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! speed.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! speed.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! speed.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! speed.o: ../include/openssl/x509_vfy.h ./testdsa.h ./testrsa.h apps.h
+  spkac.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  spkac.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  spkac.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  spkac.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  spkac.o: ../include/openssl/des.h ../include/openssl/dh.h
+  spkac.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! spkac.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! spkac.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! spkac.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! spkac.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! spkac.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! spkac.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! spkac.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! spkac.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! spkac.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! spkac.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! spkac.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! spkac.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! spkac.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! spkac.o: ../include/openssl/x509_vfy.h apps.h
+  verify.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  verify.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  verify.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  verify.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  verify.o: ../include/openssl/des.h ../include/openssl/dh.h
+  verify.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! verify.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! verify.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! verify.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! verify.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! verify.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! verify.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! verify.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! verify.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! verify.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! verify.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! verify.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! verify.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! verify.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! verify.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+  version.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  version.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  version.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  version.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  version.o: ../include/openssl/des.h ../include/openssl/dh.h
+  version.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! version.o: ../include/openssl/e_os2.h ../include/openssl/evp.h
+! version.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! version.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! version.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! version.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! version.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! version.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! version.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! version.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! version.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! version.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! version.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h apps.h
+  x509.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  x509.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  x509.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+  x509.o: ../include/openssl/conf.h ../include/openssl/crypto.h
+  x509.o: ../include/openssl/des.h ../include/openssl/dh.h
+  x509.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+! x509.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! x509.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! x509.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! x509.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! x509.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! x509.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! x509.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! x509.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! x509.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! x509.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! x509.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! x509.o: ../include/openssl/sha.h ../include/openssl/stack.h
+! x509.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+! x509.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h apps.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.c ../RELENG_4_6/crypto/openssl/apps/apps.c
+*** crypto/openssl/apps/apps.c	Sun Nov 26 06:32:46 2000
+--- ../RELENG_4_6/crypto/openssl/apps/apps.c	Thu Jul 18 13:59:27 2002
+***************
+*** 228,236 ****
+  
+  	q=strrchr(p,'.');
+  	if (q == NULL)
+! 		q = in+size;
+! 	strncpy(out,p,q-p);
+! 	out[q-p]='\0';
+  	}
+  #else
+  void program_name(char *in, char *out, int size)
+--- 228,243 ----
+  
+  	q=strrchr(p,'.');
+  	if (q == NULL)
+! 		q = p + strlen(p);
+! 	strncpy(out,p,size-1);
+! 	if (q-p >= size)
+! 		{
+! 		out[size-1]='\0';
+! 		}
+! 	else
+! 		{
+! 		out[q-p]='\0';
+! 		}
+  	}
+  #else
+  void program_name(char *in, char *out, int size)
+***************
+*** 755,761 ****
+  
+  void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
+  {
+! 	char buf[256];
+  	char mline = 0;
+  	int indent = 0;
+  	if(title) BIO_puts(out, title);
+--- 762,768 ----
+  
+  void print_name(BIO *out, char *title, X509_NAME *nm, unsigned long lflags)
+  {
+! 	char *buf;
+  	char mline = 0;
+  	int indent = 0;
+  	if(title) BIO_puts(out, title);
+***************
+*** 764,772 ****
+  		indent = 4;
+  	}
+  	if(lflags == XN_FLAG_COMPAT) {
+! 		X509_NAME_oneline(nm,buf,256);
+! 		BIO_puts(out,buf);
+  		BIO_puts(out, "\n");
+  	} else {
+  		if(mline) BIO_puts(out, "\n");
+  		X509_NAME_print_ex(out, nm, indent, lflags);
+--- 771,780 ----
+  		indent = 4;
+  	}
+  	if(lflags == XN_FLAG_COMPAT) {
+! 		buf = X509_NAME_oneline(nm, 0, 0);
+! 		BIO_puts(out, buf);
+  		BIO_puts(out, "\n");
++ 		OPENSSL_free(buf);
+  	} else {
+  		if(mline) BIO_puts(out, "\n");
+  		X509_NAME_print_ex(out, nm, indent, lflags);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.h ../RELENG_4_6/crypto/openssl/apps/apps.h
+*** crypto/openssl/apps/apps.h	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/apps.h	Wed Oct  9 11:36:34 2002
+***************
+*** 92,99 ****
+--- 92,101 ----
+  #define MAIN(a,v)	main(a,v)
+  
+  #ifndef NON_MAIN
++ LHASH *config=NULL;
+  BIO *bio_err=NULL;
+  #else
++ extern LHASH *config;
+  extern BIO *bio_err;
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/asn1pars.c ../RELENG_4_6/crypto/openssl/apps/asn1pars.c
+*** crypto/openssl/apps/asn1pars.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/asn1pars.c	Tue Dec  3 11:51:20 2002
+***************
+*** 181,187 ****
+  		BIO_printf(bio_err,"where options are\n");
+  		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+  		BIO_printf(bio_err," -in arg       input file\n");
+! 		BIO_printf(bio_err," -out arg      output file\n");
+  		BIO_printf(bio_err," -noout arg    don't produce any output\n");
+  		BIO_printf(bio_err," -offset arg   offset into file\n");
+  		BIO_printf(bio_err," -length arg   length of section in file\n");
+--- 181,187 ----
+  		BIO_printf(bio_err,"where options are\n");
+  		BIO_printf(bio_err," -inform arg   input format - one of DER TXT PEM\n");
+  		BIO_printf(bio_err," -in arg       input file\n");
+! 		BIO_printf(bio_err," -out arg      output file (output format is always DER\n");
+  		BIO_printf(bio_err," -noout arg    don't produce any output\n");
+  		BIO_printf(bio_err," -offset arg   offset into file\n");
+  		BIO_printf(bio_err," -length arg   length of section in file\n");
+***************
+*** 192,198 ****
+  		BIO_printf(bio_err," -strparse offset\n");
+  		BIO_printf(bio_err,"               a series of these can be used to 'dig' into multiple\n");
+  		BIO_printf(bio_err,"               ASN1 blob wrappings\n");
+- 		BIO_printf(bio_err," -out filename output DER encoding to file\n");
+  		goto end;
+  		}
+  
+--- 192,197 ----
+***************
+*** 329,334 ****
+  	if (at != NULL) ASN1_TYPE_free(at);
+  	if (osk != NULL) sk_free(osk);
+  	OBJ_cleanup();
+! 	EXIT(ret);
+  	}
+  
+--- 328,333 ----
+  	if (at != NULL) ASN1_TYPE_free(at);
+  	if (osk != NULL) sk_free(osk);
+  	OBJ_cleanup();
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ca.c ../RELENG_4_6/crypto/openssl/apps/ca.c
+*** crypto/openssl/apps/ca.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/ca.c	Wed Dec  4 18:12:24 2002
+***************
+*** 82,88 ****
+  #    else
+  #      include <unixlib.h>
+  #    endif
+! #  else
+  #    include <sys/file.h>
+  #  endif
+  #endif
+--- 82,88 ----
+  #    else
+  #      include <unixlib.h>
+  #    endif
+! #  elif !defined(VXWORKS)
+  #    include <sys/file.h>
+  #  endif
+  #endif
+***************
+*** 543,549 ****
+  		goto err;
+  		}
+  		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+! 		if(key) memset(key,0,strlen(key));
+  	if (pkey == NULL)
+  		{
+  		BIO_printf(bio_err,"unable to load CA private key\n");
+--- 543,549 ----
+  		goto err;
+  		}
+  		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+! 		if(key) OPENSSL_cleanse(key,strlen(key));
+  	if (pkey == NULL)
+  		{
+  		BIO_printf(bio_err,"unable to load CA private key\n");
+***************
+*** 606,617 ****
+--- 606,619 ----
+  	       that to access().  However, time's too short to do that just
+  	       now.
+              */
++ #ifndef VXWORKS
+  		if (access(outdir,R_OK|W_OK|X_OK) != 0)
+  			{
+  			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
+  			perror(outdir);
+  			goto err;
+  			}
++ #endif
+  
+  		if (stat(outdir,&sb) != 0)
+  			{
+***************
+*** 829,837 ****
+  			}
+  		if (verbose)
+  			{
+! 			if ((f=BN_bn2hex(serial)) == NULL) goto err;
+! 			BIO_printf(bio_err,"next serial number is %s\n",f);
+! 			OPENSSL_free(f);
+  			}
+  
+  		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+--- 831,844 ----
+  			}
+  		if (verbose)
+  			{
+! 			if (BN_is_zero(serial))
+! 				BIO_printf(bio_err,"next serial number is 00\n");
+! 			else
+! 				{
+! 				if ((f=BN_bn2hex(serial)) == NULL) goto err;
+! 				BIO_printf(bio_err,"next serial number is %s\n",f);
+! 				OPENSSL_free(f);
+! 				}
+  			}
+  
+  		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+***************
+*** 1108,1114 ****
+  			}
+  		if ((crldays == 0) && (crlhours == 0))
+  			{
+! 			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issuer\n");
+  			goto err;
+  			}
+  
+--- 1115,1121 ----
+  			}
+  		if ((crldays == 0) && (crlhours == 0))
+  			{
+! 			BIO_printf(bio_err,"cannot lookup how long until the next CRL is issued\n");
+  			goto err;
+  			}
+  
+***************
+*** 1220,1226 ****
+--- 1227,1237 ----
+  			X509_free(revcert);
+  
+  			strncpy(buf[0],dbfile,BSIZE-4);
++ #ifndef VMS
+  			strcat(buf[0],".new");
++ #else
++ 			strcat(buf[0],"-new");
++ #endif
+  			if (BIO_write_filename(out,buf[0]) <= 0)
+  				{
+  				perror(dbfile);
+***************
+*** 1230,1236 ****
+--- 1241,1251 ----
+  			j=TXT_DB_write(out,db);
+  			if (j <= 0) goto err;
+  			strncpy(buf[1],dbfile,BSIZE-4);
++ #ifndef VMS
+  			strcat(buf[1],".old");
++ #else
++ 			strcat(buf[1],"-old");
++ #endif
+  			if (rename(dbfile,buf[1]) < 0)
+  				{
+  				BIO_printf(bio_err,"unable to rename %s to %s\n", dbfile, buf[1]);
+***************
+*** 1267,1273 ****
+  	X509_CRL_free(crl);
+  	CONF_free(conf);
+  	OBJ_cleanup();
+! 	EXIT(ret);
+  	}
+  
+  static void lookup_fail(char *name, char *tag)
+--- 1282,1288 ----
+  	X509_CRL_free(crl);
+  	CONF_free(conf);
+  	OBJ_cleanup();
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void lookup_fail(char *name, char *tag)
+***************
+*** 1332,1338 ****
+  	ret=ASN1_INTEGER_to_BN(ai,NULL);
+  	if (ret == NULL)
+  		{
+! 		BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+  		goto err;
+  		}
+  err:
+--- 1347,1353 ----
+  	ret=ASN1_INTEGER_to_BN(ai,NULL);
+  	if (ret == NULL)
+  		{
+! 		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+  		goto err;
+  		}
+  err:
+***************
+*** 1720,1726 ****
+  		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
+  
+  	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+! 	row[DB_serial]=BN_bn2hex(serial);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+  		BIO_printf(bio_err,"Memory allocation failure\n");
+--- 1735,1744 ----
+  		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
+  
+  	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+! 	if (BN_is_zero(serial))
+! 		row[DB_serial]=BUF_strdup("00");
+! 	else
+! 		row[DB_serial]=BN_bn2hex(serial);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+  		BIO_printf(bio_err,"Memory allocation failure\n");
+***************
+*** 2134,2140 ****
+  		row[i]=NULL;
+  	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+  	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+! 	row[DB_serial]=BN_bn2hex(bn);
+  	BN_free(bn);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+--- 2152,2161 ----
+  		row[i]=NULL;
+  	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+  	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+! 	if (BN_is_zero(bn))
+! 		row[DB_serial]=BUF_strdup("00");
+! 	else
+! 		row[DB_serial]=BN_bn2hex(bn);
+  	BN_free(bn);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ciphers.c ../RELENG_4_6/crypto/openssl/apps/ciphers.c
+*** crypto/openssl/apps/ciphers.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/ciphers.c	Tue Dec  3 11:51:17 2002
+***************
+*** 202,207 ****
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+  	if (ssl != NULL) SSL_free(ssl);
+  	if (STDout != NULL) BIO_free_all(STDout);
+! 	EXIT(ret);
+  	}
+  
+--- 202,207 ----
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+  	if (ssl != NULL) SSL_free(ssl);
+  	if (STDout != NULL) BIO_free_all(STDout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl.c ../RELENG_4_6/crypto/openssl/apps/crl.c
+*** crypto/openssl/apps/crl.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/crl.c	Tue Dec  3 11:51:17 2002
+***************
+*** 364,370 ****
+  		X509_STORE_CTX_cleanup(&ctx);
+  		X509_STORE_free(store);
+  	}
+! 	EXIT(ret);
+  	}
+  
+  static X509_CRL *load_crl(char *infile, int format)
+--- 364,370 ----
+  		X509_STORE_CTX_cleanup(&ctx);
+  		X509_STORE_free(store);
+  	}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static X509_CRL *load_crl(char *infile, int format)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl2p7.c ../RELENG_4_6/crypto/openssl/apps/crl2p7.c
+*** crypto/openssl/apps/crl2p7.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/crl2p7.c	Tue Dec  3 11:51:16 2002
+***************
+*** 166,172 ****
+  		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+  		BIO_printf(bio_err,"                (can be used more than once)\n");
+  		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
+! 		EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+--- 166,172 ----
+  		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+  		BIO_printf(bio_err,"                (can be used more than once)\n");
+  		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
+! 		OPENSSL_EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+***************
+*** 278,284 ****
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (crl != NULL) X509_CRL_free(crl);
+  
+! 	EXIT(ret);
+  	}
+  
+  /*
+--- 278,284 ----
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (crl != NULL) X509_CRL_free(crl);
+  
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /*
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/der_chop ../RELENG_4_6/crypto/openssl/apps/der_chop
+*** crypto/openssl/apps/der_chop	Sun Aug 20 04:45:58 2000
+--- ../RELENG_4_6/crypto/openssl/apps/der_chop	Wed Feb 19 21:57:35 2003
+***************
+*** 1,4 ****
+! #!/usr/local/bin/perl
+  #
+  # der_chop ... this is one total hack that Eric is really not proud of
+  #              so don't look at it and don't ask for support
+--- 1,4 ----
+! #!/usr/local/bin/perl5
+  #
+  # der_chop ... this is one total hack that Eric is really not proud of
+  #              so don't look at it and don't ask for support
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dgst.c ../RELENG_4_6/crypto/openssl/apps/dgst.c
+*** crypto/openssl/apps/dgst.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/dgst.c	Tue Dec  3 11:51:16 2002
+***************
+*** 73,79 ****
+  #undef PROG
+  #define PROG	dgst_main
+  
+! void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
+  		EVP_PKEY *key, unsigned char *sigin, int siglen);
+  
+  int MAIN(int, char **);
+--- 73,79 ----
+  #undef PROG
+  #define PROG	dgst_main
+  
+! void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+  		EVP_PKEY *key, unsigned char *sigin, int siglen);
+  
+  int MAIN(int, char **);
+***************
+*** 87,99 ****
+  	BIO *bmd=NULL;
+  	BIO *out = NULL;
+  	const char *name;
+! #define PROG_NAME_SIZE  16
+! 	char pname[PROG_NAME_SIZE];
+  	int separator=0;
+  	int debug=0;
+  	const char *outfile = NULL, *keyfile = NULL;
+  	const char *sigfile = NULL, *randfile = NULL;
+! 	char out_bin = -1, want_pub = 0, do_verify = 0;
+  	EVP_PKEY *sigkey = NULL;
+  	unsigned char *sigbuf = NULL;
+  	int siglen = 0;
+--- 87,99 ----
+  	BIO *bmd=NULL;
+  	BIO *out = NULL;
+  	const char *name;
+! #define PROG_NAME_SIZE  39
+! 	char pname[PROG_NAME_SIZE+1];
+  	int separator=0;
+  	int debug=0;
+  	const char *outfile = NULL, *keyfile = NULL;
+  	const char *sigfile = NULL, *randfile = NULL;
+! 	int out_bin = -1, want_pub = 0, do_verify = 0;
+  	EVP_PKEY *sigkey = NULL;
+  	unsigned char *sigbuf = NULL;
+  	int siglen = 0;
+***************
+*** 327,333 ****
+  end:
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,BUFSIZE);
+  		OPENSSL_free(buf);
+  		}
+  	if (in != NULL) BIO_free(in);
+--- 327,333 ----
+  end:
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,BUFSIZE);
+  		OPENSSL_free(buf);
+  		}
+  	if (in != NULL) BIO_free(in);
+***************
+*** 335,344 ****
+  	EVP_PKEY_free(sigkey);
+  	if(sigbuf) OPENSSL_free(sigbuf);
+  	if (bmd != NULL) BIO_free(bmd);
+! 	EXIT(err);
+  	}
+  
+! void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, char binout,
+  			EVP_PKEY *key, unsigned char *sigin, int siglen)
+  	{
+  	int len;
+--- 335,344 ----
+  	EVP_PKEY_free(sigkey);
+  	if(sigbuf) OPENSSL_free(sigbuf);
+  	if (bmd != NULL) BIO_free(bmd);
+! 	OPENSSL_EXIT(err);
+  	}
+  
+! void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+  			EVP_PKEY *key, unsigned char *sigin, int siglen)
+  	{
+  	int len;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dh.c ../RELENG_4_6/crypto/openssl/apps/dh.c
+*** crypto/openssl/apps/dh.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/dh.c	Tue Dec  3 11:51:16 2002
+***************
+*** 319,324 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 319,324 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dhparam.c ../RELENG_4_6/crypto/openssl/apps/dhparam.c
+*** crypto/openssl/apps/dhparam.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/dhparam.c	Tue Dec  3 11:51:16 2002
+***************
+*** 506,512 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  
+  /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+--- 506,512 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsa.c ../RELENG_4_6/crypto/openssl/apps/dsa.c
+*** crypto/openssl/apps/dsa.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/dsa.c	Tue Dec  3 11:51:16 2002
+***************
+*** 293,298 ****
+  	if(dsa != NULL) DSA_free(dsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 293,298 ----
+  	if(dsa != NULL) DSA_free(dsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsaparam.c ../RELENG_4_6/crypto/openssl/apps/dsaparam.c
+*** crypto/openssl/apps/dsaparam.c	Wed Jul  4 19:19:09 2001
+--- ../RELENG_4_6/crypto/openssl/apps/dsaparam.c	Tue Dec  3 11:51:15 2002
+***************
+*** 176,182 ****
+  		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
+  		BIO_printf(bio_err," -in arg       input file\n");
+  		BIO_printf(bio_err," -out arg      output file\n");
+! 		BIO_printf(bio_err," -text         print the key in text\n");
+  		BIO_printf(bio_err," -C            Output C code\n");
+  		BIO_printf(bio_err," -noout        no output\n");
+  		BIO_printf(bio_err," -rand         files to use for random number input\n");
+--- 176,182 ----
+  		BIO_printf(bio_err," -outform arg  output format - DER or PEM\n");
+  		BIO_printf(bio_err," -in arg       input file\n");
+  		BIO_printf(bio_err," -out arg      output file\n");
+! 		BIO_printf(bio_err," -text         print as text\n");
+  		BIO_printf(bio_err," -C            Output C code\n");
+  		BIO_printf(bio_err," -noout        no output\n");
+  		BIO_printf(bio_err," -rand         files to use for random number input\n");
+***************
+*** 357,363 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+--- 357,363 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/eay.c ../RELENG_4_6/crypto/openssl/apps/eay.c
+*** crypto/openssl/apps/eay.c	Mon Jan 10 01:21:19 2000
+--- ../RELENG_4_6/crypto/openssl/apps/eay.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,131 ****
+- /* apps/eay.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #include <stdio.h>
+- #include <stdlib.h>
+- #include <string.h>
+- 
+- #define MONOLITH
+- #define USE_SOCKETS
+- 
+- #include "openssl/e_os.h"
+- 
+- #include <openssl/bio.h>
+- #include <openssl/stack.h>
+- #include <openssl/lhash.h>
+- 
+- #include <openssl/err.h>
+- 
+- #include <openssl/bn.h>
+- 
+- #include <openssl/evp.h>
+- 
+- #include <openssl/rand.h>
+- #include <openssl/conf.h>
+- #include <openssl/txt_db.h>
+- 
+- #include <openssl/err.h>
+- 
+- #include <openssl/x509.h>
+- #include <openssl/pkcs7.h>
+- #include <openssl/pem.h>
+- #include <openssl/asn1.h>
+- #include <openssl/objects.h>
+- 
+- #define MONOLITH
+- 
+- #include "openssl.c"
+- #include "apps.c"
+- #include "asn1pars.c"
+- #ifndef NO_RSA
+- #include "ca.c"
+- #include "genrsa.c"
+- #include "req.c"
+- #include "rsa.c"
+- #endif
+- #ifndef NO_DH
+- #include "gendh.c"
+- #include "dh.c"
+- #endif
+- #include "crl.c"
+- #include "crl2p7.c"
+- #include "dgst.c"
+- #include "enc.c"
+- #include "errstr.c"
+- #if !defined(NO_SSL2) || !defined(NO_SSL3)
+- #ifndef NO_SOCK
+- #include "s_cb.c"
+- #include "s_client.c"
+- #include "s_server.c"
+- #include "s_socket.c"
+- #include "s_time.c"
+- #endif
+- #endif
+- #include "speed.c"
+- #include "verify.c"
+- #include "version.c"
+- #include "x509.c"
+- #include "ciphers.c"
+- #include "sess_id.c"
+- #include "pkcs7.c"
+- #ifndef NO_DSA
+- #include "dsaparam.c"
+- #include "dsa.c"
+- #include "gendsa.c"
+- #endif
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/enc.c ../RELENG_4_6/crypto/openssl/apps/enc.c
+*** crypto/openssl/apps/enc.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/enc.c	Tue Dec  3 11:51:15 2002
+***************
+*** 99,106 ****
+  	const EVP_CIPHER *cipher=NULL,*c;
+  	char *inf=NULL,*outf=NULL;
+  	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+! #define PROG_NAME_SIZE  16
+! 	char pname[PROG_NAME_SIZE];
+  
+  	apps_startup();
+  
+--- 99,106 ----
+  	const EVP_CIPHER *cipher=NULL,*c;
+  	char *inf=NULL,*outf=NULL;
+  	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+! #define PROG_NAME_SIZE  39
+! 	char pname[PROG_NAME_SIZE+1];
+  
+  	apps_startup();
+  
+***************
+*** 506,520 ****
+  			 * bug picked up by
+  			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
+  			if (str == strbuf)
+! 				memset(str,0,SIZE);
+  			else
+! 				memset(str,0,strlen(str));
+  			}
+  		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+  			{
+  			BIO_printf(bio_err,"invalid hex iv value\n");
+  			goto end;
+  			}
+  		if ((hkey != NULL) && !set_hex(hkey,key,24))
+  			{
+  			BIO_printf(bio_err,"invalid hex key value\n");
+--- 506,528 ----
+  			 * bug picked up by
+  			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
+  			if (str == strbuf)
+! 				OPENSSL_cleanse(str,SIZE);
+  			else
+! 				OPENSSL_cleanse(str,strlen(str));
+  			}
+  		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+  			{
+  			BIO_printf(bio_err,"invalid hex iv value\n");
+  			goto end;
+  			}
++ 		if ((hiv == NULL) && (str == NULL))
++ 			{
++ 			/* No IV was explicitly set and no IV was generated
++ 			 * during EVP_BytesToKey. Hence the IV is undefined,
++ 			 * making correct decryption impossible. */
++ 			BIO_printf(bio_err, "iv undefined\n");
++ 			goto end;
++ 			}
+  		if ((hkey != NULL) && !set_hex(hkey,key,24))
+  			{
+  			BIO_printf(bio_err,"invalid hex key value\n");
+***************
+*** 596,602 ****
+  	if (benc != NULL) BIO_free(benc);
+  	if (b64 != NULL) BIO_free(b64);
+  	if(pass) OPENSSL_free(pass);
+! 	EXIT(ret);
+  	}
+  
+  int set_hex(char *in, unsigned char *out, int size)
+--- 604,610 ----
+  	if (benc != NULL) BIO_free(benc);
+  	if (b64 != NULL) BIO_free(b64);
+  	if(pass) OPENSSL_free(pass);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  int set_hex(char *in, unsigned char *out, int size)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/errstr.c ../RELENG_4_6/crypto/openssl/apps/errstr.c
+*** crypto/openssl/apps/errstr.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/errstr.c	Tue Dec  3 11:51:15 2002
+***************
+*** 121,125 ****
+  			ret++;
+  			}
+  		}
+! 	EXIT(ret);
+  	}
+--- 121,125 ----
+  			ret++;
+  			}
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendh.c ../RELENG_4_6/crypto/openssl/apps/gendh.c
+*** crypto/openssl/apps/gendh.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/gendh.c	Tue Dec  3 11:51:15 2002
+***************
+*** 184,190 ****
+  		ERR_print_errors(bio_err);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+--- 184,190 ----
+  		ERR_print_errors(bio_err);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendsa.c ../RELENG_4_6/crypto/openssl/apps/gendsa.c
+*** crypto/openssl/apps/gendsa.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/gendsa.c	Tue Dec  3 11:51:15 2002
+***************
+*** 220,225 ****
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 220,225 ----
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/genrsa.c ../RELENG_4_6/crypto/openssl/apps/genrsa.c
+*** crypto/openssl/apps/genrsa.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/genrsa.c	Tue Dec  3 11:51:14 2002
+***************
+*** 224,230 ****
+  	if(passout) OPENSSL_free(passout);
+  	if (ret != 0)
+  		ERR_print_errors(bio_err);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
+--- 224,230 ----
+  	if(passout) OPENSSL_free(passout);
+  	if (ret != 0)
+  		ERR_print_errors(bio_err);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/nseq.c ../RELENG_4_6/crypto/openssl/apps/nseq.c
+*** crypto/openssl/apps/nseq.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/nseq.c	Tue Dec  3 11:51:14 2002
+***************
+*** 102,108 ****
+  		BIO_printf (bio_err, "-in file  input file\n");
+  		BIO_printf (bio_err, "-out file output file\n");
+  		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+! 		EXIT(1);
+  	}
+  
+  	if (infile) {
+--- 102,108 ----
+  		BIO_printf (bio_err, "-in file  input file\n");
+  		BIO_printf (bio_err, "-out file output file\n");
+  		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+! 		OPENSSL_EXIT(1);
+  	}
+  
+  	if (infile) {
+***************
+*** 162,167 ****
+  	BIO_free_all(out);
+  	NETSCAPE_CERT_SEQUENCE_free(seq);
+  
+! 	EXIT(ret);
+  }
+  
+--- 162,167 ----
+  	BIO_free_all(out);
+  	NETSCAPE_CERT_SEQUENCE_free(seq);
+  
+! 	OPENSSL_EXIT(ret);
+  }
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/openssl.c ../RELENG_4_6/crypto/openssl/apps/openssl.c
+*** crypto/openssl/apps/openssl.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/openssl.c	Tue Dec  3 11:51:14 2002
+***************
+*** 77,95 ****
+  static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+  static LHASH *prog_init(void );
+  static int do_cmd(LHASH *prog,int argc,char *argv[]);
+- LHASH *config=NULL;
+  char *default_config_file=NULL;
+  
+  /* Make sure there is only one when MONOLITH is defined */
+  #ifdef MONOLITH
+  BIO *bio_err=NULL;
+  #endif
+  
+  int main(int Argc, char *Argv[])
+  	{
+  	ARGS arg;
+! #define PROG_NAME_SIZE	16
+! 	char pname[PROG_NAME_SIZE];
+  	FUNCTION f,*fp;
+  	MS_STATIC char *prompt,buf[1024],config_name[256];
+  	int n,i,ret=0;
+--- 77,95 ----
+  static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+  static LHASH *prog_init(void );
+  static int do_cmd(LHASH *prog,int argc,char *argv[]);
+  char *default_config_file=NULL;
+  
+  /* Make sure there is only one when MONOLITH is defined */
+  #ifdef MONOLITH
++ LHASH *config=NULL;
+  BIO *bio_err=NULL;
+  #endif
+  
+  int main(int Argc, char *Argv[])
+  	{
+  	ARGS arg;
+! #define PROG_NAME_SIZE	39
+! 	char pname[PROG_NAME_SIZE+1];
+  	FUNCTION f,*fp;
+  	MS_STATIC char *prompt,buf[1024],config_name[256];
+  	int n,i,ret=0;
+***************
+*** 215,221 ****
+  		BIO_free(bio_err);
+  		bio_err=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  #define LIST_STANDARD_COMMANDS "list-standard-commands"
+--- 215,221 ----
+  		BIO_free(bio_err);
+  		bio_err=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  #define LIST_STANDARD_COMMANDS "list-standard-commands"
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/passwd.c ../RELENG_4_6/crypto/openssl/apps/passwd.c
+*** crypto/openssl/apps/passwd.c	Wed Jul  4 19:19:09 2001
+--- ../RELENG_4_6/crypto/openssl/apps/passwd.c	Tue Dec  3 11:51:14 2002
+***************
+*** 284,290 ****
+  		BIO_free(in);
+  	if (out)
+  		BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+  
+  
+--- 284,290 ----
+  		BIO_free(in);
+  	if (out)
+  		BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  
+***************
+*** 498,503 ****
+  int MAIN(int argc, char **argv)
+  	{
+  	fputs("Program not available.\n", stderr)
+! 	EXIT(1);
+  	}
+  #endif
+--- 498,503 ----
+  int MAIN(int argc, char **argv)
+  	{
+  	fputs("Program not available.\n", stderr)
+! 	OPENSSL_EXIT(1);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pem_mail.c ../RELENG_4_6/crypto/openssl/apps/pem_mail.c
+*** crypto/openssl/apps/pem_mail.c	Mon Jan 10 01:21:19 2000
+--- ../RELENG_4_6/crypto/openssl/apps/pem_mail.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,170 ****
+- /* apps/pem_mail.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_RSA
+- #include <stdio.h>
+- #include <openssl/rsa.h>
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- #include <openssl/x509.h>
+- #include <openssl/err.h>
+- #include <openssl/pem.h>
+- #include "apps.h"
+- 
+- #undef PROG
+- #define PROG	pem_mail_main
+- 
+- static char *usage[]={
+- "usage: pem_mail args\n",
+- "\n",
+- " -in arg         - input file - default stdin\n",
+- " -out arg        - output file - default stdout\n",
+- " -cert arg       - the certificate to use\n",
+- " -key arg        - the private key to use\n",
+- " -MIC           - sign the message\n",
+- " -enc arg        - encrypt with one of cbc-des\n",
+- NULL
+- };
+- 
+- 
+- typedef struct lines_St
+- 	{
+- 	char *line;
+- 	struct lines_st *next;
+- 	} LINES;
+- 
+- int main(int argc, char **argv)
+- 	{
+- 	FILE *in;
+- 	RSA *rsa=NULL;
+- 	EVP_MD_CTX ctx;
+- 	unsigned int mic=0,i,n;
+- 	unsigned char buf[1024*15];
+- 	char *prog,*infile=NULL,*outfile=NULL,*key=NULL;
+- 	int badops=0;
+- 
+- 	apps_startup();
+- 
+- 	prog=argv[0];
+- 	argc--;
+- 	argv++;
+- 	while (argc >= 1)
+- 		{
+- 		if (strcmp(*argv,"-key") == 0)
+- 			{
+- 			if (--argc < 1) goto bad;
+- 			key= *(++argv);
+- 			}
+- 		else if (strcmp(*argv,"-in") == 0)
+- 			{
+- 			if (--argc < 1) goto bad;
+- 			infile= *(++argv);
+- 			}
+- 		else if (strcmp(*argv,"-out") == 0)
+- 			{
+- 			if (--argc < 1) goto bad;
+- 			outfile= *(++argv);
+- 			}
+- 		else if (strcmp(*argv,"-mic") == 0)
+- 			mic=1;
+- 		else
+- 			{
+- 			BIO_printf(bio_err,"unknown option %s\n",*argv);
+- 			badops=1;
+- 			break;
+- 			}
+- 		argc--;
+- 		argv++;
+- 		}
+- 
+- 	if (badops)
+- 		{
+- bad:
+- 		BIO_printf(bio_err,"%s [options] <infile >outfile\n",prog);
+- 		BIO_printf(bio_err,"where options  are\n");
+- 		EXIT(1);
+- 		}
+- 
+- 	if (key == NULL)
+- 		{ BIO_printf(bio_err,"you need to specify a key\n"); EXIT(1); }
+- 	in=fopen(key,"r");
+- 	if (in == NULL) { perror(key); EXIT(1); }
+- 	rsa=PEM_read_RSAPrivateKey(in,NULL,NULL);
+- 	if (rsa == NULL)
+- 		{
+- 		BIO_printf(bio_err,"unable to load Private Key\n");
+- 		ERR_print_errors(bio_err);
+- 		EXIT(1);
+- 		}
+- 	fclose(in);
+- 
+- 	PEM_SignInit(&ctx,EVP_md5());
+- 	for (;;)
+- 		{
+- 		i=fread(buf,1,1024*10,stdin);
+- 		if (i <= 0) break;
+- 		PEM_SignUpdate(&ctx,buf,i);
+- 		}
+- 	if (!PEM_SignFinal(&ctx,buf,&n,rsa)) goto err;
+- 	BIO_printf(bio_err,"%s\n",buf);
+- 	EXIT(0);
+- err:
+- 	ERR_print_errors(bio_err);
+- 	EXIT(1);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs12.c ../RELENG_4_6/crypto/openssl/apps/pkcs12.c
+*** crypto/openssl/apps/pkcs12.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/pkcs12.c	Tue Dec  3 11:51:12 2002
+***************
+*** 480,488 ****
+  		    /* Exclude verified certificate */
+  		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
+  			sk_X509_push(certs, sk_X509_value (chain2, i));
+! 		}
+! 		sk_X509_free(chain2);
+! 		if (vret) {
+  			BIO_printf (bio_err, "Error %s getting chain.\n",
+  					X509_verify_cert_error_string(vret));
+  			goto export_end;
+--- 480,489 ----
+  		    /* Exclude verified certificate */
+  		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
+  			sk_X509_push(certs, sk_X509_value (chain2, i));
+! 		    /* Free first certificate */
+! 		    X509_free(sk_X509_value(chain2, 0));
+! 		    sk_X509_free(chain2);
+! 		} else {
+  			BIO_printf (bio_err, "Error %s getting chain.\n",
+  					X509_verify_cert_error_string(vret));
+  			goto export_end;
+***************
+*** 509,516 ****
+  	}
+  	sk_X509_pop_free(certs, X509_free);
+  	certs = NULL;
+- 	/* ucert is part of certs so it is already freed */
+- 	ucert = NULL;
+  
+  #ifdef CRYPTO_MDEBUG
+  	CRYPTO_pop_info();
+--- 510,515 ----
+***************
+*** 598,604 ****
+  	if (certs) sk_X509_pop_free(certs, X509_free);
+  	if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
+  	if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+- 	if (ucert) X509_free(ucert);
+  
+  #ifdef CRYPTO_MDEBUG
+  	CRYPTO_pop_info();
+--- 597,602 ----
+***************
+*** 668,674 ****
+      if (canames) sk_free(canames);
+      if(passin) OPENSSL_free(passin);
+      if(passout) OPENSSL_free(passout);
+!     EXIT(ret);
+  }
+  
+  int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+--- 666,672 ----
+      if (canames) sk_free(canames);
+      if(passin) OPENSSL_free(passin);
+      if(passout) OPENSSL_free(passout);
+!     OPENSSL_EXIT(ret);
+  }
+  
+  int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+***************
+*** 749,755 ****
+  		print_attribs (out, bag->attrib, "Bag Attributes");
+  		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
+  				return 0;
+! 		if (!(pkey = EVP_PKCS82PKEY (p8))) return 0;
+  		print_attribs (out, p8->attributes, "Key Attributes");
+  		PKCS8_PRIV_KEY_INFO_free(p8);
+  		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
+--- 747,756 ----
+  		print_attribs (out, bag->attrib, "Bag Attributes");
+  		if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen)))
+  				return 0;
+! 		if (!(pkey = EVP_PKCS82PKEY (p8))) {
+! 			PKCS8_PRIV_KEY_INFO_free(p8);
+! 			return 0;
+! 		}
+  		print_attribs (out, p8->attributes, "Key Attributes");
+  		PKCS8_PRIV_KEY_INFO_free(p8);
+  		PEM_write_bio_PrivateKey (out, pkey, enc, NULL, 0, NULL, pempass);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs7.c ../RELENG_4_6/crypto/openssl/apps/pkcs7.c
+*** crypto/openssl/apps/pkcs7.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/pkcs7.c	Tue Dec  3 11:51:12 2002
+***************
+*** 88,94 ****
+  	int informat,outformat;
+  	char *infile,*outfile,*prog;
+  	int print_certs=0,text=0,noout=0;
+! 	int ret=0;
+  
+  	apps_startup();
+  
+--- 88,94 ----
+  	int informat,outformat;
+  	char *infile,*outfile,*prog;
+  	int print_certs=0,text=0,noout=0;
+! 	int ret=1;
+  
+  	apps_startup();
+  
+***************
+*** 154,160 ****
+  		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+  		BIO_printf(bio_err," -text         print full details of certificates\n");
+  		BIO_printf(bio_err," -noout        don't output encoded data\n");
+! 		EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+--- 154,160 ----
+  		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+  		BIO_printf(bio_err," -text         print full details of certificates\n");
+  		BIO_printf(bio_err," -noout        don't output encoded data\n");
+! 		OPENSSL_EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+***************
+*** 289,293 ****
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+--- 289,293 ----
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs8.c ../RELENG_4_6/crypto/openssl/apps/pkcs8.c
+*** crypto/openssl/apps/pkcs8.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/pkcs8.c	Wed Oct 23 11:07:13 2002
+***************
+*** 236,242 ****
+  			if(passout) p8pass = passout;
+  			else {
+  				p8pass = pass;
+! 				EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+  			}
+  			app_RAND_load_file(NULL, bio_err, 0);
+  			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+--- 236,243 ----
+  			if(passout) p8pass = passout;
+  			else {
+  				p8pass = pass;
+! 				if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
+! 					return (1);
+  			}
+  			app_RAND_load_file(NULL, bio_err, 0);
+  			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rand.c ../RELENG_4_6/crypto/openssl/apps/rand.c
+*** crypto/openssl/apps/rand.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/rand.c	Tue Dec  3 11:51:12 2002
+***************
+*** 144,148 ****
+  	ERR_print_errors(bio_err);
+  	if (out)
+  		BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+--- 144,148 ----
+  	ERR_print_errors(bio_err);
+  	if (out)
+  		BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/req.c ../RELENG_4_6/crypto/openssl/apps/req.c
+*** crypto/openssl/apps/req.c	Wed Jul  4 19:19:09 2001
+--- ../RELENG_4_6/crypto/openssl/apps/req.c	Tue Dec  3 11:51:09 2002
+***************
+*** 283,289 ****
+  						goto end;
+  						}
+  
+! 					dtmp=X509_get_pubkey(xtmp);
+  					if (dtmp->type == EVP_PKEY_DSA)
+  						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
+  					EVP_PKEY_free(dtmp);
+--- 283,289 ----
+  						goto end;
+  						}
+  
+! 					if ((dtmp=X509_get_pubkey(xtmp)) == NULL) goto end;
+  					if (dtmp->type == EVP_PKEY_DSA)
+  						dsa_params=DSAparams_dup(dtmp->pkey.dsa);
+  					EVP_PKEY_free(dtmp);
+***************
+*** 383,390 ****
+  		BIO_printf(bio_err,"                the random number generator\n");
+  		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
+  		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
+! 
+! 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2)\n");
+  		BIO_printf(bio_err," -config file   request template file.\n");
+  		BIO_printf(bio_err," -new           new request.\n");
+  		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
+--- 383,389 ----
+  		BIO_printf(bio_err,"                the random number generator\n");
+  		BIO_printf(bio_err," -newkey rsa:bits generate a new RSA key of 'bits' in size\n");
+  		BIO_printf(bio_err," -newkey dsa:file generate a new DSA key, parameters taken from CA in 'file'\n");
+! 		BIO_printf(bio_err," -[digest]      Digest to sign with (md5, sha1, md2, mdc2, md4)\n");
+  		BIO_printf(bio_err," -config file   request template file.\n");
+  		BIO_printf(bio_err," -new           new request.\n");
+  		BIO_printf(bio_err," -x509          output a x509 structure instead of a cert. req.\n");
+***************
+*** 423,429 ****
+  
+  	if (template != NULL)
+  		{
+! 		long errline;
+  
+  		BIO_printf(bio_err,"Using configuration from %s\n",template);
+  		req_conf=CONF_load(NULL,template,&errline);
+--- 422,428 ----
+  
+  	if (template != NULL)
+  		{
+! 		long errline = -1;
+  
+  		BIO_printf(bio_err,"Using configuration from %s\n",template);
+  		req_conf=CONF_load(NULL,template,&errline);
+***************
+*** 719,735 ****
+  
+  			/* Set version to V3 */
+  			if(!X509_set_version(x509ss, 2)) goto end;
+! 			ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L);
+  
+! 			X509_set_issuer_name(x509ss,
+! 				X509_REQ_get_subject_name(req));
+! 			X509_gmtime_adj(X509_get_notBefore(x509ss),0);
+! 			X509_gmtime_adj(X509_get_notAfter(x509ss),
+! 				(long)60*60*24*days);
+! 			X509_set_subject_name(x509ss,
+! 				X509_REQ_get_subject_name(req));
+  			tmppkey = X509_REQ_get_pubkey(req);
+! 			X509_set_pubkey(x509ss,tmppkey);
+  			EVP_PKEY_free(tmppkey);
+  
+  			/* Set up V3 context struct */
+--- 718,731 ----
+  
+  			/* Set version to V3 */
+  			if(!X509_set_version(x509ss, 2)) goto end;
+! 			if (!ASN1_INTEGER_set(X509_get_serialNumber(x509ss),0L)) goto end;
+  
+! 			if (!X509_set_issuer_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
+! 			if (!X509_gmtime_adj(X509_get_notBefore(x509ss),0)) goto end;
+! 			if (!X509_gmtime_adj(X509_get_notAfter(x509ss), (long)60*60*24*days)) goto end;
+! 			if (!X509_set_subject_name(x509ss, X509_REQ_get_subject_name(req))) goto end;
+  			tmppkey = X509_REQ_get_pubkey(req);
+! 			if (!tmppkey || !X509_set_pubkey(x509ss,tmppkey)) goto end;
+  			EVP_PKEY_free(tmppkey);
+  
+  			/* Set up V3 context struct */
+***************
+*** 913,919 ****
+  #ifndef NO_DSA
+  	if (dsa_params != NULL) DSA_free(dsa_params);
+  #endif
+! 	EXIT(ex);
+  	}
+  
+  static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+--- 909,915 ----
+  #ifndef NO_DSA
+  	if (dsa_params != NULL) DSA_free(dsa_params);
+  #endif
+! 	OPENSSL_EXIT(ex);
+  	}
+  
+  static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+***************
+*** 960,966 ****
+  	else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+  	if(!i) goto err;
+  
+! 	X509_REQ_set_pubkey(req,pkey);
+  
+  	ret=1;
+  err:
+--- 956,962 ----
+  	else i = prompt_info(req, dn_sk, dn_sect, attr_sk, attr_sect, attribs);
+  	if(!i) goto err;
+  
+! 	if (!X509_REQ_set_pubkey(req,pkey)) goto err;
+  
+  	ret=1;
+  err:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa/01.pem ../RELENG_4_6/crypto/openssl/apps/rsa/01.pem
+*** crypto/openssl/apps/rsa/01.pem	Mon Jan 10 01:21:21 2000
+--- ../RELENG_4_6/crypto/openssl/apps/rsa/01.pem	Wed Dec 31 19:00:00 1969
+***************
+*** 1,15 ****
+- -----BEGIN CERTIFICATE-----
+- MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+- A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+- VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+- MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+- BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+- cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+- bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+- qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+- MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+- gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+- LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+- Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+- Pjrmw2eSgbdmmdumWAcNPVbV
+- -----END CERTIFICATE-----
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa/1.txt ../RELENG_4_6/crypto/openssl/apps/rsa/1.txt
+*** crypto/openssl/apps/rsa/1.txt	Mon Jan 10 01:21:21 2000
+--- ../RELENG_4_6/crypto/openssl/apps/rsa/1.txt	Wed Dec 31 19:00:00 1969
+***************
+*** 1,50 ****
+- issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+- subject=/C=US/ST=New York/L=New York/O=Industrial Press Inc./CN=www.industrialpress.com
+- Certificate:
+-     Data:
+-         Version: 1 (0x0)
+-         Serial Number:
+-             68:ae:14:a4:c9:9f:a9:f3:9a:23:cf:2f:15:19:b3:5a
+-         Signature Algorithm: md5WithRSAEncryption
+-         Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+-         Validity
+-             Not Before: May 18 00:00:00 1998 GMT
+-             Not After : May 18 23:59:59 1999 GMT
+-         Subject: C=US, ST=New York, L=New York, O=Industrial Press Inc., CN=www.industrialpress.com
+-         Subject Public Key Info:
+-             Public Key Algorithm: rsaEncryption
+-             RSA Public Key: (1024 bit)
+-                 Modulus (1024 bit):
+-                     00:aa:21:fd:c5:42:4d:1e:fa:82:99:a0:e8:9f:6e:
+-                     d5:6a:52:5b:a9:32:f2:98:5d:f2:28:a5:81:c5:b3:
+-                     83:2d:68:d7:ef:22:a3:7b:0a:2a:5a:1a:2d:68:40:
+-                     11:23:a8:d7:3e:aa:26:53:ce:e0:15:4d:6d:1f:8a:
+-                     ff:6e:0c:21:dc:59:94:30:ad:ea:a3:dd:97:3a:cb:
+-                     f0:34:01:f3:5f:35:91:5d:03:49:9a:6e:78:83:61:
+-                     75:45:4b:74:d2:98:18:88:ec:62:98:3b:1e:d6:df:
+-                     51:2f:93:ce:08:31:1b:7d:7f:03:82:e8:2b:13:f5:
+-                     b0:91:2d:85:ad:2a:1c:e7:f7
+-                 Exponent: 65537 (0x10001)
+-     Signature Algorithm: md5WithRSAEncryption
+-         8c:3b:7e:f1:74:12:d1:2f:ac:d4:bf:2d:8b:aa:02:05:30:fe:
+-         d1:f4:14:b8:02:92:a2:8b:99:86:26:ff:24:7e:67:48:43:d9:
+-         e3:ff:52:11:7e:8c:0c:26:57:ca:c7:b4:19:da:4c:ce:e8:37:
+-         6d:d1:55:6d:a4:09:ff:2c:a2:21:9f:af:63:d8:b5:fb:9f:a5:
+-         7b:5d:ed:ac:d4:15:af:96:24:25:a7:a7:43:76:f4:41:b4:05:
+-         1d:49:38:50:b4:43:fe:1d:87:f5:fd:aa:e9:4c:f2:5b:aa:3e:
+-         3a:e6:c3:67:92:81:b7:66:99:db:a6:58:07:0d:3d:56:d5
+- -----BEGIN CERTIFICATE-----
+- MIICTjCCAbsCEGiuFKTJn6nzmiPPLxUZs1owDQYJKoZIhvcNAQEEBQAwXzELMAkG
+- A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+- VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk4
+- MDUxODAwMDAwMFoXDTk5MDUxODIzNTk1OVowdTELMAkGA1UEBhMCVVMxETAPBgNV
+- BAgTCE5ldyBZb3JrMREwDwYDVQQHFAhOZXcgWW9yazEeMBwGA1UEChQVSW5kdXN0
+- cmlhbCBQcmVzcyBJbmMuMSAwHgYDVQQDFBd3d3cuaW5kdXN0cmlhbHByZXNzLmNv
+- bTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAqiH9xUJNHvqCmaDon27ValJb
+- qTLymF3yKKWBxbODLWjX7yKjewoqWhotaEARI6jXPqomU87gFU1tH4r/bgwh3FmU
+- MK3qo92XOsvwNAHzXzWRXQNJmm54g2F1RUt00pgYiOximDse1t9RL5POCDEbfX8D
+- gugrE/WwkS2FrSoc5/cCAwEAATANBgkqhkiG9w0BAQQFAAN+AIw7fvF0EtEvrNS/
+- LYuqAgUw/tH0FLgCkqKLmYYm/yR+Z0hD2eP/UhF+jAwmV8rHtBnaTM7oN23RVW2k
+- Cf8soiGfr2PYtfufpXtd7azUFa+WJCWnp0N29EG0BR1JOFC0Q/4dh/X9qulM8luq
+- Pjrmw2eSgbdmmdumWAcNPVbV
+- -----END CERTIFICATE-----
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa/SecureServer.pem ../RELENG_4_6/crypto/openssl/apps/rsa/SecureServer.pem
+*** crypto/openssl/apps/rsa/SecureServer.pem	Mon Jan 10 01:21:21 2000
+--- ../RELENG_4_6/crypto/openssl/apps/rsa/SecureServer.pem	Wed Dec 31 19:00:00 1969
+***************
+*** 1,47 ****
+- Certificate:
+-     Data:
+-         Version: 1 (0x0)
+-         Serial Number:
+-             02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+-         Signature Algorithm: md2WithRSAEncryption
+-         Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+-         Validity
+-             Not Before: Nov  9 00:00:00 1994 GMT
+-             Not After : Jan  7 23:59:59 2010 GMT
+-         Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+-         Subject Public Key Info:
+-             Public Key Algorithm: rsaEncryption
+-             RSA Public Key: (1000 bit)
+-                 Modulus (1000 bit):
+-                     00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+-                     01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+-                     e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+-                     37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+-                     4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+-                     65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+-                     b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+-                     54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+-                     dd:2d:d6:c8:1e:7b
+-                 Exponent: 65537 (0x10001)
+-     Signature Algorithm: md2WithRSAEncryption
+-         65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+-         c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+-         b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+-         c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+-         4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+-         16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+-         f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+- -----BEGIN CERTIFICATE-----
+- MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+- A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+- VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+- MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+- BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+- dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+- ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+- 0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+- uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+- hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+- YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+- 1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+- -----END CERTIFICATE-----
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa/s.txt ../RELENG_4_6/crypto/openssl/apps/rsa/s.txt
+*** crypto/openssl/apps/rsa/s.txt	Mon Jan 10 01:21:21 2000
+--- ../RELENG_4_6/crypto/openssl/apps/rsa/s.txt	Wed Dec 31 19:00:00 1969
+***************
+*** 1,49 ****
+- issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+- subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+- Certificate:
+-     Data:
+-         Version: 1 (0x0)
+-         Serial Number:
+-             02:ad:66:7e:4e:45:fe:5e:57:6f:3c:98:19:5e:dd:c0
+-         Signature Algorithm: md2WithRSAEncryption
+-         Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+-         Validity
+-             Not Before: Nov  9 00:00:00 1994 GMT
+-             Not After : Jan  7 23:59:59 2010 GMT
+-         Subject: C=US, O=RSA Data Security, Inc., OU=Secure Server Certification Authority
+-         Subject Public Key Info:
+-             Public Key Algorithm: rsaEncryption
+-             RSA Public Key: (1000 bit)
+-                 Modulus (1000 bit):
+-                     00:92:ce:7a:c1:ae:83:3e:5a:aa:89:83:57:ac:25:
+-                     01:76:0c:ad:ae:8e:2c:37:ce:eb:35:78:64:54:03:
+-                     e5:84:40:51:c9:bf:8f:08:e2:8a:82:08:d2:16:86:
+-                     37:55:e9:b1:21:02:ad:76:68:81:9a:05:a2:4b:c9:
+-                     4b:25:66:22:56:6c:88:07:8f:f7:81:59:6d:84:07:
+-                     65:70:13:71:76:3e:9b:77:4c:e3:50:89:56:98:48:
+-                     b9:1d:a7:29:1a:13:2e:4a:11:59:9c:1e:15:d5:49:
+-                     54:2c:73:3a:69:82:b1:97:39:9c:6d:70:67:48:e5:
+-                     dd:2d:d6:c8:1e:7b
+-                 Exponent: 65537 (0x10001)
+-     Signature Algorithm: md2WithRSAEncryption
+-         65:dd:7e:e1:b2:ec:b0:e2:3a:e0:ec:71:46:9a:19:11:b8:d3:
+-         c7:a0:b4:03:40:26:02:3e:09:9c:e1:12:b3:d1:5a:f6:37:a5:
+-         b7:61:03:b6:5b:16:69:3b:c6:44:08:0c:88:53:0c:6b:97:49:
+-         c7:3e:35:dc:6c:b9:bb:aa:df:5c:bb:3a:2f:93:60:b6:a9:4b:
+-         4d:f2:20:f7:cd:5f:7f:64:7b:8e:dc:00:5c:d7:fa:77:ca:39:
+-         16:59:6f:0e:ea:d3:b5:83:7f:4d:4d:42:56:76:b4:c9:5f:04:
+-         f8:38:f8:eb:d2:5f:75:5f:cd:7b:fc:e5:8e:80:7c:fc:50
+- -----BEGIN CERTIFICATE-----
+- MIICNDCCAaECEAKtZn5ORf5eV288mBle3cAwDQYJKoZIhvcNAQECBQAwXzELMAkG
+- A1UEBhMCVVMxIDAeBgNVBAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYD
+- VQQLEyVTZWN1cmUgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk0
+- MTEwOTAwMDAwMFoXDTEwMDEwNzIzNTk1OVowXzELMAkGA1UEBhMCVVMxIDAeBgNV
+- BAoTF1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2Vy
+- dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGbMA0GCSqGSIb3DQEBAQUAA4GJ
+- ADCBhQJ+AJLOesGugz5aqomDV6wlAXYMra6OLDfO6zV4ZFQD5YRAUcm/jwjiioII
+- 0haGN1XpsSECrXZogZoFokvJSyVmIlZsiAeP94FZbYQHZXATcXY+m3dM41CJVphI
+- uR2nKRoTLkoRWZweFdVJVCxzOmmCsZc5nG1wZ0jl3S3WyB57AgMBAAEwDQYJKoZI
+- hvcNAQECBQADfgBl3X7hsuyw4jrg7HFGmhkRuNPHoLQDQCYCPgmc4RKz0Vr2N6W3
+- YQO2WxZpO8ZECAyIUwxrl0nHPjXcbLm7qt9cuzovk2C2qUtN8iD3zV9/ZHuO3ABc
+- 1/p3yjkWWW8O6tO1g39NTUJWdrTJXwT4OPjr0l91X817/OWOgHz8UA==
+- -----END CERTIFICATE-----
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa.c ../RELENG_4_6/crypto/openssl/apps/rsa.c
+*** crypto/openssl/apps/rsa.c	Sun Nov 26 06:32:49 2000
+--- ../RELENG_4_6/crypto/openssl/apps/rsa.c	Tue Dec  3 11:51:09 2002
+***************
+*** 389,395 ****
+  	if(rsa != NULL) RSA_free(rsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #else /* !NO_RSA */
+  
+--- 389,395 ----
+  	if(rsa != NULL) RSA_free(rsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #else /* !NO_RSA */
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_client.c ../RELENG_4_6/crypto/openssl/apps/s_client.c
+*** crypto/openssl/apps/s_client.c	Wed Jul  4 19:19:09 2001
+--- ../RELENG_4_6/crypto/openssl/apps/s_client.c	Tue Dec  3 11:51:08 2002
+***************
+*** 768,781 ****
+  	if (con != NULL) SSL_free(con);
+  	if (con2 != NULL) SSL_free(con2);
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+! 	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
+! 	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+  	if (bio_c_out != NULL)
+  		{
+  		BIO_free(bio_c_out);
+  		bio_c_out=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  
+--- 768,781 ----
+  	if (con != NULL) SSL_free(con);
+  	if (con2 != NULL) SSL_free(con2);
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+! 	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+! 	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+  	if (bio_c_out != NULL)
+  		{
+  		BIO_free(bio_c_out);
+  		bio_c_out=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  
+***************
+*** 896,900 ****
+--- 896,902 ----
+  	BIO_printf(bio,"---\n");
+  	if (peer != NULL)
+  		X509_free(peer);
++ 	/* flush, or debugging output gets mixed with http response */
++ 	BIO_flush(bio);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_server.c ../RELENG_4_6/crypto/openssl/apps/s_server.c
+*** crypto/openssl/apps/s_server.c	Wed Jul  4 19:19:09 2001
+--- ../RELENG_4_6/crypto/openssl/apps/s_server.c	Wed Dec  4 18:12:31 2002
+***************
+*** 253,262 ****
+  static int ebcdic_new(BIO *bi);
+  static int ebcdic_free(BIO *a);
+  static int ebcdic_read(BIO *b, char *out, int outl);
+! static int ebcdic_write(BIO *b, char *in, int inl);
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+  static int ebcdic_gets(BIO *bp, char *buf, int size);
+! static int ebcdic_puts(BIO *bp, char *str);
+  
+  #define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+  static BIO_METHOD methods_ebcdic=
+--- 253,262 ----
+  static int ebcdic_new(BIO *bi);
+  static int ebcdic_free(BIO *a);
+  static int ebcdic_read(BIO *b, char *out, int outl);
+! static int ebcdic_write(BIO *b, const char *in, int inl);
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+  static int ebcdic_gets(BIO *bp, char *buf, int size);
+! static int ebcdic_puts(BIO *bp, const char *str);
+  
+  #define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+  static BIO_METHOD methods_ebcdic=
+***************
+*** 321,327 ****
+  	return(ret);
+  }
+  
+! static int ebcdic_write(BIO *b, char *in, int inl)
+  {
+  	EBCDIC_OUTBUFF *wbuf;
+  	int ret=0;
+--- 321,327 ----
+  	return(ret);
+  }
+  
+! static int ebcdic_write(BIO *b, const char *in, int inl)
+  {
+  	EBCDIC_OUTBUFF *wbuf;
+  	int ret=0;
+***************
+*** 354,360 ****
+  	return(ret);
+  }
+  
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+  {
+  	long ret;
+  
+--- 354,360 ----
+  	return(ret);
+  }
+  
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+  {
+  	long ret;
+  
+***************
+*** 373,379 ****
+  
+  static int ebcdic_gets(BIO *bp, char *buf, int size)
+  {
+! 	int i, ret;
+  	if (bp->next_bio == NULL) return(0);
+  /*	return(BIO_gets(bp->next_bio,buf,size));*/
+  	for (i=0; i<size-1; ++i)
+--- 373,379 ----
+  
+  static int ebcdic_gets(BIO *bp, char *buf, int size)
+  {
+! 	int i, ret=0;
+  	if (bp->next_bio == NULL) return(0);
+  /*	return(BIO_gets(bp->next_bio,buf,size));*/
+  	for (i=0; i<size-1; ++i)
+***************
+*** 392,398 ****
+  	return (ret < 0 && i == 0) ? ret : i;
+  }
+  
+! static int ebcdic_puts(BIO *bp, char *str)
+  {
+  	if (bp->next_bio == NULL) return(0);
+  	return ebcdic_write(bp, str, strlen(str));
+--- 392,398 ----
+  	return (ret < 0 && i == 0) ? ret : i;
+  }
+  
+! static int ebcdic_puts(BIO *bp, const char *str)
+  {
+  	if (bp->next_bio == NULL) return(0);
+  	return ebcdic_write(bp, str, strlen(str));
+***************
+*** 741,747 ****
+  		BIO_free(bio_s_out);
+  		bio_s_out=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+--- 741,747 ----
+  		BIO_free(bio_s_out);
+  		bio_s_out=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+***************
+*** 1043,1049 ****
+  	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,bufsize);
+  		OPENSSL_free(buf);
+  		}
+  	if (ret >= 0)
+--- 1043,1049 ----
+  	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,bufsize);
+  		OPENSSL_free(buf);
+  		}
+  	if (ret >= 0)
+***************
+*** 1250,1256 ****
+  			else
+  				{
+  				BIO_printf(bio_s_out,"read R BLOCK\n");
+! #ifndef MSDOS
+  				sleep(1);
+  #endif
+  				continue;
+--- 1250,1256 ----
+  			else
+  				{
+  				BIO_printf(bio_s_out,"read R BLOCK\n");
+! #if !defined(MSDOS) && !defined(VXWORKS)
+  				sleep(1);
+  #endif
+  				continue;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_time.c ../RELENG_4_6/crypto/openssl/apps/s_time.c
+*** crypto/openssl/apps/s_time.c	Sun Aug 20 04:45:58 2000
+--- ../RELENG_4_6/crypto/openssl/apps/s_time.c	Wed Dec  4 18:12:35 2002
+***************
+*** 82,88 ****
+  #include "wintext.h"
+  #endif
+  
+! #if !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+  #define TIMES
+  #endif
+  
+--- 82,88 ----
+  #include "wintext.h"
+  #endif
+  
+! #if !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC)) || defined (_DARWIN)
+  #define TIMES
+  #endif
+  
+***************
+*** 102,108 ****
+  #undef TIMES
+  #endif
+  
+! #ifndef TIMES
+  #include <sys/timeb.h>
+  #endif
+  
+--- 102,108 ----
+  #undef TIMES
+  #endif
+  
+! #if !defined(TIMES) && !defined(VXWORKS)
+  #include <sys/timeb.h>
+  #endif
+  
+***************
+*** 116,121 ****
+--- 116,126 ----
+  #include <sys/param.h>
+  #endif
+  
++ #ifdef VXWORKS
++ #include <tickLib.h>
++ #undef SIGALRM
++ #endif
++ 
+  /* The following if from times(3) man page.  It may need to be changed
+  */
+  #ifndef HZ
+***************
+*** 139,144 ****
+--- 144,151 ----
+  #undef BUFSIZZ
+  #define BUFSIZZ 1024*10
+  
++ #undef min
++ #undef max
+  #define min(a,b) (((a) < (b)) ? (a) : (b))
+  #define max(a,b) (((a) > (b)) ? (a) : (b))
+  
+***************
+*** 368,373 ****
+--- 375,396 ----
+  		ret=((double)(tend.tms_utime-tstart.tms_utime))/HZ;
+  		return((ret == 0.0)?1e-6:ret);
+  	}
++ #elif defined(VXWORKS)
++         {
++ 	static unsigned long tick_start, tick_end;
++ 
++ 	if( s == START )
++ 		{
++ 		tick_start = tickGet();
++ 		return 0;
++ 		}
++ 	else
++ 		{
++ 		tick_end = tickGet();
++ 		ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
++ 		return((ret == 0.0)?1e-6:ret);
++ 		}
++         }
+  #else /* !times() */
+  	static struct timeb tstart,tend;
+  	long i;
+***************
+*** 443,449 ****
+  
+  	if (tm_cipher == NULL ) {
+  		fprintf( stderr, "No CIPHER specified\n" );
+! /*		EXIT(1); */
+  	}
+  
+  	if (!(perform & 1)) goto next;
+--- 466,472 ----
+  
+  	if (tm_cipher == NULL ) {
+  		fprintf( stderr, "No CIPHER specified\n" );
+! /*		OPENSSL_EXIT(1); */
+  	}
+  
+  	if (!(perform & 1)) goto next;
+***************
+*** 610,616 ****
+  		SSL_CTX_free(tm_ctx);
+  		tm_ctx=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  /***********************************************************************
+--- 633,639 ----
+  		SSL_CTX_free(tm_ctx);
+  		tm_ctx=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /***********************************************************************
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/sess_id.c ../RELENG_4_6/crypto/openssl/apps/sess_id.c
+*** crypto/openssl/apps/sess_id.c	Sun Nov 26 06:32:49 2000
+--- ../RELENG_4_6/crypto/openssl/apps/sess_id.c	Tue Dec  3 11:51:06 2002
+***************
+*** 272,278 ****
+  end:
+  	if (out != NULL) BIO_free_all(out);
+  	if (x != NULL) SSL_SESSION_free(x);
+! 	EXIT(ret);
+  	}
+  
+  static SSL_SESSION *load_sess_id(char *infile, int format)
+--- 272,278 ----
+  end:
+  	if (out != NULL) BIO_free_all(out);
+  	if (x != NULL) SSL_SESSION_free(x);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static SSL_SESSION *load_sess_id(char *infile, int format)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/smime.c ../RELENG_4_6/crypto/openssl/apps/smime.c
+*** crypto/openssl/apps/smime.c	Sun Nov 26 06:32:49 2000
+--- ../RELENG_4_6/crypto/openssl/apps/smime.c	Thu Jul 18 06:39:30 2002
+***************
+*** 290,295 ****
+--- 290,296 ----
+  		BIO_printf (bio_err, "-text          include or delete text MIME headers\n");
+  		BIO_printf (bio_err, "-CApath dir    trusted certificates directory\n");
+  		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
++ 		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
+  		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
+  		BIO_printf(bio_err,  "               the random number generator\n");
+***************
+*** 413,419 ****
+  		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+  	} else if(operation == SMIME_SIGN) {
+  		p7 = PKCS7_sign(signer, key, other, in, flags);
+! 		BIO_reset(in);
+  	} else {
+  		if(informat == FORMAT_SMIME) 
+  			p7 = SMIME_read_PKCS7(in, &indata);
+--- 414,423 ----
+  		p7 = PKCS7_encrypt(encerts, in, cipher, flags);
+  	} else if(operation == SMIME_SIGN) {
+  		p7 = PKCS7_sign(signer, key, other, in, flags);
+! 		if (BIO_reset(in) != 0 && (flags & PKCS7_DETACHED)) {
+! 		  BIO_printf(bio_err, "Can't rewind input file\n");
+! 		  goto end;
+! 		}
+  	} else {
+  		if(informat == FORMAT_SMIME) 
+  			p7 = SMIME_read_PKCS7(in, &indata);
+***************
+*** 453,461 ****
+  	} else if(operation == SMIME_VERIFY) {
+  		STACK_OF(X509) *signers;
+  		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
+! 			BIO_printf(bio_err, "Verification Successful\n");
+  		} else {
+! 			BIO_printf(bio_err, "Verification Failure\n");
+  			goto end;
+  		}
+  		signers = PKCS7_get0_signers(p7, other, flags);
+--- 457,465 ----
+  	} else if(operation == SMIME_VERIFY) {
+  		STACK_OF(X509) *signers;
+  		if(PKCS7_verify(p7, other, store, indata, out, flags)) {
+! 			BIO_printf(bio_err, "Verification successful\n");
+  		} else {
+! 			BIO_printf(bio_err, "Verification failure\n");
+  			goto end;
+  		}
+  		signers = PKCS7_get0_signers(p7, other, flags);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/speed.c ../RELENG_4_6/crypto/openssl/apps/speed.c
+*** crypto/openssl/apps/speed.c	Wed Jul  4 19:19:09 2001
+--- ../RELENG_4_6/crypto/openssl/apps/speed.c	Tue Dec  3 11:51:04 2002
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/apps/speed.c,v 1.3.2.3 2001/07/04 23:19:09 kris Exp $
+   */
+  
+  /* most of this code has been pilfered from my libdes speed.c program */
+--- 54,59 ----
+***************
+*** 84,95 ****
+  #include <openssl/rand.h>
+  #include <openssl/err.h>
+  
+! #if defined(__FreeBSD__)
+  # define USE_TOD
+! #elif !defined(MSDOS) && (!defined(VMS) || defined(__DECC))
+  # define TIMES
+  #endif
+! #if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE)
+  # define TIMEB
+  #endif
+  
+--- 82,93 ----
+  #include <openssl/rand.h>
+  #include <openssl/err.h>
+  
+! #if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(_DARWIN)
+  # define USE_TOD
+! #elif !defined(MSDOS) && !defined(VXWORKS) && (!defined(VMS) || defined(__DECC))
+  # define TIMES
+  #endif
+! #if !defined(_UNICOS) && !defined(__OpenBSD__) && !defined(sgi) && !defined(__FreeBSD__) && !(defined(__bsdi) || defined(__bsdi__)) && !defined(_AIX) && !defined(MPE) && !defined(__NetBSD__) && !defined(_DARWIN) && !defined(VXWORKS)
+  # define TIMEB
+  #endif
+  
+***************
+*** 117,123 ****
+  #include <sys/timeb.h>
+  #endif
+  
+! #if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD)
+  #error "It seems neither struct tms nor struct timeb is supported in this platform!"
+  #endif
+  
+--- 115,121 ----
+  #include <sys/timeb.h>
+  #endif
+  
+! #if !defined(TIMES) && !defined(TIMEB) && !defined(USE_TOD) && !defined(VXWORKS)
+  #error "It seems neither struct tms nor struct timeb is supported in this platform!"
+  #endif
+  
+***************
+*** 226,232 ****
+  
+  #ifdef USE_TOD
+  	if(usertime)
+! 	    {
+  		static struct rusage tstart,tend;
+  
+  		if (s == START)
+--- 224,230 ----
+  
+  #ifdef USE_TOD
+  	if(usertime)
+! 		{
+  		static struct rusage tstart,tend;
+  
+  		if (s == START)
+***************
+*** 286,292 ****
+  # if defined(TIMES) && defined(TIMEB)
+  	else
+  # endif
+! # ifdef TIMEB
+  		{
+  		static struct timeb tstart,tend;
+  		long i;
+--- 284,306 ----
+  # if defined(TIMES) && defined(TIMEB)
+  	else
+  # endif
+! # ifdef VXWORKS
+! 		{
+! 		static unsigned long tick_start, tick_end;
+! 
+! 		if( s == START )
+! 			{
+! 			tick_start = tickGet();
+! 			return 0;
+! 			}
+! 		else
+! 			{
+! 			tick_end = tickGet();
+! 			ret = (double)(tick_end - tick_start) / (double)sysClkRateGet();
+! 			return((ret < 0.001)?0.001:ret);
+! 			}
+!                 }
+! # elif defined(TIMEB)
+  		{
+  		static struct timeb tstart,tend;
+  		long i;
+***************
+*** 305,310 ****
+--- 319,325 ----
+  			}
+  		}
+  # endif
++ 
+  #endif
+  	}
+  
+***************
+*** 320,326 ****
+--- 335,343 ----
+  #define DSA_NUM		3
+  	long count,rsa_count;
+  	int i,j,k;
++ #ifndef NO_RSA
+  	unsigned rsa_num;
++ #endif
+  #ifndef NO_MD2
+  	unsigned char md2[MD2_DIGEST_LENGTH];
+  #endif
+***************
+*** 672,678 ****
+  			BIO_printf(bio_err,"\n");
+  #endif
+  
+! #ifdef TIMES
+  			BIO_printf(bio_err,"\n");
+  			BIO_printf(bio_err,"Available options:\n");
+  			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+--- 689,695 ----
+  			BIO_printf(bio_err,"\n");
+  #endif
+  
+! #if defined(TIMES) || defined(USE_TOD)
+  			BIO_printf(bio_err,"\n");
+  			BIO_printf(bio_err,"Available options:\n");
+  			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+***************
+*** 1395,1401 ****
+  		if (dsa_key[i] != NULL)
+  			DSA_free(dsa_key[i]);
+  #endif
+! 	EXIT(mret);
+  	}
+  
+  static void print_message(char *s, long num, int length)
+--- 1412,1418 ----
+  		if (dsa_key[i] != NULL)
+  			DSA_free(dsa_key[i]);
+  #endif
+! 	OPENSSL_EXIT(mret);
+  	}
+  
+  static void print_message(char *s, long num, int length)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/spkac.c ../RELENG_4_6/crypto/openssl/apps/spkac.c
+*** crypto/openssl/apps/spkac.c	Sun Nov 26 06:32:49 2000
+--- ../RELENG_4_6/crypto/openssl/apps/spkac.c	Tue Dec  3 11:51:03 2002
+***************
+*** 288,292 ****
+  	BIO_free(key);
+  	EVP_PKEY_free(pkey);
+  	if(passin) OPENSSL_free(passin);
+! 	EXIT(ret);
+  	}
+--- 288,292 ----
+  	BIO_free(key);
+  	EVP_PKEY_free(pkey);
+  	if(passin) OPENSSL_free(passin);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/tkca ../RELENG_4_6/crypto/openssl/apps/tkca
+*** crypto/openssl/apps/tkca	Mon Jan 10 01:21:20 2000
+--- ../RELENG_4_6/crypto/openssl/apps/tkca	Wed Dec 31 19:00:00 1969
+***************
+*** 1,66 ****
+- #!/usr/local/bin/perl5
+- #
+- # This is only something I'm playing with, it does not work :-)
+- #
+- 
+- use Tk;
+- 
+- my $main=MainWindow->new();
+- my $f=$main->Frame(-relief => "ridge", -borderwidth => 2);
+- $f->pack(-fill => 'x');
+- 
+- my $ff=$f->Frame;
+- $ff->pack(-fill => 'x');
+- my $l=$ff->Label(-text => "TkCA - SSLeay",
+- 	-relief => "ridge", -borderwidth => 2);
+- $l->pack(-fill => 'x', -ipady => 5);
+- 
+- my $l=$ff->Button(-text => "Certify");
+- $l->pack(-fill => 'x', -ipady => 5);
+- 
+- my $l=$ff->Button(-text => "Review");
+- $l->pack(-fill => 'x', -ipady => 5);
+- 
+- my $l=$ff->Button(-text => "Revoke");
+- $l->pack(-fill => 'x', -ipady => 5);
+- 
+- my $l=$ff->Button(-text => "Generate CRL");
+- $l->pack(-fill => 'x', -ipady => 5);
+- 
+- my($db)=&load_db("demoCA/index.txt");
+- 
+- MainLoop;
+- 
+- sub load_db
+- 	{
+- 	my(%ret);
+- 	my($file)=@_;
+- 	my(*IN);
+- 	my(%db_serial,%db_name,@f,@db_s);
+- 
+- 	$ret{'serial'}=\%db_serial;
+- 	$ret{'name'}=\%db_name;
+- 
+- 	open(IN,"<$file") || die "unable to open $file:$!\n";
+- 	while (<IN>)
+- 		{
+- 		chop;
+- 		s/([^\\])\t/\1\t\t/g;
+- 		my(@f)=split(/\t\t/);
+- 		die "wrong number of fields in $file, line $.\n"
+- 			if ($#f != 5);
+- 
+- 		my(%f);
+- 		$f{'type'}=$f[0];
+- 		$f{'exp'}=$f[1];
+- 		$f{'rev'}=$f[2];
+- 		$f{'serial'}=$f[3];
+- 		$f{'file'}=$f[4];
+- 		$f{'name'}=$f[5];
+- 		die "serial number $f{'serial'} appears twice (line $.)\n"
+- 			if (defined($db{$f{'serial'}}))
+- 		$db_serial{$f{'serial'}}=\%f;
+- 		$db_name{$f{'name'}}.=$f{'serial'}." ";
+- 		}
+- 	return \%ret;
+- 	}
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/verify.c ../RELENG_4_6/crypto/openssl/apps/verify.c
+*** crypto/openssl/apps/verify.c	Sun Nov 26 06:32:50 2000
+--- ../RELENG_4_6/crypto/openssl/apps/verify.c	Tue Dec  3 11:51:03 2002
+***************
+*** 213,219 ****
+  	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+  	sk_X509_pop_free(untrusted, X509_free);
+  	sk_X509_pop_free(trusted, X509_free);
+! 	EXIT(ret);
+  	}
+  
+  static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+--- 213,219 ----
+  	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+  	sk_X509_pop_free(untrusted, X509_free);
+  	sk_X509_pop_free(trusted, X509_free);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/version.c ../RELENG_4_6/crypto/openssl/apps/version.c
+*** crypto/openssl/apps/version.c	Sun Aug 20 04:45:59 2000
+--- ../RELENG_4_6/crypto/openssl/apps/version.c	Tue Dec  3 11:51:03 2002
+***************
+*** 128,132 ****
+  		}
+  	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+  end:
+! 	EXIT(ret);
+  	}
+--- 128,132 ----
+  		}
+  	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+  end:
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/x509.c ../RELENG_4_6/crypto/openssl/apps/x509.c
+*** crypto/openssl/apps/x509.c	Wed Jul  4 19:19:10 2001
+--- ../RELENG_4_6/crypto/openssl/apps/x509.c	Tue Dec  3 11:51:01 2002
+***************
+*** 121,127 ****
+  " -CAkey arg      - set the CA key, must be PEM format\n",
+  "                   missing, it is assumed to be in the CA file.\n",
+  " -CAcreateserial - create serial number file if it does not exist\n",
+! " -CAserial       - serial file\n",
+  " -text           - print the certificate in text form\n",
+  " -C              - print out C code forms\n",
+  " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+--- 121,127 ----
+  " -CAkey arg      - set the CA key, must be PEM format\n",
+  "                   missing, it is assumed to be in the CA file.\n",
+  " -CAcreateserial - create serial number file if it does not exist\n",
+! " -CAserial arg   - serial file\n",
+  " -text           - print the certificate in text form\n",
+  " -C              - print out C code forms\n",
+  " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+***************
+*** 233,239 ****
+  		else if (strcmp(*argv,"-CAkeyform") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+! 			CAformat=str2fmt(*(++argv));
+  			}
+  		else if (strcmp(*argv,"-days") == 0)
+  			{
+--- 233,239 ----
+  		else if (strcmp(*argv,"-CAkeyform") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+! 			CAkeyformat=str2fmt(*(++argv));
+  			}
+  		else if (strcmp(*argv,"-days") == 0)
+  			{
+***************
+*** 447,453 ****
+  
+  	if (extfile)
+  		{
+! 		long errorline;
+  		X509V3_CTX ctx2;
+  		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+  			{
+--- 447,453 ----
+  
+  	if (extfile)
+  		{
+! 		long errorline = -1;
+  		X509V3_CTX ctx2;
+  		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+  			{
+***************
+*** 961,967 ****
+  	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+  	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+  	if (passin) OPENSSL_free(passin);
+! 	EXIT(ret);
+  	}
+  
+  static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+--- 961,967 ----
+  	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+  	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+  	if (passin) OPENSSL_free(passin);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/certs/rsa-ssca.pem ../RELENG_4_6/crypto/openssl/certs/rsa-ssca.pem
+*** crypto/openssl/certs/rsa-ssca.pem	Mon Jan 10 01:21:22 2000
+--- ../RELENG_4_6/crypto/openssl/certs/rsa-ssca.pem	Wed Dec 31 19:00:00 1969
+***************
+*** 1,19 ****
+- subject=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+- issuer= /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
+- notBefore=941109235417Z
+- notAfter =991231235417Z
+- -----BEGIN X509 CERTIFICATE-----
+- 
+- MIICKTCCAZYCBQJBAAABMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMSAw
+- HgYDVQQKExdSU0EgRGF0YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJl
+- IFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw05NDExMDkyMzU0MTda
+- Fw05OTEyMzEyMzU0MTdaMF8xCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdSU0EgRGF0
+- YSBTZWN1cml0eSwgSW5jLjEuMCwGA1UECxMlU2VjdXJlIFNlcnZlciBDZXJ0aWZp
+- Y2F0aW9uIEF1dGhvcml0eTCBmzANBgkqhkiG9w0BAQEFAAOBiQAwgYUCfgCSznrB
+- roM+WqqJg1esJQF2DK2ujiw3zus1eGRUA+WEQFHJv48I4oqCCNIWhjdV6bEhAq12
+- aIGaBaJLyUslZiJWbIgHj/eBWW2EB2VwE3F2Ppt3TONQiVaYSLkdpykaEy5KEVmc
+- HhXVSVQsczppgrGXOZxtcGdI5d0t1sgeewIDAQABMA0GCSqGSIb3DQEBAgUAA34A
+- iNHReSHO4ovo+MF9NFM/YYPZtgs4F7boviGNjwC4i1N+RGceIr2XJ+CchcxK9oU7
+- suK+ktPlDemvXA4MRpX/oRxePug2WHpzpgr4IhFrwwk4fia7c+8AvQKk8xQNMD9h
+- cHsg/jKjn7P0Z1LctO6EjJY2IN6BCINxIYoPnqk=
+- -----END X509 CERTIFICATE-----
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/config ../RELENG_4_6/crypto/openssl/config
+*** crypto/openssl/config	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/config	Thu Nov 14 11:30:29 2002
+***************
+*** 68,73 ****
+--- 68,78 ----
+  	    4.2)
+  		echo "whatever-whatever-unixware1"; exit 0
+  		;;
++      OpenUNIX)
++ 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
++ 		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
++ 		fi
++ 		;;
+  	    5)
+  		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
+  		    echo "${MACHINE}-sco-unixware7"; exit 0
+***************
+*** 195,209 ****
+  	echo "${MACHINE}-whatever-openbsd"; exit 0
+  	;;
+  
+      OSF1:*:*:*alpha*)
+! 	echo "${MACHINE}-dec-osf"; exit 0
+  	;;
+  
+      QNX:*)
+! 	case "$VERSION" in
+  	    4*)
+  		echo "${MACHINE}-whatever-qnx4"
+  		;;
+  	    *)
+  		echo "${MACHINE}-whatever-qnx"
+  		;;
+--- 200,232 ----
+  	echo "${MACHINE}-whatever-openbsd"; exit 0
+  	;;
+  
++     OpenUNIX:*)
++ 	echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
++ 	;;
++ 
+      OSF1:*:*:*alpha*)
+! 	OSFMAJOR=`echo ${RELEASE}| sed -e 's/^V\([0-9]*\)\..*$/\1/'`
+! 	case "$OSFMAJOR" in
+! 	    4|5)
+! 		echo "${MACHINE}-dec-tru64"; exit 0
+! 		;;
+! 	    1|2|3)
+! 		echo "${MACHINE}-dec-osf"; exit 0
+! 		;;
+! 	    *)
+! 		echo "${MACHINE}-dec-osf"; exit 0
+! 		;;
+! 	esac
+  	;;
+  
+      QNX:*)
+! 	case "$RELEASE" in
+  	    4*)
+  		echo "${MACHINE}-whatever-qnx4"
+  		;;
++ 	    6*)
++ 		echo "${MACHINE}-whatever-qnx6"
++ 		;;
+  	    *)
+  		echo "${MACHINE}-whatever-qnx"
+  		;;
+***************
+*** 219,224 ****
+--- 242,251 ----
+  	echo "ppc-apple-rhapsody"; exit 0
+  	;;
+  
++     Darwin:*)
++ 	echo "ppc-apple-darwin"; exit 0
++ 	;;
++ 
+      SunOS:5.*)
+  	echo "${MACHINE}-whatever-solaris2"; exit 0
+  	;;
+***************
+*** 271,276 ****
+--- 298,326 ----
+  	echo "mips-sony-newsos4"; exit 0;
+  	;;
+  
++     CYGWIN*)
++ 	case "$RELEASE" in
++ 	    [bB]*|1.0|1.[12].*)
++ 		echo "${MACHINE}-whatever-cygwin_pre1.3"
++ 		;;
++ 	    *)
++ 		echo "${MACHINE}-whatever-cygwin"
++ 		;;
++ 	esac
++ 	exit 0
++ 	;;
++ 
++     *"CRAY T3E")
++        echo "t3e-cray-unicosmk"; exit 0;
++        ;;
++ 
++     *CRAY*)
++        echo "j90-cray-unicos"; exit 0;
++        ;;
++ 
++     NONSTOP_KERNEL*)
++        echo "nsr-tandem-nsk"; exit 0;
++        ;;
+  esac
+  
+  #
+***************
+*** 335,351 ****
+  
+  # figure out if gcc is available and if so we use it otherwise
+  # we fallback to whatever cc does on the system
+! GCCVER=`(gcc --version) 2>/dev/null`
+  if [ "$GCCVER" != "" ]; then
+    CC=gcc
+!   # then strip off whatever prefix Cygnus prepends the number with...
+!   GCCVER=`echo $GCCVER | sed 's/^[a-z]*\-//'`
+    # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+    GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
+  else
+    CC=cc
+  fi
+! 
+  if [ "$SYSTEM" = "SunOS" ]; then
+    # check for WorkShop C, expected output is "cc: blah-blah C x.x"
+    CCVER=`(cc -V 2>&1) 2>/dev/null | \
+--- 385,417 ----
+  
+  # figure out if gcc is available and if so we use it otherwise
+  # we fallback to whatever cc does on the system
+! GCCVER=`(gcc -dumpversion) 2>/dev/null`
+  if [ "$GCCVER" != "" ]; then
+    CC=gcc
+!   # then strip off whatever prefix egcs prepends the number with...
+!   # Hopefully, this will work for any future prefixes as well.
+!   GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
+!   # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
+!   # does give us what we want though, so we use that.  We just just the
+!   # major and minor version numbers.
+    # peak single digit before and after first dot, e.g. 2.95.1 gives 29
+    GCCVER=`echo $GCCVER | sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/'`
+  else
+    CC=cc
+  fi
+! GCCVER=${GCCVER:-0}
+! if [ "$SYSTEM" = "HP-UX" ];then
+!   # By default gcc is a ILP32 compiler (with long long == 64).
+!   GCC_BITS="32"
+!   if [ $GCCVER -ge 30 ]; then
+!     # PA64 support only came in with gcc 3.0.x.
+!     # We look for the preprocessor symbol __LP64__ indicating
+!     # 64bit bit long and pointer.  sizeof(int) == 32 on HPUX64.
+!     if gcc -v -E -x c /dev/null 2>&1 | grep __LP64__ > /dev/null; then
+!       GCC_BITS="64"
+!     fi
+!   fi
+! fi
+  if [ "$SYSTEM" = "SunOS" ]; then
+    # check for WorkShop C, expected output is "cc: blah-blah C x.x"
+    CCVER=`(cc -V 2>&1) 2>/dev/null | \
+***************
+*** 411,417 ****
+  	echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+  	echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	read waste < /dev/tty
+          CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+          CPU=${CPU:-0}
+          if [ $CPU -ge 5000 ]; then
+--- 477,484 ----
+  	echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+  	echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	# Do not stop if /dev/tty is unavailable
+! 	(read waste < /dev/tty) || true
+          CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+          CPU=${CPU:-0}
+          if [ $CPU -ge 5000 ]; then
+***************
+*** 435,452 ****
+  	    esac
+  	fi
+  	;;
+!   mips-*-linux?) OUT="linux-mips" ;;
+    ppc-*-linux2) OUT="linux-ppc" ;;
+    m68k-*-linux*) OUT="linux-m68k" ;;
+    ia64-*-linux?) OUT="linux-ia64" ;;
+    ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
+    sparc64-*-linux2)
+  	#Before we can uncomment following lines we have to wait at least
+  	#till 64-bit glibc for SPARC is operational:-(
+  	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	#echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	#read waste < /dev/tty
+  	OUT="linux-sparcv9" ;;
+    sparc-*-linux2)
+  	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+--- 502,540 ----
+  	    esac
+  	fi
+  	;;
+!   mips-*-linux?)
+!           cat >dummy.c <<EOF
+! #include <stdio.h>  /* for printf() prototype */
+!         int main (argc, argv) int argc; char *argv[]; {
+! #ifdef __MIPSEB__
+!   printf ("linux-%s\n", argv[1]);
+! #endif
+! #ifdef __MIPSEL__
+!   printf ("linux-%sel\n", argv[1]);
+! #endif
+!   return 0;
+! }
+! EOF
+! 	${CC} -o dummy dummy.c && OUT=`./dummy ${MACHINE}`
+! 	rm dummy dummy.c
+! 	;;
+!   ppc64-*-linux2)
+! 	#Use the standard target for PPC architecture until we create a
+! 	#special one for the 64bit architecture.
+! 	OUT="linux-ppc" ;;
+    ppc-*-linux2) OUT="linux-ppc" ;;
+    m68k-*-linux*) OUT="linux-m68k" ;;
+    ia64-*-linux?) OUT="linux-ia64" ;;
+    ppc-apple-rhapsody) OUT="rhapsody-ppc-cc" ;;
++   ppc-apple-darwin) OUT="darwin-ppc-cc" ;;
+    sparc64-*-linux2)
+  	#Before we can uncomment following lines we have to wait at least
+  	#till 64-bit glibc for SPARC is operational:-(
+  	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	#echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	# Do not stop if /dev/tty is unavailable
+! 	#(read waste < /dev/tty) || true
+  	OUT="linux-sparcv9" ;;
+    sparc-*-linux2)
+  	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+***************
+*** 456,463 ****
+--- 544,572 ----
+  	sun4d)	OUT="linux-sparcv8" ;;
+  	*)	OUT="linux-sparcv7" ;;
+  	esac ;;
++   parisc-*-linux2)
++         CPUARCH=`awk '/cpu family/{print substr($5,1,3)}' /proc/cpuinfo`
++ 	CPUSCHEDULE=`awk '/^cpu.[ 	]: PA/{print substr($3,3)}' /proc/cpuinfo`
++ 
++ 	# ??TODO ??  Model transformations
++ 	# 0. CPU Architecture for the 1.1 processor has letter suffixes. We strip that off
++ 	#    assuming no further arch. identification will ever be used by GCC.
++ 	# 1. I'm most concerned about whether is a 7300LC is closer to a 7100 versus a 7100LC.
++ 	# 2. The variant 64-bit processors cause concern should GCC support explicit schedulers
++ 	#    for these chips in the future.
++ 	#         PA7300LC -> 7100LC (1.1)
++ 	#         PA8200   -> 8000   (2.0)
++ 	#         PA8500   -> 8000   (2.0)
++ 	#         PA8600   -> 8000   (2.0)
++ 
++ 	CPUSCHEDULE=`echo $CPUSCHEDULE|sed -e 's/7300LC/7100LC/' -e 's/8?00/8000/'`
++ 	# Finish Model transformations
++ 
++ 	options="$options -mschedule=$CPUSCHEDULE -march=$CPUARCH"
++ 	OUT="linux-parisc" ;;
+    arm*-*-linux2) OUT="linux-elf-arm" ;;
+    s390-*-linux2) OUT="linux-s390" ;;
++   s390x-*-linux?) OUT="linux-s390x" ;;
+    *-*-linux2) OUT="linux-elf" ;;
+    *-*-linux1) OUT="linux-aout" ;;
+    sun4u*-*-solaris2)
+***************
+*** 466,472 ****
+  		echo "WARNING! If you wish to build 64-bit library, then you have to"
+  		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+  		echo "         Type return if you want to continue, Ctrl-C to abort."
+! 		read waste < /dev/tty
+  	fi
+  	OUT="solaris-sparcv9-$CC" ;;
+    sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+--- 575,582 ----
+  		echo "WARNING! If you wish to build 64-bit library, then you have to"
+  		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+  		echo "         Type return if you want to continue, Ctrl-C to abort."
+! 		# Do not stop if /dev/tty is unavailable
+! 		(read waste < /dev/tty) || true
+  	fi
+  	OUT="solaris-sparcv9-$CC" ;;
+    sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+***************
+*** 485,491 ****
+    pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
+    *-*-openbsd) OUT="OpenBSD" ;;
+    *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
+!   *-*-osf) OUT="alpha-cc" ;;
+    *-*-unixware7) OUT="unixware-7" ;;
+    *-*-UnixWare7) OUT="unixware-7" ;;
+    *-*-Unixware7) OUT="unixware-7" ;;
+--- 595,609 ----
+    pmax*-*-openbsd) OUT="OpenBSD-mips" ;;
+    *-*-openbsd) OUT="OpenBSD" ;;
+    *86*-*-bsdi4) OUT="bsdi-elf-gcc" ;;
+!   *-*-osf) OUT="alphaold-cc" ;;
+!   *-*-tru64) OUT="alpha-cc" ;;
+!   *-*-OpenUNIX*)
+! 	if [ "$CC" = "gcc" ]; then
+! 	  OUT="OpenUNIX-8-gcc" 
+! 	else    
+! 	  OUT="OpenUNIX-8" 
+! 	fi
+! 	;;
+    *-*-unixware7) OUT="unixware-7" ;;
+    *-*-UnixWare7) OUT="unixware-7" ;;
+    *-*-Unixware7) OUT="unixware-7" ;;
+***************
+*** 498,510 ****
+    BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
+    RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
+    *-siemens-sysv4) OUT="SINIX" ;;
+!   *-hpux1*)	OUT="hpux-parisc-$CC"
+! 		options="$options -D_REENTRANT" ;;
+    *-hpux)	OUT="hpux-parisc-$CC" ;;
+    # these are all covered by the catchall below
+    # *-aix) OUT="aix-$CC" ;;
+    # *-dgux) OUT="dgux" ;;
+    mips-sony-newsos4) OUT="newsos4-gcc" ;;
+    *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+  esac
+  
+--- 616,643 ----
+    BS2000-siemens-sysv4) OUT="BS2000-OSD" ;;
+    RM*-siemens-sysv4) OUT="ReliantUNIX" ;;
+    *-siemens-sysv4) OUT="SINIX" ;;
+!   *-hpux1*)
+! 	if [ $CC = "gcc" ];
+! 	then
+! 	  if [ $GCC_BITS = "64" ]; then
+! 	    OUT="hpux64-parisc-gcc"
+! 	  else
+! 	    OUT="hpux-parisc-gcc"
+! 	  fi
+! 	else
+! 	  OUT="hpux-parisc-$CC"
+! 	fi
+! 	options="$options -D_REENTRANT" ;;
+    *-hpux)	OUT="hpux-parisc-$CC" ;;
+    # these are all covered by the catchall below
+    # *-aix) OUT="aix-$CC" ;;
+    # *-dgux) OUT="dgux" ;;
+    mips-sony-newsos4) OUT="newsos4-gcc" ;;
++   *-*-cygwin_pre1.3) OUT="Cygwin-pre1.3" ;;
++   *-*-cygwin) OUT="Cygwin" ;;
++   t3e-cray-unicosmk) OUT="cray-t3e" ;;
++   j90-cray-unicos) OUT="cray-j90" ;;
++   nsr-tandem-nsk) OUT="tandem-c89" ;;
+    *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+  esac
+  
+***************
+*** 533,539 ****
+    i386-*) options="$options 386" ;;
+  esac
+  
+! for i in bf cast des dh dsa hmac md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+  do
+    if [ ! -d crypto/$i ]
+    then
+--- 666,672 ----
+    i386-*) options="$options 386" ;;
+  esac
+  
+! for i in bf cast des dh dsa hmac idea md2 md5 mdc2 rc2 rc4 rc5 ripemd rsa sha
+  do
+    if [ ! -d crypto/$i ]
+    then
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/Makefile.save
+*** crypto/openssl/crypto/Makefile.save	Sun Nov 26 06:32:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,199 ****
+- #
+- # SSLeay/crypto/Makefile
+- #
+- 
+- DIR=		crypto
+- TOP=		..
+- CC=		cc
+- INCLUDE=	-I. -I../include
+- INCLUDES=	-I.. -I../../include
+- CFLAG=		-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=	/usr/local/ssl
+- MAKE=           make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=       Makefile.ssl
+- RM=             rm -f
+- AR=		ar r
+- 
+- PEX_LIBS=
+- EX_LIBS=
+-  
+- CFLAGS= $(INCLUDE) $(CFLAG)
+- 
+- 
+- LIBS=
+- 
+- SDIRS=	md2 md5 sha mdc2 hmac ripemd \
+- 	des rc2 rc4 rc5 idea bf cast \
+- 	bn rsa dsa dh dso \
+- 	buffer bio stack lhash rand err objects \
+- 	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+- 
+- GENERAL=Makefile README crypto-lib.com install.com
+- 
+- LIB= $(TOP)/libcrypto.a
+- LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c
+- LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= crypto.h tmdiff.h opensslv.h opensslconf.h ebcdic.h symhacks.h
+- HEADER=	cryptlib.h buildinf.h md32_common.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	@(cd ..; $(MAKE) DIRS=$(DIR) all)
+- 
+- all: buildinf.h lib subdirs
+- 
+- buildinf.h: ../Makefile.ssl
+- 	( echo "#ifndef MK1MF_BUILD"; \
+- 	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+- 	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+- 	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+- 	echo "  #define DATE \"`date`\""; \
+- 	echo "#endif" ) >buildinf.h
+- 
+- testapps:
+- 	if echo ${SDIRS} | fgrep ' des '; \
+- 	then cd des && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' des; fi
+- 	cd pkcs7 && $(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' testapps
+- 
+- subdirs:
+- 	@for i in $(SDIRS) ;\
+- 	do \
+- 	(cd $$i && echo "making all in crypto/$$i..." && \
+- 	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' all ) || exit 1; \
+- 	done;
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 	@for i in $(SDIRS) ;\
+- 	do \
+- 	(cd $$i; echo "making 'files' in crypto/$$i..."; \
+- 	$(MAKE) PERL='${PERL}' files ); \
+- 	done;
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@for i in $(SDIRS); do \
+- 	(cd $$i; echo "making links in crypto/$$i..."; \
+- 	$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
+- 	done;
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- libs:
+- 	@for i in $(SDIRS) ;\
+- 	do \
+- 	(cd $$i; echo "making libs in crypto/$$i..."; \
+- 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' lib ); \
+- 	done;
+- 
+- tests:
+- 	@for i in $(SDIRS) ;\
+- 	do \
+- 	(cd $$i; echo "making tests in crypto/$$i..."; \
+- 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' AR='${AR}' tests ); \
+- 	done;
+- 
+- install:
+- 	@for i in $(EXHEADER) ;\
+- 	do \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 	@for i in $(SDIRS) ;\
+- 	do \
+- 	(cd $$i; echo "making install in crypto/$$i..."; \
+- 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALL_PREFIX='${INSTALL_PREFIX}'  INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' install ); \
+- 	done;
+- 
+- lint:
+- 	@for i in $(SDIRS) ;\
+- 	do \
+- 	(cd $$i; echo "making lint in crypto/$$i..."; \
+- 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' lint ); \
+- 	done;
+- 
+- depend:
+- 	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+- 	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+- 	@for i in $(SDIRS) ;\
+- 	do \
+- 	(cd $$i; echo "making depend in crypto/$$i..."; \
+- 	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
+- 	done;
+- 
+- clean:
+- 	rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 	@for i in $(SDIRS) ;\
+- 	do \
+- 	(cd $$i; echo "making clean in crypto/$$i..."; \
+- 	$(MAKE) CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' clean ); \
+- 	done;
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 	@for i in $(SDIRS) ;\
+- 	do \
+- 	(cd $$i; echo "making dclean in crypto/$$i..."; \
+- 	$(MAKE) PERL='${PERL}' CC='$(CC)' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' dclean ); \
+- 	done;
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- cpt_err.o: ../include/openssl/bio.h ../include/openssl/crypto.h
+- cpt_err.o: ../include/openssl/err.h ../include/openssl/lhash.h
+- cpt_err.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+- cpt_err.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+- cryptlib.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+- cryptlib.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+- cryptlib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- cryptlib.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+- cryptlib.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+- cryptlib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+- cversion.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+- cversion.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+- cversion.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- cversion.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+- cversion.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+- cversion.o: ../include/openssl/stack.h ../include/openssl/symhacks.h buildinf.h
+- cversion.o: cryptlib.h
+- ex_data.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+- ex_data.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+- ex_data.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- ex_data.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+- ex_data.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+- ex_data.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+- mem.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+- mem.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+- mem.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+- mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+- mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+- mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+- mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+- mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- mem_dbg.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+- mem_dbg.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+- mem_dbg.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
+- tmdiff.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+- tmdiff.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+- tmdiff.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- tmdiff.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+- tmdiff.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+- tmdiff.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+- tmdiff.o: ../include/openssl/tmdiff.h cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/Makefile.ssl
+*** crypto/openssl/crypto/Makefile.ssl	Wed Jul  4 19:19:11 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/Makefile.ssl	Wed Nov 27 07:24:46 2002
+***************
+*** 6,12 ****
+  TOP=		..
+  CC=		cc
+  INCLUDE=	-I. -I../include
+! INCLUDES=	-I.. -I../../include
+  CFLAG=		-g
+  INSTALL_PREFIX=
+  OPENSSLDIR=     /usr/local/ssl
+--- 6,12 ----
+  TOP=		..
+  CC=		cc
+  INCLUDE=	-I. -I../include
+! INCLUDES=	-I.. -I../.. -I../../include
+  CFLAG=		-g
+  INSTALL_PREFIX=
+  OPENSSLDIR=     /usr/local/ssl
+***************
+*** 34,41 ****
+  GENERAL=Makefile README crypto-lib.com install.com
+  
+  LIB= $(TOP)/libcrypto.a
+! LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+! LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+  
+  SRC= $(LIBSRC)
+  
+--- 34,41 ----
+  GENERAL=Makefile README crypto-lib.com install.com
+  
+  LIB= $(TOP)/libcrypto.a
+! LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+! LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+  
+  SRC= $(LIBSRC)
+  
+***************
+*** 51,61 ****
+  
+  buildinf.h: ../Makefile.ssl
+  	( echo "#ifndef MK1MF_BUILD"; \
+! 	echo "  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */"; \
+! 	echo "  #define CFLAGS \"$(CC) $(CFLAG)\""; \
+! 	echo "  #define PLATFORM \"$(PLATFORM)\""; \
+! 	echo "  #define DATE \"`date`\""; \
+! 	echo "#endif" ) >buildinf.h
+  
+  testapps:
+  	if echo ${SDIRS} | fgrep ' des '; \
+--- 51,61 ----
+  
+  buildinf.h: ../Makefile.ssl
+  	( echo "#ifndef MK1MF_BUILD"; \
+! 	echo '  /* auto-generated by crypto/Makefile.ssl for crypto/cversion.c */'; \
+! 	echo '  #define CFLAGS "$(CC) $(CFLAG)"'; \
+! 	echo '  #define PLATFORM "$(PLATFORM)"'; \
+! 	echo "  #define DATE \"`LC_ALL=C LC_TIME=C date`\""; \
+! 	echo '#endif' ) >buildinf.h
+  
+  testapps:
+  	if echo ${SDIRS} | fgrep ' des '; \
+***************
+*** 129,140 ****
+  
+  depend:
+  	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+! 	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+  	@for i in $(SDIRS) ;\
+  	do \
+  	(cd $$i; echo "making depend in crypto/$$i..."; \
+! 	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' depend ); \
+  	done;
+  
+  clean:
+--- 129,140 ----
+  
+  depend:
+  	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+! 	$(MAKEDEPEND) -- $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+  	@for i in $(SDIRS) ;\
+  	do \
+  	(cd $$i; echo "making depend in crypto/$$i..."; \
+! 	$(MAKE) MAKEFILE='${MAKEFILE}' INCLUDES='${INCLUDES}' DEPFLAG='${DEPFLAG}' PERL='${PERL}' depend ); \
+  	done;
+  
+  clean:
+***************
+*** 185,190 ****
+--- 185,193 ----
+  mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+  mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+  mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
++ mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
++ mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
++ mem_clr.o: ../include/openssl/symhacks.h
+  mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+  mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/asn1/Makefile.save
+*** crypto/openssl/crypto/asn1/Makefile.save	Sun Nov 26 06:32:57 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,1345 ****
+- #
+- # SSLeay/crypto/asn1/Makefile
+- #
+- 
+- DIR=	asn1
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile README
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=	a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \
+- 	a_null.c a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \
+- 	a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \
+- 	x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \
+- 	x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \
+- 	d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \
+- 	d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \
+- 	d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\
+- 	t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \
+- 	p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \
+- 	p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \
+- 	f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \
+- 	f_enum.c a_hdr.c x_pkey.c a_bool.c x_exten.c \
+- 	asn1_par.c asn1_lib.c asn1_err.c a_meth.c a_bytes.c a_strnid.c \
+- 	evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c
+- LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \
+- 	a_null.o a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \
+- 	a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o a_strex.o \
+- 	x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \
+- 	x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \
+- 	d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \
+- 	d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \
+- 	d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \
+- 	t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \
+- 	p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \
+- 	p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \
+- 	f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \
+- 	f_enum.o a_hdr.o x_pkey.o a_bool.o x_exten.o \
+- 	asn1_par.o asn1_lib.o asn1_err.o a_meth.o a_bytes.o a_strnid.o \
+- 	evp_asn1.o asn_pack.o p5_pbe.o p5_pbev2.o p8_pkey.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER=  asn1.h asn1_mac.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- test:	test.c
+- 	cc -g -I../../include -c test.c
+- 	cc -g -I../../include -o test test.o -L../.. -lcrypto
+- 
+- pk:	pk.c
+- 	cc -g -I../../include -c pk.c
+- 	cc -g -I../../include -o pk pk.o -L../.. -lcrypto
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- a_bitstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_bitstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_bitstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_bitstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_bitstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_bitstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_bitstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_bitstr.o: ../cryptlib.h
+- a_bmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_bmp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_bmp.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_bmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_bmp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_bmp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_bmp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_bmp.o: ../cryptlib.h
+- a_bool.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_bool.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_bool.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_bool.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_bool.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_bool.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_bool.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_bool.o: ../cryptlib.h
+- a_bytes.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- a_bytes.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- a_bytes.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- a_bytes.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- a_bytes.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- a_bytes.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- a_bytes.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- a_bytes.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- a_d2i_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- a_d2i_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- a_d2i_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- a_d2i_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- a_d2i_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- a_d2i_fp.o: ../../include/openssl/opensslconf.h
+- a_d2i_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_d2i_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_d2i_fp.o: ../cryptlib.h
+- a_digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- a_digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- a_digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- a_digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- a_digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- a_digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- a_digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- a_digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- a_digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- a_digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- a_digest.o: ../../include/openssl/opensslconf.h
+- a_digest.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- a_digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- a_digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- a_digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- a_digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- a_digest.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- a_digest.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- a_dup.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- a_dup.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- a_dup.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- a_dup.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- a_dup.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- a_dup.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- a_dup.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- a_dup.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- a_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_enum.o: ../cryptlib.h
+- a_gentm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_gentm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_gentm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_gentm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_gentm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_gentm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_gentm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_gentm.o: ../cryptlib.h
+- a_hdr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- a_hdr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- a_hdr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- a_hdr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- a_hdr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- a_hdr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- a_hdr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- a_hdr.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- a_i2d_fp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- a_i2d_fp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- a_i2d_fp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- a_i2d_fp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- a_i2d_fp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- a_i2d_fp.o: ../../include/openssl/opensslconf.h
+- a_i2d_fp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_i2d_fp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_i2d_fp.o: ../cryptlib.h
+- a_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_int.o: ../cryptlib.h
+- a_mbstr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_mbstr.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_mbstr.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_mbstr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_mbstr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_mbstr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_mbstr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_mbstr.o: ../cryptlib.h
+- a_meth.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_meth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_meth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_meth.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_meth.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_meth.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_meth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_meth.o: ../cryptlib.h
+- a_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_null.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_null.o: ../cryptlib.h
+- a_object.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_object.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_object.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_object.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_object.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+- a_object.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- a_object.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_object.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_object.o: ../cryptlib.h
+- a_octet.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_octet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_octet.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_octet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_octet.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_octet.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_octet.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_octet.o: ../cryptlib.h
+- a_print.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_print.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_print.o: ../cryptlib.h
+- a_set.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- a_set.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- a_set.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- a_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- a_set.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- a_set.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- a_set.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- a_set.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- a_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- a_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- a_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- a_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- a_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- a_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- a_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- a_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- a_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- a_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- a_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- a_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- a_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- a_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- a_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- a_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- a_sign.o: ../cryptlib.h
+- a_strex.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_strex.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- a_strex.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- a_strex.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- a_strex.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- a_strex.o: ../../include/openssl/e_os2.h ../../include/openssl/evp.h
+- a_strex.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- a_strex.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- a_strex.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- a_strex.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- a_strex.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- a_strex.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- a_strex.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- a_strex.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- a_strex.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- a_strex.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_strex.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- a_strex.o: charmap.h
+- a_strnid.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_strnid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_strnid.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_strnid.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_strnid.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+- a_strnid.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- a_strnid.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_strnid.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_strnid.o: ../cryptlib.h
+- a_time.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_time.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_time.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_time.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_time.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_time.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_time.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_time.o: ../cryptlib.h
+- a_type.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- a_type.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- a_type.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- a_type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- a_type.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- a_type.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- a_type.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- a_type.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- a_utctm.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_utctm.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_utctm.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_utctm.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_utctm.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_utctm.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_utctm.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_utctm.o: ../cryptlib.h
+- a_utf8.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_utf8.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_utf8.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_utf8.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_utf8.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_utf8.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_utf8.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_utf8.o: ../cryptlib.h
+- a_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- a_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- a_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- a_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- a_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- a_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- a_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- a_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- a_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- a_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- a_verify.o: ../../include/openssl/opensslconf.h
+- a_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- a_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- a_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- a_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- a_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- a_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- a_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- a_vis.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- a_vis.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- a_vis.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- a_vis.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- a_vis.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- a_vis.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- a_vis.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- a_vis.o: ../cryptlib.h
+- asn1_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- asn1_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+- asn1_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- asn1_err.o: ../../include/openssl/opensslconf.h
+- asn1_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- asn1_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- asn1_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- asn1_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- asn1_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- asn1_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- asn1_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- asn1_lib.o: ../../include/openssl/opensslconf.h
+- asn1_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- asn1_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- asn1_lib.o: ../cryptlib.h
+- asn1_par.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- asn1_par.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- asn1_par.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- asn1_par.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- asn1_par.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+- asn1_par.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- asn1_par.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- asn1_par.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- asn1_par.o: ../cryptlib.h
+- asn_pack.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- asn_pack.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- asn_pack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- asn_pack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- asn_pack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- asn_pack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- asn_pack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- asn_pack.o: ../cryptlib.h
+- d2i_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- d2i_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- d2i_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- d2i_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+- d2i_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- d2i_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+- d2i_dhp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- d2i_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- d2i_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- d2i_dhp.o: ../cryptlib.h
+- d2i_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- d2i_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- d2i_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- d2i_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- d2i_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- d2i_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- d2i_dsap.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- d2i_dsap.o: ../../include/openssl/opensslconf.h
+- d2i_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- d2i_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- d2i_dsap.o: ../cryptlib.h
+- d2i_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- d2i_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- d2i_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- d2i_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- d2i_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- d2i_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- d2i_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- d2i_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- d2i_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- d2i_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- d2i_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- d2i_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- d2i_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- d2i_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- d2i_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- d2i_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- d2i_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- d2i_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- d2i_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- d2i_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- d2i_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- d2i_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- d2i_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- d2i_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- d2i_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- d2i_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- d2i_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- d2i_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- d2i_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- d2i_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- d2i_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- d2i_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- d2i_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- d2i_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- d2i_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- d2i_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- d2i_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- d2i_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- d2i_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- d2i_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- d2i_r_pr.o: ../../include/openssl/opensslconf.h
+- d2i_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+- d2i_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- d2i_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- d2i_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- d2i_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- d2i_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- d2i_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- d2i_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- d2i_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- d2i_r_pu.o: ../../include/openssl/opensslconf.h
+- d2i_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+- d2i_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- d2i_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- d2i_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- d2i_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- d2i_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- d2i_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- d2i_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- d2i_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- d2i_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- d2i_s_pr.o: ../../include/openssl/opensslconf.h
+- d2i_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- d2i_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- d2i_s_pr.o: ../cryptlib.h
+- d2i_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- d2i_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- d2i_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- d2i_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- d2i_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- d2i_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- d2i_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- d2i_s_pu.o: ../../include/openssl/opensslconf.h
+- d2i_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- d2i_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- d2i_s_pu.o: ../cryptlib.h
+- evp_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- evp_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- evp_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- evp_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- evp_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- evp_asn1.o: ../../include/openssl/opensslconf.h
+- evp_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- evp_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- evp_asn1.o: ../cryptlib.h
+- f_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- f_enum.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- f_enum.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- f_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- f_enum.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- f_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- f_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- f_enum.o: ../cryptlib.h
+- f_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- f_int.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- f_int.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- f_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- f_int.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- f_int.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- f_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- f_int.o: ../cryptlib.h
+- f_string.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- f_string.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- f_string.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- f_string.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- f_string.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- f_string.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- f_string.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- f_string.o: ../cryptlib.h
+- i2d_dhp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- i2d_dhp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- i2d_dhp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- i2d_dhp.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+- i2d_dhp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- i2d_dhp.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- i2d_dhp.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- i2d_dhp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- i2d_dhp.o: ../cryptlib.h
+- i2d_dsap.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- i2d_dsap.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- i2d_dsap.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- i2d_dsap.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- i2d_dsap.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- i2d_dsap.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- i2d_dsap.o: ../../include/openssl/opensslconf.h
+- i2d_dsap.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- i2d_dsap.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- i2d_dsap.o: ../cryptlib.h
+- i2d_pr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- i2d_pr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- i2d_pr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- i2d_pr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- i2d_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- i2d_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- i2d_pr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- i2d_pr.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- i2d_pr.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- i2d_pr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- i2d_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- i2d_pr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- i2d_pr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- i2d_pr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- i2d_pr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- i2d_pr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- i2d_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- i2d_pu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- i2d_pu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- i2d_pu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- i2d_pu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- i2d_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- i2d_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- i2d_pu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- i2d_pu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- i2d_pu.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- i2d_pu.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- i2d_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- i2d_pu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- i2d_pu.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- i2d_pu.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- i2d_pu.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- i2d_pu.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- i2d_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- i2d_r_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- i2d_r_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- i2d_r_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- i2d_r_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- i2d_r_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- i2d_r_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- i2d_r_pr.o: ../../include/openssl/opensslconf.h
+- i2d_r_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+- i2d_r_pr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- i2d_r_pr.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- i2d_r_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- i2d_r_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- i2d_r_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- i2d_r_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- i2d_r_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- i2d_r_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- i2d_r_pu.o: ../../include/openssl/opensslconf.h
+- i2d_r_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+- i2d_r_pu.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- i2d_r_pu.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- i2d_s_pr.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- i2d_s_pr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- i2d_s_pr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- i2d_s_pr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- i2d_s_pr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- i2d_s_pr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- i2d_s_pr.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- i2d_s_pr.o: ../../include/openssl/opensslconf.h
+- i2d_s_pr.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- i2d_s_pr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- i2d_s_pr.o: ../cryptlib.h
+- i2d_s_pu.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- i2d_s_pu.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- i2d_s_pu.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- i2d_s_pu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- i2d_s_pu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- i2d_s_pu.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- i2d_s_pu.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- i2d_s_pu.o: ../../include/openssl/opensslconf.h
+- i2d_s_pu.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- i2d_s_pu.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- i2d_s_pu.o: ../cryptlib.h
+- n_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- n_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- n_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- n_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- n_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- n_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- n_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- n_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- n_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- n_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- n_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- n_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- n_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- n_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- n_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- n_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- n_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- n_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- n_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- nsseq.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- nsseq.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- nsseq.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- nsseq.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- nsseq.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- nsseq.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+- nsseq.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- nsseq.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- nsseq.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- nsseq.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- nsseq.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- nsseq.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- nsseq.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- nsseq.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- nsseq.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- nsseq.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- nsseq.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- nsseq.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- p5_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p5_pbe.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p5_pbe.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p5_pbe.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p5_pbe.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p5_pbe.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p5_pbe.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p5_pbe.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p5_pbe.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p5_pbe.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p5_pbe.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p5_pbe.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p5_pbe.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p5_pbe.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+- p5_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p5_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p5_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p5_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- p5_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- p5_pbe.o: ../cryptlib.h
+- p5_pbev2.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p5_pbev2.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p5_pbev2.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p5_pbev2.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p5_pbev2.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p5_pbev2.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p5_pbev2.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p5_pbev2.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p5_pbev2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p5_pbev2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p5_pbev2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p5_pbev2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p5_pbev2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p5_pbev2.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+- p5_pbev2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p5_pbev2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p5_pbev2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p5_pbev2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- p5_pbev2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- p5_pbev2.o: ../cryptlib.h
+- p7_dgst.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p7_dgst.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p7_dgst.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p7_dgst.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p7_dgst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p7_dgst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p7_dgst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p7_dgst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p7_dgst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p7_dgst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p7_dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p7_dgst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p7_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p7_dgst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p7_dgst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p7_dgst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p7_dgst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p7_dgst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p7_dgst.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p7_enc.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p7_enc.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p7_enc.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p7_enc.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p7_enc.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p7_enc.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p7_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p7_enc.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p7_enc.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p7_enc.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p7_enc.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p7_enc.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p7_enc.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p7_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p7_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p7_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p7_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p7_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p7_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p7_enc_c.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p7_enc_c.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p7_enc_c.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p7_enc_c.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p7_enc_c.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p7_enc_c.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p7_enc_c.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p7_enc_c.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p7_enc_c.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p7_enc_c.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p7_enc_c.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p7_enc_c.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p7_enc_c.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p7_enc_c.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p7_enc_c.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p7_enc_c.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p7_enc_c.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p7_enc_c.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p7_enc_c.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p7_evp.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p7_evp.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p7_evp.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p7_evp.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p7_evp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p7_evp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p7_evp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p7_evp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p7_evp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p7_evp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p7_evp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p7_evp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p7_evp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p7_evp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p7_evp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p7_evp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p7_evp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p7_evp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p7_evp.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p7_i_s.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p7_i_s.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p7_i_s.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p7_i_s.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p7_i_s.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p7_i_s.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p7_i_s.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p7_i_s.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p7_i_s.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p7_i_s.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p7_i_s.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p7_i_s.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p7_i_s.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p7_i_s.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p7_i_s.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p7_i_s.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p7_i_s.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p7_i_s.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p7_i_s.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p7_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p7_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p7_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p7_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p7_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p7_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p7_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p7_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p7_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p7_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p7_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p7_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p7_recip.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p7_recip.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p7_recip.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p7_recip.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p7_recip.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p7_recip.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p7_recip.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p7_recip.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p7_recip.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p7_recip.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p7_recip.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p7_recip.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p7_recip.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p7_recip.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p7_recip.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p7_recip.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p7_recip.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p7_recip.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p7_recip.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p7_s_e.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p7_s_e.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p7_s_e.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p7_s_e.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p7_s_e.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p7_s_e.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p7_s_e.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p7_s_e.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p7_s_e.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p7_s_e.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p7_s_e.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p7_s_e.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p7_s_e.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p7_s_e.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p7_s_e.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p7_s_e.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p7_s_e.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p7_s_e.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p7_s_e.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p7_signd.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p7_signd.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p7_signd.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p7_signd.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p7_signd.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p7_signd.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p7_signd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p7_signd.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p7_signd.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p7_signd.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p7_signd.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p7_signd.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p7_signd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p7_signd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p7_signd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p7_signd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p7_signd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p7_signd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p7_signd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p7_signi.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p7_signi.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p7_signi.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p7_signi.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p7_signi.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p7_signi.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p7_signi.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p7_signi.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p7_signi.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p7_signi.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p7_signi.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p7_signi.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p7_signi.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p7_signi.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p7_signi.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p7_signi.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p7_signi.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p7_signi.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p7_signi.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p8_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p8_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p8_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p8_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p8_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p8_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p8_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p8_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p8_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p8_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p8_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p8_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p8_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p8_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p8_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p8_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p8_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p8_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- t_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- t_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- t_pkey.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- t_pkey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- t_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- t_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- t_pkey.o: ../cryptlib.h
+- t_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- t_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- t_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- t_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- t_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- t_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- t_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- t_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- t_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- t_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- t_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- t_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- t_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- t_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- t_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- t_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- t_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- t_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- t_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- t_x509.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- t_x509.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- t_x509.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- t_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- t_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- t_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- t_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- t_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- t_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- t_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- t_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- t_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- t_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- t_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_algor.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_algor.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_algor.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_algor.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_algor.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_algor.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_algor.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_algor.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_algor.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_algor.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_algor.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_algor.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_algor.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_algor.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_algor.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_algor.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_algor.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_algor.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_attrib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_attrib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_attrib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_attrib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_attrib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_attrib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_attrib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_attrib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_attrib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_attrib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_attrib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_attrib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_attrib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_attrib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_attrib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_attrib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_attrib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_attrib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_attrib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_cinf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_cinf.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_cinf.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_cinf.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_cinf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_cinf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_cinf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_cinf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_cinf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_cinf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_cinf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_cinf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_cinf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_cinf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_cinf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_cinf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_cinf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_cinf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_cinf.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_crl.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_crl.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_crl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_crl.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_crl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_exten.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_exten.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_exten.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_exten.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_exten.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_exten.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_exten.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_exten.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_exten.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_exten.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_exten.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_exten.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_exten.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_exten.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_exten.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_exten.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_exten.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_exten.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_exten.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_info.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_info.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_info.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_name.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_name.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_name.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_name.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_name.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_name.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_name.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_name.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_name.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_name.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_name.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_name.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_name.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_pkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_pkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_pkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_pkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_pkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_pkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_pkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_pkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_pkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_pkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_pkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_pkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_pkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_pkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_pkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_pkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_pubkey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_pubkey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_pubkey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_pubkey.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_pubkey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_pubkey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_pubkey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_pubkey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_pubkey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_pubkey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_pubkey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_pubkey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_pubkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_pubkey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_pubkey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_pubkey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_pubkey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_pubkey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_pubkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_req.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_req.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_sig.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_sig.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_sig.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_sig.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_sig.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_sig.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_sig.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_sig.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_sig.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_sig.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_sig.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_spki.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_spki.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_spki.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_spki.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_spki.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_spki.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_val.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_val.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_val.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_val.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_val.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_val.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_val.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_val.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_val.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_val.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_val.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_val.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_val.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_val.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_val.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_val.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_val.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_val.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_val.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x_x509.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_x509.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_x509.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+- x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+- x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+- x_x509.o: ../cryptlib.h
+- x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x_x509a.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x_x509a.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- x_x509a.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_x509a.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_x509a.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_x509a.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_x509a.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_x509a.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_x509a.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/asn1/Makefile.ssl
+*** crypto/openssl/crypto/asn1/Makefile.ssl	Wed Jul  4 19:19:12 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/Makefile.ssl	Wed Oct  9 09:12:41 2002
+***************
+*** 104,110 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 104,110 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 936,975 ****
+  t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! t_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! t_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! t_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! t_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! t_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! t_bitst.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! t_bitst.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! t_bitst.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! t_bitst.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! t_bitst.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! t_bitst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! t_crl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! t_crl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! t_crl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! t_crl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! t_crl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! t_crl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! t_crl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! t_crl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! t_crl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! t_crl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! t_crl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! t_crl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! t_crl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! t_crl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+  t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+  t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+--- 936,975 ----
+  t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! t_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! t_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! t_bitst.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! t_bitst.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! t_bitst.o: ../cryptlib.h
+  t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  t_crl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  t_crl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  t_crl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! t_crl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! t_crl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! t_crl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! t_crl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! t_crl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! t_crl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! t_crl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! t_crl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! t_crl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! t_crl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! t_crl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! t_crl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! t_crl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! t_crl.o: ../cryptlib.h
+  t_pkey.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+  t_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+  t_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+***************
+*** 985,1004 ****
+  t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! t_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! t_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! t_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! t_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! t_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! t_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! t_req.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! t_req.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! t_req.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! t_req.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! t_req.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! t_req.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! t_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! t_req.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+--- 985,1004 ----
+  t_req.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  t_req.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  t_req.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! t_req.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! t_req.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! t_req.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! t_req.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! t_req.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! t_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! t_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! t_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! t_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! t_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! t_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! t_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! t_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! t_req.o: ../cryptlib.h
+  t_spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  t_spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  t_spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+***************
+*** 1024,1043 ****
+  t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! t_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! t_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! t_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! t_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! t_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! t_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! t_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! t_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! t_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! t_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! t_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! t_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+--- 1024,1043 ----
+  t_x509.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  t_x509.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  t_x509.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! t_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! t_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! t_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! t_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! t_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! t_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! t_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! t_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! t_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! t_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! t_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! t_x509.o: ../cryptlib.h
+  t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+***************
+*** 1310,1330 ****
+  x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+! x_x509.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! x_x509.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! x_x509.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! x_x509.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! x_x509.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! x_x509.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! x_x509.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! x_x509.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! x_x509.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! x_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! x_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! x_x509.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! x_x509.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! x_x509.o: ../cryptlib.h
+  x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+--- 1310,1329 ----
+  x_x509.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  x_x509.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  x_x509.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! x_x509.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! x_x509.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! x_x509.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! x_x509.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! x_x509.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! x_x509.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! x_x509.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! x_x509.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! x_x509.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! x_x509.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! x_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! x_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_bitstr.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_bitstr.c
+*** crypto/openssl/crypto/asn1/a_bitstr.c	Sun Nov 26 06:32:58 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_bitstr.c	Wed May 29 19:13:16 2002
+***************
+*** 89,96 ****
+  	if (a == NULL) return(0);
+  
+  	len=a->length;
+- 	ret=1+len;
+- 	if (pp == NULL) return(ret);
+  
+  	if (len > 0)
+  		{
+--- 89,94 ----
+***************
+*** 118,123 ****
+--- 116,125 ----
+  		}
+  	else
+  		bits=0;
++ 
++ 	ret=1+len;
++ 	if (pp == NULL) return(ret);
++ 
+  	p= *pp;
+  
+  	*(p++)=(unsigned char)bits;
+***************
+*** 224,229 ****
+--- 226,232 ----
+  	w=n/8;
+  	v=1<<(7-(n&0x07));
+  	iv= ~v;
++ 	if (!value) v=0;
+  
+  	a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_enum.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_enum.c
+*** crypto/openssl/crypto/asn1/a_enum.c	Sun Nov 26 06:32:58 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_enum.c	Wed Jun  5 09:12:54 2002
+***************
+*** 205,211 ****
+  	else ret->type=V_ASN1_ENUMERATED;
+  	j=BN_num_bits(bn);
+  	len=((j == 0)?0:((j/8)+1));
+! 	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+  	ret->length=BN_bn2bin(bn,ret->data);
+  	return(ret);
+  err:
+--- 205,222 ----
+  	else ret->type=V_ASN1_ENUMERATED;
+  	j=BN_num_bits(bn);
+  	len=((j == 0)?0:((j/8)+1));
+! 	if (ret->length < len+4)
+! 		{
+! 		unsigned char *new_data=
+! 			OPENSSL_realloc(ret->data, len+4);
+! 		if (!new_data)
+! 			{
+! 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+! 			goto err;
+! 			}
+! 		ret->data=new_data;
+! 		}
+! 
+  	ret->length=BN_bn2bin(bn,ret->data);
+  	return(ret);
+  err:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_gentm.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_gentm.c
+*** crypto/openssl/crypto/asn1/a_gentm.c	Sun Nov 26 06:32:59 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_gentm.c	Tue Jan  8 04:19:51 2002
+***************
+*** 203,209 ****
+  	if (s == NULL)
+  		return(NULL);
+  
+! #if defined(THREADS) && !defined(WIN32)
+  	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+  	ts=&data;
+  #else
+--- 203,209 ----
+  	if (s == NULL)
+  		return(NULL);
+  
+! #if defined(THREADS) && !defined(WIN32) && ! defined(_DARWIN)
+  	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+  	ts=&data;
+  #else
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_int.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_int.c
+*** crypto/openssl/crypto/asn1/a_int.c	Sun Nov 26 06:32:59 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_int.c	Wed Jun  5 09:12:55 2002
+***************
+*** 451,457 ****
+  	else ret->type=V_ASN1_INTEGER;
+  	j=BN_num_bits(bn);
+  	len=((j == 0)?0:((j/8)+1));
+! 	ret->data=(unsigned char *)OPENSSL_malloc(len+4);
+  	ret->length=BN_bn2bin(bn,ret->data);
+  	return(ret);
+  err:
+--- 451,466 ----
+  	else ret->type=V_ASN1_INTEGER;
+  	j=BN_num_bits(bn);
+  	len=((j == 0)?0:((j/8)+1));
+! 	if (ret->length < len+4)
+! 		{
+! 		unsigned char *new_data= OPENSSL_realloc(ret->data, len+4);
+! 		if (!new_data)
+! 			{
+! 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE);
+! 			goto err;
+! 			}
+! 		ret->data=new_data;
+! 		}
+  	ret->length=BN_bn2bin(bn,ret->data);
+  	return(ret);
+  err:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_set.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_set.c
+*** crypto/openssl/crypto/asn1/a_set.c	Sun Nov 26 06:32:59 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_set.c	Thu May 30 12:48:08 2002
+***************
+*** 116,122 ****
+  		}
+  
+          pStart  = p; /* Catch the beg of Setblobs*/
+!         rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)); /* In this array
+  we will store the SET blobs */
+  
+          for (i=0; i<sk_num(a); i++)
+--- 116,122 ----
+  		}
+  
+          pStart  = p; /* Catch the beg of Setblobs*/
+!         if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array
+  we will store the SET blobs */
+  
+          for (i=0; i<sk_num(a); i++)
+***************
+*** 133,139 ****
+   /* Now we have to sort the blobs. I am using a simple algo.
+      *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
+          qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+!         pTempMem = OPENSSL_malloc(totSize);
+  
+  /* Copy to temp mem */
+          p = pTempMem;
+--- 133,139 ----
+   /* Now we have to sort the blobs. I am using a simple algo.
+      *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/
+          qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp);
+!         if (!(pTempMem = OPENSSL_malloc(totSize))) return 0;
+  
+  /* Copy to temp mem */
+          p = pTempMem;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_sign.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_sign.c
+*** crypto/openssl/crypto/asn1/a_sign.c	Sun Nov 26 06:32:59 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_sign.c	Thu Nov 28 03:05:45 2002
+***************
+*** 55,60 ****
+--- 55,113 ----
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   */
++ /* ====================================================================
++  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
+  
+  #include <stdio.h>
+  #include <time.h>
+***************
+*** 87,93 ****
+  		else
+  			a=algor2;
+  		if (a == NULL) continue;
+! 		if (	(a->parameter == NULL) || 
+  			(a->parameter->type != V_ASN1_NULL))
+  			{
+  			ASN1_TYPE_free(a->parameter);
+--- 140,153 ----
+  		else
+  			a=algor2;
+  		if (a == NULL) continue;
+!                 if (type->pkey_type == NID_dsaWithSHA1)
+! 			{
+! 			/* special case: RFC 2459 tells us to omit 'parameters'
+! 			 * with id-dsa-with-sha1 */
+! 			ASN1_TYPE_free(a->parameter);
+! 			a->parameter = NULL;
+! 			}
+! 		else if ((a->parameter == NULL) || 
+  			(a->parameter->type != V_ASN1_NULL))
+  			{
+  			ASN1_TYPE_free(a->parameter);
+***************
+*** 139,148 ****
+  	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+  	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+  err:
+! 	memset(&ctx,0,sizeof(ctx));
+  	if (buf_in != NULL)
+! 		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+  	if (buf_out != NULL)
+! 		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+  	return(outl);
+  	}
+--- 199,208 ----
+  	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+  	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+  err:
+! 	OPENSSL_cleanse(&ctx,sizeof(ctx));
+  	if (buf_in != NULL)
+! 		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+  	if (buf_out != NULL)
+! 		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+  	return(outl);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_strex.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_strex.c
+*** crypto/openssl/crypto/asn1/a_strex.c	Sun Nov 26 06:38:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_strex.c	Fri Aug 30 13:16:56 2002
+***************
+*** 519,525 ****
+  {
+  	ASN1_STRING stmp, *str = &stmp;
+  	int mbflag, type, ret;
+! 	if(!*out || !in) return -1;
+  	type = in->type;
+  	if((type < 0) || (type > 30)) return -1;
+  	mbflag = tag2nbyte[type];
+--- 519,525 ----
+  {
+  	ASN1_STRING stmp, *str = &stmp;
+  	int mbflag, type, ret;
+! 	if(!in) return -1;
+  	type = in->type;
+  	if((type < 0) || (type > 30)) return -1;
+  	mbflag = tag2nbyte[type];
+***************
+*** 528,533 ****
+  	stmp.data = NULL;
+  	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+  	if(ret < 0) return ret;
+! 	if(out) *out = stmp.data;
+  	return stmp.length;
+  }
+--- 528,533 ----
+  	stmp.data = NULL;
+  	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+  	if(ret < 0) return ret;
+! 	*out = stmp.data;
+  	return stmp.length;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_strnid.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_strnid.c
+*** crypto/openssl/crypto/asn1/a_strnid.c	Wed Jul  4 19:19:12 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_strnid.c	Fri Nov  9 08:10:47 2001
+***************
+*** 105,113 ****
+  		mask = strtoul(p + 5, &end, 0);
+  		if(*end) return 0;
+  	} else if(!strcmp(p, "nombstr"))
+! 			 mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING);
+  	else if(!strcmp(p, "pkix"))
+! 			mask = ~B_ASN1_T61STRING;
+  	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
+  	else if(!strcmp(p, "default"))
+  	    mask = 0xFFFFFFFFL;
+--- 105,113 ----
+  		mask = strtoul(p + 5, &end, 0);
+  		if(*end) return 0;
+  	} else if(!strcmp(p, "nombstr"))
+! 		mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
+  	else if(!strcmp(p, "pkix"))
+! 			mask = ~((unsigned long)B_ASN1_T61STRING);
+  	else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
+  	else if(!strcmp(p, "default"))
+  	    mask = 0xFFFFFFFFL;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_time.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_time.c
+*** crypto/openssl/crypto/asn1/a_time.c	Sun Nov 26 06:32:59 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_time.c	Tue Jan  8 04:19:52 2002
+***************
+*** 113,119 ****
+  ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+  	{
+  	struct tm *ts;
+! #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+  	struct tm data;
+  
+  	gmtime_r(&t,&data);
+--- 113,119 ----
+  ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t)
+  	{
+  	struct tm *ts;
+! #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
+  	struct tm data;
+  
+  	gmtime_r(&t,&data);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_utctm.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_utctm.c
+*** crypto/openssl/crypto/asn1/a_utctm.c	Sun Nov 26 06:32:59 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_utctm.c	Fri Aug 16 07:55:54 2002
+***************
+*** 203,209 ****
+  	if (s == NULL)
+  		return(NULL);
+  
+! #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+  	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+  	ts=&data;
+  #else
+--- 203,209 ----
+  	if (s == NULL)
+  		return(NULL);
+  
+! #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
+  	gmtime_r(&t,&data); /* should return &data, but doesn't on some systems, so we don't even look at the return value */
+  	ts=&data;
+  #else
+***************
+*** 246,251 ****
+--- 246,253 ----
+  		ts=(struct tm *)localtime(&t);
+  		}
+  #endif
++ 	if (ts == NULL)
++ 		return(NULL);
+  	p=(char *)s->data;
+  	if ((p == NULL) || (s->length < 14))
+  		{
+***************
+*** 270,275 ****
+--- 272,280 ----
+  int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
+  	{
+  	struct tm *tm;
++ #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
++ 	struct tm data;
++ #endif
+  	int offset;
+  	int year;
+  
+***************
+*** 286,293 ****
+  
+  	t -= offset*60; /* FIXME: may overflow in extreme cases */
+  
+! #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__)
+! 	{ struct tm data; gmtime_r(&t, &data); tm = &data; }
+  #else
+  	tm = gmtime(&t);
+  #endif
+--- 291,299 ----
+  
+  	t -= offset*60; /* FIXME: may overflow in extreme cases */
+  
+! #if defined(THREADS) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_DARWIN)
+! 	gmtime_r(&t, &data);
+! 	tm = &data;
+  #else
+  	tm = gmtime(&t);
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_verify.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_verify.c
+*** crypto/openssl/crypto/asn1/a_verify.c	Sun Nov 26 06:32:59 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_verify.c	Thu Nov 28 03:05:46 2002
+***************
+*** 100,106 ****
+  	EVP_VerifyInit(&ctx,type);
+  	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+  
+! 	memset(buf_in,0,(unsigned int)inl);
+  	OPENSSL_free(buf_in);
+  
+  	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+--- 100,106 ----
+  	EVP_VerifyInit(&ctx,type);
+  	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+  
+! 	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+  	OPENSSL_free(buf_in);
+  
+  	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/asn1.h ../RELENG_4_6/crypto/openssl/crypto/asn1/asn1.h
+*** crypto/openssl/crypto/asn1/asn1.h	Sun Nov 26 06:32:59 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/asn1.h	Mon Dec 17 14:23:13 2001
+***************
+*** 834,841 ****
+  
+  int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
+  
+- void ERR_load_ASN1_strings(void);
+- 
+  /* Not used that much at this point, except for the first two */
+  ASN1_METHOD *X509_asn1_meth(void);
+  ASN1_METHOD *RSAPrivateKey_asn1_meth(void);
+--- 834,839 ----
+***************
+*** 877,882 ****
+--- 875,881 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_ASN1_strings(void);
+  
+  /* Error codes for the ASN1 functions. */
+  
+***************
+*** 1148,1151 ****
+  }
+  #endif
+  #endif
+- 
+--- 1147,1149 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/asn1_lib.c ../RELENG_4_6/crypto/openssl/crypto/asn1/asn1_lib.c
+*** crypto/openssl/crypto/asn1/asn1_lib.c	Wed Jul  4 19:19:12 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/asn1_lib.c	Fri Aug  2 15:00:21 2002
+***************
+*** 57,62 ****
+--- 57,63 ----
+   */
+  
+  #include <stdio.h>
++ #include <limits.h>
+  #include "cryptlib.h"
+  #include <openssl/asn1.h>
+  #include <openssl/asn1_mac.h>
+***************
+*** 124,138 ****
+  		(int)(omax+ *pp));
+  
+  #endif
+! #if 0
+! 	if ((p+ *plength) > (omax+ *pp))
+  		{
+  		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+  		/* Set this so that even if things are not long enough
+  		 * the values are set correctly */
+  		ret|=0x80;
+  		}
+- #endif
+  	*pp=p;
+  	return(ret|inf);
+  err:
+--- 125,137 ----
+  		(int)(omax+ *pp));
+  
+  #endif
+! 	if (*plength > (omax - (p - *pp)))
+  		{
+  		ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG);
+  		/* Set this so that even if things are not long enough
+  		 * the values are set correctly */
+  		ret|=0x80;
+  		}
+  	*pp=p;
+  	return(ret|inf);
+  err:
+***************
+*** 143,149 ****
+  static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
+  	{
+  	unsigned char *p= *pp;
+! 	long ret=0;
+  	int i;
+  
+  	if (max-- < 1) return(0);
+--- 142,148 ----
+  static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
+  	{
+  	unsigned char *p= *pp;
+! 	unsigned long ret=0;
+  	int i;
+  
+  	if (max-- < 1) return(0);
+***************
+*** 159,164 ****
+--- 158,165 ----
+  		i= *p&0x7f;
+  		if (*(p++) & 0x80)
+  			{
++ 			if (i > sizeof(long))
++ 				return 0;
+  			if (max-- == 0) return(0);
+  			while (i-- > 0)
+  				{
+***************
+*** 170,177 ****
+  		else
+  			ret=i;
+  		}
+  	*pp=p;
+! 	*rl=ret;
+  	return(1);
+  	}
+  
+--- 171,180 ----
+  		else
+  			ret=i;
+  		}
++ 	if (ret > LONG_MAX)
++ 		return 0;
+  	*pp=p;
+! 	*rl=(long)ret;
+  	return(1);
+  	}
+  
+***************
+*** 407,413 ****
+  
+  void asn1_add_error(unsigned char *address, int offset)
+  	{
+! 	char buf1[16],buf2[16];
+  
+  	sprintf(buf1,"%lu",(unsigned long)address);
+  	sprintf(buf2,"%d",offset);
+--- 410,416 ----
+  
+  void asn1_add_error(unsigned char *address, int offset)
+  	{
+! 	char buf1[DECIMAL_SIZE(address)+1],buf2[DECIMAL_SIZE(offset)+1];
+  
+  	sprintf(buf1,"%lu",(unsigned long)address);
+  	sprintf(buf2,"%d",offset);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/d2i_dhp.c ../RELENG_4_6/crypto/openssl/crypto/asn1/d2i_dhp.c
+*** crypto/openssl/crypto/asn1/d2i_dhp.c	Sun Aug 20 04:46:05 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/d2i_dhp.c	Thu May 30 08:51:16 2002
+***************
+*** 87,92 ****
+--- 87,93 ----
+  		}
+  
+  	M_ASN1_BIT_STRING_free(bs);
++ 	bs = NULL;
+  
+  	M_ASN1_D2I_Finish_2(a);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/d2i_dsap.c ../RELENG_4_6/crypto/openssl/crypto/asn1/d2i_dsap.c
+*** crypto/openssl/crypto/asn1/d2i_dsap.c	Sun Nov 26 06:33:00 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/d2i_dsap.c	Thu May 30 08:51:16 2002
+***************
+*** 84,89 ****
+--- 84,90 ----
+  	if ((ret->g=BN_bin2bn(bs->data,bs->length,ret->g)) == NULL) goto err_bn;
+  
+  	M_ASN1_BIT_STRING_free(bs);
++ 	bs = NULL;
+  
+  	M_ASN1_D2I_Finish_2(a);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/d2i_r_pr.c ../RELENG_4_6/crypto/openssl/crypto/asn1/d2i_r_pr.c
+*** crypto/openssl/crypto/asn1/d2i_r_pr.c	Sun Aug 20 04:46:05 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/d2i_r_pr.c	Thu May 30 08:51:16 2002
+***************
+*** 108,113 ****
+--- 108,114 ----
+  		goto err_bn;
+  
+  	M_ASN1_INTEGER_free(bs);
++ 	bs = NULL;
+  
+  	M_ASN1_D2I_Finish_2(a);
+  err_bn:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/n_pkey.c ../RELENG_4_6/crypto/openssl/crypto/asn1/n_pkey.c
+*** crypto/openssl/crypto/asn1/n_pkey.c	Sun Nov 26 06:33:00 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/n_pkey.c	Thu Nov 28 03:05:46 2002
+***************
+*** 181,187 ****
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	memset(buf,0,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+--- 181,187 ----
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	OPENSSL_cleanse(buf,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+***************
+*** 292,298 ****
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	memset(buf,0,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+--- 292,298 ----
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	OPENSSL_cleanse(buf,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/p8_pkey.c ../RELENG_4_6/crypto/openssl/crypto/asn1/p8_pkey.c
+*** crypto/openssl/crypto/asn1/p8_pkey.c	Sun Nov 26 06:33:01 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/p8_pkey.c	Thu Nov 28 03:05:46 2002
+***************
+*** 119,126 ****
+  	X509_ALGOR_free(a->pkeyalg);
+  	/* Clear sensitive data */
+  	if (a->pkey->value.octet_string)
+! 		memset (a->pkey->value.octet_string->data,
+! 				 0, a->pkey->value.octet_string->length);
+  	ASN1_TYPE_free (a->pkey);
+  	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+  	OPENSSL_free (a);
+--- 119,126 ----
+  	X509_ALGOR_free(a->pkeyalg);
+  	/* Clear sensitive data */
+  	if (a->pkey->value.octet_string)
+! 		OPENSSL_cleanse(a->pkey->value.octet_string->data,
+! 				a->pkey->value.octet_string->length);
+  	ASN1_TYPE_free (a->pkey);
+  	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+  	OPENSSL_free (a);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/pkcs8.c ../RELENG_4_6/crypto/openssl/crypto/asn1/pkcs8.c
+*** crypto/openssl/crypto/asn1/pkcs8.c	Mon Jan 10 01:21:26 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/pkcs8.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,131 ****
+- /* crypto/asn1/pkcs8.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/asn1_mac.h>
+- #include <openssl/objects.h>
+- 
+- int i2d_X509_KEY(X509 *a, unsigned char **pp)
+- 	{
+- 	M_ASN1_I2D_vars(a);
+- 
+- 	M_ASN1_I2D_len(a->cert_info,	i2d_X509_CINF);
+- 	M_ASN1_I2D_len(a->sig_alg,	i2d_X509_ALGOR);
+- 	M_ASN1_I2D_len(a->signature,	i2d_ASN1_BIT_STRING);
+- 
+- 	M_ASN1_I2D_seq_total();
+- 
+- 	M_ASN1_I2D_put(a->cert_info,	i2d_X509_CINF);
+- 	M_ASN1_I2D_put(a->sig_alg,	i2d_X509_ALGOR);
+- 	M_ASN1_I2D_put(a->signature,	i2d_ASN1_BIT_STRING);
+- 
+- 	M_ASN1_I2D_finish();
+- 	}
+- 
+- X509 *d2i_X509_KEY(X509 **a, unsigned char **pp, long length)
+- 	{
+- 	M_ASN1_D2I_vars(a,X509 *,X509_new);
+- 
+- 	M_ASN1_D2I_Init();
+- 	M_ASN1_D2I_start_sequence();
+- 	M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF);
+- 	M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR);
+- 	M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING);
+- 	M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509);
+- 	}
+- 
+- X509 *X509_KEY_new(void)
+- 	{
+- 	X509_KEY *ret=NULL;
+- 
+- 	M_ASN1_New_Malloc(ret,X509_KEY);
+- 	ret->references=1;
+- 	ret->type=NID
+- 	M_ASN1_New(ret->cert_info,X509_CINF_new);
+- 	M_ASN1_New(ret->sig_alg,X509_ALGOR_new);
+- 	M_ASN1_New(ret->signature,ASN1_BIT_STRING_new);
+- 	return(ret);
+- 	M_ASN1_New_Error(ASN1_F_X509_NEW);
+- 	}
+- 
+- void X509_KEY_free(X509 *a)
+- 	{
+- 	int i;
+- 
+- 	if (a == NULL) return;
+- 
+- 	i=CRYPTO_add_lock(&a->references,-1,CRYPTO_LOCK_X509_KEY);
+- #ifdef REF_PRINT
+- 	REF_PRINT("X509_KEY",a);
+- #endif
+- 	if (i > 0) return;
+- #ifdef REF_CHECK
+- 	if (i < 0)
+- 		{
+- 		fprintf(stderr,"X509_KEY_free, bad reference count\n");
+- 		abort();
+- 		}
+- #endif
+- 
+- 	X509_CINF_free(a->cert_info);
+- 	X509_ALGOR_free(a->sig_alg);
+- 	ASN1_BIT_STRING_free(a->signature);
+- 	Free((char *)a);
+- 	}
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/t_pkey.c ../RELENG_4_6/crypto/openssl/crypto/asn1/t_pkey.c
+*** crypto/openssl/crypto/asn1/t_pkey.c	Sun Nov 26 06:33:01 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/t_pkey.c	Wed Jun 26 10:29:45 2002
+***************
+*** 96,105 ****
+  	char str[128];
+  	const char *s;
+  	unsigned char *m=NULL;
+! 	int i,ret=0;
+  
+! 	i=RSA_size(x);
+! 	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+  	if (m == NULL)
+  		{
+  		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+--- 96,129 ----
+  	char str[128];
+  	const char *s;
+  	unsigned char *m=NULL;
+! 	int ret=0;
+! 	size_t buf_len=0, i;
+  
+! 	if (x->n)
+! 		buf_len = (size_t)BN_num_bytes(x->n);
+! 	if (x->e)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->e)))
+! 			buf_len = i;
+! 	if (x->d)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->d)))
+! 			buf_len = i;
+! 	if (x->p)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->p)))
+! 			buf_len = i;
+! 	if (x->q)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+! 			buf_len = i;
+! 	if (x->dmp1)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->dmp1)))
+! 			buf_len = i;
+! 	if (x->dmq1)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->dmq1)))
+! 			buf_len = i;
+! 	if (x->iqmp)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->iqmp)))
+! 			buf_len = i;
+! 
+! 	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+  	if (m == NULL)
+  		{
+  		RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+***************
+*** 161,182 ****
+  	{
+  	char str[128];
+  	unsigned char *m=NULL;
+! 	int i,ret=0;
+! 	BIGNUM *bn=NULL;
+  
+! 	if (x->p != NULL)
+! 		bn=x->p;
+! 	else if (x->priv_key != NULL)
+! 		bn=x->priv_key;
+! 	else if (x->pub_key != NULL)
+! 		bn=x->pub_key;
+! 		
+! 	/* larger than needed but what the hell :-) */
+! 	if (bn != NULL)
+! 		i=BN_num_bytes(bn)*2;
+! 	else
+! 		i=256;
+! 	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+  	if (m == NULL)
+  		{
+  		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+--- 185,209 ----
+  	{
+  	char str[128];
+  	unsigned char *m=NULL;
+! 	int ret=0;
+! 	size_t buf_len=0,i;
+  
+! 	if (x->p)
+! 		buf_len = (size_t)BN_num_bytes(x->p);
+! 	if (x->q)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+! 			buf_len = i;
+! 	if (x->g)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+! 			buf_len = i;
+! 	if (x->priv_key)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->priv_key)))
+! 			buf_len = i;
+! 	if (x->pub_key)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->pub_key)))
+! 			buf_len = i;
+! 
+! 	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+  	if (m == NULL)
+  		{
+  		DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE);
+***************
+*** 281,290 ****
+  int DHparams_print(BIO *bp, DH *x)
+  	{
+  	unsigned char *m=NULL;
+! 	int reason=ERR_R_BUF_LIB,i,ret=0;
+  
+! 	i=BN_num_bytes(x->p);
+! 	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+  	if (m == NULL)
+  		{
+  		reason=ERR_R_MALLOC_FAILURE;
+--- 308,322 ----
+  int DHparams_print(BIO *bp, DH *x)
+  	{
+  	unsigned char *m=NULL;
+! 	int reason=ERR_R_BUF_LIB,ret=0;
+! 	size_t buf_len=0, i;
+  
+! 	if (x->p)
+! 		buf_len = (size_t)BN_num_bytes(x->p);
+! 	if (x->g)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+! 			buf_len = i;
+! 	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+  	if (m == NULL)
+  		{
+  		reason=ERR_R_MALLOC_FAILURE;
+***************
+*** 334,343 ****
+  int DSAparams_print(BIO *bp, DSA *x)
+  	{
+  	unsigned char *m=NULL;
+! 	int reason=ERR_R_BUF_LIB,i,ret=0;
+  
+! 	i=BN_num_bytes(x->p);
+! 	m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10);
+  	if (m == NULL)
+  		{
+  		reason=ERR_R_MALLOC_FAILURE;
+--- 366,383 ----
+  int DSAparams_print(BIO *bp, DSA *x)
+  	{
+  	unsigned char *m=NULL;
+! 	int reason=ERR_R_BUF_LIB,ret=0;
+! 	size_t buf_len=0, i;
+  
+! 	if (x->p)
+! 		buf_len = (size_t)BN_num_bytes(x->p);
+! 	if (x->q)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->q)))
+! 			buf_len = i;
+! 	if (x->g)
+! 		if (buf_len < (i = (size_t)BN_num_bytes(x->g)))
+! 			buf_len = i;
+! 	m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+  	if (m == NULL)
+  		{
+  		reason=ERR_R_MALLOC_FAILURE;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/t_x509.c ../RELENG_4_6/crypto/openssl/crypto/asn1/t_x509.c
+*** crypto/openssl/crypto/asn1/t_x509.c	Sun Nov 26 06:33:01 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/t_x509.c	Tue Jun 26 08:38:33 2001
+***************
+*** 349,354 ****
+--- 349,356 ----
+  	ll=80-2-obase;
+  
+  	s=X509_NAME_oneline(name,buf,256);
++ 	if (!*s)
++ 		return 1;
+  	s++; /* skip the first slash */
+  
+  	l=ll;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/x_pubkey.c ../RELENG_4_6/crypto/openssl/crypto/asn1/x_pubkey.c
+*** crypto/openssl/crypto/asn1/x_pubkey.c	Sun Nov 26 06:33:02 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/x_pubkey.c	Thu May 30 12:48:08 2002
+***************
+*** 156,162 ****
+  		dsa->write_params=0;
+  		ASN1_TYPE_free(a->parameter);
+  		i=i2d_DSAparams(dsa,NULL);
+! 		p=(unsigned char *)OPENSSL_malloc(i);
+  		pp=p;
+  		i2d_DSAparams(dsa,&pp);
+  		a->parameter=ASN1_TYPE_new();
+--- 156,162 ----
+  		dsa->write_params=0;
+  		ASN1_TYPE_free(a->parameter);
+  		i=i2d_DSAparams(dsa,NULL);
+! 		if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err;
+  		pp=p;
+  		i2d_DSAparams(dsa,&pp);
+  		a->parameter=ASN1_TYPE_new();
+***************
+*** 234,240 ****
+  	a=key->algor;
+  	if (ret->type == EVP_PKEY_DSA)
+  		{
+! 		if (a->parameter->type == V_ASN1_SEQUENCE)
+  			{
+  			ret->pkey.dsa->write_params=0;
+  			p=a->parameter->value.sequence->data;
+--- 234,240 ----
+  	a=key->algor;
+  	if (ret->type == EVP_PKEY_DSA)
+  		{
+! 		if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE))
+  			{
+  			ret->pkey.dsa->write_params=0;
+  			p=a->parameter->value.sequence->data;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/bf/Makefile.save
+*** crypto/openssl/crypto/bf/Makefile.save	Sun Nov 26 06:33:09 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bf/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,118 ****
+- #
+- # SSLeay/crypto/blowfish/Makefile
+- #
+- 
+- DIR=	bf
+- TOP=	../..
+- CC=	cc
+- CPP=	$(CC) -E
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- BF_ENC=		bf_enc.o
+- # or use
+- #DES_ENC=	bx86-elf.o
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=bftest.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c 
+- LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= blowfish.h
+- HEADER=	bf_pi.h bf_locl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- # elf
+- asm/bx86-elf.o: asm/bx86unix.cpp
+- 	$(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o
+- 
+- # solaris
+- asm/bx86-sol.o: asm/bx86unix.cpp
+- 	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+- 	as -o asm/bx86-sol.o asm/bx86-sol.s
+- 	rm -f asm/bx86-sol.s
+- 
+- # a.out
+- asm/bx86-out.o: asm/bx86unix.cpp
+- 	$(CPP) -DOUT asm/bx86unix.cpp | as -o asm/bx86-out.o
+- 
+- # bsdi
+- asm/bx86bsdi.o: asm/bx86unix.cpp
+- 	$(CPP) -DBSDI asm/bx86unix.cpp | sed 's/ :/:/' | as -o asm/bx86bsdi.o
+- 
+- asm/bx86unix.cpp: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+- 	(cd asm; $(PERL) bf-586.pl cpp $(PROCESSOR) >bx86unix.cpp)
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install: installs
+- 
+- installs:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- bf_cfb64.o: ../../include/openssl/blowfish.h
+- bf_cfb64.o: ../../include/openssl/opensslconf.h bf_locl.h
+- bf_ecb.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+- bf_ecb.o: ../../include/openssl/opensslv.h bf_locl.h
+- bf_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+- bf_enc.o: bf_locl.h
+- bf_ofb64.o: ../../include/openssl/blowfish.h
+- bf_ofb64.o: ../../include/openssl/opensslconf.h bf_locl.h
+- bf_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/opensslconf.h
+- bf_skey.o: bf_locl.h bf_pi.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/bf/Makefile.ssl
+*** crypto/openssl/crypto/bf/Makefile.ssl	Wed Jul  4 19:19:13 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bf/Makefile.ssl	Wed Oct  9 09:12:59 2002
+***************
+*** 96,102 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 96,102 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/Makefile.uni ../RELENG_4_6/crypto/openssl/crypto/bf/Makefile.uni
+*** crypto/openssl/crypto/bf/Makefile.uni	Mon Jan 10 01:21:27 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bf/Makefile.uni	Wed Dec 31 19:00:00 1969
+***************
+*** 1,157 ****
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- # make x86-elf  - linux-elf etc
+- # make x86-out  - linux-a.out, FreeBSD etc
+- # make x86-solaris
+- # make x86-bdsi
+- 
+- DIR=	bf
+- TOP=	.
+- # use BF_PTR2 for intel boxes,
+- # BF_PTR for sparc and MIPS/SGI
+- # use nothing for Alpha and HP.
+- 
+- # There are 3 possible performance options, experiment :-)
+- #OPTS= -DBF_PTR  # usr for sparc and MIPS/SGI
+- #OPTS= -DBF_PTR2 # use for pentium
+- OPTS=		 # use for pentium pro, Alpha and HP
+- 
+- MAKE=make -f Makefile
+- #CC=cc
+- #CFLAG= -O
+- 
+- CC=gcc
+- #CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+- CFLAG= -O3 -fomit-frame-pointer
+- 
+- CFLAGS=$(OPTS) $(CFLAG)
+- CPP=$(CC) -E
+- AS=as
+- RANLIB=ranlib
+- 
+- # Assember version of bf_encrypt().
+- BF_ENC=bf_enc.o		# normal C version
+- #BF_ENC=asm/bx86-elf.o	# elf format x86
+- #BF_ENC=asm/bx86-out.o	# a.out format x86
+- #BF_ENC=asm/bx86-sol.o	# solaris format x86 
+- #BF_ENC=asm/bx86bsdi.o	# bsdi format x86 
+- 
+- LIBDIR=/usr/local/lib
+- BINDIR=/usr/local/bin
+- INCDIR=/usr/local/include
+- MANDIR=/usr/local/man
+- MAN1=1
+- MAN3=3
+- SHELL=/bin/sh
+- LIBOBJ=bf_skey.o bf_ecb.o $(BF_ENC) bf_cfb64.o bf_ofb64.o
+- LIBSRC=bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c
+- 
+- GENERAL=Makefile Makefile.ssl Makefile.uni asm bf_locl.org README \
+- 	COPYRIGHT blowfish.doc INSTALL
+- 
+- TESTING=    bftest bfspeed bf_opts
+- TESTING_SRC=bftest.c bfspeed.c bf_opts.c
+- HEADERS=bf_locl.h blowfish.h bf_pi.h
+- 
+- ALL=	$(GENERAL) $(TESTING_SRC) $(LIBSRC) $(HEADERS)
+- 
+- BLIB=	libblowfish.a
+- 
+- all: $(BLIB) $(TESTING)
+- 
+- cc:
+- 	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+- 
+- gcc:
+- 	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+- 
+- x86-elf:
+- 	$(MAKE) BF_ENC='asm/bx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+- 
+- x86-out:
+- 	$(MAKE) BF_ENC='asm/bx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+- 
+- x86-solaris:
+- 	$(MAKE) BF_ENC='asm/bx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+- 
+- x86-bsdi:
+- 	$(MAKE) BF_ENC='asm/bx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+- 
+- # elf
+- asm/bx86-elf.o: asm/bx86unix.cpp
+- 	$(CPP) -DELF asm/bx86unix.cpp | $(AS) -o asm/bx86-elf.o
+- 
+- # solaris
+- asm/bx86-sol.o: asm/bx86unix.cpp
+- 	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+- 	as -o asm/bx86-sol.o asm/bx86-sol.s
+- 	rm -f asm/bx86-sol.s
+- 
+- # a.out
+- asm/bx86-out.o: asm/bx86unix.cpp
+- 	$(CPP) -DOUT asm/bx86unix.cpp | $(AS) -o asm/bx86-out.o
+- 
+- # bsdi
+- asm/bx86bsdi.o: asm/bx86unix.cpp
+- 	$(CPP) -DBSDI asm/bx86unix.cpp | $(AS) -o asm/bx86bsdi.o
+- 
+- asm/bx86unix.cpp:
+- 	(cd asm; perl bf-586.pl cpp >bx86unix.cpp)
+- 	
+- test:	all
+- 	./bftest
+- 
+- $(BLIB): $(LIBOBJ)
+- 	/bin/rm -f $(BLIB)
+- 	ar cr $(BLIB) $(LIBOBJ)
+- 	$(RANLIB) $(BLIB)
+- 
+- bftest: bftest.o $(BLIB)
+- 	$(CC) $(CFLAGS) -o bftest bftest.o $(BLIB)
+- 
+- bfspeed: bfspeed.o $(BLIB)
+- 	$(CC) $(CFLAGS) -o bfspeed bfspeed.o $(BLIB)
+- 
+- bf_opts: bf_opts.o $(BLIB)
+- 	$(CC) $(CFLAGS) -o bf_opts bf_opts.o $(BLIB)
+- 
+- tags:
+- 	ctags $(TESTING_SRC) $(LIBBF)
+- 
+- tar:
+- 	tar chf libbf.tar $(ALL)
+- 
+- shar:
+- 	shar $(ALL) >libbf.shar
+- 
+- depend:
+- 	makedepend $(LIBBF) $(TESTING_SRC)
+- 
+- clean:
+- 	/bin/rm -f *.o tags core $(TESTING) $(BLIB) .nfs* *.old *.bak asm/*.o 
+- 
+- dclean:
+- 	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+- 	mv -f Makefile.new Makefile
+- 
+- # Eric is probably going to choke when he next looks at this --tjh
+- install: $(BLIB)
+- 	if test $(INSTALLTOP); then \
+- 	    echo SSL style install; \
+- 	    cp $(BLIB) $(INSTALLTOP)/lib; \
+- 		$(RANLIB) $(BLIB); \
+- 	    chmod 644 $(INSTALLTOP)/lib/$(BLIB); \
+- 	    cp blowfish.h $(INSTALLTOP)/include; \
+- 	    chmod 644 $(INSTALLTOP)/include/blowfish.h; \
+- 	else \
+- 	    echo Standalone install; \
+- 	    cp $(BLIB) $(LIBDIR)/$(BLIB); \
+- 		$(RANLIB) $(BLIB); \
+- 	    chmod 644 $(LIBDIR)/$(BLIB); \
+- 	    cp blowfish.h $(INCDIR)/blowfish.h; \
+- 	    chmod 644 $(INCDIR)/blowfish.h; \
+- 	fi
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/bftest.c ../RELENG_4_6/crypto/openssl/crypto/bf/bftest.c
+*** crypto/openssl/crypto/bf/bftest.c	Sun Nov 26 06:33:09 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bf/bftest.c	Thu Nov 28 13:55:20 2002
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_BF
+  int main(int argc, char *argv[])
+  {
+***************
+*** 275,281 ****
+  	else
+  		ret=test();
+  
+! 	exit(ret);
+  	return(0);
+  	}
+  
+--- 277,283 ----
+  	else
+  		ret=test();
+  
+! 	EXIT(ret);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/bio/Makefile.save
+*** crypto/openssl/crypto/bio/Makefile.save	Sun Nov 26 06:33:09 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,241 ****
+- #
+- # SSLeay/crypto/bio/Makefile
+- #
+- 
+- DIR=	bio
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC= bio_lib.c bio_cb.c bio_err.c \
+- 	bss_mem.c bss_null.c bss_fd.c \
+- 	bss_file.c bss_sock.c bss_conn.c \
+- 	bf_null.c bf_buff.c b_print.c b_dump.c \
+- 	b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
+- LIBOBJ= bio_lib.o bio_cb.o bio_err.o \
+- 	bss_mem.o bss_null.o bss_fd.o \
+- 	bss_file.o bss_sock.o bss_conn.o \
+- 	bf_null.o bf_buff.o b_print.o b_dump.o \
+- 	b_sock.o bss_acpt.o bf_nbio.o bss_log.o bss_bio.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= bio.h
+- HEADER=	bss_file.c $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER); \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- b_dump.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- b_dump.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- b_dump.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- b_dump.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- b_dump.o: ../cryptlib.h
+- b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- b_print.o: ../cryptlib.h
+- b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- b_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- b_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- b_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- b_sock.o: ../cryptlib.h
+- bf_buff.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- bf_buff.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- bf_buff.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- bf_buff.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- bf_buff.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- bf_buff.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bf_buff.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- bf_buff.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- bf_buff.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- bf_buff.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- bf_buff.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- bf_buff.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bf_buff.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- bf_buff.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- bf_buff.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- bf_buff.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- bf_buff.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- bf_nbio.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- bf_nbio.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- bf_nbio.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- bf_nbio.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- bf_nbio.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- bf_nbio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bf_nbio.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- bf_nbio.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- bf_nbio.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- bf_nbio.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- bf_nbio.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- bf_nbio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bf_nbio.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+- bf_nbio.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- bf_nbio.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- bf_nbio.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- bf_nbio.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bf_nbio.o: ../cryptlib.h
+- bf_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- bf_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- bf_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- bf_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- bf_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- bf_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bf_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- bf_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- bf_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- bf_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- bf_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- bf_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bf_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- bf_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- bf_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- bf_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- bf_null.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- bio_cb.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- bio_cb.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- bio_cb.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- bio_cb.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bio_cb.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bio_cb.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bio_cb.o: ../cryptlib.h
+- bio_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+- bio_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bio_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bio_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bio_lib.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- bio_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- bio_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- bio_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bio_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bio_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bio_lib.o: ../cryptlib.h
+- bss_acpt.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- bss_acpt.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- bss_acpt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- bss_acpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bss_acpt.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bss_acpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bss_acpt.o: ../cryptlib.h
+- bss_bio.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+- bss_bio.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bss_bio.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bss_bio.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bss_bio.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bss_bio.o: ../../include/openssl/symhacks.h
+- bss_conn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- bss_conn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- bss_conn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- bss_conn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bss_conn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bss_conn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bss_conn.o: ../cryptlib.h
+- bss_fd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- bss_fd.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- bss_fd.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- bss_fd.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bss_fd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bss_fd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bss_fd.o: ../cryptlib.h bss_sock.c
+- bss_file.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- bss_file.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- bss_file.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- bss_file.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bss_file.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bss_file.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bss_file.o: ../cryptlib.h
+- bss_log.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- bss_log.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- bss_log.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- bss_log.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bss_log.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bss_log.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bss_log.o: ../cryptlib.h
+- bss_mem.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- bss_mem.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- bss_mem.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- bss_mem.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bss_mem.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bss_mem.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bss_mem.o: ../cryptlib.h
+- bss_null.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- bss_null.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- bss_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- bss_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bss_null.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bss_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bss_null.o: ../cryptlib.h
+- bss_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- bss_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- bss_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- bss_sock.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bss_sock.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bss_sock.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bss_sock.o: ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/bio/Makefile.ssl
+*** crypto/openssl/crypto/bio/Makefile.ssl	Wed Jul  4 19:19:13 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/Makefile.ssl	Wed Oct  9 09:13:03 2002
+***************
+*** 78,84 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 78,84 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 96,108 ****
+  b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+  b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  b_dump.o: ../cryptlib.h
+! b_print.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+! b_print.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+! b_print.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! b_print.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+! b_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! b_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! b_print.o: ../cryptlib.h
+  b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+--- 96,108 ----
+  b_dump.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+  b_dump.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  b_dump.o: ../cryptlib.h
+! b_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+! b_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+! b_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! b_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+! b_print.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! b_print.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+! b_print.o: ../../include/openssl/symhacks.h ../cryptlib.h
+  b_sock.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  b_sock.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  b_sock.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/b_print.c ../RELENG_4_6/crypto/openssl/crypto/bio/b_print.c
+*** crypto/openssl/crypto/bio/b_print.c	Sun Nov 26 06:33:10 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/b_print.c	Fri Aug  2 07:14:06 2002
+***************
+*** 56,61 ****
+--- 56,68 ----
+   * [including the GNU Public Licence.]
+   */
+  
++ /* disable assert() unless BIO_DEBUG has been defined */
++ #ifndef BIO_DEBUG
++ # ifndef NDEBUG
++ #  define NDEBUG
++ # endif
++ #endif
++ 
+  /* 
+   * Stolen from tjh's ssl/ssl_trc.c stuff.
+   */
+***************
+*** 69,74 ****
+--- 76,82 ----
+  #ifndef NO_SYS_TYPES_H
+  #include <sys/types.h>
+  #endif
++ #include <openssl/bn.h>         /* To get BN_LLONG properly defined */
+  #include <openssl/bio.h>
+  
+  #ifdef BN_LLONG
+***************
+*** 101,114 ****
+   * o ...                                       (for OpenSSL)
+   */
+  
+! #if HAVE_LONG_DOUBLE
+  #define LDOUBLE long double
+  #else
+  #define LDOUBLE double
+  #endif
+  
+  #if HAVE_LONG_LONG
+! #define LLONG long long
+  #else
+  #define LLONG long
+  #endif
+--- 109,126 ----
+   * o ...                                       (for OpenSSL)
+   */
+  
+! #ifdef HAVE_LONG_DOUBLE
+  #define LDOUBLE long double
+  #else
+  #define LDOUBLE double
+  #endif
+  
+  #if HAVE_LONG_LONG
+! # if defined(WIN32) && !defined(__GNUC__)
+! # define LLONG _int64
+! # else
+! # define LLONG long long
+! # endif
+  #else
+  #define LLONG long
+  #endif
+***************
+*** 151,157 ****
+  
+  /* some handy macros */
+  #define char_to_int(p) (p - '0')
+! #define MAX(p,q) ((p >= q) ? p : q)
+  
+  static void
+  _dopr(
+--- 163,169 ----
+  
+  /* some handy macros */
+  #define char_to_int(p) (p - '0')
+! #define OSSL_MAX(p,q) ((p >= q) ? p : q)
+  
+  static void
+  _dopr(
+***************
+*** 502,514 ****
+      convert[place] = 0;
+  
+      zpadlen = max - place;
+!     spadlen = min - MAX(max, place) - (signvalue ? 1 : 0);
+      if (zpadlen < 0)
+          zpadlen = 0;
+      if (spadlen < 0)
+          spadlen = 0;
+      if (flags & DP_F_ZERO) {
+!         zpadlen = MAX(zpadlen, spadlen);
+          spadlen = 0;
+      }
+      if (flags & DP_F_MINUS)
+--- 514,526 ----
+      convert[place] = 0;
+  
+      zpadlen = max - place;
+!     spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0);
+      if (zpadlen < 0)
+          zpadlen = 0;
+      if (spadlen < 0)
+          spadlen = 0;
+      if (flags & DP_F_ZERO) {
+!         zpadlen = OSSL_MAX(zpadlen, spadlen);
+          spadlen = 0;
+      }
+      if (flags & DP_F_MINUS)
+***************
+*** 564,570 ****
+  }
+  
+  static long
+! round(LDOUBLE value)
+  {
+      long intpart;
+      intpart = (long) value;
+--- 576,582 ----
+  }
+  
+  static long
+! roundv(LDOUBLE value)
+  {
+      long intpart;
+      intpart = (long) value;
+***************
+*** 616,622 ****
+  
+      /* we "cheat" by converting the fractional part to integer by
+         multiplying by a factor of 10 */
+!     fracpart = round((pow10(max)) * (ufvalue - intpart));
+  
+      if (fracpart >= pow10(max)) {
+          intpart++;
+--- 628,634 ----
+  
+      /* we "cheat" by converting the fractional part to integer by
+         multiplying by a factor of 10 */
+!     fracpart = roundv((pow10(max)) * (ufvalue - intpart));
+  
+      if (fracpart >= pow10(max)) {
+          intpart++;
+***************
+*** 640,646 ****
+              (caps ? "0123456789ABCDEF"
+                : "0123456789abcdef")[fracpart % 10];
+          fracpart = (fracpart / 10);
+!     } while (fracpart && (fplace < 20));
+      if (fplace == 20)
+          fplace--;
+      fconvert[fplace] = 0;
+--- 652,658 ----
+              (caps ? "0123456789ABCDEF"
+                : "0123456789abcdef")[fracpart % 10];
+          fracpart = (fracpart / 10);
+!     } while (fplace < max);
+      if (fplace == 20)
+          fplace--;
+      fconvert[fplace] = 0;
+***************
+*** 711,722 ****
+      if (buffer) {
+  	while (*currlen >= *maxlen) {
+  	    if (*buffer == NULL) {
+- 		assert(*sbuffer != NULL);
+  		if (*maxlen == 0)
+  		    *maxlen = 1024;
+  		*buffer = OPENSSL_malloc(*maxlen);
+! 		if (*currlen > 0)
+  		    memcpy(*buffer, *sbuffer, *currlen);
+  		*sbuffer = NULL;
+  	    } else {
+  		*maxlen += 1024;
+--- 723,735 ----
+      if (buffer) {
+  	while (*currlen >= *maxlen) {
+  	    if (*buffer == NULL) {
+  		if (*maxlen == 0)
+  		    *maxlen = 1024;
+  		*buffer = OPENSSL_malloc(*maxlen);
+! 		if (*currlen > 0) {
+! 		    assert(*sbuffer != NULL);
+  		    memcpy(*buffer, *sbuffer, *currlen);
++ 		}
+  		*sbuffer = NULL;
+  	    } else {
+  		*maxlen += 1024;
+***************
+*** 756,762 ****
+  	{
+  	int ret;
+  	size_t retlen;
+! 	MS_STATIC char hugebuf[1024*10];
+  	char *hugebufp = hugebuf;
+  	size_t hugebufsize = sizeof(hugebuf);
+  	char *dynbuf = NULL;
+--- 769,777 ----
+  	{
+  	int ret;
+  	size_t retlen;
+! 	char hugebuf[1024*2];	/* Was previously 10k, which is unreasonable
+! 				   in small-stack environments, like threads
+! 				   or DOS programs. */
+  	char *hugebufp = hugebuf;
+  	size_t hugebufsize = sizeof(hugebuf);
+  	char *dynbuf = NULL;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/b_sock.c ../RELENG_4_6/crypto/openssl/crypto/bio/b_sock.c
+*** crypto/openssl/crypto/bio/b_sock.c	Wed Jul  4 19:19:13 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/b_sock.c	Fri Mar 29 18:48:29 2002
+***************
+*** 72,80 ****
+  #endif
+  
+  #ifdef SO_MAXCONN
+- #define MAX_LISTEN  SOMAXCONN
+- #elif defined(SO_MAXCONN)
+  #define MAX_LISTEN  SO_MAXCONN
+  #else
+  #define MAX_LISTEN  32
+  #endif
+--- 72,80 ----
+  #endif
+  
+  #ifdef SO_MAXCONN
+  #define MAX_LISTEN  SO_MAXCONN
++ #elif defined(SOMAXCONN)
++ #define MAX_LISTEN  SOMAXCONN
+  #else
+  #define MAX_LISTEN  32
+  #endif
+***************
+*** 95,102 ****
+--- 95,104 ----
+  	} ghbn_cache[GHBN_NUM];
+  
+  static int get_ip(const char *str,unsigned char *ip);
++ #if 0
+  static void ghbn_free(struct hostent *a);
+  static struct hostent *ghbn_dup(struct hostent *a);
++ #endif
+  int BIO_get_host_ip(const char *str, unsigned char *ip)
+  	{
+  	int i;
+***************
+*** 266,271 ****
+--- 268,274 ----
+  	return(1);
+  	}
+  
++ #if 0
+  static struct hostent *ghbn_dup(struct hostent *a)
+  	{
+  	struct hostent *ret;
+***************
+*** 342,362 ****
+  	if (a->h_name != NULL) OPENSSL_free(a->h_name);
+  	OPENSSL_free(a);
+  	}
+  
+  struct hostent *BIO_gethostbyname(const char *name)
+  	{
+  	struct hostent *ret;
+  	int i,lowi=0,j;
+  	unsigned long low= (unsigned long)-1;
+  
+- /*	return(gethostbyname(name)); */
+  
+! #if 0 /* It doesn't make sense to use locking here: The function interface
+! 	   * is not thread-safe, because threads can never be sure when
+! 	   * some other thread destroys the data they were given a pointer to.
+! 	   */
+  	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+! #endif
+  	j=strlen(name);
+  	if (j < 128)
+  		{
+--- 345,371 ----
+  	if (a->h_name != NULL) OPENSSL_free(a->h_name);
+  	OPENSSL_free(a);
+  	}
++ #endif
+  
+  struct hostent *BIO_gethostbyname(const char *name)
+  	{
++ #if 1
++ 	/* Caching gethostbyname() results forever is wrong,
++ 	 * so we have to let the true gethostbyname() worry about this */
++ 	return gethostbyname(name);
++ #else
+  	struct hostent *ret;
+  	int i,lowi=0,j;
+  	unsigned long low= (unsigned long)-1;
+  
+  
+! #  if 0
+! 	/* It doesn't make sense to use locking here: The function interface
+! 	 * is not thread-safe, because threads can never be sure when
+! 	 * some other thread destroys the data they were given a pointer to.
+! 	 */
+  	CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME);
+! #  endif
+  	j=strlen(name);
+  	if (j < 128)
+  		{
+***************
+*** 384,403 ****
+  		 * parameter is 'char *', instead of 'const char *'
+  		 */
+  		ret=gethostbyname(
+! #ifndef CONST_STRICT
+  		    (char *)
+! #endif
+  		    name);
+  
+  		if (ret == NULL)
+  			goto end;
+  		if (j > 128) /* too big to cache */
+  			{
+! #if 0 /* If we were trying to make this function thread-safe (which
+! 	   * is bound to fail), we'd have to give up in this case
+! 	   * (or allocate more memory). */
+  			ret = NULL;
+! #endif
+  			goto end;
+  			}
+  
+--- 393,413 ----
+  		 * parameter is 'char *', instead of 'const char *'
+  		 */
+  		ret=gethostbyname(
+! #  ifndef CONST_STRICT
+  		    (char *)
+! #  endif
+  		    name);
+  
+  		if (ret == NULL)
+  			goto end;
+  		if (j > 128) /* too big to cache */
+  			{
+! #  if 0
+! 			/* If we were trying to make this function thread-safe (which
+! 			 * is bound to fail), we'd have to give up in this case
+! 			 * (or allocate more memory). */
+  			ret = NULL;
+! #  endif
+  			goto end;
+  			}
+  
+***************
+*** 421,431 ****
+  		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
+  		}
+  end:
+! #if 0
+  	CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+! #endif
+  	return(ret);
+  	}
+  
+  int BIO_sock_init(void)
+  	{
+--- 431,443 ----
+  		ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits;
+  		}
+  end:
+! #  if 0
+  	CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME);
+! #  endif
+  	return(ret);
++ #endif
+  	}
++ 
+  
+  int BIO_sock_init(void)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bf_buff.c ../RELENG_4_6/crypto/openssl/crypto/bio/bf_buff.c
+*** crypto/openssl/crypto/bio/bf_buff.c	Sun Nov 26 06:33:10 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/bf_buff.c	Fri Jun  1 04:39:02 2001
+***************
+*** 70,76 ****
+  static int buffer_new(BIO *h);
+  static int buffer_free(BIO *data);
+  static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+! #define DEFAULT_BUFFER_SIZE	1024
+  
+  static BIO_METHOD methods_buffer=
+  	{
+--- 70,76 ----
+  static int buffer_new(BIO *h);
+  static int buffer_free(BIO *data);
+  static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp);
+! #define DEFAULT_BUFFER_SIZE	4096
+  
+  static BIO_METHOD methods_buffer=
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bf_lbuf.c ../RELENG_4_6/crypto/openssl/crypto/bio/bf_lbuf.c
+*** crypto/openssl/crypto/bio/bf_lbuf.c	Sun Nov 26 06:38:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/bf_lbuf.c	Thu Feb 21 09:07:39 2002
+***************
+*** 200,206 ****
+  					}
+  				}
+  
+! #ifdef DEBUG
+  BIO_write(b->next_bio, "<*<", 3);
+  #endif
+  			i=BIO_write(b->next_bio,
+--- 200,206 ----
+  					}
+  				}
+  
+! #if 0
+  BIO_write(b->next_bio, "<*<", 3);
+  #endif
+  			i=BIO_write(b->next_bio,
+***************
+*** 210,222 ****
+  				ctx->obuf_len = orig_olen;
+  				BIO_copy_next_retry(b);
+  
+! #ifdef DEBUG
+  BIO_write(b->next_bio, ">*>", 3);
+  #endif
+  				if (i < 0) return((num > 0)?num:i);
+  				if (i == 0) return(num);
+  				}
+! #ifdef DEBUG
+  BIO_write(b->next_bio, ">*>", 3);
+  #endif
+  			if (i < ctx->obuf_len)
+--- 210,222 ----
+  				ctx->obuf_len = orig_olen;
+  				BIO_copy_next_retry(b);
+  
+! #if 0
+  BIO_write(b->next_bio, ">*>", 3);
+  #endif
+  				if (i < 0) return((num > 0)?num:i);
+  				if (i == 0) return(num);
+  				}
+! #if 0
+  BIO_write(b->next_bio, ">*>", 3);
+  #endif
+  			if (i < ctx->obuf_len)
+***************
+*** 229,248 ****
+  		   buffer if a NL was found and there is anything to write. */
+  		if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
+  			{
+! #ifdef DEBUG
+  BIO_write(b->next_bio, "<*<", 3);
+  #endif
+  			i=BIO_write(b->next_bio,in,p - in);
+  			if (i <= 0)
+  				{
+  				BIO_copy_next_retry(b);
+! #ifdef DEBUG
+  BIO_write(b->next_bio, ">*>", 3);
+  #endif
+  				if (i < 0) return((num > 0)?num:i);
+  				if (i == 0) return(num);
+  				}
+! #ifdef DEBUG
+  BIO_write(b->next_bio, ">*>", 3);
+  #endif
+  			num+=i;
+--- 229,248 ----
+  		   buffer if a NL was found and there is anything to write. */
+  		if ((foundnl || p - in > ctx->obuf_size) && p - in > 0)
+  			{
+! #if 0
+  BIO_write(b->next_bio, "<*<", 3);
+  #endif
+  			i=BIO_write(b->next_bio,in,p - in);
+  			if (i <= 0)
+  				{
+  				BIO_copy_next_retry(b);
+! #if 0
+  BIO_write(b->next_bio, ">*>", 3);
+  #endif
+  				if (i < 0) return((num > 0)?num:i);
+  				if (i == 0) return(num);
+  				}
+! #if 0
+  BIO_write(b->next_bio, ">*>", 3);
+  #endif
+  			num+=i;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bf_nbio.c ../RELENG_4_6/crypto/openssl/crypto/bio/bf_nbio.c
+*** crypto/openssl/crypto/bio/bf_nbio.c	Sun Nov 26 06:33:10 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/bf_nbio.c	Thu May 30 12:48:24 2002
+***************
+*** 104,110 ****
+  	{
+  	NBIO_TEST *nt;
+  
+! 	nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST));
+  	nt->lrn= -1;
+  	nt->lwn= -1;
+  	bi->ptr=(char *)nt;
+--- 104,110 ----
+  	{
+  	NBIO_TEST *nt;
+  
+! 	if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0);
+  	nt->lrn= -1;
+  	nt->lwn= -1;
+  	bi->ptr=(char *)nt;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bio.h ../RELENG_4_6/crypto/openssl/crypto/bio/bio.h
+*** crypto/openssl/crypto/bio/bio.h	Sun Nov 26 06:33:10 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/bio.h	Wed Feb  5 11:52:37 2003
+***************
+*** 241,247 ****
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_fat *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+--- 241,247 ----
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_far *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+***************
+*** 356,363 ****
+  #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+  #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+  #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+! #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2)
+! #define BIO_get_conn_int_port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port)
+  
+  
+  #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+--- 356,363 ----
+  #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port)
+  #define BIO_get_conn_hostname(b)  BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0)
+  #define BIO_get_conn_port(b)      BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1)
+! #define BIO_get_conn_ip(b) 		 BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2)
+! #define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3)
+  
+  
+  #define BIO_set_nbio(b,n)	BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL)
+***************
+*** 431,437 ****
+  #define BIO_set_ssl_renegotiate_bytes(b,num) \
+  	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+  #define BIO_get_num_renegotiates(b) \
+! 	BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL);
+  #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+  	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+  
+--- 431,437 ----
+  #define BIO_set_ssl_renegotiate_bytes(b,num) \
+  	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+  #define BIO_get_num_renegotiates(b) \
+! 	BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
+  #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
+  	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+  
+***************
+*** 588,595 ****
+  void BIO_sock_cleanup(void);
+  int BIO_set_tcp_ndelay(int sock,int turn_on);
+  
+- void ERR_load_BIO_strings(void );
+- 
+  BIO *BIO_new_socket(int sock, int close_flag);
+  BIO *BIO_new_fd(int fd, int close_flag);
+  BIO *BIO_new_connect(char *host_port);
+--- 588,593 ----
+***************
+*** 615,620 ****
+--- 613,619 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_BIO_strings(void);
+  
+  /* Error codes for the BIO functions. */
+  
+***************
+*** 684,687 ****
+  }
+  #endif
+  #endif
+- 
+--- 683,685 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bss_bio.c ../RELENG_4_6/crypto/openssl/crypto/bio/bss_bio.c
+*** crypto/openssl/crypto/bio/bss_bio.c	Sun Nov 26 06:33:11 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/bss_bio.c	Tue May 14 15:04:54 2002
+***************
+*** 7,15 ****
+   * for which no specific BIO method is available.
+   * See ssl/ssltest.c for some hints on how this can be used. */
+  
+  #ifndef BIO_PAIR_DEBUG
+! # undef NDEBUG /* avoid conflicting definitions */
+! # define NDEBUG
+  #endif
+  
+  #include <assert.h>
+--- 7,24 ----
+   * for which no specific BIO method is available.
+   * See ssl/ssltest.c for some hints on how this can be used. */
+  
++ /* BIO_DEBUG implies BIO_PAIR_DEBUG */
++ #ifdef BIO_DEBUG
++ # ifndef BIO_PAIR_DEBUG
++ #  define BIO_PAIR_DEBUG
++ # endif
++ #endif
++ 
++ /* disable assert() unless BIO_PAIR_DEBUG has been defined */
+  #ifndef BIO_PAIR_DEBUG
+! # ifndef NDEBUG
+! #  define NDEBUG
+! # endif
+  #endif
+  
+  #include <assert.h>
+***************
+*** 23,29 ****
+  #include <openssl/crypto.h>
+  
+  #include "openssl/e_os.h"
+! #ifndef SSIZE_MAX
+  # define SSIZE_MAX INT_MAX
+  #endif
+  
+--- 32,43 ----
+  #include <openssl/crypto.h>
+  
+  #include "openssl/e_os.h"
+! 
+! /* VxWorks defines SSiZE_MAX with an empty value causing compile errors */
+! #if defined(VXWORKS)
+! # undef SSIZE_MAX
+! # define SSIZE_MAX INT_MAX
+! #elif !defined(SSIZE_MAX)
+  # define SSIZE_MAX INT_MAX
+  #endif
+  
+***************
+*** 474,480 ****
+  		break;
+  
+  	case BIO_C_GET_WRITE_BUF_SIZE:
+! 		num = (long) b->size;
+  
+  	case BIO_C_MAKE_BIO_PAIR:
+  		{
+--- 488,495 ----
+  		break;
+  
+  	case BIO_C_GET_WRITE_BUF_SIZE:
+! 		ret = (long) b->size;
+! 		break;
+  
+  	case BIO_C_MAKE_BIO_PAIR:
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bss_log.c ../RELENG_4_6/crypto/openssl/crypto/bio/bss_log.c
+*** crypto/openssl/crypto/bio/bss_log.c	Sun Nov 26 06:33:12 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/bss_log.c	Thu Feb 14 10:36:23 2002
+***************
+*** 75,81 ****
+  #  include <starlet.h>
+  #elif defined(__ultrix)
+  #  include <sys/syslog.h>
+! #elif !defined(MSDOS) /* Unix */
+  #  include <syslog.h>
+  #endif
+  
+--- 75,81 ----
+  #  include <starlet.h>
+  #elif defined(__ultrix)
+  #  include <sys/syslog.h>
+! #elif !defined(MSDOS) && !defined(VXWORKS) /* Unix */
+  #  include <syslog.h>
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/bn/Makefile.save
+*** crypto/openssl/crypto/bn/Makefile.save	Sun Nov 26 06:33:17 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,312 ****
+- #
+- # SSLeay/crypto/bn/Makefile
+- #
+- 
+- DIR=	bn
+- TOP=	../..
+- CC=	cc
+- CPP=    $(CC) -E
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- BN_ASM=		bn_asm.o
+- # or use
+- #BN_ASM=	bn86-elf.o
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- # We let the C compiler driver to take care of .s files. This is done in
+- # order to be excused from maintaining a separate set of architecture
+- # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+- # gcc, then the driver will automatically translate it to -xarch=v8plus
+- # and pass it down to assembler.
+- AS=$(CC) -c
+- ASFLAGS=$(CFLAGS)
+- 
+- GENERAL=Makefile
+- TEST=bntest.c exptest.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=	bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c \
+- 	bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c \
+- 	bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_asm.c bn_recp.c bn_mont.c \
+- 	bn_mpi.c bn_exp2.c
+- 
+- LIBOBJ=	bn_add.o bn_div.o bn_exp.o bn_lib.o bn_ctx.o bn_mul.o \
+- 	bn_print.o bn_rand.o bn_shift.o bn_word.o bn_blind.o \
+- 	bn_gcd.o bn_prime.o bn_err.o bn_sqr.o $(BN_ASM) bn_recp.o bn_mont.o \
+- 	bn_mpi.o bn_exp2.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= bn.h
+- HEADER=	bn_lcl.h bn_prime.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- bn_prime.h: bn_prime.pl
+- 	$(PERL) bn_prime.pl >bn_prime.h
+- 
+- divtest: divtest.c ../../libcrypto.a
+- 	cc -I../../include divtest.c -o divtest ../../libcrypto.a
+- 
+- bnbug: bnbug.c ../../libcrypto.a top
+- 	cc -g -I../../include bnbug.c -o bnbug ../../libcrypto.a
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- # elf
+- asm/bn86-elf.o: asm/bn86unix.cpp
+- 	$(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o
+- 
+- asm/co86-elf.o: asm/co86unix.cpp
+- 	$(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o
+- 
+- # solaris
+- asm/bn86-sol.o: asm/bn86unix.cpp
+- 	$(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
+- 	as -o asm/bn86-sol.o asm/bn86-sol.s
+- 	rm -f asm/bn86-sol.s
+- 
+- asm/co86-sol.o: asm/co86unix.cpp
+- 	$(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s
+- 	as -o asm/co86-sol.o asm/co86-sol.s
+- 	rm -f asm/co86-sol.s
+- 
+- # a.out
+- asm/bn86-out.o: asm/bn86unix.cpp
+- 	$(CPP) -DOUT asm/bn86unix.cpp | as -o asm/bn86-out.o
+- 
+- asm/co86-out.o: asm/co86unix.cpp
+- 	$(CPP) -DOUT asm/co86unix.cpp | as -o asm/co86-out.o
+- 
+- # bsdi
+- asm/bn86bsdi.o: asm/bn86unix.cpp
+- 	$(CPP) -DBSDI asm/bn86unix.cpp | sed 's/ :/:/' | as -o asm/bn86bsdi.o
+- 
+- asm/co86bsdi.o: asm/co86unix.cpp
+- 	$(CPP) -DBSDI asm/co86unix.cpp | sed 's/ :/:/' | as -o asm/co86bsdi.o
+- 
+- asm/bn86unix.cpp: asm/bn-586.pl ../perlasm/x86asm.pl
+- 	(cd asm; $(PERL) bn-586.pl cpp >bn86unix.cpp )
+- 
+- asm/co86unix.cpp: asm/co-586.pl ../perlasm/x86asm.pl
+- 	(cd asm; $(PERL) co-586.pl cpp >co86unix.cpp )
+- 
+- asm/sparcv8.o: asm/sparcv8.S
+- 
+- asm/sparcv8plus.o: asm/sparcv8plus.S
+- 
+- # Old GNU assembler doesn't understand V9 instructions, so we
+- # hire /usr/ccs/bin/as to do the job. Note that option is called
+- # *-gcc27, but even gcc 2>=8 users may experience similar problem
+- # if they didn't bother to upgrade GNU assembler. Such users should
+- # not choose this option, but be adviced to *remove* GNU assembler
+- # or upgrade it.
+- asm/sparcv8plus-gcc27.o: asm/sparcv8plus.S
+- 	$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
+- 		/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- exptest:
+- 	rm -f exptest
+- 	gcc -I../../include -g2 -ggdb -o exptest exptest.c ../../libcrypto.a
+- 
+- div:
+- 	rm -f a.out
+- 	gcc -I.. -g div.c ../../libcrypto.a
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- bn_add.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_add.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_add.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_add.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_add.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_add.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_asm.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_asm.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_asm.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_asm.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_asm.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_asm.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_asm.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_blind.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_blind.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_blind.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_blind.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_blind.o: ../../include/openssl/opensslconf.h
+- bn_blind.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bn_blind.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bn_blind.o: ../cryptlib.h bn_lcl.h
+- bn_ctx.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_ctx.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_ctx.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_ctx.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_ctx.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_ctx.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_ctx.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- bn_div.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_div.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_div.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_div.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_div.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_div.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_div.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+- bn_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- bn_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bn_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bn_exp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_exp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_exp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_exp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_exp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_exp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_exp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_exp2.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_exp2.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_exp2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_exp2.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_exp2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_exp2.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_exp2.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_gcd.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_gcd.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_gcd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_gcd.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_gcd.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_gcd.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_gcd.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_lib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_mont.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_mont.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_mont.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_mont.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_mont.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_mont.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_mont.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_mpi.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_mpi.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_mpi.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_mpi.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_mpi.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_mpi.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_mpi.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_mul.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_mul.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_mul.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_mul.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_mul.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_mul.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_mul.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_prime.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_prime.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_prime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_prime.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_prime.o: ../../include/openssl/opensslconf.h
+- bn_prime.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- bn_prime.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_prime.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h bn_prime.h
+- bn_print.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_print.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_print.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_print.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_print.o: ../../include/openssl/opensslconf.h
+- bn_print.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bn_print.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bn_print.o: ../cryptlib.h bn_lcl.h
+- bn_rand.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_rand.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+- bn_rand.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bn_rand.o: ../cryptlib.h bn_lcl.h
+- bn_recp.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_recp.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_recp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_recp.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_recp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_recp.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_recp.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_shift.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_shift.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_shift.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_shift.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_shift.o: ../../include/openssl/opensslconf.h
+- bn_shift.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- bn_shift.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bn_shift.o: ../cryptlib.h bn_lcl.h
+- bn_sqr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_sqr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_sqr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_sqr.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_sqr.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_sqr.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_sqr.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+- bn_word.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- bn_word.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- bn_word.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bn_word.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- bn_word.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bn_word.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- bn_word.o: ../../include/openssl/symhacks.h ../cryptlib.h bn_lcl.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/bn/Makefile.ssl
+*** crypto/openssl/crypto/bn/Makefile.ssl	Wed Jul  4 19:19:14 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/Makefile.ssl	Wed Oct  9 09:13:08 2002
+***************
+*** 124,129 ****
+--- 124,131 ----
+  	$(CC) $(ASFLAGS) -E asm/sparcv8plus.S | \
+  		/usr/ccs/bin/as -xarch=v8plus - -o asm/sparcv8plus-gcc27.o
+  
++ asm/ia64.o: asm/ia64.S
++ 
+  files:
+  	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+  
+***************
+*** 157,163 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 159,165 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/asm/mips3.s ../RELENG_4_6/crypto/openssl/crypto/bn/asm/mips3.s
+*** crypto/openssl/crypto/bn/asm/mips3.s	Wed Jul  4 19:19:15 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/asm/mips3.s	Wed Jul  4 16:17:52 2001
+***************
+*** 1,5 ****
+  .rdata
+! .asciiz "mips3.s, Version 1.0"
+  .asciiz	"MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+  
+  /*
+--- 1,5 ----
+  .rdata
+! .asciiz	"mips3.s, Version 1.1"
+  .asciiz	"MIPS III/IV ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+  
+  /*
+***************
+*** 849,854 ****
+--- 849,855 ----
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
++ 	sltu	c_3,c_2,t_2
+  	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 856,862 ****
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	c_3,c_2,t_2
+  	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 857,864 ----
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	AT,c_2,t_2
+! 	daddu	c_3,AT
+  	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 884,889 ****
+--- 886,892 ----
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
++ 	sltu	c_1,c_3,t_2
+  	dmultu	a_3,b_1		/* mul_add_c(a[3],b[1],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 891,897 ****
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	c_1,c_3,t_2
+  	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 894,901 ----
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	AT,c_3,t_2
+! 	daddu	c_1,AT
+  	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 928,933 ****
+--- 932,938 ----
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
++ 	sltu	c_2,c_1,t_2
+  	dmultu	a_1,b_4		/* mul_add_c(a[1],b[4],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 935,941 ****
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	c_2,c_1,t_2
+  	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 940,947 ----
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	AT,c_1,t_2
+! 	daddu	c_2,AT
+  	dmultu	a_2,b_3		/* mul_add_c(a[2],b[3],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 981,986 ****
+--- 987,993 ----
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
++ 	sltu	c_3,c_2,t_2
+  	dmultu	a_5,b_1		/* mul_add_c(a[5],b[1],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 988,994 ****
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	c_3,c_2,t_2
+  	dmultu	a_4,b_2		/* mul_add_c(a[4],b[2],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 995,1002 ----
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	AT,c_2,t_2
+! 	daddu	c_3,AT
+  	dmultu	a_4,b_2		/* mul_add_c(a[4],b[2],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1043,1048 ****
+--- 1051,1057 ----
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
++ 	sltu	c_1,c_3,t_2
+  	dmultu	a_1,b_6		/* mul_add_c(a[1],b[6],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1050,1056 ****
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	c_1,c_3,t_2
+  	dmultu	a_2,b_5		/* mul_add_c(a[2],b[5],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 1059,1066 ----
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	AT,c_3,t_2
+! 	daddu	c_1,AT
+  	dmultu	a_2,b_5		/* mul_add_c(a[2],b[5],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1114,1119 ****
+--- 1124,1130 ----
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
++ 	sltu	c_2,c_1,t_2
+  	dmultu	a_6,b_2		/* mul_add_c(a[6],b[2],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1121,1127 ****
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	c_2,c_1,t_2
+  	dmultu	a_5,b_3		/* mul_add_c(a[5],b[3],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 1132,1139 ----
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	AT,c_1,t_2
+! 	daddu	c_2,AT
+  	dmultu	a_5,b_3		/* mul_add_c(a[5],b[3],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1176,1181 ****
+--- 1188,1194 ----
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
++ 	sltu	c_3,c_2,t_2
+  	dmultu	a_3,b_6		/* mul_add_c(a[3],b[6],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1183,1189 ****
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	c_3,c_2,t_2
+  	dmultu	a_4,b_5		/* mul_add_c(a[4],b[5],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 1196,1203 ----
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	AT,c_2,t_2
+! 	daddu	c_3,AT
+  	dmultu	a_4,b_5		/* mul_add_c(a[4],b[5],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1229,1234 ****
+--- 1243,1249 ----
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
++ 	sltu	c_1,c_3,t_2
+  	dmultu	a_6,b_4		/* mul_add_c(a[6],b[4],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1236,1242 ****
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	c_1,c_3,t_2
+  	dmultu	a_5,b_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 1251,1258 ----
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	AT,c_3,t_2
+! 	daddu	c_1,AT
+  	dmultu	a_5,b_5		/* mul_add_c(a[5],b[5],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1273,1278 ****
+--- 1289,1295 ----
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
++ 	sltu	c_2,c_1,t_2
+  	dmultu	a_5,b_6		/* mul_add_c(a[5],b[6],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1280,1286 ****
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	c_2,c_1,t_2
+  	dmultu	a_6,b_5		/* mul_add_c(a[6],b[5],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 1297,1304 ----
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	AT,c_1,t_2
+! 	daddu	c_2,AT
+  	dmultu	a_6,b_5		/* mul_add_c(a[6],b[5],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1308,1313 ****
+--- 1326,1332 ----
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
++ 	sltu	c_3,c_2,t_2
+  	dmultu	a_6,b_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1315,1321 ****
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	c_3,c_2,t_2
+  	dmultu	a_5,b_7		/* mul_add_c(a[5],b[7],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 1334,1341 ----
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	AT,c_2,t_2
+! 	daddu	c_3,AT
+  	dmultu	a_5,b_7		/* mul_add_c(a[5],b[7],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1334,1339 ****
+--- 1354,1360 ----
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
++ 	sltu	c_1,c_3,t_2
+  	dmultu	a_7,b_6		/* mul_add_c(a[7],b[6],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1341,1347 ****
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	c_1,c_3,t_2
+  	sd	c_2,104(a0)	/* r[13]=c2; */
+  
+  	dmultu	a_7,b_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+--- 1362,1369 ----
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	AT,c_3,t_2
+! 	daddu	c_1,AT
+  	sd	c_2,104(a0)	/* r[13]=c2; */
+  
+  	dmultu	a_7,b_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+***************
+*** 1430,1435 ****
+--- 1452,1458 ----
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
++ 	sltu	c_3,c_2,t_2
+  	dmultu	a_1,b_2		/* mul_add_c(a[1],b[2],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1437,1443 ****
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	c_3,c_2,t_2
+  	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 1460,1467 ----
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	AT,c_2,t_2
+! 	daddu	c_3,AT
+  	dmultu	a_2,b_1		/* mul_add_c(a[2],b[1],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1465,1470 ****
+--- 1489,1495 ----
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
++ 	sltu	c_1,c_3,t_2
+  	dmultu	a_2,b_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1472,1478 ****
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	c_1,c_3,t_2
+  	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 1497,1504 ----
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	AT,c_3,t_2
+! 	daddu	c_1,AT
+  	dmultu	a_1,b_3		/* mul_add_c(a[1],b[3],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1491,1496 ****
+--- 1517,1523 ----
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
++ 	sltu	c_2,c_1,t_2
+  	dmultu	a_3,b_2		/* mul_add_c(a[3],b[2],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1498,1504 ****
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	c_2,c_1,t_2
+  	sd	c_3,40(a0)
+  
+  	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+--- 1525,1532 ----
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	AT,c_1,t_2
+! 	daddu	c_2,AT
+  	sd	c_3,40(a0)
+  
+  	dmultu	a_3,b_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+***************
+*** 1543,1570 ****
+  	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	c_3,t_2,AT
+- 	daddu	c_2,t_1
+- 	sltu	AT,c_2,t_1
+- 	daddu	t_2,AT
+- 	daddu	c_3,t_2
+- 	sltu	c_1,c_3,t_2
+  	sd	c_2,8(a0)
+  
+  	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	c_2,c_1,t_2
+  	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 1571,1600 ----
+  	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
++ 	slt	c_1,t_2,zero
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	c_3,t_2,AT
+  	sd	c_2,8(a0)
+  
+  	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_2,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	AT,c_1,t_2
+! 	daddu	c_2,AT
+  	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1579,1602 ****
+  	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	c_3,c_2,t_2
+  	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+! 	sltu	AT,c_2,a2
+  	daddu	c_3,AT
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+--- 1609,1634 ----
+  	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_3,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	AT,c_2,t_2
+! 	daddu	c_3,AT
+  	dmultu	a_1,a_2		/* mul_add_c2(a[1],b[2],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_3,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+***************
+*** 1608,1631 ****
+  	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_2,t_1
+! 	sltu	AT,c_2,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_3,a2
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	c_1,c_3,t_2
+  	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_2,t_1
+! 	sltu	AT,c_2,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_3,a2
+! 	sltu	AT,c_3,a2
+  	daddu	c_1,AT
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+--- 1640,1665 ----
+  	dmultu	a_4,a_0		/* mul_add_c2(a[4],b[0],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_1,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	AT,c_3,t_2
+! 	daddu	c_1,AT
+  	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_1,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+***************
+*** 1646,1669 ****
+  	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	c_2,c_1,t_2
+  	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+! 	sltu	AT,c_1,a2
+  	daddu	c_2,AT
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+--- 1680,1705 ----
+  	dmultu	a_0,a_5		/* mul_add_c2(a[0],b[5],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_2,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	AT,c_1,t_2
+! 	daddu	c_2,AT
+  	dmultu	a_1,a_4		/* mul_add_c2(a[1],b[4],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_2,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+***************
+*** 1673,1684 ****
+  	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+! 	sltu	AT,c_1,a2
+  	daddu	c_2,AT
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+--- 1709,1720 ----
+  	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_2,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+***************
+*** 1690,1713 ****
+  	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	c_3,c_2,t_2
+  	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+! 	sltu	AT,c_2,a2
+  	daddu	c_3,AT
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+--- 1726,1751 ----
+  	dmultu	a_6,a_0		/* mul_add_c2(a[6],b[0],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_3,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	AT,c_2,t_2
+! 	daddu	c_3,AT
+  	dmultu	a_5,a_1		/* mul_add_c2(a[5],b[1],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_3,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+***************
+*** 1717,1728 ****
+  	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+! 	sltu	AT,c_2,a2
+  	daddu	c_3,AT
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+--- 1755,1766 ----
+  	dmultu	a_4,a_2		/* mul_add_c2(a[4],b[2],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_3,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+***************
+*** 1743,1766 ****
+  	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_2,t_1
+! 	sltu	AT,c_2,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_3,a2
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	c_1,c_3,t_2
+  	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_2,t_1
+! 	sltu	AT,c_2,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_3,a2
+! 	sltu	AT,c_3,a2
+  	daddu	c_1,AT
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+--- 1781,1806 ----
+  	dmultu	a_0,a_7		/* mul_add_c2(a[0],b[7],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_1,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	AT,c_3,t_2
+! 	daddu	c_1,AT
+  	dmultu	a_1,a_6		/* mul_add_c2(a[1],b[6],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_1,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+***************
+*** 1770,1781 ****
+  	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_2,t_1
+! 	sltu	AT,c_2,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_3,a2
+! 	sltu	AT,c_3,a2
+  	daddu	c_1,AT
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+--- 1810,1821 ----
+  	dmultu	a_2,a_5		/* mul_add_c2(a[2],b[5],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_1,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+***************
+*** 1785,1796 ****
+  	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_2,t_1
+! 	sltu	AT,c_2,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_3,a2
+! 	sltu	AT,c_3,a2
+  	daddu	c_1,AT
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+--- 1825,1836 ----
+  	dmultu	a_3,a_4		/* mul_add_c2(a[3],b[4],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_1,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+***************
+*** 1802,1825 ****
+  	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	c_2,c_1,t_2
+  	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+! 	sltu	AT,c_1,a2
+  	daddu	c_2,AT
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+--- 1842,1867 ----
+  	dmultu	a_7,a_1		/* mul_add_c2(a[7],b[1],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_2,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	AT,c_1,t_2
+! 	daddu	c_2,AT
+  	dmultu	a_6,a_2		/* mul_add_c2(a[6],b[2],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_2,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+***************
+*** 1829,1840 ****
+  	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+! 	sltu	AT,c_1,a2
+  	daddu	c_2,AT
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+--- 1871,1882 ----
+  	dmultu	a_5,a_3		/* mul_add_c2(a[5],b[3],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_2,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+***************
+*** 1855,1878 ****
+  	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	c_3,c_2,t_2
+  	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+! 	sltu	AT,c_2,a2
+  	daddu	c_3,AT
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+--- 1897,1922 ----
+  	dmultu	a_2,a_7		/* mul_add_c2(a[2],b[7],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_3,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	AT,c_2,t_2
+! 	daddu	c_3,AT
+  	dmultu	a_3,a_6		/* mul_add_c2(a[3],b[6],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_3,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+***************
+*** 1882,1893 ****
+  	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+! 	sltu	AT,c_2,a2
+  	daddu	c_3,AT
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+--- 1926,1937 ----
+  	dmultu	a_4,a_5		/* mul_add_c2(a[4],b[5],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_3,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+***************
+*** 1899,1922 ****
+  	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_2,t_1
+! 	sltu	AT,c_2,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_3,a2
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	c_1,c_3,t_2
+  	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_2,t_1
+! 	sltu	AT,c_2,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_3,a2
+! 	sltu	AT,c_3,a2
+  	daddu	c_1,AT
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+--- 1943,1968 ----
+  	dmultu	a_7,a_3		/* mul_add_c2(a[7],b[3],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_1,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	AT,c_3,t_2
+! 	daddu	c_1,AT
+  	dmultu	a_6,a_4		/* mul_add_c2(a[6],b[4],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_1,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+***************
+*** 1937,1960 ****
+  	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	c_2,c_1,t_2
+  	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+! 	sltu	AT,c_1,a2
+  	daddu	c_2,AT
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+--- 1983,2008 ----
+  	dmultu	a_4,a_7		/* mul_add_c2(a[4],b[7],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_2,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	AT,c_1,t_2
+! 	daddu	c_2,AT
+  	dmultu	a_5,a_6		/* mul_add_c2(a[5],b[6],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_2,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+***************
+*** 1966,1980 ****
+  	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	c_3,c_2,t_2
+  	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 2014,2030 ----
+  	dmultu	a_7,a_5		/* mul_add_c2(a[7],b[5],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_3,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	AT,c_2,t_2
+! 	daddu	c_3,AT
+  	dmultu	a_6,a_6		/* mul_add_c(a[6],b[6],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 1989,2003 ****
+  	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_2,t_1
+! 	sltu	AT,c_2,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_3,a2
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	c_1,c_3,t_2
+  	sd	c_2,104(a0)
+  
+  	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+--- 2039,2055 ----
+  	dmultu	a_6,a_7		/* mul_add_c2(a[6],b[7],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_1,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	AT,c_3,t_2
+! 	daddu	c_1,AT
+  	sd	c_2,104(a0)
+  
+  	dmultu	a_7,a_7		/* mul_add_c(a[7],b[7],c3,c1,c2); */
+***************
+*** 2028,2055 ****
+  	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	c_3,t_2,AT
+- 	daddu	c_2,t_1
+- 	sltu	AT,c_2,t_1
+- 	daddu	t_2,AT
+- 	daddu	c_3,t_2
+- 	sltu	c_1,c_3,t_2
+  	sd	c_2,8(a0)
+  
+  	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	c_2,c_1,t_2
+  	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 2080,2109 ----
+  	dmultu	a_0,a_1		/* mul_add_c2(a[0],b[1],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
++ 	slt	c_1,t_2,zero
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	c_3,t_2,AT
+  	sd	c_2,8(a0)
+  
+  	dmultu	a_2,a_0		/* mul_add_c2(a[2],b[0],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_2,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	AT,c_1,t_2
+! 	daddu	c_2,AT
+  	dmultu	a_1,a_1		/* mul_add_c(a[1],b[1],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 2064,2087 ****
+  	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	c_3,c_2,t_2
+  	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_1,t_1
+! 	sltu	AT,c_1,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_2,a2
+! 	sltu	AT,c_2,a2
+  	daddu	c_3,AT
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+--- 2118,2143 ----
+  	dmultu	a_0,a_3		/* mul_add_c2(a[0],b[3],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_3,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+  	daddu	c_2,t_2
+! 	sltu	AT,c_2,t_2
+! 	daddu	c_3,AT
+  	dmultu	a_1,a_2		/* mul_add_c(a2[1],b[2],c1,c2,c3); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	AT,t_2,zero
+  	daddu	c_3,AT
++ 	dsll	t_2,1
++ 	slt	a2,t_1,zero
++ 	daddu	t_2,a2
++ 	dsll	t_1,1
+  	daddu	c_1,t_1
+  	sltu	AT,c_1,t_1
+  	daddu	t_2,AT
+***************
+*** 2093,2107 ****
+  	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_2,t_1
+! 	sltu	AT,c_2,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_3,a2
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	c_1,c_3,t_2
+  	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+--- 2149,2165 ----
+  	dmultu	a_3,a_1		/* mul_add_c2(a[3],b[1],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_1,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_2,t_1
+  	sltu	AT,c_2,t_1
+  	daddu	t_2,AT
+  	daddu	c_3,t_2
+! 	sltu	AT,c_3,t_2
+! 	daddu	c_1,AT
+  	dmultu	a_2,a_2		/* mul_add_c(a[2],b[2],c2,c3,c1); */
+  	mflo	t_1
+  	mfhi	t_2
+***************
+*** 2116,2130 ****
+  	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	daddu	c_3,t_1
+! 	sltu	AT,c_3,t_1
+! 	daddu	a2,t_2,AT
+! 	daddu	c_1,a2
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	c_2,c_1,t_2
+  	sd	c_3,40(a0)
+  
+  	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+--- 2174,2190 ----
+  	dmultu	a_2,a_3		/* mul_add_c2(a[2],b[3],c3,c1,c2); */
+  	mflo	t_1
+  	mfhi	t_2
+! 	slt	c_2,t_2,zero
+! 	dsll	t_2,1
+! 	slt	a2,t_1,zero
+! 	daddu	t_2,a2
+! 	dsll	t_1,1
+  	daddu	c_3,t_1
+  	sltu	AT,c_3,t_1
+  	daddu	t_2,AT
+  	daddu	c_1,t_2
+! 	sltu	AT,c_1,t_2
+! 	daddu	c_2,AT
+  	sd	c_3,40(a0)
+  
+  	dmultu	a_3,a_3		/* mul_add_c(a[3],b[3],c1,c2,c3); */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn.h ../RELENG_4_6/crypto/openssl/crypto/bn/bn.h
+*** crypto/openssl/crypto/bn/bn.h	Wed Jul  4 19:19:14 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn.h	Mon Nov  4 01:25:38 2002
+***************
+*** 90,96 ****
+   * be on.  Again this in only really a problem on machines
+   * using "long long's", are 32bit, and are not using my assembler code. */
+  #if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux)
+! #define BN_DIV2W
+  #endif
+  
+  /* assuming long is 64bit - this is the DEC Alpha
+--- 90,98 ----
+   * be on.  Again this in only really a problem on machines
+   * using "long long's", are 32bit, and are not using my assembler code. */
+  #if defined(MSDOS) || defined(WINDOWS) || defined(WIN32) || defined(linux)
+! # ifndef BN_DIV2W
+! #  define BN_DIV2W
+! # endif
+  #endif
+  
+  /* assuming long is 64bit - this is the DEC Alpha
+***************
+*** 153,159 ****
+  #define BN_BYTES	4
+  #define BN_BITS2	32
+  #define BN_BITS4	16
+! #ifdef WIN32
+  /* VC++ doesn't like the LL suffix */
+  #define BN_MASK		(0xffffffffffffffffL)
+  #else
+--- 155,161 ----
+  #define BN_BYTES	4
+  #define BN_BITS2	32
+  #define BN_BITS4	16
+! #if defined(_MSC_VER) || defined(__BORLANDC__)
+  /* VC++ doesn't like the LL suffix */
+  #define BN_MASK		(0xffffffffffffffffL)
+  #else
+***************
+*** 329,334 ****
+--- 331,337 ----
+  int     BN_rand(BIGNUM *rnd, int bits, int top,int bottom);
+  int     BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom);
+  int	BN_rand_range(BIGNUM *rnd, BIGNUM *range);
++ int	BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+  int	BN_num_bits(const BIGNUM *a);
+  int	BN_num_bits_word(BN_ULONG);
+  BIGNUM *BN_new(void);
+***************
+*** 403,409 ****
+  int	BN_is_prime_fasttest(const BIGNUM *p,int nchecks,
+  		void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg,
+  		int do_trial_division);
+- void	ERR_load_BN_strings(void );
+  
+  BN_MONT_CTX *BN_MONT_CTX_new(void );
+  void BN_MONT_CTX_init(BN_MONT_CTX *ctx);
+--- 406,411 ----
+***************
+*** 411,417 ****
+  			  BN_CTX *ctx);
+  int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+  void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+  BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+  
+  BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+--- 413,419 ----
+  			  BN_CTX *ctx);
+  int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+  void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
+  BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+  
+  BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+***************
+*** 474,479 ****
+--- 476,482 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_BN_strings(void);
+  
+  /* Error codes for the BN functions. */
+  
+***************
+*** 517,520 ****
+  }
+  #endif
+  #endif
+- 
+--- 520,522 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_comba.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_comba.c
+*** crypto/openssl/crypto/bn/bn_comba.c	Mon Jan 10 01:21:28 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_comba.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,345 ****
+- /* crypto/bn/bn_comba.c */
+- #include <stdio.h>
+- #include "bn_lcl.h"
+- /* Auto generated from crypto/bn/comba.pl
+-  */
+- 
+- #undef bn_mul_comba8
+- #undef bn_mul_comba4
+- #undef bn_sqr_comba8
+- #undef bn_sqr_comba4
+- 
+- #ifdef BN_LLONG
+- #define mul_add_c(a,b,c0,c1,c2) \
+- 	t=(BN_ULLONG)a*b; \
+- 	t1=(BN_ULONG)Lw(t); \
+- 	t2=(BN_ULONG)Hw(t); \
+- 	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define mul_add_c2(a,b,c0,c1,c2) \
+- 	t=(BN_ULLONG)a*b; \
+- 	tt=(t+t)&BN_MASK; \
+- 	if (tt < t) c2++; \
+- 	t1=(BN_ULONG)Lw(tt); \
+- 	t2=(BN_ULONG)Hw(tt); \
+- 	c0=(c0+t1)&BN_MASK2;  \
+- 	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define sqr_add_c(a,i,c0,c1,c2) \
+- 	t=(BN_ULLONG)a[i]*a[i]; \
+- 	t1=(BN_ULONG)Lw(t); \
+- 	t2=(BN_ULONG)Hw(t); \
+- 	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define sqr_add_c2(a,i,j,c0,c1,c2) \
+- 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+- #else
+- #define mul_add_c(a,b,c0,c1,c2) \
+- 	t1=LBITS(a); t2=HBITS(a); \
+- 	bl=LBITS(b); bh=HBITS(b); \
+- 	mul64(t1,t2,bl,bh); \
+- 	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define mul_add_c2(a,b,c0,c1,c2) \
+- 	t1=LBITS(a); t2=HBITS(a); \
+- 	bl=LBITS(b); bh=HBITS(b); \
+- 	mul64(t1,t2,bl,bh); \
+- 	if (t2 & BN_TBIT) c2++; \
+- 	t2=(t2+t2)&BN_MASK2; \
+- 	if (t1 & BN_TBIT) t2++; \
+- 	t1=(t1+t1)&BN_MASK2; \
+- 	c0=(c0+t1)&BN_MASK2;  \
+- 	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define sqr_add_c(a,i,c0,c1,c2) \
+- 	sqr64(t1,t2,(a)[i]); \
+- 	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define sqr_add_c2(a,i,j,c0,c1,c2) \
+- 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+- #endif
+- 
+- void bn_mul_comba88(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+- void bn_mul_comba44(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b);
+- void bn_sqr_comba88(BN_ULONG *r,BN_ULONG *a);
+- void bn_sqr_comba44(BN_ULONG *r,BN_ULONG *a);
+- 
+- void bn_mul_comba88(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+- 	{
+- #ifdef BN_LLONG
+- 	BN_ULLONG t;
+- #else
+- 	BN_ULONG bl,bh;
+- #endif
+- 	BN_ULONG t1,t2;
+- 	BN_ULONG c1,c2,c3;
+- 
+- 	c1=0;
+- 	c2=0;
+- 	c3=0;
+- 	mul_add_c(a[0],b[0],c1,c2,c3);
+- 	r[0]=c1;
+- 	c1=0;
+- 	mul_add_c(a[0],b[1],c2,c3,c1);
+- 	mul_add_c(a[1],b[0],c2,c3,c1);
+- 	r[1]=c2;
+- 	c2=0;
+- 	mul_add_c(a[2],b[0],c3,c1,c2);
+- 	mul_add_c(a[1],b[1],c3,c1,c2);
+- 	mul_add_c(a[0],b[2],c3,c1,c2);
+- 	r[2]=c3;
+- 	c3=0;
+- 	mul_add_c(a[0],b[3],c1,c2,c3);
+- 	mul_add_c(a[1],b[2],c1,c2,c3);
+- 	mul_add_c(a[2],b[1],c1,c2,c3);
+- 	mul_add_c(a[3],b[0],c1,c2,c3);
+- 	r[3]=c1;
+- 	c1=0;
+- 	mul_add_c(a[4],b[0],c2,c3,c1);
+- 	mul_add_c(a[3],b[1],c2,c3,c1);
+- 	mul_add_c(a[2],b[2],c2,c3,c1);
+- 	mul_add_c(a[1],b[3],c2,c3,c1);
+- 	mul_add_c(a[0],b[4],c2,c3,c1);
+- 	r[4]=c2;
+- 	c2=0;
+- 	mul_add_c(a[0],b[5],c3,c1,c2);
+- 	mul_add_c(a[1],b[4],c3,c1,c2);
+- 	mul_add_c(a[2],b[3],c3,c1,c2);
+- 	mul_add_c(a[3],b[2],c3,c1,c2);
+- 	mul_add_c(a[4],b[1],c3,c1,c2);
+- 	mul_add_c(a[5],b[0],c3,c1,c2);
+- 	r[5]=c3;
+- 	c3=0;
+- 	mul_add_c(a[6],b[0],c1,c2,c3);
+- 	mul_add_c(a[5],b[1],c1,c2,c3);
+- 	mul_add_c(a[4],b[2],c1,c2,c3);
+- 	mul_add_c(a[3],b[3],c1,c2,c3);
+- 	mul_add_c(a[2],b[4],c1,c2,c3);
+- 	mul_add_c(a[1],b[5],c1,c2,c3);
+- 	mul_add_c(a[0],b[6],c1,c2,c3);
+- 	r[6]=c1;
+- 	c1=0;
+- 	mul_add_c(a[0],b[7],c2,c3,c1);
+- 	mul_add_c(a[1],b[6],c2,c3,c1);
+- 	mul_add_c(a[2],b[5],c2,c3,c1);
+- 	mul_add_c(a[3],b[4],c2,c3,c1);
+- 	mul_add_c(a[4],b[3],c2,c3,c1);
+- 	mul_add_c(a[5],b[2],c2,c3,c1);
+- 	mul_add_c(a[6],b[1],c2,c3,c1);
+- 	mul_add_c(a[7],b[0],c2,c3,c1);
+- 	r[7]=c2;
+- 	c2=0;
+- 	mul_add_c(a[7],b[1],c3,c1,c2);
+- 	mul_add_c(a[6],b[2],c3,c1,c2);
+- 	mul_add_c(a[5],b[3],c3,c1,c2);
+- 	mul_add_c(a[4],b[4],c3,c1,c2);
+- 	mul_add_c(a[3],b[5],c3,c1,c2);
+- 	mul_add_c(a[2],b[6],c3,c1,c2);
+- 	mul_add_c(a[1],b[7],c3,c1,c2);
+- 	r[8]=c3;
+- 	c3=0;
+- 	mul_add_c(a[2],b[7],c1,c2,c3);
+- 	mul_add_c(a[3],b[6],c1,c2,c3);
+- 	mul_add_c(a[4],b[5],c1,c2,c3);
+- 	mul_add_c(a[5],b[4],c1,c2,c3);
+- 	mul_add_c(a[6],b[3],c1,c2,c3);
+- 	mul_add_c(a[7],b[2],c1,c2,c3);
+- 	r[9]=c1;
+- 	c1=0;
+- 	mul_add_c(a[7],b[3],c2,c3,c1);
+- 	mul_add_c(a[6],b[4],c2,c3,c1);
+- 	mul_add_c(a[5],b[5],c2,c3,c1);
+- 	mul_add_c(a[4],b[6],c2,c3,c1);
+- 	mul_add_c(a[3],b[7],c2,c3,c1);
+- 	r[10]=c2;
+- 	c2=0;
+- 	mul_add_c(a[4],b[7],c3,c1,c2);
+- 	mul_add_c(a[5],b[6],c3,c1,c2);
+- 	mul_add_c(a[6],b[5],c3,c1,c2);
+- 	mul_add_c(a[7],b[4],c3,c1,c2);
+- 	r[11]=c3;
+- 	c3=0;
+- 	mul_add_c(a[7],b[5],c1,c2,c3);
+- 	mul_add_c(a[6],b[6],c1,c2,c3);
+- 	mul_add_c(a[5],b[7],c1,c2,c3);
+- 	r[12]=c1;
+- 	c1=0;
+- 	mul_add_c(a[6],b[7],c2,c3,c1);
+- 	mul_add_c(a[7],b[6],c2,c3,c1);
+- 	r[13]=c2;
+- 	c2=0;
+- 	mul_add_c(a[7],b[7],c3,c1,c2);
+- 	r[14]=c3;
+- 	r[15]=c1;
+- 	}
+- 
+- void bn_mul_comba44(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
+- 	{
+- #ifdef BN_LLONG
+- 	BN_ULLONG t;
+- #else
+- 	BN_ULONG bl,bh;
+- #endif
+- 	BN_ULONG t1,t2;
+- 	BN_ULONG c1,c2,c3;
+- 
+- 	c1=0;
+- 	c2=0;
+- 	c3=0;
+- 	mul_add_c(a[0],b[0],c1,c2,c3);
+- 	r[0]=c1;
+- 	c1=0;
+- 	mul_add_c(a[0],b[1],c2,c3,c1);
+- 	mul_add_c(a[1],b[0],c2,c3,c1);
+- 	r[1]=c2;
+- 	c2=0;
+- 	mul_add_c(a[2],b[0],c3,c1,c2);
+- 	mul_add_c(a[1],b[1],c3,c1,c2);
+- 	mul_add_c(a[0],b[2],c3,c1,c2);
+- 	r[2]=c3;
+- 	c3=0;
+- 	mul_add_c(a[0],b[3],c1,c2,c3);
+- 	mul_add_c(a[1],b[2],c1,c2,c3);
+- 	mul_add_c(a[2],b[1],c1,c2,c3);
+- 	mul_add_c(a[3],b[0],c1,c2,c3);
+- 	r[3]=c1;
+- 	c1=0;
+- 	mul_add_c(a[3],b[1],c2,c3,c1);
+- 	mul_add_c(a[2],b[2],c2,c3,c1);
+- 	mul_add_c(a[1],b[3],c2,c3,c1);
+- 	r[4]=c2;
+- 	c2=0;
+- 	mul_add_c(a[2],b[3],c3,c1,c2);
+- 	mul_add_c(a[3],b[2],c3,c1,c2);
+- 	r[5]=c3;
+- 	c3=0;
+- 	mul_add_c(a[3],b[3],c1,c2,c3);
+- 	r[6]=c1;
+- 	r[7]=c2;
+- 	}
+- 
+- void bn_sqr_comba88(BN_ULONG *r, BN_ULONG *a)
+- 	{
+- #ifdef BN_LLONG
+- 	BN_ULLONG t,tt;
+- #else
+- 	BN_ULONG bl,bh;
+- #endif
+- 	BN_ULONG t1,t2;
+- 	BN_ULONG c1,c2,c3;
+- 
+- 	c1=0;
+- 	c2=0;
+- 	c3=0;
+- 	sqr_add_c(a,0,c1,c2,c3);
+- 	r[0]=c1;
+- 	c1=0;
+- 	sqr_add_c2(a,1,0,c2,c3,c1);
+- 	r[1]=c2;
+- 	c2=0;
+- 	sqr_add_c(a,1,c3,c1,c2);
+- 	sqr_add_c2(a,2,0,c3,c1,c2);
+- 	r[2]=c3;
+- 	c3=0;
+- 	sqr_add_c2(a,3,0,c1,c2,c3);
+- 	sqr_add_c2(a,2,1,c1,c2,c3);
+- 	r[3]=c1;
+- 	c1=0;
+- 	sqr_add_c(a,2,c2,c3,c1);
+- 	sqr_add_c2(a,3,1,c2,c3,c1);
+- 	sqr_add_c2(a,4,0,c2,c3,c1);
+- 	r[4]=c2;
+- 	c2=0;
+- 	sqr_add_c2(a,5,0,c3,c1,c2);
+- 	sqr_add_c2(a,4,1,c3,c1,c2);
+- 	sqr_add_c2(a,3,2,c3,c1,c2);
+- 	r[5]=c3;
+- 	c3=0;
+- 	sqr_add_c(a,3,c1,c2,c3);
+- 	sqr_add_c2(a,4,2,c1,c2,c3);
+- 	sqr_add_c2(a,5,1,c1,c2,c3);
+- 	sqr_add_c2(a,6,0,c1,c2,c3);
+- 	r[6]=c1;
+- 	c1=0;
+- 	sqr_add_c2(a,7,0,c2,c3,c1);
+- 	sqr_add_c2(a,6,1,c2,c3,c1);
+- 	sqr_add_c2(a,5,2,c2,c3,c1);
+- 	sqr_add_c2(a,4,3,c2,c3,c1);
+- 	r[7]=c2;
+- 	c2=0;
+- 	sqr_add_c(a,4,c3,c1,c2);
+- 	sqr_add_c2(a,5,3,c3,c1,c2);
+- 	sqr_add_c2(a,6,2,c3,c1,c2);
+- 	sqr_add_c2(a,7,1,c3,c1,c2);
+- 	r[8]=c3;
+- 	c3=0;
+- 	sqr_add_c2(a,7,2,c1,c2,c3);
+- 	sqr_add_c2(a,6,3,c1,c2,c3);
+- 	sqr_add_c2(a,5,4,c1,c2,c3);
+- 	r[9]=c1;
+- 	c1=0;
+- 	sqr_add_c(a,5,c2,c3,c1);
+- 	sqr_add_c2(a,6,4,c2,c3,c1);
+- 	sqr_add_c2(a,7,3,c2,c3,c1);
+- 	r[10]=c2;
+- 	c2=0;
+- 	sqr_add_c2(a,7,4,c3,c1,c2);
+- 	sqr_add_c2(a,6,5,c3,c1,c2);
+- 	r[11]=c3;
+- 	c3=0;
+- 	sqr_add_c(a,6,c1,c2,c3);
+- 	sqr_add_c2(a,7,5,c1,c2,c3);
+- 	r[12]=c1;
+- 	c1=0;
+- 	sqr_add_c2(a,7,6,c2,c3,c1);
+- 	r[13]=c2;
+- 	c2=0;
+- 	sqr_add_c(a,7,c3,c1,c2);
+- 	r[14]=c3;
+- 	r[15]=c1;
+- 	}
+- 
+- void bn_sqr_comba44(BN_ULONG *r, BN_ULONG *a)
+- 	{
+- #ifdef BN_LLONG
+- 	BN_ULLONG t,tt;
+- #else
+- 	BN_ULONG bl,bh;
+- #endif
+- 	BN_ULONG t1,t2;
+- 	BN_ULONG c1,c2,c3;
+- 
+- 	c1=0;
+- 	c2=0;
+- 	c3=0;
+- 	sqr_add_c(a,0,c1,c2,c3);
+- 	r[0]=c1;
+- 	c1=0;
+- 	sqr_add_c2(a,1,0,c2,c3,c1);
+- 	r[1]=c2;
+- 	c2=0;
+- 	sqr_add_c(a,1,c3,c1,c2);
+- 	sqr_add_c2(a,2,0,c3,c1,c2);
+- 	r[2]=c3;
+- 	c3=0;
+- 	sqr_add_c2(a,3,0,c1,c2,c3);
+- 	sqr_add_c2(a,2,1,c1,c2,c3);
+- 	r[3]=c1;
+- 	c1=0;
+- 	sqr_add_c(a,2,c2,c3,c1);
+- 	sqr_add_c2(a,3,1,c2,c3,c1);
+- 	r[4]=c2;
+- 	c2=0;
+- 	sqr_add_c2(a,3,2,c3,c1,c2);
+- 	r[5]=c3;
+- 	c3=0;
+- 	sqr_add_c(a,3,c1,c2,c3);
+- 	r[6]=c1;
+- 	r[7]=c2;
+- 	}
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_div.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_div.c
+*** crypto/openssl/crypto/bn/bn_div.c	Wed Jul  4 19:19:14 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_div.c	Thu May 30 12:48:31 2002
+***************
+*** 128,134 ****
+  
+  #if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W)
+  # if defined(__GNUC__) && __GNUC__>=2
+! #  if defined(__i386)
+     /*
+      * There were two reasons for implementing this template:
+      * - GNU C generates a call to a function (__udivdi3 to be exact)
+--- 128,134 ----
+  
+  #if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W)
+  # if defined(__GNUC__) && __GNUC__>=2
+! #  if defined(__i386) || defined (__i386__)
+     /*
+      * There were two reasons for implementing this template:
+      * - GNU C generates a call to a function (__udivdi3 to be exact)
+***************
+*** 190,199 ****
+  
+  	/* First we normalise the numbers */
+  	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
+! 	BN_lshift(sdiv,divisor,norm_shift);
+  	sdiv->neg=0;
+  	norm_shift+=BN_BITS2;
+! 	BN_lshift(snum,num,norm_shift);
+  	snum->neg=0;
+  	div_n=sdiv->top;
+  	num_n=snum->top;
+--- 190,199 ----
+  
+  	/* First we normalise the numbers */
+  	norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2);
+! 	if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err;
+  	sdiv->neg=0;
+  	norm_shift+=BN_BITS2;
+! 	if (!(BN_lshift(snum,num,norm_shift))) goto err;
+  	snum->neg=0;
+  	div_n=sdiv->top;
+  	num_n=snum->top;
+***************
+*** 315,321 ****
+  		tmp->top=j;
+  
+  		j=wnum.top;
+! 		BN_sub(&wnum,&wnum,tmp);
+  
+  		snum->top=snum->top+wnum.top-j;
+  
+--- 315,321 ----
+  		tmp->top=j;
+  
+  		j=wnum.top;
+! 		if (!BN_sub(&wnum,&wnum,tmp)) goto err;
+  
+  		snum->top=snum->top+wnum.top-j;
+  
+***************
+*** 323,329 ****
+  			{
+  			q--;
+  			j=wnum.top;
+! 			BN_add(&wnum,&wnum,sdiv);
+  			snum->top+=wnum.top-j;
+  			}
+  		*(resp--)=q;
+--- 323,329 ----
+  			{
+  			q--;
+  			j=wnum.top;
+! 			if (!BN_add(&wnum,&wnum,sdiv)) goto err;
+  			snum->top+=wnum.top-j;
+  			}
+  		*(resp--)=q;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_gcd.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_gcd.c
+*** crypto/openssl/crypto/bn/bn_gcd.c	Sun Aug 20 04:46:15 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_gcd.c	Thu May 30 12:48:31 2002
+***************
+*** 168,175 ****
+  		R=in;
+  	if (R == NULL) goto err;
+  
+! 	BN_zero(X);
+! 	BN_one(Y);
+  	if (BN_copy(A,a) == NULL) goto err;
+  	if (BN_copy(B,n) == NULL) goto err;
+  	sign=1;
+--- 168,175 ----
+  		R=in;
+  	if (R == NULL) goto err;
+  
+! 	if (!BN_zero(X)) goto err;
+! 	if (!BN_one(Y)) goto err;
+  	if (BN_copy(A,a) == NULL) goto err;
+  	if (BN_copy(B,n) == NULL) goto err;
+  	sign=1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_lib.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_lib.c
+*** crypto/openssl/crypto/bn/bn_lib.c	Wed Jul  4 19:19:14 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_lib.c	Fri Nov 29 06:30:58 2002
+***************
+*** 263,274 ****
+  	if (a == NULL) return;
+  	if (a->d != NULL)
+  		{
+! 		memset(a->d,0,a->dmax*sizeof(a->d[0]));
+  		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+  			OPENSSL_free(a->d);
+  		}
+  	i=BN_get_flags(a,BN_FLG_MALLOCED);
+! 	memset(a,0,sizeof(BIGNUM));
+  	if (i)
+  		OPENSSL_free(a);
+  	}
+--- 263,274 ----
+  	if (a == NULL) return;
+  	if (a->d != NULL)
+  		{
+! 		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
+  		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+  			OPENSSL_free(a->d);
+  		}
+  	i=BN_get_flags(a,BN_FLG_MALLOCED);
+! 	OPENSSL_cleanse(a,sizeof(BIGNUM));
+  	if (i)
+  		OPENSSL_free(a);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_mont.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_mont.c
+*** crypto/openssl/crypto/bn/bn_mont.c	Sun Nov 26 06:33:18 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_mont.c	Thu May 30 12:48:32 2002
+***************
+*** 224,230 ****
+  
+  	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
+  	if (!BN_add(t2,a,t1)) goto err;
+! 	BN_rshift(ret,t2,mont->ri);
+  #endif /* MONT_WORD */
+  
+  	if (BN_ucmp(ret, &(mont->N)) >= 0)
+--- 224,230 ----
+  
+  	if (!BN_mul(t1,t2,&mont->N,ctx)) goto err;
+  	if (!BN_add(t2,a,t1)) goto err;
+! 	if (!BN_rshift(ret,t2,mont->ri)) goto err;
+  #endif /* MONT_WORD */
+  
+  	if (BN_ucmp(ret, &(mont->N)) >= 0)
+***************
+*** 284,291 ****
+  		BN_ULONG buf[2];
+  
+  		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+! 		BN_zero(R);
+! 		BN_set_bit(R,BN_BITS2);			/* R */
+  
+  		buf[0]=mod->d[0]; /* tmod = N mod word size */
+  		buf[1]=0;
+--- 284,291 ----
+  		BN_ULONG buf[2];
+  
+  		mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+! 		if (!(BN_zero(R))) goto err;
+! 		if (!(BN_set_bit(R,BN_BITS2))) goto err;	/* R */
+  
+  		buf[0]=mod->d[0]; /* tmod = N mod word size */
+  		buf[1]=0;
+***************
+*** 296,331 ****
+  							/* Ri = R^-1 mod N*/
+  		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
+  			goto err;
+! 		BN_lshift(&Ri,&Ri,BN_BITS2);		/* R*Ri */
+  		if (!BN_is_zero(&Ri))
+! 			BN_sub_word(&Ri,1);
+  		else /* if N mod word size == 1 */
+! 			BN_set_word(&Ri,BN_MASK2);  /* Ri-- (mod word size) */
+! 		BN_div(&Ri,NULL,&Ri,&tmod,ctx);	/* Ni = (R*Ri-1)/N,
+! 		                                 * keep only least significant word: */
+  		mont->n0=Ri.d[0];
+  		BN_free(&Ri);
+  		}
+  #else /* !MONT_WORD */
+  		{ /* bignum version */
+  		mont->ri=BN_num_bits(mod);
+! 		BN_zero(R);
+! 		BN_set_bit(R,mont->ri);			/* R = 2^ri */
+  							/* Ri = R^-1 mod N*/
+  		if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
+  			goto err;
+! 		BN_lshift(&Ri,&Ri,mont->ri);		/* R*Ri */
+! 		BN_sub_word(&Ri,1);
+  							/* Ni = (R*Ri-1) / N */
+! 		BN_div(&(mont->Ni),NULL,&Ri,mod,ctx);
+  		BN_free(&Ri);
+  		}
+  #endif
+  
+  	/* setup RR for conversions */
+! 	BN_zero(&(mont->RR));
+! 	BN_set_bit(&(mont->RR),mont->ri*2);
+! 	BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx);
+  
+  	return(1);
+  err:
+--- 296,339 ----
+  							/* Ri = R^-1 mod N*/
+  		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
+  			goto err;
+! 		/* R*Ri */
+! 		if (!(BN_lshift(&Ri,&Ri,BN_BITS2))) goto err;
+  		if (!BN_is_zero(&Ri))
+! 			{
+! 		   	if (!BN_sub_word(&Ri,1)) goto err;
+! 			}
+  		else /* if N mod word size == 1 */
+! 		   	/* Ri-- (mod word size) */
+! 			{
+! 			if (!BN_set_word(&Ri,BN_MASK2)) goto err;
+! 			}
+! 		/* Ni = (R*Ri-1)/N, keep only least significant word: */
+!                 if (!(BN_div(&Ri,NULL,&Ri,&tmod,ctx))) goto err;
+  		mont->n0=Ri.d[0];
+  		BN_free(&Ri);
+  		}
+  #else /* !MONT_WORD */
+  		{ /* bignum version */
+  		mont->ri=BN_num_bits(mod);
+! 		if (!(BN_zero(R))) goto err;
+! 		/* R = 2^ri */
+! 		if (!(BN_set_bit(R,mont->ri))) goto err;
+  							/* Ri = R^-1 mod N*/
+  		if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL)
+  			goto err;
+! 		/* R*Ri */
+! 		if (!(BN_lshift(&Ri,&Ri,mont->ri))) goto err;
+! 		if (!(BN_sub_word(&Ri,1))) goto err;
+  							/* Ni = (R*Ri-1) / N */
+! 		if (!(BN_div(&(mont->Ni),NULL,&Ri,mod,ctx))) goto err;
+  		BN_free(&Ri);
+  		}
+  #endif
+  
+  	/* setup RR for conversions */
+! 	if (!(BN_zero(&(mont->RR)))) goto err;
+! 	if (!(BN_set_bit(&(mont->RR),mont->ri*2))) goto err;
+! 	if (!(BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx))) goto err;
+  
+  	return(1);
+  err:
+***************
+*** 336,344 ****
+  	{
+  	if (to == from) return(to);
+  
+! 	BN_copy(&(to->RR),&(from->RR));
+! 	BN_copy(&(to->N),&(from->N));
+! 	BN_copy(&(to->Ni),&(from->Ni));
+  	to->ri=from->ri;
+  	to->n0=from->n0;
+  	return(to);
+--- 344,352 ----
+  	{
+  	if (to == from) return(to);
+  
+! 	if (!(BN_copy(&(to->RR),&(from->RR)))) return NULL;
+! 	if (!(BN_copy(&(to->N),&(from->N)))) return NULL;
+! 	if (!(BN_copy(&(to->Ni),&(from->Ni)))) return NULL;
+  	to->ri=from->ri;
+  	to->n0=from->n0;
+  	return(to);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_mul.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_mul.c
+*** crypto/openssl/crypto/bn/bn_mul.c	Sun Nov 26 06:33:18 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_mul.c	Thu May 30 12:48:33 2002
+***************
+*** 634,640 ****
+  
+  	if ((al == 0) || (bl == 0))
+  		{
+! 		BN_zero(r);
+  		return(1);
+  		}
+  	top=al+bl;
+--- 634,640 ----
+  
+  	if ((al == 0) || (bl == 0))
+  		{
+! 		if (!BN_zero(r)) goto err;
+  		return(1);
+  		}
+  	top=al+bl;
+***************
+*** 677,690 ****
+  		{
+  		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+  			{
+! 			bn_wexpand(b,al);
+  			b->d[bl]=0;
+  			bl++;
+  			i--;
+  			}
+  		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+  			{
+! 			bn_wexpand(a,bl);
+  			a->d[al]=0;
+  			al++;
+  			i++;
+--- 677,690 ----
+  		{
+  		if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+  			{
+! 			if (bn_wexpand(b,al) == NULL) goto err;
+  			b->d[bl]=0;
+  			bl++;
+  			i--;
+  			}
+  		else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+  			{
+! 			if (bn_wexpand(a,bl) == NULL) goto err;
+  			a->d[al]=0;
+  			al++;
+  			i++;
+***************
+*** 699,714 ****
+  			t = BN_CTX_get(ctx);
+  			if (al == j) /* exact multiple */
+  				{
+! 				bn_wexpand(t,k*2);
+! 				bn_wexpand(rr,k*2);
+  				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+  				}
+  			else
+  				{
+! 				bn_wexpand(a,k);
+! 				bn_wexpand(b,k);
+! 				bn_wexpand(t,k*4);
+! 				bn_wexpand(rr,k*4);
+  				for (i=a->top; i<k; i++)
+  					a->d[i]=0;
+  				for (i=b->top; i<k; i++)
+--- 699,714 ----
+  			t = BN_CTX_get(ctx);
+  			if (al == j) /* exact multiple */
+  				{
+! 				if (bn_wexpand(t,k*2) == NULL) goto err;
+! 				if (bn_wexpand(rr,k*2) == NULL) goto err;
+  				bn_mul_recursive(rr->d,a->d,b->d,al,t->d);
+  				}
+  			else
+  				{
+! 				if (bn_wexpand(a,k) == NULL ) goto err;
+! 				if (bn_wexpand(b,k) == NULL ) goto err;
+! 				if (bn_wexpand(t,k*4) == NULL ) goto err;
+! 				if (bn_wexpand(rr,k*4) == NULL ) goto err;
+  				for (i=a->top; i<k; i++)
+  					a->d[i]=0;
+  				for (i=b->top; i<k; i++)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_opts.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_opts.c
+*** crypto/openssl/crypto/bn/bn_opts.c	Mon Jan 10 01:21:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_opts.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,324 ****
+- /* crypto/bn/expspeed.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- /* most of this code has been pilfered from my libdes speed.c program */
+- 
+- #include <stdio.h>
+- #include <stdlib.h>
+- #include <signal.h>
+- #include <string.h>
+- #include <openssl/crypto.h>
+- #include <openssl/tmdiff.h>
+- #include <openssl/bn.h>
+- #include <openssl/err.h>
+- 
+- #define DEFAULT_SIZE	512
+- #define DEFAULT_TIME	3
+- 
+- int verbose=1;
+- 
+- typedef struct parms_st
+- 	{
+- 	char *name;
+- 	void (*func)();
+- 	BIGNUM r;
+- 	BIGNUM a;
+- 	BIGNUM b;
+- 	BIGNUM c;
+- 	BIGNUM low;
+- 	BN_CTX *ctx;
+- 	BN_MONT_CTX *mont;
+- 	int w;
+- 	} PARMS;
+- 
+- void do_mul_exp(int num,PARMS *p);
+- void do_mul(int num,PARMS *p);
+- void do_sqr(int num,PARMS *p);
+- void do_mul_low(int num,PARMS *p);
+- void do_mul_high(int num,PARMS *p);
+- void do_from_montgomery(int num,PARMS *p);
+- int time_it(int sec, PARMS *p);
+- void do_it(int sec, PARMS *p);
+- 
+- #define P_EXP	1
+- #define P_MUL	2
+- #define P_SQR	3
+- #define P_MULL	4
+- #define P_MULH	5
+- #define P_MRED	6
+- 
+- int main(int argc, char **argv)
+- 	{
+- 	PARMS p;
+- 	BN_MONT_CTX *mont;
+- 	int size=0,num;
+- 	char *name;
+- 	int type=P_EXP;
+- 
+- 	mont=BN_MONT_CTX_new();
+- 	p.mont=NULL;
+- 	p.ctx=BN_CTX_new();
+- 	BN_init(&p.r);
+- 	BN_init(&p.a);
+- 	BN_init(&p.b);
+- 	BN_init(&p.c);
+- 	BN_init(&p.low);
+- 	p.w=0;
+- 
+- 	for (;;)
+- 		{
+- 		if (argc > 1)
+- 			{
+- 			if (argv[1][0] == '-')
+- 				{
+- 				switch(argv[1][1])
+- 					{
+- 				case 'e': type=P_EXP; break;
+- 				case 'm': type=P_MUL; break;
+- 				case 's': type=P_SQR; break;
+- 				case 'l': type=P_MULL; break;
+- 				case 'h': type=P_MULH; break;
+- 				case 'r': type=P_MRED; break;
+- 				default:
+- 					fprintf(stderr,"options: -[emslhr]\n");
+- 					exit(1);
+- 					}
+- 				}
+- 			else
+- 				{
+- 				size=atoi(argv[1]);
+- 				}
+- 			argc--;
+- 			argv++;
+- 			}
+- 		else
+- 			break;
+- 		}
+- 	if (size == 0)
+- 		size=DEFAULT_SIZE;
+- 
+- 	printf("bit size:%5d\n",size);
+- 
+- 	BN_rand(&p.a,size,1,0);
+- 	BN_rand(&p.b,size,1,0);
+- 	BN_rand(&p.c,size,1,1);
+- 	BN_mod(&p.a,&p.a,&p.c,p.ctx);
+- 	BN_mod(&p.b,&p.b,&p.c,p.ctx);
+- 	p.w=(p.a.top+1)/2;
+- 
+- 	BN_mul(&p.low,&p.a,&p.b,p.ctx);
+- 	p.low.top=p.a.top;
+- 	
+- 	switch(type)
+- 		{
+- 	case P_EXP:
+- 		p.name="r=a^b%c";
+- 		p.func=do_mul_exp;
+- 		p.mont=mont;
+- 		break;
+- 	case P_MUL:
+- 		p.name="r=a*b";
+- 		p.func=do_mul;
+- 		break;
+- 	case P_SQR:
+- 		p.name="r=a*a";
+- 		p.func=do_sqr;
+- 		break;
+- 	case P_MULL:
+- 		p.name="r=low(a*b)";
+- 		p.func=do_mul_low;
+- 		break;
+- 	case P_MULH:
+- 		p.name="r=high(a*b)";
+- 		p.func=do_mul_high;
+- 		break;
+- 	case P_MRED:
+- 		p.name="r=montgomery_reduction(a)";
+- 		p.func=do_from_montgomery;
+- 		p.mont=mont;
+- 		break;
+- 	default:
+- 		fprintf(stderr,"options: -[emslhr]\n");
+- 		exit(1);
+- 		}
+- 
+- 	num=time_it(DEFAULT_TIME,&p);
+- 	do_it(num,&p);
+- 	}
+- 
+- void do_it(int num, PARMS *p)
+- 	{
+- 	char *start,*end;
+- 	int i,j,number;
+- 	double d;
+- 
+- 	start=ms_time_new();
+- 	end=ms_time_new();
+- 
+- 	number=BN_num_bits_word((BN_ULONG)BN_num_bits(&(p->c)))-
+- 		BN_num_bits_word(BN_BITS2)+2;
+- 	for (i=number-1; i >=0; i--)
+- 		{
+- 		if (i == 1) continue;
+- 		BN_set_params(i,i,i,1);
+- 		if (p->mont != NULL)
+- 			BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
+- 
+- 		printf("Timing %5d (%2d bit) %2d %2d %2d %2d :",
+- 			(1<<i)*BN_BITS2,i,
+- 				BN_get_params(0),
+- 				BN_get_params(1),
+- 				BN_get_params(2),
+- 				BN_get_params(3));
+- 		fflush(stdout);
+- 
+- 		ms_time_get(start);
+- 		p->func(num,p);
+- 		ms_time_get(end);
+- 		d=ms_time_diff(start,end);
+- 		printf("%6.6f sec, or %d in %.4f seconds\n",
+- 			(double)d/num,num,d);
+- 		}
+- 	}
+- 
+- int time_it(int sec, PARMS *p)
+- 	{
+- 	char *start,*end;
+- 	int i,j;
+- 	double d;
+- 
+- 	if (p->mont != NULL)
+- 		BN_MONT_CTX_set(p->mont,&(p->c),p->ctx);
+- 
+- 	start=ms_time_new();
+- 	end=ms_time_new();
+- 
+- 	i=1;
+- 	for (;;)
+- 		{
+- 		if (verbose)
+- 			printf("timing %s for %d interations\n",p->name,i);
+- 
+- 		ms_time_get(start);
+- 		p->func(i,p);
+- 		ms_time_get(end);
+- 		d=ms_time_diff(start,end);
+- 
+- 		if 	(d < 0.01) i*=100;
+- 		else if (d < 0.1 ) i*=10;
+- 		else if (d > (double)sec) break;
+- 		else
+- 			{
+- 			i=(int)(1.0*i*sec/d);
+- 			break;
+- 			}
+- 		}
+- 	if (verbose)
+- 		printf("using %d interations\n",i);
+- 	return(i);
+- 	}
+- 
+- void do_mul_exp(int num, PARMS *p)
+- 	{
+- 	int i;
+- 
+- 	for (i=0; i<num; i++)
+- 		BN_mod_exp_mont(&(p->r),&(p->a),&(p->b),&(p->c),
+- 			p->ctx,p->mont);
+- 	}
+- 
+- void do_mul(int num, PARMS *p)
+- 	{
+- 	int i;
+- 
+- 	for (i=0; i<num; i++)
+- 		BN_mul(&(p->r),&(p->a),&(p->b),p->ctx);
+- 	}
+- 
+- void do_sqr(int num, PARMS *p)
+- 	{
+- 	int i;
+- 
+- 	for (i=0; i<num; i++)
+- 			BN_sqr(&(p->r),&(p->a),p->ctx);
+- 	}
+- 
+- void do_mul_low(int num, PARMS *p)
+- 	{
+- 	int i;
+- 	
+- 	for (i=0; i<num; i++)
+- 		BN_mul_low(&(p->r),&(p->a),&(p->b),p->w,p->ctx);
+- 	}
+- 
+- void do_mul_high(int num, PARMS *p)
+- 	{
+- 	int i;
+- 
+- 	for (i=0; i<num; i++)
+- 		BN_mul_low(&(p->r),&(p->a),&(p->b),&(p->low),p->w,p->ctx);
+- 	}
+- 
+- void do_from_montgomery(int num, PARMS *p)
+- 	{
+- 	int i;
+- 	
+- 	for (i=0; i<num; i++)
+- 		BN_from_montgomery(&(p->r),&(p->a),p->mont,p->ctx);
+- 	}
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_prime.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_prime.c
+*** crypto/openssl/crypto/bn/bn_prime.c	Sun Aug 20 04:46:15 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_prime.c	Tue Sep  4 18:21:36 2001
+***************
+*** 225,236 ****
+  	BN_MONT_CTX *mont = NULL;
+  	const BIGNUM *A = NULL;
+  
+  	if (checks == BN_prime_checks)
+  		checks = BN_prime_checks_for_size(BN_num_bits(a));
+  
+  	/* first look for small factors */
+  	if (!BN_is_odd(a))
+! 		return(0);
+  	if (do_trial_division)
+  		{
+  		for (i = 1; i < NUMPRIMES; i++)
+--- 225,239 ----
+  	BN_MONT_CTX *mont = NULL;
+  	const BIGNUM *A = NULL;
+  
++ 	if (BN_cmp(a, BN_value_one()) <= 0)
++ 		return 0;
++ 	
+  	if (checks == BN_prime_checks)
+  		checks = BN_prime_checks_for_size(BN_num_bits(a));
+  
+  	/* first look for small factors */
+  	if (!BN_is_odd(a))
+! 		return 0;
+  	if (do_trial_division)
+  		{
+  		for (i = 1; i < NUMPRIMES; i++)
+***************
+*** 289,299 ****
+  	
+  	for (i = 0; i < checks; i++)
+  		{
+! 		if (!BN_pseudo_rand(check, BN_num_bits(A1), 0, 0))
+  			goto err;
+- 		if (BN_cmp(check, A1) >= 0)
+- 			if (!BN_sub(check, check, A1))
+- 				goto err;
+  		if (!BN_add_word(check, 1))
+  			goto err;
+  		/* now 1 <= check < A */
+--- 292,299 ----
+  	
+  	for (i = 0; i < checks; i++)
+  		{
+! 		if (!BN_pseudo_rand_range(check, A1))
+  			goto err;
+  		if (!BN_add_word(check, 1))
+  			goto err;
+  		/* now 1 <= check < A */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_rand.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_rand.c
+*** crypto/openssl/crypto/bn/bn_rand.c	Wed Jul  4 19:19:14 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_rand.c	Fri Nov 29 06:30:58 2002
+***************
+*** 55,60 ****
+--- 55,113 ----
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   */
++ /* ====================================================================
++  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
+  
+  #include <stdio.h>
+  #include <time.h>
+***************
+*** 148,154 ****
+  err:
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,bytes);
+  		OPENSSL_free(buf);
+  		}
+  	return(ret);
+--- 201,207 ----
+  err:
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,bytes);
+  		OPENSSL_free(buf);
+  		}
+  	return(ret);
+***************
+*** 172,179 ****
+  #endif
+  
+  /* random number r:  0 <= r < range */
+! int	BN_rand_range(BIGNUM *r, BIGNUM *range)
+  	{
+  	int n;
+  
+  	if (range->neg || BN_is_zero(range))
+--- 225,233 ----
+  #endif
+  
+  /* random number r:  0 <= r < range */
+! static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range)
+  	{
++ 	int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand;
+  	int n;
+  
+  	if (range->neg || BN_is_zero(range))
+***************
+*** 184,209 ****
+  
+  	n = BN_num_bits(range); /* n > 0 */
+  
+  	if (n == 1)
+  		{
+  		if (!BN_zero(r)) return 0;
+  		}
+! 	else if (BN_is_bit_set(range, n - 2))
+! 		{
+! 		do
+! 			{
+! 			/* range = 11..._2, so each iteration succeeds with probability >= .75 */
+! 			if (!BN_rand(r, n, -1, 0)) return 0;
+! 			}
+! 		while (BN_cmp(r, range) >= 0);
+! 		}
+! 	else
+  		{
+! 		/* range = 10..._2,
+  		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
+  		do
+  			{
+! 			if (!BN_rand(r, n + 1, -1, 0)) return 0;
+  			/* If  r < 3*range,  use  r := r MOD range
+  			 * (which is either  r, r - range,  or  r - 2*range).
+  			 * Otherwise, iterate once more.
+--- 238,256 ----
+  
+  	n = BN_num_bits(range); /* n > 0 */
+  
++ 	/* BN_is_bit_set(range, n - 1) always holds */
++ 
+  	if (n == 1)
+  		{
+  		if (!BN_zero(r)) return 0;
+  		}
+! 	else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3))
+  		{
+! 		/* range = 100..._2,
+  		 * so  3*range (= 11..._2)  is exactly one bit longer than  range */
+  		do
+  			{
+! 			if (!bn_rand(r, n + 1, -1, 0)) return 0;
+  			/* If  r < 3*range,  use  r := r MOD range
+  			 * (which is either  r, r - range,  or  r - 2*range).
+  			 * Otherwise, iterate once more.
+***************
+*** 218,223 ****
+--- 265,290 ----
+  			}
+  		while (BN_cmp(r, range) >= 0);
+  		}
++ 	else
++ 		{
++ 		do
++ 			{
++ 			/* range = 11..._2  or  range = 101..._2 */
++ 			if (!bn_rand(r, n, -1, 0)) return 0;
++ 			}
++ 		while (BN_cmp(r, range) >= 0);
++ 		}
+  
+  	return 1;
++ 	}
++ 
++ 
++ int	BN_rand_range(BIGNUM *r, BIGNUM *range)
++ 	{
++ 	return bn_rand_range(0, r, range);
++ 	}
++ 
++ int	BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range)
++ 	{
++ 	return bn_rand_range(1, r, range);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_sqr.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_sqr.c
+*** crypto/openssl/crypto/bn/bn_sqr.c	Sun Nov 26 06:33:19 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_sqr.c	Wed Sep  5 00:45:45 2001
+***************
+*** 245,251 ****
+  	if (!zero)
+  		bn_sqr_recursive(&(t[n2]),t,n,p);
+  	else
+! 		memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+  	bn_sqr_recursive(r,a,n,p);
+  	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+  
+--- 245,251 ----
+  	if (!zero)
+  		bn_sqr_recursive(&(t[n2]),t,n,p);
+  	else
+! 		memset(&(t[n2]),0,n2*sizeof(BN_ULONG));
+  	bn_sqr_recursive(r,a,n,p);
+  	bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_word.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_word.c
+*** crypto/openssl/crypto/bn/bn_word.c	Sun Nov 26 06:33:19 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_word.c	Mon Oct 14 07:27:11 2002
+***************
+*** 123,129 ****
+  	i=0;
+  	for (;;)
+  		{
+! 		l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+  		a->d[i]=l;
+  		if (w > l)
+  			w=1;
+--- 123,132 ----
+  	i=0;
+  	for (;;)
+  		{
+! 		if (i >= a->top)
+! 			l=w;
+! 		else
+! 			l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+  		a->d[i]=l;
+  		if (w > l)
+  			w=1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bntest.c ../RELENG_4_6/crypto/openssl/crypto/bn/bntest.c
+*** crypto/openssl/crypto/bn/bntest.c	Wed Jul  4 19:19:14 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bntest.c	Thu Nov 28 13:55:24 2002
+***************
+*** 139,148 ****
+  
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) exit(1);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) exit(1);
+  	if (outfile == NULL)
+  		{
+  		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+--- 139,148 ----
+  
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) EXIT(1);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) EXIT(1);
+  	if (outfile == NULL)
+  		{
+  		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+***************
+*** 152,158 ****
+  		if (!BIO_write_filename(out,outfile))
+  			{
+  			perror(outfile);
+! 			exit(1);
+  			}
+  		}
+  
+--- 152,158 ----
+  		if (!BIO_write_filename(out,outfile))
+  			{
+  			perror(outfile);
+! 			EXIT(1);
+  			}
+  		}
+  
+***************
+*** 228,241 ****
+  	BIO_free(out);
+  
+  /**/
+! 	exit(0);
+  err:
+  	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+  	                      * the failure, see test_bn in test/Makefile.ssl*/
+  	BIO_flush(out);
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	exit(1);
+  	return(1);
+  	}
+  
+--- 228,241 ----
+  	BIO_free(out);
+  
+  /**/
+! 	EXIT(0);
+  err:
+  	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+  	                      * the failure, see test_bn in test/Makefile.ssl*/
+  	BIO_flush(out);
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	EXIT(1);
+  	return(1);
+  	}
+  
+***************
+*** 746,752 ****
+  			while ((l=ERR_get_error()))
+  				fprintf(stderr,"ERROR:%s\n",
+  					ERR_error_string(l,NULL));
+! 			exit(1);
+  			}
+  		if (bp != NULL)
+  			{
+--- 746,752 ----
+  			while ((l=ERR_get_error()))
+  				fprintf(stderr,"ERROR:%s\n",
+  					ERR_error_string(l,NULL));
+! 			EXIT(1);
+  			}
+  		if (bp != NULL)
+  			{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/comba.pl ../RELENG_4_6/crypto/openssl/crypto/bn/comba.pl
+*** crypto/openssl/crypto/bn/comba.pl	Mon Jan 10 01:21:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/comba.pl	Wed Dec 31 19:00:00 1969
+***************
+*** 1,285 ****
+- #!/usr/local/bin/perl
+- 
+- $num=8;
+- $num2=8/2;
+- 
+- print <<"EOF";
+- /* crypto/bn/bn_comba.c */
+- #include <stdio.h>
+- #include "bn_lcl.h"
+- /* Auto generated from crypto/bn/comba.pl
+-  */
+- 
+- #undef bn_mul_comba8
+- #undef bn_mul_comba4
+- #undef bn_sqr_comba8
+- #undef bn_sqr_comba4
+- 
+- #ifdef BN_LLONG
+- #define mul_add_c(a,b,c0,c1,c2) \\
+- 	t=(BN_ULLONG)a*b; \\
+- 	t1=(BN_ULONG)Lw(t); \\
+- 	t2=(BN_ULONG)Hw(t); \\
+- 	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define mul_add_c2(a,b,c0,c1,c2) \\
+- 	t=(BN_ULLONG)a*b; \\
+- 	tt=(t+t)&BN_MASK; \\
+- 	if (tt < t) c2++; \\
+- 	t1=(BN_ULONG)Lw(tt); \\
+- 	t2=(BN_ULONG)Hw(tt); \\
+- 	c0=(c0+t1)&BN_MASK2;  \\
+- 	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define sqr_add_c(a,i,c0,c1,c2) \\
+- 	t=(BN_ULLONG)a[i]*a[i]; \\
+- 	t1=(BN_ULONG)Lw(t); \\
+- 	t2=(BN_ULONG)Hw(t); \\
+- 	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define sqr_add_c2(a,i,j,c0,c1,c2) \\
+- 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+- #else
+- #define mul_add_c(a,b,c0,c1,c2) \\
+- 	t1=LBITS(a); t2=HBITS(a); \\
+- 	bl=LBITS(b); bh=HBITS(b); \\
+- 	mul64(t1,t2,bl,bh); \\
+- 	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define mul_add_c2(a,b,c0,c1,c2) \\
+- 	t1=LBITS(a); t2=HBITS(a); \\
+- 	bl=LBITS(b); bh=HBITS(b); \\
+- 	mul64(t1,t2,bl,bh); \\
+- 	if (t2 & BN_TBIT) c2++; \\
+- 	t2=(t2+t2)&BN_MASK2; \\
+- 	if (t1 & BN_TBIT) t2++; \\
+- 	t1=(t1+t1)&BN_MASK2; \\
+- 	c0=(c0+t1)&BN_MASK2;  \\
+- 	if ((c0 < t1) && (((++t2)&BN_MASK2) == 0)) c2++; \\
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define sqr_add_c(a,i,c0,c1,c2) \\
+- 	sqr64(t1,t2,(a)[i]); \\
+- 	c0=(c0+t1)&BN_MASK2; if ((c0) < t1) t2++; \\
+- 	c1=(c1+t2)&BN_MASK2; if ((c1) < t2) c2++;
+- 
+- #define sqr_add_c2(a,i,j,c0,c1,c2) \\
+- 	mul_add_c2((a)[i],(a)[j],c0,c1,c2)
+- #endif
+- 
+- void bn_mul_comba${num}(r,a,b)
+- BN_ULONG *r,*a,*b;
+- 	{
+- #ifdef BN_LLONG
+- 	BN_ULLONG t;
+- #else
+- 	BN_ULONG bl,bh;
+- #endif
+- 	BN_ULONG t1,t2;
+- 	BN_ULONG c1,c2,c3;
+- 
+- EOF
+- $ret=&combas_mul("r","a","b",$num,"c1","c2","c3");
+- printf <<"EOF";
+- 	}
+- 
+- void bn_mul_comba${num2}(r,a,b)
+- BN_ULONG *r,*a,*b;
+- 	{
+- #ifdef BN_LLONG
+- 	BN_ULLONG t;
+- #else
+- 	BN_ULONG bl,bh;
+- #endif
+- 	BN_ULONG t1,t2;
+- 	BN_ULONG c1,c2,c3;
+- 
+- EOF
+- $ret=&combas_mul("r","a","b",$num2,"c1","c2","c3");
+- printf <<"EOF";
+- 	}
+- 
+- void bn_sqr_comba${num}(r,a)
+- BN_ULONG *r,*a;
+- 	{
+- #ifdef BN_LLONG
+- 	BN_ULLONG t,tt;
+- #else
+- 	BN_ULONG bl,bh;
+- #endif
+- 	BN_ULONG t1,t2;
+- 	BN_ULONG c1,c2,c3;
+- 
+- EOF
+- $ret=&combas_sqr("r","a",$num,"c1","c2","c3");
+- printf <<"EOF";
+- 	}
+- 
+- void bn_sqr_comba${num2}(r,a)
+- BN_ULONG *r,*a;
+- 	{
+- #ifdef BN_LLONG
+- 	BN_ULLONG t,tt;
+- #else
+- 	BN_ULONG bl,bh;
+- #endif
+- 	BN_ULONG t1,t2;
+- 	BN_ULONG c1,c2,c3;
+- 
+- EOF
+- $ret=&combas_sqr("r","a",$num2,"c1","c2","c3");
+- printf <<"EOF";
+- 	}
+- EOF
+- 
+- sub bn_str
+- 	{
+- 	local($var,$val)=@_;
+- 	print "\t$var=$val;\n";
+- 	}
+- 
+- sub bn_ary
+- 	{
+- 	local($var,$idx)=@_;
+- 	return("${var}[$idx]");
+- 	}
+- 
+- sub bn_clr
+- 	{
+- 	local($var)=@_;
+- 
+- 	print "\t$var=0;\n";
+- 	}
+- 
+- sub bn_mad
+- 	{
+- 	local($a,$b,$c0,$c1,$c2,$num)=@_;
+- 
+- 	if ($num == 2)
+- 		{ printf("\tmul_add_c2($a,$b,$c0,$c1,$c2);\n"); }
+- 	else
+- 		{ printf("\tmul_add_c($a,$b,$c0,$c1,$c2);\n"); }
+- 	}
+- 
+- sub bn_sad
+- 	{
+- 	local($a,$i,$j,$c0,$c1,$c2,$num)=@_;
+- 
+- 	if ($num == 2)
+- 		{ printf("\tsqr_add_c2($a,$i,$j,$c0,$c1,$c2);\n"); }
+- 	else
+- 		{ printf("\tsqr_add_c($a,$i,$c0,$c1,$c2);\n"); }
+- 	}
+- 
+- sub combas_mul
+- 	{
+- 	local($r,$a,$b,$num,$c0,$c1,$c2)=@_;
+- 	local($i,$as,$ae,$bs,$be,$ai,$bi);
+- 	local($tot,$end);
+- 
+- 	$as=0;
+- 	$ae=0;
+- 	$bs=0;
+- 	$be=0;
+- 	$tot=$num+$num-1;
+- 	&bn_clr($c0);
+- 	&bn_clr($c1);
+- 	for ($i=0; $i<$tot; $i++)
+- 		{
+- 		$ai=$as;
+- 		$bi=$bs;
+- 		$end=$be+1;
+- 		@numa=@numb=();
+- 
+- #print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
+- 		for ($j=$bs; $j<$end; $j++)
+- 			{
+- 			push(@numa,$ai);
+- 			push(@numb,$bi);
+- 			$ai--;
+- 			$bi++;
+- 			}
+- 
+- 		if ($i & 1)
+- 			{
+- 			@numa=reverse(@numa);
+- 			@numb=reverse(@numb);
+- 			}
+- 
+- 		&bn_clr($c2);
+- 		for ($j=0; $j<=$#numa; $j++)
+- 			{
+- 			&bn_mad(&bn_ary($a,$numa[$j]),
+- 				&bn_ary($b,$numb[$j]),$c0,$c1,$c2,1);
+- 			}
+- 		&bn_str(&bn_ary($r,$i),$c0);
+- 		($c0,$c1,$c2)=($c1,$c2,$c0);
+- 
+- 		$as++ if ($i < ($num-1));
+- 		$ae++ if ($i >= ($num-1));
+- 
+- 		$bs++ if ($i >= ($num-1));
+- 		$be++ if ($i < ($num-1));
+- 		}
+- 	&bn_str(&bn_ary($r,$i),$c0);
+- 	}
+- 
+- sub combas_sqr
+- 	{
+- 	local($r,$a,$num,$c0,$c1,$c2)=@_;
+- 	local($i,$as,$ae,$bs,$be,$ai,$bi);
+- 	local($b,$tot,$end,$half);
+- 
+- 	$b=$a;
+- 	$as=0;
+- 	$ae=0;
+- 	$bs=0;
+- 	$be=0;
+- 	$tot=$num+$num-1;
+- 	&bn_clr($c0);
+- 	&bn_clr($c1);
+- 	for ($i=0; $i<$tot; $i++)
+- 		{
+- 		$ai=$as;
+- 		$bi=$bs;
+- 		$end=$be+1;
+- 		@numa=@numb=();
+- 
+- #print "($as $ae) ($bs $be) $bs -> $end [$i $num]\n";
+- 		for ($j=$bs; $j<$end; $j++)
+- 			{
+- 			push(@numa,$ai);
+- 			push(@numb,$bi);
+- 			$ai--;
+- 			$bi++;
+- 			last if ($ai < $bi);
+- 			}
+- 		if (!($i & 1))
+- 			{
+- 			@numa=reverse(@numa);
+- 			@numb=reverse(@numb);
+- 			}
+- 
+- 		&bn_clr($c2);
+- 		for ($j=0; $j <= $#numa; $j++)
+- 			{
+- 			if ($numa[$j] == $numb[$j])
+- 				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,1);}
+- 			else
+- 				{&bn_sad($a,$numa[$j],$numb[$j],$c0,$c1,$c2,2);}
+- 			}
+- 		&bn_str(&bn_ary($r,$i),$c0);
+- 		($c0,$c1,$c2)=($c1,$c2,$c0);
+- 
+- 		$as++ if ($i < ($num-1));
+- 		$ae++ if ($i >= ($num-1));
+- 
+- 		$bs++ if ($i >= ($num-1));
+- 		$be++ if ($i < ($num-1));
+- 		}
+- 	&bn_str(&bn_ary($r,$i),$c0);
+- 	}
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/d.c ../RELENG_4_6/crypto/openssl/crypto/bn/d.c
+*** crypto/openssl/crypto/bn/d.c	Mon Jan 10 01:21:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/d.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,72 ****
+- #include <stdio.h>
+- #include <openssl/bio.h>
+- #include "bn_lcl.h"
+- 
+- #define SIZE_A (100*4+4)
+- #define SIZE_B (13*4)
+- 
+- main(argc,argv)
+- int argc;
+- char *argv[];
+- 	{
+- 	BN_CTX ctx;
+- 	BN_RECP_CTX recp;
+- 	BIGNUM a,b,dd,d,r,rr,t,l;
+- 	int i;
+- 
+- 	MemCheck_start();
+- 	MemCheck_on();
+- 	BN_CTX_init(&ctx);
+- 	BN_RECP_CTX_init(&recp);
+- 
+- 	BN_init(&r);
+- 	BN_init(&rr);
+- 	BN_init(&d);
+- 	BN_init(&dd);
+- 	BN_init(&a);
+- 	BN_init(&b);
+- 
+- 	{
+- 	BN_rand(&a,SIZE_A,0,0);
+- 	BN_rand(&b,SIZE_B,0,0);
+- 
+- 	a.neg=1;
+- 	BN_RECP_CTX_set(&recp,&b,&ctx);
+- 
+- 	BN_print_fp(stdout,&a); printf(" a\n");
+- 	BN_print_fp(stdout,&b); printf(" b\n");
+- 
+- 	BN_print_fp(stdout,&recp.N); printf(" N\n");
+- 	BN_print_fp(stdout,&recp.Nr); printf(" Nr num_bits=%d\n",recp.num_bits);
+- 
+- 	BN_div_recp(&r,&d,&a,&recp,&ctx);
+- 
+- for (i=0; i<300; i++)
+- 	BN_div(&rr,&dd,&a,&b,&ctx);
+- 
+- 	BN_print_fp(stdout,&r); printf(" div recp\n");
+- 	BN_print_fp(stdout,&rr); printf(" div\n");
+- 	BN_print_fp(stdout,&d); printf(" rem recp\n");
+- 	BN_print_fp(stdout,&dd); printf(" rem\n");
+- 	}
+- 	BN_CTX_free(&ctx);
+- 	BN_RECP_CTX_free(&recp);
+- 
+- 	BN_free(&r);
+- 	BN_free(&rr);
+- 	BN_free(&d);
+- 	BN_free(&dd);
+- 	BN_free(&a);
+- 	BN_free(&b);
+- 
+- 	{
+- 	BIO *out;
+- 
+- 	if ((out=BIO_new(BIO_s_file())) != NULL)
+- 		BIO_set_fp(out,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+- 
+-         CRYPTO_mem_leaks(out);
+- 	BIO_free(out);
+- 	}
+- 
+- 	}
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/exptest.c ../RELENG_4_6/crypto/openssl/crypto/bn/exptest.c
+*** crypto/openssl/crypto/bn/exptest.c	Sun Aug 20 04:46:16 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/exptest.c	Thu Nov 28 13:55:26 2002
+***************
+*** 59,64 ****
+--- 59,67 ----
+  #include <stdio.h>
+  #include <stdlib.h>
+  #include <string.h>
++ 
++ #include "../e_os.h"
++ 
+  #include <openssl/bio.h>
+  #include <openssl/bn.h>
+  #include <openssl/rand.h>
+***************
+*** 86,92 ****
+  	ERR_load_BN_strings();
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) exit(1);
+  	r_mont=BN_new();
+  	r_recp=BN_new();
+  	r_simple=BN_new();
+--- 89,95 ----
+  	ERR_load_BN_strings();
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) EXIT(1);
+  	r_mont=BN_new();
+  	r_recp=BN_new();
+  	r_simple=BN_new();
+***************
+*** 99,105 ****
+  
+  	out=BIO_new(BIO_s_file());
+  
+! 	if (out == NULL) exit(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	for (i=0; i<200; i++)
+--- 102,108 ----
+  
+  	out=BIO_new(BIO_s_file());
+  
+! 	if (out == NULL) EXIT(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	for (i=0; i<200; i++)
+***************
+*** 124,130 ****
+  			{
+  			printf("BN_mod_exp_mont() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+--- 127,133 ----
+  			{
+  			printf("BN_mod_exp_mont() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+***************
+*** 132,138 ****
+  			{
+  			printf("BN_mod_exp_recp() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+--- 135,141 ----
+  			{
+  			printf("BN_mod_exp_recp() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+***************
+*** 140,146 ****
+  			{
+  			printf("BN_mod_exp_simple() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		if (BN_cmp(r_simple, r_mont) == 0
+--- 143,149 ----
+  			{
+  			printf("BN_mod_exp_simple() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		if (BN_cmp(r_simple, r_mont) == 0
+***************
+*** 163,169 ****
+  			printf("\nrecp     =");	BN_print(out,r_recp);
+  			printf("\nmont     ="); BN_print(out,r_mont);
+  			printf("\n");
+! 			exit(1);
+  			}
+  		}
+  	BN_free(r_mont);
+--- 166,172 ----
+  			printf("\nrecp     =");	BN_print(out,r_recp);
+  			printf("\nmont     ="); BN_print(out,r_mont);
+  			printf("\n");
+! 			EXIT(1);
+  			}
+  		}
+  	BN_free(r_mont);
+***************
+*** 177,187 ****
+  	CRYPTO_mem_leaks(out);
+  	BIO_free(out);
+  	printf(" done\n");
+! 	exit(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors(out);
+! 	exit(1);
+  	return(1);
+  	}
+  
+--- 180,190 ----
+  	CRYPTO_mem_leaks(out);
+  	BIO_free(out);
+  	printf(" done\n");
+! 	EXIT(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors(out);
+! 	EXIT(1);
+  	return(1);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/new ../RELENG_4_6/crypto/openssl/crypto/bn/new
+*** crypto/openssl/crypto/bn/new	Mon Jan 10 01:21:30 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/new	Wed Dec 31 19:00:00 1969
+***************
+*** 1,23 ****
+- void BN_RECP_CTX_init(BN_RECP_CTX *recp);
+- BN_RECP_CTX *BN_RECP_CTX_new();
+- void BN_RECP_CTX_free(BN_RECP_CTX *recp);
+- int BN_RECP_CTX_set(BN_RECP_CTX *recp,BIGNUM *div,BN_CTX *ctx);
+- 
+- int BN_mod_exp_recp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BIGNUM *m,
+- 	BN_RECP_CTX *recp,BN_CTX *ctx);
+- 
+- int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, BIGNUM *d,
+- 	BN_RECP_CTX *recp, BN_CTX *ctx);
+- int BN_mod_recp(BIGNUM *rem, BIGNUM *m, BIGNUM *d,
+- 	BN_RECP_CTX *recp, BN_CTX *ctx);
+- int BN_mod_mul_recp(BIGNUM *ret,BIGNUM *a,BIGNUM *b,BIGNUM *m
+- 
+- int BN_mod_exp_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *p,
+- 	BN_MONT_CTX *m_ctx,BN_CTX *ctx);
+- int BN_mod_exp2_montgomery(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2,
+-                 BIGNUM *p2,BN_MONT_CTX *m_ctx,BN_CTX *ctx);
+- 
+- 
+- bn_div64 -> bn_div_words
+- 
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/b_sqr.c ../RELENG_4_6/crypto/openssl/crypto/bn/old/b_sqr.c
+*** crypto/openssl/crypto/bn/old/b_sqr.c	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/b_sqr.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,199 ****
+- /* crypto/bn/bn_mul.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include "bn_lcl.h"
+- 
+- static int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
+- 
+- /* r must be different to a and b */
+- /* int BN_mmul(r, a, b) */
+- int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b)
+- 	{
+- 	BN_ULONG *ap,*bp,*rp;
+- 	BIGNUM *sk;
+- 	int i,n,ret;
+- 	int max,al,bl;
+- 	BN_CTX ctx;
+- 
+- 	bn_check_top(a);
+- 	bn_check_top(b);
+- 
+- 	al=a->top;
+- 	bl=b->top;
+- 	if ((al == 0) || (bl == 0))
+- 		{
+- 		r->top=0;
+- 		return(1);
+- 		}
+- #ifdef BN_MUL_DEBUG
+- printf("BN_mul(%d,%d)\n",a->top,b->top);
+- #endif
+- 
+- 	if (	(bn_limit_bits > 0) &&
+- 		(bl > bn_limit_num) && (al > bn_limit_num))
+- 		{
+- 		n=(BN_num_bits_word(al|bl)-bn_limit_bits);
+- 		n*=2;
+- 		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
+- 		memset(sk,0,sizeof(BIGNUM)*n);
+- 		memset(&ctx,0,sizeof(ctx));
+- 
+- 		ret=bn_mm(r,a,b,&(sk[0]),&ctx);
+- 		for (i=0; i<n; i+=2)
+- 			{
+- 			BN_clear_free(&sk[i]);
+- 			BN_clear_free(&sk[i+1]);
+- 			}
+- 		Free(sk);
+- 		return(ret);
+- 		}
+- 
+- 	max=(al+bl);
+- 	if (bn_wexpand(r,max) == NULL) return(0);
+- 	r->top=max;
+- 	r->neg=a->neg^b->neg;
+- 	ap=a->d;
+- 	bp=b->d;
+- 	rp=r->d;
+- 
+- 	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
+- 	rp++;
+- 	for (i=1; i<bl; i++)
+- 		{
+- 		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
+- 		rp++;
+- 		}
+- 	if ((max > 0) && (r->d[max-1] == 0)) r->top--;
+- 	return(1);
+- 	}
+- 
+- 
+- #define ahal	(sk[0])
+- #define blbh	(sk[1])
+- 
+- /* r must be different to a and b */
+- int bn_mm(BIGNUM *m, BIGNUM *A, BIGNUM *B, BIGNUM *sk, BN_CTX *ctx)
+- 	{
+- 	int n,num,sqr=0;
+- 	int an,bn;
+- 	BIGNUM ah,al,bh,bl;
+- 
+- 	an=A->top;
+- 	bn=B->top;
+- #ifdef BN_MUL_DEBUG
+- printf("bn_mm(%d,%d)\n",A->top,B->top);
+- #endif
+- 
+- 	if (A == B) sqr=1;
+- 	num=(an>bn)?an:bn;
+- 	n=(num+1)/2;
+- 	/* Are going to now chop things into 'num' word chunks. */
+- 
+- 	BN_init(&ah);
+- 	BN_init(&al);
+- 	BN_init(&bh);
+- 	BN_init(&bl);
+- 
+- 	bn_set_low (&al,A,n);
+- 	bn_set_high(&ah,A,n);
+- 	bn_set_low (&bl,B,n);
+- 	bn_set_high(&bh,B,n);
+- 
+- 	BN_sub(&ahal,&ah,&al);
+- 	BN_sub(&blbh,&bl,&bh);
+- 
+- 	if (num <= (bn_limit_num+bn_limit_num))
+- 		{
+- 		BN_mul(m,&ahal,&blbh);
+- 		if (sqr)
+- 			{
+- 			BN_sqr(&ahal,&al,ctx);
+- 			BN_sqr(&blbh,&ah,ctx);
+- 			}
+- 		else
+- 			{
+- 			BN_mul(&ahal,&al,&bl);
+- 			BN_mul(&blbh,&ah,&bh);
+- 			}
+- 		}
+- 	else
+- 		{
+- 		bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
+- 		bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
+- 		bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
+- 		}
+- 
+- 	BN_add(m,m,&ahal);
+- 	BN_add(m,m,&blbh);
+- 
+- 	BN_lshift(m,m,n*BN_BITS2);
+- 	BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
+- 
+- 	BN_add(m,m,&ahal);
+- 	BN_add(m,m,&blbh);
+- 
+- 	m->neg=A->neg^B->neg;
+- 	return(1);
+- 	}
+- #undef ahal	(sk[0])
+- #undef blbh	(sk[1])
+- 
+- #include "bn_low.c"
+- #include "bn_high.c"
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/bn_com.c ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_com.c
+*** crypto/openssl/crypto/bn/old/bn_com.c	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_com.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,90 ****
+- /* crypto/bn/bn_mulw.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include "bn_lcl.h"
+- 
+- #ifdef BN_LLONG 
+- 
+- ab
+- 12
+-    a2 b2
+- a1 b1
+- 
+- abc
+- 123
+-       a3 b3 c3
+-    a2 b2 c2
+- a1 b1 c1
+- 
+- abcd
+- 1234
+-          a4 b4 c4 d4
+-       a3 b3 c3 d3
+-    a2 b2 c2 d2
+- a1 b1 c1 d1
+- 
+- abcde
+- 01234
+-                a5 b5 c5 d5 e5
+-             a4 b4 c4 d4 e4
+-          a3 b3 c3 d3 e3
+-       a2 b2 c2 d2 e2
+-    a1 b1 c1 d1 e1
+- a0 b0 c0 d0 e0
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/bn_high.c ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_high.c
+*** crypto/openssl/crypto/bn/old/bn_high.c	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_high.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,135 ****
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include "bn_lcl.h"
+- 
+- #undef BN_MUL_HIGH_DEBUG
+- 
+- #ifdef BN_MUL_HIGH_DEBUG
+- #define debug_BN_print(a,b,c) BN_print_fp(a,b); printf(c);
+- #else
+- #define debug_BN_print(a,b,c)
+- #endif
+- 
+- int BN_mul_high(BIGNUM *r,BIGNUM *a,BIGNUM *b,BIGNUM *low, int words);
+- 
+- #undef t1
+- #undef t2
+- 
+- int BN_mul_high(BIGNUM *r, BIGNUM *a, BIGNUM *b, BIGNUM *low, int words)
+- 	{
+- 	int w2,borrow=0,full=0;
+- 	BIGNUM t1,t2,t3,h,ah,al,bh,bl,m,s0,s1;
+- 	BN_ULONG ul1,ul2;
+- 	
+- 	BN_mul(r,a,b);
+- 	BN_rshift(r,r,words*BN_BITS2);
+- 	return(1);
+- 
+- 	w2=(words+1)/2;
+- 
+- #ifdef BN_MUL_HIGH_DEBUG
+- fprintf(stdout,"words=%d w2=%d\n",words,w2);
+- #endif
+- debug_BN_print(stdout,a," a\n");
+- debug_BN_print(stdout,b," b\n");
+- debug_BN_print(stdout,low," low\n");
+- 	BN_init(&al); BN_init(&ah);
+- 	BN_init(&bl); BN_init(&bh);
+- 	BN_init(&t1); BN_init(&t2); BN_init(&t3);
+- 	BN_init(&s0); BN_init(&s1);
+- 	BN_init(&h); BN_init(&m);
+- 
+- 	bn_set_low (&al,a,w2);
+- 	bn_set_high(&ah,a,w2);
+- 	bn_set_low (&bl,b,w2);
+- 	bn_set_high(&bh,b,w2);
+- 
+- 	bn_set_low(&s0,low,w2);
+- 	bn_set_high(&s1,low,w2);
+- 
+- debug_BN_print(stdout,&al," al\n");
+- debug_BN_print(stdout,&ah," ah\n");
+- debug_BN_print(stdout,&bl," bl\n");
+- debug_BN_print(stdout,&bh," bh\n");
+- debug_BN_print(stdout,&s0," s0\n");
+- debug_BN_print(stdout,&s1," s1\n");
+- 
+- 	/* Calculate (al-ah)*(bh-bl) */
+- 	BN_sub(&t1,&al,&ah);
+- 	BN_sub(&t2,&bh,&bl);
+- 	BN_mul(&m,&t1,&t2);
+- 
+- 	/* Calculate ah*bh */
+- 	BN_mul(&h,&ah,&bh);
+- 
+- 	/* s0 == low(al*bl)
+- 	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+- 	 * We know s0 and s1 so the only unknown is high(al*bl)
+- 	 * high(al*bl) == s1 - low(ah*bh+(al-ah)*(bh-bl)+s0)
+- 	 */
+- 	BN_add(&m,&m,&h);
+- 	BN_add(&t2,&m,&s0);
+- 
+- debug_BN_print(stdout,&t2," middle value\n");
+- 
+- 	/* Quick and dirty mask off of high words */
+- 	if (w2 < t2.top) t2.top=w2;
+- #if 0
+- 	bn_set_low(&t3,&t2,w2);
+- #endif
+- 
+- debug_BN_print(stdout,&t2," low middle value\n");
+- 	BN_sub(&t1,&s1,&t2);
+- 
+- 	if (t1.neg)
+- 		{
+- debug_BN_print(stdout,&t1," before\n");
+- 		BN_zero(&t2);
+- 		BN_set_bit(&t2,w2*BN_BITS2);
+- 		BN_add(&t1,&t2,&t1);
+- 		/* BN_mask_bits(&t1,w2*BN_BITS2); */
+- 		/* if (words < t1.top) t1.top=words; */
+- debug_BN_print(stdout,&t1," after\n");
+- 		borrow=1;
+- 		}
+- 
+- /* XXXXX SPEED THIS UP */
+- 	/* al*bl == high(al*bl)<<words+s0 */
+- 	BN_lshift(&t1,&t1,w2*BN_BITS2);
+- 	BN_add(&t1,&t1,&s0);
+- 	if (w2*2 < t1.top) t1.top=w2*2; /* This should not happen? */
+- 	
+- 	/* We now have
+- 	 * al*bl			- t1
+- 	 * (al-ah)*(bh-bl)+ah*bh	- m
+- 	 * ah*bh			- h
+- 	 */
+- #if 0
+- 	BN_add(&m,&m,&t1);
+- debug_BN_print(stdout,&t1," s10\n");
+- debug_BN_print(stdout,&m," s21\n");
+- debug_BN_print(stdout,&h," s32\n");
+- 	BN_lshift(&m,&m,w2*BN_BITS2);
+- 	BN_lshift(&h,&h,w2*2*BN_BITS2);
+- 	BN_add(r,&m,&t1);
+- 	BN_add(r,r,&h);
+- 	BN_rshift(r,r,w2*2*BN_BITS2);
+- #else
+- 	BN_add(&m,&m,&t1); 		/* Do a cmp then +1 if needed? */
+- 	bn_set_high(&t3,&t1,w2);
+- 	BN_add(&m,&m,&t3);
+- 	bn_set_high(&t3,&m,w2);
+- 	BN_add(r,&h,&t3);
+- #endif
+- 
+- #ifdef BN_MUL_HIGH_DEBUG
+- printf("carry=%d\n",borrow);
+- #endif
+- debug_BN_print(stdout,r," ret\n");
+- 	BN_free(&t1); BN_free(&t2);
+- 	BN_free(&m); BN_free(&h);
+- 	return(1);
+- 	}
+- 
+- 
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/bn_ka.c ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_ka.c
+*** crypto/openssl/crypto/bn/old/bn_ka.c	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_ka.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,567 ****
+- #include <stdio.h>
+- #include <stdlib.h>
+- #include <strings.h>
+- #include "bn_lcl.h"
+- 
+- /* r is 2*n2 words in size,
+-  * a and b are both n2 words in size.
+-  * n2 must be a power of 2.
+-  * We multiply and return the result.
+-  * t must be 2*n2 words in size
+-  * We calulate
+-  * a[0]*b[0]
+-  * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+-  * a[1]*b[1]
+-  */
+- void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+- 	     BN_ULONG *t)
+- 	{
+- 	int n=n2/2;
+- 	int neg,zero,c1,c2;
+- 	BN_ULONG ln,lo,*p;
+- 
+- #ifdef BN_COUNT
+- printf(" bn_mul_recursive %d * %d\n",n2,n2);
+- #endif
+- 	if (n2 <= 8)
+- 		{
+- 		if (n2 == 8)
+- 			bn_mul_comba8(r,a,b);
+- 		else
+- 			bn_mul_normal(r,a,n2,b,n2);
+- 		return;
+- 		}
+- 
+- 	if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL)
+- 		{
+- 		/* This should not happen */
+- 		/*abort(); */
+- 		bn_mul_normal(r,a,n2,b,n2);
+- 		return;
+- 		}
+- 	/* r=(a[0]-a[1])*(b[1]-b[0]) */
+- 	c1=bn_cmp_words(a,&(a[n]),n);
+- 	c2=bn_cmp_words(&(b[n]),b,n);
+- 	zero=neg=0;
+- 	switch (c1*3+c2)
+- 		{
+- 	case -4:
+- 		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+- 		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+- 		break;
+- 	case -3:
+- 		zero=1;
+- 		break;
+- 	case -2:
+- 		bn_sub_words(t,      &(a[n]),a,      n); /* - */
+- 		bn_sub_words(&(t[n]),&(b[n]),b,      n); /* + */
+- 		neg=1;
+- 		break;
+- 	case -1:
+- 	case 0:
+- 	case 1:
+- 		zero=1;
+- 		break;
+- 	case 2:
+- 		bn_sub_words(t,      a,      &(a[n]),n); /* + */
+- 		bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+- 		neg=1;
+- 		break;
+- 	case 3:
+- 		zero=1;
+- 		break;
+- 	case 4:
+- 		bn_sub_words(t,      a,      &(a[n]),n);
+- 		bn_sub_words(&(t[n]),&(b[n]),b,      n);
+- 		break;
+- 		}
+- 
+- 	if (n == 8)
+- 		{
+- 		if (!zero)
+- 			bn_mul_comba8(&(t[n2]),t,&(t[n]));
+- 		else
+- 			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
+- 		
+- 		bn_mul_comba8(r,a,b);
+- 		bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n]));
+- 		}
+- 	else
+- 		{
+- 		p= &(t[n2*2]);
+- 		if (!zero)
+- 			bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+- 		else
+- 			memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+- 		bn_mul_recursive(r,a,b,n,p);
+- 		bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,p);
+- 		}
+- 
+- 	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+- 	 * r[10] holds (a[0]*b[0])
+- 	 * r[32] holds (b[1]*b[1])
+- 	 */
+- 
+- 	c1=bn_add_words(t,r,&(r[n2]),n2);
+- 
+- 	if (neg) /* if t[32] is negative */
+- 		{
+- 		c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+- 		}
+- 	else
+- 		{
+- 		/* Might have a carry */
+- 		c1+=bn_add_words(&(t[n2]),&(t[n2]),t,n2);
+- 		}
+- 
+- 	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+- 	 * r[10] holds (a[0]*b[0])
+- 	 * r[32] holds (b[1]*b[1])
+- 	 * c1 holds the carry bits
+- 	 */
+- 	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+- 	if (c1)
+- 		{
+- 		p= &(r[n+n2]);
+- 		lo= *p;
+- 		ln=(lo+c1)&BN_MASK2;
+- 		*p=ln;
+- 
+- 		/* The overflow will stop before we over write
+- 		 * words we should not overwrite */
+- 		if (ln < c1)
+- 			{
+- 			do	{
+- 				p++;
+- 				lo= *p;
+- 				ln=(lo+1)&BN_MASK2;
+- 				*p=ln;
+- 				} while (ln == 0);
+- 			}
+- 		}
+- 	}
+- 
+- /* n+tn is the word length
+-  * t needs to be n*4 is size, as does r */
+- void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int tn,
+- 	     int n, BN_ULONG *t)
+- 	{
+- 	int n2=n*2,i,j;
+- 	int c1;
+- 	BN_ULONG ln,lo,*p;
+- 
+- #ifdef BN_COUNT
+- printf(" bn_mul_part_recursive %d * %d\n",tn+n,tn+n);
+- #endif
+- 	if (n < 8)
+- 		{
+- 		i=tn+n;
+- 		bn_mul_normal(r,a,i,b,i);
+- 		return;
+- 		}
+- 
+- 	/* r=(a[0]-a[1])*(b[1]-b[0]) */
+- 	bn_sub_words(t,      a,      &(a[n]),n); /* + */
+- 	bn_sub_words(&(t[n]),b,      &(b[n]),n); /* - */
+- 
+- 	if (n == 8)
+- 		{
+- 		bn_mul_comba8(&(t[n2]),t,&(t[n]));
+- 		bn_mul_comba8(r,a,b);
+- 		bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn);
+- 		memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2));
+- 		}
+- 	else
+- 		{
+- 		p= &(t[n2*2]);
+- 		bn_mul_recursive(&(t[n2]),t,&(t[n]),n,p);
+- 		bn_mul_recursive(r,a,b,n,p);
+- 		i=n/2;
+- 		/* If there is only a bottom half to the number,
+- 		 * just do it */
+- 		j=tn-i;
+- 		if (j == 0)
+- 			{
+- 			bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),i,p);
+- 			memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2));
+- 			}
+- 		else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */
+- 				{
+- 				bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]),
+- 					j,i,p);
+- 				memset(&(r[n2+tn*2]),0,
+- 					sizeof(BN_ULONG)*(n2-tn*2));
+- 				}
+- 		else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */
+- 			{
+- 			memset(&(r[n2]),0,sizeof(BN_ULONG)*(tn*2));
+- 			for (;;)
+- 				{
+- 				i/=2;
+- 				if (i < tn)
+- 					{
+- 					bn_mul_part_recursive(&(r[n2]),
+- 						&(a[n]),&(b[n]),
+- 						tn-i,i,p);
+- 					break;
+- 					}
+- 				else if (i == tn)
+- 					{
+- 					bn_mul_recursive(&(r[n2]),
+- 						&(a[n]),&(b[n]),
+- 						i,p);
+- 					break;
+- 					}
+- 				}
+- 			}
+- 		}
+- 
+- 	/* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign
+- 	 * r[10] holds (a[0]*b[0])
+- 	 * r[32] holds (b[1]*b[1])
+- 	 */
+- 
+- 	c1=bn_add_words(t,r,&(r[n2]),n2);
+- 	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+- 
+- 	/* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1])
+- 	 * r[10] holds (a[0]*b[0])
+- 	 * r[32] holds (b[1]*b[1])
+- 	 * c1 holds the carry bits
+- 	 */
+- 	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+- 	if (c1)
+- 		{
+- 		p= &(r[n+n2]);
+- 		lo= *p;
+- 		ln=(lo+c1)&BN_MASK2;
+- 		*p=ln;
+- 
+- 		/* The overflow will stop before we over write
+- 		 * words we should not overwrite */
+- 		if (ln < c1)
+- 			{
+- 			do	{
+- 				p++;
+- 				lo= *p;
+- 				ln=(lo+1)&BN_MASK2;
+- 				*p=ln;
+- 				} while (ln == 0);
+- 			}
+- 		}
+- 	}
+- 
+- /* r is 2*n words in size,
+-  * a and b are both n words in size.
+-  * n must be a power of 2.
+-  * We multiply and return the result.
+-  * t must be 2*n words in size
+-  * We calulate
+-  * a[0]*b[0]
+-  * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
+-  * a[1]*b[1]
+-  */
+- void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *t)
+- 	{
+- 	int n=n2/2;
+- 	int zero,c1;
+- 	BN_ULONG ln,lo,*p;
+- 
+- #ifdef BN_COUNT
+- printf(" bn_sqr_recursive %d * %d\n",n2,n2);
+- #endif
+- 	if (n2 == 4)
+- 		{
+- 		bn_sqr_comba4(r,a);
+- 		return;
+- 		}
+- 	else if (n2 == 8)
+- 		{
+- 		bn_sqr_comba8(r,a);
+- 		return;
+- 		}
+- 	if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL)
+- 		{
+- 		bn_sqr_normal(r,a,n2,t);
+- 		return;
+- 		abort();
+- 		}
+- 	/* r=(a[0]-a[1])*(a[1]-a[0]) */
+- 	c1=bn_cmp_words(a,&(a[n]),n);
+- 	zero=0;
+- 	if (c1 > 0)
+- 		bn_sub_words(t,a,&(a[n]),n);
+- 	else if (c1 < 0)
+- 		bn_sub_words(t,&(a[n]),a,n);
+- 	else
+- 		zero=1;
+- 
+- 	/* The result will always be negative unless it is zero */
+- 
+- 	if (n == 8)
+- 		{
+- 		if (!zero)
+- 			bn_sqr_comba8(&(t[n2]),t);
+- 		else
+- 			memset(&(t[n2]),0,8*sizeof(BN_ULONG));
+- 		
+- 		bn_sqr_comba8(r,a);
+- 		bn_sqr_comba8(&(r[n2]),&(a[n]));
+- 		}
+- 	else
+- 		{
+- 		p= &(t[n2*2]);
+- 		if (!zero)
+- 			bn_sqr_recursive(&(t[n2]),t,n,p);
+- 		else
+- 			memset(&(t[n2]),0,n*sizeof(BN_ULONG));
+- 		bn_sqr_recursive(r,a,n,p);
+- 		bn_sqr_recursive(&(r[n2]),&(a[n]),n,p);
+- 		}
+- 
+- 	/* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero
+- 	 * r[10] holds (a[0]*b[0])
+- 	 * r[32] holds (b[1]*b[1])
+- 	 */
+- 
+- 	c1=bn_add_words(t,r,&(r[n2]),n2);
+- 
+- 	/* t[32] is negative */
+- 	c1-=bn_sub_words(&(t[n2]),t,&(t[n2]),n2);
+- 
+- 	/* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1])
+- 	 * r[10] holds (a[0]*a[0])
+- 	 * r[32] holds (a[1]*a[1])
+- 	 * c1 holds the carry bits
+- 	 */
+- 	c1+=bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2);
+- 	if (c1)
+- 		{
+- 		p= &(r[n+n2]);
+- 		lo= *p;
+- 		ln=(lo+c1)&BN_MASK2;
+- 		*p=ln;
+- 
+- 		/* The overflow will stop before we over write
+- 		 * words we should not overwrite */
+- 		if (ln < c1)
+- 			{
+- 			do	{
+- 				p++;
+- 				lo= *p;
+- 				ln=(lo+1)&BN_MASK2;
+- 				*p=ln;
+- 				} while (ln == 0);
+- 			}
+- 		}
+- 	}
+- 
+- #if 1
+- /* a and b must be the same size, which is n2.
+-  * r needs to be n2 words and t needs to be n2*2
+-  */
+- void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
+- 	     BN_ULONG *t)
+- 	{
+- 	int n=n2/2;
+- 
+- #ifdef BN_COUNT
+- printf(" bn_mul_low_recursive %d * %d\n",n2,n2);
+- #endif
+- 
+- 	bn_mul_recursive(r,a,b,n,&(t[0]));
+- 	if (n > BN_MUL_LOW_RECURSIVE_SIZE_NORMAL)
+- 		{
+- 		bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2]));
+- 		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+- 		bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2]));
+- 		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+- 		}
+- 	else
+- 		{
+- 		bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n);
+- 		bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n);
+- 		bn_add_words(&(r[n]),&(r[n]),&(t[0]),n);
+- 		bn_add_words(&(r[n]),&(r[n]),&(t[n]),n);
+- 		}
+- 	}
+- 
+- /* a and b must be the same size, which is n2.
+-  * r needs to be n2 words and t needs to be n2*2
+-  * l is the low words of the output.
+-  * t needs to be n2*3
+-  */
+- void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2,
+- 	     BN_ULONG *t)
+- 	{
+- 	int j,i,n,c1,c2;
+- 	int neg,oneg,zero;
+- 	BN_ULONG ll,lc,*lp,*mp;
+- 
+- #ifdef BN_COUNT
+- printf(" bn_mul_high %d * %d\n",n2,n2);
+- #endif
+- 	n=(n2+1)/2;
+- 
+- 	/* Calculate (al-ah)*(bh-bl) */
+- 	neg=zero=0;
+- 	c1=bn_cmp_words(&(a[0]),&(a[n]),n);
+- 	c2=bn_cmp_words(&(b[n]),&(b[0]),n);
+- 	switch (c1*3+c2)
+- 		{
+- 	case -4:
+- 		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+- 		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+- 		break;
+- 	case -3:
+- 		zero=1;
+- 		break;
+- 	case -2:
+- 		bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n);
+- 		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+- 		neg=1;
+- 		break;
+- 	case -1:
+- 	case 0:
+- 	case 1:
+- 		zero=1;
+- 		break;
+- 	case 2:
+- 		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+- 		bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n);
+- 		neg=1;
+- 		break;
+- 	case 3:
+- 		zero=1;
+- 		break;
+- 	case 4:
+- 		bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n);
+- 		bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n);
+- 		break;
+- 		}
+- 		
+- 	oneg=neg;
+- 	/* t[10] = (a[0]-a[1])*(b[1]-b[0]) */
+- 	bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,&(t[n2]));
+- 	/* r[10] = (a[1]*b[1]) */
+- 	bn_mul_recursive(r,&(a[n]),&(b[n]),n,&(t[n2]));
+- 
+- 	/* s0 == low(al*bl)
+- 	 * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl)
+- 	 * We know s0 and s1 so the only unknown is high(al*bl)
+- 	 * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl))
+- 	 * high(al*bl) == s1 - (r[0]+l[0]+t[0])
+- 	 */
+- 	if (l != NULL)
+- 		{
+- 		lp= &(t[n2+n]);
+- 		c1=bn_add_words(lp,&(r[0]),&(l[0]),n);
+- 		}
+- 	else
+- 		{
+- 		c1=0;
+- 		lp= &(r[0]);
+- 		}
+- 
+- 	if (neg)
+- 		neg=bn_sub_words(&(t[n2]),lp,&(t[0]),n);
+- 	else
+- 		{
+- 		bn_add_words(&(t[n2]),lp,&(t[0]),n);
+- 		neg=0;
+- 		}
+- 
+- 	if (l != NULL)
+- 		{
+- 		bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n);
+- 		}
+- 	else
+- 		{
+- 		lp= &(t[n2+n]);
+- 		mp= &(t[n2]);
+- 		for (i=0; i<n; i++)
+- 			lp[i]=((~mp[i])+1)&BN_MASK2;
+- 		}
+- 
+- 	/* s[0] = low(al*bl)
+- 	 * t[3] = high(al*bl)
+- 	 * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign
+- 	 * r[10] = (a[1]*b[1])
+- 	 */
+- 	/* R[10] = al*bl
+- 	 * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0])
+- 	 * R[32] = ah*bh
+- 	 */
+- 	/* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow)
+- 	 * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow)
+- 	 * R[3]=r[1]+(carry/borrow)
+- 	 */
+- 	if (l != NULL)
+- 		{
+- 		lp= &(t[n2]);
+- 		c1= bn_add_words(lp,&(t[n2+n]),&(l[0]),n);
+- 		}
+- 	else
+- 		{
+- 		lp= &(t[n2+n]);
+- 		c1=0;
+- 		}
+- 	c1+=bn_add_words(&(t[n2]),lp,  &(r[0]),n);
+- 	if (oneg)
+- 		c1-=bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n);
+- 	else
+- 		c1+=bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n);
+- 
+- 	c2 =bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n);
+- 	c2+=bn_add_words(&(r[0]),&(r[0]),&(r[n]),n);
+- 	if (oneg)
+- 		c2-=bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n);
+- 	else
+- 		c2+=bn_add_words(&(r[0]),&(r[0]),&(t[n]),n);
+- 	
+- 	if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */
+- 		{
+- 		i=0;
+- 		if (c1 > 0)
+- 			{
+- 			lc=c1;
+- 			do	{
+- 				ll=(r[i]+lc)&BN_MASK2;
+- 				r[i++]=ll;
+- 				lc=(lc > ll);
+- 				} while (lc);
+- 			}
+- 		else
+- 			{
+- 			lc= -c1;
+- 			do	{
+- 				ll=r[i];
+- 				r[i++]=(ll-lc)&BN_MASK2;
+- 				lc=(lc > ll);
+- 				} while (lc);
+- 			}
+- 		}
+- 	if (c2 != 0) /* Add starting at r[1] */
+- 		{
+- 		i=n;
+- 		if (c2 > 0)
+- 			{
+- 			lc=c2;
+- 			do	{
+- 				ll=(r[i]+lc)&BN_MASK2;
+- 				r[i++]=ll;
+- 				lc=(lc > ll);
+- 				} while (lc);
+- 			}
+- 		else
+- 			{
+- 			lc= -c2;
+- 			do	{
+- 				ll=r[i];
+- 				r[i++]=(ll-lc)&BN_MASK2;
+- 				lc=(lc > ll);
+- 				} while (lc);
+- 			}
+- 		}
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/bn_low.c ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_low.c
+*** crypto/openssl/crypto/bn/old/bn_low.c	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_low.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,194 ****
+- /* crypto/bn/bn_mul.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include "bn_lcl.h"
+- 
+- static int bn_mm_low(BIGNUM *m,BIGNUM *A,BIGNUM *B, int num,
+- 		BIGNUM *sk,BN_CTX *ctx);
+- int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b,int words);
+- 
+- /* r must be different to a and b */
+- int BN_mul_low(BIGNUM *r, BIGNUM *a, BIGNUM *b, int num)
+- 	{
+- 	BN_ULONG *ap,*bp,*rp;
+- 	BIGNUM *sk;
+- 	int j,i,n,ret;
+- 	int max,al,bl;
+- 	BN_CTX ctx;
+- 
+- 	bn_check_top(a);
+- 	bn_check_top(b);
+- 
+- #ifdef BN_MUL_DEBUG
+- printf("BN_mul_low(%d,%d,%d)\n",a->top,b->top,num);
+- #endif
+- 
+- 	al=a->top;
+- 	bl=b->top;
+- 	if ((al == 0) || (bl == 0))
+- 		{
+- 		r->top=0;
+- 		return(1);
+- 		}
+- 
+- 	if ((bn_limit_bits_low > 0) && (num > bn_limit_num_low))
+- 		{
+- 		n=BN_num_bits_word(num*2)-bn_limit_bits_low;
+- 		n*=2;
+- 		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
+- 		memset(sk,0,sizeof(BIGNUM)*n);
+- 		memset(&ctx,0,sizeof(ctx));
+- 
+- 		ret=bn_mm_low(r,a,b,num,&(sk[0]),&ctx);
+- 		for (i=0; i<n; i+=2)
+- 			{
+- 			BN_clear_free(&sk[i]);
+- 			BN_clear_free(&sk[i+1]);
+- 			}
+- 		Free(sk);
+- 		return(ret);
+- 		}
+- 
+- 	max=(al+bl);
+- 	if (bn_wexpand(r,max) == NULL) return(0);
+- 	r->neg=a->neg^b->neg;
+- 	ap=a->d;
+- 	bp=b->d;
+- 	rp=r->d;
+- 	r->top=(max > num)?num:max;
+- 
+- 	rp[al]=bn_mul_words(rp,ap,al,*(bp++));
+- 	rp++;
+- 	j=bl;
+- 	for (i=1; i<j; i++)
+- 		{
+- 		if (al >= num--)
+- 			{
+- 			al--;
+- 			if (al <= 0) break;
+- 			}
+- 		rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
+- 		rp++;
+- 		}
+- 	
+- 	while ((r->top > 0) && (r->d[r->top-1] == 0))
+- 		r->top--;
+- 	return(1);
+- 	}
+- 
+- 
+- #define t1	(sk[0])
+- #define t2	(sk[1])
+- 
+- /* r must be different to a and b */
+- int bn_mm_low(BIGNUM *m, BIGNUM *A, BIGNUM *B, int num, BIGNUM *sk,
+- 	     BN_CTX *ctx)
+- 	{
+- 	int n; /* ,sqr=0; */
+- 	int an,bn;
+- 	BIGNUM ah,al,bh,bl;
+- 
+- 	bn_wexpand(m,num+3);
+- 	an=A->top;
+- 	bn=B->top;
+- 
+- #ifdef BN_MUL_DEBUG
+- printf("bn_mm_low(%d,%d,%d)\n",A->top,B->top,num);
+- #endif
+- 
+- 	n=(num+1)/2;
+- 
+- 	BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl);
+- 
+- 	bn_set_low( &al,A,n);
+- 	bn_set_high(&ah,A,n);
+- 	bn_set_low( &bl,B,n);
+- 	bn_set_high(&bh,B,n);
+- 
+- 	if (num <= (bn_limit_num_low+bn_limit_num_low))
+- 		{
+- 		BN_mul(m,&al,&bl);
+- 		BN_mul_low(&t1,&al,&bh,n);
+- 		BN_mul_low(&t2,&ah,&bl,n);
+- 		}
+- 	else
+- 		{
+- 		bn_mm(m  ,&al,&bl,&(sk[2]),ctx);
+- 		bn_mm_low(&t1,&al,&bh,n,&(sk[2]),ctx);
+- 		bn_mm_low(&t2,&ah,&bl,n,&(sk[2]),ctx);
+- 		}
+- 
+- 	BN_add(&t1,&t1,&t2);
+- 
+- 	/* We will now do an evil hack instead of
+- 	 * BN_lshift(&t1,&t1,n*BN_BITS2);
+- 	 * BN_add(m,m,&t1);
+- 	 * BN_mask_bits(m,num*BN_BITS2);
+- 	 */
+- 	bn_set_high(&ah,m,n); ah.max=num+2;
+- 	BN_add(&ah,&ah,&t1);
+- 	m->top=num;
+- 
+- 	m->neg=A->neg^B->neg;
+- 	return(1);
+- 	}
+- 
+- #undef t1	(sk[0])
+- #undef t2	(sk[1])
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/bn_m.c ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_m.c
+*** crypto/openssl/crypto/bn/old/bn_m.c	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_m.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,139 ****
+- /* crypto/bn/bn_m.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #include <stdio.h>
+- /*#include "cryptlib.h"*/
+- #include "bn_lcl.h"
+- 
+- #define limit_bits 5			/* 2^5, or 32 words */
+- #define limit_num (1<<limit_bits)
+- 
+- int BN_m(BIGNUM *r, BIGNUM *a, BIGNUM *b)
+- 	{
+- 	BIGNUM *sk;
+- 	int i,n;
+- 
+- 	n=(BN_num_bits_word(a->top|b->top)-limit_bits);
+- 	n*=2;
+- 	sk=(BIGNUM *)malloc(sizeof(BIGNUM)*n);
+- 	for (i=0; i<n; i++)
+- 		BN_init(&(sk[i]));
+- 
+- 	return(BN_mm(r,a,b,&(sk[0])));
+- 	}
+- 
+- #define ahal	(sk[0])
+- #define blbh	(sk[1])
+- 
+- /* r must be different to a and b */
+- int BN_mm(BIGNUM *m, BIGNUM *A, BIGNUM *B, BIGNUM *sk)
+- 	{
+- 	int i,num,anum,bnum;
+- 	int an,bn;
+- 	BIGNUM ah,al,bh,bl;
+- 
+- 	an=A->top;
+- 	bn=B->top;
+- 	if ((an <= limit_num) || (bn <= limit_num))
+- 		{
+- 		return(BN_mul(m,A,B));
+- 		}
+- 
+- 	anum=(an>bn)?an:bn;
+- 	num=(anum)/2;
+- 
+- 	/* Are going to now chop things into 'num' word chunks. */
+- 	bnum=num*BN_BITS2;
+- 
+- 	BN_init(&ahal);
+- 	BN_init(&blbh);
+- 	BN_init(&ah);
+- 	BN_init(&al);
+- 	BN_init(&bh);
+- 	BN_init(&bl);
+- 
+- 	al.top=num;
+- 	al.d=A->d;
+- 	ah.top=A->top-num;
+- 	ah.d= &(A->d[num]);
+- 
+- 	bl.top=num;
+- 	bl.d=B->d;
+- 	bh.top=B->top-num;
+- 	bh.d= &(B->d[num]);
+- 
+- 	BN_sub(&ahal,&ah,&al);
+- 	BN_sub(&blbh,&bl,&bh);
+- 
+- 	BN_mm(m,&ahal,&blbh,&(sk[2]));
+- 	BN_mm(&ahal,&al,&bl,&(sk[2]));
+- 	BN_mm(&blbh,&ah,&bh,&(sk[2]));
+- 
+- 	BN_add(m,m,&ahal);
+- 	BN_add(m,m,&blbh);
+- 
+- 	BN_lshift(m,m,bnum);
+- 	BN_add(m,m,&ahal);
+- 
+- 	BN_lshift(&blbh,&blbh,bnum*2);
+- 	BN_add(m,m,&blbh);
+- 
+- 	m->neg=A->neg^B->neg;
+- 	return(1);
+- 	}
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/bn_mul.c.works ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_mul.c.works
+*** crypto/openssl/crypto/bn/old/bn_mul.c.works	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_mul.c.works	Wed Dec 31 19:00:00 1969
+***************
+*** 1,219 ****
+- /* crypto/bn/bn_mul.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include "bn_lcl.h"
+- 
+- int bn_mm(BIGNUM *m,BIGNUM *A,BIGNUM *B, BIGNUM *sk,BN_CTX *ctx);
+- 
+- /* r must be different to a and b */
+- int BN_mul(r, a, b)
+- BIGNUM *r;
+- BIGNUM *a;
+- BIGNUM *b;
+- 	{
+- 	BN_ULONG *ap,*bp,*rp;
+- 	BIGNUM *sk;
+- 	int i,n,ret;
+- 	int max,al,bl;
+- 	BN_CTX ctx;
+- 
+- 	bn_check_top(a);
+- 	bn_check_top(b);
+- 
+- 	al=a->top;
+- 	bl=b->top;
+- 	if ((al == 0) || (bl == 0))
+- 		{
+- 		r->top=0;
+- 		return(1);
+- 		}
+- #ifdef BN_MUL_DEBUG
+- printf("BN_mul(%d,%d)\n",a->top,b->top);
+- #endif
+- 
+- #ifdef BN_RECURSION
+- 	if (	(bn_limit_bits > 0) &&
+- 		(bl > bn_limit_num) && (al > bn_limit_num))
+- 		{
+- 		n=(BN_num_bits_word(al|bl)-bn_limit_bits);
+- 		n*=2;
+- 		sk=(BIGNUM *)Malloc(sizeof(BIGNUM)*n);
+- 		memset(sk,0,sizeof(BIGNUM)*n);
+- 		memset(&ctx,0,sizeof(ctx));
+- 
+- 		ret=bn_mm(r,a,b,&(sk[0]),&ctx);
+- 		for (i=0; i<n; i+=2)
+- 			{
+- 			BN_clear_free(&sk[i]);
+- 			BN_clear_free(&sk[i+1]);
+- 			}
+- 		Free(sk);
+- 		return(ret);
+- 		}
+- #endif
+- 
+- 	max=(al+bl);
+- 	if (bn_wexpand(r,max) == NULL) return(0);
+- 	r->top=max;
+- 	r->neg=a->neg^b->neg;
+- 	ap=a->d;
+- 	bp=b->d;
+- 	rp=r->d;
+- 
+- #ifdef BN_RECURSION
+- 	if ((al == bl) && (al == 8))
+- 		{
+- 		bn_mul_comba8(rp,ap,bp);
+- 		}
+- 	else
+- #endif
+- 		{
+- 		rp[al]=bn_mul_words(rp,ap,al,*(bp++));
+- 		rp++;
+- 		for (i=1; i<bl; i++)
+- 			{
+- 			rp[al]=bn_mul_add_words(rp,ap,al,*(bp++));
+- 			rp++;
+- 			}
+- 		}
+- 	if ((max > 0) && (r->d[max-1] == 0)) r->top--;
+- 	return(1);
+- 	}
+- 
+- #ifdef BN_RECURSION
+- 
+- #define ahal	(sk[0])
+- #define blbh	(sk[1])
+- 
+- /* r must be different to a and b */
+- int bn_mm(m, A, B, sk,ctx)
+- BIGNUM *m,*A,*B;
+- BIGNUM *sk;
+- BN_CTX *ctx;
+- 	{
+- 	int n,num,sqr=0;
+- 	int an,bn;
+- 	BIGNUM ah,al,bh,bl;
+- 
+- 	an=A->top;
+- 	bn=B->top;
+- #ifdef BN_MUL_DEBUG
+- printf("bn_mm(%d,%d)\n",A->top,B->top);
+- #endif
+- 
+- 	if (A == B) sqr=1;
+- 	num=(an>bn)?an:bn;
+- 	n=(num+1)/2;
+- 	/* Are going to now chop things into 'num' word chunks. */
+- 
+- 	BN_init(&ah);
+- 	BN_init(&al);
+- 	BN_init(&bh);
+- 	BN_init(&bl);
+- 
+- 	bn_set_low (&al,A,n);
+- 	bn_set_high(&ah,A,n);
+- 	bn_set_low (&bl,B,n);
+- 	bn_set_high(&bh,B,n);
+- 
+- 	BN_sub(&ahal,&ah,&al);
+- 	BN_sub(&blbh,&bl,&bh);
+- 
+- 	if (num <= (bn_limit_num+bn_limit_num))
+- 		{
+- 		BN_mul(m,&ahal,&blbh);
+- 		if (sqr)
+- 			{
+- 			BN_sqr(&ahal,&al,ctx);
+- 			BN_sqr(&blbh,&ah,ctx);
+- 			}
+- 		else
+- 			{
+- 			BN_mul(&ahal,&al,&bl);
+- 			BN_mul(&blbh,&ah,&bh);
+- 			}
+- 		}
+- 	else
+- 		{
+- 		bn_mm(m,&ahal,&blbh,&(sk[2]),ctx);
+- 		bn_mm(&ahal,&al,&bl,&(sk[2]),ctx);
+- 		bn_mm(&blbh,&ah,&bh,&(sk[2]),ctx);
+- 		}
+- 
+- 	BN_add(m,m,&ahal);
+- 	BN_add(m,m,&blbh);
+- 
+- 	BN_lshift(m,m,n*BN_BITS2);
+- 	BN_lshift(&blbh,&blbh,n*BN_BITS2*2);
+- 
+- 	BN_add(m,m,&ahal);
+- 	BN_add(m,m,&blbh);
+- 
+- 	m->neg=A->neg^B->neg;
+- 	return(1);
+- 	}
+- #undef ahal	(sk[0])
+- #undef blbh	(sk[1])
+- 
+- #include "bn_low.c"
+- #include "bn_high.c"
+- #include "f.c"
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/bn_wmul.c ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_wmul.c
+*** crypto/openssl/crypto/bn/old/bn_wmul.c	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/bn_wmul.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,173 ****
+- #include <stdio.h>
+- #include "bn_lcl.h"
+- 
+- #if 1
+- 
+- int bn_mull(BIGNUM *r,BIGNUM *a,BIGNUM *b, BN_CTX *ctx);
+- 
+- int bn_mull(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx)
+- 	{
+- 	int top,i,j,k,al,bl;
+- 	BIGNUM *t;
+- 
+- #ifdef BN_COUNT
+- printf("bn_mull %d * %d\n",a->top,b->top);
+- #endif
+- 
+- 	bn_check_top(a);
+- 	bn_check_top(b);
+- 	bn_check_top(r);
+- 
+- 	al=a->top;
+- 	bl=b->top;
+- 	r->neg=a->neg^b->neg;
+- 
+- 	top=al+bl;
+- 	if ((al < 4) || (bl < 4))
+- 		{
+- 		if (bn_wexpand(r,top) == NULL) return(0);
+- 		r->top=top;
+- 		bn_mul_normal(r->d,a->d,al,b->d,bl);
+- 		goto end;
+- 		}
+- 	else if (al == bl) /* A good start, they are the same size */
+- 		goto symetric;
+- 	else
+- 		{
+- 		i=(al-bl);
+- 		if ((i ==  1) && !BN_get_flags(b,BN_FLG_STATIC_DATA))
+- 			{
+- 			bn_wexpand(b,al);
+- 			b->d[bl]=0;
+- 			bl++;
+- 			goto symetric;
+- 			}
+- 		else if ((i ==  -1) && !BN_get_flags(a,BN_FLG_STATIC_DATA))
+- 			{
+- 			bn_wexpand(a,bl);
+- 			a->d[al]=0;
+- 			al++;
+- 			goto symetric;
+- 			}
+- 		}
+- 
+- 	/* asymetric and >= 4 */ 
+- 	if (bn_wexpand(r,top) == NULL) return(0);
+- 	r->top=top;
+- 	bn_mul_normal(r->d,a->d,al,b->d,bl);
+- 
+- 	if (0)
+- 		{
+- 		/* symetric and > 4 */
+- symetric:
+- 		if (al == 4)
+- 			{
+- 			if (bn_wexpand(r,al*2) == NULL) return(0);
+- 			r->top=top;
+- 			bn_mul_comba4(r->d,a->d,b->d);
+- 			goto end;
+- 			}
+- 		if (al == 8)
+- 			{
+- 			if (bn_wexpand(r,al*2) == NULL) return(0);
+- 			r->top=top;
+- 			bn_mul_comba8(r->d,a->d,b->d);
+- 			goto end;
+- 			}
+- 		if (al <= BN_MULL_NORMAL_SIZE)
+- 			{
+- 			if (bn_wexpand(r,al*2) == NULL) return(0);
+- 			r->top=top;
+- 			bn_mul_normal(r->d,a->d,al,b->d,bl);
+- 			goto end;
+- 			}
+- 		/* 16 or larger */
+- 		j=BN_num_bits_word((BN_ULONG)al);
+- 		j=1<<(j-1);
+- 		k=j+j;
+- 		t= &(ctx->bn[ctx->tos]);
+- 		if (al == j) /* exact multiple */
+- 			{
+- 			bn_wexpand(t,k*2);
+- 			bn_wexpand(r,k*2);
+- 			bn_mul_recursive(r->d,a->d,b->d,al,t->d);
+- 			}
+- 		else
+- 			{
+- 			bn_wexpand(a,k);
+- 			bn_wexpand(b,k);
+- 			bn_wexpand(t,k*4);
+- 			bn_wexpand(r,k*4);
+- 			for (i=a->top; i<k; i++)
+- 				a->d[i]=0;
+- 			for (i=b->top; i<k; i++)
+- 				b->d[i]=0;
+- 			bn_mul_part_recursive(r->d,a->d,b->d,al-j,j,t->d);
+- 			}
+- 		r->top=top;
+- 		}
+- end:
+- 	bn_fix_top(r);
+- 	return(1);
+- 	}
+- #endif
+- 
+- void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb)
+- 	{
+- 	BN_ULONG *rr;
+- 
+- #ifdef BN_COUNT
+- printf(" bn_mul_normal %d * %d\n",na,nb);
+- #endif
+- 
+- 	if (na < nb)
+- 		{
+- 		int itmp;
+- 		BN_ULONG *ltmp;
+- 
+- 		itmp=na; na=nb; nb=itmp;
+- 		ltmp=a;   a=b;   b=ltmp;
+- 
+- 		}
+- 	rr= &(r[na]);
+- 	rr[0]=bn_mul_words(r,a,na,b[0]);
+- 
+- 	for (;;)
+- 		{
+- 		if (--nb <= 0) return;
+- 		rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]);
+- 		if (--nb <= 0) return;
+- 		rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]);
+- 		if (--nb <= 0) return;
+- 		rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]);
+- 		if (--nb <= 0) return;
+- 		rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]);
+- 		rr+=4;
+- 		r+=4;
+- 		b+=4;
+- 		}
+- 	}
+- 
+- #if 1
+- void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n)
+- 	{
+- #ifdef BN_COUNT
+- printf(" bn_mul_low_normal %d * %d\n",n,n);
+- #endif
+- 	bn_mul_words(r,a,n,b[0]);
+- 
+- 	for (;;)
+- 		{
+- 		if (--n <= 0) return;
+- 		bn_mul_add_words(&(r[1]),a,n,b[1]);
+- 		if (--n <= 0) return;
+- 		bn_mul_add_words(&(r[2]),a,n,b[2]);
+- 		if (--n <= 0) return;
+- 		bn_mul_add_words(&(r[3]),a,n,b[3]);
+- 		if (--n <= 0) return;
+- 		bn_mul_add_words(&(r[4]),a,n,b[4]);
+- 		r+=4;
+- 		b+=4;
+- 		}
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/build ../RELENG_4_6/crypto/openssl/crypto/bn/old/build
+*** crypto/openssl/crypto/bn/old/build	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/build	Wed Dec 31 19:00:00 1969
+***************
+*** 1,3 ****
+- #!/bin/sh -x
+- 
+- gcc -g -I../../include test.c -L../.. -lcrypto
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/info ../RELENG_4_6/crypto/openssl/crypto/bn/old/info
+*** crypto/openssl/crypto/bn/old/info	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/info	Wed Dec 31 19:00:00 1969
+***************
+*** 1,22 ****
+- Given A1A0 * B1B0 == S3S2S1S0
+- 
+- S0=     low(A0*B0)
+- S1=     low( (A1-A0)*(B0-B1)) +low( A1*B1) +high(A0*B0)
+- S2=     high((A1-A0)*(B0-B1)) +high(A1*B1) +low( A1*B1)
+- S3=     high(A1*B1);
+- 
+- Assume we know S1 and S0, and can calulate A1*B1 and high((A1-A0)*(B0-B1))
+- 
+- k0=	S0 == low(A0*B0)
+- k1=	S1
+- k2=	low( A1*B1)
+- k3=	high(A1*B1)
+- k4=	high((A1-A0)*(B0-B1))
+- 
+- k1=	low((A1-A0)*(B0-B1)) +k2 +high(A0*B0)
+- S2=	k4 +k3 +k2
+- S3=	k3
+- 
+- S1-k2= low((A1-A0)*(B0-B1)) +high(A0*B0)
+- 
+- We potentially have a carry or a borrow from S1
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/old/test.works ../RELENG_4_6/crypto/openssl/crypto/bn/old/test.works
+*** crypto/openssl/crypto/bn/old/test.works	Mon Jan 10 01:21:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/old/test.works	Wed Dec 31 19:00:00 1969
+***************
+*** 1,205 ****
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include "bn_lcl.h"
+- 
+- #define SIZE	128
+- 
+- #define BN_MONT_CTX_set		bn_mcs
+- #define BN_from_montgomery	bn_fm
+- #define BN_mod_mul_montgomery	bn_mmm
+- #undef BN_to_montgomery
+- #define BN_to_montgomery(r,a,mont,ctx)	bn_mmm(\
+- 	r,a,(mont)->RR,(mont),ctx)
+- 
+- main()
+- 	{
+- 	BIGNUM prime,a,b,r,A,B,R;
+- 	BN_MONT_CTX *mont;
+- 	BN_CTX *ctx;
+- 	int i;
+- 
+- 	ctx=BN_CTX_new();
+- 	BN_init(&prime);
+- 	BN_init(&a); BN_init(&b); BN_init(&r);
+- 	BN_init(&A); BN_init(&B); BN_init(&R);
+- 
+- 	BN_generate_prime(&prime,SIZE,0,NULL,NULL,NULL,NULL);
+- 	BN_rand(&A,SIZE,1,0);
+- 	BN_rand(&B,SIZE,1,0);
+- 	BN_mod(&A,&A,&prime,ctx);
+- 	BN_mod(&B,&B,&prime,ctx);
+- 
+- 	mont=BN_MONT_CTX_new();
+- 	BN_MONT_CTX_set(mont,&prime,ctx);
+- 
+- 	BN_to_montgomery(&a,&A,mont,ctx);
+- 	BN_to_montgomery(&b,&B,mont,ctx);
+- 
+- 	BN_mul(&r,&a,&b);
+- 	BN_print_fp(stdout,&r); printf("\n");
+- 	BN_from_montgomery(&r,&r,mont,ctx);
+- 	BN_print_fp(stdout,&r); printf("\n");
+- 	BN_from_montgomery(&r,&r,mont,ctx);
+- 	BN_print_fp(stdout,&r); printf("\n");
+- 
+- 	BN_mod_mul(&R,&A,&B,&prime,ctx);
+- 
+- 	BN_print_fp(stdout,&a); printf("\n");
+- 	BN_print_fp(stdout,&b); printf("\n");
+- 	BN_print_fp(stdout,&prime); printf("\n");
+- 	BN_print_fp(stdout,&r); printf("\n\n");
+- 
+- 	BN_print_fp(stdout,&A); printf("\n");
+- 	BN_print_fp(stdout,&B); printf("\n");
+- 	BN_print_fp(stdout,&prime); printf("\n");
+- 	BN_print_fp(stdout,&R); printf("\n\n");
+- 
+- 	BN_mul(&r,&a,&b);
+- 	BN_print_fp(stdout,&r); printf(" <- BA*DC\n");
+- 	BN_copy(&A,&r);
+- 	i=SIZE/2;
+- 	BN_mask_bits(&A,i*2);
+- //	BN_print_fp(stdout,&A); printf(" <- low(BA*DC)\n");
+- 	bn_do_lower(&r,&a,&b,&A,i);
+- //	BN_print_fp(stdout,&r); printf(" <- low(BA*DC)\n");
+- 	}
+- 
+- int bn_mul_low(r,a,b,low,i)
+- BIGNUM *r,*a,*b,*low;
+- int i;
+- 	{
+- 	int w;
+- 	BIGNUM Kh,Km,t1,t2,h,ah,al,bh,bl,l,m,s0,s1;
+- 
+- 	BN_init(&Kh); BN_init(&Km); BN_init(&t1); BN_init(&t2); BN_init(&l);
+- 	BN_init(&ah); BN_init(&al); BN_init(&bh); BN_init(&bl); BN_init(&h);
+- 	BN_init(&m); BN_init(&s0); BN_init(&s1);
+- 
+- 	BN_copy(&al,a); BN_mask_bits(&al,i); BN_rshift(&ah,a,i);
+- 	BN_copy(&bl,b); BN_mask_bits(&bl,i); BN_rshift(&bh,b,i);
+- 
+- 
+- 	BN_sub(&t1,&al,&ah);
+- 	BN_sub(&t2,&bh,&bl);
+- 	BN_mul(&m,&t1,&t2);
+- 	BN_mul(&h,&ah,&bh);
+- 
+- 	BN_copy(&s0,low); BN_mask_bits(&s0,i);
+- 	BN_rshift(&s1,low,i);
+- 
+- 	BN_add(&t1,&h,&m);
+- 	BN_add(&t1,&t1,&s0);
+- 
+- 	BN_copy(&t2,&t1); BN_mask_bits(&t2,i);
+- 	BN_sub(&t1,&s1,&t2);
+- 	BN_lshift(&t1,&t1,i);
+- 	BN_add(&t1,&t1,&s0);
+- 	if (t1.neg)
+- 		{
+- 		BN_lshift(&t2,BN_value_one(),i*2);
+- 		BN_add(&t1,&t2,&t1);
+- 		BN_mask_bits(&t1,i*2);
+- 		}
+- 	
+- 	BN_free(&Kh); BN_free(&Km); BN_free(&t1); BN_free(&t2);
+- 	BN_free(&ah); BN_free(&al); BN_free(&bh); BN_free(&bl);
+- 	}
+- 
+- int BN_mod_mul_montgomery(r,a,b,mont,ctx)
+- BIGNUM *r,*a,*b;
+- BN_MONT_CTX *mont;
+- BN_CTX *ctx;
+- 	{
+- 	BIGNUM *tmp;
+- 
+-         tmp= &(ctx->bn[ctx->tos++]);
+- 
+- 	if (a == b)
+- 		{
+- 		if (!BN_sqr(tmp,a,ctx)) goto err;
+- 		}
+- 	else
+- 		{
+- 		if (!BN_mul(tmp,a,b)) goto err;
+- 		}
+- 	/* reduce from aRR to aR */
+- 	if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err;
+- 	ctx->tos--;
+- 	return(1);
+- err:
+- 	return(0);
+- 	}
+- 
+- int BN_from_montgomery(r,a,mont,ctx)
+- BIGNUM *r;
+- BIGNUM *a;
+- BN_MONT_CTX *mont;
+- BN_CTX *ctx;
+- 	{
+- 	BIGNUM z1;
+- 	BIGNUM *t1,*t2;
+- 	BN_ULONG *ap,*bp,*rp;
+- 	int j,i,bl,al;
+- 
+- 	BN_init(&z1);
+- 	t1= &(ctx->bn[ctx->tos]);
+- 	t2= &(ctx->bn[ctx->tos+1]);
+- 
+- 	if (!BN_copy(t1,a)) goto err;
+- 	/* can cheat */
+- 	BN_mask_bits(t1,mont->ri);
+- 	if (!BN_mul(t2,t1,mont->Ni)) goto err;
+- 	BN_mask_bits(t2,mont->ri);
+- 
+- 	if (!BN_mul(t1,t2,mont->N)) goto err;
+- 	if (!BN_add(t2,t1,a)) goto err;
+- 
+- 	/* At this point, t2 has the bottom ri bits set to zero.
+- 	 * This means that the bottom ri bits == the 1^ri minus the bottom
+- 	 * ri bits of a.
+- 	 * This means that only the bits above 'ri' in a need to be added,
+- 	 * and XXXXXXXXXXXXXXXXXXXXXXXX
+- 	 */
+- BN_print_fp(stdout,t2); printf("\n");
+- 	BN_rshift(r,t2,mont->ri);
+- 
+- 	if (BN_ucmp(r,mont->N) >= 0)
+- 		bn_qsub(r,r,mont->N);
+- 
+- 	return(1);
+- err:
+- 	return(0);
+- 	}
+- 
+- int BN_MONT_CTX_set(mont,mod,ctx)
+- BN_MONT_CTX *mont;
+- BIGNUM *mod;
+- BN_CTX *ctx;
+- 	{
+- 	BIGNUM *Ri=NULL,*R=NULL;
+- 
+- 	if (mont->RR == NULL) mont->RR=BN_new();
+- 	if (mont->N == NULL)  mont->N=BN_new();
+- 
+- 	R=mont->RR;					/* grab RR as a temp */
+- 	BN_copy(mont->N,mod);				/* Set N */
+- 
+- 	mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2;
+- 	BN_lshift(R,BN_value_one(),mont->ri);			/* R */
+- 	if ((Ri=BN_mod_inverse(NULL,R,mod,ctx)) == NULL) goto err;/* Ri */
+- 	BN_lshift(Ri,Ri,mont->ri);				/* R*Ri */
+- 	bn_qsub(Ri,Ri,BN_value_one());				/* R*Ri - 1 */
+- 	BN_div(Ri,NULL,Ri,mod,ctx);
+- 	if (mont->Ni != NULL) BN_free(mont->Ni);
+- 	mont->Ni=Ri;					/* Ni=(R*Ri-1)/N */
+- 
+- 	/* setup RR for conversions */
+- 	BN_lshift(mont->RR,BN_value_one(),mont->ri*2);
+- 	BN_mod(mont->RR,mont->RR,mont->N,ctx);
+- 
+- 	return(1);
+- err:
+- 	return(0);
+- 	}
+- 
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/buffer/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/buffer/Makefile.save
+*** crypto/openssl/crypto/buffer/Makefile.save	Sun Nov 26 06:33:23 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/buffer/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,92 ****
+- #
+- # SSLeay/crypto/buffer/Makefile
+- #
+- 
+- DIR=	buffer
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC= buffer.c buf_err.c
+- LIBOBJ= buffer.o buf_err.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= buffer.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- buf_err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- buf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+- buf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+- buf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- buf_err.o: ../../include/openssl/symhacks.h
+- buffer.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- buffer.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- buffer.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- buffer.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- buffer.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- buffer.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- buffer.o: ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/buffer/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/buffer/Makefile.ssl
+*** crypto/openssl/crypto/buffer/Makefile.ssl	Wed Jul  4 19:19:16 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/buffer/Makefile.ssl	Wed Oct  9 09:13:17 2002
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/buffer/buffer.h ../RELENG_4_6/crypto/openssl/crypto/buffer/buffer.h
+*** crypto/openssl/crypto/buffer/buffer.h	Mon Jan 10 01:21:33 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/buffer/buffer.h	Mon Dec 17 14:23:30 2001
+***************
+*** 75,86 ****
+  int	BUF_MEM_grow(BUF_MEM *str, int len);
+  char *	BUF_strdup(const char *str);
+  
+- void ERR_load_BUF_strings(void );
+- 
+  /* BEGIN ERROR CODES */
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
+  
+  /* Error codes for the BUF functions. */
+  
+--- 75,85 ----
+  int	BUF_MEM_grow(BUF_MEM *str, int len);
+  char *	BUF_strdup(const char *str);
+  
+  /* BEGIN ERROR CODES */
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_BUF_strings(void);
+  
+  /* Error codes for the BUF functions. */
+  
+***************
+*** 95,98 ****
+  }
+  #endif
+  #endif
+- 
+--- 94,96 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/cast/Makefile.save
+*** crypto/openssl/crypto/cast/Makefile.save	Sun Aug 20 04:48:33 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/cast/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,124 ****
+- #
+- # SSLeay/crypto/cast/Makefile
+- #
+- 
+- DIR=	cast
+- TOP=	../..
+- CC=	cc
+- CPP=	$(CC) -E
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CAST_ENC=c_enc.o
+- # or use
+- #CAST_ENC=asm/cx86-elf.o
+- #CAST_ENC=asm/cx86-out.o
+- #CAST_ENC=asm/cx86-sol.o
+- #CAST_ENC=asm/cx86bdsi.o
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=casttest.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c 
+- LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= cast.h
+- HEADER=	cast_s.h cast_lcl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- # elf
+- asm/cx86-elf.o: asm/cx86unix.cpp
+- 	$(CPP) -DELF -x c asm/cx86unix.cpp | as -o asm/cx86-elf.o
+- 
+- # solaris
+- asm/cx86-sol.o: asm/cx86unix.cpp
+- 	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+- 	as -o asm/cx86-sol.o asm/cx86-sol.s
+- 	rm -f asm/cx86-sol.s
+- 
+- # a.out
+- asm/cx86-out.o: asm/cx86unix.cpp
+- 	$(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+- 
+- # bsdi
+- asm/cx86bsdi.o: asm/cx86unix.cpp
+- 	$(CPP) -DBSDI asm/cx86unix.cpp | sed 's/ :/:/' | as -o asm/cx86bsdi.o
+- 
+- asm/cx86unix.cpp: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+- 	(cd asm; $(PERL) cast-586.pl cpp $(PROCESSOR) >cx86unix.cpp)
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- c_cfb64.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+- c_cfb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+- c_cfb64.o: cast_lcl.h
+- c_ecb.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+- c_ecb.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+- c_ecb.o: ../../include/openssl/opensslv.h cast_lcl.h
+- c_enc.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+- c_enc.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+- c_enc.o: cast_lcl.h
+- c_ofb64.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+- c_ofb64.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+- c_ofb64.o: cast_lcl.h
+- c_skey.o: ../../include/openssl/cast.h ../../include/openssl/e_os.h
+- c_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+- c_skey.o: cast_lcl.h cast_s.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/cast/Makefile.ssl
+*** crypto/openssl/crypto/cast/Makefile.ssl	Wed Jul  4 19:19:16 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/cast/Makefile.ssl	Wed Oct  9 09:13:20 2002
+***************
+*** 97,103 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 97,103 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/Makefile.uni ../RELENG_4_6/crypto/openssl/crypto/cast/Makefile.uni
+*** crypto/openssl/crypto/cast/Makefile.uni	Mon Jan 10 01:21:33 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/cast/Makefile.uni	Wed Dec 31 19:00:00 1969
+***************
+*** 1,124 ****
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- # make x86-elf  - linux-elf etc
+- # make x86-out  - linux-a.out, FreeBSD etc
+- # make x86-solaris
+- # make x86-bdsi
+- 
+- # There are 3 possible performance options, experiment :-)
+- #OPTS= -DBF_PTR
+- #OPTS= -DBF_PTR2
+- OPTS=
+- 
+- DIR=    cast
+- TOP=    .
+- CC=     gcc
+- CFLAG=	-O3 -fomit-frame-pointer
+- 
+- CPP=    $(CC) -E
+- INCLUDES=
+- INSTALLTOP=/usr/local/lib
+- MAKE=           make
+- MAKEDEPEND=     makedepend
+- MAKEFILE=       Makefile.uni
+- AR=             ar r
+- RANLIB=         ranlib
+- 
+- CAST_ENC=c_enc.o
+- # or use
+- #CAST_ENC=asm/cx86-elf.o
+- #CAST_ENC=asm/cx86-out.o
+- #CAST_ENC=asm/cx86-sol.o
+- #CAST_ENC=asm/cx86bdsi.o
+- 
+- CFLAGS= $(OPTS) $(INCLUDES) $(CFLAG) -DFULL_TEST
+- 
+- GENERAL=Makefile
+- TEST=casttest
+- APP1=cast_spd
+- APP2=castopts
+- APPS=$(APP1) $(APP2)
+- 
+- LIB=libcast.a
+- LIBSRC=c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
+- LIBOBJ=c_skey.o c_ecb.o $(CAST_ENC) c_cfb64.o c_ofb64.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= cast.h
+- HEADER= cast_lcl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- all:    $(LIB) $(TEST) $(APPS)
+- 
+- $(LIB):    $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- # elf
+- asm/cx86-elf.o: asm/cx86unix.cpp
+- 	$(CPP) -DELF asm/cx86unix.cpp | as -o asm/cx86-elf.o
+- 
+- # solaris
+- asm/cx86-sol.o: asm/cx86unix.cpp
+- 	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+- 	as -o asm/cx86-sol.o asm/cx86-sol.s
+- 	rm -f asm/cx86-sol.s
+- 
+- # a.out
+- asm/cx86-out.o: asm/cx86unix.cpp
+- 	$(CPP) -DOUT asm/cx86unix.cpp | as -o asm/cx86-out.o
+- 
+- # bsdi
+- asm/cx86bsdi.o: asm/cx86unix.cpp
+- 	$(CPP) -DBSDI asm/cx86unix.cpp | as -o asm/cx86bsdi.o
+- 
+- asm/cx86unix.cpp:
+- 	(cd asm; perl cast-586.pl cpp >cx86unix.cpp)
+- 
+- test:	$(TEST)
+- 	./$(TEST)
+- 
+- $(TEST): $(TEST).c $(LIB)
+- 	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+- 
+- $(APP1): $(APP1).c $(LIB)
+- 	$(CC) -o $(APP1) $(CFLAGS) $(APP1).c $(LIB)
+- 
+- $(APP2): $(APP2).c $(LIB)
+- 	$(CC) -o $(APP2) $(CFLAGS) $(APP2).c $(LIB)
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- cc:
+- 	$(MAKE) CC="cc" CFLAG="-O" all
+- 
+- gcc:
+- 	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+- 
+- x86-elf:
+- 	$(MAKE) CAST_ENC="asm/cx86-elf.o" CFLAG="-DELF $(CFLAGS)" all
+- 
+- x86-out:
+- 	$(MAKE) CAST_ENC="asm/cx86-out.o" CFLAG="-DOUT $(CFLAGS)" all
+- 
+- x86-solaris:
+- 	$(MAKE) CAST_ENC="asm/cx86-sol.o" CFLAG="-DSOL $(CFLAGS)" all
+- 
+- x86-bdsi:
+- 	$(MAKE) CAST_ENC="asm/cx86-bdsi.o" CFLAG="-DBDSI $(CFLAGS)" all
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/casttest.c ../RELENG_4_6/crypto/openssl/crypto/cast/casttest.c
+*** crypto/openssl/crypto/cast/casttest.c	Sun Aug 20 04:46:18 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/cast/casttest.c	Thu Nov 28 13:55:31 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_CAST
+  int main(int argc, char *argv[])
+  {
+***************
+*** 224,230 ****
+        }
+  #endif
+  
+!     exit(err);
+      return(err);
+      }
+  #endif
+--- 226,232 ----
+        }
+  #endif
+  
+!     EXIT(err);
+      return(err);
+      }
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/comp/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/comp/Makefile.save
+*** crypto/openssl/crypto/comp/Makefile.save	Sun Aug 20 04:48:34 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/comp/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,99 ****
+- #
+- # SSLeay/crypto/comp/Makefile
+- #
+- 
+- DIR=	comp
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC= comp_lib.c \
+- 	c_rle.c c_zlib.c
+- 
+- LIBOBJ=	comp_lib.o \
+- 	c_rle.o c_zlib.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= comp.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- c_rle.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- c_rle.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+- c_rle.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
+- c_rle.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- c_rle.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- c_zlib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- c_zlib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+- c_zlib.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
+- c_zlib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- c_zlib.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+- comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/objects.h
+- comp_lib.o: ../../include/openssl/opensslconf.h
+- comp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- comp_lib.o: ../../include/openssl/stack.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/comp/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/comp/Makefile.ssl
+*** crypto/openssl/crypto/comp/Makefile.ssl	Wed Jul  4 19:19:17 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/comp/Makefile.ssl	Wed Oct  9 09:13:25 2002
+***************
+*** 22,31 ****
+  APPS=
+  
+  LIB=$(TOP)/libcrypto.a
+! LIBSRC= comp_lib.c \
+  	c_rle.c c_zlib.c
+  
+! LIBOBJ=	comp_lib.o \
+  	c_rle.o c_zlib.o
+  
+  SRC= $(LIBSRC)
+--- 22,31 ----
+  APPS=
+  
+  LIB=$(TOP)/libcrypto.a
+! LIBSRC= comp_lib.c comp_err.c \
+  	c_rle.c c_zlib.c
+  
+! LIBOBJ=	comp_lib.o comp_err.o \
+  	c_rle.o c_zlib.o
+  
+  SRC= $(LIBSRC)
+***************
+*** 71,77 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 71,77 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 94,99 ****
+--- 94,104 ----
+  c_zlib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  c_zlib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+  c_zlib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
++ comp_err.o: ../../include/openssl/bio.h ../../include/openssl/comp.h
++ comp_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
++ comp_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
++ comp_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
++ comp_err.o: ../../include/openssl/symhacks.h
+  comp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  comp_lib.o: ../../include/openssl/bn.h ../../include/openssl/comp.h
+  comp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/obj_mac.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/comp/comp.h ../RELENG_4_6/crypto/openssl/crypto/comp/comp.h
+*** crypto/openssl/crypto/comp/comp.h	Sun Nov 26 06:33:24 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/comp/comp.h	Thu Nov 15 07:44:47 2001
+***************
+*** 47,52 ****
+--- 47,53 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_COMP_strings(void);
+  
+  /* Error codes for the COMP functions. */
+  
+***************
+*** 58,61 ****
+  }
+  #endif
+  #endif
+- 
+--- 59,61 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/conf/Makefile.save
+*** crypto/openssl/crypto/conf/Makefile.save	Sun Aug 20 04:48:34 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,92 ****
+- #
+- # SSLeay/crypto/conf/Makefile
+- #
+- 
+- DIR=	conf
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC= conf.c conf_err.c
+- 
+- LIBOBJ=	conf.o conf_err.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= conf.h
+- HEADER=	conf_lcl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- conf.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- conf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- conf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- conf.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- conf.o: ../cryptlib.h conf_lcl.h
+- conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+- conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+- conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+- conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/conf/Makefile.ssl
+*** crypto/openssl/crypto/conf/Makefile.ssl	Wed Jul  4 19:19:17 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/Makefile.ssl	Wed Oct  9 09:13:29 2002
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 93,109 ****
+  conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+  conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+  conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! conf_def.o: conf_def.h
+  conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+! conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+! conf_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+! conf_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! conf_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+  conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+- conf_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+  conf_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- conf_lib.o: ../../include/openssl/opensslconf.h
+  conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+  conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+--- 93,106 ----
+  conf_def.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+  conf_def.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+  conf_def.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! conf_def.o: ../cryptlib.h conf_def.h
+  conf_err.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+! conf_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+! conf_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+! conf_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+! conf_err.o: ../../include/openssl/symhacks.h
+  conf_lib.o: ../../include/openssl/bio.h ../../include/openssl/conf.h
+  conf_lib.o: ../../include/openssl/conf_api.h ../../include/openssl/crypto.h
+  conf_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+  conf_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+  conf_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf.c ../RELENG_4_6/crypto/openssl/crypto/conf/conf.c
+*** crypto/openssl/crypto/conf/conf.c	Sun Aug 20 04:46:19 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/conf.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,730 ****
+- /* crypto/conf/conf.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #include <stdio.h>
+- #include <errno.h>
+- #include "cryptlib.h"
+- #include <openssl/stack.h>
+- #include <openssl/lhash.h>
+- #include <openssl/conf.h>
+- #include <openssl/buffer.h>
+- #include <openssl/err.h>
+- 
+- #include "conf_lcl.h"
+- 
+- static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+- static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+- static unsigned long hash(CONF_VALUE *v);
+- static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b);
+- static char *eat_ws(char *p);
+- static char *eat_alpha_numeric(char *p);
+- static void clear_comments(char *p);
+- static int str_copy(LHASH *conf,char *section,char **to, char *from);
+- static char *scan_quote(char *p);
+- static CONF_VALUE *new_section(LHASH *conf,char *section);
+- static CONF_VALUE *get_section(LHASH *conf,char *section);
+- #define scan_esc(p)	((((p)[1] == '\0')?(p++):(p+=2)),p)
+- 
+- const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT;
+- 
+- 
+- LHASH *CONF_load(LHASH *h, const char *file, long *line)
+- 	{
+- 	LHASH *ltmp;
+- 	BIO *in=NULL;
+- 
+- #ifdef VMS
+- 	in=BIO_new_file(file, "r");
+- #else
+- 	in=BIO_new_file(file, "rb");
+- #endif
+- 	if (in == NULL)
+- 		{
+- 		CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB);
+- 		return NULL;
+- 		}
+- 
+- 	ltmp = CONF_load_bio(h, in, line);
+- 	BIO_free(in);
+- 
+- 	return ltmp;
+- }
+- #ifndef NO_FP_API
+- LHASH *CONF_load_fp(LHASH *h, FILE *in, long *line)
+- {
+- 	BIO *btmp;
+- 	LHASH *ltmp;
+- 	if(!(btmp = BIO_new_fp(in, BIO_NOCLOSE))) {
+- 		CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB);
+- 		return NULL;
+- 	}
+- 	ltmp = CONF_load_bio(h, btmp, line);
+- 	BIO_free(btmp);
+- 	return ltmp;
+- }
+- #endif
+- 
+- LHASH *CONF_load_bio(LHASH *h, BIO *in, long *line)
+- 	{
+- 	LHASH *ret=NULL;
+- #define BUFSIZE	512
+- 	char btmp[16];
+- 	int bufnum=0,i,ii;
+- 	BUF_MEM *buff=NULL;
+- 	char *s,*p,*end;
+- 	int again,n;
+- 	long eline=0;
+- 	CONF_VALUE *v=NULL,*vv,*tv;
+- 	CONF_VALUE *sv=NULL;
+- 	char *section=NULL,*buf;
+- 	STACK_OF(CONF_VALUE) *section_sk=NULL,*ts;
+- 	char *start,*psection,*pname;
+- 
+- 	if ((buff=BUF_MEM_new()) == NULL)
+- 		{
+- 		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+- 		goto err;
+- 		}
+- 
+- 	section=(char *)Malloc(10);
+- 	if (section == NULL)
+- 		{
+- 		CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+- 		goto err;
+- 		}
+- 	strcpy(section,"default");
+- 
+- 	if (h == NULL)
+- 		{
+- 		if ((ret=lh_new(hash,cmp_conf)) == NULL)
+- 			{
+- 			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_MALLOC_FAILURE);
+- 			goto err;
+- 			}
+- 		}
+- 	else
+- 		ret=h;
+- 
+- 	sv=new_section(ret,section);
+- 	if (sv == NULL)
+- 		{
+- 		CONFerr(CONF_F_CONF_LOAD_BIO,
+- 					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+- 		goto err;
+- 		}
+- 	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+- 
+- 	bufnum=0;
+- 	for (;;)
+- 		{
+- 		again=0;
+- 		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+- 			{
+- 			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+- 			goto err;
+- 			}
+- 		p= &(buff->data[bufnum]);
+- 		*p='\0';
+- 		BIO_gets(in, p, BUFSIZE-1);
+- 		p[BUFSIZE-1]='\0';
+- 		ii=i=strlen(p);
+- 		if (i == 0) break;
+- 		while (i > 0)
+- 			{
+- 			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+- 				break;
+- 			else
+- 				i--;
+- 			}
+- 		/* we removed some trailing stuff so there is a new
+- 		 * line on the end. */
+- 		if (i == ii)
+- 			again=1; /* long line */
+- 		else
+- 			{
+- 			p[i]='\0';
+- 			eline++; /* another input line */
+- 			}
+- 
+- 		/* we now have a line with trailing \r\n removed */
+- 
+- 		/* i is the number of bytes */
+- 		bufnum+=i;
+- 
+- 		v=NULL;
+- 		/* check for line continuation */
+- 		if (bufnum >= 1)
+- 			{
+- 			/* If we have bytes and the last char '\\' and
+- 			 * second last char is not '\\' */
+- 			p= &(buff->data[bufnum-1]);
+- 			if (	IS_ESC(p[0]) &&
+- 				((bufnum <= 1) || !IS_ESC(p[-1])))
+- 				{
+- 				bufnum--;
+- 				again=1;
+- 				}
+- 			}
+- 		if (again) continue;
+- 		bufnum=0;
+- 		buf=buff->data;
+- 
+- 		clear_comments(buf);
+- 		n=strlen(buf);
+- 		s=eat_ws(buf);
+- 		if (IS_EOF(*s)) continue; /* blank line */
+- 		if (*s == '[')
+- 			{
+- 			char *ss;
+- 
+- 			s++;
+- 			start=eat_ws(s);
+- 			ss=start;
+- again:
+- 			end=eat_alpha_numeric(ss);
+- 			p=eat_ws(end);
+- 			if (*p != ']')
+- 				{
+- 				if (*p != '\0')
+- 					{
+- 					ss=p;
+- 					goto again;
+- 					}
+- 				CONFerr(CONF_F_CONF_LOAD_BIO,
+- 					CONF_R_MISSING_CLOSE_SQUARE_BRACKET);
+- 				goto err;
+- 				}
+- 			*end='\0';
+- 			if (!str_copy(ret,NULL,&section,start)) goto err;
+- 			if ((sv=get_section(ret,section)) == NULL)
+- 				sv=new_section(ret,section);
+- 			if (sv == NULL)
+- 				{
+- 				CONFerr(CONF_F_CONF_LOAD_BIO,
+- 					CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+- 				goto err;
+- 				}
+- 			section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+- 			continue;
+- 			}
+- 		else
+- 			{
+- 			pname=s;
+- 			psection=NULL;
+- 			end=eat_alpha_numeric(s);
+- 			if ((end[0] == ':') && (end[1] == ':'))
+- 				{
+- 				*end='\0';
+- 				end+=2;
+- 				psection=pname;
+- 				pname=end;
+- 				end=eat_alpha_numeric(end);
+- 				}
+- 			p=eat_ws(end);
+- 			if (*p != '=')
+- 				{
+- 				CONFerr(CONF_F_CONF_LOAD_BIO,
+- 						CONF_R_MISSING_EQUAL_SIGN);
+- 				goto err;
+- 				}
+- 			*end='\0';
+- 			p++;
+- 			start=eat_ws(p);
+- 			while (!IS_EOF(*p))
+- 				p++;
+- 			p--;
+- 			while ((p != start) && (IS_WS(*p)))
+- 				p--;
+- 			p++;
+- 			*p='\0';
+- 
+- 			if (!(v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))))
+- 				{
+- 				CONFerr(CONF_F_CONF_LOAD_BIO,
+- 							ERR_R_MALLOC_FAILURE);
+- 				goto err;
+- 				}
+- 			if (psection == NULL) psection=section;
+- 			v->name=(char *)Malloc(strlen(pname)+1);
+- 			v->value=NULL;
+- 			if (v->name == NULL)
+- 				{
+- 				CONFerr(CONF_F_CONF_LOAD_BIO,
+- 							ERR_R_MALLOC_FAILURE);
+- 				goto err;
+- 				}
+- 			strcpy(v->name,pname);
+- 			if (!str_copy(ret,psection,&(v->value),start)) goto err;
+- 
+- 			if (strcmp(psection,section) != 0)
+- 				{
+- 				if ((tv=get_section(ret,psection))
+- 					== NULL)
+- 					tv=new_section(ret,psection);
+- 				if (tv == NULL)
+- 					{
+- 					CONFerr(CONF_F_CONF_LOAD_BIO,
+- 					   CONF_R_UNABLE_TO_CREATE_NEW_SECTION);
+- 					goto err;
+- 					}
+- 				ts=(STACK_OF(CONF_VALUE) *)tv->value;
+- 				}
+- 			else
+- 				{
+- 				tv=sv;
+- 				ts=section_sk;
+- 				}
+- 			v->section=tv->section;	
+- 			if (!sk_CONF_VALUE_push(ts,v))
+- 				{
+- 				CONFerr(CONF_F_CONF_LOAD_BIO,
+- 							ERR_R_MALLOC_FAILURE);
+- 				goto err;
+- 				}
+- 			vv=(CONF_VALUE *)lh_insert(ret,v);
+- 			if (vv != NULL)
+- 				{
+- 				sk_CONF_VALUE_delete_ptr(ts,vv);
+- 				Free(vv->name);
+- 				Free(vv->value);
+- 				Free(vv);
+- 				}
+- 			v=NULL;
+- 			}
+- 		}
+- 	if (buff != NULL) BUF_MEM_free(buff);
+- 	if (section != NULL) Free(section);
+- 	return(ret);
+- err:
+- 	if (buff != NULL) BUF_MEM_free(buff);
+- 	if (section != NULL) Free(section);
+- 	if (line != NULL) *line=eline;
+- 	sprintf(btmp,"%ld",eline);
+- 	ERR_add_error_data(2,"line ",btmp);
+- 	if ((h != ret) && (ret != NULL)) CONF_free(ret);
+- 	if (v != NULL)
+- 		{
+- 		if (v->name != NULL) Free(v->name);
+- 		if (v->value != NULL) Free(v->value);
+- 		if (v != NULL) Free(v);
+- 		}
+- 	return(NULL);
+- 	}
+- 
+- char *CONF_get_string(LHASH *conf, char *section, char *name)
+- 	{
+- 	CONF_VALUE *v,vv;
+- 	char *p;
+- 
+- 	if (name == NULL) return(NULL);
+- 	if (conf != NULL)
+- 		{
+- 		if (section != NULL)
+- 			{
+- 			vv.name=name;
+- 			vv.section=section;
+- 			v=(CONF_VALUE *)lh_retrieve(conf,&vv);
+- 			if (v != NULL) return(v->value);
+- 			if (strcmp(section,"ENV") == 0)
+- 				{
+- 				p=Getenv(name);
+- 				if (p != NULL) return(p);
+- 				}
+- 			}
+- 		vv.section="default";
+- 		vv.name=name;
+- 		v=(CONF_VALUE *)lh_retrieve(conf,&vv);
+- 		if (v != NULL)
+- 			return(v->value);
+- 		else
+- 			return(NULL);
+- 		}
+- 	else
+- 		return(Getenv(name));
+- 	}
+- 
+- static CONF_VALUE *get_section(LHASH *conf, char *section)
+- 	{
+- 	CONF_VALUE *v,vv;
+- 
+- 	if ((conf == NULL) || (section == NULL)) return(NULL);
+- 	vv.name=NULL;
+- 	vv.section=section;
+- 	v=(CONF_VALUE *)lh_retrieve(conf,&vv);
+- 	return(v);
+- 	}
+- 
+- STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf, char *section)
+- 	{
+- 	CONF_VALUE *v;
+- 
+- 	v=get_section(conf,section);
+- 	if (v != NULL)
+- 		return((STACK_OF(CONF_VALUE) *)v->value);
+- 	else
+- 		return(NULL);
+- 	}
+- 
+- long CONF_get_number(LHASH *conf, char *section, char *name)
+- 	{
+- 	char *str;
+- 	long ret=0;
+- 
+- 	str=CONF_get_string(conf,section,name);
+- 	if (str == NULL) return(0);
+- 	for (;;)
+- 		{
+- 		if (IS_NUMER(*str))
+- 			ret=ret*10+(*str -'0');
+- 		else
+- 			return(ret);
+- 		str++;
+- 		}
+- 	}
+- 
+- void CONF_free(LHASH *conf)
+- 	{
+- 	if (conf == NULL) return;
+- 
+- 	conf->down_load=0; 	/* evil thing to make sure the 'Free()'
+- 				 * works as expected */
+- 	lh_doall_arg(conf,(void (*)())value_free_hash,conf);
+- 
+- 	/* We now have only 'section' entries in the hash table.
+- 	 * Due to problems with */
+- 
+- 	lh_doall_arg(conf,(void (*)())value_free_stack,conf);
+- 	lh_free(conf);
+- 	}
+- 
+- static void value_free_hash(CONF_VALUE *a, LHASH *conf)
+- 	{
+- 	if (a->name != NULL)
+- 		{
+- 		a=(CONF_VALUE *)lh_delete(conf,a);
+- 		}
+- 	}
+- 
+- static void value_free_stack(CONF_VALUE *a, LHASH *conf)
+- 	{
+- 	CONF_VALUE *vv;
+- 	STACK *sk;
+- 	int i;
+- 
+- 	if (a->name != NULL) return;
+- 
+- 	sk=(STACK *)a->value;
+- 	for (i=sk_num(sk)-1; i>=0; i--)
+- 		{
+- 		vv=(CONF_VALUE *)sk_value(sk,i);
+- 		Free(vv->value);
+- 		Free(vv->name);
+- 		Free(vv);
+- 		}
+- 	if (sk != NULL) sk_free(sk);
+- 	Free(a->section);
+- 	Free(a);
+- 	}
+- 
+- static void clear_comments(char *p)
+- 	{
+- 	char *to;
+- 
+- 	to=p;
+- 	for (;;)
+- 		{
+- 		if (IS_COMMENT(*p))
+- 			{
+- 			*p='\0';
+- 			return;
+- 			}
+- 		if (IS_QUOTE(*p))
+- 			{
+- 			p=scan_quote(p);
+- 			continue;
+- 			}
+- 		if (IS_ESC(*p))
+- 			{
+- 			p=scan_esc(p);
+- 			continue;
+- 			}
+- 		if (IS_EOF(*p))
+- 			return;
+- 		else
+- 			p++;
+- 		}
+- 	}
+- 
+- static int str_copy(LHASH *conf, char *section, char **pto, char *from)
+- 	{
+- 	int q,r,rr=0,to=0,len=0;
+- 	char *s,*e,*rp,*p,*rrp,*np,*cp,v;
+- 	BUF_MEM *buf;
+- 
+- 	if ((buf=BUF_MEM_new()) == NULL) return(0);
+- 
+- 	len=strlen(from)+1;
+- 	if (!BUF_MEM_grow(buf,len)) goto err;
+- 
+- 	for (;;)
+- 		{
+- 		if (IS_QUOTE(*from))
+- 			{
+- 			q= *from;
+- 			from++;
+- 			while ((*from != '\0') && (*from != q))
+- 				{
+- 				if (*from == '\\')
+- 					{
+- 					from++;
+- 					if (*from == '\0') break;
+- 					}
+- 				buf->data[to++]= *(from++);
+- 				}
+- 			}
+- 		else if (*from == '\\')
+- 			{
+- 			from++;
+- 			v= *(from++);
+- 			if (v == '\0') break;
+- 			else if (v == 'r') v='\r';
+- 			else if (v == 'n') v='\n';
+- 			else if (v == 'b') v='\b';
+- 			else if (v == 't') v='\t';
+- 			buf->data[to++]= v;
+- 			}
+- 		else if (*from == '\0')
+- 			break;
+- 		else if (*from == '$')
+- 			{
+- 			/* try to expand it */
+- 			rrp=NULL;
+- 			s= &(from[1]);
+- 			if (*s == '{')
+- 				q='}';
+- 			else if (*s == '(')
+- 				q=')';
+- 			else q=0;
+- 
+- 			if (q) s++;
+- 			cp=section;
+- 			e=np=s;
+- 			while (IS_ALPHA_NUMERIC(*e))
+- 				e++;
+- 			if ((e[0] == ':') && (e[1] == ':'))
+- 				{
+- 				cp=np;
+- 				rrp=e;
+- 				rr= *e;
+- 				*rrp='\0';
+- 				e+=2;
+- 				np=e;
+- 				while (IS_ALPHA_NUMERIC(*e))
+- 					e++;
+- 				}
+- 			r= *e;
+- 			*e='\0';
+- 			rp=e;
+- 			if (q)
+- 				{
+- 				if (r != q)
+- 					{
+- 					CONFerr(CONF_F_STR_COPY,CONF_R_NO_CLOSE_BRACE);
+- 					goto err;
+- 					}
+- 				e++;
+- 				}
+- 			/* So at this point we have
+- 			 * ns which is the start of the name string which is
+- 			 *   '\0' terminated. 
+- 			 * cs which is the start of the section string which is
+- 			 *   '\0' terminated.
+- 			 * e is the 'next point after'.
+- 			 * r and s are the chars replaced by the '\0'
+- 			 * rp and sp is where 'r' and 's' came from.
+- 			 */
+- 			p=CONF_get_string(conf,cp,np);
+- 			if (rrp != NULL) *rrp=rr;
+- 			*rp=r;
+- 			if (p == NULL)
+- 				{
+- 				CONFerr(CONF_F_STR_COPY,CONF_R_VARIABLE_HAS_NO_VALUE);
+- 				goto err;
+- 				}
+- 			BUF_MEM_grow(buf,(strlen(p)+len-(e-from)));
+- 			while (*p)
+- 				buf->data[to++]= *(p++);
+- 			from=e;
+- 			}
+- 		else
+- 			buf->data[to++]= *(from++);
+- 		}
+- 	buf->data[to]='\0';
+- 	if (*pto != NULL) Free(*pto);
+- 	*pto=buf->data;
+- 	Free(buf);
+- 	return(1);
+- err:
+- 	if (buf != NULL) BUF_MEM_free(buf);
+- 	return(0);
+- 	}
+- 
+- static char *eat_ws(char *p)
+- 	{
+- 	while (IS_WS(*p) && (!IS_EOF(*p)))
+- 		p++;
+- 	return(p);
+- 	}
+- 
+- static char *eat_alpha_numeric(char *p)
+- 	{
+- 	for (;;)
+- 		{
+- 		if (IS_ESC(*p))
+- 			{
+- 			p=scan_esc(p);
+- 			continue;
+- 			}
+- 		if (!IS_ALPHA_NUMERIC_PUNCT(*p))
+- 			return(p);
+- 		p++;
+- 		}
+- 	}
+- 
+- static unsigned long hash(CONF_VALUE *v)
+- 	{
+- 	return((lh_strhash(v->section)<<2)^lh_strhash(v->name));
+- 	}
+- 
+- static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b)
+- 	{
+- 	int i;
+- 
+- 	if (a->section != b->section)
+- 		{
+- 		i=strcmp(a->section,b->section);
+- 		if (i) return(i);
+- 		}
+- 
+- 	if ((a->name != NULL) && (b->name != NULL))
+- 		{
+- 		i=strcmp(a->name,b->name);
+- 		return(i);
+- 		}
+- 	else if (a->name == b->name)
+- 		return(0);
+- 	else
+- 		return((a->name == NULL)?-1:1);
+- 	}
+- 
+- static char *scan_quote(char *p)
+- 	{
+- 	int q= *p;
+- 
+- 	p++;
+- 	while (!(IS_EOF(*p)) && (*p != q))
+- 		{
+- 		if (IS_ESC(*p))
+- 			{
+- 			p++;
+- 			if (IS_EOF(*p)) return(p);
+- 			}
+- 		p++;
+- 		}
+- 	if (*p == q) p++;
+- 	return(p);
+- 	}
+- 
+- static CONF_VALUE *new_section(LHASH *conf, char *section)
+- 	{
+- 	STACK *sk=NULL;
+- 	int ok=0,i;
+- 	CONF_VALUE *v=NULL,*vv;
+- 
+- 	if ((sk=sk_new_null()) == NULL)
+- 		goto err;
+- 	if ((v=(CONF_VALUE *)Malloc(sizeof(CONF_VALUE))) == NULL)
+- 		goto err;
+- 	i=strlen(section)+1;
+- 	if ((v->section=(char *)Malloc(i)) == NULL)
+- 		goto err;
+- 
+- 	memcpy(v->section,section,i);
+- 	v->name=NULL;
+- 	v->value=(char *)sk;
+- 	
+- 	vv=(CONF_VALUE *)lh_insert(conf,v);
+- 	if (vv != NULL)
+- 		{
+- #if !defined(NO_STDIO) && !defined(WIN16)
+- 		fprintf(stderr,"internal fault\n");
+- #endif
+- 		abort();
+- 		}
+- 	ok=1;
+- err:
+- 	if (!ok)
+- 		{
+- 		if (sk != NULL) sk_free(sk);
+- 		if (v != NULL) Free(v);
+- 		v=NULL;
+- 		}
+- 	return(v);
+- 	}
+- 
+- IMPLEMENT_STACK_OF(CONF_VALUE)
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf.h ../RELENG_4_6/crypto/openssl/crypto/conf/conf.h
+*** crypto/openssl/crypto/conf/conf.h	Wed Jul  4 19:19:18 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/conf.h	Thu Feb 21 11:38:09 2002
+***************
+*** 56,69 ****
+   * [including the GNU Public Licence.]
+   */
+  
+! #ifndef  HEADER_CONF_H
+  #define HEADER_CONF_H
+  
+  #include <openssl/bio.h>
+  #include <openssl/lhash.h>
+  #include <openssl/stack.h>
+  #include <openssl/safestack.h>
+- #include <openssl/e_os.h>
+  
+  #ifdef  __cplusplus
+  extern "C" {
+--- 56,68 ----
+   * [including the GNU Public Licence.]
+   */
+  
+! #ifndef HEADER_CONF_H
+  #define HEADER_CONF_H
+  
+  #include <openssl/bio.h>
+  #include <openssl/lhash.h>
+  #include <openssl/stack.h>
+  #include <openssl/safestack.h>
+  
+  #ifdef  __cplusplus
+  extern "C" {
+***************
+*** 86,99 ****
+  struct conf_method_st
+  	{
+  	const char *name;
+! 	CONF *(MS_FAR *create)(CONF_METHOD *meth);
+! 	int (MS_FAR *init)(CONF *conf);
+! 	int (MS_FAR *destroy)(CONF *conf);
+! 	int (MS_FAR *destroy_data)(CONF *conf);
+! 	int (MS_FAR *load)(CONF *conf, BIO *bp, long *eline);
+! 	int (MS_FAR *dump)(CONF *conf, BIO *bp);
+! 	int (MS_FAR *is_number)(CONF *conf, char c);
+! 	int (MS_FAR *to_int)(CONF *conf, char c);
+  	};
+  
+  int CONF_set_default_method(CONF_METHOD *meth);
+--- 85,98 ----
+  struct conf_method_st
+  	{
+  	const char *name;
+! 	CONF *(*create)(CONF_METHOD *meth);
+! 	int (*init)(CONF *conf);
+! 	int (*destroy)(CONF *conf);
+! 	int (*destroy_data)(CONF *conf);
+! 	int (*load)(CONF *conf, BIO *bp, long *eline);
+! 	int (*dump)(CONF *conf, BIO *bp);
+! 	int (*is_number)(CONF *conf, char c);
+! 	int (*to_int)(CONF *conf, char c);
+  	};
+  
+  int CONF_set_default_method(CONF_METHOD *meth);
+***************
+*** 108,114 ****
+  void CONF_free(LHASH *conf);
+  int CONF_dump_fp(LHASH *conf, FILE *out);
+  int CONF_dump_bio(LHASH *conf, BIO *out);
+- void ERR_load_CONF_strings(void );
+  
+  /* New conf code.  The semantics are different from the functions above.
+     If that wasn't the case, the above functions would have been replaced */
+--- 107,112 ----
+***************
+*** 145,150 ****
+--- 143,149 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_CONF_strings(void);
+  
+  /* Error codes for the CONF functions. */
+  
+***************
+*** 176,179 ****
+  }
+  #endif
+  #endif
+- 
+--- 175,177 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_api.c ../RELENG_4_6/crypto/openssl/crypto/conf/conf_api.c
+*** crypto/openssl/crypto/conf/conf_api.c	Sun Nov 26 06:38:43 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/conf_api.c	Thu Apr 18 05:27:14 2002
+***************
+*** 67,72 ****
+--- 67,73 ----
+  #include <string.h>
+  #include <openssl/conf.h>
+  #include <openssl/conf_api.h>
++ #include "openssl/e_os.h"
+  
+  static void value_free_hash(CONF_VALUE *a, LHASH *conf);
+  static void value_free_stack(CONF_VALUE *a,LHASH *conf);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_def.c ../RELENG_4_6/crypto/openssl/crypto/conf/conf_def.c
+*** crypto/openssl/crypto/conf/conf_def.c	Sun Nov 26 06:38:43 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/conf_def.c	Thu Nov 14 01:49:45 2002
+***************
+*** 67,72 ****
+--- 67,73 ----
+  #include "conf_def.h"
+  #include <openssl/buffer.h>
+  #include <openssl/err.h>
++ #include "cryptlib.h"
+  
+  static char *eat_ws(CONF *conf, char *p);
+  static char *eat_alpha_numeric(CONF *conf, char *p);
+***************
+*** 180,191 ****
+  static int def_load(CONF *conf, BIO *in, long *line)
+  	{
+  #define BUFSIZE	512
+- 	char btmp[16];
+  	int bufnum=0,i,ii;
+  	BUF_MEM *buff=NULL;
+  	char *s,*p,*end;
+  	int again,n;
+  	long eline=0;
+  	CONF_VALUE *v=NULL,*tv;
+  	CONF_VALUE *sv=NULL;
+  	char *section=NULL,*buf;
+--- 181,192 ----
+  static int def_load(CONF *conf, BIO *in, long *line)
+  	{
+  #define BUFSIZE	512
+  	int bufnum=0,i,ii;
+  	BUF_MEM *buff=NULL;
+  	char *s,*p,*end;
+  	int again,n;
+  	long eline=0;
++ 	char btmp[DECIMAL_SIZE(eline)+1];
+  	CONF_VALUE *v=NULL,*tv;
+  	CONF_VALUE *sv=NULL;
+  	char *section=NULL,*buf;
+***************
+*** 223,231 ****
+  	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+  
+  	bufnum=0;
+  	for (;;)
+  		{
+- 		again=0;
+  		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+  			{
+  			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+--- 224,232 ----
+  	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+  
+  	bufnum=0;
++ 	again=0;
+  	for (;;)
+  		{
+  		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+  			{
+  			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+***************
+*** 236,242 ****
+  		BIO_gets(in, p, BUFSIZE-1);
+  		p[BUFSIZE-1]='\0';
+  		ii=i=strlen(p);
+! 		if (i == 0) break;
+  		while (i > 0)
+  			{
+  			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+--- 237,244 ----
+  		BIO_gets(in, p, BUFSIZE-1);
+  		p[BUFSIZE-1]='\0';
+  		ii=i=strlen(p);
+! 		if (i == 0 && !again) break;
+! 		again=0;
+  		while (i > 0)
+  			{
+  			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+***************
+*** 246,252 ****
+  			}
+  		/* we removed some trailing stuff so there is a new
+  		 * line on the end. */
+! 		if (i == ii)
+  			again=1; /* long line */
+  		else
+  			{
+--- 248,254 ----
+  			}
+  		/* we removed some trailing stuff so there is a new
+  		 * line on the end. */
+! 		if (ii && i == ii)
+  			again=1; /* long line */
+  		else
+  			{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_def.h ../RELENG_4_6/crypto/openssl/crypto/conf/conf_def.h
+*** crypto/openssl/crypto/conf/conf_def.h	Sun Nov 26 06:38:43 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/conf_def.h	Wed Jan  2 06:06:17 2002
+***************
+*** 71,76 ****
+--- 71,77 ----
+  #define CONF_COMMENT		128
+  #define CONF_FCOMMENT		2048
+  #define CONF_EOF		8
++ #define CONF_HIGHBIT		4096
+  #define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+  #define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+  #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+***************
+*** 78,145 ****
+  
+  #define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
+  #ifndef CHARSET_EBCDIC
+! #define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT)
+! #define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT)
+! #define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_EOF)
+! #define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_ESC)
+! #define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER)
+! #define IS_WS(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_WS)
+! #define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+  #define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+! 				(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+! #define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE)
+! #define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE)
+  
+  #else /*CHARSET_EBCDIC*/
+  
+! #define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT)
+! #define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT)
+! #define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF)
+! #define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC)
+! #define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER)
+! #define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS)
+! #define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
+  #define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+! 				(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+! #define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE)
+! #define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE)
+  #endif /*CHARSET_EBCDIC*/
+  
+! static unsigned short CONF_type_default[128]={
+! 	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+! 	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+! 	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+! 	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+! 	0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
+! 	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+! 	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+! 	0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
+! 	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+! 	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+! 	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+! 	0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
+! 	0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+! 	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+! 	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+! 	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
+  	};
+  
+! static unsigned short CONF_type_win32[128]={
+! 	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+! 	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+! 	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+! 	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+! 	0x010,0x200,0x400,0x000,0x000,0x200,0x200,0x000,
+! 	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+! 	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+! 	0x001,0x001,0x000,0xA00,0x000,0x000,0x000,0x200,
+! 	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+! 	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+! 	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+! 	0x002,0x002,0x002,0x000,0x000,0x000,0x200,0x100,
+! 	0x000,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+! 	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+! 	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+! 	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
+  	};
+  
+--- 79,180 ----
+  
+  #define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
+  #ifndef CHARSET_EBCDIC
+! #define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+! #define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+! #define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+! #define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+! #define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+! #define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
+! #define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+  #define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+! 				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+! #define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+! #define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+! #define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+  
+  #else /*CHARSET_EBCDIC*/
+  
+! #define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
+! #define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
+! #define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
+! #define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
+! #define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
+! #define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
+! #define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+  #define IS_ALPHA_NUMERIC_PUNCT(c,a) \
+! 				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+! #define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
+! #define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
+! #define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+  #endif /*CHARSET_EBCDIC*/
+  
+! static unsigned short CONF_type_default[256]={
+! 	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+! 	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
+! 	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+! 	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+! 	0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040,
+! 	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
+! 	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
+! 	0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200,
+! 	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+! 	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+! 	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+! 	0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100,
+! 	0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+! 	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+! 	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+! 	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+  	};
+  
+! static unsigned short CONF_type_win32[256]={
+! 	0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+! 	0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000,
+! 	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+! 	0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,
+! 	0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000,
+! 	0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200,
+! 	0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,
+! 	0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200,
+! 	0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+! 	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+! 	0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,
+! 	0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100,
+! 	0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+! 	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+! 	0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,
+! 	0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+! 	0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,
+  	};
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_lcl.h ../RELENG_4_6/crypto/openssl/crypto/conf/conf_lcl.h
+*** crypto/openssl/crypto/conf/conf_lcl.h	Mon Jan 10 01:21:35 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/conf_lcl.h	Wed Dec 31 19:00:00 1969
+***************
+*** 1,116 ****
+- /* crypto/conf/conf_lcl.h */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #define CONF_NUMBER		1
+- #define CONF_UPPER		2
+- #define CONF_LOWER		4
+- #define CONF_UNDER		256
+- #define CONF_PUNCTUATION	512
+- #define CONF_WS			16
+- #define CONF_ESC		32
+- #define CONF_QUOTE		64
+- #define CONF_COMMENT		128
+- #define CONF_EOF		8
+- #define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+- #define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+- #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \
+- 					CONF_PUNCTUATION)
+- 
+- #ifndef CHARSET_EBCDIC
+- #define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[(a)&0x7f]))
+- #define IS_EOF(a)		((a) == '\0')
+- #define IS_ESC(a)		((a) == '\\')
+- #define IS_NUMER(a)		(CONF_type[(a)&0x7f]&CONF_NUMBER)
+- #define IS_WS(a)		(CONF_type[(a)&0x7f]&CONF_WS)
+- #define IS_ALPHA_NUMERIC(a)	(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+- #define IS_ALPHA_NUMERIC_PUNCT(a) \
+- 				(CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+- #define IS_QUOTE(a)		(CONF_type[(a)&0x7f]&CONF_QUOTE)
+- 
+- #else /*CHARSET_EBCDIC*/
+- 
+- #define IS_COMMENT(a)		(CONF_COMMENT&(CONF_type[os_toascii[a]&0x7f]))
+- #define IS_EOF(a)		(os_toascii[a] == '\0')
+- #define IS_ESC(a)		(os_toascii[a] == '\\')
+- #define IS_NUMER(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_NUMBER)
+- #define IS_WS(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_WS)
+- #define IS_ALPHA_NUMERIC(a)	(CONF_type[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
+- #define IS_ALPHA_NUMERIC_PUNCT(a) \
+- 				(CONF_type[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+- #define IS_QUOTE(a)		(CONF_type[os_toascii[a]&0x7f]&CONF_QUOTE)
+- #endif /*CHARSET_EBCDIC*/
+- 
+- static unsigned short CONF_type[128]={
+- 	0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+- 	0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000,
+- 	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+- 	0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000,
+- 	0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040,
+- 	0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200,
+- 	0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001,
+- 	0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200,
+- 	0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+- 	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+- 	0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002,
+- 	0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100,
+- 	0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+- 	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+- 	0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004,
+- 	0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000,
+- 	};
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/keysets.pl ../RELENG_4_6/crypto/openssl/crypto/conf/keysets.pl
+*** crypto/openssl/crypto/conf/keysets.pl	Sun Nov 26 06:33:24 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/keysets.pl	Wed Jan  2 06:06:17 2002
+***************
+*** 12,19 ****
+  $COMMENT=0x80;
+  $FCOMMENT=0x800;
+  $EOF=0x08;
+  
+! foreach (0 .. 127)
+  	{
+  	$v=0;
+  	$c=sprintf("%c",$_);
+--- 12,20 ----
+  $COMMENT=0x80;
+  $FCOMMENT=0x800;
+  $EOF=0x08;
++ $HIGHBIT=0x1000;
+  
+! foreach (0 .. 255)
+  	{
+  	$v=0;
+  	$c=sprintf("%c",$_);
+***************
+*** 27,37 ****
+  	$v|=$QUOTE	if ($c =~ /['`"]/); # for emacs: "`'}/)
+  	$v|=$COMMENT	if ($c =~ /\#/);
+  	$v|=$EOF	if ($c =~ /\0/);
+  
+  	push(@V_def,$v);
+  	}
+  
+! foreach (0 .. 127)
+  	{
+  	$v=0;
+  	$c=sprintf("%c",$_);
+--- 28,39 ----
+  	$v|=$QUOTE	if ($c =~ /['`"]/); # for emacs: "`'}/)
+  	$v|=$COMMENT	if ($c =~ /\#/);
+  	$v|=$EOF	if ($c =~ /\0/);
++ 	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
+  
+  	push(@V_def,$v);
+  	}
+  
+! foreach (0 .. 255)
+  	{
+  	$v=0;
+  	$c=sprintf("%c",$_);
+***************
+*** 44,49 ****
+--- 46,52 ----
+  	$v|=$DQUOTE	if ($c =~ /["]/); # for emacs: "}/)
+  	$v|=$FCOMMENT	if ($c =~ /;/);
+  	$v|=$EOF	if ($c =~ /\0/);
++ 	$v|=$HIGHBIT	if ($c =~/[\x80-\xff]/);
+  
+  	push(@V_w32,$v);
+  	}
+***************
+*** 122,127 ****
+--- 125,131 ----
+  #define CONF_COMMENT		$COMMENT
+  #define CONF_FCOMMENT		$FCOMMENT
+  #define CONF_EOF		$EOF
++ #define CONF_HIGHBIT		$HIGHBIT
+  #define CONF_ALPHA		(CONF_UPPER|CONF_LOWER)
+  #define CONF_ALPHA_NUMERIC	(CONF_ALPHA|CONF_NUMBER|CONF_UNDER)
+  #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\
+***************
+*** 129,179 ****
+  
+  #define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
+  #ifndef CHARSET_EBCDIC
+! #define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT)
+! #define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT)
+! #define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_EOF)
+! #define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_ESC)
+! #define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER)
+! #define IS_WS(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_WS)
+! #define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC)
+  #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+! 				(KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+! #define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE)
+! #define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE)
+  
+  #else /*CHARSET_EBCDIC*/
+  
+! #define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT)
+! #define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT)
+! #define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF)
+! #define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC)
+! #define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER)
+! #define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS)
+! #define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC)
+  #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+! 				(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT)
+! #define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE)
+! #define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE)
+  #endif /*CHARSET_EBCDIC*/
+  
+  EOF
+  
+! print "static unsigned short CONF_type_default[128]={";
+  
+! for ($i=0; $i<128; $i++)
+  	{
+  	print "\n\t" if ($i % 8) == 0;
+! 	printf "0x%03X,",$V_def[$i];
+  	}
+  
+  print "\n\t};\n\n";
+  
+! print "static unsigned short CONF_type_win32[128]={";
+  
+! for ($i=0; $i<128; $i++)
+  	{
+  	print "\n\t" if ($i % 8) == 0;
+! 	printf "0x%03X,",$V_w32[$i];
+  	}
+  
+  print "\n\t};\n\n";
+--- 133,185 ----
+  
+  #define KEYTYPES(c)		((unsigned short *)((c)->meth_data))
+  #ifndef CHARSET_EBCDIC
+! #define IS_COMMENT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_COMMENT)
+! #define IS_FCOMMENT(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT)
+! #define IS_EOF(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_EOF)
+! #define IS_ESC(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_ESC)
+! #define IS_NUMBER(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_NUMBER)
+! #define IS_WS(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_WS)
+! #define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC)
+  #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+! 				(KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+! #define IS_QUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_QUOTE)
+! #define IS_DQUOTE(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE)
+! #define IS_HIGHBIT(c,a)		(KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT)
+  
+  #else /*CHARSET_EBCDIC*/
+  
+! #define IS_COMMENT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT)
+! #define IS_FCOMMENT(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT)
+! #define IS_EOF(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF)
+! #define IS_ESC(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC)
+! #define IS_NUMBER(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER)
+! #define IS_WS(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS)
+! #define IS_ALPHA_NUMERIC(c,a)	(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC)
+  #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\
+! 				(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT)
+! #define IS_QUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE)
+! #define IS_DQUOTE(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE)
+! #define IS_HIGHBIT(c,a)		(KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT)
+  #endif /*CHARSET_EBCDIC*/
+  
+  EOF
+  
+! print "static unsigned short CONF_type_default[256]={";
+  
+! for ($i=0; $i<256; $i++)
+  	{
+  	print "\n\t" if ($i % 8) == 0;
+! 	printf "0x%04X,",$V_def[$i];
+  	}
+  
+  print "\n\t};\n\n";
+  
+! print "static unsigned short CONF_type_win32[256]={";
+  
+! for ($i=0; $i<256; $i++)
+  	{
+  	print "\n\t" if ($i % 8) == 0;
+! 	printf "0x%04X,",$V_w32[$i];
+  	}
+  
+  print "\n\t};\n\n";
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cryptlib.c ../RELENG_4_6/crypto/openssl/crypto/cryptlib.c
+*** crypto/openssl/crypto/cryptlib.c	Sun Nov 26 06:32:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/cryptlib.c	Wed Dec 11 03:56:38 2002
+***************
+*** 58,63 ****
+--- 58,64 ----
+  
+  #include <stdio.h>
+  #include <string.h>
++ #include <assert.h>
+  #include "cryptlib.h"
+  #include <openssl/crypto.h>
+  #include <openssl/safestack.h>
+***************
+*** 89,95 ****
+--- 90,98 ----
+  	"ssl_session",
+  	"ssl_sess_cert",
+  	"ssl",
++ 	/* "ssl_method", */
+  	"rand",
++ 	"rand2",
+  	"debug_malloc",
+  	"BIO",
+  	"gethostbyname",
+***************
+*** 100,106 ****
+  	"debug_malloc2",
+  	"dso",
+  	"dynlock",
+! #if CRYPTO_NUM_LOCKS != 28
+  # error "Inconsistency between crypto.h and cryptlib.c"
+  #endif
+  	};
+--- 103,109 ----
+  	"debug_malloc2",
+  	"dso",
+  	"dynlock",
+! #if CRYPTO_NUM_LOCKS != 29
+  # error "Inconsistency between crypto.h and cryptlib.c"
+  #endif
+  	};
+***************
+*** 203,212 ****
+  	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+  	/* If there was none, push, thereby creating a new one */
+  	if (i == -1)
+! 		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
+  	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+  
+! 	if (!i)
+  		{
+  		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+  		OPENSSL_free(pointer);
+--- 206,223 ----
+  	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+  	/* If there was none, push, thereby creating a new one */
+  	if (i == -1)
+! 		/* Since sk_push() returns the number of items on the
+! 		   stack, not the location of the pushed item, we need
+! 		   to transform the returned number into a position,
+! 		   by decreasing it.  */
+! 		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+! 	else
+! 		/* If we found a place with a NULL pointer, put our pointer
+! 		   in it.  */
+! 		sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
+  	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+  
+! 	if (i == -1)
+  		{
+  		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+  		OPENSSL_free(pointer);
+***************
+*** 227,233 ****
+--- 238,247 ----
+  	CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK);
+  
+  	if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks))
++ 		{
++ 		CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+  		return;
++ 		}
+  	pointer = sk_CRYPTO_dynlock_value(dyn_locks, i);
+  	if (pointer != NULL)
+  		{
+***************
+*** 240,246 ****
+  			}
+  		else
+  #endif
+! 			if (--(pointer->references) <= 0)
+  				{
+  				sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+  				}
+--- 254,260 ----
+  			}
+  		else
+  #endif
+! 			if (pointer->references <= 0)
+  				{
+  				sk_CRYPTO_dynlock_set(dyn_locks, i, NULL);
+  				}
+***************
+*** 395,410 ****
+  #endif
+  	if (type < 0)
+  		{
+! 		int i = -type - 1;
+! 		struct CRYPTO_dynlock_value *pointer
+! 			= CRYPTO_get_dynlock_value(i);
+! 
+! 		if (pointer)
+  			{
+  			dynlock_lock_callback(mode, pointer, file, line);
+- 			}
+  
+! 		CRYPTO_destroy_dynlockid(i);
+  		}
+  	else
+  		if (locking_callback != NULL)
+--- 409,425 ----
+  #endif
+  	if (type < 0)
+  		{
+! 		if (dynlock_lock_callback != NULL)
+  			{
++ 			struct CRYPTO_dynlock_value *pointer
++ 				= CRYPTO_get_dynlock_value(type);
++ 
++ 			assert(pointer != NULL);
++ 
+  			dynlock_lock_callback(mode, pointer, file, line);
+  
+! 			CRYPTO_destroy_dynlockid(type);
+! 			}
+  		}
+  	else
+  		if (locking_callback != NULL)
+***************
+*** 430,436 ****
+  			CRYPTO_get_lock_name(type),
+  			file,line);
+  #endif
+- 		*pointer=ret;
+  		}
+  	else
+  		{
+--- 445,450 ----
+***************
+*** 456,462 ****
+  		return("dynamic");
+  	else if (type < CRYPTO_NUM_LOCKS)
+  		return(lock_names[type]);
+! 	else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
+  		return("ERROR");
+  	else
+  		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+--- 470,476 ----
+  		return("dynamic");
+  	else if (type < CRYPTO_NUM_LOCKS)
+  		return(lock_names[type]);
+! 	else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
+  		return("ERROR");
+  	else
+  		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cryptlib.h ../RELENG_4_6/crypto/openssl/crypto/cryptlib.h
+*** crypto/openssl/crypto/cryptlib.h	Sun Nov 26 06:32:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/cryptlib.h	Fri Aug  2 06:51:29 2002
+***************
+*** 89,94 ****
+--- 89,98 ----
+  #define X509_CERT_DIR_EVP        "SSL_CERT_DIR"
+  #define X509_CERT_FILE_EVP       "SSL_CERT_FILE"
+  
++ /* size of string represenations */
++ #define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
++ #define HEX_SIZE(type)         ((sizeof(type)*2)
++ 
+  #ifdef  __cplusplus
+  }
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/crypto.h ../RELENG_4_6/crypto/openssl/crypto/crypto.h
+*** crypto/openssl/crypto/crypto.h	Wed Jul  4 19:19:11 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/crypto.h	Wed Nov 27 07:24:46 2002
+***************
+*** 95,128 ****
+   * names in cryptlib.c
+   */
+  
+! #define	CRYPTO_LOCK_ERR			1
+! #define	CRYPTO_LOCK_ERR_HASH		2
+! #define	CRYPTO_LOCK_X509		3
+! #define	CRYPTO_LOCK_X509_INFO		4
+! #define	CRYPTO_LOCK_X509_PKEY		5
+  #define CRYPTO_LOCK_X509_CRL		6
+  #define CRYPTO_LOCK_X509_REQ		7
+  #define CRYPTO_LOCK_DSA			8
+  #define CRYPTO_LOCK_RSA			9
+  #define CRYPTO_LOCK_EVP_PKEY		10
+! #define	CRYPTO_LOCK_X509_STORE		11
+! #define	CRYPTO_LOCK_SSL_CTX		12
+! #define	CRYPTO_LOCK_SSL_CERT		13
+! #define	CRYPTO_LOCK_SSL_SESSION		14
+! #define	CRYPTO_LOCK_SSL_SESS_CERT	15
+! #define	CRYPTO_LOCK_SSL			16
+! #define	CRYPTO_LOCK_RAND		17
+! #define	CRYPTO_LOCK_MALLOC		18
+! #define	CRYPTO_LOCK_BIO			19
+! #define	CRYPTO_LOCK_GETHOSTBYNAME	20
+! #define	CRYPTO_LOCK_GETSERVBYNAME	21
+! #define	CRYPTO_LOCK_READDIR		22
+! #define	CRYPTO_LOCK_RSA_BLINDING	23
+! #define	CRYPTO_LOCK_DH			24
+! #define	CRYPTO_LOCK_MALLOC2		25
+! #define	CRYPTO_LOCK_DSO			26
+! #define	CRYPTO_LOCK_DYNLOCK		27
+! #define	CRYPTO_NUM_LOCKS		28
+  
+  #define CRYPTO_LOCK		1
+  #define CRYPTO_UNLOCK		2
+--- 95,132 ----
+   * names in cryptlib.c
+   */
+  
+! #define CRYPTO_LOCK_ERR			1
+! #define CRYPTO_LOCK_ERR_HASH		2
+! #define CRYPTO_LOCK_X509		3
+! #define CRYPTO_LOCK_X509_INFO		4
+! #define CRYPTO_LOCK_X509_PKEY		5
+  #define CRYPTO_LOCK_X509_CRL		6
+  #define CRYPTO_LOCK_X509_REQ		7
+  #define CRYPTO_LOCK_DSA			8
+  #define CRYPTO_LOCK_RSA			9
+  #define CRYPTO_LOCK_EVP_PKEY		10
+! #define CRYPTO_LOCK_X509_STORE		11
+! #define CRYPTO_LOCK_SSL_CTX		12
+! #define CRYPTO_LOCK_SSL_CERT		13
+! #define CRYPTO_LOCK_SSL_SESSION		14
+! #define CRYPTO_LOCK_SSL_SESS_CERT	15
+! #define CRYPTO_LOCK_SSL			16
+! /* for binary compatibility between 0.9.6 minor versions,
+!  * reuse an existing lock (later version use a new one): */
+! # define CRYPTO_LOCK_SSL_METHOD		CRYPTO_LOCK_SSL_CTX
+! #define CRYPTO_LOCK_RAND		17
+! #define CRYPTO_LOCK_RAND2		18
+! #define CRYPTO_LOCK_MALLOC		19
+! #define CRYPTO_LOCK_BIO			20
+! #define CRYPTO_LOCK_GETHOSTBYNAME	21
+! #define CRYPTO_LOCK_GETSERVBYNAME	22
+! #define CRYPTO_LOCK_READDIR		23
+! #define CRYPTO_LOCK_RSA_BLINDING	24
+! #define CRYPTO_LOCK_DH			25
+! #define CRYPTO_LOCK_MALLOC2		26
+! #define CRYPTO_LOCK_DSO			27
+! #define CRYPTO_LOCK_DYNLOCK		28
+! #define CRYPTO_NUM_LOCKS		29
+  
+  #define CRYPTO_LOCK		1
+  #define CRYPTO_UNLOCK		2
+***************
+*** 144,150 ****
+  #endif
+  #else
+  #define CRYPTO_w_lock(a)
+! #define	CRYPTO_w_unlock(a)
+  #define CRYPTO_r_lock(a)
+  #define CRYPTO_r_unlock(a)
+  #define CRYPTO_add(a,b,c)	((*(a))+=(b))
+--- 148,154 ----
+  #endif
+  #else
+  #define CRYPTO_w_lock(a)
+! #define CRYPTO_w_unlock(a)
+  #define CRYPTO_r_lock(a)
+  #define CRYPTO_r_unlock(a)
+  #define CRYPTO_add(a,b,c)	((*(a))+=(b))
+***************
+*** 341,346 ****
+--- 345,352 ----
+  void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
+  void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
+  
++ void OPENSSL_cleanse(void *ptr, size_t len);
++ 
+  void CRYPTO_set_mem_debug_options(long bits);
+  long CRYPTO_get_mem_debug_options(void);
+  
+***************
+*** 350,355 ****
+--- 356,364 ----
+  int CRYPTO_pop_info(void);
+  int CRYPTO_remove_all_info(void);
+  
++ 
++ /* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro;
++  * used as default in CRYPTO_MDEBUG compilations): */
+  /* The last argument has the following significance:
+   *
+   * 0:	called before the actual memory allocation has taken place
+***************
+*** 358,375 ****
+  void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
+  void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
+  void CRYPTO_dbg_free(void *addr,int before_p);
+- 
+  /* Tell the debugging code about options.  By default, the following values
+   * apply:
+   *
+!  * 0:	Clear all options.
+!  * 1:	Set the "Show Time" option.
+!  * 2:	Set the "Show Thread Number" option.
+!  * 3:	1 + 2
+   */
+  void CRYPTO_dbg_set_options(long bits);
+  long CRYPTO_dbg_get_options(void);
+  
+  #ifndef NO_FP_API
+  void CRYPTO_mem_leaks_fp(FILE *);
+  #endif
+--- 367,384 ----
+  void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p);
+  void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p);
+  void CRYPTO_dbg_free(void *addr,int before_p);
+  /* Tell the debugging code about options.  By default, the following values
+   * apply:
+   *
+!  * 0:                           Clear all options.
+!  * V_CRYPTO_MDEBUG_TIME (1):    Set the "Show Time" option.
+!  * V_CRYPTO_MDEBUG_THREAD (2):  Set the "Show Thread Number" option.
+!  * V_CRYPTO_MDEBUG_ALL (3):     1 + 2
+   */
+  void CRYPTO_dbg_set_options(long bits);
+  long CRYPTO_dbg_get_options(void);
+  
++ 
+  #ifndef NO_FP_API
+  void CRYPTO_mem_leaks_fp(FILE *);
+  #endif
+***************
+*** 377,388 ****
+  /* unsigned long order, char *file, int line, int num_bytes, char *addr */
+  void CRYPTO_mem_leaks_cb(void (*cb)(unsigned long, const char *, int, int, void *));
+  
+- void ERR_load_CRYPTO_strings(void);
+- 
+  /* BEGIN ERROR CODES */
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
+  
+  /* Error codes for the CRYPTO functions. */
+  
+--- 386,396 ----
+  /* unsigned long order, char *file, int line, int num_bytes, char *addr */
+  void CRYPTO_mem_leaks_cb(void (*cb)(unsigned long, const char *, int, int, void *));
+  
+  /* BEGIN ERROR CODES */
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_CRYPTO_strings(void);
+  
+  /* Error codes for the CRYPTO functions. */
+  
+***************
+*** 399,402 ****
+  }
+  #endif
+  #endif
+- 
+--- 407,409 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/DES.pod ../RELENG_4_6/crypto/openssl/crypto/des/DES.pod
+*** crypto/openssl/crypto/des/DES.pod	Mon Jan 10 01:21:35 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/DES.pod	Wed Dec 31 19:00:00 1969
+***************
+*** 1,16 ****
+- crypt	<= 	crypt(buf,salt)
+- key	<=	set_odd_parity(key)
+- int	<=	is_weak_key(key)
+- keysched<=	set_key(key)
+- key	<=	ecb_encrypt(string8,ks,enc)
+- key	<=	ecb3_encrypt(input,ks1,ks2,enc)
+- string	<=	cbc_encrypt(input,ks,ivec,enc)			=> ivec 
+- string	<=	cbc3_encrypt(input,ks1,ks2,ivec1,ivec2,enc)	=> ivec1&ivec2 
+- ck1,ck2	<=	cbc_cksum(input,ks,ivec)			=> ivec
+- string	<=	pcbc_encrypt(input,ks,ivec,enc)			=> ivec 
+- string	<=	ofb_encrypt(input,numbits,ks,ivec)		=> ivec
+- string	<=	cfb_encrypt(input,numbits,ks,ivec,enc)		=> ivec
+- key	<=	random_key()
+- key	<=	string_to_key(string)
+- key1,key2<=	string_to_2keys(string)
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/MODES.DES ../RELENG_4_6/crypto/openssl/crypto/des/MODES.DES
+*** crypto/openssl/crypto/des/MODES.DES	Mon Jan 10 01:21:35 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/MODES.DES	Wed Dec 31 19:00:00 1969
+***************
+*** 1,84 ****
+- Modes of DES
+- Quite a bit of the following information has been taken from
+- 	AS 2805.5.2
+- 	Australian Standard
+- 	Electronic funds transfer - Requirements for interfaces,
+- 	Part 5.2: Modes of operation for an n-bit block cipher algorithm
+- 	Appendix A
+- 
+- There are several different modes in which DES can be used, they are
+- as follows.
+- 
+- Electronic Codebook Mode (ECB) (des_ecb_encrypt())
+- - 64 bits are enciphered at a time.
+- - The order of the blocks can be rearranged without detection.
+- - The same plaintext block always produces the same ciphertext block
+-   (for the same key) making it vulnerable to a 'dictionary attack'.
+- - An error will only affect one ciphertext block.
+- 
+- Cipher Block Chaining Mode (CBC) (des_cbc_encrypt())
+- - a multiple of 64 bits are enciphered at a time.
+- - The CBC mode produces the same ciphertext whenever the same
+-   plaintext is encrypted using the same key and starting variable.
+- - The chaining operation makes the ciphertext blocks dependent on the
+-   current and all preceding plaintext blocks and therefore blocks can not
+-   be rearranged.
+- - The use of different starting variables prevents the same plaintext
+-   enciphering to the same ciphertext.
+- - An error will affect the current and the following ciphertext blocks.
+- 
+- Cipher Feedback Mode (CFB) (des_cfb_encrypt())
+- - a number of bits (j) <= 64 are enciphered at a time.
+- - The CFB mode produces the same ciphertext whenever the same
+-   plaintext is encrypted using the same key and starting variable.
+- - The chaining operation makes the ciphertext variables dependent on the
+-   current and all preceding variables and therefore j-bit variables are
+-   chained together and con not be rearranged.
+- - The use of different starting variables prevents the same plaintext
+-   enciphering to the same ciphertext.
+- - The strength of the CFB mode depends on the size of k (maximal if
+-   j == k).  In my implementation this is always the case.
+- - Selection of a small value for j will require more cycles through
+-   the encipherment algorithm per unit of plaintext and thus cause
+-   greater processing overheads.
+- - Only multiples of j bits can be enciphered.
+- - An error will affect the current and the following ciphertext variables.
+- 
+- Output Feedback Mode (OFB) (des_ofb_encrypt())
+- - a number of bits (j) <= 64 are enciphered at a time.
+- - The OFB mode produces the same ciphertext whenever the same
+-   plaintext enciphered using the same key and starting variable.  More
+-   over, in the OFB mode the same key stream is produced when the same
+-   key and start variable are used.  Consequently, for security reasons
+-   a specific start variable should be used only once for a given key.
+- - The absence of chaining makes the OFB more vulnerable to specific attacks.
+- - The use of different start variables values prevents the same
+-   plaintext enciphering to the same ciphertext, by producing different
+-   key streams.
+- - Selection of a small value for j will require more cycles through
+-   the encipherment algorithm per unit of plaintext and thus cause
+-   greater processing overheads.
+- - Only multiples of j bits can be enciphered.
+- - OFB mode of operation does not extend ciphertext errors in the
+-   resultant plaintext output.  Every bit error in the ciphertext causes
+-   only one bit to be in error in the deciphered plaintext.
+- - OFB mode is not self-synchronising.  If the two operation of
+-   encipherment and decipherment get out of synchronism, the system needs
+-   to be re-initialised.
+- - Each re-initialisation should use a value of the start variable
+- different from the start variable values used before with the same
+- key.  The reason for this is that an identical bit stream would be
+- produced each time from the same parameters.  This would be
+- susceptible to a 'known plaintext' attack.
+- 
+- Triple ECB Mode (des_ecb3_encrypt())
+- - Encrypt with key1, decrypt with key2 and encrypt with key1 again.
+- - As for ECB encryption but increases the effective key length to 112 bits.
+- - If both keys are the same it is equivalent to encrypting once with
+-   just one key.
+- 
+- Triple CBC Mode (des_3cbc_encrypt())
+- - Encrypt with key1, decrypt with key2 and encrypt with key1 again.
+- - As for CBC encryption but increases the effective key length to 112 bits.
+- - If both keys are the same it is equivalent to encrypting once with
+-   just one key.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.PL ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.PL
+*** crypto/openssl/crypto/des/Makefile.PL	Mon Jan 10 01:21:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.PL	Wed Dec 31 19:00:00 1969
+***************
+*** 1,14 ****
+- use ExtUtils::MakeMaker;
+- # See lib/ExtUtils/MakeMaker.pm for details of how to influence
+- # the contents of the Makefile being created.
+- &writeMakefile(
+- 	'potential_libs' => '',   # e.g., '-lm' 
+- 	'INC' => '',     # e.g., '-I/usr/include/other' 
+- 	'DISTNAME' => 'DES',
+- 	'VERSION' => '0.1',
+- 	'DEFINE' => '-DPERL5',
+- 	'OBJECT' => 'DES.o cbc_cksm.o cbc_enc.o ecb_enc.o pcbc_enc.o \
+- 	rand_key.o set_key.o str2key.o \
+- 	enc_read.o enc_writ.o fcrypt.o cfb_enc.o \
+- 	ecb3_enc.o ofb_enc.o cbc3_enc.o des_enc.o',
+- 	);
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.lit ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.lit
+*** crypto/openssl/crypto/des/Makefile.lit	Mon Jan 10 01:21:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.lit	Wed Dec 31 19:00:00 1969
+***************
+*** 1,250 ****
+- # You must select the correct terminal control system to be used to
+- # turn character echo off when reading passwords.  There a 5 systems
+- # SGTTY   - the old BSD system
+- # TERMIO  - most system V boxes
+- # TERMIOS - SGI (ala IRIX).
+- # VMS     - the DEC operating system
+- # MSDOS   - we all know what it is :-)
+- # read_pwd.c makes a reasonable guess at what is correct.
+- 
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- # make x86-elf  - linux-elf etc
+- # make x86-out  - linux-a.out, FreeBSD etc
+- # make x86-solaris
+- # make x86-bdsi
+- 
+- # If you are on a DEC Alpha, edit des.h and change the DES_LONG
+- # define to 'unsigned int'.  I have seen this give a %20 speedup.
+- 
+- OPTS0= -DLIBDES_LIT -DRAND -DTERMIO #-DNOCONST
+- 
+- # Version 1.94 has changed the strings_to_key function so that it is
+- # now compatible with MITs when the string is longer than 8 characters.
+- # If you wish to keep the old version, uncomment the following line.
+- # This will affect the -E/-D options on des(1).
+- #OPTS1= -DOLD_STR_TO_KEY
+- 
+- # There are 4 possible performance options
+- # -DDES_PTR
+- # -DDES_RISC1
+- # -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
+- # -DDES_UNROLL
+- # after the initial build, run 'des_opts' to see which options are best
+- # for your platform.  There are some listed in options.txt
+- #OPTS2= -DDES_PTR 
+- #OPTS3= -DDES_RISC1 # or DES_RISC2
+- #OPTS4= -DDES_UNROLL
+- 
+- OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
+- 
+- MAKE=make -f Makefile
+- #CC=cc
+- #CFLAG= -O
+- 
+- CC=gcc
+- #CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+- CFLAG= -O3 -fomit-frame-pointer
+- 
+- CFLAGS=$(OPTS) $(CFLAG)
+- CPP=$(CC) -E
+- AS=as
+- 
+- # Assember version of des_encrypt*().
+- DES_ENC=des_enc.o fcrypt_b.o		# normal C version
+- #DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
+- #DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
+- #DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
+- #DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
+- 
+- LIBDIR=/usr/local/lib
+- BINDIR=/usr/local/bin
+- INCDIR=/usr/local/include
+- MANDIR=/usr/local/man
+- MAN1=1
+- MAN3=3
+- SHELL=/bin/sh
+- OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+- OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+- 	xcbc_enc.o qud_cksm.o \
+- 	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
+- 	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
+- 	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
+- 
+- GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
+- 	des.doc options.txt asm
+- GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
+- 	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
+- 	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
+- 	des.org des_locl.org
+- TESTING_LIT=	destest speed des_opts
+- TESTING_FULL=	rpw $(TESTING_LIT)
+- TESTING_SRC_LIT=destest.c speed.c des_opts.c
+- TESTING_SRC_FULL=rpw.c $(TESTING_SRC_LIT)
+- HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
+- HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
+- LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
+- LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c \
+- 	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
+- 	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
+- 	rand_key.c rpc_enc.c  str2key.c  supp.c \
+- 	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
+- 
+- PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+- 
+- OBJ=	$(OBJ_LIT)
+- GENERAL=$(GENERAL_LIT)
+- TESTING=$(TESTING_LIT)
+- TESTING_SRC=$(TESTING_SRC_LIT)
+- HEADERS=$(HEADERS_LIT)
+- LIBDES=	$(LIBDES_LIT)
+- 
+- ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
+- 
+- DLIB=	libdes.a
+- 
+- all: $(DLIB) $(TESTING)
+- 
+- cc:
+- 	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+- 
+- gcc:
+- 	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+- 
+- x86-elf:
+- 	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+- 
+- x86-out:
+- 	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+- 
+- x86-solaris:
+- 	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+- 
+- x86-bsdi:
+- 	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+- 
+- # elf
+- asm/dx86-elf.o: asm/dx86unix.cpp
+- 	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
+- 
+- asm/yx86-elf.o: asm/yx86unix.cpp
+- 	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
+- 
+- # solaris
+- asm/dx86-sol.o: asm/dx86unix.cpp
+- 	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+- 	as -o asm/dx86-sol.o asm/dx86-sol.s
+- 	rm -f asm/dx86-sol.s
+- 
+- asm/yx86-sol.o: asm/yx86unix.cpp
+- 	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+- 	as -o asm/yx86-sol.o asm/yx86-sol.s
+- 	rm -f asm/yx86-sol.s
+- 
+- # a.out
+- asm/dx86-out.o: asm/dx86unix.cpp
+- 	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
+- 
+- asm/yx86-out.o: asm/yx86unix.cpp
+- 	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
+- 
+- # bsdi
+- asm/dx86bsdi.o: asm/dx86unix.cpp
+- 	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
+- 
+- asm/yx86bsdi.o: asm/yx86unix.cpp
+- 	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
+- 
+- asm/dx86unix.cpp:
+- 	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+- 
+- asm/yx86unix.cpp:
+- 	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+- 
+- test:	all
+- 	./destest
+- 
+- $(DLIB): $(OBJ)
+- 	/bin/rm -f $(DLIB)
+- 	ar cr $(DLIB) $(OBJ)
+- 	-if test -s /bin/ranlib; then /bin/ranlib $(DLIB); \
+- 	else if test -s /usr/bin/ranlib; then /usr/bin/ranlib $(DLIB); \
+- 	else exit 0; fi; fi
+- 
+- des_opts: des_opts.o $(DLIB)
+- 	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
+- 
+- destest: destest.o $(DLIB)
+- 	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
+- 
+- rpw: rpw.o $(DLIB)
+- 	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
+- 
+- speed: speed.o $(DLIB)
+- 	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
+- 
+- des: des.o $(DLIB)
+- 	$(CC) $(CFLAGS) -o des des.o $(DLIB)
+- 
+- tags:
+- 	ctags $(TESTING_SRC) $(LIBDES)
+- 
+- tar_lit:
+- 	/bin/mv Makefile Makefile.tmp
+- 	/bin/cp Makefile.lit Makefile
+- 	tar chf libdes-l.tar $(LIBDES_LIT) $(HEADERS_LIT) \
+- 		$(GENERAL_LIT) $(TESTING_SRC_LIT)
+- 	/bin/rm -f Makefile
+- 	/bin/mv Makefile.tmp Makefile
+- 
+- tar:
+- 	tar chf libdes.tar $(ALL)
+- 
+- shar:
+- 	shar $(ALL) >libdes.shar
+- 
+- depend:
+- 	makedepend $(LIBDES) $(TESTING_SRC)
+- 
+- clean:
+- 	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
+- 
+- dclean:
+- 	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+- 	mv -f Makefile.new Makefile
+- 
+- # Eric is probably going to choke when he next looks at this --tjh
+- install:
+- 	if test $(INSTALLTOP); then \
+- 	    echo SSL style install; \
+- 	    cp $(DLIB) $(INSTALLTOP)/lib; \
+- 	    if test -s /bin/ranlib; then \
+- 	        /bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+- 	    else \
+- 		if test -s /usr/bin/ranlib; then \
+- 		/usr/bin/ranlib $(INSTALLTOP)/lib/$(DLIB); \
+- 	    fi; fi; \
+- 	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
+- 	    cp des.h $(INSTALLTOP)/include; \
+- 	    chmod 644 $(INSTALLTOP)/include/des.h; \
+- 	else \
+- 	    echo Standalone install; \
+- 	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
+- 	    if test -s /bin/ranlib; then \
+- 	      /bin/ranlib $(LIBDIR)/$(DLIB); \
+- 	    else \
+- 	      if test -s /usr/bin/ranlib; then \
+- 		/usr/bin/ranlib $(LIBDIR)/$(DLIB); \
+- 	      fi; \
+- 	    fi; \
+- 	    chmod 644 $(LIBDIR)/$(DLIB); \
+- 	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+- 	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+- 	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+- 	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+- 	    cp des.h $(INCDIR)/des.h; \
+- 	    chmod 644 $(INCDIR)/des.h; \
+- 	fi
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.save
+*** crypto/openssl/crypto/des/Makefile.save	Sun Nov 26 06:33:25 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,211 ****
+- #
+- # SSLeay/crypto/des/Makefile
+- #
+- 
+- DIR=	des
+- TOP=	../..
+- CC=	cc
+- CPP=	$(CC) -E
+- INCLUDES=-I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- RANLIB=		ranlib
+- DES_ENC=	des_enc.o fcrypt_b.o
+- # or use
+- #DES_ENC=	dx86-elf.o yx86-elf.o
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=destest.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=	cbc_cksm.c cbc_enc.c  cfb64enc.c cfb_enc.c  \
+- 	ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c \
+- 	fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c \
+- 	qud_cksm.c rand_key.c read_pwd.c rpc_enc.c  set_key.c  \
+- 	des_enc.c fcrypt_b.c read2pwd.c \
+- 	xcbc_enc.c \
+- 	str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c
+- 
+- LIBOBJ= set_key.o  ecb_enc.o  cbc_enc.o \
+- 	ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o  ofb64ede.o \
+- 	enc_read.o enc_writ.o ofb64enc.o \
+- 	ofb_enc.o  str2key.o  pcbc_enc.o qud_cksm.o rand_key.o \
+- 	${DES_ENC} read2pwd.o \
+- 	fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o  cbc_cksm.o \
+- 	ede_cbcm_enc.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= des.h
+- HEADER=	des_locl.h rpc_des.h spr.h des_ver.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- des: des.o cbc3_enc.o lib
+- 	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+- 
+- # elf
+- asm/dx86-elf.o: asm/dx86unix.cpp
+- 	$(CPP) -DELF -x c asm/dx86unix.cpp | as -o asm/dx86-elf.o
+- 
+- asm/yx86-elf.o: asm/yx86unix.cpp
+- 	$(CPP) -DELF -x c asm/yx86unix.cpp | as -o asm/yx86-elf.o
+- 
+- # solaris
+- asm/dx86-sol.o: asm/dx86unix.cpp
+- 	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+- 	as -o asm/dx86-sol.o asm/dx86-sol.s
+- 	rm -f asm/dx86-sol.s
+- 
+- asm/yx86-sol.o: asm/yx86unix.cpp
+- 	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+- 	as -o asm/yx86-sol.o asm/yx86-sol.s
+- 	rm -f asm/yx86-sol.s
+- 
+- # a.out
+- asm/dx86-out.o: asm/dx86unix.cpp
+- 	$(CPP) -DOUT asm/dx86unix.cpp | as -o asm/dx86-out.o
+- 
+- asm/yx86-out.o: asm/yx86unix.cpp
+- 	$(CPP) -DOUT asm/yx86unix.cpp | as -o asm/yx86-out.o
+- 
+- # bsdi
+- asm/dx86bsdi.o: asm/dx86unix.cpp
+- 	$(CPP) -DBSDI asm/dx86unix.cpp | sed 's/ :/:/' | as -o asm/dx86bsdi.o
+- 
+- asm/yx86bsdi.o: asm/yx86unix.cpp
+- 	$(CPP) -DBSDI asm/yx86unix.cpp | sed 's/ :/:/' | as -o asm/yx86bsdi.o
+- 
+- asm/dx86unix.cpp: asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+- 	(cd asm; $(PERL) des-586.pl cpp >dx86unix.cpp)
+- 
+- asm/yx86unix.cpp: asm/crypt586.pl ../perlasm/x86asm.pl
+- 	(cd asm; $(PERL) crypt586.pl cpp >yx86unix.cpp)
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(TOP)/util/point.sh ../../perlasm asm/perlasm
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install: installs
+- 
+- installs:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- cbc_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- cbc_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+- cbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- cbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h ncbc_enc.c
+- cfb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- cfb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
+- cfb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- cfb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
+- cfb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- cfb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+- des_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- des_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_locl.h ncbc_enc.c
+- ecb3_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- ecb3_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+- ecb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- ecb_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- ecb_enc.o: des_locl.h spr.h
+- ede_cbcm_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- ede_cbcm_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+- enc_read.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- enc_read.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- enc_read.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- enc_read.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- enc_read.o: ../../include/openssl/opensslconf.h
+- enc_read.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- enc_read.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- enc_read.o: ../cryptlib.h des_locl.h
+- enc_writ.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- enc_writ.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- enc_writ.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- enc_writ.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- enc_writ.o: ../../include/openssl/opensslconf.h
+- enc_writ.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- enc_writ.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- enc_writ.o: ../../include/openssl/symhacks.h ../cryptlib.h des_locl.h
+- fcrypt.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- fcrypt.o: ../../include/openssl/opensslconf.h des_locl.h
+- fcrypt_b.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- fcrypt_b.o: ../../include/openssl/opensslconf.h des_locl.h
+- ofb64ede.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- ofb64ede.o: ../../include/openssl/opensslconf.h des_locl.h
+- ofb64enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- ofb64enc.o: ../../include/openssl/opensslconf.h des_locl.h
+- ofb_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- ofb_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+- pcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- pcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+- qud_cksm.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+- rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+- read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
+- read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- read_pwd.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- read_pwd.o: ../../include/openssl/opensslconf.h
+- read_pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- read_pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- read_pwd.o: ../cryptlib.h des_locl.h
+- rpc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+- set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- set_key.o: ../../include/openssl/opensslconf.h des_locl.h
+- str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- str2key.o: ../../include/openssl/opensslconf.h des_locl.h
+- xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.ssl
+*** crypto/openssl/crypto/des/Makefile.ssl	Wed Jul  4 19:19:18 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.ssl	Thu Dec  5 16:51:02 2002
+***************
+*** 130,136 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 130,136 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 192,199 ****
+  qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+  rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+! read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+! read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
+  read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+--- 192,202 ----
+  qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+  rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+! read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+! read2pwd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+! read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! read2pwd.o: des_locl.h
+  read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+***************
+*** 206,212 ****
+  rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+  set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  set_key.o: ../../include/openssl/opensslconf.h des_locl.h
+! str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+! str2key.o: ../../include/openssl/opensslconf.h des_locl.h
+  xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+--- 209,218 ----
+  rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+  set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  set_key.o: ../../include/openssl/opensslconf.h des_locl.h
+! str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+! str2key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+! str2key.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! str2key.o: des_locl.h
+  xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.uni ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.uni
+*** crypto/openssl/crypto/des/Makefile.uni	Mon Jan 10 01:21:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.uni	Wed Dec 31 19:00:00 1969
+***************
+*** 1,251 ****
+- # You must select the correct terminal control system to be used to
+- # turn character echo off when reading passwords.  There a 5 systems
+- # SGTTY   - the old BSD system
+- # TERMIO  - most system V boxes
+- # TERMIOS - SGI (ala IRIX).
+- # VMS     - the DEC operating system
+- # MSDOS   - we all know what it is :-)
+- # read_pwd.c makes a reasonable guess at what is correct.
+- 
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- # make x86-elf  - linux-elf etc
+- # make x86-out  - linux-a.out, FreeBSD etc
+- # make x86-solaris
+- # make x86-bdsi
+- 
+- # If you are on a DEC Alpha, edit des.h and change the DES_LONG
+- # define to 'unsigned int'.  I have seen this give a %20 speedup.
+- 
+- OPTS0= -DRAND -DTERMIO #-DNOCONST
+- 
+- # Version 1.94 has changed the strings_to_key function so that it is
+- # now compatible with MITs when the string is longer than 8 characters.
+- # If you wish to keep the old version, uncomment the following line.
+- # This will affect the -E/-D options on des(1).
+- #OPTS1= -DOLD_STR_TO_KEY
+- 
+- # There are 4 possible performance options
+- # -DDES_PTR
+- # -DDES_RISC1
+- # -DDES_RISC2 (only one of DES_RISC1 and DES_RISC2)
+- # -DDES_UNROLL
+- # after the initial build, run 'des_opts' to see which options are best
+- # for your platform.  There are some listed in options.txt
+- #OPTS2= -DDES_PTR 
+- #OPTS3= -DDES_RISC1 # or DES_RISC2
+- #OPTS4= -DDES_UNROLL
+- 
+- OPTS= $(OPTS0) $(OPTS1) $(OPTS2) $(OPTS3) $(OPTS4)
+- 
+- MAKE=make -f Makefile
+- #CC=cc
+- #CFLAG= -O
+- 
+- CC=gcc
+- #CFLAG= -O4 -funroll-loops -fomit-frame-pointer
+- CFLAG= -O3 -fomit-frame-pointer
+- 
+- CFLAGS=$(OPTS) $(CFLAG)
+- CPP=$(CC) -E
+- AS=as
+- RANLIB=ranlib
+- 
+- # Assember version of des_encrypt*().
+- DES_ENC=des_enc.o fcrypt_b.o		# normal C version
+- #DES_ENC=asm/dx86-elf.o	asm/yx86-elf.o	# elf format x86
+- #DES_ENC=asm/dx86-out.o	asm/yx86-out.o	# a.out format x86
+- #DES_ENC=asm/dx86-sol.o	asm/yx86-sol.o	# solaris format x86 
+- #DES_ENC=asm/dx86bsdi.o	asm/yx86basi.o	# bsdi format x86 
+- 
+- LIBDIR=/usr/local/lib
+- BINDIR=/usr/local/bin
+- INCDIR=/usr/local/include
+- MANDIR=/usr/local/man
+- MAN1=1
+- MAN3=3
+- SHELL=/bin/sh
+- OBJ_LIT=cbc_enc.o ecb_enc.o $(DES_ENC) fcrypt.o set_key.o
+- OBJ_FULL=cbc_cksm.o $(OBJ_LIT) pcbc_enc.o \
+- 	xcbc_enc.o qud_cksm.o cbc3_enc.o \
+- 	cfb64ede.o cfb64enc.o cfb_enc.o ecb3_enc.o \
+- 	enc_read.o enc_writ.o ofb64ede.o ofb64enc.o ofb_enc.o  \
+- 	rand_key.o read_pwd.o read2pwd.o rpc_enc.o  str2key.o supp.o
+- 
+- GENERAL_LIT=COPYRIGHT INSTALL README VERSION Makefile des_crypt.man \
+- 	des.doc options.txt asm
+- GENERAL_FULL=$(GENERAL_LIT) FILES Imakefile times vms.com KERBEROS MODES.DES \
+- 	des.man DES.pm DES.pod DES.xs Makefile.PL dess.cpp des3s.cpp \
+- 	Makefile.uni typemap t Makefile.ssl makefile.bc Makefile.lit \
+- 	des.org des_locl.org
+- TESTING_LIT=	destest speed des_opts
+- TESTING_FULL=	rpw des $(TESTING_LIT)
+- TESTING_SRC_LIT=destest.c speed.c des_opts.c
+- TESTING_SRC_FULL=rpw.c des.c $(TESTING_SRC_LIT)
+- HEADERS_LIT=des_ver.h des.h des_locl.h podd.h sk.h spr.h
+- HEADERS_FULL= $(HEADERS_LIT) rpc_des.h
+- LIBDES_LIT=cbc_enc.c ecb_enc.c fcrypt.c set_key.c des_enc.c fcrypt_b.c
+- LIBDES_FULL= cbc_cksm.c pcbc_enc.c qud_cksm.c cbc3_enc.c \
+- 	cfb64ede.c cfb64enc.c cfb_enc.c ecb3_enc.c \
+- 	enc_read.c enc_writ.c ofb64ede.c ofb64enc.c ofb_enc.c  \
+- 	rand_key.c rpc_enc.c  str2key.c  supp.c \
+- 	xcbc_enc.c $(LIBDES_LIT) read_pwd.c read2pwd.c
+- 
+- PERL=	des.pl testdes.pl doIP doPC1 doPC2 PC1 PC2 shifts.pl
+- 
+- OBJ=	$(OBJ_FULL)
+- GENERAL=$(GENERAL_FULL)
+- TESTING=$(TESTING_FULL)
+- TESTING_SRC=$(TESTING_SRC_FULL)
+- HEADERS=$(HEADERS_FULL)
+- LIBDES=	$(LIBDES_FULL)
+- 
+- ALL=	$(GENERAL) $(TESTING_SRC) $(LIBDES) $(PERL) $(HEADERS)
+- 
+- DLIB=	libdes.a
+- 
+- all: $(DLIB) $(TESTING)
+- 
+- cc:
+- 	$(MAKE) CC=cc CFLAGS="-O $(OPTS) $(CFLAG)" all
+- 
+- gcc:
+- 	$(MAKE) CC=gcc CFLAGS="-O3 -fomit-frame-pointer $(OPTS) $(CFLAG)" all
+- 
+- x86-elf:
+- 	$(MAKE) DES_ENC='asm/dx86-elf.o asm/yx86-elf.o' CC=$(CC) CFLAGS="-DELF $(OPTS) $(CFLAG)" all
+- 
+- x86-out:
+- 	$(MAKE) DES_ENC='asm/dx86-out.o asm/yx86-out.o' CC=$(CC) CFLAGS="-DOUT $(OPTS) $(CFLAG)" all
+- 
+- x86-solaris:
+- 	$(MAKE) DES_ENC='asm/dx86-sol.o asm/yx86-sol.o' CC=$(CC) CFLAGS="-DSOL $(OPTS) $(CFLAG)" all
+- 
+- x86-bsdi:
+- 	$(MAKE) DES_ENC='asm/dx86bsdi.o asm/yx86bsdi.o' CC=$(CC) CFLAGS="-DBSDI $(OPTS) $(CFLAG)" all
+- 
+- # elf
+- asm/dx86-elf.o: asm/dx86unix.cpp
+- 	$(CPP) -DELF asm/dx86unix.cpp | $(AS) -o asm/dx86-elf.o
+- 
+- asm/yx86-elf.o: asm/yx86unix.cpp
+- 	$(CPP) -DELF asm/yx86unix.cpp | $(AS) -o asm/yx86-elf.o
+- 
+- # solaris
+- asm/dx86-sol.o: asm/dx86unix.cpp
+- 	$(CC) -E -DSOL asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+- 	as -o asm/dx86-sol.o asm/dx86-sol.s
+- 	rm -f asm/dx86-sol.s
+- 
+- asm/yx86-sol.o: asm/yx86unix.cpp
+- 	$(CC) -E -DSOL asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+- 	as -o asm/yx86-sol.o asm/yx86-sol.s
+- 	rm -f asm/yx86-sol.s
+- 
+- # a.out
+- asm/dx86-out.o: asm/dx86unix.cpp
+- 	$(CPP) -DOUT asm/dx86unix.cpp | $(AS) -o asm/dx86-out.o
+- 
+- asm/yx86-out.o: asm/yx86unix.cpp
+- 	$(CPP) -DOUT asm/yx86unix.cpp | $(AS) -o asm/yx86-out.o
+- 
+- # bsdi
+- asm/dx86bsdi.o: asm/dx86unix.cpp
+- 	$(CPP) -DBSDI asm/dx86unix.cpp | $(AS) -o asm/dx86bsdi.o
+- 
+- asm/yx86bsdi.o: asm/yx86unix.cpp
+- 	$(CPP) -DBSDI asm/yx86unix.cpp | $(AS) -o asm/yx86bsdi.o
+- 
+- asm/dx86unix.cpp:
+- 	(cd asm; perl des-586.pl cpp >dx86unix.cpp)
+- 
+- asm/yx86unix.cpp:
+- 	(cd asm; perl crypt586.pl cpp >yx86unix.cpp)
+- 
+- test:	all
+- 	./destest
+- 
+- $(DLIB): $(OBJ)
+- 	/bin/rm -f $(DLIB)
+- 	ar cr $(DLIB) $(OBJ)
+- 	$(RANLIB) $(DLIB)
+- 
+- des_opts: des_opts.o $(DLIB)
+- 	$(CC) $(CFLAGS) -o des_opts des_opts.o $(DLIB)
+- 
+- destest: destest.o $(DLIB)
+- 	$(CC) $(CFLAGS) -o destest destest.o $(DLIB)
+- 
+- rpw: rpw.o $(DLIB)
+- 	$(CC) $(CFLAGS) -o rpw rpw.o $(DLIB)
+- 
+- speed: speed.o $(DLIB)
+- 	$(CC) $(CFLAGS) -o speed speed.o $(DLIB)
+- 
+- des: des.o $(DLIB)
+- 	$(CC) $(CFLAGS) -o des des.o $(DLIB)
+- 
+- tags:
+- 	ctags $(TESTING_SRC) $(LIBDES)
+- 
+- tar_lit:
+- 	/bin/mv Makefile Makefile.tmp
+- 	/bin/cp Makefile.lit Makefile
+- 	for i in $(HEADERS_LIT) $(LIBDES_LIT) $(GENERAL_LIT) $(TESTING_SRC_LIT) ;\
+- 	do \
+- 		n="$$n des/$$i"; \
+- 	done; \
+- 	( cd .. ; tar chf - $$n )| gzip > libdes-l.tgz
+- 	/bin/rm -f Makefile
+- 	/bin/mv Makefile.tmp Makefile
+- 
+- tar:
+- 	mv Makefile Makefile.tmp
+- 	/bin/cp Makefile.uni Makefile
+- 	for i in $(ALL) ;\
+- 	do \
+- 		n="$$n des/$$i"; \
+- 	done; \
+- 	( cd .. ; tar chf - $$n )| gzip > libdes.tgz
+- 	/bin/rm -f Makefile
+- 	/bin/mv Makefile.tmp Makefile
+- 
+- shar:
+- 	shar $(ALL) >libdes.shar
+- 
+- depend:
+- 	makedepend $(LIBDES) $(TESTING_SRC)
+- 
+- clean:
+- 	/bin/rm -f *.o tags core $(TESTING) $(DLIB) .nfs* *.old *.bak asm/*.o 
+- 
+- dclean:
+- 	sed -e '/^# DO NOT DELETE THIS LINE/ q' Makefile >Makefile.new
+- 	mv -f Makefile.new Makefile
+- 
+- # Eric is probably going to choke when he next looks at this --tjh
+- install: des
+- 	if test $(INSTALLTOP); then \
+- 	    echo SSL style install; \
+- 	    cp $(DLIB) $(INSTALLTOP)/lib; \
+- 		$(RANLIB) $(DLIB); \
+- 	    chmod 644 $(INSTALLTOP)/lib/$(DLIB); \
+- 	    cp des.h $(INSTALLTOP)/include; \
+- 	    chmod 644 $(INSTALLTOP)/include/des.h; \
+- 	else \
+- 	    echo Standalone install; \
+- 	    cp $(DLIB) $(LIBDIR)/$(DLIB); \
+- 		$(RANLIB) $(DLIB); \
+- 	    chmod 644 $(LIBDIR)/$(DLIB); \
+- 	    cp des $(BINDIR)/des; \
+- 	    chmod 711 $(BINDIR)/des; \
+- 	    cp des_crypt.man $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+- 	    chmod 644 $(MANDIR)/man$(MAN3)/des_crypt.$(MAN3); \
+- 	    cp des.man $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+- 	    chmod 644 $(MANDIR)/man$(MAN1)/des.$(MAN1); \
+- 	    cp des.h $(INCDIR)/des.h; \
+- 	    chmod 644 $(INCDIR)/des.h; \
+- 	fi
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/PC1 ../RELENG_4_6/crypto/openssl/crypto/des/PC1
+*** crypto/openssl/crypto/des/PC1	Mon Jan 10 01:21:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/PC1	Wed Dec 31 19:00:00 1969
+***************
+*** 1,28 ****
+- #!/usr/local/bin/perl
+- 
+- @PC1=(  57,49,41,33,25,17, 9,
+- 	 1,58,50,42,34,26,18,
+- 	10, 2,59,51,43,35,27,
+- 	19,11, 3,60,52,44,36,
+- 	"-","-","-","-",
+- 	63,55,47,39,31,23,15,
+- 	 7,62,54,46,38,30,22,
+- 	14, 6,61,53,45,37,29,
+- 	21,13, 5,28,20,12, 4,
+- 	"-","-","-","-",
+- 	);
+- 
+- foreach (@PC1)
+- 	{
+- 	if ($_ ne "-")
+- 		{
+- 		$_--;
+- 		$_=int($_/8)*8+7-($_%8);
+- 		printf "%2d  ",$_;
+- 		}
+- 	else
+- 		{ print "--  "; }
+- 	print "\n" if (((++$i) % 8) == 0);
+- 	print "\n" if ((($i) % 32) == 0);
+- 	}
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/PC2 ../RELENG_4_6/crypto/openssl/crypto/des/PC2
+*** crypto/openssl/crypto/des/PC2	Mon Jan 10 01:21:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/PC2	Wed Dec 31 19:00:00 1969
+***************
+*** 1,57 ****
+- #!/usr/local/bin/perl
+- 
+- @PC2_C=(14,17,11,24, 1, 5,
+- 	 3,28,15, 6,21,10,
+- 	23,19,12, 4,26, 8,
+- 	16, 7,27,20,13, 2,
+- 	);
+- 
+- @PC2_D=(41,52,31,37,47,55,
+- 	30,40,51,45,33,48,
+- 	44,49,39,56,34,53,
+- 	46,42,50,36,29,32,
+- 	);
+- 
+- foreach (@PC2_C) {
+- 	if ($_ ne "-")
+- 		{
+- 		$_--;
+- 		printf "%2d  ",$_; }
+- 	else { print "--  "; }
+- 	$C{$_}=1;
+- 	print "\n" if (((++$i) % 8) == 0);
+- 	}
+- $i=0;
+- print "\n";
+- foreach (@PC2_D) {
+- 	if ($_ ne "-")
+- 		{
+- 		$_-=29;
+- 		printf "%2d  ",$_; }
+- 	else { print "--  "; }
+- 	$D{$_}=1;
+- 	print "\n" if (((++$i) % 8) == 0); }
+- 
+- print "\n";
+- foreach $i (0 .. 27)
+- 	{
+- 	$_=$C{$i};
+- 	if ($_ ne "-") {printf "%2d ",$_;}
+- 	else { print "--  "; }
+- 	print "\n" if (((++$i) % 8) == 0);
+- 	}
+- print "\n";
+- 
+- print "\n";
+- foreach $i (0 .. 27)
+- 	{
+- 	$_=$D{$i};
+- 	if ($_ ne "-") {printf "%2d  ",$_;}
+- 	else { print "--  "; }
+- 	print "\n" if (((++$i) % 8) == 0);
+- 	}
+- print "\n";
+- sub numsort
+- 	{
+- 	$a-$b;
+- 	}
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des.c ../RELENG_4_6/crypto/openssl/crypto/des/des.c
+*** crypto/openssl/crypto/des/des.c	Sun Nov 26 06:33:25 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/des.c	Fri Dec 27 20:46:21 2002
+***************
+*** 86,91 ****
+--- 86,92 ----
+  #endif
+  #include <sys/stat.h>
+  #endif
++ #include <openssl/crypto.h>
+  #include <openssl/des.h>
+  #include <openssl/rand.h>
+  
+***************
+*** 423,429 ****
+  				k2[i-8]=k;
+  			}
+  		des_set_key_unchecked(&k2,ks2);
+! 		memset(k2,0,sizeof(k2));
+  		}
+  	else if (longk || flag3)
+  		{
+--- 424,430 ----
+  				k2[i-8]=k;
+  			}
+  		des_set_key_unchecked(&k2,ks2);
+! 		OPENSSL_cleanse(k2,sizeof(k2));
+  		}
+  	else if (longk || flag3)
+  		{
+***************
+*** 431,437 ****
+  			{
+  			des_string_to_2keys(key,&kk,&k2);
+  			des_set_key_unchecked(&k2,ks2);
+! 			memset(k2,0,sizeof(k2));
+  			}
+  		else
+  			des_string_to_key(key,&kk);
+--- 432,438 ----
+  			{
+  			des_string_to_2keys(key,&kk,&k2);
+  			des_set_key_unchecked(&k2,ks2);
+! 			OPENSSL_cleanse(k2,sizeof(k2));
+  			}
+  		else
+  			des_string_to_key(key,&kk);
+***************
+*** 453,460 ****
+  			}
+  
+  	des_set_key_unchecked(&kk,ks);
+! 	memset(key,0,sizeof(key));
+! 	memset(kk,0,sizeof(kk));
+  	/* woops - A bug that does not showup under unix :-( */
+  	memset(iv,0,sizeof(iv));
+  	memset(iv2,0,sizeof(iv2));
+--- 454,461 ----
+  			}
+  
+  	des_set_key_unchecked(&kk,ks);
+! 	OPENSSL_cleanse(key,sizeof(key));
+! 	OPENSSL_cleanse(kk,sizeof(kk));
+  	/* woops - A bug that does not showup under unix :-( */
+  	memset(iv,0,sizeof(iv));
+  	memset(iv2,0,sizeof(iv2));
+***************
+*** 662,679 ****
+  		if (l) fclose(CKSUM_OUT);
+  		}
+  problems:
+! 	memset(buf,0,sizeof(buf));
+! 	memset(obuf,0,sizeof(obuf));
+! 	memset(ks,0,sizeof(ks));
+! 	memset(ks2,0,sizeof(ks2));
+! 	memset(iv,0,sizeof(iv));
+! 	memset(iv2,0,sizeof(iv2));
+! 	memset(kk,0,sizeof(kk));
+! 	memset(k2,0,sizeof(k2));
+! 	memset(uubuf,0,sizeof(uubuf));
+! 	memset(b,0,sizeof(b));
+! 	memset(bb,0,sizeof(bb));
+! 	memset(cksum,0,sizeof(cksum));
+  	if (Exit) EXIT(Exit);
+  	}
+  
+--- 663,680 ----
+  		if (l) fclose(CKSUM_OUT);
+  		}
+  problems:
+! 	OPENSSL_cleanse(buf,sizeof(buf));
+! 	OPENSSL_cleanse(obuf,sizeof(obuf));
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+! 	OPENSSL_cleanse(ks2,sizeof(ks2));
+! 	OPENSSL_cleanse(iv,sizeof(iv));
+! 	OPENSSL_cleanse(iv2,sizeof(iv2));
+! 	OPENSSL_cleanse(kk,sizeof(kk));
+! 	OPENSSL_cleanse(k2,sizeof(k2));
+! 	OPENSSL_cleanse(uubuf,sizeof(uubuf));
+! 	OPENSSL_cleanse(b,sizeof(b));
+! 	OPENSSL_cleanse(bb,sizeof(bb));
+! 	OPENSSL_cleanse(cksum,sizeof(cksum));
+  	if (Exit) EXIT(Exit);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des.h ../RELENG_4_6/crypto/openssl/crypto/des/des.h
+*** crypto/openssl/crypto/des/des.h	Wed Jul  4 19:19:18 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/des/des.h	Tue Jul 30 22:54:47 2002
+***************
+*** 190,196 ****
+  		  des_cblock *iv);
+  char *des_fcrypt(const char *buf,const char *salt, char *ret);
+  char *des_crypt(const char *buf,const char *salt);
+! #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+  char *crypt(const char *buf,const char *salt);
+  #endif
+  void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+--- 190,196 ----
+  		  des_cblock *iv);
+  char *des_fcrypt(const char *buf,const char *salt, char *ret);
+  char *des_crypt(const char *buf,const char *salt);
+! #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_UWIN)
+  char *crypt(const char *buf,const char *salt);
+  #endif
+  void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits,
+***************
+*** 205,214 ****
+  void des_init_random_number_generator(des_cblock *seed);
+  void des_rand_data(unsigned char *data, int size);
+  int des_random_key(des_cblock *ret);
+! int des_read_password(des_cblock *key,const char *prompt,int verify);
+  int des_read_2passwords(des_cblock *key1,des_cblock *key2,
+! 			const char *prompt,int verify);
+! int des_read_pw_string(char *buf,int length,const char *prompt,int verify);
+  void des_set_odd_parity(des_cblock *key);
+  int des_check_key_parity(const_des_cblock *key);
+  int des_is_weak_key(const_des_cblock *key);
+--- 205,214 ----
+  void des_init_random_number_generator(des_cblock *seed);
+  void des_rand_data(unsigned char *data, int size);
+  int des_random_key(des_cblock *ret);
+! int des_read_password(des_cblock *key,const char *_prompt,int verify);
+  int des_read_2passwords(des_cblock *key1,des_cblock *key2,
+! 			const char *_prompt,int verify);
+! int des_read_pw_string(char *buf,int length,const char *_prompt,int verify);
+  void des_set_odd_parity(des_cblock *key);
+  int des_check_key_parity(const_des_cblock *key);
+  int des_is_weak_key(const_des_cblock *key);
+***************
+*** 226,232 ****
+  		       int enc);
+  void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+  		       des_key_schedule schedule,des_cblock *ivec,int *num);
+! int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify);
+  
+  /* The following definitions provide compatibility with the MIT Kerberos
+   * library. The des_key_schedule structure is not binary compatible. */
+--- 226,232 ----
+  		       int enc);
+  void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length,
+  		       des_key_schedule schedule,des_cblock *ivec,int *num);
+! int des_read_pw(char *buf,char *buff,int size,const char *_prompt,int verify);
+  
+  /* The following definitions provide compatibility with the MIT Kerberos
+   * library. The des_key_schedule structure is not binary compatible. */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des.man ../RELENG_4_6/crypto/openssl/crypto/des/des.man
+*** crypto/openssl/crypto/des/des.man	Mon Jan 10 01:21:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/des.man	Wed Dec 31 19:00:00 1969
+***************
+*** 1,186 ****
+- .TH DES 1 
+- .SH NAME
+- des - encrypt or decrypt data using Data Encryption Standard
+- .SH SYNOPSIS
+- .B des
+- (
+- .B \-e
+- |
+- .B \-E
+- ) | (
+- .B \-d
+- |
+- .B \-D
+- ) | (
+- .B \-\fR[\fPcC\fR][\fPckname\fR]\fP
+- ) |
+- [
+- .B \-b3hfs
+- ] [
+- .B \-k
+- .I key
+- ]
+- ] [
+- .B \-u\fR[\fIuuname\fR]
+- [
+- .I input-file
+- [
+- .I output-file
+- ] ]
+- .SH DESCRIPTION
+- .B des
+- encrypts and decrypts data using the
+- Data Encryption Standard algorithm.
+- One of
+- .B \-e, \-E
+- (for encrypt) or
+- .B \-d, \-D
+- (for decrypt) must be specified.
+- It is also possible to use
+- .B \-c
+- or
+- .B \-C
+- in conjunction or instead of the a encrypt/decrypt option to generate
+- a 16 character hexadecimal checksum, generated via the
+- .I des_cbc_cksum.
+- .LP
+- Two standard encryption modes are supported by the
+- .B des
+- program, Cipher Block Chaining (the default) and Electronic Code Book
+- (specified with
+- .B \-b
+- ).
+- .LP
+- The key used for the DES
+- algorithm is obtained by prompting the user unless the
+- .B `\-k
+- .I key'
+- option is given.
+- If the key is an argument to the
+- .B des
+- command, it is potentially visible to users executing
+- .BR ps (1)
+- or a derivative.  To minimise this possibility,
+- .B des
+- takes care to destroy the key argument immediately upon entry.
+- If your shell keeps a history file be careful to make sure it is not
+- world readable.
+- .LP
+- Since this program attempts to maintain compatability with sunOS's
+- des(1) command, there are 2 different methods used to convert the user
+- supplied key to a des key.
+- Whenever and one or more of
+- .B \-E, \-D, \-C
+- or
+- .B \-3
+- options are used, the key conversion procedure will not be compatible
+- with the sunOS des(1) version but will use all the user supplied
+- character to generate the des key.
+- .B des
+- command reads from standard input unless
+- .I input-file
+- is specified and writes to standard output unless
+- .I output-file
+- is given.
+- .SH OPTIONS
+- .TP
+- .B \-b
+- Select ECB
+- (eight bytes at a time) encryption mode.
+- .TP
+- .B \-3
+- Encrypt using triple encryption.
+- By default triple cbc encryption is used but if the
+- .B \-b
+- option is used then triple ecb encryption is performed.
+- If the key is less than 8 characters long, the flag has no effect.
+- .TP
+- .B \-e
+- Encrypt data using an 8 byte key in a manner compatible with sunOS
+- des(1).
+- .TP
+- .B \-E
+- Encrypt data using a key of nearly unlimited length (1024 bytes).
+- This will product a more secure encryption.
+- .TP
+- .B \-d
+- Decrypt data that was encrypted with the \-e option.
+- .TP
+- .B \-D
+- Decrypt data that was encrypted with the \-E option.
+- .TP
+- .B \-c
+- Generate a 16 character hexadecimal cbc checksum and output this to
+- stderr.
+- If a filename was specified after the
+- .B \-c
+- option, the checksum is output to that file.
+- The checksum is generated using a key generated in a sunOS compatible
+- manner.
+- .TP
+- .B \-C
+- A cbc checksum is generated in the same manner as described for the
+- .B \-c
+- option but the DES key is generated in the same manner as used for the
+- .B \-E
+- and
+- .B \-D
+- options
+- .TP
+- .B \-f
+- Does nothing - allowed for compatibility with sunOS des(1) command.
+- .TP
+- .B \-s
+- Does nothing - allowed for compatibility with sunOS des(1) command.
+- .TP
+- .B "\-k \fIkey\fP"
+- Use the encryption 
+- .I key
+- specified.
+- .TP
+- .B "\-h"
+- The
+- .I key
+- is assumed to be a 16 character hexadecimal number.
+- If the
+- .B "\-3"
+- option is used the key is assumed to be a 32 character hexadecimal
+- number.
+- .TP
+- .B \-u
+- This flag is used to read and write uuencoded files.  If decrypting,
+- the input file is assumed to contain uuencoded, DES encrypted data.
+- If encrypting, the characters following the -u are used as the name of
+- the uuencoded file to embed in the begin line of the uuencoded
+- output.  If there is no name specified after the -u, the name text.des
+- will be embedded in the header.
+- .SH SEE ALSO
+- .B ps (1)
+- .B des_crypt(3)
+- .SH BUGS
+- .LP
+- The problem with using the
+- .B -e
+- option is the short key length.
+- It would be better to use a real 56-bit key rather than an
+- ASCII-based 56-bit pattern.  Knowing that the key was derived from ASCII
+- radically reduces the time necessary for a brute-force cryptographic attack.
+- My attempt to remove this problem is to add an alternative text-key to
+- DES-key function.  This alternative function (accessed via
+- .B -E, -D, -S
+- and
+- .B -3
+- )
+- uses DES to help generate the key.
+- .LP
+- Be carefully when using the -u option.  Doing des -ud <filename> will
+- not decrypt filename (the -u option will gobble the d option).
+- .LP
+- The VMS operating system operates in a world where files are always a
+- multiple of 512 bytes.  This causes problems when encrypted data is
+- send from unix to VMS since a 88 byte file will suddenly be padded
+- with 424 null bytes.  To get around this problem, use the -u option
+- to uuencode the data before it is send to the VMS system.
+- .SH AUTHOR
+- .LP
+- Eric Young (eay@cryptsoft.com)
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des.pl ../RELENG_4_6/crypto/openssl/crypto/des/des.pl
+*** crypto/openssl/crypto/des/des.pl	Mon Jan 10 01:21:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/des.pl	Wed Dec 31 19:00:00 1969
+***************
+*** 1,552 ****
+- #!/usr/local/bin/perl
+- # des.pl - eric young 22/11/1991 eay@cryptsoft.com
+- #
+- # Copyright (C) 1993 Eric Young
+- #
+- # 11 April 1996 - patched to circumvent Perl 5 (through 5.002) problem
+- #                 with sign-extension on right shift operations.
+- #                 Ed Kubaitis - ejk@uiuc.edu
+- #
+- # eay - 92/08/31 - I think I have fixed all problems for 64bit
+- # versions of perl but I could be wrong since I have not tested it yet :-).
+- #
+- # This is an implementation of DES in perl.
+- # The two routines (des_set_key and des_ecb_encrypt)
+- # take 8 byte objects as arguments.
+- #
+- # des_set_key takes an 8 byte string as a key and returns a key schedule
+- # for use in calls to des_ecb_encrypt.
+- # des_ecb_encrypt takes three arguments, the first is a key schedule
+- # (make sure to pass it by reference with the *), the second is 1
+- # to encrypt, 0 to decrypt.  The third argument is an 8 byte object
+- # to encrypt.  The function returns an 8 byte object that has been
+- # DES encrypted.
+- #
+- # example:
+- # require 'des.pl'
+- #
+- # $key =pack("C8",0x12,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
+- # @ks=  &des_set_key($key);
+- #
+- # $outbytes= &des_ecb_encrypt(*ks,1,$data);
+- # @enc =unpack("C8",$outbytes);
+- #
+-                  
+- package des;
+- 
+- eval("use integer;") if (int($]) > 4);
+- 
+- # The following 8 arrays are used in des_set_key
+- @skb0=(
+- # for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 
+- 0x00000000,0x00000010,0x20000000,0x20000010,
+- 0x00010000,0x00010010,0x20010000,0x20010010,
+- 0x00000800,0x00000810,0x20000800,0x20000810,
+- 0x00010800,0x00010810,0x20010800,0x20010810,
+- 0x00000020,0x00000030,0x20000020,0x20000030,
+- 0x00010020,0x00010030,0x20010020,0x20010030,
+- 0x00000820,0x00000830,0x20000820,0x20000830,
+- 0x00010820,0x00010830,0x20010820,0x20010830,
+- 0x00080000,0x00080010,0x20080000,0x20080010,
+- 0x00090000,0x00090010,0x20090000,0x20090010,
+- 0x00080800,0x00080810,0x20080800,0x20080810,
+- 0x00090800,0x00090810,0x20090800,0x20090810,
+- 0x00080020,0x00080030,0x20080020,0x20080030,
+- 0x00090020,0x00090030,0x20090020,0x20090030,
+- 0x00080820,0x00080830,0x20080820,0x20080830,
+- 0x00090820,0x00090830,0x20090820,0x20090830,
+- );
+- @skb1=(
+- # for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 
+- 0x00000000,0x02000000,0x00002000,0x02002000,
+- 0x00200000,0x02200000,0x00202000,0x02202000,
+- 0x00000004,0x02000004,0x00002004,0x02002004,
+- 0x00200004,0x02200004,0x00202004,0x02202004,
+- 0x00000400,0x02000400,0x00002400,0x02002400,
+- 0x00200400,0x02200400,0x00202400,0x02202400,
+- 0x00000404,0x02000404,0x00002404,0x02002404,
+- 0x00200404,0x02200404,0x00202404,0x02202404,
+- 0x10000000,0x12000000,0x10002000,0x12002000,
+- 0x10200000,0x12200000,0x10202000,0x12202000,
+- 0x10000004,0x12000004,0x10002004,0x12002004,
+- 0x10200004,0x12200004,0x10202004,0x12202004,
+- 0x10000400,0x12000400,0x10002400,0x12002400,
+- 0x10200400,0x12200400,0x10202400,0x12202400,
+- 0x10000404,0x12000404,0x10002404,0x12002404,
+- 0x10200404,0x12200404,0x10202404,0x12202404,
+- );
+- @skb2=(
+- # for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 
+- 0x00000000,0x00000001,0x00040000,0x00040001,
+- 0x01000000,0x01000001,0x01040000,0x01040001,
+- 0x00000002,0x00000003,0x00040002,0x00040003,
+- 0x01000002,0x01000003,0x01040002,0x01040003,
+- 0x00000200,0x00000201,0x00040200,0x00040201,
+- 0x01000200,0x01000201,0x01040200,0x01040201,
+- 0x00000202,0x00000203,0x00040202,0x00040203,
+- 0x01000202,0x01000203,0x01040202,0x01040203,
+- 0x08000000,0x08000001,0x08040000,0x08040001,
+- 0x09000000,0x09000001,0x09040000,0x09040001,
+- 0x08000002,0x08000003,0x08040002,0x08040003,
+- 0x09000002,0x09000003,0x09040002,0x09040003,
+- 0x08000200,0x08000201,0x08040200,0x08040201,
+- 0x09000200,0x09000201,0x09040200,0x09040201,
+- 0x08000202,0x08000203,0x08040202,0x08040203,
+- 0x09000202,0x09000203,0x09040202,0x09040203,
+- );
+- @skb3=(
+- # for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 
+- 0x00000000,0x00100000,0x00000100,0x00100100,
+- 0x00000008,0x00100008,0x00000108,0x00100108,
+- 0x00001000,0x00101000,0x00001100,0x00101100,
+- 0x00001008,0x00101008,0x00001108,0x00101108,
+- 0x04000000,0x04100000,0x04000100,0x04100100,
+- 0x04000008,0x04100008,0x04000108,0x04100108,
+- 0x04001000,0x04101000,0x04001100,0x04101100,
+- 0x04001008,0x04101008,0x04001108,0x04101108,
+- 0x00020000,0x00120000,0x00020100,0x00120100,
+- 0x00020008,0x00120008,0x00020108,0x00120108,
+- 0x00021000,0x00121000,0x00021100,0x00121100,
+- 0x00021008,0x00121008,0x00021108,0x00121108,
+- 0x04020000,0x04120000,0x04020100,0x04120100,
+- 0x04020008,0x04120008,0x04020108,0x04120108,
+- 0x04021000,0x04121000,0x04021100,0x04121100,
+- 0x04021008,0x04121008,0x04021108,0x04121108,
+- );
+- @skb4=(
+- # for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 
+- 0x00000000,0x10000000,0x00010000,0x10010000,
+- 0x00000004,0x10000004,0x00010004,0x10010004,
+- 0x20000000,0x30000000,0x20010000,0x30010000,
+- 0x20000004,0x30000004,0x20010004,0x30010004,
+- 0x00100000,0x10100000,0x00110000,0x10110000,
+- 0x00100004,0x10100004,0x00110004,0x10110004,
+- 0x20100000,0x30100000,0x20110000,0x30110000,
+- 0x20100004,0x30100004,0x20110004,0x30110004,
+- 0x00001000,0x10001000,0x00011000,0x10011000,
+- 0x00001004,0x10001004,0x00011004,0x10011004,
+- 0x20001000,0x30001000,0x20011000,0x30011000,
+- 0x20001004,0x30001004,0x20011004,0x30011004,
+- 0x00101000,0x10101000,0x00111000,0x10111000,
+- 0x00101004,0x10101004,0x00111004,0x10111004,
+- 0x20101000,0x30101000,0x20111000,0x30111000,
+- 0x20101004,0x30101004,0x20111004,0x30111004,
+- );
+- @skb5=(
+- # for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 
+- 0x00000000,0x08000000,0x00000008,0x08000008,
+- 0x00000400,0x08000400,0x00000408,0x08000408,
+- 0x00020000,0x08020000,0x00020008,0x08020008,
+- 0x00020400,0x08020400,0x00020408,0x08020408,
+- 0x00000001,0x08000001,0x00000009,0x08000009,
+- 0x00000401,0x08000401,0x00000409,0x08000409,
+- 0x00020001,0x08020001,0x00020009,0x08020009,
+- 0x00020401,0x08020401,0x00020409,0x08020409,
+- 0x02000000,0x0A000000,0x02000008,0x0A000008,
+- 0x02000400,0x0A000400,0x02000408,0x0A000408,
+- 0x02020000,0x0A020000,0x02020008,0x0A020008,
+- 0x02020400,0x0A020400,0x02020408,0x0A020408,
+- 0x02000001,0x0A000001,0x02000009,0x0A000009,
+- 0x02000401,0x0A000401,0x02000409,0x0A000409,
+- 0x02020001,0x0A020001,0x02020009,0x0A020009,
+- 0x02020401,0x0A020401,0x02020409,0x0A020409,
+- );
+- @skb6=(
+- # for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 
+- 0x00000000,0x00000100,0x00080000,0x00080100,
+- 0x01000000,0x01000100,0x01080000,0x01080100,
+- 0x00000010,0x00000110,0x00080010,0x00080110,
+- 0x01000010,0x01000110,0x01080010,0x01080110,
+- 0x00200000,0x00200100,0x00280000,0x00280100,
+- 0x01200000,0x01200100,0x01280000,0x01280100,
+- 0x00200010,0x00200110,0x00280010,0x00280110,
+- 0x01200010,0x01200110,0x01280010,0x01280110,
+- 0x00000200,0x00000300,0x00080200,0x00080300,
+- 0x01000200,0x01000300,0x01080200,0x01080300,
+- 0x00000210,0x00000310,0x00080210,0x00080310,
+- 0x01000210,0x01000310,0x01080210,0x01080310,
+- 0x00200200,0x00200300,0x00280200,0x00280300,
+- 0x01200200,0x01200300,0x01280200,0x01280300,
+- 0x00200210,0x00200310,0x00280210,0x00280310,
+- 0x01200210,0x01200310,0x01280210,0x01280310,
+- );
+- @skb7=(
+- # for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 
+- 0x00000000,0x04000000,0x00040000,0x04040000,
+- 0x00000002,0x04000002,0x00040002,0x04040002,
+- 0x00002000,0x04002000,0x00042000,0x04042000,
+- 0x00002002,0x04002002,0x00042002,0x04042002,
+- 0x00000020,0x04000020,0x00040020,0x04040020,
+- 0x00000022,0x04000022,0x00040022,0x04040022,
+- 0x00002020,0x04002020,0x00042020,0x04042020,
+- 0x00002022,0x04002022,0x00042022,0x04042022,
+- 0x00000800,0x04000800,0x00040800,0x04040800,
+- 0x00000802,0x04000802,0x00040802,0x04040802,
+- 0x00002800,0x04002800,0x00042800,0x04042800,
+- 0x00002802,0x04002802,0x00042802,0x04042802,
+- 0x00000820,0x04000820,0x00040820,0x04040820,
+- 0x00000822,0x04000822,0x00040822,0x04040822,
+- 0x00002820,0x04002820,0x00042820,0x04042820,
+- 0x00002822,0x04002822,0x00042822,0x04042822,
+- );
+- 
+- @shifts2=(0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0);
+- 
+- # used in ecb_encrypt
+- @SP0=(
+- 0x00410100, 0x00010000, 0x40400000, 0x40410100,
+- 0x00400000, 0x40010100, 0x40010000, 0x40400000,
+- 0x40010100, 0x00410100, 0x00410000, 0x40000100,
+- 0x40400100, 0x00400000, 0x00000000, 0x40010000,
+- 0x00010000, 0x40000000, 0x00400100, 0x00010100,
+- 0x40410100, 0x00410000, 0x40000100, 0x00400100,
+- 0x40000000, 0x00000100, 0x00010100, 0x40410000,
+- 0x00000100, 0x40400100, 0x40410000, 0x00000000,
+- 0x00000000, 0x40410100, 0x00400100, 0x40010000,
+- 0x00410100, 0x00010000, 0x40000100, 0x00400100,
+- 0x40410000, 0x00000100, 0x00010100, 0x40400000,
+- 0x40010100, 0x40000000, 0x40400000, 0x00410000,
+- 0x40410100, 0x00010100, 0x00410000, 0x40400100,
+- 0x00400000, 0x40000100, 0x40010000, 0x00000000,
+- 0x00010000, 0x00400000, 0x40400100, 0x00410100,
+- 0x40000000, 0x40410000, 0x00000100, 0x40010100,
+- );
+- @SP1=(
+- 0x08021002, 0x00000000, 0x00021000, 0x08020000,
+- 0x08000002, 0x00001002, 0x08001000, 0x00021000,
+- 0x00001000, 0x08020002, 0x00000002, 0x08001000,
+- 0x00020002, 0x08021000, 0x08020000, 0x00000002,
+- 0x00020000, 0x08001002, 0x08020002, 0x00001000,
+- 0x00021002, 0x08000000, 0x00000000, 0x00020002,
+- 0x08001002, 0x00021002, 0x08021000, 0x08000002,
+- 0x08000000, 0x00020000, 0x00001002, 0x08021002,
+- 0x00020002, 0x08021000, 0x08001000, 0x00021002,
+- 0x08021002, 0x00020002, 0x08000002, 0x00000000,
+- 0x08000000, 0x00001002, 0x00020000, 0x08020002,
+- 0x00001000, 0x08000000, 0x00021002, 0x08001002,
+- 0x08021000, 0x00001000, 0x00000000, 0x08000002,
+- 0x00000002, 0x08021002, 0x00021000, 0x08020000,
+- 0x08020002, 0x00020000, 0x00001002, 0x08001000,
+- 0x08001002, 0x00000002, 0x08020000, 0x00021000,
+- );
+- @SP2=(
+- 0x20800000, 0x00808020, 0x00000020, 0x20800020,
+- 0x20008000, 0x00800000, 0x20800020, 0x00008020,
+- 0x00800020, 0x00008000, 0x00808000, 0x20000000,
+- 0x20808020, 0x20000020, 0x20000000, 0x20808000,
+- 0x00000000, 0x20008000, 0x00808020, 0x00000020,
+- 0x20000020, 0x20808020, 0x00008000, 0x20800000,
+- 0x20808000, 0x00800020, 0x20008020, 0x00808000,
+- 0x00008020, 0x00000000, 0x00800000, 0x20008020,
+- 0x00808020, 0x00000020, 0x20000000, 0x00008000,
+- 0x20000020, 0x20008000, 0x00808000, 0x20800020,
+- 0x00000000, 0x00808020, 0x00008020, 0x20808000,
+- 0x20008000, 0x00800000, 0x20808020, 0x20000000,
+- 0x20008020, 0x20800000, 0x00800000, 0x20808020,
+- 0x00008000, 0x00800020, 0x20800020, 0x00008020,
+- 0x00800020, 0x00000000, 0x20808000, 0x20000020,
+- 0x20800000, 0x20008020, 0x00000020, 0x00808000,
+- );
+- @SP3=(
+- 0x00080201, 0x02000200, 0x00000001, 0x02080201,
+- 0x00000000, 0x02080000, 0x02000201, 0x00080001,
+- 0x02080200, 0x02000001, 0x02000000, 0x00000201,
+- 0x02000001, 0x00080201, 0x00080000, 0x02000000,
+- 0x02080001, 0x00080200, 0x00000200, 0x00000001,
+- 0x00080200, 0x02000201, 0x02080000, 0x00000200,
+- 0x00000201, 0x00000000, 0x00080001, 0x02080200,
+- 0x02000200, 0x02080001, 0x02080201, 0x00080000,
+- 0x02080001, 0x00000201, 0x00080000, 0x02000001,
+- 0x00080200, 0x02000200, 0x00000001, 0x02080000,
+- 0x02000201, 0x00000000, 0x00000200, 0x00080001,
+- 0x00000000, 0x02080001, 0x02080200, 0x00000200,
+- 0x02000000, 0x02080201, 0x00080201, 0x00080000,
+- 0x02080201, 0x00000001, 0x02000200, 0x00080201,
+- 0x00080001, 0x00080200, 0x02080000, 0x02000201,
+- 0x00000201, 0x02000000, 0x02000001, 0x02080200,
+- );
+- @SP4=(
+- 0x01000000, 0x00002000, 0x00000080, 0x01002084,
+- 0x01002004, 0x01000080, 0x00002084, 0x01002000,
+- 0x00002000, 0x00000004, 0x01000004, 0x00002080,
+- 0x01000084, 0x01002004, 0x01002080, 0x00000000,
+- 0x00002080, 0x01000000, 0x00002004, 0x00000084,
+- 0x01000080, 0x00002084, 0x00000000, 0x01000004,
+- 0x00000004, 0x01000084, 0x01002084, 0x00002004,
+- 0x01002000, 0x00000080, 0x00000084, 0x01002080,
+- 0x01002080, 0x01000084, 0x00002004, 0x01002000,
+- 0x00002000, 0x00000004, 0x01000004, 0x01000080,
+- 0x01000000, 0x00002080, 0x01002084, 0x00000000,
+- 0x00002084, 0x01000000, 0x00000080, 0x00002004,
+- 0x01000084, 0x00000080, 0x00000000, 0x01002084,
+- 0x01002004, 0x01002080, 0x00000084, 0x00002000,
+- 0x00002080, 0x01002004, 0x01000080, 0x00000084,
+- 0x00000004, 0x00002084, 0x01002000, 0x01000004,
+- );
+- @SP5=(
+- 0x10000008, 0x00040008, 0x00000000, 0x10040400,
+- 0x00040008, 0x00000400, 0x10000408, 0x00040000,
+- 0x00000408, 0x10040408, 0x00040400, 0x10000000,
+- 0x10000400, 0x10000008, 0x10040000, 0x00040408,
+- 0x00040000, 0x10000408, 0x10040008, 0x00000000,
+- 0x00000400, 0x00000008, 0x10040400, 0x10040008,
+- 0x10040408, 0x10040000, 0x10000000, 0x00000408,
+- 0x00000008, 0x00040400, 0x00040408, 0x10000400,
+- 0x00000408, 0x10000000, 0x10000400, 0x00040408,
+- 0x10040400, 0x00040008, 0x00000000, 0x10000400,
+- 0x10000000, 0x00000400, 0x10040008, 0x00040000,
+- 0x00040008, 0x10040408, 0x00040400, 0x00000008,
+- 0x10040408, 0x00040400, 0x00040000, 0x10000408,
+- 0x10000008, 0x10040000, 0x00040408, 0x00000000,
+- 0x00000400, 0x10000008, 0x10000408, 0x10040400,
+- 0x10040000, 0x00000408, 0x00000008, 0x10040008,
+- );
+- @SP6=(
+- 0x00000800, 0x00000040, 0x00200040, 0x80200000,
+- 0x80200840, 0x80000800, 0x00000840, 0x00000000,
+- 0x00200000, 0x80200040, 0x80000040, 0x00200800,
+- 0x80000000, 0x00200840, 0x00200800, 0x80000040,
+- 0x80200040, 0x00000800, 0x80000800, 0x80200840,
+- 0x00000000, 0x00200040, 0x80200000, 0x00000840,
+- 0x80200800, 0x80000840, 0x00200840, 0x80000000,
+- 0x80000840, 0x80200800, 0x00000040, 0x00200000,
+- 0x80000840, 0x00200800, 0x80200800, 0x80000040,
+- 0x00000800, 0x00000040, 0x00200000, 0x80200800,
+- 0x80200040, 0x80000840, 0x00000840, 0x00000000,
+- 0x00000040, 0x80200000, 0x80000000, 0x00200040,
+- 0x00000000, 0x80200040, 0x00200040, 0x00000840,
+- 0x80000040, 0x00000800, 0x80200840, 0x00200000,
+- 0x00200840, 0x80000000, 0x80000800, 0x80200840,
+- 0x80200000, 0x00200840, 0x00200800, 0x80000800,
+- );
+- @SP7=(
+- 0x04100010, 0x04104000, 0x00004010, 0x00000000,
+- 0x04004000, 0x00100010, 0x04100000, 0x04104010,
+- 0x00000010, 0x04000000, 0x00104000, 0x00004010,
+- 0x00104010, 0x04004010, 0x04000010, 0x04100000,
+- 0x00004000, 0x00104010, 0x00100010, 0x04004000,
+- 0x04104010, 0x04000010, 0x00000000, 0x00104000,
+- 0x04000000, 0x00100000, 0x04004010, 0x04100010,
+- 0x00100000, 0x00004000, 0x04104000, 0x00000010,
+- 0x00100000, 0x00004000, 0x04000010, 0x04104010,
+- 0x00004010, 0x04000000, 0x00000000, 0x00104000,
+- 0x04100010, 0x04004010, 0x04004000, 0x00100010,
+- 0x04104000, 0x00000010, 0x00100010, 0x04004000,
+- 0x04104010, 0x00100000, 0x04100000, 0x04000010,
+- 0x00104000, 0x00004010, 0x04004010, 0x04100000,
+- 0x00000010, 0x04104000, 0x00104010, 0x00000000,
+- 0x04000000, 0x04100010, 0x00004000, 0x00104010,
+- );
+- 
+- sub main'des_set_key
+- 	{
+- 	local($param)=@_;
+- 	local(@key);
+- 	local($c,$d,$i,$s,$t);
+- 	local(@ks)=();
+- 
+- 	# Get the bytes in the order we want.
+- 	@key=unpack("C8",$param);
+- 
+- 	$c=	($key[0]    )|
+- 		($key[1]<< 8)|
+- 		($key[2]<<16)|
+- 		($key[3]<<24);
+- 	$d=	($key[4]    )|
+- 		($key[5]<< 8)|
+- 		($key[6]<<16)|
+- 		($key[7]<<24);
+- 
+- 	&doPC1(*c,*d);
+- 
+- 	for $i (@shifts2)
+- 		{
+- 		if ($i)
+- 			{
+- 			$c=($c>>2)|($c<<26);
+- 			$d=($d>>2)|($d<<26);
+- 			}
+- 		else
+- 			{
+- 			$c=($c>>1)|($c<<27);
+- 			$d=($d>>1)|($d<<27);
+- 			}
+- 		$c&=0x0fffffff;
+- 		$d&=0x0fffffff;
+- 		$s=	$skb0[ ($c    )&0x3f                 ]|
+- 			$skb1[(($c>> 6)&0x03)|(($c>> 7)&0x3c)]|
+- 			$skb2[(($c>>13)&0x0f)|(($c>>14)&0x30)]|
+- 			$skb3[(($c>>20)&0x01)|(($c>>21)&0x06) |
+- 					     (($c>>22)&0x38)];
+- 		$t=     $skb4[ ($d    )&0x3f                ]|
+- 			$skb5[(($d>> 7)&0x03)|(($d>> 8)&0x3c)]|
+- 			$skb6[ ($d>>15)&0x3f                 ]|
+- 			$skb7[(($d>>21)&0x0f)|(($d>>22)&0x30)];
+- 		push(@ks,(($t<<16)|($s&0x0000ffff))&0xffffffff);
+- 		$s=      (($s>>16)&0x0000ffff)|($t&0xffff0000) ;
+- 		push(@ks,(($s<<4)|(($s>>28)&0xf))&0xffffffff);
+- 		}
+- 	@ks;
+- 	}
+- 
+- sub doPC1
+- 	{
+- 	local(*a,*b)=@_;
+- 	local($t);
+- 
+- 	$t=(($b>>4)^$a)&0x0f0f0f0f;
+- 	$b^=($t<<4); $a^=$t;
+- 	# do $a first 
+- 	$t=(($a<<18)^$a)&0xcccc0000;
+- 	$a=$a^$t^(($t>>18)&0x00003fff);
+- 	$t=(($a<<17)^$a)&0xaaaa0000;
+- 	$a=$a^$t^(($t>>17)&0x00007fff);
+- 	$t=(($a<< 8)^$a)&0x00ff0000;
+- 	$a=$a^$t^(($t>> 8)&0x00ffffff);
+- 	$t=(($a<<17)^$a)&0xaaaa0000;
+- 	$a=$a^$t^(($t>>17)&0x00007fff);
+- 
+- 	# now do $b
+- 	$t=(($b<<24)^$b)&0xff000000;
+- 	$b=$b^$t^(($t>>24)&0x000000ff);
+- 	$t=(($b<< 8)^$b)&0x00ff0000;
+- 	$b=$b^$t^(($t>> 8)&0x00ffffff);
+- 	$t=(($b<<14)^$b)&0x33330000;
+- 	$b=$b^$t^(($t>>14)&0x0003ffff);
+- 	$b=(($b&0x00aa00aa)<<7)|(($b&0x55005500)>>7)|($b&0xaa55aa55);
+- 	$b=(($b>>8)&0x00ffffff)|((($a&0xf0000000)>>4)&0x0fffffff);
+- 	$a&=0x0fffffff;
+- 	}
+- 
+- sub doIP
+- 	{
+- 	local(*a,*b)=@_;
+- 	local($t);
+- 
+- 	$t=(($b>> 4)^$a)&0x0f0f0f0f;
+- 	$b^=($t<< 4); $a^=$t;
+- 	$t=(($a>>16)^$b)&0x0000ffff;
+- 	$a^=($t<<16); $b^=$t;
+- 	$t=(($b>> 2)^$a)&0x33333333;
+- 	$b^=($t<< 2); $a^=$t;
+- 	$t=(($a>> 8)^$b)&0x00ff00ff;
+- 	$a^=($t<< 8); $b^=$t;
+- 	$t=(($b>> 1)^$a)&0x55555555;
+- 	$b^=($t<< 1); $a^=$t;
+- 	$t=$a;
+- 	$a=$b&0xffffffff;
+- 	$b=$t&0xffffffff;
+- 	}
+- 
+- sub doFP
+- 	{
+- 	local(*a,*b)=@_;
+- 	local($t);
+- 
+- 	$t=(($b>> 1)^$a)&0x55555555;
+- 	$b^=($t<< 1); $a^=$t;
+- 	$t=(($a>> 8)^$b)&0x00ff00ff;
+- 	$a^=($t<< 8); $b^=$t;
+- 	$t=(($b>> 2)^$a)&0x33333333;
+- 	$b^=($t<< 2); $a^=$t;
+- 	$t=(($a>>16)^$b)&0x0000ffff;
+- 	$a^=($t<<16); $b^=$t;
+- 	$t=(($b>> 4)^$a)&0x0f0f0f0f;
+- 	$b^=($t<< 4); $a^=$t;
+- 	$a&=0xffffffff;
+- 	$b&=0xffffffff;
+- 	}
+- 
+- sub main'des_ecb_encrypt
+- 	{
+- 	local(*ks,$encrypt,$in)=@_;
+- 	local($l,$r,$i,$t,$u,@input);
+- 	
+- 	@input=unpack("C8",$in);
+- 	# Get the bytes in the order we want.
+- 	$l=	($input[0]    )|
+- 		($input[1]<< 8)|
+- 		($input[2]<<16)|
+- 		($input[3]<<24);
+- 	$r=	($input[4]    )|
+- 		($input[5]<< 8)|
+- 		($input[6]<<16)|
+- 		($input[7]<<24);
+- 
+- 	$l&=0xffffffff;
+- 	$r&=0xffffffff;
+- 	&doIP(*l,*r);
+- 	if ($encrypt)
+- 		{
+- 		for ($i=0; $i<32; $i+=4)
+- 			{
+- 			$t=((($r&0x7fffffff)<<1)|(($r>>31)&0x00000001));
+- 			$u=$t^$ks[$i  ];
+- 			$t=$t^$ks[$i+1];
+- 			$t2=(($t&0x0000000f)<<28);
+- 
+- 			$t=((($t>>4)&0x0fffffff)|(($t&0x0000000f)<<28));
+- 			$l^=	$SP1[ $t     &0x3f]|
+- 				$SP3[($t>> 8)&0x3f]|
+- 				$SP5[($t>>16)&0x3f]|
+- 				$SP7[($t>>24)&0x3f]|
+- 				$SP0[ $u     &0x3f]|
+- 				$SP2[($u>> 8)&0x3f]|
+- 				$SP4[($u>>16)&0x3f]|
+- 				$SP6[($u>>24)&0x3f];
+- 
+- 			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
+- 			$u=$t^$ks[$i+2];
+- 			$t=$t^$ks[$i+3];
+- 			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+- 			$r^=	$SP1[ $t     &0x3f]|
+- 				$SP3[($t>> 8)&0x3f]|
+- 				$SP5[($t>>16)&0x3f]|
+- 				$SP7[($t>>24)&0x3f]|
+- 				$SP0[ $u     &0x3f]|
+- 				$SP2[($u>> 8)&0x3f]|
+- 				$SP4[($u>>16)&0x3f]|
+- 				$SP6[($u>>24)&0x3f];
+- 			}
+- 		}
+- 	else	
+- 		{
+- 		for ($i=30; $i>0; $i-=4)
+- 			{
+- 			$t=(($r<<1)|(($r>>31)&0x1))&0xffffffff;
+- 			$u=$t^$ks[$i  ];
+- 			$t=$t^$ks[$i+1];
+- 			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+- 			$l^=	$SP1[ $t     &0x3f]|
+- 				$SP3[($t>> 8)&0x3f]|
+- 				$SP5[($t>>16)&0x3f]|
+- 				$SP7[($t>>24)&0x3f]|
+- 				$SP0[ $u     &0x3f]|
+- 				$SP2[($u>> 8)&0x3f]|
+- 				$SP4[($u>>16)&0x3f]|
+- 				$SP6[($u>>24)&0x3f];
+- 
+- 			$t=(($l<<1)|(($l>>31)&0x1))&0xffffffff;
+- 			$u=$t^$ks[$i-2];
+- 			$t=$t^$ks[$i-1];
+- 			$t=((($t>>4)&0x0fffffff)|($t<<28))&0xffffffff;
+- 			$r^=	$SP1[ $t     &0x3f]|
+- 				$SP3[($t>> 8)&0x3f]|
+- 				$SP5[($t>>16)&0x3f]|
+- 				$SP7[($t>>24)&0x3f]|
+- 				$SP0[ $u     &0x3f]|
+- 				$SP2[($u>> 8)&0x3f]|
+- 				$SP4[($u>>16)&0x3f]|
+- 				$SP6[($u>>24)&0x3f];
+- 			}
+- 		}
+- 	&doFP(*l,*r);
+- 	pack("C8",$l&0xff, 
+- 	          ($l>> 8)&0x00ffffff,
+- 	          ($l>>16)&0x0000ffff,
+- 		  ($l>>24)&0x000000ff,
+- 		  $r&0xff,
+- 	          ($r>> 8)&0x00ffffff,
+- 	          ($r>>16)&0x0000ffff,
+- 		  ($r>>24)&0x000000ff);
+- 	}
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des_crypt.man ../RELENG_4_6/crypto/openssl/crypto/des/des_crypt.man
+*** crypto/openssl/crypto/des/des_crypt.man	Wed Jul  4 19:19:18 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/des/des_crypt.man	Wed Dec 31 19:00:00 1969
+***************
+*** 1,509 ****
+- .\" $FreeBSD: src/crypto/openssl/crypto/des/des_crypt.man,v 1.2.2.2 2001/07/04 23:19:18 kris Exp $
+- .TH DES_CRYPT 3 
+- .SH NAME
+- des_read_password, des_read_2password,
+- des_string_to_key, des_string_to_2key, des_read_pw_string,
+- des_random_key, des_set_key,
+- des_key_sched, des_ecb_encrypt, des_ecb3_encrypt, des_cbc_encrypt,
+- des_3cbc_encrypt,
+- des_pcbc_encrypt, des_cfb_encrypt, des_ofb_encrypt,
+- des_cbc_cksum, des_quad_cksum,
+- des_enc_read, des_enc_write, des_set_odd_parity,
+- des_is_weak_key, crypt \- (non USA) DES encryption
+- .SH SYNOPSIS
+- .nf
+- .nj
+- .ft B
+- #include <openssl/des.h>
+- .PP
+- .B int des_read_password(key,prompt,verify)
+- des_cblock *key;
+- char *prompt;
+- int verify;
+- .PP
+- .B int des_read_2password(key1,key2,prompt,verify)
+- des_cblock *key1,*key2;
+- char *prompt;
+- int verify;
+- .PP
+- .B int des_string_to_key(str,key)
+- char *str;
+- des_cblock *key;
+- .PP
+- .B int des_string_to_2keys(str,key1,key2)
+- char *str;
+- des_cblock *key1,*key2;
+- .PP
+- .B int des_read_pw_string(buf,length,prompt,verify)
+- char *buf;
+- int length;
+- char *prompt;
+- int verify;
+- .PP
+- .B int des_random_key(key)
+- des_cblock *key;
+- .PP
+- .B int des_set_key(key,schedule)
+- des_cblock *key;
+- des_key_schedule schedule;
+- .PP
+- .B int des_key_sched(key,schedule)
+- des_cblock *key;
+- des_key_schedule schedule;
+- .PP
+- .B int des_ecb_encrypt(input,output,schedule,encrypt)
+- des_cblock *input;
+- des_cblock *output;
+- des_key_schedule schedule;
+- int encrypt;
+- .PP
+- .B int des_ecb3_encrypt(input,output,ks1,ks2,encrypt)
+- des_cblock *input;
+- des_cblock *output;
+- des_key_schedule ks1,ks2;
+- int encrypt;
+- .PP
+- .B int des_cbc_encrypt(input,output,length,schedule,ivec,encrypt)
+- des_cblock *input;
+- des_cblock *output;
+- long length;
+- des_key_schedule schedule;
+- des_cblock *ivec;
+- int encrypt;
+- .PP
+- .B int des_3cbc_encrypt(input,output,length,sk1,sk2,ivec1,ivec2,encrypt)
+- des_cblock *input;
+- des_cblock *output;
+- long length;
+- des_key_schedule sk1;
+- des_key_schedule sk2;
+- des_cblock *ivec1;
+- des_cblock *ivec2;
+- int encrypt;
+- .PP
+- .B int des_pcbc_encrypt(input,output,length,schedule,ivec,encrypt)
+- des_cblock *input;
+- des_cblock *output;
+- long length;
+- des_key_schedule schedule;
+- des_cblock *ivec;
+- int encrypt;
+- .PP
+- .B int des_cfb_encrypt(input,output,numbits,length,schedule,ivec,encrypt)
+- unsigned char *input;
+- unsigned char *output;
+- int numbits;
+- long length;
+- des_key_schedule schedule;
+- des_cblock *ivec;
+- int encrypt;
+- .PP
+- .B int des_ofb_encrypt(input,output,numbits,length,schedule,ivec)
+- unsigned char *input,*output;
+- int numbits;
+- long length;
+- des_key_schedule schedule;
+- des_cblock *ivec;
+- .PP
+- .B unsigned long des_cbc_cksum(input,output,length,schedule,ivec)
+- des_cblock *input;
+- des_cblock *output;
+- long length;
+- des_key_schedule schedule;
+- des_cblock *ivec;
+- .PP
+- .B unsigned long des_quad_cksum(input,output,length,out_count,seed)
+- des_cblock *input;
+- des_cblock *output;
+- long length;
+- int out_count;
+- des_cblock *seed;
+- .PP
+- .B int des_check_key;
+- .PP
+- .B int des_enc_read(fd,buf,len,sched,iv)
+- int fd;
+- char *buf;
+- int len;
+- des_key_schedule sched;
+- des_cblock *iv;
+- .PP
+- .B int des_enc_write(fd,buf,len,sched,iv)
+- int fd;
+- char *buf;
+- int len;
+- des_key_schedule sched;
+- des_cblock *iv;
+- .PP
+- .B extern int des_rw_mode;
+- .PP
+- .B void des_set_odd_parity(key)
+- des_cblock *key;
+- .PP
+- .B int des_is_weak_key(key)
+- des_cblock *key;
+- .PP
+- .B char *crypt(passwd,salt)
+- char *passwd;
+- char *salt;
+- .PP
+- .fi
+- .SH DESCRIPTION
+- This library contains a fast implementation of the DES encryption
+- algorithm.
+- .PP
+- There are two phases to the use of DES encryption.
+- The first is the generation of a
+- .I des_key_schedule
+- from a key,
+- the second is the actual encryption.
+- A des key is of type
+- .I des_cblock.
+- This type is made from 8 characters with odd parity.
+- The least significant bit in the character is the parity bit.
+- The key schedule is an expanded form of the key; it is used to speed the
+- encryption process.
+- .PP
+- .I des_read_password
+- writes the string specified by prompt to the standard output,
+- turns off echo and reads an input string from standard input
+- until terminated with a newline.
+- If verify is non-zero, it prompts and reads the input again and verifies
+- that both entered passwords are the same.
+- The entered string is converted into a des key by using the
+- .I des_string_to_key
+- routine.
+- The new key is placed in the
+- .I des_cblock
+- that was passed (by reference) to the routine.
+- If there were no errors,
+- .I des_read_password
+- returns 0,
+- -1 is returned if there was a terminal error and 1 is returned for
+- any other error.
+- .PP
+- .I des_read_2password
+- operates in the same way as
+- .I des_read_password
+- except that it generates 2 keys by using the
+- .I des_string_to_2key
+- function.
+- .PP
+- .I des_read_pw_string
+- is called by
+- .I des_read_password
+- to read and verify a string from a terminal device.
+- The string is returned in
+- .I buf.
+- The size of
+- .I buf
+- is passed to the routine via the
+- .I length
+- parameter.
+- .PP
+- .I des_string_to_key
+- converts a string into a valid des key.
+- .PP
+- .I des_string_to_2key
+- converts a string into 2 valid des keys.
+- This routine is best suited for used to generate keys for use with
+- .I des_ecb3_encrypt.
+- .PP
+- .I des_random_key
+- returns a random key that is made of a combination of process id,
+- time and an increasing counter.
+- .PP
+- Before a des key can be used it is converted into a
+- .I des_key_schedule
+- via the
+- .I des_set_key
+- routine.
+- If the
+- .I des_check_key
+- flag is non-zero,
+- .I des_set_key
+- will check that the key passed is of odd parity and is not a week or
+- semi-weak key.
+- If the parity is wrong,
+- then -1 is returned.
+- If the key is a weak key,
+- then -2 is returned.
+- If an error is returned,
+- the key schedule is not generated.
+- .PP
+- .I des_key_sched
+- is another name for the
+- .I des_set_key
+- function.
+- .PP
+- The following routines mostly operate on an input and output stream of
+- .I des_cblock's.
+- .PP
+- .I des_ecb_encrypt
+- is the basic DES encryption routine that encrypts or decrypts a single 8-byte
+- .I des_cblock
+- in
+- .I electronic code book
+- mode.
+- It always transforms the input data, pointed to by
+- .I input,
+- into the output data,
+- pointed to by the
+- .I output
+- argument.
+- If the
+- .I encrypt
+- argument is non-zero (DES_ENCRYPT),
+- the
+- .I input
+- (cleartext) is encrypted in to the
+- .I output
+- (ciphertext) using the key_schedule specified by the
+- .I schedule
+- argument,
+- previously set via
+- .I des_set_key.
+- If
+- .I encrypt
+- is zero (DES_DECRYPT),
+- the
+- .I input
+- (now ciphertext)
+- is decrypted into the
+- .I output
+- (now cleartext).
+- Input and output may overlap.
+- No meaningful value is returned.
+- .PP
+- .I des_ecb3_encrypt
+- encrypts/decrypts the
+- .I input
+- block by using triple ecb DES encryption.
+- This involves encrypting the input with 
+- .I ks1,
+- decryption with the key schedule
+- .I ks2,
+- and then encryption with the first again.
+- This routine greatly reduces the chances of brute force breaking of
+- DES and has the advantage of if
+- .I ks1
+- and
+- .I ks2
+- are the same, it is equivalent to just encryption using ecb mode and
+- .I ks1
+- as the key.
+- .PP
+- .I des_cbc_encrypt
+- encrypts/decrypts using the
+- .I cipher-block-chaining
+- mode of DES.
+- If the
+- .I encrypt
+- argument is non-zero,
+- the routine cipher-block-chain encrypts the cleartext data pointed to by the
+- .I input
+- argument into the ciphertext pointed to by the
+- .I output
+- argument,
+- using the key schedule provided by the
+- .I schedule
+- argument,
+- and initialisation vector provided by the
+- .I ivec
+- argument.
+- If the
+- .I length
+- argument is not an integral multiple of eight bytes, 
+- the last block is copied to a temporary area and zero filled.
+- The output is always
+- an integral multiple of eight bytes.
+- To make multiple cbc encrypt calls on a large amount of data appear to
+- be one 
+- .I des_cbc_encrypt
+- call, the
+- .I ivec
+- of subsequent calls should be the last 8 bytes of the output.
+- .PP
+- .I des_3cbc_encrypt
+- encrypts/decrypts the
+- .I input
+- block by using triple cbc DES encryption.
+- This involves encrypting the input with key schedule
+- .I ks1,
+- decryption with the key schedule
+- .I ks2,
+- and then encryption with the first again.
+- 2 initialisation vectors are required,
+- .I ivec1
+- and
+- .I ivec2.
+- Unlike
+- .I des_cbc_encrypt,
+- these initialisation vectors are modified by the subroutine.
+- This routine greatly reduces the chances of brute force breaking of
+- DES and has the advantage of if
+- .I ks1
+- and
+- .I ks2
+- are the same, it is equivalent to just encryption using cbc mode and
+- .I ks1
+- as the key.
+- .PP
+- .I des_pcbc_encrypt
+- encrypt/decrypts using a modified block chaining mode.
+- It provides better error propagation characteristics than cbc
+- encryption.
+- .PP
+- .I des_cfb_encrypt
+- encrypt/decrypts using cipher feedback mode.  This method takes an
+- array of characters as input and outputs and array of characters.  It
+- does not require any padding to 8 character groups.  Note: the ivec
+- variable is changed and the new changed value needs to be passed to
+- the next call to this function.  Since this function runs a complete
+- DES ecb encryption per numbits, this function is only suggested for
+- use when sending small numbers of characters.
+- .PP
+- .I des_ofb_encrypt
+- encrypt using output feedback mode.  This method takes an
+- array of characters as input and outputs and array of characters.  It
+- does not require any padding to 8 character groups.  Note: the ivec
+- variable is changed and the new changed value needs to be passed to
+- the next call to this function.  Since this function runs a complete
+- DES ecb encryption per numbits, this function is only suggested for
+- use when sending small numbers of characters.
+- .PP
+- .I des_cbc_cksum
+- produces an 8 byte checksum based on the input stream (via cbc encryption).
+- The last 4 bytes of the checksum is returned and the complete 8 bytes is
+- placed in
+- .I output.
+- .PP
+- .I des_quad_cksum
+- returns a 4 byte checksum from the input bytes.
+- The algorithm can be iterated over the input,
+- depending on
+- .I out_count,
+- 1, 2, 3 or 4 times.
+- If
+- .I output
+- is non-NULL,
+- the 8 bytes generated by each pass are written into
+- .I output.
+- .PP
+- .I des_enc_write
+- is used to write
+- .I len
+- bytes
+- to file descriptor
+- .I fd
+- from buffer
+- .I buf.
+- The data is encrypted via
+- .I pcbc_encrypt
+- (default) using
+- .I sched
+- for the key and
+- .I iv
+- as a starting vector.
+- The actual data send down
+- .I fd
+- consists of 4 bytes (in network byte order) containing the length of the
+- following encrypted data.  The encrypted data then follows, padded with random
+- data out to a multiple of 8 bytes.
+- .PP
+- .I des_enc_read
+- is used to read
+- .I len
+- bytes
+- from file descriptor
+- .I fd
+- into buffer
+- .I buf.
+- The data being read from
+- .I fd
+- is assumed to have come from
+- .I des_enc_write
+- and is decrypted using
+- .I sched
+- for the key schedule and
+- .I iv
+- for the initial vector.
+- The
+- .I des_enc_read/des_enc_write
+- pair can be used to read/write to files, pipes and sockets.
+- I have used them in implementing a version of rlogin in which all
+- data is encrypted.
+- .PP
+- .I des_rw_mode
+- is used to specify the encryption mode to use with 
+- .I des_enc_read
+- and 
+- .I des_end_write.
+- If set to
+- .I DES_PCBC_MODE
+- (the default), des_pcbc_encrypt is used.
+- If set to
+- .I DES_CBC_MODE
+- des_cbc_encrypt is used.
+- These two routines and the variable are not part of the normal MIT library.
+- .PP
+- .I des_set_odd_parity
+- sets the parity of the passed
+- .I key
+- to odd.  This routine is not part of the standard MIT library.
+- .PP
+- .I des_is_weak_key
+- returns 1 is the passed key is a weak key (pick again :-),
+- 0 if it is ok.
+- This routine is not part of the standard MIT library.
+- .PP
+- .I crypt
+- is a replacement for the normal system crypt.
+- It is much faster than the system crypt.
+- .PP
+- .SH FILES
+- /usr/include/openssl/des.h
+- .br
+- /usr/lib/libcrypto.a
+- .PP
+- The encryption routines have been tested on 16bit, 32bit and 64bit
+- machines of various endian and even works under VMS.
+- .PP
+- .SH BUGS
+- .PP
+- If you think this manual is sparse,
+- read the des_crypt(3) manual from the MIT kerberos (or bones outside
+- of the USA) distribution.
+- .PP
+- .I des_cfb_encrypt
+- and
+- .I des_ofb_encrypt
+- operates on input of 8 bits.  What this means is that if you set
+- numbits to 12, and length to 2, the first 12 bits will come from the 1st
+- input byte and the low half of the second input byte.  The second 12
+- bits will have the low 8 bits taken from the 3rd input byte and the
+- top 4 bits taken from the 4th input byte.  The same holds for output.
+- This function has been implemented this way because most people will
+- be using a multiple of 8 and because once you get into pulling bytes input
+- bytes apart things get ugly!
+- .PP
+- .I des_read_pw_string
+- is the most machine/OS dependent function and normally generates the
+- most problems when porting this code.
+- .PP
+- .I des_string_to_key
+- is probably different from the MIT version since there are lots
+- of fun ways to implement one-way encryption of a text string.
+- .PP
+- The routines are optimised for 32 bit machines and so are not efficient
+- on IBM PCs.
+- .PP
+- NOTE: extensive work has been done on this library since this document
+- was origionally written.  Please try to read des.doc from the libdes
+- distribution since it is far more upto date and documents more of the
+- functions.  Libdes is now also being shipped as part of SSLeay, a
+- general cryptographic library that amonst other things implements
+- netscapes SSL protocoll.  The most recent version can be found in
+- SSLeay distributions.
+- .SH AUTHOR
+- Eric Young (eay@cryptsoft.com)
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/doIP ../RELENG_4_6/crypto/openssl/crypto/des/doIP
+*** crypto/openssl/crypto/des/doIP	Mon Jan 10 01:21:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/doIP	Wed Dec 31 19:00:00 1969
+***************
+*** 1,46 ****
+- #!/usr/local/bin/perl
+- 
+- @l=(
+- 	 0, 1, 2, 3, 4, 5, 6, 7,
+- 	 8, 9,10,11,12,13,14,15,
+- 	16,17,18,19,20,21,22,23,
+- 	24,25,26,27,28,29,30,31
+- 	);
+- @r=(
+- 	32,33,34,35,36,37,38,39,
+- 	40,41,42,43,44,45,46,47,
+- 	48,49,50,51,52,53,54,55,
+- 	56,57,58,59,60,61,62,63
+- 	);
+- 
+- require 'shifts.pl';
+- 
+- sub PERM_OP
+- 	{
+- 	local(*a,*b,*t,$n,$m)=@_;
+- 
+- 	@z=&shift(*a,-$n);
+- 	@z=&xor(*b,*z);
+- 	@z=&and(*z,$m);
+- 	@b=&xor(*b,*z);
+- 	@z=&shift(*z,$n);
+- 	@a=&xor(*a,*z);
+- 	}
+- 
+- 
+- @L=@l;
+- @R=@r;
+- &PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+- &PERM_OP(*L,*R,*T,16,0x0000ffff);
+- &PERM_OP(*R,*L,*T,2,0x33333333);
+- &PERM_OP(*L,*R,*T,8,0x00ff00ff);
+- &PERM_OP(*R,*L,*T,1,0x55555555);
+- 	&printit(@L);
+- 	&printit(@R);
+- &PERM_OP(*R,*L,*T,1,0x55555555);
+- &PERM_OP(*L,*R,*T,8,0x00ff00ff);
+- &PERM_OP(*R,*L,*T,2,0x33333333);
+- &PERM_OP(*L,*R,*T,16,0x0000ffff);
+- &PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+- 	&printit(@L);
+- 	&printit(@R);
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/doPC1 ../RELENG_4_6/crypto/openssl/crypto/des/doPC1
+*** crypto/openssl/crypto/des/doPC1	Mon Jan 10 01:21:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/doPC1	Wed Dec 31 19:00:00 1969
+***************
+*** 1,110 ****
+- #!/usr/local/bin/perl
+- 
+- @l=(
+- 	 0, 1, 2, 3, 4, 5, 6, 7,
+- 	 8, 9,10,11,12,13,14,15,
+- 	16,17,18,19,20,21,22,23,
+- 	24,25,26,27,28,29,30,31
+- 	);
+- @r=(
+- 	32,33,34,35,36,37,38,39,
+- 	40,41,42,43,44,45,46,47,
+- 	48,49,50,51,52,53,54,55,
+- 	56,57,58,59,60,61,62,63
+- 	);
+- 
+- require 'shifts.pl';
+- 
+- sub PERM_OP
+- 	{
+- 	local(*a,*b,*t,$n,$m)=@_;
+- 
+- 	@z=&shift(*a,-$n);
+- 	@z=&xor(*b,*z);
+- 	@z=&and(*z,$m);
+- 	@b=&xor(*b,*z);
+- 	@z=&shift(*z,$n);
+- 	@a=&xor(*a,*z);
+- 	}
+- 
+- sub HPERM_OP2
+- 	{
+- 	local(*a,*t,$n,$m)=@_;
+- 	local(@x,@y,$i);
+- 
+- 	@z=&shift(*a,16-$n);
+- 	@z=&xor(*a,*z);
+- 	@z=&and(*z,$m);
+- 	@a=&xor(*a,*z);
+- 	@z=&shift(*z,$n-16);
+- 	@a=&xor(*a,*z);
+- 	}
+- 
+- sub HPERM_OP
+-         {
+-         local(*a,*t,$n,$m)=@_;
+-         local(@x,@y,$i);
+- 
+-         for ($i=0; $i<16; $i++)
+-                 {
+-                 $x[$i]=$a[$i];
+-                 $y[$i]=$a[16+$i];
+-                 }
+-         @z=&shift(*x,-$n);
+-         @z=&xor(*y,*z);
+-         @z=&and(*z,$m);
+-         @y=&xor(*y,*z);
+-         @z=&shift(*z,$n);
+-         @x=&xor(*x,*z);
+-         for ($i=0; $i<16; $i++)
+-                 {
+-                 $a[$i]=$x[$i];
+-                 $a[16+$i]=$y[$i];
+-                 }
+-         }
+- 
+- @L=@l;
+- @R=@r;
+- 
+- 	print "---\n"; &printit(@R);
+- &PERM_OP(*R,*L,*T,4,0x0f0f0f0f);
+- 	print "---\n"; &printit(@R);
+- &HPERM_OP2(*L,*T,-2,0xcccc0000);
+- &HPERM_OP2(*R,*T,-2,0xcccc0000);
+- 	print "---\n"; &printit(@R);
+- &PERM_OP(*R,*L,*T,1,0x55555555);
+- 	print "---\n"; &printit(@R);
+- &PERM_OP(*L,*R,*T,8,0x00ff00ff);
+- 	print "---\n"; &printit(@R);
+- &PERM_OP(*R,*L,*T,1,0x55555555);
+- 	print "---\n"; &printit(@R);
+- #	&printit(@L);
+- 	&printit(@R);
+- print <<"EOF";
+- ==============================
+- 63  55  47  39  31  23  15   7  
+- 62  54  46  38  30  22  14   6  
+- 61  53  45  37  29  21  13   5  
+- 60  52  44  36  --  --  --  --  
+- 
+- 57  49  41  33  25  17   9   1  
+- 58  50  42  34  26  18  10   2  
+- 59  51  43  35  27  19  11   3  
+- 28  20  12   4  --  --  --  --  
+- EOF
+- exit(1);
+- @A=&and(*R,0x000000ff);
+- @A=&shift(*A,16);
+- @B=&and(*R,0x0000ff00);
+- @C=&and(*R,0x00ff0000);
+- @C=&shift(*C,-16);
+- @D=&and(*L,0xf0000000);
+- @D=&shift(*D,-4);
+- @A=&or(*A,*B);
+- @B=&or(*D,*C);
+- @R=&or(*A,*B);
+- @L=&and(*L,0x0fffffff);
+- 
+- 	&printit(@L);
+- 	&printit(@R);
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/doPC2 ../RELENG_4_6/crypto/openssl/crypto/des/doPC2
+*** crypto/openssl/crypto/des/doPC2	Mon Jan 10 01:21:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/doPC2	Wed Dec 31 19:00:00 1969
+***************
+*** 1,94 ****
+- #!/usr/local/bin/perl
+- 
+- @PC2_C=(14,17,11,24, 1, 5,
+- 	 3,28,15, 6,21,10,
+- 	23,19,12, 4,26, 8,
+- 	16, 7,27,20,13, 2,
+- 	);
+- 
+- @PC2_D=(41,52,31,37,47,55,
+- 	30,40,51,45,33,48,
+- 	44,49,39,56,34,53,
+- 	46,42,50,36,29,32,
+- 	);
+- 
+- $i=0;
+- foreach (@PC2_C) {
+- 	$_--;
+- #	printf "%2d,",$_;
+- 	$C{$_}=$i;
+- 	++$i;
+- #	print "\n" if ((($i) % 8) == 0);
+- 	}
+- $i=0;
+- #print "\n";
+- foreach (@PC2_D) {
+- 	$_-=28;
+- 	$_--;
+- #	printf "%2d,",$_;
+- 	$D{$_}=$i;
+- 	$i++;
+- #	print "\n" if ((($i) % 8) == 0);
+- 	}
+- 
+- #print "\n";
+- foreach $i (0 .. 27)
+- 	{
+- 	$_=$C{$i};
+- #	printf "%2d,",$_;
+- 	$i++;
+- #	print "\n" if ((($i) % 8) == 0);
+- 	}
+- #print "\n";
+- 
+- #print "\n";
+- foreach $i (0 .. 27)
+- 	{
+- 	$_=$D{$i};
+- #	printf "%2d,",$_;
+- 	$i++;
+- #	print "\n" if ((($i) % 8) == 0);
+- 	}
+- #print "\n";
+- 
+- print "static ulong skb[8][64]={\n";
+- &doit("C",*C, 0, 1, 2, 3, 4, 5);
+- &doit("C",*C, 6, 7, 9,10,11,12);
+- &doit("C",*C,13,14,15,16,18,19);
+- &doit("C",*C,20,22,23,25,26,27);
+- 
+- &doit("D",*D, 0, 1, 2, 3, 4, 5);
+- &doit("D",*D, 7, 8,10,11,12,13);
+- &doit("D",*D,15,16,17,18,19,20);
+- &doit("D",*D,21,22,23,24,26,27);
+- print "};\n";
+- 
+- sub doit
+- 	{
+- 	local($l,*A,@b)=@_;
+- 	local(@out);
+- 
+- 	printf("/* for $l bits (numbered as per FIPS 46) %d %d %d %d %d %d */\n",
+- 		$b[0]+1, $b[1]+1, $b[2]+1, $b[3]+1, $b[4]+1, $b[5]+1);
+- 	for ($i=0; $i<64; $i++)
+- 		{
+- 		$out[$i]=0;
+- 		$j=1;
+- #print "\n";
+- 		for ($k=0; $k<6; $k++)
+- 			{
+- 			$l=$A{$b[$k]};
+- #print"$l - ";
+- 			if ((1<<$k) & $i)
+- 				{
+- 				$ll=int($l/6)*8+($l%6);
+- 				$out[$i]|=1<<($ll);
+- 				}
+- 			}
+- 		$pp=$out[$i];
+- 		$pp=($pp&0xff0000ff)|   (($pp&0x00ff0000)>>8)|
+- 					(($pp&0x0000ff00)<<8);
+- 		printf("0x%08X,",$pp);
+- 		print "\n" if (($i+1) % 4 == 0);
+- 		}
+- 	}
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/fcrypt.c ../RELENG_4_6/crypto/openssl/crypto/des/fcrypt.c
+*** crypto/openssl/crypto/des/fcrypt.c	Sun Aug 20 04:46:19 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/fcrypt.c	Tue Jan  8 04:19:55 2002
+***************
+*** 61,67 ****
+  void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+  	DES_LONG Eswap0, DES_LONG Eswap1);
+  
+! #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT)
+  char *crypt(const char *buf, const char *salt)
+  	{
+  	return(des_crypt(buf, salt));
+--- 61,67 ----
+  void fcrypt_body(DES_LONG *out,des_key_schedule ks,
+  	DES_LONG Eswap0, DES_LONG Eswap1);
+  
+! #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) && !defined(_DARWIN)
+  char *crypt(const char *buf, const char *salt)
+  	{
+  	return(des_crypt(buf, salt));
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/podd.h ../RELENG_4_6/crypto/openssl/crypto/des/podd.h
+*** crypto/openssl/crypto/des/podd.h	Mon Jan 10 01:21:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/podd.h	Wed Dec 31 19:00:00 1969
+***************
+*** 1,75 ****
+- /* crypto/des/podd.h */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- static const unsigned char odd_parity[256]={
+-   1,  1,  2,  2,  4,  4,  7,  7,  8,  8, 11, 11, 13, 13, 14, 14,
+-  16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+-  32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+-  49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+-  64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+-  81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+-  97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110,
+- 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127,
+- 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143,
+- 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158,
+- 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174,
+- 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191,
+- 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206,
+- 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223,
+- 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239,
+- 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254};
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read2pwd.c ../RELENG_4_6/crypto/openssl/crypto/des/read2pwd.c
+*** crypto/openssl/crypto/des/read2pwd.c	Mon Jan 10 01:21:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/read2pwd.c	Wed Dec  4 18:07:30 2002
+***************
+*** 57,62 ****
+--- 57,63 ----
+   */
+  
+  #include "des_locl.h"
++ #include <openssl/crypto.h>
+  
+  int des_read_password(des_cblock *key, const char *prompt, int verify)
+  	{
+***************
+*** 65,72 ****
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_key(buf,key);
+! 	memset(buf,0,BUFSIZ);
+! 	memset(buff,0,BUFSIZ);
+  	return(ok);
+  	}
+  
+--- 66,73 ----
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_key(buf,key);
+! 	OPENSSL_cleanse(buf,BUFSIZ);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ok);
+  	}
+  
+***************
+*** 78,84 ****
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_2keys(buf,key1,key2);
+! 	memset(buf,0,BUFSIZ);
+! 	memset(buff,0,BUFSIZ);
+  	return(ok);
+  	}
+--- 79,85 ----
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_2keys(buf,key1,key2);
+! 	OPENSSL_cleanse(buf,BUFSIZ);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ok);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read_pwd.c ../RELENG_4_6/crypto/openssl/crypto/des/read_pwd.c
+*** crypto/openssl/crypto/des/read_pwd.c	Sun Nov 26 06:33:26 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/read_pwd.c	Thu Nov 28 03:05:50 2002
+***************
+*** 56,62 ****
+   * [including the GNU Public Licence.]
+   */
+  
+! #if !defined(MSDOS) && !defined(VMS) && !defined(WIN32)
+  #include <openssl/opensslconf.h>
+  #ifdef OPENSSL_UNISTD
+  # include OPENSSL_UNISTD
+--- 56,62 ----
+   * [including the GNU Public Licence.]
+   */
+  
+! #if !defined(MSDOS) && !defined(VMS) && !defined(WIN32) && !defined(VXWORKS)
+  #include <openssl/opensslconf.h>
+  #ifdef OPENSSL_UNISTD
+  # include OPENSSL_UNISTD
+***************
+*** 133,138 ****
+--- 133,144 ----
+  #define SGTTY
+  #endif
+  
++ #if defined(VXWORKS)
++ #undef TERMIOS
++ #undef TERMIO
++ #undef SGTTY
++ #endif
++ 
+  #ifdef TERMIOS
+  #include <termios.h>
+  #define TTY_STRUCT		struct termios
+***************
+*** 212,218 ****
+  	int ret;
+  
+  	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+! 	memset(buff,0,BUFSIZ);
+  	return(ret);
+  	}
+  
+--- 218,224 ----
+  	int ret;
+  
+  	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ret);
+  	}
+  
+***************
+*** 240,246 ****
+  	long status;
+  	unsigned short channel = 0;
+  #else
+! #ifndef MSDOS
+  	TTY_STRUCT tty_orig,tty_new;
+  #endif
+  #endif
+--- 246,252 ----
+  	long status;
+  	unsigned short channel = 0;
+  #else
+! #if !defined(MSDOS) && !defined(VXWORKS)
+  	TTY_STRUCT tty_orig,tty_new;
+  #endif
+  #endif
+***************
+*** 268,274 ****
+  #ifdef MSDOS
+  	if ((tty=fopen("con","r")) == NULL)
+  		tty=stdin;
+! #elif defined(MAC_OS_pre_X)
+  	tty=stdin;
+  #else
+  #ifndef MPE
+--- 274,280 ----
+  #ifdef MSDOS
+  	if ((tty=fopen("con","r")) == NULL)
+  		tty=stdin;
+! #elif defined(MAC_OS_pre_X) || defined(VXWORKS)
+  	tty=stdin;
+  #else
+  #ifndef MPE
+***************
+*** 366,372 ****
+  
+  error:
+  	fprintf(stderr,"\n");
+! #ifdef DEBUG
+  	perror("fgets(tty)");
+  #endif
+  	/* What can we do if there is an error? */
+--- 372,378 ----
+  
+  error:
+  	fprintf(stderr,"\n");
+! #if 0
+  	perror("fgets(tty)");
+  #endif
+  	/* What can we do if there is an error? */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/shifts.pl ../RELENG_4_6/crypto/openssl/crypto/des/shifts.pl
+*** crypto/openssl/crypto/des/shifts.pl	Mon Jan 10 01:21:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/shifts.pl	Wed Dec 31 19:00:00 1969
+***************
+*** 1,198 ****
+- #!/usr/local/bin/perl
+- 
+- sub lab_shift
+- 	{
+- 	local(*a,$n)=@_;
+- 	local(@r,$i,$j,$k,$d,@z);
+- 
+- 	@r=&shift(*a,$n);
+- 	foreach $i (0 .. 31)
+- 		{
+- 		@z=split(/\^/,$r[$i]);
+- 		for ($j=0; $j <= $#z; $j++)
+- 			{
+- 			($d)=($z[$j] =~ /^(..)/);
+- 			($k)=($z[$j] =~ /\[(.*)\]$/);
+- 			$k.=",$n" if ($k ne "");
+- 			$k="$n"	  if ($k eq "");
+- 			$d="$d[$k]";
+- 			$z[$j]=$d;
+- 			}
+- 		$r[$i]=join('^',@z);
+- 		}
+- 	return(@r);
+- 	}
+- 
+- sub shift
+- 	{
+- 	local(*a,$n)=@_;
+- 	local(@f);
+- 
+- 	if ($n > 0)
+- 		{
+- 		@f=&shiftl(*a,$n);
+- 		}
+- 	else
+- 		{
+- 		@f=&shiftr(*a,-$n);
+- 		}
+- 	return(@f);
+- 	}
+- 
+- sub rotate
+- 	{
+- 	local(*a,$n)=@_;
+- 	local(@f);
+- 
+- 	if ($n > 0)
+- 		{ @f=&rotatel(*a,$n); }
+- 	else
+- 		{ @f=&rotater(*a,-$n); }
+- 	return(@f);
+- 	}
+- 
+- sub rotater
+- 	{
+- 	local(*a,$n)=@_;
+- 	local(@f,@g);
+- 
+- 	@f=&shiftr(*a,$n);
+- 	@g=&shiftl(*a,32-$n);
+- 	$#f=31;
+- 	$#g=31;
+- 	return(&or(*f,*g));
+- 	}
+- 
+- sub rotatel
+- 	{
+- 	local(*a,$n)=@_;
+- 	local(@f,@g);
+- 
+- 	@f=&shiftl(*a,$n);
+- 	@g=&shiftr(*a,32-$n);
+- 	$#f=31;
+- 	$#g=31;
+- 	return(&or(*f,*g));
+- 	}
+- 
+- sub shiftr
+- 	{
+- 	local(*a,$n)=@_;
+- 	local(@r,$i);
+- 
+- 	$#r=31;
+- 	foreach $i (0 .. 31)
+- 		{
+- 		if (($i+$n) > 31)
+- 			{
+- 			$r[$i]="--";
+- 			}
+- 		else
+- 			{
+- 			$r[$i]=$a[$i+$n];
+- 			}
+- 		}
+- 	return(@r);
+- 	}
+- 
+- sub shiftl
+- 	{
+- 	local(*a,$n)=@_;
+- 	local(@r,$i);
+- 
+- 	$#r=31;
+- 	foreach $i (0 .. 31)
+- 		{
+- 		if ($i < $n)
+- 			{
+- 			$r[$i]="--";
+- 			}
+- 		else
+- 			{
+- 			$r[$i]=$a[$i-$n];
+- 			}
+- 		}
+- 	return(@r);
+- 	}
+- 
+- sub printit
+- 	{
+- 	local(@a)=@_;
+- 	local($i);
+- 
+- 	foreach $i (0 .. 31)
+- 		{
+- 		printf "%2s  ",$a[$i];
+- 		print "\n" if (($i%8) == 7);
+- 		}
+- 	print "\n";
+- 	}
+- 
+- sub xor
+- 	{
+- 	local(*a,*b)=@_;
+- 	local(@r,$i);
+- 
+- 	$#r=31;
+- 	foreach $i (0 .. 31)
+- 		{
+- 		$r[$i]=&compress($a[$i].'^'.$b[$i]);
+- #		$r[$i]=$a[$i]."^".$b[$i];
+- 		}
+- 	return(@r);
+- 	}
+- 
+- sub and
+- 	{
+- 	local(*a,$m)=@_;
+- 	local(@r,$i);
+- 
+- 	$#r=31;
+- 	foreach $i (0 .. 31)
+- 		{
+- 		$r[$i]=(($m & (1<<$i))?($a[$i]):('--'));
+- 		}
+- 	return(@r);
+- 	}
+- 
+- sub or
+- 	{
+- 	local(*a,*b)=@_;
+- 	local(@r,$i);
+- 
+- 	$#r=31;
+- 	foreach $i (0 .. 31)
+- 		{
+- 		$r[$i]='--'   if (($a[$i] eq '--') && ($b[$i] eq '--'));
+- 		$r[$i]=$a[$i] if (($a[$i] ne '--') && ($b[$i] eq '--'));
+- 		$r[$i]=$b[$i] if (($a[$i] eq '--') && ($b[$i] ne '--'));
+- 		$r[$i]='++'   if (($a[$i] ne '--') && ($b[$i] ne '--'));
+- 		}
+- 	return(@r);
+- 	}
+- 
+- sub compress
+- 	{
+- 	local($s)=@_;
+- 	local($_,$i,@a,%a,$r);
+- 
+- 	$s =~ s/\^\^/\^/g;
+- 	$s =~ s/^\^//;
+- 	$s =~ s/\^$//;
+- 	@a=split(/\^/,$s);
+- 
+- 	while ($#a >= 0)
+- 		{
+- 		$_=shift(@a);
+- 		next unless /\d/;
+- 		$a{$_}++;
+- 		}
+- 	foreach $i (sort keys %a)
+- 		{
+- 		next if ($a{$i}%2 == 0);
+- 		$r.="$i^";
+- 		}
+- 	chop($r);
+- 	return($r);
+- 	}
+- 1;
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/sk.h ../RELENG_4_6/crypto/openssl/crypto/des/sk.h
+*** crypto/openssl/crypto/des/sk.h	Mon Jan 10 01:21:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/sk.h	Wed Dec 31 19:00:00 1969
+***************
+*** 1,204 ****
+- /* crypto/des/sk.h */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- static const DES_LONG des_skb[8][64]={
+- {
+- /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+- 0x00000000L,0x00000010L,0x20000000L,0x20000010L,
+- 0x00010000L,0x00010010L,0x20010000L,0x20010010L,
+- 0x00000800L,0x00000810L,0x20000800L,0x20000810L,
+- 0x00010800L,0x00010810L,0x20010800L,0x20010810L,
+- 0x00000020L,0x00000030L,0x20000020L,0x20000030L,
+- 0x00010020L,0x00010030L,0x20010020L,0x20010030L,
+- 0x00000820L,0x00000830L,0x20000820L,0x20000830L,
+- 0x00010820L,0x00010830L,0x20010820L,0x20010830L,
+- 0x00080000L,0x00080010L,0x20080000L,0x20080010L,
+- 0x00090000L,0x00090010L,0x20090000L,0x20090010L,
+- 0x00080800L,0x00080810L,0x20080800L,0x20080810L,
+- 0x00090800L,0x00090810L,0x20090800L,0x20090810L,
+- 0x00080020L,0x00080030L,0x20080020L,0x20080030L,
+- 0x00090020L,0x00090030L,0x20090020L,0x20090030L,
+- 0x00080820L,0x00080830L,0x20080820L,0x20080830L,
+- 0x00090820L,0x00090830L,0x20090820L,0x20090830L,
+- },{
+- /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+- 0x00000000L,0x02000000L,0x00002000L,0x02002000L,
+- 0x00200000L,0x02200000L,0x00202000L,0x02202000L,
+- 0x00000004L,0x02000004L,0x00002004L,0x02002004L,
+- 0x00200004L,0x02200004L,0x00202004L,0x02202004L,
+- 0x00000400L,0x02000400L,0x00002400L,0x02002400L,
+- 0x00200400L,0x02200400L,0x00202400L,0x02202400L,
+- 0x00000404L,0x02000404L,0x00002404L,0x02002404L,
+- 0x00200404L,0x02200404L,0x00202404L,0x02202404L,
+- 0x10000000L,0x12000000L,0x10002000L,0x12002000L,
+- 0x10200000L,0x12200000L,0x10202000L,0x12202000L,
+- 0x10000004L,0x12000004L,0x10002004L,0x12002004L,
+- 0x10200004L,0x12200004L,0x10202004L,0x12202004L,
+- 0x10000400L,0x12000400L,0x10002400L,0x12002400L,
+- 0x10200400L,0x12200400L,0x10202400L,0x12202400L,
+- 0x10000404L,0x12000404L,0x10002404L,0x12002404L,
+- 0x10200404L,0x12200404L,0x10202404L,0x12202404L,
+- },{
+- /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+- 0x00000000L,0x00000001L,0x00040000L,0x00040001L,
+- 0x01000000L,0x01000001L,0x01040000L,0x01040001L,
+- 0x00000002L,0x00000003L,0x00040002L,0x00040003L,
+- 0x01000002L,0x01000003L,0x01040002L,0x01040003L,
+- 0x00000200L,0x00000201L,0x00040200L,0x00040201L,
+- 0x01000200L,0x01000201L,0x01040200L,0x01040201L,
+- 0x00000202L,0x00000203L,0x00040202L,0x00040203L,
+- 0x01000202L,0x01000203L,0x01040202L,0x01040203L,
+- 0x08000000L,0x08000001L,0x08040000L,0x08040001L,
+- 0x09000000L,0x09000001L,0x09040000L,0x09040001L,
+- 0x08000002L,0x08000003L,0x08040002L,0x08040003L,
+- 0x09000002L,0x09000003L,0x09040002L,0x09040003L,
+- 0x08000200L,0x08000201L,0x08040200L,0x08040201L,
+- 0x09000200L,0x09000201L,0x09040200L,0x09040201L,
+- 0x08000202L,0x08000203L,0x08040202L,0x08040203L,
+- 0x09000202L,0x09000203L,0x09040202L,0x09040203L,
+- },{
+- /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+- 0x00000000L,0x00100000L,0x00000100L,0x00100100L,
+- 0x00000008L,0x00100008L,0x00000108L,0x00100108L,
+- 0x00001000L,0x00101000L,0x00001100L,0x00101100L,
+- 0x00001008L,0x00101008L,0x00001108L,0x00101108L,
+- 0x04000000L,0x04100000L,0x04000100L,0x04100100L,
+- 0x04000008L,0x04100008L,0x04000108L,0x04100108L,
+- 0x04001000L,0x04101000L,0x04001100L,0x04101100L,
+- 0x04001008L,0x04101008L,0x04001108L,0x04101108L,
+- 0x00020000L,0x00120000L,0x00020100L,0x00120100L,
+- 0x00020008L,0x00120008L,0x00020108L,0x00120108L,
+- 0x00021000L,0x00121000L,0x00021100L,0x00121100L,
+- 0x00021008L,0x00121008L,0x00021108L,0x00121108L,
+- 0x04020000L,0x04120000L,0x04020100L,0x04120100L,
+- 0x04020008L,0x04120008L,0x04020108L,0x04120108L,
+- 0x04021000L,0x04121000L,0x04021100L,0x04121100L,
+- 0x04021008L,0x04121008L,0x04021108L,0x04121108L,
+- },{
+- /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+- 0x00000000L,0x10000000L,0x00010000L,0x10010000L,
+- 0x00000004L,0x10000004L,0x00010004L,0x10010004L,
+- 0x20000000L,0x30000000L,0x20010000L,0x30010000L,
+- 0x20000004L,0x30000004L,0x20010004L,0x30010004L,
+- 0x00100000L,0x10100000L,0x00110000L,0x10110000L,
+- 0x00100004L,0x10100004L,0x00110004L,0x10110004L,
+- 0x20100000L,0x30100000L,0x20110000L,0x30110000L,
+- 0x20100004L,0x30100004L,0x20110004L,0x30110004L,
+- 0x00001000L,0x10001000L,0x00011000L,0x10011000L,
+- 0x00001004L,0x10001004L,0x00011004L,0x10011004L,
+- 0x20001000L,0x30001000L,0x20011000L,0x30011000L,
+- 0x20001004L,0x30001004L,0x20011004L,0x30011004L,
+- 0x00101000L,0x10101000L,0x00111000L,0x10111000L,
+- 0x00101004L,0x10101004L,0x00111004L,0x10111004L,
+- 0x20101000L,0x30101000L,0x20111000L,0x30111000L,
+- 0x20101004L,0x30101004L,0x20111004L,0x30111004L,
+- },{
+- /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+- 0x00000000L,0x08000000L,0x00000008L,0x08000008L,
+- 0x00000400L,0x08000400L,0x00000408L,0x08000408L,
+- 0x00020000L,0x08020000L,0x00020008L,0x08020008L,
+- 0x00020400L,0x08020400L,0x00020408L,0x08020408L,
+- 0x00000001L,0x08000001L,0x00000009L,0x08000009L,
+- 0x00000401L,0x08000401L,0x00000409L,0x08000409L,
+- 0x00020001L,0x08020001L,0x00020009L,0x08020009L,
+- 0x00020401L,0x08020401L,0x00020409L,0x08020409L,
+- 0x02000000L,0x0A000000L,0x02000008L,0x0A000008L,
+- 0x02000400L,0x0A000400L,0x02000408L,0x0A000408L,
+- 0x02020000L,0x0A020000L,0x02020008L,0x0A020008L,
+- 0x02020400L,0x0A020400L,0x02020408L,0x0A020408L,
+- 0x02000001L,0x0A000001L,0x02000009L,0x0A000009L,
+- 0x02000401L,0x0A000401L,0x02000409L,0x0A000409L,
+- 0x02020001L,0x0A020001L,0x02020009L,0x0A020009L,
+- 0x02020401L,0x0A020401L,0x02020409L,0x0A020409L,
+- },{
+- /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+- 0x00000000L,0x00000100L,0x00080000L,0x00080100L,
+- 0x01000000L,0x01000100L,0x01080000L,0x01080100L,
+- 0x00000010L,0x00000110L,0x00080010L,0x00080110L,
+- 0x01000010L,0x01000110L,0x01080010L,0x01080110L,
+- 0x00200000L,0x00200100L,0x00280000L,0x00280100L,
+- 0x01200000L,0x01200100L,0x01280000L,0x01280100L,
+- 0x00200010L,0x00200110L,0x00280010L,0x00280110L,
+- 0x01200010L,0x01200110L,0x01280010L,0x01280110L,
+- 0x00000200L,0x00000300L,0x00080200L,0x00080300L,
+- 0x01000200L,0x01000300L,0x01080200L,0x01080300L,
+- 0x00000210L,0x00000310L,0x00080210L,0x00080310L,
+- 0x01000210L,0x01000310L,0x01080210L,0x01080310L,
+- 0x00200200L,0x00200300L,0x00280200L,0x00280300L,
+- 0x01200200L,0x01200300L,0x01280200L,0x01280300L,
+- 0x00200210L,0x00200310L,0x00280210L,0x00280310L,
+- 0x01200210L,0x01200310L,0x01280210L,0x01280310L,
+- },{
+- /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+- 0x00000000L,0x04000000L,0x00040000L,0x04040000L,
+- 0x00000002L,0x04000002L,0x00040002L,0x04040002L,
+- 0x00002000L,0x04002000L,0x00042000L,0x04042000L,
+- 0x00002002L,0x04002002L,0x00042002L,0x04042002L,
+- 0x00000020L,0x04000020L,0x00040020L,0x04040020L,
+- 0x00000022L,0x04000022L,0x00040022L,0x04040022L,
+- 0x00002020L,0x04002020L,0x00042020L,0x04042020L,
+- 0x00002022L,0x04002022L,0x00042022L,0x04042022L,
+- 0x00000800L,0x04000800L,0x00040800L,0x04040800L,
+- 0x00000802L,0x04000802L,0x00040802L,0x04040802L,
+- 0x00002800L,0x04002800L,0x00042800L,0x04042800L,
+- 0x00002802L,0x04002802L,0x00042802L,0x04042802L,
+- 0x00000820L,0x04000820L,0x00040820L,0x04040820L,
+- 0x00000822L,0x04000822L,0x00040822L,0x04040822L,
+- 0x00002820L,0x04002820L,0x00042820L,0x04042820L,
+- 0x00002822L,0x04002822L,0x00042822L,0x04042822L,
+- }};
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/str2key.c ../RELENG_4_6/crypto/openssl/crypto/des/str2key.c
+*** crypto/openssl/crypto/des/str2key.c	Sun Aug 20 04:46:20 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/str2key.c	Wed Dec  4 18:07:30 2002
+***************
+*** 56,61 ****
+--- 56,62 ----
+   * [including the GNU Public Licence.]
+   */
+  
++ #include <openssl/crypto.h>
+  #include "des_locl.h"
+  
+  void des_string_to_key(const char *str, des_cblock *key)
+***************
+*** 88,94 ****
+  	des_set_odd_parity(key);
+  	des_set_key_unchecked(key,ks);
+  	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
+! 	memset(ks,0,sizeof(ks));
+  	des_set_odd_parity(key);
+  	}
+  
+--- 89,95 ----
+  	des_set_odd_parity(key);
+  	des_set_key_unchecked(key,ks);
+  	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+  	des_set_odd_parity(key);
+  	}
+  
+***************
+*** 149,155 ****
+  	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
+  	des_set_key_unchecked(key2,ks);
+  	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
+! 	memset(ks,0,sizeof(ks));
+  	des_set_odd_parity(key1);
+  	des_set_odd_parity(key2);
+  	}
+--- 150,156 ----
+  	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
+  	des_set_key_unchecked(key2,ks);
+  	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+  	des_set_odd_parity(key1);
+  	des_set_odd_parity(key2);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/supp.c ../RELENG_4_6/crypto/openssl/crypto/des/supp.c
+*** crypto/openssl/crypto/des/supp.c	Mon Jan 10 01:21:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/supp.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,107 ****
+- /* crypto/des/supp.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- /*
+-  * Copyright (c) 1995
+-  *	Mark Murray.  All rights reserved.
+-  *
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the above copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *	This product includes software developed by Mark Murray
+-  * 4. Neither the name of the author nor the names of any co-contributors
+-  *    may be used to endorse or promote products derived from this software
+-  *    without specific prior written permission.
+-  *
+-  * THIS SOFTWARE IS PROVIDED BY MARK MURRAY AND CONTRIBUTORS ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  *
+-  * $Id: supp.c,v 1.5 1999/05/16 12:25:45 bodo Exp $
+-  */
+- 
+- #include <stdio.h>
+- #include "des_locl.h"
+- 
+- void des_cblock_print_file(const_des_cblock *cb, FILE *fp)
+- {
+- 	int i;
+- 	const unsigned int *p = (const unsigned int *)cb;
+- 
+- 	fprintf(fp, " 0x { ");
+- 	for (i = 0; i < 8; i++) {
+- 		fprintf(fp, "%x", p[i]);
+- 		if (i != 7) fprintf(fp, ", ");
+- 	}
+- 	fprintf(fp, " }");
+- }
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/testdes.pl ../RELENG_4_6/crypto/openssl/crypto/des/testdes.pl
+*** crypto/openssl/crypto/des/testdes.pl	Mon Jan 10 01:21:38 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/testdes.pl	Wed Dec 31 19:00:00 1969
+***************
+*** 1,167 ****
+- #!/usr/local/bin/perl
+- 
+- # des.pl tesing code
+- 
+- require 'des.pl';
+- 
+- $num_tests=34;
+- @key_data=(
+- 	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+- 	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+- 	0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+- 	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+- 	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+- 	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+- 	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+- 	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+- 	0x7C,0xA1,0x10,0x45,0x4A,0x1A,0x6E,0x57,
+- 	0x01,0x31,0xD9,0x61,0x9D,0xC1,0x37,0x6E,
+- 	0x07,0xA1,0x13,0x3E,0x4A,0x0B,0x26,0x86,
+- 	0x38,0x49,0x67,0x4C,0x26,0x02,0x31,0x9E,
+- 	0x04,0xB9,0x15,0xBA,0x43,0xFE,0xB5,0xB6,
+- 	0x01,0x13,0xB9,0x70,0xFD,0x34,0xF2,0xCE,
+- 	0x01,0x70,0xF1,0x75,0x46,0x8F,0xB5,0xE6,
+- 	0x43,0x29,0x7F,0xAD,0x38,0xE3,0x73,0xFE,
+- 	0x07,0xA7,0x13,0x70,0x45,0xDA,0x2A,0x16,
+- 	0x04,0x68,0x91,0x04,0xC2,0xFD,0x3B,0x2F,
+- 	0x37,0xD0,0x6B,0xB5,0x16,0xCB,0x75,0x46,
+- 	0x1F,0x08,0x26,0x0D,0x1A,0xC2,0x46,0x5E,
+- 	0x58,0x40,0x23,0x64,0x1A,0xBA,0x61,0x76,
+- 	0x02,0x58,0x16,0x16,0x46,0x29,0xB0,0x07,
+- 	0x49,0x79,0x3E,0xBC,0x79,0xB3,0x25,0x8F,
+- 	0x4F,0xB0,0x5E,0x15,0x15,0xAB,0x73,0xA7,
+- 	0x49,0xE9,0x5D,0x6D,0x4C,0xA2,0x29,0xBF,
+- 	0x01,0x83,0x10,0xDC,0x40,0x9B,0x26,0xD6,
+- 	0x1C,0x58,0x7F,0x1C,0x13,0x92,0x4F,0xEF,
+- 	0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,
+- 	0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E,
+- 	0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE,
+- 	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+- 	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+- 	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+- 	0xFE,0xDC,0xBA,0x98,0x76,0x54,0x32,0x10,
+- 	);
+- 
+- @plain_data=(
+- 	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+- 	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+- 	0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x01,
+- 	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+- 	0x11,0x11,0x11,0x11,0x11,0x11,0x11,0x11,
+- 	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+- 	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+- 	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+- 	0x01,0xA1,0xD6,0xD0,0x39,0x77,0x67,0x42,
+- 	0x5C,0xD5,0x4C,0xA8,0x3D,0xEF,0x57,0xDA,
+- 	0x02,0x48,0xD4,0x38,0x06,0xF6,0x71,0x72,
+- 	0x51,0x45,0x4B,0x58,0x2D,0xDF,0x44,0x0A,
+- 	0x42,0xFD,0x44,0x30,0x59,0x57,0x7F,0xA2,
+- 	0x05,0x9B,0x5E,0x08,0x51,0xCF,0x14,0x3A,
+- 	0x07,0x56,0xD8,0xE0,0x77,0x47,0x61,0xD2,
+- 	0x76,0x25,0x14,0xB8,0x29,0xBF,0x48,0x6A,
+- 	0x3B,0xDD,0x11,0x90,0x49,0x37,0x28,0x02,
+- 	0x26,0x95,0x5F,0x68,0x35,0xAF,0x60,0x9A,
+- 	0x16,0x4D,0x5E,0x40,0x4F,0x27,0x52,0x32,
+- 	0x6B,0x05,0x6E,0x18,0x75,0x9F,0x5C,0xCA,
+- 	0x00,0x4B,0xD6,0xEF,0x09,0x17,0x60,0x62,
+- 	0x48,0x0D,0x39,0x00,0x6E,0xE7,0x62,0xF2,
+- 	0x43,0x75,0x40,0xC8,0x69,0x8F,0x3C,0xFA,
+- 	0x07,0x2D,0x43,0xA0,0x77,0x07,0x52,0x92,
+- 	0x02,0xFE,0x55,0x77,0x81,0x17,0xF1,0x2A,
+- 	0x1D,0x9D,0x5C,0x50,0x18,0xF7,0x28,0xC2,
+- 	0x30,0x55,0x32,0x28,0x6D,0x6F,0x29,0x5A,
+- 	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+- 	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+- 	0x01,0x23,0x45,0x67,0x89,0xAB,0xCD,0xEF,
+- 	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,
+- 	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+- 	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
+- 	0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF);
+- 
+- @cipher_data=(
+- 	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
+- 	0x73,0x59,0xB2,0x16,0x3E,0x4E,0xDC,0x58,
+- 	0x95,0x8E,0x6E,0x62,0x7A,0x05,0x55,0x7B,
+- 	0xF4,0x03,0x79,0xAB,0x9E,0x0E,0xC5,0x33,
+- 	0x17,0x66,0x8D,0xFC,0x72,0x92,0x53,0x2D,
+- 	0x8A,0x5A,0xE1,0xF8,0x1A,0xB8,0xF2,0xDD,
+- 	0x8C,0xA6,0x4D,0xE9,0xC1,0xB1,0x23,0xA7,
+- 	0xED,0x39,0xD9,0x50,0xFA,0x74,0xBC,0xC4,
+- 	0x69,0x0F,0x5B,0x0D,0x9A,0x26,0x93,0x9B,
+- 	0x7A,0x38,0x9D,0x10,0x35,0x4B,0xD2,0x71,
+- 	0x86,0x8E,0xBB,0x51,0xCA,0xB4,0x59,0x9A,
+- 	0x71,0x78,0x87,0x6E,0x01,0xF1,0x9B,0x2A,
+- 	0xAF,0x37,0xFB,0x42,0x1F,0x8C,0x40,0x95,
+- 	0x86,0xA5,0x60,0xF1,0x0E,0xC6,0xD8,0x5B,
+- 	0x0C,0xD3,0xDA,0x02,0x00,0x21,0xDC,0x09,
+- 	0xEA,0x67,0x6B,0x2C,0xB7,0xDB,0x2B,0x7A,
+- 	0xDF,0xD6,0x4A,0x81,0x5C,0xAF,0x1A,0x0F,
+- 	0x5C,0x51,0x3C,0x9C,0x48,0x86,0xC0,0x88,
+- 	0x0A,0x2A,0xEE,0xAE,0x3F,0xF4,0xAB,0x77,
+- 	0xEF,0x1B,0xF0,0x3E,0x5D,0xFA,0x57,0x5A,
+- 	0x88,0xBF,0x0D,0xB6,0xD7,0x0D,0xEE,0x56,
+- 	0xA1,0xF9,0x91,0x55,0x41,0x02,0x0B,0x56,
+- 	0x6F,0xBF,0x1C,0xAF,0xCF,0xFD,0x05,0x56,
+- 	0x2F,0x22,0xE4,0x9B,0xAB,0x7C,0xA1,0xAC,
+- 	0x5A,0x6B,0x61,0x2C,0xC2,0x6C,0xCE,0x4A,
+- 	0x5F,0x4C,0x03,0x8E,0xD1,0x2B,0x2E,0x41,
+- 	0x63,0xFA,0xC0,0xD0,0x34,0xD9,0xF7,0x93,
+- 	0x61,0x7B,0x3A,0x0C,0xE8,0xF0,0x71,0x00,
+- 	0xDB,0x95,0x86,0x05,0xF8,0xC8,0xC6,0x06,
+- 	0xED,0xBF,0xD1,0xC6,0x6C,0x29,0xCC,0xC7,
+- 	0x35,0x55,0x50,0xB2,0x15,0x0E,0x24,0x51,
+- 	0xCA,0xAA,0xAF,0x4D,0xEA,0xF1,0xDB,0xAE,
+- 	0xD5,0xD4,0x4F,0xF7,0x20,0x68,0x3D,0x0D,
+- 	0x2A,0x2B,0xB0,0x08,0xDF,0x97,0xC2,0xF2);
+- 
+- print "Doing ecb tests\n";
+- for ($i=0; $i<$num_tests; $i++)
+- 	{
+- 	printf "Doing test $i\n";
+- 	$key =pack("C8",splice(@key_data   ,0,8));
+- 	$data=pack("C8",splice(@plain_data ,0,8));
+- 	$res =pack("C8",splice(@cipher_data,0,8));
+- 
+- 	@ks=  &des_set_key($key);
+- 	$out1= &des_ecb_encrypt(*ks,1,$data);
+- 	$out2= &des_ecb_encrypt(*ks,0,$out1);
+- 	$out3= &des_ecb_encrypt(*ks,0,$res);
+- 	&eprint("encryption failure",$res,$out1)
+- 		if ($out1 ne $res);
+- 	&eprint("encryption/decryption failure",$data,$out2)
+- 		if ($out2 ne $data);
+- 	&eprint("decryption failure",$data,$out3)
+- 		if ($data ne $out3);
+- 	}
+- print "Done\n";
+- 
+- print "doing speed test over 30 seconds\n";
+- $SIG{'ALRM'}='done';
+- sub done {$done=1;}
+- $done=0;
+- 
+- $count=0;
+- $d=pack("C8",0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef);
+- @ks=  &des_set_key($d);
+- alarm(30);
+- $start=(times)[0];
+- while (!$done)
+- 	{
+- 	$count++;
+- 	$d=&des_ecb_encrypt(*ks,1,$d);
+- 	}
+- $end=(times)[0];
+- $t=$end-$start;
+- printf "$count DESs in %.2f seconds is %.2f DESs/sec or %.2f bytes/sec\n",
+- 	1.0*$t,1.0*$count/$t,$count*8.0/$t;
+- 
+- sub eprint
+- 	{
+- 	local($s,$c,$e)=@_;
+- 	local(@k);
+- 
+- 	@k=unpack("C8",$c);
+- 	printf "%02x%02x%02x%02x %02x%02x%02x%02x - ",unpack("C8",$c);
+- 	printf "%02x%02x%02x%02x %02x%02x%02x%02x :",unpack("C8",$e);
+- 	print " $s\n";
+- 	}
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/dh/Makefile.save
+*** crypto/openssl/crypto/dh/Makefile.save	Sun Nov 26 06:33:26 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dh/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,118 ****
+- #
+- # SSLeay/crypto/dh/Makefile
+- #
+- 
+- DIR=	dh
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST= dhtest.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC= dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+- LIBOBJ= dh_gen.o dh_key.o dh_lib.o dh_check.o dh_err.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= dh.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- dh_check.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- dh_check.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- dh_check.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+- dh_check.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- dh_check.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- dh_check.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- dh_check.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- dh_check.o: ../cryptlib.h
+- dh_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- dh_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+- dh_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- dh_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- dh_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- dh_err.o: ../../include/openssl/symhacks.h
+- dh_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- dh_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- dh_gen.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+- dh_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- dh_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- dh_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- dh_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- dh_gen.o: ../cryptlib.h
+- dh_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- dh_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- dh_key.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+- dh_key.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- dh_key.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- dh_key.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- dh_key.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- dh_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- dh_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- dh_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- dh_lib.o: ../../include/openssl/dh.h ../../include/openssl/e_os.h
+- dh_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- dh_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- dh_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- dh_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- dh_lib.o: ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/dh/Makefile.ssl
+*** crypto/openssl/crypto/dh/Makefile.ssl	Wed Jul  4 19:19:21 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/dh/Makefile.ssl	Wed Oct  9 09:13:39 2002
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dh.h ../RELENG_4_6/crypto/openssl/crypto/dh/dh.h
+*** crypto/openssl/crypto/dh/dh.h	Sun Nov 26 06:33:27 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dh/dh.h	Wed Mar 20 11:01:28 2002
+***************
+*** 177,188 ****
+  #else
+  int	DHparams_print(char *bp, DH *x);
+  #endif
+- void	ERR_load_DH_strings(void );
+  
+  /* BEGIN ERROR CODES */
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
+  
+  /* Error codes for the DH functions. */
+  
+--- 177,188 ----
+  #else
+  int	DHparams_print(char *bp, DH *x);
+  #endif
+  
+  /* BEGIN ERROR CODES */
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_DH_strings(void);
+  
+  /* Error codes for the DH functions. */
+  
+***************
+*** 195,204 ****
+  #define DH_F_DH_NEW					 105
+  
+  /* Reason codes. */
+  #define DH_R_NO_PRIVATE_VALUE				 100
+  
+  #ifdef  __cplusplus
+  }
+  #endif
+  #endif
+- 
+--- 195,204 ----
+  #define DH_F_DH_NEW					 105
+  
+  /* Reason codes. */
++ #define DH_R_BAD_GENERATOR				 101
+  #define DH_R_NO_PRIVATE_VALUE				 100
+  
+  #ifdef  __cplusplus
+  }
+  #endif
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dh_err.c ../RELENG_4_6/crypto/openssl/crypto/dh/dh_err.c
+*** crypto/openssl/crypto/dh/dh_err.c	Sun Aug 20 04:46:21 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dh/dh_err.c	Wed Mar 20 11:01:28 2002
+***************
+*** 1,6 ****
+  /* crypto/dh/dh_err.c */
+  /* ====================================================================
+!  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 1,6 ----
+  /* crypto/dh/dh_err.c */
+  /* ====================================================================
+!  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+***************
+*** 77,82 ****
+--- 77,83 ----
+  
+  static ERR_STRING_DATA DH_str_reasons[]=
+  	{
++ {DH_R_BAD_GENERATOR                      ,"bad generator"},
+  {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
+  {0,NULL}
+  	};
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dh_gen.c ../RELENG_4_6/crypto/openssl/crypto/dh/dh_gen.c
+*** crypto/openssl/crypto/dh/dh_gen.c	Sun Aug 20 04:46:21 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dh/dh_gen.c	Wed Mar 20 11:01:29 2002
+***************
+*** 82,88 ****
+   * Since DH should be using a safe prime (both p and q are prime),
+   * this generator function can take a very very long time to run.
+   */
+! 
+  DH *DH_generate_parameters(int prime_len, int generator,
+  	     void (*callback)(int,int,void *), void *cb_arg)
+  	{
+--- 82,91 ----
+   * Since DH should be using a safe prime (both p and q are prime),
+   * this generator function can take a very very long time to run.
+   */
+! /* Actually there is no reason to insist that 'generator' be a generator.
+!  * It's just as OK (and in some sense better) to use a generator of the
+!  * order-q subgroup.
+!  */
+  DH *DH_generate_parameters(int prime_len, int generator,
+  	     void (*callback)(int,int,void *), void *cb_arg)
+  	{
+***************
+*** 100,129 ****
+  	t2 = BN_CTX_get(ctx);
+  	if (t1 == NULL || t2 == NULL) goto err;
+  	
+  	if (generator == DH_GENERATOR_2)
+  		{
+! 		BN_set_word(t1,24);
+! 		BN_set_word(t2,11);
+  		g=2;
+  		}
+! #ifdef undef  /* does not work for safe primes */
+  	else if (generator == DH_GENERATOR_3)
+  		{
+! 		BN_set_word(t1,12);
+! 		BN_set_word(t2,5);
+  		g=3;
+  		}
+  #endif
+  	else if (generator == DH_GENERATOR_5)
+  		{
+! 		BN_set_word(t1,10);
+! 		BN_set_word(t2,3);
+  		/* BN_set_word(t3,7); just have to miss
+  		 * out on these ones :-( */
+  		g=5;
+  		}
+  	else
+  		g=generator;
+  	
+  	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
+  	if (p == NULL) goto err;
+--- 103,145 ----
+  	t2 = BN_CTX_get(ctx);
+  	if (t1 == NULL || t2 == NULL) goto err;
+  	
++ 	if (generator <= 1)
++ 		{
++ 		DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR);
++ 		goto err;
++ 		}
+  	if (generator == DH_GENERATOR_2)
+  		{
+! 		if (!BN_set_word(t1,24)) goto err;
+! 		if (!BN_set_word(t2,11)) goto err;
+  		g=2;
+  		}
+! #if 0 /* does not work for safe primes */
+  	else if (generator == DH_GENERATOR_3)
+  		{
+! 		if (!BN_set_word(t1,12)) goto err;
+! 		if (!BN_set_word(t2,5)) goto err;
+  		g=3;
+  		}
+  #endif
+  	else if (generator == DH_GENERATOR_5)
+  		{
+! 		if (!BN_set_word(t1,10)) goto err;
+! 		if (!BN_set_word(t2,3)) goto err;
+  		/* BN_set_word(t3,7); just have to miss
+  		 * out on these ones :-( */
+  		g=5;
+  		}
+  	else
++ 		{
++ 		/* in the general case, don't worry if 'generator' is a
++ 		 * generator or not: since we are using safe primes,
++ 		 * it will generate either an order-q or an order-2q group,
++ 		 * which both is OK */
++ 		if (!BN_set_word(t1,2)) goto err;
++ 		if (!BN_set_word(t2,1)) goto err;
+  		g=generator;
++ 		}
+  	
+  	p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg);
+  	if (p == NULL) goto err;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dh_key.c ../RELENG_4_6/crypto/openssl/crypto/dh/dh_key.c
+*** crypto/openssl/crypto/dh/dh_key.c	Wed Jul  4 19:19:21 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/dh/dh_key.c	Fri Jul 27 18:45:19 2001
+***************
+*** 99,104 ****
+--- 99,106 ----
+  static int generate_key(DH *dh)
+  	{
+  	int ok=0;
++ 	int generate_new_key=0;
++ 	unsigned l;
+  	BN_CTX ctx;
+  	BN_MONT_CTX *mont;
+  	BIGNUM *pub_key=NULL,*priv_key=NULL;
+***************
+*** 109,117 ****
+  		{
+  		priv_key=BN_new();
+  		if (priv_key == NULL) goto err;
+! 		do
+! 			if (!BN_rand_range(priv_key, dh->p)) goto err;
+! 		while (BN_is_zero(priv_key));
+  		}
+  	else
+  		priv_key=dh->priv_key;
+--- 111,117 ----
+  		{
+  		priv_key=BN_new();
+  		if (priv_key == NULL) goto err;
+! 		generate_new_key=1;
+  		}
+  	else
+  		priv_key=dh->priv_key;
+***************
+*** 132,139 ****
+  		}
+  	mont=(BN_MONT_CTX *)dh->method_mont_p;
+  
+! 	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont))
+! 								goto err;
+  		
+  	dh->pub_key=pub_key;
+  	dh->priv_key=priv_key;
+--- 132,143 ----
+  		}
+  	mont=(BN_MONT_CTX *)dh->method_mont_p;
+  
+! 	if (generate_new_key)
+! 		{
+! 		l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
+! 		if (!BN_rand(priv_key, l, 0, 0)) goto err;
+! 		}
+! 	if (!dh->meth->bn_mod_exp(dh, pub_key,dh->g,priv_key,dh->p,&ctx,mont)) goto err;
+  		
+  	dh->pub_key=pub_key;
+  	dh->priv_key=priv_key;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dh_lib.c ../RELENG_4_6/crypto/openssl/crypto/dh/dh_lib.c
+*** crypto/openssl/crypto/dh/dh_lib.c	Wed Jul  4 19:19:21 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/dh/dh_lib.c	Fri Jul 27 08:36:16 2001
+***************
+*** 63,69 ****
+  
+  const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+  
+! static DH_METHOD *default_DH_method;
+  static int dh_meth_num = 0;
+  static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
+  
+--- 63,69 ----
+  
+  const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+  
+! static DH_METHOD *default_DH_method = NULL;
+  static int dh_meth_num = 0;
+  static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dh_meth = NULL;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dhtest.c ../RELENG_4_6/crypto/openssl/crypto/dh/dhtest.c
+*** crypto/openssl/crypto/dh/dhtest.c	Sun Nov 26 06:33:27 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dh/dhtest.c	Thu Nov 28 13:55:34 2002
+***************
+*** 59,64 ****
+--- 59,67 ----
+  #include <stdio.h>
+  #include <stdlib.h>
+  #include <string.h>
++ 
++ #include "../e_os.h"
++ 
+  #ifdef WINDOWS
+  #include "../bio/bss_file.c" 
+  #endif
+***************
+*** 66,71 ****
+--- 69,75 ----
+  #include <openssl/bio.h>
+  #include <openssl/bn.h>
+  #include <openssl/rand.h>
++ #include <openssl/err.h>
+  
+  #ifdef NO_DH
+  int main(int argc, char *argv[])
+***************
+*** 106,117 ****
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) exit(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+  	if (a == NULL) goto err;
+  
+  	BIO_puts(out,"\np    =");
+  	BN_print(out,a->p);
+  	BIO_puts(out,"\ng    =");
+--- 110,131 ----
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) EXIT(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+  	if (a == NULL) goto err;
+  
++ 	if (!DH_check(a, &i)) goto err;
++ 	if (i & DH_CHECK_P_NOT_PRIME)
++ 		BIO_puts(out, "p value is not prime\n");
++ 	if (i & DH_CHECK_P_NOT_SAFE_PRIME)
++ 		BIO_puts(out, "p value is not a safe prime\n");
++ 	if (i & DH_UNABLE_TO_CHECK_GENERATOR)
++ 		BIO_puts(out, "unable to check the generator value\n");
++ 	if (i & DH_NOT_SUITABLE_GENERATOR)
++ 		BIO_puts(out, "the g value is not a generator\n");
++ 
+  	BIO_puts(out,"\np    =");
+  	BN_print(out,a->p);
+  	BIO_puts(out,"\ng    =");
+***************
+*** 170,181 ****
+  	else
+  		ret=0;
+  err:
+  	if (abuf != NULL) OPENSSL_free(abuf);
+  	if (bbuf != NULL) OPENSSL_free(bbuf);
+  	if(b != NULL) DH_free(b);
+  	if(a != NULL) DH_free(a);
+  	BIO_free(out);
+! 	exit(ret);
+  	return(ret);
+  	}
+  
+--- 184,197 ----
+  	else
+  		ret=0;
+  err:
++ 	ERR_print_errors_fp(stderr);
++ 
+  	if (abuf != NULL) OPENSSL_free(abuf);
+  	if (bbuf != NULL) OPENSSL_free(bbuf);
+  	if(b != NULL) DH_free(b);
+  	if(a != NULL) DH_free(a);
+  	BIO_free(out);
+! 	EXIT(ret);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/dsa/Makefile.save
+*** crypto/openssl/crypto/dsa/Makefile.save	Sun Nov 26 06:33:27 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dsa/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,153 ****
+- #
+- # SSLeay/crypto/dsa/Makefile
+- #
+- 
+- DIR=	dsa
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=dsatest.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
+- 	dsa_err.c dsa_ossl.c
+- LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
+- 	dsa_err.o dsa_ossl.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= dsa.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- dsa_asn1.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- dsa_asn1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- dsa_asn1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- dsa_asn1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- dsa_asn1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- dsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- dsa_asn1.o: ../../include/openssl/opensslconf.h
+- dsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- dsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- dsa_asn1.o: ../cryptlib.h
+- dsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- dsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+- dsa_err.o: ../../include/openssl/dsa.h ../../include/openssl/err.h
+- dsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- dsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- dsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- dsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- dsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- dsa_gen.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- dsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- dsa_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- dsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- dsa_gen.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+- dsa_gen.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- dsa_gen.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- dsa_key.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- dsa_key.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- dsa_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- dsa_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- dsa_key.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- dsa_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- dsa_key.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+- dsa_key.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- dsa_key.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- dsa_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- dsa_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- dsa_lib.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+- dsa_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- dsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- dsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- dsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- dsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- dsa_lib.o: ../cryptlib.h
+- dsa_ossl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- dsa_ossl.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- dsa_ossl.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+- dsa_ossl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- dsa_ossl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- dsa_ossl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- dsa_ossl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- dsa_ossl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- dsa_ossl.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- dsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- dsa_sign.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- dsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/dh.h
+- dsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- dsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- dsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- dsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- dsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- dsa_sign.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- dsa_vrf.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- dsa_vrf.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- dsa_vrf.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- dsa_vrf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- dsa_vrf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- dsa_vrf.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- dsa_vrf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- dsa_vrf.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+- dsa_vrf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- dsa_vrf.o: ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/dsa/Makefile.ssl
+*** crypto/openssl/crypto/dsa/Makefile.ssl	Wed Jul  4 19:19:22 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/dsa/Makefile.ssl	Wed Oct  9 09:13:43 2002
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa.h ../RELENG_4_6/crypto/openssl/crypto/dsa/dsa.h
+*** crypto/openssl/crypto/dsa/dsa.h	Sun Nov 26 06:33:27 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dsa/dsa.h	Mon Dec 17 14:23:44 2001
+***************
+*** 178,185 ****
+  int DSA_set_ex_data(DSA *d, int idx, void *arg);
+  void *DSA_get_ex_data(DSA *d, int idx);
+  
+- void	ERR_load_DSA_strings(void );
+- 
+  DSA *	d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length);
+  DSA *	d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length);
+  DSA * 	d2i_DSAparams(DSA **a, unsigned char **pp, long length);
+--- 178,183 ----
+***************
+*** 216,221 ****
+--- 214,220 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_DSA_strings(void);
+  
+  /* Error codes for the DSA functions. */
+  
+***************
+*** 236,244 ****
+  
+  /* Reason codes. */
+  #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
+  
+  #ifdef  __cplusplus
+  }
+  #endif
+  #endif
+- 
+--- 235,243 ----
+  
+  /* Reason codes. */
+  #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
++ #define DSA_R_MISSING_PARAMETERS			 101
+  
+  #ifdef  __cplusplus
+  }
+  #endif
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_asn1.c ../RELENG_4_6/crypto/openssl/crypto/dsa/dsa_asn1.c
+*** crypto/openssl/crypto/dsa/dsa_asn1.c	Sun Nov 26 06:33:27 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dsa/dsa_asn1.c	Thu May 30 08:51:12 2002
+***************
+*** 84,89 ****
+--- 84,90 ----
+  	if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL)
+  		goto err_bn;
+  	M_ASN1_BIT_STRING_free(bs);
++ 	bs = NULL;
+  	M_ASN1_D2I_Finish_2(a);
+  
+  err_bn:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_err.c ../RELENG_4_6/crypto/openssl/crypto/dsa/dsa_err.c
+*** crypto/openssl/crypto/dsa/dsa_err.c	Sun Aug 20 04:46:22 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dsa/dsa_err.c	Thu May 24 18:33:16 2001
+***************
+*** 85,90 ****
+--- 85,91 ----
+  static ERR_STRING_DATA DSA_str_reasons[]=
+  	{
+  {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
++ {DSA_R_MISSING_PARAMETERS                ,"missing parameters"},
+  {0,NULL}
+  	};
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_lib.c ../RELENG_4_6/crypto/openssl/crypto/dsa/dsa_lib.c
+*** crypto/openssl/crypto/dsa/dsa_lib.c	Wed Jul  4 19:19:22 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/dsa/dsa_lib.c	Thu Jul 26 05:03:42 2001
+***************
+*** 66,72 ****
+  
+  const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+  
+! static DSA_METHOD *default_DSA_method;
+  static int dsa_meth_num = 0;
+  static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
+  
+--- 66,72 ----
+  
+  const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+  
+! static DSA_METHOD *default_DSA_method = NULL;
+  static int dsa_meth_num = 0;
+  static STACK_OF(CRYPTO_EX_DATA_FUNCS) *dsa_meth = NULL;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_ossl.c ../RELENG_4_6/crypto/openssl/crypto/dsa/dsa_ossl.c
+*** crypto/openssl/crypto/dsa/dsa_ossl.c	Wed Jul  4 19:19:22 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/dsa/dsa_ossl.c	Tue Jun 26 05:48:56 2001
+***************
+*** 105,110 ****
+--- 105,115 ----
+  	int i,reason=ERR_R_BN_LIB;
+  	DSA_SIG *ret=NULL;
+  
++ 	if (!dsa->p || !dsa->q || !dsa->g)
++ 		{
++ 		reason=DSA_R_MISSING_PARAMETERS;
++ 		goto err;
++ 		}
+  	BN_init(&m);
+  	BN_init(&xr);
+  	s=BN_new();
+***************
+*** 167,172 ****
+--- 172,182 ----
+  	BIGNUM k,*kinv=NULL,*r=NULL;
+  	int ret=0;
+  
++ 	if (!dsa->p || !dsa->q || !dsa->g)
++ 		{
++ 		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
++ 		return 0;
++ 		}
+  	if (ctx_in == NULL)
+  		{
+  		if ((ctx=BN_CTX_new()) == NULL) goto err;
+***************
+*** 229,234 ****
+--- 239,255 ----
+  	BN_init(&u1);
+  	BN_init(&u2);
+  	BN_init(&t1);
++ 
++ 	if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
++ 		{
++ 		ret = 0;
++ 		goto err;
++ 		}
++ 	if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0)
++ 		{
++ 		ret = 0;
++ 		goto err;
++ 		}
+  
+  	/* Calculate W = inv(S) mod Q
+  	 * save W in u2 */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsatest.c ../RELENG_4_6/crypto/openssl/crypto/dsa/dsatest.c
+*** crypto/openssl/crypto/dsa/dsatest.c	Sun Aug 20 04:46:22 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dsa/dsatest.c	Fri Dec 27 20:47:11 2002
+***************
+*** 61,66 ****
+--- 61,69 ----
+  #include <string.h>
+  #include <sys/types.h>
+  #include <sys/stat.h>
++ 
++ #include "../e_os.h"
++ 
+  #include <openssl/crypto.h>
+  #include <openssl/rand.h>
+  #include <openssl/bio.h>
+***************
+*** 207,216 ****
+  		BIO_free(bio_err);
+  		bio_err = NULL;
+  		}
+! 	exit(!ret);
+  	return(0);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+  	{
+  	char c='*';
+--- 210,225 ----
+  		BIO_free(bio_err);
+  		bio_err = NULL;
+  		}
+! 	EXIT(!ret);
+  	return(0);
+  	}
+  
++ static int cb_exit(int ec)
++ 	{
++ 	EXIT(ec);
++ 	return(0);		/* To keep some compilers quiet */
++ 	}
++ 
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+  	{
+  	char c='*';
+***************
+*** 226,232 ****
+  	if (!ok && (p == 0) && (num > 1))
+  		{
+  		BIO_printf((BIO *)arg,"error in dsatest\n");
+! 		exit(1);
+  		}
+  	}
+  #endif
+--- 235,241 ----
+  	if (!ok && (p == 0) && (num > 1))
+  		{
+  		BIO_printf((BIO *)arg,"error in dsatest\n");
+! 		cb_exit(1);
+  		}
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dso/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/dso/Makefile.ssl
+*** crypto/openssl/crypto/dso/Makefile.ssl	Wed Jul  4 19:19:23 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/dso/Makefile.ssl	Wed Oct  9 09:13:47 2002
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dso/dso.h ../RELENG_4_6/crypto/openssl/crypto/dso/dso.h
+*** crypto/openssl/crypto/dso/dso.h	Sun Nov 26 06:33:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dso/dso.h	Mon Dec 17 14:23:48 2001
+***************
+*** 194,205 ****
+  /* If VMS is defined, use shared images. If not, return NULL. */
+  DSO_METHOD *DSO_METHOD_vms(void);
+  
+- void ERR_load_DSO_strings(void);
+- 
+  /* BEGIN ERROR CODES */
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
+  
+  /* Error codes for the DSO functions. */
+  
+--- 194,204 ----
+  /* If VMS is defined, use shared images. If not, return NULL. */
+  DSO_METHOD *DSO_METHOD_vms(void);
+  
+  /* BEGIN ERROR CODES */
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_DSO_strings(void);
+  
+  /* Error codes for the DSO functions. */
+  
+***************
+*** 247,250 ****
+  }
+  #endif
+  #endif
+- 
+--- 246,248 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dso/dso_dlfcn.c ../RELENG_4_6/crypto/openssl/crypto/dso/dso_dlfcn.c
+*** crypto/openssl/crypto/dso/dso_dlfcn.c	Sun Nov 26 06:33:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dso/dso_dlfcn.c	Wed May 29 16:55:25 2002
+***************
+*** 112,118 ****
+   * as we don't have autoconf yet, I'm implementing a hack that could
+   * be hacked further relatively easily to deal with cases as we find
+   * them. Initially this is to cope with OpenBSD. */
+! #ifdef __OpenBSD__
+  #	ifdef DL_LAZY
+  #		define DLOPEN_FLAG DL_LAZY
+  #	else
+--- 112,118 ----
+   * as we don't have autoconf yet, I'm implementing a hack that could
+   * be hacked further relatively easily to deal with cases as we find
+   * them. Initially this is to cope with OpenBSD. */
+! #if defined(__OpenBSD__) || defined(__NetBSD__)
+  #	ifdef DL_LAZY
+  #		define DLOPEN_FLAG DL_LAZY
+  #	else
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ebcdic.c ../RELENG_4_6/crypto/openssl/crypto/ebcdic.c
+*** crypto/openssl/crypto/ebcdic.c	Wed Jul  4 19:19:11 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/ebcdic.c	Tue Jul 16 06:46:04 2002
+***************
+*** 211,217 ****
+  }
+  
+  #else /*CHARSET_EBCDIC*/
+! #if defined(PEDANTIC) || defined(VMS) || defined(__VMS)
+  static void *dummy=&dummy;
+  #endif
+  #endif
+--- 211,217 ----
+  }
+  
+  #else /*CHARSET_EBCDIC*/
+! #if defined(PEDANTIC) || defined(VMS) || defined(__VMS) || defined(_DARWIN)
+  static void *dummy=&dummy;
+  #endif
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/err/Makefile.save
+*** crypto/openssl/crypto/err/Makefile.save	Sun Nov 26 06:33:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/err/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,115 ****
+- #
+- # SSLeay/crypto/err/Makefile
+- #
+- 
+- DIR=	err
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=err.c err_all.c err_prn.c
+- LIBOBJ=err.o err_all.o err_prn.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= err.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- err.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- err.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- err.o: ../cryptlib.h
+- err_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- err_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- err_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+- err_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+- err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+- err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- err_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+- err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- err_prn.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- err_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- err_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- err_prn.o: ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/err/Makefile.ssl
+*** crypto/openssl/crypto/err/Makefile.ssl	Wed Jul  4 19:19:23 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/err/Makefile.ssl	Wed Oct  9 09:13:50 2002
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 92,112 ****
+  err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+! err_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! err_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! err_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! err_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! err_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! err_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! err_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! err_all.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+! err_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+! err_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! err_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! err_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! err_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! err_all.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! err_all.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+  err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+--- 92,112 ----
+  err_all.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  err_all.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  err_all.o: ../../include/openssl/dsa.h ../../include/openssl/dso.h
+! err_all.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! err_all.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! err_all.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! err_all.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! err_all.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! err_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! err_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pem2.h
+! err_all.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+! err_all.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+! err_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! err_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! err_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! err_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! err_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! err_all.o: ../../include/openssl/x509v3.h
+  err_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  err_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  err_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/err.c ../RELENG_4_6/crypto/openssl/crypto/err/err.c
+*** crypto/openssl/crypto/err/err.c	Wed Jul  4 19:19:23 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/err/err.c	Mon Sep 24 11:06:44 2001
+***************
+*** 784,790 ****
+  				if (p == NULL)
+  					{
+  					OPENSSL_free(str);
+! 					return;
+  					}
+  				else
+  					str=p;
+--- 784,790 ----
+  				if (p == NULL)
+  					{
+  					OPENSSL_free(str);
+! 					goto err;
+  					}
+  				else
+  					str=p;
+***************
+*** 794,799 ****
+--- 794,800 ----
+  		}
+  	ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING);
+  
++ err:
+  	va_end(args);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/err.h ../RELENG_4_6/crypto/openssl/crypto/err/err.h
+*** crypto/openssl/crypto/err/err.h	Sun Nov 26 06:33:30 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/err/err.h	Thu Dec 20 20:12:43 2001
+***************
+*** 132,137 ****
+--- 132,138 ----
+  #define ERR_LIB_PKCS12		35
+  #define ERR_LIB_RAND		36
+  #define ERR_LIB_DSO		37
++ #define ERR_LIB_COMP		41
+  
+  #define ERR_LIB_USER		128
+  
+***************
+*** 161,166 ****
+--- 162,168 ----
+  #define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),ERR_file_name,__LINE__)
+  #define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
+  #define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__)
++ #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),ERR_file_name,__LINE__)
+  
+  /* Borland C seems too stupid to be able to shift and do longs in
+   * the pre-processor :-( */
+***************
+*** 210,215 ****
+--- 212,218 ----
+  #define ERR_R_PKCS7_LIB	ERR_LIB_PKCS7
+  #define ERR_R_PKCS12_LIB ERR_LIB_PKCS12
+  #define ERR_R_DSO_LIB	ERR_LIB_DSO
++ #define ERR_R_COMP_LIB	ERR_LIB_COMP
+  
+  /* fatal error */
+  #define	ERR_R_MALLOC_FAILURE			(1|ERR_R_FATAL)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/evp/Makefile.save
+*** crypto/openssl/crypto/evp/Makefile.save	Sun Nov 26 06:33:31 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,916 ****
+- #
+- # SSLeay/crypto/evp/Makefile
+- #
+- 
+- DIR=	evp
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC= encode.c digest.c evp_enc.c evp_key.c \
+- 	e_des.c e_bf.c e_idea.c e_des3.c \
+- 	e_rc4.c names.c \
+- 	e_xcbc_d.c e_rc2.c e_cast.c e_rc5.c \
+- 	m_null.c m_md2.c m_md4.c m_md5.c m_sha.c m_sha1.c \
+- 	m_dss.c m_dss1.c m_mdc2.c m_ripemd.c \
+- 	p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c \
+- 	bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c \
+- 	c_all.c c_allc.c c_alld.c evp_lib.c bio_ok.c \
+- 	evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+- 
+- LIBOBJ=	encode.o digest.o evp_enc.o evp_key.o \
+- 	e_des.o e_bf.o e_idea.o e_des3.o \
+- 	e_rc4.o names.o \
+- 	e_xcbc_d.o e_rc2.o e_cast.o e_rc5.o \
+- 	m_null.o m_md2.o m_md4.o m_md5.o m_sha.o m_sha1.o \
+- 	m_dss.o m_dss1.o m_mdc2.o m_ripemd.o \
+- 	p_open.o p_seal.o p_sign.o p_verify.o p_lib.o p_enc.o p_dec.o \
+- 	bio_md.o bio_b64.o bio_enc.o evp_err.o e_null.o \
+- 	c_all.o c_allc.o c_alld.o evp_lib.o bio_ok.o \
+- 	evp_pkey.o evp_pbe.o p5_crpt.o p5_crpt2.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= evp.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- bio_b64.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- bio_b64.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- bio_b64.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- bio_b64.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- bio_b64.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- bio_b64.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bio_b64.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- bio_b64.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- bio_b64.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- bio_b64.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- bio_b64.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- bio_b64.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bio_b64.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- bio_b64.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- bio_b64.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- bio_b64.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- bio_b64.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- bio_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- bio_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- bio_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- bio_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- bio_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- bio_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bio_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- bio_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- bio_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- bio_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- bio_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- bio_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bio_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- bio_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- bio_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- bio_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- bio_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- bio_md.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- bio_md.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- bio_md.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- bio_md.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- bio_md.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- bio_md.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bio_md.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- bio_md.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- bio_md.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- bio_md.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- bio_md.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- bio_md.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bio_md.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- bio_md.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- bio_md.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- bio_md.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- bio_md.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- bio_ok.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- bio_ok.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- bio_ok.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- bio_ok.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- bio_ok.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- bio_ok.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- bio_ok.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- bio_ok.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- bio_ok.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- bio_ok.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- bio_ok.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- bio_ok.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- bio_ok.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+- bio_ok.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- bio_ok.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- bio_ok.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- bio_ok.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- bio_ok.o: ../cryptlib.h
+- c_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- c_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- c_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- c_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- c_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- c_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- c_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- c_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- c_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- c_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- c_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- c_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- c_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- c_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- c_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- c_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- c_all.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- c_allc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- c_allc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- c_allc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- c_allc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- c_allc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- c_allc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- c_allc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- c_allc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- c_allc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- c_allc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- c_allc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- c_allc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- c_allc.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+- c_allc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- c_allc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- c_allc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- c_allc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- c_allc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- c_allc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- c_alld.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- c_alld.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- c_alld.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- c_alld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- c_alld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- c_alld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- c_alld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- c_alld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- c_alld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- c_alld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- c_alld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- c_alld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- c_alld.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+- c_alld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- c_alld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- c_alld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- c_alld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- c_alld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- c_alld.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- digest.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- digest.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- digest.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- digest.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- digest.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- digest.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- digest.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- digest.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- digest.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- digest.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- digest.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- digest.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- digest.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- digest.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- digest.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- digest.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- digest.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- e_bf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- e_bf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- e_bf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- e_bf.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- e_bf.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- e_bf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- e_bf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- e_bf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- e_bf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- e_bf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- e_bf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- e_bf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- e_bf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- e_bf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- e_bf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- e_bf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- e_bf.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+- e_cast.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- e_cast.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- e_cast.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- e_cast.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- e_cast.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- e_cast.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- e_cast.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- e_cast.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- e_cast.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- e_cast.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- e_cast.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- e_cast.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- e_cast.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- e_cast.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- e_cast.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- e_cast.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- e_cast.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+- e_des.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- e_des.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- e_des.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- e_des.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- e_des.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- e_des.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- e_des.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- e_des.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- e_des.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- e_des.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- e_des.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- e_des.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- e_des.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- e_des.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- e_des.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- e_des.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- e_des.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+- e_des3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- e_des3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- e_des3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- e_des3.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- e_des3.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- e_des3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- e_des3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- e_des3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- e_des3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- e_des3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- e_des3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- e_des3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- e_des3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- e_des3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- e_des3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- e_des3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- e_des3.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+- e_idea.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- e_idea.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- e_idea.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- e_idea.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- e_idea.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- e_idea.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- e_idea.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- e_idea.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- e_idea.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- e_idea.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- e_idea.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- e_idea.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- e_idea.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- e_idea.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- e_idea.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- e_idea.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- e_idea.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+- e_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- e_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- e_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- e_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- e_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- e_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- e_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- e_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- e_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- e_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- e_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- e_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- e_null.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- e_null.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- e_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- e_null.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- e_null.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- e_rc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- e_rc2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- e_rc2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- e_rc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- e_rc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- e_rc2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- e_rc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- e_rc2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- e_rc2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- e_rc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- e_rc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- e_rc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- e_rc2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- e_rc2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- e_rc2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- e_rc2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- e_rc2.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+- e_rc4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- e_rc4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- e_rc4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- e_rc4.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- e_rc4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- e_rc4.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- e_rc4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- e_rc4.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- e_rc4.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- e_rc4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- e_rc4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- e_rc4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- e_rc4.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- e_rc4.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- e_rc4.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- e_rc4.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- e_rc4.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- e_rc5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- e_rc5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- e_rc5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- e_rc5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- e_rc5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- e_rc5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- e_rc5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- e_rc5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- e_rc5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- e_rc5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- e_rc5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- e_rc5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- e_rc5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- e_rc5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- e_rc5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- e_rc5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- e_rc5.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+- e_xcbc_d.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- e_xcbc_d.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- e_xcbc_d.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- e_xcbc_d.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- e_xcbc_d.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- e_xcbc_d.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- e_xcbc_d.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- e_xcbc_d.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- e_xcbc_d.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- e_xcbc_d.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- e_xcbc_d.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- e_xcbc_d.o: ../../include/openssl/opensslconf.h
+- e_xcbc_d.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+- e_xcbc_d.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- e_xcbc_d.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- e_xcbc_d.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- e_xcbc_d.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- e_xcbc_d.o: ../cryptlib.h
+- encode.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- encode.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- encode.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- encode.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- encode.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- encode.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- encode.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- encode.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- encode.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- encode.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- encode.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- encode.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- encode.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- encode.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- encode.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- encode.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- encode.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- evp_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- evp_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- evp_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- evp_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- evp_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- evp_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- evp_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- evp_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- evp_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- evp_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- evp_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- evp_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- evp_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- evp_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- evp_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- evp_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- evp_enc.o: ../../include/openssl/symhacks.h ../cryptlib.h evp_locl.h
+- evp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- evp_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- evp_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- evp_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- evp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+- evp_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- evp_err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- evp_err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- evp_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- evp_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- evp_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- evp_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- evp_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- evp_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- evp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- evp_err.o: ../../include/openssl/symhacks.h
+- evp_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- evp_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- evp_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- evp_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- evp_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- evp_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- evp_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- evp_key.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- evp_key.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- evp_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- evp_key.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- evp_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- evp_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- evp_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- evp_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- evp_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- evp_key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- evp_key.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- evp_key.o: ../cryptlib.h
+- evp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- evp_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- evp_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- evp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- evp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- evp_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- evp_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- evp_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- evp_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- evp_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- evp_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- evp_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- evp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- evp_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- evp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- evp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- evp_lib.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- evp_pbe.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- evp_pbe.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- evp_pbe.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- evp_pbe.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- evp_pbe.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- evp_pbe.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- evp_pbe.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- evp_pbe.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- evp_pbe.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- evp_pbe.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- evp_pbe.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- evp_pbe.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- evp_pbe.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- evp_pbe.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- evp_pbe.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- evp_pbe.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- evp_pbe.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- evp_pbe.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- evp_pbe.o: ../cryptlib.h
+- evp_pkey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- evp_pkey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- evp_pkey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- evp_pkey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- evp_pkey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- evp_pkey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- evp_pkey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- evp_pkey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- evp_pkey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- evp_pkey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- evp_pkey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- evp_pkey.o: ../../include/openssl/opensslconf.h
+- evp_pkey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- evp_pkey.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+- evp_pkey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- evp_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- evp_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- evp_pkey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- evp_pkey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- evp_pkey.o: ../cryptlib.h
+- m_dss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- m_dss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- m_dss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- m_dss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- m_dss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- m_dss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- m_dss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- m_dss.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- m_dss.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- m_dss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- m_dss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- m_dss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- m_dss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- m_dss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- m_dss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- m_dss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- m_dss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- m_dss.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- m_dss.o: ../cryptlib.h
+- m_dss1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- m_dss1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- m_dss1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- m_dss1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- m_dss1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- m_dss1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- m_dss1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- m_dss1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- m_dss1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- m_dss1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- m_dss1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- m_dss1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- m_dss1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- m_dss1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- m_dss1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- m_dss1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- m_dss1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- m_dss1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- m_dss1.o: ../cryptlib.h
+- m_md2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- m_md2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- m_md2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- m_md2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- m_md2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- m_md2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- m_md2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- m_md2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- m_md2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- m_md2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- m_md2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- m_md2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- m_md2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- m_md2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- m_md2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- m_md2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- m_md2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- m_md2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- m_md2.o: ../cryptlib.h
+- m_md4.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- m_md4.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- m_md4.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- m_md4.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- m_md4.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- m_md4.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- m_md4.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- m_md4.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- m_md4.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- m_md4.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- m_md4.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- m_md4.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- m_md4.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- m_md4.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- m_md4.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- m_md4.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- m_md4.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- m_md4.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- m_md4.o: ../cryptlib.h
+- m_md5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- m_md5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- m_md5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- m_md5.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- m_md5.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- m_md5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- m_md5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- m_md5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- m_md5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- m_md5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- m_md5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- m_md5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- m_md5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- m_md5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- m_md5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- m_md5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- m_md5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- m_md5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- m_md5.o: ../cryptlib.h
+- m_mdc2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- m_mdc2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- m_mdc2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- m_mdc2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- m_mdc2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- m_mdc2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- m_mdc2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- m_mdc2.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- m_mdc2.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- m_mdc2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- m_mdc2.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- m_mdc2.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- m_mdc2.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- m_mdc2.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- m_mdc2.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- m_mdc2.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- m_mdc2.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- m_mdc2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- m_mdc2.o: ../cryptlib.h
+- m_null.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- m_null.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- m_null.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- m_null.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- m_null.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- m_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- m_null.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- m_null.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- m_null.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- m_null.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- m_null.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- m_null.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- m_null.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- m_null.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- m_null.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- m_null.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- m_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- m_null.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- m_null.o: ../cryptlib.h
+- m_ripemd.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- m_ripemd.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- m_ripemd.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- m_ripemd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- m_ripemd.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- m_ripemd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- m_ripemd.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- m_ripemd.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- m_ripemd.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- m_ripemd.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- m_ripemd.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- m_ripemd.o: ../../include/openssl/opensslconf.h
+- m_ripemd.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- m_ripemd.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- m_ripemd.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- m_ripemd.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- m_ripemd.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- m_ripemd.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- m_ripemd.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- m_sha.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- m_sha.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- m_sha.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- m_sha.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- m_sha.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- m_sha.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- m_sha.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- m_sha.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- m_sha.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- m_sha.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- m_sha.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- m_sha.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- m_sha.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- m_sha.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- m_sha.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- m_sha.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- m_sha.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- m_sha.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- m_sha.o: ../cryptlib.h
+- m_sha1.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- m_sha1.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- m_sha1.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- m_sha1.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- m_sha1.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- m_sha1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- m_sha1.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- m_sha1.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- m_sha1.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- m_sha1.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- m_sha1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- m_sha1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- m_sha1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- m_sha1.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- m_sha1.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- m_sha1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- m_sha1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- m_sha1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- m_sha1.o: ../cryptlib.h
+- names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- names.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- names.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- names.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- names.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- names.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- names.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- names.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- names.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- names.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- names.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- names.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- names.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- names.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- names.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- names.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- names.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- names.o: ../cryptlib.h
+- p5_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p5_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p5_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p5_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p5_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p5_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p5_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p5_crpt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- p5_crpt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- p5_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p5_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- p5_crpt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- p5_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p5_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p5_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p5_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p5_crpt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- p5_crpt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- p5_crpt.o: ../cryptlib.h
+- p5_crpt2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p5_crpt2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p5_crpt2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p5_crpt2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p5_crpt2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p5_crpt2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p5_crpt2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p5_crpt2.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+- p5_crpt2.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p5_crpt2.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p5_crpt2.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p5_crpt2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p5_crpt2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p5_crpt2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p5_crpt2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p5_crpt2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p5_crpt2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p5_crpt2.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p5_crpt2.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p_dec.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p_dec.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p_dec.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p_dec.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p_dec.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p_dec.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p_dec.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p_dec.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- p_dec.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- p_dec.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p_dec.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- p_dec.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- p_dec.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+- p_dec.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p_dec.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p_dec.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p_dec.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p_dec.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p_dec.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p_enc.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p_enc.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p_enc.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p_enc.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p_enc.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p_enc.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p_enc.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p_enc.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- p_enc.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- p_enc.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p_enc.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- p_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- p_enc.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+- p_enc.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p_enc.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p_enc.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p_enc.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p_enc.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p_enc.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- p_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- p_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- p_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p_open.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p_open.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p_open.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p_open.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p_open.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p_open.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p_open.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p_open.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- p_open.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- p_open.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p_open.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- p_open.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- p_open.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p_open.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p_open.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p_open.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p_open.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- p_open.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- p_open.o: ../cryptlib.h
+- p_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- p_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- p_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- p_seal.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- p_seal.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+- p_seal.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p_seal.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p_seal.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p_seal.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p_seal.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p_seal.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- p_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- p_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- p_sign.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- p_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- p_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- p_sign.o: ../cryptlib.h
+- p_verify.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p_verify.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p_verify.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p_verify.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p_verify.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p_verify.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p_verify.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p_verify.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- p_verify.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- p_verify.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p_verify.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- p_verify.o: ../../include/openssl/opensslconf.h
+- p_verify.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- p_verify.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p_verify.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p_verify.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p_verify.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p_verify.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- p_verify.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/evp/Makefile.ssl
+*** crypto/openssl/crypto/evp/Makefile.ssl	Wed Jul  4 19:19:24 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/Makefile.ssl	Wed Oct  9 09:13:54 2002
+***************
+*** 87,93 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 87,93 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_b64.c ../RELENG_4_6/crypto/openssl/crypto/evp/bio_b64.c
+*** crypto/openssl/crypto/evp/bio_b64.c	Sun Nov 26 06:33:31 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/bio_b64.c	Thu Oct 11 15:43:45 2001
+***************
+*** 465,471 ****
+  		break;
+  	case BIO_CTRL_WPENDING: /* More to write in buffer */
+  		ret=ctx->buf_len-ctx->buf_off;
+! 		if ((ret == 0) && (ctx->base64.num != 0))
+  			ret=1;
+  		else if (ret <= 0)
+  			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+--- 465,472 ----
+  		break;
+  	case BIO_CTRL_WPENDING: /* More to write in buffer */
+  		ret=ctx->buf_len-ctx->buf_off;
+! 		if ((ret == 0) && (ctx->encode != B64_NONE)
+! 			&& (ctx->base64.num != 0))
+  			ret=1;
+  		else if (ret <= 0)
+  			ret=BIO_ctrl(b->next_bio,cmd,num,ptr);
+***************
+*** 500,506 ****
+  				goto again;
+  				}
+  			}
+! 		else if (ctx->base64.num != 0)
+  			{
+  			ctx->buf_off=0;
+  			EVP_EncodeFinal(&(ctx->base64),
+--- 501,507 ----
+  				goto again;
+  				}
+  			}
+! 		else if (ctx->encode != B64_NONE && ctx->base64.num != 0)
+  			{
+  			ctx->buf_off=0;
+  			EVP_EncodeFinal(&(ctx->base64),
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_enc.c ../RELENG_4_6/crypto/openssl/crypto/evp/bio_enc.c
+*** crypto/openssl/crypto/evp/bio_enc.c	Sun Nov 26 06:33:31 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/bio_enc.c	Thu Nov 28 03:05:55 2002
+***************
+*** 106,113 ****
+  	BIO_ENC_CTX *ctx;
+  
+  	ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
+- 	EVP_CIPHER_CTX_init(&ctx->cipher);
+  	if (ctx == NULL) return(0);
+  
+  	ctx->buf_len=0;
+  	ctx->buf_off=0;
+--- 106,113 ----
+  	BIO_ENC_CTX *ctx;
+  
+  	ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX));
+  	if (ctx == NULL) return(0);
++ 	EVP_CIPHER_CTX_init(&ctx->cipher);
+  
+  	ctx->buf_len=0;
+  	ctx->buf_off=0;
+***************
+*** 128,134 ****
+  	if (a == NULL) return(0);
+  	b=(BIO_ENC_CTX *)a->ptr;
+  	EVP_CIPHER_CTX_cleanup(&(b->cipher));
+! 	memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 128,134 ----
+  	if (a == NULL) return(0);
+  	b=(BIO_ENC_CTX *)a->ptr;
+  	EVP_CIPHER_CTX_cleanup(&(b->cipher));
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_ok.c ../RELENG_4_6/crypto/openssl/crypto/evp/bio_ok.c
+*** crypto/openssl/crypto/evp/bio_ok.c	Sun Nov 26 06:33:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/bio_ok.c	Thu Nov 28 03:05:56 2002
+***************
+*** 208,214 ****
+  static int ok_free(BIO *a)
+  	{
+  	if (a == NULL) return(0);
+! 	memset(a->ptr,0,sizeof(BIO_OK_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 208,214 ----
+  static int ok_free(BIO *a)
+  	{
+  	if (a == NULL) return(0);
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_bf.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_bf.c
+*** crypto/openssl/crypto/evp/e_bf.c	Sun Nov 26 06:38:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_bf.c	Thu May 24 19:00:44 2001
+***************
+*** 67,73 ****
+  		       const unsigned char *iv, int enc);
+  
+  IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
+! 			0, bf_init_key, NULL, 
+  			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+  	
+  static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+--- 67,73 ----
+  		       const unsigned char *iv, int enc);
+  
+  IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8,
+! 			EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, 
+  			EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
+  	
+  static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cbc_3d.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_3d.c
+*** crypto/openssl/crypto/evp/e_cbc_3d.c	Sun Aug 20 04:46:24 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_3d.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,151 ****
+- /* crypto/evp/e_cbc_3d.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_DES
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER d_cbc_ede_cipher2=
+- 	{
+- 	NID_des_ede_cbc,
+- 	8,16,8,
+- 	des_cbc_ede_init_key,
+- 	des_cbc_ede_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- static EVP_CIPHER d_cbc_ede_cipher3=
+- 	{
+- 	NID_des_ede3_cbc,
+- 	8,24,8,
+- 	des_cbc_ede3_init_key,
+- 	des_cbc_ede_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_des_ede_cbc(void)
+- 	{
+- 	return(&d_cbc_ede_cipher2);
+- 	}
+- 
+- EVP_CIPHER *EVP_des_ede3_cbc(void)
+- 	{
+- 	return(&d_cbc_ede_cipher3);
+- 	}
+- 	
+- static void des_cbc_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 
+- 	if (deskey != NULL)
+- 		{
+- 		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+- 		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+- 		memcpy( (char *)ctx->c.des_ede.ks3,
+- 			(char *)ctx->c.des_ede.ks1,
+- 			sizeof(ctx->c.des_ede.ks1));
+- 		}
+- 	}
+- 
+- static void des_cbc_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 
+- 	if (deskey != NULL)
+- 		{
+- 		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+- 		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+- 		des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
+- 		}
+- 	}
+- 
+- static void des_cbc_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	des_ede3_cbc_encrypt(in,out,inl, ctx->c.des_ede.ks1,
+- 		ctx->c.des_ede.ks2,ctx->c.des_ede.ks3,
+- 		(des_cblock *) &(ctx->iv[0]),
+- 		ctx->encrypt);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cbc_bf.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_bf.c
+*** crypto/openssl/crypto/evp/e_cbc_bf.c	Mon Jan 10 01:21:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_bf.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,106 ****
+- /* crypto/evp/e_cbc_bf.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_BF
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER bfish_cbc_cipher=
+- 	{
+- 	NID_bf_cbc,
+- 	8,EVP_BLOWFISH_KEY_SIZE,8,
+- 	bf_cbc_init_key,
+- 	bf_cbc_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_bf_cbc(void)
+- 	{
+- 	return(&bfish_cbc_cipher);
+- 	}
+- 	
+- static void bf_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+- 	}
+- 
+- static void bf_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	BF_cbc_encrypt(
+- 		in,out,(long)inl,
+- 		&(ctx->c.bf_ks),&(ctx->iv[0]),
+- 		ctx->encrypt);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cbc_c.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_c.c
+*** crypto/openssl/crypto/evp/e_cbc_c.c	Mon Jan 10 01:21:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_c.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,107 ****
+- /* crypto/evp/e_cbc_c.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_CAST
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER cast5_cbc_cipher=
+- 	{
+- 	NID_cast5_cbc,
+- 	8,EVP_CAST5_KEY_SIZE,8,
+- 	cast_cbc_init_key,
+- 	cast_cbc_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_cast5_cbc(void)
+- 	{
+- 	return(&cast5_cbc_cipher);
+- 	}
+- 	
+- static void cast_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+- 	}
+- 
+- static void cast_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	CAST_cbc_encrypt(
+- 		in,out,(long)inl,
+- 		&(ctx->c.cast_ks),&(ctx->iv[0]),
+- 		ctx->encrypt);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cbc_d.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_d.c
+*** crypto/openssl/crypto/evp/e_cbc_d.c	Sun Aug 20 04:46:24 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_d.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,106 ****
+- /* crypto/evp/e_cbc_d.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_DES
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER d_cbc_cipher=
+- 	{
+- 	NID_des_cbc,
+- 	8,8,8,
+- 	des_cbc_init_key,
+- 	des_cbc_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_des_cbc(void)
+- 	{
+- 	return(&d_cbc_cipher);
+- 	}
+- 	
+- static void des_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (deskey != NULL)
+- 		des_set_key_unchecked(deskey,ctx->c.des_ks);
+- 	}
+- 
+- static void des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	des_ncbc_encrypt(in,out,inl,ctx->c.des_ks,
+- 		(des_cblock *)&(ctx->iv[0]),
+- 		ctx->encrypt);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cbc_i.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_i.c
+*** crypto/openssl/crypto/evp/e_cbc_i.c	Mon Jan 10 01:21:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_i.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,119 ****
+- /* crypto/evp/e_cbc_i.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_IDEA
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER i_cbc_cipher=
+- 	{
+- 	NID_idea_cbc,
+- 	8,16,8,
+- 	idea_cbc_init_key,
+- 	idea_cbc_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_idea_cbc(void)
+- 	{
+- 	return(&i_cbc_cipher);
+- 	}
+- 	
+- static void idea_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		{
+- 		if (enc)
+- 			idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+- 		else
+- 			{
+- 			IDEA_KEY_SCHEDULE tmp;
+- 
+- 			idea_set_encrypt_key(key,&tmp);
+- 			idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+- 			memset((unsigned char *)&tmp,0,
+- 				sizeof(IDEA_KEY_SCHEDULE));
+- 			}
+- 		}
+- 	}
+- 
+- static void idea_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	idea_cbc_encrypt(
+- 		in,out,(long)inl,
+- 		&(ctx->c.idea_ks),&(ctx->iv[0]),
+- 		ctx->encrypt);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cbc_r2.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_r2.c
+*** crypto/openssl/crypto/evp/e_cbc_r2.c	Mon Jan 10 01:21:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_r2.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,216 ****
+- /* crypto/evp/e_cbc_r2.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_RC2
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static int rc2_meth_to_magic(const EVP_CIPHER *e);
+- static EVP_CIPHER *rc2_magic_to_meth(int i);
+- static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+- static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type);
+- 
+- #define RC2_40_MAGIC	0xa0
+- #define RC2_64_MAGIC	0x78
+- #define RC2_128_MAGIC	0x3a
+- 
+- static EVP_CIPHER r2_cbc_cipher=
+- 	{
+- 	NID_rc2_cbc,
+- 	8,EVP_RC2_KEY_SIZE,8,
+- 	rc2_cbc_init_key,
+- 	rc2_cbc_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+- 	rc2_set_asn1_type_and_iv,
+- 	rc2_get_asn1_type_and_iv,
+- 	};
+- 
+- static EVP_CIPHER r2_64_cbc_cipher=
+- 	{
+- 	NID_rc2_64_cbc,
+- 	8,8 /* 64 bit */,8,
+- 	rc2_cbc_init_key,
+- 	rc2_cbc_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+- 	rc2_set_asn1_type_and_iv,
+- 	rc2_get_asn1_type_and_iv,
+- 	};
+- 
+- static EVP_CIPHER r2_40_cbc_cipher=
+- 	{
+- 	NID_rc2_40_cbc,
+- 	8,5 /* 40 bit */,8,
+- 	rc2_cbc_init_key,
+- 	rc2_cbc_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+- 	rc2_set_asn1_type_and_iv,
+- 	rc2_get_asn1_type_and_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_rc2_cbc(void)
+- 	{
+- 	return(&r2_cbc_cipher);
+- 	}
+- 
+- EVP_CIPHER *EVP_rc2_64_cbc(void)
+- 	{
+- 	return(&r2_64_cbc_cipher);
+- 	}
+- 
+- EVP_CIPHER *EVP_rc2_40_cbc(void)
+- 	{
+- 	return(&r2_40_cbc_cipher);
+- 	}
+- 	
+- static void rc2_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+- 			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+- 	}
+- 
+- static void rc2_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	RC2_cbc_encrypt(
+- 		in,out,(long)inl,
+- 		&(ctx->c.rc2_ks),&(ctx->iv[0]),
+- 		ctx->encrypt);
+- 	}
+- 
+- static int rc2_meth_to_magic(const EVP_CIPHER *e)
+- 	{
+- 	int i;
+- 
+- 	i=EVP_CIPHER_key_length(e);
+- 	if 	(i == 16) return(RC2_128_MAGIC);
+- 	else if (i == 8)  return(RC2_64_MAGIC);
+- 	else if (i == 5)  return(RC2_40_MAGIC);
+- 	else return(0);
+- 	}
+- 
+- static EVP_CIPHER *rc2_magic_to_meth(int i)
+- 	{
+- 	if      (i == RC2_128_MAGIC) return(EVP_rc2_cbc());
+- 	else if (i == RC2_64_MAGIC)  return(EVP_rc2_64_cbc());
+- 	else if (i == RC2_40_MAGIC)  return(EVP_rc2_40_cbc());
+- 	else
+- 		{
+- 		EVPerr(EVP_F_RC2_MAGIC_TO_METH,EVP_R_UNSUPPORTED_KEY_SIZE);
+- 		return(NULL);
+- 		}
+- 	}
+- 
+- static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+- 	{
+- 	long num=0;
+- 	int i=0,l;
+- 	EVP_CIPHER *e;
+- 
+- 	if (type != NULL)
+- 		{
+- 		l=EVP_CIPHER_CTX_iv_length(c);
+- 		i=ASN1_TYPE_get_int_octetstring(type,&num,c->oiv,l);
+- 		if (i != l)
+- 			return(-1);
+- 		else if (i > 0)
+- 			memcpy(c->iv,c->oiv,l);
+- 		e=rc2_magic_to_meth((int)num);
+- 		if (e == NULL)
+- 			return(-1);
+- 		if (e != EVP_CIPHER_CTX_cipher(c))
+- 			{
+- 			EVP_CIPHER_CTX_cipher(c)=e;
+- 			rc2_cbc_init_key(c,NULL,NULL,1);
+- 			}
+- 		}
+- 	return(i);
+- 	}
+- 
+- static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type)
+- 	{
+- 	long num;
+- 	int i=0,j;
+- 
+- 	if (type != NULL)
+- 		{
+- 		num=rc2_meth_to_magic(EVP_CIPHER_CTX_cipher(c));
+- 		j=EVP_CIPHER_CTX_iv_length(c);
+- 		i=ASN1_TYPE_set_int_octetstring(type,num,c->oiv,j);
+- 		}
+- 	return(i);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cbc_r5.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_r5.c
+*** crypto/openssl/crypto/evp/e_cbc_r5.c	Mon Jan 10 01:21:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cbc_r5.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,108 ****
+- /* crypto/evp/e_cbc_r5.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_RC5
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER rc5_32_12_16_cbc_cipher=
+- 	{
+- 	NID_rc5_cbc,
+- 	8,EVP_RC5_32_12_16_KEY_SIZE,8,
+- 	r_32_12_16_cbc_init_key,
+- 	r_32_12_16_cbc_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+- 	NULL,
+- 	NULL,
+- 	};
+- 
+- EVP_CIPHER *EVP_rc5_32_12_16_cbc(void)
+- 	{
+- 	return(&rc5_32_12_16_cbc_cipher);
+- 	}
+- 	
+- static void r_32_12_16_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,
+- 			key,RC5_12_ROUNDS);
+- 	}
+- 
+- static void r_32_12_16_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	RC5_32_cbc_encrypt(
+- 		in,out,(long)inl,
+- 		&(ctx->c.rc5_ks),&(ctx->iv[0]),
+- 		ctx->encrypt);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cfb_3d.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_3d.c
+*** crypto/openssl/crypto/evp/e_cfb_3d.c	Sun Aug 20 04:46:24 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_3d.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,155 ****
+- /* crypto/evp/e_cfb_3d.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_DES
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER d_ede_cfb_cipher2=
+- 	{
+- 	NID_des_ede_cfb64,
+- 	1,16,8,
+- 	des_ede_cfb_init_key,
+- 	des_ede_cfb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- static EVP_CIPHER d_ede3_cfb_cipher3=
+- 	{
+- 	NID_des_ede3_cfb64,
+- 	1,24,8,
+- 	des_ede3_cfb_init_key,
+- 	des_ede_cfb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_des_ede_cfb(void)
+- 	{
+- 	return(&d_ede_cfb_cipher2);
+- 	}
+- 
+- EVP_CIPHER *EVP_des_ede3_cfb(void)
+- 	{
+- 	return(&d_ede3_cfb_cipher3);
+- 	}
+- 	
+- static void des_ede_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (deskey != NULL)
+- 		{
+- 		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+- 		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+- 		memcpy( (char *)ctx->c.des_ede.ks3,
+- 			(char *)ctx->c.des_ede.ks1,
+- 			sizeof(ctx->c.des_ede.ks1));
+- 		}
+- 	}
+- 
+- static void des_ede3_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (deskey != NULL)
+- 		{
+- 		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+- 		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+- 		des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
+- 		}
+- 	}
+- 
+- static void des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	des_ede3_cfb64_encrypt(in,out,(long)inl,
+- 			       ctx->c.des_ede.ks1,
+- 			       ctx->c.des_ede.ks2,
+- 			       ctx->c.des_ede.ks3,
+- 			       (des_cblock*)&(ctx->iv[0]),
+- 			       &ctx->num,ctx->encrypt);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cfb_bf.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_bf.c
+*** crypto/openssl/crypto/evp/e_cfb_bf.c	Mon Jan 10 01:21:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_bf.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,108 ****
+- /* crypto/evp/e_cfb_bf.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_BF
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER bfish_cfb_cipher=
+- 	{
+- 	NID_bf_cfb64,
+- 	1,EVP_BLOWFISH_KEY_SIZE,8,
+- 	bf_cfb_init_key,
+- 	bf_cfb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_bf_cfb(void)
+- 	{
+- 	return(&bfish_cfb_cipher);
+- 	}
+- 	
+- static void bf_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+- 	}
+- 
+- static void bf_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	BF_cfb64_encrypt(
+- 		in,out,
+- 		(long)inl, &(ctx->c.bf_ks),
+- 		&(ctx->iv[0]),
+- 		&ctx->num,ctx->encrypt);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cfb_c.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_c.c
+*** crypto/openssl/crypto/evp/e_cfb_c.c	Mon Jan 10 01:21:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_c.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,109 ****
+- /* crypto/evp/e_cfb_c.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_CAST
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER cast5_cfb_cipher=
+- 	{
+- 	NID_cast5_cfb64,
+- 	1,EVP_CAST5_KEY_SIZE,8,
+- 	cast_cfb_init_key,
+- 	cast_cfb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_cast5_cfb(void)
+- 	{
+- 	return(&cast5_cfb_cipher);
+- 	}
+- 	
+- static void cast_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+- 	}
+- 
+- static void cast_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	CAST_cfb64_encrypt(
+- 		in,out,
+- 		(long)inl, &(ctx->c.cast_ks),
+- 		&(ctx->iv[0]),
+- 		&ctx->num,ctx->encrypt);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cfb_d.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_d.c
+*** crypto/openssl/crypto/evp/e_cfb_d.c	Sun Aug 20 04:46:24 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_d.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,110 ****
+- /* crypto/evp/e_cfb_d.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- #ifndef NO_DES
+- static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER d_cfb_cipher=
+- 	{
+- 	NID_des_cfb64,
+- 	1,8,8,
+- 	des_cfb_init_key,
+- 	des_cfb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_des_cfb(void)
+- 	{
+- 	return(&d_cfb_cipher);
+- 	}
+- 	
+- static void des_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (deskey != NULL)
+- 		des_set_key_unchecked(deskey,ctx->c.des_ks);
+- 	}
+- 
+- static void des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	des_cfb64_encrypt(
+- 		in,out,
+- 		(long)inl, ctx->c.des_ks,
+- 		(des_cblock *)&(ctx->iv[0]),
+- 		&ctx->num,ctx->encrypt);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cfb_i.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_i.c
+*** crypto/openssl/crypto/evp/e_cfb_i.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_i.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,109 ****
+- /* crypto/evp/e_cfb_i.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_IDEA
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER i_cfb_cipher=
+- 	{
+- 	NID_idea_cfb64,
+- 	1,IDEA_KEY_LENGTH,IDEA_BLOCK,
+- 	idea_cfb_init_key,
+- 	idea_cfb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_idea_cfb(void)
+- 	{
+- 	return(&i_cfb_cipher);
+- 	}
+- 
+- static void idea_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+- 	}
+- 
+- static void idea_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	idea_cfb64_encrypt(
+- 		in,out,(long)inl,
+- 		&(ctx->c.idea_ks),&(ctx->iv[0]),
+- 		&ctx->num,ctx->encrypt);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cfb_r2.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_r2.c
+*** crypto/openssl/crypto/evp/e_cfb_r2.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_r2.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,110 ****
+- /* crypto/evp/e_cfb_r2.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_RC2
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER r2_cfb_cipher=
+- 	{
+- 	NID_rc2_cfb64,
+- 	1,EVP_RC2_KEY_SIZE,8,
+- 	rc2_cfb_init_key,
+- 	rc2_cfb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_rc2_cfb(void)
+- 	{
+- 	return(&r2_cfb_cipher);
+- 	}
+- 	
+- static void rc2_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+- 			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+- 	}
+- 
+- static void rc2_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	RC2_cfb64_encrypt(
+- 		in,out,
+- 		(long)inl, &(ctx->c.rc2_ks),
+- 		&(ctx->iv[0]),
+- 		&ctx->num,ctx->encrypt);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_cfb_r5.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_r5.c
+*** crypto/openssl/crypto/evp/e_cfb_r5.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_cfb_r5.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,110 ****
+- /* crypto/evp/e_cfb_r5.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_RC5
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER rc5_cfb_cipher=
+- 	{
+- 	NID_rc5_cfb64,
+- 	1,EVP_RC5_32_12_16_KEY_SIZE,8,
+- 	rc5_32_12_16_cfb_init_key,
+- 	rc5_32_12_16_cfb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_rc5_32_12_16_cfb(void)
+- 	{
+- 	return(&rc5_cfb_cipher);
+- 	}
+- 	
+- static void rc5_32_12_16_cfb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
+- 			RC5_12_ROUNDS);
+- 	}
+- 
+- static void rc5_32_12_16_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	RC5_32_cfb64_encrypt(
+- 		in,out,
+- 		(long)inl, &(ctx->c.rc5_ks),
+- 		&(ctx->iv[0]),
+- 		&ctx->num,ctx->encrypt);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ecb_3d.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_3d.c
+*** crypto/openssl/crypto/evp/e_ecb_3d.c	Sun Aug 20 04:46:24 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_3d.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,158 ****
+- /* crypto/evp/e_ecb_3d.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_DES
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER d_ede_cipher2=
+- 	{
+- 	NID_des_ede,
+- 	8,16,0,
+- 	des_ede_init_key,
+- 	des_ede_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+- 	NULL,
+- 	NULL,
+- 	};
+- 
+- static EVP_CIPHER d_ede3_cipher3=
+- 	{
+- 	NID_des_ede3,
+- 	8,24,0,
+- 	des_ede3_init_key,
+- 	des_ede_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+- 	NULL,
+- 	};
+- 
+- EVP_CIPHER *EVP_des_ede(void)
+- 	{
+- 	return(&d_ede_cipher2);
+- 	}
+- 
+- EVP_CIPHER *EVP_des_ede3(void)
+- 	{
+- 	return(&d_ede3_cipher3);
+- 	}
+- 
+- static void des_ede_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	if (deskey != NULL)
+- 		{
+- 		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+- 		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+- 		memcpy( (char *)ctx->c.des_ede.ks3,
+- 			(char *)ctx->c.des_ede.ks1,
+- 			sizeof(ctx->c.des_ede.ks1));
+- 		}
+- 	}
+- 
+- static void des_ede3_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	if (deskey != NULL)
+- 		{
+- 		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+- 		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+- 		des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
+- 		}
+- 	}
+- 
+- static void des_ede_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	unsigned int i;
+- 	des_cblock *output   /* = (des_cblock *)out */;
+- 	des_cblock *input    /* = (des_cblock *)in */;
+- 
+- 	if (inl < 8) return;
+- 	inl-=8;
+- 	for (i=0; i<=inl; i+=8)
+- 		{
+- 		output = (des_cblock *)(out + i);
+- 		input = (des_cblock *)(in + i);
+- 
+- 		des_ecb3_encrypt(input,output,
+- 			ctx->c.des_ede.ks1,
+- 			ctx->c.des_ede.ks2,
+- 			ctx->c.des_ede.ks3,
+- 			ctx->encrypt);
+- 
+- 		/* output++; */
+- 		/* input++; */
+- 		}
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ecb_bf.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_bf.c
+*** crypto/openssl/crypto/evp/e_ecb_bf.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_bf.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,109 ****
+- /* crypto/evp/e_ecb_bf.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_BF
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER bfish_ecb_cipher=
+- 	{
+- 	NID_bf_ecb,
+- 	8,EVP_BLOWFISH_KEY_SIZE,0,
+- 	bf_ecb_init_key,
+- 	bf_ecb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+- 	NULL,
+- 	NULL,
+- 	};
+- 
+- EVP_CIPHER *EVP_bf_ecb(void)
+- 	{
+- 	return(&bfish_ecb_cipher);
+- 	}
+- 	
+- static void bf_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	if (key != NULL)
+- 		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+- 	}
+- 
+- static void bf_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	unsigned int i;
+- 
+- 	if (inl < 8) return;
+- 	inl-=8;
+- 	for (i=0; i<=inl; i+=8)
+- 		{
+- 		BF_ecb_encrypt(
+- 			&(in[i]),&(out[i]),
+- 			&(ctx->c.bf_ks),ctx->encrypt);
+- 		}
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ecb_c.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_c.c
+*** crypto/openssl/crypto/evp/e_ecb_c.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_c.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,110 ****
+- /* crypto/evp/e_ecb_c.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_CAST
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER cast5_ecb_cipher=
+- 	{
+- 	NID_cast5_ecb,
+- 	8,EVP_CAST5_KEY_SIZE,0,
+- 	cast_ecb_init_key,
+- 	cast_ecb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+- 	NULL,
+- 	NULL,
+- 	};
+- 
+- EVP_CIPHER *EVP_cast5_ecb(void)
+- 	{
+- 	return(&cast5_ecb_cipher);
+- 	}
+- 	
+- static void cast_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	if (key != NULL)
+- 		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+- 	}
+- 
+- static void cast_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	unsigned int i;
+- 
+- 	if (inl < 8) return;
+- 	inl-=8;
+- 	for (i=0; i<=inl; i+=8)
+- 		{
+- 		CAST_ecb_encrypt(
+- 			&(in[i]),&(out[i]),
+- 			&(ctx->c.cast_ks),ctx->encrypt);
+- 		}
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ecb_d.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_d.c
+*** crypto/openssl/crypto/evp/e_ecb_d.c	Sun Aug 20 04:46:24 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_d.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,118 ****
+- /* crypto/evp/e_ecb_d.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_DES
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER d_ecb_cipher=
+- 	{
+- 	NID_des_ecb,
+- 	8,8,0,
+- 	des_ecb_init_key,
+- 	des_ecb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+- 	NULL,
+- 	NULL,
+- 	};
+- 
+- EVP_CIPHER *EVP_des_ecb(void)
+- 	{
+- 	return(&d_ecb_cipher);
+- 	}
+- 	
+- static void des_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	if (deskey != NULL)
+- 		des_set_key_unchecked(deskey,ctx->c.des_ks);
+- 	}
+- 
+- static void des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	unsigned int i;
+- 	des_cblock *output  /* = (des_cblock *)out */;
+- 	des_cblock *input   /* = (des_cblock *)in */; 
+- 
+- 	if (inl < 8) return;
+- 	inl-=8;
+- 	for (i=0; i<=inl; i+=8)
+- 		{
+- 		/* Either this ... */
+- 		output = (des_cblock *)(out + i);
+- 		input = (des_cblock *)(in + i);
+- 
+- 		des_ecb_encrypt(input,output,ctx->c.des_ks,ctx->encrypt);
+- 
+- 		/* ... or this. */
+- 		/* output++; */
+- 		/* input++; */
+- 		}
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ecb_i.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_i.c
+*** crypto/openssl/crypto/evp/e_ecb_i.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_i.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,121 ****
+- /* crypto/evp/e_ecb_i.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_IDEA
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER i_ecb_cipher=
+- 	{
+- 	NID_idea_ecb,
+- 	8,16,0,
+- 	idea_ecb_init_key,
+- 	idea_ecb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+- 	NULL,
+- 	NULL,
+- 	};
+- 
+- EVP_CIPHER *EVP_idea_ecb(void)
+- 	{
+- 	return(&i_ecb_cipher);
+- 	}
+- 	
+- static void idea_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	if (key != NULL)
+- 		{
+- 		if (enc)
+- 			idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+- 		else
+- 			{
+- 			IDEA_KEY_SCHEDULE tmp;
+- 
+- 			idea_set_encrypt_key(key,&tmp);
+- 			idea_set_decrypt_key(&tmp, &(ctx->c.idea_ks));
+- 			memset((unsigned char *)&tmp,0,
+- 				sizeof(IDEA_KEY_SCHEDULE));
+- 			}
+- 		}
+- 	}
+- 
+- static void idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	unsigned int i;
+- 
+- 	if (inl < 8) return;
+- 	inl-=8;
+- 	for (i=0; i<=inl; i+=8)
+- 		{
+- 		idea_ecb_encrypt(
+- 			&(in[i]),&(out[i]),&(ctx->c.idea_ks));
+- 		}
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ecb_r2.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_r2.c
+*** crypto/openssl/crypto/evp/e_ecb_r2.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_r2.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,111 ****
+- /* crypto/evp/e_ecb_r2.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_RC2
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER r2_ecb_cipher=
+- 	{
+- 	NID_rc2_ecb,
+- 	8,EVP_RC2_KEY_SIZE,0,
+- 	rc2_ecb_init_key,
+- 	rc2_ecb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+- 	NULL,
+- 	NULL,
+- 	};
+- 
+- EVP_CIPHER *EVP_rc2_ecb(void)
+- 	{
+- 	return(&r2_ecb_cipher);
+- 	}
+- 	
+- static void rc2_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	if (key != NULL)
+- 		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+- 			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+- 	}
+- 
+- static void rc2_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	unsigned int i;
+- 
+- 	if (inl < 8) return;
+- 	inl-=8;
+- 	for (i=0; i<=inl; i+=8)
+- 		{
+- 		RC2_ecb_encrypt(
+- 			&(in[i]),&(out[i]),
+- 			&(ctx->c.rc2_ks),ctx->encrypt);
+- 		}
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ecb_r5.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_r5.c
+*** crypto/openssl/crypto/evp/e_ecb_r5.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ecb_r5.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,111 ****
+- /* crypto/evp/e_ecb_r5.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_RC5
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER rc5_ecb_cipher=
+- 	{
+- 	NID_rc5_ecb,
+- 	8,EVP_RC5_32_12_16_KEY_SIZE,0,
+- 	rc5_32_12_16_ecb_init_key,
+- 	rc5_32_12_16_ecb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+- 	NULL,
+- 	NULL,
+- 	};
+- 
+- EVP_CIPHER *EVP_rc5_32_12_16_ecb(void)
+- 	{
+- 	return(&rc5_ecb_cipher);
+- 	}
+- 	
+- static void rc5_32_12_16_ecb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	if (key != NULL)
+- 		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
+- 			RC5_12_ROUNDS);
+- 	}
+- 
+- static void rc5_32_12_16_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	unsigned int i;
+- 
+- 	if (inl < 8) return;
+- 	inl-=8;
+- 	for (i=0; i<=inl; i+=8)
+- 		{
+- 		RC5_32_ecb_encrypt(
+- 			&(in[i]),&(out[i]),
+- 			&(ctx->c.rc5_ks),ctx->encrypt);
+- 		}
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_idea.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_idea.c
+*** crypto/openssl/crypto/evp/e_idea.c	Sun Nov 26 06:38:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_idea.c	Thu Nov 28 03:05:56 2002
+***************
+*** 103,109 ****
+  
+  		idea_set_encrypt_key(key,&tmp);
+  		idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+! 		memset((unsigned char *)&tmp,0,
+  				sizeof(IDEA_KEY_SCHEDULE));
+  		}
+  	return 1;
+--- 103,109 ----
+  
+  		idea_set_encrypt_key(key,&tmp);
+  		idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+! 		OPENSSL_cleanse((unsigned char *)&tmp,
+  				sizeof(IDEA_KEY_SCHEDULE));
+  		}
+  	return 1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ofb_3d.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_3d.c
+*** crypto/openssl/crypto/evp/e_ofb_3d.c	Sun Aug 20 04:46:24 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_3d.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,152 ****
+- /* crypto/evp/e_ofb_3d.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_DES
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER d_ede_ofb_cipher2=
+- 	{
+- 	NID_des_ede_ofb64,
+- 	1,16,8,
+- 	des_ede_ofb_init_key,
+- 	des_ede_ofb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- static EVP_CIPHER d_ede3_ofb_cipher3=
+- 	{
+- 	NID_des_ede3_ofb64,
+- 	1,24,8,
+- 	des_ede3_ofb_init_key,
+- 	des_ede_ofb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ede)),
+- 	EVP_CIPHER_set_asn1_iv,
+-         EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_des_ede_ofb(void)
+- 	{
+- 	return(&d_ede_ofb_cipher2);
+- 	}
+- 
+- EVP_CIPHER *EVP_des_ede3_ofb(void)
+- 	{
+- 	return(&d_ede3_ofb_cipher3);
+- 	}
+- 	
+- static void des_ede_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (deskey != NULL)
+- 		{
+- 		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+- 		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+- 		memcpy( (char *)ctx->c.des_ede.ks3,
+- 			(char *)ctx->c.des_ede.ks1,
+- 			sizeof(ctx->c.des_ede.ks1));
+- 		}
+- 	}
+- 
+- static void des_ede3_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (deskey != NULL)
+- 		{
+- 		des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1);
+- 		des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2);
+- 		des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3);
+- 		}
+- 	}
+- 
+- static void des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	des_ede3_ofb64_encrypt(in,out,inl,ctx->c.des_ede.ks1,
+- 			       ctx->c.des_ede.ks2, ctx->c.des_ede.ks3,
+- 			       (des_cblock *)&(ctx->iv[0]),&ctx->num);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ofb_bf.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_bf.c
+*** crypto/openssl/crypto/evp/e_ofb_bf.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_bf.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,109 ****
+- /* crypto/evp/e_ofb_bf.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_BF
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER bfish_ofb_cipher=
+- 	{
+- 	NID_bf_ofb64,
+- 	1,EVP_BLOWFISH_KEY_SIZE,8,
+- 	bf_ofb_init_key,
+- 	bf_ofb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.bf_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_bf_ofb(void)
+- 	{
+- 	return(&bfish_ofb_cipher);
+- 	}
+- 	
+- static void bf_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		BF_set_key(&(ctx->c.bf_ks),EVP_BLOWFISH_KEY_SIZE,key);
+- 	}
+- 
+- static void bf_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	BF_ofb64_encrypt(
+- 		in,out,
+- 		(long)inl, &(ctx->c.bf_ks),
+- 		&(ctx->iv[0]),
+- 		&ctx->num);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ofb_c.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_c.c
+*** crypto/openssl/crypto/evp/e_ofb_c.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_c.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,110 ****
+- /* crypto/evp/e_ofb_c.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_CAST
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER cast5_ofb_cipher=
+- 	{
+- 	NID_cast5_ofb64,
+- 	1,EVP_CAST5_KEY_SIZE,8,
+- 	cast_ofb_init_key,
+- 	cast_ofb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.cast_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_cast5_ofb(void)
+- 	{
+- 	return(&cast5_ofb_cipher);
+- 	}
+- 	
+- static void cast_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		CAST_set_key(&(ctx->c.cast_ks),EVP_CAST5_KEY_SIZE,key);
+- 	}
+- 
+- static void cast_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	CAST_ofb64_encrypt(
+- 		in,out,
+- 		(long)inl, &(ctx->c.cast_ks),
+- 		&(ctx->iv[0]),
+- 		&ctx->num);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ofb_d.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_d.c
+*** crypto/openssl/crypto/evp/e_ofb_d.c	Sun Aug 20 04:46:24 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_d.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,107 ****
+- /* crypto/evp/e_ofb_d.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_DES
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER d_ofb_cipher=
+- 	{
+- 	NID_des_ofb64,
+- 	1,8,8,
+- 	des_ofb_init_key,
+- 	des_ofb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.des_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_des_ofb(void)
+- 	{
+- 	return(&d_ofb_cipher);
+- 	}
+- 	
+- static void des_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	des_cblock *deskey = (des_cblock *)key;
+- 
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (deskey != NULL)
+- 		des_set_key_unchecked(deskey,ctx->c.des_ks);
+- 	}
+- 
+- static void des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	des_ofb64_encrypt(in,out,inl,ctx->c.des_ks,
+- 		(des_cblock *)&(ctx->iv[0]),&ctx->num);
+- 	}
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ofb_i.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_i.c
+*** crypto/openssl/crypto/evp/e_ofb_i.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_i.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,109 ****
+- /* crypto/evp/e_ofb_i.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_IDEA
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER i_ofb_cipher=
+- 	{
+- 	NID_idea_ofb64,
+- 	1,IDEA_KEY_LENGTH,IDEA_BLOCK,
+- 	idea_ofb_init_key,
+- 	idea_ofb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.idea_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_idea_ofb(void)
+- 	{
+- 	return(&i_ofb_cipher);
+- 	}
+- 	
+- static void idea_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		idea_set_encrypt_key(key,&(ctx->c.idea_ks));
+- 	}
+- 
+- static void idea_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	idea_ofb64_encrypt(
+- 		in,out,(long)inl,
+- 		&(ctx->c.idea_ks),&(ctx->iv[0]),
+- 		&ctx->num);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ofb_r2.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_r2.c
+*** crypto/openssl/crypto/evp/e_ofb_r2.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_r2.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,111 ****
+- /* crypto/evp/e_ofb_r2.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_RC2
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER r2_ofb_cipher=
+- 	{
+- 	NID_rc2_ofb64,
+- 	1,EVP_RC2_KEY_SIZE,8,
+- 	rc2_ofb_init_key,
+- 	rc2_ofb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_rc2_ofb(void)
+- 	{
+- 	return(&r2_ofb_cipher);
+- 	}
+- 	
+- static void rc2_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		RC2_set_key(&(ctx->c.rc2_ks),EVP_CIPHER_CTX_key_length(ctx),
+- 			key,EVP_CIPHER_CTX_key_length(ctx)*8);
+- 	}
+- 
+- static void rc2_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	RC2_ofb64_encrypt(
+- 		in,out,
+- 		(long)inl, &(ctx->c.rc2_ks),
+- 		&(ctx->iv[0]),
+- 		&ctx->num);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_ofb_r5.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_r5.c
+*** crypto/openssl/crypto/evp/e_ofb_r5.c	Mon Jan 10 01:21:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_ofb_r5.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,111 ****
+- /* crypto/evp/e_ofb_r5.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #ifndef NO_RC5
+- 
+- #include <stdio.h>
+- #include "cryptlib.h"
+- #include <openssl/evp.h>
+- #include <openssl/objects.h>
+- 
+- static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	unsigned char *iv,int enc);
+- static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	unsigned char *in, unsigned int inl);
+- static EVP_CIPHER rc5_ofb_cipher=
+- 	{
+- 	NID_rc5_ofb64,
+- 	1,EVP_RC5_32_12_16_KEY_SIZE,8,
+- 	rc5_32_12_16_ofb_init_key,
+- 	rc5_32_12_16_ofb_cipher,
+- 	NULL,
+- 	sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+
+- 		sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc5_ks)),
+- 	EVP_CIPHER_set_asn1_iv,
+- 	EVP_CIPHER_get_asn1_iv,
+- 	};
+- 
+- EVP_CIPHER *EVP_rc5_32_12_16_ofb(void)
+- 	{
+- 	return(&rc5_ofb_cipher);
+- 	}
+- 	
+- static void rc5_32_12_16_ofb_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key,
+- 	     unsigned char *iv, int enc)
+- 	{
+- 	ctx->num=0;
+- 
+- 	if (iv != NULL)
+- 		memcpy(&(ctx->oiv[0]),iv,8);
+- 	memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8);
+- 	if (key != NULL)
+- 		RC5_32_set_key(&(ctx->c.rc5_ks),EVP_RC5_32_12_16_KEY_SIZE,key,
+- 			RC5_12_ROUNDS);
+- 	}
+- 
+- static void rc5_32_12_16_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
+- 	     unsigned char *in, unsigned int inl)
+- 	{
+- 	RC5_32_ofb64_encrypt(
+- 		in,out,
+- 		(long)inl, &(ctx->c.rc5_ks),
+- 		&(ctx->iv[0]),
+- 		&ctx->num);
+- 	}
+- 
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/encode.c ../RELENG_4_6/crypto/openssl/crypto/evp/encode.c
+*** crypto/openssl/crypto/evp/encode.c	Sun Nov 26 06:33:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/encode.c	Mon Apr 15 05:51:10 2002
+***************
+*** 277,282 ****
+--- 277,289 ----
+  			eof++;
+  			}
+  
++ 		if (v == B64_CR)
++ 			{
++ 			ln = 0;
++ 			if (exp_nl)
++ 				continue;
++ 			}
++ 
+  		/* eoln */
+  		if (v == B64_EOLN)
+  			{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp.h ../RELENG_4_6/crypto/openssl/crypto/evp/evp.h
+*** crypto/openssl/crypto/evp/evp.h	Wed Jul  4 19:19:24 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/evp.h	Thu May 16 08:55:56 2002
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/crypto/evp/evp.h,v 1.2.2.3 2001/07/04 23:19:24 kris Exp $
+   */
+  
+  #ifndef HEADER_ENVELOPE_H
+--- 54,59 ----
+***************
+*** 230,236 ****
+  			EVP_rsa_octet_string(),EVP_mdc2())
+  #define EVP_dsa_sha() \
+  		EVP_PKEY_MD_add(NID_dsaWithSHA,\
+! 			EVP_dsa(),EVP_mdc2())
+  #define EVP_dsa_sha1() \
+  		EVP_PKEY_MD_add(NID_dsaWithSHA1,\
+  			EVP_dsa(),EVP_sha1())
+--- 228,234 ----
+  			EVP_rsa_octet_string(),EVP_mdc2())
+  #define EVP_dsa_sha() \
+  		EVP_PKEY_MD_add(NID_dsaWithSHA,\
+! 			EVP_dsa(),EVP_sha())
+  #define EVP_dsa_sha1() \
+  		EVP_PKEY_MD_add(NID_dsaWithSHA1,\
+  			EVP_dsa(),EVP_sha1())
+***************
+*** 501,507 ****
+  #define EVP_CIPHER_key_length(e)	((e)->key_len)
+  #define EVP_CIPHER_iv_length(e)		((e)->iv_len)
+  #define EVP_CIPHER_flags(e)		((e)->flags)
+! #define EVP_CIPHER_mode(e)		((e)->flags) & EVP_CIPH_MODE)
+  
+  #define EVP_CIPHER_CTX_cipher(e)	((e)->cipher)
+  #define EVP_CIPHER_CTX_nid(e)		((e)->cipher->nid)
+--- 499,505 ----
+  #define EVP_CIPHER_key_length(e)	((e)->key_len)
+  #define EVP_CIPHER_iv_length(e)		((e)->iv_len)
+  #define EVP_CIPHER_flags(e)		((e)->flags)
+! #define EVP_CIPHER_mode(e)		(((e)->flags) & EVP_CIPH_MODE)
+  
+  #define EVP_CIPHER_CTX_cipher(e)	((e)->cipher)
+  #define EVP_CIPHER_CTX_nid(e)		((e)->cipher->nid)
+***************
+*** 556,564 ****
+  void	EVP_set_pw_prompt(char *prompt);
+  char *	EVP_get_pw_prompt(void);
+  
+! int	EVP_BytesToKey(const EVP_CIPHER *type,EVP_MD *md,unsigned char *salt,
+! 		unsigned char *data, int datal, int count,
+! 		unsigned char *key,unsigned char *iv);
+  
+  int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+  		unsigned char *key, unsigned char *iv);
+--- 554,562 ----
+  void	EVP_set_pw_prompt(char *prompt);
+  char *	EVP_get_pw_prompt(void);
+  
+! int     EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md,
+! 		const unsigned char *salt, const unsigned char *data, int datal,
+!        		int count, unsigned char *key, unsigned char *iv);
+  
+  int	EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,
+  		unsigned char *key, unsigned char *iv);
+***************
+*** 605,612 ****
+  		char *out, int *outl);
+  int	EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n);
+  
+- void	ERR_load_EVP_strings(void );
+- 
+  void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a);
+  int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a);
+  int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
+--- 603,608 ----
+***************
+*** 779,784 ****
+--- 775,781 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_EVP_strings(void);
+  
+  /* Error codes for the EVP functions. */
+  
+***************
+*** 851,854 ****
+  }
+  #endif
+  #endif
+- 
+--- 848,850 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_key.c ../RELENG_4_6/crypto/openssl/crypto/evp/evp_key.c
+*** crypto/openssl/crypto/evp/evp_key.c	Sun Nov 26 06:33:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/evp_key.c	Thu Nov 28 03:05:56 2002
+***************
+*** 95,103 ****
+  #endif
+  	}
+  
+! int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, unsigned char *salt,
+! 	     unsigned char *data, int datal, int count, unsigned char *key,
+! 	     unsigned char *iv)
+  	{
+  	EVP_MD_CTX c;
+  	unsigned char md_buf[EVP_MAX_MD_SIZE];
+--- 95,103 ----
+  #endif
+  	}
+  
+! int EVP_BytesToKey(const EVP_CIPHER *type, EVP_MD *md, 
+!              const unsigned char *salt, const unsigned char *data, int datal, 
+!              int count, unsigned char *key, unsigned char *iv)
+  	{
+  	EVP_MD_CTX c;
+  	unsigned char md_buf[EVP_MAX_MD_SIZE];
+***************
+*** 152,159 ****
+  			}
+  		if ((nkey == 0) && (niv == 0)) break;
+  		}
+! 	memset(&c,0,sizeof(c));
+! 	memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+  	return(type->key_len);
+  	}
+  
+--- 152,159 ----
+  			}
+  		if ((nkey == 0) && (niv == 0)) break;
+  		}
+! 	OPENSSL_cleanse(&c,sizeof(c));
+! 	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
+  	return(type->key_len);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/m_md4.c ../RELENG_4_6/crypto/openssl/crypto/evp/m_md4.c
+*** crypto/openssl/crypto/evp/m_md4.c	Sun Nov 26 06:38:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/m_md4.c	Wed Oct 10 17:50:56 2001
+***************
+*** 66,72 ****
+  static EVP_MD md4_md=
+  	{
+  	NID_md4,
+! 	0,
+  	MD4_DIGEST_LENGTH,
+  	MD4_Init,
+  	MD4_Update,
+--- 66,72 ----
+  static EVP_MD md4_md=
+  	{
+  	NID_md4,
+! 	NID_md4WithRSAEncryption,
+  	MD4_DIGEST_LENGTH,
+  	MD4_Init,
+  	MD4_Update,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt.c ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt.c
+*** crypto/openssl/crypto/evp/p5_crpt.c	Sun Nov 26 06:33:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt.c	Thu Nov 28 03:05:56 2002
+***************
+*** 142,149 ****
+  	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+  						 EVP_CIPHER_iv_length(cipher));
+  	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+! 	memset(md_tmp, 0, EVP_MAX_MD_SIZE);
+! 	memset(key, 0, EVP_MAX_KEY_LENGTH);
+! 	memset(iv, 0, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+--- 142,149 ----
+  	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+  						 EVP_CIPHER_iv_length(cipher));
+  	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+! 	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+! 	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+! 	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt2.c ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt2.c
+*** crypto/openssl/crypto/evp/p5_crpt2.c	Sun Nov 26 06:33:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt2.c	Thu Nov 28 03:05:57 2002
+***************
+*** 228,234 ****
+  	iter = ASN1_INTEGER_get(kdf->iter);
+  	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+  	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+! 	memset(key, 0, keylen);
+  	PBKDF2PARAM_free(kdf);
+  	return 1;
+  
+--- 228,234 ----
+  	iter = ASN1_INTEGER_get(kdf->iter);
+  	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+  	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+! 	OPENSSL_cleanse(key, keylen);
+  	PBKDF2PARAM_free(kdf);
+  	return 1;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p_open.c ../RELENG_4_6/crypto/openssl/crypto/evp/p_open.c
+*** crypto/openssl/crypto/evp/p_open.c	Sun Nov 26 06:33:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/p_open.c	Thu Nov 28 03:05:57 2002
+***************
+*** 101,107 ****
+  
+  	ret=1;
+  err:
+! 	if (key != NULL) memset(key,0,size);
+  	OPENSSL_free(key);
+  	return(ret);
+  	}
+--- 101,107 ----
+  
+  	ret=1;
+  err:
+! 	if (key != NULL) OPENSSL_cleanse(key,size);
+  	OPENSSL_free(key);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/hmac/Makefile.save
+*** crypto/openssl/crypto/hmac/Makefile.save	Sun Nov 26 06:33:34 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/hmac/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,95 ****
+- #
+- # SSLeay/crypto/md/Makefile
+- #
+- 
+- DIR=	hmac
+- TOP=	../..
+- CC=	cc
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=hmactest.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=hmac.c
+- LIBOBJ=hmac.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= hmac.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- hmac.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- hmac.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- hmac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- hmac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- hmac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+- hmac.o: ../../include/openssl/evp.h ../../include/openssl/hmac.h
+- hmac.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- hmac.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- hmac.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- hmac.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- hmac.o: ../../include/openssl/opensslv.h ../../include/openssl/rc2.h
+- hmac.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- hmac.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- hmac.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- hmac.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/hmac/Makefile.ssl
+*** crypto/openssl/crypto/hmac/Makefile.ssl	Wed Jul  4 19:19:26 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/hmac/Makefile.ssl	Wed Oct  9 09:14:07 2002
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/hmactest.c ../RELENG_4_6/crypto/openssl/crypto/hmac/hmactest.c
+*** crypto/openssl/crypto/hmac/hmactest.c	Sun Aug 20 04:46:25 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/hmac/hmactest.c	Thu Nov 28 13:55:41 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_HMAC
+  int main(int argc, char *argv[])
+  {
+***************
+*** 143,149 ****
+  		else
+  			printf("test %d ok\n",i);
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 145,151 ----
+  		else
+  			printf("test %d ok\n",i);
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/idea/Makefile.save
+*** crypto/openssl/crypto/idea/Makefile.save	Wed Jul  4 19:19:26 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/idea/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,91 ****
+- #
+- # SSLeay/crypto/idea/Makefile
+- # $FreeBSD: src/crypto/openssl/crypto/idea/Makefile.save,v 1.4.2.3 2001/07/04 23:19:26 kris Exp $
+- #
+- 
+- DIR=	idea
+- TOP=	../..
+- CC=	cc
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=ideatest.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
+- LIBOBJ=i_cbc.o i_cfb64.o i_ofb64.o i_ecb.o i_skey.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= idea.h
+- HEADER=	idea_lcl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- i_cbc.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+- i_cbc.o: idea_lcl.h
+- i_cfb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+- i_cfb64.o: idea_lcl.h
+- i_ecb.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+- i_ecb.o: ../../include/openssl/opensslv.h idea_lcl.h
+- i_ofb64.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+- i_ofb64.o: idea_lcl.h
+- i_skey.o: ../../include/openssl/idea.h ../../include/openssl/opensslconf.h
+- i_skey.o: idea_lcl.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/idea/Makefile.ssl
+*** crypto/openssl/crypto/idea/Makefile.ssl	Wed Jul  4 19:19:26 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/idea/Makefile.ssl	Wed Oct  9 09:14:15 2002
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/Makefile.uni ../RELENG_4_6/crypto/openssl/crypto/idea/Makefile.uni
+*** crypto/openssl/crypto/idea/Makefile.uni	Wed Jul  4 19:19:26 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/idea/Makefile.uni	Wed Dec 31 19:00:00 1969
+***************
+*** 1,74 ****
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- # $FreeBSD: src/crypto/openssl/crypto/idea/Makefile.uni,v 1.4.2.3 2001/07/04 23:19:26 kris Exp $
+- 
+- DIR=    cast
+- TOP=    .
+- CC=     gcc
+- CFLAG=	-O3 -fomit-frame-pointer
+- 
+- CPP=    $(CC) -E
+- INCLUDES=
+- INSTALLTOP=/usr/local/lib
+- MAKE=           make
+- MAKEDEPEND=     makedepend
+- MAKEFILE=       Makefile.uni
+- AR=             ar r
+- RANLIB=         ranlib
+- 
+- IDEA_ENC=i_cbc.o
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=ideatest
+- APPS=idea_spd
+- 
+- LIB=libidea.a
+- LIBSRC=i_skey.c i_ecb.c i_cbc.c i_cfb64.c i_ofb64.c
+- LIBOBJ=i_skey.o i_ecb.o $(IDEA_ENC) i_cfb64.o i_ofb64.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= idea.h
+- HEADER= idea_lcl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- all:    $(LIB) $(TEST) $(APPS)
+- 
+- $(LIB):    $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 
+- test:	$(TEST)
+- 	./$(TEST)
+- 
+- $(TEST): $(TEST).c $(LIB)
+- 	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+- 
+- $(APPS): $(APPS).c $(LIB)
+- 	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- cc:
+- 	$(MAKE) CC="cc" CFLAG="-O" all
+- 
+- gcc:
+- 	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/ideatest.c ../RELENG_4_6/crypto/openssl/crypto/idea/ideatest.c
+*** crypto/openssl/crypto/idea/ideatest.c	Wed Jul  4 19:19:26 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/idea/ideatest.c	Thu Nov 28 13:55:46 2002
+***************
+*** 61,66 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_IDEA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 168,174 ****
+  	else
+  		printf("ok\n");
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 169,175 ----
+  	else
+  		printf("ok\n");
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/lhash/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/lhash/Makefile.save
+*** crypto/openssl/crypto/lhash/Makefile.save	Sun Nov 26 06:33:38 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/lhash/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,91 ****
+- #
+- # SSLeay/crypto/lhash/Makefile
+- #
+- 
+- DIR=	lhash
+- TOP=	../..
+- CC=	cc
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=lhash.c lh_stats.c
+- LIBOBJ=lhash.o lh_stats.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= lhash.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- lh_stats.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- lh_stats.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- lh_stats.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- lh_stats.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- lh_stats.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- lh_stats.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- lh_stats.o: ../cryptlib.h
+- lhash.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+- lhash.o: ../../include/openssl/lhash.h ../../include/openssl/opensslv.h
+- lhash.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- lhash.o: ../../include/openssl/symhacks.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/lhash/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/lhash/Makefile.ssl
+*** crypto/openssl/crypto/lhash/Makefile.ssl	Wed Jul  4 19:19:27 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/lhash/Makefile.ssl	Wed Oct  9 09:14:20 2002
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/lhash/lh_test.c ../RELENG_4_6/crypto/openssl/crypto/lhash/lh_test.c
+*** crypto/openssl/crypto/lhash/lh_test.c	Sun Nov 26 06:33:38 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/lhash/lh_test.c	Thu Mar 21 14:11:19 2002
+***************
+*** 75,81 ****
+  		buf[0]='\0';
+  		fgets(buf,256,stdin);
+  		if (buf[0] == '\0') break;
+- 		buf[256]='\0';
+  		i=strlen(buf);
+  		p=OPENSSL_malloc(i+1);
+  		memcpy(p,buf,i+1);
+--- 75,80 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/md2/Makefile.save
+*** crypto/openssl/crypto/md2/Makefile.save	Sun Nov 26 06:33:39 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md2/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,89 ****
+- #
+- # SSLeay/crypto/md/Makefile
+- #
+- 
+- DIR=	md
+- TOP=	../..
+- CC=	cc
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=md2test.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=md2_dgst.c md2_one.c
+- LIBOBJ=md2_dgst.o md2_one.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= md2.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+- md2_dgst.o: ../../include/openssl/opensslv.h
+- md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- md2_one.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- md2_one.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- md2_one.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- md2_one.o: ../../include/openssl/symhacks.h ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/md2/Makefile.ssl
+*** crypto/openssl/crypto/md2/Makefile.ssl	Wed Jul  4 19:19:28 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/md2/Makefile.ssl	Thu Dec  5 16:50:58 2002
+***************
+*** 2,8 ****
+  # SSLeay/crypto/md/Makefile
+  #
+  
+! DIR=	md
+  TOP=	../..
+  CC=	cc
+  INCLUDES=
+--- 2,8 ----
+  # SSLeay/crypto/md/Makefile
+  #
+  
+! DIR=	md2
+  TOP=	../..
+  CC=	cc
+  INCLUDES=
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 79,86 ****
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+! md2_dgst.o: ../../include/openssl/opensslv.h
+  md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+--- 79,88 ----
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/md2.h
+! md2_dgst.o: ../../include/openssl/opensslconf.h
+! md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_dgst.c ../RELENG_4_6/crypto/openssl/crypto/md2/md2_dgst.c
+*** crypto/openssl/crypto/md2/md2_dgst.c	Sun Aug 20 04:46:28 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md2/md2_dgst.c	Wed Dec  4 18:07:39 2002
+***************
+*** 61,66 ****
+--- 61,67 ----
+  #include <string.h>
+  #include <openssl/md2.h>
+  #include <openssl/opensslv.h>
++ #include <openssl/crypto.h>
+  
+  const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
+  
+***************
+*** 194,200 ****
+  		t=(t+i)&0xff;
+  		}
+  	memcpy(sp1,state,16*sizeof(MD2_INT));
+! 	memset(state,0,48*sizeof(MD2_INT));
+  	}
+  
+  void MD2_Final(unsigned char *md, MD2_CTX *c)
+--- 195,201 ----
+  		t=(t+i)&0xff;
+  		}
+  	memcpy(sp1,state,16*sizeof(MD2_INT));
+! 	OPENSSL_cleanse(state,48*sizeof(MD2_INT));
+  	}
+  
+  void MD2_Final(unsigned char *md, MD2_CTX *c)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_one.c ../RELENG_4_6/crypto/openssl/crypto/md2/md2_one.c
+*** crypto/openssl/crypto/md2/md2_one.c	Sun Aug 20 04:46:28 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md2/md2_one.c	Fri Nov 29 06:31:02 2002
+***************
+*** 88,93 ****
+  	}
+  #endif
+  	MD2_Final(md,&c);
+! 	memset(&c,0,sizeof(c));	/* Security consideration */
+  	return(md);
+  	}
+--- 88,93 ----
+  	}
+  #endif
+  	MD2_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */
+  	return(md);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2test.c ../RELENG_4_6/crypto/openssl/crypto/md2/md2test.c
+*** crypto/openssl/crypto/md2/md2test.c	Sun Aug 20 04:46:28 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md2/md2test.c	Thu Nov 28 13:55:51 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD2
+  int main(int argc, char *argv[])
+  {
+***************
+*** 119,125 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 121,127 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md32_common.h ../RELENG_4_6/crypto/openssl/crypto/md32_common.h
+*** crypto/openssl/crypto/md32_common.h	Sun Aug 20 04:46:04 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md32_common.h	Thu Nov 28 03:05:44 2002
+***************
+*** 198,204 ****
+     *
+     * 					<appro@fy.chalmers.se>
+     */
+! #  if defined(__i386)
+  #   define ROTATE(a,n)	({ register unsigned int ret;	\
+  				asm (			\
+  				"roll %1,%0"		\
+--- 198,204 ----
+     *
+     * 					<appro@fy.chalmers.se>
+     */
+! #  if defined(__i386) || defined(__i386__)
+  #   define ROTATE(a,n)	({ register unsigned int ret;	\
+  				asm (			\
+  				"roll %1,%0"		\
+***************
+*** 224,230 ****
+   */
+  # if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+    /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
+! #  if defined(__i386) && !defined(I386_ONLY)
+  #   define BE_FETCH32(a)	({ register unsigned int l=(a);\
+  				asm (			\
+  				"bswapl %0"		\
+--- 224,230 ----
+   */
+  # if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+    /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */
+! #  if (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY)
+  #   define BE_FETCH32(a)	({ register unsigned int l=(a);\
+  				asm (			\
+  				"bswapl %0"		\
+***************
+*** 602,607 ****
+  	c->num=0;
+  	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+  	 * but I'm not worried :-)
+! 	memset((void *)c,0,sizeof(HASH_CTX));
+  	 */
+  	}
+--- 602,607 ----
+  	c->num=0;
+  	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+  	 * but I'm not worried :-)
+! 	OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
+  	 */
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/md4/Makefile.ssl
+*** crypto/openssl/crypto/md4/Makefile.ssl	Wed Jul  4 19:19:28 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/md4/Makefile.ssl	Thu Dec  5 16:50:54 2002
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 82,85 ****
+  
+  md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+  md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
+! md4_one.o: ../../include/openssl/md4.h
+--- 82,87 ----
+  
+  md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+  md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
+! md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/md4.h
+! md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4_locl.h ../RELENG_4_6/crypto/openssl/crypto/md4/md4_locl.h
+*** crypto/openssl/crypto/md4/md4_locl.h	Sun Nov 26 06:33:40 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md4/md4_locl.h	Sat Oct 13 20:58:15 2001
+***************
+*** 68,74 ****
+  void md4_block_host_order (MD4_CTX *c, const void *p,int num);
+  void md4_block_data_order (MD4_CTX *c, const void *p,int num);
+  
+! #if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+  /*
+   * *_block_host_order is expected to handle aligned data while
+   * *_block_data_order - unaligned. As algorithm and host (x86)
+--- 68,74 ----
+  void md4_block_host_order (MD4_CTX *c, const void *p,int num);
+  void md4_block_data_order (MD4_CTX *c, const void *p,int num);
+  
+! #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+  /*
+   * *_block_host_order is expected to handle aligned data while
+   * *_block_data_order - unaligned. As algorithm and host (x86)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4_one.c ../RELENG_4_6/crypto/openssl/crypto/md4/md4_one.c
+*** crypto/openssl/crypto/md4/md4_one.c	Sun Nov 26 06:33:40 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md4/md4_one.c	Wed Dec  4 18:07:47 2002
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/md4.h>
++ #include <openssl/crypto.h>
+  
+  #ifdef CHARSET_EBCDIC
+  #include <openssl/ebcdic.h>
+***************
+*** 89,95 ****
+  	}
+  #endif
+  	MD4_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 90,96 ----
+  	}
+  #endif
+  	MD4_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4test.c ../RELENG_4_6/crypto/openssl/crypto/md4/md4test.c
+*** crypto/openssl/crypto/md4/md4test.c	Sun Nov 26 06:33:40 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md4/md4test.c	Thu Nov 28 13:55:53 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD4
+  int main(int argc, char *argv[])
+  {
+***************
+*** 115,121 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 117,123 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/md5/Makefile.save
+*** crypto/openssl/crypto/md5/Makefile.save	Sun Nov 26 06:33:40 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md5/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,133 ****
+- #
+- # SSLeay/crypto/md5/Makefile
+- #
+- 
+- DIR=    md5
+- TOP=    ../..
+- CC=     cc
+- CPP=    $(CC) -E
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=           make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=       Makefile.ssl
+- AR=             ar r
+- 
+- MD5_ASM_OBJ=
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- # We let the C compiler driver to take care of .s files. This is done in
+- # order to be excused from maintaining a separate set of architecture
+- # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+- # gcc, then the driver will automatically translate it to -xarch=v8plus
+- # and pass it down to assembler.
+- AS=$(CC) -c
+- ASFLAGS=$(CFLAGS)
+- 
+- GENERAL=Makefile
+- TEST=md5test.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=md5_dgst.c md5_one.c
+- LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= md5.h
+- HEADER= md5_locl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:    lib
+- 
+- lib:    $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- # elf
+- asm/mx86-elf.o: asm/mx86unix.cpp
+- 	$(CPP) -DELF -x c asm/mx86unix.cpp | as -o asm/mx86-elf.o
+- 
+- # solaris
+- asm/mx86-sol.o: asm/mx86unix.cpp
+- 	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+- 	as -o asm/mx86-sol.o asm/mx86-sol.s
+- 	rm -f asm/mx86-sol.s
+- 
+- # a.out
+- asm/mx86-out.o: asm/mx86unix.cpp
+- 	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+- 
+- # bsdi
+- asm/mx86bsdi.o: asm/mx86unix.cpp
+- 	$(CPP) -DBSDI asm/mx86unix.cpp | sed 's/ :/:/' | as -o asm/mx86bsdi.o
+- 
+- asm/mx86unix.cpp: asm/md5-586.pl ../perlasm/x86asm.pl
+- 	(cd asm; $(PERL) md5-586.pl cpp >mx86unix.cpp)
+- 
+- asm/md5-sparcv8plus.o: asm/md5-sparcv9.S
+- 	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+- 		-o asm/md5-sparcv8plus.o asm/md5-sparcv9.S
+- 
+- # Old GNU assembler doesn't understand V9 instructions, so we
+- # hire /usr/ccs/bin/as to do the job. Note that option is called
+- # *-gcc27, but even gcc 2>=8 users may experience similar problem
+- # if they didn't bother to upgrade GNU assembler. Such users should
+- # not choose this option, but be adviced to *remove* GNU assembler
+- # or upgrade it.
+- asm/md5-sparcv8plus-gcc27.o: asm/md5-sparcv9.S
+- 	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -E asm/md5-sparcv9.S | \
+- 		/usr/ccs/bin/as -xarch=v8plus - -o asm/md5-sparcv8plus-gcc27.o
+- 
+- asm/md5-sparcv9.o: asm/md5-sparcv9.S
+- 	$(CC) $(ASFLAGS) -DMD5_BLOCK_DATA_ORDER -c \
+- 		-o asm/md5-sparcv9.o asm/md5-sparcv9.S
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+- md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+- md5_one.o: ../../include/openssl/md5.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/md5/Makefile.ssl
+*** crypto/openssl/crypto/md5/Makefile.ssl	Wed Jul  4 19:19:29 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/md5/Makefile.ssl	Thu Dec  5 16:50:49 2002
+***************
+*** 118,124 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 118,124 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 131,134 ****
+  
+  md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+  md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+! md5_one.o: ../../include/openssl/md5.h
+--- 131,136 ----
+  
+  md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+  md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+! md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/md5.h
+! md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/Makefile.uni ../RELENG_4_6/crypto/openssl/crypto/md5/Makefile.uni
+*** crypto/openssl/crypto/md5/Makefile.uni	Mon Jan 10 01:21:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md5/Makefile.uni	Wed Dec 31 19:00:00 1969
+***************
+*** 1,110 ****
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- # make x86-elf  - linux-elf etc
+- # make x86-out  - linux-a.out, FreeBSD etc
+- # make x86-solaris
+- # make x86-bdsi
+- 
+- DIR=    md5
+- TOP=    .
+- CC=     gcc
+- CFLAG=	-O3 -fomit-frame-pointer
+- 
+- CPP=    $(CC) -E
+- INCLUDES=
+- INSTALLTOP=/usr/local/lib
+- MAKE=           make
+- MAKEDEPEND=     makedepend
+- MAKEFILE=       Makefile.uni
+- AR=             ar r
+- RANLIB=         ranlib
+- 
+- MD5_ASM_OBJ=
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=md5test
+- APPS=md5
+- 
+- LIB=libmd5.a
+- LIBSRC=md5_dgst.c md5_one.c
+- LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= md5.h
+- HEADER= md5_locl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- all:    $(LIB) $(TEST) $(APPS)
+- 
+- $(LIB):    $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 
+- # elf
+- asm/mx86-elf.o: asm/mx86unix.cpp
+- 	$(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
+- 
+- # solaris
+- asm/mx86-sol.o: asm/mx86unix.cpp
+- 	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+- 	as -o asm/mx86-sol.o asm/mx86-sol.s
+- 	rm -f asm/mx86-sol.s
+- 
+- # a.out
+- asm/mx86-out.o: asm/mx86unix.cpp
+- 	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+- 
+- # bsdi
+- asm/mx86bsdi.o: asm/mx86unix.cpp
+- 	$(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
+- 
+- asm/mx86unix.cpp:
+- 	(cd asm; perl md5-586.pl cpp >mx86unix.cpp)
+- 
+- test:	$(TEST)
+- 	./$(TEST)
+- 
+- $(TEST): $(TEST).c $(LIB)
+- 	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+- 
+- $(APPS): $(APPS).c $(LIB)
+- 	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- cc:
+- 	$(MAKE) MD5_ASM_OBJ="" CC="cc" CFLAG="-O" all
+- 
+- gcc:
+- 	$(MAKE) MD5_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+- 
+- x86-elf:
+- 	$(MAKE) MD5_ASM_OBJ="asm/mx86-elf.o" CFLAG="-DELF -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- x86-out:
+- 	$(MAKE) MD5_ASM_OBJ="asm/mx86-out.o" CFLAG="-DOUT -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- x86-solaris:
+- 	$(MAKE) MD5_ASM_OBJ="asm/mx86-sol.o" CFLAG="-DSOL -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- x86-bdsi:
+- 	$(MAKE) MD5_ASM_OBJ="asm/mx86-bdsi.o" CFLAG="-DBDSI -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5_locl.h ../RELENG_4_6/crypto/openssl/crypto/md5/md5_locl.h
+*** crypto/openssl/crypto/md5/md5_locl.h	Sun Aug 20 04:46:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md5/md5_locl.h	Sat Oct 13 20:58:19 2001
+***************
+*** 66,72 ****
+  #endif
+  
+  #ifdef MD5_ASM
+! # if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+  #  define md5_block_host_order md5_block_asm_host_order
+  # elif defined(__sparc) && defined(ULTRASPARC)
+     void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
+--- 66,72 ----
+  #endif
+  
+  #ifdef MD5_ASM
+! # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+  #  define md5_block_host_order md5_block_asm_host_order
+  # elif defined(__sparc) && defined(ULTRASPARC)
+     void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num);
+***************
+*** 77,83 ****
+  void md5_block_host_order (MD5_CTX *c, const void *p,int num);
+  void md5_block_data_order (MD5_CTX *c, const void *p,int num);
+  
+! #if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+  /*
+   * *_block_host_order is expected to handle aligned data while
+   * *_block_data_order - unaligned. As algorithm and host (x86)
+--- 77,83 ----
+  void md5_block_host_order (MD5_CTX *c, const void *p,int num);
+  void md5_block_data_order (MD5_CTX *c, const void *p,int num);
+  
+! #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+  /*
+   * *_block_host_order is expected to handle aligned data while
+   * *_block_data_order - unaligned. As algorithm and host (x86)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5_one.c ../RELENG_4_6/crypto/openssl/crypto/md5/md5_one.c
+*** crypto/openssl/crypto/md5/md5_one.c	Sun Aug 20 04:46:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md5/md5_one.c	Wed Dec  4 18:07:55 2002
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/md5.h>
++ #include <openssl/crypto.h>
+  
+  #ifdef CHARSET_EBCDIC
+  #include <openssl/ebcdic.h>
+***************
+*** 89,95 ****
+  	}
+  #endif
+  	MD5_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 90,96 ----
+  	}
+  #endif
+  	MD5_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5test.c ../RELENG_4_6/crypto/openssl/crypto/md5/md5test.c
+*** crypto/openssl/crypto/md5/md5test.c	Sun Aug 20 04:46:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md5/md5test.c	Thu Nov 28 13:55:55 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD5
+  int main(int argc, char *argv[])
+  {
+***************
+*** 115,121 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 117,123 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/mdc2/Makefile.save
+*** crypto/openssl/crypto/mdc2/Makefile.save	Sun Nov 26 06:33:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/mdc2/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,90 ****
+- #
+- # SSLeay/crypto/mdc2/Makefile
+- #
+- 
+- DIR=	mdc2
+- TOP=	../..
+- CC=	cc
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST= mdc2test.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=mdc2dgst.c mdc2_one.c
+- LIBOBJ=mdc2dgst.o mdc2_one.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= mdc2.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- mdc2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- mdc2_one.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- mdc2_one.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- mdc2_one.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- mdc2_one.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+- mdc2_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- mdc2_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- mdc2_one.o: ../cryptlib.h
+- mdc2dgst.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+- mdc2dgst.o: ../../include/openssl/mdc2.h ../../include/openssl/opensslconf.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/mdc2/Makefile.ssl
+*** crypto/openssl/crypto/mdc2/Makefile.ssl	Wed Jul  4 19:19:29 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/mdc2/Makefile.ssl	Wed Oct  9 09:14:37 2002
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2_one.c ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2_one.c
+*** crypto/openssl/crypto/mdc2/mdc2_one.c	Sun Aug 20 04:46:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2_one.c	Fri Nov 29 06:31:11 2002
+***************
+*** 69,75 ****
+  	MDC2_Init(&c);
+  	MDC2_Update(&c,d,n);
+          MDC2_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 69,75 ----
+  	MDC2_Init(&c);
+  	MDC2_Update(&c,d,n);
+          MDC2_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2test.c ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2test.c
+*** crypto/openssl/crypto/mdc2/mdc2test.c	Sun Aug 20 04:46:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2test.c	Thu Nov 28 13:55:57 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #if defined(NO_DES) && !defined(NO_MDC2)
+  #define NO_MDC2
+  #endif
+***************
+*** 134,140 ****
+  	else
+  		printf("pad2 - ok\n");
+  
+! 	exit(ret);
+  	return(ret);
+  	}
+  #endif
+--- 136,142 ----
+  	else
+  		printf("pad2 - ok\n");
+  
+! 	EXIT(ret);
+  	return(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem.c ../RELENG_4_6/crypto/openssl/crypto/mem.c
+*** crypto/openssl/crypto/mem.c	Sun Nov 26 06:32:53 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/mem.c	Wed Feb 19 06:54:53 2003
+***************
+*** 173,178 ****
+--- 173,181 ----
+  void *CRYPTO_malloc_locked(int num, const char *file, int line)
+  	{
+  	void *ret = NULL;
++ 	extern unsigned char cleanse_ctr;
++ 
++ 	if (num < 0) return NULL;
+  
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+***************
+*** 187,192 ****
+--- 190,201 ----
+  	if (malloc_debug_func != NULL)
+  		malloc_debug_func(ret, num, file, line, 1);
+  
++         /* Create a dependency on the value of 'cleanse_ctr' so our memory
++          * sanitisation function can't be optimised out. NB: We only do
++          * this for >2Kb so the overhead doesn't bother us. */
++         if(ret && (num > 2048))
++ 		((unsigned char *)ret)[0] = cleanse_ctr;
++ 
+  	return ret;
+  	}
+  
+***************
+*** 205,210 ****
+--- 214,222 ----
+  void *CRYPTO_malloc(int num, const char *file, int line)
+  	{
+  	void *ret = NULL;
++ 	extern unsigned char cleanse_ctr;
++ 
++ 	if (num < 0) return NULL;
+  
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+***************
+*** 219,230 ****
+--- 231,253 ----
+  	if (malloc_debug_func != NULL)
+  		malloc_debug_func(ret, num, file, line, 1);
+  
++         /* Create a dependency on the value of 'cleanse_ctr' so our memory
++          * sanitisation function can't be optimised out. NB: We only do
++          * this for >2Kb so the overhead doesn't bother us. */
++         if(ret && (num > 2048))
++                 ((unsigned char *)ret)[0] = cleanse_ctr;
++ 
+  	return ret;
+  	}
+  
+  void *CRYPTO_realloc(void *str, int num, const char *file, int line)
+  	{
+  	void *ret = NULL;
++ 
++ 	if (str == NULL)
++ 		return CRYPTO_malloc(num, file, line);
++ 
++ 	if (num < 0) return NULL;
+  
+  	if (realloc_debug_func != NULL)
+  		realloc_debug_func(str, NULL, num, file, line, 0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_clr.c ../RELENG_4_6/crypto/openssl/crypto/mem_clr.c
+*** crypto/openssl/crypto/mem_clr.c	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/crypto/mem_clr.c	Fri Feb 21 08:46:53 2003
+***************
+*** 0 ****
+--- 1,75 ----
++ /* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
++ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
++  * project 2002.
++  */
++ /* ====================================================================
++  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
++ 
++ #include <string.h>
++ #include <openssl/crypto.h>
++ 
++ unsigned char cleanse_ctr = 0;
++ 
++ void OPENSSL_cleanse(void *ptr, size_t len)
++ 	{
++ 	unsigned char *p = ptr;
++ 	size_t loop = len;
++ 	while(loop--)
++ 		{
++ 		*(p++) = cleanse_ctr;
++ 		cleanse_ctr += (17 + (unsigned char)((int)p & 0xF));
++ 		}
++ 	if(memchr(ptr, cleanse_ctr, len))
++ 		cleanse_ctr += 63;
++ 	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_dbg.c ../RELENG_4_6/crypto/openssl/crypto/mem_dbg.c
+*** crypto/openssl/crypto/mem_dbg.c	Wed Jul  4 19:19:11 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/mem_dbg.c	Mon Nov 18 09:02:20 2002
+***************
+*** 102,107 ****
+--- 102,109 ----
+  	int references;
+  	} APP_INFO;
+  
++ static void app_info_free(APP_INFO *);
++ 
+  static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
+                            * that are at the top of their thread's stack
+                            * (with `thread' as key);
+***************
+*** 140,145 ****
+--- 142,159 ----
+                                              * thread named in disabling_thread).
+                                              */
+  
++ static void app_info_free(APP_INFO *inf)
++ 	{
++ 	if (--(inf->references) <= 0)
++ 		{
++ 		if (inf->next != NULL)
++ 			{
++ 			app_info_free(inf->next);
++ 			}
++ 		OPENSSL_free(inf);
++ 		}
++ 	}
++ 
+  int CRYPTO_mem_ctrl(int mode)
+  	{
+  	int ret=mh_mode;
+***************
+*** 496,504 ****
+  				mp->order, mp->addr, mp->num);
+  #endif
+  				if (mp->app_info != NULL)
+! 					{
+! 					mp->app_info->references--;
+! 					}
+  				OPENSSL_free(mp);
+  				}
+  
+--- 510,516 ----
+  				mp->order, mp->addr, mp->num);
+  #endif
+  				if (mp->app_info != NULL)
+! 					app_info_free(mp->app_info);
+  				OPENSSL_free(mp);
+  				}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/objects/Makefile.save
+*** crypto/openssl/crypto/objects/Makefile.save	Sun Nov 26 06:33:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,111 ****
+- #
+- # SSLeay/crypto/objects/Makefile
+- #
+- 
+- DIR=	objects
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile README
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=	o_names.c obj_dat.c obj_lib.c obj_err.c
+- LIBOBJ= o_names.o obj_dat.o obj_lib.o obj_err.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= objects.h obj_mac.h
+- HEADER=	$(EXHEADER) obj_dat.h
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	obj_dat.h lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- o_names.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- o_names.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+- o_names.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+- o_names.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- o_names.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- o_names.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- obj_dat.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- obj_dat.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- obj_dat.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- obj_dat.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- obj_dat.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+- obj_dat.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- obj_dat.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- obj_dat.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- obj_dat.o: ../cryptlib.h obj_dat.h
+- obj_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- obj_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+- obj_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- obj_err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- obj_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- obj_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- obj_err.o: ../../include/openssl/symhacks.h
+- obj_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- obj_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- obj_lib.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- obj_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- obj_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+- obj_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- obj_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- obj_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- obj_lib.o: ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/objects/Makefile.ssl
+*** crypto/openssl/crypto/objects/Makefile.ssl	Wed Jul  4 19:19:30 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/Makefile.ssl	Wed Oct  9 09:14:39 2002
+***************
+*** 14,19 ****
+--- 14,20 ----
+  MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+  MAKEFILE=	Makefile.ssl
+  AR=		ar r
++ PERL=		perl
+  
+  CFLAGS= $(INCLUDES) $(CFLAG)
+  
+***************
+*** 43,48 ****
+--- 44,56 ----
+  	- $(RANLIB) $(LIB)
+  	@touch lib
+  
++ obj_dat.h: obj_dat.pl obj_mac.h
++ 	$(PERL) obj_dat.pl obj_mac.h obj_dat.h
++ 
++ # objects.pl both reads and writes obj_mac.num
++ obj_mac.h: objects.pl objects.txt obj_mac.num
++ 	$(PERL) objects.pl objects.txt obj_mac.num obj_mac.h
++ 
+  files:
+  	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+  
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 76,82 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/o_names.c ../RELENG_4_6/crypto/openssl/crypto/objects/o_names.c
+*** crypto/openssl/crypto/objects/o_names.c	Sun Nov 26 06:33:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/o_names.c	Thu May 30 12:48:48 2002
+***************
+*** 61,66 ****
+--- 61,68 ----
+  		{
+  		MemCheck_off();
+  		name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS));
++ 		MemCheck_on();
++ 		if (!name_funcs) return(0);
+  		name_funcs->hash_func = lh_strhash;
+  		name_funcs->cmp_func = (int (*)())strcmp;
+  		name_funcs->free_func = 0; /* NULL is often declared to
+***************
+*** 68,73 ****
+--- 70,76 ----
+  					    * to Compaq C is not really
+  					    * compatible with a function
+  					    * pointer.  -- Richard Levitte*/
++ 		MemCheck_off();
+  		sk_NAME_FUNCS_push(name_funcs_stack,name_funcs);
+  		MemCheck_on();
+  		}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.c ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.c
+*** crypto/openssl/crypto/objects/obj_dat.c	Sun Nov 26 06:33:41 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.c	Tue Aug 13 20:36:44 2002
+***************
+*** 228,234 ****
+  	if (added == NULL)
+  		if (!init_added()) return(0);
+  	if ((o=OBJ_dup(obj)) == NULL) goto err;
+! 	ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
+  	if ((o->length != 0) && (obj->data != NULL))
+  		ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
+  	if (o->sn != NULL)
+--- 228,234 ----
+  	if (added == NULL)
+  		if (!init_added()) return(0);
+  	if ((o=OBJ_dup(obj)) == NULL) goto err;
+! 	if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err;
+  	if ((o->length != 0) && (obj->data != NULL))
+  		ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ));
+  	if (o->sn != NULL)
+***************
+*** 417,423 ****
+  	a2d_ASN1_OBJECT(p,i,s,-1);
+  	
+  	p=buf;
+! 	op=d2i_ASN1_OBJECT(NULL,&p,i);
+  	OPENSSL_free(buf);
+  	return op;
+  	}
+--- 417,423 ----
+  	a2d_ASN1_OBJECT(p,i,s,-1);
+  	
+  	p=buf;
+! 	op=d2i_ASN1_OBJECT(NULL,&p,j);
+  	OPENSSL_free(buf);
+  	return op;
+  	}
+***************
+*** 428,434 ****
+  	unsigned long l;
+  	unsigned char *p;
+  	const char *s;
+! 	char tbuf[32];
+  
+  	if (buf_len <= 0) return(0);
+  
+--- 428,434 ----
+  	unsigned long l;
+  	unsigned char *p;
+  	const char *s;
+! 	char tbuf[DECIMAL_SIZE(i)+DECIMAL_SIZE(l)+2];
+  
+  	if (buf_len <= 0) return(0);
+  
+***************
+*** 437,444 ****
+  		return(0);
+  	}
+  
+! 	nid=OBJ_obj2nid(a);
+! 	if ((nid == NID_undef) || no_name) {
+  		len=a->length;
+  		p=a->data;
+  
+--- 437,443 ----
+  		return(0);
+  	}
+  
+! 	if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) {
+  		len=a->length;
+  		p=a->data;
+  
+***************
+*** 645,650 ****
+--- 644,651 ----
+  		return(0);
+  		}
+  	i=a2d_ASN1_OBJECT(buf,i,oid,-1);
++ 	if (i == 0)
++ 		goto err;
+  	op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln);
+  	if (op == NULL) 
+  		goto err;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.h ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.h
+*** crypto/openssl/crypto/objects/obj_dat.h	Sun Nov 26 06:33:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.h	Wed Feb 19 21:58:08 2003
+***************
+*** 1,4 ****
+! /* lib/obj/obj_dat.h */
+  /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+   * All rights reserved.
+   *
+--- 1,10 ----
+! /* crypto/objects/obj_dat.h */
+! 
+! /* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
+!  * following command:
+!  * perl obj_dat.pl objects.h obj_dat.h
+!  */
+! 
+  /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+   * All rights reserved.
+   *
+***************
+*** 56,72 ****
+   * [including the GNU Public Licence.]
+   */
+  
+! /* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
+!  * following command:
+!  * perl obj_dat.pl objects.h obj_dat.h
+!  */
+  
+! #define NUM_NID 393
+! #define NUM_SN 392
+! #define NUM_LN 392
+! #define NUM_OBJ 366
+! 
+! static unsigned char lvalues[2896]={
+  0x00,                                        /* [  0] OBJ_undef */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
+--- 62,73 ----
+   * [including the GNU Public Licence.]
+   */
+  
+! #define NUM_NID 406
+! #define NUM_SN 404
+! #define NUM_LN 404
+! #define NUM_OBJ 378
+  
+! static unsigned char lvalues[2971]={
+  0x00,                                        /* [  0] OBJ_undef */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
+***************
+*** 390,438 ****
+  0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2583] OBJ_id_on_personalData */
+  0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2591] OBJ_id_pda_dateOfBirth */
+  0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2599] OBJ_id_pda_placeOfBirth */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_pseudonym */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_gender */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfCitizenship */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x06,     /* [2631] OBJ_id_pda_countryOfResidence */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2639] OBJ_id_aca_authenticationInfo */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2647] OBJ_id_aca_accessIdentity */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2655] OBJ_id_aca_chargingIdentity */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2663] OBJ_id_aca_group */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2671] OBJ_id_aca_role */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2679] OBJ_id_qcs_pkixQCSyntax_v1 */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2687] OBJ_id_cct_crs */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2695] OBJ_id_cct_PKIData */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2703] OBJ_id_cct_PKIResponse */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2711] OBJ_ad_timeStamping */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2719] OBJ_ad_dvcs */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2727] OBJ_id_pkix_OCSP_basic */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2736] OBJ_id_pkix_OCSP_Nonce */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2745] OBJ_id_pkix_OCSP_CrlID */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2754] OBJ_id_pkix_OCSP_acceptableResponses */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2763] OBJ_id_pkix_OCSP_noCheck */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2772] OBJ_id_pkix_OCSP_archiveCutoff */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2781] OBJ_id_pkix_OCSP_serviceLocator */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2790] OBJ_id_pkix_OCSP_extendedStatus */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2799] OBJ_id_pkix_OCSP_valid */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2808] OBJ_id_pkix_OCSP_path */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2817] OBJ_id_pkix_OCSP_trustRoot */
+! 0x2B,0x0E,0x03,0x02,                         /* [2826] OBJ_algorithm */
+! 0x2B,0x0E,0x03,0x02,0x0B,                    /* [2830] OBJ_rsaSignature */
+! 0x55,0x08,                                   /* [2835] OBJ_X500algorithms */
+! 0x2B,                                        /* [2837] OBJ_org */
+! 0x2B,0x06,                                   /* [2838] OBJ_dod */
+! 0x2B,0x06,0x01,                              /* [2840] OBJ_iana */
+! 0x2B,0x06,0x01,0x01,                         /* [2843] OBJ_Directory */
+! 0x2B,0x06,0x01,0x02,                         /* [2847] OBJ_Management */
+! 0x2B,0x06,0x01,0x03,                         /* [2851] OBJ_Experimental */
+! 0x2B,0x06,0x01,0x04,                         /* [2855] OBJ_Private */
+! 0x2B,0x06,0x01,0x05,                         /* [2859] OBJ_Security */
+! 0x2B,0x06,0x01,0x06,                         /* [2863] OBJ_SNMPv2 */
+! 0x2B,0x06,0x01,0x07,                         /* [2867] OBJ_Mail */
+! 0x01,                                        /* [2871] OBJ_Enterprises */
+! 0xBA,0x82,0x58,                              /* [2872] OBJ_dcObject */
+! 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2875] OBJ_domainComponent */
+! 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2885] OBJ_Domain */
+  };
+  
+  static ASN1_OBJECT nid_objs[NUM_NID]={
+--- 391,451 ----
+  0x2B,0x06,0x01,0x05,0x05,0x07,0x08,0x01,     /* [2583] OBJ_id_on_personalData */
+  0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x01,     /* [2591] OBJ_id_pda_dateOfBirth */
+  0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x02,     /* [2599] OBJ_id_pda_placeOfBirth */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x03,     /* [2607] OBJ_id_pda_gender */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x04,     /* [2615] OBJ_id_pda_countryOfCitizenship */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x09,0x05,     /* [2623] OBJ_id_pda_countryOfResidence */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x01,     /* [2631] OBJ_id_aca_authenticationInfo */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x02,     /* [2639] OBJ_id_aca_accessIdentity */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x03,     /* [2647] OBJ_id_aca_chargingIdentity */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x04,     /* [2655] OBJ_id_aca_group */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x05,     /* [2663] OBJ_id_aca_role */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0B,0x01,     /* [2671] OBJ_id_qcs_pkixQCSyntax_v1 */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x01,     /* [2679] OBJ_id_cct_crs */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x02,     /* [2687] OBJ_id_cct_PKIData */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0C,0x03,     /* [2695] OBJ_id_cct_PKIResponse */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x03,     /* [2703] OBJ_ad_timeStamping */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x04,     /* [2711] OBJ_ad_dvcs */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x01,/* [2719] OBJ_id_pkix_OCSP_basic */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x02,/* [2728] OBJ_id_pkix_OCSP_Nonce */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x03,/* [2737] OBJ_id_pkix_OCSP_CrlID */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x04,/* [2746] OBJ_id_pkix_OCSP_acceptableResponses */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x05,/* [2755] OBJ_id_pkix_OCSP_noCheck */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x06,/* [2764] OBJ_id_pkix_OCSP_archiveCutoff */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x07,/* [2773] OBJ_id_pkix_OCSP_serviceLocator */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x08,/* [2782] OBJ_id_pkix_OCSP_extendedStatus */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x09,/* [2791] OBJ_id_pkix_OCSP_valid */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0A,/* [2800] OBJ_id_pkix_OCSP_path */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,0x0B,/* [2809] OBJ_id_pkix_OCSP_trustRoot */
+! 0x2B,0x0E,0x03,0x02,                         /* [2818] OBJ_algorithm */
+! 0x2B,0x0E,0x03,0x02,0x0B,                    /* [2822] OBJ_rsaSignature */
+! 0x55,0x08,                                   /* [2827] OBJ_X500algorithms */
+! 0x2B,                                        /* [2829] OBJ_org */
+! 0x2B,0x06,                                   /* [2830] OBJ_dod */
+! 0x2B,0x06,0x01,                              /* [2832] OBJ_iana */
+! 0x2B,0x06,0x01,0x01,                         /* [2835] OBJ_Directory */
+! 0x2B,0x06,0x01,0x02,                         /* [2839] OBJ_Management */
+! 0x2B,0x06,0x01,0x03,                         /* [2843] OBJ_Experimental */
+! 0x2B,0x06,0x01,0x04,                         /* [2847] OBJ_Private */
+! 0x2B,0x06,0x01,0x05,                         /* [2851] OBJ_Security */
+! 0x2B,0x06,0x01,0x06,                         /* [2855] OBJ_SNMPv2 */
+! 0x2B,0x06,0x01,0x07,                         /* [2859] OBJ_Mail */
+! 0x2B,0x06,0x01,0x04,0x01,                    /* [2863] OBJ_Enterprises */
+! 0x2B,0x06,0x01,0x04,0x01,0x8B,0x3A,0x82,0x58,/* [2868] OBJ_dcObject */
+! 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x01,0x19,/* [2877] OBJ_domainComponent */
+! 0x09,0x92,0x26,0x89,0x93,0xF2,0x2C,0x64,0x04,0x0D,/* [2887] OBJ_Domain */
+! 0x50,                                        /* [2897] OBJ_joint_iso_ccitt */
+! 0x55,0x01,0x05,                              /* [2898] OBJ_selected_attribute_types */
+! 0x55,0x01,0x05,0x37,                         /* [2901] OBJ_clearance */
+! 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x01,0x03,/* [2905] OBJ_md4WithRSAEncryption */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0A,     /* [2914] OBJ_ac_proxying */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x0B,     /* [2922] OBJ_sinfo_access */
+! 0x2B,0x06,0x01,0x05,0x05,0x07,0x0A,0x06,     /* [2930] OBJ_id_aca_encAttrs */
+! 0x55,0x04,0x48,                              /* [2938] OBJ_role */
+! 0x55,0x1D,0x24,                              /* [2941] OBJ_policy_constraints */
+! 0x55,0x1D,0x37,                              /* [2944] OBJ_target_information */
+! 0x55,0x1D,0x38,                              /* [2947] OBJ_no_rev_avail */
+! 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [2950] OBJ_ms_smartcard_login */
+! 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [2960] OBJ_ms_upn */
+  };
+  
+  static ASN1_OBJECT nid_objs[NUM_NID]={
+***************
+*** 576,582 ****
+  {"G","givenName",NID_givenName,3,&(lvalues[535]),0},
+  {"S","surname",NID_surname,3,&(lvalues[538]),0},
+  {"I","initials",NID_initials,3,&(lvalues[541]),0},
+! {"UID","uniqueIdentifier",NID_uniqueIdentifier,3,&(lvalues[544]),0},
+  {"crlDistributionPoints","X509v3 CRL Distribution Points",
+  	NID_crl_distribution_points,3,&(lvalues[547]),0},
+  {"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[550]),0},
+--- 589,596 ----
+  {"G","givenName",NID_givenName,3,&(lvalues[535]),0},
+  {"S","surname",NID_surname,3,&(lvalues[538]),0},
+  {"I","initials",NID_initials,3,&(lvalues[541]),0},
+! {"uniqueIdentifier","uniqueIdentifier",NID_uniqueIdentifier,3,
+! 	&(lvalues[544]),0},
+  {"crlDistributionPoints","X509v3 CRL Distribution Points",
+  	NID_crl_distribution_points,3,&(lvalues[547]),0},
+  {"RSA-NP-MD5","md5WithRSA",NID_md5WithRSA,5,&(lvalues[550]),0},
+***************
+*** 985,1050 ****
+  	&(lvalues[2591]),0},
+  {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
+  	8,&(lvalues[2599]),0},
+! {"id-pda-pseudonym","id-pda-pseudonym",NID_id_pda_pseudonym,8,
+! 	&(lvalues[2607]),0},
+! {"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2615]),0},
+  {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
+! 	NID_id_pda_countryOfCitizenship,8,&(lvalues[2623]),0},
+  {"id-pda-countryOfResidence","id-pda-countryOfResidence",
+! 	NID_id_pda_countryOfResidence,8,&(lvalues[2631]),0},
+  {"id-aca-authenticationInfo","id-aca-authenticationInfo",
+! 	NID_id_aca_authenticationInfo,8,&(lvalues[2639]),0},
+  {"id-aca-accessIdentity","id-aca-accessIdentity",
+! 	NID_id_aca_accessIdentity,8,&(lvalues[2647]),0},
+  {"id-aca-chargingIdentity","id-aca-chargingIdentity",
+! 	NID_id_aca_chargingIdentity,8,&(lvalues[2655]),0},
+! {"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2663]),0},
+! {"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2671]),0},
+  {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
+! 	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2679]),0},
+! {"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2687]),0},
+  {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
+! 	&(lvalues[2695]),0},
+  {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
+! 	&(lvalues[2703]),0},
+  {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
+! 	&(lvalues[2711]),0},
+! {"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2719]),0},
+  {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
+! 	&(lvalues[2727]),0},
+! {"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2736]),0},
+! {"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2745]),0},
+  {"acceptableResponses","Acceptable OCSP Responses",
+! 	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2754]),0},
+! {"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2763]),0},
+  {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
+! 	9,&(lvalues[2772]),0},
+  {"serviceLocator","OCSP Service Locator",
+! 	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2781]),0},
+  {"extendedStatus","Extended OCSP Status",
+! 	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2790]),0},
+! {"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2799]),0},
+! {"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2808]),0},
+  {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
+! 	&(lvalues[2817]),0},
+! {"algorithm","algorithm",NID_algorithm,4,&(lvalues[2826]),0},
+! {"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2830]),0},
+  {"X500algorithms","directory services - algorithms",
+! 	NID_X500algorithms,2,&(lvalues[2835]),0},
+! {"ORG","org",NID_org,1,&(lvalues[2837]),0},
+! {"DOD","dod",NID_dod,2,&(lvalues[2838]),0},
+! {"IANA","iana",NID_iana,3,&(lvalues[2840]),0},
+! {"directory","Directory",NID_Directory,4,&(lvalues[2843]),0},
+! {"mgmt","Management",NID_Management,4,&(lvalues[2847]),0},
+! {"experimental","Experimental",NID_Experimental,4,&(lvalues[2851]),0},
+! {"private","Private",NID_Private,4,&(lvalues[2855]),0},
+! {"security","Security",NID_Security,4,&(lvalues[2859]),0},
+! {"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2863]),0},
+! {"mail","Mail",NID_Mail,4,&(lvalues[2867]),0},
+! {"enterprises","Enterprises",NID_Enterprises,1,&(lvalues[2871]),0},
+! {"dcobject","dcObject",NID_dcObject,3,&(lvalues[2872]),0},
+! {"DC","domainComponent",NID_domainComponent,10,&(lvalues[2875]),0},
+! {"domain","Domain",NID_Domain,10,&(lvalues[2885]),0},
+  };
+  
+  static ASN1_OBJECT *sn_objs[NUM_SN]={
+--- 999,1086 ----
+  	&(lvalues[2591]),0},
+  {"id-pda-placeOfBirth","id-pda-placeOfBirth",NID_id_pda_placeOfBirth,
+  	8,&(lvalues[2599]),0},
+! {NULL,NULL,NID_undef,0,NULL},
+! {"id-pda-gender","id-pda-gender",NID_id_pda_gender,8,&(lvalues[2607]),0},
+  {"id-pda-countryOfCitizenship","id-pda-countryOfCitizenship",
+! 	NID_id_pda_countryOfCitizenship,8,&(lvalues[2615]),0},
+  {"id-pda-countryOfResidence","id-pda-countryOfResidence",
+! 	NID_id_pda_countryOfResidence,8,&(lvalues[2623]),0},
+  {"id-aca-authenticationInfo","id-aca-authenticationInfo",
+! 	NID_id_aca_authenticationInfo,8,&(lvalues[2631]),0},
+  {"id-aca-accessIdentity","id-aca-accessIdentity",
+! 	NID_id_aca_accessIdentity,8,&(lvalues[2639]),0},
+  {"id-aca-chargingIdentity","id-aca-chargingIdentity",
+! 	NID_id_aca_chargingIdentity,8,&(lvalues[2647]),0},
+! {"id-aca-group","id-aca-group",NID_id_aca_group,8,&(lvalues[2655]),0},
+! {"id-aca-role","id-aca-role",NID_id_aca_role,8,&(lvalues[2663]),0},
+  {"id-qcs-pkixQCSyntax-v1","id-qcs-pkixQCSyntax-v1",
+! 	NID_id_qcs_pkixQCSyntax_v1,8,&(lvalues[2671]),0},
+! {"id-cct-crs","id-cct-crs",NID_id_cct_crs,8,&(lvalues[2679]),0},
+  {"id-cct-PKIData","id-cct-PKIData",NID_id_cct_PKIData,8,
+! 	&(lvalues[2687]),0},
+  {"id-cct-PKIResponse","id-cct-PKIResponse",NID_id_cct_PKIResponse,8,
+! 	&(lvalues[2695]),0},
+  {"ad_timestamping","AD Time Stamping",NID_ad_timeStamping,8,
+! 	&(lvalues[2703]),0},
+! {"AD_DVCS","ad dvcs",NID_ad_dvcs,8,&(lvalues[2711]),0},
+  {"basicOCSPResponse","Basic OCSP Response",NID_id_pkix_OCSP_basic,9,
+! 	&(lvalues[2719]),0},
+! {"Nonce","OCSP Nonce",NID_id_pkix_OCSP_Nonce,9,&(lvalues[2728]),0},
+! {"CrlID","OCSP CRL ID",NID_id_pkix_OCSP_CrlID,9,&(lvalues[2737]),0},
+  {"acceptableResponses","Acceptable OCSP Responses",
+! 	NID_id_pkix_OCSP_acceptableResponses,9,&(lvalues[2746]),0},
+! {"noCheck","noCheck",NID_id_pkix_OCSP_noCheck,9,&(lvalues[2755]),0},
+  {"archiveCutoff","OCSP Archive Cutoff",NID_id_pkix_OCSP_archiveCutoff,
+! 	9,&(lvalues[2764]),0},
+  {"serviceLocator","OCSP Service Locator",
+! 	NID_id_pkix_OCSP_serviceLocator,9,&(lvalues[2773]),0},
+  {"extendedStatus","Extended OCSP Status",
+! 	NID_id_pkix_OCSP_extendedStatus,9,&(lvalues[2782]),0},
+! {"valid","valid",NID_id_pkix_OCSP_valid,9,&(lvalues[2791]),0},
+! {"path","path",NID_id_pkix_OCSP_path,9,&(lvalues[2800]),0},
+  {"trustRoot","Trust Root",NID_id_pkix_OCSP_trustRoot,9,
+! 	&(lvalues[2809]),0},
+! {"algorithm","algorithm",NID_algorithm,4,&(lvalues[2818]),0},
+! {"rsaSignature","rsaSignature",NID_rsaSignature,5,&(lvalues[2822]),0},
+  {"X500algorithms","directory services - algorithms",
+! 	NID_X500algorithms,2,&(lvalues[2827]),0},
+! {"ORG","org",NID_org,1,&(lvalues[2829]),0},
+! {"DOD","dod",NID_dod,2,&(lvalues[2830]),0},
+! {"IANA","iana",NID_iana,3,&(lvalues[2832]),0},
+! {"directory","Directory",NID_Directory,4,&(lvalues[2835]),0},
+! {"mgmt","Management",NID_Management,4,&(lvalues[2839]),0},
+! {"experimental","Experimental",NID_Experimental,4,&(lvalues[2843]),0},
+! {"private","Private",NID_Private,4,&(lvalues[2847]),0},
+! {"security","Security",NID_Security,4,&(lvalues[2851]),0},
+! {"snmpv2","SNMPv2",NID_SNMPv2,4,&(lvalues[2855]),0},
+! {"mail","Mail",NID_Mail,4,&(lvalues[2859]),0},
+! {"enterprises","Enterprises",NID_Enterprises,5,&(lvalues[2863]),0},
+! {"dcobject","dcObject",NID_dcObject,9,&(lvalues[2868]),0},
+! {"DC","domainComponent",NID_domainComponent,10,&(lvalues[2877]),0},
+! {"domain","Domain",NID_Domain,10,&(lvalues[2887]),0},
+! {"JOINT-ISO-CCITT","joint-iso-ccitt",NID_joint_iso_ccitt,1,
+! 	&(lvalues[2897]),0},
+! {"selected-attribute-types","Selected Attribute Types",
+! 	NID_selected_attribute_types,3,&(lvalues[2898]),0},
+! {"clearance","clearance",NID_clearance,4,&(lvalues[2901]),0},
+! {"RSA-MD4","md4WithRSAEncryption",NID_md4WithRSAEncryption,9,
+! 	&(lvalues[2905]),0},
+! {"ac-proxying","ac-proxying",NID_ac_proxying,8,&(lvalues[2914]),0},
+! {"subjectInfoAccess","Subject Information Access",NID_sinfo_access,8,
+! 	&(lvalues[2922]),0},
+! {"id-aca-encAttrs","id-aca-encAttrs",NID_id_aca_encAttrs,8,
+! 	&(lvalues[2930]),0},
+! {"role","role",NID_role,3,&(lvalues[2938]),0},
+! {"policyConstraints","X509v3 Policy Constraints",
+! 	NID_policy_constraints,3,&(lvalues[2941]),0},
+! {"targetInformation","X509v3 AC Targeting",NID_target_information,3,
+! 	&(lvalues[2944]),0},
+! {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
+! 	&(lvalues[2947]),0},
+! {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
+! 	10,&(lvalues[2950]),0},
+! {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
+! 	&(lvalues[2960]),0},
+  };
+  
+  static ASN1_OBJECT *sn_objs[NUM_SN]={
+***************
+*** 1093,1098 ****
+--- 1129,1135 ----
+  &(nid_objs[46]),/* "IDEA-OFB" */
+  &(nid_objs[181]),/* "ISO" */
+  &(nid_objs[183]),/* "ISO-US" */
++ &(nid_objs[393]),/* "JOINT-ISO-CCITT" */
+  &(nid_objs[15]),/* "L" */
+  &(nid_objs[ 3]),/* "MD2" */
+  &(nid_objs[257]),/* "MD4" */
+***************
+*** 1138,1143 ****
+--- 1175,1181 ----
+  &(nid_objs[124]),/* "RLE" */
+  &(nid_objs[19]),/* "RSA" */
+  &(nid_objs[ 7]),/* "RSA-MD2" */
++ &(nid_objs[396]),/* "RSA-MD4" */
+  &(nid_objs[ 8]),/* "RSA-MD5" */
+  &(nid_objs[96]),/* "RSA-MDC2" */
+  &(nid_objs[104]),/* "RSA-NP-MD5" */
+***************
+*** 1154,1160 ****
+  &(nid_objs[16]),/* "ST" */
+  &(nid_objs[143]),/* "SXNetID" */
+  &(nid_objs[106]),/* "T" */
+- &(nid_objs[102]),/* "UID" */
+  &(nid_objs[ 0]),/* "UNDEF" */
+  &(nid_objs[11]),/* "X500" */
+  &(nid_objs[378]),/* "X500algorithms" */
+--- 1192,1197 ----
+***************
+*** 1164,1169 ****
+--- 1201,1207 ----
+  &(nid_objs[125]),/* "ZLIB" */
+  &(nid_objs[289]),/* "aaControls" */
+  &(nid_objs[287]),/* "ac-auditEntity" */
++ &(nid_objs[397]),/* "ac-proxying" */
+  &(nid_objs[288]),/* "ac-targeting" */
+  &(nid_objs[368]),/* "acceptableResponses" */
+  &(nid_objs[363]),/* "ad_timestamping" */
+***************
+*** 1178,1183 ****
+--- 1216,1222 ----
+  &(nid_objs[152]),/* "certBag" */
+  &(nid_objs[89]),/* "certificatePolicies" */
+  &(nid_objs[54]),/* "challengePassword" */
++ &(nid_objs[395]),/* "clearance" */
+  &(nid_objs[130]),/* "clientAuth" */
+  &(nid_objs[131]),/* "codeSigning" */
+  &(nid_objs[50]),/* "contentType" */
+***************
+*** 1204,1209 ****
+--- 1243,1249 ----
+  &(nid_objs[355]),/* "id-aca-accessIdentity" */
+  &(nid_objs[354]),/* "id-aca-authenticationInfo" */
+  &(nid_objs[356]),/* "id-aca-chargingIdentity" */
++ &(nid_objs[399]),/* "id-aca-encAttrs" */
+  &(nid_objs[357]),/* "id-aca-group" */
+  &(nid_objs[358]),/* "id-aca-role" */
+  &(nid_objs[176]),/* "id-ad" */
+***************
+*** 1275,1281 ****
+  &(nid_objs[348]),/* "id-pda-dateOfBirth" */
+  &(nid_objs[351]),/* "id-pda-gender" */
+  &(nid_objs[349]),/* "id-pda-placeOfBirth" */
+- &(nid_objs[350]),/* "id-pda-pseudonym" */
+  &(nid_objs[175]),/* "id-pe" */
+  &(nid_objs[261]),/* "id-pkip" */
+  &(nid_objs[258]),/* "id-pkix-mod" */
+--- 1315,1320 ----
+***************
+*** 1384,1391 ****
+--- 1423,1433 ----
+  &(nid_objs[138]),/* "msEFS" */
+  &(nid_objs[171]),/* "msExtReq" */
+  &(nid_objs[137]),/* "msSGC" */
++ &(nid_objs[404]),/* "msSmartcardLogin" */
++ &(nid_objs[405]),/* "msUPN" */
+  &(nid_objs[173]),/* "name" */
+  &(nid_objs[369]),/* "noCheck" */
++ &(nid_objs[403]),/* "noRevAvail" */
+  &(nid_objs[72]),/* "nsBaseUrl" */
+  &(nid_objs[76]),/* "nsCaPolicyUrl" */
+  &(nid_objs[74]),/* "nsCaRevocationUrl" */
+***************
+*** 1413,1421 ****
+--- 1455,1465 ----
+  &(nid_objs[22]),/* "pkcs7-signedData" */
+  &(nid_objs[151]),/* "pkcs8ShroudedKeyBag" */
+  &(nid_objs[47]),/* "pkcs9" */
++ &(nid_objs[401]),/* "policyConstraints" */
+  &(nid_objs[385]),/* "private" */
+  &(nid_objs[84]),/* "privateKeyUsagePeriod" */
+  &(nid_objs[286]),/* "qcStatements" */
++ &(nid_objs[400]),/* "role" */
+  &(nid_objs[ 6]),/* "rsaEncryption" */
+  &(nid_objs[377]),/* "rsaSignature" */
+  &(nid_objs[ 1]),/* "rsadsi" */
+***************
+*** 1426,1440 ****
+--- 1470,1488 ----
+  &(nid_objs[159]),/* "sdsiCertificate" */
+  &(nid_objs[154]),/* "secretBag" */
+  &(nid_objs[386]),/* "security" */
++ &(nid_objs[394]),/* "selected-attribute-types" */
+  &(nid_objs[129]),/* "serverAuth" */
+  &(nid_objs[371]),/* "serviceLocator" */
+  &(nid_objs[52]),/* "signingTime" */
+  &(nid_objs[387]),/* "snmpv2" */
+  &(nid_objs[85]),/* "subjectAltName" */
++ &(nid_objs[398]),/* "subjectInfoAccess" */
+  &(nid_objs[82]),/* "subjectKeyIdentifier" */
++ &(nid_objs[402]),/* "targetInformation" */
+  &(nid_objs[293]),/* "textNotice" */
+  &(nid_objs[133]),/* "timeStamping" */
+  &(nid_objs[375]),/* "trustRoot" */
++ &(nid_objs[102]),/* "uniqueIdentifier" */
+  &(nid_objs[55]),/* "unstructuredAddress" */
+  &(nid_objs[49]),/* "unstructuredName" */
+  &(nid_objs[373]),/* "valid" */
+***************
+*** 1470,1476 ****
+--- 1518,1526 ----
+  &(nid_objs[171]),/* "Microsoft Extension Request" */
+  &(nid_objs[134]),/* "Microsoft Individual Code Signing" */
+  &(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
++ &(nid_objs[404]),/* "Microsoft Smartcardlogin" */
+  &(nid_objs[136]),/* "Microsoft Trust List Signing" */
++ &(nid_objs[405]),/* "Microsoft Universal Principal Name" */
+  &(nid_objs[72]),/* "Netscape Base Url" */
+  &(nid_objs[76]),/* "Netscape CA Policy Url" */
+  &(nid_objs[74]),/* "Netscape CA Revocation Url" */
+***************
+*** 1503,1514 ****
+--- 1553,1567 ----
+  &(nid_objs[167]),/* "S/MIME Capabilities" */
+  &(nid_objs[387]),/* "SNMPv2" */
+  &(nid_objs[386]),/* "Security" */
++ &(nid_objs[394]),/* "Selected Attribute Types" */
+  &(nid_objs[143]),/* "Strong Extranet ID" */
++ &(nid_objs[398]),/* "Subject Information Access" */
+  &(nid_objs[130]),/* "TLS Web Client Authentication" */
+  &(nid_objs[129]),/* "TLS Web Server Authentication" */
+  &(nid_objs[133]),/* "Time Stamping" */
+  &(nid_objs[375]),/* "Trust Root" */
+  &(nid_objs[12]),/* "X509" */
++ &(nid_objs[402]),/* "X509v3 AC Targeting" */
+  &(nid_objs[90]),/* "X509v3 Authority Key Identifier" */
+  &(nid_objs[87]),/* "X509v3 Basic Constraints" */
+  &(nid_objs[103]),/* "X509v3 CRL Distribution Points" */
+***************
+*** 1519,1524 ****
+--- 1572,1579 ----
+  &(nid_objs[126]),/* "X509v3 Extended Key Usage" */
+  &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
+  &(nid_objs[83]),/* "X509v3 Key Usage" */
++ &(nid_objs[403]),/* "X509v3 No Revocation Available" */
++ &(nid_objs[401]),/* "X509v3 Policy Constraints" */
+  &(nid_objs[84]),/* "X509v3 Private Key Usage Period" */
+  &(nid_objs[85]),/* "X509v3 Subject Alternative Name" */
+  &(nid_objs[82]),/* "X509v3 Subject Key Identifier" */
+***************
+*** 1526,1531 ****
+--- 1581,1587 ----
+  &(nid_objs[185]),/* "X9.57 CM ?" */
+  &(nid_objs[289]),/* "aaControls" */
+  &(nid_objs[287]),/* "ac-auditEntity" */
++ &(nid_objs[397]),/* "ac-proxying" */
+  &(nid_objs[288]),/* "ac-targeting" */
+  &(nid_objs[364]),/* "ad dvcs" */
+  &(nid_objs[376]),/* "algorithm" */
+***************
+*** 1539,1544 ****
+--- 1595,1601 ----
+  &(nid_objs[111]),/* "cast5-ofb" */
+  &(nid_objs[152]),/* "certBag" */
+  &(nid_objs[54]),/* "challengePassword" */
++ &(nid_objs[395]),/* "clearance" */
+  &(nid_objs[13]),/* "commonName" */
+  &(nid_objs[50]),/* "contentType" */
+  &(nid_objs[53]),/* "countersignature" */
+***************
+*** 1581,1586 ****
+--- 1638,1644 ----
+  &(nid_objs[355]),/* "id-aca-accessIdentity" */
+  &(nid_objs[354]),/* "id-aca-authenticationInfo" */
+  &(nid_objs[356]),/* "id-aca-chargingIdentity" */
++ &(nid_objs[399]),/* "id-aca-encAttrs" */
+  &(nid_objs[357]),/* "id-aca-group" */
+  &(nid_objs[358]),/* "id-aca-role" */
+  &(nid_objs[176]),/* "id-ad" */
+***************
+*** 1652,1658 ****
+  &(nid_objs[348]),/* "id-pda-dateOfBirth" */
+  &(nid_objs[351]),/* "id-pda-gender" */
+  &(nid_objs[349]),/* "id-pda-placeOfBirth" */
+- &(nid_objs[350]),/* "id-pda-pseudonym" */
+  &(nid_objs[175]),/* "id-pe" */
+  &(nid_objs[261]),/* "id-pkip" */
+  &(nid_objs[258]),/* "id-pkix-mod" */
+--- 1710,1715 ----
+***************
+*** 1747,1758 ****
+--- 1804,1817 ----
+  &(nid_objs[46]),/* "idea-ofb" */
+  &(nid_objs[101]),/* "initials" */
+  &(nid_objs[181]),/* "iso" */
++ &(nid_objs[393]),/* "joint-iso-ccitt" */
+  &(nid_objs[150]),/* "keyBag" */
+  &(nid_objs[157]),/* "localKeyID" */
+  &(nid_objs[15]),/* "localityName" */
+  &(nid_objs[ 3]),/* "md2" */
+  &(nid_objs[ 7]),/* "md2WithRSAEncryption" */
+  &(nid_objs[257]),/* "md4" */
++ &(nid_objs[396]),/* "md4WithRSAEncryption" */
+  &(nid_objs[ 4]),/* "md5" */
+  &(nid_objs[114]),/* "md5-sha1" */
+  &(nid_objs[104]),/* "md5WithRSA" */
+***************
+*** 1806,1811 ****
+--- 1865,1871 ----
+  &(nid_objs[123]),/* "rc5-ofb" */
+  &(nid_objs[117]),/* "ripemd160" */
+  &(nid_objs[119]),/* "ripemd160WithRSA" */
++ &(nid_objs[400]),/* "role" */
+  &(nid_objs[19]),/* "rsa" */
+  &(nid_objs[ 6]),/* "rsaEncryption" */
+  &(nid_objs[377]),/* "rsaSignature" */
+***************
+*** 1839,1848 ****
+  
+  static ASN1_OBJECT *obj_objs[NUM_OBJ]={
+  &(nid_objs[ 0]),/* OBJ_undef                        0 */
+- &(nid_objs[389]),/* OBJ_Enterprises                   1 */
+  &(nid_objs[181]),/* OBJ_iso                          1 */
+  &(nid_objs[182]),/* OBJ_member_body                  1 2 */
+  &(nid_objs[379]),/* OBJ_org                          1 3 */
+  &(nid_objs[11]),/* OBJ_X500                         2 5 */
+  &(nid_objs[380]),/* OBJ_dod                          1 3 6 */
+  &(nid_objs[12]),/* OBJ_X509                         2 5 4 */
+--- 1899,1908 ----
+  
+  static ASN1_OBJECT *obj_objs[NUM_OBJ]={
+  &(nid_objs[ 0]),/* OBJ_undef                        0 */
+  &(nid_objs[181]),/* OBJ_iso                          1 */
+  &(nid_objs[182]),/* OBJ_member_body                  1 2 */
+  &(nid_objs[379]),/* OBJ_org                          1 3 */
++ &(nid_objs[393]),/* OBJ_joint_iso_ccitt              2 */
+  &(nid_objs[11]),/* OBJ_X500                         2 5 */
+  &(nid_objs[380]),/* OBJ_dod                          1 3 6 */
+  &(nid_objs[12]),/* OBJ_X509                         2 5 4 */
+***************
+*** 1850,1855 ****
+--- 1910,1916 ----
+  &(nid_objs[81]),/* OBJ_id_ce                        2 5 29 */
+  &(nid_objs[183]),/* OBJ_ISO_US                       1 2 840 */
+  &(nid_objs[381]),/* OBJ_iana                         1 3 6 1 */
++ &(nid_objs[394]),/* OBJ_selected_attribute_types     2 5 1 5 */
+  &(nid_objs[13]),/* OBJ_commonName                   2 5 4 3 */
+  &(nid_objs[100]),/* OBJ_surname                      2 5 4 4 */
+  &(nid_objs[105]),/* OBJ_serialNumber                 2 5 4 5 */
+***************
+*** 1865,1870 ****
+--- 1926,1932 ----
+  &(nid_objs[101]),/* OBJ_initials                     2 5 4 43 */
+  &(nid_objs[102]),/* OBJ_uniqueIdentifier             2 5 4 45 */
+  &(nid_objs[174]),/* OBJ_dnQualifier                  2 5 4 46 */
++ &(nid_objs[400]),/* OBJ_role                         2 5 4 72 */
+  &(nid_objs[82]),/* OBJ_subject_key_identifier       2 5 29 14 */
+  &(nid_objs[83]),/* OBJ_key_usage                    2 5 29 15 */
+  &(nid_objs[84]),/* OBJ_private_key_usage_period     2 5 29 16 */
+***************
+*** 1878,1885 ****
+  &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
+  &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
+  &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
+  &(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
+! &(nid_objs[390]),/* OBJ_dcObject                      1466 344 */
+  &(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
+  &(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
+  &(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
+--- 1940,1949 ----
+  &(nid_objs[103]),/* OBJ_crl_distribution_points      2 5 29 31 */
+  &(nid_objs[89]),/* OBJ_certificate_policies         2 5 29 32 */
+  &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
++ &(nid_objs[401]),/* OBJ_policy_constraints           2 5 29 36 */
+  &(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
+! &(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */
+! &(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */
+  &(nid_objs[382]),/* OBJ_Directory                    1 3 6 1 1 */
+  &(nid_objs[383]),/* OBJ_Management                   1 3 6 1 2 */
+  &(nid_objs[384]),/* OBJ_Experimental                 1 3 6 1 3 */
+***************
+*** 1888,1897 ****
+--- 1952,1963 ----
+  &(nid_objs[387]),/* OBJ_SNMPv2                       1 3 6 1 6 */
+  &(nid_objs[388]),/* OBJ_Mail                         1 3 6 1 7 */
+  &(nid_objs[376]),/* OBJ_algorithm                    1 3 14 3 2 */
++ &(nid_objs[395]),/* OBJ_clearance                    2 5 1 5 55 */
+  &(nid_objs[19]),/* OBJ_rsa                          2 5 8 1 1 */
+  &(nid_objs[96]),/* OBJ_mdc2WithRSA                  2 5 8 3 100 */
+  &(nid_objs[95]),/* OBJ_mdc2                         2 5 8 3 101 */
+  &(nid_objs[184]),/* OBJ_X9_57                        1 2 840 10040 */
++ &(nid_objs[389]),/* OBJ_Enterprises                  1 3 6 1 4 1 */
+  &(nid_objs[104]),/* OBJ_md5WithRSA                   1 3 14 3 2 3 */
+  &(nid_objs[29]),/* OBJ_des_ecb                      1 3 14 3 2 6 */
+  &(nid_objs[31]),/* OBJ_des_cbc                      1 3 14 3 2 7 */
+***************
+*** 1970,1975 ****
+--- 2036,2043 ----
+  &(nid_objs[290]),/* OBJ_sbqp_ipAddrBlock             1 3 6 1 5 5 7 1 7 */
+  &(nid_objs[291]),/* OBJ_sbqp_autonomousSysNum        1 3 6 1 5 5 7 1 8 */
+  &(nid_objs[292]),/* OBJ_sbqp_routerIdentifier        1 3 6 1 5 5 7 1 9 */
++ &(nid_objs[397]),/* OBJ_ac_proxying                  1 3 6 1 5 5 7 1 10 */
++ &(nid_objs[398]),/* OBJ_sinfo_access                 1 3 6 1 5 5 7 1 11 */
+  &(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
+  &(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
+  &(nid_objs[293]),/* OBJ_textNotice                   1 3 6 1 5 5 7 2 3 */
+***************
+*** 2027,2041 ****
+  &(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+  &(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+  &(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+! &(nid_objs[350]),/* OBJ_id_pda_pseudonym             1 3 6 1 5 5 7 9 3 */
+! &(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 4 */
+! &(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 5 */
+! &(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 6 */
+  &(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+  &(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+  &(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+  &(nid_objs[357]),/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+  &(nid_objs[358]),/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
+  &(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+  &(nid_objs[360]),/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+  &(nid_objs[361]),/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+--- 2095,2109 ----
+  &(nid_objs[347]),/* OBJ_id_on_personalData           1 3 6 1 5 5 7 8 1 */
+  &(nid_objs[348]),/* OBJ_id_pda_dateOfBirth           1 3 6 1 5 5 7 9 1 */
+  &(nid_objs[349]),/* OBJ_id_pda_placeOfBirth          1 3 6 1 5 5 7 9 2 */
+! &(nid_objs[351]),/* OBJ_id_pda_gender                1 3 6 1 5 5 7 9 3 */
+! &(nid_objs[352]),/* OBJ_id_pda_countryOfCitizenship  1 3 6 1 5 5 7 9 4 */
+! &(nid_objs[353]),/* OBJ_id_pda_countryOfResidence    1 3 6 1 5 5 7 9 5 */
+  &(nid_objs[354]),/* OBJ_id_aca_authenticationInfo    1 3 6 1 5 5 7 10 1 */
+  &(nid_objs[355]),/* OBJ_id_aca_accessIdentity        1 3 6 1 5 5 7 10 2 */
+  &(nid_objs[356]),/* OBJ_id_aca_chargingIdentity      1 3 6 1 5 5 7 10 3 */
+  &(nid_objs[357]),/* OBJ_id_aca_group                 1 3 6 1 5 5 7 10 4 */
+  &(nid_objs[358]),/* OBJ_id_aca_role                  1 3 6 1 5 5 7 10 5 */
++ &(nid_objs[399]),/* OBJ_id_aca_encAttrs              1 3 6 1 5 5 7 10 6 */
+  &(nid_objs[359]),/* OBJ_id_qcs_pkixQCSyntax_v1       1 3 6 1 5 5 7 11 1 */
+  &(nid_objs[360]),/* OBJ_id_cct_crs                   1 3 6 1 5 5 7 12 1 */
+  &(nid_objs[361]),/* OBJ_id_cct_PKIData               1 3 6 1 5 5 7 12 2 */
+***************
+*** 2050,2055 ****
+--- 2118,2124 ----
+  &(nid_objs[112]),/* OBJ_pbeWithMD5AndCast5_CBC       1 2 840 113533 7 66 12 */
+  &(nid_objs[ 6]),/* OBJ_rsaEncryption                1 2 840 113549 1 1 1 */
+  &(nid_objs[ 7]),/* OBJ_md2WithRSAEncryption         1 2 840 113549 1 1 2 */
++ &(nid_objs[396]),/* OBJ_md4WithRSAEncryption         1 2 840 113549 1 1 3 */
+  &(nid_objs[ 8]),/* OBJ_md5WithRSAEncryption         1 2 840 113549 1 1 4 */
+  &(nid_objs[65]),/* OBJ_sha1WithRSAEncryption        1 2 840 113549 1 1 5 */
+  &(nid_objs[28]),/* OBJ_dhKeyAgreement               1 2 840 113549 1 3 1 */
+***************
+*** 2082,2087 ****
+--- 2151,2157 ----
+  &(nid_objs[188]),/* OBJ_SMIME                        1 2 840 113549 1 9 16 */
+  &(nid_objs[156]),/* OBJ_friendlyName                 1 2 840 113549 1 9 20 */
+  &(nid_objs[157]),/* OBJ_localKeyID                   1 2 840 113549 1 9 21 */
++ &(nid_objs[390]),/* OBJ_dcObject                     1 3 6 1 4 1 1466 344 */
+  &(nid_objs[91]),/* OBJ_bf_cbc                       1 3 6 1 4 1 3029 1 2 */
+  &(nid_objs[315]),/* OBJ_id_regCtrl_regToken          1 3 6 1 5 5 7 5 1 1 */
+  &(nid_objs[316]),/* OBJ_id_regCtrl_authenticator     1 3 6 1 5 5 7 5 1 2 */
+***************
+*** 2136,2141 ****
+--- 2206,2213 ----
+  &(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+  &(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+  &(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
++ &(nid_objs[404]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
++ &(nid_objs[405]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+  &(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+  &(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+  &(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.pl ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.pl
+*** crypto/openssl/crypto/objects/obj_dat.pl	Sun Nov 26 06:33:43 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.pl	Mon Dec  3 08:44:21 2001
+***************
+*** 164,170 ****
+  	}
+  
+  print OUT <<'EOF';
+! /* lib/obj/obj_dat.h */
+  /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+   * All rights reserved.
+   *
+--- 164,176 ----
+  	}
+  
+  print OUT <<'EOF';
+! /* crypto/objects/obj_dat.h */
+! 
+! /* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the
+!  * following command:
+!  * perl obj_dat.pl objects.h obj_dat.h
+!  */
+! 
+  /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+   * All rights reserved.
+   *
+***************
+*** 220,230 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  */
+- 
+- /* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the
+-  * following command:
+-  * perl obj_dat.pl objects.h obj_dat.h
+   */
+  
+  EOF
+--- 226,231 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.h ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.h
+*** crypto/openssl/crypto/objects/obj_mac.h	Sun Nov 26 06:38:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.h	Wed Feb 19 21:58:08 2003
+***************
+*** 1,4 ****
+! /* lib/obj/obj_mac.h */
+  /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+   * All rights reserved.
+   *
+--- 1,10 ----
+! /* crypto/objects/obj_mac.h */
+! 
+! /* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+!  * following command:
+!  * perl objects.pl objects.txt obj_mac.num obj_mac.h
+!  */
+! 
+  /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+   * All rights reserved.
+   *
+***************
+*** 56,66 ****
+   * [including the GNU Public Licence.]
+   */
+  
+- /* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+-  * following command:
+-  * perl objects.pl objects.txt obj_mac.num obj_mac.h
+-  */
+- 
+  #define SN_undef			"UNDEF"
+  #define LN_undef			"undefined"
+  #define NID_undef			0
+--- 62,67 ----
+***************
+*** 71,81 ****
+--- 72,96 ----
+  #define NID_iso		181
+  #define OBJ_iso		1L
+  
++ #define SN_joint_iso_ccitt		"JOINT-ISO-CCITT"
++ #define LN_joint_iso_ccitt		"joint-iso-ccitt"
++ #define NID_joint_iso_ccitt		393
++ #define OBJ_joint_iso_ccitt		2L
++ 
+  #define SN_member_body		"member-body"
+  #define LN_member_body		"ISO Member Body"
+  #define NID_member_body		182
+  #define OBJ_member_body		OBJ_iso,2L
+  
++ #define SN_selected_attribute_types		"selected-attribute-types"
++ #define LN_selected_attribute_types		"Selected Attribute Types"
++ #define NID_selected_attribute_types		394
++ #define OBJ_selected_attribute_types		OBJ_joint_iso_ccitt,5L,1L,5L
++ 
++ #define SN_clearance		"clearance"
++ #define NID_clearance		395
++ #define OBJ_clearance		OBJ_selected_attribute_types,55L
++ 
+  #define SN_ISO_US		"ISO-US"
+  #define LN_ISO_US		"ISO US Member Body"
+  #define NID_ISO_US		183
+***************
+*** 145,150 ****
+--- 160,170 ----
+  #define NID_md2WithRSAEncryption		7
+  #define OBJ_md2WithRSAEncryption		OBJ_pkcs1,2L
+  
++ #define SN_md4WithRSAEncryption		"RSA-MD4"
++ #define LN_md4WithRSAEncryption		"md4WithRSAEncryption"
++ #define NID_md4WithRSAEncryption		396
++ #define OBJ_md4WithRSAEncryption		OBJ_pkcs1,3L
++ 
+  #define SN_md5WithRSAEncryption		"RSA-MD5"
+  #define LN_md5WithRSAEncryption		"md5WithRSAEncryption"
+  #define NID_md5WithRSAEncryption		8
+***************
+*** 760,765 ****
+--- 780,795 ----
+  #define NID_ms_efs		138
+  #define OBJ_ms_efs		1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+  
++ #define SN_ms_smartcard_login		"msSmartcardLogin"
++ #define LN_ms_smartcard_login		"Microsoft Smartcardlogin"
++ #define NID_ms_smartcard_login		404
++ #define OBJ_ms_smartcard_login		1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
++ 
++ #define SN_ms_upn		"msUPN"
++ #define LN_ms_upn		"Microsoft Universal Principal Name"
++ #define NID_ms_upn		405
++ #define OBJ_ms_upn		1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
++ 
+  #define SN_idea_cbc		"IDEA-CBC"
+  #define LN_idea_cbc		"idea-cbc"
+  #define NID_idea_cbc		34
+***************
+*** 956,961 ****
+--- 986,1000 ----
+  #define NID_sbqp_routerIdentifier		292
+  #define OBJ_sbqp_routerIdentifier		OBJ_id_pe,9L
+  
++ #define SN_ac_proxying		"ac-proxying"
++ #define NID_ac_proxying		397
++ #define OBJ_ac_proxying		OBJ_id_pe,10L
++ 
++ #define SN_sinfo_access		"subjectInfoAccess"
++ #define LN_sinfo_access		"Subject Information Access"
++ #define NID_sinfo_access		398
++ #define OBJ_sinfo_access		OBJ_id_pe,11L
++ 
+  #define SN_id_qt_cps		"id-qt-cps"
+  #define LN_id_qt_cps		"Policy Qualifier CPS"
+  #define NID_id_qt_cps		164
+***************
+*** 1228,1248 ****
+  #define NID_id_pda_placeOfBirth		349
+  #define OBJ_id_pda_placeOfBirth		OBJ_id_pda,2L
+  
+- #define SN_id_pda_pseudonym		"id-pda-pseudonym"
+- #define NID_id_pda_pseudonym		350
+- #define OBJ_id_pda_pseudonym		OBJ_id_pda,3L
+- 
+  #define SN_id_pda_gender		"id-pda-gender"
+  #define NID_id_pda_gender		351
+! #define OBJ_id_pda_gender		OBJ_id_pda,4L
+  
+  #define SN_id_pda_countryOfCitizenship		"id-pda-countryOfCitizenship"
+  #define NID_id_pda_countryOfCitizenship		352
+! #define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,5L
+  
+  #define SN_id_pda_countryOfResidence		"id-pda-countryOfResidence"
+  #define NID_id_pda_countryOfResidence		353
+! #define OBJ_id_pda_countryOfResidence		OBJ_id_pda,6L
+  
+  #define SN_id_aca_authenticationInfo		"id-aca-authenticationInfo"
+  #define NID_id_aca_authenticationInfo		354
+--- 1267,1283 ----
+  #define NID_id_pda_placeOfBirth		349
+  #define OBJ_id_pda_placeOfBirth		OBJ_id_pda,2L
+  
+  #define SN_id_pda_gender		"id-pda-gender"
+  #define NID_id_pda_gender		351
+! #define OBJ_id_pda_gender		OBJ_id_pda,3L
+  
+  #define SN_id_pda_countryOfCitizenship		"id-pda-countryOfCitizenship"
+  #define NID_id_pda_countryOfCitizenship		352
+! #define OBJ_id_pda_countryOfCitizenship		OBJ_id_pda,4L
+  
+  #define SN_id_pda_countryOfResidence		"id-pda-countryOfResidence"
+  #define NID_id_pda_countryOfResidence		353
+! #define OBJ_id_pda_countryOfResidence		OBJ_id_pda,5L
+  
+  #define SN_id_aca_authenticationInfo		"id-aca-authenticationInfo"
+  #define NID_id_aca_authenticationInfo		354
+***************
+*** 1264,1269 ****
+--- 1299,1308 ----
+  #define NID_id_aca_role		358
+  #define OBJ_id_aca_role		OBJ_id_aca,5L
+  
++ #define SN_id_aca_encAttrs		"id-aca-encAttrs"
++ #define NID_id_aca_encAttrs		399
++ #define OBJ_id_aca_encAttrs		OBJ_id_aca,6L
++ 
+  #define SN_id_qcs_pkixQCSyntax_v1		"id-qcs-pkixQCSyntax-v1"
+  #define NID_id_qcs_pkixQCSyntax_v1		359
+  #define OBJ_id_qcs_pkixQCSyntax_v1		OBJ_id_qcs,1L
+***************
+*** 1545,1551 ****
+  #define NID_initials		101
+  #define OBJ_initials		OBJ_X509,43L
+  
+- #define SN_uniqueIdentifier		"UID"
+  #define LN_uniqueIdentifier		"uniqueIdentifier"
+  #define NID_uniqueIdentifier		102
+  #define OBJ_uniqueIdentifier		OBJ_X509,45L
+--- 1584,1589 ----
+***************
+*** 1555,1560 ****
+--- 1593,1603 ----
+  #define NID_dnQualifier		174
+  #define OBJ_dnQualifier		OBJ_X509,46L
+  
++ #define SN_role		"role"
++ #define LN_role		"role"
++ #define NID_role		400
++ #define OBJ_role		OBJ_X509,72L
++ 
+  #define SN_X500algorithms		"X500algorithms"
+  #define LN_X500algorithms		"directory services - algorithms"
+  #define NID_X500algorithms		378
+***************
+*** 1644,1654 ****
+--- 1687,1712 ----
+  #define NID_authority_key_identifier		90
+  #define OBJ_authority_key_identifier		OBJ_id_ce,35L
+  
++ #define SN_policy_constraints		"policyConstraints"
++ #define LN_policy_constraints		"X509v3 Policy Constraints"
++ #define NID_policy_constraints		401
++ #define OBJ_policy_constraints		OBJ_id_ce,36L
++ 
+  #define SN_ext_key_usage		"extendedKeyUsage"
+  #define LN_ext_key_usage		"X509v3 Extended Key Usage"
+  #define NID_ext_key_usage		126
+  #define OBJ_ext_key_usage		OBJ_id_ce,37L
+  
++ #define SN_target_information		"targetInformation"
++ #define LN_target_information		"X509v3 AC Targeting"
++ #define NID_target_information		402
++ #define OBJ_target_information		OBJ_id_ce,55L
++ 
++ #define SN_no_rev_avail		"noRevAvail"
++ #define LN_no_rev_avail		"X509v3 No Revocation Available"
++ #define NID_no_rev_avail		403
++ #define OBJ_no_rev_avail		OBJ_id_ce,56L
++ 
+  #define SN_netscape		"Netscape"
+  #define LN_netscape		"Netscape Communications Corp."
+  #define NID_netscape		57
+***************
+*** 1769,1780 ****
+  #define SN_Enterprises		"enterprises"
+  #define LN_Enterprises		"Enterprises"
+  #define NID_Enterprises		389
+! #define OBJ_Enterprises		OBJ_private,1L
+  
+  #define SN_dcObject		"dcobject"
+  #define LN_dcObject		"dcObject"
+  #define NID_dcObject		390
+! #define OBJ_dcObject		OBJ_enterprises,1466L,344L
+  
+  #define SN_domainComponent		"DC"
+  #define LN_domainComponent		"domainComponent"
+--- 1827,1838 ----
+  #define SN_Enterprises		"enterprises"
+  #define LN_Enterprises		"Enterprises"
+  #define NID_Enterprises		389
+! #define OBJ_Enterprises		OBJ_Private,1L
+  
+  #define SN_dcObject		"dcobject"
+  #define LN_dcObject		"dcObject"
+  #define NID_dcObject		390
+! #define OBJ_dcObject		OBJ_Enterprises,1466L,344L
+  
+  #define SN_domainComponent		"DC"
+  #define LN_domainComponent		"domainComponent"
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.num ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.num
+*** crypto/openssl/crypto/objects/obj_mac.num	Sun Nov 26 06:38:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.num	Wed Feb 19 21:58:08 2003
+***************
+*** 390,392 ****
+--- 390,405 ----
+  dcObject		390
+  domainComponent		391
+  Domain		392
++ joint_iso_ccitt		393
++ selected_attribute_types		394
++ clearance		395
++ md4WithRSAEncryption		396
++ ac_proxying		397
++ sinfo_access		398
++ id_aca_encAttrs		399
++ role		400
++ policy_constraints		401
++ target_information		402
++ no_rev_avail		403
++ ms_smartcard_login		404
++ ms_upn		405
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/objects.h ../RELENG_4_6/crypto/openssl/crypto/objects/objects.h
+*** crypto/openssl/crypto/objects/objects.h	Sun Nov 26 06:33:43 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/objects.h	Mon Dec 17 14:23:57 2001
+***************
+*** 452,505 ****
+  #define LN_desx_cbc			"desx-cbc"
+  #define NID_desx_cbc			80
+  
+! #define SN_ld_ce			"ld-ce"
+! #define NID_ld_ce			81
+! #define OBJ_ld_ce			2L,5L,29L
+  
+  #define SN_subject_key_identifier	"subjectKeyIdentifier"
+  #define LN_subject_key_identifier	"X509v3 Subject Key Identifier"
+  #define NID_subject_key_identifier	82
+! #define OBJ_subject_key_identifier	OBJ_ld_ce,14L
+  
+  #define SN_key_usage			"keyUsage"
+  #define LN_key_usage			"X509v3 Key Usage"
+  #define NID_key_usage			83
+! #define OBJ_key_usage			OBJ_ld_ce,15L
+  
+  #define SN_private_key_usage_period	"privateKeyUsagePeriod"
+  #define LN_private_key_usage_period	"X509v3 Private Key Usage Period"
+  #define NID_private_key_usage_period	84
+! #define OBJ_private_key_usage_period	OBJ_ld_ce,16L
+  
+  #define SN_subject_alt_name		"subjectAltName"
+  #define LN_subject_alt_name		"X509v3 Subject Alternative Name"
+  #define NID_subject_alt_name		85
+! #define OBJ_subject_alt_name		OBJ_ld_ce,17L
+  
+  #define SN_issuer_alt_name		"issuerAltName"
+  #define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"
+  #define NID_issuer_alt_name		86
+! #define OBJ_issuer_alt_name		OBJ_ld_ce,18L
+  
+  #define SN_basic_constraints		"basicConstraints"
+  #define LN_basic_constraints		"X509v3 Basic Constraints"
+  #define NID_basic_constraints		87
+! #define OBJ_basic_constraints		OBJ_ld_ce,19L
+  
+  #define SN_crl_number			"crlNumber"
+  #define LN_crl_number			"X509v3 CRL Number"
+  #define NID_crl_number			88
+! #define OBJ_crl_number			OBJ_ld_ce,20L
+  
+  #define SN_certificate_policies		"certificatePolicies"
+  #define LN_certificate_policies		"X509v3 Certificate Policies"
+  #define NID_certificate_policies	89
+! #define OBJ_certificate_policies	OBJ_ld_ce,32L
+  
+  #define SN_authority_key_identifier	"authorityKeyIdentifier"
+  #define LN_authority_key_identifier	"X509v3 Authority Key Identifier"
+  #define NID_authority_key_identifier	90
+! #define OBJ_authority_key_identifier	OBJ_ld_ce,35L
+  
+  #define SN_bf_cbc			"BF-CBC"
+  #define LN_bf_cbc			"bf-cbc"
+--- 452,505 ----
+  #define LN_desx_cbc			"desx-cbc"
+  #define NID_desx_cbc			80
+  
+! #define SN_id_ce			"id-ce"
+! #define NID_id_ce			81
+! #define OBJ_id_ce			2L,5L,29L
+  
+  #define SN_subject_key_identifier	"subjectKeyIdentifier"
+  #define LN_subject_key_identifier	"X509v3 Subject Key Identifier"
+  #define NID_subject_key_identifier	82
+! #define OBJ_subject_key_identifier	OBJ_id_ce,14L
+  
+  #define SN_key_usage			"keyUsage"
+  #define LN_key_usage			"X509v3 Key Usage"
+  #define NID_key_usage			83
+! #define OBJ_key_usage			OBJ_id_ce,15L
+  
+  #define SN_private_key_usage_period	"privateKeyUsagePeriod"
+  #define LN_private_key_usage_period	"X509v3 Private Key Usage Period"
+  #define NID_private_key_usage_period	84
+! #define OBJ_private_key_usage_period	OBJ_id_ce,16L
+  
+  #define SN_subject_alt_name		"subjectAltName"
+  #define LN_subject_alt_name		"X509v3 Subject Alternative Name"
+  #define NID_subject_alt_name		85
+! #define OBJ_subject_alt_name		OBJ_id_ce,17L
+  
+  #define SN_issuer_alt_name		"issuerAltName"
+  #define LN_issuer_alt_name		"X509v3 Issuer Alternative Name"
+  #define NID_issuer_alt_name		86
+! #define OBJ_issuer_alt_name		OBJ_id_ce,18L
+  
+  #define SN_basic_constraints		"basicConstraints"
+  #define LN_basic_constraints		"X509v3 Basic Constraints"
+  #define NID_basic_constraints		87
+! #define OBJ_basic_constraints		OBJ_id_ce,19L
+  
+  #define SN_crl_number			"crlNumber"
+  #define LN_crl_number			"X509v3 CRL Number"
+  #define NID_crl_number			88
+! #define OBJ_crl_number			OBJ_id_ce,20L
+  
+  #define SN_certificate_policies		"certificatePolicies"
+  #define LN_certificate_policies		"X509v3 Certificate Policies"
+  #define NID_certificate_policies	89
+! #define OBJ_certificate_policies	OBJ_id_ce,32L
+  
+  #define SN_authority_key_identifier	"authorityKeyIdentifier"
+  #define LN_authority_key_identifier	"X509v3 Authority Key Identifier"
+  #define NID_authority_key_identifier	90
+! #define OBJ_authority_key_identifier	OBJ_id_ce,35L
+  
+  #define SN_bf_cbc			"BF-CBC"
+  #define LN_bf_cbc			"bf-cbc"
+***************
+*** 560,566 ****
+  #define SN_crl_distribution_points	"crlDistributionPoints"
+  #define LN_crl_distribution_points	"X509v3 CRL Distribution Points"
+  #define NID_crl_distribution_points	103
+! #define OBJ_crl_distribution_points	OBJ_ld_ce,31L
+  
+  #define SN_md5WithRSA			"RSA-NP-MD5"
+  #define LN_md5WithRSA			"md5WithRSA"
+--- 560,566 ----
+  #define SN_crl_distribution_points	"crlDistributionPoints"
+  #define LN_crl_distribution_points	"X509v3 CRL Distribution Points"
+  #define NID_crl_distribution_points	103
+! #define OBJ_crl_distribution_points	OBJ_id_ce,31L
+  
+  #define SN_md5WithRSA			"RSA-NP-MD5"
+  #define LN_md5WithRSA			"md5WithRSA"
+***************
+*** 677,683 ****
+  #define SN_ext_key_usage		"extendedKeyUsage"
+  #define LN_ext_key_usage		"X509v3 Extended Key Usage"
+  #define NID_ext_key_usage		126
+! #define OBJ_ext_key_usage		OBJ_ld_ce,37
+  
+  #define SN_id_pkix			"PKIX"
+  #define NID_id_pkix			127
+--- 677,683 ----
+  #define SN_ext_key_usage		"extendedKeyUsage"
+  #define LN_ext_key_usage		"X509v3 Extended Key Usage"
+  #define NID_ext_key_usage		126
+! #define OBJ_ext_key_usage		OBJ_id_ce,37
+  
+  #define SN_id_pkix			"PKIX"
+  #define NID_id_pkix			127
+***************
+*** 751,767 ****
+  #define SN_delta_crl			"deltaCRL"
+  #define LN_delta_crl			"X509v3 Delta CRL Indicator"
+  #define NID_delta_crl			140
+! #define OBJ_delta_crl			OBJ_ld_ce,27L
+  
+  #define SN_crl_reason			"CRLReason"
+  #define LN_crl_reason			"CRL Reason Code"
+  #define NID_crl_reason			141
+! #define OBJ_crl_reason			OBJ_ld_ce,21L
+  
+  #define SN_invalidity_date		"invalidityDate"
+  #define LN_invalidity_date		"Invalidity Date"
+  #define NID_invalidity_date		142
+! #define OBJ_invalidity_date		OBJ_ld_ce,24L
+  
+  #define SN_sxnet			"SXNetID"
+  #define LN_sxnet			"Strong Extranet ID"
+--- 751,767 ----
+  #define SN_delta_crl			"deltaCRL"
+  #define LN_delta_crl			"X509v3 Delta CRL Indicator"
+  #define NID_delta_crl			140
+! #define OBJ_delta_crl			OBJ_id_ce,27L
+  
+  #define SN_crl_reason			"CRLReason"
+  #define LN_crl_reason			"CRL Reason Code"
+  #define NID_crl_reason			141
+! #define OBJ_crl_reason			OBJ_id_ce,21L
+  
+  #define SN_invalidity_date		"invalidityDate"
+  #define LN_invalidity_date		"Invalidity Date"
+  #define NID_invalidity_date		142
+! #define OBJ_invalidity_date		OBJ_id_ce,24L
+  
+  #define SN_sxnet			"SXNetID"
+  #define LN_sxnet			"Strong Extranet ID"
+***************
+*** 1005,1012 ****
+  int		OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b);
+  char *		OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)(const void *, const void *));
+  
+- void		ERR_load_OBJ_strings(void );
+- 
+  int		OBJ_new_nid(int num);
+  int		OBJ_add_object(ASN1_OBJECT *obj);
+  int		OBJ_create(char *oid,char *sn,char *ln);
+--- 1005,1010 ----
+***************
+*** 1017,1022 ****
+--- 1015,1021 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_OBJ_strings(void);
+  
+  /* Error codes for the OBJ functions. */
+  
+***************
+*** 1035,1038 ****
+  }
+  #endif
+  #endif
+- 
+--- 1034,1036 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/objects.pl ../RELENG_4_6/crypto/openssl/crypto/objects/objects.pl
+*** crypto/openssl/crypto/objects/objects.pl	Sun Nov 26 06:38:45 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/objects.pl	Thu Apr  4 12:56:57 2002
+***************
+*** 114,120 ****
+  
+  open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
+  print OUT <<'EOF';
+! /* lib/obj/obj_mac.h */
+  /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+   * All rights reserved.
+   *
+--- 114,126 ----
+  
+  open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]";
+  print OUT <<'EOF';
+! /* crypto/objects/obj_mac.h */
+! 
+! /* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+!  * following command:
+!  * perl objects.pl objects.txt obj_mac.num obj_mac.h
+!  */
+! 
+  /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
+   * All rights reserved.
+   *
+***************
+*** 172,182 ****
+   * [including the GNU Public Licence.]
+   */
+  
+- /* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the
+-  * following command:
+-  * perl objects.pl objects.txt obj_mac.num obj_mac.h
+-  */
+- 
+  #define SN_undef			"UNDEF"
+  #define LN_undef			"undefined"
+  #define NID_undef			0
+--- 178,183 ----
+***************
+*** 207,212 ****
+--- 208,215 ----
+  	if (!($a[0] =~ /^[0-9]+$/))
+  		{
+  		$a[0] =~ s/-/_/g;
++ 		if (!defined($obj{$a[0]}))
++ 			{ die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; }
+  		$pref_oid = "OBJ_" . $a[0];
+  		$pref_sep = ",";
+  		shift @a;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/objects.txt ../RELENG_4_6/crypto/openssl/crypto/objects/objects.txt
+*** crypto/openssl/crypto/objects/objects.txt	Sun Nov 26 06:33:43 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/objects.txt	Fri Nov 15 06:18:05 2002
+***************
+*** 1,7 ****
+--- 1,13 ----
+  1			: ISO			: iso
+  
++ 2			: JOINT-ISO-CCITT	: joint-iso-ccitt
++ 
+  iso 2			: member-body		: ISO Member Body
+  
++ joint-iso-ccitt 5 1 5	: selected-attribute-types	: Selected Attribute Types
++ 
++ selected-attribute-types 55	: clearance
++ 
+  member-body 840		: ISO-US		: ISO US Member Body
+  ISO-US 10040		: X9-57			: X9.57
+  X9-57 4			: X9cm			: X9.57 CM ?
+***************
+*** 26,31 ****
+--- 32,38 ----
+  pkcs 1			: pkcs1
+  pkcs1 1			:			: rsaEncryption
+  pkcs1 2			: RSA-MD2		: md2WithRSAEncryption
++ pkcs1 3			: RSA-MD4		: md4WithRSAEncryption
+  pkcs1 4			: RSA-MD5		: md5WithRSAEncryption
+  pkcs1 5			: RSA-SHA1		: sha1WithRSAEncryption
+  
+***************
+*** 239,244 ****
+--- 246,255 ----
+  1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
+  !Cname ms-efs
+  1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
++ !Cname ms-smartcard-login
++ 1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
++ !Cname ms-upn
++ 1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name
+  
+  1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
+  			: IDEA-ECB		: idea-ecb
+***************
+*** 302,307 ****
+--- 313,321 ----
+  id-pe 7			: sbqp-ipAddrBlock
+  id-pe 8			: sbqp-autonomousSysNum
+  id-pe 9			: sbqp-routerIdentifier
++ id-pe 10		: ac-proxying
++ !Cname sinfo-access
++ id-pe 11		: subjectInfoAccess	: Subject Information Access
+  
+  # PKIX policyQualifiers for Internet policy qualifiers
+  id-qt 1			: id-qt-cps		: Policy Qualifier CPS
+***************
+*** 396,412 ****
+  # personal data attributes
+  id-pda 1		: id-pda-dateOfBirth
+  id-pda 2		: id-pda-placeOfBirth
+! id-pda 3		: id-pda-pseudonym
+! id-pda 4		: id-pda-gender
+! id-pda 5		: id-pda-countryOfCitizenship
+! id-pda 6		: id-pda-countryOfResidence
+  
+  # attribute certificate attributes
+  id-aca 1		: id-aca-authenticationInfo
+  id-aca 2		: id-aca-accessIdentity
+  id-aca 3		: id-aca-chargingIdentity
+  id-aca 4		: id-aca-group
+  id-aca 5		: id-aca-role
+  
+  # qualified certificate statements
+  id-qcs 1		: id-qcs-pkixQCSyntax-v1
+--- 410,427 ----
+  # personal data attributes
+  id-pda 1		: id-pda-dateOfBirth
+  id-pda 2		: id-pda-placeOfBirth
+! id-pda 3		: id-pda-gender
+! id-pda 4		: id-pda-countryOfCitizenship
+! id-pda 5		: id-pda-countryOfResidence
+  
+  # attribute certificate attributes
+  id-aca 1		: id-aca-authenticationInfo
+  id-aca 2		: id-aca-accessIdentity
+  id-aca 3		: id-aca-chargingIdentity
+  id-aca 4		: id-aca-group
++ # attention : the following seems to be obsolete, replace by 'role'
+  id-aca 5		: id-aca-role
++ id-aca 6		: id-aca-encAttrs
+  
+  # qualified certificate statements
+  id-qcs 1		: id-qcs-pkixQCSyntax-v1
+***************
+*** 496,503 ****
+  X509 41			: name			: name
+  X509 42			: G			: givenName
+  X509 43			: I			: initials
+! X509 45			: UID			: uniqueIdentifier
+  X509 46			: dnQualifier		: dnQualifier
+  
+  X500 8			: X500algorithms	: directory services - algorithms
+  X500algorithms 1 1	: RSA			: rsa
+--- 511,519 ----
+  X509 41			: name			: name
+  X509 42			: G			: givenName
+  X509 43			: I			: initials
+! X509 45			: 			: uniqueIdentifier
+  X509 46			: dnQualifier		: dnQualifier
++ X509 72			: role			: role
+  
+  X500 8			: X500algorithms	: directory services - algorithms
+  X500algorithms 1 1	: RSA			: rsa
+***************
+*** 531,538 ****
+--- 547,560 ----
+  id-ce 32		: certificatePolicies	: X509v3 Certificate Policies
+  !Cname authority-key-identifier
+  id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
++ !Cname policy-constraints
++ id-ce 36		: policyConstraints	: X509v3 Policy Constraints
+  !Cname ext-key-usage
+  id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
++ !Cname target-information
++ id-ce 55		: targetInformation	: X509v3 AC Targeting
++ !Cname no-rev-avail
++ id-ce 56		: noRevAvail		: X509v3 No Revocation Available
+  
+  !Cname netscape
+  2 16 840 1 113730	: Netscape		: Netscape Communications Corp.
+***************
+*** 575,584 ****
+  internet 6		: snmpv2		: SNMPv2
+  internet 7		: mail			: Mail
+  
+! private 1		: enterprises		: Enterprises
+  
+  # RFC 2247
+! enterprises 1466 344	: dcobject		: dcObject
+  
+  # Stray OIDs we don't know the full name of each step for
+  # RFC 2247
+--- 597,606 ----
+  internet 6		: snmpv2		: SNMPv2
+  internet 7		: mail			: Mail
+  
+! Private 1		: enterprises		: Enterprises
+  
+  # RFC 2247
+! Enterprises 1466 344	: dcobject		: dcObject
+  
+  # Stray OIDs we don't know the full name of each step for
+  # RFC 2247
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslconf.h ../RELENG_4_6/crypto/openssl/crypto/opensslconf.h
+*** crypto/openssl/crypto/opensslconf.h	Sun Aug 20 04:46:04 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/opensslconf.h	Wed Feb 19 21:57:33 2003
+***************
+*** 6,19 ****
+     /* no ciphers excluded */
+  #endif
+  #ifdef OPENSSL_THREAD_DEFINES
+  #endif
+  #ifdef OPENSSL_OTHER_DEFINES
+  #endif
+  
+  /* crypto/opensslconf.h.in */
+  
+  /* Generate 80386 code? */
+! #undef I386_ONLY
+  
+  #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+  #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+--- 6,28 ----
+     /* no ciphers excluded */
+  #endif
+  #ifdef OPENSSL_THREAD_DEFINES
++ # ifndef THREADS
++ #  define THREADS
++ # endif
+  #endif
+  #ifdef OPENSSL_OTHER_DEFINES
++ # ifndef DSO_DLFCN
++ #  define DSO_DLFCN
++ # endif
++ # ifndef HAVE_DLFCN_H
++ #  define HAVE_DLFCN_H
++ # endif
+  #endif
+  
+  /* crypto/opensslconf.h.in */
+  
+  /* Generate 80386 code? */
+! #define I386_ONLY
+  
+  #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+  #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+***************
+*** 66,72 ****
+  
+  #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+  #define CONFIG_HEADER_BN_H
+! #undef BN_LLONG
+  
+  /* Should we define BN_DIV2W here? */
+  
+--- 75,81 ----
+  
+  #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+  #define CONFIG_HEADER_BN_H
+! #define BN_LLONG
+  
+  /* Should we define BN_DIV2W here? */
+  
+***************
+*** 85,91 ****
+  #define CONFIG_HEADER_RC4_LOCL_H
+  /* if this is defined data[i] is used instead of *data, this is a %20
+   * speedup on x86 */
+! #undef RC4_INDEX
+  #endif
+  
+  #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+--- 94,100 ----
+  #define CONFIG_HEADER_RC4_LOCL_H
+  /* if this is defined data[i] is used instead of *data, this is a %20
+   * speedup on x86 */
+! #define RC4_INDEX
+  #endif
+  
+  #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+***************
+*** 99,112 ****
+  /* the following is tweaked from a config script, that is why it is a
+   * protected undef/define */
+  #ifndef DES_PTR
+! #undef DES_PTR
+  #endif
+  
+  /* This helps C compiler generate the correct code for multiple functional
+   * units.  It reduces register dependancies at the expense of 2 more
+   * registers */
+  #ifndef DES_RISC1
+! #undef DES_RISC1
+  #endif
+  
+  #ifndef DES_RISC2
+--- 108,121 ----
+  /* the following is tweaked from a config script, that is why it is a
+   * protected undef/define */
+  #ifndef DES_PTR
+! #define DES_PTR
+  #endif
+  
+  /* This helps C compiler generate the correct code for multiple functional
+   * units.  It reduces register dependancies at the expense of 2 more
+   * registers */
+  #ifndef DES_RISC1
+! #define DES_RISC1
+  #endif
+  
+  #ifndef DES_RISC2
+***************
+*** 120,126 ****
+  /* Unroll the inner loop, this sometimes helps, sometimes hinders.
+   * Very mucy CPU dependant */
+  #ifndef DES_UNROLL
+! #undef DES_UNROLL
+  #endif
+  
+  /* These default values were supplied by
+--- 129,135 ----
+  /* Unroll the inner loop, this sometimes helps, sometimes hinders.
+   * Very mucy CPU dependant */
+  #ifndef DES_UNROLL
+! #define DES_UNROLL
+  #endif
+  
+  /* These default values were supplied by
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslv.h ../RELENG_4_6/crypto/openssl/crypto/opensslv.h
+*** crypto/openssl/crypto/opensslv.h	Wed Jul  4 19:19:11 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/opensslv.h	Wed Feb 19 07:34:21 2003
+***************
+*** 2,8 ****
+  #define HEADER_OPENSSLV_H
+  
+  /* Numeric release version identifier:
+!  * MMNNFFPPS: major minor fix patch status
+   * The status nibble has one of the values 0 for development, 1 to e for betas
+   * 1 to 14, and f for release.  The patch level is exactly that.
+   * For example:
+--- 2,8 ----
+  #define HEADER_OPENSSLV_H
+  
+  /* Numeric release version identifier:
+!  * MNNFFPPS: major minor fix patch status
+   * The status nibble has one of the values 0 for development, 1 to e for betas
+   * 1 to 14, and f for release.  The patch level is exactly that.
+   * For example:
+***************
+*** 25,32 ****
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090601fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6a 5 Apr 2001"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+--- 25,32 ----
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090609fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6i Feb 19 2003"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+***************
+*** 44,56 ****
+   *
+   *	libcrypto.so.0
+   *
+!  * On True64 it works a little bit differently.  There, the shared library
+!  * version is stored in the file, and is actually a series of versions,
+!  * separated by colons.  The rightmost version present in the library when
+!  * linking an application is stored in the application to be matched at
+!  * run time.  When the application is run, a check is done to see if the
+!  * library version stored in the application matches any of the versions
+!  * in the version string of the library itself.
+   * This version string can be constructed in any way, depending on what
+   * kind of matching is desired.  However, to implement the same scheme as
+   * the one used in the other unixen, all compatible versions, from lowest
+--- 44,56 ----
+   *
+   *	libcrypto.so.0
+   *
+!  * On Tru64 and IRIX 6.x it works a little bit differently.  There, the
+!  * shared library version is stored in the file, and is actually a series
+!  * of versions, separated by colons.  The rightmost version present in the
+!  * library when linking an application is stored in the application to be
+!  * matched at run time.  When the application is run, a check is done to
+!  * see if the library version stored in the application matches any of the
+!  * versions in the version string of the library itself.
+   * This version string can be constructed in any way, depending on what
+   * kind of matching is desired.  However, to implement the same scheme as
+   * the one used in the other unixen, all compatible versions, from lowest
+***************
+*** 73,79 ****
+   * However, it's nice and more understandable if it actually does.
+   * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+   * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+!  * For the sake of True64 and any other OS that behaves in similar ways,
+   * we need to keep a history of version numbers, which is done in the
+   * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
+   * should only keep the versions that are binary compatible with the current.
+--- 73,79 ----
+   * However, it's nice and more understandable if it actually does.
+   * The current library version is stored in the macro SHLIB_VERSION_NUMBER,
+   * which is just a piece of text in the format "M.m.e" (Major, minor, edit).
+!  * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways,
+   * we need to keep a history of version numbers, which is done in the
+   * macro SHLIB_VERSION_HISTORY.  The numbers are separated by colons and
+   * should only keep the versions that are binary compatible with the current.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/pem/Makefile.save
+*** crypto/openssl/crypto/pem/Makefile.save	Sun Nov 26 06:33:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,203 ****
+- #
+- # SSLeay/crypto/pem/Makefile
+- #
+- 
+- DIR=	pem
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
+- 
+- LIBOBJ=	pem_sign.o pem_seal.o pem_info.o pem_lib.o pem_all.o pem_err.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= pem.h pem2.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links: $(EXHEADER)
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- pem_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pem_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pem_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- pem_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- pem_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- pem_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- pem_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- pem_all.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- pem_all.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- pem_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pem_all.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- pem_all.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- pem_all.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+- pem_all.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- pem_all.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- pem_all.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- pem_all.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- pem_all.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- pem_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- pem_all.o: ../cryptlib.h
+- pem_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pem_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pem_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- pem_err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- pem_err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- pem_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- pem_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- pem_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- pem_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+- pem_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+- pem_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- pem_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+- pem_err.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+- pem_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- pem_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- pem_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- pem_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- pem_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- pem_err.o: ../../include/openssl/x509_vfy.h
+- pem_info.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pem_info.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pem_info.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- pem_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- pem_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- pem_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- pem_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- pem_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- pem_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- pem_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pem_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- pem_info.o: ../../include/openssl/opensslconf.h
+- pem_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+- pem_info.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+- pem_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- pem_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- pem_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- pem_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- pem_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- pem_info.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- pem_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pem_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pem_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- pem_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- pem_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- pem_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- pem_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- pem_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- pem_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- pem_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pem_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- pem_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- pem_lib.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+- pem_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+- pem_lib.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+- pem_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- pem_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- pem_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- pem_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- pem_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- pem_lib.o: ../cryptlib.h
+- pem_seal.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pem_seal.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pem_seal.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- pem_seal.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- pem_seal.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- pem_seal.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- pem_seal.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- pem_seal.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- pem_seal.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- pem_seal.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pem_seal.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- pem_seal.o: ../../include/openssl/opensslconf.h
+- pem_seal.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+- pem_seal.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+- pem_seal.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+- pem_seal.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- pem_seal.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- pem_seal.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- pem_seal.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- pem_seal.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- pem_seal.o: ../cryptlib.h
+- pem_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pem_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pem_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- pem_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- pem_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- pem_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- pem_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- pem_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- pem_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- pem_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pem_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- pem_sign.o: ../../include/openssl/opensslconf.h
+- pem_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+- pem_sign.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+- pem_sign.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+- pem_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- pem_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- pem_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- pem_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- pem_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- pem_sign.o: ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/pem/Makefile.ssl
+*** crypto/openssl/crypto/pem/Makefile.ssl	Wed Jul  4 19:19:30 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/Makefile.ssl	Wed Oct  9 09:14:42 2002
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem.h ../RELENG_4_6/crypto/openssl/crypto/pem/pem.h
+*** crypto/openssl/crypto/pem/pem.h	Sun Nov 26 06:33:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/pem.h	Mon Dec 17 14:24:02 2001
+***************
+*** 524,531 ****
+  int	PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
+  		unsigned int *siglen, EVP_PKEY *pkey);
+  
+- void	ERR_load_PEM_strings(void);
+- 
+  void	PEM_proc_type(char *buf, int type);
+  void	PEM_dek_info(char *buf, const char *type, int len, char *str);
+  
+--- 524,529 ----
+***************
+*** 614,619 ****
+--- 612,618 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_PEM_strings(void);
+  
+  /* Error codes for the PEM functions. */
+  
+***************
+*** 664,667 ****
+  }
+  #endif
+  #endif
+- 
+--- 663,665 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem2.h ../RELENG_4_6/crypto/openssl/crypto/pem/pem2.h
+*** crypto/openssl/crypto/pem/pem2.h	Sun Nov 26 06:33:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/pem2.h	Thu Jun 27 13:06:52 2002
+***************
+*** 61,67 ****
+--- 61,69 ----
+  extern "C" {
+  #endif
+  
++ #ifndef HEADER_PEM_H
+  void ERR_load_PEM_strings(void);
++ #endif
+  
+  #ifdef __cplusplus
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_info.c ../RELENG_4_6/crypto/openssl/crypto/pem/pem_info.c
+*** crypto/openssl/crypto/pem/pem_info.c	Wed Jul  4 19:19:31 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/pem_info.c	Thu Nov 28 03:06:02 2002
+***************
+*** 326,332 ****
+  			/* create the right magic header stuff */
+  			buf[0]='\0';
+  			PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+! 			PEM_dek_info(buf,objstr,8,(char *)iv);
+  
+  			/* use the normal code to write things out */
+  			i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
+--- 326,332 ----
+  			/* create the right magic header stuff */
+  			buf[0]='\0';
+  			PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+! 			PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
+  
+  			/* use the normal code to write things out */
+  			i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i);
+***************
+*** 346,352 ****
+  		}
+  
+  	/* if we have a certificate then write it out now */
+! 	if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0))
+  		goto err;
+  
+  	/* we are ignoring anything else that is loaded into the X509_INFO
+--- 346,352 ----
+  		}
+  
+  	/* if we have a certificate then write it out now */
+! 	if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0))
+  		goto err;
+  
+  	/* we are ignoring anything else that is loaded into the X509_INFO
+***************
+*** 358,364 ****
+  	ret=1;
+  
+  err:
+! 	memset((char *)&ctx,0,sizeof(ctx));
+! 	memset(buf,0,PEM_BUFSIZE);
+  	return(ret);
+  	}
+--- 358,364 ----
+  	ret=1;
+  
+  err:
+! 	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+! 	OPENSSL_cleanse(buf,PEM_BUFSIZE);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_lib.c ../RELENG_4_6/crypto/openssl/crypto/pem/pem_lib.c
+*** crypto/openssl/crypto/pem/pem_lib.c	Sun Nov 26 06:33:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/pem_lib.c	Fri Nov 29 06:31:14 2002
+***************
+*** 258,263 ****
+--- 258,264 ----
+  			PKCS8_PRIV_KEY_INFO *p8inf;
+  			p8inf=d2i_PKCS8_PRIV_KEY_INFO(
+  					(PKCS8_PRIV_KEY_INFO **) x, &p, len);
++ 			if(!p8inf) goto p8err;
+  			ret = (char *)EVP_PKCS82PKEY(p8inf);
+  			PKCS8_PRIV_KEY_INFO_free(p8inf);
+  		} else if (strcmp(nm,PEM_STRING_PKCS8) == 0) {
+***************
+*** 373,389 ****
+  			kstr=(unsigned char *)buf;
+  			}
+  		RAND_add(data,i,0);/* put in the RSA key. */
+! 		if (RAND_pseudo_bytes(iv,8) < 0)	/* Generate a salt */
+  			goto err;
+  		/* The 'iv' is used as the iv and as a salt.  It is
+  		 * NOT taken from the BytesToKey function */
+  		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+  
+! 		if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+  
+  		buf[0]='\0';
+  		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+! 		PEM_dek_info(buf,objstr,8,(char *)iv);
+  		/* k=strlen(buf); */
+  	
+  		EVP_EncryptInit(&ctx,enc,key,iv);
+--- 374,390 ----
+  			kstr=(unsigned char *)buf;
+  			}
+  		RAND_add(data,i,0);/* put in the RSA key. */
+! 		if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */
+  			goto err;
+  		/* The 'iv' is used as the iv and as a salt.  It is
+  		 * NOT taken from the BytesToKey function */
+  		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+  
+! 		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
+  
+  		buf[0]='\0';
+  		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+! 		PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv);
+  		/* k=strlen(buf); */
+  	
+  		EVP_EncryptInit(&ctx,enc,key,iv);
+***************
+*** 400,411 ****
+  	i=PEM_write_bio(bp,name,buf,data,i);
+  	if (i <= 0) ret=0;
+  err:
+! 	memset(key,0,sizeof(key));
+! 	memset(iv,0,sizeof(iv));
+! 	memset((char *)&ctx,0,sizeof(ctx));
+! 	memset(buf,0,PEM_BUFSIZE);
+! 	memset(data,0,(unsigned int)dsize);
+! 	OPENSSL_free(data);
+  	return(ret);
+  	}
+  
+--- 401,415 ----
+  	i=PEM_write_bio(bp,name,buf,data,i);
+  	if (i <= 0) ret=0;
+  err:
+! 	OPENSSL_cleanse(key,sizeof(key));
+! 	OPENSSL_cleanse(iv,sizeof(iv));
+! 	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+! 	OPENSSL_cleanse(buf,PEM_BUFSIZE);
+! 	if (data != NULL)
+! 		{
+! 		OPENSSL_cleanse(data,(unsigned int)dsize);
+! 		OPENSSL_free(data);
+! 		}
+  	return(ret);
+  	}
+  
+***************
+*** 443,450 ****
+  	EVP_DecryptUpdate(&ctx,data,&i,data,j);
+  	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+  	EVP_CIPHER_CTX_cleanup(&ctx);
+! 	memset((char *)buf,0,sizeof(buf));
+! 	memset((char *)key,0,sizeof(key));
+  	j+=i;
+  	if (!o)
+  		{
+--- 447,454 ----
+  	EVP_DecryptUpdate(&ctx,data,&i,data,j);
+  	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+  	EVP_CIPHER_CTX_cleanup(&ctx);
+! 	OPENSSL_cleanse((char *)buf,sizeof(buf));
+! 	OPENSSL_cleanse((char *)key,sizeof(key));
+  	j+=i;
+  	if (!o)
+  		{
+***************
+*** 506,512 ****
+  		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
+  		return(0);
+  		}
+! 	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0);
+  
+  	return(1);
+  	}
+--- 510,516 ----
+  		PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION);
+  		return(0);
+  		}
+! 	if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0);
+  
+  	return(1);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_seal.c ../RELENG_4_6/crypto/openssl/crypto/pem/pem_seal.c
+*** crypto/openssl/crypto/pem/pem_seal.c	Sun Nov 26 06:33:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/pem_seal.c	Thu Nov 28 03:06:03 2002
+***************
+*** 109,115 ****
+  	ret=npubk;
+  err:
+  	if (s != NULL) OPENSSL_free(s);
+! 	memset(key,0,EVP_MAX_KEY_LENGTH);
+  	return(ret);
+  	}
+  
+--- 109,115 ----
+  	ret=npubk;
+  err:
+  	if (s != NULL) OPENSSL_free(s);
+! 	OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/perlasm/x86nasm.pl ../RELENG_4_6/crypto/openssl/crypto/perlasm/x86nasm.pl
+*** crypto/openssl/crypto/perlasm/x86nasm.pl	Mon Jan 10 01:21:45 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/perlasm/x86nasm.pl	Thu Jun 27 10:54:48 2002
+***************
+*** 209,215 ****
+  
+  sub main'file
+  	{
+! 	push(@out, "segment .text\n");
+  	}
+  
+  sub main'function_begin
+--- 209,215 ----
+  
+  sub main'file
+  	{
+! 	push(@out, "segment .text use32\n");
+  	}
+  
+  sub main'function_begin
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/perlasm/x86unix.pl ../RELENG_4_6/crypto/openssl/crypto/perlasm/x86unix.pl
+*** crypto/openssl/crypto/perlasm/x86unix.pl	Sun Aug 20 04:46:31 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/perlasm/x86unix.pl	Mon Jun  4 12:34:39 2001
+***************
+*** 79,85 ****
+  	local($addr,$reg1,$reg2,$idx)=@_;
+  
+  	$ret="";
+! 	$addr =~ s/(^|[+ \t])([A-Za-z_]+)($|[+ \t])/$1$under$2$3/;
+  	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+  	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+  	$ret.=$addr if ($addr ne "") && ($addr ne 0);
+--- 79,85 ----
+  	local($addr,$reg1,$reg2,$idx)=@_;
+  
+  	$ret="";
+! 	$addr =~ s/(^|[+ \t])([A-Za-z_]+[A-Za-z0-9_]+)($|[+ \t])/$1$under$2$3/;
+  	$reg1="$regs{$reg1}" if defined($regs{$reg1});
+  	$reg2="$regs{$reg2}" if defined($regs{$reg2});
+  	$ret.=$addr if ($addr ne "") && ($addr ne 0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/pkcs12/Makefile.save
+*** crypto/openssl/crypto/pkcs12/Makefile.save	Sun Aug 20 04:48:43 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,363 ****
+- #
+- # SSLeay/crypto/pkcs12/Makefile
+- #
+- 
+- DIR=	pkcs12
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC= p12_add.c p12_attr.c p12_bags.c p12_crpt.c p12_crt.c p12_decr.c \
+- 	p12_init.c p12_key.c p12_kiss.c p12_lib.c p12_mac.c p12_mutl.c\
+- 	p12_sbag.c p12_utl.c p12_npas.c pk12err.c
+- LIBOBJ= p12_add.o p12_attr.o p12_bags.o p12_crpt.o p12_crt.o p12_decr.o \
+- 	p12_init.o p12_key.o p12_kiss.o p12_lib.o p12_mac.o p12_mutl.o\
+- 	p12_sbag.o p12_utl.o p12_npas.o pk12err.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER=  pkcs12.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- test:
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- p12_add.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_add.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_add.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p12_add.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p12_add.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p12_add.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p12_add.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_add.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- p12_add.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p12_add.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p12_add.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_add.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_add.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_add.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_add.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_add.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_add.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p12_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_attr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p12_attr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p12_attr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p12_attr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p12_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_attr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- p12_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p12_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p12_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_attr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_attr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_attr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_attr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_attr.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_attr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p12_bags.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p12_bags.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p12_bags.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p12_bags.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p12_bags.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p12_bags.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p12_bags.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p12_bags.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p12_bags.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- p12_bags.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- p12_bags.o: ../../include/openssl/opensslconf.h
+- p12_bags.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_bags.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_bags.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_bags.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_bags.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_bags.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_bags.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p12_crpt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_crpt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p12_crpt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p12_crpt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p12_crpt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p12_crpt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_crpt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- p12_crpt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p12_crpt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p12_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_crpt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_crpt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_crpt.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p12_crt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_crt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_crt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p12_crt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p12_crt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p12_crt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p12_crt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_crt.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- p12_crt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p12_crt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p12_crt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_crt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_crt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_crt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_crt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_crt.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_crt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p12_decr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_decr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_decr.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p12_decr.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p12_decr.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p12_decr.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p12_decr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_decr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- p12_decr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p12_decr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p12_decr.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_decr.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_decr.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_decr.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_decr.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_decr.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_decr.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p12_init.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_init.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_init.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p12_init.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p12_init.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p12_init.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p12_init.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_init.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- p12_init.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p12_init.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p12_init.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_init.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_init.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_init.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_init.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_init.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_init.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p12_key.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_key.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_key.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p12_key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p12_key.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p12_key.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p12_key.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_key.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- p12_key.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p12_key.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p12_key.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_key.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_key.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_key.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_key.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_key.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_key.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p12_kiss.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_kiss.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_kiss.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p12_kiss.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p12_kiss.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p12_kiss.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p12_kiss.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_kiss.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- p12_kiss.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p12_kiss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p12_kiss.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_kiss.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_kiss.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_kiss.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_kiss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_kiss.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_kiss.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p12_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p12_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p12_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p12_lib.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p12_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p12_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p12_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p12_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p12_lib.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- p12_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- p12_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- p12_lib.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+- p12_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p12_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p12_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p12_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p12_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- p12_lib.o: ../cryptlib.h
+- p12_mac.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p12_mac.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p12_mac.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p12_mac.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p12_mac.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p12_mac.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p12_mac.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p12_mac.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p12_mac.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- p12_mac.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- p12_mac.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- p12_mac.o: ../../include/openssl/pkcs12.h ../../include/openssl/pkcs7.h
+- p12_mac.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p12_mac.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p12_mac.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p12_mac.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p12_mac.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- p12_mac.o: ../cryptlib.h
+- p12_mutl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_mutl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_mutl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p12_mutl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p12_mutl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p12_mutl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p12_mutl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_mutl.o: ../../include/openssl/hmac.h ../../include/openssl/idea.h
+- p12_mutl.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- p12_mutl.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- p12_mutl.o: ../../include/openssl/opensslconf.h
+- p12_mutl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_mutl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
+- p12_mutl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- p12_mutl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- p12_mutl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- p12_mutl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- p12_mutl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- p12_mutl.o: ../cryptlib.h
+- p12_npas.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_npas.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_npas.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p12_npas.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p12_npas.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+- p12_npas.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_npas.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- p12_npas.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p12_npas.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p12_npas.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+- p12_npas.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs12.h
+- p12_npas.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_npas.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_npas.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_npas.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_npas.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_npas.o: ../../include/openssl/x509_vfy.h
+- p12_sbag.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- p12_sbag.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- p12_sbag.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- p12_sbag.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- p12_sbag.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- p12_sbag.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- p12_sbag.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- p12_sbag.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- p12_sbag.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- p12_sbag.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- p12_sbag.o: ../../include/openssl/opensslconf.h
+- p12_sbag.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_sbag.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_sbag.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_sbag.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_sbag.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_sbag.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_sbag.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- p12_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- p12_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- p12_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- p12_utl.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- p12_utl.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- p12_utl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- p12_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- p12_utl.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- p12_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- p12_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- p12_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- p12_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- p12_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- p12_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- p12_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- p12_utl.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- p12_utl.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- pk12err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pk12err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pk12err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- pk12err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- pk12err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+- pk12err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- pk12err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- pk12err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pk12err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- pk12err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs12.h
+- pk12err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- pk12err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- pk12err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- pk12err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- pk12err.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- pk12err.o: ../../include/openssl/x509_vfy.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/pkcs12/Makefile.ssl
+*** crypto/openssl/crypto/pkcs12/Makefile.ssl	Wed Jul  4 19:19:31 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/Makefile.ssl	Wed Oct  9 09:14:49 2002
+***************
+*** 74,80 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 74,80 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_crpt.c ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_crpt.c
+*** crypto/openssl/crypto/pkcs12/p12_crpt.c	Sun Aug 20 04:46:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_crpt.c	Thu Nov 28 03:06:08 2002
+***************
+*** 118,124 ****
+  	}
+  	PBEPARAM_free(pbe);
+  	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+! 	memset(key, 0, EVP_MAX_KEY_LENGTH);
+! 	memset(iv, 0, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+--- 118,124 ----
+  	}
+  	PBEPARAM_free(pbe);
+  	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+! 	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+! 	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_decr.c ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_decr.c
+*** crypto/openssl/crypto/pkcs12/p12_decr.c	Sun Nov 26 06:33:45 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_decr.c	Thu Nov 28 03:06:08 2002
+***************
+*** 137,143 ****
+  	if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
+  				free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+  	else ret = d2i(NULL, &p, outlen);
+! 	if (seq & 2) memset(out, 0, outlen);
+  	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+  	OPENSSL_free (out);
+  	return ret;
+--- 137,143 ----
+  	if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
+  				free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+  	else ret = d2i(NULL, &p, outlen);
+! 	if (seq & 2) OPENSSL_cleanse(out, outlen);
+  	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+  	OPENSSL_free (out);
+  	return ret;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_key.c ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_key.c
+*** crypto/openssl/crypto/pkcs12/p12_key.c	Wed Jul  4 19:19:31 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_key.c	Thu Nov 28 03:06:08 2002
+***************
+*** 91,97 ****
+  	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+  						 id, iter, n, out, md_type);
+  	if(unipass) {
+! 		memset(unipass, 0, uniplen);	/* Clear password from memory */
+  		OPENSSL_free(unipass);
+  	}
+  	return ret;
+--- 91,97 ----
+  	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+  						 id, iter, n, out, md_type);
+  	if(unipass) {
+! 		OPENSSL_cleanse(unipass, uniplen);	/* Clear password from memory */
+  		OPENSSL_free(unipass);
+  	}
+  	return ret;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/pkcs12.h ../RELENG_4_6/crypto/openssl/crypto/pkcs12/pkcs12.h
+*** crypto/openssl/crypto/pkcs12/pkcs12.h	Wed Jul  4 19:19:31 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/pkcs12.h	Thu Jun 27 05:54:23 2002
+***************
+*** 141,148 ****
+  #define PKCS12_ERROR	0
+  #define PKCS12_OK	1
+  
+! #define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type)
+! #define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type)
+  #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
+  
+  #define M_PKCS12_x5092certbag(x509) \
+--- 141,148 ----
+  #define PKCS12_ERROR	0
+  #define PKCS12_OK	1
+  
+! #define M_PKCS12_bag_type(bg) OBJ_obj2nid((bg)->type)
+! #define M_PKCS12_cert_bag_type(bg) OBJ_obj2nid((bg)->value.bag->type)
+  #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type
+  
+  #define M_PKCS12_x5092certbag(x509) \
+***************
+*** 267,273 ****
+  PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp,
+  								 long length);
+  void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a);
+- void ERR_load_PKCS12_strings(void);
+  void PKCS12_PBE_add(void);
+  int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert,
+  		 STACK_OF(X509) **ca);
+--- 267,272 ----
+***************
+*** 284,289 ****
+--- 283,289 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_PKCS12_strings(void);
+  
+  /* Error codes for the PKCS12 functions. */
+  
+***************
+*** 342,345 ****
+  }
+  #endif
+  #endif
+- 
+--- 342,344 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/pkcs7/Makefile.save
+*** crypto/openssl/crypto/pkcs7/Makefile.save	Sun Aug 20 04:48:43 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,202 ****
+- #
+- # SSLeay/crypto/pkcs7/Makefile
+- #
+- 
+- DIR=	pkcs7
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- PEX_LIBS=
+- EX_LIBS=
+-  
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile README
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=	pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c pk7_mime.c
+- LIBOBJ= pk7_lib.o pkcs7err.o pk7_doit.o pk7_smime.o pk7_attr.o pk7_mime.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER=  pkcs7.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- test:
+- 
+- all:	lib
+- 
+- testapps: enc dec sign verify
+- 
+- enc: enc.o lib
+- 	$(CC) $(CFLAGS) -o enc enc.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+- 
+- dec: dec.o lib
+- 	$(CC) $(CFLAGS) -o dec dec.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+- 
+- sign: sign.o lib
+- 	$(CC) $(CFLAGS) -o sign sign.o $(PEX_LIBS) $(LIB) $(EX_LIBS)
+- 
+- verify: verify.o example.o lib
+- 	$(CC) $(CFLAGS) -o verify verify.o $(PEX_LIBS) example.o $(LIB) $(EX_LIBS)
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff enc dec sign verify
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- pk7_attr.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pk7_attr.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pk7_attr.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- pk7_attr.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- pk7_attr.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+- pk7_attr.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- pk7_attr.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- pk7_attr.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pk7_attr.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- pk7_attr.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+- pk7_attr.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+- pk7_attr.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- pk7_attr.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- pk7_attr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- pk7_attr.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- pk7_attr.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- pk7_doit.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pk7_doit.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pk7_doit.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- pk7_doit.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- pk7_doit.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+- pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- pk7_doit.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- pk7_doit.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- pk7_doit.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- pk7_doit.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+- pk7_doit.o: ../cryptlib.h
+- pk7_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pk7_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pk7_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- pk7_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- pk7_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- pk7_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- pk7_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- pk7_lib.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- pk7_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pk7_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- pk7_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- pk7_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- pk7_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- pk7_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- pk7_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- pk7_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- pk7_lib.o: ../cryptlib.h
+- pk7_mime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pk7_mime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pk7_mime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- pk7_mime.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- pk7_mime.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- pk7_mime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- pk7_mime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- pk7_mime.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- pk7_mime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pk7_mime.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- pk7_mime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- pk7_mime.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+- pk7_mime.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- pk7_mime.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- pk7_mime.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- pk7_mime.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- pk7_mime.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- pk7_smime.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pk7_smime.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pk7_smime.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- pk7_smime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- pk7_smime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pk7_smime.o: ../../include/openssl/objects.h
+- pk7_smime.o: ../../include/openssl/opensslconf.h
+- pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- pk7_smime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- pk7_smime.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- pk7_smime.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- pk7_smime.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- pk7_smime.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- pk7_smime.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- pkcs7err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- pkcs7err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- pkcs7err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- pkcs7err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- pkcs7err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+- pkcs7err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- pkcs7err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- pkcs7err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- pkcs7err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- pkcs7err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- pkcs7err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- pkcs7err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- pkcs7err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- pkcs7err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- pkcs7err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/pkcs7/Makefile.ssl
+*** crypto/openssl/crypto/pkcs7/Makefile.ssl	Wed Jul  4 19:19:32 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/Makefile.ssl	Wed Oct  9 09:14:54 2002
+***************
+*** 87,93 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 87,93 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 123,135 ****
+  pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  pk7_doit.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! pk7_doit.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! pk7_doit.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! pk7_doit.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! pk7_doit.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! pk7_doit.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! pk7_doit.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! pk7_doit.o: ../../include/openssl/opensslconf.h
+  pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+  pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+--- 123,134 ----
+  pk7_doit.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  pk7_doit.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  pk7_doit.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! pk7_doit.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! pk7_doit.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! pk7_doit.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! pk7_doit.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! pk7_doit.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! pk7_doit.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  pk7_doit.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  pk7_doit.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
+  pk7_doit.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+***************
+*** 183,194 ****
+  pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  pk7_smime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! pk7_smime.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! pk7_smime.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! pk7_smime.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! pk7_smime.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! pk7_smime.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! pk7_smime.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+  pk7_smime.o: ../../include/openssl/opensslconf.h
+  pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  pk7_smime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+--- 182,193 ----
+  pk7_smime.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  pk7_smime.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  pk7_smime.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! pk7_smime.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! pk7_smime.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! pk7_smime.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! pk7_smime.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! pk7_smime.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! pk7_smime.o: ../../include/openssl/objects.h
+  pk7_smime.o: ../../include/openssl/opensslconf.h
+  pk7_smime.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  pk7_smime.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/README ../RELENG_4_6/crypto/openssl/crypto/pkcs7/README
+*** crypto/openssl/crypto/pkcs7/README	Mon Jan 10 01:21:47 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/README	Wed Dec 31 19:00:00 1969
+***************
+*** 1,5 ****
+- WARNING
+- 
+- Everything in this directory is experimental and is subject to change.
+- 
+- Do not rely on the stuff in here not changing in the next release
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/bio_ber.c ../RELENG_4_6/crypto/openssl/crypto/pkcs7/bio_ber.c
+*** crypto/openssl/crypto/pkcs7/bio_ber.c	Sun Nov 26 06:33:47 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/bio_ber.c	Thu Nov 28 03:06:12 2002
+***************
+*** 145,151 ****
+  
+  	if (a == NULL) return(0);
+  	b=(BIO_BER_CTX *)a->ptr;
+! 	memset(a->ptr,0,sizeof(BIO_BER_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 145,151 ----
+  
+  	if (a == NULL) return(0);
+  	b=(BIO_BER_CTX *)a->ptr;
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/pk7_attr.c ../RELENG_4_6/crypto/openssl/crypto/pkcs7/pk7_attr.c
+*** crypto/openssl/crypto/pkcs7/pk7_attr.c	Sun Nov 26 06:33:47 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/pk7_attr.c	Sat Sep  8 08:16:24 2001
+***************
+*** 1,9 ****
+  /* pk7_attr.c */
+! /* S/MIME code.
+!  * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com) 
+!  * All Rights Reserved. 
+!  * Redistribution of this code without the authors permission is expressly
+!  * prohibited.
+   */
+  
+  #include <stdio.h>
+--- 1,59 ----
+  /* pk7_attr.c */
+! /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+!  * project 2001.
+!  */
+! /* ====================================================================
+!  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+!  *
+!  * Redistribution and use in source and binary forms, with or without
+!  * modification, are permitted provided that the following conditions
+!  * are met:
+!  *
+!  * 1. Redistributions of source code must retain the above copyright
+!  *    notice, this list of conditions and the following disclaimer. 
+!  *
+!  * 2. Redistributions in binary form must reproduce the above copyright
+!  *    notice, this list of conditions and the following disclaimer in
+!  *    the documentation and/or other materials provided with the
+!  *    distribution.
+!  *
+!  * 3. All advertising materials mentioning features or use of this
+!  *    software must display the following acknowledgment:
+!  *    "This product includes software developed by the OpenSSL Project
+!  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+!  *
+!  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+!  *    endorse or promote products derived from this software without
+!  *    prior written permission. For written permission, please contact
+!  *    licensing@OpenSSL.org.
+!  *
+!  * 5. Products derived from this software may not be called "OpenSSL"
+!  *    nor may "OpenSSL" appear in their names without prior written
+!  *    permission of the OpenSSL Project.
+!  *
+!  * 6. Redistributions of any form whatsoever must retain the following
+!  *    acknowledgment:
+!  *    "This product includes software developed by the OpenSSL Project
+!  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+!  *
+!  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+!  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+!  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+!  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+!  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+!  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+!  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+!  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+!  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+!  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+!  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+!  * OF THE POSSIBILITY OF SUCH DAMAGE.
+!  * ====================================================================
+!  *
+!  * This product includes cryptographic software written by Eric Young
+!  * (eay@cryptsoft.com).  This product includes software written by Tim
+!  * Hudson (tjh@cryptsoft.com).
+!  *
+   */
+  
+  #include <stdio.h>
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/pk7_doit.c ../RELENG_4_6/crypto/openssl/crypto/pkcs7/pk7_doit.c
+*** crypto/openssl/crypto/pkcs7/pk7_doit.c	Wed Jul  4 19:19:32 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/pk7_doit.c	Thu Nov 28 03:06:12 2002
+***************
+*** 67,72 ****
+--- 67,104 ----
+  			 void *value);
+  static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid);
+  
++ static int PKCS7_type_is_other(PKCS7* p7)
++ 	{
++ 	int isOther=1;
++ 	
++ 	int nid=OBJ_obj2nid(p7->type);
++ 
++ 	switch( nid )
++ 		{
++ 	case NID_pkcs7_data:
++ 	case NID_pkcs7_signed:
++ 	case NID_pkcs7_enveloped:
++ 	case NID_pkcs7_signedAndEnveloped:
++ 	case NID_pkcs7_digest:
++ 	case NID_pkcs7_encrypted:
++ 		isOther=0;
++ 		break;
++ 	default:
++ 		isOther=1;
++ 		}
++ 
++ 	return isOther;
++ 
++ 	}
++ 
++ static int PKCS7_type_is_octet_string(PKCS7* p7)
++ 	{
++ 	if ( 0==PKCS7_type_is_other(p7) )
++ 		return 0;
++ 
++ 	return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0;
++ 	}
++ 
+  BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
+  	{
+  	int i,j;
+***************
+*** 209,215 ****
+  			M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+  			}
+  		OPENSSL_free(tmp);
+! 		memset(key, 0, keylen);
+  
+  		if (out == NULL)
+  			out=btmp;
+--- 241,247 ----
+  			M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+  			}
+  		OPENSSL_free(tmp);
+! 		OPENSSL_cleanse(key, keylen);
+  
+  		if (out == NULL)
+  			out=btmp;
+***************
+*** 222,234 ****
+  		if (p7->detached)
+  			bio=BIO_new(BIO_s_null());
+  		else {
+! 			if (PKCS7_type_is_signed(p7) &&
+! 				PKCS7_type_is_data(p7->d.sign->contents)) {
+! 				ASN1_OCTET_STRING *os;
+! 				os=p7->d.sign->contents->d.data;
+! 				if (os->length > 0) bio = 
+! 					BIO_new_mem_buf(os->data, os->length);
+! 			} 
+  			if(bio == NULL) {
+  				bio=BIO_new(BIO_s_mem());
+  				BIO_set_mem_eof_return(bio,0);
+--- 254,273 ----
+  		if (p7->detached)
+  			bio=BIO_new(BIO_s_null());
+  		else {
+! 			if (PKCS7_type_is_signed(p7) ) { 
+! 				if ( PKCS7_type_is_data(p7->d.sign->contents)) {
+! 					ASN1_OCTET_STRING *os;
+! 					os=p7->d.sign->contents->d.data;
+! 					if (os->length > 0)
+! 						bio = BIO_new_mem_buf(os->data, os->length);
+! 				}
+! 				else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) {
+! 					ASN1_OCTET_STRING *os;
+! 					os=p7->d.sign->contents->d.other->value.octet_string;
+! 					if (os->length > 0)
+! 						bio = BIO_new_mem_buf(os->data, os->length);
+! 				}
+! 			}
+  			if(bio == NULL) {
+  				bio=BIO_new(BIO_s_mem());
+  				BIO_set_mem_eof_return(bio,0);
+***************
+*** 409,415 ****
+  		} 
+  		EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+  
+! 		memset(tmp,0,jj);
+  
+  		if (out == NULL)
+  			out=etmp;
+--- 448,454 ----
+  		} 
+  		EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+  
+! 		OPENSSL_cleanse(tmp,jj);
+  
+  		if (out == NULL)
+  			out=etmp;
+***************
+*** 558,568 ****
+  				ASN1_UTCTIME *sign_time;
+  				const EVP_MD *md_tmp;
+  
+! 				/* Add signing time */
+! 				sign_time=X509_gmtime_adj(NULL,0);
+! 				PKCS7_add_signed_attribute(si,
+! 					NID_pkcs9_signingTime,
+! 					V_ASN1_UTCTIME,sign_time);
+  
+  				/* Add digest */
+  				md_tmp=EVP_MD_CTX_md(&ctx_tmp);
+--- 597,611 ----
+  				ASN1_UTCTIME *sign_time;
+  				const EVP_MD *md_tmp;
+  
+! 				/* Add signing time if not already present */
+! 				if (!PKCS7_get_signed_attribute(si,
+! 							NID_pkcs9_signingTime))
+! 					{
+! 					sign_time=X509_gmtime_adj(NULL,0);
+! 					PKCS7_add_signed_attribute(si,
+! 						NID_pkcs9_signingTime,
+! 						V_ASN1_UTCTIME,sign_time);
+! 					}
+  
+  				/* Add digest */
+  				md_tmp=EVP_MD_CTX_md(&ctx_tmp);
+***************
+*** 578,584 ****
+  				x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
+  					   i2d_X509_ATTRIBUTE,
+  					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+! 				pp=(unsigned char *)OPENSSL_malloc(x);
+  				p=pp;
+  				i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
+  				           i2d_X509_ATTRIBUTE,
+--- 621,627 ----
+  				x=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,
+  					   i2d_X509_ATTRIBUTE,
+  					   V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET);
+! 				if (!(pp=(unsigned char *)OPENSSL_malloc(x))) goto err;
+  				p=pp;
+  				i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,
+  				           i2d_X509_ATTRIBUTE,
+***************
+*** 774,780 ****
+  		 */
+  		i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE,
+  			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
+! 		pp=OPENSSL_malloc(i);
+  		p=pp;
+  		i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE,
+  			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
+--- 817,823 ----
+  		 */
+  		i=i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,NULL,i2d_X509_ATTRIBUTE,
+  			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
+! 		if (!(pp=OPENSSL_malloc(i))) goto err;
+  		p=pp;
+  		i2d_ASN1_SET_OF_X509_ATTRIBUTE(sk,&p,i2d_X509_ATTRIBUTE,
+  			V_ASN1_SET,V_ASN1_UNIVERSAL, IS_SEQUENCE);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/pkcs7.h ../RELENG_4_6/crypto/openssl/crypto/pkcs7/pkcs7.h
+*** crypto/openssl/crypto/pkcs7/pkcs7.h	Sun Nov 26 06:33:47 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/pkcs7.h	Mon Dec 17 14:24:13 2001
+***************
+*** 353,360 ****
+  PKCS7			*d2i_PKCS7(PKCS7 **a,
+  				unsigned char **pp,long length);
+  
+- void ERR_load_PKCS7_strings(void);
+- 
+  
+  long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg);
+  
+--- 353,358 ----
+***************
+*** 422,427 ****
+--- 420,426 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_PKCS7_strings(void);
+  
+  /* Error codes for the PKCS7 functions. */
+  
+***************
+*** 502,505 ****
+  }
+  #endif
+  #endif
+- 
+--- 501,503 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/verify.c ../RELENG_4_6/crypto/openssl/crypto/pkcs7/verify.c
+*** crypto/openssl/crypto/pkcs7/verify.c	Sun Aug 20 04:46:34 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/verify.c	Wed Jul 24 10:42:05 2002
+***************
+*** 179,188 ****
+  		{
+  		ASN1_UTCTIME *tm;
+  		char *str1,*str2;
+  
+  		si=sk_PKCS7_SIGNER_INFO_value(sk,i);
+! 		i=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+! 		if (i <= 0)
+  			goto err;
+  		printf("signer info\n");
+  		if ((tm=get_signed_time(si)) != NULL)
+--- 179,189 ----
+  		{
+  		ASN1_UTCTIME *tm;
+  		char *str1,*str2;
++ 		int rc;
+  
+  		si=sk_PKCS7_SIGNER_INFO_value(sk,i);
+! 		rc=PKCS7_dataVerify(cert_store,&cert_ctx,p7bio,p7,si);
+! 		if (rc <= 0)
+  			goto err;
+  		printf("signer info\n");
+  		if ((tm=get_signed_time(si)) != NULL)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/rand/Makefile.save
+*** crypto/openssl/crypto/rand/Makefile.save	Sun Nov 26 06:33:48 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,107 ****
+- #
+- # SSLeay/crypto/rand/Makefile
+- #
+- 
+- DIR=	rand
+- TOP=	../..
+- CC=	cc
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST= randtest.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=md_rand.c randfile.c rand_lib.c rand_err.c rand_egd.c rand_win.c
+- LIBOBJ=md_rand.o randfile.o rand_lib.o rand_err.o rand_egd.o rand_win.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= rand.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- md_rand.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+- md_rand.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- md_rand.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- md_rand.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- md_rand.o: ../../include/openssl/rand.h ../../include/openssl/safestack.h
+- md_rand.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- md_rand.o: ../../include/openssl/symhacks.h rand_lcl.h
+- rand_egd.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+- rand_err.o: ../../include/openssl/bio.h ../../include/openssl/crypto.h
+- rand_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- rand_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- rand_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- rand_err.o: ../../include/openssl/symhacks.h
+- rand_lib.o: ../../include/openssl/rand.h
+- rand_win.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- rand_win.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- rand_win.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- rand_win.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- rand_win.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- rand_win.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- rand_win.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- rand_win.o: ../cryptlib.h rand_lcl.h
+- randfile.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- randfile.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+- randfile.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- randfile.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- randfile.o: ../../include/openssl/symhacks.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rand/Makefile.ssl
+*** crypto/openssl/crypto/rand/Makefile.ssl	Wed Jul  4 19:19:33 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/Makefile.ssl	Wed Oct  9 09:14:59 2002
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/md_rand.c ../RELENG_4_6/crypto/openssl/crypto/rand/md_rand.c
+*** crypto/openssl/crypto/rand/md_rand.c	Thu Jul 19 17:00:45 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/md_rand.c	Thu Nov 28 03:06:15 2002
+***************
+*** 56,62 ****
+   * [including the GNU Public Licence.]
+   */
+  /* ====================================================================
+!  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 56,62 ----
+   * [including the GNU Public Licence.]
+   */
+  /* ====================================================================
+!  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+***************
+*** 141,150 ****
+  static double entropy=0;
+  static int initialized=0;
+  
+! /* This should be set to 1 only when ssleay_rand_add() is called inside
+!    an already locked state, so it doesn't try to lock and thereby cause
+!    a hang.  And it should always be reset back to 0 before unlocking. */
+! static int add_do_not_lock=0;
+  
+  #ifdef PREDICT
+  int rand_predictable=0;
+--- 141,152 ----
+  static double entropy=0;
+  static int initialized=0;
+  
+! static unsigned int crypto_lock_rand = 0; /* may be set only when a thread
+!                                            * holds CRYPTO_LOCK_RAND
+!                                            * (to prevent double locking) */
+! /* access to lockin_thread is synchronized by CRYPTO_LOCK_RAND2 */
+! static unsigned long locking_thread = 0; /* valid iff crypto_lock_rand is set */
+! 
+  
+  #ifdef PREDICT
+  int rand_predictable=0;
+***************
+*** 175,184 ****
+  
+  static void ssleay_rand_cleanup(void)
+  	{
+! 	memset(state,0,sizeof(state));
+  	state_num=0;
+  	state_index=0;
+! 	memset(md,0,MD_DIGEST_LENGTH);
+  	md_count[0]=0;
+  	md_count[1]=0;
+  	entropy=0;
+--- 177,186 ----
+  
+  static void ssleay_rand_cleanup(void)
+  	{
+! 	OPENSSL_cleanse(state,sizeof(state));
+  	state_num=0;
+  	state_index=0;
+! 	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
+  	md_count[0]=0;
+  	md_count[1]=0;
+  	entropy=0;
+***************
+*** 191,196 ****
+--- 193,199 ----
+  	long md_c[2];
+  	unsigned char local_md[MD_DIGEST_LENGTH];
+  	MD_CTX m;
++ 	int do_not_lock;
+  
+  	/*
+  	 * (Based on the rand(3) manpage)
+***************
+*** 207,213 ****
+           * hash function.
+  	 */
+  
+! 	if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+  	st_idx=state_index;
+  
+  	/* use our own copies of the counters so that even
+--- 210,226 ----
+           * hash function.
+  	 */
+  
+! 	/* check if we already have the lock */
+! 	if (crypto_lock_rand)
+! 		{
+! 		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
+! 		do_not_lock = (locking_thread == CRYPTO_thread_id());
+! 		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
+! 		}
+! 	else
+! 		do_not_lock = 0;
+! 
+! 	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+  	st_idx=state_index;
+  
+  	/* use our own copies of the counters so that even
+***************
+*** 239,245 ****
+  
+  	md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+  
+! 	if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+  
+  	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
+  		{
+--- 252,258 ----
+  
+  	md_count[1] += (num / MD_DIGEST_LENGTH) + (num % MD_DIGEST_LENGTH > 0);
+  
+! 	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+  
+  	for (i=0; i<num; i+=MD_DIGEST_LENGTH)
+  		{
+***************
+*** 281,287 ****
+  		}
+  	memset((char *)&m,0,sizeof(m));
+  
+! 	if (!add_do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+  	/* Don't just copy back local_md into md -- this could mean that
+  	 * other thread's seeding remains without effect (except for
+  	 * the incremented counter).  By XORing it we keep at least as
+--- 294,300 ----
+  		}
+  	memset((char *)&m,0,sizeof(m));
+  
+! 	if (!do_not_lock) CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+  	/* Don't just copy back local_md into md -- this could mean that
+  	 * other thread's seeding remains without effect (except for
+  	 * the incremented counter).  By XORing it we keep at least as
+***************
+*** 292,298 ****
+  		}
+  	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+  	    entropy += add;
+! 	if (!add_do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+  	
+  #if !defined(THREADS) && !defined(WIN32)
+  	assert(md_c[1] == md_count[1]);
+--- 305,311 ----
+  		}
+  	if (entropy < ENTROPY_NEEDED) /* stop counting when we have enough */
+  	    entropy += add;
+! 	if (!do_not_lock) CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+  	
+  #if !defined(THREADS) && !defined(WIN32)
+  	assert(md_c[1] == md_count[1]);
+***************
+*** 340,367 ****
+  	 *
+  	 * For each group of 10 bytes (or less), we do the following:
+  	 *
+! 	 * Input into the hash function the top 10 bytes from the
+! 	 * local 'md' (which is initialized from the global 'md'
+! 	 * before any bytes are generated), the bytes that are
+! 	 * to be overwritten by the random bytes, and bytes from the
+! 	 * 'state' (incrementing looping index).  From this digest output
+! 	 * (which is kept in 'md'), the top (up to) 10 bytes are
+! 	 * returned to the caller and the bottom (up to) 10 bytes are xored
+! 	 * into the 'state'.
+  	 * Finally, after we have finished 'num' random bytes for the
+  	 * caller, 'count' (which is incremented) and the local and global 'md'
+  	 * are fed into the hash function and the results are kept in the
+  	 * global 'md'.
+  	 */
+  
+- 	if (!initialized)
+- 		RAND_poll();
+- 
+  	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+- 	add_do_not_lock = 1;	/* Since we call ssleay_rand_add while in
+- 				   this locked state. */
+  
+! 	initialized = 1;
+  	if (!stirred_pool)
+  		do_stir_pool = 1;
+  	
+--- 353,385 ----
+  	 *
+  	 * For each group of 10 bytes (or less), we do the following:
+  	 *
+! 	 * Input into the hash function the local 'md' (which is initialized from
+! 	 * the global 'md' before any bytes are generated), the bytes that are to
+! 	 * be overwritten by the random bytes, and bytes from the 'state'
+! 	 * (incrementing looping index). From this digest output (which is kept
+! 	 * in 'md'), the top (up to) 10 bytes are returned to the caller and the
+! 	 * bottom 10 bytes are xored into the 'state'.
+! 	 * 
+  	 * Finally, after we have finished 'num' random bytes for the
+  	 * caller, 'count' (which is incremented) and the local and global 'md'
+  	 * are fed into the hash function and the results are kept in the
+  	 * global 'md'.
+  	 */
+  
+  	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+  
+! 	/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
+! 	CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
+! 	locking_thread = CRYPTO_thread_id();
+! 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
+! 	crypto_lock_rand = 1;
+! 
+! 	if (!initialized)
+! 		{
+! 		RAND_poll();
+! 		initialized = 1;
+! 		}
+! 	
+  	if (!stirred_pool)
+  		do_stir_pool = 1;
+  	
+***************
+*** 387,397 ****
+  
+  	if (do_stir_pool)
+  		{
+! 		/* Our output function chains only half of 'md', so we better
+! 		 * make sure that the required entropy gets 'evenly distributed'
+! 		 * through 'state', our randomness pool.  The input function
+! 		 * (ssleay_rand_add) chains all of 'md', which makes it more
+! 		 * suitable for this purpose.
+  		 */
+  
+  		int n = STATE_SIZE; /* so that the complete pool gets accessed */
+--- 405,415 ----
+  
+  	if (do_stir_pool)
+  		{
+! 		/* In the output function only half of 'md' remains secret,
+! 		 * so we better make sure that the required entropy gets
+! 		 * 'evenly distributed' through 'state', our randomness pool.
+! 		 * The input function (ssleay_rand_add) chains all of 'md',
+! 		 * which makes it more suitable for this purpose.
+  		 */
+  
+  		int n = STATE_SIZE; /* so that the complete pool gets accessed */
+***************
+*** 425,432 ****
+  
+  	md_count[0] += 1;
+  
+! 	add_do_not_lock = 0;	/* If this would ever be forgotten, we can
+! 				   expect any evil god to eat our souls. */
+  	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+  
+  	while (num > 0)
+--- 443,450 ----
+  
+  	md_count[0] += 1;
+  
+! 	/* before unlocking, we must clear 'crypto_lock_rand' */
+! 	crypto_lock_rand = 0;
+  	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+  
+  	while (num > 0)
+***************
+*** 492,502 ****
+  static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
+  	{
+  	int ret;
+  
+  	ret = RAND_bytes(buf, num);
+  	if (ret == 0)
+  		{
+! 		long err = ERR_peek_error();
+  		if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
+  		    ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
+  			(void)ERR_get_error();
+--- 510,521 ----
+  static int ssleay_rand_pseudo_bytes(unsigned char *buf, int num) 
+  	{
+  	int ret;
++ 	unsigned long err;
+  
+  	ret = RAND_bytes(buf, num);
+  	if (ret == 0)
+  		{
+! 		err = ERR_peek_error();
+  		if (ERR_GET_LIB(err) == ERR_LIB_RAND &&
+  		    ERR_GET_REASON(err) == RAND_R_PRNG_NOT_SEEDED)
+  			(void)ERR_get_error();
+***************
+*** 507,520 ****
+  static int ssleay_rand_status(void)
+  	{
+  	int ret;
+  
+  	if (!initialized)
+  		RAND_poll();
+  
+- 	CRYPTO_w_lock(CRYPTO_LOCK_RAND);
+- 	initialized = 1;
+  	ret = entropy >= ENTROPY_NEEDED;
+- 	CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
+  
+  	return ret;
+  	}
+--- 526,570 ----
+  static int ssleay_rand_status(void)
+  	{
+  	int ret;
++ 	int do_not_lock;
+  
++ 	/* check if we already have the lock
++ 	 * (could happen if a RAND_poll() implementation calls RAND_status()) */
++ 	if (crypto_lock_rand)
++ 		{
++ 		CRYPTO_r_lock(CRYPTO_LOCK_RAND2);
++ 		do_not_lock = (locking_thread == CRYPTO_thread_id());
++ 		CRYPTO_r_unlock(CRYPTO_LOCK_RAND2);
++ 		}
++ 	else
++ 		do_not_lock = 0;
++ 	
++ 	if (!do_not_lock)
++ 		{
++ 		CRYPTO_w_lock(CRYPTO_LOCK_RAND);
++ 		
++ 		/* prevent ssleay_rand_bytes() from trying to obtain the lock again */
++ 		CRYPTO_w_lock(CRYPTO_LOCK_RAND2);
++ 		locking_thread = CRYPTO_thread_id();
++ 		CRYPTO_w_unlock(CRYPTO_LOCK_RAND2);
++ 		crypto_lock_rand = 1;
++ 		}
++ 	
+  	if (!initialized)
++ 		{
+  		RAND_poll();
++ 		initialized = 1;
++ 		}
+  
+  	ret = entropy >= ENTROPY_NEEDED;
+  
++ 	if (!do_not_lock)
++ 		{
++ 		/* before unlocking, we must clear 'crypto_lock_rand' */
++ 		crypto_lock_rand = 0;
++ 		
++ 		CRYPTO_w_unlock(CRYPTO_LOCK_RAND);
++ 		}
++ 	
+  	return ret;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand.h ../RELENG_4_6/crypto/openssl/crypto/rand/rand.h
+*** crypto/openssl/crypto/rand/rand.h	Wed Jul  4 19:19:33 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/rand.h	Mon Dec 17 14:24:16 2001
+***************
+*** 93,99 ****
+  int RAND_status(void);
+  int RAND_egd(const char *path);
+  int RAND_egd_bytes(const char *path,int bytes);
+- void ERR_load_RAND_strings(void);
+  int RAND_poll(void);
+  
+  #ifdef  __cplusplus
+--- 93,98 ----
+***************
+*** 115,124 ****
+--- 114,128 ----
+  #endif
+  #endif
+  
++ #ifdef  __cplusplus
++ extern "C" {
++ #endif
++ 
+  /* BEGIN ERROR CODES */
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_RAND_strings(void);
+  
+  /* Error codes for the RAND functions. */
+  
+***************
+*** 128,132 ****
+  /* Reason codes. */
+  #define RAND_R_PRNG_NOT_SEEDED				 100
+  
+  #endif
+- 
+--- 132,138 ----
+  /* Reason codes. */
+  #define RAND_R_PRNG_NOT_SEEDED				 100
+  
++ #ifdef  __cplusplus
++ }
++ #endif
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_egd.c ../RELENG_4_6/crypto/openssl/crypto/rand/rand_egd.c
+*** crypto/openssl/crypto/rand/rand_egd.c	Wed Jul  4 19:19:33 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/rand_egd.c	Wed Dec  4 18:12:57 2002
+***************
+*** 59,65 ****
+  /* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+   */
+  
+! #if defined(WIN32) || defined(VMS) || defined(__VMS)
+  int RAND_egd(const char *path)
+  	{
+  	return(-1);
+--- 59,65 ----
+  /* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+   */
+  
+! #if defined(WIN32) || defined(MSDOS) || defined(VMS) || defined(__VMS) || defined(VXWORKS)
+  int RAND_egd(const char *path)
+  	{
+  	return(-1);
+***************
+*** 75,81 ****
+  #include <sys/types.h>
+  #include <sys/socket.h>
+  #ifndef NO_SYS_UN_H
+! #include <sys/un.h>
+  #else
+  struct	sockaddr_un {
+  	short	sun_family;		/* AF_UNIX */
+--- 75,85 ----
+  #include <sys/types.h>
+  #include <sys/socket.h>
+  #ifndef NO_SYS_UN_H
+! # ifdef VXWORKS
+! #   include <streams/un.h>
+! # else
+! #   include <sys/un.h>
+! # endif
+  #else
+  struct	sockaddr_un {
+  	short	sun_family;		/* AF_UNIX */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_win.c ../RELENG_4_6/crypto/openssl/crypto/rand/rand_win.c
+*** crypto/openssl/crypto/rand/rand_win.c	Wed Jul  4 19:19:33 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/rand_win.c	Wed Dec  4 18:12:57 2002
+***************
+*** 254,259 ****
+--- 254,263 ----
+           * at random times on Windows 2000.  Reported by Jeffrey Altman.  
+           * Only use it on NT.
+  	 */
++ 	/* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
++ 	 * the RegQueryValueEx call below can hang on NT4.0 (SP6).
++ 	 * So we don't use this at all for now. */
++ #if 0
+          if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+  		osverinfo.dwMajorVersion < 5)
+  		{
+***************
+*** 283,295 ****
+  			{
+                          /* For entropy count assume only least significant
+  			 * byte of each DWORD is random.
+!                          */
+  			RAND_add(&length, sizeof(length), 0);
+  			RAND_add(buf, length, length / 4.0);
+  			}
+  		if (buf)
+  			free(buf);
+  		}
+  
+  	if (advapi)
+  		{
+--- 287,309 ----
+  			{
+                          /* For entropy count assume only least significant
+  			 * byte of each DWORD is random.
+! 			 */
+  			RAND_add(&length, sizeof(length), 0);
+  			RAND_add(buf, length, length / 4.0);
++ 
++ 			/* Close the Registry Key to allow Windows to cleanup/close
++ 			 * the open handle
++ 			 * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
++ 			 *       when the RegQueryValueEx above is done.  However, if
++ 			 *       it is not explicitly closed, it can cause disk
++ 			 *       partition manipulation problems.
++ 			 */
++ 			RegCloseKey(HKEY_PERFORMANCE_DATA);
+  			}
+  		if (buf)
+  			free(buf);
+  		}
++ #endif
+  
+  	if (advapi)
+  		{
+***************
+*** 311,317 ****
+  			if (gen(hProvider, sizeof(buf), buf) != 0)
+  				{
+  				RAND_add(buf, sizeof(buf), sizeof(buf));
+! #ifdef DEBUG
+  				printf("randomness from PROV_RSA_FULL\n");
+  #endif
+  				}
+--- 325,331 ----
+  			if (gen(hProvider, sizeof(buf), buf) != 0)
+  				{
+  				RAND_add(buf, sizeof(buf), sizeof(buf));
+! #if 0
+  				printf("randomness from PROV_RSA_FULL\n");
+  #endif
+  				}
+***************
+*** 324,330 ****
+  			if (gen(hProvider, sizeof(buf), buf) != 0)
+  				{
+  				RAND_add(buf, sizeof(buf), sizeof(buf));
+! #ifdef DEBUG
+  				printf("randomness from PROV_INTEL_SEC\n");
+  #endif
+  				}
+--- 338,344 ----
+  			if (gen(hProvider, sizeof(buf), buf) != 0)
+  				{
+  				RAND_add(buf, sizeof(buf), sizeof(buf));
+! #if 0
+  				printf("randomness from PROV_INTEL_SEC\n");
+  #endif
+  				}
+***************
+*** 461,467 ****
+  						hlist.th32ProcessID,
+  						hlist.th32HeapID))
+  						{
+! 						int entrycnt = 50;
+  						do
+  							RAND_add(&hentry,
+  								hentry.dwSize, 5);
+--- 475,481 ----
+  						hlist.th32ProcessID,
+  						hlist.th32HeapID))
+  						{
+! 						int entrycnt = 80;
+  						do
+  							RAND_add(&hentry,
+  								hentry.dwSize, 5);
+***************
+*** 510,516 ****
+  		FreeLibrary(kernel);
+  		}
+  
+! #ifdef DEBUG
+  	printf("Exiting RAND_poll\n");
+  #endif
+  
+--- 524,530 ----
+  		FreeLibrary(kernel);
+  		}
+  
+! #if 0
+  	printf("Exiting RAND_poll\n");
+  #endif
+  
+***************
+*** 718,725 ****
+--- 732,741 ----
+  	/* put in some default random data, we need more than just this */
+  	l=curr_pid;
+  	RAND_add(&l,sizeof(l),0);
++ #ifndef VXWORKS
+  	l=getuid();
+  	RAND_add(&l,sizeof(l),0);
++ #endif
+  
+  	l=time(NULL);
+  	RAND_add(&l,sizeof(l),0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randfile.c ../RELENG_4_6/crypto/openssl/crypto/rand/randfile.c
+*** crypto/openssl/crypto/rand/randfile.c	Wed Jul  4 19:19:33 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/randfile.c	Thu Nov 28 03:06:15 2002
+***************
+*** 61,66 ****
+--- 61,68 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "openssl/e_os.h"
++ 
+  #ifdef VMS
+  #include <unixio.h>
+  #endif
+***************
+*** 73,79 ****
+  # include <sys/stat.h>
+  #endif
+  
+- #include "openssl/e_os.h"
+  #include <openssl/crypto.h>
+  #include <openssl/rand.h>
+  
+--- 75,80 ----
+***************
+*** 124,130 ****
+  			}
+  		}
+  	fclose(in);
+! 	memset(buf,0,BUFSIZE);
+  err:
+  	return(ret);
+  	}
+--- 125,131 ----
+  			}
+  		}
+  	fclose(in);
+! 	OPENSSL_cleanse(buf,BUFSIZE);
+  err:
+  	return(ret);
+  	}
+***************
+*** 189,195 ****
+  #endif /* VMS */
+  
+  	fclose(out);
+! 	memset(buf,0,BUFSIZE);
+  err:
+  	return (rand_err ? -1 : ret);
+  	}
+--- 190,196 ----
+  #endif /* VMS */
+  
+  	fclose(out);
+! 	OPENSSL_cleanse(buf,BUFSIZE);
+  err:
+  	return (rand_err ? -1 : ret);
+  	}
+***************
+*** 211,216 ****
+--- 212,223 ----
+  		{
+  		if (OPENSSL_issetugid() == 0)
+  			s=getenv("HOME");
++ #ifdef DEFAULT_HOME
++ 		if (s == NULL)
++ 			{
++ 			s = DEFAULT_HOME;
++ 			}
++ #endif
+  		if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size))
+  			{
+  			strcpy(buf,s);
+***************
+*** 220,226 ****
+  			strcat(buf,RFILE);
+  			ret=buf;
+  			}
+! 		  else
+  		  	buf[0] = '\0'; /* no file name */
+  		}
+  	return(ret);
+--- 227,233 ----
+  			strcat(buf,RFILE);
+  			ret=buf;
+  			}
+! 		else
+  		  	buf[0] = '\0'; /* no file name */
+  		}
+  	return(ret);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randtest.c ../RELENG_4_6/crypto/openssl/crypto/rand/randtest.c
+*** crypto/openssl/crypto/rand/randtest.c	Sun Aug 20 04:46:35 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/randtest.c	Thu Nov 28 13:55:59 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <openssl/rand.h>
+  
++ #include "../e_os.h"
++ 
+  /* some FIPS 140-1 random number test */
+  /* some simple tests */
+  
+***************
+*** 202,207 ****
+  		}
+  	printf("test 4 done\n");
+  	err=((err)?1:0);
+! 	exit(err);
+  	return(err);
+  	}
+--- 204,209 ----
+  		}
+  	printf("test 4 done\n");
+  	err=((err)?1:0);
+! 	EXIT(err);
+  	return(err);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/rc2/Makefile.save
+*** crypto/openssl/crypto/rc2/Makefile.save	Sun Aug 20 04:48:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc2/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,90 ****
+- #
+- # SSLeay/crypto/rc2/Makefile
+- #
+- 
+- DIR=	rc2
+- TOP=	../..
+- CC=	cc
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=rc2test.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+- LIBOBJ=rc2_ecb.o rc2_skey.o rc2_cbc.o rc2cfb64.o rc2ofb64.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= rc2.h
+- HEADER=	rc2_locl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- rc2_cbc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+- rc2_cbc.o: rc2_locl.h
+- rc2_ecb.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- rc2_ecb.o: ../../include/openssl/rc2.h rc2_locl.h
+- rc2_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+- rc2_skey.o: rc2_locl.h
+- rc2cfb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+- rc2cfb64.o: rc2_locl.h
+- rc2ofb64.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc2.h
+- rc2ofb64.o: rc2_locl.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rc2/Makefile.ssl
+*** crypto/openssl/crypto/rc2/Makefile.ssl	Wed Jul  4 19:19:33 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rc2/Makefile.ssl	Wed Oct  9 09:15:06 2002
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/Makefile.uni ../RELENG_4_6/crypto/openssl/crypto/rc2/Makefile.uni
+*** crypto/openssl/crypto/rc2/Makefile.uni	Mon Jan 10 01:21:49 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc2/Makefile.uni	Wed Dec 31 19:00:00 1969
+***************
+*** 1,73 ****
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- 
+- DIR=    rc2
+- TOP=    .
+- CC=     gcc
+- CFLAG=	-O3 -fomit-frame-pointer
+- 
+- CPP=    $(CC) -E
+- INCLUDES=
+- INSTALLTOP=/usr/local/lib
+- MAKE=           make
+- MAKEDEPEND=     makedepend
+- MAKEFILE=       Makefile.uni
+- AR=             ar r
+- RANLIB=         ranlib
+- 
+- IDEA_ENC=rc2_cbc.o
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=rc2test
+- APPS=rc2speed
+- 
+- LIB=librc2.a
+- LIBSRC=rc2_skey.c rc2_ecb.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+- LIBOBJ=rc2_skey.o rc2_ecb.o $(IDEA_ENC) rc2cfb64.o rc2ofb64.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= rc2.h
+- HEADER= rc2_locl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- all:    $(LIB) $(TEST) $(APPS)
+- 
+- $(LIB):    $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 
+- test:	$(TEST)
+- 	./$(TEST)
+- 
+- $(TEST): $(TEST).c $(LIB)
+- 	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+- 
+- $(APPS): $(APPS).c $(LIB)
+- 	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- cc:
+- 	$(MAKE) CC="cc" CFLAG="-O" all
+- 
+- gcc:
+- 	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/rc2test.c ../RELENG_4_6/crypto/openssl/crypto/rc2/rc2test.c
+*** crypto/openssl/crypto/rc2/rc2test.c	Sun Aug 20 04:46:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc2/rc2test.c	Thu Nov 28 13:56:01 2002
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC2
+  int main(int argc, char *argv[])
+  {
+***************
+*** 203,209 ****
+  		printf("ok\n");
+  #endif
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 205,211 ----
+  		printf("ok\n");
+  #endif
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/rc4/Makefile.save
+*** crypto/openssl/crypto/rc4/Makefile.save	Sun Nov 26 06:33:50 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc4/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,114 ****
+- #
+- # SSLeay/crypto/rc4/Makefile
+- #
+- 
+- DIR=	rc4
+- TOP=	../..
+- CC=	cc
+- CPP=    $(CC) -E
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- RC4_ENC=rc4_enc.o
+- # or use
+- #RC4_ENC=asm/rx86-elf.o
+- #RC4_ENC=asm/rx86-out.o
+- #RC4_ENC=asm/rx86-sol.o
+- #RC4_ENC=asm/rx86bdsi.o
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=rc4test.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=rc4_skey.c rc4_enc.c
+- LIBOBJ=rc4_skey.o $(RC4_ENC)
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= rc4.h
+- HEADER=	$(EXHEADER) rc4_locl.h
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- # elf
+- asm/rx86-elf.o: asm/rx86unix.cpp
+- 	$(CPP) -DELF -x c asm/rx86unix.cpp | as -o asm/rx86-elf.o
+- 
+- # solaris
+- asm/rx86-sol.o: asm/rx86unix.cpp
+- 	$(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+- 	as -o asm/rx86-sol.o asm/rx86-sol.s
+- 	rm -f asm/rx86-sol.s
+- 
+- # a.out
+- asm/rx86-out.o: asm/rx86unix.cpp
+- 	$(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+- 
+- # bsdi
+- asm/rx86bsdi.o: asm/rx86unix.cpp
+- 	$(CPP) -DBSDI asm/rx86unix.cpp | sed 's/ :/:/' | as -o asm/rx86bsdi.o
+- 
+- asm/rx86unix.cpp: asm/rc4-586.pl ../perlasm/x86asm.pl
+- 	(cd asm; $(PERL) rc4-586.pl cpp >rx86unix.cpp)
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- rc4_enc.o: ../../include/openssl/opensslconf.h ../../include/openssl/rc4.h
+- rc4_enc.o: rc4_locl.h
+- rc4_skey.o: ../../include/openssl/opensslconf.h
+- rc4_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/rc4.h
+- rc4_skey.o: rc4_locl.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rc4/Makefile.ssl
+*** crypto/openssl/crypto/rc4/Makefile.ssl	Wed Jul  4 19:19:34 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rc4/Makefile.ssl	Wed Oct  9 09:15:13 2002
+***************
+*** 97,103 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 97,103 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/Makefile.uni ../RELENG_4_6/crypto/openssl/crypto/rc4/Makefile.uni
+*** crypto/openssl/crypto/rc4/Makefile.uni	Mon Jan 10 01:21:50 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc4/Makefile.uni	Wed Dec 31 19:00:00 1969
+***************
+*** 1,103 ****
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- # make x86-elf  - linux-elf etc
+- # make x86-out  - linux-a.out, FreeBSD etc
+- # make x86-solaris
+- # make x86-bdsi
+- 
+- DIR=    rc4
+- TOP=    .
+- CC=     gcc
+- CFLAG=	-O3 -fomit-frame-pointer
+- 
+- CPP=    $(CC) -E
+- INCLUDES=
+- INSTALLTOP=/usr/local/lib
+- MAKE=           make
+- MAKEDEPEND=     makedepend
+- MAKEFILE=       Makefile.uni
+- AR=             ar r
+- RANLIB=         ranlib
+- 
+- RC4_ENC=rc4_enc.o
+- # or use
+- #RC4_ENC=asm/rx86-elf.o
+- #RC4_ENC=asm/rx86-out.o
+- #RC4_ENC=asm/rx86-sol.o
+- #RC4_ENC=asm/rx86bdsi.o
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=rc4test
+- APPS=rc4speed
+- 
+- LIB=librc4.a
+- LIBSRC=rc4_skey.c rc4_enc.c
+- LIBOBJ=rc4_skey.o $(RC4_ENC)
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= rc4.h
+- HEADER= $(EXHEADER) rc4_locl.h
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- all:    $(LIB) $(TEST) $(APPS)
+- 
+- $(LIB):    $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 
+- # elf
+- asm/rx86-elf.o: asm/rx86unix.cpp
+- 	$(CPP) -DELF asm/rx86unix.cpp | as -o asm/rx86-elf.o
+- 
+- # solaris
+- asm/rx86-sol.o: asm/rx86unix.cpp
+- 	$(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+- 	as -o asm/rx86-sol.o asm/rx86-sol.s
+- 	rm -f asm/rx86-sol.s
+- 
+- # a.out
+- asm/rx86-out.o: asm/rx86unix.cpp
+- 	$(CPP) -DOUT asm/rx86unix.cpp | as -o asm/rx86-out.o
+- 
+- # bsdi
+- asm/rx86bsdi.o: asm/rx86unix.cpp
+- 	$(CPP) -DBSDI asm/rx86unix.cpp | as -o asm/rx86bsdi.o
+- 
+- asm/rx86unix.cpp:
+- 	(cd asm; perl rc4-586.pl cpp >rx86unix.cpp)
+- 
+- test:	$(TEST)
+- 	./$(TEST)
+- 
+- $(TEST): $(TEST).c $(LIB)
+- 	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+- 
+- $(APPS): $(APPS).c $(LIB)
+- 	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- cc:
+- 	$(MAKE) CC="cc" CFLAG="-O" all
+- 
+- gcc:
+- 	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4.c ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4.c
+*** crypto/openssl/crypto/rc4/rc4.c	Mon Jan 10 01:21:50 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4.c	Thu Nov 28 03:06:18 2002
+***************
+*** 155,161 ****
+  		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+  		if (i != 0)
+  			{
+! 			memset(buf,0,BUFSIZ);
+  			fprintf(stderr,"bad password read\n");
+  			exit(1);
+  			}
+--- 155,161 ----
+  		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+  		if (i != 0)
+  			{
+! 			OPENSSL_cleanse(buf,BUFSIZ);
+  			fprintf(stderr,"bad password read\n");
+  			exit(1);
+  			}
+***************
+*** 163,169 ****
+  		}
+  
+  	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+! 	memset(keystr,0,strlen(keystr));
+  	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+  	
+  	for(;;)
+--- 163,169 ----
+  		}
+  
+  	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+! 	OPENSSL_cleanse(keystr,strlen(keystr));
+  	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+  	
+  	for(;;)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4test.c ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4test.c
+*** crypto/openssl/crypto/rc4/rc4test.c	Sun Aug 20 04:46:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4test.c	Thu Nov 28 13:56:03 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC4
+  int main(int argc, char *argv[])
+  {
+***************
+*** 195,201 ****
+  			}
+  		}
+  	printf("done\n");
+! 	exit(err);
+  	return(0);
+  	}
+  #endif
+--- 197,203 ----
+  			}
+  		}
+  	printf("done\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/rc5/Makefile.save
+*** crypto/openssl/crypto/rc5/Makefile.save	Sun Aug 20 04:48:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc5/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,112 ****
+- #
+- # SSLeay/crypto/rc5/Makefile
+- #
+- 
+- DIR=	rc5
+- TOP=	../..
+- CC=	cc
+- CPP=	$(CC) -E
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- RC5_ENC=		rc5_enc.o
+- # or use
+- #DES_ENC=	r586-elf.o
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=rc5test.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=rc5_skey.c rc5_ecb.c rc5_enc.c rc5cfb64.c rc5ofb64.c 
+- LIBOBJ=rc5_skey.o rc5_ecb.o $(RC5_ENC) rc5cfb64.o rc5ofb64.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= rc5.h
+- HEADER=	rc5_locl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- # elf
+- asm/r586-elf.o: asm/r586unix.cpp
+- 	$(CPP) -DELF -x c asm/r586unix.cpp | as -o asm/r586-elf.o
+- 
+- # solaris
+- asm/r586-sol.o: asm/r586unix.cpp
+- 	$(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s
+- 	as -o asm/r586-sol.o asm/r586-sol.s
+- 	rm -f asm/r586-sol.s
+- 
+- # a.out
+- asm/r586-out.o: asm/r586unix.cpp
+- 	$(CPP) -DOUT asm/r586unix.cpp | as -o asm/r586-out.o
+- 
+- # bsdi
+- asm/r586bsdi.o: asm/r586unix.cpp
+- 	$(CPP) -DBSDI asm/r586unix.cpp | sed 's/ :/:/' | as -o asm/r586bsdi.o
+- 
+- asm/r586unix.cpp: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+- 	(cd asm; $(PERL) rc5-586.pl cpp >r586unix.cpp)
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- rc5_ecb.o: ../../include/openssl/opensslv.h ../../include/openssl/rc5.h
+- rc5_ecb.o: rc5_locl.h
+- rc5_enc.o: ../../include/openssl/rc5.h rc5_locl.h
+- rc5_skey.o: ../../include/openssl/rc5.h rc5_locl.h
+- rc5cfb64.o: ../../include/openssl/rc5.h rc5_locl.h
+- rc5ofb64.o: ../../include/openssl/rc5.h rc5_locl.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rc5/Makefile.ssl
+*** crypto/openssl/crypto/rc5/Makefile.ssl	Wed Jul  4 19:19:34 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rc5/Makefile.ssl	Wed Oct  9 09:15:18 2002
+***************
+*** 94,100 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 94,100 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/Makefile.uni ../RELENG_4_6/crypto/openssl/crypto/rc5/Makefile.uni
+*** crypto/openssl/crypto/rc5/Makefile.uni	Mon Jan 10 01:21:50 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc5/Makefile.uni	Wed Dec 31 19:00:00 1969
+***************
+*** 1,73 ****
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- 
+- DIR=    rc2
+- TOP=    .
+- CC=     gcc
+- CFLAG=	-O3 -fomit-frame-pointer
+- 
+- CPP=    $(CC) -E
+- INCLUDES=
+- INSTALLTOP=/usr/local/lib
+- MAKE=           make
+- MAKEDEPEND=     makedepend
+- MAKEFILE=       Makefile.uni
+- AR=             ar r
+- RANLIB=         ranlib
+- 
+- IDEA_ENC=rc2_cbc.o
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=rc2test
+- APPS=rc2speed
+- 
+- LIB=librc2.a
+- LIBSRC=rc2_skey.c rc2_ecb.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
+- LIBOBJ=rc2_skey.o rc2_ecb.o $(IDEA_ENC) rc2cfb64.o rc2ofb64.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= rc2.h
+- HEADER= rc2_locl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- all:    $(LIB) $(TEST) $(APPS)
+- 
+- $(LIB):    $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 
+- test:	$(TEST)
+- 	./$(TEST)
+- 
+- $(TEST): $(TEST).c $(LIB)
+- 	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+- 
+- $(APPS): $(APPS).c $(LIB)
+- 	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- cc:
+- 	$(MAKE) CC="cc" CFLAG="-O" all
+- 
+- gcc:
+- 	$(MAKE) CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/rc5test.c ../RELENG_4_6/crypto/openssl/crypto/rc5/rc5test.c
+*** crypto/openssl/crypto/rc5/rc5test.c	Sun Aug 20 04:46:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc5/rc5test.c	Thu Nov 28 13:56:04 2002
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC5
+  int main(int argc, char *argv[])
+  {
+***************
+*** 318,324 ****
+  		}
+  	if (err == 0) printf("cbc RC5 ok\n");
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 320,326 ----
+  		}
+  	if (err == 0) printf("cbc RC5 ok\n");
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/ripemd/Makefile.save
+*** crypto/openssl/crypto/ripemd/Makefile.save	Sun Nov 26 06:33:51 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/ripemd/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,108 ****
+- #
+- # SSLeay/crypto/ripemd/Makefile
+- #
+- 
+- DIR=    ripemd
+- TOP=    ../..
+- CC=     cc
+- CPP=    $(CC) -E
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=           make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=       Makefile.ssl
+- AR=             ar r
+- 
+- RIP_ASM_OBJ=
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=rmdtest.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=rmd_dgst.c rmd_one.c
+- LIBOBJ=rmd_dgst.o rmd_one.o $(RMD160_ASM_OBJ)
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= ripemd.h
+- HEADER= rmd_locl.h rmdconst.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:    lib
+- 
+- lib:    $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- # elf
+- asm/rm86-elf.o: asm/rm86unix.cpp
+- 	$(CPP) -DELF -x c asm/rm86unix.cpp | as -o asm/rm86-elf.o
+- 
+- # solaris
+- asm/rm86-sol.o: asm/rm86unix.cpp
+- 	$(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s
+- 	as -o asm/rm86-sol.o asm/rm86-sol.s
+- 	rm -f asm/rm86-sol.s
+- 
+- # a.out
+- asm/rm86-out.o: asm/rm86unix.cpp
+- 	$(CPP) -DOUT asm/rm86unix.cpp | as -o asm/rm86-out.o
+- 
+- # bsdi
+- asm/rm86bsdi.o: asm/rm86unix.cpp
+- 	$(CPP) -DBSDI asm/rm86unix.cpp | sed 's/ :/:/' | as -o asm/rm86bsdi.o
+- 
+- asm/rm86unix.cpp: asm/rmd-586.pl ../perlasm/x86asm.pl
+- 	(cd asm; $(PERL) rmd-586.pl cpp >rm86unix.cpp)
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- rmd_dgst.o: ../../include/openssl/opensslconf.h
+- rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+- rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
+- rmd_one.o: ../../include/openssl/ripemd.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/ripemd/Makefile.ssl
+*** crypto/openssl/crypto/ripemd/Makefile.ssl	Wed Jul  4 19:19:35 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/ripemd/Makefile.ssl	Thu Dec  5 16:50:45 2002
+***************
+*** 92,98 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 92,98 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 106,109 ****
+  rmd_dgst.o: ../../include/openssl/opensslconf.h
+  rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+  rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
+! rmd_one.o: ../../include/openssl/ripemd.h
+--- 106,111 ----
+  rmd_dgst.o: ../../include/openssl/opensslconf.h
+  rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+  rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
+! rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+! rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/Makefile.uni ../RELENG_4_6/crypto/openssl/crypto/ripemd/Makefile.uni
+*** crypto/openssl/crypto/ripemd/Makefile.uni	Mon Jan 10 01:21:51 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/ripemd/Makefile.uni	Wed Dec 31 19:00:00 1969
+***************
+*** 1,109 ****
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- # make x86-elf  - linux-elf etc
+- # make x86-out  - linux-a.out, FreeBSD etc
+- # make x86-solaris
+- # make x86-bdsi
+- 
+- DIR=    md5
+- TOP=    .
+- CC=     gcc
+- CFLAG=	-O3 -fomit-frame-pointer
+- 
+- CPP=    $(CC) -E
+- INCLUDES=
+- INSTALLTOP=/usr/local/lib
+- MAKE=           make
+- MAKEDEPEND=     makedepend
+- MAKEFILE=       Makefile.uni
+- AR=             ar r
+- 
+- MD5_ASM_OBJ=
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=md5test
+- APPS=md5
+- 
+- LIB=libmd5.a
+- LIBSRC=md5_dgst.c md5_one.c
+- LIBOBJ=md5_dgst.o md5_one.o $(MD5_ASM_OBJ)
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= md5.h
+- HEADER= md5_locl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- all:    $(LIB) $(TEST) $(APPS)
+- 
+- $(LIB):    $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 
+- # elf
+- asm/mx86-elf.o: asm/mx86unix.cpp
+- 	$(CPP) -DELF asm/mx86unix.cpp | as -o asm/mx86-elf.o
+- 
+- # solaris
+- asm/mx86-sol.o: asm/mx86unix.cpp
+- 	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+- 	as -o asm/mx86-sol.o asm/mx86-sol.s
+- 	rm -f asm/mx86-sol.s
+- 
+- # a.out
+- asm/mx86-out.o: asm/mx86unix.cpp
+- 	$(CPP) -DOUT asm/mx86unix.cpp | as -o asm/mx86-out.o
+- 
+- # bsdi
+- asm/mx86bsdi.o: asm/mx86unix.cpp
+- 	$(CPP) -DBSDI asm/mx86unix.cpp | as -o asm/mx86bsdi.o
+- 
+- asm/mx86unix.cpp:
+- 	(cd asm; perl md5-586.pl cpp >mx86unix.cpp)
+- 
+- test:	$(TEST)
+- 	./$(TEST)
+- 
+- $(TEST): $(TEST).c $(LIB)
+- 	$(CC) -o $(TEST) $(CFLAGS) $(TEST).c $(LIB)
+- 
+- $(APPS): $(APPS).c $(LIB)
+- 	$(CC) -o $(APPS) $(CFLAGS) $(APPS).c $(LIB)
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- cc:
+- 	$(MAKE) MD5_ASM_OBJ="" CC="cc" CFLAG="-O" all
+- 
+- gcc:
+- 	$(MAKE) MD5_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+- 
+- x86-elf:
+- 	$(MAKE) MD5_ASM_OBJ="asm/mx86-elf.o" CFLAG="-DELF -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- x86-out:
+- 	$(MAKE) MD5_ASM_OBJ="asm/mx86-out.o" CFLAG="-DOUT -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- x86-solaris:
+- 	$(MAKE) MD5_ASM_OBJ="asm/mx86-sol.o" CFLAG="-DSOL -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- x86-bdsi:
+- 	$(MAKE) MD5_ASM_OBJ="asm/mx86-bdsi.o" CFLAG="-DBDSI -DMD5_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmd_locl.h ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmd_locl.h
+*** crypto/openssl/crypto/ripemd/rmd_locl.h	Sun Aug 20 04:46:39 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmd_locl.h	Sat Oct 13 20:58:26 2001
+***************
+*** 71,77 ****
+   *					<appro@fy.chalmers.se>
+   */
+  #ifdef RMD160_ASM
+! # if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+  #  define ripemd160_block_host_order ripemd160_block_asm_host_order
+  # endif
+  #endif
+--- 71,77 ----
+   *					<appro@fy.chalmers.se>
+   */
+  #ifdef RMD160_ASM
+! # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+  #  define ripemd160_block_host_order ripemd160_block_asm_host_order
+  # endif
+  #endif
+***************
+*** 79,85 ****
+  void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num);
+  void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num);
+  
+! #if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+  #define ripemd160_block_data_order ripemd160_block_host_order
+  #endif
+  
+--- 79,85 ----
+  void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num);
+  void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num);
+  
+! #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+  #define ripemd160_block_data_order ripemd160_block_host_order
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmd_one.c ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmd_one.c
+*** crypto/openssl/crypto/ripemd/rmd_one.c	Sun Aug 20 04:46:39 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmd_one.c	Wed Dec  4 18:08:02 2002
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/ripemd.h>
++ #include <openssl/crypto.h>
+  
+  unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+  	     unsigned char *md)
+***************
+*** 70,76 ****
+  	RIPEMD160_Init(&c);
+  	RIPEMD160_Update(&c,d,n);
+  	RIPEMD160_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 71,77 ----
+  	RIPEMD160_Init(&c);
+  	RIPEMD160_Update(&c,d,n);
+  	RIPEMD160_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmdtest.c ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmdtest.c
+*** crypto/openssl/crypto/ripemd/rmdtest.c	Sun Aug 20 04:46:39 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmdtest.c	Thu Nov 28 13:56:06 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RIPEMD
+  int main(int argc, char *argv[])
+  {
+***************
+*** 124,130 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 126,132 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/rsa/Makefile.save
+*** crypto/openssl/crypto/rsa/Makefile.save	Sun Nov 26 06:33:51 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,199 ****
+- #
+- # SSLeay/crypto/rsa/Makefile
+- #
+- 
+- DIR=	rsa
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=rsa_test.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
+- 	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c
+- LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
+- 	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= rsa.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- rsa_chk.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- rsa_chk.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+- rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+- rsa_chk.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- rsa_chk.o: ../../include/openssl/symhacks.h
+- rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- rsa_eay.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+- rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- rsa_err.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/err.h
+- rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+- rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- rsa_err.o: ../../include/openssl/symhacks.h
+- rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- rsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- rsa_gen.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- rsa_gen.o: ../cryptlib.h
+- rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- rsa_lib.o: ../cryptlib.h
+- rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- rsa_none.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- rsa_none.o: ../../include/openssl/opensslconf.h
+- rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- rsa_none.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- rsa_none.o: ../cryptlib.h
+- rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- rsa_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- rsa_null.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- rsa_null.o: ../../include/openssl/opensslconf.h
+- rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- rsa_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- rsa_null.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- rsa_null.o: ../cryptlib.h
+- rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- rsa_oaep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- rsa_oaep.o: ../../include/openssl/opensslconf.h
+- rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
+- rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- rsa_oaep.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- rsa_oaep.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- rsa_pk1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- rsa_pk1.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+- rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h
+- rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- rsa_saos.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- rsa_saos.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- rsa_saos.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- rsa_saos.o: ../../include/openssl/opensslconf.h
+- rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- rsa_saos.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- rsa_saos.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- rsa_saos.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- rsa_saos.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- rsa_saos.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- rsa_saos.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- rsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+- rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+- rsa_sign.o: ../../include/openssl/opensslconf.h
+- rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- rsa_sign.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+- rsa_sign.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
+- rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
+- rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
+- rsa_ssl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+- rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
+- rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rsa/Makefile.ssl
+*** crypto/openssl/crypto/rsa/Makefile.ssl	Wed Jul  4 19:19:35 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/Makefile.ssl	Wed Oct  9 09:15:29 2002
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa.h ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa.h
+*** crypto/openssl/crypto/rsa/rsa.h	Wed Jul  4 19:19:36 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa.h	Tue Nov 26 06:14:38 2002
+***************
+*** 102,110 ****
+   * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
+   * option is set in 'flags'.
+   */
+! 	int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
+               unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+! 	int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len,
+               unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+  
+  	} RSA_METHOD;
+--- 101,114 ----
+   * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
+   * option is set in 'flags'.
+   */
+! 
+! /* changed m_len to m_length to avoid a conflict with a #define in
+!    vxworks for m_len for the mbuf code.  This only shows up in apps
+!    that have USE_SOCKETS defined */
+! 
+! 	int (*rsa_sign)(int type, unsigned char *m, unsigned int m_length,
+               unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+! 	int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_length,
+               unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+  
+  	} RSA_METHOD;
+***************
+*** 165,170 ****
+--- 169,176 ----
+  #define RSA_NO_PADDING		3
+  #define RSA_PKCS1_OAEP_PADDING	4
+  
++ #define RSA_PKCS1_PADDING_SIZE	11
++ 
+  #define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
+  #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
+  
+***************
+*** 203,210 ****
+  
+  RSA_METHOD *RSA_null_method(void);
+  
+- void	ERR_load_RSA_strings(void );
+- 
+  RSA *	d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
+  int	i2d_RSAPublicKey(RSA *a, unsigned char **pp);
+  RSA *	d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length);
+--- 209,214 ----
+***************
+*** 229,244 ****
+  
+  /* The following 2 functions sign and verify a X509_SIG ASN1 object
+   * inside PKCS#1 padded RSA encryption */
+! int RSA_sign(int type, unsigned char *m, unsigned int m_len,
+  	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+! int RSA_verify(int type, unsigned char *m, unsigned int m_len,
+  	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+  
+  /* The following 2 function sign and verify a ASN1_OCTET_STRING
+   * object inside PKCS#1 padded RSA encryption */
+! int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
+  	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+! int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
+  	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+  
+  int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+--- 233,248 ----
+  
+  /* The following 2 functions sign and verify a X509_SIG ASN1 object
+   * inside PKCS#1 padded RSA encryption */
+! int RSA_sign(int type, unsigned char *m, unsigned int m_length,
+  	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+! int RSA_verify(int type, unsigned char *m, unsigned int m_length,
+  	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+  
+  /* The following 2 function sign and verify a ASN1_OCTET_STRING
+   * object inside PKCS#1 padded RSA encryption */
+! int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_length,
+  	unsigned char *sigret, unsigned int *siglen, RSA *rsa);
+! int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_length,
+  	unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+  
+  int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
+***************
+*** 276,281 ****
+--- 280,286 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_RSA_strings(void);
+  
+  /* Error codes for the RSA functions. */
+  
+***************
+*** 317,322 ****
+--- 322,328 ----
+  #define RSA_R_DATA_GREATER_THAN_MOD_LEN			 108
+  #define RSA_R_DATA_TOO_LARGE				 109
+  #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
++ #define RSA_R_DATA_TOO_LARGE_FOR_MODULUS		 132
+  #define RSA_R_DATA_TOO_SMALL				 111
+  #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122
+  #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
+***************
+*** 343,346 ****
+  }
+  #endif
+  #endif
+- 
+--- 349,351 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_eay.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_eay.c
+*** crypto/openssl/crypto/rsa/rsa_eay.c	Wed Jul  4 19:19:36 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_eay.c	Thu Nov 28 03:06:23 2002
+***************
+*** 79,86 ****
+  static RSA_METHOD rsa_pkcs1_eay_meth={
+  	"Eric Young's PKCS#1 RSA",
+  	RSA_eay_public_encrypt,
+! 	RSA_eay_public_decrypt,
+! 	RSA_eay_private_encrypt,
+  	RSA_eay_private_decrypt,
+  	RSA_eay_mod_exp,
+  	BN_mod_exp_mont,
+--- 78,85 ----
+  static RSA_METHOD rsa_pkcs1_eay_meth={
+  	"Eric Young's PKCS#1 RSA",
+  	RSA_eay_public_encrypt,
+! 	RSA_eay_public_decrypt, /* signature verification */
+! 	RSA_eay_private_encrypt, /* signing */
+  	RSA_eay_private_decrypt,
+  	RSA_eay_mod_exp,
+  	BN_mod_exp_mont,
+***************
+*** 137,142 ****
+--- 136,148 ----
+  
+  	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
+  	
++ 	if (BN_ucmp(&f, rsa->n) >= 0)
++ 		{	
++ 		/* usually the padding functions would catch this */
++ 		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
++ 		goto err;
++ 		}
++ 
+  	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+  		{
+  		BN_MONT_CTX* bn_mont_ctx;
+***************
+*** 178,189 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL) 
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+  	}
+  
+  static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+  	     unsigned char *to, RSA *rsa, int padding)
+  	{
+--- 184,196 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL) 
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+  	}
+  
++ /* signing */
+  static int RSA_eay_private_encrypt(int flen, unsigned char *from,
+  	     unsigned char *to, RSA *rsa, int padding)
+  	{
+***************
+*** 219,224 ****
+--- 226,238 ----
+  	if (i <= 0) goto err;
+  
+  	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
++ 	
++ 	if (BN_ucmp(&f, rsa->n) >= 0)
++ 		{	
++ 		/* usually the padding functions would catch this */
++ 		RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
++ 		goto err;
++ 		}
+  
+  	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+  		RSA_blinding_on(rsa,ctx);
+***************
+*** 254,260 ****
+  	BN_clear_free(&f);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 268,274 ----
+  	BN_clear_free(&f);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 293,298 ****
+--- 307,318 ----
+  	/* make data into a big number */
+  	if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
+  
++ 	if (BN_ucmp(&f, rsa->n) >= 0)
++ 		{
++ 		RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
++ 		goto err;
++ 		}
++ 
+  	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+  		RSA_blinding_on(rsa,ctx);
+  	if (rsa->flags & RSA_FLAG_BLINDING)
+***************
+*** 347,358 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+  	}
+  
+  static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+  	     unsigned char *to, RSA *rsa, int padding)
+  	{
+--- 367,379 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+  	}
+  
++ /* signature verification */
+  static int RSA_eay_public_decrypt(int flen, unsigned char *from,
+  	     unsigned char *to, RSA *rsa, int padding)
+  	{
+***************
+*** 384,389 ****
+--- 405,417 ----
+  		}
+  
+  	if (BN_bin2bn(from,flen,&f) == NULL) goto err;
++ 
++ 	if (BN_ucmp(&f, rsa->n) >= 0)
++ 		{
++ 		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
++ 		goto err;
++ 		}
++ 
+  	/* do the decrypt */
+  	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+  		{
+***************
+*** 436,442 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 464,470 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 448,457 ****
+  	int ret=0;
+  	BN_CTX *ctx;
+  
+- 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+  	BN_init(&m1);
+  	BN_init(&r1);
+  	BN_init(&vrfy);
+  
+  	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
+  		{
+--- 476,485 ----
+  	int ret=0;
+  	BN_CTX *ctx;
+  
+  	BN_init(&m1);
+  	BN_init(&r1);
+  	BN_init(&vrfy);
++ 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+  
+  	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_err.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_err.c
+*** crypto/openssl/crypto/rsa/rsa_err.c	Sun Aug 20 04:46:40 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_err.c	Wed Jul 25 13:03:22 2001
+***************
+*** 106,111 ****
+--- 106,112 ----
+  {RSA_R_DATA_GREATER_THAN_MOD_LEN         ,"data greater than mod len"},
+  {RSA_R_DATA_TOO_LARGE                    ,"data too large"},
+  {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
++ {RSA_R_DATA_TOO_LARGE_FOR_MODULUS        ,"data too large for modulus"},
+  {RSA_R_DATA_TOO_SMALL                    ,"data too small"},
+  {RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE       ,"data too small for key size"},
+  {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY        ,"digest too big for rsa key"},
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_oaep.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_oaep.c
+*** crypto/openssl/crypto/rsa/rsa_oaep.c	Sun Nov 26 06:33:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_oaep.c	Mon Feb 11 12:44:30 2002
+***************
+*** 2,8 ****
+  /* Written by Ulf Moeller. This software is distributed on an "AS IS"
+     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
+  
+! /* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+  
+  #if !defined(NO_SHA) && !defined(NO_SHA1)
+  #include <stdio.h>
+--- 2,23 ----
+  /* Written by Ulf Moeller. This software is distributed on an "AS IS"
+     basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
+  
+! /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
+! 
+! /* See Victor Shoup, "OAEP reconsidered," Nov. 2000,
+!  * <URL: http://www.shoup.net/papers/oaep.ps.Z>
+!  * for problems with the security proof for the
+!  * original OAEP scheme, which EME-OAEP is based on.
+!  * 
+!  * A new proof can be found in E. Fujisaki, T. Okamoto,
+!  * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!",
+!  * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>.
+!  * The new proof has stronger requirements for the
+!  * underlying permutation: "partial-one-wayness" instead
+!  * of one-wayness.  For the RSA function, this is
+!  * an equivalent notion.
+!  */
+! 
+  
+  #if !defined(NO_SHA) && !defined(NO_SHA1)
+  #include <stdio.h>
+***************
+*** 12,163 ****
+  #include <openssl/sha.h>
+  #include <openssl/rand.h>
+  
+! int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen);
+  
+  int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+! 	     unsigned char *from, int flen, unsigned char *param, int plen)
+!     {
+!     int i, emlen = tlen - 1;
+!     unsigned char *db, *seed;
+!     unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
+! 
+!     if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
+  	{
+! 	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
+! 	       RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+! 	return (0);
+! 	}
+  
+!     if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
+! 	{
+! 	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
+! 	return (0);
+! 	}
+!     
+!     dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+!     if (dbmask == NULL)
+! 	{
+! 	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+! 	return (0);
+! 	}
+  
+!     to[0] = 0;
+!     seed = to + 1;
+!     db = to + SHA_DIGEST_LENGTH + 1;
+! 
+!     SHA1(param, plen, db);
+!     memset(db + SHA_DIGEST_LENGTH, 0,
+! 	   emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
+!     db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
+!     memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
+!     if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
+!     	return (0);
+  #ifdef PKCS_TESTVECT
+!     memcpy(seed,
+  	   "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
+  	   20);
+  #endif
+  
+!     MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+!     for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
+! 	db[i] ^= dbmask[i];
+! 
+!     MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+!     for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+! 	seed[i] ^= seedmask[i];
+! 
+!     OPENSSL_free(dbmask);
+!     return (1);
+!     }
+  
+  int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+  	     unsigned char *from, int flen, int num, unsigned char *param,
+  	     int plen)
+-     {
+-     int i, dblen, mlen = -1;
+-     unsigned char *maskeddb;
+-     int lzero;
+-     unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
+- 
+-     if (--num < 2 * SHA_DIGEST_LENGTH + 1)
+  	{
+! 	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+! 	return (-1);
+! 	}
+  
+!     dblen = num - SHA_DIGEST_LENGTH;
+!     db = OPENSSL_malloc(dblen);
+!     if (db == NULL)
+! 	{
+! 	RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+! 	return (-1);
+! 	}
+  
+!     lzero = num - flen;
+!     maskeddb = from - lzero + SHA_DIGEST_LENGTH;
+!     
+!     MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+!     for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
+! 	seed[i] ^= from[i - lzero];
+!   
+!     MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+!     for (i = 0; i < dblen; i++)
+! 	db[i] ^= maskeddb[i];
+  
+!     SHA1(param, plen, phash);
+  
+!     if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
+! 	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+!     else
+! 	{
+! 	for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
+! 	    if (db[i] != 0x00)
+! 		break;
+! 	if (db[i] != 0x01 || i++ >= dblen)
+! 	    RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
+! 		   RSA_R_OAEP_DECODING_ERROR);
+  	else
+! 	    {
+! 	    mlen = dblen - i;
+! 	    if (tlen < mlen)
+! 		{
+! 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+! 		mlen = -1;
+! 		}
+! 	    else
+! 		memcpy(to, db + i, mlen);
+! 	    }
+  	}
+-     OPENSSL_free(db);
+-     return (mlen);
+-     }
+  
+  int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
+-     {
+-     long i, outlen = 0;
+-     unsigned char cnt[4];
+-     SHA_CTX c;
+-     unsigned char md[SHA_DIGEST_LENGTH];
+- 
+-     for (i = 0; outlen < len; i++)
+  	{
+! 	cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
+! 	  cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
+! 	SHA1_Init(&c);
+! 	SHA1_Update(&c, seed, seedlen);
+! 	SHA1_Update(&c, cnt, 4);
+! 	if (outlen + SHA_DIGEST_LENGTH <= len)
+! 	    {
+! 	    SHA1_Final(mask + outlen, &c);
+! 	    outlen += SHA_DIGEST_LENGTH;
+! 	    }
+! 	else
+! 	    {
+! 	    SHA1_Final(md, &c);
+! 	    memcpy(mask + outlen, md, len - outlen);
+! 	    outlen = len;
+! 	    }
+  	}
+-     return (0);
+-     }
+  #endif
+--- 27,202 ----
+  #include <openssl/sha.h>
+  #include <openssl/rand.h>
+  
+! int MGF1(unsigned char *mask, long len,
+! 	unsigned char *seed, long seedlen);
+  
+  int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
+! 	unsigned char *from, int flen,
+! 	unsigned char *param, int plen)
+  	{
+! 	int i, emlen = tlen - 1;
+! 	unsigned char *db, *seed;
+! 	unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
+  
+! 	if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
+! 		{
+! 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
+! 		   RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+! 		return 0;
+! 		}
+  
+! 	if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
+! 		{
+! 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
+! 		return 0;
+! 		}
+! 
+! 	dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+! 	if (dbmask == NULL)
+! 		{
+! 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+! 		return 0;
+! 		}
+! 
+! 	to[0] = 0;
+! 	seed = to + 1;
+! 	db = to + SHA_DIGEST_LENGTH + 1;
+! 
+! 	SHA1(param, plen, db);
+! 	memset(db + SHA_DIGEST_LENGTH, 0,
+! 		emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
+! 	db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
+! 	memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
+! 	if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
+! 		return 0;
+  #ifdef PKCS_TESTVECT
+! 	memcpy(seed,
+  	   "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
+  	   20);
+  #endif
+  
+! 	MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+! 	for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
+! 		db[i] ^= dbmask[i];
+! 
+! 	MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+! 	for (i = 0; i < SHA_DIGEST_LENGTH; i++)
+! 		seed[i] ^= seedmask[i];
+! 
+! 	OPENSSL_free(dbmask);
+! 	return 1;
+! 	}
+  
+  int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
+  	     unsigned char *from, int flen, int num, unsigned char *param,
+  	     int plen)
+  	{
+! 	int i, dblen, mlen = -1;
+! 	unsigned char *maskeddb;
+! 	int lzero;
+! 	unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
+! 	int bad = 0;
+! 
+! 	if (--num < 2 * SHA_DIGEST_LENGTH + 1)
+! 		/* 'num' is the length of the modulus, i.e. does not depend on the
+! 		 * particular ciphertext. */
+! 		goto decoding_err;
+  
+! 	lzero = num - flen;
+! 	if (lzero < 0)
+! 		{
+! 		/* lzero == -1 */
+! 
+! 		/* signalling this error immediately after detection might allow
+! 		 * for side-channel attacks (e.g. timing if 'plen' is huge
+! 		 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
+! 		 * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001),
+! 		 * so we use a 'bad' flag */
+! 		bad = 1;
+! 		lzero = 0;
+! 		}
+! 	maskeddb = from - lzero + SHA_DIGEST_LENGTH;
+  
+! 	dblen = num - SHA_DIGEST_LENGTH;
+! 	db = OPENSSL_malloc(dblen);
+! 	if (db == NULL)
+! 		{
+! 		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+! 		return -1;
+! 		}
+  
+! 	MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+! 	for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
+! 		seed[i] ^= from[i - lzero];
+! 
+! 	MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+! 	for (i = 0; i < dblen; i++)
+! 		db[i] ^= maskeddb[i];
+  
+! 	SHA1(param, plen, phash);
+! 
+! 	if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
+! 		goto decoding_err;
+  	else
+! 		{
+! 		for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
+! 			if (db[i] != 0x00)
+! 				break;
+! 		if (db[i] != 0x01 || i++ >= dblen)
+! 			goto decoding_err;
+! 		else
+! 			{
+! 			/* everything looks OK */
+! 
+! 			mlen = dblen - i;
+! 			if (tlen < mlen)
+! 				{
+! 				RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
+! 				mlen = -1;
+! 				}
+! 			else
+! 				memcpy(to, db + i, mlen);
+! 			}
+! 		}
+! 	OPENSSL_free(db);
+! 	return mlen;
+! 
+! decoding_err:
+! 	/* to avoid chosen ciphertext attacks, the error message should not reveal
+! 	 * which kind of decoding error happened */
+! 	RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
+! 	if (db != NULL) OPENSSL_free(db);
+! 	return -1;
+  	}
+  
+  int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
+  	{
+! 	long i, outlen = 0;
+! 	unsigned char cnt[4];
+! 	SHA_CTX c;
+! 	unsigned char md[SHA_DIGEST_LENGTH];
+! 
+! 	for (i = 0; outlen < len; i++)
+! 		{
+! 		cnt[0] = (unsigned char)((i >> 24) & 255);
+! 		cnt[1] = (unsigned char)((i >> 16) & 255);
+! 		cnt[2] = (unsigned char)((i >> 8)) & 255;
+! 		cnt[3] = (unsigned char)(i & 255);
+! 		SHA1_Init(&c);
+! 		SHA1_Update(&c, seed, seedlen);
+! 		SHA1_Update(&c, cnt, 4);
+! 		if (outlen + SHA_DIGEST_LENGTH <= len)
+! 			{
+! 			SHA1_Final(mask + outlen, &c);
+! 			outlen += SHA_DIGEST_LENGTH;
+! 			}
+! 		else
+! 			{
+! 			SHA1_Final(md, &c);
+! 			memcpy(mask + outlen, md, len - outlen);
+! 			outlen = len;
+! 			}
+! 		}
+! 	return 0;
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_oaep_test.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_oaep_test.c
+*** crypto/openssl/crypto/rsa/rsa_oaep_test.c	Sun Jan 16 00:14:56 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_oaep_test.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,309 ****
+- /* test vectors from p1ovect1.txt */
+- 
+- #include <stdio.h>
+- #include <string.h>
+- 
+- #include "openssl/e_os.h"
+- 
+- #include <openssl/crypto.h>
+- #include <openssl/err.h>
+- #ifdef NO_RSA
+- int main(int argc, char *argv[])
+- {
+-     printf("No RSA support\n");
+-     return(0);
+- }
+- #else
+- #include <openssl/rsa.h>
+- 
+- #define SetKey \
+-   key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+-   key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
+-   key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
+-   key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
+-   key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
+-   key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
+-   key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
+-   key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
+-   memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
+-   return (sizeof(ctext_ex) - 1);
+- 
+- static int key1(RSA *key, unsigned char *c)
+-     {
+-     static unsigned char n[] =
+- "\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
+- "\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
+- "\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
+- "\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
+- "\xF5";
+- 
+-     static unsigned char e[] = "\x11";
+- 
+-     static unsigned char d[] =
+- "\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
+- "\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
+- "\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
+- "\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
+- 
+-     static unsigned char p[] =
+- "\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+- "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
+- "\x0D";
+-     
+-     static unsigned char q[] =
+- "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+- "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+- "\x89";
+- 
+-     static unsigned char dmp1[] =
+- "\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
+- "\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
+- 
+-     static unsigned char dmq1[] =
+- "\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
+- "\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
+- "\x51";
+- 
+-     static unsigned char iqmp[] =
+- "\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
+- "\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
+- 
+-     static unsigned char ctext_ex[] =
+- "\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
+- "\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
+- "\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
+- "\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
+- 
+-     SetKey;
+-     }
+- 
+- static int key2(RSA *key, unsigned char *c)
+-     {
+-     static unsigned char n[] =
+- "\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
+- "\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
+- "\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
+- "\x34\x77\xCF";
+- 
+-     static unsigned char e[] = "\x3";
+- 
+-     static unsigned char d[] =
+- "\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
+- "\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
+- "\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
+- "\xE5\xEB";
+- 
+-     static unsigned char p[] =
+- "\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
+- "\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
+- 
+-     static unsigned char q[] =
+- "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+- "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
+-     
+-     static unsigned char dmp1[] =
+- "\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
+- "\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
+- 
+-     static unsigned char dmq1[] =
+- "\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
+- "\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
+- 
+-     static unsigned char iqmp[] =
+- "\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
+- "\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
+- 
+-     static unsigned char ctext_ex[] =
+- "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
+- "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
+- "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
+- "\x62\x51";
+- 
+-     SetKey;
+-     }
+- 
+- static int key3(RSA *key, unsigned char *c)
+-     {
+-     static unsigned char n[] =
+- "\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
+- "\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
+- "\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
+- "\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
+- "\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
+- "\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
+- "\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
+- "\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
+- "\xCB";
+- 
+-     static unsigned char e[] = "\x11";
+- 
+-     static unsigned char d[] =
+- "\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
+- "\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
+- "\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
+- "\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
+- "\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
+- "\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
+- "\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
+- "\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
+- "\xC1";
+- 
+-     static unsigned char p[] =
+- "\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
+- "\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
+- "\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
+- "\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
+- "\x99";
+- 
+-     static unsigned char q[] =
+- "\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
+- "\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
+- "\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
+- "\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
+- "\x03";
+- 
+-     static unsigned char dmp1[] =
+- "\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
+- "\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
+- "\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
+- "\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
+- 
+-     static unsigned char dmq1[] =
+- "\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
+- "\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
+- "\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
+- "\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
+-     
+-     static unsigned char iqmp[] =
+- "\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
+- "\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
+- "\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
+- "\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
+- "\xF7";
+- 
+-     static unsigned char ctext_ex[] =
+- "\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
+- "\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
+- "\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
+- "\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
+- "\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
+- "\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
+- "\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
+- "\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
+- 
+-     SetKey;
+-     }
+- 
+- static int pad_unknown(void)
+- {
+-     unsigned long l;
+-     while ((l = ERR_get_error()) != 0)
+-       if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
+- 	return(1);
+-     return(0);
+- }
+- 
+- int main() 
+-     {
+-     int err=0;
+-     int v;
+-     RSA *key;
+-     unsigned char ptext[256];
+-     unsigned char ctext[256];
+-     static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
+-     unsigned char ctext_ex[256];
+-     int plen;
+-     int clen = 0;
+-     int num;
+- 
+-     CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+- 	
+-     plen = sizeof(ptext_ex) - 1;
+- 
+-     for (v = 0; v < 3; v++)
+- 	{
+- 	key = RSA_new();
+- 	switch (v) {
+-     case 0:
+- 	clen = key1(key, ctext_ex);
+- 	break;
+-     case 1:
+- 	clen = key2(key, ctext_ex);
+- 	break;
+-     case 2:
+- 	clen = key3(key, ctext_ex);
+- 	break;
+- 	}
+- 
+- 	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+- 				 RSA_PKCS1_PADDING);
+- 	if (num != clen)
+- 	    {
+- 	    printf("PKCS#1 v1.5 encryption failed!\n");
+- 	    err=1;
+- 	    goto oaep;
+- 	    }
+-   
+- 	num = RSA_private_decrypt(num, ctext, ptext, key,
+- 				  RSA_PKCS1_PADDING);
+- 	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+- 	    {
+- 	    printf("PKCS#1 v1.5 decryption failed!\n");
+- 	    err=1;
+- 	    }
+- 	else
+- 	    printf("PKCS #1 v1.5 encryption/decryption ok\n");
+- 
+-     oaep:
+- 	ERR_clear_error();
+- 	num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
+- 				 RSA_PKCS1_OAEP_PADDING);
+- 	if (num == -1 && pad_unknown())
+- 	    {
+- 	    printf("No OAEP support\n");
+- 	    goto next;
+- 	    }
+- 	if (num != clen)
+- 	    {
+- 	    printf("OAEP encryption failed!\n");
+- 	    err=1;
+- 	    goto next;
+- 	    }
+-   
+- 	num = RSA_private_decrypt(num, ctext, ptext, key,
+- 				  RSA_PKCS1_OAEP_PADDING);
+- 	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+- 	    {
+- 	    printf("OAEP decryption (encrypted data) failed!\n");
+- 	    err=1;
+- 	    }
+- 	else if (memcmp(ctext, ctext_ex, num) == 0)
+- 	    {
+- 	    printf("OAEP test vector %d passed!\n", v);
+- 	    goto next;
+- 	    }
+-     
+- 	/* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
+- 	   Try decrypting ctext_ex */
+- 
+- 	num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
+- 				  RSA_PKCS1_OAEP_PADDING);
+- 
+- 	if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
+- 	    {
+- 	    printf("OAEP decryption (test vector data) failed!\n");
+- 	    err=1;
+- 	    }
+- 	else
+- 	    printf("OAEP encryption/decryption ok\n");
+-     next:
+- 	RSA_free(key);
+- 	}
+- 
+-     ERR_remove_state(0);
+- 
+-     CRYPTO_mem_leaks_fp(stdout);
+- 
+-     return err;
+-     }
+- #endif
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_pk1.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_pk1.c
+*** crypto/openssl/crypto/rsa/rsa_pk1.c	Sun Aug 20 04:46:40 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_pk1.c	Tue Nov 26 06:14:38 2002
+***************
+*** 68,74 ****
+  	int j;
+  	unsigned char *p;
+  
+! 	if (flen > (tlen-11))
+  		{
+  		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+  		return(0);
+--- 68,74 ----
+  	int j;
+  	unsigned char *p;
+  
+! 	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+  		return(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_saos.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_saos.c
+*** crypto/openssl/crypto/rsa/rsa_saos.c	Sun Nov 26 06:33:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_saos.c	Thu Nov 28 03:06:23 2002
+***************
+*** 76,82 ****
+  
+  	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
+  	j=RSA_size(rsa);
+! 	if ((i-RSA_PKCS1_PADDING) > j)
+  		{
+  		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+--- 76,82 ----
+  
+  	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
+  	j=RSA_size(rsa);
+! 	if (i > (j-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+***************
+*** 95,101 ****
+  	else
+  		*siglen=i;
+  
+! 	memset(s,0,(unsigned int)j+1);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 95,101 ----
+  	else
+  		*siglen=i;
+  
+! 	OPENSSL_cleanse(s,(unsigned int)j+1);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+***************
+*** 137,143 ****
+  		ret=1;
+  err:
+  	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
+! 	memset(s,0,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 137,143 ----
+  		ret=1;
+  err:
+  	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
+! 	OPENSSL_cleanse(s,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_sign.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_sign.c
+*** crypto/openssl/crypto/rsa/rsa_sign.c	Sun Nov 26 06:33:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_sign.c	Thu Nov 28 03:06:23 2002
+***************
+*** 109,115 ****
+  		i=i2d_X509_SIG(&sig,NULL);
+  	}
+  	j=RSA_size(rsa);
+! 	if ((i-RSA_PKCS1_PADDING) > j)
+  		{
+  		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+--- 109,115 ----
+  		i=i2d_X509_SIG(&sig,NULL);
+  	}
+  	j=RSA_size(rsa);
+! 	if (i > (j-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+***************
+*** 131,137 ****
+  		*siglen=i;
+  
+  	if(type != NID_md5_sha1) {
+! 		memset(s,0,(unsigned int)j+1);
+  		OPENSSL_free(s);
+  	}
+  	return(ret);
+--- 131,137 ----
+  		*siglen=i;
+  
+  	if(type != NID_md5_sha1) {
+! 		OPENSSL_cleanse(s,(unsigned int)j+1);
+  		OPENSSL_free(s);
+  	}
+  	return(ret);
+***************
+*** 214,220 ****
+  	}
+  err:
+  	if (sig != NULL) X509_SIG_free(sig);
+! 	memset(s,0,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 214,220 ----
+  	}
+  err:
+  	if (sig != NULL) X509_SIG_free(sig);
+! 	OPENSSL_cleanse(s,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/sha/Makefile.save
+*** crypto/openssl/crypto/sha/Makefile.save	Sun Nov 26 06:33:55 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,112 ****
+- #
+- # SSLeay/crypto/sha/Makefile
+- #
+- 
+- DIR=    sha
+- TOP=    ../..
+- CC=     cc
+- CPP=    $(CC) -E
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=           make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=       Makefile.ssl
+- AR=             ar r
+- 
+- SHA1_ASM_OBJ=
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=shatest.c sha1test.c
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+- LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA1_ASM_OBJ)
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= sha.h
+- HEADER= sha_locl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:    lib
+- 
+- lib:    $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- # elf
+- asm/sx86-elf.o: asm/sx86unix.cpp
+- 	$(CPP) -DELF -x c asm/sx86unix.cpp | as -o asm/sx86-elf.o
+- 
+- # solaris
+- asm/sx86-sol.o: asm/sx86unix.cpp
+- 	$(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
+- 	as -o asm/sx86-sol.o asm/sx86-sol.s
+- 	rm -f asm/sx86-sol.s
+- 
+- # a.out
+- asm/sx86-out.o: asm/sx86unix.cpp
+- 	$(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+- 
+- # bsdi
+- asm/sx86bsdi.o: asm/sx86unix.cpp
+- 	$(CPP) -DBSDI asm/sx86unix.cpp | sed 's/ :/:/' | as -o asm/sx86bsdi.o
+- 
+- asm/sx86unix.cpp: asm/sha1-586.pl ../perlasm/x86asm.pl
+- 	(cd asm; $(PERL) sha1-586.pl cpp $(PROCESSOR) >sx86unix.cpp)
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- sha1_one.o: ../../include/openssl/sha.h
+- sha1dgst.o: ../../include/openssl/opensslconf.h
+- sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+- sha1dgst.o: ../md32_common.h sha_locl.h
+- sha_dgst.o: ../../include/openssl/opensslconf.h
+- sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+- sha_dgst.o: ../md32_common.h sha_locl.h
+- sha_one.o: ../../include/openssl/sha.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/sha/Makefile.ssl
+*** crypto/openssl/crypto/sha/Makefile.ssl	Wed Jul  4 19:19:36 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/Makefile.ssl	Thu Dec  5 16:50:40 2002
+***************
+*** 92,98 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 92,98 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 103,113 ****
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! sha1_one.o: ../../include/openssl/sha.h
+  sha1dgst.o: ../../include/openssl/opensslconf.h
+  sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha1dgst.o: ../md32_common.h sha_locl.h
+  sha_dgst.o: ../../include/openssl/opensslconf.h
+  sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha_dgst.o: ../md32_common.h sha_locl.h
+! sha_one.o: ../../include/openssl/sha.h
+--- 103,117 ----
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  sha1dgst.o: ../../include/openssl/opensslconf.h
+  sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha1dgst.o: ../md32_common.h sha_locl.h
+  sha_dgst.o: ../../include/openssl/opensslconf.h
+  sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha_dgst.o: ../md32_common.h sha_locl.h
+! sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/Makefile.uni ../RELENG_4_6/crypto/openssl/crypto/sha/Makefile.uni
+*** crypto/openssl/crypto/sha/Makefile.uni	Mon Jan 10 01:21:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/Makefile.uni	Wed Dec 31 19:00:00 1969
+***************
+*** 1,122 ****
+- # Targets
+- # make          - twidle the options yourself :-)
+- # make cc       - standard cc options
+- # make gcc      - standard gcc options
+- # make x86-elf  - linux-elf etc
+- # make x86-out  - linux-a.out, FreeBSD etc
+- # make x86-solaris
+- # make x86-bdsi
+- 
+- DIR=    sha
+- TOP=    .
+- CC=     gcc
+- CFLAG=	-O3 -fomit-frame-pointer
+- 
+- CPP=    $(CC) -E
+- INCLUDES=
+- INSTALLTOP=/usr/local/lib
+- MAKE=           make
+- MAKEDEPEND=     makedepend
+- MAKEFILE=       Makefile.uni
+- AR=             ar r
+- 
+- SHA_ASM_OBJ=
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- 
+- TEST1=shatest
+- TEST2=sha1test
+- APP1=sha
+- APP2=sha1
+- 
+- TEST=$(TEST1) $(TEST2)
+- APPS=$(APP1) $(APP2)
+- 
+- LIB=libsha.a
+- LIBSRC=sha_dgst.c sha1dgst.c sha_one.c sha1_one.c
+- LIBOBJ=sha_dgst.o sha1dgst.o sha_one.o sha1_one.o $(SHA_ASM_OBJ)
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= sha.h
+- HEADER= sha_locl.h $(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- all:    $(LIB) $(TEST) $(APPS)
+- 
+- $(LIB): $(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 
+- # elf
+- asm/sx86-elf.o: asm/sx86unix.cpp
+- 	$(CPP) -DELF asm/sx86unix.cpp | as -o asm/sx86-elf.o
+- 
+- # solaris
+- asm/sx86-sol.o: asm/sx86unix.cpp
+- 	$(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
+- 	as -o asm/sx86-sol.o asm/sx86-sol.s
+- 	rm -f asm/sx86-sol.s
+- 
+- # a.out
+- asm/sx86-out.o: asm/sx86unix.cpp
+- 	$(CPP) -DOUT asm/sx86unix.cpp | as -o asm/sx86-out.o
+- 
+- # bsdi
+- asm/sx86bsdi.o: asm/sx86unix.cpp
+- 	$(CPP) -DBSDI asm/sx86unix.cpp | as -o asm/sx86bsdi.o
+- 
+- asm/sx86unix.cpp:
+- 	(cd asm; perl sha1-586.pl cpp >sx86unix.cpp)
+- 
+- test:	$(TEST)
+- 	./$(TEST1)
+- 	./$(TEST2)
+- 
+- $(TEST1): $(TEST1).c $(LIB)
+- 	$(CC) -o $(TEST1) $(CFLAGS) $(TEST1).c $(LIB)
+- 
+- $(TEST2): $(TEST2).c $(LIB)
+- 	$(CC) -o $(TEST2) $(CFLAGS) $(TEST2).c $(LIB)
+- 
+- $(APP1): $(APP1).c $(LIB)
+- 	$(CC) -o $(APP1) $(CFLAGS) $(APP1).c $(LIB)
+- 
+- $(APP2): $(APP2).c $(LIB)
+- 	$(CC) -o $(APP2) $(CFLAGS) $(APP2).c $(LIB)
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	/bin/rm -f $(LIB) $(TEST) $(APPS) *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- cc:
+- 	$(MAKE) SHA_ASM_OBJ="" CC="cc" CFLAG="-O" all
+- 
+- gcc:
+- 	$(MAKE) SHA_ASM_OBJ="" CC="gcc" CFLAGS="-O3 -fomit-frame-pointer" all
+- 
+- x86-elf:
+- 	$(MAKE) SHA_ASM_OBJ="asm/sx86-elf.o" CFLAG="-DELF -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- x86-out:
+- 	$(MAKE) SHA_ASM_OBJ="asm/sx86-out.o" CFLAG="-DOUT -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- x86-solaris:
+- 	$(MAKE) SHA_ASM_OBJ="asm/sx86-sol.o" CFLAG="-DSOL -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- x86-bdsi:
+- 	$(MAKE) SHA_ASM_OBJ="asm/sx86-bdsi.o" CFLAG="-DBDSI -DSHA1_ASM -DL_ENDIAN $(CFLAGS)" all
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1_one.c ../RELENG_4_6/crypto/openssl/crypto/sha/sha1_one.c
+*** crypto/openssl/crypto/sha/sha1_one.c	Mon Jan 10 01:21:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/sha1_one.c	Wed Dec  4 18:08:08 2002
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/sha.h>
++ #include <openssl/crypto.h>
+  
+  #ifndef NO_SHA1
+  unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
+***************
+*** 70,76 ****
+  	SHA1_Init(&c);
+  	SHA1_Update(&c,d,n);
+  	SHA1_Final(md,&c);
+! 	memset(&c,0,sizeof(c));
+  	return(md);
+  	}
+  #endif
+--- 71,77 ----
+  	SHA1_Init(&c);
+  	SHA1_Update(&c,d,n);
+  	SHA1_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));
+  	return(md);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1test.c ../RELENG_4_6/crypto/openssl/crypto/sha/sha1test.c
+*** crypto/openssl/crypto/sha/sha1test.c	Sun Aug 20 04:46:45 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/sha1test.c	Thu Nov 28 13:56:09 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_SHA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 152,158 ****
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 154,160 ----
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha_locl.h ../RELENG_4_6/crypto/openssl/crypto/sha/sha_locl.h
+*** crypto/openssl/crypto/sha/sha_locl.h	Sun Aug 20 04:46:45 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/sha_locl.h	Sat Oct 13 20:58:32 2001
+***************
+*** 115,121 ****
+  # endif
+  
+  # ifdef SHA1_ASM
+! #  if defined(__i386) || defined(_M_IX86) || defined(__INTEL__)
+  #   define sha1_block_host_order		sha1_block_asm_host_order
+  #   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+  #   define sha1_block_data_order		sha1_block_asm_data_order
+--- 115,121 ----
+  # endif
+  
+  # ifdef SHA1_ASM
+! #  if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__)
+  #   define sha1_block_host_order		sha1_block_asm_host_order
+  #   define DONT_IMPLEMENT_BLOCK_HOST_ORDER
+  #   define sha1_block_data_order		sha1_block_asm_data_order
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha_one.c ../RELENG_4_6/crypto/openssl/crypto/sha/sha_one.c
+*** crypto/openssl/crypto/sha/sha_one.c	Mon Jan 10 01:21:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/sha_one.c	Wed Dec  4 18:08:08 2002
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/sha.h>
++ #include <openssl/crypto.h>
+  
+  #ifndef NO_SHA0
+  unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
+***************
+*** 70,76 ****
+  	SHA_Init(&c);
+  	SHA_Update(&c,d,n);
+  	SHA_Final(md,&c);
+! 	memset(&c,0,sizeof(c));
+  	return(md);
+  	}
+  #endif
+--- 71,77 ----
+  	SHA_Init(&c);
+  	SHA_Update(&c,d,n);
+  	SHA_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));
+  	return(md);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/shatest.c ../RELENG_4_6/crypto/openssl/crypto/sha/shatest.c
+*** crypto/openssl/crypto/sha/shatest.c	Sun Aug 20 04:46:45 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/shatest.c	Thu Nov 28 13:56:10 2002
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_SHA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 152,158 ****
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 154,160 ----
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/stack/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/stack/Makefile.save
+*** crypto/openssl/crypto/stack/Makefile.save	Sun Nov 26 06:33:56 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/stack/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,87 ****
+- #
+- # SSLeay/crypto/stack/Makefile
+- #
+- 
+- DIR=	stack
+- TOP=	../..
+- CC=	cc
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=stack.c
+- LIBOBJ=stack.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= stack.h safestack.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- stack.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- stack.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- stack.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- stack.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- stack.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- stack.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+- stack.o: ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/stack/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/stack/Makefile.ssl
+*** crypto/openssl/crypto/stack/Makefile.ssl	Wed Jul  4 19:19:37 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/stack/Makefile.ssl	Wed Oct  9 09:15:42 2002
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/threads/mttest.c ../RELENG_4_6/crypto/openssl/crypto/threads/mttest.c
+*** crypto/openssl/crypto/threads/mttest.c	Sun Nov 26 06:33:57 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/threads/mttest.c	Wed Dec  4 18:13:07 2002
+***************
+*** 77,82 ****
+--- 77,86 ----
+  #ifdef PTHREADS
+  #include <pthread.h>
+  #endif
++ #ifdef VXWORKS
++ #include <taskLib.h>
++ #include <semLib.h>
++ #endif
+  #include <openssl/lhash.h>
+  #include <openssl/crypto.h>
+  #include <openssl/buffer.h>
+***************
+*** 105,114 ****
+--- 109,120 ----
+  void solaris_locking_callback(int mode,int type,char *file,int line);
+  void win32_locking_callback(int mode,int type,char *file,int line);
+  void pthreads_locking_callback(int mode,int type,char *file,int line);
++ void vxworks_locking_callback(int mode,int type,char *file,int line);
+  
+  unsigned long irix_thread_id(void );
+  unsigned long solaris_thread_id(void );
+  unsigned long pthreads_thread_id(void );
++ unsigned long vxworks_thread_id(void );
+  
+  BIO *bio_err=NULL;
+  BIO *bio_stdout=NULL;
+***************
+*** 1097,1100 ****
+--- 1103,1221 ----
+  #endif /* PTHREADS */
+  
+  
++ #ifdef VXWORKS
++ 
++ #define DEFAULT_TASK_NAME               NULL
++ #define DEFAULT_TASK_PRIORITY           100
++ #define DEFAULT_TASK_OPTIONS            0
++ #define DEFAULT_TASK_STACK_BYTES        32768
++ 
++ static SEM_ID *lock_cs;
++ static long *lock_count;
++ 
++ extern int sysClkRateGet();
++ 
++ void thread_setup(void)
++ 	{
++ 	int i;
++ 
++ 	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(SEM_ID));
++ 	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
++ 	for (i=0; i<CRYPTO_num_locks(); i++)
++ 		{
++ 		lock_count[i]=0;
++ 		lock_cs[i] = semMCreate(SEM_Q_PRIORITY | SEM_INVERSION_SAFE);
++ 		}
++ 
++ 	CRYPTO_set_id_callback((unsigned long (*)())vxworks_thread_id);
++ 	CRYPTO_set_locking_callback((void (*)())vxworks_locking_callback);
++ 	}
++ 
++ void thread_cleanup(void)
++ 	{
++ 	int i;
++ 
++ 	CRYPTO_set_locking_callback(NULL);
++ 	fprintf(stderr,"cleanup\n");
++ 	for (i=0; i<CRYPTO_num_locks(); i++)
++ 		{
++ 		semDelete(lock_cs[i]);
++ 		fprintf(stderr,"%8ld:%s\n",lock_count[i],
++ 			CRYPTO_get_lock_name(i));
++ 		}
++ 	OPENSSL_free(lock_cs);
++ 	OPENSSL_free(lock_count);
++ 
++ 	fprintf(stderr,"done cleanup\n");
++ 	}
++ 
++ void vxworks_locking_callback(int mode, int type, char *file, int line)
++       {
++ #ifdef undef
++ 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
++ 		CRYPTO_thread_id(),
++ 		(mode&CRYPTO_LOCK)?"l":"u",
++ 		(type&CRYPTO_READ)?"r":"w",file,line);
++ #endif
++ /*
++ 	if (CRYPTO_LOCK_SSL_CERT == type)
++ 		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
++ 		CRYPTO_thread_id(),
++ 		mode,file,line);
++ */
++ 	if (mode & CRYPTO_LOCK)
++ 		{
++ 		semTake(lock_cs[type], WAIT_FOREVER);
++ 		lock_count[type]++;
++ 		}
++ 	else
++ 		{
++ 		semGive(lock_cs[type]);
++ 		}
++ 	}
++ 
++ 
++ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
++ 	{
++ 	SSL_CTX *ssl_ctx[2];
++ 	int thread_ctx[MAX_THREAD_NUMBER];
++ 	int i;
++ 
++ 	ssl_ctx[0]=s_ctx;
++ 	ssl_ctx[1]=c_ctx;
++ 
++ 	/*
++ 	thr_setconcurrency(thread_number);
++ 	*/
++ 	for (i=0; i<thread_number; i++)
++ 		{
++ 		thread_ctx[i] = taskSpawn(DEFAULT_TASK_NAME,
++ 				DEFAULT_TASK_PRIORITY,
++ 				DEFAULT_TASK_OPTIONS,
++ 				DEFAULT_TASK_STACK_BYTES,
++ 				(FUNCPTR)ndoit,
++ 				(int)ssl_ctx, 0, 0, 0, 0, 0, 0, 0, 0, 0);
++ 
++ 		printf("Spawned task %d (%x)\n", i, thread_ctx[i]);
++ 		}
++ 
++ 	printf("reaping\n");
++ 	for (i=0; i<thread_number; i++)
++ 		{
++ 		while(taskIdVerify(thread_ctx[i]) != ERROR)
++ 			{
++ 			taskDelay(sysClkRateGet()/10);
++ 			}
++ 		printf("Reaped task %d (%x)\n", i, thread_ctx[i]);
++ 		}
++ 
++ 	printf("vxworks threads done (%d,%d)\n",
++ 		s_ctx->references,c_ctx->references);
++ 	}
++ 
++ unsigned long vxworks_thread_id(void)
++ 	{
++ 	return((unsigned long)taskIdSelf());
++ 	}
+  
++ #endif /* VXWORKS */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/tmdiff.c ../RELENG_4_6/crypto/openssl/crypto/tmdiff.c
+*** crypto/openssl/crypto/tmdiff.c	Sun Nov 26 06:32:53 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/tmdiff.c	Wed Dec  4 18:12:51 2002
+***************
+*** 67,75 ****
+--- 67,77 ----
+  
+  #ifndef MSDOS
+  #  ifndef WIN32
++ #   ifndef VXWORKS
+  #    if !defined(VMS) || defined(__DECC)
+  #      define TIMES
+  #    endif
++ #   endif
+  #  endif
+  #endif
+  
+***************
+*** 95,101 ****
+  #include <sys/param.h>
+  #endif
+  
+! #ifndef TIMES
+  #include <sys/timeb.h>
+  #endif
+  
+--- 97,103 ----
+  #include <sys/param.h>
+  #endif
+  
+! #if !defined(TIMES) && !defined(VXWORKS)
+  #include <sys/timeb.h>
+  #endif
+  
+***************
+*** 103,108 ****
+--- 105,115 ----
+  #include <windows.h>
+  #endif
+  
++ #ifdef VXWORKS
++ #include <tickLib.h>
++ #include <drv/timer/timerDev.h>
++ #endif
++ 
+  /* The following if from times(3) man page.  It may need to be changed */
+  #ifndef HZ
+  # ifndef CLK_TCK
+***************
+*** 125,131 ****
+--- 132,142 ----
+  	HANDLE thread_id;
+  	FILETIME ms_win32;
+  #  else
++ #    ifdef VXWORKS
++           unsigned long ticks;
++ #    else
+  	struct timeb ms_timeb;
++ #    endif
+  #  endif
+  #endif
+  	} MS_TM;
+***************
+*** 163,169 ****
+--- 174,184 ----
+  #  ifdef WIN32
+  	GetThreadTimes(tm->thread_id,&tmpa,&tmpb,&tmpc,&(tm->ms_win32));
+  #  else
++ #    ifdef VXWORKS
++         tm->ticks = tickGet();
++ #    else
+  	ftime(&tm->ms_timeb);
++ #    endif
+  #  endif
+  #endif
+  	}
+***************
+*** 193,202 ****
+--- 208,221 ----
+  	ret=((double)(lb-la))/1e7;
+  	}
+  # else
++ #  ifdef VXWORKS
++         ret = (double)(b->ticks - a->ticks) / (double)sysClkRateGet();
++ #  else
+  	ret=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
+  		(((double)b->ms_timeb.millitm)-
+  		((double)a->ms_timeb.millitm))/1000.0;
+  #  endif
++ # endif
+  #endif
+  	return((ret < 0.0000001)?0.0000001:ret);
+  	}
+***************
+*** 214,222 ****
+--- 233,245 ----
+  	d =(b->ms_win32.dwHighDateTime&0x000fffff)*10+b->ms_win32.dwLowDateTime/1e7;
+  	d-=(a->ms_win32.dwHighDateTime&0x000fffff)*10+a->ms_win32.dwLowDateTime/1e7;
+  # else
++ #  ifdef VXWORKS
++         d = (b->ticks - a->ticks);
++ #  else
+  	d=	 (double)(b->ms_timeb.time-a->ms_timeb.time)+
+  		(((double)b->ms_timeb.millitm)-(double)a->ms_timeb.millitm)/1000.0;
+  #  endif
++ # endif
+  #endif
+  	if (d == 0.0)
+  		ret=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/txt_db/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/txt_db/Makefile.save
+*** crypto/openssl/crypto/txt_db/Makefile.save	Sun Aug 20 04:48:46 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/txt_db/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,87 ****
+- #
+- # SSLeay/crypto/txt_db/Makefile
+- #
+- 
+- DIR=	txt_db
+- TOP=	../..
+- CC=	cc
+- INCLUDES=
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=txt_db.c
+- LIBOBJ=txt_db.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= txt_db.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- txt_db.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+- txt_db.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+- txt_db.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- txt_db.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
+- txt_db.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+- txt_db.o: ../../include/openssl/stack.h ../../include/openssl/txt_db.h
+- txt_db.o: ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/txt_db/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/txt_db/Makefile.ssl
+*** crypto/openssl/crypto/txt_db/Makefile.ssl	Wed Jul  4 19:19:38 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/txt_db/Makefile.ssl	Wed Oct  9 09:15:47 2002
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/txt_db/txt_db.c ../RELENG_4_6/crypto/openssl/crypto/txt_db/txt_db.c
+*** crypto/openssl/crypto/txt_db/txt_db.c	Sun Nov 26 06:33:57 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/txt_db/txt_db.c	Thu May 30 12:48:57 2002
+***************
+*** 122,128 ****
+  		else
+  			{
+  			buf->data[offset-1]='\0'; /* blat the '\n' */
+! 			p=(char *)OPENSSL_malloc(add+offset);
+  			offset=0;
+  			}
+  		pp=(char **)p;
+--- 122,128 ----
+  		else
+  			{
+  			buf->data[offset-1]='\0'; /* blat the '\n' */
+! 			if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err;
+  			offset=0;
+  			}
+  		pp=(char **)p;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/uid.c ../RELENG_4_6/crypto/openssl/crypto/uid.c
+*** crypto/openssl/crypto/uid.c	Wed Jul  4 19:22:30 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/uid.c	Wed Dec  4 18:12:51 2002
+***************
+*** 64,70 ****
+  	return issetugid();
+  	}
+  
+! #elif defined(WIN32)
+  
+  int OPENSSL_issetugid(void)
+  	{
+--- 64,70 ----
+  	return issetugid();
+  	}
+  
+! #elif defined(WIN32) || defined(VXWORKS)
+  
+  int OPENSSL_issetugid(void)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/x509/Makefile.save
+*** crypto/openssl/crypto/x509/Makefile.save	Sun Aug 20 04:48:46 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,473 ****
+- #
+- # SSLeay/crypto/x509/Makefile
+- #
+- 
+- DIR=	x509
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile README
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=	x509_def.c x509_d2.c x509_r2x.c x509_cmp.c \
+- 	x509_obj.c x509_req.c x509spki.c x509_vfy.c \
+- 	x509_set.c x509rset.c x509_err.c \
+- 	x509name.c x509_v3.c x509_ext.c x509_att.c \
+- 	x509type.c x509_lu.c x_all.c x509_txt.c \
+- 	x509_trs.c by_file.c by_dir.c 
+- LIBOBJ= x509_def.o x509_d2.o x509_r2x.o x509_cmp.o \
+- 	x509_obj.o x509_req.o x509spki.o x509_vfy.o \
+- 	x509_set.o x509rset.o x509_err.o \
+- 	x509name.o x509_v3.o x509_ext.o x509_att.o \
+- 	x509type.o x509_lu.o x_all.o x509_txt.o \
+- 	x509_trs.o by_file.o by_dir.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= x509.h x509_vfy.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- by_dir.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- by_dir.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- by_dir.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- by_dir.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- by_dir.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- by_dir.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- by_dir.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- by_dir.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- by_dir.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- by_dir.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- by_dir.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- by_dir.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- by_dir.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- by_dir.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- by_dir.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- by_dir.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- by_dir.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- by_file.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- by_file.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- by_file.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- by_file.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- by_file.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- by_file.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- by_file.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- by_file.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- by_file.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- by_file.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- by_file.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- by_file.o: ../../include/openssl/pem.h ../../include/openssl/pem2.h
+- by_file.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- by_file.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- by_file.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- by_file.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- by_file.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- by_file.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x509_att.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_att.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_att.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_att.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_att.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_att.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_att.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- x509_cmp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_cmp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_cmp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_cmp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_cmp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_cmp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_cmp.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- x509_d2.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_d2.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_d2.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_d2.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509_d2.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509_d2.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509_d2.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509_d2.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- x509_d2.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_d2.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_d2.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_d2.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_d2.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_d2.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_d2.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_d2.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_d2.o: ../cryptlib.h
+- x509_def.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_def.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_def.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_def.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509_def.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509_def.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509_def.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509_def.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- x509_def.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_def.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_def.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_def.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_def.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_def.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_def.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_def.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_def.o: ../cryptlib.h
+- x509_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_err.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x509_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x509_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+- x509_err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509_err.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- x509_err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_ext.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_ext.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_ext.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_ext.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_ext.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- x509_lu.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_lu.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_lu.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_lu.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509_lu.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509_lu.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509_lu.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509_lu.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- x509_lu.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- x509_lu.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- x509_lu.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- x509_lu.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- x509_lu.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- x509_lu.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- x509_lu.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- x509_lu.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- x509_lu.o: ../../include/openssl/x509_vfy.h ../cryptlib.h
+- x509_obj.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_obj.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_obj.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_obj.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509_obj.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509_obj.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509_obj.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509_obj.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- x509_obj.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- x509_obj.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- x509_obj.o: ../../include/openssl/opensslconf.h
+- x509_obj.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_obj.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_obj.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_obj.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_obj.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_obj.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_obj.o: ../cryptlib.h
+- x509_r2x.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_r2x.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_r2x.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_r2x.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509_r2x.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509_r2x.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509_r2x.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509_r2x.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- x509_r2x.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_r2x.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_r2x.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_r2x.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_r2x.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_r2x.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_r2x.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_r2x.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_r2x.o: ../cryptlib.h
+- x509_req.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_req.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_req.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509_req.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- x509_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_req.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+- x509_req.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+- x509_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_req.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_req.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_req.o: ../cryptlib.h
+- x509_set.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_set.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_set.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_set.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509_set.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509_set.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509_set.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509_set.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- x509_set.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_set.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_set.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_set.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_set.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_set.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_set.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_set.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_set.o: ../cryptlib.h
+- x509_trs.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_trs.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_trs.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_trs.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_trs.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_trs.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_trs.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- x509_txt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_txt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_txt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_txt.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509_txt.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509_txt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509_txt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509_txt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- x509_txt.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- x509_txt.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- x509_txt.o: ../../include/openssl/opensslconf.h
+- x509_txt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_txt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_txt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_txt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_txt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_txt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_txt.o: ../cryptlib.h
+- x509_v3.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_v3.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_v3.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509_vfy.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509_vfy.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509_vfy.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509_vfy.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- x509name.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509name.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509name.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509name.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509name.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509name.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509name.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509name.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- x509name.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509name.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509name.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509name.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509name.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509name.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509name.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509name.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509name.o: ../cryptlib.h
+- x509rset.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509rset.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509rset.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509rset.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509rset.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509rset.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509rset.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509rset.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- x509rset.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509rset.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509rset.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509rset.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509rset.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509rset.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509rset.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509rset.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509rset.o: ../cryptlib.h
+- x509spki.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- x509spki.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- x509spki.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- x509spki.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h
+- x509spki.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- x509spki.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- x509spki.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- x509spki.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- x509spki.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- x509spki.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- x509spki.o: ../../include/openssl/opensslconf.h
+- x509spki.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509spki.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509spki.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509spki.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509spki.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509spki.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509spki.o: ../cryptlib.h
+- x509type.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x509type.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x509type.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x509type.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x509type.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x509type.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x509type.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x509type.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- x509type.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x509type.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x509type.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x509type.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x509type.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x509type.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x509type.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x509type.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x509type.o: ../cryptlib.h
+- x_all.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- x_all.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- x_all.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- x_all.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- x_all.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- x_all.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- x_all.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- x_all.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
+- x_all.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- x_all.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- x_all.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- x_all.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- x_all.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- x_all.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- x_all.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- x_all.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- x_all.o: ../cryptlib.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/x509/Makefile.ssl
+*** crypto/openssl/crypto/x509/Makefile.ssl	Wed Jul  4 19:19:39 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/Makefile.ssl	Wed Oct  9 09:15:50 2002
+***************
+*** 78,84 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 78,84 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 134,146 ****
+  x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_att.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! x509_att.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! x509_att.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! x509_att.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! x509_att.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! x509_att.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! x509_att.o: ../../include/openssl/opensslconf.h
+  x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+--- 134,145 ----
+  x509_att.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_att.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_att.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_att.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! x509_att.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! x509_att.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! x509_att.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! x509_att.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! x509_att.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  x509_att.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  x509_att.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  x509_att.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+***************
+*** 155,167 ****
+  x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_cmp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! x509_cmp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! x509_cmp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! x509_cmp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! x509_cmp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! x509_cmp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! x509_cmp.o: ../../include/openssl/opensslconf.h
+  x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+--- 154,165 ----
+  x509_cmp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_cmp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_cmp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_cmp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! x509_cmp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! x509_cmp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! x509_cmp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! x509_cmp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! x509_cmp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  x509_cmp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  x509_cmp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  x509_cmp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+***************
+*** 232,244 ****
+  x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! x509_ext.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! x509_ext.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! x509_ext.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! x509_ext.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! x509_ext.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! x509_ext.o: ../../include/openssl/opensslconf.h
+  x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+--- 230,241 ----
+  x509_ext.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_ext.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_ext.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! x509_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! x509_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! x509_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! x509_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! x509_ext.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  x509_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  x509_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  x509_ext.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+***************
+*** 349,361 ****
+  x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_trs.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! x509_trs.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! x509_trs.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! x509_trs.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! x509_trs.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! x509_trs.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! x509_trs.o: ../../include/openssl/opensslconf.h
+  x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+--- 346,357 ----
+  x509_trs.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_trs.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_trs.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_trs.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! x509_trs.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! x509_trs.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! x509_trs.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! x509_trs.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! x509_trs.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  x509_trs.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  x509_trs.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  x509_trs.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+***************
+*** 389,421 ****
+  x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_v3.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! x509_v3.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! x509_v3.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! x509_v3.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! x509_v3.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! x509_v3.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! x509_v3.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! x509_v3.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! x509_v3.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! x509_v3.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! x509_v3.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! x509_v3.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! x509_v3.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! x509_v3.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_vfy.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! x509_vfy.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! x509_vfy.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! x509_vfy.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! x509_vfy.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! x509_vfy.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! x509_vfy.o: ../../include/openssl/opensslconf.h
+  x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+--- 385,416 ----
+  x509_v3.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_v3.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_v3.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_v3.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! x509_v3.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! x509_v3.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! x509_v3.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! x509_v3.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! x509_v3.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! x509_v3.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! x509_v3.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! x509_v3.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! x509_v3.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! x509_v3.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! x509_v3.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! x509_v3.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! x509_v3.o: ../cryptlib.h
+  x509_vfy.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  x509_vfy.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  x509_vfy.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  x509_vfy.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  x509_vfy.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  x509_vfy.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! x509_vfy.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! x509_vfy.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! x509_vfy.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! x509_vfy.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! x509_vfy.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! x509_vfy.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  x509_vfy.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  x509_vfy.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  x509_vfy.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/by_file.c ../RELENG_4_6/crypto/openssl/crypto/x509/by_file.c
+*** crypto/openssl/crypto/x509/by_file.c	Sun Aug 20 04:46:47 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/by_file.c	Wed Dec  4 20:20:53 2002
+***************
+*** 100,116 ****
+  	case X509_L_FILE_LOAD:
+  		if (argl == X509_FILETYPE_DEFAULT)
+  			{
+! 			ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+! 				X509_FILETYPE_PEM) != 0);
+  			if (!ok)
+  				{
+  				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+- 				}
+- 			else
+- 				{
+- 				file=(char *)Getenv(X509_get_default_cert_file_env());
+- 				ok = (X509_load_cert_crl_file(ctx,file,
+- 					X509_FILETYPE_PEM) != 0);
+  				}
+  			}
+  		else
+--- 100,117 ----
+  	case X509_L_FILE_LOAD:
+  		if (argl == X509_FILETYPE_DEFAULT)
+  			{
+! 			file = (char *)Getenv(X509_get_default_cert_file_env());
+! 			if (file)
+! 				ok = (X509_load_cert_crl_file(ctx,file,
+! 					      X509_FILETYPE_PEM) != 0);
+! 
+! 			if (!ok)
+! 				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+! 					      X509_FILETYPE_PEM) != 0);
+! 
+  			if (!ok)
+  				{
+  				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+  				}
+  			}
+  		else
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509.h ../RELENG_4_6/crypto/openssl/crypto/x509/x509.h
+*** crypto/openssl/crypto/x509/x509.h	Sun Nov 26 06:33:58 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/x509.h	Mon Dec 17 14:24:26 2001
+***************
+*** 810,816 ****
+  
+  X509_REQ *	X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md);
+  X509 *		X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey);
+- void ERR_load_X509_strings(void );
+  
+  X509_ALGOR *	X509_ALGOR_new(void );
+  void		X509_ALGOR_free(X509_ALGOR *a);
+--- 810,815 ----
+***************
+*** 1220,1225 ****
+--- 1219,1225 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_X509_strings(void);
+  
+  /* Error codes for the X509 functions. */
+  
+***************
+*** 1291,1294 ****
+  }
+  #endif
+  #endif
+- 
+--- 1291,1293 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_cmp.c ../RELENG_4_6/crypto/openssl/crypto/x509/x509_cmp.c
+*** crypto/openssl/crypto/x509/x509_cmp.c	Wed Jul  4 19:19:39 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/x509_cmp.c	Tue Nov 12 19:44:47 2002
+***************
+*** 57,62 ****
+--- 57,63 ----
+   */
+  
+  #include <stdio.h>
++ #include <ctype.h>
+  #include "cryptlib.h"
+  #include <openssl/asn1.h>
+  #include <openssl/objects.h>
+***************
+*** 157,162 ****
+--- 158,256 ----
+  }
+  #endif
+  
++ 
++ /* Case insensitive string comparision */
++ static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
++ {
++ 	int i;
++ 
++ 	if (a->length != b->length)
++ 		return (a->length - b->length);
++ 
++ 	for (i=0; i<a->length; i++)
++ 	{
++ 		int ca, cb;
++ 
++ 		ca = tolower(a->data[i]);
++ 		cb = tolower(b->data[i]);
++ 
++ 		if (ca != cb)
++ 			return(ca-cb);
++ 	}
++ 	return 0;
++ }
++ 
++ /* Case insensitive string comparision with space normalization 
++  * Space normalization - ignore leading, trailing spaces, 
++  *       multiple spaces between characters are replaced by single space  
++  */
++ static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
++ {
++ 	unsigned char *pa = NULL, *pb = NULL;
++ 	int la, lb;
++ 	
++ 	la = a->length;
++ 	lb = b->length;
++ 	pa = a->data;
++ 	pb = b->data;
++ 
++ 	/* skip leading spaces */
++ 	while (la > 0 && isspace(*pa))
++ 	{
++ 		la--;
++ 		pa++;
++ 	}
++ 	while (lb > 0 && isspace(*pb))
++ 	{
++ 		lb--;
++ 		pb++;
++ 	}
++ 
++ 	/* skip trailing spaces */
++ 	while (la > 0 && isspace(pa[la-1]))
++ 		la--;
++ 	while (lb > 0 && isspace(pb[lb-1]))
++ 		lb--;
++ 
++ 	/* compare strings with space normalization */
++ 	while (la > 0 && lb > 0)
++ 	{
++ 		int ca, cb;
++ 
++ 		/* compare character */
++ 		ca = tolower(*pa);
++ 		cb = tolower(*pb);
++ 		if (ca != cb)
++ 			return (ca - cb);
++ 
++ 		pa++; pb++;
++ 		la--; lb--;
++ 
++ 		if (la <= 0 || lb <= 0)
++ 			break;
++ 
++ 		/* is white space next character ? */
++ 		if (isspace(*pa) && isspace(*pb))
++ 		{
++ 			/* skip remaining white spaces */
++ 			while (la > 0 && isspace(*pa))
++ 			{
++ 				la--;
++ 				pa++;
++ 			}
++ 			while (lb > 0 && isspace(*pb))
++ 			{
++ 				lb--;
++ 				pb++;
++ 			}
++ 		}
++ 	}
++ 	if (la > 0 || lb > 0)
++ 		return la - lb;
++ 
++ 	return 0;
++ }
++ 
+  int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+  	{
+  	int i,j;
+***************
+*** 170,179 ****
+  		{
+  		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+  		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+! 		j=na->value->length-nb->value->length;
+  		if (j) return(j);
+! 		j=memcmp(na->value->data,nb->value->data,
+! 			na->value->length);
+  		if (j) return(j);
+  		j=na->set-nb->set;
+  		if (j) return(j);
+--- 264,283 ----
+  		{
+  		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+  		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+! 		j=na->value->type-nb->value->type;
+  		if (j) return(j);
+! 		if (na->value->type == V_ASN1_PRINTABLESTRING)
+! 			j=nocase_spacenorm_cmp(na->value, nb->value);
+! 		else if (na->value->type == V_ASN1_IA5STRING
+! 			&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+! 			j=nocase_cmp(na->value, nb->value);
+! 		else
+! 			{
+! 			j=na->value->length-nb->value->length;
+! 			if (j) return(j);
+! 			j=memcmp(na->value->data,nb->value->data,
+! 				na->value->length);
+! 			}
+  		if (j) return(j);
+  		j=na->set-nb->set;
+  		if (j) return(j);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_obj.c ../RELENG_4_6/crypto/openssl/crypto/x509/x509_obj.c
+*** crypto/openssl/crypto/x509/x509_obj.c	Sun Nov 26 06:33:58 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/x509_obj.c	Tue Jun 26 08:04:12 2001
+***************
+*** 214,219 ****
+--- 214,221 ----
+  		}
+  	else
+  		p=buf;
++ 	if (i == 0)
++ 		*p = '\0';
+  	return(p);
+  err:
+  	X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_trs.c ../RELENG_4_6/crypto/openssl/crypto/x509/x509_trs.c
+*** crypto/openssl/crypto/x509/x509_trs.c	Sun Nov 26 06:33:58 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/x509_trs.c	Sat Oct 20 12:23:18 2001
+***************
+*** 79,85 ****
+  static X509_TRUST trstandard[] = {
+  {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+  {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
+! {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL},
+  {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+  };
+  
+--- 79,85 ----
+  static X509_TRUST trstandard[] = {
+  {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL},
+  {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL},
+! {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL},
+  {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL},
+  };
+  
+***************
+*** 228,234 ****
+  
+  static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+  {
+! 	if(x->aux) return obj_trust(trust->arg1, x, flags);
+  	/* we don't have any trust settings: for compatibility
+  	 * we return trusted if it is self signed
+  	 */
+--- 228,235 ----
+  
+  static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags)
+  {
+! 	if(x->aux && (x->aux->trust || x->aux->reject))
+! 		return obj_trust(trust->arg1, x, flags);
+  	/* we don't have any trust settings: for compatibility
+  	 * we return trusted if it is self signed
+  	 */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_txt.c ../RELENG_4_6/crypto/openssl/crypto/x509/x509_txt.c
+*** crypto/openssl/crypto/x509/x509_txt.c	Sun Nov 26 06:33:58 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/x509_txt.c	Mon Oct  8 04:38:12 2001
+***************
+*** 95,101 ****
+  	case X509_V_ERR_CRL_NOT_YET_VALID:
+  		return("CRL is not yet valid");
+  	case X509_V_ERR_CERT_HAS_EXPIRED:
+! 		return("Certificate has expired");
+  	case X509_V_ERR_CRL_HAS_EXPIRED:
+  		return("CRL has expired");
+  	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+--- 95,101 ----
+  	case X509_V_ERR_CRL_NOT_YET_VALID:
+  		return("CRL is not yet valid");
+  	case X509_V_ERR_CERT_HAS_EXPIRED:
+! 		return("certificate has expired");
+  	case X509_V_ERR_CRL_HAS_EXPIRED:
+  		return("CRL has expired");
+  	case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_vfy.c ../RELENG_4_6/crypto/openssl/crypto/x509/x509_vfy.c
+*** crypto/openssl/crypto/x509/x509_vfy.c	Sun Nov 26 06:33:58 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/x509_vfy.c	Tue Dec 10 03:28:16 2002
+***************
+*** 567,573 ****
+  	{
+  	char *str;
+  	ASN1_TIME atm;
+! 	time_t offset;
+  	char buff1[24],buff2[24],*p;
+  	int i,j;
+  
+--- 567,573 ----
+  	{
+  	char *str;
+  	ASN1_TIME atm;
+! 	long offset;
+  	char buff1[24],buff2[24],*p;
+  	int i,j;
+  
+***************
+*** 909,914 ****
+--- 909,920 ----
+  	{
+  	ctx->check_time = t;
+  	ctx->flags |= X509_V_FLAG_USE_CHECK_TIME;
++ 	}
++ 
++ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
++ 				  int (*verify_cb)(int, X509_STORE_CTX *))
++ 	{
++ 	ctx->verify_cb=verify_cb;
+  	}
+  
+  IMPLEMENT_STACK_OF(X509)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_vfy.h ../RELENG_4_6/crypto/openssl/crypto/x509/x509_vfy.h
+*** crypto/openssl/crypto/x509/x509_vfy.h	Sun Nov 26 06:33:59 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/x509_vfy.h	Mon Jul 30 07:48:16 2001
+***************
+*** 382,387 ****
+--- 382,389 ----
+  				int purpose, int trust);
+  void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags);
+  void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t);
++ void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
++ 				  int (*verify_cb)(int, X509_STORE_CTX *));
+  
+  #ifdef  __cplusplus
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/Makefile.save ../RELENG_4_6/crypto/openssl/crypto/x509v3/Makefile.save
+*** crypto/openssl/crypto/x509v3/Makefile.save	Sun Aug 20 04:48:47 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509v3/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,469 ****
+- #
+- # SSLeay/crypto/x509v3/Makefile
+- #
+- 
+- DIR=	x509v3
+- TOP=	../..
+- CC=	cc
+- INCLUDES= -I.. -I../../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile README
+- TEST=
+- APPS=
+- 
+- LIB=$(TOP)/libcrypto.a
+- LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
+- v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
+- v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
+- LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
+- v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
+- v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= x509v3.h
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- v3_akey.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- v3_akey.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- v3_akey.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+- v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- v3_akey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- v3_akey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+- v3_akey.o: ../cryptlib.h
+- v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_alt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+- v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- v3_bcons.o: ../../include/openssl/opensslconf.h
+- v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_bcons.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_bcons.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_bcons.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_bcons.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_conf.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_conf.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_conf.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_conf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_conf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_conf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+- v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- v3_cpols.o: ../../include/openssl/opensslconf.h
+- v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_cpols.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_cpols.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_cpols.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_cpols.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_crld.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- v3_crld.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- v3_crld.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+- v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- v3_crld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- v3_crld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+- v3_crld.o: ../cryptlib.h
+- v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_extku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_extku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_extku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_extku.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_genn.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- v3_genn.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- v3_genn.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+- v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- v3_genn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- v3_genn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+- v3_genn.o: ../cryptlib.h
+- v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_ia5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+- v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- v3_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+- v3_info.o: ../cryptlib.h
+- v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_int.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h
+- v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+- v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- v3_pku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- v3_pku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- v3_pku.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+- v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+- v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+- v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+- v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+- v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+- v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+- v3_pku.o: ../cryptlib.h
+- v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_prn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_skey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_skey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_skey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+- v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+- v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+- v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+- v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+- v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+- v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+- v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+- v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+- v3_sxnet.o: ../../include/openssl/opensslconf.h
+- v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_sxnet.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_sxnet.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_sxnet.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_sxnet.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3_utl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3_utl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3_utl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+- v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+- v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+- v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+- v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+- v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+- v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+- v3err.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+- v3err.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+- v3err.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+- v3err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+- v3err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+- v3err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+- v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+- v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+- v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+- v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+- v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+- v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+- v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+- v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+- v3err.o: ../../include/openssl/x509v3.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/x509v3/Makefile.ssl
+*** crypto/openssl/crypto/x509v3/Makefile.ssl	Wed Jul  4 19:19:39 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/x509v3/Makefile.ssl	Wed Oct  9 09:15:57 2002
+***************
+*** 72,78 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 72,78 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 89,142 ****
+  v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+! v3_akey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_akey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_akey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_akey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_akey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_akey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_akey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_akey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_akey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_akey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_akey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_akey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_akey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_akey.o: ../cryptlib.h
+  v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_alt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_alt.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_alt.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_alt.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_alt.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_alt.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_alt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_alt.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_alt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_alt.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_alt.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_alt.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_alt.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_alt.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_alt.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+  v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+! v3_bcons.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_bcons.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_bcons.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_bcons.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_bcons.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_bcons.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+--- 89,141 ----
+  v3_akey.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_akey.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_akey.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_akey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_akey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_akey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_akey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_akey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_akey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_akey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_akey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_akey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_akey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_akey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_akey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_akey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_akey.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_alt.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_alt.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_alt.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_alt.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_alt.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_alt.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_alt.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_alt.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_alt.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_alt.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_alt.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_alt.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_alt.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_alt.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_alt.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_alt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_alt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_alt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_alt.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_alt.o: ../cryptlib.h
+  v3_bcons.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  v3_bcons.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  v3_bcons.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+  v3_bcons.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_bcons.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_bcons.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_bcons.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_bcons.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_bcons.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_bcons.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_bcons.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_bcons.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_bcons.o: ../../include/openssl/opensslconf.h
+  v3_bcons.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  v3_bcons.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  v3_bcons.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+***************
+*** 151,163 ****
+  v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_bitst.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_bitst.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_bitst.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_bitst.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_bitst.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_bitst.o: ../../include/openssl/opensslconf.h
+  v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+--- 150,161 ----
+  v3_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_bitst.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_bitst.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  v3_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  v3_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  v3_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+***************
+*** 172,204 ****
+  v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_conf.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_conf.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_conf.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_conf.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_conf.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_conf.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_conf.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_conf.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_conf.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_conf.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_conf.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_conf.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_conf.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_conf.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+  v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+! v3_cpols.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_cpols.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_cpols.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_cpols.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_cpols.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_cpols.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+--- 170,202 ----
+  v3_conf.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_conf.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_conf.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_conf.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_conf.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_conf.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_conf.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_conf.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_conf.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_conf.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_conf.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_conf.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_conf.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_conf.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_conf.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_conf.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_conf.o: ../cryptlib.h
+  v3_cpols.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  v3_cpols.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  v3_cpols.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+  v3_cpols.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_cpols.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_cpols.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_cpols.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_cpols.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_cpols.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_cpols.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_cpols.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_cpols.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_cpols.o: ../../include/openssl/opensslconf.h
+  v3_cpols.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  v3_cpols.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  v3_cpols.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+***************
+*** 213,266 ****
+  v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+! v3_crld.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_crld.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_crld.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_crld.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_crld.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_crld.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_crld.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_crld.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_crld.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_crld.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_crld.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_crld.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_crld.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_crld.o: ../cryptlib.h
+  v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_enum.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_enum.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_enum.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_enum.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_enum.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_enum.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_enum.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_enum.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_enum.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_enum.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_enum.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_enum.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_enum.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_enum.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_extku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_extku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_extku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_extku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_extku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_extku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_extku.o: ../../include/openssl/opensslconf.h
+  v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+--- 211,262 ----
+  v3_crld.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_crld.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_crld.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_crld.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_crld.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_crld.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_crld.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_crld.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_crld.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_crld.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_crld.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_crld.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_crld.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_crld.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_crld.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_crld.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_crld.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_enum.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_enum.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_enum.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_enum.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_enum.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_enum.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_enum.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_enum.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_enum.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_enum.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_enum.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_enum.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_enum.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_enum.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_enum.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_enum.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_enum.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_enum.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_enum.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_enum.o: ../cryptlib.h
+  v3_extku.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_extku.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_extku.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_extku.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_extku.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_extku.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_extku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_extku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_extku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_extku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_extku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_extku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  v3_extku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  v3_extku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  v3_extku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+***************
+*** 275,470 ****
+  v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+! v3_genn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_genn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_genn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_genn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_genn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_genn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_genn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_genn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_genn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_genn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_genn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_genn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_genn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_genn.o: ../cryptlib.h
+  v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_ia5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_ia5.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_ia5.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_ia5.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_ia5.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_ia5.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_ia5.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_ia5.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_ia5.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_ia5.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_ia5.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_ia5.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_ia5.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+  v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+! v3_info.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_info.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_info.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_info.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_info.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_info.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_info.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_info.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_info.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_info.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_info.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_info.o: ../cryptlib.h
+  v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_int.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_int.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_int.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_int.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_int.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_int.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_int.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_int.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_int.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_int.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_int.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_int.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_int.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_int.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_lib.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_lib.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_lib.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_lib.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_lib.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_lib.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_lib.o: ../../include/openssl/x509v3.h ../cryptlib.h ext_dat.h
+  v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+  v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+! v3_pku.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_pku.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_pku.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_pku.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_pku.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_pku.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_pku.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_pku.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_pku.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_pku.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_pku.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_pku.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_pku.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_pku.o: ../cryptlib.h
+  v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_prn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_prn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_prn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_prn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_prn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_prn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_prn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_prn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_prn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_prn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_prn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_prn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_prn.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_purp.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_purp.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_purp.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_purp.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_purp.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_purp.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_purp.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_purp.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_purp.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_purp.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_purp.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_purp.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_purp.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_purp.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_skey.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_skey.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_skey.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_skey.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_skey.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_skey.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_skey.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_skey.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_skey.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_skey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_skey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_skey.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_skey.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_skey.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+  v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+! v3_sxnet.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_sxnet.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_sxnet.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_sxnet.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_sxnet.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_sxnet.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+  v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+--- 271,463 ----
+  v3_genn.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_genn.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_genn.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_genn.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_genn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_genn.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_genn.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_genn.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_genn.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_genn.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_genn.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_genn.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_genn.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_genn.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_genn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_genn.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_genn.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_ia5.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_ia5.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_ia5.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_ia5.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_ia5.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_ia5.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_ia5.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_ia5.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_ia5.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_ia5.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_ia5.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_ia5.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_ia5.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_ia5.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_ia5.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_ia5.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_ia5.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_ia5.o: ../cryptlib.h
+  v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+  v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_info.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_info.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_info.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_info.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_info.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_int.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_int.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_int.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_int.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_int.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_int.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_int.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_int.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_int.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_int.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_int.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_int.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_int.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_int.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_int.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_int.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_int.o: ../cryptlib.h
+  v3_lib.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_lib.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_lib.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_lib.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_lib.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_lib.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_lib.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_lib.o: ../cryptlib.h ext_dat.h
+  v3_pku.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  v3_pku.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  v3_pku.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+  v3_pku.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_pku.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_pku.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_pku.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_pku.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_pku.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_pku.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_pku.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_pku.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_pku.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_pku.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_pku.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_pku.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_pku.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_pku.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_pku.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_pku.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3_prn.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_prn.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_prn.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_prn.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_prn.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_prn.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_prn.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_prn.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_prn.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_prn.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_prn.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_prn.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_prn.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_prn.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_prn.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_prn.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_prn.o: ../cryptlib.h
+  v3_purp.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_purp.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_purp.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_purp.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_purp.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_purp.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_purp.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_purp.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_purp.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_purp.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_purp.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_purp.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_purp.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_purp.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_purp.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_purp.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_purp.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_purp.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_purp.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_purp.o: ../cryptlib.h
+  v3_skey.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3_skey.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3_skey.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3_skey.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_skey.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_skey.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_skey.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_skey.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_skey.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_skey.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_skey.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_skey.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_skey.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_skey.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_skey.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_skey.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_skey.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_skey.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_skey.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_skey.o: ../cryptlib.h
+  v3_sxnet.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+  v3_sxnet.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+  v3_sxnet.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+  v3_sxnet.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+  v3_sxnet.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  v3_sxnet.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+! v3_sxnet.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_sxnet.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_sxnet.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_sxnet.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_sxnet.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_sxnet.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_sxnet.o: ../../include/openssl/opensslconf.h
+  v3_sxnet.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+  v3_sxnet.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+  v3_sxnet.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+***************
+*** 479,514 ****
+  v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_utl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+! v3_utl.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3_utl.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3_utl.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3_utl.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3_utl.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3_utl.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3_utl.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3_utl.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3_utl.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3_utl.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3_utl.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3_utl.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3_utl.o: ../../include/openssl/x509v3.h ../cryptlib.h
+  v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+! v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3err.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3err.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+--- 472,507 ----
+  v3_utl.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3_utl.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+  v3_utl.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+! v3_utl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+! v3_utl.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+! v3_utl.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+! v3_utl.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+! v3_utl.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+! v3_utl.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+! v3_utl.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+! v3_utl.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+! v3_utl.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
+! v3_utl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+! v3_utl.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+! v3_utl.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+! v3_utl.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+! v3_utl.o: ../cryptlib.h
+  v3err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+  v3err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+  v3err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+  v3err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+  v3err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+! v3err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
+! v3err.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+! v3err.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+! v3err.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+! v3err.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+! v3err.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+! v3err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+! v3err.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+! v3err.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+! v3err.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+! v3err.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! v3err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! v3err.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+! v3err.o: ../../include/openssl/x509v3.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/README ../RELENG_4_6/crypto/openssl/crypto/x509v3/README
+*** crypto/openssl/crypto/x509v3/README	Mon Jan 10 01:21:53 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509v3/README	Wed Dec 31 19:00:00 1969
+***************
+*** 1,4 ****
+- WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING
+- 
+- This is ***VERY*** new experimental code and is likely to change
+- considerably or vanish altogether.
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/v3_ia5.c ../RELENG_4_6/crypto/openssl/crypto/x509v3/v3_ia5.c
+*** crypto/openssl/crypto/x509v3/v3_ia5.c	Sun Nov 26 06:34:00 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509v3/v3_ia5.c	Thu May 30 12:49:00 2002
+***************
+*** 82,88 ****
+  {
+  	char *tmp;
+  	if(!ia5 || !ia5->length) return NULL;
+! 	tmp = OPENSSL_malloc(ia5->length + 1);
+  	memcpy(tmp, ia5->data, ia5->length);
+  	tmp[ia5->length] = 0;
+  	return tmp;
+--- 82,88 ----
+  {
+  	char *tmp;
+  	if(!ia5 || !ia5->length) return NULL;
+! 	if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL;
+  	memcpy(tmp, ia5->data, ia5->length);
+  	tmp[ia5->length] = 0;
+  	return tmp;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/v3_utl.c ../RELENG_4_6/crypto/openssl/crypto/x509v3/v3_utl.c
+*** crypto/openssl/crypto/x509v3/v3_utl.c	Sun Nov 26 06:34:01 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509v3/v3_utl.c	Thu Feb 21 09:07:55 2002
+***************
+*** 250,256 ****
+  				*p = 0;
+  				ntmp = strip_spaces(q);
+  				q = p + 1;
+! #ifdef DEBUG
+  				printf("%s\n", ntmp);
+  #endif
+  				if(!ntmp) {
+--- 250,256 ----
+  				*p = 0;
+  				ntmp = strip_spaces(q);
+  				q = p + 1;
+! #if 0
+  				printf("%s\n", ntmp);
+  #endif
+  				if(!ntmp) {
+***************
+*** 266,272 ****
+  				state = HDR_NAME;
+  				*p = 0;
+  				vtmp = strip_spaces(q);
+! #ifdef DEBUG
+  				printf("%s\n", ntmp);
+  #endif
+  				if(!vtmp) {
+--- 266,272 ----
+  				state = HDR_NAME;
+  				*p = 0;
+  				vtmp = strip_spaces(q);
+! #if 0
+  				printf("%s\n", ntmp);
+  #endif
+  				if(!vtmp) {
+***************
+*** 283,289 ****
+  
+  	if(state == HDR_VALUE) {
+  		vtmp = strip_spaces(q);
+! #ifdef DEBUG
+  		printf("%s=%s\n", ntmp, vtmp);
+  #endif
+  		if(!vtmp) {
+--- 283,289 ----
+  
+  	if(state == HDR_VALUE) {
+  		vtmp = strip_spaces(q);
+! #if 0
+  		printf("%s=%s\n", ntmp, vtmp);
+  #endif
+  		if(!vtmp) {
+***************
+*** 293,299 ****
+  		X509V3_add_value(ntmp, vtmp, &values);
+  	} else {
+  		ntmp = strip_spaces(q);
+! #ifdef DEBUG
+  		printf("%s\n", ntmp);
+  #endif
+  		if(!ntmp) {
+--- 293,299 ----
+  		X509V3_add_value(ntmp, vtmp, &values);
+  	} else {
+  		ntmp = strip_spaces(q);
+! #if 0
+  		printf("%s\n", ntmp);
+  #endif
+  		if(!ntmp) {
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/x509v3.h ../RELENG_4_6/crypto/openssl/crypto/x509v3/x509v3.h
+*** crypto/openssl/crypto/x509v3/x509v3.h	Sun Nov 26 06:34:01 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509v3/x509v3.h	Mon Dec 17 14:24:32 2001
+***************
+*** 354,360 ****
+  
+  DECLARE_STACK_OF(X509_PURPOSE)
+  
+- void ERR_load_X509V3_strings(void);
+  int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp);
+  BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, unsigned char **pp, long length);
+  BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void);
+--- 354,359 ----
+***************
+*** 555,560 ****
+--- 554,560 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_X509V3_strings(void);
+  
+  /* Error codes for the X509V3 functions. */
+  
+***************
+*** 650,653 ****
+  }
+  #endif
+  #endif
+- 
+--- 650,652 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/b64.c ../RELENG_4_6/crypto/openssl/demos/b64.c
+*** crypto/openssl/demos/b64.c	Sun Nov 26 06:34:02 2000
+--- ../RELENG_4_6/crypto/openssl/demos/b64.c	Sat Apr  6 15:22:32 2002
+***************
+*** 91,98 ****
+  	EVP_CIPHER *cipher=NULL,*c;
+  	char *inf=NULL,*outf=NULL;
+  	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+! #define PROG_NAME_SIZE  16
+!         char pname[PROG_NAME_SIZE];
+  
+  
+  	apps_startup();
+--- 91,98 ----
+  	EVP_CIPHER *cipher=NULL,*c;
+  	char *inf=NULL,*outf=NULL;
+  	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+! #define PROG_NAME_SIZE  39
+!         char pname[PROG_NAME_SIZE+1];
+  
+  
+  	apps_startup();
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/maurice/example1.c ../RELENG_4_6/crypto/openssl/demos/maurice/example1.c
+*** crypto/openssl/demos/maurice/example1.c	Mon Jan 10 01:21:55 2000
+--- ../RELENG_4_6/crypto/openssl/demos/maurice/example1.c	Thu Mar 21 14:14:56 2002
+***************
+*** 72,78 ****
+  
+          pubKey[0] = ReadPublicKey(PUBFILE);
+  
+! 	if(!pubKey)
+  	{
+             fprintf(stderr,"Error: can't load public key");
+             exit(1);
+--- 72,78 ----
+  
+          pubKey[0] = ReadPublicKey(PUBFILE);
+  
+! 	if(!pubKey[0])
+  	{
+             fprintf(stderr,"Error: can't load public key");
+             exit(1);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/maurice/loadkeys.c ../RELENG_4_6/crypto/openssl/demos/maurice/loadkeys.c
+*** crypto/openssl/demos/maurice/loadkeys.c	Mon Jan 10 01:21:55 2000
+--- ../RELENG_4_6/crypto/openssl/demos/maurice/loadkeys.c	Wed Jun  5 01:21:19 2002
+***************
+*** 33,39 ****
+  
+    x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
+                                     PEM_STRING_X509,
+!                                    fp, NULL, NULL);
+  
+    if (x509 == NULL) 
+    {  
+--- 33,39 ----
+  
+    x509 = (X509 *)PEM_ASN1_read ((char *(*)())d2i_X509,
+                                     PEM_STRING_X509,
+!                                    fp, NULL, NULL, NULL);
+  
+    if (x509 == NULL) 
+    {  
+***************
+*** 64,70 ****
+  	pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
+                                PEM_STRING_EVP_PKEY,
+                                fp,
+!                               NULL, NULL);
+  
+  	fclose (fp);
+  
+--- 64,70 ----
+  	pkey = (EVP_PKEY*)PEM_ASN1_read ((char *(*)())d2i_PrivateKey,
+                                PEM_STRING_EVP_PKEY,
+                                fp,
+!                               NULL, NULL, NULL);
+  
+  	fclose (fp);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/selfsign.c ../RELENG_4_6/crypto/openssl/demos/selfsign.c
+*** crypto/openssl/demos/selfsign.c	Sun Aug 20 04:46:50 2000
+--- ../RELENG_4_6/crypto/openssl/demos/selfsign.c	Sun Oct 20 20:12:43 2002
+***************
+*** 106,112 ****
+  		}
+  	rsa=NULL;
+  
+! 	X509_set_version(x,3);
+  	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+  	X509_gmtime_adj(X509_get_notBefore(x),0);
+  	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+--- 106,112 ----
+  		}
+  	rsa=NULL;
+  
+! 	X509_set_version(x,2);
+  	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+  	X509_gmtime_adj(X509_get_notBefore(x),0);
+  	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/dep/crypto.txt ../RELENG_4_6/crypto/openssl/dep/crypto.txt
+*** crypto/openssl/dep/crypto.txt	Mon Jan 10 01:21:56 2000
+--- ../RELENG_4_6/crypto/openssl/dep/crypto.txt	Wed Dec 31 19:00:00 1969
+***************
+*** 1,1043 ****
+- ASN1_BIT_STRING_asn1_meth
+- ASN1_BIT_STRING_get_bit
+- ASN1_BIT_STRING_set_bit
+- ASN1_HEADER_free
+- ASN1_HEADER_new
+- ASN1_IA5STRING_asn1_meth
+- ASN1_INTEGER_get
+- ASN1_INTEGER_set
+- ASN1_INTEGER_to_BN
+- ASN1_OBJECT_create
+- ASN1_OBJECT_free
+- ASN1_OBJECT_new
+- ASN1_PRINTABLE_type
+- ASN1_STRING_cmp
+- ASN1_STRING_dup
+- ASN1_STRING_free
+- ASN1_STRING_new
+- ASN1_STRING_print
+- ASN1_STRING_set
+- ASN1_STRING_type_new
+- ASN1_TYPE_free
+- ASN1_TYPE_get
+- ASN1_TYPE_new
+- ASN1_TYPE_set
+- ASN1_UNIVERSALSTRING_to_string
+- ASN1_UTCTIME_check
+- ASN1_UTCTIME_print
+- ASN1_UTCTIME_set
+- ASN1_check_infinite_end
+- ASN1_d2i_bio
+- ASN1_d2i_fp
+- ASN1_digest
+- ASN1_dup
+- ASN1_get_object
+- ASN1_i2d_bio
+- ASN1_i2d_fp
+- ASN1_object_size
+- ASN1_parse
+- ASN1_put_object
+- ASN1_sign
+- ASN1_verify
+- BF_cbc_encrypt
+- BF_cfb64_encrypt
+- BF_decrypt
+- BF_ecb_encrypt
+- BF_encrypt
+- BF_ofb64_encrypt
+- BF_options
+- BF_set_key
+- BIO_ACCEPT_free
+- BIO_ACCEPT_new
+- BIO_CONNECT_free
+- BIO_CONNECT_new
+- BIO_accept
+- BIO_copy_next_retry
+- BIO_ctrl
+- BIO_ctrl_int
+- BIO_debug_callback
+- BIO_dump
+- BIO_dup_chain
+- BIO_f_base64
+- BIO_f_buffer
+- BIO_f_cipher
+- BIO_f_md
+- BIO_f_nbio_test
+- BIO_f_null
+- BIO_f_proxy_server
+- BIO_fd_non_fatal_error
+- BIO_fd_should_retry
+- BIO_find_type
+- BIO_free
+- BIO_free_all
+- BIO_get_accept_socket
+- BIO_get_ex_data
+- BIO_get_ex_new_index
+- BIO_get_filter_bio
+- BIO_get_host_ip
+- BIO_get_port
+- BIO_get_retry_BIO
+- BIO_get_retry_reason
+- BIO_gethostbyname
+- BIO_gets
+- BIO_ghbn_ctrl
+- BIO_new
+- BIO_new_accept
+- BIO_new_connect
+- BIO_new_fd
+- BIO_new_file
+- BIO_new_fp
+- BIO_new_socket
+- BIO_pop
+- BIO_printf
+- BIO_ptr_ctrl
+- BIO_push
+- BIO_puts
+- BIO_read
+- BIO_s_accept
+- BIO_s_connect
+- BIO_s_fd
+- BIO_s_file
+- BIO_s_mem
+- BIO_s_null
+- BIO_s_proxy_client
+- BIO_s_socket
+- BIO_set
+- BIO_set_cipher
+- BIO_set_ex_data
+- BIO_set_tcp_ndelay
+- BIO_sock_cleanup
+- BIO_sock_error
+- BIO_sock_init
+- BIO_sock_non_fatal_error
+- BIO_sock_should_retry
+- BIO_socket_ioctl
+- BIO_write
+- BN_BLINDING_convert
+- BN_BLINDING_free
+- BN_BLINDING_invert
+- BN_BLINDING_new
+- BN_BLINDING_update
+- BN_CTX_free
+- BN_CTX_new
+- BN_MONT_CTX_free
+- BN_MONT_CTX_new
+- BN_MONT_CTX_set
+- BN_add
+- BN_add_word
+- BN_bin2bn
+- BN_bn2bin
+- BN_bn2dec
+- BN_bn2hex
+- BN_bn2mpi
+- BN_clear
+- BN_clear_bit
+- BN_clear_free
+- BN_cmp
+- BN_copy
+- BN_dec2bn
+- BN_div
+- BN_div_word
+- BN_dup
+- BN_exp
+- BN_free
+- BN_from_montgomery
+- BN_gcd
+- BN_generate_prime
+- BN_get_word
+- BN_hex2bn
+- BN_is_bit_set
+- BN_is_prime
+- BN_lshift
+- BN_lshift1
+- BN_mask_bits
+- BN_mod
+- BN_mod_exp
+- BN_mod_exp_mont
+- BN_mod_exp_recp
+- BN_mod_exp_simple
+- BN_mod_inverse
+- BN_mod_mul
+- BN_mod_mul_montgomery
+- BN_mod_mul_reciprocal
+- BN_mod_word
+- BN_mpi2bn
+- BN_mul
+- BN_mul_word
+- BN_new
+- BN_num_bits
+- BN_num_bits_word
+- BN_options
+- BN_print
+- BN_print_fp
+- BN_rand
+- BN_reciprocal
+- BN_rshift
+- BN_rshift1
+- BN_set_bit
+- BN_set_word
+- BN_sqr
+- BN_sub
+- BN_sub_word
+- BN_to_ASN1_INTEGER
+- BN_ucmp
+- BN_value_one
+- BUF_MEM_free
+- BUF_MEM_grow
+- BUF_MEM_new
+- BUF_strdup
+- CAST_cbc_encrypt
+- CAST_cfb64_encrypt
+- CAST_decrypt
+- CAST_ecb_encrypt
+- CAST_encrypt
+- CAST_ofb64_encrypt
+- CAST_set_key
+- CONF_free
+- CONF_get_number
+- CONF_get_section
+- CONF_get_string
+- CONF_load
+- CRYPTO_add_lock
+- CRYPTO_dbg_free
+- CRYPTO_dbg_malloc
+- CRYPTO_dbg_realloc
+- CRYPTO_dbg_remalloc
+- CRYPTO_dup_ex_data
+- CRYPTO_free
+- CRYPTO_free_ex_data
+- CRYPTO_get_add_lock_callback
+- CRYPTO_get_ex_data
+- CRYPTO_get_ex_new_index
+- CRYPTO_get_id_callback
+- CRYPTO_get_lock_name
+- CRYPTO_get_locking_callback
+- CRYPTO_get_mem_functions
+- CRYPTO_get_new_lockid
+- CRYPTO_lock
+- CRYPTO_malloc
+- CRYPTO_mem_ctrl
+- CRYPTO_mem_leaks
+- CRYPTO_mem_leaks_cb
+- CRYPTO_mem_leaks_fp
+- CRYPTO_new_ex_data
+- CRYPTO_realloc
+- CRYPTO_remalloc
+- CRYPTO_set_add_lock_callback
+- CRYPTO_set_ex_data
+- CRYPTO_set_id_callback
+- CRYPTO_set_locking_callback
+- CRYPTO_set_mem_functions
+- CRYPTO_thread_id
+- DH_check
+- DH_compute_key
+- DH_free
+- DH_generate_key
+- DH_generate_parameters
+- DH_new
+- DH_size
+- DHparams_print
+- DHparams_print_fp
+- DSA_free
+- DSA_generate_key
+- DSA_generate_parameters
+- DSA_is_prime
+- DSA_new
+- DSA_print
+- DSA_print_fp
+- DSA_sign
+- DSA_sign_setup
+- DSA_size
+- DSA_verify
+- DSAparams_print
+- DSAparams_print_fp
+- ERR_clear_error
+- ERR_error_string
+- ERR_free_strings
+- ERR_func_error_string
+- ERR_get_err_state_table
+- ERR_get_error
+- ERR_get_error_line
+- ERR_get_next_error_library
+- ERR_get_state
+- ERR_get_string_table
+- ERR_lib_error_string
+- ERR_load_ASN1_strings
+- ERR_load_BIO_strings
+- ERR_load_BN_strings
+- ERR_load_BUF_strings
+- ERR_load_CONF_strings
+- ERR_load_CRYPTO_strings
+- ERR_load_DH_strings
+- ERR_load_DSA_strings
+- ERR_load_ERR_strings
+- ERR_load_EVP_strings
+- ERR_load_OBJ_strings
+- ERR_load_PEM_strings
+- ERR_load_PKCS7_strings
+- ERR_load_PROXY_strings
+- ERR_load_RSA_strings
+- ERR_load_X509_strings
+- ERR_load_crypto_strings
+- ERR_load_strings
+- ERR_peek_error
+- ERR_peek_error_line
+- ERR_print_errors
+- ERR_print_errors_fp
+- ERR_put_error
+- ERR_reason_error_string
+- ERR_remove_state
+- EVP_BytesToKey
+- EVP_CIPHER_CTX_cleanup
+- EVP_CIPHER_CTX_init
+- EVP_CipherFinal
+- EVP_CipherInit
+- EVP_CipherUpdate
+- EVP_DecodeBlock
+- EVP_DecodeFinal
+- EVP_DecodeInit
+- EVP_DecodeUpdate
+- EVP_DecryptFinal
+- EVP_DecryptInit
+- EVP_DecryptUpdate
+- EVP_DigestFinal
+- EVP_DigestInit
+- EVP_DigestUpdate
+- EVP_EncodeBlock
+- EVP_EncodeFinal
+- EVP_EncodeInit
+- EVP_EncodeUpdate
+- EVP_EncryptFinal
+- EVP_EncryptInit
+- EVP_EncryptUpdate
+- EVP_OpenFinal
+- EVP_OpenInit
+- EVP_PKEY_assign
+- EVP_PKEY_bits
+- EVP_PKEY_cmp_parameters
+- EVP_PKEY_copy_parameters
+- EVP_PKEY_free
+- EVP_PKEY_missing_parameters
+- EVP_PKEY_new
+- EVP_PKEY_save_parameters
+- EVP_PKEY_size
+- EVP_PKEY_type
+- EVP_SealFinal
+- EVP_SealInit
+- EVP_SignFinal
+- EVP_VerifyFinal
+- EVP_add_alias
+- EVP_add_cipher
+- EVP_add_digest
+- EVP_bf_cbc
+- EVP_bf_cfb
+- EVP_bf_ecb
+- EVP_bf_ofb
+- EVP_cast5_cbc
+- EVP_cast5_cfb
+- EVP_cast5_ecb
+- EVP_cast5_ofb
+- EVP_cleanup
+- EVP_delete_alias
+- EVP_des_cbc
+- EVP_des_cfb
+- EVP_des_ecb
+- EVP_des_ede
+- EVP_des_ede3
+- EVP_des_ede3_cbc
+- EVP_des_ede3_cfb
+- EVP_des_ede3_ofb
+- EVP_des_ede_cbc
+- EVP_des_ede_cfb
+- EVP_des_ede_ofb
+- EVP_des_ofb
+- EVP_desx_cbc
+- EVP_dss
+- EVP_dss1
+- EVP_enc_null
+- EVP_get_cipherbyname
+- EVP_get_digestbyname
+- EVP_get_pw_prompt
+- EVP_idea_cbc
+- EVP_idea_cfb
+- EVP_idea_ecb
+- EVP_idea_ofb
+- EVP_md2
+- EVP_md5
+- EVP_md_null
+- EVP_mdc2
+- EVP_rc2_40_cbc
+- EVP_rc2_cbc
+- EVP_rc2_cfb
+- EVP_rc2_ecb
+- EVP_rc2_ofb
+- EVP_rc4
+- EVP_rc4_40
+- EVP_read_pw_string
+- EVP_set_pw_prompt
+- EVP_sha
+- EVP_sha1
+- HMAC
+- HMAC_Final
+- HMAC_Init
+- HMAC_Update
+- HMAC_cleanup
+- MD2
+- MD2_Final
+- MD2_Init
+- MD2_Update
+- MD2_options
+- MD5
+- MD5_Final
+- MD5_Init
+- MD5_Transform
+- MD5_Update
+- MDC2
+- MDC2_Final
+- MDC2_Init
+- MDC2_Update
+- NETSCAPE_SPKAC_free
+- NETSCAPE_SPKAC_new
+- NETSCAPE_SPKI_free
+- NETSCAPE_SPKI_new
+- NETSCAPE_SPKI_sign
+- NETSCAPE_SPKI_verify
+- OBJ_add_object
+- OBJ_bsearch
+- OBJ_cleanup
+- OBJ_cmp
+- OBJ_create
+- OBJ_create_objects
+- OBJ_dup
+- OBJ_ln2nid
+- OBJ_new_nid
+- OBJ_nid2ln
+- OBJ_nid2obj
+- OBJ_nid2sn
+- OBJ_obj2nid
+- OBJ_sn2nid
+- OBJ_txt2nid
+- PEM_ASN1_read
+- PEM_ASN1_read_bio
+- PEM_ASN1_write
+- PEM_ASN1_write_bio
+- PEM_SealFinal
+- PEM_SealInit
+- PEM_SealUpdate
+- PEM_SignFinal
+- PEM_SignInit
+- PEM_SignUpdate
+- PEM_X509_INFO_read
+- PEM_X509_INFO_read_bio
+- PEM_X509_INFO_write_bio
+- PEM_dek_info
+- PEM_do_header
+- PEM_get_EVP_CIPHER_INFO
+- PEM_proc_type
+- PEM_read
+- PEM_read_DHparams
+- PEM_read_DSAPrivateKey
+- PEM_read_DSAparams
+- PEM_read_PKCS7
+- PEM_read_PrivateKey
+- PEM_read_RSAPrivateKey
+- PEM_read_RSAPublicKey
+- PEM_read_X509
+- PEM_read_X509_CRL
+- PEM_read_X509_REQ
+- PEM_read_bio
+- PEM_read_bio_DHparams
+- PEM_read_bio_DSAPrivateKey
+- PEM_read_bio_DSAparams
+- PEM_read_bio_PKCS7
+- PEM_read_bio_PrivateKey
+- PEM_read_bio_RSAPrivateKey
+- PEM_read_bio_RSAPublicKey
+- PEM_read_bio_X509
+- PEM_read_bio_X509_CRL
+- PEM_read_bio_X509_REQ
+- PEM_write
+- PEM_write_DHparams
+- PEM_write_DSAPrivateKey
+- PEM_write_DSAparams
+- PEM_write_PKCS7
+- PEM_write_PrivateKey
+- PEM_write_RSAPrivateKey
+- PEM_write_RSAPublicKey
+- PEM_write_X509
+- PEM_write_X509_CRL
+- PEM_write_X509_REQ
+- PEM_write_bio
+- PEM_write_bio_DHparams
+- PEM_write_bio_DSAPrivateKey
+- PEM_write_bio_DSAparams
+- PEM_write_bio_PKCS7
+- PEM_write_bio_PrivateKey
+- PEM_write_bio_RSAPrivateKey
+- PEM_write_bio_RSAPublicKey
+- PEM_write_bio_X509
+- PEM_write_bio_X509_CRL
+- PEM_write_bio_X509_REQ
+- PKCS7_DIGEST_free
+- PKCS7_DIGEST_new
+- PKCS7_ENCRYPT_free
+- PKCS7_ENCRYPT_new
+- PKCS7_ENC_CONTENT_free
+- PKCS7_ENC_CONTENT_new
+- PKCS7_ENVELOPE_free
+- PKCS7_ENVELOPE_new
+- PKCS7_ISSUER_AND_SERIAL_digest
+- PKCS7_ISSUER_AND_SERIAL_free
+- PKCS7_ISSUER_AND_SERIAL_new
+- PKCS7_RECIP_INFO_free
+- PKCS7_RECIP_INFO_new
+- PKCS7_SIGNED_free
+- PKCS7_SIGNED_new
+- PKCS7_SIGNER_INFO_free
+- PKCS7_SIGNER_INFO_new
+- PKCS7_SIGNER_INFO_set
+- PKCS7_SIGN_ENVELOPE_free
+- PKCS7_SIGN_ENVELOPE_new
+- PKCS7_add_certificate
+- PKCS7_add_crl
+- PKCS7_add_signature
+- PKCS7_add_signer
+- PKCS7_cert_from_signer_info
+- PKCS7_content_free
+- PKCS7_content_new
+- PKCS7_ctrl
+- PKCS7_dataInit
+- PKCS7_dataSign
+- PKCS7_dataVerify
+- PKCS7_dup
+- PKCS7_free
+- PKCS7_get_signer_info
+- PKCS7_new
+- PKCS7_set_content
+- PKCS7_set_type
+- PROXY_ENTRY_add_noproxy
+- PROXY_ENTRY_clear_noproxy
+- PROXY_ENTRY_free
+- PROXY_ENTRY_get_noproxy
+- PROXY_ENTRY_new
+- PROXY_ENTRY_set_server
+- PROXY_add_noproxy
+- PROXY_add_server
+- PROXY_check_by_host
+- PROXY_check_url
+- PROXY_clear_noproxy
+- PROXY_free
+- PROXY_get_noproxy
+- PROXY_get_proxies
+- PROXY_get_proxy_entry
+- PROXY_load_conf
+- PROXY_new
+- PROXY_print
+- RAND_bytes
+- RAND_cleanup
+- RAND_file_name
+- RAND_load_file
+- RAND_seed
+- RAND_write_file
+- RC2_cbc_encrypt
+- RC2_cfb64_encrypt
+- RC2_decrypt
+- RC2_ecb_encrypt
+- RC2_encrypt
+- RC2_ofb64_encrypt
+- RC2_set_key
+- RC4
+- RC4_options
+- RC4_set_key
+- RC5_32_cbc_encrypt
+- RC5_32_cfb64_encrypt
+- RC5_32_decrypt
+- RC5_32_ecb_encrypt
+- RC5_32_encrypt
+- RC5_32_ofb64_encrypt
+- RC5_32_set_key
+- RIPEMD160
+- RIPEMD160_Final
+- RIPEMD160_Init
+- RIPEMD160_Transform
+- RIPEMD160_Update
+- RSAPrivateKey_asn1_meth
+- RSAPrivateKey_dup
+- RSAPublicKey_dup
+- RSA_PKCS1_SSLeay
+- RSA_blinding_off
+- RSA_blinding_on
+- RSA_flags
+- RSA_free
+- RSA_generate_key
+- RSA_get_ex_data
+- RSA_get_ex_new_index
+- RSA_new
+- RSA_new_method
+- RSA_padding_add_PKCS1_type_1
+- RSA_padding_add_PKCS1_type_2
+- RSA_padding_add_SSLv23
+- RSA_padding_add_none
+- RSA_padding_check_PKCS1_type_1
+- RSA_padding_check_PKCS1_type_2
+- RSA_padding_check_SSLv23
+- RSA_padding_check_none
+- RSA_print
+- RSA_print_fp
+- RSA_private_decrypt
+- RSA_private_encrypt
+- RSA_public_decrypt
+- RSA_public_encrypt
+- RSA_set_default_method
+- RSA_set_ex_data
+- RSA_sign
+- RSA_sign_ASN1_OCTET_STRING
+- RSA_size
+- RSA_verify
+- RSA_verify_ASN1_OCTET_STRING
+- SHA
+- SHA1
+- SHA1_Final
+- SHA1_Init
+- SHA1_Transform
+- SHA1_Update
+- SHA_Final
+- SHA_Init
+- SHA_Transform
+- SHA_Update
+- SSLeay
+- SSLeay_add_all_algorithms
+- SSLeay_add_all_ciphers
+- SSLeay_add_all_digests
+- SSLeay_version
+- TXT_DB_create_index
+- TXT_DB_free
+- TXT_DB_get_by_index
+- TXT_DB_insert
+- TXT_DB_read
+- TXT_DB_write
+- X509_ALGOR_free
+- X509_ALGOR_new
+- X509_ATTRIBUTE_free
+- X509_ATTRIBUTE_new
+- X509_CINF_free
+- X509_CINF_new
+- X509_CRL_INFO_free
+- X509_CRL_INFO_new
+- X509_CRL_add_ext
+- X509_CRL_cmp
+- X509_CRL_delete_ext
+- X509_CRL_dup
+- X509_CRL_free
+- X509_CRL_get_ext
+- X509_CRL_get_ext_by_NID
+- X509_CRL_get_ext_by_OBJ
+- X509_CRL_get_ext_by_critical
+- X509_CRL_get_ext_count
+- X509_CRL_new
+- X509_CRL_sign
+- X509_CRL_verify
+- X509_EXTENSION_create_by_NID
+- X509_EXTENSION_create_by_OBJ
+- X509_EXTENSION_dup
+- X509_EXTENSION_free
+- X509_EXTENSION_get_critical
+- X509_EXTENSION_get_data
+- X509_EXTENSION_get_object
+- X509_EXTENSION_new
+- X509_EXTENSION_set_critical
+- X509_EXTENSION_set_data
+- X509_EXTENSION_set_object
+- X509_INFO_free
+- X509_INFO_new
+- X509_LOOKUP_by_alias
+- X509_LOOKUP_by_fingerprint
+- X509_LOOKUP_by_issuer_serial
+- X509_LOOKUP_by_subject
+- X509_LOOKUP_ctrl
+- X509_LOOKUP_file
+- X509_LOOKUP_free
+- X509_LOOKUP_hash_dir
+- X509_LOOKUP_init
+- X509_LOOKUP_new
+- X509_LOOKUP_shutdown
+- X509_NAME_ENTRY_create_by_NID
+- X509_NAME_ENTRY_create_by_OBJ
+- X509_NAME_ENTRY_dup
+- X509_NAME_ENTRY_free
+- X509_NAME_ENTRY_get_data
+- X509_NAME_ENTRY_get_object
+- X509_NAME_ENTRY_new
+- X509_NAME_ENTRY_set_data
+- X509_NAME_ENTRY_set_object
+- X509_NAME_add_entry
+- X509_NAME_cmp
+- X509_NAME_delete_entry
+- X509_NAME_digest
+- X509_NAME_dup
+- X509_NAME_entry_count
+- X509_NAME_free
+- X509_NAME_get_entry
+- X509_NAME_get_index_by_NID
+- X509_NAME_get_index_by_OBJ
+- X509_NAME_get_text_by_NID
+- X509_NAME_get_text_by_OBJ
+- X509_NAME_hash
+- X509_NAME_new
+- X509_NAME_oneline
+- X509_NAME_print
+- X509_NAME_set
+- X509_OBJECT_free_contents
+- X509_OBJECT_retrive_by_subject
+- X509_OBJECT_up_ref_count
+- X509_PKEY_free
+- X509_PKEY_new
+- X509_PUBKEY_free
+- X509_PUBKEY_get
+- X509_PUBKEY_new
+- X509_PUBKEY_set
+- X509_REQ_INFO_free
+- X509_REQ_INFO_new
+- X509_REQ_dup
+- X509_REQ_free
+- X509_REQ_get_pubkey
+- X509_REQ_new
+- X509_REQ_print
+- X509_REQ_print_fp
+- X509_REQ_set_pubkey
+- X509_REQ_set_subject_name
+- X509_REQ_set_version
+- X509_REQ_sign
+- X509_REQ_to_X509
+- X509_REQ_verify
+- X509_REVOKED_add_ext
+- X509_REVOKED_delete_ext
+- X509_REVOKED_free
+- X509_REVOKED_get_ext
+- X509_REVOKED_get_ext_by_NID
+- X509_REVOKED_get_ext_by_OBJ
+- X509_REVOKED_get_ext_by_critical
+- X509_REVOKED_get_ext_count
+- X509_REVOKED_new
+- X509_SIG_free
+- X509_SIG_new
+- X509_STORE_CTX_cleanup
+- X509_STORE_CTX_get_chain
+- X509_STORE_CTX_get_current_cert
+- X509_STORE_CTX_get_error
+- X509_STORE_CTX_get_error_depth
+- X509_STORE_CTX_get_ex_data
+- X509_STORE_CTX_get_ex_new_index
+- X509_STORE_CTX_init
+- X509_STORE_CTX_set_cert
+- X509_STORE_CTX_set_chain
+- X509_STORE_CTX_set_error
+- X509_STORE_CTX_set_ex_data
+- X509_STORE_add_cert
+- X509_STORE_add_crl
+- X509_STORE_add_lookup
+- X509_STORE_free
+- X509_STORE_get_by_subject
+- X509_STORE_load_locations
+- X509_STORE_new
+- X509_STORE_set_default_paths
+- X509_VAL_free
+- X509_VAL_new
+- X509_add_ext
+- X509_asn1_meth
+- X509_certificate_type
+- X509_check_private_key
+- X509_cmp_current_time
+- X509_delete_ext
+- X509_digest
+- X509_dup
+- X509_find_by_issuer_and_serial
+- X509_find_by_subject
+- X509_free
+- X509_get_default_cert_area
+- X509_get_default_cert_dir
+- X509_get_default_cert_dir_env
+- X509_get_default_cert_file
+- X509_get_default_cert_file_env
+- X509_get_default_private_dir
+- X509_get_ext
+- X509_get_ext_by_NID
+- X509_get_ext_by_OBJ
+- X509_get_ext_by_critical
+- X509_get_ext_count
+- X509_get_issuer_name
+- X509_get_pubkey
+- X509_get_pubkey_parameters
+- X509_get_serialNumber
+- X509_get_subject_name
+- X509_gmtime_adj
+- X509_issuer_and_serial_cmp
+- X509_issuer_and_serial_hash
+- X509_issuer_name_cmp
+- X509_issuer_name_hash
+- X509_load_cert_file
+- X509_load_crl_file
+- X509_new
+- X509_print
+- X509_print_fp
+- X509_set_issuer_name
+- X509_set_notAfter
+- X509_set_notBefore
+- X509_set_pubkey
+- X509_set_serialNumber
+- X509_set_subject_name
+- X509_set_version
+- X509_sign
+- X509_subject_name_cmp
+- X509_subject_name_hash
+- X509_to_X509_REQ
+- X509_verify
+- X509_verify_cert
+- X509_verify_cert_error_string
+- X509v3_add_ext
+- X509v3_add_extension
+- X509v3_add_netscape_extensions
+- X509v3_add_standard_extensions
+- X509v3_cleanup_extensions
+- X509v3_data_type_by_NID
+- X509v3_data_type_by_OBJ
+- X509v3_delete_ext
+- X509v3_get_ext
+- X509v3_get_ext_by_NID
+- X509v3_get_ext_by_OBJ
+- X509v3_get_ext_by_critical
+- X509v3_get_ext_count
+- X509v3_get_key_usage
+- X509v3_pack_string
+- X509v3_pack_type_by_NID
+- X509v3_pack_type_by_OBJ
+- X509v3_set_key_usage
+- X509v3_unpack_string
+- _des_crypt
+- a2d_ASN1_OBJECT
+- a2i_ASN1_INTEGER
+- a2i_ASN1_STRING
+- a2i_X509v3_key_usage
+- asn1_Finish
+- asn1_GetSequence
+- bn_add_words
+- bn_div64
+- bn_expand2
+- bn_mul_add_words
+- bn_mul_words
+- bn_qadd
+- bn_qsub
+- bn_sqr_words
+- crypt
+- d2i_ASN1_BIT_STRING
+- d2i_ASN1_BOOLEAN
+- d2i_ASN1_HEADER
+- d2i_ASN1_IA5STRING
+- d2i_ASN1_INTEGER
+- d2i_ASN1_OBJECT
+- d2i_ASN1_OCTET_STRING
+- d2i_ASN1_PRINTABLE
+- d2i_ASN1_PRINTABLESTRING
+- d2i_ASN1_SET
+- d2i_ASN1_T61STRING
+- d2i_ASN1_TYPE
+- d2i_ASN1_UTCTIME
+- d2i_ASN1_bytes
+- d2i_ASN1_type_bytes
+- d2i_DHparams
+- d2i_DSAPrivateKey
+- d2i_DSAPrivateKey_bio
+- d2i_DSAPrivateKey_fp
+- d2i_DSAPublicKey
+- d2i_DSAparams
+- d2i_NETSCAPE_SPKAC
+- d2i_NETSCAPE_SPKI
+- d2i_Netscape_RSA
+- d2i_Netscape_RSA_2
+- d2i_PKCS7
+- d2i_PKCS7_DIGEST
+- d2i_PKCS7_ENCRYPT
+- d2i_PKCS7_ENC_CONTENT
+- d2i_PKCS7_ENVELOPE
+- d2i_PKCS7_ISSUER_AND_SERIAL
+- d2i_PKCS7_RECIP_INFO
+- d2i_PKCS7_SIGNED
+- d2i_PKCS7_SIGNER_INFO
+- d2i_PKCS7_SIGN_ENVELOPE
+- d2i_PKCS7_bio
+- d2i_PKCS7_fp
+- d2i_PrivateKey
+- d2i_PublicKey
+- d2i_RSAPrivateKey
+- d2i_RSAPrivateKey_bio
+- d2i_RSAPrivateKey_fp
+- d2i_RSAPublicKey
+- d2i_RSAPublicKey_bio
+- d2i_RSAPublicKey_fp
+- d2i_X509
+- d2i_X509_ALGOR
+- d2i_X509_ATTRIBUTE
+- d2i_X509_CINF
+- d2i_X509_CRL
+- d2i_X509_CRL_INFO
+- d2i_X509_CRL_bio
+- d2i_X509_CRL_fp
+- d2i_X509_EXTENSION
+- d2i_X509_NAME
+- d2i_X509_NAME_ENTRY
+- d2i_X509_PKEY
+- d2i_X509_PUBKEY
+- d2i_X509_REQ
+- d2i_X509_REQ_INFO
+- d2i_X509_REQ_bio
+- d2i_X509_REQ_fp
+- d2i_X509_REVOKED
+- d2i_X509_SIG
+- d2i_X509_VAL
+- d2i_X509_bio
+- d2i_X509_fp
+- des_cbc_cksum
+- des_cbc_encrypt
+- des_cblock_print_file
+- des_cfb64_encrypt
+- des_cfb_encrypt
+- des_decrypt3
+- des_ecb3_encrypt
+- des_ecb_encrypt
+- des_ede3_cbc_encrypt
+- des_ede3_cfb64_encrypt
+- des_ede3_ofb64_encrypt
+- des_enc_read
+- des_enc_write
+- des_encrypt
+- des_encrypt2
+- des_encrypt3
+- des_fcrypt
+- des_is_weak_key
+- des_key_sched
+- des_ncbc_encrypt
+- des_ofb64_encrypt
+- des_ofb_encrypt
+- des_options
+- des_pcbc_encrypt
+- des_quad_cksum
+- des_random_key
+- des_random_seed
+- des_read_2passwords
+- des_read_password
+- des_read_pw
+- des_read_pw_string
+- des_set_key
+- des_set_odd_parity
+- des_string_to_2keys
+- des_string_to_key
+- des_xcbc_encrypt
+- des_xwhite_in2out
+- fcrypt_body
+- i2a_ASN1_INTEGER
+- i2a_ASN1_OBJECT
+- i2a_ASN1_STRING
+- i2a_X509v3_key_usage
+- i2d_ASN1_BIT_STRING
+- i2d_ASN1_BOOLEAN
+- i2d_ASN1_HEADER
+- i2d_ASN1_IA5STRING
+- i2d_ASN1_INTEGER
+- i2d_ASN1_OBJECT
+- i2d_ASN1_OCTET_STRING
+- i2d_ASN1_PRINTABLE
+- i2d_ASN1_SET
+- i2d_ASN1_TYPE
+- i2d_ASN1_UTCTIME
+- i2d_ASN1_bytes
+- i2d_DHparams
+- i2d_DSAPrivateKey
+- i2d_DSAPrivateKey_bio
+- i2d_DSAPrivateKey_fp
+- i2d_DSAPublicKey
+- i2d_DSAparams
+- i2d_NETSCAPE_SPKAC
+- i2d_NETSCAPE_SPKI
+- i2d_Netscape_RSA
+- i2d_PKCS7
+- i2d_PKCS7_DIGEST
+- i2d_PKCS7_ENCRYPT
+- i2d_PKCS7_ENC_CONTENT
+- i2d_PKCS7_ENVELOPE
+- i2d_PKCS7_ISSUER_AND_SERIAL
+- i2d_PKCS7_RECIP_INFO
+- i2d_PKCS7_SIGNED
+- i2d_PKCS7_SIGNER_INFO
+- i2d_PKCS7_SIGN_ENVELOPE
+- i2d_PKCS7_bio
+- i2d_PKCS7_fp
+- i2d_PrivateKey
+- i2d_PublicKey
+- i2d_RSAPrivateKey
+- i2d_RSAPrivateKey_bio
+- i2d_RSAPrivateKey_fp
+- i2d_RSAPublicKey
+- i2d_RSAPublicKey_bio
+- i2d_RSAPublicKey_fp
+- i2d_X509
+- i2d_X509_ALGOR
+- i2d_X509_ATTRIBUTE
+- i2d_X509_CINF
+- i2d_X509_CRL
+- i2d_X509_CRL_INFO
+- i2d_X509_CRL_bio
+- i2d_X509_CRL_fp
+- i2d_X509_EXTENSION
+- i2d_X509_NAME
+- i2d_X509_NAME_ENTRY
+- i2d_X509_PKEY
+- i2d_X509_PUBKEY
+- i2d_X509_REQ
+- i2d_X509_REQ_INFO
+- i2d_X509_REQ_bio
+- i2d_X509_REQ_fp
+- i2d_X509_REVOKED
+- i2d_X509_SIG
+- i2d_X509_VAL
+- i2d_X509_bio
+- i2d_X509_fp
+- i2t_ASN1_OBJECT
+- idea_cbc_encrypt
+- idea_cfb64_encrypt
+- idea_ecb_encrypt
+- idea_encrypt
+- idea_ofb64_encrypt
+- idea_options
+- idea_set_decrypt_key
+- idea_set_encrypt_key
+- lh_delete
+- lh_doall
+- lh_doall_arg
+- lh_free
+- lh_insert
+- lh_new
+- lh_node_stats
+- lh_node_stats_bio
+- lh_node_usage_stats
+- lh_node_usage_stats_bio
+- lh_retrieve
+- lh_stats
+- lh_stats_bio
+- lh_strhash
+- ripemd160_block
+- sha1_block
+- sha_block
+- sk_delete
+- sk_delete_ptr
+- sk_dup
+- sk_find
+- sk_free
+- sk_insert
+- sk_new
+- sk_pop
+- sk_pop_free
+- sk_push
+- sk_set_cmp_func
+- sk_shift
+- sk_unshift
+- sk_zero
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/dep/files ../RELENG_4_6/crypto/openssl/dep/files
+*** crypto/openssl/dep/files	Mon Jan 10 01:21:56 2000
+--- ../RELENG_4_6/crypto/openssl/dep/files	Wed Dec 31 19:00:00 1969
+***************
+*** 1,566 ****
+- ./e_os.h
+- 
+- ./crypto/cryptall.h		CRYPTO
+- ./crypto/cryptlib.h		CRYPTO
+- ./crypto/crypto.c		CRYPTO
+- ./crypto/cversion.c		CRYPTO
+- ./crypto/date.h			CRYPTO
+- ./crypto/mem.c			CRYPTO
+- ./crypto/cpt_err.c		CRYPTO
+- ./crypto/ex_data.c		CRYPTO
+- ./crypto/crypto.h		CRYPTO
+- ./crypto/cryptlib.c		CRYPTO
+- ./crypto/tmdiff.c		CRYPTO
+- 
+- ./crypto/asn1/asn1.h		ASN1
+- ./crypto/asn1/asn1_mac.h	ASN1
+- ./crypto/asn1/asn1_err.c	ASN1
+- ./crypto/asn1/asn1_lib.c	ASN1
+- ./crypto/asn1/asn1_par.c	ASN1
+- ./crypto/asn1/a_bitstr.c	ASN1
+- ./crypto/asn1/a_bmp.c		ASN1
+- ./crypto/asn1/a_bool.c		ASN1
+- ./crypto/asn1/a_bytes.c		ASN1
+- ./crypto/asn1/a_d2i_fp.c	ASN1
+- ./crypto/asn1/a_digest.c	ASN1
+- ./crypto/asn1/a_dup.c		ASN1
+- ./crypto/asn1/a_hdr.c		ASN1
+- ./crypto/asn1/a_i2d_fp.c	ASN1
+- ./crypto/asn1/a_int.c		ASN1
+- ./crypto/asn1/a_meth.c		ASN1
+- ./crypto/asn1/a_object.c	ASN1
+- ./crypto/asn1/a_octet.c		ASN1
+- ./crypto/asn1/a_print.c		ASN1
+- ./crypto/asn1/a_set.c		ASN1
+- ./crypto/asn1/a_sign.c		ASN1
+- ./crypto/asn1/a_type.c		ASN1
+- ./crypto/asn1/a_utctm.c		ASN1
+- ./crypto/asn1/a_verify.c	ASN1
+- ./crypto/asn1/d2i_dhp.c		ASN1
+- ./crypto/asn1/d2i_dsap.c	ASN1
+- ./crypto/asn1/d2i_pr.c		ASN1
+- ./crypto/asn1/d2i_pu.c		ASN1
+- ./crypto/asn1/d2i_r_pr.c	ASN1
+- ./crypto/asn1/d2i_r_pu.c	ASN1
+- ./crypto/asn1/d2i_s_pr.c	ASN1
+- ./crypto/asn1/d2i_s_pu.c	ASN1
+- ./crypto/asn1/f_int.c		ASN1
+- ./crypto/asn1/f_string.c	ASN1
+- ./crypto/asn1/i2d_dhp.c		ASN1
+- ./crypto/asn1/i2d_dsap.c	ASN1
+- ./crypto/asn1/i2d_pr.c		ASN1
+- ./crypto/asn1/i2d_pu.c		ASN1
+- ./crypto/asn1/i2d_r_pr.c	ASN1
+- ./crypto/asn1/i2d_r_pu.c	ASN1
+- ./crypto/asn1/i2d_s_pr.c	ASN1
+- ./crypto/asn1/i2d_s_pu.c	ASN1
+- ./crypto/asn1/n_pkey.c		ASN1
+- ./crypto/asn1/p7_dgst.c		ASN1
+- ./crypto/asn1/p7_enc.c		ASN1
+- ./crypto/asn1/p7_enc_c.c	ASN1
+- ./crypto/asn1/p7_evp.c		ASN1
+- ./crypto/asn1/p7_i_s.c		ASN1
+- ./crypto/asn1/p7_lib.c		ASN1
+- ./crypto/asn1/p7_recip.c	ASN1
+- ./crypto/asn1/p7_signd.c	ASN1
+- ./crypto/asn1/p7_signi.c	ASN1
+- ./crypto/asn1/p7_s_e.c		ASN1
+- ./crypto/asn1/pk.c		ASN1
+- ./crypto/asn1/pkcs8.c		ASN1
+- ./crypto/asn1/t_pkey.c		ASN1
+- ./crypto/asn1/t_req.c		ASN1
+- ./crypto/asn1/t_x509.c		ASN1
+- ./crypto/asn1/x_algor.c		ASN1
+- ./crypto/asn1/x_attrib.c	ASN1
+- ./crypto/asn1/x_cinf.c		ASN1
+- ./crypto/asn1/x_crl.c		ASN1
+- ./crypto/asn1/x_exten.c		ASN1
+- ./crypto/asn1/x_info.c		ASN1
+- ./crypto/asn1/x_name.c		ASN1
+- ./crypto/asn1/x_pkey.c		ASN1
+- ./crypto/asn1/x_pubkey.c	ASN1
+- ./crypto/asn1/x_req.c		ASN1
+- ./crypto/asn1/x_sig.c		ASN1
+- ./crypto/asn1/x_spki.c		ASN1
+- ./crypto/asn1/x_val.c		ASN1
+- ./crypto/asn1/x_x509.c		ASN1
+- 
+- ./crypto/bf/blowfish.h		BF
+- ./crypto/bf/bf_pi.h		BF
+- ./crypto/bf/bf_locl.h		BF
+- ./crypto/bf/bfspeed.c		BF
+- ./crypto/bf/bftest.c		BF
+- ./crypto/bf/bf_cbc.c		BF
+- ./crypto/bf/bf_cfb64.c		BF
+- ./crypto/bf/bf_ecb.c		BF
+- ./crypto/bf/bf_enc.c		BF
+- ./crypto/bf/bf_ofb64.c		BF
+- ./crypto/bf/bf_opts.c		BF
+- ./crypto/bf/bf_skey.c		BF
+- 
+- ./crypto/bio/bio.h		BIO
+- ./crypto/bio/bf_buff.c		BIO
+- ./crypto/bio/bf_nbio.c		BIO
+- ./crypto/bio/bf_null.c		BIO
+- ./crypto/bio/bio_cb.c		BIO
+- ./crypto/bio/bio_err.c		BIO
+- ./crypto/bio/bio_lib.c		BIO
+- ./crypto/bio/bss_acpt.c		BIO
+- ./crypto/bio/bss_conn.c		BIO
+- ./crypto/bio/bss_fd.c		BIO
+- ./crypto/bio/bss_file.c		BIO
+- ./crypto/bio/bss_mem.c		BIO
+- ./crypto/bio/bss_null.c		BIO
+- ./crypto/bio/bss_rtcp.c		BIO
+- ./crypto/bio/bss_sock.c		BIO
+- ./crypto/bio/b_dump.c		BIO
+- ./crypto/bio/b_print.c		BIO
+- ./crypto/bio/b_sock.c		BIO
+- 
+- ./crypto/bn/bn.h		BN
+- ./crypto/bn/bn_lcl.h		BN
+- ./crypto/bn/bn_prime.h		BN
+- ./crypto/bn/bnspeed.c		BN
+- ./crypto/bn/bntest.c		BN
+- ./crypto/bn/bn_add.c		BN
+- ./crypto/bn/bn_bld.c		BN
+- ./crypto/bn/bn_blind.c		BN
+- ./crypto/bn/bn_div.c		BN
+- ./crypto/bn/bn_err.c		BN
+- ./crypto/bn/bn_exp.c		BN
+- ./crypto/bn/bn_gcd.c		BN
+- ./crypto/bn/bn_lib.c		BN
+- ./crypto/bn/bn_mod.c		BN
+- ./crypto/bn/bn_mont.c		BN
+- ./crypto/bn/bn_mul.c		BN
+- ./crypto/bn/bn_mulw.c		BN
+- ./crypto/bn/bn_prime.c		BN
+- ./crypto/bn/bn_print.c		BN
+- ./crypto/bn/bn_rand.c		BN
+- ./crypto/bn/bn_recp.c		BN
+- ./crypto/bn/bn_shift.c		BN
+- ./crypto/bn/bn_sqr.c		BN
+- ./crypto/bn/bn_sub.c		BN
+- ./crypto/bn/bn_word.c		BN
+- ./crypto/bn/bn_m.c		BN
+- ./crypto/bn/m.c			BN
+- ./crypto/bn/expspeed.c		BN
+- ./crypto/bn/bn_mpi.c		BN
+- ./crypto/bn/exptest.c		BN
+- 
+- ./crypto/buffer/buffer.c	BUFF
+- ./crypto/buffer/buffer.h	BUFF
+- ./crypto/buffer/buf_err.c	BUFF
+- 
+- ./crypto/cast/cast.h		CAST
+- ./crypto/cast/castopts.c	CAST
+- ./crypto/cast/casttest.c	CAST
+- ./crypto/cast/cast_lcl.h	CAST
+- ./crypto/cast/cast_s.h		CAST
+- ./crypto/cast/cast_spd.c	CAST
+- ./crypto/cast/c_cfb64.c		CAST
+- ./crypto/cast/c_ecb.c		CAST
+- ./crypto/cast/c_enc.c		CAST
+- ./crypto/cast/c_ofb64.c		CAST
+- ./crypto/cast/c_skey.c		CAST
+- 
+- ./crypto/conf/conf_lcl.h	CONF
+- ./crypto/conf/cnf_save.c	CONF
+- ./crypto/conf/conf.c		CONF
+- ./crypto/conf/conf.h		CONF
+- ./crypto/conf/conf_err.c	CONF
+- 
+- ./crypto/des/des.h		DES
+- ./crypto/des/des_locl.h		DES
+- ./crypto/des/spr.h		DES
+- ./crypto/des/podd.h		DES
+- ./crypto/des/sk.h		DES
+- ./crypto/des/cbc3_enc.c		DES
+- ./crypto/des/cbc_cksm.c		DES
+- ./crypto/des/cbc_enc.c		DES
+- ./crypto/des/cfb64ede.c		DES
+- ./crypto/des/cfb64enc.c		DES
+- ./crypto/des/cfb_enc.c		DES
+- ./crypto/des/des.c		DES
+- ./crypto/des/destest.c		DES
+- ./crypto/des/des_enc.c		DES
+- ./crypto/des/des_opts.c		DES
+- ./crypto/des/des_ver.h		DES
+- ./crypto/des/ecb3_enc.c		DES
+- ./crypto/des/ecb_enc.c		DES
+- ./crypto/des/ede_enc.c		DES
+- ./crypto/des/enc_read.c		DES
+- ./crypto/des/enc_writ.c		DES
+- ./crypto/des/fcrypt.c		DES
+- ./crypto/des/fcrypt_b.c		DES
+- ./crypto/des/ncbc_enc.c		DES
+- ./crypto/des/ofb64ede.c		DES
+- ./crypto/des/ofb64enc.c		DES
+- ./crypto/des/ofb_enc.c		DES
+- ./crypto/des/pcbc_enc.c		DES
+- ./crypto/des/qud_cksm.c		DES
+- ./crypto/des/rand_key.c		DES
+- ./crypto/des/read2pwd.c		DES
+- ./crypto/des/read_pwd.c		DES
+- ./crypto/des/rpc_des.h		DES
+- ./crypto/des/rpc_enc.c		DES
+- ./crypto/des/rpw.c		DES
+- ./crypto/des/set_key.c		DES
+- ./crypto/des/str2key.c		DES
+- ./crypto/des/supp.c		DES
+- ./crypto/des/xcbc_enc.c		DES
+- 
+- ./crypto/dh/dh.h		DH
+- ./crypto/dh/dh_check.c		DH
+- ./crypto/dh/dh_err.c		DH
+- ./crypto/dh/dh_gen.c		DH
+- ./crypto/dh/dh_key.c		DH
+- ./crypto/dh/dh_lib.c		DH
+- ./crypto/dh/p1024.c		DH
+- ./crypto/dh/p192.c		DH
+- ./crypto/dh/p512.c		DH
+- ./crypto/dh/dhtest.c		DH
+- 
+- ./crypto/dsa/dsa.h		DSA
+- ./crypto/dsa/dsagen.c		DSA
+- ./crypto/dsa/dsa_err.c		DSA
+- ./crypto/dsa/dsa_gen.c		DSA
+- ./crypto/dsa/dsa_key.c		DSA
+- ./crypto/dsa/dsa_lib.c		DSA
+- ./crypto/dsa/dsa_sign.c		DSA
+- ./crypto/dsa/dsa_vrf.c		DSA
+- ./crypto/dsa/dsatest.c		DSA
+- 
+- ./crypto/err/err.c		ERR
+- ./crypto/err/err.h		ERR
+- ./crypto/err/err_all.c		ERR
+- ./crypto/err/err_prn.c		ERR
+- 
+- ./crypto/evp/evp.h		EVP
+- ./crypto/evp/bio_b64.c		EVP
+- ./crypto/evp/bio_enc.c		EVP
+- ./crypto/evp/bio_md.c		EVP
+- ./crypto/evp/c_all.c		EVP
+- ./crypto/evp/digest.c		EVP
+- ./crypto/evp/encode.c		EVP
+- ./crypto/evp/evp_enc.c		EVP
+- ./crypto/evp/evp_err.c		EVP
+- ./crypto/evp/evp_key.c		EVP
+- ./crypto/evp/e_cbc_3d.c		EVP
+- ./crypto/evp/e_cbc_bf.c		EVP
+- ./crypto/evp/e_cbc_c.c		EVP
+- ./crypto/evp/e_cbc_d.c		EVP
+- ./crypto/evp/e_cbc_i.c		EVP
+- ./crypto/evp/e_cbc_r2.c		EVP
+- ./crypto/evp/e_cfb_3d.c		EVP
+- ./crypto/evp/e_cfb_bf.c		EVP
+- ./crypto/evp/e_cfb_c.c		EVP
+- ./crypto/evp/e_cfb_d.c		EVP
+- ./crypto/evp/e_cfb_i.c		EVP
+- ./crypto/evp/e_cfb_r2.c		EVP
+- ./crypto/evp/e_dsa.c		EVP
+- ./crypto/evp/e_ecb_3d.c		EVP
+- ./crypto/evp/e_ecb_bf.c		EVP
+- ./crypto/evp/e_ecb_c.c		EVP
+- ./crypto/evp/e_ecb_d.c		EVP
+- ./crypto/evp/e_ecb_i.c		EVP
+- ./crypto/evp/e_ecb_r2.c		EVP
+- ./crypto/evp/e_null.c		EVP
+- ./crypto/evp/e_ofb_3d.c		EVP
+- ./crypto/evp/e_ofb_bf.c		EVP
+- ./crypto/evp/e_ofb_c.c		EVP
+- ./crypto/evp/e_ofb_d.c		EVP
+- ./crypto/evp/e_ofb_i.c		EVP
+- ./crypto/evp/e_ofb_r2.c		EVP
+- ./crypto/evp/e_rc4.c		EVP
+- ./crypto/evp/e_xcbc_d.c		EVP
+- ./crypto/evp/m_dss.c		EVP
+- ./crypto/evp/m_dss1.c		EVP
+- ./crypto/evp/m_md2.c		EVP
+- ./crypto/evp/m_md5.c		EVP
+- ./crypto/evp/m_mdc2.c		EVP
+- ./crypto/evp/m_null.c		EVP
+- ./crypto/evp/m_sha.c		EVP
+- ./crypto/evp/m_sha1.c		EVP
+- ./crypto/evp/names.c		EVP
+- ./crypto/evp/p_lib.c		EVP
+- ./crypto/evp/p_open.c		EVP
+- ./crypto/evp/p_seal.c		EVP
+- ./crypto/evp/p_sign.c		EVP
+- ./crypto/evp/p_verify.c		EVP
+- 
+- ./crypto/hmac/hmac.c		HMAC
+- ./crypto/hmac/hmac.h		HMAC
+- ./crypto/hmac/hmactest.c	HMAC
+- 
+- ./crypto/idea/ideatest.c	IDEA
+- ./crypto/idea/idea_lcl.h	IDEA
+- ./crypto/idea/idea_spd.c	IDEA
+- ./crypto/idea/i_cbc.c		IDEA
+- ./crypto/idea/i_cfb64.c		IDEA
+- ./crypto/idea/i_ecb.c		IDEA
+- ./crypto/idea/i_ofb64.c		IDEA
+- ./crypto/idea/i_skey.c		IDEA
+- ./crypto/idea/idea.h		IDEA
+- 
+- ./crypto/lhash/lhash.c		LHASH
+- ./crypto/lhash/lhash.h		LHASH
+- ./crypto/lhash/lh_stats.c	LHASH
+- ./crypto/lhash/lh_test.c	LHASH
+- 
+- ./crypto/md2/md2.c		MD2
+- ./crypto/md2/md2test.c		MD2
+- ./crypto/md2/md2_dgst.c		MD2
+- ./crypto/md2/md2_one.c		MD2
+- ./crypto/md2/md2.h		MD2
+- 
+- ./crypto/md5/md5.c		MD5
+- ./crypto/md5/md5.h		MD5
+- ./crypto/md5/md5test.c		MD5
+- ./crypto/md5/md5_dgst.c		MD5
+- ./crypto/md5/md5_locl.h		MD5
+- ./crypto/md5/md5_one.c		MD5
+- 
+- ./crypto/mdc2/mdc2.h		MDC2
+- ./crypto/mdc2/mdc2dgst.c	MDC2
+- ./crypto/mdc2/mdc2test.c	MDC2
+- ./crypto/mdc2/mdc2_one.c	MDC2
+- 
+- ./crypto/objects/objects.h	OBJ
+- ./crypto/objects/obj_dat.c	OBJ
+- ./crypto/objects/obj_dat.h	OBJ
+- ./crypto/objects/obj_err.c	OBJ
+- ./crypto/objects/obj_lib.c	OBJ
+- 
+- ./crypto/pem/ctx_size.c		PEM
+- ./crypto/pem/pem.h		PEM
+- ./crypto/pem/pem_all.c		PEM
+- ./crypto/pem/pem_err.c		PEM
+- ./crypto/pem/pem_info.c		PEM
+- ./crypto/pem/pem_lib.c		PEM
+- ./crypto/pem/pem_seal.c		PEM
+- ./crypto/pem/pem_sign.c		PEM
+- 
+- ./crypto/pkcs7/pk7_dgst.c	PKCS7
+- ./crypto/pkcs7/pk7_doit.c	PKCS7
+- ./crypto/pkcs7/pk7_enc.c	PKCS7
+- ./crypto/pkcs7/pk7_lib.c	PKCS7
+- ./crypto/pkcs7/pkcs7.h		PKCS7
+- ./crypto/pkcs7/pkcs7err.c	PKCS7
+- ./crypto/pkcs7/sign.c		PKCS7
+- 
+- ./crypto/proxy/bf_proxy.c	PROXY
+- ./crypto/proxy/p2test.c		PROXY
+- ./crypto/proxy/p3test.c		PROXY
+- ./crypto/proxy/paccept.c	PROXY
+- ./crypto/proxy/proxy.c		PROXY
+- ./crypto/proxy/proxy.h		PROXY
+- ./crypto/proxy/ptest.c		PROXY
+- ./crypto/proxy/pxy_conf.c	PROXY
+- ./crypto/proxy/pxy_err.c	PROXY
+- ./crypto/proxy/pxy_txt.c	PROXY
+- 
+- ./crypto/rand/md_rand.c		RAND
+- ./crypto/rand/rand.h		RAND
+- ./crypto/rand/randfile.c	RAND
+- ./crypto/rand/randtest.c	RAND
+- 
+- ./crypto/rc2/rc2cfb64.c		RC2
+- ./crypto/rc2/rc2ofb64.c		RC2
+- ./crypto/rc2/rc2speed.c		RC2
+- ./crypto/rc2/rc2test.c		RC2
+- ./crypto/rc2/rc2_cbc.c		RC2
+- ./crypto/rc2/rc2_ecb.c		RC2
+- ./crypto/rc2/rc2_locl.h		RC2
+- ./crypto/rc2/rc2_skey.c		RC2
+- ./crypto/rc2/rc2.h		RC2
+- 
+- ./crypto/rc4/rc4.c		RC4
+- ./crypto/rc4/rc4speed.c		RC4
+- ./crypto/rc4/rc4test.c		RC4
+- ./crypto/rc4/rc4_enc.c		RC4
+- ./crypto/rc4/rc4_skey.c		RC4
+- ./crypto/rc4/rc4.h		RC4
+- ./crypto/rc4/rc4_locl.h		RC4
+- 
+- ./crypto/rsa/rsa.h		RSA
+- ./crypto/rsa/rsa_eay.c		RSA
+- ./crypto/rsa/rsa_err.c		RSA
+- ./crypto/rsa/rsa_gen.c		RSA
+- ./crypto/rsa/rsa_lib.c		RSA
+- ./crypto/rsa/rsa_saos.c		RSA
+- ./crypto/rsa/rsa_sign.c		RSA
+- ./crypto/rsa/rsa_ssl.c		RSA
+- ./crypto/rsa/rsa_pk1.c		RSA
+- ./crypto/rsa/rsa_none.c		RSA
+- 
+- ./crypto/sha/sha.h		SHA
+- ./crypto/sha/sha_locl.h		SHA
+- ./crypto/sha/sha.c		SHA0
+- ./crypto/sha/sha_dgst.c		SHA0
+- ./crypto/sha/sha_one.c		SHA0
+- ./crypto/sha/sha_sgst.c		SHA0
+- ./crypto/sha/shatest.c		SHA0
+- ./crypto/sha/sha1.c		SHA1
+- ./crypto/sha/sha1dgst.c		SHA1
+- ./crypto/sha/sha1_one.c		SHA1
+- ./crypto/sha/sha1test.c		SHA1
+- 
+- ./crypto/stack/stack.c		STACK
+- ./crypto/stack/stack.h		STACK
+- 
+- ./crypto/txt_db/txt_db.c	TXTDB
+- ./crypto/txt_db/txt_db.h	TXTDB
+- 
+- ./crypto/x509/by_dir.c		X509
+- ./crypto/x509/by_file.c		X509
+- ./crypto/x509/v3_net.c		X509
+- ./crypto/x509/v3_x509.c		X509
+- ./crypto/x509/x509.h		X509
+- ./crypto/x509/x509name.c	X509
+- ./crypto/x509/x509pack.c	X509
+- ./crypto/x509/x509rset.c	X509
+- ./crypto/x509/x509type.c	X509
+- ./crypto/x509/x509_cmp.c	X509
+- ./crypto/x509/x509_d2.c		X509
+- ./crypto/x509/x509_def.c	X509
+- ./crypto/x509/x509_err.c	X509
+- ./crypto/x509/x509_ext.c	X509
+- ./crypto/x509/x509_lu.c		X509
+- ./crypto/x509/x509_obj.c	X509
+- ./crypto/x509/x509_r2x.c	X509
+- ./crypto/x509/x509_req.c	X509
+- ./crypto/x509/x509_set.c	X509
+- ./crypto/x509/x509_txt.c	X509
+- ./crypto/x509/x509_v3.c		X509
+- ./crypto/x509/x509_vfy.c	X509
+- ./crypto/x509/x_all.c		X509
+- ./crypto/x509/x509_vfy.h	X509
+- ./crypto/x509v3/v3_ku.c		X509
+- ./crypto/x509v3/x509v3.h	X509
+- 
+- ./crypto/threads/mttest.c	THREADS
+- ./crypto/threads/th-lock.c	THREADS
+- 
+- ./crypto/ripemd/rmdtest.c	RMD160
+- ./crypto/ripemd/ripemd.h	RMD160
+- ./crypto/ripemd/rmdconst.h	RMD160
+- ./crypto/ripemd/rmd_locl.h	RMD160
+- ./crypto/ripemd/rmd_one.c	RMD160
+- ./crypto/ripemd/rmd160.c	RMD160
+- ./crypto/ripemd/rmd_dgst.c	RMD160
+- 
+- ./crypto/rc5/rc5_ecb.c		RC5
+- ./crypto/rc5/rc5cfb64.c		RC5
+- ./crypto/rc5/rc5ofb64.c		RC5
+- ./crypto/rc5/rc5speed.c		RC5
+- ./crypto/rc5/rc5test.c		RC5
+- ./crypto/rc5/rc5_enc.c		RC5
+- ./crypto/rc5/rc5.h		RC5
+- ./crypto/rc5/rc5_locl.h		RC5
+- ./crypto/rc5/rc5_skey.c		RC5
+- 
+- ./ssl/bio_ssl.c			SSL
+- ./ssl/pxy_ssl.c			SSL
+- ./ssl/s23_clnt.c		SSL
+- ./ssl/s23_lib.c			SSL
+- ./ssl/s23_meth.c		SSL
+- ./ssl/s23_pkt.c			SSL
+- ./ssl/s23_srvr.c		SSL
+- ./ssl/s2_clnt.c			SSL
+- ./ssl/s2_enc.c			SSL
+- ./ssl/s2_lib.c			SSL
+- ./ssl/s2_meth.c			SSL
+- ./ssl/s2_pkt.c			SSL
+- ./ssl/s2_srvr.c			SSL
+- ./ssl/s3_both.c			SSL
+- ./ssl/s3_clnt.c			SSL
+- ./ssl/s3_enc.c			SSL
+- ./ssl/s3_lib.c			SSL
+- ./ssl/s3_meth.c			SSL
+- ./ssl/s3_pkt.c			SSL
+- ./ssl/s3_srvr.c			SSL
+- ./ssl/ssl.c			SSL
+- ./ssl/ssl2.h			SSL
+- ./ssl/ssl23.h			SSL
+- ./ssl/ssl3.h			SSL
+- ./ssl/ssl_algs.c		SSL
+- ./ssl/ssl_asn1.c		SSL
+- ./ssl/ssl_cert.c		SSL
+- ./ssl/ssl_ciph.c		SSL
+- ./ssl/ssl_err.c			SSL
+- ./ssl/ssl_err2.c		SSL
+- ./ssl/ssl_lib.c			SSL
+- ./ssl/ssl_locl.h		SSL
+- ./ssl/ssl_rsa.c			SSL
+- ./ssl/ssl_sess.c		SSL
+- ./ssl/ssl_stat.c		SSL
+- ./ssl/ssl_task.c		SSL
+- ./ssl/ssl_txt.c			SSL
+- ./ssl/tls1.h			SSL
+- ./ssl/t1_lib.c			SSL
+- ./ssl/t1_enc.c			SSL
+- ./ssl/t1_meth.c			SSL
+- ./ssl/t1_srvr.c			SSL
+- ./ssl/t1_clnt.c			SSL
+- ./ssl/ssl.h			SSL
+- ./ssl/ssltest.c			SSL
+- 
+- ./rsaref/rsaref.c		RSAREF
+- ./rsaref/rsaref.h		RSAREF
+- ./rsaref/rsar_err.c		RSAREF
+- 
+- ./apps/apps.c			APPS
+- ./apps/apps.h			APPS
+- ./apps/asn1pars.c		APPS
+- ./apps/bf_perm.c		APPS
+- ./apps/bf_perm.h		APPS
+- ./apps/ca.c			APPS
+- ./apps/ciphers.c		APPS
+- ./apps/crl.c			APPS
+- ./apps/crl2p7.c			APPS
+- ./apps/dgst.c			APPS
+- ./apps/dh.c			APPS
+- ./apps/dsa.c			APPS
+- ./apps/dsaparam.c		APPS
+- ./apps/eay.c			APPS
+- ./apps/enc.c			APPS
+- ./apps/errstr.c			APPS
+- ./apps/speed.c			APPS
+- ./apps/gendh.c			APPS
+- ./apps/gendsa.c			APPS
+- ./apps/genrsa.c			APPS
+- ./apps/mybio_cb.c		APPS
+- ./apps/pem_mail.c		APPS
+- ./apps/pkcs7.c			APPS
+- ./apps/progs.h			APPS
+- ./apps/req.c			APPS
+- ./apps/rsa.c			APPS
+- ./apps/sess_id.c		APPS
+- ./apps/s_apps.h			APPS
+- ./apps/s_cb.c			APPS
+- ./apps/s_client.c		APPS
+- ./apps/s_server.c		APPS
+- ./apps/s_socket.c		APPS
+- ./apps/s_time.c			APPS
+- ./apps/testdsa.h		APPS
+- ./apps/testrsa.h		APPS
+- ./apps/verify.c			APPS
+- ./apps/version.c		APPS
+- ./apps/x509.c			APPS
+- ./apps/ssleay.c			APPS
+- ./apps/sp.c			APPS
+- 
+- ./demos/b64.c			DEMO
+- ./demos/bio/saccept.c		DEMO
+- ./demos/bio/sconnect.c		DEMO
+- ./demos/maurice/example1.c	DEMO
+- ./demos/maurice/example2.c	DEMO
+- ./demos/maurice/example3.c	DEMO
+- ./demos/maurice/example4.c	DEMO
+- ./demos/maurice/loadkeys.c	DEMO
+- ./demos/maurice/loadkeys.h	DEMO
+- ./demos/prime/prime.c		DEMO
+- ./demos/selfsign.c		DEMO
+- ./demos/spkigen.c		DEMO
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/dep/gen.pl ../RELENG_4_6/crypto/openssl/dep/gen.pl
+*** crypto/openssl/dep/gen.pl	Mon Jan 10 01:21:56 2000
+--- ../RELENG_4_6/crypto/openssl/dep/gen.pl	Wed Dec 31 19:00:00 1969
+***************
+*** 1,113 ****
+- #!/usr/local/bin/perl
+- 
+- require 'getopts.pl';
+- 
+- $files="files";
+- %have=();
+- %missing=();
+- %name=();
+- %func=();
+- 
+- &Getopts('Ff:');
+- 
+- &load_file("files");
+- foreach $file (@ARGV)
+- 	{ &do_nm($file); }
+- 
+- if (defined($opt_f))
+- 	{
+- 	%a=();
+- 	$r=&list_files($opt_f,"",*a);
+- 	if ($opt_F)
+- 		{
+- 		foreach (sort split(/\n/,$r))
+- 			{ print "$_\n"; }
+- 		}
+- 	else
+- 		{ print $r; }
+- 	}
+- else
+- 	{
+- 	for (sort keys %have)
+- 		{
+- 		print "$_:$have{$_}\n";
+- 		}
+- 	}
+- 
+- sub list_files
+- 	{
+- 	local($f,$o,*done)=@_;
+- 	local($a,$_,$ff,$ret);
+- 
+- 	return if $f =~ /^\s*$/;
+- 
+- 	$done{$f}=1;
+- 	$ret.=$f."\n" if $opt_F;
+- 	foreach (split(/ /,$have{$f}))
+- 		{
+- 		$ret.="$o$f:$_\n" unless $opt_F;
+- 		}
+- 
+- 	foreach (split(/ /,$missing{$f}))
+- 		{
+- 		$ff=$func{$_};
+- 		next if defined($done{$ff});
+- 		$ret.=&list_files($ff,$o."	");
+- 		}
+- 	$ret;
+- 	}
+- 
+- sub do_nm
+- 	{
+- 	local($file)=@_;
+- 	local($fname)="";
+- 
+- 	open(IN,"nm $file|") || die "unable to run 'nm $file|':$!\n";
+- 	while (<IN>)
+- 		{
+- 		chop;
+- 		next if /^\s*$/;
+- 		if (/^(.*)\.o:\s*$/)
+- 			{
+- 			$fname="$1.c";
+- 			next;
+- 			}
+- 		($type,$name)=/^.{8} (.) (.+)/;
+- #		print "$fname $type $name\n";
+- 
+- 		if ($type eq "T")
+- 			{
+- 			$have{$fname}.="$name ";
+- 			$func{$name}=$fname;
+- 			}
+- 		elsif ($type eq "U")
+- 			{
+- 			$missing{$fname}.="$name ";
+- 			}
+- 		}
+- 	close(IN);
+- 	}
+- 
+- sub load_file
+- 	{
+- 	local($file)=@_;
+- 
+- 	open(IN,"<$files") || die "unable to open $files:$!\n";
+- 
+- 	while (<IN>)
+- 		{
+- 		chop;
+- 		next if /^\s*$/;
+- 		($n)=/\/([^\/\s]+)\s+/;
+- 		($fn)=/^(\S+)\s/;
+- #		print "$n - $fn\n";
+- 		if (defined($name{$n}))
+- 			{ print "$n already exists\n"; }
+- 		else
+- 			{ $name{$n}=$fn; }
+- 		}
+- 	close(IN);
+- 	@name=%name;
+- 	}
+- 
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/dep/ssl.txt ../RELENG_4_6/crypto/openssl/dep/ssl.txt
+*** crypto/openssl/dep/ssl.txt	Mon Jan 10 01:21:56 2000
+--- ../RELENG_4_6/crypto/openssl/dep/ssl.txt	Wed Dec 31 19:00:00 1969
+***************
+*** 1,156 ****
+- BIO_f_ssl
+- BIO_new_buffer_ssl_connect
+- BIO_new_ssl
+- BIO_new_ssl_connect
+- BIO_proxy_ssl_copy_session_id
+- BIO_ssl_copy_session_id
+- BIO_ssl_shutdown
+- ERR_load_SSL_strings
+- SSL_CIPHER_description
+- SSL_CIPHER_get_bits
+- SSL_CIPHER_get_name
+- SSL_CIPHER_get_version
+- SSL_CTX_add_client_CA
+- SSL_CTX_add_session
+- SSL_CTX_check_private_key
+- SSL_CTX_ctrl
+- SSL_CTX_flush_sessions
+- SSL_CTX_free
+- SSL_CTX_get_client_CA_list
+- SSL_CTX_get_ex_data
+- SSL_CTX_get_ex_new_index
+- SSL_CTX_get_quiet_shutdown
+- SSL_CTX_get_verify_callback
+- SSL_CTX_get_verify_mode
+- SSL_CTX_load_verify_locations
+- SSL_CTX_new
+- SSL_CTX_remove_session
+- SSL_CTX_set_cert_verify_cb
+- SSL_CTX_set_cipher_list
+- SSL_CTX_set_client_CA_list
+- SSL_CTX_set_default_passwd_cb
+- SSL_CTX_set_default_verify_paths
+- SSL_CTX_set_ex_data
+- SSL_CTX_set_quiet_shutdown
+- SSL_CTX_set_ssl_version
+- SSL_CTX_set_verify
+- SSL_CTX_use_PrivateKey
+- SSL_CTX_use_PrivateKey_ASN1
+- SSL_CTX_use_PrivateKey_file
+- SSL_CTX_use_RSAPrivateKey
+- SSL_CTX_use_RSAPrivateKey_ASN1
+- SSL_CTX_use_RSAPrivateKey_file
+- SSL_CTX_use_certificate
+- SSL_CTX_use_certificate_ASN1
+- SSL_CTX_use_certificate_file
+- SSL_SESSION_cmp
+- SSL_SESSION_free
+- SSL_SESSION_get_ex_data
+- SSL_SESSION_get_ex_new_index
+- SSL_SESSION_get_time
+- SSL_SESSION_get_timeout
+- SSL_SESSION_hash
+- SSL_SESSION_new
+- SSL_SESSION_print
+- SSL_SESSION_print_fp
+- SSL_SESSION_set_ex_data
+- SSL_SESSION_set_time
+- SSL_SESSION_set_timeout
+- SSL_accept
+- SSL_add_client_CA
+- SSL_alert_desc_string
+- SSL_alert_desc_string_long
+- SSL_alert_type_string
+- SSL_alert_type_string_long
+- SSL_check_private_key
+- SSL_clear
+- SSL_connect
+- SSL_copy_session_id
+- SSL_ctrl
+- SSL_do_handshake
+- SSL_dup
+- SSL_dup_CA_list
+- SSL_free
+- SSL_get_SSL_CTX
+- SSL_get_certificate
+- SSL_get_cipher_list
+- SSL_get_ciphers
+- SSL_get_client_CA_list
+- SSL_get_current_cipher
+- SSL_get_default_timeout
+- SSL_get_error
+- SSL_get_ex_data
+- SSL_get_ex_new_index
+- SSL_get_fd
+- SSL_get_info_callback
+- SSL_get_peer_cert_chain
+- SSL_get_peer_certificate
+- SSL_get_privatekey
+- SSL_get_quiet_shutdown
+- SSL_get_rbio
+- SSL_get_read_ahead
+- SSL_get_session
+- SSL_get_shared_ciphers
+- SSL_get_shutdown
+- SSL_get_ssl_method
+- SSL_get_verify_callback
+- SSL_get_verify_mode
+- SSL_get_verify_result
+- SSL_get_version
+- SSL_get_wbio
+- SSL_load_client_CA_file
+- SSL_load_error_strings
+- SSL_new
+- SSL_peek
+- SSL_pending
+- SSL_read
+- SSL_renegotiate
+- SSL_rstate_string
+- SSL_rstate_string_long
+- SSL_set_accept_state
+- SSL_set_bio
+- SSL_set_cipher_list
+- SSL_set_client_CA_list
+- SSL_set_connect_state
+- SSL_set_ex_data
+- SSL_set_fd
+- SSL_set_info_callback
+- SSL_set_quiet_shutdown
+- SSL_set_read_ahead
+- SSL_set_rfd
+- SSL_set_session
+- SSL_set_shutdown
+- SSL_set_ssl_method
+- SSL_set_verify
+- SSL_set_verify_result
+- SSL_set_wfd
+- SSL_shutdown
+- SSL_state
+- SSL_state_string
+- SSL_state_string_long
+- SSL_use_PrivateKey
+- SSL_use_PrivateKey_ASN1
+- SSL_use_PrivateKey_file
+- SSL_use_RSAPrivateKey
+- SSL_use_RSAPrivateKey_ASN1
+- SSL_use_RSAPrivateKey_file
+- SSL_use_certificate
+- SSL_use_certificate_ASN1
+- SSL_use_certificate_file
+- SSL_version
+- SSL_write
+- SSLeay_add_ssl_algorithms
+- SSLv23_client_method
+- SSLv23_method
+- SSLv23_server_method
+- SSLv2_client_method
+- SSLv2_method
+- SSLv2_server_method
+- SSLv3_client_method
+- SSLv3_method
+- SSLv3_server_method
+- TLSv1_client_method
+- TLSv1_method
+- TLSv1_server_method
+- d2i_SSL_SESSION
+- i2d_SSL_SESSION
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/ca.pod ../RELENG_4_6/crypto/openssl/doc/apps/ca.pod
+*** crypto/openssl/doc/apps/ca.pod	Sun Nov 26 06:34:05 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/ca.pod	Mon Nov 26 07:14:22 2001
+***************
+*** 54,59 ****
+--- 54,64 ----
+  
+  specifies the configuration file to use.
+  
++ =item B<-name section>
++ 
++ specifies the configuration file section to use (overrides
++ B<default_ca> in the B<ca> section).
++ 
+  =item B<-in filename>
+  
+  an input filename containing a single certificate request to be
+***************
+*** 202,209 ****
+  
+  =head1 CONFIGURATION FILE OPTIONS
+  
+! The options for B<ca> are contained in the B<ca> section of the
+! configuration file. Many of these are identical to command line
+  options. Where the option is present in the configuration file
+  and the command line the command line value is used. Where an
+  option is described as mandatory then it must be present in
+--- 207,226 ----
+  
+  =head1 CONFIGURATION FILE OPTIONS
+  
+! The section of the configuration file containing options for B<ca>
+! is found as follows: If the B<-name> command line option is used,
+! then it names the section to be used. Otherwise the section to
+! be used must be named in the B<default_ca> option of the B<ca> section
+! of the configuration file (or in the default section of the
+! configuration file). Besides B<default_ca>, the following options are
+! read directly from the B<ca> section:
+!  RANDFILE
+!  preserve
+!  msie_hack
+! With the exception of B<RANDFILE>, this is probably a bug and may
+! change in future releases.
+! 
+! Many of the configuration file options are identical to command line
+  options. Where the option is present in the configuration file
+  and the command line the command line value is used. Where an
+  option is described as mandatory then it must be present in
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/crl2pkcs7.pod ../RELENG_4_6/crypto/openssl/doc/apps/crl2pkcs7.pod
+*** crypto/openssl/doc/apps/crl2pkcs7.pod	Sun Aug 20 04:46:54 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/crl2pkcs7.pod	Tue Jul  9 06:51:57 2002
+***************
+*** 6,17 ****
+  
+  =head1 SYNOPSIS
+  
+! B<openssl> B<pkcs7>
+  [B<-inform PEM|DER>]
+  [B<-outform PEM|DER>]
+  [B<-in filename>]
+  [B<-out filename>]
+! [B<-print_certs>]
+  
+  =head1 DESCRIPTION
+  
+--- 6,18 ----
+  
+  =head1 SYNOPSIS
+  
+! B<openssl> B<crl2pkcs7>
+  [B<-inform PEM|DER>]
+  [B<-outform PEM|DER>]
+  [B<-in filename>]
+  [B<-out filename>]
+! [B<-certfile filename>]
+! [B<-nocrl>]
+  
+  =head1 DESCRIPTION
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/enc.pod ../RELENG_4_6/crypto/openssl/doc/apps/enc.pod
+*** crypto/openssl/doc/apps/enc.pod	Sun Aug 20 04:46:54 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/enc.pod	Tue Jul  3 06:32:30 2001
+***************
+*** 96,107 ****
+  =item B<-K key>
+  
+  the actual key to use: this must be represented as a string comprised only
+! of hex digits.
+  
+  =item B<-iv IV>
+  
+  the actual IV to use: this must be represented as a string comprised only
+! of hex digits.
+  
+  =item B<-p>
+  
+--- 96,113 ----
+  =item B<-K key>
+  
+  the actual key to use: this must be represented as a string comprised only
+! of hex digits. If only the key is specified, the IV must additionally specified
+! using the B<-iv> option. When both a key and a password are specified, the
+! key given with the B<-K> option will be used and the IV generated from the
+! password will be taken. It probably does not make much sense to specify
+! both key and password.
+  
+  =item B<-iv IV>
+  
+  the actual IV to use: this must be represented as a string comprised only
+! of hex digits. When only the key is specified using the B<-K> option, the
+! IV must explicitly be defined. When a password is being specified using
+! one of the other options, the IV is generated from this password.
+  
+  =item B<-p>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/openssl.pod ../RELENG_4_6/crypto/openssl/doc/apps/openssl.pod
+*** crypto/openssl/doc/apps/openssl.pod	Sun Nov 26 06:34:05 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/openssl.pod	Wed Aug  8 11:08:54 2001
+***************
+*** 125,130 ****
+--- 125,134 ----
+  
+  Generation of hashed passwords.
+  
++ =item L<B<pkcs12>|pkcs12(1)>
++ 
++ PKCS#12 Data Management.
++ 
+  =item L<B<pkcs7>|pkcs7(1)>
+  
+  PKCS#7 Data Management.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/passwd.pod ../RELENG_4_6/crypto/openssl/doc/apps/passwd.pod
+*** crypto/openssl/doc/apps/passwd.pod	Sun Nov 26 06:34:06 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/passwd.pod	Thu Oct  3 20:03:29 2002
+***************
+*** 69,75 ****
+  
+  B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+  
+! B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
+  
+  B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+  
+--- 69,75 ----
+  
+  B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+  
+! B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
+  
+  B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/req.pod ../RELENG_4_6/crypto/openssl/doc/apps/req.pod
+*** crypto/openssl/doc/apps/req.pod	Sun Nov 26 06:34:06 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/req.pod	Sat Nov  9 13:09:38 2002
+***************
+*** 457,469 ****
+  
+  The header and footer lines in the B<PEM> format are normally:
+  
+!  -----BEGIN CERTIFICATE REQUEST----
+!  -----END CERTIFICATE REQUEST----
+  
+  some software (some versions of Netscape certificate server) instead needs:
+  
+!  -----BEGIN NEW CERTIFICATE REQUEST----
+!  -----END NEW CERTIFICATE REQUEST----
+  
+  which is produced with the B<-newhdr> option but is otherwise compatible.
+  Either form is accepted transparently on input.
+--- 457,469 ----
+  
+  The header and footer lines in the B<PEM> format are normally:
+  
+!  -----BEGIN CERTIFICATE REQUEST-----
+!  -----END CERTIFICATE REQUEST-----
+  
+  some software (some versions of Netscape certificate server) instead needs:
+  
+!  -----BEGIN NEW CERTIFICATE REQUEST-----
+!  -----END NEW CERTIFICATE REQUEST-----
+  
+  which is produced with the B<-newhdr> option but is otherwise compatible.
+  Either form is accepted transparently on input.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/rsautl.pod ../RELENG_4_6/crypto/openssl/doc/apps/rsautl.pod
+*** crypto/openssl/doc/apps/rsautl.pod	Sun Nov 26 06:38:49 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/rsautl.pod	Wed Apr 25 11:25:39 2001
+***************
+*** 101,111 ****
+  
+  Recover the signed data
+  
+!  openssl rsautl -sign -in sig -inkey key.pem
+  
+  Examine the raw signed data:
+  
+!  openssl rsautl -sign -in file -inkey key.pem -raw -hexdump
+  
+   0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+   0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+--- 101,111 ----
+  
+  Recover the signed data
+  
+!  openssl rsautl -verify -in sig -inkey key.pem
+  
+  Examine the raw signed data:
+  
+!  openssl rsautl -verify -in file -inkey key.pem -raw -hexdump
+  
+   0000 - 00 01 ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+   0010 - ff ff ff ff ff ff ff ff-ff ff ff ff ff ff ff ff   ................
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/s_server.pod ../RELENG_4_6/crypto/openssl/doc/apps/s_server.pod
+*** crypto/openssl/doc/apps/s_server.pod	Wed Jul  4 19:19:41 2001
+--- ../RELENG_4_6/crypto/openssl/doc/apps/s_server.pod	Mon Apr  9 11:00:31 2001
+***************
+*** 7,13 ****
+  
+  =head1 SYNOPSIS
+  
+! B<openssl> B<s_client>
+  [B<-accept port>]
+  [B<-context id>]
+  [B<-verify depth>]
+--- 7,13 ----
+  
+  =head1 SYNOPSIS
+  
+! B<openssl> B<s_server>
+  [B<-accept port>]
+  [B<-context id>]
+  [B<-verify depth>]
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/smime.pod ../RELENG_4_6/crypto/openssl/doc/apps/smime.pod
+*** crypto/openssl/doc/apps/smime.pod	Sun Nov 26 06:34:06 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/smime.pod	Sat Nov  9 13:09:38 2002
+***************
+*** 21,27 ****
+  [B<-certfile file>]
+  [B<-signer file>]
+  [B<-recip  file>]
+- [B<-in file>]
+  [B<-inform SMIME|PEM|DER>]
+  [B<-passin arg>]
+  [B<-inkey file>]
+--- 21,26 ----
+***************
+*** 341,348 ****
+  signature by line wrapping the base64 encoded structure and surrounding
+  it with:
+  
+!  -----BEGIN PKCS7----
+!  -----END PKCS7----
+  
+  and using the command, 
+  
+--- 340,347 ----
+  signature by line wrapping the base64 encoded structure and surrounding
+  it with:
+  
+!  -----BEGIN PKCS7-----
+!  -----END PKCS7-----
+  
+  and using the command, 
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/verify.pod ../RELENG_4_6/crypto/openssl/doc/apps/verify.pod
+*** crypto/openssl/doc/apps/verify.pod	Sun Nov 26 06:34:06 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/verify.pod	Mon Oct  8 04:38:07 2001
+***************
+*** 200,212 ****
+  
+  the certificate is not yet valid: the notBefore date is after the current time.
+  
+! =item B<10 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+  
+! the CRL is not yet valid. Unused.
+  
+! =item B<11 X509_V_ERR_CERT_HAS_EXPIRED: Certificate has expired>
+  
+! the certificate has expired: that is the notAfter date is before the current time.
+  
+  =item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+  
+--- 200,212 ----
+  
+  the certificate is not yet valid: the notBefore date is after the current time.
+  
+! =item B<10 X509_V_ERR_CERT_HAS_EXPIRED: certificate has expired>
+  
+! the certificate has expired: that is the notAfter date is before the current time.
+  
+! =item B<11 X509_V_ERR_CRL_NOT_YET_VALID: CRL is not yet valid>
+  
+! the CRL is not yet valid. Unused.
+  
+  =item B<12 X509_V_ERR_CRL_HAS_EXPIRED: CRL has expired>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/x509.pod ../RELENG_4_6/crypto/openssl/doc/apps/x509.pod
+*** crypto/openssl/doc/apps/x509.pod	Sun Nov 26 06:34:06 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/x509.pod	Tue Jan 14 08:56:44 2003
+***************
+*** 321,327 ****
+  ".srl" appended. For example if the CA certificate file is called 
+  "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+  
+! =item B<-CAcreateserial filename>
+  
+  with this option the CA serial number file is created if it does not exist:
+  it will contain the serial number "02" and the certificate being signed will
+--- 321,327 ----
+  ".srl" appended. For example if the CA certificate file is called 
+  "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+  
+! =item B<-CAcreateserial>
+  
+  with this option the CA serial number file is created if it does not exist:
+  it will contain the serial number "02" and the certificate being signed will
+***************
+*** 532,556 ****
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust sslclient \
+! 	-alias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+  The PEM format uses the header and footer lines:
+  
+!  -----BEGIN CERTIFICATE----
+!  -----END CERTIFICATE----
+  
+  it will also handle files containing:
+  
+!  -----BEGIN X509 CERTIFICATE----
+!  -----END X509 CERTIFICATE----
+  
+  Trusted certificates have the lines
+  
+!  -----BEGIN TRUSTED CERTIFICATE----
+!  -----END TRUSTED CERTIFICATE----
+  
+  The conversion to UTF8 format used with the name options assumes that
+  T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+--- 532,556 ----
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust clientAuth \
+! 	-setalias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+  The PEM format uses the header and footer lines:
+  
+!  -----BEGIN CERTIFICATE-----
+!  -----END CERTIFICATE-----
+  
+  it will also handle files containing:
+  
+!  -----BEGIN X509 CERTIFICATE-----
+!  -----END X509 CERTIFICATE-----
+  
+  Trusted certificates have the lines
+  
+!  -----BEGIN TRUSTED CERTIFICATE-----
+!  -----END TRUSTED CERTIFICATE-----
+  
+  The conversion to UTF8 format used with the name options assumes that
+  T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/c-indentation.el ../RELENG_4_6/crypto/openssl/doc/c-indentation.el
+*** crypto/openssl/doc/c-indentation.el	Sun Nov 26 06:34:04 2000
+--- ../RELENG_4_6/crypto/openssl/doc/c-indentation.el	Wed Oct 23 09:09:50 2002
+***************
+*** 13,24 ****
+  ;
+  ; Apparently statement blocks that are not introduced by a statement
+  ; such as "if" and that are not the body of a function cannot
+! ; be handled too well by CC mode with this indentation style.
+! ; The style defined below does not indent them at all.
+! ; To insert tabs manually, prefix them with ^Q (the "quoted-insert"
+! ; command of Emacs).  If you know a solution to this problem
+! ; or find other problems with this indentation style definition,
+! ; please send e-mail to bodo@openssl.org.
+  
+  (c-add-style "eay"
+  	     '((c-basic-offset . 8)
+--- 13,22 ----
+  ;
+  ; Apparently statement blocks that are not introduced by a statement
+  ; such as "if" and that are not the body of a function cannot
+! ; be handled too well by CC mode with this indentation style,
+! ; so you have to indent them manually (you can use C-q tab).
+! ; 
+! ; For suggesting improvements, please send e-mail to bodo@openssl.org.
+  
+  (c-add-style "eay"
+  	     '((c-basic-offset . 8)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_CTX_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_CTX_new.pod
+*** crypto/openssl/doc/crypto/BN_CTX_new.pod	Sun Aug 20 04:46:55 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_CTX_new.pod	Wed Sep 25 09:33:55 2002
+***************
+*** 42,48 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_start(3)|BN_CTX_start(3)>
+  
+  =head1 HISTORY
+--- 42,48 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_start(3)|BN_CTX_start(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add.pod
+*** crypto/openssl/doc/crypto/BN_add.pod	Sun Aug 20 04:46:55 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add.pod	Wed Sep 25 09:10:08 2002
+***************
+*** 86,92 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+  L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+  
+  =head1 HISTORY
+--- 86,92 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+  L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add_word.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add_word.pod
+*** crypto/openssl/doc/crypto/BN_add_word.pod	Sun Aug 20 04:46:55 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add_word.pod	Wed Sep 25 09:11:20 2002
+***************
+*** 46,52 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+--- 46,52 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_bn2bin.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_bn2bin.pod
+*** crypto/openssl/doc/crypto/BN_bn2bin.pod	Sun Nov 26 06:34:07 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_bn2bin.pod	Wed Sep 25 09:33:55 2002
+***************
+*** 49,55 ****
+  B<fp>.
+  
+  BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format
+! that consists of the number's length in bytes represented as a 3-byte
+  big-endian number, and the number itself in big-endian format, where
+  the most significant bit signals a negative number (the representation
+  of numbers with the MSB set is prefixed with null byte).
+--- 49,55 ----
+  B<fp>.
+  
+  BN_bn2mpi() and BN_mpi2bn() convert B<BIGNUM>s from and to a format
+! that consists of the number's length in bytes represented as a 4-byte
+  big-endian number, and the number itself in big-endian format, where
+  the most significant bit signals a negative number (the representation
+  of numbers with the MSB set is prefixed with null byte).
+***************
+*** 80,86 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>,
+  L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
+  L<BN_num_bytes(3)|BN_num_bytes(3)>
+  
+--- 80,86 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
+  L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
+  L<BN_num_bytes(3)|BN_num_bytes(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_copy.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_copy.pod
+*** crypto/openssl/doc/crypto/BN_copy.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_copy.pod	Wed Sep 25 09:33:55 2002
+***************
+*** 25,31 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 25,31 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_generate_prime.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_generate_prime.pod
+*** crypto/openssl/doc/crypto/BN_generate_prime.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_generate_prime.pod	Mon Jan 13 08:16:49 2003
+***************
+*** 70,76 ****
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_check>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+--- 70,76 ----
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_checks>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+***************
+*** 90,96 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>
+  
+  =head1 HISTORY
+  
+--- 90,96 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_inverse.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_inverse.pod
+*** crypto/openssl/doc/crypto/BN_mod_inverse.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_inverse.pod	Wed Sep 25 09:33:55 2002
+***************
+*** 27,33 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+--- 27,33 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
+*** crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod	Sun Nov 26 06:34:07 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod	Wed Sep 25 09:33:55 2002
+***************
+*** 81,87 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+--- 81,87 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
+*** crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod	Sun Nov 26 06:34:07 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod	Wed Sep 25 09:33:55 2002
+***************
+*** 69,75 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+--- 69,75 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_new.pod
+*** crypto/openssl/doc/crypto/BN_new.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_new.pod	Wed Sep 25 09:33:56 2002
+***************
+*** 42,48 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 42,48 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_rand.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_rand.pod
+*** crypto/openssl/doc/crypto/BN_rand.pod	Wed Jul  4 19:19:41 2001
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_rand.pod	Wed Sep 25 09:33:56 2002
+***************
+*** 14,19 ****
+--- 14,21 ----
+  
+   int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
+  
++  int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
++ 
+  =head1 DESCRIPTION
+  
+  BN_rand() generates a cryptographically strong pseudo-random number of
+***************
+*** 31,36 ****
+--- 33,40 ----
+  
+  BN_rand_range() generates a cryptographically strong pseudo-random
+  number B<rnd> in the range 0 <lt>= B<rnd> E<lt> B<range>.
++ BN_pseudo_rand_range() does the same, but is based on BN_pseudo_rand(),
++ and hence numbers generated by it are not necessarily unpredictable.
+  
+  The PRNG must be seeded prior to calling BN_rand() or BN_rand_range().
+  
+***************
+*** 41,47 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+  
+  =head1 HISTORY
+--- 45,51 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+  
+  =head1 HISTORY
+***************
+*** 49,53 ****
+--- 53,58 ----
+  BN_rand() is available in all versions of SSLeay and OpenSSL.
+  BN_pseudo_rand() was added in OpenSSL 0.9.5. The B<top> == -1 case
+  and the function BN_rand_range() were added in OpenSSL 0.9.6a.
++ BN_pseudo_rand_range() was added in OpenSSL 0.9.6c.
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_key.pod
+*** crypto/openssl/doc/crypto/DH_generate_key.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_key.pod	Wed Sep 25 09:33:56 2002
+***************
+*** 40,46 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+  
+  =head1 HISTORY
+  
+--- 40,46 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_parameters.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_parameters.pod
+*** crypto/openssl/doc/crypto/DH_generate_parameters.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_parameters.pod	Wed Sep 25 09:33:56 2002
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+! L<DH_free(3)|DH_free(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod
+*** crypto/openssl/doc/crypto/DH_get_ex_new_index.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod	Wed Jul 10 15:36:57 2002
+***************
+*** 26,32 ****
+  
+  =head1 SEE ALSO
+  
+! L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)>
+  
+  =head1 HISTORY
+  
+--- 26,32 ----
+  
+  =head1 SEE ALSO
+  
+! L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>, L<dh(3)|dh(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_new.pod
+*** crypto/openssl/doc/crypto/DH_new.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_new.pod	Wed Sep 25 09:33:56 2002
+***************
+*** 29,35 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>,
+  L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+  L<DH_generate_key(3)|DH_generate_key(3)>
+  
+--- 29,35 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+  L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+  L<DH_generate_key(3)|DH_generate_key(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_SIG_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_SIG_new.pod
+*** crypto/openssl/doc/crypto/DSA_SIG_new.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_SIG_new.pod	Wed Sep 25 09:33:56 2002
+***************
+*** 30,36 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+  
+--- 30,37 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+! L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_do_sign.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_do_sign.pod
+*** crypto/openssl/doc/crypto/DSA_do_sign.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_do_sign.pod	Wed Sep 25 09:33:57 2002
+***************
+*** 36,42 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+  L<DSA_sign(3)|DSA_sign(3)>
+  
+--- 36,42 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+  L<DSA_sign(3)|DSA_sign(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_dup_DH.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_dup_DH.pod
+*** crypto/openssl/doc/crypto/DSA_dup_DH.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_dup_DH.pod	Wed Sep 25 09:33:57 2002
+***************
+*** 27,33 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 27,33 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_key.pod
+*** crypto/openssl/doc/crypto/DSA_generate_key.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_key.pod	Wed Sep 25 09:33:57 2002
+***************
+*** 24,30 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+  
+  =head1 HISTORY
+  
+--- 24,31 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+! L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_parameters.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
+*** crypto/openssl/doc/crypto/DSA_generate_parameters.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_parameters.pod	Wed Sep 25 09:33:57 2002
+***************
+*** 90,96 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_free(3)|DSA_free(3)>
+  
+  =head1 HISTORY
+--- 90,96 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_free(3)|DSA_free(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_new.pod
+*** crypto/openssl/doc/crypto/DSA_new.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_new.pod	Wed Sep 25 09:33:57 2002
+***************
+*** 30,36 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+  L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+  L<DSA_generate_key(3)|DSA_generate_key(3)>
+  
+--- 30,36 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+  L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+  L<DSA_generate_key(3)|DSA_generate_key(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_sign.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_sign.pod
+*** crypto/openssl/doc/crypto/DSA_sign.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_sign.pod	Wed Sep 25 09:33:57 2002
+***************
+*** 55,61 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+--- 55,61 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_DigestInit.pod ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_DigestInit.pod
+*** crypto/openssl/doc/crypto/EVP_DigestInit.pod	Sun Nov 26 06:34:07 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_DigestInit.pod	Wed Jul 10 15:36:57 2002
+***************
+*** 192,198 ****
+  
+  L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+  L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+! L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+  
+  =head1 HISTORY
+  
+--- 192,198 ----
+  
+  L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+  L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+! L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_EncryptInit.pod ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_EncryptInit.pod
+*** crypto/openssl/doc/crypto/EVP_EncryptInit.pod	Sun Nov 26 06:34:08 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_EncryptInit.pod	Wed May  8 11:20:12 2002
+***************
+*** 192,198 ****
+  EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
+  
+  EVP_CipherInit() and EVP_CipherUpdate() return 1 for success and 0 for failure.
+! EVP_CipherFinal() returns 1 for a decryption failure or 1 for success.
+  
+  EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
+  
+--- 192,198 ----
+  EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success.
+  
+  EVP_CipherInit() and EVP_CipherUpdate() return 1 for success and 0 for failure.
+! EVP_CipherFinal() returns 0 for a decryption failure or 1 for success.
+  
+  EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_SealInit.pod ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_SealInit.pod
+*** crypto/openssl/doc/crypto/EVP_SealInit.pod	Sun Nov 26 06:34:08 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_SealInit.pod	Thu Aug 15 10:22:27 2002
+***************
+*** 12,18 ****
+  		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+   int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl, unsigned char *in, int inl);
+!  int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl);
+  
+  =head1 DESCRIPTION
+--- 12,18 ----
+  		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+   int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl, unsigned char *in, int inl);
+!  void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl);
+  
+  =head1 DESCRIPTION
+***************
+*** 43,50 ****
+  
+  EVP_SealInit() returns 0 on error or B<npubk> if successful.
+  
+! EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
+! failure.
+  
+  =head1 NOTES
+  
+--- 43,49 ----
+  
+  EVP_SealInit() returns 0 on error or B<npubk> if successful.
+  
+! EVP_SealUpdate() returns 1 for success and 0 for failure.
+  
+  =head1 NOTES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_SignInit.pod ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_SignInit.pod
+*** crypto/openssl/doc/crypto/EVP_SignInit.pod	Sun Nov 26 06:34:08 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_SignInit.pod	Wed Jul 10 15:36:57 2002
+***************
+*** 75,81 ****
+  L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+  L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+  L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+! L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+  
+  =head1 HISTORY
+  
+--- 75,81 ----
+  L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+  L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+  L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+! L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_VerifyInit.pod ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_VerifyInit.pod
+*** crypto/openssl/doc/crypto/EVP_VerifyInit.pod	Sun Nov 26 06:34:08 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_VerifyInit.pod	Wed Jul 10 15:36:57 2002
+***************
+*** 62,68 ****
+  L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+  L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+  L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+! L<sha(3)|sha(3)>, L<digest(1)|digest(1)>
+  
+  =head1 HISTORY
+  
+--- 62,68 ----
+  L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>,
+  L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>,
+  L<md5(3)|md5(3)>, L<mdc2(3)|mdc2(3)>, L<ripemd(3)|ripemd(3)>,
+! L<sha(3)|sha(3)>, L<dgst(1)|dgst(1)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod ../RELENG_4_6/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod
+*** crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod	Sun Nov 26 06:34:08 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/OPENSSL_VERSION_NUMBER.pod	Fri Jan  4 10:21:26 2002
+***************
+*** 2,8 ****
+  
+  =head1 NAME
+  
+! OPENSSL_VERSION_NUMBER, SSLeay SSLeay_version - get OpenSSL version number
+  
+  =head1 SYNOPSIS
+  
+--- 2,8 ----
+  
+  =head1 NAME
+  
+! OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number
+  
+  =head1 SYNOPSIS
+  
+***************
+*** 11,17 ****
+  
+   #include <openssl/crypto.h>
+   long SSLeay(void);
+!  char *SSLeay_version(int t);
+  
+  =head1 DESCRIPTION
+  
+--- 11,17 ----
+  
+   #include <openssl/crypto.h>
+   long SSLeay(void);
+!  const char *SSLeay_version(int t);
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 55,74 ****
+  =over 4
+  
+  =item SSLEAY_VERSION
+  The text variant of the version number and the release date.  For example,
+  "OpenSSL 0.9.5a 1 Apr 2000".
+  
+  =item SSLEAY_CFLAGS
+! The flags given to the C compiler when compiling OpenSSL are returned in a
+! string.
+  
+  =item SSLEAY_PLATFORM
+- The platform name used when OpenSSL was configured is returned.
+  
+! =back
+  
+! If the data request isn't available, a text saying that the information is
+! not available is returned.
+  
+  For an unknown B<t>, the text "not available" is returned.
+  
+--- 55,81 ----
+  =over 4
+  
+  =item SSLEAY_VERSION
++ 
+  The text variant of the version number and the release date.  For example,
+  "OpenSSL 0.9.5a 1 Apr 2000".
+  
+  =item SSLEAY_CFLAGS
+! 
+! The compiler flags set for the compilation process in the form
+! "compiler: ..."  if available or "compiler: information not available"
+! otherwise.
+! 
+! =item SSLEAY_BUILT_ON
+! 
+! The date of the build process in the form "built on: ..." if available
+! or "built on: date not available" otherwise.
+  
+  =item SSLEAY_PLATFORM
+  
+! The "Configure" target of the library build in the form "platform: ..."
+! if available or "platform: information not available" otherwise.
+  
+! =back
+  
+  For an unknown B<t>, the text "not available" is returned.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RAND_bytes.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RAND_bytes.pod
+*** crypto/openssl/doc/crypto/RAND_bytes.pod	Sun Aug 20 04:46:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RAND_bytes.pod	Wed Sep 25 09:33:57 2002
+***************
+*** 35,41 ****
+  
+  =head1 SEE ALSO
+  
+! L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)>
+  
+  =head1 HISTORY
+  
+--- 35,42 ----
+  
+  =head1 SEE ALSO
+  
+! L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+! L<RAND_add(3)|RAND_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_check_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_check_key.pod
+*** crypto/openssl/doc/crypto/RSA_check_key.pod	Sun Aug 20 04:46:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_check_key.pod	Wed Sep 25 09:33:57 2002
+***************
+*** 18,24 ****
+  It also checks that B<d*e = 1 mod (p-1*q-1)>,
+  and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
+  
+! The key's public components may not be B<NULL>.
+  
+  =head1 RETURN VALUE
+  
+--- 18,26 ----
+  It also checks that B<d*e = 1 mod (p-1*q-1)>,
+  and that B<dmp1>, B<dmq1> and B<iqmp> are set correctly or are B<NULL>.
+  
+! As such, this function can not be used with any arbitrary RSA key object,
+! even if it is otherwise fit for regular RSA operation. See B<NOTES> for more
+! information.
+  
+  =head1 RETURN VALUE
+  
+***************
+*** 28,36 ****
+  If the key is invalid or an error occurred, the reason code can be
+  obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
+  
+  =head1 SEE ALSO
+  
+! L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 30,45 ----
+  If the key is invalid or an error occurred, the reason code can be
+  obtained using L<ERR_get_error(3)|ERR_get_error(3)>.
+  
++ =head1 NOTES
++ 
++ This function does not work on RSA public keys that have only the modulus
++ and public exponent elements populated. It performs integrity checks on all
++ the RSA key material, so the RSA key structure must contain all the private
++ key data too.
++ 
+  =head1 SEE ALSO
+  
+! L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_generate_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_generate_key.pod
+*** crypto/openssl/doc/crypto/RSA_generate_key.pod	Sun Aug 20 04:46:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_generate_key.pod	Wed Sep 25 09:33:58 2002
+***************
+*** 19,25 ****
+  
+  The modulus size will be B<num> bits, and the public exponent will be
+  B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
+! The exponent is an odd number, typically 3 or 65535.
+  
+  A callback function may be used to provide feedback about the
+  progress of the key generation. If B<callback> is not B<NULL>, it
+--- 19,25 ----
+  
+  The modulus size will be B<num> bits, and the public exponent will be
+  B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure.
+! The exponent is an odd number, typically 3, 17 or 65537.
+  
+  A callback function may be used to provide feedback about the
+  progress of the key generation. If B<callback> is not B<NULL>, it
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_free(3)|RSA_free(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_print.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_print.pod
+*** crypto/openssl/doc/crypto/RSA_print.pod	Sun Nov 26 06:34:08 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_print.pod	Fri Nov 29 09:21:58 2002
+***************
+*** 2,10 ****
+  
+  =head1 NAME
+  
+! RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
+! DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic
+! parameters
+  
+  =head1 SYNOPSIS
+  
+--- 2,10 ----
+  
+  =head1 NAME
+  
+! RSA_print, RSA_print_fp,
+! DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+! DHparams_print, DHparams_print_fp - print cryptographic parameters
+  
+  =head1 SYNOPSIS
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_private_encrypt.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
+*** crypto/openssl/doc/crypto/RSA_private_encrypt.pod	Sun Aug 20 04:46:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_private_encrypt.pod	Wed Sep 25 09:33:58 2002
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_public_encrypt.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
+*** crypto/openssl/doc/crypto/RSA_public_encrypt.pod	Sun Nov 26 06:34:09 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_public_encrypt.pod	Wed Sep 25 09:33:58 2002
+***************
+*** 72,78 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
+  
+  =head1 NOTES
+  
+--- 72,79 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_size(3)|RSA_size(3)>
+  
+  =head1 NOTES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign.pod
+*** crypto/openssl/doc/crypto/RSA_sign.pod	Sun Aug 20 04:46:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign.pod	Wed Sep 25 09:33:58 2002
+***************
+*** 50,57 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+  L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+  
+  =head1 HISTORY
+--- 50,57 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+! L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+  L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+*** crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod	Sun Aug 20 04:46:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod	Wed Sep 25 09:33:58 2002
+***************
+*** 47,54 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
+! L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+  L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+--- 47,54 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+! L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+  L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/bio.pod ../RELENG_4_6/crypto/openssl/doc/crypto/bio.pod
+*** crypto/openssl/doc/crypto/bio.pod	Sun Nov 26 06:38:50 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/bio.pod	Thu Apr 12 17:12:30 2001
+***************
+*** 40,46 ****
+  =head1 SEE ALSO
+  
+  L<BIO_ctrl(3)|BIO_ctrl(3)>,
+! L<BIO_f_base64(3)|BIO_f_base64(3)>,
+  L<BIO_f_cipher(3)|BIO_f_cipher(3)>, L<BIO_f_md(3)|BIO_f_md(3)>,
+  L<BIO_f_null(3)|BIO_f_null(3)>, L<BIO_f_ssl(3)|BIO_f_ssl(3)>,
+  L<BIO_find_type(3)|BIO_find_type(3)>, L<BIO_new(3)|BIO_new(3)>,
+--- 40,46 ----
+  =head1 SEE ALSO
+  
+  L<BIO_ctrl(3)|BIO_ctrl(3)>,
+! L<BIO_f_base64(3)|BIO_f_base64(3)>, L<BIO_f_buffer(3)|BIO_f_buffer(3)>,
+  L<BIO_f_cipher(3)|BIO_f_cipher(3)>, L<BIO_f_md(3)|BIO_f_md(3)>,
+  L<BIO_f_null(3)|BIO_f_null(3)>, L<BIO_f_ssl(3)|BIO_f_ssl(3)>,
+  L<BIO_find_type(3)|BIO_find_type(3)>, L<BIO_new(3)|BIO_new(3)>,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/blowfish.pod ../RELENG_4_6/crypto/openssl/doc/crypto/blowfish.pod
+*** crypto/openssl/doc/crypto/blowfish.pod	Sun Nov 26 06:34:09 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/blowfish.pod	Mon Jan 21 13:02:27 2002
+***************
+*** 27,33 ****
+  
+  =head1 DESCRIPTION
+  
+! This library implements the Blowfish cipher, which is invented and described
+  by Counterpane (see http://www.counterpane.com/blowfish.html ).
+  
+  Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
+--- 27,33 ----
+  
+  =head1 DESCRIPTION
+  
+! This library implements the Blowfish cipher, which was invented and described
+  by Counterpane (see http://www.counterpane.com/blowfish.html ).
+  
+  Blowfish is a block cipher that operates on 64 bit (8 byte) blocks of data.
+***************
+*** 57,63 ****
+  recipient needs to know what it was initialized with, or it won't be able
+  to decrypt.  Some programs and protocols simplify this, like SSH, where
+  B<ivec> is simply initialized to zero.
+! BF_cbc_encrypt() operates of data that is a multiple of 8 bytes long, while
+  BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
+  number of bytes (the amount does not have to be an exact multiple of 8).  The
+  purpose of the latter two is to simulate stream ciphers, and therefore, they
+--- 57,63 ----
+  recipient needs to know what it was initialized with, or it won't be able
+  to decrypt.  Some programs and protocols simplify this, like SSH, where
+  B<ivec> is simply initialized to zero.
+! BF_cbc_encrypt() operates on data that is a multiple of 8 bytes long, while
+  BF_cfb64_encrypt() and BF_ofb64_encrypt() are used to encrypt an variable
+  number of bytes (the amount does not have to be an exact multiple of 8).  The
+  purpose of the latter two is to simulate stream ciphers, and therefore, they
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/bn.pod ../RELENG_4_6/crypto/openssl/doc/crypto/bn.pod
+*** crypto/openssl/doc/crypto/bn.pod	Wed Jul  4 19:19:42 2001
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/bn.pod	Mon Sep  3 09:01:28 2001
+***************
+*** 61,66 ****
+--- 61,67 ----
+   int BN_rand(BIGNUM *rnd, int bits, int top, int bottom);
+   int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom);
+   int BN_rand_range(BIGNUM *rnd, BIGNUM *range);
++  int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range);
+  
+   BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add,
+           BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/crypto.pod ../RELENG_4_6/crypto/openssl/doc/crypto/crypto.pod
+*** crypto/openssl/doc/crypto/crypto.pod	Sun Nov 26 06:34:09 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/crypto.pod	Fri Jan  4 10:07:29 2002
+***************
+*** 46,52 ****
+  
+  =item AUXILIARY FUNCTIONS
+  
+! L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>
+  
+  =item INPUT/OUTPUT, DATA ENCODING
+  
+--- 46,53 ----
+  
+  =item AUXILIARY FUNCTIONS
+  
+! L<err(3)|err(3)>, L<threads(3)|threads(3)>, L<rand(3)|rand(3)>,
+! L<OPENSSL_VERSION_NUMBER(3)|OPENSSL_VERSION_NUMBER(3)>
+  
+  =item INPUT/OUTPUT, DATA ENCODING
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/des_modes.pod ../RELENG_4_6/crypto/openssl/doc/crypto/des_modes.pod
+*** crypto/openssl/doc/crypto/des_modes.pod	Sun Nov 26 06:34:09 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/des_modes.pod	Tue Mar  5 10:30:41 2002
+***************
+*** 204,211 ****
+  =item *
+  
+  If the first and last key are the same, the key length is 112 bits.
+! There are attacks that could reduce the key space to 55 bit's but it
+! requires 2^56 blocks of memory.
+  
+  =item *
+  
+--- 204,211 ----
+  =item *
+  
+  If the first and last key are the same, the key length is 112 bits.
+! There are attacks that could reduce the effective key strength
+! to only slightly more than 56 bits, but these require a lot of memory.
+  
+  =item *
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/err.pod ../RELENG_4_6/crypto/openssl/doc/crypto/err.pod
+*** crypto/openssl/doc/crypto/err.pod	Sun Nov 26 06:34:09 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/err.pod	Wed Jul 10 15:36:58 2002
+***************
+*** 172,178 ****
+  =head1 SEE ALSO
+  
+  L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
+! L<CRYPTO_set_locking_callback(3)|<CRYPTO_set_locking_callback(3)>,
+  L<ERR_get_error(3)|ERR_get_error(3)>,
+  L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
+  L<ERR_clear_error(3)|ERR_clear_error(3)>,
+--- 172,178 ----
+  =head1 SEE ALSO
+  
+  L<CRYPTO_set_id_callback(3)|CRYPTO_set_id_callback(3)>,
+! L<CRYPTO_set_locking_callback(3)|CRYPTO_set_locking_callback(3)>,
+  L<ERR_get_error(3)|ERR_get_error(3)>,
+  L<ERR_GET_LIB(3)|ERR_GET_LIB(3)>,
+  L<ERR_clear_error(3)|ERR_clear_error(3)>,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/rand.pod ../RELENG_4_6/crypto/openssl/doc/crypto/rand.pod
+*** crypto/openssl/doc/crypto/rand.pod	Wed Jul  4 19:19:42 2001
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/rand.pod	Mon Jul  9 10:36:30 2001
+***************
+*** 127,139 ****
+  When bytes are extracted from the RNG, the following process is used.
+  For each group of 10 bytes (or less), we do the following:
+  
+! Input into the hash function the top 10 bytes from the local 'md'
+! (which is initialized from the global 'md' before any bytes are
+! generated), the bytes that are to be overwritten by the random bytes,
+! and bytes from the 'state' (incrementing looping index). From this
+! digest output (which is kept in 'md'), the top (up to) 10 bytes are
+! returned to the caller and the bottom (up to) 10 bytes are xored into
+! the 'state'.
+  
+  Finally, after we have finished 'num' random bytes for the caller,
+  'count' (which is incremented) and the local and global 'md' are fed
+--- 127,138 ----
+  When bytes are extracted from the RNG, the following process is used.
+  For each group of 10 bytes (or less), we do the following:
+  
+! Input into the hash function the local 'md' (which is initialized from
+! the global 'md' before any bytes are generated), the bytes that are to
+! be overwritten by the random bytes, and bytes from the 'state'
+! (incrementing looping index). From this digest output (which is kept
+! in 'md'), the top (up to) 10 bytes are returned to the caller and the
+! bottom 10 bytes are xored into the 'state'.
+  
+  Finally, after we have finished 'num' random bytes for the caller,
+  'count' (which is incremented) and the local and global 'md' are fed
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/rsa.pod ../RELENG_4_6/crypto/openssl/doc/crypto/rsa.pod
+*** crypto/openssl/doc/crypto/rsa.pod	Sun Nov 26 06:34:09 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/rsa.pod	Wed Jul 10 15:36:58 2002
+***************
+*** 110,116 ****
+  L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
+  L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+  L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+! L<RSA_sign_ASN_OCTET_STRING(3)|RSA_sign_ASN_OCTET_STRING(3)>,
+  L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
+  
+  =cut
+--- 110,116 ----
+  L<RSA_set_method(3)|RSA_set_method(3)>, L<RSA_print(3)|RSA_print(3)>,
+  L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+  L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+! L<RSA_sign_ASN1_OCTET_STRING(3)|RSA_sign_ASN1_OCTET_STRING(3)>,
+  L<RSA_padding_add_PKCS1_type_1(3)|RSA_padding_add_PKCS1_type_1(3)> 
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/threads.pod ../RELENG_4_6/crypto/openssl/doc/crypto/threads.pod
+*** crypto/openssl/doc/crypto/threads.pod	Sun Nov 26 06:34:09 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/threads.pod	Thu Nov  8 09:52:40 2001
+***************
+*** 53,60 ****
+  that at least two callback functions are set.
+  
+  locking_function(int mode, int n, const char *file, int line) is
+! needed to perform locking on shared data structures. Multi-threaded
+! applications will crash at random if it is not set.
+  
+  locking_function() must be able to handle up to CRYPTO_num_locks()
+  different mutex locks. It sets the B<n>-th lock if B<mode> &
+--- 53,62 ----
+  that at least two callback functions are set.
+  
+  locking_function(int mode, int n, const char *file, int line) is
+! needed to perform locking on shared data structures.
+! (Note that OpenSSL uses a number of global data structures that
+! will be implicitly shared whenever multiple threads use OpenSSL.)
+! Multi-threaded applications will crash at random if it is not set.
+  
+  locking_function() must be able to handle up to CRYPTO_num_locks()
+  different mutex locks. It sets the B<n>-th lock if B<mode> &
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto.pod ../RELENG_4_6/crypto/openssl/doc/crypto.pod
+*** crypto/openssl/doc/crypto.pod	Mon Jan 10 01:21:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto.pod	Wed Dec 31 19:00:00 1969
+***************
+*** 1,27 ****
+- 
+- =pod
+- 
+- =head1 NAME
+- 
+- Crypto - OpenSSL Cryptography library
+- 
+- =head1 SYNOPSIS
+- 
+- =head1 DESCRIPTION
+- 
+- The OpenSSL B<crypto> library implements various cryptography standards
+- related to the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
+- (TLS v1) protocols. It provides a rich API which is documented here.
+- 
+- ...
+- 
+- =head1 SEE ALSO
+- 
+- openssl(1), ssl(3)
+- 
+- =head1 HISTORY
+- 
+- The crypto(3) document appeared in OpenSSL 0.9.2
+- 
+- =cut
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/openssl.pod ../RELENG_4_6/crypto/openssl/doc/openssl.pod
+*** crypto/openssl/doc/openssl.pod	Mon Jan 10 01:21:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/openssl.pod	Wed Dec 31 19:00:00 1969
+***************
+*** 1,304 ****
+- 
+- =pod
+- 
+- =head1 NAME
+- 
+- openssl - OpenSSL command line tool
+- 
+- =head1 SYNOPSIS
+- 
+- B<openssl>
+- I<command>
+- [ I<command_opts> ]
+- [ I<command_args> ]
+- 
+- =head1 DESCRIPTION
+- 
+- OpenSSL is a cryptography toolkit implementing the Secure Sockets Layer (SSL
+- v2/v3) and Transport Layer Security (TLS v1) network protocols and related
+- cryptography standards required by them.
+- 
+- The B<openssl> program is a command line tool for using the various
+- cryptography functions of OpenSSL's B<crypto> library from the shell. 
+- It can be used for 
+- 
+-  o  Creation of RSA, DH and DSA key parameters
+-  o  Creation of X.509 certificates, CSRs and CRLs 
+-  o  Calculation of Message Digests
+-  o  Encryption and Decryption with Ciphers
+-  o  SSL/TLS Client and Server Tests
+- 
+- =head1 COMMAND SUMMARY
+- 
+- The B<openssl> program provides a rich variety of commands (I<command> in the
+- SYNOPSIS above), each of which often has a wealth of options and arguments
+- (I<command_opts> and I<command_args> in the SYNOPSIS).
+- 
+- =head2 STANDARD COMMANDS
+- 
+- =over 10
+- 
+- =item B<asn1parse> 
+- 
+- Parse an ASN.1 sequence.
+- 
+- =item B<ca>
+- 
+- Certificate Authority (CA) Management.  
+- 
+- =item B<ciphers>
+- 
+- Cipher Suite Description Determination.
+- 
+- =item B<crl>
+- 
+- Certificate Revocation List (CRL) Management.
+- 
+- =item B<crl2pkcs7>      
+- 
+- CRL2 to PKCS#7 Conversion.
+- 
+- =item B<dgst>
+- 
+- Message Digest Calculation.
+- 
+- =item B<dh>
+- 
+- Diffie-Hellman Data Management.
+- 
+- =item B<dsa>
+- 
+- DSA Data Management.
+- 
+- =item B<dsaparam>
+- 
+- DSA Parameter Generation.
+- 
+- =item B<enc>            
+- 
+- Encoding with Ciphers.
+- 
+- =item B<errstr>
+- 
+- Error Number to Error String Conversion.
+- 
+- =item B<gendh>
+- 
+- Generation of Diffie-Hellman Parameters.
+- 
+- =item B<gendsa>
+- 
+- Generation of DSA Parameters.
+- 
+- =item B<genrsa>
+- 
+- Generation of RSA Parameters.
+- 
+- =item B<pkcs7>
+- 
+- PKCS#7 Data Management.
+- 
+- =item B<req>
+- 
+- X.509 Certificate Signing Request (CSR) Management.
+- 
+- =item B<rsa>
+- 
+- RSA Data Management.
+- 
+- =item B<s_client>
+- 
+- This implements a generic SSL/TLS client which can establish a transparent
+- connection to a remote server speaking SSL/TLS. It's intended for testing
+- purposes only and provides only rudimentary interface functionality but
+- internally uses mostly all functionality of the OpenSSL B<ssl> library.
+- 
+- =item B<s_server>
+- 
+- This implements a generic SSL/TLS server which accepts connections from remote
+- clients speaking SSL/TLS. It's intended for testing purposes only and provides
+- only rudimentary interface functionality but internally uses mostly all
+- functionality of the OpenSSL B<ssl> library.  It provides both an own command
+- line oriented protocol for testing SSL functions and a simple HTTP response
+- facility to emulate an SSL/TLS-aware webserver.
+- 
+- =item B<s_time>        
+- 
+- SSL Connection Timer.
+- 
+- =item B<sess_id>
+- 
+- SSL Session Data Management.
+- 
+- =item B<speed>
+- 
+- Algorithm Speed Measurement.
+- 
+- =item B<verify>
+- 
+- X.509 Certificate Verification.
+- 
+- =item B<version>
+- 
+- OpenSSL Version Information.
+- 
+- =item B<x509>           
+- 
+- X.509 Certificate Data Management.
+- 
+- =back
+- 
+- =head2 MESSAGE DIGEST COMMANDS
+- 
+- =over 10
+- 
+- =item B<md2>
+- 
+- MD2 Digest
+- 
+- =item B<md5>
+- 
+- MD5 Digest
+- 
+- =item B<mdc2>
+- 
+- MDC2 Digest
+- 
+- =item B<rmd160>
+- 
+- RMD-160 Digest
+- 
+- =item B<sha>            
+- 
+- SHA Digest
+- 
+- =item B<sha1>           
+- 
+- SHA-1 Digest
+- 
+- =back
+- 
+- =head2 ENCODING AND CIPHER COMMANDS
+- 
+- =over 10
+- 
+- =item B<base64>
+- 
+- Base64 Encoding
+- 
+- =item B<bf bf-cbc bf-cfb bf-ecb bf-ofb>
+- 
+- Blowfish Cipher
+- 
+- =item B<cast cast-cbc>
+- 
+- CAST Cipher
+- 
+- =item B<cast5-cbc cast5-cfb cast5-ecb cast5-ofb>
+- 
+- CAST5 Cipher
+- 
+- =item B<des des-cbc des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb des-ede-ofb des-ofb>
+- 
+- DES Cipher
+- 
+- =item B<des3 desx des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb>
+- 
+- Triple-DES Cipher
+- 
+- =item B<idea idea-cbc idea-cfb idea-ecb idea-ofb>
+- 
+- IDEA Cipher
+- 
+- =item B<rc2 rc2-cbc rc2-cfb rc2-ecb rc2-ofb>
+- 
+- RC2 Cipher
+- 
+- =item B<rc4>
+- 
+- RC4 Cipher
+- 
+- =item B<rc5 rc5-cbc rc5-cfb rc5-ecb rc5-ofb>
+- 
+- RC5 Cipher
+- 
+- =back
+- 
+- =head1 DETAILED COMMAND DESCRIPTION
+- 
+- The following is a detailed description of every B<openssl> I<command>.
+- 
+- =over 4
+- 
+- =item B<openssl> B<s_client>
+- [B<-connect> I<host>B<:>I<port>]
+- [B<-verify> I<arg>]
+- [B<-cert> I<arg>]
+- [B<-key> I<arg>]
+- [B<-CApath> I<arg>]
+- [B<-CAfile> I<arg>]
+- [B<-reconnect>]
+- [B<-pause>]
+- [B<-debug>]
+- [B<-nbio_test>]
+- [B<-state>]
+- [B<-nbio>]
+- [B<-quiet>]
+- [B<-ssl2>]
+- [B<-ssl3>]
+- [B<-tls1>]
+- [B<-no_ssl2>]
+- [B<-no_ssl3>]
+- [B<-no_tls1>]
+- [B<-bugs>]
+- [B<-cipher>]
+- 
+- The B<s_client> command implements a generic SSL/TLS client which can
+- establish a transparent connection to a remote I<host> and I<port> speaking
+- SSL/TLS. 
+- 
+- =item B<openssl> B<s_server>
+- [B<-accept> I<port>]
+- [B<-verify> I<arg>]
+- [B<-Verify> I<arg>]
+- [B<-cert> I<arg>]
+- [B<-key> I<arg>]
+- [B<-dcert> I<arg>]
+- [B<-dkey> I<arg>]
+- [B<-nbio>]
+- [B<-nbio_test>]
+- [B<-debug>]
+- [B<-state>]
+- [B<-CApath> I<arg>]
+- [B<-CAfile> I<arg>]
+- [B<-nocert>]
+- [B<-cipher> I<arg>]
+- [B<-quiet>]
+- [B<-no_tmp_rsa>]
+- [B<-ssl2>]
+- [B<-ssl3>]
+- [B<-tls1>]
+- [B<-no_ssl2>]
+- [B<-no_ssl3>]
+- [B<-no_tls1>]
+- [B<-bugs>]
+- [B<-www>]
+- [B<-WWW>]
+- 
+- The B<s_server> command implements a generic SSL/TLS server which accepts
+- connections from remote clients on I<port> speaking SSL/TLS.
+- 
+- =back
+- 
+- ...
+- 
+- =head1 SEE ALSO
+- 
+- crypto(3), ssl(3)
+- 
+- =head1 HISTORY
+- 
+- The openssl(3) document appeared in OpenSSL 0.9.2
+- 
+- =cut
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/openssl.txt ../RELENG_4_6/crypto/openssl/doc/openssl.txt
+*** crypto/openssl/doc/openssl.txt	Sun Nov 26 06:34:04 2000
+--- ../RELENG_4_6/crypto/openssl/doc/openssl.txt	Thu Sep  5 03:52:45 2002
+***************
+*** 344,350 ****
+  
+  Examples:
+  
+! subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+  subjectAltName=email:my@other.address,RID:1.2.3.4
+  
+  Issuer Alternative Name.
+--- 344,350 ----
+  
+  Examples:
+  
+! subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+  subjectAltName=email:my@other.address,RID:1.2.3.4
+  
+  Issuer Alternative Name.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod
+*** crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_COMP_add_compression_method.pod	Thu Aug 23 05:42:56 2001
+***************
+*** 0 ****
+--- 1,70 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_COMP_add_compression_method - handle SSL/TLS integrated compression methods
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_COMP_add_compression_method() adds the compression method B<cm> with
++ the identifier B<id> to the list of available compression methods. This
++ list is globally maintained for all SSL operations within this application.
++ It cannot be set for specific SSL_CTX or SSL objects.
++ 
++ =head1 NOTES
++ 
++ The TLS standard (or SSLv3) allows the integration of compression methods
++ into the communication. The TLS RFC does however not specify compression
++ methods or their corresponding identifiers, so there is currently no compatible
++ way to integrate compression with unknown peers. It is therefore currently not
++ recommended to integrate compression into applications. Applications for
++ non-public use may agree on certain compression methods. Using different
++ compression methods with the same identifier will lead to connection failure.
++ 
++ An OpenSSL client speaking a protocol that allows compression (SSLv3, TLSv1)
++ will unconditionally send the list of all compression methods enabled with
++ SSL_COMP_add_compression_method() to the server during the handshake.
++ Unlike the mechanisms to set a cipher list, there is no method available to
++ restrict the list of compression method on a per connection basis.
++ 
++ An OpenSSL server will match the identifiers listed by a client against
++ its own compression methods and will unconditionally activate compression
++ when a matching identifier is found. There is no way to restrict the list
++ of compression methods supported on a per connection basis.
++ 
++ The OpenSSL library has the compression methods B<COMP_rle()> and (when
++ especially enabled during compilation) B<COMP_zlib()> available.
++ 
++ =head1 WARNINGS
++ 
++ Once the identities of the compression methods for the TLS protocol have
++ been standardized, the compression API will most likely be changed. Using
++ it in the current state is not recommended.
++ 
++ =head1 RETURN VALUES
++ 
++ SSL_COMP_add_compression_method() may return the following values:
++ 
++ =over 4
++ 
++ =item 1
++ 
++ The operation succeeded.
++ 
++ =item 0
++ 
++ The operation failed. Check the error queue to find out the reason.
++ 
++ =back
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod	Wed Jul  4 19:22:30 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_add_extra_chain_cert.pod	Fri Feb 15 04:36:06 2002
+***************
+*** 33,38 ****
+--- 33,39 ----
+  
+  L<ssl(3)|ssl(3)>,
+  L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
++ L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
+  L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_add_session.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_add_session.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod	Tue Oct 29 13:36:45 2002
+***************
+*** 37,42 ****
+--- 37,50 ----
+  identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
+  is a no-op, and the return value is 0.
+  
++ If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
++ flag then the internal cache will not be populated automatically by new
++ sessions negotiated by the SSL/TLS implementation, even though the internal
++ cache will be searched automatically for session-resume requests (the
++ latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
++ application can use SSL_CTX_add_session() directly to have full control
++ over the sessions that can be resumed if desired.
++ 
+  
+  =head1 RETURN VALUES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_ctrl.pod	Thu Sep 13 11:07:21 2001
+***************
+*** 0 ****
+--- 1,34 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl - internal handling functions for SSL_CTX and SSL objects
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  long SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, char *parg);
++  long SSL_CTX_callback_ctrl(SSL_CTX *, int cmd, void (*fp)());
++ 
++  long SSL_ctrl(SSL *ssl, int cmd, long larg, char *parg);
++  long SSL_callback_ctrl(SSL *, int cmd, void (*fp)());
++ 
++ =head1 DESCRIPTION
++ 
++ The SSL_*_ctrl() family of functions is used to manipulate settings of
++ the SSL_CTX and SSL objects. Depending on the command B<cmd> the arguments
++ B<larg>, B<parg>, or B<fp> are evaluated. These functions should never
++ be called directly. All functionalities needed are made available via
++ other functions or macros.
++ 
++ =head1 RETURN VALUES
++ 
++ The return values of the SSL*_ctrl() functions depend on the command
++ supplied via the B<cmd> parameter.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_free.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_free.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_free.pod	Wed Jul  4 19:19:42 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_free.pod	Thu Sep 13 11:19:38 2001
+***************
+*** 24,29 ****
+--- 24,31 ----
+  
+  SSL_CTX_free() does not provide diagnostic information.
+  
++ =head1 SEE ALSO
++ 
+  L<SSL_CTX_new(3)|SSL_CTX_new(3)>, L<ssl(3)|ssl(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod	Mon May 14 05:57:02 2001
+***************
+*** 40,46 ****
+  B<ctx>.
+  
+  A detailed description for the B<*_get_ex_new_index()> functionality
+! can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
+  The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+  L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+  
+--- 40,46 ----
+  B<ctx>.
+  
+  A detailed description for the B<*_get_ex_new_index()> functionality
+! can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
+  The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+  L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_load_verify_locations.pod	Thu Sep 13 11:19:38 2001
+***************
+*** 33,42 ****
+  The B<CAfile> is processed on execution of the SSL_CTX_load_verify_locations()
+  function.
+  
+- If on an TLS/SSL server no special setting is performed using *client_CA_list()
+- functions, the certificates contained in B<CAfile> are listed to the client
+- as available CAs during the TLS/SSL handshake.
+- 
+  If B<CApath> is not NULL, it points to a directory containing CA certificates
+  in PEM format. The files each contain one CA certificate. The files are
+  looked up by the CA subject name hash value, which must hence be available.
+--- 33,38 ----
+***************
+*** 50,58 ****
+  building the certificate chain or when actually performing the verification
+  of a peer certificate.
+  
+- On a server, the certificates in B<CApath> are not listed as available
+- CA certificates to a client during a TLS/SSL handshake.
+- 
+  When looking up CA certificates, the OpenSSL library will first search the
+  certificates in B<CAfile>, then those in B<CApath>. Certificate matching
+  is done based on the subject name, the key identifier (if present), and the
+--- 46,51 ----
+***************
+*** 62,67 ****
+--- 55,67 ----
+  no other certificates for the same parameters will be searched in case of
+  failure.
+  
++ In server mode, when requesting a client certificate, the server must send
++ the list of CAs of which it will accept client certificates. This list
++ is not influenced by the contents of B<CAfile> or B<CApath> and must
++ explicitly be set using the
++ L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
++ family of functions.
++ 
+  When building its own certificate chain, an OpenSSL client/server will
+  try to fill in missing certificates from B<CAfile>/B<CApath>, if the
+  certificate chain was not explicitly specified (see
+***************
+*** 118,124 ****
+  L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
+  L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+  L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+! L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+! 
+  
+  =cut
+--- 118,124 ----
+  L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
+  L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+  L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
+! L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+! L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_new.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_new.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_new.pod	Wed Jul  4 19:19:42 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_new.pod	Wed Jul 25 08:13:46 2001
+***************
+*** 59,68 ****
+  
+  =back
+  
+- If a generic method is used, it is necessary to explicitly set client or
+- server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+- or SSL_set_accept_state().
+- 
+  The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
+  SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
+  B<SSL_set_options()> functions. Using these options it is possible to choose
+--- 59,64 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_sess_set_cache_size.pod	Wed Jul 10 15:37:07 2002
+***************
+*** 27,33 ****
+  
+  When the maximum number of sessions is reached, no more new sessions are
+  added to the cache. New space may be added by calling
+! L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)> to remove
+  expired sessions.
+  
+  If the size of the session cache is reduced and more sessions are already
+--- 27,33 ----
+  
+  When the maximum number of sessions is reached, no more new sessions are
+  added to the cache. New space may be added by calling
+! L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> to remove
+  expired sessions.
+  
+  If the size of the session cache is reduced and more sessions are already
+***************
+*** 46,51 ****
+  L<ssl(3)|ssl(3)>,
+  L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+  L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+! L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
+  
+  =cut
+--- 46,51 ----
+  L<ssl(3)|ssl(3)>,
+  L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+  L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+! L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_sess_set_get_cb.pod	Wed Jul 10 15:37:08 2002
+***************
+*** 70,81 ****
+  session caching was disabled. The get_session_cb() is passed the
+  B<ssl> connection, the session id of length B<length> at the memory location
+  B<data>. With the parameter B<copy> the callback can require the
+! SSL engine to increment the reference count of the SSL_SESSION object.
+  
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
+  L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+! L<SSL_CTX_flush_sessions(3)|<SSL_CTX_flush_sessions(3)>
+  
+  =cut
+--- 70,85 ----
+  session caching was disabled. The get_session_cb() is passed the
+  B<ssl> connection, the session id of length B<length> at the memory location
+  B<data>. With the parameter B<copy> the callback can require the
+! SSL engine to increment the reference count of the SSL_SESSION object,
+! Normally the reference count is not incremented and therefore the
+! session must not be explicitly freed with
+! L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>.
+  
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>, L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>,
+  L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+! L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+! L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_cert_store.pod	Tue Jun  4 16:44:58 2002
+***************
+*** 0 ****
+--- 1,57 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_CTX_set_cert_store, SSL_CTX_get_cert_store - manipulate X509 certificate verification storage
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  void SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store);
++  X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_CTX_set_cert_store() sets/replaces the certificate verification storage
++ of B<ctx> to/with B<store>. If another X509_STORE object is currently
++ set in B<ctx>, it will be X509_STORE_free()ed.
++ 
++ SSL_CTX_get_cert_store() returns a pointer to the current certificate
++ verification storage.
++ 
++ =head1 NOTES
++ 
++ In order to verify the certificates presented by the peer, trusted CA
++ certificates must be accessed. These CA certificates are made available
++ via lookup methods, handled inside the X509_STORE. From the X509_STORE
++ the X509_STORE_CTX used when verifying certificates is created.
++ 
++ Typically the trusted certificate store is handled indirectly via using
++ L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>.
++ Using the SSL_CTX_set_cert_store() and SSL_CTX_get_cert_store() functions
++ it is possible to manipulate the X509_STORE object beyond the
++ L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
++ call.
++ 
++ Currently no detailed documentation on how to use the X509_STORE
++ object is available. Not all members of the X509_STORE are used when
++ the verification takes place. So will e.g. the verify_callback() be
++ overridden with the verify_callback() set via the
++ L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)> family of functions.
++ This document must therefore be updated when documentation about the
++ X509_STORE object and its handling becomes available.
++ 
++ =head1 RETURN VALUES
++ 
++ SSL_CTX_set_cert_store() does not return diagnostic output.
++ 
++ SSL_CTX_get_cert_store() returns the current setting.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>,
++ L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
++ L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_cert_verify_callback.pod	Thu Aug 23 11:01:36 2001
+***************
+*** 0 ****
+--- 1,75 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_CTX_set_cert_verify_callback - set peer certificate verification procedure
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*callback)(),
++                                        char *arg);
++  int (*callback)();
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_CTX_set_cert_verify_callback() sets the verification callback function for
++ B<ctx>. SSL objects, that are created from B<ctx> inherit the setting valid at
++ the time, L<SSL_new(3)|SSL_new(3)> is called. B<arg> is currently ignored.
++ 
++ =head1 NOTES
++ 
++ Whenever a certificate is verified during a SSL/TLS handshake, a verification
++ function is called. If the application does not explicitly specify a
++ verification callback function, the built-in verification function is used.
++ If a verification callback B<callback> is specified via
++ SSL_CTX_set_cert_verify_callback(), the supplied callback function is called
++ instead. By setting B<callback> to NULL, the default behaviour is restored.
++ 
++ When the verification must be performed, B<callback> will be called with
++ the argument callback(X509_STORE_CTX *x509_store_ctx). The arguments B<arg>
++ that can be specified when setting B<callback> are currently ignored.
++ 
++ B<callback> should return 1 to indicate verification success and 0 to
++ indicate verification failure. If SSL_VERIFY_PEER is set and B<callback>
++ returns 0, the handshake will fail. As the verification procedure may
++ allow to continue the connection in case of failure (by always returning 1)
++ the verification result must be set in any case using the B<error>
++ member of B<x509_store_ctx>, so that the calling application will be informed
++ about the detailed result of the verification procedure! 
++ 
++ Within B<x509_store_ctx>, B<callback> has access to the B<verify_callback>
++ function set using L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
++ 
++ =head1 WARNINGS
++ 
++ Do not mix the verification callback described in this function with the
++ B<verify_callback> function called during the verification process. The
++ latter is set using the L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
++ family of functions.
++ 
++ Providing a complete verification procedure including certificate purpose
++ settings etc is a complex task. The built-in procedure is quite powerful
++ and in most cases it should be sufficient to modify its behaviour using
++ the B<verify_callback> function.
++ 
++ =head1 BUGS
++ 
++ It is possible to specify arguments to be passed to the verification callback.
++ Currently they are however not passed but ignored.
++ 
++ The B<callback> function is not specified via a prototype, so that no
++ type checking takes place.
++ 
++ =head1 RETURN VALUES
++ 
++ SSL_CTX_set_cert_verify_callback() does not provide diagnostic information.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
++ L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
++ L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod	Wed Jul  4 19:19:42 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_cipher_list.pod	Mon Jul 23 08:56:37 2001
+***************
+*** 34,42 ****
+  also sufficient. On the server side, additional restrictions apply. All ciphers
+  have additional requirements. ADH ciphers don't need a certificate, but
+  DH-parameters must have been set. All other ciphers need a corresponding
+! certificate and key. A RSA cipher can only be chosen, when a RSA certificate is
+! available, the respective is valid for DSA ciphers. Ciphers using EDH need
+! a certificate and key and DH-parameters.
+  
+  =head1 RETURN VALUES
+  
+--- 34,58 ----
+  also sufficient. On the server side, additional restrictions apply. All ciphers
+  have additional requirements. ADH ciphers don't need a certificate, but
+  DH-parameters must have been set. All other ciphers need a corresponding
+! certificate and key.
+! 
+! A RSA cipher can only be chosen, when a RSA certificate is available.
+! RSA export ciphers with a keylength of 512 bits for the RSA key require
+! a temporary 512 bit RSA key, as typically the supplied key has a length
+! of 1024 bit (see
+! L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
+! RSA ciphers using EDH need a certificate and key and additional DH-parameters
+! (see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+! 
+! A DSA cipher can only be chosen, when a DSA certificate is available.
+! DSA ciphers always use DH key exchange and therefore need DH-parameters
+! (see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+! 
+! When these conditions are not met for any cipher in the list (e.g. a
+! client only supports export RSA ciphers with a asymmetric key length
+! of 512 bits and the server is not configured to use temporary RSA
+! keys), the "no shared cipher" (SSL_R_NO_SHARED_CIPHER) error is generated
+! and the handshake will fail.
+  
+  =head1 RETURN VALUES
+  
+***************
+*** 47,52 ****
+--- 63,70 ----
+  
+  L<ssl(3)|ssl(3)>, L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
+  L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
++ L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
++ L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+  L<ciphers(1)|ciphers(1)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_client_CA_list.pod	Thu Apr 12 12:03:28 2001
+***************
+*** 36,60 ****
+  
+  When a TLS/SSL server requests a client certificate (see
+  B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
+! it will accept certificates, to the client. If no special list is provided,
+! the CAs available using the B<CAfile> option in
+! L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+! are sent.
+  
+! This list can be explicitly set using the SSL_CTX_set_client_CA_list() for
+  B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
+  specified overrides the previous setting. The CAs listed do not become
+  trusted (B<list> only contains the names, not the complete certificates); use
+  L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 
+  to additionally load them for verification.
+  
+  SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
+  items the list of client CAs. If no list was specified before using
+  SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
+! CA list for B<ctx> or B<ssl> (as appropriate) is opened. The CAs implicitly
+! specified using
+! L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+! are no longer used automatically.
+  
+  These functions are only useful for TLS/SSL servers.
+  
+--- 36,58 ----
+  
+  When a TLS/SSL server requests a client certificate (see
+  B<SSL_CTX_set_verify_options()>), it sends a list of CAs, for which
+! it will accept certificates, to the client.
+  
+! This list must explicitly be set using SSL_CTX_set_client_CA_list() for
+  B<ctx> and SSL_set_client_CA_list() for the specific B<ssl>. The list
+  specified overrides the previous setting. The CAs listed do not become
+  trusted (B<list> only contains the names, not the complete certificates); use
+  L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)> 
+  to additionally load them for verification.
+  
++ If the list of acceptable CAs is compiled in a file, the
++ L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>
++ function can be used to help importing the necessary data.
++ 
+  SSL_CTX_add_client_CA() and SSL_add_client_CA() can be used to add additional
+  items the list of client CAs. If no list was specified before using
+  SSL_CTX_set_client_CA_list() or SSL_set_client_CA_list(), a new client
+! CA list for B<ctx> or B<ssl> (as appropriate) is opened.
+  
+  These functions are only useful for TLS/SSL servers.
+  
+***************
+*** 80,90 ****
+  
+  =back
+  
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>,
+  L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+! L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>
+  L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+  
+  =cut
+--- 78,94 ----
+  
+  =back
+  
++ =head1 EXAMPLES
++ 
++ Scan all certificates in B<CAfile> and list them as acceptable CAs:
++ 
++   SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(CAfile));
++ 
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>,
+  L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
+! L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
+  L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_client_cert_cb.pod	Wed Jun 12 16:16:17 2002
+***************
+*** 0 ****
+--- 1,94 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb - handle client certificate callback function
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx, int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
++  int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
++  int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_CTX_set_client_cert_cb() sets the B<client_cert_cb()> callback, that is
++ called when a client certificate is requested by a server and no certificate
++ was yet set for the SSL object.
++ 
++ When B<client_cert_cb()> is NULL, no callback function is used.
++ 
++ SSL_CTX_get_client_cert_cb() returns a pointer to the currently set callback
++ function.
++ 
++ client_cert_cb() is the application defined callback. If it wants to
++ set a certificate, a certificate/private key combination must be set
++ using the B<x509> and B<pkey> arguments and "1" must be returned. The
++ certificate will be installed into B<ssl>, see the NOTES and BUGS sections.
++ If no certificate should be set, "0" has to be returned and no certificate
++ will be sent. A negative return value will suspend the handshake and the
++ handshake function will return immediatly. L<SSL_get_error(3)|SSL_get_error(3)>
++ will return SSL_ERROR_WANT_X509_LOOKUP to indicate, that the handshake was
++ suspended. The next call to the handshake function will again lead to the call
++ of client_cert_cb(). It is the job of the client_cert_cb() to store information
++ about the state of the last call, if required to continue.
++ 
++ =head1 NOTES
++ 
++ During a handshake (or renegotiation) a server may request a certificate
++ from the client. A client certificate must only be sent, when the server
++ did send the request.
++ 
++ When a certificate was set using the
++ L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)> family of functions,
++ it will be sent to the server. The TLS standard requires that only a
++ certificate is sent, if it matches the list of acceptable CAs sent by the
++ server. This constraint is violated by the default behavior of the OpenSSL
++ library. Using the callback function it is possible to implement a proper
++ selection routine or to allow a user interaction to choose the certificate to
++ be sent.
++ 
++ If a callback function is defined and no certificate was yet defined for the
++ SSL object, the callback function will be called.
++ If the callback function returns a certificate, the OpenSSL library
++ will try to load the private key and certificate data into the SSL
++ object using the SSL_use_certificate() and SSL_use_private_key() functions.
++ Thus it will permanently install the certificate and key for this SSL
++ object. It will not be reset by calling L<SSL_clear(3)|SSL_clear(3)>.
++ If the callback returns no certificate, the OpenSSL library will not send
++ a certificate.
++ 
++ =head1 BUGS
++ 
++ The client_cert_cb() cannot return a complete certificate chain, it can
++ only return one client certificate. If the chain only has a length of 2,
++ the root CA certificate may be omitted according to the TLS standard and
++ thus a standard conforming answer can be sent to the server. For a
++ longer chain, the client must send the complete chain (with the option
++ to leave out the root CA certificate). This can only be accomplished by
++ either adding the intermediate CA certificates into the trusted
++ certificate store for the SSL_CTX object (resulting in having to add
++ CA certificates that otherwise maybe would not be trusted), or by adding
++ the chain certificates using the
++ L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
++ function, which is only available for the SSL_CTX object as a whole and that
++ therefore probably can only apply for one client certificate, making
++ the concept of the callback function (to allow the choice from several
++ certificates) questionable.
++ 
++ Once the SSL object has been used in conjunction with the callback function,
++ the certificate will be set for the SSL object and will not be cleared
++ even when L<SSL_clear(3)|SSL_clear(3)> is being called. It is therefore
++ mandatory to destroy the SSL object using L<SSL_free(3)|SSL_free(3)>
++ and create a new one to return to the previous state.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
++ L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
++ L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
++ L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_default_passwd_cb.pod	Wed Jul 11 11:11:26 2001
+***************
+*** 40,45 ****
+--- 40,51 ----
+  password could be stored into the B<userdata> storage and the
+  pem_passwd_cb() only returns the password already stored.
+  
++ When asking for the password interactively, pem_passwd_cb() can use
++ B<rwflag> to check, whether an item shall be encrypted (rwflag=1).
++ In this case the password dialog may ask for the same password twice
++ for comparison in order to catch typos, that would make decryption
++ impossible.
++ 
+  Other items in PEM formatting (certificates) can also be encrypted, it is
+  however not usual, as certificate information is considered public.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_info_callback.pod	Fri Nov  9 21:14:43 2001
+***************
+*** 0 ****
+--- 1,153 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback - handle information callback for SSL connections
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*callback)());
++  void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))();
++ 
++  void SSL_set_info_callback(SSL *ssl, void (*callback)());
++  void (*SSL_get_info_callback(SSL *ssl))();
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_CTX_set_info_callback() sets the B<callback> function, that can be used to
++ obtain state information for SSL objects created from B<ctx> during connection
++ setup and use. The setting for B<ctx> is overridden from the setting for
++ a specific SSL object, if specified.
++ When B<callback> is NULL, not callback function is used.
++ 
++ SSL_set_info_callback() sets the B<callback> function, that can be used to
++ obtain state information for B<ssl> during connection setup and use.
++ When B<callback> is NULL, the callback setting currently valid for
++ B<ctx> is used.
++ 
++ SSL_CTX_get_info_callback() returns a pointer to the currently set information
++ callback function for B<ctx>.
++ 
++ SSL_get_info_callback() returns a pointer to the currently set information
++ callback function for B<ssl>.
++ 
++ =head1 NOTES
++ 
++ When setting up a connection and during use, it is possible to obtain state
++ information from the SSL/TLS engine. When set, an information callback function
++ is called whenever the state changes, an alert appears, or an error occurs.
++ 
++ The callback function is called as B<callback(SSL *ssl, int where, int ret)>.
++ The B<where> argument specifies information about where (in which context)
++ the callback function was called. If B<ret> is 0, an error condition occurred.
++ If an alert is handled, SSL_CB_ALERT is set and B<ret> specifies the alert
++ information.
++ 
++ B<where> is a bitmask made up of the following bits:
++ 
++ =over 4
++ 
++ =item SSL_CB_LOOP
++ 
++ Callback has been called to indicate state change inside a loop.
++ 
++ =item SSL_CB_EXIT
++ 
++ Callback has been called to indicate error exit of a handshake function.
++ (May be soft error with retry option for non-blocking setups.)
++ 
++ =item SSL_CB_READ
++ 
++ Callback has been called during read operation.
++ 
++ =item SSL_CB_WRITE
++ 
++ Callback has been called during write operation.
++ 
++ =item SSL_CB_ALERT
++ 
++ Callback has been called due to an alert being sent or received.
++ 
++ =item SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
++ 
++ =item SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
++ 
++ =item SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
++ 
++ =item SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
++ 
++ =item SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
++ 
++ =item SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
++ 
++ =item SSL_CB_HANDSHAKE_START
++ 
++ Callback has been called because a new handshake is started.
++ 
++ =item SSL_CB_HANDSHAKE_DONE           0x20
++ 
++ Callback has been called because a handshake is finished.
++ 
++ =back
++ 
++ The current state information can be obtained using the
++ L<SSL_state_string(3)|SSL_state_string(3)> family of functions.
++ 
++ The B<ret> information can be evaluated using the
++ L<SSL_alert_type_string(3)|SSL_alert_type_string(3)> family of functions.
++ 
++ =head1 RETURN VALUES
++ 
++ SSL_set_info_callback() does not provide diagnostic information.
++ 
++ SSL_get_info_callback() returns the current setting.
++ 
++ =head1 EXAMPLES
++ 
++ The following example callback function prints state strings, information
++ about alerts being handled and error messages to the B<bio_err> BIO.
++ 
++  void apps_ssl_info_callback(SSL *s, int where, int ret)
++ 	{
++ 	const char *str;
++ 	int w;
++ 
++ 	w=where& ~SSL_ST_MASK;
++ 
++ 	if (w & SSL_ST_CONNECT) str="SSL_connect";
++ 	else if (w & SSL_ST_ACCEPT) str="SSL_accept";
++ 	else str="undefined";
++ 
++ 	if (where & SSL_CB_LOOP)
++ 		{
++ 		BIO_printf(bio_err,"%s:%s\n",str,SSL_state_string_long(s));
++ 		}
++ 	else if (where & SSL_CB_ALERT)
++ 		{
++ 		str=(where & SSL_CB_READ)?"read":"write";
++ 		BIO_printf(bio_err,"SSL3 alert %s:%s:%s\n",
++ 			str,
++ 			SSL_alert_type_string_long(ret),
++ 			SSL_alert_desc_string_long(ret));
++ 		}
++ 	else if (where & SSL_CB_EXIT)
++ 		{
++ 		if (ret == 0)
++ 			BIO_printf(bio_err,"%s:failed in %s\n",
++ 				str,SSL_state_string_long(s));
++ 		else if (ret < 0)
++ 			{
++ 			BIO_printf(bio_err,"%s:error in %s\n",
++ 				str,SSL_state_string_long(s));
++ 			}
++ 		}
++ 	}
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<SSL_state_string(3)|SSL_state_string(3)>,
++ L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_mode.pod	Wed Jul 11 11:11:26 2001
+***************
+*** 37,42 ****
+--- 37,45 ----
+  Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+  when just a single record has been written). When not set (the default),
+  SSL_write() will only report success once the complete chunk was written.
++ Once SSL_write() returns with r, r bytes have been successfully written
++ and the next call to SSL_write() must only send the n-r bytes left,
++ imitating the behaviour of write().
+  
+  =item SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_options.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_options.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_options.pod	Wed Jul 10 15:37:08 2002
+***************
+*** 17,26 ****
+  =head1 DESCRIPTION
+  
+  SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
+! Options already set before are not cleared.
+  
+  SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
+! Options already set before are not cleared.
+  
+  SSL_CTX_get_options() returns the options set for B<ctx>.
+  
+--- 17,26 ----
+  =head1 DESCRIPTION
+  
+  SSL_CTX_set_options() adds the options set via bitmask in B<options> to B<ctx>.
+! Options already set before are not cleared!
+  
+  SSL_set_options() adds the options set via bitmask in B<options> to B<ssl>.
+! Options already set before are not cleared!
+  
+  SSL_CTX_get_options() returns the options set for B<ctx>.
+  
+***************
+*** 32,38 ****
+  The options are coded as bitmasks and can be combined by a logical B<or>
+  operation (|). Options can only be added but can never be reset.
+  
+! During a handshake, the option settings of the SSL object used. When
+  a new SSL object is created from a context using SSL_new(), the current
+  option setting is copied. Changes to B<ctx> do not affect already created
+  SSL objects. SSL_clear() does not affect the settings.
+--- 32,43 ----
+  The options are coded as bitmasks and can be combined by a logical B<or>
+  operation (|). Options can only be added but can never be reset.
+  
+! SSL_CTX_set_options() and SSL_set_options() affect the (external)
+! protocol behaviour of the SSL library. The (internal) behaviour of
+! the API can be changed by using the similar
+! L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)> and SSL_set_mode() functions.
+! 
+! During a handshake, the option settings of the SSL object are used. When
+  a new SSL object is created from a context using SSL_new(), the current
+  option setting is copied. Changes to B<ctx> do not affect already created
+  SSL objects. SSL_clear() does not affect the settings.
+***************
+*** 107,120 ****
+  same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
+  to the server's answer and violate the version rollback protection.)
+  
+  =item SSL_OP_ALL
+  
+  All of the above bug workarounds.
+  
+  =back
+  
+! It is save and recommended to use SSL_OP_ALL to enable the bug workaround
+! options.
+  
+  The following B<modifying> options are available:
+  
+--- 112,133 ----
+  same SSLv3.1=TLSv1 announcement. Some clients step down to SSLv3 with respect
+  to the server's answer and violate the version rollback protection.)
+  
++ =item SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
++ 
++ Disables a countermeasure against a SSL 3.0/TLS 1.0 protocol
++ vulnerability affecting CBC ciphers, which cannot be handled by some
++ broken SSL implementations.  This option has no effect for connections
++ using other ciphers.
++ 
+  =item SSL_OP_ALL
+  
+  All of the above bug workarounds.
+  
+  =back
+  
+! It is usually safe to use B<SSL_OP_ALL> to enable the bug workaround
+! options if compatibility with somewhat broken implementations is
+! desired.
+  
+  The following B<modifying> options are available:
+  
+***************
+*** 122,132 ****
+  
+  =item SSL_OP_SINGLE_DH_USE
+  
+! Always create a new key when using temporary DH parameters.
+  
+  =item SSL_OP_EPHEMERAL_RSA
+  
+! Also use the temporary RSA key when doing RSA operations.
+  
+  =item SSL_OP_PKCS1_CHECK_1
+  
+--- 135,161 ----
+  
+  =item SSL_OP_SINGLE_DH_USE
+  
+! Always create a new key when using temporary/ephemeral DH parameters
+! (see L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
+! This option must be used to prevent small subgroup attacks, when
+! the DH parameters were not generated using "strong" primes
+! (e.g. when using DSA-parameters, see L<dhparam(1)|dhparam(1)>).
+! If "strong" primes were used, it is not strictly necessary to generate
+! a new DH key during each handshake but it is also recommended.
+! SSL_OP_SINGLE_DH_USE should therefore be enabled whenever
+! temporary/ephemeral DH parameters are used.
+  
+  =item SSL_OP_EPHEMERAL_RSA
+  
+! Always use ephemeral (temporary) RSA key when doing RSA operations
+! (see L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>).
+! According to the specifications this is only done, when a RSA key
+! can only be used for signature operations (namely under export ciphers
+! with restricted RSA keylength). By setting this option, ephemeral
+! RSA keys are always used. This option breaks compatibility with the
+! SSL/TLS specifications and may lead to interoperability problems with
+! clients and should therefore never be used. Ciphers with EDH (ephemeral
+! Diffie-Hellman) key exchange should be used instead.
+  
+  =item SSL_OP_PKCS1_CHECK_1
+  
+***************
+*** 142,152 ****
+  non-self-sighed CA which does not have it's CA in netscape, and the
+  browser has a cert, it will crash/hang.  Works for 3.x and 4.xbeta 
+  
+- =item SSL_OP_NON_EXPORT_FIRST
+- 
+- On servers try to use non-export (stronger) ciphers first. This option does
+- not work under all circumstances (in the code it is declared "broken").
+- 
+  =item SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
+  
+  ...
+--- 171,176 ----
+***************
+*** 174,183 ****
+  
+  =head1 SEE ALSO
+  
+! L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>
+  
+  =head1 HISTORY
+  
+  SSL_OP_TLS_ROLLBACK_BUG has been added in OpenSSL 0.9.6.
+  
+  =cut
+--- 198,215 ----
+  
+  =head1 SEE ALSO
+  
+! L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+! L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+! L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
+! L<dhparam(1)|dhparam(1)>
+  
+  =head1 HISTORY
+  
+  SSL_OP_TLS_ROLLBACK_BUG has been added in OpenSSL 0.9.6.
++ 
++ B<SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS> has been added in OpenSSL 0.9.6e.
++ Versions up to OpenSSL 0.9.6c do not include the countermeasure that
++ can be disabled with this option (in OpenSSL 0.9.6d, it was always
++ enabled).
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_quiet_shutdown.pod	Fri Aug 17 11:10:47 2001
+***************
+*** 0 ****
+--- 1,63 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown - manipulate shutdown behaviour
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode);
++  int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx);
++ 
++  void SSL_set_quiet_shutdown(SSL *ssl, int mode);
++  int SSL_get_quiet_shutdown(SSL *ssl);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_CTX_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ctx> to be
++ B<mode>. SSL objects created from B<ctx> inherit the B<mode> valid at the time
++ L<SSL_new(3)|SSL_new(3)> is called. B<mode> may be 0 or 1.
++ 
++ SSL_CTX_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ctx>.
++ 
++ SSL_set_quiet_shutdown() sets the "quiet shutdown" flag for B<ssl> to be
++ B<mode>. The setting stays valid until B<ssl> is removed with
++ L<SSL_free(3)|SSL_free(3)> or SSL_set_quiet_shutdown() is called again.
++ It is not changed when L<SSL_clear(3)|SSL_clear(3)> is called.
++ B<mode> may be 0 or 1.
++ 
++ SSL_get_quiet_shutdown() returns the "quiet shutdown" setting of B<ssl>.
++ 
++ =head1 NOTES
++ 
++ Normally when a SSL connection is finished, the parties must send out
++ "close notify" alert messages using L<SSL_shutdown(3)|SSL_shutdown(3)>
++ for a clean shutdown.
++ 
++ When setting the "quiet shutdown" flag to 1, L<SSL_shutdown(3)|SSL_shutdown(3)>
++ will set the internal flags to SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.
++ (L<SSL_shutdown(3)|SSL_shutdown(3)> then behaves like
++ L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> called with
++ SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN.)
++ The session is thus considered to be shutdown, but no "close notify" alert
++ is sent to the peer. This behaviour violates the TLS standard.
++ 
++ The default is normal shutdown behaviour as described by the TLS standard.
++ 
++ =head1 RETURN VALUES
++ 
++ SSL_CTX_set_quiet_shutdown() and SSL_set_quiet_shutdown() do not return
++ diagnostic information.
++ 
++ SSL_CTX_get_quiet_shutdown() and SSL_get_quiet_shutdown return the current
++ setting.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
++ L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>, L<SSL_new(3)|SSL_new(3)>,
++ L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod	Tue Oct 29 13:36:46 2002
+***************
+*** 26,37 ****
+  object.
+  
+  In order to reuse a session, a client must send the session's id to the
+! server. It can only send exactly one id.  The server then decides whether it
+! agrees in reusing the session or starts the handshake for a new session.
+! 
+! A server will lookup up the session in its internal session storage. If
+! the session is not found in internal storage or internal storage is
+! deactivated, the server will try the external storage if available.
+  
+  Since a client may try to reuse a session intended for use in a different
+  context, the session id context must be set by the server (see
+--- 26,39 ----
+  object.
+  
+  In order to reuse a session, a client must send the session's id to the
+! server. It can only send exactly one id.  The server then either 
+! agrees to reuse the session or it starts a full handshake (to create a new
+! session).
+! 
+! A server will lookup up the session in its internal session storage. If the
+! session is not found in internal storage or lookups for the internal storage
+! have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
+! the external storage if available.
+  
+  Since a client may try to reuse a session intended for use in a different
+  context, the session id context must be set by the server (see
+***************
+*** 57,65 ****
+  =item SSL_SESS_CACHE_SERVER
+  
+  Server sessions are added to the session cache. When a client proposes a
+! session to be reused, the session is looked up in the internal session cache.
+! If the session is found, the server will try to reuse the session.
+! This is the default.
+  
+  =item SSL_SESS_CACHE_BOTH
+  
+--- 59,68 ----
+  =item SSL_SESS_CACHE_SERVER
+  
+  Server sessions are added to the session cache. When a client proposes a
+! session to be reused, the server looks for the corresponding session in (first)
+! the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
+! then (second) in the external cache if available. If the session is found, the
+! server will try to reuse the session.  This is the default.
+  
+  =item SSL_SESS_CACHE_BOTH
+  
+***************
+*** 77,88 ****
+  
+  =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+  
+! By setting this flag sessions are cached in the internal storage but
+! they are not looked up automatically. If an external session cache
+! is enabled, sessions are looked up in the external cache. As automatic
+! lookup only applies for SSL/TLS servers, the flag has no effect on
+  clients.
+  
+  =back
+  
+  The default mode is SSL_SESS_CACHE_SERVER.
+--- 80,111 ----
+  
+  =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+  
+! By setting this flag, session-resume operations in an SSL/TLS server will not
+! automatically look up sessions in the internal cache, even if sessions are
+! automatically stored there. If external session caching callbacks are in use,
+! this flag guarantees that all lookups are directed to the external cache.
+! As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
+  clients.
+  
++ =item SSL_SESS_CACHE_NO_INTERNAL_STORE
++ 
++ Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
++ sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
++ Normally a new session is added to the internal cache as well as any external
++ session caching (callback) that is configured for the SSL_CTX. This flag will
++ prevent sessions being stored in the internal cache (though the application can
++ add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
++ in any SSL/TLS servers where external caching is configured, any successful
++ session lookups in the external cache (ie. for session-resume requests) would
++ normally be copied into the local cache before processing continues - this flag
++ prevents these additions to the internal cache as well.
++ 
++ =item SSL_SESS_CACHE_NO_INTERNAL
++ 
++ Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
++ SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
++ 
++ 
+  =back
+  
+  The default mode is SSL_SESS_CACHE_SERVER.
+***************
+*** 97,107 ****
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
+  L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+  L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+  L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+  L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+! L<SSL_CTX_set_timeout.pod(3)|SSL_CTX_set_timeout.pod(3)>,
+  L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
+  
+  =cut
+--- 120,137 ----
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
++ L<SSL_session_reused(3)|SSL_session_reused(3)>,
++ L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+  L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+  L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+  L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+  L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+! L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+  L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
++ 
++ =head1 HISTORY
++ 
++ SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
++ were introduced in OpenSSL 0.9.6h.
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_timeout.pod	Fri Aug 17 12:38:05 2001
+***************
+*** 37,43 ****
+  directly by the application or automatically (see
+  L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
+  
+! The default value for session timeout is 300 seconds.
+  
+  =head1 RETURN VALUES
+  
+--- 37,46 ----
+  directly by the application or automatically (see
+  L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>)
+  
+! The default value for session timeout is decided on a per protocol
+! basis, see L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>.
+! All currently supported protocols have the same default timeout value
+! of 300 seconds.
+  
+  =head1 RETURN VALUES
+  
+***************
+*** 50,55 ****
+  L<ssl(3)|ssl(3)>,
+  L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+  L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+! L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
+  
+  =cut
+--- 53,59 ----
+  L<ssl(3)|ssl(3)>,
+  L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+  L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+! L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+! L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_dh_callback.pod	Thu Sep 13 11:19:38 2001
+***************
+*** 0 ****
+--- 1,170 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh - handle DH keys for ephemeral key exchange
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
++             DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
++  long SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh);
++ 
++  void SSL_set_tmp_dh_callback(SSL_CTX *ctx,
++             DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
++  long SSL_set_tmp_dh(SSL *ssl, DH *dh)
++ 
++  DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength));
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_CTX_set_tmp_dh_callback() sets the callback function for B<ctx> to be
++ used when a DH parameters are required to B<tmp_dh_callback>.
++ The callback is inherited by all B<ssl> objects created from B<ctx>.
++ 
++ SSL_CTX_set_tmp_dh() sets DH parameters to be used to be B<dh>.
++ The key is inherited by all B<ssl> objects created from B<ctx>.
++ 
++ SSL_set_tmp_dh_callback() sets the callback only for B<ssl>.
++ 
++ SSL_set_tmp_dh() sets the parameters only for B<ssl>.
++ 
++ These functions apply to SSL/TLS servers only.
++ 
++ =head1 NOTES
++ 
++ When using a cipher with RSA authentication, an ephemeral DH key exchange
++ can take place. Ciphers with DSA keys always use ephemeral DH keys as well.
++ In these cases, the session data are negotiated using the
++ ephemeral/temporary DH key and the key supplied and certified
++ by the certificate chain is only used for signing.
++ Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
++ 
++ Using ephemeral DH key exchange yields forward secrecy, as the connection
++ can only be decrypted, when the DH key is known. By generating a temporary
++ DH key inside the server application that is lost when the application
++ is left, it becomes impossible for an attacker to decrypt past sessions,
++ even if he gets hold of the normal (certified) key, as this key was
++ only used for signing.
++ 
++ In order to perform a DH key exchange the server must use a DH group
++ (DH parameters) and generate a DH key. The server will always generate a new
++ DH key during the negotiation, when the DH parameters are supplied via
++ callback and/or when the SSL_OP_SINGLE_DH_USE option of
++ L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)> is set. It will
++ immediately create a DH key, when DH parameters are supplied via
++ SSL_CTX_set_tmp_dh() and SSL_OP_SINGLE_DH_USE is not set. In this case,
++ it may happen that a key is generated on initialization without later
++ being needed, while on the other hand the computer time during the
++ negotiation is being saved.
++ 
++ If "strong" primes were used to generate the DH parameters, it is not strictly
++ necessary to generate a new key for each handshake but it does improve forward
++ secrecy. If it is not assured, that "strong" primes were used (see especially
++ the section about DSA parameters below), SSL_OP_SINGLE_DH_USE must be used
++ in order to prevent small subgroup attacks. Always using SSL_OP_SINGLE_DH_USE
++ has an impact on the computer time needed during negotiation, but it is not
++ very large, so application authors/users should consider to always enable
++ this option.
++ 
++ As generating DH parameters is extremely time consuming, an application
++ should not generate the parameters on the fly but supply the parameters.
++ DH parameters can be reused, as the actual key is newly generated during
++ the negotiation. The risk in reusing DH parameters is that an attacker
++ may specialize on a very often used DH group. Applications should therefore
++ generate their own DH parameters during the installation process using the
++ openssl L<dhparam(1)|dhparam(1)> application. In order to reduce the computer
++ time needed for this generation, it is possible to use DSA parameters
++ instead (see L<dhparam(1)|dhparam(1)>), but in this case SSL_OP_SINGLE_DH_USE
++ is mandatory.
++ 
++ Application authors may compile in DH parameters. Files dh512.pem,
++ dh1024.pem, dh2048.pem, and dh4096 in the 'apps' directory of current
++ version of the OpenSSL distribution contain the 'SKIP' DH parameters,
++ which use safe primes and were generated verifiably pseudo-randomly.
++ These files can be converted into C code using the B<-C> option of the
++ L<dhparam(1)|dhparam(1)> application.
++ Authors may also generate their own set of parameters using
++ L<dhparam(1)|dhparam(1)>, but a user may not be sure how the parameters were
++ generated. The generation of DH parameters during installation is therefore
++ recommended.
++ 
++ An application may either directly specify the DH parameters or
++ can supply the DH parameters via a callback function. The callback approach
++ has the advantage, that the callback may supply DH parameters for different
++ key lengths.
++ 
++ The B<tmp_dh_callback> is called with the B<keylength> needed and
++ the B<is_export> information. The B<is_export> flag is set, when the
++ ephemeral DH key exchange is performed with an export cipher.
++ 
++ =head1 EXAMPLES
++ 
++ Handle DH parameters for key lengths of 512 and 1024 bits. (Error handling
++ partly left out.)
++ 
++  ...
++  /* Set up ephemeral DH stuff */
++  DH *dh_512 = NULL;
++  DH *dh_1024 = NULL;
++  FILE *paramfile;
++ 
++  ...
++  /* "openssl dhparam -out dh_param_512.pem -2 512" */
++  paramfile = fopen("dh_param_512.pem", "r");
++  if (paramfile) {
++    dh_512 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
++    fclose(paramfile);
++  }
++  /* "openssl dhparam -out dh_param_1024.pem -2 1024" */
++  paramfile = fopen("dh_param_1024.pem", "r");
++  if (paramfile) {
++    dh_1024 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
++    fclose(paramfile);
++  }
++  ...
++ 
++  /* "openssl dhparam -C -2 512" etc... */
++  DH *get_dh512() { ... }
++  DH *get_dh1024() { ... }
++ 
++  DH *tmp_dh_callback(SSL *s, int is_export, int keylength)
++  {
++     DH *dh_tmp=NULL;
++ 
++     switch (keylength) {
++     case 512:
++       if (!dh_512)
++         dh_512 = get_dh512();
++       dh_tmp = dh_512;
++       break;
++     case 1024:
++       if (!dh_1024) 
++         dh_1024 = get_dh1024();
++       dh_tmp = dh_1024;
++       break;
++     default:
++       /* Generating a key on the fly is very costly, so use what is there */
++       setup_dh_parameters_like_above();
++     }
++     return(dh_tmp);
++  }
++ 
++ =head1 RETURN VALUES
++ 
++ SSL_CTX_set_tmp_dh_callback() and SSL_set_tmp_dh_callback() do not return
++ diagnostic output.
++ 
++ SSL_CTX_set_tmp_dh() and SSL_set_tmp_dh() do return 1 on success and 0
++ on failure. Check the error queue to find out the reason of failure.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
++ L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
++ L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
++ L<ciphers(1)|ciphers(1)>, L<dhparam(1)|dhparam(1)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_tmp_rsa_callback.pod	Thu Sep 13 11:19:38 2001
+***************
+*** 0 ****
+--- 1,166 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa - handle RSA keys for ephemeral key exchange
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
++             RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
++  long SSL_CTX_set_tmp_rsa(SSL_CTX *ctx, RSA *rsa);
++  long SSL_CTX_need_tmp_rsa(SSL_CTX *ctx);
++ 
++  void SSL_set_tmp_rsa_callback(SSL_CTX *ctx,
++             RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
++  long SSL_set_tmp_rsa(SSL *ssl, RSA *rsa)
++  long SSL_need_tmp_rsa(SSL *ssl)
++ 
++  RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength));
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_CTX_set_tmp_rsa_callback() sets the callback function for B<ctx> to be
++ used when a temporary/ephemeral RSA key is required to B<tmp_rsa_callback>.
++ The callback is inherited by all SSL objects newly created from B<ctx>
++ with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
++ 
++ SSL_CTX_set_tmp_rsa() sets the temporary/ephemeral RSA key to be used to be
++ B<rsa>. The key is inherited by all SSL objects newly created from B<ctx>
++ with <SSL_new(3)|SSL_new(3)>. Already created SSL objects are not affected.
++ 
++ SSL_CTX_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed
++ for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
++ with a keysize larger than 512 bits is installed.
++ 
++ SSL_set_tmp_rsa_callback() sets the callback only for B<ssl>.
++ 
++ SSL_set_tmp_rsa() sets the key only for B<ssl>.
++ 
++ SSL_need_tmp_rsa() returns 1, if a temporary/ephemeral RSA key is needed,
++ for RSA-based strength-limited 'exportable' ciphersuites because a RSA key
++ with a keysize larger than 512 bits is installed.
++ 
++ These functions apply to SSL/TLS servers only.
++ 
++ =head1 NOTES
++ 
++ When using a cipher with RSA authentication, an ephemeral RSA key exchange
++ can take place. In this case the session data are negotiated using the
++ ephemeral/temporary RSA key and the RSA key supplied and certified
++ by the certificate chain is only used for signing.
++ 
++ Under previous export restrictions, ciphers with RSA keys shorter (512 bits)
++ than the usual key length of 1024 bits were created. To use these ciphers
++ with RSA keys of usual length, an ephemeral key exchange must be performed,
++ as the normal (certified) key cannot be directly used.
++ 
++ Using ephemeral RSA key exchange yields forward secrecy, as the connection
++ can only be decrypted, when the RSA key is known. By generating a temporary
++ RSA key inside the server application that is lost when the application
++ is left, it becomes impossible for an attacker to decrypt past sessions,
++ even if he gets hold of the normal (certified) RSA key, as this key was
++ used for signing only. The downside is that creating a RSA key is
++ computationally expensive.
++ 
++ Additionally, the use of ephemeral RSA key exchange is only allowed in
++ the TLS standard, when the RSA key can be used for signing only, that is
++ for export ciphers. Using ephemeral RSA key exchange for other purposes
++ violates the standard and can break interoperability with clients.
++ It is therefore strongly recommended to not use ephemeral RSA key
++ exchange and use EDH (Ephemeral Diffie-Hellman) key exchange instead
++ in order to achieve forward secrecy (see
++ L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>).
++ 
++ On OpenSSL servers ephemeral RSA key exchange is therefore disabled by default
++ and must be explicitly enabled  using the SSL_OP_EPHEMERAL_RSA option of
++ L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, violating the TLS/SSL
++ standard. When ephemeral RSA key exchange is required for export ciphers,
++ it will automatically be used without this option!
++ 
++ An application may either directly specify the key or can supply the key via
++ a callback function. The callback approach has the advantage, that the
++ callback may generate the key only in case it is actually needed. As the
++ generation of a RSA key is however costly, it will lead to a significant
++ delay in the handshake procedure.  Another advantage of the callback function
++ is that it can supply keys of different size (e.g. for SSL_OP_EPHEMERAL_RSA
++ usage) while the explicit setting of the key is only useful for key size of
++ 512 bits to satisfy the export restricted ciphers and does give away key length
++ if a longer key would be allowed.
++ 
++ The B<tmp_rsa_callback> is called with the B<keylength> needed and
++ the B<is_export> information. The B<is_export> flag is set, when the
++ ephemeral RSA key exchange is performed with an export cipher.
++ 
++ =head1 EXAMPLES
++ 
++ Generate temporary RSA keys to prepare ephemeral RSA key exchange. As the
++ generation of a RSA key costs a lot of computer time, they saved for later
++ reuse. For demonstration purposes, two keys for 512 bits and 1024 bits
++ respectively are generated.
++ 
++  ...
++  /* Set up ephemeral RSA stuff */
++  RSA *rsa_512 = NULL;
++  RSA *rsa_1024 = NULL;
++ 
++  rsa_512 = RSA_generate_key(512,RSA_F4,NULL,NULL);
++  if (rsa_512 == NULL)
++      evaluate_error_queue();
++ 
++  rsa_1024 = RSA_generate_key(1024,RSA_F4,NULL,NULL);
++  if (rsa_1024 == NULL)
++    evaluate_error_queue();
++ 
++  ...
++ 
++  RSA *tmp_rsa_callback(SSL *s, int is_export, int keylength)
++  {
++     RSA *rsa_tmp=NULL;
++ 
++     switch (keylength) {
++     case 512:
++       if (rsa_512)
++         rsa_tmp = rsa_512;
++       else { /* generate on the fly, should not happen in this example */
++         rsa_tmp = RSA_generate_key(keylength,RSA_F4,NULL,NULL);
++         rsa_512 = rsa_tmp; /* Remember for later reuse */
++       }
++       break;
++     case 1024:
++       if (rsa_1024)
++         rsa_tmp=rsa_1024;
++       else
++         should_not_happen_in_this_example();
++       break;
++     default:
++       /* Generating a key on the fly is very costly, so use what is there */
++       if (rsa_1024)
++         rsa_tmp=rsa_1024;
++       else
++         rsa_tmp=rsa_512; /* Use at least a shorter key */
++     }
++     return(rsa_tmp);
++  }
++ 
++ =head1 RETURN VALUES
++ 
++ SSL_CTX_set_tmp_rsa_callback() and SSL_set_tmp_rsa_callback() do not return
++ diagnostic output.
++ 
++ SSL_CTX_set_tmp_rsa() and SSL_set_tmp_rsa() do return 1 on success and 0
++ on failure. Check the error queue to find out the reason of failure.
++ 
++ SSL_CTX_need_tmp_rsa() and SSL_need_tmp_rsa() return 1 if a temporary
++ RSA key is needed and 0 otherwise.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
++ L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
++ L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
++ L<SSL_new(3)|SSL_new(3)>, L<ciphers(1)|ciphers(1)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	Wed Dec  4 08:30:16 2002
+***************
+*** 59,72 ****
+  
+  B<Server mode:> the server sends a client certificate request to the client.
+  The certificate returned (if any) is checked. If the verification process
+! fails as indicated by B<verify_callback>, the TLS/SSL handshake is
+  immediately terminated with an alert message containing the reason for
+  the verification failure.
+  The behaviour can be controlled by the additional
+  SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags.
+  
+  B<Client mode:> the server certificate is verified. If the verification process
+! fails as indicated by B<verify_callback>, the TLS/SSL handshake is
+  immediately terminated with an alert message containing the reason for
+  the verification failure. If no server certificate is sent, because an
+  anonymous cipher is used, SSL_VERIFY_PEER is ignored.
+--- 59,72 ----
+  
+  B<Server mode:> the server sends a client certificate request to the client.
+  The certificate returned (if any) is checked. If the verification process
+! fails, the TLS/SSL handshake is
+  immediately terminated with an alert message containing the reason for
+  the verification failure.
+  The behaviour can be controlled by the additional
+  SSL_VERIFY_FAIL_IF_NO_PEER_CERT and SSL_VERIFY_CLIENT_ONCE flags.
+  
+  B<Client mode:> the server certificate is verified. If the verification process
+! fails, the TLS/SSL handshake is
+  immediately terminated with an alert message containing the reason for
+  the verification failure. If no server certificate is sent, because an
+  anonymous cipher is used, SSL_VERIFY_PEER is ignored.
+***************
+*** 92,97 ****
+--- 92,106 ----
+  Exactly one of the B<mode> flags SSL_VERIFY_NONE and SSL_VERIFY_PEER must be
+  set at any time.
+  
++ The actual verification procedure is performed either using the built-in
++ verification procedure or using another application provided verification
++ function set with
++ L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>.
++ The following descriptions apply in the case of the built-in procedure. An
++ application provided procedure also has access to the verify depth information
++ and the verify_callback() function, but the way this information is used
++ may be different.
++ 
+  SSL_CTX_set_verify_depth() and SSL_set_verify_depth() set the limit up
+  to which depth certificates in a chain are used during the verification
+  procedure. If the certificate chain is longer than allowed, the certificates
+***************
+*** 226,232 ****
+       * At this point, err contains the last verification error. We can use
+       * it for something special
+       */
+!     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
+      {
+        X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+        printf("issuer= %s\n", buf);
+--- 235,241 ----
+       * At this point, err contains the last verification error. We can use
+       * it for something special
+       */
+!     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
+      {
+        X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+        printf("issuer= %s\n", buf);
+***************
+*** 278,283 ****
+--- 287,293 ----
+  L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+  L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
+  L<SSL_get_peer_certificate(3)|SSL_get_peer_certificate(3)>,
++ L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
+  L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
+  L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_use_certificate.pod	Fri Feb 15 04:36:07 2002
+***************
+*** 149,154 ****
+--- 149,155 ----
+  L<SSL_CTX_load_verify_locations(3)|SSL_CTX_load_verify_locations(3)>,
+  L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
+  L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
++ L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
+  L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_SESSION_free.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_SESSION_free.pod
+*** crypto/openssl/doc/ssl/SSL_SESSION_free.pod	Sun Nov 26 06:38:50 2000
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_SESSION_free.pod	Fri Oct 12 08:29:57 2001
+***************
+*** 16,25 ****
+  the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
+  memory, if the the reference count has reached 0.
+  
+  =head1 RETURN VALUES
+  
+  SSL_SESSION_free() does not provide diagnostic information.
+  
+! L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>
+  
+  =cut
+--- 16,55 ----
+  the B<SSL_SESSION> structure pointed to by B<session> and frees up the allocated
+  memory, if the the reference count has reached 0.
+  
++ =head1 NOTES
++ 
++ SSL_SESSION objects are allocated, when a TLS/SSL handshake operation
++ is successfully completed. Depending on the settings, see
++ L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
++ the SSL_SESSION objects are internally referenced by the SSL_CTX and
++ linked into its session cache. SSL objects may be using the SSL_SESSION object;
++ as a session may be reused, several SSL objects may be using one SSL_SESSION
++ object at the same time. It is therefore crucial to keep the reference
++ count (usage information) correct and not delete a SSL_SESSION object
++ that is still used, as this may lead to program failures due to
++ dangling pointers. These failures may also appear delayed, e.g.
++ when an SSL_SESSION object was completely freed as the reference count
++ incorrectly became 0, but it is still referenced in the internal
++ session cache and the cache list is processed during a
++ L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)> operation.
++ 
++ SSL_SESSION_free() must only be called for SSL_SESSION objects, for
++ which the reference count was explicitly incremented (e.g.
++ by calling SSL_get1_session(), see L<SSL_get_session(3)|SSL_get_session(3)>)
++ or when the SSL_SESSION object was generated outside a TLS handshake
++ operation, e.g. by using L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>.
++ It must not be called on other SSL_SESSION objects, as this would cause
++ incorrect reference counts and therefore program failures.
++ 
+  =head1 RETURN VALUES
+  
+  SSL_SESSION_free() does not provide diagnostic information.
+  
+! =head1 SEE ALSO
+! 
+! L<ssl(3)|ssl(3)>, L<SSL_get_session(3)|SSL_get_session(3)>,
+! L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+! L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+!  L<d2i_SSL_SESSION(3)|d2i_SSL_SESSION(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod
+*** crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod	Mon May 14 05:57:02 2001
+***************
+*** 40,46 ****
+  B<session>.
+  
+  A detailed description for the B<*_get_ex_new_index()> functionality
+! can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
+  The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+  L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+  
+--- 40,46 ----
+  B<session>.
+  
+  A detailed description for the B<*_get_ex_new_index()> functionality
+! can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
+  The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+  L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod
+*** crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_SESSION_get_time.pod	Fri Aug 17 12:38:05 2001
+***************
+*** 58,63 ****
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>,
+! L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>
+  
+  =cut
+--- 58,64 ----
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>,
+! L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+! L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_accept.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_accept.pod
+*** crypto/openssl/doc/ssl/SSL_accept.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_accept.pod	Fri Jul 19 07:07:52 2002
+***************
+*** 37,47 ****
+  condition. When using a buffering BIO, like a BIO pair, data must be written
+  into or retrieved out of the BIO before being able to continue.
+  
+- When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
+- is necessary to call SSL_set_accept_state()
+- before calling SSL_accept() to explicitly switch the B<ssl> to server
+- mode.
+- 
+  =head1 RETURN VALUES
+  
+  The following return values can occur:
+--- 37,42 ----
+***************
+*** 74,79 ****
+--- 69,75 ----
+  L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
+  L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
++ L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+  L<SSL_CTX_new(3)|SSL_CTX_new(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_alert_type_string.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_alert_type_string.pod
+*** crypto/openssl/doc/ssl/SSL_alert_type_string.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_alert_type_string.pod	Thu Sep 13 11:19:39 2001
+***************
+*** 0 ****
+--- 1,228 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long - get textual description of alert information
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  char *SSL_alert_type_string(int value);
++  char *SSL_alert_type_string_long(int value);
++ 
++  char *SSL_alert_desc_string(int value);
++  char *SSL_alert_desc_string_long(int value);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_alert_type_string() returns a one letter string indicating the
++ type of the alert specified by B<value>.
++ 
++ SSL_alert_type_string_long() returns a string indicating the type of the alert
++ specified by B<value>.
++ 
++ SSL_alert_desc_string() returns a two letter string as a short form
++ describing the reason of the alert specified by B<value>.
++ 
++ SSL_alert_desc_string_long() returns a string describing the reason
++ of the alert specified by B<value>.
++ 
++ =head1 NOTES
++ 
++ When one side of an SSL/TLS communication wants to inform the peer about
++ a special situation, it sends an alert. The alert is sent as a special message
++ and does not influence the normal data stream (unless its contents results
++ in the communication being canceled).
++ 
++ A warning alert is sent, when a non-fatal error condition occurs. The
++ "close notify" alert is sent as a warning alert. Other examples for
++ non-fatal errors are certificate errors ("certificate expired",
++ "unsupported certificate"), for which a warning alert may be sent.
++ (The sending party may however decide to send a fatal error.) The
++ receiving side may cancel the connection on reception of a warning
++ alert on it discretion.
++ 
++ Several alert messages must be sent as fatal alert messages as specified
++ by the TLS RFC. A fatal alert always leads to a connection abort.
++ 
++ =head1 RETURN VALUES
++ 
++ The following strings can occur for SSL_alert_type_string() or
++ SSL_alert_type_string_long():
++ 
++ =over 4
++ 
++ =item "W"/"warning"
++ 
++ =item "F"/"fatal"
++ 
++ =item "U"/"unknown"
++ 
++ This indicates that no support is available for this alert type.
++ Probably B<value> does not contain a correct alert message.
++ 
++ =back
++ 
++ The following strings can occur for SSL_alert_desc_string() or
++ SSL_alert_desc_string_long():
++ 
++ =over 4
++ 
++ =item "CN"/"close notify"
++ 
++ The connection shall be closed. This is a warning alert.
++ 
++ =item "UM"/"unexpected message"
++ 
++ An inappropriate message was received. This alert is always fatal
++ and should never be observed in communication between proper
++ implementations.
++ 
++ =item "BM"/"bad record mac"
++ 
++ This alert is returned if a record is received with an incorrect
++ MAC. This message is always fatal.
++ 
++ =item "DF"/"decompression failure"
++ 
++ The decompression function received improper input (e.g. data
++ that would expand to excessive length). This message is always
++ fatal.
++ 
++ =item "HF"/"handshake failure"
++ 
++ Reception of a handshake_failure alert message indicates that the
++ sender was unable to negotiate an acceptable set of security
++ parameters given the options available. This is a fatal error.
++ 
++ =item "NC"/"no certificate"
++ 
++ A client, that was asked to send a certificate, does not send a certificate
++ (SSLv3 only).
++ 
++ =item "BC"/"bad certificate"
++ 
++ A certificate was corrupt, contained signatures that did not
++ verify correctly, etc
++ 
++ =item "UC"/"unsupported certificate"
++ 
++ A certificate was of an unsupported type.
++ 
++ =item "CR"/"certificate revoked"
++ 
++ A certificate was revoked by its signer.
++ 
++ =item "CE"/"certificate expired"
++ 
++ A certificate has expired or is not currently valid.
++ 
++ =item "CU"/"certificate unknown"
++ 
++ Some other (unspecified) issue arose in processing the
++ certificate, rendering it unacceptable.
++ 
++ =item "IP"/"illegal parameter"
++ 
++ A field in the handshake was out of range or inconsistent with
++ other fields. This is always fatal.
++ 
++ =item "DC"/"decryption failed"
++ 
++ A TLSCiphertext decrypted in an invalid way: either it wasn't an
++ even multiple of the block length or its padding values, when
++ checked, weren't correct. This message is always fatal.
++ 
++ =item "RO"/"record overflow"
++ 
++ A TLSCiphertext record was received which had a length more than
++ 2^14+2048 bytes, or a record decrypted to a TLSCompressed record
++ with more than 2^14+1024 bytes. This message is always fatal.
++ 
++ =item "CA"/"unknown CA"
++ 
++ A valid certificate chain or partial chain was received, but the
++ certificate was not accepted because the CA certificate could not
++ be located or couldn't be matched with a known, trusted CA.  This
++ message is always fatal.
++ 
++ =item "AD"/"access denied"
++ 
++ A valid certificate was received, but when access control was
++ applied, the sender decided not to proceed with negotiation.
++ This message is always fatal.
++ 
++ =item "DE"/"decode error"
++ 
++ A message could not be decoded because some field was out of the
++ specified range or the length of the message was incorrect. This
++ message is always fatal.
++ 
++ =item "CY"/"decrypt error"
++ 
++ A handshake cryptographic operation failed, including being
++ unable to correctly verify a signature, decrypt a key exchange,
++ or validate a finished message.
++ 
++ =item "ER"/"export restriction"
++ 
++ A negotiation not in compliance with export restrictions was
++ detected; for example, attempting to transfer a 1024 bit
++ ephemeral RSA key for the RSA_EXPORT handshake method. This
++ message is always fatal.
++ 
++ =item "PV"/"protocol version"
++ 
++ The protocol version the client has attempted to negotiate is
++ recognized, but not supported. (For example, old protocol
++ versions might be avoided for security reasons). This message is
++ always fatal.
++ 
++ =item "IS"/"insufficient security"
++ 
++ Returned instead of handshake_failure when a negotiation has
++ failed specifically because the server requires ciphers more
++ secure than those supported by the client. This message is always
++ fatal.
++ 
++ =item "IE"/"internal error"
++ 
++ An internal error unrelated to the peer or the correctness of the
++ protocol makes it impossible to continue (such as a memory
++ allocation failure). This message is always fatal.
++ 
++ =item "US"/"user canceled"
++ 
++ This handshake is being canceled for some reason unrelated to a
++ protocol failure. If the user cancels an operation after the
++ handshake is complete, just closing the connection by sending a
++ close_notify is more appropriate. This alert should be followed
++ by a close_notify. This message is generally a warning.
++ 
++ =item "NR"/"no renegotiation"
++ 
++ Sent by the client in response to a hello request or by the
++ server in response to a client hello after initial handshaking.
++ Either of these would normally lead to renegotiation; when that
++ is not appropriate, the recipient should respond with this alert;
++ at that point, the original requester can decide whether to
++ proceed with the connection. One case where this would be
++ appropriate would be where a server has spawned a process to
++ satisfy a request; the process might receive security parameters
++ (key length, authentication, etc.) at startup and it might be
++ difficult to communicate changes to these parameters after that
++ point. This message is always a warning.
++ 
++ =item "UK"/"unknown"
++ 
++ This indicates that no description is available for this alert type.
++ Probably B<value> does not contain a correct alert message.
++ 
++ =back
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_clear.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_clear.pod
+*** crypto/openssl/doc/ssl/SSL_clear.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_clear.pod	Wed Feb 27 03:11:18 2002
+***************
+*** 25,30 ****
+--- 25,49 ----
+  or at least L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> was used to
+  set the SSL_SENT_SHUTDOWN state.
+  
++ If a session was closed cleanly, the session object will be kept and all
++ settings corresponding. This explicitly means, that e.g. the special method
++ used during the session will be kept for the next handshake. So if the
++ session was a TLSv1 session, a SSL client object will use a TLSv1 client
++ method for the next handshake and a SSL server object will use a TLSv1
++ server method, even if SSLv23_*_methods were chosen on startup. This
++ will might lead to connection failures (see L<SSL_new(3)|SSL_new(3)>)
++ for a description of the method's properties.
++ 
++ =head1 WARNINGS
++ 
++ SSL_clear() resets the SSL object to allow for another connection. The
++ reset operation however keeps several settings of the last sessions
++ (some of these settings were made automatically during the last
++ handshake). It only makes sense when opening a new session (or reusing
++ an old one) with the same peer that shares these settings.
++ SSL_clear() is not a short form for the sequence
++ L<SSL_free(3)|SSL_free(3)>; L<SSL_new(3)|SSL_new(3)>; .
++ 
+  =head1 RETURN VALUES
+  
+  The following return values can occur:
+***************
+*** 44,49 ****
+  
+  L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>,
+  L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+! L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>
+  
+  =cut
+--- 63,69 ----
+  
+  L<SSL_new(3)|SSL_new(3)>, L<SSL_free(3)|SSL_free(3)>,
+  L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+! L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>, L<ssl(3)|ssl(3)>,
+! L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_connect.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_connect.pod
+*** crypto/openssl/doc/ssl/SSL_connect.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_connect.pod	Fri Jul 19 07:07:52 2002
+***************
+*** 34,44 ****
+  condition. When using a buffering BIO, like a BIO pair, data must be written
+  into or retrieved out of the BIO before being able to continue.
+  
+- When using a generic method (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>), it
+- is necessary to call L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+- before calling SSL_connect() to explicitly switch the B<ssl> to client
+- mode.
+- 
+  =head1 RETURN VALUES
+  
+  The following return values can occur:
+--- 34,39 ----
+***************
+*** 71,76 ****
+--- 66,72 ----
+  L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+  L<SSL_shutdown(3)|SSL_shutdown(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
+  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
++ L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+  L<SSL_CTX_new(3)|SSL_CTX_new(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_do_handshake.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_do_handshake.pod
+*** crypto/openssl/doc/ssl/SSL_do_handshake.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_do_handshake.pod	Fri Jul 19 07:07:52 2002
+***************
+*** 0 ****
+--- 1,75 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_do_handshake - perform a TLS/SSL handshake
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  int SSL_do_handshake(SSL *ssl);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_do_handshake() will wait for a SSL/TLS handshake to take place. If the
++ connection is in client mode, the handshake will be started. The handshake
++ routines may have to be explicitly set in advance using either
++ L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or
++ L<SSL_set_accept_state(3)|SSL_set_accept_state(3)>.
++ 
++ =head1 NOTES
++ 
++ The behaviour of SSL_do_handshake() depends on the underlying BIO.
++ 
++ If the underlying BIO is B<blocking>, SSL_do_handshake() will only return
++ once the handshake has been finished or an error occurred, except for SGC
++ (Server Gated Cryptography). For SGC, SSL_do_handshake() may return with -1,
++ but SSL_get_error() will yield B<SSL_ERROR_WANT_READ/WRITE> and
++ SSL_do_handshake() should be called again.
++ 
++ If the underlying BIO is B<non-blocking>, SSL_do_handshake() will also return
++ when the underlying BIO could not satisfy the needs of SSL_do_handshake()
++ to continue the handshake. In this case a call to SSL_get_error() with the
++ return value of SSL_do_handshake() will yield B<SSL_ERROR_WANT_READ> or
++ B<SSL_ERROR_WANT_WRITE>. The calling process then must repeat the call after
++ taking appropriate action to satisfy the needs of SSL_do_handshake().
++ The action depends on the underlying BIO. When using a non-blocking socket,
++ nothing is to be done, but select() can be used to check for the required
++ condition. When using a buffering BIO, like a BIO pair, data must be written
++ into or retrieved out of the BIO before being able to continue.
++ 
++ =head1 RETURN VALUES
++ 
++ The following return values can occur:
++ 
++ =over 4
++ 
++ =item 1
++ 
++ The TLS/SSL handshake was successfully completed, a TLS/SSL connection has been
++ established.
++ 
++ =item 0
++ 
++ The TLS/SSL handshake was not successful but was shut down controlled and
++ by the specifications of the TLS/SSL protocol. Call SSL_get_error() with the
++ return value B<ret> to find out the reason.
++ 
++ =item E<lt>0
++ 
++ The TLS/SSL handshake was not successful because a fatal error occurred either
++ at the protocol level or a connection failure occurred. The shutdown was
++ not clean. It can also occur of action is need to continue the operation
++ for non-blocking BIOs. Call SSL_get_error() with the return value B<ret>
++ to find out the reason.
++ 
++ =back
++ 
++ =head1 SEE ALSO
++ 
++ L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
++ L<SSL_accept(3)|SSL_accept(3)>, L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>,
++ L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod
+*** crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_SSL_CTX.pod	Fri Aug 17 11:56:30 2001
+***************
+*** 0 ****
+--- 1,26 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_get_SSL_CTX - get the SSL_CTX from which an SSL is created
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  SSL_CTX *SSL_get_SSL_CTX(SSL *ssl);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_get_SSL_CTX() returns a pointer to the SSL_CTX object, from which
++ B<ssl> was created with L<SSL_new(3)|SSL_new(3)>.
++ 
++ =head1 RETURN VALUES
++ 
++ The pointer to the SSL_CTX object is returned.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod
+*** crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_client_CA_list.pod	Fri Feb 15 04:36:08 2002
+***************
+*** 47,52 ****
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>,
+! L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>
+  
+  =cut
+--- 47,53 ----
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>,
+! L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
+! L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_get_default_timeout.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod
+*** crypto/openssl/doc/ssl/SSL_get_default_timeout.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_default_timeout.pod	Fri Aug 17 12:38:06 2001
+***************
+*** 0 ****
+--- 1,41 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_get_default_timeout - get default session timeout value
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  long SSL_get_default_timeout(SSL *ssl);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_get_default_timeout() returns the default timeout value assigned to
++ SSL_SESSION objects negotiated for the protocol valid for B<ssl>.
++ 
++ =head1 NOTES
++ 
++ Whenever a new session is negotiated, it is assigned a timeout value,
++ after which it will not be accepted for session reuse. If the timeout
++ value was not explicitly set using
++ L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>, the hardcoded default
++ timeout for the protocol will be used.
++ 
++ SSL_get_default_timeout() return this hardcoded value, which is 300 seconds
++ for all currently supported protocols (SSLv2, SSLv3, and TLSv1).
++ 
++ =head1 RETURN VALUES
++ 
++ See description.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>,
++ L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
++ L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
++ L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
++ L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_get_error.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_error.pod
+*** crypto/openssl/doc/ssl/SSL_get_error.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_error.pod	Mon Jul 29 08:34:47 2002
+***************
+*** 13,19 ****
+  =head1 DESCRIPTION
+  
+  SSL_get_error() returns a result code (suitable for the C "switch"
+! statement) for a preceding call to SSL_connect(), SSL_accept(),
+  SSL_read(), SSL_peek(), or SSL_write() on B<ssl>.  The value returned by
+  that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
+  B<ret>.
+--- 13,19 ----
+  =head1 DESCRIPTION
+  
+  SSL_get_error() returns a result code (suitable for the C "switch"
+! statement) for a preceding call to SSL_connect(), SSL_accept(), SSL_do_handshake(),
+  SSL_read(), SSL_peek(), or SSL_write() on B<ssl>.  The value returned by
+  that TLS/SSL I/O function must be passed to SSL_get_error() in parameter
+  B<ret>.
+***************
+*** 68,73 ****
+--- 68,84 ----
+  to read data.  This is mainly because TLS/SSL handshakes may occur at any
+  time during the protocol (initiated by either the client or the server);
+  SSL_read(), SSL_peek(), and SSL_write() will handle any pending handshakes.
++ 
++ =item SSL_ERROR_WANT_CONNECT, SSL_ERROR_WANT_ACCEPT
++ 
++ The operation did not complete; the same TLS/SSL I/O function should be
++ called again later. The underlying BIO was not connected yet to the peer
++ and the call would block in connect()/accept(). The SSL function should be
++ called again when the connection is established. These messages can only
++ appear with a BIO_s_connect() or BIO_s_accept() BIO, respectively.
++ In order to find out, when the connection has been successfully established,
++ on many platforms select() or poll() for writing on the socket file descriptor
++ can be used.
+  
+  =item SSL_ERROR_WANT_X509_LOOKUP
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod
+*** crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod	Mon May 14 05:57:03 2001
+***************
+*** 40,46 ****
+  B<ssl>.
+  
+  A detailed description for the B<*_get_ex_new_index()> functionality
+! can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
+  The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+  L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+  
+--- 40,46 ----
+  B<ssl>.
+  
+  A detailed description for the B<*_get_ex_new_index()> functionality
+! can be found in L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>.
+  The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+  L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod
+*** crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_peer_certificate.pod	Thu Sep 13 11:19:39 2001
+***************
+*** 17,22 ****
+--- 17,28 ----
+  
+  =head1 NOTES
+  
++ Due to the protocol definition, a TLS/SSL server will always send a
++ certificate, if present. A client will only send a certificate when
++ explicitly requested to do so by the server (see
++ L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>). If an anonymous cipher
++ is used, no certificates are sent.
++ 
+  That a certificate is returned does not indicate information about the
+  verification state, use L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
+  to check the verification state.
+***************
+*** 43,48 ****
+  
+  =head1 SEE ALSO
+  
+! L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>
+  
+  =cut
+--- 49,55 ----
+  
+  =head1 SEE ALSO
+  
+! L<ssl(3)|ssl(3)>, L<SSL_get_verify_result(3)|SSL_get_verify_result(3)>,
+! L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_get_session.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_session.pod
+*** crypto/openssl/doc/ssl/SSL_get_session.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_session.pod	Mon Nov 19 06:12:30 2001
+***************
+*** 37,44 ****
+  during L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>.
+  
+  If the data is to be kept, SSL_get1_session() will increment the reference
+! count and the session will stay in memory until explicitly freed with
+! L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>, regardless of its state.
+  
+  =head1 RETURN VALUES
+  
+--- 37,52 ----
+  during L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>.
+  
+  If the data is to be kept, SSL_get1_session() will increment the reference
+! count, so that the session will not be implicitly removed by other operations
+! but stays in memory. In order to remove the session
+! L<SSL_SESSION_free(3)|SSL_SESSION_free(3)> must be explicitly called once
+! to decrement the reference count again.
+! 
+! SSL_SESSION objects keep internal link information about the session cache
+! list, when being inserted into one SSL_CTX object's session cache.
+! One SSL_SESSION object, regardless of its reference count, must therefore
+! only be used with one SSL_CTX object (and the SSL objects created
+! from this SSL_CTX object).
+  
+  =head1 RETURN VALUES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_new.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_new.pod
+*** crypto/openssl/doc/ssl/SSL_new.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_new.pod	Fri Aug 17 11:56:30 2001
+***************
+*** 38,43 ****
+--- 38,44 ----
+  
+  L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+  L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
++ L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
+  L<ssl(3)|ssl(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_read.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_read.pod
+*** crypto/openssl/doc/ssl/SSL_read.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_read.pod	Thu Sep 13 11:19:39 2001
+***************
+*** 25,35 ****
+  underlying BIO. 
+  
+  For the transparent negotiation to succeed, the B<ssl> must have been
+! initialized to client or server mode. This is not the case if a generic
+! method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
+  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
+! must be used before the first call to an SSL_read() or
+! L<SSL_write(3)|SSL_write(3)> function.
+  
+  If the underlying BIO is B<blocking>, SSL_read() will only return, once the
+  read operation has been finished or an error occurred, except when a
+--- 25,49 ----
+  underlying BIO. 
+  
+  For the transparent negotiation to succeed, the B<ssl> must have been
+! initialized to client or server mode. This is being done by calling
+  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
+! before the first call to an SSL_read() or L<SSL_write(3)|SSL_write(3)>
+! function.
+! 
+! SSL_read() works based on the SSL/TLS records. The data are received in
+! records (with a maximum record size of 16kB for SSLv3/TLSv1). Only when a
+! record has been completely received, it can be processed (decryption and
+! check of integrity). Therefore data that was not retrieved at the last
+! call of SSL_read() can still be buffered inside the SSL layer and will be
+! retrieved on the next call to SSL_read(). If B<num> is higher than the
+! number of bytes buffered, SSL_read() will return with the bytes buffered.
+! If no more bytes are in the buffer, SSL_read() will trigger the processing
+! of the next record. Only when the record has been received and processed
+! completely, SSL_read() will return reporting success. At most the contents
+! of the record will be returned. As the size of an SSL/TLS record may exceed
+! the maximum packet size of the underlying transport (e.g. TCP), it may
+! be necessary to read several packets from the transport layer before the
+! record is complete and SSL_read() can succeed.
+  
+  If the underlying BIO is B<blocking>, SSL_read() will only return, once the
+  read operation has been finished or an error occurred, except when a
+***************
+*** 69,77 ****
+  
+  =item 0
+  
+! The read operation was not successful, probably because no data was
+! available. Call SSL_get_error() with the return value B<ret> to find out,
+! whether an error occurred.
+  
+  =item E<lt>0
+  
+--- 83,102 ----
+  
+  =item 0
+  
+! The read operation was not successful. The reason may either be a clean
+! shutdown due to a "close notify" alert sent by the peer (in which case
+! the SSL_RECEIVED_SHUTDOWN flag in the ssl shutdown state is set
+! (see L<SSL_shutdown(3)|SSL_shutdown(3)>,
+! L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>). It is also possible, that
+! the peer simply shut down the underlying transport and the shutdown is
+! incomplete. Call SSL_get_error() with the return value B<ret> to find out,
+! whether an error occurred or the connection was shut down cleanly
+! (SSL_ERROR_ZERO_RETURN).
+! 
+! SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
+! only be detected, whether the underlying connection was closed. It cannot
+! be checked, whether the closure was initiated by the peer or by something
+! else.
+  
+  =item E<lt>0
+  
+***************
+*** 87,92 ****
+--- 112,118 ----
+  L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
+  L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>
+  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
++ L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+  L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_rstate_string.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_rstate_string.pod
+*** crypto/openssl/doc/ssl/SSL_rstate_string.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_rstate_string.pod	Thu Aug 23 14:50:15 2001
+***************
+*** 0 ****
+--- 1,59 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_rstate_string, SSL_rstate_string_long - get textual description of state of an SSL object during read operation
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  char *SSL_rstate_string(SSL *ssl);
++  char *SSL_rstate_string_long(SSL *ssl);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_rstate_string() returns a 2 letter string indicating the current read state
++ of the SSL object B<ssl>.
++ 
++ SSL_rstate_string_long() returns a string indicating the current read state of
++ the SSL object B<ssl>.
++ 
++ =head1 NOTES
++ 
++ When performing a read operation, the SSL/TLS engine must parse the record,
++ consisting of header and body. When working in a blocking environment,
++ SSL_rstate_string[_long]() should always return "RD"/"read done".
++ 
++ This function should only seldom be needed in applications.
++ 
++ =head1 RETURN VALUES
++ 
++ SSL_rstate_string() and SSL_rstate_string_long() can return the following
++ values:
++ 
++ =over 4
++ 
++ =item "RH"/"read header"
++ 
++ The header of the record is being evaluated.
++ 
++ =item "RB"/"read body"
++ 
++ The body of the record is being evaluated.
++ 
++ =item "RD"/"read done"
++ 
++ The record has been completely processed.
++ 
++ =item "unknown"/"unknown"
++ 
++ The read state is unknown. This should never happen.
++ 
++ =back
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_session_reused.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_session_reused.pod
+*** crypto/openssl/doc/ssl/SSL_session_reused.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_session_reused.pod	Fri Jul 20 14:58:25 2001
+***************
+*** 0 ****
+--- 1,45 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_session_reused - query whether a reused session was negotiated during handshake
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  int SSL_session_reused(SSL *ssl);
++ 
++ =head1 DESCRIPTION
++ 
++ Query, whether a reused session was negotiated during the handshake.
++ 
++ =head1 NOTES
++ 
++ During the negotiation, a client can propose to reuse a session. The server
++ then looks up the session in its cache. If both client and server agree
++ on the session, it will be reused and a flag is being set that can be
++ queried by the application.
++ 
++ =head1 RETURN VALUES
++ 
++ The following return values can occur:
++ 
++ =over 4
++ 
++ =item 0
++ 
++ A new session was negotiated.
++ 
++ =item 1
++ 
++ A session was reused.
++ 
++ =back
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
++ L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_set_connect_state.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_set_connect_state.pod
+*** crypto/openssl/doc/ssl/SSL_set_connect_state.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_set_connect_state.pod	Fri Jul 19 07:07:53 2002
+***************
+*** 14,22 ****
+  
+  =head1 DESCRIPTION
+  
+! SSL_set_connect_state() B<ssl> to work in client mode.
+  
+! SSL_set_accept_state() B<ssl> to work in server mode.
+  
+  =head1 NOTES
+  
+--- 14,22 ----
+  
+  =head1 DESCRIPTION
+  
+! SSL_set_connect_state() sets B<ssl> to work in client mode.
+  
+! SSL_set_accept_state() sets B<ssl> to work in server mode.
+  
+  =head1 NOTES
+  
+***************
+*** 27,38 ****
+  L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
+  SSL_set_ssl_method().)
+  
+! In order to successfully accomplish the handshake, the SSL routines need
+! to know whether they should act in server or client mode. If the generic
+! method was used, this is not clear from the method itself and must be set
+! with either SSL_set_connect_state() or SSL_set_accept_state(). If these
+! routines are not called, the default value set when L<SSL_new(3)|SSL_new(3)>
+! is called is server mode.
+  
+  =head1 RETURN VALUES
+  
+--- 27,43 ----
+  L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)> or
+  SSL_set_ssl_method().)
+  
+! When beginning a new handshake, the SSL engine must know whether it must
+! call the connect (client) or accept (server) routines. Even though it may
+! be clear from the method chosen, whether client or server mode was
+! requested, the handshake routines must be explicitly set.
+! 
+! When using the L<SSL_connect(3)|SSL_connect(3)> or
+! L<SSL_accept(3)|SSL_accept(3)> routines, the correct handshake
+! routines are automatically set. When performing a transparent negotiation
+! using L<SSL_write(3)|SSL_write(3)> or L<SSL_read(3)|SSL_read(3)>, the
+! handshake routines must be explicitly set in advance using either
+! SSL_set_connect_state() or SSL_set_accept_state().
+  
+  =head1 RETURN VALUES
+  
+***************
+*** 42,47 ****
+--- 47,55 ----
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>, L<SSL_new(3)|SSL_new(3)>, L<SSL_CTX_new(3)|SSL_CTX_new(3)>,
++ L<SSL_connect(3)|SSL_connect(3)>, L<SSL_accept(3)|SSL_accept(3)>,
++ L<SSL_write(3)|SSL_write(3)>, L<SSL_read(3)|SSL_read(3)>,
++ L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
+  L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_set_session.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_set_session.pod
+*** crypto/openssl/doc/ssl/SSL_set_session.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_set_session.pod	Fri Oct 12 08:29:57 2001
+***************
+*** 16,27 ****
+  is to be established. SSL_set_session() is only useful for TLS/SSL clients.
+  When the session is set, the reference count of B<session> is incremented
+  by 1. If the session is not reused, the reference count is decremented
+! again during SSL_connect().
+  
+  If there is already a session set inside B<ssl> (because it was set with
+  SSL_set_session() before or because the same B<ssl> was already used for
+  a connection), SSL_SESSION_free() will be called for that session.
+  
+  =head1 RETURN VALUES
+  
+  The following return values can occur:
+--- 16,36 ----
+  is to be established. SSL_set_session() is only useful for TLS/SSL clients.
+  When the session is set, the reference count of B<session> is incremented
+  by 1. If the session is not reused, the reference count is decremented
+! again during SSL_connect(). Whether the session was reused can be queried
+! with the L<SSL_session_reused(3)|SSL_session_reused(3)> call.
+  
+  If there is already a session set inside B<ssl> (because it was set with
+  SSL_set_session() before or because the same B<ssl> was already used for
+  a connection), SSL_SESSION_free() will be called for that session.
+  
++ =head1 NOTES
++ 
++ SSL_SESSION objects keep internal link information about the session cache
++ list, when being inserted into one SSL_CTX object's session cache.
++ One SSL_SESSION object, regardless of its reference count, must therefore
++ only be used with one SSL_CTX object (and the SSL objects created
++ from this SSL_CTX object).
++ 
+  =head1 RETURN VALUES
+  
+  The following return values can occur:
+***************
+*** 41,46 ****
+--- 50,57 ----
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
++ L<SSL_get_session(3)|SSL_get_session(3)>,
++ L<SSL_session_reused(3)|SSL_session_reused(3)>,
+  L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_set_shutdown.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_set_shutdown.pod
+*** crypto/openssl/doc/ssl/SSL_set_shutdown.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_set_shutdown.pod	Mon Aug 20 10:35:16 2001
+***************
+*** 46,52 ****
+  the ssl session. If the session is still open, when
+  L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called,
+  it is considered bad and removed according to RFC2246.
+! The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN.
+  SSL_set_shutdown() can be used to set this state without sending a
+  close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>).
+  
+--- 46,55 ----
+  the ssl session. If the session is still open, when
+  L<SSL_clear(3)|SSL_clear(3)> or L<SSL_free(3)|SSL_free(3)> is called,
+  it is considered bad and removed according to RFC2246.
+! The actual condition for a correctly closed session is SSL_SENT_SHUTDOWN
+! (according to the TLS RFC, it is acceptable to only send the "close notify"
+! alert but to not wait for the peer's answer, when the underlying connection
+! is closed).
+  SSL_set_shutdown() can be used to set this state without sending a
+  close alert to the peer (see L<SSL_shutdown(3)|SSL_shutdown(3)>).
+  
+***************
+*** 63,68 ****
+--- 66,72 ----
+  =head1 SEE ALSO
+  
+  L<ssl(3)|ssl(3)>, L<SSL_shutdown(3)|SSL_shutdown(3)>,
++ L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+  L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_shutdown.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_shutdown.pod
+*** crypto/openssl/doc/ssl/SSL_shutdown.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_shutdown.pod	Mon Aug 20 10:35:16 2001
+***************
+*** 22,31 ****
+  a currently open session is considered closed and good and will be kept in the
+  session cache for further reuse.
+  
+! The behaviour of SSL_shutdown() depends on the underlying BIO. 
+  
+  If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
+! handshake has been finished or an error occurred.
+  
+  If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return
+  when the underlying BIO could not satisfy the needs of SSL_shutdown()
+--- 22,73 ----
+  a currently open session is considered closed and good and will be kept in the
+  session cache for further reuse.
+  
+! The shutdown procedure consists of 2 steps: the sending of the "close notify"
+! shutdown alert and the reception of the peer's "close notify" shutdown
+! alert. According to the TLS standard, it is acceptable for an application
+! to only send its shutdown alert and then close the underlying connection
+! without waiting for the peer's response (this way resources can be saved,
+! as the process can already terminate or serve another connection).
+! When the underlying connection shall be used for more communications, the
+! complete shutdown procedure (bidirectional "close notify" alerts) must be
+! performed, so that the peers stay synchronized.
+! 
+! SSL_shutdown() supports both uni- and bidirectional shutdown by its 2 step
+! behaviour.
+! 
+! =over 4
+! 
+! =item When the application is the first party to send the "close notify"
+! alert, SSL_shutdown() will only send the alert and the set the
+! SSL_SENT_SHUTDOWN flag (so that the session is considered good and will
+! be kept in cache). SSL_shutdown() will then return with 0. If a unidirectional
+! shutdown is enough (the underlying connection shall be closed anyway), this
+! first call to SSL_shutdown() is sufficient. In order to complete the
+! bidirectional shutdown handshake, SSL_shutdown() must be called again.
+! The second call will make SSL_shutdown() wait for the peer's "close notify"
+! shutdown alert. On success, the second call to SSL_shutdown() will return
+! with 1.
+! 
+! =item If the peer already sent the "close notify" alert B<and> it was
+! already processed implicitly inside another function
+! (L<SSL_read(3)|SSL_read(3)>), the SSL_RECEIVED_SHUTDOWN flag is set.
+! SSL_shutdown() will send the "close notify" alert, set the SSL_SENT_SHUTDOWN
+! flag and will immediately return with 1.
+! Whether SSL_RECEIVED_SHUTDOWN is already set can be checked using the
+! SSL_get_shutdown() (see also L<SSL_set_shutdown(3)|SSL_set_shutdown(3)> call.
+! 
+! =back
+! 
+! It is therefore recommended, to check the return value of SSL_shutdown()
+! and call SSL_shutdown() again, if the bidirectional shutdown is not yet
+! complete (return value of the first call is 0). As the shutdown is not
+! specially handled in the SSLv2 protocol, SSL_shutdown() will succeed on
+! the first call.
+! 
+! The behaviour of SSL_shutdown() additionally depends on the underlying BIO. 
+  
+  If the underlying BIO is B<blocking>, SSL_shutdown() will only return once the
+! handshake step has been finished or an error occurred.
+  
+  If the underlying BIO is B<non-blocking>, SSL_shutdown() will also return
+  when the underlying BIO could not satisfy the needs of SSL_shutdown()
+***************
+*** 38,43 ****
+--- 80,91 ----
+  condition. When using a buffering BIO, like a BIO pair, data must be written
+  into or retrieved out of the BIO before being able to continue.
+  
++ SSL_shutdown() can be modified to only set the connection to "shutdown"
++ state but not actually send the "close notify" alert messages,
++ see L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>.
++ When "quiet shutdown" is enabled, SSL_shutdown() will always succeed
++ and return 1.
++ 
+  =head1 RETURN VALUES
+  
+  The following return values can occur:
+***************
+*** 46,64 ****
+  
+  =item 1
+  
+! The shutdown was successfully completed.
+  
+  =item 0
+  
+! The shutdown was not successful. Call SSL_get_error() with the return
+! value B<ret> to find out the reason.
+  
+  =item -1
+  
+  The shutdown was not successful because a fatal error occurred either
+! at the protocol level or a connection failure occurred. It can also occur of
+  action is need to continue the operation for non-blocking BIOs.
+! Call SSL_get_error() with the return value B<ret> to find out the reason.
+  
+  =back
+  
+--- 94,116 ----
+  
+  =item 1
+  
+! The shutdown was successfully completed. The "close notify" alert was sent
+! and the peer's "close notify" alert was received.
+  
+  =item 0
+  
+! The shutdown is not yet finished. Call SSL_shutdown() for a second time,
+! if a bidirectional shutdown shall be performed.
+! The output of L<SSL_get_error(3)|SSL_get_error(3)> may be misleading, as an
+! erroneous SSL_ERROR_SYSCALL may be flagged even though no error occurred.
+  
+  =item -1
+  
+  The shutdown was not successful because a fatal error occurred either
+! at the protocol level or a connection failure occurred. It can also occur if
+  action is need to continue the operation for non-blocking BIOs.
+! Call L<SSL_get_error(3)|SSL_get_error(3)> with the return value B<ret>
+! to find out the reason.
+  
+  =back
+  
+***************
+*** 66,72 ****
+  
+  L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
+  L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+! L<SSL_clear(3)|SSL_clear(3), L<SSL_free(3)|SSL_free(3)>,
+  L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+  
+  =cut
+--- 118,125 ----
+  
+  L<SSL_get_error(3)|SSL_get_error(3)>, L<SSL_connect(3)|SSL_connect(3)>,
+  L<SSL_accept(3)|SSL_accept(3)>, L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+! L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+! L<SSL_clear(3)|SSL_clear(3)>, L<SSL_free(3)|SSL_free(3)>,
+  L<ssl(3)|ssl(3)>, L<bio(3)|bio(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_state_string.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_state_string.pod
+*** crypto/openssl/doc/ssl/SSL_state_string.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_state_string.pod	Fri Aug 24 10:31:36 2001
+***************
+*** 0 ****
+--- 1,45 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_state_string, SSL_state_string_long - get textual description of state of an SSL object
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  char *SSL_state_string(SSL *ssl);
++  char *SSL_state_string_long(SSL *ssl);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_state_string() returns a 6 letter string indicating the current state
++ of the SSL object B<ssl>.
++ 
++ SSL_state_string_long() returns a string indicating the current state of
++ the SSL object B<ssl>.
++ 
++ =head1 NOTES
++ 
++ During its use, an SSL objects passes several states. The state is internally
++ maintained. Querying the state information is not very informative before
++ or when a connection has been established. It however can be of significant
++ interest during the handshake.
++ 
++ When using non-blocking sockets, the function call performing the handshake
++ may return with SSL_ERROR_WANT_READ or SSL_ERROR_WANT_WRITE condition,
++ so that SSL_state_string[_long]() may be called.
++ 
++ For both blocking or non-blocking sockets, the details state information
++ can be used within the info_callback function set with the
++ SSL_set_info_callback() call.
++ 
++ =head1 RETURN VALUES
++ 
++ Detailed description of possible states to be included later.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_want.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_want.pod
+*** crypto/openssl/doc/ssl/SSL_want.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_want.pod	Fri Aug 17 10:34:43 2001
+***************
+*** 0 ****
+--- 1,77 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup - obtain state information TLS/SSL I/O operation
++ 
++ =head1 SYNOPSIS
++ 
++  #include <openssl/ssl.h>
++ 
++  int SSL_want(SSL *ssl);
++  int SSL_want_nothing(SSL *ssl);
++  int SSL_want_read(SSL *ssl);
++  int SSL_want_write(SSL *ssl);
++  int SSL_want_x509_lookup(SSL *ssl);
++ 
++ =head1 DESCRIPTION
++ 
++ SSL_want() returns state information for the SSL object B<ssl>.
++ 
++ The other SSL_want_*() calls are shortcuts for the possible states returned
++ by SSL_want().
++ 
++ =head1 NOTES
++ 
++ SSL_want() examines the internal state information of the SSL object. Its
++ return values are similar to that of L<SSL_get_error(3)|SSL_get_error(3)>.
++ Unlike L<SSL_get_error(3)|SSL_get_error(3)>, which also evaluates the
++ error queue, the results are obtained by examining an internal state flag
++ only. The information must therefore only be used for normal operation under
++ non-blocking I/O. Error conditions are not handled and must be treated
++ using L<SSL_get_error(3)|SSL_get_error(3)>.
++ 
++ The result returned by SSL_want() should always be consistent with
++ the result of L<SSL_get_error(3)|SSL_get_error(3)>.
++ 
++ =head1 RETURN VALUES
++ 
++ The following return values can currently occur for SSL_want():
++ 
++ =over 4
++ 
++ =item SSL_NOTHING
++ 
++ There is no data to be written or to be read.
++ 
++ =item SSL_WRITING
++ 
++ There are data in the SSL buffer that must be written to the underlying
++ B<BIO> layer in order to complete the actual SSL_*() operation.
++ A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
++ SSL_ERROR_WANT_WRITE.
++ 
++ =item SSL_READING
++ 
++ More data must be read from the underlying B<BIO> layer in order to
++ complete the actual SSL_*() operation.
++ A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
++ SSL_ERROR_WANT_READ.
++ 
++ =item SSL_X509_LOOKUP
++ 
++ The operation did not complete because an application callback set by
++ SSL_CTX_set_client_cert_cb() has asked to be called again.
++ A call to L<SSL_get_error(3)|SSL_get_error(3)> should return
++ SSL_ERROR_WANT_X509_LOOKUP.
++ 
++ =back
++ 
++ SSL_want_nothing(), SSL_want_read(), SSL_want_write(), SSL_want_x509_lookup()
++ return 1, when the corresponding condition is true or 0 otherwise.
++ 
++ =head1 SEE ALSO
++ 
++ L<ssl(3)|ssl(3)>, L<err(3)|err(3)>, L<SSL_get_error(3)|SSL_get_error(3)>
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_write.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_write.pod
+*** crypto/openssl/doc/ssl/SSL_write.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_write.pod	Fri Jul 19 07:54:37 2002
+***************
+*** 25,35 ****
+  underlying BIO. 
+  
+  For the transparent negotiation to succeed, the B<ssl> must have been
+! initialized to client or server mode. This is not the case if a generic
+! method is being used (see L<SSL_CTX_new(3)|SSL_CTX_new(3)>, so that
+  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
+! must be used before the first call to an L<SSL_read(3)|SSL_read(3)>
+! or SSL_write() function.
+  
+  If the underlying BIO is B<blocking>, SSL_write() will only return, once the
+  write operation has been finished or an error occurred, except when a
+--- 25,33 ----
+  underlying BIO. 
+  
+  For the transparent negotiation to succeed, the B<ssl> must have been
+! initialized to client or server mode. This is being done by calling
+  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)> or SSL_set_accept_state()
+! before the first call to an L<SSL_read(3)|SSL_read(3)> or SSL_write() function.
+  
+  If the underlying BIO is B<blocking>, SSL_write() will only return, once the
+  write operation has been finished or an error occurred, except when a
+***************
+*** 50,61 ****
+--- 48,73 ----
+  for the required condition. When using a buffering BIO, like a BIO pair, data
+  must be written into or retrieved out of the BIO before being able to continue.
+  
++ SSL_write() will only return with success, when the complete contents
++ of B<buf> of length B<num> has been written. This default behaviour
++ can be changed with the SSL_MODE_ENABLE_PARTIAL_WRITE option of
++ L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>. When this flag is set,
++ SSL_write() will also return with success, when a partial write has been
++ successfully completed. In this case the SSL_write() operation is considered
++ completed. The bytes are sent and a new SSL_write() operation with a new
++ buffer (with the already sent bytes removed) must be started.
++ A partial write is performed with the size of a message block, which is
++ 16kB for SSLv3/TLSv1.
++ 
+  =head1 WARNING
+  
+  When an SSL_write() operation has to be repeated because of
+  B<SSL_ERROR_WANT_READ> or B<SSL_ERROR_WANT_WRITE>, it must be repeated
+  with the same arguments.
+  
++ When calling SSL_write() with num=0 bytes to be sent the behaviour is
++ undefined.
++ 
+  =head1 RETURN VALUES
+  
+  The following return values can occur:
+***************
+*** 69,76 ****
+  
+  =item 0
+  
+! The write operation was not successful. Call SSL_get_error() with the return
+! value B<ret> to find out, whether an error occurred.
+  
+  =item E<lt>0
+  
+--- 81,94 ----
+  
+  =item 0
+  
+! The write operation was not successful. Probably the underlying connection
+! was closed. Call SSL_get_error() with the return value B<ret> to find out,
+! whether an error occurred or the connection was shut down cleanly
+! (SSL_ERROR_ZERO_RETURN).
+! 
+! SSLv2 (deprecated) does not support a shutdown alert protocol, so it can
+! only be detected, whether the underlying connection was closed. It cannot
+! be checked, why the closure happened.
+  
+  =item E<lt>0
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod ../RELENG_4_6/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod
+*** crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/d2i_SSL_SESSION.pod	Fri Oct 12 08:29:57 2001
+***************
+*** 30,36 ****
+  a binary ASN1 representation.
+  
+  When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
+! allocated.
+  
+  When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
+  large enough to hold the binary representation of the session. There is no
+--- 30,46 ----
+  a binary ASN1 representation.
+  
+  When using d2i_SSL_SESSION(), the SSL_SESSION object is automatically
+! allocated. The reference count is 1, so that the session must be
+! explicitly removed using L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+! unless the SSL_SESSION object is completely taken over, when being called
+! inside the get_session_cb() (see
+! L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>).
+! 
+! SSL_SESSION objects keep internal link information about the session cache
+! list, when being inserted into one SSL_CTX object's session cache.
+! One SSL_SESSION object, regardless of its reference count, must therefore
+! only be used with one SSL_CTX object (and the SSL objects created
+! from this SSL_CTX object).
+  
+  When using i2d_SSL_SESSION(), the memory location pointed to by B<pp> must be
+  large enough to hold the binary representation of the session. There is no
+***************
+*** 50,56 ****
+  
+  =head1 SEE ALSO
+  
+! L<ssl(3)|ssl(3)>,
+  L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
+  
+  =cut
+--- 60,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<ssl(3)|ssl(3)>, L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+  L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/ssl.pod ../RELENG_4_6/crypto/openssl/doc/ssl/ssl.pod
+*** crypto/openssl/doc/ssl/ssl.pod	Wed Jul  4 19:19:43 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/ssl.pod	Thu Nov 14 16:42:50 2002
+***************
+*** 299,305 ****
+  
+  =item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+  
+! =item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg)
+  
+  =item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+  
+--- 299,305 ----
+  
+  =item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+  
+! =item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(), char *arg)
+  
+  =item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+  
+***************
+*** 347,353 ****
+  
+  long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+  
+! The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+  session instead of a context.
+  
+  =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+--- 347,353 ----
+  
+  long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+  
+! The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
+  session instead of a context.
+  
+  =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+***************
+*** 650,657 ****
+--- 650,659 ----
+  L<SSL_accept(3)|SSL_accept(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+  L<SSL_connect(3)|SSL_connect(3)>,
+  L<SSL_CIPHER_get_name(3)|SSL_CIPHER_get_name(3)>,
++ L<SSL_COMP_add_compression_method(3)|SSL_COMP_add_compression_method(3)>,
+  L<SSL_CTX_add_extra_chain_cert(3)|SSL_CTX_add_extra_chain_cert(3)>,
+  L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
++ L<SSL_CTX_ctrl(3)|SSL_CTX_ctrl(3)>,
+  L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>,
+  L<SSL_CTX_get_ex_new_index(3)|SSL_CTX_get_ex_new_index(3)>,
+  L<SSL_CTX_get_verify_mode(3)|SSL_CTX_get_verify_mode(3)>,
+***************
+*** 661,678 ****
+--- 663,692 ----
+  L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+  L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+  L<SSL_CTX_sessions(3)|SSL_CTX_sessions(3)>,
++ L<SSL_CTX_set_cert_store(3)|SSL_CTX_set_cert_store(3)>,
++ L<SSL_CTX_set_cert_verify_callback(3)|SSL_CTX_set_cert_verify_callback(3)>,
++ L<SSL_CTX_set_cipher_list(3)|SSL_CTX_set_cipher_list(3)>,
+  L<SSL_CTX_set_client_CA_list(3)|SSL_CTX_set_client_CA_list(3)>,
++ L<SSL_CTX_set_client_cert_cb(3)|SSL_CTX_set_client_cert_cb(3)>,
+  L<SSL_CTX_set_default_passwd_cb(3)|SSL_CTX_set_default_passwd_cb(3)>,
++ L<SSL_CTX_set_info_callback(3)|SSL_CTX_set_info_callback(3)>,
+  L<SSL_CTX_set_mode(3)|SSL_CTX_set_mode(3)>,
+  L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
++ L<SSL_CTX_set_quiet_shutdown(3)|SSL_CTX_set_quiet_shutdown(3)>,
+  L<SSL_CTX_set_session_cache_mode(3)|SSL_CTX_set_session_cache_mode(3)>,
+  L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+  L<SSL_CTX_set_ssl_version(3)|SSL_CTX_set_ssl_version(3)>,
+  L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
++ L<SSL_CTX_set_tmp_rsa_callback(3)|SSL_CTX_set_tmp_rsa_callback(3)>,
++ L<SSL_CTX_set_tmp_dh_callback(3)|SSL_CTX_set_tmp_dh_callback(3)>,
+  L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>,
+  L<SSL_CTX_use_certificate(3)|SSL_CTX_use_certificate(3)>,
++ L<SSL_alert_type_string(3)|SSL_alert_type_string(3)>,
++ L<SSL_do_handshake(3)|SSL_do_handshake(3)>,
++ L<SSL_get_SSL_CTX(3)|SSL_get_SSL_CTX(3)>,
+  L<SSL_get_ciphers(3)|SSL_get_ciphers(3)>,
+  L<SSL_get_client_CA_list(3)|SSL_get_client_CA_list(3)>,
++ L<SSL_get_default_timeout(3)|SSL_get_default_timeout(3)>,
+  L<SSL_get_error(3)|SSL_get_error(3)>,
+  L<SSL_get_ex_data_X509_STORE_CTX_idx(3)|SSL_get_ex_data_X509_STORE_CTX_idx(3)>,
+  L<SSL_get_ex_new_index(3)|SSL_get_ex_new_index(3)>,
+***************
+*** 685,696 ****
+  L<SSL_library_init(3)|SSL_library_init(3)>,
+  L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
+  L<SSL_new(3)|SSL_new(3)>,
+! L<SSL_read(3)|SSL_read(3)>, L<SSL_set_bio(3)|SSL_set_bio(3)>,
+  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+! L<SSL_set_fd(3)|SSL_set_fd(3)>, L<SSL_pending(3)|SSL_pending(3)>,
+  L<SSL_set_session(3)|SSL_set_session(3)>,
+  L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+! L<SSL_shutdown(3)|SSL_shutdown(3)>, L<SSL_write(3)|SSL_write(3)>,
+  L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+  L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
+  L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+--- 699,717 ----
+  L<SSL_library_init(3)|SSL_library_init(3)>,
+  L<SSL_load_client_CA_file(3)|SSL_load_client_CA_file(3)>,
+  L<SSL_new(3)|SSL_new(3)>,
+! L<SSL_pending(3)|SSL_pending(3)>,
+! L<SSL_read(3)|SSL_read(3)>,
+! L<SSL_rstate_string(3)|SSL_rstate_string(3)>,
+! L<SSL_session_reused(3)|SSL_session_reused(3)>,
+! L<SSL_set_bio(3)|SSL_set_bio(3)>,
+  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>,
+! L<SSL_set_fd(3)|SSL_set_fd(3)>,
+  L<SSL_set_session(3)|SSL_set_session(3)>,
+  L<SSL_set_shutdown(3)|SSL_set_shutdown(3)>,
+! L<SSL_shutdown(3)|SSL_shutdown(3)>,
+! L<SSL_state_string(3)|SSL_state_string(3)>,
+! L<SSL_want(3)|SSL_want(3)>,
+! L<SSL_write(3)|SSL_write(3)>,
+  L<SSL_SESSION_free(3)|SSL_SESSION_free(3)>,
+  L<SSL_SESSION_get_ex_new_index(3)|SSL_SESSION_get_ex_new_index(3)>,
+  L<SSL_SESSION_get_time(3)|SSL_SESSION_get_time(3)>,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl.pod ../RELENG_4_6/crypto/openssl/doc/ssl.pod
+*** crypto/openssl/doc/ssl.pod	Mon Jan 10 01:21:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/ssl.pod	Wed Dec 31 19:00:00 1969
+***************
+*** 1,633 ****
+- 
+- =pod
+- 
+- =head1 NAME
+- 
+- SSL - OpenSSL SSL/TLS library
+- 
+- =head1 SYNOPSIS
+- 
+- =head1 DESCRIPTION
+- 
+- The OpenSSL B<ssl> library implements the Secure Sockets Layer (SSL v2/v3) and
+- Transport Layer Security (TLS v1) protocols. It provides a rich API which is
+- documented here.
+- 
+- =head1 HEADER FILES
+- 
+- Currently the OpenSSL B<ssl> library provides the following C header files
+- containing the prototypes for the data structures and and functions:
+- 
+- =over 4
+- 
+- =item B<ssl.h>
+- 
+- That's the common header file for the SSL/TLS API.  Include it into your
+- program to make the API of the B<ssl> library available. It internally
+- includes both more private SSL headers and headers from the B<crypto> library.
+- Whenever you need hard-core details on the internals of the SSL API, look
+- inside this header file.
+- 
+- =item B<ssl2.h>
+- 
+- That's the sub header file dealing with the SSLv2 protocol only.
+- I<Usually you don't have to include it explicitly because
+- it's already included by ssl.h>.
+- 
+- =item B<ssl3.h>
+- 
+- That's the sub header file dealing with the SSLv3 protocol only.
+- I<Usually you don't have to include it explicitly because
+- it's already included by ssl.h>.
+- 
+- =item B<ssl23.h>
+- 
+- That's the sub header file dealing with the combined use of the SSLv2 and
+- SSLv3 protocols.
+- I<Usually you don't have to include it explicitly because
+- it's already included by ssl.h>.
+- 
+- =item B<tls1.h>
+- 
+- That's the sub header file dealing with the TLSv1 protocol only.
+- I<Usually you don't have to include it explicitly because
+- it's already included by ssl.h>.
+- 
+- =back
+- 
+- =head1 DATA STRUCTURES
+- 
+- Currently the OpenSSL B<ssl> library functions deals with the following data
+- structures:
+- 
+- =over 4
+- 
+- =item B<SSL_METHOD> (SSL Method)
+- 
+- That's a dispatch structure describing the internal B<ssl> library
+- methods/functions which implement the various protocol versions (SSLv1, SSLv2
+- and TLSv1). It's needed to create an B<SSL_CTX>.
+- 
+- =item B<SSL_CIPHER> (SSL Cipher)
+- 
+- This structure holds the algorithm information for a particular cipher which
+- are a core part of the SSL/TLS protocol. The available ciphers are configured
+- on a B<SSL_CTX> basis and the actually used ones are then part of the
+- B<SSL_SESSION>.
+- 
+- =item B<SSL_CTX> (SSL Context)
+- 
+- That's the global context structure which is created by a server or client
+- once per program life-time and which holds mainly default values for the
+- B<SSL> structures which are later created for the connections.
+- 
+- =item B<SSL_SESSION> (SSL Session)
+- 
+- This is a structure containing the current SSL session details for a
+- connection: B<SSL_CIPHER>s, client and server certificates, keys, etc.
+- 
+- =item B<SSL> (SSL Connection)
+- 
+- That's the main SSL/TLS structure which is created by a server or client per
+- established connection. This actually is the core structure in the SSL API.
+- Under run-time the application usually deals with this structure which has
+- links to mostly all other structures.
+- 
+- =back
+- 
+- =head1 API FUNCTIONS
+- 
+- Currently the OpenSSL B<ssl> library exports 214 API functions.
+- They are documented in the following:
+- 
+- =head2 DEALING WITH PROTOCOL METHODS
+- 
+- Here we document the various API functions which deal with the SSL/TLS
+- protocol methods defined in B<SSL_METHOD> structures.
+- 
+- =over 4
+- 
+- =item SSL_METHOD *B<SSLv2_client_method>(void);
+- 
+- Constructor for the SSLv2 SSL_METHOD structure for a dedicated client.
+- 
+- =item SSL_METHOD *B<SSLv2_server_method>(void);
+- 
+- Constructor for the SSLv2 SSL_METHOD structure for a dedicated server.
+- 
+- =item SSL_METHOD *B<SSLv2_method>(void);
+- 
+- Constructor for the SSLv2 SSL_METHOD structure for combined client and server.
+- 
+- =item SSL_METHOD *B<SSLv3_client_method>(void);
+- 
+- Constructor for the SSLv3 SSL_METHOD structure for a dedicated client.
+- 
+- =item SSL_METHOD *B<SSLv3_server_method>(void);
+- 
+- Constructor for the SSLv3 SSL_METHOD structure for a dedicated server.
+- 
+- =item SSL_METHOD *B<SSLv3_method>(void);
+- 
+- Constructor for the SSLv3 SSL_METHOD structure for combined client and server.
+- 
+- =item SSL_METHOD *B<TLSv1_client_method>(void);
+- 
+- Constructor for the TLSv1 SSL_METHOD structure for a dedicated client.
+- 
+- =item SSL_METHOD *B<TLSv1_server_method>(void);
+- 
+- Constructor for the TLSv1 SSL_METHOD structure for a dedicated server.
+- 
+- =item SSL_METHOD *B<TLSv1_method>(void);
+- 
+- Constructor for the TLSv1 SSL_METHOD structure for combined client and server.
+- 
+- =back
+- 
+- =head2 DEALING WITH CIPHERS
+- 
+- Here we document the various API functions which deal with the SSL/TLS
+- ciphers defined in B<SSL_CIPHER> structures.
+- 
+- =over 4
+- 
+- =item char *B<SSL_CIPHER_description>(SSL_CIPHER *cipher, char *buf, int len);
+- 
+- Write a string to I<buf> (with a maximum size of I<len>) containing a human
+- readable description of I<cipher>. Returns I<buf>.
+- 
+- =item int B<SSL_CIPHER_get_bits>(SSL_CIPHER *cipher, int *alg_bits);
+- 
+- Determine the number of bits in I<cipher>. Because of export crippled ciphers
+- there are two bits: The bits the algorithm supports in general (stored to
+- I<alg_bits>) and the bits which are actually used (the return value).
+- 
+- =item char *B<SSL_CIPHER_get_name>(SSL_CIPHER *cipher);
+- 
+- Return the internal name of I<cipher> as a string. These are the various
+- strings defined by the I<SSL2_TXT_xxx>, I<SSL3_TXT_xxx> and I<TLS1_TXT_xxx>
+- definitions in the header files.
+- 
+- =item char *B<SSL_CIPHER_get_version>(SSL_CIPHER *cipher);
+- 
+- Returns a string like "C<TLSv1/SSLv3>" or "C<SSLv2>" which indicates the
+- SSL/TLS protocol version to which I<cipher> belongs (i.e. where it was defined
+- in the specification the first time).
+- 
+- =back
+- 
+- =head2 DEALING WITH PROTOCOL CONTEXTS
+- 
+- Here we document the various API functions which deal with the SSL/TLS
+- protocol context defined in the B<SSL_CTX> structure.
+- 
+- =over 4
+- 
+- =item int B<SSL_CTX_add_client_CA>(SSL_CTX *ctx, X509 *x);
+- 
+- =item long B<SSL_CTX_add_extra_chain_cert>(SSL_CTX *ctx, X509 *x509);
+- 
+- =item int B<SSL_CTX_add_session>(SSL_CTX *ctx, SSL_SESSION *c);
+- 
+- =item int B<SSL_CTX_check_private_key>(SSL_CTX *ctx);
+- 
+- =item long B<SSL_CTX_ctrl>(SSL_CTX *ctx, int cmd, long larg, char *parg);
+- 
+- =item void B<SSL_CTX_flush_sessions>(SSL_CTX *s, long t);
+- 
+- =item void B<SSL_CTX_free>(SSL_CTX *a);
+- 
+- =item char *B<SSL_CTX_get_app_data>(SSL_CTX *ctx);
+- 
+- =item X509_STORE *B<SSL_CTX_get_cert_store>(SSL_CTX *ctx);
+- 
+- =item STACK *B<SSL_CTX_get_client_CA_list>(SSL_CTX *ctx);
+- 
+- =item int (*B<SSL_CTX_get_client_cert_cb>(SSL_CTX *ctx))(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
+- 
+- =item char *B<SSL_CTX_get_ex_data>(SSL_CTX *s, int idx);
+- 
+- =item int B<SSL_CTX_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+- 
+- =item void (*B<SSL_CTX_get_info_callback>(SSL_CTX *ctx))(SSL *ssl, int cb, int ret);
+- 
+- =item int B<SSL_CTX_get_quiet_shutdown>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_get_session_cache_mode>(SSL_CTX *ctx);
+- 
+- =item long B<SSL_CTX_get_timeout>(SSL_CTX *ctx);
+- 
+- =item int (*B<SSL_CTX_get_verify_callback>(SSL_CTX *ctx))(int ok, X509_STORE_CTX *ctx);
+- 
+- =item int B<SSL_CTX_get_verify_mode>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_load_verify_locations>(SSL_CTX *ctx, char *CAfile, char *CApath);
+- 
+- =item long B<SSL_CTX_need_tmp_RSA>(SSL_CTX *ctx);
+- 
+- =item SSL_CTX *B<SSL_CTX_new>(SSL_METHOD *meth);
+- 
+- =item int B<SSL_CTX_remove_session>(SSL_CTX *ctx, SSL_SESSION *c);
+- 
+- =item int B<SSL_CTX_sess_accept>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_sess_accept_good>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_sess_accept_renegotiate>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_sess_cache_full>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_sess_cb_hits>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_sess_connect>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_sess_connect_good>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_sess_connect_renegotiate>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_sess_get_cache_size>(SSL_CTX *ctx);
+- 
+- =item SSL_SESSION *(*B<SSL_CTX_sess_get_get_cb>(SSL_CTX *ctx))(SSL *ssl, unsigned char *data, int len, int *copy);
+- 
+- =item int (*B<SSL_CTX_sess_get_new_cb>(SSL_CTX *ctx)(SSL *ssl, SSL_SESSION *sess);
+- 
+- =item void (*B<SSL_CTX_sess_get_remove_cb>(SSL_CTX *ctx)(SSL_CTX *ctx, SSL_SESSION *sess);
+- 
+- =item int B<SSL_CTX_sess_hits>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_sess_misses>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_sess_number>(SSL_CTX *ctx);
+- 
+- =item void B<SSL_CTX_sess_set_cache_size>(SSL_CTX *ctx,t);
+- 
+- =item void B<SSL_CTX_sess_set_get_cb>(SSL_CTX *ctx, SSL_SESSION *(*cb)(SSL *ssl, unsigned char *data, int len, int *copy));
+- 
+- =item void B<SSL_CTX_sess_set_new_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, SSL_SESSION *sess));
+- 
+- =item void B<SSL_CTX_sess_set_remove_cb>(SSL_CTX *ctx, void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess));
+- 
+- =item int B<SSL_CTX_sess_timeouts>(SSL_CTX *ctx);
+- 
+- =item LHASH *B<SSL_CTX_sessions>(SSL_CTX *ctx);
+- 
+- =item void B<SSL_CTX_set_app_data>(SSL_CTX *ctx, void *arg);
+- 
+- =item void B<SSL_CTX_set_cert_store>(SSL_CTX *ctx, X509_STORE *cs);
+- 
+- =item void B<SSL_CTX_set_cert_verify_cb>(SSL_CTX *ctx, int (*cb)(SSL_CTX *), char *arg)
+- 
+- =item int B<SSL_CTX_set_cipher_list>(SSL_CTX *ctx, char *str);
+- 
+- =item void B<SSL_CTX_set_client_CA_list>(SSL_CTX *ctx, STACK *list);
+- 
+- =item void B<SSL_CTX_set_client_cert_cb>(SSL_CTX *ctx, int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
+- 
+- =item void B<SSL_CTX_set_default_passwd_cb>(SSL_CTX *ctx, int (*cb);(void))
+- 
+- =item void B<SSL_CTX_set_default_read_ahead>(SSL_CTX *ctx, int m);
+- 
+- =item int B<SSL_CTX_set_default_verify_paths>(SSL_CTX *ctx);
+- 
+- =item int B<SSL_CTX_set_ex_data>(SSL_CTX *s, int idx, char *arg);
+- 
+- =item void B<SSL_CTX_set_info_callback>(SSL_CTX *ctx, void (*cb)(SSL *ssl, int cb, int ret));
+- 
+- =item void B<SSL_CTX_set_options>(SSL_CTX *ctx, unsigned long op);
+- 
+- =item void B<SSL_CTX_set_quiet_shutdown>(SSL_CTX *ctx, int mode);
+- 
+- =item void B<SSL_CTX_set_session_cache_mode>(SSL_CTX *ctx, int mode);
+- 
+- =item int B<SSL_CTX_set_ssl_version>(SSL_CTX *ctx, SSL_METHOD *meth);
+- 
+- =item void B<SSL_CTX_set_timeout>(SSL_CTX *ctx, long t);
+- 
+- =item long B<SSL_CTX_set_tmp_dh>(SSL_CTX* ctx, DH *dh);
+- 
+- =item long B<SSL_CTX_set_tmp_dh_callback>(SSL_CTX *ctx, DH *(*cb)(void));
+- 
+- =item long B<SSL_CTX_set_tmp_rsa>(SSL_CTX *ctx, RSA *rsa);
+- 
+- =item SSL_CTX_set_tmp_rsa_callback
+- 
+- C<long B<SSL_CTX_set_tmp_rsa_callback>(SSL_CTX *B<ctx>, RSA *(*B<cb>)(SSL *B<ssl>, int B<export>, int B<keylength>));>
+- 
+- Sets the callback which will be called when a temporary private key is
+- required. The B<C<export>> flag will be set if the reason for needing
+- a temp key is that an export ciphersuite is in use, in which case,
+- B<C<keylength>> will contain the required keylength in bits. Generate a key of
+- appropriate size (using ???) and return it.
+- 
+- =item SSL_set_tmp_rsa_callback
+- 
+- long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+- 
+- The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+- session instead of a context.
+- 
+- =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+- 
+- =item int B<SSL_CTX_use_PrivateKey>(SSL_CTX *ctx, EVP_PKEY *pkey);
+- 
+- =item int B<SSL_CTX_use_PrivateKey_ASN1>(int type, SSL_CTX *ctx, unsigned char *d, long len);
+- 
+- =item int B<SSL_CTX_use_PrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+- 
+- =item int B<SSL_CTX_use_RSAPrivateKey>(SSL_CTX *ctx, RSA *rsa);
+- 
+- =item int B<SSL_CTX_use_RSAPrivateKey_ASN1>(SSL_CTX *ctx, unsigned char *d, long len);
+- 
+- =item int B<SSL_CTX_use_RSAPrivateKey_file>(SSL_CTX *ctx, char *file, int type);
+- 
+- =item int B<SSL_CTX_use_certificate>(SSL_CTX *ctx, X509 *x);
+- 
+- =item int B<SSL_CTX_use_certificate_ASN1>(SSL_CTX *ctx, int len, unsigned char *d);
+- 
+- =item int B<SSL_CTX_use_certificate_file>(SSL_CTX *ctx, char *file, int type);
+- 
+- =back
+- 
+- =head2 DEALING WITH SESSIONS
+- 
+- Here we document the various API functions which deal with the SSL/TLS
+- sessions defined in the B<SSL_SESSION> structures.
+- 
+- =over 4
+- 
+- =item int B<SSL_SESSION_cmp>(SSL_SESSION *a, SSL_SESSION *b);
+- 
+- =item void B<SSL_SESSION_free>(SSL_SESSION *ss);
+- 
+- =item char *B<SSL_SESSION_get_app_data>(SSL_SESSION *s);
+- 
+- =item char *B<SSL_SESSION_get_ex_data>(SSL_SESSION *s, int idx);
+- 
+- =item int B<SSL_SESSION_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+- 
+- =item long B<SSL_SESSION_get_time>(SSL_SESSION *s);
+- 
+- =item long B<SSL_SESSION_get_timeout>(SSL_SESSION *s);
+- 
+- =item unsigned long B<SSL_SESSION_hash>(SSL_SESSION *a);
+- 
+- =item SSL_SESSION *B<SSL_SESSION_new>(void);
+- 
+- =item int B<SSL_SESSION_print>(BIO *bp, SSL_SESSION *x);
+- 
+- =item int B<SSL_SESSION_print_fp>(FILE *fp, SSL_SESSION *x);
+- 
+- =item void B<SSL_SESSION_set_app_data>(SSL_SESSION *s, char *a);
+- 
+- =item int B<SSL_SESSION_set_ex_data>(SSL_SESSION *s, int idx, char *arg);
+- 
+- =item long B<SSL_SESSION_set_time>(SSL_SESSION *s, long t);
+- 
+- =item long B<SSL_SESSION_set_timeout>(SSL_SESSION *s, long t);
+- 
+- =back
+- 
+- =head2 DEALING WITH CONNECTIONS
+- 
+- Here we document the various API functions which deal with the SSL/TLS
+- connection defined in the B<SSL> structure.
+- 
+- =over 4
+- 
+- =item int B<SSL_accept>(SSL *ssl);
+- 
+- =item int B<SSL_add_dir_cert_subjects_to_stack>(STACK *stack, const char *dir);
+- 
+- =item int B<SSL_add_file_cert_subjects_to_stack>(STACK *stack, const char *file);
+- 
+- =item int B<SSL_add_client_CA>(SSL *ssl, X509 *x);
+- 
+- =item char *B<SSL_alert_desc_string>(int value);
+- 
+- =item char *B<SSL_alert_desc_string_long>(int value);
+- 
+- =item char *B<SSL_alert_type_string>(int value);
+- 
+- =item char *B<SSL_alert_type_string_long>(int value);
+- 
+- =item int B<SSL_check_private_key>(SSL *ssl);
+- 
+- =item void B<SSL_clear>(SSL *ssl);
+- 
+- =item long B<SSL_clear_num_renegotiations>(SSL *ssl);
+- 
+- =item int B<SSL_connect>(SSL *ssl);
+- 
+- =item void B<SSL_copy_session_id>(SSL *t, SSL *f);
+- 
+- =item long B<SSL_ctrl>(SSL *ssl, int cmd, long larg, char *parg);
+- 
+- =item int B<SSL_do_handshake>(SSL *ssl);
+- 
+- =item SSL *B<SSL_dup>(SSL *ssl);
+- 
+- =item STACK *B<SSL_dup_CA_list>(STACK *sk);
+- 
+- =item void B<SSL_free>(SSL *ssl);
+- 
+- =item SSL_CTX *B<SSL_get_SSL_CTX>(SSL *ssl);
+- 
+- =item char *B<SSL_get_app_data>(SSL *ssl);
+- 
+- =item X509 *B<SSL_get_certificate>(SSL *ssl);
+- 
+- =item SSL_CIPHER *B<SSL_get_cipher>(SSL *ssl);
+- 
+- =item int B<SSL_get_cipher_bits>(SSL *ssl, int *alg_bits);
+- 
+- =item char *B<SSL_get_cipher_list>(SSL *ssl, int n);
+- 
+- =item char *B<SSL_get_cipher_name>(SSL *ssl);
+- 
+- =item char *B<SSL_get_cipher_version>(SSL *ssl);
+- 
+- =item STACK *B<SSL_get_ciphers>(SSL *ssl);
+- 
+- =item STACK *B<SSL_get_client_CA_list>(SSL *ssl);
+- 
+- =item SSL_CIPHER *B<SSL_get_current_cipher>(SSL *ssl);
+- 
+- =item long B<SSL_get_default_timeout>(SSL *ssl);
+- 
+- =item int B<SSL_get_error>(SSL *ssl, int i);
+- 
+- =item char *B<SSL_get_ex_data>(SSL *ssl, int idx);
+- 
+- =item int B<SSL_get_ex_data_X509_STORE_CTX_idx>(void);
+- 
+- =item int B<SSL_get_ex_new_index>(long argl, char *argp, int (*new_func);(void), int (*dup_func)(void), void (*free_func)(void))
+- 
+- =item int B<SSL_get_fd>(SSL *ssl);
+- 
+- =item void (*B<SSL_get_info_callback>(SSL *ssl);)(void)
+- 
+- =item STACK *B<SSL_get_peer_cert_chain>(SSL *ssl);
+- 
+- =item X509 *B<SSL_get_peer_certificate>(SSL *ssl);
+- 
+- =item EVP_PKEY *B<SSL_get_privatekey>(SSL *ssl);
+- 
+- =item int B<SSL_get_quiet_shutdown>(SSL *ssl);
+- 
+- =item BIO *B<SSL_get_rbio>(SSL *ssl);
+- 
+- =item int B<SSL_get_read_ahead>(SSL *ssl);
+- 
+- =item SSL_SESSION *B<SSL_get_session>(SSL *ssl);
+- 
+- =item char *B<SSL_get_shared_ciphers>(SSL *ssl, char *buf, int len);
+- 
+- =item int B<SSL_get_shutdown>(SSL *ssl);
+- 
+- =item SSL_METHOD *B<SSL_get_ssl_method>(SSL *ssl);
+- 
+- =item int B<SSL_get_state>(SSL *ssl);
+- 
+- =item long B<SSL_get_time>(SSL *ssl);
+- 
+- =item long B<SSL_get_timeout>(SSL *ssl);
+- 
+- =item int (*B<SSL_get_verify_callback>(SSL *ssl);)(void)
+- 
+- =item int B<SSL_get_verify_mode>(SSL *ssl);
+- 
+- =item long B<SSL_get_verify_result>(SSL *ssl);
+- 
+- =item char *B<SSL_get_version>(SSL *ssl);
+- 
+- =item BIO *B<SSL_get_wbio>(SSL *ssl);
+- 
+- =item int B<SSL_in_accept_init>(SSL *ssl);
+- 
+- =item int B<SSL_in_before>(SSL *ssl);
+- 
+- =item int B<SSL_in_connect_init>(SSL *ssl);
+- 
+- =item int B<SSL_in_init>(SSL *ssl);
+- 
+- =item int B<SSL_is_init_finished>(SSL *ssl);
+- 
+- =item STACK *B<SSL_load_client_CA_file>(char *file);
+- 
+- =item void B<SSL_load_error_strings>(void);
+- 
+- =item SSL *B<SSL_new>(SSL_CTX *ctx);
+- 
+- =item long B<SSL_num_renegotiations>(SSL *ssl);
+- 
+- =item int B<SSL_peek>(SSL *ssl, char *buf, int num);
+- 
+- =item int B<SSL_pending>(SSL *ssl);
+- 
+- =item int B<SSL_read>(SSL *ssl, char *buf, int num);
+- 
+- =item int B<SSL_renegotiate>(SSL *ssl);
+- 
+- =item char *B<SSL_rstate_string>(SSL *ssl);
+- 
+- =item char *B<SSL_rstate_string_long>(SSL *ssl);
+- 
+- =item long B<SSL_session_reused>(SSL *ssl);
+- 
+- =item void B<SSL_set_accept_state>(SSL *ssl);
+- 
+- =item void B<SSL_set_app_data>(SSL *ssl, char *arg);
+- 
+- =item void B<SSL_set_bio>(SSL *ssl, BIO *rbio, BIO *wbio);
+- 
+- =item int B<SSL_set_cipher_list>(SSL *ssl, char *str);
+- 
+- =item void B<SSL_set_client_CA_list>(SSL *ssl, STACK *list);
+- 
+- =item void B<SSL_set_connect_state>(SSL *ssl);
+- 
+- =item int B<SSL_set_ex_data>(SSL *ssl, int idx, char *arg);
+- 
+- =item int B<SSL_set_fd>(SSL *ssl, int fd);
+- 
+- =item void B<SSL_set_info_callback>(SSL *ssl, void (*cb);(void))
+- 
+- =item void B<SSL_set_options>(SSL *ssl, unsigned long op);
+- 
+- =item void B<SSL_set_quiet_shutdown>(SSL *ssl, int mode);
+- 
+- =item void B<SSL_set_read_ahead>(SSL *ssl, int yes);
+- 
+- =item int B<SSL_set_rfd>(SSL *ssl, int fd);
+- 
+- =item int B<SSL_set_session>(SSL *ssl, SSL_SESSION *session);
+- 
+- =item void B<SSL_set_shutdown>(SSL *ssl, int mode);
+- 
+- =item int B<SSL_set_ssl_method>(SSL *ssl, SSL_METHOD *meth);
+- 
+- =item void B<SSL_set_time>(SSL *ssl, long t);
+- 
+- =item void B<SSL_set_timeout>(SSL *ssl, long t);
+- 
+- =item void B<SSL_set_verify>(SSL *ssl, int mode, int (*callback);(void))
+- 
+- =item void B<SSL_set_verify_result>(SSL *ssl, long arg);
+- 
+- =item int B<SSL_set_wfd>(SSL *ssl, int fd);
+- 
+- =item int B<SSL_shutdown>(SSL *ssl);
+- 
+- =item int B<SSL_state>(SSL *ssl);
+- 
+- =item char *B<SSL_state_string>(SSL *ssl);
+- 
+- =item char *B<SSL_state_string_long>(SSL *ssl);
+- 
+- =item long B<SSL_total_renegotiations>(SSL *ssl);
+- 
+- =item int B<SSL_use_PrivateKey>(SSL *ssl, EVP_PKEY *pkey);
+- 
+- =item int B<SSL_use_PrivateKey_ASN1>(int type, SSL *ssl, unsigned char *d, long len);
+- 
+- =item int B<SSL_use_PrivateKey_file>(SSL *ssl, char *file, int type);
+- 
+- =item int B<SSL_use_RSAPrivateKey>(SSL *ssl, RSA *rsa);
+- 
+- =item int B<SSL_use_RSAPrivateKey_ASN1>(SSL *ssl, unsigned char *d, long len);
+- 
+- =item int B<SSL_use_RSAPrivateKey_file>(SSL *ssl, char *file, int type);
+- 
+- =item int B<SSL_use_certificate>(SSL *ssl, X509 *x);
+- 
+- =item int B<SSL_use_certificate_ASN1>(SSL *ssl, int len, unsigned char *d);
+- 
+- =item int B<SSL_use_certificate_file>(SSL *ssl, char *file, int type);
+- 
+- =item int B<SSL_version>(SSL *ssl);
+- 
+- =item int B<SSL_want>(SSL *ssl);
+- 
+- =item int B<SSL_want_nothing>(SSL *ssl);
+- 
+- =item int B<SSL_want_read>(SSL *ssl);
+- 
+- =item int B<SSL_want_write>(SSL *ssl);
+- 
+- =item int B<SSL_want_x509_lookup>(s);
+- 
+- =item int B<SSL_write>(SSL *ssl, char *buf, int num);
+- 
+- =back
+- 
+- =head1 SEE ALSO
+- 
+- openssl(1), crypto(3)
+- 
+- =head1 HISTORY
+- 
+- The ssl(3) document appeared in OpenSSL 0.9.2
+- 
+- =cut
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssleay.txt ../RELENG_4_6/crypto/openssl/doc/ssleay.txt
+*** crypto/openssl/doc/ssleay.txt	Wed Jul  4 19:19:40 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssleay.txt	Tue Dec  4 02:50:52 2001
+***************
+*** 1,6 ****
+--- 1,22 ----
+  
+  Bundle of old SSLeay documentation files [OBSOLETE!]
+  
++ *** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***
++ 
++ OBSOLETE means that nothing in this document should be trusted.  This
++ document is provided mostly for historical purposes (it wasn't even up
++ to date at the time SSLeay 0.8.1 was released) and as inspiration.  If
++ you copy some snippet of code from this document, please _check_ that
++ it really is correct from all points of view.  For example, you can
++ check with the other documents in this directory tree, or by comparing
++ with relevant parts of the include files.
++ 
++ People have done the mistake of trusting what's written here.  Please
++ don't do that.
++ 
++ *** WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! WARNING! ***
++ 
++ 
+  ==== readme ========================================================
+  
+  This is the old 0.6.6 docuementation.  Most of the cipher stuff is still
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/e_os.h ../RELENG_4_6/crypto/openssl/e_os.h
+*** crypto/openssl/e_os.h	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/e_os.h	Tue Dec  3 11:51:51 2002
+***************
+*** 82,87 ****
+--- 82,93 ----
+  #define DEVRANDOM "/dev/urandom"
+  #endif
+  
++ #if defined(VXWORKS)
++ #  define NO_SYS_PARAM_H
++ #  define NO_CHMOD
++ #  define NO_SYSLOG
++ #endif
++   
+  #if defined(__MWERKS__) && defined(macintosh)
+  # if macintosh==1
+  #  ifndef MAC_OS_GUSI_SOURCE
+***************
+*** 108,118 ****
+  #  define MS_STATIC
+  #endif
+  
+! #if defined(_WIN32) && !defined(WIN32) && !defined(__CYGWIN32__)
+  #  define WIN32
+  #endif
+  
+! #if (defined(WIN32) || defined(WIN16)) && !defined(__CYGWIN32__)
+  #  ifndef WINDOWS
+  #    define WINDOWS
+  #  endif
+--- 114,124 ----
+  #  define MS_STATIC
+  #endif
+  
+! #if defined(_WIN32) && !defined(WIN32) && !defined(__CYGWIN32__) && !defined(_UWIN)
+  #  define WIN32
+  #endif
+  
+! #if (defined(WIN32) || defined(WIN16)) && !defined(__CYGWIN32__) && !defined(_UWIN)
+  #  ifndef WINDOWS
+  #    define WINDOWS
+  #  endif
+***************
+*** 136,142 ****
+  #define clear_sys_error()	errno=0
+  #endif
+  
+! #if defined(WINDOWS) && !defined(__CYGWIN32__)
+  #define get_last_socket_error()	WSAGetLastError()
+  #define clear_socket_error()	WSASetLastError(0)
+  #define readsocket(s,b,n)	recv((s),(b),(n),0)
+--- 142,149 ----
+  #define clear_sys_error()	errno=0
+  #endif
+  
+! #if defined(WINDOWS) && !defined(__CYGWIN32__)  && !defined(_UWIN)
+! 
+  #define get_last_socket_error()	WSAGetLastError()
+  #define clear_socket_error()	WSASetLastError(0)
+  #define readsocket(s,b,n)	recv((s),(b),(n),0)
+***************
+*** 148,153 ****
+--- 155,167 ----
+  #define closesocket(s)		MacSocket_close(s)
+  #define readsocket(s,b,n)	MacSocket_recv((s),(b),(n),true)
+  #define writesocket(s,b,n)	MacSocket_send((s),(b),(n))
++ #elif defined(VMS)
++ #define get_last_socket_error() errno
++ #define clear_socket_error()    errno=0
++ #define ioctlsocket(a,b,c)      ioctl(a,b,c)
++ #define closesocket(s)          close(s)
++ #define readsocket(s,b,n)       recv((s),(b),(n),0)
++ #define writesocket(s,b,n)      send((s),(b),(n),0)
+  #else
+  #define get_last_socket_error()	errno
+  #define clear_socket_error()	errno=0
+***************
+*** 170,176 ****
+  #  define NO_FP_API
+  #endif
+  
+! #if (defined(WINDOWS) || defined(MSDOS)) && !defined(__CYGWIN32__)
+  
+  #  ifndef S_IFDIR
+  #    define S_IFDIR	_S_IFDIR
+--- 184,190 ----
+  #  define NO_FP_API
+  #endif
+  
+! #if (defined(WINDOWS) || defined(MSDOS)) && !defined(__CYGWIN32__) && !defined(_UWIN)
+  
+  #  ifndef S_IFDIR
+  #    define S_IFDIR	_S_IFDIR
+***************
+*** 205,214 ****
+  #    define _kbhit kbhit
+  #  endif
+  
+! #  if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+! #    define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
+  #  else
+! #    define EXIT(n)		return(n);
+  #  endif
+  #  define LIST_SEPARATOR_CHAR ';'
+  #  ifndef X_OK
+--- 219,229 ----
+  #    define _kbhit kbhit
+  #  endif
+  
+! #  if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+! #    define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
+! #    define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
+  #  else
+! #    define EXIT(n) return(n)
+  #  endif
+  #  define LIST_SEPARATOR_CHAR ';'
+  #  ifndef X_OK
+***************
+*** 224,229 ****
+--- 239,245 ----
+  #  define SSLEAY_CONF	OPENSSL_CONF
+  #  define NUL_DEV	"nul"
+  #  define RFILE		".rnd"
++ #  define DEFAULT_HOME  "C:"
+  
+  #else /* The non-microsoft world world */
+  
+***************
+*** 260,277 ****
+       the status is tagged as an error, which I believe is what is wanted here.
+       -- Richard Levitte
+    */
+! #    if !defined(MONOLITH) || defined(OPENSSL_C)
+! #      define EXIT(n)		do { int __VMS_EXIT = n; \
+                                       if (__VMS_EXIT == 0) \
+  				       __VMS_EXIT = 1; \
+  				     else \
+  				       __VMS_EXIT = (n << 3) | 2; \
+                                       __VMS_EXIT |= 0x10000000; \
+! 				     exit(__VMS_EXIT); \
+! 				     return(__VMS_EXIT); } while(0)
+! #    else
+! #      define EXIT(n)		return(n)
+! #    endif
+  #    define NO_SYS_PARAM_H
+  #  else
+       /* !defined VMS */
+--- 276,288 ----
+       the status is tagged as an error, which I believe is what is wanted here.
+       -- Richard Levitte
+    */
+! #    define EXIT(n)		do { int __VMS_EXIT = n; \
+                                       if (__VMS_EXIT == 0) \
+  				       __VMS_EXIT = 1; \
+  				     else \
+  				       __VMS_EXIT = (n << 3) | 2; \
+                                       __VMS_EXIT |= 0x10000000; \
+! 				     exit(__VMS_EXIT); } while(0)
+  #    define NO_SYS_PARAM_H
+  #  else
+       /* !defined VMS */
+***************
+*** 302,312 ****
+  #    define RFILE		".rnd"
+  #    define LIST_SEPARATOR_CHAR ':'
+  #    define NUL_DEV		"/dev/null"
+! #    ifndef MONOLITH
+! #      define EXIT(n)		exit(n); return(n)
+! #    else
+! #      define EXIT(n)		return(n)
+! #    endif
+  #  endif
+  
+  #  define SSLeay_getpid()	getpid()
+--- 313,319 ----
+  #    define RFILE		".rnd"
+  #    define LIST_SEPARATOR_CHAR ':'
+  #    define NUL_DEV		"/dev/null"
+! #    define EXIT(n)		exit(n)
+  #  endif
+  
+  #  define SSLeay_getpid()	getpid()
+***************
+*** 347,353 ****
+  #    ifndef NO_SYS_PARAM_H
+  #      include <sys/param.h>
+  #    endif
+! #    ifndef MPE
+  #      include <sys/time.h> /* Needed under linux for FD_XXX */
+  #    endif
+  
+--- 354,362 ----
+  #    ifndef NO_SYS_PARAM_H
+  #      include <sys/param.h>
+  #    endif
+! #    ifdef VXWORKS
+! #      include <time.h> 
+! #    elif !defined(MPE)
+  #      include <sys/time.h> /* Needed under linux for FD_XXX */
+  #    endif
+  
+***************
+*** 412,430 ****
+  #  endif
+  #endif
+  
+- #if defined(THREADS) || defined(sun)
+- #ifndef _REENTRANT
+- #define _REENTRANT
+- #endif
+- #endif
+- 
+  #if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
+    /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
+  # define memmove(s1,s2,n) bcopy((s2),(s1),(n))
+  # define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
+  extern char *sys_errlist[]; extern int sys_nerr;
+  # define strerror(errnum) \
+  	(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
+  #endif
+  
+  /***********************************************/
+--- 421,444 ----
+  #  endif
+  #endif
+  
+  #if defined(sun) && !defined(__svr4__) && !defined(__SVR4)
++   /* include headers first, so our defines don't break it */
++ #include <stdlib.h>
++ #include <string.h>
+    /* bcopy can handle overlapping moves according to SunOS 4.1.4 manpage */
+  # define memmove(s1,s2,n) bcopy((s2),(s1),(n))
+  # define strtoul(s,e,b) ((unsigned long int)strtol((s),(e),(b)))
+  extern char *sys_errlist[]; extern int sys_nerr;
+  # define strerror(errnum) \
+  	(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
++ #endif
++ 
++ #ifndef OPENSSL_EXIT
++ # if defined(MONOLITH) && !defined(OPENSSL_C)
++ #  define OPENSSL_EXIT(n) return(n)
++ # else
++ #  define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
++ # endif
+  #endif
+  
+  /***********************************************/
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/e_os2.h ../RELENG_4_6/crypto/openssl/e_os2.h
+*** crypto/openssl/e_os2.h	Sun Nov 26 06:32:45 2000
+--- ../RELENG_4_6/crypto/openssl/e_os2.h	Sat Apr  6 06:37:07 2002
+***************
+*** 23,29 ****
+     declared explicitely with globaldef and globalref.  On other OS:es,
+     these macros are defined with something sensible. */
+  
+! #if defined(VMS) && !defined(__DECC)
+  # define OPENSSL_EXTERN globalref
+  # define OPENSSL_GLOBAL globaldef
+  #else
+--- 23,29 ----
+     declared explicitely with globaldef and globalref.  On other OS:es,
+     these macros are defined with something sensible. */
+  
+! #if defined(VMS) && !defined(__DECC) && !defined(__DECCXX)
+  # define OPENSSL_EXTERN globalref
+  # define OPENSSL_GLOBAL globaldef
+  #else
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/mt/mttest.c ../RELENG_4_6/crypto/openssl/mt/mttest.c
+*** crypto/openssl/mt/mttest.c	Mon Jan 10 01:21:58 2000
+--- ../RELENG_4_6/crypto/openssl/mt/mttest.c	Wed Dec 31 19:00:00 1969
+***************
+*** 1,1092 ****
+- /* mt/mttest.c */
+- /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+-  * All rights reserved.
+-  *
+-  * This package is an SSL implementation written
+-  * by Eric Young (eay@cryptsoft.com).
+-  * The implementation was written so as to conform with Netscapes SSL.
+-  * 
+-  * This library is free for commercial and non-commercial use as long as
+-  * the following conditions are aheared to.  The following conditions
+-  * apply to all code found in this distribution, be it the RC4, RSA,
+-  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+-  * included with this distribution is covered by the same copyright terms
+-  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+-  * 
+-  * Copyright remains Eric Young's, and as such any Copyright notices in
+-  * the code are not to be removed.
+-  * If this package is used in a product, Eric Young should be given attribution
+-  * as the author of the parts of the library used.
+-  * This can be in the form of a textual message at program startup or
+-  * in documentation (online or textual) provided with the package.
+-  * 
+-  * Redistribution and use in source and binary forms, with or without
+-  * modification, are permitted provided that the following conditions
+-  * are met:
+-  * 1. Redistributions of source code must retain the copyright
+-  *    notice, this list of conditions and the following disclaimer.
+-  * 2. Redistributions in binary form must reproduce the above copyright
+-  *    notice, this list of conditions and the following disclaimer in the
+-  *    documentation and/or other materials provided with the distribution.
+-  * 3. All advertising materials mentioning features or use of this software
+-  *    must display the following acknowledgement:
+-  *    "This product includes cryptographic software written by
+-  *     Eric Young (eay@cryptsoft.com)"
+-  *    The word 'cryptographic' can be left out if the rouines from the library
+-  *    being used are not cryptographic related :-).
+-  * 4. If you include any Windows specific code (or a derivative thereof) from 
+-  *    the apps directory (application code) you must include an acknowledgement:
+-  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+-  * 
+-  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+-  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+-  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-  * SUCH DAMAGE.
+-  * 
+-  * The licence and distribution terms for any publically available version or
+-  * derivative of this code cannot be changed.  i.e. this code cannot simply be
+-  * copied and put under another distribution licence
+-  * [including the GNU Public Licence.]
+-  */
+- 
+- #include <stdio.h>
+- #include <stdlib.h>
+- #include <string.h>
+- #include <errno.h>
+- #ifdef LINUX
+- #include <typedefs.h>
+- #endif
+- #ifdef WIN32
+- #include <windows.h>
+- #endif
+- #ifdef SOLARIS
+- #include <synch.h>
+- #include <thread.h>
+- #endif
+- #ifdef IRIX
+- #include <ulocks.h>
+- #include <sys/prctl.h>
+- #endif
+- #include <openssl/lhash.h>
+- #include <openssl/crypto.h>
+- #include <openssl/buffer.h>
+- #include "../e_os.h"
+- #include <openssl/x509.h>
+- #include <openssl/ssl.h>
+- #include <openssl/err.h>
+- 
+- #ifdef NO_FP_API
+- #define APPS_WIN16
+- #include "../crypto/buffer/bss_file.c"
+- #endif
+- 
+- #define TEST_SERVER_CERT "../apps/server.pem"
+- #define TEST_CLIENT_CERT "../apps/client.pem"
+- 
+- #define MAX_THREAD_NUMBER	100
+- 
+- int MS_CALLBACK verify_callback(int ok, X509 *xs, X509 *xi, int depth,
+- 	int error,char *arg);
+- void thread_setup(void);
+- void thread_cleanup(void);
+- void do_threads(SSL_CTX *s_ctx,SSL_CTX *c_ctx);
+- 
+- void irix_locking_callback(int mode,int type,char *file,int line);
+- void solaris_locking_callback(int mode,int type,char *file,int line);
+- void win32_locking_callback(int mode,int type,char *file,int line);
+- void pthreads_locking_callback(int mode,int type,char *file,int line);
+- 
+- unsigned long irix_thread_id(void );
+- unsigned long solaris_thread_id(void );
+- unsigned long pthreads_thread_id(void );
+- 
+- BIO *bio_err=NULL;
+- BIO *bio_stdout=NULL;
+- 
+- static char *cipher=NULL;
+- int verbose=0;
+- #ifdef FIONBIO
+- static int s_nbio=0;
+- #endif
+- 
+- int thread_number=10;
+- int number_of_loops=10;
+- int reconnect=0;
+- int cache_stats=0;
+- 
+- int doit(char *ctx[4]);
+- static void print_stats(fp,ctx)
+- FILE *fp;
+- SSL_CTX *ctx;
+- {
+- 	fprintf(fp,"%4ld items in the session cache\n",
+- 		SSL_CTX_sess_number(ctx));
+- 	fprintf(fp,"%4d client connects (SSL_connect())\n",
+- 		SSL_CTX_sess_connect(ctx));
+- 	fprintf(fp,"%4d client connects that finished\n",
+- 		SSL_CTX_sess_connect_good(ctx));
+- 	fprintf(fp,"%4d server connects (SSL_accept())\n",
+- 		SSL_CTX_sess_accept(ctx));
+- 	fprintf(fp,"%4d server connects that finished\n",
+- 		SSL_CTX_sess_accept_good(ctx));
+- 	fprintf(fp,"%4d session cache hits\n",SSL_CTX_sess_hits(ctx));
+- 	fprintf(fp,"%4d session cache misses\n",SSL_CTX_sess_misses(ctx));
+- 	fprintf(fp,"%4d session cache timeouts\n",SSL_CTX_sess_timeouts(ctx));
+- 	}
+- 
+- static void sv_usage()
+- 	{
+- 	fprintf(stderr,"usage: ssltest [args ...]\n");
+- 	fprintf(stderr,"\n");
+- 	fprintf(stderr," -server_auth  - check server certificate\n");
+- 	fprintf(stderr," -client_auth  - do client authentication\n");
+- 	fprintf(stderr," -v            - more output\n");
+- 	fprintf(stderr," -CApath arg   - PEM format directory of CA's\n");
+- 	fprintf(stderr," -CAfile arg   - PEM format file of CA's\n");
+- 	fprintf(stderr," -threads arg  - number of threads\n");
+- 	fprintf(stderr," -loops arg    - number of 'connections', per thread\n");
+- 	fprintf(stderr," -reconnect    - reuse session-id's\n");
+- 	fprintf(stderr," -stats        - server session-id cache stats\n");
+- 	fprintf(stderr," -cert arg     - server certificate/key\n");
+- 	fprintf(stderr," -ccert arg    - client certificate/key\n");
+- 	fprintf(stderr," -ssl3         - just SSLv3n\n");
+- 	}
+- 
+- int main(argc, argv)
+- int argc;
+- char *argv[];
+- 	{
+- 	char *CApath=NULL,*CAfile=NULL;
+- 	int badop=0;
+- 	int ret=1;
+- 	int client_auth=0;
+- 	int server_auth=0;
+- 	SSL_CTX *s_ctx=NULL;
+- 	SSL_CTX *c_ctx=NULL;
+- 	char *scert=TEST_SERVER_CERT;
+- 	char *ccert=TEST_CLIENT_CERT;
+- 	SSL_METHOD *ssl_method=SSLv23_method();
+- 
+- 	if (bio_err == NULL)
+- 		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+- 	if (bio_stdout == NULL)
+- 		bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+- 	argc--;
+- 	argv++;
+- 
+- 	while (argc >= 1)
+- 		{
+- 		if	(strcmp(*argv,"-server_auth") == 0)
+- 			server_auth=1;
+- 		else if	(strcmp(*argv,"-client_auth") == 0)
+- 			client_auth=1;
+- 		else if	(strcmp(*argv,"-reconnect") == 0)
+- 			reconnect=1;
+- 		else if	(strcmp(*argv,"-stats") == 0)
+- 			cache_stats=1;
+- 		else if	(strcmp(*argv,"-ssl3") == 0)
+- 			ssl_method=SSLv3_method();
+- 		else if	(strcmp(*argv,"-ssl2") == 0)
+- 			ssl_method=SSLv2_method();
+- 		else if	(strcmp(*argv,"-CApath") == 0)
+- 			{
+- 			if (--argc < 1) goto bad;
+- 			CApath= *(++argv);
+- 			}
+- 		else if	(strcmp(*argv,"-CAfile") == 0)
+- 			{
+- 			if (--argc < 1) goto bad;
+- 			CAfile= *(++argv);
+- 			}
+- 		else if	(strcmp(*argv,"-cert") == 0)
+- 			{
+- 			if (--argc < 1) goto bad;
+- 			scert= *(++argv);
+- 			}
+- 		else if	(strcmp(*argv,"-ccert") == 0)
+- 			{
+- 			if (--argc < 1) goto bad;
+- 			ccert= *(++argv);
+- 			}
+- 		else if	(strcmp(*argv,"-threads") == 0)
+- 			{
+- 			if (--argc < 1) goto bad;
+- 			thread_number= atoi(*(++argv));
+- 			if (thread_number == 0) thread_number=1;
+- 			if (thread_number > MAX_THREAD_NUMBER)
+- 				thread_number=MAX_THREAD_NUMBER;
+- 			}
+- 		else if	(strcmp(*argv,"-loops") == 0)
+- 			{
+- 			if (--argc < 1) goto bad;
+- 			number_of_loops= atoi(*(++argv));
+- 			if (number_of_loops == 0) number_of_loops=1;
+- 			}
+- 		else
+- 			{
+- 			fprintf(stderr,"unknown option %s\n",*argv);
+- 			badop=1;
+- 			break;
+- 			}
+- 		argc--;
+- 		argv++;
+- 		}
+- 	if (badop)
+- 		{
+- bad:
+- 		sv_usage();
+- 		goto end;
+- 		}
+- 
+- 	if (cipher == NULL) cipher=getenv("SSL_CIPHER");
+- 
+- 	SSL_load_error_strings();
+- 	SSLeay_add_ssl_algorithms();
+- 
+- 	c_ctx=SSL_CTX_new(ssl_method);
+- 	s_ctx=SSL_CTX_new(ssl_method);
+- 	if ((c_ctx == NULL) || (s_ctx == NULL))
+- 		{
+- 		ERR_print_errors(bio_err);
+- 		goto end;
+- 		}
+- 
+- 	SSL_CTX_set_session_cache_mode(s_ctx,
+- 		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+- 	SSL_CTX_set_session_cache_mode(c_ctx,
+- 		SSL_SESS_CACHE_NO_AUTO_CLEAR|SSL_SESS_CACHE_SERVER);
+- 
+- 	SSL_CTX_use_certificate_file(s_ctx,scert,SSL_FILETYPE_PEM);
+- 	SSL_CTX_use_RSAPrivateKey_file(s_ctx,scert,SSL_FILETYPE_PEM);
+- 
+- 	if (client_auth)
+- 		{
+- 		SSL_CTX_use_certificate_file(c_ctx,ccert,
+- 			SSL_FILETYPE_PEM);
+- 		SSL_CTX_use_RSAPrivateKey_file(c_ctx,ccert,
+- 			SSL_FILETYPE_PEM);
+- 		}
+- 
+- 	if (	(!SSL_CTX_load_verify_locations(s_ctx,CAfile,CApath)) ||
+- 		(!SSL_CTX_set_default_verify_paths(s_ctx)) ||
+- 		(!SSL_CTX_load_verify_locations(c_ctx,CAfile,CApath)) ||
+- 		(!SSL_CTX_set_default_verify_paths(c_ctx)))
+- 		{
+- 		fprintf(stderr,"SSL_load_verify_locations\n");
+- 		ERR_print_errors(bio_err);
+- 		goto end;
+- 		}
+- 
+- 	if (client_auth)
+- 		{
+- 		fprintf(stderr,"client authentication\n");
+- 		SSL_CTX_set_verify(s_ctx,
+- 			SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+- 			verify_callback);
+- 		}
+- 	if (server_auth)
+- 		{
+- 		fprintf(stderr,"server authentication\n");
+- 		SSL_CTX_set_verify(c_ctx,SSL_VERIFY_PEER,
+- 			verify_callback);
+- 		}
+- 
+- 	thread_setup();
+- 	do_threads(s_ctx,c_ctx);
+- 	thread_cleanup();
+- end:
+- 	
+- 	if (c_ctx != NULL) 
+- 		{
+- 		fprintf(stderr,"Client SSL_CTX stats then free it\n");
+- 		print_stats(stderr,c_ctx);
+- 		SSL_CTX_free(c_ctx);
+- 		}
+- 	if (s_ctx != NULL)
+- 		{
+- 		fprintf(stderr,"Server SSL_CTX stats then free it\n");
+- 		print_stats(stderr,s_ctx);
+- 		if (cache_stats)
+- 			{
+- 			fprintf(stderr,"-----\n");
+- 			lh_stats(SSL_CTX_sessions(s_ctx),stderr);
+- 			fprintf(stderr,"-----\n");
+- 		/*	lh_node_stats(SSL_CTX_sessions(s_ctx),stderr);
+- 			fprintf(stderr,"-----\n"); */
+- 			lh_node_usage_stats(SSL_CTX_sessions(s_ctx),stderr);
+- 			fprintf(stderr,"-----\n");
+- 			}
+- 		SSL_CTX_free(s_ctx);
+- 		fprintf(stderr,"done free\n");
+- 		}
+- 	exit(ret);
+- 	return(0);
+- 	}
+- 
+- #define W_READ	1
+- #define W_WRITE	2
+- #define C_DONE	1
+- #define S_DONE	2
+- 
+- int ndoit(ssl_ctx)
+- SSL_CTX *ssl_ctx[2];
+- 	{
+- 	int i;
+- 	int ret;
+- 	char *ctx[4];
+- 
+- 	ctx[0]=(char *)ssl_ctx[0];
+- 	ctx[1]=(char *)ssl_ctx[1];
+- 
+- 	if (reconnect)
+- 		{
+- 		ctx[2]=(char *)SSL_new(ssl_ctx[0]);
+- 		ctx[3]=(char *)SSL_new(ssl_ctx[1]);
+- 		}
+- 	else
+- 		{
+- 		ctx[2]=NULL;
+- 		ctx[3]=NULL;
+- 		}
+- 
+- 	fprintf(stdout,"started thread %lu\n",CRYPTO_thread_id());
+- 	for (i=0; i<number_of_loops; i++)
+- 		{
+- /*		fprintf(stderr,"%4d %2d ctx->ref (%3d,%3d)\n",
+- 			CRYPTO_thread_id(),i,
+- 			ssl_ctx[0]->references,
+- 			ssl_ctx[1]->references); */
+- 	/*	pthread_delay_np(&tm);*/
+- 
+- 		ret=doit(ctx);
+- 		if (ret != 0)
+- 			{
+- 			fprintf(stdout,"error[%d] %lu - %d\n",
+- 				i,CRYPTO_thread_id(),ret);
+- 			return(ret);
+- 			}
+- 		}
+- 	fprintf(stdout,"DONE %lu\n",CRYPTO_thread_id());
+- 	if (reconnect)
+- 		{
+- 		SSL_free((SSL *)ctx[2]);
+- 		SSL_free((SSL *)ctx[3]);
+- 		}
+- 	return(0);
+- 	}
+- 
+- int doit(ctx)
+- char *ctx[4];
+- 	{
+- 	SSL_CTX *s_ctx,*c_ctx;
+- 	static char cbuf[200],sbuf[200];
+- 	SSL *c_ssl=NULL;
+- 	SSL *s_ssl=NULL;
+- 	BIO *c_to_s=NULL;
+- 	BIO *s_to_c=NULL;
+- 	BIO *c_bio=NULL;
+- 	BIO *s_bio=NULL;
+- 	int c_r,c_w,s_r,s_w;
+- 	int c_want,s_want;
+- 	int i;
+- 	int done=0;
+- 	int c_write,s_write;
+- 	int do_server=0,do_client=0;
+- 
+- 	s_ctx=(SSL_CTX *)ctx[0];
+- 	c_ctx=(SSL_CTX *)ctx[1];
+- 
+- 	if (ctx[2] != NULL)
+- 		s_ssl=(SSL *)ctx[2];
+- 	else
+- 		s_ssl=SSL_new(s_ctx);
+- 
+- 	if (ctx[3] != NULL)
+- 		c_ssl=(SSL *)ctx[3];
+- 	else
+- 		c_ssl=SSL_new(c_ctx);
+- 
+- 	if ((s_ssl == NULL) || (c_ssl == NULL)) goto err;
+- 
+- 	c_to_s=BIO_new(BIO_s_mem());
+- 	s_to_c=BIO_new(BIO_s_mem());
+- 	if ((s_to_c == NULL) || (c_to_s == NULL)) goto err;
+- 
+- 	c_bio=BIO_new(BIO_f_ssl());
+- 	s_bio=BIO_new(BIO_f_ssl());
+- 	if ((c_bio == NULL) || (s_bio == NULL)) goto err;
+- 
+- 	SSL_set_connect_state(c_ssl);
+- 	SSL_set_bio(c_ssl,s_to_c,c_to_s);
+- 	BIO_set_ssl(c_bio,c_ssl,(ctx[2] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+- 
+- 	SSL_set_accept_state(s_ssl);
+- 	SSL_set_bio(s_ssl,c_to_s,s_to_c);
+- 	BIO_set_ssl(s_bio,s_ssl,(ctx[3] == NULL)?BIO_CLOSE:BIO_NOCLOSE);
+- 
+- 	c_r=0; s_r=1;
+- 	c_w=1; s_w=0;
+- 	c_want=W_WRITE;
+- 	s_want=0;
+- 	c_write=1,s_write=0;
+- 
+- 	/* We can always do writes */
+- 	for (;;)
+- 		{
+- 		do_server=0;
+- 		do_client=0;
+- 
+- 		i=(int)BIO_pending(s_bio);
+- 		if ((i && s_r) || s_w) do_server=1;
+- 
+- 		i=(int)BIO_pending(c_bio);
+- 		if ((i && c_r) || c_w) do_client=1;
+- 
+- 		if (do_server && verbose)
+- 			{
+- 			if (SSL_in_init(s_ssl))
+- 				printf("server waiting in SSL_accept - %s\n",
+- 					SSL_state_string_long(s_ssl));
+- 			else if (s_write)
+- 				printf("server:SSL_write()\n");
+- 			else 
+- 				printf("server:SSL_read()\n");
+- 			}
+- 
+- 		if (do_client && verbose)
+- 			{
+- 			if (SSL_in_init(c_ssl))
+- 				printf("client waiting in SSL_connect - %s\n",
+- 					SSL_state_string_long(c_ssl));
+- 			else if (c_write)
+- 				printf("client:SSL_write()\n");
+- 			else
+- 				printf("client:SSL_read()\n");
+- 			}
+- 
+- 		if (!do_client && !do_server)
+- 			{
+- 			fprintf(stdout,"ERROR IN STARTUP\n");
+- 			break;
+- 			}
+- 		if (do_client && !(done & C_DONE))
+- 			{
+- 			if (c_write)
+- 				{
+- 				i=BIO_write(c_bio,"hello from client\n",18);
+- 				if (i < 0)
+- 					{
+- 					c_r=0;
+- 					c_w=0;
+- 					if (BIO_should_retry(c_bio))
+- 						{
+- 						if (BIO_should_read(c_bio))
+- 							c_r=1;
+- 						if (BIO_should_write(c_bio))
+- 							c_w=1;
+- 						}
+- 					else
+- 						{
+- 						fprintf(stderr,"ERROR in CLIENT\n");
+- 						return(1);
+- 						}
+- 					}
+- 				else if (i == 0)
+- 					{
+- 					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+- 					return(1);
+- 					}
+- 				else
+- 					{
+- 					/* ok */
+- 					c_write=0;
+- 					}
+- 				}
+- 			else
+- 				{
+- 				i=BIO_read(c_bio,cbuf,100);
+- 				if (i < 0)
+- 					{
+- 					c_r=0;
+- 					c_w=0;
+- 					if (BIO_should_retry(c_bio))
+- 						{
+- 						if (BIO_should_read(c_bio))
+- 							c_r=1;
+- 						if (BIO_should_write(c_bio))
+- 							c_w=1;
+- 						}
+- 					else
+- 						{
+- 						fprintf(stderr,"ERROR in CLIENT\n");
+- 						return(1);
+- 						}
+- 					}
+- 				else if (i == 0)
+- 					{
+- 					fprintf(stderr,"SSL CLIENT STARTUP FAILED\n");
+- 					return(1);
+- 					}
+- 				else
+- 					{
+- 					done|=C_DONE;
+- #ifdef undef
+- 					fprintf(stdout,"CLIENT:from server:");
+- 					fwrite(cbuf,1,i,stdout);
+- 					fflush(stdout);
+- #endif
+- 					}
+- 				}
+- 			}
+- 
+- 		if (do_server && !(done & S_DONE))
+- 			{
+- 			if (!s_write)
+- 				{
+- 				i=BIO_read(s_bio,sbuf,100);
+- 				if (i < 0)
+- 					{
+- 					s_r=0;
+- 					s_w=0;
+- 					if (BIO_should_retry(s_bio))
+- 						{
+- 						if (BIO_should_read(s_bio))
+- 							s_r=1;
+- 						if (BIO_should_write(s_bio))
+- 							s_w=1;
+- 						}
+- 					else
+- 						{
+- 						fprintf(stderr,"ERROR in SERVER\n");
+- 						ERR_print_errors_fp(stderr);
+- 						return(1);
+- 						}
+- 					}
+- 				else if (i == 0)
+- 					{
+- 					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+- 					return(1);
+- 					}
+- 				else
+- 					{
+- 					s_write=1;
+- 					s_w=1;
+- #ifdef undef
+- 					fprintf(stdout,"SERVER:from client:");
+- 					fwrite(sbuf,1,i,stdout);
+- 					fflush(stdout);
+- #endif
+- 					}
+- 				}
+- 			else
+- 				{
+- 				i=BIO_write(s_bio,"hello from server\n",18);
+- 				if (i < 0)
+- 					{
+- 					s_r=0;
+- 					s_w=0;
+- 					if (BIO_should_retry(s_bio))
+- 						{
+- 						if (BIO_should_read(s_bio))
+- 							s_r=1;
+- 						if (BIO_should_write(s_bio))
+- 							s_w=1;
+- 						}
+- 					else
+- 						{
+- 						fprintf(stderr,"ERROR in SERVER\n");
+- 						ERR_print_errors_fp(stderr);
+- 						return(1);
+- 						}
+- 					}
+- 				else if (i == 0)
+- 					{
+- 					fprintf(stderr,"SSL SERVER STARTUP FAILED\n");
+- 					return(1);
+- 					}
+- 				else
+- 					{
+- 					s_write=0;
+- 					s_r=1;
+- 					done|=S_DONE;
+- 					}
+- 				}
+- 			}
+- 
+- 		if ((done & S_DONE) && (done & C_DONE)) break;
+- 		}
+- 
+- 	SSL_set_shutdown(c_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+- 	SSL_set_shutdown(s_ssl,SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
+- 
+- #ifdef undef
+- 	fprintf(stdout,"DONE\n");
+- #endif
+- err:
+- 	/* We have to set the BIO's to NULL otherwise they will be
+- 	 * free()ed twice.  Once when th s_ssl is SSL_free()ed and
+- 	 * again when c_ssl is SSL_free()ed.
+- 	 * This is a hack required because s_ssl and c_ssl are sharing the same
+- 	 * BIO structure and SSL_set_bio() and SSL_free() automatically
+- 	 * BIO_free non NULL entries.
+- 	 * You should not normally do this or be required to do this */
+- 
+- 	if (s_ssl != NULL)
+- 		{
+- 		s_ssl->rbio=NULL;
+- 		s_ssl->wbio=NULL;
+- 		}
+- 	if (c_ssl != NULL)
+- 		{
+- 		c_ssl->rbio=NULL;
+- 		c_ssl->wbio=NULL;
+- 		}
+- 
+- 	/* The SSL's are optionally freed in the following calls */
+- 	if (c_to_s != NULL) BIO_free(c_to_s);
+- 	if (s_to_c != NULL) BIO_free(s_to_c);
+- 
+- 	if (c_bio != NULL) BIO_free(c_bio);
+- 	if (s_bio != NULL) BIO_free(s_bio);
+- 	return(0);
+- 	}
+- 
+- int MS_CALLBACK verify_callback(ok, xs, xi, depth, error, arg)
+- int ok;
+- X509 *xs;
+- X509 *xi;
+- int depth;
+- int error;
+- char *arg;
+- 	{
+- 	char buf[256];
+- 
+- 	if (verbose)
+- 		{
+- 		X509_NAME_oneline(X509_get_subject_name(xs),buf,256);
+- 		if (ok)
+- 			fprintf(stderr,"depth=%d %s\n",depth,buf);
+- 		else
+- 			fprintf(stderr,"depth=%d error=%d %s\n",depth,error,buf);
+- 		}
+- 	return(ok);
+- 	}
+- 
+- #define THREAD_STACK_SIZE (16*1024)
+- 
+- #ifdef WIN32
+- 
+- static PRLOCK lock_cs[CRYPTO_NUM_LOCKS];
+- 
+- void thread_setup()
+- 	{
+- 	int i;
+- 
+- 	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+- 		{
+- 		lock_cs[i]=CreateMutex(NULL,FALSE,NULL);
+- 		}
+- 
+- 	CRYPTO_set_locking_callback((void (*)(int,int,char *,int))win32_locking_callback);
+- 	/* id callback defined */
+- 	}
+- 
+- void thread_cleanup()
+- 	{
+- 	int i;
+- 
+- 	CRYPTO_set_locking_callback(NULL);
+- 	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+- 		CloseHandle(lock_cs[i]);
+- 	}
+- 
+- void win32_locking_callback(mode,type,file,line)
+- int mode;
+- int type;
+- char *file;
+- int line;
+- 	{
+- 	if (mode & CRYPTO_LOCK)
+- 		{
+- 		WaitForSingleObject(lock_cs[type],INFINITE);
+- 		}
+- 	else
+- 		{
+- 		ReleaseMutex(lock_cs[type]);
+- 		}
+- 	}
+- 
+- void do_threads(s_ctx,c_ctx)
+- SSL_CTX *s_ctx,*c_ctx;
+- 	{
+- 	double ret;
+- 	SSL_CTX *ssl_ctx[2];
+- 	DWORD thread_id[MAX_THREAD_NUMBER];
+- 	HANDLE thread_handle[MAX_THREAD_NUMBER];
+- 	int i;
+- 	SYSTEMTIME start,end;
+- 
+- 	ssl_ctx[0]=s_ctx;
+- 	ssl_ctx[1]=c_ctx;
+- 
+- 	GetSystemTime(&start);
+- 	for (i=0; i<thread_number; i++)
+- 		{
+- 		thread_handle[i]=CreateThread(NULL,
+- 			THREAD_STACK_SIZE,
+- 			(LPTHREAD_START_ROUTINE)ndoit,
+- 			(void *)ssl_ctx,
+- 			0L,
+- 			&(thread_id[i]));
+- 		}
+- 
+- 	printf("reaping\n");
+- 	for (i=0; i<thread_number; i+=50)
+- 		{
+- 		int j;
+- 
+- 		j=(thread_number < (i+50))?(thread_number-i):50;
+- 
+- 		if (WaitForMultipleObjects(j,
+- 			(CONST HANDLE *)&(thread_handle[i]),TRUE,INFINITE)
+- 			== WAIT_FAILED)
+- 			{
+- 			fprintf(stderr,"WaitForMultipleObjects failed:%d\n",GetLastError());
+- 			exit(1);
+- 			}
+- 		}
+- 	GetSystemTime(&end);
+- 
+- 	if (start.wDayOfWeek > end.wDayOfWeek) end.wDayOfWeek+=7;
+- 	ret=(end.wDayOfWeek-start.wDayOfWeek)*24;
+- 
+- 	ret=(ret+end.wHour-start.wHour)*60;
+- 	ret=(ret+end.wMinute-start.wMinute)*60;
+- 	ret=(ret+end.wSecond-start.wSecond);
+- 	ret+=(end.wMilliseconds-start.wMilliseconds)/1000.0;
+- 
+- 	printf("win32 threads done - %.3f seconds\n",ret);
+- 	}
+- 
+- #endif /* WIN32 */
+- 
+- #ifdef SOLARIS
+- 
+- static mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+- /*static rwlock_t lock_cs[CRYPTO_NUM_LOCKS]; */
+- static long lock_count[CRYPTO_NUM_LOCKS];
+- 
+- void thread_setup()
+- 	{
+- 	int i;
+- 
+- 	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+- 		{
+- 		lock_count[i]=0;
+- 		/* rwlock_init(&(lock_cs[i]),USYNC_THREAD,NULL); */
+- 		mutex_init(&(lock_cs[i]),USYNC_THREAD,NULL);
+- 		}
+- 
+- 	CRYPTO_set_id_callback((unsigned long (*)())solaris_thread_id);
+- 	CRYPTO_set_locking_callback((void (*)())solaris_locking_callback);
+- 	}
+- 
+- void thread_cleanup()
+- 	{
+- 	int i;
+- 
+- 	CRYPTO_set_locking_callback(NULL);
+- fprintf(stderr,"cleanup\n");
+- 	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+- 		{
+- 		/* rwlock_destroy(&(lock_cs[i])); */
+- 		mutex_destroy(&(lock_cs[i]));
+- 		fprintf(stderr,"%8ld:%s\n",lock_count[i],CRYPTO_get_lock_name(i));
+- 		}
+- fprintf(stderr,"done cleanup\n");
+- 	}
+- 
+- void solaris_locking_callback(mode,type,file,line)
+- int mode;
+- int type;
+- char *file;
+- int line;
+- 	{
+- #ifdef undef
+- fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+- 	CRYPTO_thread_id(),
+- 	(mode&CRYPTO_LOCK)?"l":"u",
+- 	(type&CRYPTO_READ)?"r":"w",file,line);
+- #endif
+- 
+- /*
+- if (CRYPTO_LOCK_SSL_CERT == type)
+- 	fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+- 		CRYPTO_thread_id(),
+- 		mode,file,line);
+- */
+- 	if (mode & CRYPTO_LOCK)
+- 		{
+- 	/*	if (mode & CRYPTO_READ)
+- 			rw_rdlock(&(lock_cs[type]));
+- 		else
+- 			rw_wrlock(&(lock_cs[type])); */
+- 
+- 		mutex_lock(&(lock_cs[type]));
+- 		lock_count[type]++;
+- 		}
+- 	else
+- 		{
+- /*		rw_unlock(&(lock_cs[type]));  */
+- 		mutex_unlock(&(lock_cs[type]));
+- 		}
+- 	}
+- 
+- void do_threads(s_ctx,c_ctx)
+- SSL_CTX *s_ctx,*c_ctx;
+- 	{
+- 	SSL_CTX *ssl_ctx[2];
+- 	thread_t thread_ctx[MAX_THREAD_NUMBER];
+- 	int i;
+- 
+- 	ssl_ctx[0]=s_ctx;
+- 	ssl_ctx[1]=c_ctx;
+- 
+- 	thr_setconcurrency(thread_number);
+- 	for (i=0; i<thread_number; i++)
+- 		{
+- 		thr_create(NULL, THREAD_STACK_SIZE,
+- 			(void *(*)())ndoit,
+- 			(void *)ssl_ctx,
+- 			0L,
+- 			&(thread_ctx[i]));
+- 		}
+- 
+- 	printf("reaping\n");
+- 	for (i=0; i<thread_number; i++)
+- 		{
+- 		thr_join(thread_ctx[i],NULL,NULL);
+- 		}
+- 
+- 	printf("solaris threads done (%d,%d)\n",
+- 		s_ctx->references,c_ctx->references);
+- 	}
+- 
+- unsigned long solaris_thread_id()
+- 	{
+- 	unsigned long ret;
+- 
+- 	ret=(unsigned long)thr_self();
+- 	return(ret);
+- 	}
+- #endif /* SOLARIS */
+- 
+- #ifdef IRIX
+- 
+- 
+- static usptr_t *arena;
+- static usema_t *lock_cs[CRYPTO_NUM_LOCKS];
+- 
+- void thread_setup()
+- 	{
+- 	int i;
+- 	char filename[20];
+- 
+- 	strcpy(filename,"/tmp/mttest.XXXXXX");
+- 	mktemp(filename);
+- 
+- 	usconfig(CONF_STHREADIOOFF);
+- 	usconfig(CONF_STHREADMALLOCOFF);
+- 	usconfig(CONF_INITUSERS,100);
+- 	usconfig(CONF_LOCKTYPE,US_DEBUGPLUS);
+- 	arena=usinit(filename);
+- 	unlink(filename);
+- 
+- 	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+- 		{
+- 		lock_cs[i]=usnewsema(arena,1);
+- 		}
+- 
+- 	CRYPTO_set_id_callback((unsigned long (*)())irix_thread_id);
+- 	CRYPTO_set_locking_callback((void (*)())irix_locking_callback);
+- 	}
+- 
+- void thread_cleanup()
+- 	{
+- 	int i;
+- 
+- 	CRYPTO_set_locking_callback(NULL);
+- 	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+- 		{
+- 		char buf[10];
+- 
+- 		sprintf(buf,"%2d:",i);
+- 		usdumpsema(lock_cs[i],stdout,buf);
+- 		usfreesema(lock_cs[i],arena);
+- 		}
+- 	}
+- 
+- void irix_locking_callback(mode,type,file,line)
+- int mode;
+- int type;
+- char *file;
+- int line;
+- 	{
+- 	if (mode & CRYPTO_LOCK)
+- 		{
+- 		printf("lock %d\n",type);
+- 		uspsema(lock_cs[type]);
+- 		}
+- 	else
+- 		{
+- 		printf("unlock %d\n",type);
+- 		usvsema(lock_cs[type]);
+- 		}
+- 	}
+- 
+- void do_threads(s_ctx,c_ctx)
+- SSL_CTX *s_ctx,*c_ctx;
+- 	{
+- 	SSL_CTX *ssl_ctx[2];
+- 	int thread_ctx[MAX_THREAD_NUMBER];
+- 	int i;
+- 
+- 	ssl_ctx[0]=s_ctx;
+- 	ssl_ctx[1]=c_ctx;
+- 
+- 	for (i=0; i<thread_number; i++)
+- 		{
+- 		thread_ctx[i]=sproc((void (*)())ndoit,
+- 			PR_SADDR|PR_SFDS,(void *)ssl_ctx);
+- 		}
+- 
+- 	printf("reaping\n");
+- 	for (i=0; i<thread_number; i++)
+- 		{
+- 		wait(NULL);
+- 		}
+- 
+- 	printf("irix threads done (%d,%d)\n",
+- 		s_ctx->references,c_ctx->references);
+- 	}
+- 
+- unsigned long irix_thread_id()
+- 	{
+- 	unsigned long ret;
+- 
+- 	ret=(unsigned long)getpid();
+- 	return(ret);
+- 	}
+- #endif /* IRIX */
+- 
+- #ifdef PTHREADS
+- 
+- static pthread_mutex_t lock_cs[CRYPTO_NUM_LOCKS];
+- static long lock_count[CRYPTO_NUM_LOCKS];
+- 
+- void thread_setup()
+- 	{
+- 	int i;
+- 
+- 	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+- 		{
+- 		lock_count[i]=0;
+- 		pthread_mutex_init(&(lock_cs[i]),NULL);
+- 		}
+- 
+- 	CRYPTO_set_id_callback((unsigned long (*)())pthreads_thread_id);
+- 	CRYPTO_set_locking_callback((void (*)())pthreads_locking_callback);
+- 	}
+- 
+- void thread_cleanup()
+- 	{
+- 	int i;
+- 
+- 	CRYPTO_set_locking_callback(NULL);
+- 	fprintf(stderr,"cleanup\n");
+- 	for (i=0; i<CRYPTO_NUM_LOCKS; i++)
+- 		{
+- 		pthread_mutex_destroy(&(lock_cs[i]));
+- 		fprintf(stderr,"%8ld:%s\n",lock_count[i],
+- 			CRYPTO_get_lock_name(i));
+- 		}
+- 	fprintf(stderr,"done cleanup\n");
+- 	}
+- 
+- void pthreads_locking_callback(mode,type,file,line)
+- int mode;
+- int type;
+- char *file;
+- int line;
+-       {
+- #ifdef undef
+- 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
+- 		CRYPTO_thread_id(),
+- 		(mode&CRYPTO_LOCK)?"l":"u",
+- 		(type&CRYPTO_READ)?"r":"w",file,line);
+- #endif
+- /*
+- 	if (CRYPTO_LOCK_SSL_CERT == type)
+- 		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
+- 		CRYPTO_thread_id(),
+- 		mode,file,line);
+- */
+- 	if (mode & CRYPTO_LOCK)
+- 		{
+- 		pthread_mutex_lock(&(lock_cs[type]));
+- 		lock_count[type]++;
+- 		}
+- 	else
+- 		{
+- 		pthread_mutex_unlock(&(lock_cs[type]));
+- 		}
+- 	}
+- 
+- void do_threads(s_ctx,c_ctx)
+- SSL_CTX *s_ctx,*c_ctx;
+- 	{
+- 	SSL_CTX *ssl_ctx[2];
+- 	pthread_t thread_ctx[MAX_THREAD_NUMBER];
+- 	int i;
+- 
+- 	ssl_ctx[0]=s_ctx;
+- 	ssl_ctx[1]=c_ctx;
+- 
+- 	/*
+- 	thr_setconcurrency(thread_number);
+- 	*/
+- 	for (i=0; i<thread_number; i++)
+- 		{
+- 		pthread_create(&(thread_ctx[i]), NULL,
+- 			(void *(*)())ndoit, (void *)ssl_ctx);
+- 		}
+- 
+- 	printf("reaping\n");
+- 	for (i=0; i<thread_number; i++)
+- 		{
+- 		pthread_join(thread_ctx[i],NULL);
+- 		}
+- 
+- 	printf("pthreads threads done (%d,%d)\n",
+- 	s_ctx->references,c_ctx->references);
+- 	}
+- 
+- unsigned long pthreads_thread_id()
+- 	{
+- 	unsigned long ret;
+- 
+- 	ret=(unsigned long)pthread_self();
+- 	return(ret);
+- 	}
+- 
+- #endif /* PTHREADS */
+- 
+- 
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/mt/profile.sh ../RELENG_4_6/crypto/openssl/mt/profile.sh
+*** crypto/openssl/mt/profile.sh	Mon Jan 10 01:21:58 2000
+--- ../RELENG_4_6/crypto/openssl/mt/profile.sh	Wed Dec 31 19:00:00 1969
+***************
+*** 1,4 ****
+- #!/bin/sh
+- /bin/rm -f mttest
+- cc -p -DSOLARIS -I../include -g mttest.c -o mttest -L/usr/lib/libc -ldl -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/mt/pthread.sh ../RELENG_4_6/crypto/openssl/mt/pthread.sh
+*** crypto/openssl/mt/pthread.sh	Mon Jan 10 01:21:58 2000
+--- ../RELENG_4_6/crypto/openssl/mt/pthread.sh	Wed Dec 31 19:00:00 1969
+***************
+*** 1,9 ****
+- #!/bin/sh
+- #
+- # build using pthreads
+- #
+- # http://www.mit.edu:8001/people/proven/pthreads.html
+- #
+- /bin/rm -f mttest
+- pgcc -DPTHREADS -I../include -g mttest.c -o mttest -L.. -lssl -lcrypto 
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/mt/purify.sh ../RELENG_4_6/crypto/openssl/mt/purify.sh
+*** crypto/openssl/mt/purify.sh	Mon Jan 10 01:21:58 2000
+--- ../RELENG_4_6/crypto/openssl/mt/purify.sh	Wed Dec 31 19:00:00 1969
+***************
+*** 1,4 ****
+- #!/bin/sh
+- /bin/rm -f mttest
+- purify cc -DSOLARIS -I../include -g mttest.c -o mttest -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/mt/solaris.sh ../RELENG_4_6/crypto/openssl/mt/solaris.sh
+*** crypto/openssl/mt/solaris.sh	Mon Jan 10 01:21:58 2000
+--- ../RELENG_4_6/crypto/openssl/mt/solaris.sh	Wed Dec 31 19:00:00 1969
+***************
+*** 1,4 ****
+- #!/bin/sh
+- /bin/rm -f mttest
+- cc -DSOLARIS -I../include -g mttest.c -o mttest -L.. -lthread  -lssl -lcrypto -lnsl -lsocket
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/openssl.spec ../RELENG_4_6/crypto/openssl/openssl.spec
+*** crypto/openssl/openssl.spec	Wed Jul  4 19:19:08 2001
+--- ../RELENG_4_6/crypto/openssl/openssl.spec	Thu Dec  5 17:53:27 2002
+***************
+*** 1,7 ****
+  %define libmaj 0
+  %define libmin 9
+  %define librel 6
+! %define librev a
+  Release: 1
+  
+  %define openssldir /var/ssl
+--- 1,7 ----
+  %define libmaj 0
+  %define libmin 9
+  %define librel 6
+! %define librev i
+  Release: 1
+  
+  %define openssldir /var/ssl
+***************
+*** 114,120 ****
+  install -m644 libRSAglue.a $RPM_BUILD_ROOT/usr/lib
+  
+  # Make backwards-compatibility symlink to ssleay
+! ln -s /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
+  
+  %clean
+  rm -rf $RPM_BUILD_ROOT
+--- 114,120 ----
+  install -m644 libRSAglue.a $RPM_BUILD_ROOT/usr/lib
+  
+  # Make backwards-compatibility symlink to ssleay
+! ln -sf /usr/bin/openssl $RPM_BUILD_ROOT/usr/bin/ssleay
+  
+  %clean
+  rm -rf $RPM_BUILD_ROOT
+***************
+*** 135,148 ****
+  %dir %attr(0750,root,root) %{openssldir}/private
+  
+  %files devel
+  %doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+  
+- %defattr(0644,root,root,0755)
+  %attr(0644,root,root) /usr/lib/*.a
+  %attr(0644,root,root) /usr/include/openssl/*
+  %attr(0644,root,root) /usr/man/man[3]/*
+  
+  %files doc
+  %doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+  %doc doc
+  
+--- 135,149 ----
+  %dir %attr(0750,root,root) %{openssldir}/private
+  
+  %files devel
++ %defattr(0644,root,root,0755)
+  %doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+  
+  %attr(0644,root,root) /usr/lib/*.a
+  %attr(0644,root,root) /usr/include/openssl/*
+  %attr(0644,root,root) /usr/man/man[3]/*
+  
+  %files doc
++ %defattr(0644,root,root,0755)
+  %doc CHANGES CHANGES.SSLeay LICENSE NEWS README
+  %doc doc
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/shlib/Makefile.hpux10-cc ../RELENG_4_6/crypto/openssl/shlib/Makefile.hpux10-cc
+*** crypto/openssl/shlib/Makefile.hpux10-cc	Sun Aug 20 04:48:47 2000
+--- ../RELENG_4_6/crypto/openssl/shlib/Makefile.hpux10-cc	Wed Dec 31 19:00:00 1969
+***************
+*** 1,51 ****
+- # Makefile.hpux-cc
+- 
+- major=1
+- 
+- slib=libssl
+- sh_slib=$(slib).so.$(major)
+- 
+- clib=libcrypto
+- sh_clib=$(clib).so.$(major)
+- 
+- all : $(clib).sl $(slib).sl
+- 
+- 
+- $(clib)_pic.a : $(clib).a
+- 	echo "Copying $? to $@"
+- 	cp -p $? $@
+- 
+- $(slib)_pic.a : $(slib).a
+- 	echo "Copying $? to $@"
+- 	cp -p $? $@
+- 
+- $(sh_clib) : $(clib)_pic.a
+- 	echo "collecting all object files for $@"
+- 	find . -name \*.o -print > allobjs
+- 	for obj in `ar t $(clib)_pic.a`; \
+- 	do \
+- 		grep /$$obj allobjs; \
+- 	done >objlist
+- 	echo "linking $@"
+- 	ld -b -s -z +h $@ -o $@ `cat objlist` -lc 
+- 	rm allobjs objlist
+- 
+- $(clib).sl : $(sh_clib)
+- 	rm -f $@
+- 	ln -s $? $@
+- 
+- $(sh_slib) : $(slib)_pic.a $(clib).sl
+- 	echo "collecting all object files for $@"
+- 	find . -name \*.o -print > allobjs
+- 	for obj in `ar t $(slib)_pic.a`; \
+- 	do \
+- 		grep /$$obj allobjs; \
+- 	done >objlist
+- 	echo "linking $@"
+- 	ld -b -s -z +h $@ +b /usr/local/ssl/lib:/usr/lib -o $@ `cat objlist` \
+- 			-L. -lcrypto -lc
+- 	rm -f allobjs objlist
+-         
+- $(slib).sl : $(sh_slib)
+- 	rm -f $@
+- 	ln -s $? $@
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/shlib/hpux10-cc.sh ../RELENG_4_6/crypto/openssl/shlib/hpux10-cc.sh
+*** crypto/openssl/shlib/hpux10-cc.sh	Sun Aug 20 04:48:47 2000
+--- ../RELENG_4_6/crypto/openssl/shlib/hpux10-cc.sh	Wed Dec 31 19:00:00 1969
+***************
+*** 1,90 ****
+- #!/usr/bin/sh
+- #
+- # Run this script from the OpenSSL root directory:
+- # sh shlib/hpux10-cc.sh
+- # 
+- # HP-UX (10.20) shared library installation:
+- # Compile and install OpenSSL with best possible optimization:
+- # - shared libraries are compiled and installed with +O4 optimization
+- # - executable(s) are compiled and installed with +O4 optimization
+- # - static libraries are compiled and installed with +O3 optimization,
+- #   to avoid the time consuming +O4 link-time optimization when using
+- #   these libraries. (The shared libs are already optimized during build
+- #   at +O4.)
+- #
+- # This script must be run with appropriate privileges to install into
+- # /usr/local/ssl. HP-UX prevents used executables and shared libraries
+- # from being deleted or overwritten. Stop all processes using already
+- # installed items of OpenSSL.
+- #
+- # WARNING: At high optimization levels, HP's ANSI-C compiler can chew up
+- #          large amounts of memory and CPU time. Make sure to have at least
+- #          128MB of RAM available and that your kernel is configured to allow
+- #          at least 128MB data size (maxdsiz parameter).
+- #          The installation process can take several hours, even on fast
+- #          machines. +O4 optimization of the libcrypto.sl shared library may
+- #          take 1 hour on a C200 (200MHz PA8200 CPU), +O3 compilation of
+- #          fcrypt_b.c can take 20 minutes on this machine. Stay patient.
+- #
+- # SITEFLAGS: site specific flags. I do use +DAportable, since I have to
+- # support older PA1.1-type CPUs. Your mileage may vary.
+- # +w1 enables enhanced warnings, useful when working with snaphots.
+- #
+- SITEFLAGS="+DAportable +w1"
+- #
+- # Set the default additions to build with HP-UX.
+- # -D_REENTRANT must/should be defined on HP-UX manually, since we do call
+- # Configure directly.
+- # +Oall increases the optimization done.
+- #
+- MYFLAGS="-D_REENTRANT +Oall $SITEFLAGS"
+- 
+- # Configure for pic and build the static pic libraries
+- perl5 Configure hpux-parisc-cc-o4 +z ${MYFLAGS}
+- make clean
+- make DIRS="crypto ssl"
+- # Rename the static pic libs and build dynamic libraries from them
+- # Be prepared to see a lot of warnings about shared libraries being built
+- # with optimizations higher than +O2. When using these libraries, it is
+- # not possible to replace internal library functions with functions from
+- # the program to be linked.
+- #
+- make -f shlib/Makefile.hpux10-cc
+- 
+- # Copy the libraries to /usr/local/ssl/lib (they have to be in their
+- # final location when linking applications).
+- # If the directories are still there, no problem.
+- mkdir /usr/local
+- mkdir /usr/local/ssl
+- mkdir /usr/local/ssl/lib
+- chmod 444 lib*_pic.a
+- chmod 555 lib*.so.1
+- cp -p lib*_pic.a lib*.so.1 /usr/local/ssl/lib
+- (cd /usr/local/ssl/lib ; ln -sf libcrypto.so.1 libcrypto.sl ; ln -sf libssl.so.1 libssl.sl)
+- 
+- # Reconfigure without pic to compile the executables. Unfortunately, while
+- # performing this task we have to recompile the library components, even
+- # though we use the already installed shared libs anyway.
+- #
+- perl5 Configure hpux-parisc-cc-o4 ${MYFLAGS}
+- 
+- make clean
+- 
+- # Hack the Makefiles to pick up the dynamic libraries during linking
+- #
+- sed 's/^PEX_LIBS=.*$/PEX_LIBS=-L\/usr\/local\/ssl\/lib -Wl,+b,\/usr\/local\/ssl\/lib:\/usr\/lib/' Makefile.ssl >xxx; mv xxx Makefile.ssl
+- sed 's/-L\.\.//' apps/Makefile.ssl >xxx; mv xxx apps/Makefile.ssl
+- sed 's/-L\.\.//' test/Makefile.ssl >xxx; mv xxx test/Makefile.ssl
+- # Build the static libs and the executables in one make.
+- make
+- # Install everything
+- make install
+- 
+- # Finally build the static libs with +O3. This time we only need the libraries,
+- # once created, they are simply copied into place.
+- #
+- perl5 Configure hpux-parisc-cc ${MYFLAGS}
+- make clean
+- make DIRS="crypto ssl"
+- chmod 644 libcrypto.a libssl.a
+- cp -p libcrypto.a libssl.a /usr/local/ssl/lib
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/shlib/irix.sh ../RELENG_4_6/crypto/openssl/shlib/irix.sh
+*** crypto/openssl/shlib/irix.sh	Mon Jan 10 01:21:59 2000
+--- ../RELENG_4_6/crypto/openssl/shlib/irix.sh	Wed Dec 31 19:00:00 1969
+***************
+*** 1,7 ****
+- FLAGS="-DTERMIOS -O2 -mips2 -DB_ENDIAN -fomit-frame-pointer -Wall -Iinclude"
+- SHFLAGS="-DPIC -fpic"
+- 
+- gcc -c -Icrypto $SHFLAGS $FLAGS -o crypto.o crypto/crypto.c
+- ld -shared -o libcrypto.so crypto.o
+- gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c
+- ld -shared -o libssl.so ssl.o
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/shlib/solaris-sc4.sh ../RELENG_4_6/crypto/openssl/shlib/solaris-sc4.sh
+*** crypto/openssl/shlib/solaris-sc4.sh	Mon Jan 10 01:21:59 2000
+--- ../RELENG_4_6/crypto/openssl/shlib/solaris-sc4.sh	Wed Dec 31 19:00:00 1969
+***************
+*** 1,42 ****
+- #!/bin/sh
+- 
+- major="1"
+- 
+- slib=libssl
+- sh_slib=$slib.so.$major
+- 
+- clib=libcrypto
+- sh_clib=$clib.so.$major
+- 
+- echo collecting all object files for $clib.so
+- OBJS=
+- find . -name \*.o -print > allobjs
+- for obj in `ar t libcrypto.a`
+- do
+- 	OBJS="$OBJS `grep $obj allobjs`"
+- done
+- 
+- echo linking $clib.so
+- cc -G -o $sh_clib -h $sh_clib $OBJS -lnsl -lsocket
+- 
+- rm -f $clib.so
+- ln -s $sh_clib $clib.so
+- 
+- echo collecting all object files for $slib.so
+- OBJS=
+- for obj in `ar t libssl.a`
+- do
+- 	OBJS="$OBJS `grep $obj allobjs`"
+- done
+- 
+- echo linking $slib.so
+- cc -G -o $sh_slib -h $sh_slib $OBJS -L. -lcrypto
+- 	
+- rm -f $slib.so
+- ln -s $sh_slib $slib.so
+- 
+- rm -f allobjs
+- 
+- mv libRSAglue.a libRSAglue.a.orig
+- mv libcrypto.a  libcrypto.a.orig
+- mv libssl.a     libssl.a.orig 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/shlib/solaris.sh ../RELENG_4_6/crypto/openssl/shlib/solaris.sh
+*** crypto/openssl/shlib/solaris.sh	Mon Jan 10 01:21:59 2000
+--- ../RELENG_4_6/crypto/openssl/shlib/solaris.sh	Wed Dec 31 19:00:00 1969
+***************
+*** 1,36 ****
+- #!/bin/sh
+- 
+- echo "#define DATE      \"`date`\"" >crypto/date.h
+- 
+- major="0"
+- minor="8.0"
+- slib=libssl
+- clib=libcrypto
+- CC=gcc
+- CPP='gcc -E'
+- AS=as
+- #FLAGS='-DTERMIO -O3 -DL_ENDIAN -fomit-frame-pointer -mv8 -Wall'
+- FLAGS='-DTERMIO -g2 -ggdb -DL_ENDIAN -Wall -DREF_CHECK -DCRYPTO_MDEBUG'
+- INCLUDE='-Iinclude -Icrypto -Issl'
+- SHFLAGS='-DPIC -fpic'
+- 
+- CFLAGS="$FLAGS $INCLUDE $SHFLAGS"
+- ASM_OBJ="";
+- 
+- echo compiling bignum assember
+- $AS -o bn_asm.o crypto/bn/asm/sparc.s
+- CFLAGS="$CFLAGS -DBN_ASM"
+- ASM_OBJ="$ASM_OBJ bn_asm.o"
+- 
+- echo compiling $clib
+- $CC -c $CFLAGS -DCFLAGS="\"$FLAGS\"" -o crypto.o crypto/crypto.c
+- 
+- echo linking $clib.so
+- gcc $CFLAGS -shared -o $clib.so.$major.$minor crypto.o $ASM_OBJ -lnsl -lsocket
+- 
+- echo compiling $slib.so
+- $CC -c $CFLAGS -o ssl.o ssl/ssl.c
+- 
+- echo building $slib.so
+- gcc $CFLAGS -shared -o $slib.so ssl.o -L. -lcrypto
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/shlib/sun.sh ../RELENG_4_6/crypto/openssl/shlib/sun.sh
+*** crypto/openssl/shlib/sun.sh	Mon Jan 10 01:21:59 2000
+--- ../RELENG_4_6/crypto/openssl/shlib/sun.sh	Wed Dec 31 19:00:00 1969
+***************
+*** 1,8 ****
+- FLAGS="-DTERMIO -O3 -DB_ENDIAN -fomit-frame-pointer -mv8 -Wall -Iinclude"
+- SHFLAGS="-DPIC -fpic"
+- 
+- gcc -c -Icrypto $SHFLAGS -fpic $FLAGS -o crypto.o crypto/crypto.c
+- ld -G -z text -o libcrypto.so crypto.o
+- 
+- gcc -c -Issl $SHFLAGS $FLAGS -o ssl.o ssl/ssl.c
+- ld -G -z text -o libssl.so ssl.o
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/Makefile.save ../RELENG_4_6/crypto/openssl/ssl/Makefile.save
+*** crypto/openssl/ssl/Makefile.save	Sun Aug 20 04:48:48 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,831 ****
+- #
+- # SSLeay/ssl/Makefile
+- #
+- 
+- DIR=	ssl
+- TOP=	..
+- CC=	cc
+- INCLUDES= -I../crypto -I../include
+- CFLAG=-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=/usr/local/ssl
+- MAKE=		make -f Makefile.ssl
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- MAKEFILE=	Makefile.ssl
+- AR=		ar r
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile README ssl-lib.com install.com
+- TEST=ssltest.c
+- APPS=
+- 
+- LIB=$(TOP)/libssl.a
+- LIBSRC=	\
+- 	s2_meth.c   s2_srvr.c s2_clnt.c  s2_lib.c  s2_enc.c s2_pkt.c \
+- 	s3_meth.c   s3_srvr.c s3_clnt.c  s3_lib.c  s3_enc.c s3_pkt.c s3_both.c \
+- 	s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c          s23_pkt.c \
+- 	t1_meth.c   t1_srvr.c t1_clnt.c  t1_lib.c  t1_enc.c \
+- 	ssl_lib.c ssl_err2.c ssl_cert.c ssl_sess.c \
+- 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
+- 	ssl_asn1.c ssl_txt.c ssl_algs.c \
+- 	bio_ssl.c ssl_err.c
+- LIBOBJ= \
+- 	s2_meth.o  s2_srvr.o  s2_clnt.o  s2_lib.o  s2_enc.o s2_pkt.o \
+- 	s3_meth.o  s3_srvr.o  s3_clnt.o  s3_lib.o  s3_enc.o s3_pkt.o s3_both.o \
+- 	s23_meth.o s23_srvr.o s23_clnt.o s23_lib.o          s23_pkt.o \
+- 	t1_meth.o   t1_srvr.o t1_clnt.o  t1_lib.o  t1_enc.o \
+- 	ssl_lib.o ssl_err2.o ssl_cert.o ssl_sess.o \
+- 	ssl_ciph.o ssl_stat.o ssl_rsa.o \
+- 	ssl_asn1.o ssl_txt.o ssl_algs.o \
+- 	bio_ssl.o ssl_err.o
+- 
+- SRC= $(LIBSRC)
+- 
+- EXHEADER= ssl.h ssl2.h ssl3.h ssl23.h tls1.h
+- HEADER=	$(EXHEADER) ssl_locl.h
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ..; $(MAKE) DIRS=$(DIR) all)
+- 
+- all:	lib
+- 
+- lib:	$(LIBOBJ)
+- 	$(AR) $(LIB) $(LIBOBJ)
+- 	$(RANLIB) $(LIB)
+- 	@touch lib
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 	@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../test $(TEST)
+- 	@$(PERL) $(TOP)/util/mklink.pl ../apps $(APPS)
+- 
+- install:
+- 	@for i in $(EXHEADER) ; \
+- 	do  \
+- 	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+- 	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+- 	done;
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- bio_ssl.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- bio_ssl.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- bio_ssl.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- bio_ssl.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- bio_ssl.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- bio_ssl.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- bio_ssl.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- bio_ssl.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- bio_ssl.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- bio_ssl.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- bio_ssl.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- bio_ssl.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- bio_ssl.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- bio_ssl.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- bio_ssl.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- bio_ssl.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- bio_ssl.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- bio_ssl.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- bio_ssl.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- bio_ssl.o: ../include/openssl/x509_vfy.h
+- s23_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s23_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s23_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s23_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s23_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s23_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s23_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s23_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s23_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s23_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s23_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s23_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s23_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s23_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- s23_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s23_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s23_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s23_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s23_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s23_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s23_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- s23_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s23_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s23_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s23_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s23_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s23_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s23_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s23_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s23_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s23_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s23_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s23_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s23_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s23_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s23_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s23_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s23_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s23_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s23_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s23_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s23_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s23_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s23_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s23_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s23_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s23_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s23_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s23_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s23_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s23_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s23_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s23_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s23_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s23_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s23_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s23_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s23_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s23_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s23_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s23_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s23_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s23_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s23_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s23_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s23_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s23_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s23_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s23_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s23_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s23_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s23_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s23_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s23_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s23_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s23_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s23_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s23_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s23_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s23_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s23_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s23_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s23_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s23_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s23_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s23_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s23_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s23_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s23_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s23_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s23_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s23_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s23_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s23_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s23_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s23_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s23_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s23_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- s23_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s23_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s23_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s23_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s23_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s23_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s23_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s2_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s2_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s2_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s2_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s2_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s2_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- s2_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s2_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s2_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s2_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s2_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s2_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s2_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- s2_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s2_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s2_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s2_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s2_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s2_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s2_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s2_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s2_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s2_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s2_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s2_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s2_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s2_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s2_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s2_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s2_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s2_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s2_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s2_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s2_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s2_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s2_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s2_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s2_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s2_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s2_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s2_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s2_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s2_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s2_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s2_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s2_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s2_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s2_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s2_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s2_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s2_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s2_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s2_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s2_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s2_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s2_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s2_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s2_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s2_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s2_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s2_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s2_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s2_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s2_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s2_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s2_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s2_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s2_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s2_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s2_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s2_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s2_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s2_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s2_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s2_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s2_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s2_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s2_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s2_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s2_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s2_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s2_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s2_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s2_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s2_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s2_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s2_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s2_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s2_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s2_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s2_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s2_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s2_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- s2_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s2_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s2_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s2_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s2_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s2_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s2_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- s3_both.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s3_both.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s3_both.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s3_both.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s3_both.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s3_both.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s3_both.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s3_both.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s3_both.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s3_both.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s3_both.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s3_both.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s3_both.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s3_both.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- s3_both.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s3_both.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s3_both.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s3_both.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s3_both.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s3_both.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s3_both.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s3_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s3_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s3_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s3_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s3_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s3_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- s3_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s3_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s3_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s3_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s3_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s3_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s3_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- s3_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s3_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s3_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s3_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s3_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s3_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s3_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s3_enc.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s3_enc.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s3_enc.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s3_enc.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s3_enc.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s3_enc.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s3_enc.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s3_enc.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s3_enc.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s3_enc.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s3_enc.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s3_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s3_enc.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s3_enc.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s3_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s3_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s3_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s3_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s3_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s3_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s3_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s3_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s3_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s3_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s3_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s3_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s3_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s3_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s3_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s3_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s3_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s3_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s3_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s3_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s3_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s3_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s3_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s3_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s3_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s3_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s3_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s3_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s3_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s3_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s3_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s3_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s3_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s3_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s3_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s3_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s3_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s3_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s3_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s3_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s3_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s3_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s3_pkt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s3_pkt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s3_pkt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s3_pkt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s3_pkt.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s3_pkt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s3_pkt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s3_pkt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s3_pkt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s3_pkt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s3_pkt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s3_pkt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s3_pkt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s3_pkt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- s3_pkt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- s3_pkt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- s3_pkt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- s3_pkt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- s3_pkt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- s3_pkt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- s3_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+- s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- s3_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- s3_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- s3_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- s3_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- s3_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- s3_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- s3_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- s3_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- s3_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- s3_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- s3_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- s3_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- ssl_algs.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssl_algs.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssl_algs.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssl_algs.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- ssl_algs.o: ../include/openssl/des.h ../include/openssl/dh.h
+- ssl_algs.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- ssl_algs.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- ssl_algs.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- ssl_algs.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- ssl_algs.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- ssl_algs.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- ssl_algs.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- ssl_algs.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- ssl_algs.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- ssl_algs.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- ssl_algs.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- ssl_algs.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- ssl_algs.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- ssl_algs.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- ssl_algs.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+- ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+- ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+- ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+- ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+- ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- ssl_asn1.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- ssl_asn1.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- ssl_asn1.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- ssl_asn1.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- ssl_asn1.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- ssl_asn1.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- ssl_asn1.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- ssl_asn1.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- ssl_asn1.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- ssl_asn1.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- ssl_asn1.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- ssl_asn1.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- ssl_cert.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssl_cert.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssl_cert.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssl_cert.o: ../include/openssl/comp.h ../include/openssl/conf.h
+- ssl_cert.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+- ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- ssl_cert.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+- ssl_cert.o: ssl_locl.h
+- ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssl_ciph.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- ssl_ciph.o: ../include/openssl/des.h ../include/openssl/dh.h
+- ssl_ciph.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- ssl_ciph.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- ssl_ciph.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- ssl_ciph.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- ssl_ciph.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- ssl_ciph.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- ssl_ciph.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- ssl_ciph.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- ssl_ciph.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- ssl_ciph.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- ssl_ciph.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- ssl_ciph.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- ssl_ciph.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- ssl_ciph.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- ssl_ciph.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- ssl_ciph.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- ssl_err.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssl_err.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssl_err.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssl_err.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- ssl_err.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- ssl_err.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- ssl_err.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- ssl_err.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- ssl_err.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- ssl_err.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- ssl_err.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- ssl_err.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- ssl_err.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- ssl_err.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- ssl_err.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- ssl_err.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- ssl_err.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- ssl_err.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- ssl_err.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- ssl_err.o: ../include/openssl/x509_vfy.h
+- ssl_err2.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssl_err2.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssl_err2.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssl_err2.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- ssl_err2.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- ssl_err2.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- ssl_err2.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- ssl_err2.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- ssl_err2.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- ssl_err2.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- ssl_err2.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- ssl_err2.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- ssl_err2.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- ssl_err2.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- ssl_err2.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- ssl_err2.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- ssl_err2.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- ssl_err2.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- ssl_err2.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- ssl_err2.o: ../include/openssl/x509_vfy.h
+- ssl_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssl_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssl_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+- ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+- ssl_lib.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- ssl_lib.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+- ssl_lib.o: ../include/openssl/x509v3.h ssl_locl.h
+- ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssl_rsa.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- ssl_rsa.o: ../include/openssl/des.h ../include/openssl/dh.h
+- ssl_rsa.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- ssl_rsa.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- ssl_rsa.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- ssl_rsa.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- ssl_rsa.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- ssl_rsa.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- ssl_rsa.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- ssl_rsa.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- ssl_rsa.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- ssl_rsa.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- ssl_rsa.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- ssl_rsa.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- ssl_rsa.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- ssl_rsa.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- ssl_rsa.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- ssl_sess.o: ../include/openssl/des.h ../include/openssl/dh.h
+- ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- ssl_sess.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- ssl_sess.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- ssl_sess.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- ssl_sess.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- ssl_sess.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- ssl_sess.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- ssl_sess.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- ssl_sess.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- ssl_sess.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- ssl_sess.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- ssl_sess.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- ssl_sess.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- ssl_stat.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssl_stat.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssl_stat.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssl_stat.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- ssl_stat.o: ../include/openssl/des.h ../include/openssl/dh.h
+- ssl_stat.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- ssl_stat.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- ssl_stat.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- ssl_stat.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- ssl_stat.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- ssl_stat.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- ssl_stat.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- ssl_stat.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- ssl_stat.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- ssl_stat.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- ssl_stat.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- ssl_stat.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- ssl_stat.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- ssl_stat.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- ssl_stat.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- ssl_stat.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- ssl_txt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssl_txt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssl_txt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssl_txt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- ssl_txt.o: ../include/openssl/des.h ../include/openssl/dh.h
+- ssl_txt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- ssl_txt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- ssl_txt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- ssl_txt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- ssl_txt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- ssl_txt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- ssl_txt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- ssl_txt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- ssl_txt.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- ssl_txt.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- ssl_txt.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- ssl_txt.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- ssl_txt.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- ssl_txt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- ssl_txt.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- ssl_txt.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- t1_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- t1_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- t1_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- t1_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- t1_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+- t1_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- t1_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- t1_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- t1_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- t1_clnt.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- t1_clnt.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- t1_clnt.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- t1_clnt.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- t1_clnt.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- t1_clnt.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- t1_clnt.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- t1_clnt.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- t1_clnt.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- t1_clnt.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- t1_clnt.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- t1_clnt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- t1_enc.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- t1_enc.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- t1_enc.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- t1_enc.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- t1_enc.o: ../include/openssl/des.h ../include/openssl/dh.h
+- t1_enc.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- t1_enc.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- t1_enc.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+- t1_enc.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- t1_enc.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- t1_enc.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- t1_enc.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- t1_enc.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- t1_enc.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+- t1_enc.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- t1_enc.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- t1_enc.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- t1_enc.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- t1_enc.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- t1_enc.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- t1_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+- t1_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- t1_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- t1_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- t1_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- t1_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+- t1_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- t1_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- t1_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- t1_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- t1_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- t1_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- t1_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- t1_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- t1_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- t1_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- t1_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- t1_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- t1_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- t1_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- t1_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- t1_lib.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- t1_meth.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- t1_meth.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- t1_meth.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- t1_meth.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- t1_meth.o: ../include/openssl/des.h ../include/openssl/dh.h
+- t1_meth.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- t1_meth.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- t1_meth.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- t1_meth.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- t1_meth.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- t1_meth.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- t1_meth.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- t1_meth.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- t1_meth.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- t1_meth.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- t1_meth.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- t1_meth.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- t1_meth.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- t1_meth.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- t1_meth.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- t1_meth.o: ../include/openssl/x509_vfy.h ssl_locl.h
+- t1_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- t1_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- t1_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- t1_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+- t1_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+- t1_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- t1_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- t1_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- t1_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+- t1_srvr.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- t1_srvr.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- t1_srvr.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+- t1_srvr.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+- t1_srvr.o: ../include/openssl/rand.h ../include/openssl/rc2.h
+- t1_srvr.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- t1_srvr.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- t1_srvr.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- t1_srvr.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+- t1_srvr.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+- t1_srvr.o: ../include/openssl/stack.h ../include/openssl/tls1.h
+- t1_srvr.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/Makefile.ssl ../RELENG_4_6/crypto/openssl/ssl/Makefile.ssl
+*** crypto/openssl/ssl/Makefile.ssl	Wed Jul  4 19:19:44 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/Makefile.ssl	Wed Oct  9 09:16:10 2002
+***************
+*** 84,90 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 84,90 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 229,240 ****
+  s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+  s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+  s23_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
+! s2_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+! s2_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+! s2_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+! s2_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+! s2_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+! s2_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+  s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+--- 229,241 ----
+  s23_srvr.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+  s23_srvr.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+  s23_srvr.o: ../include/openssl/x509_vfy.h ssl_locl.h
+! s2_clnt.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
+! s2_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+! s2_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+! s2_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+! s2_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+! s2_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s2_clnt.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+  s2_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  s2_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  s2_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+***************
+*** 274,285 ****
+  s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+  s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+  s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+! s2_lib.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+! s2_lib.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+! s2_lib.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+! s2_lib.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+! s2_lib.o: ../include/openssl/des.h ../include/openssl/dh.h
+! s2_lib.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+  s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+--- 275,287 ----
+  s2_enc.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+  s2_enc.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+  s2_enc.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+! s2_lib.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
+! s2_lib.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+! s2_lib.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+! s2_lib.o: ../include/openssl/cast.h ../include/openssl/comp.h
+! s2_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+! s2_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s2_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+  s2_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  s2_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  s2_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+***************
+*** 340,351 ****
+  s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+  s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+  s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+! s2_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+! s2_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+! s2_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+! s2_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+! s2_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+! s2_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+  s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+--- 342,354 ----
+  s2_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+  s2_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+  s2_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+! s2_srvr.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
+! s2_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+! s2_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+! s2_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+! s2_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+! s2_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s2_srvr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+  s2_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  s2_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  s2_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+***************
+*** 386,397 ****
+  s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+  s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+  s3_both.o: ../include/openssl/x509_vfy.h ssl_locl.h
+! s3_clnt.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+! s3_clnt.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+! s3_clnt.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+! s3_clnt.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+! s3_clnt.o: ../include/openssl/des.h ../include/openssl/dh.h
+! s3_clnt.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+  s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+--- 389,401 ----
+  s3_both.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+  s3_both.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+  s3_both.o: ../include/openssl/x509_vfy.h ssl_locl.h
+! s3_clnt.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
+! s3_clnt.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+! s3_clnt.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+! s3_clnt.o: ../include/openssl/cast.h ../include/openssl/comp.h
+! s3_clnt.o: ../include/openssl/crypto.h ../include/openssl/des.h
+! s3_clnt.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s3_clnt.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+  s3_clnt.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  s3_clnt.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  s3_clnt.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+***************
+*** 497,508 ****
+  s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+  s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+  s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+! s3_srvr.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+! s3_srvr.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+! s3_srvr.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+! s3_srvr.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+! s3_srvr.o: ../include/openssl/des.h ../include/openssl/dh.h
+! s3_srvr.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+  s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+--- 501,513 ----
+  s3_pkt.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+  s3_pkt.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+  s3_pkt.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+! s3_srvr.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
+! s3_srvr.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+! s3_srvr.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+! s3_srvr.o: ../include/openssl/cast.h ../include/openssl/comp.h
+! s3_srvr.o: ../include/openssl/crypto.h ../include/openssl/des.h
+! s3_srvr.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! s3_srvr.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+  s3_srvr.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  s3_srvr.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  s3_srvr.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+***************
+*** 542,553 ****
+  ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+  ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+  ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+! ssl_asn1.o: ../include/openssl/asn1.h ../include/openssl/asn1_mac.h
+! ssl_asn1.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+! ssl_asn1.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+! ssl_asn1.o: ../include/openssl/cast.h ../include/openssl/comp.h
+! ssl_asn1.o: ../include/openssl/crypto.h ../include/openssl/des.h
+! ssl_asn1.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+  ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+  ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+  ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+--- 547,559 ----
+  ssl_algs.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+  ssl_algs.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+  ssl_algs.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+! ssl_asn1.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
+! ssl_asn1.o: ../include/openssl/asn1_mac.h ../include/openssl/bio.h
+! ssl_asn1.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+! ssl_asn1.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+! ssl_asn1.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+! ssl_asn1.o: ../include/openssl/des.h ../include/openssl/dh.h
+! ssl_asn1.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+  ssl_asn1.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+  ssl_asn1.o: ../include/openssl/err.h ../include/openssl/evp.h
+  ssl_asn1.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+***************
+*** 572,595 ****
+  ssl_cert.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+  ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! ssl_cert.o: ../include/openssl/err.h ../include/openssl/evp.h
+! ssl_cert.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! ssl_cert.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! ssl_cert.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! ssl_cert.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! ssl_cert.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! ssl_cert.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! ssl_cert.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! ssl_cert.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! ssl_cert.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! ssl_cert.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! ssl_cert.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! ssl_cert.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! ssl_cert.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ssl_cert.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! ssl_cert.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h
+! ssl_cert.o: ssl_locl.h
+  ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+--- 578,600 ----
+  ssl_cert.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  ssl_cert.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+  ssl_cert.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! ssl_cert.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! ssl_cert.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! ssl_cert.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! ssl_cert.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! ssl_cert.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! ssl_cert.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! ssl_cert.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! ssl_cert.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! ssl_cert.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! ssl_cert.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! ssl_cert.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! ssl_cert.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! ssl_cert.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! ssl_cert.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! ssl_cert.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! ssl_cert.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+! ssl_cert.o: ../include/openssl/x509v3.h ssl_locl.h
+  ssl_ciph.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssl_ciph.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssl_ciph.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+***************
+*** 662,685 ****
+  ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+! ssl_lib.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! ssl_lib.o: ../include/openssl/evp.h ../include/openssl/idea.h
+! ssl_lib.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+! ssl_lib.o: ../include/openssl/md4.h ../include/openssl/md5.h
+! ssl_lib.o: ../include/openssl/mdc2.h ../include/openssl/obj_mac.h
+! ssl_lib.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+! ssl_lib.o: ../include/openssl/opensslv.h ../include/openssl/pem.h
+! ssl_lib.o: ../include/openssl/pem2.h ../include/openssl/pkcs7.h
+! ssl_lib.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+! ssl_lib.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+! ssl_lib.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+! ssl_lib.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+! ssl_lib.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+! ssl_lib.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+! ssl_lib.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+! ssl_lib.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+! ssl_lib.o: ../include/openssl/x509v3.h ssl_locl.h
+  ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+--- 667,689 ----
+  ssl_lib.o: ../include/openssl/comp.h ../include/openssl/conf.h
+  ssl_lib.o: ../include/openssl/crypto.h ../include/openssl/des.h
+  ssl_lib.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! ssl_lib.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+! ssl_lib.o: ../include/openssl/err.h ../include/openssl/evp.h
+! ssl_lib.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+! ssl_lib.o: ../include/openssl/md2.h ../include/openssl/md4.h
+! ssl_lib.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+! ssl_lib.o: ../include/openssl/obj_mac.h ../include/openssl/objects.h
+! ssl_lib.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! ssl_lib.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+! ssl_lib.o: ../include/openssl/pkcs7.h ../include/openssl/rc2.h
+! ssl_lib.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+! ssl_lib.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+! ssl_lib.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+! ssl_lib.o: ../include/openssl/ssl.h ../include/openssl/ssl2.h
+! ssl_lib.o: ../include/openssl/ssl23.h ../include/openssl/ssl3.h
+! ssl_lib.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ssl_lib.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+! ssl_lib.o: ../include/openssl/x509_vfy.h ../include/openssl/x509v3.h ssl_locl.h
+  ssl_rsa.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssl_rsa.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssl_rsa.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+***************
+*** 702,713 ****
+  ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+  ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+  ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+! ssl_sess.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+! ssl_sess.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+! ssl_sess.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+! ssl_sess.o: ../include/openssl/comp.h ../include/openssl/crypto.h
+! ssl_sess.o: ../include/openssl/des.h ../include/openssl/dh.h
+! ssl_sess.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+  ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+--- 706,718 ----
+  ssl_rsa.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+  ssl_rsa.o: ../include/openssl/symhacks.h ../include/openssl/tls1.h
+  ssl_rsa.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h ssl_locl.h
+! ssl_sess.o: ../crypto/cryptlib.h ../include/openssl/asn1.h
+! ssl_sess.o: ../include/openssl/bio.h ../include/openssl/blowfish.h
+! ssl_sess.o: ../include/openssl/bn.h ../include/openssl/buffer.h
+! ssl_sess.o: ../include/openssl/cast.h ../include/openssl/comp.h
+! ssl_sess.o: ../include/openssl/crypto.h ../include/openssl/des.h
+! ssl_sess.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+! ssl_sess.o: ../include/openssl/e_os.h ../include/openssl/e_os.h
+  ssl_sess.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+  ssl_sess.o: ../include/openssl/evp.h ../include/openssl/idea.h
+  ssl_sess.o: ../include/openssl/lhash.h ../include/openssl/md2.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_clnt.c ../RELENG_4_6/crypto/openssl/ssl/s23_clnt.c
+*** crypto/openssl/ssl/s23_clnt.c	Wed Jul  4 19:19:44 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s23_clnt.c	Sat Dec 21 18:54:23 2002
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_clnt.c,v 1.2.2.3 2001/07/04 23:19:44 kris Exp $
+   */
+  
+  #include <stdio.h>
+--- 54,59 ----
+***************
+*** 89,106 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_client_data,
+! 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 		SSLv23_client_data.ssl_connect=ssl23_connect;
+! 		SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_client_data);
+  	}
+  
+  int ssl23_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf;
+  	unsigned long Time=time(NULL);
+  	void (*cb)()=NULL;
+  	int ret= -1;
+--- 87,111 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_client_data,
+! 				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 			SSLv23_client_data.ssl_connect=ssl23_connect;
+! 			SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_client_data);
+  	}
+  
+  int ssl23_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf=NULL;
+  	unsigned long Time=time(NULL);
+  	void (*cb)()=NULL;
+  	int ret= -1;
+***************
+*** 115,122 ****
+  	else if (s->ctx->info_callback != NULL)
+  		cb=s->ctx->info_callback;
+  	
+- 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+  	s->in_handshake++;
+  
+  	for (;;)
+  		{
+--- 120,127 ----
+  	else if (s->ctx->info_callback != NULL)
+  		cb=s->ctx->info_callback;
+  	
+  	s->in_handshake++;
++ 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+  
+  	for (;;)
+  		{
+***************
+*** 154,159 ****
+--- 159,165 ----
+  					goto end;
+  					}
+  				s->init_buf=buf;
++ 				buf=NULL;
+  				}
+  
+  			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+***************
+*** 202,207 ****
+--- 208,215 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL)
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_lib.c ../RELENG_4_6/crypto/openssl/ssl/s23_lib.c
+*** crypto/openssl/ssl/s23_lib.c	Wed Jul  4 19:19:44 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s23_lib.c	Thu Mar  8 16:53:26 2001
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_lib.c,v 1.2.2.3 2001/07/04 23:19:44 kris Exp $
+   */
+  
+  #include <stdio.h>
+--- 54,59 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_meth.c ../RELENG_4_6/crypto/openssl/ssl/s23_meth.c
+*** crypto/openssl/ssl/s23_meth.c	Wed Jul  4 19:19:44 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s23_meth.c	Thu Sep 26 11:55:45 2002
+***************
+*** 80,91 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv23_data.ssl_connect=ssl23_connect;
+! 		SSLv23_data.ssl_accept=ssl23_accept;
+! 		SSLv23_data.get_ssl_method=ssl23_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_data);
+  	}
+--- 80,98 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv23_data.ssl_connect=ssl23_connect;
+! 			SSLv23_data.ssl_accept=ssl23_accept;
+! 			SSLv23_data.get_ssl_method=ssl23_get_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_pkt.c ../RELENG_4_6/crypto/openssl/ssl/s23_pkt.c
+*** crypto/openssl/ssl/s23_pkt.c	Sun Aug 20 04:47:01 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/s23_pkt.c	Sat Oct 20 13:52:39 2001
+***************
+*** 55,60 ****
+--- 55,113 ----
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   */
++ /* ====================================================================
++  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
+  
+  #include <stdio.h>
+  #include <errno.h>
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_srvr.c ../RELENG_4_6/crypto/openssl/ssl/s23_srvr.c
+*** crypto/openssl/ssl/s23_srvr.c	Wed Jul  4 19:19:44 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s23_srvr.c	Wed Sep 25 11:36:09 2002
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_srvr.c,v 1.2.2.3 2001/07/04 23:19:44 kris Exp $
+   */
+  
+  #include <stdio.h>
+--- 54,112 ----
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
++  */
++ /* ====================================================================
++  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
+   *
+   */
+  
+  #include <stdio.h>
+***************
+*** 88,98 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_server_data,
+! 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 		SSLv23_server_data.ssl_accept=ssl23_accept;
+! 		SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_server_data);
+  	}
+--- 139,156 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_server_data,
+! 				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 			SSLv23_server_data.ssl_accept=ssl23_accept;
+! 			SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_server_data);
+  	}
+***************
+*** 114,121 ****
+  	else if (s->ctx->info_callback != NULL)
+  		cb=s->ctx->info_callback;
+  	
+- 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+  	s->in_handshake++;
+  
+  	for (;;)
+  		{
+--- 172,179 ----
+  	else if (s->ctx->info_callback != NULL)
+  		cb=s->ctx->info_callback;
+  	
+  	s->in_handshake++;
++ 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+  
+  	for (;;)
+  		{
+***************
+*** 181,189 ****
+  			}
+  		}
+  end:
+  	if (cb != NULL)
+  		cb(s,SSL_CB_ACCEPT_EXIT,ret);
+- 	s->in_handshake--;
+  	return(ret);
+  	}
+  
+--- 239,247 ----
+  			}
+  		}
+  end:
++ 	s->in_handshake--;
+  	if (cb != NULL)
+  		cb(s,SSL_CB_ACCEPT_EXIT,ret);
+  	return(ret);
+  	}
+  
+***************
+*** 354,370 ****
+  			/* We must look at client_version inside the Client Hello message
+  			 * to get the correct minor version.
+  			 * However if we have only a pathologically small fragment of the
+! 			 * Client Hello message, this would be difficult, we'd have
+! 			 * to read at least one additional record to find out.
+! 			 * This doesn't usually happen in real life, so we just complain
+! 			 * for now.
+! 			 */
+  			if (p[3] == 0 && p[4] < 6)
+  				{
+  				SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+  				goto err;
+  				}
+! 			v[1]=p[10]; /* minor version according to client_version */
+  			if (v[1] >= TLS1_VERSION_MINOR)
+  				{
+  				if (!(s->options & SSL_OP_NO_TLSv1))
+--- 412,433 ----
+  			/* We must look at client_version inside the Client Hello message
+  			 * to get the correct minor version.
+  			 * However if we have only a pathologically small fragment of the
+! 			 * Client Hello message, this would be difficult, and we'd have
+! 			 * to read more records to find out.
+! 			 * No known SSL 3.0 client fragments ClientHello like this,
+! 			 * so we simply assume TLS 1.0 to avoid protocol version downgrade
+! 			 * attacks. */
+  			if (p[3] == 0 && p[4] < 6)
+  				{
++ #if 0
+  				SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL);
+  				goto err;
++ #else
++ 				v[1] = TLS1_VERSION_MINOR;
++ #endif
+  				}
+! 			else
+! 				v[1]=p[10]; /* minor version according to client_version */
+  			if (v[1] >= TLS1_VERSION_MINOR)
+  				{
+  				if (!(s->options & SSL_OP_NO_TLSv1))
+***************
+*** 378,387 ****
+  					type=3;
+  					}
+  				}
+! 			else if (!(s->options & SSL_OP_NO_SSLv3))
+  				{
+! 				s->version=SSL3_VERSION;
+! 				type=3;
+  				}
+  			}
+  		else if ((strncmp("GET ", (char *)p,4) == 0) ||
+--- 441,461 ----
+  					type=3;
+  					}
+  				}
+! 			else
+  				{
+! 				/* client requests SSL 3.0 */
+! 				if (!(s->options & SSL_OP_NO_SSLv3))
+! 					{
+! 					s->version=SSL3_VERSION;
+! 					type=3;
+! 					}
+! 				else if (!(s->options & SSL_OP_NO_TLSv1))
+! 					{
+! 					/* we won't be able to use TLS of course,
+! 					 * but this will send an appropriate alert */
+! 					s->version=TLS1_VERSION;
+! 					type=3;
+! 					}
+  				}
+  			}
+  		else if ((strncmp("GET ", (char *)p,4) == 0) ||
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_clnt.c ../RELENG_4_6/crypto/openssl/ssl/s2_clnt.c
+*** crypto/openssl/ssl/s2_clnt.c	Wed Jul  4 19:19:44 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_clnt.c	Sat Dec 21 18:54:23 2002
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_clnt.c,v 1.2.2.3 2001/07/04 23:19:44 kris Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,112 ----
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
++  */
++ /* ====================================================================
++  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
+   *
+   */
+  
+  #include "ssl_locl.h"
+***************
+*** 65,70 ****
+--- 116,122 ----
+  #include <openssl/buffer.h>
+  #include <openssl/objects.h>
+  #include <openssl/evp.h>
++ #include "cryptlib.h"
+  
+  static SSL_METHOD *ssl2_get_client_method(int ver);
+  static int get_server_finished(SSL *s);
+***************
+*** 93,103 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_client_data.ssl_connect=ssl2_connect;
+! 		SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_client_data);
+  	}
+--- 145,162 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_client_data.ssl_connect=ssl2_connect;
+! 			SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_client_data);
+  	}
+***************
+*** 120,127 ****
+  		cb=s->ctx->info_callback;
+  
+  	/* init things to blank */
+- 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+  	s->in_handshake++;
+  
+  	for (;;)
+  		{
+--- 179,186 ----
+  		cb=s->ctx->info_callback;
+  
+  	/* init things to blank */
+  	s->in_handshake++;
++ 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+  
+  	for (;;)
+  		{
+***************
+*** 149,158 ****
+--- 208,220 ----
+  			if (!BUF_MEM_grow(buf,
+  				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+  				{
++ 				if (buf == s->init_buf)
++ 					buf=NULL;
+  				ret= -1;
+  				goto end;
+  				}
+  			s->init_buf=buf;
++ 			buf=NULL;
+  			s->init_num=0;
+  			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
+  			s->ctx->stats.sess_connect++;
+***************
+*** 279,284 ****
+--- 341,348 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL) 
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+***************
+*** 289,294 ****
+--- 353,359 ----
+  	unsigned char *buf;
+  	unsigned char *p;
+  	int i,j;
++ 	unsigned long len;
+  	STACK_OF(SSL_CIPHER) *sk=NULL,*cl;
+  
+  	buf=(unsigned char *)s->init_buf->data;
+***************
+*** 298,303 ****
+--- 363,369 ----
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),11-s->init_num);
+  		if (i < (11-s->init_num)) 
+  			return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
++ 		s->init_num = 11;
+  
+  		if (*(p++) != SSL2_MT_SERVER_HELLO)
+  			{
+***************
+*** 326,343 ****
+  		n2s(p,i); s->s2->tmp.csl=i;
+  		n2s(p,i); s->s2->tmp.conn_id_length=i;
+  		s->state=SSL2_ST_GET_SERVER_HELLO_B;
+- 		s->init_num=0;
+  		}
+  
+  	/* SSL2_ST_GET_SERVER_HELLO_B */
+! 	j=s->s2->tmp.cert_length+s->s2->tmp.csl+s->s2->tmp.conn_id_length
+! 		- s->init_num;
+! 	i=ssl2_read(s,(char *)&(buf[s->init_num]),j);
+  	if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+  
+  	/* things are looking good */
+  
+! 	p=buf;
+  	if (s->hit)
+  		{
+  		if (s->s2->tmp.cert_length != 0) 
+--- 392,413 ----
+  		n2s(p,i); s->s2->tmp.csl=i;
+  		n2s(p,i); s->s2->tmp.conn_id_length=i;
+  		s->state=SSL2_ST_GET_SERVER_HELLO_B;
+  		}
+  
+  	/* SSL2_ST_GET_SERVER_HELLO_B */
+! 	len = 11 + (unsigned long)s->s2->tmp.cert_length + (unsigned long)s->s2->tmp.csl + (unsigned long)s->s2->tmp.conn_id_length;
+! 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+! 		{
+! 		SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_MESSAGE_TOO_LONG);
+! 		return -1;
+! 		}
+! 	j = (int)len - s->init_num;
+! 	i = ssl2_read(s,(char *)&(buf[s->init_num]),j);
+  	if (i != j) return(ssl2_part_read(s,SSL_F_GET_SERVER_HELLO,i));
+  
+  	/* things are looking good */
+  
+! 	p = buf + 11;
+  	if (s->hit)
+  		{
+  		if (s->s2->tmp.cert_length != 0) 
+***************
+*** 460,465 ****
+--- 530,541 ----
+  		}
+  		
+  	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
++ 	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
++ 		{
++ 		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++ 		SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
++ 		return -1;
++ 		}
+  	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
+  	return(1);
+  	}
+***************
+*** 561,566 ****
+--- 637,648 ----
+  		/* make key_arg data */
+  		i=EVP_CIPHER_iv_length(c);
+  		sess->key_arg_length=i;
++ 		if (i > SSL_MAX_KEY_ARG_LENGTH)
++ 			{
++ 			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++ 			SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
++ 			return -1;
++ 			}
+  		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
+  
+  		/* make a master key */
+***************
+*** 568,573 ****
+--- 650,661 ----
+  		sess->master_key_length=i;
+  		if (i > 0)
+  			{
++ 			if (i > sizeof sess->master_key)
++ 				{
++ 				ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
++ 				SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
++ 				return -1;
++ 				}
+  			if (RAND_bytes(sess->master_key,i) <= 0)
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+***************
+*** 611,616 ****
+--- 699,710 ----
+  		d+=enc;
+  		karg=sess->key_arg_length;	
+  		s2n(karg,p); /* key arg size */
++ 		if (karg > sizeof sess->key_arg)
++ 			{
++ 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ 			SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
++ 			return -1;
++ 			}
+  		memcpy(d,sess->key_arg,(unsigned int)karg);
+  		d+=karg;
+  
+***************
+*** 631,636 ****
+--- 725,735 ----
+  		{
+  		p=(unsigned char *)s->init_buf->data;
+  		*(p++)=SSL2_MT_CLIENT_FINISHED;
++ 		if (s->s2->conn_id_length > sizeof s->s2->conn_id)
++ 			{
++ 			SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
++ 			return -1;
++ 			}
+  		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
+  
+  		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
+***************
+*** 647,657 ****
+  	unsigned char *p,*d;
+  	int i;
+  	unsigned int n;
+! 	int cert_ch_len=0;
+  	unsigned char *cert_ch;
+  
+  	buf=(unsigned char *)s->init_buf->data;
+- 	cert_ch= &(buf[2]);
+  
+  	/* We have a cert associated with the SSL, so attach it to
+  	 * the session if it does not have one */
+--- 746,755 ----
+  	unsigned char *p,*d;
+  	int i;
+  	unsigned int n;
+! 	int cert_ch_len;
+  	unsigned char *cert_ch;
+  
+  	buf=(unsigned char *)s->init_buf->data;
+  
+  	/* We have a cert associated with the SSL, so attach it to
+  	 * the session if it does not have one */
+***************
+*** 659,667 ****
+  	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
+  		{
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),
+! 			SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
+! 		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+  
+  		/* type=buf[0]; */
+  		/* type eq x509 */
+--- 757,766 ----
+  	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
+  		{
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),
+! 			SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
+! 		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
++ 		s->init_num += i;
+  
+  		/* type=buf[0]; */
+  		/* type eq x509 */
+***************
+*** 671,677 ****
+  			SSLerr(SSL_F_CLIENT_CERTIFICATE,SSL_R_BAD_AUTHENTICATION_TYPE);
+  			return(-1);
+  			}
+- 		cert_ch_len=i-1;
+  
+  		if ((s->cert == NULL) ||
+  			(s->cert->key->x509 == NULL) ||
+--- 770,775 ----
+***************
+*** 683,688 ****
+--- 781,789 ----
+  			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_C;
+  		}
+  
++ 	cert_ch = buf + 2;
++ 	cert_ch_len = s->init_num - 2;
++ 
+  	if (s->state == SSL2_ST_X509_GET_CLIENT_CERTIFICATE)
+  		{
+  		X509 *x509=NULL;
+***************
+*** 788,794 ****
+  static int get_server_verify(SSL *s)
+  	{
+  	unsigned char *p;
+! 	int i;
+  
+  	p=(unsigned char *)s->init_buf->data;
+  	if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
+--- 889,895 ----
+  static int get_server_verify(SSL *s)
+  	{
+  	unsigned char *p;
+! 	int i, n, len;
+  
+  	p=(unsigned char *)s->init_buf->data;
+  	if (s->state == SSL2_ST_GET_SERVER_VERIFY_A)
+***************
+*** 796,804 ****
+  		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+  		if (i < (1-s->init_num)) 
+  			return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
+  
+  		s->state= SSL2_ST_GET_SERVER_VERIFY_B;
+- 		s->init_num=0;
+  		if (*p != SSL2_MT_SERVER_VERIFY)
+  			{
+  			if (p[0] != SSL2_MT_ERROR)
+--- 897,905 ----
+  		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+  		if (i < (1-s->init_num)) 
+  			return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
++ 		s->init_num += i;
+  
+  		s->state= SSL2_ST_GET_SERVER_VERIFY_B;
+  		if (*p != SSL2_MT_SERVER_VERIFY)
+  			{
+  			if (p[0] != SSL2_MT_ERROR)
+***************
+*** 815,824 ****
+  		}
+  	
+  	p=(unsigned char *)s->init_buf->data;
+! 	i=ssl2_read(s,(char *)&(p[s->init_num]),
+! 		(unsigned int)s->s2->challenge_length-s->init_num);
+! 	if (i < ((int)s->s2->challenge_length-s->init_num))
+  		return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
+  	if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
+  		{
+  		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+--- 916,928 ----
+  		}
+  	
+  	p=(unsigned char *)s->init_buf->data;
+! 	len = 1 + s->s2->challenge_length;
+! 	n =  len - s->init_num;
+! 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+! 	if (i < n)
+  		return(ssl2_part_read(s,SSL_F_GET_SERVER_VERIFY,i));
++ 	p += 1;
++ 
+  	if (memcmp(p,s->s2->challenge,(unsigned int)s->s2->challenge_length) != 0)
+  		{
+  		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+***************
+*** 832,838 ****
+  	{
+  	unsigned char *buf;
+  	unsigned char *p;
+! 	int i;
+  
+  	buf=(unsigned char *)s->init_buf->data;
+  	p=buf;
+--- 936,942 ----
+  	{
+  	unsigned char *buf;
+  	unsigned char *p;
+! 	int i, n, len;
+  
+  	buf=(unsigned char *)s->init_buf->data;
+  	p=buf;
+***************
+*** 841,847 ****
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
+  		if (i < (1-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
+! 		s->init_num=i;
+  		if (*p == SSL2_MT_REQUEST_CERTIFICATE)
+  			{
+  			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
+--- 945,952 ----
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),1-s->init_num);
+  		if (i < (1-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
+! 		s->init_num += i;
+! 
+  		if (*p == SSL2_MT_REQUEST_CERTIFICATE)
+  			{
+  			s->state=SSL2_ST_SEND_CLIENT_CERTIFICATE_A;
+***************
+*** 858,871 ****
+  				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
+  			return(-1);
+  			}
+! 		s->state=SSL_ST_OK;
+! 		s->init_num=0;
+  		}
+  
+! 	i=ssl2_read(s,(char *)&(buf[s->init_num]),
+! 		SSL2_SSL_SESSION_ID_LENGTH-s->init_num);
+! 	if (i < (SSL2_SSL_SESSION_ID_LENGTH-s->init_num))
+  		return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
+  
+  	if (!s->hit) /* new session */
+  		{
+--- 963,977 ----
+  				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_PEER_ERROR);
+  			return(-1);
+  			}
+! 		s->state=SSL2_ST_GET_SERVER_FINISHED_B;
+  		}
+  
+! 	len = 1 + SSL2_SSL_SESSION_ID_LENGTH;
+! 	n = len - s->init_num;
+! 	i = ssl2_read(s,(char *)&(buf[s->init_num]), n);
+! 	if (i < n) /* XXX could be shorter than SSL2_SSL_SESSION_ID_LENGTH, that's the maximum */
+  		return(ssl2_part_read(s,SSL_F_GET_SERVER_FINISHED,i));
++ 	s->init_num += i;
+  
+  	if (!s->hit) /* new session */
+  		{
+***************
+*** 880,887 ****
+  		{
+  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+  			{
+! 			if (memcmp(buf,s->session->session_id,
+! 				(unsigned int)s->session->session_id_length) != 0)
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+  				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
+--- 986,994 ----
+  		{
+  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+  			{
+! 			if ((s->session->session_id_length > sizeof s->session->session_id)
+! 			    || (0 != memcmp(buf, s->session->session_id,
+! 			                    (unsigned int)s->session->session_id_length)))
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+  				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
+***************
+*** 889,894 ****
+--- 996,1002 ----
+  				}
+  			}
+  		}
++ 	s->state = SSL_ST_OK;
+  	return(1);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_enc.c ../RELENG_4_6/crypto/openssl/ssl/s2_enc.c
+*** crypto/openssl/ssl/s2_enc.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_enc.c	Fri Aug  2 06:51:34 2002
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_enc.c,v 1.2.2.3 2001/07/04 23:19:45 kris Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+***************
+*** 98,104 ****
+  	num=c->key_len;
+  	s->s2->key_material_length=num*2;
+  
+! 	ssl2_generate_key_material(s);
+  
+  	EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+  		s->session->key_arg);
+--- 96,103 ----
+  	num=c->key_len;
+  	s->s2->key_material_length=num*2;
+  
+! 	if (ssl2_generate_key_material(s) <= 0)
+! 		return 0;
+  
+  	EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+  		s->session->key_arg);
+***************
+*** 113,120 ****
+  	}
+  
+  /* read/writes from s->s2->mac_data using length for encrypt and 
+!  * decrypt.  It sets the s->s2->padding, s->[rw]length and
+!  * s->s2->pad_data ptr if we are encrypting */
+  void ssl2_enc(SSL *s, int send)
+  	{
+  	EVP_CIPHER_CTX *ds;
+--- 112,119 ----
+  	}
+  
+  /* read/writes from s->s2->mac_data using length for encrypt and 
+!  * decrypt.  It sets s->s2->padding and s->[rw]length
+!  * if we are encrypting */
+  void ssl2_enc(SSL *s, int send)
+  	{
+  	EVP_CIPHER_CTX *ds;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_lib.c ../RELENG_4_6/crypto/openssl/ssl/s2_lib.c
+*** crypto/openssl/ssl/s2_lib.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_lib.c	Thu Nov 28 03:06:33 2002
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_lib.c,v 1.2.2.3 2001/07/04 23:19:45 kris Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+***************
+*** 64,69 ****
+--- 62,68 ----
+  #include <openssl/rsa.h>
+  #include <openssl/objects.h>
+  #include <openssl/md5.h>
++ #include "cryptlib.h"
+  
+  static long ssl2_default_timeout(void );
+  const char *ssl2_version_str="SSLv2" OPENSSL_VERSION_PTEXT;
+***************
+*** 78,84 ****
+  	SSL2_TXT_NULL_WITH_MD5,
+  	SSL2_CK_NULL_WITH_MD5,
+  	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
+! 	SSL_EXPORT|SSL_EXP40,
+  	0,
+  	0,
+  	SSL_ALL_CIPHERS,
+--- 77,84 ----
+  	SSL2_TXT_NULL_WITH_MD5,
+  	SSL2_CK_NULL_WITH_MD5,
+  	SSL_kRSA|SSL_aRSA|SSL_eNULL|SSL_MD5|SSL_SSLV2,
+! 	SSL_EXPORT|SSL_EXP40|SSL_STRONG_NONE,
+! 	0,
+  	0,
+  	0,
+  	SSL_ALL_CIPHERS,
+***************
+*** 198,203 ****
+--- 198,204 ----
+  	SSL2_TXT_NULL,
+  	SSL2_CK_NULL,
+  	0,
++ 	SSL_STRONG_NONE,
+  	0,
+  	0,
+  	0,
+***************
+*** 306,312 ****
+  	s2=s->s2;
+  	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+  	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+! 	memset(s2,0,sizeof *s2);
+  	OPENSSL_free(s2);
+  	s->s2=NULL;
+  	}
+--- 307,313 ----
+  	s2=s->s2;
+  	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+  	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+! 	OPENSSL_cleanse(s2,sizeof *s2);
+  	OPENSSL_free(s2);
+  	s->s2=NULL;
+  	}
+***************
+*** 375,389 ****
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		for (i=0; i<SSL2_NUM_CIPHERS; i++)
+! 			sorted[i]= &(ssl2_ciphers[i]);
+! 
+! 		qsort(  (char *)sorted,
+! 			SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 			FP_ICC ssl_cipher_ptr_id_cmp);
+! 
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+- 		init=0;
+  		}
+  
+  	id=0x02000000L|((unsigned long)p[0]<<16L)|
+--- 376,394 ----
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		if (init)
+! 			{
+! 			for (i=0; i<SSL2_NUM_CIPHERS; i++)
+! 				sorted[i]= &(ssl2_ciphers[i]);
+! 
+! 			qsort((char *)sorted,
+! 				SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 				FP_ICC ssl_cipher_ptr_id_cmp);
+! 
+! 			init=0;
+! 			}
+! 			
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+  		}
+  
+  	id=0x02000000L|((unsigned long)p[0]<<16L)|
+***************
+*** 414,420 ****
+  	return(3);
+  	}
+  
+! void ssl2_generate_key_material(SSL *s)
+  	{
+  	unsigned int i;
+  	MD5_CTX ctx;
+--- 419,425 ----
+  	return(3);
+  	}
+  
+! int ssl2_generate_key_material(SSL *s)
+  	{
+  	unsigned int i;
+  	MD5_CTX ctx;
+***************
+*** 427,434 ****
+--- 432,453 ----
+  #endif
+  
+  	km=s->s2->key_material;
++ 
++ 	if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
++ 		{
++ 		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
++ 		return 0;
++ 		}
++ 
+  	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
+  		{
++ 		if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material)
++ 			{
++ 			/* MD5_Final() below would write beyond buffer */
++ 			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
++ 			return 0;
++ 			}
++ 
+  		MD5_Init(&ctx);
+  
+  		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
+***************
+*** 439,444 ****
+--- 458,465 ----
+  		MD5_Final(km,&ctx);
+  		km+=MD5_DIGEST_LENGTH;
+  		}
++ 
++ 	return 1;
+  	}
+  
+  void ssl2_return_error(SSL *s, int err)
+***************
+*** 463,479 ****
+  	buf[2]=(s->error_code)&0xff;
+  
+  /*	state=s->rwstate;*/
+! 	error=s->error;
+  	s->error=0;
+  	i=ssl2_write(s,&(buf[3-error]),error);
+  /*	if (i == error) s->rwstate=state; */
+  
+  	if (i < 0)
+  		s->error=error;
+  	else if (i != s->error)
+  		s->error=error-i;
+- 	/* else
+- 		s->error=0; */
+  	}
+  
+  int ssl2_shutdown(SSL *s)
+--- 484,503 ----
+  	buf[2]=(s->error_code)&0xff;
+  
+  /*	state=s->rwstate;*/
+! 
+! 	error=s->error; /* number of bytes left to write */
+  	s->error=0;
++ 	if (error < 0 || error > sizeof buf) /* can't happen */
++ 		return;
++ 	
+  	i=ssl2_write(s,&(buf[3-error]),error);
++ 
+  /*	if (i == error) s->rwstate=state; */
+  
+  	if (i < 0)
+  		s->error=error;
+  	else if (i != s->error)
+  		s->error=error-i;
+  	}
+  
+  int ssl2_shutdown(SSL *s)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_meth.c ../RELENG_4_6/crypto/openssl/ssl/s2_meth.c
+*** crypto/openssl/ssl/s2_meth.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_meth.c	Thu Sep 26 11:55:45 2002
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_meth.c,v 1.2.2.3 2001/07/04 23:19:45 kris Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+***************
+*** 79,90 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_data.ssl_connect=ssl2_connect;
+! 		SSLv2_data.ssl_accept=ssl2_accept;
+! 		SSLv2_data.get_ssl_method=ssl2_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_data);
+  	}
+--- 77,95 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_data.ssl_connect=ssl2_connect;
+! 			SSLv2_data.ssl_accept=ssl2_accept;
+! 			SSLv2_data.get_ssl_method=ssl2_get_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_pkt.c ../RELENG_4_6/crypto/openssl/ssl/s2_pkt.c
+*** crypto/openssl/ssl/s2_pkt.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_pkt.c	Fri Nov  9 20:15:27 2001
+***************
+*** 56,62 ****
+   * [including the GNU Public Licence.]
+   */
+  /* ====================================================================
+!  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 56,62 ----
+   * [including the GNU Public Licence.]
+   */
+  /* ====================================================================
+!  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+***************
+*** 131,137 ****
+  	unsigned char mac[MAX_MAC_SIZE];
+  	unsigned char *p;
+  	int i;
+! 	unsigned int mac_size=0;
+  
+   ssl2_read_again:
+  	if (SSL_in_init(s) && !s->in_handshake)
+--- 130,136 ----
+  	unsigned char mac[MAX_MAC_SIZE];
+  	unsigned char *p;
+  	int i;
+! 	unsigned int mac_size;
+  
+   ssl2_read_again:
+  	if (SSL_in_init(s) && !s->in_handshake)
+***************
+*** 236,252 ****
+  		/* Data portion */
+  		if (s->s2->clear_text)
+  			{
+  			s->s2->mac_data=p;
+  			s->s2->ract_data=p;
+! 			s->s2->pad_data=NULL;
+  			}
+  		else
+  			{
+  			mac_size=EVP_MD_size(s->read_hash);
+  			s->s2->mac_data=p;
+  			s->s2->ract_data= &p[mac_size];
+! 			s->s2->pad_data= &p[mac_size+
+! 				s->s2->rlength-s->s2->padding];
+  			}
+  
+  		s->s2->ract_data_length=s->s2->rlength;
+--- 235,259 ----
+  		/* Data portion */
+  		if (s->s2->clear_text)
+  			{
++ 			mac_size = 0;
+  			s->s2->mac_data=p;
+  			s->s2->ract_data=p;
+! 			if (s->s2->padding)
+! 				{
+! 				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
+! 				return(-1);
+! 				}
+  			}
+  		else
+  			{
+  			mac_size=EVP_MD_size(s->read_hash);
+  			s->s2->mac_data=p;
+  			s->s2->ract_data= &p[mac_size];
+! 			if (s->s2->padding + mac_size > s->s2->rlength)
+! 				{
+! 				SSLerr(SSL_F_SSL2_READ_INTERNAL,SSL_R_ILLEGAL_PADDING);
+! 				return(-1);
+! 				}
+  			}
+  
+  		s->s2->ract_data_length=s->s2->rlength;
+***************
+*** 594,603 ****
+  	s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
+  	/* we copy the data into s->s2->wbuf */
+  	memcpy(s->s2->wact_data,buf,len);
+- #ifdef PURIFY
+  	if (p)
+! 		memset(&(s->s2->wact_data[len]),0,p);
+! #endif
+  
+  	if (!s->s2->clear_text)
+  		{
+--- 601,608 ----
+  	s->s2->wact_data= &(s->s2->wbuf[3+mac_size]);
+  	/* we copy the data into s->s2->wbuf */
+  	memcpy(s->s2->wact_data,buf,len);
+  	if (p)
+! 		memset(&(s->s2->wact_data[len]),0,p); /* arbitrary padding */
+  
+  	if (!s->s2->clear_text)
+  		{
+***************
+*** 646,672 ****
+  	unsigned char *p;
+  	int j;
+  
+- 	/* check for error */
+- 	if ((s->init_num == 0) && (i >= 3))
+- 		{
+- 		p=(unsigned char *)s->init_buf->data;
+- 		if (p[0] == SSL2_MT_ERROR)
+- 			{
+- 			j=(p[1]<<8)|p[2];
+- 			SSLerr((int)f,ssl_mt_error(j));
+- 			}
+- 		}
+- 
+  	if (i < 0)
+  		{
+  		/* ssl2_return_error(s); */
+  		/* for non-blocking io,
+! 		 * this is not fatal */
+  		return(i);
+  		}
+  	else
+  		{
+  		s->init_num+=i;
+  		return(0);
+  		}
+  	}
+--- 651,686 ----
+  	unsigned char *p;
+  	int j;
+  
+  	if (i < 0)
+  		{
+  		/* ssl2_return_error(s); */
+  		/* for non-blocking io,
+! 		 * this is not necessarily fatal */
+  		return(i);
+  		}
+  	else
+  		{
+  		s->init_num+=i;
++ 
++ 		/* Check for error.  While there are recoverable errors,
++ 		 * this function is not called when those must be expected;
++ 		 * any error detected here is fatal. */
++ 		if (s->init_num >= 3)
++ 			{
++ 			p=(unsigned char *)s->init_buf->data;
++ 			if (p[0] == SSL2_MT_ERROR)
++ 				{
++ 				j=(p[1]<<8)|p[2];
++ 				SSLerr((int)f,ssl_mt_error(j));
++ 				s->init_num -= 3;
++ 				if (s->init_num > 0)
++ 					memmove(p, p+3, s->init_num);
++ 				}
++ 			}
++ 
++ 		/* If it's not an error message, we have some error anyway --
++ 		 * the message was shorter than expected.  This too is treated
++ 		 * as fatal (at least if SSL_get_error is asked for its opinion). */
+  		return(0);
+  		}
+  	}
+***************
+*** 677,683 ****
+--- 691,699 ----
+  
+  	ret=ssl2_write(s,&s->init_buf->data[s->init_off],s->init_num);
+  	if (ret == s->init_num)
++ 		{
+  		return(1);
++ 		}
+  	if (ret < 0)
+  		return(-1);
+  	s->init_off+=ret;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_srvr.c ../RELENG_4_6/crypto/openssl/ssl/s2_srvr.c
+*** crypto/openssl/ssl/s2_srvr.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_srvr.c	Wed Sep 25 11:36:12 2002
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_srvr.c,v 1.2.2.3 2001/07/04 23:19:45 kris Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,112 ----
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
++  */
++ /* ====================================================================
++  * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
+   *
+   */
+  
+  #include "ssl_locl.h"
+***************
+*** 65,70 ****
+--- 116,122 ----
+  #include <openssl/rand.h>
+  #include <openssl/objects.h>
+  #include <openssl/evp.h>
++ #include "cryptlib.h"
+  
+  static SSL_METHOD *ssl2_get_server_method(int ver);
+  static int get_client_master_key(SSL *s);
+***************
+*** 93,103 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_server_data.ssl_accept=ssl2_accept;
+! 		SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_server_data);
+  	}
+--- 145,162 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_server_data.ssl_accept=ssl2_accept;
+! 			SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_server_data);
+  	}
+***************
+*** 121,128 ****
+  		cb=s->ctx->info_callback;
+  
+  	/* init things to blank */
+- 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+  	s->in_handshake++;
+  
+  	if (s->cert == NULL)
+  		{
+--- 180,187 ----
+  		cb=s->ctx->info_callback;
+  
+  	/* init things to blank */
+  	s->in_handshake++;
++ 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+  
+  	if (s->cert == NULL)
+  		{
+***************
+*** 324,329 ****
+--- 383,389 ----
+  static int get_client_master_key(SSL *s)
+  	{
+  	int is_export,i,n,keya,ek;
++ 	unsigned long len;
+  	unsigned char *p;
+  	SSL_CIPHER *cp;
+  	const EVP_CIPHER *c;
+***************
+*** 336,341 ****
+--- 396,403 ----
+  
+  		if (i < (10-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
++ 		s->init_num = 10;
++ 
+  		if (*(p++) != SSL2_MT_CLIENT_MASTER_KEY)
+  			{
+  			if (p[-1] != SSL2_MT_ERROR)
+***************
+*** 344,351 ****
+  				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
+  				}
+  			else
+! 				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+! 					SSL_R_PEER_ERROR);
+  			return(-1);
+  			}
+  
+--- 406,412 ----
+  				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
+  				}
+  			else
+! 				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
+  			return(-1);
+  			}
+  
+***************
+*** 353,360 ****
+  		if (cp == NULL)
+  			{
+  			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+! 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+! 				SSL_R_NO_CIPHER_MATCH);
+  			return(-1);
+  			}
+  		s->session->cipher= cp;
+--- 414,420 ----
+  		if (cp == NULL)
+  			{
+  			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+! 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
+  			return(-1);
+  			}
+  		s->session->cipher= cp;
+***************
+*** 363,378 ****
+  		n2s(p,i); s->s2->tmp.clear=i;
+  		n2s(p,i); s->s2->tmp.enc=i;
+  		n2s(p,i); s->session->key_arg_length=i;
+  		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+- 		s->init_num=0;
+  		}
+  
+  	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
+  	p=(unsigned char *)s->init_buf->data;
+  	keya=s->session->key_arg_length;
+! 	n=s->s2->tmp.clear+s->s2->tmp.enc+keya - s->init_num;
+! 	i=ssl2_read(s,(char *)&(p[s->init_num]),n);
+  	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
+  
+  	memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
+  		(unsigned int)keya);
+--- 423,457 ----
+  		n2s(p,i); s->s2->tmp.clear=i;
+  		n2s(p,i); s->s2->tmp.enc=i;
+  		n2s(p,i); s->session->key_arg_length=i;
++ 		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
++ 			{
++ 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
++ 			return -1;
++ 			}
+  		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+  		}
+  
+  	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
+  	p=(unsigned char *)s->init_buf->data;
++ 	if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
++ 		{
++ 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
++ 		return -1;
++ 		}
+  	keya=s->session->key_arg_length;
+! 	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
+! 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+! 		{
+! 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+! 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+! 		return -1;
+! 		}
+! 	n = (int)len - s->init_num;
+! 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+  	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_MASTER_KEY,i));
++ 	p += 10;
+  
+  	memcpy(s->session->key_arg,&(p[s->s2->tmp.clear+s->s2->tmp.enc]),
+  		(unsigned int)keya);
+***************
+*** 407,418 ****
+  	/* bad decrypt */
+  #if 1
+  	/* If a bad decrypt, continue with protocol but with a
+! 	 * dud master secret */
+  	if ((i < 0) ||
+  		((!is_export && (i != EVP_CIPHER_key_length(c)))
+! 		|| (is_export && ((i != ek) || (s->s2->tmp.clear+i !=
+! 			EVP_CIPHER_key_length(c))))))
+  		{
+  		if (is_export)
+  			i=ek;
+  		else
+--- 486,498 ----
+  	/* bad decrypt */
+  #if 1
+  	/* If a bad decrypt, continue with protocol but with a
+! 	 * random master secret (Bleichenbacher attack) */
+  	if ((i < 0) ||
+  		((!is_export && (i != EVP_CIPHER_key_length(c)))
+! 		|| (is_export && ((i != ek) || (s->s2->tmp.clear+(unsigned int)i !=
+! 			(unsigned int)EVP_CIPHER_key_length(c))))))
+  		{
++ 		ERR_clear_error();
+  		if (is_export)
+  			i=ek;
+  		else
+***************
+*** 441,446 ****
+--- 521,533 ----
+  #endif
+  
+  	if (is_export) i+=s->s2->tmp.clear;
++ 
++ 	if (i > SSL_MAX_MASTER_KEY_LENGTH)
++ 		{
++ 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
++ 		return -1;
++ 		}
+  	s->session->master_key_length=i;
+  	memcpy(s->session->master_key,p,(unsigned int)i);
+  	return(1);
+***************
+*** 449,454 ****
+--- 536,542 ----
+  static int get_client_hello(SSL *s)
+  	{
+  	int i,n;
++ 	unsigned long len;
+  	unsigned char *p;
+  	STACK_OF(SSL_CIPHER) *cs; /* a stack of SSL_CIPHERS */
+  	STACK_OF(SSL_CIPHER) *cl; /* the ones we want to use */
+***************
+*** 468,473 ****
+--- 556,562 ----
+  		i=ssl2_read(s,(char *)&(p[s->init_num]),9-s->init_num);
+  		if (i < (9-s->init_num)) 
+  			return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
++ 		s->init_num = 9;
+  	
+  		if (*(p++) != SSL2_MT_CLIENT_HELLO)
+  			{
+***************
+*** 488,506 ****
+  		if (	(i < SSL2_MIN_CHALLENGE_LENGTH) ||
+  			(i > SSL2_MAX_CHALLENGE_LENGTH))
+  			{
+  			SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
+  			return(-1);
+  			}
+  		s->state=SSL2_ST_GET_CLIENT_HELLO_C;
+- 		s->init_num=0;
+  		}
+  
+  	/* SSL2_ST_GET_CLIENT_HELLO_C */
+  	p=(unsigned char *)s->init_buf->data;
+! 	n=s->s2->tmp.cipher_spec_length+s->s2->challenge_length+
+! 		s->s2->tmp.session_id_length-s->init_num;
+! 	i=ssl2_read(s,(char *)&(p[s->init_num]),n);
+  	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
+  
+  	/* get session-id before cipher stuff so we can get out session
+  	 * structure if it is cached */
+--- 577,602 ----
+  		if (	(i < SSL2_MIN_CHALLENGE_LENGTH) ||
+  			(i > SSL2_MAX_CHALLENGE_LENGTH))
+  			{
++ 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+  			SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
+  			return(-1);
+  			}
+  		s->state=SSL2_ST_GET_CLIENT_HELLO_C;
+  		}
+  
+  	/* SSL2_ST_GET_CLIENT_HELLO_C */
+  	p=(unsigned char *)s->init_buf->data;
+! 	len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
+! 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+! 		{
+! 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+! 		SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
+! 		return -1;
+! 		}
+! 	n = (int)len - s->init_num;
+! 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+  	if (i != n) return(ssl2_part_read(s,SSL_F_GET_CLIENT_HELLO,i));
++ 	p += 9;
+  
+  	/* get session-id before cipher stuff so we can get out session
+  	 * structure if it is cached */
+***************
+*** 581,586 ****
+--- 677,688 ----
+  	p+=s->s2->tmp.session_id_length;
+  
+  	/* challenge */
++ 	if (s->s2->challenge_length > sizeof s->s2->challenge)
++ 		{
++ 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
++ 		SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
++ 		return -1;
++ 		}
+  	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
+  	return(1);
+  mem_err:
+***************
+*** 706,712 ****
+  static int get_client_finished(SSL *s)
+  	{
+  	unsigned char *p;
+! 	int i;
+  
+  	p=(unsigned char *)s->init_buf->data;
+  	if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
+--- 808,815 ----
+  static int get_client_finished(SSL *s)
+  	{
+  	unsigned char *p;
+! 	int i, n;
+! 	unsigned long len;
+  
+  	p=(unsigned char *)s->init_buf->data;
+  	if (s->state == SSL2_ST_GET_CLIENT_FINISHED_A)
+***************
+*** 714,719 ****
+--- 817,823 ----
+  		i=ssl2_read(s,(char *)&(p[s->init_num]),1-s->init_num);
+  		if (i < 1-s->init_num)
+  			return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
++ 		s->init_num += i;
+  
+  		if (*p != SSL2_MT_CLIENT_FINISHED)
+  			{
+***************
+*** 726,741 ****
+  				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
+  			return(-1);
+  			}
+- 		s->init_num=0;
+  		s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
+  		}
+  
+  	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+! 	i=ssl2_read(s,(char *)&(p[s->init_num]),s->s2->conn_id_length-s->init_num);
+! 	if (i < (int)s->s2->conn_id_length-s->init_num)
+  		{
+  		return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
+  		}
+  	if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
+  		{
+  		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+--- 830,853 ----
+  				SSLerr(SSL_F_GET_CLIENT_FINISHED,SSL_R_PEER_ERROR);
+  			return(-1);
+  			}
+  		s->state=SSL2_ST_GET_CLIENT_FINISHED_B;
+  		}
+  
+  	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+! 	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+! 		{
+! 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+! 		SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+! 		return -1;
+! 		}
+! 	len = 1 + (unsigned long)s->s2->conn_id_length;
+! 	n = (int)len - s->init_num;
+! 	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+! 	if (i < n)
+  		{
+  		return(ssl2_part_read(s,SSL_F_GET_CLIENT_FINISHED,i));
+  		}
++ 	p += 1;
+  	if (memcmp(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length) != 0)
+  		{
+  		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+***************
+*** 753,758 ****
+--- 865,875 ----
+  		{
+  		p=(unsigned char *)s->init_buf->data;
+  		*(p++)=SSL2_MT_SERVER_VERIFY;
++ 		if (s->s2->challenge_length > sizeof s->s2->challenge)
++ 			{
++ 			SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR);
++ 			return -1;
++ 			}
+  		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
+  		/* p+=s->s2->challenge_length; */
+  
+***************
+*** 772,779 ****
+  		p=(unsigned char *)s->init_buf->data;
+  		*(p++)=SSL2_MT_SERVER_FINISHED;
+  
+! 		memcpy(p,s->session->session_id,
+! 			(unsigned int)s->session->session_id_length);
+  		/* p+=s->session->session_id_length; */
+  
+  		s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
+--- 889,900 ----
+  		p=(unsigned char *)s->init_buf->data;
+  		*(p++)=SSL2_MT_SERVER_FINISHED;
+  
+! 		if (s->session->session_id_length > sizeof s->session->session_id)
+! 			{
+! 			SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR);
+! 			return -1;
+! 			}
+! 		memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
+  		/* p+=s->session->session_id_length; */
+  
+  		s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
+***************
+*** 791,796 ****
+--- 912,918 ----
+  	unsigned char *p,*p2,*buf2;
+  	unsigned char *ccd;
+  	int i,j,ctype,ret= -1;
++ 	unsigned long len;
+  	X509 *x509=NULL;
+  	STACK_OF(X509) *sk=NULL;
+  
+***************
+*** 824,839 ****
+  	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
+  		{
+  		p=(unsigned char *)s->init_buf->data;
+! 		i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num);
+! 		if (i < 3)
+  			{
+  			ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
+  			goto end;
+  			}
+  
+! 		if ((*p == SSL2_MT_ERROR) && (i >= 3))
+  			{
+  			n2s(p,i);
+  			if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+  				{
+  				ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
+--- 946,973 ----
+  	if (s->state == SSL2_ST_SEND_REQUEST_CERTIFICATE_C)
+  		{
+  		p=(unsigned char *)s->init_buf->data;
+! 		i=ssl2_read(s,(char *)&(p[s->init_num]),6-s->init_num); /* try to read 6 octets ... */
+! 		if (i < 3-s->init_num) /* ... but don't call ssl2_part_read now if we got at least 3
+! 		                        * (probably NO-CERTIFICATE-ERROR) */
+  			{
+  			ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
+  			goto end;
+  			}
++ 		s->init_num += i;
+  
+! 		if ((s->init_num >= 3) && (p[0] == SSL2_MT_ERROR))
+  			{
+  			n2s(p,i);
++ 			if (i != SSL2_PE_NO_CERTIFICATE)
++ 				{
++ 				/* not the error message we expected -- let ssl2_part_read handle it */
++ 				s->init_num -= 3;
++ 				ret = ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE, 3);
++ 				goto end;
++ 				}
++ 
++ 			/* this is the one place where we can recover from an SSL 2.0 error */
++ 
+  			if (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+  				{
+  				ssl2_return_error(s,SSL2_PE_BAD_CERTIFICATE);
+***************
+*** 843,854 ****
+  			ret=1;
+  			goto end;
+  			}
+! 		if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (i < 6))
+  			{
+  			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+  			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
+  			goto end;
+  			}
+  		/* ok we have a response */
+  		/* certificate type, there is only one right now. */
+  		ctype= *(p++);
+--- 977,994 ----
+  			ret=1;
+  			goto end;
+  			}
+! 		if ((*(p++) != SSL2_MT_CLIENT_CERTIFICATE) || (s->init_num < 6))
+  			{
+  			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+  			SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_SHORT_READ);
+  			goto end;
+  			}
++ 		if (s->init_num != 6)
++ 			{
++ 			SSLerr(SSL_F_REQUEST_CERTIFICATE, SSL_R_INTERNAL_ERROR);
++ 			goto end;
++ 			}
++ 		
+  		/* ok we have a response */
+  		/* certificate type, there is only one right now. */
+  		ctype= *(p++);
+***************
+*** 861,878 ****
+  		n2s(p,i); s->s2->tmp.clen=i;
+  		n2s(p,i); s->s2->tmp.rlen=i;
+  		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
+- 		s->init_num=0;
+  		}
+  
+  	/* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
+  	p=(unsigned char *)s->init_buf->data;
+! 	j=s->s2->tmp.clen+s->s2->tmp.rlen-s->init_num;
+! 	i=ssl2_read(s,(char *)&(p[s->init_num]),j);
+  	if (i < j) 
+  		{
+  		ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
+  		goto end;
+  		}
+  
+  	x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
+  	if (x509 == NULL)
+--- 1001,1024 ----
+  		n2s(p,i); s->s2->tmp.clen=i;
+  		n2s(p,i); s->s2->tmp.rlen=i;
+  		s->state=SSL2_ST_SEND_REQUEST_CERTIFICATE_D;
+  		}
+  
+  	/* SSL2_ST_SEND_REQUEST_CERTIFICATE_D */
+  	p=(unsigned char *)s->init_buf->data;
+! 	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+! 	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+! 		{
+! 		SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
+! 		goto end;
+! 		}
+! 	j = (int)len - s->init_num;
+! 	i = ssl2_read(s,(char *)&(p[s->init_num]),j);
+  	if (i < j) 
+  		{
+  		ret=ssl2_part_read(s,SSL_F_REQUEST_CERTIFICATE,i);
+  		goto end;
+  		}
++ 	p += 6;
+  
+  	x509=(X509 *)d2i_X509(NULL,&p,(long)s->s2->tmp.clen);
+  	if (x509 == NULL)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_both.c ../RELENG_4_6/crypto/openssl/ssl/s3_both.c
+*** crypto/openssl/ssl/s3_both.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_both.c	Sun Apr 14 04:25:39 2002
+***************
+*** 56,62 ****
+   * [including the GNU Public Licence.]
+   */
+  /* ====================================================================
+!  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 56,62 ----
+   * [including the GNU Public Licence.]
+   */
+  /* ====================================================================
+!  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+***************
+*** 383,389 ****
+--- 383,393 ----
+  					 * if their format is correct. Does not count for
+  					 * 'Finished' MAC. */
+  					if (p[1] == 0 && p[2] == 0 &&p[3] == 0)
++ 						{
++ 						s->init_num = 0;
+  						skip_message = 1;
++ 						}
++ 			
+  			}
+  		while (skip_message);
+  
+***************
+*** 432,437 ****
+--- 436,442 ----
+  	/* next state (stn) */
+  	p=(unsigned char *)s->init_buf->data;
+  	n=s->s3->tmp.message_size;
++ 	n -= s->init_num;
+  	while (n > 0)
+  		{
+  		i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0);
+***************
+*** 523,528 ****
+--- 528,535 ----
+  	case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
+  	case X509_V_ERR_CERT_NOT_YET_VALID:
+  	case X509_V_ERR_CRL_NOT_YET_VALID:
++ 	case X509_V_ERR_CERT_UNTRUSTED:
++ 	case X509_V_ERR_CERT_REJECTED:
+  		al=SSL_AD_BAD_CERTIFICATE;
+  		break;
+  	case X509_V_ERR_CERT_SIGNATURE_FAILURE:
+***************
+*** 544,554 ****
+--- 551,566 ----
+  	case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
+  	case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
+  	case X509_V_ERR_CERT_CHAIN_TOO_LONG:
++ 	case X509_V_ERR_PATH_LENGTH_EXCEEDED:
++ 	case X509_V_ERR_INVALID_CA:
+  		al=SSL_AD_UNKNOWN_CA;
+  		break;
+  	case X509_V_ERR_APPLICATION_VERIFICATION:
+  		al=SSL_AD_HANDSHAKE_FAILURE;
+  		break;
++ 	case X509_V_ERR_INVALID_PURPOSE:
++ 		al=SSL_AD_UNSUPPORTED_CERTIFICATE;
++ 		break;
+  	default:
+  		al=SSL_AD_CERTIFICATE_UNKNOWN;
+  		break;
+***************
+*** 560,565 ****
+--- 572,578 ----
+  	{
+  	unsigned char *p;
+  	unsigned int extra;
++ 	size_t len;
+  
+  	if (s->s3->rbuf.buf == NULL)
+  		{
+***************
+*** 567,584 ****
+  			extra=SSL3_RT_MAX_EXTRA;
+  		else
+  			extra=0;
+! 		if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE+extra))
+! 			== NULL)
+  			goto err;
+! 		s->s3->rbuf.buf=p;
+  		}
+  
+  	if (s->s3->wbuf.buf == NULL)
+  		{
+! 		if ((p=OPENSSL_malloc(SSL3_RT_MAX_PACKET_SIZE))
+! 			== NULL)
+  			goto err;
+! 		s->s3->wbuf.buf=p;
+  		}
+  	s->packet= &(s->s3->rbuf.buf[0]);
+  	return(1);
+--- 580,600 ----
+  			extra=SSL3_RT_MAX_EXTRA;
+  		else
+  			extra=0;
+! 		len = SSL3_RT_MAX_PACKET_SIZE + extra;
+! 		if ((p=OPENSSL_malloc(len)) == NULL)
+  			goto err;
+! 		s->s3->rbuf.buf = p;
+! 		s->s3->rbuf_len = len;
+  		}
+  
+  	if (s->s3->wbuf.buf == NULL)
+  		{
+! 		len = SSL3_RT_MAX_PACKET_SIZE;
+! 		len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */
+! 		if ((p=OPENSSL_malloc(len)) == NULL)
+  			goto err;
+! 		s->s3->wbuf.buf = p;
+! 		s->s3->wbuf_len = len;
+  		}
+  	s->packet= &(s->s3->rbuf.buf[0]);
+  	return(1);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_clnt.c ../RELENG_4_6/crypto/openssl/ssl/s3_clnt.c
+*** crypto/openssl/ssl/s3_clnt.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_clnt.c	Sat Dec 21 18:54:23 2002
+***************
+*** 55,60 ****
+--- 55,113 ----
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   */
++ /* ====================================================================
++  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
+  
+  #include <stdio.h>
+  #include <openssl/buffer.h>
+***************
+*** 64,69 ****
+--- 117,123 ----
+  #include <openssl/sha.h>
+  #include <openssl/evp.h>
+  #include "ssl_locl.h"
++ #include "cryptlib.h"
+  
+  static SSL_METHOD *ssl3_get_client_method(int ver);
+  static int ssl3_client_hello(SSL *s);
+***************
+*** 92,109 ****
+  
+  	if (init)
+  		{
+! 		init=0;
+! 		memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_client_data.ssl_connect=ssl3_connect;
+! 		SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+  		}
+  	return(&SSLv3_client_data);
+  	}
+  
+  int ssl3_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf;
+  	unsigned long Time=time(NULL),l;
+  	long num1;
+  	void (*cb)()=NULL;
+--- 146,170 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_client_data.ssl_connect=ssl3_connect;
+! 			SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_client_data);
+  	}
+  
+  int ssl3_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf=NULL;
+  	unsigned long Time=time(NULL),l;
+  	long num1;
+  	void (*cb)()=NULL;
+***************
+*** 119,126 ****
+  	else if (s->ctx->info_callback != NULL)
+  		cb=s->ctx->info_callback;
+  	
+- 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+  	s->in_handshake++;
+  
+  	for (;;)
+  		{
+--- 180,187 ----
+  	else if (s->ctx->info_callback != NULL)
+  		cb=s->ctx->info_callback;
+  	
+  	s->in_handshake++;
++ 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); 
+  
+  	for (;;)
+  		{
+***************
+*** 164,169 ****
+--- 225,231 ----
+  					goto end;
+  					}
+  				s->init_buf=buf;
++ 				buf=NULL;
+  				}
+  
+  			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+***************
+*** 441,449 ****
+  		skip=0;
+  		}
+  end:
+  	if (cb != NULL)
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+- 	s->in_handshake--;
+  	return(ret);
+  	}
+  
+--- 503,513 ----
+  		skip=0;
+  		}
+  end:
++ 	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL)
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+  	}
+  
+***************
+*** 492,497 ****
+--- 556,566 ----
+  		*(p++)=i;
+  		if (i != 0)
+  			{
++ 			if (i > sizeof s->session->session_id)
++ 				{
++ 				SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
++ 				goto err;
++ 				}
+  			memcpy(p,s->session->session_id,i);
+  			p+=i;
+  			}
+***************
+*** 573,587 ****
+  	/* get the session-id */
+  	j= *(p++);
+  
+! 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+  		{
+! 		/* SSLref returns 16 :-( */
+! 		if (j < SSL2_SSL_SESSION_ID_LENGTH)
+! 			{
+! 			al=SSL_AD_ILLEGAL_PARAMETER;
+! 			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
+! 			goto f_err;
+! 			}
+  		}
+  	if (j != 0 && j == s->session->session_id_length
+  	    && memcmp(p,s->session->session_id,j) == 0)
+--- 642,652 ----
+  	/* get the session-id */
+  	j= *(p++);
+  
+! 	if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
+  		{
+! 		al=SSL_AD_ILLEGAL_PARAMETER;
+! 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+! 		goto f_err;
+  		}
+  	if (j != 0 && j == s->session->session_id_length
+  	    && memcmp(p,s->session->session_id,j) == 0)
+***************
+*** 589,594 ****
+--- 654,660 ----
+  	    if(s->sid_ctx_length != s->session->sid_ctx_length
+  	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
+  		{
++ 		/* actually a client application bug */
+  		al=SSL_AD_ILLEGAL_PARAMETER;
+  		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+  		goto f_err;
+***************
+*** 632,638 ****
+  		goto f_err;
+  		}
+  
+! 	if (s->hit && (s->session->cipher != c))
+  		{
+  		if (!(s->options &
+  			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+--- 698,709 ----
+  		goto f_err;
+  		}
+  
+! 	/* Depending on the session caching (internal/external), the cipher
+! 	   and/or cipher_id values may not be set. Make sure that
+! 	   cipher_id is set and use it for comparison. */
+! 	if (s->session->cipher)
+! 		s->session->cipher_id = s->session->cipher->id;
+! 	if (s->hit && (s->session->cipher_id != c->id))
+  		{
+  		if (!(s->options &
+  			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+***************
+*** 849,859 ****
+  	DH *dh=NULL;
+  #endif
+  
+  	n=ssl3_get_message(s,
+  		SSL3_ST_CR_KEY_EXCH_A,
+  		SSL3_ST_CR_KEY_EXCH_B,
+  		-1,
+! 		1024*8, /* ?? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+--- 920,936 ----
+  	DH *dh=NULL;
+  #endif
+  
++ 	/* use same message size as in ssl3_get_certificate_request()
++ 	 * as ServerKeyExchange message may be skipped */
+  	n=ssl3_get_message(s,
+  		SSL3_ST_CR_KEY_EXCH_A,
+  		SSL3_ST_CR_KEY_EXCH_B,
+  		-1,
+! #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)
+! 		1024*30,  /* 30k max cert list :-) */
+! #else
+! 		1024*100, /* 100k max cert list :-) */
+! #endif
+  		&ok);
+  
+  	if (!ok) return((int)n);
+***************
+*** 1308,1313 ****
+--- 1385,1391 ----
+  		/* should contain no data */
+  		ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR);
+  		SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH);
++ 		return -1;
+  		}
+  	ret=1;
+  	return(ret);
+***************
+*** 1386,1392 ****
+  				s->method->ssl3_enc->generate_master_secret(s,
+  					s->session->master_key,
+  					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+! 			memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+  			}
+  		else
+  #endif
+--- 1464,1470 ----
+  				s->method->ssl3_enc->generate_master_secret(s,
+  					s->session->master_key,
+  					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+! 			OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+  			}
+  		else
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_enc.c ../RELENG_4_6/crypto/openssl/ssl/s3_enc.c
+*** crypto/openssl/ssl/s3_enc.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_enc.c	Wed Feb 12 09:17:33 2003
+***************
+*** 55,60 ****
+--- 55,113 ----
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   */
++ /* ====================================================================
++  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
+  
+  #include <stdio.h>
+  #include <openssl/md5.h>
+***************
+*** 121,127 ****
+  
+  		km+=MD5_DIGEST_LENGTH;
+  		}
+! 	memset(smd,0,SHA_DIGEST_LENGTH);
+  	}
+  
+  int ssl3_change_cipher_state(SSL *s, int which)
+--- 174,180 ----
+  
+  		km+=MD5_DIGEST_LENGTH;
+  		}
+! 	OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
+  	}
+  
+  int ssl3_change_cipher_state(SSL *s, int which)
+***************
+*** 265,272 ****
+  
+  	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+  
+! 	memset(&(exp_key[0]),0,sizeof(exp_key));
+! 	memset(&(exp_iv[0]),0,sizeof(exp_iv));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+--- 318,325 ----
+  
+  	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+  
+! 	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+! 	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+***************
+*** 305,313 ****
+  
+  	s->s3->tmp.key_block_length=num;
+  	s->s3->tmp.key_block=p;
+! 
+  	ssl3_generate_key_block(s,p,num);
+  
+  	return(1);
+  err:
+  	SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+--- 358,385 ----
+  
+  	s->s3->tmp.key_block_length=num;
+  	s->s3->tmp.key_block=p;
+! 	
+  	ssl3_generate_key_block(s,p,num);
++ 	
++ 	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
++ 		{
++ 		/* enable vulnerability countermeasure for CBC ciphers with
++ 		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
++ 		 */
++ 		s->s3->need_empty_fragments = 1;
+  
++  		if (s->session->cipher != NULL)
++ 			{
++ 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
++  				s->s3->need_empty_fragments = 0;
++  			
++ #ifndef NO_RC4
++  			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
++  				s->s3->need_empty_fragments = 0;
++ #endif
++  			}
++  		}
++ 		
+  	return(1);
+  err:
+  	SSLerr(SSL_F_SSL3_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+***************
+*** 318,324 ****
+  	{
+  	if (s->s3->tmp.key_block != NULL)
+  		{
+! 		memset(s->s3->tmp.key_block,0,
+  			s->s3->tmp.key_block_length);
+  		OPENSSL_free(s->s3->tmp.key_block);
+  		s->s3->tmp.key_block=NULL;
+--- 390,396 ----
+  	{
+  	if (s->s3->tmp.key_block != NULL)
+  		{
+! 		OPENSSL_cleanse(s->s3->tmp.key_block,
+  			s->s3->tmp.key_block_length);
+  		OPENSSL_free(s->s3->tmp.key_block);
+  		s->s3->tmp.key_block=NULL;
+***************
+*** 356,362 ****
+  	if ((s->session == NULL) || (ds == NULL) ||
+  		(enc == NULL))
+  		{
+! 		memcpy(rec->data,rec->input,rec->length);
+  		rec->input=rec->data;
+  		}
+  	else
+--- 428,434 ----
+  	if ((s->session == NULL) || (ds == NULL) ||
+  		(enc == NULL))
+  		{
+! 		memmove(rec->data,rec->input,rec->length);
+  		rec->input=rec->data;
+  		}
+  	else
+***************
+*** 366,372 ****
+  
+  		/* COMPRESS */
+  
+- 		/* This should be using (bs-1) and bs instead of 7 and 8 */
+  		if ((bs != 1) && send)
+  			{
+  			i=bs-((int)l%bs);
+--- 438,443 ----
+***************
+*** 376,393 ****
+  			rec->length+=i;
+  			rec->input[l-1]=(i-1);
+  			}
+! 
+  		EVP_Cipher(ds,rec->data,rec->input,l);
+  
+  		if ((bs != 1) && !send)
+  			{
+  			i=rec->data[l-1]+1;
+  			if (i > bs)
+  				{
+! 				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+! 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPT_ERROR);
+! 				return(0);
+  				}
+  			rec->length-=i;
+  			}
+  		}
+--- 447,480 ----
+  			rec->length+=i;
+  			rec->input[l-1]=(i-1);
+  			}
+! 		
+! 		if (!send)
+! 			{
+! 			if (l == 0 || l%bs != 0)
+! 				{
+! 				SSLerr(SSL_F_SSL3_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+! 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+! 				return 0;
+! 				}
+! 			/* otherwise, rec->length >= bs */
+! 			}
+! 		
+  		EVP_Cipher(ds,rec->data,rec->input,l);
+  
+  		if ((bs != 1) && !send)
+  			{
+  			i=rec->data[l-1]+1;
++ 			/* SSL 3.0 bounds the number of padding bytes by the block size;
++ 			 * padding bytes (except the last one) are arbitrary */
+  			if (i > bs)
+  				{
+! 				/* Incorrect padding. SSLerr() and ssl3_alert are done
+! 				 * by caller: we don't want to reveal whether this is
+! 				 * a decryption error or a MAC verification failure
+! 				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+! 				return -1;
+  				}
++ 			/* now i <= bs <= rec->length */
+  			rec->length-=i;
+  			}
+  		}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_lib.c ../RELENG_4_6/crypto/openssl/ssl/s3_lib.c
+*** crypto/openssl/ssl/s3_lib.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_lib.c	Thu Nov 28 03:06:35 2002
+***************
+*** 56,62 ****
+   * [including the GNU Public Licence.]
+   */
+  /* ====================================================================
+!  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 56,62 ----
+   * [including the GNU Public Licence.]
+   */
+  /* ====================================================================
+!  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+***************
+*** 129,135 ****
+  	SSL3_TXT_RSA_NULL_MD5,
+  	SSL3_CK_RSA_NULL_MD5,
+  	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
+! 	SSL_NOT_EXP,
+  	0,
+  	0,
+  	0,
+--- 129,135 ----
+  	SSL3_TXT_RSA_NULL_MD5,
+  	SSL3_CK_RSA_NULL_MD5,
+  	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3,
+! 	SSL_NOT_EXP|SSL_STRONG_NONE,
+  	0,
+  	0,
+  	0,
+***************
+*** 142,148 ****
+  	SSL3_TXT_RSA_NULL_SHA,
+  	SSL3_CK_RSA_NULL_SHA,
+  	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP,
+  	0,
+  	0,
+  	0,
+--- 142,148 ----
+  	SSL3_TXT_RSA_NULL_SHA,
+  	SSL3_CK_RSA_NULL_SHA,
+  	SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP|SSL_STRONG_NONE,
+  	0,
+  	0,
+  	0,
+***************
+*** 170,176 ****
+  	SSL3_TXT_ADH_RC4_128_MD5,
+  	SSL3_CK_ADH_RC4_128_MD5,
+  	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+! 	SSL_NOT_EXP,
+  	0,
+  	128,
+  	128,
+--- 170,176 ----
+  	SSL3_TXT_ADH_RC4_128_MD5,
+  	SSL3_CK_ADH_RC4_128_MD5,
+  	SSL_kEDH |SSL_aNULL|SSL_RC4  |SSL_MD5 |SSL_SSLV3,
+! 	SSL_NOT_EXP|SSL_MEDIUM,
+  	0,
+  	128,
+  	128,
+***************
+*** 196,202 ****
+  	SSL3_TXT_ADH_DES_64_CBC_SHA,
+  	SSL3_CK_ADH_DES_64_CBC_SHA,
+  	SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP,
+  	0,
+  	56,
+  	56,
+--- 196,202 ----
+  	SSL3_TXT_ADH_DES_64_CBC_SHA,
+  	SSL3_CK_ADH_DES_64_CBC_SHA,
+  	SSL_kEDH |SSL_aNULL|SSL_DES  |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP|SSL_LOW,
+  	0,
+  	56,
+  	56,
+***************
+*** 209,215 ****
+  	SSL3_TXT_ADH_DES_192_CBC_SHA,
+  	SSL3_CK_ADH_DES_192_CBC_SHA,
+  	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP,
+  	0,
+  	168,
+  	168,
+--- 209,215 ----
+  	SSL3_TXT_ADH_DES_192_CBC_SHA,
+  	SSL3_CK_ADH_DES_192_CBC_SHA,
+  	SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP|SSL_HIGH,
+  	0,
+  	168,
+  	168,
+***************
+*** 490,496 ****
+  	SSL3_TXT_FZA_DMS_NULL_SHA,
+  	SSL3_CK_FZA_DMS_NULL_SHA,
+  	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP,
+  	0,
+  	0,
+  	0,
+--- 490,496 ----
+  	SSL3_TXT_FZA_DMS_NULL_SHA,
+  	SSL3_CK_FZA_DMS_NULL_SHA,
+  	SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP|SSL_STRONG_NONE,
+  	0,
+  	0,
+  	0,
+***************
+*** 504,510 ****
+  	SSL3_TXT_FZA_DMS_FZA_SHA,
+  	SSL3_CK_FZA_DMS_FZA_SHA,
+  	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP,
+  	0,
+  	0,
+  	0,
+--- 504,510 ----
+  	SSL3_TXT_FZA_DMS_FZA_SHA,
+  	SSL3_CK_FZA_DMS_FZA_SHA,
+  	SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP|SSL_STRONG_NONE,
+  	0,
+  	0,
+  	0,
+***************
+*** 518,524 ****
+  	SSL3_TXT_FZA_DMS_RC4_SHA,
+  	SSL3_CK_FZA_DMS_RC4_SHA,
+  	SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP,
+  	0,
+  	128,
+  	128,
+--- 518,524 ----
+  	SSL3_TXT_FZA_DMS_RC4_SHA,
+  	SSL3_CK_FZA_DMS_RC4_SHA,
+  	SSL_kFZA|SSL_aFZA |SSL_RC4  |SSL_SHA1|SSL_SSLV3,
+! 	SSL_NOT_EXP|SSL_MEDIUM,
+  	0,
+  	128,
+  	128,
+***************
+*** 612,618 ****
+  	    TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+  	    TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+  	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+! 	    SSL_NOT_EXP,
+  	    0,
+  	    128,
+  	    128,
+--- 612,618 ----
+  	    TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA,
+  	    TLS1_CK_DHE_DSS_WITH_RC4_128_SHA,
+  	    SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1,
+! 	    SSL_NOT_EXP|SSL_MEDIUM,
+  	    0,
+  	    128,
+  	    128,
+***************
+*** 693,698 ****
+--- 693,701 ----
+  
+  int ssl3_pending(SSL *s)
+  	{
++ 	if (s->rstate == SSL_ST_READ_BODY)
++ 		return 0;
++ 	
+  	return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0;
+  	}
+  
+***************
+*** 729,735 ****
+  #endif
+  	if (s->s3->tmp.ca_names != NULL)
+  		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+! 	memset(s->s3,0,sizeof *s->s3);
+  	OPENSSL_free(s->s3);
+  	s->s3=NULL;
+  	}
+--- 732,738 ----
+  #endif
+  	if (s->s3->tmp.ca_names != NULL)
+  		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+! 	OPENSSL_cleanse(s->s3,sizeof *s->s3);
+  	OPENSSL_free(s->s3);
+  	s->s3=NULL;
+  	}
+***************
+*** 737,742 ****
+--- 740,746 ----
+  void ssl3_clear(SSL *s)
+  	{
+  	unsigned char *rp,*wp;
++ 	size_t rlen, wlen;
+  
+  	ssl3_cleanup_key_block(s);
+  	if (s->s3->tmp.ca_names != NULL)
+***************
+*** 752,763 ****
+  		DH_free(s->s3->tmp.dh);
+  #endif
+  
+! 	rp=s->s3->rbuf.buf;
+! 	wp=s->s3->wbuf.buf;
+  
+  	memset(s->s3,0,sizeof *s->s3);
+! 	if (rp != NULL) s->s3->rbuf.buf=rp;
+! 	if (wp != NULL) s->s3->wbuf.buf=wp;
+  
+  	ssl_free_wbio_buffer(s);
+  
+--- 756,771 ----
+  		DH_free(s->s3->tmp.dh);
+  #endif
+  
+! 	rp = s->s3->rbuf.buf;
+! 	wp = s->s3->wbuf.buf;
+! 	rlen = s->s3->rbuf_len;
+! 	wlen = s->s3->wbuf_len;
+  
+  	memset(s->s3,0,sizeof *s->s3);
+! 	s->s3->rbuf.buf = rp;
+! 	s->s3->wbuf.buf = wp;
+! 	s->s3->rbuf_len = rlen;
+! 	s->s3->wbuf_len = wlen;
+  
+  	ssl_free_wbio_buffer(s);
+  
+***************
+*** 1076,1091 ****
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		for (i=0; i<SSL3_NUM_CIPHERS; i++)
+! 			sorted[i]= &(ssl3_ciphers[i]);
+  
+! 		qsort(	(char *)sorted,
+! 			SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 			FP_ICC ssl_cipher_ptr_id_cmp);
+  
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+- 
+- 		init=0;
+  		}
+  
+  	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
+--- 1084,1102 ----
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		if (init)
+! 			{
+! 			for (i=0; i<SSL3_NUM_CIPHERS; i++)
+! 				sorted[i]= &(ssl3_ciphers[i]);
+  
+! 			qsort(sorted,
+! 				SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 				FP_ICC ssl_cipher_ptr_id_cmp);
+  
++ 			init=0;
++ 			}
++ 		
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+  		}
+  
+  	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
+***************
+*** 1312,1324 ****
+  	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+  	s->s3->in_read_app_data=1;
+  	ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+! 	if ((ret == -1) && (s->s3->in_read_app_data == 0))
+  		{
+  		/* ssl3_read_bytes decided to call s->handshake_func, which
+  		 * called ssl3_read_bytes to read handshake data.
+  		 * However, ssl3_read_bytes actually found application data
+! 		 * and thinks that application data makes sense here (signalled
+! 		 * by resetting 'in_read_app_data', strangely); so disable
+  		 * handshake processing and try to read application data again. */
+  		s->in_handshake++;
+  		ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+--- 1323,1334 ----
+  	if (s->s3->renegotiate) ssl3_renegotiate_check(s);
+  	s->s3->in_read_app_data=1;
+  	ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+! 	if ((ret == -1) && (s->s3->in_read_app_data == 2))
+  		{
+  		/* ssl3_read_bytes decided to call s->handshake_func, which
+  		 * called ssl3_read_bytes to read handshake data.
+  		 * However, ssl3_read_bytes actually found application data
+! 		 * and thinks that application data makes sense here; so disable
+  		 * handshake processing and try to read application data again. */
+  		s->in_handshake++;
+  		ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_meth.c ../RELENG_4_6/crypto/openssl/ssl/s3_meth.c
+*** crypto/openssl/ssl/s3_meth.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_meth.c	Thu Sep 26 11:55:45 2002
+***************
+*** 76,87 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_data.ssl_connect=ssl3_connect;
+! 		SSLv3_data.ssl_accept=ssl3_accept;
+! 		SSLv3_data.get_ssl_method=ssl3_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv3_data);
+  	}
+--- 76,94 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_data.ssl_connect=ssl3_connect;
+! 			SSLv3_data.ssl_accept=ssl3_accept;
+! 			SSLv3_data.get_ssl_method=ssl3_get_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_pkt.c ../RELENG_4_6/crypto/openssl/ssl/s3_pkt.c
+*** crypto/openssl/ssl/s3_pkt.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_pkt.c	Wed Feb 19 07:04:07 2003
+***************
+*** 56,62 ****
+   * [including the GNU Public Licence.]
+   */
+  /* ====================================================================
+!  * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 56,62 ----
+   * [including the GNU Public Licence.]
+   */
+  /* ====================================================================
+!  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+***************
+*** 117,123 ****
+  #include "ssl_locl.h"
+  
+  static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+! 			 unsigned int len);
+  static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+  			      unsigned int len);
+  static int ssl3_get_record(SSL *s);
+--- 117,123 ----
+  #include "ssl_locl.h"
+  
+  static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+! 			 unsigned int len, int create_empty_fragment);
+  static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
+  			      unsigned int len);
+  static int ssl3_get_record(SSL *s);
+***************
+*** 162,170 ****
+  
+  	{
+  		/* avoid buffer overflow */
+! 		int max_max = SSL3_RT_MAX_PACKET_SIZE - s->packet_length;
+! 		if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER)
+! 			max_max += SSL3_RT_MAX_EXTRA;
+  		if (max > max_max)
+  			max = max_max;
+  	}
+--- 162,168 ----
+  
+  	{
+  		/* avoid buffer overflow */
+! 		int max_max = s->s3->rbuf_len - s->packet_length;
+  		if (max > max_max)
+  			max = max_max;
+  	}
+***************
+*** 231,244 ****
+  static int ssl3_get_record(SSL *s)
+  	{
+  	int ssl_major,ssl_minor,al;
+! 	int n,i,ret= -1;
+  	SSL3_RECORD *rr;
+  	SSL_SESSION *sess;
+  	unsigned char *p;
+  	unsigned char md[EVP_MAX_MD_SIZE];
+  	short version;
+  	unsigned int mac_size;
+! 	int clear=0,extra;
+  
+  	rr= &(s->s3->rrec);
+  	sess=s->session;
+--- 229,245 ----
+  static int ssl3_get_record(SSL *s)
+  	{
+  	int ssl_major,ssl_minor,al;
+! 	int enc_err,n,i,ret= -1;
+  	SSL3_RECORD *rr;
+  	SSL_SESSION *sess;
+  	unsigned char *p;
+  	unsigned char md[EVP_MAX_MD_SIZE];
+  	short version;
+  	unsigned int mac_size;
+! 	int clear=0;
+! 	size_t extra;
+! 	int decryption_failed_or_bad_record_mac = 0;
+! 	unsigned char *mac = NULL;
+  
+  	rr= &(s->s3->rrec);
+  	sess=s->session;
+***************
+*** 247,260 ****
+  		extra=SSL3_RT_MAX_EXTRA;
+  	else
+  		extra=0;
+  
+  again:
+  	/* check if we have the header */
+  	if (	(s->rstate != SSL_ST_READ_BODY) ||
+  		(s->packet_length < SSL3_RT_HEADER_LENGTH)) 
+  		{
+! 		n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH,
+! 			SSL3_RT_MAX_PACKET_SIZE,0);
+  		if (n <= 0) return(n); /* error or non-blocking */
+  		s->rstate=SSL_ST_READ_BODY;
+  
+--- 248,267 ----
+  		extra=SSL3_RT_MAX_EXTRA;
+  	else
+  		extra=0;
++ 	if (extra != s->s3->rbuf_len - SSL3_RT_MAX_PACKET_SIZE)
++ 		{
++ 		/* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER
++ 		 * set after ssl3_setup_buffers() was done */
++ 		SSLerr(SSL_F_SSL3_GET_RECORD, SSL_R_INTERNAL_ERROR);
++ 		return -1;
++ 		}
+  
+  again:
+  	/* check if we have the header */
+  	if (	(s->rstate != SSL_ST_READ_BODY) ||
+  		(s->packet_length < SSL3_RT_HEADER_LENGTH)) 
+  		{
+! 		n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf_len, 0);
+  		if (n <= 0) return(n); /* error or non-blocking */
+  		s->rstate=SSL_ST_READ_BODY;
+  
+***************
+*** 291,298 ****
+  			goto err;
+  			}
+  
+! 		if (rr->length > 
+! 			(unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+  			{
+  			al=SSL_AD_RECORD_OVERFLOW;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
+--- 298,304 ----
+  			goto err;
+  			}
+  
+! 		if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+  			{
+  			al=SSL_AD_RECORD_OVERFLOW;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG);
+***************
+*** 304,310 ****
+  
+  	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+  
+! 	if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH))
+  		{
+  		/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
+  		i=rr->length;
+--- 310,316 ----
+  
+  	/* s->rstate == SSL_ST_READ_BODY, get and decode the data */
+  
+! 	if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH)
+  		{
+  		/* now s->packet_length == SSL3_RT_HEADER_LENGTH */
+  		i=rr->length;
+***************
+*** 332,338 ****
+  	 * rr->length bytes of encrypted compressed stuff. */
+  
+  	/* check is not needed I believe */
+! 	if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+  		{
+  		al=SSL_AD_RECORD_OVERFLOW;
+  		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+--- 338,344 ----
+  	 * rr->length bytes of encrypted compressed stuff. */
+  
+  	/* check is not needed I believe */
+! 	if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra)
+  		{
+  		al=SSL_AD_RECORD_OVERFLOW;
+  		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
+***************
+*** 342,357 ****
+  	/* decrypt in place in 'rr->input' */
+  	rr->data=rr->input;
+  
+! 	if (!s->method->ssl3_enc->enc(s,0))
+  		{
+! 		al=SSL_AD_DECRYPT_ERROR;
+! 		goto f_err;
+  		}
+  #ifdef TLS_DEBUG
+  printf("dec %d\n",rr->length);
+  { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+  printf("\n");
+  #endif
+  	/* r->length is now the compressed data plus mac */
+  	if (	(sess == NULL) ||
+  		(s->enc_read_ctx == NULL) ||
+--- 348,373 ----
+  	/* decrypt in place in 'rr->input' */
+  	rr->data=rr->input;
+  
+! 	enc_err = s->method->ssl3_enc->enc(s,0);
+! 	if (enc_err <= 0)
+  		{
+! 		if (enc_err == 0)
+! 			/* SSLerr() and ssl3_send_alert() have been called */
+! 			goto err;
+! 
+! 		/* Otherwise enc_err == -1, which indicates bad padding
+! 		 * (rec->length has not been changed in this case).
+! 		 * To minimize information leaked via timing, we will perform
+! 		 * the MAC computation anyway. */
+! 		decryption_failed_or_bad_record_mac = 1;
+  		}
++ 
+  #ifdef TLS_DEBUG
+  printf("dec %d\n",rr->length);
+  { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); }
+  printf("\n");
+  #endif
++ 
+  	/* r->length is now the compressed data plus mac */
+  	if (	(sess == NULL) ||
+  		(s->enc_read_ctx == NULL) ||
+***************
+*** 364,396 ****
+  
+  		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
+  			{
+  			al=SSL_AD_RECORD_OVERFLOW;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length < mac_size)
+  			{
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  			}
+- 		rr->length-=mac_size;
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+  			{
+! 			al=SSL_AD_BAD_RECORD_MAC;
+! 			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE);
+! 			ret= -1;
+! 			goto f_err;
+  			}
+  		}
+  
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+! 		if (rr->length > 
+! 			(unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
+  			{
+  			al=SSL_AD_RECORD_OVERFLOW;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+--- 380,434 ----
+  
+  		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size)
+  			{
++ #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */
+  			al=SSL_AD_RECORD_OVERFLOW;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
++ #else
++ 			decryption_failed_or_bad_record_mac = 1;
++ #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length >= mac_size)
+  			{
++ 			rr->length -= mac_size;
++ 			mac = &rr->data[rr->length];
++ 			}
++ 		else
++ 			{
++ 			/* record (minus padding) is too short to contain a MAC */
++ #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
++ #else
++ 			decryption_failed_or_bad_record_mac = 1;
++ 			rr->length = 0;
++ #endif
+  			}
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+  			{
+! 			decryption_failed_or_bad_record_mac = 1;
+  			}
+  		}
+  
++ 	if (decryption_failed_or_bad_record_mac)
++ 		{
++ 		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
++ 		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
++ 		 * failure is directly visible from the ciphertext anyway,
++ 		 * we should not reveal which kind of error occured -- this
++ 		 * might become visible to an attacker (e.g. via a logfile) */
++ 		al=SSL_AD_BAD_RECORD_MAC;
++ 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
++ 		goto f_err;
++ 		}
++ 
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+! 		if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra)
+  			{
+  			al=SSL_AD_RECORD_OVERFLOW;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG);
+***************
+*** 404,410 ****
+  			}
+  		}
+  
+! 	if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra)
+  		{
+  		al=SSL_AD_RECORD_OVERFLOW;
+  		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
+--- 442,448 ----
+  			}
+  		}
+  
+! 	if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra)
+  		{
+  		al=SSL_AD_RECORD_OVERFLOW;
+  		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG);
+***************
+*** 427,432 ****
+--- 465,471 ----
+  	if (rr->length == 0) goto again;
+  
+  	return(1);
++ 
+  f_err:
+  	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+  err:
+***************
+*** 488,494 ****
+  		if (i == 0)
+  			{
+  			SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+! 			return(-1);
+  			}
+  		}
+  
+--- 527,533 ----
+  		if (i == 0)
+  			{
+  			SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE);
+! 			return -1;
+  			}
+  		}
+  
+***************
+*** 500,517 ****
+  		else
+  			nw=n;
+  
+! 		i=do_ssl3_write(s,type,&(buf[tot]),nw);
+  		if (i <= 0)
+  			{
+  			s->s3->wnum=tot;
+! 			return(i);
+  			}
+  
+  		if ((i == (int)n) ||
+  			(type == SSL3_RT_APPLICATION_DATA &&
+  			 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
+  			{
+! 			return(tot+i);
+  			}
+  
+  		n-=i;
+--- 539,560 ----
+  		else
+  			nw=n;
+  
+! 		i=do_ssl3_write(s, type, &(buf[tot]), nw, 0);
+  		if (i <= 0)
+  			{
+  			s->s3->wnum=tot;
+! 			return i;
+  			}
+  
+  		if ((i == (int)n) ||
+  			(type == SSL3_RT_APPLICATION_DATA &&
+  			 (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE)))
+  			{
+! 			/* next chunk of data should get another prepended empty fragment
+! 			 * in ciphersuites with known-IV weakness: */
+! 			s->s3->empty_fragment_done = 0;
+! 			
+! 			return tot+i;
+  			}
+  
+  		n-=i;
+***************
+*** 520,534 ****
+  	}
+  
+  static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+! 			 unsigned int len)
+  	{
+  	unsigned char *p,*plen;
+  	int i,mac_size,clear=0;
+  	SSL3_RECORD *wr;
+  	SSL3_BUFFER *wb;
+  	SSL_SESSION *sess;
+  
+! 	/* first check is there is a SSL3_RECORD still being written
+  	 * out.  This will happen with non blocking IO */
+  	if (s->s3->wbuf.left != 0)
+  		return(ssl3_write_pending(s,type,buf,len));
+--- 563,578 ----
+  	}
+  
+  static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
+! 			 unsigned int len, int create_empty_fragment)
+  	{
+  	unsigned char *p,*plen;
+  	int i,mac_size,clear=0;
++ 	int prefix_len = 0;
+  	SSL3_RECORD *wr;
+  	SSL3_BUFFER *wb;
+  	SSL_SESSION *sess;
+  
+! 	/* first check if there is a SSL3_BUFFER still being written
+  	 * out.  This will happen with non blocking IO */
+  	if (s->s3->wbuf.left != 0)
+  		return(ssl3_write_pending(s,type,buf,len));
+***************
+*** 542,548 ****
+  		/* if it went, fall through and send more stuff */
+  		}
+  
+! 	if (len == 0) return(len);
+  
+  	wr= &(s->s3->wrec);
+  	wb= &(s->s3->wbuf);
+--- 586,593 ----
+  		/* if it went, fall through and send more stuff */
+  		}
+  
+! 	if (len == 0 && !create_empty_fragment)
+! 		return 0;
+  
+  	wr= &(s->s3->wrec);
+  	wb= &(s->s3->wbuf);
+***************
+*** 558,573 ****
+  	else
+  		mac_size=EVP_MD_size(s->write_hash);
+  
+! 	p=wb->buf;
+  
+  	/* write the header */
+  	*(p++)=type&0xff;
+  	wr->type=type;
+  
+  	*(p++)=(s->version>>8);
+  	*(p++)=s->version&0xff;
+  
+! 	/* record where we are to write out packet length */
+  	plen=p; 
+  	p+=2;
+  
+--- 603,646 ----
+  	else
+  		mac_size=EVP_MD_size(s->write_hash);
+  
+! 	/* 'create_empty_fragment' is true only when this function calls itself */
+! 	if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done)
+! 		{
+! 		/* countermeasure against known-IV weakness in CBC ciphersuites
+! 		 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+! 
+! 		if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA)
+! 			{
+! 			/* recursive function call with 'create_empty_fragment' set;
+! 			 * this prepares and buffers the data for an empty fragment
+! 			 * (these 'prefix_len' bytes are sent out later
+! 			 * together with the actual payload) */
+! 			prefix_len = do_ssl3_write(s, type, buf, 0, 1);
+! 			if (prefix_len <= 0)
+! 				goto err;
+! 
+! 			if (s->s3->wbuf_len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE)
+! 				{
+! 				/* insufficient space */
+! 				SSLerr(SSL_F_DO_SSL3_WRITE, SSL_R_INTERNAL_ERROR);
+! 				goto err;
+! 				}
+! 			}
+! 		
+! 		s->s3->empty_fragment_done = 1;
+! 		}
+! 
+! 	p = wb->buf + prefix_len;
+  
+  	/* write the header */
++ 
+  	*(p++)=type&0xff;
+  	wr->type=type;
+  
+  	*(p++)=(s->version>>8);
+  	*(p++)=s->version&0xff;
+  
+! 	/* field where we are to write out packet length */
+  	plen=p; 
+  	p+=2;
+  
+***************
+*** 618,636 ****
+  	wr->type=type; /* not needed but helps for debugging */
+  	wr->length+=SSL3_RT_HEADER_LENGTH;
+  
+! 	/* Now lets setup wb */
+! 	wb->left=wr->length;
+! 	wb->offset=0;
+  
+  	s->s3->wpend_tot=len;
+  	s->s3->wpend_buf=buf;
+  	s->s3->wpend_type=type;
+  	s->s3->wpend_ret=len;
+  
+  	/* we now just need to write the buffer */
+! 	return(ssl3_write_pending(s,type,buf,len));
+  err:
+! 	return(-1);
+  	}
+  
+  /* if s->s3->wbuf.left != 0, we need to call this */
+--- 691,718 ----
+  	wr->type=type; /* not needed but helps for debugging */
+  	wr->length+=SSL3_RT_HEADER_LENGTH;
+  
+! 	if (create_empty_fragment)
+! 		{
+! 		/* we are in a recursive call;
+! 		 * just return the length, don't write out anything here
+! 		 */
+! 		return wr->length;
+! 		}
+  
++ 	/* now let's set up wb */
++ 	wb->left = prefix_len + wr->length;
++ 	wb->offset = 0;
++ 
++ 	/* memorize arguments so that ssl3_write_pending can detect bad write retries later */
+  	s->s3->wpend_tot=len;
+  	s->s3->wpend_buf=buf;
+  	s->s3->wpend_type=type;
+  	s->s3->wpend_ret=len;
+  
+  	/* we now just need to write the buffer */
+! 	return ssl3_write_pending(s,type,buf,len);
+  err:
+! 	return -1;
+  	}
+  
+  /* if s->s3->wbuf.left != 0, we need to call this */
+***************
+*** 1056,1061 ****
+--- 1138,1144 ----
+  		/* TLS just ignores unknown message types */
+  		if (s->version == TLS1_VERSION)
+  			{
++ 			rr->length = 0;
+  			goto start;
+  			}
+  #endif
+***************
+*** 1092,1098 ****
+  					)
+  				))
+  			{
+! 			s->s3->in_read_app_data=0;
+  			return(-1);
+  			}
+  		else
+--- 1175,1181 ----
+  					)
+  				))
+  			{
+! 			s->s3->in_read_app_data=2;
+  			return(-1);
+  			}
+  		else
+***************
+*** 1156,1161 ****
+--- 1239,1246 ----
+  	{
+  	/* Map tls/ssl alert value to correct one */
+  	desc=s->method->ssl3_enc->alert_value(desc);
++ 	if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION)
++ 		desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */
+  	if (desc < 0) return;
+  	/* If a fatal one, remove from cache */
+  	if ((level == 2) && (s->session != NULL))
+***************
+*** 1164,1170 ****
+  	s->s3->alert_dispatch=1;
+  	s->s3->send_alert[0]=level;
+  	s->s3->send_alert[1]=desc;
+! 	if (s->s3->wbuf.left == 0) /* data still being written out */
+  		ssl3_dispatch_alert(s);
+  	/* else data is still being written out, we will get written
+  	 * some time in the future */
+--- 1249,1255 ----
+  	s->s3->alert_dispatch=1;
+  	s->s3->send_alert[0]=level;
+  	s->s3->send_alert[1]=desc;
+! 	if (s->s3->wbuf.left == 0) /* data still being written out? */
+  		ssl3_dispatch_alert(s);
+  	/* else data is still being written out, we will get written
+  	 * some time in the future */
+***************
+*** 1176,1191 ****
+  	void (*cb)()=NULL;
+  
+  	s->s3->alert_dispatch=0;
+! 	i=do_ssl3_write(s,SSL3_RT_ALERT,&s->s3->send_alert[0],2);
+  	if (i <= 0)
+  		{
+  		s->s3->alert_dispatch=1;
+  		}
+  	else
+  		{
+! 		/* If it is important, send it now.  If the message
+! 		 * does not get sent due to non-blocking IO, we will
+! 		 * not worry too much. */
+  		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+  			(void)BIO_flush(s->wbio);
+  
+--- 1261,1276 ----
+  	void (*cb)()=NULL;
+  
+  	s->s3->alert_dispatch=0;
+! 	i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0);
+  	if (i <= 0)
+  		{
+  		s->s3->alert_dispatch=1;
+  		}
+  	else
+  		{
+! 		/* Alert sent to BIO.  If it is important, flush it now.
+! 		 * If the message does not get sent due to non-blocking IO,
+! 		 * we will not worry too much. */
+  		if (s->s3->send_alert[0] == SSL3_AL_FATAL)
+  			(void)BIO_flush(s->wbio);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_srvr.c ../RELENG_4_6/crypto/openssl/ssl/s3_srvr.c
+*** crypto/openssl/ssl/s3_srvr.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_srvr.c	Fri Nov 29 06:31:18 2002
+***************
+*** 55,60 ****
+--- 55,113 ----
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   */
++ /* ====================================================================
++  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
+  
+  #define REUSE_CIPHER_BUG
+  #define NETSCAPE_HANG_BUG
+***************
+*** 69,74 ****
+--- 122,128 ----
+  #include <openssl/evp.h>
+  #include <openssl/x509.h>
+  #include "ssl_locl.h"
++ #include "cryptlib.h"
+  
+  static SSL_METHOD *ssl3_get_server_method(int ver);
+  static int ssl3_get_client_hello(SSL *s);
+***************
+*** 97,107 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_server_data.ssl_accept=ssl3_accept;
+! 		SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv3_server_data);
+  	}
+--- 151,168 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_server_data.ssl_accept=ssl3_accept;
+! 			SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+! 			init=0;
+! 			}
+! 			
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_server_data);
+  	}
+***************
+*** 125,132 ****
+  		cb=s->ctx->info_callback;
+  
+  	/* init things to blank */
+- 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+  	s->in_handshake++;
+  
+  	if (s->cert == NULL)
+  		{
+--- 186,193 ----
+  		cb=s->ctx->info_callback;
+  
+  	/* init things to blank */
+  	s->in_handshake++;
++ 	if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s);
+  
+  	if (s->cert == NULL)
+  		{
+***************
+*** 180,200 ****
+  				goto end;
+  				}
+  
+- 			/* Ok, we now need to push on a buffering BIO so that
+- 			 * the output is sent in a way that TCP likes :-)
+- 			 */
+- 			if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
+- 
+  			s->init_num=0;
+  
+  			if (s->state != SSL_ST_RENEGOTIATE)
+  				{
+  				ssl3_init_finished_mac(s);
+  				s->state=SSL3_ST_SR_CLNT_HELLO_A;
+  				s->ctx->stats.sess_accept++;
+  				}
+  			else
+  				{
+  				s->ctx->stats.sess_accept_renegotiate++;
+  				s->state=SSL3_ST_SW_HELLO_REQ_A;
+  				}
+--- 241,263 ----
+  				goto end;
+  				}
+  
+  			s->init_num=0;
+  
+  			if (s->state != SSL_ST_RENEGOTIATE)
+  				{
++ 				/* Ok, we now need to push on a buffering BIO so that
++ 				 * the output is sent in a way that TCP likes :-)
++ 				 */
++ 				if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; }
++ 				
+  				ssl3_init_finished_mac(s);
+  				s->state=SSL3_ST_SR_CLNT_HELLO_A;
+  				s->ctx->stats.sess_accept++;
+  				}
+  			else
+  				{
++ 				/* s->state == SSL_ST_RENEGOTIATE,
++ 				 * we will just send a HelloRequest */
+  				s->ctx->stats.sess_accept_renegotiate++;
+  				s->state=SSL3_ST_SW_HELLO_REQ_A;
+  				}
+***************
+*** 215,223 ****
+  
+  		case SSL3_ST_SW_HELLO_REQ_C:
+  			s->state=SSL_ST_OK;
+! 			ret=1;
+! 			goto end;
+! 			/* break; */
+  
+  		case SSL3_ST_SR_CLNT_HELLO_A:
+  		case SSL3_ST_SR_CLNT_HELLO_B:
+--- 278,284 ----
+  
+  		case SSL3_ST_SW_HELLO_REQ_C:
+  			s->state=SSL_ST_OK;
+! 			break;
+  
+  		case SSL3_ST_SR_CLNT_HELLO_A:
+  		case SSL3_ST_SR_CLNT_HELLO_B:
+***************
+*** 226,231 ****
+--- 287,293 ----
+  			s->shutdown=0;
+  			ret=ssl3_get_client_hello(s);
+  			if (ret <= 0) goto end;
++ 			s->new_session = 2;
+  			s->state=SSL3_ST_SW_SRVR_HELLO_A;
+  			s->init_num=0;
+  			break;
+***************
+*** 456,473 ****
+  			/* remove buffering on output */
+  			ssl_free_wbio_buffer(s);
+  
+- 			s->new_session=0;
+  			s->init_num=0;
+  
+! 			ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+! 
+! 			s->ctx->stats.sess_accept_good++;
+! 			/* s->server=1; */
+! 			s->handshake_func=ssl3_accept;
+! 			ret=1;
+! 
+! 			if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
+  
+  			goto end;
+  			/* break; */
+  
+--- 518,541 ----
+  			/* remove buffering on output */
+  			ssl_free_wbio_buffer(s);
+  
+  			s->init_num=0;
+  
+! 			if (s->new_session == 2) /* skipped if we just sent a HelloRequest */
+! 				{
+! 				/* actually not necessarily a 'new' session  */
+! 				
+! 				s->new_session=0;
+! 				
+! 				ssl_update_cache(s,SSL_SESS_CACHE_SERVER);
+! 				
+! 				s->ctx->stats.sess_accept_good++;
+! 				/* s->server=1; */
+! 				s->handshake_func=ssl3_accept;
+  
++ 				if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1);
++ 				}
++ 			
++ 			ret = 1;
+  			goto end;
+  			/* break; */
+  
+***************
+*** 500,508 ****
+  end:
+  	/* BIO_flush(s->wbio); */
+  
+  	if (cb != NULL)
+  		cb(s,SSL_CB_ACCEPT_EXIT,ret);
+- 	s->in_handshake--;
+  	return(ret);
+  	}
+  
+--- 568,576 ----
+  end:
+  	/* BIO_flush(s->wbio); */
+  
++ 	s->in_handshake--;
+  	if (cb != NULL)
+  		cb(s,SSL_CB_ACCEPT_EXIT,ret);
+  	return(ret);
+  	}
+  
+***************
+*** 533,543 ****
+  	int ok;
+  	long n;
+  
+  	n=ssl3_get_message(s,
+  		SSL3_ST_SR_CERT_A,
+  		SSL3_ST_SR_CERT_B,
+  		-1,
+! 		SSL3_RT_MAX_PLAIN_LENGTH,
+  		&ok);
+  	if (!ok) return((int)n);
+  	s->s3->tmp.reuse_message = 1;
+--- 601,617 ----
+  	int ok;
+  	long n;
+  
++ 	/* this function is called when we really expect a Certificate message,
++ 	 * so permit appropriate message length */
+  	n=ssl3_get_message(s,
+  		SSL3_ST_SR_CERT_A,
+  		SSL3_ST_SR_CERT_B,
+  		-1,
+! #if defined(MSDOS) && !defined(WIN32)
+! 		1024*30, /* 30k max cert list :-) */
+! #else
+! 		1024*100, /* 100k max cert list :-) */
+! #endif
+  		&ok);
+  	if (!ok) return((int)n);
+  	s->s3->tmp.reuse_message = 1;
+***************
+*** 595,600 ****
+--- 669,686 ----
+  	s->client_version=(((int)p[0])<<8)|(int)p[1];
+  	p+=2;
+  
++ 	if (s->client_version < s->version)
++ 		{
++ 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER);
++ 		if ((s->client_version>>8) == SSL3_VERSION_MAJOR) 
++ 			{
++ 			/* similar to ssl3_get_record, send alert using remote version number */
++ 			s->version = s->client_version;
++ 			}
++ 		al = SSL_AD_PROTOCOL_VERSION;
++ 		goto f_err;
++ 		}
++ 
+  	/* load the client random */
+  	memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE);
+  	p+=SSL3_RANDOM_SIZE;
+***************
+*** 633,639 ****
+  		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
+  		goto f_err;
+  		}
+! 	if ((i+p) > (d+n))
+  		{
+  		/* not enough data */
+  		al=SSL_AD_DECODE_ERROR;
+--- 719,725 ----
+  		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED);
+  		goto f_err;
+  		}
+! 	if ((p+i) >= (d+n))
+  		{
+  		/* not enough data */
+  		al=SSL_AD_DECODE_ERROR;
+***************
+*** 690,695 ****
+--- 776,788 ----
+  
+  	/* compression */
+  	i= *(p++);
++ 	if ((p+i) > (d+n))
++ 		{
++ 		/* not enough data */
++ 		al=SSL_AD_DECODE_ERROR;
++ 		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH);
++ 		goto f_err;
++ 		}
+  	q=p;
+  	for (j=0; j<i; j++)
+  		{
+***************
+*** 737,743 ****
+  	/* TLS does not mind if there is extra stuff */
+  	if (s->version == SSL3_VERSION)
+  		{
+! 		if (p > (d+n))
+  			{
+  			/* wrong number of bytes,
+  			 * there could be more to follow */
+--- 830,836 ----
+  	/* TLS does not mind if there is extra stuff */
+  	if (s->version == SSL3_VERSION)
+  		{
+! 		if (p < (d+n))
+  			{
+  			/* wrong number of bytes,
+  			 * there could be more to follow */
+***************
+*** 863,868 ****
+--- 956,966 ----
+  			s->session->session_id_length=0;
+  
+  		sl=s->session->session_id_length;
++ 		if (sl > sizeof s->session->session_id)
++ 			{
++ 			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
++ 			return -1;
++ 			}
+  		*(p++)=sl;
+  		memcpy(p,s->session->session_id,sl);
+  		p+=sl;
+***************
+*** 1262,1268 ****
+  		SSL3_ST_SR_KEY_EXCH_A,
+  		SSL3_ST_SR_KEY_EXCH_B,
+  		SSL3_MT_CLIENT_KEY_EXCHANGE,
+! 		400, /* ???? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+--- 1360,1366 ----
+  		SSL3_ST_SR_KEY_EXCH_A,
+  		SSL3_ST_SR_KEY_EXCH_B,
+  		SSL3_MT_CLIENT_KEY_EXCHANGE,
+! 		2048, /* ???? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+***************
+*** 1322,1335 ****
+  
+  		i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+  
+  		if (i != SSL_MAX_MASTER_KEY_LENGTH)
+  			{
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
+- 			goto f_err;
+  			}
+  
+! 		if (!((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
+  			{
+  			/* The premaster secret must contain the same version number as the
+  			 * ClientHello to detect version rollback attacks (strangely, the
+--- 1420,1434 ----
+  
+  		i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING);
+  
++ 		al = -1;
++ 		
+  		if (i != SSL_MAX_MASTER_KEY_LENGTH)
+  			{
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
+  			}
+  
+! 		if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
+  			{
+  			/* The premaster secret must contain the same version number as the
+  			 * ClientHello to detect version rollback attacks (strangely, the
+***************
+*** 1347,1357 ****
+  				}
+  			}
+  
+  		s->session->master_key_length=
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,
+  				p,i);
+! 		memset(p,0,i);
+  		}
+  	else
+  #endif
+--- 1446,1477 ----
+  				}
+  			}
+  
++ 		if (al != -1)
++ 			{
++ #if 0
++ 			goto f_err;
++ #else
++ 			/* Some decryption failure -- use random value instead as countermeasure
++ 			 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
++ 			 * (see RFC 2246, section 7.4.7.1).
++ 			 * But note that due to length and protocol version checking, the
++ 			 * attack is impractical anyway (see section 5 in D. Bleichenbacher:
++ 			 * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
++ 			 * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
++ 			 */
++ 			ERR_clear_error();
++ 			i = SSL_MAX_MASTER_KEY_LENGTH;
++ 			p[0] = s->client_version >> 8;
++ 			p[1] = s->client_version & 0xff;
++ 			RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
++ #endif
++ 			}
++ 	
+  		s->session->master_key_length=
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,
+  				p,i);
+! 		OPENSSL_cleanse(p,i);
+  		}
+  	else
+  #endif
+***************
+*** 1414,1420 ****
+  		s->session->master_key_length=
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,p,i);
+! 		memset(p,0,i);
+  		}
+  	else
+  #endif
+--- 1534,1540 ----
+  		s->session->master_key_length=
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,p,i);
+! 		OPENSSL_cleanse(p,i);
+  		}
+  	else
+  #endif
+***************
+*** 1446,1452 ****
+  		SSL3_ST_SR_CERT_VRFY_A,
+  		SSL3_ST_SR_CERT_VRFY_B,
+  		-1,
+! 		512, /* 512? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+--- 1566,1572 ----
+  		SSL3_ST_SR_CERT_VRFY_A,
+  		SSL3_ST_SR_CERT_VRFY_B,
+  		-1,
+! 		514, /* 514? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl.h ../RELENG_4_6/crypto/openssl/ssl/ssl.h
+*** crypto/openssl/ssl/ssl.h	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl.h	Tue Oct 29 13:36:49 2002
+***************
+*** 55,60 ****
+--- 55,113 ----
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   */
++ /* ====================================================================
++  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
+  
+  #ifndef HEADER_SSL_H 
+  #define HEADER_SSL_H 
+***************
+*** 297,302 ****
+--- 350,356 ----
+  	struct ssl_session_st *prev,*next;
+  	} SSL_SESSION;
+  
++ 
+  #define SSL_OP_MICROSOFT_SESS_ID_BUG			0x00000001L
+  #define SSL_OP_NETSCAPE_CHALLENGE_BUG			0x00000002L
+  #define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG		0x00000008L
+***************
+*** 308,318 ****
+--- 362,386 ----
+  #define SSL_OP_TLS_BLOCK_PADDING_BUG			0x00000200L
+  #define SSL_OP_TLS_ROLLBACK_BUG				0x00000400L
+  
++ /* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
++  * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
++  * the workaround is not needed.  Unfortunately some broken SSL/TLS
++  * implementations cannot handle it at all, which is why we include
++  * it in SSL_OP_ALL. */
++ #define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L /* added in 0.9.6e */
++ 
++ /* SSL_OP_ALL: various bug workarounds that should be rather harmless */
++ #define SSL_OP_ALL					0x000FFFFFL
++ 
+  /* If set, always create a new key when using tmp_dh parameters */
+  #define SSL_OP_SINGLE_DH_USE				0x00100000L
+  /* Set to also use the tmp_rsa key when doing RSA operations. */
+  #define SSL_OP_EPHEMERAL_RSA				0x00200000L
+  
++ #define SSL_OP_NO_SSLv2					0x01000000L
++ #define SSL_OP_NO_SSLv3					0x02000000L
++ #define SSL_OP_NO_TLSv1					0x04000000L
++ 
+  /* The next flag deliberately changes the ciphertest, this is a check
+   * for the PKCS#1 attack */
+  #define SSL_OP_PKCS1_CHECK_1				0x08000000L
+***************
+*** 321,331 ****
+  /* SSL_OP_NON_EXPORT_FIRST looks utterly broken .. */
+  #define SSL_OP_NON_EXPORT_FIRST 			0x40000000L
+  #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG		0x80000000L
+- #define SSL_OP_ALL					0x000FFFFFL
+  
+- #define SSL_OP_NO_SSLv2					0x01000000L
+- #define SSL_OP_NO_SSLv3					0x02000000L
+- #define SSL_OP_NO_TLSv1					0x04000000L
+  
+  /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
+   * when just a single record has been written): */
+--- 389,395 ----
+***************
+*** 339,344 ****
+--- 403,409 ----
+   * is blocking: */
+  #define SSL_MODE_AUTO_RETRY 0x00000004L
+  
++ 
+  /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+   * they cannot be used to clear bits. */
+  
+***************
+*** 486,495 ****
+  #define SSL_SESS_CACHE_SERVER			0x0002
+  #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+  #define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
+! /* This one, when set, makes the server session-id lookup not look
+!  * in the cache.  If there is an application get_session callback
+!  * defined, this will still get called. */
+  #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
+  
+    struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+  #define SSL_CTX_sess_number(ctx) \
+--- 551,561 ----
+  #define SSL_SESS_CACHE_SERVER			0x0002
+  #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+  #define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
+! /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+  #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
++ #define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
++ #define SSL_SESS_CACHE_NO_INTERNAL \
++ 	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+  
+    struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+  #define SSL_CTX_sess_number(ctx) \
+***************
+*** 583,589 ****
+  
+  	int server;	/* are we the server side? - mostly used by SSL_clear*/
+  
+! 	int new_session;/* 1 if we are to use a new session */
+  	int quiet_shutdown;/* don't send shutdown packets */
+  	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
+  			 * for received */
+--- 649,659 ----
+  
+  	int server;	/* are we the server side? - mostly used by SSL_clear*/
+  
+! 	int new_session;/* 1 if we are to use a new session.
+! 	                 * 2 if we are a server and are inside a handshake
+! 	                 *   (i.e. not just sending a HelloRequest)
+! 	                 * NB: For servers, the 'new' session may actually be a previously
+! 	                 * cached session or even the previous session */
+  	int quiet_shutdown;/* don't send shutdown packets */
+  	int shutdown;	/* we have shut things down, 0x01 sent, 0x02
+  			 * for received */
+***************
+*** 939,944 ****
+--- 1009,1016 ----
+  const char *	SSL_CIPHER_get_name(SSL_CIPHER *c);
+  
+  int	SSL_get_fd(SSL *s);
++ int	SSL_get_rfd(SSL *s);
++ int	SSL_get_wfd(SSL *s);
+  const char  * SSL_get_cipher_list(SSL *s,int n);
+  char *	SSL_get_shared_ciphers(SSL *s, char *buf, int len);
+  int	SSL_get_read_ahead(SSL * s);
+***************
+*** 985,991 ****
+  					   const char *dir);
+  #endif
+  
+- void	ERR_load_SSL_strings(void );
+  void	SSL_load_error_strings(void );
+  char * 	SSL_state_string(SSL *s);
+  char * 	SSL_rstate_string(SSL *s);
+--- 1057,1062 ----
+***************
+*** 1215,1220 ****
+--- 1286,1292 ----
+  
+  /* Function codes. */
+  #define SSL_F_CLIENT_CERTIFICATE			 100
++ #define SSL_F_CLIENT_FINISHED				 238
+  #define SSL_F_CLIENT_HELLO				 101
+  #define SSL_F_CLIENT_MASTER_KEY				 102
+  #define SSL_F_D2I_SSL_SESSION				 103
+***************
+*** 1228,1234 ****
+--- 1300,1308 ----
+  #define SSL_F_I2D_SSL_SESSION				 111
+  #define SSL_F_READ_N					 112
+  #define SSL_F_REQUEST_CERTIFICATE			 113
++ #define SSL_F_SERVER_FINISH				 239
+  #define SSL_F_SERVER_HELLO				 114
++ #define SSL_F_SERVER_VERIFY				 240
+  #define SSL_F_SSL23_ACCEPT				 115
+  #define SSL_F_SSL23_CLIENT_HELLO			 116
+  #define SSL_F_SSL23_CONNECT				 117
+***************
+*** 1240,1245 ****
+--- 1314,1320 ----
+  #define SSL_F_SSL2_ACCEPT				 122
+  #define SSL_F_SSL2_CONNECT				 123
+  #define SSL_F_SSL2_ENC_INIT				 124
++ #define SSL_F_SSL2_GENERATE_KEY_MATERIAL		 241
+  #define SSL_F_SSL2_PEEK					 234
+  #define SSL_F_SSL2_READ					 125
+  #define SSL_F_SSL2_READ_INTERNAL			 236
+***************
+*** 1275,1280 ****
+--- 1350,1356 ----
+  #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
+  #define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
+  #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154
++ #define SSL_F_SSL3_SEND_SERVER_HELLO			 242
+  #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155
+  #define SSL_F_SSL3_SETUP_BUFFERS			 156
+  #define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
+***************
+*** 1403,1408 ****
+--- 1479,1485 ----
+  #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED		 145
+  #define SSL_R_DATA_LENGTH_TOO_LONG			 146
+  #define SSL_R_DECRYPTION_FAILED				 147
++ #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC	 1109
+  #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG		 148
+  #define SSL_R_DIGEST_CHECK_FAILED			 149
+  #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG			 150
+***************
+*** 1413,1427 ****
+--- 1490,1507 ----
+  #define SSL_R_GOT_A_FIN_BEFORE_A_CCS			 154
+  #define SSL_R_HTTPS_PROXY_REQUEST			 155
+  #define SSL_R_HTTP_REQUEST				 156
++ #define SSL_R_ILLEGAL_PADDING				 1110
+  #define SSL_R_INTERNAL_ERROR				 157
+  #define SSL_R_INVALID_CHALLENGE_LENGTH			 158
+  #define SSL_R_INVALID_COMMAND				 280
+  #define SSL_R_INVALID_PURPOSE				 278
+  #define SSL_R_INVALID_TRUST				 279
++ #define SSL_R_KEY_ARG_TOO_LONG				 1112
+  #define SSL_R_LENGTH_MISMATCH				 159
+  #define SSL_R_LENGTH_TOO_SHORT				 160
+  #define SSL_R_LIBRARY_BUG				 274
+  #define SSL_R_LIBRARY_HAS_NO_CIPHERS			 161
++ #define SSL_R_MESSAGE_TOO_LONG				 1111
+  #define SSL_R_MISSING_DH_DSA_CERT			 162
+  #define SSL_R_MISSING_DH_KEY				 163
+  #define SSL_R_MISSING_DH_RSA_CERT			 164
+***************
+*** 1485,1490 ****
+--- 1565,1572 ----
+  #define SSL_R_SHORT_READ				 219
+  #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
+  #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
++ #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG		 1114
++ #define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113
+  #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
+  #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
+  #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC		 1020
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl2.h ../RELENG_4_6/crypto/openssl/ssl/ssl2.h
+*** crypto/openssl/ssl/ssl2.h	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl2.h	Fri Nov  9 20:15:29 2001
+***************
+*** 189,195 ****
+  	unsigned char *ract_data;
+  	unsigned char *wact_data;
+  	unsigned char *mac_data;
+! 	unsigned char *pad_data;
+  
+  	unsigned char *read_key;
+  	unsigned char *write_key;
+--- 189,195 ----
+  	unsigned char *ract_data;
+  	unsigned char *wact_data;
+  	unsigned char *mac_data;
+! 	unsigned char *pad_data_UNUSED; /* only for binary compatibility with 0.9.6b */
+  
+  	unsigned char *read_key;
+  	unsigned char *write_key;
+***************
+*** 209,219 ****
+  		unsigned int conn_id_length;
+  		unsigned int cert_type;	
+  		unsigned int cert_length;
+! 		int csl; 
+! 		int clear;
+  		unsigned int enc; 
+  		unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
+! 		int cipher_spec_length;
+  		unsigned int session_id_length;
+  		unsigned int clen;
+  		unsigned int rlen;
+--- 209,219 ----
+  		unsigned int conn_id_length;
+  		unsigned int cert_type;	
+  		unsigned int cert_length;
+! 		unsigned int csl; 
+! 		unsigned int clear;
+  		unsigned int enc; 
+  		unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH];
+! 		unsigned int cipher_spec_length;
+  		unsigned int session_id_length;
+  		unsigned int clen;
+  		unsigned int rlen;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl3.h ../RELENG_4_6/crypto/openssl/ssl/ssl3.h
+*** crypto/openssl/ssl/ssl3.h	Sun Nov 26 06:34:15 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl3.h	Sun Apr 14 04:25:41 2002
+***************
+*** 55,60 ****
+--- 55,113 ----
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   */
++ /* ====================================================================
++  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
+  
+  #ifndef HEADER_SSL3_H 
+  #define HEADER_SSL3_H 
+***************
+*** 201,210 ****
+  
+  typedef struct ssl3_buffer_st
+  	{
+! 	unsigned char *buf;	/* SSL3_RT_MAX_PACKET_SIZE bytes (more if
+! 	                   	 * SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER is set) */
+! 	int offset;		/* where to 'copy from' */
+! 	int left;		/* how many bytes left */
+  	} SSL3_BUFFER;
+  
+  #define SSL3_CT_RSA_SIGN			1
+--- 254,266 ----
+  
+  typedef struct ssl3_buffer_st
+  	{
+! 	unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
+! 	                         * see ssl3_setup_buffers() */
+! #if 0 /* put directly into SSL3_STATE for best possible binary compatibility within 0.9.6 series */
+! 	size_t len;             /* buffer size */
+! #endif
+! 	int offset;             /* where to 'copy from' */
+! 	int left;               /* how many bytes left */
+  	} SSL3_BUFFER;
+  
+  #define SSL3_CT_RSA_SIGN			1
+***************
+*** 320,325 ****
+--- 376,388 ----
+  #endif
+  		int cert_request;
+  		} tmp;
++ 
++ 	/* flags for countermeasure against known-IV weakness */
++ 	int need_empty_fragments;
++ 	int empty_fragment_done;
++ 
++ 	size_t rbuf_len;	/* substitute for rbuf.len */
++ 	size_t wbuf_len;	/* substitute for wbuf.len */
+  
+  	} SSL3_STATE;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_asn1.c ../RELENG_4_6/crypto/openssl/ssl/ssl_asn1.c
+*** crypto/openssl/ssl/ssl_asn1.c	Sun Nov 26 06:34:15 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_asn1.c	Fri Aug  2 06:51:41 2002
+***************
+*** 62,67 ****
+--- 62,68 ----
+  #include <openssl/objects.h>
+  #include <openssl/x509.h>
+  #include "ssl_locl.h"
++ #include "cryptlib.h"
+  
+  typedef struct ssl_session_asn1_st
+  	{
+***************
+*** 272,278 ****
+  		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
+  
+  	if (os.length > i)
+! 		os.length=i;
+  
+  	ret->session_id_length=os.length;
+  	memcpy(ret->session_id,os.data,os.length);
+--- 273,281 ----
+  		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
+  
+  	if (os.length > i)
+! 		os.length = i;
+! 	if (os.length > sizeof ret->session_id) /* can't happen */
+! 		os.length = sizeof ret->session_id;
+  
+  	ret->session_id_length=os.length;
+  	memcpy(ret->session_id,os.data,os.length);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_cert.c ../RELENG_4_6/crypto/openssl/ssl/ssl_cert.c
+*** crypto/openssl/ssl/ssl_cert.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_cert.c	Thu Apr 18 12:20:32 2002
+***************
+*** 461,466 ****
+--- 461,469 ----
+  
+  	X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust);
+  
++ 	if (s->verify_callback)
++ 		X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback);
++ 
+  	if (s->ctx->app_verify_callback != NULL)
+  		i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */
+  	else
+***************
+*** 748,753 ****
+--- 751,757 ----
+  	ret = 1;
+  
+  err:	
++ 	if (d) closedir(d);
+  	CRYPTO_w_unlock(CRYPTO_LOCK_READDIR);
+  	return ret;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_err.c ../RELENG_4_6/crypto/openssl/ssl/ssl_err.c
+*** crypto/openssl/ssl/ssl_err.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_err.c	Fri Aug  2 06:51:41 2002
+***************
+*** 1,6 ****
+  /* ssl/ssl_err.c */
+  /* ====================================================================
+!  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 1,6 ----
+  /* ssl/ssl_err.c */
+  /* ====================================================================
+!  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+***************
+*** 67,72 ****
+--- 67,73 ----
+  static ERR_STRING_DATA SSL_str_functs[]=
+  	{
+  {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),	"CLIENT_CERTIFICATE"},
++ {ERR_PACK(0,SSL_F_CLIENT_FINISHED,0),	"CLIENT_FINISHED"},
+  {ERR_PACK(0,SSL_F_CLIENT_HELLO,0),	"CLIENT_HELLO"},
+  {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0),	"CLIENT_MASTER_KEY"},
+  {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0),	"d2i_SSL_SESSION"},
+***************
+*** 80,86 ****
+--- 81,89 ----
+  {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0),	"i2d_SSL_SESSION"},
+  {ERR_PACK(0,SSL_F_READ_N,0),	"READ_N"},
+  {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0),	"REQUEST_CERTIFICATE"},
++ {ERR_PACK(0,SSL_F_SERVER_FINISH,0),	"SERVER_FINISH"},
+  {ERR_PACK(0,SSL_F_SERVER_HELLO,0),	"SERVER_HELLO"},
++ {ERR_PACK(0,SSL_F_SERVER_VERIFY,0),	"SERVER_VERIFY"},
+  {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0),	"SSL23_ACCEPT"},
+  {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0),	"SSL23_CLIENT_HELLO"},
+  {ERR_PACK(0,SSL_F_SSL23_CONNECT,0),	"SSL23_CONNECT"},
+***************
+*** 92,97 ****
+--- 95,101 ----
+  {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),	"SSL2_ACCEPT"},
+  {ERR_PACK(0,SSL_F_SSL2_CONNECT,0),	"SSL2_CONNECT"},
+  {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),	"SSL2_ENC_INIT"},
++ {ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0),	"SSL2_GENERATE_KEY_MATERIAL"},
+  {ERR_PACK(0,SSL_F_SSL2_PEEK,0),	"SSL2_PEEK"},
+  {ERR_PACK(0,SSL_F_SSL2_READ,0),	"SSL2_READ"},
+  {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0),	"SSL2_READ_INTERNAL"},
+***************
+*** 127,132 ****
+--- 131,137 ----
+  {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0),	"SSL3_SEND_CLIENT_KEY_EXCHANGE"},
+  {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0),	"SSL3_SEND_CLIENT_VERIFY"},
+  {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0),	"SSL3_SEND_SERVER_CERTIFICATE"},
++ {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0),	"SSL3_SEND_SERVER_HELLO"},
+  {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0),	"SSL3_SEND_SERVER_KEY_EXCHANGE"},
+  {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0),	"SSL3_SETUP_BUFFERS"},
+  {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0),	"SSL3_SETUP_KEY_BLOCK"},
+***************
+*** 258,263 ****
+--- 263,269 ----
+  {SSL_R_DATA_BETWEEN_CCS_AND_FINISHED     ,"data between ccs and finished"},
+  {SSL_R_DATA_LENGTH_TOO_LONG              ,"data length too long"},
+  {SSL_R_DECRYPTION_FAILED                 ,"decryption failed"},
++ {SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"},
+  {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG   ,"dh public value length is wrong"},
+  {SSL_R_DIGEST_CHECK_FAILED               ,"digest check failed"},
+  {SSL_R_ENCRYPTED_LENGTH_TOO_LONG         ,"encrypted length too long"},
+***************
+*** 268,282 ****
+--- 274,291 ----
+  {SSL_R_GOT_A_FIN_BEFORE_A_CCS            ,"got a fin before a ccs"},
+  {SSL_R_HTTPS_PROXY_REQUEST               ,"https proxy request"},
+  {SSL_R_HTTP_REQUEST                      ,"http request"},
++ {SSL_R_ILLEGAL_PADDING                   ,"illegal padding"},
+  {SSL_R_INTERNAL_ERROR                    ,"internal error"},
+  {SSL_R_INVALID_CHALLENGE_LENGTH          ,"invalid challenge length"},
+  {SSL_R_INVALID_COMMAND                   ,"invalid command"},
+  {SSL_R_INVALID_PURPOSE                   ,"invalid purpose"},
+  {SSL_R_INVALID_TRUST                     ,"invalid trust"},
++ {SSL_R_KEY_ARG_TOO_LONG                  ,"key arg too long"},
+  {SSL_R_LENGTH_MISMATCH                   ,"length mismatch"},
+  {SSL_R_LENGTH_TOO_SHORT                  ,"length too short"},
+  {SSL_R_LIBRARY_BUG                       ,"library bug"},
+  {SSL_R_LIBRARY_HAS_NO_CIPHERS            ,"library has no ciphers"},
++ {SSL_R_MESSAGE_TOO_LONG                  ,"message too long"},
+  {SSL_R_MISSING_DH_DSA_CERT               ,"missing dh dsa cert"},
+  {SSL_R_MISSING_DH_KEY                    ,"missing dh key"},
+  {SSL_R_MISSING_DH_RSA_CERT               ,"missing dh rsa cert"},
+***************
+*** 340,345 ****
+--- 349,356 ----
+  {SSL_R_SHORT_READ                        ,"short read"},
+  {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
+  {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
++ {SSL_R_SSL2_CONNECTION_ID_TOO_LONG       ,"ssl2 connection id too long"},
++ {SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
+  {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
+  {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
+  {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC        ,"sslv3 alert bad record mac"},
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_lib.c ../RELENG_4_6/crypto/openssl/ssl/ssl_lib.c
+*** crypto/openssl/ssl/ssl_lib.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_lib.c	Tue Oct 29 13:36:50 2002
+***************
+*** 85,91 ****
+  
+  int SSL_clear(SSL *s)
+  	{
+- 	int state;
+  
+  	if (s->method == NULL)
+  		{
+--- 85,90 ----
+***************
+*** 93,98 ****
+--- 92,103 ----
+  		return(0);
+  		}
+  
++ 	if (ssl_clear_bad_session(s))
++ 		{
++ 		SSL_SESSION_free(s->session);
++ 		s->session=NULL;
++ 		}
++ 
+  	s->error=0;
+  	s->hit=0;
+  	s->shutdown=0;
+***************
+*** 110,116 ****
+  		}
+  #endif
+  
+- 	state=s->state; /* Keep to check if we throw away the session-id */
+  	s->type=0;
+  
+  	s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT);
+--- 115,120 ----
+***************
+*** 131,148 ****
+  
+  	ssl_clear_cipher_ctx(s);
+  
+- 	if (ssl_clear_bad_session(s))
+- 		{
+- 		SSL_SESSION_free(s->session);
+- 		s->session=NULL;
+- 		}
+- 
+  	s->first_packet=0;
+  
+  #if 1
+  	/* Check to see if we were changed into a different method, if
+  	 * so, revert back if we are not doing session-id reuse. */
+! 	if ((s->session == NULL) && (s->method != s->ctx->method))
+  		{
+  		s->method->ssl_free(s);
+  		s->method=s->ctx->method;
+--- 135,146 ----
+  
+  	ssl_clear_cipher_ctx(s);
+  
+  	s->first_packet=0;
+  
+  #if 1
+  	/* Check to see if we were changed into a different method, if
+  	 * so, revert back if we are not doing session-id reuse. */
+! 	if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method))
+  		{
+  		s->method->ssl_free(s);
+  		s->method=s->ctx->method;
+***************
+*** 411,416 ****
+--- 409,419 ----
+  
+  int SSL_get_fd(SSL *s)
+  	{
++ 	return(SSL_get_rfd(s));
++ 	}
++ 
++ int SSL_get_rfd(SSL *s)
++ 	{
+  	int ret= -1;
+  	BIO *b,*r;
+  
+***************
+*** 421,426 ****
+--- 424,441 ----
+  	return(ret);
+  	}
+  
++ int SSL_get_wfd(SSL *s)
++ 	{
++ 	int ret= -1;
++ 	BIO *b,*r;
++ 
++ 	b=SSL_get_wbio(s);
++ 	r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR);
++ 	if (r != NULL)
++ 		BIO_get_fd(r,&ret);
++ 	return(ret);
++ 	}
++ 
+  #ifndef NO_SOCK
+  int SSL_set_fd(SSL *s,int fd)
+  	{
+***************
+*** 778,784 ****
+  
+  int SSL_renegotiate(SSL *s)
+  	{
+! 	s->new_session=1;
+  	return(s->method->ssl_renegotiate(s));
+  	}
+  
+--- 793,802 ----
+  
+  int SSL_renegotiate(SSL *s)
+  	{
+! 	if (s->new_session == 0)
+! 		{
+! 		s->new_session=1;
+! 		}
+  	return(s->method->ssl_renegotiate(s));
+  	}
+  
+***************
+*** 1227,1239 ****
+  		abort(); /* ok */
+  		}
+  #endif
+  	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+  
+  	if (a->sessions != NULL)
+! 		{
+! 		SSL_CTX_flush_sessions(a,0);
+! 		lh_free(a->sessions);
+! 		}
+  	if (a->cert_store != NULL)
+  		X509_STORE_free(a->cert_store);
+  	if (a->cipher_list != NULL)
+--- 1245,1268 ----
+  		abort(); /* ok */
+  		}
+  #endif
++   
++ 	/*
++ 	 * Free internal session cache. However: the remove_cb() may reference
++ 	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
++ 	 * after the sessions were flushed.
++ 	 * As the ex_data handling routines might also touch the session cache,
++ 	 * the most secure solution seems to be: empty (flush) the cache, then
++ 	 * free ex_data, then finally free the cache.
++ 	 * (See ticket [openssl.org #212].)
++ 	 */
++   	if (a->sessions != NULL)
++   		SSL_CTX_flush_sessions(a,0);
++ 
+  	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+  
+  	if (a->sessions != NULL)
+!   		lh_free(a->sessions);
+! 
+  	if (a->cert_store != NULL)
+  		X509_STORE_free(a->cert_store);
+  	if (a->cipher_list != NULL)
+***************
+*** 1276,1283 ****
+  	{
+  	ctx->verify_mode=mode;
+  	ctx->default_verify_callback=cb;
+- 	/* This needs cleaning up EAY EAY EAY */
+- 	X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
+  	}
+  
+  void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth)
+--- 1305,1310 ----
+***************
+*** 1454,1462 ****
+  	 * and it would be rather hard to do anyway :-) */
+  	if (s->session->session_id_length == 0) return;
+  
+! 	if ((s->ctx->session_cache_mode & mode)
+! 		&& (!s->hit)
+! 		&& SSL_CTX_add_session(s->ctx,s->session)
+  		&& (s->ctx->new_session_cb != NULL))
+  		{
+  		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
+--- 1481,1490 ----
+  	 * and it would be rather hard to do anyway :-) */
+  	if (s->session->session_id_length == 0) return;
+  
+! 	i=s->ctx->session_cache_mode;
+! 	if ((i & mode) && (!s->hit)
+! 		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+! 		    || SSL_CTX_add_session(s->ctx,s->session))
+  		&& (s->ctx->new_session_cb != NULL))
+  		{
+  		CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION);
+***************
+*** 1465,1471 ****
+  		}
+  
+  	/* auto flush every 255 connections */
+- 	i=s->ctx->session_cache_mode;
+  	if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) &&
+  		((i & mode) == mode))
+  		{
+--- 1493,1498 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_locl.h ../RELENG_4_6/crypto/openssl/ssl/ssl_locl.h
+*** crypto/openssl/ssl/ssl_locl.h	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_locl.h	Fri Aug  2 06:51:42 2002
+***************
+*** 283,298 ****
+  #define SSL_NOT_EXP		0x00000001L
+  #define SSL_EXPORT		0x00000002L
+  
+! #define SSL_STRONG_MASK		0x0000007cL
+! #define SSL_EXP40		0x00000004L
+  #define SSL_MICRO		(SSL_EXP40)
+! #define SSL_EXP56		0x00000008L
+  #define SSL_MINI		(SSL_EXP56)
+! #define SSL_LOW			0x00000010L
+! #define SSL_MEDIUM		0x00000020L
+! #define SSL_HIGH		0x00000040L
+  
+! /* we have used 0000007f - 25 bits left to go */
+  
+  /*
+   * Macros to check the export status and cipher strength for export ciphers.
+--- 283,299 ----
+  #define SSL_NOT_EXP		0x00000001L
+  #define SSL_EXPORT		0x00000002L
+  
+! #define SSL_STRONG_MASK		0x000000fcL
+! #define SSL_STRONG_NONE		0x00000004L
+! #define SSL_EXP40		0x00000008L
+  #define SSL_MICRO		(SSL_EXP40)
+! #define SSL_EXP56		0x00000010L
+  #define SSL_MINI		(SSL_EXP56)
+! #define SSL_LOW			0x00000020L
+! #define SSL_MEDIUM		0x00000040L
+! #define SSL_HIGH		0x00000080L
+  
+! /* we have used 000000ff - 24 bits left to go */
+  
+  /*
+   * Macros to check the export status and cipher strength for export ciphers.
+***************
+*** 499,505 ****
+  int ssl_verify_alarm_type(long type);
+  
+  int ssl2_enc_init(SSL *s, int client);
+! void ssl2_generate_key_material(SSL *s);
+  void ssl2_enc(SSL *s,int send_data);
+  void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+  SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+--- 500,506 ----
+  int ssl_verify_alarm_type(long type);
+  
+  int ssl2_enc_init(SSL *s, int client);
+! int ssl2_generate_key_material(SSL *s);
+  void ssl2_enc(SSL *s,int send_data);
+  void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+  SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_sess.c ../RELENG_4_6/crypto/openssl/ssl/ssl_sess.c
+*** crypto/openssl/ssl/ssl_sess.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_sess.c	Thu Nov 28 03:06:36 2002
+***************
+*** 60,65 ****
+--- 60,66 ----
+  #include <openssl/lhash.h>
+  #include <openssl/rand.h>
+  #include "ssl_locl.h"
++ #include "cryptlib.h"
+  
+  static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
+  static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s);
+***************
+*** 199,204 ****
+--- 200,211 ----
+  		ss->session_id_length=0;
+  		}
+  
++ 	if (s->sid_ctx_length > sizeof ss->sid_ctx)
++ 		{
++ 		SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_INTERNAL_ERROR);
++ 		SSL_SESSION_free(ss);
++ 		return 0;
++ 		}
+  	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
+  	ss->sid_ctx_length=s->sid_ctx_length;
+  	s->session=ss;
+***************
+*** 251,259 ****
+  			if (copy)
+  				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+  
+! 			/* The following should not return 1, otherwise,
+! 			 * things are very strange */
+! 			SSL_CTX_add_session(s->ctx,ret);
+  			}
+  		if (ret == NULL)
+  			goto err;
+--- 258,269 ----
+  			if (copy)
+  				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+  
+! 			/* Add the externally cached session to the internal
+! 			 * cache as well if and only if we are supposed to. */
+! 			if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+! 				/* The following should not return 1, otherwise,
+! 				 * things are very strange */
+! 				SSL_CTX_add_session(s->ctx,ret);
+  			}
+  		if (ret == NULL)
+  			goto err;
+***************
+*** 423,432 ****
+  	if ((c != NULL) && (c->session_id_length != 0))
+  		{
+  		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+! 		r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
+! 		if (r != NULL)
+  			{
+  			ret=1;
+  			SSL_SESSION_list_remove(ctx,c);
+  			}
+  
+--- 433,442 ----
+  	if ((c != NULL) && (c->session_id_length != 0))
+  		{
+  		if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
+! 		if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c)
+  			{
+  			ret=1;
++ 			r=(SSL_SESSION *)lh_delete(ctx->sessions,c);
+  			SSL_SESSION_list_remove(ctx,c);
+  			}
+  
+***************
+*** 467,479 ****
+  
+  	CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+  
+! 	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
+! 	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
+! 	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+  	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
+  	if (ss->peer != NULL) X509_free(ss->peer);
+  	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+! 	memset(ss,0,sizeof(*ss));
+  	OPENSSL_free(ss);
+  	}
+  
+--- 477,489 ----
+  
+  	CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+  
+! 	OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH);
+! 	OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH);
+! 	OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH);
+  	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
+  	if (ss->peer != NULL) X509_free(ss->peer);
+  	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+! 	OPENSSL_cleanse(ss,sizeof(*ss));
+  	OPENSSL_free(ss);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_stat.c ../RELENG_4_6/crypto/openssl/ssl/ssl_stat.c
+*** crypto/openssl/ssl/ssl_stat.c	Sun Aug 20 04:47:02 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_stat.c	Tue Aug 21 03:27:47 2001
+***************
+*** 136,142 ****
+  case SSL3_ST_CW_KEY_EXCH_A:	str="SSLv3 write client key exchange A"; break;
+  case SSL3_ST_CW_KEY_EXCH_B:	str="SSLv3 write client key exchange B"; break;
+  case SSL3_ST_CW_CERT_VRFY_A:	str="SSLv3 write certificate verify A"; break;
+! case SSL3_ST_CW_CERT_VRFY_B:	str="SSLv3 write certificate verify A"; break;
+  
+  case SSL3_ST_CW_CHANGE_A:
+  case SSL3_ST_SW_CHANGE_A:	str="SSLv3 write change cipher spec A"; break;
+--- 136,142 ----
+  case SSL3_ST_CW_KEY_EXCH_A:	str="SSLv3 write client key exchange A"; break;
+  case SSL3_ST_CW_KEY_EXCH_B:	str="SSLv3 write client key exchange B"; break;
+  case SSL3_ST_CW_CERT_VRFY_A:	str="SSLv3 write certificate verify A"; break;
+! case SSL3_ST_CW_CERT_VRFY_B:	str="SSLv3 write certificate verify B"; break;
+  
+  case SSL3_ST_CW_CHANGE_A:
+  case SSL3_ST_SW_CHANGE_A:	str="SSLv3 write change cipher spec A"; break;
+***************
+*** 145,151 ****
+  case SSL3_ST_CW_FINISHED_A:	
+  case SSL3_ST_SW_FINISHED_A:	str="SSLv3 write finished A"; break;
+  case SSL3_ST_CW_FINISHED_B:	
+! case SSL3_ST_SW_FINISHED_B:	str="SSLv3 write finished A"; break;
+  case SSL3_ST_CR_CHANGE_A:	
+  case SSL3_ST_SR_CHANGE_A:	str="SSLv3 read change cipher spec A"; break;
+  case SSL3_ST_CR_CHANGE_B:	
+--- 145,151 ----
+  case SSL3_ST_CW_FINISHED_A:	
+  case SSL3_ST_SW_FINISHED_A:	str="SSLv3 write finished A"; break;
+  case SSL3_ST_CW_FINISHED_B:	
+! case SSL3_ST_SW_FINISHED_B:	str="SSLv3 write finished B"; break;
+  case SSL3_ST_CR_CHANGE_A:	
+  case SSL3_ST_SR_CHANGE_A:	str="SSLv3 read change cipher spec A"; break;
+  case SSL3_ST_CR_CHANGE_B:	
+***************
+*** 387,392 ****
+--- 387,404 ----
+  	case SSL3_AD_CERTIFICATE_EXPIRED:	str="CE"; break;
+  	case SSL3_AD_CERTIFICATE_UNKNOWN:	str="CU"; break;
+  	case SSL3_AD_ILLEGAL_PARAMETER:		str="IP"; break;
++ 	case TLS1_AD_DECRYPTION_FAILED:		str="DC"; break;
++ 	case TLS1_AD_RECORD_OVERFLOW:		str="RO"; break;
++ 	case TLS1_AD_UNKNOWN_CA:		str="CA"; break;
++ 	case TLS1_AD_ACCESS_DENIED:		str="AD"; break;
++ 	case TLS1_AD_DECODE_ERROR:		str="DE"; break;
++ 	case TLS1_AD_DECRYPT_ERROR:		str="CY"; break;
++ 	case TLS1_AD_EXPORT_RESTRICTION:	str="ER"; break;
++ 	case TLS1_AD_PROTOCOL_VERSION:		str="PV"; break;
++ 	case TLS1_AD_INSUFFICIENT_SECURITY:	str="IS"; break;
++ 	case TLS1_AD_INTERNAL_ERROR:		str="IE"; break;
++ 	case TLS1_AD_USER_CANCELLED:		str="US"; break;
++ 	case TLS1_AD_NO_RENEGOTIATION:		str="NR"; break;
+  	default:				str="UK"; break;
+  		}
+  	return(str);
+***************
+*** 433,438 ****
+--- 445,486 ----
+  		break;
+  	case SSL3_AD_ILLEGAL_PARAMETER:
+  		str="illegal parameter";
++ 		break;
++ 	case TLS1_AD_DECRYPTION_FAILED:
++ 		str="decryption failed";
++ 		break;
++ 	case TLS1_AD_RECORD_OVERFLOW:
++ 		str="record overflow";
++ 		break;
++ 	case TLS1_AD_UNKNOWN_CA:
++ 		str="unknown CA";
++ 		break;
++ 	case TLS1_AD_ACCESS_DENIED:
++ 		str="access denied";
++ 		break;
++ 	case TLS1_AD_DECODE_ERROR:
++ 		str="decode error";
++ 		break;
++ 	case TLS1_AD_DECRYPT_ERROR:
++ 		str="decrypt error";
++ 		break;
++ 	case TLS1_AD_EXPORT_RESTRICTION:
++ 		str="export restriction";
++ 		break;
++ 	case TLS1_AD_PROTOCOL_VERSION:
++ 		str="protocol version";
++ 		break;
++ 	case TLS1_AD_INSUFFICIENT_SECURITY:
++ 		str="insufficient security";
++ 		break;
++ 	case TLS1_AD_INTERNAL_ERROR:
++ 		str="internal error";
++ 		break;
++ 	case TLS1_AD_USER_CANCELLED:
++ 		str="user canceled";
++ 		break;
++ 	case TLS1_AD_NO_RENEGOTIATION:
++ 		str="no renegotiation";
+  		break;
+  	default: str="unknown"; break;
+  		}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssltest.c ../RELENG_4_6/crypto/openssl/ssl/ssltest.c
+*** crypto/openssl/ssl/ssltest.c	Sun Nov 26 06:34:16 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/ssltest.c	Thu Nov 28 13:56:14 2002
+***************
+*** 224,235 ****
+  	verbose = 0;
+  	debug = 0;
+  	cipher = 0;
+! 	
+  	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+  
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+- 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+  	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+  
+  	argc--;
+--- 224,236 ----
+  	verbose = 0;
+  	debug = 0;
+  	cipher = 0;
+! 
+! 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);	
+! 
+  	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+  
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+  
+  	argc--;
+***************
+*** 247,258 ****
+  			debug=1;
+  		else if	(strcmp(*argv,"-reuse") == 0)
+  			reuse=1;
+- #ifndef NO_DH
+  		else if	(strcmp(*argv,"-dhe1024") == 0)
+  			dhe1024=1;
+  		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
+  			dhe1024dsa=1;
+  #endif
+  		else if	(strcmp(*argv,"-no_dhe") == 0)
+  			no_dhe=1;
+  		else if	(strcmp(*argv,"-ssl2") == 0)
+--- 248,269 ----
+  			debug=1;
+  		else if	(strcmp(*argv,"-reuse") == 0)
+  			reuse=1;
+  		else if	(strcmp(*argv,"-dhe1024") == 0)
++ 			{
++ #ifndef NO_DH
+  			dhe1024=1;
++ #else
++ 			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
++ #endif
++ 			}
+  		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
++ 			{
++ #ifndef NO_DH
+  			dhe1024dsa=1;
++ #else
++ 			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
+  #endif
++ 			}
+  		else if	(strcmp(*argv,"-no_dhe") == 0)
+  			no_dhe=1;
+  		else if	(strcmp(*argv,"-ssl2") == 0)
+***************
+*** 355,361 ****
+  			"the test anyway (and\n-d to see what happens), "
+  			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+  			"to avoid protocol mismatch.\n");
+! 		exit(1);
+  		}
+  
+  	if (print_time)
+--- 366,372 ----
+  			"the test anyway (and\n-d to see what happens), "
+  			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+  			"to avoid protocol mismatch.\n");
+! 		EXIT(1);
+  		}
+  
+  	if (print_time)
+***************
+*** 620,625 ****
+--- 631,638 ----
+  			int i, r;
+  			clock_t c_clock = clock();
+  
++ 			memset(cbuf, 0, sizeof(cbuf));
++ 
+  			if (debug)
+  				if (SSL_in_init(c_ssl))
+  					printf("client waiting in SSL_connect - %s\n",
+***************
+*** 704,709 ****
+--- 717,724 ----
+  			int i, r;
+  			clock_t s_clock = clock();
+  
++ 			memset(sbuf, 0, sizeof(sbuf));
++ 
+  			if (debug)
+  				if (SSL_in_init(s_ssl))
+  					printf("server waiting in SSL_accept - %s\n",
+***************
+*** 848,857 ****
+  					if (num > 1)
+  						--num; /* test restartability even more thoroughly */
+  					
+! 					r = BIO_nwrite(io1, &dataptr, (int)num);
+  					assert(r > 0);
+! 					assert(r <= (int)num);
+! 					num = r;
+  					r = BIO_read(io2, dataptr, (int)num);
+  					if (r != (int)num) /* can't happen */
+  						{
+--- 863,872 ----
+  					if (num > 1)
+  						--num; /* test restartability even more thoroughly */
+  					
+! 					r = BIO_nwrite0(io1, &dataptr);
+  					assert(r > 0);
+! 					if (r < (int)num)
+! 						num = r;
+  					r = BIO_read(io2, dataptr, (int)num);
+  					if (r != (int)num) /* can't happen */
+  						{
+***************
+*** 860,865 ****
+--- 875,887 ----
+  						goto err;
+  						}
+  					progress = 1;
++ 					r = BIO_nwrite(io1, &dataptr, (int)num);
++ 					if (r != (int)num) /* can't happen */
++ 						{
++ 						fprintf(stderr, "ERROR: BIO_nwrite() did not accept "
++ 							"BIO_nwrite0() bytes");
++ 						goto err;
++ 						}
+  					
+  					if (debug)
+  						printf((io2 == client_io) ?
+***************
+*** 939,944 ****
+--- 961,969 ----
+  	int done=0;
+  	int c_write,s_write;
+  	int do_server=0,do_client=0;
++ 
++ 	memset(cbuf,0,sizeof(cbuf));
++ 	memset(sbuf,0,sizeof(sbuf));
+  
+  	c_to_s=BIO_new(BIO_s_mem());
+  	s_to_c=BIO_new(BIO_s_mem());
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_clnt.c ../RELENG_4_6/crypto/openssl/ssl/t1_clnt.c
+*** crypto/openssl/ssl/t1_clnt.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/t1_clnt.c	Wed Sep 25 11:36:21 2002
+***************
+*** 79,89 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_client_data.ssl_connect=ssl3_connect;
+! 		TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_client_data);
+  	}
+--- 79,96 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_client_data.ssl_connect=ssl3_connect;
+! 			TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&TLSv1_client_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_enc.c ../RELENG_4_6/crypto/openssl/ssl/t1_enc.c
+*** crypto/openssl/ssl/t1_enc.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/t1_enc.c	Thu Nov 28 03:06:36 2002
+***************
+*** 55,60 ****
+--- 55,113 ----
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+   */
++ /* ====================================================================
++  * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
+  
+  #include <stdio.h>
+  #include <openssl/comp.h>
+***************
+*** 105,111 ****
+  		}
+  	HMAC_cleanup(&ctx);
+  	HMAC_cleanup(&ctx_tmp);
+! 	memset(A1,0,sizeof(A1));
+  	}
+  
+  static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+--- 158,164 ----
+  		}
+  	HMAC_cleanup(&ctx);
+  	HMAC_cleanup(&ctx_tmp);
+! 	OPENSSL_cleanse(A1,sizeof(A1));
+  	}
+  
+  static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+***************
+*** 319,328 ****
+  printf("\n");
+  #endif
+  
+! 	memset(tmp1,0,sizeof(tmp1));
+! 	memset(tmp2,0,sizeof(tmp1));
+! 	memset(iv1,0,sizeof(iv1));
+! 	memset(iv2,0,sizeof(iv2));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+--- 372,381 ----
+  printf("\n");
+  #endif
+  
+! 	OPENSSL_cleanse(tmp1,sizeof(tmp1));
+! 	OPENSSL_cleanse(tmp2,sizeof(tmp1));
+! 	OPENSSL_cleanse(iv1,sizeof(iv1));
+! 	OPENSSL_cleanse(iv2,sizeof(iv2));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+***************
+*** 373,385 ****
+  { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+  #endif
+  	tls1_generate_key_block(s,p1,p2,num);
+! 	memset(p2,0,num);
+  	OPENSSL_free(p2);
+  #ifdef TLS_DEBUG
+  printf("\nkey block\n");
+  { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
+  #endif
+  
+  	return(1);
+  err:
+  	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+--- 426,457 ----
+  { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+  #endif
+  	tls1_generate_key_block(s,p1,p2,num);
+! 	OPENSSL_cleanse(p2,num);
+  	OPENSSL_free(p2);
+  #ifdef TLS_DEBUG
+  printf("\nkey block\n");
+  { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); }
+  #endif
+  
++ 	if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
++ 		{
++ 		/* enable vulnerability countermeasure for CBC ciphers with
++ 		 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
++ 		 */
++ 		s->s3->need_empty_fragments = 1;
++ 
++ 		if (s->session->cipher != NULL)
++ 			{
++ 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_eNULL)
++ 				s->s3->need_empty_fragments = 0;
++ 			
++ #ifndef NO_RC4
++ 			if ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)
++ 				s->s3->need_empty_fragments = 0;
++ #endif
++ 			}
++ 		}
++ 		
+  	return(1);
+  err:
+  	SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE);
+***************
+*** 420,426 ****
+  	if ((s->session == NULL) || (ds == NULL) ||
+  		(enc == NULL))
+  		{
+! 		memcpy(rec->data,rec->input,rec->length);
+  		rec->input=rec->data;
+  		}
+  	else
+--- 492,498 ----
+  	if ((s->session == NULL) || (ds == NULL) ||
+  		(enc == NULL))
+  		{
+! 		memmove(rec->data,rec->input,rec->length);
+  		rec->input=rec->data;
+  		}
+  	else
+***************
+*** 447,457 ****
+  			rec->length+=i;
+  			}
+  
+  		EVP_Cipher(ds,rec->data,rec->input,l);
+  
+  		if ((bs != 1) && !send)
+  			{
+! 			ii=i=rec->data[l-1];
+  			i++;
+  			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+  				{
+--- 519,539 ----
+  			rec->length+=i;
+  			}
+  
++ 		if (!send)
++ 			{
++ 			if (l == 0 || l%bs != 0)
++ 				{
++ 				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
++ 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
++ 				return 0;
++ 				}
++ 			}
++ 		
+  		EVP_Cipher(ds,rec->data,rec->input,l);
+  
+  		if ((bs != 1) && !send)
+  			{
+! 			ii=i=rec->data[l-1]; /* padding_length */
+  			i++;
+  			if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG)
+  				{
+***************
+*** 462,480 ****
+  				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+  					i--;
+  				}
+  			if (i > (int)rec->length)
+  				{
+! 				SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG);
+! 				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+! 				return(0);
+  				}
+  			for (j=(int)(l-i); j<(int)l; j++)
+  				{
+  				if (rec->data[j] != ii)
+  					{
+! 					SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED);
+! 					ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+! 					return(0);
+  					}
+  				}
+  			rec->length-=i;
+--- 544,565 ----
+  				if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG)
+  					i--;
+  				}
++ 			/* TLS 1.0 does not bound the number of padding bytes by the block size.
++ 			 * All of them must have value 'padding_length'. */
+  			if (i > (int)rec->length)
+  				{
+! 				/* Incorrect padding. SSLerr() and ssl3_alert are done
+! 				 * by caller: we don't want to reveal whether this is
+! 				 * a decryption error or a MAC verification failure
+! 				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+! 				return -1;
+  				}
+  			for (j=(int)(l-i); j<(int)l; j++)
+  				{
+  				if (rec->data[j] != ii)
+  					{
+! 					/* Incorrect padding */
+! 					return -1;
+  					}
+  				}
+  			rec->length-=i;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_meth.c ../RELENG_4_6/crypto/openssl/ssl/t1_meth.c
+*** crypto/openssl/ssl/t1_meth.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/t1_meth.c	Thu Sep 26 11:55:46 2002
+***************
+*** 76,88 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_data.ssl_connect=ssl3_connect;
+! 		TLSv1_data.ssl_accept=ssl3_accept;
+! 		TLSv1_data.get_ssl_method=tls1_get_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_data);
+  	}
+  
+--- 76,96 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_data.ssl_connect=ssl3_connect;
+! 			TLSv1_data.ssl_accept=ssl3_accept;
+! 			TLSv1_data.get_ssl_method=tls1_get_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
++ 	
+  	return(&TLSv1_data);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_srvr.c ../RELENG_4_6/crypto/openssl/ssl/t1_srvr.c
+*** crypto/openssl/ssl/t1_srvr.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/t1_srvr.c	Wed Sep 25 11:36:21 2002
+***************
+*** 80,90 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_server_data.ssl_accept=ssl3_accept;
+! 		TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_server_data);
+  	}
+--- 80,97 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_server_data.ssl_accept=ssl3_accept;
+! 			TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+! 			init=0;
+! 			}
+! 			
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&TLSv1_server_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/Makefile.save ../RELENG_4_6/crypto/openssl/test/Makefile.save
+*** crypto/openssl/test/Makefile.save	Sun Aug 20 04:48:48 2000
+--- ../RELENG_4_6/crypto/openssl/test/Makefile.save	Wed Dec 31 19:00:00 1969
+***************
+*** 1,400 ****
+- #
+- # test/Makefile.ssl
+- #
+- 
+- DIR=		test
+- TOP=		..
+- CC=		cc
+- INCLUDES=	-I../include
+- CFLAG=		-g
+- INSTALL_PREFIX=
+- OPENSSLDIR=     /usr/local/ssl
+- INSTALLTOP=	/usr/local/ssl
+- MAKEFILE=	Makefile.ssl
+- MAKE=		make -f $(MAKEFILE)
+- MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+- PERL=		perl
+- 
+- PEX_LIBS=
+- EX_LIBS= #-lnsl -lsocket
+- 
+- CFLAGS= $(INCLUDES) $(CFLAG)
+- 
+- GENERAL=Makefile.ssl maketests.com \
+- 	tests.com testenc.com tx509.com trsa.com tcrl.com tsid.com treq.com \
+- 	tpkcs7.com tpkcs7d.com tverify.com testgen.com testss.com testssl.com \
+- 	testca.com VMSca-response.1 VMSca-response.2
+- 
+- DLIBCRYPTO= ../libcrypto.a
+- DLIBSSL= ../libssl.a
+- LIBCRYPTO= -L.. -lcrypto
+- LIBSSL= -L.. -lssl
+- 
+- BNTEST=		bntest
+- EXPTEST=	exptest
+- IDEATEST=	ideatest
+- SHATEST=	shatest
+- SHA1TEST=	sha1test
+- MDC2TEST=	mdc2test
+- RMDTEST=	rmdtest
+- MD2TEST=	md2test
+- MD5TEST=	md5test
+- HMACTEST=	hmactest
+- RC2TEST=	rc2test
+- RC4TEST=	rc4test
+- RC5TEST=	rc5test
+- BFTEST=		bftest
+- CASTTEST=	casttest
+- DESTEST=	destest
+- RANDTEST=	randtest
+- DHTEST=		dhtest
+- DSATEST=	dsatest
+- METHTEST=	methtest
+- SSLTEST=	ssltest
+- RSATEST=	rsa_test
+- 
+- EXE=	$(BNTEST) $(IDEATEST) $(MD2TEST)  $(MD5TEST) $(HMACTEST) \
+- 	$(RC2TEST) $(RC4TEST) $(RC5TEST) \
+- 	$(DESTEST) $(SHATEST) $(SHA1TEST) $(MDC2TEST) $(RMDTEST) \
+- 	$(RANDTEST) $(DHTEST) \
+- 	$(BFTEST) $(CASTTEST) $(SSLTEST) $(EXPTEST) $(DSATEST) $(RSATEST)
+- 
+- # $(METHTEST)
+- 
+- OBJ=	$(BNTEST).o $(IDEATEST).o $(MD2TEST).o  $(MD5TEST).o $(HMACTEST).o \
+- 	$(RC2TEST).o $(RC4TEST).o $(RC5TEST).o \
+- 	$(DESTEST).o $(SHATEST).o $(SHA1TEST).o $(MDC2TEST).o $(RMDTEST).o \
+- 	$(RANDTEST).o $(DHTEST).o $(CASTTEST).o \
+- 	$(BFTEST).o  $(SSLTEST).o  $(DSATEST).o  $(EXPTEST).o $(RSATEST).o
+- SRC=	$(BNTEST).c $(IDEATEST).c $(MD2TEST).c  $(MD5TEST).c  $(HMACTEST).c \
+- 	$(RC2TEST).c $(RC4TEST).c $(RC5TEST).c \
+- 	$(DESTEST).c $(SHATEST).c $(SHA1TEST).c $(MDC2TEST).c $(RMDTEST).c \
+- 	$(RANDTEST).c $(DHTEST).c $(CASTTEST).c \
+- 	$(BFTEST).c  $(SSLTEST).c $(DSATEST).c   $(EXPTEST).c $(RSATEST).c
+- 
+- EXHEADER= 
+- HEADER=	$(EXHEADER)
+- 
+- ALL=    $(GENERAL) $(SRC) $(HEADER)
+- 
+- top:
+- 	(cd ..; $(MAKE) DIRS=$(DIR) all)
+- 
+- all:	exe
+- 
+- exe:	$(EXE)
+- 
+- files:
+- 	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+- 
+- links:
+- 	@@$(TOP)/util/point.sh Makefile.ssl Makefile
+- 
+- errors:
+- 
+- install:
+- 
+- tags:
+- 	ctags $(SRC)
+- 
+- tests:	exe apps \
+- 	test_des test_idea test_sha test_md5 test_hmac test_md2 test_mdc2 \
+- 	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast \
+- 	test_rand test_bn test_enc test_x509 test_rsa test_crl test_sid \
+- 	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
+- 	test_ss test_ca test_ssl
+- 
+- apps:
+- 	@(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
+- 
+- test_des:
+- 	./$(DESTEST)
+- 
+- test_idea:
+- 	./$(IDEATEST)
+- 
+- test_sha:
+- 	./$(SHATEST)
+- 	./$(SHA1TEST)
+- 
+- test_mdc2:
+- 	./$(MDC2TEST)
+- 
+- test_md5:
+- 	./$(MD5TEST)
+- 
+- test_hmac:
+- 	./$(HMACTEST)
+- 
+- test_md2:
+- 	./$(MD2TEST)
+- 
+- test_rmd:
+- 	./$(RMDTEST)
+- 
+- test_bf:
+- 	./$(BFTEST)
+- 
+- test_cast:
+- 	./$(CASTTEST)
+- 
+- test_rc2:
+- 	./$(RC2TEST)
+- 
+- test_rc4:
+- 	./$(RC4TEST)
+- 
+- test_rc5:
+- 	./$(RC5TEST)
+- 
+- test_rand:
+- 	./$(RANDTEST)
+- 
+- test_enc:
+- 	@sh ./testenc
+- 
+- test_x509:
+- 	echo test normal x509v1 certificate
+- 	sh ./tx509 2>/dev/null
+- 	echo test first x509v3 certificate
+- 	sh ./tx509 v3-cert1.pem 2>/dev/null
+- 	echo test second x509v3 certificate
+- 	sh ./tx509 v3-cert2.pem 2>/dev/null
+- 
+- test_rsa:
+- 	@sh ./trsa 2>/dev/null
+- 	./$(RSATEST)
+- 
+- test_crl:
+- 	@sh ./tcrl 2>/dev/null
+- 
+- test_sid:
+- 	@sh ./tsid 2>/dev/null
+- 
+- test_req:
+- 	@sh ./treq 2>/dev/null
+- 	@sh ./treq testreq2.pem 2>/dev/null
+- 
+- test_pkcs7:
+- 	@sh ./tpkcs7 2>/dev/null
+- 	@sh ./tpkcs7d 2>/dev/null
+- 
+- test_bn:
+- 	@echo starting big number library test, could take a while...
+- 	@./$(BNTEST) >tmp.bntest
+- 	@echo quit >>tmp.bntest
+- 	@echo "running bc"
+- 	@bc tmp.bntest 2>&1 | $(PERL) -e 'while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} print STDERR "."; $$i++;} print STDERR "\n$$i tests passed\n"'
+- 	@echo 'test a^b%c implementations'
+- 	./$(EXPTEST)
+- 
+- test_verify:
+- 	@echo "The following command should have some OK's and some failures"
+- 	@echo "There are definitly a few expired certificates"
+- 	../apps/openssl verify -CApath ../certs ../certs/*.pem
+- 
+- test_dh:
+- 	@echo "Generate a set of DH parameters"
+- 	./$(DHTEST)
+- 
+- test_dsa:
+- 	@echo "Generate a set of DSA parameters"
+- 	./$(DSATEST)
+- 	./$(DSATEST) -app2_1
+- 
+- test_gen:
+- 	@echo "Generate and verify a certificate request"
+- 	@sh ./testgen
+- 
+- test_ss keyU.ss certU.ss certCA.ss: testss
+- 	@echo "Generate and certify a test certificate"
+- 	@sh ./testss
+- 
+- test_ssl: keyU.ss certU.ss certCA.ss
+- 	@echo "test SSL protocol"
+- 	@sh ./testssl keyU.ss certU.ss certCA.ss
+- 
+- test_ca:
+- 	@if ../apps/openssl no-rsa; then \
+- 	  echo "skipping CA.sh test -- requires RSA"; \
+- 	else \
+- 	  echo "Generate and certify a test certificate via the 'ca' program"; \
+- 	  sh ./testca; \
+-  	fi
+- 
+- lint:
+- 	lint -DLINT $(INCLUDES) $(SRC)>fluff
+- 
+- depend:
+- 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+- 
+- dclean:
+- 	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+- 	mv -f Makefile.new $(MAKEFILE)
+- 
+- clean:
+- 	rm -f .rnd tmp.bntest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+- 
+- $(DLIBSSL):
+- 	(cd ../ssl; $(MAKE))
+- 
+- $(DLIBCRYPTO):
+- 	(cd ../crypto; $(MAKE))
+- 
+- $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(BNTEST): $(BNTEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(BNTEST) $(CFLAGS) $(BNTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(EXPTEST): $(EXPTEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(EXPTEST) $(CFLAGS) $(EXPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(IDEATEST): $(IDEATEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(IDEATEST) $(CFLAGS) $(IDEATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(MD2TEST): $(MD2TEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(MD2TEST) $(CFLAGS) $(MD2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(SHATEST): $(SHATEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(SHATEST) $(CFLAGS) $(SHATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(SHA1TEST): $(SHA1TEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(SHA1TEST) $(CFLAGS) $(SHA1TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(RMDTEST): $(RMDTEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(RMDTEST) $(CFLAGS) $(RMDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(MDC2TEST): $(MDC2TEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(MDC2TEST) $(CFLAGS) $(MDC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(MD5TEST): $(MD5TEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(MD5TEST) $(CFLAGS) $(MD5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(HMACTEST): $(HMACTEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(HMACTEST) $(CFLAGS) $(HMACTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(RC2TEST): $(RC2TEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(RC2TEST) $(CFLAGS) $(RC2TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(BFTEST): $(BFTEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(BFTEST) $(CFLAGS) $(BFTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(CASTTEST): $(CASTTEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(CASTTEST) $(CFLAGS) $(CASTTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(RC4TEST): $(RC4TEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(RC4TEST) $(CFLAGS) $(RC4TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(RC5TEST): $(RC5TEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(RC5TEST) $(CFLAGS) $(RC5TEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(DESTEST): $(DESTEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(DESTEST) $(CFLAGS) $(DESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(RANDTEST): $(RANDTEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(RANDTEST) $(CFLAGS) $(RANDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(DHTEST): $(DHTEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(DHTEST) $(CFLAGS) $(DHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(DSATEST): $(DSATEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(DSATEST) $(CFLAGS) $(DSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(METHTEST): $(METHTEST).o $(DLIBCRYPTO)
+- 	$(CC) -o $(METHTEST) $(CFLAGS) $(METHTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+- 	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+- 
+- # DO NOT DELETE THIS LINE -- make depend depends on it.
+- 
+- bftest.o: ../include/openssl/blowfish.h
+- bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- bntest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+- bntest.o: ../include/openssl/des.h ../include/openssl/dh.h
+- bntest.o: ../include/openssl/dsa.h ../include/openssl/e_os.h
+- bntest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+- bntest.o: ../include/openssl/evp.h ../include/openssl/idea.h
+- bntest.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- bntest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- bntest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- bntest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+- bntest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- bntest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- bntest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+- bntest.o: ../include/openssl/x509.h ../include/openssl/x509_vfy.h
+- casttest.o: ../include/openssl/cast.h
+- destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+- destest.o: ../include/openssl/opensslconf.h
+- dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+- dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+- dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+- dhtest.o: ../include/openssl/stack.h
+- dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+- dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+- dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
+- dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+- dsatest.o: ../include/openssl/stack.h
+- exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+- exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
+- exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+- exptest.o: ../include/openssl/stack.h
+- hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+- hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+- hmactest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+- hmactest.o: ../include/openssl/evp.h ../include/openssl/hmac.h
+- hmactest.o: ../include/openssl/idea.h ../include/openssl/md2.h
+- hmactest.o: ../include/openssl/md5.h ../include/openssl/mdc2.h
+- hmactest.o: ../include/openssl/objects.h ../include/openssl/opensslconf.h
+- hmactest.o: ../include/openssl/opensslv.h ../include/openssl/rc2.h
+- hmactest.o: ../include/openssl/rc4.h ../include/openssl/rc5.h
+- hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+- hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+- hmactest.o: ../include/openssl/stack.h
+- ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
+- md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
+- md5test.o: ../include/openssl/md5.h
+- mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+- mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+- randtest.o: ../include/openssl/rand.h
+- rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
+- rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+- rc5test.o: ../include/openssl/rc5.h
+- rmdtest.o: ../include/openssl/ripemd.h
+- rsa_test.o: ../include/openssl/bn.h ../include/openssl/crypto.h
+- rsa_test.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- rsa_test.o: ../include/openssl/err.h ../include/openssl/opensslconf.h
+- rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+- rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- rsa_test.o: ../include/openssl/stack.h
+- sha1test.o: ../include/openssl/sha.h
+- shatest.o: ../include/openssl/sha.h
+- ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+- ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+- ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+- ssltest.o: ../include/openssl/crypto.h ../include/openssl/des.h
+- ssltest.o: ../include/openssl/dh.h ../include/openssl/dsa.h
+- ssltest.o: ../include/openssl/e_os.h ../include/openssl/e_os2.h
+- ssltest.o: ../include/openssl/err.h ../include/openssl/evp.h
+- ssltest.o: ../include/openssl/idea.h ../include/openssl/lhash.h
+- ssltest.o: ../include/openssl/md2.h ../include/openssl/md5.h
+- ssltest.o: ../include/openssl/mdc2.h ../include/openssl/objects.h
+- ssltest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+- ssltest.o: ../include/openssl/pem.h ../include/openssl/pem2.h
+- ssltest.o: ../include/openssl/pkcs7.h ../include/openssl/rand.h
+- ssltest.o: ../include/openssl/rc2.h ../include/openssl/rc4.h
+- ssltest.o: ../include/openssl/rc5.h ../include/openssl/ripemd.h
+- ssltest.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+- ssltest.o: ../include/openssl/sha.h ../include/openssl/ssl.h
+- ssltest.o: ../include/openssl/ssl2.h ../include/openssl/ssl23.h
+- ssltest.o: ../include/openssl/ssl3.h ../include/openssl/stack.h
+- ssltest.o: ../include/openssl/tls1.h ../include/openssl/x509.h
+- ssltest.o: ../include/openssl/x509_vfy.h
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/Makefile.ssl ../RELENG_4_6/crypto/openssl/test/Makefile.ssl
+*** crypto/openssl/test/Makefile.ssl	Wed Jul  4 19:19:47 2001
+--- ../RELENG_4_6/crypto/openssl/test/Makefile.ssl	Thu Dec  5 16:50:30 2002
+***************
+*** 81,91 ****
+  ALL=    $(GENERAL) $(SRC) $(HEADER)
+  
+  top:
+! 	(cd ..; $(MAKE) DIRS=$(DIR) all)
+  
+  all:	exe
+  
+! exe:	$(EXE)
+  
+  files:
+  	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+--- 81,91 ----
+  ALL=    $(GENERAL) $(SRC) $(HEADER)
+  
+  top:
+! 	(cd ..; $(MAKE) DIRS=$(DIR) TESTS=$(TESTS) all)
+  
+  all:	exe
+  
+! exe:	$(EXE) dummytest
+  
+  files:
+  	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+***************
+*** 93,98 ****
+--- 93,102 ----
+  links:
+  	@@$(TOP)/util/point.sh Makefile.ssl Makefile
+  
++ generate: $(SRC)
++ $(SRC):
++ 	@$(TOP)/util/point.sh dummytest.c $@
++ 
+  errors:
+  
+  install:
+***************
+*** 109,115 ****
+  	test_ss test_ca test_ssl
+  
+  apps:
+! 	@(cd ../apps; $(MAKE)  CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' all)
+  
+  test_des:
+  	./$(DESTEST)
+--- 113,119 ----
+  	test_ss test_ca test_ssl
+  
+  apps:
+! 	@(cd ..; $(MAKE) DIRS=apps all)
+  
+  test_des:
+  	./$(DESTEST)
+***************
+*** 191,197 ****
+  	@./$(BNTEST) >tmp.bntest
+  	@echo quit >>tmp.bntest
+  	@echo "running bc"
+! 	@<tmp.bntest sh -c "`sh ./bctest || true`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
+  	@echo 'test a^b%c implementations'
+  	./$(EXPTEST)
+  
+--- 195,201 ----
+  	@./$(BNTEST) >tmp.bntest
+  	@echo quit >>tmp.bntest
+  	@echo "running bc"
+! 	@<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
+  	@echo 'test a^b%c implementations'
+  	./$(EXPTEST)
+  
+***************
+*** 233,239 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 237,243 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 243,252 ****
+  	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+  
+  $(DLIBSSL):
+! 	(cd ../ssl; $(MAKE))
+  
+  $(DLIBCRYPTO):
+! 	(cd ../crypto; $(MAKE))
+  
+  $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+  	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+--- 247,256 ----
+  	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+  
+  $(DLIBSSL):
+! 	(cd ..; $(MAKE) DIRS=ssl all)
+  
+  $(DLIBCRYPTO):
+! 	(cd ..; $(MAKE) DIRS=crypto all)
+  
+  $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+  	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+***************
+*** 317,325 ****
+  $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+  	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! bftest.o: ../include/openssl/blowfish.h
+  bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+--- 321,333 ----
+  $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+  	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+  
++ dummytest: dummytest.o $(DLIBCRYPTO)
++ 	$(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
++ 
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
+! bftest.o: ../include/openssl/opensslconf.h
+  bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+***************
+*** 339,366 ****
+  bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+  bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+  bntest.o: ../include/openssl/x509_vfy.h
+! casttest.o: ../include/openssl/cast.h
+  destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  destest.o: ../include/openssl/opensslconf.h
+! dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
+! dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! dsatest.o: ../include/openssl/symhacks.h
+! exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+! exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
+! exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! exptest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! exptest.o: ../include/openssl/symhacks.h
+! hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+  hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+--- 347,377 ----
+  bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+  bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+  bntest.o: ../include/openssl/x509_vfy.h
+! casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
+! casttest.o: ../include/openssl/opensslconf.h
+  destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  destest.o: ../include/openssl/opensslconf.h
+! dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+  dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! dhtest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! dhtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! dhtest.o: ../include/openssl/symhacks.h
+! dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+  dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+! dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+! exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+! exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! exptest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+  hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+  hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+***************
+*** 375,391 ****
+  hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+  hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+  hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
+! md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
+! md4test.o: ../include/openssl/md4.h
+! md5test.o: ../include/openssl/md5.h
+! mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+! randtest.o: ../include/openssl/rand.h
+  rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
+  rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+! rc5test.o: ../include/openssl/rc5.h
+! rmdtest.o: ../include/openssl/ripemd.h
+  rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+--- 386,411 ----
+  hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+  hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+  hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
+! ideatest.o: ../include/openssl/opensslconf.h
+! md2test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md2.h
+! md2test.o: ../include/openssl/opensslconf.h
+! md4test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md4.h
+! md4test.o: ../include/openssl/opensslconf.h
+! md5test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md5.h
+! md5test.o: ../include/openssl/opensslconf.h
+! mdc2test.o: ../e_os.h ../include/openssl/des.h ../include/openssl/e_os2.h
+  mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+! randtest.o: ../e_os.h ../include/openssl/e_os2.h
+! randtest.o: ../include/openssl/opensslconf.h ../include/openssl/rand.h
+! rc2test.o: ../e_os.h ../include/openssl/e_os2.h
+  rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
++ rc4test.o: ../e_os.h ../include/openssl/e_os2.h
+  rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+! rc5test.o: ../e_os.h ../include/openssl/e_os2.h
+! rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h
+! rmdtest.o: ../e_os.h ../include/openssl/e_os2.h
+! rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/ripemd.h
+  rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+***************
+*** 393,400 ****
+  rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+  rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+  rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! sha1test.o: ../include/openssl/sha.h
+! shatest.o: ../include/openssl/sha.h
+  ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+--- 413,422 ----
+  rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+  rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+  rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! sha1test.o: ../e_os.h ../include/openssl/e_os2.h
+! sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
+! shatest.o: ../e_os.h ../include/openssl/e_os2.h
+! shatest.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
+  ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/bctest ../RELENG_4_6/crypto/openssl/test/bctest
+*** crypto/openssl/test/bctest	Wed Jul  4 19:22:32 2001
+--- ../RELENG_4_6/crypto/openssl/test/bctest	Thu May  3 04:50:32 2001
+***************
+*** 12,21 ****
+  
+  
+  IFS=:
+! for dir in $PATH; do
+!     bc="$dir/bc"
+  
+!     if [ -x "$bc" -a ! -d "$bc" ]; then
+          failure=none
+  
+  
+--- 12,33 ----
+  
+  
+  IFS=:
+! try_without_dir=true
+! # First we try "bc", then "$dir/bc" for each item in $PATH.
+! for dir in dummy:$PATH; do
+!     if [ "$try_without_dir" = true ]; then
+!       # first iteration
+!       bc=bc
+!       try_without_dir=false
+!     else
+!       # second and later iterations
+!       bc="$dir/bc"
+!       if [ ! -f "$bc" ]; then  # '-x' is not available on Ultrix
+!         bc=''
+!       fi
+!     fi
+  
+!     if [ ! "$bc" = '' ]; then
+          failure=none
+  
+  
+***************
+*** 92,96 ****
+  done
+  
+  echo "No working bc found.  Consider installing GNU bc." >&2
+! echo "cat >/dev/null"
+  exit 1
+--- 104,111 ----
+  done
+  
+  echo "No working bc found.  Consider installing GNU bc." >&2
+! if [ "$1" = ignore ]; then
+!   echo "cat >/dev/null"
+!   exit 0
+! fi
+  exit 1
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/dsa-ca.pem ../RELENG_4_6/crypto/openssl/test/dsa-ca.pem
+*** crypto/openssl/test/dsa-ca.pem	Mon Jan 10 01:22:01 2000
+--- ../RELENG_4_6/crypto/openssl/test/dsa-ca.pem	Wed Dec 31 19:00:00 1969
+***************
+*** 1,43 ****
+- -----BEGIN DSA PRIVATE KEY-----
+- Proc-Type: 4,ENCRYPTED
+- DEK-Info: DES-EDE3-CBC,C5B6C7CC9E1FE2C0
+- 
+- svCXBcBRhMuU22UXOfiKZA+thmz6KYXpt1Yg5Rd+TYQcQ1MdvNy0B0tkP1SxzDq0
+- Xh1eMeTML9/9/0rKakgNXXXbpi5RB8t6BmwRSyej89F7nn1mtR3qzoyPRpp15SDl
+- Tn67C+2v+HDF3MFk88hiNCYkNbcmi7TWvChsl8N1r7wdZwtIox56yXdgxw6ZIpa/
+- par0oUCzN7fiavPgCWz1kfPNSaBQSdxwH7TZi5tMHAr0J3C7a7QRnZfE09R59Uqr
+- zslrq+ndIw1BZAxoY0SlBu+iFOVaBVlwToC4AsHkv7j7l8ITtr7f42YbBa44D9TO
+- uOhONmkk/v3Fso4RaOEzdKZC+hnmmzvHs6TiTWm6yzJgSFwyOUK0eGmKEeVxpcH5
+- rUOlHOwzen+FFtocZDZAfdFnb7QY7L/boQvyA5A+ZbRG4DUpmBQeQsSaICHM5Rxx
+- 1QaLF413VNPXTLPbW0ilSc2H8x2iZTIVKfd33oSO6NhXPtSYQgfecEF4BvNHY5c4
+- HovjT4mckbK95bcBzoCHu43vuSQkmZzdYo/ydSZt6zoPavbBLueTpgSbdXiDi827
+- MVqOsYxGCb+kez0FoDSTgw==
+- -----END DSA PRIVATE KEY-----
+- -----BEGIN CERTIFICATE REQUEST-----
+- MIICUjCCAhECAQAwUjELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+- ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDELMAkGA1UEAxMCQ0Ew
+- ggG0MIIBKQYFKw4DAgwwggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaW
+- sxXgUy6P4FmCc5A+dTGZR3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5m
+- rmuINvvsKNzC16W75Sw5JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHk
+- cJVbUM1JAhUA9wcx7fpsBgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVo
+- bzDjaeHls12YuyiGSPzemQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqR
+- CZ228U2cVA9YBu5JdAfOVX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxB
+- F5WS6wG1c6Vqftgy7Q4CuAOBhAACgYAapll6iqz9XrZFlk2GCVcB+KihxWnH7IuH
+- vSLw9YUrJahcBHmbpvt494lF4gC5w3WPM+vXJofbusk4GoQEEsQNMDaah4m49uUq
+- AylOVFJJJXuirVJ+o+0TtOFDITEAl+YZZariXOD7tdOSOl9RLMPC6+daHKS9e68u
+- 3enxhqnDGaAAMAkGBSsOAwIbBQADMAAwLQIVAJGVuFsG/0DBuSZ0jF7ypdU0/G0v
+- AhQfeF5BoMMDbX/kidUVpQ6gadPlZA==
+- -----END CERTIFICATE REQUEST-----
+- -----BEGIN CERTIFICATE-----
+- MIIBrjCCAWwCAQswCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+- U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+- CgYDVQQDEwNQQ0EwHhcNOTcwNjE1MDIxNDI5WhcNOTcwNzE1MDIxNDI5WjBSMQsw
+- CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+- ZXQgV2lkZ2l0cyBQdHkgTHRkMQswCQYDVQQDEwJDQTCBkjAJBgUrDgMCDAUAA4GE
+- AAKBgBqmWXqKrP1etkWWTYYJVwH4qKHFacfsi4e9IvD1hSslqFwEeZum+3j3iUXi
+- ALnDdY8z69cmh9u6yTgahAQSxA0wNpqHibj25SoDKU5UUkkle6KtUn6j7RO04UMh
+- MQCX5hllquJc4Pu105I6X1Esw8Lr51ocpL17ry7d6fGGqcMZMAkGBSsOAwIbBQAD
+- MQAwLgIVAJ4wtQsANPxHo7Q4IQZYsL12SKdbAhUAjJ9n38zxT+iai2164xS+LIfa
+- C1Q=
+- -----END CERTIFICATE-----
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/dsa-pca.pem ../RELENG_4_6/crypto/openssl/test/dsa-pca.pem
+*** crypto/openssl/test/dsa-pca.pem	Mon Jan 10 01:22:01 2000
+--- ../RELENG_4_6/crypto/openssl/test/dsa-pca.pem	Wed Dec 31 19:00:00 1969
+***************
+*** 1,49 ****
+- -----BEGIN DSA PRIVATE KEY-----
+- Proc-Type: 4,ENCRYPTED
+- DEK-Info: DES-EDE3-CBC,F80EEEBEEA7386C4
+- 
+- GZ9zgFcHOlnhPoiSbVi/yXc9mGoj44A6IveD4UlpSEUt6Xbse3Fr0KHIUyQ3oGnS
+- mClKoAp/eOTb5Frhto85SzdsxYtac+X1v5XwdzAMy2KowHVk1N8A5jmE2OlkNPNt
+- of132MNlo2cyIRYaa35PPYBGNCmUm7YcYS8O90YtkrQZZTf4+2C4kllhMcdkQwkr
+- FWSWC8YOQ7w0LHb4cX1FejHHom9Nd/0PN3vn3UyySvfOqoR7nbXkrpHXmPIr0hxX
+- RcF0aXcV/CzZ1/nfXWQf4o3+oD0T22SDoVcZY60IzI0oIc3pNCbDV3uKNmgekrFd
+- qOUJ+QW8oWp7oefRx62iBfIeC8DZunohMXaWAQCU0sLQOR4yEdeUCnzCSywe0bG1
+- diD0KYaEe+Yub1BQH4aLsBgDjardgpJRTQLq0DUvw0/QGO1irKTJzegEDNVBKrVn
+- V4AHOKT1CUKqvGNRP1UnccUDTF6miOAtaj/qpzra7sSk7dkGBvIEeFoAg84kfh9h
+- hVvF1YyzC9bwZepruoqoUwke/WdNIR5ymOVZ/4Liw0JdIOcq+atbdRX08niqIRkf
+- dsZrUj4leo3zdefYUQ7w4N2Ns37yDFq7
+- -----END DSA PRIVATE KEY-----
+- -----BEGIN CERTIFICATE REQUEST-----
+- MIICVTCCAhMCAQAwUzELMAkGA1UEBhMCQVUxEzARBgNVBAgTClNvbWUtU3RhdGUx
+- ITAfBgNVBAoTGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEMMAoGA1UEAxMDUENB
+- MIIBtTCCASkGBSsOAwIMMIIBHgKBgQCnP26Fv0FqKX3wn0cZMJCaCR3aajMexT2G
+- lrMV4FMuj+BZgnOQPnUxmUd6UvuF5NmmezibaIqEm4fGHrV+hktTW1nPcWUZiG7O
+- Zq5riDb77Cjcwtelu+UsOSZL2ppwGJU3lRBWI/YV7boEXt45T/23Qx+1pGVvzYAR
+- 5HCVW1DNSQIVAPcHMe36bAYD1YWKHKycZedQZmVvAoGATd9MA6aRivUZb1BGJZnl
+- aG8w42nh5bNdmLsohkj83pkEP1+IDJxzJA0gXbkqmj8YlifkYofBe3RiU/xhJ6h6
+- kQmdtvFNnFQPWAbuSXQHzlV+I84W9srcWmEBfslxtU323DQph2j2XiCTs9v15Als
+- QReVkusBtXOlan7YMu0OArgDgYUAAoGBAKbtuR5AdW+ICjCFe2ixjUiJJzM2IKwe
+- 6NZEMXg39+HQ1UTPTmfLZLps+rZfolHDXuRKMXbGFdSF0nXYzotPCzi7GauwEJTZ
+- yr27ZZjA1C6apGSQ9GzuwNvZ4rCXystVEagAS8OQ4H3D4dWS17Zg31ICb5o4E5r0
+- z09o/Uz46u0VoAAwCQYFKw4DAhsFAAMxADAuAhUArRubTxsbIXy3AhtjQ943AbNB
+- nSICFQCu+g1iW3jwF+gOcbroD4S/ZcvB3w==
+- -----END CERTIFICATE REQUEST-----
+- -----BEGIN CERTIFICATE-----
+- MIIC0zCCApECAQAwCQYFKw4DAhsFADBTMQswCQYDVQQGEwJBVTETMBEGA1UECBMK
+- U29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMQww
+- CgYDVQQDEwNQQ0EwHhcNOTcwNjE0MjI1NDQ1WhcNOTcwNzE0MjI1NDQ1WjBTMQsw
+- CQYDVQQGEwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJu
+- ZXQgV2lkZ2l0cyBQdHkgTHRkMQwwCgYDVQQDEwNQQ0EwggG1MIIBKQYFKw4DAgww
+- ggEeAoGBAKc/boW/QWopffCfRxkwkJoJHdpqMx7FPYaWsxXgUy6P4FmCc5A+dTGZ
+- R3pS+4Xk2aZ7OJtoioSbh8YetX6GS1NbWc9xZRmIbs5mrmuINvvsKNzC16W75Sw5
+- JkvamnAYlTeVEFYj9hXtugRe3jlP/bdDH7WkZW/NgBHkcJVbUM1JAhUA9wcx7fps
+- BgPVhYocrJxl51BmZW8CgYBN30wDppGK9RlvUEYlmeVobzDjaeHls12YuyiGSPze
+- mQQ/X4gMnHMkDSBduSqaPxiWJ+Rih8F7dGJT/GEnqHqRCZ228U2cVA9YBu5JdAfO
+- VX4jzhb2ytxaYQF+yXG1TfbcNCmHaPZeIJOz2/XkCWxBF5WS6wG1c6Vqftgy7Q4C
+- uAOBhQACgYEApu25HkB1b4gKMIV7aLGNSIknMzYgrB7o1kQxeDf34dDVRM9OZ8tk
+- umz6tl+iUcNe5EoxdsYV1IXSddjOi08LOLsZq7AQlNnKvbtlmMDULpqkZJD0bO7A
+- 29nisJfKy1URqABLw5DgfcPh1ZLXtmDfUgJvmjgTmvTPT2j9TPjq7RUwCQYFKw4D
+- AhsFAAMxADAuAhUAvtv6AkMolix1Jvy3UnVEIUqdCUICFQC+jq8P49mwrY9oJ24n
+- 5rKUjNBhSg==
+- -----END CERTIFICATE-----
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/methtest.c ../RELENG_4_6/crypto/openssl/test/methtest.c
+*** crypto/openssl/test/methtest.c	Mon Jan 10 01:22:01 2000
+--- ../RELENG_4_6/crypto/openssl/test/methtest.c	Thu Nov 28 13:56:18 2002
+***************
+*** 96,105 ****
+  	METH_init(top);
+  	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+  	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+! 	exit(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	exit(1);
+  	return(0);
+  	}
+--- 96,105 ----
+  	METH_init(top);
+  	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+  	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+! 	EXIT(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	EXIT(1);
+  	return(0);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/testss ../RELENG_4_6/crypto/openssl/test/testss
+*** crypto/openssl/test/testss	Sun Aug 20 04:47:04 2000
+--- ../RELENG_4_6/crypto/openssl/test/testss	Mon Oct 15 13:57:27 2001
+***************
+*** 20,25 ****
+--- 20,27 ----
+  echo
+  echo "make a certificate request using 'req'"
+  
++ echo "string to make the random number generator think it has entropy" >> ./.rnd
++ 
+  if ../apps/openssl no-rsa; then
+    req_new='-newkey dsa:../apps/dsa512.pem'
+  else
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/testssl ../RELENG_4_6/crypto/openssl/test/testssl
+*** crypto/openssl/test/testssl	Sun Aug 20 04:47:04 2000
+--- ../RELENG_4_6/crypto/openssl/test/testssl	Thu Dec 12 13:43:29 2002
+***************
+*** 112,119 ****
+  
+  #############################################################################
+  
+! echo test tls1 with 1024bit anonymous DH, multiple handshakes
+! $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+  
+  if ../apps/openssl no-rsa; then
+    echo skipping RSA tests
+--- 112,123 ----
+  
+  #############################################################################
+  
+! if ../apps/openssl no-dh; then
+!   echo skipping anonymous DH tests
+! else
+!   echo test tls1 with 1024bit anonymous DH, multiple handshakes
+!   $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+! fi
+  
+  if ../apps/openssl no-rsa; then
+    echo skipping RSA tests
+***************
+*** 121,128 ****
+    echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
+  
+!   echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+!   ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+  fi
+  
+  exit 0
+--- 125,136 ----
+    echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
+  
+!   if ../apps/openssl no-dh; then
+!     echo skipping RSA+DHE tests
+!   else
+!     echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+!     ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+!   fi
+  fi
+  
+  exit 0
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c89.sh ../RELENG_4_6/crypto/openssl/tools/c89.sh
+*** crypto/openssl/tools/c89.sh	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/tools/c89.sh	Thu Nov 22 06:26:54 2001
+***************
+*** 0 ****
+--- 1,15 ----
++ #!/bin/sh -k
++ #
++ # Re-order arguments so that -L comes first
++ #
++ opts=""
++ lopts=""
++         
++ for arg in $* ; do
++   case $arg in
++     -L*) lopts="$lopts $arg" ;;
++     *) opts="$opts $arg" ;;
++   esac
++ done
++ 
++ c89 $lopts $opts
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash ../RELENG_4_6/crypto/openssl/tools/c_rehash
+*** crypto/openssl/tools/c_rehash	Wed Jul  4 19:19:48 2001
+--- ../RELENG_4_6/crypto/openssl/tools/c_rehash	Wed Feb 19 21:57:35 2003
+***************
+*** 1,4 ****
+! #!/usr/local/bin/perl
+  
+  
+  # Perl c_rehash script, scan all files in a directory
+--- 1,4 ----
+! #!/usr/local/bin/perl5
+  
+  
+  # Perl c_rehash script, scan all files in a directory
+***************
+*** 100,106 ****
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 100,107 ----
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+***************
+*** 130,136 ****
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 131,138 ----
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash.in ../RELENG_4_6/crypto/openssl/tools/c_rehash.in
+*** crypto/openssl/tools/c_rehash.in	Wed Jul  4 19:19:48 2001
+--- ../RELENG_4_6/crypto/openssl/tools/c_rehash.in	Fri Oct 11 16:35:37 2002
+***************
+*** 100,106 ****
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 100,107 ----
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+***************
+*** 130,136 ****
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 131,138 ----
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/dirname.pl ../RELENG_4_6/crypto/openssl/util/dirname.pl
+*** crypto/openssl/util/dirname.pl	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/util/dirname.pl	Wed Jun  5 10:09:53 2002
+***************
+*** 0 ****
+--- 1,18 ----
++ #!/usr/local/bin/perl
++ 
++ if ($#ARGV < 0) {
++     die "dirname.pl: too few arguments\n";
++ } elsif ($#ARGV > 0) {
++     die "dirname.pl: too many arguments\n";
++ }
++ 
++ my $d = $ARGV[0];
++ 
++ if ($d =~ m|.*/.*|) {
++     $d =~ s|/[^/]*$||;
++ } else {
++     $d = ".";
++ }
++ 
++ print $d,"\n";
++ exit(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/domd ../RELENG_4_6/crypto/openssl/util/domd
+*** crypto/openssl/util/domd	Sun Aug 20 04:47:06 2000
+--- ../RELENG_4_6/crypto/openssl/util/domd	Wed Jun  5 03:25:49 2002
+***************
+*** 7,11 ****
+  
+  cp Makefile.ssl Makefile.save
+  makedepend -f Makefile.ssl $@
+! perl $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+  mv Makefile.new Makefile.ssl
+--- 7,11 ----
+  
+  cp Makefile.ssl Makefile.save
+  makedepend -f Makefile.ssl $@
+! ${PERL} $TOP/util/clean-depend.pl < Makefile.ssl > Makefile.new
+  mv Makefile.new Makefile.ssl
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/libeay.num ../RELENG_4_6/crypto/openssl/util/libeay.num
+*** crypto/openssl/util/libeay.num	Wed Jul  4 19:19:49 2001
+--- ../RELENG_4_6/crypto/openssl/util/libeay.num	Wed Nov 27 07:24:54 2002
+***************
+*** 197,203 ****
+  DH_new                                  205	EXIST::FUNCTION:DH
+  DH_size                                 206	EXIST::FUNCTION:DH
+  DHparams_print                          207	EXIST::FUNCTION:DH
+! DHparams_print_fp                       208	EXIST::FUNCTION:DH,FP_API
+  DSA_free                                209	EXIST::FUNCTION:DSA
+  DSA_generate_key                        210	EXIST::FUNCTION:DSA
+  DSA_generate_parameters                 211	EXIST::FUNCTION:DSA
+--- 197,203 ----
+  DH_new                                  205	EXIST::FUNCTION:DH
+  DH_size                                 206	EXIST::FUNCTION:DH
+  DHparams_print                          207	EXIST::FUNCTION:DH
+! DHparams_print_fp                       208	EXIST::FUNCTION:FP_API,DH
+  DSA_free                                209	EXIST::FUNCTION:DSA
+  DSA_generate_key                        210	EXIST::FUNCTION:DSA
+  DSA_generate_parameters                 211	EXIST::FUNCTION:DSA
+***************
+*** 478,484 ****
+  RSA_new                                 486	EXIST::FUNCTION:RSA
+  RSA_new_method                          487	EXIST::FUNCTION:RSA
+  RSA_print                               488	EXIST::FUNCTION:RSA
+! RSA_print_fp                            489	EXIST::FUNCTION:RSA,FP_API
+  RSA_private_decrypt                     490	EXIST::FUNCTION:RSA
+  RSA_private_encrypt                     491	EXIST::FUNCTION:RSA
+  RSA_public_decrypt                      492	EXIST::FUNCTION:RSA
+--- 478,484 ----
+  RSA_new                                 486	EXIST::FUNCTION:RSA
+  RSA_new_method                          487	EXIST::FUNCTION:RSA
+  RSA_print                               488	EXIST::FUNCTION:RSA
+! RSA_print_fp                            489	EXIST::FUNCTION:FP_API,RSA
+  RSA_private_decrypt                     490	EXIST::FUNCTION:RSA
+  RSA_private_encrypt                     491	EXIST::FUNCTION:RSA
+  RSA_public_decrypt                      492	EXIST::FUNCTION:RSA
+***************
+*** 742,748 ****
+  d2i_PublicKey                           749	EXIST::FUNCTION:
+  d2i_RSAPrivateKey                       750	EXIST::FUNCTION:RSA
+  d2i_RSAPrivateKey_bio                   751	EXIST::FUNCTION:RSA
+! d2i_RSAPrivateKey_fp                    752	EXIST::FUNCTION:RSA,FP_API
+  d2i_RSAPublicKey                        753	EXIST::FUNCTION:RSA
+  d2i_X509                                754	EXIST::FUNCTION:
+  d2i_X509_ALGOR                          755	EXIST::FUNCTION:
+--- 742,748 ----
+  d2i_PublicKey                           749	EXIST::FUNCTION:
+  d2i_RSAPrivateKey                       750	EXIST::FUNCTION:RSA
+  d2i_RSAPrivateKey_bio                   751	EXIST::FUNCTION:RSA
+! d2i_RSAPrivateKey_fp                    752	EXIST::FUNCTION:FP_API,RSA
+  d2i_RSAPublicKey                        753	EXIST::FUNCTION:RSA
+  d2i_X509                                754	EXIST::FUNCTION:
+  d2i_X509_ALGOR                          755	EXIST::FUNCTION:
+***************
+*** 844,850 ****
+  i2d_PublicKey                           852	EXIST::FUNCTION:
+  i2d_RSAPrivateKey                       853	EXIST::FUNCTION:RSA
+  i2d_RSAPrivateKey_bio                   854	EXIST::FUNCTION:RSA
+! i2d_RSAPrivateKey_fp                    855	EXIST::FUNCTION:RSA,FP_API
+  i2d_RSAPublicKey                        856	EXIST::FUNCTION:RSA
+  i2d_X509                                857	EXIST::FUNCTION:
+  i2d_X509_ALGOR                          858	EXIST::FUNCTION:
+--- 844,850 ----
+  i2d_PublicKey                           852	EXIST::FUNCTION:
+  i2d_RSAPrivateKey                       853	EXIST::FUNCTION:RSA
+  i2d_RSAPrivateKey_bio                   854	EXIST::FUNCTION:RSA
+! i2d_RSAPrivateKey_fp                    855	EXIST::FUNCTION:FP_API,RSA
+  i2d_RSAPublicKey                        856	EXIST::FUNCTION:RSA
+  i2d_X509                                857	EXIST::FUNCTION:
+  i2d_X509_ALGOR                          858	EXIST::FUNCTION:
+***************
+*** 933,940 ****
+  i2d_RSAPublicKey_bio                    946	EXIST::FUNCTION:RSA
+  PEM_read_RSAPublicKey                   947	EXIST:!WIN16:FUNCTION:RSA
+  PEM_write_RSAPublicKey                  949	EXIST:!WIN16:FUNCTION:RSA
+! d2i_RSAPublicKey_fp                     952	EXIST::FUNCTION:RSA,FP_API
+! i2d_RSAPublicKey_fp                     954	EXIST::FUNCTION:RSA,FP_API
+  BIO_copy_next_retry                     955	EXIST::FUNCTION:
+  RSA_flags                               956	EXIST::FUNCTION:RSA
+  X509_STORE_add_crl                      957	EXIST::FUNCTION:
+--- 933,940 ----
+  i2d_RSAPublicKey_bio                    946	EXIST::FUNCTION:RSA
+  PEM_read_RSAPublicKey                   947	EXIST:!WIN16:FUNCTION:RSA
+  PEM_write_RSAPublicKey                  949	EXIST:!WIN16:FUNCTION:RSA
+! d2i_RSAPublicKey_fp                     952	EXIST::FUNCTION:FP_API,RSA
+! i2d_RSAPublicKey_fp                     954	EXIST::FUNCTION:FP_API,RSA
+  BIO_copy_next_retry                     955	EXIST::FUNCTION:
+  RSA_flags                               956	EXIST::FUNCTION:RSA
+  X509_STORE_add_crl                      957	EXIST::FUNCTION:
+***************
+*** 1212,1218 ****
+  str_dup                                 1240	NOEXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+! BIO_s_log                               1243	EXIST:!WIN32,!WIN16,!macintosh:FUNCTION:
+  BIO_f_reliable                          1244	EXIST::FUNCTION:
+  PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+  PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+--- 1212,1218 ----
+  str_dup                                 1240	NOEXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+! BIO_s_log                               1243	EXIST:!WIN32,!macintosh,!WIN16:FUNCTION:
+  BIO_f_reliable                          1244	EXIST::FUNCTION:
+  PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+  PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+***************
+*** 1535,1541 ****
+  ASN1_STRING_set_def_mask_asc            1960	EXIST:VMS:FUNCTION:
+  PEM_write_bio_RSA_PUBKEY                1961	EXIST::FUNCTION:RSA
+  ASN1_INTEGER_cmp                        1963	EXIST::FUNCTION:
+! d2i_RSA_PUBKEY_fp                       1964	EXIST::FUNCTION:RSA,FP_API
+  X509_trust_set_bit_asc                  1967	NOEXIST::FUNCTION:
+  PEM_write_bio_DSA_PUBKEY                1968	EXIST::FUNCTION:
+  X509_STORE_CTX_free                     1969	EXIST::FUNCTION:
+--- 1535,1541 ----
+  ASN1_STRING_set_def_mask_asc            1960	EXIST:VMS:FUNCTION:
+  PEM_write_bio_RSA_PUBKEY                1961	EXIST::FUNCTION:RSA
+  ASN1_INTEGER_cmp                        1963	EXIST::FUNCTION:
+! d2i_RSA_PUBKEY_fp                       1964	EXIST::FUNCTION:FP_API,RSA
+  X509_trust_set_bit_asc                  1967	NOEXIST::FUNCTION:
+  PEM_write_bio_DSA_PUBKEY                1968	EXIST::FUNCTION:
+  X509_STORE_CTX_free                     1969	EXIST::FUNCTION:
+***************
+*** 1638,1644 ****
+  X509_TRUST_get_count                    2110	EXIST::FUNCTION:
+  ASN1_INTEGER_free                       2111	EXIST::FUNCTION:
+  OTHERNAME_free                          2112	EXIST::FUNCTION:
+! i2d_RSA_PUBKEY_fp                       2113	EXIST::FUNCTION:RSA,FP_API
+  ASN1_INTEGER_dup                        2114	EXIST::FUNCTION:
+  d2i_X509_CERT_AUX                       2115	EXIST::FUNCTION:
+  PEM_write_bio_PUBKEY                    2117	EXIST::FUNCTION:
+--- 1638,1644 ----
+  X509_TRUST_get_count                    2110	EXIST::FUNCTION:
+  ASN1_INTEGER_free                       2111	EXIST::FUNCTION:
+  OTHERNAME_free                          2112	EXIST::FUNCTION:
+! i2d_RSA_PUBKEY_fp                       2113	EXIST::FUNCTION:FP_API,RSA
+  ASN1_INTEGER_dup                        2114	EXIST::FUNCTION:
+  d2i_X509_CERT_AUX                       2115	EXIST::FUNCTION:
+  PEM_write_bio_PUBKEY                    2117	EXIST::FUNCTION:
+***************
+*** 1873,1875 ****
+--- 1873,1937 ----
+  BN_bntest_rand                          2464	EXIST::FUNCTION:
+  OPENSSL_issetugid                       2465	EXIST::FUNCTION:
+  BN_rand_range                           2466	EXIST::FUNCTION:
++ ERR_load_ENGINE_strings                 2467	NOEXIST::FUNCTION:
++ ENGINE_set_DSA                          2468	NOEXIST::FUNCTION:
++ ENGINE_get_finish_function              2469	NOEXIST::FUNCTION:
++ ENGINE_get_default_RSA                  2470	NOEXIST::FUNCTION:
++ ENGINE_get_BN_mod_exp                   2471	NOEXIST::FUNCTION:
++ DSA_get_default_openssl_method          2472	NOEXIST::FUNCTION:
++ ENGINE_set_DH                           2473	NOEXIST::FUNCTION:
++ ENGINE_set_def_BN_mod_exp_crt           2474	NOEXIST::FUNCTION:
++ ENGINE_set_default_BN_mod_exp_crt       2474	NOEXIST::FUNCTION:
++ ENGINE_init                             2475	NOEXIST::FUNCTION:
++ DH_get_default_openssl_method           2476	NOEXIST::FUNCTION:
++ RSA_set_default_openssl_method          2477	NOEXIST::FUNCTION:
++ ENGINE_finish                           2478	NOEXIST::FUNCTION:
++ ENGINE_load_public_key                  2479	NOEXIST::FUNCTION:
++ ENGINE_get_DH                           2480	NOEXIST::FUNCTION:
++ ENGINE_ctrl                             2481	NOEXIST::FUNCTION:
++ ENGINE_get_init_function                2482	NOEXIST::FUNCTION:
++ ENGINE_set_init_function                2483	NOEXIST::FUNCTION:
++ ENGINE_set_default_DSA                  2484	NOEXIST::FUNCTION:
++ ENGINE_get_name                         2485	NOEXIST::FUNCTION:
++ ENGINE_get_last                         2486	NOEXIST::FUNCTION:
++ ENGINE_get_prev                         2487	NOEXIST::FUNCTION:
++ ENGINE_get_default_DH                   2488	NOEXIST::FUNCTION:
++ ENGINE_get_RSA                          2489	NOEXIST::FUNCTION:
++ ENGINE_set_default                      2490	NOEXIST::FUNCTION:
++ ENGINE_get_RAND                         2491	NOEXIST::FUNCTION:
++ ENGINE_get_first                        2492	NOEXIST::FUNCTION:
++ ENGINE_by_id                            2493	NOEXIST::FUNCTION:
++ ENGINE_set_finish_function              2494	NOEXIST::FUNCTION:
++ ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
++ ENGINE_get_def_BN_mod_exp_crt           2495	NOEXIST::FUNCTION:
++ RSA_get_default_openssl_method          2496	NOEXIST::FUNCTION:
++ ENGINE_set_RSA                          2497	NOEXIST::FUNCTION:
++ ENGINE_load_private_key                 2498	NOEXIST::FUNCTION:
++ ENGINE_set_default_RAND                 2499	NOEXIST::FUNCTION:
++ ENGINE_set_BN_mod_exp                   2500	NOEXIST::FUNCTION:
++ ENGINE_remove                           2501	NOEXIST::FUNCTION:
++ ENGINE_free                             2502	NOEXIST::FUNCTION:
++ ENGINE_get_BN_mod_exp_crt               2503	NOEXIST::FUNCTION:
++ ENGINE_get_next                         2504	NOEXIST::FUNCTION:
++ ENGINE_set_name                         2505	NOEXIST::FUNCTION:
++ ENGINE_get_default_DSA                  2506	NOEXIST::FUNCTION:
++ ENGINE_set_default_BN_mod_exp           2507	NOEXIST::FUNCTION:
++ ENGINE_set_default_RSA                  2508	NOEXIST::FUNCTION:
++ ENGINE_get_default_RAND                 2509	NOEXIST::FUNCTION:
++ ENGINE_get_default_BN_mod_exp           2510	NOEXIST::FUNCTION:
++ ENGINE_set_RAND                         2511	NOEXIST::FUNCTION:
++ ENGINE_set_id                           2512	NOEXIST::FUNCTION:
++ ENGINE_set_BN_mod_exp_crt               2513	NOEXIST::FUNCTION:
++ ENGINE_set_default_DH                   2514	NOEXIST::FUNCTION:
++ ENGINE_new                              2515	NOEXIST::FUNCTION:
++ ENGINE_get_id                           2516	NOEXIST::FUNCTION:
++ DSA_set_default_openssl_method          2517	NOEXIST::FUNCTION:
++ ENGINE_add                              2518	NOEXIST::FUNCTION:
++ DH_set_default_openssl_method           2519	NOEXIST::FUNCTION:
++ ENGINE_get_DSA                          2520	NOEXIST::FUNCTION:
++ ENGINE_get_ctrl_function                2521	NOEXIST::FUNCTION:
++ ENGINE_set_ctrl_function                2522	NOEXIST::FUNCTION:
++ BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
++ X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
++ ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
++ OPENSSL_cleanse                         3245	EXIST::FUNCTION:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mk1mf.pl ../RELENG_4_6/crypto/openssl/util/mk1mf.pl
+*** crypto/openssl/util/mk1mf.pl	Sun Nov 26 06:34:20 2000
+--- ../RELENG_4_6/crypto/openssl/util/mk1mf.pl	Fri Feb 14 00:20:32 2003
+***************
+*** 98,104 ****
+  $inc_def="outinc";
+  $tmp_def="tmp";
+  
+! $mkdir="mkdir";
+  
+  ($ssl,$crypto)=("ssl","crypto");
+  $RSAglue="RSAglue";
+--- 98,104 ----
+  $inc_def="outinc";
+  $tmp_def="tmp";
+  
+! $mkdir="-mkdir";
+  
+  ($ssl,$crypto)=("ssl","crypto");
+  $RSAglue="RSAglue";
+***************
+*** 206,212 ****
+  $cflags.=" -DNO_MD5"  if $no_md5;
+  $cflags.=" -DNO_SHA"  if $no_sha;
+  $cflags.=" -DNO_SHA1" if $no_sha1;
+! $cflags.=" -DNO_RIPEMD" if $no_rmd160;
+  $cflags.=" -DNO_MDC2" if $no_mdc2;
+  $cflags.=" -DNO_BF"  if $no_bf;
+  $cflags.=" -DNO_CAST" if $no_cast;
+--- 206,212 ----
+  $cflags.=" -DNO_MD5"  if $no_md5;
+  $cflags.=" -DNO_SHA"  if $no_sha;
+  $cflags.=" -DNO_SHA1" if $no_sha1;
+! $cflags.=" -DNO_RIPEMD" if $no_ripemd;
+  $cflags.=" -DNO_MDC2" if $no_mdc2;
+  $cflags.=" -DNO_BF"  if $no_bf;
+  $cflags.=" -DNO_CAST" if $no_cast;
+***************
+*** 674,680 ****
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+--- 674,680 ----
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+***************
+*** 883,889 ****
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; }
+  
+  	elsif (/^rsaref$/)	{ $rsaref=1; }
+  	elsif (/^gcc$/)		{ $gcc=1; }
+--- 883,889 ----
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; }
+  
+  	elsif (/^rsaref$/)	{ $rsaref=1; }
+  	elsif (/^gcc$/)		{ $gcc=1; }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkcerts.sh ../RELENG_4_6/crypto/openssl/util/mkcerts.sh
+*** crypto/openssl/util/mkcerts.sh	Mon Jan 10 01:22:05 2000
+--- ../RELENG_4_6/crypto/openssl/util/mkcerts.sh	Fri Nov 15 16:25:16 2002
+***************
+*** 1,4 ****
+! #!bin/sh
+  
+  # This script will re-make all the required certs.
+  # cd apps
+--- 1,4 ----
+! #!/bin/sh
+  
+  # This script will re-make all the required certs.
+  # cd apps
+***************
+*** 12,19 ****
+  #
+   
+  CAbits=1024
+! SSLEAY="../apps/ssleay"
+! CONF="-config ../apps/ssleay.cnf"
+  
+  # create pca request.
+  echo creating $CAbits bit PCA cert request
+--- 12,19 ----
+  #
+   
+  CAbits=1024
+! SSLEAY="../apps/openssl"
+! CONF="-config ../apps/openssl.cnf"
+  
+  # create pca request.
+  echo creating $CAbits bit PCA cert request
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkdef.pl ../RELENG_4_6/crypto/openssl/util/mkdef.pl
+*** crypto/openssl/util/mkdef.pl	Wed Jul  4 19:19:49 2001
+--- ../RELENG_4_6/crypto/openssl/util/mkdef.pl	Wed Dec 19 14:48:51 2001
+***************
+*** 293,300 ****
+  			TRUE		=> 1,
+  		);
+  		my $symhacking = $file eq $symhacksfile;
+  		while(<IN>) {
+! 			last if (/BEGIN ERROR CODES/);
+  			if ($line ne '') {
+  				$_ = $line . $_;
+  				$line = '';
+--- 293,302 ----
+  			TRUE		=> 1,
+  		);
+  		my $symhacking = $file eq $symhacksfile;
++ 		my $begin_error_codes = 0;
+  		while(<IN>) {
+! 			$begin_error_codes = 1 if (/BEGIN ERROR CODES/);
+! 			last if ($begin_error_codes && /Error codes for /);
+  			if ($line ne '') {
+  				$_ = $line . $_;
+  				$line = '';
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkerr.pl ../RELENG_4_6/crypto/openssl/util/mkerr.pl
+*** crypto/openssl/util/mkerr.pl	Sun Nov 26 06:34:20 2000
+--- ../RELENG_4_6/crypto/openssl/util/mkerr.pl	Fri Aug  2 06:51:59 2002
+***************
+*** 53,58 ****
+--- 53,59 ----
+  {
+  	if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) {
+  		$hinc{$1} = $2;
++ 		$libinc{$2} = $1;
+  		$cskip{$3} = $1;
+  		if($3 ne "NONE") {
+  			$csrc{$1} = $3;
+***************
+*** 74,80 ****
+  # Scan each header file in turn and make a list of error codes
+  # and function names
+  
+! while (($lib, $hdr) = each %hinc)
+  {
+  	next if($hdr eq "NONE");
+  	print STDERR "Scanning header file $hdr\n" if $debug; 
+--- 75,81 ----
+  # Scan each header file in turn and make a list of error codes
+  # and function names
+  
+! while (($hdr, $lib) = each %libinc)
+  {
+  	next if($hdr eq "NONE");
+  	print STDERR "Scanning header file $hdr\n" if $debug; 
+***************
+*** 257,262 ****
+--- 258,264 ----
+  /* The following lines are auto generated by the script mkerr.pl. Any changes
+   * made after this point may be overwritten when the script is next run.
+   */
++ void ERR_load_${lib}_strings(void);
+  
+  /* Error codes for the $lib functions. */
+  
+***************
+*** 288,294 ****
+  }
+  #endif
+  #endif
+- 
+  EOF
+  	close OUT;
+  
+--- 290,295 ----
+***************
+*** 319,325 ****
+  	print OUT <<"EOF";
+  /* $cfile */
+  /* ====================================================================
+!  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 320,326 ----
+  	print OUT <<"EOF";
+  /* $cfile */
+  /* ====================================================================
+!  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pl/BC-32.pl ../RELENG_4_6/crypto/openssl/util/pl/BC-32.pl
+*** crypto/openssl/util/pl/BC-32.pl	Sun Nov 26 06:34:21 2000
+--- ../RELENG_4_6/crypto/openssl/util/pl/BC-32.pl	Mon Nov  4 01:25:33 2002
+***************
+*** 52,60 ****
+  $shlib_ex_obj="";
+  $app_ex_obj="c0x32.obj"; 
+  
+! $asm='n_o_T_a_s_m';
+  $asm.=" /Zi" if $debug;
+! $afile='/Fo';
+  
+  $bn_mulw_obj='';
+  $bn_mulw_src='';
+--- 52,60 ----
+  $shlib_ex_obj="";
+  $app_ex_obj="c0x32.obj"; 
+  
+! $asm='nasmw -f obj';
+  $asm.=" /Zi" if $debug;
+! $afile='-o';
+  
+  $bn_mulw_obj='';
+  $bn_mulw_src='';
+***************
+*** 65,88 ****
+  
+  if (!$no_asm)
+  	{
+! 	$bn_mulw_obj='crypto\bn\asm\bn-win32.obj';
+! 	$bn_mulw_src='crypto\bn\asm\bn-win32.asm';
+! 	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
+! 	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
+! 	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
+! 	$bf_enc_src='crypto\bf\asm\b-win32.asm';
+! 	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
+! 	$cast_enc_src='crypto\cast\asm\c-win32.asm';
+! 	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
+! 	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
+! 	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
+! 	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
+! 	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
+! 	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
+! 	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
+! 	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
+! 	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
+! 	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+  	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+  	}
+  
+--- 65,88 ----
+  
+  if (!$no_asm)
+  	{
+! 	$bn_mulw_obj='crypto\bn\asm\bn_win32.obj';
+! 	$bn_mulw_src='crypto\bn\asm\bn_win32.asm';
+! 	$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
+! 	$des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
+! 	$bf_enc_obj='crypto\bf\asm\b_win32.obj';
+! 	$bf_enc_src='crypto\bf\asm\b_win32.asm';
+! 	$cast_enc_obj='crypto\cast\asm\c_win32.obj';
+! 	$cast_enc_src='crypto\cast\asm\c_win32.asm';
+! 	$rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
+! 	$rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
+! 	$rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
+! 	$rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
+! 	$md5_asm_obj='crypto\md5\asm\m5_win32.obj';
+! 	$md5_asm_src='crypto\md5\asm\m5_win32.asm';
+! 	$sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
+! 	$sha1_asm_src='crypto\sha\asm\s1_win32.asm';
+! 	$rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
+! 	$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
+  	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pl/VC-32.pl ../RELENG_4_6/crypto/openssl/util/pl/VC-32.pl
+*** crypto/openssl/util/pl/VC-32.pl	Sun Nov 26 06:34:21 2000
+--- ../RELENG_4_6/crypto/openssl/util/pl/VC-32.pl	Thu Jun 27 11:55:40 2002
+***************
+*** 67,90 ****
+  
+  if (!$no_asm)
+  	{
+! 	$bn_asm_obj='crypto\bn\asm\bn-win32.obj';
+! 	$bn_asm_src='crypto\bn\asm\bn-win32.asm';
+! 	$des_enc_obj='crypto\des\asm\d-win32.obj crypto\des\asm\y-win32.obj';
+! 	$des_enc_src='crypto\des\asm\d-win32.asm crypto\des\asm\y-win32.asm';
+! 	$bf_enc_obj='crypto\bf\asm\b-win32.obj';
+! 	$bf_enc_src='crypto\bf\asm\b-win32.asm';
+! 	$cast_enc_obj='crypto\cast\asm\c-win32.obj';
+! 	$cast_enc_src='crypto\cast\asm\c-win32.asm';
+! 	$rc4_enc_obj='crypto\rc4\asm\r4-win32.obj';
+! 	$rc4_enc_src='crypto\rc4\asm\r4-win32.asm';
+! 	$rc5_enc_obj='crypto\rc5\asm\r5-win32.obj';
+! 	$rc5_enc_src='crypto\rc5\asm\r5-win32.asm';
+! 	$md5_asm_obj='crypto\md5\asm\m5-win32.obj';
+! 	$md5_asm_src='crypto\md5\asm\m5-win32.asm';
+! 	$sha1_asm_obj='crypto\sha\asm\s1-win32.obj';
+! 	$sha1_asm_src='crypto\sha\asm\s1-win32.asm';
+! 	$rmd160_asm_obj='crypto\ripemd\asm\rm-win32.obj';
+! 	$rmd160_asm_src='crypto\ripemd\asm\rm-win32.asm';
+  	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+  	}
+  
+--- 67,90 ----
+  
+  if (!$no_asm)
+  	{
+! 	$bn_asm_obj='crypto\bn\asm\bn_win32.obj';
+! 	$bn_asm_src='crypto\bn\asm\bn_win32.asm';
+! 	$des_enc_obj='crypto\des\asm\d_win32.obj crypto\des\asm\y_win32.obj';
+! 	$des_enc_src='crypto\des\asm\d_win32.asm crypto\des\asm\y_win32.asm';
+! 	$bf_enc_obj='crypto\bf\asm\b_win32.obj';
+! 	$bf_enc_src='crypto\bf\asm\b_win32.asm';
+! 	$cast_enc_obj='crypto\cast\asm\c_win32.obj';
+! 	$cast_enc_src='crypto\cast\asm\c_win32.asm';
+! 	$rc4_enc_obj='crypto\rc4\asm\r4_win32.obj';
+! 	$rc4_enc_src='crypto\rc4\asm\r4_win32.asm';
+! 	$rc5_enc_obj='crypto\rc5\asm\r5_win32.obj';
+! 	$rc5_enc_src='crypto\rc5\asm\r5_win32.asm';
+! 	$md5_asm_obj='crypto\md5\asm\m5_win32.obj';
+! 	$md5_asm_src='crypto\md5\asm\m5_win32.asm';
+! 	$sha1_asm_obj='crypto\sha\asm\s1_win32.obj';
+! 	$sha1_asm_src='crypto\sha\asm\s1_win32.asm';
+! 	$rmd160_asm_obj='crypto\ripemd\asm\rm_win32.obj';
+! 	$rmd160_asm_src='crypto\ripemd\asm\rm_win32.asm';
+  	$cflags.=" -DBN_ASM -DMD5_ASM -DSHA1_ASM -DRMD160_ASM";
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pod2man.pl ../RELENG_4_6/crypto/openssl/util/pod2man.pl
+*** crypto/openssl/util/pod2man.pl	Wed Jul  4 19:19:50 2001
+--- ../RELENG_4_6/crypto/openssl/util/pod2man.pl	Thu May 30 11:30:27 2002
+***************
+*** 416,423 ****
+  			warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
+  		    }
+  		    else {
+! 			$n[0] =~ s/\n/ /;
+! 			$n[1] =~ s/\n/ /;
+  			%namedesc = @n;
+  		    }
+  		}
+--- 416,423 ----
+  			warn "$0: Improper man page - malformed NAME header in paragraph $. of $ARGV[0]\n"
+  		    }
+  		    else {
+! 			$n[0] =~ s/\n/ /g;
+! 			$n[1] =~ s/\n/ /g;
+  			%namedesc = @n;
+  		    }
+  		}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pod2mantest ../RELENG_4_6/crypto/openssl/util/pod2mantest
+*** crypto/openssl/util/pod2mantest	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/util/pod2mantest	Wed Aug 14 10:10:25 2002
+***************
+*** 0 ****
+--- 1,57 ----
++ #!/bin/sh
++ 
++ # This script is used by test/Makefile.ssl to check whether a sane 'pod2man'
++ # is installed.
++ # ('make install' should not try to run 'pod2man' if it does not exist or if
++ # it is a broken 'pod2man' version that is known to cause trouble. if we find
++ # the system 'pod2man' to be broken, we use our own copy instead)
++ #
++ # In any case, output an appropriate command line for running (or not
++ # running) pod2man.
++ 
++ 
++ IFS=:
++ 
++ try_without_dir=true
++ # First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
++ for dir in dummy:$PATH; do
++     if [ "$try_without_dir" = true ]; then
++       # first iteration
++       pod2man=pod2man
++       try_without_dir=false
++     else
++       # second and later iterations
++       pod2man="$dir/pod2man"
++       if [ ! -f "$pod2man" ]; then  # '-x' is not available on Ultrix
++         pod2man=''
++       fi
++     fi
++ 
++     if [ ! "$pod2man" = '' ]; then
++         failure=none
++ 
++ 	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
++ 	    :
++ 	else
++ 	    failure=BasicTest
++ 	fi
++ 
++ 	if [ "$failure" = none ]; then
++ 	    if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
++ 	        failure=MultilineTest
++ 	    fi
++ 	fi
++ 
++ 
++         if [ "$failure" = none ]; then
++             echo "$pod2man"
++             exit 0
++         fi
++ 
++         echo "$pod2man does not work properly ('$failure' failed).  Looking for another pod2man ..." >&2
++     fi
++ done
++ 
++ echo "No working pod2man found.  Consider installing a new version." >&2
++ echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
++ echo "$1 ../../util/pod2man.pl"
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pod2mantest.pod ../RELENG_4_6/crypto/openssl/util/pod2mantest.pod
+*** crypto/openssl/util/pod2mantest.pod	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/util/pod2mantest.pod	Thu May 30 11:18:19 2002
+***************
+*** 0 ****
+--- 1,15 ----
++ =pod
++ 
++ =head1 NAME
++ 
++ foo, bar,
++ MARKER - test of multiline name section
++ 
++ =head1 DESCRIPTION
++ 
++ This is a test .pod file to see if we have a buggy pod2man or not.
++ If we have a buggy implementation, we will get a line matching the
++ regular expression "^ +MARKER - test of multiline name section *$"
++ at the end of the resulting document.
++ 
++ =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/selftest.pl ../RELENG_4_6/crypto/openssl/util/selftest.pl
+*** crypto/openssl/util/selftest.pl	Sun Nov 26 06:34:20 2000
+--- ../RELENG_4_6/crypto/openssl/util/selftest.pl	Wed Jan 16 14:22:36 2002
+***************
+*** 57,63 ****
+  
+  if (open(IN,"<CHANGES")) {
+      while(<IN>) {
+! 	if (/\*\) (.{0,55})/) {
+  	    $last=$1;
+  	    last;
+  	}
+--- 57,63 ----
+  
+  if (open(IN,"<CHANGES")) {
+      while(<IN>) {
+! 	if (/\*\) (.{0,55})/ && !/applies to/) {
+  	    $last=$1;
+  	    last;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/sep_lib.sh ../RELENG_4_6/crypto/openssl/util/sep_lib.sh
+*** crypto/openssl/util/sep_lib.sh	Mon Jan 10 01:22:05 2000
+--- ../RELENG_4_6/crypto/openssl/util/sep_lib.sh	Wed Dec 31 19:00:00 1969
+***************
+*** 1,34 ****
+- #!/bin/sh
+- 
+- cwd=`pwd`
+- /bin/rm -fr tmp/*
+- 
+- cd crypto/des
+- make -f Makefile.uni tar
+- make -f Makefile.uni tar_lit
+- /bin/mv libdes.tgz $cwd/tmp
+- /bin/mv libdes-l.tgz $cwd/tmp
+- cd $cwd
+- 
+- for name in md5 sha cast bf idea rc4 rc2
+- do
+- 	echo doing $name
+- 	(cd crypto; tar cfh - $name)|(cd tmp; tar xf -)
+- 	cd tmp/$name
+- 	/bin/rm -f Makefile
+- 	/bin/rm -f Makefile.ssl
+- 	/bin/rm -f Makefile.ssl.orig
+- 	/bin/rm -f *.old
+- 	/bin/mv Makefile.uni Makefile
+- 
+- 	if [ -d asm ]; then
+- 		mkdir asm/perlasm
+- 		cp $cwd/crypto/perlasm/*.pl asm/perlasm
+- 	fi
+- 	cd ..
+- 	tar cf - $name|gzip >$name.tgz
+- #	/bin/rm -fr $name
+- 	cd $cwd
+- done
+- 
+- 
+--- 0 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/ssleay.num ../RELENG_4_6/crypto/openssl/util/ssleay.num
+*** crypto/openssl/util/ssleay.num	Sun Nov 26 06:34:20 2000
+--- ../RELENG_4_6/crypto/openssl/util/ssleay.num	Fri Sep  7 00:32:11 2001
+***************
+*** 193,195 ****
+--- 193,197 ----
+  SSL_CTX_callback_ctrl                   243	EXIST::FUNCTION:
+  SSL_callback_ctrl                       244	EXIST::FUNCTION:
+  SSL_CTX_sessions                        245	EXIST::FUNCTION:
++ SSL_get_rfd                             246	EXIST::FUNCTION:
++ SSL_get_wfd                             247	EXIST::FUNCTION:
+*** secure/lib/libcrypto/Makefile	Wed Jul  4 19:24:41 2001
+--- ../RELENG_4_6/secure/lib/libcrypto/Makefile	Fri Feb 21 11:33:02 2003
+***************
+*** 1,4 ****
+! # $FreeBSD: src/secure/lib/libcrypto/Makefile,v 1.15.2.11 2001/07/04 23:24:41 kris Exp $
+  
+  .include "Makefile.inc"
+  
+--- 1,4 ----
+! # $FreeBSD: src/secure/lib/libcrypto/Makefile,v 1.15.2.11.6.2 2003/02/21 16:33:02 nectar Exp $
+  
+  .include "Makefile.inc"
+  
+***************
+*** 35,42 ****
+  MAINTAINER=	kris
+  
+  # base sources
+! SRCS+=	cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \
+! 	tmdiff.c uid.c
+  
+  # asn1
+  
+--- 35,42 ----
+  MAINTAINER=	kris
+  
+  # base sources
+! SRCS+=	cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \
+! 	mem_dbg.c tmdiff.c uid.c
+  
+  # asn1
+  
+***************
+*** 235,241 ****
+  	v3_sxnet.c v3_utl.c v3err.c
+  
+  POD1+=	apps/CA.pl.pod apps/asn1parse.pod apps/ca.pod \
+! 	apps/ciphers.pod apps/config.pod apps/crl.pod \
+  	apps/crl2pkcs7.pod apps/dgst.pod apps/dhparam.pod apps/dsa.pod \
+  	apps/dsaparam.pod apps/enc.pod apps/gendsa.pod apps/genrsa.pod \
+  	apps/nseq.pod apps/openssl.pod apps/passwd.pod apps/pkcs12.pod \
+--- 235,241 ----
+  	v3_sxnet.c v3_utl.c v3err.c
+  
+  POD1+=	apps/CA.pl.pod apps/asn1parse.pod apps/ca.pod \
+! 	apps/ciphers.pod apps/crl.pod \
+  	apps/crl2pkcs7.pod apps/dgst.pod apps/dhparam.pod apps/dsa.pod \
+  	apps/dsaparam.pod apps/enc.pod apps/gendsa.pod apps/genrsa.pod \
+  	apps/nseq.pod apps/openssl.pod apps/passwd.pod apps/pkcs12.pod \
+***************
+*** 307,343 ****
+  	ssl/SSL_CTX_free.pod ssl/SSL_CTX_get_ex_new_index.pod \
+  	ssl/SSL_CTX_get_verify_mode.pod \
+  	ssl/SSL_CTX_load_verify_locations.pod ssl/SSL_CTX_new.pod \
+! 	ssl/SSL_CTX_sess_set_cache_size.pod \
+! 	ssl/SSL_CTX_sess_set_get_cb.pod ssl/SSL_CTX_sessions.pod \
+! 	ssl/SSL_CTX_set_cipher_list.pod \
+  	ssl/SSL_CTX_set_client_CA_list.pod \
+! 	ssl/SSL_CTX_set_default_passwd_cb.pod \
+! 	ssl/SSL_CTX_set_options.pod \
+  	ssl/SSL_CTX_set_session_cache_mode.pod \
+  	ssl/SSL_CTX_set_session_id_context.pod \
+! 	ssl/SSL_CTX_set_ssl_version.pod ssl/SSL_CTX_set_timeout.pod \
+! 	ssl/SSL_CTX_set_verify.pod ssl/SSL_CTX_use_certificate.pod \
+! 	ssl/SSL_SESSION_free.pod ssl/SSL_SESSION_get_ex_new_index.pod \
+! 	ssl/SSL_SESSION_get_time.pod ssl/SSL_accept.pod \
+! 	ssl/SSL_clear.pod ssl/SSL_connect.pod ssl/SSL_free.pod \
+! 	ssl/SSL_get_ciphers.pod ssl/SSL_get_client_CA_list.pod \
+! 	ssl/SSL_get_current_cipher.pod ssl/SSL_get_error.pod \
+! 	ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod \
+  	ssl/SSL_get_ex_new_index.pod ssl/SSL_get_fd.pod \
+! 	ssl/SSL_get_peer_cert_chain.pod \
+! 	ssl/SSL_get_peer_certificate.pod ssl/SSL_get_rbio.pod \
+! 	ssl/SSL_get_session.pod ssl/SSL_get_verify_result.pod \
+! 	ssl/SSL_library_init.pod ssl/SSL_load_client_CA_file.pod \
+! 	ssl/SSL_new.pod ssl/SSL_pending.pod ssl/SSL_read.pod \
+! 	ssl/SSL_set_bio.pod ssl/SSL_set_fd.pod ssl/SSL_set_session.pod \
+! 	ssl/SSL_set_verify_result.pod ssl/SSL_shutdown.pod \
+! 	ssl/SSL_write.pod ssl/d2i_SSL_SESSION.pod ssl/ssl.pod \
+! 	ssl/SSL_CTX_sess_number.pod ssl/SSL_CTX_set_mode.pod \
+  	ssl/SSL_get_version.pod ssl/SSL_set_connect_state.pod \
+! 	ssl/SSL_set_shutdown.pod
+  
+  .if defined(WANT_OPENSSL_MANPAGES)
+! .for section in 1 3
+  .for pod in ${POD${section}}
+  .for target in ${pod:T:S/.pod/.${section}/g}
+  MAN+= ${target}
+--- 307,354 ----
+  	ssl/SSL_CTX_free.pod ssl/SSL_CTX_get_ex_new_index.pod \
+  	ssl/SSL_CTX_get_verify_mode.pod \
+  	ssl/SSL_CTX_load_verify_locations.pod ssl/SSL_CTX_new.pod \
+! 	ssl/SSL_CTX_sess_set_cache_size.pod ssl/SSL_CTX_sess_set_get_cb.pod \
+! 	ssl/SSL_CTX_sessions.pod ssl/SSL_CTX_set_cipher_list.pod \
+  	ssl/SSL_CTX_set_client_CA_list.pod \
+! 	ssl/SSL_CTX_set_client_cert_cb.pod \
+! 	ssl/SSL_CTX_set_default_passwd_cb.pod ssl/SSL_CTX_set_options.pod\
+  	ssl/SSL_CTX_set_session_cache_mode.pod \
+  	ssl/SSL_CTX_set_session_id_context.pod \
+! 	ssl/SSL_CTX_set_ssl_version.pod \
+! 	ssl/SSL_CTX_set_timeout.pod ssl/SSL_CTX_set_verify.pod \
+! 	ssl/SSL_CTX_use_certificate.pod ssl/SSL_SESSION_free.pod \
+! 	ssl/SSL_SESSION_get_ex_new_index.pod \
+! 	ssl/SSL_SESSION_get_time.pod \
+! 	ssl/SSL_accept.pod ssl/SSL_clear.pod ssl/SSL_connect.pod \
+! 	ssl/SSL_do_handshake.pod \
+! 	ssl/SSL_free.pod ssl/SSL_get_ciphers.pod \
+! 	ssl/SSL_get_client_CA_list.pod ssl/SSL_get_current_cipher.pod \
+! 	ssl/SSL_get_error.pod ssl/SSL_get_ex_data_X509_STORE_CTX_idx.pod \
+  	ssl/SSL_get_ex_new_index.pod ssl/SSL_get_fd.pod \
+! 	ssl/SSL_get_peer_cert_chain.pod ssl/SSL_get_peer_certificate.pod \
+! 	ssl/SSL_get_rbio.pod ssl/SSL_get_session.pod \
+! 	ssl/SSL_get_verify_result.pod ssl/SSL_library_init.pod \
+! 	ssl/SSL_load_client_CA_file.pod ssl/SSL_new.pod ssl/SSL_pending.pod \
+! 	ssl/SSL_read.pod ssl/SSL_set_bio.pod ssl/SSL_set_fd.pod \
+! 	ssl/SSL_set_session.pod ssl/SSL_set_verify_result.pod \
+! 	ssl/SSL_shutdown.pod ssl/SSL_write.pod ssl/d2i_SSL_SESSION.pod \
+! 	ssl/ssl.pod ssl/SSL_CTX_sess_number.pod ssl/SSL_CTX_set_mode.pod \
+  	ssl/SSL_get_version.pod ssl/SSL_set_connect_state.pod \
+! 	ssl/SSL_set_shutdown.pod ssl/SSL_alert_type_string.pod \
+! 	ssl/SSL_COMP_add_compression_method.pod ssl/SSL_CTX_ctrl.pod \
+! 	ssl/SSL_CTX_set_cert_store.pod \
+! 	ssl/SSL_CTX_set_cert_verify_callback.pod \
+! 	ssl/SSL_CTX_set_info_callback.pod ssl/SSL_CTX_set_quiet_shutdown.pod \
+! 	ssl/SSL_CTX_set_tmp_dh_callback.pod \
+! 	ssl/SSL_CTX_set_tmp_rsa_callback.pod ssl/SSL_get_default_timeout.pod \
+! 	ssl/SSL_get_SSL_CTX.pod ssl/SSL_rstate_string.pod \
+! 	ssl/SSL_session_reused.pod ssl/SSL_state_string.pod \
+! 	ssl/SSL_want.pod
+! 
+! POD5+=	apps/config.pod
+  
+  .if defined(WANT_OPENSSL_MANPAGES)
+! .for section in 1 3 5
+  .for pod in ${POD${section}}
+  .for target in ${pod:T:S/.pod/.${section}/g}
+  MAN+= ${target}
diff --git a/share/security/patches/SA-03:02/openssl46.patch.asc b/share/security/patches/SA-03:02/openssl46.patch.asc
new file mode 100644
index 0000000000..8a9e4db5a5
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl46.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+WtwvFdaIBMps37IRAvvVAJ9hw7X2kcrl7YiffHCEMT6R8Sd0QQCfTsK7
+M2FeMvOr/Mf0L7sw7ZaNPjU=
+=AGNM
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl46.patch.gz b/share/security/patches/SA-03:02/openssl46.patch.gz
new file mode 100644
index 0000000000..965820349e
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl46.patch.gz
diff --git a/share/security/patches/SA-03:02/openssl46.patch.gz.asc b/share/security/patches/SA-03:02/openssl46.patch.gz.asc
new file mode 100644
index 0000000000..f13f8d3eb6
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl46.patch.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+YBHAFdaIBMps37IRAjgbAJ9rZSIqxMZdBTALCAV39N5TRory5wCfd6ss
+IDVR4z/L6BvNdErt9K9bv28=
+=tXMz
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl462.patch b/share/security/patches/SA-03:02/openssl462.patch
new file mode 100644
index 0000000000..22072fb89a
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl462.patch
@@ -0,0 +1,11505 @@
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/CHANGES ../RELENG_4_6/crypto/openssl/CHANGES
+*** crypto/openssl/CHANGES	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/CHANGES	Fri Feb 21 11:32:47 2003
+***************
+*** 2,9 ****
+--- 2,115 ----
+   OpenSSL CHANGES
+   _______________
+  
++  Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
++ 
++   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
++      via timing by performing a MAC computation even if incorrrect
++      block cipher padding has been found.  This is a countermeasure
++      against active attacks where the attacker has to distinguish
++      between bad padding and a MAC verification error. (CAN-2003-0078)
++ 
++      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
++      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
++      Martin Vuagnoux (EPFL, Ilion)]
++ 
++  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
++ 
++   *) New function OPENSSL_cleanse(), which is used to cleanse a section of
++      memory from it's contents.  This is done with a counter that will
++      place alternating values in each byte.  This can be used to solve
++      two issues: 1) the removal of calls to memset() by highly optimizing
++      compilers, and 2) cleansing with other values than 0, since those can
++      be read through on certain media, for example a swap space on disk.
++      [Geoff Thorpe]
++ 
++   *) Bugfix: client side session caching did not work with external caching,
++      because the session->cipher setting was not restored when reloading
++      from the external cache. This problem was masked, when
++      SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
++      (Found by Steve Haslam <steve@araqnid.ddts.net>.)
++      [Lutz Jaenicke]
++ 
++   *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
++      length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
++      [Zeev Lieber <zeev-l@yahoo.com>]
++ 
++   *) Undo an undocumented change introduced in 0.9.6e which caused
++      repeated calls to OpenSSL_add_all_ciphers() and 
++      OpenSSL_add_all_digests() to be ignored, even after calling
++      EVP_cleanup().
++      [Richard Levitte]
++ 
++   *) Change the default configuration reader to deal with last line not
++      being properly terminated.
++      [Richard Levitte]
++ 
++   *) Change X509_NAME_cmp() so it applies the special rules on handling
++      DN values that are of type PrintableString, as well as RDNs of type
++      emailAddress where the value has the type ia5String.
++      [stefank@valicert.com via Richard Levitte]
++ 
++   *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
++      the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
++      doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
++      the bitwise-OR of the two for use by the majority of applications
++      wanting this behaviour, and update the docs. The documented
++      behaviour and actual behaviour were inconsistent and had been
++      changing anyway, so this is more a bug-fix than a behavioural
++      change.
++      [Geoff Thorpe, diagnosed by Nadav Har'El]
++ 
++   *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
++      (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
++      [Bodo Moeller]
++ 
++   *) Fix initialization code race conditions in
++         SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
++         SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
++         SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
++         TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
++         ssl2_get_cipher_by_char(),
++         ssl3_get_cipher_by_char().
++      [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
++ 
++   *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
++      the cached sessions are flushed, as the remove_cb() might use ex_data
++      contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
++      (see [openssl.org #212]).
++      [Geoff Thorpe, Lutz Jaenicke]
++ 
++   *) Fix typo in OBJ_txt2obj which incorrectly passed the content
++      length, instead of the encoding length to d2i_ASN1_OBJECT.
++      [Steve Henson]
++ 
++  Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
++ 
++   *) [In 0.9.6g-engine release:]
++      Fix crypto/engine/vendor_defns/cswift.h for WIN32 (use '_stdcall').
++      [Lynn Gazis <lgazis@rainbow.com>]
++ 
++  Changes between 0.9.6e and 0.9.6f  [8 Aug 2002]
++ 
++   *) Fix ASN1 checks. Check for overflow by comparing with LONG_MAX
++      and get fix the header length calculation.
++      [Florian Weimer <Weimer@CERT.Uni-Stuttgart.DE>,
++ 	Alon Kantor <alonk@checkpoint.com> (and others),
++ 	Steve Henson]
++ 
++   *) Use proper error handling instead of 'assertions' in buffer
++      overflow checks added in 0.9.6e.  This prevents DoS (the
++      assertions could call abort()).
++      [Arne Ansper <arne@ats.cyber.ee>, Bodo Moeller]
++ 
+   Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
+  
++   *) Add various sanity checks to asn1_get_length() to reject
++      the ASN1 length bytes if they exceed sizeof(long), will appear
++      negative or the content length exceeds the length of the
++      supplied buffer.
++      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
++ 
+    *) Fix cipher selection routines: ciphers without encryption had no flags
+       for the cipher strength set and where therefore not handled correctly
+       by the selection routines (PR #130).
+***************
+*** 35,41 ****
+    *) Add various sanity checks to asn1_get_length() to reject
+       the ASN1 length bytes if they exceed sizeof(long), will appear
+       negative or the content length exceeds the length of the
+!      supplied buffer.
+       [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+  
+    *) Assertions for various potential buffer overflows, not known to
+--- 141,147 ----
+    *) Add various sanity checks to asn1_get_length() to reject
+       the ASN1 length bytes if they exceed sizeof(long), will appear
+       negative or the content length exceeds the length of the
+!      supplied buffer. (CAN-2002-0659)
+       [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+  
+    *) Assertions for various potential buffer overflows, not known to
+***************
+*** 140,147 ****
+       value is 0.
+       [Richard Levitte]
+  
+!   *) [In 0.9.6c-engine release:]
+!      Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
+       [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+  
+    *) Add the configuration target linux-s390x.
+--- 246,253 ----
+       value is 0.
+       [Richard Levitte]
+  
+!   *) [In 0.9.6d-engine release:]
+!      Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+       [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+  
+    *) Add the configuration target linux-s390x.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Configure ../RELENG_4_6/crypto/openssl/Configure
+*** crypto/openssl/Configure	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/Configure	Fri Feb 21 11:32:47 2003
+***************
+*** 122,128 ****
+  "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
+  "dist",		"cc:-O::(unknown):::::",
+  
+  # Basic configs that should work on any (32 and less bit) box
+--- 122,128 ----
+  "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "dist",		"cc:-O::(unknown):::::",
+  
+  # Basic configs that should work on any (32 and less bit) box
+***************
+*** 344,351 ****
+  "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+  "linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+! "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+! "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::SIXTY_FOUR_BIT_LONG:::::::::::linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+--- 344,351 ----
+  "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown)::BN_LLONG:::",
+  "linux-ppc",	"gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT::BN_LLONG::",
+! "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR),\$(SHLIB_MINOR)",
+! "linux-s390x", "gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-ia64",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "NetBSD-sparc",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -mv8 -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown)::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+***************
+*** 395,401 ****
+  "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+  
+  #
+  # Cray T90 and similar (SDSC)
+--- 395,401 ----
+  "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+  
+  #
+  # Cray T90 and similar (SDSC)
+***************
+*** 477,483 ****
+  
+  # Cygwin
+  "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+  
+  # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+  "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+--- 477,483 ----
+  
+  # Cygwin
+  "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+  
+  # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+  "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+***************
+*** 495,506 ****
+--- 495,512 ----
+  "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+  "darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+  
++ ##### A/UX
++ "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
++ 
+  ##### Sony NEWS-OS 4.x
+  "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+  
+  ##### VxWorks for various targets
+  "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
+  
++ ##### Compaq Non-Stop Kernel (Tandem)
++ "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown)::THIRTY_TWO_BIT:::",
++ 
+  );
+  
+  my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
+***************
+*** 577,582 ****
+--- 583,589 ----
+  my $target;
+  my $options;
+  my $symlink;
++ my $make_depend=0;
+  
+  my @argvcopy=@ARGV;
+  my $argvstring="";
+***************
+*** 619,625 ****
+  			{ $threads=1; }
+  		elsif (/^no-shared$/)
+  			{ $no_shared=1; }
+! 		elsif (/^shared$/)
+  			{ $no_shared=0; }
+  		elsif (/^no-symlinks$/)
+  			{ $symlink=0; }
+--- 626,632 ----
+  			{ $threads=1; }
+  		elsif (/^no-shared$/)
+  			{ $no_shared=1; }
+! 		elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
+  			{ $no_shared=0; }
+  		elsif (/^no-symlinks$/)
+  			{ $symlink=0; }
+***************
+*** 1188,1198 ****
+  EOF
+  	close(OUT);
+  } else {
+! 	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
+! 		if $symlink;
+! 	### (system 'make depend') == 0 or exit $? if $depflags ne "";
+! 	# Run "make depend" manually if you want to be able to delete
+! 	# the source code files of ciphers you left out.
+  	if ( $perl =~ m@^/@) {
+  	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+--- 1195,1207 ----
+  EOF
+  	close(OUT);
+  } else {
+! 	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+! 	my $make_targets = "";
+! 	$make_targets .= " links" if $symlink;
+! 	$make_targets .= " depend" if $depflags ne "" && $make_depend;
+! 	$make_targets .= " gentests" if $symlink;
+! 	(system $make_command.$make_targets) == 0 or exit $?
+! 		if $make_targets ne "";
+  	if ( $perl =~ m@^/@) {
+  	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+***************
+*** 1202,1207 ****
+--- 1211,1225 ----
+  	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+  	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
++ 	}
++ 	if ($depflags ne "" && !$make_depend) {
++ 		print <<EOF;
++ 
++ Since you've disabled at least one algorithm, you need to do the following
++ before building:
++ 
++ 	make depend
++ EOF
+  	}	    
+  }
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/FAQ ../RELENG_4_6/crypto/openssl/FAQ
+*** crypto/openssl/FAQ	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/FAQ	Fri Feb 21 11:32:47 2003
+***************
+*** 9,14 ****
+--- 9,15 ----
+  * Where can I get a compiled version of OpenSSL?
+  * Why aren't tools like 'autoconf' and 'libtool' used?
+  * What is an 'engine' version?
++ * How do I check the authenticity of the OpenSSL distribution?
+  
+  [LEGAL] Legal questions
+  
+***************
+*** 35,40 ****
+--- 36,42 ----
+  * Why does the linker complain about undefined symbols?
+  * Why does the OpenSSL test fail with "bc: command not found"?
+  * Why does the OpenSSL test fail with "bc: 1 no implemented"?
++ * Why does the OpenSSL test fail with "bc: stack empty"?
+  * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+  * Why does the OpenSSL compilation fail with "ar: command not found"?
+  * Why does the OpenSSL compilation fail on Win32 with VC++?
+***************
+*** 61,67 ****
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.6e was released on 30 May, 2002.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+--- 63,69 ----
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.7a was released on February 19, 2003.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+***************
+*** 132,137 ****
+--- 134,152 ----
+  version 0.9.7 (not yet released) the changes were merged into the main
+  development line, so that the special release is no longer necessary.
+  
++ * How do I check the authenticity of the OpenSSL distribution?
++ 
++ We provide MD5 digests and ASC signatures of each tarball.
++ Use MD5 to check that a tarball from a mirror site is identical:
++ 
++    md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
++ 
++ You can check authenticity using pgp or gpg. You need the OpenSSL team
++ member public key used to sign it (download it from a key server). Then
++ just do:
++ 
++    pgp TARBALL.asc
++ 
+  [LEGAL] =======================================================================
+  
+  * Do I need patent licenses to use OpenSSL?
+***************
+*** 169,186 ****
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" that serves this purpose.  On other systems, applications have
+! to call the RAND_add() or RAND_seed() function with appropriate data
+! before generating keys or performing public key encryption.
+! (These functions initialize the pseudo-random number generator, PRNG.)
+! 
+! Some broken applications do not do this.  As of version 0.9.5, the
+! OpenSSL functions that need randomness report an error if the random
+! number generator has not been seeded with at least 128 bits of
+! randomness.  If this error occurs, please contact the author of the
+! application you are using.  It is likely that it never worked
+! correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+! to perform potentially insecure encryption.
+  
+  On systems without /dev/urandom and /dev/random, it is a good idea to
+  use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+--- 184,213 ----
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" (/dev/urandom or /dev/random) that serves this purpose.
+! All OpenSSL versions try to use /dev/urandom by default; starting with
+! version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
+! available.
+! 
+! On other systems, applications have to call the RAND_add() or
+! RAND_seed() function with appropriate data before generating keys or
+! performing public key encryption. (These functions initialize the
+! pseudo-random number generator, PRNG.)  Some broken applications do
+! not do this.  As of version 0.9.5, the OpenSSL functions that need
+! randomness report an error if the random number generator has not been
+! seeded with at least 128 bits of randomness.  If this error occurs and
+! is not discussed in the documentation of the application you are
+! using, please contact the author of that application; it is likely
+! that it never worked correctly.  OpenSSL 0.9.5 and later make the
+! error visible by refusing to perform potentially insecure encryption.
+! 
+! If you are using Solaris 8, you can add /dev/urandom and /dev/random
+! devices by installing patch 112438 (Sparc) or 112439 (x86), which are
+! available via the Patchfinder at <URL: http://sunsolve.sun.com>
+! (Solaris 9 includes these devices by default). For /dev/random support
+! for earlier Solaris versions, see Sun's statement at
+! <URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
+! (the SUNWski package is available in patch 105710).
+  
+  On systems without /dev/urandom and /dev/random, it is a good idea to
+  use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+***************
+*** 213,228 ****
+  provide their own configuration options to specify the entropy source,
+  please check out the documentation coming the with application.
+  
+- For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+- installing the SUNski package from Sun patch 105710-01 (Sparc) which
+- adds a /dev/random device and make sure it gets used, usually through
+- $RANDFILE.  There are probably similar patches for the other Solaris
+- versions.  An official statement from Sun with respect to /dev/random
+- support can be found at
+-   http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
+- However, be warned that /dev/random is usually a blocking device, which
+- may have some effects on OpenSSL.
+- 
+  
+  * Why do I get an "unable to write 'random state'" error message?
+  
+--- 240,245 ----
+***************
+*** 386,391 ****
+--- 403,419 ----
+  On some SCO installations or versions, bc has a bug that gets triggered
+  when you run the test suite (using "make test").  The message returned is
+  "bc: 1 not implemented".
++ 
++ The best way to deal with this is to find another implementation of bc
++ and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
++ for download instructions) can be safely used, for example.
++ 
++ 
++ * Why does the OpenSSL test fail with "bc: stack empty"?
++ 
++ On some DG/ux versions, bc seems to have a too small stack for calculations
++ that the OpenSSL bntest throws at it.  This gets triggered when you run the
++ test suite (using "make test").  The message returned is "bc: stack empty".
+  
+  The best way to deal with this is to find another implementation of bc
+  and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/INSTALL ../RELENG_4_6/crypto/openssl/INSTALL
+*** crypto/openssl/INSTALL	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/INSTALL	Fri Feb 21 11:32:47 2003
+***************
+*** 129,136 ****
+       standard headers).  If it is a problem with OpenSSL itself, please
+       report the problem to <openssl-bugs@openssl.org> (note that your
+       message will be recorded in the request tracker publicly readable
+!      via http://www.openssl.org/rt2.html and will be forwarded to a public
+!      mailing list). Include the output of "make report" in your message.
+       Please check out the request tracker. Maybe the bug was already
+       reported or has already been fixed.
+  
+--- 129,136 ----
+       standard headers).  If it is a problem with OpenSSL itself, please
+       report the problem to <openssl-bugs@openssl.org> (note that your
+       message will be recorded in the request tracker publicly readable
+!      via http://www.openssl.org/support/rt2.html and will be forwarded to a
+!      public mailing list). Include the output of "make report" in your message.
+       Please check out the request tracker. Maybe the bug was already
+       reported or has already been fixed.
+  
+***************
+*** 151,157 ****
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+       "make report" in order to be added to the request tracker at
+!      http://www.openssl.org/rt2.html.
+  
+    4. If everything tests ok, install OpenSSL with
+  
+--- 151,157 ----
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+       "make report" in order to be added to the request tracker at
+!      http://www.openssl.org/support/rt2.html.
+  
+    4. If everything tests ok, install OpenSSL with
+  
+***************
+*** 285,287 ****
+--- 285,299 ----
+   targets for shared library creation, like linux-shared.  Those targets
+   can currently be used on their own just as well, but this is expected
+   to change in future versions of OpenSSL.
++ 
++  Note on random number generation
++  --------------------------------
++ 
++  Availability of cryptographically secure random numbers is required for
++  secret key generation. OpenSSL provides several options to seed the
++  internal PRNG. If not properly seeded, the internal PRNG will refuse
++  to deliver random bytes and a "PRNG not seeded error" will occur.
++  On systems without /dev/urandom (or similar) device, it may be necessary
++  to install additional support software to obtain random seed.
++  Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
++  and the FAQ for more information.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.org ../RELENG_4_6/crypto/openssl/Makefile.org
+*** crypto/openssl/Makefile.org	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/Makefile.org	Fri Feb 21 11:32:47 2003
+***************
+*** 247,253 ****
+  		for i in $(SHLIBDIRS); do \
+  			prev=lib$$i$(SHLIB_EXT); \
+  			for j in $${tmp:-x}; do \
+! 				( set -x; ln -f -s $$prev lib$$i$$j ); \
+  				prev=lib$$i$$j; \
+  			done; \
+  		done; \
+--- 247,254 ----
+  		for i in $(SHLIBDIRS); do \
+  			prev=lib$$i$(SHLIB_EXT); \
+  			for j in $${tmp:-x}; do \
+! 				( set -x; \
+! 				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
+  				prev=lib$$i$$j; \
+  			done; \
+  		done; \
+***************
+*** 269,277 ****
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	collect2=`gcc -print-prog-name=collect2 2>&1` && \
+! 	[ -n "$$collect2" ] && \
+! 	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+--- 270,276 ----
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+***************
+*** 528,533 ****
+--- 527,536 ----
+  	fi; \
+  	done;
+  
++ gentests:
++ 	@(cd test && echo "generating dummy tests (if needed)..." && \
++ 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
++ 
+  dclean:
+  	rm -f *.bak
+  	@for i in $(DIRS) ;\
+***************
+*** 609,614 ****
+--- 612,620 ----
+  # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+  # tar does not support the --files-from option.
+  tar:
++ 	find . -type d -print | xargs chmod 755
++ 	find . -type f -print | xargs chmod a+r
++ 	find . -type f -perm -0100 -print | xargs chmod a+x
+  	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+  	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+  	tardy --user_number=0  --user_name=openssl \
+***************
+*** 651,659 ****
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+--- 657,666 ----
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+***************
+*** 663,682 ****
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+  		(	here="`pwd`"; \
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			make -f $$here/Makefile link-shared ); \
+  	fi
+  
+  install_docs:
+--- 670,693 ----
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+  		(	here="`pwd`"; \
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			set $(MAKE); \
+! 			$$1 -f $$here/Makefile link-shared ); \
+  	fi
+  
+  install_docs:
+***************
+*** 685,706 ****
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+! 	done
+! 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+--- 696,718 ----
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+! 	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+! 	done; \
+! 	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.ssl ../RELENG_4_6/crypto/openssl/Makefile.ssl
+*** crypto/openssl/Makefile.ssl	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/Makefile.ssl	Fri Feb 21 11:32:47 2003
+***************
+*** 4,26 ****
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.6e
+  MAJOR=0
+  MINOR=9.6
+  SHLIB_VERSION_NUMBER=0.9.6
+  SHLIB_VERSION_HISTORY=
+  SHLIB_MAJOR=0
+  SHLIB_MINOR=9.6
+! SHLIB_EXT=
+! PLATFORM=dist
+! OPTIONS=
+! CONFIGURE_ARGS=dist
+! SHLIB_TARGET=
+  
+  # INSTALL_PREFIX is for package builders so that they can configure
+  # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+  # Normally it is left empty.
+! INSTALL_PREFIX=/home/nectar/SSL
+  INSTALLTOP=/usr/local/ssl
+  
+  # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+--- 4,26 ----
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.6i
+  MAJOR=0
+  MINOR=9.6
+  SHLIB_VERSION_NUMBER=0.9.6
+  SHLIB_VERSION_HISTORY=
+  SHLIB_MAJOR=0
+  SHLIB_MINOR=9.6
+! SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+! PLATFORM=FreeBSD-elf
+! OPTIONS=386
+! CONFIGURE_ARGS=FreeBSD-elf 386
+! SHLIB_TARGET=bsd-gcc-shared
+  
+  # INSTALL_PREFIX is for package builders so that they can configure
+  # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+  # Normally it is left empty.
+! INSTALL_PREFIX=/var/tmp/ssl
+  INSTALLTOP=/usr/local/ssl
+  
+  # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+***************
+*** 55,63 ****
+  # equal 4.
+  # PKCS1_CHECK - pkcs1 tests.
+  
+! CC= cc
+  #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+! CFLAG= -O
+  DEPFLAG= 
+  PEX_LIBS= 
+  EX_LIBS= 
+--- 55,63 ----
+  # equal 4.
+  # PKCS1_CHECK - pkcs1 tests.
+  
+! CC= gcc
+  #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+! CFLAG= -fPIC -DTHREADS -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+  DEPFLAG= 
+  PEX_LIBS= 
+  EX_LIBS= 
+***************
+*** 69,75 ****
+  TARFLAGS= --no-recursion
+  
+  # Set BN_ASM to bn_asm.o if you want to use the C version
+! BN_ASM= bn_asm.o
+  #BN_ASM= bn_asm.o
+  #BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+  #BN_ASM= asm/bn86-sol.o # solaris
+--- 69,75 ----
+  TARFLAGS= --no-recursion
+  
+  # Set BN_ASM to bn_asm.o if you want to use the C version
+! BN_ASM= asm/bn86-elf.o asm/co86-elf.o
+  #BN_ASM= bn_asm.o
+  #BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+  #BN_ASM= asm/bn86-sol.o # solaris
+***************
+*** 85,95 ****
+  
+  # For x86 assembler: Set PROCESSOR to 386 if you want to support
+  # the 80386.
+! PROCESSOR= 
+  
+  # Set DES_ENC to des_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! DES_ENC= des_enc.o fcrypt_b.o
+  #DES_ENC= des_enc.o fcrypt_b.o          # C
+  #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+  #DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+--- 85,95 ----
+  
+  # For x86 assembler: Set PROCESSOR to 386 if you want to support
+  # the 80386.
+! PROCESSOR= 386
+  
+  # Set DES_ENC to des_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! DES_ENC= asm/dx86-elf.o asm/yx86-elf.o
+  #DES_ENC= des_enc.o fcrypt_b.o          # C
+  #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+  #DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+***************
+*** 98,104 ****
+  
+  # Set BF_ENC to bf_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! BF_ENC= bf_enc.o
+  #BF_ENC= bf_enc.o
+  #BF_ENC= asm/bx86-elf.o # elf
+  #BF_ENC= asm/bx86-sol.o # solaris
+--- 98,104 ----
+  
+  # Set BF_ENC to bf_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! BF_ENC= asm/bx86-elf.o
+  #BF_ENC= bf_enc.o
+  #BF_ENC= asm/bx86-elf.o # elf
+  #BF_ENC= asm/bx86-sol.o # solaris
+***************
+*** 107,113 ****
+  
+  # Set CAST_ENC to c_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! CAST_ENC= c_enc.o
+  #CAST_ENC= c_enc.o
+  #CAST_ENC= asm/cx86-elf.o # elf
+  #CAST_ENC= asm/cx86-sol.o # solaris
+--- 107,113 ----
+  
+  # Set CAST_ENC to c_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! CAST_ENC= asm/cx86-elf.o
+  #CAST_ENC= c_enc.o
+  #CAST_ENC= asm/cx86-elf.o # elf
+  #CAST_ENC= asm/cx86-sol.o # solaris
+***************
+*** 116,122 ****
+  
+  # Set RC4_ENC to rc4_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC4_ENC= rc4_enc.o
+  #RC4_ENC= rc4_enc.o
+  #RC4_ENC= asm/rx86-elf.o # elf
+  #RC4_ENC= asm/rx86-sol.o # solaris
+--- 116,122 ----
+  
+  # Set RC4_ENC to rc4_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC4_ENC= asm/rx86-elf.o
+  #RC4_ENC= rc4_enc.o
+  #RC4_ENC= asm/rx86-elf.o # elf
+  #RC4_ENC= asm/rx86-sol.o # solaris
+***************
+*** 125,131 ****
+  
+  # Set RC5_ENC to rc5_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC5_ENC= rc5_enc.o
+  #RC5_ENC= rc5_enc.o
+  #RC5_ENC= asm/r586-elf.o # elf
+  #RC5_ENC= asm/r586-sol.o # solaris
+--- 125,131 ----
+  
+  # Set RC5_ENC to rc5_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC5_ENC= asm/r586-elf.o
+  #RC5_ENC= rc5_enc.o
+  #RC5_ENC= asm/r586-elf.o # elf
+  #RC5_ENC= asm/r586-sol.o # solaris
+***************
+*** 133,153 ****
+  #RC5_ENC= asm/r586bsdi.o # bsdi
+  
+  # Also need MD5_ASM defined
+! MD5_ASM_OBJ= 
+  #MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+  #MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+  #MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+  #MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+  
+  # Also need SHA1_ASM defined
+! SHA1_ASM_OBJ= 
+  #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+  #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+  #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+  #SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+  
+  # Also need RMD160_ASM defined
+! RMD160_ASM_OBJ= 
+  #RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+  #RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+  #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+--- 133,153 ----
+  #RC5_ENC= asm/r586bsdi.o # bsdi
+  
+  # Also need MD5_ASM defined
+! MD5_ASM_OBJ= asm/mx86-elf.o
+  #MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+  #MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+  #MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+  #MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+  
+  # Also need SHA1_ASM defined
+! SHA1_ASM_OBJ= asm/sx86-elf.o
+  #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+  #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+  #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+  #SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+  
+  # Also need RMD160_ASM defined
+! RMD160_ASM_OBJ= asm/rm86-elf.o
+  #RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+  #RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+  #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+***************
+*** 184,190 ****
+  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+  SHARED_SSL=libssl$(SHLIB_EXT)
+  SHARED_LIBS=
+! SHARED_LIBS_LINK_EXTS=
+  SHARED_LDFLAGS=
+  
+  GENERAL=        Makefile
+--- 184,190 ----
+  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+  SHARED_SSL=libssl$(SHLIB_EXT)
+  SHARED_LIBS=
+! SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
+  SHARED_LDFLAGS=
+  
+  GENERAL=        Makefile
+***************
+*** 249,255 ****
+  		for i in $(SHLIBDIRS); do \
+  			prev=lib$$i$(SHLIB_EXT); \
+  			for j in $${tmp:-x}; do \
+! 				( set -x; ln -f -s $$prev lib$$i$$j ); \
+  				prev=lib$$i$$j; \
+  			done; \
+  		done; \
+--- 249,256 ----
+  		for i in $(SHLIBDIRS); do \
+  			prev=lib$$i$(SHLIB_EXT); \
+  			for j in $${tmp:-x}; do \
+! 				( set -x; \
+! 				rm -f lib$$i$$j; ln -s $$prev lib$$i$$j ); \
+  				prev=lib$$i$$j; \
+  			done; \
+  		done; \
+***************
+*** 271,279 ****
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	collect2=`gcc -print-prog-name=collect2 2>&1` && \
+! 	[ -n "$$collect2" ] && \
+! 	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+--- 272,278 ----
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+***************
+*** 530,535 ****
+--- 529,538 ----
+  	fi; \
+  	done;
+  
++ gentests:
++ 	@(cd test && echo "generating dummy tests (if needed)..." && \
++ 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
++ 
+  dclean:
+  	rm -f *.bak
+  	@for i in $(DIRS) ;\
+***************
+*** 611,616 ****
+--- 614,622 ----
+  # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+  # tar does not support the --files-from option.
+  tar:
++ 	find . -type d -print | xargs chmod 755
++ 	find . -type f -print | xargs chmod a+r
++ 	find . -type f -perm -0100 -print | xargs chmod a+x
+  	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+  	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+  	tardy --user_number=0  --user_name=openssl \
+***************
+*** 653,661 ****
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+--- 659,668 ----
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+***************
+*** 665,684 ****
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+  		(	here="`pwd`"; \
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			make -f $$here/Makefile link-shared ); \
+  	fi
+  
+  install_docs:
+--- 672,695 ----
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+  		(	here="`pwd`"; \
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			set $(MAKE); \
+! 			$$1 -f $$here/Makefile link-shared ); \
+  	fi
+  
+  install_docs:
+***************
+*** 687,708 ****
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+! 	done
+! 	@for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) `cd ../../util; ./pod2mantest ignore` \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+--- 698,720 ----
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+! 	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+! 	done; \
+! 	for i in doc/crypto/*.pod doc/ssl/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/NEWS ../RELENG_4_6/crypto/openssl/NEWS
+*** crypto/openssl/NEWS	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/NEWS	Fri Feb 21 11:32:47 2003
+***************
+*** 5,10 ****
+--- 5,41 ----
+    This file gives a brief overview of the major changes between each OpenSSL
+    release. For more details please read the CHANGES file.
+  
++   Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
++ 
++       o Important security related bugfixes.
++ 
++   Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
++ 
++       o New configuration targets for Tandem OSS and A/UX.
++       o New OIDs for Microsoft attributes.
++       o Better handling of SSL session caching.
++       o Better comparison of distinguished names.
++       o Better handling of shared libraries in a mixed GNU/non-GNU environment.
++       o Support assembler code with Borland C.
++       o Fixes for length problems.
++       o Fixes for uninitialised variables.
++       o Fixes for memory leaks, some unusual crashes and some race conditions.
++       o Fixes for smaller building problems.
++       o Updates of manuals, FAQ and other instructive documents.
++ 
++   Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
++ 
++       o Important building fixes on Unix.
++ 
++   Major changes between OpenSSL 0.9.6e and OpenSSL 0.9.6f:
++ 
++       o Various important bugfixes.
++ 
++   Major changes between OpenSSL 0.9.6d and OpenSSL 0.9.6e:
++ 
++       o Important security related bugfixes.
++       o Various SSL/TLS library bugfixes.
++ 
+    Major changes between OpenSSL 0.9.6c and OpenSSL 0.9.6d:
+  
+        o Various SSL/TLS library bugfixes.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/README ../RELENG_4_6/crypto/openssl/README
+*** crypto/openssl/README	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/README	Fri Feb 21 11:32:47 2003
+***************
+*** 1,7 ****
+  
+!  OpenSSL 0.9.6e 30 July 2002
+  
+!  Copyright (c) 1998-2002 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+--- 1,7 ----
+  
+!  OpenSSL 0.9.6i Feb 19 2003
+  
+!  Copyright (c) 1998-2003 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/Makefile.ssl ../RELENG_4_6/crypto/openssl/apps/Makefile.ssl
+*** crypto/openssl/apps/Makefile.ssl	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/apps/Makefile.ssl	Fri Feb 21 11:32:48 2003
+***************
+*** 117,123 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 117,123 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 128,137 ****
+  	rm -f req
+  
+  $(DLIBSSL):
+! 	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(DLIBCRYPTO):
+! 	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+  	$(RM) $(PROGRAM)
+--- 128,137 ----
+  	rm -f req
+  
+  $(DLIBSSL):
+! 	(cd ..; $(MAKE) DIRS=ssl all)
+  
+  $(DLIBCRYPTO):
+! 	(cd ..; $(MAKE) DIRS=crypto all)
+  
+  $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+  	$(RM) $(PROGRAM)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.h ../RELENG_4_6/crypto/openssl/apps/apps.h
+*** crypto/openssl/apps/apps.h	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/apps.h	Fri Feb 21 11:32:48 2003
+***************
+*** 92,99 ****
+--- 92,101 ----
+  #define MAIN(a,v)	main(a,v)
+  
+  #ifndef NON_MAIN
++ LHASH *config=NULL;
+  BIO *bio_err=NULL;
+  #else
++ extern LHASH *config;
+  extern BIO *bio_err;
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/asn1pars.c ../RELENG_4_6/crypto/openssl/apps/asn1pars.c
+*** crypto/openssl/apps/asn1pars.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/asn1pars.c	Fri Feb 21 11:32:48 2003
+***************
+*** 328,333 ****
+  	if (at != NULL) ASN1_TYPE_free(at);
+  	if (osk != NULL) sk_free(osk);
+  	OBJ_cleanup();
+! 	EXIT(ret);
+  	}
+  
+--- 328,333 ----
+  	if (at != NULL) ASN1_TYPE_free(at);
+  	if (osk != NULL) sk_free(osk);
+  	OBJ_cleanup();
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ca.c ../RELENG_4_6/crypto/openssl/apps/ca.c
+*** crypto/openssl/apps/ca.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/ca.c	Fri Feb 21 11:32:48 2003
+***************
+*** 543,549 ****
+  		goto err;
+  		}
+  		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+! 		if(key) memset(key,0,strlen(key));
+  	if (pkey == NULL)
+  		{
+  		BIO_printf(bio_err,"unable to load CA private key\n");
+--- 543,549 ----
+  		goto err;
+  		}
+  		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+! 		if(key) OPENSSL_cleanse(key,strlen(key));
+  	if (pkey == NULL)
+  		{
+  		BIO_printf(bio_err,"unable to load CA private key\n");
+***************
+*** 606,617 ****
+--- 606,619 ----
+  	       that to access().  However, time's too short to do that just
+  	       now.
+              */
++ #ifndef VXWORKS
+  		if (access(outdir,R_OK|W_OK|X_OK) != 0)
+  			{
+  			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
+  			perror(outdir);
+  			goto err;
+  			}
++ #endif
+  
+  		if (stat(outdir,&sb) != 0)
+  			{
+***************
+*** 829,837 ****
+  			}
+  		if (verbose)
+  			{
+! 			if ((f=BN_bn2hex(serial)) == NULL) goto err;
+! 			BIO_printf(bio_err,"next serial number is %s\n",f);
+! 			OPENSSL_free(f);
+  			}
+  
+  		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+--- 831,844 ----
+  			}
+  		if (verbose)
+  			{
+! 			if (BN_is_zero(serial))
+! 				BIO_printf(bio_err,"next serial number is 00\n");
+! 			else
+! 				{
+! 				if ((f=BN_bn2hex(serial)) == NULL) goto err;
+! 				BIO_printf(bio_err,"next serial number is %s\n",f);
+! 				OPENSSL_free(f);
+! 				}
+  			}
+  
+  		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+***************
+*** 1275,1281 ****
+  	X509_CRL_free(crl);
+  	CONF_free(conf);
+  	OBJ_cleanup();
+! 	EXIT(ret);
+  	}
+  
+  static void lookup_fail(char *name, char *tag)
+--- 1282,1288 ----
+  	X509_CRL_free(crl);
+  	CONF_free(conf);
+  	OBJ_cleanup();
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void lookup_fail(char *name, char *tag)
+***************
+*** 1340,1346 ****
+  	ret=ASN1_INTEGER_to_BN(ai,NULL);
+  	if (ret == NULL)
+  		{
+! 		BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+  		goto err;
+  		}
+  err:
+--- 1347,1353 ----
+  	ret=ASN1_INTEGER_to_BN(ai,NULL);
+  	if (ret == NULL)
+  		{
+! 		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+  		goto err;
+  		}
+  err:
+***************
+*** 1728,1734 ****
+  		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
+  
+  	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+! 	row[DB_serial]=BN_bn2hex(serial);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+  		BIO_printf(bio_err,"Memory allocation failure\n");
+--- 1735,1744 ----
+  		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
+  
+  	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+! 	if (BN_is_zero(serial))
+! 		row[DB_serial]=BUF_strdup("00");
+! 	else
+! 		row[DB_serial]=BN_bn2hex(serial);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+  		BIO_printf(bio_err,"Memory allocation failure\n");
+***************
+*** 2142,2148 ****
+  		row[i]=NULL;
+  	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+  	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+! 	row[DB_serial]=BN_bn2hex(bn);
+  	BN_free(bn);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+--- 2152,2161 ----
+  		row[i]=NULL;
+  	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+  	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+! 	if (BN_is_zero(bn))
+! 		row[DB_serial]=BUF_strdup("00");
+! 	else
+! 		row[DB_serial]=BN_bn2hex(bn);
+  	BN_free(bn);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ciphers.c ../RELENG_4_6/crypto/openssl/apps/ciphers.c
+*** crypto/openssl/apps/ciphers.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/ciphers.c	Fri Feb 21 11:32:48 2003
+***************
+*** 202,207 ****
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+  	if (ssl != NULL) SSL_free(ssl);
+  	if (STDout != NULL) BIO_free_all(STDout);
+! 	EXIT(ret);
+  	}
+  
+--- 202,207 ----
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+  	if (ssl != NULL) SSL_free(ssl);
+  	if (STDout != NULL) BIO_free_all(STDout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl.c ../RELENG_4_6/crypto/openssl/apps/crl.c
+*** crypto/openssl/apps/crl.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/crl.c	Fri Feb 21 11:32:48 2003
+***************
+*** 364,370 ****
+  		X509_STORE_CTX_cleanup(&ctx);
+  		X509_STORE_free(store);
+  	}
+! 	EXIT(ret);
+  	}
+  
+  static X509_CRL *load_crl(char *infile, int format)
+--- 364,370 ----
+  		X509_STORE_CTX_cleanup(&ctx);
+  		X509_STORE_free(store);
+  	}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static X509_CRL *load_crl(char *infile, int format)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl2p7.c ../RELENG_4_6/crypto/openssl/apps/crl2p7.c
+*** crypto/openssl/apps/crl2p7.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/crl2p7.c	Fri Feb 21 11:32:48 2003
+***************
+*** 166,172 ****
+  		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+  		BIO_printf(bio_err,"                (can be used more than once)\n");
+  		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
+! 		EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+--- 166,172 ----
+  		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+  		BIO_printf(bio_err,"                (can be used more than once)\n");
+  		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
+! 		OPENSSL_EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+***************
+*** 278,284 ****
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (crl != NULL) X509_CRL_free(crl);
+  
+! 	EXIT(ret);
+  	}
+  
+  /*
+--- 278,284 ----
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (crl != NULL) X509_CRL_free(crl);
+  
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /*
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dgst.c ../RELENG_4_6/crypto/openssl/apps/dgst.c
+*** crypto/openssl/apps/dgst.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/dgst.c	Fri Feb 21 11:32:48 2003
+***************
+*** 327,333 ****
+  end:
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,BUFSIZE);
+  		OPENSSL_free(buf);
+  		}
+  	if (in != NULL) BIO_free(in);
+--- 327,333 ----
+  end:
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,BUFSIZE);
+  		OPENSSL_free(buf);
+  		}
+  	if (in != NULL) BIO_free(in);
+***************
+*** 335,341 ****
+  	EVP_PKEY_free(sigkey);
+  	if(sigbuf) OPENSSL_free(sigbuf);
+  	if (bmd != NULL) BIO_free(bmd);
+! 	EXIT(err);
+  	}
+  
+  void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+--- 335,341 ----
+  	EVP_PKEY_free(sigkey);
+  	if(sigbuf) OPENSSL_free(sigbuf);
+  	if (bmd != NULL) BIO_free(bmd);
+! 	OPENSSL_EXIT(err);
+  	}
+  
+  void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dh.c ../RELENG_4_6/crypto/openssl/apps/dh.c
+*** crypto/openssl/apps/dh.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/dh.c	Fri Feb 21 11:32:48 2003
+***************
+*** 319,324 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 319,324 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dhparam.c ../RELENG_4_6/crypto/openssl/apps/dhparam.c
+*** crypto/openssl/apps/dhparam.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/dhparam.c	Fri Feb 21 11:32:48 2003
+***************
+*** 506,512 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  
+  /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+--- 506,512 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsa.c ../RELENG_4_6/crypto/openssl/apps/dsa.c
+*** crypto/openssl/apps/dsa.c	Sun Nov 26 06:32:47 2000
+--- ../RELENG_4_6/crypto/openssl/apps/dsa.c	Fri Feb 21 11:32:48 2003
+***************
+*** 293,298 ****
+  	if(dsa != NULL) DSA_free(dsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 293,298 ----
+  	if(dsa != NULL) DSA_free(dsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsaparam.c ../RELENG_4_6/crypto/openssl/apps/dsaparam.c
+*** crypto/openssl/apps/dsaparam.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/dsaparam.c	Fri Feb 21 11:32:48 2003
+***************
+*** 357,363 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+--- 357,363 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/enc.c ../RELENG_4_6/crypto/openssl/apps/enc.c
+*** crypto/openssl/apps/enc.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/enc.c	Fri Feb 21 11:32:48 2003
+***************
+*** 506,514 ****
+  			 * bug picked up by
+  			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
+  			if (str == strbuf)
+! 				memset(str,0,SIZE);
+  			else
+! 				memset(str,0,strlen(str));
+  			}
+  		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+  			{
+--- 506,514 ----
+  			 * bug picked up by
+  			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
+  			if (str == strbuf)
+! 				OPENSSL_cleanse(str,SIZE);
+  			else
+! 				OPENSSL_cleanse(str,strlen(str));
+  			}
+  		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+  			{
+***************
+*** 604,610 ****
+  	if (benc != NULL) BIO_free(benc);
+  	if (b64 != NULL) BIO_free(b64);
+  	if(pass) OPENSSL_free(pass);
+! 	EXIT(ret);
+  	}
+  
+  int set_hex(char *in, unsigned char *out, int size)
+--- 604,610 ----
+  	if (benc != NULL) BIO_free(benc);
+  	if (b64 != NULL) BIO_free(b64);
+  	if(pass) OPENSSL_free(pass);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  int set_hex(char *in, unsigned char *out, int size)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/errstr.c ../RELENG_4_6/crypto/openssl/apps/errstr.c
+*** crypto/openssl/apps/errstr.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/errstr.c	Fri Feb 21 11:32:48 2003
+***************
+*** 121,125 ****
+  			ret++;
+  			}
+  		}
+! 	EXIT(ret);
+  	}
+--- 121,125 ----
+  			ret++;
+  			}
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendh.c ../RELENG_4_6/crypto/openssl/apps/gendh.c
+*** crypto/openssl/apps/gendh.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/gendh.c	Fri Feb 21 11:32:48 2003
+***************
+*** 184,190 ****
+  		ERR_print_errors(bio_err);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+--- 184,190 ----
+  		ERR_print_errors(bio_err);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendsa.c ../RELENG_4_6/crypto/openssl/apps/gendsa.c
+*** crypto/openssl/apps/gendsa.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/gendsa.c	Fri Feb 21 11:32:48 2003
+***************
+*** 220,225 ****
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 220,225 ----
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/genrsa.c ../RELENG_4_6/crypto/openssl/apps/genrsa.c
+*** crypto/openssl/apps/genrsa.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/genrsa.c	Fri Feb 21 11:32:48 2003
+***************
+*** 224,230 ****
+  	if(passout) OPENSSL_free(passout);
+  	if (ret != 0)
+  		ERR_print_errors(bio_err);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
+--- 224,230 ----
+  	if(passout) OPENSSL_free(passout);
+  	if (ret != 0)
+  		ERR_print_errors(bio_err);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/nseq.c ../RELENG_4_6/crypto/openssl/apps/nseq.c
+*** crypto/openssl/apps/nseq.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/nseq.c	Fri Feb 21 11:32:48 2003
+***************
+*** 102,108 ****
+  		BIO_printf (bio_err, "-in file  input file\n");
+  		BIO_printf (bio_err, "-out file output file\n");
+  		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+! 		EXIT(1);
+  	}
+  
+  	if (infile) {
+--- 102,108 ----
+  		BIO_printf (bio_err, "-in file  input file\n");
+  		BIO_printf (bio_err, "-out file output file\n");
+  		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+! 		OPENSSL_EXIT(1);
+  	}
+  
+  	if (infile) {
+***************
+*** 162,167 ****
+  	BIO_free_all(out);
+  	NETSCAPE_CERT_SEQUENCE_free(seq);
+  
+! 	EXIT(ret);
+  }
+  
+--- 162,167 ----
+  	BIO_free_all(out);
+  	NETSCAPE_CERT_SEQUENCE_free(seq);
+  
+! 	OPENSSL_EXIT(ret);
+  }
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/openssl.c ../RELENG_4_6/crypto/openssl/apps/openssl.c
+*** crypto/openssl/apps/openssl.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/openssl.c	Fri Feb 21 11:32:48 2003
+***************
+*** 77,87 ****
+  static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+  static LHASH *prog_init(void );
+  static int do_cmd(LHASH *prog,int argc,char *argv[]);
+- LHASH *config=NULL;
+  char *default_config_file=NULL;
+  
+  /* Make sure there is only one when MONOLITH is defined */
+  #ifdef MONOLITH
+  BIO *bio_err=NULL;
+  #endif
+  
+--- 77,87 ----
+  static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+  static LHASH *prog_init(void );
+  static int do_cmd(LHASH *prog,int argc,char *argv[]);
+  char *default_config_file=NULL;
+  
+  /* Make sure there is only one when MONOLITH is defined */
+  #ifdef MONOLITH
++ LHASH *config=NULL;
+  BIO *bio_err=NULL;
+  #endif
+  
+***************
+*** 215,221 ****
+  		BIO_free(bio_err);
+  		bio_err=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  #define LIST_STANDARD_COMMANDS "list-standard-commands"
+--- 215,221 ----
+  		BIO_free(bio_err);
+  		bio_err=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  #define LIST_STANDARD_COMMANDS "list-standard-commands"
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/passwd.c ../RELENG_4_6/crypto/openssl/apps/passwd.c
+*** crypto/openssl/apps/passwd.c	Wed Jul  4 19:19:09 2001
+--- ../RELENG_4_6/crypto/openssl/apps/passwd.c	Fri Feb 21 11:32:48 2003
+***************
+*** 284,290 ****
+  		BIO_free(in);
+  	if (out)
+  		BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+  
+  
+--- 284,290 ----
+  		BIO_free(in);
+  	if (out)
+  		BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  
+***************
+*** 498,503 ****
+  int MAIN(int argc, char **argv)
+  	{
+  	fputs("Program not available.\n", stderr)
+! 	EXIT(1);
+  	}
+  #endif
+--- 498,503 ----
+  int MAIN(int argc, char **argv)
+  	{
+  	fputs("Program not available.\n", stderr)
+! 	OPENSSL_EXIT(1);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs12.c ../RELENG_4_6/crypto/openssl/apps/pkcs12.c
+*** crypto/openssl/apps/pkcs12.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/pkcs12.c	Fri Feb 21 11:32:48 2003
+***************
+*** 480,488 ****
+  		    /* Exclude verified certificate */
+  		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
+  			sk_X509_push(certs, sk_X509_value (chain2, i));
+! 		}
+! 		sk_X509_free(chain2);
+! 		if (vret) {
+  			BIO_printf (bio_err, "Error %s getting chain.\n",
+  					X509_verify_cert_error_string(vret));
+  			goto export_end;
+--- 480,489 ----
+  		    /* Exclude verified certificate */
+  		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
+  			sk_X509_push(certs, sk_X509_value (chain2, i));
+! 		    /* Free first certificate */
+! 		    X509_free(sk_X509_value(chain2, 0));
+! 		    sk_X509_free(chain2);
+! 		} else {
+  			BIO_printf (bio_err, "Error %s getting chain.\n",
+  					X509_verify_cert_error_string(vret));
+  			goto export_end;
+***************
+*** 509,516 ****
+  	}
+  	sk_X509_pop_free(certs, X509_free);
+  	certs = NULL;
+- 	/* ucert is part of certs so it is already freed */
+- 	ucert = NULL;
+  
+  #ifdef CRYPTO_MDEBUG
+  	CRYPTO_pop_info();
+--- 510,515 ----
+***************
+*** 598,604 ****
+  	if (certs) sk_X509_pop_free(certs, X509_free);
+  	if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
+  	if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+- 	if (ucert) X509_free(ucert);
+  
+  #ifdef CRYPTO_MDEBUG
+  	CRYPTO_pop_info();
+--- 597,602 ----
+***************
+*** 668,674 ****
+      if (canames) sk_free(canames);
+      if(passin) OPENSSL_free(passin);
+      if(passout) OPENSSL_free(passout);
+!     EXIT(ret);
+  }
+  
+  int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+--- 666,672 ----
+      if (canames) sk_free(canames);
+      if(passin) OPENSSL_free(passin);
+      if(passout) OPENSSL_free(passout);
+!     OPENSSL_EXIT(ret);
+  }
+  
+  int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs7.c ../RELENG_4_6/crypto/openssl/apps/pkcs7.c
+*** crypto/openssl/apps/pkcs7.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/pkcs7.c	Fri Feb 21 11:32:48 2003
+***************
+*** 154,160 ****
+  		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+  		BIO_printf(bio_err," -text         print full details of certificates\n");
+  		BIO_printf(bio_err," -noout        don't output encoded data\n");
+! 		EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+--- 154,160 ----
+  		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+  		BIO_printf(bio_err," -text         print full details of certificates\n");
+  		BIO_printf(bio_err," -noout        don't output encoded data\n");
+! 		OPENSSL_EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+***************
+*** 289,293 ****
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+--- 289,293 ----
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs8.c ../RELENG_4_6/crypto/openssl/apps/pkcs8.c
+*** crypto/openssl/apps/pkcs8.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/pkcs8.c	Fri Feb 21 11:32:48 2003
+***************
+*** 236,242 ****
+  			if(passout) p8pass = passout;
+  			else {
+  				p8pass = pass;
+! 				EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+  			}
+  			app_RAND_load_file(NULL, bio_err, 0);
+  			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+--- 236,243 ----
+  			if(passout) p8pass = passout;
+  			else {
+  				p8pass = pass;
+! 				if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
+! 					return (1);
+  			}
+  			app_RAND_load_file(NULL, bio_err, 0);
+  			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rand.c ../RELENG_4_6/crypto/openssl/apps/rand.c
+*** crypto/openssl/apps/rand.c	Sun Nov 26 06:32:48 2000
+--- ../RELENG_4_6/crypto/openssl/apps/rand.c	Fri Feb 21 11:32:48 2003
+***************
+*** 144,148 ****
+  	ERR_print_errors(bio_err);
+  	if (out)
+  		BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+--- 144,148 ----
+  	ERR_print_errors(bio_err);
+  	if (out)
+  		BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/req.c ../RELENG_4_6/crypto/openssl/apps/req.c
+*** crypto/openssl/apps/req.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/req.c	Fri Feb 21 11:32:48 2003
+***************
+*** 422,428 ****
+  
+  	if (template != NULL)
+  		{
+! 		long errline;
+  
+  		BIO_printf(bio_err,"Using configuration from %s\n",template);
+  		req_conf=CONF_load(NULL,template,&errline);
+--- 422,428 ----
+  
+  	if (template != NULL)
+  		{
+! 		long errline = -1;
+  
+  		BIO_printf(bio_err,"Using configuration from %s\n",template);
+  		req_conf=CONF_load(NULL,template,&errline);
+***************
+*** 909,915 ****
+  #ifndef NO_DSA
+  	if (dsa_params != NULL) DSA_free(dsa_params);
+  #endif
+! 	EXIT(ex);
+  	}
+  
+  static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+--- 909,915 ----
+  #ifndef NO_DSA
+  	if (dsa_params != NULL) DSA_free(dsa_params);
+  #endif
+! 	OPENSSL_EXIT(ex);
+  	}
+  
+  static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa.c ../RELENG_4_6/crypto/openssl/apps/rsa.c
+*** crypto/openssl/apps/rsa.c	Sun Nov 26 06:32:49 2000
+--- ../RELENG_4_6/crypto/openssl/apps/rsa.c	Fri Feb 21 11:32:48 2003
+***************
+*** 389,395 ****
+  	if(rsa != NULL) RSA_free(rsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #else /* !NO_RSA */
+  
+--- 389,395 ----
+  	if(rsa != NULL) RSA_free(rsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #else /* !NO_RSA */
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_client.c ../RELENG_4_6/crypto/openssl/apps/s_client.c
+*** crypto/openssl/apps/s_client.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/s_client.c	Fri Feb 21 11:32:48 2003
+***************
+*** 768,781 ****
+  	if (con != NULL) SSL_free(con);
+  	if (con2 != NULL) SSL_free(con2);
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+! 	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
+! 	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+  	if (bio_c_out != NULL)
+  		{
+  		BIO_free(bio_c_out);
+  		bio_c_out=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  
+--- 768,781 ----
+  	if (con != NULL) SSL_free(con);
+  	if (con2 != NULL) SSL_free(con2);
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+! 	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+! 	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+  	if (bio_c_out != NULL)
+  		{
+  		BIO_free(bio_c_out);
+  		bio_c_out=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_server.c ../RELENG_4_6/crypto/openssl/apps/s_server.c
+*** crypto/openssl/apps/s_server.c	Wed Jul  4 19:19:09 2001
+--- ../RELENG_4_6/crypto/openssl/apps/s_server.c	Fri Feb 21 11:32:48 2003
+***************
+*** 253,262 ****
+  static int ebcdic_new(BIO *bi);
+  static int ebcdic_free(BIO *a);
+  static int ebcdic_read(BIO *b, char *out, int outl);
+! static int ebcdic_write(BIO *b, char *in, int inl);
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+  static int ebcdic_gets(BIO *bp, char *buf, int size);
+! static int ebcdic_puts(BIO *bp, char *str);
+  
+  #define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+  static BIO_METHOD methods_ebcdic=
+--- 253,262 ----
+  static int ebcdic_new(BIO *bi);
+  static int ebcdic_free(BIO *a);
+  static int ebcdic_read(BIO *b, char *out, int outl);
+! static int ebcdic_write(BIO *b, const char *in, int inl);
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+  static int ebcdic_gets(BIO *bp, char *buf, int size);
+! static int ebcdic_puts(BIO *bp, const char *str);
+  
+  #define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+  static BIO_METHOD methods_ebcdic=
+***************
+*** 321,327 ****
+  	return(ret);
+  }
+  
+! static int ebcdic_write(BIO *b, char *in, int inl)
+  {
+  	EBCDIC_OUTBUFF *wbuf;
+  	int ret=0;
+--- 321,327 ----
+  	return(ret);
+  }
+  
+! static int ebcdic_write(BIO *b, const char *in, int inl)
+  {
+  	EBCDIC_OUTBUFF *wbuf;
+  	int ret=0;
+***************
+*** 354,360 ****
+  	return(ret);
+  }
+  
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+  {
+  	long ret;
+  
+--- 354,360 ----
+  	return(ret);
+  }
+  
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+  {
+  	long ret;
+  
+***************
+*** 373,379 ****
+  
+  static int ebcdic_gets(BIO *bp, char *buf, int size)
+  {
+! 	int i, ret;
+  	if (bp->next_bio == NULL) return(0);
+  /*	return(BIO_gets(bp->next_bio,buf,size));*/
+  	for (i=0; i<size-1; ++i)
+--- 373,379 ----
+  
+  static int ebcdic_gets(BIO *bp, char *buf, int size)
+  {
+! 	int i, ret=0;
+  	if (bp->next_bio == NULL) return(0);
+  /*	return(BIO_gets(bp->next_bio,buf,size));*/
+  	for (i=0; i<size-1; ++i)
+***************
+*** 392,398 ****
+  	return (ret < 0 && i == 0) ? ret : i;
+  }
+  
+! static int ebcdic_puts(BIO *bp, char *str)
+  {
+  	if (bp->next_bio == NULL) return(0);
+  	return ebcdic_write(bp, str, strlen(str));
+--- 392,398 ----
+  	return (ret < 0 && i == 0) ? ret : i;
+  }
+  
+! static int ebcdic_puts(BIO *bp, const char *str)
+  {
+  	if (bp->next_bio == NULL) return(0);
+  	return ebcdic_write(bp, str, strlen(str));
+***************
+*** 741,747 ****
+  		BIO_free(bio_s_out);
+  		bio_s_out=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+--- 741,747 ----
+  		BIO_free(bio_s_out);
+  		bio_s_out=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+***************
+*** 1043,1049 ****
+  	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,bufsize);
+  		OPENSSL_free(buf);
+  		}
+  	if (ret >= 0)
+--- 1043,1049 ----
+  	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,bufsize);
+  		OPENSSL_free(buf);
+  		}
+  	if (ret >= 0)
+***************
+*** 1250,1256 ****
+  			else
+  				{
+  				BIO_printf(bio_s_out,"read R BLOCK\n");
+! #ifndef MSDOS
+  				sleep(1);
+  #endif
+  				continue;
+--- 1250,1256 ----
+  			else
+  				{
+  				BIO_printf(bio_s_out,"read R BLOCK\n");
+! #if !defined(MSDOS) && !defined(VXWORKS)
+  				sleep(1);
+  #endif
+  				continue;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_time.c ../RELENG_4_6/crypto/openssl/apps/s_time.c
+*** crypto/openssl/apps/s_time.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/s_time.c	Fri Feb 21 11:32:48 2003
+***************
+*** 116,121 ****
+--- 116,126 ----
+  #include <sys/param.h>
+  #endif
+  
++ #ifdef VXWORKS
++ #include <tickLib.h>
++ #undef SIGALRM
++ #endif
++ 
+  /* The following if from times(3) man page.  It may need to be changed
+  */
+  #ifndef HZ
+***************
+*** 461,467 ****
+  
+  	if (tm_cipher == NULL ) {
+  		fprintf( stderr, "No CIPHER specified\n" );
+! /*		EXIT(1); */
+  	}
+  
+  	if (!(perform & 1)) goto next;
+--- 466,472 ----
+  
+  	if (tm_cipher == NULL ) {
+  		fprintf( stderr, "No CIPHER specified\n" );
+! /*		OPENSSL_EXIT(1); */
+  	}
+  
+  	if (!(perform & 1)) goto next;
+***************
+*** 628,634 ****
+  		SSL_CTX_free(tm_ctx);
+  		tm_ctx=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  /***********************************************************************
+--- 633,639 ----
+  		SSL_CTX_free(tm_ctx);
+  		tm_ctx=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /***********************************************************************
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/sess_id.c ../RELENG_4_6/crypto/openssl/apps/sess_id.c
+*** crypto/openssl/apps/sess_id.c	Sun Nov 26 06:32:49 2000
+--- ../RELENG_4_6/crypto/openssl/apps/sess_id.c	Fri Feb 21 11:32:48 2003
+***************
+*** 272,278 ****
+  end:
+  	if (out != NULL) BIO_free_all(out);
+  	if (x != NULL) SSL_SESSION_free(x);
+! 	EXIT(ret);
+  	}
+  
+  static SSL_SESSION *load_sess_id(char *infile, int format)
+--- 272,278 ----
+  end:
+  	if (out != NULL) BIO_free_all(out);
+  	if (x != NULL) SSL_SESSION_free(x);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static SSL_SESSION *load_sess_id(char *infile, int format)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/speed.c ../RELENG_4_6/crypto/openssl/apps/speed.c
+*** crypto/openssl/apps/speed.c	Mon Feb 24 21:51:10 2003
+--- ../RELENG_4_6/crypto/openssl/apps/speed.c	Fri Feb 21 11:32:48 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/apps/speed.c,v 1.3.2.3.6.1 2002/07/31 02:54:40 nectar Exp $
+   */
+  
+  /* most of this code has been pilfered from my libdes speed.c program */
+--- 54,59 ----
+***************
+*** 691,697 ****
+  			BIO_printf(bio_err,"\n");
+  #endif
+  
+! #ifdef TIMES
+  			BIO_printf(bio_err,"\n");
+  			BIO_printf(bio_err,"Available options:\n");
+  			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+--- 689,695 ----
+  			BIO_printf(bio_err,"\n");
+  #endif
+  
+! #if defined(TIMES) || defined(USE_TOD)
+  			BIO_printf(bio_err,"\n");
+  			BIO_printf(bio_err,"Available options:\n");
+  			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+***************
+*** 1414,1420 ****
+  		if (dsa_key[i] != NULL)
+  			DSA_free(dsa_key[i]);
+  #endif
+! 	EXIT(mret);
+  	}
+  
+  static void print_message(char *s, long num, int length)
+--- 1412,1418 ----
+  		if (dsa_key[i] != NULL)
+  			DSA_free(dsa_key[i]);
+  #endif
+! 	OPENSSL_EXIT(mret);
+  	}
+  
+  static void print_message(char *s, long num, int length)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/spkac.c ../RELENG_4_6/crypto/openssl/apps/spkac.c
+*** crypto/openssl/apps/spkac.c	Sun Nov 26 06:32:49 2000
+--- ../RELENG_4_6/crypto/openssl/apps/spkac.c	Fri Feb 21 11:32:48 2003
+***************
+*** 288,292 ****
+  	BIO_free(key);
+  	EVP_PKEY_free(pkey);
+  	if(passin) OPENSSL_free(passin);
+! 	EXIT(ret);
+  	}
+--- 288,292 ----
+  	BIO_free(key);
+  	EVP_PKEY_free(pkey);
+  	if(passin) OPENSSL_free(passin);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/verify.c ../RELENG_4_6/crypto/openssl/apps/verify.c
+*** crypto/openssl/apps/verify.c	Sun Nov 26 06:32:50 2000
+--- ../RELENG_4_6/crypto/openssl/apps/verify.c	Fri Feb 21 11:32:48 2003
+***************
+*** 213,219 ****
+  	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+  	sk_X509_pop_free(untrusted, X509_free);
+  	sk_X509_pop_free(trusted, X509_free);
+! 	EXIT(ret);
+  	}
+  
+  static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+--- 213,219 ----
+  	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+  	sk_X509_pop_free(untrusted, X509_free);
+  	sk_X509_pop_free(trusted, X509_free);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/version.c ../RELENG_4_6/crypto/openssl/apps/version.c
+*** crypto/openssl/apps/version.c	Sun Aug 20 04:45:59 2000
+--- ../RELENG_4_6/crypto/openssl/apps/version.c	Fri Feb 21 11:32:48 2003
+***************
+*** 128,132 ****
+  		}
+  	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+  end:
+! 	EXIT(ret);
+  	}
+--- 128,132 ----
+  		}
+  	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+  end:
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/x509.c ../RELENG_4_6/crypto/openssl/apps/x509.c
+*** crypto/openssl/apps/x509.c	Mon Feb 24 21:51:11 2003
+--- ../RELENG_4_6/crypto/openssl/apps/x509.c	Fri Feb 21 11:32:48 2003
+***************
+*** 121,127 ****
+  " -CAkey arg      - set the CA key, must be PEM format\n",
+  "                   missing, it is assumed to be in the CA file.\n",
+  " -CAcreateserial - create serial number file if it does not exist\n",
+! " -CAserial       - serial file\n",
+  " -text           - print the certificate in text form\n",
+  " -C              - print out C code forms\n",
+  " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+--- 121,127 ----
+  " -CAkey arg      - set the CA key, must be PEM format\n",
+  "                   missing, it is assumed to be in the CA file.\n",
+  " -CAcreateserial - create serial number file if it does not exist\n",
+! " -CAserial arg   - serial file\n",
+  " -text           - print the certificate in text form\n",
+  " -C              - print out C code forms\n",
+  " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+***************
+*** 447,453 ****
+  
+  	if (extfile)
+  		{
+! 		long errorline;
+  		X509V3_CTX ctx2;
+  		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+  			{
+--- 447,453 ----
+  
+  	if (extfile)
+  		{
+! 		long errorline = -1;
+  		X509V3_CTX ctx2;
+  		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+  			{
+***************
+*** 961,967 ****
+  	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+  	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+  	if (passin) OPENSSL_free(passin);
+! 	EXIT(ret);
+  	}
+  
+  static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+--- 961,967 ----
+  	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+  	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+  	if (passin) OPENSSL_free(passin);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/config ../RELENG_4_6/crypto/openssl/config
+*** crypto/openssl/config	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/config	Fri Feb 21 11:32:47 2003
+***************
+*** 317,322 ****
+--- 317,326 ----
+      *CRAY*)
+         echo "j90-cray-unicos"; exit 0;
+         ;;
++ 
++     NONSTOP_KERNEL*)
++        echo "nsr-tandem-nsk"; exit 0;
++        ;;
+  esac
+  
+  #
+***************
+*** 384,389 ****
+--- 388,396 ----
+  GCCVER=`(gcc -dumpversion) 2>/dev/null`
+  if [ "$GCCVER" != "" ]; then
+    CC=gcc
++   # then strip off whatever prefix egcs prepends the number with...
++   # Hopefully, this will work for any future prefixes as well.
++   GCCVER=`echo $GCCVER | sed 's/^[a-zA-Z]*\-//'`
+    # Since gcc 3.1 gcc --version behaviour has changed.  gcc -dumpversion
+    # does give us what we want though, so we use that.  We just just the
+    # major and minor version numbers.
+***************
+*** 392,397 ****
+--- 399,405 ----
+  else
+    CC=cc
+  fi
++ GCCVER=${GCCVER:-0}
+  if [ "$SYSTEM" = "HP-UX" ];then
+    # By default gcc is a ILP32 compiler (with long long == 64).
+    GCC_BITS="32"
+***************
+*** 469,475 ****
+  	echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+  	echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	read waste < /dev/tty
+          CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+          CPU=${CPU:-0}
+          if [ $CPU -ge 5000 ]; then
+--- 477,484 ----
+  	echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+  	echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	# Do not stop if /dev/tty is unavailable
+! 	(read waste < /dev/tty) || true
+          CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+          CPU=${CPU:-0}
+          if [ $CPU -ge 5000 ]; then
+***************
+*** 524,530 ****
+  	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	#echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	#read waste < /dev/tty
+  	OUT="linux-sparcv9" ;;
+    sparc-*-linux2)
+  	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+--- 533,540 ----
+  	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	#echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	# Do not stop if /dev/tty is unavailable
+! 	#(read waste < /dev/tty) || true
+  	OUT="linux-sparcv9" ;;
+    sparc-*-linux2)
+  	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+***************
+*** 565,571 ****
+  		echo "WARNING! If you wish to build 64-bit library, then you have to"
+  		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+  		echo "         Type return if you want to continue, Ctrl-C to abort."
+! 		read waste < /dev/tty
+  	fi
+  	OUT="solaris-sparcv9-$CC" ;;
+    sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+--- 575,582 ----
+  		echo "WARNING! If you wish to build 64-bit library, then you have to"
+  		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+  		echo "         Type return if you want to continue, Ctrl-C to abort."
+! 		# Do not stop if /dev/tty is unavailable
+! 		(read waste < /dev/tty) || true
+  	fi
+  	OUT="solaris-sparcv9-$CC" ;;
+    sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+***************
+*** 626,631 ****
+--- 637,643 ----
+    *-*-cygwin) OUT="Cygwin" ;;
+    t3e-cray-unicosmk) OUT="cray-t3e" ;;
+    j90-cray-unicos) OUT="cray-j90" ;;
++   nsr-tandem-nsk) OUT="tandem-c89" ;;
+    *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+  esac
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/Makefile.ssl
+*** crypto/openssl/crypto/Makefile.ssl	Mon Feb 24 21:51:11 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/Makefile.ssl	Fri Feb 21 11:32:49 2003
+***************
+*** 34,41 ****
+  GENERAL=Makefile README crypto-lib.com install.com
+  
+  LIB= $(TOP)/libcrypto.a
+! LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+! LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+  
+  SRC= $(LIBSRC)
+  
+--- 34,41 ----
+  GENERAL=Makefile README crypto-lib.com install.com
+  
+  LIB= $(TOP)/libcrypto.a
+! LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+! LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+  
+  SRC= $(LIBSRC)
+  
+***************
+*** 129,135 ****
+  
+  depend:
+  	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+! 	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+  	@for i in $(SDIRS) ;\
+  	do \
+--- 129,135 ----
+  
+  depend:
+  	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+! 	$(MAKEDEPEND) -- $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+  	@for i in $(SDIRS) ;\
+  	do \
+***************
+*** 185,190 ****
+--- 185,193 ----
+  mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+  mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+  mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
++ mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
++ mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
++ mem_clr.o: ../include/openssl/symhacks.h
+  mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+  mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/asn1/Makefile.ssl
+*** crypto/openssl/crypto/asn1/Makefile.ssl	Mon Feb 24 21:51:12 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/Makefile.ssl	Fri Feb 21 11:32:50 2003
+***************
+*** 104,110 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 104,110 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_sign.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_sign.c
+*** crypto/openssl/crypto/asn1/a_sign.c	Mon Feb 24 21:51:12 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_sign.c	Fri Feb 21 11:32:50 2003
+***************
+*** 199,208 ****
+  	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+  	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+  err:
+! 	memset(&ctx,0,sizeof(ctx));
+  	if (buf_in != NULL)
+! 		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+  	if (buf_out != NULL)
+! 		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+  	return(outl);
+  	}
+--- 199,208 ----
+  	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+  	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+  err:
+! 	OPENSSL_cleanse(&ctx,sizeof(ctx));
+  	if (buf_in != NULL)
+! 		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+  	if (buf_out != NULL)
+! 		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+  	return(outl);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_strex.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_strex.c
+*** crypto/openssl/crypto/asn1/a_strex.c	Sun Nov 26 06:38:42 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_strex.c	Fri Feb 21 11:32:50 2003
+***************
+*** 519,525 ****
+  {
+  	ASN1_STRING stmp, *str = &stmp;
+  	int mbflag, type, ret;
+! 	if(!*out || !in) return -1;
+  	type = in->type;
+  	if((type < 0) || (type > 30)) return -1;
+  	mbflag = tag2nbyte[type];
+--- 519,525 ----
+  {
+  	ASN1_STRING stmp, *str = &stmp;
+  	int mbflag, type, ret;
+! 	if(!in) return -1;
+  	type = in->type;
+  	if((type < 0) || (type > 30)) return -1;
+  	mbflag = tag2nbyte[type];
+***************
+*** 528,533 ****
+  	stmp.data = NULL;
+  	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+  	if(ret < 0) return ret;
+! 	if(out) *out = stmp.data;
+  	return stmp.length;
+  }
+--- 528,533 ----
+  	stmp.data = NULL;
+  	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+  	if(ret < 0) return ret;
+! 	*out = stmp.data;
+  	return stmp.length;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_utctm.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_utctm.c
+*** crypto/openssl/crypto/asn1/a_utctm.c	Mon Feb 24 21:51:12 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_utctm.c	Fri Feb 21 11:32:50 2003
+***************
+*** 246,251 ****
+--- 246,253 ----
+  		ts=(struct tm *)localtime(&t);
+  		}
+  #endif
++ 	if (ts == NULL)
++ 		return(NULL);
+  	p=(char *)s->data;
+  	if ((p == NULL) || (s->length < 14))
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_verify.c ../RELENG_4_6/crypto/openssl/crypto/asn1/a_verify.c
+*** crypto/openssl/crypto/asn1/a_verify.c	Sun Nov 26 06:32:59 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/a_verify.c	Fri Feb 21 11:32:50 2003
+***************
+*** 100,106 ****
+  	EVP_VerifyInit(&ctx,type);
+  	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+  
+! 	memset(buf_in,0,(unsigned int)inl);
+  	OPENSSL_free(buf_in);
+  
+  	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+--- 100,106 ----
+  	EVP_VerifyInit(&ctx,type);
+  	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+  
+! 	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+  	OPENSSL_free(buf_in);
+  
+  	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/asn1_lib.c ../RELENG_4_6/crypto/openssl/crypto/asn1/asn1_lib.c
+*** crypto/openssl/crypto/asn1/asn1_lib.c	Mon Feb 24 21:51:12 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/asn1_lib.c	Fri Feb 21 11:32:50 2003
+***************
+*** 57,62 ****
+--- 57,63 ----
+   */
+  
+  #include <stdio.h>
++ #include <limits.h>
+  #include "cryptlib.h"
+  #include <openssl/asn1.h>
+  #include <openssl/asn1_mac.h>
+***************
+*** 141,147 ****
+  static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
+  	{
+  	unsigned char *p= *pp;
+! 	long ret=0;
+  	int i;
+  
+  	if (max-- < 1) return(0);
+--- 142,148 ----
+  static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max)
+  	{
+  	unsigned char *p= *pp;
+! 	unsigned long ret=0;
+  	int i;
+  
+  	if (max-- < 1) return(0);
+***************
+*** 170,179 ****
+  		else
+  			ret=i;
+  		}
+! 	if (ret < 0)
+  		return 0;
+  	*pp=p;
+! 	*rl=ret;
+  	return(1);
+  	}
+  
+--- 171,180 ----
+  		else
+  			ret=i;
+  		}
+! 	if (ret > LONG_MAX)
+  		return 0;
+  	*pp=p;
+! 	*rl=(long)ret;
+  	return(1);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/n_pkey.c ../RELENG_4_6/crypto/openssl/crypto/asn1/n_pkey.c
+*** crypto/openssl/crypto/asn1/n_pkey.c	Sun Nov 26 06:33:00 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/n_pkey.c	Fri Feb 21 11:32:50 2003
+***************
+*** 181,187 ****
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	memset(buf,0,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+--- 181,187 ----
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	OPENSSL_cleanse(buf,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+***************
+*** 292,298 ****
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	memset(buf,0,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+--- 292,298 ----
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	OPENSSL_cleanse(buf,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/p8_pkey.c ../RELENG_4_6/crypto/openssl/crypto/asn1/p8_pkey.c
+*** crypto/openssl/crypto/asn1/p8_pkey.c	Sun Nov 26 06:33:01 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/asn1/p8_pkey.c	Fri Feb 21 11:32:50 2003
+***************
+*** 119,126 ****
+  	X509_ALGOR_free(a->pkeyalg);
+  	/* Clear sensitive data */
+  	if (a->pkey->value.octet_string)
+! 		memset (a->pkey->value.octet_string->data,
+! 				 0, a->pkey->value.octet_string->length);
+  	ASN1_TYPE_free (a->pkey);
+  	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+  	OPENSSL_free (a);
+--- 119,126 ----
+  	X509_ALGOR_free(a->pkeyalg);
+  	/* Clear sensitive data */
+  	if (a->pkey->value.octet_string)
+! 		OPENSSL_cleanse(a->pkey->value.octet_string->data,
+! 				a->pkey->value.octet_string->length);
+  	ASN1_TYPE_free (a->pkey);
+  	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+  	OPENSSL_free (a);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/bf/Makefile.ssl
+*** crypto/openssl/crypto/bf/Makefile.ssl	Wed Jul  4 19:19:13 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bf/Makefile.ssl	Fri Feb 21 11:32:50 2003
+***************
+*** 96,102 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 96,102 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/bftest.c ../RELENG_4_6/crypto/openssl/crypto/bf/bftest.c
+*** crypto/openssl/crypto/bf/bftest.c	Sun Nov 26 06:33:09 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bf/bftest.c	Fri Feb 21 11:32:50 2003
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_BF
+  int main(int argc, char *argv[])
+  {
+***************
+*** 275,281 ****
+  	else
+  		ret=test();
+  
+! 	exit(ret);
+  	return(0);
+  	}
+  
+--- 277,283 ----
+  	else
+  		ret=test();
+  
+! 	EXIT(ret);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/bio/Makefile.ssl
+*** crypto/openssl/crypto/bio/Makefile.ssl	Mon Feb 24 21:51:12 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/Makefile.ssl	Fri Feb 21 11:32:50 2003
+***************
+*** 78,84 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 78,84 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/b_print.c ../RELENG_4_6/crypto/openssl/crypto/bio/b_print.c
+*** crypto/openssl/crypto/bio/b_print.c	Mon Feb 24 21:51:12 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/b_print.c	Fri Feb 21 11:32:50 2003
+***************
+*** 109,115 ****
+   * o ...                                       (for OpenSSL)
+   */
+  
+! #if HAVE_LONG_DOUBLE
+  #define LDOUBLE long double
+  #else
+  #define LDOUBLE double
+--- 109,115 ----
+   * o ...                                       (for OpenSSL)
+   */
+  
+! #ifdef HAVE_LONG_DOUBLE
+  #define LDOUBLE long double
+  #else
+  #define LDOUBLE double
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bio.h ../RELENG_4_6/crypto/openssl/crypto/bio/bio.h
+*** crypto/openssl/crypto/bio/bio.h	Mon Feb 24 21:51:12 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/bio/bio.h	Fri Feb 21 11:32:50 2003
+***************
+*** 241,247 ****
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_fat *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+--- 241,247 ----
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_far *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/bn/Makefile.ssl
+*** crypto/openssl/crypto/bn/Makefile.ssl	Mon Feb 24 21:51:13 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/Makefile.ssl	Fri Feb 21 11:32:50 2003
+***************
+*** 159,165 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 159,165 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn.h ../RELENG_4_6/crypto/openssl/crypto/bn/bn.h
+*** crypto/openssl/crypto/bn/bn.h	Mon Feb 24 21:51:13 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn.h	Fri Feb 21 11:32:50 2003
+***************
+*** 155,161 ****
+  #define BN_BYTES	4
+  #define BN_BITS2	32
+  #define BN_BITS4	16
+! #ifdef _MSC_VER
+  /* VC++ doesn't like the LL suffix */
+  #define BN_MASK		(0xffffffffffffffffL)
+  #else
+--- 155,161 ----
+  #define BN_BYTES	4
+  #define BN_BITS2	32
+  #define BN_BITS4	16
+! #if defined(_MSC_VER) || defined(__BORLANDC__)
+  /* VC++ doesn't like the LL suffix */
+  #define BN_MASK		(0xffffffffffffffffL)
+  #else
+***************
+*** 413,419 ****
+  			  BN_CTX *ctx);
+  int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+  void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+  BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+  
+  BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+--- 413,419 ----
+  			  BN_CTX *ctx);
+  int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+  void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
+  BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+  
+  BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_lib.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_lib.c
+*** crypto/openssl/crypto/bn/bn_lib.c	Wed Jul  4 19:19:14 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_lib.c	Fri Feb 21 11:32:50 2003
+***************
+*** 263,274 ****
+  	if (a == NULL) return;
+  	if (a->d != NULL)
+  		{
+! 		memset(a->d,0,a->dmax*sizeof(a->d[0]));
+  		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+  			OPENSSL_free(a->d);
+  		}
+  	i=BN_get_flags(a,BN_FLG_MALLOCED);
+! 	memset(a,0,sizeof(BIGNUM));
+  	if (i)
+  		OPENSSL_free(a);
+  	}
+--- 263,274 ----
+  	if (a == NULL) return;
+  	if (a->d != NULL)
+  		{
+! 		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
+  		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+  			OPENSSL_free(a->d);
+  		}
+  	i=BN_get_flags(a,BN_FLG_MALLOCED);
+! 	OPENSSL_cleanse(a,sizeof(BIGNUM));
+  	if (i)
+  		OPENSSL_free(a);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_rand.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_rand.c
+*** crypto/openssl/crypto/bn/bn_rand.c	Mon Feb 24 21:51:13 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_rand.c	Fri Feb 21 11:32:50 2003
+***************
+*** 201,207 ****
+  err:
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,bytes);
+  		OPENSSL_free(buf);
+  		}
+  	return(ret);
+--- 201,207 ----
+  err:
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,bytes);
+  		OPENSSL_free(buf);
+  		}
+  	return(ret);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_word.c ../RELENG_4_6/crypto/openssl/crypto/bn/bn_word.c
+*** crypto/openssl/crypto/bn/bn_word.c	Sun Nov 26 06:33:19 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bn_word.c	Fri Feb 21 11:32:50 2003
+***************
+*** 123,129 ****
+  	i=0;
+  	for (;;)
+  		{
+! 		l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+  		a->d[i]=l;
+  		if (w > l)
+  			w=1;
+--- 123,132 ----
+  	i=0;
+  	for (;;)
+  		{
+! 		if (i >= a->top)
+! 			l=w;
+! 		else
+! 			l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+  		a->d[i]=l;
+  		if (w > l)
+  			w=1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bntest.c ../RELENG_4_6/crypto/openssl/crypto/bn/bntest.c
+*** crypto/openssl/crypto/bn/bntest.c	Wed Jul  4 19:19:14 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/bntest.c	Fri Feb 21 11:32:50 2003
+***************
+*** 139,148 ****
+  
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) exit(1);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) exit(1);
+  	if (outfile == NULL)
+  		{
+  		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+--- 139,148 ----
+  
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) EXIT(1);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) EXIT(1);
+  	if (outfile == NULL)
+  		{
+  		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+***************
+*** 152,158 ****
+  		if (!BIO_write_filename(out,outfile))
+  			{
+  			perror(outfile);
+! 			exit(1);
+  			}
+  		}
+  
+--- 152,158 ----
+  		if (!BIO_write_filename(out,outfile))
+  			{
+  			perror(outfile);
+! 			EXIT(1);
+  			}
+  		}
+  
+***************
+*** 228,241 ****
+  	BIO_free(out);
+  
+  /**/
+! 	exit(0);
+  err:
+  	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+  	                      * the failure, see test_bn in test/Makefile.ssl*/
+  	BIO_flush(out);
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	exit(1);
+  	return(1);
+  	}
+  
+--- 228,241 ----
+  	BIO_free(out);
+  
+  /**/
+! 	EXIT(0);
+  err:
+  	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+  	                      * the failure, see test_bn in test/Makefile.ssl*/
+  	BIO_flush(out);
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	EXIT(1);
+  	return(1);
+  	}
+  
+***************
+*** 746,752 ****
+  			while ((l=ERR_get_error()))
+  				fprintf(stderr,"ERROR:%s\n",
+  					ERR_error_string(l,NULL));
+! 			exit(1);
+  			}
+  		if (bp != NULL)
+  			{
+--- 746,752 ----
+  			while ((l=ERR_get_error()))
+  				fprintf(stderr,"ERROR:%s\n",
+  					ERR_error_string(l,NULL));
+! 			EXIT(1);
+  			}
+  		if (bp != NULL)
+  			{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/exptest.c ../RELENG_4_6/crypto/openssl/crypto/bn/exptest.c
+*** crypto/openssl/crypto/bn/exptest.c	Sun Aug 20 04:46:16 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/bn/exptest.c	Fri Feb 21 11:32:50 2003
+***************
+*** 59,64 ****
+--- 59,67 ----
+  #include <stdio.h>
+  #include <stdlib.h>
+  #include <string.h>
++ 
++ #include "../e_os.h"
++ 
+  #include <openssl/bio.h>
+  #include <openssl/bn.h>
+  #include <openssl/rand.h>
+***************
+*** 86,92 ****
+  	ERR_load_BN_strings();
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) exit(1);
+  	r_mont=BN_new();
+  	r_recp=BN_new();
+  	r_simple=BN_new();
+--- 89,95 ----
+  	ERR_load_BN_strings();
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) EXIT(1);
+  	r_mont=BN_new();
+  	r_recp=BN_new();
+  	r_simple=BN_new();
+***************
+*** 99,105 ****
+  
+  	out=BIO_new(BIO_s_file());
+  
+! 	if (out == NULL) exit(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	for (i=0; i<200; i++)
+--- 102,108 ----
+  
+  	out=BIO_new(BIO_s_file());
+  
+! 	if (out == NULL) EXIT(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	for (i=0; i<200; i++)
+***************
+*** 124,130 ****
+  			{
+  			printf("BN_mod_exp_mont() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+--- 127,133 ----
+  			{
+  			printf("BN_mod_exp_mont() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+***************
+*** 132,138 ****
+  			{
+  			printf("BN_mod_exp_recp() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+--- 135,141 ----
+  			{
+  			printf("BN_mod_exp_recp() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+***************
+*** 140,146 ****
+  			{
+  			printf("BN_mod_exp_simple() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		if (BN_cmp(r_simple, r_mont) == 0
+--- 143,149 ----
+  			{
+  			printf("BN_mod_exp_simple() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		if (BN_cmp(r_simple, r_mont) == 0
+***************
+*** 163,169 ****
+  			printf("\nrecp     =");	BN_print(out,r_recp);
+  			printf("\nmont     ="); BN_print(out,r_mont);
+  			printf("\n");
+! 			exit(1);
+  			}
+  		}
+  	BN_free(r_mont);
+--- 166,172 ----
+  			printf("\nrecp     =");	BN_print(out,r_recp);
+  			printf("\nmont     ="); BN_print(out,r_mont);
+  			printf("\n");
+! 			EXIT(1);
+  			}
+  		}
+  	BN_free(r_mont);
+***************
+*** 177,187 ****
+  	CRYPTO_mem_leaks(out);
+  	BIO_free(out);
+  	printf(" done\n");
+! 	exit(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors(out);
+! 	exit(1);
+  	return(1);
+  	}
+  
+--- 180,190 ----
+  	CRYPTO_mem_leaks(out);
+  	BIO_free(out);
+  	printf(" done\n");
+! 	EXIT(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors(out);
+! 	EXIT(1);
+  	return(1);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/buffer/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/buffer/Makefile.ssl
+*** crypto/openssl/crypto/buffer/Makefile.ssl	Wed Jul  4 19:19:16 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/buffer/Makefile.ssl	Fri Feb 21 11:32:51 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/cast/Makefile.ssl
+*** crypto/openssl/crypto/cast/Makefile.ssl	Wed Jul  4 19:19:16 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/cast/Makefile.ssl	Fri Feb 21 11:32:51 2003
+***************
+*** 97,103 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 97,103 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/casttest.c ../RELENG_4_6/crypto/openssl/crypto/cast/casttest.c
+*** crypto/openssl/crypto/cast/casttest.c	Sun Aug 20 04:46:18 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/cast/casttest.c	Fri Feb 21 11:32:51 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_CAST
+  int main(int argc, char *argv[])
+  {
+***************
+*** 224,230 ****
+        }
+  #endif
+  
+!     exit(err);
+      return(err);
+      }
+  #endif
+--- 226,232 ----
+        }
+  #endif
+  
+!     EXIT(err);
+      return(err);
+      }
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/comp/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/comp/Makefile.ssl
+*** crypto/openssl/crypto/comp/Makefile.ssl	Mon Feb 24 21:51:13 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/comp/Makefile.ssl	Fri Feb 21 11:32:51 2003
+***************
+*** 71,77 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 71,77 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/conf/Makefile.ssl
+*** crypto/openssl/crypto/conf/Makefile.ssl	Mon Feb 24 21:51:13 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/Makefile.ssl	Fri Feb 21 11:32:51 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_def.c ../RELENG_4_6/crypto/openssl/crypto/conf/conf_def.c
+*** crypto/openssl/crypto/conf/conf_def.c	Mon Feb 24 21:51:14 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/conf/conf_def.c	Fri Feb 21 11:32:51 2003
+***************
+*** 224,232 ****
+  	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+  
+  	bufnum=0;
+  	for (;;)
+  		{
+- 		again=0;
+  		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+  			{
+  			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+--- 224,232 ----
+  	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+  
+  	bufnum=0;
++ 	again=0;
+  	for (;;)
+  		{
+  		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+  			{
+  			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+***************
+*** 237,243 ****
+  		BIO_gets(in, p, BUFSIZE-1);
+  		p[BUFSIZE-1]='\0';
+  		ii=i=strlen(p);
+! 		if (i == 0) break;
+  		while (i > 0)
+  			{
+  			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+--- 237,244 ----
+  		BIO_gets(in, p, BUFSIZE-1);
+  		p[BUFSIZE-1]='\0';
+  		ii=i=strlen(p);
+! 		if (i == 0 && !again) break;
+! 		again=0;
+  		while (i > 0)
+  			{
+  			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+***************
+*** 247,253 ****
+  			}
+  		/* we removed some trailing stuff so there is a new
+  		 * line on the end. */
+! 		if (i == ii)
+  			again=1; /* long line */
+  		else
+  			{
+--- 248,254 ----
+  			}
+  		/* we removed some trailing stuff so there is a new
+  		 * line on the end. */
+! 		if (ii && i == ii)
+  			again=1; /* long line */
+  		else
+  			{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cryptlib.c ../RELENG_4_6/crypto/openssl/crypto/cryptlib.c
+*** crypto/openssl/crypto/cryptlib.c	Mon Feb 24 21:51:11 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/cryptlib.c	Fri Feb 21 11:32:49 2003
+***************
+*** 58,63 ****
+--- 58,64 ----
+  
+  #include <stdio.h>
+  #include <string.h>
++ #include <assert.h>
+  #include "cryptlib.h"
+  #include <openssl/crypto.h>
+  #include <openssl/safestack.h>
+***************
+*** 89,94 ****
+--- 90,96 ----
+  	"ssl_session",
+  	"ssl_sess_cert",
+  	"ssl",
++ 	/* "ssl_method", */
+  	"rand",
+  	"rand2",
+  	"debug_malloc",
+***************
+*** 204,213 ****
+  	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+  	/* If there was none, push, thereby creating a new one */
+  	if (i == -1)
+! 		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
+  	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+  
+! 	if (!i)
+  		{
+  		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+  		OPENSSL_free(pointer);
+--- 206,223 ----
+  	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+  	/* If there was none, push, thereby creating a new one */
+  	if (i == -1)
+! 		/* Since sk_push() returns the number of items on the
+! 		   stack, not the location of the pushed item, we need
+! 		   to transform the returned number into a position,
+! 		   by decreasing it.  */
+! 		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+! 	else
+! 		/* If we found a place with a NULL pointer, put our pointer
+! 		   in it.  */
+! 		sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
+  	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+  
+! 	if (i == -1)
+  		{
+  		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+  		OPENSSL_free(pointer);
+***************
+*** 399,414 ****
+  #endif
+  	if (type < 0)
+  		{
+! 		int i = -type - 1;
+! 		struct CRYPTO_dynlock_value *pointer
+! 			= CRYPTO_get_dynlock_value(i);
+! 
+! 		if (pointer && dynlock_lock_callback)
+  			{
+  			dynlock_lock_callback(mode, pointer, file, line);
+- 			}
+  
+! 		CRYPTO_destroy_dynlockid(i);
+  		}
+  	else
+  		if (locking_callback != NULL)
+--- 409,425 ----
+  #endif
+  	if (type < 0)
+  		{
+! 		if (dynlock_lock_callback != NULL)
+  			{
++ 			struct CRYPTO_dynlock_value *pointer
++ 				= CRYPTO_get_dynlock_value(type);
++ 
++ 			assert(pointer != NULL);
++ 
+  			dynlock_lock_callback(mode, pointer, file, line);
+  
+! 			CRYPTO_destroy_dynlockid(type);
+! 			}
+  		}
+  	else
+  		if (locking_callback != NULL)
+***************
+*** 459,465 ****
+  		return("dynamic");
+  	else if (type < CRYPTO_NUM_LOCKS)
+  		return(lock_names[type]);
+! 	else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
+  		return("ERROR");
+  	else
+  		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+--- 470,476 ----
+  		return("dynamic");
+  	else if (type < CRYPTO_NUM_LOCKS)
+  		return(lock_names[type]);
+! 	else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
+  		return("ERROR");
+  	else
+  		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+***************
+*** 491,501 ****
+  #endif
+  
+  #endif
+- 
+- void OpenSSLDie(const char *file,int line,const char *assertion)
+-     {
+-     fprintf(stderr,"%s(%d): OpenSSL internal error, assertion failed: %s\n",
+- 	    file,line,assertion);
+-     abort();
+-     }
+- 
+--- 502,504 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cryptlib.h ../RELENG_4_6/crypto/openssl/crypto/cryptlib.h
+*** crypto/openssl/crypto/cryptlib.h	Mon Feb 24 21:51:11 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/cryptlib.h	Fri Feb 21 11:32:49 2003
+***************
+*** 93,102 ****
+  #define DECIMAL_SIZE(type)     ((sizeof(type)*8+2)/3+1)
+  #define HEX_SIZE(type)         ((sizeof(type)*2)
+  
+- /* die if we have to */
+- void OpenSSLDie(const char *file,int line,const char *assertion);
+- #define die(e)	((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
+- 
+  #ifdef  __cplusplus
+  }
+  #endif
+--- 93,98 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/crypto.h ../RELENG_4_6/crypto/openssl/crypto/crypto.h
+*** crypto/openssl/crypto/crypto.h	Mon Feb 24 21:51:11 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/crypto.h	Fri Feb 21 11:32:49 2003
+***************
+*** 95,129 ****
+   * names in cryptlib.c
+   */
+  
+! #define	CRYPTO_LOCK_ERR			1
+! #define	CRYPTO_LOCK_ERR_HASH		2
+! #define	CRYPTO_LOCK_X509		3
+! #define	CRYPTO_LOCK_X509_INFO		4
+! #define	CRYPTO_LOCK_X509_PKEY		5
+  #define CRYPTO_LOCK_X509_CRL		6
+  #define CRYPTO_LOCK_X509_REQ		7
+  #define CRYPTO_LOCK_DSA			8
+  #define CRYPTO_LOCK_RSA			9
+  #define CRYPTO_LOCK_EVP_PKEY		10
+! #define	CRYPTO_LOCK_X509_STORE		11
+! #define	CRYPTO_LOCK_SSL_CTX		12
+! #define	CRYPTO_LOCK_SSL_CERT		13
+! #define	CRYPTO_LOCK_SSL_SESSION		14
+! #define	CRYPTO_LOCK_SSL_SESS_CERT	15
+! #define	CRYPTO_LOCK_SSL			16
+! #define	CRYPTO_LOCK_RAND		17
+! #define	CRYPTO_LOCK_RAND2		18
+! #define	CRYPTO_LOCK_MALLOC		19
+! #define	CRYPTO_LOCK_BIO			20
+! #define	CRYPTO_LOCK_GETHOSTBYNAME	21
+! #define	CRYPTO_LOCK_GETSERVBYNAME	22
+! #define	CRYPTO_LOCK_READDIR		23
+! #define	CRYPTO_LOCK_RSA_BLINDING	24
+! #define	CRYPTO_LOCK_DH			25
+! #define	CRYPTO_LOCK_MALLOC2		26
+! #define	CRYPTO_LOCK_DSO			27
+! #define	CRYPTO_LOCK_DYNLOCK		28
+! #define	CRYPTO_NUM_LOCKS		29
+  
+  #define CRYPTO_LOCK		1
+  #define CRYPTO_UNLOCK		2
+--- 95,132 ----
+   * names in cryptlib.c
+   */
+  
+! #define CRYPTO_LOCK_ERR			1
+! #define CRYPTO_LOCK_ERR_HASH		2
+! #define CRYPTO_LOCK_X509		3
+! #define CRYPTO_LOCK_X509_INFO		4
+! #define CRYPTO_LOCK_X509_PKEY		5
+  #define CRYPTO_LOCK_X509_CRL		6
+  #define CRYPTO_LOCK_X509_REQ		7
+  #define CRYPTO_LOCK_DSA			8
+  #define CRYPTO_LOCK_RSA			9
+  #define CRYPTO_LOCK_EVP_PKEY		10
+! #define CRYPTO_LOCK_X509_STORE		11
+! #define CRYPTO_LOCK_SSL_CTX		12
+! #define CRYPTO_LOCK_SSL_CERT		13
+! #define CRYPTO_LOCK_SSL_SESSION		14
+! #define CRYPTO_LOCK_SSL_SESS_CERT	15
+! #define CRYPTO_LOCK_SSL			16
+! /* for binary compatibility between 0.9.6 minor versions,
+!  * reuse an existing lock (later version use a new one): */
+! # define CRYPTO_LOCK_SSL_METHOD		CRYPTO_LOCK_SSL_CTX
+! #define CRYPTO_LOCK_RAND		17
+! #define CRYPTO_LOCK_RAND2		18
+! #define CRYPTO_LOCK_MALLOC		19
+! #define CRYPTO_LOCK_BIO			20
+! #define CRYPTO_LOCK_GETHOSTBYNAME	21
+! #define CRYPTO_LOCK_GETSERVBYNAME	22
+! #define CRYPTO_LOCK_READDIR		23
+! #define CRYPTO_LOCK_RSA_BLINDING	24
+! #define CRYPTO_LOCK_DH			25
+! #define CRYPTO_LOCK_MALLOC2		26
+! #define CRYPTO_LOCK_DSO			27
+! #define CRYPTO_LOCK_DYNLOCK		28
+! #define CRYPTO_NUM_LOCKS		29
+  
+  #define CRYPTO_LOCK		1
+  #define CRYPTO_UNLOCK		2
+***************
+*** 145,151 ****
+  #endif
+  #else
+  #define CRYPTO_w_lock(a)
+! #define	CRYPTO_w_unlock(a)
+  #define CRYPTO_r_lock(a)
+  #define CRYPTO_r_unlock(a)
+  #define CRYPTO_add(a,b,c)	((*(a))+=(b))
+--- 148,154 ----
+  #endif
+  #else
+  #define CRYPTO_w_lock(a)
+! #define CRYPTO_w_unlock(a)
+  #define CRYPTO_r_lock(a)
+  #define CRYPTO_r_unlock(a)
+  #define CRYPTO_add(a,b,c)	((*(a))+=(b))
+***************
+*** 341,346 ****
+--- 344,351 ----
+  void CRYPTO_free(void *);
+  void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
+  void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
++ 
++ void OPENSSL_cleanse(void *ptr, size_t len);
+  
+  void CRYPTO_set_mem_debug_options(long bits);
+  long CRYPTO_get_mem_debug_options(void);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.ssl
+*** crypto/openssl/crypto/des/Makefile.ssl	Wed Jul  4 19:19:18 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/des/Makefile.ssl	Fri Feb 21 11:32:51 2003
+***************
+*** 130,136 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 130,136 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 192,199 ****
+  qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+  rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+! read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+! read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
+  read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+--- 192,202 ----
+  qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+  rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+! read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+! read2pwd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+! read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! read2pwd.o: des_locl.h
+  read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+***************
+*** 206,212 ****
+  rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+  set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  set_key.o: ../../include/openssl/opensslconf.h des_locl.h
+! str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+! str2key.o: ../../include/openssl/opensslconf.h des_locl.h
+  xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+--- 209,218 ----
+  rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+  set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  set_key.o: ../../include/openssl/opensslconf.h des_locl.h
+! str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+! str2key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+! str2key.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! str2key.o: des_locl.h
+  xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des.c ../RELENG_4_6/crypto/openssl/crypto/des/des.c
+*** crypto/openssl/crypto/des/des.c	Sun Nov 26 06:33:25 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/des.c	Fri Feb 21 11:32:51 2003
+***************
+*** 86,91 ****
+--- 86,92 ----
+  #endif
+  #include <sys/stat.h>
+  #endif
++ #include <openssl/crypto.h>
+  #include <openssl/des.h>
+  #include <openssl/rand.h>
+  
+***************
+*** 423,429 ****
+  				k2[i-8]=k;
+  			}
+  		des_set_key_unchecked(&k2,ks2);
+! 		memset(k2,0,sizeof(k2));
+  		}
+  	else if (longk || flag3)
+  		{
+--- 424,430 ----
+  				k2[i-8]=k;
+  			}
+  		des_set_key_unchecked(&k2,ks2);
+! 		OPENSSL_cleanse(k2,sizeof(k2));
+  		}
+  	else if (longk || flag3)
+  		{
+***************
+*** 431,437 ****
+  			{
+  			des_string_to_2keys(key,&kk,&k2);
+  			des_set_key_unchecked(&k2,ks2);
+! 			memset(k2,0,sizeof(k2));
+  			}
+  		else
+  			des_string_to_key(key,&kk);
+--- 432,438 ----
+  			{
+  			des_string_to_2keys(key,&kk,&k2);
+  			des_set_key_unchecked(&k2,ks2);
+! 			OPENSSL_cleanse(k2,sizeof(k2));
+  			}
+  		else
+  			des_string_to_key(key,&kk);
+***************
+*** 453,460 ****
+  			}
+  
+  	des_set_key_unchecked(&kk,ks);
+! 	memset(key,0,sizeof(key));
+! 	memset(kk,0,sizeof(kk));
+  	/* woops - A bug that does not showup under unix :-( */
+  	memset(iv,0,sizeof(iv));
+  	memset(iv2,0,sizeof(iv2));
+--- 454,461 ----
+  			}
+  
+  	des_set_key_unchecked(&kk,ks);
+! 	OPENSSL_cleanse(key,sizeof(key));
+! 	OPENSSL_cleanse(kk,sizeof(kk));
+  	/* woops - A bug that does not showup under unix :-( */
+  	memset(iv,0,sizeof(iv));
+  	memset(iv2,0,sizeof(iv2));
+***************
+*** 662,679 ****
+  		if (l) fclose(CKSUM_OUT);
+  		}
+  problems:
+! 	memset(buf,0,sizeof(buf));
+! 	memset(obuf,0,sizeof(obuf));
+! 	memset(ks,0,sizeof(ks));
+! 	memset(ks2,0,sizeof(ks2));
+! 	memset(iv,0,sizeof(iv));
+! 	memset(iv2,0,sizeof(iv2));
+! 	memset(kk,0,sizeof(kk));
+! 	memset(k2,0,sizeof(k2));
+! 	memset(uubuf,0,sizeof(uubuf));
+! 	memset(b,0,sizeof(b));
+! 	memset(bb,0,sizeof(bb));
+! 	memset(cksum,0,sizeof(cksum));
+  	if (Exit) EXIT(Exit);
+  	}
+  
+--- 663,680 ----
+  		if (l) fclose(CKSUM_OUT);
+  		}
+  problems:
+! 	OPENSSL_cleanse(buf,sizeof(buf));
+! 	OPENSSL_cleanse(obuf,sizeof(obuf));
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+! 	OPENSSL_cleanse(ks2,sizeof(ks2));
+! 	OPENSSL_cleanse(iv,sizeof(iv));
+! 	OPENSSL_cleanse(iv2,sizeof(iv2));
+! 	OPENSSL_cleanse(kk,sizeof(kk));
+! 	OPENSSL_cleanse(k2,sizeof(k2));
+! 	OPENSSL_cleanse(uubuf,sizeof(uubuf));
+! 	OPENSSL_cleanse(b,sizeof(b));
+! 	OPENSSL_cleanse(bb,sizeof(bb));
+! 	OPENSSL_cleanse(cksum,sizeof(cksum));
+  	if (Exit) EXIT(Exit);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read2pwd.c ../RELENG_4_6/crypto/openssl/crypto/des/read2pwd.c
+*** crypto/openssl/crypto/des/read2pwd.c	Mon Jan 10 01:21:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/read2pwd.c	Fri Feb 21 11:32:51 2003
+***************
+*** 57,62 ****
+--- 57,63 ----
+   */
+  
+  #include "des_locl.h"
++ #include <openssl/crypto.h>
+  
+  int des_read_password(des_cblock *key, const char *prompt, int verify)
+  	{
+***************
+*** 65,72 ****
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_key(buf,key);
+! 	memset(buf,0,BUFSIZ);
+! 	memset(buff,0,BUFSIZ);
+  	return(ok);
+  	}
+  
+--- 66,73 ----
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_key(buf,key);
+! 	OPENSSL_cleanse(buf,BUFSIZ);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ok);
+  	}
+  
+***************
+*** 78,84 ****
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_2keys(buf,key1,key2);
+! 	memset(buf,0,BUFSIZ);
+! 	memset(buff,0,BUFSIZ);
+  	return(ok);
+  	}
+--- 79,85 ----
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_2keys(buf,key1,key2);
+! 	OPENSSL_cleanse(buf,BUFSIZ);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ok);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read_pwd.c ../RELENG_4_6/crypto/openssl/crypto/des/read_pwd.c
+*** crypto/openssl/crypto/des/read_pwd.c	Mon Feb 24 21:51:14 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/des/read_pwd.c	Fri Feb 21 11:32:51 2003
+***************
+*** 218,224 ****
+  	int ret;
+  
+  	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+! 	memset(buff,0,BUFSIZ);
+  	return(ret);
+  	}
+  
+--- 218,224 ----
+  	int ret;
+  
+  	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/str2key.c ../RELENG_4_6/crypto/openssl/crypto/des/str2key.c
+*** crypto/openssl/crypto/des/str2key.c	Sun Aug 20 04:46:20 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/des/str2key.c	Fri Feb 21 11:32:51 2003
+***************
+*** 56,61 ****
+--- 56,62 ----
+   * [including the GNU Public Licence.]
+   */
+  
++ #include <openssl/crypto.h>
+  #include "des_locl.h"
+  
+  void des_string_to_key(const char *str, des_cblock *key)
+***************
+*** 88,94 ****
+  	des_set_odd_parity(key);
+  	des_set_key_unchecked(key,ks);
+  	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
+! 	memset(ks,0,sizeof(ks));
+  	des_set_odd_parity(key);
+  	}
+  
+--- 89,95 ----
+  	des_set_odd_parity(key);
+  	des_set_key_unchecked(key,ks);
+  	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+  	des_set_odd_parity(key);
+  	}
+  
+***************
+*** 149,155 ****
+  	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
+  	des_set_key_unchecked(key2,ks);
+  	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
+! 	memset(ks,0,sizeof(ks));
+  	des_set_odd_parity(key1);
+  	des_set_odd_parity(key2);
+  	}
+--- 150,156 ----
+  	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
+  	des_set_key_unchecked(key2,ks);
+  	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+  	des_set_odd_parity(key1);
+  	des_set_odd_parity(key2);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/dh/Makefile.ssl
+*** crypto/openssl/crypto/dh/Makefile.ssl	Wed Jul  4 19:19:21 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/dh/Makefile.ssl	Fri Feb 21 11:32:51 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dhtest.c ../RELENG_4_6/crypto/openssl/crypto/dh/dhtest.c
+*** crypto/openssl/crypto/dh/dhtest.c	Mon Feb 24 21:51:14 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/dh/dhtest.c	Fri Feb 21 11:32:51 2003
+***************
+*** 59,64 ****
+--- 59,67 ----
+  #include <stdio.h>
+  #include <stdlib.h>
+  #include <string.h>
++ 
++ #include "../e_os.h"
++ 
+  #ifdef WINDOWS
+  #include "../bio/bss_file.c" 
+  #endif
+***************
+*** 107,113 ****
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) exit(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+--- 110,116 ----
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) EXIT(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+***************
+*** 188,194 ****
+  	if(b != NULL) DH_free(b);
+  	if(a != NULL) DH_free(a);
+  	BIO_free(out);
+! 	exit(ret);
+  	return(ret);
+  	}
+  
+--- 191,197 ----
+  	if(b != NULL) DH_free(b);
+  	if(a != NULL) DH_free(a);
+  	BIO_free(out);
+! 	EXIT(ret);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/dsa/Makefile.ssl
+*** crypto/openssl/crypto/dsa/Makefile.ssl	Wed Jul  4 19:19:22 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/dsa/Makefile.ssl	Fri Feb 21 11:32:52 2003
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsatest.c ../RELENG_4_6/crypto/openssl/crypto/dsa/dsatest.c
+*** crypto/openssl/crypto/dsa/dsatest.c	Sun Aug 20 04:46:22 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/dsa/dsatest.c	Fri Feb 21 11:32:52 2003
+***************
+*** 61,66 ****
+--- 61,69 ----
+  #include <string.h>
+  #include <sys/types.h>
+  #include <sys/stat.h>
++ 
++ #include "../e_os.h"
++ 
+  #include <openssl/crypto.h>
+  #include <openssl/rand.h>
+  #include <openssl/bio.h>
+***************
+*** 207,216 ****
+  		BIO_free(bio_err);
+  		bio_err = NULL;
+  		}
+! 	exit(!ret);
+  	return(0);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+  	{
+  	char c='*';
+--- 210,225 ----
+  		BIO_free(bio_err);
+  		bio_err = NULL;
+  		}
+! 	EXIT(!ret);
+  	return(0);
+  	}
+  
++ static int cb_exit(int ec)
++ 	{
++ 	EXIT(ec);
++ 	return(0);		/* To keep some compilers quiet */
++ 	}
++ 
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+  	{
+  	char c='*';
+***************
+*** 226,232 ****
+  	if (!ok && (p == 0) && (num > 1))
+  		{
+  		BIO_printf((BIO *)arg,"error in dsatest\n");
+! 		exit(1);
+  		}
+  	}
+  #endif
+--- 235,241 ----
+  	if (!ok && (p == 0) && (num > 1))
+  		{
+  		BIO_printf((BIO *)arg,"error in dsatest\n");
+! 		cb_exit(1);
+  		}
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dso/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/dso/Makefile.ssl
+*** crypto/openssl/crypto/dso/Makefile.ssl	Wed Jul  4 19:19:23 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/dso/Makefile.ssl	Fri Feb 21 11:32:52 2003
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/err/Makefile.ssl
+*** crypto/openssl/crypto/err/Makefile.ssl	Mon Feb 24 21:51:15 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/err/Makefile.ssl	Fri Feb 21 11:32:52 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/evp/Makefile.ssl
+*** crypto/openssl/crypto/evp/Makefile.ssl	Wed Jul  4 19:19:24 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/Makefile.ssl	Fri Feb 21 11:32:52 2003
+***************
+*** 87,93 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 87,93 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_enc.c ../RELENG_4_6/crypto/openssl/crypto/evp/bio_enc.c
+*** crypto/openssl/crypto/evp/bio_enc.c	Mon Feb 24 21:51:15 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/bio_enc.c	Fri Feb 21 11:32:52 2003
+***************
+*** 128,134 ****
+  	if (a == NULL) return(0);
+  	b=(BIO_ENC_CTX *)a->ptr;
+  	EVP_CIPHER_CTX_cleanup(&(b->cipher));
+! 	memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 128,134 ----
+  	if (a == NULL) return(0);
+  	b=(BIO_ENC_CTX *)a->ptr;
+  	EVP_CIPHER_CTX_cleanup(&(b->cipher));
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_ok.c ../RELENG_4_6/crypto/openssl/crypto/evp/bio_ok.c
+*** crypto/openssl/crypto/evp/bio_ok.c	Sun Nov 26 06:33:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/bio_ok.c	Fri Feb 21 11:32:52 2003
+***************
+*** 208,214 ****
+  static int ok_free(BIO *a)
+  	{
+  	if (a == NULL) return(0);
+! 	memset(a->ptr,0,sizeof(BIO_OK_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 208,214 ----
+  static int ok_free(BIO *a)
+  	{
+  	if (a == NULL) return(0);
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/c_allc.c ../RELENG_4_6/crypto/openssl/crypto/evp/c_allc.c
+*** crypto/openssl/crypto/evp/c_allc.c	Mon Feb 24 21:51:15 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/c_allc.c	Fri Feb 21 11:32:52 2003
+***************
+*** 64,73 ****
+  
+  void OpenSSL_add_all_ciphers(void)
+  	{
+- 	static int done=0;
+- 
+- 	if (done) return;
+- 	done=1;
+  #ifndef NO_DES
+  	EVP_add_cipher(EVP_des_cfb());
+  	EVP_add_cipher(EVP_des_ede_cfb());
+--- 64,69 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/c_alld.c ../RELENG_4_6/crypto/openssl/crypto/evp/c_alld.c
+*** crypto/openssl/crypto/evp/c_alld.c	Mon Feb 24 21:51:15 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/c_alld.c	Fri Feb 21 11:32:52 2003
+***************
+*** 64,73 ****
+  
+  void OpenSSL_add_all_digests(void)
+  	{
+- 	static int done=0;
+- 
+- 	if (done) return;
+- 	done=1;
+  #ifndef NO_MD2
+  	EVP_add_digest(EVP_md2());
+  #endif
+--- 64,69 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_idea.c ../RELENG_4_6/crypto/openssl/crypto/evp/e_idea.c
+*** crypto/openssl/crypto/evp/e_idea.c	Sun Nov 26 06:38:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/e_idea.c	Fri Feb 21 11:32:52 2003
+***************
+*** 103,109 ****
+  
+  		idea_set_encrypt_key(key,&tmp);
+  		idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+! 		memset((unsigned char *)&tmp,0,
+  				sizeof(IDEA_KEY_SCHEDULE));
+  		}
+  	return 1;
+--- 103,109 ----
+  
+  		idea_set_encrypt_key(key,&tmp);
+  		idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+! 		OPENSSL_cleanse((unsigned char *)&tmp,
+  				sizeof(IDEA_KEY_SCHEDULE));
+  		}
+  	return 1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp.h ../RELENG_4_6/crypto/openssl/crypto/evp/evp.h
+*** crypto/openssl/crypto/evp/evp.h	Mon Feb 24 21:51:15 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/evp.h	Fri Feb 21 11:32:52 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/crypto/evp/evp.h,v 1.2.2.3.6.1 2002/07/31 02:54:49 nectar Exp $
+   */
+  
+  #ifndef HEADER_ENVELOPE_H
+--- 54,59 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_key.c ../RELENG_4_6/crypto/openssl/crypto/evp/evp_key.c
+*** crypto/openssl/crypto/evp/evp_key.c	Mon Feb 24 21:51:15 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/evp_key.c	Fri Feb 21 11:32:52 2003
+***************
+*** 152,159 ****
+  			}
+  		if ((nkey == 0) && (niv == 0)) break;
+  		}
+! 	memset(&c,0,sizeof(c));
+! 	memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+  	return(type->key_len);
+  	}
+  
+--- 152,159 ----
+  			}
+  		if ((nkey == 0) && (niv == 0)) break;
+  		}
+! 	OPENSSL_cleanse(&c,sizeof(c));
+! 	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
+  	return(type->key_len);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt.c ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt.c
+*** crypto/openssl/crypto/evp/p5_crpt.c	Sun Nov 26 06:33:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt.c	Fri Feb 21 11:32:52 2003
+***************
+*** 142,149 ****
+  	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+  						 EVP_CIPHER_iv_length(cipher));
+  	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+! 	memset(md_tmp, 0, EVP_MAX_MD_SIZE);
+! 	memset(key, 0, EVP_MAX_KEY_LENGTH);
+! 	memset(iv, 0, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+--- 142,149 ----
+  	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+  						 EVP_CIPHER_iv_length(cipher));
+  	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+! 	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+! 	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+! 	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt2.c ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt2.c
+*** crypto/openssl/crypto/evp/p5_crpt2.c	Sun Nov 26 06:33:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/p5_crpt2.c	Fri Feb 21 11:32:52 2003
+***************
+*** 228,234 ****
+  	iter = ASN1_INTEGER_get(kdf->iter);
+  	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+  	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+! 	memset(key, 0, keylen);
+  	PBKDF2PARAM_free(kdf);
+  	return 1;
+  
+--- 228,234 ----
+  	iter = ASN1_INTEGER_get(kdf->iter);
+  	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+  	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+! 	OPENSSL_cleanse(key, keylen);
+  	PBKDF2PARAM_free(kdf);
+  	return 1;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p_open.c ../RELENG_4_6/crypto/openssl/crypto/evp/p_open.c
+*** crypto/openssl/crypto/evp/p_open.c	Sun Nov 26 06:33:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/evp/p_open.c	Fri Feb 21 11:32:52 2003
+***************
+*** 101,107 ****
+  
+  	ret=1;
+  err:
+! 	if (key != NULL) memset(key,0,size);
+  	OPENSSL_free(key);
+  	return(ret);
+  	}
+--- 101,107 ----
+  
+  	ret=1;
+  err:
+! 	if (key != NULL) OPENSSL_cleanse(key,size);
+  	OPENSSL_free(key);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/hmac/Makefile.ssl
+*** crypto/openssl/crypto/hmac/Makefile.ssl	Wed Jul  4 19:19:26 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/hmac/Makefile.ssl	Fri Feb 21 11:32:53 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/hmactest.c ../RELENG_4_6/crypto/openssl/crypto/hmac/hmactest.c
+*** crypto/openssl/crypto/hmac/hmactest.c	Sun Aug 20 04:46:25 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/hmac/hmactest.c	Fri Feb 21 11:32:53 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_HMAC
+  int main(int argc, char *argv[])
+  {
+***************
+*** 143,149 ****
+  		else
+  			printf("test %d ok\n",i);
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 145,151 ----
+  		else
+  			printf("test %d ok\n",i);
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/idea/Makefile.ssl
+*** crypto/openssl/crypto/idea/Makefile.ssl	Wed Jul  4 19:19:26 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/idea/Makefile.ssl	Fri Feb 21 11:32:53 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/ideatest.c ../RELENG_4_6/crypto/openssl/crypto/idea/ideatest.c
+*** crypto/openssl/crypto/idea/ideatest.c	Wed Jul  4 19:19:26 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/idea/ideatest.c	Fri Feb 21 11:32:53 2003
+***************
+*** 61,66 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_IDEA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 168,174 ****
+  	else
+  		printf("ok\n");
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 169,175 ----
+  	else
+  		printf("ok\n");
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/lhash/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/lhash/Makefile.ssl
+*** crypto/openssl/crypto/lhash/Makefile.ssl	Wed Jul  4 19:19:27 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/lhash/Makefile.ssl	Fri Feb 21 11:32:54 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/md2/Makefile.ssl
+*** crypto/openssl/crypto/md2/Makefile.ssl	Mon Feb 24 21:51:15 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/md2/Makefile.ssl	Fri Feb 21 11:32:54 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 79,86 ****
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+! md2_dgst.o: ../../include/openssl/opensslv.h
+  md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+--- 79,88 ----
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/md2.h
+! md2_dgst.o: ../../include/openssl/opensslconf.h
+! md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_dgst.c ../RELENG_4_6/crypto/openssl/crypto/md2/md2_dgst.c
+*** crypto/openssl/crypto/md2/md2_dgst.c	Sun Aug 20 04:46:28 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md2/md2_dgst.c	Fri Feb 21 11:32:54 2003
+***************
+*** 61,66 ****
+--- 61,67 ----
+  #include <string.h>
+  #include <openssl/md2.h>
+  #include <openssl/opensslv.h>
++ #include <openssl/crypto.h>
+  
+  const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
+  
+***************
+*** 194,200 ****
+  		t=(t+i)&0xff;
+  		}
+  	memcpy(sp1,state,16*sizeof(MD2_INT));
+! 	memset(state,0,48*sizeof(MD2_INT));
+  	}
+  
+  void MD2_Final(unsigned char *md, MD2_CTX *c)
+--- 195,201 ----
+  		t=(t+i)&0xff;
+  		}
+  	memcpy(sp1,state,16*sizeof(MD2_INT));
+! 	OPENSSL_cleanse(state,48*sizeof(MD2_INT));
+  	}
+  
+  void MD2_Final(unsigned char *md, MD2_CTX *c)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_one.c ../RELENG_4_6/crypto/openssl/crypto/md2/md2_one.c
+*** crypto/openssl/crypto/md2/md2_one.c	Sun Aug 20 04:46:28 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md2/md2_one.c	Fri Feb 21 11:32:54 2003
+***************
+*** 88,93 ****
+  	}
+  #endif
+  	MD2_Final(md,&c);
+! 	memset(&c,0,sizeof(c));	/* Security consideration */
+  	return(md);
+  	}
+--- 88,93 ----
+  	}
+  #endif
+  	MD2_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */
+  	return(md);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2test.c ../RELENG_4_6/crypto/openssl/crypto/md2/md2test.c
+*** crypto/openssl/crypto/md2/md2test.c	Sun Aug 20 04:46:28 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md2/md2test.c	Fri Feb 21 11:32:54 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD2
+  int main(int argc, char *argv[])
+  {
+***************
+*** 119,125 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 121,127 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md32_common.h ../RELENG_4_6/crypto/openssl/crypto/md32_common.h
+*** crypto/openssl/crypto/md32_common.h	Mon Feb 24 21:51:11 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/md32_common.h	Fri Feb 21 11:32:49 2003
+***************
+*** 602,607 ****
+  	c->num=0;
+  	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+  	 * but I'm not worried :-)
+! 	memset((void *)c,0,sizeof(HASH_CTX));
+  	 */
+  	}
+--- 602,607 ----
+  	c->num=0;
+  	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+  	 * but I'm not worried :-)
+! 	OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
+  	 */
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/md4/Makefile.ssl
+*** crypto/openssl/crypto/md4/Makefile.ssl	Wed Jul  4 19:19:28 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/md4/Makefile.ssl	Fri Feb 21 11:32:54 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 82,85 ****
+  
+  md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+  md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
+! md4_one.o: ../../include/openssl/md4.h
+--- 82,87 ----
+  
+  md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+  md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
+! md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/md4.h
+! md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4_one.c ../RELENG_4_6/crypto/openssl/crypto/md4/md4_one.c
+*** crypto/openssl/crypto/md4/md4_one.c	Sun Nov 26 06:33:40 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md4/md4_one.c	Fri Feb 21 11:32:54 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/md4.h>
++ #include <openssl/crypto.h>
+  
+  #ifdef CHARSET_EBCDIC
+  #include <openssl/ebcdic.h>
+***************
+*** 89,95 ****
+  	}
+  #endif
+  	MD4_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 90,96 ----
+  	}
+  #endif
+  	MD4_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4test.c ../RELENG_4_6/crypto/openssl/crypto/md4/md4test.c
+*** crypto/openssl/crypto/md4/md4test.c	Sun Nov 26 06:33:40 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md4/md4test.c	Fri Feb 21 11:32:54 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD4
+  int main(int argc, char *argv[])
+  {
+***************
+*** 115,121 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 117,123 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/md5/Makefile.ssl
+*** crypto/openssl/crypto/md5/Makefile.ssl	Wed Jul  4 19:19:29 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/md5/Makefile.ssl	Fri Feb 21 11:32:54 2003
+***************
+*** 118,124 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 118,124 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 131,134 ****
+  
+  md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+  md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+! md5_one.o: ../../include/openssl/md5.h
+--- 131,136 ----
+  
+  md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+  md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+! md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/md5.h
+! md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5_one.c ../RELENG_4_6/crypto/openssl/crypto/md5/md5_one.c
+*** crypto/openssl/crypto/md5/md5_one.c	Sun Aug 20 04:46:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md5/md5_one.c	Fri Feb 21 11:32:54 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/md5.h>
++ #include <openssl/crypto.h>
+  
+  #ifdef CHARSET_EBCDIC
+  #include <openssl/ebcdic.h>
+***************
+*** 89,95 ****
+  	}
+  #endif
+  	MD5_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 90,96 ----
+  	}
+  #endif
+  	MD5_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5test.c ../RELENG_4_6/crypto/openssl/crypto/md5/md5test.c
+*** crypto/openssl/crypto/md5/md5test.c	Sun Aug 20 04:46:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/md5/md5test.c	Fri Feb 21 11:32:54 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD5
+  int main(int argc, char *argv[])
+  {
+***************
+*** 115,121 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 117,123 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/mdc2/Makefile.ssl
+*** crypto/openssl/crypto/mdc2/Makefile.ssl	Wed Jul  4 19:19:29 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/mdc2/Makefile.ssl	Fri Feb 21 11:32:54 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2_one.c ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2_one.c
+*** crypto/openssl/crypto/mdc2/mdc2_one.c	Sun Aug 20 04:46:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2_one.c	Fri Feb 21 11:32:54 2003
+***************
+*** 69,75 ****
+  	MDC2_Init(&c);
+  	MDC2_Update(&c,d,n);
+          MDC2_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 69,75 ----
+  	MDC2_Init(&c);
+  	MDC2_Update(&c,d,n);
+          MDC2_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2test.c ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2test.c
+*** crypto/openssl/crypto/mdc2/mdc2test.c	Sun Aug 20 04:46:29 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/mdc2/mdc2test.c	Fri Feb 21 11:32:54 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #if defined(NO_DES) && !defined(NO_MDC2)
+  #define NO_MDC2
+  #endif
+***************
+*** 134,140 ****
+  	else
+  		printf("pad2 - ok\n");
+  
+! 	exit(ret);
+  	return(ret);
+  	}
+  #endif
+--- 136,142 ----
+  	else
+  		printf("pad2 - ok\n");
+  
+! 	EXIT(ret);
+  	return(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem.c ../RELENG_4_6/crypto/openssl/crypto/mem.c
+*** crypto/openssl/crypto/mem.c	Sun Nov 26 06:32:53 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/mem.c	Fri Feb 21 11:32:49 2003
+***************
+*** 173,178 ****
+--- 173,181 ----
+  void *CRYPTO_malloc_locked(int num, const char *file, int line)
+  	{
+  	void *ret = NULL;
++ 	extern unsigned char cleanse_ctr;
++ 
++ 	if (num < 0) return NULL;
+  
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+***************
+*** 187,192 ****
+--- 190,201 ----
+  	if (malloc_debug_func != NULL)
+  		malloc_debug_func(ret, num, file, line, 1);
+  
++         /* Create a dependency on the value of 'cleanse_ctr' so our memory
++          * sanitisation function can't be optimised out. NB: We only do
++          * this for >2Kb so the overhead doesn't bother us. */
++         if(ret && (num > 2048))
++ 		((unsigned char *)ret)[0] = cleanse_ctr;
++ 
+  	return ret;
+  	}
+  
+***************
+*** 205,210 ****
+--- 214,222 ----
+  void *CRYPTO_malloc(int num, const char *file, int line)
+  	{
+  	void *ret = NULL;
++ 	extern unsigned char cleanse_ctr;
++ 
++ 	if (num < 0) return NULL;
+  
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+***************
+*** 219,230 ****
+--- 231,253 ----
+  	if (malloc_debug_func != NULL)
+  		malloc_debug_func(ret, num, file, line, 1);
+  
++         /* Create a dependency on the value of 'cleanse_ctr' so our memory
++          * sanitisation function can't be optimised out. NB: We only do
++          * this for >2Kb so the overhead doesn't bother us. */
++         if(ret && (num > 2048))
++                 ((unsigned char *)ret)[0] = cleanse_ctr;
++ 
+  	return ret;
+  	}
+  
+  void *CRYPTO_realloc(void *str, int num, const char *file, int line)
+  	{
+  	void *ret = NULL;
++ 
++ 	if (str == NULL)
++ 		return CRYPTO_malloc(num, file, line);
++ 
++ 	if (num < 0) return NULL;
+  
+  	if (realloc_debug_func != NULL)
+  		realloc_debug_func(str, NULL, num, file, line, 0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_clr.c ../RELENG_4_6/crypto/openssl/crypto/mem_clr.c
+*** crypto/openssl/crypto/mem_clr.c	Wed Dec 31 19:00:00 1969
+--- ../RELENG_4_6/crypto/openssl/crypto/mem_clr.c	Fri Feb 21 11:32:49 2003
+***************
+*** 0 ****
+--- 1,75 ----
++ /* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
++ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
++  * project 2002.
++  */
++ /* ====================================================================
++  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
++ 
++ #include <string.h>
++ #include <openssl/crypto.h>
++ 
++ unsigned char cleanse_ctr = 0;
++ 
++ void OPENSSL_cleanse(void *ptr, size_t len)
++ 	{
++ 	unsigned char *p = ptr;
++ 	size_t loop = len;
++ 	while(loop--)
++ 		{
++ 		*(p++) = cleanse_ctr;
++ 		cleanse_ctr += (17 + (unsigned char)((int)p & 0xF));
++ 		}
++ 	if(memchr(ptr, cleanse_ctr, len))
++ 		cleanse_ctr += 63;
++ 	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_dbg.c ../RELENG_4_6/crypto/openssl/crypto/mem_dbg.c
+*** crypto/openssl/crypto/mem_dbg.c	Wed Jul  4 19:19:11 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/mem_dbg.c	Fri Feb 21 11:32:49 2003
+***************
+*** 102,107 ****
+--- 102,109 ----
+  	int references;
+  	} APP_INFO;
+  
++ static void app_info_free(APP_INFO *);
++ 
+  static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
+                            * that are at the top of their thread's stack
+                            * (with `thread' as key);
+***************
+*** 140,145 ****
+--- 142,159 ----
+                                              * thread named in disabling_thread).
+                                              */
+  
++ static void app_info_free(APP_INFO *inf)
++ 	{
++ 	if (--(inf->references) <= 0)
++ 		{
++ 		if (inf->next != NULL)
++ 			{
++ 			app_info_free(inf->next);
++ 			}
++ 		OPENSSL_free(inf);
++ 		}
++ 	}
++ 
+  int CRYPTO_mem_ctrl(int mode)
+  	{
+  	int ret=mh_mode;
+***************
+*** 496,504 ****
+  				mp->order, mp->addr, mp->num);
+  #endif
+  				if (mp->app_info != NULL)
+! 					{
+! 					mp->app_info->references--;
+! 					}
+  				OPENSSL_free(mp);
+  				}
+  
+--- 510,516 ----
+  				mp->order, mp->addr, mp->num);
+  #endif
+  				if (mp->app_info != NULL)
+! 					app_info_free(mp->app_info);
+  				OPENSSL_free(mp);
+  				}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/objects/Makefile.ssl
+*** crypto/openssl/crypto/objects/Makefile.ssl	Mon Feb 24 21:51:16 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/Makefile.ssl	Fri Feb 21 11:32:55 2003
+***************
+*** 76,82 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 76,82 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.c ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.c
+*** crypto/openssl/crypto/objects/obj_dat.c	Mon Feb 24 21:51:16 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.c	Fri Feb 21 11:32:55 2003
+***************
+*** 417,423 ****
+  	a2d_ASN1_OBJECT(p,i,s,-1);
+  	
+  	p=buf;
+! 	op=d2i_ASN1_OBJECT(NULL,&p,i);
+  	OPENSSL_free(buf);
+  	return op;
+  	}
+--- 417,423 ----
+  	a2d_ASN1_OBJECT(p,i,s,-1);
+  	
+  	p=buf;
+! 	op=d2i_ASN1_OBJECT(NULL,&p,j);
+  	OPENSSL_free(buf);
+  	return op;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.h ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.h
+*** crypto/openssl/crypto/objects/obj_dat.h	Mon Feb 24 21:51:16 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_dat.h	Fri Feb 21 11:32:55 2003
+***************
+*** 62,73 ****
+   * [including the GNU Public Licence.]
+   */
+  
+! #define NUM_NID 404
+! #define NUM_SN 402
+! #define NUM_LN 402
+! #define NUM_OBJ 376
+  
+! static unsigned char lvalues[2951]={
+  0x00,                                        /* [  0] OBJ_undef */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
+--- 62,73 ----
+   * [including the GNU Public Licence.]
+   */
+  
+! #define NUM_NID 406
+! #define NUM_SN 404
+! #define NUM_LN 404
+! #define NUM_OBJ 378
+  
+! static unsigned char lvalues[2971]={
+  0x00,                                        /* [  0] OBJ_undef */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
+***************
+*** 444,449 ****
+--- 444,451 ----
+  0x55,0x1D,0x24,                              /* [2941] OBJ_policy_constraints */
+  0x55,0x1D,0x37,                              /* [2944] OBJ_target_information */
+  0x55,0x1D,0x38,                              /* [2947] OBJ_no_rev_avail */
++ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [2950] OBJ_ms_smartcard_login */
++ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [2960] OBJ_ms_upn */
+  };
+  
+  static ASN1_OBJECT nid_objs[NUM_NID]={
+***************
+*** 1075,1080 ****
+--- 1077,1086 ----
+  	&(lvalues[2944]),0},
+  {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
+  	&(lvalues[2947]),0},
++ {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
++ 	10,&(lvalues[2950]),0},
++ {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
++ 	&(lvalues[2960]),0},
+  };
+  
+  static ASN1_OBJECT *sn_objs[NUM_SN]={
+***************
+*** 1417,1422 ****
+--- 1423,1430 ----
+  &(nid_objs[138]),/* "msEFS" */
+  &(nid_objs[171]),/* "msExtReq" */
+  &(nid_objs[137]),/* "msSGC" */
++ &(nid_objs[404]),/* "msSmartcardLogin" */
++ &(nid_objs[405]),/* "msUPN" */
+  &(nid_objs[173]),/* "name" */
+  &(nid_objs[369]),/* "noCheck" */
+  &(nid_objs[403]),/* "noRevAvail" */
+***************
+*** 1510,1516 ****
+--- 1518,1526 ----
+  &(nid_objs[171]),/* "Microsoft Extension Request" */
+  &(nid_objs[134]),/* "Microsoft Individual Code Signing" */
+  &(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
++ &(nid_objs[404]),/* "Microsoft Smartcardlogin" */
+  &(nid_objs[136]),/* "Microsoft Trust List Signing" */
++ &(nid_objs[405]),/* "Microsoft Universal Principal Name" */
+  &(nid_objs[72]),/* "Netscape Base Url" */
+  &(nid_objs[76]),/* "Netscape CA Policy Url" */
+  &(nid_objs[74]),/* "Netscape CA Revocation Url" */
+***************
+*** 2196,2201 ****
+--- 2206,2213 ----
+  &(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+  &(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+  &(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
++ &(nid_objs[404]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
++ &(nid_objs[405]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+  &(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+  &(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+  &(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.h ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.h
+*** crypto/openssl/crypto/objects/obj_mac.h	Mon Feb 24 21:51:16 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.h	Fri Feb 21 11:32:55 2003
+***************
+*** 780,785 ****
+--- 780,795 ----
+  #define NID_ms_efs		138
+  #define OBJ_ms_efs		1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+  
++ #define SN_ms_smartcard_login		"msSmartcardLogin"
++ #define LN_ms_smartcard_login		"Microsoft Smartcardlogin"
++ #define NID_ms_smartcard_login		404
++ #define OBJ_ms_smartcard_login		1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
++ 
++ #define SN_ms_upn		"msUPN"
++ #define LN_ms_upn		"Microsoft Universal Principal Name"
++ #define NID_ms_upn		405
++ #define OBJ_ms_upn		1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
++ 
+  #define SN_idea_cbc		"IDEA-CBC"
+  #define LN_idea_cbc		"idea-cbc"
+  #define NID_idea_cbc		34
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.num ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.num
+*** crypto/openssl/crypto/objects/obj_mac.num	Mon Feb 24 21:51:16 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/obj_mac.num	Fri Feb 21 11:32:55 2003
+***************
+*** 401,403 ****
+--- 401,405 ----
+  policy_constraints		401
+  target_information		402
+  no_rev_avail		403
++ ms_smartcard_login		404
++ ms_upn		405
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/objects.txt ../RELENG_4_6/crypto/openssl/crypto/objects/objects.txt
+*** crypto/openssl/crypto/objects/objects.txt	Mon Feb 24 21:51:16 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/objects/objects.txt	Fri Feb 21 11:32:55 2003
+***************
+*** 246,251 ****
+--- 246,255 ----
+  1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
+  !Cname ms-efs
+  1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
++ !Cname ms-smartcard-login
++ 1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
++ !Cname ms-upn
++ 1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name
+  
+  1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
+  			: IDEA-ECB		: idea-ecb
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslconf.h ../RELENG_4_6/crypto/openssl/crypto/opensslconf.h
+*** crypto/openssl/crypto/opensslconf.h	Sun Aug 20 04:46:04 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/opensslconf.h	Fri Feb 21 11:32:49 2003
+***************
+*** 6,19 ****
+     /* no ciphers excluded */
+  #endif
+  #ifdef OPENSSL_THREAD_DEFINES
+  #endif
+  #ifdef OPENSSL_OTHER_DEFINES
+  #endif
+  
+  /* crypto/opensslconf.h.in */
+  
+  /* Generate 80386 code? */
+! #undef I386_ONLY
+  
+  #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+  #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+--- 6,28 ----
+     /* no ciphers excluded */
+  #endif
+  #ifdef OPENSSL_THREAD_DEFINES
++ # ifndef THREADS
++ #  define THREADS
++ # endif
+  #endif
+  #ifdef OPENSSL_OTHER_DEFINES
++ # ifndef DSO_DLFCN
++ #  define DSO_DLFCN
++ # endif
++ # ifndef HAVE_DLFCN_H
++ #  define HAVE_DLFCN_H
++ # endif
+  #endif
+  
+  /* crypto/opensslconf.h.in */
+  
+  /* Generate 80386 code? */
+! #define I386_ONLY
+  
+  #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+  #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+***************
+*** 66,72 ****
+  
+  #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+  #define CONFIG_HEADER_BN_H
+! #undef BN_LLONG
+  
+  /* Should we define BN_DIV2W here? */
+  
+--- 75,81 ----
+  
+  #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+  #define CONFIG_HEADER_BN_H
+! #define BN_LLONG
+  
+  /* Should we define BN_DIV2W here? */
+  
+***************
+*** 85,91 ****
+  #define CONFIG_HEADER_RC4_LOCL_H
+  /* if this is defined data[i] is used instead of *data, this is a %20
+   * speedup on x86 */
+! #undef RC4_INDEX
+  #endif
+  
+  #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+--- 94,100 ----
+  #define CONFIG_HEADER_RC4_LOCL_H
+  /* if this is defined data[i] is used instead of *data, this is a %20
+   * speedup on x86 */
+! #define RC4_INDEX
+  #endif
+  
+  #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+***************
+*** 99,112 ****
+  /* the following is tweaked from a config script, that is why it is a
+   * protected undef/define */
+  #ifndef DES_PTR
+! #undef DES_PTR
+  #endif
+  
+  /* This helps C compiler generate the correct code for multiple functional
+   * units.  It reduces register dependancies at the expense of 2 more
+   * registers */
+  #ifndef DES_RISC1
+! #undef DES_RISC1
+  #endif
+  
+  #ifndef DES_RISC2
+--- 108,121 ----
+  /* the following is tweaked from a config script, that is why it is a
+   * protected undef/define */
+  #ifndef DES_PTR
+! #define DES_PTR
+  #endif
+  
+  /* This helps C compiler generate the correct code for multiple functional
+   * units.  It reduces register dependancies at the expense of 2 more
+   * registers */
+  #ifndef DES_RISC1
+! #define DES_RISC1
+  #endif
+  
+  #ifndef DES_RISC2
+***************
+*** 120,126 ****
+  /* Unroll the inner loop, this sometimes helps, sometimes hinders.
+   * Very mucy CPU dependant */
+  #ifndef DES_UNROLL
+! #undef DES_UNROLL
+  #endif
+  
+  /* These default values were supplied by
+--- 129,135 ----
+  /* Unroll the inner loop, this sometimes helps, sometimes hinders.
+   * Very mucy CPU dependant */
+  #ifndef DES_UNROLL
+! #define DES_UNROLL
+  #endif
+  
+  /* These default values were supplied by
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslv.h ../RELENG_4_6/crypto/openssl/crypto/opensslv.h
+*** crypto/openssl/crypto/opensslv.h	Mon Feb 24 21:51:11 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/opensslv.h	Fri Feb 21 11:32:49 2003
+***************
+*** 25,32 ****
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090605fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6e 30 Jul 2002"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+--- 25,32 ----
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090609fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6i Feb 19 2003"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/pem/Makefile.ssl
+*** crypto/openssl/crypto/pem/Makefile.ssl	Wed Jul  4 19:19:30 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/Makefile.ssl	Fri Feb 21 11:32:55 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_info.c ../RELENG_4_6/crypto/openssl/crypto/pem/pem_info.c
+*** crypto/openssl/crypto/pem/pem_info.c	Mon Feb 24 21:51:16 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/pem_info.c	Fri Feb 21 11:32:55 2003
+***************
+*** 358,364 ****
+  	ret=1;
+  
+  err:
+! 	memset((char *)&ctx,0,sizeof(ctx));
+! 	memset(buf,0,PEM_BUFSIZE);
+  	return(ret);
+  	}
+--- 358,364 ----
+  	ret=1;
+  
+  err:
+! 	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+! 	OPENSSL_cleanse(buf,PEM_BUFSIZE);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_lib.c ../RELENG_4_6/crypto/openssl/crypto/pem/pem_lib.c
+*** crypto/openssl/crypto/pem/pem_lib.c	Mon Feb 24 21:51:16 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/pem_lib.c	Fri Feb 21 11:32:55 2003
+***************
+*** 380,386 ****
+  		 * NOT taken from the BytesToKey function */
+  		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+  
+! 		if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+  
+  		buf[0]='\0';
+  		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+--- 380,386 ----
+  		 * NOT taken from the BytesToKey function */
+  		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+  
+! 		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
+  
+  		buf[0]='\0';
+  		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+***************
+*** 401,412 ****
+  	i=PEM_write_bio(bp,name,buf,data,i);
+  	if (i <= 0) ret=0;
+  err:
+! 	memset(key,0,sizeof(key));
+! 	memset(iv,0,sizeof(iv));
+! 	memset((char *)&ctx,0,sizeof(ctx));
+! 	memset(buf,0,PEM_BUFSIZE);
+! 	memset(data,0,(unsigned int)dsize);
+! 	OPENSSL_free(data);
+  	return(ret);
+  	}
+  
+--- 401,415 ----
+  	i=PEM_write_bio(bp,name,buf,data,i);
+  	if (i <= 0) ret=0;
+  err:
+! 	OPENSSL_cleanse(key,sizeof(key));
+! 	OPENSSL_cleanse(iv,sizeof(iv));
+! 	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+! 	OPENSSL_cleanse(buf,PEM_BUFSIZE);
+! 	if (data != NULL)
+! 		{
+! 		OPENSSL_cleanse(data,(unsigned int)dsize);
+! 		OPENSSL_free(data);
+! 		}
+  	return(ret);
+  	}
+  
+***************
+*** 444,451 ****
+  	EVP_DecryptUpdate(&ctx,data,&i,data,j);
+  	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+  	EVP_CIPHER_CTX_cleanup(&ctx);
+! 	memset((char *)buf,0,sizeof(buf));
+! 	memset((char *)key,0,sizeof(key));
+  	j+=i;
+  	if (!o)
+  		{
+--- 447,454 ----
+  	EVP_DecryptUpdate(&ctx,data,&i,data,j);
+  	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+  	EVP_CIPHER_CTX_cleanup(&ctx);
+! 	OPENSSL_cleanse((char *)buf,sizeof(buf));
+! 	OPENSSL_cleanse((char *)key,sizeof(key));
+  	j+=i;
+  	if (!o)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_seal.c ../RELENG_4_6/crypto/openssl/crypto/pem/pem_seal.c
+*** crypto/openssl/crypto/pem/pem_seal.c	Sun Nov 26 06:33:44 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pem/pem_seal.c	Fri Feb 21 11:32:55 2003
+***************
+*** 109,115 ****
+  	ret=npubk;
+  err:
+  	if (s != NULL) OPENSSL_free(s);
+! 	memset(key,0,EVP_MAX_KEY_LENGTH);
+  	return(ret);
+  	}
+  
+--- 109,115 ----
+  	ret=npubk;
+  err:
+  	if (s != NULL) OPENSSL_free(s);
+! 	OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/pkcs12/Makefile.ssl
+*** crypto/openssl/crypto/pkcs12/Makefile.ssl	Wed Jul  4 19:19:31 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/Makefile.ssl	Fri Feb 21 11:32:55 2003
+***************
+*** 74,80 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 74,80 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_crpt.c ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_crpt.c
+*** crypto/openssl/crypto/pkcs12/p12_crpt.c	Sun Aug 20 04:46:32 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_crpt.c	Fri Feb 21 11:32:55 2003
+***************
+*** 118,124 ****
+  	}
+  	PBEPARAM_free(pbe);
+  	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+! 	memset(key, 0, EVP_MAX_KEY_LENGTH);
+! 	memset(iv, 0, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+--- 118,124 ----
+  	}
+  	PBEPARAM_free(pbe);
+  	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+! 	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+! 	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_decr.c ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_decr.c
+*** crypto/openssl/crypto/pkcs12/p12_decr.c	Sun Nov 26 06:33:45 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_decr.c	Fri Feb 21 11:32:55 2003
+***************
+*** 137,143 ****
+  	if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
+  				free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+  	else ret = d2i(NULL, &p, outlen);
+! 	if (seq & 2) memset(out, 0, outlen);
+  	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+  	OPENSSL_free (out);
+  	return ret;
+--- 137,143 ----
+  	if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
+  				free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+  	else ret = d2i(NULL, &p, outlen);
+! 	if (seq & 2) OPENSSL_cleanse(out, outlen);
+  	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+  	OPENSSL_free (out);
+  	return ret;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_key.c ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_key.c
+*** crypto/openssl/crypto/pkcs12/p12_key.c	Wed Jul  4 19:19:31 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs12/p12_key.c	Fri Feb 21 11:32:55 2003
+***************
+*** 91,97 ****
+  	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+  						 id, iter, n, out, md_type);
+  	if(unipass) {
+! 		memset(unipass, 0, uniplen);	/* Clear password from memory */
+  		OPENSSL_free(unipass);
+  	}
+  	return ret;
+--- 91,97 ----
+  	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+  						 id, iter, n, out, md_type);
+  	if(unipass) {
+! 		OPENSSL_cleanse(unipass, uniplen);	/* Clear password from memory */
+  		OPENSSL_free(unipass);
+  	}
+  	return ret;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/pkcs7/Makefile.ssl
+*** crypto/openssl/crypto/pkcs7/Makefile.ssl	Mon Feb 24 21:51:16 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/Makefile.ssl	Fri Feb 21 11:32:55 2003
+***************
+*** 87,93 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 87,93 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/bio_ber.c ../RELENG_4_6/crypto/openssl/crypto/pkcs7/bio_ber.c
+*** crypto/openssl/crypto/pkcs7/bio_ber.c	Sun Nov 26 06:33:47 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/bio_ber.c	Fri Feb 21 11:32:55 2003
+***************
+*** 145,151 ****
+  
+  	if (a == NULL) return(0);
+  	b=(BIO_BER_CTX *)a->ptr;
+! 	memset(a->ptr,0,sizeof(BIO_BER_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 145,151 ----
+  
+  	if (a == NULL) return(0);
+  	b=(BIO_BER_CTX *)a->ptr;
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/pk7_doit.c ../RELENG_4_6/crypto/openssl/crypto/pkcs7/pk7_doit.c
+*** crypto/openssl/crypto/pkcs7/pk7_doit.c	Mon Feb 24 21:51:16 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/pkcs7/pk7_doit.c	Fri Feb 21 11:32:55 2003
+***************
+*** 241,247 ****
+  			M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+  			}
+  		OPENSSL_free(tmp);
+! 		memset(key, 0, keylen);
+  
+  		if (out == NULL)
+  			out=btmp;
+--- 241,247 ----
+  			M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+  			}
+  		OPENSSL_free(tmp);
+! 		OPENSSL_cleanse(key, keylen);
+  
+  		if (out == NULL)
+  			out=btmp;
+***************
+*** 448,454 ****
+  		} 
+  		EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+  
+! 		memset(tmp,0,jj);
+  
+  		if (out == NULL)
+  			out=etmp;
+--- 448,454 ----
+  		} 
+  		EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+  
+! 		OPENSSL_cleanse(tmp,jj);
+  
+  		if (out == NULL)
+  			out=etmp;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rand/Makefile.ssl
+*** crypto/openssl/crypto/rand/Makefile.ssl	Wed Jul  4 19:19:33 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/Makefile.ssl	Fri Feb 21 11:32:56 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/md_rand.c ../RELENG_4_6/crypto/openssl/crypto/rand/md_rand.c
+*** crypto/openssl/crypto/rand/md_rand.c	Mon Feb 24 21:51:17 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/md_rand.c	Fri Feb 21 11:32:56 2003
+***************
+*** 177,186 ****
+  
+  static void ssleay_rand_cleanup(void)
+  	{
+! 	memset(state,0,sizeof(state));
+  	state_num=0;
+  	state_index=0;
+! 	memset(md,0,MD_DIGEST_LENGTH);
+  	md_count[0]=0;
+  	md_count[1]=0;
+  	entropy=0;
+--- 177,186 ----
+  
+  static void ssleay_rand_cleanup(void)
+  	{
+! 	OPENSSL_cleanse(state,sizeof(state));
+  	state_num=0;
+  	state_index=0;
+! 	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
+  	md_count[0]=0;
+  	md_count[1]=0;
+  	entropy=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_egd.c ../RELENG_4_6/crypto/openssl/crypto/rand/rand_egd.c
+*** crypto/openssl/crypto/rand/rand_egd.c	Mon Feb 24 21:51:17 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/rand_egd.c	Fri Feb 21 11:32:56 2003
+***************
+*** 59,65 ****
+  /* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+   */
+  
+! #if defined(WIN32) || defined(VMS) || defined(__VMS)
+  int RAND_egd(const char *path)
+  	{
+  	return(-1);
+--- 59,65 ----
+  /* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+   */
+  
+! #if defined(WIN32) || defined(MSDOS) || defined(VMS) || defined(__VMS) || defined(VXWORKS)
+  int RAND_egd(const char *path)
+  	{
+  	return(-1);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_win.c ../RELENG_4_6/crypto/openssl/crypto/rand/rand_win.c
+*** crypto/openssl/crypto/rand/rand_win.c	Mon Feb 24 21:51:17 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/rand_win.c	Fri Feb 21 11:32:56 2003
+***************
+*** 254,259 ****
+--- 254,263 ----
+           * at random times on Windows 2000.  Reported by Jeffrey Altman.  
+           * Only use it on NT.
+  	 */
++ 	/* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
++ 	 * the RegQueryValueEx call below can hang on NT4.0 (SP6).
++ 	 * So we don't use this at all for now. */
++ #if 0
+          if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+  		osverinfo.dwMajorVersion < 5)
+  		{
+***************
+*** 283,295 ****
+  			{
+                          /* For entropy count assume only least significant
+  			 * byte of each DWORD is random.
+!                          */
+  			RAND_add(&length, sizeof(length), 0);
+  			RAND_add(buf, length, length / 4.0);
+  			}
+  		if (buf)
+  			free(buf);
+  		}
+  
+  	if (advapi)
+  		{
+--- 287,309 ----
+  			{
+                          /* For entropy count assume only least significant
+  			 * byte of each DWORD is random.
+! 			 */
+  			RAND_add(&length, sizeof(length), 0);
+  			RAND_add(buf, length, length / 4.0);
++ 
++ 			/* Close the Registry Key to allow Windows to cleanup/close
++ 			 * the open handle
++ 			 * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
++ 			 *       when the RegQueryValueEx above is done.  However, if
++ 			 *       it is not explicitly closed, it can cause disk
++ 			 *       partition manipulation problems.
++ 			 */
++ 			RegCloseKey(HKEY_PERFORMANCE_DATA);
+  			}
+  		if (buf)
+  			free(buf);
+  		}
++ #endif
+  
+  	if (advapi)
+  		{
+***************
+*** 461,467 ****
+  						hlist.th32ProcessID,
+  						hlist.th32HeapID))
+  						{
+! 						int entrycnt = 50;
+  						do
+  							RAND_add(&hentry,
+  								hentry.dwSize, 5);
+--- 475,481 ----
+  						hlist.th32ProcessID,
+  						hlist.th32HeapID))
+  						{
+! 						int entrycnt = 80;
+  						do
+  							RAND_add(&hentry,
+  								hentry.dwSize, 5);
+***************
+*** 718,725 ****
+--- 732,741 ----
+  	/* put in some default random data, we need more than just this */
+  	l=curr_pid;
+  	RAND_add(&l,sizeof(l),0);
++ #ifndef VXWORKS
+  	l=getuid();
+  	RAND_add(&l,sizeof(l),0);
++ #endif
+  
+  	l=time(NULL);
+  	RAND_add(&l,sizeof(l),0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randfile.c ../RELENG_4_6/crypto/openssl/crypto/rand/randfile.c
+*** crypto/openssl/crypto/rand/randfile.c	Mon Feb 24 21:51:17 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/randfile.c	Fri Feb 21 11:32:56 2003
+***************
+*** 61,66 ****
+--- 61,68 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "openssl/e_os.h"
++ 
+  #ifdef VMS
+  #include <unixio.h>
+  #endif
+***************
+*** 73,79 ****
+  # include <sys/stat.h>
+  #endif
+  
+- #include "openssl/e_os.h"
+  #include <openssl/crypto.h>
+  #include <openssl/rand.h>
+  
+--- 75,80 ----
+***************
+*** 124,130 ****
+  			}
+  		}
+  	fclose(in);
+! 	memset(buf,0,BUFSIZE);
+  err:
+  	return(ret);
+  	}
+--- 125,131 ----
+  			}
+  		}
+  	fclose(in);
+! 	OPENSSL_cleanse(buf,BUFSIZE);
+  err:
+  	return(ret);
+  	}
+***************
+*** 189,195 ****
+  #endif /* VMS */
+  
+  	fclose(out);
+! 	memset(buf,0,BUFSIZE);
+  err:
+  	return (rand_err ? -1 : ret);
+  	}
+--- 190,196 ----
+  #endif /* VMS */
+  
+  	fclose(out);
+! 	OPENSSL_cleanse(buf,BUFSIZE);
+  err:
+  	return (rand_err ? -1 : ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randtest.c ../RELENG_4_6/crypto/openssl/crypto/rand/randtest.c
+*** crypto/openssl/crypto/rand/randtest.c	Sun Aug 20 04:46:35 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rand/randtest.c	Fri Feb 21 11:32:56 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <openssl/rand.h>
+  
++ #include "../e_os.h"
++ 
+  /* some FIPS 140-1 random number test */
+  /* some simple tests */
+  
+***************
+*** 202,207 ****
+  		}
+  	printf("test 4 done\n");
+  	err=((err)?1:0);
+! 	exit(err);
+  	return(err);
+  	}
+--- 204,209 ----
+  		}
+  	printf("test 4 done\n");
+  	err=((err)?1:0);
+! 	EXIT(err);
+  	return(err);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rc2/Makefile.ssl
+*** crypto/openssl/crypto/rc2/Makefile.ssl	Wed Jul  4 19:19:33 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rc2/Makefile.ssl	Fri Feb 21 11:32:56 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/rc2test.c ../RELENG_4_6/crypto/openssl/crypto/rc2/rc2test.c
+*** crypto/openssl/crypto/rc2/rc2test.c	Sun Aug 20 04:46:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc2/rc2test.c	Fri Feb 21 11:32:56 2003
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC2
+  int main(int argc, char *argv[])
+  {
+***************
+*** 203,209 ****
+  		printf("ok\n");
+  #endif
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 205,211 ----
+  		printf("ok\n");
+  #endif
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rc4/Makefile.ssl
+*** crypto/openssl/crypto/rc4/Makefile.ssl	Wed Jul  4 19:19:34 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rc4/Makefile.ssl	Fri Feb 21 11:32:56 2003
+***************
+*** 97,103 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 97,103 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4.c ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4.c
+*** crypto/openssl/crypto/rc4/rc4.c	Mon Jan 10 01:21:50 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4.c	Fri Feb 21 11:32:56 2003
+***************
+*** 155,161 ****
+  		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+  		if (i != 0)
+  			{
+! 			memset(buf,0,BUFSIZ);
+  			fprintf(stderr,"bad password read\n");
+  			exit(1);
+  			}
+--- 155,161 ----
+  		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+  		if (i != 0)
+  			{
+! 			OPENSSL_cleanse(buf,BUFSIZ);
+  			fprintf(stderr,"bad password read\n");
+  			exit(1);
+  			}
+***************
+*** 163,169 ****
+  		}
+  
+  	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+! 	memset(keystr,0,strlen(keystr));
+  	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+  	
+  	for(;;)
+--- 163,169 ----
+  		}
+  
+  	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+! 	OPENSSL_cleanse(keystr,strlen(keystr));
+  	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+  	
+  	for(;;)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4test.c ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4test.c
+*** crypto/openssl/crypto/rc4/rc4test.c	Sun Aug 20 04:46:36 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc4/rc4test.c	Fri Feb 21 11:32:56 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC4
+  int main(int argc, char *argv[])
+  {
+***************
+*** 195,201 ****
+  			}
+  		}
+  	printf("done\n");
+! 	exit(err);
+  	return(0);
+  	}
+  #endif
+--- 197,203 ----
+  			}
+  		}
+  	printf("done\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rc5/Makefile.ssl
+*** crypto/openssl/crypto/rc5/Makefile.ssl	Wed Jul  4 19:19:34 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rc5/Makefile.ssl	Fri Feb 21 11:32:56 2003
+***************
+*** 94,100 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 94,100 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/rc5test.c ../RELENG_4_6/crypto/openssl/crypto/rc5/rc5test.c
+*** crypto/openssl/crypto/rc5/rc5test.c	Sun Aug 20 04:46:37 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rc5/rc5test.c	Fri Feb 21 11:32:56 2003
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC5
+  int main(int argc, char *argv[])
+  {
+***************
+*** 318,324 ****
+  		}
+  	if (err == 0) printf("cbc RC5 ok\n");
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 320,326 ----
+  		}
+  	if (err == 0) printf("cbc RC5 ok\n");
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/ripemd/Makefile.ssl
+*** crypto/openssl/crypto/ripemd/Makefile.ssl	Wed Jul  4 19:19:35 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/ripemd/Makefile.ssl	Fri Feb 21 11:32:56 2003
+***************
+*** 92,98 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 92,98 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 106,109 ****
+  rmd_dgst.o: ../../include/openssl/opensslconf.h
+  rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+  rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
+! rmd_one.o: ../../include/openssl/ripemd.h
+--- 106,111 ----
+  rmd_dgst.o: ../../include/openssl/opensslconf.h
+  rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+  rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
+! rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+! rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmd_one.c ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmd_one.c
+*** crypto/openssl/crypto/ripemd/rmd_one.c	Sun Aug 20 04:46:39 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmd_one.c	Fri Feb 21 11:32:56 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/ripemd.h>
++ #include <openssl/crypto.h>
+  
+  unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+  	     unsigned char *md)
+***************
+*** 70,76 ****
+  	RIPEMD160_Init(&c);
+  	RIPEMD160_Update(&c,d,n);
+  	RIPEMD160_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 71,77 ----
+  	RIPEMD160_Init(&c);
+  	RIPEMD160_Update(&c,d,n);
+  	RIPEMD160_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmdtest.c ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmdtest.c
+*** crypto/openssl/crypto/ripemd/rmdtest.c	Sun Aug 20 04:46:39 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/ripemd/rmdtest.c	Fri Feb 21 11:32:56 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RIPEMD
+  int main(int argc, char *argv[])
+  {
+***************
+*** 124,130 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 126,132 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/rsa/Makefile.ssl
+*** crypto/openssl/crypto/rsa/Makefile.ssl	Wed Jul  4 19:19:35 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/Makefile.ssl	Fri Feb 21 11:32:56 2003
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa.h ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa.h
+*** crypto/openssl/crypto/rsa/rsa.h	Mon Feb 24 21:51:17 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa.h	Fri Feb 21 11:32:56 2003
+***************
+*** 169,174 ****
+--- 168,175 ----
+  #define RSA_SSLV23_PADDING	2
+  #define RSA_NO_PADDING		3
+  #define RSA_PKCS1_OAEP_PADDING	4
++ 
++ #define RSA_PKCS1_PADDING_SIZE	11
+  
+  #define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
+  #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_eay.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_eay.c
+*** crypto/openssl/crypto/rsa/rsa_eay.c	Mon Feb 24 21:51:17 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_eay.c	Fri Feb 21 11:32:56 2003
+***************
+*** 185,191 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL) 
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 184,190 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL) 
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 269,275 ****
+  	BN_clear_free(&f);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 268,274 ----
+  	BN_clear_free(&f);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 368,374 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 367,373 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 465,471 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 464,470 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_pk1.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_pk1.c
+*** crypto/openssl/crypto/rsa/rsa_pk1.c	Sun Aug 20 04:46:40 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_pk1.c	Fri Feb 21 11:32:56 2003
+***************
+*** 68,74 ****
+  	int j;
+  	unsigned char *p;
+  
+! 	if (flen > (tlen-11))
+  		{
+  		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+  		return(0);
+--- 68,74 ----
+  	int j;
+  	unsigned char *p;
+  
+! 	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+  		return(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_saos.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_saos.c
+*** crypto/openssl/crypto/rsa/rsa_saos.c	Sun Nov 26 06:33:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_saos.c	Fri Feb 21 11:32:56 2003
+***************
+*** 76,82 ****
+  
+  	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
+  	j=RSA_size(rsa);
+! 	if ((i-RSA_PKCS1_PADDING) > j)
+  		{
+  		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+--- 76,82 ----
+  
+  	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
+  	j=RSA_size(rsa);
+! 	if (i > (j-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+***************
+*** 95,101 ****
+  	else
+  		*siglen=i;
+  
+! 	memset(s,0,(unsigned int)j+1);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 95,101 ----
+  	else
+  		*siglen=i;
+  
+! 	OPENSSL_cleanse(s,(unsigned int)j+1);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+***************
+*** 137,143 ****
+  		ret=1;
+  err:
+  	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
+! 	memset(s,0,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 137,143 ----
+  		ret=1;
+  err:
+  	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
+! 	OPENSSL_cleanse(s,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_sign.c ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_sign.c
+*** crypto/openssl/crypto/rsa/rsa_sign.c	Sun Nov 26 06:33:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/rsa/rsa_sign.c	Fri Feb 21 11:32:56 2003
+***************
+*** 109,115 ****
+  		i=i2d_X509_SIG(&sig,NULL);
+  	}
+  	j=RSA_size(rsa);
+! 	if ((i-RSA_PKCS1_PADDING) > j)
+  		{
+  		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+--- 109,115 ----
+  		i=i2d_X509_SIG(&sig,NULL);
+  	}
+  	j=RSA_size(rsa);
+! 	if (i > (j-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+***************
+*** 131,137 ****
+  		*siglen=i;
+  
+  	if(type != NID_md5_sha1) {
+! 		memset(s,0,(unsigned int)j+1);
+  		OPENSSL_free(s);
+  	}
+  	return(ret);
+--- 131,137 ----
+  		*siglen=i;
+  
+  	if(type != NID_md5_sha1) {
+! 		OPENSSL_cleanse(s,(unsigned int)j+1);
+  		OPENSSL_free(s);
+  	}
+  	return(ret);
+***************
+*** 214,220 ****
+  	}
+  err:
+  	if (sig != NULL) X509_SIG_free(sig);
+! 	memset(s,0,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 214,220 ----
+  	}
+  err:
+  	if (sig != NULL) X509_SIG_free(sig);
+! 	OPENSSL_cleanse(s,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/sha/Makefile.ssl
+*** crypto/openssl/crypto/sha/Makefile.ssl	Wed Jul  4 19:19:36 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/Makefile.ssl	Fri Feb 21 11:32:57 2003
+***************
+*** 92,98 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 92,98 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 103,113 ****
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! sha1_one.o: ../../include/openssl/sha.h
+  sha1dgst.o: ../../include/openssl/opensslconf.h
+  sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha1dgst.o: ../md32_common.h sha_locl.h
+  sha_dgst.o: ../../include/openssl/opensslconf.h
+  sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha_dgst.o: ../md32_common.h sha_locl.h
+! sha_one.o: ../../include/openssl/sha.h
+--- 103,117 ----
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  sha1dgst.o: ../../include/openssl/opensslconf.h
+  sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha1dgst.o: ../md32_common.h sha_locl.h
+  sha_dgst.o: ../../include/openssl/opensslconf.h
+  sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha_dgst.o: ../md32_common.h sha_locl.h
+! sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1_one.c ../RELENG_4_6/crypto/openssl/crypto/sha/sha1_one.c
+*** crypto/openssl/crypto/sha/sha1_one.c	Mon Jan 10 01:21:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/sha1_one.c	Fri Feb 21 11:32:57 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/sha.h>
++ #include <openssl/crypto.h>
+  
+  #ifndef NO_SHA1
+  unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
+***************
+*** 70,76 ****
+  	SHA1_Init(&c);
+  	SHA1_Update(&c,d,n);
+  	SHA1_Final(md,&c);
+! 	memset(&c,0,sizeof(c));
+  	return(md);
+  	}
+  #endif
+--- 71,77 ----
+  	SHA1_Init(&c);
+  	SHA1_Update(&c,d,n);
+  	SHA1_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));
+  	return(md);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1test.c ../RELENG_4_6/crypto/openssl/crypto/sha/sha1test.c
+*** crypto/openssl/crypto/sha/sha1test.c	Sun Aug 20 04:46:45 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/sha1test.c	Fri Feb 21 11:32:57 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_SHA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 152,158 ****
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 154,160 ----
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha_one.c ../RELENG_4_6/crypto/openssl/crypto/sha/sha_one.c
+*** crypto/openssl/crypto/sha/sha_one.c	Mon Jan 10 01:21:52 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/sha_one.c	Fri Feb 21 11:32:57 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/sha.h>
++ #include <openssl/crypto.h>
+  
+  #ifndef NO_SHA0
+  unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
+***************
+*** 70,76 ****
+  	SHA_Init(&c);
+  	SHA_Update(&c,d,n);
+  	SHA_Final(md,&c);
+! 	memset(&c,0,sizeof(c));
+  	return(md);
+  	}
+  #endif
+--- 71,77 ----
+  	SHA_Init(&c);
+  	SHA_Update(&c,d,n);
+  	SHA_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));
+  	return(md);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/shatest.c ../RELENG_4_6/crypto/openssl/crypto/sha/shatest.c
+*** crypto/openssl/crypto/sha/shatest.c	Sun Aug 20 04:46:45 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/sha/shatest.c	Fri Feb 21 11:32:57 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_SHA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 152,158 ****
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 154,160 ----
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/stack/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/stack/Makefile.ssl
+*** crypto/openssl/crypto/stack/Makefile.ssl	Wed Jul  4 19:19:37 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/stack/Makefile.ssl	Fri Feb 21 11:32:57 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/threads/mttest.c ../RELENG_4_6/crypto/openssl/crypto/threads/mttest.c
+*** crypto/openssl/crypto/threads/mttest.c	Sun Nov 26 06:33:57 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/threads/mttest.c	Fri Feb 21 11:32:57 2003
+***************
+*** 77,82 ****
+--- 77,86 ----
+  #ifdef PTHREADS
+  #include <pthread.h>
+  #endif
++ #ifdef VXWORKS
++ #include <taskLib.h>
++ #include <semLib.h>
++ #endif
+  #include <openssl/lhash.h>
+  #include <openssl/crypto.h>
+  #include <openssl/buffer.h>
+***************
+*** 105,114 ****
+--- 109,120 ----
+  void solaris_locking_callback(int mode,int type,char *file,int line);
+  void win32_locking_callback(int mode,int type,char *file,int line);
+  void pthreads_locking_callback(int mode,int type,char *file,int line);
++ void vxworks_locking_callback(int mode,int type,char *file,int line);
+  
+  unsigned long irix_thread_id(void );
+  unsigned long solaris_thread_id(void );
+  unsigned long pthreads_thread_id(void );
++ unsigned long vxworks_thread_id(void );
+  
+  BIO *bio_err=NULL;
+  BIO *bio_stdout=NULL;
+***************
+*** 1097,1100 ****
+--- 1103,1221 ----
+  #endif /* PTHREADS */
+  
+  
++ #ifdef VXWORKS
++ 
++ #define DEFAULT_TASK_NAME               NULL
++ #define DEFAULT_TASK_PRIORITY           100
++ #define DEFAULT_TASK_OPTIONS            0
++ #define DEFAULT_TASK_STACK_BYTES        32768
++ 
++ static SEM_ID *lock_cs;
++ static long *lock_count;
++ 
++ extern int sysClkRateGet();
++ 
++ void thread_setup(void)
++ 	{
++ 	int i;
++ 
++ 	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(SEM_ID));
++ 	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
++ 	for (i=0; i<CRYPTO_num_locks(); i++)
++ 		{
++ 		lock_count[i]=0;
++ 		lock_cs[i] = semMCreate(SEM_Q_PRIORITY | SEM_INVERSION_SAFE);
++ 		}
++ 
++ 	CRYPTO_set_id_callback((unsigned long (*)())vxworks_thread_id);
++ 	CRYPTO_set_locking_callback((void (*)())vxworks_locking_callback);
++ 	}
++ 
++ void thread_cleanup(void)
++ 	{
++ 	int i;
++ 
++ 	CRYPTO_set_locking_callback(NULL);
++ 	fprintf(stderr,"cleanup\n");
++ 	for (i=0; i<CRYPTO_num_locks(); i++)
++ 		{
++ 		semDelete(lock_cs[i]);
++ 		fprintf(stderr,"%8ld:%s\n",lock_count[i],
++ 			CRYPTO_get_lock_name(i));
++ 		}
++ 	OPENSSL_free(lock_cs);
++ 	OPENSSL_free(lock_count);
++ 
++ 	fprintf(stderr,"done cleanup\n");
++ 	}
++ 
++ void vxworks_locking_callback(int mode, int type, char *file, int line)
++       {
++ #ifdef undef
++ 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
++ 		CRYPTO_thread_id(),
++ 		(mode&CRYPTO_LOCK)?"l":"u",
++ 		(type&CRYPTO_READ)?"r":"w",file,line);
++ #endif
++ /*
++ 	if (CRYPTO_LOCK_SSL_CERT == type)
++ 		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
++ 		CRYPTO_thread_id(),
++ 		mode,file,line);
++ */
++ 	if (mode & CRYPTO_LOCK)
++ 		{
++ 		semTake(lock_cs[type], WAIT_FOREVER);
++ 		lock_count[type]++;
++ 		}
++ 	else
++ 		{
++ 		semGive(lock_cs[type]);
++ 		}
++ 	}
++ 
++ 
++ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
++ 	{
++ 	SSL_CTX *ssl_ctx[2];
++ 	int thread_ctx[MAX_THREAD_NUMBER];
++ 	int i;
++ 
++ 	ssl_ctx[0]=s_ctx;
++ 	ssl_ctx[1]=c_ctx;
++ 
++ 	/*
++ 	thr_setconcurrency(thread_number);
++ 	*/
++ 	for (i=0; i<thread_number; i++)
++ 		{
++ 		thread_ctx[i] = taskSpawn(DEFAULT_TASK_NAME,
++ 				DEFAULT_TASK_PRIORITY,
++ 				DEFAULT_TASK_OPTIONS,
++ 				DEFAULT_TASK_STACK_BYTES,
++ 				(FUNCPTR)ndoit,
++ 				(int)ssl_ctx, 0, 0, 0, 0, 0, 0, 0, 0, 0);
++ 
++ 		printf("Spawned task %d (%x)\n", i, thread_ctx[i]);
++ 		}
++ 
++ 	printf("reaping\n");
++ 	for (i=0; i<thread_number; i++)
++ 		{
++ 		while(taskIdVerify(thread_ctx[i]) != ERROR)
++ 			{
++ 			taskDelay(sysClkRateGet()/10);
++ 			}
++ 		printf("Reaped task %d (%x)\n", i, thread_ctx[i]);
++ 		}
++ 
++ 	printf("vxworks threads done (%d,%d)\n",
++ 		s_ctx->references,c_ctx->references);
++ 	}
++ 
++ unsigned long vxworks_thread_id(void)
++ 	{
++ 	return((unsigned long)taskIdSelf());
++ 	}
+  
++ #endif /* VXWORKS */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/tmdiff.c ../RELENG_4_6/crypto/openssl/crypto/tmdiff.c
+*** crypto/openssl/crypto/tmdiff.c	Mon Feb 24 21:51:11 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/tmdiff.c	Fri Feb 21 11:32:49 2003
+***************
+*** 105,110 ****
+--- 105,115 ----
+  #include <windows.h>
+  #endif
+  
++ #ifdef VXWORKS
++ #include <tickLib.h>
++ #include <drv/timer/timerDev.h>
++ #endif
++ 
+  /* The following if from times(3) man page.  It may need to be changed */
+  #ifndef HZ
+  # ifndef CLK_TCK
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/txt_db/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/txt_db/Makefile.ssl
+*** crypto/openssl/crypto/txt_db/Makefile.ssl	Wed Jul  4 19:19:38 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/txt_db/Makefile.ssl	Fri Feb 21 11:32:57 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/uid.c ../RELENG_4_6/crypto/openssl/crypto/uid.c
+*** crypto/openssl/crypto/uid.c	Wed Jul  4 19:22:30 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/uid.c	Fri Feb 21 11:32:49 2003
+***************
+*** 64,70 ****
+  	return issetugid();
+  	}
+  
+! #elif defined(WIN32)
+  
+  int OPENSSL_issetugid(void)
+  	{
+--- 64,70 ----
+  	return issetugid();
+  	}
+  
+! #elif defined(WIN32) || defined(VXWORKS)
+  
+  int OPENSSL_issetugid(void)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/x509/Makefile.ssl
+*** crypto/openssl/crypto/x509/Makefile.ssl	Mon Feb 24 21:51:18 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/Makefile.ssl	Fri Feb 21 11:32:57 2003
+***************
+*** 78,84 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 78,84 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/by_file.c ../RELENG_4_6/crypto/openssl/crypto/x509/by_file.c
+*** crypto/openssl/crypto/x509/by_file.c	Sun Aug 20 04:46:47 2000
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/by_file.c	Fri Feb 21 11:32:57 2003
+***************
+*** 100,116 ****
+  	case X509_L_FILE_LOAD:
+  		if (argl == X509_FILETYPE_DEFAULT)
+  			{
+! 			ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+! 				X509_FILETYPE_PEM) != 0);
+  			if (!ok)
+  				{
+  				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+- 				}
+- 			else
+- 				{
+- 				file=(char *)Getenv(X509_get_default_cert_file_env());
+- 				ok = (X509_load_cert_crl_file(ctx,file,
+- 					X509_FILETYPE_PEM) != 0);
+  				}
+  			}
+  		else
+--- 100,117 ----
+  	case X509_L_FILE_LOAD:
+  		if (argl == X509_FILETYPE_DEFAULT)
+  			{
+! 			file = (char *)Getenv(X509_get_default_cert_file_env());
+! 			if (file)
+! 				ok = (X509_load_cert_crl_file(ctx,file,
+! 					      X509_FILETYPE_PEM) != 0);
+! 
+! 			if (!ok)
+! 				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+! 					      X509_FILETYPE_PEM) != 0);
+! 
+  			if (!ok)
+  				{
+  				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+  				}
+  			}
+  		else
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_cmp.c ../RELENG_4_6/crypto/openssl/crypto/x509/x509_cmp.c
+*** crypto/openssl/crypto/x509/x509_cmp.c	Wed Jul  4 19:19:39 2001
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/x509_cmp.c	Fri Feb 21 11:32:57 2003
+***************
+*** 57,62 ****
+--- 57,63 ----
+   */
+  
+  #include <stdio.h>
++ #include <ctype.h>
+  #include "cryptlib.h"
+  #include <openssl/asn1.h>
+  #include <openssl/objects.h>
+***************
+*** 157,162 ****
+--- 158,256 ----
+  }
+  #endif
+  
++ 
++ /* Case insensitive string comparision */
++ static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
++ {
++ 	int i;
++ 
++ 	if (a->length != b->length)
++ 		return (a->length - b->length);
++ 
++ 	for (i=0; i<a->length; i++)
++ 	{
++ 		int ca, cb;
++ 
++ 		ca = tolower(a->data[i]);
++ 		cb = tolower(b->data[i]);
++ 
++ 		if (ca != cb)
++ 			return(ca-cb);
++ 	}
++ 	return 0;
++ }
++ 
++ /* Case insensitive string comparision with space normalization 
++  * Space normalization - ignore leading, trailing spaces, 
++  *       multiple spaces between characters are replaced by single space  
++  */
++ static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
++ {
++ 	unsigned char *pa = NULL, *pb = NULL;
++ 	int la, lb;
++ 	
++ 	la = a->length;
++ 	lb = b->length;
++ 	pa = a->data;
++ 	pb = b->data;
++ 
++ 	/* skip leading spaces */
++ 	while (la > 0 && isspace(*pa))
++ 	{
++ 		la--;
++ 		pa++;
++ 	}
++ 	while (lb > 0 && isspace(*pb))
++ 	{
++ 		lb--;
++ 		pb++;
++ 	}
++ 
++ 	/* skip trailing spaces */
++ 	while (la > 0 && isspace(pa[la-1]))
++ 		la--;
++ 	while (lb > 0 && isspace(pb[lb-1]))
++ 		lb--;
++ 
++ 	/* compare strings with space normalization */
++ 	while (la > 0 && lb > 0)
++ 	{
++ 		int ca, cb;
++ 
++ 		/* compare character */
++ 		ca = tolower(*pa);
++ 		cb = tolower(*pb);
++ 		if (ca != cb)
++ 			return (ca - cb);
++ 
++ 		pa++; pb++;
++ 		la--; lb--;
++ 
++ 		if (la <= 0 || lb <= 0)
++ 			break;
++ 
++ 		/* is white space next character ? */
++ 		if (isspace(*pa) && isspace(*pb))
++ 		{
++ 			/* skip remaining white spaces */
++ 			while (la > 0 && isspace(*pa))
++ 			{
++ 				la--;
++ 				pa++;
++ 			}
++ 			while (lb > 0 && isspace(*pb))
++ 			{
++ 				lb--;
++ 				pb++;
++ 			}
++ 		}
++ 	}
++ 	if (la > 0 || lb > 0)
++ 		return la - lb;
++ 
++ 	return 0;
++ }
++ 
+  int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+  	{
+  	int i,j;
+***************
+*** 170,179 ****
+  		{
+  		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+  		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+! 		j=na->value->length-nb->value->length;
+  		if (j) return(j);
+! 		j=memcmp(na->value->data,nb->value->data,
+! 			na->value->length);
+  		if (j) return(j);
+  		j=na->set-nb->set;
+  		if (j) return(j);
+--- 264,283 ----
+  		{
+  		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+  		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+! 		j=na->value->type-nb->value->type;
+  		if (j) return(j);
+! 		if (na->value->type == V_ASN1_PRINTABLESTRING)
+! 			j=nocase_spacenorm_cmp(na->value, nb->value);
+! 		else if (na->value->type == V_ASN1_IA5STRING
+! 			&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+! 			j=nocase_cmp(na->value, nb->value);
+! 		else
+! 			{
+! 			j=na->value->length-nb->value->length;
+! 			if (j) return(j);
+! 			j=memcmp(na->value->data,nb->value->data,
+! 				na->value->length);
+! 			}
+  		if (j) return(j);
+  		j=na->set-nb->set;
+  		if (j) return(j);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_vfy.c ../RELENG_4_6/crypto/openssl/crypto/x509/x509_vfy.c
+*** crypto/openssl/crypto/x509/x509_vfy.c	Mon Feb 24 21:51:18 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/x509/x509_vfy.c	Fri Feb 21 11:32:57 2003
+***************
+*** 567,573 ****
+  	{
+  	char *str;
+  	ASN1_TIME atm;
+! 	time_t offset;
+  	char buff1[24],buff2[24],*p;
+  	int i,j;
+  
+--- 567,573 ----
+  	{
+  	char *str;
+  	ASN1_TIME atm;
+! 	long offset;
+  	char buff1[24],buff2[24],*p;
+  	int i,j;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/Makefile.ssl ../RELENG_4_6/crypto/openssl/crypto/x509v3/Makefile.ssl
+*** crypto/openssl/crypto/x509v3/Makefile.ssl	Mon Feb 24 21:51:18 2003
+--- ../RELENG_4_6/crypto/openssl/crypto/x509v3/Makefile.ssl	Fri Feb 21 11:32:58 2003
+***************
+*** 72,78 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 72,78 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/selfsign.c ../RELENG_4_6/crypto/openssl/demos/selfsign.c
+*** crypto/openssl/demos/selfsign.c	Sun Aug 20 04:46:50 2000
+--- ../RELENG_4_6/crypto/openssl/demos/selfsign.c	Fri Feb 21 11:32:58 2003
+***************
+*** 106,112 ****
+  		}
+  	rsa=NULL;
+  
+! 	X509_set_version(x,3);
+  	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+  	X509_gmtime_adj(X509_get_notBefore(x),0);
+  	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+--- 106,112 ----
+  		}
+  	rsa=NULL;
+  
+! 	X509_set_version(x,2);
+  	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+  	X509_gmtime_adj(X509_get_notBefore(x),0);
+  	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/passwd.pod ../RELENG_4_6/crypto/openssl/doc/apps/passwd.pod
+*** crypto/openssl/doc/apps/passwd.pod	Sun Nov 26 06:34:06 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/passwd.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 69,75 ****
+  
+  B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+  
+! B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
+  
+  B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+  
+--- 69,75 ----
+  
+  B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+  
+! B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
+  
+  B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/req.pod ../RELENG_4_6/crypto/openssl/doc/apps/req.pod
+*** crypto/openssl/doc/apps/req.pod	Sun Nov 26 06:34:06 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/req.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 457,469 ****
+  
+  The header and footer lines in the B<PEM> format are normally:
+  
+!  -----BEGIN CERTIFICATE REQUEST----
+!  -----END CERTIFICATE REQUEST----
+  
+  some software (some versions of Netscape certificate server) instead needs:
+  
+!  -----BEGIN NEW CERTIFICATE REQUEST----
+!  -----END NEW CERTIFICATE REQUEST----
+  
+  which is produced with the B<-newhdr> option but is otherwise compatible.
+  Either form is accepted transparently on input.
+--- 457,469 ----
+  
+  The header and footer lines in the B<PEM> format are normally:
+  
+!  -----BEGIN CERTIFICATE REQUEST-----
+!  -----END CERTIFICATE REQUEST-----
+  
+  some software (some versions of Netscape certificate server) instead needs:
+  
+!  -----BEGIN NEW CERTIFICATE REQUEST-----
+!  -----END NEW CERTIFICATE REQUEST-----
+  
+  which is produced with the B<-newhdr> option but is otherwise compatible.
+  Either form is accepted transparently on input.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/smime.pod ../RELENG_4_6/crypto/openssl/doc/apps/smime.pod
+*** crypto/openssl/doc/apps/smime.pod	Mon Feb 24 21:51:19 2003
+--- ../RELENG_4_6/crypto/openssl/doc/apps/smime.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 340,347 ****
+  signature by line wrapping the base64 encoded structure and surrounding
+  it with:
+  
+!  -----BEGIN PKCS7----
+!  -----END PKCS7----
+  
+  and using the command, 
+  
+--- 340,347 ----
+  signature by line wrapping the base64 encoded structure and surrounding
+  it with:
+  
+!  -----BEGIN PKCS7-----
+!  -----END PKCS7-----
+  
+  and using the command, 
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/x509.pod ../RELENG_4_6/crypto/openssl/doc/apps/x509.pod
+*** crypto/openssl/doc/apps/x509.pod	Sun Nov 26 06:34:06 2000
+--- ../RELENG_4_6/crypto/openssl/doc/apps/x509.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 321,327 ****
+  ".srl" appended. For example if the CA certificate file is called 
+  "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+  
+! =item B<-CAcreateserial filename>
+  
+  with this option the CA serial number file is created if it does not exist:
+  it will contain the serial number "02" and the certificate being signed will
+--- 321,327 ----
+  ".srl" appended. For example if the CA certificate file is called 
+  "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+  
+! =item B<-CAcreateserial>
+  
+  with this option the CA serial number file is created if it does not exist:
+  it will contain the serial number "02" and the certificate being signed will
+***************
+*** 532,556 ****
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust sslclient \
+! 	-alias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+  The PEM format uses the header and footer lines:
+  
+!  -----BEGIN CERTIFICATE----
+!  -----END CERTIFICATE----
+  
+  it will also handle files containing:
+  
+!  -----BEGIN X509 CERTIFICATE----
+!  -----END X509 CERTIFICATE----
+  
+  Trusted certificates have the lines
+  
+!  -----BEGIN TRUSTED CERTIFICATE----
+!  -----END TRUSTED CERTIFICATE----
+  
+  The conversion to UTF8 format used with the name options assumes that
+  T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+--- 532,556 ----
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust clientAuth \
+! 	-setalias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+  The PEM format uses the header and footer lines:
+  
+!  -----BEGIN CERTIFICATE-----
+!  -----END CERTIFICATE-----
+  
+  it will also handle files containing:
+  
+!  -----BEGIN X509 CERTIFICATE-----
+!  -----END X509 CERTIFICATE-----
+  
+  Trusted certificates have the lines
+  
+!  -----BEGIN TRUSTED CERTIFICATE-----
+!  -----END TRUSTED CERTIFICATE-----
+  
+  The conversion to UTF8 format used with the name options assumes that
+  T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/c-indentation.el ../RELENG_4_6/crypto/openssl/doc/c-indentation.el
+*** crypto/openssl/doc/c-indentation.el	Sun Nov 26 06:34:04 2000
+--- ../RELENG_4_6/crypto/openssl/doc/c-indentation.el	Fri Feb 21 11:32:58 2003
+***************
+*** 13,24 ****
+  ;
+  ; Apparently statement blocks that are not introduced by a statement
+  ; such as "if" and that are not the body of a function cannot
+! ; be handled too well by CC mode with this indentation style.
+! ; The style defined below does not indent them at all.
+! ; To insert tabs manually, prefix them with ^Q (the "quoted-insert"
+! ; command of Emacs).  If you know a solution to this problem
+! ; or find other problems with this indentation style definition,
+! ; please send e-mail to bodo@openssl.org.
+  
+  (c-add-style "eay"
+  	     '((c-basic-offset . 8)
+--- 13,22 ----
+  ;
+  ; Apparently statement blocks that are not introduced by a statement
+  ; such as "if" and that are not the body of a function cannot
+! ; be handled too well by CC mode with this indentation style,
+! ; so you have to indent them manually (you can use C-q tab).
+! ; 
+! ; For suggesting improvements, please send e-mail to bodo@openssl.org.
+  
+  (c-add-style "eay"
+  	     '((c-basic-offset . 8)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_CTX_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_CTX_new.pod
+*** crypto/openssl/doc/crypto/BN_CTX_new.pod	Sun Aug 20 04:46:55 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_CTX_new.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 42,48 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_start(3)|BN_CTX_start(3)>
+  
+  =head1 HISTORY
+--- 42,48 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_start(3)|BN_CTX_start(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add.pod
+*** crypto/openssl/doc/crypto/BN_add.pod	Sun Aug 20 04:46:55 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 86,92 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+  L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+  
+  =head1 HISTORY
+--- 86,92 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+  L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add_word.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add_word.pod
+*** crypto/openssl/doc/crypto/BN_add_word.pod	Sun Aug 20 04:46:55 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_add_word.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 46,52 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+--- 46,52 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_bn2bin.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_bn2bin.pod
+*** crypto/openssl/doc/crypto/BN_bn2bin.pod	Mon Feb 24 21:51:19 2003
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_bn2bin.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 80,86 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>,
+  L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
+  L<BN_num_bytes(3)|BN_num_bytes(3)>
+  
+--- 80,86 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
+  L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
+  L<BN_num_bytes(3)|BN_num_bytes(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_copy.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_copy.pod
+*** crypto/openssl/doc/crypto/BN_copy.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_copy.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 25,31 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 25,31 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_generate_prime.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_generate_prime.pod
+*** crypto/openssl/doc/crypto/BN_generate_prime.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_generate_prime.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 70,76 ****
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_check>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+--- 70,76 ----
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_checks>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+***************
+*** 90,96 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>
+  
+  =head1 HISTORY
+  
+--- 90,96 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_inverse.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_inverse.pod
+*** crypto/openssl/doc/crypto/BN_mod_inverse.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_inverse.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 27,33 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+--- 27,33 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
+*** crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod	Sun Nov 26 06:34:07 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 81,87 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+--- 81,87 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
+*** crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod	Sun Nov 26 06:34:07 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 69,75 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+--- 69,75 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_new.pod
+*** crypto/openssl/doc/crypto/BN_new.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_new.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 42,48 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 42,48 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_rand.pod ../RELENG_4_6/crypto/openssl/doc/crypto/BN_rand.pod
+*** crypto/openssl/doc/crypto/BN_rand.pod	Mon Feb 24 21:51:19 2003
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/BN_rand.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 45,51 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+  
+  =head1 HISTORY
+--- 45,51 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_key.pod
+*** crypto/openssl/doc/crypto/DH_generate_key.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_key.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 40,46 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+  
+  =head1 HISTORY
+  
+--- 40,46 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_parameters.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_parameters.pod
+*** crypto/openssl/doc/crypto/DH_generate_parameters.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_generate_parameters.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+! L<DH_free(3)|DH_free(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod
+*** crypto/openssl/doc/crypto/DH_get_ex_new_index.pod	Mon Feb 24 21:51:20 2003
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_get_ex_new_index.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 34,72 ****
+  available since OpenSSL 0.9.5.
+  
+  =cut
+- =pod
+- 
+- =head1 NAME
+- 
+- DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data - add application specific data to DH structures
+- 
+- =head1 SYNOPSIS
+- 
+-  #include <openssl/dh.h>
+- 
+-  int DH_get_ex_new_index(long argl, void *argp,
+- 		CRYPTO_EX_new *new_func,
+- 		CRYPTO_EX_dup *dup_func,
+- 		CRYPTO_EX_free *free_func);
+- 
+-  int DH_set_ex_data(DH *d, int idx, void *arg);
+- 
+-  char *DH_get_ex_data(DH *d, int idx);
+- 
+- =head1 DESCRIPTION
+- 
+- These functions handle application specific data in DH
+- structures. Their usage is identical to that of
+- RSA_get_ex_new_index(), RSA_set_ex_data() and RSA_get_ex_data()
+- as described in L<RSA_get_ex_new_index(3)>.
+- 
+- =head1 SEE ALSO
+- 
+- L<RSA_get_ex_new_index()|RSA_get_ex_new_index()>, L<dh(3)|dh(3)>
+- 
+- =head1 HISTORY
+- 
+- DH_get_ex_new_index(), DH_set_ex_data() and DH_get_ex_data() are
+- available since OpenSSL 0.9.5.
+- 
+- =cut
+--- 34,36 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DH_new.pod
+*** crypto/openssl/doc/crypto/DH_new.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DH_new.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 29,35 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>,
+  L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+  L<DH_generate_key(3)|DH_generate_key(3)>
+  
+--- 29,35 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+  L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+  L<DH_generate_key(3)|DH_generate_key(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_SIG_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_SIG_new.pod
+*** crypto/openssl/doc/crypto/DSA_SIG_new.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_SIG_new.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 30,36 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+  
+--- 30,37 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+! L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_do_sign.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_do_sign.pod
+*** crypto/openssl/doc/crypto/DSA_do_sign.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_do_sign.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 36,42 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+  L<DSA_sign(3)|DSA_sign(3)>
+  
+--- 36,42 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+  L<DSA_sign(3)|DSA_sign(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_dup_DH.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_dup_DH.pod
+*** crypto/openssl/doc/crypto/DSA_dup_DH.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_dup_DH.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 27,33 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 27,33 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_key.pod
+*** crypto/openssl/doc/crypto/DSA_generate_key.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_key.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 24,30 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+  
+  =head1 HISTORY
+  
+--- 24,31 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+! L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_parameters.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
+*** crypto/openssl/doc/crypto/DSA_generate_parameters.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_generate_parameters.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 90,96 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_free(3)|DSA_free(3)>
+  
+  =head1 HISTORY
+--- 90,96 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_free(3)|DSA_free(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_new.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_new.pod
+*** crypto/openssl/doc/crypto/DSA_new.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_new.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 30,36 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+  L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+  L<DSA_generate_key(3)|DSA_generate_key(3)>
+  
+--- 30,36 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+  L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+  L<DSA_generate_key(3)|DSA_generate_key(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_sign.pod ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_sign.pod
+*** crypto/openssl/doc/crypto/DSA_sign.pod	Sun Aug 20 04:46:56 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/DSA_sign.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 55,61 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+--- 55,61 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_SealInit.pod ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_SealInit.pod
+*** crypto/openssl/doc/crypto/EVP_SealInit.pod	Sun Nov 26 06:34:08 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/EVP_SealInit.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 12,18 ****
+  		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+   int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl, unsigned char *in, int inl);
+!  int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl);
+  
+  =head1 DESCRIPTION
+--- 12,18 ----
+  		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+   int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl, unsigned char *in, int inl);
+!  void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl);
+  
+  =head1 DESCRIPTION
+***************
+*** 43,50 ****
+  
+  EVP_SealInit() returns 0 on error or B<npubk> if successful.
+  
+! EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
+! failure.
+  
+  =head1 NOTES
+  
+--- 43,49 ----
+  
+  EVP_SealInit() returns 0 on error or B<npubk> if successful.
+  
+! EVP_SealUpdate() returns 1 for success and 0 for failure.
+  
+  =head1 NOTES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RAND_bytes.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RAND_bytes.pod
+*** crypto/openssl/doc/crypto/RAND_bytes.pod	Sun Aug 20 04:46:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RAND_bytes.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 35,41 ****
+  
+  =head1 SEE ALSO
+  
+! L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)>
+  
+  =head1 HISTORY
+  
+--- 35,42 ----
+  
+  =head1 SEE ALSO
+  
+! L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+! L<RAND_add(3)|RAND_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_check_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_check_key.pod
+*** crypto/openssl/doc/crypto/RSA_check_key.pod	Mon Feb 24 21:51:20 2003
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_check_key.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 39,45 ****
+  
+  =head1 SEE ALSO
+  
+! L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 39,45 ----
+  
+  =head1 SEE ALSO
+  
+! L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_generate_key.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_generate_key.pod
+*** crypto/openssl/doc/crypto/RSA_generate_key.pod	Mon Feb 24 21:51:20 2003
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_generate_key.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_free(3)|RSA_free(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_print.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_print.pod
+*** crypto/openssl/doc/crypto/RSA_print.pod	Sun Nov 26 06:34:08 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_print.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 2,10 ****
+  
+  =head1 NAME
+  
+! RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
+! DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic
+! parameters
+  
+  =head1 SYNOPSIS
+  
+--- 2,10 ----
+  
+  =head1 NAME
+  
+! RSA_print, RSA_print_fp,
+! DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+! DHparams_print, DHparams_print_fp - print cryptographic parameters
+  
+  =head1 SYNOPSIS
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_private_encrypt.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
+*** crypto/openssl/doc/crypto/RSA_private_encrypt.pod	Sun Aug 20 04:46:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_private_encrypt.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_public_encrypt.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
+*** crypto/openssl/doc/crypto/RSA_public_encrypt.pod	Sun Nov 26 06:34:09 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_public_encrypt.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 72,78 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
+  
+  =head1 NOTES
+  
+--- 72,79 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_size(3)|RSA_size(3)>
+  
+  =head1 NOTES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign.pod
+*** crypto/openssl/doc/crypto/RSA_sign.pod	Sun Aug 20 04:46:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 50,57 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+  L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+  
+  =head1 HISTORY
+--- 50,57 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+! L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+  L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+*** crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod	Sun Aug 20 04:46:57 2000
+--- ../RELENG_4_6/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod	Fri Feb 21 11:32:58 2003
+***************
+*** 47,54 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
+! L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+  L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+--- 47,54 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+! L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+  L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/openssl.txt ../RELENG_4_6/crypto/openssl/doc/openssl.txt
+*** crypto/openssl/doc/openssl.txt	Sun Nov 26 06:34:04 2000
+--- ../RELENG_4_6/crypto/openssl/doc/openssl.txt	Fri Feb 21 11:32:58 2003
+***************
+*** 344,350 ****
+  
+  Examples:
+  
+! subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+  subjectAltName=email:my@other.address,RID:1.2.3.4
+  
+  Issuer Alternative Name.
+--- 344,350 ----
+  
+  Examples:
+  
+! subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+  subjectAltName=email:my@other.address,RID:1.2.3.4
+  
+  Issuer Alternative Name.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_add_session.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_add_session.pod	Wed Jul  4 19:22:31 2001
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod	Fri Feb 21 11:32:59 2003
+***************
+*** 37,42 ****
+--- 37,50 ----
+  identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
+  is a no-op, and the return value is 0.
+  
++ If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
++ flag then the internal cache will not be populated automatically by new
++ sessions negotiated by the SSL/TLS implementation, even though the internal
++ cache will be searched automatically for session-resume requests (the
++ latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
++ application can use SSL_CTX_add_session() directly to have full control
++ over the sessions that can be resumed if desired.
++ 
+  
+  =head1 RETURN VALUES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod	Mon Feb 24 21:51:21 2003
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_get_ex_new_index.pod	Fri Feb 21 11:32:59 2003
+***************
+*** 51,106 ****
+  L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+  
+  =cut
+- =pod
+- 
+- =head1 NAME
+- 
+- SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data - internal application specific data functions
+- 
+- =head1 SYNOPSIS
+- 
+-  #include <openssl/ssl.h>
+- 
+-  int SSL_CTX_get_ex_new_index(long argl, void *argp,
+-                 CRYPTO_EX_new *new_func,
+-                 CRYPTO_EX_dup *dup_func,
+-                 CRYPTO_EX_free *free_func);
+- 
+-  int SSL_CTX_set_ex_data(SSL_CTX *ctx, int idx, void *arg);
+- 
+-  void *SSL_CTX_get_ex_data(SSL_CTX *ctx, int idx);
+- 
+-  typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+-                 int idx, long argl, void *argp);
+-  typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+-                 int idx, long argl, void *argp);
+-  typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+-                 int idx, long argl, void *argp);
+- 
+- =head1 DESCRIPTION
+- 
+- Several OpenSSL structures can have application specific data attached to them.
+- These functions are used internally by OpenSSL to manipulate application
+- specific data attached to a specific structure.
+- 
+- SSL_CTX_get_ex_new_index() is used to register a new index for application
+- specific data.
+- 
+- SSL_CTX_set_ex_data() is used to store application data at B<arg> for B<idx>
+- into the B<ctx> object.
+- 
+- SSL_CTX_get_ex_data() is used to retrieve the information for B<idx> from
+- B<ctx>.
+- 
+- A detailed description for the B<*_get_ex_new_index()> functionality
+- can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
+- The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+- L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+- 
+- =head1 SEE ALSO
+- 
+- L<ssl(3)|ssl(3)>,
+- L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+- L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+- 
+- =cut
+--- 51,53 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_new.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_new.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_new.pod	Mon Feb 24 21:51:21 2003
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_new.pod	Fri Feb 21 11:32:59 2003
+***************
+*** 92,192 ****
+  L<ssl(3)|ssl(3)>,  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+  
+  =cut
+- =pod
+- 
+- =head1 NAME
+- 
+- SSL_CTX_new - create a new SSL_CTX object as framework for TLS/SSL enabled functions
+- 
+- =head1 SYNOPSIS
+- 
+-  #include <openssl/ssl.h>
+- 
+-  SSL_CTX *SSL_CTX_new(SSL_METHOD *method);
+- 
+- =head1 DESCRIPTION
+- 
+- SSL_CTX_new() creates a new B<SSL_CTX> object as framework to establish
+- TLS/SSL enabled connections.
+- 
+- =head1 NOTES
+- 
+- The SSL_CTX object uses B<method> as connection method. The methods exist
+- in a generic type (for client and server use), a server only type, and a
+- client only type. B<method> can be of the following types:
+- 
+- =over 4
+- 
+- =item SSLv2_method(void), SSLv2_server_method(void), SSLv2_client_method(void)
+- 
+- A TLS/SSL connection established with these methods will only understand
+- the SSLv2 protocol. A client will send out SSLv2 client hello messages
+- and will also indicate that it only understand SSLv2. A server will only
+- understand SSLv2 client hello messages.
+- 
+- =item SSLv3_method(void), SSLv3_server_method(void), SSLv3_client_method(void)
+- 
+- A TLS/SSL connection established with these methods will only understand the
+- SSLv3 protocol. A client will send out SSLv3 client hello messages
+- and will indicate that it only understands SSLv3. A server will only understand
+- SSLv3 client hello messages. This especially means, that it will
+- not understand SSLv2 client hello messages which are widely used for
+- compatibility reasons, see SSLv23_*_method().
+- 
+- =item TLSv1_method(void), TLSv1_server_method(void), TLSv1_client_method(void)
+- 
+- A TLS/SSL connection established with these methods will only understand the
+- TLSv1 protocol. A client will send out TLSv1 client hello messages
+- and will indicate that it only understands TLSv1. A server will only understand
+- TLSv1 client hello messages. This especially means, that it will
+- not understand SSLv2 client hello messages which are widely used for
+- compatibility reasons, see SSLv23_*_method(). It will also not understand
+- SSLv3 client hello messages.
+- 
+- =item SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)
+- 
+- A TLS/SSL connection established with these methods will understand the SSLv2,
+- SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
+- and will indicate that it also understands SSLv3 and TLSv1. A server will
+- understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
+- choice when compatibility is a concern.
+- 
+- =back
+- 
+- If a generic method is used, it is necessary to explicitly set client or
+- server mode with L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+- or SSL_set_accept_state().
+- 
+- The list of protocols available can later be limited using the SSL_OP_NO_SSLv2,
+- SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the B<SSL_CTX_set_options()> or
+- B<SSL_set_options()> functions. Using these options it is possible to choose
+- e.g. SSLv23_server_method() and be able to negotiate with all possible
+- clients, but to only allow newer protocols like SSLv3 or TLSv1.
+- 
+- SSL_CTX_new() initializes the list of ciphers, the session cache setting,
+- the callbacks, the keys and certificates, and the options to its default
+- values.
+- 
+- =head1 RETURN VALUES
+- 
+- The following return values can occur:
+- 
+- =over 4
+- 
+- =item NULL
+- 
+- The creation of a new SSL_CTX object failed. Check the error stack to
+- find out the reason.
+- 
+- =item Pointer to an SSL_CTX object
+- 
+- The return value points to an allocated SSL_CTX object.
+- 
+- =back
+- 
+- =head1 SEE ALSO
+- 
+- L<SSL_CTX_free(3)|SSL_CTX_free(3)>, L<SSL_accept(3)|SSL_accept(3)>,
+- L<ssl(3)|ssl(3)>,  L<SSL_set_connect_state(3)|SSL_set_connect_state(3)>
+- 
+- =cut
+--- 92,94 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod	Mon Feb 24 21:51:21 2003
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod	Fri Feb 21 11:32:59 2003
+***************
+*** 26,37 ****
+  object.
+  
+  In order to reuse a session, a client must send the session's id to the
+! server. It can only send exactly one id.  The server then decides whether it
+! agrees in reusing the session or starts the handshake for a new session.
+! 
+! A server will lookup up the session in its internal session storage. If
+! the session is not found in internal storage or internal storage is
+! deactivated, the server will try the external storage if available.
+  
+  Since a client may try to reuse a session intended for use in a different
+  context, the session id context must be set by the server (see
+--- 26,39 ----
+  object.
+  
+  In order to reuse a session, a client must send the session's id to the
+! server. It can only send exactly one id.  The server then either 
+! agrees to reuse the session or it starts a full handshake (to create a new
+! session).
+! 
+! A server will lookup up the session in its internal session storage. If the
+! session is not found in internal storage or lookups for the internal storage
+! have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
+! the external storage if available.
+  
+  Since a client may try to reuse a session intended for use in a different
+  context, the session id context must be set by the server (see
+***************
+*** 57,65 ****
+  =item SSL_SESS_CACHE_SERVER
+  
+  Server sessions are added to the session cache. When a client proposes a
+! session to be reused, the session is looked up in the internal session cache.
+! If the session is found, the server will try to reuse the session.
+! This is the default.
+  
+  =item SSL_SESS_CACHE_BOTH
+  
+--- 59,68 ----
+  =item SSL_SESS_CACHE_SERVER
+  
+  Server sessions are added to the session cache. When a client proposes a
+! session to be reused, the server looks for the corresponding session in (first)
+! the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
+! then (second) in the external cache if available. If the session is found, the
+! server will try to reuse the session.  This is the default.
+  
+  =item SSL_SESS_CACHE_BOTH
+  
+***************
+*** 77,88 ****
+  
+  =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+  
+! By setting this flag sessions are cached in the internal storage but
+! they are not looked up automatically. If an external session cache
+! is enabled, sessions are looked up in the external cache. As automatic
+! lookup only applies for SSL/TLS servers, the flag has no effect on
+  clients.
+  
+  =back
+  
+  The default mode is SSL_SESS_CACHE_SERVER.
+--- 80,111 ----
+  
+  =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+  
+! By setting this flag, session-resume operations in an SSL/TLS server will not
+! automatically look up sessions in the internal cache, even if sessions are
+! automatically stored there. If external session caching callbacks are in use,
+! this flag guarantees that all lookups are directed to the external cache.
+! As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
+  clients.
+  
++ =item SSL_SESS_CACHE_NO_INTERNAL_STORE
++ 
++ Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
++ sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
++ Normally a new session is added to the internal cache as well as any external
++ session caching (callback) that is configured for the SSL_CTX. This flag will
++ prevent sessions being stored in the internal cache (though the application can
++ add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
++ in any SSL/TLS servers where external caching is configured, any successful
++ session lookups in the external cache (ie. for session-resume requests) would
++ normally be copied into the local cache before processing continues - this flag
++ prevents these additions to the internal cache as well.
++ 
++ =item SSL_SESS_CACHE_NO_INTERNAL
++ 
++ Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
++ SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
++ 
++ 
+  =back
+  
+  The default mode is SSL_SESS_CACHE_SERVER.
+***************
+*** 98,108 ****
+--- 121,137 ----
+  
+  L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
+  L<SSL_session_reused(3)|SSL_session_reused(3)>,
++ L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+  L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+  L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+  L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+  L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+  L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+  L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
++ 
++ =head1 HISTORY
++ 
++ SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
++ were introduced in OpenSSL 0.9.6h.
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	Mon Feb 24 21:51:21 2003
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	Fri Feb 21 11:32:59 2003
+***************
+*** 235,241 ****
+       * At this point, err contains the last verification error. We can use
+       * it for something special
+       */
+!     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
+      {
+        X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+        printf("issuer= %s\n", buf);
+--- 235,241 ----
+       * At this point, err contains the last verification error. We can use
+       * it for something special
+       */
+!     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
+      {
+        X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+        printf("issuer= %s\n", buf);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod
+*** crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod	Mon Feb 24 21:51:21 2003
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_SESSION_get_ex_new_index.pod	Fri Feb 21 11:32:59 2003
+***************
+*** 59,122 ****
+  L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+  
+  =cut
+- =pod
+- 
+- =head1 NAME
+- 
+- SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data - internal application specific data functions
+- 
+- =head1 SYNOPSIS
+- 
+-  #include <openssl/ssl.h>
+- 
+-  int SSL_SESSION_get_ex_new_index(long argl, void *argp,
+-                 CRYPTO_EX_new *new_func,
+-                 CRYPTO_EX_dup *dup_func,
+-                 CRYPTO_EX_free *free_func);
+- 
+-  int SSL_SESSION_set_ex_data(SSL_SESSION *session, int idx, void *arg);
+- 
+-  void *SSL_SESSION_get_ex_data(SSL_SESSION *session, int idx);
+- 
+-  typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+-                 int idx, long argl, void *argp);
+-  typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+-                 int idx, long argl, void *argp);
+-  typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+-                 int idx, long argl, void *argp);
+- 
+- =head1 DESCRIPTION
+- 
+- Several OpenSSL structures can have application specific data attached to them.
+- These functions are used internally by OpenSSL to manipulate application
+- specific data attached to a specific structure.
+- 
+- SSL_SESSION_get_ex_new_index() is used to register a new index for application
+- specific data.
+- 
+- SSL_SESSION_set_ex_data() is used to store application data at B<arg> for B<idx>
+- into the B<session> object.
+- 
+- SSL_SESSION_get_ex_data() is used to retrieve the information for B<idx> from
+- B<session>.
+- 
+- A detailed description for the B<*_get_ex_new_index()> functionality
+- can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
+- The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+- L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+- 
+- =head1 WARNINGS
+- 
+- The application data is only maintained for sessions held in memory. The
+- application data is not included when dumping the session with
+- i2d_SSL_SESSION() (and all functions indirectly calling the dump functions
+- like PEM_write_SSL_SESSION() and PEM_write_bio_SSL_SESSION()) and can
+- therefore not be restored.
+- 
+- =head1 SEE ALSO
+- 
+- L<ssl(3)|ssl(3)>,
+- L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+- L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>
+- 
+- =cut
+--- 59,61 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod
+*** crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod	Mon Feb 24 21:51:21 2003
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_get_ex_new_index.pod	Fri Feb 21 11:32:59 2003
+***************
+*** 57,118 ****
+  L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+  
+  =cut
+- =pod
+- 
+- =head1 NAME
+- 
+- SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data - internal application specific data functions
+- 
+- =head1 SYNOPSIS
+- 
+-  #include <openssl/ssl.h>
+- 
+-  int SSL_get_ex_new_index(long argl, void *argp,
+-                 CRYPTO_EX_new *new_func,
+-                 CRYPTO_EX_dup *dup_func,
+-                 CRYPTO_EX_free *free_func);
+- 
+-  int SSL_set_ex_data(SSL *ssl, int idx, void *arg);
+- 
+-  void *SSL_get_ex_data(SSL *ssl, int idx);
+- 
+-  typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+-                 int idx, long argl, void *argp);
+-  typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
+-                 int idx, long argl, void *argp);
+-  typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
+-                 int idx, long argl, void *argp);
+- 
+- =head1 DESCRIPTION
+- 
+- Several OpenSSL structures can have application specific data attached to them.
+- These functions are used internally by OpenSSL to manipulate application
+- specific data attached to a specific structure.
+- 
+- SSL_get_ex_new_index() is used to register a new index for application
+- specific data.
+- 
+- SSL_set_ex_data() is used to store application data at B<arg> for B<idx> into
+- the B<ssl> object.
+- 
+- SSL_get_ex_data() is used to retrieve the information for B<idx> from
+- B<ssl>.
+- 
+- A detailed description for the B<*_get_ex_new_index()> functionality
+- can be found in L<RSA_get_ex_new_index.pod(3)|RSA_get_ex_new_index.pod(3)>.
+- The B<*_get_ex_data()> and B<*_set_ex_data()> functionality is described in
+- L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>.
+- 
+- =head1 EXAMPLES
+- 
+- An example on how to use the functionality is included in the example
+- verify_callback() in L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>.
+- 
+- =head1 SEE ALSO
+- 
+- L<ssl(3)|ssl(3)>,
+- L<RSA_get_ex_new_index(3)|RSA_get_ex_new_index(3)>,
+- L<CRYPTO_set_ex_data(3)|CRYPTO_set_ex_data(3)>,
+- L<SSL_CTX_set_verify(3)|SSL_CTX_set_verify(3)>
+- 
+- =cut
+--- 57,59 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_new.pod ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_new.pod
+*** crypto/openssl/doc/ssl/SSL_new.pod	Mon Feb 24 21:51:21 2003
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/SSL_new.pod	Fri Feb 21 11:32:59 2003
+***************
+*** 42,87 ****
+  L<ssl(3)|ssl(3)>
+  
+  =cut
+- =pod
+- 
+- =head1 NAME
+- 
+- SSL_new - create a new SSL structure for a connection
+- 
+- =head1 SYNOPSIS
+- 
+-  #include <openssl/ssl.h>
+- 
+-  SSL *SSL_new(SSL_CTX *ctx);
+- 
+- =head1 DESCRIPTION
+- 
+- SSL_new() creates a new B<SSL> structure which is needed to hold the
+- data for a TLS/SSL connection. The new structure inherits the settings
+- of the underlying context B<ctx>: connection method (SSLv2/v3/TLSv1),
+- options, verification settings, timeout settings.
+- 
+- =head1 RETURN VALUES
+- 
+- The following return values can occur:
+- 
+- =over 4
+- 
+- =item NULL
+- 
+- The creation of a new SSL structure failed. Check the error stack to
+- find out the reason.
+- 
+- =item Pointer to an SSL structure
+- 
+- The return value points to an allocated SSL structure.
+- 
+- =back
+- 
+- =head1 SEE ALSO
+- 
+- L<SSL_free(3)|SSL_free(3)>, L<SSL_clear(3)|SSL_clear(3)>,
+- L<SSL_CTX_set_options(3)|SSL_CTX_set_options(3)>,
+- L<ssl(3)|ssl(3)>
+- 
+- =cut
+--- 42,44 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/ssl.pod ../RELENG_4_6/crypto/openssl/doc/ssl/ssl.pod
+*** crypto/openssl/doc/ssl/ssl.pod	Mon Feb 24 21:51:21 2003
+--- ../RELENG_4_6/crypto/openssl/doc/ssl/ssl.pod	Fri Feb 21 11:32:59 2003
+***************
+*** 347,353 ****
+  
+  long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+  
+! The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+  session instead of a context.
+  
+  =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+--- 347,353 ----
+  
+  long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+  
+! The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
+  session instead of a context.
+  
+  =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/e_os.h ../RELENG_4_6/crypto/openssl/e_os.h
+*** crypto/openssl/e_os.h	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/e_os.h	Fri Feb 21 11:32:47 2003
+***************
+*** 219,228 ****
+  #    define _kbhit kbhit
+  #  endif
+  
+! #  if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+! #    define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
+  #  else
+! #    define EXIT(n)		return(n);
+  #  endif
+  #  define LIST_SEPARATOR_CHAR ';'
+  #  ifndef X_OK
+--- 219,229 ----
+  #    define _kbhit kbhit
+  #  endif
+  
+! #  if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+! #    define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
+! #    define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
+  #  else
+! #    define EXIT(n) return(n)
+  #  endif
+  #  define LIST_SEPARATOR_CHAR ';'
+  #  ifndef X_OK
+***************
+*** 275,292 ****
+       the status is tagged as an error, which I believe is what is wanted here.
+       -- Richard Levitte
+    */
+! #    if !defined(MONOLITH) || defined(OPENSSL_C)
+! #      define EXIT(n)		do { int __VMS_EXIT = n; \
+                                       if (__VMS_EXIT == 0) \
+  				       __VMS_EXIT = 1; \
+  				     else \
+  				       __VMS_EXIT = (n << 3) | 2; \
+                                       __VMS_EXIT |= 0x10000000; \
+! 				     exit(__VMS_EXIT); \
+! 				     return(__VMS_EXIT); } while(0)
+! #    else
+! #      define EXIT(n)		return(n)
+! #    endif
+  #    define NO_SYS_PARAM_H
+  #  else
+       /* !defined VMS */
+--- 276,288 ----
+       the status is tagged as an error, which I believe is what is wanted here.
+       -- Richard Levitte
+    */
+! #    define EXIT(n)		do { int __VMS_EXIT = n; \
+                                       if (__VMS_EXIT == 0) \
+  				       __VMS_EXIT = 1; \
+  				     else \
+  				       __VMS_EXIT = (n << 3) | 2; \
+                                       __VMS_EXIT |= 0x10000000; \
+! 				     exit(__VMS_EXIT); } while(0)
+  #    define NO_SYS_PARAM_H
+  #  else
+       /* !defined VMS */
+***************
+*** 317,327 ****
+  #    define RFILE		".rnd"
+  #    define LIST_SEPARATOR_CHAR ':'
+  #    define NUL_DEV		"/dev/null"
+! #    ifndef MONOLITH
+! #      define EXIT(n)		exit(n); return(n)
+! #    else
+! #      define EXIT(n)		return(n)
+! #    endif
+  #  endif
+  
+  #  define SSLeay_getpid()	getpid()
+--- 313,319 ----
+  #    define RFILE		".rnd"
+  #    define LIST_SEPARATOR_CHAR ':'
+  #    define NUL_DEV		"/dev/null"
+! #    define EXIT(n)		exit(n)
+  #  endif
+  
+  #  define SSLeay_getpid()	getpid()
+***************
+*** 439,444 ****
+--- 431,444 ----
+  extern char *sys_errlist[]; extern int sys_nerr;
+  # define strerror(errnum) \
+  	(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
++ #endif
++ 
++ #ifndef OPENSSL_EXIT
++ # if defined(MONOLITH) && !defined(OPENSSL_C)
++ #  define OPENSSL_EXIT(n) return(n)
++ # else
++ #  define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
++ # endif
+  #endif
+  
+  /***********************************************/
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/openssl.spec ../RELENG_4_6/crypto/openssl/openssl.spec
+*** crypto/openssl/openssl.spec	Mon Feb 24 21:51:09 2003
+--- ../RELENG_4_6/crypto/openssl/openssl.spec	Fri Feb 21 11:32:47 2003
+***************
+*** 1,7 ****
+  %define libmaj 0
+  %define libmin 9
+  %define librel 6
+! %define librev d
+  Release: 1
+  
+  %define openssldir /var/ssl
+--- 1,7 ----
+  %define libmaj 0
+  %define libmin 9
+  %define librel 6
+! %define librev i
+  Release: 1
+  
+  %define openssldir /var/ssl
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/Makefile.ssl ../RELENG_4_6/crypto/openssl/ssl/Makefile.ssl
+*** crypto/openssl/ssl/Makefile.ssl	Mon Feb 24 21:51:22 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/Makefile.ssl	Fri Feb 21 11:32:59 2003
+***************
+*** 84,90 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 84,90 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_clnt.c ../RELENG_4_6/crypto/openssl/ssl/s23_clnt.c
+*** crypto/openssl/ssl/s23_clnt.c	Mon Feb 24 21:51:22 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s23_clnt.c	Fri Feb 21 11:33:00 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_clnt.c,v 1.2.2.3.6.1 2002/07/31 02:55:07 nectar Exp $
+   */
+  
+  #include <stdio.h>
+--- 54,59 ----
+***************
+*** 89,106 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_client_data,
+! 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 		SSLv23_client_data.ssl_connect=ssl23_connect;
+! 		SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_client_data);
+  	}
+  
+  int ssl23_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf;
+  	unsigned long Time=time(NULL);
+  	void (*cb)()=NULL;
+  	int ret= -1;
+--- 87,111 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_client_data,
+! 				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 			SSLv23_client_data.ssl_connect=ssl23_connect;
+! 			SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_client_data);
+  	}
+  
+  int ssl23_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf=NULL;
+  	unsigned long Time=time(NULL);
+  	void (*cb)()=NULL;
+  	int ret= -1;
+***************
+*** 154,159 ****
+--- 159,165 ----
+  					goto end;
+  					}
+  				s->init_buf=buf;
++ 				buf=NULL;
+  				}
+  
+  			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+***************
+*** 202,207 ****
+--- 208,215 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL)
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_lib.c ../RELENG_4_6/crypto/openssl/ssl/s23_lib.c
+*** crypto/openssl/ssl/s23_lib.c	Wed Jul  4 19:19:44 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s23_lib.c	Fri Feb 21 11:33:00 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_lib.c,v 1.2.2.3 2001/07/04 23:19:44 kris Exp $
+   */
+  
+  #include <stdio.h>
+--- 54,59 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_meth.c ../RELENG_4_6/crypto/openssl/ssl/s23_meth.c
+*** crypto/openssl/ssl/s23_meth.c	Wed Jul  4 19:19:44 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s23_meth.c	Fri Feb 21 11:33:00 2003
+***************
+*** 80,91 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv23_data.ssl_connect=ssl23_connect;
+! 		SSLv23_data.ssl_accept=ssl23_accept;
+! 		SSLv23_data.get_ssl_method=ssl23_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_data);
+  	}
+--- 80,98 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv23_data.ssl_connect=ssl23_connect;
+! 			SSLv23_data.ssl_accept=ssl23_accept;
+! 			SSLv23_data.get_ssl_method=ssl23_get_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_srvr.c ../RELENG_4_6/crypto/openssl/ssl/s23_srvr.c
+*** crypto/openssl/ssl/s23_srvr.c	Mon Feb 24 21:51:22 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s23_srvr.c	Fri Feb 21 11:33:00 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_srvr.c,v 1.2.2.3.6.1 2002/07/31 02:55:07 nectar Exp $
+   */
+  /* ====================================================================
+   * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+--- 54,59 ----
+***************
+*** 141,151 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_server_data,
+! 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 		SSLv23_server_data.ssl_accept=ssl23_accept;
+! 		SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_server_data);
+  	}
+--- 139,156 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_server_data,
+! 				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 			SSLv23_server_data.ssl_accept=ssl23_accept;
+! 			SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_server_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_clnt.c ../RELENG_4_6/crypto/openssl/ssl/s2_clnt.c
+*** crypto/openssl/ssl/s2_clnt.c	Mon Feb 24 21:51:22 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_clnt.c	Fri Feb 21 11:33:00 2003
+***************
+*** 146,156 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_client_data.ssl_connect=ssl2_connect;
+! 		SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_client_data);
+  	}
+--- 145,162 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_client_data.ssl_connect=ssl2_connect;
+! 			SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_client_data);
+  	}
+***************
+*** 202,211 ****
+--- 208,220 ----
+  			if (!BUF_MEM_grow(buf,
+  				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+  				{
++ 				if (buf == s->init_buf)
++ 					buf=NULL;
+  				ret= -1;
+  				goto end;
+  				}
+  			s->init_buf=buf;
++ 			buf=NULL;
+  			s->init_num=0;
+  			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
+  			s->ctx->stats.sess_connect++;
+***************
+*** 332,337 ****
+--- 341,348 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL) 
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+***************
+*** 519,525 ****
+  		}
+  		
+  	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+! 	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+  	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
+  	return(1);
+  	}
+--- 530,541 ----
+  		}
+  		
+  	s->s2->conn_id_length=s->s2->tmp.conn_id_length;
+! 	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+! 		{
+! 		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+! 		SSLerr(SSL_F_GET_SERVER_HELLO, SSL_R_SSL2_CONNECTION_ID_TOO_LONG);
+! 		return -1;
+! 		}
+  	memcpy(s->s2->conn_id,p,s->s2->tmp.conn_id_length);
+  	return(1);
+  	}
+***************
+*** 621,627 ****
+  		/* make key_arg data */
+  		i=EVP_CIPHER_iv_length(c);
+  		sess->key_arg_length=i;
+! 		die(i <= SSL_MAX_KEY_ARG_LENGTH);
+  		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
+  
+  		/* make a master key */
+--- 637,648 ----
+  		/* make key_arg data */
+  		i=EVP_CIPHER_iv_length(c);
+  		sess->key_arg_length=i;
+! 		if (i > SSL_MAX_KEY_ARG_LENGTH)
+! 			{
+! 			ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+! 			SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+! 			return -1;
+! 			}
+  		if (i > 0) RAND_pseudo_bytes(sess->key_arg,i);
+  
+  		/* make a master key */
+***************
+*** 629,635 ****
+  		sess->master_key_length=i;
+  		if (i > 0)
+  			{
+! 			die(i <= sizeof sess->master_key);
+  			if (RAND_bytes(sess->master_key,i) <= 0)
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+--- 650,661 ----
+  		sess->master_key_length=i;
+  		if (i > 0)
+  			{
+! 			if (i > sizeof sess->master_key)
+! 				{
+! 				ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+! 				SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+! 				return -1;
+! 				}
+  			if (RAND_bytes(sess->master_key,i) <= 0)
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+***************
+*** 673,679 ****
+  		d+=enc;
+  		karg=sess->key_arg_length;	
+  		s2n(karg,p); /* key arg size */
+! 		die(karg <= sizeof sess->key_arg);
+  		memcpy(d,sess->key_arg,(unsigned int)karg);
+  		d+=karg;
+  
+--- 699,710 ----
+  		d+=enc;
+  		karg=sess->key_arg_length;	
+  		s2n(karg,p); /* key arg size */
+! 		if (karg > sizeof sess->key_arg)
+! 			{
+! 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+! 			SSLerr(SSL_F_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+! 			return -1;
+! 			}
+  		memcpy(d,sess->key_arg,(unsigned int)karg);
+  		d+=karg;
+  
+***************
+*** 694,700 ****
+  		{
+  		p=(unsigned char *)s->init_buf->data;
+  		*(p++)=SSL2_MT_CLIENT_FINISHED;
+! 		die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+  		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
+  
+  		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
+--- 725,735 ----
+  		{
+  		p=(unsigned char *)s->init_buf->data;
+  		*(p++)=SSL2_MT_CLIENT_FINISHED;
+! 		if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+! 			{
+! 			SSLerr(SSL_F_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+! 			return -1;
+! 			}
+  		memcpy(p,s->s2->conn_id,(unsigned int)s->s2->conn_id_length);
+  
+  		s->state=SSL2_ST_SEND_CLIENT_FINISHED_B;
+***************
+*** 722,729 ****
+  	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
+  		{
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),
+! 			SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
+! 		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+  		s->init_num += i;
+  
+--- 757,764 ----
+  	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
+  		{
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),
+! 			SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
+! 		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+  		s->init_num += i;
+  
+***************
+*** 951,960 ****
+  		{
+  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+  			{
+! 			die(s->session->session_id_length
+! 			    <= sizeof s->session->session_id);
+! 			if (memcmp(buf,s->session->session_id,
+! 				(unsigned int)s->session->session_id_length) != 0)
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+  				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
+--- 986,994 ----
+  		{
+  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+  			{
+! 			if ((s->session->session_id_length > sizeof s->session->session_id)
+! 			    || (0 != memcmp(buf, s->session->session_id,
+! 			                    (unsigned int)s->session->session_id_length)))
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+  				SSLerr(SSL_F_GET_SERVER_FINISHED,SSL_R_SSL_SESSION_ID_IS_DIFFERENT);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_enc.c ../RELENG_4_6/crypto/openssl/ssl/s2_enc.c
+*** crypto/openssl/ssl/s2_enc.c	Mon Feb 24 21:51:22 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_enc.c	Fri Feb 21 11:33:00 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_enc.c,v 1.2.2.3.6.1 2002/07/31 02:55:07 nectar Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+***************
+*** 98,104 ****
+  	num=c->key_len;
+  	s->s2->key_material_length=num*2;
+  
+! 	ssl2_generate_key_material(s);
+  
+  	EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+  		s->session->key_arg);
+--- 96,103 ----
+  	num=c->key_len;
+  	s->s2->key_material_length=num*2;
+  
+! 	if (ssl2_generate_key_material(s) <= 0)
+! 		return 0;
+  
+  	EVP_EncryptInit(ws,c,&(s->s2->key_material[(client)?num:0]),
+  		s->session->key_arg);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_lib.c ../RELENG_4_6/crypto/openssl/ssl/s2_lib.c
+*** crypto/openssl/ssl/s2_lib.c	Mon Feb 24 21:51:22 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_lib.c	Fri Feb 21 11:33:00 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_lib.c,v 1.2.2.3.6.1 2002/07/31 02:55:07 nectar Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+***************
+*** 309,315 ****
+  	s2=s->s2;
+  	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+  	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+! 	memset(s2,0,sizeof *s2);
+  	OPENSSL_free(s2);
+  	s->s2=NULL;
+  	}
+--- 307,313 ----
+  	s2=s->s2;
+  	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+  	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+! 	OPENSSL_cleanse(s2,sizeof *s2);
+  	OPENSSL_free(s2);
+  	s->s2=NULL;
+  	}
+***************
+*** 378,392 ****
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		for (i=0; i<SSL2_NUM_CIPHERS; i++)
+! 			sorted[i]= &(ssl2_ciphers[i]);
+! 
+! 		qsort(  (char *)sorted,
+! 			SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 			FP_ICC ssl_cipher_ptr_id_cmp);
+! 
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+- 		init=0;
+  		}
+  
+  	id=0x02000000L|((unsigned long)p[0]<<16L)|
+--- 376,394 ----
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		if (init)
+! 			{
+! 			for (i=0; i<SSL2_NUM_CIPHERS; i++)
+! 				sorted[i]= &(ssl2_ciphers[i]);
+! 
+! 			qsort((char *)sorted,
+! 				SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 				FP_ICC ssl_cipher_ptr_id_cmp);
+! 
+! 			init=0;
+! 			}
+! 			
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+  		}
+  
+  	id=0x02000000L|((unsigned long)p[0]<<16L)|
+***************
+*** 417,423 ****
+  	return(3);
+  	}
+  
+! void ssl2_generate_key_material(SSL *s)
+  	{
+  	unsigned int i;
+  	MD5_CTX ctx;
+--- 419,425 ----
+  	return(3);
+  	}
+  
+! int ssl2_generate_key_material(SSL *s)
+  	{
+  	unsigned int i;
+  	MD5_CTX ctx;
+***************
+*** 430,443 ****
+  #endif
+  
+  	km=s->s2->key_material;
+!  	die(s->s2->key_material_length <= sizeof s->s2->key_material);
+  	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
+  		{
+  		MD5_Init(&ctx);
+  
+-  		die(s->session->master_key_length >= 0
+-  		    && s->session->master_key_length
+-  		    < sizeof s->session->master_key);
+  		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
+  		MD5_Update(&ctx,&c,1);
+  		c++;
+--- 432,455 ----
+  #endif
+  
+  	km=s->s2->key_material;
+! 
+! 	if (s->session->master_key_length < 0 || s->session->master_key_length > sizeof s->session->master_key)
+! 		{
+! 		SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
+! 		return 0;
+! 		}
+! 
+  	for (i=0; i<s->s2->key_material_length; i+=MD5_DIGEST_LENGTH)
+  		{
++ 		if (((km - s->s2->key_material) + MD5_DIGEST_LENGTH) > sizeof s->s2->key_material)
++ 			{
++ 			/* MD5_Final() below would write beyond buffer */
++ 			SSLerr(SSL_F_SSL2_GENERATE_KEY_MATERIAL, SSL_R_INTERNAL_ERROR);
++ 			return 0;
++ 			}
++ 
+  		MD5_Init(&ctx);
+  
+  		MD5_Update(&ctx,s->session->master_key,s->session->master_key_length);
+  		MD5_Update(&ctx,&c,1);
+  		c++;
+***************
+*** 446,451 ****
+--- 458,465 ----
+  		MD5_Final(km,&ctx);
+  		km+=MD5_DIGEST_LENGTH;
+  		}
++ 
++ 	return 1;
+  	}
+  
+  void ssl2_return_error(SSL *s, int err)
+***************
+*** 470,487 ****
+  	buf[2]=(s->error_code)&0xff;
+  
+  /*	state=s->rwstate;*/
+! 	error=s->error;
+  	s->error=0;
+! 	die(error >= 0 && error <= 3);
+  	i=ssl2_write(s,&(buf[3-error]),error);
+  /*	if (i == error) s->rwstate=state; */
+  
+  	if (i < 0)
+  		s->error=error;
+  	else if (i != s->error)
+  		s->error=error-i;
+- 	/* else
+- 		s->error=0; */
+  	}
+  
+  int ssl2_shutdown(SSL *s)
+--- 484,503 ----
+  	buf[2]=(s->error_code)&0xff;
+  
+  /*	state=s->rwstate;*/
+! 
+! 	error=s->error; /* number of bytes left to write */
+  	s->error=0;
+! 	if (error < 0 || error > sizeof buf) /* can't happen */
+! 		return;
+! 	
+  	i=ssl2_write(s,&(buf[3-error]),error);
++ 
+  /*	if (i == error) s->rwstate=state; */
+  
+  	if (i < 0)
+  		s->error=error;
+  	else if (i != s->error)
+  		s->error=error-i;
+  	}
+  
+  int ssl2_shutdown(SSL *s)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_meth.c ../RELENG_4_6/crypto/openssl/ssl/s2_meth.c
+*** crypto/openssl/ssl/s2_meth.c	Wed Jul  4 19:19:45 2001
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_meth.c	Fri Feb 21 11:33:00 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_meth.c,v 1.2.2.3 2001/07/04 23:19:45 kris Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+***************
+*** 79,90 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_data.ssl_connect=ssl2_connect;
+! 		SSLv2_data.ssl_accept=ssl2_accept;
+! 		SSLv2_data.get_ssl_method=ssl2_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_data);
+  	}
+--- 77,95 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_data.ssl_connect=ssl2_connect;
+! 			SSLv2_data.ssl_accept=ssl2_accept;
+! 			SSLv2_data.get_ssl_method=ssl2_get_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_srvr.c ../RELENG_4_6/crypto/openssl/ssl/s2_srvr.c
+*** crypto/openssl/ssl/s2_srvr.c	Mon Feb 24 21:51:22 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s2_srvr.c	Fri Feb 21 11:33:00 2003
+***************
+*** 146,156 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_server_data.ssl_accept=ssl2_accept;
+! 		SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_server_data);
+  	}
+--- 145,162 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_server_data.ssl_accept=ssl2_accept;
+! 			SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_server_data);
+  	}
+***************
+*** 400,407 ****
+  				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
+  				}
+  			else
+! 				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+! 					SSL_R_PEER_ERROR);
+  			return(-1);
+  			}
+  
+--- 406,412 ----
+  				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_READ_WRONG_PACKET_TYPE);
+  				}
+  			else
+! 				SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_PEER_ERROR);
+  			return(-1);
+  			}
+  
+***************
+*** 409,416 ****
+  		if (cp == NULL)
+  			{
+  			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+! 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+! 				SSL_R_NO_CIPHER_MATCH);
+  			return(-1);
+  			}
+  		s->session->cipher= cp;
+--- 414,420 ----
+  		if (cp == NULL)
+  			{
+  			ssl2_return_error(s,SSL2_PE_NO_CIPHER);
+! 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_NO_CIPHER_MATCH);
+  			return(-1);
+  			}
+  		s->session->cipher= cp;
+***************
+*** 421,428 ****
+  		n2s(p,i); s->session->key_arg_length=i;
+  		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+  			{
+! 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,
+! 				   SSL_R_KEY_ARG_TOO_LONG);
+  			return -1;
+  			}
+  		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+--- 425,432 ----
+  		n2s(p,i); s->session->key_arg_length=i;
+  		if(s->session->key_arg_length > SSL_MAX_KEY_ARG_LENGTH)
+  			{
+! 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+! 			SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_KEY_ARG_TOO_LONG);
+  			return -1;
+  			}
+  		s->state=SSL2_ST_GET_CLIENT_MASTER_KEY_B;
+***************
+*** 430,440 ****
+  
+  	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
+  	p=(unsigned char *)s->init_buf->data;
+! 	die(s->init_buf->length >= SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER);
+  	keya=s->session->key_arg_length;
+  	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
+  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+  		{
+  		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+  		return -1;
+  		}
+--- 434,450 ----
+  
+  	/* SSL2_ST_GET_CLIENT_MASTER_KEY_B */
+  	p=(unsigned char *)s->init_buf->data;
+! 	if (s->init_buf->length < SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+! 		{
+! 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+! 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+! 		return -1;
+! 		}
+  	keya=s->session->key_arg_length;
+  	len = 10 + (unsigned long)s->s2->tmp.clear + (unsigned long)s->s2->tmp.enc + (unsigned long)keya;
+  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+  		{
++ 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+  		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+  		return -1;
+  		}
+***************
+*** 511,517 ****
+  #endif
+  
+  	if (is_export) i+=s->s2->tmp.clear;
+! 	die(i <= SSL_MAX_MASTER_KEY_LENGTH);
+  	s->session->master_key_length=i;
+  	memcpy(s->session->master_key,p,(unsigned int)i);
+  	return(1);
+--- 521,533 ----
+  #endif
+  
+  	if (is_export) i+=s->s2->tmp.clear;
+! 
+! 	if (i > SSL_MAX_MASTER_KEY_LENGTH)
+! 		{
+! 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+! 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY, SSL_R_INTERNAL_ERROR);
+! 		return -1;
+! 		}
+  	s->session->master_key_length=i;
+  	memcpy(s->session->master_key,p,(unsigned int)i);
+  	return(1);
+***************
+*** 561,566 ****
+--- 577,583 ----
+  		if (	(i < SSL2_MIN_CHALLENGE_LENGTH) ||
+  			(i > SSL2_MAX_CHALLENGE_LENGTH))
+  			{
++ 			ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+  			SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_INVALID_CHALLENGE_LENGTH);
+  			return(-1);
+  			}
+***************
+*** 572,577 ****
+--- 589,595 ----
+  	len = 9 + (unsigned long)s->s2->tmp.cipher_spec_length + (unsigned long)s->s2->challenge_length + (unsigned long)s->s2->tmp.session_id_length;
+  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+  		{
++ 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+  		SSLerr(SSL_F_GET_CLIENT_HELLO,SSL_R_MESSAGE_TOO_LONG);
+  		return -1;
+  		}
+***************
+*** 659,665 ****
+  	p+=s->s2->tmp.session_id_length;
+  
+  	/* challenge */
+! 	die(s->s2->challenge_length <= sizeof s->s2->challenge);
+  	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
+  	return(1);
+  mem_err:
+--- 677,688 ----
+  	p+=s->s2->tmp.session_id_length;
+  
+  	/* challenge */
+! 	if (s->s2->challenge_length > sizeof s->s2->challenge)
+! 		{
+! 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+! 		SSLerr(SSL_F_GET_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
+! 		return -1;
+! 		}
+  	memcpy(s->s2->challenge,p,(unsigned int)s->s2->challenge_length);
+  	return(1);
+  mem_err:
+***************
+*** 811,817 ****
+  		}
+  
+  	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+! 	die(s->s2->conn_id_length <= sizeof s->s2->conn_id);
+  	len = 1 + (unsigned long)s->s2->conn_id_length;
+  	n = (int)len - s->init_num;
+  	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+--- 834,845 ----
+  		}
+  
+  	/* SSL2_ST_GET_CLIENT_FINISHED_B */
+! 	if (s->s2->conn_id_length > sizeof s->s2->conn_id)
+! 		{
+! 		ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+! 		SSLerr(SSL_F_GET_CLIENT_FINISHED, SSL_R_INTERNAL_ERROR);
+! 		return -1;
+! 		}
+  	len = 1 + (unsigned long)s->s2->conn_id_length;
+  	n = (int)len - s->init_num;
+  	i = ssl2_read(s,(char *)&(p[s->init_num]),n);
+***************
+*** 837,843 ****
+  		{
+  		p=(unsigned char *)s->init_buf->data;
+  		*(p++)=SSL2_MT_SERVER_VERIFY;
+! 		die(s->s2->challenge_length <= sizeof s->s2->challenge);
+  		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
+  		/* p+=s->s2->challenge_length; */
+  
+--- 865,875 ----
+  		{
+  		p=(unsigned char *)s->init_buf->data;
+  		*(p++)=SSL2_MT_SERVER_VERIFY;
+! 		if (s->s2->challenge_length > sizeof s->s2->challenge)
+! 			{
+! 			SSLerr(SSL_F_SERVER_VERIFY, SSL_R_INTERNAL_ERROR);
+! 			return -1;
+! 			}
+  		memcpy(p,s->s2->challenge,(unsigned int)s->s2->challenge_length);
+  		/* p+=s->s2->challenge_length; */
+  
+***************
+*** 857,866 ****
+  		p=(unsigned char *)s->init_buf->data;
+  		*(p++)=SSL2_MT_SERVER_FINISHED;
+  
+! 		die(s->session->session_id_length
+! 		    <= sizeof s->session->session_id);
+! 		memcpy(p,s->session->session_id,
+! 			(unsigned int)s->session->session_id_length);
+  		/* p+=s->session->session_id_length; */
+  
+  		s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
+--- 889,900 ----
+  		p=(unsigned char *)s->init_buf->data;
+  		*(p++)=SSL2_MT_SERVER_FINISHED;
+  
+! 		if (s->session->session_id_length > sizeof s->session->session_id)
+! 			{
+! 			SSLerr(SSL_F_SERVER_FINISH, SSL_R_INTERNAL_ERROR);
+! 			return -1;
+! 			}
+! 		memcpy(p,s->session->session_id, (unsigned int)s->session->session_id_length);
+  		/* p+=s->session->session_id_length; */
+  
+  		s->state=SSL2_ST_SEND_SERVER_FINISHED_B;
+***************
+*** 974,980 ****
+  	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+  		{
+! 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+  		goto end;
+  		}
+  	j = (int)len - s->init_num;
+--- 1008,1014 ----
+  	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+  		{
+! 		SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
+  		goto end;
+  		}
+  	j = (int)len - s->init_num;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_clnt.c ../RELENG_4_6/crypto/openssl/ssl/s3_clnt.c
+*** crypto/openssl/ssl/s3_clnt.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_clnt.c	Fri Feb 21 11:33:00 2003
+***************
+*** 146,163 ****
+  
+  	if (init)
+  		{
+! 		init=0;
+! 		memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_client_data.ssl_connect=ssl3_connect;
+! 		SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+  		}
+  	return(&SSLv3_client_data);
+  	}
+  
+  int ssl3_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf;
+  	unsigned long Time=time(NULL),l;
+  	long num1;
+  	void (*cb)()=NULL;
+--- 146,170 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_client_data.ssl_connect=ssl3_connect;
+! 			SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_client_data);
+  	}
+  
+  int ssl3_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf=NULL;
+  	unsigned long Time=time(NULL),l;
+  	long num1;
+  	void (*cb)()=NULL;
+***************
+*** 218,223 ****
+--- 225,231 ----
+  					goto end;
+  					}
+  				s->init_buf=buf;
++ 				buf=NULL;
+  				}
+  
+  			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+***************
+*** 496,501 ****
+--- 504,511 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL)
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+***************
+*** 546,552 ****
+  		*(p++)=i;
+  		if (i != 0)
+  			{
+! 			die(i <= sizeof s->session->session_id);
+  			memcpy(p,s->session->session_id,i);
+  			p+=i;
+  			}
+--- 556,566 ----
+  		*(p++)=i;
+  		if (i != 0)
+  			{
+! 			if (i > sizeof s->session->session_id)
+! 				{
+! 				SSLerr(SSL_F_SSL3_CLIENT_HELLO, SSL_R_INTERNAL_ERROR);
+! 				goto err;
+! 				}
+  			memcpy(p,s->session->session_id,i);
+  			p+=i;
+  			}
+***************
+*** 628,650 ****
+  	/* get the session-id */
+  	j= *(p++);
+  
+!        if(j > sizeof s->session->session_id)
+!                {
+!                al=SSL_AD_ILLEGAL_PARAMETER;
+!                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+!                       SSL_R_SSL3_SESSION_ID_TOO_LONG);
+!                goto f_err;
+!                }
+! 
+! 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+  		{
+! 		/* SSLref returns 16 :-( */
+! 		if (j < SSL2_SSL_SESSION_ID_LENGTH)
+! 			{
+! 			al=SSL_AD_ILLEGAL_PARAMETER;
+! 			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
+! 			goto f_err;
+! 			}
+  		}
+  	if (j != 0 && j == s->session->session_id_length
+  	    && memcmp(p,s->session->session_id,j) == 0)
+--- 642,652 ----
+  	/* get the session-id */
+  	j= *(p++);
+  
+! 	if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
+  		{
+! 		al=SSL_AD_ILLEGAL_PARAMETER;
+! 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+! 		goto f_err;
+  		}
+  	if (j != 0 && j == s->session->session_id_length
+  	    && memcmp(p,s->session->session_id,j) == 0)
+***************
+*** 652,657 ****
+--- 654,660 ----
+  	    if(s->sid_ctx_length != s->session->sid_ctx_length
+  	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
+  		{
++ 		/* actually a client application bug */
+  		al=SSL_AD_ILLEGAL_PARAMETER;
+  		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+  		goto f_err;
+***************
+*** 695,701 ****
+  		goto f_err;
+  		}
+  
+! 	if (s->hit && (s->session->cipher != c))
+  		{
+  		if (!(s->options &
+  			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+--- 698,709 ----
+  		goto f_err;
+  		}
+  
+! 	/* Depending on the session caching (internal/external), the cipher
+! 	   and/or cipher_id values may not be set. Make sure that
+! 	   cipher_id is set and use it for comparison. */
+! 	if (s->session->cipher)
+! 		s->session->cipher_id = s->session->cipher->id;
+! 	if (s->hit && (s->session->cipher_id != c->id))
+  		{
+  		if (!(s->options &
+  			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+***************
+*** 1456,1462 ****
+  				s->method->ssl3_enc->generate_master_secret(s,
+  					s->session->master_key,
+  					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+! 			memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+  			}
+  		else
+  #endif
+--- 1464,1470 ----
+  				s->method->ssl3_enc->generate_master_secret(s,
+  					s->session->master_key,
+  					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+! 			OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+  			}
+  		else
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_enc.c ../RELENG_4_6/crypto/openssl/ssl/s3_enc.c
+*** crypto/openssl/ssl/s3_enc.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_enc.c	Fri Feb 21 11:33:00 2003
+***************
+*** 174,180 ****
+  
+  		km+=MD5_DIGEST_LENGTH;
+  		}
+! 	memset(smd,0,SHA_DIGEST_LENGTH);
+  	}
+  
+  int ssl3_change_cipher_state(SSL *s, int which)
+--- 174,180 ----
+  
+  		km+=MD5_DIGEST_LENGTH;
+  		}
+! 	OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
+  	}
+  
+  int ssl3_change_cipher_state(SSL *s, int which)
+***************
+*** 318,325 ****
+  
+  	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+  
+! 	memset(&(exp_key[0]),0,sizeof(exp_key));
+! 	memset(&(exp_iv[0]),0,sizeof(exp_iv));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+--- 318,325 ----
+  
+  	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+  
+! 	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+! 	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+***************
+*** 390,396 ****
+  	{
+  	if (s->s3->tmp.key_block != NULL)
+  		{
+! 		memset(s->s3->tmp.key_block,0,
+  			s->s3->tmp.key_block_length);
+  		OPENSSL_free(s->s3->tmp.key_block);
+  		s->s3->tmp.key_block=NULL;
+--- 390,396 ----
+  	{
+  	if (s->s3->tmp.key_block != NULL)
+  		{
+! 		OPENSSL_cleanse(s->s3->tmp.key_block,
+  			s->s3->tmp.key_block_length);
+  		OPENSSL_free(s->s3->tmp.key_block);
+  		s->s3->tmp.key_block=NULL;
+***************
+*** 456,461 ****
+--- 456,462 ----
+  				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+  				return 0;
+  				}
++ 			/* otherwise, rec->length >= bs */
+  			}
+  		
+  		EVP_Cipher(ds,rec->data,rec->input,l);
+***************
+*** 464,470 ****
+  			{
+  			i=rec->data[l-1]+1;
+  			/* SSL 3.0 bounds the number of padding bytes by the block size;
+! 			 * padding bytes (except that last) are arbitrary */
+  			if (i > bs)
+  				{
+  				/* Incorrect padding. SSLerr() and ssl3_alert are done
+--- 465,471 ----
+  			{
+  			i=rec->data[l-1]+1;
+  			/* SSL 3.0 bounds the number of padding bytes by the block size;
+! 			 * padding bytes (except the last one) are arbitrary */
+  			if (i > bs)
+  				{
+  				/* Incorrect padding. SSLerr() and ssl3_alert are done
+***************
+*** 473,478 ****
+--- 474,480 ----
+  				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+  				return -1;
+  				}
++ 			/* now i <= bs <= rec->length */
+  			rec->length-=i;
+  			}
+  		}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_lib.c ../RELENG_4_6/crypto/openssl/ssl/s3_lib.c
+*** crypto/openssl/ssl/s3_lib.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_lib.c	Fri Feb 21 11:33:00 2003
+***************
+*** 732,738 ****
+  #endif
+  	if (s->s3->tmp.ca_names != NULL)
+  		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+! 	memset(s->s3,0,sizeof *s->s3);
+  	OPENSSL_free(s->s3);
+  	s->s3=NULL;
+  	}
+--- 732,738 ----
+  #endif
+  	if (s->s3->tmp.ca_names != NULL)
+  		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+! 	OPENSSL_cleanse(s->s3,sizeof *s->s3);
+  	OPENSSL_free(s->s3);
+  	s->s3=NULL;
+  	}
+***************
+*** 1084,1099 ****
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		for (i=0; i<SSL3_NUM_CIPHERS; i++)
+! 			sorted[i]= &(ssl3_ciphers[i]);
+  
+! 		qsort(	(char *)sorted,
+! 			SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 			FP_ICC ssl_cipher_ptr_id_cmp);
+  
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+- 
+- 		init=0;
+  		}
+  
+  	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
+--- 1084,1102 ----
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		if (init)
+! 			{
+! 			for (i=0; i<SSL3_NUM_CIPHERS; i++)
+! 				sorted[i]= &(ssl3_ciphers[i]);
+  
+! 			qsort(sorted,
+! 				SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 				FP_ICC ssl_cipher_ptr_id_cmp);
+  
++ 			init=0;
++ 			}
++ 		
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+  		}
+  
+  	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_meth.c ../RELENG_4_6/crypto/openssl/ssl/s3_meth.c
+*** crypto/openssl/ssl/s3_meth.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_meth.c	Fri Feb 21 11:33:00 2003
+***************
+*** 76,87 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_data.ssl_connect=ssl3_connect;
+! 		SSLv3_data.ssl_accept=ssl3_accept;
+! 		SSLv3_data.get_ssl_method=ssl3_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv3_data);
+  	}
+--- 76,94 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_data.ssl_connect=ssl3_connect;
+! 			SSLv3_data.ssl_accept=ssl3_accept;
+! 			SSLv3_data.get_ssl_method=ssl3_get_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_pkt.c ../RELENG_4_6/crypto/openssl/ssl/s3_pkt.c
+*** crypto/openssl/ssl/s3_pkt.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_pkt.c	Fri Feb 21 11:33:00 2003
+***************
+*** 238,243 ****
+--- 238,245 ----
+  	unsigned int mac_size;
+  	int clear=0;
+  	size_t extra;
++ 	int decryption_failed_or_bad_record_mac = 0;
++ 	unsigned char *mac = NULL;
+  
+  	rr= &(s->s3->rrec);
+  	sess=s->session;
+***************
+*** 353,360 ****
+  			/* SSLerr() and ssl3_send_alert() have been called */
+  			goto err;
+  
+! 		/* otherwise enc_err == -1 */
+! 		goto decryption_failed_or_bad_record_mac;
+  		}
+  
+  #ifdef TLS_DEBUG
+--- 355,365 ----
+  			/* SSLerr() and ssl3_send_alert() have been called */
+  			goto err;
+  
+! 		/* Otherwise enc_err == -1, which indicates bad padding
+! 		 * (rec->length has not been changed in this case).
+! 		 * To minimize information leaked via timing, we will perform
+! 		 * the MAC computation anyway. */
+! 		decryption_failed_or_bad_record_mac = 1;
+  		}
+  
+  #ifdef TLS_DEBUG
+***************
+*** 380,407 ****
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  #else
+! 			goto decryption_failed_or_bad_record_mac;
+  #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length < mac_size)
+  			{
+  #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  #else
+! 			goto decryption_failed_or_bad_record_mac;
+  #endif
+  			}
+- 		rr->length-=mac_size;
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+  			{
+! 			goto decryption_failed_or_bad_record_mac;
+  			}
+  		}
+  
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+--- 385,430 ----
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  #else
+! 			decryption_failed_or_bad_record_mac = 1;
+  #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length >= mac_size)
+  			{
++ 			rr->length -= mac_size;
++ 			mac = &rr->data[rr->length];
++ 			}
++ 		else
++ 			{
++ 			/* record (minus padding) is too short to contain a MAC */
+  #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  #else
+! 			decryption_failed_or_bad_record_mac = 1;
+! 			rr->length = 0;
+  #endif
+  			}
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+  			{
+! 			decryption_failed_or_bad_record_mac = 1;
+  			}
+  		}
+  
++ 	if (decryption_failed_or_bad_record_mac)
++ 		{
++ 		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
++ 		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
++ 		 * failure is directly visible from the ciphertext anyway,
++ 		 * we should not reveal which kind of error occured -- this
++ 		 * might become visible to an attacker (e.g. via a logfile) */
++ 		al=SSL_AD_BAD_RECORD_MAC;
++ 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
++ 		goto f_err;
++ 		}
++ 
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+***************
+*** 443,456 ****
+  
+  	return(1);
+  
+- decryption_failed_or_bad_record_mac:
+- 	/* Separate 'decryption_failed' alert was introduced with TLS 1.0,
+- 	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+- 	 * failure is directly visible from the ciphertext anyway,
+- 	 * we should not reveal which kind of error occured -- this
+- 	 * might become visible to an attacker (e.g. via logfile) */
+- 	al=SSL_AD_BAD_RECORD_MAC;
+- 	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+  f_err:
+  	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+  err:
+--- 466,471 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_srvr.c ../RELENG_4_6/crypto/openssl/ssl/s3_srvr.c
+*** crypto/openssl/ssl/s3_srvr.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/s3_srvr.c	Fri Feb 21 11:33:00 2003
+***************
+*** 151,161 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_server_data.ssl_accept=ssl3_accept;
+! 		SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv3_server_data);
+  	}
+--- 151,168 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_server_data.ssl_accept=ssl3_accept;
+! 			SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+! 			init=0;
+! 			}
+! 			
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_server_data);
+  	}
+***************
+*** 949,955 ****
+  			s->session->session_id_length=0;
+  
+  		sl=s->session->session_id_length;
+! 		die(sl <= sizeof s->session->session_id);
+  		*(p++)=sl;
+  		memcpy(p,s->session->session_id,sl);
+  		p+=sl;
+--- 956,966 ----
+  			s->session->session_id_length=0;
+  
+  		sl=s->session->session_id_length;
+! 		if (sl > sizeof s->session->session_id)
+! 			{
+! 			SSLerr(SSL_F_SSL3_SEND_SERVER_HELLO, SSL_R_INTERNAL_ERROR);
+! 			return -1;
+! 			}
+  		*(p++)=sl;
+  		memcpy(p,s->session->session_id,sl);
+  		p+=sl;
+***************
+*** 1460,1466 ****
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,
+  				p,i);
+! 		memset(p,0,i);
+  		}
+  	else
+  #endif
+--- 1471,1477 ----
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,
+  				p,i);
+! 		OPENSSL_cleanse(p,i);
+  		}
+  	else
+  #endif
+***************
+*** 1523,1529 ****
+  		s->session->master_key_length=
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,p,i);
+! 		memset(p,0,i);
+  		}
+  	else
+  #endif
+--- 1534,1540 ----
+  		s->session->master_key_length=
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,p,i);
+! 		OPENSSL_cleanse(p,i);
+  		}
+  	else
+  #endif
+***************
+*** 1555,1561 ****
+  		SSL3_ST_SR_CERT_VRFY_A,
+  		SSL3_ST_SR_CERT_VRFY_B,
+  		-1,
+! 		512, /* 512? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+--- 1566,1572 ----
+  		SSL3_ST_SR_CERT_VRFY_A,
+  		SSL3_ST_SR_CERT_VRFY_B,
+  		-1,
+! 		514, /* 514? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl.h ../RELENG_4_6/crypto/openssl/ssl/ssl.h
+*** crypto/openssl/ssl/ssl.h	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl.h	Fri Feb 21 11:33:00 2003
+***************
+*** 551,560 ****
+  #define SSL_SESS_CACHE_SERVER			0x0002
+  #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+  #define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
+! /* This one, when set, makes the server session-id lookup not look
+!  * in the cache.  If there is an application get_session callback
+!  * defined, this will still get called. */
+  #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
+  
+    struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+  #define SSL_CTX_sess_number(ctx) \
+--- 551,561 ----
+  #define SSL_SESS_CACHE_SERVER			0x0002
+  #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+  #define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
+! /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+  #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
++ #define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
++ #define SSL_SESS_CACHE_NO_INTERNAL \
++ 	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+  
+    struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+  #define SSL_CTX_sess_number(ctx) \
+***************
+*** 1285,1290 ****
+--- 1286,1292 ----
+  
+  /* Function codes. */
+  #define SSL_F_CLIENT_CERTIFICATE			 100
++ #define SSL_F_CLIENT_FINISHED				 238
+  #define SSL_F_CLIENT_HELLO				 101
+  #define SSL_F_CLIENT_MASTER_KEY				 102
+  #define SSL_F_D2I_SSL_SESSION				 103
+***************
+*** 1298,1304 ****
+--- 1300,1308 ----
+  #define SSL_F_I2D_SSL_SESSION				 111
+  #define SSL_F_READ_N					 112
+  #define SSL_F_REQUEST_CERTIFICATE			 113
++ #define SSL_F_SERVER_FINISH				 239
+  #define SSL_F_SERVER_HELLO				 114
++ #define SSL_F_SERVER_VERIFY				 240
+  #define SSL_F_SSL23_ACCEPT				 115
+  #define SSL_F_SSL23_CLIENT_HELLO			 116
+  #define SSL_F_SSL23_CONNECT				 117
+***************
+*** 1310,1315 ****
+--- 1314,1320 ----
+  #define SSL_F_SSL2_ACCEPT				 122
+  #define SSL_F_SSL2_CONNECT				 123
+  #define SSL_F_SSL2_ENC_INIT				 124
++ #define SSL_F_SSL2_GENERATE_KEY_MATERIAL		 241
+  #define SSL_F_SSL2_PEEK					 234
+  #define SSL_F_SSL2_READ					 125
+  #define SSL_F_SSL2_READ_INTERNAL			 236
+***************
+*** 1345,1350 ****
+--- 1350,1356 ----
+  #define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE		 152
+  #define SSL_F_SSL3_SEND_CLIENT_VERIFY			 153
+  #define SSL_F_SSL3_SEND_SERVER_CERTIFICATE		 154
++ #define SSL_F_SSL3_SEND_SERVER_HELLO			 242
+  #define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE		 155
+  #define SSL_F_SSL3_SETUP_BUFFERS			 156
+  #define SSL_F_SSL3_SETUP_KEY_BLOCK			 157
+***************
+*** 1559,1564 ****
+--- 1565,1571 ----
+  #define SSL_R_SHORT_READ				 219
+  #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE	 220
+  #define SSL_R_SSL23_DOING_SESSION_ID_REUSE		 221
++ #define SSL_R_SSL2_CONNECTION_ID_TOO_LONG		 1114
+  #define SSL_R_SSL3_SESSION_ID_TOO_LONG			 1113
+  #define SSL_R_SSL3_SESSION_ID_TOO_SHORT			 222
+  #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE		 1042
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_asn1.c ../RELENG_4_6/crypto/openssl/ssl/ssl_asn1.c
+*** crypto/openssl/ssl/ssl_asn1.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_asn1.c	Fri Feb 21 11:33:00 2003
+***************
+*** 273,282 ****
+  		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
+  
+  	if (os.length > i)
+! 		os.length=i;
+  
+  	ret->session_id_length=os.length;
+- 	die(os.length <= sizeof ret->session_id);
+  	memcpy(ret->session_id,os.data,os.length);
+  
+  	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+--- 273,283 ----
+  		i=SSL2_MAX_SSL_SESSION_ID_LENGTH;
+  
+  	if (os.length > i)
+! 		os.length = i;
+! 	if (os.length > sizeof ret->session_id) /* can't happen */
+! 		os.length = sizeof ret->session_id;
+  
+  	ret->session_id_length=os.length;
+  	memcpy(ret->session_id,os.data,os.length);
+  
+  	M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_err.c ../RELENG_4_6/crypto/openssl/ssl/ssl_err.c
+*** crypto/openssl/ssl/ssl_err.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_err.c	Fri Feb 21 11:33:00 2003
+***************
+*** 67,72 ****
+--- 67,73 ----
+  static ERR_STRING_DATA SSL_str_functs[]=
+  	{
+  {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0),	"CLIENT_CERTIFICATE"},
++ {ERR_PACK(0,SSL_F_CLIENT_FINISHED,0),	"CLIENT_FINISHED"},
+  {ERR_PACK(0,SSL_F_CLIENT_HELLO,0),	"CLIENT_HELLO"},
+  {ERR_PACK(0,SSL_F_CLIENT_MASTER_KEY,0),	"CLIENT_MASTER_KEY"},
+  {ERR_PACK(0,SSL_F_D2I_SSL_SESSION,0),	"d2i_SSL_SESSION"},
+***************
+*** 80,86 ****
+--- 81,89 ----
+  {ERR_PACK(0,SSL_F_I2D_SSL_SESSION,0),	"i2d_SSL_SESSION"},
+  {ERR_PACK(0,SSL_F_READ_N,0),	"READ_N"},
+  {ERR_PACK(0,SSL_F_REQUEST_CERTIFICATE,0),	"REQUEST_CERTIFICATE"},
++ {ERR_PACK(0,SSL_F_SERVER_FINISH,0),	"SERVER_FINISH"},
+  {ERR_PACK(0,SSL_F_SERVER_HELLO,0),	"SERVER_HELLO"},
++ {ERR_PACK(0,SSL_F_SERVER_VERIFY,0),	"SERVER_VERIFY"},
+  {ERR_PACK(0,SSL_F_SSL23_ACCEPT,0),	"SSL23_ACCEPT"},
+  {ERR_PACK(0,SSL_F_SSL23_CLIENT_HELLO,0),	"SSL23_CLIENT_HELLO"},
+  {ERR_PACK(0,SSL_F_SSL23_CONNECT,0),	"SSL23_CONNECT"},
+***************
+*** 92,97 ****
+--- 95,101 ----
+  {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0),	"SSL2_ACCEPT"},
+  {ERR_PACK(0,SSL_F_SSL2_CONNECT,0),	"SSL2_CONNECT"},
+  {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0),	"SSL2_ENC_INIT"},
++ {ERR_PACK(0,SSL_F_SSL2_GENERATE_KEY_MATERIAL,0),	"SSL2_GENERATE_KEY_MATERIAL"},
+  {ERR_PACK(0,SSL_F_SSL2_PEEK,0),	"SSL2_PEEK"},
+  {ERR_PACK(0,SSL_F_SSL2_READ,0),	"SSL2_READ"},
+  {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0),	"SSL2_READ_INTERNAL"},
+***************
+*** 127,132 ****
+--- 131,137 ----
+  {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,0),	"SSL3_SEND_CLIENT_KEY_EXCHANGE"},
+  {ERR_PACK(0,SSL_F_SSL3_SEND_CLIENT_VERIFY,0),	"SSL3_SEND_CLIENT_VERIFY"},
+  {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_CERTIFICATE,0),	"SSL3_SEND_SERVER_CERTIFICATE"},
++ {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_HELLO,0),	"SSL3_SEND_SERVER_HELLO"},
+  {ERR_PACK(0,SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,0),	"SSL3_SEND_SERVER_KEY_EXCHANGE"},
+  {ERR_PACK(0,SSL_F_SSL3_SETUP_BUFFERS,0),	"SSL3_SETUP_BUFFERS"},
+  {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0),	"SSL3_SETUP_KEY_BLOCK"},
+***************
+*** 344,349 ****
+--- 349,355 ----
+  {SSL_R_SHORT_READ                        ,"short read"},
+  {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"},
+  {SSL_R_SSL23_DOING_SESSION_ID_REUSE      ,"ssl23 doing session id reuse"},
++ {SSL_R_SSL2_CONNECTION_ID_TOO_LONG       ,"ssl2 connection id too long"},
+  {SSL_R_SSL3_SESSION_ID_TOO_LONG          ,"ssl3 session id too long"},
+  {SSL_R_SSL3_SESSION_ID_TOO_SHORT         ,"ssl3 session id too short"},
+  {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE       ,"sslv3 alert bad certificate"},
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_lib.c ../RELENG_4_6/crypto/openssl/ssl/ssl_lib.c
+*** crypto/openssl/ssl/ssl_lib.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_lib.c	Fri Feb 21 11:33:00 2003
+***************
+*** 1245,1257 ****
+  		abort(); /* ok */
+  		}
+  #endif
+  	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+  
+  	if (a->sessions != NULL)
+! 		{
+! 		SSL_CTX_flush_sessions(a,0);
+! 		lh_free(a->sessions);
+! 		}
+  	if (a->cert_store != NULL)
+  		X509_STORE_free(a->cert_store);
+  	if (a->cipher_list != NULL)
+--- 1245,1268 ----
+  		abort(); /* ok */
+  		}
+  #endif
++   
++ 	/*
++ 	 * Free internal session cache. However: the remove_cb() may reference
++ 	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
++ 	 * after the sessions were flushed.
++ 	 * As the ex_data handling routines might also touch the session cache,
++ 	 * the most secure solution seems to be: empty (flush) the cache, then
++ 	 * free ex_data, then finally free the cache.
++ 	 * (See ticket [openssl.org #212].)
++ 	 */
++   	if (a->sessions != NULL)
++   		SSL_CTX_flush_sessions(a,0);
++ 
+  	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+  
+  	if (a->sessions != NULL)
+!   		lh_free(a->sessions);
+! 
+  	if (a->cert_store != NULL)
+  		X509_STORE_free(a->cert_store);
+  	if (a->cipher_list != NULL)
+***************
+*** 1472,1478 ****
+  
+  	i=s->ctx->session_cache_mode;
+  	if ((i & mode) && (!s->hit)
+! 		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
+  		    || SSL_CTX_add_session(s->ctx,s->session))
+  		&& (s->ctx->new_session_cb != NULL))
+  		{
+--- 1483,1489 ----
+  
+  	i=s->ctx->session_cache_mode;
+  	if ((i & mode) && (!s->hit)
+! 		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+  		    || SSL_CTX_add_session(s->ctx,s->session))
+  		&& (s->ctx->new_session_cb != NULL))
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_locl.h ../RELENG_4_6/crypto/openssl/ssl/ssl_locl.h
+*** crypto/openssl/ssl/ssl_locl.h	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_locl.h	Fri Feb 21 11:33:00 2003
+***************
+*** 500,506 ****
+  int ssl_verify_alarm_type(long type);
+  
+  int ssl2_enc_init(SSL *s, int client);
+! void ssl2_generate_key_material(SSL *s);
+  void ssl2_enc(SSL *s,int send_data);
+  void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+  SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+--- 500,506 ----
+  int ssl_verify_alarm_type(long type);
+  
+  int ssl2_enc_init(SSL *s, int client);
+! int ssl2_generate_key_material(SSL *s);
+  void ssl2_enc(SSL *s,int send_data);
+  void ssl2_mac(SSL *s,unsigned char *mac,int send_data);
+  SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_sess.c ../RELENG_4_6/crypto/openssl/ssl/ssl_sess.c
+*** crypto/openssl/ssl/ssl_sess.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/ssl_sess.c	Fri Feb 21 11:33:00 2003
+***************
+*** 200,206 ****
+  		ss->session_id_length=0;
+  		}
+  
+! 	die(s->sid_ctx_length <= sizeof ss->sid_ctx);
+  	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
+  	ss->sid_ctx_length=s->sid_ctx_length;
+  	s->session=ss;
+--- 200,211 ----
+  		ss->session_id_length=0;
+  		}
+  
+! 	if (s->sid_ctx_length > sizeof ss->sid_ctx)
+! 		{
+! 		SSLerr(SSL_F_SSL_GET_NEW_SESSION, SSL_R_INTERNAL_ERROR);
+! 		SSL_SESSION_free(ss);
+! 		return 0;
+! 		}
+  	memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length);
+  	ss->sid_ctx_length=s->sid_ctx_length;
+  	s->session=ss;
+***************
+*** 253,261 ****
+  			if (copy)
+  				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+  
+! 			/* The following should not return 1, otherwise,
+! 			 * things are very strange */
+! 			SSL_CTX_add_session(s->ctx,ret);
+  			}
+  		if (ret == NULL)
+  			goto err;
+--- 258,269 ----
+  			if (copy)
+  				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+  
+! 			/* Add the externally cached session to the internal
+! 			 * cache as well if and only if we are supposed to. */
+! 			if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+! 				/* The following should not return 1, otherwise,
+! 				 * things are very strange */
+! 				SSL_CTX_add_session(s->ctx,ret);
+  			}
+  		if (ret == NULL)
+  			goto err;
+***************
+*** 469,481 ****
+  
+  	CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+  
+! 	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
+! 	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
+! 	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+  	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
+  	if (ss->peer != NULL) X509_free(ss->peer);
+  	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+! 	memset(ss,0,sizeof(*ss));
+  	OPENSSL_free(ss);
+  	}
+  
+--- 477,489 ----
+  
+  	CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+  
+! 	OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH);
+! 	OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH);
+! 	OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH);
+  	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
+  	if (ss->peer != NULL) X509_free(ss->peer);
+  	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+! 	OPENSSL_cleanse(ss,sizeof(*ss));
+  	OPENSSL_free(ss);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssltest.c ../RELENG_4_6/crypto/openssl/ssl/ssltest.c
+*** crypto/openssl/ssl/ssltest.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/ssltest.c	Fri Feb 21 11:33:00 2003
+***************
+*** 224,235 ****
+  	verbose = 0;
+  	debug = 0;
+  	cipher = 0;
+! 	
+  	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+  
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+- 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+  	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+  
+  	argc--;
+--- 224,236 ----
+  	verbose = 0;
+  	debug = 0;
+  	cipher = 0;
+! 
+! 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);	
+! 
+  	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+  
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+  
+  	argc--;
+***************
+*** 247,258 ****
+  			debug=1;
+  		else if	(strcmp(*argv,"-reuse") == 0)
+  			reuse=1;
+- #ifndef NO_DH
+  		else if	(strcmp(*argv,"-dhe1024") == 0)
+  			dhe1024=1;
+  		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
+  			dhe1024dsa=1;
+  #endif
+  		else if	(strcmp(*argv,"-no_dhe") == 0)
+  			no_dhe=1;
+  		else if	(strcmp(*argv,"-ssl2") == 0)
+--- 248,269 ----
+  			debug=1;
+  		else if	(strcmp(*argv,"-reuse") == 0)
+  			reuse=1;
+  		else if	(strcmp(*argv,"-dhe1024") == 0)
++ 			{
++ #ifndef NO_DH
+  			dhe1024=1;
++ #else
++ 			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
++ #endif
++ 			}
+  		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
++ 			{
++ #ifndef NO_DH
+  			dhe1024dsa=1;
++ #else
++ 			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
+  #endif
++ 			}
+  		else if	(strcmp(*argv,"-no_dhe") == 0)
+  			no_dhe=1;
+  		else if	(strcmp(*argv,"-ssl2") == 0)
+***************
+*** 355,361 ****
+  			"the test anyway (and\n-d to see what happens), "
+  			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+  			"to avoid protocol mismatch.\n");
+! 		exit(1);
+  		}
+  
+  	if (print_time)
+--- 366,372 ----
+  			"the test anyway (and\n-d to see what happens), "
+  			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+  			"to avoid protocol mismatch.\n");
+! 		EXIT(1);
+  		}
+  
+  	if (print_time)
+***************
+*** 620,625 ****
+--- 631,638 ----
+  			int i, r;
+  			clock_t c_clock = clock();
+  
++ 			memset(cbuf, 0, sizeof(cbuf));
++ 
+  			if (debug)
+  				if (SSL_in_init(c_ssl))
+  					printf("client waiting in SSL_connect - %s\n",
+***************
+*** 704,709 ****
+--- 717,724 ----
+  			int i, r;
+  			clock_t s_clock = clock();
+  
++ 			memset(sbuf, 0, sizeof(sbuf));
++ 
+  			if (debug)
+  				if (SSL_in_init(s_ssl))
+  					printf("server waiting in SSL_accept - %s\n",
+***************
+*** 946,951 ****
+--- 961,969 ----
+  	int done=0;
+  	int c_write,s_write;
+  	int do_server=0,do_client=0;
++ 
++ 	memset(cbuf,0,sizeof(cbuf));
++ 	memset(sbuf,0,sizeof(sbuf));
+  
+  	c_to_s=BIO_new(BIO_s_mem());
+  	s_to_c=BIO_new(BIO_s_mem());
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_clnt.c ../RELENG_4_6/crypto/openssl/ssl/t1_clnt.c
+*** crypto/openssl/ssl/t1_clnt.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/t1_clnt.c	Fri Feb 21 11:33:00 2003
+***************
+*** 79,89 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_client_data.ssl_connect=ssl3_connect;
+! 		TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_client_data);
+  	}
+--- 79,96 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_client_data.ssl_connect=ssl3_connect;
+! 			TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&TLSv1_client_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_enc.c ../RELENG_4_6/crypto/openssl/ssl/t1_enc.c
+*** crypto/openssl/ssl/t1_enc.c	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/ssl/t1_enc.c	Fri Feb 21 11:33:00 2003
+***************
+*** 158,164 ****
+  		}
+  	HMAC_cleanup(&ctx);
+  	HMAC_cleanup(&ctx_tmp);
+! 	memset(A1,0,sizeof(A1));
+  	}
+  
+  static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+--- 158,164 ----
+  		}
+  	HMAC_cleanup(&ctx);
+  	HMAC_cleanup(&ctx_tmp);
+! 	OPENSSL_cleanse(A1,sizeof(A1));
+  	}
+  
+  static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+***************
+*** 372,381 ****
+  printf("\n");
+  #endif
+  
+! 	memset(tmp1,0,sizeof(tmp1));
+! 	memset(tmp2,0,sizeof(tmp1));
+! 	memset(iv1,0,sizeof(iv1));
+! 	memset(iv2,0,sizeof(iv2));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+--- 372,381 ----
+  printf("\n");
+  #endif
+  
+! 	OPENSSL_cleanse(tmp1,sizeof(tmp1));
+! 	OPENSSL_cleanse(tmp2,sizeof(tmp1));
+! 	OPENSSL_cleanse(iv1,sizeof(iv1));
+! 	OPENSSL_cleanse(iv2,sizeof(iv2));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+***************
+*** 426,432 ****
+  { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+  #endif
+  	tls1_generate_key_block(s,p1,p2,num);
+! 	memset(p2,0,num);
+  	OPENSSL_free(p2);
+  #ifdef TLS_DEBUG
+  printf("\nkey block\n");
+--- 426,432 ----
+  { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+  #endif
+  	tls1_generate_key_block(s,p1,p2,num);
+! 	OPENSSL_cleanse(p2,num);
+  	OPENSSL_free(p2);
+  #ifdef TLS_DEBUG
+  printf("\nkey block\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_meth.c ../RELENG_4_6/crypto/openssl/ssl/t1_meth.c
+*** crypto/openssl/ssl/t1_meth.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/t1_meth.c	Fri Feb 21 11:33:00 2003
+***************
+*** 76,88 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_data.ssl_connect=ssl3_connect;
+! 		TLSv1_data.ssl_accept=ssl3_accept;
+! 		TLSv1_data.get_ssl_method=tls1_get_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_data);
+  	}
+  
+--- 76,96 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_data.ssl_connect=ssl3_connect;
+! 			TLSv1_data.ssl_accept=ssl3_accept;
+! 			TLSv1_data.get_ssl_method=tls1_get_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
++ 	
+  	return(&TLSv1_data);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_srvr.c ../RELENG_4_6/crypto/openssl/ssl/t1_srvr.c
+*** crypto/openssl/ssl/t1_srvr.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_4_6/crypto/openssl/ssl/t1_srvr.c	Fri Feb 21 11:33:00 2003
+***************
+*** 80,90 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_server_data.ssl_accept=ssl3_accept;
+! 		TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_server_data);
+  	}
+--- 80,97 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_server_data.ssl_accept=ssl3_accept;
+! 			TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+! 			init=0;
+! 			}
+! 			
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&TLSv1_server_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/Makefile.ssl ../RELENG_4_6/crypto/openssl/test/Makefile.ssl
+*** crypto/openssl/test/Makefile.ssl	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/test/Makefile.ssl	Fri Feb 21 11:33:01 2003
+***************
+*** 85,91 ****
+  
+  all:	exe
+  
+! exe:	$(EXE)
+  
+  files:
+  	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+--- 85,91 ----
+  
+  all:	exe
+  
+! exe:	$(EXE) dummytest
+  
+  files:
+  	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+***************
+*** 93,98 ****
+--- 93,102 ----
+  links:
+  	@@$(TOP)/util/point.sh Makefile.ssl Makefile
+  
++ generate: $(SRC)
++ $(SRC):
++ 	@$(TOP)/util/point.sh dummytest.c $@
++ 
+  errors:
+  
+  install:
+***************
+*** 109,115 ****
+  	test_ss test_ca test_ssl
+  
+  apps:
+! 	@(cd ../apps; $(MAKE)  CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all)
+  
+  test_des:
+  	./$(DESTEST)
+--- 113,119 ----
+  	test_ss test_ca test_ssl
+  
+  apps:
+! 	@(cd ..; $(MAKE) DIRS=apps all)
+  
+  test_des:
+  	./$(DESTEST)
+***************
+*** 233,239 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 237,243 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 243,252 ****
+  	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+  
+  $(DLIBSSL):
+! 	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(DLIBCRYPTO):
+! 	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+  	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+--- 247,256 ----
+  	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+  
+  $(DLIBSSL):
+! 	(cd ..; $(MAKE) DIRS=ssl all)
+  
+  $(DLIBCRYPTO):
+! 	(cd ..; $(MAKE) DIRS=crypto all)
+  
+  $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+  	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+***************
+*** 317,325 ****
+  $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+  	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! bftest.o: ../include/openssl/blowfish.h
+  bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+--- 321,333 ----
+  $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+  	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+  
++ dummytest: dummytest.o $(DLIBCRYPTO)
++ 	$(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
++ 
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
+! bftest.o: ../include/openssl/opensslconf.h
+  bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+***************
+*** 339,367 ****
+  bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+  bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+  bntest.o: ../include/openssl/x509_vfy.h
+! casttest.o: ../include/openssl/cast.h
+  destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  destest.o: ../include/openssl/opensslconf.h
+! dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dhtest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
+! dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! dsatest.o: ../include/openssl/symhacks.h
+! exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+! exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
+! exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! exptest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! exptest.o: ../include/openssl/symhacks.h
+! hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+  hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+--- 347,377 ----
+  bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+  bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+  bntest.o: ../include/openssl/x509_vfy.h
+! casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
+! casttest.o: ../include/openssl/opensslconf.h
+  destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  destest.o: ../include/openssl/opensslconf.h
+! dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+  dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! dhtest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! dhtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! dhtest.o: ../include/openssl/symhacks.h
+! dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+  dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+! dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+! exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+! exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! exptest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+  hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+  hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+***************
+*** 376,392 ****
+  hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+  hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+  hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
+! md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
+! md4test.o: ../include/openssl/md4.h
+! md5test.o: ../include/openssl/md5.h
+! mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+! randtest.o: ../include/openssl/rand.h
+  rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
+  rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+! rc5test.o: ../include/openssl/rc5.h
+! rmdtest.o: ../include/openssl/ripemd.h
+  rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+--- 386,411 ----
+  hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+  hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+  hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
+! ideatest.o: ../include/openssl/opensslconf.h
+! md2test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md2.h
+! md2test.o: ../include/openssl/opensslconf.h
+! md4test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md4.h
+! md4test.o: ../include/openssl/opensslconf.h
+! md5test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md5.h
+! md5test.o: ../include/openssl/opensslconf.h
+! mdc2test.o: ../e_os.h ../include/openssl/des.h ../include/openssl/e_os2.h
+  mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+! randtest.o: ../e_os.h ../include/openssl/e_os2.h
+! randtest.o: ../include/openssl/opensslconf.h ../include/openssl/rand.h
+! rc2test.o: ../e_os.h ../include/openssl/e_os2.h
+  rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
++ rc4test.o: ../e_os.h ../include/openssl/e_os2.h
+  rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+! rc5test.o: ../e_os.h ../include/openssl/e_os2.h
+! rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h
+! rmdtest.o: ../e_os.h ../include/openssl/e_os2.h
+! rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/ripemd.h
+  rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+***************
+*** 394,401 ****
+  rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+  rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+  rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! sha1test.o: ../include/openssl/sha.h
+! shatest.o: ../include/openssl/sha.h
+  ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+--- 413,422 ----
+  rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+  rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+  rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! sha1test.o: ../e_os.h ../include/openssl/e_os2.h
+! sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
+! shatest.o: ../e_os.h ../include/openssl/e_os2.h
+! shatest.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
+  ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/methtest.c ../RELENG_4_6/crypto/openssl/test/methtest.c
+*** crypto/openssl/test/methtest.c	Mon Jan 10 01:22:01 2000
+--- ../RELENG_4_6/crypto/openssl/test/methtest.c	Fri Feb 21 11:33:01 2003
+***************
+*** 96,105 ****
+  	METH_init(top);
+  	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+  	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+! 	exit(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	exit(1);
+  	return(0);
+  	}
+--- 96,105 ----
+  	METH_init(top);
+  	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+  	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+! 	EXIT(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	EXIT(1);
+  	return(0);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/testssl ../RELENG_4_6/crypto/openssl/test/testssl
+*** crypto/openssl/test/testssl	Sun Aug 20 04:47:04 2000
+--- ../RELENG_4_6/crypto/openssl/test/testssl	Fri Feb 21 11:33:01 2003
+***************
+*** 112,119 ****
+  
+  #############################################################################
+  
+! echo test tls1 with 1024bit anonymous DH, multiple handshakes
+! $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+  
+  if ../apps/openssl no-rsa; then
+    echo skipping RSA tests
+--- 112,123 ----
+  
+  #############################################################################
+  
+! if ../apps/openssl no-dh; then
+!   echo skipping anonymous DH tests
+! else
+!   echo test tls1 with 1024bit anonymous DH, multiple handshakes
+!   $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+! fi
+  
+  if ../apps/openssl no-rsa; then
+    echo skipping RSA tests
+***************
+*** 121,128 ****
+    echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
+  
+!   echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+!   ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+  fi
+  
+  exit 0
+--- 125,136 ----
+    echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
+  
+!   if ../apps/openssl no-dh; then
+!     echo skipping RSA+DHE tests
+!   else
+!     echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+!     ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+!   fi
+  fi
+  
+  exit 0
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash ../RELENG_4_6/crypto/openssl/tools/c_rehash
+*** crypto/openssl/tools/c_rehash	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/tools/c_rehash	Fri Feb 21 11:33:01 2003
+***************
+*** 100,106 ****
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 100,107 ----
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+***************
+*** 130,136 ****
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 131,138 ----
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash.in ../RELENG_4_6/crypto/openssl/tools/c_rehash.in
+*** crypto/openssl/tools/c_rehash.in	Wed Jul  4 19:19:48 2001
+--- ../RELENG_4_6/crypto/openssl/tools/c_rehash.in	Fri Feb 21 11:33:01 2003
+***************
+*** 100,106 ****
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 100,107 ----
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+***************
+*** 130,136 ****
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 131,138 ----
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/libeay.num ../RELENG_4_6/crypto/openssl/util/libeay.num
+*** crypto/openssl/util/libeay.num	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/util/libeay.num	Fri Feb 21 11:33:01 2003
+***************
+*** 301,308 ****
+  EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
+  EVP_des_ofb                             310	EXIST::FUNCTION:DES
+  EVP_desx_cbc                            311	EXIST::FUNCTION:DES
+! EVP_dss                                 312	EXIST::FUNCTION:SHA,DSA
+! EVP_dss1                                313	EXIST::FUNCTION:SHA,DSA
+  EVP_enc_null                            314	EXIST::FUNCTION:
+  EVP_get_cipherbyname                    315	EXIST::FUNCTION:
+  EVP_get_digestbyname                    316	EXIST::FUNCTION:
+--- 301,308 ----
+  EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
+  EVP_des_ofb                             310	EXIST::FUNCTION:DES
+  EVP_desx_cbc                            311	EXIST::FUNCTION:DES
+! EVP_dss                                 312	EXIST::FUNCTION:DSA,SHA
+! EVP_dss1                                313	EXIST::FUNCTION:DSA,SHA
+  EVP_enc_null                            314	EXIST::FUNCTION:
+  EVP_get_cipherbyname                    315	EXIST::FUNCTION:
+  EVP_get_digestbyname                    316	EXIST::FUNCTION:
+***************
+*** 1212,1218 ****
+  str_dup                                 1240	NOEXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+! BIO_s_log                               1243	EXIST:!WIN16,!WIN32,!macintosh:FUNCTION:
+  BIO_f_reliable                          1244	EXIST::FUNCTION:
+  PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+  PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+--- 1212,1218 ----
+  str_dup                                 1240	NOEXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+! BIO_s_log                               1243	EXIST:!WIN32,!macintosh,!WIN16:FUNCTION:
+  BIO_f_reliable                          1244	EXIST::FUNCTION:
+  PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+  PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+***************
+*** 1934,1936 ****
+--- 1934,1937 ----
+  BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
+  X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
+  ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
++ OPENSSL_cleanse                         3245	EXIST::FUNCTION:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mk1mf.pl ../RELENG_4_6/crypto/openssl/util/mk1mf.pl
+*** crypto/openssl/util/mk1mf.pl	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/util/mk1mf.pl	Fri Feb 21 11:33:01 2003
+***************
+*** 206,212 ****
+  $cflags.=" -DNO_MD5"  if $no_md5;
+  $cflags.=" -DNO_SHA"  if $no_sha;
+  $cflags.=" -DNO_SHA1" if $no_sha1;
+! $cflags.=" -DNO_RIPEMD" if $no_rmd160;
+  $cflags.=" -DNO_MDC2" if $no_mdc2;
+  $cflags.=" -DNO_BF"  if $no_bf;
+  $cflags.=" -DNO_CAST" if $no_cast;
+--- 206,212 ----
+  $cflags.=" -DNO_MD5"  if $no_md5;
+  $cflags.=" -DNO_SHA"  if $no_sha;
+  $cflags.=" -DNO_SHA1" if $no_sha1;
+! $cflags.=" -DNO_RIPEMD" if $no_ripemd;
+  $cflags.=" -DNO_MDC2" if $no_mdc2;
+  $cflags.=" -DNO_BF"  if $no_bf;
+  $cflags.=" -DNO_CAST" if $no_cast;
+***************
+*** 674,680 ****
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+--- 674,680 ----
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+***************
+*** 883,889 ****
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; }
+  
+  	elsif (/^rsaref$/)	{ $rsaref=1; }
+  	elsif (/^gcc$/)		{ $gcc=1; }
+--- 883,889 ----
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; }
+  
+  	elsif (/^rsaref$/)	{ $rsaref=1; }
+  	elsif (/^gcc$/)		{ $gcc=1; }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkcerts.sh ../RELENG_4_6/crypto/openssl/util/mkcerts.sh
+*** crypto/openssl/util/mkcerts.sh	Mon Jan 10 01:22:05 2000
+--- ../RELENG_4_6/crypto/openssl/util/mkcerts.sh	Fri Feb 21 11:33:01 2003
+***************
+*** 1,4 ****
+! #!bin/sh
+  
+  # This script will re-make all the required certs.
+  # cd apps
+--- 1,4 ----
+! #!/bin/sh
+  
+  # This script will re-make all the required certs.
+  # cd apps
+***************
+*** 12,19 ****
+  #
+   
+  CAbits=1024
+! SSLEAY="../apps/ssleay"
+! CONF="-config ../apps/ssleay.cnf"
+  
+  # create pca request.
+  echo creating $CAbits bit PCA cert request
+--- 12,19 ----
+  #
+   
+  CAbits=1024
+! SSLEAY="../apps/openssl"
+! CONF="-config ../apps/openssl.cnf"
+  
+  # create pca request.
+  echo creating $CAbits bit PCA cert request
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkerr.pl ../RELENG_4_6/crypto/openssl/util/mkerr.pl
+*** crypto/openssl/util/mkerr.pl	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/util/mkerr.pl	Fri Feb 21 11:33:01 2003
+***************
+*** 320,326 ****
+  	print OUT <<"EOF";
+  /* $cfile */
+  /* ====================================================================
+!  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 320,326 ----
+  	print OUT <<"EOF";
+  /* $cfile */
+  /* ====================================================================
+!  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pl/BC-32.pl ../RELENG_4_6/crypto/openssl/util/pl/BC-32.pl
+*** crypto/openssl/util/pl/BC-32.pl	Mon Feb 24 21:51:23 2003
+--- ../RELENG_4_6/crypto/openssl/util/pl/BC-32.pl	Fri Feb 21 11:33:01 2003
+***************
+*** 52,60 ****
+  $shlib_ex_obj="";
+  $app_ex_obj="c0x32.obj"; 
+  
+! $asm='n_o_T_a_s_m';
+  $asm.=" /Zi" if $debug;
+! $afile='/Fo';
+  
+  $bn_mulw_obj='';
+  $bn_mulw_src='';
+--- 52,60 ----
+  $shlib_ex_obj="";
+  $app_ex_obj="c0x32.obj"; 
+  
+! $asm='nasmw -f obj';
+  $asm.=" /Zi" if $debug;
+! $afile='-o';
+  
+  $bn_mulw_obj='';
+  $bn_mulw_src='';
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pod2mantest ../RELENG_4_6/crypto/openssl/util/pod2mantest
+*** crypto/openssl/util/pod2mantest	Tue Jul 30 22:55:10 2002
+--- ../RELENG_4_6/crypto/openssl/util/pod2mantest	Fri Feb 21 11:33:01 2003
+***************
+*** 11,17 ****
+  
+  
+  IFS=:
+! try_without_dir=false
+  # First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+  for dir in dummy:$PATH; do
+      if [ "$try_without_dir" = true ]; then
+--- 11,18 ----
+  
+  
+  IFS=:
+! 
+! try_without_dir=true
+  # First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+  for dir in dummy:$PATH; do
+      if [ "$try_without_dir" = true ]; then
+***************
+*** 29,37 ****
+      if [ ! "$pod2man" = '' ]; then
+          failure=none
+  
+  
+! 	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then
+! 	    failure=MultilineTest
+  	fi
+  
+  
+--- 30,45 ----
+      if [ ! "$pod2man" = '' ]; then
+          failure=none
+  
++ 	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
++ 	    :
++ 	else
++ 	    failure=BasicTest
++ 	fi
+  
+! 	if [ "$failure" = none ]; then
+! 	    if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
+! 	        failure=MultilineTest
+! 	    fi
+  	fi
+  
+  
+***************
+*** 45,53 ****
+  done
+  
+  echo "No working pod2man found.  Consider installing a new version." >&2
+! if [ "$1" = ignore ]; then
+!   echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+!   echo "../../util/pod2man.pl"
+!   exit 0
+! fi
+! exit 1
+--- 53,57 ----
+  done
+  
+  echo "No working pod2man found.  Consider installing a new version." >&2
+! echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+! echo "$1 ../../util/pod2man.pl"
+*** secure/lib/libcrypto/Makefile	Mon Feb 24 21:52:33 2003
+--- ../RELENG_4_6/secure/lib/libcrypto/Makefile	Fri Feb 21 11:33:02 2003
+***************
+*** 1,4 ****
+! # $FreeBSD: src/secure/lib/libcrypto/Makefile,v 1.15.2.11.6.1 2002/07/31 02:55:11 nectar Exp $
+  
+  .include "Makefile.inc"
+  
+--- 1,4 ----
+! # $FreeBSD: src/secure/lib/libcrypto/Makefile,v 1.15.2.11.6.2 2003/02/21 16:33:02 nectar Exp $
+  
+  .include "Makefile.inc"
+  
+***************
+*** 35,42 ****
+  MAINTAINER=	kris
+  
+  # base sources
+! SRCS+=	cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \
+! 	tmdiff.c uid.c
+  
+  # asn1
+  
+--- 35,42 ----
+  MAINTAINER=	kris
+  
+  # base sources
+! SRCS+=	cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \
+! 	mem_dbg.c tmdiff.c uid.c
+  
+  # asn1
+  
diff --git a/share/security/patches/SA-03:02/openssl462.patch.asc b/share/security/patches/SA-03:02/openssl462.patch.asc
new file mode 100644
index 0000000000..3c8adc1c30
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl462.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+Wtw1FdaIBMps37IRAiAgAJ9K4IKZ+1K2eMzxgP41FgEf57vxfACfYPDw
+5rMlixan+MQb8YqwF0qxovQ=
+=Jsyl
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl462.patch.gz b/share/security/patches/SA-03:02/openssl462.patch.gz
new file mode 100644
index 0000000000..dea7975711
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl462.patch.gz
diff --git a/share/security/patches/SA-03:02/openssl462.patch.gz.asc b/share/security/patches/SA-03:02/openssl462.patch.gz.asc
new file mode 100644
index 0000000000..ce0bb5e1c3
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl462.patch.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+YBHAFdaIBMps37IRAvu+AJ9zc4U/0G/PDwj4lqBPL8lBsrJCQQCfauc5
+l4SFhD1ut/6LxRVoExTAg1g=
+=ETF9
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl47.patch b/share/security/patches/SA-03:02/openssl47.patch
new file mode 100644
index 0000000000..259acbf5f2
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl47.patch
@@ -0,0 +1,10210 @@
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/CHANGES ../RELENG_4_7/crypto/openssl/CHANGES
+*** crypto/openssl/CHANGES	Sun Aug 11 09:13:52 2002
+--- ../RELENG_4_7/crypto/openssl/CHANGES	Fri Feb 21 07:24:19 2003
+***************
+*** 2,7 ****
+--- 2,88 ----
+   OpenSSL CHANGES
+   _______________
+  
++  Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
++ 
++   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
++      via timing by performing a MAC computation even if incorrrect
++      block cipher padding has been found.  This is a countermeasure
++      against active attacks where the attacker has to distinguish
++      between bad padding and a MAC verification error. (CAN-2003-0078)
++ 
++      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
++      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
++      Martin Vuagnoux (EPFL, Ilion)]
++ 
++  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
++ 
++   *) New function OPENSSL_cleanse(), which is used to cleanse a section of
++      memory from it's contents.  This is done with a counter that will
++      place alternating values in each byte.  This can be used to solve
++      two issues: 1) the removal of calls to memset() by highly optimizing
++      compilers, and 2) cleansing with other values than 0, since those can
++      be read through on certain media, for example a swap space on disk.
++      [Geoff Thorpe]
++ 
++   *) Bugfix: client side session caching did not work with external caching,
++      because the session->cipher setting was not restored when reloading
++      from the external cache. This problem was masked, when
++      SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
++      (Found by Steve Haslam <steve@araqnid.ddts.net>.)
++      [Lutz Jaenicke]
++ 
++   *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
++      length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
++      [Zeev Lieber <zeev-l@yahoo.com>]
++ 
++   *) Undo an undocumented change introduced in 0.9.6e which caused
++      repeated calls to OpenSSL_add_all_ciphers() and 
++      OpenSSL_add_all_digests() to be ignored, even after calling
++      EVP_cleanup().
++      [Richard Levitte]
++ 
++   *) Change the default configuration reader to deal with last line not
++      being properly terminated.
++      [Richard Levitte]
++ 
++   *) Change X509_NAME_cmp() so it applies the special rules on handling
++      DN values that are of type PrintableString, as well as RDNs of type
++      emailAddress where the value has the type ia5String.
++      [stefank@valicert.com via Richard Levitte]
++ 
++   *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
++      the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
++      doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
++      the bitwise-OR of the two for use by the majority of applications
++      wanting this behaviour, and update the docs. The documented
++      behaviour and actual behaviour were inconsistent and had been
++      changing anyway, so this is more a bug-fix than a behavioural
++      change.
++      [Geoff Thorpe, diagnosed by Nadav Har'El]
++ 
++   *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
++      (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
++      [Bodo Moeller]
++ 
++   *) Fix initialization code race conditions in
++         SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
++         SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
++         SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
++         TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
++         ssl2_get_cipher_by_char(),
++         ssl3_get_cipher_by_char().
++      [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
++ 
++   *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
++      the cached sessions are flushed, as the remove_cb() might use ex_data
++      contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
++      (see [openssl.org #212]).
++      [Geoff Thorpe, Lutz Jaenicke]
++ 
++   *) Fix typo in OBJ_txt2obj which incorrectly passed the content
++      length, instead of the encoding length to d2i_ASN1_OBJECT.
++      [Steve Henson]
++ 
+   Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
+  
+    *) [In 0.9.6g-engine release:]
+***************
+*** 23,28 ****
+--- 104,115 ----
+  
+   Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
+  
++   *) Add various sanity checks to asn1_get_length() to reject
++      the ASN1 length bytes if they exceed sizeof(long), will appear
++      negative or the content length exceeds the length of the
++      supplied buffer.
++      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
++ 
+    *) Fix cipher selection routines: ciphers without encryption had no flags
+       for the cipher strength set and where therefore not handled correctly
+       by the selection routines (PR #130).
+***************
+*** 54,60 ****
+    *) Add various sanity checks to asn1_get_length() to reject
+       the ASN1 length bytes if they exceed sizeof(long), will appear
+       negative or the content length exceeds the length of the
+!      supplied buffer.
+       [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+  
+    *) Assertions for various potential buffer overflows, not known to
+--- 141,147 ----
+    *) Add various sanity checks to asn1_get_length() to reject
+       the ASN1 length bytes if they exceed sizeof(long), will appear
+       negative or the content length exceeds the length of the
+!      supplied buffer. (CAN-2002-0659)
+       [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+  
+    *) Assertions for various potential buffer overflows, not known to
+***************
+*** 159,166 ****
+       value is 0.
+       [Richard Levitte]
+  
+!   *) [In 0.9.6c-engine release:]
+!      Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
+       [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+  
+    *) Add the configuration target linux-s390x.
+--- 246,253 ----
+       value is 0.
+       [Richard Levitte]
+  
+!   *) [In 0.9.6d-engine release:]
+!      Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+       [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+  
+    *) Add the configuration target linux-s390x.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Configure ../RELENG_4_7/crypto/openssl/Configure
+*** crypto/openssl/Configure	Sun Aug 11 09:13:52 2002
+--- ../RELENG_4_7/crypto/openssl/Configure	Fri Feb 21 07:24:19 2003
+***************
+*** 122,128 ****
+  "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
+  "dist",		"cc:-O::(unknown):::::",
+  
+  # Basic configs that should work on any (32 and less bit) box
+--- 122,128 ----
+  "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "dist",		"cc:-O::(unknown):::::",
+  
+  # Basic configs that should work on any (32 and less bit) box
+***************
+*** 395,401 ****
+  "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+  
+  #
+  # Cray T90 and similar (SDSC)
+--- 395,401 ----
+  "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+  
+  #
+  # Cray T90 and similar (SDSC)
+***************
+*** 477,483 ****
+  
+  # Cygwin
+  "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+  
+  # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+  "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+--- 477,483 ----
+  
+  # Cygwin
+  "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+  
+  # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+  "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+***************
+*** 495,506 ****
+--- 495,512 ----
+  "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+  "darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+  
++ ##### A/UX
++ "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
++ 
+  ##### Sony NEWS-OS 4.x
+  "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+  
+  ##### VxWorks for various targets
+  "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
+  
++ ##### Compaq Non-Stop Kernel (Tandem)
++ "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown)::THIRTY_TWO_BIT:::",
++ 
+  );
+  
+  my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
+***************
+*** 577,582 ****
+--- 583,589 ----
+  my $target;
+  my $options;
+  my $symlink;
++ my $make_depend=0;
+  
+  my @argvcopy=@ARGV;
+  my $argvstring="";
+***************
+*** 619,625 ****
+  			{ $threads=1; }
+  		elsif (/^no-shared$/)
+  			{ $no_shared=1; }
+! 		elsif (/^shared$/)
+  			{ $no_shared=0; }
+  		elsif (/^no-symlinks$/)
+  			{ $symlink=0; }
+--- 626,632 ----
+  			{ $threads=1; }
+  		elsif (/^no-shared$/)
+  			{ $no_shared=1; }
+! 		elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
+  			{ $no_shared=0; }
+  		elsif (/^no-symlinks$/)
+  			{ $symlink=0; }
+***************
+*** 1188,1198 ****
+  EOF
+  	close(OUT);
+  } else {
+! 	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
+! 		if $symlink;
+! 	### (system 'make depend') == 0 or exit $? if $depflags ne "";
+! 	# Run "make depend" manually if you want to be able to delete
+! 	# the source code files of ciphers you left out.
+  	if ( $perl =~ m@^/@) {
+  	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+--- 1195,1207 ----
+  EOF
+  	close(OUT);
+  } else {
+! 	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+! 	my $make_targets = "";
+! 	$make_targets .= " links" if $symlink;
+! 	$make_targets .= " depend" if $depflags ne "" && $make_depend;
+! 	$make_targets .= " gentests" if $symlink;
+! 	(system $make_command.$make_targets) == 0 or exit $?
+! 		if $make_targets ne "";
+  	if ( $perl =~ m@^/@) {
+  	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+***************
+*** 1202,1207 ****
+--- 1211,1225 ----
+  	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+  	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
++ 	}
++ 	if ($depflags ne "" && !$make_depend) {
++ 		print <<EOF;
++ 
++ Since you've disabled at least one algorithm, you need to do the following
++ before building:
++ 
++ 	make depend
++ EOF
+  	}	    
+  }
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/FAQ ../RELENG_4_7/crypto/openssl/FAQ
+*** crypto/openssl/FAQ	Sun Aug 11 09:13:53 2002
+--- ../RELENG_4_7/crypto/openssl/FAQ	Fri Feb 21 07:24:19 2003
+***************
+*** 9,14 ****
+--- 9,15 ----
+  * Where can I get a compiled version of OpenSSL?
+  * Why aren't tools like 'autoconf' and 'libtool' used?
+  * What is an 'engine' version?
++ * How do I check the authenticity of the OpenSSL distribution?
+  
+  [LEGAL] Legal questions
+  
+***************
+*** 35,40 ****
+--- 36,42 ----
+  * Why does the linker complain about undefined symbols?
+  * Why does the OpenSSL test fail with "bc: command not found"?
+  * Why does the OpenSSL test fail with "bc: 1 no implemented"?
++ * Why does the OpenSSL test fail with "bc: stack empty"?
+  * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+  * Why does the OpenSSL compilation fail with "ar: command not found"?
+  * Why does the OpenSSL compilation fail on Win32 with VC++?
+***************
+*** 61,67 ****
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.6g was released on 9 August 2002.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+--- 63,69 ----
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.7a was released on February 19, 2003.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+***************
+*** 132,137 ****
+--- 134,152 ----
+  version 0.9.7 (not yet released) the changes were merged into the main
+  development line, so that the special release is no longer necessary.
+  
++ * How do I check the authenticity of the OpenSSL distribution?
++ 
++ We provide MD5 digests and ASC signatures of each tarball.
++ Use MD5 to check that a tarball from a mirror site is identical:
++ 
++    md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
++ 
++ You can check authenticity using pgp or gpg. You need the OpenSSL team
++ member public key used to sign it (download it from a key server). Then
++ just do:
++ 
++    pgp TARBALL.asc
++ 
+  [LEGAL] =======================================================================
+  
+  * Do I need patent licenses to use OpenSSL?
+***************
+*** 169,186 ****
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" that serves this purpose.  On other systems, applications have
+! to call the RAND_add() or RAND_seed() function with appropriate data
+! before generating keys or performing public key encryption.
+! (These functions initialize the pseudo-random number generator, PRNG.)
+! 
+! Some broken applications do not do this.  As of version 0.9.5, the
+! OpenSSL functions that need randomness report an error if the random
+! number generator has not been seeded with at least 128 bits of
+! randomness.  If this error occurs, please contact the author of the
+! application you are using.  It is likely that it never worked
+! correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+! to perform potentially insecure encryption.
+  
+  On systems without /dev/urandom and /dev/random, it is a good idea to
+  use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+--- 184,213 ----
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" (/dev/urandom or /dev/random) that serves this purpose.
+! All OpenSSL versions try to use /dev/urandom by default; starting with
+! version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
+! available.
+! 
+! On other systems, applications have to call the RAND_add() or
+! RAND_seed() function with appropriate data before generating keys or
+! performing public key encryption. (These functions initialize the
+! pseudo-random number generator, PRNG.)  Some broken applications do
+! not do this.  As of version 0.9.5, the OpenSSL functions that need
+! randomness report an error if the random number generator has not been
+! seeded with at least 128 bits of randomness.  If this error occurs and
+! is not discussed in the documentation of the application you are
+! using, please contact the author of that application; it is likely
+! that it never worked correctly.  OpenSSL 0.9.5 and later make the
+! error visible by refusing to perform potentially insecure encryption.
+! 
+! If you are using Solaris 8, you can add /dev/urandom and /dev/random
+! devices by installing patch 112438 (Sparc) or 112439 (x86), which are
+! available via the Patchfinder at <URL: http://sunsolve.sun.com>
+! (Solaris 9 includes these devices by default). For /dev/random support
+! for earlier Solaris versions, see Sun's statement at
+! <URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
+! (the SUNWski package is available in patch 105710).
+  
+  On systems without /dev/urandom and /dev/random, it is a good idea to
+  use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+***************
+*** 213,228 ****
+  provide their own configuration options to specify the entropy source,
+  please check out the documentation coming the with application.
+  
+- For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+- installing the SUNski package from Sun patch 105710-01 (Sparc) which
+- adds a /dev/random device and make sure it gets used, usually through
+- $RANDFILE.  There are probably similar patches for the other Solaris
+- versions.  An official statement from Sun with respect to /dev/random
+- support can be found at
+-   http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
+- However, be warned that /dev/random is usually a blocking device, which
+- may have some effects on OpenSSL.
+- 
+  
+  * Why do I get an "unable to write 'random state'" error message?
+  
+--- 240,245 ----
+***************
+*** 386,391 ****
+--- 403,419 ----
+  On some SCO installations or versions, bc has a bug that gets triggered
+  when you run the test suite (using "make test").  The message returned is
+  "bc: 1 not implemented".
++ 
++ The best way to deal with this is to find another implementation of bc
++ and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
++ for download instructions) can be safely used, for example.
++ 
++ 
++ * Why does the OpenSSL test fail with "bc: stack empty"?
++ 
++ On some DG/ux versions, bc seems to have a too small stack for calculations
++ that the OpenSSL bntest throws at it.  This gets triggered when you run the
++ test suite (using "make test").  The message returned is "bc: stack empty".
+  
+  The best way to deal with this is to find another implementation of bc
+  and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/INSTALL ../RELENG_4_7/crypto/openssl/INSTALL
+*** crypto/openssl/INSTALL	Tue Jul 30 17:04:59 2002
+--- ../RELENG_4_7/crypto/openssl/INSTALL	Fri Feb 21 07:24:19 2003
+***************
+*** 129,136 ****
+       standard headers).  If it is a problem with OpenSSL itself, please
+       report the problem to <openssl-bugs@openssl.org> (note that your
+       message will be recorded in the request tracker publicly readable
+!      via http://www.openssl.org/rt2.html and will be forwarded to a public
+!      mailing list). Include the output of "make report" in your message.
+       Please check out the request tracker. Maybe the bug was already
+       reported or has already been fixed.
+  
+--- 129,136 ----
+       standard headers).  If it is a problem with OpenSSL itself, please
+       report the problem to <openssl-bugs@openssl.org> (note that your
+       message will be recorded in the request tracker publicly readable
+!      via http://www.openssl.org/support/rt2.html and will be forwarded to a
+!      public mailing list). Include the output of "make report" in your message.
+       Please check out the request tracker. Maybe the bug was already
+       reported or has already been fixed.
+  
+***************
+*** 151,157 ****
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+       "make report" in order to be added to the request tracker at
+!      http://www.openssl.org/rt2.html.
+  
+    4. If everything tests ok, install OpenSSL with
+  
+--- 151,157 ----
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+       "make report" in order to be added to the request tracker at
+!      http://www.openssl.org/support/rt2.html.
+  
+    4. If everything tests ok, install OpenSSL with
+  
+***************
+*** 285,287 ****
+--- 285,299 ----
+   targets for shared library creation, like linux-shared.  Those targets
+   can currently be used on their own just as well, but this is expected
+   to change in future versions of OpenSSL.
++ 
++  Note on random number generation
++  --------------------------------
++ 
++  Availability of cryptographically secure random numbers is required for
++  secret key generation. OpenSSL provides several options to seed the
++  internal PRNG. If not properly seeded, the internal PRNG will refuse
++  to deliver random bytes and a "PRNG not seeded error" will occur.
++  On systems without /dev/urandom (or similar) device, it may be necessary
++  to install additional support software to obtain random seed.
++  Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
++  and the FAQ for more information.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.org ../RELENG_4_7/crypto/openssl/Makefile.org
+*** crypto/openssl/Makefile.org	Sun Aug 11 09:13:53 2002
+--- ../RELENG_4_7/crypto/openssl/Makefile.org	Fri Feb 21 07:24:19 2003
+***************
+*** 270,278 ****
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	collect2=`gcc -print-prog-name=collect2 2>&1` && \
+! 	[ -n "$$collect2" ] && \
+! 	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+--- 270,276 ----
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+***************
+*** 529,534 ****
+--- 527,536 ----
+  	fi; \
+  	done;
+  
++ gentests:
++ 	@(cd test && echo "generating dummy tests (if needed)..." && \
++ 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
++ 
+  dclean:
+  	rm -f *.bak
+  	@for i in $(DIRS) ;\
+***************
+*** 610,615 ****
+--- 612,620 ----
+  # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+  # tar does not support the --files-from option.
+  tar:
++ 	find . -type d -print | xargs chmod 755
++ 	find . -type f -print | xargs chmod a+r
++ 	find . -type f -perm -0100 -print | xargs chmod a+x
+  	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+  	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+  	tardy --user_number=0  --user_name=openssl \
+***************
+*** 652,660 ****
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+--- 657,666 ----
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+***************
+*** 664,677 ****
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+--- 670,686 ----
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+***************
+*** 687,699 ****
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man=`cd util; ./pod2mantest ignore`; \
+  	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) $$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+--- 696,708 ----
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+  	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+***************
+*** 703,709 ****
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) $$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+--- 712,718 ----
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.ssl ../RELENG_4_7/crypto/openssl/Makefile.ssl
+*** crypto/openssl/Makefile.ssl	Sun Aug 11 09:13:53 2002
+--- ../RELENG_4_7/crypto/openssl/Makefile.ssl	Fri Feb 21 07:24:19 2003
+***************
+*** 4,26 ****
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.6g
+  MAJOR=0
+  MINOR=9.6
+  SHLIB_VERSION_NUMBER=0.9.6
+  SHLIB_VERSION_HISTORY=
+  SHLIB_MAJOR=0
+  SHLIB_MINOR=9.6
+! SHLIB_EXT=
+! PLATFORM=dist
+! OPTIONS=
+! CONFIGURE_ARGS=dist
+! SHLIB_TARGET=
+  
+  # INSTALL_PREFIX is for package builders so that they can configure
+  # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+  # Normally it is left empty.
+! INSTALL_PREFIX=
+  INSTALLTOP=/usr/local/ssl
+  
+  # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+--- 4,26 ----
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.6i
+  MAJOR=0
+  MINOR=9.6
+  SHLIB_VERSION_NUMBER=0.9.6
+  SHLIB_VERSION_HISTORY=
+  SHLIB_MAJOR=0
+  SHLIB_MINOR=9.6
+! SHLIB_EXT=.so.$(SHLIB_MAJOR).$(SHLIB_MINOR)
+! PLATFORM=FreeBSD-elf
+! OPTIONS=386
+! CONFIGURE_ARGS=FreeBSD-elf 386
+! SHLIB_TARGET=bsd-gcc-shared
+  
+  # INSTALL_PREFIX is for package builders so that they can configure
+  # for, say, /usr/ and yet have everything installed to /tmp/somedir/usr/.
+  # Normally it is left empty.
+! INSTALL_PREFIX=/var/tmp/ssl
+  INSTALLTOP=/usr/local/ssl
+  
+  # Do not edit this manually. Use Configure --openssldir=DIR do change this!
+***************
+*** 55,75 ****
+  # equal 4.
+  # PKCS1_CHECK - pkcs1 tests.
+  
+! CC= cc
+  #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+! CFLAG= -O
+  DEPFLAG= 
+  PEX_LIBS= 
+  EX_LIBS= 
+  EXE_EXT= 
+  AR=ar r
+  RANLIB= /usr/bin/ranlib
+! PERL= /usr/local/bin/perl
+  TAR= tar
+  TARFLAGS= --no-recursion
+  
+  # Set BN_ASM to bn_asm.o if you want to use the C version
+! BN_ASM= bn_asm.o
+  #BN_ASM= bn_asm.o
+  #BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+  #BN_ASM= asm/bn86-sol.o # solaris
+--- 55,75 ----
+  # equal 4.
+  # PKCS1_CHECK - pkcs1 tests.
+  
+! CC= gcc
+  #CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+! CFLAG= -fPIC -DTHREADS -pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE -DDSO_DLFCN -DHAVE_DLFCN_H -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
+  DEPFLAG= 
+  PEX_LIBS= 
+  EX_LIBS= 
+  EXE_EXT= 
+  AR=ar r
+  RANLIB= /usr/bin/ranlib
+! PERL= /usr/local/bin/perl5
+  TAR= tar
+  TARFLAGS= --no-recursion
+  
+  # Set BN_ASM to bn_asm.o if you want to use the C version
+! BN_ASM= asm/bn86-elf.o asm/co86-elf.o
+  #BN_ASM= bn_asm.o
+  #BN_ASM= asm/bn86-elf.o	# elf, linux-elf
+  #BN_ASM= asm/bn86-sol.o # solaris
+***************
+*** 85,95 ****
+  
+  # For x86 assembler: Set PROCESSOR to 386 if you want to support
+  # the 80386.
+! PROCESSOR= 
+  
+  # Set DES_ENC to des_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! DES_ENC= des_enc.o fcrypt_b.o
+  #DES_ENC= des_enc.o fcrypt_b.o          # C
+  #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+  #DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+--- 85,95 ----
+  
+  # For x86 assembler: Set PROCESSOR to 386 if you want to support
+  # the 80386.
+! PROCESSOR= 386
+  
+  # Set DES_ENC to des_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! DES_ENC= asm/dx86-elf.o asm/yx86-elf.o
+  #DES_ENC= des_enc.o fcrypt_b.o          # C
+  #DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
+  #DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
+***************
+*** 98,104 ****
+  
+  # Set BF_ENC to bf_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! BF_ENC= bf_enc.o
+  #BF_ENC= bf_enc.o
+  #BF_ENC= asm/bx86-elf.o # elf
+  #BF_ENC= asm/bx86-sol.o # solaris
+--- 98,104 ----
+  
+  # Set BF_ENC to bf_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! BF_ENC= asm/bx86-elf.o
+  #BF_ENC= bf_enc.o
+  #BF_ENC= asm/bx86-elf.o # elf
+  #BF_ENC= asm/bx86-sol.o # solaris
+***************
+*** 107,113 ****
+  
+  # Set CAST_ENC to c_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! CAST_ENC= c_enc.o
+  #CAST_ENC= c_enc.o
+  #CAST_ENC= asm/cx86-elf.o # elf
+  #CAST_ENC= asm/cx86-sol.o # solaris
+--- 107,113 ----
+  
+  # Set CAST_ENC to c_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! CAST_ENC= asm/cx86-elf.o
+  #CAST_ENC= c_enc.o
+  #CAST_ENC= asm/cx86-elf.o # elf
+  #CAST_ENC= asm/cx86-sol.o # solaris
+***************
+*** 116,122 ****
+  
+  # Set RC4_ENC to rc4_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC4_ENC= rc4_enc.o
+  #RC4_ENC= rc4_enc.o
+  #RC4_ENC= asm/rx86-elf.o # elf
+  #RC4_ENC= asm/rx86-sol.o # solaris
+--- 116,122 ----
+  
+  # Set RC4_ENC to rc4_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC4_ENC= asm/rx86-elf.o
+  #RC4_ENC= rc4_enc.o
+  #RC4_ENC= asm/rx86-elf.o # elf
+  #RC4_ENC= asm/rx86-sol.o # solaris
+***************
+*** 125,131 ****
+  
+  # Set RC5_ENC to rc5_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC5_ENC= rc5_enc.o
+  #RC5_ENC= rc5_enc.o
+  #RC5_ENC= asm/r586-elf.o # elf
+  #RC5_ENC= asm/r586-sol.o # solaris
+--- 125,131 ----
+  
+  # Set RC5_ENC to rc5_enc.o if you want to use the C version
+  #There are 4 x86 assember options.
+! RC5_ENC= asm/r586-elf.o
+  #RC5_ENC= rc5_enc.o
+  #RC5_ENC= asm/r586-elf.o # elf
+  #RC5_ENC= asm/r586-sol.o # solaris
+***************
+*** 133,153 ****
+  #RC5_ENC= asm/r586bsdi.o # bsdi
+  
+  # Also need MD5_ASM defined
+! MD5_ASM_OBJ= 
+  #MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+  #MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+  #MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+  #MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+  
+  # Also need SHA1_ASM defined
+! SHA1_ASM_OBJ= 
+  #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+  #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+  #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+  #SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+  
+  # Also need RMD160_ASM defined
+! RMD160_ASM_OBJ= 
+  #RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+  #RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+  #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+--- 133,153 ----
+  #RC5_ENC= asm/r586bsdi.o # bsdi
+  
+  # Also need MD5_ASM defined
+! MD5_ASM_OBJ= asm/mx86-elf.o
+  #MD5_ASM_OBJ= asm/mx86-elf.o        # elf
+  #MD5_ASM_OBJ= asm/mx86-sol.o        # solaris
+  #MD5_ASM_OBJ= asm/mx86-out.o        # a.out, FreeBSD
+  #MD5_ASM_OBJ= asm/mx86bsdi.o        # bsdi
+  
+  # Also need SHA1_ASM defined
+! SHA1_ASM_OBJ= asm/sx86-elf.o
+  #SHA1_ASM_OBJ= asm/sx86-elf.o       # elf
+  #SHA1_ASM_OBJ= asm/sx86-sol.o       # solaris
+  #SHA1_ASM_OBJ= asm/sx86-out.o       # a.out, FreeBSD
+  #SHA1_ASM_OBJ= asm/sx86bsdi.o       # bsdi
+  
+  # Also need RMD160_ASM defined
+! RMD160_ASM_OBJ= asm/rm86-elf.o
+  #RMD160_ASM_OBJ= asm/rm86-elf.o       # elf
+  #RMD160_ASM_OBJ= asm/rm86-sol.o       # solaris
+  #RMD160_ASM_OBJ= asm/rm86-out.o       # a.out, FreeBSD
+***************
+*** 184,190 ****
+  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+  SHARED_SSL=libssl$(SHLIB_EXT)
+  SHARED_LIBS=
+! SHARED_LIBS_LINK_EXTS=
+  SHARED_LDFLAGS=
+  
+  GENERAL=        Makefile
+--- 184,190 ----
+  SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
+  SHARED_SSL=libssl$(SHLIB_EXT)
+  SHARED_LIBS=
+! SHARED_LIBS_LINK_EXTS=.so.$(SHLIB_MAJOR) .so
+  SHARED_LDFLAGS=
+  
+  GENERAL=        Makefile
+***************
+*** 272,280 ****
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	collect2=`gcc -print-prog-name=collect2 2>&1` && \
+! 	[ -n "$$collect2" ] && \
+! 	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+--- 272,278 ----
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+***************
+*** 531,536 ****
+--- 529,538 ----
+  	fi; \
+  	done;
+  
++ gentests:
++ 	@(cd test && echo "generating dummy tests (if needed)..." && \
++ 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
++ 
+  dclean:
+  	rm -f *.bak
+  	@for i in $(DIRS) ;\
+***************
+*** 612,617 ****
+--- 614,622 ----
+  # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+  # tar does not support the --files-from option.
+  tar:
++ 	find . -type d -print | xargs chmod 755
++ 	find . -type f -print | xargs chmod a+r
++ 	find . -type f -perm -0100 -print | xargs chmod a+x
+  	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+  	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+  	tardy --user_number=0  --user_name=openssl \
+***************
+*** 654,662 ****
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+--- 659,668 ----
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+***************
+*** 666,679 ****
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+--- 672,688 ----
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+***************
+*** 689,701 ****
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man=`cd util; ./pod2mantest ignore`; \
+  	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) $$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+--- 698,710 ----
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+  	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+***************
+*** 705,711 ****
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) $$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+--- 714,720 ----
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/NEWS ../RELENG_4_7/crypto/openssl/NEWS
+*** crypto/openssl/NEWS	Sun Aug 11 09:13:53 2002
+--- ../RELENG_4_7/crypto/openssl/NEWS	Fri Feb 21 07:24:19 2003
+***************
+*** 5,10 ****
+--- 5,28 ----
+    This file gives a brief overview of the major changes between each OpenSSL
+    release. For more details please read the CHANGES file.
+  
++   Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
++ 
++       o Important security related bugfixes.
++ 
++   Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
++ 
++       o New configuration targets for Tandem OSS and A/UX.
++       o New OIDs for Microsoft attributes.
++       o Better handling of SSL session caching.
++       o Better comparison of distinguished names.
++       o Better handling of shared libraries in a mixed GNU/non-GNU environment.
++       o Support assembler code with Borland C.
++       o Fixes for length problems.
++       o Fixes for uninitialised variables.
++       o Fixes for memory leaks, some unusual crashes and some race conditions.
++       o Fixes for smaller building problems.
++       o Updates of manuals, FAQ and other instructive documents.
++ 
+    Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
+  
+        o Important building fixes on Unix.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/PROBLEMS ../RELENG_4_7/crypto/openssl/PROBLEMS
+*** crypto/openssl/PROBLEMS	Sun Aug 11 09:13:53 2002
+--- ../RELENG_4_7/crypto/openssl/PROBLEMS	Fri Feb 21 07:24:19 2003
+***************
+*** 40,42 ****
+--- 40,58 ----
+  will interfere with each other and lead to test failure.
+  
+  The solution is simple for now: don't run parallell make when testing.
++ 
++ 
++ * Bugs in gcc 3.0 triggered
++ 
++ According to a problem report, there are bugs in gcc 3.0 that are
++ triggered by some of the code in OpenSSL, more specifically in
++ PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
++ 
++ 	header+=11;
++ 	if (*header != '4') return(0); header++;
++ 	if (*header != ',') return(0); header++;
++ 
++ What happens is that gcc might optimize a little too agressively, and
++ you end up with an extra incrementation when *header != '4'.
++ 
++ We recommend that you upgrade gcc to as high a 3.x version as you can.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/README ../RELENG_4_7/crypto/openssl/README
+*** crypto/openssl/README	Sun Aug 11 09:13:53 2002
+--- ../RELENG_4_7/crypto/openssl/README	Fri Feb 21 07:24:19 2003
+***************
+*** 1,7 ****
+  
+!  OpenSSL 0.9.6g 9 August 2002
+  
+!  Copyright (c) 1998-2002 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+--- 1,7 ----
+  
+!  OpenSSL 0.9.6i Feb 19 2003
+  
+!  Copyright (c) 1998-2003 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/CA.pl ../RELENG_4_7/crypto/openssl/apps/CA.pl
+*** crypto/openssl/apps/CA.pl	Sun Aug 11 09:13:58 2002
+--- ../RELENG_4_7/crypto/openssl/apps/CA.pl	Fri Feb 21 07:24:19 2003
+***************
+*** 1,4 ****
+! #!/usr/local/bin/perl
+  #
+  # CA - wrapper around ca to make it easier to use ... basically ca requires
+  #      some setup stuff to be done before you can use it and this makes
+--- 1,4 ----
+! #!/usr/local/bin/perl5
+  #
+  # CA - wrapper around ca to make it easier to use ... basically ca requires
+  #      some setup stuff to be done before you can use it and this makes
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/Makefile.ssl ../RELENG_4_7/crypto/openssl/apps/Makefile.ssl
+*** crypto/openssl/apps/Makefile.ssl	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/Makefile.ssl	Fri Feb 21 07:24:19 2003
+***************
+*** 117,123 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 117,123 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 128,137 ****
+  	rm -f req
+  
+  $(DLIBSSL):
+! 	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(DLIBCRYPTO):
+! 	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+  	$(RM) $(PROGRAM)
+--- 128,137 ----
+  	rm -f req
+  
+  $(DLIBSSL):
+! 	(cd ..; $(MAKE) DIRS=ssl all)
+  
+  $(DLIBCRYPTO):
+! 	(cd ..; $(MAKE) DIRS=crypto all)
+  
+  $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+  	$(RM) $(PROGRAM)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.h ../RELENG_4_7/crypto/openssl/apps/apps.h
+*** crypto/openssl/apps/apps.h	Sun Nov 26 05:32:47 2000
+--- ../RELENG_4_7/crypto/openssl/apps/apps.h	Fri Feb 21 07:24:19 2003
+***************
+*** 92,99 ****
+--- 92,101 ----
+  #define MAIN(a,v)	main(a,v)
+  
+  #ifndef NON_MAIN
++ LHASH *config=NULL;
+  BIO *bio_err=NULL;
+  #else
++ extern LHASH *config;
+  extern BIO *bio_err;
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/asn1pars.c ../RELENG_4_7/crypto/openssl/apps/asn1pars.c
+*** crypto/openssl/apps/asn1pars.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/asn1pars.c	Fri Feb 21 07:24:19 2003
+***************
+*** 328,333 ****
+  	if (at != NULL) ASN1_TYPE_free(at);
+  	if (osk != NULL) sk_free(osk);
+  	OBJ_cleanup();
+! 	EXIT(ret);
+  	}
+  
+--- 328,333 ----
+  	if (at != NULL) ASN1_TYPE_free(at);
+  	if (osk != NULL) sk_free(osk);
+  	OBJ_cleanup();
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ca.c ../RELENG_4_7/crypto/openssl/apps/ca.c
+*** crypto/openssl/apps/ca.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/ca.c	Fri Feb 21 07:24:19 2003
+***************
+*** 543,549 ****
+  		goto err;
+  		}
+  		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+! 		if(key) memset(key,0,strlen(key));
+  	if (pkey == NULL)
+  		{
+  		BIO_printf(bio_err,"unable to load CA private key\n");
+--- 543,549 ----
+  		goto err;
+  		}
+  		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+! 		if(key) OPENSSL_cleanse(key,strlen(key));
+  	if (pkey == NULL)
+  		{
+  		BIO_printf(bio_err,"unable to load CA private key\n");
+***************
+*** 606,617 ****
+--- 606,619 ----
+  	       that to access().  However, time's too short to do that just
+  	       now.
+              */
++ #ifndef VXWORKS
+  		if (access(outdir,R_OK|W_OK|X_OK) != 0)
+  			{
+  			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
+  			perror(outdir);
+  			goto err;
+  			}
++ #endif
+  
+  		if (stat(outdir,&sb) != 0)
+  			{
+***************
+*** 829,837 ****
+  			}
+  		if (verbose)
+  			{
+! 			if ((f=BN_bn2hex(serial)) == NULL) goto err;
+! 			BIO_printf(bio_err,"next serial number is %s\n",f);
+! 			OPENSSL_free(f);
+  			}
+  
+  		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+--- 831,844 ----
+  			}
+  		if (verbose)
+  			{
+! 			if (BN_is_zero(serial))
+! 				BIO_printf(bio_err,"next serial number is 00\n");
+! 			else
+! 				{
+! 				if ((f=BN_bn2hex(serial)) == NULL) goto err;
+! 				BIO_printf(bio_err,"next serial number is %s\n",f);
+! 				OPENSSL_free(f);
+! 				}
+  			}
+  
+  		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+***************
+*** 1275,1281 ****
+  	X509_CRL_free(crl);
+  	CONF_free(conf);
+  	OBJ_cleanup();
+! 	EXIT(ret);
+  	}
+  
+  static void lookup_fail(char *name, char *tag)
+--- 1282,1288 ----
+  	X509_CRL_free(crl);
+  	CONF_free(conf);
+  	OBJ_cleanup();
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void lookup_fail(char *name, char *tag)
+***************
+*** 1340,1346 ****
+  	ret=ASN1_INTEGER_to_BN(ai,NULL);
+  	if (ret == NULL)
+  		{
+! 		BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+  		goto err;
+  		}
+  err:
+--- 1347,1353 ----
+  	ret=ASN1_INTEGER_to_BN(ai,NULL);
+  	if (ret == NULL)
+  		{
+! 		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+  		goto err;
+  		}
+  err:
+***************
+*** 1728,1734 ****
+  		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
+  
+  	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+! 	row[DB_serial]=BN_bn2hex(serial);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+  		BIO_printf(bio_err,"Memory allocation failure\n");
+--- 1735,1744 ----
+  		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
+  
+  	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+! 	if (BN_is_zero(serial))
+! 		row[DB_serial]=BUF_strdup("00");
+! 	else
+! 		row[DB_serial]=BN_bn2hex(serial);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+  		BIO_printf(bio_err,"Memory allocation failure\n");
+***************
+*** 2142,2148 ****
+  		row[i]=NULL;
+  	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+  	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+! 	row[DB_serial]=BN_bn2hex(bn);
+  	BN_free(bn);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+--- 2152,2161 ----
+  		row[i]=NULL;
+  	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+  	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+! 	if (BN_is_zero(bn))
+! 		row[DB_serial]=BUF_strdup("00");
+! 	else
+! 		row[DB_serial]=BN_bn2hex(bn);
+  	BN_free(bn);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ciphers.c ../RELENG_4_7/crypto/openssl/apps/ciphers.c
+*** crypto/openssl/apps/ciphers.c	Sun Nov 26 05:32:47 2000
+--- ../RELENG_4_7/crypto/openssl/apps/ciphers.c	Fri Feb 21 07:24:19 2003
+***************
+*** 202,207 ****
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+  	if (ssl != NULL) SSL_free(ssl);
+  	if (STDout != NULL) BIO_free_all(STDout);
+! 	EXIT(ret);
+  	}
+  
+--- 202,207 ----
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+  	if (ssl != NULL) SSL_free(ssl);
+  	if (STDout != NULL) BIO_free_all(STDout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl.c ../RELENG_4_7/crypto/openssl/apps/crl.c
+*** crypto/openssl/apps/crl.c	Sun Nov 26 05:32:47 2000
+--- ../RELENG_4_7/crypto/openssl/apps/crl.c	Fri Feb 21 07:24:19 2003
+***************
+*** 364,370 ****
+  		X509_STORE_CTX_cleanup(&ctx);
+  		X509_STORE_free(store);
+  	}
+! 	EXIT(ret);
+  	}
+  
+  static X509_CRL *load_crl(char *infile, int format)
+--- 364,370 ----
+  		X509_STORE_CTX_cleanup(&ctx);
+  		X509_STORE_free(store);
+  	}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static X509_CRL *load_crl(char *infile, int format)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl2p7.c ../RELENG_4_7/crypto/openssl/apps/crl2p7.c
+*** crypto/openssl/apps/crl2p7.c	Sun Nov 26 05:32:47 2000
+--- ../RELENG_4_7/crypto/openssl/apps/crl2p7.c	Fri Feb 21 07:24:19 2003
+***************
+*** 166,172 ****
+  		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+  		BIO_printf(bio_err,"                (can be used more than once)\n");
+  		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
+! 		EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+--- 166,172 ----
+  		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+  		BIO_printf(bio_err,"                (can be used more than once)\n");
+  		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
+! 		OPENSSL_EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+***************
+*** 278,284 ****
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (crl != NULL) X509_CRL_free(crl);
+  
+! 	EXIT(ret);
+  	}
+  
+  /*
+--- 278,284 ----
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (crl != NULL) X509_CRL_free(crl);
+  
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /*
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/der_chop ../RELENG_4_7/crypto/openssl/apps/der_chop
+*** crypto/openssl/apps/der_chop	Sun Aug 11 09:13:58 2002
+--- ../RELENG_4_7/crypto/openssl/apps/der_chop	Fri Feb 21 07:24:19 2003
+***************
+*** 1,4 ****
+! #!/usr/local/bin/perl
+  #
+  # der_chop ... this is one total hack that Eric is really not proud of
+  #              so don't look at it and don't ask for support
+--- 1,4 ----
+! #!/usr/local/bin/perl5
+  #
+  # der_chop ... this is one total hack that Eric is really not proud of
+  #              so don't look at it and don't ask for support
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dgst.c ../RELENG_4_7/crypto/openssl/apps/dgst.c
+*** crypto/openssl/apps/dgst.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/dgst.c	Fri Feb 21 07:24:19 2003
+***************
+*** 327,333 ****
+  end:
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,BUFSIZE);
+  		OPENSSL_free(buf);
+  		}
+  	if (in != NULL) BIO_free(in);
+--- 327,333 ----
+  end:
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,BUFSIZE);
+  		OPENSSL_free(buf);
+  		}
+  	if (in != NULL) BIO_free(in);
+***************
+*** 335,341 ****
+  	EVP_PKEY_free(sigkey);
+  	if(sigbuf) OPENSSL_free(sigbuf);
+  	if (bmd != NULL) BIO_free(bmd);
+! 	EXIT(err);
+  	}
+  
+  void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+--- 335,341 ----
+  	EVP_PKEY_free(sigkey);
+  	if(sigbuf) OPENSSL_free(sigbuf);
+  	if (bmd != NULL) BIO_free(bmd);
+! 	OPENSSL_EXIT(err);
+  	}
+  
+  void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dh.c ../RELENG_4_7/crypto/openssl/apps/dh.c
+*** crypto/openssl/apps/dh.c	Sun Nov 26 05:32:47 2000
+--- ../RELENG_4_7/crypto/openssl/apps/dh.c	Fri Feb 21 07:24:19 2003
+***************
+*** 319,324 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 319,324 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dhparam.c ../RELENG_4_7/crypto/openssl/apps/dhparam.c
+*** crypto/openssl/apps/dhparam.c	Sun Nov 26 05:32:47 2000
+--- ../RELENG_4_7/crypto/openssl/apps/dhparam.c	Fri Feb 21 07:24:19 2003
+***************
+*** 506,512 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  
+  /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+--- 506,512 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsa.c ../RELENG_4_7/crypto/openssl/apps/dsa.c
+*** crypto/openssl/apps/dsa.c	Sun Nov 26 05:32:47 2000
+--- ../RELENG_4_7/crypto/openssl/apps/dsa.c	Fri Feb 21 07:24:19 2003
+***************
+*** 293,298 ****
+  	if(dsa != NULL) DSA_free(dsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 293,298 ----
+  	if(dsa != NULL) DSA_free(dsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsaparam.c ../RELENG_4_7/crypto/openssl/apps/dsaparam.c
+*** crypto/openssl/apps/dsaparam.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/dsaparam.c	Fri Feb 21 07:24:19 2003
+***************
+*** 357,363 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+--- 357,363 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/enc.c ../RELENG_4_7/crypto/openssl/apps/enc.c
+*** crypto/openssl/apps/enc.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/enc.c	Fri Feb 21 07:24:19 2003
+***************
+*** 506,514 ****
+  			 * bug picked up by
+  			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
+  			if (str == strbuf)
+! 				memset(str,0,SIZE);
+  			else
+! 				memset(str,0,strlen(str));
+  			}
+  		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+  			{
+--- 506,514 ----
+  			 * bug picked up by
+  			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
+  			if (str == strbuf)
+! 				OPENSSL_cleanse(str,SIZE);
+  			else
+! 				OPENSSL_cleanse(str,strlen(str));
+  			}
+  		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+  			{
+***************
+*** 604,610 ****
+  	if (benc != NULL) BIO_free(benc);
+  	if (b64 != NULL) BIO_free(b64);
+  	if(pass) OPENSSL_free(pass);
+! 	EXIT(ret);
+  	}
+  
+  int set_hex(char *in, unsigned char *out, int size)
+--- 604,610 ----
+  	if (benc != NULL) BIO_free(benc);
+  	if (b64 != NULL) BIO_free(b64);
+  	if(pass) OPENSSL_free(pass);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  int set_hex(char *in, unsigned char *out, int size)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/errstr.c ../RELENG_4_7/crypto/openssl/apps/errstr.c
+*** crypto/openssl/apps/errstr.c	Sun Nov 26 05:32:48 2000
+--- ../RELENG_4_7/crypto/openssl/apps/errstr.c	Fri Feb 21 07:24:19 2003
+***************
+*** 121,125 ****
+  			ret++;
+  			}
+  		}
+! 	EXIT(ret);
+  	}
+--- 121,125 ----
+  			ret++;
+  			}
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendh.c ../RELENG_4_7/crypto/openssl/apps/gendh.c
+*** crypto/openssl/apps/gendh.c	Sun Nov 26 05:32:48 2000
+--- ../RELENG_4_7/crypto/openssl/apps/gendh.c	Fri Feb 21 07:24:19 2003
+***************
+*** 184,190 ****
+  		ERR_print_errors(bio_err);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+--- 184,190 ----
+  		ERR_print_errors(bio_err);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendsa.c ../RELENG_4_7/crypto/openssl/apps/gendsa.c
+*** crypto/openssl/apps/gendsa.c	Sun Nov 26 05:32:48 2000
+--- ../RELENG_4_7/crypto/openssl/apps/gendsa.c	Fri Feb 21 07:24:19 2003
+***************
+*** 220,225 ****
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 220,225 ----
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/genrsa.c ../RELENG_4_7/crypto/openssl/apps/genrsa.c
+*** crypto/openssl/apps/genrsa.c	Sun Nov 26 05:32:48 2000
+--- ../RELENG_4_7/crypto/openssl/apps/genrsa.c	Fri Feb 21 07:24:19 2003
+***************
+*** 224,230 ****
+  	if(passout) OPENSSL_free(passout);
+  	if (ret != 0)
+  		ERR_print_errors(bio_err);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
+--- 224,230 ----
+  	if(passout) OPENSSL_free(passout);
+  	if (ret != 0)
+  		ERR_print_errors(bio_err);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/nseq.c ../RELENG_4_7/crypto/openssl/apps/nseq.c
+*** crypto/openssl/apps/nseq.c	Sun Nov 26 05:32:48 2000
+--- ../RELENG_4_7/crypto/openssl/apps/nseq.c	Fri Feb 21 07:24:19 2003
+***************
+*** 102,108 ****
+  		BIO_printf (bio_err, "-in file  input file\n");
+  		BIO_printf (bio_err, "-out file output file\n");
+  		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+! 		EXIT(1);
+  	}
+  
+  	if (infile) {
+--- 102,108 ----
+  		BIO_printf (bio_err, "-in file  input file\n");
+  		BIO_printf (bio_err, "-out file output file\n");
+  		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+! 		OPENSSL_EXIT(1);
+  	}
+  
+  	if (infile) {
+***************
+*** 162,167 ****
+  	BIO_free_all(out);
+  	NETSCAPE_CERT_SEQUENCE_free(seq);
+  
+! 	EXIT(ret);
+  }
+  
+--- 162,167 ----
+  	BIO_free_all(out);
+  	NETSCAPE_CERT_SEQUENCE_free(seq);
+  
+! 	OPENSSL_EXIT(ret);
+  }
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/openssl.c ../RELENG_4_7/crypto/openssl/apps/openssl.c
+*** crypto/openssl/apps/openssl.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/openssl.c	Fri Feb 21 07:24:19 2003
+***************
+*** 77,87 ****
+  static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+  static LHASH *prog_init(void );
+  static int do_cmd(LHASH *prog,int argc,char *argv[]);
+- LHASH *config=NULL;
+  char *default_config_file=NULL;
+  
+  /* Make sure there is only one when MONOLITH is defined */
+  #ifdef MONOLITH
+  BIO *bio_err=NULL;
+  #endif
+  
+--- 77,87 ----
+  static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+  static LHASH *prog_init(void );
+  static int do_cmd(LHASH *prog,int argc,char *argv[]);
+  char *default_config_file=NULL;
+  
+  /* Make sure there is only one when MONOLITH is defined */
+  #ifdef MONOLITH
++ LHASH *config=NULL;
+  BIO *bio_err=NULL;
+  #endif
+  
+***************
+*** 215,221 ****
+  		BIO_free(bio_err);
+  		bio_err=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  #define LIST_STANDARD_COMMANDS "list-standard-commands"
+--- 215,221 ----
+  		BIO_free(bio_err);
+  		bio_err=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  #define LIST_STANDARD_COMMANDS "list-standard-commands"
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/passwd.c ../RELENG_4_7/crypto/openssl/apps/passwd.c
+*** crypto/openssl/apps/passwd.c	Wed Jul  4 18:19:09 2001
+--- ../RELENG_4_7/crypto/openssl/apps/passwd.c	Fri Feb 21 07:24:19 2003
+***************
+*** 284,290 ****
+  		BIO_free(in);
+  	if (out)
+  		BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+  
+  
+--- 284,290 ----
+  		BIO_free(in);
+  	if (out)
+  		BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  
+***************
+*** 498,503 ****
+  int MAIN(int argc, char **argv)
+  	{
+  	fputs("Program not available.\n", stderr)
+! 	EXIT(1);
+  	}
+  #endif
+--- 498,503 ----
+  int MAIN(int argc, char **argv)
+  	{
+  	fputs("Program not available.\n", stderr)
+! 	OPENSSL_EXIT(1);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs12.c ../RELENG_4_7/crypto/openssl/apps/pkcs12.c
+*** crypto/openssl/apps/pkcs12.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/pkcs12.c	Fri Feb 21 07:24:19 2003
+***************
+*** 480,488 ****
+  		    /* Exclude verified certificate */
+  		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
+  			sk_X509_push(certs, sk_X509_value (chain2, i));
+! 		}
+! 		sk_X509_free(chain2);
+! 		if (vret) {
+  			BIO_printf (bio_err, "Error %s getting chain.\n",
+  					X509_verify_cert_error_string(vret));
+  			goto export_end;
+--- 480,489 ----
+  		    /* Exclude verified certificate */
+  		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
+  			sk_X509_push(certs, sk_X509_value (chain2, i));
+! 		    /* Free first certificate */
+! 		    X509_free(sk_X509_value(chain2, 0));
+! 		    sk_X509_free(chain2);
+! 		} else {
+  			BIO_printf (bio_err, "Error %s getting chain.\n",
+  					X509_verify_cert_error_string(vret));
+  			goto export_end;
+***************
+*** 509,516 ****
+  	}
+  	sk_X509_pop_free(certs, X509_free);
+  	certs = NULL;
+- 	/* ucert is part of certs so it is already freed */
+- 	ucert = NULL;
+  
+  #ifdef CRYPTO_MDEBUG
+  	CRYPTO_pop_info();
+--- 510,515 ----
+***************
+*** 598,604 ****
+  	if (certs) sk_X509_pop_free(certs, X509_free);
+  	if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
+  	if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+- 	if (ucert) X509_free(ucert);
+  
+  #ifdef CRYPTO_MDEBUG
+  	CRYPTO_pop_info();
+--- 597,602 ----
+***************
+*** 668,674 ****
+      if (canames) sk_free(canames);
+      if(passin) OPENSSL_free(passin);
+      if(passout) OPENSSL_free(passout);
+!     EXIT(ret);
+  }
+  
+  int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+--- 666,672 ----
+      if (canames) sk_free(canames);
+      if(passin) OPENSSL_free(passin);
+      if(passout) OPENSSL_free(passout);
+!     OPENSSL_EXIT(ret);
+  }
+  
+  int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs7.c ../RELENG_4_7/crypto/openssl/apps/pkcs7.c
+*** crypto/openssl/apps/pkcs7.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/pkcs7.c	Fri Feb 21 07:24:19 2003
+***************
+*** 154,160 ****
+  		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+  		BIO_printf(bio_err," -text         print full details of certificates\n");
+  		BIO_printf(bio_err," -noout        don't output encoded data\n");
+! 		EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+--- 154,160 ----
+  		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+  		BIO_printf(bio_err," -text         print full details of certificates\n");
+  		BIO_printf(bio_err," -noout        don't output encoded data\n");
+! 		OPENSSL_EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+***************
+*** 289,293 ****
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+--- 289,293 ----
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs8.c ../RELENG_4_7/crypto/openssl/apps/pkcs8.c
+*** crypto/openssl/apps/pkcs8.c	Sun Nov 26 05:32:48 2000
+--- ../RELENG_4_7/crypto/openssl/apps/pkcs8.c	Fri Feb 21 07:24:19 2003
+***************
+*** 236,242 ****
+  			if(passout) p8pass = passout;
+  			else {
+  				p8pass = pass;
+! 				EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+  			}
+  			app_RAND_load_file(NULL, bio_err, 0);
+  			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+--- 236,243 ----
+  			if(passout) p8pass = passout;
+  			else {
+  				p8pass = pass;
+! 				if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
+! 					return (1);
+  			}
+  			app_RAND_load_file(NULL, bio_err, 0);
+  			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rand.c ../RELENG_4_7/crypto/openssl/apps/rand.c
+*** crypto/openssl/apps/rand.c	Sun Nov 26 05:32:48 2000
+--- ../RELENG_4_7/crypto/openssl/apps/rand.c	Fri Feb 21 07:24:19 2003
+***************
+*** 144,148 ****
+  	ERR_print_errors(bio_err);
+  	if (out)
+  		BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+--- 144,148 ----
+  	ERR_print_errors(bio_err);
+  	if (out)
+  		BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/req.c ../RELENG_4_7/crypto/openssl/apps/req.c
+*** crypto/openssl/apps/req.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/req.c	Fri Feb 21 07:24:19 2003
+***************
+*** 422,428 ****
+  
+  	if (template != NULL)
+  		{
+! 		long errline;
+  
+  		BIO_printf(bio_err,"Using configuration from %s\n",template);
+  		req_conf=CONF_load(NULL,template,&errline);
+--- 422,428 ----
+  
+  	if (template != NULL)
+  		{
+! 		long errline = -1;
+  
+  		BIO_printf(bio_err,"Using configuration from %s\n",template);
+  		req_conf=CONF_load(NULL,template,&errline);
+***************
+*** 909,915 ****
+  #ifndef NO_DSA
+  	if (dsa_params != NULL) DSA_free(dsa_params);
+  #endif
+! 	EXIT(ex);
+  	}
+  
+  static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+--- 909,915 ----
+  #ifndef NO_DSA
+  	if (dsa_params != NULL) DSA_free(dsa_params);
+  #endif
+! 	OPENSSL_EXIT(ex);
+  	}
+  
+  static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa.c ../RELENG_4_7/crypto/openssl/apps/rsa.c
+*** crypto/openssl/apps/rsa.c	Sun Nov 26 05:32:49 2000
+--- ../RELENG_4_7/crypto/openssl/apps/rsa.c	Fri Feb 21 07:24:19 2003
+***************
+*** 389,395 ****
+  	if(rsa != NULL) RSA_free(rsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #else /* !NO_RSA */
+  
+--- 389,395 ----
+  	if(rsa != NULL) RSA_free(rsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #else /* !NO_RSA */
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_client.c ../RELENG_4_7/crypto/openssl/apps/s_client.c
+*** crypto/openssl/apps/s_client.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/s_client.c	Fri Feb 21 07:24:19 2003
+***************
+*** 768,781 ****
+  	if (con != NULL) SSL_free(con);
+  	if (con2 != NULL) SSL_free(con2);
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+! 	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
+! 	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+  	if (bio_c_out != NULL)
+  		{
+  		BIO_free(bio_c_out);
+  		bio_c_out=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  
+--- 768,781 ----
+  	if (con != NULL) SSL_free(con);
+  	if (con2 != NULL) SSL_free(con2);
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+! 	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+! 	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+  	if (bio_c_out != NULL)
+  		{
+  		BIO_free(bio_c_out);
+  		bio_c_out=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_server.c ../RELENG_4_7/crypto/openssl/apps/s_server.c
+*** crypto/openssl/apps/s_server.c	Wed Jul  4 18:19:09 2001
+--- ../RELENG_4_7/crypto/openssl/apps/s_server.c	Fri Feb 21 07:24:19 2003
+***************
+*** 253,262 ****
+  static int ebcdic_new(BIO *bi);
+  static int ebcdic_free(BIO *a);
+  static int ebcdic_read(BIO *b, char *out, int outl);
+! static int ebcdic_write(BIO *b, char *in, int inl);
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+  static int ebcdic_gets(BIO *bp, char *buf, int size);
+! static int ebcdic_puts(BIO *bp, char *str);
+  
+  #define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+  static BIO_METHOD methods_ebcdic=
+--- 253,262 ----
+  static int ebcdic_new(BIO *bi);
+  static int ebcdic_free(BIO *a);
+  static int ebcdic_read(BIO *b, char *out, int outl);
+! static int ebcdic_write(BIO *b, const char *in, int inl);
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+  static int ebcdic_gets(BIO *bp, char *buf, int size);
+! static int ebcdic_puts(BIO *bp, const char *str);
+  
+  #define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+  static BIO_METHOD methods_ebcdic=
+***************
+*** 321,327 ****
+  	return(ret);
+  }
+  
+! static int ebcdic_write(BIO *b, char *in, int inl)
+  {
+  	EBCDIC_OUTBUFF *wbuf;
+  	int ret=0;
+--- 321,327 ----
+  	return(ret);
+  }
+  
+! static int ebcdic_write(BIO *b, const char *in, int inl)
+  {
+  	EBCDIC_OUTBUFF *wbuf;
+  	int ret=0;
+***************
+*** 354,360 ****
+  	return(ret);
+  }
+  
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+  {
+  	long ret;
+  
+--- 354,360 ----
+  	return(ret);
+  }
+  
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+  {
+  	long ret;
+  
+***************
+*** 373,379 ****
+  
+  static int ebcdic_gets(BIO *bp, char *buf, int size)
+  {
+! 	int i, ret;
+  	if (bp->next_bio == NULL) return(0);
+  /*	return(BIO_gets(bp->next_bio,buf,size));*/
+  	for (i=0; i<size-1; ++i)
+--- 373,379 ----
+  
+  static int ebcdic_gets(BIO *bp, char *buf, int size)
+  {
+! 	int i, ret=0;
+  	if (bp->next_bio == NULL) return(0);
+  /*	return(BIO_gets(bp->next_bio,buf,size));*/
+  	for (i=0; i<size-1; ++i)
+***************
+*** 392,398 ****
+  	return (ret < 0 && i == 0) ? ret : i;
+  }
+  
+! static int ebcdic_puts(BIO *bp, char *str)
+  {
+  	if (bp->next_bio == NULL) return(0);
+  	return ebcdic_write(bp, str, strlen(str));
+--- 392,398 ----
+  	return (ret < 0 && i == 0) ? ret : i;
+  }
+  
+! static int ebcdic_puts(BIO *bp, const char *str)
+  {
+  	if (bp->next_bio == NULL) return(0);
+  	return ebcdic_write(bp, str, strlen(str));
+***************
+*** 741,747 ****
+  		BIO_free(bio_s_out);
+  		bio_s_out=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+--- 741,747 ----
+  		BIO_free(bio_s_out);
+  		bio_s_out=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+***************
+*** 1043,1049 ****
+  	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,bufsize);
+  		OPENSSL_free(buf);
+  		}
+  	if (ret >= 0)
+--- 1043,1049 ----
+  	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,bufsize);
+  		OPENSSL_free(buf);
+  		}
+  	if (ret >= 0)
+***************
+*** 1250,1256 ****
+  			else
+  				{
+  				BIO_printf(bio_s_out,"read R BLOCK\n");
+! #ifndef MSDOS
+  				sleep(1);
+  #endif
+  				continue;
+--- 1250,1256 ----
+  			else
+  				{
+  				BIO_printf(bio_s_out,"read R BLOCK\n");
+! #if !defined(MSDOS) && !defined(VXWORKS)
+  				sleep(1);
+  #endif
+  				continue;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_time.c ../RELENG_4_7/crypto/openssl/apps/s_time.c
+*** crypto/openssl/apps/s_time.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/s_time.c	Fri Feb 21 07:24:19 2003
+***************
+*** 116,121 ****
+--- 116,126 ----
+  #include <sys/param.h>
+  #endif
+  
++ #ifdef VXWORKS
++ #include <tickLib.h>
++ #undef SIGALRM
++ #endif
++ 
+  /* The following if from times(3) man page.  It may need to be changed
+  */
+  #ifndef HZ
+***************
+*** 461,467 ****
+  
+  	if (tm_cipher == NULL ) {
+  		fprintf( stderr, "No CIPHER specified\n" );
+! /*		EXIT(1); */
+  	}
+  
+  	if (!(perform & 1)) goto next;
+--- 466,472 ----
+  
+  	if (tm_cipher == NULL ) {
+  		fprintf( stderr, "No CIPHER specified\n" );
+! /*		OPENSSL_EXIT(1); */
+  	}
+  
+  	if (!(perform & 1)) goto next;
+***************
+*** 628,634 ****
+  		SSL_CTX_free(tm_ctx);
+  		tm_ctx=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  /***********************************************************************
+--- 633,639 ----
+  		SSL_CTX_free(tm_ctx);
+  		tm_ctx=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /***********************************************************************
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/sess_id.c ../RELENG_4_7/crypto/openssl/apps/sess_id.c
+*** crypto/openssl/apps/sess_id.c	Sun Nov 26 05:32:49 2000
+--- ../RELENG_4_7/crypto/openssl/apps/sess_id.c	Fri Feb 21 07:24:19 2003
+***************
+*** 272,278 ****
+  end:
+  	if (out != NULL) BIO_free_all(out);
+  	if (x != NULL) SSL_SESSION_free(x);
+! 	EXIT(ret);
+  	}
+  
+  static SSL_SESSION *load_sess_id(char *infile, int format)
+--- 272,278 ----
+  end:
+  	if (out != NULL) BIO_free_all(out);
+  	if (x != NULL) SSL_SESSION_free(x);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static SSL_SESSION *load_sess_id(char *infile, int format)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/speed.c ../RELENG_4_7/crypto/openssl/apps/speed.c
+*** crypto/openssl/apps/speed.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/speed.c	Fri Feb 21 07:24:19 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/apps/speed.c,v 1.3.2.4 2002/07/30 22:05:00 nectar Exp $
+   */
+  
+  /* most of this code has been pilfered from my libdes speed.c program */
+--- 54,59 ----
+***************
+*** 691,697 ****
+  			BIO_printf(bio_err,"\n");
+  #endif
+  
+! #ifdef TIMES
+  			BIO_printf(bio_err,"\n");
+  			BIO_printf(bio_err,"Available options:\n");
+  			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+--- 689,695 ----
+  			BIO_printf(bio_err,"\n");
+  #endif
+  
+! #if defined(TIMES) || defined(USE_TOD)
+  			BIO_printf(bio_err,"\n");
+  			BIO_printf(bio_err,"Available options:\n");
+  			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+***************
+*** 1414,1420 ****
+  		if (dsa_key[i] != NULL)
+  			DSA_free(dsa_key[i]);
+  #endif
+! 	EXIT(mret);
+  	}
+  
+  static void print_message(char *s, long num, int length)
+--- 1412,1418 ----
+  		if (dsa_key[i] != NULL)
+  			DSA_free(dsa_key[i]);
+  #endif
+! 	OPENSSL_EXIT(mret);
+  	}
+  
+  static void print_message(char *s, long num, int length)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/spkac.c ../RELENG_4_7/crypto/openssl/apps/spkac.c
+*** crypto/openssl/apps/spkac.c	Sun Nov 26 05:32:49 2000
+--- ../RELENG_4_7/crypto/openssl/apps/spkac.c	Fri Feb 21 07:24:19 2003
+***************
+*** 288,292 ****
+  	BIO_free(key);
+  	EVP_PKEY_free(pkey);
+  	if(passin) OPENSSL_free(passin);
+! 	EXIT(ret);
+  	}
+--- 288,292 ----
+  	BIO_free(key);
+  	EVP_PKEY_free(pkey);
+  	if(passin) OPENSSL_free(passin);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/verify.c ../RELENG_4_7/crypto/openssl/apps/verify.c
+*** crypto/openssl/apps/verify.c	Sun Nov 26 05:32:50 2000
+--- ../RELENG_4_7/crypto/openssl/apps/verify.c	Fri Feb 21 07:24:19 2003
+***************
+*** 213,219 ****
+  	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+  	sk_X509_pop_free(untrusted, X509_free);
+  	sk_X509_pop_free(trusted, X509_free);
+! 	EXIT(ret);
+  	}
+  
+  static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+--- 213,219 ----
+  	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+  	sk_X509_pop_free(untrusted, X509_free);
+  	sk_X509_pop_free(trusted, X509_free);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/version.c ../RELENG_4_7/crypto/openssl/apps/version.c
+*** crypto/openssl/apps/version.c	Sun Aug 20 03:45:59 2000
+--- ../RELENG_4_7/crypto/openssl/apps/version.c	Fri Feb 21 07:24:19 2003
+***************
+*** 128,132 ****
+  		}
+  	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+  end:
+! 	EXIT(ret);
+  	}
+--- 128,132 ----
+  		}
+  	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+  end:
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/x509.c ../RELENG_4_7/crypto/openssl/apps/x509.c
+*** crypto/openssl/apps/x509.c	Tue Jul 30 17:05:00 2002
+--- ../RELENG_4_7/crypto/openssl/apps/x509.c	Fri Feb 21 07:24:19 2003
+***************
+*** 121,127 ****
+  " -CAkey arg      - set the CA key, must be PEM format\n",
+  "                   missing, it is assumed to be in the CA file.\n",
+  " -CAcreateserial - create serial number file if it does not exist\n",
+! " -CAserial       - serial file\n",
+  " -text           - print the certificate in text form\n",
+  " -C              - print out C code forms\n",
+  " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+--- 121,127 ----
+  " -CAkey arg      - set the CA key, must be PEM format\n",
+  "                   missing, it is assumed to be in the CA file.\n",
+  " -CAcreateserial - create serial number file if it does not exist\n",
+! " -CAserial arg   - serial file\n",
+  " -text           - print the certificate in text form\n",
+  " -C              - print out C code forms\n",
+  " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+***************
+*** 447,453 ****
+  
+  	if (extfile)
+  		{
+! 		long errorline;
+  		X509V3_CTX ctx2;
+  		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+  			{
+--- 447,453 ----
+  
+  	if (extfile)
+  		{
+! 		long errorline = -1;
+  		X509V3_CTX ctx2;
+  		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+  			{
+***************
+*** 961,967 ****
+  	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+  	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+  	if (passin) OPENSSL_free(passin);
+! 	EXIT(ret);
+  	}
+  
+  static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+--- 961,967 ----
+  	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+  	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+  	if (passin) OPENSSL_free(passin);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/config ../RELENG_4_7/crypto/openssl/config
+*** crypto/openssl/config	Sun Aug 11 09:13:53 2002
+--- ../RELENG_4_7/crypto/openssl/config	Fri Feb 21 07:24:19 2003
+***************
+*** 317,322 ****
+--- 317,326 ----
+      *CRAY*)
+         echo "j90-cray-unicos"; exit 0;
+         ;;
++ 
++     NONSTOP_KERNEL*)
++        echo "nsr-tandem-nsk"; exit 0;
++        ;;
+  esac
+  
+  #
+***************
+*** 473,479 ****
+  	echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+  	echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	read waste < /dev/tty
+          CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+          CPU=${CPU:-0}
+          if [ $CPU -ge 5000 ]; then
+--- 477,484 ----
+  	echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+  	echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	# Do not stop if /dev/tty is unavailable
+! 	(read waste < /dev/tty) || true
+          CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+          CPU=${CPU:-0}
+          if [ $CPU -ge 5000 ]; then
+***************
+*** 528,534 ****
+  	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	#echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	#read waste < /dev/tty
+  	OUT="linux-sparcv9" ;;
+    sparc-*-linux2)
+  	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+--- 533,540 ----
+  	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	#echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	# Do not stop if /dev/tty is unavailable
+! 	#(read waste < /dev/tty) || true
+  	OUT="linux-sparcv9" ;;
+    sparc-*-linux2)
+  	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+***************
+*** 569,575 ****
+  		echo "WARNING! If you wish to build 64-bit library, then you have to"
+  		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+  		echo "         Type return if you want to continue, Ctrl-C to abort."
+! 		read waste < /dev/tty
+  	fi
+  	OUT="solaris-sparcv9-$CC" ;;
+    sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+--- 575,582 ----
+  		echo "WARNING! If you wish to build 64-bit library, then you have to"
+  		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+  		echo "         Type return if you want to continue, Ctrl-C to abort."
+! 		# Do not stop if /dev/tty is unavailable
+! 		(read waste < /dev/tty) || true
+  	fi
+  	OUT="solaris-sparcv9-$CC" ;;
+    sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+***************
+*** 630,635 ****
+--- 637,643 ----
+    *-*-cygwin) OUT="Cygwin" ;;
+    t3e-cray-unicosmk) OUT="cray-t3e" ;;
+    j90-cray-unicos) OUT="cray-j90" ;;
++   nsr-tandem-nsk) OUT="tandem-c89" ;;
+    *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+  esac
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/Makefile.ssl
+*** crypto/openssl/crypto/Makefile.ssl	Tue Jul 30 17:05:02 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/Makefile.ssl	Fri Feb 21 07:24:20 2003
+***************
+*** 34,41 ****
+  GENERAL=Makefile README crypto-lib.com install.com
+  
+  LIB= $(TOP)/libcrypto.a
+! LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+! LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+  
+  SRC= $(LIBSRC)
+  
+--- 34,41 ----
+  GENERAL=Makefile README crypto-lib.com install.com
+  
+  LIB= $(TOP)/libcrypto.a
+! LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+! LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+  
+  SRC= $(LIBSRC)
+  
+***************
+*** 129,135 ****
+  
+  depend:
+  	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+! 	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+  	@for i in $(SDIRS) ;\
+  	do \
+--- 129,135 ----
+  
+  depend:
+  	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+! 	$(MAKEDEPEND) -- $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+  	@for i in $(SDIRS) ;\
+  	do \
+***************
+*** 185,190 ****
+--- 185,193 ----
+  mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+  mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+  mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
++ mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
++ mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
++ mem_clr.o: ../include/openssl/symhacks.h
+  mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+  mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/asn1/Makefile.ssl
+*** crypto/openssl/crypto/asn1/Makefile.ssl	Tue Jul 30 17:05:03 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/asn1/Makefile.ssl	Fri Feb 21 07:24:20 2003
+***************
+*** 104,110 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 104,110 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_sign.c ../RELENG_4_7/crypto/openssl/crypto/asn1/a_sign.c
+*** crypto/openssl/crypto/asn1/a_sign.c	Tue Jul 30 17:05:03 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/asn1/a_sign.c	Fri Feb 21 07:24:20 2003
+***************
+*** 199,208 ****
+  	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+  	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+  err:
+! 	memset(&ctx,0,sizeof(ctx));
+  	if (buf_in != NULL)
+! 		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+  	if (buf_out != NULL)
+! 		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+  	return(outl);
+  	}
+--- 199,208 ----
+  	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+  	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+  err:
+! 	OPENSSL_cleanse(&ctx,sizeof(ctx));
+  	if (buf_in != NULL)
+! 		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+  	if (buf_out != NULL)
+! 		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+  	return(outl);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_strex.c ../RELENG_4_7/crypto/openssl/crypto/asn1/a_strex.c
+*** crypto/openssl/crypto/asn1/a_strex.c	Sun Nov 26 05:38:42 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/asn1/a_strex.c	Fri Feb 21 07:24:20 2003
+***************
+*** 519,525 ****
+  {
+  	ASN1_STRING stmp, *str = &stmp;
+  	int mbflag, type, ret;
+! 	if(!*out || !in) return -1;
+  	type = in->type;
+  	if((type < 0) || (type > 30)) return -1;
+  	mbflag = tag2nbyte[type];
+--- 519,525 ----
+  {
+  	ASN1_STRING stmp, *str = &stmp;
+  	int mbflag, type, ret;
+! 	if(!in) return -1;
+  	type = in->type;
+  	if((type < 0) || (type > 30)) return -1;
+  	mbflag = tag2nbyte[type];
+***************
+*** 528,533 ****
+  	stmp.data = NULL;
+  	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+  	if(ret < 0) return ret;
+! 	if(out) *out = stmp.data;
+  	return stmp.length;
+  }
+--- 528,533 ----
+  	stmp.data = NULL;
+  	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+  	if(ret < 0) return ret;
+! 	*out = stmp.data;
+  	return stmp.length;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_utctm.c ../RELENG_4_7/crypto/openssl/crypto/asn1/a_utctm.c
+*** crypto/openssl/crypto/asn1/a_utctm.c	Tue Jul 30 17:05:03 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/asn1/a_utctm.c	Fri Feb 21 07:24:20 2003
+***************
+*** 246,251 ****
+--- 246,253 ----
+  		ts=(struct tm *)localtime(&t);
+  		}
+  #endif
++ 	if (ts == NULL)
++ 		return(NULL);
+  	p=(char *)s->data;
+  	if ((p == NULL) || (s->length < 14))
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_verify.c ../RELENG_4_7/crypto/openssl/crypto/asn1/a_verify.c
+*** crypto/openssl/crypto/asn1/a_verify.c	Sun Nov 26 05:32:59 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/asn1/a_verify.c	Fri Feb 21 07:24:20 2003
+***************
+*** 100,106 ****
+  	EVP_VerifyInit(&ctx,type);
+  	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+  
+! 	memset(buf_in,0,(unsigned int)inl);
+  	OPENSSL_free(buf_in);
+  
+  	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+--- 100,106 ----
+  	EVP_VerifyInit(&ctx,type);
+  	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+  
+! 	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+  	OPENSSL_free(buf_in);
+  
+  	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/n_pkey.c ../RELENG_4_7/crypto/openssl/crypto/asn1/n_pkey.c
+*** crypto/openssl/crypto/asn1/n_pkey.c	Sun Nov 26 05:33:00 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/asn1/n_pkey.c	Fri Feb 21 07:24:20 2003
+***************
+*** 181,187 ****
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	memset(buf,0,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+--- 181,187 ----
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	OPENSSL_cleanse(buf,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+***************
+*** 292,298 ****
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	memset(buf,0,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+--- 292,298 ----
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	OPENSSL_cleanse(buf,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/p8_pkey.c ../RELENG_4_7/crypto/openssl/crypto/asn1/p8_pkey.c
+*** crypto/openssl/crypto/asn1/p8_pkey.c	Sun Nov 26 05:33:01 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/asn1/p8_pkey.c	Fri Feb 21 07:24:20 2003
+***************
+*** 119,126 ****
+  	X509_ALGOR_free(a->pkeyalg);
+  	/* Clear sensitive data */
+  	if (a->pkey->value.octet_string)
+! 		memset (a->pkey->value.octet_string->data,
+! 				 0, a->pkey->value.octet_string->length);
+  	ASN1_TYPE_free (a->pkey);
+  	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+  	OPENSSL_free (a);
+--- 119,126 ----
+  	X509_ALGOR_free(a->pkeyalg);
+  	/* Clear sensitive data */
+  	if (a->pkey->value.octet_string)
+! 		OPENSSL_cleanse(a->pkey->value.octet_string->data,
+! 				a->pkey->value.octet_string->length);
+  	ASN1_TYPE_free (a->pkey);
+  	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+  	OPENSSL_free (a);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/bf/Makefile.ssl
+*** crypto/openssl/crypto/bf/Makefile.ssl	Wed Jul  4 18:19:13 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/bf/Makefile.ssl	Fri Feb 21 07:24:20 2003
+***************
+*** 96,102 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 96,102 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/bftest.c ../RELENG_4_7/crypto/openssl/crypto/bf/bftest.c
+*** crypto/openssl/crypto/bf/bftest.c	Sun Nov 26 05:33:09 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/bf/bftest.c	Fri Feb 21 07:24:21 2003
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_BF
+  int main(int argc, char *argv[])
+  {
+***************
+*** 275,281 ****
+  	else
+  		ret=test();
+  
+! 	exit(ret);
+  	return(0);
+  	}
+  
+--- 277,283 ----
+  	else
+  		ret=test();
+  
+! 	EXIT(ret);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/bio/Makefile.ssl
+*** crypto/openssl/crypto/bio/Makefile.ssl	Tue Jul 30 17:05:08 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/bio/Makefile.ssl	Fri Feb 21 07:24:21 2003
+***************
+*** 78,84 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 78,84 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bio.h ../RELENG_4_7/crypto/openssl/crypto/bio/bio.h
+*** crypto/openssl/crypto/bio/bio.h	Tue Jul 30 17:05:08 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/bio/bio.h	Fri Feb 21 07:24:21 2003
+***************
+*** 241,247 ****
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_fat *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+--- 241,247 ----
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_far *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/bn/Makefile.ssl
+*** crypto/openssl/crypto/bn/Makefile.ssl	Tue Jul 30 17:05:09 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/bn/Makefile.ssl	Fri Feb 21 07:24:21 2003
+***************
+*** 159,165 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 159,165 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn.h ../RELENG_4_7/crypto/openssl/crypto/bn/bn.h
+*** crypto/openssl/crypto/bn/bn.h	Tue Jul 30 17:05:09 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/bn/bn.h	Fri Feb 21 07:24:21 2003
+***************
+*** 155,161 ****
+  #define BN_BYTES	4
+  #define BN_BITS2	32
+  #define BN_BITS4	16
+! #ifdef _MSC_VER
+  /* VC++ doesn't like the LL suffix */
+  #define BN_MASK		(0xffffffffffffffffL)
+  #else
+--- 155,161 ----
+  #define BN_BYTES	4
+  #define BN_BITS2	32
+  #define BN_BITS4	16
+! #if defined(_MSC_VER) || defined(__BORLANDC__)
+  /* VC++ doesn't like the LL suffix */
+  #define BN_MASK		(0xffffffffffffffffL)
+  #else
+***************
+*** 413,419 ****
+  			  BN_CTX *ctx);
+  int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+  void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+  BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+  
+  BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+--- 413,419 ----
+  			  BN_CTX *ctx);
+  int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+  void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
+  BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+  
+  BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_lib.c ../RELENG_4_7/crypto/openssl/crypto/bn/bn_lib.c
+*** crypto/openssl/crypto/bn/bn_lib.c	Wed Jul  4 18:19:14 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/bn/bn_lib.c	Fri Feb 21 07:24:21 2003
+***************
+*** 263,274 ****
+  	if (a == NULL) return;
+  	if (a->d != NULL)
+  		{
+! 		memset(a->d,0,a->dmax*sizeof(a->d[0]));
+  		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+  			OPENSSL_free(a->d);
+  		}
+  	i=BN_get_flags(a,BN_FLG_MALLOCED);
+! 	memset(a,0,sizeof(BIGNUM));
+  	if (i)
+  		OPENSSL_free(a);
+  	}
+--- 263,274 ----
+  	if (a == NULL) return;
+  	if (a->d != NULL)
+  		{
+! 		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
+  		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+  			OPENSSL_free(a->d);
+  		}
+  	i=BN_get_flags(a,BN_FLG_MALLOCED);
+! 	OPENSSL_cleanse(a,sizeof(BIGNUM));
+  	if (i)
+  		OPENSSL_free(a);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_rand.c ../RELENG_4_7/crypto/openssl/crypto/bn/bn_rand.c
+*** crypto/openssl/crypto/bn/bn_rand.c	Tue Jul 30 17:05:10 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/bn/bn_rand.c	Fri Feb 21 07:24:21 2003
+***************
+*** 201,207 ****
+  err:
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,bytes);
+  		OPENSSL_free(buf);
+  		}
+  	return(ret);
+--- 201,207 ----
+  err:
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,bytes);
+  		OPENSSL_free(buf);
+  		}
+  	return(ret);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_word.c ../RELENG_4_7/crypto/openssl/crypto/bn/bn_word.c
+*** crypto/openssl/crypto/bn/bn_word.c	Sun Nov 26 05:33:19 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/bn/bn_word.c	Fri Feb 21 07:24:21 2003
+***************
+*** 123,129 ****
+  	i=0;
+  	for (;;)
+  		{
+! 		l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+  		a->d[i]=l;
+  		if (w > l)
+  			w=1;
+--- 123,132 ----
+  	i=0;
+  	for (;;)
+  		{
+! 		if (i >= a->top)
+! 			l=w;
+! 		else
+! 			l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+  		a->d[i]=l;
+  		if (w > l)
+  			w=1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bntest.c ../RELENG_4_7/crypto/openssl/crypto/bn/bntest.c
+*** crypto/openssl/crypto/bn/bntest.c	Wed Jul  4 18:19:14 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/bn/bntest.c	Fri Feb 21 07:24:21 2003
+***************
+*** 139,148 ****
+  
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) exit(1);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) exit(1);
+  	if (outfile == NULL)
+  		{
+  		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+--- 139,148 ----
+  
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) EXIT(1);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) EXIT(1);
+  	if (outfile == NULL)
+  		{
+  		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+***************
+*** 152,158 ****
+  		if (!BIO_write_filename(out,outfile))
+  			{
+  			perror(outfile);
+! 			exit(1);
+  			}
+  		}
+  
+--- 152,158 ----
+  		if (!BIO_write_filename(out,outfile))
+  			{
+  			perror(outfile);
+! 			EXIT(1);
+  			}
+  		}
+  
+***************
+*** 228,241 ****
+  	BIO_free(out);
+  
+  /**/
+! 	exit(0);
+  err:
+  	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+  	                      * the failure, see test_bn in test/Makefile.ssl*/
+  	BIO_flush(out);
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	exit(1);
+  	return(1);
+  	}
+  
+--- 228,241 ----
+  	BIO_free(out);
+  
+  /**/
+! 	EXIT(0);
+  err:
+  	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+  	                      * the failure, see test_bn in test/Makefile.ssl*/
+  	BIO_flush(out);
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	EXIT(1);
+  	return(1);
+  	}
+  
+***************
+*** 746,752 ****
+  			while ((l=ERR_get_error()))
+  				fprintf(stderr,"ERROR:%s\n",
+  					ERR_error_string(l,NULL));
+! 			exit(1);
+  			}
+  		if (bp != NULL)
+  			{
+--- 746,752 ----
+  			while ((l=ERR_get_error()))
+  				fprintf(stderr,"ERROR:%s\n",
+  					ERR_error_string(l,NULL));
+! 			EXIT(1);
+  			}
+  		if (bp != NULL)
+  			{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/exptest.c ../RELENG_4_7/crypto/openssl/crypto/bn/exptest.c
+*** crypto/openssl/crypto/bn/exptest.c	Sun Aug 20 03:46:16 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/bn/exptest.c	Fri Feb 21 07:24:21 2003
+***************
+*** 59,64 ****
+--- 59,67 ----
+  #include <stdio.h>
+  #include <stdlib.h>
+  #include <string.h>
++ 
++ #include "../e_os.h"
++ 
+  #include <openssl/bio.h>
+  #include <openssl/bn.h>
+  #include <openssl/rand.h>
+***************
+*** 86,92 ****
+  	ERR_load_BN_strings();
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) exit(1);
+  	r_mont=BN_new();
+  	r_recp=BN_new();
+  	r_simple=BN_new();
+--- 89,95 ----
+  	ERR_load_BN_strings();
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) EXIT(1);
+  	r_mont=BN_new();
+  	r_recp=BN_new();
+  	r_simple=BN_new();
+***************
+*** 99,105 ****
+  
+  	out=BIO_new(BIO_s_file());
+  
+! 	if (out == NULL) exit(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	for (i=0; i<200; i++)
+--- 102,108 ----
+  
+  	out=BIO_new(BIO_s_file());
+  
+! 	if (out == NULL) EXIT(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	for (i=0; i<200; i++)
+***************
+*** 124,130 ****
+  			{
+  			printf("BN_mod_exp_mont() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+--- 127,133 ----
+  			{
+  			printf("BN_mod_exp_mont() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+***************
+*** 132,138 ****
+  			{
+  			printf("BN_mod_exp_recp() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+--- 135,141 ----
+  			{
+  			printf("BN_mod_exp_recp() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+***************
+*** 140,146 ****
+  			{
+  			printf("BN_mod_exp_simple() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		if (BN_cmp(r_simple, r_mont) == 0
+--- 143,149 ----
+  			{
+  			printf("BN_mod_exp_simple() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		if (BN_cmp(r_simple, r_mont) == 0
+***************
+*** 163,169 ****
+  			printf("\nrecp     =");	BN_print(out,r_recp);
+  			printf("\nmont     ="); BN_print(out,r_mont);
+  			printf("\n");
+! 			exit(1);
+  			}
+  		}
+  	BN_free(r_mont);
+--- 166,172 ----
+  			printf("\nrecp     =");	BN_print(out,r_recp);
+  			printf("\nmont     ="); BN_print(out,r_mont);
+  			printf("\n");
+! 			EXIT(1);
+  			}
+  		}
+  	BN_free(r_mont);
+***************
+*** 177,187 ****
+  	CRYPTO_mem_leaks(out);
+  	BIO_free(out);
+  	printf(" done\n");
+! 	exit(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors(out);
+! 	exit(1);
+  	return(1);
+  	}
+  
+--- 180,190 ----
+  	CRYPTO_mem_leaks(out);
+  	BIO_free(out);
+  	printf(" done\n");
+! 	EXIT(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors(out);
+! 	EXIT(1);
+  	return(1);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/buffer/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/buffer/Makefile.ssl
+*** crypto/openssl/crypto/buffer/Makefile.ssl	Wed Jul  4 18:19:16 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/buffer/Makefile.ssl	Fri Feb 21 07:24:21 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/cast/Makefile.ssl
+*** crypto/openssl/crypto/cast/Makefile.ssl	Wed Jul  4 18:19:16 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/cast/Makefile.ssl	Fri Feb 21 07:24:21 2003
+***************
+*** 97,103 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 97,103 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/casttest.c ../RELENG_4_7/crypto/openssl/crypto/cast/casttest.c
+*** crypto/openssl/crypto/cast/casttest.c	Sun Aug 20 03:46:18 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/cast/casttest.c	Fri Feb 21 07:24:21 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_CAST
+  int main(int argc, char *argv[])
+  {
+***************
+*** 224,230 ****
+        }
+  #endif
+  
+!     exit(err);
+      return(err);
+      }
+  #endif
+--- 226,232 ----
+        }
+  #endif
+  
+!     EXIT(err);
+      return(err);
+      }
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/comp/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/comp/Makefile.ssl
+*** crypto/openssl/crypto/comp/Makefile.ssl	Tue Jul 30 17:05:18 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/comp/Makefile.ssl	Fri Feb 21 07:24:21 2003
+***************
+*** 71,77 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 71,77 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/conf/Makefile.ssl
+*** crypto/openssl/crypto/conf/Makefile.ssl	Tue Jul 30 17:05:19 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/conf/Makefile.ssl	Fri Feb 21 07:24:21 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_def.c ../RELENG_4_7/crypto/openssl/crypto/conf/conf_def.c
+*** crypto/openssl/crypto/conf/conf_def.c	Tue Jul 30 17:05:19 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/conf/conf_def.c	Fri Feb 21 07:24:21 2003
+***************
+*** 224,232 ****
+  	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+  
+  	bufnum=0;
+  	for (;;)
+  		{
+- 		again=0;
+  		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+  			{
+  			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+--- 224,232 ----
+  	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+  
+  	bufnum=0;
++ 	again=0;
+  	for (;;)
+  		{
+  		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+  			{
+  			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+***************
+*** 237,243 ****
+  		BIO_gets(in, p, BUFSIZE-1);
+  		p[BUFSIZE-1]='\0';
+  		ii=i=strlen(p);
+! 		if (i == 0) break;
+  		while (i > 0)
+  			{
+  			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+--- 237,244 ----
+  		BIO_gets(in, p, BUFSIZE-1);
+  		p[BUFSIZE-1]='\0';
+  		ii=i=strlen(p);
+! 		if (i == 0 && !again) break;
+! 		again=0;
+  		while (i > 0)
+  			{
+  			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+***************
+*** 247,253 ****
+  			}
+  		/* we removed some trailing stuff so there is a new
+  		 * line on the end. */
+! 		if (i == ii)
+  			again=1; /* long line */
+  		else
+  			{
+--- 248,254 ----
+  			}
+  		/* we removed some trailing stuff so there is a new
+  		 * line on the end. */
+! 		if (ii && i == ii)
+  			again=1; /* long line */
+  		else
+  			{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cryptlib.c ../RELENG_4_7/crypto/openssl/crypto/cryptlib.c
+*** crypto/openssl/crypto/cryptlib.c	Sun Aug 11 09:13:58 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/cryptlib.c	Fri Feb 21 07:24:20 2003
+***************
+*** 58,63 ****
+--- 58,64 ----
+  
+  #include <stdio.h>
+  #include <string.h>
++ #include <assert.h>
+  #include "cryptlib.h"
+  #include <openssl/crypto.h>
+  #include <openssl/safestack.h>
+***************
+*** 89,94 ****
+--- 90,96 ----
+  	"ssl_session",
+  	"ssl_sess_cert",
+  	"ssl",
++ 	/* "ssl_method", */
+  	"rand",
+  	"rand2",
+  	"debug_malloc",
+***************
+*** 204,213 ****
+  	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+  	/* If there was none, push, thereby creating a new one */
+  	if (i == -1)
+! 		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
+  	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+  
+! 	if (!i)
+  		{
+  		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+  		OPENSSL_free(pointer);
+--- 206,223 ----
+  	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+  	/* If there was none, push, thereby creating a new one */
+  	if (i == -1)
+! 		/* Since sk_push() returns the number of items on the
+! 		   stack, not the location of the pushed item, we need
+! 		   to transform the returned number into a position,
+! 		   by decreasing it.  */
+! 		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+! 	else
+! 		/* If we found a place with a NULL pointer, put our pointer
+! 		   in it.  */
+! 		sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
+  	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+  
+! 	if (i == -1)
+  		{
+  		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+  		OPENSSL_free(pointer);
+***************
+*** 399,414 ****
+  #endif
+  	if (type < 0)
+  		{
+! 		int i = -type - 1;
+! 		struct CRYPTO_dynlock_value *pointer
+! 			= CRYPTO_get_dynlock_value(i);
+! 
+! 		if (pointer && dynlock_lock_callback)
+  			{
+  			dynlock_lock_callback(mode, pointer, file, line);
+- 			}
+  
+! 		CRYPTO_destroy_dynlockid(i);
+  		}
+  	else
+  		if (locking_callback != NULL)
+--- 409,425 ----
+  #endif
+  	if (type < 0)
+  		{
+! 		if (dynlock_lock_callback != NULL)
+  			{
++ 			struct CRYPTO_dynlock_value *pointer
++ 				= CRYPTO_get_dynlock_value(type);
++ 
++ 			assert(pointer != NULL);
++ 
+  			dynlock_lock_callback(mode, pointer, file, line);
+  
+! 			CRYPTO_destroy_dynlockid(type);
+! 			}
+  		}
+  	else
+  		if (locking_callback != NULL)
+***************
+*** 459,465 ****
+  		return("dynamic");
+  	else if (type < CRYPTO_NUM_LOCKS)
+  		return(lock_names[type]);
+! 	else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
+  		return("ERROR");
+  	else
+  		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+--- 470,476 ----
+  		return("dynamic");
+  	else if (type < CRYPTO_NUM_LOCKS)
+  		return(lock_names[type]);
+! 	else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
+  		return("ERROR");
+  	else
+  		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/crypto.h ../RELENG_4_7/crypto/openssl/crypto/crypto.h
+*** crypto/openssl/crypto/crypto.h	Tue Jul 30 17:05:02 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/crypto.h	Fri Feb 21 07:24:20 2003
+***************
+*** 95,129 ****
+   * names in cryptlib.c
+   */
+  
+! #define	CRYPTO_LOCK_ERR			1
+! #define	CRYPTO_LOCK_ERR_HASH		2
+! #define	CRYPTO_LOCK_X509		3
+! #define	CRYPTO_LOCK_X509_INFO		4
+! #define	CRYPTO_LOCK_X509_PKEY		5
+  #define CRYPTO_LOCK_X509_CRL		6
+  #define CRYPTO_LOCK_X509_REQ		7
+  #define CRYPTO_LOCK_DSA			8
+  #define CRYPTO_LOCK_RSA			9
+  #define CRYPTO_LOCK_EVP_PKEY		10
+! #define	CRYPTO_LOCK_X509_STORE		11
+! #define	CRYPTO_LOCK_SSL_CTX		12
+! #define	CRYPTO_LOCK_SSL_CERT		13
+! #define	CRYPTO_LOCK_SSL_SESSION		14
+! #define	CRYPTO_LOCK_SSL_SESS_CERT	15
+! #define	CRYPTO_LOCK_SSL			16
+! #define	CRYPTO_LOCK_RAND		17
+! #define	CRYPTO_LOCK_RAND2		18
+! #define	CRYPTO_LOCK_MALLOC		19
+! #define	CRYPTO_LOCK_BIO			20
+! #define	CRYPTO_LOCK_GETHOSTBYNAME	21
+! #define	CRYPTO_LOCK_GETSERVBYNAME	22
+! #define	CRYPTO_LOCK_READDIR		23
+! #define	CRYPTO_LOCK_RSA_BLINDING	24
+! #define	CRYPTO_LOCK_DH			25
+! #define	CRYPTO_LOCK_MALLOC2		26
+! #define	CRYPTO_LOCK_DSO			27
+! #define	CRYPTO_LOCK_DYNLOCK		28
+! #define	CRYPTO_NUM_LOCKS		29
+  
+  #define CRYPTO_LOCK		1
+  #define CRYPTO_UNLOCK		2
+--- 95,132 ----
+   * names in cryptlib.c
+   */
+  
+! #define CRYPTO_LOCK_ERR			1
+! #define CRYPTO_LOCK_ERR_HASH		2
+! #define CRYPTO_LOCK_X509		3
+! #define CRYPTO_LOCK_X509_INFO		4
+! #define CRYPTO_LOCK_X509_PKEY		5
+  #define CRYPTO_LOCK_X509_CRL		6
+  #define CRYPTO_LOCK_X509_REQ		7
+  #define CRYPTO_LOCK_DSA			8
+  #define CRYPTO_LOCK_RSA			9
+  #define CRYPTO_LOCK_EVP_PKEY		10
+! #define CRYPTO_LOCK_X509_STORE		11
+! #define CRYPTO_LOCK_SSL_CTX		12
+! #define CRYPTO_LOCK_SSL_CERT		13
+! #define CRYPTO_LOCK_SSL_SESSION		14
+! #define CRYPTO_LOCK_SSL_SESS_CERT	15
+! #define CRYPTO_LOCK_SSL			16
+! /* for binary compatibility between 0.9.6 minor versions,
+!  * reuse an existing lock (later version use a new one): */
+! # define CRYPTO_LOCK_SSL_METHOD		CRYPTO_LOCK_SSL_CTX
+! #define CRYPTO_LOCK_RAND		17
+! #define CRYPTO_LOCK_RAND2		18
+! #define CRYPTO_LOCK_MALLOC		19
+! #define CRYPTO_LOCK_BIO			20
+! #define CRYPTO_LOCK_GETHOSTBYNAME	21
+! #define CRYPTO_LOCK_GETSERVBYNAME	22
+! #define CRYPTO_LOCK_READDIR		23
+! #define CRYPTO_LOCK_RSA_BLINDING	24
+! #define CRYPTO_LOCK_DH			25
+! #define CRYPTO_LOCK_MALLOC2		26
+! #define CRYPTO_LOCK_DSO			27
+! #define CRYPTO_LOCK_DYNLOCK		28
+! #define CRYPTO_NUM_LOCKS		29
+  
+  #define CRYPTO_LOCK		1
+  #define CRYPTO_UNLOCK		2
+***************
+*** 145,151 ****
+  #endif
+  #else
+  #define CRYPTO_w_lock(a)
+! #define	CRYPTO_w_unlock(a)
+  #define CRYPTO_r_lock(a)
+  #define CRYPTO_r_unlock(a)
+  #define CRYPTO_add(a,b,c)	((*(a))+=(b))
+--- 148,154 ----
+  #endif
+  #else
+  #define CRYPTO_w_lock(a)
+! #define CRYPTO_w_unlock(a)
+  #define CRYPTO_r_lock(a)
+  #define CRYPTO_r_unlock(a)
+  #define CRYPTO_add(a,b,c)	((*(a))+=(b))
+***************
+*** 341,346 ****
+--- 344,351 ----
+  void CRYPTO_free(void *);
+  void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
+  void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
++ 
++ void OPENSSL_cleanse(void *ptr, size_t len);
+  
+  void CRYPTO_set_mem_debug_options(long bits);
+  long CRYPTO_get_mem_debug_options(void);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/des/Makefile.ssl
+*** crypto/openssl/crypto/des/Makefile.ssl	Wed Jul  4 18:19:18 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/des/Makefile.ssl	Fri Feb 21 07:24:21 2003
+***************
+*** 130,136 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 130,136 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 192,199 ****
+  qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+  rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+! read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+! read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
+  read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+--- 192,202 ----
+  qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+  rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+! read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+! read2pwd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+! read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! read2pwd.o: des_locl.h
+  read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+***************
+*** 206,212 ****
+  rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+  set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  set_key.o: ../../include/openssl/opensslconf.h des_locl.h
+! str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+! str2key.o: ../../include/openssl/opensslconf.h des_locl.h
+  xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+--- 209,218 ----
+  rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+  set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  set_key.o: ../../include/openssl/opensslconf.h des_locl.h
+! str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+! str2key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+! str2key.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! str2key.o: des_locl.h
+  xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des.c ../RELENG_4_7/crypto/openssl/crypto/des/des.c
+*** crypto/openssl/crypto/des/des.c	Sun Nov 26 05:33:25 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/des/des.c	Fri Feb 21 07:24:21 2003
+***************
+*** 86,91 ****
+--- 86,92 ----
+  #endif
+  #include <sys/stat.h>
+  #endif
++ #include <openssl/crypto.h>
+  #include <openssl/des.h>
+  #include <openssl/rand.h>
+  
+***************
+*** 423,429 ****
+  				k2[i-8]=k;
+  			}
+  		des_set_key_unchecked(&k2,ks2);
+! 		memset(k2,0,sizeof(k2));
+  		}
+  	else if (longk || flag3)
+  		{
+--- 424,430 ----
+  				k2[i-8]=k;
+  			}
+  		des_set_key_unchecked(&k2,ks2);
+! 		OPENSSL_cleanse(k2,sizeof(k2));
+  		}
+  	else if (longk || flag3)
+  		{
+***************
+*** 431,437 ****
+  			{
+  			des_string_to_2keys(key,&kk,&k2);
+  			des_set_key_unchecked(&k2,ks2);
+! 			memset(k2,0,sizeof(k2));
+  			}
+  		else
+  			des_string_to_key(key,&kk);
+--- 432,438 ----
+  			{
+  			des_string_to_2keys(key,&kk,&k2);
+  			des_set_key_unchecked(&k2,ks2);
+! 			OPENSSL_cleanse(k2,sizeof(k2));
+  			}
+  		else
+  			des_string_to_key(key,&kk);
+***************
+*** 453,460 ****
+  			}
+  
+  	des_set_key_unchecked(&kk,ks);
+! 	memset(key,0,sizeof(key));
+! 	memset(kk,0,sizeof(kk));
+  	/* woops - A bug that does not showup under unix :-( */
+  	memset(iv,0,sizeof(iv));
+  	memset(iv2,0,sizeof(iv2));
+--- 454,461 ----
+  			}
+  
+  	des_set_key_unchecked(&kk,ks);
+! 	OPENSSL_cleanse(key,sizeof(key));
+! 	OPENSSL_cleanse(kk,sizeof(kk));
+  	/* woops - A bug that does not showup under unix :-( */
+  	memset(iv,0,sizeof(iv));
+  	memset(iv2,0,sizeof(iv2));
+***************
+*** 662,679 ****
+  		if (l) fclose(CKSUM_OUT);
+  		}
+  problems:
+! 	memset(buf,0,sizeof(buf));
+! 	memset(obuf,0,sizeof(obuf));
+! 	memset(ks,0,sizeof(ks));
+! 	memset(ks2,0,sizeof(ks2));
+! 	memset(iv,0,sizeof(iv));
+! 	memset(iv2,0,sizeof(iv2));
+! 	memset(kk,0,sizeof(kk));
+! 	memset(k2,0,sizeof(k2));
+! 	memset(uubuf,0,sizeof(uubuf));
+! 	memset(b,0,sizeof(b));
+! 	memset(bb,0,sizeof(bb));
+! 	memset(cksum,0,sizeof(cksum));
+  	if (Exit) EXIT(Exit);
+  	}
+  
+--- 663,680 ----
+  		if (l) fclose(CKSUM_OUT);
+  		}
+  problems:
+! 	OPENSSL_cleanse(buf,sizeof(buf));
+! 	OPENSSL_cleanse(obuf,sizeof(obuf));
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+! 	OPENSSL_cleanse(ks2,sizeof(ks2));
+! 	OPENSSL_cleanse(iv,sizeof(iv));
+! 	OPENSSL_cleanse(iv2,sizeof(iv2));
+! 	OPENSSL_cleanse(kk,sizeof(kk));
+! 	OPENSSL_cleanse(k2,sizeof(k2));
+! 	OPENSSL_cleanse(uubuf,sizeof(uubuf));
+! 	OPENSSL_cleanse(b,sizeof(b));
+! 	OPENSSL_cleanse(bb,sizeof(bb));
+! 	OPENSSL_cleanse(cksum,sizeof(cksum));
+  	if (Exit) EXIT(Exit);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read2pwd.c ../RELENG_4_7/crypto/openssl/crypto/des/read2pwd.c
+*** crypto/openssl/crypto/des/read2pwd.c	Mon Jan 10 00:21:37 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/des/read2pwd.c	Fri Feb 21 07:24:21 2003
+***************
+*** 57,62 ****
+--- 57,63 ----
+   */
+  
+  #include "des_locl.h"
++ #include <openssl/crypto.h>
+  
+  int des_read_password(des_cblock *key, const char *prompt, int verify)
+  	{
+***************
+*** 65,72 ****
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_key(buf,key);
+! 	memset(buf,0,BUFSIZ);
+! 	memset(buff,0,BUFSIZ);
+  	return(ok);
+  	}
+  
+--- 66,73 ----
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_key(buf,key);
+! 	OPENSSL_cleanse(buf,BUFSIZ);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ok);
+  	}
+  
+***************
+*** 78,84 ****
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_2keys(buf,key1,key2);
+! 	memset(buf,0,BUFSIZ);
+! 	memset(buff,0,BUFSIZ);
+  	return(ok);
+  	}
+--- 79,85 ----
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_2keys(buf,key1,key2);
+! 	OPENSSL_cleanse(buf,BUFSIZ);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ok);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read_pwd.c ../RELENG_4_7/crypto/openssl/crypto/des/read_pwd.c
+*** crypto/openssl/crypto/des/read_pwd.c	Tue Jul 30 17:05:20 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/des/read_pwd.c	Fri Feb 21 07:24:21 2003
+***************
+*** 218,224 ****
+  	int ret;
+  
+  	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+! 	memset(buff,0,BUFSIZ);
+  	return(ret);
+  	}
+  
+--- 218,224 ----
+  	int ret;
+  
+  	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/str2key.c ../RELENG_4_7/crypto/openssl/crypto/des/str2key.c
+*** crypto/openssl/crypto/des/str2key.c	Sun Aug 20 03:46:20 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/des/str2key.c	Fri Feb 21 07:24:21 2003
+***************
+*** 56,61 ****
+--- 56,62 ----
+   * [including the GNU Public Licence.]
+   */
+  
++ #include <openssl/crypto.h>
+  #include "des_locl.h"
+  
+  void des_string_to_key(const char *str, des_cblock *key)
+***************
+*** 88,94 ****
+  	des_set_odd_parity(key);
+  	des_set_key_unchecked(key,ks);
+  	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
+! 	memset(ks,0,sizeof(ks));
+  	des_set_odd_parity(key);
+  	}
+  
+--- 89,95 ----
+  	des_set_odd_parity(key);
+  	des_set_key_unchecked(key,ks);
+  	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+  	des_set_odd_parity(key);
+  	}
+  
+***************
+*** 149,155 ****
+  	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
+  	des_set_key_unchecked(key2,ks);
+  	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
+! 	memset(ks,0,sizeof(ks));
+  	des_set_odd_parity(key1);
+  	des_set_odd_parity(key2);
+  	}
+--- 150,156 ----
+  	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
+  	des_set_key_unchecked(key2,ks);
+  	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+  	des_set_odd_parity(key1);
+  	des_set_odd_parity(key2);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/dh/Makefile.ssl
+*** crypto/openssl/crypto/dh/Makefile.ssl	Wed Jul  4 18:19:21 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/dh/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dhtest.c ../RELENG_4_7/crypto/openssl/crypto/dh/dhtest.c
+*** crypto/openssl/crypto/dh/dhtest.c	Tue Jul 30 17:05:23 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/dh/dhtest.c	Fri Feb 21 07:24:22 2003
+***************
+*** 59,64 ****
+--- 59,67 ----
+  #include <stdio.h>
+  #include <stdlib.h>
+  #include <string.h>
++ 
++ #include "../e_os.h"
++ 
+  #ifdef WINDOWS
+  #include "../bio/bss_file.c" 
+  #endif
+***************
+*** 107,113 ****
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) exit(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+--- 110,116 ----
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) EXIT(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+***************
+*** 188,194 ****
+  	if(b != NULL) DH_free(b);
+  	if(a != NULL) DH_free(a);
+  	BIO_free(out);
+! 	exit(ret);
+  	return(ret);
+  	}
+  
+--- 191,197 ----
+  	if(b != NULL) DH_free(b);
+  	if(a != NULL) DH_free(a);
+  	BIO_free(out);
+! 	EXIT(ret);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/dsa/Makefile.ssl
+*** crypto/openssl/crypto/dsa/Makefile.ssl	Wed Jul  4 18:19:22 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/dsa/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsatest.c ../RELENG_4_7/crypto/openssl/crypto/dsa/dsatest.c
+*** crypto/openssl/crypto/dsa/dsatest.c	Sun Aug 20 03:46:22 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/dsa/dsatest.c	Fri Feb 21 07:24:22 2003
+***************
+*** 61,66 ****
+--- 61,69 ----
+  #include <string.h>
+  #include <sys/types.h>
+  #include <sys/stat.h>
++ 
++ #include "../e_os.h"
++ 
+  #include <openssl/crypto.h>
+  #include <openssl/rand.h>
+  #include <openssl/bio.h>
+***************
+*** 207,216 ****
+  		BIO_free(bio_err);
+  		bio_err = NULL;
+  		}
+! 	exit(!ret);
+  	return(0);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+  	{
+  	char c='*';
+--- 210,225 ----
+  		BIO_free(bio_err);
+  		bio_err = NULL;
+  		}
+! 	EXIT(!ret);
+  	return(0);
+  	}
+  
++ static int cb_exit(int ec)
++ 	{
++ 	EXIT(ec);
++ 	return(0);		/* To keep some compilers quiet */
++ 	}
++ 
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+  	{
+  	char c='*';
+***************
+*** 226,232 ****
+  	if (!ok && (p == 0) && (num > 1))
+  		{
+  		BIO_printf((BIO *)arg,"error in dsatest\n");
+! 		exit(1);
+  		}
+  	}
+  #endif
+--- 235,241 ----
+  	if (!ok && (p == 0) && (num > 1))
+  		{
+  		BIO_printf((BIO *)arg,"error in dsatest\n");
+! 		cb_exit(1);
+  		}
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dso/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/dso/Makefile.ssl
+*** crypto/openssl/crypto/dso/Makefile.ssl	Wed Jul  4 18:19:23 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/dso/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/err/Makefile.ssl
+*** crypto/openssl/crypto/err/Makefile.ssl	Tue Jul 30 17:05:25 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/err/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/evp/Makefile.ssl
+*** crypto/openssl/crypto/evp/Makefile.ssl	Wed Jul  4 18:19:24 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 87,93 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 87,93 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_enc.c ../RELENG_4_7/crypto/openssl/crypto/evp/bio_enc.c
+*** crypto/openssl/crypto/evp/bio_enc.c	Tue Jul 30 17:05:26 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/bio_enc.c	Fri Feb 21 07:24:22 2003
+***************
+*** 128,134 ****
+  	if (a == NULL) return(0);
+  	b=(BIO_ENC_CTX *)a->ptr;
+  	EVP_CIPHER_CTX_cleanup(&(b->cipher));
+! 	memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 128,134 ----
+  	if (a == NULL) return(0);
+  	b=(BIO_ENC_CTX *)a->ptr;
+  	EVP_CIPHER_CTX_cleanup(&(b->cipher));
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_ok.c ../RELENG_4_7/crypto/openssl/crypto/evp/bio_ok.c
+*** crypto/openssl/crypto/evp/bio_ok.c	Sun Nov 26 05:33:32 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/bio_ok.c	Fri Feb 21 07:24:22 2003
+***************
+*** 208,214 ****
+  static int ok_free(BIO *a)
+  	{
+  	if (a == NULL) return(0);
+! 	memset(a->ptr,0,sizeof(BIO_OK_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 208,214 ----
+  static int ok_free(BIO *a)
+  	{
+  	if (a == NULL) return(0);
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/c_allc.c ../RELENG_4_7/crypto/openssl/crypto/evp/c_allc.c
+*** crypto/openssl/crypto/evp/c_allc.c	Tue Jul 30 17:05:26 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/c_allc.c	Fri Feb 21 07:24:22 2003
+***************
+*** 64,73 ****
+  
+  void OpenSSL_add_all_ciphers(void)
+  	{
+- 	static int done=0;
+- 
+- 	if (done) return;
+- 	done=1;
+  #ifndef NO_DES
+  	EVP_add_cipher(EVP_des_cfb());
+  	EVP_add_cipher(EVP_des_ede_cfb());
+--- 64,69 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/c_alld.c ../RELENG_4_7/crypto/openssl/crypto/evp/c_alld.c
+*** crypto/openssl/crypto/evp/c_alld.c	Tue Jul 30 17:05:26 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/c_alld.c	Fri Feb 21 07:24:22 2003
+***************
+*** 64,73 ****
+  
+  void OpenSSL_add_all_digests(void)
+  	{
+- 	static int done=0;
+- 
+- 	if (done) return;
+- 	done=1;
+  #ifndef NO_MD2
+  	EVP_add_digest(EVP_md2());
+  #endif
+--- 64,69 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_idea.c ../RELENG_4_7/crypto/openssl/crypto/evp/e_idea.c
+*** crypto/openssl/crypto/evp/e_idea.c	Sun Nov 26 05:38:44 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/e_idea.c	Fri Feb 21 07:24:22 2003
+***************
+*** 103,109 ****
+  
+  		idea_set_encrypt_key(key,&tmp);
+  		idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+! 		memset((unsigned char *)&tmp,0,
+  				sizeof(IDEA_KEY_SCHEDULE));
+  		}
+  	return 1;
+--- 103,109 ----
+  
+  		idea_set_encrypt_key(key,&tmp);
+  		idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+! 		OPENSSL_cleanse((unsigned char *)&tmp,
+  				sizeof(IDEA_KEY_SCHEDULE));
+  		}
+  	return 1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp.h ../RELENG_4_7/crypto/openssl/crypto/evp/evp.h
+*** crypto/openssl/crypto/evp/evp.h	Tue Jul 30 17:05:27 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/evp.h	Fri Feb 21 07:24:22 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/crypto/evp/evp.h,v 1.2.2.4 2002/07/30 22:05:27 nectar Exp $
+   */
+  
+  #ifndef HEADER_ENVELOPE_H
+--- 54,59 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_key.c ../RELENG_4_7/crypto/openssl/crypto/evp/evp_key.c
+*** crypto/openssl/crypto/evp/evp_key.c	Tue Jul 30 17:05:27 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/evp_key.c	Fri Feb 21 07:24:22 2003
+***************
+*** 152,159 ****
+  			}
+  		if ((nkey == 0) && (niv == 0)) break;
+  		}
+! 	memset(&c,0,sizeof(c));
+! 	memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+  	return(type->key_len);
+  	}
+  
+--- 152,159 ----
+  			}
+  		if ((nkey == 0) && (niv == 0)) break;
+  		}
+! 	OPENSSL_cleanse(&c,sizeof(c));
+! 	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
+  	return(type->key_len);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt.c ../RELENG_4_7/crypto/openssl/crypto/evp/p5_crpt.c
+*** crypto/openssl/crypto/evp/p5_crpt.c	Sun Nov 26 05:33:32 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/p5_crpt.c	Fri Feb 21 07:24:22 2003
+***************
+*** 142,149 ****
+  	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+  						 EVP_CIPHER_iv_length(cipher));
+  	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+! 	memset(md_tmp, 0, EVP_MAX_MD_SIZE);
+! 	memset(key, 0, EVP_MAX_KEY_LENGTH);
+! 	memset(iv, 0, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+--- 142,149 ----
+  	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+  						 EVP_CIPHER_iv_length(cipher));
+  	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+! 	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+! 	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+! 	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt2.c ../RELENG_4_7/crypto/openssl/crypto/evp/p5_crpt2.c
+*** crypto/openssl/crypto/evp/p5_crpt2.c	Sun Nov 26 05:33:32 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/p5_crpt2.c	Fri Feb 21 07:24:22 2003
+***************
+*** 228,234 ****
+  	iter = ASN1_INTEGER_get(kdf->iter);
+  	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+  	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+! 	memset(key, 0, keylen);
+  	PBKDF2PARAM_free(kdf);
+  	return 1;
+  
+--- 228,234 ----
+  	iter = ASN1_INTEGER_get(kdf->iter);
+  	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+  	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+! 	OPENSSL_cleanse(key, keylen);
+  	PBKDF2PARAM_free(kdf);
+  	return 1;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p_open.c ../RELENG_4_7/crypto/openssl/crypto/evp/p_open.c
+*** crypto/openssl/crypto/evp/p_open.c	Sun Nov 26 05:33:32 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/evp/p_open.c	Fri Feb 21 07:24:22 2003
+***************
+*** 101,107 ****
+  
+  	ret=1;
+  err:
+! 	if (key != NULL) memset(key,0,size);
+  	OPENSSL_free(key);
+  	return(ret);
+  	}
+--- 101,107 ----
+  
+  	ret=1;
+  err:
+! 	if (key != NULL) OPENSSL_cleanse(key,size);
+  	OPENSSL_free(key);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/hmac/Makefile.ssl
+*** crypto/openssl/crypto/hmac/Makefile.ssl	Wed Jul  4 18:19:26 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/hmac/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/hmactest.c ../RELENG_4_7/crypto/openssl/crypto/hmac/hmactest.c
+*** crypto/openssl/crypto/hmac/hmactest.c	Sun Aug 20 03:46:25 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/hmac/hmactest.c	Fri Feb 21 07:24:22 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_HMAC
+  int main(int argc, char *argv[])
+  {
+***************
+*** 143,149 ****
+  		else
+  			printf("test %d ok\n",i);
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 145,151 ----
+  		else
+  			printf("test %d ok\n",i);
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/idea/Makefile.ssl
+*** crypto/openssl/crypto/idea/Makefile.ssl	Tue Jul 30 17:05:30 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/idea/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/ideatest.c ../RELENG_4_7/crypto/openssl/crypto/idea/ideatest.c
+*** crypto/openssl/crypto/idea/ideatest.c	Tue Jul 30 17:05:31 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/idea/ideatest.c	Fri Feb 21 07:24:22 2003
+***************
+*** 61,66 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_IDEA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 168,174 ****
+  	else
+  		printf("ok\n");
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 169,175 ----
+  	else
+  		printf("ok\n");
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/lhash/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/lhash/Makefile.ssl
+*** crypto/openssl/crypto/lhash/Makefile.ssl	Wed Jul  4 18:19:27 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/lhash/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/md2/Makefile.ssl
+*** crypto/openssl/crypto/md2/Makefile.ssl	Tue Jul 30 17:05:32 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/md2/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 79,86 ****
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+! md2_dgst.o: ../../include/openssl/opensslv.h
+  md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+--- 79,88 ----
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/md2.h
+! md2_dgst.o: ../../include/openssl/opensslconf.h
+! md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_dgst.c ../RELENG_4_7/crypto/openssl/crypto/md2/md2_dgst.c
+*** crypto/openssl/crypto/md2/md2_dgst.c	Sun Aug 20 03:46:28 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/md2/md2_dgst.c	Fri Feb 21 07:24:22 2003
+***************
+*** 61,66 ****
+--- 61,67 ----
+  #include <string.h>
+  #include <openssl/md2.h>
+  #include <openssl/opensslv.h>
++ #include <openssl/crypto.h>
+  
+  const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
+  
+***************
+*** 194,200 ****
+  		t=(t+i)&0xff;
+  		}
+  	memcpy(sp1,state,16*sizeof(MD2_INT));
+! 	memset(state,0,48*sizeof(MD2_INT));
+  	}
+  
+  void MD2_Final(unsigned char *md, MD2_CTX *c)
+--- 195,201 ----
+  		t=(t+i)&0xff;
+  		}
+  	memcpy(sp1,state,16*sizeof(MD2_INT));
+! 	OPENSSL_cleanse(state,48*sizeof(MD2_INT));
+  	}
+  
+  void MD2_Final(unsigned char *md, MD2_CTX *c)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_one.c ../RELENG_4_7/crypto/openssl/crypto/md2/md2_one.c
+*** crypto/openssl/crypto/md2/md2_one.c	Sun Aug 20 03:46:28 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/md2/md2_one.c	Fri Feb 21 07:24:22 2003
+***************
+*** 88,93 ****
+  	}
+  #endif
+  	MD2_Final(md,&c);
+! 	memset(&c,0,sizeof(c));	/* Security consideration */
+  	return(md);
+  	}
+--- 88,93 ----
+  	}
+  #endif
+  	MD2_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */
+  	return(md);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2test.c ../RELENG_4_7/crypto/openssl/crypto/md2/md2test.c
+*** crypto/openssl/crypto/md2/md2test.c	Sun Aug 20 03:46:28 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/md2/md2test.c	Fri Feb 21 07:24:22 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD2
+  int main(int argc, char *argv[])
+  {
+***************
+*** 119,125 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 121,127 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md32_common.h ../RELENG_4_7/crypto/openssl/crypto/md32_common.h
+*** crypto/openssl/crypto/md32_common.h	Tue Jul 30 17:05:02 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/md32_common.h	Fri Feb 21 07:24:20 2003
+***************
+*** 602,607 ****
+  	c->num=0;
+  	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+  	 * but I'm not worried :-)
+! 	memset((void *)c,0,sizeof(HASH_CTX));
+  	 */
+  	}
+--- 602,607 ----
+  	c->num=0;
+  	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+  	 * but I'm not worried :-)
+! 	OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
+  	 */
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/md4/Makefile.ssl
+*** crypto/openssl/crypto/md4/Makefile.ssl	Wed Jul  4 18:19:28 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/md4/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 82,85 ****
+  
+  md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+  md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
+! md4_one.o: ../../include/openssl/md4.h
+--- 82,87 ----
+  
+  md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+  md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
+! md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/md4.h
+! md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4_one.c ../RELENG_4_7/crypto/openssl/crypto/md4/md4_one.c
+*** crypto/openssl/crypto/md4/md4_one.c	Sun Nov 26 05:33:40 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/md4/md4_one.c	Fri Feb 21 07:24:22 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/md4.h>
++ #include <openssl/crypto.h>
+  
+  #ifdef CHARSET_EBCDIC
+  #include <openssl/ebcdic.h>
+***************
+*** 89,95 ****
+  	}
+  #endif
+  	MD4_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 90,96 ----
+  	}
+  #endif
+  	MD4_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4test.c ../RELENG_4_7/crypto/openssl/crypto/md4/md4test.c
+*** crypto/openssl/crypto/md4/md4test.c	Sun Nov 26 05:33:40 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/md4/md4test.c	Fri Feb 21 07:24:22 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD4
+  int main(int argc, char *argv[])
+  {
+***************
+*** 115,121 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 117,123 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/md5/Makefile.ssl
+*** crypto/openssl/crypto/md5/Makefile.ssl	Wed Jul  4 18:19:29 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/md5/Makefile.ssl	Fri Feb 21 07:24:22 2003
+***************
+*** 118,124 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 118,124 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 131,134 ****
+  
+  md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+  md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+! md5_one.o: ../../include/openssl/md5.h
+--- 131,136 ----
+  
+  md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+  md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+! md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/md5.h
+! md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5_one.c ../RELENG_4_7/crypto/openssl/crypto/md5/md5_one.c
+*** crypto/openssl/crypto/md5/md5_one.c	Sun Aug 20 03:46:29 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/md5/md5_one.c	Fri Feb 21 07:24:23 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/md5.h>
++ #include <openssl/crypto.h>
+  
+  #ifdef CHARSET_EBCDIC
+  #include <openssl/ebcdic.h>
+***************
+*** 89,95 ****
+  	}
+  #endif
+  	MD5_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 90,96 ----
+  	}
+  #endif
+  	MD5_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5test.c ../RELENG_4_7/crypto/openssl/crypto/md5/md5test.c
+*** crypto/openssl/crypto/md5/md5test.c	Sun Aug 20 03:46:29 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/md5/md5test.c	Fri Feb 21 07:24:23 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD5
+  int main(int argc, char *argv[])
+  {
+***************
+*** 115,121 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 117,123 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/mdc2/Makefile.ssl
+*** crypto/openssl/crypto/mdc2/Makefile.ssl	Wed Jul  4 18:19:29 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/mdc2/Makefile.ssl	Fri Feb 21 07:24:23 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2_one.c ../RELENG_4_7/crypto/openssl/crypto/mdc2/mdc2_one.c
+*** crypto/openssl/crypto/mdc2/mdc2_one.c	Sun Aug 20 03:46:29 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/mdc2/mdc2_one.c	Fri Feb 21 07:24:23 2003
+***************
+*** 69,75 ****
+  	MDC2_Init(&c);
+  	MDC2_Update(&c,d,n);
+          MDC2_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 69,75 ----
+  	MDC2_Init(&c);
+  	MDC2_Update(&c,d,n);
+          MDC2_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2test.c ../RELENG_4_7/crypto/openssl/crypto/mdc2/mdc2test.c
+*** crypto/openssl/crypto/mdc2/mdc2test.c	Sun Aug 20 03:46:29 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/mdc2/mdc2test.c	Fri Feb 21 07:24:23 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #if defined(NO_DES) && !defined(NO_MDC2)
+  #define NO_MDC2
+  #endif
+***************
+*** 134,140 ****
+  	else
+  		printf("pad2 - ok\n");
+  
+! 	exit(ret);
+  	return(ret);
+  	}
+  #endif
+--- 136,142 ----
+  	else
+  		printf("pad2 - ok\n");
+  
+! 	EXIT(ret);
+  	return(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem.c ../RELENG_4_7/crypto/openssl/crypto/mem.c
+*** crypto/openssl/crypto/mem.c	Sun Aug 11 09:13:58 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/mem.c	Fri Feb 21 07:24:20 2003
+***************
+*** 173,178 ****
+--- 173,181 ----
+  void *CRYPTO_malloc_locked(int num, const char *file, int line)
+  	{
+  	void *ret = NULL;
++ 	extern unsigned char cleanse_ctr;
++ 
++ 	if (num < 0) return NULL;
+  
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+***************
+*** 187,192 ****
+--- 190,201 ----
+  	if (malloc_debug_func != NULL)
+  		malloc_debug_func(ret, num, file, line, 1);
+  
++         /* Create a dependency on the value of 'cleanse_ctr' so our memory
++          * sanitisation function can't be optimised out. NB: We only do
++          * this for >2Kb so the overhead doesn't bother us. */
++         if(ret && (num > 2048))
++ 		((unsigned char *)ret)[0] = cleanse_ctr;
++ 
+  	return ret;
+  	}
+  
+***************
+*** 205,210 ****
+--- 214,222 ----
+  void *CRYPTO_malloc(int num, const char *file, int line)
+  	{
+  	void *ret = NULL;
++ 	extern unsigned char cleanse_ctr;
++ 
++ 	if (num < 0) return NULL;
+  
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+***************
+*** 219,224 ****
+--- 231,242 ----
+  	if (malloc_debug_func != NULL)
+  		malloc_debug_func(ret, num, file, line, 1);
+  
++         /* Create a dependency on the value of 'cleanse_ctr' so our memory
++          * sanitisation function can't be optimised out. NB: We only do
++          * this for >2Kb so the overhead doesn't bother us. */
++         if(ret && (num > 2048))
++                 ((unsigned char *)ret)[0] = cleanse_ctr;
++ 
+  	return ret;
+  	}
+  
+***************
+*** 228,233 ****
+--- 246,253 ----
+  
+  	if (str == NULL)
+  		return CRYPTO_malloc(num, file, line);
++ 
++ 	if (num < 0) return NULL;
+  
+  	if (realloc_debug_func != NULL)
+  		realloc_debug_func(str, NULL, num, file, line, 0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_clr.c ../RELENG_4_7/crypto/openssl/crypto/mem_clr.c
+*** crypto/openssl/crypto/mem_clr.c	Wed Dec 31 18:00:00 1969
+--- ../RELENG_4_7/crypto/openssl/crypto/mem_clr.c	Thu Feb 20 14:42:07 2003
+***************
+*** 0 ****
+--- 1,75 ----
++ /* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
++ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
++  * project 2002.
++  */
++ /* ====================================================================
++  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
++ 
++ #include <string.h>
++ #include <openssl/crypto.h>
++ 
++ unsigned char cleanse_ctr = 0;
++ 
++ void OPENSSL_cleanse(void *ptr, size_t len)
++ 	{
++ 	unsigned char *p = ptr;
++ 	size_t loop = len;
++ 	while(loop--)
++ 		{
++ 		*(p++) = cleanse_ctr;
++ 		cleanse_ctr += (17 + (unsigned char)((int)p & 0xF));
++ 		}
++ 	if(memchr(ptr, cleanse_ctr, len))
++ 		cleanse_ctr += 63;
++ 	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_dbg.c ../RELENG_4_7/crypto/openssl/crypto/mem_dbg.c
+*** crypto/openssl/crypto/mem_dbg.c	Wed Jul  4 18:19:11 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/mem_dbg.c	Fri Feb 21 07:24:20 2003
+***************
+*** 102,107 ****
+--- 102,109 ----
+  	int references;
+  	} APP_INFO;
+  
++ static void app_info_free(APP_INFO *);
++ 
+  static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
+                            * that are at the top of their thread's stack
+                            * (with `thread' as key);
+***************
+*** 140,145 ****
+--- 142,159 ----
+                                              * thread named in disabling_thread).
+                                              */
+  
++ static void app_info_free(APP_INFO *inf)
++ 	{
++ 	if (--(inf->references) <= 0)
++ 		{
++ 		if (inf->next != NULL)
++ 			{
++ 			app_info_free(inf->next);
++ 			}
++ 		OPENSSL_free(inf);
++ 		}
++ 	}
++ 
+  int CRYPTO_mem_ctrl(int mode)
+  	{
+  	int ret=mh_mode;
+***************
+*** 496,504 ****
+  				mp->order, mp->addr, mp->num);
+  #endif
+  				if (mp->app_info != NULL)
+! 					{
+! 					mp->app_info->references--;
+! 					}
+  				OPENSSL_free(mp);
+  				}
+  
+--- 510,516 ----
+  				mp->order, mp->addr, mp->num);
+  #endif
+  				if (mp->app_info != NULL)
+! 					app_info_free(mp->app_info);
+  				OPENSSL_free(mp);
+  				}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/objects/Makefile.ssl
+*** crypto/openssl/crypto/objects/Makefile.ssl	Tue Jul 30 17:05:35 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/objects/Makefile.ssl	Fri Feb 21 07:24:23 2003
+***************
+*** 76,82 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 76,82 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.c ../RELENG_4_7/crypto/openssl/crypto/objects/obj_dat.c
+*** crypto/openssl/crypto/objects/obj_dat.c	Tue Jul 30 17:05:35 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/objects/obj_dat.c	Fri Feb 21 07:24:23 2003
+***************
+*** 417,423 ****
+  	a2d_ASN1_OBJECT(p,i,s,-1);
+  	
+  	p=buf;
+! 	op=d2i_ASN1_OBJECT(NULL,&p,i);
+  	OPENSSL_free(buf);
+  	return op;
+  	}
+--- 417,423 ----
+  	a2d_ASN1_OBJECT(p,i,s,-1);
+  	
+  	p=buf;
+! 	op=d2i_ASN1_OBJECT(NULL,&p,j);
+  	OPENSSL_free(buf);
+  	return op;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.h ../RELENG_4_7/crypto/openssl/crypto/objects/obj_dat.h
+*** crypto/openssl/crypto/objects/obj_dat.h	Tue Jul 30 17:05:35 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/objects/obj_dat.h	Fri Feb 21 07:24:23 2003
+***************
+*** 62,73 ****
+   * [including the GNU Public Licence.]
+   */
+  
+! #define NUM_NID 404
+! #define NUM_SN 402
+! #define NUM_LN 402
+! #define NUM_OBJ 376
+  
+! static unsigned char lvalues[2951]={
+  0x00,                                        /* [  0] OBJ_undef */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
+--- 62,73 ----
+   * [including the GNU Public Licence.]
+   */
+  
+! #define NUM_NID 406
+! #define NUM_SN 404
+! #define NUM_LN 404
+! #define NUM_OBJ 378
+  
+! static unsigned char lvalues[2971]={
+  0x00,                                        /* [  0] OBJ_undef */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
+***************
+*** 444,449 ****
+--- 444,451 ----
+  0x55,0x1D,0x24,                              /* [2941] OBJ_policy_constraints */
+  0x55,0x1D,0x37,                              /* [2944] OBJ_target_information */
+  0x55,0x1D,0x38,                              /* [2947] OBJ_no_rev_avail */
++ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [2950] OBJ_ms_smartcard_login */
++ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [2960] OBJ_ms_upn */
+  };
+  
+  static ASN1_OBJECT nid_objs[NUM_NID]={
+***************
+*** 1075,1080 ****
+--- 1077,1086 ----
+  	&(lvalues[2944]),0},
+  {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
+  	&(lvalues[2947]),0},
++ {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
++ 	10,&(lvalues[2950]),0},
++ {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
++ 	&(lvalues[2960]),0},
+  };
+  
+  static ASN1_OBJECT *sn_objs[NUM_SN]={
+***************
+*** 1417,1422 ****
+--- 1423,1430 ----
+  &(nid_objs[138]),/* "msEFS" */
+  &(nid_objs[171]),/* "msExtReq" */
+  &(nid_objs[137]),/* "msSGC" */
++ &(nid_objs[404]),/* "msSmartcardLogin" */
++ &(nid_objs[405]),/* "msUPN" */
+  &(nid_objs[173]),/* "name" */
+  &(nid_objs[369]),/* "noCheck" */
+  &(nid_objs[403]),/* "noRevAvail" */
+***************
+*** 1510,1516 ****
+--- 1518,1526 ----
+  &(nid_objs[171]),/* "Microsoft Extension Request" */
+  &(nid_objs[134]),/* "Microsoft Individual Code Signing" */
+  &(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
++ &(nid_objs[404]),/* "Microsoft Smartcardlogin" */
+  &(nid_objs[136]),/* "Microsoft Trust List Signing" */
++ &(nid_objs[405]),/* "Microsoft Universal Principal Name" */
+  &(nid_objs[72]),/* "Netscape Base Url" */
+  &(nid_objs[76]),/* "Netscape CA Policy Url" */
+  &(nid_objs[74]),/* "Netscape CA Revocation Url" */
+***************
+*** 2196,2201 ****
+--- 2206,2213 ----
+  &(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+  &(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+  &(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
++ &(nid_objs[404]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
++ &(nid_objs[405]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+  &(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+  &(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+  &(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.h ../RELENG_4_7/crypto/openssl/crypto/objects/obj_mac.h
+*** crypto/openssl/crypto/objects/obj_mac.h	Tue Jul 30 17:05:35 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/objects/obj_mac.h	Fri Feb 21 07:24:23 2003
+***************
+*** 780,785 ****
+--- 780,795 ----
+  #define NID_ms_efs		138
+  #define OBJ_ms_efs		1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+  
++ #define SN_ms_smartcard_login		"msSmartcardLogin"
++ #define LN_ms_smartcard_login		"Microsoft Smartcardlogin"
++ #define NID_ms_smartcard_login		404
++ #define OBJ_ms_smartcard_login		1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
++ 
++ #define SN_ms_upn		"msUPN"
++ #define LN_ms_upn		"Microsoft Universal Principal Name"
++ #define NID_ms_upn		405
++ #define OBJ_ms_upn		1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
++ 
+  #define SN_idea_cbc		"IDEA-CBC"
+  #define LN_idea_cbc		"idea-cbc"
+  #define NID_idea_cbc		34
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.num ../RELENG_4_7/crypto/openssl/crypto/objects/obj_mac.num
+*** crypto/openssl/crypto/objects/obj_mac.num	Tue Jul 30 17:05:37 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/objects/obj_mac.num	Fri Feb 21 07:24:23 2003
+***************
+*** 401,403 ****
+--- 401,405 ----
+  policy_constraints		401
+  target_information		402
+  no_rev_avail		403
++ ms_smartcard_login		404
++ ms_upn		405
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/objects.txt ../RELENG_4_7/crypto/openssl/crypto/objects/objects.txt
+*** crypto/openssl/crypto/objects/objects.txt	Tue Jul 30 17:05:37 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/objects/objects.txt	Fri Feb 21 07:24:23 2003
+***************
+*** 246,251 ****
+--- 246,255 ----
+  1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
+  !Cname ms-efs
+  1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
++ !Cname ms-smartcard-login
++ 1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
++ !Cname ms-upn
++ 1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name
+  
+  1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
+  			: IDEA-ECB		: idea-ecb
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslconf.h ../RELENG_4_7/crypto/openssl/crypto/opensslconf.h
+*** crypto/openssl/crypto/opensslconf.h	Sun Aug 20 03:46:04 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/opensslconf.h	Fri Feb 21 07:24:20 2003
+***************
+*** 6,19 ****
+     /* no ciphers excluded */
+  #endif
+  #ifdef OPENSSL_THREAD_DEFINES
+  #endif
+  #ifdef OPENSSL_OTHER_DEFINES
+  #endif
+  
+  /* crypto/opensslconf.h.in */
+  
+  /* Generate 80386 code? */
+! #undef I386_ONLY
+  
+  #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+  #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+--- 6,28 ----
+     /* no ciphers excluded */
+  #endif
+  #ifdef OPENSSL_THREAD_DEFINES
++ # ifndef THREADS
++ #  define THREADS
++ # endif
+  #endif
+  #ifdef OPENSSL_OTHER_DEFINES
++ # ifndef DSO_DLFCN
++ #  define DSO_DLFCN
++ # endif
++ # ifndef HAVE_DLFCN_H
++ #  define HAVE_DLFCN_H
++ # endif
+  #endif
+  
+  /* crypto/opensslconf.h.in */
+  
+  /* Generate 80386 code? */
+! #define I386_ONLY
+  
+  #if !(defined(VMS) || defined(__VMS)) /* VMS uses logical names instead */
+  #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
+***************
+*** 66,72 ****
+  
+  #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+  #define CONFIG_HEADER_BN_H
+! #undef BN_LLONG
+  
+  /* Should we define BN_DIV2W here? */
+  
+--- 75,81 ----
+  
+  #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
+  #define CONFIG_HEADER_BN_H
+! #define BN_LLONG
+  
+  /* Should we define BN_DIV2W here? */
+  
+***************
+*** 85,91 ****
+  #define CONFIG_HEADER_RC4_LOCL_H
+  /* if this is defined data[i] is used instead of *data, this is a %20
+   * speedup on x86 */
+! #undef RC4_INDEX
+  #endif
+  
+  #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+--- 94,100 ----
+  #define CONFIG_HEADER_RC4_LOCL_H
+  /* if this is defined data[i] is used instead of *data, this is a %20
+   * speedup on x86 */
+! #define RC4_INDEX
+  #endif
+  
+  #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
+***************
+*** 99,112 ****
+  /* the following is tweaked from a config script, that is why it is a
+   * protected undef/define */
+  #ifndef DES_PTR
+! #undef DES_PTR
+  #endif
+  
+  /* This helps C compiler generate the correct code for multiple functional
+   * units.  It reduces register dependancies at the expense of 2 more
+   * registers */
+  #ifndef DES_RISC1
+! #undef DES_RISC1
+  #endif
+  
+  #ifndef DES_RISC2
+--- 108,121 ----
+  /* the following is tweaked from a config script, that is why it is a
+   * protected undef/define */
+  #ifndef DES_PTR
+! #define DES_PTR
+  #endif
+  
+  /* This helps C compiler generate the correct code for multiple functional
+   * units.  It reduces register dependancies at the expense of 2 more
+   * registers */
+  #ifndef DES_RISC1
+! #define DES_RISC1
+  #endif
+  
+  #ifndef DES_RISC2
+***************
+*** 120,126 ****
+  /* Unroll the inner loop, this sometimes helps, sometimes hinders.
+   * Very mucy CPU dependant */
+  #ifndef DES_UNROLL
+! #undef DES_UNROLL
+  #endif
+  
+  /* These default values were supplied by
+--- 129,135 ----
+  /* Unroll the inner loop, this sometimes helps, sometimes hinders.
+   * Very mucy CPU dependant */
+  #ifndef DES_UNROLL
+! #define DES_UNROLL
+  #endif
+  
+  /* These default values were supplied by
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslv.h ../RELENG_4_7/crypto/openssl/crypto/opensslv.h
+*** crypto/openssl/crypto/opensslv.h	Sun Aug 11 09:13:58 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/opensslv.h	Fri Feb 21 07:24:20 2003
+***************
+*** 25,32 ****
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090607fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6g 9 Aug 2002"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+--- 25,32 ----
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090609fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6i Feb 19 2003"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/pem/Makefile.ssl
+*** crypto/openssl/crypto/pem/Makefile.ssl	Wed Jul  4 18:19:30 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/pem/Makefile.ssl	Fri Feb 21 07:24:23 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_info.c ../RELENG_4_7/crypto/openssl/crypto/pem/pem_info.c
+*** crypto/openssl/crypto/pem/pem_info.c	Tue Jul 30 17:05:39 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/pem/pem_info.c	Fri Feb 21 07:24:23 2003
+***************
+*** 358,364 ****
+  	ret=1;
+  
+  err:
+! 	memset((char *)&ctx,0,sizeof(ctx));
+! 	memset(buf,0,PEM_BUFSIZE);
+  	return(ret);
+  	}
+--- 358,364 ----
+  	ret=1;
+  
+  err:
+! 	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+! 	OPENSSL_cleanse(buf,PEM_BUFSIZE);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_lib.c ../RELENG_4_7/crypto/openssl/crypto/pem/pem_lib.c
+*** crypto/openssl/crypto/pem/pem_lib.c	Tue Jul 30 17:05:39 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/pem/pem_lib.c	Fri Feb 21 07:24:23 2003
+***************
+*** 380,386 ****
+  		 * NOT taken from the BytesToKey function */
+  		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+  
+! 		if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+  
+  		buf[0]='\0';
+  		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+--- 380,386 ----
+  		 * NOT taken from the BytesToKey function */
+  		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+  
+! 		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
+  
+  		buf[0]='\0';
+  		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+***************
+*** 401,412 ****
+  	i=PEM_write_bio(bp,name,buf,data,i);
+  	if (i <= 0) ret=0;
+  err:
+! 	memset(key,0,sizeof(key));
+! 	memset(iv,0,sizeof(iv));
+! 	memset((char *)&ctx,0,sizeof(ctx));
+! 	memset(buf,0,PEM_BUFSIZE);
+! 	memset(data,0,(unsigned int)dsize);
+! 	OPENSSL_free(data);
+  	return(ret);
+  	}
+  
+--- 401,415 ----
+  	i=PEM_write_bio(bp,name,buf,data,i);
+  	if (i <= 0) ret=0;
+  err:
+! 	OPENSSL_cleanse(key,sizeof(key));
+! 	OPENSSL_cleanse(iv,sizeof(iv));
+! 	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+! 	OPENSSL_cleanse(buf,PEM_BUFSIZE);
+! 	if (data != NULL)
+! 		{
+! 		OPENSSL_cleanse(data,(unsigned int)dsize);
+! 		OPENSSL_free(data);
+! 		}
+  	return(ret);
+  	}
+  
+***************
+*** 444,451 ****
+  	EVP_DecryptUpdate(&ctx,data,&i,data,j);
+  	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+  	EVP_CIPHER_CTX_cleanup(&ctx);
+! 	memset((char *)buf,0,sizeof(buf));
+! 	memset((char *)key,0,sizeof(key));
+  	j+=i;
+  	if (!o)
+  		{
+--- 447,454 ----
+  	EVP_DecryptUpdate(&ctx,data,&i,data,j);
+  	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+  	EVP_CIPHER_CTX_cleanup(&ctx);
+! 	OPENSSL_cleanse((char *)buf,sizeof(buf));
+! 	OPENSSL_cleanse((char *)key,sizeof(key));
+  	j+=i;
+  	if (!o)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_seal.c ../RELENG_4_7/crypto/openssl/crypto/pem/pem_seal.c
+*** crypto/openssl/crypto/pem/pem_seal.c	Sun Nov 26 05:33:44 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/pem/pem_seal.c	Fri Feb 21 07:24:23 2003
+***************
+*** 109,115 ****
+  	ret=npubk;
+  err:
+  	if (s != NULL) OPENSSL_free(s);
+! 	memset(key,0,EVP_MAX_KEY_LENGTH);
+  	return(ret);
+  	}
+  
+--- 109,115 ----
+  	ret=npubk;
+  err:
+  	if (s != NULL) OPENSSL_free(s);
+! 	OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/pkcs12/Makefile.ssl
+*** crypto/openssl/crypto/pkcs12/Makefile.ssl	Wed Jul  4 18:19:31 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/pkcs12/Makefile.ssl	Fri Feb 21 07:24:23 2003
+***************
+*** 74,80 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 74,80 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_crpt.c ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_crpt.c
+*** crypto/openssl/crypto/pkcs12/p12_crpt.c	Sun Aug 20 03:46:32 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_crpt.c	Fri Feb 21 07:24:23 2003
+***************
+*** 118,124 ****
+  	}
+  	PBEPARAM_free(pbe);
+  	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+! 	memset(key, 0, EVP_MAX_KEY_LENGTH);
+! 	memset(iv, 0, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+--- 118,124 ----
+  	}
+  	PBEPARAM_free(pbe);
+  	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+! 	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+! 	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_decr.c ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_decr.c
+*** crypto/openssl/crypto/pkcs12/p12_decr.c	Sun Nov 26 05:33:45 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_decr.c	Fri Feb 21 07:24:23 2003
+***************
+*** 137,143 ****
+  	if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
+  				free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+  	else ret = d2i(NULL, &p, outlen);
+! 	if (seq & 2) memset(out, 0, outlen);
+  	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+  	OPENSSL_free (out);
+  	return ret;
+--- 137,143 ----
+  	if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
+  				free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+  	else ret = d2i(NULL, &p, outlen);
+! 	if (seq & 2) OPENSSL_cleanse(out, outlen);
+  	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+  	OPENSSL_free (out);
+  	return ret;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_key.c ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_key.c
+*** crypto/openssl/crypto/pkcs12/p12_key.c	Wed Jul  4 18:19:31 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/pkcs12/p12_key.c	Fri Feb 21 07:24:23 2003
+***************
+*** 91,97 ****
+  	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+  						 id, iter, n, out, md_type);
+  	if(unipass) {
+! 		memset(unipass, 0, uniplen);	/* Clear password from memory */
+  		OPENSSL_free(unipass);
+  	}
+  	return ret;
+--- 91,97 ----
+  	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+  						 id, iter, n, out, md_type);
+  	if(unipass) {
+! 		OPENSSL_cleanse(unipass, uniplen);	/* Clear password from memory */
+  		OPENSSL_free(unipass);
+  	}
+  	return ret;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/pkcs7/Makefile.ssl
+*** crypto/openssl/crypto/pkcs7/Makefile.ssl	Tue Jul 30 17:05:42 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/pkcs7/Makefile.ssl	Fri Feb 21 07:24:23 2003
+***************
+*** 87,93 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 87,93 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/bio_ber.c ../RELENG_4_7/crypto/openssl/crypto/pkcs7/bio_ber.c
+*** crypto/openssl/crypto/pkcs7/bio_ber.c	Sun Nov 26 05:33:47 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/pkcs7/bio_ber.c	Fri Feb 21 07:24:23 2003
+***************
+*** 145,151 ****
+  
+  	if (a == NULL) return(0);
+  	b=(BIO_BER_CTX *)a->ptr;
+! 	memset(a->ptr,0,sizeof(BIO_BER_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 145,151 ----
+  
+  	if (a == NULL) return(0);
+  	b=(BIO_BER_CTX *)a->ptr;
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/pk7_doit.c ../RELENG_4_7/crypto/openssl/crypto/pkcs7/pk7_doit.c
+*** crypto/openssl/crypto/pkcs7/pk7_doit.c	Tue Jul 30 17:05:42 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/pkcs7/pk7_doit.c	Fri Feb 21 07:24:23 2003
+***************
+*** 241,247 ****
+  			M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+  			}
+  		OPENSSL_free(tmp);
+! 		memset(key, 0, keylen);
+  
+  		if (out == NULL)
+  			out=btmp;
+--- 241,247 ----
+  			M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+  			}
+  		OPENSSL_free(tmp);
+! 		OPENSSL_cleanse(key, keylen);
+  
+  		if (out == NULL)
+  			out=btmp;
+***************
+*** 448,454 ****
+  		} 
+  		EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+  
+! 		memset(tmp,0,jj);
+  
+  		if (out == NULL)
+  			out=etmp;
+--- 448,454 ----
+  		} 
+  		EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+  
+! 		OPENSSL_cleanse(tmp,jj);
+  
+  		if (out == NULL)
+  			out=etmp;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/rand/Makefile.ssl
+*** crypto/openssl/crypto/rand/Makefile.ssl	Wed Jul  4 18:19:33 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/rand/Makefile.ssl	Fri Feb 21 07:24:23 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/md_rand.c ../RELENG_4_7/crypto/openssl/crypto/rand/md_rand.c
+*** crypto/openssl/crypto/rand/md_rand.c	Tue Jul 30 17:05:42 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/rand/md_rand.c	Fri Feb 21 07:24:23 2003
+***************
+*** 177,186 ****
+  
+  static void ssleay_rand_cleanup(void)
+  	{
+! 	memset(state,0,sizeof(state));
+  	state_num=0;
+  	state_index=0;
+! 	memset(md,0,MD_DIGEST_LENGTH);
+  	md_count[0]=0;
+  	md_count[1]=0;
+  	entropy=0;
+--- 177,186 ----
+  
+  static void ssleay_rand_cleanup(void)
+  	{
+! 	OPENSSL_cleanse(state,sizeof(state));
+  	state_num=0;
+  	state_index=0;
+! 	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
+  	md_count[0]=0;
+  	md_count[1]=0;
+  	entropy=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_egd.c ../RELENG_4_7/crypto/openssl/crypto/rand/rand_egd.c
+*** crypto/openssl/crypto/rand/rand_egd.c	Tue Jul 30 17:05:42 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/rand/rand_egd.c	Fri Feb 21 07:24:23 2003
+***************
+*** 59,65 ****
+  /* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+   */
+  
+! #if defined(WIN32) || defined(VMS) || defined(__VMS)
+  int RAND_egd(const char *path)
+  	{
+  	return(-1);
+--- 59,65 ----
+  /* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+   */
+  
+! #if defined(WIN32) || defined(MSDOS) || defined(VMS) || defined(__VMS) || defined(VXWORKS)
+  int RAND_egd(const char *path)
+  	{
+  	return(-1);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_win.c ../RELENG_4_7/crypto/openssl/crypto/rand/rand_win.c
+*** crypto/openssl/crypto/rand/rand_win.c	Tue Jul 30 17:05:43 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/rand/rand_win.c	Fri Feb 21 07:24:23 2003
+***************
+*** 254,259 ****
+--- 254,263 ----
+           * at random times on Windows 2000.  Reported by Jeffrey Altman.  
+           * Only use it on NT.
+  	 */
++ 	/* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
++ 	 * the RegQueryValueEx call below can hang on NT4.0 (SP6).
++ 	 * So we don't use this at all for now. */
++ #if 0
+          if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+  		osverinfo.dwMajorVersion < 5)
+  		{
+***************
+*** 283,295 ****
+  			{
+                          /* For entropy count assume only least significant
+  			 * byte of each DWORD is random.
+!                          */
+  			RAND_add(&length, sizeof(length), 0);
+  			RAND_add(buf, length, length / 4.0);
+  			}
+  		if (buf)
+  			free(buf);
+  		}
+  
+  	if (advapi)
+  		{
+--- 287,309 ----
+  			{
+                          /* For entropy count assume only least significant
+  			 * byte of each DWORD is random.
+! 			 */
+  			RAND_add(&length, sizeof(length), 0);
+  			RAND_add(buf, length, length / 4.0);
++ 
++ 			/* Close the Registry Key to allow Windows to cleanup/close
++ 			 * the open handle
++ 			 * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
++ 			 *       when the RegQueryValueEx above is done.  However, if
++ 			 *       it is not explicitly closed, it can cause disk
++ 			 *       partition manipulation problems.
++ 			 */
++ 			RegCloseKey(HKEY_PERFORMANCE_DATA);
+  			}
+  		if (buf)
+  			free(buf);
+  		}
++ #endif
+  
+  	if (advapi)
+  		{
+***************
+*** 461,467 ****
+  						hlist.th32ProcessID,
+  						hlist.th32HeapID))
+  						{
+! 						int entrycnt = 50;
+  						do
+  							RAND_add(&hentry,
+  								hentry.dwSize, 5);
+--- 475,481 ----
+  						hlist.th32ProcessID,
+  						hlist.th32HeapID))
+  						{
+! 						int entrycnt = 80;
+  						do
+  							RAND_add(&hentry,
+  								hentry.dwSize, 5);
+***************
+*** 718,725 ****
+--- 732,741 ----
+  	/* put in some default random data, we need more than just this */
+  	l=curr_pid;
+  	RAND_add(&l,sizeof(l),0);
++ #ifndef VXWORKS
+  	l=getuid();
+  	RAND_add(&l,sizeof(l),0);
++ #endif
+  
+  	l=time(NULL);
+  	RAND_add(&l,sizeof(l),0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randfile.c ../RELENG_4_7/crypto/openssl/crypto/rand/randfile.c
+*** crypto/openssl/crypto/rand/randfile.c	Tue Jul 30 17:05:43 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/rand/randfile.c	Fri Feb 21 07:24:23 2003
+***************
+*** 61,66 ****
+--- 61,68 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "openssl/e_os.h"
++ 
+  #ifdef VMS
+  #include <unixio.h>
+  #endif
+***************
+*** 73,79 ****
+  # include <sys/stat.h>
+  #endif
+  
+- #include "openssl/e_os.h"
+  #include <openssl/crypto.h>
+  #include <openssl/rand.h>
+  
+--- 75,80 ----
+***************
+*** 124,130 ****
+  			}
+  		}
+  	fclose(in);
+! 	memset(buf,0,BUFSIZE);
+  err:
+  	return(ret);
+  	}
+--- 125,131 ----
+  			}
+  		}
+  	fclose(in);
+! 	OPENSSL_cleanse(buf,BUFSIZE);
+  err:
+  	return(ret);
+  	}
+***************
+*** 189,195 ****
+  #endif /* VMS */
+  
+  	fclose(out);
+! 	memset(buf,0,BUFSIZE);
+  err:
+  	return (rand_err ? -1 : ret);
+  	}
+--- 190,196 ----
+  #endif /* VMS */
+  
+  	fclose(out);
+! 	OPENSSL_cleanse(buf,BUFSIZE);
+  err:
+  	return (rand_err ? -1 : ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randtest.c ../RELENG_4_7/crypto/openssl/crypto/rand/randtest.c
+*** crypto/openssl/crypto/rand/randtest.c	Sun Aug 20 03:46:35 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/rand/randtest.c	Fri Feb 21 07:24:23 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <openssl/rand.h>
+  
++ #include "../e_os.h"
++ 
+  /* some FIPS 140-1 random number test */
+  /* some simple tests */
+  
+***************
+*** 202,207 ****
+  		}
+  	printf("test 4 done\n");
+  	err=((err)?1:0);
+! 	exit(err);
+  	return(err);
+  	}
+--- 204,209 ----
+  		}
+  	printf("test 4 done\n");
+  	err=((err)?1:0);
+! 	EXIT(err);
+  	return(err);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/rc2/Makefile.ssl
+*** crypto/openssl/crypto/rc2/Makefile.ssl	Wed Jul  4 18:19:33 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/rc2/Makefile.ssl	Fri Feb 21 07:24:23 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/rc2test.c ../RELENG_4_7/crypto/openssl/crypto/rc2/rc2test.c
+*** crypto/openssl/crypto/rc2/rc2test.c	Sun Aug 20 03:46:36 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/rc2/rc2test.c	Fri Feb 21 07:24:23 2003
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC2
+  int main(int argc, char *argv[])
+  {
+***************
+*** 203,209 ****
+  		printf("ok\n");
+  #endif
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 205,211 ----
+  		printf("ok\n");
+  #endif
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/rc4/Makefile.ssl
+*** crypto/openssl/crypto/rc4/Makefile.ssl	Wed Jul  4 18:19:34 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/rc4/Makefile.ssl	Fri Feb 21 07:24:23 2003
+***************
+*** 97,103 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 97,103 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4.c ../RELENG_4_7/crypto/openssl/crypto/rc4/rc4.c
+*** crypto/openssl/crypto/rc4/rc4.c	Mon Jan 10 00:21:50 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/rc4/rc4.c	Fri Feb 21 07:24:23 2003
+***************
+*** 155,161 ****
+  		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+  		if (i != 0)
+  			{
+! 			memset(buf,0,BUFSIZ);
+  			fprintf(stderr,"bad password read\n");
+  			exit(1);
+  			}
+--- 155,161 ----
+  		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+  		if (i != 0)
+  			{
+! 			OPENSSL_cleanse(buf,BUFSIZ);
+  			fprintf(stderr,"bad password read\n");
+  			exit(1);
+  			}
+***************
+*** 163,169 ****
+  		}
+  
+  	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+! 	memset(keystr,0,strlen(keystr));
+  	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+  	
+  	for(;;)
+--- 163,169 ----
+  		}
+  
+  	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+! 	OPENSSL_cleanse(keystr,strlen(keystr));
+  	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+  	
+  	for(;;)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4test.c ../RELENG_4_7/crypto/openssl/crypto/rc4/rc4test.c
+*** crypto/openssl/crypto/rc4/rc4test.c	Sun Aug 20 03:46:36 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/rc4/rc4test.c	Fri Feb 21 07:24:23 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC4
+  int main(int argc, char *argv[])
+  {
+***************
+*** 195,201 ****
+  			}
+  		}
+  	printf("done\n");
+! 	exit(err);
+  	return(0);
+  	}
+  #endif
+--- 197,203 ----
+  			}
+  		}
+  	printf("done\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/rc5/Makefile.ssl
+*** crypto/openssl/crypto/rc5/Makefile.ssl	Wed Jul  4 18:19:34 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/rc5/Makefile.ssl	Fri Feb 21 07:24:24 2003
+***************
+*** 94,100 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 94,100 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/rc5test.c ../RELENG_4_7/crypto/openssl/crypto/rc5/rc5test.c
+*** crypto/openssl/crypto/rc5/rc5test.c	Sun Aug 20 03:46:37 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/rc5/rc5test.c	Fri Feb 21 07:24:24 2003
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC5
+  int main(int argc, char *argv[])
+  {
+***************
+*** 318,324 ****
+  		}
+  	if (err == 0) printf("cbc RC5 ok\n");
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 320,326 ----
+  		}
+  	if (err == 0) printf("cbc RC5 ok\n");
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/ripemd/Makefile.ssl
+*** crypto/openssl/crypto/ripemd/Makefile.ssl	Wed Jul  4 18:19:35 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/ripemd/Makefile.ssl	Fri Feb 21 07:24:24 2003
+***************
+*** 92,98 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 92,98 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 106,109 ****
+  rmd_dgst.o: ../../include/openssl/opensslconf.h
+  rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+  rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
+! rmd_one.o: ../../include/openssl/ripemd.h
+--- 106,111 ----
+  rmd_dgst.o: ../../include/openssl/opensslconf.h
+  rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+  rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
+! rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+! rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmd_one.c ../RELENG_4_7/crypto/openssl/crypto/ripemd/rmd_one.c
+*** crypto/openssl/crypto/ripemd/rmd_one.c	Sun Aug 20 03:46:39 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/ripemd/rmd_one.c	Fri Feb 21 07:24:24 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/ripemd.h>
++ #include <openssl/crypto.h>
+  
+  unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+  	     unsigned char *md)
+***************
+*** 70,76 ****
+  	RIPEMD160_Init(&c);
+  	RIPEMD160_Update(&c,d,n);
+  	RIPEMD160_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 71,77 ----
+  	RIPEMD160_Init(&c);
+  	RIPEMD160_Update(&c,d,n);
+  	RIPEMD160_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmdtest.c ../RELENG_4_7/crypto/openssl/crypto/ripemd/rmdtest.c
+*** crypto/openssl/crypto/ripemd/rmdtest.c	Sun Aug 20 03:46:39 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/ripemd/rmdtest.c	Fri Feb 21 07:24:24 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RIPEMD
+  int main(int argc, char *argv[])
+  {
+***************
+*** 124,130 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 126,132 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/rsa/Makefile.ssl
+*** crypto/openssl/crypto/rsa/Makefile.ssl	Wed Jul  4 18:19:35 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/rsa/Makefile.ssl	Fri Feb 21 07:24:24 2003
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa.h ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa.h
+*** crypto/openssl/crypto/rsa/rsa.h	Tue Jul 30 17:05:44 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa.h	Fri Feb 21 07:24:24 2003
+***************
+*** 169,174 ****
+--- 168,175 ----
+  #define RSA_SSLV23_PADDING	2
+  #define RSA_NO_PADDING		3
+  #define RSA_PKCS1_OAEP_PADDING	4
++ 
++ #define RSA_PKCS1_PADDING_SIZE	11
+  
+  #define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
+  #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_eay.c ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_eay.c
+*** crypto/openssl/crypto/rsa/rsa_eay.c	Tue Jul 30 17:05:44 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_eay.c	Fri Feb 21 07:24:24 2003
+***************
+*** 185,191 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL) 
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 184,190 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL) 
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 269,275 ****
+  	BN_clear_free(&f);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 268,274 ----
+  	BN_clear_free(&f);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 368,374 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 367,373 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 465,471 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 464,470 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_pk1.c ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_pk1.c
+*** crypto/openssl/crypto/rsa/rsa_pk1.c	Sun Aug 20 03:46:40 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_pk1.c	Fri Feb 21 07:24:24 2003
+***************
+*** 68,74 ****
+  	int j;
+  	unsigned char *p;
+  
+! 	if (flen > (tlen-11))
+  		{
+  		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+  		return(0);
+--- 68,74 ----
+  	int j;
+  	unsigned char *p;
+  
+! 	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+  		return(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_saos.c ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_saos.c
+*** crypto/openssl/crypto/rsa/rsa_saos.c	Sun Nov 26 05:33:52 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_saos.c	Fri Feb 21 07:24:24 2003
+***************
+*** 76,82 ****
+  
+  	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
+  	j=RSA_size(rsa);
+! 	if ((i-RSA_PKCS1_PADDING) > j)
+  		{
+  		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+--- 76,82 ----
+  
+  	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
+  	j=RSA_size(rsa);
+! 	if (i > (j-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+***************
+*** 95,101 ****
+  	else
+  		*siglen=i;
+  
+! 	memset(s,0,(unsigned int)j+1);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 95,101 ----
+  	else
+  		*siglen=i;
+  
+! 	OPENSSL_cleanse(s,(unsigned int)j+1);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+***************
+*** 137,143 ****
+  		ret=1;
+  err:
+  	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
+! 	memset(s,0,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 137,143 ----
+  		ret=1;
+  err:
+  	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
+! 	OPENSSL_cleanse(s,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_sign.c ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_sign.c
+*** crypto/openssl/crypto/rsa/rsa_sign.c	Sun Nov 26 05:33:52 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/rsa/rsa_sign.c	Fri Feb 21 07:24:24 2003
+***************
+*** 109,115 ****
+  		i=i2d_X509_SIG(&sig,NULL);
+  	}
+  	j=RSA_size(rsa);
+! 	if ((i-RSA_PKCS1_PADDING) > j)
+  		{
+  		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+--- 109,115 ----
+  		i=i2d_X509_SIG(&sig,NULL);
+  	}
+  	j=RSA_size(rsa);
+! 	if (i > (j-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+***************
+*** 131,137 ****
+  		*siglen=i;
+  
+  	if(type != NID_md5_sha1) {
+! 		memset(s,0,(unsigned int)j+1);
+  		OPENSSL_free(s);
+  	}
+  	return(ret);
+--- 131,137 ----
+  		*siglen=i;
+  
+  	if(type != NID_md5_sha1) {
+! 		OPENSSL_cleanse(s,(unsigned int)j+1);
+  		OPENSSL_free(s);
+  	}
+  	return(ret);
+***************
+*** 214,220 ****
+  	}
+  err:
+  	if (sig != NULL) X509_SIG_free(sig);
+! 	memset(s,0,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 214,220 ----
+  	}
+  err:
+  	if (sig != NULL) X509_SIG_free(sig);
+! 	OPENSSL_cleanse(s,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/sha/Makefile.ssl
+*** crypto/openssl/crypto/sha/Makefile.ssl	Wed Jul  4 18:19:36 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/sha/Makefile.ssl	Fri Feb 21 07:24:24 2003
+***************
+*** 92,98 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 92,98 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 103,113 ****
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! sha1_one.o: ../../include/openssl/sha.h
+  sha1dgst.o: ../../include/openssl/opensslconf.h
+  sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha1dgst.o: ../md32_common.h sha_locl.h
+  sha_dgst.o: ../../include/openssl/opensslconf.h
+  sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha_dgst.o: ../md32_common.h sha_locl.h
+! sha_one.o: ../../include/openssl/sha.h
+--- 103,117 ----
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  sha1dgst.o: ../../include/openssl/opensslconf.h
+  sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha1dgst.o: ../md32_common.h sha_locl.h
+  sha_dgst.o: ../../include/openssl/opensslconf.h
+  sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha_dgst.o: ../md32_common.h sha_locl.h
+! sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1_one.c ../RELENG_4_7/crypto/openssl/crypto/sha/sha1_one.c
+*** crypto/openssl/crypto/sha/sha1_one.c	Mon Jan 10 00:21:52 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/sha/sha1_one.c	Fri Feb 21 07:24:24 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/sha.h>
++ #include <openssl/crypto.h>
+  
+  #ifndef NO_SHA1
+  unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
+***************
+*** 70,76 ****
+  	SHA1_Init(&c);
+  	SHA1_Update(&c,d,n);
+  	SHA1_Final(md,&c);
+! 	memset(&c,0,sizeof(c));
+  	return(md);
+  	}
+  #endif
+--- 71,77 ----
+  	SHA1_Init(&c);
+  	SHA1_Update(&c,d,n);
+  	SHA1_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));
+  	return(md);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1test.c ../RELENG_4_7/crypto/openssl/crypto/sha/sha1test.c
+*** crypto/openssl/crypto/sha/sha1test.c	Sun Aug 20 03:46:45 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/sha/sha1test.c	Fri Feb 21 07:24:24 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_SHA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 152,158 ****
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 154,160 ----
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha_one.c ../RELENG_4_7/crypto/openssl/crypto/sha/sha_one.c
+*** crypto/openssl/crypto/sha/sha_one.c	Mon Jan 10 00:21:52 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/sha/sha_one.c	Fri Feb 21 07:24:24 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/sha.h>
++ #include <openssl/crypto.h>
+  
+  #ifndef NO_SHA0
+  unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
+***************
+*** 70,76 ****
+  	SHA_Init(&c);
+  	SHA_Update(&c,d,n);
+  	SHA_Final(md,&c);
+! 	memset(&c,0,sizeof(c));
+  	return(md);
+  	}
+  #endif
+--- 71,77 ----
+  	SHA_Init(&c);
+  	SHA_Update(&c,d,n);
+  	SHA_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));
+  	return(md);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/shatest.c ../RELENG_4_7/crypto/openssl/crypto/sha/shatest.c
+*** crypto/openssl/crypto/sha/shatest.c	Sun Aug 20 03:46:45 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/sha/shatest.c	Fri Feb 21 07:24:24 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_SHA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 152,158 ****
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 154,160 ----
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/stack/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/stack/Makefile.ssl
+*** crypto/openssl/crypto/stack/Makefile.ssl	Wed Jul  4 18:19:37 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/stack/Makefile.ssl	Fri Feb 21 07:24:24 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/threads/mttest.c ../RELENG_4_7/crypto/openssl/crypto/threads/mttest.c
+*** crypto/openssl/crypto/threads/mttest.c	Sun Nov 26 05:33:57 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/threads/mttest.c	Fri Feb 21 07:24:24 2003
+***************
+*** 77,82 ****
+--- 77,86 ----
+  #ifdef PTHREADS
+  #include <pthread.h>
+  #endif
++ #ifdef VXWORKS
++ #include <taskLib.h>
++ #include <semLib.h>
++ #endif
+  #include <openssl/lhash.h>
+  #include <openssl/crypto.h>
+  #include <openssl/buffer.h>
+***************
+*** 105,114 ****
+--- 109,120 ----
+  void solaris_locking_callback(int mode,int type,char *file,int line);
+  void win32_locking_callback(int mode,int type,char *file,int line);
+  void pthreads_locking_callback(int mode,int type,char *file,int line);
++ void vxworks_locking_callback(int mode,int type,char *file,int line);
+  
+  unsigned long irix_thread_id(void );
+  unsigned long solaris_thread_id(void );
+  unsigned long pthreads_thread_id(void );
++ unsigned long vxworks_thread_id(void );
+  
+  BIO *bio_err=NULL;
+  BIO *bio_stdout=NULL;
+***************
+*** 1097,1100 ****
+--- 1103,1221 ----
+  #endif /* PTHREADS */
+  
+  
++ #ifdef VXWORKS
++ 
++ #define DEFAULT_TASK_NAME               NULL
++ #define DEFAULT_TASK_PRIORITY           100
++ #define DEFAULT_TASK_OPTIONS            0
++ #define DEFAULT_TASK_STACK_BYTES        32768
++ 
++ static SEM_ID *lock_cs;
++ static long *lock_count;
++ 
++ extern int sysClkRateGet();
++ 
++ void thread_setup(void)
++ 	{
++ 	int i;
++ 
++ 	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(SEM_ID));
++ 	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
++ 	for (i=0; i<CRYPTO_num_locks(); i++)
++ 		{
++ 		lock_count[i]=0;
++ 		lock_cs[i] = semMCreate(SEM_Q_PRIORITY | SEM_INVERSION_SAFE);
++ 		}
++ 
++ 	CRYPTO_set_id_callback((unsigned long (*)())vxworks_thread_id);
++ 	CRYPTO_set_locking_callback((void (*)())vxworks_locking_callback);
++ 	}
++ 
++ void thread_cleanup(void)
++ 	{
++ 	int i;
++ 
++ 	CRYPTO_set_locking_callback(NULL);
++ 	fprintf(stderr,"cleanup\n");
++ 	for (i=0; i<CRYPTO_num_locks(); i++)
++ 		{
++ 		semDelete(lock_cs[i]);
++ 		fprintf(stderr,"%8ld:%s\n",lock_count[i],
++ 			CRYPTO_get_lock_name(i));
++ 		}
++ 	OPENSSL_free(lock_cs);
++ 	OPENSSL_free(lock_count);
++ 
++ 	fprintf(stderr,"done cleanup\n");
++ 	}
++ 
++ void vxworks_locking_callback(int mode, int type, char *file, int line)
++       {
++ #ifdef undef
++ 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
++ 		CRYPTO_thread_id(),
++ 		(mode&CRYPTO_LOCK)?"l":"u",
++ 		(type&CRYPTO_READ)?"r":"w",file,line);
++ #endif
++ /*
++ 	if (CRYPTO_LOCK_SSL_CERT == type)
++ 		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
++ 		CRYPTO_thread_id(),
++ 		mode,file,line);
++ */
++ 	if (mode & CRYPTO_LOCK)
++ 		{
++ 		semTake(lock_cs[type], WAIT_FOREVER);
++ 		lock_count[type]++;
++ 		}
++ 	else
++ 		{
++ 		semGive(lock_cs[type]);
++ 		}
++ 	}
++ 
++ 
++ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
++ 	{
++ 	SSL_CTX *ssl_ctx[2];
++ 	int thread_ctx[MAX_THREAD_NUMBER];
++ 	int i;
++ 
++ 	ssl_ctx[0]=s_ctx;
++ 	ssl_ctx[1]=c_ctx;
++ 
++ 	/*
++ 	thr_setconcurrency(thread_number);
++ 	*/
++ 	for (i=0; i<thread_number; i++)
++ 		{
++ 		thread_ctx[i] = taskSpawn(DEFAULT_TASK_NAME,
++ 				DEFAULT_TASK_PRIORITY,
++ 				DEFAULT_TASK_OPTIONS,
++ 				DEFAULT_TASK_STACK_BYTES,
++ 				(FUNCPTR)ndoit,
++ 				(int)ssl_ctx, 0, 0, 0, 0, 0, 0, 0, 0, 0);
++ 
++ 		printf("Spawned task %d (%x)\n", i, thread_ctx[i]);
++ 		}
++ 
++ 	printf("reaping\n");
++ 	for (i=0; i<thread_number; i++)
++ 		{
++ 		while(taskIdVerify(thread_ctx[i]) != ERROR)
++ 			{
++ 			taskDelay(sysClkRateGet()/10);
++ 			}
++ 		printf("Reaped task %d (%x)\n", i, thread_ctx[i]);
++ 		}
++ 
++ 	printf("vxworks threads done (%d,%d)\n",
++ 		s_ctx->references,c_ctx->references);
++ 	}
++ 
++ unsigned long vxworks_thread_id(void)
++ 	{
++ 	return((unsigned long)taskIdSelf());
++ 	}
+  
++ #endif /* VXWORKS */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/tmdiff.c ../RELENG_4_7/crypto/openssl/crypto/tmdiff.c
+*** crypto/openssl/crypto/tmdiff.c	Tue Jul 30 17:05:02 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/tmdiff.c	Fri Feb 21 07:24:20 2003
+***************
+*** 105,110 ****
+--- 105,115 ----
+  #include <windows.h>
+  #endif
+  
++ #ifdef VXWORKS
++ #include <tickLib.h>
++ #include <drv/timer/timerDev.h>
++ #endif
++ 
+  /* The following if from times(3) man page.  It may need to be changed */
+  #ifndef HZ
+  # ifndef CLK_TCK
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/txt_db/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/txt_db/Makefile.ssl
+*** crypto/openssl/crypto/txt_db/Makefile.ssl	Wed Jul  4 18:19:38 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/txt_db/Makefile.ssl	Fri Feb 21 07:24:24 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/uid.c ../RELENG_4_7/crypto/openssl/crypto/uid.c
+*** crypto/openssl/crypto/uid.c	Wed Jul  4 18:22:30 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/uid.c	Fri Feb 21 07:24:20 2003
+***************
+*** 64,70 ****
+  	return issetugid();
+  	}
+  
+! #elif defined(WIN32)
+  
+  int OPENSSL_issetugid(void)
+  	{
+--- 64,70 ----
+  	return issetugid();
+  	}
+  
+! #elif defined(WIN32) || defined(VXWORKS)
+  
+  int OPENSSL_issetugid(void)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/x509/Makefile.ssl
+*** crypto/openssl/crypto/x509/Makefile.ssl	Tue Jul 30 17:05:47 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/x509/Makefile.ssl	Fri Feb 21 07:24:24 2003
+***************
+*** 78,84 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 78,84 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/by_file.c ../RELENG_4_7/crypto/openssl/crypto/x509/by_file.c
+*** crypto/openssl/crypto/x509/by_file.c	Sun Aug 20 03:46:47 2000
+--- ../RELENG_4_7/crypto/openssl/crypto/x509/by_file.c	Fri Feb 21 07:24:24 2003
+***************
+*** 100,116 ****
+  	case X509_L_FILE_LOAD:
+  		if (argl == X509_FILETYPE_DEFAULT)
+  			{
+! 			ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+! 				X509_FILETYPE_PEM) != 0);
+  			if (!ok)
+  				{
+  				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+- 				}
+- 			else
+- 				{
+- 				file=(char *)Getenv(X509_get_default_cert_file_env());
+- 				ok = (X509_load_cert_crl_file(ctx,file,
+- 					X509_FILETYPE_PEM) != 0);
+  				}
+  			}
+  		else
+--- 100,117 ----
+  	case X509_L_FILE_LOAD:
+  		if (argl == X509_FILETYPE_DEFAULT)
+  			{
+! 			file = (char *)Getenv(X509_get_default_cert_file_env());
+! 			if (file)
+! 				ok = (X509_load_cert_crl_file(ctx,file,
+! 					      X509_FILETYPE_PEM) != 0);
+! 
+! 			if (!ok)
+! 				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+! 					      X509_FILETYPE_PEM) != 0);
+! 
+  			if (!ok)
+  				{
+  				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+  				}
+  			}
+  		else
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_cmp.c ../RELENG_4_7/crypto/openssl/crypto/x509/x509_cmp.c
+*** crypto/openssl/crypto/x509/x509_cmp.c	Wed Jul  4 18:19:39 2001
+--- ../RELENG_4_7/crypto/openssl/crypto/x509/x509_cmp.c	Fri Feb 21 07:24:24 2003
+***************
+*** 57,62 ****
+--- 57,63 ----
+   */
+  
+  #include <stdio.h>
++ #include <ctype.h>
+  #include "cryptlib.h"
+  #include <openssl/asn1.h>
+  #include <openssl/objects.h>
+***************
+*** 157,162 ****
+--- 158,256 ----
+  }
+  #endif
+  
++ 
++ /* Case insensitive string comparision */
++ static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
++ {
++ 	int i;
++ 
++ 	if (a->length != b->length)
++ 		return (a->length - b->length);
++ 
++ 	for (i=0; i<a->length; i++)
++ 	{
++ 		int ca, cb;
++ 
++ 		ca = tolower(a->data[i]);
++ 		cb = tolower(b->data[i]);
++ 
++ 		if (ca != cb)
++ 			return(ca-cb);
++ 	}
++ 	return 0;
++ }
++ 
++ /* Case insensitive string comparision with space normalization 
++  * Space normalization - ignore leading, trailing spaces, 
++  *       multiple spaces between characters are replaced by single space  
++  */
++ static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
++ {
++ 	unsigned char *pa = NULL, *pb = NULL;
++ 	int la, lb;
++ 	
++ 	la = a->length;
++ 	lb = b->length;
++ 	pa = a->data;
++ 	pb = b->data;
++ 
++ 	/* skip leading spaces */
++ 	while (la > 0 && isspace(*pa))
++ 	{
++ 		la--;
++ 		pa++;
++ 	}
++ 	while (lb > 0 && isspace(*pb))
++ 	{
++ 		lb--;
++ 		pb++;
++ 	}
++ 
++ 	/* skip trailing spaces */
++ 	while (la > 0 && isspace(pa[la-1]))
++ 		la--;
++ 	while (lb > 0 && isspace(pb[lb-1]))
++ 		lb--;
++ 
++ 	/* compare strings with space normalization */
++ 	while (la > 0 && lb > 0)
++ 	{
++ 		int ca, cb;
++ 
++ 		/* compare character */
++ 		ca = tolower(*pa);
++ 		cb = tolower(*pb);
++ 		if (ca != cb)
++ 			return (ca - cb);
++ 
++ 		pa++; pb++;
++ 		la--; lb--;
++ 
++ 		if (la <= 0 || lb <= 0)
++ 			break;
++ 
++ 		/* is white space next character ? */
++ 		if (isspace(*pa) && isspace(*pb))
++ 		{
++ 			/* skip remaining white spaces */
++ 			while (la > 0 && isspace(*pa))
++ 			{
++ 				la--;
++ 				pa++;
++ 			}
++ 			while (lb > 0 && isspace(*pb))
++ 			{
++ 				lb--;
++ 				pb++;
++ 			}
++ 		}
++ 	}
++ 	if (la > 0 || lb > 0)
++ 		return la - lb;
++ 
++ 	return 0;
++ }
++ 
+  int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+  	{
+  	int i,j;
+***************
+*** 170,179 ****
+  		{
+  		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+  		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+! 		j=na->value->length-nb->value->length;
+  		if (j) return(j);
+! 		j=memcmp(na->value->data,nb->value->data,
+! 			na->value->length);
+  		if (j) return(j);
+  		j=na->set-nb->set;
+  		if (j) return(j);
+--- 264,283 ----
+  		{
+  		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+  		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+! 		j=na->value->type-nb->value->type;
+  		if (j) return(j);
+! 		if (na->value->type == V_ASN1_PRINTABLESTRING)
+! 			j=nocase_spacenorm_cmp(na->value, nb->value);
+! 		else if (na->value->type == V_ASN1_IA5STRING
+! 			&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+! 			j=nocase_cmp(na->value, nb->value);
+! 		else
+! 			{
+! 			j=na->value->length-nb->value->length;
+! 			if (j) return(j);
+! 			j=memcmp(na->value->data,nb->value->data,
+! 				na->value->length);
+! 			}
+  		if (j) return(j);
+  		j=na->set-nb->set;
+  		if (j) return(j);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_vfy.c ../RELENG_4_7/crypto/openssl/crypto/x509/x509_vfy.c
+*** crypto/openssl/crypto/x509/x509_vfy.c	Tue Jul 30 17:05:47 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/x509/x509_vfy.c	Fri Feb 21 07:24:24 2003
+***************
+*** 567,573 ****
+  	{
+  	char *str;
+  	ASN1_TIME atm;
+! 	time_t offset;
+  	char buff1[24],buff2[24],*p;
+  	int i,j;
+  
+--- 567,573 ----
+  	{
+  	char *str;
+  	ASN1_TIME atm;
+! 	long offset;
+  	char buff1[24],buff2[24],*p;
+  	int i,j;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/Makefile.ssl ../RELENG_4_7/crypto/openssl/crypto/x509v3/Makefile.ssl
+*** crypto/openssl/crypto/x509v3/Makefile.ssl	Tue Jul 30 17:05:48 2002
+--- ../RELENG_4_7/crypto/openssl/crypto/x509v3/Makefile.ssl	Fri Feb 21 07:24:24 2003
+***************
+*** 72,78 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 72,78 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/selfsign.c ../RELENG_4_7/crypto/openssl/demos/selfsign.c
+*** crypto/openssl/demos/selfsign.c	Sun Aug 20 03:46:50 2000
+--- ../RELENG_4_7/crypto/openssl/demos/selfsign.c	Fri Feb 21 07:24:24 2003
+***************
+*** 106,112 ****
+  		}
+  	rsa=NULL;
+  
+! 	X509_set_version(x,3);
+  	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+  	X509_gmtime_adj(X509_get_notBefore(x),0);
+  	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+--- 106,112 ----
+  		}
+  	rsa=NULL;
+  
+! 	X509_set_version(x,2);
+  	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+  	X509_gmtime_adj(X509_get_notBefore(x),0);
+  	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/passwd.pod ../RELENG_4_7/crypto/openssl/doc/apps/passwd.pod
+*** crypto/openssl/doc/apps/passwd.pod	Sun Nov 26 05:34:06 2000
+--- ../RELENG_4_7/crypto/openssl/doc/apps/passwd.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 69,75 ****
+  
+  B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+  
+! B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
+  
+  B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+  
+--- 69,75 ----
+  
+  B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+  
+! B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
+  
+  B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/req.pod ../RELENG_4_7/crypto/openssl/doc/apps/req.pod
+*** crypto/openssl/doc/apps/req.pod	Sun Nov 26 05:34:06 2000
+--- ../RELENG_4_7/crypto/openssl/doc/apps/req.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 457,469 ****
+  
+  The header and footer lines in the B<PEM> format are normally:
+  
+!  -----BEGIN CERTIFICATE REQUEST----
+!  -----END CERTIFICATE REQUEST----
+  
+  some software (some versions of Netscape certificate server) instead needs:
+  
+!  -----BEGIN NEW CERTIFICATE REQUEST----
+!  -----END NEW CERTIFICATE REQUEST----
+  
+  which is produced with the B<-newhdr> option but is otherwise compatible.
+  Either form is accepted transparently on input.
+--- 457,469 ----
+  
+  The header and footer lines in the B<PEM> format are normally:
+  
+!  -----BEGIN CERTIFICATE REQUEST-----
+!  -----END CERTIFICATE REQUEST-----
+  
+  some software (some versions of Netscape certificate server) instead needs:
+  
+!  -----BEGIN NEW CERTIFICATE REQUEST-----
+!  -----END NEW CERTIFICATE REQUEST-----
+  
+  which is produced with the B<-newhdr> option but is otherwise compatible.
+  Either form is accepted transparently on input.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/smime.pod ../RELENG_4_7/crypto/openssl/doc/apps/smime.pod
+*** crypto/openssl/doc/apps/smime.pod	Tue Jul 30 17:05:51 2002
+--- ../RELENG_4_7/crypto/openssl/doc/apps/smime.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 340,347 ****
+  signature by line wrapping the base64 encoded structure and surrounding
+  it with:
+  
+!  -----BEGIN PKCS7----
+!  -----END PKCS7----
+  
+  and using the command, 
+  
+--- 340,347 ----
+  signature by line wrapping the base64 encoded structure and surrounding
+  it with:
+  
+!  -----BEGIN PKCS7-----
+!  -----END PKCS7-----
+  
+  and using the command, 
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/x509.pod ../RELENG_4_7/crypto/openssl/doc/apps/x509.pod
+*** crypto/openssl/doc/apps/x509.pod	Sun Nov 26 05:34:06 2000
+--- ../RELENG_4_7/crypto/openssl/doc/apps/x509.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 321,327 ****
+  ".srl" appended. For example if the CA certificate file is called 
+  "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+  
+! =item B<-CAcreateserial filename>
+  
+  with this option the CA serial number file is created if it does not exist:
+  it will contain the serial number "02" and the certificate being signed will
+--- 321,327 ----
+  ".srl" appended. For example if the CA certificate file is called 
+  "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+  
+! =item B<-CAcreateserial>
+  
+  with this option the CA serial number file is created if it does not exist:
+  it will contain the serial number "02" and the certificate being signed will
+***************
+*** 532,556 ****
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust sslclient \
+! 	-alias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+  The PEM format uses the header and footer lines:
+  
+!  -----BEGIN CERTIFICATE----
+!  -----END CERTIFICATE----
+  
+  it will also handle files containing:
+  
+!  -----BEGIN X509 CERTIFICATE----
+!  -----END X509 CERTIFICATE----
+  
+  Trusted certificates have the lines
+  
+!  -----BEGIN TRUSTED CERTIFICATE----
+!  -----END TRUSTED CERTIFICATE----
+  
+  The conversion to UTF8 format used with the name options assumes that
+  T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+--- 532,556 ----
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust clientAuth \
+! 	-setalias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+  The PEM format uses the header and footer lines:
+  
+!  -----BEGIN CERTIFICATE-----
+!  -----END CERTIFICATE-----
+  
+  it will also handle files containing:
+  
+!  -----BEGIN X509 CERTIFICATE-----
+!  -----END X509 CERTIFICATE-----
+  
+  Trusted certificates have the lines
+  
+!  -----BEGIN TRUSTED CERTIFICATE-----
+!  -----END TRUSTED CERTIFICATE-----
+  
+  The conversion to UTF8 format used with the name options assumes that
+  T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/c-indentation.el ../RELENG_4_7/crypto/openssl/doc/c-indentation.el
+*** crypto/openssl/doc/c-indentation.el	Sun Nov 26 05:34:04 2000
+--- ../RELENG_4_7/crypto/openssl/doc/c-indentation.el	Fri Feb 21 07:24:25 2003
+***************
+*** 13,24 ****
+  ;
+  ; Apparently statement blocks that are not introduced by a statement
+  ; such as "if" and that are not the body of a function cannot
+! ; be handled too well by CC mode with this indentation style.
+! ; The style defined below does not indent them at all.
+! ; To insert tabs manually, prefix them with ^Q (the "quoted-insert"
+! ; command of Emacs).  If you know a solution to this problem
+! ; or find other problems with this indentation style definition,
+! ; please send e-mail to bodo@openssl.org.
+  
+  (c-add-style "eay"
+  	     '((c-basic-offset . 8)
+--- 13,22 ----
+  ;
+  ; Apparently statement blocks that are not introduced by a statement
+  ; such as "if" and that are not the body of a function cannot
+! ; be handled too well by CC mode with this indentation style,
+! ; so you have to indent them manually (you can use C-q tab).
+! ; 
+! ; For suggesting improvements, please send e-mail to bodo@openssl.org.
+  
+  (c-add-style "eay"
+  	     '((c-basic-offset . 8)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_CTX_new.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_CTX_new.pod
+*** crypto/openssl/doc/crypto/BN_CTX_new.pod	Sun Aug 20 03:46:55 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_CTX_new.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 42,48 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_start(3)|BN_CTX_start(3)>
+  
+  =head1 HISTORY
+--- 42,48 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_start(3)|BN_CTX_start(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_add.pod
+*** crypto/openssl/doc/crypto/BN_add.pod	Sun Aug 20 03:46:55 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_add.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 86,92 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+  L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+  
+  =head1 HISTORY
+--- 86,92 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+  L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add_word.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_add_word.pod
+*** crypto/openssl/doc/crypto/BN_add_word.pod	Sun Aug 20 03:46:55 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_add_word.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 46,52 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+--- 46,52 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_bn2bin.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_bn2bin.pod
+*** crypto/openssl/doc/crypto/BN_bn2bin.pod	Tue Jul 30 17:05:51 2002
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_bn2bin.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 80,86 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>,
+  L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
+  L<BN_num_bytes(3)|BN_num_bytes(3)>
+  
+--- 80,86 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
+  L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
+  L<BN_num_bytes(3)|BN_num_bytes(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_copy.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_copy.pod
+*** crypto/openssl/doc/crypto/BN_copy.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_copy.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 25,31 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 25,31 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_generate_prime.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_generate_prime.pod
+*** crypto/openssl/doc/crypto/BN_generate_prime.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_generate_prime.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 70,76 ****
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_check>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+--- 70,76 ----
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_checks>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+***************
+*** 90,96 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>
+  
+  =head1 HISTORY
+  
+--- 90,96 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_inverse.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_inverse.pod
+*** crypto/openssl/doc/crypto/BN_mod_inverse.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_inverse.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 27,33 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+--- 27,33 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
+*** crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod	Sun Nov 26 05:34:07 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 81,87 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+--- 81,87 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
+*** crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod	Sun Nov 26 05:34:07 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 69,75 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+--- 69,75 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_new.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_new.pod
+*** crypto/openssl/doc/crypto/BN_new.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_new.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 42,48 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 42,48 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_rand.pod ../RELENG_4_7/crypto/openssl/doc/crypto/BN_rand.pod
+*** crypto/openssl/doc/crypto/BN_rand.pod	Tue Jul 30 17:05:51 2002
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/BN_rand.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 45,51 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+  
+  =head1 HISTORY
+--- 45,51 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_key.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DH_generate_key.pod
+*** crypto/openssl/doc/crypto/DH_generate_key.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/DH_generate_key.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 40,46 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+  
+  =head1 HISTORY
+  
+--- 40,46 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_parameters.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DH_generate_parameters.pod
+*** crypto/openssl/doc/crypto/DH_generate_parameters.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/DH_generate_parameters.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+! L<DH_free(3)|DH_free(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_new.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DH_new.pod
+*** crypto/openssl/doc/crypto/DH_new.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/DH_new.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 29,35 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>,
+  L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+  L<DH_generate_key(3)|DH_generate_key(3)>
+  
+--- 29,35 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+  L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+  L<DH_generate_key(3)|DH_generate_key(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_SIG_new.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_SIG_new.pod
+*** crypto/openssl/doc/crypto/DSA_SIG_new.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_SIG_new.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 30,36 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+  
+--- 30,37 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+! L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_do_sign.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_do_sign.pod
+*** crypto/openssl/doc/crypto/DSA_do_sign.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_do_sign.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 36,42 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+  L<DSA_sign(3)|DSA_sign(3)>
+  
+--- 36,42 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+  L<DSA_sign(3)|DSA_sign(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_dup_DH.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_dup_DH.pod
+*** crypto/openssl/doc/crypto/DSA_dup_DH.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_dup_DH.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 27,33 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 27,33 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_key.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_generate_key.pod
+*** crypto/openssl/doc/crypto/DSA_generate_key.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_generate_key.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 24,30 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+  
+  =head1 HISTORY
+  
+--- 24,31 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+! L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_parameters.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
+*** crypto/openssl/doc/crypto/DSA_generate_parameters.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_generate_parameters.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 90,96 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_free(3)|DSA_free(3)>
+  
+  =head1 HISTORY
+--- 90,96 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_free(3)|DSA_free(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_new.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_new.pod
+*** crypto/openssl/doc/crypto/DSA_new.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_new.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 30,36 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+  L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+  L<DSA_generate_key(3)|DSA_generate_key(3)>
+  
+--- 30,36 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+  L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+  L<DSA_generate_key(3)|DSA_generate_key(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_sign.pod ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_sign.pod
+*** crypto/openssl/doc/crypto/DSA_sign.pod	Sun Aug 20 03:46:56 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/DSA_sign.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 55,61 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+--- 55,61 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_SealInit.pod ../RELENG_4_7/crypto/openssl/doc/crypto/EVP_SealInit.pod
+*** crypto/openssl/doc/crypto/EVP_SealInit.pod	Sun Nov 26 05:34:08 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/EVP_SealInit.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 12,18 ****
+  		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+   int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl, unsigned char *in, int inl);
+!  int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl);
+  
+  =head1 DESCRIPTION
+--- 12,18 ----
+  		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+   int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl, unsigned char *in, int inl);
+!  void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl);
+  
+  =head1 DESCRIPTION
+***************
+*** 43,50 ****
+  
+  EVP_SealInit() returns 0 on error or B<npubk> if successful.
+  
+! EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
+! failure.
+  
+  =head1 NOTES
+  
+--- 43,49 ----
+  
+  EVP_SealInit() returns 0 on error or B<npubk> if successful.
+  
+! EVP_SealUpdate() returns 1 for success and 0 for failure.
+  
+  =head1 NOTES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RAND_bytes.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RAND_bytes.pod
+*** crypto/openssl/doc/crypto/RAND_bytes.pod	Sun Aug 20 03:46:57 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/RAND_bytes.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 35,41 ****
+  
+  =head1 SEE ALSO
+  
+! L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)>
+  
+  =head1 HISTORY
+  
+--- 35,42 ----
+  
+  =head1 SEE ALSO
+  
+! L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+! L<RAND_add(3)|RAND_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_check_key.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_check_key.pod
+*** crypto/openssl/doc/crypto/RSA_check_key.pod	Tue Jul 30 17:05:51 2002
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_check_key.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 39,45 ****
+  
+  =head1 SEE ALSO
+  
+! L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 39,45 ----
+  
+  =head1 SEE ALSO
+  
+! L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_generate_key.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_generate_key.pod
+*** crypto/openssl/doc/crypto/RSA_generate_key.pod	Tue Jul 30 17:05:51 2002
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_generate_key.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_free(3)|RSA_free(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_print.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_print.pod
+*** crypto/openssl/doc/crypto/RSA_print.pod	Sun Nov 26 05:34:08 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_print.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 2,10 ****
+  
+  =head1 NAME
+  
+! RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
+! DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic
+! parameters
+  
+  =head1 SYNOPSIS
+  
+--- 2,10 ----
+  
+  =head1 NAME
+  
+! RSA_print, RSA_print_fp,
+! DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+! DHparams_print, DHparams_print_fp - print cryptographic parameters
+  
+  =head1 SYNOPSIS
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_private_encrypt.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
+*** crypto/openssl/doc/crypto/RSA_private_encrypt.pod	Sun Aug 20 03:46:57 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_private_encrypt.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_public_encrypt.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
+*** crypto/openssl/doc/crypto/RSA_public_encrypt.pod	Sun Nov 26 05:34:09 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_public_encrypt.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 72,78 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
+  
+  =head1 NOTES
+  
+--- 72,79 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_size(3)|RSA_size(3)>
+  
+  =head1 NOTES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_sign.pod
+*** crypto/openssl/doc/crypto/RSA_sign.pod	Sun Aug 20 03:46:57 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_sign.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 50,57 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+  L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+  
+  =head1 HISTORY
+--- 50,57 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+! L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+  L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+*** crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod	Sun Aug 20 03:46:57 2000
+--- ../RELENG_4_7/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod	Fri Feb 21 07:24:25 2003
+***************
+*** 47,54 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
+! L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+  L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+--- 47,54 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+! L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+  L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/openssl.txt ../RELENG_4_7/crypto/openssl/doc/openssl.txt
+*** crypto/openssl/doc/openssl.txt	Sun Nov 26 05:34:04 2000
+--- ../RELENG_4_7/crypto/openssl/doc/openssl.txt	Fri Feb 21 07:24:25 2003
+***************
+*** 344,350 ****
+  
+  Examples:
+  
+! subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+  subjectAltName=email:my@other.address,RID:1.2.3.4
+  
+  Issuer Alternative Name.
+--- 344,350 ----
+  
+  Examples:
+  
+! subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+  subjectAltName=email:my@other.address,RID:1.2.3.4
+  
+  Issuer Alternative Name.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_add_session.pod ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_add_session.pod	Wed Jul  4 18:22:31 2001
+--- ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod	Fri Feb 21 07:24:26 2003
+***************
+*** 37,42 ****
+--- 37,50 ----
+  identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
+  is a no-op, and the return value is 0.
+  
++ If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
++ flag then the internal cache will not be populated automatically by new
++ sessions negotiated by the SSL/TLS implementation, even though the internal
++ cache will be searched automatically for session-resume requests (the
++ latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
++ application can use SSL_CTX_add_session() directly to have full control
++ over the sessions that can be resumed if desired.
++ 
+  
+  =head1 RETURN VALUES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod	Tue Jul 30 17:05:54 2002
+--- ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod	Fri Feb 21 07:24:26 2003
+***************
+*** 26,37 ****
+  object.
+  
+  In order to reuse a session, a client must send the session's id to the
+! server. It can only send exactly one id.  The server then decides whether it
+! agrees in reusing the session or starts the handshake for a new session.
+! 
+! A server will lookup up the session in its internal session storage. If
+! the session is not found in internal storage or internal storage is
+! deactivated, the server will try the external storage if available.
+  
+  Since a client may try to reuse a session intended for use in a different
+  context, the session id context must be set by the server (see
+--- 26,39 ----
+  object.
+  
+  In order to reuse a session, a client must send the session's id to the
+! server. It can only send exactly one id.  The server then either 
+! agrees to reuse the session or it starts a full handshake (to create a new
+! session).
+! 
+! A server will lookup up the session in its internal session storage. If the
+! session is not found in internal storage or lookups for the internal storage
+! have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
+! the external storage if available.
+  
+  Since a client may try to reuse a session intended for use in a different
+  context, the session id context must be set by the server (see
+***************
+*** 57,65 ****
+  =item SSL_SESS_CACHE_SERVER
+  
+  Server sessions are added to the session cache. When a client proposes a
+! session to be reused, the session is looked up in the internal session cache.
+! If the session is found, the server will try to reuse the session.
+! This is the default.
+  
+  =item SSL_SESS_CACHE_BOTH
+  
+--- 59,68 ----
+  =item SSL_SESS_CACHE_SERVER
+  
+  Server sessions are added to the session cache. When a client proposes a
+! session to be reused, the server looks for the corresponding session in (first)
+! the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
+! then (second) in the external cache if available. If the session is found, the
+! server will try to reuse the session.  This is the default.
+  
+  =item SSL_SESS_CACHE_BOTH
+  
+***************
+*** 77,88 ****
+  
+  =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+  
+! By setting this flag sessions are cached in the internal storage but
+! they are not looked up automatically. If an external session cache
+! is enabled, sessions are looked up in the external cache. As automatic
+! lookup only applies for SSL/TLS servers, the flag has no effect on
+  clients.
+  
+  =back
+  
+  The default mode is SSL_SESS_CACHE_SERVER.
+--- 80,111 ----
+  
+  =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+  
+! By setting this flag, session-resume operations in an SSL/TLS server will not
+! automatically look up sessions in the internal cache, even if sessions are
+! automatically stored there. If external session caching callbacks are in use,
+! this flag guarantees that all lookups are directed to the external cache.
+! As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
+  clients.
+  
++ =item SSL_SESS_CACHE_NO_INTERNAL_STORE
++ 
++ Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
++ sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
++ Normally a new session is added to the internal cache as well as any external
++ session caching (callback) that is configured for the SSL_CTX. This flag will
++ prevent sessions being stored in the internal cache (though the application can
++ add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
++ in any SSL/TLS servers where external caching is configured, any successful
++ session lookups in the external cache (ie. for session-resume requests) would
++ normally be copied into the local cache before processing continues - this flag
++ prevents these additions to the internal cache as well.
++ 
++ =item SSL_SESS_CACHE_NO_INTERNAL
++ 
++ Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
++ SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
++ 
++ 
+  =back
+  
+  The default mode is SSL_SESS_CACHE_SERVER.
+***************
+*** 98,108 ****
+--- 121,137 ----
+  
+  L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
+  L<SSL_session_reused(3)|SSL_session_reused(3)>,
++ L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+  L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+  L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+  L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+  L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+  L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+  L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
++ 
++ =head1 HISTORY
++ 
++ SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
++ were introduced in OpenSSL 0.9.6h.
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	Tue Jul 30 17:05:54 2002
+--- ../RELENG_4_7/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	Fri Feb 21 07:24:26 2003
+***************
+*** 235,241 ****
+       * At this point, err contains the last verification error. We can use
+       * it for something special
+       */
+!     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
+      {
+        X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+        printf("issuer= %s\n", buf);
+--- 235,241 ----
+       * At this point, err contains the last verification error. We can use
+       * it for something special
+       */
+!     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
+      {
+        X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+        printf("issuer= %s\n", buf);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/ssl.pod ../RELENG_4_7/crypto/openssl/doc/ssl/ssl.pod
+*** crypto/openssl/doc/ssl/ssl.pod	Tue Jul 30 17:05:55 2002
+--- ../RELENG_4_7/crypto/openssl/doc/ssl/ssl.pod	Fri Feb 21 07:24:26 2003
+***************
+*** 347,353 ****
+  
+  long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+  
+! The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+  session instead of a context.
+  
+  =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+--- 347,353 ----
+  
+  long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+  
+! The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
+  session instead of a context.
+  
+  =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/e_os.h ../RELENG_4_7/crypto/openssl/e_os.h
+*** crypto/openssl/e_os.h	Tue Jul 30 17:04:59 2002
+--- ../RELENG_4_7/crypto/openssl/e_os.h	Fri Feb 21 07:24:19 2003
+***************
+*** 219,228 ****
+  #    define _kbhit kbhit
+  #  endif
+  
+! #  if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+! #    define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
+  #  else
+! #    define EXIT(n)		return(n);
+  #  endif
+  #  define LIST_SEPARATOR_CHAR ';'
+  #  ifndef X_OK
+--- 219,229 ----
+  #    define _kbhit kbhit
+  #  endif
+  
+! #  if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+! #    define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
+! #    define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
+  #  else
+! #    define EXIT(n) return(n)
+  #  endif
+  #  define LIST_SEPARATOR_CHAR ';'
+  #  ifndef X_OK
+***************
+*** 275,292 ****
+       the status is tagged as an error, which I believe is what is wanted here.
+       -- Richard Levitte
+    */
+! #    if !defined(MONOLITH) || defined(OPENSSL_C)
+! #      define EXIT(n)		do { int __VMS_EXIT = n; \
+                                       if (__VMS_EXIT == 0) \
+  				       __VMS_EXIT = 1; \
+  				     else \
+  				       __VMS_EXIT = (n << 3) | 2; \
+                                       __VMS_EXIT |= 0x10000000; \
+! 				     exit(__VMS_EXIT); \
+! 				     return(__VMS_EXIT); } while(0)
+! #    else
+! #      define EXIT(n)		return(n)
+! #    endif
+  #    define NO_SYS_PARAM_H
+  #  else
+       /* !defined VMS */
+--- 276,288 ----
+       the status is tagged as an error, which I believe is what is wanted here.
+       -- Richard Levitte
+    */
+! #    define EXIT(n)		do { int __VMS_EXIT = n; \
+                                       if (__VMS_EXIT == 0) \
+  				       __VMS_EXIT = 1; \
+  				     else \
+  				       __VMS_EXIT = (n << 3) | 2; \
+                                       __VMS_EXIT |= 0x10000000; \
+! 				     exit(__VMS_EXIT); } while(0)
+  #    define NO_SYS_PARAM_H
+  #  else
+       /* !defined VMS */
+***************
+*** 317,327 ****
+  #    define RFILE		".rnd"
+  #    define LIST_SEPARATOR_CHAR ':'
+  #    define NUL_DEV		"/dev/null"
+! #    ifndef MONOLITH
+! #      define EXIT(n)		exit(n); return(n)
+! #    else
+! #      define EXIT(n)		return(n)
+! #    endif
+  #  endif
+  
+  #  define SSLeay_getpid()	getpid()
+--- 313,319 ----
+  #    define RFILE		".rnd"
+  #    define LIST_SEPARATOR_CHAR ':'
+  #    define NUL_DEV		"/dev/null"
+! #    define EXIT(n)		exit(n)
+  #  endif
+  
+  #  define SSLeay_getpid()	getpid()
+***************
+*** 439,444 ****
+--- 431,444 ----
+  extern char *sys_errlist[]; extern int sys_nerr;
+  # define strerror(errnum) \
+  	(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
++ #endif
++ 
++ #ifndef OPENSSL_EXIT
++ # if defined(MONOLITH) && !defined(OPENSSL_C)
++ #  define OPENSSL_EXIT(n) return(n)
++ # else
++ #  define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
++ # endif
+  #endif
+  
+  /***********************************************/
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/openssl.spec ../RELENG_4_7/crypto/openssl/openssl.spec
+*** crypto/openssl/openssl.spec	Sun Aug 11 09:13:53 2002
+--- ../RELENG_4_7/crypto/openssl/openssl.spec	Fri Feb 21 07:24:19 2003
+***************
+*** 1,7 ****
+  %define libmaj 0
+  %define libmin 9
+  %define librel 6
+! %define librev g
+  Release: 1
+  
+  %define openssldir /var/ssl
+--- 1,7 ----
+  %define libmaj 0
+  %define libmin 9
+  %define librel 6
+! %define librev i
+  Release: 1
+  
+  %define openssldir /var/ssl
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/Makefile.ssl ../RELENG_4_7/crypto/openssl/ssl/Makefile.ssl
+*** crypto/openssl/ssl/Makefile.ssl	Tue Jul 30 17:06:01 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/Makefile.ssl	Fri Feb 21 07:24:27 2003
+***************
+*** 84,90 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 84,90 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_clnt.c ../RELENG_4_7/crypto/openssl/ssl/s23_clnt.c
+*** crypto/openssl/ssl/s23_clnt.c	Tue Jul 30 17:06:01 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s23_clnt.c	Fri Feb 21 07:24:27 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_clnt.c,v 1.2.2.4 2002/07/30 22:06:01 nectar Exp $
+   */
+  
+  #include <stdio.h>
+--- 54,59 ----
+***************
+*** 89,106 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_client_data,
+! 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 		SSLv23_client_data.ssl_connect=ssl23_connect;
+! 		SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_client_data);
+  	}
+  
+  int ssl23_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf;
+  	unsigned long Time=time(NULL);
+  	void (*cb)()=NULL;
+  	int ret= -1;
+--- 87,111 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_client_data,
+! 				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 			SSLv23_client_data.ssl_connect=ssl23_connect;
+! 			SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_client_data);
+  	}
+  
+  int ssl23_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf=NULL;
+  	unsigned long Time=time(NULL);
+  	void (*cb)()=NULL;
+  	int ret= -1;
+***************
+*** 154,159 ****
+--- 159,165 ----
+  					goto end;
+  					}
+  				s->init_buf=buf;
++ 				buf=NULL;
+  				}
+  
+  			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+***************
+*** 202,207 ****
+--- 208,215 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL)
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_lib.c ../RELENG_4_7/crypto/openssl/ssl/s23_lib.c
+*** crypto/openssl/ssl/s23_lib.c	Tue Jul 30 17:06:01 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s23_lib.c	Fri Feb 21 07:24:27 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_lib.c,v 1.2.2.4 2002/07/30 22:06:01 nectar Exp $
+   */
+  
+  #include <stdio.h>
+--- 54,59 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_meth.c ../RELENG_4_7/crypto/openssl/ssl/s23_meth.c
+*** crypto/openssl/ssl/s23_meth.c	Wed Jul  4 18:19:44 2001
+--- ../RELENG_4_7/crypto/openssl/ssl/s23_meth.c	Fri Feb 21 07:24:27 2003
+***************
+*** 80,91 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv23_data.ssl_connect=ssl23_connect;
+! 		SSLv23_data.ssl_accept=ssl23_accept;
+! 		SSLv23_data.get_ssl_method=ssl23_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_data);
+  	}
+--- 80,98 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv23_data.ssl_connect=ssl23_connect;
+! 			SSLv23_data.ssl_accept=ssl23_accept;
+! 			SSLv23_data.get_ssl_method=ssl23_get_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_srvr.c ../RELENG_4_7/crypto/openssl/ssl/s23_srvr.c
+*** crypto/openssl/ssl/s23_srvr.c	Tue Jul 30 17:06:01 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s23_srvr.c	Fri Feb 21 07:24:27 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_srvr.c,v 1.2.2.4 2002/07/30 22:06:01 nectar Exp $
+   */
+  /* ====================================================================
+   * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+--- 54,59 ----
+***************
+*** 141,151 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_server_data,
+! 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 		SSLv23_server_data.ssl_accept=ssl23_accept;
+! 		SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_server_data);
+  	}
+--- 139,156 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_server_data,
+! 				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 			SSLv23_server_data.ssl_accept=ssl23_accept;
+! 			SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_server_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_clnt.c ../RELENG_4_7/crypto/openssl/ssl/s2_clnt.c
+*** crypto/openssl/ssl/s2_clnt.c	Sun Aug 11 09:13:59 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s2_clnt.c	Fri Feb 21 07:24:27 2003
+***************
+*** 146,156 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_client_data.ssl_connect=ssl2_connect;
+! 		SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_client_data);
+  	}
+--- 145,162 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_client_data.ssl_connect=ssl2_connect;
+! 			SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_client_data);
+  	}
+***************
+*** 202,211 ****
+--- 208,220 ----
+  			if (!BUF_MEM_grow(buf,
+  				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+  				{
++ 				if (buf == s->init_buf)
++ 					buf=NULL;
+  				ret= -1;
+  				goto end;
+  				}
+  			s->init_buf=buf;
++ 			buf=NULL;
+  			s->init_num=0;
+  			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
+  			s->ctx->stats.sess_connect++;
+***************
+*** 332,337 ****
+--- 341,348 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL) 
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+***************
+*** 746,753 ****
+  	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
+  		{
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),
+! 			SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
+! 		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+  		s->init_num += i;
+  
+--- 757,764 ----
+  	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
+  		{
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),
+! 			SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
+! 		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+  		s->init_num += i;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_enc.c ../RELENG_4_7/crypto/openssl/ssl/s2_enc.c
+*** crypto/openssl/ssl/s2_enc.c	Sun Aug 11 09:13:59 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s2_enc.c	Fri Feb 21 07:24:27 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_enc.c,v 1.2.2.5 2002/08/11 14:13:59 nectar Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_lib.c ../RELENG_4_7/crypto/openssl/ssl/s2_lib.c
+*** crypto/openssl/ssl/s2_lib.c	Sun Aug 11 09:13:59 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s2_lib.c	Fri Feb 21 07:24:27 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_lib.c,v 1.2.2.5 2002/08/11 14:13:59 nectar Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+***************
+*** 309,315 ****
+  	s2=s->s2;
+  	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+  	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+! 	memset(s2,0,sizeof *s2);
+  	OPENSSL_free(s2);
+  	s->s2=NULL;
+  	}
+--- 307,313 ----
+  	s2=s->s2;
+  	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+  	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+! 	OPENSSL_cleanse(s2,sizeof *s2);
+  	OPENSSL_free(s2);
+  	s->s2=NULL;
+  	}
+***************
+*** 378,392 ****
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		for (i=0; i<SSL2_NUM_CIPHERS; i++)
+! 			sorted[i]= &(ssl2_ciphers[i]);
+! 
+! 		qsort(  (char *)sorted,
+! 			SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 			FP_ICC ssl_cipher_ptr_id_cmp);
+! 
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+- 		init=0;
+  		}
+  
+  	id=0x02000000L|((unsigned long)p[0]<<16L)|
+--- 376,394 ----
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		if (init)
+! 			{
+! 			for (i=0; i<SSL2_NUM_CIPHERS; i++)
+! 				sorted[i]= &(ssl2_ciphers[i]);
+! 
+! 			qsort((char *)sorted,
+! 				SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 				FP_ICC ssl_cipher_ptr_id_cmp);
+! 
+! 			init=0;
+! 			}
+! 			
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+  		}
+  
+  	id=0x02000000L|((unsigned long)p[0]<<16L)|
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_meth.c ../RELENG_4_7/crypto/openssl/ssl/s2_meth.c
+*** crypto/openssl/ssl/s2_meth.c	Tue Jul 30 17:06:01 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s2_meth.c	Fri Feb 21 07:24:27 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_meth.c,v 1.2.2.4 2002/07/30 22:06:01 nectar Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+***************
+*** 79,90 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_data.ssl_connect=ssl2_connect;
+! 		SSLv2_data.ssl_accept=ssl2_accept;
+! 		SSLv2_data.get_ssl_method=ssl2_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_data);
+  	}
+--- 77,95 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_data.ssl_connect=ssl2_connect;
+! 			SSLv2_data.ssl_accept=ssl2_accept;
+! 			SSLv2_data.get_ssl_method=ssl2_get_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_srvr.c ../RELENG_4_7/crypto/openssl/ssl/s2_srvr.c
+*** crypto/openssl/ssl/s2_srvr.c	Sun Aug 11 09:13:59 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s2_srvr.c	Fri Feb 21 07:24:27 2003
+***************
+*** 146,156 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_server_data.ssl_accept=ssl2_accept;
+! 		SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_server_data);
+  	}
+--- 145,162 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_server_data.ssl_accept=ssl2_accept;
+! 			SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_server_data);
+  	}
+***************
+*** 1002,1008 ****
+  	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+  		{
+! 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+  		goto end;
+  		}
+  	j = (int)len - s->init_num;
+--- 1008,1014 ----
+  	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+  		{
+! 		SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
+  		goto end;
+  		}
+  	j = (int)len - s->init_num;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_clnt.c ../RELENG_4_7/crypto/openssl/ssl/s3_clnt.c
+*** crypto/openssl/ssl/s3_clnt.c	Sun Aug 11 09:13:59 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s3_clnt.c	Fri Feb 21 07:24:27 2003
+***************
+*** 146,163 ****
+  
+  	if (init)
+  		{
+! 		init=0;
+! 		memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_client_data.ssl_connect=ssl3_connect;
+! 		SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+  		}
+  	return(&SSLv3_client_data);
+  	}
+  
+  int ssl3_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf;
+  	unsigned long Time=time(NULL),l;
+  	long num1;
+  	void (*cb)()=NULL;
+--- 146,170 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_client_data.ssl_connect=ssl3_connect;
+! 			SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_client_data);
+  	}
+  
+  int ssl3_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf=NULL;
+  	unsigned long Time=time(NULL),l;
+  	long num1;
+  	void (*cb)()=NULL;
+***************
+*** 218,223 ****
+--- 225,231 ----
+  					goto end;
+  					}
+  				s->init_buf=buf;
++ 				buf=NULL;
+  				}
+  
+  			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+***************
+*** 496,501 ****
+--- 504,511 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL)
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+***************
+*** 632,654 ****
+  	/* get the session-id */
+  	j= *(p++);
+  
+!        if(j > sizeof s->session->session_id)
+!                {
+!                al=SSL_AD_ILLEGAL_PARAMETER;
+!                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+!                       SSL_R_SSL3_SESSION_ID_TOO_LONG);
+!                goto f_err;
+!                }
+! 
+! 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+  		{
+! 		/* SSLref returns 16 :-( */
+! 		if (j < SSL2_SSL_SESSION_ID_LENGTH)
+! 			{
+! 			al=SSL_AD_ILLEGAL_PARAMETER;
+! 			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
+! 			goto f_err;
+! 			}
+  		}
+  	if (j != 0 && j == s->session->session_id_length
+  	    && memcmp(p,s->session->session_id,j) == 0)
+--- 642,652 ----
+  	/* get the session-id */
+  	j= *(p++);
+  
+! 	if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
+  		{
+! 		al=SSL_AD_ILLEGAL_PARAMETER;
+! 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+! 		goto f_err;
+  		}
+  	if (j != 0 && j == s->session->session_id_length
+  	    && memcmp(p,s->session->session_id,j) == 0)
+***************
+*** 656,661 ****
+--- 654,660 ----
+  	    if(s->sid_ctx_length != s->session->sid_ctx_length
+  	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
+  		{
++ 		/* actually a client application bug */
+  		al=SSL_AD_ILLEGAL_PARAMETER;
+  		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+  		goto f_err;
+***************
+*** 699,705 ****
+  		goto f_err;
+  		}
+  
+! 	if (s->hit && (s->session->cipher != c))
+  		{
+  		if (!(s->options &
+  			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+--- 698,709 ----
+  		goto f_err;
+  		}
+  
+! 	/* Depending on the session caching (internal/external), the cipher
+! 	   and/or cipher_id values may not be set. Make sure that
+! 	   cipher_id is set and use it for comparison. */
+! 	if (s->session->cipher)
+! 		s->session->cipher_id = s->session->cipher->id;
+! 	if (s->hit && (s->session->cipher_id != c->id))
+  		{
+  		if (!(s->options &
+  			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+***************
+*** 1460,1466 ****
+  				s->method->ssl3_enc->generate_master_secret(s,
+  					s->session->master_key,
+  					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+! 			memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+  			}
+  		else
+  #endif
+--- 1464,1470 ----
+  				s->method->ssl3_enc->generate_master_secret(s,
+  					s->session->master_key,
+  					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+! 			OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+  			}
+  		else
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_enc.c ../RELENG_4_7/crypto/openssl/ssl/s3_enc.c
+*** crypto/openssl/ssl/s3_enc.c	Tue Jul 30 17:06:01 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s3_enc.c	Fri Feb 21 07:24:27 2003
+***************
+*** 174,180 ****
+  
+  		km+=MD5_DIGEST_LENGTH;
+  		}
+! 	memset(smd,0,SHA_DIGEST_LENGTH);
+  	}
+  
+  int ssl3_change_cipher_state(SSL *s, int which)
+--- 174,180 ----
+  
+  		km+=MD5_DIGEST_LENGTH;
+  		}
+! 	OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
+  	}
+  
+  int ssl3_change_cipher_state(SSL *s, int which)
+***************
+*** 318,325 ****
+  
+  	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+  
+! 	memset(&(exp_key[0]),0,sizeof(exp_key));
+! 	memset(&(exp_iv[0]),0,sizeof(exp_iv));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+--- 318,325 ----
+  
+  	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+  
+! 	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+! 	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+***************
+*** 390,396 ****
+  	{
+  	if (s->s3->tmp.key_block != NULL)
+  		{
+! 		memset(s->s3->tmp.key_block,0,
+  			s->s3->tmp.key_block_length);
+  		OPENSSL_free(s->s3->tmp.key_block);
+  		s->s3->tmp.key_block=NULL;
+--- 390,396 ----
+  	{
+  	if (s->s3->tmp.key_block != NULL)
+  		{
+! 		OPENSSL_cleanse(s->s3->tmp.key_block,
+  			s->s3->tmp.key_block_length);
+  		OPENSSL_free(s->s3->tmp.key_block);
+  		s->s3->tmp.key_block=NULL;
+***************
+*** 456,461 ****
+--- 456,462 ----
+  				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+  				return 0;
+  				}
++ 			/* otherwise, rec->length >= bs */
+  			}
+  		
+  		EVP_Cipher(ds,rec->data,rec->input,l);
+***************
+*** 464,470 ****
+  			{
+  			i=rec->data[l-1]+1;
+  			/* SSL 3.0 bounds the number of padding bytes by the block size;
+! 			 * padding bytes (except that last) are arbitrary */
+  			if (i > bs)
+  				{
+  				/* Incorrect padding. SSLerr() and ssl3_alert are done
+--- 465,471 ----
+  			{
+  			i=rec->data[l-1]+1;
+  			/* SSL 3.0 bounds the number of padding bytes by the block size;
+! 			 * padding bytes (except the last one) are arbitrary */
+  			if (i > bs)
+  				{
+  				/* Incorrect padding. SSLerr() and ssl3_alert are done
+***************
+*** 473,478 ****
+--- 474,480 ----
+  				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+  				return -1;
+  				}
++ 			/* now i <= bs <= rec->length */
+  			rec->length-=i;
+  			}
+  		}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_lib.c ../RELENG_4_7/crypto/openssl/ssl/s3_lib.c
+*** crypto/openssl/ssl/s3_lib.c	Tue Jul 30 17:06:01 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s3_lib.c	Fri Feb 21 07:24:27 2003
+***************
+*** 732,738 ****
+  #endif
+  	if (s->s3->tmp.ca_names != NULL)
+  		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+! 	memset(s->s3,0,sizeof *s->s3);
+  	OPENSSL_free(s->s3);
+  	s->s3=NULL;
+  	}
+--- 732,738 ----
+  #endif
+  	if (s->s3->tmp.ca_names != NULL)
+  		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+! 	OPENSSL_cleanse(s->s3,sizeof *s->s3);
+  	OPENSSL_free(s->s3);
+  	s->s3=NULL;
+  	}
+***************
+*** 1084,1099 ****
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		for (i=0; i<SSL3_NUM_CIPHERS; i++)
+! 			sorted[i]= &(ssl3_ciphers[i]);
+  
+! 		qsort(	(char *)sorted,
+! 			SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 			FP_ICC ssl_cipher_ptr_id_cmp);
+  
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+- 
+- 		init=0;
+  		}
+  
+  	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
+--- 1084,1102 ----
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		if (init)
+! 			{
+! 			for (i=0; i<SSL3_NUM_CIPHERS; i++)
+! 				sorted[i]= &(ssl3_ciphers[i]);
+  
+! 			qsort(sorted,
+! 				SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 				FP_ICC ssl_cipher_ptr_id_cmp);
+  
++ 			init=0;
++ 			}
++ 		
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+  		}
+  
+  	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_meth.c ../RELENG_4_7/crypto/openssl/ssl/s3_meth.c
+*** crypto/openssl/ssl/s3_meth.c	Mon Jan 10 00:22:00 2000
+--- ../RELENG_4_7/crypto/openssl/ssl/s3_meth.c	Fri Feb 21 07:24:27 2003
+***************
+*** 76,87 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_data.ssl_connect=ssl3_connect;
+! 		SSLv3_data.ssl_accept=ssl3_accept;
+! 		SSLv3_data.get_ssl_method=ssl3_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv3_data);
+  	}
+--- 76,94 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_data.ssl_connect=ssl3_connect;
+! 			SSLv3_data.ssl_accept=ssl3_accept;
+! 			SSLv3_data.get_ssl_method=ssl3_get_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_pkt.c ../RELENG_4_7/crypto/openssl/ssl/s3_pkt.c
+*** crypto/openssl/ssl/s3_pkt.c	Tue Jul 30 17:06:01 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s3_pkt.c	Fri Feb 21 07:24:27 2003
+***************
+*** 238,243 ****
+--- 238,245 ----
+  	unsigned int mac_size;
+  	int clear=0;
+  	size_t extra;
++ 	int decryption_failed_or_bad_record_mac = 0;
++ 	unsigned char *mac = NULL;
+  
+  	rr= &(s->s3->rrec);
+  	sess=s->session;
+***************
+*** 353,360 ****
+  			/* SSLerr() and ssl3_send_alert() have been called */
+  			goto err;
+  
+! 		/* otherwise enc_err == -1 */
+! 		goto decryption_failed_or_bad_record_mac;
+  		}
+  
+  #ifdef TLS_DEBUG
+--- 355,365 ----
+  			/* SSLerr() and ssl3_send_alert() have been called */
+  			goto err;
+  
+! 		/* Otherwise enc_err == -1, which indicates bad padding
+! 		 * (rec->length has not been changed in this case).
+! 		 * To minimize information leaked via timing, we will perform
+! 		 * the MAC computation anyway. */
+! 		decryption_failed_or_bad_record_mac = 1;
+  		}
+  
+  #ifdef TLS_DEBUG
+***************
+*** 380,407 ****
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  #else
+! 			goto decryption_failed_or_bad_record_mac;
+  #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length < mac_size)
+  			{
+  #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  #else
+! 			goto decryption_failed_or_bad_record_mac;
+  #endif
+  			}
+- 		rr->length-=mac_size;
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+  			{
+! 			goto decryption_failed_or_bad_record_mac;
+  			}
+  		}
+  
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+--- 385,430 ----
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  #else
+! 			decryption_failed_or_bad_record_mac = 1;
+  #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length >= mac_size)
+  			{
++ 			rr->length -= mac_size;
++ 			mac = &rr->data[rr->length];
++ 			}
++ 		else
++ 			{
++ 			/* record (minus padding) is too short to contain a MAC */
+  #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  #else
+! 			decryption_failed_or_bad_record_mac = 1;
+! 			rr->length = 0;
+  #endif
+  			}
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+  			{
+! 			decryption_failed_or_bad_record_mac = 1;
+  			}
+  		}
+  
++ 	if (decryption_failed_or_bad_record_mac)
++ 		{
++ 		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
++ 		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
++ 		 * failure is directly visible from the ciphertext anyway,
++ 		 * we should not reveal which kind of error occured -- this
++ 		 * might become visible to an attacker (e.g. via a logfile) */
++ 		al=SSL_AD_BAD_RECORD_MAC;
++ 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
++ 		goto f_err;
++ 		}
++ 
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+***************
+*** 443,456 ****
+  
+  	return(1);
+  
+- decryption_failed_or_bad_record_mac:
+- 	/* Separate 'decryption_failed' alert was introduced with TLS 1.0,
+- 	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+- 	 * failure is directly visible from the ciphertext anyway,
+- 	 * we should not reveal which kind of error occured -- this
+- 	 * might become visible to an attacker (e.g. via logfile) */
+- 	al=SSL_AD_BAD_RECORD_MAC;
+- 	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+  f_err:
+  	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+  err:
+--- 466,471 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_srvr.c ../RELENG_4_7/crypto/openssl/ssl/s3_srvr.c
+*** crypto/openssl/ssl/s3_srvr.c	Sun Aug 11 09:13:59 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/s3_srvr.c	Fri Feb 21 07:24:27 2003
+***************
+*** 151,161 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_server_data.ssl_accept=ssl3_accept;
+! 		SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv3_server_data);
+  	}
+--- 151,168 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_server_data.ssl_accept=ssl3_accept;
+! 			SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+! 			init=0;
+! 			}
+! 			
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_server_data);
+  	}
+***************
+*** 1464,1470 ****
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,
+  				p,i);
+! 		memset(p,0,i);
+  		}
+  	else
+  #endif
+--- 1471,1477 ----
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,
+  				p,i);
+! 		OPENSSL_cleanse(p,i);
+  		}
+  	else
+  #endif
+***************
+*** 1527,1533 ****
+  		s->session->master_key_length=
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,p,i);
+! 		memset(p,0,i);
+  		}
+  	else
+  #endif
+--- 1534,1540 ----
+  		s->session->master_key_length=
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,p,i);
+! 		OPENSSL_cleanse(p,i);
+  		}
+  	else
+  #endif
+***************
+*** 1559,1565 ****
+  		SSL3_ST_SR_CERT_VRFY_A,
+  		SSL3_ST_SR_CERT_VRFY_B,
+  		-1,
+! 		512, /* 512? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+--- 1566,1572 ----
+  		SSL3_ST_SR_CERT_VRFY_A,
+  		SSL3_ST_SR_CERT_VRFY_B,
+  		-1,
+! 		514, /* 514? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl.h ../RELENG_4_7/crypto/openssl/ssl/ssl.h
+*** crypto/openssl/ssl/ssl.h	Sun Aug 11 09:13:59 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/ssl.h	Fri Feb 21 07:24:27 2003
+***************
+*** 551,560 ****
+  #define SSL_SESS_CACHE_SERVER			0x0002
+  #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+  #define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
+! /* This one, when set, makes the server session-id lookup not look
+!  * in the cache.  If there is an application get_session callback
+!  * defined, this will still get called. */
+  #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
+  
+    struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+  #define SSL_CTX_sess_number(ctx) \
+--- 551,561 ----
+  #define SSL_SESS_CACHE_SERVER			0x0002
+  #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+  #define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
+! /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+  #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
++ #define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
++ #define SSL_SESS_CACHE_NO_INTERNAL \
++ 	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+  
+    struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+  #define SSL_CTX_sess_number(ctx) \
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_lib.c ../RELENG_4_7/crypto/openssl/ssl/ssl_lib.c
+*** crypto/openssl/ssl/ssl_lib.c	Tue Jul 30 17:06:03 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/ssl_lib.c	Fri Feb 21 07:24:27 2003
+***************
+*** 1245,1257 ****
+  		abort(); /* ok */
+  		}
+  #endif
+  	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+  
+  	if (a->sessions != NULL)
+! 		{
+! 		SSL_CTX_flush_sessions(a,0);
+! 		lh_free(a->sessions);
+! 		}
+  	if (a->cert_store != NULL)
+  		X509_STORE_free(a->cert_store);
+  	if (a->cipher_list != NULL)
+--- 1245,1268 ----
+  		abort(); /* ok */
+  		}
+  #endif
++   
++ 	/*
++ 	 * Free internal session cache. However: the remove_cb() may reference
++ 	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
++ 	 * after the sessions were flushed.
++ 	 * As the ex_data handling routines might also touch the session cache,
++ 	 * the most secure solution seems to be: empty (flush) the cache, then
++ 	 * free ex_data, then finally free the cache.
++ 	 * (See ticket [openssl.org #212].)
++ 	 */
++   	if (a->sessions != NULL)
++   		SSL_CTX_flush_sessions(a,0);
++ 
+  	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+  
+  	if (a->sessions != NULL)
+!   		lh_free(a->sessions);
+! 
+  	if (a->cert_store != NULL)
+  		X509_STORE_free(a->cert_store);
+  	if (a->cipher_list != NULL)
+***************
+*** 1472,1478 ****
+  
+  	i=s->ctx->session_cache_mode;
+  	if ((i & mode) && (!s->hit)
+! 		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
+  		    || SSL_CTX_add_session(s->ctx,s->session))
+  		&& (s->ctx->new_session_cb != NULL))
+  		{
+--- 1483,1489 ----
+  
+  	i=s->ctx->session_cache_mode;
+  	if ((i & mode) && (!s->hit)
+! 		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+  		    || SSL_CTX_add_session(s->ctx,s->session))
+  		&& (s->ctx->new_session_cb != NULL))
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_sess.c ../RELENG_4_7/crypto/openssl/ssl/ssl_sess.c
+*** crypto/openssl/ssl/ssl_sess.c	Sun Aug 11 09:13:59 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/ssl_sess.c	Fri Feb 21 07:24:27 2003
+***************
+*** 258,266 ****
+  			if (copy)
+  				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+  
+! 			/* The following should not return 1, otherwise,
+! 			 * things are very strange */
+! 			SSL_CTX_add_session(s->ctx,ret);
+  			}
+  		if (ret == NULL)
+  			goto err;
+--- 258,269 ----
+  			if (copy)
+  				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+  
+! 			/* Add the externally cached session to the internal
+! 			 * cache as well if and only if we are supposed to. */
+! 			if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+! 				/* The following should not return 1, otherwise,
+! 				 * things are very strange */
+! 				SSL_CTX_add_session(s->ctx,ret);
+  			}
+  		if (ret == NULL)
+  			goto err;
+***************
+*** 474,486 ****
+  
+  	CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+  
+! 	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
+! 	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
+! 	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+  	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
+  	if (ss->peer != NULL) X509_free(ss->peer);
+  	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+! 	memset(ss,0,sizeof(*ss));
+  	OPENSSL_free(ss);
+  	}
+  
+--- 477,489 ----
+  
+  	CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+  
+! 	OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH);
+! 	OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH);
+! 	OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH);
+  	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
+  	if (ss->peer != NULL) X509_free(ss->peer);
+  	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+! 	OPENSSL_cleanse(ss,sizeof(*ss));
+  	OPENSSL_free(ss);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssltest.c ../RELENG_4_7/crypto/openssl/ssl/ssltest.c
+*** crypto/openssl/ssl/ssltest.c	Tue Jul 30 17:06:03 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/ssltest.c	Fri Feb 21 07:24:27 2003
+***************
+*** 224,235 ****
+  	verbose = 0;
+  	debug = 0;
+  	cipher = 0;
+! 	
+  	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+  
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+- 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+  	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+  
+  	argc--;
+--- 224,236 ----
+  	verbose = 0;
+  	debug = 0;
+  	cipher = 0;
+! 
+! 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);	
+! 
+  	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+  
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+  
+  	argc--;
+***************
+*** 247,258 ****
+  			debug=1;
+  		else if	(strcmp(*argv,"-reuse") == 0)
+  			reuse=1;
+- #ifndef NO_DH
+  		else if	(strcmp(*argv,"-dhe1024") == 0)
+  			dhe1024=1;
+  		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
+  			dhe1024dsa=1;
+  #endif
+  		else if	(strcmp(*argv,"-no_dhe") == 0)
+  			no_dhe=1;
+  		else if	(strcmp(*argv,"-ssl2") == 0)
+--- 248,269 ----
+  			debug=1;
+  		else if	(strcmp(*argv,"-reuse") == 0)
+  			reuse=1;
+  		else if	(strcmp(*argv,"-dhe1024") == 0)
++ 			{
++ #ifndef NO_DH
+  			dhe1024=1;
++ #else
++ 			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
++ #endif
++ 			}
+  		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
++ 			{
++ #ifndef NO_DH
+  			dhe1024dsa=1;
++ #else
++ 			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
+  #endif
++ 			}
+  		else if	(strcmp(*argv,"-no_dhe") == 0)
+  			no_dhe=1;
+  		else if	(strcmp(*argv,"-ssl2") == 0)
+***************
+*** 355,361 ****
+  			"the test anyway (and\n-d to see what happens), "
+  			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+  			"to avoid protocol mismatch.\n");
+! 		exit(1);
+  		}
+  
+  	if (print_time)
+--- 366,372 ----
+  			"the test anyway (and\n-d to see what happens), "
+  			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+  			"to avoid protocol mismatch.\n");
+! 		EXIT(1);
+  		}
+  
+  	if (print_time)
+***************
+*** 620,625 ****
+--- 631,638 ----
+  			int i, r;
+  			clock_t c_clock = clock();
+  
++ 			memset(cbuf, 0, sizeof(cbuf));
++ 
+  			if (debug)
+  				if (SSL_in_init(c_ssl))
+  					printf("client waiting in SSL_connect - %s\n",
+***************
+*** 704,709 ****
+--- 717,724 ----
+  			int i, r;
+  			clock_t s_clock = clock();
+  
++ 			memset(sbuf, 0, sizeof(sbuf));
++ 
+  			if (debug)
+  				if (SSL_in_init(s_ssl))
+  					printf("server waiting in SSL_accept - %s\n",
+***************
+*** 946,951 ****
+--- 961,969 ----
+  	int done=0;
+  	int c_write,s_write;
+  	int do_server=0,do_client=0;
++ 
++ 	memset(cbuf,0,sizeof(cbuf));
++ 	memset(sbuf,0,sizeof(sbuf));
+  
+  	c_to_s=BIO_new(BIO_s_mem());
+  	s_to_c=BIO_new(BIO_s_mem());
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_clnt.c ../RELENG_4_7/crypto/openssl/ssl/t1_clnt.c
+*** crypto/openssl/ssl/t1_clnt.c	Mon Jan 10 00:22:00 2000
+--- ../RELENG_4_7/crypto/openssl/ssl/t1_clnt.c	Fri Feb 21 07:24:27 2003
+***************
+*** 79,89 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_client_data.ssl_connect=ssl3_connect;
+! 		TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_client_data);
+  	}
+--- 79,96 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_client_data.ssl_connect=ssl3_connect;
+! 			TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&TLSv1_client_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_enc.c ../RELENG_4_7/crypto/openssl/ssl/t1_enc.c
+*** crypto/openssl/ssl/t1_enc.c	Tue Jul 30 17:06:03 2002
+--- ../RELENG_4_7/crypto/openssl/ssl/t1_enc.c	Fri Feb 21 07:24:27 2003
+***************
+*** 158,164 ****
+  		}
+  	HMAC_cleanup(&ctx);
+  	HMAC_cleanup(&ctx_tmp);
+! 	memset(A1,0,sizeof(A1));
+  	}
+  
+  static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+--- 158,164 ----
+  		}
+  	HMAC_cleanup(&ctx);
+  	HMAC_cleanup(&ctx_tmp);
+! 	OPENSSL_cleanse(A1,sizeof(A1));
+  	}
+  
+  static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+***************
+*** 372,381 ****
+  printf("\n");
+  #endif
+  
+! 	memset(tmp1,0,sizeof(tmp1));
+! 	memset(tmp2,0,sizeof(tmp1));
+! 	memset(iv1,0,sizeof(iv1));
+! 	memset(iv2,0,sizeof(iv2));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+--- 372,381 ----
+  printf("\n");
+  #endif
+  
+! 	OPENSSL_cleanse(tmp1,sizeof(tmp1));
+! 	OPENSSL_cleanse(tmp2,sizeof(tmp1));
+! 	OPENSSL_cleanse(iv1,sizeof(iv1));
+! 	OPENSSL_cleanse(iv2,sizeof(iv2));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+***************
+*** 426,432 ****
+  { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+  #endif
+  	tls1_generate_key_block(s,p1,p2,num);
+! 	memset(p2,0,num);
+  	OPENSSL_free(p2);
+  #ifdef TLS_DEBUG
+  printf("\nkey block\n");
+--- 426,432 ----
+  { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+  #endif
+  	tls1_generate_key_block(s,p1,p2,num);
+! 	OPENSSL_cleanse(p2,num);
+  	OPENSSL_free(p2);
+  #ifdef TLS_DEBUG
+  printf("\nkey block\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_meth.c ../RELENG_4_7/crypto/openssl/ssl/t1_meth.c
+*** crypto/openssl/ssl/t1_meth.c	Mon Jan 10 00:22:00 2000
+--- ../RELENG_4_7/crypto/openssl/ssl/t1_meth.c	Fri Feb 21 07:24:27 2003
+***************
+*** 76,88 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_data.ssl_connect=ssl3_connect;
+! 		TLSv1_data.ssl_accept=ssl3_accept;
+! 		TLSv1_data.get_ssl_method=tls1_get_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_data);
+  	}
+  
+--- 76,96 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_data.ssl_connect=ssl3_connect;
+! 			TLSv1_data.ssl_accept=ssl3_accept;
+! 			TLSv1_data.get_ssl_method=tls1_get_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
++ 	
+  	return(&TLSv1_data);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_srvr.c ../RELENG_4_7/crypto/openssl/ssl/t1_srvr.c
+*** crypto/openssl/ssl/t1_srvr.c	Mon Jan 10 00:22:00 2000
+--- ../RELENG_4_7/crypto/openssl/ssl/t1_srvr.c	Fri Feb 21 07:24:27 2003
+***************
+*** 80,90 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_server_data.ssl_accept=ssl3_accept;
+! 		TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_server_data);
+  	}
+--- 80,97 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_server_data.ssl_accept=ssl3_accept;
+! 			TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+! 			init=0;
+! 			}
+! 			
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&TLSv1_server_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/Makefile.ssl ../RELENG_4_7/crypto/openssl/test/Makefile.ssl
+*** crypto/openssl/test/Makefile.ssl	Tue Jul 30 17:06:05 2002
+--- ../RELENG_4_7/crypto/openssl/test/Makefile.ssl	Fri Feb 21 07:24:27 2003
+***************
+*** 85,91 ****
+  
+  all:	exe
+  
+! exe:	$(EXE)
+  
+  files:
+  	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+--- 85,91 ----
+  
+  all:	exe
+  
+! exe:	$(EXE) dummytest
+  
+  files:
+  	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+***************
+*** 93,98 ****
+--- 93,102 ----
+  links:
+  	@@$(TOP)/util/point.sh Makefile.ssl Makefile
+  
++ generate: $(SRC)
++ $(SRC):
++ 	@$(TOP)/util/point.sh dummytest.c $@
++ 
+  errors:
+  
+  install:
+***************
+*** 109,115 ****
+  	test_ss test_ca test_ssl
+  
+  apps:
+! 	@(cd ../apps; $(MAKE)  CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all)
+  
+  test_des:
+  	./$(DESTEST)
+--- 113,119 ----
+  	test_ss test_ca test_ssl
+  
+  apps:
+! 	@(cd ..; $(MAKE) DIRS=apps all)
+  
+  test_des:
+  	./$(DESTEST)
+***************
+*** 233,239 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 237,243 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 243,252 ****
+  	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+  
+  $(DLIBSSL):
+! 	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(DLIBCRYPTO):
+! 	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+  	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+--- 247,256 ----
+  	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+  
+  $(DLIBSSL):
+! 	(cd ..; $(MAKE) DIRS=ssl all)
+  
+  $(DLIBCRYPTO):
+! 	(cd ..; $(MAKE) DIRS=crypto all)
+  
+  $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+  	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+***************
+*** 317,325 ****
+  $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+  	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! bftest.o: ../include/openssl/blowfish.h
+  bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+--- 321,333 ----
+  $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+  	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+  
++ dummytest: dummytest.o $(DLIBCRYPTO)
++ 	$(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
++ 
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
+! bftest.o: ../include/openssl/opensslconf.h
+  bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+***************
+*** 339,367 ****
+  bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+  bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+  bntest.o: ../include/openssl/x509_vfy.h
+! casttest.o: ../include/openssl/cast.h
+  destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  destest.o: ../include/openssl/opensslconf.h
+! dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dhtest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
+! dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! dsatest.o: ../include/openssl/symhacks.h
+! exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+! exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
+! exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! exptest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! exptest.o: ../include/openssl/symhacks.h
+! hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+  hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+--- 347,377 ----
+  bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+  bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+  bntest.o: ../include/openssl/x509_vfy.h
+! casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
+! casttest.o: ../include/openssl/opensslconf.h
+  destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  destest.o: ../include/openssl/opensslconf.h
+! dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+  dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! dhtest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! dhtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! dhtest.o: ../include/openssl/symhacks.h
+! dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+  dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+! dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+! exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+! exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! exptest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+  hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+  hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+***************
+*** 376,392 ****
+  hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+  hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+  hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
+! md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
+! md4test.o: ../include/openssl/md4.h
+! md5test.o: ../include/openssl/md5.h
+! mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+! randtest.o: ../include/openssl/rand.h
+  rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
+  rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+! rc5test.o: ../include/openssl/rc5.h
+! rmdtest.o: ../include/openssl/ripemd.h
+  rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+--- 386,411 ----
+  hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+  hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+  hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
+! ideatest.o: ../include/openssl/opensslconf.h
+! md2test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md2.h
+! md2test.o: ../include/openssl/opensslconf.h
+! md4test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md4.h
+! md4test.o: ../include/openssl/opensslconf.h
+! md5test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md5.h
+! md5test.o: ../include/openssl/opensslconf.h
+! mdc2test.o: ../e_os.h ../include/openssl/des.h ../include/openssl/e_os2.h
+  mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+! randtest.o: ../e_os.h ../include/openssl/e_os2.h
+! randtest.o: ../include/openssl/opensslconf.h ../include/openssl/rand.h
+! rc2test.o: ../e_os.h ../include/openssl/e_os2.h
+  rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
++ rc4test.o: ../e_os.h ../include/openssl/e_os2.h
+  rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+! rc5test.o: ../e_os.h ../include/openssl/e_os2.h
+! rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h
+! rmdtest.o: ../e_os.h ../include/openssl/e_os2.h
+! rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/ripemd.h
+  rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+***************
+*** 394,401 ****
+  rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+  rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+  rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! sha1test.o: ../include/openssl/sha.h
+! shatest.o: ../include/openssl/sha.h
+  ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+--- 413,422 ----
+  rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+  rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+  rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! sha1test.o: ../e_os.h ../include/openssl/e_os2.h
+! sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
+! shatest.o: ../e_os.h ../include/openssl/e_os2.h
+! shatest.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
+  ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/methtest.c ../RELENG_4_7/crypto/openssl/test/methtest.c
+*** crypto/openssl/test/methtest.c	Mon Jan 10 00:22:01 2000
+--- ../RELENG_4_7/crypto/openssl/test/methtest.c	Fri Feb 21 07:24:27 2003
+***************
+*** 96,105 ****
+  	METH_init(top);
+  	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+  	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+! 	exit(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	exit(1);
+  	return(0);
+  	}
+--- 96,105 ----
+  	METH_init(top);
+  	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+  	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+! 	EXIT(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	EXIT(1);
+  	return(0);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/testssl ../RELENG_4_7/crypto/openssl/test/testssl
+*** crypto/openssl/test/testssl	Sun Aug 20 03:47:04 2000
+--- ../RELENG_4_7/crypto/openssl/test/testssl	Fri Feb 21 07:24:27 2003
+***************
+*** 112,119 ****
+  
+  #############################################################################
+  
+! echo test tls1 with 1024bit anonymous DH, multiple handshakes
+! $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+  
+  if ../apps/openssl no-rsa; then
+    echo skipping RSA tests
+--- 112,123 ----
+  
+  #############################################################################
+  
+! if ../apps/openssl no-dh; then
+!   echo skipping anonymous DH tests
+! else
+!   echo test tls1 with 1024bit anonymous DH, multiple handshakes
+!   $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+! fi
+  
+  if ../apps/openssl no-rsa; then
+    echo skipping RSA tests
+***************
+*** 121,128 ****
+    echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
+  
+!   echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+!   ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+  fi
+  
+  exit 0
+--- 125,136 ----
+    echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
+  
+!   if ../apps/openssl no-dh; then
+!     echo skipping RSA+DHE tests
+!   else
+!     echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+!     ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+!   fi
+  fi
+  
+  exit 0
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash ../RELENG_4_7/crypto/openssl/tools/c_rehash
+*** crypto/openssl/tools/c_rehash	Sun Aug 11 09:14:00 2002
+--- ../RELENG_4_7/crypto/openssl/tools/c_rehash	Fri Feb 21 07:24:27 2003
+***************
+*** 1,4 ****
+! #!/usr/local/bin/perl
+  
+  
+  # Perl c_rehash script, scan all files in a directory
+--- 1,4 ----
+! #!/usr/local/bin/perl5
+  
+  
+  # Perl c_rehash script, scan all files in a directory
+***************
+*** 100,106 ****
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 100,107 ----
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+***************
+*** 130,136 ****
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 131,138 ----
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash.in ../RELENG_4_7/crypto/openssl/tools/c_rehash.in
+*** crypto/openssl/tools/c_rehash.in	Wed Jul  4 18:19:48 2001
+--- ../RELENG_4_7/crypto/openssl/tools/c_rehash.in	Fri Feb 21 07:24:27 2003
+***************
+*** 100,106 ****
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 100,107 ----
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+***************
+*** 130,136 ****
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 131,138 ----
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/libeay.num ../RELENG_4_7/crypto/openssl/util/libeay.num
+*** crypto/openssl/util/libeay.num	Tue Jul 30 17:06:09 2002
+--- ../RELENG_4_7/crypto/openssl/util/libeay.num	Fri Feb 21 07:24:27 2003
+***************
+*** 301,308 ****
+  EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
+  EVP_des_ofb                             310	EXIST::FUNCTION:DES
+  EVP_desx_cbc                            311	EXIST::FUNCTION:DES
+! EVP_dss                                 312	EXIST::FUNCTION:SHA,DSA
+! EVP_dss1                                313	EXIST::FUNCTION:SHA,DSA
+  EVP_enc_null                            314	EXIST::FUNCTION:
+  EVP_get_cipherbyname                    315	EXIST::FUNCTION:
+  EVP_get_digestbyname                    316	EXIST::FUNCTION:
+--- 301,308 ----
+  EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
+  EVP_des_ofb                             310	EXIST::FUNCTION:DES
+  EVP_desx_cbc                            311	EXIST::FUNCTION:DES
+! EVP_dss                                 312	EXIST::FUNCTION:DSA,SHA
+! EVP_dss1                                313	EXIST::FUNCTION:DSA,SHA
+  EVP_enc_null                            314	EXIST::FUNCTION:
+  EVP_get_cipherbyname                    315	EXIST::FUNCTION:
+  EVP_get_digestbyname                    316	EXIST::FUNCTION:
+***************
+*** 1212,1218 ****
+  str_dup                                 1240	NOEXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+! BIO_s_log                               1243	EXIST:!WIN16,!WIN32,!macintosh:FUNCTION:
+  BIO_f_reliable                          1244	EXIST::FUNCTION:
+  PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+  PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+--- 1212,1218 ----
+  str_dup                                 1240	NOEXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+! BIO_s_log                               1243	EXIST:!WIN32,!macintosh,!WIN16:FUNCTION:
+  BIO_f_reliable                          1244	EXIST::FUNCTION:
+  PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+  PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+***************
+*** 1934,1936 ****
+--- 1934,1937 ----
+  BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
+  X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
+  ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
++ OPENSSL_cleanse                         3245	EXIST::FUNCTION:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mk1mf.pl ../RELENG_4_7/crypto/openssl/util/mk1mf.pl
+*** crypto/openssl/util/mk1mf.pl	Tue Jul 30 17:06:09 2002
+--- ../RELENG_4_7/crypto/openssl/util/mk1mf.pl	Fri Feb 21 07:24:27 2003
+***************
+*** 206,212 ****
+  $cflags.=" -DNO_MD5"  if $no_md5;
+  $cflags.=" -DNO_SHA"  if $no_sha;
+  $cflags.=" -DNO_SHA1" if $no_sha1;
+! $cflags.=" -DNO_RIPEMD" if $no_rmd160;
+  $cflags.=" -DNO_MDC2" if $no_mdc2;
+  $cflags.=" -DNO_BF"  if $no_bf;
+  $cflags.=" -DNO_CAST" if $no_cast;
+--- 206,212 ----
+  $cflags.=" -DNO_MD5"  if $no_md5;
+  $cflags.=" -DNO_SHA"  if $no_sha;
+  $cflags.=" -DNO_SHA1" if $no_sha1;
+! $cflags.=" -DNO_RIPEMD" if $no_ripemd;
+  $cflags.=" -DNO_MDC2" if $no_mdc2;
+  $cflags.=" -DNO_BF"  if $no_bf;
+  $cflags.=" -DNO_CAST" if $no_cast;
+***************
+*** 674,680 ****
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+--- 674,680 ----
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+***************
+*** 883,889 ****
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; }
+  
+  	elsif (/^rsaref$/)	{ $rsaref=1; }
+  	elsif (/^gcc$/)		{ $gcc=1; }
+--- 883,889 ----
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; }
+  
+  	elsif (/^rsaref$/)	{ $rsaref=1; }
+  	elsif (/^gcc$/)		{ $gcc=1; }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkcerts.sh ../RELENG_4_7/crypto/openssl/util/mkcerts.sh
+*** crypto/openssl/util/mkcerts.sh	Mon Jan 10 00:22:05 2000
+--- ../RELENG_4_7/crypto/openssl/util/mkcerts.sh	Fri Feb 21 07:24:27 2003
+***************
+*** 1,4 ****
+! #!bin/sh
+  
+  # This script will re-make all the required certs.
+  # cd apps
+--- 1,4 ----
+! #!/bin/sh
+  
+  # This script will re-make all the required certs.
+  # cd apps
+***************
+*** 12,19 ****
+  #
+   
+  CAbits=1024
+! SSLEAY="../apps/ssleay"
+! CONF="-config ../apps/ssleay.cnf"
+  
+  # create pca request.
+  echo creating $CAbits bit PCA cert request
+--- 12,19 ----
+  #
+   
+  CAbits=1024
+! SSLEAY="../apps/openssl"
+! CONF="-config ../apps/openssl.cnf"
+  
+  # create pca request.
+  echo creating $CAbits bit PCA cert request
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pl/BC-32.pl ../RELENG_4_7/crypto/openssl/util/pl/BC-32.pl
+*** crypto/openssl/util/pl/BC-32.pl	Tue Jul 30 17:06:10 2002
+--- ../RELENG_4_7/crypto/openssl/util/pl/BC-32.pl	Fri Feb 21 07:24:27 2003
+***************
+*** 52,60 ****
+  $shlib_ex_obj="";
+  $app_ex_obj="c0x32.obj"; 
+  
+! $asm='n_o_T_a_s_m';
+  $asm.=" /Zi" if $debug;
+! $afile='/Fo';
+  
+  $bn_mulw_obj='';
+  $bn_mulw_src='';
+--- 52,60 ----
+  $shlib_ex_obj="";
+  $app_ex_obj="c0x32.obj"; 
+  
+! $asm='nasmw -f obj';
+  $asm.=" /Zi" if $debug;
+! $afile='-o';
+  
+  $bn_mulw_obj='';
+  $bn_mulw_src='';
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pod2mantest ../RELENG_4_7/crypto/openssl/util/pod2mantest
+*** crypto/openssl/util/pod2mantest	Tue Jul 30 17:06:09 2002
+--- ../RELENG_4_7/crypto/openssl/util/pod2mantest	Fri Feb 21 07:24:27 2003
+***************
+*** 11,17 ****
+  
+  
+  IFS=:
+! try_without_dir=false
+  # First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+  for dir in dummy:$PATH; do
+      if [ "$try_without_dir" = true ]; then
+--- 11,18 ----
+  
+  
+  IFS=:
+! 
+! try_without_dir=true
+  # First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+  for dir in dummy:$PATH; do
+      if [ "$try_without_dir" = true ]; then
+***************
+*** 29,37 ****
+      if [ ! "$pod2man" = '' ]; then
+          failure=none
+  
+  
+! 	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then
+! 	    failure=MultilineTest
+  	fi
+  
+  
+--- 30,45 ----
+      if [ ! "$pod2man" = '' ]; then
+          failure=none
+  
++ 	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
++ 	    :
++ 	else
++ 	    failure=BasicTest
++ 	fi
+  
+! 	if [ "$failure" = none ]; then
+! 	    if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
+! 	        failure=MultilineTest
+! 	    fi
+  	fi
+  
+  
+***************
+*** 45,53 ****
+  done
+  
+  echo "No working pod2man found.  Consider installing a new version." >&2
+! if [ "$1" = ignore ]; then
+!   echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+!   echo "../../util/pod2man.pl"
+!   exit 0
+! fi
+! exit 1
+--- 53,57 ----
+  done
+  
+  echo "No working pod2man found.  Consider installing a new version." >&2
+! echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+! echo "$1 ../../util/pod2man.pl"
+*** secure/lib/libcrypto/Makefile	Tue Jul 30 17:06:11 2002
+--- ../RELENG_4_7/secure/lib/libcrypto/Makefile	Fri Feb 21 07:25:04 2003
+***************
+*** 35,42 ****
+  MAINTAINER=	kris
+  
+  # base sources
+! SRCS+=	cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \
+! 	tmdiff.c uid.c
+  
+  # asn1
+  
+--- 35,42 ----
+  MAINTAINER=	kris
+  
+  # base sources
+! SRCS+=	cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \
+! 	mem_dbg.c tmdiff.c uid.c
+  
+  # asn1
+  
diff --git a/share/security/patches/SA-03:02/openssl47.patch.asc b/share/security/patches/SA-03:02/openssl47.patch.asc
new file mode 100644
index 0000000000..e7abae1adc
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl47.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+WtcjFdaIBMps37IRAuamAKCUOeNRrzlVHaXXE92JH6lV75acAQCfRIPu
+//BxgfihZQr5ySzyTXj4jY4=
+=EkQo
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl47.patch.gz b/share/security/patches/SA-03:02/openssl47.patch.gz
new file mode 100644
index 0000000000..66720db342
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl47.patch.gz
diff --git a/share/security/patches/SA-03:02/openssl47.patch.gz.asc b/share/security/patches/SA-03:02/openssl47.patch.gz.asc
new file mode 100644
index 0000000000..2c371f12d1
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl47.patch.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+YBHBFdaIBMps37IRAnrPAKCQF0teBRupyJVfYXmAWMLAErBtzgCfSNjc
+IOMck4/nnTX6/HvpAe59VYU=
+=yjER
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl4b.patch b/share/security/patches/SA-03:02/openssl4b.patch
new file mode 100644
index 0000000000..f6f8a3e042
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl4b.patch
@@ -0,0 +1,18727 @@
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/CHANGES ../RELENG_4/crypto/openssl/CHANGES
+*** crypto/openssl/CHANGES	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/CHANGES	Mon Feb 24 21:14:49 2003
+***************
+*** 2,7 ****
+--- 2,88 ----
+   OpenSSL CHANGES
+   _______________
+  
++  Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]
++ 
++   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
++      via timing by performing a MAC computation even if incorrrect
++      block cipher padding has been found.  This is a countermeasure
++      against active attacks where the attacker has to distinguish
++      between bad padding and a MAC verification error. (CAN-2003-0078)
++ 
++      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
++      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
++      Martin Vuagnoux (EPFL, Ilion)]
++ 
++   *) Make the no-err option work as intended.  The intention with no-err
++      is not to have the whole error stack handling routines removed from
++      libcrypto, it's only intended to remove all the function name and
++      reason texts, thereby removing some of the footprint that may not
++      be interesting if those errors aren't displayed anyway.
++ 
++      NOTE: it's still possible for any application or module to have it's
++      own set of error texts inserted.  The routines are there, just not
++      used by default when no-err is given.
++      [Richard Levitte]
++ 
++   *) Add support for FreeBSD on IA64.
++      [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454]
++ 
++   *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
++      Kerberos function mit_des_cbc_cksum().  Before this change,
++      the value returned by DES_cbc_cksum() was like the one from
++      mit_des_cbc_cksum(), except the bytes were swapped.
++      [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
++ 
++   *) Allow an application to disable the automatic SSL chain building.
++      Before this a rather primitive chain build was always performed in
++      ssl3_output_cert_chain(): an application had no way to send the 
++      correct chain if the automatic operation produced an incorrect result.
++ 
++      Now the chain builder is disabled if either:
++ 
++      1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
++ 
++      2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
++ 
++      The reasoning behind this is that an application would not want the
++      auto chain building to take place if extra chain certificates are
++      present and it might also want a means of sending no additional
++      certificates (for example the chain has two certificates and the
++      root is omitted).
++      [Steve Henson]
++ 
++   *) Add the possibility to build without the ENGINE framework.
++      [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
++ 
++   *) Under Win32 gmtime() can return NULL: check return value in
++      OPENSSL_gmtime(). Add error code for case where gmtime() fails.
++      [Steve Henson]
++ 
++   *) DSA routines: under certain error conditions uninitialized BN objects
++      could be freed. Solution: make sure initialization is performed early
++      enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
++      Nils Larsch <nla@trustcenter.de> via PR#459)
++      [Lutz Jaenicke]
++ 
++   *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
++      checked on reconnect on the client side, therefore session resumption
++      could still fail with a "ssl session id is different" error. This
++      behaviour is masked when SSL_OP_ALL is used due to
++      SSL_OP_MICROSOFT_SESS_ID_BUG being set.
++      Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
++      followup to PR #377.
++      [Lutz Jaenicke]
++ 
++   *) IA-32 assembler support enhancements: unified ELF targets, support
++      for SCO/Caldera platforms, fix for Cygwin shared build.
++      [Andy Polyakov]
++ 
++   *) Add support for FreeBSD on sparc64.  As a consequence, support for
++      FreeBSD on non-x86 processors is separate from x86 processors on
++      the config script, much like the NetBSD support.
++      [Richard Levitte & Kris Kennaway <kris@obsecurity.org>]
++ 
+   Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
+  
+    *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+***************
+*** 177,183 ****
+  	# is assumed to contain the absolute OpenSSL source directory.
+  	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+  	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+! 	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
+  		mkdir -p `dirname $F`
+  		ln -s $OPENSSL_SOURCE/$F $F
+  	done
+--- 258,264 ----
+  	# is assumed to contain the absolute OpenSSL source directory.
+  	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+  	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+! 	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+  		mkdir -p `dirname $F`
+  		ln -s $OPENSSL_SOURCE/$F $F
+  	done
+***************
+*** 1677,1682 ****
+--- 1758,1768 ----
+       be reduced modulo  m.
+       [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+  
++ #if 0
++      The following entry accidentily appeared in the CHANGES file
++      distributed with OpenSSL 0.9.7.  The modifications described in
++      it do *not* apply to OpenSSL 0.9.7.
++ 
+    *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+       was actually never needed) and in BN_mul().  The removal in BN_mul()
+       required a small change in bn_mul_part_recursive() and the addition
+***************
+*** 1685,1690 ****
+--- 1771,1777 ----
+       bn_sub_words() and bn_add_words() except they take arrays with
+       differing sizes.
+       [Richard Levitte]
++ #endif
+  
+    *) In 'openssl passwd', verify passwords read from the terminal
+       unless the '-salt' option is used (which usually means that
+***************
+*** 1815,1820 ****
+--- 1902,1919 ----
+  
+    *) Clean old EAY MD5 hack from e_os.h.
+       [Richard Levitte]
++ 
++  Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
++ 
++   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
++      via timing by performing a MAC computation even if incorrrect
++      block cipher padding has been found.  This is a countermeasure
++      against active attacks where the attacker has to distinguish
++      between bad padding and a MAC verification error. (CAN-2003-0078)
++ 
++      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
++      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
++      Martin Vuagnoux (EPFL, Ilion)]
+  
+   Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Configure ../RELENG_4/crypto/openssl/Configure
+*** crypto/openssl/Configure	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/Configure	Mon Feb 24 21:14:49 2003
+***************
+*** 10,16 ****
+  
+  # see INSTALL for instructions.
+  
+! my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+  
+  # Options:
+  #
+--- 10,16 ----
+  
+  # see INSTALL for instructions.
+  
+! my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+  
+  # Options:
+  #
+***************
+*** 38,43 ****
+--- 38,44 ----
+  # --test-sanity Make a number of sanity checks on the data in this file.
+  #               This is a debugging tool for OpenSSL developers.
+  #
++ # no-engine     do not compile in any engine code.
+  # no-hw-xxx     do not compile support for specific crypto hardware.
+  #               Generic OpenSSL-style methods relating to this support
+  #               are always compiled but return NULL if the hardware
+***************
+*** 107,113 ****
+  my $bits1="THIRTY_TWO_BIT ";
+  my $bits2="SIXTY_FOUR_BIT ";
+  
+- my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
+  my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
+  my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
+  my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
+--- 108,113 ----
+***************
+*** 161,167 ****
+  # surrounds it with #APP #NO_APP comment pair which (at least Solaris
+  # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+  # error message.
+! "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### Solaris x86 with Sun C setups
+  "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+--- 161,167 ----
+  # surrounds it with #APP #NO_APP comment pair which (at least Solaris
+  # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+  # error message.
+! "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### Solaris x86 with Sun C setups
+  "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+***************
+*** 262,283 ****
+  "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # IA-64 targets
+! # I have no idea if this one actually works, feedback needed. <appro>
+! "hpux-ia64-cc","cc:-Ae +DD32 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
+  # with debugging of the following config.
+! "hpux64-ia64-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # More attempts at unified 10.X and 11.X targets for HP C compiler.
+  #
+  # Chris Ruemmler <ruemmler@cup.hp.com>
+  # Kevin Steves <ks@hp.se>
+! "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # Isn't the line below meaningless? HP-UX cc optimizes for host by default.
+  # hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
+! "hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # HPUX 9.X config.
+  # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
+--- 262,282 ----
+  "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # IA-64 targets
+! "hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
+  # with debugging of the following config.
+! "hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # More attempts at unified 10.X and 11.X targets for HP C compiler.
+  #
+  # Chris Ruemmler <ruemmler@cup.hp.com>
+  # Kevin Steves <ks@hp.se>
+! "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # Isn't the line below meaningless? HP-UX cc optimizes for host by default.
+  # hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
+! "hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # HPUX 9.X config.
+  # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
+***************
+*** 384,391 ****
+  "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+  "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+! "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+! "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+  "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
+  "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+--- 383,390 ----
+  "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+  "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+! "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
+  "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+***************
+*** 396,401 ****
+--- 395,402 ----
+  "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++ "FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++ "FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+  "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+  "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+***************
+*** 403,409 ****
+  "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+  
+  # NCR MP-RAS UNIX ver 02.03.01
+! "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+  
+  # QNX 4
+  "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
+--- 404,410 ----
+  "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+  
+  # NCR MP-RAS UNIX ver 02.03.01
+! "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
+  
+  # QNX 4
+  "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
+***************
+*** 414,446 ****
+  # Linux on ARM
+  "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # UnixWare 2.0x fails destest with -O
+  "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+- "unixware-2.0-pentium","cc:-DFILIO_H -DNO_STRINGS_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+- 
+- # UnixWare 2.1
+  "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+! "unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+! "unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+  
+- # UnixWare 7
+- "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- 
+- # OpenUNIX 8
+- "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # IBM's AIX.
+  "aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+! "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+  "aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64",
+  
+  #
+  # Cray T90 and similar (SDSC)
+--- 415,450 ----
+  # Linux on ARM
+  "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
++ # SCO/Caldera targets.
++ #
++ # Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
++ # Now we only have blended unixware-* as it's the only one used by ./config.
++ # If you want to optimize for particular microarchitecture, bypass ./config
++ # and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
++ # Note that not all targets include assembler support. Mostly because of
++ # lack of motivation to support out-of-date platforms with out-of-date
++ # compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
++ # patiently assisted to debug most of it.
++ #
+  # UnixWare 2.0x fails destest with -O
+  "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+  "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+! "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+! # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
+! "sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  
+  # IBM's AIX.
+  "aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+! "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::",
+  "aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+  
+  #
+  # Cray T90 and similar (SDSC)
+***************
+*** 473,487 ****
+  "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+  "dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  
+- # SCO 3 - Tim Rice <tim@multitalents.net>
+- "sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+- 
+- # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
+- # SCO cc.
+- "sco5-cc",  "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-Kpic", # des options?
+- "sco5-cc-pentium",  "cc:-Kpentium::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+- "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC",
+- 
+  # Sinix/ReliantUNIX RM400
+  # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
+  "ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+--- 477,482 ----
+***************
+*** 508,514 ****
+  "VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+  
+  # Borland C++ 4.5
+! "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
+  "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+  
+  # Mingw32
+--- 503,509 ----
+  "VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+  
+  # Borland C++ 4.5
+! "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32",
+  "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+  
+  # Mingw32
+***************
+*** 656,661 ****
+--- 651,657 ----
+  my $openssl_sys_defines="";
+  my $openssl_other_defines;
+  my $libs;
++ my $libkrb5="";
+  my $target;
+  my $options;
+  my $symlink;
+***************
+*** 696,701 ****
+--- 692,702 ----
+  			$flags .= "-DOPENSSL_NO_ASM ";
+  			$openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
+  			}
++ 		elsif (/^no-err$/)
++ 		 	{
++ 			$flags .= "-DOPENSSL_NO_ERR ";
++ 			$openssl_other_defines .= "#define OPENSSL_NO_ERR\n";
++ 			}
+  		elsif (/^no-hw-(.+)$/)
+  			{
+  			my $hw=$1;
+***************
+*** 956,961 ****
+--- 957,964 ----
+  my $ranlib = $fields[$idx_ranlib];
+  my $arflags = $fields[$idx_arflags];
+  
++ my $no_shared_warn=0;
++ 
+  $cflags="$flags$cflags" if ($flags ne "");
+  
+  # Kerberos settings.  The flavor must be provided from outside, either through
+***************
+*** 1020,1027 ****
+  	$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
+  		if $withargs{"krb5-include"} eq "" &&
+  		   $withargs{"krb5-dir"} ne "";
+- 
+- 	$libs.=$withargs{"krb5-lib"}." " if $withargs{"krb5-lib"} ne "";
+  	}
+  
+  # The DSO code currently always implements all functions so that no
+--- 1023,1028 ----
+***************
+*** 1107,1112 ****
+--- 1108,1114 ----
+  my $shared_mark = "";
+  if ($shared_target eq "")
+  	{
++ 	$no_shared_warn = 1 if !$no_shared;
+  	$no_shared = 1;
+  	}
+  if (!$no_shared)
+***************
+*** 1240,1245 ****
+--- 1242,1248 ----
+  	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
+  	s/^PERL=.*/PERL= $perl/;
+  	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
++ 	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
+  	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+  	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+  	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+***************
+*** 1511,1516 ****
+--- 1514,1529 ----
+  The library could not be configured for supporting multi-threaded
+  applications as the compiler options required on this system are not known.
+  See file INSTALL for details if you need multi-threading.
++ EOF
++ 
++ print <<\EOF if ($no_shared_warn);
++ 
++ You gave the option 'shared'.  Normally, that would give you shared libraries.
++ Unfortunately, the OpenSSL configuration doesn't include shared library support
++ for this platform yet, so it will pretend you gave the option 'no-shared'.  If
++ you can inform the developpers (openssl-dev\@openssl.org) how to support shared
++ libraries on this platform, they will at least look at it and try their best
++ (but please first make sure you have tried with a current version of OpenSSL).
+  EOF
+  
+  exit(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/FAQ ../RELENG_4/crypto/openssl/FAQ
+*** crypto/openssl/FAQ	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/FAQ	Mon Feb 24 21:14:49 2003
+***************
+*** 68,74 ****
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.7 was released on December 31, 2002.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+--- 68,74 ----
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.7a was released on February 19, 2003.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+***************
+*** 189,206 ****
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" that serves this purpose.  On other systems, applications have
+! to call the RAND_add() or RAND_seed() function with appropriate data
+! before generating keys or performing public key encryption.
+! (These functions initialize the pseudo-random number generator, PRNG.)
+! 
+! Some broken applications do not do this.  As of version 0.9.5, the
+! OpenSSL functions that need randomness report an error if the random
+! number generator has not been seeded with at least 128 bits of
+! randomness.  If this error occurs, please contact the author of the
+! application you are using.  It is likely that it never worked
+! correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+! to perform potentially insecure encryption.
+  
+  On systems without /dev/urandom and /dev/random, it is a good idea to
+  use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+--- 189,218 ----
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" (/dev/urandom or /dev/random) that serves this purpose.
+! All OpenSSL versions try to use /dev/urandom by default; starting with
+! version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
+! available.
+! 
+! On other systems, applications have to call the RAND_add() or
+! RAND_seed() function with appropriate data before generating keys or
+! performing public key encryption. (These functions initialize the
+! pseudo-random number generator, PRNG.)  Some broken applications do
+! not do this.  As of version 0.9.5, the OpenSSL functions that need
+! randomness report an error if the random number generator has not been
+! seeded with at least 128 bits of randomness.  If this error occurs and
+! is not discussed in the documentation of the application you are
+! using, please contact the author of that application; it is likely
+! that it never worked correctly.  OpenSSL 0.9.5 and later make the
+! error visible by refusing to perform potentially insecure encryption.
+! 
+! If you are using Solaris 8, you can add /dev/urandom and /dev/random
+! devices by installing patch 112438 (Sparc) or 112439 (x86), which are
+! available via the Patchfinder at <URL: http://sunsolve.sun.com>
+! (Solaris 9 includes these devices by default). For /dev/random support
+! for earlier Solaris versions, see Sun's statement at
+! <URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
+! (the SUNWski package is available in patch 105710).
+  
+  On systems without /dev/urandom and /dev/random, it is a good idea to
+  use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+***************
+*** 233,250 ****
+  provide their own configuration options to specify the entropy source,
+  please check out the documentation coming the with application.
+  
+- For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+- installing the SUNski package from Sun patch 105710-01 (Sparc) which
+- adds a /dev/random device and make sure it gets used, usually through
+- $RANDFILE.  There are probably similar patches for the other Solaris
+- versions.  An official statement from Sun with respect to /dev/random
+- support can be found at
+-   http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
+- However, be warned that /dev/random is usually a blocking device, which
+- may have some effects on OpenSSL.
+- A third party /dev/random solution for Solaris is available at
+-   http://www.cosy.sbg.ac.at/~andi/
+- 
+  
+  * Why do I get an "unable to write 'random state'" error message?
+  
+--- 245,250 ----
+***************
+*** 490,499 ****
+  Sometimes, you may get reports from VC++ command line (cl) that it
+  can't find standard include files like stdio.h and other weirdnesses.
+  One possible cause is that the environment isn't correctly set up.
+! To solve that problem, one should run VCVARS32.BAT which is found in
+! the 'bin' subdirectory of the VC++ installation directory (somewhere
+! under 'Program Files').  This needs to be done prior to running NMAKE,
+! and the changes are only valid for the current DOS session.
+  
+  
+  * What is special about OpenSSL on Redhat?
+--- 490,502 ----
+  Sometimes, you may get reports from VC++ command line (cl) that it
+  can't find standard include files like stdio.h and other weirdnesses.
+  One possible cause is that the environment isn't correctly set up.
+! To solve that problem for VC++ versions up to 6, one should run
+! VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
+! installation directory (somewhere under 'Program Files').  For VC++
+! version 7 (and up?), which is also called VS.NET, the file is called
+! VSVARS32.BAT instead.
+! This needs to be done prior to running NMAKE, and the changes are only
+! valid for the current DOS session.
+  
+  
+  * What is special about OpenSSL on Redhat?
+***************
+*** 577,586 ****
+  of the machine code, which is essential for shared library support. For
+  some reason OpenBSD is equipped with an out-of-date GNU assembler which
+  finds the new code offensive. To work around the problem, configure with
+! no-asm (and sacrifice a great deal of performance) or upgrade /usr/bin/as.
+  For your convenience a pre-compiled replacement binary is provided at
+! http://www.openssl.org/~appro/i386-openbsd3-as, which is compiled from
+! binutils-2.8 released in 1997.
+  
+  [PROG] ========================================================================
+  
+--- 580,592 ----
+  of the machine code, which is essential for shared library support. For
+  some reason OpenBSD is equipped with an out-of-date GNU assembler which
+  finds the new code offensive. To work around the problem, configure with
+! no-asm (and sacrifice a great deal of performance) or patch your assembler
+! according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
+  For your convenience a pre-compiled replacement binary is provided at
+! <URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
+! Reportedly elder *BSD a.out platforms also suffer from this problem and
+! remedy should be same. Provided binary is statically linked and should be
+! working across wider range of *BSD branches, not just OpenBSD.
+  
+  [PROG] ========================================================================
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/INSTALL ../RELENG_4/crypto/openssl/INSTALL
+*** crypto/openssl/INSTALL	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/INSTALL	Mon Feb 24 21:14:49 2003
+***************
+*** 158,164 ****
+       If a test fails, look at the output.  There may be reasons for
+       the failure that isn't a problem in OpenSSL itself (like a missing
+       or malfunctioning bc).  If it is a problem with OpenSSL itself,
+!      try removing any compiler optimization flags from the CFLAGS line
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+       "make report" in order to be added to the request tracker at
+--- 158,164 ----
+       If a test fails, look at the output.  There may be reasons for
+       the failure that isn't a problem in OpenSSL itself (like a missing
+       or malfunctioning bc).  If it is a problem with OpenSSL itself,
+!      try removing any compiler optimization flags from the CFLAG line
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+       "make report" in order to be added to the request tracker at
+***************
+*** 308,310 ****
+--- 308,332 ----
+   to install additional support software to obtain random seed.
+   Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+   and the FAQ for more information.
++ 
++  Note on support for multiple builds
++  -----------------------------------
++ 
++  OpenSSL is usually built in it's source tree.  Unfortunately, this doesn't
++  support building for multiple platforms from the same source tree very well.
++  It is however possible to build in a separate tree through the use of lots
++  of symbolic links, which should be prepared like this:
++ 
++ 	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
++ 	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
++ 	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
++ 		mkdir -p `dirname $F`
++ 		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
++ 		echo $F '->' $OPENSSL_SOURCE/$F
++ 	done
++ 	make -f Makefile.org clean
++ 
++  OPENSSL_SOURCE is an environment variable that contains the absolute (this
++  is important!) path to the OpenSSL source tree.
++ 
++  Also, operations like 'make update' should still be made in the source tree.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.org ../RELENG_4/crypto/openssl/Makefile.org
+*** crypto/openssl/Makefile.org	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/Makefile.org	Mon Feb 24 21:14:49 2003
+***************
+*** 72,77 ****
+--- 72,85 ----
+  TARFLAGS= --no-recursion
+  MAKEDEPPROG=makedepend
+  
++ # We let the C compiler driver to take care of .s files. This is done in
++ # order to be excused from maintaining a separate set of architecture
++ # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
++ # gcc, then the driver will automatically translate it to -xarch=v8plus
++ # and pass it down to assembler.
++ AS=$(CC) -c
++ ASFLAGS=$(CFLAG)
++ 
+  # Set BN_ASM to bn_asm.o if you want to use the C version
+  BN_ASM= bn_asm.o
+  #BN_ASM= bn_asm.o
+***************
+*** 159,164 ****
+--- 167,173 ----
+  
+  # KRB5 stuff
+  KRB5_INCLUDES=
++ LIBKRB5=
+  
+  # When we're prepared to use shared libraries in the programs we link here
+  # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
+***************
+*** 216,222 ****
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making all in $$i..." && \
+! 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+  	else \
+  		$(MAKE) $$i; \
+  	fi; \
+--- 225,231 ----
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making all in $$i..." && \
+! 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+  	else \
+  		$(MAKE) $$i; \
+  	fi; \
+***************
+*** 269,281 ****
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; ${CC} ${SHARED_LDFLAGS} \
+  		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+--- 278,293 ----
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; ${CC} ${SHARED_LDFLAGS} \
+  		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+***************
+*** 283,304 ****
+  # For Darwin AKA Mac OS/X (dyld)
+  do_darwin-shared: 
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+  		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+  		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+! 	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
+  	echo "" ; \
+  	done
+  
+  do_cygwin-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--out-implib,lib$$i.dll.a \
+  		-Wl,--no-whole-archive $$libs ) || exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
+--- 295,322 ----
+  # For Darwin AKA Mac OS/X (dyld)
+  do_darwin-shared: 
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+! 		libs="$(LIBKRB5) $$libs"; \
+! 	fi; \
+! 	( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+  		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+  		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+! 	libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
+  	echo "" ; \
+  	done
+  
+  do_cygwin-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--out-implib,lib$$i.dll.a \
+  		-Wl,--no-whole-archive $$libs ) || exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
+***************
+*** 307,317 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 325,338 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 323,333 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 344,357 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 339,350 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-rpath  ${INSTALLTOP}/lib \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 363,377 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-rpath  ${INSTALLTOP}/lib \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 355,360 ****
+--- 382,390 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  MINUSZ='-z '; \
+  		  (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+***************
+*** 363,369 ****
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+  			$$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 393,399 ----
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+  			$$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 373,378 ****
+--- 403,411 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  find . -name "*.o" -print > allobjs ; \
+  		  OBJS= ; export OBJS ; \
+***************
+*** 382,388 ****
+  		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 415,421 ----
+  		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 392,397 ****
+--- 425,433 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  find . -name "*.o" -print > allobjs ; \
+  		  OBJS= ; export OBJS ; \
+***************
+*** 402,408 ****
+  			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 438,444 ----
+  			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 412,422 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 448,461 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 433,438 ****
+--- 472,480 ----
+  #
+  do_hpux-shared:
+  	for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+   		+vnocompatwarnings \
+  		-b -z +s \
+***************
+*** 453,458 ****
+--- 495,503 ----
+  #
+  do_hpux64-shared:
+  	for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+   		-b -z \
+  		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+***************
+*** 495,511 ****
+  SHAREDCMD=$(CC)
+  do_aix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; \
+! 	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
+  	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+! 	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
+  		$$libs ${EX_LIBS} ) ) \
+  	|| exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  do_reliantunix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+  	( set -x; \
+  	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+--- 540,563 ----
+  SHAREDCMD=$(CC)
+  do_aix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; \
+! 	  ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
+  	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+! 	    $(SHAREDCMD) $(SHAREDFLAGS) \
+! 		-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
+  		$$libs ${EX_LIBS} ) ) \
+  	|| exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  do_reliantunix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+  	( set -x; \
+  	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+***************
+*** 515,521 ****
+  	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+  	) || exit 1; \
+  	rm -rf $$tmpdir ; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  openssl.pc: Makefile.ssl
+--- 567,573 ----
+  	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+  	) || exit 1; \
+  	rm -rf $$tmpdir ; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  openssl.pc: Makefile.ssl
+***************
+*** 528,534 ****
+  	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+  	    echo 'Version: '$(VERSION); \
+  	    echo 'Requires: '; \
+! 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+  	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+  
+  Makefile.ssl: Makefile.org
+--- 580,586 ----
+  	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+  	    echo 'Version: '$(VERSION); \
+  	    echo 'Requires: '; \
+! 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
+  	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+  
+  Makefile.ssl: Makefile.org
+***************
+*** 601,608 ****
+  	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+  		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+  		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  	touch rehash.time
+--- 653,659 ----
+  	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+  		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+  		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  	touch rehash.time
+***************
+*** 613,620 ****
+  	@(cd test && echo "testing..." && \
+  	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+  	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		apps/openssl version -a
+  
+--- 664,670 ----
+  	@(cd test && echo "testing..." && \
+  	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+  	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		apps/openssl version -a
+  
+***************
+*** 749,755 ****
+  					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+! 					c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
+  					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+--- 799,805 ----
+  					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+! 					c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+  					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+***************
+*** 763,768 ****
+--- 813,824 ----
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+  			set $(MAKE); \
+  			$$1 -f $$here/Makefile link-shared ); \
++ 		if [ "$(INSTALLTOP)" != "/usr" ]; then \
++ 			echo 'OpenSSL shared libraries have been installed in:'; \
++ 			echo '  $(INSTALLTOP)'; \
++ 			echo ''; \
++ 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
++ 		fi; \
+  	fi
+  	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.ssl ../RELENG_4/crypto/openssl/Makefile.ssl
+*** crypto/openssl/Makefile.ssl	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/Makefile.ssl	Mon Feb 24 21:14:49 2003
+***************
+*** 4,10 ****
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.7
+  MAJOR=0
+  MINOR=9.7
+  SHLIB_VERSION_NUMBER=0.9.7
+--- 4,10 ----
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.7a
+  MAJOR=0
+  MINOR=9.7
+  SHLIB_VERSION_NUMBER=0.9.7
+***************
+*** 74,79 ****
+--- 74,87 ----
+  TARFLAGS= --no-recursion
+  MAKEDEPPROG=makedepend
+  
++ # We let the C compiler driver to take care of .s files. This is done in
++ # order to be excused from maintaining a separate set of architecture
++ # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
++ # gcc, then the driver will automatically translate it to -xarch=v8plus
++ # and pass it down to assembler.
++ AS=$(CC) -c
++ ASFLAGS=$(CFLAG)
++ 
+  # Set BN_ASM to bn_asm.o if you want to use the C version
+  BN_ASM= bn_asm.o
+  #BN_ASM= bn_asm.o
+***************
+*** 161,166 ****
+--- 169,175 ----
+  
+  # KRB5 stuff
+  KRB5_INCLUDES=
++ LIBKRB5=
+  
+  # When we're prepared to use shared libraries in the programs we link here
+  # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
+***************
+*** 218,224 ****
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making all in $$i..." && \
+! 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+  	else \
+  		$(MAKE) $$i; \
+  	fi; \
+--- 227,233 ----
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making all in $$i..." && \
+! 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+  	else \
+  		$(MAKE) $$i; \
+  	fi; \
+***************
+*** 271,283 ****
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; ${CC} ${SHARED_LDFLAGS} \
+  		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+--- 280,295 ----
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; ${CC} ${SHARED_LDFLAGS} \
+  		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+***************
+*** 285,306 ****
+  # For Darwin AKA Mac OS/X (dyld)
+  do_darwin-shared: 
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+  		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+  		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+! 	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
+  	echo "" ; \
+  	done
+  
+  do_cygwin-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--out-implib,lib$$i.dll.a \
+  		-Wl,--no-whole-archive $$libs ) || exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
+--- 297,324 ----
+  # For Darwin AKA Mac OS/X (dyld)
+  do_darwin-shared: 
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+! 		libs="$(LIBKRB5) $$libs"; \
+! 	fi; \
+! 	( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+  		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+  		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+! 	libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
+  	echo "" ; \
+  	done
+  
+  do_cygwin-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--out-implib,lib$$i.dll.a \
+  		-Wl,--no-whole-archive $$libs ) || exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
+***************
+*** 309,319 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 327,340 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 325,335 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 346,359 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 341,352 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-rpath  ${INSTALLTOP}/lib \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 365,379 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-rpath  ${INSTALLTOP}/lib \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 357,362 ****
+--- 384,392 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  MINUSZ='-z '; \
+  		  (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+***************
+*** 365,371 ****
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+  			$$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 395,401 ----
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+  			$$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 375,380 ****
+--- 405,413 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  find . -name "*.o" -print > allobjs ; \
+  		  OBJS= ; export OBJS ; \
+***************
+*** 384,390 ****
+  		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 417,423 ----
+  		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 394,399 ****
+--- 427,435 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  find . -name "*.o" -print > allobjs ; \
+  		  OBJS= ; export OBJS ; \
+***************
+*** 404,410 ****
+  			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 440,446 ----
+  			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 414,424 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 450,463 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 435,440 ****
+--- 474,482 ----
+  #
+  do_hpux-shared:
+  	for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+   		+vnocompatwarnings \
+  		-b -z +s \
+***************
+*** 455,460 ****
+--- 497,505 ----
+  #
+  do_hpux64-shared:
+  	for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+   		-b -z \
+  		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+***************
+*** 497,513 ****
+  SHAREDCMD=$(CC)
+  do_aix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; \
+! 	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
+  	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+! 	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
+  		$$libs ${EX_LIBS} ) ) \
+  	|| exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  do_reliantunix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+  	( set -x; \
+  	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+--- 542,565 ----
+  SHAREDCMD=$(CC)
+  do_aix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; \
+! 	  ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
+  	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+! 	    $(SHAREDCMD) $(SHAREDFLAGS) \
+! 		-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
+  		$$libs ${EX_LIBS} ) ) \
+  	|| exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  do_reliantunix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+  	( set -x; \
+  	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+***************
+*** 517,523 ****
+  	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+  	) || exit 1; \
+  	rm -rf $$tmpdir ; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  openssl.pc: Makefile.ssl
+--- 569,575 ----
+  	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+  	) || exit 1; \
+  	rm -rf $$tmpdir ; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  openssl.pc: Makefile.ssl
+***************
+*** 530,536 ****
+  	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+  	    echo 'Version: '$(VERSION); \
+  	    echo 'Requires: '; \
+! 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+  	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+  
+  Makefile.ssl: Makefile.org
+--- 582,588 ----
+  	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+  	    echo 'Version: '$(VERSION); \
+  	    echo 'Requires: '; \
+! 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
+  	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+  
+  Makefile.ssl: Makefile.org
+***************
+*** 603,610 ****
+  	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+  		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+  		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  	touch rehash.time
+--- 655,661 ----
+  	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+  		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+  		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  	touch rehash.time
+***************
+*** 615,622 ****
+  	@(cd test && echo "testing..." && \
+  	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+  	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		apps/openssl version -a
+  
+--- 666,672 ----
+  	@(cd test && echo "testing..." && \
+  	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+  	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		apps/openssl version -a
+  
+***************
+*** 751,757 ****
+  					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+! 					c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
+  					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+--- 801,807 ----
+  					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+! 					c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+  					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+***************
+*** 765,770 ****
+--- 815,826 ----
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+  			set $(MAKE); \
+  			$$1 -f $$here/Makefile link-shared ); \
++ 		if [ "$(INSTALLTOP)" != "/usr" ]; then \
++ 			echo 'OpenSSL shared libraries have been installed in:'; \
++ 			echo '  $(INSTALLTOP)'; \
++ 			echo ''; \
++ 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
++ 		fi; \
+  	fi
+  	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/NEWS ../RELENG_4/crypto/openssl/NEWS
+*** crypto/openssl/NEWS	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/NEWS	Mon Feb 24 21:14:49 2003
+***************
+*** 5,10 ****
+--- 5,21 ----
+    This file gives a brief overview of the major changes between each OpenSSL
+    release. For more details please read the CHANGES file.
+  
++   Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
++ 
++       o Security: Important security related bugfixes.
++       o Enhanced compatibility with MIT Kerberos.
++       o Can be built without the ENGINE framework.
++       o IA32 assembler enhancements.
++       o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
++       o Configuration: the no-err option now works properly.
++       o SSL/TLS: now handles manual certificate chain building.
++       o SSL/TLS: certain session ID malfunctions corrected.
++ 
+    Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+  
+        o New library section OCSP.
+***************
+*** 50,55 ****
+--- 61,70 ----
+        o SSL/TLS: allow more precise control of renegotiations and sessions.
+        o SSL/TLS: add callback to retrieve SSL/TLS messages.
+        o SSL/TLS: support AES cipher suites (RFC3268).
++ 
++   Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
++ 
++       o Important security related bugfixes.
+  
+    Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/PROBLEMS ../RELENG_4/crypto/openssl/PROBLEMS
+*** crypto/openssl/PROBLEMS	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/PROBLEMS	Mon Feb 24 21:14:49 2003
+***************
+*** 70,72 ****
+--- 70,100 ----
+  this seems to be the fact that compiler emits multiplication to
+  perform shift operations:-( To work the problem around configure
+  with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
++ 
++ * Problems with hp-parisc2-cc target when used with "no-asm" flag
++ 
++ When using the hp-parisc2-cc target, wrong bignum code is generated.
++ This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
++ aggressive optimization.
++ The problem manifests itself by the BN_kronecker test hanging in an
++ endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
++ which itself hangs. The reason could be tracked down to the bn_mul_comba8()
++ function in bn_asm.c. At some occasions the higher 32bit value of r[7]
++ is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
++ as no debugger support possible at +O3 and additional fprintf()'s
++ introduced fixed the bug, therefore it is most likely a bug in the
++ optimizer.
++ The bug was found in the BN_kronecker test but may also lead to
++ failures in other parts of the code.
++ (See Ticket #426.)
++ 
++ Workaround: modify the target to +O2 when building with no-asm.
++ 
++ * Poor support for AIX shared builds.
++ 
++ do_aix-shared rule is not flexible enough to parameterize through a
++ config-line. './Configure aix43-cc shared' is working, but not
++ './Configure aix64-gcc shared'. In latter case make fails to create shared
++ libraries. It's possible to build 64-bit shared libraries by running
++ 'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
++ supporting even gcc shared builds. See RT#463 for background information.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/README ../RELENG_4/crypto/openssl/README
+*** crypto/openssl/README	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/README	Mon Feb 24 21:14:49 2003
+***************
+*** 1,7 ****
+  
+!  OpenSSL 0.9.7 31 Dec 2002
+  
+!  Copyright (c) 1998-2002 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+--- 1,7 ----
+  
+!  OpenSSL 0.9.7a Feb 19 2003
+  
+!  Copyright (c) 1998-2003 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/Makefile.ssl ../RELENG_4/crypto/openssl/apps/Makefile.ssl
+*** crypto/openssl/apps/Makefile.ssl	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/apps/Makefile.ssl	Mon Feb 24 21:14:49 2003
+***************
+*** 18,23 ****
+--- 18,24 ----
+  RM=		rm -f
+  # KRB5 stuff
+  KRB5_INCLUDES=
++ LIBKRB5=
+  
+  PEX_LIBS=
+  EX_LIBS= 
+***************
+*** 150,157 ****
+  	fi
+  	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+  		LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  
+--- 151,157 ----
+  	fi
+  	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+  		LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.c ../RELENG_4/crypto/openssl/apps/apps.c
+*** crypto/openssl/apps/apps.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/apps.c	Mon Feb 24 21:14:50 2003
+***************
+*** 122,128 ****
+--- 122,130 ----
+  #include <openssl/pkcs12.h>
+  #include <openssl/ui.h>
+  #include <openssl/safestack.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  #ifdef OPENSSL_SYS_WINDOWS
+  #define strcasecmp _stricmp
+***************
+*** 859,864 ****
+--- 861,867 ----
+  		BIO_printf(err,"no keyfile specified\n");
+  		goto end;
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  	if (format == FORMAT_ENGINE)
+  		{
+  		if (!e)
+***************
+*** 868,873 ****
+--- 871,877 ----
+  				ui_method, &cb_data);
+  		goto end;
+  		}
++ #endif
+  	key=BIO_new(BIO_s_file());
+  	if (key == NULL)
+  		{
+***************
+*** 935,940 ****
+--- 939,945 ----
+  		BIO_printf(err,"no keyfile specified\n");
+  		goto end;
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  	if (format == FORMAT_ENGINE)
+  		{
+  		if (!e)
+***************
+*** 944,949 ****
+--- 949,955 ----
+  				ui_method, &cb_data);
+  		goto end;
+  		}
++ #endif
+  	key=BIO_new(BIO_s_file());
+  	if (key == NULL)
+  		{
+***************
+*** 1329,1334 ****
+--- 1335,1341 ----
+  	return NULL;
+  }
+  
++ #ifndef OPENSSL_NO_ENGINE
+  /* Try to load an engine in a shareable library */
+  static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+  	{
+***************
+*** 1385,1390 ****
+--- 1392,1398 ----
+  		}
+          return e;
+          }
++ #endif
+  
+  int load_config(BIO *err, CONF *cnf)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.h ../RELENG_4/crypto/openssl/apps/apps.h
+*** crypto/openssl/apps/apps.h	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/apps.h	Mon Feb 24 21:14:50 2003
+***************
+*** 121,127 ****
+--- 121,129 ----
+  #include <openssl/lhash.h>
+  #include <openssl/conf.h>
+  #include <openssl/txt_db.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #include <openssl/ossl_typ.h>
+  
+  int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
+***************
+*** 179,208 ****
+  		do_pipe_sig()
+  #  define apps_shutdown()
+  #else
+! #  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+!    defined(OPENSSL_SYS_WIN32)
+! #    ifdef _O_BINARY
+! #      define apps_startup() \
+! 		do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+  #    else
+  #      define apps_startup() \
+! 		do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+  #    endif
+  #  else
+! #    define apps_startup() \
+! 		do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+! 		ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+! 		setup_ui_method(); } while(0)
+  #  endif
+- #  define apps_shutdown() \
+- 		do { CONF_modules_unload(1); destroy_ui_method(); \
+- 		EVP_cleanup(); ENGINE_cleanup(); \
+- 		CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+- 		ERR_free_strings(); } while(0)
+  #endif
+  
+  typedef struct args_st
+--- 181,237 ----
+  		do_pipe_sig()
+  #  define apps_shutdown()
+  #else
+! #  ifndef OPENSSL_NO_ENGINE
+! #    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+!      defined(OPENSSL_SYS_WIN32)
+! #      ifdef _O_BINARY
+! #        define apps_startup() \
+! 			do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+! #      else
+! #        define apps_startup() \
+! 			do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+! #      endif
+  #    else
+  #      define apps_startup() \
+! 			do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+! 			ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+! 			setup_ui_method(); } while(0)
+  #    endif
++ #    define apps_shutdown() \
++ 			do { CONF_modules_unload(1); destroy_ui_method(); \
++ 			EVP_cleanup(); ENGINE_cleanup(); \
++ 			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
++ 			ERR_free_strings(); } while(0)
+  #  else
+! #    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+!      defined(OPENSSL_SYS_WIN32)
+! #      ifdef _O_BINARY
+! #        define apps_startup() \
+! 			do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 			setup_ui_method(); } while(0)
+! #      else
+! #        define apps_startup() \
+! 			do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 			setup_ui_method(); } while(0)
+! #      endif
+! #    else
+! #      define apps_startup() \
+! 			do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+! 			ERR_load_crypto_strings(); \
+! 			setup_ui_method(); } while(0)
+! #    endif
+! #    define apps_shutdown() \
+! 			do { CONF_modules_unload(1); destroy_ui_method(); \
+! 			EVP_cleanup(); \
+! 			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+! 			ERR_free_strings(); } while(0)
+  #  endif
+  #endif
+  
+  typedef struct args_st
+***************
+*** 248,254 ****
+--- 277,285 ----
+  STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+  	const char *pass, ENGINE *e, const char *cert_descrip);
+  X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
++ #ifndef OPENSSL_NO_ENGINE
+  ENGINE *setup_engine(BIO *err, const char *engine, int debug);
++ #endif
+  
+  int load_config(BIO *err, CONF *cnf);
+  char *make_config_name(void);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ca.c ../RELENG_4/crypto/openssl/apps/ca.c
+*** crypto/openssl/apps/ca.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/ca.c	Mon Feb 24 21:14:50 2003
+***************
+*** 196,202 ****
+--- 196,204 ----
+  " -extensions ..  - Extension section (override value in config file)\n",
+  " -extfile file   - Configuration file with X509v3 extentions to add\n",
+  " -crlexts ..     - CRL extension section (override value in config file)\n",
++ #ifndef OPENSSL_NO_ENGINE
+  " -engine e       - use engine e, possibly a hardware device.\n",
++ #endif
+  " -status serial  - Shows certificate status given the serial number\n",
+  " -updatedb       - Updates db for expired certificates\n",
+  NULL
+***************
+*** 333,339 ****
+--- 335,343 ----
+  #define BSIZE 256
+  	MS_STATIC char buf[3][BSIZE];
+  	char *randfile=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine = NULL;
++ #endif
+  	char *tofree=NULL;
+  
+  #ifdef EFENCE
+***************
+*** 537,547 ****
+--- 541,553 ----
+  			rev_arg = *(++argv);
+  			rev_type = REV_CA_COMPROMISE;
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else
+  			{
+  bad:
+***************
+*** 562,568 ****
+--- 568,576 ----
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	/*****************************************************************/
+  	tofree=NULL;
+***************
+*** 597,603 ****
+--- 605,614 ----
+  		goto err;
+  		}
+  	if(tofree)
++ 		{
+  		OPENSSL_free(tofree);
++ 		tofree = NULL;
++ 		}
+  
+  	if (!load_config(bio_err, conf))
+  		goto err;
+***************
+*** 1633,1643 ****
+  	BIO_free_all(out);
+  	BIO_free_all(in);
+  
+! 	sk_X509_pop_free(cert_sk,X509_free);
+  
+  	if (ret) ERR_print_errors(bio_err);
+  	app_RAND_write_file(randfile, bio_err);
+! 	if (free_key)
+  		OPENSSL_free(key);
+  	BN_free(serial);
+  	TXT_DB_free(db);
+--- 1644,1655 ----
+  	BIO_free_all(out);
+  	BIO_free_all(in);
+  
+! 	if (cert_sk)
+! 		sk_X509_pop_free(cert_sk,X509_free);
+  
+  	if (ret) ERR_print_errors(bio_err);
+  	app_RAND_write_file(randfile, bio_err);
+! 	if (free_key && key)
+  		OPENSSL_free(key);
+  	BN_free(serial);
+  	TXT_DB_free(db);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dgst.c ../RELENG_4/crypto/openssl/apps/dgst.c
+*** crypto/openssl/apps/dgst.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/dgst.c	Mon Feb 24 21:14:50 2003
+***************
+*** 100,106 ****
+--- 100,108 ----
+  	EVP_PKEY *sigkey = NULL;
+  	unsigned char *sigbuf = NULL;
+  	int siglen = 0;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 166,176 ****
+--- 168,180 ----
+  			if (--argc < 1) break;
+  			keyform=str2fmt(*(++argv));
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) break;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-hex") == 0)
+  			out_bin = 0;
+  		else if (strcmp(*argv,"-binary") == 0)
+***************
+*** 208,214 ****
+--- 212,220 ----
+  		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
+  		BIO_printf(bio_err,"-signature file signature to verify\n");
+  		BIO_printf(bio_err,"-binary         output in binary form\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  
+  		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
+  			LN_md5,LN_md5);
+***************
+*** 228,234 ****
+--- 234,242 ----
+  		goto end;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	in=BIO_new(BIO_s_file());
+  	bmd=BIO_new(BIO_f_md());
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dh.c ../RELENG_4/crypto/openssl/apps/dh.c
+*** crypto/openssl/apps/dh.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/dh.c	Mon Feb 24 21:14:50 2003
+***************
+*** 87,98 ****
+  
+  int MAIN(int argc, char **argv)
+  	{
+  	ENGINE *e = NULL;
+  	DH *dh=NULL;
+  	int i,badops=0,text=0;
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,check=0,noout=0,C=0,ret=1;
+! 	char *infile,*outfile,*prog,*engine;
+  
+  	apps_startup();
+  
+--- 87,103 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	DH *dh=NULL;
+  	int i,badops=0,text=0;
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,check=0,noout=0,C=0,ret=1;
+! 	char *infile,*outfile,*prog;
+! #ifndef OPENSSL_NO_ENGINE
+! 	char *engine;
+! #endif
+  
+  	apps_startup();
+  
+***************
+*** 103,109 ****
+--- 108,116 ----
+  	if (!load_config(bio_err, NULL))
+  		goto end;
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	engine=NULL;
++ #endif
+  	infile=NULL;
+  	outfile=NULL;
+  	informat=FORMAT_PEM;
+***************
+*** 134,144 ****
+--- 141,153 ----
+  			if (--argc < 1) goto bad;
+  			outfile= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-check") == 0)
+  			check=1;
+  		else if (strcmp(*argv,"-text") == 0)
+***************
+*** 170,182 ****
+--- 179,195 ----
+  		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
+  		BIO_printf(bio_err," -C            Output C code\n");
+  		BIO_printf(bio_err," -noout        no output\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
++ #endif
+  		goto end;
+  		}
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	in=BIO_new(BIO_s_file());
+  	out=BIO_new(BIO_s_file());
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dhparam.c ../RELENG_4/crypto/openssl/apps/dhparam.c
+*** crypto/openssl/apps/dhparam.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/dhparam.c	Mon Feb 24 21:14:50 2003
+***************
+*** 148,154 ****
+--- 148,156 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	DH *dh=NULL;
+  	int i,badops=0,text=0;
+  #ifndef OPENSSL_NO_DSA
+***************
+*** 157,163 ****
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,check=0,noout=0,C=0,ret=1;
+  	char *infile,*outfile,*prog;
+! 	char *inrand=NULL,*engine=NULL;
+  	int num = 0, g = 0;
+  
+  	apps_startup();
+--- 159,168 ----
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,check=0,noout=0,C=0,ret=1;
+  	char *infile,*outfile,*prog;
+! 	char *inrand=NULL;
+! #ifndef OPENSSL_NO_ENGINE
+! 	char *engine=NULL;
+! #endif
+  	int num = 0, g = 0;
+  
+  	apps_startup();
+***************
+*** 199,209 ****
+--- 204,216 ----
+  			if (--argc < 1) goto bad;
+  			outfile= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-check") == 0)
+  			check=1;
+  		else if (strcmp(*argv,"-text") == 0)
+***************
+*** 249,255 ****
+--- 256,264 ----
+  		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
+  		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
+  		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
+  		BIO_printf(bio_err,"               the random number generator\n");
+***************
+*** 259,265 ****
+--- 268,276 ----
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (g && !num)
+  		num = DEFBITS;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsa.c ../RELENG_4/crypto/openssl/apps/dsa.c
+*** crypto/openssl/apps/dsa.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/dsa.c	Mon Feb 24 21:14:50 2003
+***************
+*** 90,96 ****
+--- 90,98 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	int ret=1;
+  	DSA *dsa=NULL;
+  	int i,badops=0;
+***************
+*** 98,104 ****
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,text=0,noout=0;
+  	int pubin = 0, pubout = 0;
+! 	char *infile,*outfile,*prog,*engine;
+  	char *passargin = NULL, *passargout = NULL;
+  	char *passin = NULL, *passout = NULL;
+  	int modulus=0;
+--- 100,109 ----
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,text=0,noout=0;
+  	int pubin = 0, pubout = 0;
+! 	char *infile,*outfile,*prog;
+! #ifndef OPENSSL_NO_ENGINE
+! 	char *engine;
+! #endif
+  	char *passargin = NULL, *passargout = NULL;
+  	char *passin = NULL, *passout = NULL;
+  	int modulus=0;
+***************
+*** 112,118 ****
+--- 117,125 ----
+  	if (!load_config(bio_err, NULL))
+  		goto end;
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	engine=NULL;
++ #endif
+  	infile=NULL;
+  	outfile=NULL;
+  	informat=FORMAT_PEM;
+***************
+*** 153,163 ****
+--- 160,172 ----
+  			if (--argc < 1) goto bad;
+  			passargout= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-noout") == 0)
+  			noout=1;
+  		else if (strcmp(*argv,"-text") == 0)
+***************
+*** 189,195 ****
+--- 198,206 ----
+  		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
+  		BIO_printf(bio_err," -out arg        output file\n");
+  		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+  		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
+  #ifndef OPENSSL_NO_IDEA
+***************
+*** 207,213 ****
+--- 218,226 ----
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+  		BIO_printf(bio_err, "Error getting passwords\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsaparam.c ../RELENG_4/crypto/openssl/apps/dsaparam.c
+*** crypto/openssl/apps/dsaparam.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/dsaparam.c	Mon Feb 24 21:14:50 2003
+***************
+*** 90,96 ****
+--- 90,98 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	DSA *dsa=NULL;
+  	int i,badops=0,text=0;
+  	BIO *in=NULL,*out=NULL;
+***************
+*** 98,104 ****
+--- 100,108 ----
+  	char *infile,*outfile,*prog,*inrand=NULL;
+  	int numbits= -1,num,genkey=0;
+  	int need_rand=0;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 139,149 ****
+--- 143,155 ----
+  			if (--argc < 1) goto bad;
+  			outfile= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if(strcmp(*argv, "-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine = *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-text") == 0)
+  			text=1;
+  		else if (strcmp(*argv,"-C") == 0)
+***************
+*** 191,197 ****
+--- 197,205 ----
+  		BIO_printf(bio_err," -noout        no output\n");
+  		BIO_printf(bio_err," -genkey       generate a DSA key\n");
+  		BIO_printf(bio_err," -rand         files to use for random number input\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
+  		goto end;
+  		}
+***************
+*** 235,241 ****
+--- 243,251 ----
+  			}
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (need_rand)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/enc.c ../RELENG_4/crypto/openssl/apps/enc.c
+*** crypto/openssl/apps/enc.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/enc.c	Mon Feb 24 21:14:50 2003
+***************
+*** 100,106 ****
+--- 100,108 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	static const char magic[]="Salted__";
+  	char mbuf[sizeof magic-1];
+  	char *strbuf=NULL;
+***************
+*** 119,125 ****
+--- 121,129 ----
+  	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+  #define PROG_NAME_SIZE  39
+  	char pname[PROG_NAME_SIZE+1];
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine = NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 163,173 ****
+--- 167,179 ----
+  			if (--argc < 1) goto bad;
+  			passarg= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if	(strcmp(*argv,"-d") == 0)
+  			enc=0;
+  		else if	(strcmp(*argv,"-p") == 0)
+***************
+*** 270,276 ****
+--- 276,284 ----
+  			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
+  			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
+  			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
++ #ifndef OPENSSL_NO_ENGINE
+  			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
++ #endif
+  
+  			BIO_printf(bio_err,"Cipher Types\n");
+  			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+***************
+*** 284,290 ****
+--- 292,300 ----
+  		argv++;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (bufsize != NULL)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/engine.c ../RELENG_4/crypto/openssl/apps/engine.c
+*** crypto/openssl/apps/engine.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/engine.c	Mon Feb 24 21:14:50 2003
+***************
+*** 56,61 ****
+--- 56,63 ----
+   *
+   */
+  
++ #ifndef OPENSSL_NO_ENGINE
++ 
+  #include <stdio.h>
+  #include <stdlib.h>
+  #include <string.h>
+***************
+*** 518,520 ****
+--- 520,523 ----
+  	apps_shutdown();
+  	OPENSSL_EXIT(ret);
+  	}
++ #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendh.c ../RELENG_4/crypto/openssl/apps/gendh.c
+*** crypto/openssl/apps/gendh.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/gendh.c	Mon Feb 24 21:14:50 2003
+***************
+*** 81,93 ****
+--- 81,97 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	DH *dh=NULL;
+  	int ret=1,num=DEFBITS;
+  	int g=2;
+  	char *outfile=NULL;
+  	char *inrand=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  	BIO *out=NULL;
+  
+  	apps_startup();
+***************
+*** 115,125 ****
+--- 119,131 ----
+  			g=3; */
+  		else if (strcmp(*argv,"-5") == 0)
+  			g=5;
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-rand") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 138,151 ****
+--- 144,161 ----
+  		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+  	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+  		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
+  		BIO_printf(bio_err,"             the random number generator\n");
+  		goto end;
+  		}
+  		
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	out=BIO_new(BIO_s_file());
+  	if (out == NULL)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendsa.c ../RELENG_4/crypto/openssl/apps/gendsa.c
+*** crypto/openssl/apps/gendsa.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/gendsa.c	Mon Feb 24 21:14:50 2003
+***************
+*** 77,83 ****
+--- 77,85 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	DSA *dsa=NULL;
+  	int ret=1;
+  	char *outfile=NULL;
+***************
+*** 85,91 ****
+--- 87,95 ----
+  	char *passargout = NULL, *passout = NULL;
+  	BIO *out=NULL,*in=NULL;
+  	const EVP_CIPHER *enc=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 111,121 ****
+--- 115,127 ----
+  			if (--argc < 1) goto bad;
+  			passargout= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-rand") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 167,173 ****
+--- 173,181 ----
+  		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+  		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+  #endif
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
+  		BIO_printf(bio_err,"             the random number generator\n");
+***************
+*** 176,182 ****
+--- 184,192 ----
+  		goto end;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+  		BIO_printf(bio_err, "Error getting password\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/genrsa.c ../RELENG_4/crypto/openssl/apps/genrsa.c
+*** crypto/openssl/apps/genrsa.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/genrsa.c	Mon Feb 24 21:14:50 2003
+***************
+*** 81,87 ****
+--- 81,89 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	int ret=1;
+  	RSA *rsa=NULL;
+  	int i,num=DEFBITS;
+***************
+*** 90,96 ****
+--- 92,100 ----
+  	unsigned long f4=RSA_F4;
+  	char *outfile=NULL;
+  	char *passargout = NULL, *passout = NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  	char *inrand=NULL;
+  	BIO *out=NULL;
+  
+***************
+*** 122,132 ****
+--- 126,138 ----
+  			f4=3;
+  		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
+  			f4=RSA_F4;
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-rand") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 177,183 ****
+--- 183,191 ----
+  		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+  		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
+  		BIO_printf(bio_err," -3              use 3 for the E value\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
+  		BIO_printf(bio_err,"                 the random number generator\n");
+***************
+*** 191,197 ****
+--- 199,207 ----
+  		goto err;
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (outfile == NULL)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ocsp.c ../RELENG_4/crypto/openssl/apps/ocsp.c
+*** crypto/openssl/apps/ocsp.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/ocsp.c	Mon Feb 24 21:14:50 2003
+***************
+*** 55,60 ****
+--- 55,61 ----
+   * Hudson (tjh@cryptsoft.com).
+   *
+   */
++ #ifndef OPENSSL_NO_OCSP
+  
+  #include <stdio.h>
+  #include <string.h>
+***************
+*** 722,728 ****
+--- 723,734 ----
+  		}
+  	else if (host)
+  		{
++ #ifndef OPENSSL_NO_SOCK
+  		cbio = BIO_new_connect(host);
++ #else
++ 		BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
++ 		goto end;
++ #endif
+  		if (!cbio)
+  			{
+  			BIO_printf(bio_err, "Error creating connect BIO\n");
+***************
+*** 732,738 ****
+--- 738,753 ----
+  		if (use_ssl == 1)
+  			{
+  			BIO *sbio;
++ #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+  			ctx = SSL_CTX_new(SSLv23_client_method());
++ #elif !defined(OPENSSL_NO_SSL3)
++ 			ctx = SSL_CTX_new(SSLv3_client_method());
++ #elif !defined(OPENSSL_NO_SSL2)
++ 			ctx = SSL_CTX_new(SSLv2_client_method());
++ #else
++ 			BIO_printf(bio_err, "SSL is disabled\n");
++ 			goto end;
++ #endif
+  			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+  			sbio = BIO_new_ssl(ctx, 1);
+  			cbio = BIO_push(sbio, cbio);
+***************
+*** 1139,1145 ****
+--- 1154,1164 ----
+  	bufbio = BIO_new(BIO_f_buffer());
+  	if (!bufbio) 
+  		goto err;
++ #ifndef OPENSSL_NO_SOCK
+  	acbio = BIO_new_accept(port);
++ #else
++ 	BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");
++ #endif
+  	if (!acbio)
+  		goto err;
+  	BIO_set_accept_bios(acbio, bufbio);
+***************
+*** 1226,1228 ****
+--- 1245,1248 ----
+  	return 1;
+  	}
+  
++ #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/openssl.c ../RELENG_4/crypto/openssl/apps/openssl.c
+*** crypto/openssl/apps/openssl.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/openssl.c	Mon Feb 24 21:14:50 2003
+***************
+*** 122,128 ****
+--- 122,130 ----
+  #include <openssl/x509.h>
+  #include <openssl/pem.h>
+  #include <openssl/ssl.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+  #include "progs.h"
+  #include "s_apps.h"
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs12.c ../RELENG_4/crypto/openssl/apps/pkcs12.c
+*** crypto/openssl/apps/pkcs12.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/pkcs12.c	Mon Feb 24 21:14:50 2003
+***************
+*** 120,126 ****
+--- 120,128 ----
+      char *passin = NULL, *passout = NULL;
+      char *inrand = NULL;
+      char *CApath = NULL, *CAfile = NULL;
++ #ifndef OPENSSL_NO_ENGINE
+      char *engine=NULL;
++ #endif
+  
+      apps_startup();
+  
+***************
+*** 252,262 ****
+--- 254,266 ----
+  			args++;	
+  			CAfile = *args;
+  		    } else badarg = 1;
++ #ifndef OPENSSL_NO_ENGINE
+  		} else if (!strcmp(*args,"-engine")) {
+  		    if (args[1]) {
+  			args++;	
+  			engine = *args;
+  		    } else badarg = 1;
++ #endif
+  		} else badarg = 1;
+  
+  	} else badarg = 1;
+***************
+*** 304,317 ****
+--- 308,325 ----
+  	BIO_printf (bio_err, "-password p   set import/export password source\n");
+  	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
+  	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
++ #ifndef OPENSSL_NO_ENGINE
+  	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
++ #endif
+  	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
+  	BIO_printf(bio_err,  "              the random number generator\n");
+      	goto end;
+      }
+  
++ #ifndef OPENSSL_NO_ENGINE
+      e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+      if(passarg) {
+  	if(export_cert) passargout = passarg;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs7.c ../RELENG_4/crypto/openssl/apps/pkcs7.c
+*** crypto/openssl/apps/pkcs7.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/pkcs7.c	Mon Feb 24 21:14:50 2003
+***************
+*** 82,88 ****
+--- 82,90 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	PKCS7 *p7=NULL;
+  	int i,badops=0;
+  	BIO *in=NULL,*out=NULL;
+***************
+*** 90,96 ****
+--- 92,100 ----
+  	char *infile,*outfile,*prog;
+  	int print_certs=0,text=0,noout=0;
+  	int ret=1;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 134,144 ****
+--- 138,150 ----
+  			text=1;
+  		else if (strcmp(*argv,"-print_certs") == 0)
+  			print_certs=1;
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else
+  			{
+  			BIO_printf(bio_err,"unknown option %s\n",*argv);
+***************
+*** 161,174 ****
+--- 167,184 ----
+  		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+  		BIO_printf(bio_err," -text         print full details of certificates\n");
+  		BIO_printf(bio_err," -noout        don't output encoded data\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
++ #endif
+  		ret = 1;
+  		goto end;
+  		}
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	in=BIO_new(BIO_s_file());
+  	out=BIO_new(BIO_s_file());
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs8.c ../RELENG_4/crypto/openssl/apps/pkcs8.c
+*** crypto/openssl/apps/pkcs8.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/pkcs8.c	Mon Feb 24 21:14:50 2003
+***************
+*** 85,91 ****
+--- 85,93 ----
+  	EVP_PKEY *pkey=NULL;
+  	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
+  	int badarg = 0;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+  
+***************
+*** 145,155 ****
+--- 147,159 ----
+  			if (!args[1]) goto bad;
+  			passargout= *(++args);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*args,"-engine") == 0)
+  			{
+  			if (!args[1]) goto bad;
+  			engine= *(++args);
+  			}
++ #endif
+  		else if (!strcmp (*args, "-in")) {
+  			if (args[1]) {
+  				args++;
+***************
+*** 182,192 ****
+--- 186,200 ----
+  		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
+  		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
+  		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  		return (1);
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+  		BIO_printf(bio_err, "Error getting passwords\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/progs.h ../RELENG_4/crypto/openssl/apps/progs.h
+*** crypto/openssl/apps/progs.h	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/progs.h	Mon Feb 24 21:14:50 2003
+***************
+*** 35,41 ****
+--- 35,43 ----
+  extern int spkac_main(int argc,char *argv[]);
+  extern int smime_main(int argc,char *argv[]);
+  extern int rand_main(int argc,char *argv[]);
++ #ifndef OPENSSL_NO_ENGINE
+  extern int engine_main(int argc,char *argv[]);
++ #endif
+  extern int ocsp_main(int argc,char *argv[]);
+  
+  #define FUNC_TYPE_GENERAL	1
+***************
+*** 92,98 ****
+--- 94,102 ----
+  #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+  	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
+  #endif
++ #ifndef OPENSSL_NO_SPEED
+  	{FUNC_TYPE_GENERAL,"speed",speed_main},
++ #endif
+  #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+  	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
+  #endif
+***************
+*** 111,117 ****
+--- 115,123 ----
+  	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
+  	{FUNC_TYPE_GENERAL,"smime",smime_main},
+  	{FUNC_TYPE_GENERAL,"rand",rand_main},
++ #ifndef OPENSSL_NO_ENGINE
+  	{FUNC_TYPE_GENERAL,"engine",engine_main},
++ #endif
+  	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+  #ifndef OPENSSL_NO_MD2
+  	{FUNC_TYPE_MD,"md2",dgst_main},
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rand.c ../RELENG_4/crypto/openssl/apps/rand.c
+*** crypto/openssl/apps/rand.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/rand.c	Mon Feb 24 21:14:50 2003
+***************
+*** 76,82 ****
+--- 76,84 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	int i, r, ret = 1;
+  	int badopt;
+  	char *outfile = NULL;
+***************
+*** 84,90 ****
+--- 86,94 ----
+  	int base64 = 0;
+  	BIO *out = NULL;
+  	int num = -1;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 106,111 ****
+--- 110,116 ----
+  			else
+  				badopt = 1;
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(argv[i], "-engine") == 0)
+  			{
+  			if ((argv[i+1] != NULL) && (engine == NULL))
+***************
+*** 113,118 ****
+--- 118,124 ----
+  			else
+  				badopt = 1;
+  			}
++ #endif
+  		else if (strcmp(argv[i], "-rand") == 0)
+  			{
+  			if ((argv[i+1] != NULL) && (inrand == NULL))
+***************
+*** 150,162 ****
+--- 156,172 ----
+  		BIO_printf(bio_err, "Usage: rand [options] num\n");
+  		BIO_printf(bio_err, "where options are\n");
+  		BIO_printf(bio_err, "-out file             - write to file\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err, "-base64               - encode output\n");
+  		goto err;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+  	if (inrand != NULL)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/req.c ../RELENG_4/crypto/openssl/apps/req.c
+*** crypto/openssl/apps/req.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/req.c	Mon Feb 24 21:14:50 2003
+***************
+*** 162,168 ****
+--- 162,170 ----
+  	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
+  	int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
+  	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  	char *extensions = NULL;
+  	char *req_exts = NULL;
+  	const EVP_CIPHER *cipher=NULL;
+***************
+*** 210,220 ****
+--- 212,224 ----
+  			if (--argc < 1) goto bad;
+  			outformat=str2fmt(*(++argv));
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-key") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 428,434 ****
+--- 432,440 ----
+  		BIO_printf(bio_err," -verify        verify signature on REQ\n");
+  		BIO_printf(bio_err," -modulus       RSA modulus\n");
+  		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
++ #endif
+  		BIO_printf(bio_err," -subject       output the request's subject\n");
+  		BIO_printf(bio_err," -passin        private key password source\n");
+  		BIO_printf(bio_err," -key file      use the private key contained in file\n");
+***************
+*** 453,459 ****
+  		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
+  		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
+  		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
+! 		BIO_printf(bio_err," -nameopt arg   - various certificate name options\n");
+  		BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");
+  		goto end;
+  		}
+--- 459,465 ----
+  		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
+  		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
+  		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
+! 		BIO_printf(bio_err," -nameopt arg    - various certificate name options\n");
+  		BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");
+  		goto end;
+  		}
+***************
+*** 617,623 ****
+--- 623,631 ----
+  	if ((in == NULL) || (out == NULL))
+  		goto end;
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (keyfile != NULL)
+  		{
+***************
+*** 1237,1247 ****
+--- 1245,1261 ----
+  
+  			sprintf(buf,"%s_min",v->name);
+  			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
++ 				{
++ 				ERR_clear_error();
+  				n_min = -1;
++ 				}
+  
+  			sprintf(buf,"%s_max",v->name);
+  			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
++ 				{
++ 				ERR_clear_error();
+  				n_max = -1;
++ 				}
+  
+  			if (!add_DN_object(subj,v->value,def,value,nid,
+  				n_min,n_max, chtype))
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa.c ../RELENG_4/crypto/openssl/apps/rsa.c
+*** crypto/openssl/apps/rsa.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/rsa.c	Mon Feb 24 21:14:50 2003
+***************
+*** 104,110 ****
+--- 104,112 ----
+  	char *infile,*outfile,*prog;
+  	char *passargin = NULL, *passargout = NULL;
+  	char *passin = NULL, *passout = NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  	int modulus=0;
+  
+  	apps_startup();
+***************
+*** 156,166 ****
+--- 158,170 ----
+  			if (--argc < 1) goto bad;
+  			passargout= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-sgckey") == 0)
+  			sgckey=1;
+  		else if (strcmp(*argv,"-pubin") == 0)
+***************
+*** 212,224 ****
+--- 216,232 ----
+  		BIO_printf(bio_err," -check          verify key consistency\n");
+  		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
+  		BIO_printf(bio_err," -pubout         output a public key\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  		goto end;
+  		}
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+  		BIO_printf(bio_err, "Error getting passwords\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsautl.c ../RELENG_4/crypto/openssl/apps/rsautl.c
+*** crypto/openssl/apps/rsautl.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/rsautl.c	Mon Feb 24 21:14:50 2003
+***************
+*** 85,91 ****
+--- 85,93 ----
+  	ENGINE *e = NULL;
+  	BIO *in = NULL, *out = NULL;
+  	char *infile = NULL, *outfile = NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine = NULL;
++ #endif
+  	char *keyfile = NULL;
+  	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
+  	int keyform = FORMAT_PEM;
+***************
+*** 125,133 ****
+--- 127,137 ----
+  		} else if (strcmp(*argv,"-keyform") == 0) {
+  			if (--argc < 1) badarg = 1;
+  			keyform=str2fmt(*(++argv));
++ #ifndef OPENSSL_NO_ENGINE
+  		} else if(!strcmp(*argv, "-engine")) {
+  			if (--argc < 1) badarg = 1;
+  			engine = *(++argv);
++ #endif
+  		} else if(!strcmp(*argv, "-pubin")) {
+  			key_type = KEY_PUBKEY;
+  		} else if(!strcmp(*argv, "-certin")) {
+***************
+*** 162,168 ****
+--- 166,174 ----
+  		goto end;
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  /* FIXME: seed PRNG only if needed */
+  	app_RAND_load_file(NULL, bio_err, 0);
+***************
+*** 305,311 ****
+--- 311,319 ----
+  	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
+  	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
+  	BIO_printf(bio_err, "-hexdump        hex dump output\n");
++ #ifndef OPENSSL_NO_ENGINE
+  	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  
+  }
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_client.c ../RELENG_4/crypto/openssl/apps/s_client.c
+*** crypto/openssl/apps/s_client.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/s_client.c	Mon Feb 24 21:14:50 2003
+***************
+*** 222,228 ****
+--- 222,230 ----
+  	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
+  	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
+  	BIO_printf(bio_err,"                 only \"smtp\" is supported.\n");
++ #ifndef OPENSSL_NO_ENGINE
+  	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
++ #endif
+  	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  
+  	}
+***************
+*** 254,261 ****
+--- 256,265 ----
+  	SSL_METHOD *meth=NULL;
+  	BIO *sbio;
+  	char *inrand=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine_id=NULL;
+  	ENGINE *e=NULL;
++ #endif
+  #ifdef OPENSSL_SYS_WINDOWS
+  	struct timeval tv;
+  #endif
+***************
+*** 415,425 ****
+--- 419,431 ----
+  			else
+  				goto bad;
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if	(strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine_id = *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-rand") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 444,450 ****
+--- 450,458 ----
+  	OpenSSL_add_ssl_algorithms();
+  	SSL_load_error_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine_id, 1);
++ #endif
+  
+  	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+  		&& !RAND_status())
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_server.c ../RELENG_4/crypto/openssl/apps/s_server.c
+*** crypto/openssl/apps/s_server.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/s_server.c	Mon Feb 24 21:14:50 2003
+***************
+*** 242,248 ****
+--- 242,250 ----
+  static int s_quiet=0;
+  
+  static int hack=0;
++ #ifndef OPENSSL_NO_ENGINE
+  static char *engine_id=NULL;
++ #endif
+  static const char *session_id_prefix=NULL;
+  
+  #ifdef MONOLITH
+***************
+*** 267,273 ****
+--- 269,277 ----
+  	s_msg=0;
+  	s_quiet=0;
+  	hack=0;
++ #ifndef OPENSSL_NO_ENGINE
+  	engine_id=NULL;
++ #endif
+  	}
+  #endif
+  
+***************
+*** 316,322 ****
+--- 320,328 ----
+  	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+  	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+          BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");
++ #ifndef OPENSSL_NO_ENGINE
+  	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
++ #endif
+  	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
+  	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  	}
+***************
+*** 490,496 ****
+--- 496,504 ----
+  	int no_tmp_rsa=0,no_dhe=0,nocert=0;
+  	int state=0;
+  	SSL_METHOD *meth=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e=NULL;
++ #endif
+  	char *inrand=NULL;
+  
+  #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+***************
+*** 665,675 ****
+--- 673,685 ----
+  			if (--argc < 1) goto bad;
+  			session_id_prefix = *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine_id= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-rand") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 694,700 ****
+--- 704,712 ----
+  	SSL_load_error_strings();
+  	OpenSSL_add_ssl_algorithms();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine_id, 1);
++ #endif
+  
+  	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+  		&& !RAND_status())
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/smime.c ../RELENG_4/crypto/openssl/apps/smime.c
+*** crypto/openssl/apps/smime.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/smime.c	Mon Feb 24 21:14:50 2003
+***************
+*** 104,110 ****
+--- 104,112 ----
+  	int need_rand = 0;
+  	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+          int keyform = FORMAT_PEM;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	args = argv + 1;
+  	ret = 1;
+***************
+*** 176,186 ****
+--- 178,190 ----
+  				inrand = *args;
+  			} else badarg = 1;
+  			need_rand = 1;
++ #ifndef OPENSSL_NO_ENGINE
+  		} else if (!strcmp(*args,"-engine")) {
+  			if (args[1]) {
+  				args++;
+  				engine = *args;
+  			} else badarg = 1;
++ #endif
+  		} else if (!strcmp(*args,"-passin")) {
+  			if (args[1]) {
+  				args++;
+***************
+*** 330,336 ****
+--- 334,342 ----
+  		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+  		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+  		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
+  		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
+***************
+*** 339,345 ****
+--- 345,353 ----
+  		goto end;
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+  		BIO_printf(bio_err, "Error getting password\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/speed.c ../RELENG_4/crypto/openssl/apps/speed.c
+*** crypto/openssl/apps/speed.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/speed.c	Mon Feb 24 21:14:50 2003
+***************
+*** 58,63 ****
+--- 58,65 ----
+  
+  /* most of this code has been pilfered from my libdes speed.c program */
+  
++ #ifndef OPENSSL_NO_SPEED
++ 
+  #undef SECONDS
+  #define SECONDS		3	
+  #define RSA_SECONDS	10
+***************
+*** 370,376 ****
+--- 372,380 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	unsigned char *buf=NULL,*buf2=NULL;
+  	int mret=1;
+  	long count=0,save_count=0;
+***************
+*** 590,595 ****
+--- 594,600 ----
+  			j--;	/* Otherwise, -elapsed gets confused with
+  				   an algorithm. */
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
+  			{
+  			argc--;
+***************
+*** 606,611 ****
+--- 611,617 ----
+  			   means all of them should be run) */
+  			j--;
+  			}
++ #endif
+  #ifdef HAVE_FORK
+  		else if	((argc > 0) && (strcmp(*argv,"-multi") == 0))
+  			{
+***************
+*** 865,871 ****
+--- 871,879 ----
+  #if defined(TIMES) || defined(USE_TOD)
+  			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+  #endif
++ #ifndef OPENSSL_NO_ENGINE
+  			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  			BIO_printf(bio_err,"-evp e          use EVP e.\n");
+  			BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
+  			BIO_printf(bio_err,"-mr             produce machine readable output.\n");
+***************
+*** 1393,1398 ****
+--- 1401,1407 ----
+  				else
+  					EVP_EncryptFinal_ex(&ctx,buf,&outl);
+  				d=Time_F(STOP);
++ 				EVP_CIPHER_CTX_cleanup(&ctx);
+  				}
+  			if (evp_md)
+  				{
+***************
+*** 1938,1941 ****
+--- 1947,1951 ----
+  		}
+  	return 1;
+  	}
++ #endif
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/spkac.c ../RELENG_4/crypto/openssl/apps/spkac.c
+*** crypto/openssl/apps/spkac.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/spkac.c	Mon Feb 24 21:14:50 2003
+***************
+*** 92,98 ****
+--- 92,100 ----
+  	CONF *conf = NULL;
+  	NETSCAPE_SPKI *spki = NULL;
+  	EVP_PKEY *pkey = NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 141,151 ****
+--- 143,155 ----
+  			if (--argc < 1) goto bad;
+  			spksect= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-noout") == 0)
+  			noout=1;
+  		else if (strcmp(*argv,"-pubkey") == 0)
+***************
+*** 171,177 ****
+--- 175,183 ----
+  		BIO_printf(bio_err," -noout         don't print SPKAC\n");
+  		BIO_printf(bio_err," -pubkey        output public key\n");
+  		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
++ #endif
+  		goto end;
+  		}
+  
+***************
+*** 181,187 ****
+--- 187,195 ----
+  		goto end;
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(keyfile) {
+  		pkey = load_key(bio_err,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/verify.c ../RELENG_4/crypto/openssl/apps/verify.c
+*** crypto/openssl/apps/verify.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/verify.c	Mon Feb 24 21:14:50 2003
+***************
+*** 86,92 ****
+--- 86,94 ----
+  	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
+  	X509_STORE *cert_ctx=NULL;
+  	X509_LOOKUP *lookup=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	cert_ctx=X509_STORE_new();
+  	if (cert_ctx == NULL) goto end;
+***************
+*** 142,152 ****
+--- 144,156 ----
+  				if (argc-- < 1) goto end;
+  				trustfile= *(++argv);
+  				}
++ #ifndef OPENSSL_NO_ENGINE
+  			else if (strcmp(*argv,"-engine") == 0)
+  				{
+  				if (--argc < 1) goto end;
+  				engine= *(++argv);
+  				}
++ #endif
+  			else if (strcmp(*argv,"-help") == 0)
+  				goto end;
+  			else if (strcmp(*argv,"-ignore_critical") == 0)
+***************
+*** 170,176 ****
+--- 174,182 ----
+  			break;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
+  	if (lookup == NULL) abort();
+***************
+*** 219,225 ****
+  	ret=0;
+  end:
+  	if (ret == 1) {
+! 		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n");
+  		BIO_printf(bio_err,"recognized usages:\n");
+  		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+  			X509_PURPOSE *ptmp;
+--- 225,235 ----
+  	ret=0;
+  end:
+  	if (ret == 1) {
+! 		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+! #ifndef OPENSSL_NO_ENGINE
+! 		BIO_printf(bio_err," [-engine e]");
+! #endif
+! 		BIO_printf(bio_err," cert1 cert2 ...\n");
+  		BIO_printf(bio_err,"recognized usages:\n");
+  		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+  			X509_PURPOSE *ptmp;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/x509.c ../RELENG_4/crypto/openssl/apps/x509.c
+*** crypto/openssl/apps/x509.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/x509.c	Mon Feb 24 21:14:50 2003
+***************
+*** 131,137 ****
+--- 131,139 ----
+  " -extensions     - section from config file with X509V3 extensions to add\n",
+  " -clrext         - delete extensions before signing and input certificate\n",
+  " -nameopt arg    - various certificate name options\n",
++ #ifndef OPENSSL_NO_ENGINE
+  " -engine e       - use engine e, possibly a hardware device.\n",
++ #endif
+  " -certopt arg    - various certificate text options\n",
+  NULL
+  };
+***************
+*** 183,189 ****
+--- 185,193 ----
+  	int need_rand = 0;
+  	int checkend=0,checkoffset=0;
+  	unsigned long nmflag = 0, certflag = 0;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	reqfile=0;
+  
+***************
+*** 360,370 ****
+--- 364,376 ----
+  			alias= *(++argv);
+  			trustout = 1;
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-C") == 0)
+  			C= ++num;
+  		else if (strcmp(*argv,"-email") == 0)
+***************
+*** 450,456 ****
+--- 456,464 ----
+  		goto end;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (need_rand)
+  		app_RAND_load_file(NULL, bio_err, 0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/config ../RELENG_4/crypto/openssl/config
+*** crypto/openssl/config	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/config	Mon Feb 24 21:14:49 2003
+***************
+*** 74,107 ****
+  		echo "whatever-whatever-sco5"; exit 0
+  		;;
+  	    4.2MP)
+! 		if [ "x$VERSION" = "x2.01" ]; then
+! 		    echo "${MACHINE}-whatever-unixware201"; exit 0
+! 		elif [ "x$VERSION" = "x2.02" ]; then
+! 		    echo "${MACHINE}-whatever-unixware202"; exit 0
+! 		elif [ "x$VERSION" = "x2.03" ]; then
+! 		    echo "${MACHINE}-whatever-unixware203"; exit 0
+! 		elif [ "x$VERSION" = "x2.1.1" ]; then
+! 		    echo "${MACHINE}-whatever-unixware211"; exit 0
+! 		elif [ "x$VERSION" = "x2.1.2" ]; then
+! 		    echo "${MACHINE}-whatever-unixware212"; exit 0
+! 		elif [ "x$VERSION" = "x2.1.3" ]; then
+! 		    echo "${MACHINE}-whatever-unixware213"; exit 0
+! 		else
+! 		    echo "${MACHINE}-whatever-unixware2"; exit 0
+! 		fi
+  		;;
+  	    4.2)
+! 		echo "whatever-whatever-unixware1"; exit 0
+! 		;;
+! 	    OpenUNIX)
+! 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
+! 		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
+! 		fi
+  		;;
+  	    5)
+! 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
+! 		    echo "${MACHINE}-sco-unixware7"; exit 0
+! 		fi
+  		;;
+  	esac
+      fi
+--- 74,100 ----
+  		echo "whatever-whatever-sco5"; exit 0
+  		;;
+  	    4.2MP)
+! 		case "x${VERSION}" in
+! 		    x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;;
+! 		    x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;;
+! 		    x2*)   echo "whatever-whatever-unixware2";  exit 0 ;;
+! 		esac
+  		;;
+  	    4.2)
+! 		echo "i386-whatever-unixware1"; exit 0
+  		;;
+  	    5)
+! 		case "x${VERSION}" in
+! 		    # We hardcode i586 in place of ${MACHINE} for the
+! 		    # following reason. The catch is that even though Pentium
+! 		    # is minimum requirement for platforms in question,
+! 		    # ${MACHINE} gets always assigned to i386. Now, problem
+! 		    # with i386 is that it makes ./config pass 386 to
+! 		    # ./Configure, which in turn makes make generate
+! 		    # inefficient SHA-1 (for this moment) code.
+! 		    x7*)  echo "i586-sco-unixware7";           exit 0 ;;
+! 		    x8*)  echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;;
+! 		esac
+  		;;
+  	esac
+      fi
+***************
+*** 196,202 ****
+  	echo "${MACHINE}-whatever-bsdi"; exit 0
+  	;;
+  
+!     FreeBSD:*)
+          VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+          MACH=`sysctl -n hw.model`
+          ARCH='whatever'
+--- 189,195 ----
+  	echo "${MACHINE}-whatever-bsdi"; exit 0
+  	;;
+  
+!     FreeBSD:*:*:*386*)
+          VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+          MACH=`sysctl -n hw.model`
+          ARCH='whatever'
+***************
+*** 205,211 ****
+             *486*       ) MACH="i486"     ;;
+             Pentium\ II*) MACH="i686"     ;;
+             Pentium*    ) MACH="i586"     ;;
+-            Alpha*      ) MACH="alpha"    ;;
+             *           ) MACH="$MACHINE" ;;
+          esac
+          case ${MACH} in
+--- 198,203 ----
+***************
+*** 214,219 ****
+--- 206,215 ----
+          echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
+          ;;
+  
++     FreeBSD:*)
++ 	echo "${MACHINE}-whatever-freebsd"; exit 0
++ 	;;
++ 
+      NetBSD:*:*:*386*)
+          echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
+  	;;
+***************
+*** 461,466 ****
+--- 457,466 ----
+    fi
+  fi
+  
++ if [ "${SYSTEM}" = "AIX" ]; then	# favor vendor cc over gcc
++     (cc) 2>&1 | grep -iv "command not found" > /dev/null && CC=cc
++ fi
++ 
+  CCVER=${CCVER:-0}
+  
+  # read the output of the embedded GuessOS 
+***************
+*** 547,553 ****
+    ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
+    i386-apple-darwin*) OUT="darwin-i386-cc" ;;
+    sparc64-*-linux2)
+! 	echo "WARNING! If *know* that your GNU C supports 64-bit/V9 ABI"
+  	echo "         and wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	if [ "$TEST" = "false" ]; then
+--- 547,553 ----
+    ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
+    i386-apple-darwin*) OUT="darwin-i386-cc" ;;
+    sparc64-*-linux2)
+! 	echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
+  	echo "         and wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	if [ "$TEST" = "false" ]; then
+***************
+*** 640,645 ****
+--- 640,647 ----
+    *86*-*-solaris2) OUT="solaris-x86-$CC" ;;
+    *-*-sunos4) OUT="sunos-$CC" ;;
+    alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
++   sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
++   ia64-*-freebsd*) OUT="FreeBSD-ia64" ;;
+    *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
+    *-freebsd[1-2]*) OUT="FreeBSD" ;;
+    *86*-*-netbsd) OUT="NetBSD-x86" ;;
+***************
+*** 696,704 ****
+  	CPU_VERSION=${CPU_VERSION:-0}
+  	# See <sys/unistd.h> for further info on CPU_VERSION.
+  	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
+! 	     echo "NOTICE! 64-bit is the only ABI currently operational on HP-UXi."
+! 	     echo "        Post request to openssl-dev@openssl.org for 32-bit support."
+  	     if [ "$TEST" = "false" ]; then
+  		(stty -icanon min 0 time 50; read waste) < /dev/tty
+  	     fi
+  	     OUT="hpux64-ia64-cc"
+--- 698,708 ----
+  	CPU_VERSION=${CPU_VERSION:-0}
+  	# See <sys/unistd.h> for further info on CPU_VERSION.
+  	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
+! 	     echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
+! 	     echo "         If you wish to build 32-bit library, the you have to"
+! 	     echo "         invoke './Configure hpux-ia32-cc' *manually*."
+  	     if [ "$TEST" = "false" ]; then
++ 		echo "         You have about 5 seconds to press Ctrl-C to abort."
+  		(stty -icanon min 0 time 50; read waste) < /dev/tty
+  	     fi
+  	     OUT="hpux64-ia64-cc"
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/aes/aes_core.c ../RELENG_4/crypto/openssl/crypto/aes/aes_core.c
+*** crypto/openssl/crypto/aes/aes_core.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/aes/aes_core.c	Mon Feb 24 21:14:51 2003
+***************
+*** 750,756 ****
+  	rk[2] = GETU32(userKey +  8);
+  	rk[3] = GETU32(userKey + 12);
+  	if (bits == 128) {
+! 		for (;;) {
+  			temp  = rk[3];
+  			rk[4] = rk[0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+--- 750,756 ----
+  	rk[2] = GETU32(userKey +  8);
+  	rk[3] = GETU32(userKey + 12);
+  	if (bits == 128) {
+! 		while (1) {
+  			temp  = rk[3];
+  			rk[4] = rk[0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+***************
+*** 770,776 ****
+  	rk[4] = GETU32(userKey + 16);
+  	rk[5] = GETU32(userKey + 20);
+  	if (bits == 192) {
+! 		for (;;) {
+  			temp = rk[ 5];
+  			rk[ 6] = rk[ 0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+--- 770,776 ----
+  	rk[4] = GETU32(userKey + 16);
+  	rk[5] = GETU32(userKey + 20);
+  	if (bits == 192) {
+! 		while (1) {
+  			temp = rk[ 5];
+  			rk[ 6] = rk[ 0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+***************
+*** 792,798 ****
+  	rk[6] = GETU32(userKey + 24);
+  	rk[7] = GETU32(userKey + 28);
+  	if (bits == 256) {
+! 		for (;;) {
+  			temp = rk[ 7];
+  			rk[ 8] = rk[ 0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+--- 792,798 ----
+  	rk[6] = GETU32(userKey + 24);
+  	rk[7] = GETU32(userKey + 28);
+  	if (bits == 256) {
+! 		while (1) {
+  			temp = rk[ 7];
+  			rk[ 8] = rk[ 0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_time.c ../RELENG_4/crypto/openssl/crypto/asn1/a_time.c
+*** crypto/openssl/crypto/asn1/a_time.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/asn1/a_time.c	Mon Feb 24 21:14:51 2003
+***************
+*** 105,111 ****
+--- 105,114 ----
+  
+  	ts=OPENSSL_gmtime(&t,&data);
+  	if (ts == NULL)
++ 		{
++ 		ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+  		return NULL;
++ 		}
+  	if((ts->tm_year >= 50) && (ts->tm_year < 150))
+  					return ASN1_UTCTIME_set(s, t);
+  	return ASN1_GENERALIZEDTIME_set(s,t);
+***************
+*** 152,158 ****
+  	if (t->data[0] >= '5') strcpy(str, "19");
+  	else strcpy(str, "20");
+  
+! 	BUF_strlcat(str, (char *)t->data, t->length+2);
+  
+  	return ret;
+  	}
+--- 155,161 ----
+  	if (t->data[0] >= '5') strcpy(str, "19");
+  	else strcpy(str, "20");
+  
+! 	BUF_strlcat(str, (char *)t->data, t->length+3);	/* Include space for a '\0' */
+  
+  	return ret;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/asn1.h ../RELENG_4/crypto/openssl/crypto/asn1/asn1.h
+*** crypto/openssl/crypto/asn1/asn1.h	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/asn1/asn1.h	Mon Feb 24 21:14:51 2003
+***************
+*** 980,985 ****
+--- 980,986 ----
+  #define ASN1_F_ASN1_TEMPLATE_D2I			 131
+  #define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
+  #define ASN1_F_ASN1_TEMPLATE_NEW			 133
++ #define ASN1_F_ASN1_TIME_SET				 175
+  #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
+  #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
+  #define ASN1_F_ASN1_UNPACK_STRING			 136
+***************
+*** 1037,1042 ****
+--- 1038,1044 ----
+  #define ASN1_R_DECODE_ERROR				 110
+  #define ASN1_R_DECODING_ERROR				 111
+  #define ASN1_R_ENCODE_ERROR				 112
++ #define ASN1_R_ERROR_GETTING_TIME			 173
+  #define ASN1_R_ERROR_LOADING_SECTION			 172
+  #define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
+  #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/asn1_err.c ../RELENG_4/crypto/openssl/crypto/asn1/asn1_err.c
+*** crypto/openssl/crypto/asn1/asn1_err.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/asn1/asn1_err.c	Mon Feb 24 21:14:51 2003
+***************
+*** 1,6 ****
+  /* crypto/asn1/asn1_err.c */
+  /* ====================================================================
+!  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 1,6 ----
+  /* crypto/asn1/asn1_err.c */
+  /* ====================================================================
+!  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+***************
+*** 100,105 ****
+--- 100,106 ----
+  {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
+  {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),	"ASN1_TEMPLATE_EX_D2I"},
+  {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),	"ASN1_TEMPLATE_NEW"},
++ {ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0),	"ASN1_TIME_set"},
+  {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
+  {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
+  {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
+***************
+*** 160,165 ****
+--- 161,167 ----
+  {ASN1_R_DECODE_ERROR                     ,"decode error"},
+  {ASN1_R_DECODING_ERROR                   ,"decoding error"},
+  {ASN1_R_ENCODE_ERROR                     ,"encode error"},
++ {ASN1_R_ERROR_GETTING_TIME               ,"error getting time"},
+  {ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
+  {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
+  {ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/bf/Makefile.ssl
+*** crypto/openssl/crypto/bf/Makefile.ssl	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/bf/Makefile.ssl	Mon Feb 24 21:14:51 2003
+***************
+*** 49,62 ****
+  	@touch lib
+  
+  # elf
+! asm/bx86-elf.o: asm/bx86unix.cpp
+! 	$(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o
+! 
+! # solaris
+! asm/bx86-sol.o: asm/bx86unix.cpp
+! 	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+! 	as -o asm/bx86-sol.o asm/bx86-sol.s
+! 	rm -f asm/bx86-sol.s
+  
+  # a.out
+  asm/bx86-out.o: asm/bx86unix.cpp
+--- 49,56 ----
+  	@touch lib
+  
+  # elf
+! asm/bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+! 	(cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > bx86-elf.s)
+  
+  # a.out
+  asm/bx86-out.o: asm/bx86unix.cpp
+***************
+*** 103,109 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 97,103 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/bx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/b_sock.c ../RELENG_4/crypto/openssl/crypto/bio/b_sock.c
+*** crypto/openssl/crypto/bio/b_sock.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/bio/b_sock.c	Mon Feb 24 21:14:51 2003
+***************
+*** 492,498 ****
+  
+  #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
+  
+! int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
+  	{
+  	int i;
+  
+--- 492,498 ----
+  
+  #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
+  
+! int BIO_socket_ioctl(int fd, long type, void *arg)
+  	{
+  	int i;
+  
+***************
+*** 742,748 ****
+  int BIO_socket_nbio(int s, int mode)
+  	{
+  	int ret= -1;
+! 	unsigned long l;
+  
+  	l=mode;
+  #ifdef FIONBIO
+--- 742,748 ----
+  int BIO_socket_nbio(int s, int mode)
+  	{
+  	int ret= -1;
+! 	int l;
+  
+  	l=mode;
+  #ifdef FIONBIO
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bio.h ../RELENG_4/crypto/openssl/crypto/bio/bio.h
+*** crypto/openssl/crypto/bio/bio.h	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/bio/bio.h	Mon Feb 24 21:14:51 2003
+***************
+*** 244,250 ****
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_fat *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+--- 244,250 ----
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_far *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+***************
+*** 585,591 ****
+   * and an appropriate error code is set).
+   */
+  int BIO_sock_error(int sock);
+! int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
+  int BIO_socket_nbio(int fd,int mode);
+  int BIO_get_port(const char *str, unsigned short *port_ptr);
+  int BIO_get_host_ip(const char *str, unsigned char *ip);
+--- 585,591 ----
+   * and an appropriate error code is set).
+   */
+  int BIO_sock_error(int sock);
+! int BIO_socket_ioctl(int fd, long type, void *arg);
+  int BIO_socket_nbio(int fd,int mode);
+  int BIO_get_port(const char *str, unsigned short *port_ptr);
+  int BIO_get_host_ip(const char *str, unsigned char *ip);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bio_lib.c ../RELENG_4/crypto/openssl/crypto/bio/bio_lib.c
+*** crypto/openssl/crypto/bio/bio_lib.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/bio/bio_lib.c	Mon Feb 24 21:14:51 2003
+***************
+*** 395,400 ****
+--- 395,402 ----
+  	if (b == NULL) return(NULL);
+  	ret=b->next_bio;
+  
++ 	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
++ 
+  	if (b->prev_bio != NULL)
+  		b->prev_bio->next_bio=b->next_bio;
+  	if (b->next_bio != NULL)
+***************
+*** 402,408 ****
+  
+  	b->next_bio=NULL;
+  	b->prev_bio=NULL;
+- 	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+  	return(ret);
+  	}
+  
+--- 404,409 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/bn/Makefile.ssl
+*** crypto/openssl/crypto/bn/Makefile.ssl	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/bn/Makefile.ssl	Mon Feb 24 21:14:51 2003
+***************
+*** 23,36 ****
+  
+  CFLAGS= $(INCLUDES) $(CFLAG)
+  
+- # We let the C compiler driver to take care of .s files. This is done in
+- # order to be excused from maintaining a separate set of architecture
+- # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+- # gcc, then the driver will automatically translate it to -xarch=v8plus
+- # and pass it down to assembler.
+- AS=$(CC) -c
+- ASFLAGS=$(CFLAGS)
+- 
+  GENERAL=Makefile
+  TEST=bntest.c exptest.c
+  APPS=
+--- 23,28 ----
+***************
+*** 73,94 ****
+  	@touch lib
+  
+  # elf
+! asm/bn86-elf.o: asm/bn86unix.cpp
+! 	$(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o
+! 
+! asm/co86-elf.o: asm/co86unix.cpp
+! 	$(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o
+  
+! # solaris
+! asm/bn86-sol.o: asm/bn86unix.cpp
+! 	$(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
+! 	as -o asm/bn86-sol.o asm/bn86-sol.s
+! 	rm -f asm/bn86-sol.s
+! 
+! asm/co86-sol.o: asm/co86unix.cpp
+! 	$(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s
+! 	as -o asm/co86-sol.o asm/co86-sol.s
+! 	rm -f asm/co86-sol.s
+  
+  # a.out
+  asm/bn86-out.o: asm/bn86unix.cpp
+--- 65,75 ----
+  	@touch lib
+  
+  # elf
+! asm/bn86-elf.s:	asm/bn-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > bn86-elf.s)
+  
+! asm/co86-elf.s:	asm/co-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) co-586.pl elf $(CFLAGS) > co86-elf.s)
+  
+  # a.out
+  asm/bn86-out.o: asm/bn86unix.cpp
+***************
+*** 178,184 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 159,165 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/co86unix.cpp asm/bn86unix.cpp asm/*-elf.* *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/asm/ia64.S ../RELENG_4/crypto/openssl/crypto/bn/asm/ia64.S
+*** crypto/openssl/crypto/bn/asm/ia64.S	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/bn/asm/ia64.S	Mon Feb 24 21:14:52 2003
+***************
+*** 1,6 ****
+  .explicit
+  .text
+! .ident	"ia64.S, Version 1.1"
+  .ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+  
+  //
+--- 1,6 ----
+  .explicit
+  .text
+! .ident	"ia64.S, Version 2.0"
+  .ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+  
+  //
+***************
+*** 13,18 ****
+--- 13,47 ----
+  // disclaimed.
+  // ====================================================================
+  //
++ // Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
++ // different from Itanium to this module viewpoint. Most notably, is it
++ // "wider" than Itanium? Can you experience loop scalability as
++ // discussed in commentary sections? Not really:-( Itanium2 has 6
++ // integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
++ // spin twice as fast, as I need 8 IALU ports. Amount of floating point
++ // ports is the same, i.e. 2, while I need 4. In other words, to this
++ // module Itanium2 remains effectively as "wide" as Itanium. Yet it's
++ // essentially different in respect to this module, and a re-tune was
++ // required. Well, because some intruction latencies has changed. Most
++ // noticeably those intensively used:
++ //
++ //			Itanium	Itanium2
++ //	ldf8		9	6		L2 hit
++ //	ld8		2	1		L1 hit
++ //	getf		2	5
++ //	xma[->getf]	7[+1]	4[+0]
++ //	add[->st8]	1[+1]	1[+0]
++ //
++ // What does it mean? You might ratiocinate that the original code
++ // should run just faster... Because sum of latencies is smaller...
++ // Wrong! Note that getf latency increased. This means that if a loop is
++ // scheduled for lower latency (and they are), then it will suffer from
++ // stall condition and the code will therefore turn anti-scalable, e.g.
++ // original bn_mul_words spun at 5*n or 2.5 times slower than expected
++ // on Itanium2! What to do? Reschedule loops for Itanium2? But then
++ // Itanium would exhibit anti-scalability. So I've chosen to reschedule
++ // for worst latency for every instruction aiming for best *all-round*
++ // performance.  
+  
+  // Q.	How much faster does it get?
+  // A.	Here is the output from 'openssl speed rsa dsa' for vanilla
+***************
+*** 149,160 ****
+  	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
+  					}
+  	.body
+! { .mib;	mov		r14=r32			// rp
+  	mov		r9=pr		};;
+! { .mii;	mov		r15=r33			// ap
+  	mov		ar.lc=r10
+  	mov		ar.ec=6		}
+! { .mib;	mov		r16=r34			// bp
+  	mov		pr.rot=1<<16	};;
+  
+  .L_bn_add_words_ctop:
+--- 178,204 ----
+  	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
+  					}
+  	.body
+! { .mib;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r14=0,r32		// rp
+! #else
+! 	mov		r14=r32			// rp
+! #endif
+  	mov		r9=pr		};;
+! { .mii;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r15=0,r33		// ap
+! #else
+! 	mov		r15=r33			// ap
+! #endif
+  	mov		ar.lc=r10
+  	mov		ar.ec=6		}
+! { .mib;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r16=0,r34		// bp
+! #else
+! 	mov		r16=r34			// bp
+! #endif
+  	mov		pr.rot=1<<16	};;
+  
+  .L_bn_add_words_ctop:
+***************
+*** 174,180 ****
+  
+  { .mii;
+  (p59)	add		r8=1,r8		// return value
+! 	mov		pr=r9,-1
+  	mov		ar.lc=r3	}
+  { .mbb;	nop.b		0x0
+  	br.ret.sptk.many	b0	};;
+--- 218,224 ----
+  
+  { .mii;
+  (p59)	add		r8=1,r8		// return value
+! 	mov		pr=r9,0x1ffff
+  	mov		ar.lc=r3	}
+  { .mbb;	nop.b		0x0
+  	br.ret.sptk.many	b0	};;
+***************
+*** 202,213 ****
+  	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
+  					}
+  	.body
+! { .mib;	mov		r14=r32			// rp
+  	mov		r9=pr		};;
+! { .mii;	mov		r15=r33			// ap
+  	mov		ar.lc=r10
+  	mov		ar.ec=6		}
+! { .mib;	mov		r16=r34			// bp
+  	mov		pr.rot=1<<16	};;
+  
+  .L_bn_sub_words_ctop:
+--- 246,272 ----
+  	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
+  					}
+  	.body
+! { .mib;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r14=0,r32		// rp
+! #else
+! 	mov		r14=r32			// rp
+! #endif
+  	mov		r9=pr		};;
+! { .mii;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r15=0,r33		// ap
+! #else
+! 	mov		r15=r33			// ap
+! #endif
+  	mov		ar.lc=r10
+  	mov		ar.ec=6		}
+! { .mib;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r16=0,r34		// bp
+! #else
+! 	mov		r16=r34			// bp
+! #endif
+  	mov		pr.rot=1<<16	};;
+  
+  .L_bn_sub_words_ctop:
+***************
+*** 227,233 ****
+  
+  { .mii;
+  (p59)	add		r8=1,r8		// return value
+! 	mov		pr=r9,-1
+  	mov		ar.lc=r3	}
+  { .mbb;	nop.b		0x0
+  	br.ret.sptk.many	b0	};;
+--- 286,292 ----
+  
+  { .mii;
+  (p59)	add		r8=1,r8		// return value
+! 	mov		pr=r9,0x1ffff
+  	mov		ar.lc=r3	}
+  { .mbb;	nop.b		0x0
+  	br.ret.sptk.many	b0	};;
+***************
+*** 253,259 ****
+  #ifdef XMA_TEMPTATION
+  { .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;
+  #else
+! { .mfi;	alloc		r2=ar.pfs,4,4,0,8	};;
+  #endif
+  { .mib;	mov		r8=r0			// return value
+  	cmp4.le		p6,p0=r34,r0
+--- 312,318 ----
+  #ifdef XMA_TEMPTATION
+  { .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;
+  #else
+! { .mfi;	alloc		r2=ar.pfs,4,12,0,16	};;
+  #endif
+  { .mib;	mov		r8=r0			// return value
+  	cmp4.le		p6,p0=r34,r0
+***************
+*** 266,289 ****
+  
+  	.body
+  { .mib;	setf.sig	f8=r35	// w
+! 	mov		pr.rot=0x400001<<16
+! 			// ------^----- serves as (p48) at first (p26)
+  	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
+  					}
+  
+  #ifndef XMA_TEMPTATION
+  
+! { .mii;	mov		r14=r32	// rp
+! 	mov		r15=r33	// ap
+  	mov		ar.lc=r10	}
+! { .mii;	mov		r39=0	// serves as r33 at first (p26)
+! 	mov		ar.ec=12	};;
+  
+! // This loop spins in 2*(n+11) ticks. It's scheduled for data in L2
+! // cache (i.e. 9 ticks away) as floating point load/store instructions
+  // bypass L1 cache and L2 latency is actually best-case scenario for
+! // ldf8. The loop is not scalable and shall run in 2*(n+11) even on
+! // "wider" IA-64 implementations. It's a trade-off here. n+22 loop
+  // would give us ~5% in *overall* performance improvement on "wider"
+  // IA-64, but would hurt Itanium for about same because of longer
+  // epilogue. As it's a matter of few percents in either case I've
+--- 325,354 ----
+  
+  	.body
+  { .mib;	setf.sig	f8=r35	// w
+! 	mov		pr.rot=0x800001<<16
+! 			// ------^----- serves as (p50) at first (p27)
+  	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
+  					}
+  
+  #ifndef XMA_TEMPTATION
+  
+! { .mii;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r14=0,r32	// rp
+! 	addp4		r15=0,r33	// ap
+! #else
+! 	mov		r14=r32		// rp
+! 	mov		r15=r33		// ap
+! #endif
+  	mov		ar.lc=r10	}
+! { .mii;	mov		r40=0	// serves as r35 at first (p27)
+! 	mov		ar.ec=13	};;
+  
+! // This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
+! // L2 cache (i.e. 9 ticks away) as floating point load/store instructions
+  // bypass L1 cache and L2 latency is actually best-case scenario for
+! // ldf8. The loop is not scalable and shall run in 2*(n+12) even on
+! // "wider" IA-64 implementations. It's a trade-off here. n+24 loop
+  // would give us ~5% in *overall* performance improvement on "wider"
+  // IA-64, but would hurt Itanium for about same because of longer
+  // epilogue. As it's a matter of few percents in either case I've
+***************
+*** 291,315 ****
+  // this very instruction sequence in bn_mul_add_words loop which in
+  // turn is scalable).
+  .L_bn_mul_words_ctop:
+! { .mfi;	(p25)	getf.sig	r36=f49			// low
+! 	(p21)	xmpy.lu		f45=f37,f8
+! 	(p27)	cmp.ltu		p52,p48=r39,r38	}
+  { .mfi;	(p16)	ldf8		f32=[r15],8
+! 	(p21)	xmpy.hu		f38=f37,f8
+  	(p0)	nop.i		0x0		};;
+! { .mii;	(p26)	getf.sig	r32=f43			// high
+! 	.pred.rel	"mutex",p48,p52
+! 	(p48)	add		r38=r37,r33		// (p26)
+! 	(p52)	add		r38=r37,r33,1	}	// (p26)
+! { .mfb;	(p27)	st8		[r14]=r39,8
+  	(p0)	nop.f		0x0
+  	br.ctop.sptk	.L_bn_mul_words_ctop	};;
+  .L_bn_mul_words_cend:
+  
+  { .mii;	nop.m		0x0
+! .pred.rel	"mutex",p49,p53
+! (p49)	add		r8=r34,r0
+! (p53)	add		r8=r34,r0,1	}
+  { .mfb;	nop.m	0x0
+  	nop.f	0x0
+  	nop.b	0x0			}
+--- 356,380 ----
+  // this very instruction sequence in bn_mul_add_words loop which in
+  // turn is scalable).
+  .L_bn_mul_words_ctop:
+! { .mfi;	(p25)	getf.sig	r36=f52			// low
+! 	(p21)	xmpy.lu		f48=f37,f8
+! 	(p28)	cmp.ltu		p54,p50=r41,r39	}
+  { .mfi;	(p16)	ldf8		f32=[r15],8
+! 	(p21)	xmpy.hu		f40=f37,f8
+  	(p0)	nop.i		0x0		};;
+! { .mii;	(p25)	getf.sig	r32=f44			// high
+! 	.pred.rel	"mutex",p50,p54
+! 	(p50)	add		r40=r38,r35		// (p27)
+! 	(p54)	add		r40=r38,r35,1	}	// (p27)
+! { .mfb;	(p28)	st8		[r14]=r41,8
+  	(p0)	nop.f		0x0
+  	br.ctop.sptk	.L_bn_mul_words_ctop	};;
+  .L_bn_mul_words_cend:
+  
+  { .mii;	nop.m		0x0
+! .pred.rel	"mutex",p51,p55
+! (p51)	add		r8=r36,r0
+! (p55)	add		r8=r36,r0,1	}
+  { .mfb;	nop.m	0x0
+  	nop.f	0x0
+  	nop.b	0x0			}
+***************
+*** 344,350 ****
+  #endif	// XMA_TEMPTATION
+  
+  { .mii;	nop.m		0x0
+! 	mov		pr=r9,-1
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+--- 409,415 ----
+  #endif	// XMA_TEMPTATION
+  
+  { .mii;	nop.m		0x0
+! 	mov		pr=r9,0x1ffff
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+***************
+*** 376,434 ****
+  
+  	.body
+  { .mib;	setf.sig	f8=r35	// w
+! 	mov		pr.rot=0x400001<<16
+! 			// ------^----- serves as (p48) at first (p26)
+  	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
+  					}
+! { .mii;	mov		r14=r32	// rp
+! 	mov		r15=r33	// ap
+  	mov		ar.lc=r10	}
+! { .mii;	mov		r39=0	// serves as r33 at first (p26)
+! 	mov		r18=r32	// rp copy
+! 	mov		ar.ec=14	};;
+  
+! // This loop spins in 3*(n+13) ticks on Itanium and should spin in
+! // 2*(n+13) on "wider" IA-64 implementations (to be verified with new
+  // µ-architecture manuals as they become available). As usual it's
+  // possible to compress the epilogue, down to 10 in this case, at the
+  // cost of scalability. Compressed (and therefore non-scalable) loop
+! // running at 3*(n+10) would buy you ~10% on Itanium but take ~35%
+  // from "wider" IA-64 so let it be scalable! Special attention was
+  // paid for having the loop body split at 64-byte boundary. ld8 is
+  // scheduled for L1 cache as the data is more than likely there.
+  // Indeed, bn_mul_words has put it there a moment ago:-)
+  .L_bn_mul_add_words_ctop:
+! { .mfi;	(p25)	getf.sig	r36=f49			// low
+! 	(p21)	xmpy.lu		f45=f37,f8
+! 	(p27)	cmp.ltu		p52,p48=r39,r38	}
+  { .mfi;	(p16)	ldf8		f32=[r15],8
+! 	(p21)	xmpy.hu		f38=f37,f8
+! 	(p27)	add		r43=r43,r39	};;
+! { .mii;	(p26)	getf.sig	r32=f43			// high
+! 	.pred.rel	"mutex",p48,p52
+! 	(p48)	add		r38=r37,r33		// (p26)
+! 	(p52)	add		r38=r37,r33,1	}	// (p26)
+! { .mfb;	(p27)	cmp.ltu.unc	p56,p0=r43,r39
+  	(p0)	nop.f		0x0
+  	(p0)	nop.b		0x0		}
+! { .mii;	(p26)	ld8		r42=[r18],8
+! 	(p58)	cmp.eq.or	p57,p0=-1,r44
+! 	(p58)	add		r44=1,r44	}
+! { .mfb;	(p29)	st8		[r14]=r45,8
+  	(p0)	nop.f		0x0
+  	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
+  .L_bn_mul_add_words_cend:
+  
+  { .mii;	nop.m		0x0
+! .pred.rel	"mutex",p51,p55
+! (p51)	add		r8=r36,r0
+! (p55)	add		r8=r36,r0,1	}
+  { .mfb;	nop.m	0x0
+  	nop.f	0x0
+  	nop.b	0x0			};;
+  { .mii;
+! (p59)	add		r8=1,r8
+! 	mov		pr=r9,-1
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+--- 441,509 ----
+  
+  	.body
+  { .mib;	setf.sig	f8=r35	// w
+! 	mov		pr.rot=0x800001<<16
+! 			// ------^----- serves as (p50) at first (p27)
+  	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
+  					}
+! { .mii;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r14=0,r32	// rp
+! 	addp4		r15=0,r33	// ap
+! #else
+! 	mov		r14=r32		// rp
+! 	mov		r15=r33		// ap
+! #endif
+  	mov		ar.lc=r10	}
+! { .mii;	mov		r40=0	// serves as r35 at first (p27)
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r18=0,r32	// rp copy
+! #else
+! 	mov		r18=r32		// rp copy
+! #endif
+! 	mov		ar.ec=15	};;
+  
+! // This loop spins in 3*(n+14) ticks on Itanium and should spin in
+! // 2*(n+14) on "wider" IA-64 implementations (to be verified with new
+  // µ-architecture manuals as they become available). As usual it's
+  // possible to compress the epilogue, down to 10 in this case, at the
+  // cost of scalability. Compressed (and therefore non-scalable) loop
+! // running at 3*(n+11) would buy you ~10% on Itanium but take ~35%
+  // from "wider" IA-64 so let it be scalable! Special attention was
+  // paid for having the loop body split at 64-byte boundary. ld8 is
+  // scheduled for L1 cache as the data is more than likely there.
+  // Indeed, bn_mul_words has put it there a moment ago:-)
+  .L_bn_mul_add_words_ctop:
+! { .mfi;	(p25)	getf.sig	r36=f52			// low
+! 	(p21)	xmpy.lu		f48=f37,f8
+! 	(p28)	cmp.ltu		p54,p50=r41,r39	}
+  { .mfi;	(p16)	ldf8		f32=[r15],8
+! 	(p21)	xmpy.hu		f40=f37,f8
+! 	(p28)	add		r45=r45,r41	};;
+! { .mii;	(p25)	getf.sig	r32=f44			// high
+! 	.pred.rel	"mutex",p50,p54
+! 	(p50)	add		r40=r38,r35		// (p27)
+! 	(p54)	add		r40=r38,r35,1	}	// (p27)
+! { .mfb;	(p28)	cmp.ltu.unc	p60,p0=r45,r41
+  	(p0)	nop.f		0x0
+  	(p0)	nop.b		0x0		}
+! { .mii;	(p27)	ld8		r44=[r18],8
+! 	(p62)	cmp.eq.or	p61,p0=-1,r46
+! 	(p62)	add		r46=1,r46	}
+! { .mfb;	(p30)	st8		[r14]=r47,8
+  	(p0)	nop.f		0x0
+  	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
+  .L_bn_mul_add_words_cend:
+  
+  { .mii;	nop.m		0x0
+! .pred.rel	"mutex",p53,p57
+! (p53)	add		r8=r38,r0
+! (p57)	add		r8=r38,r0,1	}
+  { .mfb;	nop.m	0x0
+  	nop.f	0x0
+  	nop.b	0x0			};;
+  { .mii;
+! (p63)	add		r8=1,r8
+! 	mov		pr=r9,0x1ffff
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+***************
+*** 461,466 ****
+--- 536,545 ----
+  	mov	r9=pr			};;
+  
+  	.body
++ #if defined(_HPUX_SOURCE) && defined(_ILP32)
++ { .mii; addp4		r32=0,r32
++ 	addp4		r33=0,r33	};;
++ #endif
+  { .mib;
+  	mov		pr.rot=1<<16
+  	brp.loop.imp	.L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
+***************
+*** 492,498 ****
+  .L_bn_sqr_words_cend:
+  
+  { .mii;	nop.m		0x0
+! 	mov		pr=r9,-1
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+--- 571,577 ----
+  .L_bn_sqr_words_cend:
+  
+  { .mii;	nop.m		0x0
+! 	mov		pr=r9,0x1ffff
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+***************
+*** 526,532 ****
+--- 605,618 ----
+  	.prologue
+  	.fframe	0
+  	.save	ar.pfs,r2
++ #if defined(_HPUX_SOURCE) && defined(_ILP32)
+  { .mii;	alloc	r2=ar.pfs,2,1,0,0
++ 	addp4	r33=0,r33
++ 	addp4	r32=0,r32		};;
++ { .mii;
++ #else
++ { .mii;	alloc	r2=ar.pfs,2,1,0,0
++ #endif
+  	mov	r34=r33
+  	add	r14=8,r33		};;
+  	.body
+***************
+*** 587,593 ****
+--- 673,686 ----
+  	.prologue
+  	.fframe	0
+  	.save	ar.pfs,r2
++ #if defined(_HPUX_SOURCE) && defined(_ILP32)
+  { .mii;	alloc	r2=ar.pfs,3,0,0,0
++ 	addp4	r33=0,r33
++ 	addp4	r34=0,r34		};;
++ { .mii;	addp4	r32=0,r32
++ #else
++ { .mii;	alloc   r2=ar.pfs,3,0,0,0
++ #endif
+  	add	r14=8,r33
+  	add	r17=8,r34		}
+  	.body
+***************
+*** 1138,1144 ****
+--- 1231,1244 ----
+  	.prologue
+  	.fframe	0
+  	.save	ar.pfs,r2
++ #if defined(_HPUX_SOURCE) && defined(_ILP32)
++ { .mii;	alloc   r2=ar.pfs,2,1,0,0
++ 	addp4	r32=0,r32
++ 	addp4	r33=0,r33		};;
++ { .mii;
++ #else
+  { .mii;	alloc	r2=ar.pfs,2,1,0,0
++ #endif
+  	mov	r34=r33
+  	add	r14=8,r33		};;
+  	.body
+***************
+*** 1164,1170 ****
+--- 1264,1277 ----
+  	.prologue
+  	.fframe	0
+  	.save	ar.pfs,r2
++ #if defined(_HPUX_SOURCE) && defined(_ILP32)
++ { .mii;	alloc   r2=ar.pfs,3,0,0,0
++ 	addp4	r33=0,r33
++ 	addp4	r34=0,r34		};;
++ { .mii;	addp4	r32=0,r32
++ #else
+  { .mii;	alloc	r2=ar.pfs,3,0,0,0
++ #endif
+  	add	r14=8,r33
+  	add	r17=8,r34		}
+  	.body
+***************
+*** 1464,1470 ****
+  	or	r8=r8,r33
+  	mov	ar.pfs=r2		};;
+  { .mii;	shr.u	r9=H,I			// remainder if anybody wants it
+! 	mov	pr=r10,-1		}
+  { .mfb;	br.ret.sptk.many	b0	};;
+  
+  // Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
+--- 1571,1577 ----
+  	or	r8=r8,r33
+  	mov	ar.pfs=r2		};;
+  { .mii;	shr.u	r9=H,I			// remainder if anybody wants it
+! 	mov	pr=r10,0x1ffff		}
+  { .mfb;	br.ret.sptk.many	b0	};;
+  
+  // Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/asm/pa-risc2.s ../RELENG_4/crypto/openssl/crypto/bn/asm/pa-risc2.s
+*** crypto/openssl/crypto/bn/asm/pa-risc2.s	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/bn/asm/pa-risc2.s	Mon Feb 24 21:14:53 2003
+***************
+*** 747,754 ****
+  	.PROC
+  	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
+  	.IMPORT	BN_num_bits_word,CODE
+! 	.IMPORT	__iob,DATA
+! 	.IMPORT	fprintf,CODE
+  	.IMPORT	abort,CODE
+  	.IMPORT	$$div2U,MILLICODE
+  	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+--- 747,754 ----
+  	.PROC
+  	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
+  	.IMPORT	BN_num_bits_word,CODE
+! 	;--- not PIC	.IMPORT	__iob,DATA
+! 	;--- not PIC	.IMPORT	fprintf,CODE
+  	.IMPORT	abort,CODE
+  	.IMPORT	$$div2U,MILLICODE
+  	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+***************
+*** 844,855 ****
+          MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
+          EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
+  $D2
+!         ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
+!         LDIL    LR'C$7,%r21     ;offset 0xa24
+!         LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
+!         .CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
+!         B,L     fprintf,%r2     ;offset 0xa2c
+!         LDO     RR'C$7(%r21),%r25       ;offset 0xa30
+          .CALL           ;
+          B,L     abort,%r2       ;offset 0xa34
+          NOP             ;offset 0xa38
+--- 844,855 ----
+          MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
+          EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
+  $D2
+!         ;--- not PIC	ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
+!         ;--- not PIC	LDIL    LR'C$7,%r21     ;offset 0xa24
+!         ;--- not PIC	LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
+!         ;--- not PIC	.CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
+!         ;--- not PIC	B,L     fprintf,%r2     ;offset 0xa2c
+!         ;--- not PIC	LDO     RR'C$7(%r21),%r25       ;offset 0xa30
+          .CALL           ;
+          B,L     abort,%r2       ;offset 0xa34
+          NOP             ;offset 0xa38
+***************
+*** 1605,1618 ****
+  	.PROCEND	
+  
+  
+! 	.SPACE	$TEXT$
+! 	.SUBSPA	$CODE$
+! 	.SPACE	$PRIVATE$,SORT=16
+! 	.IMPORT	$global$,DATA
+! 	.SPACE	$TEXT$
+! 	.SUBSPA	$CODE$
+! 	.SUBSPA	$LIT$,ACCESS=0x2c
+! C$7
+! 	.ALIGN	8
+! 	.STRINGZ	"Division would overflow (%d)\n"
+  	.END
+--- 1605,1618 ----
+  	.PROCEND	
+  
+  
+! ;--- not PIC	.SPACE	$TEXT$
+! ;--- not PIC	.SUBSPA	$CODE$
+! ;--- not PIC	.SPACE	$PRIVATE$,SORT=16
+! ;--- not PIC	.IMPORT	$global$,DATA
+! ;--- not PIC	.SPACE	$TEXT$
+! ;--- not PIC	.SUBSPA	$CODE$
+! ;--- not PIC	.SUBSPA	$LIT$,ACCESS=0x2c
+! ;--- not PIC	C$7
+! ;--- not PIC	.ALIGN	8
+! ;--- not PIC	.STRINGZ	"Division would overflow (%d)\n"
+  	.END
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_lcl.h ../RELENG_4/crypto/openssl/crypto/bn/bn_lcl.h
+*** crypto/openssl/crypto/bn/bn_lcl.h	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/bn/bn_lcl.h	Mon Feb 24 21:14:52 2003
+***************
+*** 446,455 ****
+  	BN_ULONG *t);
+  void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
+  	BN_ULONG *t);
+- BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+- 	int cl, int dl);
+- BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+- 	int cl, int dl);
+  
+  #ifdef  __cplusplus
+  }
+--- 446,451 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_prime.c ../RELENG_4/crypto/openssl/crypto/bn/bn_prime.c
+*** crypto/openssl/crypto/bn/bn_prime.c	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/bn/bn_prime.c	Mon Feb 24 21:14:52 2003
+***************
+*** 140,145 ****
+--- 140,146 ----
+  	BN_CTX *ctx;
+  	int checks = BN_prime_checks_for_size(bits);
+  
++ 	BN_init(&t);
+  	ctx=BN_CTX_new();
+  	if (ctx == NULL) goto err;
+  	if (ret == NULL)
+***************
+*** 148,154 ****
+  		}
+  	else
+  		rnd=ret;
+- 	BN_init(&t);
+  loop: 
+  	/* make a random number and set the top and bottom bits */
+  	if (add == NULL)
+--- 149,154 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/cast/Makefile.ssl
+*** crypto/openssl/crypto/cast/Makefile.ssl	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/cast/Makefile.ssl	Mon Feb 24 21:14:53 2003
+***************
+*** 52,65 ****
+  	@touch lib
+  
+  # elf
+! asm/cx86-elf.o: asm/cx86unix.cpp
+! 	$(CPP) -DELF -x c asm/cx86unix.cpp | as -o asm/cx86-elf.o
+! 
+! # solaris
+! asm/cx86-sol.o: asm/cx86unix.cpp
+! 	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+! 	as -o asm/cx86-sol.o asm/cx86-sol.s
+! 	rm -f asm/cx86-sol.s
+  
+  # a.out
+  asm/cx86-out.o: asm/cx86unix.cpp
+--- 52,59 ----
+  	@touch lib
+  
+  # elf
+! asm/cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+! 	(cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > cx86-elf.s)
+  
+  # a.out
+  asm/cx86-out.o: asm/cx86unix.cpp
+***************
+*** 104,110 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 98,104 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/cx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_mall.c ../RELENG_4/crypto/openssl/crypto/conf/conf_mall.c
+*** crypto/openssl/crypto/conf/conf_mall.c	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/conf/conf_mall.c	Mon Feb 24 21:14:53 2003
+***************
+*** 63,69 ****
+--- 63,71 ----
+  #include <openssl/dso.h>
+  #include <openssl/x509.h>
+  #include <openssl/asn1.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  /* Load all OpenSSL builtin modules */
+  
+***************
+*** 71,76 ****
+--- 73,80 ----
+  	{
+  	/* Add builtin modules here */
+  	ASN1_add_oid_module();
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE_add_conf_module();
++ #endif
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_sap.c ../RELENG_4/crypto/openssl/crypto/conf/conf_sap.c
+*** crypto/openssl/crypto/conf/conf_sap.c	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/conf/conf_sap.c	Mon Feb 24 21:14:53 2003
+***************
+*** 63,69 ****
+--- 63,71 ----
+  #include <openssl/dso.h>
+  #include <openssl/x509.h>
+  #include <openssl/asn1.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  /* This is the automatic configuration loader: it is called automatically by
+   * OpenSSL when any of a number of standard initialisation functions are called,
+***************
+*** 78,85 ****
+--- 80,89 ----
+  		return;
+  
+  	OPENSSL_load_builtin_modules();
++ #ifndef OPENSSL_NO_ENGINE
+  	/* Need to load ENGINEs */
+  	ENGINE_load_builtin_engines();
++ #endif
+  	/* Add others here? */
+  
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/des/Makefile.ssl
+*** crypto/openssl/crypto/des/Makefile.ssl	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/Makefile.ssl	Mon Feb 24 21:14:53 2003
+***************
+*** 66,95 ****
+  	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+  
+  # elf
+! asm/dx86-elf.o: asm/dx86unix.cpp
+! 	$(CPP) -DELF	\
+! 		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+! 		-x c asm/dx86unix.cpp | as -o asm/dx86-elf.o
+! 
+! asm/yx86-elf.o: asm/yx86unix.cpp
+! 	$(CPP) -DELF	\
+! 		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+! 		-x c asm/yx86unix.cpp | as -o asm/yx86-elf.o
+! 
+! # solaris
+! asm/dx86-sol.o: asm/dx86unix.cpp
+! 	$(CC) -E -DSOL	\
+! 		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+! 		asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+! 	as -o asm/dx86-sol.o asm/dx86-sol.s
+! 	rm -f asm/dx86-sol.s
+! 
+! asm/yx86-sol.o: asm/yx86unix.cpp
+! 	$(CC) -E -DSOL	\
+! 		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+! 		asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+! 	as -o asm/yx86-sol.o asm/yx86-sol.s
+! 	rm -f asm/yx86-sol.s
+  
+  # a.out
+  asm/dx86-out.o: asm/dx86unix.cpp
+--- 66,76 ----
+  	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+  
+  # elf
+! asm/dx86-elf.s:	asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+! 	(cd asm; $(PERL) des-586.pl elf $(CFLAGS) > dx86-elf.s)
+! 
+! asm/yx86-elf.s:	asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+! 	(cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > yx86-elf.s)
+  
+  # a.out
+  asm/dx86-out.o: asm/dx86unix.cpp
+***************
+*** 145,151 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 126,132 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/dx86unix.cpp asm/yx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/asm/crypt586.pl ../RELENG_4/crypto/openssl/crypto/des/asm/crypt586.pl
+*** crypto/openssl/crypto/des/asm/crypt586.pl	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/asm/crypt586.pl	Mon Feb 24 21:14:53 2003
+***************
+*** 32,39 ****
+  	&xor(	$R,	$R);
+  
+  	# PIC-ification:-)
+! 	if ($cpp)	{ &picmeup("edx","DES_SPtrans");   }
+! 	else		{ &lea("edx",&DWP("DES_SPtrans")); }
+  	&push("edx");	# becomes &swtmp(1)
+  	#
+  	&mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
+--- 32,40 ----
+  	&xor(	$R,	$R);
+  
+  	# PIC-ification:-)
+! 	&picmeup("edx","DES_SPtrans");
+! 	#if ($cpp)	{ &picmeup("edx","DES_SPtrans");   }
+! 	#else		{ &lea("edx",&DWP("DES_SPtrans")); }
+  	&push("edx");	# becomes &swtmp(1)
+  	#
+  	&mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/asm/des-586.pl ../RELENG_4/crypto/openssl/crypto/des/asm/des-586.pl
+*** crypto/openssl/crypto/des/asm/des-586.pl	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/asm/des-586.pl	Mon Feb 24 21:14:53 2003
+***************
+*** 73,80 ****
+  		}
+  
+  	# PIC-ification:-)
+! 	if ($cpp)	{ &picmeup($trans,"DES_SPtrans");   }
+! 	else		{ &lea($trans,&DWP("DES_SPtrans")); }
+  
+  	&mov(	"ecx",	&wparam(1)	);
+  	&cmp("ebx","0");
+--- 73,81 ----
+  		}
+  
+  	# PIC-ification:-)
+! 	&picmeup($trans,"DES_SPtrans");
+! 	#if ($cpp)	{ &picmeup($trans,"DES_SPtrans");   }
+! 	#else		{ &lea($trans,&DWP("DES_SPtrans")); }
+  
+  	&mov(	"ecx",	&wparam(1)	);
+  	&cmp("ebx","0");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/cbc_cksm.c ../RELENG_4/crypto/openssl/crypto/des/cbc_cksm.c
+*** crypto/openssl/crypto/des/cbc_cksm.c	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/cbc_cksm.c	Mon Feb 24 21:14:53 2003
+***************
+*** 93,97 ****
+--- 93,106 ----
+  		l2c(tout1,out);
+  		}
+  	tout0=tin0=tin1=tin[0]=tin[1]=0;
++ 	/*
++ 	  Transform the data in tout1 so that it will
++ 	  match the return value that the MIT Kerberos
++ 	  mit_des_cbc_cksum API returns.
++ 	*/
++ 	tout1 = ((tout1 >> 24L) & 0x000000FF)
++ 	      | ((tout1 >> 8L)  & 0x0000FF00)
++ 	      | ((tout1 << 8L)  & 0x00FF0000)
++ 	      | ((tout1 << 24L) & 0xFF000000);
+  	return(tout1);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des_locl.h ../RELENG_4/crypto/openssl/crypto/des/des_locl.h
+*** crypto/openssl/crypto/des/des_locl.h	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/des_locl.h	Mon Feb 24 21:14:53 2003
+***************
+*** 162,168 ****
+  
+  #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+  #define	ROTATE(a,n)	(_lrotr(a,n))
+! #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+  # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+  #  define ROTATE(a,n)	({ register unsigned int ret;	\
+  				asm ("rorl %1,%0"	\
+--- 162,168 ----
+  
+  #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+  #define	ROTATE(a,n)	(_lrotr(a,n))
+! #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+  # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+  #  define ROTATE(a,n)	({ register unsigned int ret;	\
+  				asm ("rorl %1,%0"	\
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/destest.c ../RELENG_4/crypto/openssl/crypto/des/destest.c
+*** crypto/openssl/crypto/des/destest.c	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/destest.c	Mon Feb 24 21:14:53 2003
+***************
+*** 320,326 ****
+--- 320,330 ----
+  	0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
+  	};
+  
++ #if 0
+  static DES_LONG cbc_cksum_ret=0xB462FEF7L;
++ #else
++ static DES_LONG cbc_cksum_ret=0xF7FE62B4L;
++ #endif
+  static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+  
+  static char *pt(unsigned char *p);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dh_key.c ../RELENG_4/crypto/openssl/crypto/dh/dh_key.c
+*** crypto/openssl/crypto/dh/dh_key.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dh/dh_key.c	Mon Feb 24 21:14:53 2003
+***************
+*** 61,67 ****
+--- 61,69 ----
+  #include <openssl/bn.h>
+  #include <openssl/rand.h>
+  #include <openssl/dh.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  static int generate_key(DH *dh);
+  static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dh_lib.c ../RELENG_4/crypto/openssl/crypto/dh/dh_lib.c
+*** crypto/openssl/crypto/dh/dh_lib.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dh/dh_lib.c	Mon Feb 24 21:14:53 2003
+***************
+*** 60,66 ****
+--- 60,68 ----
+  #include "cryptlib.h"
+  #include <openssl/bn.h>
+  #include <openssl/dh.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+  
+***************
+*** 85,95 ****
+--- 87,99 ----
+          const DH_METHOD *mtmp;
+          mtmp = dh->meth;
+          if (mtmp->finish) mtmp->finish(dh);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (dh->engine)
+  		{
+  		ENGINE_finish(dh->engine);
+  		dh->engine = NULL;
+  		}
++ #endif
+          dh->meth = meth;
+          if (meth->init) meth->init(dh);
+          return 1;
+***************
+*** 112,117 ****
+--- 116,122 ----
+  		}
+  
+  	ret->meth = DH_get_default_method();
++ #ifndef OPENSSL_NO_ENGINE
+  	if (engine)
+  		{
+  		if (!ENGINE_init(engine))
+***************
+*** 135,140 ****
+--- 140,146 ----
+  			return NULL;
+  			}
+  		}
++ #endif
+  
+  	ret->pad=0;
+  	ret->version=0;
+***************
+*** 154,161 ****
+--- 160,169 ----
+  	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+  	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+  		{
++ #ifndef OPENSSL_NO_ENGINE
+  		if (ret->engine)
+  			ENGINE_finish(ret->engine);
++ #endif
+  		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+  		OPENSSL_free(ret);
+  		ret=NULL;
+***************
+*** 182,189 ****
+--- 190,199 ----
+  
+  	if (r->meth->finish)
+  		r->meth->finish(r);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (r->engine)
+  		ENGINE_finish(r->engine);
++ #endif
+  
+  	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_lib.c ../RELENG_4/crypto/openssl/crypto/dsa/dsa_lib.c
+*** crypto/openssl/crypto/dsa/dsa_lib.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsa_lib.c	Mon Feb 24 21:14:53 2003
+***************
+*** 63,69 ****
+--- 63,71 ----
+  #include <openssl/bn.h>
+  #include <openssl/dsa.h>
+  #include <openssl/asn1.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+  
+***************
+*** 93,103 ****
+--- 95,107 ----
+          const DSA_METHOD *mtmp;
+          mtmp = dsa->meth;
+          if (mtmp->finish) mtmp->finish(dsa);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (dsa->engine)
+  		{
+  		ENGINE_finish(dsa->engine);
+  		dsa->engine = NULL;
+  		}
++ #endif
+          dsa->meth = meth;
+          if (meth->init) meth->init(dsa);
+          return 1;
+***************
+*** 114,119 ****
+--- 118,124 ----
+  		return(NULL);
+  		}
+  	ret->meth = DSA_get_default_method();
++ #ifndef OPENSSL_NO_ENGINE
+  	if (engine)
+  		{
+  		if (!ENGINE_init(engine))
+***************
+*** 138,143 ****
+--- 143,149 ----
+  			return NULL;
+  			}
+  		}
++ #endif
+  
+  	ret->pad=0;
+  	ret->version=0;
+***************
+*** 158,165 ****
+--- 164,173 ----
+  	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+  	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+  		{
++ #ifndef OPENSSL_NO_ENGINE
+  		if (ret->engine)
+  			ENGINE_finish(ret->engine);
++ #endif
+  		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+  		OPENSSL_free(ret);
+  		ret=NULL;
+***************
+*** 189,196 ****
+--- 197,206 ----
+  
+  	if(r->meth->finish)
+  		r->meth->finish(r);
++ #ifndef OPENSSL_NO_ENGINE
+  	if(r->engine)
+  		ENGINE_finish(r->engine);
++ #endif
+  
+  	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_ossl.c ../RELENG_4/crypto/openssl/crypto/dsa/dsa_ossl.c
+*** crypto/openssl/crypto/dsa/dsa_ossl.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsa_ossl.c	Mon Feb 24 21:14:53 2003
+***************
+*** 64,70 ****
+--- 64,72 ----
+  #include <openssl/dsa.h>
+  #include <openssl/rand.h>
+  #include <openssl/asn1.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+  static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+***************
+*** 106,118 ****
+  	int i,reason=ERR_R_BN_LIB;
+  	DSA_SIG *ret=NULL;
+  
+  	if (!dsa->p || !dsa->q || !dsa->g)
+  		{
+  		reason=DSA_R_MISSING_PARAMETERS;
+  		goto err;
+  		}
+! 	BN_init(&m);
+! 	BN_init(&xr);
+  	s=BN_new();
+  	if (s == NULL) goto err;
+  
+--- 108,122 ----
+  	int i,reason=ERR_R_BN_LIB;
+  	DSA_SIG *ret=NULL;
+  
++ 	BN_init(&m);
++ 	BN_init(&xr);
++ 
+  	if (!dsa->p || !dsa->q || !dsa->g)
+  		{
+  		reason=DSA_R_MISSING_PARAMETERS;
+  		goto err;
+  		}
+! 
+  	s=BN_new();
+  	if (s == NULL) goto err;
+  
+***************
+*** 178,183 ****
+--- 182,190 ----
+  		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+  		return 0;
+  		}
++ 
++ 	BN_init(&k);
++ 
+  	if (ctx_in == NULL)
+  		{
+  		if ((ctx=BN_CTX_new()) == NULL) goto err;
+***************
+*** 185,191 ****
+  	else
+  		ctx=ctx_in;
+  
+- 	BN_init(&k);
+  	if ((r=BN_new()) == NULL) goto err;
+  	kinv=NULL;
+  
+--- 192,197 ----
+***************
+*** 241,250 ****
+  		return -1;
+  		}
+  
+- 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+  	BN_init(&u1);
+  	BN_init(&u2);
+  	BN_init(&t1);
+  
+  	if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+  		{
+--- 247,257 ----
+  		return -1;
+  		}
+  
+  	BN_init(&u1);
+  	BN_init(&u2);
+  	BN_init(&t1);
++ 
++ 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+  
+  	if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_sign.c ../RELENG_4/crypto/openssl/crypto/dsa/dsa_sign.c
+*** crypto/openssl/crypto/dsa/dsa_sign.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsa_sign.c	Mon Feb 24 21:14:53 2003
+***************
+*** 64,70 ****
+--- 64,72 ----
+  #include <openssl/dsa.h>
+  #include <openssl/rand.h>
+  #include <openssl/asn1.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_vrf.c ../RELENG_4/crypto/openssl/crypto/dsa/dsa_vrf.c
+*** crypto/openssl/crypto/dsa/dsa_vrf.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsa_vrf.c	Mon Feb 24 21:14:53 2003
+***************
+*** 65,71 ****
+--- 65,73 ----
+  #include <openssl/rand.h>
+  #include <openssl/asn1.h>
+  #include <openssl/asn1_mac.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+  		  DSA *dsa)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsagen.c ../RELENG_4/crypto/openssl/crypto/dsa/dsagen.c
+*** crypto/openssl/crypto/dsa/dsagen.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsagen.c	Mon Feb 24 21:14:53 2003
+***************
+*** 103,109 ****
+  		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+  
+  	memcpy(seed_buf,seed,20);
+! 	dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb);
+  
+  	if (dsa == NULL)
+  		DSA_print(bio_err,dsa,0);
+--- 103,109 ----
+  		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+  
+  	memcpy(seed_buf,seed,20);
+! 	dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
+  
+  	if (dsa == NULL)
+  		DSA_print(bio_err,dsa,0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsatest.c ../RELENG_4/crypto/openssl/crypto/dsa/dsatest.c
+*** crypto/openssl/crypto/dsa/dsatest.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsatest.c	Mon Feb 24 21:14:53 2003
+***************
+*** 68,74 ****
+--- 68,76 ----
+  #include <openssl/rand.h>
+  #include <openssl/bio.h>
+  #include <openssl/err.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #ifdef OPENSSL_SYS_WINDOWS
+  #include "../bio/bss_file.c"
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dso/dso_dl.c ../RELENG_4/crypto/openssl/crypto/dso/dso_dl.c
+*** crypto/openssl/crypto/dso/dso_dl.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dso/dso_dl.c	Mon Feb 24 21:14:53 2003
+***************
+*** 126,132 ****
+  		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
+  		goto err;
+  		}
+! 	ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, NULL);
+  	if(ptr == NULL)
+  		{
+  		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
+--- 126,132 ----
+  		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
+  		goto err;
+  		}
+! 	ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L);
+  	if(ptr == NULL)
+  		{
+  		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ec/ec.h ../RELENG_4/crypto/openssl/crypto/ec/ec.h
+*** crypto/openssl/crypto/ec/ec.h	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/ec/ec.h	Mon Feb 24 21:14:54 2003
+***************
+*** 195,201 ****
+  #define EC_F_EC_GROUP_GET0_GENERATOR			 139
+  #define EC_F_EC_GROUP_GET_COFACTOR			 140
+  #define EC_F_EC_GROUP_GET_CURVE_GFP			 130
+- #define EC_F_EC_GROUP_GET_EXTRA_DATA			 107
+  #define EC_F_EC_GROUP_GET_ORDER				 141
+  #define EC_F_EC_GROUP_NEW				 108
+  #define EC_F_EC_GROUP_PRECOMPUTE_MULT			 142
+--- 195,200 ----
+***************
+*** 232,238 ****
+  #define EC_R_INVALID_FIELD				 103
+  #define EC_R_INVALID_FORM				 104
+  #define EC_R_NOT_INITIALIZED				 111
+- #define EC_R_NO_SUCH_EXTRA_DATA				 105
+  #define EC_R_POINT_AT_INFINITY				 106
+  #define EC_R_POINT_IS_NOT_ON_CURVE			 107
+  #define EC_R_SLOT_FULL					 108
+--- 231,236 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ec/ec_err.c ../RELENG_4/crypto/openssl/crypto/ec/ec_err.c
+*** crypto/openssl/crypto/ec/ec_err.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/ec/ec_err.c	Mon Feb 24 21:14:54 2003
+***************
+*** 84,90 ****
+  {ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0),	"EC_GROUP_get0_generator"},
+  {ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0),	"EC_GROUP_get_cofactor"},
+  {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0),	"EC_GROUP_get_curve_GFp"},
+- {ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0),	"EC_GROUP_get_extra_data"},
+  {ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0),	"EC_GROUP_get_order"},
+  {ERR_PACK(0,EC_F_EC_GROUP_NEW,0),	"EC_GROUP_new"},
+  {ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0),	"EC_GROUP_precompute_mult"},
+--- 84,89 ----
+***************
+*** 124,130 ****
+  {EC_R_INVALID_FIELD                      ,"invalid field"},
+  {EC_R_INVALID_FORM                       ,"invalid form"},
+  {EC_R_NOT_INITIALIZED                    ,"not initialized"},
+- {EC_R_NO_SUCH_EXTRA_DATA                 ,"no such extra data"},
+  {EC_R_POINT_AT_INFINITY                  ,"point at infinity"},
+  {EC_R_POINT_IS_NOT_ON_CURVE              ,"point is not on curve"},
+  {EC_R_SLOT_FULL                          ,"slot full"},
+--- 123,128 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ec/ec_lib.c ../RELENG_4/crypto/openssl/crypto/ec/ec_lib.c
+*** crypto/openssl/crypto/ec/ec_lib.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/ec/ec_lib.c	Mon Feb 24 21:14:54 2003
+***************
+*** 268,274 ****
+  		|| (group->extra_data_free_func != extra_data_free_func)
+  		|| (group->extra_data_clear_free_func != extra_data_clear_free_func))
+  		{
+! 		ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA);
+  		return NULL;
+  		}
+  
+--- 268,276 ----
+  		|| (group->extra_data_free_func != extra_data_free_func)
+  		|| (group->extra_data_clear_free_func != extra_data_clear_free_func))
+  		{
+! #if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */
+! 		ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA);
+! #endif
+  		return NULL;
+  		}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ec/ec_mult.c ../RELENG_4/crypto/openssl/crypto/ec/ec_mult.c
+*** crypto/openssl/crypto/ec/ec_mult.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/ec/ec_mult.c	Mon Feb 24 21:14:54 2003
+***************
+*** 209,214 ****
+--- 209,225 ----
+  	EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */
+  	int ret = 0;
+  	
++ 	if (group->meth != r->meth)
++ 		{
++ 		ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
++ 		return 0;
++ 		}
++ 
++ 	if ((scalar == NULL) && (num == 0))
++ 		{
++ 		return EC_POINT_set_to_infinity(group, r);
++ 		}
++ 
+  	if (scalar != NULL)
+  		{
+  		generator = EC_GROUP_get0_generator(group);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ec/ectest.c ../RELENG_4/crypto/openssl/crypto/ec/ectest.c
+*** crypto/openssl/crypto/ec/ectest.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/ec/ectest.c	Mon Feb 24 21:14:54 2003
+***************
+*** 70,76 ****
+--- 70,78 ----
+  
+  
+  #include <openssl/ec.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #include <openssl/err.h>
+  
+  #define ABORT do { \
+***************
+*** 628,634 ****
+--- 630,638 ----
+  	if (P_384) EC_GROUP_free(P_384);
+  	if (P_521) EC_GROUP_free(P_521);
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE_cleanup();
++ #endif
+  	CRYPTO_cleanup_all_ex_data();
+  	ERR_free_strings();
+  	ERR_remove_state(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/engine/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/engine/Makefile.ssl
+*** crypto/openssl/crypto/engine/Makefile.ssl	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/engine/Makefile.ssl	Mon Feb 24 21:14:54 2003
+***************
+*** 50,56 ****
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB)
+  	@touch lib
+  
+  files:
+--- 50,56 ----
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB) || echo Never mind.
+  	@touch lib
+  
+  files:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/engine/engine.h ../RELENG_4/crypto/openssl/crypto/engine/engine.h
+*** crypto/openssl/crypto/engine/engine.h	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/engine/engine.h	Mon Feb 24 21:14:54 2003
+***************
+*** 59,64 ****
+--- 59,70 ----
+  #ifndef HEADER_ENGINE_H
+  #define HEADER_ENGINE_H
+  
++ #include <openssl/opensslconf.h>
++ 
++ #ifdef OPENSSL_NO_ENGINE
++ #error ENGINE is disabled.
++ #endif
++ 
+  #include <openssl/ossl_typ.h>
+  #include <openssl/bn.h>
+  #ifndef OPENSSL_NO_RSA
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/engine/enginetest.c ../RELENG_4/crypto/openssl/crypto/engine/enginetest.c
+*** crypto/openssl/crypto/engine/enginetest.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/engine/enginetest.c	Mon Feb 24 21:14:54 2003
+***************
+*** 56,64 ****
+   *
+   */
+  
+- #include <openssl/e_os2.h>
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/buffer.h>
+  #include <openssl/crypto.h>
+  #include <openssl/engine.h>
+--- 56,72 ----
+   *
+   */
+  
+  #include <stdio.h>
+  #include <string.h>
++ 
++ #ifdef OPENSSL_NO_ENGINE
++ int main(int argc, char *argv[])
++ {
++     printf("No ENGINE support\n");
++     return(0);
++ }
++ #else
++ #include <openssl/e_os2.h>
+  #include <openssl/buffer.h>
+  #include <openssl/crypto.h>
+  #include <openssl/engine.h>
+***************
+*** 272,274 ****
+--- 280,283 ----
+  	CRYPTO_mem_leaks_fp(stderr);
+  	return to_return;
+  	}
++ #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/err.c ../RELENG_4/crypto/openssl/crypto/err/err.c
+*** crypto/openssl/crypto/err/err.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/err/err.c	Mon Feb 24 21:14:54 2003
+***************
+*** 211,216 ****
+--- 211,217 ----
+  
+  {0,NULL},
+  	};
++ #endif
+  
+  
+  /* Define the predeclared (but externally opaque) "ERR_FNS" type */
+***************
+*** 491,496 ****
+--- 492,498 ----
+  	}
+  
+  
++ #ifndef OPENSSL_NO_ERR
+  #define NUM_SYS_STR_REASONS 127
+  #define LEN_SYS_STR_REASON 32
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/err_all.c ../RELENG_4/crypto/openssl/crypto/err/err_all.c
+*** crypto/openssl/crypto/err/err_all.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/err/err_all.c	Mon Feb 24 21:14:54 2003
+***************
+*** 82,88 ****
+--- 82,90 ----
+  #include <openssl/pkcs12.h>
+  #include <openssl/rand.h>
+  #include <openssl/dso.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #include <openssl/ocsp.h>
+  #include <openssl/err.h>
+  
+***************
+*** 122,128 ****
+--- 124,132 ----
+  	ERR_load_PKCS12_strings();
+  	ERR_load_RAND_strings();
+  	ERR_load_DSO_strings();
++ #ifndef OPENSSL_NO_ENGINE
+  	ERR_load_ENGINE_strings();
++ #endif
+  	ERR_load_OCSP_strings();
+  	ERR_load_UI_strings();
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/digest.c ../RELENG_4/crypto/openssl/crypto/evp/digest.c
+*** crypto/openssl/crypto/evp/digest.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/evp/digest.c	Mon Feb 24 21:14:54 2003
+***************
+*** 113,119 ****
+--- 113,121 ----
+  #include "cryptlib.h"
+  #include <openssl/objects.h>
+  #include <openssl/evp.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+  	{
+***************
+*** 138,143 ****
+--- 140,146 ----
+  int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+  	{
+  	EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
++ #ifndef OPENSSL_NO_ENGINE
+  	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+  	 * so this context may already have an ENGINE! Try to avoid releasing
+  	 * the previous handle, re-querying for an ENGINE, and having a
+***************
+*** 183,189 ****
+  		else
+  			ctx->engine = NULL;
+  		}
+! 	else if(!ctx->digest)
+  		{
+  		EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
+  		return 0;
+--- 186,194 ----
+  		else
+  			ctx->engine = NULL;
+  		}
+! 	else
+! #endif
+! 	if(!ctx->digest)
+  		{
+  		EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
+  		return 0;
+***************
+*** 196,202 ****
+--- 201,209 ----
+  		if (type->ctx_size)
+  			ctx->md_data=OPENSSL_malloc(type->ctx_size);
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  skip_to_init:
++ #endif
+  	return ctx->digest->init(ctx);
+  	}
+  
+***************
+*** 246,257 ****
+--- 253,266 ----
+  		EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+  		return 0;
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  	/* Make sure it's safe to copy a digest context using an ENGINE */
+  	if (in->engine && !ENGINE_init(in->engine))
+  		{
+  		EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
+  		return 0;
+  		}
++ #endif
+  
+  	EVP_MD_CTX_cleanup(out);
+  	memcpy(out,in,sizeof *out);
+***************
+*** 304,313 ****
+--- 313,324 ----
+  		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
+  		OPENSSL_free(ctx->md_data);
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  	if(ctx->engine)
+  		/* The EVP_MD we used belongs to an ENGINE, release the
+  		 * functional reference we held for this reason. */
+  		ENGINE_finish(ctx->engine);
++ #endif
+  	memset(ctx,'\0',sizeof *ctx);
+  
+  	return 1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_acnf.c ../RELENG_4/crypto/openssl/crypto/evp/evp_acnf.c
+*** crypto/openssl/crypto/evp/evp_acnf.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/evp/evp_acnf.c	Mon Feb 24 21:14:54 2003
+***************
+*** 59,65 ****
+--- 59,67 ----
+  #include "cryptlib.h"
+  #include <openssl/evp.h>
+  #include <openssl/conf.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  
+  /* Load all algorithms and configure OpenSSL.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_enc.c ../RELENG_4/crypto/openssl/crypto/evp/evp_enc.c
+*** crypto/openssl/crypto/evp/evp_enc.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/evp/evp_enc.c	Mon Feb 24 21:14:54 2003
+***************
+*** 60,66 ****
+--- 60,68 ----
+  #include "cryptlib.h"
+  #include <openssl/evp.h>
+  #include <openssl/err.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #include "evp_locl.h"
+  
+  const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
+***************
+*** 91,96 ****
+--- 93,99 ----
+  			enc = 1;
+  		ctx->encrypt = enc;
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+  	 * so this context may already have an ENGINE! Try to avoid releasing
+  	 * the previous handle, re-querying for an ENGINE, and having a
+***************
+*** 98,103 ****
+--- 101,107 ----
+  	if (ctx->engine && ctx->cipher && (!cipher ||
+  			(cipher && (cipher->nid == ctx->cipher->nid))))
+  		goto skip_to_init;
++ #endif
+  	if (cipher)
+  		{
+  		/* Ensure a context left lying around from last time is cleared
+***************
+*** 107,112 ****
+--- 111,117 ----
+  
+  		/* Restore encrypt field: it is zeroed by cleanup */
+  		ctx->encrypt = enc;
++ #ifndef OPENSSL_NO_ENGINE
+  		if(impl)
+  			{
+  			if (!ENGINE_init(impl))
+***************
+*** 140,145 ****
+--- 145,151 ----
+  			}
+  		else
+  			ctx->engine = NULL;
++ #endif
+  
+  		ctx->cipher=cipher;
+  		ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+***************
+*** 159,165 ****
+--- 165,173 ----
+  		EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
+  		return 0;
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  skip_to_init:
++ #endif
+  	/* we assume block size is a power of 2 in *cryptUpdate */
+  	OPENSSL_assert(ctx->cipher->block_size == 1
+  	    || ctx->cipher->block_size == 8
+***************
+*** 236,242 ****
+  int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+  	     const unsigned char *key, const unsigned char *iv)
+  	{
+! 	return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
+  	}
+  
+  int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+--- 244,250 ----
+  int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+  	     const unsigned char *key, const unsigned char *iv)
+  	{
+! 	return EVP_CipherInit(ctx, cipher, key, iv, 0);
+  	}
+  
+  int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+***************
+*** 460,469 ****
+--- 468,479 ----
+  		}
+  	if (c->cipher_data)
+  		OPENSSL_free(c->cipher_data);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (c->engine)
+  		/* The EVP_CIPHER we used belongs to an ENGINE, release the
+  		 * functional reference we held for this reason. */
+  		ENGINE_finish(c->engine);
++ #endif
+  	memset(c,0,sizeof(EVP_CIPHER_CTX));
+  	return 1;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_test.c ../RELENG_4/crypto/openssl/crypto/evp/evp_test.c
+*** crypto/openssl/crypto/evp/evp_test.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/evp/evp_test.c	Mon Feb 24 21:14:54 2003
+***************
+*** 53,59 ****
+--- 53,62 ----
+  #include "../e_os.h"
+  
+  #include <openssl/evp.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
++ #include <openssl/err.h>
+  #include <openssl/conf.h>
+  
+  static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
+***************
+*** 330,340 ****
+--- 333,346 ----
+      /* Load up the software EVP_CIPHER and EVP_MD definitions */
+      OpenSSL_add_all_ciphers();
+      OpenSSL_add_all_digests();
++ #ifndef OPENSSL_NO_ENGINE
+      /* Load all compiled-in ENGINEs */
+      ENGINE_load_builtin_engines();
++ #endif
+  #if 0
+      OPENSSL_config();
+  #endif
++ #ifndef OPENSSL_NO_ENGINE
+      /* Register all available ENGINE implementations of ciphers and digests.
+       * This could perhaps be changed to "ENGINE_register_all_complete()"? */
+      ENGINE_register_all_ciphers();
+***************
+*** 343,348 ****
+--- 349,355 ----
+       * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
+       * they weren't already initialised. */
+      /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
++ #endif
+  
+      for( ; ; )
+  	{
+***************
+*** 384,390 ****
+--- 391,399 ----
+  	    }
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+      ENGINE_cleanup();
++ #endif
+      EVP_cleanup();
+      CRYPTO_cleanup_all_ex_data();
+      ERR_remove_state(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/krb5/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/krb5/Makefile.ssl
+*** crypto/openssl/crypto/krb5/Makefile.ssl	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/krb5/Makefile.ssl	Mon Feb 24 21:14:54 2003
+***************
+*** 41,47 ****
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB)
+  	@touch lib
+  
+  files:
+--- 41,47 ----
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB) || echo Never mind.
+  	@touch lib
+  
+  files:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2test.c ../RELENG_4/crypto/openssl/crypto/md2/md2test.c
+*** crypto/openssl/crypto/md2/md2test.c	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/md2/md2test.c	Mon Feb 24 21:14:54 2003
+***************
+*** 125,131 ****
+  		P++;
+  		}
+  	EXIT(err);
+- 	return(0);
+  	}
+  
+  static char *pt(unsigned char *md)
+--- 125,130 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4.c ../RELENG_4/crypto/openssl/crypto/md4/md4.c
+*** crypto/openssl/crypto/md4/md4.c	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/md4/md4.c	Mon Feb 24 21:14:54 2003
+***************
+*** 64,70 ****
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #ifndef _OSD_POSIX
+  int read(int, void *, unsigned int);
+  #endif
+  
+--- 64,70 ----
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+  int read(int, void *, unsigned int);
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/md5/Makefile.ssl
+*** crypto/openssl/crypto/md5/Makefile.ssl	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/md5/Makefile.ssl	Mon Feb 24 21:14:54 2003
+***************
+*** 21,34 ****
+  
+  CFLAGS= $(INCLUDES) $(CFLAG)
+  
+- # We let the C compiler driver to take care of .s files. This is done in
+- # order to be excused from maintaining a separate set of architecture
+- # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+- # gcc, then the driver will automatically translate it to -xarch=v8plus
+- # and pass it down to assembler.
+- AS=$(CC) -c
+- ASFLAGS=$(CFLAGS)
+- 
+  GENERAL=Makefile
+  TEST=md5test.c
+  APPS=
+--- 21,26 ----
+***************
+*** 55,68 ****
+  	@touch lib
+  
+  # elf
+! asm/mx86-elf.o: asm/mx86unix.cpp
+! 	$(CPP) -DELF -x c asm/mx86unix.cpp | as -o asm/mx86-elf.o
+! 
+! # solaris
+! asm/mx86-sol.o: asm/mx86unix.cpp
+! 	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+! 	as -o asm/mx86-sol.o asm/mx86-sol.s
+! 	rm -f asm/mx86-sol.s
+  
+  # a.out
+  asm/mx86-out.o: asm/mx86unix.cpp
+--- 47,54 ----
+  	@touch lib
+  
+  # elf
+! asm/mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > mx86-elf.s)
+  
+  # a.out
+  asm/mx86-out.o: asm/mx86unix.cpp
+***************
+*** 125,131 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 111,117 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/mx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5.c ../RELENG_4/crypto/openssl/crypto/md5/md5.c
+*** crypto/openssl/crypto/md5/md5.c	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/md5/md5.c	Mon Feb 24 21:14:54 2003
+***************
+*** 64,70 ****
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #ifndef _OSD_POSIX
+  int read(int, void *, unsigned int);
+  #endif
+  
+--- 64,70 ----
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+  int read(int, void *, unsigned int);
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5.h ../RELENG_4/crypto/openssl/crypto/md5/md5.h
+*** crypto/openssl/crypto/md5/md5.h	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/md5/md5.h	Mon Feb 24 21:14:54 2003
+***************
+*** 78,84 ****
+  
+  #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+  #define MD5_LONG unsigned long
+! #elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__)
+  #define MD5_LONG unsigned long
+  #define MD5_LONG_LOG2 3
+  /*
+--- 78,84 ----
+  
+  #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+  #define MD5_LONG unsigned long
+! #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+  #define MD5_LONG unsigned long
+  #define MD5_LONG_LOG2 3
+  /*
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem.c ../RELENG_4/crypto/openssl/crypto/mem.c
+*** crypto/openssl/crypto/mem.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/mem.c	Mon Feb 24 21:14:51 2003
+***************
+*** 252,257 ****
+--- 252,259 ----
+  	void *ret = NULL;
+  	extern unsigned char cleanse_ctr;
+  
++ 	if (num < 0) return NULL;
++ 
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+  		{
+***************
+*** 291,296 ****
+--- 293,300 ----
+  	void *ret = NULL;
+  	extern unsigned char cleanse_ctr;
+  
++ 	if (num < 0) return NULL;
++ 
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+  		{
+***************
+*** 319,324 ****
+--- 323,331 ----
+  
+  	if (str == NULL)
+  		return CRYPTO_malloc(num, file, line);
++ 
++  	if (num < 0) return NULL;
++  
+  	if (realloc_debug_func != NULL)
+  		realloc_debug_func(str, NULL, num, file, line, 0);
+  	ret = realloc_ex_func(str,num,file,line);
+***************
+*** 338,343 ****
+--- 345,353 ----
+  
+  	if (str == NULL)
+  		return CRYPTO_malloc(num, file, line);
++  
++  	if (num < 0) return NULL;
++  
+  	if (realloc_debug_func != NULL)
+  		realloc_debug_func(str, NULL, num, file, line, 0);
+  	ret=malloc_ex_func(num,file,line);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/o_time.c ../RELENG_4/crypto/openssl/crypto/o_time.c
+*** crypto/openssl/crypto/o_time.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/o_time.c	Mon Feb 24 21:14:51 2003
+***************
+*** 80,86 ****
+  	ts = result;
+  #elif !defined(OPENSSL_SYS_VMS)
+  	ts = gmtime(timer);
+! 	memcpy(result, ts, sizeof(struct tm));
+  	ts = result;
+  #endif
+  #ifdef OPENSSL_SYS_VMS
+--- 80,87 ----
+  	ts = result;
+  #elif !defined(OPENSSL_SYS_VMS)
+  	ts = gmtime(timer);
+! 	if (ts != NULL)
+! 		memcpy(result, ts, sizeof(struct tm));
+  	ts = result;
+  #endif
+  #ifdef OPENSSL_SYS_VMS
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.h ../RELENG_4/crypto/openssl/crypto/objects/obj_dat.h
+*** crypto/openssl/crypto/objects/obj_dat.h	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/objects/obj_dat.h	Mon Feb 24 21:14:55 2003
+***************
+*** 827,833 ****
+  {"RC4-40","rc4-40",NID_rc4_40,0,NULL},
+  {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
+  {"GN","givenName",NID_givenName,3,&(lvalues[535]),0},
+! {"SN","surName",NID_surname,3,&(lvalues[538]),0},
+  {"initials","initials",NID_initials,3,&(lvalues[541]),0},
+  {NULL,NULL,NID_undef,0,NULL},
+  {"crlDistributionPoints","X509v3 CRL Distribution Points",
+--- 827,833 ----
+  {"RC4-40","rc4-40",NID_rc4_40,0,NULL},
+  {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
+  {"GN","givenName",NID_givenName,3,&(lvalues[535]),0},
+! {"SN","surname",NID_surname,3,&(lvalues[538]),0},
+  {"initials","initials",NID_initials,3,&(lvalues[541]),0},
+  {NULL,NULL,NID_undef,0,NULL},
+  {"crlDistributionPoints","X509v3 CRL Distribution Points",
+***************
+*** 3005,3011 ****
+  &(nid_objs[16]),/* "stateOrProvinceName" */
+  &(nid_objs[498]),/* "subtreeMaximumQuality" */
+  &(nid_objs[497]),/* "subtreeMinimumQuality" */
+! &(nid_objs[100]),/* "surName" */
+  &(nid_objs[459]),/* "textEncodedORAddress" */
+  &(nid_objs[293]),/* "textNotice" */
+  &(nid_objs[106]),/* "title" */
+--- 3005,3011 ----
+  &(nid_objs[16]),/* "stateOrProvinceName" */
+  &(nid_objs[498]),/* "subtreeMaximumQuality" */
+  &(nid_objs[497]),/* "subtreeMinimumQuality" */
+! &(nid_objs[100]),/* "surname" */
+  &(nid_objs[459]),/* "textEncodedORAddress" */
+  &(nid_objs[293]),/* "textNotice" */
+  &(nid_objs[106]),/* "title" */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.h ../RELENG_4/crypto/openssl/crypto/objects/obj_mac.h
+*** crypto/openssl/crypto/objects/obj_mac.h	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/objects/obj_mac.h	Mon Feb 24 21:14:55 2003
+***************
+*** 1596,1602 ****
+  #define OBJ_commonName		OBJ_X509,3L
+  
+  #define SN_surname		"SN"
+! #define LN_surname		"surName"
+  #define NID_surname		100
+  #define OBJ_surname		OBJ_X509,4L
+  
+--- 1596,1602 ----
+  #define OBJ_commonName		OBJ_X509,3L
+  
+  #define SN_surname		"SN"
+! #define LN_surname		"surname"
+  #define NID_surname		100
+  #define OBJ_surname		OBJ_X509,4L
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/objects.txt ../RELENG_4/crypto/openssl/crypto/objects/objects.txt
+*** crypto/openssl/crypto/objects/objects.txt	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/objects/objects.txt	Mon Feb 24 21:14:55 2003
+***************
+*** 531,538 ****
+  
+  X500 4			: X509
+  X509 3			: CN			: commonName
+! !Cname surname
+! X509 4			: SN			: surName
+  X509 5			: 			: serialNumber
+  X509 6			: C			: countryName
+  X509 7			: L			: localityName
+--- 531,537 ----
+  
+  X500 4			: X509
+  X509 3			: CN			: commonName
+! X509 4			: SN			: surname
+  X509 5			: 			: serialNumber
+  X509 6			: C			: countryName
+  X509 7			: L			: localityName
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ocsp/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/ocsp/Makefile.ssl
+*** crypto/openssl/crypto/ocsp/Makefile.ssl	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/ocsp/Makefile.ssl	Mon Feb 24 21:14:55 2003
+***************
+*** 43,49 ****
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB)
+  	@touch lib
+  
+  files:
+--- 43,49 ----
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB) || echo Never mind.
+  	@touch lib
+  
+  files:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslv.h ../RELENG_4/crypto/openssl/crypto/opensslv.h
+*** crypto/openssl/crypto/opensslv.h	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/opensslv.h	Mon Feb 24 21:14:51 2003
+***************
+*** 25,32 ****
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090700fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7 31 Dec 2002"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+--- 25,32 ----
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090701fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7a Feb 19 2003"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/perlasm/x86asm.pl ../RELENG_4/crypto/openssl/crypto/perlasm/x86asm.pl
+*** crypto/openssl/crypto/perlasm/x86asm.pl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/perlasm/x86asm.pl	Mon Feb 24 21:14:55 2003
+***************
+*** 18,26 ****
+  	($type,$fn,$i386)=@_;
+  	$filename=$fn;
+  
+! 	$cpp=$sol=$aout=$win32=$gaswin=0;
+  	if (	($type eq "elf"))
+! 		{ require "x86unix.pl"; }
+  	elsif (	($type eq "a.out"))
+  		{ $aout=1; require "x86unix.pl"; }
+  	elsif (	($type eq "gaswin"))
+--- 18,26 ----
+  	($type,$fn,$i386)=@_;
+  	$filename=$fn;
+  
+! 	$elf=$cpp=$sol=$aout=$win32=$gaswin=0;
+  	if (	($type eq "elf"))
+! 		{ $elf=1; require "x86unix.pl"; }
+  	elsif (	($type eq "a.out"))
+  		{ $aout=1; require "x86unix.pl"; }
+  	elsif (	($type eq "gaswin"))
+***************
+*** 47,52 ****
+--- 47,55 ----
+  		exit(1);
+  		}
+  
++ 	$pic=0;
++ 	for (@ARGV) {	$pic=1 if (/\-[fK]PIC/i);	}
++ 
+  	&asm_init_output();
+  
+  &comment("Don't even think of reading this code");
+***************
+*** 91,97 ****
+  #undef SIZE
+  #undef TYPE
+  #define SIZE(a,b)
+! #define TYPE(a,b)
+  #endif /* __CYGWIN || __DJGPP */
+  #endif
+  
+--- 94,100 ----
+  #undef SIZE
+  #undef TYPE
+  #define SIZE(a,b)
+! #define TYPE(a,b)	.def a; .scl 2; .type 32; .endef
+  #endif /* __CYGWIN || __DJGPP */
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/perlasm/x86ms.pl ../RELENG_4/crypto/openssl/crypto/perlasm/x86ms.pl
+*** crypto/openssl/crypto/perlasm/x86ms.pl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/perlasm/x86ms.pl	Mon Feb 24 21:14:55 2003
+***************
+*** 367,370 ****
+--- 367,376 ----
+  	push(@out,"\t$name\t ".&conv($p1)."\n");
+  	}
+  
++ sub main'picmeup
++ 	{
++ 	local($dst,$sym)=@_;
++ 	&main'lea($dst,&main'DWP($sym));
++ 	}
++ 
+  sub main'blindpop { &out1("pop",@_); }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/perlasm/x86nasm.pl ../RELENG_4/crypto/openssl/crypto/perlasm/x86nasm.pl
+*** crypto/openssl/crypto/perlasm/x86nasm.pl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/perlasm/x86nasm.pl	Mon Feb 24 21:14:55 2003
+***************
+*** 344,347 ****
+--- 344,353 ----
+  	push(@out,"\t$name\t ".&conv($p1)."\n");
+  	}
+  
++ sub main'picmeup
++ 	{
++ 	local($dst,$sym)=@_;
++ 	&main'lea($dst,&main'DWP($sym));
++ 	}
++ 
+  sub main'blindpop { &out1("pop",@_); }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/perlasm/x86unix.pl ../RELENG_4/crypto/openssl/crypto/perlasm/x86unix.pl
+*** crypto/openssl/crypto/perlasm/x86unix.pl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/perlasm/x86unix.pl	Mon Feb 24 21:14:55 2003
+***************
+*** 345,359 ****
+  	popl	%ebx
+  	popl	%ebp
+  	ret
+! .${func}_end:
+  EOF
+  	push(@out,$tmp);
+  
+  	if ($main'cpp)
+! 		{ push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+  	elsif ($main'gaswin)
+                  { $tmp=push(@out,"\t.align 4\n"); }
+! 	else	{ push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+  	push(@out,".ident	\"$func\"\n");
+  	$stack=0;
+  	%label=();
+--- 345,359 ----
+  	popl	%ebx
+  	popl	%ebp
+  	ret
+! .L_${func}_end:
+  EOF
+  	push(@out,$tmp);
+  
+  	if ($main'cpp)
+! 		{ push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); }
+  	elsif ($main'gaswin)
+                  { $tmp=push(@out,"\t.align 4\n"); }
+! 	else	{ push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); }
+  	push(@out,".ident	\"$func\"\n");
+  	$stack=0;
+  	%label=();
+***************
+*** 426,431 ****
+--- 426,436 ----
+  
+  sub main'comment
+  	{
++ 	if ($main'elf)	# GNU and SVR4 as'es use different comment delimiters,
++ 		{	# so we just skip comments...
++ 		push(@out,"\n");
++ 		return;
++ 		}
+  	foreach (@_)
+  		{
+  		if (/^\s*$/)
+***************
+*** 546,552 ****
+  sub main'picmeup
+  	{
+  	local($dst,$sym)=@_;
+! 	local($tmp)=<<___;
+  #if (defined(ELF) || defined(SOL)) && defined(PIC)
+  	.align	8
+  	call	1f
+--- 551,559 ----
+  sub main'picmeup
+  	{
+  	local($dst,$sym)=@_;
+! 	if ($main'cpp)
+! 		{
+! 		local($tmp)=<<___;
+  #if (defined(ELF) || defined(SOL)) && defined(PIC)
+  	.align	8
+  	call	1f
+***************
+*** 557,563 ****
+  	leal	$sym,$regs{$dst}
+  #endif
+  ___
+! 	push(@out,$tmp);
+  	}
+  
+  sub main'blindpop { &out1("popl",@_); }
+--- 564,585 ----
+  	leal	$sym,$regs{$dst}
+  #endif
+  ___
+! 		push(@out,$tmp);
+! 		}
+! 	elsif ($main'pic && ($main'elf || $main'aout))
+! 		{
+! 		push(@out,"\t.align\t8\n");
+! 		&main'call(&main'label("PIC_me_up"));
+! 		&main'set_label("PIC_me_up");
+! 		&main'blindpop($dst);
+! 		&main'add($dst,"\$$under"."_GLOBAL_OFFSET_TABLE_+[.-".
+! 				&main'label("PIC_me_up") . "]");
+! 		&main'mov($dst,&main'DWP($sym."\@GOT",$dst));
+! 		}
+! 	else
+! 		{
+! 		&main'lea($dst,&main'DWP($sym));
+! 		}
+  	}
+  
+  sub main'blindpop { &out1("popl",@_); }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand.h ../RELENG_4/crypto/openssl/crypto/rand/rand.h
+*** crypto/openssl/crypto/rand/rand.h	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/rand/rand.h	Mon Feb 24 21:14:56 2003
+***************
+*** 87,93 ****
+--- 87,95 ----
+  
+  int RAND_set_rand_method(const RAND_METHOD *meth);
+  const RAND_METHOD *RAND_get_rand_method(void);
++ #ifndef OPENSSL_NO_ENGINE
+  int RAND_set_rand_engine(ENGINE *engine);
++ #endif
+  RAND_METHOD *RAND_SSLeay(void);
+  void RAND_cleanup(void );
+  int  RAND_bytes(unsigned char *buf,int num);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_lib.c ../RELENG_4/crypto/openssl/crypto/rand/rand_lib.c
+*** crypto/openssl/crypto/rand/rand_lib.c	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/rand/rand_lib.c	Mon Feb 24 21:14:56 2003
+***************
+*** 60,78 ****
+--- 60,84 ----
+  #include <time.h>
+  #include "cryptlib.h"
+  #include <openssl/rand.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
++ #ifndef OPENSSL_NO_ENGINE
+  /* non-NULL if default_RAND_meth is ENGINE-provided */
+  static ENGINE *funct_ref =NULL;
++ #endif
+  static const RAND_METHOD *default_RAND_meth = NULL;
+  
+  int RAND_set_rand_method(const RAND_METHOD *meth)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	if(funct_ref)
+  		{
+  		ENGINE_finish(funct_ref);
+  		funct_ref = NULL;
+  		}
++ #endif
+  	default_RAND_meth = meth;
+  	return 1;
+  	}
+***************
+*** 81,86 ****
+--- 87,93 ----
+  	{
+  	if (!default_RAND_meth)
+  		{
++ #ifndef OPENSSL_NO_ENGINE
+  		ENGINE *e = ENGINE_get_default_RAND();
+  		if(e)
+  			{
+***************
+*** 94,104 ****
+--- 101,113 ----
+  		if(e)
+  			funct_ref = e;
+  		else
++ #endif
+  			default_RAND_meth = RAND_SSLeay();
+  		}
+  	return default_RAND_meth;
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+  int RAND_set_rand_engine(ENGINE *engine)
+  	{
+  	const RAND_METHOD *tmp_meth = NULL;
+***************
+*** 118,123 ****
+--- 127,133 ----
+  	funct_ref = engine;
+  	return 1;
+  	}
++ #endif
+  
+  void RAND_cleanup(void)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/rc4/Makefile.ssl
+*** crypto/openssl/crypto/rc4/Makefile.ssl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/rc4/Makefile.ssl	Mon Feb 24 21:14:56 2003
+***************
+*** 52,65 ****
+  	@touch lib
+  
+  # elf
+! asm/rx86-elf.o: asm/rx86unix.cpp
+! 	$(CPP) -DELF -x c asm/rx86unix.cpp | as -o asm/rx86-elf.o
+! 
+! # solaris
+! asm/rx86-sol.o: asm/rx86unix.cpp
+! 	$(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+! 	as -o asm/rx86-sol.o asm/rx86-sol.s
+! 	rm -f asm/rx86-sol.s
+  
+  # a.out
+  asm/rx86-out.o: asm/rx86unix.cpp
+--- 52,59 ----
+  	@touch lib
+  
+  # elf
+! asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s)
+  
+  # a.out
+  asm/rx86-out.o: asm/rx86unix.cpp
+***************
+*** 104,110 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 98,104 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/rc5/Makefile.ssl
+*** crypto/openssl/crypto/rc5/Makefile.ssl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/rc5/Makefile.ssl	Mon Feb 24 21:14:56 2003
+***************
+*** 49,62 ****
+  	@touch lib
+  
+  # elf
+! asm/r586-elf.o: asm/r586unix.cpp
+! 	$(CPP) -DELF -x c asm/r586unix.cpp | as -o asm/r586-elf.o
+! 
+! # solaris
+! asm/r586-sol.o: asm/r586unix.cpp
+! 	$(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s
+! 	as -o asm/r586-sol.o asm/r586-sol.s
+! 	rm -f asm/r586-sol.s
+  
+  # a.out
+  asm/r586-out.o: asm/r586unix.cpp
+--- 49,56 ----
+  	@touch lib
+  
+  # elf
+! asm/r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+! 	(cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > r586-elf.s)
+  
+  # a.out
+  asm/r586-out.o: asm/r586unix.cpp
+***************
+*** 101,107 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 95,101 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/r586unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/rc5_locl.h ../RELENG_4/crypto/openssl/crypto/rc5/rc5_locl.h
+*** crypto/openssl/crypto/rc5/rc5_locl.h	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/rc5/rc5_locl.h	Mon Feb 24 21:14:56 2003
+***************
+*** 149,155 ****
+  #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+  #define ROTATE_l32(a,n)     _lrotl(a,n)
+  #define ROTATE_r32(a,n)     _lrotr(a,n)
+! #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+  # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+  #  define ROTATE_l32(a,n)	({ register unsigned int ret;	\
+  					asm ("roll %%cl,%0"	\
+--- 149,155 ----
+  #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+  #define ROTATE_l32(a,n)     _lrotl(a,n)
+  #define ROTATE_r32(a,n)     _lrotr(a,n)
+! #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+  # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+  #  define ROTATE_l32(a,n)	({ register unsigned int ret;	\
+  					asm ("roll %%cl,%0"	\
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/ripemd/Makefile.ssl
+*** crypto/openssl/crypto/ripemd/Makefile.ssl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/ripemd/Makefile.ssl	Mon Feb 24 21:14:56 2003
+***************
+*** 47,60 ****
+  	@touch lib
+  
+  # elf
+! asm/rm86-elf.o: asm/rm86unix.cpp
+! 	$(CPP) -DELF -x c asm/rm86unix.cpp | as -o asm/rm86-elf.o
+! 
+! # solaris
+! asm/rm86-sol.o: asm/rm86unix.cpp
+! 	$(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s
+! 	as -o asm/rm86-sol.o asm/rm86-sol.s
+! 	rm -f asm/rm86-sol.s
+  
+  # a.out
+  asm/rm86-out.o: asm/rm86unix.cpp
+--- 47,54 ----
+  	@touch lib
+  
+  # elf
+! asm/rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > rm86-elf.s)
+  
+  # a.out
+  asm/rm86-out.o: asm/rm86unix.cpp
+***************
+*** 99,105 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 93,99 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/rm86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmd160.c ../RELENG_4/crypto/openssl/crypto/ripemd/rmd160.c
+*** crypto/openssl/crypto/ripemd/rmd160.c	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/ripemd/rmd160.c	Mon Feb 24 21:14:56 2003
+***************
+*** 64,70 ****
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #ifndef _OSD_POSIX
+  int read(int, void *, unsigned int);
+  #endif
+  
+--- 64,70 ----
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+  int read(int, void *, unsigned int);
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_eay.c ../RELENG_4/crypto/openssl/crypto/rsa/rsa_eay.c
+*** crypto/openssl/crypto/rsa/rsa_eay.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/rsa/rsa_eay.c	Mon Feb 24 21:14:56 2003
+***************
+*** 61,67 ****
+--- 61,69 ----
+  #include <openssl/bn.h>
+  #include <openssl/rsa.h>
+  #include <openssl/rand.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  #ifndef RSA_NULL
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_lib.c ../RELENG_4/crypto/openssl/crypto/rsa/rsa_lib.c
+*** crypto/openssl/crypto/rsa/rsa_lib.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/rsa/rsa_lib.c	Mon Feb 24 21:14:56 2003
+***************
+*** 62,68 ****
+--- 62,70 ----
+  #include <openssl/lhash.h>
+  #include <openssl/bn.h>
+  #include <openssl/rsa.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
+  
+***************
+*** 108,118 ****
+--- 110,122 ----
+  	const RSA_METHOD *mtmp;
+  	mtmp = rsa->meth;
+  	if (mtmp->finish) mtmp->finish(rsa);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (rsa->engine)
+  		{
+  		ENGINE_finish(rsa->engine);
+  		rsa->engine = NULL;
+  		}
++ #endif
+  	rsa->meth = meth;
+  	if (meth->init) meth->init(rsa);
+  	return 1;
+***************
+*** 130,135 ****
+--- 134,140 ----
+  		}
+  
+  	ret->meth = RSA_get_default_method();
++ #ifndef OPENSSL_NO_ENGINE
+  	if (engine)
+  		{
+  		if (!ENGINE_init(engine))
+***************
+*** 154,159 ****
+--- 159,165 ----
+  			return NULL;
+  			}
+  		}
++ #endif
+  
+  	ret->pad=0;
+  	ret->version=0;
+***************
+*** 175,182 ****
+--- 181,190 ----
+  	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+  	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+  		{
++ #ifndef OPENSSL_NO_ENGINE
+  		if (ret->engine)
+  			ENGINE_finish(ret->engine);
++ #endif
+  		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+  		OPENSSL_free(ret);
+  		ret=NULL;
+***************
+*** 205,212 ****
+--- 213,222 ----
+  
+  	if (r->meth->finish)
+  		r->meth->finish(r);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (r->engine)
+  		ENGINE_finish(r->engine);
++ #endif
+  
+  	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_sign.c ../RELENG_4/crypto/openssl/crypto/rsa/rsa_sign.c
+*** crypto/openssl/crypto/rsa/rsa_sign.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/rsa/rsa_sign.c	Mon Feb 24 21:14:56 2003
+***************
+*** 62,68 ****
+--- 62,70 ----
+  #include <openssl/rsa.h>
+  #include <openssl/objects.h>
+  #include <openssl/x509.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  /* Size of an SSL signature: MD5+SHA1 */
+  #define SSL_SIG_LENGTH	36
+***************
+*** 77,86 ****
+--- 79,90 ----
+  	const unsigned char *s = NULL;
+  	X509_ALGOR algor;
+  	ASN1_OCTET_STRING digest;
++ #ifndef OPENSSL_NO_ENGINE
+  	if((rsa->flags & RSA_FLAG_SIGN_VER)
+  	      && ENGINE_get_RSA(rsa->engine)->rsa_sign)
+  	      return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
+  			m, m_len, sigret, siglen, rsa);
++ #endif
+  	/* Special case: SSL signature, just check the length */
+  	if(type == NID_md5_sha1) {
+  		if(m_len != SSL_SIG_LENGTH) {
+***************
+*** 155,164 ****
+--- 159,170 ----
+  		return(0);
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	if((rsa->flags & RSA_FLAG_SIGN_VER)
+  	    && ENGINE_get_RSA(rsa->engine)->rsa_verify)
+  	    return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
+  			m, m_len, sigbuf, siglen, rsa);
++ #endif
+  
+  	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
+  	if (s == NULL)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_test.c ../RELENG_4/crypto/openssl/crypto/rsa/rsa_test.c
+*** crypto/openssl/crypto/rsa/rsa_test.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/rsa/rsa_test.c	Mon Feb 24 21:14:56 2003
+***************
+*** 16,22 ****
+--- 16,24 ----
+  }
+  #else
+  #include <openssl/rsa.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  #define SetKey \
+    key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/sha/Makefile.ssl
+*** crypto/openssl/crypto/sha/Makefile.ssl	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/sha/Makefile.ssl	Mon Feb 24 21:14:56 2003
+***************
+*** 47,60 ****
+  	@touch lib
+  
+  # elf
+! asm/sx86-elf.o: asm/sx86unix.cpp
+! 	$(CPP) -DELF -x c asm/sx86unix.cpp | as -o asm/sx86-elf.o
+! 
+! # solaris
+! asm/sx86-sol.o: asm/sx86unix.cpp
+! 	$(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
+! 	as -o asm/sx86-sol.o asm/sx86-sol.s
+! 	rm -f asm/sx86-sol.s
+  
+  # a.out
+  asm/sx86-out.o: asm/sx86unix.cpp
+--- 47,54 ----
+  	@touch lib
+  
+  # elf
+! asm/sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > sx86-elf.s)
+  
+  # a.out
+  asm/sx86-out.o: asm/sx86unix.cpp
+***************
+*** 99,105 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 93,99 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/sx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ui/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/ui/Makefile.ssl
+*** crypto/openssl/crypto/ui/Makefile.ssl	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/ui/Makefile.ssl	Mon Feb 24 21:14:56 2003
+***************
+*** 44,50 ****
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB)
+  	@touch lib
+  
+  files:
+--- 44,50 ----
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB) || echo Never mind.
+  	@touch lib
+  
+  files:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ui/ui_openssl.c ../RELENG_4/crypto/openssl/crypto/ui/ui_openssl.c
+*** crypto/openssl/crypto/ui/ui_openssl.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/ui/ui_openssl.c	Mon Feb 24 21:14:56 2003
+***************
+*** 550,556 ****
+  
+  static int close_console(UI *ui)
+  	{
+! 	if (tty_in != stderr) fclose(tty_in);
+  	if (tty_out != stderr) fclose(tty_out);
+  #ifdef OPENSSL_SYS_VMS
+  	status = sys$dassgn(channel);
+--- 550,556 ----
+  
+  static int close_console(UI *ui)
+  	{
+! 	if (tty_in != stdin) fclose(tty_in);
+  	if (tty_out != stderr) fclose(tty_out);
+  #ifdef OPENSSL_SYS_VMS
+  	status = sys$dassgn(channel);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/ext_dat.h ../RELENG_4/crypto/openssl/crypto/x509v3/ext_dat.h
+*** crypto/openssl/crypto/x509v3/ext_dat.h	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/x509v3/ext_dat.h	Mon Feb 24 21:14:56 2003
+***************
+*** 90,106 ****
+--- 90,112 ----
+  &v3_crld,
+  &v3_ext_ku,
+  &v3_crl_reason,
++ #ifndef OPENSSL_NO_OCSP
+  &v3_crl_invdate,
++ #endif
+  &v3_sxnet,
+  &v3_info,
++ #ifndef OPENSSL_NO_OCSP
+  &v3_ocsp_nonce,
+  &v3_ocsp_crlid,
+  &v3_ocsp_accresp,
+  &v3_ocsp_nocheck,
+  &v3_ocsp_acutoff,
+  &v3_ocsp_serviceloc,
++ #endif
+  &v3_sinfo,
++ #ifndef OPENSSL_NO_OCSP
+  &v3_crl_hold
++ #endif
+  };
+  
+  /* Number of standard extensions */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/v3_ocsp.c ../RELENG_4/crypto/openssl/crypto/x509v3/v3_ocsp.c
+*** crypto/openssl/crypto/x509v3/v3_ocsp.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/x509v3/v3_ocsp.c	Mon Feb 24 21:14:56 2003
+***************
+*** 56,61 ****
+--- 56,63 ----
+   *
+   */
+  
++ #ifndef OPENSSL_NO_OCSP
++ 
+  #include <stdio.h>
+  #include "cryptlib.h"
+  #include <openssl/conf.h>
+***************
+*** 270,272 ****
+--- 272,275 ----
+  err:
+  	return 0;
+  	}
++ #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/v3_purp.c ../RELENG_4/crypto/openssl/crypto/x509v3/v3_purp.c
+*** crypto/openssl/crypto/x509v3/v3_purp.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/x509v3/v3_purp.c	Mon Feb 24 21:14:56 2003
+***************
+*** 378,383 ****
+--- 378,387 ----
+  				case NID_time_stamp:
+  				x->ex_xkusage |= XKU_TIMESTAMP;
+  				break;
++ 
++ 				case NID_dvcs:
++ 				x->ex_xkusage |= XKU_DVCS;
++ 				break;
+  			}
+  		}
+  		sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/v3conf.c ../RELENG_4/crypto/openssl/crypto/x509v3/v3conf.c
+*** crypto/openssl/crypto/x509v3/v3conf.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/x509v3/v3conf.c	Mon Feb 24 21:14:57 2003
+***************
+*** 118,124 ****
+  		printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+  		if(ext->critical) printf(",critical:\n");
+  		else printf(":\n");
+! 		X509V3_EXT_print_fp(stdout, ext, 0);
+  		printf("\n");
+  		
+  	}
+--- 118,124 ----
+  		printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+  		if(ext->critical) printf(",critical:\n");
+  		else printf(":\n");
+! 		X509V3_EXT_print_fp(stdout, ext, 0, 0);
+  		printf("\n");
+  		
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/x509v3.h ../RELENG_4/crypto/openssl/crypto/x509v3/x509v3.h
+*** crypto/openssl/crypto/x509v3/x509v3.h	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/x509v3/x509v3.h	Mon Feb 24 21:14:57 2003
+***************
+*** 352,357 ****
+--- 352,358 ----
+  #define XKU_SGC			0x10
+  #define XKU_OCSP_SIGN		0x20
+  #define XKU_TIMESTAMP		0x40
++ #define XKU_DVCS		0x80
+  
+  #define X509_PURPOSE_DYNAMIC	0x1
+  #define X509_PURPOSE_DYNAMIC_NAME	0x2
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/x509/mkcert.c ../RELENG_4/crypto/openssl/demos/x509/mkcert.c
+*** crypto/openssl/demos/x509/mkcert.c	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/demos/x509/mkcert.c	Mon Feb 24 21:14:57 2003
+***************
+*** 9,15 ****
+--- 9,17 ----
+  #include <openssl/pem.h>
+  #include <openssl/conf.h>
+  #include <openssl/x509v3.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+  int add_ext(X509 *cert, int nid, char *value);
+***************
+*** 35,41 ****
+--- 37,45 ----
+  	X509_free(x509);
+  	EVP_PKEY_free(pkey);
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE_cleanup();
++ #endif
+  	CRYPTO_cleanup_all_ex_data();
+  
+  	CRYPTO_mem_leaks(bio_err);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/x509/mkreq.c ../RELENG_4/crypto/openssl/demos/x509/mkreq.c
+*** crypto/openssl/demos/x509/mkreq.c	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/demos/x509/mkreq.c	Mon Feb 24 21:14:57 2003
+***************
+*** 8,14 ****
+--- 8,16 ----
+  #include <openssl/pem.h>
+  #include <openssl/conf.h>
+  #include <openssl/x509v3.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+  int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);
+***************
+*** 33,39 ****
+--- 35,43 ----
+  	X509_REQ_free(req);
+  	EVP_PKEY_free(pkey);
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE_cleanup();
++ #endif
+  	CRYPTO_cleanup_all_ex_data();
+  
+  	CRYPTO_mem_leaks(bio_err);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/HOWTO/certificates.txt ../RELENG_4/crypto/openssl/doc/HOWTO/certificates.txt
+*** crypto/openssl/doc/HOWTO/certificates.txt	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/HOWTO/certificates.txt	Mon Feb 24 21:14:58 2003
+***************
+*** 1,6 ****
+--- 1,8 ----
+  <DRAFT!>
+  			HOWTO certificates
+  
++ 1. Introduction
++ 
+  How you handle certificates depend a great deal on what your role is.
+  Your role can be one or several of:
+  
+***************
+*** 13,24 ****
+  
+  In all the cases shown below, the standard configuration file, as
+  compiled into openssl, will be used.  You may find it in /etc/,
+! /usr/local/ssr/ or somewhere else.  The name is openssl.cnf, and
+  is better described in another HOWTO <config.txt?>.  If you want to
+  use a different configuration file, use the argument '-config {file}'
+  with the command shown below.
+  
+  
+  Certificates are related to public key cryptography by containing a
+  public key.  To be useful, there must be a corresponding private key
+  somewhere.  With OpenSSL, public keys are easily derived from private
+--- 15,28 ----
+  
+  In all the cases shown below, the standard configuration file, as
+  compiled into openssl, will be used.  You may find it in /etc/,
+! /usr/local/ssl/ or somewhere else.  The name is openssl.cnf, and
+  is better described in another HOWTO <config.txt?>.  If you want to
+  use a different configuration file, use the argument '-config {file}'
+  with the command shown below.
+  
+  
++ 2. Relationship with keys
++ 
+  Certificates are related to public key cryptography by containing a
+  public key.  To be useful, there must be a corresponding private key
+  somewhere.  With OpenSSL, public keys are easily derived from private
+***************
+*** 26,47 ****
+  need to create a private key.
+  
+  Private keys are generated with 'openssl genrsa' if you want a RSA
+! private key, or 'openssl gendsa' if you want a DSA private key.  More
+! info on how to handle these commands are found in the manual pages for
+! those commands or by running them with the argument '-h'.  For the
+! sake of the description in this file, let's assume that the private
+! key ended up in the file privkey.pem (which is the default in some
+! cases).
+  
+  
+! Let's start with the most normal way of getting a certificate.  Most
+! often, you want or need to get a certificate from a certificate
+! authority.  To handle that, the certificate authority needs a
+! certificate request (or, as some certificate authorities like to put
+  it, "certificate signing request", since that's exactly what they do,
+  they sign it and give you the result back, thus making it authentic
+! according to their policies) from you.  To generate a request, use the
+! command 'openssl req' like this:
+  
+    openssl req -new -key privkey.pem -out cert.csr
+  
+--- 30,54 ----
+  need to create a private key.
+  
+  Private keys are generated with 'openssl genrsa' if you want a RSA
+! private key, or 'openssl gendsa' if you want a DSA private key.
+! Further information on how to create private keys can be found in
+! another HOWTO <keys.txt?>.  The rest of this text assumes you have
+! a private key in the file privkey.pem.
+  
+  
+! 3. Creating a certificate request
+! 
+! To create a certificate, you need to start with a certificate
+! request (or, as some certificate authorities like to put
+  it, "certificate signing request", since that's exactly what they do,
+  they sign it and give you the result back, thus making it authentic
+! according to their policies).  A certificate request can then be sent
+! to a certificate authority to get it signed into a certificate, or if
+! you have your own certificate authority, you may sign it yourself, or
+! if you need a self-signed certificate (because you just want a test
+! certificate or because you are setting up your own CA).
+! 
+! The certificate is created like this:
+  
+    openssl req -new -key privkey.pem -out cert.csr
+  
+***************
+*** 55,63 ****
+  do (and probably gotten payment from you), they will hand over your
+  new certificate to you.
+  
+  
+- [fill in on how to create a self-signed certificate]
+  
+  
+  If you created everything yourself, or if the certificate authority
+  was kind enough, your certificate is a raw DER thing in PEM format.
+--- 62,86 ----
+  do (and probably gotten payment from you), they will hand over your
+  new certificate to you.
+  
++ Section 5 will tell you more on how to handle the certificate you
++ received.
++ 
++ 
++ 4. Creating a self-signed certificate
++ 
++ If you don't want to deal with another certificate authority, or just
++ want to create a test certificate for yourself, or are setting up a
++ certificate authority of your own, you may want to make the requested
++ certificate a self-signed one.  If you have created a certificate
++ request as shown above, you can sign it using the 'openssl x509'
++ command, for example like this (to create a self-signed CA
++ certificate):
++ 
++   openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \
++ 	  -signkey privkey.pem -out cacert.pem -trustout
+  
+  
++ 5. What to do with the certificate
+  
+  If you created everything yourself, or if the certificate authority
+  was kind enough, your certificate is a raw DER thing in PEM format.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/ca.pod ../RELENG_4/crypto/openssl/doc/apps/ca.pod
+*** crypto/openssl/doc/apps/ca.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/ca.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 43,48 ****
+--- 43,49 ----
+  [B<-msie_hack>]
+  [B<-extensions section>]
+  [B<-extfile section>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 194,199 ****
+--- 195,207 ----
+  an additional configuration file to read certificate extensions from
+  (using the default section unless the B<-extensions> option is also
+  used).
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/dhparam.pod ../RELENG_4/crypto/openssl/doc/apps/dhparam.pod
+*** crypto/openssl/doc/apps/dhparam.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/dhparam.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 18,23 ****
+--- 18,24 ----
+  [B<-2>]
+  [B<-5>]
+  [B<-rand> I<file(s)>]
++ [B<-engine id>]
+  [I<numbits>]
+  
+  =head1 DESCRIPTION
+***************
+*** 95,100 ****
+--- 96,108 ----
+  
+  this option converts the parameters into C code. The parameters can then
+  be loaded by calling the B<get_dh>I<numbits>B<()> function.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/dsa.pod ../RELENG_4/crypto/openssl/doc/apps/dsa.pod
+*** crypto/openssl/doc/apps/dsa.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/dsa.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 21,26 ****
+--- 21,27 ----
+  [B<-modulus>]
+  [B<-pubin>]
+  [B<-pubout>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 105,110 ****
+--- 106,118 ----
+  by default a private key is output. With this option a public
+  key will be output instead. This option is automatically set if the input is
+  a public key.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/dsaparam.pod ../RELENG_4/crypto/openssl/doc/apps/dsaparam.pod
+*** crypto/openssl/doc/apps/dsaparam.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/dsaparam.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 16,21 ****
+--- 16,22 ----
+  [B<-C>]
+  [B<-rand file(s)>]
+  [B<-genkey>]
++ [B<-engine id>]
+  [B<numbits>]
+  
+  =head1 DESCRIPTION
+***************
+*** 81,86 ****
+--- 82,94 ----
+  this option specifies that a parameter set should be generated of size
+  B<numbits>. It must be the last option. If this option is included then
+  the input file (if any) is ignored.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/gendsa.pod ../RELENG_4/crypto/openssl/doc/apps/gendsa.pod
+*** crypto/openssl/doc/apps/gendsa.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/gendsa.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 12,17 ****
+--- 12,18 ----
+  [B<-des3>]
+  [B<-idea>]
+  [B<-rand file(s)>]
++ [B<-engine id>]
+  [B<paramfile>]
+  
+  =head1 DESCRIPTION
+***************
+*** 36,41 ****
+--- 37,49 ----
+  Multiple files can be specified separated by a OS-dependent character.
+  The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+  all others.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =item B<paramfile>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/genrsa.pod ../RELENG_4/crypto/openssl/doc/apps/genrsa.pod
+*** crypto/openssl/doc/apps/genrsa.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/genrsa.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 15,20 ****
+--- 15,21 ----
+  [B<-f4>]
+  [B<-3>]
+  [B<-rand file(s)>]
++ [B<-engine id>]
+  [B<numbits>]
+  
+  =head1 DESCRIPTION
+***************
+*** 53,58 ****
+--- 54,66 ----
+  Multiple files can be specified separated by a OS-dependent character.
+  The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+  all others.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =item B<numbits>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/pkcs7.pod ../RELENG_4/crypto/openssl/doc/apps/pkcs7.pod
+*** crypto/openssl/doc/apps/pkcs7.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/pkcs7.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 14,19 ****
+--- 14,20 ----
+  [B<-print_certs>]
+  [B<-text>]
+  [B<-noout>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 58,63 ****
+--- 59,71 ----
+  
+  don't output the encoded version of the PKCS#7 structure (or certificates
+  is B<-print_certs> is set).
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/pkcs8.pod ../RELENG_4/crypto/openssl/doc/apps/pkcs8.pod
+*** crypto/openssl/doc/apps/pkcs8.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/pkcs8.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 21,26 ****
+--- 21,27 ----
+  [B<-nsdb>]
+  [B<-v2 alg>]
+  [B<-v1 alg>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 121,126 ****
+--- 122,134 ----
+  
+  This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
+  list of possible algorithms is included below.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/req.pod ../RELENG_4/crypto/openssl/doc/apps/req.pod
+*** crypto/openssl/doc/apps/req.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/req.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 41,46 ****
+--- 41,47 ----
+  [B<-nameopt>]
+  [B<-batch>]
+  [B<-verbose>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 244,249 ****
+--- 245,257 ----
+  
+  print extra details about the operations being performed.
+  
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
++ 
+  =back
+  
+  =head1 CONFIGURATION FILE FORMAT
+***************
+*** 406,412 ****
+  The actual permitted field names are any object identifier short or
+  long names. These are compiled into OpenSSL and include the usual
+  values such as commonName, countryName, localityName, organizationName,
+! organizationUnitName, stateOrPrivinceName. Additionally emailAddress
+  is include as well as name, surname, givenName initials and dnQualifier.
+  
+  Additional object identifiers can be defined with the B<oid_file> or
+--- 414,420 ----
+  The actual permitted field names are any object identifier short or
+  long names. These are compiled into OpenSSL and include the usual
+  values such as commonName, countryName, localityName, organizationName,
+! organizationUnitName, stateOrProvinceName. Additionally emailAddress
+  is include as well as name, surname, givenName initials and dnQualifier.
+  
+  Additional object identifiers can be defined with the B<oid_file> or
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/rsa.pod ../RELENG_4/crypto/openssl/doc/apps/rsa.pod
+*** crypto/openssl/doc/apps/rsa.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/rsa.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 24,29 ****
+--- 24,30 ----
+  [B<-check>]
+  [B<-pubin>]
+  [B<-pubout>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 116,121 ****
+--- 117,129 ----
+  by default a private key is output: with this option a public
+  key will be output instead. This option is automatically set if
+  the input is a public key.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/spkac.pod ../RELENG_4/crypto/openssl/doc/apps/spkac.pod
+*** crypto/openssl/doc/apps/spkac.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/spkac.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 17,23 ****
+  [B<-spksect section>]
+  [B<-noout>]
+  [B<-verify>]
+! 
+  
+  =head1 DESCRIPTION
+  
+--- 17,23 ----
+  [B<-spksect section>]
+  [B<-noout>]
+  [B<-verify>]
+! [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 79,84 ****
+--- 79,90 ----
+  
+  verifies the digital signature on the supplied SPKAC.
+  
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/x509.pod ../RELENG_4/crypto/openssl/doc/apps/x509.pod
+*** crypto/openssl/doc/apps/x509.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/x509.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 50,55 ****
+--- 50,56 ----
+  [B<-clrext>]
+  [B<-extfile filename>]
+  [B<-extensions section>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 98,103 ****
+--- 99,110 ----
+  specified then MD5 is used. If the key being used to sign with is a DSA key then
+  this option has no effect: SHA1 is always used with DSA keys.
+  
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+***************
+*** 637,644 ****
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust sslclient \
+! 	-alias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+--- 644,651 ----
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust clientAuth \
+! 	-setalias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_generate_prime.pod ../RELENG_4/crypto/openssl/doc/crypto/BN_generate_prime.pod
+*** crypto/openssl/doc/crypto/BN_generate_prime.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/crypto/BN_generate_prime.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 70,76 ****
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_check>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+--- 70,76 ----
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_checks>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_SealInit.pod ../RELENG_4/crypto/openssl/doc/crypto/EVP_SealInit.pod
+*** crypto/openssl/doc/crypto/EVP_SealInit.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/crypto/EVP_SealInit.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 18,38 ****
+  =head1 DESCRIPTION
+  
+  The EVP envelope routines are a high level interface to envelope
+! encryption. They generate a random key and then "envelope" it by
+! using public key encryption. Data can then be encrypted using this
+! key.
+  
+  EVP_SealInit() initializes a cipher context B<ctx> for encryption
+! with cipher B<type> using a random secret key and IV supplied in
+! the B<iv> parameter. B<type> is normally supplied by a function such
+! as EVP_des_cbc(). The secret key is encrypted using one or more public
+! keys, this allows the same encrypted data to be decrypted using any
+! of the corresponding private keys. B<ek> is an array of buffers where
+! the public key encrypted secret key will be written, each buffer must
+! contain enough room for the corresponding encrypted key: that is
+  B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+  size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
+  an array of B<npubk> public keys.
+  
+  EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
+  as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
+--- 18,44 ----
+  =head1 DESCRIPTION
+  
+  The EVP envelope routines are a high level interface to envelope
+! encryption. They generate a random key and IV (if required) then
+! "envelope" it by using public key encryption. Data can then be
+! encrypted using this key.
+  
+  EVP_SealInit() initializes a cipher context B<ctx> for encryption
+! with cipher B<type> using a random secret key and IV. B<type> is normally
+! supplied by a function such as EVP_des_cbc(). The secret key is encrypted
+! using one or more public keys, this allows the same encrypted data to be
+! decrypted using any of the corresponding private keys. B<ek> is an array of
+! buffers where the public key encrypted secret key will be written, each buffer
+! must contain enough room for the corresponding encrypted key: that is
+  B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+  size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
+  an array of B<npubk> public keys.
++ 
++ The B<iv> parameter is a buffer where the generated IV is written to. It must
++ contain enough room for the corresponding cipher's IV, as determined by (for
++ example) EVP_CIPHER_iv_length(type).
++ 
++ If the cipher does not require an IV then the B<iv> parameter is ignored
++ and can be B<NULL>.
+  
+  EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
+  as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/standards.txt ../RELENG_4/crypto/openssl/doc/standards.txt
+*** crypto/openssl/doc/standards.txt	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/standards.txt	Mon Feb 24 21:14:57 2003
+***************
+*** 45,54 ****
+  2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
+       March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
+  
+- 2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski,
+-      J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes
+-      RFC2313) (Status: INFORMATIONAL)
+- 
+  PKCS#8: Private-Key Information Syntax Standard
+  
+  PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
+--- 45,50 ----
+***************
+*** 86,91 ****
+--- 82,92 ----
+       Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
+       Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
+       RFC2459) (Status: PROPOSED STANDARD)
++ 
++ 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
++      Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
++      (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:           
++      INFORMATIONAL)                                         
+  
+  
+  Related:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/openssl.spec ../RELENG_4/crypto/openssl/openssl.spec
+*** crypto/openssl/openssl.spec	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/openssl.spec	Mon Feb 24 21:14:49 2003
+***************
+*** 1,15 ****
+  %define libmaj 0
+  %define libmin 9
+  %define librel 7
+! #%define librev a
+  Release: 1
+  
+  %define openssldir /var/ssl
+  
+  Summary: Secure Sockets Layer and cryptography libraries and tools
+  Name: openssl
+! Version: %{libmaj}.%{libmin}.%{librel}
+! #Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+  Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+  Copyright: Freely distributable
+  Group: System Environment/Libraries
+--- 1,15 ----
+  %define libmaj 0
+  %define libmin 9
+  %define librel 7
+! %define librev a
+  Release: 1
+  
+  %define openssldir /var/ssl
+  
+  Summary: Secure Sockets Layer and cryptography libraries and tools
+  Name: openssl
+! #Version: %{libmaj}.%{libmin}.%{librel}
+! Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+  Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+  Copyright: Freely distributable
+  Group: System Environment/Libraries
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/bio_ssl.c ../RELENG_4/crypto/openssl/ssl/bio_ssl.c
+*** crypto/openssl/ssl/bio_ssl.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/bio_ssl.c	Mon Feb 24 21:14:59 2003
+***************
+*** 403,408 ****
+--- 403,412 ----
+  			{
+  			BIO_free_all(ssl->wbio);
+  			}
++ 		if (b->next_bio != NULL)
++ 			{
++ 			CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
++ 			}
+  		ssl->wbio=NULL;
+  		ssl->rbio=NULL;
+  		break;
+***************
+*** 509,514 ****
+--- 513,519 ----
+  
+  BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
+  	{
++ #ifndef OPENSSL_NO_SOCK
+  	BIO *ret=NULL,*buf=NULL,*ssl=NULL;
+  
+  	if ((buf=BIO_new(BIO_f_buffer())) == NULL)
+***************
+*** 521,526 ****
+--- 526,532 ----
+  err:
+  	if (buf != NULL) BIO_free(buf);
+  	if (ssl != NULL) BIO_free(ssl);
++ #endif
+  	return(NULL);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_clnt.c ../RELENG_4/crypto/openssl/ssl/s2_clnt.c
+*** crypto/openssl/ssl/s2_clnt.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/s2_clnt.c	Mon Feb 24 21:14:59 2003
+***************
+*** 1021,1027 ****
+  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+  			{
+  			if ((s->session->session_id_length > sizeof s->session->session_id)
+! 			    || (0 != memcmp(buf, s->session->session_id,
+  			                    (unsigned int)s->session->session_id_length)))
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+--- 1021,1027 ----
+  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+  			{
+  			if ((s->session->session_id_length > sizeof s->session->session_id)
+! 			    || (0 != memcmp(buf + 1, s->session->session_id,
+  			                    (unsigned int)s->session->session_id_length)))
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_both.c ../RELENG_4/crypto/openssl/ssl/s3_both.c
+*** crypto/openssl/ssl/s3_both.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/s3_both.c	Mon Feb 24 21:14:59 2003
+***************
+*** 268,273 ****
+--- 268,280 ----
+  	X509_STORE_CTX xs_ctx;
+  	X509_OBJECT obj;
+  
++ 	int no_chain;
++ 
++ 	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
++ 		no_chain = 1;
++ 	else
++ 		no_chain = 0;
++ 
+  	/* TLSv1 sends a chain with nothing in it, instead of an alert */
+  	buf=s->init_buf;
+  	if (!BUF_MEM_grow_clean(buf,10))
+***************
+*** 277,283 ****
+  		}
+  	if (x != NULL)
+  		{
+! 		if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+  			{
+  			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+  			return(0);
+--- 284,290 ----
+  		}
+  	if (x != NULL)
+  		{
+! 		if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+  			{
+  			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+  			return(0);
+***************
+*** 295,300 ****
+--- 302,311 ----
+  			l2n3(n,p);
+  			i2d_X509(x,&p);
+  			l+=n+3;
++ 
++ 			if (no_chain)
++ 				break;
++ 
+  			if (X509_NAME_cmp(X509_get_subject_name(x),
+  				X509_get_issuer_name(x)) == 0) break;
+  
+***************
+*** 306,313 ****
+  			 * ref count */
+  			X509_free(x);
+  			}
+! 
+! 		X509_STORE_CTX_cleanup(&xs_ctx);
+  		}
+  
+  	/* Thawte special :-) */
+--- 317,324 ----
+  			 * ref count */
+  			X509_free(x);
+  			}
+! 		if (!no_chain)
+! 			X509_STORE_CTX_cleanup(&xs_ctx);
+  		}
+  
+  	/* Thawte special :-) */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_enc.c ../RELENG_4/crypto/openssl/ssl/s3_enc.c
+*** crypto/openssl/ssl/s3_enc.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/s3_enc.c	Mon Feb 24 21:14:59 2003
+***************
+*** 474,479 ****
+--- 474,480 ----
+  				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+  				return 0;
+  				}
++ 			/* otherwise, rec->length >= bs */
+  			}
+  		
+  		EVP_Cipher(ds,rec->data,rec->input,l);
+***************
+*** 482,488 ****
+  			{
+  			i=rec->data[l-1]+1;
+  			/* SSL 3.0 bounds the number of padding bytes by the block size;
+! 			 * padding bytes (except that last) are arbitrary */
+  			if (i > bs)
+  				{
+  				/* Incorrect padding. SSLerr() and ssl3_alert are done
+--- 483,489 ----
+  			{
+  			i=rec->data[l-1]+1;
+  			/* SSL 3.0 bounds the number of padding bytes by the block size;
+! 			 * padding bytes (except the last one) are arbitrary */
+  			if (i > bs)
+  				{
+  				/* Incorrect padding. SSLerr() and ssl3_alert are done
+***************
+*** 491,496 ****
+--- 492,498 ----
+  				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+  				return -1;
+  				}
++ 			/* now i <= bs <= rec->length */
+  			rec->length-=i;
+  			}
+  		}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_pkt.c ../RELENG_4/crypto/openssl/ssl/s3_pkt.c
+*** crypto/openssl/ssl/s3_pkt.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/s3_pkt.c	Mon Feb 24 21:14:59 2003
+***************
+*** 238,243 ****
+--- 238,245 ----
+  	unsigned int mac_size;
+  	int clear=0;
+  	size_t extra;
++ 	int decryption_failed_or_bad_record_mac = 0;
++ 	unsigned char *mac = NULL;
+  
+  	rr= &(s->s3->rrec);
+  	sess=s->session;
+***************
+*** 353,360 ****
+  			/* SSLerr() and ssl3_send_alert() have been called */
+  			goto err;
+  
+! 		/* otherwise enc_err == -1 */
+! 		goto decryption_failed_or_bad_record_mac;
+  		}
+  
+  #ifdef TLS_DEBUG
+--- 355,365 ----
+  			/* SSLerr() and ssl3_send_alert() have been called */
+  			goto err;
+  
+! 		/* Otherwise enc_err == -1, which indicates bad padding
+! 		 * (rec->length has not been changed in this case).
+! 		 * To minimize information leaked via timing, we will perform
+! 		 * the MAC computation anyway. */
+! 		decryption_failed_or_bad_record_mac = 1;
+  		}
+  
+  #ifdef TLS_DEBUG
+***************
+*** 380,407 ****
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  #else
+! 			goto decryption_failed_or_bad_record_mac;
+  #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length < mac_size)
+  			{
+  #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  #else
+! 			goto decryption_failed_or_bad_record_mac;
+  #endif
+  			}
+- 		rr->length-=mac_size;
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+  			{
+! 			goto decryption_failed_or_bad_record_mac;
+  			}
+  		}
+  
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+--- 385,430 ----
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  #else
+! 			decryption_failed_or_bad_record_mac = 1;
+  #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length >= mac_size)
+  			{
++ 			rr->length -= mac_size;
++ 			mac = &rr->data[rr->length];
++ 			}
++ 		else
++ 			{
++ 			/* record (minus padding) is too short to contain a MAC */
+  #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  #else
+! 			decryption_failed_or_bad_record_mac = 1;
+! 			rr->length = 0;
+  #endif
+  			}
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+  			{
+! 			decryption_failed_or_bad_record_mac = 1;
+  			}
+  		}
+  
++ 	if (decryption_failed_or_bad_record_mac)
++ 		{
++ 		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
++ 		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
++ 		 * failure is directly visible from the ciphertext anyway,
++ 		 * we should not reveal which kind of error occured -- this
++ 		 * might become visible to an attacker (e.g. via a logfile) */
++ 		al=SSL_AD_BAD_RECORD_MAC;
++ 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
++ 		goto f_err;
++ 		}
++ 
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+***************
+*** 443,456 ****
+  
+  	return(1);
+  
+- decryption_failed_or_bad_record_mac:
+- 	/* Separate 'decryption_failed' alert was introduced with TLS 1.0,
+- 	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+- 	 * failure is directly visible from the ciphertext anyway,
+- 	 * we should not reveal which kind of error occured -- this
+- 	 * might become visible to an attacker (e.g. via logfile) */
+- 	al=SSL_AD_BAD_RECORD_MAC;
+- 	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+  f_err:
+  	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+  err:
+--- 466,471 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl.h ../RELENG_4/crypto/openssl/ssl/ssl.h
+*** crypto/openssl/ssl/ssl.h	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/ssl.h	Mon Feb 24 21:14:59 2003
+***************
+*** 521,526 ****
+--- 521,528 ----
+  /* Never bother the application with retries if the transport
+   * is blocking: */
+  #define SSL_MODE_AUTO_RETRY 0x00000004L
++ /* Don't attempt to automatically build certificate chain */
++ #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
+  
+  
+  /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+***************
+*** 1227,1238 ****
+  STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+  int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+  					    const char *file);
+- #ifndef OPENSSL_SYS_WIN32
+  #ifndef OPENSSL_SYS_VMS
+  #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
+  int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+  					   const char *dir);
+- #endif
+  #endif
+  #endif
+  
+--- 1229,1238 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_cert.c ../RELENG_4/crypto/openssl/ssl/ssl_cert.c
+*** crypto/openssl/ssl/ssl_cert.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/ssl_cert.c	Mon Feb 24 21:14:59 2003
+***************
+*** 781,787 ****
+  #endif
+  #endif
+  
+! #else
+  
+  int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+  				       const char *dir)
+--- 781,787 ----
+  #endif
+  #endif
+  
+! #else /* OPENSSL_SYS_WIN32 */
+  
+  int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+  				       const char *dir)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_lib.c ../RELENG_4/crypto/openssl/ssl/ssl_lib.c
+*** crypto/openssl/ssl/ssl_lib.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/ssl_lib.c	Mon Feb 24 21:14:59 2003
+***************
+*** 1069,1082 ****
+   * preference */
+  STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
+  	{
+! 	if ((s != NULL) && (s->cipher_list != NULL))
+  		{
+! 		return(s->cipher_list);
+! 		}
+! 	else if ((s->ctx != NULL) &&
+! 		(s->ctx->cipher_list != NULL))
+! 		{
+! 		return(s->ctx->cipher_list);
+  		}
+  	return(NULL);
+  	}
+--- 1069,1085 ----
+   * preference */
+  STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
+  	{
+! 	if (s != NULL)
+  		{
+! 		if (s->cipher_list != NULL)
+! 			{
+! 			return(s->cipher_list);
+! 			}
+! 		else if ((s->ctx != NULL) &&
+! 			(s->ctx->cipher_list != NULL))
+! 			{
+! 			return(s->ctx->cipher_list);
+! 			}
+  		}
+  	return(NULL);
+  	}
+***************
+*** 1085,1098 ****
+   * algorithm id */
+  STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+  	{
+! 	if ((s != NULL) && (s->cipher_list_by_id != NULL))
+  		{
+! 		return(s->cipher_list_by_id);
+! 		}
+! 	else if ((s != NULL) && (s->ctx != NULL) &&
+! 		(s->ctx->cipher_list_by_id != NULL))
+! 		{
+! 		return(s->ctx->cipher_list_by_id);
+  		}
+  	return(NULL);
+  	}
+--- 1088,1104 ----
+   * algorithm id */
+  STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+  	{
+! 	if (s != NULL)
+  		{
+! 		if (s->cipher_list_by_id != NULL)
+! 			{
+! 			return(s->cipher_list_by_id);
+! 			}
+! 		else if ((s->ctx != NULL) &&
+! 			(s->ctx->cipher_list_by_id != NULL))
+! 			{
+! 			return(s->ctx->cipher_list_by_id);
+! 			}
+  		}
+  	return(NULL);
+  	}
+***************
+*** 1890,1895 ****
+--- 1896,1902 ----
+  		 * they should not both point to the same object,
+  		 * and thus we can't use SSL_copy_session_id. */
+  
++ 		ret->method->ssl_free(ret);
+  		ret->method = s->method;
+  		ret->method->ssl_new(ret);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssltest.c ../RELENG_4/crypto/openssl/ssl/ssltest.c
+*** crypto/openssl/ssl/ssltest.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/ssltest.c	Mon Feb 24 21:14:59 2003
+***************
+*** 128,134 ****
+--- 128,136 ----
+  #include <openssl/evp.h>
+  #include <openssl/x509.h>
+  #include <openssl/ssl.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #include <openssl/err.h>
+  #include <openssl/rand.h>
+  
+***************
+*** 760,766 ****
+--- 762,770 ----
+  #ifndef OPENSSL_NO_RSA
+  	free_tmp_rsa();
+  #endif
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE_cleanup();
++ #endif
+  	CRYPTO_cleanup_all_ex_data();
+  	ERR_free_strings();
+  	ERR_remove_state(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/Makefile.ssl ../RELENG_4/crypto/openssl/test/Makefile.ssl
+*** crypto/openssl/test/Makefile.ssl	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/test/Makefile.ssl	Mon Feb 24 21:14:59 2003
+***************
+*** 15,20 ****
+--- 15,23 ----
+  MAKEDEPPROG=	makedepend
+  MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+  PERL=		perl
++ # KRB5 stuff
++ KRB5_INCLUDES=
++ LIBKRB5=
+  
+  PEX_LIBS=
+  EX_LIBS= #-lnsl -lsocket
+***************
+*** 119,132 ****
+  	@(cd ..; $(MAKE) DIRS=apps all)
+  
+  SET_SO_PATHS=LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$$LIBPATH"; DYLD_LIBRARY_PATH="$$LIBPATH"; SHLIB_PATH="$$LIBPATH"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="$$LIBPATH\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH
+  
+  alltests: \
+  	test_des test_idea test_sha test_md4 test_md5 test_hmac \
+  	test_md2 test_mdc2 \
+! 	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_rd \
+  	test_rand test_bn test_ec test_enc test_x509 test_rsa test_crl test_sid \
+  	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
+  	test_ss test_ca test_engine test_evp test_ssl
+--- 122,134 ----
+  	@(cd ..; $(MAKE) DIRS=apps all)
+  
+  SET_SO_PATHS=LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$$LIBPATH"; DYLD_LIBRARY_PATH="$$LIBPATH"; SHLIB_PATH="$$LIBPATH"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH
+  
+  alltests: \
+  	test_des test_idea test_sha test_md4 test_md5 test_hmac \
+  	test_md2 test_mdc2 \
+! 	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+  	test_rand test_bn test_ec test_enc test_x509 test_rsa test_crl test_sid \
+  	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
+  	test_ss test_ca test_engine test_evp test_ssl
+***************
+*** 260,268 ****
+  	  sh ./testca; \
+   	fi
+  
+! test_rd: #$(RDTEST)
+  #	@echo "test Rijndael"
+! #	$(SET_SO_PATHS); ./$(RDTEST)
+  
+  lint:
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+--- 262,270 ----
+  	  sh ./testca; \
+   	fi
+  
+! test_aes: #$(AESTEST)
+  #	@echo "test Rijndael"
+! #	$(SET_SO_PATHS); ./$(AESTEST)
+  
+  lint:
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+***************
+*** 465,478 ****
+  	  $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+  	fi
+  	
+! #$(RDTEST).o: $(RDTEST).c
+! #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(RDTEST).c
+  
+! #$(RDTEST): $(RDTEST).o $(DLIBCRYPTO)
+  #	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+! #	  $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+  #	else \
+! #	  $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+  #	fi
+  
+  dummytest: dummytest.o $(DLIBCRYPTO)
+--- 467,480 ----
+  	  $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+  	fi
+  	
+! #$(AESTEST).o: $(AESTEST).c
+! #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+  
+! #$(AESTEST): $(AESTEST).o $(DLIBCRYPTO)
+  #	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+! #	  $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+  #	else \
+! #	  $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+  #	fi
+  
+  dummytest: dummytest.o $(DLIBCRYPTO)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/testgen ../RELENG_4/crypto/openssl/test/testgen
+*** crypto/openssl/test/testgen	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/test/testgen	Mon Feb 24 21:14:59 2003
+***************
+*** 27,32 ****
+--- 27,34 ----
+  
+  echo "This could take some time."
+  
++ rm -f testkey.pem testreq.pem
++ 
+  ../apps/openssl req -config test.cnf $req_new -out testreq.pem
+  if [ $? != 0 ]; then
+  echo problems creating request
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/bat.sh ../RELENG_4/crypto/openssl/util/bat.sh
+*** crypto/openssl/util/bat.sh	Mon Feb 24 20:42:51 2003
+--- ../RELENG_4/crypto/openssl/util/bat.sh	Mon Feb 24 21:15:00 2003
+***************
+*** 62,67 ****
+--- 62,68 ----
+  	local($dir,$val)=@_;
+  	local(@a,$_,$ret);
+  
++ 	return("") if $no_engine && $dir =~ /\/engine/;
+  	return("") if $no_idea && $dir =~ /\/idea/;
+  	return("") if $no_rc2  && $dir =~ /\/rc2/;
+  	return("") if $no_rc4  && $dir =~ /\/rc4/;
+***************
+*** 116,121 ****
+--- 117,123 ----
+  	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+  	@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+  
++ 	@a=grep(!/^engine$/,@a) if $no_engine;
+  	@a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+  	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+  	@a=grep(!/^gendsa$/,@a) if $no_sha1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/libeay.num ../RELENG_4/crypto/openssl/util/libeay.num
+*** crypto/openssl/util/libeay.num	Mon Feb 24 20:42:51 2003
+--- ../RELENG_4/crypto/openssl/util/libeay.num	Mon Feb 24 21:15:00 2003
+***************
+*** 1881,1952 ****
+  BN_bntest_rand                          2464	EXIST::FUNCTION:
+  OPENSSL_issetugid                       2465	EXIST::FUNCTION:
+  BN_rand_range                           2466	EXIST::FUNCTION:
+! ERR_load_ENGINE_strings                 2467	EXIST::FUNCTION:
+! ENGINE_set_DSA                          2468	EXIST::FUNCTION:
+! ENGINE_get_finish_function              2469	EXIST::FUNCTION:
+! ENGINE_get_default_RSA                  2470	EXIST::FUNCTION:
+  ENGINE_get_BN_mod_exp                   2471	NOEXIST::FUNCTION:
+  DSA_get_default_openssl_method          2472	NOEXIST::FUNCTION:
+! ENGINE_set_DH                           2473	EXIST::FUNCTION:
+  ENGINE_set_def_BN_mod_exp_crt           2474	NOEXIST::FUNCTION:
+  ENGINE_set_default_BN_mod_exp_crt       2474	NOEXIST::FUNCTION:
+! ENGINE_init                             2475	EXIST::FUNCTION:
+  DH_get_default_openssl_method           2476	NOEXIST::FUNCTION:
+  RSA_set_default_openssl_method          2477	NOEXIST::FUNCTION:
+! ENGINE_finish                           2478	EXIST::FUNCTION:
+! ENGINE_load_public_key                  2479	EXIST::FUNCTION:
+! ENGINE_get_DH                           2480	EXIST::FUNCTION:
+! ENGINE_ctrl                             2481	EXIST::FUNCTION:
+! ENGINE_get_init_function                2482	EXIST::FUNCTION:
+! ENGINE_set_init_function                2483	EXIST::FUNCTION:
+! ENGINE_set_default_DSA                  2484	EXIST::FUNCTION:
+! ENGINE_get_name                         2485	EXIST::FUNCTION:
+! ENGINE_get_last                         2486	EXIST::FUNCTION:
+! ENGINE_get_prev                         2487	EXIST::FUNCTION:
+! ENGINE_get_default_DH                   2488	EXIST::FUNCTION:
+! ENGINE_get_RSA                          2489	EXIST::FUNCTION:
+! ENGINE_set_default                      2490	EXIST::FUNCTION:
+! ENGINE_get_RAND                         2491	EXIST::FUNCTION:
+! ENGINE_get_first                        2492	EXIST::FUNCTION:
+! ENGINE_by_id                            2493	EXIST::FUNCTION:
+! ENGINE_set_finish_function              2494	EXIST::FUNCTION:
+  ENGINE_get_def_BN_mod_exp_crt           2495	NOEXIST::FUNCTION:
+  ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
+  RSA_get_default_openssl_method          2496	NOEXIST::FUNCTION:
+! ENGINE_set_RSA                          2497	EXIST::FUNCTION:
+! ENGINE_load_private_key                 2498	EXIST::FUNCTION:
+! ENGINE_set_default_RAND                 2499	EXIST::FUNCTION:
+  ENGINE_set_BN_mod_exp                   2500	NOEXIST::FUNCTION:
+! ENGINE_remove                           2501	EXIST::FUNCTION:
+! ENGINE_free                             2502	EXIST::FUNCTION:
+  ENGINE_get_BN_mod_exp_crt               2503	NOEXIST::FUNCTION:
+! ENGINE_get_next                         2504	EXIST::FUNCTION:
+! ENGINE_set_name                         2505	EXIST::FUNCTION:
+! ENGINE_get_default_DSA                  2506	EXIST::FUNCTION:
+  ENGINE_set_default_BN_mod_exp           2507	NOEXIST::FUNCTION:
+! ENGINE_set_default_RSA                  2508	EXIST::FUNCTION:
+! ENGINE_get_default_RAND                 2509	EXIST::FUNCTION:
+  ENGINE_get_default_BN_mod_exp           2510	NOEXIST::FUNCTION:
+! ENGINE_set_RAND                         2511	EXIST::FUNCTION:
+! ENGINE_set_id                           2512	EXIST::FUNCTION:
+  ENGINE_set_BN_mod_exp_crt               2513	NOEXIST::FUNCTION:
+! ENGINE_set_default_DH                   2514	EXIST::FUNCTION:
+! ENGINE_new                              2515	EXIST::FUNCTION:
+! ENGINE_get_id                           2516	EXIST::FUNCTION:
+  DSA_set_default_openssl_method          2517	NOEXIST::FUNCTION:
+! ENGINE_add                              2518	EXIST::FUNCTION:
+  DH_set_default_openssl_method           2519	NOEXIST::FUNCTION:
+! ENGINE_get_DSA                          2520	EXIST::FUNCTION:
+! ENGINE_get_ctrl_function                2521	EXIST::FUNCTION:
+! ENGINE_set_ctrl_function                2522	EXIST::FUNCTION:
+  BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
+  X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
+  ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
+  PKCS12_item_decrypt_d2i                 2526	EXIST::FUNCTION:
+  ASN1_UTF8STRING_it                      2527	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_UTF8STRING_it                      2527	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_unregister_ciphers               2528	EXIST::FUNCTION:
+! ENGINE_get_ciphers                      2529	EXIST::FUNCTION:
+  d2i_OCSP_BASICRESP                      2530	EXIST::FUNCTION:
+  KRB5_CHECKSUM_it                        2531	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_CHECKSUM_it                        2531	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 1881,1952 ----
+  BN_bntest_rand                          2464	EXIST::FUNCTION:
+  OPENSSL_issetugid                       2465	EXIST::FUNCTION:
+  BN_rand_range                           2466	EXIST::FUNCTION:
+! ERR_load_ENGINE_strings                 2467	EXIST::FUNCTION:ENGINE
+! ENGINE_set_DSA                          2468	EXIST::FUNCTION:ENGINE
+! ENGINE_get_finish_function              2469	EXIST::FUNCTION:ENGINE
+! ENGINE_get_default_RSA                  2470	EXIST::FUNCTION:ENGINE
+  ENGINE_get_BN_mod_exp                   2471	NOEXIST::FUNCTION:
+  DSA_get_default_openssl_method          2472	NOEXIST::FUNCTION:
+! ENGINE_set_DH                           2473	EXIST::FUNCTION:ENGINE
+  ENGINE_set_def_BN_mod_exp_crt           2474	NOEXIST::FUNCTION:
+  ENGINE_set_default_BN_mod_exp_crt       2474	NOEXIST::FUNCTION:
+! ENGINE_init                             2475	EXIST::FUNCTION:ENGINE
+  DH_get_default_openssl_method           2476	NOEXIST::FUNCTION:
+  RSA_set_default_openssl_method          2477	NOEXIST::FUNCTION:
+! ENGINE_finish                           2478	EXIST::FUNCTION:ENGINE
+! ENGINE_load_public_key                  2479	EXIST::FUNCTION:ENGINE
+! ENGINE_get_DH                           2480	EXIST::FUNCTION:ENGINE
+! ENGINE_ctrl                             2481	EXIST::FUNCTION:ENGINE
+! ENGINE_get_init_function                2482	EXIST::FUNCTION:ENGINE
+! ENGINE_set_init_function                2483	EXIST::FUNCTION:ENGINE
+! ENGINE_set_default_DSA                  2484	EXIST::FUNCTION:ENGINE
+! ENGINE_get_name                         2485	EXIST::FUNCTION:ENGINE
+! ENGINE_get_last                         2486	EXIST::FUNCTION:ENGINE
+! ENGINE_get_prev                         2487	EXIST::FUNCTION:ENGINE
+! ENGINE_get_default_DH                   2488	EXIST::FUNCTION:ENGINE
+! ENGINE_get_RSA                          2489	EXIST::FUNCTION:ENGINE
+! ENGINE_set_default                      2490	EXIST::FUNCTION:ENGINE
+! ENGINE_get_RAND                         2491	EXIST::FUNCTION:ENGINE
+! ENGINE_get_first                        2492	EXIST::FUNCTION:ENGINE
+! ENGINE_by_id                            2493	EXIST::FUNCTION:ENGINE
+! ENGINE_set_finish_function              2494	EXIST::FUNCTION:ENGINE
+  ENGINE_get_def_BN_mod_exp_crt           2495	NOEXIST::FUNCTION:
+  ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
+  RSA_get_default_openssl_method          2496	NOEXIST::FUNCTION:
+! ENGINE_set_RSA                          2497	EXIST::FUNCTION:ENGINE
+! ENGINE_load_private_key                 2498	EXIST::FUNCTION:ENGINE
+! ENGINE_set_default_RAND                 2499	EXIST::FUNCTION:ENGINE
+  ENGINE_set_BN_mod_exp                   2500	NOEXIST::FUNCTION:
+! ENGINE_remove                           2501	EXIST::FUNCTION:ENGINE
+! ENGINE_free                             2502	EXIST::FUNCTION:ENGINE
+  ENGINE_get_BN_mod_exp_crt               2503	NOEXIST::FUNCTION:
+! ENGINE_get_next                         2504	EXIST::FUNCTION:ENGINE
+! ENGINE_set_name                         2505	EXIST::FUNCTION:ENGINE
+! ENGINE_get_default_DSA                  2506	EXIST::FUNCTION:ENGINE
+  ENGINE_set_default_BN_mod_exp           2507	NOEXIST::FUNCTION:
+! ENGINE_set_default_RSA                  2508	EXIST::FUNCTION:ENGINE
+! ENGINE_get_default_RAND                 2509	EXIST::FUNCTION:ENGINE
+  ENGINE_get_default_BN_mod_exp           2510	NOEXIST::FUNCTION:
+! ENGINE_set_RAND                         2511	EXIST::FUNCTION:ENGINE
+! ENGINE_set_id                           2512	EXIST::FUNCTION:ENGINE
+  ENGINE_set_BN_mod_exp_crt               2513	NOEXIST::FUNCTION:
+! ENGINE_set_default_DH                   2514	EXIST::FUNCTION:ENGINE
+! ENGINE_new                              2515	EXIST::FUNCTION:ENGINE
+! ENGINE_get_id                           2516	EXIST::FUNCTION:ENGINE
+  DSA_set_default_openssl_method          2517	NOEXIST::FUNCTION:
+! ENGINE_add                              2518	EXIST::FUNCTION:ENGINE
+  DH_set_default_openssl_method           2519	NOEXIST::FUNCTION:
+! ENGINE_get_DSA                          2520	EXIST::FUNCTION:ENGINE
+! ENGINE_get_ctrl_function                2521	EXIST::FUNCTION:ENGINE
+! ENGINE_set_ctrl_function                2522	EXIST::FUNCTION:ENGINE
+  BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
+  X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
+  ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
+  PKCS12_item_decrypt_d2i                 2526	EXIST::FUNCTION:
+  ASN1_UTF8STRING_it                      2527	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_UTF8STRING_it                      2527	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_unregister_ciphers               2528	EXIST::FUNCTION:ENGINE
+! ENGINE_get_ciphers                      2529	EXIST::FUNCTION:ENGINE
+  d2i_OCSP_BASICRESP                      2530	EXIST::FUNCTION:
+  KRB5_CHECKSUM_it                        2531	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_CHECKSUM_it                        2531	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 1959,1973 ****
+  PKCS7_ENVELOPE_it                       2537	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS7_ENVELOPE_it                       2537	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_add_input_boolean                    2538	EXIST::FUNCTION:
+! ENGINE_unregister_RSA                   2539	EXIST::FUNCTION:
+  X509V3_EXT_nconf                        2540	EXIST::FUNCTION:
+  ASN1_GENERALSTRING_free                 2541	EXIST::FUNCTION:
+  d2i_OCSP_CERTSTATUS                     2542	EXIST::FUNCTION:
+  X509_REVOKED_set_serialNumber           2543	EXIST::FUNCTION:
+  X509_print_ex                           2544	EXIST::FUNCTION:BIO
+  OCSP_ONEREQ_get1_ext_d2i                2545	EXIST::FUNCTION:
+! ENGINE_register_all_RAND                2546	EXIST::FUNCTION:
+! ENGINE_load_dynamic                     2547	EXIST::FUNCTION:
+  PBKDF2PARAM_it                          2548	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PBKDF2PARAM_it                          2548	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  EXTENDED_KEY_USAGE_new                  2549	EXIST::FUNCTION:
+--- 1959,1973 ----
+  PKCS7_ENVELOPE_it                       2537	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS7_ENVELOPE_it                       2537	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_add_input_boolean                    2538	EXIST::FUNCTION:
+! ENGINE_unregister_RSA                   2539	EXIST::FUNCTION:ENGINE
+  X509V3_EXT_nconf                        2540	EXIST::FUNCTION:
+  ASN1_GENERALSTRING_free                 2541	EXIST::FUNCTION:
+  d2i_OCSP_CERTSTATUS                     2542	EXIST::FUNCTION:
+  X509_REVOKED_set_serialNumber           2543	EXIST::FUNCTION:
+  X509_print_ex                           2544	EXIST::FUNCTION:BIO
+  OCSP_ONEREQ_get1_ext_d2i                2545	EXIST::FUNCTION:
+! ENGINE_register_all_RAND                2546	EXIST::FUNCTION:ENGINE
+! ENGINE_load_dynamic                     2547	EXIST::FUNCTION:ENGINE
+  PBKDF2PARAM_it                          2548	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PBKDF2PARAM_it                          2548	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  EXTENDED_KEY_USAGE_new                  2549	EXIST::FUNCTION:
+***************
+*** 1987,1993 ****
+  i2d_ASN1_GENERALSTRING                  2560	EXIST::FUNCTION:
+  OCSP_response_status                    2561	EXIST::FUNCTION:
+  i2d_OCSP_SERVICELOC                     2562	EXIST::FUNCTION:
+! ENGINE_get_digest_engine                2563	EXIST::FUNCTION:
+  EC_GROUP_set_curve_GFp                  2564	EXIST::FUNCTION:EC
+  OCSP_REQUEST_get_ext_by_OBJ             2565	EXIST::FUNCTION:
+  _ossl_old_des_random_key                2566	EXIST::FUNCTION:DES
+--- 1987,1993 ----
+  i2d_ASN1_GENERALSTRING                  2560	EXIST::FUNCTION:
+  OCSP_response_status                    2561	EXIST::FUNCTION:
+  i2d_OCSP_SERVICELOC                     2562	EXIST::FUNCTION:
+! ENGINE_get_digest_engine                2563	EXIST::FUNCTION:ENGINE
+  EC_GROUP_set_curve_GFp                  2564	EXIST::FUNCTION:EC
+  OCSP_REQUEST_get_ext_by_OBJ             2565	EXIST::FUNCTION:
+  _ossl_old_des_random_key                2566	EXIST::FUNCTION:DES
+***************
+*** 2011,2017 ****
+  _shadow_DES_rw_mode                     2581	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+  asn1_do_adb                             2582	EXIST::FUNCTION:
+  ASN1_template_i2d                       2583	EXIST::FUNCTION:
+! ENGINE_register_DH                      2584	EXIST::FUNCTION:
+  UI_construct_prompt                     2585	EXIST::FUNCTION:
+  X509_STORE_set_trust                    2586	EXIST::FUNCTION:
+  UI_dup_input_string                     2587	EXIST::FUNCTION:
+--- 2011,2017 ----
+  _shadow_DES_rw_mode                     2581	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+  asn1_do_adb                             2582	EXIST::FUNCTION:
+  ASN1_template_i2d                       2583	EXIST::FUNCTION:
+! ENGINE_register_DH                      2584	EXIST::FUNCTION:ENGINE
+  UI_construct_prompt                     2585	EXIST::FUNCTION:
+  X509_STORE_set_trust                    2586	EXIST::FUNCTION:
+  UI_dup_input_string                     2587	EXIST::FUNCTION:
+***************
+*** 2039,2045 ****
+  BN_nnmod                                2606	EXIST::FUNCTION:
+  X509_CRL_sort                           2607	EXIST::FUNCTION:
+  X509_REVOKED_set_revocationDate         2608	EXIST::FUNCTION:
+! ENGINE_register_RAND                    2609	EXIST::FUNCTION:
+  OCSP_SERVICELOC_new                     2610	EXIST::FUNCTION:
+  EC_POINT_set_affine_coordinates_GFp     2611	EXIST:!VMS:FUNCTION:EC
+  EC_POINT_set_affine_coords_GFp          2611	EXIST:VMS:FUNCTION:EC
+--- 2039,2045 ----
+  BN_nnmod                                2606	EXIST::FUNCTION:
+  X509_CRL_sort                           2607	EXIST::FUNCTION:
+  X509_REVOKED_set_revocationDate         2608	EXIST::FUNCTION:
+! ENGINE_register_RAND                    2609	EXIST::FUNCTION:ENGINE
+  OCSP_SERVICELOC_new                     2610	EXIST::FUNCTION:
+  EC_POINT_set_affine_coordinates_GFp     2611	EXIST:!VMS:FUNCTION:EC
+  EC_POINT_set_affine_coords_GFp          2611	EXIST:VMS:FUNCTION:EC
+***************
+*** 2049,2059 ****
+  UI_dup_input_boolean                    2614	EXIST::FUNCTION:
+  PKCS12_add_CSPName_asc                  2615	EXIST::FUNCTION:
+  EC_POINT_is_at_infinity                 2616	EXIST::FUNCTION:EC
+! ENGINE_load_cryptodev                   2617	EXIST::FUNCTION:
+  DSO_convert_filename                    2618	EXIST::FUNCTION:
+  POLICYQUALINFO_it                       2619	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  POLICYQUALINFO_it                       2619	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_register_ciphers                 2620	EXIST::FUNCTION:
+  BN_mod_lshift_quick                     2621	EXIST::FUNCTION:
+  DSO_set_filename                        2622	EXIST::FUNCTION:
+  ASN1_item_free                          2623	EXIST::FUNCTION:
+--- 2049,2059 ----
+  UI_dup_input_boolean                    2614	EXIST::FUNCTION:
+  PKCS12_add_CSPName_asc                  2615	EXIST::FUNCTION:
+  EC_POINT_is_at_infinity                 2616	EXIST::FUNCTION:EC
+! ENGINE_load_cryptodev                   2617	EXIST::FUNCTION:ENGINE
+  DSO_convert_filename                    2618	EXIST::FUNCTION:
+  POLICYQUALINFO_it                       2619	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  POLICYQUALINFO_it                       2619	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_register_ciphers                 2620	EXIST::FUNCTION:ENGINE
+  BN_mod_lshift_quick                     2621	EXIST::FUNCTION:
+  DSO_set_filename                        2622	EXIST::FUNCTION:
+  ASN1_item_free                          2623	EXIST::FUNCTION:
+***************
+*** 2062,2068 ****
+  AUTHORITY_KEYID_it                      2625	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  KRB5_APREQBODY_new                      2626	EXIST::FUNCTION:
+  X509V3_EXT_REQ_add_nconf                2627	EXIST::FUNCTION:
+! ENGINE_ctrl_cmd_string                  2628	EXIST::FUNCTION:
+  i2d_OCSP_RESPDATA                       2629	EXIST::FUNCTION:
+  EVP_MD_CTX_init                         2630	EXIST::FUNCTION:
+  EXTENDED_KEY_USAGE_free                 2631	EXIST::FUNCTION:
+--- 2062,2068 ----
+  AUTHORITY_KEYID_it                      2625	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  KRB5_APREQBODY_new                      2626	EXIST::FUNCTION:
+  X509V3_EXT_REQ_add_nconf                2627	EXIST::FUNCTION:
+! ENGINE_ctrl_cmd_string                  2628	EXIST::FUNCTION:ENGINE
+  i2d_OCSP_RESPDATA                       2629	EXIST::FUNCTION:
+  EVP_MD_CTX_init                         2630	EXIST::FUNCTION:
+  EXTENDED_KEY_USAGE_free                 2631	EXIST::FUNCTION:
+***************
+*** 2071,2078 ****
+  UI_add_error_string                     2633	EXIST::FUNCTION:
+  KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
+! ENGINE_load_ubsec                       2636	EXIST::FUNCTION:
+! ENGINE_register_all_digests             2637	EXIST::FUNCTION:
+  PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  PKCS12_unpack_authsafes                 2639	EXIST::FUNCTION:
+--- 2071,2078 ----
+  UI_add_error_string                     2633	EXIST::FUNCTION:
+  KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
+! ENGINE_load_ubsec                       2636	EXIST::FUNCTION:ENGINE
+! ENGINE_register_all_digests             2637	EXIST::FUNCTION:ENGINE
+  PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  PKCS12_unpack_authsafes                 2639	EXIST::FUNCTION:
+***************
+*** 2098,2113 ****
+  _ossl_old_des_crypt                     2654	EXIST::FUNCTION:DES
+  ASN1_item_i2d                           2655	EXIST::FUNCTION:
+  EVP_DecryptFinal_ex                     2656	EXIST::FUNCTION:
+! ENGINE_load_openssl                     2657	EXIST::FUNCTION:
+! ENGINE_get_cmd_defns                    2658	EXIST::FUNCTION:
+! ENGINE_set_load_privkey_function        2659	EXIST:!VMS:FUNCTION:
+! ENGINE_set_load_privkey_fn              2659	EXIST:VMS:FUNCTION:
+  EVP_EncryptFinal_ex                     2660	EXIST::FUNCTION:
+! ENGINE_set_default_digests              2661	EXIST::FUNCTION:
+  X509_get0_pubkey_bitstr                 2662	EXIST::FUNCTION:
+  asn1_ex_i2c                             2663	EXIST::FUNCTION:
+! ENGINE_register_RSA                     2664	EXIST::FUNCTION:
+! ENGINE_unregister_DSA                   2665	EXIST::FUNCTION:
+  _ossl_old_des_key_sched                 2666	EXIST::FUNCTION:DES
+  X509_EXTENSION_it                       2667	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_EXTENSION_it                       2667	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2098,2113 ----
+  _ossl_old_des_crypt                     2654	EXIST::FUNCTION:DES
+  ASN1_item_i2d                           2655	EXIST::FUNCTION:
+  EVP_DecryptFinal_ex                     2656	EXIST::FUNCTION:
+! ENGINE_load_openssl                     2657	EXIST::FUNCTION:ENGINE
+! ENGINE_get_cmd_defns                    2658	EXIST::FUNCTION:ENGINE
+! ENGINE_set_load_privkey_function        2659	EXIST:!VMS:FUNCTION:ENGINE
+! ENGINE_set_load_privkey_fn              2659	EXIST:VMS:FUNCTION:ENGINE
+  EVP_EncryptFinal_ex                     2660	EXIST::FUNCTION:
+! ENGINE_set_default_digests              2661	EXIST::FUNCTION:ENGINE
+  X509_get0_pubkey_bitstr                 2662	EXIST::FUNCTION:
+  asn1_ex_i2c                             2663	EXIST::FUNCTION:
+! ENGINE_register_RSA                     2664	EXIST::FUNCTION:ENGINE
+! ENGINE_unregister_DSA                   2665	EXIST::FUNCTION:ENGINE
+  _ossl_old_des_key_sched                 2666	EXIST::FUNCTION:DES
+  X509_EXTENSION_it                       2667	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_EXTENSION_it                       2667	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2120,2126 ****
+  _ossl_old_des_ofb64_encrypt             2673	EXIST::FUNCTION:DES
+  d2i_EXTENDED_KEY_USAGE                  2674	EXIST::FUNCTION:
+  ERR_print_errors_cb                     2675	EXIST::FUNCTION:
+! ENGINE_set_ciphers                      2676	EXIST::FUNCTION:
+  d2i_KRB5_APREQBODY                      2677	EXIST::FUNCTION:
+  UI_method_get_flusher                   2678	EXIST::FUNCTION:
+  X509_PUBKEY_it                          2679	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2120,2126 ----
+  _ossl_old_des_ofb64_encrypt             2673	EXIST::FUNCTION:DES
+  d2i_EXTENDED_KEY_USAGE                  2674	EXIST::FUNCTION:
+  ERR_print_errors_cb                     2675	EXIST::FUNCTION:
+! ENGINE_set_ciphers                      2676	EXIST::FUNCTION:ENGINE
+  d2i_KRB5_APREQBODY                      2677	EXIST::FUNCTION:
+  UI_method_get_flusher                   2678	EXIST::FUNCTION:
+  X509_PUBKEY_it                          2679	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2156,2162 ****
+  _ossl_old_des_decrypt3                  2705	EXIST::FUNCTION:DES
+  X509_signature_print                    2706	EXIST::FUNCTION:EVP
+  OCSP_SINGLERESP_free                    2707	EXIST::FUNCTION:
+! ENGINE_load_builtin_engines             2708	EXIST::FUNCTION:
+  i2d_OCSP_ONEREQ                         2709	EXIST::FUNCTION:
+  OCSP_REQUEST_add_ext                    2710	EXIST::FUNCTION:
+  OCSP_RESPBYTES_new                      2711	EXIST::FUNCTION:
+--- 2156,2162 ----
+  _ossl_old_des_decrypt3                  2705	EXIST::FUNCTION:DES
+  X509_signature_print                    2706	EXIST::FUNCTION:EVP
+  OCSP_SINGLERESP_free                    2707	EXIST::FUNCTION:
+! ENGINE_load_builtin_engines             2708	EXIST::FUNCTION:ENGINE
+  i2d_OCSP_ONEREQ                         2709	EXIST::FUNCTION:
+  OCSP_REQUEST_add_ext                    2710	EXIST::FUNCTION:
+  OCSP_RESPBYTES_new                      2711	EXIST::FUNCTION:
+***************
+*** 2184,2190 ****
+  CERTIFICATEPOLICIES_it                  2728	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  CERTIFICATEPOLICIES_it                  2728	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  _ossl_old_des_ede3_cbc_encrypt          2729	EXIST::FUNCTION:DES
+! RAND_set_rand_engine                    2730	EXIST::FUNCTION:
+  DSO_get_loaded_filename                 2731	EXIST::FUNCTION:
+  X509_ATTRIBUTE_it                       2732	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_ATTRIBUTE_it                       2732	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2184,2190 ----
+  CERTIFICATEPOLICIES_it                  2728	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  CERTIFICATEPOLICIES_it                  2728	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  _ossl_old_des_ede3_cbc_encrypt          2729	EXIST::FUNCTION:DES
+! RAND_set_rand_engine                    2730	EXIST::FUNCTION:ENGINE
+  DSO_get_loaded_filename                 2731	EXIST::FUNCTION:
+  X509_ATTRIBUTE_it                       2732	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_ATTRIBUTE_it                       2732	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2206,2212 ****
+  i2d_OCSP_RESPBYTES                      2745	EXIST::FUNCTION:
+  PKCS12_unpack_p7encdata                 2746	EXIST::FUNCTION:
+  HMAC_CTX_init                           2747	EXIST::FUNCTION:HMAC
+! ENGINE_get_digest                       2748	EXIST::FUNCTION:
+  OCSP_RESPONSE_print                     2749	EXIST::FUNCTION:
+  KRB5_TKTBODY_it                         2750	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_TKTBODY_it                         2750	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2206,2212 ----
+  i2d_OCSP_RESPBYTES                      2745	EXIST::FUNCTION:
+  PKCS12_unpack_p7encdata                 2746	EXIST::FUNCTION:
+  HMAC_CTX_init                           2747	EXIST::FUNCTION:HMAC
+! ENGINE_get_digest                       2748	EXIST::FUNCTION:ENGINE
+  OCSP_RESPONSE_print                     2749	EXIST::FUNCTION:
+  KRB5_TKTBODY_it                         2750	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_TKTBODY_it                         2750	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2219,2234 ****
+  PKCS12_certbag2x509crl                  2754	EXIST::FUNCTION:
+  PKCS7_SIGNED_it                         2755	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS7_SIGNED_it                         2755	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_cipher                       2756	EXIST::FUNCTION:
+  i2d_OCSP_CRLID                          2757	EXIST::FUNCTION:
+  OCSP_SINGLERESP_new                     2758	EXIST::FUNCTION:
+! ENGINE_cmd_is_executable                2759	EXIST::FUNCTION:
+  RSA_up_ref                              2760	EXIST::FUNCTION:RSA
+  ASN1_GENERALSTRING_it                   2761	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_GENERALSTRING_it                   2761	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_register_DSA                     2762	EXIST::FUNCTION:
+  X509V3_EXT_add_nconf_sk                 2763	EXIST::FUNCTION:
+! ENGINE_set_load_pubkey_function         2764	EXIST::FUNCTION:
+  PKCS8_decrypt                           2765	EXIST::FUNCTION:
+  PEM_bytes_read_bio                      2766	EXIST::FUNCTION:BIO
+  DIRECTORYSTRING_it                      2767	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2219,2234 ----
+  PKCS12_certbag2x509crl                  2754	EXIST::FUNCTION:
+  PKCS7_SIGNED_it                         2755	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS7_SIGNED_it                         2755	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_cipher                       2756	EXIST::FUNCTION:ENGINE
+  i2d_OCSP_CRLID                          2757	EXIST::FUNCTION:
+  OCSP_SINGLERESP_new                     2758	EXIST::FUNCTION:
+! ENGINE_cmd_is_executable                2759	EXIST::FUNCTION:ENGINE
+  RSA_up_ref                              2760	EXIST::FUNCTION:RSA
+  ASN1_GENERALSTRING_it                   2761	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_GENERALSTRING_it                   2761	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_register_DSA                     2762	EXIST::FUNCTION:ENGINE
+  X509V3_EXT_add_nconf_sk                 2763	EXIST::FUNCTION:
+! ENGINE_set_load_pubkey_function         2764	EXIST::FUNCTION:ENGINE
+  PKCS8_decrypt                           2765	EXIST::FUNCTION:
+  PEM_bytes_read_bio                      2766	EXIST::FUNCTION:BIO
+  DIRECTORYSTRING_it                      2767	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2265,2271 ****
+  X509_ocspid_print                       2790	EXIST::FUNCTION:BIO
+  KRB5_ENCDATA_it                         2791	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_ENCDATA_it                         2791	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_load_pubkey_function         2792	EXIST::FUNCTION:
+  UI_add_user_data                        2793	EXIST::FUNCTION:
+  OCSP_REQUEST_delete_ext                 2794	EXIST::FUNCTION:
+  UI_get_method                           2795	EXIST::FUNCTION:
+--- 2265,2271 ----
+  X509_ocspid_print                       2790	EXIST::FUNCTION:BIO
+  KRB5_ENCDATA_it                         2791	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_ENCDATA_it                         2791	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_load_pubkey_function         2792	EXIST::FUNCTION:ENGINE
+  UI_add_user_data                        2793	EXIST::FUNCTION:
+  OCSP_REQUEST_delete_ext                 2794	EXIST::FUNCTION:
+  UI_get_method                           2795	EXIST::FUNCTION:
+***************
+*** 2289,2304 ****
+  ASN1_FBOOLEAN_it                        2806	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_set_ex_data                          2807	EXIST::FUNCTION:
+  _ossl_old_des_string_to_key             2808	EXIST::FUNCTION:DES
+! ENGINE_register_all_RSA                 2809	EXIST::FUNCTION:
+  d2i_KRB5_PRINCNAME                      2810	EXIST::FUNCTION:
+  OCSP_RESPBYTES_it                       2811	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPBYTES_it                       2811	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  X509_CINF_it                            2812	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_CINF_it                            2812	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_unregister_digests               2813	EXIST::FUNCTION:
+  d2i_EDIPARTYNAME                        2814	EXIST::FUNCTION:
+  d2i_OCSP_SERVICELOC                     2815	EXIST::FUNCTION:
+! ENGINE_get_digests                      2816	EXIST::FUNCTION:
+  _ossl_old_des_set_odd_parity            2817	EXIST::FUNCTION:DES
+  OCSP_RESPDATA_free                      2818	EXIST::FUNCTION:
+  d2i_KRB5_TICKET                         2819	EXIST::FUNCTION:
+--- 2289,2304 ----
+  ASN1_FBOOLEAN_it                        2806	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_set_ex_data                          2807	EXIST::FUNCTION:
+  _ossl_old_des_string_to_key             2808	EXIST::FUNCTION:DES
+! ENGINE_register_all_RSA                 2809	EXIST::FUNCTION:ENGINE
+  d2i_KRB5_PRINCNAME                      2810	EXIST::FUNCTION:
+  OCSP_RESPBYTES_it                       2811	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPBYTES_it                       2811	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  X509_CINF_it                            2812	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_CINF_it                            2812	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_unregister_digests               2813	EXIST::FUNCTION:ENGINE
+  d2i_EDIPARTYNAME                        2814	EXIST::FUNCTION:
+  d2i_OCSP_SERVICELOC                     2815	EXIST::FUNCTION:
+! ENGINE_get_digests                      2816	EXIST::FUNCTION:ENGINE
+  _ossl_old_des_set_odd_parity            2817	EXIST::FUNCTION:DES
+  OCSP_RESPDATA_free                      2818	EXIST::FUNCTION:
+  d2i_KRB5_TICKET                         2819	EXIST::FUNCTION:
+***************
+*** 2309,2315 ****
+  X509_CRL_set_version                    2823	EXIST::FUNCTION:
+  BN_mod_sub                              2824	EXIST::FUNCTION:
+  OCSP_SINGLERESP_get_ext_by_NID          2825	EXIST::FUNCTION:
+! ENGINE_get_ex_new_index                 2826	EXIST::FUNCTION:
+  OCSP_REQUEST_free                       2827	EXIST::FUNCTION:
+  OCSP_REQUEST_add1_ext_i2d               2828	EXIST::FUNCTION:
+  X509_VAL_it                             2829	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2309,2315 ----
+  X509_CRL_set_version                    2823	EXIST::FUNCTION:
+  BN_mod_sub                              2824	EXIST::FUNCTION:
+  OCSP_SINGLERESP_get_ext_by_NID          2825	EXIST::FUNCTION:
+! ENGINE_get_ex_new_index                 2826	EXIST::FUNCTION:ENGINE
+  OCSP_REQUEST_free                       2827	EXIST::FUNCTION:
+  OCSP_REQUEST_add1_ext_i2d               2828	EXIST::FUNCTION:
+  X509_VAL_it                             2829	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2343,2349 ****
+  i2d_KRB5_APREQBODY                      2853	EXIST::FUNCTION:
+  _ossl_old_des_ecb3_encrypt              2854	EXIST::FUNCTION:DES
+  CRYPTO_get_mem_ex_functions             2855	EXIST::FUNCTION:
+! ENGINE_get_ex_data                      2856	EXIST::FUNCTION:
+  UI_destroy_method                       2857	EXIST::FUNCTION:
+  ASN1_item_i2d_bio                       2858	EXIST::FUNCTION:BIO
+  OCSP_ONEREQ_get_ext_by_OBJ              2859	EXIST::FUNCTION:
+--- 2343,2349 ----
+  i2d_KRB5_APREQBODY                      2853	EXIST::FUNCTION:
+  _ossl_old_des_ecb3_encrypt              2854	EXIST::FUNCTION:DES
+  CRYPTO_get_mem_ex_functions             2855	EXIST::FUNCTION:
+! ENGINE_get_ex_data                      2856	EXIST::FUNCTION:ENGINE
+  UI_destroy_method                       2857	EXIST::FUNCTION:
+  ASN1_item_i2d_bio                       2858	EXIST::FUNCTION:BIO
+  OCSP_ONEREQ_get_ext_by_OBJ              2859	EXIST::FUNCTION:
+***************
+*** 2367,2373 ****
+  PKCS12_SAFEBAGS_it                      2872	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  d2i_OCSP_SIGNATURE                      2873	EXIST::FUNCTION:
+  OCSP_request_add1_nonce                 2874	EXIST::FUNCTION:
+! ENGINE_set_cmd_defns                    2875	EXIST::FUNCTION:
+  OCSP_SERVICELOC_free                    2876	EXIST::FUNCTION:
+  EC_GROUP_free                           2877	EXIST::FUNCTION:EC
+  ASN1_BIT_STRING_it                      2878	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2367,2373 ----
+  PKCS12_SAFEBAGS_it                      2872	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  d2i_OCSP_SIGNATURE                      2873	EXIST::FUNCTION:
+  OCSP_request_add1_nonce                 2874	EXIST::FUNCTION:
+! ENGINE_set_cmd_defns                    2875	EXIST::FUNCTION:ENGINE
+  OCSP_SERVICELOC_free                    2876	EXIST::FUNCTION:
+  EC_GROUP_free                           2877	EXIST::FUNCTION:EC
+  ASN1_BIT_STRING_it                      2878	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2384,2390 ****
+  OCSP_REQUEST_get1_ext_d2i               2886	EXIST::FUNCTION:
+  PKCS12_item_pack_safebag                2887	EXIST::FUNCTION:
+  asn1_ex_c2i                             2888	EXIST::FUNCTION:
+! ENGINE_register_digests                 2889	EXIST::FUNCTION:
+  i2d_OCSP_REVOKEDINFO                    2890	EXIST::FUNCTION:
+  asn1_enc_restore                        2891	EXIST::FUNCTION:
+  UI_free                                 2892	EXIST::FUNCTION:
+--- 2384,2390 ----
+  OCSP_REQUEST_get1_ext_d2i               2886	EXIST::FUNCTION:
+  PKCS12_item_pack_safebag                2887	EXIST::FUNCTION:
+  asn1_ex_c2i                             2888	EXIST::FUNCTION:
+! ENGINE_register_digests                 2889	EXIST::FUNCTION:ENGINE
+  i2d_OCSP_REVOKEDINFO                    2890	EXIST::FUNCTION:
+  asn1_enc_restore                        2891	EXIST::FUNCTION:
+  UI_free                                 2892	EXIST::FUNCTION:
+***************
+*** 2395,2401 ****
+  OCSP_basic_sign                         2897	EXIST::FUNCTION:
+  i2d_OCSP_RESPID                         2898	EXIST::FUNCTION:
+  OCSP_check_nonce                        2899	EXIST::FUNCTION:
+! ENGINE_ctrl_cmd                         2900	EXIST::FUNCTION:
+  d2i_KRB5_ENCKEY                         2901	EXIST::FUNCTION:
+  OCSP_parse_url                          2902	EXIST::FUNCTION:
+  OCSP_SINGLERESP_get_ext                 2903	EXIST::FUNCTION:
+--- 2395,2401 ----
+  OCSP_basic_sign                         2897	EXIST::FUNCTION:
+  i2d_OCSP_RESPID                         2898	EXIST::FUNCTION:
+  OCSP_check_nonce                        2899	EXIST::FUNCTION:
+! ENGINE_ctrl_cmd                         2900	EXIST::FUNCTION:ENGINE
+  d2i_KRB5_ENCKEY                         2901	EXIST::FUNCTION:
+  OCSP_parse_url                          2902	EXIST::FUNCTION:
+  OCSP_SINGLERESP_get_ext                 2903	EXIST::FUNCTION:
+***************
+*** 2403,2414 ****
+  OCSP_BASICRESP_get1_ext_d2i             2905	EXIST::FUNCTION:
+  RSAPrivateKey_it                        2906	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+  RSAPrivateKey_it                        2906	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+! ENGINE_register_all_DH                  2907	EXIST::FUNCTION:
+  i2d_EDIPARTYNAME                        2908	EXIST::FUNCTION:
+  EC_POINT_get_affine_coordinates_GFp     2909	EXIST:!VMS:FUNCTION:EC
+  EC_POINT_get_affine_coords_GFp          2909	EXIST:VMS:FUNCTION:EC
+  OCSP_CRLID_new                          2910	EXIST::FUNCTION:
+! ENGINE_get_flags                        2911	EXIST::FUNCTION:
+  OCSP_ONEREQ_it                          2912	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_ONEREQ_it                          2912	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_process                              2913	EXIST::FUNCTION:
+--- 2403,2414 ----
+  OCSP_BASICRESP_get1_ext_d2i             2905	EXIST::FUNCTION:
+  RSAPrivateKey_it                        2906	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+  RSAPrivateKey_it                        2906	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+! ENGINE_register_all_DH                  2907	EXIST::FUNCTION:ENGINE
+  i2d_EDIPARTYNAME                        2908	EXIST::FUNCTION:
+  EC_POINT_get_affine_coordinates_GFp     2909	EXIST:!VMS:FUNCTION:EC
+  EC_POINT_get_affine_coords_GFp          2909	EXIST:VMS:FUNCTION:EC
+  OCSP_CRLID_new                          2910	EXIST::FUNCTION:
+! ENGINE_get_flags                        2911	EXIST::FUNCTION:ENGINE
+  OCSP_ONEREQ_it                          2912	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_ONEREQ_it                          2912	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_process                              2913	EXIST::FUNCTION:
+***************
+*** 2416,2423 ****
+  ASN1_INTEGER_it                         2914	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  EVP_CipherInit_ex                       2915	EXIST::FUNCTION:
+  UI_get_string_type                      2916	EXIST::FUNCTION:
+! ENGINE_unregister_DH                    2917	EXIST::FUNCTION:
+! ENGINE_register_all_DSA                 2918	EXIST::FUNCTION:
+  OCSP_ONEREQ_get_ext_by_critical         2919	EXIST::FUNCTION:
+  bn_dup_expand                           2920	EXIST::FUNCTION:
+  OCSP_cert_id_new                        2921	EXIST::FUNCTION:
+--- 2416,2423 ----
+  ASN1_INTEGER_it                         2914	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  EVP_CipherInit_ex                       2915	EXIST::FUNCTION:
+  UI_get_string_type                      2916	EXIST::FUNCTION:
+! ENGINE_unregister_DH                    2917	EXIST::FUNCTION:ENGINE
+! ENGINE_register_all_DSA                 2918	EXIST::FUNCTION:ENGINE
+  OCSP_ONEREQ_get_ext_by_critical         2919	EXIST::FUNCTION:
+  bn_dup_expand                           2920	EXIST::FUNCTION:
+  OCSP_cert_id_new                        2921	EXIST::FUNCTION:
+***************
+*** 2438,2448 ****
+  OCSP_ONEREQ_add_ext                     2934	EXIST::FUNCTION:
+  OCSP_request_sign                       2935	EXIST::FUNCTION:
+  EVP_DigestFinal_ex                      2936	EXIST::FUNCTION:
+! ENGINE_set_digests                      2937	EXIST::FUNCTION:
+  OCSP_id_issuer_cmp                      2938	EXIST::FUNCTION:
+  OBJ_NAME_do_all                         2939	EXIST::FUNCTION:
+  EC_POINTs_mul                           2940	EXIST::FUNCTION:EC
+! ENGINE_register_complete                2941	EXIST::FUNCTION:
+  X509V3_EXT_nconf_nid                    2942	EXIST::FUNCTION:
+  ASN1_SEQUENCE_it                        2943	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_SEQUENCE_it                        2943	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2438,2448 ----
+  OCSP_ONEREQ_add_ext                     2934	EXIST::FUNCTION:
+  OCSP_request_sign                       2935	EXIST::FUNCTION:
+  EVP_DigestFinal_ex                      2936	EXIST::FUNCTION:
+! ENGINE_set_digests                      2937	EXIST::FUNCTION:ENGINE
+  OCSP_id_issuer_cmp                      2938	EXIST::FUNCTION:
+  OBJ_NAME_do_all                         2939	EXIST::FUNCTION:
+  EC_POINTs_mul                           2940	EXIST::FUNCTION:EC
+! ENGINE_register_complete                2941	EXIST::FUNCTION:ENGINE
+  X509V3_EXT_nconf_nid                    2942	EXIST::FUNCTION:
+  ASN1_SEQUENCE_it                        2943	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_SEQUENCE_it                        2943	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2451,2457 ****
+  UI_method_get_writer                    2946	EXIST::FUNCTION:
+  UI_OpenSSL                              2947	EXIST::FUNCTION:
+  PEM_def_callback                        2948	EXIST::FUNCTION:
+! ENGINE_cleanup                          2949	EXIST::FUNCTION:
+  DIST_POINT_it                           2950	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  DIST_POINT_it                           2950	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  OCSP_SINGLERESP_it                      2951	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2451,2457 ----
+  UI_method_get_writer                    2946	EXIST::FUNCTION:
+  UI_OpenSSL                              2947	EXIST::FUNCTION:
+  PEM_def_callback                        2948	EXIST::FUNCTION:
+! ENGINE_cleanup                          2949	EXIST::FUNCTION:ENGINE
+  DIST_POINT_it                           2950	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  DIST_POINT_it                           2950	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  OCSP_SINGLERESP_it                      2951	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2475,2481 ****
+  OCSP_RESPDATA_it                        2968	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPDATA_it                        2968	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  d2i_OCSP_RESPDATA                       2969	EXIST::FUNCTION:
+! ENGINE_register_all_complete            2970	EXIST::FUNCTION:
+  OCSP_check_validity                     2971	EXIST::FUNCTION:
+  PKCS12_BAGS_it                          2972	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS12_BAGS_it                          2972	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2475,2481 ----
+  OCSP_RESPDATA_it                        2968	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPDATA_it                        2968	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  d2i_OCSP_RESPDATA                       2969	EXIST::FUNCTION:
+! ENGINE_register_all_complete            2970	EXIST::FUNCTION:ENGINE
+  OCSP_check_validity                     2971	EXIST::FUNCTION:
+  PKCS12_BAGS_it                          2972	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS12_BAGS_it                          2972	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2487,2493 ****
+  X509_supported_extension                2977	EXIST::FUNCTION:
+  i2d_KRB5_AUTHDATA                       2978	EXIST::FUNCTION:
+  UI_method_get_opener                    2979	EXIST::FUNCTION:
+! ENGINE_set_ex_data                      2980	EXIST::FUNCTION:
+  OCSP_REQUEST_print                      2981	EXIST::FUNCTION:
+  CBIGNUM_it                              2982	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  CBIGNUM_it                              2982	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2487,2493 ----
+  X509_supported_extension                2977	EXIST::FUNCTION:
+  i2d_KRB5_AUTHDATA                       2978	EXIST::FUNCTION:
+  UI_method_get_opener                    2979	EXIST::FUNCTION:
+! ENGINE_set_ex_data                      2980	EXIST::FUNCTION:ENGINE
+  OCSP_REQUEST_print                      2981	EXIST::FUNCTION:
+  CBIGNUM_it                              2982	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  CBIGNUM_it                              2982	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2501,2507 ****
+  BN_swap                                 2990	EXIST::FUNCTION:
+  POLICYINFO_it                           2991	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  POLICYINFO_it                           2991	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_set_destroy_function             2992	EXIST::FUNCTION:
+  asn1_enc_free                           2993	EXIST::FUNCTION:
+  OCSP_RESPID_it                          2994	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPID_it                          2994	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2501,2507 ----
+  BN_swap                                 2990	EXIST::FUNCTION:
+  POLICYINFO_it                           2991	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  POLICYINFO_it                           2991	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_set_destroy_function             2992	EXIST::FUNCTION:ENGINE
+  asn1_enc_free                           2993	EXIST::FUNCTION:
+  OCSP_RESPID_it                          2994	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPID_it                          2994	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2523,2530 ****
+  NETSCAPE_SPKI_it                        3006	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  NETSCAPE_SPKI_it                        3006	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_get0_test_string                     3007	EXIST::FUNCTION:
+! ENGINE_get_cipher_engine                3008	EXIST::FUNCTION:
+! ENGINE_register_all_ciphers             3009	EXIST::FUNCTION:
+  EC_POINT_copy                           3010	EXIST::FUNCTION:EC
+  BN_kronecker                            3011	EXIST::FUNCTION:
+  _ossl_old_des_ede3_ofb64_encrypt        3012	EXIST:!VMS:FUNCTION:DES
+--- 2523,2530 ----
+  NETSCAPE_SPKI_it                        3006	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  NETSCAPE_SPKI_it                        3006	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_get0_test_string                     3007	EXIST::FUNCTION:
+! ENGINE_get_cipher_engine                3008	EXIST::FUNCTION:ENGINE
+! ENGINE_register_all_ciphers             3009	EXIST::FUNCTION:ENGINE
+  EC_POINT_copy                           3010	EXIST::FUNCTION:EC
+  BN_kronecker                            3011	EXIST::FUNCTION:
+  _ossl_old_des_ede3_ofb64_encrypt        3012	EXIST:!VMS:FUNCTION:DES
+***************
+*** 2545,2553 ****
+  AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
+  OCSP_resp_count                         3025	EXIST::FUNCTION:
+  KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
+! ENGINE_load_cswift                      3027	EXIST::FUNCTION:
+  OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
+! ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:
+  NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  NOTICEREF_it                            3030	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  X509V3_EXT_CRL_add_nconf                3031	EXIST::FUNCTION:
+--- 2545,2553 ----
+  AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
+  OCSP_resp_count                         3025	EXIST::FUNCTION:
+  KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
+! ENGINE_load_cswift                      3027	EXIST::FUNCTION:ENGINE
+  OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
+! ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:ENGINE
+  NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  NOTICEREF_it                            3030	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  X509V3_EXT_CRL_add_nconf                3031	EXIST::FUNCTION:
+***************
+*** 2565,2571 ****
+  asn1_enc_init                           3041	EXIST::FUNCTION:
+  UI_get_result_maxsize                   3042	EXIST::FUNCTION:
+  OCSP_CERTID_new                         3043	EXIST::FUNCTION:
+! ENGINE_unregister_RAND                  3044	EXIST::FUNCTION:
+  UI_method_get_closer                    3045	EXIST::FUNCTION:
+  d2i_KRB5_ENCDATA                        3046	EXIST::FUNCTION:
+  OCSP_request_onereq_count               3047	EXIST::FUNCTION:
+--- 2565,2571 ----
+  asn1_enc_init                           3041	EXIST::FUNCTION:
+  UI_get_result_maxsize                   3042	EXIST::FUNCTION:
+  OCSP_CERTID_new                         3043	EXIST::FUNCTION:
+! ENGINE_unregister_RAND                  3044	EXIST::FUNCTION:ENGINE
+  UI_method_get_closer                    3045	EXIST::FUNCTION:
+  d2i_KRB5_ENCDATA                        3046	EXIST::FUNCTION:
+  OCSP_request_onereq_count               3047	EXIST::FUNCTION:
+***************
+*** 2576,2582 ****
+  i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
+  i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
+  asn1_enc_save                           3054	EXIST::FUNCTION:
+! ENGINE_load_nuron                       3055	EXIST::FUNCTION:
+  _ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
+  PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2576,2582 ----
+  i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
+  i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
+  asn1_enc_save                           3054	EXIST::FUNCTION:
+! ENGINE_load_nuron                       3055	EXIST::FUNCTION:ENGINE
+  _ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
+  PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2598,2612 ****
+  EC_POINT_dbl                            3070	EXIST::FUNCTION:EC
+  asn1_get_choice_selector                3071	EXIST::FUNCTION:
+  i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
+! ENGINE_set_table_flags                  3073	EXIST::FUNCTION:
+  AES_options                             3074	EXIST::FUNCTION:AES
+! ENGINE_load_chil                        3075	EXIST::FUNCTION:
+  OCSP_id_cmp                             3076	EXIST::FUNCTION:
+  OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
+  KRB5_APREQ_it                           3079	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_APREQ_it                           3079	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_destroy_function             3080	EXIST::FUNCTION:
+  CONF_set_nconf                          3081	EXIST::FUNCTION:
+  ASN1_PRINTABLE_free                     3082	EXIST::FUNCTION:
+  OCSP_BASICRESP_get_ext_by_NID           3083	EXIST::FUNCTION:
+--- 2598,2612 ----
+  EC_POINT_dbl                            3070	EXIST::FUNCTION:EC
+  asn1_get_choice_selector                3071	EXIST::FUNCTION:
+  i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
+! ENGINE_set_table_flags                  3073	EXIST::FUNCTION:ENGINE
+  AES_options                             3074	EXIST::FUNCTION:AES
+! ENGINE_load_chil                        3075	EXIST::FUNCTION:ENGINE
+  OCSP_id_cmp                             3076	EXIST::FUNCTION:
+  OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
+  KRB5_APREQ_it                           3079	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_APREQ_it                           3079	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_destroy_function             3080	EXIST::FUNCTION:ENGINE
+  CONF_set_nconf                          3081	EXIST::FUNCTION:
+  ASN1_PRINTABLE_free                     3082	EXIST::FUNCTION:
+  OCSP_BASICRESP_get_ext_by_NID           3083	EXIST::FUNCTION:
+***************
+*** 2667,2673 ****
+  OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
+! ENGINE_load_atalla                      3130	EXIST::FUNCTION:
+  X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2667,2673 ----
+  OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
+! ENGINE_load_atalla                      3130	EXIST::FUNCTION:ENGINE
+  X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2685,2691 ****
+  ASN1_item_ex_free                       3141	EXIST::FUNCTION:
+  ASN1_BOOLEAN_it                         3142	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_BOOLEAN_it                         3142	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_table_flags                  3143	EXIST::FUNCTION:
+  UI_create_method                        3144	EXIST::FUNCTION:
+  OCSP_ONEREQ_add1_ext_i2d                3145	EXIST::FUNCTION:
+  _shadow_DES_check_key                   3146	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+--- 2685,2691 ----
+  ASN1_item_ex_free                       3141	EXIST::FUNCTION:
+  ASN1_BOOLEAN_it                         3142	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_BOOLEAN_it                         3142	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_table_flags                  3143	EXIST::FUNCTION:ENGINE
+  UI_create_method                        3144	EXIST::FUNCTION:
+  OCSP_ONEREQ_add1_ext_i2d                3145	EXIST::FUNCTION:
+  _shadow_DES_check_key                   3146	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+***************
+*** 2709,2715 ****
+  PKCS7_it                                3160	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  OCSP_REQUEST_get_ext_by_critical        3161	EXIST:!VMS:FUNCTION:
+  OCSP_REQUEST_get_ext_by_crit            3161	EXIST:VMS:FUNCTION:
+! ENGINE_set_flags                        3162	EXIST::FUNCTION:
+  _ossl_old_des_ecb_encrypt               3163	EXIST::FUNCTION:DES
+  OCSP_response_get1_basic                3164	EXIST::FUNCTION:
+  EVP_Digest                              3165	EXIST::FUNCTION:
+--- 2709,2715 ----
+  PKCS7_it                                3160	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  OCSP_REQUEST_get_ext_by_critical        3161	EXIST:!VMS:FUNCTION:
+  OCSP_REQUEST_get_ext_by_crit            3161	EXIST:VMS:FUNCTION:
+! ENGINE_set_flags                        3162	EXIST::FUNCTION:ENGINE
+  _ossl_old_des_ecb_encrypt               3163	EXIST::FUNCTION:DES
+  OCSP_response_get1_basic                3164	EXIST::FUNCTION:
+  EVP_Digest                              3165	EXIST::FUNCTION:
+***************
+*** 2721,2728 ****
+  BIGNUM_it                               3170	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  BIGNUM_it                               3170	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  AES_cbc_encrypt                         3171	EXIST::FUNCTION:AES
+! ENGINE_get_load_privkey_function        3172	EXIST:!VMS:FUNCTION:
+! ENGINE_get_load_privkey_fn              3172	EXIST:VMS:FUNCTION:
+  OCSP_RESPONSE_free                      3173	EXIST::FUNCTION:
+  UI_method_set_reader                    3174	EXIST::FUNCTION:
+  i2d_ASN1_T61STRING                      3175	EXIST::FUNCTION:
+--- 2721,2728 ----
+  BIGNUM_it                               3170	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  BIGNUM_it                               3170	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  AES_cbc_encrypt                         3171	EXIST::FUNCTION:AES
+! ENGINE_get_load_privkey_function        3172	EXIST:!VMS:FUNCTION:ENGINE
+! ENGINE_get_load_privkey_fn              3172	EXIST:VMS:FUNCTION:ENGINE
+  OCSP_RESPONSE_free                      3173	EXIST::FUNCTION:
+  UI_method_set_reader                    3174	EXIST::FUNCTION:
+  i2d_ASN1_T61STRING                      3175	EXIST::FUNCTION:
+***************
+*** 2736,2742 ****
+  OCSP_crlID2_new                         3181	EXIST:OS2,VMS,WIN16:FUNCTION:
+  CONF_modules_load_file                  3182	EXIST::FUNCTION:
+  CONF_imodule_set_usr_data               3183	EXIST::FUNCTION:
+! ENGINE_set_default_string               3184	EXIST::FUNCTION:
+  CONF_module_get_usr_data                3185	EXIST::FUNCTION:
+  ASN1_add_oid_module                     3186	EXIST::FUNCTION:
+  CONF_modules_finish                     3187	EXIST::FUNCTION:
+--- 2736,2742 ----
+  OCSP_crlID2_new                         3181	EXIST:OS2,VMS,WIN16:FUNCTION:
+  CONF_modules_load_file                  3182	EXIST::FUNCTION:
+  CONF_imodule_set_usr_data               3183	EXIST::FUNCTION:
+! ENGINE_set_default_string               3184	EXIST::FUNCTION:ENGINE
+  CONF_module_get_usr_data                3185	EXIST::FUNCTION:
+  ASN1_add_oid_module                     3186	EXIST::FUNCTION:
+  CONF_modules_finish                     3187	EXIST::FUNCTION:
+***************
+*** 2754,2760 ****
+  ERR_peek_top_error                      3199	NOEXIST::FUNCTION:
+  CONF_imodule_get_usr_data               3200	EXIST::FUNCTION:
+  CONF_imodule_set_flags                  3201	EXIST::FUNCTION:
+! ENGINE_add_conf_module                  3202	EXIST::FUNCTION:
+  ERR_peek_last_error_line                3203	EXIST::FUNCTION:
+  ERR_peek_last_error_line_data           3204	EXIST::FUNCTION:
+  ERR_peek_last_error                     3205	EXIST::FUNCTION:
+--- 2754,2760 ----
+  ERR_peek_top_error                      3199	NOEXIST::FUNCTION:
+  CONF_imodule_get_usr_data               3200	EXIST::FUNCTION:
+  CONF_imodule_set_flags                  3201	EXIST::FUNCTION:
+! ENGINE_add_conf_module                  3202	EXIST::FUNCTION:ENGINE
+  ERR_peek_last_error_line                3203	EXIST::FUNCTION:
+  ERR_peek_last_error_line_data           3204	EXIST::FUNCTION:
+  ERR_peek_last_error                     3205	EXIST::FUNCTION:
+***************
+*** 2762,2769 ****
+  DES_read_password                       3207	EXIST::FUNCTION:DES
+  UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
+  UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
+! ENGINE_load_aep                         3210	EXIST::FUNCTION:
+! ENGINE_load_sureware                    3211	EXIST::FUNCTION:
+  OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
+  OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
+  OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
+--- 2762,2769 ----
+  DES_read_password                       3207	EXIST::FUNCTION:DES
+  UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
+  UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
+! ENGINE_load_aep                         3210	EXIST::FUNCTION:ENGINE
+! ENGINE_load_sureware                    3211	EXIST::FUNCTION:ENGINE
+  OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
+  OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
+  OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
+***************
+*** 2772,2778 ****
+  AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
+  AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
+  AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
+! ENGINE_load_4758cca                     3218	EXIST::FUNCTION:
+  _ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
+  EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
+  EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
+--- 2772,2778 ----
+  AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
+  AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
+  AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
+! ENGINE_load_4758cca                     3218	EXIST::FUNCTION:ENGINE
+  _ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
+  EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
+  EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
+***************
+*** 2793,2799 ****
+  d2i_ASN1_UNIVERSALSTRING                3235	EXIST::FUNCTION:
+  EVP_des_ede3_ecb                        3236	EXIST::FUNCTION:DES
+  X509_REQ_print_ex                       3237	EXIST::FUNCTION:BIO
+! ENGINE_up_ref                           3238	EXIST::FUNCTION:
+  BUF_MEM_grow_clean                      3239	EXIST::FUNCTION:
+  CRYPTO_realloc_clean                    3240	EXIST::FUNCTION:
+  BUF_strlcat                             3241	EXIST::FUNCTION:
+--- 2793,2799 ----
+  d2i_ASN1_UNIVERSALSTRING                3235	EXIST::FUNCTION:
+  EVP_des_ede3_ecb                        3236	EXIST::FUNCTION:DES
+  X509_REQ_print_ex                       3237	EXIST::FUNCTION:BIO
+! ENGINE_up_ref                           3238	EXIST::FUNCTION:ENGINE
+  BUF_MEM_grow_clean                      3239	EXIST::FUNCTION:
+  CRYPTO_realloc_clean                    3240	EXIST::FUNCTION:
+  BUF_strlcat                             3241	EXIST::FUNCTION:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mk1mf.pl ../RELENG_4/crypto/openssl/util/mk1mf.pl
+*** crypto/openssl/util/mk1mf.pl	Mon Feb 24 20:42:51 2003
+--- ../RELENG_4/crypto/openssl/util/mk1mf.pl	Mon Feb 24 21:15:00 2003
+***************
+*** 64,69 ****
+--- 64,71 ----
+  	no-asm 					- No x86 asm
+  	no-krb5					- No KRB5
+  	no-ec					- No EC
++ 	no-engine				- No engine
++ 	no-hw					- No hw
+  	nasm 					- Use NASM for x86 asm
+  	gaswin					- Use GNU as with Mingw32
+  	no-socks				- No socket code
+***************
+*** 218,224 ****
+  $cflags.=" -DOPENSSL_NO_MD5"  if $no_md5;
+  $cflags.=" -DOPENSSL_NO_SHA"  if $no_sha;
+  $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
+! $cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160;
+  $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
+  $cflags.=" -DOPENSSL_NO_BF"  if $no_bf;
+  $cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
+--- 220,226 ----
+  $cflags.=" -DOPENSSL_NO_MD5"  if $no_md5;
+  $cflags.=" -DOPENSSL_NO_SHA"  if $no_sha;
+  $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
+! $cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd;
+  $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
+  $cflags.=" -DOPENSSL_NO_BF"  if $no_bf;
+  $cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
+***************
+*** 232,237 ****
+--- 234,241 ----
+  $cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
+  $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
+  $cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
++ $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
++ $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
+  #$cflags.=" -DRSAref"  if $rsaref ne "";
+  
+  ## if ($unix)
+***************
+*** 648,653 ****
+--- 652,659 ----
+  	local($dir,$val)=@_;
+  	local(@a,$_,$ret);
+  
++ 	return("") if $no_engine && $dir =~ /\/engine/;
++ 	return("") if $no_hw   && $dir =~ /\/hw/;
+  	return("") if $no_idea && $dir =~ /\/idea/;
+  	return("") if $no_aes  && $dir =~ /\/aes/;
+  	return("") if $no_rc2  && $dir =~ /\/rc2/;
+***************
+*** 691,697 ****
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+--- 697,703 ----
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+***************
+*** 708,713 ****
+--- 714,721 ----
+  	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+  	@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+  
++ 	@a=grep(!/^engine$/,@a) if $no_engine;
++ 	@a=grep(!/^hw$/,@a) if $no_hw;
+  	@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
+  	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+  	@a=grep(!/^gendsa$/,@a) if $no_sha1;
+***************
+*** 901,910 ****
+  	elsif (/^no-sock$/)	{ $no_sock=1; }
+  	elsif (/^no-krb5$/)	{ $no_krb5=1; }
+  	elsif (/^no-ec$/)	{ $no_ec=1; }
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1;
+  				  $no_aes=1; }
+  
+  	elsif (/^rsaref$/)	{ }
+--- 909,920 ----
+  	elsif (/^no-sock$/)	{ $no_sock=1; }
+  	elsif (/^no-krb5$/)	{ $no_krb5=1; }
+  	elsif (/^no-ec$/)	{ $no_ec=1; }
++ 	elsif (/^no-engine$/)	{ $no_engine=1; }
++ 	elsif (/^no-hw$/)	{ $no_hw=1; }
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_ripemd=$no_rc5=1;
+  				  $no_aes=1; }
+  
+  	elsif (/^rsaref$/)	{ }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkdef.pl ../RELENG_4/crypto/openssl/util/mkdef.pl
+*** crypto/openssl/util/mkdef.pl	Mon Feb 24 20:42:51 2003
+--- ../RELENG_4/crypto/openssl/util/mkdef.pl	Mon Feb 24 21:15:00 2003
+***************
+*** 91,97 ****
+  			 "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
+  			 "LOCKING",
+  			 # External "algorithms"
+! 			 "FP_API", "STDIO", "SOCK", "KRB5" );
+  
+  my $options="";
+  open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
+--- 91,97 ----
+  			 "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
+  			 "LOCKING",
+  			 # External "algorithms"
+! 			 "FP_API", "STDIO", "SOCK", "KRB5", "ENGINE", "HW" );
+  
+  my $options="";
+  open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
+***************
+*** 107,113 ****
+  my $no_cast;
+  my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+  my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+! my $no_ec;
+  my $no_fp_api;
+  
+  foreach (@ARGV, split(/ /, $options))
+--- 107,113 ----
+  my $no_cast;
+  my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+  my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+! my $no_ec; my $no_engine; my $no_hw;
+  my $no_fp_api;
+  
+  foreach (@ARGV, split(/ /, $options))
+***************
+*** 176,181 ****
+--- 176,183 ----
+  	elsif (/^no-comp$/)	{ $no_comp=1; }
+  	elsif (/^no-dso$/)	{ $no_dso=1; }
+  	elsif (/^no-krb5$/)	{ $no_krb5=1; }
++ 	elsif (/^no-engine$/)	{ $no_engine=1; }
++ 	elsif (/^no-hw$/)	{ $no_hw=1; }
+  	}
+  
+  
+***************
+*** 235,241 ****
+  $crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
+  $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
+  
+! $crypto.=" crypto/engine/engine.h";
+  $crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
+  $crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
+  $crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
+--- 237,243 ----
+  $crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
+  $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
+  
+! $crypto.=" crypto/engine/engine.h"; # unless $no_engine;
+  $crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
+  $crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
+  $crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
+***************
+*** 1052,1057 ****
+--- 1054,1061 ----
+  			if ($keyword eq "COMP" && $no_comp) { return 0; }
+  			if ($keyword eq "DSO" && $no_dso) { return 0; }
+  			if ($keyword eq "KRB5" && $no_krb5) { return 0; }
++ 			if ($keyword eq "ENGINE" && $no_engine) { return 0; }
++ 			if ($keyword eq "HW" && $no_hw) { return 0; }
+  			if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
+  
+  			# Nothing recognise as true
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/ssleay.num ../RELENG_4/crypto/openssl/util/ssleay.num
+*** crypto/openssl/util/ssleay.num	Mon Feb 24 20:42:51 2003
+--- ../RELENG_4/crypto/openssl/util/ssleay.num	Mon Feb 24 21:15:00 2003
+***************
+*** 169,175 ****
+  SSL_add_file_cert_subjs_to_stk          185	EXIST:VMS:FUNCTION:STDIO
+  SSL_set_tmp_rsa_callback                186	EXIST::FUNCTION:RSA
+  SSL_set_tmp_dh_callback                 187	EXIST::FUNCTION:DH
+! SSL_add_dir_cert_subjects_to_stack      188	EXIST:!VMS,!WIN32:FUNCTION:STDIO
+  SSL_add_dir_cert_subjs_to_stk           188	NOEXIST::FUNCTION:
+  SSL_set_session_id_context              189	EXIST::FUNCTION:
+  SSL_CTX_use_certificate_chain_file      222	EXIST:!VMS:FUNCTION:STDIO
+--- 169,175 ----
+  SSL_add_file_cert_subjs_to_stk          185	EXIST:VMS:FUNCTION:STDIO
+  SSL_set_tmp_rsa_callback                186	EXIST::FUNCTION:RSA
+  SSL_set_tmp_dh_callback                 187	EXIST::FUNCTION:DH
+! SSL_add_dir_cert_subjects_to_stack      188	EXIST:!VMS:FUNCTION:STDIO
+  SSL_add_dir_cert_subjs_to_stk           188	NOEXIST::FUNCTION:
+  SSL_set_session_id_context              189	EXIST::FUNCTION:
+  SSL_CTX_use_certificate_chain_file      222	EXIST:!VMS:FUNCTION:STDIO
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/Makefile.inc ../RELENG_4/secure/lib/libcrypto/Makefile.inc
+*** secure/lib/libcrypto/Makefile.inc	Mon Feb 24 20:43:37 2003
+--- ../RELENG_4/secure/lib/libcrypto/Makefile.inc	Mon Feb 24 21:15:46 2003
+***************
+*** 116,122 ****
+  	@(sec=${manpage:E}; \
+  	pod=${manpage:R}.pod; \
+  	cp ${LCRYPTO_DOC}/${_docs}/$$pod .; \
+! 	pod2man --section=$$sec --release="0.9.7" --center="OpenSSL" \
+  	  $$pod > ${.CURDIR}/man/${manpage}; \
+  	rm $$pod; \
+  	${ECHO} ${manpage})
+--- 116,122 ----
+  	@(sec=${manpage:E}; \
+  	pod=${manpage:R}.pod; \
+  	cp ${LCRYPTO_DOC}/${_docs}/$$pod .; \
+! 	pod2man --section=$$sec --release="0.9.7a" --center="OpenSSL" \
+  	  $$pod > ${.CURDIR}/man/${manpage}; \
+  	rm $$pod; \
+  	${ECHO} ${manpage})
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ASN1_OBJECT_new.3 ../RELENG_4/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+*** secure/lib/libcrypto/man/ASN1_OBJECT_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ASN1_OBJECT_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_OBJECT_new 3"
+! .TH ASN1_OBJECT_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_OBJECT_new 3"
+! .TH ASN1_OBJECT_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ASN1_STRING_length.3 ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_length.3
+*** secure/lib/libcrypto/man/ASN1_STRING_length.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_length.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_length 3"
+! .TH ASN1_STRING_length 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_length 3"
+! .TH ASN1_STRING_length 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ASN1_STRING_new.3 ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_new.3
+*** secure/lib/libcrypto/man/ASN1_STRING_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_new 3"
+! .TH ASN1_STRING_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_new 3"
+! .TH ASN1_STRING_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+*** secure/lib/libcrypto/man/ASN1_STRING_print_ex.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_print_ex 3"
+! .TH ASN1_STRING_print_ex 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp \- \s-1ASN1_STRING\s0 output routines.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_print_ex 3"
+! .TH ASN1_STRING_print_ex 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp \- \s-1ASN1_STRING\s0 output routines.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_ctrl.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_ctrl.3
+*** secure/lib/libcrypto/man/BIO_ctrl.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_ctrl.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_ctrl 3"
+! .TH BIO_ctrl 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_ctrl 3"
+! .TH BIO_ctrl 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_base64.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_base64.3
+*** secure/lib/libcrypto/man/BIO_f_base64.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_base64.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_base64 3"
+! .TH BIO_f_base64 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_base64 \- base64 \s-1BIO\s0 filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_base64 3"
+! .TH BIO_f_base64 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_base64 \- base64 \s-1BIO\s0 filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_buffer.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_buffer.3
+*** secure/lib/libcrypto/man/BIO_f_buffer.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_buffer.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_buffer 3"
+! .TH BIO_f_buffer 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_buffer \- buffering \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_buffer 3"
+! .TH BIO_f_buffer 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_buffer \- buffering \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_cipher.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_cipher.3
+*** secure/lib/libcrypto/man/BIO_f_cipher.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_cipher.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_cipher 3"
+! .TH BIO_f_cipher 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_cipher 3"
+! .TH BIO_f_cipher 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_md.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_md.3
+*** secure/lib/libcrypto/man/BIO_f_md.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_md.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_md 3"
+! .TH BIO_f_md 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_md 3"
+! .TH BIO_f_md 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_null.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_null.3
+*** secure/lib/libcrypto/man/BIO_f_null.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_null.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_null 3"
+! .TH BIO_f_null 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_null \- null filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_null 3"
+! .TH BIO_f_null 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_null \- null filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_ssl.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_ssl.3
+*** secure/lib/libcrypto/man/BIO_f_ssl.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_ssl.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_ssl 3"
+! .TH BIO_f_ssl 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_ssl 3"
+! .TH BIO_f_ssl 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_find_type.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_find_type.3
+*** secure/lib/libcrypto/man/BIO_find_type.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_find_type.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_find_type 3"
+! .TH BIO_find_type 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_find_type 3"
+! .TH BIO_find_type 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_new.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_new.3
+*** secure/lib/libcrypto/man/BIO_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_new 3"
+! .TH BIO_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_new 3"
+! .TH BIO_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_push.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_push.3
+*** secure/lib/libcrypto/man/BIO_push.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_push.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_push 3"
+! .TH BIO_push 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_push, BIO_pop \- add and remove BIOs from a chain.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_push 3"
+! .TH BIO_push 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_push, BIO_pop \- add and remove BIOs from a chain.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_read.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_read.3
+*** secure/lib/libcrypto/man/BIO_read.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_read.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_read 3"
+! .TH BIO_read 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_read 3"
+! .TH BIO_read 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_accept.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_accept.3
+*** secure/lib/libcrypto/man/BIO_s_accept.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_accept.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_accept 3"
+! .TH BIO_s_accept 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_accept 3"
+! .TH BIO_s_accept 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_bio.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_bio.3
+*** secure/lib/libcrypto/man/BIO_s_bio.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_bio.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_bio 3"
+! .TH BIO_s_bio 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, 
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_bio 3"
+! .TH BIO_s_bio 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, 
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_connect.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_connect.3
+*** secure/lib/libcrypto/man/BIO_s_connect.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_connect.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_connect 3"
+! .TH BIO_s_connect 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_connect 3"
+! .TH BIO_s_connect 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_fd.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_fd.3
+*** secure/lib/libcrypto/man/BIO_s_fd.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_fd.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_fd 3"
+! .TH BIO_s_fd 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_fd 3"
+! .TH BIO_s_fd 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_file.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_file.3
+*** secure/lib/libcrypto/man/BIO_s_file.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_file.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_file 3"
+! .TH BIO_s_file 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_file 3"
+! .TH BIO_s_file 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_mem.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_mem.3
+*** secure/lib/libcrypto/man/BIO_s_mem.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_mem.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_mem 3"
+! .TH BIO_s_mem 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_mem 3"
+! .TH BIO_s_mem 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_null.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_null.3
+*** secure/lib/libcrypto/man/BIO_s_null.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_null.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_null 3"
+! .TH BIO_s_null 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_null \- null data sink
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_null 3"
+! .TH BIO_s_null 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_null \- null data sink
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_socket.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_socket.3
+*** secure/lib/libcrypto/man/BIO_s_socket.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_socket.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_socket 3"
+! .TH BIO_s_socket 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_socket 3"
+! .TH BIO_s_socket 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_set_callback.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_set_callback.3
+*** secure/lib/libcrypto/man/BIO_set_callback.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_set_callback.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_set_callback 3"
+! .TH BIO_set_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_set_callback 3"
+! .TH BIO_set_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_should_retry.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_should_retry.3
+*** secure/lib/libcrypto/man/BIO_should_retry.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_should_retry.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_should_retry 3"
+! .TH BIO_should_retry 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_should_retry, BIO_should_read, BIO_should_write,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_should_retry 3"
+! .TH BIO_should_retry 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_should_retry, BIO_should_read, BIO_should_write,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_CTX_new.3 ../RELENG_4/secure/lib/libcrypto/man/BN_CTX_new.3
+*** secure/lib/libcrypto/man/BN_CTX_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_CTX_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_new 3"
+! .TH BN_CTX_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_new 3"
+! .TH BN_CTX_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_CTX_start.3 ../RELENG_4/secure/lib/libcrypto/man/BN_CTX_start.3
+*** secure/lib/libcrypto/man/BN_CTX_start.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_CTX_start.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_start 3"
+! .TH BN_CTX_start 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_start 3"
+! .TH BN_CTX_start 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_add.3 ../RELENG_4/secure/lib/libcrypto/man/BN_add.3
+*** secure/lib/libcrypto/man/BN_add.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_add.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add 3"
+! .TH BN_add 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add 3"
+! .TH BN_add 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_add_word.3 ../RELENG_4/secure/lib/libcrypto/man/BN_add_word.3
+*** secure/lib/libcrypto/man/BN_add_word.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_add_word.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add_word 3"
+! .TH BN_add_word 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add_word 3"
+! .TH BN_add_word 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_bn2bin.3 ../RELENG_4/secure/lib/libcrypto/man/BN_bn2bin.3
+*** secure/lib/libcrypto/man/BN_bn2bin.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_bn2bin.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_bn2bin 3"
+! .TH BN_bn2bin 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_bn2bin 3"
+! .TH BN_bn2bin 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_cmp.3 ../RELENG_4/secure/lib/libcrypto/man/BN_cmp.3
+*** secure/lib/libcrypto/man/BN_cmp.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_cmp.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_cmp 3"
+! .TH BN_cmp 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_cmp 3"
+! .TH BN_cmp 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_copy.3 ../RELENG_4/secure/lib/libcrypto/man/BN_copy.3
+*** secure/lib/libcrypto/man/BN_copy.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_copy.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_copy 3"
+! .TH BN_copy 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_copy, BN_dup \- copy BIGNUMs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_copy 3"
+! .TH BN_copy 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_copy, BN_dup \- copy BIGNUMs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_generate_prime.3 ../RELENG_4/secure/lib/libcrypto/man/BN_generate_prime.3
+*** secure/lib/libcrypto/man/BN_generate_prime.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_generate_prime.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_generate_prime 3"
+! .TH BN_generate_prime 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_generate_prime 3"
+! .TH BN_generate_prime 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality
+***************
+*** 202,208 ****
+  .PP
+  Both \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR perform a Miller-Rabin
+  probabilistic primality test with \fBchecks\fR iterations. If
+! \&\fBchecks == BN_prime_check\fR, a number of iterations is used that
+  yields a false positive rate of at most 2^\-80 for random input.
+  .PP
+  If \fBcallback\fR is not \fB\s-1NULL\s0\fR, \fBcallback(1, j, cb_arg)\fR is called
+--- 202,208 ----
+  .PP
+  Both \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR perform a Miller-Rabin
+  probabilistic primality test with \fBchecks\fR iterations. If
+! \&\fBchecks == BN_prime_checks\fR, a number of iterations is used that
+  yields a false positive rate of at most 2^\-80 for random input.
+  .PP
+  If \fBcallback\fR is not \fB\s-1NULL\s0\fR, \fBcallback(1, j, cb_arg)\fR is called
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_mod_inverse.3 ../RELENG_4/secure/lib/libcrypto/man/BN_mod_inverse.3
+*** secure/lib/libcrypto/man/BN_mod_inverse.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_mod_inverse.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_inverse 3"
+! .TH BN_mod_inverse 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_inverse \- compute inverse modulo n
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_inverse 3"
+! .TH BN_mod_inverse 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_inverse \- compute inverse modulo n
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 ../RELENG_4/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+*** secure/lib/libcrypto/man/BN_mod_mul_montgomery.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_montgomery 3"
+! .TH BN_mod_mul_montgomery 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_montgomery 3"
+! .TH BN_mod_mul_montgomery 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 ../RELENG_4/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+*** secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_reciprocal 3"
+! .TH BN_mod_mul_reciprocal 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_reciprocal 3"
+! .TH BN_mod_mul_reciprocal 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_new.3 ../RELENG_4/secure/lib/libcrypto/man/BN_new.3
+*** secure/lib/libcrypto/man/BN_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_new 3"
+! .TH BN_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_new 3"
+! .TH BN_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_num_bytes.3 ../RELENG_4/secure/lib/libcrypto/man/BN_num_bytes.3
+*** secure/lib/libcrypto/man/BN_num_bytes.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_num_bytes.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_num_bytes 3"
+! .TH BN_num_bytes 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_num_bytes 3"
+! .TH BN_num_bytes 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_rand.3 ../RELENG_4/secure/lib/libcrypto/man/BN_rand.3
+*** secure/lib/libcrypto/man/BN_rand.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_rand.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_rand 3"
+! .TH BN_rand 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_rand, BN_pseudo_rand \- generate pseudo-random number
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_rand 3"
+! .TH BN_rand 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_rand, BN_pseudo_rand \- generate pseudo-random number
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_set_bit.3 ../RELENG_4/secure/lib/libcrypto/man/BN_set_bit.3
+*** secure/lib/libcrypto/man/BN_set_bit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_set_bit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_set_bit 3"
+! .TH BN_set_bit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_set_bit 3"
+! .TH BN_set_bit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_swap.3 ../RELENG_4/secure/lib/libcrypto/man/BN_swap.3
+*** secure/lib/libcrypto/man/BN_swap.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_swap.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_swap 3"
+! .TH BN_swap 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_swap \- exchange BIGNUMs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_swap 3"
+! .TH BN_swap 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_swap \- exchange BIGNUMs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_zero.3 ../RELENG_4/secure/lib/libcrypto/man/BN_zero.3
+*** secure/lib/libcrypto/man/BN_zero.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_zero.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_zero 3"
+! .TH BN_zero 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_zero 3"
+! .TH BN_zero 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 ../RELENG_4/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
+*** secure/lib/libcrypto/man/CRYPTO_set_ex_data.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CRYPTO_set_ex_data 3"
+! .TH CRYPTO_set_ex_data 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CRYPTO_set_ex_data 3"
+! .TH CRYPTO_set_ex_data 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_generate_key.3 ../RELENG_4/secure/lib/libcrypto/man/DH_generate_key.3
+*** secure/lib/libcrypto/man/DH_generate_key.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_generate_key.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_key 3"
+! .TH DH_generate_key 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_key 3"
+! .TH DH_generate_key 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_generate_parameters.3 ../RELENG_4/secure/lib/libcrypto/man/DH_generate_parameters.3
+*** secure/lib/libcrypto/man/DH_generate_parameters.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_generate_parameters.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_parameters 3"
+! .TH DH_generate_parameters 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_parameters 3"
+! .TH DH_generate_parameters 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_get_ex_new_index.3 ../RELENG_4/secure/lib/libcrypto/man/DH_get_ex_new_index.3
+*** secure/lib/libcrypto/man/DH_get_ex_new_index.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_get_ex_new_index.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_get_ex_new_index 3"
+! .TH DH_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_get_ex_new_index 3"
+! .TH DH_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_new.3 ../RELENG_4/secure/lib/libcrypto/man/DH_new.3
+*** secure/lib/libcrypto/man/DH_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_new 3"
+! .TH DH_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_new, DH_free \- allocate and free \s-1DH\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_new 3"
+! .TH DH_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_new, DH_free \- allocate and free \s-1DH\s0 objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_set_method.3 ../RELENG_4/secure/lib/libcrypto/man/DH_set_method.3
+*** secure/lib/libcrypto/man/DH_set_method.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_set_method.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_set_method 3"
+! .TH DH_set_method 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_set_default_method, DH_get_default_method,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_set_method 3"
+! .TH DH_set_method 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_set_default_method, DH_get_default_method,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_size.3 ../RELENG_4/secure/lib/libcrypto/man/DH_size.3
+*** secure/lib/libcrypto/man/DH_size.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_size.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_size 3"
+! .TH DH_size 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_size \- get Diffie-Hellman prime size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_size 3"
+! .TH DH_size 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_size \- get Diffie-Hellman prime size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_SIG_new.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_SIG_new.3
+*** secure/lib/libcrypto/man/DSA_SIG_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_SIG_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_SIG_new 3"
+! .TH DSA_SIG_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_SIG_new 3"
+! .TH DSA_SIG_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_do_sign.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_do_sign.3
+*** secure/lib/libcrypto/man/DSA_do_sign.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_do_sign.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_do_sign 3"
+! .TH DSA_do_sign 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_do_sign 3"
+! .TH DSA_do_sign 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_dup_DH.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_dup_DH.3
+*** secure/lib/libcrypto/man/DSA_dup_DH.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_dup_DH.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_dup_DH 3"
+! .TH DSA_dup_DH 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_dup_DH 3"
+! .TH DSA_dup_DH 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_generate_key.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_generate_key.3
+*** secure/lib/libcrypto/man/DSA_generate_key.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_generate_key.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_key 3"
+! .TH DSA_generate_key 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_key \- generate \s-1DSA\s0 key pair
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_key 3"
+! .TH DSA_generate_key 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_key \- generate \s-1DSA\s0 key pair
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_generate_parameters.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_generate_parameters.3
+*** secure/lib/libcrypto/man/DSA_generate_parameters.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_generate_parameters.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_parameters 3"
+! .TH DSA_generate_parameters 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_parameters \- generate \s-1DSA\s0 parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_parameters 3"
+! .TH DSA_generate_parameters 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_parameters \- generate \s-1DSA\s0 parameters
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_get_ex_new_index.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
+*** secure/lib/libcrypto/man/DSA_get_ex_new_index.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_get_ex_new_index.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_get_ex_new_index 3"
+! .TH DSA_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_get_ex_new_index 3"
+! .TH DSA_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_new.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_new.3
+*** secure/lib/libcrypto/man/DSA_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_new 3"
+! .TH DSA_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_new 3"
+! .TH DSA_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_set_method.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_set_method.3
+*** secure/lib/libcrypto/man/DSA_set_method.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_set_method.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_set_method 3"
+! .TH DSA_set_method 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_set_default_method, DSA_get_default_method,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_set_method 3"
+! .TH DSA_set_method 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_set_default_method, DSA_get_default_method,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_sign.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_sign.3
+*** secure/lib/libcrypto/man/DSA_sign.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_sign.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_sign 3"
+! .TH DSA_sign 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_sign 3"
+! .TH DSA_sign 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_size.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_size.3
+*** secure/lib/libcrypto/man/DSA_size.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_size.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_size 3"
+! .TH DSA_size 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_size \- get \s-1DSA\s0 signature size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_size 3"
+! .TH DSA_size 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_size \- get \s-1DSA\s0 signature size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_GET_LIB.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_GET_LIB.3
+*** secure/lib/libcrypto/man/ERR_GET_LIB.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_GET_LIB.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_GET_LIB 3"
+! .TH ERR_GET_LIB 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_GET_LIB 3"
+! .TH ERR_GET_LIB 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_clear_error.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_clear_error.3
+*** secure/lib/libcrypto/man/ERR_clear_error.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_clear_error.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_clear_error 3"
+! .TH ERR_clear_error 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_clear_error \- clear the error queue
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_clear_error 3"
+! .TH ERR_clear_error 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_clear_error \- clear the error queue
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_error_string.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_error_string.3
+*** secure/lib/libcrypto/man/ERR_error_string.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_error_string.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_error_string 3"
+! .TH ERR_error_string 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_error_string 3"
+! .TH ERR_error_string 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_get_error.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_get_error.3
+*** secure/lib/libcrypto/man/ERR_get_error.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_get_error.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_get_error 3"
+! .TH ERR_get_error 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_get_error, ERR_peek_error, ERR_peek_last_error,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_get_error 3"
+! .TH ERR_get_error 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_get_error, ERR_peek_error, ERR_peek_last_error,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_load_crypto_strings.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+*** secure/lib/libcrypto/man/ERR_load_crypto_strings.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_load_crypto_strings.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_crypto_strings 3"
+! .TH ERR_load_crypto_strings 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_crypto_strings 3"
+! .TH ERR_load_crypto_strings 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_load_strings.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_load_strings.3
+*** secure/lib/libcrypto/man/ERR_load_strings.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_load_strings.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_strings 3"
+! .TH ERR_load_strings 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_strings 3"
+! .TH ERR_load_strings 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_print_errors.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_print_errors.3
+*** secure/lib/libcrypto/man/ERR_print_errors.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_print_errors.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_print_errors 3"
+! .TH ERR_print_errors 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_print_errors, ERR_print_errors_fp \- print error messages
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_print_errors 3"
+! .TH ERR_print_errors 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_print_errors, ERR_print_errors_fp \- print error messages
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_put_error.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_put_error.3
+*** secure/lib/libcrypto/man/ERR_put_error.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_put_error.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_put_error 3"
+! .TH ERR_put_error 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_put_error, ERR_add_error_data \- record an error
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_put_error 3"
+! .TH ERR_put_error 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_put_error, ERR_add_error_data \- record an error
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_remove_state.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_remove_state.3
+*** secure/lib/libcrypto/man/ERR_remove_state.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_remove_state.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_remove_state 3"
+! .TH ERR_remove_state 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_remove_state \- free a thread's error queue
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_remove_state 3"
+! .TH ERR_remove_state 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_remove_state \- free a thread's error queue
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_BytesToKey.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_BytesToKey.3
+*** secure/lib/libcrypto/man/EVP_BytesToKey.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_BytesToKey.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_BytesToKey 3"
+! .TH EVP_BytesToKey 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  .Vb 1
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_BytesToKey 3"
+! .TH EVP_BytesToKey 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  .Vb 1
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_DigestInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_DigestInit.3
+*** secure/lib/libcrypto/man/EVP_DigestInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_DigestInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_DigestInit 3"
+! .TH EVP_DigestInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_DigestInit 3"
+! .TH EVP_DigestInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_EncryptInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_EncryptInit.3
+*** secure/lib/libcrypto/man/EVP_EncryptInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_EncryptInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_EncryptInit 3"
+! .TH EVP_EncryptInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_EncryptInit 3"
+! .TH EVP_EncryptInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_OpenInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_OpenInit.3
+*** secure/lib/libcrypto/man/EVP_OpenInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_OpenInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_OpenInit 3"
+! .TH EVP_OpenInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_OpenInit 3"
+! .TH EVP_OpenInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_PKEY_new.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_PKEY_new.3
+*** secure/lib/libcrypto/man/EVP_PKEY_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_PKEY_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_PKEY_new 3"
+! .TH EVP_PKEY_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_PKEY_new 3"
+! .TH EVP_PKEY_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
+*** secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_PKEY_set1_RSA 3"
+! .TH EVP_PKEY_set1_RSA 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_PKEY_set1_RSA 3"
+! .TH EVP_PKEY_set1_RSA 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_SealInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_SealInit.3
+*** secure/lib/libcrypto/man/EVP_SealInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_SealInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SealInit 3"
+! .TH EVP_SealInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SealInit 3"
+! .TH EVP_SealInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption
+***************
+*** 158,178 ****
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \s-1EVP\s0 envelope routines are a high level interface to envelope
+! encryption. They generate a random key and then \*(L"envelope\*(R" it by
+! using public key encryption. Data can then be encrypted using this
+! key.
+  .PP
+  \&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
+! with cipher \fBtype\fR using a random secret key and \s-1IV\s0 supplied in
+! the \fBiv\fR parameter. \fBtype\fR is normally supplied by a function such
+! as \fIEVP_des_cbc()\fR. The secret key is encrypted using one or more public
+! keys, this allows the same encrypted data to be decrypted using any
+! of the corresponding private keys. \fBek\fR is an array of buffers where
+! the public key encrypted secret key will be written, each buffer must
+! contain enough room for the corresponding encrypted key: that is
+  \&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual
+  size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is
+  an array of \fBnpubk\fR public keys.
+  .PP
+  \&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties
+  as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as 
+--- 158,184 ----
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \s-1EVP\s0 envelope routines are a high level interface to envelope
+! encryption. They generate a random key and \s-1IV\s0 (if required) then
+! \&\*(L"envelope\*(R" it by using public key encryption. Data can then be
+! encrypted using this key.
+  .PP
+  \&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
+! with cipher \fBtype\fR using a random secret key and \s-1IV\s0. \fBtype\fR is normally
+! supplied by a function such as \fIEVP_des_cbc()\fR. The secret key is encrypted
+! using one or more public keys, this allows the same encrypted data to be
+! decrypted using any of the corresponding private keys. \fBek\fR is an array of
+! buffers where the public key encrypted secret key will be written, each buffer
+! must contain enough room for the corresponding encrypted key: that is
+  \&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual
+  size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is
+  an array of \fBnpubk\fR public keys.
++ .PP
++ The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must
++ contain enough room for the corresponding cipher's \s-1IV\s0, as determined by (for
++ example) EVP_CIPHER_iv_length(type).
++ .PP
++ If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored
++ and can be \fB\s-1NULL\s0\fR.
+  .PP
+  \&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties
+  as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as 
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_SignInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_SignInit.3
+*** secure/lib/libcrypto/man/EVP_SignInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_SignInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SignInit 3"
+! .TH EVP_SignInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SignInit 3"
+! .TH EVP_SignInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_VerifyInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_VerifyInit.3
+*** secure/lib/libcrypto/man/EVP_VerifyInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_VerifyInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_VerifyInit 3"
+! .TH EVP_VerifyInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_VerifyInit 3"
+! .TH EVP_VerifyInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/OBJ_nid2obj.3 ../RELENG_4/secure/lib/libcrypto/man/OBJ_nid2obj.3
+*** secure/lib/libcrypto/man/OBJ_nid2obj.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/OBJ_nid2obj.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OBJ_nid2obj 3"
+! .TH OBJ_nid2obj 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OBJ_nid2obj 3"
+! .TH OBJ_nid2obj 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 ../RELENG_4/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
+*** secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL_VERSION_NUMBER 3"
+! .TH OPENSSL_VERSION_NUMBER 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL_VERSION_NUMBER 3"
+! .TH OPENSSL_VERSION_NUMBER 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 ../RELENG_4/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+*** secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OpenSSL_add_all_algorithms 3"
+! .TH OpenSSL_add_all_algorithms 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OpenSSL_add_all_algorithms 3"
+! .TH OpenSSL_add_all_algorithms 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS12_create.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS12_create.3
+*** secure/lib/libcrypto/man/PKCS12_create.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS12_create.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12_create 3"
+! .TH PKCS12_create 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS12_create \- create a PKCS#12 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12_create 3"
+! .TH PKCS12_create 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS12_create \- create a PKCS#12 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS12_parse.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS12_parse.3
+*** secure/lib/libcrypto/man/PKCS12_parse.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS12_parse.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12_parse 3"
+! .TH PKCS12_parse 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS12_parse \- parse a PKCS#12 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12_parse 3"
+! .TH PKCS12_parse 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS12_parse \- parse a PKCS#12 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS7_decrypt.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS7_decrypt.3
+*** secure/lib/libcrypto/man/PKCS7_decrypt.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS7_decrypt.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_decrypt 3"
+! .TH PKCS7_decrypt 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_decrypt 3"
+! .TH PKCS7_decrypt 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS7_encrypt.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS7_encrypt.3
+*** secure/lib/libcrypto/man/PKCS7_encrypt.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS7_encrypt.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_encrypt 3"
+! .TH PKCS7_encrypt 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_encrypt \- create a PKCS#7 envelopedData structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_encrypt 3"
+! .TH PKCS7_encrypt 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_encrypt \- create a PKCS#7 envelopedData structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS7_sign.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS7_sign.3
+*** secure/lib/libcrypto/man/PKCS7_sign.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS7_sign.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_sign 3"
+! .TH PKCS7_sign 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_sign \- create a PKCS#7 signedData structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_sign 3"
+! .TH PKCS7_sign 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_sign \- create a PKCS#7 signedData structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS7_verify.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS7_verify.3
+*** secure/lib/libcrypto/man/PKCS7_verify.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS7_verify.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_verify 3"
+! .TH PKCS7_verify 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_verify \- verify a PKCS#7 signedData structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_verify 3"
+! .TH PKCS7_verify 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_verify \- verify a PKCS#7 signedData structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_add.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_add.3
+*** secure/lib/libcrypto/man/RAND_add.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_add.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_add 3"
+! .TH RAND_add 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_add 3"
+! .TH RAND_add 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_bytes.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_bytes.3
+*** secure/lib/libcrypto/man/RAND_bytes.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_bytes.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_bytes 3"
+! .TH RAND_bytes 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_bytes, RAND_pseudo_bytes \- generate random data
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_bytes 3"
+! .TH RAND_bytes 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_bytes, RAND_pseudo_bytes \- generate random data
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_cleanup.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_cleanup.3
+*** secure/lib/libcrypto/man/RAND_cleanup.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_cleanup.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_cleanup 3"
+! .TH RAND_cleanup 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_cleanup \- erase the \s-1PRNG\s0 state
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_cleanup 3"
+! .TH RAND_cleanup 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_cleanup \- erase the \s-1PRNG\s0 state
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_egd.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_egd.3
+*** secure/lib/libcrypto/man/RAND_egd.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_egd.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_egd 3"
+! .TH RAND_egd 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_egd \- query entropy gathering daemon
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_egd 3"
+! .TH RAND_egd 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_egd \- query entropy gathering daemon
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_load_file.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_load_file.3
+*** secure/lib/libcrypto/man/RAND_load_file.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_load_file.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_load_file 3"
+! .TH RAND_load_file 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_load_file 3"
+! .TH RAND_load_file 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_set_rand_method.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_set_rand_method.3
+*** secure/lib/libcrypto/man/RAND_set_rand_method.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_set_rand_method.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_set_rand_method 3"
+! .TH RAND_set_rand_method 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_set_rand_method 3"
+! .TH RAND_set_rand_method 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_blinding_on.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_blinding_on.3
+*** secure/lib/libcrypto/man/RSA_blinding_on.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_blinding_on.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_blinding_on 3"
+! .TH RSA_blinding_on 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_blinding_on 3"
+! .TH RSA_blinding_on 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_check_key.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_check_key.3
+*** secure/lib/libcrypto/man/RSA_check_key.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_check_key.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_check_key 3"
+! .TH RSA_check_key 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_check_key \- validate private \s-1RSA\s0 keys
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_check_key 3"
+! .TH RSA_check_key 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_check_key \- validate private \s-1RSA\s0 keys
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_generate_key.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_generate_key.3
+*** secure/lib/libcrypto/man/RSA_generate_key.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_generate_key.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_generate_key 3"
+! .TH RSA_generate_key 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_generate_key \- generate \s-1RSA\s0 key pair
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_generate_key 3"
+! .TH RSA_generate_key 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_generate_key \- generate \s-1RSA\s0 key pair
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_get_ex_new_index.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
+*** secure/lib/libcrypto/man/RSA_get_ex_new_index.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_get_ex_new_index.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_get_ex_new_index 3"
+! .TH RSA_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_get_ex_new_index 3"
+! .TH RSA_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_new.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_new.3
+*** secure/lib/libcrypto/man/RSA_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_new 3"
+! .TH RSA_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_new 3"
+! .TH RSA_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
+*** secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_padding_add_PKCS1_type_1 3"
+! .TH RSA_padding_add_PKCS1_type_1 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_padding_add_PKCS1_type_1 3"
+! .TH RSA_padding_add_PKCS1_type_1 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_print.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_print.3
+*** secure/lib/libcrypto/man/RSA_print.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_print.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_print 3"
+! .TH RSA_print 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_print, RSA_print_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_print 3"
+! .TH RSA_print 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_print, RSA_print_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_private_encrypt.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_private_encrypt.3
+*** secure/lib/libcrypto/man/RSA_private_encrypt.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_private_encrypt.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_private_encrypt 3"
+! .TH RSA_private_encrypt 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_private_encrypt, RSA_public_decrypt \- low level signature operations
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_private_encrypt 3"
+! .TH RSA_private_encrypt 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_private_encrypt, RSA_public_decrypt \- low level signature operations
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_public_encrypt.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_public_encrypt.3
+*** secure/lib/libcrypto/man/RSA_public_encrypt.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_public_encrypt.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_public_encrypt 3"
+! .TH RSA_public_encrypt 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_public_encrypt 3"
+! .TH RSA_public_encrypt 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_set_method.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_set_method.3
+*** secure/lib/libcrypto/man/RSA_set_method.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_set_method.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_set_method 3"
+! .TH RSA_set_method 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_set_method 3"
+! .TH RSA_set_method 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_sign.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_sign.3
+*** secure/lib/libcrypto/man/RSA_sign.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_sign.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign 3"
+! .TH RSA_sign 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign, RSA_verify \- \s-1RSA\s0 signatures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign 3"
+! .TH RSA_sign 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign, RSA_verify \- \s-1RSA\s0 signatures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
+*** secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign_ASN1_OCTET_STRING 3"
+! .TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign_ASN1_OCTET_STRING 3"
+! .TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_size.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_size.3
+*** secure/lib/libcrypto/man/RSA_size.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_size.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_size 3"
+! .TH RSA_size 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_size \- get \s-1RSA\s0 modulus size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_size 3"
+! .TH RSA_size 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_size \- get \s-1RSA\s0 modulus size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SMIME_read_PKCS7.3 ../RELENG_4/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
+*** secure/lib/libcrypto/man/SMIME_read_PKCS7.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/SMIME_read_PKCS7.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME_read_PKCS7 3"
+! .TH SMIME_read_PKCS7 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SMIME_read_PKCS7 \- parse S/MIME message.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME_read_PKCS7 3"
+! .TH SMIME_read_PKCS7 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SMIME_read_PKCS7 \- parse S/MIME message.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SMIME_write_PKCS7.3 ../RELENG_4/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
+*** secure/lib/libcrypto/man/SMIME_write_PKCS7.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/SMIME_write_PKCS7.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME_write_PKCS7 3"
+! .TH SMIME_write_PKCS7 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME_write_PKCS7 3"
+! .TH SMIME_write_PKCS7 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
+*** secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_ENTRY_get_object 3"
+! .TH X509_NAME_ENTRY_get_object 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_ENTRY_get_object 3"
+! .TH X509_NAME_ENTRY_get_object 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+*** secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_add_entry_by_txt 3"
+! .TH X509_NAME_add_entry_by_txt 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_add_entry_by_txt 3"
+! .TH X509_NAME_add_entry_by_txt 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+*** secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_get_index_by_NID 3"
+! .TH X509_NAME_get_index_by_NID 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_get_index_by_NID 3"
+! .TH X509_NAME_get_index_by_NID 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/X509_NAME_print_ex.3 ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_print_ex.3
+*** secure/lib/libcrypto/man/X509_NAME_print_ex.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_print_ex.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_print_ex 3"
+! .TH X509_NAME_print_ex 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_print_ex 3"
+! .TH X509_NAME_print_ex 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/X509_new.3 ../RELENG_4/secure/lib/libcrypto/man/X509_new.3
+*** secure/lib/libcrypto/man/X509_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/X509_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_new 3"
+! .TH X509_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_new, X509_free \- X509 certificate \s-1ASN1\s0 allocation functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_new 3"
+! .TH X509_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_new, X509_free \- X509 certificate \s-1ASN1\s0 allocation functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/bio.3 ../RELENG_4/secure/lib/libcrypto/man/bio.3
+*** secure/lib/libcrypto/man/bio.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/bio.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "bio 3"
+! .TH bio 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bio \- I/O abstraction
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "bio 3"
+! .TH bio 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bio \- I/O abstraction
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/blowfish.3 ../RELENG_4/secure/lib/libcrypto/man/blowfish.3
+*** secure/lib/libcrypto/man/blowfish.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/blowfish.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "blowfish 3"
+! .TH blowfish 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "blowfish 3"
+! .TH blowfish 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/bn.3 ../RELENG_4/secure/lib/libcrypto/man/bn.3
+*** secure/lib/libcrypto/man/bn.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/bn.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "bn 3"
+! .TH bn 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn \- multiprecision integer arithmetics
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "bn 3"
+! .TH bn 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn \- multiprecision integer arithmetics
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/bn_internal.3 ../RELENG_4/secure/lib/libcrypto/man/bn_internal.3
+*** secure/lib/libcrypto/man/bn_internal.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/bn_internal.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "bn_internal 3"
+! .TH bn_internal 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "bn_internal 3"
+! .TH bn_internal 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/buffer.3 ../RELENG_4/secure/lib/libcrypto/man/buffer.3
+*** secure/lib/libcrypto/man/buffer.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/buffer.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "buffer 3"
+! .TH buffer 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "buffer 3"
+! .TH buffer 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/crypto.3 ../RELENG_4/secure/lib/libcrypto/man/crypto.3
+*** secure/lib/libcrypto/man/crypto.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/crypto.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "crypto 3"
+! .TH crypto 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crypto \- OpenSSL cryptographic library
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "crypto 3"
+! .TH crypto 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crypto \- OpenSSL cryptographic library
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
+*** secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_ASN1_OBJECT 3"
+! .TH d2i_ASN1_OBJECT 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_ASN1_OBJECT 3"
+! .TH d2i_ASN1_OBJECT 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_DHparams.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_DHparams.3
+*** secure/lib/libcrypto/man/d2i_DHparams.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_DHparams.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_DHparams 3"
+! .TH d2i_DHparams 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_DHparams, i2d_DHparams \- PKCS#3 \s-1DH\s0 parameter functions.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_DHparams 3"
+! .TH d2i_DHparams 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_DHparams, i2d_DHparams \- PKCS#3 \s-1DH\s0 parameter functions.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_DSAPublicKey.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
+*** secure/lib/libcrypto/man/d2i_DSAPublicKey.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_DSAPublicKey.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_DSAPublicKey 3"
+! .TH d2i_DSAPublicKey 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_DSAPublicKey 3"
+! .TH d2i_DSAPublicKey 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
+*** secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_PKCS8PrivateKey 3"
+! .TH d2i_PKCS8PrivateKey 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_PKCS8PrivateKey 3"
+! .TH d2i_PKCS8PrivateKey 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_RSAPublicKey.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
+*** secure/lib/libcrypto/man/d2i_RSAPublicKey.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_RSAPublicKey.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_RSAPublicKey 3"
+! .TH d2i_RSAPublicKey 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_RSAPublicKey 3"
+! .TH d2i_RSAPublicKey 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509.3
+*** secure/lib/libcrypto/man/d2i_X509.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509 3"
+! .TH d2i_X509 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509 3"
+! .TH d2i_X509 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509_ALGOR.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
+*** secure/lib/libcrypto/man/d2i_X509_ALGOR.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_ALGOR.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_ALGOR 3"
+! .TH d2i_X509_ALGOR 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_ALGOR 3"
+! .TH d2i_X509_ALGOR 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509_CRL.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_CRL.3
+*** secure/lib/libcrypto/man/d2i_X509_CRL.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_CRL.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_CRL 3"
+! .TH d2i_X509_CRL 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_CRL 3"
+! .TH d2i_X509_CRL 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509_NAME.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_NAME.3
+*** secure/lib/libcrypto/man/d2i_X509_NAME.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_NAME.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_NAME 3"
+! .TH d2i_X509_NAME 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_NAME 3"
+! .TH d2i_X509_NAME 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509_REQ.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_REQ.3
+*** secure/lib/libcrypto/man/d2i_X509_REQ.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_REQ.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_REQ 3"
+! .TH d2i_X509_REQ 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_REQ 3"
+! .TH d2i_X509_REQ 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509_SIG.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_SIG.3
+*** secure/lib/libcrypto/man/d2i_X509_SIG.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_SIG.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_SIG 3"
+! .TH d2i_X509_SIG 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_SIG 3"
+! .TH d2i_X509_SIG 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/des.3 ../RELENG_4/secure/lib/libcrypto/man/des.3
+*** secure/lib/libcrypto/man/des.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/des.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "des 3"
+! .TH des 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "des 3"
+! .TH des 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/dh.3 ../RELENG_4/secure/lib/libcrypto/man/dh.3
+*** secure/lib/libcrypto/man/dh.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/dh.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "dh 3"
+! .TH dh 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dh \- Diffie-Hellman key agreement
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "dh 3"
+! .TH dh 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dh \- Diffie-Hellman key agreement
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/dsa.3 ../RELENG_4/secure/lib/libcrypto/man/dsa.3
+*** secure/lib/libcrypto/man/dsa.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/dsa.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "dsa 3"
+! .TH dsa 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- Digital Signature Algorithm
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "dsa 3"
+! .TH dsa 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- Digital Signature Algorithm
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/engine.3 ../RELENG_4/secure/lib/libcrypto/man/engine.3
+*** secure/lib/libcrypto/man/engine.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/engine.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "engine 3"
+! .TH engine 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  engine \- \s-1ENGINE\s0 cryptographic module support
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "engine 3"
+! .TH engine 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  engine \- \s-1ENGINE\s0 cryptographic module support
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/err.3 ../RELENG_4/secure/lib/libcrypto/man/err.3
+*** secure/lib/libcrypto/man/err.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/err.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "err 3"
+! .TH err 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  err \- error codes
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "err 3"
+! .TH err 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  err \- error codes
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/evp.3 ../RELENG_4/secure/lib/libcrypto/man/evp.3
+*** secure/lib/libcrypto/man/evp.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/evp.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "evp 3"
+! .TH evp 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  evp \- high-level cryptographic functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "evp 3"
+! .TH evp 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  evp \- high-level cryptographic functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/hmac.3 ../RELENG_4/secure/lib/libcrypto/man/hmac.3
+*** secure/lib/libcrypto/man/hmac.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/hmac.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "hmac 3"
+! .TH hmac 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "hmac 3"
+! .TH hmac 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/lh_stats.3 ../RELENG_4/secure/lib/libcrypto/man/lh_stats.3
+*** secure/lib/libcrypto/man/lh_stats.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/lh_stats.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "lh_stats 3"
+! .TH lh_stats 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "lh_stats 3"
+! .TH lh_stats 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/lhash.3 ../RELENG_4/secure/lib/libcrypto/man/lhash.3
+*** secure/lib/libcrypto/man/lhash.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/lhash.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "lhash 3"
+! .TH lhash 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error \- dynamic hash table
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "lhash 3"
+! .TH lhash 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error \- dynamic hash table
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/md5.3 ../RELENG_4/secure/lib/libcrypto/man/md5.3
+*** secure/lib/libcrypto/man/md5.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/md5.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "md5 3"
+! .TH md5 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "md5 3"
+! .TH md5 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/mdc2.3 ../RELENG_4/secure/lib/libcrypto/man/mdc2.3
+*** secure/lib/libcrypto/man/mdc2.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/mdc2.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "mdc2 3"
+! .TH mdc2 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "mdc2 3"
+! .TH mdc2 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/pem.3 ../RELENG_4/secure/lib/libcrypto/man/pem.3
+*** secure/lib/libcrypto/man/pem.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/pem.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "pem 3"
+! .TH pem 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1PEM\s0 \- \s-1PEM\s0 routines
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "pem 3"
+! .TH pem 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1PEM\s0 \- \s-1PEM\s0 routines
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rand.3 ../RELENG_4/secure/lib/libcrypto/man/rand.3
+*** secure/lib/libcrypto/man/rand.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/rand.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "rand 3"
+! .TH rand 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- pseudo-random number generator
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "rand 3"
+! .TH rand 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- pseudo-random number generator
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rc4.3 ../RELENG_4/secure/lib/libcrypto/man/rc4.3
+*** secure/lib/libcrypto/man/rc4.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/rc4.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "rc4 3"
+! .TH rc4 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "rc4 3"
+! .TH rc4 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ripemd.3 ../RELENG_4/secure/lib/libcrypto/man/ripemd.3
+*** secure/lib/libcrypto/man/ripemd.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ripemd.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ripemd 3"
+! .TH ripemd 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ripemd 3"
+! .TH ripemd 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rsa.3 ../RELENG_4/secure/lib/libcrypto/man/rsa.3
+*** secure/lib/libcrypto/man/rsa.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/rsa.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "rsa 3"
+! .TH rsa 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 public key cryptosystem
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "rsa 3"
+! .TH rsa 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 public key cryptosystem
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/sha.3 ../RELENG_4/secure/lib/libcrypto/man/sha.3
+*** secure/lib/libcrypto/man/sha.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/sha.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "sha 3"
+! .TH sha 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "sha 3"
+! .TH sha 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/threads.3 ../RELENG_4/secure/lib/libcrypto/man/threads.3
+*** secure/lib/libcrypto/man/threads.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/threads.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:07 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "threads 3"
+! .TH threads 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "threads 3"
+! .TH threads 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ui.3 ../RELENG_4/secure/lib/libcrypto/man/ui.3
+*** secure/lib/libcrypto/man/ui.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ui.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:07 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ui 3"
+! .TH ui 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ui 3"
+! .TH ui 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ui_compat.3 ../RELENG_4/secure/lib/libcrypto/man/ui_compat.3
+*** secure/lib/libcrypto/man/ui_compat.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ui_compat.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:07 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ui_compat 3"
+! .TH ui_compat 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ui_compat 3"
+! .TH ui_compat 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CIPHER_get_name.3 ../RELENG_4/secure/lib/libssl/man/SSL_CIPHER_get_name.3
+*** secure/lib/libssl/man/SSL_CIPHER_get_name.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CIPHER_get_name.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CIPHER_get_name 3"
+! .TH SSL_CIPHER_get_name 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CIPHER_get_name 3"
+! .TH SSL_CIPHER_get_name 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_COMP_add_compression_method.3 ../RELENG_4/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
+*** secure/lib/libssl/man/SSL_COMP_add_compression_method.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_COMP_add_compression_method.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_COMP_add_compression_method 3"
+! .TH SSL_COMP_add_compression_method 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_COMP_add_compression_method 3"
+! .TH SSL_COMP_add_compression_method 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
+*** secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_extra_chain_cert 3"
+! .TH SSL_CTX_add_extra_chain_cert 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_extra_chain_cert \- add certificate to chain
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_extra_chain_cert 3"
+! .TH SSL_CTX_add_extra_chain_cert 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_extra_chain_cert \- add certificate to chain
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_add_session.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_add_session.3
+*** secure/lib/libssl/man/SSL_CTX_add_session.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_add_session.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_session 3"
+! .TH SSL_CTX_add_session 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_session 3"
+! .TH SSL_CTX_add_session 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_ctrl.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_ctrl.3
+*** secure/lib/libssl/man/SSL_CTX_ctrl.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_ctrl.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_ctrl 3"
+! .TH SSL_CTX_ctrl 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_ctrl 3"
+! .TH SSL_CTX_ctrl 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_flush_sessions.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
+*** secure/lib/libssl/man/SSL_CTX_flush_sessions.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_flush_sessions.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_flush_sessions 3"
+! .TH SSL_CTX_flush_sessions 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_flush_sessions 3"
+! .TH SSL_CTX_flush_sessions 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_free.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_free.3
+*** secure/lib/libssl/man/SSL_CTX_free.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_free.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:20 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_free 3"
+! .TH SSL_CTX_free 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_free 3"
+! .TH SSL_CTX_free 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
+*** secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:20 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_ex_new_index 3"
+! .TH SSL_CTX_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_ex_new_index 3"
+! .TH SSL_CTX_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
+*** secure/lib/libssl/man/SSL_CTX_get_verify_mode.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_verify_mode 3"
+! .TH SSL_CTX_get_verify_mode 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_verify_mode 3"
+! .TH SSL_CTX_get_verify_mode 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
+*** secure/lib/libssl/man/SSL_CTX_load_verify_locations.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_load_verify_locations 3"
+! .TH SSL_CTX_load_verify_locations 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_load_verify_locations 3"
+! .TH SSL_CTX_load_verify_locations 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_new.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_new.3
+*** secure/lib/libssl/man/SSL_CTX_new.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_new.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_new 3"
+! .TH SSL_CTX_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_new 3"
+! .TH SSL_CTX_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_sess_number.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_number.3
+*** secure/lib/libssl/man/SSL_CTX_sess_number.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_number.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_number 3"
+! .TH SSL_CTX_sess_number 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_number 3"
+! .TH SSL_CTX_sess_number 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
+*** secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_cache_size 3"
+! .TH SSL_CTX_sess_set_cache_size 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_cache_size 3"
+! .TH SSL_CTX_sess_set_cache_size 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
+*** secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_get_cb 3"
+! .TH SSL_CTX_sess_set_get_cb 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_get_cb 3"
+! .TH SSL_CTX_sess_set_get_cb 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_sessions.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sessions.3
+*** secure/lib/libssl/man/SSL_CTX_sessions.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sessions.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sessions 3"
+! .TH SSL_CTX_sessions 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sessions \- access internal session cache
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sessions 3"
+! .TH SSL_CTX_sessions 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sessions \- access internal session cache
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_cert_store.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
+*** secure/lib/libssl/man/SSL_CTX_set_cert_store.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cert_store.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_store 3"
+! .TH SSL_CTX_set_cert_store 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_store 3"
+! .TH SSL_CTX_set_cert_store 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
+*** secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_verify_callback 3"
+! .TH SSL_CTX_set_cert_verify_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_verify_callback 3"
+! .TH SSL_CTX_set_cert_verify_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
+*** secure/lib/libssl/man/SSL_CTX_set_cipher_list.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cipher_list 3"
+! .TH SSL_CTX_set_cipher_list 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cipher_list 3"
+! .TH SSL_CTX_set_cipher_list 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
+*** secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_CA_list 3"
+! .TH SSL_CTX_set_client_CA_list 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_CA_list 3"
+! .TH SSL_CTX_set_client_CA_list 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
+*** secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_cert_cb 3"
+! .TH SSL_CTX_set_client_cert_cb 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_cert_cb 3"
+! .TH SSL_CTX_set_client_cert_cb 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
+*** secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_default_passwd_cb 3"
+! .TH SSL_CTX_set_default_passwd_cb 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_default_passwd_cb 3"
+! .TH SSL_CTX_set_default_passwd_cb 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
+*** secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_generate_session_id 3"
+! .TH SSL_CTX_set_generate_session_id 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of \s-1SSL\s0 session IDs (server only)
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_generate_session_id 3"
+! .TH SSL_CTX_set_generate_session_id 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of \s-1SSL\s0 session IDs (server only)
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_info_callback.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
+*** secure/lib/libssl/man/SSL_CTX_set_info_callback.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_info_callback.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_info_callback 3"
+! .TH SSL_CTX_set_info_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_info_callback 3"
+! .TH SSL_CTX_set_info_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
+*** secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_max_cert_list 3"
+! .TH SSL_CTX_set_max_cert_list 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, \- manipulate allowed for the peer's certificate chain
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_max_cert_list 3"
+! .TH SSL_CTX_set_max_cert_list 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, \- manipulate allowed for the peer's certificate chain
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_mode.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_mode.3
+*** secure/lib/libssl/man/SSL_CTX_set_mode.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_mode.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_mode 3"
+! .TH SSL_CTX_set_mode 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_mode 3"
+! .TH SSL_CTX_set_mode 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
+*** secure/lib/libssl/man/SSL_CTX_set_msg_callback.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_msg_callback 3"
+! .TH SSL_CTX_set_msg_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg \- install callback for observing protocol messages
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_msg_callback 3"
+! .TH SSL_CTX_set_msg_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg \- install callback for observing protocol messages
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_options.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_options.3
+*** secure/lib/libssl/man/SSL_CTX_set_options.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_options.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_options 3"
+! .TH SSL_CTX_set_options 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_options 3"
+! .TH SSL_CTX_set_options 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
+*** secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_quiet_shutdown 3"
+! .TH SSL_CTX_set_quiet_shutdown 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_quiet_shutdown 3"
+! .TH SSL_CTX_set_quiet_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
+*** secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_cache_mode 3"
+! .TH SSL_CTX_set_session_cache_mode 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_cache_mode 3"
+! .TH SSL_CTX_set_session_cache_mode 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
+*** secure/lib/libssl/man/SSL_CTX_set_session_id_context.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_id_context 3"
+! .TH SSL_CTX_set_session_id_context 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only)
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_id_context 3"
+! .TH SSL_CTX_set_session_id_context 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only)
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
+*** secure/lib/libssl/man/SSL_CTX_set_ssl_version.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_ssl_version 3"
+! .TH SSL_CTX_set_ssl_version 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_ssl_version 3"
+! .TH SSL_CTX_set_ssl_version 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_timeout.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_timeout.3
+*** secure/lib/libssl/man/SSL_CTX_set_timeout.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_timeout.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_timeout 3"
+! .TH SSL_CTX_set_timeout 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_timeout 3"
+! .TH SSL_CTX_set_timeout 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+*** secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_dh_callback 3"
+! .TH SSL_CTX_set_tmp_dh_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_dh_callback 3"
+! .TH SSL_CTX_set_tmp_dh_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
+*** secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_rsa_callback 3"
+! .TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_rsa_callback 3"
+! .TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_verify.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_verify.3
+*** secure/lib/libssl/man/SSL_CTX_set_verify.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_verify.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_verify 3"
+! .TH SSL_CTX_set_verify 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_verify 3"
+! .TH SSL_CTX_set_verify 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_use_certificate.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_use_certificate.3
+*** secure/lib/libssl/man/SSL_CTX_use_certificate.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_use_certificate.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_use_certificate 3"
+! .TH SSL_CTX_use_certificate 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_use_certificate 3"
+! .TH SSL_CTX_use_certificate 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_SESSION_free.3 ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_free.3
+*** secure/lib/libssl/man/SSL_SESSION_free.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_free.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_free 3"
+! .TH SSL_SESSION_free 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_free 3"
+! .TH SSL_SESSION_free 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
+*** secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_ex_new_index 3"
+! .TH SSL_SESSION_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_ex_new_index 3"
+! .TH SSL_SESSION_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_SESSION_get_time.3 ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_get_time.3
+*** secure/lib/libssl/man/SSL_SESSION_get_time.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_get_time.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_time 3"
+! .TH SSL_SESSION_get_time 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_time 3"
+! .TH SSL_SESSION_get_time 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_accept.3 ../RELENG_4/secure/lib/libssl/man/SSL_accept.3
+*** secure/lib/libssl/man/SSL_accept.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_accept.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_accept 3"
+! .TH SSL_accept 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_accept 3"
+! .TH SSL_accept 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_alert_type_string.3 ../RELENG_4/secure/lib/libssl/man/SSL_alert_type_string.3
+*** secure/lib/libssl/man/SSL_alert_type_string.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_alert_type_string.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_alert_type_string 3"
+! .TH SSL_alert_type_string 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_alert_type_string 3"
+! .TH SSL_alert_type_string 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_clear.3 ../RELENG_4/secure/lib/libssl/man/SSL_clear.3
+*** secure/lib/libssl/man/SSL_clear.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_clear.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_clear 3"
+! .TH SSL_clear 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_clear \- reset \s-1SSL\s0 object to allow another connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_clear 3"
+! .TH SSL_clear 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_clear \- reset \s-1SSL\s0 object to allow another connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_connect.3 ../RELENG_4/secure/lib/libssl/man/SSL_connect.3
+*** secure/lib/libssl/man/SSL_connect.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_connect.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_connect 3"
+! .TH SSL_connect 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_connect 3"
+! .TH SSL_connect 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_do_handshake.3 ../RELENG_4/secure/lib/libssl/man/SSL_do_handshake.3
+*** secure/lib/libssl/man/SSL_do_handshake.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_do_handshake.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_do_handshake 3"
+! .TH SSL_do_handshake 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_do_handshake 3"
+! .TH SSL_do_handshake 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_free.3 ../RELENG_4/secure/lib/libssl/man/SSL_free.3
+*** secure/lib/libssl/man/SSL_free.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_free.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_free 3"
+! .TH SSL_free 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_free \- free an allocated \s-1SSL\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_free 3"
+! .TH SSL_free 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_free \- free an allocated \s-1SSL\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_SSL_CTX.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_SSL_CTX.3
+*** secure/lib/libssl/man/SSL_get_SSL_CTX.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_SSL_CTX.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_SSL_CTX 3"
+! .TH SSL_get_SSL_CTX 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_SSL_CTX 3"
+! .TH SSL_get_SSL_CTX 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_ciphers.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_ciphers.3
+*** secure/lib/libssl/man/SSL_get_ciphers.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_ciphers.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ciphers 3"
+! .TH SSL_get_ciphers 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ciphers 3"
+! .TH SSL_get_ciphers 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_client_CA_list.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_client_CA_list.3
+*** secure/lib/libssl/man/SSL_get_client_CA_list.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_client_CA_list.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_client_CA_list 3"
+! .TH SSL_get_client_CA_list 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_client_CA_list 3"
+! .TH SSL_get_client_CA_list 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_current_cipher.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_current_cipher.3
+*** secure/lib/libssl/man/SSL_get_current_cipher.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_current_cipher.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_current_cipher 3"
+! .TH SSL_get_current_cipher 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_current_cipher 3"
+! .TH SSL_get_current_cipher 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_default_timeout.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_default_timeout.3
+*** secure/lib/libssl/man/SSL_get_default_timeout.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_default_timeout.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_default_timeout 3"
+! .TH SSL_get_default_timeout 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_default_timeout \- get default session timeout value
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_default_timeout 3"
+! .TH SSL_get_default_timeout 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_default_timeout \- get default session timeout value
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_error.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_error.3
+*** secure/lib/libssl/man/SSL_get_error.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_error.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_error 3"
+! .TH SSL_get_error 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_error 3"
+! .TH SSL_get_error 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
+*** secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
+! .TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
+! .TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_ex_new_index.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_ex_new_index.3
+*** secure/lib/libssl/man/SSL_get_ex_new_index.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_ex_new_index.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_new_index 3"
+! .TH SSL_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_new_index 3"
+! .TH SSL_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_fd.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_fd.3
+*** secure/lib/libssl/man/SSL_get_fd.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_fd.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_fd 3"
+! .TH SSL_get_fd 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_fd 3"
+! .TH SSL_get_fd 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_peer_cert_chain.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
+*** secure/lib/libssl/man/SSL_get_peer_cert_chain.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_peer_cert_chain.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_cert_chain 3"
+! .TH SSL_get_peer_cert_chain 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_cert_chain 3"
+! .TH SSL_get_peer_cert_chain 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_peer_certificate.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_peer_certificate.3
+*** secure/lib/libssl/man/SSL_get_peer_certificate.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_peer_certificate.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_certificate 3"
+! .TH SSL_get_peer_certificate 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_certificate \- get the X509 certificate of the peer
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_certificate 3"
+! .TH SSL_get_peer_certificate 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_certificate \- get the X509 certificate of the peer
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_rbio.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_rbio.3
+*** secure/lib/libssl/man/SSL_get_rbio.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_rbio.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_rbio 3"
+! .TH SSL_get_rbio 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_rbio 3"
+! .TH SSL_get_rbio 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_session.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_session.3
+*** secure/lib/libssl/man/SSL_get_session.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_session.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_session 3"
+! .TH SSL_get_session 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_session 3"
+! .TH SSL_get_session 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_verify_result.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_verify_result.3
+*** secure/lib/libssl/man/SSL_get_verify_result.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_verify_result.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_verify_result 3"
+! .TH SSL_get_verify_result 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_verify_result \- get result of peer certificate verification
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_verify_result 3"
+! .TH SSL_get_verify_result 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_verify_result \- get result of peer certificate verification
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_version.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_version.3
+*** secure/lib/libssl/man/SSL_get_version.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_version.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_version 3"
+! .TH SSL_get_version 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_version \- get the protocol version of a connection.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_version 3"
+! .TH SSL_get_version 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_version \- get the protocol version of a connection.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_library_init.3 ../RELENG_4/secure/lib/libssl/man/SSL_library_init.3
+*** secure/lib/libssl/man/SSL_library_init.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_library_init.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_library_init 3"
+! .TH SSL_library_init 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_library_init 3"
+! .TH SSL_library_init 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_load_client_CA_file.3 ../RELENG_4/secure/lib/libssl/man/SSL_load_client_CA_file.3
+*** secure/lib/libssl/man/SSL_load_client_CA_file.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_load_client_CA_file.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_load_client_CA_file 3"
+! .TH SSL_load_client_CA_file 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_load_client_CA_file \- load certificate names from file
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_load_client_CA_file 3"
+! .TH SSL_load_client_CA_file 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_load_client_CA_file \- load certificate names from file
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_new.3 ../RELENG_4/secure/lib/libssl/man/SSL_new.3
+*** secure/lib/libssl/man/SSL_new.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_new.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_new 3"
+! .TH SSL_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_new \- create a new \s-1SSL\s0 structure for a connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_new 3"
+! .TH SSL_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_new \- create a new \s-1SSL\s0 structure for a connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_pending.3 ../RELENG_4/secure/lib/libssl/man/SSL_pending.3
+*** secure/lib/libssl/man/SSL_pending.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_pending.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_pending 3"
+! .TH SSL_pending 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_pending 3"
+! .TH SSL_pending 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_read.3 ../RELENG_4/secure/lib/libssl/man/SSL_read.3
+*** secure/lib/libssl/man/SSL_read.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_read.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_read 3"
+! .TH SSL_read 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_read 3"
+! .TH SSL_read 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_rstate_string.3 ../RELENG_4/secure/lib/libssl/man/SSL_rstate_string.3
+*** secure/lib/libssl/man/SSL_rstate_string.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_rstate_string.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_rstate_string 3"
+! .TH SSL_rstate_string 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_rstate_string 3"
+! .TH SSL_rstate_string 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_session_reused.3 ../RELENG_4/secure/lib/libssl/man/SSL_session_reused.3
+*** secure/lib/libssl/man/SSL_session_reused.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_session_reused.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_session_reused 3"
+! .TH SSL_session_reused 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_session_reused \- query whether a reused session was negotiated during handshake
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_session_reused 3"
+! .TH SSL_session_reused 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_session_reused \- query whether a reused session was negotiated during handshake
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_bio.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_bio.3
+*** secure/lib/libssl/man/SSL_set_bio.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_bio.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_bio 3"
+! .TH SSL_set_bio 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_bio 3"
+! .TH SSL_set_bio 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_connect_state.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_connect_state.3
+*** secure/lib/libssl/man/SSL_set_connect_state.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_connect_state.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_connect_state 3"
+! .TH SSL_set_connect_state 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_connect_state 3"
+! .TH SSL_set_connect_state 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_fd.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_fd.3
+*** secure/lib/libssl/man/SSL_set_fd.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_fd.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_fd 3"
+! .TH SSL_set_fd 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_fd 3"
+! .TH SSL_set_fd 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_session.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_session.3
+*** secure/lib/libssl/man/SSL_set_session.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_session.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_session 3"
+! .TH SSL_set_session 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_session 3"
+! .TH SSL_set_session 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_shutdown.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_shutdown.3
+*** secure/lib/libssl/man/SSL_set_shutdown.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_shutdown.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_shutdown 3"
+! .TH SSL_set_shutdown 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_shutdown 3"
+! .TH SSL_set_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_verify_result.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_verify_result.3
+*** secure/lib/libssl/man/SSL_set_verify_result.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_verify_result.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_verify_result 3"
+! .TH SSL_set_verify_result 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_verify_result \- override result of peer certificate verification
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_verify_result 3"
+! .TH SSL_set_verify_result 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_verify_result \- override result of peer certificate verification
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_shutdown.3 ../RELENG_4/secure/lib/libssl/man/SSL_shutdown.3
+*** secure/lib/libssl/man/SSL_shutdown.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_shutdown.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_shutdown 3"
+! .TH SSL_shutdown 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_shutdown 3"
+! .TH SSL_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_state_string.3 ../RELENG_4/secure/lib/libssl/man/SSL_state_string.3
+*** secure/lib/libssl/man/SSL_state_string.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_state_string.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_state_string 3"
+! .TH SSL_state_string 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_state_string 3"
+! .TH SSL_state_string 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_want.3 ../RELENG_4/secure/lib/libssl/man/SSL_want.3
+*** secure/lib/libssl/man/SSL_want.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_want.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_want 3"
+! .TH SSL_want 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_want 3"
+! .TH SSL_want 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_write.3 ../RELENG_4/secure/lib/libssl/man/SSL_write.3
+*** secure/lib/libssl/man/SSL_write.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_write.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_write 3"
+! .TH SSL_write 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_write 3"
+! .TH SSL_write 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/d2i_SSL_SESSION.3 ../RELENG_4/secure/lib/libssl/man/d2i_SSL_SESSION.3
+*** secure/lib/libssl/man/d2i_SSL_SESSION.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/d2i_SSL_SESSION.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_SSL_SESSION 3"
+! .TH d2i_SSL_SESSION 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_SSL_SESSION 3"
+! .TH d2i_SSL_SESSION 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/ssl.3 ../RELENG_4/secure/lib/libssl/man/ssl.3
+*** secure/lib/libssl/man/ssl.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/ssl.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ssl 3"
+! .TH ssl 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ssl 3"
+! .TH ssl 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/CA.pl.1 ../RELENG_4/secure/usr.bin/openssl/man/CA.pl.1
+*** secure/usr.bin/openssl/man/CA.pl.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/CA.pl.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CA.PL 1"
+! .TH CA.PL 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CA.PL 1"
+! .TH CA.PL 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/asn1parse.1 ../RELENG_4/secure/usr.bin/openssl/man/asn1parse.1
+*** secure/usr.bin/openssl/man/asn1parse.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/asn1parse.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1PARSE 1"
+! .TH ASN1PARSE 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  asn1parse \- \s-1ASN\s0.1 parsing tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1PARSE 1"
+! .TH ASN1PARSE 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  asn1parse \- \s-1ASN\s0.1 parsing tool
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/ca.1 ../RELENG_4/secure/usr.bin/openssl/man/ca.1
+*** secure/usr.bin/openssl/man/ca.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/ca.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CA 1"
+! .TH CA 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ca \- sample minimal \s-1CA\s0 application
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CA 1"
+! .TH CA 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ca \- sample minimal \s-1CA\s0 application
+***************
+*** 180,185 ****
+--- 180,186 ----
+  [\fB\-msie_hack\fR]
+  [\fB\-extensions section\fR]
+  [\fB\-extfile section\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBca\fR command is a minimal \s-1CA\s0 application. It can be used
+***************
+*** 303,308 ****
+--- 304,315 ----
+  an additional configuration file to read certificate extensions from
+  (using the default section unless the \fB\-extensions\fR option is also
+  used).
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "CRL OPTIONS"
+  .IX Header "CRL OPTIONS"
+  .Ip "\fB\-gencrl\fR" 4
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/ciphers.1 ../RELENG_4/secure/usr.bin/openssl/man/ciphers.1
+*** secure/usr.bin/openssl/man/ciphers.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/ciphers.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CIPHERS 1"
+! .TH CIPHERS 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ciphers \- \s-1SSL\s0 cipher display and cipher list tool.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CIPHERS 1"
+! .TH CIPHERS 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ciphers \- \s-1SSL\s0 cipher display and cipher list tool.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/crl.1 ../RELENG_4/secure/usr.bin/openssl/man/crl.1
+*** secure/usr.bin/openssl/man/crl.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/crl.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL 1"
+! .TH CRL 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl \- \s-1CRL\s0 utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL 1"
+! .TH CRL 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl \- \s-1CRL\s0 utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/crl2pkcs7.1 ../RELENG_4/secure/usr.bin/openssl/man/crl2pkcs7.1
+*** secure/usr.bin/openssl/man/crl2pkcs7.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/crl2pkcs7.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL2PKCS7 1"
+! .TH CRL2PKCS7 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL2PKCS7 1"
+! .TH CRL2PKCS7 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/dgst.1 ../RELENG_4/secure/usr.bin/openssl/man/dgst.1
+*** secure/usr.bin/openssl/man/dgst.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/dgst.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DGST 1"
+! .TH DGST 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DGST 1"
+! .TH DGST 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/dhparam.1 ../RELENG_4/secure/usr.bin/openssl/man/dhparam.1
+*** secure/usr.bin/openssl/man/dhparam.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/dhparam.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DHPARAM 1"
+! .TH DHPARAM 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dhparam \- \s-1DH\s0 parameter manipulation and generation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DHPARAM 1"
+! .TH DHPARAM 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dhparam \- \s-1DH\s0 parameter manipulation and generation
+***************
+*** 156,161 ****
+--- 156,162 ----
+  [\fB\-2\fR]
+  [\fB\-5\fR]
+  [\fB\-rand\fR \fI\fIfile\fI\|(s)\fR]
++ [\fB\-engine id\fR]
+  [\fInumbits\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+***************
+*** 219,224 ****
+--- 220,231 ----
+  .IX Item "-C"
+  this option converts the parameters into C code. The parameters can then
+  be loaded by calling the \fBget_dh\fR\fInumbits\fR\fB()\fR function.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "WARNINGS"
+  .IX Header "WARNINGS"
+  The program \fBdhparam\fR combines the functionality of the programs \fBdh\fR and
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/dsa.1 ../RELENG_4/secure/usr.bin/openssl/man/dsa.1
+*** secure/usr.bin/openssl/man/dsa.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/dsa.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA 1"
+! .TH DSA 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- \s-1DSA\s0 key processing
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA 1"
+! .TH DSA 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- \s-1DSA\s0 key processing
+***************
+*** 159,164 ****
+--- 159,165 ----
+  [\fB\-modulus\fR]
+  [\fB\-pubin\fR]
+  [\fB\-pubout\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBdsa\fR command processes \s-1DSA\s0 keys. They can be converted between various
+***************
+*** 228,233 ****
+--- 229,240 ----
+  by default a private key is output. With this option a public
+  key will be output instead. This option is automatically set if the input is
+  a public key.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "NOTES"
+  .IX Header "NOTES"
+  The \s-1PEM\s0 private key format uses the header and footer lines:
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/dsaparam.1 ../RELENG_4/secure/usr.bin/openssl/man/dsaparam.1
+*** secure/usr.bin/openssl/man/dsaparam.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/dsaparam.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSAPARAM 1"
+! .TH DSAPARAM 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsaparam \- \s-1DSA\s0 parameter manipulation and generation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSAPARAM 1"
+! .TH DSAPARAM 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsaparam \- \s-1DSA\s0 parameter manipulation and generation
+***************
+*** 154,159 ****
+--- 154,160 ----
+  [\fB\-C\fR]
+  [\fB\-rand \f(BIfile\fB\|(s)\fR]
+  [\fB\-genkey\fR]
++ [\fB\-engine id\fR]
+  [\fBnumbits\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+***************
+*** 206,211 ****
+--- 207,218 ----
+  this option specifies that a parameter set should be generated of size
+  \&\fBnumbits\fR. It must be the last option. If this option is included then
+  the input file (if any) is ignored.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "NOTES"
+  .IX Header "NOTES"
+  \&\s-1PEM\s0 format \s-1DSA\s0 parameters use the header and footer lines:
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/enc.1 ../RELENG_4/secure/usr.bin/openssl/man/enc.1
+*** secure/usr.bin/openssl/man/enc.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/enc.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ENC 1"
+! .TH ENC 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  enc \- symmetric cipher routines
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ENC 1"
+! .TH ENC 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  enc \- symmetric cipher routines
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/gendsa.1 ../RELENG_4/secure/usr.bin/openssl/man/gendsa.1
+*** secure/usr.bin/openssl/man/gendsa.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/gendsa.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "GENDSA 1"
+! .TH GENDSA 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  gendsa \- generate a \s-1DSA\s0 private key from a set of parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "GENDSA 1"
+! .TH GENDSA 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  gendsa \- generate a \s-1DSA\s0 private key from a set of parameters
+***************
+*** 150,155 ****
+--- 150,156 ----
+  [\fB\-des3\fR]
+  [\fB\-idea\fR]
+  [\fB\-rand \f(BIfile\fB\|(s)\fR]
++ [\fB\-engine id\fR]
+  [\fBparamfile\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+***************
+*** 169,174 ****
+--- 170,181 ----
+  Multiple files can be specified separated by a OS-dependent character.
+  The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+  all others.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .Ip "\fBparamfile\fR" 4
+  .IX Item "paramfile"
+  This option specifies the \s-1DSA\s0 parameter file to use. The parameters in this
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/genrsa.1 ../RELENG_4/secure/usr.bin/openssl/man/genrsa.1
+*** secure/usr.bin/openssl/man/genrsa.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/genrsa.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "GENRSA 1"
+! .TH GENRSA 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  genrsa \- generate an \s-1RSA\s0 private key
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "GENRSA 1"
+! .TH GENRSA 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  genrsa \- generate an \s-1RSA\s0 private key
+***************
+*** 153,158 ****
+--- 153,159 ----
+  [\fB\-f4\fR]
+  [\fB\-3\fR]
+  [\fB\-rand \f(BIfile\fB\|(s)\fR]
++ [\fB\-engine id\fR]
+  [\fBnumbits\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+***************
+*** 183,188 ****
+--- 184,195 ----
+  Multiple files can be specified separated by a OS-dependent character.
+  The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+  all others.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .Ip "\fBnumbits\fR" 4
+  .IX Item "numbits"
+  the size of the private key to generate in bits. This must be the last option
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/nseq.1 ../RELENG_4/secure/usr.bin/openssl/man/nseq.1
+*** secure/usr.bin/openssl/man/nseq.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/nseq.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "NSEQ 1"
+! .TH NSEQ 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  nseq \- create or examine a netscape certificate sequence
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "NSEQ 1"
+! .TH NSEQ 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  nseq \- create or examine a netscape certificate sequence
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/ocsp.1 ../RELENG_4/secure/usr.bin/openssl/man/ocsp.1
+*** secure/usr.bin/openssl/man/ocsp.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/ocsp.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OCSP 1"
+! .TH OCSP 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ocsp \- Online Certificate Status Protocol utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OCSP 1"
+! .TH OCSP 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ocsp \- Online Certificate Status Protocol utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/openssl.1 ../RELENG_4/secure/usr.bin/openssl/man/openssl.1
+*** secure/usr.bin/openssl/man/openssl.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/openssl.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL 1"
+! .TH OPENSSL 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  openssl \- OpenSSL command line tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL 1"
+! .TH OPENSSL 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  openssl \- OpenSSL command line tool
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/passwd.1 ../RELENG_4/secure/usr.bin/openssl/man/passwd.1
+*** secure/usr.bin/openssl/man/passwd.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/passwd.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PASSWD 1"
+! .TH PASSWD 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  passwd \- compute password hashes
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PASSWD 1"
+! .TH PASSWD 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  passwd \- compute password hashes
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/pkcs12.1 ../RELENG_4/secure/usr.bin/openssl/man/pkcs12.1
+*** secure/usr.bin/openssl/man/pkcs12.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/pkcs12.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12 1"
+! .TH PKCS12 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs12 \- PKCS#12 file utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12 1"
+! .TH PKCS12 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs12 \- PKCS#12 file utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/pkcs7.1 ../RELENG_4/secure/usr.bin/openssl/man/pkcs7.1
+*** secure/usr.bin/openssl/man/pkcs7.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/pkcs7.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7 1"
+! .TH PKCS7 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs7 \- PKCS#7 utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7 1"
+! .TH PKCS7 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs7 \- PKCS#7 utility
+***************
+*** 152,157 ****
+--- 152,158 ----
+  [\fB\-print_certs\fR]
+  [\fB\-text\fR]
+  [\fB\-noout\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBpkcs7\fR command processes PKCS#7 files in \s-1DER\s0 or \s-1PEM\s0 format.
+***************
+*** 186,191 ****
+--- 187,198 ----
+  .IX Item "-noout"
+  don't output the encoded version of the PKCS#7 structure (or certificates
+  is \fB\-print_certs\fR is set).
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "EXAMPLES"
+  .IX Header "EXAMPLES"
+  Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/pkcs8.1 ../RELENG_4/secure/usr.bin/openssl/man/pkcs8.1
+*** secure/usr.bin/openssl/man/pkcs8.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/pkcs8.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS8 1"
+! .TH PKCS8 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs8 \- PKCS#8 format private key conversion tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS8 1"
+! .TH PKCS8 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs8 \- PKCS#8 format private key conversion tool
+***************
+*** 159,164 ****
+--- 159,165 ----
+  [\fB\-nsdb\fR]
+  [\fB\-v2 alg\fR]
+  [\fB\-v1 alg\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle
+***************
+*** 243,248 ****
+--- 244,255 ----
+  .IX Item "-v1 alg"
+  This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
+  list of possible algorithms is included below.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "NOTES"
+  .IX Header "NOTES"
+  The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/rand.1 ../RELENG_4/secure/usr.bin/openssl/man/rand.1
+*** secure/usr.bin/openssl/man/rand.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/rand.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND 1"
+! .TH RAND 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- generate pseudo-random bytes
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND 1"
+! .TH RAND 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- generate pseudo-random bytes
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/req.1 ../RELENG_4/secure/usr.bin/openssl/man/req.1
+*** secure/usr.bin/openssl/man/req.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/req.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "REQ 1"
+! .TH REQ 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  req \- PKCS#10 certificate request and certificate generating utility.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "REQ 1"
+! .TH REQ 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  req \- PKCS#10 certificate request and certificate generating utility.
+***************
+*** 178,183 ****
+--- 178,184 ----
+  [\fB\-nameopt\fR]
+  [\fB\-batch\fR]
+  [\fB\-verbose\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBreq\fR command primarily creates and processes certificate requests
+***************
+*** 348,353 ****
+--- 349,360 ----
+  .Ip "\fB\-verbose\fR" 4
+  .IX Item "-verbose"
+  print extra details about the operations being performed.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "CONFIGURATION FILE FORMAT"
+  .IX Header "CONFIGURATION FILE FORMAT"
+  The configuration options are specified in the \fBreq\fR section of
+***************
+*** 490,496 ****
+  The actual permitted field names are any object identifier short or
+  long names. These are compiled into OpenSSL and include the usual
+  values such as commonName, countryName, localityName, organizationName,
+! organizationUnitName, stateOrPrivinceName. Additionally emailAddress
+  is include as well as name, surname, givenName initials and dnQualifier.
+  .PP
+  Additional object identifiers can be defined with the \fBoid_file\fR or
+--- 497,503 ----
+  The actual permitted field names are any object identifier short or
+  long names. These are compiled into OpenSSL and include the usual
+  values such as commonName, countryName, localityName, organizationName,
+! organizationUnitName, stateOrProvinceName. Additionally emailAddress
+  is include as well as name, surname, givenName initials and dnQualifier.
+  .PP
+  Additional object identifiers can be defined with the \fBoid_file\fR or
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/rsa.1 ../RELENG_4/secure/usr.bin/openssl/man/rsa.1
+*** secure/usr.bin/openssl/man/rsa.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/rsa.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:36 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA 1"
+! .TH RSA 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 key processing tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA 1"
+! .TH RSA 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 key processing tool
+***************
+*** 161,166 ****
+--- 161,167 ----
+  [\fB\-check\fR]
+  [\fB\-pubin\fR]
+  [\fB\-pubout\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBrsa\fR command processes \s-1RSA\s0 keys. They can be converted between various
+***************
+*** 236,241 ****
+--- 237,248 ----
+  by default a private key is output: with this option a public
+  key will be output instead. This option is automatically set if
+  the input is a public key.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "NOTES"
+  .IX Header "NOTES"
+  The \s-1PEM\s0 private key format uses the header and footer lines:
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/rsautl.1 ../RELENG_4/secure/usr.bin/openssl/man/rsautl.1
+*** secure/usr.bin/openssl/man/rsautl.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/rsautl.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:36 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSAUTL 1"
+! .TH RSAUTL 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsautl \- \s-1RSA\s0 utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSAUTL 1"
+! .TH RSAUTL 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsautl \- \s-1RSA\s0 utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/s_client.1 ../RELENG_4/secure/usr.bin/openssl/man/s_client.1
+*** secure/usr.bin/openssl/man/s_client.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/s_client.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:36 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "S_CLIENT 1"
+! .TH S_CLIENT 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_client \- \s-1SSL/TLS\s0 client program
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "S_CLIENT 1"
+! .TH S_CLIENT 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_client \- \s-1SSL/TLS\s0 client program
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/s_server.1 ../RELENG_4/secure/usr.bin/openssl/man/s_server.1
+*** secure/usr.bin/openssl/man/s_server.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/s_server.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "S_SERVER 1"
+! .TH S_SERVER 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_server \- \s-1SSL/TLS\s0 server program
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "S_SERVER 1"
+! .TH S_SERVER 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_server \- \s-1SSL/TLS\s0 server program
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/sess_id.1 ../RELENG_4/secure/usr.bin/openssl/man/sess_id.1
+*** secure/usr.bin/openssl/man/sess_id.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/sess_id.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SESS_ID 1"
+! .TH SESS_ID 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  sess_id \- \s-1SSL/TLS\s0 session handling utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SESS_ID 1"
+! .TH SESS_ID 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  sess_id \- \s-1SSL/TLS\s0 session handling utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/smime.1 ../RELENG_4/secure/usr.bin/openssl/man/smime.1
+*** secure/usr.bin/openssl/man/smime.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/smime.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME 1"
+! .TH SMIME 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  smime \- S/MIME utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME 1"
+! .TH SMIME 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  smime \- S/MIME utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/speed.1 ../RELENG_4/secure/usr.bin/openssl/man/speed.1
+*** secure/usr.bin/openssl/man/speed.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/speed.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SPEED 1"
+! .TH SPEED 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  speed \- test library performance
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SPEED 1"
+! .TH SPEED 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  speed \- test library performance
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/spkac.1 ../RELENG_4/secure/usr.bin/openssl/man/spkac.1
+*** secure/usr.bin/openssl/man/spkac.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/spkac.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SPKAC 1"
+! .TH SPKAC 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  spkac \- \s-1SPKAC\s0 printing and generating utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SPKAC 1"
+! .TH SPKAC 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  spkac \- \s-1SPKAC\s0 printing and generating utility
+***************
+*** 155,160 ****
+--- 155,161 ----
+  [\fB\-spksect section\fR]
+  [\fB\-noout\fR]
+  [\fB\-verify\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBspkac\fR command processes Netscape signed public key and challenge
+***************
+*** 202,207 ****
+--- 203,214 ----
+  .Ip "\fB\-verify\fR" 4
+  .IX Item "-verify"
+  verifies the digital signature on the supplied \s-1SPKAC\s0.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "EXAMPLES"
+  .IX Header "EXAMPLES"
+  Print out the contents of an \s-1SPKAC:\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/verify.1 ../RELENG_4/secure/usr.bin/openssl/man/verify.1
+*** secure/usr.bin/openssl/man/verify.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/verify.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "VERIFY 1"
+! .TH VERIFY 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  verify \- Utility to verify certificates.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "VERIFY 1"
+! .TH VERIFY 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  verify \- Utility to verify certificates.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/version.1 ../RELENG_4/secure/usr.bin/openssl/man/version.1
+*** secure/usr.bin/openssl/man/version.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/version.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "VERSION 1"
+! .TH VERSION 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  version \- print OpenSSL version information
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "VERSION 1"
+! .TH VERSION 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  version \- print OpenSSL version information
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/x509.1 ../RELENG_4/secure/usr.bin/openssl/man/x509.1
+*** secure/usr.bin/openssl/man/x509.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/x509.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509 1"
+! .TH X509 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  x509 \- Certificate display and signing utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509 1"
+! .TH X509 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  x509 \- Certificate display and signing utility
+***************
+*** 187,192 ****
+--- 187,193 ----
+  [\fB\-clrext\fR]
+  [\fB\-extfile filename\fR]
+  [\fB\-extensions section\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBx509\fR command is a multi purpose certificate utility. It can be
+***************
+*** 226,231 ****
+--- 227,238 ----
+  digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. If not
+  specified then \s-1MD5\s0 is used. If the key being used to sign with is a \s-1DSA\s0 key then
+  this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .Sh "\s-1DISPLAY\s0 \s-1OPTIONS\s0"
+  .IX Subsection "DISPLAY OPTIONS"
+  Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options
+***************
+*** 673,680 ****
+  \&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
+  .PP
+  .Vb 2
+! \& openssl x509 -in cert.pem -addtrust sslclient \e
+! \&        -alias "Steve's Class 1 CA" -out trust.pem
+  .Ve
+  .SH "NOTES"
+  .IX Header "NOTES"
+--- 680,687 ----
+  \&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
+  .PP
+  .Vb 2
+! \& openssl x509 -in cert.pem -addtrust clientAuth \e
+! \&        -setalias "Steve's Class 1 CA" -out trust.pem
+  .Ve
+  .SH "NOTES"
+  .IX Header "NOTES"
diff --git a/share/security/patches/SA-03:02/openssl4b.patch.gz b/share/security/patches/SA-03:02/openssl4b.patch.gz
new file mode 100644
index 0000000000..059fc7ce4a
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl4b.patch.gz
diff --git a/share/security/patches/SA-03:02/openssl4b.patch.gz.asc b/share/security/patches/SA-03:02/openssl4b.patch.gz.asc
new file mode 100644
index 0000000000..b1fbc41633
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl4b.patch.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+YBHBFdaIBMps37IRAkhAAJ95lVPgegbfUYqKaCc7Wk5iTJmDcgCdFaab
+OKEoF/dfJKYCE7Hqsp6hTKw=
+=Lxja
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl4s.patch b/share/security/patches/SA-03:02/openssl4s.patch
new file mode 100644
index 0000000000..f6f8a3e042
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl4s.patch
@@ -0,0 +1,18727 @@
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/CHANGES ../RELENG_4/crypto/openssl/CHANGES
+*** crypto/openssl/CHANGES	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/CHANGES	Mon Feb 24 21:14:49 2003
+***************
+*** 2,7 ****
+--- 2,88 ----
+   OpenSSL CHANGES
+   _______________
+  
++  Changes between 0.9.7 and 0.9.7a  [19 Feb 2003]
++ 
++   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
++      via timing by performing a MAC computation even if incorrrect
++      block cipher padding has been found.  This is a countermeasure
++      against active attacks where the attacker has to distinguish
++      between bad padding and a MAC verification error. (CAN-2003-0078)
++ 
++      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
++      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
++      Martin Vuagnoux (EPFL, Ilion)]
++ 
++   *) Make the no-err option work as intended.  The intention with no-err
++      is not to have the whole error stack handling routines removed from
++      libcrypto, it's only intended to remove all the function name and
++      reason texts, thereby removing some of the footprint that may not
++      be interesting if those errors aren't displayed anyway.
++ 
++      NOTE: it's still possible for any application or module to have it's
++      own set of error texts inserted.  The routines are there, just not
++      used by default when no-err is given.
++      [Richard Levitte]
++ 
++   *) Add support for FreeBSD on IA64.
++      [dirk.meyer@dinoex.sub.org via Richard Levitte, resolves #454]
++ 
++   *) Adjust DES_cbc_cksum() so it returns the same value as the MIT
++      Kerberos function mit_des_cbc_cksum().  Before this change,
++      the value returned by DES_cbc_cksum() was like the one from
++      mit_des_cbc_cksum(), except the bytes were swapped.
++      [Kevin Greaney <Kevin.Greaney@hp.com> and Richard Levitte]
++ 
++   *) Allow an application to disable the automatic SSL chain building.
++      Before this a rather primitive chain build was always performed in
++      ssl3_output_cert_chain(): an application had no way to send the 
++      correct chain if the automatic operation produced an incorrect result.
++ 
++      Now the chain builder is disabled if either:
++ 
++      1. Extra certificates are added via SSL_CTX_add_extra_chain_cert().
++ 
++      2. The mode flag SSL_MODE_NO_AUTO_CHAIN is set.
++ 
++      The reasoning behind this is that an application would not want the
++      auto chain building to take place if extra chain certificates are
++      present and it might also want a means of sending no additional
++      certificates (for example the chain has two certificates and the
++      root is omitted).
++      [Steve Henson]
++ 
++   *) Add the possibility to build without the ENGINE framework.
++      [Steven Reddie <smr@essemer.com.au> via Richard Levitte]
++ 
++   *) Under Win32 gmtime() can return NULL: check return value in
++      OPENSSL_gmtime(). Add error code for case where gmtime() fails.
++      [Steve Henson]
++ 
++   *) DSA routines: under certain error conditions uninitialized BN objects
++      could be freed. Solution: make sure initialization is performed early
++      enough. (Reported and fix supplied by Ivan D Nestlerode <nestler@MIT.EDU>,
++      Nils Larsch <nla@trustcenter.de> via PR#459)
++      [Lutz Jaenicke]
++ 
++   *) Another fix for SSLv2 session ID handling: the session ID was incorrectly
++      checked on reconnect on the client side, therefore session resumption
++      could still fail with a "ssl session id is different" error. This
++      behaviour is masked when SSL_OP_ALL is used due to
++      SSL_OP_MICROSOFT_SESS_ID_BUG being set.
++      Behaviour observed by Crispin Flowerday <crispin@flowerday.cx> as
++      followup to PR #377.
++      [Lutz Jaenicke]
++ 
++   *) IA-32 assembler support enhancements: unified ELF targets, support
++      for SCO/Caldera platforms, fix for Cygwin shared build.
++      [Andy Polyakov]
++ 
++   *) Add support for FreeBSD on sparc64.  As a consequence, support for
++      FreeBSD on non-x86 processors is separate from x86 processors on
++      the config script, much like the NetBSD support.
++      [Richard Levitte & Kris Kennaway <kris@obsecurity.org>]
++ 
+   Changes between 0.9.6h and 0.9.7  [31 Dec 2002]
+  
+    *) Fix session ID handling in SSLv2 client code: the SERVER FINISHED
+***************
+*** 177,183 ****
+  	# is assumed to contain the absolute OpenSSL source directory.
+  	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+  	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+! 	(cd $OPENSSL_SOURCE; find . -type f -o -type l) | while read F; do
+  		mkdir -p `dirname $F`
+  		ln -s $OPENSSL_SOURCE/$F $F
+  	done
+--- 258,264 ----
+  	# is assumed to contain the absolute OpenSSL source directory.
+  	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
+  	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
+! 	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
+  		mkdir -p `dirname $F`
+  		ln -s $OPENSSL_SOURCE/$F $F
+  	done
+***************
+*** 1677,1682 ****
+--- 1758,1768 ----
+       be reduced modulo  m.
+       [Lenka Fibikova <fibikova@exp-math.uni-essen.de>, Bodo Moeller]
+  
++ #if 0
++      The following entry accidentily appeared in the CHANGES file
++      distributed with OpenSSL 0.9.7.  The modifications described in
++      it do *not* apply to OpenSSL 0.9.7.
++ 
+    *) Remove a few calls to bn_wexpand() in BN_sqr() (the one in there
+       was actually never needed) and in BN_mul().  The removal in BN_mul()
+       required a small change in bn_mul_part_recursive() and the addition
+***************
+*** 1685,1690 ****
+--- 1771,1777 ----
+       bn_sub_words() and bn_add_words() except they take arrays with
+       differing sizes.
+       [Richard Levitte]
++ #endif
+  
+    *) In 'openssl passwd', verify passwords read from the terminal
+       unless the '-salt' option is used (which usually means that
+***************
+*** 1815,1820 ****
+--- 1902,1919 ----
+  
+    *) Clean old EAY MD5 hack from e_os.h.
+       [Richard Levitte]
++ 
++  Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
++ 
++   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
++      via timing by performing a MAC computation even if incorrrect
++      block cipher padding has been found.  This is a countermeasure
++      against active attacks where the attacker has to distinguish
++      between bad padding and a MAC verification error. (CAN-2003-0078)
++ 
++      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
++      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
++      Martin Vuagnoux (EPFL, Ilion)]
+  
+   Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Configure ../RELENG_4/crypto/openssl/Configure
+*** crypto/openssl/Configure	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/Configure	Mon Feb 24 21:14:49 2003
+***************
+*** 10,16 ****
+  
+  # see INSTALL for instructions.
+  
+! my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+  
+  # Options:
+  #
+--- 10,16 ----
+  
+  # see INSTALL for instructions.
+  
+! my $usage="Usage: Configure [no-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-engine] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+  
+  # Options:
+  #
+***************
+*** 38,43 ****
+--- 38,44 ----
+  # --test-sanity Make a number of sanity checks on the data in this file.
+  #               This is a debugging tool for OpenSSL developers.
+  #
++ # no-engine     do not compile in any engine code.
+  # no-hw-xxx     do not compile support for specific crypto hardware.
+  #               Generic OpenSSL-style methods relating to this support
+  #               are always compiled but return NULL if the hardware
+***************
+*** 107,113 ****
+  my $bits1="THIRTY_TWO_BIT ";
+  my $bits2="SIXTY_FOUR_BIT ";
+  
+- my $x86_sol_asm="asm/bn86-sol.o asm/co86-sol.o:asm/dx86-sol.o asm/yx86-sol.o:asm/bx86-sol.o:asm/mx86-sol.o:asm/sx86-sol.o:asm/cx86-sol.o:asm/rx86-sol.o:asm/rm86-sol.o:asm/r586-sol.o";
+  my $x86_elf_asm="asm/bn86-elf.o asm/co86-elf.o:asm/dx86-elf.o asm/yx86-elf.o:asm/bx86-elf.o:asm/mx86-elf.o:asm/sx86-elf.o:asm/cx86-elf.o:asm/rx86-elf.o:asm/rm86-elf.o:asm/r586-elf.o";
+  my $x86_out_asm="asm/bn86-out.o asm/co86-out.o:asm/dx86-out.o asm/yx86-out.o:asm/bx86-out.o:asm/mx86-out.o:asm/sx86-out.o:asm/cx86-out.o:asm/rx86-out.o:asm/rm86-out.o:asm/r586-out.o";
+  my $x86_bsdi_asm="asm/bn86bsdi.o asm/co86bsdi.o:asm/dx86bsdi.o asm/yx86bsdi.o:asm/bx86bsdi.o:asm/mx86bsdi.o:asm/sx86bsdi.o:asm/cx86bsdi.o:asm/rx86bsdi.o:asm/rm86bsdi.o:asm/r586bsdi.o";
+--- 108,113 ----
+***************
+*** 161,167 ****
+  # surrounds it with #APP #NO_APP comment pair which (at least Solaris
+  # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+  # error message.
+! "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_sol_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### Solaris x86 with Sun C setups
+  "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+--- 161,167 ----
+  # surrounds it with #APP #NO_APP comment pair which (at least Solaris
+  # 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+  # error message.
+! "solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -m486 -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  #### Solaris x86 with Sun C setups
+  "solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR::::::::::dlfcn:solaris-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+***************
+*** 262,283 ****
+  "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # IA-64 targets
+! # I have no idea if this one actually works, feedback needed. <appro>
+! "hpux-ia64-cc","cc:-Ae +DD32 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
+  # with debugging of the following config.
+! "hpux64-ia64-cc","cc:-Ae +DD64 +O3 +ESlit -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # More attempts at unified 10.X and 11.X targets for HP C compiler.
+  #
+  # Chris Ruemmler <ruemmler@cup.hp.com>
+  # Kevin Steves <ks@hp.se>
+! "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # Isn't the line below meaningless? HP-UX cc optimizes for host by default.
+  # hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
+! "hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed +Olibcalls -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # HPUX 9.X config.
+  # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
+--- 262,282 ----
+  "hpux64-parisc-gcc","gcc:-DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dlfcn:hpux64-shared:-fpic::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # IA-64 targets
+! "hpux-ia64-cc","cc:-Ae +DD32 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
+  # with debugging of the following config.
+! "hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/ia64-cpp.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # More attempts at unified 10.X and 11.X targets for HP C compiler.
+  #
+  # Chris Ruemmler <ruemmler@cup.hp.com>
+  # Kevin Steves <ks@hp.se>
+! "hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2.o:::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:asm/pa-risc2W.o:::::::::dlfcn:hpux64-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  # Isn't the line below meaningless? HP-UX cc optimizes for host by default.
+  # hpux-parisc1_0-cc with +DAportable flag would make more sense. <appro>
+! "hpux-parisc1_1-cc","cc:+DA1.1 +DS1.1 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::::::::::dl:hpux-shared:+Z::.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # HPUX 9.X config.
+  # Don't use the bundled cc.  It is broken.  Use HP ANSI C if possible, or
+***************
+*** 384,391 ****
+  "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+  "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+! "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+! "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::(unknown):::BN_LLONG:::",
+  "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
+  "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+--- 383,390 ----
+  "debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -m486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+  "linux-aout",	"gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+! "linux-mipsel",   "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "linux-mips",   "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL DES_RISC2::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-ppc",    "gcc:-DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "linux-m68k",   "gcc:-DB_ENDIAN -DTERMIO -O2 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::",
+  "linux-s390",	"gcc:-DB_ENDIAN -DTERMIO -DNO_ASM -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+***************
+*** 396,401 ****
+--- 395,402 ----
+  "NetBSD-m68",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX DES_UNROLL::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "NetBSD-x86",	"gcc:-DTERMIOS -O3 -fomit-frame-pointer -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "FreeBSD-elf",  "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++ "FreeBSD-sparc64","gcc:-DB_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer::-pthread -D_REENTRANT -D_THREAD_SAFE -D_THREADSAFE:::SIXTY_FOUR_BIT_LONG DES_INT DES_PTR DES_RISC2 BF_PTR::::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
++ "FreeBSD-ia64","gcc:-DL_ENDIAN -DTERMIOS -O -fomit-frame-pointer::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK RC4_CHAR:asm/ia64-cpp.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "FreeBSD",      "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+  "bsdi-gcc",     "gcc:-O3 -ffast-math -DL_ENDIAN -DPERL5 -m486::(unknown):::RSA_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_bsdi_asm}",
+  "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+***************
+*** 403,409 ****
+  "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+  
+  # NCR MP-RAS UNIX ver 02.03.01
+! "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:::",
+  
+  # QNX 4
+  "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
+--- 404,410 ----
+  "nextstep3.3",	"cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+  
+  # NCR MP-RAS UNIX ver 02.03.01
+! "ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
+  
+  # QNX 4
+  "qnx4",	"cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
+***************
+*** 414,446 ****
+  # Linux on ARM
+  "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # UnixWare 2.0x fails destest with -O
+  "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+- "unixware-2.0-pentium","cc:-DFILIO_H -DNO_STRINGS_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+- 
+- # UnixWare 2.1
+  "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+! "unixware-2.1-pentium","cc:-O -DFILIO_H -Kpentium::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+! "unixware-2.1-p6","cc:-O -DFILIO_H -Kp6::-Kthread::-lsocket -lnsl -lresolv -lx:MD2_CHAR RC4_INDEX ${x86_gcc_des}::",
+  
+- # UnixWare 7
+- "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "unixware-7-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "unixware-7-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- 
+- # OpenUNIX 8
+- "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "OpenUNIX-8-pentium","cc:-O -DFILIO_H -Kalloca -Kpentium::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+- "OpenUNIX-8-pentium_pro","cc:-O -DFILIO_H -Kalloca -Kpentium_pro::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}::::::::::dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  # IBM's AIX.
+  "aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+! "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+  "aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn::::::-X 64",
+  
+  #
+  # Cray T90 and similar (SDSC)
+--- 415,450 ----
+  # Linux on ARM
+  "linux-elf-arm","gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:::BN_LLONG::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
++ # SCO/Caldera targets.
++ #
++ # Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
++ # Now we only have blended unixware-* as it's the only one used by ./config.
++ # If you want to optimize for particular microarchitecture, bypass ./config
++ # and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
++ # Note that not all targets include assembler support. Mostly because of
++ # lack of motivation to support out-of-date platforms with out-of-date
++ # compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
++ # patiently assisted to debug most of it.
++ #
+  # UnixWare 2.0x fails destest with -O
+  "unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+  "unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+! "unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -m486 -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "OpenUNIX-8","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "OpenUNIX-8-gcc","gcc:-O -DFILIO_H -fomit-frame-pointer::-pthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+! # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
+! "sco5-cc",  "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+! "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  
+  
+  # IBM's AIX.
+  "aix-cc",   "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DB_ENDIAN::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+! "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::",
+  "aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix64-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384 -q64::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHAR::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+  
+  #
+  # Cray T90 and similar (SDSC)
+***************
+*** 473,487 ****
+  "dgux-R4-gcc",	"gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+  "dgux-R4-x86-gcc",	"gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  
+- # SCO 3 - Tim Rice <tim@multitalents.net>
+- "sco3-gcc",  "gcc:-O3 -fomit-frame-pointer -Dssize_t=int -DNO_SYS_UN_H::(unknown)::-lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::", # the SCO assembler doesn't seem to like our assembler files ...
+- 
+- # SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the
+- # SCO cc.
+- "sco5-cc",  "cc:-belf::(unknown)::-lsocket -lresolv -lnsl:${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-Kpic", # des options?
+- "sco5-cc-pentium",  "cc:-Kpentium::(unknown)::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:::", # des options?
+- "sco5-gcc",  "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lresolv -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::dlfcn:svr3-shared:-fPIC",
+- 
+  # Sinix/ReliantUNIX RM400
+  # NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g  */
+  "ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR::::::::::dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+--- 477,482 ----
+***************
+*** 508,514 ****
+  "VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+  
+  # Borland C++ 4.5
+! "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX::::::::::win32",
+  "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+  
+  # Mingw32
+--- 503,509 ----
+  "VC-MSDOS","cl:::(unknown):MSDOS::BN_LLONG MD2_CHAR DES_UNROLL DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+  
+  # Borland C++ 4.5
+! "BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN::::::::::win32",
+  "BC-16","bcc:::(unknown):WIN16::BN_LLONG DES_PTR RC4_INDEX SIXTEEN_BIT:::",
+  
+  # Mingw32
+***************
+*** 656,661 ****
+--- 651,657 ----
+  my $openssl_sys_defines="";
+  my $openssl_other_defines;
+  my $libs;
++ my $libkrb5="";
+  my $target;
+  my $options;
+  my $symlink;
+***************
+*** 696,701 ****
+--- 692,702 ----
+  			$flags .= "-DOPENSSL_NO_ASM ";
+  			$openssl_other_defines .= "#define OPENSSL_NO_ASM\n";
+  			}
++ 		elsif (/^no-err$/)
++ 		 	{
++ 			$flags .= "-DOPENSSL_NO_ERR ";
++ 			$openssl_other_defines .= "#define OPENSSL_NO_ERR\n";
++ 			}
+  		elsif (/^no-hw-(.+)$/)
+  			{
+  			my $hw=$1;
+***************
+*** 956,961 ****
+--- 957,964 ----
+  my $ranlib = $fields[$idx_ranlib];
+  my $arflags = $fields[$idx_arflags];
+  
++ my $no_shared_warn=0;
++ 
+  $cflags="$flags$cflags" if ($flags ne "");
+  
+  # Kerberos settings.  The flavor must be provided from outside, either through
+***************
+*** 1020,1027 ****
+  	$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
+  		if $withargs{"krb5-include"} eq "" &&
+  		   $withargs{"krb5-dir"} ne "";
+- 
+- 	$libs.=$withargs{"krb5-lib"}." " if $withargs{"krb5-lib"} ne "";
+  	}
+  
+  # The DSO code currently always implements all functions so that no
+--- 1023,1028 ----
+***************
+*** 1107,1112 ****
+--- 1108,1114 ----
+  my $shared_mark = "";
+  if ($shared_target eq "")
+  	{
++ 	$no_shared_warn = 1 if !$no_shared;
+  	$no_shared = 1;
+  	}
+  if (!$no_shared)
+***************
+*** 1240,1245 ****
+--- 1242,1248 ----
+  	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
+  	s/^PERL=.*/PERL= $perl/;
+  	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
++ 	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
+  	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
+  	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
+  	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
+***************
+*** 1511,1516 ****
+--- 1514,1529 ----
+  The library could not be configured for supporting multi-threaded
+  applications as the compiler options required on this system are not known.
+  See file INSTALL for details if you need multi-threading.
++ EOF
++ 
++ print <<\EOF if ($no_shared_warn);
++ 
++ You gave the option 'shared'.  Normally, that would give you shared libraries.
++ Unfortunately, the OpenSSL configuration doesn't include shared library support
++ for this platform yet, so it will pretend you gave the option 'no-shared'.  If
++ you can inform the developpers (openssl-dev\@openssl.org) how to support shared
++ libraries on this platform, they will at least look at it and try their best
++ (but please first make sure you have tried with a current version of OpenSSL).
+  EOF
+  
+  exit(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/FAQ ../RELENG_4/crypto/openssl/FAQ
+*** crypto/openssl/FAQ	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/FAQ	Mon Feb 24 21:14:49 2003
+***************
+*** 68,74 ****
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.7 was released on December 31, 2002.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+--- 68,74 ----
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.7a was released on February 19, 2003.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+***************
+*** 189,206 ****
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" that serves this purpose.  On other systems, applications have
+! to call the RAND_add() or RAND_seed() function with appropriate data
+! before generating keys or performing public key encryption.
+! (These functions initialize the pseudo-random number generator, PRNG.)
+! 
+! Some broken applications do not do this.  As of version 0.9.5, the
+! OpenSSL functions that need randomness report an error if the random
+! number generator has not been seeded with at least 128 bits of
+! randomness.  If this error occurs, please contact the author of the
+! application you are using.  It is likely that it never worked
+! correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+! to perform potentially insecure encryption.
+  
+  On systems without /dev/urandom and /dev/random, it is a good idea to
+  use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+--- 189,218 ----
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" (/dev/urandom or /dev/random) that serves this purpose.
+! All OpenSSL versions try to use /dev/urandom by default; starting with
+! version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
+! available.
+! 
+! On other systems, applications have to call the RAND_add() or
+! RAND_seed() function with appropriate data before generating keys or
+! performing public key encryption. (These functions initialize the
+! pseudo-random number generator, PRNG.)  Some broken applications do
+! not do this.  As of version 0.9.5, the OpenSSL functions that need
+! randomness report an error if the random number generator has not been
+! seeded with at least 128 bits of randomness.  If this error occurs and
+! is not discussed in the documentation of the application you are
+! using, please contact the author of that application; it is likely
+! that it never worked correctly.  OpenSSL 0.9.5 and later make the
+! error visible by refusing to perform potentially insecure encryption.
+! 
+! If you are using Solaris 8, you can add /dev/urandom and /dev/random
+! devices by installing patch 112438 (Sparc) or 112439 (x86), which are
+! available via the Patchfinder at <URL: http://sunsolve.sun.com>
+! (Solaris 9 includes these devices by default). For /dev/random support
+! for earlier Solaris versions, see Sun's statement at
+! <URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
+! (the SUNWski package is available in patch 105710).
+  
+  On systems without /dev/urandom and /dev/random, it is a good idea to
+  use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+***************
+*** 233,250 ****
+  provide their own configuration options to specify the entropy source,
+  please check out the documentation coming the with application.
+  
+- For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+- installing the SUNski package from Sun patch 105710-01 (Sparc) which
+- adds a /dev/random device and make sure it gets used, usually through
+- $RANDFILE.  There are probably similar patches for the other Solaris
+- versions.  An official statement from Sun with respect to /dev/random
+- support can be found at
+-   http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
+- However, be warned that /dev/random is usually a blocking device, which
+- may have some effects on OpenSSL.
+- A third party /dev/random solution for Solaris is available at
+-   http://www.cosy.sbg.ac.at/~andi/
+- 
+  
+  * Why do I get an "unable to write 'random state'" error message?
+  
+--- 245,250 ----
+***************
+*** 490,499 ****
+  Sometimes, you may get reports from VC++ command line (cl) that it
+  can't find standard include files like stdio.h and other weirdnesses.
+  One possible cause is that the environment isn't correctly set up.
+! To solve that problem, one should run VCVARS32.BAT which is found in
+! the 'bin' subdirectory of the VC++ installation directory (somewhere
+! under 'Program Files').  This needs to be done prior to running NMAKE,
+! and the changes are only valid for the current DOS session.
+  
+  
+  * What is special about OpenSSL on Redhat?
+--- 490,502 ----
+  Sometimes, you may get reports from VC++ command line (cl) that it
+  can't find standard include files like stdio.h and other weirdnesses.
+  One possible cause is that the environment isn't correctly set up.
+! To solve that problem for VC++ versions up to 6, one should run
+! VCVARS32.BAT which is found in the 'bin' subdirectory of the VC++
+! installation directory (somewhere under 'Program Files').  For VC++
+! version 7 (and up?), which is also called VS.NET, the file is called
+! VSVARS32.BAT instead.
+! This needs to be done prior to running NMAKE, and the changes are only
+! valid for the current DOS session.
+  
+  
+  * What is special about OpenSSL on Redhat?
+***************
+*** 577,586 ****
+  of the machine code, which is essential for shared library support. For
+  some reason OpenBSD is equipped with an out-of-date GNU assembler which
+  finds the new code offensive. To work around the problem, configure with
+! no-asm (and sacrifice a great deal of performance) or upgrade /usr/bin/as.
+  For your convenience a pre-compiled replacement binary is provided at
+! http://www.openssl.org/~appro/i386-openbsd3-as, which is compiled from
+! binutils-2.8 released in 1997.
+  
+  [PROG] ========================================================================
+  
+--- 580,592 ----
+  of the machine code, which is essential for shared library support. For
+  some reason OpenBSD is equipped with an out-of-date GNU assembler which
+  finds the new code offensive. To work around the problem, configure with
+! no-asm (and sacrifice a great deal of performance) or patch your assembler
+! according to <URL: http://www.openssl.org/~appro/gas-1.92.3.OpenBSD.patch>.
+  For your convenience a pre-compiled replacement binary is provided at
+! <URL: http://www.openssl.org/~appro/gas-1.92.3.static.aout.bin>.
+! Reportedly elder *BSD a.out platforms also suffer from this problem and
+! remedy should be same. Provided binary is statically linked and should be
+! working across wider range of *BSD branches, not just OpenBSD.
+  
+  [PROG] ========================================================================
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/INSTALL ../RELENG_4/crypto/openssl/INSTALL
+*** crypto/openssl/INSTALL	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/INSTALL	Mon Feb 24 21:14:49 2003
+***************
+*** 158,164 ****
+       If a test fails, look at the output.  There may be reasons for
+       the failure that isn't a problem in OpenSSL itself (like a missing
+       or malfunctioning bc).  If it is a problem with OpenSSL itself,
+!      try removing any compiler optimization flags from the CFLAGS line
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+       "make report" in order to be added to the request tracker at
+--- 158,164 ----
+       If a test fails, look at the output.  There may be reasons for
+       the failure that isn't a problem in OpenSSL itself (like a missing
+       or malfunctioning bc).  If it is a problem with OpenSSL itself,
+!      try removing any compiler optimization flags from the CFLAG line
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+       "make report" in order to be added to the request tracker at
+***************
+*** 308,310 ****
+--- 308,332 ----
+   to install additional support software to obtain random seed.
+   Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
+   and the FAQ for more information.
++ 
++  Note on support for multiple builds
++  -----------------------------------
++ 
++  OpenSSL is usually built in it's source tree.  Unfortunately, this doesn't
++  support building for multiple platforms from the same source tree very well.
++  It is however possible to build in a separate tree through the use of lots
++  of symbolic links, which should be prepared like this:
++ 
++ 	mkdir -p objtree/"`uname -s`-`uname -r`-`uname -m`"
++ 	cd objtree/"`uname -s`-`uname -r`-`uname -m`"
++ 	(cd $OPENSSL_SOURCE; find . -type f) | while read F; do
++ 		mkdir -p `dirname $F`
++ 		rm -f $F; ln -s $OPENSSL_SOURCE/$F $F
++ 		echo $F '->' $OPENSSL_SOURCE/$F
++ 	done
++ 	make -f Makefile.org clean
++ 
++  OPENSSL_SOURCE is an environment variable that contains the absolute (this
++  is important!) path to the OpenSSL source tree.
++ 
++  Also, operations like 'make update' should still be made in the source tree.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.org ../RELENG_4/crypto/openssl/Makefile.org
+*** crypto/openssl/Makefile.org	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/Makefile.org	Mon Feb 24 21:14:49 2003
+***************
+*** 72,77 ****
+--- 72,85 ----
+  TARFLAGS= --no-recursion
+  MAKEDEPPROG=makedepend
+  
++ # We let the C compiler driver to take care of .s files. This is done in
++ # order to be excused from maintaining a separate set of architecture
++ # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
++ # gcc, then the driver will automatically translate it to -xarch=v8plus
++ # and pass it down to assembler.
++ AS=$(CC) -c
++ ASFLAGS=$(CFLAG)
++ 
+  # Set BN_ASM to bn_asm.o if you want to use the C version
+  BN_ASM= bn_asm.o
+  #BN_ASM= bn_asm.o
+***************
+*** 159,164 ****
+--- 167,173 ----
+  
+  # KRB5 stuff
+  KRB5_INCLUDES=
++ LIBKRB5=
+  
+  # When we're prepared to use shared libraries in the programs we link here
+  # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
+***************
+*** 216,222 ****
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making all in $$i..." && \
+! 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+  	else \
+  		$(MAKE) $$i; \
+  	fi; \
+--- 225,231 ----
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making all in $$i..." && \
+! 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+  	else \
+  		$(MAKE) $$i; \
+  	fi; \
+***************
+*** 269,281 ****
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; ${CC} ${SHARED_LDFLAGS} \
+  		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+--- 278,293 ----
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; ${CC} ${SHARED_LDFLAGS} \
+  		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+***************
+*** 283,304 ****
+  # For Darwin AKA Mac OS/X (dyld)
+  do_darwin-shared: 
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+  		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+  		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+! 	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
+  	echo "" ; \
+  	done
+  
+  do_cygwin-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--out-implib,lib$$i.dll.a \
+  		-Wl,--no-whole-archive $$libs ) || exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
+--- 295,322 ----
+  # For Darwin AKA Mac OS/X (dyld)
+  do_darwin-shared: 
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+! 		libs="$(LIBKRB5) $$libs"; \
+! 	fi; \
+! 	( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+  		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+  		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+! 	libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
+  	echo "" ; \
+  	done
+  
+  do_cygwin-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--out-implib,lib$$i.dll.a \
+  		-Wl,--no-whole-archive $$libs ) || exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
+***************
+*** 307,317 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 325,338 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 323,333 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 344,357 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 339,350 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-rpath  ${INSTALLTOP}/lib \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 363,377 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-rpath  ${INSTALLTOP}/lib \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 355,360 ****
+--- 382,390 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  MINUSZ='-z '; \
+  		  (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+***************
+*** 363,369 ****
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+  			$$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 393,399 ----
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+  			$$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 373,378 ****
+--- 403,411 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  find . -name "*.o" -print > allobjs ; \
+  		  OBJS= ; export OBJS ; \
+***************
+*** 382,388 ****
+  		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 415,421 ----
+  		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 392,397 ****
+--- 425,433 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  find . -name "*.o" -print > allobjs ; \
+  		  OBJS= ; export OBJS ; \
+***************
+*** 402,408 ****
+  			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 438,444 ----
+  			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 412,422 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 448,461 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 433,438 ****
+--- 472,480 ----
+  #
+  do_hpux-shared:
+  	for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+   		+vnocompatwarnings \
+  		-b -z +s \
+***************
+*** 453,458 ****
+--- 495,503 ----
+  #
+  do_hpux64-shared:
+  	for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+   		-b -z \
+  		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+***************
+*** 495,511 ****
+  SHAREDCMD=$(CC)
+  do_aix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; \
+! 	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
+  	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+! 	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
+  		$$libs ${EX_LIBS} ) ) \
+  	|| exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  do_reliantunix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+  	( set -x; \
+  	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+--- 540,563 ----
+  SHAREDCMD=$(CC)
+  do_aix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; \
+! 	  ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
+  	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+! 	    $(SHAREDCMD) $(SHAREDFLAGS) \
+! 		-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
+  		$$libs ${EX_LIBS} ) ) \
+  	|| exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  do_reliantunix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+  	( set -x; \
+  	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+***************
+*** 515,521 ****
+  	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+  	) || exit 1; \
+  	rm -rf $$tmpdir ; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  openssl.pc: Makefile.ssl
+--- 567,573 ----
+  	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+  	) || exit 1; \
+  	rm -rf $$tmpdir ; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  openssl.pc: Makefile.ssl
+***************
+*** 528,534 ****
+  	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+  	    echo 'Version: '$(VERSION); \
+  	    echo 'Requires: '; \
+! 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+  	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+  
+  Makefile.ssl: Makefile.org
+--- 580,586 ----
+  	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+  	    echo 'Version: '$(VERSION); \
+  	    echo 'Requires: '; \
+! 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
+  	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+  
+  Makefile.ssl: Makefile.org
+***************
+*** 601,608 ****
+  	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+  		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+  		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  	touch rehash.time
+--- 653,659 ----
+  	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+  		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+  		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  	touch rehash.time
+***************
+*** 613,620 ****
+  	@(cd test && echo "testing..." && \
+  	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+  	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		apps/openssl version -a
+  
+--- 664,670 ----
+  	@(cd test && echo "testing..." && \
+  	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+  	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		apps/openssl version -a
+  
+***************
+*** 749,755 ****
+  					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+! 					c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
+  					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+--- 799,805 ----
+  					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+! 					c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+  					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+***************
+*** 763,768 ****
+--- 813,824 ----
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+  			set $(MAKE); \
+  			$$1 -f $$here/Makefile link-shared ); \
++ 		if [ "$(INSTALLTOP)" != "/usr" ]; then \
++ 			echo 'OpenSSL shared libraries have been installed in:'; \
++ 			echo '  $(INSTALLTOP)'; \
++ 			echo ''; \
++ 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
++ 		fi; \
+  	fi
+  	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.ssl ../RELENG_4/crypto/openssl/Makefile.ssl
+*** crypto/openssl/Makefile.ssl	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/Makefile.ssl	Mon Feb 24 21:14:49 2003
+***************
+*** 4,10 ****
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.7
+  MAJOR=0
+  MINOR=9.7
+  SHLIB_VERSION_NUMBER=0.9.7
+--- 4,10 ----
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.7a
+  MAJOR=0
+  MINOR=9.7
+  SHLIB_VERSION_NUMBER=0.9.7
+***************
+*** 74,79 ****
+--- 74,87 ----
+  TARFLAGS= --no-recursion
+  MAKEDEPPROG=makedepend
+  
++ # We let the C compiler driver to take care of .s files. This is done in
++ # order to be excused from maintaining a separate set of architecture
++ # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
++ # gcc, then the driver will automatically translate it to -xarch=v8plus
++ # and pass it down to assembler.
++ AS=$(CC) -c
++ ASFLAGS=$(CFLAG)
++ 
+  # Set BN_ASM to bn_asm.o if you want to use the C version
+  BN_ASM= bn_asm.o
+  #BN_ASM= bn_asm.o
+***************
+*** 161,166 ****
+--- 169,175 ----
+  
+  # KRB5 stuff
+  KRB5_INCLUDES=
++ LIBKRB5=
+  
+  # When we're prepared to use shared libraries in the programs we link here
+  # we might set SHLIB_MARK to '$(SHARED_LIBS)'.
+***************
+*** 218,224 ****
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making all in $$i..." && \
+! 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+  	else \
+  		$(MAKE) $$i; \
+  	fi; \
+--- 227,233 ----
+  	do \
+  	if [ -d "$$i" ]; then \
+  		(cd $$i && echo "making all in $$i..." && \
+! 		$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' AS='${AS}' ASFLAGS='${ASFLAGS}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all ) || exit 1; \
+  	else \
+  		$(MAKE) $$i; \
+  	fi; \
+***************
+*** 271,283 ****
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; ${CC} ${SHARED_LDFLAGS} \
+  		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+--- 280,295 ----
+  do_linux-shared: do_gnu-shared
+  do_gnu-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; ${CC} ${SHARED_LDFLAGS} \
+  		-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--no-whole-archive $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  DETECT_GNU_LD=(${CC} -Wl,-V /dev/null 2>&1 | grep '^GNU ld' )>/dev/null
+***************
+*** 285,306 ****
+  # For Darwin AKA Mac OS/X (dyld)
+  do_darwin-shared: 
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	( set -x ; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+  		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+  		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+! 	libs="$$libs -l`basename $$i${SHLIB_EXT} .dylib`"; \
+  	echo "" ; \
+  	done
+  
+  do_cygwin-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--out-implib,lib$$i.dll.a \
+  		-Wl,--no-whole-archive $$libs ) || exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
+--- 297,324 ----
+  # For Darwin AKA Mac OS/X (dyld)
+  do_darwin-shared: 
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+! 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
+! 		libs="$(LIBKRB5) $$libs"; \
+! 	fi; \
+! 	( set -x; ${CC} --verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
+  		lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  		-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
+  		-install_name ${INSTALLTOP}/lib/lib$$i${SHLIB_EXT} ) || exit 1; \
+! 	libs="-l`basename $$i${SHLIB_EXT} .dylib` $$libs"; \
+  	echo "" ; \
+  	done
+  
+  do_cygwin-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; ${CC}  -shared -o cyg$$i-$(SHLIB_VERSION_NUMBER).dll \
+  		-Wl,-Bsymbolic \
+  		-Wl,--whole-archive lib$$i.a \
+  		-Wl,--out-implib,lib$$i.dll.a \
+  		-Wl,--no-whole-archive $$libs ) || exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  # This assumes that GNU utilities are *not* used
+***************
+*** 309,319 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 327,340 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 325,335 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 346,359 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 341,352 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-rpath  ${INSTALLTOP}/lib \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 365,379 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -msym -o lib$$i.so \
+  			-rpath  ${INSTALLTOP}/lib \
+  			-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
+  			-all lib$$i.a -none $$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 357,362 ****
+--- 384,392 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  MINUSZ='-z '; \
+  		  (${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
+***************
+*** 365,371 ****
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+  			$$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 395,401 ----
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${MINUSZ}allextract lib$$i.a $${MINUSZ}defaultextract \
+  			$$libs ${EX_LIBS} -lc ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 375,380 ****
+--- 405,413 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  find . -name "*.o" -print > allobjs ; \
+  		  OBJS= ; export OBJS ; \
+***************
+*** 384,390 ****
+  		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 417,423 ----
+  		  set -x; ${CC}  -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 394,399 ****
+--- 427,435 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
+  		  find . -name "*.o" -print > allobjs ; \
+  		  OBJS= ; export OBJS ; \
+***************
+*** 404,410 ****
+  			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 440,446 ----
+  			-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 414,424 ****
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+! 		libs="$$libs -l$$i"; \
+  		done; \
+  	fi
+  
+--- 450,463 ----
+  		$(MAKE) do_gnu-shared; \
+  	else \
+  		libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 		if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 			libs="$(LIBKRB5) $$libs"; \
++ 		fi; \
+  		( set -x; ${CC} ${SHARED_LDFLAGS} \
+  			-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+  			-all lib$$i.a $$libs ${EX_LIBS} -lc) || exit 1; \
+! 		libs="-l$$i $$libs"; \
+  		done; \
+  	fi
+  
+***************
+*** 435,440 ****
+--- 474,482 ----
+  #
+  do_hpux-shared:
+  	for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+   		+vnocompatwarnings \
+  		-b -z +s \
+***************
+*** 455,460 ****
+--- 497,505 ----
+  #
+  do_hpux64-shared:
+  	for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; /usr/ccs/bin/ld ${SHARED_LDFLAGS} \
+   		-b -z \
+  		-o lib$$i.sl.${SHLIB_MAJOR}.${SHLIB_MINOR} \
+***************
+*** 497,513 ****
+  SHAREDCMD=$(CC)
+  do_aix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	( set -x; \
+! 	  ld -r -o $$i.o $(ALLSYMSFLAG) lib$$i.a && \
+  	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+! 	    $(SHAREDCMD) $(SHAREDFLAG) -o lib$$i.so lib$$i.o \
+  		$$libs ${EX_LIBS} ) ) \
+  	|| exit 1; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  do_reliantunix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
+  	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+  	( set -x; \
+  	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+--- 542,565 ----
+  SHAREDCMD=$(CC)
+  do_aix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	( set -x; \
+! 	  ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
+  	  ( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
+! 	    $(SHAREDCMD) $(SHAREDFLAGS) \
+! 		-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
+  		$$libs ${EX_LIBS} ) ) \
+  	|| exit 1; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  do_reliantunix-shared:
+  	libs='-L. ${SHLIBDEPS}'; for i in ${SHLIBDIRS}; do \
++ 	if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
++ 		libs="$(LIBKRB5) $$libs"; \
++ 	fi; \
+  	tmpdir=/tmp/openssl.$$$$ ; rm -rf $$tmpdir ; \
+  	( set -x; \
+  	  ( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
+***************
+*** 517,523 ****
+  	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+  	) || exit 1; \
+  	rm -rf $$tmpdir ; \
+! 	libs="$$libs -l$$i"; \
+  	done
+  
+  openssl.pc: Makefile.ssl
+--- 569,575 ----
+  	  cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
+  	) || exit 1; \
+  	rm -rf $$tmpdir ; \
+! 	libs="-l$$i $$libs"; \
+  	done
+  
+  openssl.pc: Makefile.ssl
+***************
+*** 530,536 ****
+  	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+  	    echo 'Version: '$(VERSION); \
+  	    echo 'Requires: '; \
+! 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(EX_LIBS)'; \
+  	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+  
+  Makefile.ssl: Makefile.org
+--- 582,588 ----
+  	    echo 'Description: Secure Sockets Layer and cryptography libraries and tools'; \
+  	    echo 'Version: '$(VERSION); \
+  	    echo 'Requires: '; \
+! 	    echo 'Libs: -L$${libdir} -lssl -lcrypto $(LIBKRB5) $(EX_LIBS)'; \
+  	    echo 'Cflags: -I$${includedir} $(KRB5_INCLUDES)' ) > openssl.pc
+  
+  Makefile.ssl: Makefile.org
+***************
+*** 603,610 ****
+  	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+  		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+  		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  	touch rehash.time
+--- 655,661 ----
+  	@(OPENSSL="`pwd`/apps/openssl"; OPENSSL_DEBUG_MEMORY=on; \
+  		export OPENSSL OPENSSL_DEBUG_MEMORY; \
+  		LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  	touch rehash.time
+***************
+*** 615,622 ****
+  	@(cd test && echo "testing..." && \
+  	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+  	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		apps/openssl version -a
+  
+--- 666,672 ----
+  	@(cd test && echo "testing..." && \
+  	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
+  	@LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; LIBPATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		apps/openssl version -a
+  
+***************
+*** 751,757 ****
+  					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+! 					c=`echo $$i | sed 's/^lib\(.*\)/cyg\1-$(SHLIB_VERSION_NUMBER)/'`; \
+  					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+--- 801,807 ----
+  					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+! 					c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
+  					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+  					mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+***************
+*** 765,770 ****
+--- 815,826 ----
+  			cd $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+  			set $(MAKE); \
+  			$$1 -f $$here/Makefile link-shared ); \
++ 		if [ "$(INSTALLTOP)" != "/usr" ]; then \
++ 			echo 'OpenSSL shared libraries have been installed in:'; \
++ 			echo '  $(INSTALLTOP)'; \
++ 			echo ''; \
++ 			sed -e '1,/^$$/d' doc/openssl-shared.txt; \
++ 		fi; \
+  	fi
+  	cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/NEWS ../RELENG_4/crypto/openssl/NEWS
+*** crypto/openssl/NEWS	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/NEWS	Mon Feb 24 21:14:49 2003
+***************
+*** 5,10 ****
+--- 5,21 ----
+    This file gives a brief overview of the major changes between each OpenSSL
+    release. For more details please read the CHANGES file.
+  
++   Major changes between OpenSSL 0.9.7 and OpenSSL 0.9.7a:
++ 
++       o Security: Important security related bugfixes.
++       o Enhanced compatibility with MIT Kerberos.
++       o Can be built without the ENGINE framework.
++       o IA32 assembler enhancements.
++       o Support for new platforms: FreeBSD/IA64 and FreeBSD/Sparc64.
++       o Configuration: the no-err option now works properly.
++       o SSL/TLS: now handles manual certificate chain building.
++       o SSL/TLS: certain session ID malfunctions corrected.
++ 
+    Major changes between OpenSSL 0.9.6 and OpenSSL 0.9.7:
+  
+        o New library section OCSP.
+***************
+*** 50,55 ****
+--- 61,70 ----
+        o SSL/TLS: allow more precise control of renegotiations and sessions.
+        o SSL/TLS: add callback to retrieve SSL/TLS messages.
+        o SSL/TLS: support AES cipher suites (RFC3268).
++ 
++   Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
++ 
++       o Important security related bugfixes.
+  
+    Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/PROBLEMS ../RELENG_4/crypto/openssl/PROBLEMS
+*** crypto/openssl/PROBLEMS	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/PROBLEMS	Mon Feb 24 21:14:49 2003
+***************
+*** 70,72 ****
+--- 70,100 ----
+  this seems to be the fact that compiler emits multiplication to
+  perform shift operations:-( To work the problem around configure
+  with './Configure solaris64-sparcv9-cc -DMD32_REG_T=int'.
++ 
++ * Problems with hp-parisc2-cc target when used with "no-asm" flag
++ 
++ When using the hp-parisc2-cc target, wrong bignum code is generated.
++ This is due to the SIXTY_FOUR_BIT build being compiled with the +O3
++ aggressive optimization.
++ The problem manifests itself by the BN_kronecker test hanging in an
++ endless loop. Reason: the BN_kronecker test calls BN_generate_prime()
++ which itself hangs. The reason could be tracked down to the bn_mul_comba8()
++ function in bn_asm.c. At some occasions the higher 32bit value of r[7]
++ is off by 1 (meaning: calculated=shouldbe+1). Further analysis failed,
++ as no debugger support possible at +O3 and additional fprintf()'s
++ introduced fixed the bug, therefore it is most likely a bug in the
++ optimizer.
++ The bug was found in the BN_kronecker test but may also lead to
++ failures in other parts of the code.
++ (See Ticket #426.)
++ 
++ Workaround: modify the target to +O2 when building with no-asm.
++ 
++ * Poor support for AIX shared builds.
++ 
++ do_aix-shared rule is not flexible enough to parameterize through a
++ config-line. './Configure aix43-cc shared' is working, but not
++ './Configure aix64-gcc shared'. In latter case make fails to create shared
++ libraries. It's possible to build 64-bit shared libraries by running
++ 'env OBJECT_MODE=64 make', but we need more elegant solution. Preferably one
++ supporting even gcc shared builds. See RT#463 for background information.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/README ../RELENG_4/crypto/openssl/README
+*** crypto/openssl/README	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/README	Mon Feb 24 21:14:49 2003
+***************
+*** 1,7 ****
+  
+!  OpenSSL 0.9.7 31 Dec 2002
+  
+!  Copyright (c) 1998-2002 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+--- 1,7 ----
+  
+!  OpenSSL 0.9.7a Feb 19 2003
+  
+!  Copyright (c) 1998-2003 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/Makefile.ssl ../RELENG_4/crypto/openssl/apps/Makefile.ssl
+*** crypto/openssl/apps/Makefile.ssl	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/apps/Makefile.ssl	Mon Feb 24 21:14:49 2003
+***************
+*** 18,23 ****
+--- 18,24 ----
+  RM=		rm -f
+  # KRB5 stuff
+  KRB5_INCLUDES=
++ LIBKRB5=
+  
+  PEX_LIBS=
+  EX_LIBS= 
+***************
+*** 150,157 ****
+  	fi
+  	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+  		LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="`pwd`\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  
+--- 151,157 ----
+  	fi
+  	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
+  		LIBPATH="`pwd`"; LD_LIBRARY_PATH="`pwd`"; DYLD_LIBRARY_PATH="`pwd`"; SHLIB_PATH="`pwd`"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
+  		$(PERL) tools/c_rehash certs)
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.c ../RELENG_4/crypto/openssl/apps/apps.c
+*** crypto/openssl/apps/apps.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/apps.c	Mon Feb 24 21:14:50 2003
+***************
+*** 122,128 ****
+--- 122,130 ----
+  #include <openssl/pkcs12.h>
+  #include <openssl/ui.h>
+  #include <openssl/safestack.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  #ifdef OPENSSL_SYS_WINDOWS
+  #define strcasecmp _stricmp
+***************
+*** 859,864 ****
+--- 861,867 ----
+  		BIO_printf(err,"no keyfile specified\n");
+  		goto end;
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  	if (format == FORMAT_ENGINE)
+  		{
+  		if (!e)
+***************
+*** 868,873 ****
+--- 871,877 ----
+  				ui_method, &cb_data);
+  		goto end;
+  		}
++ #endif
+  	key=BIO_new(BIO_s_file());
+  	if (key == NULL)
+  		{
+***************
+*** 935,940 ****
+--- 939,945 ----
+  		BIO_printf(err,"no keyfile specified\n");
+  		goto end;
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  	if (format == FORMAT_ENGINE)
+  		{
+  		if (!e)
+***************
+*** 944,949 ****
+--- 949,955 ----
+  				ui_method, &cb_data);
+  		goto end;
+  		}
++ #endif
+  	key=BIO_new(BIO_s_file());
+  	if (key == NULL)
+  		{
+***************
+*** 1329,1334 ****
+--- 1335,1341 ----
+  	return NULL;
+  }
+  
++ #ifndef OPENSSL_NO_ENGINE
+  /* Try to load an engine in a shareable library */
+  static ENGINE *try_load_engine(BIO *err, const char *engine, int debug)
+  	{
+***************
+*** 1385,1390 ****
+--- 1392,1398 ----
+  		}
+          return e;
+          }
++ #endif
+  
+  int load_config(BIO *err, CONF *cnf)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.h ../RELENG_4/crypto/openssl/apps/apps.h
+*** crypto/openssl/apps/apps.h	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/apps.h	Mon Feb 24 21:14:50 2003
+***************
+*** 121,127 ****
+--- 121,129 ----
+  #include <openssl/lhash.h>
+  #include <openssl/conf.h>
+  #include <openssl/txt_db.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #include <openssl/ossl_typ.h>
+  
+  int app_RAND_load_file(const char *file, BIO *bio_e, int dont_warn);
+***************
+*** 179,208 ****
+  		do_pipe_sig()
+  #  define apps_shutdown()
+  #else
+! #  if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+!    defined(OPENSSL_SYS_WIN32)
+! #    ifdef _O_BINARY
+! #      define apps_startup() \
+! 		do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+  #    else
+  #      define apps_startup() \
+! 		do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 		ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 		ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+  #    endif
+  #  else
+! #    define apps_startup() \
+! 		do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+! 		ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+! 		setup_ui_method(); } while(0)
+  #  endif
+- #  define apps_shutdown() \
+- 		do { CONF_modules_unload(1); destroy_ui_method(); \
+- 		EVP_cleanup(); ENGINE_cleanup(); \
+- 		CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+- 		ERR_free_strings(); } while(0)
+  #endif
+  
+  typedef struct args_st
+--- 181,237 ----
+  		do_pipe_sig()
+  #  define apps_shutdown()
+  #else
+! #  ifndef OPENSSL_NO_ENGINE
+! #    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+!      defined(OPENSSL_SYS_WIN32)
+! #      ifdef _O_BINARY
+! #        define apps_startup() \
+! 			do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+! #      else
+! #        define apps_startup() \
+! 			do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 			ENGINE_load_builtin_engines(); setup_ui_method(); } while(0)
+! #      endif
+  #    else
+  #      define apps_startup() \
+! 			do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+! 			ERR_load_crypto_strings(); ENGINE_load_builtin_engines(); \
+! 			setup_ui_method(); } while(0)
+  #    endif
++ #    define apps_shutdown() \
++ 			do { CONF_modules_unload(1); destroy_ui_method(); \
++ 			EVP_cleanup(); ENGINE_cleanup(); \
++ 			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
++ 			ERR_free_strings(); } while(0)
+  #  else
+! #    if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WIN16) || \
+!      defined(OPENSSL_SYS_WIN32)
+! #      ifdef _O_BINARY
+! #        define apps_startup() \
+! 			do { _fmode=_O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 			setup_ui_method(); } while(0)
+! #      else
+! #        define apps_startup() \
+! 			do { _fmode=O_BINARY; do_pipe_sig(); CRYPTO_malloc_init(); \
+! 			ERR_load_crypto_strings(); OpenSSL_add_all_algorithms(); \
+! 			setup_ui_method(); } while(0)
+! #      endif
+! #    else
+! #      define apps_startup() \
+! 			do { do_pipe_sig(); OpenSSL_add_all_algorithms(); \
+! 			ERR_load_crypto_strings(); \
+! 			setup_ui_method(); } while(0)
+! #    endif
+! #    define apps_shutdown() \
+! 			do { CONF_modules_unload(1); destroy_ui_method(); \
+! 			EVP_cleanup(); \
+! 			CRYPTO_cleanup_all_ex_data(); ERR_remove_state(0); \
+! 			ERR_free_strings(); } while(0)
+  #  endif
+  #endif
+  
+  typedef struct args_st
+***************
+*** 248,254 ****
+--- 277,285 ----
+  STACK_OF(X509) *load_certs(BIO *err, const char *file, int format,
+  	const char *pass, ENGINE *e, const char *cert_descrip);
+  X509_STORE *setup_verify(BIO *bp, char *CAfile, char *CApath);
++ #ifndef OPENSSL_NO_ENGINE
+  ENGINE *setup_engine(BIO *err, const char *engine, int debug);
++ #endif
+  
+  int load_config(BIO *err, CONF *cnf);
+  char *make_config_name(void);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ca.c ../RELENG_4/crypto/openssl/apps/ca.c
+*** crypto/openssl/apps/ca.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/ca.c	Mon Feb 24 21:14:50 2003
+***************
+*** 196,202 ****
+--- 196,204 ----
+  " -extensions ..  - Extension section (override value in config file)\n",
+  " -extfile file   - Configuration file with X509v3 extentions to add\n",
+  " -crlexts ..     - CRL extension section (override value in config file)\n",
++ #ifndef OPENSSL_NO_ENGINE
+  " -engine e       - use engine e, possibly a hardware device.\n",
++ #endif
+  " -status serial  - Shows certificate status given the serial number\n",
+  " -updatedb       - Updates db for expired certificates\n",
+  NULL
+***************
+*** 333,339 ****
+--- 335,343 ----
+  #define BSIZE 256
+  	MS_STATIC char buf[3][BSIZE];
+  	char *randfile=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine = NULL;
++ #endif
+  	char *tofree=NULL;
+  
+  #ifdef EFENCE
+***************
+*** 537,547 ****
+--- 541,553 ----
+  			rev_arg = *(++argv);
+  			rev_type = REV_CA_COMPROMISE;
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else
+  			{
+  bad:
+***************
+*** 562,568 ****
+--- 568,576 ----
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	/*****************************************************************/
+  	tofree=NULL;
+***************
+*** 597,603 ****
+--- 605,614 ----
+  		goto err;
+  		}
+  	if(tofree)
++ 		{
+  		OPENSSL_free(tofree);
++ 		tofree = NULL;
++ 		}
+  
+  	if (!load_config(bio_err, conf))
+  		goto err;
+***************
+*** 1633,1643 ****
+  	BIO_free_all(out);
+  	BIO_free_all(in);
+  
+! 	sk_X509_pop_free(cert_sk,X509_free);
+  
+  	if (ret) ERR_print_errors(bio_err);
+  	app_RAND_write_file(randfile, bio_err);
+! 	if (free_key)
+  		OPENSSL_free(key);
+  	BN_free(serial);
+  	TXT_DB_free(db);
+--- 1644,1655 ----
+  	BIO_free_all(out);
+  	BIO_free_all(in);
+  
+! 	if (cert_sk)
+! 		sk_X509_pop_free(cert_sk,X509_free);
+  
+  	if (ret) ERR_print_errors(bio_err);
+  	app_RAND_write_file(randfile, bio_err);
+! 	if (free_key && key)
+  		OPENSSL_free(key);
+  	BN_free(serial);
+  	TXT_DB_free(db);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dgst.c ../RELENG_4/crypto/openssl/apps/dgst.c
+*** crypto/openssl/apps/dgst.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/dgst.c	Mon Feb 24 21:14:50 2003
+***************
+*** 100,106 ****
+--- 100,108 ----
+  	EVP_PKEY *sigkey = NULL;
+  	unsigned char *sigbuf = NULL;
+  	int siglen = 0;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 166,176 ****
+--- 168,180 ----
+  			if (--argc < 1) break;
+  			keyform=str2fmt(*(++argv));
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) break;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-hex") == 0)
+  			out_bin = 0;
+  		else if (strcmp(*argv,"-binary") == 0)
+***************
+*** 208,214 ****
+--- 212,220 ----
+  		BIO_printf(bio_err,"-keyform arg    key file format (PEM or ENGINE)\n");
+  		BIO_printf(bio_err,"-signature file signature to verify\n");
+  		BIO_printf(bio_err,"-binary         output in binary form\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  
+  		BIO_printf(bio_err,"-%3s to use the %s message digest algorithm (default)\n",
+  			LN_md5,LN_md5);
+***************
+*** 228,234 ****
+--- 234,242 ----
+  		goto end;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	in=BIO_new(BIO_s_file());
+  	bmd=BIO_new(BIO_f_md());
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dh.c ../RELENG_4/crypto/openssl/apps/dh.c
+*** crypto/openssl/apps/dh.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/dh.c	Mon Feb 24 21:14:50 2003
+***************
+*** 87,98 ****
+  
+  int MAIN(int argc, char **argv)
+  	{
+  	ENGINE *e = NULL;
+  	DH *dh=NULL;
+  	int i,badops=0,text=0;
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,check=0,noout=0,C=0,ret=1;
+! 	char *infile,*outfile,*prog,*engine;
+  
+  	apps_startup();
+  
+--- 87,103 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	DH *dh=NULL;
+  	int i,badops=0,text=0;
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,check=0,noout=0,C=0,ret=1;
+! 	char *infile,*outfile,*prog;
+! #ifndef OPENSSL_NO_ENGINE
+! 	char *engine;
+! #endif
+  
+  	apps_startup();
+  
+***************
+*** 103,109 ****
+--- 108,116 ----
+  	if (!load_config(bio_err, NULL))
+  		goto end;
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	engine=NULL;
++ #endif
+  	infile=NULL;
+  	outfile=NULL;
+  	informat=FORMAT_PEM;
+***************
+*** 134,144 ****
+--- 141,153 ----
+  			if (--argc < 1) goto bad;
+  			outfile= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-check") == 0)
+  			check=1;
+  		else if (strcmp(*argv,"-text") == 0)
+***************
+*** 170,182 ****
+--- 179,195 ----
+  		BIO_printf(bio_err," -text         print a text form of the DH parameters\n");
+  		BIO_printf(bio_err," -C            Output C code\n");
+  		BIO_printf(bio_err," -noout        no output\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
++ #endif
+  		goto end;
+  		}
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	in=BIO_new(BIO_s_file());
+  	out=BIO_new(BIO_s_file());
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dhparam.c ../RELENG_4/crypto/openssl/apps/dhparam.c
+*** crypto/openssl/apps/dhparam.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/dhparam.c	Mon Feb 24 21:14:50 2003
+***************
+*** 148,154 ****
+--- 148,156 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	DH *dh=NULL;
+  	int i,badops=0,text=0;
+  #ifndef OPENSSL_NO_DSA
+***************
+*** 157,163 ****
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,check=0,noout=0,C=0,ret=1;
+  	char *infile,*outfile,*prog;
+! 	char *inrand=NULL,*engine=NULL;
+  	int num = 0, g = 0;
+  
+  	apps_startup();
+--- 159,168 ----
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,check=0,noout=0,C=0,ret=1;
+  	char *infile,*outfile,*prog;
+! 	char *inrand=NULL;
+! #ifndef OPENSSL_NO_ENGINE
+! 	char *engine=NULL;
+! #endif
+  	int num = 0, g = 0;
+  
+  	apps_startup();
+***************
+*** 199,209 ****
+--- 204,216 ----
+  			if (--argc < 1) goto bad;
+  			outfile= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-check") == 0)
+  			check=1;
+  		else if (strcmp(*argv,"-text") == 0)
+***************
+*** 249,255 ****
+--- 256,264 ----
+  		BIO_printf(bio_err," -2            generate parameters using  2 as the generator value\n");
+  		BIO_printf(bio_err," -5            generate parameters using  5 as the generator value\n");
+  		BIO_printf(bio_err," numbits       number of bits in to generate (default 512)\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,"               - load the file (or the files in the directory) into\n");
+  		BIO_printf(bio_err,"               the random number generator\n");
+***************
+*** 259,265 ****
+--- 268,276 ----
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (g && !num)
+  		num = DEFBITS;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsa.c ../RELENG_4/crypto/openssl/apps/dsa.c
+*** crypto/openssl/apps/dsa.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/dsa.c	Mon Feb 24 21:14:50 2003
+***************
+*** 90,96 ****
+--- 90,98 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	int ret=1;
+  	DSA *dsa=NULL;
+  	int i,badops=0;
+***************
+*** 98,104 ****
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,text=0,noout=0;
+  	int pubin = 0, pubout = 0;
+! 	char *infile,*outfile,*prog,*engine;
+  	char *passargin = NULL, *passargout = NULL;
+  	char *passin = NULL, *passout = NULL;
+  	int modulus=0;
+--- 100,109 ----
+  	BIO *in=NULL,*out=NULL;
+  	int informat,outformat,text=0,noout=0;
+  	int pubin = 0, pubout = 0;
+! 	char *infile,*outfile,*prog;
+! #ifndef OPENSSL_NO_ENGINE
+! 	char *engine;
+! #endif
+  	char *passargin = NULL, *passargout = NULL;
+  	char *passin = NULL, *passout = NULL;
+  	int modulus=0;
+***************
+*** 112,118 ****
+--- 117,125 ----
+  	if (!load_config(bio_err, NULL))
+  		goto end;
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	engine=NULL;
++ #endif
+  	infile=NULL;
+  	outfile=NULL;
+  	informat=FORMAT_PEM;
+***************
+*** 153,163 ****
+--- 160,172 ----
+  			if (--argc < 1) goto bad;
+  			passargout= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-noout") == 0)
+  			noout=1;
+  		else if (strcmp(*argv,"-text") == 0)
+***************
+*** 189,195 ****
+--- 198,206 ----
+  		BIO_printf(bio_err," -passin arg     input file pass phrase source\n");
+  		BIO_printf(bio_err," -out arg        output file\n");
+  		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," -des            encrypt PEM output with cbc des\n");
+  		BIO_printf(bio_err," -des3           encrypt PEM output with ede cbc des using 168 bit key\n");
+  #ifndef OPENSSL_NO_IDEA
+***************
+*** 207,213 ****
+--- 218,226 ----
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+  		BIO_printf(bio_err, "Error getting passwords\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsaparam.c ../RELENG_4/crypto/openssl/apps/dsaparam.c
+*** crypto/openssl/apps/dsaparam.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/dsaparam.c	Mon Feb 24 21:14:50 2003
+***************
+*** 90,96 ****
+--- 90,98 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	DSA *dsa=NULL;
+  	int i,badops=0,text=0;
+  	BIO *in=NULL,*out=NULL;
+***************
+*** 98,104 ****
+--- 100,108 ----
+  	char *infile,*outfile,*prog,*inrand=NULL;
+  	int numbits= -1,num,genkey=0;
+  	int need_rand=0;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 139,149 ****
+--- 143,155 ----
+  			if (--argc < 1) goto bad;
+  			outfile= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if(strcmp(*argv, "-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine = *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-text") == 0)
+  			text=1;
+  		else if (strcmp(*argv,"-C") == 0)
+***************
+*** 191,197 ****
+--- 197,205 ----
+  		BIO_printf(bio_err," -noout        no output\n");
+  		BIO_printf(bio_err," -genkey       generate a DSA key\n");
+  		BIO_printf(bio_err," -rand         files to use for random number input\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," number        number of bits to use for generating private key\n");
+  		goto end;
+  		}
+***************
+*** 235,241 ****
+--- 243,251 ----
+  			}
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (need_rand)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/enc.c ../RELENG_4/crypto/openssl/apps/enc.c
+*** crypto/openssl/apps/enc.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/enc.c	Mon Feb 24 21:14:50 2003
+***************
+*** 100,106 ****
+--- 100,108 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	static const char magic[]="Salted__";
+  	char mbuf[sizeof magic-1];
+  	char *strbuf=NULL;
+***************
+*** 119,125 ****
+--- 121,129 ----
+  	BIO *in=NULL,*out=NULL,*b64=NULL,*benc=NULL,*rbio=NULL,*wbio=NULL;
+  #define PROG_NAME_SIZE  39
+  	char pname[PROG_NAME_SIZE+1];
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine = NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 163,173 ****
+--- 167,179 ----
+  			if (--argc < 1) goto bad;
+  			passarg= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if	(strcmp(*argv,"-d") == 0)
+  			enc=0;
+  		else if	(strcmp(*argv,"-p") == 0)
+***************
+*** 270,276 ****
+--- 276,284 ----
+  			BIO_printf(bio_err,"%-14s key/iv in hex is the next argument\n","-K/-iv");
+  			BIO_printf(bio_err,"%-14s print the iv/key (then exit if -P)\n","-[pP]");
+  			BIO_printf(bio_err,"%-14s buffer size\n","-bufsize <n>");
++ #ifndef OPENSSL_NO_ENGINE
+  			BIO_printf(bio_err,"%-14s use engine e, possibly a hardware device.\n","-engine e");
++ #endif
+  
+  			BIO_printf(bio_err,"Cipher Types\n");
+  			OBJ_NAME_do_all_sorted(OBJ_NAME_TYPE_CIPHER_METH,
+***************
+*** 284,290 ****
+--- 292,300 ----
+  		argv++;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (bufsize != NULL)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/engine.c ../RELENG_4/crypto/openssl/apps/engine.c
+*** crypto/openssl/apps/engine.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/engine.c	Mon Feb 24 21:14:50 2003
+***************
+*** 56,61 ****
+--- 56,63 ----
+   *
+   */
+  
++ #ifndef OPENSSL_NO_ENGINE
++ 
+  #include <stdio.h>
+  #include <stdlib.h>
+  #include <string.h>
+***************
+*** 518,520 ****
+--- 520,523 ----
+  	apps_shutdown();
+  	OPENSSL_EXIT(ret);
+  	}
++ #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendh.c ../RELENG_4/crypto/openssl/apps/gendh.c
+*** crypto/openssl/apps/gendh.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/gendh.c	Mon Feb 24 21:14:50 2003
+***************
+*** 81,93 ****
+--- 81,97 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	DH *dh=NULL;
+  	int ret=1,num=DEFBITS;
+  	int g=2;
+  	char *outfile=NULL;
+  	char *inrand=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  	BIO *out=NULL;
+  
+  	apps_startup();
+***************
+*** 115,125 ****
+--- 119,131 ----
+  			g=3; */
+  		else if (strcmp(*argv,"-5") == 0)
+  			g=5;
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-rand") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 138,151 ****
+--- 144,161 ----
+  		BIO_printf(bio_err," -2        - use 2 as the generator value\n");
+  	/*	BIO_printf(bio_err," -3        - use 3 as the generator value\n"); */
+  		BIO_printf(bio_err," -5        - use 5 as the generator value\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
+  		BIO_printf(bio_err,"             the random number generator\n");
+  		goto end;
+  		}
+  		
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	out=BIO_new(BIO_s_file());
+  	if (out == NULL)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendsa.c ../RELENG_4/crypto/openssl/apps/gendsa.c
+*** crypto/openssl/apps/gendsa.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/gendsa.c	Mon Feb 24 21:14:50 2003
+***************
+*** 77,83 ****
+--- 77,85 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	DSA *dsa=NULL;
+  	int ret=1;
+  	char *outfile=NULL;
+***************
+*** 85,91 ****
+--- 87,95 ----
+  	char *passargout = NULL, *passout = NULL;
+  	BIO *out=NULL,*in=NULL;
+  	const EVP_CIPHER *enc=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 111,121 ****
+--- 115,127 ----
+  			if (--argc < 1) goto bad;
+  			passargout= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-rand") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 167,173 ****
+--- 173,181 ----
+  		BIO_printf(bio_err," -aes128, -aes192, -aes256\n");
+  		BIO_printf(bio_err,"                 encrypt PEM output with cbc aes\n");
+  #endif
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e - use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,"           - load the file (or the files in the directory) into\n");
+  		BIO_printf(bio_err,"             the random number generator\n");
+***************
+*** 176,182 ****
+--- 184,192 ----
+  		goto end;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(!app_passwd(bio_err, NULL, passargout, NULL, &passout)) {
+  		BIO_printf(bio_err, "Error getting password\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/genrsa.c ../RELENG_4/crypto/openssl/apps/genrsa.c
+*** crypto/openssl/apps/genrsa.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/genrsa.c	Mon Feb 24 21:14:50 2003
+***************
+*** 81,87 ****
+--- 81,89 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	int ret=1;
+  	RSA *rsa=NULL;
+  	int i,num=DEFBITS;
+***************
+*** 90,96 ****
+--- 92,100 ----
+  	unsigned long f4=RSA_F4;
+  	char *outfile=NULL;
+  	char *passargout = NULL, *passout = NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  	char *inrand=NULL;
+  	BIO *out=NULL;
+  
+***************
+*** 122,132 ****
+--- 126,138 ----
+  			f4=3;
+  		else if (strcmp(*argv,"-F4") == 0 || strcmp(*argv,"-f4") == 0)
+  			f4=RSA_F4;
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-rand") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 177,183 ****
+--- 183,191 ----
+  		BIO_printf(bio_err," -passout arg    output file pass phrase source\n");
+  		BIO_printf(bio_err," -f4             use F4 (0x10001) for the E value\n");
+  		BIO_printf(bio_err," -3              use 3 for the E value\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,"                 load the file (or the files in the directory) into\n");
+  		BIO_printf(bio_err,"                 the random number generator\n");
+***************
+*** 191,197 ****
+--- 199,207 ----
+  		goto err;
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (outfile == NULL)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ocsp.c ../RELENG_4/crypto/openssl/apps/ocsp.c
+*** crypto/openssl/apps/ocsp.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/ocsp.c	Mon Feb 24 21:14:50 2003
+***************
+*** 55,60 ****
+--- 55,61 ----
+   * Hudson (tjh@cryptsoft.com).
+   *
+   */
++ #ifndef OPENSSL_NO_OCSP
+  
+  #include <stdio.h>
+  #include <string.h>
+***************
+*** 722,728 ****
+--- 723,734 ----
+  		}
+  	else if (host)
+  		{
++ #ifndef OPENSSL_NO_SOCK
+  		cbio = BIO_new_connect(host);
++ #else
++ 		BIO_printf(bio_err, "Error creating connect BIO - sockets not supported.\n");
++ 		goto end;
++ #endif
+  		if (!cbio)
+  			{
+  			BIO_printf(bio_err, "Error creating connect BIO\n");
+***************
+*** 732,738 ****
+--- 738,753 ----
+  		if (use_ssl == 1)
+  			{
+  			BIO *sbio;
++ #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+  			ctx = SSL_CTX_new(SSLv23_client_method());
++ #elif !defined(OPENSSL_NO_SSL3)
++ 			ctx = SSL_CTX_new(SSLv3_client_method());
++ #elif !defined(OPENSSL_NO_SSL2)
++ 			ctx = SSL_CTX_new(SSLv2_client_method());
++ #else
++ 			BIO_printf(bio_err, "SSL is disabled\n");
++ 			goto end;
++ #endif
+  			SSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);
+  			sbio = BIO_new_ssl(ctx, 1);
+  			cbio = BIO_push(sbio, cbio);
+***************
+*** 1139,1145 ****
+--- 1154,1164 ----
+  	bufbio = BIO_new(BIO_f_buffer());
+  	if (!bufbio) 
+  		goto err;
++ #ifndef OPENSSL_NO_SOCK
+  	acbio = BIO_new_accept(port);
++ #else
++ 	BIO_printf(bio_err, "Error setting up accept BIO - sockets not supported.\n");
++ #endif
+  	if (!acbio)
+  		goto err;
+  	BIO_set_accept_bios(acbio, bufbio);
+***************
+*** 1226,1228 ****
+--- 1245,1248 ----
+  	return 1;
+  	}
+  
++ #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/openssl.c ../RELENG_4/crypto/openssl/apps/openssl.c
+*** crypto/openssl/apps/openssl.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/openssl.c	Mon Feb 24 21:14:50 2003
+***************
+*** 122,128 ****
+--- 122,130 ----
+  #include <openssl/x509.h>
+  #include <openssl/pem.h>
+  #include <openssl/ssl.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #define USE_SOCKETS /* needed for the _O_BINARY defs in the MS world */
+  #include "progs.h"
+  #include "s_apps.h"
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs12.c ../RELENG_4/crypto/openssl/apps/pkcs12.c
+*** crypto/openssl/apps/pkcs12.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/pkcs12.c	Mon Feb 24 21:14:50 2003
+***************
+*** 120,126 ****
+--- 120,128 ----
+      char *passin = NULL, *passout = NULL;
+      char *inrand = NULL;
+      char *CApath = NULL, *CAfile = NULL;
++ #ifndef OPENSSL_NO_ENGINE
+      char *engine=NULL;
++ #endif
+  
+      apps_startup();
+  
+***************
+*** 252,262 ****
+--- 254,266 ----
+  			args++;	
+  			CAfile = *args;
+  		    } else badarg = 1;
++ #ifndef OPENSSL_NO_ENGINE
+  		} else if (!strcmp(*args,"-engine")) {
+  		    if (args[1]) {
+  			args++;	
+  			engine = *args;
+  		    } else badarg = 1;
++ #endif
+  		} else badarg = 1;
+  
+  	} else badarg = 1;
+***************
+*** 304,317 ****
+--- 308,325 ----
+  	BIO_printf (bio_err, "-password p   set import/export password source\n");
+  	BIO_printf (bio_err, "-passin p     input file pass phrase source\n");
+  	BIO_printf (bio_err, "-passout p    output file pass phrase source\n");
++ #ifndef OPENSSL_NO_ENGINE
+  	BIO_printf (bio_err, "-engine e     use engine e, possibly a hardware device.\n");
++ #endif
+  	BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  	BIO_printf(bio_err,  "              load the file (or the files in the directory) into\n");
+  	BIO_printf(bio_err,  "              the random number generator\n");
+      	goto end;
+      }
+  
++ #ifndef OPENSSL_NO_ENGINE
+      e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+      if(passarg) {
+  	if(export_cert) passargout = passarg;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs7.c ../RELENG_4/crypto/openssl/apps/pkcs7.c
+*** crypto/openssl/apps/pkcs7.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/pkcs7.c	Mon Feb 24 21:14:50 2003
+***************
+*** 82,88 ****
+--- 82,90 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	PKCS7 *p7=NULL;
+  	int i,badops=0;
+  	BIO *in=NULL,*out=NULL;
+***************
+*** 90,96 ****
+--- 92,100 ----
+  	char *infile,*outfile,*prog;
+  	int print_certs=0,text=0,noout=0;
+  	int ret=1;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 134,144 ****
+--- 138,150 ----
+  			text=1;
+  		else if (strcmp(*argv,"-print_certs") == 0)
+  			print_certs=1;
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else
+  			{
+  			BIO_printf(bio_err,"unknown option %s\n",*argv);
+***************
+*** 161,174 ****
+--- 167,184 ----
+  		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+  		BIO_printf(bio_err," -text         print full details of certificates\n");
+  		BIO_printf(bio_err," -noout        don't output encoded data\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e     use engine e, possibly a hardware device.\n");
++ #endif
+  		ret = 1;
+  		goto end;
+  		}
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	in=BIO_new(BIO_s_file());
+  	out=BIO_new(BIO_s_file());
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs8.c ../RELENG_4/crypto/openssl/apps/pkcs8.c
+*** crypto/openssl/apps/pkcs8.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/pkcs8.c	Mon Feb 24 21:14:50 2003
+***************
+*** 85,91 ****
+--- 85,93 ----
+  	EVP_PKEY *pkey=NULL;
+  	char pass[50], *passin = NULL, *passout = NULL, *p8pass = NULL;
+  	int badarg = 0;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	if (bio_err == NULL) bio_err = BIO_new_fp (stderr, BIO_NOCLOSE);
+  
+***************
+*** 145,155 ****
+--- 147,159 ----
+  			if (!args[1]) goto bad;
+  			passargout= *(++args);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*args,"-engine") == 0)
+  			{
+  			if (!args[1]) goto bad;
+  			engine= *(++args);
+  			}
++ #endif
+  		else if (!strcmp (*args, "-in")) {
+  			if (args[1]) {
+  				args++;
+***************
+*** 182,192 ****
+--- 186,200 ----
+  		BIO_printf(bio_err, "-nocrypt        use or expect unencrypted private key\n");
+  		BIO_printf(bio_err, "-v2 alg         use PKCS#5 v2.0 and cipher \"alg\"\n");
+  		BIO_printf(bio_err, "-v1 obj         use PKCS#5 v1.5 and cipher \"alg\"\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  		return (1);
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+  		BIO_printf(bio_err, "Error getting passwords\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/progs.h ../RELENG_4/crypto/openssl/apps/progs.h
+*** crypto/openssl/apps/progs.h	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/progs.h	Mon Feb 24 21:14:50 2003
+***************
+*** 35,41 ****
+--- 35,43 ----
+  extern int spkac_main(int argc,char *argv[]);
+  extern int smime_main(int argc,char *argv[]);
+  extern int rand_main(int argc,char *argv[]);
++ #ifndef OPENSSL_NO_ENGINE
+  extern int engine_main(int argc,char *argv[]);
++ #endif
+  extern int ocsp_main(int argc,char *argv[]);
+  
+  #define FUNC_TYPE_GENERAL	1
+***************
+*** 92,98 ****
+--- 94,102 ----
+  #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+  	{FUNC_TYPE_GENERAL,"s_client",s_client_main},
+  #endif
++ #ifndef OPENSSL_NO_SPEED
+  	{FUNC_TYPE_GENERAL,"speed",speed_main},
++ #endif
+  #if !defined(OPENSSL_NO_SOCK) && !(defined(OPENSSL_NO_SSL2) && defined(OPENSSL_NO_SSL3))
+  	{FUNC_TYPE_GENERAL,"s_time",s_time_main},
+  #endif
+***************
+*** 111,117 ****
+--- 115,123 ----
+  	{FUNC_TYPE_GENERAL,"spkac",spkac_main},
+  	{FUNC_TYPE_GENERAL,"smime",smime_main},
+  	{FUNC_TYPE_GENERAL,"rand",rand_main},
++ #ifndef OPENSSL_NO_ENGINE
+  	{FUNC_TYPE_GENERAL,"engine",engine_main},
++ #endif
+  	{FUNC_TYPE_GENERAL,"ocsp",ocsp_main},
+  #ifndef OPENSSL_NO_MD2
+  	{FUNC_TYPE_MD,"md2",dgst_main},
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rand.c ../RELENG_4/crypto/openssl/apps/rand.c
+*** crypto/openssl/apps/rand.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/rand.c	Mon Feb 24 21:14:50 2003
+***************
+*** 76,82 ****
+--- 76,84 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	int i, r, ret = 1;
+  	int badopt;
+  	char *outfile = NULL;
+***************
+*** 84,90 ****
+--- 86,94 ----
+  	int base64 = 0;
+  	BIO *out = NULL;
+  	int num = -1;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 106,111 ****
+--- 110,116 ----
+  			else
+  				badopt = 1;
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(argv[i], "-engine") == 0)
+  			{
+  			if ((argv[i+1] != NULL) && (engine == NULL))
+***************
+*** 113,118 ****
+--- 118,124 ----
+  			else
+  				badopt = 1;
+  			}
++ #endif
+  		else if (strcmp(argv[i], "-rand") == 0)
+  			{
+  			if ((argv[i+1] != NULL) && (inrand == NULL))
+***************
+*** 150,162 ****
+--- 156,172 ----
+  		BIO_printf(bio_err, "Usage: rand [options] num\n");
+  		BIO_printf(bio_err, "where options are\n");
+  		BIO_printf(bio_err, "-out file             - write to file\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err, "-engine e             - use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf(bio_err, "-rand file%cfile%c... - seed PRNG from files\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err, "-base64               - encode output\n");
+  		goto err;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	app_RAND_load_file(NULL, bio_err, (inrand != NULL));
+  	if (inrand != NULL)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/req.c ../RELENG_4/crypto/openssl/apps/req.c
+*** crypto/openssl/apps/req.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/req.c	Mon Feb 24 21:14:50 2003
+***************
+*** 162,168 ****
+--- 162,170 ----
+  	int informat,outformat,verify=0,noout=0,text=0,keyform=FORMAT_PEM;
+  	int nodes=0,kludge=0,newhdr=0,subject=0,pubkey=0;
+  	char *infile,*outfile,*prog,*keyfile=NULL,*template=NULL,*keyout=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  	char *extensions = NULL;
+  	char *req_exts = NULL;
+  	const EVP_CIPHER *cipher=NULL;
+***************
+*** 210,220 ****
+--- 212,224 ----
+  			if (--argc < 1) goto bad;
+  			outformat=str2fmt(*(++argv));
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-key") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 428,434 ****
+--- 432,440 ----
+  		BIO_printf(bio_err," -verify        verify signature on REQ\n");
+  		BIO_printf(bio_err," -modulus       RSA modulus\n");
+  		BIO_printf(bio_err," -nodes         don't encrypt the output key\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device\n");
++ #endif
+  		BIO_printf(bio_err," -subject       output the request's subject\n");
+  		BIO_printf(bio_err," -passin        private key password source\n");
+  		BIO_printf(bio_err," -key file      use the private key contained in file\n");
+***************
+*** 453,459 ****
+  		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
+  		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
+  		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
+! 		BIO_printf(bio_err," -nameopt arg   - various certificate name options\n");
+  		BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");
+  		goto end;
+  		}
+--- 459,465 ----
+  		BIO_printf(bio_err," -extensions .. specify certificate extension section (override value in config file)\n");
+  		BIO_printf(bio_err," -reqexts ..    specify request extension section (override value in config file)\n");
+  		BIO_printf(bio_err," -utf8          input characters are UTF8 (default ASCII)\n");
+! 		BIO_printf(bio_err," -nameopt arg    - various certificate name options\n");
+  		BIO_printf(bio_err," -reqopt arg    - various request text options\n\n");
+  		goto end;
+  		}
+***************
+*** 617,623 ****
+--- 623,631 ----
+  	if ((in == NULL) || (out == NULL))
+  		goto end;
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (keyfile != NULL)
+  		{
+***************
+*** 1237,1247 ****
+--- 1245,1261 ----
+  
+  			sprintf(buf,"%s_min",v->name);
+  			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_min))
++ 				{
++ 				ERR_clear_error();
+  				n_min = -1;
++ 				}
+  
+  			sprintf(buf,"%s_max",v->name);
+  			if (!NCONF_get_number(req_conf,dn_sect,buf, &n_max))
++ 				{
++ 				ERR_clear_error();
+  				n_max = -1;
++ 				}
+  
+  			if (!add_DN_object(subj,v->value,def,value,nid,
+  				n_min,n_max, chtype))
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa.c ../RELENG_4/crypto/openssl/apps/rsa.c
+*** crypto/openssl/apps/rsa.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/rsa.c	Mon Feb 24 21:14:50 2003
+***************
+*** 104,110 ****
+--- 104,112 ----
+  	char *infile,*outfile,*prog;
+  	char *passargin = NULL, *passargout = NULL;
+  	char *passin = NULL, *passout = NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  	int modulus=0;
+  
+  	apps_startup();
+***************
+*** 156,166 ****
+--- 158,170 ----
+  			if (--argc < 1) goto bad;
+  			passargout= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-sgckey") == 0)
+  			sgckey=1;
+  		else if (strcmp(*argv,"-pubin") == 0)
+***************
+*** 212,224 ****
+--- 216,232 ----
+  		BIO_printf(bio_err," -check          verify key consistency\n");
+  		BIO_printf(bio_err," -pubin          expect a public key in input file\n");
+  		BIO_printf(bio_err," -pubout         output a public key\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  		goto end;
+  		}
+  
+  	ERR_load_crypto_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(!app_passwd(bio_err, passargin, passargout, &passin, &passout)) {
+  		BIO_printf(bio_err, "Error getting passwords\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsautl.c ../RELENG_4/crypto/openssl/apps/rsautl.c
+*** crypto/openssl/apps/rsautl.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/rsautl.c	Mon Feb 24 21:14:50 2003
+***************
+*** 85,91 ****
+--- 85,93 ----
+  	ENGINE *e = NULL;
+  	BIO *in = NULL, *out = NULL;
+  	char *infile = NULL, *outfile = NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine = NULL;
++ #endif
+  	char *keyfile = NULL;
+  	char rsa_mode = RSA_VERIFY, key_type = KEY_PRIVKEY;
+  	int keyform = FORMAT_PEM;
+***************
+*** 125,133 ****
+--- 127,137 ----
+  		} else if (strcmp(*argv,"-keyform") == 0) {
+  			if (--argc < 1) badarg = 1;
+  			keyform=str2fmt(*(++argv));
++ #ifndef OPENSSL_NO_ENGINE
+  		} else if(!strcmp(*argv, "-engine")) {
+  			if (--argc < 1) badarg = 1;
+  			engine = *(++argv);
++ #endif
+  		} else if(!strcmp(*argv, "-pubin")) {
+  			key_type = KEY_PUBKEY;
+  		} else if(!strcmp(*argv, "-certin")) {
+***************
+*** 162,168 ****
+--- 166,174 ----
+  		goto end;
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  /* FIXME: seed PRNG only if needed */
+  	app_RAND_load_file(NULL, bio_err, 0);
+***************
+*** 305,311 ****
+--- 311,319 ----
+  	BIO_printf(bio_err, "-encrypt        encrypt with public key\n");
+  	BIO_printf(bio_err, "-decrypt        decrypt with private key\n");
+  	BIO_printf(bio_err, "-hexdump        hex dump output\n");
++ #ifndef OPENSSL_NO_ENGINE
+  	BIO_printf(bio_err, "-engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  
+  }
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_client.c ../RELENG_4/crypto/openssl/apps/s_client.c
+*** crypto/openssl/apps/s_client.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/s_client.c	Mon Feb 24 21:14:50 2003
+***************
+*** 222,228 ****
+--- 222,230 ----
+  	BIO_printf(bio_err,"                 for those protocols that support it, where\n");
+  	BIO_printf(bio_err,"                 'prot' defines which one to assume.  Currently,\n");
+  	BIO_printf(bio_err,"                 only \"smtp\" is supported.\n");
++ #ifndef OPENSSL_NO_ENGINE
+  	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
++ #endif
+  	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  
+  	}
+***************
+*** 254,261 ****
+--- 256,265 ----
+  	SSL_METHOD *meth=NULL;
+  	BIO *sbio;
+  	char *inrand=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine_id=NULL;
+  	ENGINE *e=NULL;
++ #endif
+  #ifdef OPENSSL_SYS_WINDOWS
+  	struct timeval tv;
+  #endif
+***************
+*** 415,425 ****
+--- 419,431 ----
+  			else
+  				goto bad;
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if	(strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine_id = *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-rand") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 444,450 ****
+--- 450,458 ----
+  	OpenSSL_add_ssl_algorithms();
+  	SSL_load_error_strings();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine_id, 1);
++ #endif
+  
+  	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+  		&& !RAND_status())
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_server.c ../RELENG_4/crypto/openssl/apps/s_server.c
+*** crypto/openssl/apps/s_server.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/s_server.c	Mon Feb 24 21:14:50 2003
+***************
+*** 242,248 ****
+--- 242,250 ----
+  static int s_quiet=0;
+  
+  static int hack=0;
++ #ifndef OPENSSL_NO_ENGINE
+  static char *engine_id=NULL;
++ #endif
+  static const char *session_id_prefix=NULL;
+  
+  #ifdef MONOLITH
+***************
+*** 267,273 ****
+--- 269,277 ----
+  	s_msg=0;
+  	s_quiet=0;
+  	hack=0;
++ #ifndef OPENSSL_NO_ENGINE
+  	engine_id=NULL;
++ #endif
+  	}
+  #endif
+  
+***************
+*** 316,322 ****
+--- 320,328 ----
+  	BIO_printf(bio_err," -WWW          - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+  	BIO_printf(bio_err," -HTTP         - Respond to a 'GET /<path> HTTP/1.0' with file ./<path>\n");
+          BIO_printf(bio_err,"                 with the assumption it contains a complete HTTP response.\n");
++ #ifndef OPENSSL_NO_ENGINE
+  	BIO_printf(bio_err," -engine id    - Initialise and use the specified engine\n");
++ #endif
+  	BIO_printf(bio_err," -id_prefix arg - Generate SSL/TLS session IDs prefixed by 'arg'\n");
+  	BIO_printf(bio_err," -rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  	}
+***************
+*** 490,496 ****
+--- 496,504 ----
+  	int no_tmp_rsa=0,no_dhe=0,nocert=0;
+  	int state=0;
+  	SSL_METHOD *meth=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e=NULL;
++ #endif
+  	char *inrand=NULL;
+  
+  #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
+***************
+*** 665,675 ****
+--- 673,685 ----
+  			if (--argc < 1) goto bad;
+  			session_id_prefix = *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine_id= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-rand") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+***************
+*** 694,700 ****
+--- 704,712 ----
+  	SSL_load_error_strings();
+  	OpenSSL_add_ssl_algorithms();
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine_id, 1);
++ #endif
+  
+  	if (!app_RAND_load_file(NULL, bio_err, 1) && inrand == NULL
+  		&& !RAND_status())
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/smime.c ../RELENG_4/crypto/openssl/apps/smime.c
+*** crypto/openssl/apps/smime.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/smime.c	Mon Feb 24 21:14:50 2003
+***************
+*** 104,110 ****
+--- 104,112 ----
+  	int need_rand = 0;
+  	int informat = FORMAT_SMIME, outformat = FORMAT_SMIME;
+          int keyform = FORMAT_PEM;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	args = argv + 1;
+  	ret = 1;
+***************
+*** 176,186 ****
+--- 178,190 ----
+  				inrand = *args;
+  			} else badarg = 1;
+  			need_rand = 1;
++ #ifndef OPENSSL_NO_ENGINE
+  		} else if (!strcmp(*args,"-engine")) {
+  			if (args[1]) {
+  				args++;
+  				engine = *args;
+  			} else badarg = 1;
++ #endif
+  		} else if (!strcmp(*args,"-passin")) {
+  			if (args[1]) {
+  				args++;
+***************
+*** 330,336 ****
+--- 334,342 ----
+  		BIO_printf (bio_err, "-CAfile file   trusted certificates file\n");
+  		BIO_printf (bio_err, "-crl_check     check revocation status of signer's certificate using CRLs\n");
+  		BIO_printf (bio_err, "-crl_check_all check revocation status of signer's certificate chain using CRLs\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf (bio_err, "-engine e      use engine e, possibly a hardware device.\n");
++ #endif
+  		BIO_printf (bio_err, "-passin arg    input file pass phrase source\n");
+  		BIO_printf(bio_err,  "-rand file%cfile%c...\n", LIST_SEPARATOR_CHAR, LIST_SEPARATOR_CHAR);
+  		BIO_printf(bio_err,  "               load the file (or the files in the directory) into\n");
+***************
+*** 339,345 ****
+--- 345,353 ----
+  		goto end;
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(!app_passwd(bio_err, passargin, NULL, &passin, NULL)) {
+  		BIO_printf(bio_err, "Error getting password\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/speed.c ../RELENG_4/crypto/openssl/apps/speed.c
+*** crypto/openssl/apps/speed.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/speed.c	Mon Feb 24 21:14:50 2003
+***************
+*** 58,63 ****
+--- 58,65 ----
+  
+  /* most of this code has been pilfered from my libdes speed.c program */
+  
++ #ifndef OPENSSL_NO_SPEED
++ 
+  #undef SECONDS
+  #define SECONDS		3	
+  #define RSA_SECONDS	10
+***************
+*** 370,376 ****
+--- 372,380 ----
+  
+  int MAIN(int argc, char **argv)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE *e = NULL;
++ #endif
+  	unsigned char *buf=NULL,*buf2=NULL;
+  	int mret=1;
+  	long count=0,save_count=0;
+***************
+*** 590,595 ****
+--- 594,600 ----
+  			j--;	/* Otherwise, -elapsed gets confused with
+  				   an algorithm. */
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if	((argc > 0) && (strcmp(*argv,"-engine") == 0))
+  			{
+  			argc--;
+***************
+*** 606,611 ****
+--- 611,617 ----
+  			   means all of them should be run) */
+  			j--;
+  			}
++ #endif
+  #ifdef HAVE_FORK
+  		else if	((argc > 0) && (strcmp(*argv,"-multi") == 0))
+  			{
+***************
+*** 865,871 ****
+--- 871,879 ----
+  #if defined(TIMES) || defined(USE_TOD)
+  			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+  #endif
++ #ifndef OPENSSL_NO_ENGINE
+  			BIO_printf(bio_err,"-engine e       use engine e, possibly a hardware device.\n");
++ #endif
+  			BIO_printf(bio_err,"-evp e          use EVP e.\n");
+  			BIO_printf(bio_err,"-decrypt        time decryption instead of encryption (only EVP).\n");
+  			BIO_printf(bio_err,"-mr             produce machine readable output.\n");
+***************
+*** 1393,1398 ****
+--- 1401,1407 ----
+  				else
+  					EVP_EncryptFinal_ex(&ctx,buf,&outl);
+  				d=Time_F(STOP);
++ 				EVP_CIPHER_CTX_cleanup(&ctx);
+  				}
+  			if (evp_md)
+  				{
+***************
+*** 1938,1941 ****
+--- 1947,1951 ----
+  		}
+  	return 1;
+  	}
++ #endif
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/spkac.c ../RELENG_4/crypto/openssl/apps/spkac.c
+*** crypto/openssl/apps/spkac.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/spkac.c	Mon Feb 24 21:14:50 2003
+***************
+*** 92,98 ****
+--- 92,100 ----
+  	CONF *conf = NULL;
+  	NETSCAPE_SPKI *spki = NULL;
+  	EVP_PKEY *pkey = NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	apps_startup();
+  
+***************
+*** 141,151 ****
+--- 143,155 ----
+  			if (--argc < 1) goto bad;
+  			spksect= *(++argv);
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-noout") == 0)
+  			noout=1;
+  		else if (strcmp(*argv,"-pubkey") == 0)
+***************
+*** 171,177 ****
+--- 175,183 ----
+  		BIO_printf(bio_err," -noout         don't print SPKAC\n");
+  		BIO_printf(bio_err," -pubkey        output public key\n");
+  		BIO_printf(bio_err," -verify        verify SPKAC signature\n");
++ #ifndef OPENSSL_NO_ENGINE
+  		BIO_printf(bio_err," -engine e      use engine e, possibly a hardware device.\n");
++ #endif
+  		goto end;
+  		}
+  
+***************
+*** 181,187 ****
+--- 187,195 ----
+  		goto end;
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if(keyfile) {
+  		pkey = load_key(bio_err,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/verify.c ../RELENG_4/crypto/openssl/apps/verify.c
+*** crypto/openssl/apps/verify.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/verify.c	Mon Feb 24 21:14:50 2003
+***************
+*** 86,92 ****
+--- 86,94 ----
+  	STACK_OF(X509) *untrusted = NULL, *trusted = NULL;
+  	X509_STORE *cert_ctx=NULL;
+  	X509_LOOKUP *lookup=NULL;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	cert_ctx=X509_STORE_new();
+  	if (cert_ctx == NULL) goto end;
+***************
+*** 142,152 ****
+--- 144,156 ----
+  				if (argc-- < 1) goto end;
+  				trustfile= *(++argv);
+  				}
++ #ifndef OPENSSL_NO_ENGINE
+  			else if (strcmp(*argv,"-engine") == 0)
+  				{
+  				if (--argc < 1) goto end;
+  				engine= *(++argv);
+  				}
++ #endif
+  			else if (strcmp(*argv,"-help") == 0)
+  				goto end;
+  			else if (strcmp(*argv,"-ignore_critical") == 0)
+***************
+*** 170,176 ****
+--- 174,182 ----
+  			break;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	lookup=X509_STORE_add_lookup(cert_ctx,X509_LOOKUP_file());
+  	if (lookup == NULL) abort();
+***************
+*** 219,225 ****
+  	ret=0;
+  end:
+  	if (ret == 1) {
+! 		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check] [-engine e] cert1 cert2 ...\n");
+  		BIO_printf(bio_err,"recognized usages:\n");
+  		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+  			X509_PURPOSE *ptmp;
+--- 225,235 ----
+  	ret=0;
+  end:
+  	if (ret == 1) {
+! 		BIO_printf(bio_err,"usage: verify [-verbose] [-CApath path] [-CAfile file] [-purpose purpose] [-crl_check]");
+! #ifndef OPENSSL_NO_ENGINE
+! 		BIO_printf(bio_err," [-engine e]");
+! #endif
+! 		BIO_printf(bio_err," cert1 cert2 ...\n");
+  		BIO_printf(bio_err,"recognized usages:\n");
+  		for(i = 0; i < X509_PURPOSE_get_count(); i++) {
+  			X509_PURPOSE *ptmp;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/x509.c ../RELENG_4/crypto/openssl/apps/x509.c
+*** crypto/openssl/apps/x509.c	Mon Feb 24 20:42:41 2003
+--- ../RELENG_4/crypto/openssl/apps/x509.c	Mon Feb 24 21:14:50 2003
+***************
+*** 131,137 ****
+--- 131,139 ----
+  " -extensions     - section from config file with X509V3 extensions to add\n",
+  " -clrext         - delete extensions before signing and input certificate\n",
+  " -nameopt arg    - various certificate name options\n",
++ #ifndef OPENSSL_NO_ENGINE
+  " -engine e       - use engine e, possibly a hardware device.\n",
++ #endif
+  " -certopt arg    - various certificate text options\n",
+  NULL
+  };
+***************
+*** 183,189 ****
+--- 185,193 ----
+  	int need_rand = 0;
+  	int checkend=0,checkoffset=0;
+  	unsigned long nmflag = 0, certflag = 0;
++ #ifndef OPENSSL_NO_ENGINE
+  	char *engine=NULL;
++ #endif
+  
+  	reqfile=0;
+  
+***************
+*** 360,370 ****
+--- 364,376 ----
+  			alias= *(++argv);
+  			trustout = 1;
+  			}
++ #ifndef OPENSSL_NO_ENGINE
+  		else if (strcmp(*argv,"-engine") == 0)
+  			{
+  			if (--argc < 1) goto bad;
+  			engine= *(++argv);
+  			}
++ #endif
+  		else if (strcmp(*argv,"-C") == 0)
+  			C= ++num;
+  		else if (strcmp(*argv,"-email") == 0)
+***************
+*** 450,456 ****
+--- 456,464 ----
+  		goto end;
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+          e = setup_engine(bio_err, engine, 0);
++ #endif
+  
+  	if (need_rand)
+  		app_RAND_load_file(NULL, bio_err, 0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/config ../RELENG_4/crypto/openssl/config
+*** crypto/openssl/config	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/config	Mon Feb 24 21:14:49 2003
+***************
+*** 74,107 ****
+  		echo "whatever-whatever-sco5"; exit 0
+  		;;
+  	    4.2MP)
+! 		if [ "x$VERSION" = "x2.01" ]; then
+! 		    echo "${MACHINE}-whatever-unixware201"; exit 0
+! 		elif [ "x$VERSION" = "x2.02" ]; then
+! 		    echo "${MACHINE}-whatever-unixware202"; exit 0
+! 		elif [ "x$VERSION" = "x2.03" ]; then
+! 		    echo "${MACHINE}-whatever-unixware203"; exit 0
+! 		elif [ "x$VERSION" = "x2.1.1" ]; then
+! 		    echo "${MACHINE}-whatever-unixware211"; exit 0
+! 		elif [ "x$VERSION" = "x2.1.2" ]; then
+! 		    echo "${MACHINE}-whatever-unixware212"; exit 0
+! 		elif [ "x$VERSION" = "x2.1.3" ]; then
+! 		    echo "${MACHINE}-whatever-unixware213"; exit 0
+! 		else
+! 		    echo "${MACHINE}-whatever-unixware2"; exit 0
+! 		fi
+  		;;
+  	    4.2)
+! 		echo "whatever-whatever-unixware1"; exit 0
+! 		;;
+! 	    OpenUNIX)
+! 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x8" ]; then
+! 		    echo "${MACHINE}-unknown-OpenUNIX${VERSION}"; exit 0
+! 		fi
+  		;;
+  	    5)
+! 		if [ "`echo x$VERSION | sed -e 's/\..*//'`" = "x7" ]; then
+! 		    echo "${MACHINE}-sco-unixware7"; exit 0
+! 		fi
+  		;;
+  	esac
+      fi
+--- 74,100 ----
+  		echo "whatever-whatever-sco5"; exit 0
+  		;;
+  	    4.2MP)
+! 		case "x${VERSION}" in
+! 		    x2.0*) echo "whatever-whatever-unixware20"; exit 0 ;;
+! 		    x2.1*) echo "whatever-whatever-unixware21"; exit 0 ;;
+! 		    x2*)   echo "whatever-whatever-unixware2";  exit 0 ;;
+! 		esac
+  		;;
+  	    4.2)
+! 		echo "i386-whatever-unixware1"; exit 0
+  		;;
+  	    5)
+! 		case "x${VERSION}" in
+! 		    # We hardcode i586 in place of ${MACHINE} for the
+! 		    # following reason. The catch is that even though Pentium
+! 		    # is minimum requirement for platforms in question,
+! 		    # ${MACHINE} gets always assigned to i386. Now, problem
+! 		    # with i386 is that it makes ./config pass 386 to
+! 		    # ./Configure, which in turn makes make generate
+! 		    # inefficient SHA-1 (for this moment) code.
+! 		    x7*)  echo "i586-sco-unixware7";           exit 0 ;;
+! 		    x8*)  echo "i586-unkn-OpenUNIX${VERSION}"; exit 0 ;;
+! 		esac
+  		;;
+  	esac
+      fi
+***************
+*** 196,202 ****
+  	echo "${MACHINE}-whatever-bsdi"; exit 0
+  	;;
+  
+!     FreeBSD:*)
+          VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+          MACH=`sysctl -n hw.model`
+          ARCH='whatever'
+--- 189,195 ----
+  	echo "${MACHINE}-whatever-bsdi"; exit 0
+  	;;
+  
+!     FreeBSD:*:*:*386*)
+          VERS=`echo ${RELEASE} | sed -e 's/[-(].*//'`
+          MACH=`sysctl -n hw.model`
+          ARCH='whatever'
+***************
+*** 205,211 ****
+             *486*       ) MACH="i486"     ;;
+             Pentium\ II*) MACH="i686"     ;;
+             Pentium*    ) MACH="i586"     ;;
+-            Alpha*      ) MACH="alpha"    ;;
+             *           ) MACH="$MACHINE" ;;
+          esac
+          case ${MACH} in
+--- 198,203 ----
+***************
+*** 214,219 ****
+--- 206,215 ----
+          echo "${MACH}-${ARCH}-freebsd${VERS}"; exit 0
+          ;;
+  
++     FreeBSD:*)
++ 	echo "${MACHINE}-whatever-freebsd"; exit 0
++ 	;;
++ 
+      NetBSD:*:*:*386*)
+          echo "`(/usr/sbin/sysctl -n hw.model || /sbin/sysctl -n hw.model) | sed 's,.*\(.\)86-class.*,i\186,'`-whatever-netbsd"; exit 0
+  	;;
+***************
+*** 461,466 ****
+--- 457,466 ----
+    fi
+  fi
+  
++ if [ "${SYSTEM}" = "AIX" ]; then	# favor vendor cc over gcc
++     (cc) 2>&1 | grep -iv "command not found" > /dev/null && CC=cc
++ fi
++ 
+  CCVER=${CCVER:-0}
+  
+  # read the output of the embedded GuessOS 
+***************
+*** 547,553 ****
+    ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
+    i386-apple-darwin*) OUT="darwin-i386-cc" ;;
+    sparc64-*-linux2)
+! 	echo "WARNING! If *know* that your GNU C supports 64-bit/V9 ABI"
+  	echo "         and wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	if [ "$TEST" = "false" ]; then
+--- 547,553 ----
+    ppc-apple-darwin*) OUT="darwin-ppc-cc" ;;
+    i386-apple-darwin*) OUT="darwin-i386-cc" ;;
+    sparc64-*-linux2)
+! 	echo "WARNING! If you *know* that your GNU C supports 64-bit/V9 ABI"
+  	echo "         and wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	if [ "$TEST" = "false" ]; then
+***************
+*** 640,645 ****
+--- 640,647 ----
+    *86*-*-solaris2) OUT="solaris-x86-$CC" ;;
+    *-*-sunos4) OUT="sunos-$CC" ;;
+    alpha*-*-freebsd*) OUT="FreeBSD-alpha" ;;
++   sparc64-*-freebsd*) OUT="FreeBSD-sparc64" ;;
++   ia64-*-freebsd*) OUT="FreeBSD-ia64" ;;
+    *-freebsd[3-9]*) OUT="FreeBSD-elf" ;;
+    *-freebsd[1-2]*) OUT="FreeBSD" ;;
+    *86*-*-netbsd) OUT="NetBSD-x86" ;;
+***************
+*** 696,704 ****
+  	CPU_VERSION=${CPU_VERSION:-0}
+  	# See <sys/unistd.h> for further info on CPU_VERSION.
+  	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
+! 	     echo "NOTICE! 64-bit is the only ABI currently operational on HP-UXi."
+! 	     echo "        Post request to openssl-dev@openssl.org for 32-bit support."
+  	     if [ "$TEST" = "false" ]; then
+  		(stty -icanon min 0 time 50; read waste) < /dev/tty
+  	     fi
+  	     OUT="hpux64-ia64-cc"
+--- 698,708 ----
+  	CPU_VERSION=${CPU_VERSION:-0}
+  	# See <sys/unistd.h> for further info on CPU_VERSION.
+  	if   [ $CPU_VERSION -ge 768 ]; then	# IA-64 CPU
+! 	     echo "WARNING! 64-bit ABI is the default configured ABI on HP-UXi."
+! 	     echo "         If you wish to build 32-bit library, the you have to"
+! 	     echo "         invoke './Configure hpux-ia32-cc' *manually*."
+  	     if [ "$TEST" = "false" ]; then
++ 		echo "         You have about 5 seconds to press Ctrl-C to abort."
+  		(stty -icanon min 0 time 50; read waste) < /dev/tty
+  	     fi
+  	     OUT="hpux64-ia64-cc"
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/aes/aes_core.c ../RELENG_4/crypto/openssl/crypto/aes/aes_core.c
+*** crypto/openssl/crypto/aes/aes_core.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/aes/aes_core.c	Mon Feb 24 21:14:51 2003
+***************
+*** 750,756 ****
+  	rk[2] = GETU32(userKey +  8);
+  	rk[3] = GETU32(userKey + 12);
+  	if (bits == 128) {
+! 		for (;;) {
+  			temp  = rk[3];
+  			rk[4] = rk[0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+--- 750,756 ----
+  	rk[2] = GETU32(userKey +  8);
+  	rk[3] = GETU32(userKey + 12);
+  	if (bits == 128) {
+! 		while (1) {
+  			temp  = rk[3];
+  			rk[4] = rk[0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+***************
+*** 770,776 ****
+  	rk[4] = GETU32(userKey + 16);
+  	rk[5] = GETU32(userKey + 20);
+  	if (bits == 192) {
+! 		for (;;) {
+  			temp = rk[ 5];
+  			rk[ 6] = rk[ 0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+--- 770,776 ----
+  	rk[4] = GETU32(userKey + 16);
+  	rk[5] = GETU32(userKey + 20);
+  	if (bits == 192) {
+! 		while (1) {
+  			temp = rk[ 5];
+  			rk[ 6] = rk[ 0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+***************
+*** 792,798 ****
+  	rk[6] = GETU32(userKey + 24);
+  	rk[7] = GETU32(userKey + 28);
+  	if (bits == 256) {
+! 		for (;;) {
+  			temp = rk[ 7];
+  			rk[ 8] = rk[ 0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+--- 792,798 ----
+  	rk[6] = GETU32(userKey + 24);
+  	rk[7] = GETU32(userKey + 28);
+  	if (bits == 256) {
+! 		while (1) {
+  			temp = rk[ 7];
+  			rk[ 8] = rk[ 0] ^
+  				(Te4[(temp >> 16) & 0xff] & 0xff000000) ^
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_time.c ../RELENG_4/crypto/openssl/crypto/asn1/a_time.c
+*** crypto/openssl/crypto/asn1/a_time.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/asn1/a_time.c	Mon Feb 24 21:14:51 2003
+***************
+*** 105,111 ****
+--- 105,114 ----
+  
+  	ts=OPENSSL_gmtime(&t,&data);
+  	if (ts == NULL)
++ 		{
++ 		ASN1err(ASN1_F_ASN1_TIME_SET, ASN1_R_ERROR_GETTING_TIME);
+  		return NULL;
++ 		}
+  	if((ts->tm_year >= 50) && (ts->tm_year < 150))
+  					return ASN1_UTCTIME_set(s, t);
+  	return ASN1_GENERALIZEDTIME_set(s,t);
+***************
+*** 152,158 ****
+  	if (t->data[0] >= '5') strcpy(str, "19");
+  	else strcpy(str, "20");
+  
+! 	BUF_strlcat(str, (char *)t->data, t->length+2);
+  
+  	return ret;
+  	}
+--- 155,161 ----
+  	if (t->data[0] >= '5') strcpy(str, "19");
+  	else strcpy(str, "20");
+  
+! 	BUF_strlcat(str, (char *)t->data, t->length+3);	/* Include space for a '\0' */
+  
+  	return ret;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/asn1.h ../RELENG_4/crypto/openssl/crypto/asn1/asn1.h
+*** crypto/openssl/crypto/asn1/asn1.h	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/asn1/asn1.h	Mon Feb 24 21:14:51 2003
+***************
+*** 980,985 ****
+--- 980,986 ----
+  #define ASN1_F_ASN1_TEMPLATE_D2I			 131
+  #define ASN1_F_ASN1_TEMPLATE_EX_D2I			 132
+  #define ASN1_F_ASN1_TEMPLATE_NEW			 133
++ #define ASN1_F_ASN1_TIME_SET				 175
+  #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING		 134
+  #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING		 135
+  #define ASN1_F_ASN1_UNPACK_STRING			 136
+***************
+*** 1037,1042 ****
+--- 1038,1044 ----
+  #define ASN1_R_DECODE_ERROR				 110
+  #define ASN1_R_DECODING_ERROR				 111
+  #define ASN1_R_ENCODE_ERROR				 112
++ #define ASN1_R_ERROR_GETTING_TIME			 173
+  #define ASN1_R_ERROR_LOADING_SECTION			 172
+  #define ASN1_R_ERROR_PARSING_SET_ELEMENT		 113
+  #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS		 114
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/asn1_err.c ../RELENG_4/crypto/openssl/crypto/asn1/asn1_err.c
+*** crypto/openssl/crypto/asn1/asn1_err.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/asn1/asn1_err.c	Mon Feb 24 21:14:51 2003
+***************
+*** 1,6 ****
+  /* crypto/asn1/asn1_err.c */
+  /* ====================================================================
+!  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+--- 1,6 ----
+  /* crypto/asn1/asn1_err.c */
+  /* ====================================================================
+!  * Copyright (c) 1999-2002 The OpenSSL Project.  All rights reserved.
+   *
+   * Redistribution and use in source and binary forms, with or without
+   * modification, are permitted provided that the following conditions
+***************
+*** 100,105 ****
+--- 100,106 ----
+  {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0),	"ASN1_TEMPLATE_D2I"},
+  {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0),	"ASN1_TEMPLATE_EX_D2I"},
+  {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0),	"ASN1_TEMPLATE_NEW"},
++ {ERR_PACK(0,ASN1_F_ASN1_TIME_SET,0),	"ASN1_TIME_set"},
+  {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0),	"ASN1_TYPE_get_int_octetstring"},
+  {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0),	"ASN1_TYPE_get_octetstring"},
+  {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0),	"ASN1_unpack_string"},
+***************
+*** 160,165 ****
+--- 161,167 ----
+  {ASN1_R_DECODE_ERROR                     ,"decode error"},
+  {ASN1_R_DECODING_ERROR                   ,"decoding error"},
+  {ASN1_R_ENCODE_ERROR                     ,"encode error"},
++ {ASN1_R_ERROR_GETTING_TIME               ,"error getting time"},
+  {ASN1_R_ERROR_LOADING_SECTION            ,"error loading section"},
+  {ASN1_R_ERROR_PARSING_SET_ELEMENT        ,"error parsing set element"},
+  {ASN1_R_ERROR_SETTING_CIPHER_PARAMS      ,"error setting cipher params"},
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/bf/Makefile.ssl
+*** crypto/openssl/crypto/bf/Makefile.ssl	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/bf/Makefile.ssl	Mon Feb 24 21:14:51 2003
+***************
+*** 49,62 ****
+  	@touch lib
+  
+  # elf
+! asm/bx86-elf.o: asm/bx86unix.cpp
+! 	$(CPP) -DELF -x c asm/bx86unix.cpp | as -o asm/bx86-elf.o
+! 
+! # solaris
+! asm/bx86-sol.o: asm/bx86unix.cpp
+! 	$(CC) -E -DSOL asm/bx86unix.cpp | sed 's/^#.*//' > asm/bx86-sol.s
+! 	as -o asm/bx86-sol.o asm/bx86-sol.s
+! 	rm -f asm/bx86-sol.s
+  
+  # a.out
+  asm/bx86-out.o: asm/bx86unix.cpp
+--- 49,56 ----
+  	@touch lib
+  
+  # elf
+! asm/bx86-elf.s: asm/bf-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+! 	(cd asm; $(PERL) bf-586.pl elf $(CFLAGS) $(PROCESSOR) > bx86-elf.s)
+  
+  # a.out
+  asm/bx86-out.o: asm/bx86unix.cpp
+***************
+*** 103,109 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/bx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 97,103 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/bx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/b_sock.c ../RELENG_4/crypto/openssl/crypto/bio/b_sock.c
+*** crypto/openssl/crypto/bio/b_sock.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/bio/b_sock.c	Mon Feb 24 21:14:51 2003
+***************
+*** 492,498 ****
+  
+  #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
+  
+! int BIO_socket_ioctl(int fd, long type, unsigned long *arg)
+  	{
+  	int i;
+  
+--- 492,498 ----
+  
+  #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000
+  
+! int BIO_socket_ioctl(int fd, long type, void *arg)
+  	{
+  	int i;
+  
+***************
+*** 742,748 ****
+  int BIO_socket_nbio(int s, int mode)
+  	{
+  	int ret= -1;
+! 	unsigned long l;
+  
+  	l=mode;
+  #ifdef FIONBIO
+--- 742,748 ----
+  int BIO_socket_nbio(int s, int mode)
+  	{
+  	int ret= -1;
+! 	int l;
+  
+  	l=mode;
+  #ifdef FIONBIO
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bio.h ../RELENG_4/crypto/openssl/crypto/bio/bio.h
+*** crypto/openssl/crypto/bio/bio.h	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/bio/bio.h	Mon Feb 24 21:14:51 2003
+***************
+*** 244,250 ****
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_fat *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+--- 244,250 ----
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_far *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+***************
+*** 585,591 ****
+   * and an appropriate error code is set).
+   */
+  int BIO_sock_error(int sock);
+! int BIO_socket_ioctl(int fd, long type, unsigned long *arg);
+  int BIO_socket_nbio(int fd,int mode);
+  int BIO_get_port(const char *str, unsigned short *port_ptr);
+  int BIO_get_host_ip(const char *str, unsigned char *ip);
+--- 585,591 ----
+   * and an appropriate error code is set).
+   */
+  int BIO_sock_error(int sock);
+! int BIO_socket_ioctl(int fd, long type, void *arg);
+  int BIO_socket_nbio(int fd,int mode);
+  int BIO_get_port(const char *str, unsigned short *port_ptr);
+  int BIO_get_host_ip(const char *str, unsigned char *ip);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bio_lib.c ../RELENG_4/crypto/openssl/crypto/bio/bio_lib.c
+*** crypto/openssl/crypto/bio/bio_lib.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/bio/bio_lib.c	Mon Feb 24 21:14:51 2003
+***************
+*** 395,400 ****
+--- 395,402 ----
+  	if (b == NULL) return(NULL);
+  	ret=b->next_bio;
+  
++ 	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
++ 
+  	if (b->prev_bio != NULL)
+  		b->prev_bio->next_bio=b->next_bio;
+  	if (b->next_bio != NULL)
+***************
+*** 402,408 ****
+  
+  	b->next_bio=NULL;
+  	b->prev_bio=NULL;
+- 	BIO_ctrl(b,BIO_CTRL_POP,0,NULL);
+  	return(ret);
+  	}
+  
+--- 404,409 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/bn/Makefile.ssl
+*** crypto/openssl/crypto/bn/Makefile.ssl	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/bn/Makefile.ssl	Mon Feb 24 21:14:51 2003
+***************
+*** 23,36 ****
+  
+  CFLAGS= $(INCLUDES) $(CFLAG)
+  
+- # We let the C compiler driver to take care of .s files. This is done in
+- # order to be excused from maintaining a separate set of architecture
+- # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+- # gcc, then the driver will automatically translate it to -xarch=v8plus
+- # and pass it down to assembler.
+- AS=$(CC) -c
+- ASFLAGS=$(CFLAGS)
+- 
+  GENERAL=Makefile
+  TEST=bntest.c exptest.c
+  APPS=
+--- 23,28 ----
+***************
+*** 73,94 ****
+  	@touch lib
+  
+  # elf
+! asm/bn86-elf.o: asm/bn86unix.cpp
+! 	$(CPP) -DELF -x c asm/bn86unix.cpp | as -o asm/bn86-elf.o
+! 
+! asm/co86-elf.o: asm/co86unix.cpp
+! 	$(CPP) -DELF -x c asm/co86unix.cpp | as -o asm/co86-elf.o
+  
+! # solaris
+! asm/bn86-sol.o: asm/bn86unix.cpp
+! 	$(CC) -E -DSOL asm/bn86unix.cpp | sed 's/^#.*//' > asm/bn86-sol.s
+! 	as -o asm/bn86-sol.o asm/bn86-sol.s
+! 	rm -f asm/bn86-sol.s
+! 
+! asm/co86-sol.o: asm/co86unix.cpp
+! 	$(CC) -E -DSOL asm/co86unix.cpp | sed 's/^#.*//' > asm/co86-sol.s
+! 	as -o asm/co86-sol.o asm/co86-sol.s
+! 	rm -f asm/co86-sol.s
+  
+  # a.out
+  asm/bn86-out.o: asm/bn86unix.cpp
+--- 65,75 ----
+  	@touch lib
+  
+  # elf
+! asm/bn86-elf.s:	asm/bn-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) bn-586.pl elf $(CFLAGS) > bn86-elf.s)
+  
+! asm/co86-elf.s:	asm/co-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) co-586.pl elf $(CFLAGS) > co86-elf.s)
+  
+  # a.out
+  asm/bn86-out.o: asm/bn86unix.cpp
+***************
+*** 178,184 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/co86unix.cpp asm/bn86unix.cpp *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 159,165 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/co86unix.cpp asm/bn86unix.cpp asm/*-elf.* *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff bn_asm.s
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/asm/ia64.S ../RELENG_4/crypto/openssl/crypto/bn/asm/ia64.S
+*** crypto/openssl/crypto/bn/asm/ia64.S	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/bn/asm/ia64.S	Mon Feb 24 21:14:52 2003
+***************
+*** 1,6 ****
+  .explicit
+  .text
+! .ident	"ia64.S, Version 1.1"
+  .ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+  
+  //
+--- 1,6 ----
+  .explicit
+  .text
+! .ident	"ia64.S, Version 2.0"
+  .ident	"IA-64 ISA artwork by Andy Polyakov <appro@fy.chalmers.se>"
+  
+  //
+***************
+*** 13,18 ****
+--- 13,47 ----
+  // disclaimed.
+  // ====================================================================
+  //
++ // Version 2.x is Itanium2 re-tune. Few words about how Itanum2 is
++ // different from Itanium to this module viewpoint. Most notably, is it
++ // "wider" than Itanium? Can you experience loop scalability as
++ // discussed in commentary sections? Not really:-( Itanium2 has 6
++ // integer ALU ports, i.e. it's 2 ports wider, but it's not enough to
++ // spin twice as fast, as I need 8 IALU ports. Amount of floating point
++ // ports is the same, i.e. 2, while I need 4. In other words, to this
++ // module Itanium2 remains effectively as "wide" as Itanium. Yet it's
++ // essentially different in respect to this module, and a re-tune was
++ // required. Well, because some intruction latencies has changed. Most
++ // noticeably those intensively used:
++ //
++ //			Itanium	Itanium2
++ //	ldf8		9	6		L2 hit
++ //	ld8		2	1		L1 hit
++ //	getf		2	5
++ //	xma[->getf]	7[+1]	4[+0]
++ //	add[->st8]	1[+1]	1[+0]
++ //
++ // What does it mean? You might ratiocinate that the original code
++ // should run just faster... Because sum of latencies is smaller...
++ // Wrong! Note that getf latency increased. This means that if a loop is
++ // scheduled for lower latency (and they are), then it will suffer from
++ // stall condition and the code will therefore turn anti-scalable, e.g.
++ // original bn_mul_words spun at 5*n or 2.5 times slower than expected
++ // on Itanium2! What to do? Reschedule loops for Itanium2? But then
++ // Itanium would exhibit anti-scalability. So I've chosen to reschedule
++ // for worst latency for every instruction aiming for best *all-round*
++ // performance.  
+  
+  // Q.	How much faster does it get?
+  // A.	Here is the output from 'openssl speed rsa dsa' for vanilla
+***************
+*** 149,160 ****
+  	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
+  					}
+  	.body
+! { .mib;	mov		r14=r32			// rp
+  	mov		r9=pr		};;
+! { .mii;	mov		r15=r33			// ap
+  	mov		ar.lc=r10
+  	mov		ar.ec=6		}
+! { .mib;	mov		r16=r34			// bp
+  	mov		pr.rot=1<<16	};;
+  
+  .L_bn_add_words_ctop:
+--- 178,204 ----
+  	brp.loop.imp	.L_bn_add_words_ctop,.L_bn_add_words_cend-16
+  					}
+  	.body
+! { .mib;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r14=0,r32		// rp
+! #else
+! 	mov		r14=r32			// rp
+! #endif
+  	mov		r9=pr		};;
+! { .mii;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r15=0,r33		// ap
+! #else
+! 	mov		r15=r33			// ap
+! #endif
+  	mov		ar.lc=r10
+  	mov		ar.ec=6		}
+! { .mib;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r16=0,r34		// bp
+! #else
+! 	mov		r16=r34			// bp
+! #endif
+  	mov		pr.rot=1<<16	};;
+  
+  .L_bn_add_words_ctop:
+***************
+*** 174,180 ****
+  
+  { .mii;
+  (p59)	add		r8=1,r8		// return value
+! 	mov		pr=r9,-1
+  	mov		ar.lc=r3	}
+  { .mbb;	nop.b		0x0
+  	br.ret.sptk.many	b0	};;
+--- 218,224 ----
+  
+  { .mii;
+  (p59)	add		r8=1,r8		// return value
+! 	mov		pr=r9,0x1ffff
+  	mov		ar.lc=r3	}
+  { .mbb;	nop.b		0x0
+  	br.ret.sptk.many	b0	};;
+***************
+*** 202,213 ****
+  	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
+  					}
+  	.body
+! { .mib;	mov		r14=r32			// rp
+  	mov		r9=pr		};;
+! { .mii;	mov		r15=r33			// ap
+  	mov		ar.lc=r10
+  	mov		ar.ec=6		}
+! { .mib;	mov		r16=r34			// bp
+  	mov		pr.rot=1<<16	};;
+  
+  .L_bn_sub_words_ctop:
+--- 246,272 ----
+  	brp.loop.imp	.L_bn_sub_words_ctop,.L_bn_sub_words_cend-16
+  					}
+  	.body
+! { .mib;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r14=0,r32		// rp
+! #else
+! 	mov		r14=r32			// rp
+! #endif
+  	mov		r9=pr		};;
+! { .mii;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r15=0,r33		// ap
+! #else
+! 	mov		r15=r33			// ap
+! #endif
+  	mov		ar.lc=r10
+  	mov		ar.ec=6		}
+! { .mib;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r16=0,r34		// bp
+! #else
+! 	mov		r16=r34			// bp
+! #endif
+  	mov		pr.rot=1<<16	};;
+  
+  .L_bn_sub_words_ctop:
+***************
+*** 227,233 ****
+  
+  { .mii;
+  (p59)	add		r8=1,r8		// return value
+! 	mov		pr=r9,-1
+  	mov		ar.lc=r3	}
+  { .mbb;	nop.b		0x0
+  	br.ret.sptk.many	b0	};;
+--- 286,292 ----
+  
+  { .mii;
+  (p59)	add		r8=1,r8		// return value
+! 	mov		pr=r9,0x1ffff
+  	mov		ar.lc=r3	}
+  { .mbb;	nop.b		0x0
+  	br.ret.sptk.many	b0	};;
+***************
+*** 253,259 ****
+  #ifdef XMA_TEMPTATION
+  { .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;
+  #else
+! { .mfi;	alloc		r2=ar.pfs,4,4,0,8	};;
+  #endif
+  { .mib;	mov		r8=r0			// return value
+  	cmp4.le		p6,p0=r34,r0
+--- 312,318 ----
+  #ifdef XMA_TEMPTATION
+  { .mfi;	alloc		r2=ar.pfs,4,0,0,0	};;
+  #else
+! { .mfi;	alloc		r2=ar.pfs,4,12,0,16	};;
+  #endif
+  { .mib;	mov		r8=r0			// return value
+  	cmp4.le		p6,p0=r34,r0
+***************
+*** 266,289 ****
+  
+  	.body
+  { .mib;	setf.sig	f8=r35	// w
+! 	mov		pr.rot=0x400001<<16
+! 			// ------^----- serves as (p48) at first (p26)
+  	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
+  					}
+  
+  #ifndef XMA_TEMPTATION
+  
+! { .mii;	mov		r14=r32	// rp
+! 	mov		r15=r33	// ap
+  	mov		ar.lc=r10	}
+! { .mii;	mov		r39=0	// serves as r33 at first (p26)
+! 	mov		ar.ec=12	};;
+  
+! // This loop spins in 2*(n+11) ticks. It's scheduled for data in L2
+! // cache (i.e. 9 ticks away) as floating point load/store instructions
+  // bypass L1 cache and L2 latency is actually best-case scenario for
+! // ldf8. The loop is not scalable and shall run in 2*(n+11) even on
+! // "wider" IA-64 implementations. It's a trade-off here. n+22 loop
+  // would give us ~5% in *overall* performance improvement on "wider"
+  // IA-64, but would hurt Itanium for about same because of longer
+  // epilogue. As it's a matter of few percents in either case I've
+--- 325,354 ----
+  
+  	.body
+  { .mib;	setf.sig	f8=r35	// w
+! 	mov		pr.rot=0x800001<<16
+! 			// ------^----- serves as (p50) at first (p27)
+  	brp.loop.imp	.L_bn_mul_words_ctop,.L_bn_mul_words_cend-16
+  					}
+  
+  #ifndef XMA_TEMPTATION
+  
+! { .mii;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r14=0,r32	// rp
+! 	addp4		r15=0,r33	// ap
+! #else
+! 	mov		r14=r32		// rp
+! 	mov		r15=r33		// ap
+! #endif
+  	mov		ar.lc=r10	}
+! { .mii;	mov		r40=0	// serves as r35 at first (p27)
+! 	mov		ar.ec=13	};;
+  
+! // This loop spins in 2*(n+12) ticks. It's scheduled for data in Itanium
+! // L2 cache (i.e. 9 ticks away) as floating point load/store instructions
+  // bypass L1 cache and L2 latency is actually best-case scenario for
+! // ldf8. The loop is not scalable and shall run in 2*(n+12) even on
+! // "wider" IA-64 implementations. It's a trade-off here. n+24 loop
+  // would give us ~5% in *overall* performance improvement on "wider"
+  // IA-64, but would hurt Itanium for about same because of longer
+  // epilogue. As it's a matter of few percents in either case I've
+***************
+*** 291,315 ****
+  // this very instruction sequence in bn_mul_add_words loop which in
+  // turn is scalable).
+  .L_bn_mul_words_ctop:
+! { .mfi;	(p25)	getf.sig	r36=f49			// low
+! 	(p21)	xmpy.lu		f45=f37,f8
+! 	(p27)	cmp.ltu		p52,p48=r39,r38	}
+  { .mfi;	(p16)	ldf8		f32=[r15],8
+! 	(p21)	xmpy.hu		f38=f37,f8
+  	(p0)	nop.i		0x0		};;
+! { .mii;	(p26)	getf.sig	r32=f43			// high
+! 	.pred.rel	"mutex",p48,p52
+! 	(p48)	add		r38=r37,r33		// (p26)
+! 	(p52)	add		r38=r37,r33,1	}	// (p26)
+! { .mfb;	(p27)	st8		[r14]=r39,8
+  	(p0)	nop.f		0x0
+  	br.ctop.sptk	.L_bn_mul_words_ctop	};;
+  .L_bn_mul_words_cend:
+  
+  { .mii;	nop.m		0x0
+! .pred.rel	"mutex",p49,p53
+! (p49)	add		r8=r34,r0
+! (p53)	add		r8=r34,r0,1	}
+  { .mfb;	nop.m	0x0
+  	nop.f	0x0
+  	nop.b	0x0			}
+--- 356,380 ----
+  // this very instruction sequence in bn_mul_add_words loop which in
+  // turn is scalable).
+  .L_bn_mul_words_ctop:
+! { .mfi;	(p25)	getf.sig	r36=f52			// low
+! 	(p21)	xmpy.lu		f48=f37,f8
+! 	(p28)	cmp.ltu		p54,p50=r41,r39	}
+  { .mfi;	(p16)	ldf8		f32=[r15],8
+! 	(p21)	xmpy.hu		f40=f37,f8
+  	(p0)	nop.i		0x0		};;
+! { .mii;	(p25)	getf.sig	r32=f44			// high
+! 	.pred.rel	"mutex",p50,p54
+! 	(p50)	add		r40=r38,r35		// (p27)
+! 	(p54)	add		r40=r38,r35,1	}	// (p27)
+! { .mfb;	(p28)	st8		[r14]=r41,8
+  	(p0)	nop.f		0x0
+  	br.ctop.sptk	.L_bn_mul_words_ctop	};;
+  .L_bn_mul_words_cend:
+  
+  { .mii;	nop.m		0x0
+! .pred.rel	"mutex",p51,p55
+! (p51)	add		r8=r36,r0
+! (p55)	add		r8=r36,r0,1	}
+  { .mfb;	nop.m	0x0
+  	nop.f	0x0
+  	nop.b	0x0			}
+***************
+*** 344,350 ****
+  #endif	// XMA_TEMPTATION
+  
+  { .mii;	nop.m		0x0
+! 	mov		pr=r9,-1
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+--- 409,415 ----
+  #endif	// XMA_TEMPTATION
+  
+  { .mii;	nop.m		0x0
+! 	mov		pr=r9,0x1ffff
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+***************
+*** 376,434 ****
+  
+  	.body
+  { .mib;	setf.sig	f8=r35	// w
+! 	mov		pr.rot=0x400001<<16
+! 			// ------^----- serves as (p48) at first (p26)
+  	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
+  					}
+! { .mii;	mov		r14=r32	// rp
+! 	mov		r15=r33	// ap
+  	mov		ar.lc=r10	}
+! { .mii;	mov		r39=0	// serves as r33 at first (p26)
+! 	mov		r18=r32	// rp copy
+! 	mov		ar.ec=14	};;
+  
+! // This loop spins in 3*(n+13) ticks on Itanium and should spin in
+! // 2*(n+13) on "wider" IA-64 implementations (to be verified with new
+  // µ-architecture manuals as they become available). As usual it's
+  // possible to compress the epilogue, down to 10 in this case, at the
+  // cost of scalability. Compressed (and therefore non-scalable) loop
+! // running at 3*(n+10) would buy you ~10% on Itanium but take ~35%
+  // from "wider" IA-64 so let it be scalable! Special attention was
+  // paid for having the loop body split at 64-byte boundary. ld8 is
+  // scheduled for L1 cache as the data is more than likely there.
+  // Indeed, bn_mul_words has put it there a moment ago:-)
+  .L_bn_mul_add_words_ctop:
+! { .mfi;	(p25)	getf.sig	r36=f49			// low
+! 	(p21)	xmpy.lu		f45=f37,f8
+! 	(p27)	cmp.ltu		p52,p48=r39,r38	}
+  { .mfi;	(p16)	ldf8		f32=[r15],8
+! 	(p21)	xmpy.hu		f38=f37,f8
+! 	(p27)	add		r43=r43,r39	};;
+! { .mii;	(p26)	getf.sig	r32=f43			// high
+! 	.pred.rel	"mutex",p48,p52
+! 	(p48)	add		r38=r37,r33		// (p26)
+! 	(p52)	add		r38=r37,r33,1	}	// (p26)
+! { .mfb;	(p27)	cmp.ltu.unc	p56,p0=r43,r39
+  	(p0)	nop.f		0x0
+  	(p0)	nop.b		0x0		}
+! { .mii;	(p26)	ld8		r42=[r18],8
+! 	(p58)	cmp.eq.or	p57,p0=-1,r44
+! 	(p58)	add		r44=1,r44	}
+! { .mfb;	(p29)	st8		[r14]=r45,8
+  	(p0)	nop.f		0x0
+  	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
+  .L_bn_mul_add_words_cend:
+  
+  { .mii;	nop.m		0x0
+! .pred.rel	"mutex",p51,p55
+! (p51)	add		r8=r36,r0
+! (p55)	add		r8=r36,r0,1	}
+  { .mfb;	nop.m	0x0
+  	nop.f	0x0
+  	nop.b	0x0			};;
+  { .mii;
+! (p59)	add		r8=1,r8
+! 	mov		pr=r9,-1
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+--- 441,509 ----
+  
+  	.body
+  { .mib;	setf.sig	f8=r35	// w
+! 	mov		pr.rot=0x800001<<16
+! 			// ------^----- serves as (p50) at first (p27)
+  	brp.loop.imp	.L_bn_mul_add_words_ctop,.L_bn_mul_add_words_cend-16
+  					}
+! { .mii;
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r14=0,r32	// rp
+! 	addp4		r15=0,r33	// ap
+! #else
+! 	mov		r14=r32		// rp
+! 	mov		r15=r33		// ap
+! #endif
+  	mov		ar.lc=r10	}
+! { .mii;	mov		r40=0	// serves as r35 at first (p27)
+! #if defined(_HPUX_SOURCE) && defined(_ILP32)
+! 	addp4		r18=0,r32	// rp copy
+! #else
+! 	mov		r18=r32		// rp copy
+! #endif
+! 	mov		ar.ec=15	};;
+  
+! // This loop spins in 3*(n+14) ticks on Itanium and should spin in
+! // 2*(n+14) on "wider" IA-64 implementations (to be verified with new
+  // µ-architecture manuals as they become available). As usual it's
+  // possible to compress the epilogue, down to 10 in this case, at the
+  // cost of scalability. Compressed (and therefore non-scalable) loop
+! // running at 3*(n+11) would buy you ~10% on Itanium but take ~35%
+  // from "wider" IA-64 so let it be scalable! Special attention was
+  // paid for having the loop body split at 64-byte boundary. ld8 is
+  // scheduled for L1 cache as the data is more than likely there.
+  // Indeed, bn_mul_words has put it there a moment ago:-)
+  .L_bn_mul_add_words_ctop:
+! { .mfi;	(p25)	getf.sig	r36=f52			// low
+! 	(p21)	xmpy.lu		f48=f37,f8
+! 	(p28)	cmp.ltu		p54,p50=r41,r39	}
+  { .mfi;	(p16)	ldf8		f32=[r15],8
+! 	(p21)	xmpy.hu		f40=f37,f8
+! 	(p28)	add		r45=r45,r41	};;
+! { .mii;	(p25)	getf.sig	r32=f44			// high
+! 	.pred.rel	"mutex",p50,p54
+! 	(p50)	add		r40=r38,r35		// (p27)
+! 	(p54)	add		r40=r38,r35,1	}	// (p27)
+! { .mfb;	(p28)	cmp.ltu.unc	p60,p0=r45,r41
+  	(p0)	nop.f		0x0
+  	(p0)	nop.b		0x0		}
+! { .mii;	(p27)	ld8		r44=[r18],8
+! 	(p62)	cmp.eq.or	p61,p0=-1,r46
+! 	(p62)	add		r46=1,r46	}
+! { .mfb;	(p30)	st8		[r14]=r47,8
+  	(p0)	nop.f		0x0
+  	br.ctop.sptk	.L_bn_mul_add_words_ctop};;
+  .L_bn_mul_add_words_cend:
+  
+  { .mii;	nop.m		0x0
+! .pred.rel	"mutex",p53,p57
+! (p53)	add		r8=r38,r0
+! (p57)	add		r8=r38,r0,1	}
+  { .mfb;	nop.m	0x0
+  	nop.f	0x0
+  	nop.b	0x0			};;
+  { .mii;
+! (p63)	add		r8=1,r8
+! 	mov		pr=r9,0x1ffff
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+***************
+*** 461,466 ****
+--- 536,545 ----
+  	mov	r9=pr			};;
+  
+  	.body
++ #if defined(_HPUX_SOURCE) && defined(_ILP32)
++ { .mii; addp4		r32=0,r32
++ 	addp4		r33=0,r33	};;
++ #endif
+  { .mib;
+  	mov		pr.rot=1<<16
+  	brp.loop.imp	.L_bn_sqr_words_ctop,.L_bn_sqr_words_cend-16
+***************
+*** 492,498 ****
+  .L_bn_sqr_words_cend:
+  
+  { .mii;	nop.m		0x0
+! 	mov		pr=r9,-1
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+--- 571,577 ----
+  .L_bn_sqr_words_cend:
+  
+  { .mii;	nop.m		0x0
+! 	mov		pr=r9,0x1ffff
+  	mov		ar.lc=r3	}
+  { .mfb;	rum		1<<5		// clear um.mfh
+  	nop.f		0x0
+***************
+*** 526,532 ****
+--- 605,618 ----
+  	.prologue
+  	.fframe	0
+  	.save	ar.pfs,r2
++ #if defined(_HPUX_SOURCE) && defined(_ILP32)
+  { .mii;	alloc	r2=ar.pfs,2,1,0,0
++ 	addp4	r33=0,r33
++ 	addp4	r32=0,r32		};;
++ { .mii;
++ #else
++ { .mii;	alloc	r2=ar.pfs,2,1,0,0
++ #endif
+  	mov	r34=r33
+  	add	r14=8,r33		};;
+  	.body
+***************
+*** 587,593 ****
+--- 673,686 ----
+  	.prologue
+  	.fframe	0
+  	.save	ar.pfs,r2
++ #if defined(_HPUX_SOURCE) && defined(_ILP32)
+  { .mii;	alloc	r2=ar.pfs,3,0,0,0
++ 	addp4	r33=0,r33
++ 	addp4	r34=0,r34		};;
++ { .mii;	addp4	r32=0,r32
++ #else
++ { .mii;	alloc   r2=ar.pfs,3,0,0,0
++ #endif
+  	add	r14=8,r33
+  	add	r17=8,r34		}
+  	.body
+***************
+*** 1138,1144 ****
+--- 1231,1244 ----
+  	.prologue
+  	.fframe	0
+  	.save	ar.pfs,r2
++ #if defined(_HPUX_SOURCE) && defined(_ILP32)
++ { .mii;	alloc   r2=ar.pfs,2,1,0,0
++ 	addp4	r32=0,r32
++ 	addp4	r33=0,r33		};;
++ { .mii;
++ #else
+  { .mii;	alloc	r2=ar.pfs,2,1,0,0
++ #endif
+  	mov	r34=r33
+  	add	r14=8,r33		};;
+  	.body
+***************
+*** 1164,1170 ****
+--- 1264,1277 ----
+  	.prologue
+  	.fframe	0
+  	.save	ar.pfs,r2
++ #if defined(_HPUX_SOURCE) && defined(_ILP32)
++ { .mii;	alloc   r2=ar.pfs,3,0,0,0
++ 	addp4	r33=0,r33
++ 	addp4	r34=0,r34		};;
++ { .mii;	addp4	r32=0,r32
++ #else
+  { .mii;	alloc	r2=ar.pfs,3,0,0,0
++ #endif
+  	add	r14=8,r33
+  	add	r17=8,r34		}
+  	.body
+***************
+*** 1464,1470 ****
+  	or	r8=r8,r33
+  	mov	ar.pfs=r2		};;
+  { .mii;	shr.u	r9=H,I			// remainder if anybody wants it
+! 	mov	pr=r10,-1		}
+  { .mfb;	br.ret.sptk.many	b0	};;
+  
+  // Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
+--- 1571,1577 ----
+  	or	r8=r8,r33
+  	mov	ar.pfs=r2		};;
+  { .mii;	shr.u	r9=H,I			// remainder if anybody wants it
+! 	mov	pr=r10,0x1ffff		}
+  { .mfb;	br.ret.sptk.many	b0	};;
+  
+  // Unsigned 64 by 32 (well, by 64 for the moment) bit integer division
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/asm/pa-risc2.s ../RELENG_4/crypto/openssl/crypto/bn/asm/pa-risc2.s
+*** crypto/openssl/crypto/bn/asm/pa-risc2.s	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/bn/asm/pa-risc2.s	Mon Feb 24 21:14:53 2003
+***************
+*** 747,754 ****
+  	.PROC
+  	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
+  	.IMPORT	BN_num_bits_word,CODE
+! 	.IMPORT	__iob,DATA
+! 	.IMPORT	fprintf,CODE
+  	.IMPORT	abort,CODE
+  	.IMPORT	$$div2U,MILLICODE
+  	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+--- 747,754 ----
+  	.PROC
+  	.EXPORT	bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN
+  	.IMPORT	BN_num_bits_word,CODE
+! 	;--- not PIC	.IMPORT	__iob,DATA
+! 	;--- not PIC	.IMPORT	fprintf,CODE
+  	.IMPORT	abort,CODE
+  	.IMPORT	$$div2U,MILLICODE
+  	.CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE
+***************
+*** 844,855 ****
+          MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
+          EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
+  $D2
+!         ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
+!         LDIL    LR'C$7,%r21     ;offset 0xa24
+!         LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
+!         .CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
+!         B,L     fprintf,%r2     ;offset 0xa2c
+!         LDO     RR'C$7(%r21),%r25       ;offset 0xa30
+          .CALL           ;
+          B,L     abort,%r2       ;offset 0xa34
+          NOP             ;offset 0xa38
+--- 844,855 ----
+          MOVIB,TR        2,%r8,$0006001C ;offset 0xa18
+          EXTRD,U %r3,63,32,%r7   ;offset 0xa1c
+  $D2
+!         ;--- not PIC	ADDIL   LR'__iob-$global$,%r27,%r1      ;offset 0xa20
+!         ;--- not PIC	LDIL    LR'C$7,%r21     ;offset 0xa24
+!         ;--- not PIC	LDO     RR'__iob-$global$+32(%r1),%r26  ;offset 0xa28
+!         ;--- not PIC	.CALL   ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR    ;in=24,25,26;out=28;
+!         ;--- not PIC	B,L     fprintf,%r2     ;offset 0xa2c
+!         ;--- not PIC	LDO     RR'C$7(%r21),%r25       ;offset 0xa30
+          .CALL           ;
+          B,L     abort,%r2       ;offset 0xa34
+          NOP             ;offset 0xa38
+***************
+*** 1605,1618 ****
+  	.PROCEND	
+  
+  
+! 	.SPACE	$TEXT$
+! 	.SUBSPA	$CODE$
+! 	.SPACE	$PRIVATE$,SORT=16
+! 	.IMPORT	$global$,DATA
+! 	.SPACE	$TEXT$
+! 	.SUBSPA	$CODE$
+! 	.SUBSPA	$LIT$,ACCESS=0x2c
+! C$7
+! 	.ALIGN	8
+! 	.STRINGZ	"Division would overflow (%d)\n"
+  	.END
+--- 1605,1618 ----
+  	.PROCEND	
+  
+  
+! ;--- not PIC	.SPACE	$TEXT$
+! ;--- not PIC	.SUBSPA	$CODE$
+! ;--- not PIC	.SPACE	$PRIVATE$,SORT=16
+! ;--- not PIC	.IMPORT	$global$,DATA
+! ;--- not PIC	.SPACE	$TEXT$
+! ;--- not PIC	.SUBSPA	$CODE$
+! ;--- not PIC	.SUBSPA	$LIT$,ACCESS=0x2c
+! ;--- not PIC	C$7
+! ;--- not PIC	.ALIGN	8
+! ;--- not PIC	.STRINGZ	"Division would overflow (%d)\n"
+  	.END
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_lcl.h ../RELENG_4/crypto/openssl/crypto/bn/bn_lcl.h
+*** crypto/openssl/crypto/bn/bn_lcl.h	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/bn/bn_lcl.h	Mon Feb 24 21:14:52 2003
+***************
+*** 446,455 ****
+  	BN_ULONG *t);
+  void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2,
+  	BN_ULONG *t);
+- BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+- 	int cl, int dl);
+- BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b,
+- 	int cl, int dl);
+  
+  #ifdef  __cplusplus
+  }
+--- 446,451 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_prime.c ../RELENG_4/crypto/openssl/crypto/bn/bn_prime.c
+*** crypto/openssl/crypto/bn/bn_prime.c	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/bn/bn_prime.c	Mon Feb 24 21:14:52 2003
+***************
+*** 140,145 ****
+--- 140,146 ----
+  	BN_CTX *ctx;
+  	int checks = BN_prime_checks_for_size(bits);
+  
++ 	BN_init(&t);
+  	ctx=BN_CTX_new();
+  	if (ctx == NULL) goto err;
+  	if (ret == NULL)
+***************
+*** 148,154 ****
+  		}
+  	else
+  		rnd=ret;
+- 	BN_init(&t);
+  loop: 
+  	/* make a random number and set the top and bottom bits */
+  	if (add == NULL)
+--- 149,154 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/cast/Makefile.ssl
+*** crypto/openssl/crypto/cast/Makefile.ssl	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/cast/Makefile.ssl	Mon Feb 24 21:14:53 2003
+***************
+*** 52,65 ****
+  	@touch lib
+  
+  # elf
+! asm/cx86-elf.o: asm/cx86unix.cpp
+! 	$(CPP) -DELF -x c asm/cx86unix.cpp | as -o asm/cx86-elf.o
+! 
+! # solaris
+! asm/cx86-sol.o: asm/cx86unix.cpp
+! 	$(CC) -E -DSOL asm/cx86unix.cpp | sed 's/^#.*//' > asm/cx86-sol.s
+! 	as -o asm/cx86-sol.o asm/cx86-sol.s
+! 	rm -f asm/cx86-sol.s
+  
+  # a.out
+  asm/cx86-out.o: asm/cx86unix.cpp
+--- 52,59 ----
+  	@touch lib
+  
+  # elf
+! asm/cx86-elf.s: asm/cast-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+! 	(cd asm; $(PERL) cast-586.pl elf $(CLAGS) $(PROCESSOR) > cx86-elf.s)
+  
+  # a.out
+  asm/cx86-out.o: asm/cx86unix.cpp
+***************
+*** 104,110 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/cx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 98,104 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/cx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_mall.c ../RELENG_4/crypto/openssl/crypto/conf/conf_mall.c
+*** crypto/openssl/crypto/conf/conf_mall.c	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/conf/conf_mall.c	Mon Feb 24 21:14:53 2003
+***************
+*** 63,69 ****
+--- 63,71 ----
+  #include <openssl/dso.h>
+  #include <openssl/x509.h>
+  #include <openssl/asn1.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  /* Load all OpenSSL builtin modules */
+  
+***************
+*** 71,76 ****
+--- 73,80 ----
+  	{
+  	/* Add builtin modules here */
+  	ASN1_add_oid_module();
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE_add_conf_module();
++ #endif
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_sap.c ../RELENG_4/crypto/openssl/crypto/conf/conf_sap.c
+*** crypto/openssl/crypto/conf/conf_sap.c	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/conf/conf_sap.c	Mon Feb 24 21:14:53 2003
+***************
+*** 63,69 ****
+--- 63,71 ----
+  #include <openssl/dso.h>
+  #include <openssl/x509.h>
+  #include <openssl/asn1.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  /* This is the automatic configuration loader: it is called automatically by
+   * OpenSSL when any of a number of standard initialisation functions are called,
+***************
+*** 78,85 ****
+--- 80,89 ----
+  		return;
+  
+  	OPENSSL_load_builtin_modules();
++ #ifndef OPENSSL_NO_ENGINE
+  	/* Need to load ENGINEs */
+  	ENGINE_load_builtin_engines();
++ #endif
+  	/* Add others here? */
+  
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/des/Makefile.ssl
+*** crypto/openssl/crypto/des/Makefile.ssl	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/Makefile.ssl	Mon Feb 24 21:14:53 2003
+***************
+*** 66,95 ****
+  	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+  
+  # elf
+! asm/dx86-elf.o: asm/dx86unix.cpp
+! 	$(CPP) -DELF	\
+! 		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+! 		-x c asm/dx86unix.cpp | as -o asm/dx86-elf.o
+! 
+! asm/yx86-elf.o: asm/yx86unix.cpp
+! 	$(CPP) -DELF	\
+! 		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+! 		-x c asm/yx86unix.cpp | as -o asm/yx86-elf.o
+! 
+! # solaris
+! asm/dx86-sol.o: asm/dx86unix.cpp
+! 	$(CC) -E -DSOL	\
+! 		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+! 		asm/dx86unix.cpp | sed 's/^#.*//' > asm/dx86-sol.s
+! 	as -o asm/dx86-sol.o asm/dx86-sol.s
+! 	rm -f asm/dx86-sol.s
+! 
+! asm/yx86-sol.o: asm/yx86unix.cpp
+! 	$(CC) -E -DSOL	\
+! 		`(echo $(CFLAGS) | egrep -ie '-[fK]PIC') > /dev/null 2>&1 && echo -DPIC; exit 0`\
+! 		asm/yx86unix.cpp | sed 's/^#.*//' > asm/yx86-sol.s
+! 	as -o asm/yx86-sol.o asm/yx86-sol.s
+! 	rm -f asm/yx86-sol.s
+  
+  # a.out
+  asm/dx86-out.o: asm/dx86unix.cpp
+--- 66,76 ----
+  	$(CC) $(CFLAGS) -o des des.o cbc3_enc.o $(LIB)
+  
+  # elf
+! asm/dx86-elf.s:	asm/des-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+! 	(cd asm; $(PERL) des-586.pl elf $(CFLAGS) > dx86-elf.s)
+! 
+! asm/yx86-elf.s:	asm/crypt586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+! 	(cd asm; $(PERL) crypt586.pl elf $(CFLAGS) > yx86-elf.s)
+  
+  # a.out
+  asm/dx86-out.o: asm/dx86unix.cpp
+***************
+*** 145,151 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/dx86unix.cpp asm/yx86unix.cpp *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 126,132 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/dx86unix.cpp asm/yx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj des lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/asm/crypt586.pl ../RELENG_4/crypto/openssl/crypto/des/asm/crypt586.pl
+*** crypto/openssl/crypto/des/asm/crypt586.pl	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/asm/crypt586.pl	Mon Feb 24 21:14:53 2003
+***************
+*** 32,39 ****
+  	&xor(	$R,	$R);
+  
+  	# PIC-ification:-)
+! 	if ($cpp)	{ &picmeup("edx","DES_SPtrans");   }
+! 	else		{ &lea("edx",&DWP("DES_SPtrans")); }
+  	&push("edx");	# becomes &swtmp(1)
+  	#
+  	&mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
+--- 32,40 ----
+  	&xor(	$R,	$R);
+  
+  	# PIC-ification:-)
+! 	&picmeup("edx","DES_SPtrans");
+! 	#if ($cpp)	{ &picmeup("edx","DES_SPtrans");   }
+! 	#else		{ &lea("edx",&DWP("DES_SPtrans")); }
+  	&push("edx");	# becomes &swtmp(1)
+  	#
+  	&mov($trans,&wparam(1)); # reloaded with DES_SPtrans in D_ENCRYPT
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/asm/des-586.pl ../RELENG_4/crypto/openssl/crypto/des/asm/des-586.pl
+*** crypto/openssl/crypto/des/asm/des-586.pl	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/asm/des-586.pl	Mon Feb 24 21:14:53 2003
+***************
+*** 73,80 ****
+  		}
+  
+  	# PIC-ification:-)
+! 	if ($cpp)	{ &picmeup($trans,"DES_SPtrans");   }
+! 	else		{ &lea($trans,&DWP("DES_SPtrans")); }
+  
+  	&mov(	"ecx",	&wparam(1)	);
+  	&cmp("ebx","0");
+--- 73,81 ----
+  		}
+  
+  	# PIC-ification:-)
+! 	&picmeup($trans,"DES_SPtrans");
+! 	#if ($cpp)	{ &picmeup($trans,"DES_SPtrans");   }
+! 	#else		{ &lea($trans,&DWP("DES_SPtrans")); }
+  
+  	&mov(	"ecx",	&wparam(1)	);
+  	&cmp("ebx","0");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/cbc_cksm.c ../RELENG_4/crypto/openssl/crypto/des/cbc_cksm.c
+*** crypto/openssl/crypto/des/cbc_cksm.c	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/cbc_cksm.c	Mon Feb 24 21:14:53 2003
+***************
+*** 93,97 ****
+--- 93,106 ----
+  		l2c(tout1,out);
+  		}
+  	tout0=tin0=tin1=tin[0]=tin[1]=0;
++ 	/*
++ 	  Transform the data in tout1 so that it will
++ 	  match the return value that the MIT Kerberos
++ 	  mit_des_cbc_cksum API returns.
++ 	*/
++ 	tout1 = ((tout1 >> 24L) & 0x000000FF)
++ 	      | ((tout1 >> 8L)  & 0x0000FF00)
++ 	      | ((tout1 << 8L)  & 0x00FF0000)
++ 	      | ((tout1 << 24L) & 0xFF000000);
+  	return(tout1);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des_locl.h ../RELENG_4/crypto/openssl/crypto/des/des_locl.h
+*** crypto/openssl/crypto/des/des_locl.h	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/des_locl.h	Mon Feb 24 21:14:53 2003
+***************
+*** 162,168 ****
+  
+  #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+  #define	ROTATE(a,n)	(_lrotr(a,n))
+! #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+  # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+  #  define ROTATE(a,n)	({ register unsigned int ret;	\
+  				asm ("rorl %1,%0"	\
+--- 162,168 ----
+  
+  #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+  #define	ROTATE(a,n)	(_lrotr(a,n))
+! #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+  # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+  #  define ROTATE(a,n)	({ register unsigned int ret;	\
+  				asm ("rorl %1,%0"	\
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/destest.c ../RELENG_4/crypto/openssl/crypto/des/destest.c
+*** crypto/openssl/crypto/des/destest.c	Mon Feb 24 20:42:43 2003
+--- ../RELENG_4/crypto/openssl/crypto/des/destest.c	Mon Feb 24 21:14:53 2003
+***************
+*** 320,326 ****
+--- 320,330 ----
+  	0x3d,0x6d,0x5b,0xe3,0x25,0x5a,0xf8,0xc3
+  	};
+  
++ #if 0
+  static DES_LONG cbc_cksum_ret=0xB462FEF7L;
++ #else
++ static DES_LONG cbc_cksum_ret=0xF7FE62B4L;
++ #endif
+  static unsigned char cbc_cksum_data[8]={0x1D,0x26,0x93,0x97,0xf7,0xfe,0x62,0xb4};
+  
+  static char *pt(unsigned char *p);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dh_key.c ../RELENG_4/crypto/openssl/crypto/dh/dh_key.c
+*** crypto/openssl/crypto/dh/dh_key.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dh/dh_key.c	Mon Feb 24 21:14:53 2003
+***************
+*** 61,67 ****
+--- 61,69 ----
+  #include <openssl/bn.h>
+  #include <openssl/rand.h>
+  #include <openssl/dh.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  static int generate_key(DH *dh);
+  static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dh_lib.c ../RELENG_4/crypto/openssl/crypto/dh/dh_lib.c
+*** crypto/openssl/crypto/dh/dh_lib.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dh/dh_lib.c	Mon Feb 24 21:14:53 2003
+***************
+*** 60,66 ****
+--- 60,68 ----
+  #include "cryptlib.h"
+  #include <openssl/bn.h>
+  #include <openssl/dh.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT;
+  
+***************
+*** 85,95 ****
+--- 87,99 ----
+          const DH_METHOD *mtmp;
+          mtmp = dh->meth;
+          if (mtmp->finish) mtmp->finish(dh);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (dh->engine)
+  		{
+  		ENGINE_finish(dh->engine);
+  		dh->engine = NULL;
+  		}
++ #endif
+          dh->meth = meth;
+          if (meth->init) meth->init(dh);
+          return 1;
+***************
+*** 112,117 ****
+--- 116,122 ----
+  		}
+  
+  	ret->meth = DH_get_default_method();
++ #ifndef OPENSSL_NO_ENGINE
+  	if (engine)
+  		{
+  		if (!ENGINE_init(engine))
+***************
+*** 135,140 ****
+--- 140,146 ----
+  			return NULL;
+  			}
+  		}
++ #endif
+  
+  	ret->pad=0;
+  	ret->version=0;
+***************
+*** 154,161 ****
+--- 160,169 ----
+  	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+  	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+  		{
++ #ifndef OPENSSL_NO_ENGINE
+  		if (ret->engine)
+  			ENGINE_finish(ret->engine);
++ #endif
+  		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data);
+  		OPENSSL_free(ret);
+  		ret=NULL;
+***************
+*** 182,189 ****
+--- 190,199 ----
+  
+  	if (r->meth->finish)
+  		r->meth->finish(r);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (r->engine)
+  		ENGINE_finish(r->engine);
++ #endif
+  
+  	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_lib.c ../RELENG_4/crypto/openssl/crypto/dsa/dsa_lib.c
+*** crypto/openssl/crypto/dsa/dsa_lib.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsa_lib.c	Mon Feb 24 21:14:53 2003
+***************
+*** 63,69 ****
+--- 63,71 ----
+  #include <openssl/bn.h>
+  #include <openssl/dsa.h>
+  #include <openssl/asn1.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT;
+  
+***************
+*** 93,103 ****
+--- 95,107 ----
+          const DSA_METHOD *mtmp;
+          mtmp = dsa->meth;
+          if (mtmp->finish) mtmp->finish(dsa);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (dsa->engine)
+  		{
+  		ENGINE_finish(dsa->engine);
+  		dsa->engine = NULL;
+  		}
++ #endif
+          dsa->meth = meth;
+          if (meth->init) meth->init(dsa);
+          return 1;
+***************
+*** 114,119 ****
+--- 118,124 ----
+  		return(NULL);
+  		}
+  	ret->meth = DSA_get_default_method();
++ #ifndef OPENSSL_NO_ENGINE
+  	if (engine)
+  		{
+  		if (!ENGINE_init(engine))
+***************
+*** 138,143 ****
+--- 143,149 ----
+  			return NULL;
+  			}
+  		}
++ #endif
+  
+  	ret->pad=0;
+  	ret->version=0;
+***************
+*** 158,165 ****
+--- 164,173 ----
+  	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+  	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+  		{
++ #ifndef OPENSSL_NO_ENGINE
+  		if (ret->engine)
+  			ENGINE_finish(ret->engine);
++ #endif
+  		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data);
+  		OPENSSL_free(ret);
+  		ret=NULL;
+***************
+*** 189,196 ****
+--- 197,206 ----
+  
+  	if(r->meth->finish)
+  		r->meth->finish(r);
++ #ifndef OPENSSL_NO_ENGINE
+  	if(r->engine)
+  		ENGINE_finish(r->engine);
++ #endif
+  
+  	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_ossl.c ../RELENG_4/crypto/openssl/crypto/dsa/dsa_ossl.c
+*** crypto/openssl/crypto/dsa/dsa_ossl.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsa_ossl.c	Mon Feb 24 21:14:53 2003
+***************
+*** 64,70 ****
+--- 64,72 ----
+  #include <openssl/dsa.h>
+  #include <openssl/rand.h>
+  #include <openssl/asn1.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
+  static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
+***************
+*** 106,118 ****
+  	int i,reason=ERR_R_BN_LIB;
+  	DSA_SIG *ret=NULL;
+  
+  	if (!dsa->p || !dsa->q || !dsa->g)
+  		{
+  		reason=DSA_R_MISSING_PARAMETERS;
+  		goto err;
+  		}
+! 	BN_init(&m);
+! 	BN_init(&xr);
+  	s=BN_new();
+  	if (s == NULL) goto err;
+  
+--- 108,122 ----
+  	int i,reason=ERR_R_BN_LIB;
+  	DSA_SIG *ret=NULL;
+  
++ 	BN_init(&m);
++ 	BN_init(&xr);
++ 
+  	if (!dsa->p || !dsa->q || !dsa->g)
+  		{
+  		reason=DSA_R_MISSING_PARAMETERS;
+  		goto err;
+  		}
+! 
+  	s=BN_new();
+  	if (s == NULL) goto err;
+  
+***************
+*** 178,183 ****
+--- 182,190 ----
+  		DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS);
+  		return 0;
+  		}
++ 
++ 	BN_init(&k);
++ 
+  	if (ctx_in == NULL)
+  		{
+  		if ((ctx=BN_CTX_new()) == NULL) goto err;
+***************
+*** 185,191 ****
+  	else
+  		ctx=ctx_in;
+  
+- 	BN_init(&k);
+  	if ((r=BN_new()) == NULL) goto err;
+  	kinv=NULL;
+  
+--- 192,197 ----
+***************
+*** 241,250 ****
+  		return -1;
+  		}
+  
+- 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+  	BN_init(&u1);
+  	BN_init(&u2);
+  	BN_init(&t1);
+  
+  	if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+  		{
+--- 247,257 ----
+  		return -1;
+  		}
+  
+  	BN_init(&u1);
+  	BN_init(&u2);
+  	BN_init(&t1);
++ 
++ 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+  
+  	if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_sign.c ../RELENG_4/crypto/openssl/crypto/dsa/dsa_sign.c
+*** crypto/openssl/crypto/dsa/dsa_sign.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsa_sign.c	Mon Feb 24 21:14:53 2003
+***************
+*** 64,70 ****
+--- 64,72 ----
+  #include <openssl/dsa.h>
+  #include <openssl/rand.h>
+  #include <openssl/asn1.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsa_vrf.c ../RELENG_4/crypto/openssl/crypto/dsa/dsa_vrf.c
+*** crypto/openssl/crypto/dsa/dsa_vrf.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsa_vrf.c	Mon Feb 24 21:14:53 2003
+***************
+*** 65,71 ****
+--- 65,73 ----
+  #include <openssl/rand.h>
+  #include <openssl/asn1.h>
+  #include <openssl/asn1_mac.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
+  		  DSA *dsa)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsagen.c ../RELENG_4/crypto/openssl/crypto/dsa/dsagen.c
+*** crypto/openssl/crypto/dsa/dsagen.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsagen.c	Mon Feb 24 21:14:53 2003
+***************
+*** 103,109 ****
+  		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+  
+  	memcpy(seed_buf,seed,20);
+! 	dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb);
+  
+  	if (dsa == NULL)
+  		DSA_print(bio_err,dsa,0);
+--- 103,109 ----
+  		bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+  
+  	memcpy(seed_buf,seed,20);
+! 	dsa=DSA_generate_parameters(1024,seed,20,&counter,&h,cb,bio_err);
+  
+  	if (dsa == NULL)
+  		DSA_print(bio_err,dsa,0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsatest.c ../RELENG_4/crypto/openssl/crypto/dsa/dsatest.c
+*** crypto/openssl/crypto/dsa/dsatest.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dsa/dsatest.c	Mon Feb 24 21:14:53 2003
+***************
+*** 68,74 ****
+--- 68,76 ----
+  #include <openssl/rand.h>
+  #include <openssl/bio.h>
+  #include <openssl/err.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #ifdef OPENSSL_SYS_WINDOWS
+  #include "../bio/bss_file.c"
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dso/dso_dl.c ../RELENG_4/crypto/openssl/crypto/dso/dso_dl.c
+*** crypto/openssl/crypto/dso/dso_dl.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/dso/dso_dl.c	Mon Feb 24 21:14:53 2003
+***************
+*** 126,132 ****
+  		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
+  		goto err;
+  		}
+! 	ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, NULL);
+  	if(ptr == NULL)
+  		{
+  		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
+--- 126,132 ----
+  		DSOerr(DSO_F_DL_LOAD,DSO_R_NO_FILENAME);
+  		goto err;
+  		}
+! 	ptr = shl_load(filename, BIND_IMMEDIATE|DYNAMIC_PATH, 0L);
+  	if(ptr == NULL)
+  		{
+  		DSOerr(DSO_F_DL_LOAD,DSO_R_LOAD_FAILED);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ec/ec.h ../RELENG_4/crypto/openssl/crypto/ec/ec.h
+*** crypto/openssl/crypto/ec/ec.h	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/ec/ec.h	Mon Feb 24 21:14:54 2003
+***************
+*** 195,201 ****
+  #define EC_F_EC_GROUP_GET0_GENERATOR			 139
+  #define EC_F_EC_GROUP_GET_COFACTOR			 140
+  #define EC_F_EC_GROUP_GET_CURVE_GFP			 130
+- #define EC_F_EC_GROUP_GET_EXTRA_DATA			 107
+  #define EC_F_EC_GROUP_GET_ORDER				 141
+  #define EC_F_EC_GROUP_NEW				 108
+  #define EC_F_EC_GROUP_PRECOMPUTE_MULT			 142
+--- 195,200 ----
+***************
+*** 232,238 ****
+  #define EC_R_INVALID_FIELD				 103
+  #define EC_R_INVALID_FORM				 104
+  #define EC_R_NOT_INITIALIZED				 111
+- #define EC_R_NO_SUCH_EXTRA_DATA				 105
+  #define EC_R_POINT_AT_INFINITY				 106
+  #define EC_R_POINT_IS_NOT_ON_CURVE			 107
+  #define EC_R_SLOT_FULL					 108
+--- 231,236 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ec/ec_err.c ../RELENG_4/crypto/openssl/crypto/ec/ec_err.c
+*** crypto/openssl/crypto/ec/ec_err.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/ec/ec_err.c	Mon Feb 24 21:14:54 2003
+***************
+*** 84,90 ****
+  {ERR_PACK(0,EC_F_EC_GROUP_GET0_GENERATOR,0),	"EC_GROUP_get0_generator"},
+  {ERR_PACK(0,EC_F_EC_GROUP_GET_COFACTOR,0),	"EC_GROUP_get_cofactor"},
+  {ERR_PACK(0,EC_F_EC_GROUP_GET_CURVE_GFP,0),	"EC_GROUP_get_curve_GFp"},
+- {ERR_PACK(0,EC_F_EC_GROUP_GET_EXTRA_DATA,0),	"EC_GROUP_get_extra_data"},
+  {ERR_PACK(0,EC_F_EC_GROUP_GET_ORDER,0),	"EC_GROUP_get_order"},
+  {ERR_PACK(0,EC_F_EC_GROUP_NEW,0),	"EC_GROUP_new"},
+  {ERR_PACK(0,EC_F_EC_GROUP_PRECOMPUTE_MULT,0),	"EC_GROUP_precompute_mult"},
+--- 84,89 ----
+***************
+*** 124,130 ****
+  {EC_R_INVALID_FIELD                      ,"invalid field"},
+  {EC_R_INVALID_FORM                       ,"invalid form"},
+  {EC_R_NOT_INITIALIZED                    ,"not initialized"},
+- {EC_R_NO_SUCH_EXTRA_DATA                 ,"no such extra data"},
+  {EC_R_POINT_AT_INFINITY                  ,"point at infinity"},
+  {EC_R_POINT_IS_NOT_ON_CURVE              ,"point is not on curve"},
+  {EC_R_SLOT_FULL                          ,"slot full"},
+--- 123,128 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ec/ec_lib.c ../RELENG_4/crypto/openssl/crypto/ec/ec_lib.c
+*** crypto/openssl/crypto/ec/ec_lib.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/ec/ec_lib.c	Mon Feb 24 21:14:54 2003
+***************
+*** 268,274 ****
+  		|| (group->extra_data_free_func != extra_data_free_func)
+  		|| (group->extra_data_clear_free_func != extra_data_clear_free_func))
+  		{
+! 		ECerr(EC_F_EC_GROUP_GET_EXTRA_DATA, EC_R_NO_SUCH_EXTRA_DATA);
+  		return NULL;
+  		}
+  
+--- 268,276 ----
+  		|| (group->extra_data_free_func != extra_data_free_func)
+  		|| (group->extra_data_clear_free_func != extra_data_clear_free_func))
+  		{
+! #if 0 /* this was an error in 0.9.7, but that does not make a lot of sense */
+! 		ECerr(..._F_EC_GROUP_GET_EXTRA_DATA, ..._R_NO_SUCH_EXTRA_DATA);
+! #endif
+  		return NULL;
+  		}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ec/ec_mult.c ../RELENG_4/crypto/openssl/crypto/ec/ec_mult.c
+*** crypto/openssl/crypto/ec/ec_mult.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/ec/ec_mult.c	Mon Feb 24 21:14:54 2003
+***************
+*** 209,214 ****
+--- 209,225 ----
+  	EC_POINT ***val_sub = NULL; /* pointers to sub-arrays of 'val' */
+  	int ret = 0;
+  	
++ 	if (group->meth != r->meth)
++ 		{
++ 		ECerr(EC_F_EC_POINTS_MUL, EC_R_INCOMPATIBLE_OBJECTS);
++ 		return 0;
++ 		}
++ 
++ 	if ((scalar == NULL) && (num == 0))
++ 		{
++ 		return EC_POINT_set_to_infinity(group, r);
++ 		}
++ 
+  	if (scalar != NULL)
+  		{
+  		generator = EC_GROUP_get0_generator(group);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ec/ectest.c ../RELENG_4/crypto/openssl/crypto/ec/ectest.c
+*** crypto/openssl/crypto/ec/ectest.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/ec/ectest.c	Mon Feb 24 21:14:54 2003
+***************
+*** 70,76 ****
+--- 70,78 ----
+  
+  
+  #include <openssl/ec.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #include <openssl/err.h>
+  
+  #define ABORT do { \
+***************
+*** 628,634 ****
+--- 630,638 ----
+  	if (P_384) EC_GROUP_free(P_384);
+  	if (P_521) EC_GROUP_free(P_521);
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE_cleanup();
++ #endif
+  	CRYPTO_cleanup_all_ex_data();
+  	ERR_free_strings();
+  	ERR_remove_state(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/engine/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/engine/Makefile.ssl
+*** crypto/openssl/crypto/engine/Makefile.ssl	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/engine/Makefile.ssl	Mon Feb 24 21:14:54 2003
+***************
+*** 50,56 ****
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB)
+  	@touch lib
+  
+  files:
+--- 50,56 ----
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB) || echo Never mind.
+  	@touch lib
+  
+  files:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/engine/engine.h ../RELENG_4/crypto/openssl/crypto/engine/engine.h
+*** crypto/openssl/crypto/engine/engine.h	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/engine/engine.h	Mon Feb 24 21:14:54 2003
+***************
+*** 59,64 ****
+--- 59,70 ----
+  #ifndef HEADER_ENGINE_H
+  #define HEADER_ENGINE_H
+  
++ #include <openssl/opensslconf.h>
++ 
++ #ifdef OPENSSL_NO_ENGINE
++ #error ENGINE is disabled.
++ #endif
++ 
+  #include <openssl/ossl_typ.h>
+  #include <openssl/bn.h>
+  #ifndef OPENSSL_NO_RSA
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/engine/enginetest.c ../RELENG_4/crypto/openssl/crypto/engine/enginetest.c
+*** crypto/openssl/crypto/engine/enginetest.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/engine/enginetest.c	Mon Feb 24 21:14:54 2003
+***************
+*** 56,64 ****
+   *
+   */
+  
+- #include <openssl/e_os2.h>
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/buffer.h>
+  #include <openssl/crypto.h>
+  #include <openssl/engine.h>
+--- 56,72 ----
+   *
+   */
+  
+  #include <stdio.h>
+  #include <string.h>
++ 
++ #ifdef OPENSSL_NO_ENGINE
++ int main(int argc, char *argv[])
++ {
++     printf("No ENGINE support\n");
++     return(0);
++ }
++ #else
++ #include <openssl/e_os2.h>
+  #include <openssl/buffer.h>
+  #include <openssl/crypto.h>
+  #include <openssl/engine.h>
+***************
+*** 272,274 ****
+--- 280,283 ----
+  	CRYPTO_mem_leaks_fp(stderr);
+  	return to_return;
+  	}
++ #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/err.c ../RELENG_4/crypto/openssl/crypto/err/err.c
+*** crypto/openssl/crypto/err/err.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/err/err.c	Mon Feb 24 21:14:54 2003
+***************
+*** 211,216 ****
+--- 211,217 ----
+  
+  {0,NULL},
+  	};
++ #endif
+  
+  
+  /* Define the predeclared (but externally opaque) "ERR_FNS" type */
+***************
+*** 491,496 ****
+--- 492,498 ----
+  	}
+  
+  
++ #ifndef OPENSSL_NO_ERR
+  #define NUM_SYS_STR_REASONS 127
+  #define LEN_SYS_STR_REASON 32
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/err_all.c ../RELENG_4/crypto/openssl/crypto/err/err_all.c
+*** crypto/openssl/crypto/err/err_all.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/err/err_all.c	Mon Feb 24 21:14:54 2003
+***************
+*** 82,88 ****
+--- 82,90 ----
+  #include <openssl/pkcs12.h>
+  #include <openssl/rand.h>
+  #include <openssl/dso.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #include <openssl/ocsp.h>
+  #include <openssl/err.h>
+  
+***************
+*** 122,128 ****
+--- 124,132 ----
+  	ERR_load_PKCS12_strings();
+  	ERR_load_RAND_strings();
+  	ERR_load_DSO_strings();
++ #ifndef OPENSSL_NO_ENGINE
+  	ERR_load_ENGINE_strings();
++ #endif
+  	ERR_load_OCSP_strings();
+  	ERR_load_UI_strings();
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/digest.c ../RELENG_4/crypto/openssl/crypto/evp/digest.c
+*** crypto/openssl/crypto/evp/digest.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/evp/digest.c	Mon Feb 24 21:14:54 2003
+***************
+*** 113,119 ****
+--- 113,121 ----
+  #include "cryptlib.h"
+  #include <openssl/objects.h>
+  #include <openssl/evp.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  void EVP_MD_CTX_init(EVP_MD_CTX *ctx)
+  	{
+***************
+*** 138,143 ****
+--- 140,146 ----
+  int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl)
+  	{
+  	EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED);
++ #ifndef OPENSSL_NO_ENGINE
+  	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+  	 * so this context may already have an ENGINE! Try to avoid releasing
+  	 * the previous handle, re-querying for an ENGINE, and having a
+***************
+*** 183,189 ****
+  		else
+  			ctx->engine = NULL;
+  		}
+! 	else if(!ctx->digest)
+  		{
+  		EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
+  		return 0;
+--- 186,194 ----
+  		else
+  			ctx->engine = NULL;
+  		}
+! 	else
+! #endif
+! 	if(!ctx->digest)
+  		{
+  		EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET);
+  		return 0;
+***************
+*** 196,202 ****
+--- 201,209 ----
+  		if (type->ctx_size)
+  			ctx->md_data=OPENSSL_malloc(type->ctx_size);
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  skip_to_init:
++ #endif
+  	return ctx->digest->init(ctx);
+  	}
+  
+***************
+*** 246,257 ****
+--- 253,266 ----
+  		EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED);
+  		return 0;
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  	/* Make sure it's safe to copy a digest context using an ENGINE */
+  	if (in->engine && !ENGINE_init(in->engine))
+  		{
+  		EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB);
+  		return 0;
+  		}
++ #endif
+  
+  	EVP_MD_CTX_cleanup(out);
+  	memcpy(out,in,sizeof *out);
+***************
+*** 304,313 ****
+--- 313,324 ----
+  		OPENSSL_cleanse(ctx->md_data,ctx->digest->ctx_size);
+  		OPENSSL_free(ctx->md_data);
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  	if(ctx->engine)
+  		/* The EVP_MD we used belongs to an ENGINE, release the
+  		 * functional reference we held for this reason. */
+  		ENGINE_finish(ctx->engine);
++ #endif
+  	memset(ctx,'\0',sizeof *ctx);
+  
+  	return 1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_acnf.c ../RELENG_4/crypto/openssl/crypto/evp/evp_acnf.c
+*** crypto/openssl/crypto/evp/evp_acnf.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/evp/evp_acnf.c	Mon Feb 24 21:14:54 2003
+***************
+*** 59,65 ****
+--- 59,67 ----
+  #include "cryptlib.h"
+  #include <openssl/evp.h>
+  #include <openssl/conf.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  
+  /* Load all algorithms and configure OpenSSL.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_enc.c ../RELENG_4/crypto/openssl/crypto/evp/evp_enc.c
+*** crypto/openssl/crypto/evp/evp_enc.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/evp/evp_enc.c	Mon Feb 24 21:14:54 2003
+***************
+*** 60,66 ****
+--- 60,68 ----
+  #include "cryptlib.h"
+  #include <openssl/evp.h>
+  #include <openssl/err.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #include "evp_locl.h"
+  
+  const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT;
+***************
+*** 91,96 ****
+--- 93,99 ----
+  			enc = 1;
+  		ctx->encrypt = enc;
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  	/* Whether it's nice or not, "Inits" can be used on "Final"'d contexts
+  	 * so this context may already have an ENGINE! Try to avoid releasing
+  	 * the previous handle, re-querying for an ENGINE, and having a
+***************
+*** 98,103 ****
+--- 101,107 ----
+  	if (ctx->engine && ctx->cipher && (!cipher ||
+  			(cipher && (cipher->nid == ctx->cipher->nid))))
+  		goto skip_to_init;
++ #endif
+  	if (cipher)
+  		{
+  		/* Ensure a context left lying around from last time is cleared
+***************
+*** 107,112 ****
+--- 111,117 ----
+  
+  		/* Restore encrypt field: it is zeroed by cleanup */
+  		ctx->encrypt = enc;
++ #ifndef OPENSSL_NO_ENGINE
+  		if(impl)
+  			{
+  			if (!ENGINE_init(impl))
+***************
+*** 140,145 ****
+--- 145,151 ----
+  			}
+  		else
+  			ctx->engine = NULL;
++ #endif
+  
+  		ctx->cipher=cipher;
+  		ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size);
+***************
+*** 159,165 ****
+--- 165,173 ----
+  		EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET);
+  		return 0;
+  		}
++ #ifndef OPENSSL_NO_ENGINE
+  skip_to_init:
++ #endif
+  	/* we assume block size is a power of 2 in *cryptUpdate */
+  	OPENSSL_assert(ctx->cipher->block_size == 1
+  	    || ctx->cipher->block_size == 8
+***************
+*** 236,242 ****
+  int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+  	     const unsigned char *key, const unsigned char *iv)
+  	{
+! 	return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
+  	}
+  
+  int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+--- 244,250 ----
+  int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
+  	     const unsigned char *key, const unsigned char *iv)
+  	{
+! 	return EVP_CipherInit(ctx, cipher, key, iv, 0);
+  	}
+  
+  int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
+***************
+*** 460,469 ****
+--- 468,479 ----
+  		}
+  	if (c->cipher_data)
+  		OPENSSL_free(c->cipher_data);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (c->engine)
+  		/* The EVP_CIPHER we used belongs to an ENGINE, release the
+  		 * functional reference we held for this reason. */
+  		ENGINE_finish(c->engine);
++ #endif
+  	memset(c,0,sizeof(EVP_CIPHER_CTX));
+  	return 1;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_test.c ../RELENG_4/crypto/openssl/crypto/evp/evp_test.c
+*** crypto/openssl/crypto/evp/evp_test.c	Mon Feb 24 20:42:44 2003
+--- ../RELENG_4/crypto/openssl/crypto/evp/evp_test.c	Mon Feb 24 21:14:54 2003
+***************
+*** 53,59 ****
+--- 53,62 ----
+  #include "../e_os.h"
+  
+  #include <openssl/evp.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
++ #include <openssl/err.h>
+  #include <openssl/conf.h>
+  
+  static void hexdump(FILE *f,const char *title,const unsigned char *s,int l)
+***************
+*** 330,340 ****
+--- 333,346 ----
+      /* Load up the software EVP_CIPHER and EVP_MD definitions */
+      OpenSSL_add_all_ciphers();
+      OpenSSL_add_all_digests();
++ #ifndef OPENSSL_NO_ENGINE
+      /* Load all compiled-in ENGINEs */
+      ENGINE_load_builtin_engines();
++ #endif
+  #if 0
+      OPENSSL_config();
+  #endif
++ #ifndef OPENSSL_NO_ENGINE
+      /* Register all available ENGINE implementations of ciphers and digests.
+       * This could perhaps be changed to "ENGINE_register_all_complete()"? */
+      ENGINE_register_all_ciphers();
+***************
+*** 343,348 ****
+--- 349,355 ----
+       * It'll prevent ENGINEs being ENGINE_init()ialised for cipher/digest use if
+       * they weren't already initialised. */
+      /* ENGINE_set_cipher_flags(ENGINE_CIPHER_FLAG_NOINIT); */
++ #endif
+  
+      for( ; ; )
+  	{
+***************
+*** 384,390 ****
+--- 391,399 ----
+  	    }
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+      ENGINE_cleanup();
++ #endif
+      EVP_cleanup();
+      CRYPTO_cleanup_all_ex_data();
+      ERR_remove_state(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/krb5/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/krb5/Makefile.ssl
+*** crypto/openssl/crypto/krb5/Makefile.ssl	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/krb5/Makefile.ssl	Mon Feb 24 21:14:54 2003
+***************
+*** 41,47 ****
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB)
+  	@touch lib
+  
+  files:
+--- 41,47 ----
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB) || echo Never mind.
+  	@touch lib
+  
+  files:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2test.c ../RELENG_4/crypto/openssl/crypto/md2/md2test.c
+*** crypto/openssl/crypto/md2/md2test.c	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/md2/md2test.c	Mon Feb 24 21:14:54 2003
+***************
+*** 125,131 ****
+  		P++;
+  		}
+  	EXIT(err);
+- 	return(0);
+  	}
+  
+  static char *pt(unsigned char *md)
+--- 125,130 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4.c ../RELENG_4/crypto/openssl/crypto/md4/md4.c
+*** crypto/openssl/crypto/md4/md4.c	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/md4/md4.c	Mon Feb 24 21:14:54 2003
+***************
+*** 64,70 ****
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #ifndef _OSD_POSIX
+  int read(int, void *, unsigned int);
+  #endif
+  
+--- 64,70 ----
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+  int read(int, void *, unsigned int);
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/md5/Makefile.ssl
+*** crypto/openssl/crypto/md5/Makefile.ssl	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/md5/Makefile.ssl	Mon Feb 24 21:14:54 2003
+***************
+*** 21,34 ****
+  
+  CFLAGS= $(INCLUDES) $(CFLAG)
+  
+- # We let the C compiler driver to take care of .s files. This is done in
+- # order to be excused from maintaining a separate set of architecture
+- # dependent assembler flags. E.g. if you throw -mcpu=ultrasparc at SPARC
+- # gcc, then the driver will automatically translate it to -xarch=v8plus
+- # and pass it down to assembler.
+- AS=$(CC) -c
+- ASFLAGS=$(CFLAGS)
+- 
+  GENERAL=Makefile
+  TEST=md5test.c
+  APPS=
+--- 21,26 ----
+***************
+*** 55,68 ****
+  	@touch lib
+  
+  # elf
+! asm/mx86-elf.o: asm/mx86unix.cpp
+! 	$(CPP) -DELF -x c asm/mx86unix.cpp | as -o asm/mx86-elf.o
+! 
+! # solaris
+! asm/mx86-sol.o: asm/mx86unix.cpp
+! 	$(CC) -E -DSOL asm/mx86unix.cpp | sed 's/^#.*//' > asm/mx86-sol.s
+! 	as -o asm/mx86-sol.o asm/mx86-sol.s
+! 	rm -f asm/mx86-sol.s
+  
+  # a.out
+  asm/mx86-out.o: asm/mx86unix.cpp
+--- 47,54 ----
+  	@touch lib
+  
+  # elf
+! asm/mx86-elf.s: asm/md5-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) md5-586.pl elf $(CFLAGS) > mx86-elf.s)
+  
+  # a.out
+  asm/mx86-out.o: asm/mx86unix.cpp
+***************
+*** 125,131 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/mx86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 111,117 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/mx86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5.c ../RELENG_4/crypto/openssl/crypto/md5/md5.c
+*** crypto/openssl/crypto/md5/md5.c	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/md5/md5.c	Mon Feb 24 21:14:54 2003
+***************
+*** 64,70 ****
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #ifndef _OSD_POSIX
+  int read(int, void *, unsigned int);
+  #endif
+  
+--- 64,70 ----
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+  int read(int, void *, unsigned int);
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5.h ../RELENG_4/crypto/openssl/crypto/md5/md5.h
+*** crypto/openssl/crypto/md5/md5.h	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/md5/md5.h	Mon Feb 24 21:14:54 2003
+***************
+*** 78,84 ****
+  
+  #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+  #define MD5_LONG unsigned long
+! #elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__)
+  #define MD5_LONG unsigned long
+  #define MD5_LONG_LOG2 3
+  /*
+--- 78,84 ----
+  
+  #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__)
+  #define MD5_LONG unsigned long
+! #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__)
+  #define MD5_LONG unsigned long
+  #define MD5_LONG_LOG2 3
+  /*
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem.c ../RELENG_4/crypto/openssl/crypto/mem.c
+*** crypto/openssl/crypto/mem.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/mem.c	Mon Feb 24 21:14:51 2003
+***************
+*** 252,257 ****
+--- 252,259 ----
+  	void *ret = NULL;
+  	extern unsigned char cleanse_ctr;
+  
++ 	if (num < 0) return NULL;
++ 
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+  		{
+***************
+*** 291,296 ****
+--- 293,300 ----
+  	void *ret = NULL;
+  	extern unsigned char cleanse_ctr;
+  
++ 	if (num < 0) return NULL;
++ 
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+  		{
+***************
+*** 319,324 ****
+--- 323,331 ----
+  
+  	if (str == NULL)
+  		return CRYPTO_malloc(num, file, line);
++ 
++  	if (num < 0) return NULL;
++  
+  	if (realloc_debug_func != NULL)
+  		realloc_debug_func(str, NULL, num, file, line, 0);
+  	ret = realloc_ex_func(str,num,file,line);
+***************
+*** 338,343 ****
+--- 345,353 ----
+  
+  	if (str == NULL)
+  		return CRYPTO_malloc(num, file, line);
++  
++  	if (num < 0) return NULL;
++  
+  	if (realloc_debug_func != NULL)
+  		realloc_debug_func(str, NULL, num, file, line, 0);
+  	ret=malloc_ex_func(num,file,line);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/o_time.c ../RELENG_4/crypto/openssl/crypto/o_time.c
+*** crypto/openssl/crypto/o_time.c	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/o_time.c	Mon Feb 24 21:14:51 2003
+***************
+*** 80,86 ****
+  	ts = result;
+  #elif !defined(OPENSSL_SYS_VMS)
+  	ts = gmtime(timer);
+! 	memcpy(result, ts, sizeof(struct tm));
+  	ts = result;
+  #endif
+  #ifdef OPENSSL_SYS_VMS
+--- 80,87 ----
+  	ts = result;
+  #elif !defined(OPENSSL_SYS_VMS)
+  	ts = gmtime(timer);
+! 	if (ts != NULL)
+! 		memcpy(result, ts, sizeof(struct tm));
+  	ts = result;
+  #endif
+  #ifdef OPENSSL_SYS_VMS
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.h ../RELENG_4/crypto/openssl/crypto/objects/obj_dat.h
+*** crypto/openssl/crypto/objects/obj_dat.h	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/objects/obj_dat.h	Mon Feb 24 21:14:55 2003
+***************
+*** 827,833 ****
+  {"RC4-40","rc4-40",NID_rc4_40,0,NULL},
+  {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
+  {"GN","givenName",NID_givenName,3,&(lvalues[535]),0},
+! {"SN","surName",NID_surname,3,&(lvalues[538]),0},
+  {"initials","initials",NID_initials,3,&(lvalues[541]),0},
+  {NULL,NULL,NID_undef,0,NULL},
+  {"crlDistributionPoints","X509v3 CRL Distribution Points",
+--- 827,833 ----
+  {"RC4-40","rc4-40",NID_rc4_40,0,NULL},
+  {"RC2-40-CBC","rc2-40-cbc",NID_rc2_40_cbc,0,NULL},
+  {"GN","givenName",NID_givenName,3,&(lvalues[535]),0},
+! {"SN","surname",NID_surname,3,&(lvalues[538]),0},
+  {"initials","initials",NID_initials,3,&(lvalues[541]),0},
+  {NULL,NULL,NID_undef,0,NULL},
+  {"crlDistributionPoints","X509v3 CRL Distribution Points",
+***************
+*** 3005,3011 ****
+  &(nid_objs[16]),/* "stateOrProvinceName" */
+  &(nid_objs[498]),/* "subtreeMaximumQuality" */
+  &(nid_objs[497]),/* "subtreeMinimumQuality" */
+! &(nid_objs[100]),/* "surName" */
+  &(nid_objs[459]),/* "textEncodedORAddress" */
+  &(nid_objs[293]),/* "textNotice" */
+  &(nid_objs[106]),/* "title" */
+--- 3005,3011 ----
+  &(nid_objs[16]),/* "stateOrProvinceName" */
+  &(nid_objs[498]),/* "subtreeMaximumQuality" */
+  &(nid_objs[497]),/* "subtreeMinimumQuality" */
+! &(nid_objs[100]),/* "surname" */
+  &(nid_objs[459]),/* "textEncodedORAddress" */
+  &(nid_objs[293]),/* "textNotice" */
+  &(nid_objs[106]),/* "title" */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.h ../RELENG_4/crypto/openssl/crypto/objects/obj_mac.h
+*** crypto/openssl/crypto/objects/obj_mac.h	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/objects/obj_mac.h	Mon Feb 24 21:14:55 2003
+***************
+*** 1596,1602 ****
+  #define OBJ_commonName		OBJ_X509,3L
+  
+  #define SN_surname		"SN"
+! #define LN_surname		"surName"
+  #define NID_surname		100
+  #define OBJ_surname		OBJ_X509,4L
+  
+--- 1596,1602 ----
+  #define OBJ_commonName		OBJ_X509,3L
+  
+  #define SN_surname		"SN"
+! #define LN_surname		"surname"
+  #define NID_surname		100
+  #define OBJ_surname		OBJ_X509,4L
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/objects.txt ../RELENG_4/crypto/openssl/crypto/objects/objects.txt
+*** crypto/openssl/crypto/objects/objects.txt	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/objects/objects.txt	Mon Feb 24 21:14:55 2003
+***************
+*** 531,538 ****
+  
+  X500 4			: X509
+  X509 3			: CN			: commonName
+! !Cname surname
+! X509 4			: SN			: surName
+  X509 5			: 			: serialNumber
+  X509 6			: C			: countryName
+  X509 7			: L			: localityName
+--- 531,537 ----
+  
+  X500 4			: X509
+  X509 3			: CN			: commonName
+! X509 4			: SN			: surname
+  X509 5			: 			: serialNumber
+  X509 6			: C			: countryName
+  X509 7			: L			: localityName
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ocsp/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/ocsp/Makefile.ssl
+*** crypto/openssl/crypto/ocsp/Makefile.ssl	Mon Feb 24 20:42:45 2003
+--- ../RELENG_4/crypto/openssl/crypto/ocsp/Makefile.ssl	Mon Feb 24 21:14:55 2003
+***************
+*** 43,49 ****
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB)
+  	@touch lib
+  
+  files:
+--- 43,49 ----
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB) || echo Never mind.
+  	@touch lib
+  
+  files:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslv.h ../RELENG_4/crypto/openssl/crypto/opensslv.h
+*** crypto/openssl/crypto/opensslv.h	Mon Feb 24 20:42:42 2003
+--- ../RELENG_4/crypto/openssl/crypto/opensslv.h	Mon Feb 24 21:14:51 2003
+***************
+*** 25,32 ****
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090700fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7 31 Dec 2002"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+--- 25,32 ----
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090701fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.7a Feb 19 2003"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/perlasm/x86asm.pl ../RELENG_4/crypto/openssl/crypto/perlasm/x86asm.pl
+*** crypto/openssl/crypto/perlasm/x86asm.pl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/perlasm/x86asm.pl	Mon Feb 24 21:14:55 2003
+***************
+*** 18,26 ****
+  	($type,$fn,$i386)=@_;
+  	$filename=$fn;
+  
+! 	$cpp=$sol=$aout=$win32=$gaswin=0;
+  	if (	($type eq "elf"))
+! 		{ require "x86unix.pl"; }
+  	elsif (	($type eq "a.out"))
+  		{ $aout=1; require "x86unix.pl"; }
+  	elsif (	($type eq "gaswin"))
+--- 18,26 ----
+  	($type,$fn,$i386)=@_;
+  	$filename=$fn;
+  
+! 	$elf=$cpp=$sol=$aout=$win32=$gaswin=0;
+  	if (	($type eq "elf"))
+! 		{ $elf=1; require "x86unix.pl"; }
+  	elsif (	($type eq "a.out"))
+  		{ $aout=1; require "x86unix.pl"; }
+  	elsif (	($type eq "gaswin"))
+***************
+*** 47,52 ****
+--- 47,55 ----
+  		exit(1);
+  		}
+  
++ 	$pic=0;
++ 	for (@ARGV) {	$pic=1 if (/\-[fK]PIC/i);	}
++ 
+  	&asm_init_output();
+  
+  &comment("Don't even think of reading this code");
+***************
+*** 91,97 ****
+  #undef SIZE
+  #undef TYPE
+  #define SIZE(a,b)
+! #define TYPE(a,b)
+  #endif /* __CYGWIN || __DJGPP */
+  #endif
+  
+--- 94,100 ----
+  #undef SIZE
+  #undef TYPE
+  #define SIZE(a,b)
+! #define TYPE(a,b)	.def a; .scl 2; .type 32; .endef
+  #endif /* __CYGWIN || __DJGPP */
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/perlasm/x86ms.pl ../RELENG_4/crypto/openssl/crypto/perlasm/x86ms.pl
+*** crypto/openssl/crypto/perlasm/x86ms.pl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/perlasm/x86ms.pl	Mon Feb 24 21:14:55 2003
+***************
+*** 367,370 ****
+--- 367,376 ----
+  	push(@out,"\t$name\t ".&conv($p1)."\n");
+  	}
+  
++ sub main'picmeup
++ 	{
++ 	local($dst,$sym)=@_;
++ 	&main'lea($dst,&main'DWP($sym));
++ 	}
++ 
+  sub main'blindpop { &out1("pop",@_); }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/perlasm/x86nasm.pl ../RELENG_4/crypto/openssl/crypto/perlasm/x86nasm.pl
+*** crypto/openssl/crypto/perlasm/x86nasm.pl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/perlasm/x86nasm.pl	Mon Feb 24 21:14:55 2003
+***************
+*** 344,347 ****
+--- 344,353 ----
+  	push(@out,"\t$name\t ".&conv($p1)."\n");
+  	}
+  
++ sub main'picmeup
++ 	{
++ 	local($dst,$sym)=@_;
++ 	&main'lea($dst,&main'DWP($sym));
++ 	}
++ 
+  sub main'blindpop { &out1("pop",@_); }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/perlasm/x86unix.pl ../RELENG_4/crypto/openssl/crypto/perlasm/x86unix.pl
+*** crypto/openssl/crypto/perlasm/x86unix.pl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/perlasm/x86unix.pl	Mon Feb 24 21:14:55 2003
+***************
+*** 345,359 ****
+  	popl	%ebx
+  	popl	%ebp
+  	ret
+! .${func}_end:
+  EOF
+  	push(@out,$tmp);
+  
+  	if ($main'cpp)
+! 		{ push(@out,"\tSIZE($func,.${func}_end-$func)\n"); }
+  	elsif ($main'gaswin)
+                  { $tmp=push(@out,"\t.align 4\n"); }
+! 	else	{ push(@out,"\t.size\t$func,.${func}_end-$func\n"); }
+  	push(@out,".ident	\"$func\"\n");
+  	$stack=0;
+  	%label=();
+--- 345,359 ----
+  	popl	%ebx
+  	popl	%ebp
+  	ret
+! .L_${func}_end:
+  EOF
+  	push(@out,$tmp);
+  
+  	if ($main'cpp)
+! 		{ push(@out,"\tSIZE($func,.L_${func}_end-$func)\n"); }
+  	elsif ($main'gaswin)
+                  { $tmp=push(@out,"\t.align 4\n"); }
+! 	else	{ push(@out,"\t.size\t$func,.L_${func}_end-$func\n"); }
+  	push(@out,".ident	\"$func\"\n");
+  	$stack=0;
+  	%label=();
+***************
+*** 426,431 ****
+--- 426,436 ----
+  
+  sub main'comment
+  	{
++ 	if ($main'elf)	# GNU and SVR4 as'es use different comment delimiters,
++ 		{	# so we just skip comments...
++ 		push(@out,"\n");
++ 		return;
++ 		}
+  	foreach (@_)
+  		{
+  		if (/^\s*$/)
+***************
+*** 546,552 ****
+  sub main'picmeup
+  	{
+  	local($dst,$sym)=@_;
+! 	local($tmp)=<<___;
+  #if (defined(ELF) || defined(SOL)) && defined(PIC)
+  	.align	8
+  	call	1f
+--- 551,559 ----
+  sub main'picmeup
+  	{
+  	local($dst,$sym)=@_;
+! 	if ($main'cpp)
+! 		{
+! 		local($tmp)=<<___;
+  #if (defined(ELF) || defined(SOL)) && defined(PIC)
+  	.align	8
+  	call	1f
+***************
+*** 557,563 ****
+  	leal	$sym,$regs{$dst}
+  #endif
+  ___
+! 	push(@out,$tmp);
+  	}
+  
+  sub main'blindpop { &out1("popl",@_); }
+--- 564,585 ----
+  	leal	$sym,$regs{$dst}
+  #endif
+  ___
+! 		push(@out,$tmp);
+! 		}
+! 	elsif ($main'pic && ($main'elf || $main'aout))
+! 		{
+! 		push(@out,"\t.align\t8\n");
+! 		&main'call(&main'label("PIC_me_up"));
+! 		&main'set_label("PIC_me_up");
+! 		&main'blindpop($dst);
+! 		&main'add($dst,"\$$under"."_GLOBAL_OFFSET_TABLE_+[.-".
+! 				&main'label("PIC_me_up") . "]");
+! 		&main'mov($dst,&main'DWP($sym."\@GOT",$dst));
+! 		}
+! 	else
+! 		{
+! 		&main'lea($dst,&main'DWP($sym));
+! 		}
+  	}
+  
+  sub main'blindpop { &out1("popl",@_); }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand.h ../RELENG_4/crypto/openssl/crypto/rand/rand.h
+*** crypto/openssl/crypto/rand/rand.h	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/rand/rand.h	Mon Feb 24 21:14:56 2003
+***************
+*** 87,93 ****
+--- 87,95 ----
+  
+  int RAND_set_rand_method(const RAND_METHOD *meth);
+  const RAND_METHOD *RAND_get_rand_method(void);
++ #ifndef OPENSSL_NO_ENGINE
+  int RAND_set_rand_engine(ENGINE *engine);
++ #endif
+  RAND_METHOD *RAND_SSLeay(void);
+  void RAND_cleanup(void );
+  int  RAND_bytes(unsigned char *buf,int num);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_lib.c ../RELENG_4/crypto/openssl/crypto/rand/rand_lib.c
+*** crypto/openssl/crypto/rand/rand_lib.c	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/rand/rand_lib.c	Mon Feb 24 21:14:56 2003
+***************
+*** 60,78 ****
+--- 60,84 ----
+  #include <time.h>
+  #include "cryptlib.h"
+  #include <openssl/rand.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
++ #ifndef OPENSSL_NO_ENGINE
+  /* non-NULL if default_RAND_meth is ENGINE-provided */
+  static ENGINE *funct_ref =NULL;
++ #endif
+  static const RAND_METHOD *default_RAND_meth = NULL;
+  
+  int RAND_set_rand_method(const RAND_METHOD *meth)
+  	{
++ #ifndef OPENSSL_NO_ENGINE
+  	if(funct_ref)
+  		{
+  		ENGINE_finish(funct_ref);
+  		funct_ref = NULL;
+  		}
++ #endif
+  	default_RAND_meth = meth;
+  	return 1;
+  	}
+***************
+*** 81,86 ****
+--- 87,93 ----
+  	{
+  	if (!default_RAND_meth)
+  		{
++ #ifndef OPENSSL_NO_ENGINE
+  		ENGINE *e = ENGINE_get_default_RAND();
+  		if(e)
+  			{
+***************
+*** 94,104 ****
+--- 101,113 ----
+  		if(e)
+  			funct_ref = e;
+  		else
++ #endif
+  			default_RAND_meth = RAND_SSLeay();
+  		}
+  	return default_RAND_meth;
+  	}
+  
++ #ifndef OPENSSL_NO_ENGINE
+  int RAND_set_rand_engine(ENGINE *engine)
+  	{
+  	const RAND_METHOD *tmp_meth = NULL;
+***************
+*** 118,123 ****
+--- 127,133 ----
+  	funct_ref = engine;
+  	return 1;
+  	}
++ #endif
+  
+  void RAND_cleanup(void)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/rc4/Makefile.ssl
+*** crypto/openssl/crypto/rc4/Makefile.ssl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/rc4/Makefile.ssl	Mon Feb 24 21:14:56 2003
+***************
+*** 52,65 ****
+  	@touch lib
+  
+  # elf
+! asm/rx86-elf.o: asm/rx86unix.cpp
+! 	$(CPP) -DELF -x c asm/rx86unix.cpp | as -o asm/rx86-elf.o
+! 
+! # solaris
+! asm/rx86-sol.o: asm/rx86unix.cpp
+! 	$(CC) -E -DSOL asm/rx86unix.cpp | sed 's/^#.*//' > asm/rx86-sol.s
+! 	as -o asm/rx86-sol.o asm/rx86-sol.s
+! 	rm -f asm/rx86-sol.s
+  
+  # a.out
+  asm/rx86-out.o: asm/rx86unix.cpp
+--- 52,59 ----
+  	@touch lib
+  
+  # elf
+! asm/rx86-elf.s: asm/rc4-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) rc4-586.pl elf $(CFLAGS) > rx86-elf.s)
+  
+  # a.out
+  asm/rx86-out.o: asm/rx86unix.cpp
+***************
+*** 104,110 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/rx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 98,104 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/rx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/rc5/Makefile.ssl
+*** crypto/openssl/crypto/rc5/Makefile.ssl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/rc5/Makefile.ssl	Mon Feb 24 21:14:56 2003
+***************
+*** 49,62 ****
+  	@touch lib
+  
+  # elf
+! asm/r586-elf.o: asm/r586unix.cpp
+! 	$(CPP) -DELF -x c asm/r586unix.cpp | as -o asm/r586-elf.o
+! 
+! # solaris
+! asm/r586-sol.o: asm/r586unix.cpp
+! 	$(CC) -E -DSOL asm/r586unix.cpp | sed 's/^#.*//' > asm/r586-sol.s
+! 	as -o asm/r586-sol.o asm/r586-sol.s
+! 	rm -f asm/r586-sol.s
+  
+  # a.out
+  asm/r586-out.o: asm/r586unix.cpp
+--- 49,56 ----
+  	@touch lib
+  
+  # elf
+! asm/r586-elf.s: asm/rc5-586.pl ../perlasm/x86asm.pl ../perlasm/cbc.pl
+! 	(cd asm; $(PERL) rc5-586.pl elf $(CFLAGS) > r586-elf.s)
+  
+  # a.out
+  asm/r586-out.o: asm/r586unix.cpp
+***************
+*** 101,107 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/r586unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 95,101 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/r586unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/rc5_locl.h ../RELENG_4/crypto/openssl/crypto/rc5/rc5_locl.h
+*** crypto/openssl/crypto/rc5/rc5_locl.h	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/rc5/rc5_locl.h	Mon Feb 24 21:14:56 2003
+***************
+*** 149,155 ****
+  #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+  #define ROTATE_l32(a,n)     _lrotl(a,n)
+  #define ROTATE_r32(a,n)     _lrotr(a,n)
+! #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(NO_ASM) && !defined(NO_INLINE_ASM)
+  # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+  #  define ROTATE_l32(a,n)	({ register unsigned int ret;	\
+  					asm ("roll %%cl,%0"	\
+--- 149,155 ----
+  #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER)
+  #define ROTATE_l32(a,n)     _lrotl(a,n)
+  #define ROTATE_r32(a,n)     _lrotr(a,n)
+! #elif defined(__GNUC__) && __GNUC__>=2 && !defined(__STRICT_ANSI__) && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC)
+  # if defined(__i386) || defined(__i386__) || defined(__x86_64) || defined(__x86_64__)
+  #  define ROTATE_l32(a,n)	({ register unsigned int ret;	\
+  					asm ("roll %%cl,%0"	\
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/ripemd/Makefile.ssl
+*** crypto/openssl/crypto/ripemd/Makefile.ssl	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/ripemd/Makefile.ssl	Mon Feb 24 21:14:56 2003
+***************
+*** 47,60 ****
+  	@touch lib
+  
+  # elf
+! asm/rm86-elf.o: asm/rm86unix.cpp
+! 	$(CPP) -DELF -x c asm/rm86unix.cpp | as -o asm/rm86-elf.o
+! 
+! # solaris
+! asm/rm86-sol.o: asm/rm86unix.cpp
+! 	$(CC) -E -DSOL asm/rm86unix.cpp | sed 's/^#.*//' > asm/rm86-sol.s
+! 	as -o asm/rm86-sol.o asm/rm86-sol.s
+! 	rm -f asm/rm86-sol.s
+  
+  # a.out
+  asm/rm86-out.o: asm/rm86unix.cpp
+--- 47,54 ----
+  	@touch lib
+  
+  # elf
+! asm/rm86-elf.s: asm/rmd-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) rmd-586.pl elf $(CFLAGS) > rm86-elf.s)
+  
+  # a.out
+  asm/rm86-out.o: asm/rm86unix.cpp
+***************
+*** 99,105 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/rm86unix.cpp *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 93,99 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/rm86unix.cpp asm/*-elf.* *.o asm/*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmd160.c ../RELENG_4/crypto/openssl/crypto/ripemd/rmd160.c
+*** crypto/openssl/crypto/ripemd/rmd160.c	Mon Feb 24 20:42:46 2003
+--- ../RELENG_4/crypto/openssl/crypto/ripemd/rmd160.c	Mon Feb 24 21:14:56 2003
+***************
+*** 64,70 ****
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #ifndef _OSD_POSIX
+  int read(int, void *, unsigned int);
+  #endif
+  
+--- 64,70 ----
+  
+  void do_fp(FILE *f);
+  void pt(unsigned char *md);
+! #if !defined(_OSD_POSIX) && !defined(__DJGPP__)
+  int read(int, void *, unsigned int);
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_eay.c ../RELENG_4/crypto/openssl/crypto/rsa/rsa_eay.c
+*** crypto/openssl/crypto/rsa/rsa_eay.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/rsa/rsa_eay.c	Mon Feb 24 21:14:56 2003
+***************
+*** 61,67 ****
+--- 61,69 ----
+  #include <openssl/bn.h>
+  #include <openssl/rsa.h>
+  #include <openssl/rand.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  #ifndef RSA_NULL
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_lib.c ../RELENG_4/crypto/openssl/crypto/rsa/rsa_lib.c
+*** crypto/openssl/crypto/rsa/rsa_lib.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/rsa/rsa_lib.c	Mon Feb 24 21:14:56 2003
+***************
+*** 62,68 ****
+--- 62,70 ----
+  #include <openssl/lhash.h>
+  #include <openssl/bn.h>
+  #include <openssl/rsa.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
+  
+***************
+*** 108,118 ****
+--- 110,122 ----
+  	const RSA_METHOD *mtmp;
+  	mtmp = rsa->meth;
+  	if (mtmp->finish) mtmp->finish(rsa);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (rsa->engine)
+  		{
+  		ENGINE_finish(rsa->engine);
+  		rsa->engine = NULL;
+  		}
++ #endif
+  	rsa->meth = meth;
+  	if (meth->init) meth->init(rsa);
+  	return 1;
+***************
+*** 130,135 ****
+--- 134,140 ----
+  		}
+  
+  	ret->meth = RSA_get_default_method();
++ #ifndef OPENSSL_NO_ENGINE
+  	if (engine)
+  		{
+  		if (!ENGINE_init(engine))
+***************
+*** 154,159 ****
+--- 159,165 ----
+  			return NULL;
+  			}
+  		}
++ #endif
+  
+  	ret->pad=0;
+  	ret->version=0;
+***************
+*** 175,182 ****
+--- 181,190 ----
+  	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+  	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+  		{
++ #ifndef OPENSSL_NO_ENGINE
+  		if (ret->engine)
+  			ENGINE_finish(ret->engine);
++ #endif
+  		CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+  		OPENSSL_free(ret);
+  		ret=NULL;
+***************
+*** 205,212 ****
+--- 213,222 ----
+  
+  	if (r->meth->finish)
+  		r->meth->finish(r);
++ #ifndef OPENSSL_NO_ENGINE
+  	if (r->engine)
+  		ENGINE_finish(r->engine);
++ #endif
+  
+  	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_sign.c ../RELENG_4/crypto/openssl/crypto/rsa/rsa_sign.c
+*** crypto/openssl/crypto/rsa/rsa_sign.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/rsa/rsa_sign.c	Mon Feb 24 21:14:56 2003
+***************
+*** 62,68 ****
+--- 62,70 ----
+  #include <openssl/rsa.h>
+  #include <openssl/objects.h>
+  #include <openssl/x509.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  /* Size of an SSL signature: MD5+SHA1 */
+  #define SSL_SIG_LENGTH	36
+***************
+*** 77,86 ****
+--- 79,90 ----
+  	const unsigned char *s = NULL;
+  	X509_ALGOR algor;
+  	ASN1_OCTET_STRING digest;
++ #ifndef OPENSSL_NO_ENGINE
+  	if((rsa->flags & RSA_FLAG_SIGN_VER)
+  	      && ENGINE_get_RSA(rsa->engine)->rsa_sign)
+  	      return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
+  			m, m_len, sigret, siglen, rsa);
++ #endif
+  	/* Special case: SSL signature, just check the length */
+  	if(type == NID_md5_sha1) {
+  		if(m_len != SSL_SIG_LENGTH) {
+***************
+*** 155,164 ****
+--- 159,170 ----
+  		return(0);
+  		}
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	if((rsa->flags & RSA_FLAG_SIGN_VER)
+  	    && ENGINE_get_RSA(rsa->engine)->rsa_verify)
+  	    return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
+  			m, m_len, sigbuf, siglen, rsa);
++ #endif
+  
+  	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
+  	if (s == NULL)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_test.c ../RELENG_4/crypto/openssl/crypto/rsa/rsa_test.c
+*** crypto/openssl/crypto/rsa/rsa_test.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/rsa/rsa_test.c	Mon Feb 24 21:14:56 2003
+***************
+*** 16,22 ****
+--- 16,24 ----
+  }
+  #else
+  #include <openssl/rsa.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  #define SetKey \
+    key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/sha/Makefile.ssl
+*** crypto/openssl/crypto/sha/Makefile.ssl	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/sha/Makefile.ssl	Mon Feb 24 21:14:56 2003
+***************
+*** 47,60 ****
+  	@touch lib
+  
+  # elf
+! asm/sx86-elf.o: asm/sx86unix.cpp
+! 	$(CPP) -DELF -x c asm/sx86unix.cpp | as -o asm/sx86-elf.o
+! 
+! # solaris
+! asm/sx86-sol.o: asm/sx86unix.cpp
+! 	$(CC) -E -DSOL asm/sx86unix.cpp | sed 's/^#.*//' > asm/sx86-sol.s
+! 	as -o asm/sx86-sol.o asm/sx86-sol.s
+! 	rm -f asm/sx86-sol.s
+  
+  # a.out
+  asm/sx86-out.o: asm/sx86unix.cpp
+--- 47,54 ----
+  	@touch lib
+  
+  # elf
+! asm/sx86-elf.s: asm/sha1-586.pl ../perlasm/x86asm.pl
+! 	(cd asm; $(PERL) sha1-586.pl elf $(CFLAGS) $(PROCESSOR) > sx86-elf.s)
+  
+  # a.out
+  asm/sx86-out.o: asm/sx86unix.cpp
+***************
+*** 99,105 ****
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/sx86unix.cpp *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+--- 93,99 ----
+  	mv -f Makefile.new $(MAKEFILE)
+  
+  clean:
+! 	rm -f asm/sx86unix.cpp asm/*-elf.* *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff asm/*.o
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ui/Makefile.ssl ../RELENG_4/crypto/openssl/crypto/ui/Makefile.ssl
+*** crypto/openssl/crypto/ui/Makefile.ssl	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/ui/Makefile.ssl	Mon Feb 24 21:14:56 2003
+***************
+*** 44,50 ****
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB)
+  	@touch lib
+  
+  files:
+--- 44,50 ----
+  
+  lib:	$(LIBOBJ)
+  	$(AR) $(LIB) $(LIBOBJ)
+! 	$(RANLIB) $(LIB) || echo Never mind.
+  	@touch lib
+  
+  files:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ui/ui_openssl.c ../RELENG_4/crypto/openssl/crypto/ui/ui_openssl.c
+*** crypto/openssl/crypto/ui/ui_openssl.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/ui/ui_openssl.c	Mon Feb 24 21:14:56 2003
+***************
+*** 550,556 ****
+  
+  static int close_console(UI *ui)
+  	{
+! 	if (tty_in != stderr) fclose(tty_in);
+  	if (tty_out != stderr) fclose(tty_out);
+  #ifdef OPENSSL_SYS_VMS
+  	status = sys$dassgn(channel);
+--- 550,556 ----
+  
+  static int close_console(UI *ui)
+  	{
+! 	if (tty_in != stdin) fclose(tty_in);
+  	if (tty_out != stderr) fclose(tty_out);
+  #ifdef OPENSSL_SYS_VMS
+  	status = sys$dassgn(channel);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/ext_dat.h ../RELENG_4/crypto/openssl/crypto/x509v3/ext_dat.h
+*** crypto/openssl/crypto/x509v3/ext_dat.h	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/x509v3/ext_dat.h	Mon Feb 24 21:14:56 2003
+***************
+*** 90,106 ****
+--- 90,112 ----
+  &v3_crld,
+  &v3_ext_ku,
+  &v3_crl_reason,
++ #ifndef OPENSSL_NO_OCSP
+  &v3_crl_invdate,
++ #endif
+  &v3_sxnet,
+  &v3_info,
++ #ifndef OPENSSL_NO_OCSP
+  &v3_ocsp_nonce,
+  &v3_ocsp_crlid,
+  &v3_ocsp_accresp,
+  &v3_ocsp_nocheck,
+  &v3_ocsp_acutoff,
+  &v3_ocsp_serviceloc,
++ #endif
+  &v3_sinfo,
++ #ifndef OPENSSL_NO_OCSP
+  &v3_crl_hold
++ #endif
+  };
+  
+  /* Number of standard extensions */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/v3_ocsp.c ../RELENG_4/crypto/openssl/crypto/x509v3/v3_ocsp.c
+*** crypto/openssl/crypto/x509v3/v3_ocsp.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/x509v3/v3_ocsp.c	Mon Feb 24 21:14:56 2003
+***************
+*** 56,61 ****
+--- 56,63 ----
+   *
+   */
+  
++ #ifndef OPENSSL_NO_OCSP
++ 
+  #include <stdio.h>
+  #include "cryptlib.h"
+  #include <openssl/conf.h>
+***************
+*** 270,272 ****
+--- 272,275 ----
+  err:
+  	return 0;
+  	}
++ #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/v3_purp.c ../RELENG_4/crypto/openssl/crypto/x509v3/v3_purp.c
+*** crypto/openssl/crypto/x509v3/v3_purp.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/x509v3/v3_purp.c	Mon Feb 24 21:14:56 2003
+***************
+*** 378,383 ****
+--- 378,387 ----
+  				case NID_time_stamp:
+  				x->ex_xkusage |= XKU_TIMESTAMP;
+  				break;
++ 
++ 				case NID_dvcs:
++ 				x->ex_xkusage |= XKU_DVCS;
++ 				break;
+  			}
+  		}
+  		sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/v3conf.c ../RELENG_4/crypto/openssl/crypto/x509v3/v3conf.c
+*** crypto/openssl/crypto/x509v3/v3conf.c	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/x509v3/v3conf.c	Mon Feb 24 21:14:57 2003
+***************
+*** 118,124 ****
+  		printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+  		if(ext->critical) printf(",critical:\n");
+  		else printf(":\n");
+! 		X509V3_EXT_print_fp(stdout, ext, 0);
+  		printf("\n");
+  		
+  	}
+--- 118,124 ----
+  		printf("%s", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
+  		if(ext->critical) printf(",critical:\n");
+  		else printf(":\n");
+! 		X509V3_EXT_print_fp(stdout, ext, 0, 0);
+  		printf("\n");
+  		
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/x509v3.h ../RELENG_4/crypto/openssl/crypto/x509v3/x509v3.h
+*** crypto/openssl/crypto/x509v3/x509v3.h	Mon Feb 24 20:42:47 2003
+--- ../RELENG_4/crypto/openssl/crypto/x509v3/x509v3.h	Mon Feb 24 21:14:57 2003
+***************
+*** 352,357 ****
+--- 352,358 ----
+  #define XKU_SGC			0x10
+  #define XKU_OCSP_SIGN		0x20
+  #define XKU_TIMESTAMP		0x40
++ #define XKU_DVCS		0x80
+  
+  #define X509_PURPOSE_DYNAMIC	0x1
+  #define X509_PURPOSE_DYNAMIC_NAME	0x2
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/x509/mkcert.c ../RELENG_4/crypto/openssl/demos/x509/mkcert.c
+*** crypto/openssl/demos/x509/mkcert.c	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/demos/x509/mkcert.c	Mon Feb 24 21:14:57 2003
+***************
+*** 9,15 ****
+--- 9,17 ----
+  #include <openssl/pem.h>
+  #include <openssl/conf.h>
+  #include <openssl/x509v3.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  int mkcert(X509 **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+  int add_ext(X509 *cert, int nid, char *value);
+***************
+*** 35,41 ****
+--- 37,45 ----
+  	X509_free(x509);
+  	EVP_PKEY_free(pkey);
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE_cleanup();
++ #endif
+  	CRYPTO_cleanup_all_ex_data();
+  
+  	CRYPTO_mem_leaks(bio_err);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/x509/mkreq.c ../RELENG_4/crypto/openssl/demos/x509/mkreq.c
+*** crypto/openssl/demos/x509/mkreq.c	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/demos/x509/mkreq.c	Mon Feb 24 21:14:57 2003
+***************
+*** 8,14 ****
+--- 8,16 ----
+  #include <openssl/pem.h>
+  #include <openssl/conf.h>
+  #include <openssl/x509v3.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  
+  int mkreq(X509_REQ **x509p, EVP_PKEY **pkeyp, int bits, int serial, int days);
+  int add_ext(STACK_OF(X509_REQUEST) *sk, int nid, char *value);
+***************
+*** 33,39 ****
+--- 35,43 ----
+  	X509_REQ_free(req);
+  	EVP_PKEY_free(pkey);
+  
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE_cleanup();
++ #endif
+  	CRYPTO_cleanup_all_ex_data();
+  
+  	CRYPTO_mem_leaks(bio_err);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/HOWTO/certificates.txt ../RELENG_4/crypto/openssl/doc/HOWTO/certificates.txt
+*** crypto/openssl/doc/HOWTO/certificates.txt	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/HOWTO/certificates.txt	Mon Feb 24 21:14:58 2003
+***************
+*** 1,6 ****
+--- 1,8 ----
+  <DRAFT!>
+  			HOWTO certificates
+  
++ 1. Introduction
++ 
+  How you handle certificates depend a great deal on what your role is.
+  Your role can be one or several of:
+  
+***************
+*** 13,24 ****
+  
+  In all the cases shown below, the standard configuration file, as
+  compiled into openssl, will be used.  You may find it in /etc/,
+! /usr/local/ssr/ or somewhere else.  The name is openssl.cnf, and
+  is better described in another HOWTO <config.txt?>.  If you want to
+  use a different configuration file, use the argument '-config {file}'
+  with the command shown below.
+  
+  
+  Certificates are related to public key cryptography by containing a
+  public key.  To be useful, there must be a corresponding private key
+  somewhere.  With OpenSSL, public keys are easily derived from private
+--- 15,28 ----
+  
+  In all the cases shown below, the standard configuration file, as
+  compiled into openssl, will be used.  You may find it in /etc/,
+! /usr/local/ssl/ or somewhere else.  The name is openssl.cnf, and
+  is better described in another HOWTO <config.txt?>.  If you want to
+  use a different configuration file, use the argument '-config {file}'
+  with the command shown below.
+  
+  
++ 2. Relationship with keys
++ 
+  Certificates are related to public key cryptography by containing a
+  public key.  To be useful, there must be a corresponding private key
+  somewhere.  With OpenSSL, public keys are easily derived from private
+***************
+*** 26,47 ****
+  need to create a private key.
+  
+  Private keys are generated with 'openssl genrsa' if you want a RSA
+! private key, or 'openssl gendsa' if you want a DSA private key.  More
+! info on how to handle these commands are found in the manual pages for
+! those commands or by running them with the argument '-h'.  For the
+! sake of the description in this file, let's assume that the private
+! key ended up in the file privkey.pem (which is the default in some
+! cases).
+  
+  
+! Let's start with the most normal way of getting a certificate.  Most
+! often, you want or need to get a certificate from a certificate
+! authority.  To handle that, the certificate authority needs a
+! certificate request (or, as some certificate authorities like to put
+  it, "certificate signing request", since that's exactly what they do,
+  they sign it and give you the result back, thus making it authentic
+! according to their policies) from you.  To generate a request, use the
+! command 'openssl req' like this:
+  
+    openssl req -new -key privkey.pem -out cert.csr
+  
+--- 30,54 ----
+  need to create a private key.
+  
+  Private keys are generated with 'openssl genrsa' if you want a RSA
+! private key, or 'openssl gendsa' if you want a DSA private key.
+! Further information on how to create private keys can be found in
+! another HOWTO <keys.txt?>.  The rest of this text assumes you have
+! a private key in the file privkey.pem.
+  
+  
+! 3. Creating a certificate request
+! 
+! To create a certificate, you need to start with a certificate
+! request (or, as some certificate authorities like to put
+  it, "certificate signing request", since that's exactly what they do,
+  they sign it and give you the result back, thus making it authentic
+! according to their policies).  A certificate request can then be sent
+! to a certificate authority to get it signed into a certificate, or if
+! you have your own certificate authority, you may sign it yourself, or
+! if you need a self-signed certificate (because you just want a test
+! certificate or because you are setting up your own CA).
+! 
+! The certificate is created like this:
+  
+    openssl req -new -key privkey.pem -out cert.csr
+  
+***************
+*** 55,63 ****
+  do (and probably gotten payment from you), they will hand over your
+  new certificate to you.
+  
+  
+- [fill in on how to create a self-signed certificate]
+  
+  
+  If you created everything yourself, or if the certificate authority
+  was kind enough, your certificate is a raw DER thing in PEM format.
+--- 62,86 ----
+  do (and probably gotten payment from you), they will hand over your
+  new certificate to you.
+  
++ Section 5 will tell you more on how to handle the certificate you
++ received.
++ 
++ 
++ 4. Creating a self-signed certificate
++ 
++ If you don't want to deal with another certificate authority, or just
++ want to create a test certificate for yourself, or are setting up a
++ certificate authority of your own, you may want to make the requested
++ certificate a self-signed one.  If you have created a certificate
++ request as shown above, you can sign it using the 'openssl x509'
++ command, for example like this (to create a self-signed CA
++ certificate):
++ 
++   openssl x509 -req -in cert.csr -extfile openssl.cnf -extensions v3_ca \
++ 	  -signkey privkey.pem -out cacert.pem -trustout
+  
+  
++ 5. What to do with the certificate
+  
+  If you created everything yourself, or if the certificate authority
+  was kind enough, your certificate is a raw DER thing in PEM format.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/ca.pod ../RELENG_4/crypto/openssl/doc/apps/ca.pod
+*** crypto/openssl/doc/apps/ca.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/ca.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 43,48 ****
+--- 43,49 ----
+  [B<-msie_hack>]
+  [B<-extensions section>]
+  [B<-extfile section>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 194,199 ****
+--- 195,207 ----
+  an additional configuration file to read certificate extensions from
+  (using the default section unless the B<-extensions> option is also
+  used).
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/dhparam.pod ../RELENG_4/crypto/openssl/doc/apps/dhparam.pod
+*** crypto/openssl/doc/apps/dhparam.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/dhparam.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 18,23 ****
+--- 18,24 ----
+  [B<-2>]
+  [B<-5>]
+  [B<-rand> I<file(s)>]
++ [B<-engine id>]
+  [I<numbits>]
+  
+  =head1 DESCRIPTION
+***************
+*** 95,100 ****
+--- 96,108 ----
+  
+  this option converts the parameters into C code. The parameters can then
+  be loaded by calling the B<get_dh>I<numbits>B<()> function.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/dsa.pod ../RELENG_4/crypto/openssl/doc/apps/dsa.pod
+*** crypto/openssl/doc/apps/dsa.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/dsa.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 21,26 ****
+--- 21,27 ----
+  [B<-modulus>]
+  [B<-pubin>]
+  [B<-pubout>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 105,110 ****
+--- 106,118 ----
+  by default a private key is output. With this option a public
+  key will be output instead. This option is automatically set if the input is
+  a public key.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/dsaparam.pod ../RELENG_4/crypto/openssl/doc/apps/dsaparam.pod
+*** crypto/openssl/doc/apps/dsaparam.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/dsaparam.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 16,21 ****
+--- 16,22 ----
+  [B<-C>]
+  [B<-rand file(s)>]
+  [B<-genkey>]
++ [B<-engine id>]
+  [B<numbits>]
+  
+  =head1 DESCRIPTION
+***************
+*** 81,86 ****
+--- 82,94 ----
+  this option specifies that a parameter set should be generated of size
+  B<numbits>. It must be the last option. If this option is included then
+  the input file (if any) is ignored.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/gendsa.pod ../RELENG_4/crypto/openssl/doc/apps/gendsa.pod
+*** crypto/openssl/doc/apps/gendsa.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/gendsa.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 12,17 ****
+--- 12,18 ----
+  [B<-des3>]
+  [B<-idea>]
+  [B<-rand file(s)>]
++ [B<-engine id>]
+  [B<paramfile>]
+  
+  =head1 DESCRIPTION
+***************
+*** 36,41 ****
+--- 37,49 ----
+  Multiple files can be specified separated by a OS-dependent character.
+  The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+  all others.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =item B<paramfile>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/genrsa.pod ../RELENG_4/crypto/openssl/doc/apps/genrsa.pod
+*** crypto/openssl/doc/apps/genrsa.pod	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/genrsa.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 15,20 ****
+--- 15,21 ----
+  [B<-f4>]
+  [B<-3>]
+  [B<-rand file(s)>]
++ [B<-engine id>]
+  [B<numbits>]
+  
+  =head1 DESCRIPTION
+***************
+*** 53,58 ****
+--- 54,66 ----
+  Multiple files can be specified separated by a OS-dependent character.
+  The separator is B<;> for MS-Windows, B<,> for OpenVMS, and B<:> for
+  all others.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =item B<numbits>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/pkcs7.pod ../RELENG_4/crypto/openssl/doc/apps/pkcs7.pod
+*** crypto/openssl/doc/apps/pkcs7.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/pkcs7.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 14,19 ****
+--- 14,20 ----
+  [B<-print_certs>]
+  [B<-text>]
+  [B<-noout>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 58,63 ****
+--- 59,71 ----
+  
+  don't output the encoded version of the PKCS#7 structure (or certificates
+  is B<-print_certs> is set).
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/pkcs8.pod ../RELENG_4/crypto/openssl/doc/apps/pkcs8.pod
+*** crypto/openssl/doc/apps/pkcs8.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/pkcs8.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 21,26 ****
+--- 21,27 ----
+  [B<-nsdb>]
+  [B<-v2 alg>]
+  [B<-v1 alg>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 121,126 ****
+--- 122,134 ----
+  
+  This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
+  list of possible algorithms is included below.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/req.pod ../RELENG_4/crypto/openssl/doc/apps/req.pod
+*** crypto/openssl/doc/apps/req.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/req.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 41,46 ****
+--- 41,47 ----
+  [B<-nameopt>]
+  [B<-batch>]
+  [B<-verbose>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 244,249 ****
+--- 245,257 ----
+  
+  print extra details about the operations being performed.
+  
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
++ 
+  =back
+  
+  =head1 CONFIGURATION FILE FORMAT
+***************
+*** 406,412 ****
+  The actual permitted field names are any object identifier short or
+  long names. These are compiled into OpenSSL and include the usual
+  values such as commonName, countryName, localityName, organizationName,
+! organizationUnitName, stateOrPrivinceName. Additionally emailAddress
+  is include as well as name, surname, givenName initials and dnQualifier.
+  
+  Additional object identifiers can be defined with the B<oid_file> or
+--- 414,420 ----
+  The actual permitted field names are any object identifier short or
+  long names. These are compiled into OpenSSL and include the usual
+  values such as commonName, countryName, localityName, organizationName,
+! organizationUnitName, stateOrProvinceName. Additionally emailAddress
+  is include as well as name, surname, givenName initials and dnQualifier.
+  
+  Additional object identifiers can be defined with the B<oid_file> or
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/rsa.pod ../RELENG_4/crypto/openssl/doc/apps/rsa.pod
+*** crypto/openssl/doc/apps/rsa.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/rsa.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 24,29 ****
+--- 24,30 ----
+  [B<-check>]
+  [B<-pubin>]
+  [B<-pubout>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 116,121 ****
+--- 117,129 ----
+  by default a private key is output: with this option a public
+  key will be output instead. This option is automatically set if
+  the input is a public key.
++ 
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/spkac.pod ../RELENG_4/crypto/openssl/doc/apps/spkac.pod
+*** crypto/openssl/doc/apps/spkac.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/spkac.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 17,23 ****
+  [B<-spksect section>]
+  [B<-noout>]
+  [B<-verify>]
+! 
+  
+  =head1 DESCRIPTION
+  
+--- 17,23 ----
+  [B<-spksect section>]
+  [B<-noout>]
+  [B<-verify>]
+! [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 79,84 ****
+--- 79,90 ----
+  
+  verifies the digital signature on the supplied SPKAC.
+  
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/x509.pod ../RELENG_4/crypto/openssl/doc/apps/x509.pod
+*** crypto/openssl/doc/apps/x509.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/apps/x509.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 50,55 ****
+--- 50,56 ----
+  [B<-clrext>]
+  [B<-extfile filename>]
+  [B<-extensions section>]
++ [B<-engine id>]
+  
+  =head1 DESCRIPTION
+  
+***************
+*** 98,103 ****
+--- 99,110 ----
+  specified then MD5 is used. If the key being used to sign with is a DSA key then
+  this option has no effect: SHA1 is always used with DSA keys.
+  
++ =item B<-engine id>
++ 
++ specifying an engine (by it's unique B<id> string) will cause B<req>
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  
+  =back
+  
+***************
+*** 637,644 ****
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust sslclient \
+! 	-alias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+--- 644,651 ----
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust clientAuth \
+! 	-setalias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_generate_prime.pod ../RELENG_4/crypto/openssl/doc/crypto/BN_generate_prime.pod
+*** crypto/openssl/doc/crypto/BN_generate_prime.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/crypto/BN_generate_prime.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 70,76 ****
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_check>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+--- 70,76 ----
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_checks>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_SealInit.pod ../RELENG_4/crypto/openssl/doc/crypto/EVP_SealInit.pod
+*** crypto/openssl/doc/crypto/EVP_SealInit.pod	Mon Feb 24 20:42:49 2003
+--- ../RELENG_4/crypto/openssl/doc/crypto/EVP_SealInit.pod	Mon Feb 24 21:14:58 2003
+***************
+*** 18,38 ****
+  =head1 DESCRIPTION
+  
+  The EVP envelope routines are a high level interface to envelope
+! encryption. They generate a random key and then "envelope" it by
+! using public key encryption. Data can then be encrypted using this
+! key.
+  
+  EVP_SealInit() initializes a cipher context B<ctx> for encryption
+! with cipher B<type> using a random secret key and IV supplied in
+! the B<iv> parameter. B<type> is normally supplied by a function such
+! as EVP_des_cbc(). The secret key is encrypted using one or more public
+! keys, this allows the same encrypted data to be decrypted using any
+! of the corresponding private keys. B<ek> is an array of buffers where
+! the public key encrypted secret key will be written, each buffer must
+! contain enough room for the corresponding encrypted key: that is
+  B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+  size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
+  an array of B<npubk> public keys.
+  
+  EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
+  as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
+--- 18,44 ----
+  =head1 DESCRIPTION
+  
+  The EVP envelope routines are a high level interface to envelope
+! encryption. They generate a random key and IV (if required) then
+! "envelope" it by using public key encryption. Data can then be
+! encrypted using this key.
+  
+  EVP_SealInit() initializes a cipher context B<ctx> for encryption
+! with cipher B<type> using a random secret key and IV. B<type> is normally
+! supplied by a function such as EVP_des_cbc(). The secret key is encrypted
+! using one or more public keys, this allows the same encrypted data to be
+! decrypted using any of the corresponding private keys. B<ek> is an array of
+! buffers where the public key encrypted secret key will be written, each buffer
+! must contain enough room for the corresponding encrypted key: that is
+  B<ek[i]> must have room for B<EVP_PKEY_size(pubk[i])> bytes. The actual
+  size of each encrypted secret key is written to the array B<ekl>. B<pubk> is
+  an array of B<npubk> public keys.
++ 
++ The B<iv> parameter is a buffer where the generated IV is written to. It must
++ contain enough room for the corresponding cipher's IV, as determined by (for
++ example) EVP_CIPHER_iv_length(type).
++ 
++ If the cipher does not require an IV then the B<iv> parameter is ignored
++ and can be B<NULL>.
+  
+  EVP_SealUpdate() and EVP_SealFinal() have exactly the same properties
+  as the EVP_EncryptUpdate() and EVP_EncryptFinal() routines, as 
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/standards.txt ../RELENG_4/crypto/openssl/doc/standards.txt
+*** crypto/openssl/doc/standards.txt	Mon Feb 24 20:42:48 2003
+--- ../RELENG_4/crypto/openssl/doc/standards.txt	Mon Feb 24 21:14:57 2003
+***************
+*** 45,54 ****
+  2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
+       March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
+  
+- 2437 PKCS #1: RSA Cryptography Specifications Version 2.0. B. Kaliski,
+-      J. Staddon. October 1998. (Format: TXT=73529 bytes) (Obsoletes
+-      RFC2313) (Status: INFORMATIONAL)
+- 
+  PKCS#8: Private-Key Information Syntax Standard
+  
+  PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
+--- 45,50 ----
+***************
+*** 86,91 ****
+--- 82,92 ----
+       Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
+       Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
+       RFC2459) (Status: PROPOSED STANDARD)
++ 
++ 3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
++      Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
++      (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:           
++      INFORMATIONAL)                                         
+  
+  
+  Related:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/openssl.spec ../RELENG_4/crypto/openssl/openssl.spec
+*** crypto/openssl/openssl.spec	Mon Feb 24 20:42:40 2003
+--- ../RELENG_4/crypto/openssl/openssl.spec	Mon Feb 24 21:14:49 2003
+***************
+*** 1,15 ****
+  %define libmaj 0
+  %define libmin 9
+  %define librel 7
+! #%define librev a
+  Release: 1
+  
+  %define openssldir /var/ssl
+  
+  Summary: Secure Sockets Layer and cryptography libraries and tools
+  Name: openssl
+! Version: %{libmaj}.%{libmin}.%{librel}
+! #Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+  Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+  Copyright: Freely distributable
+  Group: System Environment/Libraries
+--- 1,15 ----
+  %define libmaj 0
+  %define libmin 9
+  %define librel 7
+! %define librev a
+  Release: 1
+  
+  %define openssldir /var/ssl
+  
+  Summary: Secure Sockets Layer and cryptography libraries and tools
+  Name: openssl
+! #Version: %{libmaj}.%{libmin}.%{librel}
+! Version: %{libmaj}.%{libmin}.%{librel}%{librev}
+  Source0: ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
+  Copyright: Freely distributable
+  Group: System Environment/Libraries
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/bio_ssl.c ../RELENG_4/crypto/openssl/ssl/bio_ssl.c
+*** crypto/openssl/ssl/bio_ssl.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/bio_ssl.c	Mon Feb 24 21:14:59 2003
+***************
+*** 403,408 ****
+--- 403,412 ----
+  			{
+  			BIO_free_all(ssl->wbio);
+  			}
++ 		if (b->next_bio != NULL)
++ 			{
++ 			CRYPTO_add(&b->next_bio->references,1,CRYPTO_LOCK_BIO);
++ 			}
+  		ssl->wbio=NULL;
+  		ssl->rbio=NULL;
+  		break;
+***************
+*** 509,514 ****
+--- 513,519 ----
+  
+  BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
+  	{
++ #ifndef OPENSSL_NO_SOCK
+  	BIO *ret=NULL,*buf=NULL,*ssl=NULL;
+  
+  	if ((buf=BIO_new(BIO_f_buffer())) == NULL)
+***************
+*** 521,526 ****
+--- 526,532 ----
+  err:
+  	if (buf != NULL) BIO_free(buf);
+  	if (ssl != NULL) BIO_free(ssl);
++ #endif
+  	return(NULL);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_clnt.c ../RELENG_4/crypto/openssl/ssl/s2_clnt.c
+*** crypto/openssl/ssl/s2_clnt.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/s2_clnt.c	Mon Feb 24 21:14:59 2003
+***************
+*** 1021,1027 ****
+  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+  			{
+  			if ((s->session->session_id_length > sizeof s->session->session_id)
+! 			    || (0 != memcmp(buf, s->session->session_id,
+  			                    (unsigned int)s->session->session_id_length)))
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+--- 1021,1027 ----
+  		if (!(s->options & SSL_OP_MICROSOFT_SESS_ID_BUG))
+  			{
+  			if ((s->session->session_id_length > sizeof s->session->session_id)
+! 			    || (0 != memcmp(buf + 1, s->session->session_id,
+  			                    (unsigned int)s->session->session_id_length)))
+  				{
+  				ssl2_return_error(s,SSL2_PE_UNDEFINED_ERROR);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_both.c ../RELENG_4/crypto/openssl/ssl/s3_both.c
+*** crypto/openssl/ssl/s3_both.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/s3_both.c	Mon Feb 24 21:14:59 2003
+***************
+*** 268,273 ****
+--- 268,280 ----
+  	X509_STORE_CTX xs_ctx;
+  	X509_OBJECT obj;
+  
++ 	int no_chain;
++ 
++ 	if ((s->mode & SSL_MODE_NO_AUTO_CHAIN) || s->ctx->extra_certs)
++ 		no_chain = 1;
++ 	else
++ 		no_chain = 0;
++ 
+  	/* TLSv1 sends a chain with nothing in it, instead of an alert */
+  	buf=s->init_buf;
+  	if (!BUF_MEM_grow_clean(buf,10))
+***************
+*** 277,283 ****
+  		}
+  	if (x != NULL)
+  		{
+! 		if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+  			{
+  			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+  			return(0);
+--- 284,290 ----
+  		}
+  	if (x != NULL)
+  		{
+! 		if(!no_chain && !X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL))
+  			{
+  			SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB);
+  			return(0);
+***************
+*** 295,300 ****
+--- 302,311 ----
+  			l2n3(n,p);
+  			i2d_X509(x,&p);
+  			l+=n+3;
++ 
++ 			if (no_chain)
++ 				break;
++ 
+  			if (X509_NAME_cmp(X509_get_subject_name(x),
+  				X509_get_issuer_name(x)) == 0) break;
+  
+***************
+*** 306,313 ****
+  			 * ref count */
+  			X509_free(x);
+  			}
+! 
+! 		X509_STORE_CTX_cleanup(&xs_ctx);
+  		}
+  
+  	/* Thawte special :-) */
+--- 317,324 ----
+  			 * ref count */
+  			X509_free(x);
+  			}
+! 		if (!no_chain)
+! 			X509_STORE_CTX_cleanup(&xs_ctx);
+  		}
+  
+  	/* Thawte special :-) */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_enc.c ../RELENG_4/crypto/openssl/ssl/s3_enc.c
+*** crypto/openssl/ssl/s3_enc.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/s3_enc.c	Mon Feb 24 21:14:59 2003
+***************
+*** 474,479 ****
+--- 474,480 ----
+  				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+  				return 0;
+  				}
++ 			/* otherwise, rec->length >= bs */
+  			}
+  		
+  		EVP_Cipher(ds,rec->data,rec->input,l);
+***************
+*** 482,488 ****
+  			{
+  			i=rec->data[l-1]+1;
+  			/* SSL 3.0 bounds the number of padding bytes by the block size;
+! 			 * padding bytes (except that last) are arbitrary */
+  			if (i > bs)
+  				{
+  				/* Incorrect padding. SSLerr() and ssl3_alert are done
+--- 483,489 ----
+  			{
+  			i=rec->data[l-1]+1;
+  			/* SSL 3.0 bounds the number of padding bytes by the block size;
+! 			 * padding bytes (except the last one) are arbitrary */
+  			if (i > bs)
+  				{
+  				/* Incorrect padding. SSLerr() and ssl3_alert are done
+***************
+*** 491,496 ****
+--- 492,498 ----
+  				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+  				return -1;
+  				}
++ 			/* now i <= bs <= rec->length */
+  			rec->length-=i;
+  			}
+  		}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_pkt.c ../RELENG_4/crypto/openssl/ssl/s3_pkt.c
+*** crypto/openssl/ssl/s3_pkt.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/s3_pkt.c	Mon Feb 24 21:14:59 2003
+***************
+*** 238,243 ****
+--- 238,245 ----
+  	unsigned int mac_size;
+  	int clear=0;
+  	size_t extra;
++ 	int decryption_failed_or_bad_record_mac = 0;
++ 	unsigned char *mac = NULL;
+  
+  	rr= &(s->s3->rrec);
+  	sess=s->session;
+***************
+*** 353,360 ****
+  			/* SSLerr() and ssl3_send_alert() have been called */
+  			goto err;
+  
+! 		/* otherwise enc_err == -1 */
+! 		goto decryption_failed_or_bad_record_mac;
+  		}
+  
+  #ifdef TLS_DEBUG
+--- 355,365 ----
+  			/* SSLerr() and ssl3_send_alert() have been called */
+  			goto err;
+  
+! 		/* Otherwise enc_err == -1, which indicates bad padding
+! 		 * (rec->length has not been changed in this case).
+! 		 * To minimize information leaked via timing, we will perform
+! 		 * the MAC computation anyway. */
+! 		decryption_failed_or_bad_record_mac = 1;
+  		}
+  
+  #ifdef TLS_DEBUG
+***************
+*** 380,407 ****
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  #else
+! 			goto decryption_failed_or_bad_record_mac;
+  #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length < mac_size)
+  			{
+  #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  #else
+! 			goto decryption_failed_or_bad_record_mac;
+  #endif
+  			}
+- 		rr->length-=mac_size;
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+  			{
+! 			goto decryption_failed_or_bad_record_mac;
+  			}
+  		}
+  
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+--- 385,430 ----
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  #else
+! 			decryption_failed_or_bad_record_mac = 1;
+  #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length >= mac_size)
+  			{
++ 			rr->length -= mac_size;
++ 			mac = &rr->data[rr->length];
++ 			}
++ 		else
++ 			{
++ 			/* record (minus padding) is too short to contain a MAC */
+  #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  #else
+! 			decryption_failed_or_bad_record_mac = 1;
+! 			rr->length = 0;
+  #endif
+  			}
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+  			{
+! 			decryption_failed_or_bad_record_mac = 1;
+  			}
+  		}
+  
++ 	if (decryption_failed_or_bad_record_mac)
++ 		{
++ 		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
++ 		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
++ 		 * failure is directly visible from the ciphertext anyway,
++ 		 * we should not reveal which kind of error occured -- this
++ 		 * might become visible to an attacker (e.g. via a logfile) */
++ 		al=SSL_AD_BAD_RECORD_MAC;
++ 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
++ 		goto f_err;
++ 		}
++ 
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+***************
+*** 443,456 ****
+  
+  	return(1);
+  
+- decryption_failed_or_bad_record_mac:
+- 	/* Separate 'decryption_failed' alert was introduced with TLS 1.0,
+- 	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+- 	 * failure is directly visible from the ciphertext anyway,
+- 	 * we should not reveal which kind of error occured -- this
+- 	 * might become visible to an attacker (e.g. via logfile) */
+- 	al=SSL_AD_BAD_RECORD_MAC;
+- 	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+  f_err:
+  	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+  err:
+--- 466,471 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl.h ../RELENG_4/crypto/openssl/ssl/ssl.h
+*** crypto/openssl/ssl/ssl.h	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/ssl.h	Mon Feb 24 21:14:59 2003
+***************
+*** 521,526 ****
+--- 521,528 ----
+  /* Never bother the application with retries if the transport
+   * is blocking: */
+  #define SSL_MODE_AUTO_RETRY 0x00000004L
++ /* Don't attempt to automatically build certificate chain */
++ #define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
+  
+  
+  /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
+***************
+*** 1227,1238 ****
+  STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
+  int	SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+  					    const char *file);
+- #ifndef OPENSSL_SYS_WIN32
+  #ifndef OPENSSL_SYS_VMS
+  #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */
+  int	SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
+  					   const char *dir);
+- #endif
+  #endif
+  #endif
+  
+--- 1229,1238 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_cert.c ../RELENG_4/crypto/openssl/ssl/ssl_cert.c
+*** crypto/openssl/ssl/ssl_cert.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/ssl_cert.c	Mon Feb 24 21:14:59 2003
+***************
+*** 781,787 ****
+  #endif
+  #endif
+  
+! #else
+  
+  int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+  				       const char *dir)
+--- 781,787 ----
+  #endif
+  #endif
+  
+! #else /* OPENSSL_SYS_WIN32 */
+  
+  int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
+  				       const char *dir)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_lib.c ../RELENG_4/crypto/openssl/ssl/ssl_lib.c
+*** crypto/openssl/ssl/ssl_lib.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/ssl_lib.c	Mon Feb 24 21:14:59 2003
+***************
+*** 1069,1082 ****
+   * preference */
+  STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
+  	{
+! 	if ((s != NULL) && (s->cipher_list != NULL))
+  		{
+! 		return(s->cipher_list);
+! 		}
+! 	else if ((s->ctx != NULL) &&
+! 		(s->ctx->cipher_list != NULL))
+! 		{
+! 		return(s->ctx->cipher_list);
+  		}
+  	return(NULL);
+  	}
+--- 1069,1085 ----
+   * preference */
+  STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s)
+  	{
+! 	if (s != NULL)
+  		{
+! 		if (s->cipher_list != NULL)
+! 			{
+! 			return(s->cipher_list);
+! 			}
+! 		else if ((s->ctx != NULL) &&
+! 			(s->ctx->cipher_list != NULL))
+! 			{
+! 			return(s->ctx->cipher_list);
+! 			}
+  		}
+  	return(NULL);
+  	}
+***************
+*** 1085,1098 ****
+   * algorithm id */
+  STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+  	{
+! 	if ((s != NULL) && (s->cipher_list_by_id != NULL))
+  		{
+! 		return(s->cipher_list_by_id);
+! 		}
+! 	else if ((s != NULL) && (s->ctx != NULL) &&
+! 		(s->ctx->cipher_list_by_id != NULL))
+! 		{
+! 		return(s->ctx->cipher_list_by_id);
+  		}
+  	return(NULL);
+  	}
+--- 1088,1104 ----
+   * algorithm id */
+  STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s)
+  	{
+! 	if (s != NULL)
+  		{
+! 		if (s->cipher_list_by_id != NULL)
+! 			{
+! 			return(s->cipher_list_by_id);
+! 			}
+! 		else if ((s->ctx != NULL) &&
+! 			(s->ctx->cipher_list_by_id != NULL))
+! 			{
+! 			return(s->ctx->cipher_list_by_id);
+! 			}
+  		}
+  	return(NULL);
+  	}
+***************
+*** 1890,1895 ****
+--- 1896,1902 ----
+  		 * they should not both point to the same object,
+  		 * and thus we can't use SSL_copy_session_id. */
+  
++ 		ret->method->ssl_free(ret);
+  		ret->method = s->method;
+  		ret->method->ssl_new(ret);
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssltest.c ../RELENG_4/crypto/openssl/ssl/ssltest.c
+*** crypto/openssl/ssl/ssltest.c	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/ssl/ssltest.c	Mon Feb 24 21:14:59 2003
+***************
+*** 128,134 ****
+--- 128,136 ----
+  #include <openssl/evp.h>
+  #include <openssl/x509.h>
+  #include <openssl/ssl.h>
++ #ifndef OPENSSL_NO_ENGINE
+  #include <openssl/engine.h>
++ #endif
+  #include <openssl/err.h>
+  #include <openssl/rand.h>
+  
+***************
+*** 760,766 ****
+--- 762,770 ----
+  #ifndef OPENSSL_NO_RSA
+  	free_tmp_rsa();
+  #endif
++ #ifndef OPENSSL_NO_ENGINE
+  	ENGINE_cleanup();
++ #endif
+  	CRYPTO_cleanup_all_ex_data();
+  	ERR_free_strings();
+  	ERR_remove_state(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/Makefile.ssl ../RELENG_4/crypto/openssl/test/Makefile.ssl
+*** crypto/openssl/test/Makefile.ssl	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/test/Makefile.ssl	Mon Feb 24 21:14:59 2003
+***************
+*** 15,20 ****
+--- 15,23 ----
+  MAKEDEPPROG=	makedepend
+  MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
+  PERL=		perl
++ # KRB5 stuff
++ KRB5_INCLUDES=
++ LIBKRB5=
+  
+  PEX_LIBS=
+  EX_LIBS= #-lnsl -lsocket
+***************
+*** 119,132 ****
+  	@(cd ..; $(MAKE) DIRS=apps all)
+  
+  SET_SO_PATHS=LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$$LIBPATH"; DYLD_LIBRARY_PATH="$$LIBPATH"; SHLIB_PATH="$$LIBPATH"; \
+! 		if [ "$(PLATFORM)" = "DJGPP" ]; then PATH="$$LIBPATH\;$$PATH";  \
+! 		elif [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH
+  
+  alltests: \
+  	test_des test_idea test_sha test_md4 test_md5 test_hmac \
+  	test_md2 test_mdc2 \
+! 	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_rd \
+  	test_rand test_bn test_ec test_enc test_x509 test_rsa test_crl test_sid \
+  	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
+  	test_ss test_ca test_engine test_evp test_ssl
+--- 122,134 ----
+  	@(cd ..; $(MAKE) DIRS=apps all)
+  
+  SET_SO_PATHS=LIBPATH="`cd ..; pwd`"; LD_LIBRARY_PATH="$$LIBPATH"; DYLD_LIBRARY_PATH="$$LIBPATH"; SHLIB_PATH="$$LIBPATH"; \
+! 		if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="$${LIBPATH}:$$PATH"; fi; \
+  		export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH
+  
+  alltests: \
+  	test_des test_idea test_sha test_md4 test_md5 test_hmac \
+  	test_md2 test_mdc2 \
+! 	test_rmd test_rc2 test_rc4 test_rc5 test_bf test_cast test_aes \
+  	test_rand test_bn test_ec test_enc test_x509 test_rsa test_crl test_sid \
+  	test_gen test_req test_pkcs7 test_verify test_dh test_dsa \
+  	test_ss test_ca test_engine test_evp test_ssl
+***************
+*** 260,268 ****
+  	  sh ./testca; \
+   	fi
+  
+! test_rd: #$(RDTEST)
+  #	@echo "test Rijndael"
+! #	$(SET_SO_PATHS); ./$(RDTEST)
+  
+  lint:
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+--- 262,270 ----
+  	  sh ./testca; \
+   	fi
+  
+! test_aes: #$(AESTEST)
+  #	@echo "test Rijndael"
+! #	$(SET_SO_PATHS); ./$(AESTEST)
+  
+  lint:
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+***************
+*** 465,478 ****
+  	  $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+  	fi
+  	
+! #$(RDTEST).o: $(RDTEST).c
+! #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(RDTEST).c
+  
+! #$(RDTEST): $(RDTEST).o $(DLIBCRYPTO)
+  #	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+! #	  $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+  #	else \
+! #	  $(CC) -o $(RDTEST) $(CFLAGS) $(RDTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+  #	fi
+  
+  dummytest: dummytest.o $(DLIBCRYPTO)
+--- 467,480 ----
+  	  $(CC) -o $(EVPTEST) $(CFLAGS) $(EVPTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+  	fi
+  	
+! #$(AESTEST).o: $(AESTEST).c
+! #	$(CC) -c $(CFLAGS) -DINTERMEDIATE_VALUE_KAT -DTRACE_KAT_MCT $(AESTEST).c
+  
+! #$(AESTEST): $(AESTEST).o $(DLIBCRYPTO)
+  #	if [ "$(SHLIB_TARGET)" = "hpux-shared" -o "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
+! #	  $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(DLIBCRYPTO) $(EX_LIBS) ; \
+  #	else \
+! #	  $(CC) -o $(AESTEST) $(CFLAGS) $(AESTEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
+  #	fi
+  
+  dummytest: dummytest.o $(DLIBCRYPTO)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/testgen ../RELENG_4/crypto/openssl/test/testgen
+*** crypto/openssl/test/testgen	Mon Feb 24 20:42:50 2003
+--- ../RELENG_4/crypto/openssl/test/testgen	Mon Feb 24 21:14:59 2003
+***************
+*** 27,32 ****
+--- 27,34 ----
+  
+  echo "This could take some time."
+  
++ rm -f testkey.pem testreq.pem
++ 
+  ../apps/openssl req -config test.cnf $req_new -out testreq.pem
+  if [ $? != 0 ]; then
+  echo problems creating request
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/bat.sh ../RELENG_4/crypto/openssl/util/bat.sh
+*** crypto/openssl/util/bat.sh	Mon Feb 24 20:42:51 2003
+--- ../RELENG_4/crypto/openssl/util/bat.sh	Mon Feb 24 21:15:00 2003
+***************
+*** 62,67 ****
+--- 62,68 ----
+  	local($dir,$val)=@_;
+  	local(@a,$_,$ret);
+  
++ 	return("") if $no_engine && $dir =~ /\/engine/;
+  	return("") if $no_idea && $dir =~ /\/idea/;
+  	return("") if $no_rc2  && $dir =~ /\/rc2/;
+  	return("") if $no_rc4  && $dir =~ /\/rc4/;
+***************
+*** 116,121 ****
+--- 117,123 ----
+  	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+  	@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+  
++ 	@a=grep(!/^engine$/,@a) if $no_engine;
+  	@a=grep(!/(^rsa$)|(^genrsa$)|(^req$)|(^ca$)/,@a) if $no_rsa;
+  	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+  	@a=grep(!/^gendsa$/,@a) if $no_sha1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/libeay.num ../RELENG_4/crypto/openssl/util/libeay.num
+*** crypto/openssl/util/libeay.num	Mon Feb 24 20:42:51 2003
+--- ../RELENG_4/crypto/openssl/util/libeay.num	Mon Feb 24 21:15:00 2003
+***************
+*** 1881,1952 ****
+  BN_bntest_rand                          2464	EXIST::FUNCTION:
+  OPENSSL_issetugid                       2465	EXIST::FUNCTION:
+  BN_rand_range                           2466	EXIST::FUNCTION:
+! ERR_load_ENGINE_strings                 2467	EXIST::FUNCTION:
+! ENGINE_set_DSA                          2468	EXIST::FUNCTION:
+! ENGINE_get_finish_function              2469	EXIST::FUNCTION:
+! ENGINE_get_default_RSA                  2470	EXIST::FUNCTION:
+  ENGINE_get_BN_mod_exp                   2471	NOEXIST::FUNCTION:
+  DSA_get_default_openssl_method          2472	NOEXIST::FUNCTION:
+! ENGINE_set_DH                           2473	EXIST::FUNCTION:
+  ENGINE_set_def_BN_mod_exp_crt           2474	NOEXIST::FUNCTION:
+  ENGINE_set_default_BN_mod_exp_crt       2474	NOEXIST::FUNCTION:
+! ENGINE_init                             2475	EXIST::FUNCTION:
+  DH_get_default_openssl_method           2476	NOEXIST::FUNCTION:
+  RSA_set_default_openssl_method          2477	NOEXIST::FUNCTION:
+! ENGINE_finish                           2478	EXIST::FUNCTION:
+! ENGINE_load_public_key                  2479	EXIST::FUNCTION:
+! ENGINE_get_DH                           2480	EXIST::FUNCTION:
+! ENGINE_ctrl                             2481	EXIST::FUNCTION:
+! ENGINE_get_init_function                2482	EXIST::FUNCTION:
+! ENGINE_set_init_function                2483	EXIST::FUNCTION:
+! ENGINE_set_default_DSA                  2484	EXIST::FUNCTION:
+! ENGINE_get_name                         2485	EXIST::FUNCTION:
+! ENGINE_get_last                         2486	EXIST::FUNCTION:
+! ENGINE_get_prev                         2487	EXIST::FUNCTION:
+! ENGINE_get_default_DH                   2488	EXIST::FUNCTION:
+! ENGINE_get_RSA                          2489	EXIST::FUNCTION:
+! ENGINE_set_default                      2490	EXIST::FUNCTION:
+! ENGINE_get_RAND                         2491	EXIST::FUNCTION:
+! ENGINE_get_first                        2492	EXIST::FUNCTION:
+! ENGINE_by_id                            2493	EXIST::FUNCTION:
+! ENGINE_set_finish_function              2494	EXIST::FUNCTION:
+  ENGINE_get_def_BN_mod_exp_crt           2495	NOEXIST::FUNCTION:
+  ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
+  RSA_get_default_openssl_method          2496	NOEXIST::FUNCTION:
+! ENGINE_set_RSA                          2497	EXIST::FUNCTION:
+! ENGINE_load_private_key                 2498	EXIST::FUNCTION:
+! ENGINE_set_default_RAND                 2499	EXIST::FUNCTION:
+  ENGINE_set_BN_mod_exp                   2500	NOEXIST::FUNCTION:
+! ENGINE_remove                           2501	EXIST::FUNCTION:
+! ENGINE_free                             2502	EXIST::FUNCTION:
+  ENGINE_get_BN_mod_exp_crt               2503	NOEXIST::FUNCTION:
+! ENGINE_get_next                         2504	EXIST::FUNCTION:
+! ENGINE_set_name                         2505	EXIST::FUNCTION:
+! ENGINE_get_default_DSA                  2506	EXIST::FUNCTION:
+  ENGINE_set_default_BN_mod_exp           2507	NOEXIST::FUNCTION:
+! ENGINE_set_default_RSA                  2508	EXIST::FUNCTION:
+! ENGINE_get_default_RAND                 2509	EXIST::FUNCTION:
+  ENGINE_get_default_BN_mod_exp           2510	NOEXIST::FUNCTION:
+! ENGINE_set_RAND                         2511	EXIST::FUNCTION:
+! ENGINE_set_id                           2512	EXIST::FUNCTION:
+  ENGINE_set_BN_mod_exp_crt               2513	NOEXIST::FUNCTION:
+! ENGINE_set_default_DH                   2514	EXIST::FUNCTION:
+! ENGINE_new                              2515	EXIST::FUNCTION:
+! ENGINE_get_id                           2516	EXIST::FUNCTION:
+  DSA_set_default_openssl_method          2517	NOEXIST::FUNCTION:
+! ENGINE_add                              2518	EXIST::FUNCTION:
+  DH_set_default_openssl_method           2519	NOEXIST::FUNCTION:
+! ENGINE_get_DSA                          2520	EXIST::FUNCTION:
+! ENGINE_get_ctrl_function                2521	EXIST::FUNCTION:
+! ENGINE_set_ctrl_function                2522	EXIST::FUNCTION:
+  BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
+  X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
+  ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
+  PKCS12_item_decrypt_d2i                 2526	EXIST::FUNCTION:
+  ASN1_UTF8STRING_it                      2527	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_UTF8STRING_it                      2527	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_unregister_ciphers               2528	EXIST::FUNCTION:
+! ENGINE_get_ciphers                      2529	EXIST::FUNCTION:
+  d2i_OCSP_BASICRESP                      2530	EXIST::FUNCTION:
+  KRB5_CHECKSUM_it                        2531	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_CHECKSUM_it                        2531	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 1881,1952 ----
+  BN_bntest_rand                          2464	EXIST::FUNCTION:
+  OPENSSL_issetugid                       2465	EXIST::FUNCTION:
+  BN_rand_range                           2466	EXIST::FUNCTION:
+! ERR_load_ENGINE_strings                 2467	EXIST::FUNCTION:ENGINE
+! ENGINE_set_DSA                          2468	EXIST::FUNCTION:ENGINE
+! ENGINE_get_finish_function              2469	EXIST::FUNCTION:ENGINE
+! ENGINE_get_default_RSA                  2470	EXIST::FUNCTION:ENGINE
+  ENGINE_get_BN_mod_exp                   2471	NOEXIST::FUNCTION:
+  DSA_get_default_openssl_method          2472	NOEXIST::FUNCTION:
+! ENGINE_set_DH                           2473	EXIST::FUNCTION:ENGINE
+  ENGINE_set_def_BN_mod_exp_crt           2474	NOEXIST::FUNCTION:
+  ENGINE_set_default_BN_mod_exp_crt       2474	NOEXIST::FUNCTION:
+! ENGINE_init                             2475	EXIST::FUNCTION:ENGINE
+  DH_get_default_openssl_method           2476	NOEXIST::FUNCTION:
+  RSA_set_default_openssl_method          2477	NOEXIST::FUNCTION:
+! ENGINE_finish                           2478	EXIST::FUNCTION:ENGINE
+! ENGINE_load_public_key                  2479	EXIST::FUNCTION:ENGINE
+! ENGINE_get_DH                           2480	EXIST::FUNCTION:ENGINE
+! ENGINE_ctrl                             2481	EXIST::FUNCTION:ENGINE
+! ENGINE_get_init_function                2482	EXIST::FUNCTION:ENGINE
+! ENGINE_set_init_function                2483	EXIST::FUNCTION:ENGINE
+! ENGINE_set_default_DSA                  2484	EXIST::FUNCTION:ENGINE
+! ENGINE_get_name                         2485	EXIST::FUNCTION:ENGINE
+! ENGINE_get_last                         2486	EXIST::FUNCTION:ENGINE
+! ENGINE_get_prev                         2487	EXIST::FUNCTION:ENGINE
+! ENGINE_get_default_DH                   2488	EXIST::FUNCTION:ENGINE
+! ENGINE_get_RSA                          2489	EXIST::FUNCTION:ENGINE
+! ENGINE_set_default                      2490	EXIST::FUNCTION:ENGINE
+! ENGINE_get_RAND                         2491	EXIST::FUNCTION:ENGINE
+! ENGINE_get_first                        2492	EXIST::FUNCTION:ENGINE
+! ENGINE_by_id                            2493	EXIST::FUNCTION:ENGINE
+! ENGINE_set_finish_function              2494	EXIST::FUNCTION:ENGINE
+  ENGINE_get_def_BN_mod_exp_crt           2495	NOEXIST::FUNCTION:
+  ENGINE_get_default_BN_mod_exp_crt       2495	NOEXIST::FUNCTION:
+  RSA_get_default_openssl_method          2496	NOEXIST::FUNCTION:
+! ENGINE_set_RSA                          2497	EXIST::FUNCTION:ENGINE
+! ENGINE_load_private_key                 2498	EXIST::FUNCTION:ENGINE
+! ENGINE_set_default_RAND                 2499	EXIST::FUNCTION:ENGINE
+  ENGINE_set_BN_mod_exp                   2500	NOEXIST::FUNCTION:
+! ENGINE_remove                           2501	EXIST::FUNCTION:ENGINE
+! ENGINE_free                             2502	EXIST::FUNCTION:ENGINE
+  ENGINE_get_BN_mod_exp_crt               2503	NOEXIST::FUNCTION:
+! ENGINE_get_next                         2504	EXIST::FUNCTION:ENGINE
+! ENGINE_set_name                         2505	EXIST::FUNCTION:ENGINE
+! ENGINE_get_default_DSA                  2506	EXIST::FUNCTION:ENGINE
+  ENGINE_set_default_BN_mod_exp           2507	NOEXIST::FUNCTION:
+! ENGINE_set_default_RSA                  2508	EXIST::FUNCTION:ENGINE
+! ENGINE_get_default_RAND                 2509	EXIST::FUNCTION:ENGINE
+  ENGINE_get_default_BN_mod_exp           2510	NOEXIST::FUNCTION:
+! ENGINE_set_RAND                         2511	EXIST::FUNCTION:ENGINE
+! ENGINE_set_id                           2512	EXIST::FUNCTION:ENGINE
+  ENGINE_set_BN_mod_exp_crt               2513	NOEXIST::FUNCTION:
+! ENGINE_set_default_DH                   2514	EXIST::FUNCTION:ENGINE
+! ENGINE_new                              2515	EXIST::FUNCTION:ENGINE
+! ENGINE_get_id                           2516	EXIST::FUNCTION:ENGINE
+  DSA_set_default_openssl_method          2517	NOEXIST::FUNCTION:
+! ENGINE_add                              2518	EXIST::FUNCTION:ENGINE
+  DH_set_default_openssl_method           2519	NOEXIST::FUNCTION:
+! ENGINE_get_DSA                          2520	EXIST::FUNCTION:ENGINE
+! ENGINE_get_ctrl_function                2521	EXIST::FUNCTION:ENGINE
+! ENGINE_set_ctrl_function                2522	EXIST::FUNCTION:ENGINE
+  BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
+  X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
+  ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
+  PKCS12_item_decrypt_d2i                 2526	EXIST::FUNCTION:
+  ASN1_UTF8STRING_it                      2527	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_UTF8STRING_it                      2527	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_unregister_ciphers               2528	EXIST::FUNCTION:ENGINE
+! ENGINE_get_ciphers                      2529	EXIST::FUNCTION:ENGINE
+  d2i_OCSP_BASICRESP                      2530	EXIST::FUNCTION:
+  KRB5_CHECKSUM_it                        2531	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_CHECKSUM_it                        2531	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 1959,1973 ****
+  PKCS7_ENVELOPE_it                       2537	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS7_ENVELOPE_it                       2537	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_add_input_boolean                    2538	EXIST::FUNCTION:
+! ENGINE_unregister_RSA                   2539	EXIST::FUNCTION:
+  X509V3_EXT_nconf                        2540	EXIST::FUNCTION:
+  ASN1_GENERALSTRING_free                 2541	EXIST::FUNCTION:
+  d2i_OCSP_CERTSTATUS                     2542	EXIST::FUNCTION:
+  X509_REVOKED_set_serialNumber           2543	EXIST::FUNCTION:
+  X509_print_ex                           2544	EXIST::FUNCTION:BIO
+  OCSP_ONEREQ_get1_ext_d2i                2545	EXIST::FUNCTION:
+! ENGINE_register_all_RAND                2546	EXIST::FUNCTION:
+! ENGINE_load_dynamic                     2547	EXIST::FUNCTION:
+  PBKDF2PARAM_it                          2548	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PBKDF2PARAM_it                          2548	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  EXTENDED_KEY_USAGE_new                  2549	EXIST::FUNCTION:
+--- 1959,1973 ----
+  PKCS7_ENVELOPE_it                       2537	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS7_ENVELOPE_it                       2537	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_add_input_boolean                    2538	EXIST::FUNCTION:
+! ENGINE_unregister_RSA                   2539	EXIST::FUNCTION:ENGINE
+  X509V3_EXT_nconf                        2540	EXIST::FUNCTION:
+  ASN1_GENERALSTRING_free                 2541	EXIST::FUNCTION:
+  d2i_OCSP_CERTSTATUS                     2542	EXIST::FUNCTION:
+  X509_REVOKED_set_serialNumber           2543	EXIST::FUNCTION:
+  X509_print_ex                           2544	EXIST::FUNCTION:BIO
+  OCSP_ONEREQ_get1_ext_d2i                2545	EXIST::FUNCTION:
+! ENGINE_register_all_RAND                2546	EXIST::FUNCTION:ENGINE
+! ENGINE_load_dynamic                     2547	EXIST::FUNCTION:ENGINE
+  PBKDF2PARAM_it                          2548	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PBKDF2PARAM_it                          2548	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  EXTENDED_KEY_USAGE_new                  2549	EXIST::FUNCTION:
+***************
+*** 1987,1993 ****
+  i2d_ASN1_GENERALSTRING                  2560	EXIST::FUNCTION:
+  OCSP_response_status                    2561	EXIST::FUNCTION:
+  i2d_OCSP_SERVICELOC                     2562	EXIST::FUNCTION:
+! ENGINE_get_digest_engine                2563	EXIST::FUNCTION:
+  EC_GROUP_set_curve_GFp                  2564	EXIST::FUNCTION:EC
+  OCSP_REQUEST_get_ext_by_OBJ             2565	EXIST::FUNCTION:
+  _ossl_old_des_random_key                2566	EXIST::FUNCTION:DES
+--- 1987,1993 ----
+  i2d_ASN1_GENERALSTRING                  2560	EXIST::FUNCTION:
+  OCSP_response_status                    2561	EXIST::FUNCTION:
+  i2d_OCSP_SERVICELOC                     2562	EXIST::FUNCTION:
+! ENGINE_get_digest_engine                2563	EXIST::FUNCTION:ENGINE
+  EC_GROUP_set_curve_GFp                  2564	EXIST::FUNCTION:EC
+  OCSP_REQUEST_get_ext_by_OBJ             2565	EXIST::FUNCTION:
+  _ossl_old_des_random_key                2566	EXIST::FUNCTION:DES
+***************
+*** 2011,2017 ****
+  _shadow_DES_rw_mode                     2581	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+  asn1_do_adb                             2582	EXIST::FUNCTION:
+  ASN1_template_i2d                       2583	EXIST::FUNCTION:
+! ENGINE_register_DH                      2584	EXIST::FUNCTION:
+  UI_construct_prompt                     2585	EXIST::FUNCTION:
+  X509_STORE_set_trust                    2586	EXIST::FUNCTION:
+  UI_dup_input_string                     2587	EXIST::FUNCTION:
+--- 2011,2017 ----
+  _shadow_DES_rw_mode                     2581	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:DES
+  asn1_do_adb                             2582	EXIST::FUNCTION:
+  ASN1_template_i2d                       2583	EXIST::FUNCTION:
+! ENGINE_register_DH                      2584	EXIST::FUNCTION:ENGINE
+  UI_construct_prompt                     2585	EXIST::FUNCTION:
+  X509_STORE_set_trust                    2586	EXIST::FUNCTION:
+  UI_dup_input_string                     2587	EXIST::FUNCTION:
+***************
+*** 2039,2045 ****
+  BN_nnmod                                2606	EXIST::FUNCTION:
+  X509_CRL_sort                           2607	EXIST::FUNCTION:
+  X509_REVOKED_set_revocationDate         2608	EXIST::FUNCTION:
+! ENGINE_register_RAND                    2609	EXIST::FUNCTION:
+  OCSP_SERVICELOC_new                     2610	EXIST::FUNCTION:
+  EC_POINT_set_affine_coordinates_GFp     2611	EXIST:!VMS:FUNCTION:EC
+  EC_POINT_set_affine_coords_GFp          2611	EXIST:VMS:FUNCTION:EC
+--- 2039,2045 ----
+  BN_nnmod                                2606	EXIST::FUNCTION:
+  X509_CRL_sort                           2607	EXIST::FUNCTION:
+  X509_REVOKED_set_revocationDate         2608	EXIST::FUNCTION:
+! ENGINE_register_RAND                    2609	EXIST::FUNCTION:ENGINE
+  OCSP_SERVICELOC_new                     2610	EXIST::FUNCTION:
+  EC_POINT_set_affine_coordinates_GFp     2611	EXIST:!VMS:FUNCTION:EC
+  EC_POINT_set_affine_coords_GFp          2611	EXIST:VMS:FUNCTION:EC
+***************
+*** 2049,2059 ****
+  UI_dup_input_boolean                    2614	EXIST::FUNCTION:
+  PKCS12_add_CSPName_asc                  2615	EXIST::FUNCTION:
+  EC_POINT_is_at_infinity                 2616	EXIST::FUNCTION:EC
+! ENGINE_load_cryptodev                   2617	EXIST::FUNCTION:
+  DSO_convert_filename                    2618	EXIST::FUNCTION:
+  POLICYQUALINFO_it                       2619	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  POLICYQUALINFO_it                       2619	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_register_ciphers                 2620	EXIST::FUNCTION:
+  BN_mod_lshift_quick                     2621	EXIST::FUNCTION:
+  DSO_set_filename                        2622	EXIST::FUNCTION:
+  ASN1_item_free                          2623	EXIST::FUNCTION:
+--- 2049,2059 ----
+  UI_dup_input_boolean                    2614	EXIST::FUNCTION:
+  PKCS12_add_CSPName_asc                  2615	EXIST::FUNCTION:
+  EC_POINT_is_at_infinity                 2616	EXIST::FUNCTION:EC
+! ENGINE_load_cryptodev                   2617	EXIST::FUNCTION:ENGINE
+  DSO_convert_filename                    2618	EXIST::FUNCTION:
+  POLICYQUALINFO_it                       2619	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  POLICYQUALINFO_it                       2619	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_register_ciphers                 2620	EXIST::FUNCTION:ENGINE
+  BN_mod_lshift_quick                     2621	EXIST::FUNCTION:
+  DSO_set_filename                        2622	EXIST::FUNCTION:
+  ASN1_item_free                          2623	EXIST::FUNCTION:
+***************
+*** 2062,2068 ****
+  AUTHORITY_KEYID_it                      2625	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  KRB5_APREQBODY_new                      2626	EXIST::FUNCTION:
+  X509V3_EXT_REQ_add_nconf                2627	EXIST::FUNCTION:
+! ENGINE_ctrl_cmd_string                  2628	EXIST::FUNCTION:
+  i2d_OCSP_RESPDATA                       2629	EXIST::FUNCTION:
+  EVP_MD_CTX_init                         2630	EXIST::FUNCTION:
+  EXTENDED_KEY_USAGE_free                 2631	EXIST::FUNCTION:
+--- 2062,2068 ----
+  AUTHORITY_KEYID_it                      2625	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  KRB5_APREQBODY_new                      2626	EXIST::FUNCTION:
+  X509V3_EXT_REQ_add_nconf                2627	EXIST::FUNCTION:
+! ENGINE_ctrl_cmd_string                  2628	EXIST::FUNCTION:ENGINE
+  i2d_OCSP_RESPDATA                       2629	EXIST::FUNCTION:
+  EVP_MD_CTX_init                         2630	EXIST::FUNCTION:
+  EXTENDED_KEY_USAGE_free                 2631	EXIST::FUNCTION:
+***************
+*** 2071,2078 ****
+  UI_add_error_string                     2633	EXIST::FUNCTION:
+  KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
+! ENGINE_load_ubsec                       2636	EXIST::FUNCTION:
+! ENGINE_register_all_digests             2637	EXIST::FUNCTION:
+  PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  PKCS12_unpack_authsafes                 2639	EXIST::FUNCTION:
+--- 2071,2078 ----
+  UI_add_error_string                     2633	EXIST::FUNCTION:
+  KRB5_CHECKSUM_free                      2634	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext                    2635	EXIST::FUNCTION:
+! ENGINE_load_ubsec                       2636	EXIST::FUNCTION:ENGINE
+! ENGINE_register_all_digests             2637	EXIST::FUNCTION:ENGINE
+  PKEY_USAGE_PERIOD_it                    2638	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKEY_USAGE_PERIOD_it                    2638	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  PKCS12_unpack_authsafes                 2639	EXIST::FUNCTION:
+***************
+*** 2098,2113 ****
+  _ossl_old_des_crypt                     2654	EXIST::FUNCTION:DES
+  ASN1_item_i2d                           2655	EXIST::FUNCTION:
+  EVP_DecryptFinal_ex                     2656	EXIST::FUNCTION:
+! ENGINE_load_openssl                     2657	EXIST::FUNCTION:
+! ENGINE_get_cmd_defns                    2658	EXIST::FUNCTION:
+! ENGINE_set_load_privkey_function        2659	EXIST:!VMS:FUNCTION:
+! ENGINE_set_load_privkey_fn              2659	EXIST:VMS:FUNCTION:
+  EVP_EncryptFinal_ex                     2660	EXIST::FUNCTION:
+! ENGINE_set_default_digests              2661	EXIST::FUNCTION:
+  X509_get0_pubkey_bitstr                 2662	EXIST::FUNCTION:
+  asn1_ex_i2c                             2663	EXIST::FUNCTION:
+! ENGINE_register_RSA                     2664	EXIST::FUNCTION:
+! ENGINE_unregister_DSA                   2665	EXIST::FUNCTION:
+  _ossl_old_des_key_sched                 2666	EXIST::FUNCTION:DES
+  X509_EXTENSION_it                       2667	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_EXTENSION_it                       2667	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2098,2113 ----
+  _ossl_old_des_crypt                     2654	EXIST::FUNCTION:DES
+  ASN1_item_i2d                           2655	EXIST::FUNCTION:
+  EVP_DecryptFinal_ex                     2656	EXIST::FUNCTION:
+! ENGINE_load_openssl                     2657	EXIST::FUNCTION:ENGINE
+! ENGINE_get_cmd_defns                    2658	EXIST::FUNCTION:ENGINE
+! ENGINE_set_load_privkey_function        2659	EXIST:!VMS:FUNCTION:ENGINE
+! ENGINE_set_load_privkey_fn              2659	EXIST:VMS:FUNCTION:ENGINE
+  EVP_EncryptFinal_ex                     2660	EXIST::FUNCTION:
+! ENGINE_set_default_digests              2661	EXIST::FUNCTION:ENGINE
+  X509_get0_pubkey_bitstr                 2662	EXIST::FUNCTION:
+  asn1_ex_i2c                             2663	EXIST::FUNCTION:
+! ENGINE_register_RSA                     2664	EXIST::FUNCTION:ENGINE
+! ENGINE_unregister_DSA                   2665	EXIST::FUNCTION:ENGINE
+  _ossl_old_des_key_sched                 2666	EXIST::FUNCTION:DES
+  X509_EXTENSION_it                       2667	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_EXTENSION_it                       2667	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2120,2126 ****
+  _ossl_old_des_ofb64_encrypt             2673	EXIST::FUNCTION:DES
+  d2i_EXTENDED_KEY_USAGE                  2674	EXIST::FUNCTION:
+  ERR_print_errors_cb                     2675	EXIST::FUNCTION:
+! ENGINE_set_ciphers                      2676	EXIST::FUNCTION:
+  d2i_KRB5_APREQBODY                      2677	EXIST::FUNCTION:
+  UI_method_get_flusher                   2678	EXIST::FUNCTION:
+  X509_PUBKEY_it                          2679	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2120,2126 ----
+  _ossl_old_des_ofb64_encrypt             2673	EXIST::FUNCTION:DES
+  d2i_EXTENDED_KEY_USAGE                  2674	EXIST::FUNCTION:
+  ERR_print_errors_cb                     2675	EXIST::FUNCTION:
+! ENGINE_set_ciphers                      2676	EXIST::FUNCTION:ENGINE
+  d2i_KRB5_APREQBODY                      2677	EXIST::FUNCTION:
+  UI_method_get_flusher                   2678	EXIST::FUNCTION:
+  X509_PUBKEY_it                          2679	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2156,2162 ****
+  _ossl_old_des_decrypt3                  2705	EXIST::FUNCTION:DES
+  X509_signature_print                    2706	EXIST::FUNCTION:EVP
+  OCSP_SINGLERESP_free                    2707	EXIST::FUNCTION:
+! ENGINE_load_builtin_engines             2708	EXIST::FUNCTION:
+  i2d_OCSP_ONEREQ                         2709	EXIST::FUNCTION:
+  OCSP_REQUEST_add_ext                    2710	EXIST::FUNCTION:
+  OCSP_RESPBYTES_new                      2711	EXIST::FUNCTION:
+--- 2156,2162 ----
+  _ossl_old_des_decrypt3                  2705	EXIST::FUNCTION:DES
+  X509_signature_print                    2706	EXIST::FUNCTION:EVP
+  OCSP_SINGLERESP_free                    2707	EXIST::FUNCTION:
+! ENGINE_load_builtin_engines             2708	EXIST::FUNCTION:ENGINE
+  i2d_OCSP_ONEREQ                         2709	EXIST::FUNCTION:
+  OCSP_REQUEST_add_ext                    2710	EXIST::FUNCTION:
+  OCSP_RESPBYTES_new                      2711	EXIST::FUNCTION:
+***************
+*** 2184,2190 ****
+  CERTIFICATEPOLICIES_it                  2728	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  CERTIFICATEPOLICIES_it                  2728	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  _ossl_old_des_ede3_cbc_encrypt          2729	EXIST::FUNCTION:DES
+! RAND_set_rand_engine                    2730	EXIST::FUNCTION:
+  DSO_get_loaded_filename                 2731	EXIST::FUNCTION:
+  X509_ATTRIBUTE_it                       2732	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_ATTRIBUTE_it                       2732	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2184,2190 ----
+  CERTIFICATEPOLICIES_it                  2728	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  CERTIFICATEPOLICIES_it                  2728	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  _ossl_old_des_ede3_cbc_encrypt          2729	EXIST::FUNCTION:DES
+! RAND_set_rand_engine                    2730	EXIST::FUNCTION:ENGINE
+  DSO_get_loaded_filename                 2731	EXIST::FUNCTION:
+  X509_ATTRIBUTE_it                       2732	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_ATTRIBUTE_it                       2732	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2206,2212 ****
+  i2d_OCSP_RESPBYTES                      2745	EXIST::FUNCTION:
+  PKCS12_unpack_p7encdata                 2746	EXIST::FUNCTION:
+  HMAC_CTX_init                           2747	EXIST::FUNCTION:HMAC
+! ENGINE_get_digest                       2748	EXIST::FUNCTION:
+  OCSP_RESPONSE_print                     2749	EXIST::FUNCTION:
+  KRB5_TKTBODY_it                         2750	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_TKTBODY_it                         2750	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2206,2212 ----
+  i2d_OCSP_RESPBYTES                      2745	EXIST::FUNCTION:
+  PKCS12_unpack_p7encdata                 2746	EXIST::FUNCTION:
+  HMAC_CTX_init                           2747	EXIST::FUNCTION:HMAC
+! ENGINE_get_digest                       2748	EXIST::FUNCTION:ENGINE
+  OCSP_RESPONSE_print                     2749	EXIST::FUNCTION:
+  KRB5_TKTBODY_it                         2750	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_TKTBODY_it                         2750	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2219,2234 ****
+  PKCS12_certbag2x509crl                  2754	EXIST::FUNCTION:
+  PKCS7_SIGNED_it                         2755	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS7_SIGNED_it                         2755	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_cipher                       2756	EXIST::FUNCTION:
+  i2d_OCSP_CRLID                          2757	EXIST::FUNCTION:
+  OCSP_SINGLERESP_new                     2758	EXIST::FUNCTION:
+! ENGINE_cmd_is_executable                2759	EXIST::FUNCTION:
+  RSA_up_ref                              2760	EXIST::FUNCTION:RSA
+  ASN1_GENERALSTRING_it                   2761	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_GENERALSTRING_it                   2761	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_register_DSA                     2762	EXIST::FUNCTION:
+  X509V3_EXT_add_nconf_sk                 2763	EXIST::FUNCTION:
+! ENGINE_set_load_pubkey_function         2764	EXIST::FUNCTION:
+  PKCS8_decrypt                           2765	EXIST::FUNCTION:
+  PEM_bytes_read_bio                      2766	EXIST::FUNCTION:BIO
+  DIRECTORYSTRING_it                      2767	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2219,2234 ----
+  PKCS12_certbag2x509crl                  2754	EXIST::FUNCTION:
+  PKCS7_SIGNED_it                         2755	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS7_SIGNED_it                         2755	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_cipher                       2756	EXIST::FUNCTION:ENGINE
+  i2d_OCSP_CRLID                          2757	EXIST::FUNCTION:
+  OCSP_SINGLERESP_new                     2758	EXIST::FUNCTION:
+! ENGINE_cmd_is_executable                2759	EXIST::FUNCTION:ENGINE
+  RSA_up_ref                              2760	EXIST::FUNCTION:RSA
+  ASN1_GENERALSTRING_it                   2761	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_GENERALSTRING_it                   2761	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_register_DSA                     2762	EXIST::FUNCTION:ENGINE
+  X509V3_EXT_add_nconf_sk                 2763	EXIST::FUNCTION:
+! ENGINE_set_load_pubkey_function         2764	EXIST::FUNCTION:ENGINE
+  PKCS8_decrypt                           2765	EXIST::FUNCTION:
+  PEM_bytes_read_bio                      2766	EXIST::FUNCTION:BIO
+  DIRECTORYSTRING_it                      2767	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2265,2271 ****
+  X509_ocspid_print                       2790	EXIST::FUNCTION:BIO
+  KRB5_ENCDATA_it                         2791	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_ENCDATA_it                         2791	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_load_pubkey_function         2792	EXIST::FUNCTION:
+  UI_add_user_data                        2793	EXIST::FUNCTION:
+  OCSP_REQUEST_delete_ext                 2794	EXIST::FUNCTION:
+  UI_get_method                           2795	EXIST::FUNCTION:
+--- 2265,2271 ----
+  X509_ocspid_print                       2790	EXIST::FUNCTION:BIO
+  KRB5_ENCDATA_it                         2791	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_ENCDATA_it                         2791	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_load_pubkey_function         2792	EXIST::FUNCTION:ENGINE
+  UI_add_user_data                        2793	EXIST::FUNCTION:
+  OCSP_REQUEST_delete_ext                 2794	EXIST::FUNCTION:
+  UI_get_method                           2795	EXIST::FUNCTION:
+***************
+*** 2289,2304 ****
+  ASN1_FBOOLEAN_it                        2806	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_set_ex_data                          2807	EXIST::FUNCTION:
+  _ossl_old_des_string_to_key             2808	EXIST::FUNCTION:DES
+! ENGINE_register_all_RSA                 2809	EXIST::FUNCTION:
+  d2i_KRB5_PRINCNAME                      2810	EXIST::FUNCTION:
+  OCSP_RESPBYTES_it                       2811	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPBYTES_it                       2811	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  X509_CINF_it                            2812	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_CINF_it                            2812	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_unregister_digests               2813	EXIST::FUNCTION:
+  d2i_EDIPARTYNAME                        2814	EXIST::FUNCTION:
+  d2i_OCSP_SERVICELOC                     2815	EXIST::FUNCTION:
+! ENGINE_get_digests                      2816	EXIST::FUNCTION:
+  _ossl_old_des_set_odd_parity            2817	EXIST::FUNCTION:DES
+  OCSP_RESPDATA_free                      2818	EXIST::FUNCTION:
+  d2i_KRB5_TICKET                         2819	EXIST::FUNCTION:
+--- 2289,2304 ----
+  ASN1_FBOOLEAN_it                        2806	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_set_ex_data                          2807	EXIST::FUNCTION:
+  _ossl_old_des_string_to_key             2808	EXIST::FUNCTION:DES
+! ENGINE_register_all_RSA                 2809	EXIST::FUNCTION:ENGINE
+  d2i_KRB5_PRINCNAME                      2810	EXIST::FUNCTION:
+  OCSP_RESPBYTES_it                       2811	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPBYTES_it                       2811	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  X509_CINF_it                            2812	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_CINF_it                            2812	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_unregister_digests               2813	EXIST::FUNCTION:ENGINE
+  d2i_EDIPARTYNAME                        2814	EXIST::FUNCTION:
+  d2i_OCSP_SERVICELOC                     2815	EXIST::FUNCTION:
+! ENGINE_get_digests                      2816	EXIST::FUNCTION:ENGINE
+  _ossl_old_des_set_odd_parity            2817	EXIST::FUNCTION:DES
+  OCSP_RESPDATA_free                      2818	EXIST::FUNCTION:
+  d2i_KRB5_TICKET                         2819	EXIST::FUNCTION:
+***************
+*** 2309,2315 ****
+  X509_CRL_set_version                    2823	EXIST::FUNCTION:
+  BN_mod_sub                              2824	EXIST::FUNCTION:
+  OCSP_SINGLERESP_get_ext_by_NID          2825	EXIST::FUNCTION:
+! ENGINE_get_ex_new_index                 2826	EXIST::FUNCTION:
+  OCSP_REQUEST_free                       2827	EXIST::FUNCTION:
+  OCSP_REQUEST_add1_ext_i2d               2828	EXIST::FUNCTION:
+  X509_VAL_it                             2829	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2309,2315 ----
+  X509_CRL_set_version                    2823	EXIST::FUNCTION:
+  BN_mod_sub                              2824	EXIST::FUNCTION:
+  OCSP_SINGLERESP_get_ext_by_NID          2825	EXIST::FUNCTION:
+! ENGINE_get_ex_new_index                 2826	EXIST::FUNCTION:ENGINE
+  OCSP_REQUEST_free                       2827	EXIST::FUNCTION:
+  OCSP_REQUEST_add1_ext_i2d               2828	EXIST::FUNCTION:
+  X509_VAL_it                             2829	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2343,2349 ****
+  i2d_KRB5_APREQBODY                      2853	EXIST::FUNCTION:
+  _ossl_old_des_ecb3_encrypt              2854	EXIST::FUNCTION:DES
+  CRYPTO_get_mem_ex_functions             2855	EXIST::FUNCTION:
+! ENGINE_get_ex_data                      2856	EXIST::FUNCTION:
+  UI_destroy_method                       2857	EXIST::FUNCTION:
+  ASN1_item_i2d_bio                       2858	EXIST::FUNCTION:BIO
+  OCSP_ONEREQ_get_ext_by_OBJ              2859	EXIST::FUNCTION:
+--- 2343,2349 ----
+  i2d_KRB5_APREQBODY                      2853	EXIST::FUNCTION:
+  _ossl_old_des_ecb3_encrypt              2854	EXIST::FUNCTION:DES
+  CRYPTO_get_mem_ex_functions             2855	EXIST::FUNCTION:
+! ENGINE_get_ex_data                      2856	EXIST::FUNCTION:ENGINE
+  UI_destroy_method                       2857	EXIST::FUNCTION:
+  ASN1_item_i2d_bio                       2858	EXIST::FUNCTION:BIO
+  OCSP_ONEREQ_get_ext_by_OBJ              2859	EXIST::FUNCTION:
+***************
+*** 2367,2373 ****
+  PKCS12_SAFEBAGS_it                      2872	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  d2i_OCSP_SIGNATURE                      2873	EXIST::FUNCTION:
+  OCSP_request_add1_nonce                 2874	EXIST::FUNCTION:
+! ENGINE_set_cmd_defns                    2875	EXIST::FUNCTION:
+  OCSP_SERVICELOC_free                    2876	EXIST::FUNCTION:
+  EC_GROUP_free                           2877	EXIST::FUNCTION:EC
+  ASN1_BIT_STRING_it                      2878	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2367,2373 ----
+  PKCS12_SAFEBAGS_it                      2872	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  d2i_OCSP_SIGNATURE                      2873	EXIST::FUNCTION:
+  OCSP_request_add1_nonce                 2874	EXIST::FUNCTION:
+! ENGINE_set_cmd_defns                    2875	EXIST::FUNCTION:ENGINE
+  OCSP_SERVICELOC_free                    2876	EXIST::FUNCTION:
+  EC_GROUP_free                           2877	EXIST::FUNCTION:EC
+  ASN1_BIT_STRING_it                      2878	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2384,2390 ****
+  OCSP_REQUEST_get1_ext_d2i               2886	EXIST::FUNCTION:
+  PKCS12_item_pack_safebag                2887	EXIST::FUNCTION:
+  asn1_ex_c2i                             2888	EXIST::FUNCTION:
+! ENGINE_register_digests                 2889	EXIST::FUNCTION:
+  i2d_OCSP_REVOKEDINFO                    2890	EXIST::FUNCTION:
+  asn1_enc_restore                        2891	EXIST::FUNCTION:
+  UI_free                                 2892	EXIST::FUNCTION:
+--- 2384,2390 ----
+  OCSP_REQUEST_get1_ext_d2i               2886	EXIST::FUNCTION:
+  PKCS12_item_pack_safebag                2887	EXIST::FUNCTION:
+  asn1_ex_c2i                             2888	EXIST::FUNCTION:
+! ENGINE_register_digests                 2889	EXIST::FUNCTION:ENGINE
+  i2d_OCSP_REVOKEDINFO                    2890	EXIST::FUNCTION:
+  asn1_enc_restore                        2891	EXIST::FUNCTION:
+  UI_free                                 2892	EXIST::FUNCTION:
+***************
+*** 2395,2401 ****
+  OCSP_basic_sign                         2897	EXIST::FUNCTION:
+  i2d_OCSP_RESPID                         2898	EXIST::FUNCTION:
+  OCSP_check_nonce                        2899	EXIST::FUNCTION:
+! ENGINE_ctrl_cmd                         2900	EXIST::FUNCTION:
+  d2i_KRB5_ENCKEY                         2901	EXIST::FUNCTION:
+  OCSP_parse_url                          2902	EXIST::FUNCTION:
+  OCSP_SINGLERESP_get_ext                 2903	EXIST::FUNCTION:
+--- 2395,2401 ----
+  OCSP_basic_sign                         2897	EXIST::FUNCTION:
+  i2d_OCSP_RESPID                         2898	EXIST::FUNCTION:
+  OCSP_check_nonce                        2899	EXIST::FUNCTION:
+! ENGINE_ctrl_cmd                         2900	EXIST::FUNCTION:ENGINE
+  d2i_KRB5_ENCKEY                         2901	EXIST::FUNCTION:
+  OCSP_parse_url                          2902	EXIST::FUNCTION:
+  OCSP_SINGLERESP_get_ext                 2903	EXIST::FUNCTION:
+***************
+*** 2403,2414 ****
+  OCSP_BASICRESP_get1_ext_d2i             2905	EXIST::FUNCTION:
+  RSAPrivateKey_it                        2906	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+  RSAPrivateKey_it                        2906	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+! ENGINE_register_all_DH                  2907	EXIST::FUNCTION:
+  i2d_EDIPARTYNAME                        2908	EXIST::FUNCTION:
+  EC_POINT_get_affine_coordinates_GFp     2909	EXIST:!VMS:FUNCTION:EC
+  EC_POINT_get_affine_coords_GFp          2909	EXIST:VMS:FUNCTION:EC
+  OCSP_CRLID_new                          2910	EXIST::FUNCTION:
+! ENGINE_get_flags                        2911	EXIST::FUNCTION:
+  OCSP_ONEREQ_it                          2912	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_ONEREQ_it                          2912	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_process                              2913	EXIST::FUNCTION:
+--- 2403,2414 ----
+  OCSP_BASICRESP_get1_ext_d2i             2905	EXIST::FUNCTION:
+  RSAPrivateKey_it                        2906	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:RSA
+  RSAPrivateKey_it                        2906	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:RSA
+! ENGINE_register_all_DH                  2907	EXIST::FUNCTION:ENGINE
+  i2d_EDIPARTYNAME                        2908	EXIST::FUNCTION:
+  EC_POINT_get_affine_coordinates_GFp     2909	EXIST:!VMS:FUNCTION:EC
+  EC_POINT_get_affine_coords_GFp          2909	EXIST:VMS:FUNCTION:EC
+  OCSP_CRLID_new                          2910	EXIST::FUNCTION:
+! ENGINE_get_flags                        2911	EXIST::FUNCTION:ENGINE
+  OCSP_ONEREQ_it                          2912	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_ONEREQ_it                          2912	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_process                              2913	EXIST::FUNCTION:
+***************
+*** 2416,2423 ****
+  ASN1_INTEGER_it                         2914	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  EVP_CipherInit_ex                       2915	EXIST::FUNCTION:
+  UI_get_string_type                      2916	EXIST::FUNCTION:
+! ENGINE_unregister_DH                    2917	EXIST::FUNCTION:
+! ENGINE_register_all_DSA                 2918	EXIST::FUNCTION:
+  OCSP_ONEREQ_get_ext_by_critical         2919	EXIST::FUNCTION:
+  bn_dup_expand                           2920	EXIST::FUNCTION:
+  OCSP_cert_id_new                        2921	EXIST::FUNCTION:
+--- 2416,2423 ----
+  ASN1_INTEGER_it                         2914	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  EVP_CipherInit_ex                       2915	EXIST::FUNCTION:
+  UI_get_string_type                      2916	EXIST::FUNCTION:
+! ENGINE_unregister_DH                    2917	EXIST::FUNCTION:ENGINE
+! ENGINE_register_all_DSA                 2918	EXIST::FUNCTION:ENGINE
+  OCSP_ONEREQ_get_ext_by_critical         2919	EXIST::FUNCTION:
+  bn_dup_expand                           2920	EXIST::FUNCTION:
+  OCSP_cert_id_new                        2921	EXIST::FUNCTION:
+***************
+*** 2438,2448 ****
+  OCSP_ONEREQ_add_ext                     2934	EXIST::FUNCTION:
+  OCSP_request_sign                       2935	EXIST::FUNCTION:
+  EVP_DigestFinal_ex                      2936	EXIST::FUNCTION:
+! ENGINE_set_digests                      2937	EXIST::FUNCTION:
+  OCSP_id_issuer_cmp                      2938	EXIST::FUNCTION:
+  OBJ_NAME_do_all                         2939	EXIST::FUNCTION:
+  EC_POINTs_mul                           2940	EXIST::FUNCTION:EC
+! ENGINE_register_complete                2941	EXIST::FUNCTION:
+  X509V3_EXT_nconf_nid                    2942	EXIST::FUNCTION:
+  ASN1_SEQUENCE_it                        2943	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_SEQUENCE_it                        2943	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2438,2448 ----
+  OCSP_ONEREQ_add_ext                     2934	EXIST::FUNCTION:
+  OCSP_request_sign                       2935	EXIST::FUNCTION:
+  EVP_DigestFinal_ex                      2936	EXIST::FUNCTION:
+! ENGINE_set_digests                      2937	EXIST::FUNCTION:ENGINE
+  OCSP_id_issuer_cmp                      2938	EXIST::FUNCTION:
+  OBJ_NAME_do_all                         2939	EXIST::FUNCTION:
+  EC_POINTs_mul                           2940	EXIST::FUNCTION:EC
+! ENGINE_register_complete                2941	EXIST::FUNCTION:ENGINE
+  X509V3_EXT_nconf_nid                    2942	EXIST::FUNCTION:
+  ASN1_SEQUENCE_it                        2943	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_SEQUENCE_it                        2943	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2451,2457 ****
+  UI_method_get_writer                    2946	EXIST::FUNCTION:
+  UI_OpenSSL                              2947	EXIST::FUNCTION:
+  PEM_def_callback                        2948	EXIST::FUNCTION:
+! ENGINE_cleanup                          2949	EXIST::FUNCTION:
+  DIST_POINT_it                           2950	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  DIST_POINT_it                           2950	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  OCSP_SINGLERESP_it                      2951	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2451,2457 ----
+  UI_method_get_writer                    2946	EXIST::FUNCTION:
+  UI_OpenSSL                              2947	EXIST::FUNCTION:
+  PEM_def_callback                        2948	EXIST::FUNCTION:
+! ENGINE_cleanup                          2949	EXIST::FUNCTION:ENGINE
+  DIST_POINT_it                           2950	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  DIST_POINT_it                           2950	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  OCSP_SINGLERESP_it                      2951	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2475,2481 ****
+  OCSP_RESPDATA_it                        2968	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPDATA_it                        2968	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  d2i_OCSP_RESPDATA                       2969	EXIST::FUNCTION:
+! ENGINE_register_all_complete            2970	EXIST::FUNCTION:
+  OCSP_check_validity                     2971	EXIST::FUNCTION:
+  PKCS12_BAGS_it                          2972	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS12_BAGS_it                          2972	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2475,2481 ----
+  OCSP_RESPDATA_it                        2968	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPDATA_it                        2968	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  d2i_OCSP_RESPDATA                       2969	EXIST::FUNCTION:
+! ENGINE_register_all_complete            2970	EXIST::FUNCTION:ENGINE
+  OCSP_check_validity                     2971	EXIST::FUNCTION:
+  PKCS12_BAGS_it                          2972	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS12_BAGS_it                          2972	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2487,2493 ****
+  X509_supported_extension                2977	EXIST::FUNCTION:
+  i2d_KRB5_AUTHDATA                       2978	EXIST::FUNCTION:
+  UI_method_get_opener                    2979	EXIST::FUNCTION:
+! ENGINE_set_ex_data                      2980	EXIST::FUNCTION:
+  OCSP_REQUEST_print                      2981	EXIST::FUNCTION:
+  CBIGNUM_it                              2982	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  CBIGNUM_it                              2982	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2487,2493 ----
+  X509_supported_extension                2977	EXIST::FUNCTION:
+  i2d_KRB5_AUTHDATA                       2978	EXIST::FUNCTION:
+  UI_method_get_opener                    2979	EXIST::FUNCTION:
+! ENGINE_set_ex_data                      2980	EXIST::FUNCTION:ENGINE
+  OCSP_REQUEST_print                      2981	EXIST::FUNCTION:
+  CBIGNUM_it                              2982	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  CBIGNUM_it                              2982	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2501,2507 ****
+  BN_swap                                 2990	EXIST::FUNCTION:
+  POLICYINFO_it                           2991	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  POLICYINFO_it                           2991	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_set_destroy_function             2992	EXIST::FUNCTION:
+  asn1_enc_free                           2993	EXIST::FUNCTION:
+  OCSP_RESPID_it                          2994	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPID_it                          2994	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2501,2507 ----
+  BN_swap                                 2990	EXIST::FUNCTION:
+  POLICYINFO_it                           2991	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  POLICYINFO_it                           2991	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_set_destroy_function             2992	EXIST::FUNCTION:ENGINE
+  asn1_enc_free                           2993	EXIST::FUNCTION:
+  OCSP_RESPID_it                          2994	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  OCSP_RESPID_it                          2994	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2523,2530 ****
+  NETSCAPE_SPKI_it                        3006	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  NETSCAPE_SPKI_it                        3006	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_get0_test_string                     3007	EXIST::FUNCTION:
+! ENGINE_get_cipher_engine                3008	EXIST::FUNCTION:
+! ENGINE_register_all_ciphers             3009	EXIST::FUNCTION:
+  EC_POINT_copy                           3010	EXIST::FUNCTION:EC
+  BN_kronecker                            3011	EXIST::FUNCTION:
+  _ossl_old_des_ede3_ofb64_encrypt        3012	EXIST:!VMS:FUNCTION:DES
+--- 2523,2530 ----
+  NETSCAPE_SPKI_it                        3006	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  NETSCAPE_SPKI_it                        3006	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  UI_get0_test_string                     3007	EXIST::FUNCTION:
+! ENGINE_get_cipher_engine                3008	EXIST::FUNCTION:ENGINE
+! ENGINE_register_all_ciphers             3009	EXIST::FUNCTION:ENGINE
+  EC_POINT_copy                           3010	EXIST::FUNCTION:EC
+  BN_kronecker                            3011	EXIST::FUNCTION:
+  _ossl_old_des_ede3_ofb64_encrypt        3012	EXIST:!VMS:FUNCTION:DES
+***************
+*** 2545,2553 ****
+  AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
+  OCSP_resp_count                         3025	EXIST::FUNCTION:
+  KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
+! ENGINE_load_cswift                      3027	EXIST::FUNCTION:
+  OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
+! ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:
+  NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  NOTICEREF_it                            3030	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  X509V3_EXT_CRL_add_nconf                3031	EXIST::FUNCTION:
+--- 2545,2553 ----
+  AES_set_encrypt_key                     3024	EXIST::FUNCTION:AES
+  OCSP_resp_count                         3025	EXIST::FUNCTION:
+  KRB5_CHECKSUM_new                       3026	EXIST::FUNCTION:
+! ENGINE_load_cswift                      3027	EXIST::FUNCTION:ENGINE
+  OCSP_onereq_get0_id                     3028	EXIST::FUNCTION:
+! ENGINE_set_default_ciphers              3029	EXIST::FUNCTION:ENGINE
+  NOTICEREF_it                            3030	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  NOTICEREF_it                            3030	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  X509V3_EXT_CRL_add_nconf                3031	EXIST::FUNCTION:
+***************
+*** 2565,2571 ****
+  asn1_enc_init                           3041	EXIST::FUNCTION:
+  UI_get_result_maxsize                   3042	EXIST::FUNCTION:
+  OCSP_CERTID_new                         3043	EXIST::FUNCTION:
+! ENGINE_unregister_RAND                  3044	EXIST::FUNCTION:
+  UI_method_get_closer                    3045	EXIST::FUNCTION:
+  d2i_KRB5_ENCDATA                        3046	EXIST::FUNCTION:
+  OCSP_request_onereq_count               3047	EXIST::FUNCTION:
+--- 2565,2571 ----
+  asn1_enc_init                           3041	EXIST::FUNCTION:
+  UI_get_result_maxsize                   3042	EXIST::FUNCTION:
+  OCSP_CERTID_new                         3043	EXIST::FUNCTION:
+! ENGINE_unregister_RAND                  3044	EXIST::FUNCTION:ENGINE
+  UI_method_get_closer                    3045	EXIST::FUNCTION:
+  d2i_KRB5_ENCDATA                        3046	EXIST::FUNCTION:
+  OCSP_request_onereq_count               3047	EXIST::FUNCTION:
+***************
+*** 2576,2582 ****
+  i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
+  i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
+  asn1_enc_save                           3054	EXIST::FUNCTION:
+! ENGINE_load_nuron                       3055	EXIST::FUNCTION:
+  _ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
+  PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+--- 2576,2582 ----
+  i2d_EXTENDED_KEY_USAGE                  3052	EXIST::FUNCTION:
+  i2d_OCSP_SIGNATURE                      3053	EXIST::FUNCTION:
+  asn1_enc_save                           3054	EXIST::FUNCTION:
+! ENGINE_load_nuron                       3055	EXIST::FUNCTION:ENGINE
+  _ossl_old_des_pcbc_encrypt              3056	EXIST::FUNCTION:DES
+  PKCS12_MAC_DATA_it                      3057	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  PKCS12_MAC_DATA_it                      3057	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+***************
+*** 2598,2612 ****
+  EC_POINT_dbl                            3070	EXIST::FUNCTION:EC
+  asn1_get_choice_selector                3071	EXIST::FUNCTION:
+  i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
+! ENGINE_set_table_flags                  3073	EXIST::FUNCTION:
+  AES_options                             3074	EXIST::FUNCTION:AES
+! ENGINE_load_chil                        3075	EXIST::FUNCTION:
+  OCSP_id_cmp                             3076	EXIST::FUNCTION:
+  OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
+  KRB5_APREQ_it                           3079	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_APREQ_it                           3079	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_destroy_function             3080	EXIST::FUNCTION:
+  CONF_set_nconf                          3081	EXIST::FUNCTION:
+  ASN1_PRINTABLE_free                     3082	EXIST::FUNCTION:
+  OCSP_BASICRESP_get_ext_by_NID           3083	EXIST::FUNCTION:
+--- 2598,2612 ----
+  EC_POINT_dbl                            3070	EXIST::FUNCTION:EC
+  asn1_get_choice_selector                3071	EXIST::FUNCTION:
+  i2d_KRB5_CHECKSUM                       3072	EXIST::FUNCTION:
+! ENGINE_set_table_flags                  3073	EXIST::FUNCTION:ENGINE
+  AES_options                             3074	EXIST::FUNCTION:AES
+! ENGINE_load_chil                        3075	EXIST::FUNCTION:ENGINE
+  OCSP_id_cmp                             3076	EXIST::FUNCTION:
+  OCSP_BASICRESP_new                      3077	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext_by_NID             3078	EXIST::FUNCTION:
+  KRB5_APREQ_it                           3079	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  KRB5_APREQ_it                           3079	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_destroy_function             3080	EXIST::FUNCTION:ENGINE
+  CONF_set_nconf                          3081	EXIST::FUNCTION:
+  ASN1_PRINTABLE_free                     3082	EXIST::FUNCTION:
+  OCSP_BASICRESP_get_ext_by_NID           3083	EXIST::FUNCTION:
+***************
+*** 2667,2673 ****
+  OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
+! ENGINE_load_atalla                      3130	EXIST::FUNCTION:
+  X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+--- 2667,2673 ----
+  OCSP_CRLID_it                           3127	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  i2d_KRB5_AUTHENTBODY                    3128	EXIST::FUNCTION:
+  OCSP_REQUEST_get_ext_count              3129	EXIST::FUNCTION:
+! ENGINE_load_atalla                      3130	EXIST::FUNCTION:ENGINE
+  X509_NAME_it                            3131	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  X509_NAME_it                            3131	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  USERNOTICE_it                           3132	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+***************
+*** 2685,2691 ****
+  ASN1_item_ex_free                       3141	EXIST::FUNCTION:
+  ASN1_BOOLEAN_it                         3142	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_BOOLEAN_it                         3142	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_table_flags                  3143	EXIST::FUNCTION:
+  UI_create_method                        3144	EXIST::FUNCTION:
+  OCSP_ONEREQ_add1_ext_i2d                3145	EXIST::FUNCTION:
+  _shadow_DES_check_key                   3146	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+--- 2685,2691 ----
+  ASN1_item_ex_free                       3141	EXIST::FUNCTION:
+  ASN1_BOOLEAN_it                         3142	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  ASN1_BOOLEAN_it                         3142	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+! ENGINE_get_table_flags                  3143	EXIST::FUNCTION:ENGINE
+  UI_create_method                        3144	EXIST::FUNCTION:
+  OCSP_ONEREQ_add1_ext_i2d                3145	EXIST::FUNCTION:
+  _shadow_DES_check_key                   3146	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:DES
+***************
+*** 2709,2715 ****
+  PKCS7_it                                3160	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  OCSP_REQUEST_get_ext_by_critical        3161	EXIST:!VMS:FUNCTION:
+  OCSP_REQUEST_get_ext_by_crit            3161	EXIST:VMS:FUNCTION:
+! ENGINE_set_flags                        3162	EXIST::FUNCTION:
+  _ossl_old_des_ecb_encrypt               3163	EXIST::FUNCTION:DES
+  OCSP_response_get1_basic                3164	EXIST::FUNCTION:
+  EVP_Digest                              3165	EXIST::FUNCTION:
+--- 2709,2715 ----
+  PKCS7_it                                3160	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  OCSP_REQUEST_get_ext_by_critical        3161	EXIST:!VMS:FUNCTION:
+  OCSP_REQUEST_get_ext_by_crit            3161	EXIST:VMS:FUNCTION:
+! ENGINE_set_flags                        3162	EXIST::FUNCTION:ENGINE
+  _ossl_old_des_ecb_encrypt               3163	EXIST::FUNCTION:DES
+  OCSP_response_get1_basic                3164	EXIST::FUNCTION:
+  EVP_Digest                              3165	EXIST::FUNCTION:
+***************
+*** 2721,2728 ****
+  BIGNUM_it                               3170	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  BIGNUM_it                               3170	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  AES_cbc_encrypt                         3171	EXIST::FUNCTION:AES
+! ENGINE_get_load_privkey_function        3172	EXIST:!VMS:FUNCTION:
+! ENGINE_get_load_privkey_fn              3172	EXIST:VMS:FUNCTION:
+  OCSP_RESPONSE_free                      3173	EXIST::FUNCTION:
+  UI_method_set_reader                    3174	EXIST::FUNCTION:
+  i2d_ASN1_T61STRING                      3175	EXIST::FUNCTION:
+--- 2721,2728 ----
+  BIGNUM_it                               3170	EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
+  BIGNUM_it                               3170	EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
+  AES_cbc_encrypt                         3171	EXIST::FUNCTION:AES
+! ENGINE_get_load_privkey_function        3172	EXIST:!VMS:FUNCTION:ENGINE
+! ENGINE_get_load_privkey_fn              3172	EXIST:VMS:FUNCTION:ENGINE
+  OCSP_RESPONSE_free                      3173	EXIST::FUNCTION:
+  UI_method_set_reader                    3174	EXIST::FUNCTION:
+  i2d_ASN1_T61STRING                      3175	EXIST::FUNCTION:
+***************
+*** 2736,2742 ****
+  OCSP_crlID2_new                         3181	EXIST:OS2,VMS,WIN16:FUNCTION:
+  CONF_modules_load_file                  3182	EXIST::FUNCTION:
+  CONF_imodule_set_usr_data               3183	EXIST::FUNCTION:
+! ENGINE_set_default_string               3184	EXIST::FUNCTION:
+  CONF_module_get_usr_data                3185	EXIST::FUNCTION:
+  ASN1_add_oid_module                     3186	EXIST::FUNCTION:
+  CONF_modules_finish                     3187	EXIST::FUNCTION:
+--- 2736,2742 ----
+  OCSP_crlID2_new                         3181	EXIST:OS2,VMS,WIN16:FUNCTION:
+  CONF_modules_load_file                  3182	EXIST::FUNCTION:
+  CONF_imodule_set_usr_data               3183	EXIST::FUNCTION:
+! ENGINE_set_default_string               3184	EXIST::FUNCTION:ENGINE
+  CONF_module_get_usr_data                3185	EXIST::FUNCTION:
+  ASN1_add_oid_module                     3186	EXIST::FUNCTION:
+  CONF_modules_finish                     3187	EXIST::FUNCTION:
+***************
+*** 2754,2760 ****
+  ERR_peek_top_error                      3199	NOEXIST::FUNCTION:
+  CONF_imodule_get_usr_data               3200	EXIST::FUNCTION:
+  CONF_imodule_set_flags                  3201	EXIST::FUNCTION:
+! ENGINE_add_conf_module                  3202	EXIST::FUNCTION:
+  ERR_peek_last_error_line                3203	EXIST::FUNCTION:
+  ERR_peek_last_error_line_data           3204	EXIST::FUNCTION:
+  ERR_peek_last_error                     3205	EXIST::FUNCTION:
+--- 2754,2760 ----
+  ERR_peek_top_error                      3199	NOEXIST::FUNCTION:
+  CONF_imodule_get_usr_data               3200	EXIST::FUNCTION:
+  CONF_imodule_set_flags                  3201	EXIST::FUNCTION:
+! ENGINE_add_conf_module                  3202	EXIST::FUNCTION:ENGINE
+  ERR_peek_last_error_line                3203	EXIST::FUNCTION:
+  ERR_peek_last_error_line_data           3204	EXIST::FUNCTION:
+  ERR_peek_last_error                     3205	EXIST::FUNCTION:
+***************
+*** 2762,2769 ****
+  DES_read_password                       3207	EXIST::FUNCTION:DES
+  UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
+  UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
+! ENGINE_load_aep                         3210	EXIST::FUNCTION:
+! ENGINE_load_sureware                    3211	EXIST::FUNCTION:
+  OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
+  OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
+  OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
+--- 2762,2769 ----
+  DES_read_password                       3207	EXIST::FUNCTION:DES
+  UI_UTIL_read_pw                         3208	EXIST::FUNCTION:
+  UI_UTIL_read_pw_string                  3209	EXIST::FUNCTION:
+! ENGINE_load_aep                         3210	EXIST::FUNCTION:ENGINE
+! ENGINE_load_sureware                    3211	EXIST::FUNCTION:ENGINE
+  OPENSSL_add_all_algorithms_noconf       3212	EXIST:!VMS:FUNCTION:
+  OPENSSL_add_all_algo_noconf             3212	EXIST:VMS:FUNCTION:
+  OPENSSL_add_all_algorithms_conf         3213	EXIST:!VMS:FUNCTION:
+***************
+*** 2772,2778 ****
+  AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
+  AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
+  AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
+! ENGINE_load_4758cca                     3218	EXIST::FUNCTION:
+  _ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
+  EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
+  EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
+--- 2772,2778 ----
+  AES_ofb128_encrypt                      3215	EXIST::FUNCTION:AES
+  AES_ctr128_encrypt                      3216	EXIST::FUNCTION:AES
+  AES_cfb128_encrypt                      3217	EXIST::FUNCTION:AES
+! ENGINE_load_4758cca                     3218	EXIST::FUNCTION:ENGINE
+  _ossl_096_des_random_seed               3219	EXIST::FUNCTION:DES
+  EVP_aes_256_ofb                         3220	EXIST::FUNCTION:AES
+  EVP_aes_192_ofb                         3221	EXIST::FUNCTION:AES
+***************
+*** 2793,2799 ****
+  d2i_ASN1_UNIVERSALSTRING                3235	EXIST::FUNCTION:
+  EVP_des_ede3_ecb                        3236	EXIST::FUNCTION:DES
+  X509_REQ_print_ex                       3237	EXIST::FUNCTION:BIO
+! ENGINE_up_ref                           3238	EXIST::FUNCTION:
+  BUF_MEM_grow_clean                      3239	EXIST::FUNCTION:
+  CRYPTO_realloc_clean                    3240	EXIST::FUNCTION:
+  BUF_strlcat                             3241	EXIST::FUNCTION:
+--- 2793,2799 ----
+  d2i_ASN1_UNIVERSALSTRING                3235	EXIST::FUNCTION:
+  EVP_des_ede3_ecb                        3236	EXIST::FUNCTION:DES
+  X509_REQ_print_ex                       3237	EXIST::FUNCTION:BIO
+! ENGINE_up_ref                           3238	EXIST::FUNCTION:ENGINE
+  BUF_MEM_grow_clean                      3239	EXIST::FUNCTION:
+  CRYPTO_realloc_clean                    3240	EXIST::FUNCTION:
+  BUF_strlcat                             3241	EXIST::FUNCTION:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mk1mf.pl ../RELENG_4/crypto/openssl/util/mk1mf.pl
+*** crypto/openssl/util/mk1mf.pl	Mon Feb 24 20:42:51 2003
+--- ../RELENG_4/crypto/openssl/util/mk1mf.pl	Mon Feb 24 21:15:00 2003
+***************
+*** 64,69 ****
+--- 64,71 ----
+  	no-asm 					- No x86 asm
+  	no-krb5					- No KRB5
+  	no-ec					- No EC
++ 	no-engine				- No engine
++ 	no-hw					- No hw
+  	nasm 					- Use NASM for x86 asm
+  	gaswin					- Use GNU as with Mingw32
+  	no-socks				- No socket code
+***************
+*** 218,224 ****
+  $cflags.=" -DOPENSSL_NO_MD5"  if $no_md5;
+  $cflags.=" -DOPENSSL_NO_SHA"  if $no_sha;
+  $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
+! $cflags.=" -DOPENSSL_NO_RIPEMD" if $no_rmd160;
+  $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
+  $cflags.=" -DOPENSSL_NO_BF"  if $no_bf;
+  $cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
+--- 220,226 ----
+  $cflags.=" -DOPENSSL_NO_MD5"  if $no_md5;
+  $cflags.=" -DOPENSSL_NO_SHA"  if $no_sha;
+  $cflags.=" -DOPENSSL_NO_SHA1" if $no_sha1;
+! $cflags.=" -DOPENSSL_NO_RIPEMD" if $no_ripemd;
+  $cflags.=" -DOPENSSL_NO_MDC2" if $no_mdc2;
+  $cflags.=" -DOPENSSL_NO_BF"  if $no_bf;
+  $cflags.=" -DOPENSSL_NO_CAST" if $no_cast;
+***************
+*** 232,237 ****
+--- 234,241 ----
+  $cflags.=" -DOPENSSL_NO_ERR"  if $no_err;
+  $cflags.=" -DOPENSSL_NO_KRB5" if $no_krb5;
+  $cflags.=" -DOPENSSL_NO_EC"   if $no_ec;
++ $cflags.=" -DOPENSSL_NO_ENGINE"   if $no_engine;
++ $cflags.=" -DOPENSSL_NO_HW"   if $no_hw;
+  #$cflags.=" -DRSAref"  if $rsaref ne "";
+  
+  ## if ($unix)
+***************
+*** 648,653 ****
+--- 652,659 ----
+  	local($dir,$val)=@_;
+  	local(@a,$_,$ret);
+  
++ 	return("") if $no_engine && $dir =~ /\/engine/;
++ 	return("") if $no_hw   && $dir =~ /\/hw/;
+  	return("") if $no_idea && $dir =~ /\/idea/;
+  	return("") if $no_aes  && $dir =~ /\/aes/;
+  	return("") if $no_rc2  && $dir =~ /\/rc2/;
+***************
+*** 691,697 ****
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+--- 697,703 ----
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+***************
+*** 708,713 ****
+--- 714,721 ----
+  	@a=grep(!/(^sha1)|(_sha1$)|(m_dss1$)/,@a) if $no_sha1;
+  	@a=grep(!/_mdc2$/,@a) if $no_mdc2;
+  
++ 	@a=grep(!/^engine$/,@a) if $no_engine;
++ 	@a=grep(!/^hw$/,@a) if $no_hw;
+  	@a=grep(!/(^rsa$)|(^genrsa$)/,@a) if $no_rsa;
+  	@a=grep(!/(^dsa$)|(^gendsa$)|(^dsaparam$)/,@a) if $no_dsa;
+  	@a=grep(!/^gendsa$/,@a) if $no_sha1;
+***************
+*** 901,910 ****
+  	elsif (/^no-sock$/)	{ $no_sock=1; }
+  	elsif (/^no-krb5$/)	{ $no_krb5=1; }
+  	elsif (/^no-ec$/)	{ $no_ec=1; }
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1;
+  				  $no_aes=1; }
+  
+  	elsif (/^rsaref$/)	{ }
+--- 909,920 ----
+  	elsif (/^no-sock$/)	{ $no_sock=1; }
+  	elsif (/^no-krb5$/)	{ $no_krb5=1; }
+  	elsif (/^no-ec$/)	{ $no_ec=1; }
++ 	elsif (/^no-engine$/)	{ $no_engine=1; }
++ 	elsif (/^no-hw$/)	{ $no_hw=1; }
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_ripemd=$no_rc5=1;
+  				  $no_aes=1; }
+  
+  	elsif (/^rsaref$/)	{ }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkdef.pl ../RELENG_4/crypto/openssl/util/mkdef.pl
+*** crypto/openssl/util/mkdef.pl	Mon Feb 24 20:42:51 2003
+--- ../RELENG_4/crypto/openssl/util/mkdef.pl	Mon Feb 24 21:15:00 2003
+***************
+*** 91,97 ****
+  			 "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
+  			 "LOCKING",
+  			 # External "algorithms"
+! 			 "FP_API", "STDIO", "SOCK", "KRB5" );
+  
+  my $options="";
+  open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
+--- 91,97 ----
+  			 "BIO", "COMP", "BUFFER", "LHASH", "STACK", "ERR",
+  			 "LOCKING",
+  			 # External "algorithms"
+! 			 "FP_API", "STDIO", "SOCK", "KRB5", "ENGINE", "HW" );
+  
+  my $options="";
+  open(IN,"<Makefile.ssl") || die "unable to open Makefile.ssl!\n";
+***************
+*** 107,113 ****
+  my $no_cast;
+  my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+  my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+! my $no_ec;
+  my $no_fp_api;
+  
+  foreach (@ARGV, split(/ /, $options))
+--- 107,113 ----
+  my $no_cast;
+  my $no_md2; my $no_md4; my $no_md5; my $no_sha; my $no_ripemd; my $no_mdc2;
+  my $no_rsa; my $no_dsa; my $no_dh; my $no_hmac=0; my $no_aes; my $no_krb5;
+! my $no_ec; my $no_engine; my $no_hw;
+  my $no_fp_api;
+  
+  foreach (@ARGV, split(/ /, $options))
+***************
+*** 176,181 ****
+--- 176,183 ----
+  	elsif (/^no-comp$/)	{ $no_comp=1; }
+  	elsif (/^no-dso$/)	{ $no_dso=1; }
+  	elsif (/^no-krb5$/)	{ $no_krb5=1; }
++ 	elsif (/^no-engine$/)	{ $no_engine=1; }
++ 	elsif (/^no-hw$/)	{ $no_hw=1; }
+  	}
+  
+  
+***************
+*** 235,241 ****
+  $crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
+  $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
+  
+! $crypto.=" crypto/engine/engine.h";
+  $crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
+  $crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
+  $crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
+--- 237,243 ----
+  $crypto.=" crypto/ec/ec.h" ; # unless $no_ec;
+  $crypto.=" crypto/hmac/hmac.h" ; # unless $no_hmac;
+  
+! $crypto.=" crypto/engine/engine.h"; # unless $no_engine;
+  $crypto.=" crypto/stack/stack.h" ; # unless $no_stack;
+  $crypto.=" crypto/buffer/buffer.h" ; # unless $no_buffer;
+  $crypto.=" crypto/bio/bio.h" ; # unless $no_bio;
+***************
+*** 1052,1057 ****
+--- 1054,1061 ----
+  			if ($keyword eq "COMP" && $no_comp) { return 0; }
+  			if ($keyword eq "DSO" && $no_dso) { return 0; }
+  			if ($keyword eq "KRB5" && $no_krb5) { return 0; }
++ 			if ($keyword eq "ENGINE" && $no_engine) { return 0; }
++ 			if ($keyword eq "HW" && $no_hw) { return 0; }
+  			if ($keyword eq "FP_API" && $no_fp_api) { return 0; }
+  
+  			# Nothing recognise as true
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/ssleay.num ../RELENG_4/crypto/openssl/util/ssleay.num
+*** crypto/openssl/util/ssleay.num	Mon Feb 24 20:42:51 2003
+--- ../RELENG_4/crypto/openssl/util/ssleay.num	Mon Feb 24 21:15:00 2003
+***************
+*** 169,175 ****
+  SSL_add_file_cert_subjs_to_stk          185	EXIST:VMS:FUNCTION:STDIO
+  SSL_set_tmp_rsa_callback                186	EXIST::FUNCTION:RSA
+  SSL_set_tmp_dh_callback                 187	EXIST::FUNCTION:DH
+! SSL_add_dir_cert_subjects_to_stack      188	EXIST:!VMS,!WIN32:FUNCTION:STDIO
+  SSL_add_dir_cert_subjs_to_stk           188	NOEXIST::FUNCTION:
+  SSL_set_session_id_context              189	EXIST::FUNCTION:
+  SSL_CTX_use_certificate_chain_file      222	EXIST:!VMS:FUNCTION:STDIO
+--- 169,175 ----
+  SSL_add_file_cert_subjs_to_stk          185	EXIST:VMS:FUNCTION:STDIO
+  SSL_set_tmp_rsa_callback                186	EXIST::FUNCTION:RSA
+  SSL_set_tmp_dh_callback                 187	EXIST::FUNCTION:DH
+! SSL_add_dir_cert_subjects_to_stack      188	EXIST:!VMS:FUNCTION:STDIO
+  SSL_add_dir_cert_subjs_to_stk           188	NOEXIST::FUNCTION:
+  SSL_set_session_id_context              189	EXIST::FUNCTION:
+  SSL_CTX_use_certificate_chain_file      222	EXIST:!VMS:FUNCTION:STDIO
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/Makefile.inc ../RELENG_4/secure/lib/libcrypto/Makefile.inc
+*** secure/lib/libcrypto/Makefile.inc	Mon Feb 24 20:43:37 2003
+--- ../RELENG_4/secure/lib/libcrypto/Makefile.inc	Mon Feb 24 21:15:46 2003
+***************
+*** 116,122 ****
+  	@(sec=${manpage:E}; \
+  	pod=${manpage:R}.pod; \
+  	cp ${LCRYPTO_DOC}/${_docs}/$$pod .; \
+! 	pod2man --section=$$sec --release="0.9.7" --center="OpenSSL" \
+  	  $$pod > ${.CURDIR}/man/${manpage}; \
+  	rm $$pod; \
+  	${ECHO} ${manpage})
+--- 116,122 ----
+  	@(sec=${manpage:E}; \
+  	pod=${manpage:R}.pod; \
+  	cp ${LCRYPTO_DOC}/${_docs}/$$pod .; \
+! 	pod2man --section=$$sec --release="0.9.7a" --center="OpenSSL" \
+  	  $$pod > ${.CURDIR}/man/${manpage}; \
+  	rm $$pod; \
+  	${ECHO} ${manpage})
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ASN1_OBJECT_new.3 ../RELENG_4/secure/lib/libcrypto/man/ASN1_OBJECT_new.3
+*** secure/lib/libcrypto/man/ASN1_OBJECT_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ASN1_OBJECT_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_OBJECT_new 3"
+! .TH ASN1_OBJECT_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_OBJECT_new 3"
+! .TH ASN1_OBJECT_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_OBJECT_new, ASN1_OBJECT_free, \- object allocation functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ASN1_STRING_length.3 ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_length.3
+*** secure/lib/libcrypto/man/ASN1_STRING_length.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_length.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_length 3"
+! .TH ASN1_STRING_length 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_length 3"
+! .TH ASN1_STRING_length 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_dup, ASN1_STRING_cmp, ASN1_STRING_set, ASN1_STRING_length,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ASN1_STRING_new.3 ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_new.3
+*** secure/lib/libcrypto/man/ASN1_STRING_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_new 3"
+! .TH ASN1_STRING_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_new 3"
+! .TH ASN1_STRING_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_new, ASN1_STRING_type_new, ASN1_STRING_free \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ASN1_STRING_print_ex.3 ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3
+*** secure/lib/libcrypto/man/ASN1_STRING_print_ex.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ASN1_STRING_print_ex.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_print_ex 3"
+! .TH ASN1_STRING_print_ex 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp \- \s-1ASN1_STRING\s0 output routines.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1_STRING_print_ex 3"
+! .TH ASN1_STRING_print_ex 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ASN1_STRING_print_ex, ASN1_STRING_print_ex_fp \- \s-1ASN1_STRING\s0 output routines.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_ctrl.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_ctrl.3
+*** secure/lib/libcrypto/man/BIO_ctrl.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_ctrl.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_ctrl 3"
+! .TH BIO_ctrl 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_ctrl 3"
+! .TH BIO_ctrl 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_base64.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_base64.3
+*** secure/lib/libcrypto/man/BIO_f_base64.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_base64.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_base64 3"
+! .TH BIO_f_base64 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_base64 \- base64 \s-1BIO\s0 filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_base64 3"
+! .TH BIO_f_base64 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_base64 \- base64 \s-1BIO\s0 filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_buffer.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_buffer.3
+*** secure/lib/libcrypto/man/BIO_f_buffer.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_buffer.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_buffer 3"
+! .TH BIO_f_buffer 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_buffer \- buffering \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_buffer 3"
+! .TH BIO_f_buffer 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_buffer \- buffering \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_cipher.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_cipher.3
+*** secure/lib/libcrypto/man/BIO_f_cipher.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_cipher.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_cipher 3"
+! .TH BIO_f_cipher 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_cipher 3"
+! .TH BIO_f_cipher 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_md.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_md.3
+*** secure/lib/libcrypto/man/BIO_f_md.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_md.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_md 3"
+! .TH BIO_f_md 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_md 3"
+! .TH BIO_f_md 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_null.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_null.3
+*** secure/lib/libcrypto/man/BIO_f_null.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_null.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_null 3"
+! .TH BIO_f_null 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_null \- null filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_null 3"
+! .TH BIO_f_null 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_null \- null filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_ssl.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_f_ssl.3
+*** secure/lib/libcrypto/man/BIO_f_ssl.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_f_ssl.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_ssl 3"
+! .TH BIO_f_ssl 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_ssl 3"
+! .TH BIO_f_ssl 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_find_type.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_find_type.3
+*** secure/lib/libcrypto/man/BIO_find_type.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_find_type.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_find_type 3"
+! .TH BIO_find_type 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_find_type 3"
+! .TH BIO_find_type 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_new.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_new.3
+*** secure/lib/libcrypto/man/BIO_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_new 3"
+! .TH BIO_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_new 3"
+! .TH BIO_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_push.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_push.3
+*** secure/lib/libcrypto/man/BIO_push.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_push.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_push 3"
+! .TH BIO_push 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_push, BIO_pop \- add and remove BIOs from a chain.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_push 3"
+! .TH BIO_push 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_push, BIO_pop \- add and remove BIOs from a chain.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_read.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_read.3
+*** secure/lib/libcrypto/man/BIO_read.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_read.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_read 3"
+! .TH BIO_read 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_read 3"
+! .TH BIO_read 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_accept.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_accept.3
+*** secure/lib/libcrypto/man/BIO_s_accept.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_accept.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_accept 3"
+! .TH BIO_s_accept 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_accept 3"
+! .TH BIO_s_accept 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_accept, BIO_set_accept_port, BIO_get_accept_port,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_bio.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_bio.3
+*** secure/lib/libcrypto/man/BIO_s_bio.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_bio.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_bio 3"
+! .TH BIO_s_bio 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, 
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_bio 3"
+! .TH BIO_s_bio 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, 
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_connect.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_connect.3
+*** secure/lib/libcrypto/man/BIO_s_connect.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_connect.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_connect 3"
+! .TH BIO_s_connect 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_connect 3"
+! .TH BIO_s_connect 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_fd.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_fd.3
+*** secure/lib/libcrypto/man/BIO_s_fd.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_fd.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_fd 3"
+! .TH BIO_s_fd 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_fd 3"
+! .TH BIO_s_fd 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_file.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_file.3
+*** secure/lib/libcrypto/man/BIO_s_file.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_file.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_file 3"
+! .TH BIO_s_file 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_file 3"
+! .TH BIO_s_file 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_mem.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_mem.3
+*** secure/lib/libcrypto/man/BIO_s_mem.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_mem.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_mem 3"
+! .TH BIO_s_mem 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_mem 3"
+! .TH BIO_s_mem 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_null.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_null.3
+*** secure/lib/libcrypto/man/BIO_s_null.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_null.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_null 3"
+! .TH BIO_s_null 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_null \- null data sink
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_null 3"
+! .TH BIO_s_null 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_null \- null data sink
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_socket.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_s_socket.3
+*** secure/lib/libcrypto/man/BIO_s_socket.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_s_socket.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_socket 3"
+! .TH BIO_s_socket 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_socket 3"
+! .TH BIO_s_socket 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_set_callback.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_set_callback.3
+*** secure/lib/libcrypto/man/BIO_set_callback.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_set_callback.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_set_callback 3"
+! .TH BIO_set_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_set_callback 3"
+! .TH BIO_set_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_should_retry.3 ../RELENG_4/secure/lib/libcrypto/man/BIO_should_retry.3
+*** secure/lib/libcrypto/man/BIO_should_retry.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BIO_should_retry.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_should_retry 3"
+! .TH BIO_should_retry 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_should_retry, BIO_should_read, BIO_should_write,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_should_retry 3"
+! .TH BIO_should_retry 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_should_retry, BIO_should_read, BIO_should_write,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_CTX_new.3 ../RELENG_4/secure/lib/libcrypto/man/BN_CTX_new.3
+*** secure/lib/libcrypto/man/BN_CTX_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_CTX_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_new 3"
+! .TH BN_CTX_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_new 3"
+! .TH BN_CTX_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_CTX_start.3 ../RELENG_4/secure/lib/libcrypto/man/BN_CTX_start.3
+*** secure/lib/libcrypto/man/BN_CTX_start.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_CTX_start.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_start 3"
+! .TH BN_CTX_start 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_start 3"
+! .TH BN_CTX_start 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_add.3 ../RELENG_4/secure/lib/libcrypto/man/BN_add.3
+*** secure/lib/libcrypto/man/BN_add.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_add.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add 3"
+! .TH BN_add 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add 3"
+! .TH BN_add 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add, BN_sub, BN_mul, BN_sqr, BN_div, BN_mod, BN_nnmod, BN_mod_add,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_add_word.3 ../RELENG_4/secure/lib/libcrypto/man/BN_add_word.3
+*** secure/lib/libcrypto/man/BN_add_word.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_add_word.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add_word 3"
+! .TH BN_add_word 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add_word 3"
+! .TH BN_add_word 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_bn2bin.3 ../RELENG_4/secure/lib/libcrypto/man/BN_bn2bin.3
+*** secure/lib/libcrypto/man/BN_bn2bin.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_bn2bin.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_bn2bin 3"
+! .TH BN_bn2bin 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_bn2bin 3"
+! .TH BN_bn2bin 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_cmp.3 ../RELENG_4/secure/lib/libcrypto/man/BN_cmp.3
+*** secure/lib/libcrypto/man/BN_cmp.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_cmp.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_cmp 3"
+! .TH BN_cmp 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_cmp 3"
+! .TH BN_cmp 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_copy.3 ../RELENG_4/secure/lib/libcrypto/man/BN_copy.3
+*** secure/lib/libcrypto/man/BN_copy.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_copy.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_copy 3"
+! .TH BN_copy 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_copy, BN_dup \- copy BIGNUMs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_copy 3"
+! .TH BN_copy 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_copy, BN_dup \- copy BIGNUMs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_generate_prime.3 ../RELENG_4/secure/lib/libcrypto/man/BN_generate_prime.3
+*** secure/lib/libcrypto/man/BN_generate_prime.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_generate_prime.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_generate_prime 3"
+! .TH BN_generate_prime 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_generate_prime 3"
+! .TH BN_generate_prime 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality
+***************
+*** 202,208 ****
+  .PP
+  Both \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR perform a Miller-Rabin
+  probabilistic primality test with \fBchecks\fR iterations. If
+! \&\fBchecks == BN_prime_check\fR, a number of iterations is used that
+  yields a false positive rate of at most 2^\-80 for random input.
+  .PP
+  If \fBcallback\fR is not \fB\s-1NULL\s0\fR, \fBcallback(1, j, cb_arg)\fR is called
+--- 202,208 ----
+  .PP
+  Both \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR perform a Miller-Rabin
+  probabilistic primality test with \fBchecks\fR iterations. If
+! \&\fBchecks == BN_prime_checks\fR, a number of iterations is used that
+  yields a false positive rate of at most 2^\-80 for random input.
+  .PP
+  If \fBcallback\fR is not \fB\s-1NULL\s0\fR, \fBcallback(1, j, cb_arg)\fR is called
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_mod_inverse.3 ../RELENG_4/secure/lib/libcrypto/man/BN_mod_inverse.3
+*** secure/lib/libcrypto/man/BN_mod_inverse.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_mod_inverse.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_inverse 3"
+! .TH BN_mod_inverse 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_inverse \- compute inverse modulo n
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_inverse 3"
+! .TH BN_mod_inverse 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_inverse \- compute inverse modulo n
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 ../RELENG_4/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+*** secure/lib/libcrypto/man/BN_mod_mul_montgomery.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_montgomery 3"
+! .TH BN_mod_mul_montgomery 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_montgomery 3"
+! .TH BN_mod_mul_montgomery 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 ../RELENG_4/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+*** secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_reciprocal 3"
+! .TH BN_mod_mul_reciprocal 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_reciprocal 3"
+! .TH BN_mod_mul_reciprocal 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_new.3 ../RELENG_4/secure/lib/libcrypto/man/BN_new.3
+*** secure/lib/libcrypto/man/BN_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_new 3"
+! .TH BN_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_new 3"
+! .TH BN_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_num_bytes.3 ../RELENG_4/secure/lib/libcrypto/man/BN_num_bytes.3
+*** secure/lib/libcrypto/man/BN_num_bytes.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_num_bytes.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_num_bytes 3"
+! .TH BN_num_bytes 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_num_bytes 3"
+! .TH BN_num_bytes 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_rand.3 ../RELENG_4/secure/lib/libcrypto/man/BN_rand.3
+*** secure/lib/libcrypto/man/BN_rand.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_rand.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_rand 3"
+! .TH BN_rand 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_rand, BN_pseudo_rand \- generate pseudo-random number
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_rand 3"
+! .TH BN_rand 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_rand, BN_pseudo_rand \- generate pseudo-random number
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_set_bit.3 ../RELENG_4/secure/lib/libcrypto/man/BN_set_bit.3
+*** secure/lib/libcrypto/man/BN_set_bit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_set_bit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_set_bit 3"
+! .TH BN_set_bit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_set_bit 3"
+! .TH BN_set_bit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_swap.3 ../RELENG_4/secure/lib/libcrypto/man/BN_swap.3
+*** secure/lib/libcrypto/man/BN_swap.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_swap.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_swap 3"
+! .TH BN_swap 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_swap \- exchange BIGNUMs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_swap 3"
+! .TH BN_swap 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_swap \- exchange BIGNUMs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_zero.3 ../RELENG_4/secure/lib/libcrypto/man/BN_zero.3
+*** secure/lib/libcrypto/man/BN_zero.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/BN_zero.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_zero 3"
+! .TH BN_zero 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_zero 3"
+! .TH BN_zero 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 ../RELENG_4/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
+*** secure/lib/libcrypto/man/CRYPTO_set_ex_data.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CRYPTO_set_ex_data 3"
+! .TH CRYPTO_set_ex_data 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CRYPTO_set_ex_data 3"
+! .TH CRYPTO_set_ex_data 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_generate_key.3 ../RELENG_4/secure/lib/libcrypto/man/DH_generate_key.3
+*** secure/lib/libcrypto/man/DH_generate_key.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_generate_key.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_key 3"
+! .TH DH_generate_key 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_key 3"
+! .TH DH_generate_key 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_generate_parameters.3 ../RELENG_4/secure/lib/libcrypto/man/DH_generate_parameters.3
+*** secure/lib/libcrypto/man/DH_generate_parameters.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_generate_parameters.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_parameters 3"
+! .TH DH_generate_parameters 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_parameters 3"
+! .TH DH_generate_parameters 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_get_ex_new_index.3 ../RELENG_4/secure/lib/libcrypto/man/DH_get_ex_new_index.3
+*** secure/lib/libcrypto/man/DH_get_ex_new_index.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_get_ex_new_index.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_get_ex_new_index 3"
+! .TH DH_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_get_ex_new_index 3"
+! .TH DH_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_new.3 ../RELENG_4/secure/lib/libcrypto/man/DH_new.3
+*** secure/lib/libcrypto/man/DH_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_new 3"
+! .TH DH_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_new, DH_free \- allocate and free \s-1DH\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_new 3"
+! .TH DH_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_new, DH_free \- allocate and free \s-1DH\s0 objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_set_method.3 ../RELENG_4/secure/lib/libcrypto/man/DH_set_method.3
+*** secure/lib/libcrypto/man/DH_set_method.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_set_method.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_set_method 3"
+! .TH DH_set_method 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_set_default_method, DH_get_default_method,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_set_method 3"
+! .TH DH_set_method 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_set_default_method, DH_get_default_method,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_size.3 ../RELENG_4/secure/lib/libcrypto/man/DH_size.3
+*** secure/lib/libcrypto/man/DH_size.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DH_size.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_size 3"
+! .TH DH_size 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_size \- get Diffie-Hellman prime size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_size 3"
+! .TH DH_size 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_size \- get Diffie-Hellman prime size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_SIG_new.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_SIG_new.3
+*** secure/lib/libcrypto/man/DSA_SIG_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_SIG_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_SIG_new 3"
+! .TH DSA_SIG_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_SIG_new 3"
+! .TH DSA_SIG_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_do_sign.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_do_sign.3
+*** secure/lib/libcrypto/man/DSA_do_sign.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_do_sign.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_do_sign 3"
+! .TH DSA_do_sign 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_do_sign 3"
+! .TH DSA_do_sign 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_dup_DH.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_dup_DH.3
+*** secure/lib/libcrypto/man/DSA_dup_DH.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_dup_DH.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_dup_DH 3"
+! .TH DSA_dup_DH 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_dup_DH 3"
+! .TH DSA_dup_DH 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_generate_key.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_generate_key.3
+*** secure/lib/libcrypto/man/DSA_generate_key.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_generate_key.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_key 3"
+! .TH DSA_generate_key 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_key \- generate \s-1DSA\s0 key pair
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_key 3"
+! .TH DSA_generate_key 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_key \- generate \s-1DSA\s0 key pair
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_generate_parameters.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_generate_parameters.3
+*** secure/lib/libcrypto/man/DSA_generate_parameters.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_generate_parameters.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_parameters 3"
+! .TH DSA_generate_parameters 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_parameters \- generate \s-1DSA\s0 parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_parameters 3"
+! .TH DSA_generate_parameters 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_parameters \- generate \s-1DSA\s0 parameters
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_get_ex_new_index.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
+*** secure/lib/libcrypto/man/DSA_get_ex_new_index.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_get_ex_new_index.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_get_ex_new_index 3"
+! .TH DSA_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_get_ex_new_index 3"
+! .TH DSA_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_new.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_new.3
+*** secure/lib/libcrypto/man/DSA_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_new 3"
+! .TH DSA_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_new 3"
+! .TH DSA_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_set_method.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_set_method.3
+*** secure/lib/libcrypto/man/DSA_set_method.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_set_method.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_set_method 3"
+! .TH DSA_set_method 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_set_default_method, DSA_get_default_method,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_set_method 3"
+! .TH DSA_set_method 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_set_default_method, DSA_get_default_method,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_sign.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_sign.3
+*** secure/lib/libcrypto/man/DSA_sign.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_sign.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_sign 3"
+! .TH DSA_sign 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_sign 3"
+! .TH DSA_sign 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_size.3 ../RELENG_4/secure/lib/libcrypto/man/DSA_size.3
+*** secure/lib/libcrypto/man/DSA_size.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/DSA_size.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_size 3"
+! .TH DSA_size 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_size \- get \s-1DSA\s0 signature size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_size 3"
+! .TH DSA_size 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_size \- get \s-1DSA\s0 signature size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_GET_LIB.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_GET_LIB.3
+*** secure/lib/libcrypto/man/ERR_GET_LIB.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_GET_LIB.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_GET_LIB 3"
+! .TH ERR_GET_LIB 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_GET_LIB 3"
+! .TH ERR_GET_LIB 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_clear_error.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_clear_error.3
+*** secure/lib/libcrypto/man/ERR_clear_error.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_clear_error.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_clear_error 3"
+! .TH ERR_clear_error 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_clear_error \- clear the error queue
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_clear_error 3"
+! .TH ERR_clear_error 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_clear_error \- clear the error queue
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_error_string.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_error_string.3
+*** secure/lib/libcrypto/man/ERR_error_string.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_error_string.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_error_string 3"
+! .TH ERR_error_string 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_error_string 3"
+! .TH ERR_error_string 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_get_error.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_get_error.3
+*** secure/lib/libcrypto/man/ERR_get_error.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_get_error.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_get_error 3"
+! .TH ERR_get_error 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_get_error, ERR_peek_error, ERR_peek_last_error,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_get_error 3"
+! .TH ERR_get_error 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_get_error, ERR_peek_error, ERR_peek_last_error,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_load_crypto_strings.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+*** secure/lib/libcrypto/man/ERR_load_crypto_strings.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_load_crypto_strings.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_crypto_strings 3"
+! .TH ERR_load_crypto_strings 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_crypto_strings 3"
+! .TH ERR_load_crypto_strings 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_load_strings.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_load_strings.3
+*** secure/lib/libcrypto/man/ERR_load_strings.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_load_strings.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_strings 3"
+! .TH ERR_load_strings 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_strings 3"
+! .TH ERR_load_strings 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_print_errors.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_print_errors.3
+*** secure/lib/libcrypto/man/ERR_print_errors.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_print_errors.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_print_errors 3"
+! .TH ERR_print_errors 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_print_errors, ERR_print_errors_fp \- print error messages
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_print_errors 3"
+! .TH ERR_print_errors 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_print_errors, ERR_print_errors_fp \- print error messages
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_put_error.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_put_error.3
+*** secure/lib/libcrypto/man/ERR_put_error.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_put_error.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_put_error 3"
+! .TH ERR_put_error 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_put_error, ERR_add_error_data \- record an error
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_put_error 3"
+! .TH ERR_put_error 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_put_error, ERR_add_error_data \- record an error
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_remove_state.3 ../RELENG_4/secure/lib/libcrypto/man/ERR_remove_state.3
+*** secure/lib/libcrypto/man/ERR_remove_state.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ERR_remove_state.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_remove_state 3"
+! .TH ERR_remove_state 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_remove_state \- free a thread's error queue
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_remove_state 3"
+! .TH ERR_remove_state 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_remove_state \- free a thread's error queue
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_BytesToKey.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_BytesToKey.3
+*** secure/lib/libcrypto/man/EVP_BytesToKey.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_BytesToKey.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_BytesToKey 3"
+! .TH EVP_BytesToKey 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  .Vb 1
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_BytesToKey 3"
+! .TH EVP_BytesToKey 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  .Vb 1
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_DigestInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_DigestInit.3
+*** secure/lib/libcrypto/man/EVP_DigestInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_DigestInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_DigestInit 3"
+! .TH EVP_DigestInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_DigestInit 3"
+! .TH EVP_DigestInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_EncryptInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_EncryptInit.3
+*** secure/lib/libcrypto/man/EVP_EncryptInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_EncryptInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_EncryptInit 3"
+! .TH EVP_EncryptInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_EncryptInit 3"
+! .TH EVP_EncryptInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_OpenInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_OpenInit.3
+*** secure/lib/libcrypto/man/EVP_OpenInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_OpenInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_OpenInit 3"
+! .TH EVP_OpenInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_OpenInit 3"
+! .TH EVP_OpenInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_PKEY_new.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_PKEY_new.3
+*** secure/lib/libcrypto/man/EVP_PKEY_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_PKEY_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_PKEY_new 3"
+! .TH EVP_PKEY_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_PKEY_new 3"
+! .TH EVP_PKEY_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_PKEY_new, EVP_PKEY_free \- private key allocation functions.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
+*** secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_PKEY_set1_RSA.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_PKEY_set1_RSA 3"
+! .TH EVP_PKEY_set1_RSA 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_PKEY_set1_RSA 3"
+! .TH EVP_PKEY_set1_RSA 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_PKEY_set1_RSA, EVP_PKEY_set1_DSA, EVP_PKEY_set1_DH, EVP_PKEY_set1_EC_KEY,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_SealInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_SealInit.3
+*** secure/lib/libcrypto/man/EVP_SealInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_SealInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SealInit 3"
+! .TH EVP_SealInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SealInit 3"
+! .TH EVP_SealInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption
+***************
+*** 158,178 ****
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \s-1EVP\s0 envelope routines are a high level interface to envelope
+! encryption. They generate a random key and then \*(L"envelope\*(R" it by
+! using public key encryption. Data can then be encrypted using this
+! key.
+  .PP
+  \&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
+! with cipher \fBtype\fR using a random secret key and \s-1IV\s0 supplied in
+! the \fBiv\fR parameter. \fBtype\fR is normally supplied by a function such
+! as \fIEVP_des_cbc()\fR. The secret key is encrypted using one or more public
+! keys, this allows the same encrypted data to be decrypted using any
+! of the corresponding private keys. \fBek\fR is an array of buffers where
+! the public key encrypted secret key will be written, each buffer must
+! contain enough room for the corresponding encrypted key: that is
+  \&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual
+  size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is
+  an array of \fBnpubk\fR public keys.
+  .PP
+  \&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties
+  as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as 
+--- 158,184 ----
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \s-1EVP\s0 envelope routines are a high level interface to envelope
+! encryption. They generate a random key and \s-1IV\s0 (if required) then
+! \&\*(L"envelope\*(R" it by using public key encryption. Data can then be
+! encrypted using this key.
+  .PP
+  \&\fIEVP_SealInit()\fR initializes a cipher context \fBctx\fR for encryption
+! with cipher \fBtype\fR using a random secret key and \s-1IV\s0. \fBtype\fR is normally
+! supplied by a function such as \fIEVP_des_cbc()\fR. The secret key is encrypted
+! using one or more public keys, this allows the same encrypted data to be
+! decrypted using any of the corresponding private keys. \fBek\fR is an array of
+! buffers where the public key encrypted secret key will be written, each buffer
+! must contain enough room for the corresponding encrypted key: that is
+  \&\fBek[i]\fR must have room for \fBEVP_PKEY_size(pubk[i])\fR bytes. The actual
+  size of each encrypted secret key is written to the array \fBekl\fR. \fBpubk\fR is
+  an array of \fBnpubk\fR public keys.
++ .PP
++ The \fBiv\fR parameter is a buffer where the generated \s-1IV\s0 is written to. It must
++ contain enough room for the corresponding cipher's \s-1IV\s0, as determined by (for
++ example) EVP_CIPHER_iv_length(type).
++ .PP
++ If the cipher does not require an \s-1IV\s0 then the \fBiv\fR parameter is ignored
++ and can be \fB\s-1NULL\s0\fR.
+  .PP
+  \&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR have exactly the same properties
+  as the \fIEVP_EncryptUpdate()\fR and \fIEVP_EncryptFinal()\fR routines, as 
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_SignInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_SignInit.3
+*** secure/lib/libcrypto/man/EVP_SignInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_SignInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:51 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SignInit 3"
+! .TH EVP_SignInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SignInit 3"
+! .TH EVP_SignInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_VerifyInit.3 ../RELENG_4/secure/lib/libcrypto/man/EVP_VerifyInit.3
+*** secure/lib/libcrypto/man/EVP_VerifyInit.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/EVP_VerifyInit.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_VerifyInit 3"
+! .TH EVP_VerifyInit 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_VerifyInit 3"
+! .TH EVP_VerifyInit 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/OBJ_nid2obj.3 ../RELENG_4/secure/lib/libcrypto/man/OBJ_nid2obj.3
+*** secure/lib/libcrypto/man/OBJ_nid2obj.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/OBJ_nid2obj.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OBJ_nid2obj 3"
+! .TH OBJ_nid2obj 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OBJ_nid2obj 3"
+! .TH OBJ_nid2obj 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  OBJ_nid2obj, OBJ_nid2ln, OBJ_nid2sn, OBJ_obj2nid, OBJ_txt2nid, OBJ_ln2nid, OBJ_sn2nid,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 ../RELENG_4/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
+*** secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL_VERSION_NUMBER 3"
+! .TH OPENSSL_VERSION_NUMBER 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL_VERSION_NUMBER 3"
+! .TH OPENSSL_VERSION_NUMBER 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 ../RELENG_4/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+*** secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OpenSSL_add_all_algorithms 3"
+! .TH OpenSSL_add_all_algorithms 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OpenSSL_add_all_algorithms 3"
+! .TH OpenSSL_add_all_algorithms 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS12_create.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS12_create.3
+*** secure/lib/libcrypto/man/PKCS12_create.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS12_create.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:52 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12_create 3"
+! .TH PKCS12_create 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS12_create \- create a PKCS#12 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12_create 3"
+! .TH PKCS12_create 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS12_create \- create a PKCS#12 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS12_parse.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS12_parse.3
+*** secure/lib/libcrypto/man/PKCS12_parse.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS12_parse.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12_parse 3"
+! .TH PKCS12_parse 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS12_parse \- parse a PKCS#12 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12_parse 3"
+! .TH PKCS12_parse 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS12_parse \- parse a PKCS#12 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS7_decrypt.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS7_decrypt.3
+*** secure/lib/libcrypto/man/PKCS7_decrypt.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS7_decrypt.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_decrypt 3"
+! .TH PKCS7_decrypt 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_decrypt 3"
+! .TH PKCS7_decrypt 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_decrypt \- decrypt content from a PKCS#7 envelopedData structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS7_encrypt.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS7_encrypt.3
+*** secure/lib/libcrypto/man/PKCS7_encrypt.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS7_encrypt.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_encrypt 3"
+! .TH PKCS7_encrypt 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_encrypt \- create a PKCS#7 envelopedData structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_encrypt 3"
+! .TH PKCS7_encrypt 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_encrypt \- create a PKCS#7 envelopedData structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS7_sign.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS7_sign.3
+*** secure/lib/libcrypto/man/PKCS7_sign.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS7_sign.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_sign 3"
+! .TH PKCS7_sign 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_sign \- create a PKCS#7 signedData structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_sign 3"
+! .TH PKCS7_sign 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_sign \- create a PKCS#7 signedData structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/PKCS7_verify.3 ../RELENG_4/secure/lib/libcrypto/man/PKCS7_verify.3
+*** secure/lib/libcrypto/man/PKCS7_verify.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/PKCS7_verify.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_verify 3"
+! .TH PKCS7_verify 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_verify \- verify a PKCS#7 signedData structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7_verify 3"
+! .TH PKCS7_verify 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  PKCS7_verify \- verify a PKCS#7 signedData structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_add.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_add.3
+*** secure/lib/libcrypto/man/RAND_add.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_add.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_add 3"
+! .TH RAND_add 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_add 3"
+! .TH RAND_add 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_bytes.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_bytes.3
+*** secure/lib/libcrypto/man/RAND_bytes.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_bytes.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_bytes 3"
+! .TH RAND_bytes 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_bytes, RAND_pseudo_bytes \- generate random data
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_bytes 3"
+! .TH RAND_bytes 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_bytes, RAND_pseudo_bytes \- generate random data
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_cleanup.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_cleanup.3
+*** secure/lib/libcrypto/man/RAND_cleanup.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_cleanup.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_cleanup 3"
+! .TH RAND_cleanup 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_cleanup \- erase the \s-1PRNG\s0 state
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_cleanup 3"
+! .TH RAND_cleanup 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_cleanup \- erase the \s-1PRNG\s0 state
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_egd.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_egd.3
+*** secure/lib/libcrypto/man/RAND_egd.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_egd.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_egd 3"
+! .TH RAND_egd 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_egd \- query entropy gathering daemon
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_egd 3"
+! .TH RAND_egd 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_egd \- query entropy gathering daemon
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_load_file.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_load_file.3
+*** secure/lib/libcrypto/man/RAND_load_file.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_load_file.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_load_file 3"
+! .TH RAND_load_file 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_load_file 3"
+! .TH RAND_load_file 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_set_rand_method.3 ../RELENG_4/secure/lib/libcrypto/man/RAND_set_rand_method.3
+*** secure/lib/libcrypto/man/RAND_set_rand_method.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RAND_set_rand_method.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_set_rand_method 3"
+! .TH RAND_set_rand_method 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_set_rand_method 3"
+! .TH RAND_set_rand_method 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_blinding_on.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_blinding_on.3
+*** secure/lib/libcrypto/man/RSA_blinding_on.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_blinding_on.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_blinding_on 3"
+! .TH RSA_blinding_on 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_blinding_on 3"
+! .TH RSA_blinding_on 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_check_key.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_check_key.3
+*** secure/lib/libcrypto/man/RSA_check_key.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_check_key.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_check_key 3"
+! .TH RSA_check_key 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_check_key \- validate private \s-1RSA\s0 keys
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_check_key 3"
+! .TH RSA_check_key 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_check_key \- validate private \s-1RSA\s0 keys
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_generate_key.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_generate_key.3
+*** secure/lib/libcrypto/man/RSA_generate_key.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_generate_key.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_generate_key 3"
+! .TH RSA_generate_key 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_generate_key \- generate \s-1RSA\s0 key pair
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_generate_key 3"
+! .TH RSA_generate_key 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_generate_key \- generate \s-1RSA\s0 key pair
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_get_ex_new_index.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
+*** secure/lib/libcrypto/man/RSA_get_ex_new_index.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_get_ex_new_index.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_get_ex_new_index 3"
+! .TH RSA_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_get_ex_new_index 3"
+! .TH RSA_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_new.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_new.3
+*** secure/lib/libcrypto/man/RSA_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_new 3"
+! .TH RSA_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_new 3"
+! .TH RSA_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
+*** secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_padding_add_PKCS1_type_1 3"
+! .TH RSA_padding_add_PKCS1_type_1 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_padding_add_PKCS1_type_1 3"
+! .TH RSA_padding_add_PKCS1_type_1 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_print.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_print.3
+*** secure/lib/libcrypto/man/RSA_print.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_print.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_print 3"
+! .TH RSA_print 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_print, RSA_print_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_print 3"
+! .TH RSA_print 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_print, RSA_print_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_private_encrypt.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_private_encrypt.3
+*** secure/lib/libcrypto/man/RSA_private_encrypt.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_private_encrypt.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_private_encrypt 3"
+! .TH RSA_private_encrypt 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_private_encrypt, RSA_public_decrypt \- low level signature operations
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_private_encrypt 3"
+! .TH RSA_private_encrypt 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_private_encrypt, RSA_public_decrypt \- low level signature operations
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_public_encrypt.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_public_encrypt.3
+*** secure/lib/libcrypto/man/RSA_public_encrypt.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_public_encrypt.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_public_encrypt 3"
+! .TH RSA_public_encrypt 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_public_encrypt 3"
+! .TH RSA_public_encrypt 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_set_method.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_set_method.3
+*** secure/lib/libcrypto/man/RSA_set_method.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_set_method.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_set_method 3"
+! .TH RSA_set_method 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_set_method 3"
+! .TH RSA_set_method 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_sign.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_sign.3
+*** secure/lib/libcrypto/man/RSA_sign.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_sign.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign 3"
+! .TH RSA_sign 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign, RSA_verify \- \s-1RSA\s0 signatures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign 3"
+! .TH RSA_sign 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign, RSA_verify \- \s-1RSA\s0 signatures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
+*** secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign_ASN1_OCTET_STRING 3"
+! .TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign_ASN1_OCTET_STRING 3"
+! .TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_size.3 ../RELENG_4/secure/lib/libcrypto/man/RSA_size.3
+*** secure/lib/libcrypto/man/RSA_size.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/RSA_size.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:42:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_size 3"
+! .TH RSA_size 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_size \- get \s-1RSA\s0 modulus size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_size 3"
+! .TH RSA_size 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_size \- get \s-1RSA\s0 modulus size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SMIME_read_PKCS7.3 ../RELENG_4/secure/lib/libcrypto/man/SMIME_read_PKCS7.3
+*** secure/lib/libcrypto/man/SMIME_read_PKCS7.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/SMIME_read_PKCS7.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME_read_PKCS7 3"
+! .TH SMIME_read_PKCS7 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SMIME_read_PKCS7 \- parse S/MIME message.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME_read_PKCS7 3"
+! .TH SMIME_read_PKCS7 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SMIME_read_PKCS7 \- parse S/MIME message.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SMIME_write_PKCS7.3 ../RELENG_4/secure/lib/libcrypto/man/SMIME_write_PKCS7.3
+*** secure/lib/libcrypto/man/SMIME_write_PKCS7.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/SMIME_write_PKCS7.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME_write_PKCS7 3"
+! .TH SMIME_write_PKCS7 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME_write_PKCS7 3"
+! .TH SMIME_write_PKCS7 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SMIME_write_PKCS7 \- convert PKCS#7 structure to S/MIME format.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3 ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3
+*** secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_ENTRY_get_object.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_ENTRY_get_object 3"
+! .TH X509_NAME_ENTRY_get_object 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_ENTRY_get_object 3"
+! .TH X509_NAME_ENTRY_get_object 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_ENTRY_get_object, X509_NAME_ENTRY_get_data,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3 ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3
+*** secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_add_entry_by_txt.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_add_entry_by_txt 3"
+! .TH X509_NAME_add_entry_by_txt 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_add_entry_by_txt 3"
+! .TH X509_NAME_add_entry_by_txt 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_add_entry_by_txt, X509_NAME_add_entry_by_OBJ, X509_NAME_add_entry_by_NID,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3 ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3
+*** secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_get_index_by_NID.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_get_index_by_NID 3"
+! .TH X509_NAME_get_index_by_NID 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_get_index_by_NID 3"
+! .TH X509_NAME_get_index_by_NID 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_get_index_by_NID, X509_NAME_get_index_by_OBJ, X509_NAME_get_entry,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/X509_NAME_print_ex.3 ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_print_ex.3
+*** secure/lib/libcrypto/man/X509_NAME_print_ex.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/X509_NAME_print_ex.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_print_ex 3"
+! .TH X509_NAME_print_ex 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_NAME_print_ex 3"
+! .TH X509_NAME_print_ex 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_NAME_print_ex, X509_NAME_print_ex_fp, X509_NAME_print,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/X509_new.3 ../RELENG_4/secure/lib/libcrypto/man/X509_new.3
+*** secure/lib/libcrypto/man/X509_new.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/X509_new.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_new 3"
+! .TH X509_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_new, X509_free \- X509 certificate \s-1ASN1\s0 allocation functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509_new 3"
+! .TH X509_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  X509_new, X509_free \- X509 certificate \s-1ASN1\s0 allocation functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/bio.3 ../RELENG_4/secure/lib/libcrypto/man/bio.3
+*** secure/lib/libcrypto/man/bio.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/bio.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "bio 3"
+! .TH bio 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bio \- I/O abstraction
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "bio 3"
+! .TH bio 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bio \- I/O abstraction
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/blowfish.3 ../RELENG_4/secure/lib/libcrypto/man/blowfish.3
+*** secure/lib/libcrypto/man/blowfish.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/blowfish.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "blowfish 3"
+! .TH blowfish 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "blowfish 3"
+! .TH blowfish 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/bn.3 ../RELENG_4/secure/lib/libcrypto/man/bn.3
+*** secure/lib/libcrypto/man/bn.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/bn.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "bn 3"
+! .TH bn 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn \- multiprecision integer arithmetics
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "bn 3"
+! .TH bn 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn \- multiprecision integer arithmetics
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/bn_internal.3 ../RELENG_4/secure/lib/libcrypto/man/bn_internal.3
+*** secure/lib/libcrypto/man/bn_internal.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/bn_internal.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "bn_internal 3"
+! .TH bn_internal 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "bn_internal 3"
+! .TH bn_internal 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/buffer.3 ../RELENG_4/secure/lib/libcrypto/man/buffer.3
+*** secure/lib/libcrypto/man/buffer.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/buffer.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "buffer 3"
+! .TH buffer 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "buffer 3"
+! .TH buffer 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/crypto.3 ../RELENG_4/secure/lib/libcrypto/man/crypto.3
+*** secure/lib/libcrypto/man/crypto.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/crypto.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "crypto 3"
+! .TH crypto 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crypto \- OpenSSL cryptographic library
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "crypto 3"
+! .TH crypto 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crypto \- OpenSSL cryptographic library
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3
+*** secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_ASN1_OBJECT.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_ASN1_OBJECT 3"
+! .TH d2i_ASN1_OBJECT 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_ASN1_OBJECT 3"
+! .TH d2i_ASN1_OBJECT 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_ASN1_OBJECT, i2d_ASN1_OBJECT \- \s-1ASN1\s0 \s-1OBJECT\s0 \s-1IDENTIFIER\s0 functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_DHparams.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_DHparams.3
+*** secure/lib/libcrypto/man/d2i_DHparams.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_DHparams.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_DHparams 3"
+! .TH d2i_DHparams 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_DHparams, i2d_DHparams \- PKCS#3 \s-1DH\s0 parameter functions.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_DHparams 3"
+! .TH d2i_DHparams 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_DHparams, i2d_DHparams \- PKCS#3 \s-1DH\s0 parameter functions.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_DSAPublicKey.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_DSAPublicKey.3
+*** secure/lib/libcrypto/man/d2i_DSAPublicKey.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_DSAPublicKey.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_DSAPublicKey 3"
+! .TH d2i_DSAPublicKey 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_DSAPublicKey 3"
+! .TH d2i_DSAPublicKey 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_DSAPublicKey, i2d_DSAPublicKey, d2i_DSAPrivateKey, i2d_DSAPrivateKey,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3
+*** secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_PKCS8PrivateKey.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_PKCS8PrivateKey 3"
+! .TH d2i_PKCS8PrivateKey 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_PKCS8PrivateKey 3"
+! .TH d2i_PKCS8PrivateKey 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_PKCS8PrivateKey_bio, d2i_PKCS8PrivateKey_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_RSAPublicKey.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
+*** secure/lib/libcrypto/man/d2i_RSAPublicKey.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_RSAPublicKey.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_RSAPublicKey 3"
+! .TH d2i_RSAPublicKey 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_RSAPublicKey 3"
+! .TH d2i_RSAPublicKey 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509.3
+*** secure/lib/libcrypto/man/d2i_X509.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509 3"
+! .TH d2i_X509 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509 3"
+! .TH d2i_X509 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509, i2d_X509, d2i_X509_bio, d2i_X509_fp, i2d_X509_bio,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509_ALGOR.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_ALGOR.3
+*** secure/lib/libcrypto/man/d2i_X509_ALGOR.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_ALGOR.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_ALGOR 3"
+! .TH d2i_X509_ALGOR 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_ALGOR 3"
+! .TH d2i_X509_ALGOR 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_ALGOR, i2d_X509_ALGOR \- AlgorithmIdentifier functions.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509_CRL.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_CRL.3
+*** secure/lib/libcrypto/man/d2i_X509_CRL.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_CRL.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_CRL 3"
+! .TH d2i_X509_CRL 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_CRL 3"
+! .TH d2i_X509_CRL 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_CRL, i2d_X509_CRL, d2i_X509_CRL_bio, d2i_509_CRL_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509_NAME.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_NAME.3
+*** secure/lib/libcrypto/man/d2i_X509_NAME.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_NAME.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_NAME 3"
+! .TH d2i_X509_NAME 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_NAME 3"
+! .TH d2i_X509_NAME 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_NAME, i2d_X509_NAME \- X509_NAME encoding functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509_REQ.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_REQ.3
+*** secure/lib/libcrypto/man/d2i_X509_REQ.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_REQ.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_REQ 3"
+! .TH d2i_X509_REQ 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_REQ 3"
+! .TH d2i_X509_REQ 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_REQ, i2d_X509_REQ, d2i_X509_REQ_bio, d2i_X509_REQ_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_X509_SIG.3 ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_SIG.3
+*** secure/lib/libcrypto/man/d2i_X509_SIG.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/d2i_X509_SIG.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_SIG 3"
+! .TH d2i_X509_SIG 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_X509_SIG 3"
+! .TH d2i_X509_SIG 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_X509_SIG, i2d_X509_SIG \- DigestInfo functions.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/des.3 ../RELENG_4/secure/lib/libcrypto/man/des.3
+*** secure/lib/libcrypto/man/des.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/des.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "des 3"
+! .TH des 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "des 3"
+! .TH des 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DES_random_key, DES_set_key, DES_key_sched, DES_set_key_checked,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/dh.3 ../RELENG_4/secure/lib/libcrypto/man/dh.3
+*** secure/lib/libcrypto/man/dh.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/dh.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "dh 3"
+! .TH dh 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dh \- Diffie-Hellman key agreement
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "dh 3"
+! .TH dh 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dh \- Diffie-Hellman key agreement
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/dsa.3 ../RELENG_4/secure/lib/libcrypto/man/dsa.3
+*** secure/lib/libcrypto/man/dsa.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/dsa.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "dsa 3"
+! .TH dsa 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- Digital Signature Algorithm
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "dsa 3"
+! .TH dsa 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- Digital Signature Algorithm
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/engine.3 ../RELENG_4/secure/lib/libcrypto/man/engine.3
+*** secure/lib/libcrypto/man/engine.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/engine.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "engine 3"
+! .TH engine 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  engine \- \s-1ENGINE\s0 cryptographic module support
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "engine 3"
+! .TH engine 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  engine \- \s-1ENGINE\s0 cryptographic module support
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/err.3 ../RELENG_4/secure/lib/libcrypto/man/err.3
+*** secure/lib/libcrypto/man/err.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/err.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "err 3"
+! .TH err 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  err \- error codes
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "err 3"
+! .TH err 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  err \- error codes
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/evp.3 ../RELENG_4/secure/lib/libcrypto/man/evp.3
+*** secure/lib/libcrypto/man/evp.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/evp.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "evp 3"
+! .TH evp 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  evp \- high-level cryptographic functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "evp 3"
+! .TH evp 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  evp \- high-level cryptographic functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/hmac.3 ../RELENG_4/secure/lib/libcrypto/man/hmac.3
+*** secure/lib/libcrypto/man/hmac.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/hmac.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "hmac 3"
+! .TH hmac 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "hmac 3"
+! .TH hmac 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/lh_stats.3 ../RELENG_4/secure/lib/libcrypto/man/lh_stats.3
+*** secure/lib/libcrypto/man/lh_stats.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/lh_stats.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "lh_stats 3"
+! .TH lh_stats 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "lh_stats 3"
+! .TH lh_stats 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/lhash.3 ../RELENG_4/secure/lib/libcrypto/man/lhash.3
+*** secure/lib/libcrypto/man/lhash.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/lhash.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "lhash 3"
+! .TH lhash 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error \- dynamic hash table
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "lhash 3"
+! .TH lhash 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall, lh_doall_arg, lh_error \- dynamic hash table
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/md5.3 ../RELENG_4/secure/lib/libcrypto/man/md5.3
+*** secure/lib/libcrypto/man/md5.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/md5.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "md5 3"
+! .TH md5 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "md5 3"
+! .TH md5 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/mdc2.3 ../RELENG_4/secure/lib/libcrypto/man/mdc2.3
+*** secure/lib/libcrypto/man/mdc2.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/mdc2.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "mdc2 3"
+! .TH mdc2 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "mdc2 3"
+! .TH mdc2 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/pem.3 ../RELENG_4/secure/lib/libcrypto/man/pem.3
+*** secure/lib/libcrypto/man/pem.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/pem.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "pem 3"
+! .TH pem 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1PEM\s0 \- \s-1PEM\s0 routines
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "pem 3"
+! .TH pem 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1PEM\s0 \- \s-1PEM\s0 routines
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rand.3 ../RELENG_4/secure/lib/libcrypto/man/rand.3
+*** secure/lib/libcrypto/man/rand.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/rand.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "rand 3"
+! .TH rand 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- pseudo-random number generator
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "rand 3"
+! .TH rand 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- pseudo-random number generator
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rc4.3 ../RELENG_4/secure/lib/libcrypto/man/rc4.3
+*** secure/lib/libcrypto/man/rc4.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/rc4.3	Mon Feb 24 21:15:47 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "rc4 3"
+! .TH rc4 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "rc4 3"
+! .TH rc4 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ripemd.3 ../RELENG_4/secure/lib/libcrypto/man/ripemd.3
+*** secure/lib/libcrypto/man/ripemd.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ripemd.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ripemd 3"
+! .TH ripemd 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ripemd 3"
+! .TH ripemd 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rsa.3 ../RELENG_4/secure/lib/libcrypto/man/rsa.3
+*** secure/lib/libcrypto/man/rsa.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/rsa.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "rsa 3"
+! .TH rsa 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 public key cryptosystem
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "rsa 3"
+! .TH rsa 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 public key cryptosystem
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/sha.3 ../RELENG_4/secure/lib/libcrypto/man/sha.3
+*** secure/lib/libcrypto/man/sha.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/sha.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "sha 3"
+! .TH sha 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "sha 3"
+! .TH sha 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/threads.3 ../RELENG_4/secure/lib/libcrypto/man/threads.3
+*** secure/lib/libcrypto/man/threads.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/threads.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:07 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "threads 3"
+! .TH threads 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "threads 3"
+! .TH threads 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ui.3 ../RELENG_4/secure/lib/libcrypto/man/ui.3
+*** secure/lib/libcrypto/man/ui.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ui.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:07 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ui 3"
+! .TH ui 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ui 3"
+! .TH ui 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  UI_new, UI_new_method, UI_free, UI_add_input_string, UI_dup_input_string,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ui_compat.3 ../RELENG_4/secure/lib/libcrypto/man/ui_compat.3
+*** secure/lib/libcrypto/man/ui_compat.3	Mon Feb 24 20:43:38 2003
+--- ../RELENG_4/secure/lib/libcrypto/man/ui_compat.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:43:07 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ui_compat 3"
+! .TH ui_compat 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ui_compat 3"
+! .TH ui_compat 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  des_read_password, des_read_2passwords, des_read_pw_string, des_read_pw \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CIPHER_get_name.3 ../RELENG_4/secure/lib/libssl/man/SSL_CIPHER_get_name.3
+*** secure/lib/libssl/man/SSL_CIPHER_get_name.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CIPHER_get_name.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CIPHER_get_name 3"
+! .TH SSL_CIPHER_get_name 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CIPHER_get_name 3"
+! .TH SSL_CIPHER_get_name 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_COMP_add_compression_method.3 ../RELENG_4/secure/lib/libssl/man/SSL_COMP_add_compression_method.3
+*** secure/lib/libssl/man/SSL_COMP_add_compression_method.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_COMP_add_compression_method.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_COMP_add_compression_method 3"
+! .TH SSL_COMP_add_compression_method 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_COMP_add_compression_method 3"
+! .TH SSL_COMP_add_compression_method 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
+*** secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_extra_chain_cert 3"
+! .TH SSL_CTX_add_extra_chain_cert 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_extra_chain_cert \- add certificate to chain
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_extra_chain_cert 3"
+! .TH SSL_CTX_add_extra_chain_cert 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_extra_chain_cert \- add certificate to chain
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_add_session.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_add_session.3
+*** secure/lib/libssl/man/SSL_CTX_add_session.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_add_session.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_session 3"
+! .TH SSL_CTX_add_session 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_session 3"
+! .TH SSL_CTX_add_session 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_ctrl.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_ctrl.3
+*** secure/lib/libssl/man/SSL_CTX_ctrl.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_ctrl.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_ctrl 3"
+! .TH SSL_CTX_ctrl 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_ctrl 3"
+! .TH SSL_CTX_ctrl 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_flush_sessions.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_flush_sessions.3
+*** secure/lib/libssl/man/SSL_CTX_flush_sessions.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_flush_sessions.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_flush_sessions 3"
+! .TH SSL_CTX_flush_sessions 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_flush_sessions 3"
+! .TH SSL_CTX_flush_sessions 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_free.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_free.3
+*** secure/lib/libssl/man/SSL_CTX_free.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_free.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:20 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_free 3"
+! .TH SSL_CTX_free 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_free 3"
+! .TH SSL_CTX_free 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3
+*** secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_get_ex_new_index.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:20 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_ex_new_index 3"
+! .TH SSL_CTX_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_ex_new_index 3"
+! .TH SSL_CTX_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_get_verify_mode.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3
+*** secure/lib/libssl/man/SSL_CTX_get_verify_mode.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_get_verify_mode.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_verify_mode 3"
+! .TH SSL_CTX_get_verify_mode 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_verify_mode 3"
+! .TH SSL_CTX_get_verify_mode 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_load_verify_locations.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3
+*** secure/lib/libssl/man/SSL_CTX_load_verify_locations.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_load_verify_locations.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_load_verify_locations 3"
+! .TH SSL_CTX_load_verify_locations 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_load_verify_locations 3"
+! .TH SSL_CTX_load_verify_locations 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_new.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_new.3
+*** secure/lib/libssl/man/SSL_CTX_new.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_new.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_new 3"
+! .TH SSL_CTX_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_new 3"
+! .TH SSL_CTX_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_sess_number.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_number.3
+*** secure/lib/libssl/man/SSL_CTX_sess_number.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_number.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_number 3"
+! .TH SSL_CTX_sess_number 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_number 3"
+! .TH SSL_CTX_sess_number 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
+*** secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_set_cache_size.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_cache_size 3"
+! .TH SSL_CTX_sess_set_cache_size 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_cache_size 3"
+! .TH SSL_CTX_sess_set_cache_size 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
+*** secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sess_set_get_cb.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_get_cb 3"
+! .TH SSL_CTX_sess_set_get_cb 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_get_cb 3"
+! .TH SSL_CTX_sess_set_get_cb 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_sessions.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sessions.3
+*** secure/lib/libssl/man/SSL_CTX_sessions.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_sessions.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sessions 3"
+! .TH SSL_CTX_sessions 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sessions \- access internal session cache
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sessions 3"
+! .TH SSL_CTX_sessions 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sessions \- access internal session cache
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_cert_store.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cert_store.3
+*** secure/lib/libssl/man/SSL_CTX_set_cert_store.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cert_store.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_store 3"
+! .TH SSL_CTX_set_cert_store 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_store 3"
+! .TH SSL_CTX_set_cert_store 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
+*** secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_verify_callback 3"
+! .TH SSL_CTX_set_cert_verify_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_verify_callback 3"
+! .TH SSL_CTX_set_cert_verify_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_cipher_list.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3
+*** secure/lib/libssl/man/SSL_CTX_set_cipher_list.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_cipher_list.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cipher_list 3"
+! .TH SSL_CTX_set_cipher_list 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cipher_list 3"
+! .TH SSL_CTX_set_cipher_list 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3
+*** secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_client_CA_list.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_CA_list 3"
+! .TH SSL_CTX_set_client_CA_list 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_CA_list 3"
+! .TH SSL_CTX_set_client_CA_list 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
+*** secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_client_cert_cb.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_cert_cb 3"
+! .TH SSL_CTX_set_client_cert_cb 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_cert_cb 3"
+! .TH SSL_CTX_set_client_cert_cb 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
+*** secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_default_passwd_cb 3"
+! .TH SSL_CTX_set_default_passwd_cb 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_default_passwd_cb 3"
+! .TH SSL_CTX_set_default_passwd_cb 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3
+*** secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_generate_session_id.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_generate_session_id 3"
+! .TH SSL_CTX_set_generate_session_id 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of \s-1SSL\s0 session IDs (server only)
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_generate_session_id 3"
+! .TH SSL_CTX_set_generate_session_id 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_generate_session_id, SSL_set_generate_session_id, SSL_has_matching_session_id \- manipulate generation of \s-1SSL\s0 session IDs (server only)
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_info_callback.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_info_callback.3
+*** secure/lib/libssl/man/SSL_CTX_set_info_callback.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_info_callback.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_info_callback 3"
+! .TH SSL_CTX_set_info_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_info_callback 3"
+! .TH SSL_CTX_set_info_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3
+*** secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_max_cert_list.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_max_cert_list 3"
+! .TH SSL_CTX_set_max_cert_list 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, \- manipulate allowed for the peer's certificate chain
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_max_cert_list 3"
+! .TH SSL_CTX_set_max_cert_list 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_max_cert_list, SSL_CTX_get_max_cert_list, SSL_set_max_cert_list, SSL_get_max_cert_list, \- manipulate allowed for the peer's certificate chain
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_mode.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_mode.3
+*** secure/lib/libssl/man/SSL_CTX_set_mode.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_mode.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_mode 3"
+! .TH SSL_CTX_set_mode 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_mode 3"
+! .TH SSL_CTX_set_mode 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_msg_callback.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3
+*** secure/lib/libssl/man/SSL_CTX_set_msg_callback.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_msg_callback.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_msg_callback 3"
+! .TH SSL_CTX_set_msg_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg \- install callback for observing protocol messages
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_msg_callback 3"
+! .TH SSL_CTX_set_msg_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_msg_callback, SSL_CTX_set_msg_callback_arg, SSL_set_msg_callback, SSL_get_msg_callback_arg \- install callback for observing protocol messages
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_options.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_options.3
+*** secure/lib/libssl/man/SSL_CTX_set_options.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_options.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_options 3"
+! .TH SSL_CTX_set_options 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_options 3"
+! .TH SSL_CTX_set_options 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
+*** secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_quiet_shutdown 3"
+! .TH SSL_CTX_set_quiet_shutdown 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_quiet_shutdown 3"
+! .TH SSL_CTX_set_quiet_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
+*** secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_session_cache_mode.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_cache_mode 3"
+! .TH SSL_CTX_set_session_cache_mode 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_cache_mode 3"
+! .TH SSL_CTX_set_session_cache_mode 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_session_id_context.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3
+*** secure/lib/libssl/man/SSL_CTX_set_session_id_context.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_session_id_context.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_id_context 3"
+! .TH SSL_CTX_set_session_id_context 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only)
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_id_context 3"
+! .TH SSL_CTX_set_session_id_context 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only)
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_ssl_version.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3
+*** secure/lib/libssl/man/SSL_CTX_set_ssl_version.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_ssl_version.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_ssl_version 3"
+! .TH SSL_CTX_set_ssl_version 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_ssl_version 3"
+! .TH SSL_CTX_set_ssl_version 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_timeout.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_timeout.3
+*** secure/lib/libssl/man/SSL_CTX_set_timeout.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_timeout.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_timeout 3"
+! .TH SSL_CTX_set_timeout 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_timeout 3"
+! .TH SSL_CTX_set_timeout 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+*** secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_dh_callback 3"
+! .TH SSL_CTX_set_tmp_dh_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_dh_callback 3"
+! .TH SSL_CTX_set_tmp_dh_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
+*** secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_rsa_callback 3"
+! .TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_rsa_callback 3"
+! .TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_set_verify.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_verify.3
+*** secure/lib/libssl/man/SSL_CTX_set_verify.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_set_verify.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_verify 3"
+! .TH SSL_CTX_set_verify 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_verify 3"
+! .TH SSL_CTX_set_verify 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_CTX_use_certificate.3 ../RELENG_4/secure/lib/libssl/man/SSL_CTX_use_certificate.3
+*** secure/lib/libssl/man/SSL_CTX_use_certificate.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_CTX_use_certificate.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_use_certificate 3"
+! .TH SSL_CTX_use_certificate 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_use_certificate 3"
+! .TH SSL_CTX_use_certificate 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_SESSION_free.3 ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_free.3
+*** secure/lib/libssl/man/SSL_SESSION_free.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_free.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_free 3"
+! .TH SSL_SESSION_free 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_free 3"
+! .TH SSL_SESSION_free 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
+*** secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_get_ex_new_index.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_ex_new_index 3"
+! .TH SSL_SESSION_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_ex_new_index 3"
+! .TH SSL_SESSION_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_SESSION_get_time.3 ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_get_time.3
+*** secure/lib/libssl/man/SSL_SESSION_get_time.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_SESSION_get_time.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_time 3"
+! .TH SSL_SESSION_get_time 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_time 3"
+! .TH SSL_SESSION_get_time 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_accept.3 ../RELENG_4/secure/lib/libssl/man/SSL_accept.3
+*** secure/lib/libssl/man/SSL_accept.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_accept.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_accept 3"
+! .TH SSL_accept 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_accept 3"
+! .TH SSL_accept 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_alert_type_string.3 ../RELENG_4/secure/lib/libssl/man/SSL_alert_type_string.3
+*** secure/lib/libssl/man/SSL_alert_type_string.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_alert_type_string.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_alert_type_string 3"
+! .TH SSL_alert_type_string 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_alert_type_string 3"
+! .TH SSL_alert_type_string 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_clear.3 ../RELENG_4/secure/lib/libssl/man/SSL_clear.3
+*** secure/lib/libssl/man/SSL_clear.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_clear.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_clear 3"
+! .TH SSL_clear 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_clear \- reset \s-1SSL\s0 object to allow another connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_clear 3"
+! .TH SSL_clear 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_clear \- reset \s-1SSL\s0 object to allow another connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_connect.3 ../RELENG_4/secure/lib/libssl/man/SSL_connect.3
+*** secure/lib/libssl/man/SSL_connect.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_connect.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_connect 3"
+! .TH SSL_connect 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_connect 3"
+! .TH SSL_connect 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_do_handshake.3 ../RELENG_4/secure/lib/libssl/man/SSL_do_handshake.3
+*** secure/lib/libssl/man/SSL_do_handshake.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_do_handshake.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_do_handshake 3"
+! .TH SSL_do_handshake 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_do_handshake 3"
+! .TH SSL_do_handshake 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_free.3 ../RELENG_4/secure/lib/libssl/man/SSL_free.3
+*** secure/lib/libssl/man/SSL_free.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_free.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_free 3"
+! .TH SSL_free 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_free \- free an allocated \s-1SSL\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_free 3"
+! .TH SSL_free 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_free \- free an allocated \s-1SSL\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_SSL_CTX.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_SSL_CTX.3
+*** secure/lib/libssl/man/SSL_get_SSL_CTX.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_SSL_CTX.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_SSL_CTX 3"
+! .TH SSL_get_SSL_CTX 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_SSL_CTX 3"
+! .TH SSL_get_SSL_CTX 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_ciphers.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_ciphers.3
+*** secure/lib/libssl/man/SSL_get_ciphers.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_ciphers.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ciphers 3"
+! .TH SSL_get_ciphers 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ciphers 3"
+! .TH SSL_get_ciphers 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_client_CA_list.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_client_CA_list.3
+*** secure/lib/libssl/man/SSL_get_client_CA_list.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_client_CA_list.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_client_CA_list 3"
+! .TH SSL_get_client_CA_list 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_client_CA_list 3"
+! .TH SSL_get_client_CA_list 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_current_cipher.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_current_cipher.3
+*** secure/lib/libssl/man/SSL_get_current_cipher.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_current_cipher.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_current_cipher 3"
+! .TH SSL_get_current_cipher 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_current_cipher 3"
+! .TH SSL_get_current_cipher 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_default_timeout.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_default_timeout.3
+*** secure/lib/libssl/man/SSL_get_default_timeout.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_default_timeout.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:45 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_default_timeout 3"
+! .TH SSL_get_default_timeout 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_default_timeout \- get default session timeout value
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_default_timeout 3"
+! .TH SSL_get_default_timeout 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_default_timeout \- get default session timeout value
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_error.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_error.3
+*** secure/lib/libssl/man/SSL_get_error.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_error.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_error 3"
+! .TH SSL_get_error 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_error 3"
+! .TH SSL_get_error 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
+*** secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
+! .TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
+! .TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_ex_new_index.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_ex_new_index.3
+*** secure/lib/libssl/man/SSL_get_ex_new_index.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_ex_new_index.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_new_index 3"
+! .TH SSL_get_ex_new_index 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_new_index 3"
+! .TH SSL_get_ex_new_index 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_fd.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_fd.3
+*** secure/lib/libssl/man/SSL_get_fd.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_fd.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_fd 3"
+! .TH SSL_get_fd 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_fd 3"
+! .TH SSL_get_fd 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_peer_cert_chain.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_peer_cert_chain.3
+*** secure/lib/libssl/man/SSL_get_peer_cert_chain.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_peer_cert_chain.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:46 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_cert_chain 3"
+! .TH SSL_get_peer_cert_chain 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_cert_chain 3"
+! .TH SSL_get_peer_cert_chain 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_peer_certificate.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_peer_certificate.3
+*** secure/lib/libssl/man/SSL_get_peer_certificate.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_peer_certificate.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_certificate 3"
+! .TH SSL_get_peer_certificate 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_certificate \- get the X509 certificate of the peer
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_certificate 3"
+! .TH SSL_get_peer_certificate 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_certificate \- get the X509 certificate of the peer
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_rbio.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_rbio.3
+*** secure/lib/libssl/man/SSL_get_rbio.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_rbio.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_rbio 3"
+! .TH SSL_get_rbio 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_rbio 3"
+! .TH SSL_get_rbio 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_session.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_session.3
+*** secure/lib/libssl/man/SSL_get_session.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_session.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_session 3"
+! .TH SSL_get_session 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_session 3"
+! .TH SSL_get_session 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_verify_result.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_verify_result.3
+*** secure/lib/libssl/man/SSL_get_verify_result.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_verify_result.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_verify_result 3"
+! .TH SSL_get_verify_result 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_verify_result \- get result of peer certificate verification
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_verify_result 3"
+! .TH SSL_get_verify_result 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_verify_result \- get result of peer certificate verification
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_get_version.3 ../RELENG_4/secure/lib/libssl/man/SSL_get_version.3
+*** secure/lib/libssl/man/SSL_get_version.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_get_version.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_version 3"
+! .TH SSL_get_version 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_version \- get the protocol version of a connection.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_version 3"
+! .TH SSL_get_version 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_version \- get the protocol version of a connection.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_library_init.3 ../RELENG_4/secure/lib/libssl/man/SSL_library_init.3
+*** secure/lib/libssl/man/SSL_library_init.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_library_init.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:47 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_library_init 3"
+! .TH SSL_library_init 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_library_init 3"
+! .TH SSL_library_init 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_load_client_CA_file.3 ../RELENG_4/secure/lib/libssl/man/SSL_load_client_CA_file.3
+*** secure/lib/libssl/man/SSL_load_client_CA_file.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_load_client_CA_file.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_load_client_CA_file 3"
+! .TH SSL_load_client_CA_file 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_load_client_CA_file \- load certificate names from file
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_load_client_CA_file 3"
+! .TH SSL_load_client_CA_file 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_load_client_CA_file \- load certificate names from file
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_new.3 ../RELENG_4/secure/lib/libssl/man/SSL_new.3
+*** secure/lib/libssl/man/SSL_new.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_new.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_new 3"
+! .TH SSL_new 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_new \- create a new \s-1SSL\s0 structure for a connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_new 3"
+! .TH SSL_new 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_new \- create a new \s-1SSL\s0 structure for a connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_pending.3 ../RELENG_4/secure/lib/libssl/man/SSL_pending.3
+*** secure/lib/libssl/man/SSL_pending.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_pending.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_pending 3"
+! .TH SSL_pending 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_pending 3"
+! .TH SSL_pending 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_read.3 ../RELENG_4/secure/lib/libssl/man/SSL_read.3
+*** secure/lib/libssl/man/SSL_read.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_read.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_read 3"
+! .TH SSL_read 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_read 3"
+! .TH SSL_read 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_rstate_string.3 ../RELENG_4/secure/lib/libssl/man/SSL_rstate_string.3
+*** secure/lib/libssl/man/SSL_rstate_string.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_rstate_string.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_rstate_string 3"
+! .TH SSL_rstate_string 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_rstate_string 3"
+! .TH SSL_rstate_string 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_session_reused.3 ../RELENG_4/secure/lib/libssl/man/SSL_session_reused.3
+*** secure/lib/libssl/man/SSL_session_reused.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_session_reused.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:48 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_session_reused 3"
+! .TH SSL_session_reused 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_session_reused \- query whether a reused session was negotiated during handshake
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_session_reused 3"
+! .TH SSL_session_reused 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_session_reused \- query whether a reused session was negotiated during handshake
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_bio.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_bio.3
+*** secure/lib/libssl/man/SSL_set_bio.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_bio.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_bio 3"
+! .TH SSL_set_bio 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_bio 3"
+! .TH SSL_set_bio 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_connect_state.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_connect_state.3
+*** secure/lib/libssl/man/SSL_set_connect_state.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_connect_state.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_connect_state 3"
+! .TH SSL_set_connect_state 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_connect_state 3"
+! .TH SSL_set_connect_state 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_fd.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_fd.3
+*** secure/lib/libssl/man/SSL_set_fd.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_fd.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_fd 3"
+! .TH SSL_set_fd 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_fd 3"
+! .TH SSL_set_fd 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_session.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_session.3
+*** secure/lib/libssl/man/SSL_set_session.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_session.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_session 3"
+! .TH SSL_set_session 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_session 3"
+! .TH SSL_set_session 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_shutdown.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_shutdown.3
+*** secure/lib/libssl/man/SSL_set_shutdown.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_shutdown.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_shutdown 3"
+! .TH SSL_set_shutdown 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_shutdown 3"
+! .TH SSL_set_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_set_verify_result.3 ../RELENG_4/secure/lib/libssl/man/SSL_set_verify_result.3
+*** secure/lib/libssl/man/SSL_set_verify_result.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_set_verify_result.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_verify_result 3"
+! .TH SSL_set_verify_result 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_verify_result \- override result of peer certificate verification
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_verify_result 3"
+! .TH SSL_set_verify_result 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_verify_result \- override result of peer certificate verification
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_shutdown.3 ../RELENG_4/secure/lib/libssl/man/SSL_shutdown.3
+*** secure/lib/libssl/man/SSL_shutdown.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_shutdown.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:49 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_shutdown 3"
+! .TH SSL_shutdown 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_shutdown 3"
+! .TH SSL_shutdown 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_state_string.3 ../RELENG_4/secure/lib/libssl/man/SSL_state_string.3
+*** secure/lib/libssl/man/SSL_state_string.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_state_string.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_state_string 3"
+! .TH SSL_state_string 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_state_string 3"
+! .TH SSL_state_string 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_want.3 ../RELENG_4/secure/lib/libssl/man/SSL_want.3
+*** secure/lib/libssl/man/SSL_want.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_want.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_want 3"
+! .TH SSL_want 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_want 3"
+! .TH SSL_want 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/SSL_write.3 ../RELENG_4/secure/lib/libssl/man/SSL_write.3
+*** secure/lib/libssl/man/SSL_write.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/SSL_write.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_write 3"
+! .TH SSL_write 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_write 3"
+! .TH SSL_write 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/d2i_SSL_SESSION.3 ../RELENG_4/secure/lib/libssl/man/d2i_SSL_SESSION.3
+*** secure/lib/libssl/man/d2i_SSL_SESSION.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/d2i_SSL_SESSION.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_SSL_SESSION 3"
+! .TH d2i_SSL_SESSION 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_SSL_SESSION 3"
+! .TH d2i_SSL_SESSION 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libssl/man/ssl.3 ../RELENG_4/secure/lib/libssl/man/ssl.3
+*** secure/lib/libssl/man/ssl.3	Mon Feb 24 20:43:39 2003
+--- ../RELENG_4/secure/lib/libssl/man/ssl.3	Mon Feb 24 21:15:48 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:02:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:47:50 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ssl 3"
+! .TH ssl 3 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ssl 3"
+! .TH ssl 3 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/CA.pl.1 ../RELENG_4/secure/usr.bin/openssl/man/CA.pl.1
+*** secure/usr.bin/openssl/man/CA.pl.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/CA.pl.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CA.PL 1"
+! .TH CA.PL 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CA.PL 1"
+! .TH CA.PL 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/asn1parse.1 ../RELENG_4/secure/usr.bin/openssl/man/asn1parse.1
+*** secure/usr.bin/openssl/man/asn1parse.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/asn1parse.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1PARSE 1"
+! .TH ASN1PARSE 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  asn1parse \- \s-1ASN\s0.1 parsing tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1PARSE 1"
+! .TH ASN1PARSE 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  asn1parse \- \s-1ASN\s0.1 parsing tool
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/ca.1 ../RELENG_4/secure/usr.bin/openssl/man/ca.1
+*** secure/usr.bin/openssl/man/ca.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/ca.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CA 1"
+! .TH CA 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ca \- sample minimal \s-1CA\s0 application
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CA 1"
+! .TH CA 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ca \- sample minimal \s-1CA\s0 application
+***************
+*** 180,185 ****
+--- 180,186 ----
+  [\fB\-msie_hack\fR]
+  [\fB\-extensions section\fR]
+  [\fB\-extfile section\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBca\fR command is a minimal \s-1CA\s0 application. It can be used
+***************
+*** 303,308 ****
+--- 304,315 ----
+  an additional configuration file to read certificate extensions from
+  (using the default section unless the \fB\-extensions\fR option is also
+  used).
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "CRL OPTIONS"
+  .IX Header "CRL OPTIONS"
+  .Ip "\fB\-gencrl\fR" 4
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/ciphers.1 ../RELENG_4/secure/usr.bin/openssl/man/ciphers.1
+*** secure/usr.bin/openssl/man/ciphers.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/ciphers.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:53 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CIPHERS 1"
+! .TH CIPHERS 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ciphers \- \s-1SSL\s0 cipher display and cipher list tool.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CIPHERS 1"
+! .TH CIPHERS 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ciphers \- \s-1SSL\s0 cipher display and cipher list tool.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/crl.1 ../RELENG_4/secure/usr.bin/openssl/man/crl.1
+*** secure/usr.bin/openssl/man/crl.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/crl.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL 1"
+! .TH CRL 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl \- \s-1CRL\s0 utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL 1"
+! .TH CRL 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl \- \s-1CRL\s0 utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/crl2pkcs7.1 ../RELENG_4/secure/usr.bin/openssl/man/crl2pkcs7.1
+*** secure/usr.bin/openssl/man/crl2pkcs7.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/crl2pkcs7.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL2PKCS7 1"
+! .TH CRL2PKCS7 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL2PKCS7 1"
+! .TH CRL2PKCS7 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/dgst.1 ../RELENG_4/secure/usr.bin/openssl/man/dgst.1
+*** secure/usr.bin/openssl/man/dgst.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/dgst.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DGST 1"
+! .TH DGST 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DGST 1"
+! .TH DGST 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/dhparam.1 ../RELENG_4/secure/usr.bin/openssl/man/dhparam.1
+*** secure/usr.bin/openssl/man/dhparam.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/dhparam.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DHPARAM 1"
+! .TH DHPARAM 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dhparam \- \s-1DH\s0 parameter manipulation and generation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DHPARAM 1"
+! .TH DHPARAM 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dhparam \- \s-1DH\s0 parameter manipulation and generation
+***************
+*** 156,161 ****
+--- 156,162 ----
+  [\fB\-2\fR]
+  [\fB\-5\fR]
+  [\fB\-rand\fR \fI\fIfile\fI\|(s)\fR]
++ [\fB\-engine id\fR]
+  [\fInumbits\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+***************
+*** 219,224 ****
+--- 220,231 ----
+  .IX Item "-C"
+  this option converts the parameters into C code. The parameters can then
+  be loaded by calling the \fBget_dh\fR\fInumbits\fR\fB()\fR function.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "WARNINGS"
+  .IX Header "WARNINGS"
+  The program \fBdhparam\fR combines the functionality of the programs \fBdh\fR and
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/dsa.1 ../RELENG_4/secure/usr.bin/openssl/man/dsa.1
+*** secure/usr.bin/openssl/man/dsa.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/dsa.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:54 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA 1"
+! .TH DSA 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- \s-1DSA\s0 key processing
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA 1"
+! .TH DSA 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- \s-1DSA\s0 key processing
+***************
+*** 159,164 ****
+--- 159,165 ----
+  [\fB\-modulus\fR]
+  [\fB\-pubin\fR]
+  [\fB\-pubout\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBdsa\fR command processes \s-1DSA\s0 keys. They can be converted between various
+***************
+*** 228,233 ****
+--- 229,240 ----
+  by default a private key is output. With this option a public
+  key will be output instead. This option is automatically set if the input is
+  a public key.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "NOTES"
+  .IX Header "NOTES"
+  The \s-1PEM\s0 private key format uses the header and footer lines:
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/dsaparam.1 ../RELENG_4/secure/usr.bin/openssl/man/dsaparam.1
+*** secure/usr.bin/openssl/man/dsaparam.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/dsaparam.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSAPARAM 1"
+! .TH DSAPARAM 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsaparam \- \s-1DSA\s0 parameter manipulation and generation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSAPARAM 1"
+! .TH DSAPARAM 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsaparam \- \s-1DSA\s0 parameter manipulation and generation
+***************
+*** 154,159 ****
+--- 154,160 ----
+  [\fB\-C\fR]
+  [\fB\-rand \f(BIfile\fB\|(s)\fR]
+  [\fB\-genkey\fR]
++ [\fB\-engine id\fR]
+  [\fBnumbits\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+***************
+*** 206,211 ****
+--- 207,218 ----
+  this option specifies that a parameter set should be generated of size
+  \&\fBnumbits\fR. It must be the last option. If this option is included then
+  the input file (if any) is ignored.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "NOTES"
+  .IX Header "NOTES"
+  \&\s-1PEM\s0 format \s-1DSA\s0 parameters use the header and footer lines:
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/enc.1 ../RELENG_4/secure/usr.bin/openssl/man/enc.1
+*** secure/usr.bin/openssl/man/enc.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/enc.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ENC 1"
+! .TH ENC 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  enc \- symmetric cipher routines
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ENC 1"
+! .TH ENC 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  enc \- symmetric cipher routines
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/gendsa.1 ../RELENG_4/secure/usr.bin/openssl/man/gendsa.1
+*** secure/usr.bin/openssl/man/gendsa.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/gendsa.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "GENDSA 1"
+! .TH GENDSA 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  gendsa \- generate a \s-1DSA\s0 private key from a set of parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "GENDSA 1"
+! .TH GENDSA 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  gendsa \- generate a \s-1DSA\s0 private key from a set of parameters
+***************
+*** 150,155 ****
+--- 150,156 ----
+  [\fB\-des3\fR]
+  [\fB\-idea\fR]
+  [\fB\-rand \f(BIfile\fB\|(s)\fR]
++ [\fB\-engine id\fR]
+  [\fBparamfile\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+***************
+*** 169,174 ****
+--- 170,181 ----
+  Multiple files can be specified separated by a OS-dependent character.
+  The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+  all others.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .Ip "\fBparamfile\fR" 4
+  .IX Item "paramfile"
+  This option specifies the \s-1DSA\s0 parameter file to use. The parameters in this
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/genrsa.1 ../RELENG_4/secure/usr.bin/openssl/man/genrsa.1
+*** secure/usr.bin/openssl/man/genrsa.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/genrsa.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "GENRSA 1"
+! .TH GENRSA 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  genrsa \- generate an \s-1RSA\s0 private key
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "GENRSA 1"
+! .TH GENRSA 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  genrsa \- generate an \s-1RSA\s0 private key
+***************
+*** 153,158 ****
+--- 153,159 ----
+  [\fB\-f4\fR]
+  [\fB\-3\fR]
+  [\fB\-rand \f(BIfile\fB\|(s)\fR]
++ [\fB\-engine id\fR]
+  [\fBnumbits\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+***************
+*** 183,188 ****
+--- 184,195 ----
+  Multiple files can be specified separated by a OS-dependent character.
+  The separator is \fB;\fR for MS-Windows, \fB,\fR for OpenVMS, and \fB:\fR for
+  all others.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .Ip "\fBnumbits\fR" 4
+  .IX Item "numbits"
+  the size of the private key to generate in bits. This must be the last option
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/nseq.1 ../RELENG_4/secure/usr.bin/openssl/man/nseq.1
+*** secure/usr.bin/openssl/man/nseq.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/nseq.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "NSEQ 1"
+! .TH NSEQ 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  nseq \- create or examine a netscape certificate sequence
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "NSEQ 1"
+! .TH NSEQ 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  nseq \- create or examine a netscape certificate sequence
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/ocsp.1 ../RELENG_4/secure/usr.bin/openssl/man/ocsp.1
+*** secure/usr.bin/openssl/man/ocsp.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/ocsp.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OCSP 1"
+! .TH OCSP 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ocsp \- Online Certificate Status Protocol utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OCSP 1"
+! .TH OCSP 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ocsp \- Online Certificate Status Protocol utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/openssl.1 ../RELENG_4/secure/usr.bin/openssl/man/openssl.1
+*** secure/usr.bin/openssl/man/openssl.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/openssl.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL 1"
+! .TH OPENSSL 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  openssl \- OpenSSL command line tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL 1"
+! .TH OPENSSL 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  openssl \- OpenSSL command line tool
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/passwd.1 ../RELENG_4/secure/usr.bin/openssl/man/passwd.1
+*** secure/usr.bin/openssl/man/passwd.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/passwd.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PASSWD 1"
+! .TH PASSWD 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  passwd \- compute password hashes
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PASSWD 1"
+! .TH PASSWD 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  passwd \- compute password hashes
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/pkcs12.1 ../RELENG_4/secure/usr.bin/openssl/man/pkcs12.1
+*** secure/usr.bin/openssl/man/pkcs12.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/pkcs12.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12 1"
+! .TH PKCS12 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs12 \- PKCS#12 file utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12 1"
+! .TH PKCS12 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs12 \- PKCS#12 file utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/pkcs7.1 ../RELENG_4/secure/usr.bin/openssl/man/pkcs7.1
+*** secure/usr.bin/openssl/man/pkcs7.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/pkcs7.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7 1"
+! .TH PKCS7 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs7 \- PKCS#7 utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7 1"
+! .TH PKCS7 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs7 \- PKCS#7 utility
+***************
+*** 152,157 ****
+--- 152,158 ----
+  [\fB\-print_certs\fR]
+  [\fB\-text\fR]
+  [\fB\-noout\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBpkcs7\fR command processes PKCS#7 files in \s-1DER\s0 or \s-1PEM\s0 format.
+***************
+*** 186,191 ****
+--- 187,198 ----
+  .IX Item "-noout"
+  don't output the encoded version of the PKCS#7 structure (or certificates
+  is \fB\-print_certs\fR is set).
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "EXAMPLES"
+  .IX Header "EXAMPLES"
+  Convert a PKCS#7 file from \s-1PEM\s0 to \s-1DER:\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/pkcs8.1 ../RELENG_4/secure/usr.bin/openssl/man/pkcs8.1
+*** secure/usr.bin/openssl/man/pkcs8.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/pkcs8.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS8 1"
+! .TH PKCS8 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs8 \- PKCS#8 format private key conversion tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS8 1"
+! .TH PKCS8 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs8 \- PKCS#8 format private key conversion tool
+***************
+*** 159,164 ****
+--- 159,165 ----
+  [\fB\-nsdb\fR]
+  [\fB\-v2 alg\fR]
+  [\fB\-v1 alg\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBpkcs8\fR command processes private keys in PKCS#8 format. It can handle
+***************
+*** 243,248 ****
+--- 244,255 ----
+  .IX Item "-v1 alg"
+  This option specifies a PKCS#5 v1.5 or PKCS#12 algorithm to use. A complete
+  list of possible algorithms is included below.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "NOTES"
+  .IX Header "NOTES"
+  The encrypted form of a \s-1PEM\s0 encode PKCS#8 files uses the following
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/rand.1 ../RELENG_4/secure/usr.bin/openssl/man/rand.1
+*** secure/usr.bin/openssl/man/rand.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/rand.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND 1"
+! .TH RAND 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- generate pseudo-random bytes
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND 1"
+! .TH RAND 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- generate pseudo-random bytes
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/req.1 ../RELENG_4/secure/usr.bin/openssl/man/req.1
+*** secure/usr.bin/openssl/man/req.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/req.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "REQ 1"
+! .TH REQ 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  req \- PKCS#10 certificate request and certificate generating utility.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "REQ 1"
+! .TH REQ 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  req \- PKCS#10 certificate request and certificate generating utility.
+***************
+*** 178,183 ****
+--- 178,184 ----
+  [\fB\-nameopt\fR]
+  [\fB\-batch\fR]
+  [\fB\-verbose\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBreq\fR command primarily creates and processes certificate requests
+***************
+*** 348,353 ****
+--- 349,360 ----
+  .Ip "\fB\-verbose\fR" 4
+  .IX Item "-verbose"
+  print extra details about the operations being performed.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "CONFIGURATION FILE FORMAT"
+  .IX Header "CONFIGURATION FILE FORMAT"
+  The configuration options are specified in the \fBreq\fR section of
+***************
+*** 490,496 ****
+  The actual permitted field names are any object identifier short or
+  long names. These are compiled into OpenSSL and include the usual
+  values such as commonName, countryName, localityName, organizationName,
+! organizationUnitName, stateOrPrivinceName. Additionally emailAddress
+  is include as well as name, surname, givenName initials and dnQualifier.
+  .PP
+  Additional object identifiers can be defined with the \fBoid_file\fR or
+--- 497,503 ----
+  The actual permitted field names are any object identifier short or
+  long names. These are compiled into OpenSSL and include the usual
+  values such as commonName, countryName, localityName, organizationName,
+! organizationUnitName, stateOrProvinceName. Additionally emailAddress
+  is include as well as name, surname, givenName initials and dnQualifier.
+  .PP
+  Additional object identifiers can be defined with the \fBoid_file\fR or
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/rsa.1 ../RELENG_4/secure/usr.bin/openssl/man/rsa.1
+*** secure/usr.bin/openssl/man/rsa.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/rsa.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:36 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA 1"
+! .TH RSA 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 key processing tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA 1"
+! .TH RSA 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 key processing tool
+***************
+*** 161,166 ****
+--- 161,167 ----
+  [\fB\-check\fR]
+  [\fB\-pubin\fR]
+  [\fB\-pubout\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBrsa\fR command processes \s-1RSA\s0 keys. They can be converted between various
+***************
+*** 236,241 ****
+--- 237,248 ----
+  by default a private key is output: with this option a public
+  key will be output instead. This option is automatically set if
+  the input is a public key.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "NOTES"
+  .IX Header "NOTES"
+  The \s-1PEM\s0 private key format uses the header and footer lines:
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/rsautl.1 ../RELENG_4/secure/usr.bin/openssl/man/rsautl.1
+*** secure/usr.bin/openssl/man/rsautl.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/rsautl.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:36 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSAUTL 1"
+! .TH RSAUTL 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsautl \- \s-1RSA\s0 utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSAUTL 1"
+! .TH RSAUTL 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsautl \- \s-1RSA\s0 utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/s_client.1 ../RELENG_4/secure/usr.bin/openssl/man/s_client.1
+*** secure/usr.bin/openssl/man/s_client.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/s_client.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:36 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "S_CLIENT 1"
+! .TH S_CLIENT 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_client \- \s-1SSL/TLS\s0 client program
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "S_CLIENT 1"
+! .TH S_CLIENT 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_client \- \s-1SSL/TLS\s0 client program
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/s_server.1 ../RELENG_4/secure/usr.bin/openssl/man/s_server.1
+*** secure/usr.bin/openssl/man/s_server.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/s_server.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "S_SERVER 1"
+! .TH S_SERVER 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_server \- \s-1SSL/TLS\s0 server program
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "S_SERVER 1"
+! .TH S_SERVER 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_server \- \s-1SSL/TLS\s0 server program
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/sess_id.1 ../RELENG_4/secure/usr.bin/openssl/man/sess_id.1
+*** secure/usr.bin/openssl/man/sess_id.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/sess_id.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SESS_ID 1"
+! .TH SESS_ID 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  sess_id \- \s-1SSL/TLS\s0 session handling utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SESS_ID 1"
+! .TH SESS_ID 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  sess_id \- \s-1SSL/TLS\s0 session handling utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/smime.1 ../RELENG_4/secure/usr.bin/openssl/man/smime.1
+*** secure/usr.bin/openssl/man/smime.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/smime.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME 1"
+! .TH SMIME 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  smime \- S/MIME utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME 1"
+! .TH SMIME 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  smime \- S/MIME utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/speed.1 ../RELENG_4/secure/usr.bin/openssl/man/speed.1
+*** secure/usr.bin/openssl/man/speed.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/speed.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SPEED 1"
+! .TH SPEED 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  speed \- test library performance
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SPEED 1"
+! .TH SPEED 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  speed \- test library performance
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/spkac.1 ../RELENG_4/secure/usr.bin/openssl/man/spkac.1
+*** secure/usr.bin/openssl/man/spkac.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/spkac.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:00:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SPKAC 1"
+! .TH SPKAC 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  spkac \- \s-1SPKAC\s0 printing and generating utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SPKAC 1"
+! .TH SPKAC 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  spkac \- \s-1SPKAC\s0 printing and generating utility
+***************
+*** 155,160 ****
+--- 155,161 ----
+  [\fB\-spksect section\fR]
+  [\fB\-noout\fR]
+  [\fB\-verify\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBspkac\fR command processes Netscape signed public key and challenge
+***************
+*** 202,207 ****
+--- 203,214 ----
+  .Ip "\fB\-verify\fR" 4
+  .IX Item "-verify"
+  verifies the digital signature on the supplied \s-1SPKAC\s0.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .SH "EXAMPLES"
+  .IX Header "EXAMPLES"
+  Print out the contents of an \s-1SPKAC:\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/verify.1 ../RELENG_4/secure/usr.bin/openssl/man/verify.1
+*** secure/usr.bin/openssl/man/verify.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/verify.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "VERIFY 1"
+! .TH VERIFY 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  verify \- Utility to verify certificates.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "VERIFY 1"
+! .TH VERIFY 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  verify \- Utility to verify certificates.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/version.1 ../RELENG_4/secure/usr.bin/openssl/man/version.1
+*** secure/usr.bin/openssl/man/version.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/version.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "VERSION 1"
+! .TH VERSION 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  version \- print OpenSSL version information
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "VERSION 1"
+! .TH VERSION 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  version \- print OpenSSL version information
+diff --exclude=CVS -I\$FreeBSD -rcN secure/usr.bin/openssl/man/x509.1 ../RELENG_4/secure/usr.bin/openssl/man/x509.1
+*** secure/usr.bin/openssl/man/x509.1	Mon Feb 24 20:43:40 2003
+--- ../RELENG_4/secure/usr.bin/openssl/man/x509.1	Mon Feb 24 21:15:49 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Mon Feb  3 10:01:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 16:49:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509 1"
+! .TH X509 1 "0.9.7" "2003-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  x509 \- Certificate display and signing utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509 1"
+! .TH X509 1 "0.9.7a" "2003-02-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  x509 \- Certificate display and signing utility
+***************
+*** 187,192 ****
+--- 187,193 ----
+  [\fB\-clrext\fR]
+  [\fB\-extfile filename\fR]
+  [\fB\-extensions section\fR]
++ [\fB\-engine id\fR]
+  .SH "DESCRIPTION"
+  .IX Header "DESCRIPTION"
+  The \fBx509\fR command is a multi purpose certificate utility. It can be
+***************
+*** 226,231 ****
+--- 227,238 ----
+  digest, such as the \fB\-fingerprint\fR, \fB\-signkey\fR and \fB\-CA\fR options. If not
+  specified then \s-1MD5\s0 is used. If the key being used to sign with is a \s-1DSA\s0 key then
+  this option has no effect: \s-1SHA1\s0 is always used with \s-1DSA\s0 keys.
++ .Ip "\fB\-engine id\fR" 4
++ .IX Item "-engine id"
++ specifying an engine (by it's unique \fBid\fR string) will cause \fBreq\fR
++ to attempt to obtain a functional reference to the specified engine,
++ thus initialising it if needed. The engine will then be set as the default
++ for all available algorithms.
+  .Sh "\s-1DISPLAY\s0 \s-1OPTIONS\s0"
+  .IX Subsection "DISPLAY OPTIONS"
+  Note: the \fB\-alias\fR and \fB\-purpose\fR options are also display options
+***************
+*** 673,680 ****
+  \&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
+  .PP
+  .Vb 2
+! \& openssl x509 -in cert.pem -addtrust sslclient \e
+! \&        -alias "Steve's Class 1 CA" -out trust.pem
+  .Ve
+  .SH "NOTES"
+  .IX Header "NOTES"
+--- 680,687 ----
+  \&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
+  .PP
+  .Vb 2
+! \& openssl x509 -in cert.pem -addtrust clientAuth \e
+! \&        -setalias "Steve's Class 1 CA" -out trust.pem
+  .Ve
+  .SH "NOTES"
+  .IX Header "NOTES"
diff --git a/share/security/patches/SA-03:02/openssl4s.patch.asc b/share/security/patches/SA-03:02/openssl4s.patch.asc
new file mode 100644
index 0000000000..b7199fa4c7
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl4s.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+WuNOFdaIBMps37IRAj4RAKCTMDb2U5fAB4/OeO7Ex8EOUTgurACfer3H
+7Oi55280LJEF4+n7iML6Ktw=
+=tohq
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl4s.patch.gz b/share/security/patches/SA-03:02/openssl4s.patch.gz
new file mode 100644
index 0000000000..ade6edf219
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl4s.patch.gz
diff --git a/share/security/patches/SA-03:02/openssl4s.patch.gz.asc b/share/security/patches/SA-03:02/openssl4s.patch.gz.asc
new file mode 100644
index 0000000000..48777a5304
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl4s.patch.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+YBHBFdaIBMps37IRAnXuAJ9M+mytNjYsGxaceqs1dsaiQ/KwbwCfakxG
+UUv3pXR+alQRpqyW4vEG7Jg=
+=LcAs
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl50.patch b/share/security/patches/SA-03:02/openssl50.patch
new file mode 100644
index 0000000000..5a8fbbd4ee
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl50.patch
@@ -0,0 +1,18130 @@
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/CHANGES ../RELENG_5_0/crypto/openssl/CHANGES
+*** crypto/openssl/CHANGES	Fri Aug  9 21:47:54 2002
+--- ../RELENG_5_0/crypto/openssl/CHANGES	Thu Feb 20 12:14:09 2003
+***************
+*** 2,7 ****
+--- 2,88 ----
+   OpenSSL CHANGES
+   _______________
+  
++  Changes between 0.9.6h and 0.9.6i  [19 Feb 2003]
++ 
++   *) In ssl3_get_record (ssl/s3_pkt.c), minimize information leaked
++      via timing by performing a MAC computation even if incorrrect
++      block cipher padding has been found.  This is a countermeasure
++      against active attacks where the attacker has to distinguish
++      between bad padding and a MAC verification error. (CAN-2003-0078)
++ 
++      [Bodo Moeller; problem pointed out by Brice Canvel (EPFL),
++      Alain Hiltgen (UBS), Serge Vaudenay (EPFL), and
++      Martin Vuagnoux (EPFL, Ilion)]
++ 
++  Changes between 0.9.6g and 0.9.6h  [5 Dec 2002]
++ 
++   *) New function OPENSSL_cleanse(), which is used to cleanse a section of
++      memory from it's contents.  This is done with a counter that will
++      place alternating values in each byte.  This can be used to solve
++      two issues: 1) the removal of calls to memset() by highly optimizing
++      compilers, and 2) cleansing with other values than 0, since those can
++      be read through on certain media, for example a swap space on disk.
++      [Geoff Thorpe]
++ 
++   *) Bugfix: client side session caching did not work with external caching,
++      because the session->cipher setting was not restored when reloading
++      from the external cache. This problem was masked, when
++      SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG (part of SSL_OP_ALL) was set.
++      (Found by Steve Haslam <steve@araqnid.ddts.net>.)
++      [Lutz Jaenicke]
++ 
++   *) Fix client_certificate (ssl/s2_clnt.c): The permissible total
++      length of the REQUEST-CERTIFICATE message is 18 .. 34, not 17 .. 33.
++      [Zeev Lieber <zeev-l@yahoo.com>]
++ 
++   *) Undo an undocumented change introduced in 0.9.6e which caused
++      repeated calls to OpenSSL_add_all_ciphers() and 
++      OpenSSL_add_all_digests() to be ignored, even after calling
++      EVP_cleanup().
++      [Richard Levitte]
++ 
++   *) Change the default configuration reader to deal with last line not
++      being properly terminated.
++      [Richard Levitte]
++ 
++   *) Change X509_NAME_cmp() so it applies the special rules on handling
++      DN values that are of type PrintableString, as well as RDNs of type
++      emailAddress where the value has the type ia5String.
++      [stefank@valicert.com via Richard Levitte]
++ 
++   *) Add a SSL_SESS_CACHE_NO_INTERNAL_STORE flag to take over half
++      the job SSL_SESS_CACHE_NO_INTERNAL_LOOKUP was inconsistently
++      doing, define a new flag (SSL_SESS_CACHE_NO_INTERNAL) to be
++      the bitwise-OR of the two for use by the majority of applications
++      wanting this behaviour, and update the docs. The documented
++      behaviour and actual behaviour were inconsistent and had been
++      changing anyway, so this is more a bug-fix than a behavioural
++      change.
++      [Geoff Thorpe, diagnosed by Nadav Har'El]
++ 
++   *) Don't impose a 16-byte length minimum on session IDs in ssl/s3_clnt.c
++      (the SSL 3.0 and TLS 1.0 specifications allow any length up to 32 bytes).
++      [Bodo Moeller]
++ 
++   *) Fix initialization code race conditions in
++         SSLv23_method(),  SSLv23_client_method(),   SSLv23_server_method(),
++         SSLv2_method(),   SSLv2_client_method(),    SSLv2_server_method(),
++         SSLv3_method(),   SSLv3_client_method(),    SSLv3_server_method(),
++         TLSv1_method(),   TLSv1_client_method(),    TLSv1_server_method(),
++         ssl2_get_cipher_by_char(),
++         ssl3_get_cipher_by_char().
++      [Patrick McCormick <patrick@tellme.com>, Bodo Moeller]
++ 
++   *) Reorder cleanup sequence in SSL_CTX_free(): only remove the ex_data after
++      the cached sessions are flushed, as the remove_cb() might use ex_data
++      contents. Bug found by Sam Varshavchik <mrsam@courier-mta.com>
++      (see [openssl.org #212]).
++      [Geoff Thorpe, Lutz Jaenicke]
++ 
++   *) Fix typo in OBJ_txt2obj which incorrectly passed the content
++      length, instead of the encoding length to d2i_ASN1_OBJECT.
++      [Steve Henson]
++ 
+   Changes between 0.9.6f and 0.9.6g  [9 Aug 2002]
+  
+    *) [In 0.9.6g-engine release:]
+***************
+*** 23,28 ****
+--- 104,115 ----
+  
+   Changes between 0.9.6d and 0.9.6e  [30 Jul 2002]
+  
++   *) Add various sanity checks to asn1_get_length() to reject
++      the ASN1 length bytes if they exceed sizeof(long), will appear
++      negative or the content length exceeds the length of the
++      supplied buffer.
++      [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
++ 
+    *) Fix cipher selection routines: ciphers without encryption had no flags
+       for the cipher strength set and where therefore not handled correctly
+       by the selection routines (PR #130).
+***************
+*** 54,60 ****
+    *) Add various sanity checks to asn1_get_length() to reject
+       the ASN1 length bytes if they exceed sizeof(long), will appear
+       negative or the content length exceeds the length of the
+!      supplied buffer.
+       [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+  
+    *) Assertions for various potential buffer overflows, not known to
+--- 141,147 ----
+    *) Add various sanity checks to asn1_get_length() to reject
+       the ASN1 length bytes if they exceed sizeof(long), will appear
+       negative or the content length exceeds the length of the
+!      supplied buffer. (CAN-2002-0659)
+       [Steve Henson, Adi Stav <stav@mercury.co.il>, James Yonan <jim@ntlp.com>]
+  
+    *) Assertions for various potential buffer overflows, not known to
+***************
+*** 159,166 ****
+       value is 0.
+       [Richard Levitte]
+  
+!   *) [In 0.9.6c-engine release:]
+!      Fix a crashbug and a logic bug in hwcrhk_load_pubkey()
+       [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+  
+    *) Add the configuration target linux-s390x.
+--- 246,253 ----
+       value is 0.
+       [Richard Levitte]
+  
+!   *) [In 0.9.6d-engine release:]
+!      Fix a crashbug and a logic bug in hwcrhk_load_pubkey().
+       [Toomas Kiisk <vix@cyber.ee> via Richard Levitte]
+  
+    *) Add the configuration target linux-s390x.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Configure ../RELENG_5_0/crypto/openssl/Configure
+*** crypto/openssl/Configure	Fri Aug  9 21:37:28 2002
+--- ../RELENG_5_0/crypto/openssl/Configure	Thu Feb 20 12:14:09 2003
+***************
+*** 122,128 ****
+  "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wid-clash-31 -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn",
+  "dist",		"cc:-O::(unknown):::::",
+  
+  # Basic configs that should work on any (32 and less bit) box
+--- 122,128 ----
+  "debug-bodo",	"gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DBIO_PAIR_DEBUG -g -m486 -pedantic -Wshadow -Wall::-D_REENTRANT::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-ulf",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+  "debug-steve",	"gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -g -O2 -m486 -pedantic -Wall -Werror -Wshadow -pipe::-D_REENTRANT::${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+! "debug-levitte-linux-elf","gcc:-DUSE_ALLOCATING_PRINT -DRL_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DNO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -ggdb -g3 -m486 -pedantic -ansi -Wall -Wshadow -Wstrict-prototypes -Wmissing-prototypes -pipe::-D_REENTRANT:-ldl:::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+  "dist",		"cc:-O::(unknown):::::",
+  
+  # Basic configs that should work on any (32 and less bit) box
+***************
+*** 395,401 ****
+  "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix43-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+  
+  #
+  # Cray T90 and similar (SDSC)
+--- 395,401 ----
+  "aix-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix-gcc",  "gcc:-O3 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR:::",
+  "aix43-cc",   "cc:-O -DAIX -DB_ENDIAN -qmaxmem=16384::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+! "aix43-gcc",  "gcc:-O1 -DAIX -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR::::::::::dlfcn:",
+  
+  #
+  # Cray T90 and similar (SDSC)
+***************
+*** 477,483 ****
+  
+  # Cygwin
+  "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+  
+  # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+  "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+--- 477,483 ----
+  
+  # Cygwin
+  "Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -m486 -Wall::(unknown)::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32",
+! "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -march=i486 -Wall::::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}::::::::::win32:cygwin-shared:::.dll",
+  
+  # Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+  "ultrix-cc","cc:-std1 -O -Olimit 1000 -DL_ENDIAN::(unknown)::::::",
+***************
+*** 495,506 ****
+--- 495,512 ----
+  "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown)::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+  "darwin-ppc-cc","cc:-O3 -D_DARWIN -DB_ENDIAN -fno-common::-D_REENTRANT::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::::::::::darwin-shared:-fPIC::.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+  
++ ##### A/UX
++ "aux3-gcc","gcc:-O2 -DTERMIO::(unknown):-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
++ 
+  ##### Sony NEWS-OS 4.x
+  "newsos4-gcc","gcc:-O -DB_ENDIAN -DNEWS4::(unknown):-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+  
+  ##### VxWorks for various targets
+  "vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DVXWORKS -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::-r:::::",
+  
++ ##### Compaq Non-Stop Kernel (Tandem)
++ "tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown)::THIRTY_TWO_BIT:::",
++ 
+  );
+  
+  my @WinTargets=qw(VC-NT VC-WIN32 VC-WIN16 VC-W31-16 VC-W31-32 VC-MSDOS BC-32
+***************
+*** 577,582 ****
+--- 583,589 ----
+  my $target;
+  my $options;
+  my $symlink;
++ my $make_depend=0;
+  
+  my @argvcopy=@ARGV;
+  my $argvstring="";
+***************
+*** 619,625 ****
+  			{ $threads=1; }
+  		elsif (/^no-shared$/)
+  			{ $no_shared=1; }
+! 		elsif (/^shared$/)
+  			{ $no_shared=0; }
+  		elsif (/^no-symlinks$/)
+  			{ $symlink=0; }
+--- 626,632 ----
+  			{ $threads=1; }
+  		elsif (/^no-shared$/)
+  			{ $no_shared=1; }
+! 		elsif (/^shared$/ || /^-shared$/ || /^--shared$/)
+  			{ $no_shared=0; }
+  		elsif (/^no-symlinks$/)
+  			{ $symlink=0; }
+***************
+*** 1188,1198 ****
+  EOF
+  	close(OUT);
+  } else {
+! 	(system "make -f Makefile.ssl PERL=\'$perl\' links") == 0 or exit $?
+! 		if $symlink;
+! 	### (system 'make depend') == 0 or exit $? if $depflags ne "";
+! 	# Run "make depend" manually if you want to be able to delete
+! 	# the source code files of ciphers you left out.
+  	if ( $perl =~ m@^/@) {
+  	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+--- 1195,1207 ----
+  EOF
+  	close(OUT);
+  } else {
+! 	my $make_command = "make -f Makefile.ssl PERL=\'$perl\'";
+! 	my $make_targets = "";
+! 	$make_targets .= " links" if $symlink;
+! 	$make_targets .= " depend" if $depflags ne "" && $make_depend;
+! 	$make_targets .= " gentests" if $symlink;
+! 	(system $make_command.$make_targets) == 0 or exit $?
+! 		if $make_targets ne "";
+  	if ( $perl =~ m@^/@) {
+  	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",$perl,'^#!/', '#!%s');
+***************
+*** 1202,1207 ****
+--- 1211,1225 ----
+  	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";');
+  	    &dofile("apps/der_chop",'/usr/local/bin/perl','^#!/', '#!%s');
+  	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
++ 	}
++ 	if ($depflags ne "" && !$make_depend) {
++ 		print <<EOF;
++ 
++ Since you've disabled at least one algorithm, you need to do the following
++ before building:
++ 
++ 	make depend
++ EOF
+  	}	    
+  }
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/FAQ ../RELENG_5_0/crypto/openssl/FAQ
+*** crypto/openssl/FAQ	Fri Aug  9 21:47:54 2002
+--- ../RELENG_5_0/crypto/openssl/FAQ	Thu Feb 20 12:14:09 2003
+***************
+*** 9,14 ****
+--- 9,15 ----
+  * Where can I get a compiled version of OpenSSL?
+  * Why aren't tools like 'autoconf' and 'libtool' used?
+  * What is an 'engine' version?
++ * How do I check the authenticity of the OpenSSL distribution?
+  
+  [LEGAL] Legal questions
+  
+***************
+*** 35,40 ****
+--- 36,42 ----
+  * Why does the linker complain about undefined symbols?
+  * Why does the OpenSSL test fail with "bc: command not found"?
+  * Why does the OpenSSL test fail with "bc: 1 no implemented"?
++ * Why does the OpenSSL test fail with "bc: stack empty"?
+  * Why does the OpenSSL compilation fail on Alpha Tru64 Unix?
+  * Why does the OpenSSL compilation fail with "ar: command not found"?
+  * Why does the OpenSSL compilation fail on Win32 with VC++?
+***************
+*** 61,67 ****
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.6g was released on 9 August 2002.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+--- 63,69 ----
+  * Which is the current version of OpenSSL?
+  
+  The current version is available from <URL: http://www.openssl.org>.
+! OpenSSL 0.9.7a was released on February 19, 2003.
+  
+  In addition to the current stable release, you can also access daily
+  snapshots of the OpenSSL development version at <URL:
+***************
+*** 132,137 ****
+--- 134,152 ----
+  version 0.9.7 (not yet released) the changes were merged into the main
+  development line, so that the special release is no longer necessary.
+  
++ * How do I check the authenticity of the OpenSSL distribution?
++ 
++ We provide MD5 digests and ASC signatures of each tarball.
++ Use MD5 to check that a tarball from a mirror site is identical:
++ 
++    md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
++ 
++ You can check authenticity using pgp or gpg. You need the OpenSSL team
++ member public key used to sign it (download it from a key server). Then
++ just do:
++ 
++    pgp TARBALL.asc
++ 
+  [LEGAL] =======================================================================
+  
+  * Do I need patent licenses to use OpenSSL?
+***************
+*** 169,186 ****
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" that serves this purpose.  On other systems, applications have
+! to call the RAND_add() or RAND_seed() function with appropriate data
+! before generating keys or performing public key encryption.
+! (These functions initialize the pseudo-random number generator, PRNG.)
+! 
+! Some broken applications do not do this.  As of version 0.9.5, the
+! OpenSSL functions that need randomness report an error if the random
+! number generator has not been seeded with at least 128 bits of
+! randomness.  If this error occurs, please contact the author of the
+! application you are using.  It is likely that it never worked
+! correctly.  OpenSSL 0.9.5 and later make the error visible by refusing
+! to perform potentially insecure encryption.
+  
+  On systems without /dev/urandom and /dev/random, it is a good idea to
+  use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+--- 184,213 ----
+  
+  Cryptographic software needs a source of unpredictable data to work
+  correctly.  Many open source operating systems provide a "randomness
+! device" (/dev/urandom or /dev/random) that serves this purpose.
+! All OpenSSL versions try to use /dev/urandom by default; starting with
+! version 0.9.7, OpenSSL also tries /dev/random if /dev/urandom is not
+! available.
+! 
+! On other systems, applications have to call the RAND_add() or
+! RAND_seed() function with appropriate data before generating keys or
+! performing public key encryption. (These functions initialize the
+! pseudo-random number generator, PRNG.)  Some broken applications do
+! not do this.  As of version 0.9.5, the OpenSSL functions that need
+! randomness report an error if the random number generator has not been
+! seeded with at least 128 bits of randomness.  If this error occurs and
+! is not discussed in the documentation of the application you are
+! using, please contact the author of that application; it is likely
+! that it never worked correctly.  OpenSSL 0.9.5 and later make the
+! error visible by refusing to perform potentially insecure encryption.
+! 
+! If you are using Solaris 8, you can add /dev/urandom and /dev/random
+! devices by installing patch 112438 (Sparc) or 112439 (x86), which are
+! available via the Patchfinder at <URL: http://sunsolve.sun.com>
+! (Solaris 9 includes these devices by default). For /dev/random support
+! for earlier Solaris versions, see Sun's statement at
+! <URL: http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski>
+! (the SUNWski package is available in patch 105710).
+  
+  On systems without /dev/urandom and /dev/random, it is a good idea to
+  use the Entropy Gathering Demon (EGD); see the RAND_egd() manpage for
+***************
+*** 213,228 ****
+  provide their own configuration options to specify the entropy source,
+  please check out the documentation coming the with application.
+  
+- For Solaris 2.6, Tim Nibbe <tnibbe@sprint.net> and others have suggested
+- installing the SUNski package from Sun patch 105710-01 (Sparc) which
+- adds a /dev/random device and make sure it gets used, usually through
+- $RANDFILE.  There are probably similar patches for the other Solaris
+- versions.  An official statement from Sun with respect to /dev/random
+- support can be found at
+-   http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsrdb/27606&zone_32=SUNWski
+- However, be warned that /dev/random is usually a blocking device, which
+- may have some effects on OpenSSL.
+- 
+  
+  * Why do I get an "unable to write 'random state'" error message?
+  
+--- 240,245 ----
+***************
+*** 386,391 ****
+--- 403,419 ----
+  On some SCO installations or versions, bc has a bug that gets triggered
+  when you run the test suite (using "make test").  The message returned is
+  "bc: 1 not implemented".
++ 
++ The best way to deal with this is to find another implementation of bc
++ and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
++ for download instructions) can be safely used, for example.
++ 
++ 
++ * Why does the OpenSSL test fail with "bc: stack empty"?
++ 
++ On some DG/ux versions, bc seems to have a too small stack for calculations
++ that the OpenSSL bntest throws at it.  This gets triggered when you run the
++ test suite (using "make test").  The message returned is "bc: stack empty".
+  
+  The best way to deal with this is to find another implementation of bc
+  and compile/install it.  GNU bc (see http://www.gnu.org/software/software.html
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/INSTALL ../RELENG_5_0/crypto/openssl/INSTALL
+*** crypto/openssl/INSTALL	Tue Jul 30 09:37:24 2002
+--- ../RELENG_5_0/crypto/openssl/INSTALL	Thu Feb 20 12:14:09 2003
+***************
+*** 129,136 ****
+       standard headers).  If it is a problem with OpenSSL itself, please
+       report the problem to <openssl-bugs@openssl.org> (note that your
+       message will be recorded in the request tracker publicly readable
+!      via http://www.openssl.org/rt2.html and will be forwarded to a public
+!      mailing list). Include the output of "make report" in your message.
+       Please check out the request tracker. Maybe the bug was already
+       reported or has already been fixed.
+  
+--- 129,136 ----
+       standard headers).  If it is a problem with OpenSSL itself, please
+       report the problem to <openssl-bugs@openssl.org> (note that your
+       message will be recorded in the request tracker publicly readable
+!      via http://www.openssl.org/support/rt2.html and will be forwarded to a
+!      public mailing list). Include the output of "make report" in your message.
+       Please check out the request tracker. Maybe the bug was already
+       reported or has already been fixed.
+  
+***************
+*** 151,157 ****
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+       "make report" in order to be added to the request tracker at
+!      http://www.openssl.org/rt2.html.
+  
+    4. If everything tests ok, install OpenSSL with
+  
+--- 151,157 ----
+       in Makefile.ssl and run "make clean; make". Please send a bug
+       report to <openssl-bugs@openssl.org>, including the output of
+       "make report" in order to be added to the request tracker at
+!      http://www.openssl.org/support/rt2.html.
+  
+    4. If everything tests ok, install OpenSSL with
+  
+***************
+*** 285,287 ****
+--- 285,299 ----
+   targets for shared library creation, like linux-shared.  Those targets
+   can currently be used on their own just as well, but this is expected
+   to change in future versions of OpenSSL.
++ 
++  Note on random number generation
++  --------------------------------
++ 
++  Availability of cryptographically secure random numbers is required for
++  secret key generation. OpenSSL provides several options to seed the
++  internal PRNG. If not properly seeded, the internal PRNG will refuse
++  to deliver random bytes and a "PRNG not seeded error" will occur.
++  On systems without /dev/urandom (or similar) device, it may be necessary
++  to install additional support software to obtain random seed.
++  Please check out the manual pages for RAND_add(), RAND_bytes(), RAND_egd(),
++  and the FAQ for more information.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.org ../RELENG_5_0/crypto/openssl/Makefile.org
+*** crypto/openssl/Makefile.org	Fri Aug  9 21:47:54 2002
+--- ../RELENG_5_0/crypto/openssl/Makefile.org	Thu Feb 20 12:14:09 2003
+***************
+*** 270,278 ****
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	collect2=`gcc -print-prog-name=collect2 2>&1` && \
+! 	[ -n "$$collect2" ] && \
+! 	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+--- 270,276 ----
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+***************
+*** 529,534 ****
+--- 527,536 ----
+  	fi; \
+  	done;
+  
++ gentests:
++ 	@(cd test && echo "generating dummy tests (if needed)..." && \
++ 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
++ 
+  dclean:
+  	rm -f *.bak
+  	@for i in $(DIRS) ;\
+***************
+*** 610,615 ****
+--- 612,620 ----
+  # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+  # tar does not support the --files-from option.
+  tar:
++ 	find . -type d -print | xargs chmod 755
++ 	find . -type f -print | xargs chmod a+r
++ 	find . -type f -perm -0100 -print | xargs chmod a+x
+  	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+  	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+  	tardy --user_number=0  --user_name=openssl \
+***************
+*** 652,660 ****
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+--- 657,666 ----
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+***************
+*** 664,677 ****
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+--- 670,686 ----
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+***************
+*** 687,699 ****
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man=`cd util; ./pod2mantest ignore`; \
+  	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) $$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+--- 696,708 ----
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+  	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+***************
+*** 703,709 ****
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) $$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+--- 712,718 ----
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/Makefile.ssl ../RELENG_5_0/crypto/openssl/Makefile.ssl
+*** crypto/openssl/Makefile.ssl	Fri Aug  9 21:47:54 2002
+--- ../RELENG_5_0/crypto/openssl/Makefile.ssl	Thu Feb 20 12:14:09 2003
+***************
+*** 4,10 ****
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.6g
+  MAJOR=0
+  MINOR=9.6
+  SHLIB_VERSION_NUMBER=0.9.6
+--- 4,10 ----
+  ## Makefile for OpenSSL
+  ##
+  
+! VERSION=0.9.6i
+  MAJOR=0
+  MINOR=9.6
+  SHLIB_VERSION_NUMBER=0.9.6
+***************
+*** 272,280 ****
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	collect2=`gcc -print-prog-name=collect2 2>&1` && \
+! 	[ -n "$$collect2" ] && \
+! 	my_ld=`$$collect2 --help 2>&1 | grep Usage: | sed 's/^Usage: *\([^ ][^ ]*\).*/\1/'` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+--- 272,278 ----
+  	done
+  
+  DETECT_GNU_LD=${CC} -v 2>&1 | grep '^gcc' >/dev/null 2>&1 && \
+! 	my_ld=`${CC} -print-prog-name=ld 2>&1` && \
+  	[ -n "$$my_ld" ] && \
+  	$$my_ld -v 2>&1 | grep 'GNU ld' >/dev/null 2>&1
+  
+***************
+*** 531,536 ****
+--- 529,538 ----
+  	fi; \
+  	done;
+  
++ gentests:
++ 	@(cd test && echo "generating dummy tests (if needed)..." && \
++ 	$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on generate );
++ 
+  dclean:
+  	rm -f *.bak
+  	@for i in $(DIRS) ;\
+***************
+*** 612,617 ****
+--- 614,622 ----
+  # and read directly, requiring GNU-Tar. Call "make TAR=gtar dist" if the normal
+  # tar does not support the --files-from option.
+  tar:
++ 	find . -type d -print | xargs chmod 755
++ 	find . -type f -print | xargs chmod a+r
++ 	find . -type f -perm -0100 -print | xargs chmod a+x
+  	find * \! -path CVS/\* \! -path \*/CVS/\* \! -name CVS \! -name .cvsignore \! -name STATUS \! -name TABLE | sort > ../$(TARFILE).list; \
+  	$(TAR) $(TARFLAGS) --files-from ../$(TARFILE).list -cvf - | \
+  	tardy --user_number=0  --user_name=openssl \
+***************
+*** 654,662 ****
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+--- 659,668 ----
+  	do \
+  		if [ -f "$$i" ]; then \
+  		(       echo installing $$i; \
+! 			cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			$(RANLIB) $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 			mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
+  		fi; \
+  	done
+  	@if [ -n "$(SHARED_LIBS)" ]; then \
+***************
+*** 666,679 ****
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+--- 672,688 ----
+  			if [ -f "$$i" -o -f "$$i.a" ]; then \
+  			(       echo installing $$i; \
+  				if [ "$(PLATFORM)" != "Cygwin" ]; then \
+! 					cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
+  				else \
+  					c=`echo $$i | sed 's/^lib/cyg/'`; \
+! 					cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c; \
+! 					cp $$i.a $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new; \
+! 					mv $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.a; \
+  				fi ); \
+  			fi; \
+  		done; \
+***************
+*** 689,701 ****
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man=`cd util; ./pod2mantest ignore`; \
+  	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) $$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+--- 698,710 ----
+  		$(INSTALL_PREFIX)$(MANDIR)/man3 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man5 \
+  		$(INSTALL_PREFIX)$(MANDIR)/man7
+! 	@pod2man="`cd util; ./pod2mantest $(PERL)`"; \
+  	for i in doc/apps/*.pod; do \
+  		fn=`basename $$i .pod`; \
+  		if [ "$$fn" = "config" ]; then sec=5; else sec=1; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+***************
+*** 705,711 ****
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$(PERL) $$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+--- 714,720 ----
+  		if [ "$$fn" = "des_modes" ]; then sec=7; else sec=3; fi; \
+  		echo "installing man$$sec/`basename $$i .pod`.$$sec"; \
+  		(cd `$(PERL) util/dirname.pl $$i`; \
+! 		sh -c "$$pod2man \
+  			--section=$$sec --center=OpenSSL \
+  			--release=$(VERSION) `basename $$i`") \
+  			>  $(INSTALL_PREFIX)$(MANDIR)/man$$sec/`basename $$i .pod`.$$sec; \
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/NEWS ../RELENG_5_0/crypto/openssl/NEWS
+*** crypto/openssl/NEWS	Fri Aug  9 21:47:54 2002
+--- ../RELENG_5_0/crypto/openssl/NEWS	Thu Feb 20 12:14:09 2003
+***************
+*** 5,10 ****
+--- 5,28 ----
+    This file gives a brief overview of the major changes between each OpenSSL
+    release. For more details please read the CHANGES file.
+  
++   Major changes between OpenSSL 0.9.6h and OpenSSL 0.9.6i:
++ 
++       o Important security related bugfixes.
++ 
++   Major changes between OpenSSL 0.9.6g and OpenSSL 0.9.6h:
++ 
++       o New configuration targets for Tandem OSS and A/UX.
++       o New OIDs for Microsoft attributes.
++       o Better handling of SSL session caching.
++       o Better comparison of distinguished names.
++       o Better handling of shared libraries in a mixed GNU/non-GNU environment.
++       o Support assembler code with Borland C.
++       o Fixes for length problems.
++       o Fixes for uninitialised variables.
++       o Fixes for memory leaks, some unusual crashes and some race conditions.
++       o Fixes for smaller building problems.
++       o Updates of manuals, FAQ and other instructive documents.
++ 
+    Major changes between OpenSSL 0.9.6f and OpenSSL 0.9.6g:
+  
+        o Important building fixes on Unix.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/PROBLEMS ../RELENG_5_0/crypto/openssl/PROBLEMS
+*** crypto/openssl/PROBLEMS	Fri Aug  9 21:37:46 2002
+--- ../RELENG_5_0/crypto/openssl/PROBLEMS	Thu Feb 20 12:14:09 2003
+***************
+*** 40,42 ****
+--- 40,58 ----
+  will interfere with each other and lead to test failure.
+  
+  The solution is simple for now: don't run parallell make when testing.
++ 
++ 
++ * Bugs in gcc 3.0 triggered
++ 
++ According to a problem report, there are bugs in gcc 3.0 that are
++ triggered by some of the code in OpenSSL, more specifically in
++ PEM_get_EVP_CIPHER_INFO().  The triggering code is the following:
++ 
++ 	header+=11;
++ 	if (*header != '4') return(0); header++;
++ 	if (*header != ',') return(0); header++;
++ 
++ What happens is that gcc might optimize a little too agressively, and
++ you end up with an extra incrementation when *header != '4'.
++ 
++ We recommend that you upgrade gcc to as high a 3.x version as you can.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/README ../RELENG_5_0/crypto/openssl/README
+*** crypto/openssl/README	Fri Aug  9 21:47:55 2002
+--- ../RELENG_5_0/crypto/openssl/README	Thu Feb 20 12:14:09 2003
+***************
+*** 1,7 ****
+  
+!  OpenSSL 0.9.6g 9 August 2002
+  
+!  Copyright (c) 1998-2002 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+--- 1,7 ----
+  
+!  OpenSSL 0.9.6i Feb 19 2003
+  
+!  Copyright (c) 1998-2003 The OpenSSL Project
+   Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson
+   All rights reserved.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/Makefile.ssl ../RELENG_5_0/crypto/openssl/apps/Makefile.ssl
+*** crypto/openssl/apps/Makefile.ssl	Tue Jul 30 09:37:25 2002
+--- ../RELENG_5_0/crypto/openssl/apps/Makefile.ssl	Thu Feb 20 12:14:10 2003
+***************
+*** 117,123 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 117,123 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 128,137 ****
+  	rm -f req
+  
+  $(DLIBSSL):
+! 	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(DLIBCRYPTO):
+! 	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+  	$(RM) $(PROGRAM)
+--- 128,137 ----
+  	rm -f req
+  
+  $(DLIBSSL):
+! 	(cd ..; $(MAKE) DIRS=ssl all)
+  
+  $(DLIBCRYPTO):
+! 	(cd ..; $(MAKE) DIRS=crypto all)
+  
+  $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
+  	$(RM) $(PROGRAM)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/apps.h ../RELENG_5_0/crypto/openssl/apps/apps.h
+*** crypto/openssl/apps/apps.h	Sun Nov 12 19:54:49 2000
+--- ../RELENG_5_0/crypto/openssl/apps/apps.h	Thu Feb 20 12:14:10 2003
+***************
+*** 92,99 ****
+--- 92,101 ----
+  #define MAIN(a,v)	main(a,v)
+  
+  #ifndef NON_MAIN
++ LHASH *config=NULL;
+  BIO *bio_err=NULL;
+  #else
++ extern LHASH *config;
+  extern BIO *bio_err;
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/asn1pars.c ../RELENG_5_0/crypto/openssl/apps/asn1pars.c
+*** crypto/openssl/apps/asn1pars.c	Tue Jul 30 09:37:25 2002
+--- ../RELENG_5_0/crypto/openssl/apps/asn1pars.c	Thu Feb 20 12:14:10 2003
+***************
+*** 328,333 ****
+  	if (at != NULL) ASN1_TYPE_free(at);
+  	if (osk != NULL) sk_free(osk);
+  	OBJ_cleanup();
+! 	EXIT(ret);
+  	}
+  
+--- 328,333 ----
+  	if (at != NULL) ASN1_TYPE_free(at);
+  	if (osk != NULL) sk_free(osk);
+  	OBJ_cleanup();
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ca.c ../RELENG_5_0/crypto/openssl/apps/ca.c
+*** crypto/openssl/apps/ca.c	Tue Jul 30 09:37:25 2002
+--- ../RELENG_5_0/crypto/openssl/apps/ca.c	Thu Feb 20 12:14:10 2003
+***************
+*** 543,549 ****
+  		goto err;
+  		}
+  		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+! 		if(key) memset(key,0,strlen(key));
+  	if (pkey == NULL)
+  		{
+  		BIO_printf(bio_err,"unable to load CA private key\n");
+--- 543,549 ----
+  		goto err;
+  		}
+  		pkey=PEM_read_bio_PrivateKey(in,NULL,NULL,key);
+! 		if(key) OPENSSL_cleanse(key,strlen(key));
+  	if (pkey == NULL)
+  		{
+  		BIO_printf(bio_err,"unable to load CA private key\n");
+***************
+*** 606,617 ****
+--- 606,619 ----
+  	       that to access().  However, time's too short to do that just
+  	       now.
+              */
++ #ifndef VXWORKS
+  		if (access(outdir,R_OK|W_OK|X_OK) != 0)
+  			{
+  			BIO_printf(bio_err,"I am unable to access the %s directory\n",outdir);
+  			perror(outdir);
+  			goto err;
+  			}
++ #endif
+  
+  		if (stat(outdir,&sb) != 0)
+  			{
+***************
+*** 829,837 ****
+  			}
+  		if (verbose)
+  			{
+! 			if ((f=BN_bn2hex(serial)) == NULL) goto err;
+! 			BIO_printf(bio_err,"next serial number is %s\n",f);
+! 			OPENSSL_free(f);
+  			}
+  
+  		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+--- 831,844 ----
+  			}
+  		if (verbose)
+  			{
+! 			if (BN_is_zero(serial))
+! 				BIO_printf(bio_err,"next serial number is 00\n");
+! 			else
+! 				{
+! 				if ((f=BN_bn2hex(serial)) == NULL) goto err;
+! 				BIO_printf(bio_err,"next serial number is %s\n",f);
+! 				OPENSSL_free(f);
+! 				}
+  			}
+  
+  		if ((attribs=CONF_get_section(conf,policy)) == NULL)
+***************
+*** 1275,1281 ****
+  	X509_CRL_free(crl);
+  	CONF_free(conf);
+  	OBJ_cleanup();
+! 	EXIT(ret);
+  	}
+  
+  static void lookup_fail(char *name, char *tag)
+--- 1282,1288 ----
+  	X509_CRL_free(crl);
+  	CONF_free(conf);
+  	OBJ_cleanup();
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void lookup_fail(char *name, char *tag)
+***************
+*** 1340,1346 ****
+  	ret=ASN1_INTEGER_to_BN(ai,NULL);
+  	if (ret == NULL)
+  		{
+! 		BIO_printf(bio_err,"error converting number from bin to BIGNUM");
+  		goto err;
+  		}
+  err:
+--- 1347,1353 ----
+  	ret=ASN1_INTEGER_to_BN(ai,NULL);
+  	if (ret == NULL)
+  		{
+! 		BIO_printf(bio_err,"error converting number from bin to BIGNUM\n");
+  		goto err;
+  		}
+  err:
+***************
+*** 1728,1734 ****
+  		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
+  
+  	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+! 	row[DB_serial]=BN_bn2hex(serial);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+  		BIO_printf(bio_err,"Memory allocation failure\n");
+--- 1735,1744 ----
+  		BIO_printf(bio_err,"The subject name appears to be ok, checking data base for clashes\n");
+  
+  	row[DB_name]=X509_NAME_oneline(subject,NULL,0);
+! 	if (BN_is_zero(serial))
+! 		row[DB_serial]=BUF_strdup("00");
+! 	else
+! 		row[DB_serial]=BN_bn2hex(serial);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+  		BIO_printf(bio_err,"Memory allocation failure\n");
+***************
+*** 2142,2148 ****
+  		row[i]=NULL;
+  	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+  	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+! 	row[DB_serial]=BN_bn2hex(bn);
+  	BN_free(bn);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+--- 2152,2161 ----
+  		row[i]=NULL;
+  	row[DB_name]=X509_NAME_oneline(X509_get_subject_name(x509),NULL,0);
+  	bn = ASN1_INTEGER_to_BN(X509_get_serialNumber(x509),NULL);
+! 	if (BN_is_zero(bn))
+! 		row[DB_serial]=BUF_strdup("00");
+! 	else
+! 		row[DB_serial]=BN_bn2hex(bn);
+  	BN_free(bn);
+  	if ((row[DB_name] == NULL) || (row[DB_serial] == NULL))
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/ciphers.c ../RELENG_5_0/crypto/openssl/apps/ciphers.c
+*** crypto/openssl/apps/ciphers.c	Sun Nov 12 19:54:54 2000
+--- ../RELENG_5_0/crypto/openssl/apps/ciphers.c	Thu Feb 20 12:14:10 2003
+***************
+*** 202,207 ****
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+  	if (ssl != NULL) SSL_free(ssl);
+  	if (STDout != NULL) BIO_free_all(STDout);
+! 	EXIT(ret);
+  	}
+  
+--- 202,207 ----
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+  	if (ssl != NULL) SSL_free(ssl);
+  	if (STDout != NULL) BIO_free_all(STDout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl.c ../RELENG_5_0/crypto/openssl/apps/crl.c
+*** crypto/openssl/apps/crl.c	Sun Nov 12 19:54:56 2000
+--- ../RELENG_5_0/crypto/openssl/apps/crl.c	Thu Feb 20 12:14:10 2003
+***************
+*** 364,370 ****
+  		X509_STORE_CTX_cleanup(&ctx);
+  		X509_STORE_free(store);
+  	}
+! 	EXIT(ret);
+  	}
+  
+  static X509_CRL *load_crl(char *infile, int format)
+--- 364,370 ----
+  		X509_STORE_CTX_cleanup(&ctx);
+  		X509_STORE_free(store);
+  	}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static X509_CRL *load_crl(char *infile, int format)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/crl2p7.c ../RELENG_5_0/crypto/openssl/apps/crl2p7.c
+*** crypto/openssl/apps/crl2p7.c	Sun Nov 12 19:54:56 2000
+--- ../RELENG_5_0/crypto/openssl/apps/crl2p7.c	Thu Feb 20 12:14:10 2003
+***************
+*** 166,172 ****
+  		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+  		BIO_printf(bio_err,"                (can be used more than once)\n");
+  		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
+! 		EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+--- 166,172 ----
+  		BIO_printf(bio_err," -certfile arg  certificates file of chain to a trusted CA\n");
+  		BIO_printf(bio_err,"                (can be used more than once)\n");
+  		BIO_printf(bio_err," -nocrl         no crl to load, just certs from '-certfile'\n");
+! 		OPENSSL_EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+***************
+*** 278,284 ****
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (crl != NULL) X509_CRL_free(crl);
+  
+! 	EXIT(ret);
+  	}
+  
+  /*
+--- 278,284 ----
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (crl != NULL) X509_CRL_free(crl);
+  
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /*
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dgst.c ../RELENG_5_0/crypto/openssl/apps/dgst.c
+*** crypto/openssl/apps/dgst.c	Tue Jul 30 08:43:18 2002
+--- ../RELENG_5_0/crypto/openssl/apps/dgst.c	Thu Feb 20 12:14:10 2003
+***************
+*** 327,333 ****
+  end:
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,BUFSIZE);
+  		OPENSSL_free(buf);
+  		}
+  	if (in != NULL) BIO_free(in);
+--- 327,333 ----
+  end:
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,BUFSIZE);
+  		OPENSSL_free(buf);
+  		}
+  	if (in != NULL) BIO_free(in);
+***************
+*** 335,341 ****
+  	EVP_PKEY_free(sigkey);
+  	if(sigbuf) OPENSSL_free(sigbuf);
+  	if (bmd != NULL) BIO_free(bmd);
+! 	EXIT(err);
+  	}
+  
+  void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+--- 335,341 ----
+  	EVP_PKEY_free(sigkey);
+  	if(sigbuf) OPENSSL_free(sigbuf);
+  	if (bmd != NULL) BIO_free(bmd);
+! 	OPENSSL_EXIT(err);
+  	}
+  
+  void do_fp(BIO *out, unsigned char *buf, BIO *bp, int sep, int binout,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dh.c ../RELENG_5_0/crypto/openssl/apps/dh.c
+*** crypto/openssl/apps/dh.c	Sun Nov 12 19:54:59 2000
+--- ../RELENG_5_0/crypto/openssl/apps/dh.c	Thu Feb 20 12:14:10 2003
+***************
+*** 319,324 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 319,324 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dhparam.c ../RELENG_5_0/crypto/openssl/apps/dhparam.c
+*** crypto/openssl/apps/dhparam.c	Sun Nov 12 19:54:59 2000
+--- ../RELENG_5_0/crypto/openssl/apps/dhparam.c	Thu Feb 20 12:14:10 2003
+***************
+*** 506,512 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  
+  /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+--- 506,512 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /* dh_cb is identical to dsa_cb in apps/dsaparam.c */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsa.c ../RELENG_5_0/crypto/openssl/apps/dsa.c
+*** crypto/openssl/apps/dsa.c	Sun Nov 12 19:55:01 2000
+--- ../RELENG_5_0/crypto/openssl/apps/dsa.c	Thu Feb 20 12:14:10 2003
+***************
+*** 293,298 ****
+  	if(dsa != NULL) DSA_free(dsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 293,298 ----
+  	if(dsa != NULL) DSA_free(dsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/dsaparam.c ../RELENG_5_0/crypto/openssl/apps/dsaparam.c
+*** crypto/openssl/apps/dsaparam.c	Tue Jul 30 08:43:19 2002
+--- ../RELENG_5_0/crypto/openssl/apps/dsaparam.c	Thu Feb 20 12:14:10 2003
+***************
+*** 357,363 ****
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+--- 357,363 ----
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/enc.c ../RELENG_5_0/crypto/openssl/apps/enc.c
+*** crypto/openssl/apps/enc.c	Tue Jul 30 08:43:19 2002
+--- ../RELENG_5_0/crypto/openssl/apps/enc.c	Thu Feb 20 12:14:10 2003
+***************
+*** 506,514 ****
+  			 * bug picked up by
+  			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
+  			if (str == strbuf)
+! 				memset(str,0,SIZE);
+  			else
+! 				memset(str,0,strlen(str));
+  			}
+  		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+  			{
+--- 506,514 ----
+  			 * bug picked up by
+  			 * Larry J. Hughes Jr. <hughes@indiana.edu> */
+  			if (str == strbuf)
+! 				OPENSSL_cleanse(str,SIZE);
+  			else
+! 				OPENSSL_cleanse(str,strlen(str));
+  			}
+  		if ((hiv != NULL) && !set_hex(hiv,iv,8))
+  			{
+***************
+*** 604,610 ****
+  	if (benc != NULL) BIO_free(benc);
+  	if (b64 != NULL) BIO_free(b64);
+  	if(pass) OPENSSL_free(pass);
+! 	EXIT(ret);
+  	}
+  
+  int set_hex(char *in, unsigned char *out, int size)
+--- 604,610 ----
+  	if (benc != NULL) BIO_free(benc);
+  	if (b64 != NULL) BIO_free(b64);
+  	if(pass) OPENSSL_free(pass);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  int set_hex(char *in, unsigned char *out, int size)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/errstr.c ../RELENG_5_0/crypto/openssl/apps/errstr.c
+*** crypto/openssl/apps/errstr.c	Sun Nov 12 19:55:01 2000
+--- ../RELENG_5_0/crypto/openssl/apps/errstr.c	Thu Feb 20 12:14:10 2003
+***************
+*** 121,125 ****
+  			ret++;
+  			}
+  		}
+! 	EXIT(ret);
+  	}
+--- 121,125 ----
+  			ret++;
+  			}
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendh.c ../RELENG_5_0/crypto/openssl/apps/gendh.c
+*** crypto/openssl/apps/gendh.c	Sun Nov 12 19:55:01 2000
+--- ../RELENG_5_0/crypto/openssl/apps/gendh.c	Thu Feb 20 12:14:10 2003
+***************
+*** 184,190 ****
+  		ERR_print_errors(bio_err);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+--- 184,190 ----
+  		ERR_print_errors(bio_err);
+  	if (out != NULL) BIO_free_all(out);
+  	if (dh != NULL) DH_free(dh);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK dh_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/gendsa.c ../RELENG_5_0/crypto/openssl/apps/gendsa.c
+*** crypto/openssl/apps/gendsa.c	Sun Nov 12 19:55:01 2000
+--- ../RELENG_5_0/crypto/openssl/apps/gendsa.c	Thu Feb 20 12:14:10 2003
+***************
+*** 220,225 ****
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #endif
+--- 220,225 ----
+  	if (out != NULL) BIO_free_all(out);
+  	if (dsa != NULL) DSA_free(dsa);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/genrsa.c ../RELENG_5_0/crypto/openssl/apps/genrsa.c
+*** crypto/openssl/apps/genrsa.c	Sun Nov 12 19:55:01 2000
+--- ../RELENG_5_0/crypto/openssl/apps/genrsa.c	Thu Feb 20 12:14:10 2003
+***************
+*** 224,230 ****
+  	if(passout) OPENSSL_free(passout);
+  	if (ret != 0)
+  		ERR_print_errors(bio_err);
+! 	EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
+--- 224,230 ----
+  	if(passout) OPENSSL_free(passout);
+  	if (ret != 0)
+  		ERR_print_errors(bio_err);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void MS_CALLBACK genrsa_cb(int p, int n, void *arg)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/nseq.c ../RELENG_5_0/crypto/openssl/apps/nseq.c
+*** crypto/openssl/apps/nseq.c	Sun Nov 12 19:55:03 2000
+--- ../RELENG_5_0/crypto/openssl/apps/nseq.c	Thu Feb 20 12:14:10 2003
+***************
+*** 102,108 ****
+  		BIO_printf (bio_err, "-in file  input file\n");
+  		BIO_printf (bio_err, "-out file output file\n");
+  		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+! 		EXIT(1);
+  	}
+  
+  	if (infile) {
+--- 102,108 ----
+  		BIO_printf (bio_err, "-in file  input file\n");
+  		BIO_printf (bio_err, "-out file output file\n");
+  		BIO_printf (bio_err, "-toseq    output NS Sequence file\n");
+! 		OPENSSL_EXIT(1);
+  	}
+  
+  	if (infile) {
+***************
+*** 162,167 ****
+  	BIO_free_all(out);
+  	NETSCAPE_CERT_SEQUENCE_free(seq);
+  
+! 	EXIT(ret);
+  }
+  
+--- 162,167 ----
+  	BIO_free_all(out);
+  	NETSCAPE_CERT_SEQUENCE_free(seq);
+  
+! 	OPENSSL_EXIT(ret);
+  }
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/openssl.c ../RELENG_5_0/crypto/openssl/apps/openssl.c
+*** crypto/openssl/apps/openssl.c	Tue Jul 30 08:43:19 2002
+--- ../RELENG_5_0/crypto/openssl/apps/openssl.c	Thu Feb 20 12:14:10 2003
+***************
+*** 77,87 ****
+  static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+  static LHASH *prog_init(void );
+  static int do_cmd(LHASH *prog,int argc,char *argv[]);
+- LHASH *config=NULL;
+  char *default_config_file=NULL;
+  
+  /* Make sure there is only one when MONOLITH is defined */
+  #ifdef MONOLITH
+  BIO *bio_err=NULL;
+  #endif
+  
+--- 77,87 ----
+  static int MS_CALLBACK cmp(FUNCTION *a,FUNCTION *b);
+  static LHASH *prog_init(void );
+  static int do_cmd(LHASH *prog,int argc,char *argv[]);
+  char *default_config_file=NULL;
+  
+  /* Make sure there is only one when MONOLITH is defined */
+  #ifdef MONOLITH
++ LHASH *config=NULL;
+  BIO *bio_err=NULL;
+  #endif
+  
+***************
+*** 215,221 ****
+  		BIO_free(bio_err);
+  		bio_err=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  #define LIST_STANDARD_COMMANDS "list-standard-commands"
+--- 215,221 ----
+  		BIO_free(bio_err);
+  		bio_err=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  #define LIST_STANDARD_COMMANDS "list-standard-commands"
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/passwd.c ../RELENG_5_0/crypto/openssl/apps/passwd.c
+*** crypto/openssl/apps/passwd.c	Sat May 19 23:05:02 2001
+--- ../RELENG_5_0/crypto/openssl/apps/passwd.c	Thu Feb 20 12:14:10 2003
+***************
+*** 284,290 ****
+  		BIO_free(in);
+  	if (out)
+  		BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+  
+  
+--- 284,290 ----
+  		BIO_free(in);
+  	if (out)
+  		BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  
+***************
+*** 498,503 ****
+  int MAIN(int argc, char **argv)
+  	{
+  	fputs("Program not available.\n", stderr)
+! 	EXIT(1);
+  	}
+  #endif
+--- 498,503 ----
+  int MAIN(int argc, char **argv)
+  	{
+  	fputs("Program not available.\n", stderr)
+! 	OPENSSL_EXIT(1);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs12.c ../RELENG_5_0/crypto/openssl/apps/pkcs12.c
+*** crypto/openssl/apps/pkcs12.c	Tue Jul 30 08:43:19 2002
+--- ../RELENG_5_0/crypto/openssl/apps/pkcs12.c	Thu Feb 20 12:14:10 2003
+***************
+*** 480,488 ****
+  		    /* Exclude verified certificate */
+  		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
+  			sk_X509_push(certs, sk_X509_value (chain2, i));
+! 		}
+! 		sk_X509_free(chain2);
+! 		if (vret) {
+  			BIO_printf (bio_err, "Error %s getting chain.\n",
+  					X509_verify_cert_error_string(vret));
+  			goto export_end;
+--- 480,489 ----
+  		    /* Exclude verified certificate */
+  		    for (i = 1; i < sk_X509_num (chain2) ; i++) 
+  			sk_X509_push(certs, sk_X509_value (chain2, i));
+! 		    /* Free first certificate */
+! 		    X509_free(sk_X509_value(chain2, 0));
+! 		    sk_X509_free(chain2);
+! 		} else {
+  			BIO_printf (bio_err, "Error %s getting chain.\n",
+  					X509_verify_cert_error_string(vret));
+  			goto export_end;
+***************
+*** 509,516 ****
+  	}
+  	sk_X509_pop_free(certs, X509_free);
+  	certs = NULL;
+- 	/* ucert is part of certs so it is already freed */
+- 	ucert = NULL;
+  
+  #ifdef CRYPTO_MDEBUG
+  	CRYPTO_pop_info();
+--- 510,515 ----
+***************
+*** 598,604 ****
+  	if (certs) sk_X509_pop_free(certs, X509_free);
+  	if (safes) sk_PKCS7_pop_free(safes, PKCS7_free);
+  	if (bags) sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free);
+- 	if (ucert) X509_free(ucert);
+  
+  #ifdef CRYPTO_MDEBUG
+  	CRYPTO_pop_info();
+--- 597,602 ----
+***************
+*** 668,674 ****
+      if (canames) sk_free(canames);
+      if(passin) OPENSSL_free(passin);
+      if(passout) OPENSSL_free(passout);
+!     EXIT(ret);
+  }
+  
+  int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+--- 666,672 ----
+      if (canames) sk_free(canames);
+      if(passin) OPENSSL_free(passin);
+      if(passout) OPENSSL_free(passout);
+!     OPENSSL_EXIT(ret);
+  }
+  
+  int dump_certs_keys_p12 (BIO *out, PKCS12 *p12, char *pass,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs7.c ../RELENG_5_0/crypto/openssl/apps/pkcs7.c
+*** crypto/openssl/apps/pkcs7.c	Tue Jul 30 09:37:26 2002
+--- ../RELENG_5_0/crypto/openssl/apps/pkcs7.c	Thu Feb 20 12:14:10 2003
+***************
+*** 154,160 ****
+  		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+  		BIO_printf(bio_err," -text         print full details of certificates\n");
+  		BIO_printf(bio_err," -noout        don't output encoded data\n");
+! 		EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+--- 154,160 ----
+  		BIO_printf(bio_err," -print_certs  print any certs or crl in the input\n");
+  		BIO_printf(bio_err," -text         print full details of certificates\n");
+  		BIO_printf(bio_err," -noout        don't output encoded data\n");
+! 		OPENSSL_EXIT(1);
+  		}
+  
+  	ERR_load_crypto_strings();
+***************
+*** 289,293 ****
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+--- 289,293 ----
+  	if (p7 != NULL) PKCS7_free(p7);
+  	if (in != NULL) BIO_free(in);
+  	if (out != NULL) BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/pkcs8.c ../RELENG_5_0/crypto/openssl/apps/pkcs8.c
+*** crypto/openssl/apps/pkcs8.c	Sun Nov 12 19:55:09 2000
+--- ../RELENG_5_0/crypto/openssl/apps/pkcs8.c	Thu Feb 20 12:14:10 2003
+***************
+*** 236,242 ****
+  			if(passout) p8pass = passout;
+  			else {
+  				p8pass = pass;
+! 				EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1);
+  			}
+  			app_RAND_load_file(NULL, bio_err, 0);
+  			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+--- 236,243 ----
+  			if(passout) p8pass = passout;
+  			else {
+  				p8pass = pass;
+! 				if (EVP_read_pw_string(pass, 50, "Enter Encryption Password:", 1))
+! 					return (1);
+  			}
+  			app_RAND_load_file(NULL, bio_err, 0);
+  			if (!(p8 = PKCS8_encrypt(pbe_nid, cipher,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rand.c ../RELENG_5_0/crypto/openssl/apps/rand.c
+*** crypto/openssl/apps/rand.c	Sun Nov 12 19:55:09 2000
+--- ../RELENG_5_0/crypto/openssl/apps/rand.c	Thu Feb 20 12:14:10 2003
+***************
+*** 144,148 ****
+  	ERR_print_errors(bio_err);
+  	if (out)
+  		BIO_free_all(out);
+! 	EXIT(ret);
+  	}
+--- 144,148 ----
+  	ERR_print_errors(bio_err);
+  	if (out)
+  		BIO_free_all(out);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/req.c ../RELENG_5_0/crypto/openssl/apps/req.c
+*** crypto/openssl/apps/req.c	Tue Jul 30 08:43:20 2002
+--- ../RELENG_5_0/crypto/openssl/apps/req.c	Thu Feb 20 12:14:10 2003
+***************
+*** 422,428 ****
+  
+  	if (template != NULL)
+  		{
+! 		long errline;
+  
+  		BIO_printf(bio_err,"Using configuration from %s\n",template);
+  		req_conf=CONF_load(NULL,template,&errline);
+--- 422,428 ----
+  
+  	if (template != NULL)
+  		{
+! 		long errline = -1;
+  
+  		BIO_printf(bio_err,"Using configuration from %s\n",template);
+  		req_conf=CONF_load(NULL,template,&errline);
+***************
+*** 909,915 ****
+  #ifndef NO_DSA
+  	if (dsa_params != NULL) DSA_free(dsa_params);
+  #endif
+! 	EXIT(ex);
+  	}
+  
+  static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+--- 909,915 ----
+  #ifndef NO_DSA
+  	if (dsa_params != NULL) DSA_free(dsa_params);
+  #endif
+! 	OPENSSL_EXIT(ex);
+  	}
+  
+  static int make_REQ(X509_REQ *req, EVP_PKEY *pkey, int attribs)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/rsa.c ../RELENG_5_0/crypto/openssl/apps/rsa.c
+*** crypto/openssl/apps/rsa.c	Sun Nov 12 19:55:14 2000
+--- ../RELENG_5_0/crypto/openssl/apps/rsa.c	Thu Feb 20 12:14:10 2003
+***************
+*** 389,395 ****
+  	if(rsa != NULL) RSA_free(rsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	EXIT(ret);
+  	}
+  #else /* !NO_RSA */
+  
+--- 389,395 ----
+  	if(rsa != NULL) RSA_free(rsa);
+  	if(passin) OPENSSL_free(passin);
+  	if(passout) OPENSSL_free(passout);
+! 	OPENSSL_EXIT(ret);
+  	}
+  #else /* !NO_RSA */
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_client.c ../RELENG_5_0/crypto/openssl/apps/s_client.c
+*** crypto/openssl/apps/s_client.c	Sat Jan 26 22:10:53 2002
+--- ../RELENG_5_0/crypto/openssl/apps/s_client.c	Thu Feb 20 12:14:10 2003
+***************
+*** 768,781 ****
+  	if (con != NULL) SSL_free(con);
+  	if (con2 != NULL) SSL_free(con2);
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+! 	if (cbuf != NULL) { memset(cbuf,0,BUFSIZZ); OPENSSL_free(cbuf); }
+! 	if (sbuf != NULL) { memset(sbuf,0,BUFSIZZ); OPENSSL_free(sbuf); }
+  	if (bio_c_out != NULL)
+  		{
+  		BIO_free(bio_c_out);
+  		bio_c_out=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  
+--- 768,781 ----
+  	if (con != NULL) SSL_free(con);
+  	if (con2 != NULL) SSL_free(con2);
+  	if (ctx != NULL) SSL_CTX_free(ctx);
+! 	if (cbuf != NULL) { OPENSSL_cleanse(cbuf,BUFSIZZ); OPENSSL_free(cbuf); }
+! 	if (sbuf != NULL) { OPENSSL_cleanse(sbuf,BUFSIZZ); OPENSSL_free(sbuf); }
+  	if (bio_c_out != NULL)
+  		{
+  		BIO_free(bio_c_out);
+  		bio_c_out=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_server.c ../RELENG_5_0/crypto/openssl/apps/s_server.c
+*** crypto/openssl/apps/s_server.c	Sat May 19 23:05:08 2001
+--- ../RELENG_5_0/crypto/openssl/apps/s_server.c	Thu Feb 20 12:14:10 2003
+***************
+*** 253,262 ****
+  static int ebcdic_new(BIO *bi);
+  static int ebcdic_free(BIO *a);
+  static int ebcdic_read(BIO *b, char *out, int outl);
+! static int ebcdic_write(BIO *b, char *in, int inl);
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr);
+  static int ebcdic_gets(BIO *bp, char *buf, int size);
+! static int ebcdic_puts(BIO *bp, char *str);
+  
+  #define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+  static BIO_METHOD methods_ebcdic=
+--- 253,262 ----
+  static int ebcdic_new(BIO *bi);
+  static int ebcdic_free(BIO *a);
+  static int ebcdic_read(BIO *b, char *out, int outl);
+! static int ebcdic_write(BIO *b, const char *in, int inl);
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr);
+  static int ebcdic_gets(BIO *bp, char *buf, int size);
+! static int ebcdic_puts(BIO *bp, const char *str);
+  
+  #define BIO_TYPE_EBCDIC_FILTER	(18|0x0200)
+  static BIO_METHOD methods_ebcdic=
+***************
+*** 321,327 ****
+  	return(ret);
+  }
+  
+! static int ebcdic_write(BIO *b, char *in, int inl)
+  {
+  	EBCDIC_OUTBUFF *wbuf;
+  	int ret=0;
+--- 321,327 ----
+  	return(ret);
+  }
+  
+! static int ebcdic_write(BIO *b, const char *in, int inl)
+  {
+  	EBCDIC_OUTBUFF *wbuf;
+  	int ret=0;
+***************
+*** 354,360 ****
+  	return(ret);
+  }
+  
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, char *ptr)
+  {
+  	long ret;
+  
+--- 354,360 ----
+  	return(ret);
+  }
+  
+! static long ebcdic_ctrl(BIO *b, int cmd, long num, void *ptr)
+  {
+  	long ret;
+  
+***************
+*** 373,379 ****
+  
+  static int ebcdic_gets(BIO *bp, char *buf, int size)
+  {
+! 	int i, ret;
+  	if (bp->next_bio == NULL) return(0);
+  /*	return(BIO_gets(bp->next_bio,buf,size));*/
+  	for (i=0; i<size-1; ++i)
+--- 373,379 ----
+  
+  static int ebcdic_gets(BIO *bp, char *buf, int size)
+  {
+! 	int i, ret=0;
+  	if (bp->next_bio == NULL) return(0);
+  /*	return(BIO_gets(bp->next_bio,buf,size));*/
+  	for (i=0; i<size-1; ++i)
+***************
+*** 392,398 ****
+  	return (ret < 0 && i == 0) ? ret : i;
+  }
+  
+! static int ebcdic_puts(BIO *bp, char *str)
+  {
+  	if (bp->next_bio == NULL) return(0);
+  	return ebcdic_write(bp, str, strlen(str));
+--- 392,398 ----
+  	return (ret < 0 && i == 0) ? ret : i;
+  }
+  
+! static int ebcdic_puts(BIO *bp, const char *str)
+  {
+  	if (bp->next_bio == NULL) return(0);
+  	return ebcdic_write(bp, str, strlen(str));
+***************
+*** 741,747 ****
+  		BIO_free(bio_s_out);
+  		bio_s_out=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+--- 741,747 ----
+  		BIO_free(bio_s_out);
+  		bio_s_out=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static void print_stats(BIO *bio, SSL_CTX *ssl_ctx)
+***************
+*** 1043,1049 ****
+  	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,bufsize);
+  		OPENSSL_free(buf);
+  		}
+  	if (ret >= 0)
+--- 1043,1049 ----
+  	BIO_printf(bio_s_out,"CONNECTION CLOSED\n");
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,bufsize);
+  		OPENSSL_free(buf);
+  		}
+  	if (ret >= 0)
+***************
+*** 1250,1256 ****
+  			else
+  				{
+  				BIO_printf(bio_s_out,"read R BLOCK\n");
+! #ifndef MSDOS
+  				sleep(1);
+  #endif
+  				continue;
+--- 1250,1256 ----
+  			else
+  				{
+  				BIO_printf(bio_s_out,"read R BLOCK\n");
+! #if !defined(MSDOS) && !defined(VXWORKS)
+  				sleep(1);
+  #endif
+  				continue;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/s_time.c ../RELENG_5_0/crypto/openssl/apps/s_time.c
+*** crypto/openssl/apps/s_time.c	Tue Jul 30 08:43:21 2002
+--- ../RELENG_5_0/crypto/openssl/apps/s_time.c	Thu Feb 20 12:14:10 2003
+***************
+*** 116,121 ****
+--- 116,126 ----
+  #include <sys/param.h>
+  #endif
+  
++ #ifdef VXWORKS
++ #include <tickLib.h>
++ #undef SIGALRM
++ #endif
++ 
+  /* The following if from times(3) man page.  It may need to be changed
+  */
+  #ifndef HZ
+***************
+*** 461,467 ****
+  
+  	if (tm_cipher == NULL ) {
+  		fprintf( stderr, "No CIPHER specified\n" );
+! /*		EXIT(1); */
+  	}
+  
+  	if (!(perform & 1)) goto next;
+--- 466,472 ----
+  
+  	if (tm_cipher == NULL ) {
+  		fprintf( stderr, "No CIPHER specified\n" );
+! /*		OPENSSL_EXIT(1); */
+  	}
+  
+  	if (!(perform & 1)) goto next;
+***************
+*** 628,634 ****
+  		SSL_CTX_free(tm_ctx);
+  		tm_ctx=NULL;
+  		}
+! 	EXIT(ret);
+  	}
+  
+  /***********************************************************************
+--- 633,639 ----
+  		SSL_CTX_free(tm_ctx);
+  		tm_ctx=NULL;
+  		}
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  /***********************************************************************
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/sess_id.c ../RELENG_5_0/crypto/openssl/apps/sess_id.c
+*** crypto/openssl/apps/sess_id.c	Sun Nov 12 19:55:29 2000
+--- ../RELENG_5_0/crypto/openssl/apps/sess_id.c	Thu Feb 20 12:14:10 2003
+***************
+*** 272,278 ****
+  end:
+  	if (out != NULL) BIO_free_all(out);
+  	if (x != NULL) SSL_SESSION_free(x);
+! 	EXIT(ret);
+  	}
+  
+  static SSL_SESSION *load_sess_id(char *infile, int format)
+--- 272,278 ----
+  end:
+  	if (out != NULL) BIO_free_all(out);
+  	if (x != NULL) SSL_SESSION_free(x);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static SSL_SESSION *load_sess_id(char *infile, int format)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/speed.c ../RELENG_5_0/crypto/openssl/apps/speed.c
+*** crypto/openssl/apps/speed.c	Tue Jul 30 08:46:43 2002
+--- ../RELENG_5_0/crypto/openssl/apps/speed.c	Thu Feb 20 12:14:10 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/apps/speed.c,v 1.9 2002/07/30 12:46:43 nectar Exp $
+   */
+  
+  /* most of this code has been pilfered from my libdes speed.c program */
+--- 54,59 ----
+***************
+*** 691,697 ****
+  			BIO_printf(bio_err,"\n");
+  #endif
+  
+! #ifdef TIMES
+  			BIO_printf(bio_err,"\n");
+  			BIO_printf(bio_err,"Available options:\n");
+  			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+--- 689,695 ----
+  			BIO_printf(bio_err,"\n");
+  #endif
+  
+! #if defined(TIMES) || defined(USE_TOD)
+  			BIO_printf(bio_err,"\n");
+  			BIO_printf(bio_err,"Available options:\n");
+  			BIO_printf(bio_err,"-elapsed        measure time in real time instead of CPU user time.\n");
+***************
+*** 1414,1420 ****
+  		if (dsa_key[i] != NULL)
+  			DSA_free(dsa_key[i]);
+  #endif
+! 	EXIT(mret);
+  	}
+  
+  static void print_message(char *s, long num, int length)
+--- 1412,1418 ----
+  		if (dsa_key[i] != NULL)
+  			DSA_free(dsa_key[i]);
+  #endif
+! 	OPENSSL_EXIT(mret);
+  	}
+  
+  static void print_message(char *s, long num, int length)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/spkac.c ../RELENG_5_0/crypto/openssl/apps/spkac.c
+*** crypto/openssl/apps/spkac.c	Sun Nov 12 19:55:34 2000
+--- ../RELENG_5_0/crypto/openssl/apps/spkac.c	Thu Feb 20 12:14:10 2003
+***************
+*** 288,292 ****
+  	BIO_free(key);
+  	EVP_PKEY_free(pkey);
+  	if(passin) OPENSSL_free(passin);
+! 	EXIT(ret);
+  	}
+--- 288,292 ----
+  	BIO_free(key);
+  	EVP_PKEY_free(pkey);
+  	if(passin) OPENSSL_free(passin);
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/verify.c ../RELENG_5_0/crypto/openssl/apps/verify.c
+*** crypto/openssl/apps/verify.c	Sun Nov 12 19:55:36 2000
+--- ../RELENG_5_0/crypto/openssl/apps/verify.c	Thu Feb 20 12:14:10 2003
+***************
+*** 213,219 ****
+  	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+  	sk_X509_pop_free(untrusted, X509_free);
+  	sk_X509_pop_free(trusted, X509_free);
+! 	EXIT(ret);
+  	}
+  
+  static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+--- 213,219 ----
+  	if (cert_ctx != NULL) X509_STORE_free(cert_ctx);
+  	sk_X509_pop_free(untrusted, X509_free);
+  	sk_X509_pop_free(trusted, X509_free);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static int check(X509_STORE *ctx, char *file, STACK_OF(X509) *uchain, STACK_OF(X509) *tchain, int purpose)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/version.c ../RELENG_5_0/crypto/openssl/apps/version.c
+*** crypto/openssl/apps/version.c	Thu Apr 13 02:25:44 2000
+--- ../RELENG_5_0/crypto/openssl/apps/version.c	Thu Feb 20 12:14:10 2003
+***************
+*** 128,132 ****
+  		}
+  	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+  end:
+! 	EXIT(ret);
+  	}
+--- 128,132 ----
+  		}
+  	if (cflags)  printf("%s\n",SSLeay_version(SSLEAY_CFLAGS));
+  end:
+! 	OPENSSL_EXIT(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/apps/x509.c ../RELENG_5_0/crypto/openssl/apps/x509.c
+*** crypto/openssl/apps/x509.c	Tue Jul 30 09:37:26 2002
+--- ../RELENG_5_0/crypto/openssl/apps/x509.c	Thu Feb 20 12:14:10 2003
+***************
+*** 121,127 ****
+  " -CAkey arg      - set the CA key, must be PEM format\n",
+  "                   missing, it is assumed to be in the CA file.\n",
+  " -CAcreateserial - create serial number file if it does not exist\n",
+! " -CAserial       - serial file\n",
+  " -text           - print the certificate in text form\n",
+  " -C              - print out C code forms\n",
+  " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+--- 121,127 ----
+  " -CAkey arg      - set the CA key, must be PEM format\n",
+  "                   missing, it is assumed to be in the CA file.\n",
+  " -CAcreateserial - create serial number file if it does not exist\n",
+! " -CAserial arg   - serial file\n",
+  " -text           - print the certificate in text form\n",
+  " -C              - print out C code forms\n",
+  " -md2/-md5/-sha1/-mdc2 - digest to use\n",
+***************
+*** 447,453 ****
+  
+  	if (extfile)
+  		{
+! 		long errorline;
+  		X509V3_CTX ctx2;
+  		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+  			{
+--- 447,453 ----
+  
+  	if (extfile)
+  		{
+! 		long errorline = -1;
+  		X509V3_CTX ctx2;
+  		if (!(extconf=CONF_load(NULL,extfile,&errorline)))
+  			{
+***************
+*** 961,967 ****
+  	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+  	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+  	if (passin) OPENSSL_free(passin);
+! 	EXIT(ret);
+  	}
+  
+  static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+--- 961,967 ----
+  	sk_ASN1_OBJECT_pop_free(trust, ASN1_OBJECT_free);
+  	sk_ASN1_OBJECT_pop_free(reject, ASN1_OBJECT_free);
+  	if (passin) OPENSSL_free(passin);
+! 	OPENSSL_EXIT(ret);
+  	}
+  
+  static int x509_certify(X509_STORE *ctx, char *CAfile, const EVP_MD *digest,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/config ../RELENG_5_0/crypto/openssl/config
+*** crypto/openssl/config	Fri Aug  9 21:47:54 2002
+--- ../RELENG_5_0/crypto/openssl/config	Thu Feb 20 12:14:09 2003
+***************
+*** 317,322 ****
+--- 317,326 ----
+      *CRAY*)
+         echo "j90-cray-unicos"; exit 0;
+         ;;
++ 
++     NONSTOP_KERNEL*)
++        echo "nsr-tandem-nsk"; exit 0;
++        ;;
+  esac
+  
+  #
+***************
+*** 473,479 ****
+  	echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+  	echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	read waste < /dev/tty
+          CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+          CPU=${CPU:-0}
+          if [ $CPU -ge 5000 ]; then
+--- 477,484 ----
+  	echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	echo "         invoke './Configure irix64-mips4-$CC' *manually*."
+  	echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	# Do not stop if /dev/tty is unavailable
+! 	(read waste < /dev/tty) || true
+          CPU=`(hinv -t cpu) 2>/dev/null | sed 's/^CPU:[^R]*R\([0-9]*\).*/\1/'`
+          CPU=${CPU:-0}
+          if [ $CPU -ge 5000 ]; then
+***************
+*** 528,534 ****
+  	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	#echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	#read waste < /dev/tty
+  	OUT="linux-sparcv9" ;;
+    sparc-*-linux2)
+  	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+--- 533,540 ----
+  	#echo "WARNING! If you wish to build 64-bit library, then you have to"
+  	#echo "         invoke './Configure linux64-sparcv9' *manually*."
+  	#echo "         Type return if you want to continue, Ctrl-C to abort."
+! 	# Do not stop if /dev/tty is unavailable
+! 	#(read waste < /dev/tty) || true
+  	OUT="linux-sparcv9" ;;
+    sparc-*-linux2)
+  	KARCH=`awk '/^type/{print$3}' /proc/cpuinfo`
+***************
+*** 569,575 ****
+  		echo "WARNING! If you wish to build 64-bit library, then you have to"
+  		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+  		echo "         Type return if you want to continue, Ctrl-C to abort."
+! 		read waste < /dev/tty
+  	fi
+  	OUT="solaris-sparcv9-$CC" ;;
+    sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+--- 575,582 ----
+  		echo "WARNING! If you wish to build 64-bit library, then you have to"
+  		echo "         invoke './Configure solaris64-sparcv9-cc' *manually*."
+  		echo "         Type return if you want to continue, Ctrl-C to abort."
+! 		# Do not stop if /dev/tty is unavailable
+! 		(read waste < /dev/tty) || true
+  	fi
+  	OUT="solaris-sparcv9-$CC" ;;
+    sun4m-*-solaris2)	OUT="solaris-sparcv8-$CC" ;;
+***************
+*** 630,635 ****
+--- 637,643 ----
+    *-*-cygwin) OUT="Cygwin" ;;
+    t3e-cray-unicosmk) OUT="cray-t3e" ;;
+    j90-cray-unicos) OUT="cray-j90" ;;
++   nsr-tandem-nsk) OUT="tandem-c89" ;;
+    *) OUT=`echo $GUESSOS | awk -F- '{print $3}'`;;
+  esac
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/Makefile.ssl
+*** crypto/openssl/crypto/Makefile.ssl	Tue Jul 30 09:37:27 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/Makefile.ssl	Thu Feb 20 12:14:11 2003
+***************
+*** 34,41 ****
+  GENERAL=Makefile README crypto-lib.com install.com
+  
+  LIB= $(TOP)/libcrypto.a
+! LIBSRC=	cryptlib.c mem.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+! LIBOBJ= cryptlib.o mem.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+  
+  SRC= $(LIBSRC)
+  
+--- 34,41 ----
+  GENERAL=Makefile README crypto-lib.com install.com
+  
+  LIB= $(TOP)/libcrypto.a
+! LIBSRC=	cryptlib.c mem.c mem_clr.c mem_dbg.c cversion.c ex_data.c tmdiff.c cpt_err.c ebcdic.c uid.c
+! LIBOBJ= cryptlib.o mem.o mem_clr.o mem_dbg.o cversion.o ex_data.o tmdiff.o cpt_err.o ebcdic.o uid.o
+  
+  SRC= $(LIBSRC)
+  
+***************
+*** 129,135 ****
+  
+  depend:
+  	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+! 	$(MAKEDEPEND) $(INCLUDE) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+  	@for i in $(SDIRS) ;\
+  	do \
+--- 129,135 ----
+  
+  depend:
+  	if [ ! -f buildinf.h ]; then touch buildinf.h; fi # fake buildinf.h if it does not exist
+! 	$(MAKEDEPEND) -- $(INCLUDE) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  	if [ ! -s buildinf.h ]; then rm buildinf.h; fi
+  	@for i in $(SDIRS) ;\
+  	do \
+***************
+*** 185,190 ****
+--- 185,193 ----
+  mem.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+  mem.o: ../include/openssl/opensslv.h ../include/openssl/safestack.h
+  mem.o: ../include/openssl/stack.h ../include/openssl/symhacks.h cryptlib.h
++ mem_clr.o: ../include/openssl/crypto.h ../include/openssl/opensslv.h
++ mem_clr.o: ../include/openssl/safestack.h ../include/openssl/stack.h
++ mem_clr.o: ../include/openssl/symhacks.h
+  mem_dbg.o: ../include/openssl/bio.h ../include/openssl/buffer.h
+  mem_dbg.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  mem_dbg.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/asn1/Makefile.ssl
+*** crypto/openssl/crypto/asn1/Makefile.ssl	Tue Jul 30 08:43:25 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/asn1/Makefile.ssl	Thu Feb 20 12:14:11 2003
+***************
+*** 104,110 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 104,110 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_sign.c ../RELENG_5_0/crypto/openssl/crypto/asn1/a_sign.c
+*** crypto/openssl/crypto/asn1/a_sign.c	Tue Jul 30 08:43:23 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/asn1/a_sign.c	Thu Feb 20 12:14:11 2003
+***************
+*** 199,208 ****
+  	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+  	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+  err:
+! 	memset(&ctx,0,sizeof(ctx));
+  	if (buf_in != NULL)
+! 		{ memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); }
+  	if (buf_out != NULL)
+! 		{ memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); }
+  	return(outl);
+  	}
+--- 199,208 ----
+  	signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+  	signature->flags|=ASN1_STRING_FLAG_BITS_LEFT;
+  err:
+! 	OPENSSL_cleanse(&ctx,sizeof(ctx));
+  	if (buf_in != NULL)
+! 		{ OPENSSL_cleanse((char *)buf_in,(unsigned int)inl); OPENSSL_free(buf_in); }
+  	if (buf_out != NULL)
+! 		{ OPENSSL_cleanse((char *)buf_out,outll); OPENSSL_free(buf_out); }
+  	return(outl);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_strex.c ../RELENG_5_0/crypto/openssl/crypto/asn1/a_strex.c
+*** crypto/openssl/crypto/asn1/a_strex.c	Sun Nov 12 19:56:09 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/asn1/a_strex.c	Thu Feb 20 12:14:11 2003
+***************
+*** 519,525 ****
+  {
+  	ASN1_STRING stmp, *str = &stmp;
+  	int mbflag, type, ret;
+! 	if(!*out || !in) return -1;
+  	type = in->type;
+  	if((type < 0) || (type > 30)) return -1;
+  	mbflag = tag2nbyte[type];
+--- 519,525 ----
+  {
+  	ASN1_STRING stmp, *str = &stmp;
+  	int mbflag, type, ret;
+! 	if(!in) return -1;
+  	type = in->type;
+  	if((type < 0) || (type > 30)) return -1;
+  	mbflag = tag2nbyte[type];
+***************
+*** 528,533 ****
+  	stmp.data = NULL;
+  	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+  	if(ret < 0) return ret;
+! 	if(out) *out = stmp.data;
+  	return stmp.length;
+  }
+--- 528,533 ----
+  	stmp.data = NULL;
+  	ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, B_ASN1_UTF8STRING);
+  	if(ret < 0) return ret;
+! 	*out = stmp.data;
+  	return stmp.length;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_utctm.c ../RELENG_5_0/crypto/openssl/crypto/asn1/a_utctm.c
+*** crypto/openssl/crypto/asn1/a_utctm.c	Tue Jul 30 09:37:28 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/asn1/a_utctm.c	Thu Feb 20 12:14:12 2003
+***************
+*** 246,251 ****
+--- 246,253 ----
+  		ts=(struct tm *)localtime(&t);
+  		}
+  #endif
++ 	if (ts == NULL)
++ 		return(NULL);
+  	p=(char *)s->data;
+  	if ((p == NULL) || (s->length < 14))
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/a_verify.c ../RELENG_5_0/crypto/openssl/crypto/asn1/a_verify.c
+*** crypto/openssl/crypto/asn1/a_verify.c	Sun Nov 12 19:56:11 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/asn1/a_verify.c	Thu Feb 20 12:14:12 2003
+***************
+*** 100,106 ****
+  	EVP_VerifyInit(&ctx,type);
+  	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+  
+! 	memset(buf_in,0,(unsigned int)inl);
+  	OPENSSL_free(buf_in);
+  
+  	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+--- 100,106 ----
+  	EVP_VerifyInit(&ctx,type);
+  	EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl);
+  
+! 	OPENSSL_cleanse(buf_in,(unsigned int)inl);
+  	OPENSSL_free(buf_in);
+  
+  	if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data,
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/n_pkey.c ../RELENG_5_0/crypto/openssl/crypto/asn1/n_pkey.c
+*** crypto/openssl/crypto/asn1/n_pkey.c	Sun Nov 12 19:56:21 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/asn1/n_pkey.c	Thu Feb 20 12:14:12 2003
+***************
+*** 181,187 ****
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	memset(buf,0,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+--- 181,187 ----
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	OPENSSL_cleanse(buf,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL);
+***************
+*** 292,298 ****
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	memset(buf,0,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+--- 292,298 ----
+  	}
+  		
+  	EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL);
+! 	OPENSSL_cleanse(buf,256);
+  
+  	EVP_CIPHER_CTX_init(&ctx);
+  	EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/asn1/p8_pkey.c ../RELENG_5_0/crypto/openssl/crypto/asn1/p8_pkey.c
+*** crypto/openssl/crypto/asn1/p8_pkey.c	Sun Nov 12 19:56:24 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/asn1/p8_pkey.c	Thu Feb 20 12:14:12 2003
+***************
+*** 119,126 ****
+  	X509_ALGOR_free(a->pkeyalg);
+  	/* Clear sensitive data */
+  	if (a->pkey->value.octet_string)
+! 		memset (a->pkey->value.octet_string->data,
+! 				 0, a->pkey->value.octet_string->length);
+  	ASN1_TYPE_free (a->pkey);
+  	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+  	OPENSSL_free (a);
+--- 119,126 ----
+  	X509_ALGOR_free(a->pkeyalg);
+  	/* Clear sensitive data */
+  	if (a->pkey->value.octet_string)
+! 		OPENSSL_cleanse(a->pkey->value.octet_string->data,
+! 				a->pkey->value.octet_string->length);
+  	ASN1_TYPE_free (a->pkey);
+  	sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free);
+  	OPENSSL_free (a);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/bf/Makefile.ssl
+*** crypto/openssl/crypto/bf/Makefile.ssl	Sat Feb 17 22:15:31 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/bf/Makefile.ssl	Thu Feb 20 12:14:12 2003
+***************
+*** 96,102 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 96,102 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bf/bftest.c ../RELENG_5_0/crypto/openssl/crypto/bf/bftest.c
+*** crypto/openssl/crypto/bf/bftest.c	Sun Nov 12 19:56:37 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/bf/bftest.c	Thu Feb 20 12:14:12 2003
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_BF
+  int main(int argc, char *argv[])
+  {
+***************
+*** 275,281 ****
+  	else
+  		ret=test();
+  
+! 	exit(ret);
+  	return(0);
+  	}
+  
+--- 277,283 ----
+  	else
+  		ret=test();
+  
+! 	EXIT(ret);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/bio/Makefile.ssl
+*** crypto/openssl/crypto/bio/Makefile.ssl	Thu Jul 19 15:57:50 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/bio/Makefile.ssl	Thu Feb 20 12:14:12 2003
+***************
+*** 78,84 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 78,84 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bio/bio.h ../RELENG_5_0/crypto/openssl/crypto/bio/bio.h
+*** crypto/openssl/crypto/bio/bio.h	Tue Jul 30 08:43:26 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/bio/bio.h	Thu Feb 20 12:14:12 2003
+***************
+*** 241,247 ****
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_fat *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+--- 241,247 ----
+  	long (_far *ctrl)();
+  	int (_far *create)();
+  	int (_far *destroy)();
+! 	long (_far *callback_ctrl)();
+  	} BIO_METHOD;
+  #endif
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/bn/Makefile.ssl
+*** crypto/openssl/crypto/bn/Makefile.ssl	Sat Jan 26 22:11:21 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/bn/Makefile.ssl	Thu Feb 20 12:14:12 2003
+***************
+*** 159,165 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 159,165 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn.h ../RELENG_5_0/crypto/openssl/crypto/bn/bn.h
+*** crypto/openssl/crypto/bn/bn.h	Tue Jul 30 09:37:32 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/bn/bn.h	Thu Feb 20 12:14:12 2003
+***************
+*** 155,161 ****
+  #define BN_BYTES	4
+  #define BN_BITS2	32
+  #define BN_BITS4	16
+! #ifdef _MSC_VER
+  /* VC++ doesn't like the LL suffix */
+  #define BN_MASK		(0xffffffffffffffffL)
+  #else
+--- 155,161 ----
+  #define BN_BYTES	4
+  #define BN_BITS2	32
+  #define BN_BITS4	16
+! #if defined(_MSC_VER) || defined(__BORLANDC__)
+  /* VC++ doesn't like the LL suffix */
+  #define BN_MASK		(0xffffffffffffffffL)
+  #else
+***************
+*** 413,419 ****
+  			  BN_CTX *ctx);
+  int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+  void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx);
+  BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+  
+  BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+--- 413,419 ----
+  			  BN_CTX *ctx);
+  int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx);
+  void BN_MONT_CTX_free(BN_MONT_CTX *mont);
+! int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *mod,BN_CTX *ctx);
+  BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from);
+  
+  BN_BLINDING *BN_BLINDING_new(BIGNUM *A,BIGNUM *Ai,BIGNUM *mod);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_lib.c ../RELENG_5_0/crypto/openssl/crypto/bn/bn_lib.c
+*** crypto/openssl/crypto/bn/bn_lib.c	Sat Feb 17 22:15:41 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/bn/bn_lib.c	Thu Feb 20 12:14:12 2003
+***************
+*** 263,274 ****
+  	if (a == NULL) return;
+  	if (a->d != NULL)
+  		{
+! 		memset(a->d,0,a->dmax*sizeof(a->d[0]));
+  		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+  			OPENSSL_free(a->d);
+  		}
+  	i=BN_get_flags(a,BN_FLG_MALLOCED);
+! 	memset(a,0,sizeof(BIGNUM));
+  	if (i)
+  		OPENSSL_free(a);
+  	}
+--- 263,274 ----
+  	if (a == NULL) return;
+  	if (a->d != NULL)
+  		{
+! 		OPENSSL_cleanse(a->d,a->dmax*sizeof(a->d[0]));
+  		if (!(BN_get_flags(a,BN_FLG_STATIC_DATA)))
+  			OPENSSL_free(a->d);
+  		}
+  	i=BN_get_flags(a,BN_FLG_MALLOCED);
+! 	OPENSSL_cleanse(a,sizeof(BIGNUM));
+  	if (i)
+  		OPENSSL_free(a);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_rand.c ../RELENG_5_0/crypto/openssl/crypto/bn/bn_rand.c
+*** crypto/openssl/crypto/bn/bn_rand.c	Sat Jan 26 22:11:20 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/bn/bn_rand.c	Thu Feb 20 12:14:12 2003
+***************
+*** 201,207 ****
+  err:
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,bytes);
+  		OPENSSL_free(buf);
+  		}
+  	return(ret);
+--- 201,207 ----
+  err:
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,bytes);
+  		OPENSSL_free(buf);
+  		}
+  	return(ret);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bn_word.c ../RELENG_5_0/crypto/openssl/crypto/bn/bn_word.c
+*** crypto/openssl/crypto/bn/bn_word.c	Sun Nov 12 19:57:08 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/bn/bn_word.c	Thu Feb 20 12:14:12 2003
+***************
+*** 123,129 ****
+  	i=0;
+  	for (;;)
+  		{
+! 		l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+  		a->d[i]=l;
+  		if (w > l)
+  			w=1;
+--- 123,132 ----
+  	i=0;
+  	for (;;)
+  		{
+! 		if (i >= a->top)
+! 			l=w;
+! 		else
+! 			l=(a->d[i]+(BN_ULONG)w)&BN_MASK2;
+  		a->d[i]=l;
+  		if (w > l)
+  			w=1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/bntest.c ../RELENG_5_0/crypto/openssl/crypto/bn/bntest.c
+*** crypto/openssl/crypto/bn/bntest.c	Sat May 19 23:05:34 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/bn/bntest.c	Thu Feb 20 12:14:12 2003
+***************
+*** 139,148 ****
+  
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) exit(1);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) exit(1);
+  	if (outfile == NULL)
+  		{
+  		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+--- 139,148 ----
+  
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) EXIT(1);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) EXIT(1);
+  	if (outfile == NULL)
+  		{
+  		BIO_set_fp(out,stdout,BIO_NOCLOSE);
+***************
+*** 152,158 ****
+  		if (!BIO_write_filename(out,outfile))
+  			{
+  			perror(outfile);
+! 			exit(1);
+  			}
+  		}
+  
+--- 152,158 ----
+  		if (!BIO_write_filename(out,outfile))
+  			{
+  			perror(outfile);
+! 			EXIT(1);
+  			}
+  		}
+  
+***************
+*** 228,241 ****
+  	BIO_free(out);
+  
+  /**/
+! 	exit(0);
+  err:
+  	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+  	                      * the failure, see test_bn in test/Makefile.ssl*/
+  	BIO_flush(out);
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	exit(1);
+  	return(1);
+  	}
+  
+--- 228,241 ----
+  	BIO_free(out);
+  
+  /**/
+! 	EXIT(0);
+  err:
+  	BIO_puts(out,"1\n"); /* make sure the Perl script fed by bc notices
+  	                      * the failure, see test_bn in test/Makefile.ssl*/
+  	BIO_flush(out);
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	EXIT(1);
+  	return(1);
+  	}
+  
+***************
+*** 746,752 ****
+  			while ((l=ERR_get_error()))
+  				fprintf(stderr,"ERROR:%s\n",
+  					ERR_error_string(l,NULL));
+! 			exit(1);
+  			}
+  		if (bp != NULL)
+  			{
+--- 746,752 ----
+  			while ((l=ERR_get_error()))
+  				fprintf(stderr,"ERROR:%s\n",
+  					ERR_error_string(l,NULL));
+! 			EXIT(1);
+  			}
+  		if (bp != NULL)
+  			{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/bn/exptest.c ../RELENG_5_0/crypto/openssl/crypto/bn/exptest.c
+*** crypto/openssl/crypto/bn/exptest.c	Thu Apr 13 02:27:11 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/bn/exptest.c	Thu Feb 20 12:14:12 2003
+***************
+*** 59,64 ****
+--- 59,67 ----
+  #include <stdio.h>
+  #include <stdlib.h>
+  #include <string.h>
++ 
++ #include "../e_os.h"
++ 
+  #include <openssl/bio.h>
+  #include <openssl/bn.h>
+  #include <openssl/rand.h>
+***************
+*** 86,92 ****
+  	ERR_load_BN_strings();
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) exit(1);
+  	r_mont=BN_new();
+  	r_recp=BN_new();
+  	r_simple=BN_new();
+--- 89,95 ----
+  	ERR_load_BN_strings();
+  
+  	ctx=BN_CTX_new();
+! 	if (ctx == NULL) EXIT(1);
+  	r_mont=BN_new();
+  	r_recp=BN_new();
+  	r_simple=BN_new();
+***************
+*** 99,105 ****
+  
+  	out=BIO_new(BIO_s_file());
+  
+! 	if (out == NULL) exit(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	for (i=0; i<200; i++)
+--- 102,108 ----
+  
+  	out=BIO_new(BIO_s_file());
+  
+! 	if (out == NULL) EXIT(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	for (i=0; i<200; i++)
+***************
+*** 124,130 ****
+  			{
+  			printf("BN_mod_exp_mont() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+--- 127,133 ----
+  			{
+  			printf("BN_mod_exp_mont() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		ret=BN_mod_exp_recp(r_recp,a,b,m,ctx);
+***************
+*** 132,138 ****
+  			{
+  			printf("BN_mod_exp_recp() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+--- 135,141 ----
+  			{
+  			printf("BN_mod_exp_recp() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		ret=BN_mod_exp_simple(r_simple,a,b,m,ctx);
+***************
+*** 140,146 ****
+  			{
+  			printf("BN_mod_exp_simple() problems\n");
+  			ERR_print_errors(out);
+! 			exit(1);
+  			}
+  
+  		if (BN_cmp(r_simple, r_mont) == 0
+--- 143,149 ----
+  			{
+  			printf("BN_mod_exp_simple() problems\n");
+  			ERR_print_errors(out);
+! 			EXIT(1);
+  			}
+  
+  		if (BN_cmp(r_simple, r_mont) == 0
+***************
+*** 163,169 ****
+  			printf("\nrecp     =");	BN_print(out,r_recp);
+  			printf("\nmont     ="); BN_print(out,r_mont);
+  			printf("\n");
+! 			exit(1);
+  			}
+  		}
+  	BN_free(r_mont);
+--- 166,172 ----
+  			printf("\nrecp     =");	BN_print(out,r_recp);
+  			printf("\nmont     ="); BN_print(out,r_mont);
+  			printf("\n");
+! 			EXIT(1);
+  			}
+  		}
+  	BN_free(r_mont);
+***************
+*** 177,187 ****
+  	CRYPTO_mem_leaks(out);
+  	BIO_free(out);
+  	printf(" done\n");
+! 	exit(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors(out);
+! 	exit(1);
+  	return(1);
+  	}
+  
+--- 180,190 ----
+  	CRYPTO_mem_leaks(out);
+  	BIO_free(out);
+  	printf(" done\n");
+! 	EXIT(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors(out);
+! 	EXIT(1);
+  	return(1);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/buffer/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/buffer/Makefile.ssl
+*** crypto/openssl/crypto/buffer/Makefile.ssl	Sat Feb 17 22:15:51 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/buffer/Makefile.ssl	Thu Feb 20 12:14:12 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/cast/Makefile.ssl
+*** crypto/openssl/crypto/cast/Makefile.ssl	Sat Feb 17 22:15:51 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/cast/Makefile.ssl	Thu Feb 20 12:14:13 2003
+***************
+*** 97,103 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 97,103 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cast/casttest.c ../RELENG_5_0/crypto/openssl/crypto/cast/casttest.c
+*** crypto/openssl/crypto/cast/casttest.c	Thu Apr 13 02:27:37 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/cast/casttest.c	Thu Feb 20 12:14:13 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_CAST
+  int main(int argc, char *argv[])
+  {
+***************
+*** 224,230 ****
+        }
+  #endif
+  
+!     exit(err);
+      return(err);
+      }
+  #endif
+--- 226,232 ----
+        }
+  #endif
+  
+!     EXIT(err);
+      return(err);
+      }
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/comp/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/comp/Makefile.ssl
+*** crypto/openssl/crypto/comp/Makefile.ssl	Sat Jan 26 22:11:30 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/comp/Makefile.ssl	Thu Feb 20 12:14:13 2003
+***************
+*** 71,77 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 71,77 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/conf/Makefile.ssl
+*** crypto/openssl/crypto/conf/Makefile.ssl	Tue Jul 30 09:37:37 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/conf/Makefile.ssl	Thu Feb 20 12:14:13 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/conf/conf_def.c ../RELENG_5_0/crypto/openssl/crypto/conf/conf_def.c
+*** crypto/openssl/crypto/conf/conf_def.c	Tue Jul 30 09:37:37 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/conf/conf_def.c	Thu Feb 20 12:14:13 2003
+***************
+*** 224,232 ****
+  	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+  
+  	bufnum=0;
+  	for (;;)
+  		{
+- 		again=0;
+  		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+  			{
+  			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+--- 224,232 ----
+  	section_sk=(STACK_OF(CONF_VALUE) *)sv->value;
+  
+  	bufnum=0;
++ 	again=0;
+  	for (;;)
+  		{
+  		if (!BUF_MEM_grow(buff,bufnum+BUFSIZE))
+  			{
+  			CONFerr(CONF_F_CONF_LOAD_BIO,ERR_R_BUF_LIB);
+***************
+*** 237,243 ****
+  		BIO_gets(in, p, BUFSIZE-1);
+  		p[BUFSIZE-1]='\0';
+  		ii=i=strlen(p);
+! 		if (i == 0) break;
+  		while (i > 0)
+  			{
+  			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+--- 237,244 ----
+  		BIO_gets(in, p, BUFSIZE-1);
+  		p[BUFSIZE-1]='\0';
+  		ii=i=strlen(p);
+! 		if (i == 0 && !again) break;
+! 		again=0;
+  		while (i > 0)
+  			{
+  			if ((p[i-1] != '\r') && (p[i-1] != '\n'))
+***************
+*** 247,253 ****
+  			}
+  		/* we removed some trailing stuff so there is a new
+  		 * line on the end. */
+! 		if (i == ii)
+  			again=1; /* long line */
+  		else
+  			{
+--- 248,254 ----
+  			}
+  		/* we removed some trailing stuff so there is a new
+  		 * line on the end. */
+! 		if (ii && i == ii)
+  			again=1; /* long line */
+  		else
+  			{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/cryptlib.c ../RELENG_5_0/crypto/openssl/crypto/cryptlib.c
+*** crypto/openssl/crypto/cryptlib.c	Fri Aug  9 21:39:00 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/cryptlib.c	Thu Feb 20 12:14:11 2003
+***************
+*** 58,63 ****
+--- 58,64 ----
+  
+  #include <stdio.h>
+  #include <string.h>
++ #include <assert.h>
+  #include "cryptlib.h"
+  #include <openssl/crypto.h>
+  #include <openssl/safestack.h>
+***************
+*** 89,94 ****
+--- 90,96 ----
+  	"ssl_session",
+  	"ssl_sess_cert",
+  	"ssl",
++ 	/* "ssl_method", */
+  	"rand",
+  	"rand2",
+  	"debug_malloc",
+***************
+*** 204,213 ****
+  	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+  	/* If there was none, push, thereby creating a new one */
+  	if (i == -1)
+! 		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer);
+  	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+  
+! 	if (!i)
+  		{
+  		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+  		OPENSSL_free(pointer);
+--- 206,223 ----
+  	i=sk_CRYPTO_dynlock_find(dyn_locks,NULL);
+  	/* If there was none, push, thereby creating a new one */
+  	if (i == -1)
+! 		/* Since sk_push() returns the number of items on the
+! 		   stack, not the location of the pushed item, we need
+! 		   to transform the returned number into a position,
+! 		   by decreasing it.  */
+! 		i=sk_CRYPTO_dynlock_push(dyn_locks,pointer) - 1;
+! 	else
+! 		/* If we found a place with a NULL pointer, put our pointer
+! 		   in it.  */
+! 		sk_CRYPTO_dynlock_set(dyn_locks,i,pointer);
+  	CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK);
+  
+! 	if (i == -1)
+  		{
+  		dynlock_destroy_callback(pointer->data,__FILE__,__LINE__);
+  		OPENSSL_free(pointer);
+***************
+*** 399,414 ****
+  #endif
+  	if (type < 0)
+  		{
+! 		int i = -type - 1;
+! 		struct CRYPTO_dynlock_value *pointer
+! 			= CRYPTO_get_dynlock_value(i);
+! 
+! 		if (pointer && dynlock_lock_callback)
+  			{
+  			dynlock_lock_callback(mode, pointer, file, line);
+- 			}
+  
+! 		CRYPTO_destroy_dynlockid(i);
+  		}
+  	else
+  		if (locking_callback != NULL)
+--- 409,425 ----
+  #endif
+  	if (type < 0)
+  		{
+! 		if (dynlock_lock_callback != NULL)
+  			{
++ 			struct CRYPTO_dynlock_value *pointer
++ 				= CRYPTO_get_dynlock_value(type);
++ 
++ 			assert(pointer != NULL);
++ 
+  			dynlock_lock_callback(mode, pointer, file, line);
+  
+! 			CRYPTO_destroy_dynlockid(type);
+! 			}
+  		}
+  	else
+  		if (locking_callback != NULL)
+***************
+*** 459,465 ****
+  		return("dynamic");
+  	else if (type < CRYPTO_NUM_LOCKS)
+  		return(lock_names[type]);
+! 	else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks))
+  		return("ERROR");
+  	else
+  		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+--- 470,476 ----
+  		return("dynamic");
+  	else if (type < CRYPTO_NUM_LOCKS)
+  		return(lock_names[type]);
+! 	else if (type-CRYPTO_NUM_LOCKS > sk_num(app_locks))
+  		return("ERROR");
+  	else
+  		return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/crypto.h ../RELENG_5_0/crypto/openssl/crypto/crypto.h
+*** crypto/openssl/crypto/crypto.h	Sat Jan 26 22:11:01 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/crypto.h	Thu Feb 20 12:14:11 2003
+***************
+*** 95,129 ****
+   * names in cryptlib.c
+   */
+  
+! #define	CRYPTO_LOCK_ERR			1
+! #define	CRYPTO_LOCK_ERR_HASH		2
+! #define	CRYPTO_LOCK_X509		3
+! #define	CRYPTO_LOCK_X509_INFO		4
+! #define	CRYPTO_LOCK_X509_PKEY		5
+  #define CRYPTO_LOCK_X509_CRL		6
+  #define CRYPTO_LOCK_X509_REQ		7
+  #define CRYPTO_LOCK_DSA			8
+  #define CRYPTO_LOCK_RSA			9
+  #define CRYPTO_LOCK_EVP_PKEY		10
+! #define	CRYPTO_LOCK_X509_STORE		11
+! #define	CRYPTO_LOCK_SSL_CTX		12
+! #define	CRYPTO_LOCK_SSL_CERT		13
+! #define	CRYPTO_LOCK_SSL_SESSION		14
+! #define	CRYPTO_LOCK_SSL_SESS_CERT	15
+! #define	CRYPTO_LOCK_SSL			16
+! #define	CRYPTO_LOCK_RAND		17
+! #define	CRYPTO_LOCK_RAND2		18
+! #define	CRYPTO_LOCK_MALLOC		19
+! #define	CRYPTO_LOCK_BIO			20
+! #define	CRYPTO_LOCK_GETHOSTBYNAME	21
+! #define	CRYPTO_LOCK_GETSERVBYNAME	22
+! #define	CRYPTO_LOCK_READDIR		23
+! #define	CRYPTO_LOCK_RSA_BLINDING	24
+! #define	CRYPTO_LOCK_DH			25
+! #define	CRYPTO_LOCK_MALLOC2		26
+! #define	CRYPTO_LOCK_DSO			27
+! #define	CRYPTO_LOCK_DYNLOCK		28
+! #define	CRYPTO_NUM_LOCKS		29
+  
+  #define CRYPTO_LOCK		1
+  #define CRYPTO_UNLOCK		2
+--- 95,132 ----
+   * names in cryptlib.c
+   */
+  
+! #define CRYPTO_LOCK_ERR			1
+! #define CRYPTO_LOCK_ERR_HASH		2
+! #define CRYPTO_LOCK_X509		3
+! #define CRYPTO_LOCK_X509_INFO		4
+! #define CRYPTO_LOCK_X509_PKEY		5
+  #define CRYPTO_LOCK_X509_CRL		6
+  #define CRYPTO_LOCK_X509_REQ		7
+  #define CRYPTO_LOCK_DSA			8
+  #define CRYPTO_LOCK_RSA			9
+  #define CRYPTO_LOCK_EVP_PKEY		10
+! #define CRYPTO_LOCK_X509_STORE		11
+! #define CRYPTO_LOCK_SSL_CTX		12
+! #define CRYPTO_LOCK_SSL_CERT		13
+! #define CRYPTO_LOCK_SSL_SESSION		14
+! #define CRYPTO_LOCK_SSL_SESS_CERT	15
+! #define CRYPTO_LOCK_SSL			16
+! /* for binary compatibility between 0.9.6 minor versions,
+!  * reuse an existing lock (later version use a new one): */
+! # define CRYPTO_LOCK_SSL_METHOD		CRYPTO_LOCK_SSL_CTX
+! #define CRYPTO_LOCK_RAND		17
+! #define CRYPTO_LOCK_RAND2		18
+! #define CRYPTO_LOCK_MALLOC		19
+! #define CRYPTO_LOCK_BIO			20
+! #define CRYPTO_LOCK_GETHOSTBYNAME	21
+! #define CRYPTO_LOCK_GETSERVBYNAME	22
+! #define CRYPTO_LOCK_READDIR		23
+! #define CRYPTO_LOCK_RSA_BLINDING	24
+! #define CRYPTO_LOCK_DH			25
+! #define CRYPTO_LOCK_MALLOC2		26
+! #define CRYPTO_LOCK_DSO			27
+! #define CRYPTO_LOCK_DYNLOCK		28
+! #define CRYPTO_NUM_LOCKS		29
+  
+  #define CRYPTO_LOCK		1
+  #define CRYPTO_UNLOCK		2
+***************
+*** 145,151 ****
+  #endif
+  #else
+  #define CRYPTO_w_lock(a)
+! #define	CRYPTO_w_unlock(a)
+  #define CRYPTO_r_lock(a)
+  #define CRYPTO_r_unlock(a)
+  #define CRYPTO_add(a,b,c)	((*(a))+=(b))
+--- 148,154 ----
+  #endif
+  #else
+  #define CRYPTO_w_lock(a)
+! #define CRYPTO_w_unlock(a)
+  #define CRYPTO_r_lock(a)
+  #define CRYPTO_r_unlock(a)
+  #define CRYPTO_add(a,b,c)	((*(a))+=(b))
+***************
+*** 341,346 ****
+--- 344,351 ----
+  void CRYPTO_free(void *);
+  void *CRYPTO_realloc(void *addr,int num, const char *file, int line);
+  void *CRYPTO_remalloc(void *addr,int num, const char *file, int line);
++ 
++ void OPENSSL_cleanse(void *ptr, size_t len);
+  
+  void CRYPTO_set_mem_debug_options(long bits);
+  long CRYPTO_get_mem_debug_options(void);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/des/Makefile.ssl
+*** crypto/openssl/crypto/des/Makefile.ssl	Sat Feb 17 22:15:55 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/des/Makefile.ssl	Thu Feb 20 12:14:13 2003
+***************
+*** 130,136 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 130,136 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 192,199 ****
+  qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+  rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+! read2pwd.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+! read2pwd.o: ../../include/openssl/opensslconf.h des_locl.h
+  read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+--- 192,202 ----
+  qud_cksm.o: ../../include/openssl/opensslconf.h des_locl.h
+  rand_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  rand_key.o: ../../include/openssl/opensslconf.h ../../include/openssl/rand.h
+! read2pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+! read2pwd.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+! read2pwd.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! read2pwd.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! read2pwd.o: des_locl.h
+  read_pwd.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  read_pwd.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+  read_pwd.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+***************
+*** 206,212 ****
+  rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+  set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  set_key.o: ../../include/openssl/opensslconf.h des_locl.h
+! str2key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+! str2key.o: ../../include/openssl/opensslconf.h des_locl.h
+  xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+--- 209,218 ----
+  rpc_enc.o: ../../include/openssl/opensslconf.h des_locl.h des_ver.h rpc_des.h
+  set_key.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  set_key.o: ../../include/openssl/opensslconf.h des_locl.h
+! str2key.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+! str2key.o: ../../include/openssl/e_os2.h ../../include/openssl/opensslconf.h
+! str2key.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! str2key.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+! str2key.o: des_locl.h
+  xcbc_enc.o: ../../include/openssl/des.h ../../include/openssl/e_os2.h
+  xcbc_enc.o: ../../include/openssl/opensslconf.h des_locl.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/des.c ../RELENG_5_0/crypto/openssl/crypto/des/des.c
+*** crypto/openssl/crypto/des/des.c	Sun Nov 12 19:57:53 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/des/des.c	Thu Feb 20 12:14:13 2003
+***************
+*** 86,91 ****
+--- 86,92 ----
+  #endif
+  #include <sys/stat.h>
+  #endif
++ #include <openssl/crypto.h>
+  #include <openssl/des.h>
+  #include <openssl/rand.h>
+  
+***************
+*** 423,429 ****
+  				k2[i-8]=k;
+  			}
+  		des_set_key_unchecked(&k2,ks2);
+! 		memset(k2,0,sizeof(k2));
+  		}
+  	else if (longk || flag3)
+  		{
+--- 424,430 ----
+  				k2[i-8]=k;
+  			}
+  		des_set_key_unchecked(&k2,ks2);
+! 		OPENSSL_cleanse(k2,sizeof(k2));
+  		}
+  	else if (longk || flag3)
+  		{
+***************
+*** 431,437 ****
+  			{
+  			des_string_to_2keys(key,&kk,&k2);
+  			des_set_key_unchecked(&k2,ks2);
+! 			memset(k2,0,sizeof(k2));
+  			}
+  		else
+  			des_string_to_key(key,&kk);
+--- 432,438 ----
+  			{
+  			des_string_to_2keys(key,&kk,&k2);
+  			des_set_key_unchecked(&k2,ks2);
+! 			OPENSSL_cleanse(k2,sizeof(k2));
+  			}
+  		else
+  			des_string_to_key(key,&kk);
+***************
+*** 453,460 ****
+  			}
+  
+  	des_set_key_unchecked(&kk,ks);
+! 	memset(key,0,sizeof(key));
+! 	memset(kk,0,sizeof(kk));
+  	/* woops - A bug that does not showup under unix :-( */
+  	memset(iv,0,sizeof(iv));
+  	memset(iv2,0,sizeof(iv2));
+--- 454,461 ----
+  			}
+  
+  	des_set_key_unchecked(&kk,ks);
+! 	OPENSSL_cleanse(key,sizeof(key));
+! 	OPENSSL_cleanse(kk,sizeof(kk));
+  	/* woops - A bug that does not showup under unix :-( */
+  	memset(iv,0,sizeof(iv));
+  	memset(iv2,0,sizeof(iv2));
+***************
+*** 662,679 ****
+  		if (l) fclose(CKSUM_OUT);
+  		}
+  problems:
+! 	memset(buf,0,sizeof(buf));
+! 	memset(obuf,0,sizeof(obuf));
+! 	memset(ks,0,sizeof(ks));
+! 	memset(ks2,0,sizeof(ks2));
+! 	memset(iv,0,sizeof(iv));
+! 	memset(iv2,0,sizeof(iv2));
+! 	memset(kk,0,sizeof(kk));
+! 	memset(k2,0,sizeof(k2));
+! 	memset(uubuf,0,sizeof(uubuf));
+! 	memset(b,0,sizeof(b));
+! 	memset(bb,0,sizeof(bb));
+! 	memset(cksum,0,sizeof(cksum));
+  	if (Exit) EXIT(Exit);
+  	}
+  
+--- 663,680 ----
+  		if (l) fclose(CKSUM_OUT);
+  		}
+  problems:
+! 	OPENSSL_cleanse(buf,sizeof(buf));
+! 	OPENSSL_cleanse(obuf,sizeof(obuf));
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+! 	OPENSSL_cleanse(ks2,sizeof(ks2));
+! 	OPENSSL_cleanse(iv,sizeof(iv));
+! 	OPENSSL_cleanse(iv2,sizeof(iv2));
+! 	OPENSSL_cleanse(kk,sizeof(kk));
+! 	OPENSSL_cleanse(k2,sizeof(k2));
+! 	OPENSSL_cleanse(uubuf,sizeof(uubuf));
+! 	OPENSSL_cleanse(b,sizeof(b));
+! 	OPENSSL_cleanse(bb,sizeof(bb));
+! 	OPENSSL_cleanse(cksum,sizeof(cksum));
+  	if (Exit) EXIT(Exit);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read2pwd.c ../RELENG_5_0/crypto/openssl/crypto/des/read2pwd.c
+*** crypto/openssl/crypto/des/read2pwd.c	Mon Jan 10 01:21:37 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/des/read2pwd.c	Thu Feb 20 12:14:13 2003
+***************
+*** 57,62 ****
+--- 57,63 ----
+   */
+  
+  #include "des_locl.h"
++ #include <openssl/crypto.h>
+  
+  int des_read_password(des_cblock *key, const char *prompt, int verify)
+  	{
+***************
+*** 65,72 ****
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_key(buf,key);
+! 	memset(buf,0,BUFSIZ);
+! 	memset(buff,0,BUFSIZ);
+  	return(ok);
+  	}
+  
+--- 66,73 ----
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_key(buf,key);
+! 	OPENSSL_cleanse(buf,BUFSIZ);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ok);
+  	}
+  
+***************
+*** 78,84 ****
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_2keys(buf,key1,key2);
+! 	memset(buf,0,BUFSIZ);
+! 	memset(buff,0,BUFSIZ);
+  	return(ok);
+  	}
+--- 79,85 ----
+  
+  	if ((ok=des_read_pw(buf,buff,BUFSIZ,prompt,verify)) == 0)
+  		des_string_to_2keys(buf,key1,key2);
+! 	OPENSSL_cleanse(buf,BUFSIZ);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ok);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/read_pwd.c ../RELENG_5_0/crypto/openssl/crypto/des/read_pwd.c
+*** crypto/openssl/crypto/des/read_pwd.c	Tue Jul 30 08:43:34 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/des/read_pwd.c	Thu Feb 20 12:14:13 2003
+***************
+*** 218,224 ****
+  	int ret;
+  
+  	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+! 	memset(buff,0,BUFSIZ);
+  	return(ret);
+  	}
+  
+--- 218,224 ----
+  	int ret;
+  
+  	ret=des_read_pw(buf,buff,(length>BUFSIZ)?BUFSIZ:length,prompt,verify);
+! 	OPENSSL_cleanse(buff,BUFSIZ);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/des/str2key.c ../RELENG_5_0/crypto/openssl/crypto/des/str2key.c
+*** crypto/openssl/crypto/des/str2key.c	Thu Apr 13 02:28:02 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/des/str2key.c	Thu Feb 20 12:14:13 2003
+***************
+*** 56,61 ****
+--- 56,62 ----
+   * [including the GNU Public Licence.]
+   */
+  
++ #include <openssl/crypto.h>
+  #include "des_locl.h"
+  
+  void des_string_to_key(const char *str, des_cblock *key)
+***************
+*** 88,94 ****
+  	des_set_odd_parity(key);
+  	des_set_key_unchecked(key,ks);
+  	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
+! 	memset(ks,0,sizeof(ks));
+  	des_set_odd_parity(key);
+  	}
+  
+--- 89,95 ----
+  	des_set_odd_parity(key);
+  	des_set_key_unchecked(key,ks);
+  	des_cbc_cksum((const unsigned char*)str,key,length,ks,key);
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+  	des_set_odd_parity(key);
+  	}
+  
+***************
+*** 149,155 ****
+  	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
+  	des_set_key_unchecked(key2,ks);
+  	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
+! 	memset(ks,0,sizeof(ks));
+  	des_set_odd_parity(key1);
+  	des_set_odd_parity(key2);
+  	}
+--- 150,156 ----
+  	des_cbc_cksum((const unsigned char*)str,key1,length,ks,key1);
+  	des_set_key_unchecked(key2,ks);
+  	des_cbc_cksum((const unsigned char*)str,key2,length,ks,key2);
+! 	OPENSSL_cleanse(ks,sizeof(ks));
+  	des_set_odd_parity(key1);
+  	des_set_odd_parity(key2);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/dh/Makefile.ssl
+*** crypto/openssl/crypto/dh/Makefile.ssl	Sat Feb 17 22:16:02 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/dh/Makefile.ssl	Thu Feb 20 12:14:13 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dh/dhtest.c ../RELENG_5_0/crypto/openssl/crypto/dh/dhtest.c
+*** crypto/openssl/crypto/dh/dhtest.c	Tue Jul 30 08:43:35 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/dh/dhtest.c	Thu Feb 20 12:14:13 2003
+***************
+*** 59,64 ****
+--- 59,67 ----
+  #include <stdio.h>
+  #include <stdlib.h>
+  #include <string.h>
++ 
++ #include "../e_os.h"
++ 
+  #ifdef WINDOWS
+  #include "../bio/bss_file.c" 
+  #endif
+***************
+*** 107,113 ****
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) exit(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+--- 110,116 ----
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	out=BIO_new(BIO_s_file());
+! 	if (out == NULL) EXIT(1);
+  	BIO_set_fp(out,stdout,BIO_NOCLOSE);
+  
+  	a=DH_generate_parameters(64,DH_GENERATOR_5,cb,out);
+***************
+*** 188,194 ****
+  	if(b != NULL) DH_free(b);
+  	if(a != NULL) DH_free(a);
+  	BIO_free(out);
+! 	exit(ret);
+  	return(ret);
+  	}
+  
+--- 191,197 ----
+  	if(b != NULL) DH_free(b);
+  	if(a != NULL) DH_free(a);
+  	BIO_free(out);
+! 	EXIT(ret);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/dsa/Makefile.ssl
+*** crypto/openssl/crypto/dsa/Makefile.ssl	Sat Feb 17 22:16:03 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/dsa/Makefile.ssl	Thu Feb 20 12:14:13 2003
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dsa/dsatest.c ../RELENG_5_0/crypto/openssl/crypto/dsa/dsatest.c
+*** crypto/openssl/crypto/dsa/dsatest.c	Thu Apr 13 02:28:13 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/dsa/dsatest.c	Thu Feb 20 12:14:13 2003
+***************
+*** 61,66 ****
+--- 61,69 ----
+  #include <string.h>
+  #include <sys/types.h>
+  #include <sys/stat.h>
++ 
++ #include "../e_os.h"
++ 
+  #include <openssl/crypto.h>
+  #include <openssl/rand.h>
+  #include <openssl/bio.h>
+***************
+*** 207,216 ****
+  		BIO_free(bio_err);
+  		bio_err = NULL;
+  		}
+! 	exit(!ret);
+  	return(0);
+  	}
+  
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+  	{
+  	char c='*';
+--- 210,225 ----
+  		BIO_free(bio_err);
+  		bio_err = NULL;
+  		}
+! 	EXIT(!ret);
+  	return(0);
+  	}
+  
++ static int cb_exit(int ec)
++ 	{
++ 	EXIT(ec);
++ 	return(0);		/* To keep some compilers quiet */
++ 	}
++ 
+  static void MS_CALLBACK dsa_cb(int p, int n, void *arg)
+  	{
+  	char c='*';
+***************
+*** 226,232 ****
+  	if (!ok && (p == 0) && (num > 1))
+  		{
+  		BIO_printf((BIO *)arg,"error in dsatest\n");
+! 		exit(1);
+  		}
+  	}
+  #endif
+--- 235,241 ----
+  	if (!ok && (p == 0) && (num > 1))
+  		{
+  		BIO_printf((BIO *)arg,"error in dsatest\n");
+! 		cb_exit(1);
+  		}
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/dso/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/dso/Makefile.ssl
+*** crypto/openssl/crypto/dso/Makefile.ssl	Sat Feb 17 22:16:04 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/dso/Makefile.ssl	Thu Feb 20 12:14:13 2003
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/err/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/err/Makefile.ssl
+*** crypto/openssl/crypto/err/Makefile.ssl	Tue Jul 30 08:43:36 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/err/Makefile.ssl	Thu Feb 20 12:14:14 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/evp/Makefile.ssl
+*** crypto/openssl/crypto/evp/Makefile.ssl	Sat Feb 17 22:16:07 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/Makefile.ssl	Thu Feb 20 12:14:14 2003
+***************
+*** 87,93 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 87,93 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_enc.c ../RELENG_5_0/crypto/openssl/crypto/evp/bio_enc.c
+*** crypto/openssl/crypto/evp/bio_enc.c	Tue Jul 30 09:37:44 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/bio_enc.c	Thu Feb 20 12:14:14 2003
+***************
+*** 128,134 ****
+  	if (a == NULL) return(0);
+  	b=(BIO_ENC_CTX *)a->ptr;
+  	EVP_CIPHER_CTX_cleanup(&(b->cipher));
+! 	memset(a->ptr,0,sizeof(BIO_ENC_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 128,134 ----
+  	if (a == NULL) return(0);
+  	b=(BIO_ENC_CTX *)a->ptr;
+  	EVP_CIPHER_CTX_cleanup(&(b->cipher));
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_ENC_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/bio_ok.c ../RELENG_5_0/crypto/openssl/crypto/evp/bio_ok.c
+*** crypto/openssl/crypto/evp/bio_ok.c	Sun Nov 12 19:58:28 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/bio_ok.c	Thu Feb 20 12:14:14 2003
+***************
+*** 208,214 ****
+  static int ok_free(BIO *a)
+  	{
+  	if (a == NULL) return(0);
+! 	memset(a->ptr,0,sizeof(BIO_OK_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 208,214 ----
+  static int ok_free(BIO *a)
+  	{
+  	if (a == NULL) return(0);
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_OK_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/c_allc.c ../RELENG_5_0/crypto/openssl/crypto/evp/c_allc.c
+*** crypto/openssl/crypto/evp/c_allc.c	Tue Jul 30 09:37:44 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/c_allc.c	Thu Feb 20 12:14:14 2003
+***************
+*** 64,73 ****
+  
+  void OpenSSL_add_all_ciphers(void)
+  	{
+- 	static int done=0;
+- 
+- 	if (done) return;
+- 	done=1;
+  #ifndef NO_DES
+  	EVP_add_cipher(EVP_des_cfb());
+  	EVP_add_cipher(EVP_des_ede_cfb());
+--- 64,69 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/c_alld.c ../RELENG_5_0/crypto/openssl/crypto/evp/c_alld.c
+*** crypto/openssl/crypto/evp/c_alld.c	Tue Jul 30 09:37:44 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/c_alld.c	Thu Feb 20 12:14:14 2003
+***************
+*** 64,73 ****
+  
+  void OpenSSL_add_all_digests(void)
+  	{
+- 	static int done=0;
+- 
+- 	if (done) return;
+- 	done=1;
+  #ifndef NO_MD2
+  	EVP_add_digest(EVP_md2());
+  #endif
+--- 64,69 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/e_idea.c ../RELENG_5_0/crypto/openssl/crypto/evp/e_idea.c
+*** crypto/openssl/crypto/evp/e_idea.c	Sun Nov 12 19:58:28 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/e_idea.c	Thu Feb 20 12:14:14 2003
+***************
+*** 103,109 ****
+  
+  		idea_set_encrypt_key(key,&tmp);
+  		idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+! 		memset((unsigned char *)&tmp,0,
+  				sizeof(IDEA_KEY_SCHEDULE));
+  		}
+  	return 1;
+--- 103,109 ----
+  
+  		idea_set_encrypt_key(key,&tmp);
+  		idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks));
+! 		OPENSSL_cleanse((unsigned char *)&tmp,
+  				sizeof(IDEA_KEY_SCHEDULE));
+  		}
+  	return 1;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp.h ../RELENG_5_0/crypto/openssl/crypto/evp/evp.h
+*** crypto/openssl/crypto/evp/evp.h	Tue Jul 30 09:58:51 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/evp.h	Thu Feb 20 12:14:14 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/crypto/evp/evp.h,v 1.11 2002/07/30 13:58:51 nectar Exp $
+   */
+  
+  #ifndef HEADER_ENVELOPE_H
+--- 54,59 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/evp_key.c ../RELENG_5_0/crypto/openssl/crypto/evp/evp_key.c
+*** crypto/openssl/crypto/evp/evp_key.c	Thu Jul 19 15:58:20 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/evp_key.c	Thu Feb 20 12:14:14 2003
+***************
+*** 152,159 ****
+  			}
+  		if ((nkey == 0) && (niv == 0)) break;
+  		}
+! 	memset(&c,0,sizeof(c));
+! 	memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE);
+  	return(type->key_len);
+  	}
+  
+--- 152,159 ----
+  			}
+  		if ((nkey == 0) && (niv == 0)) break;
+  		}
+! 	OPENSSL_cleanse(&c,sizeof(c));
+! 	OPENSSL_cleanse(&(md_buf[0]),EVP_MAX_MD_SIZE);
+  	return(type->key_len);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt.c ../RELENG_5_0/crypto/openssl/crypto/evp/p5_crpt.c
+*** crypto/openssl/crypto/evp/p5_crpt.c	Sun Nov 12 19:58:35 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/p5_crpt.c	Thu Feb 20 12:14:14 2003
+***************
+*** 142,149 ****
+  	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+  						 EVP_CIPHER_iv_length(cipher));
+  	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+! 	memset(md_tmp, 0, EVP_MAX_MD_SIZE);
+! 	memset(key, 0, EVP_MAX_KEY_LENGTH);
+! 	memset(iv, 0, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+--- 142,149 ----
+  	memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),
+  						 EVP_CIPHER_iv_length(cipher));
+  	EVP_CipherInit(cctx, cipher, key, iv, en_de);
+! 	OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);
+! 	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+! 	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p5_crpt2.c ../RELENG_5_0/crypto/openssl/crypto/evp/p5_crpt2.c
+*** crypto/openssl/crypto/evp/p5_crpt2.c	Sun Nov 12 19:58:35 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/p5_crpt2.c	Thu Feb 20 12:14:14 2003
+***************
+*** 228,234 ****
+  	iter = ASN1_INTEGER_get(kdf->iter);
+  	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+  	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+! 	memset(key, 0, keylen);
+  	PBKDF2PARAM_free(kdf);
+  	return 1;
+  
+--- 228,234 ----
+  	iter = ASN1_INTEGER_get(kdf->iter);
+  	PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key);
+  	EVP_CipherInit(ctx, NULL, key, NULL, en_de);
+! 	OPENSSL_cleanse(key, keylen);
+  	PBKDF2PARAM_free(kdf);
+  	return 1;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/evp/p_open.c ../RELENG_5_0/crypto/openssl/crypto/evp/p_open.c
+*** crypto/openssl/crypto/evp/p_open.c	Sun Nov 12 19:58:38 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/evp/p_open.c	Thu Feb 20 12:14:14 2003
+***************
+*** 101,107 ****
+  
+  	ret=1;
+  err:
+! 	if (key != NULL) memset(key,0,size);
+  	OPENSSL_free(key);
+  	return(ret);
+  	}
+--- 101,107 ----
+  
+  	ret=1;
+  err:
+! 	if (key != NULL) OPENSSL_cleanse(key,size);
+  	OPENSSL_free(key);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/hmac/Makefile.ssl
+*** crypto/openssl/crypto/hmac/Makefile.ssl	Sat Feb 17 22:16:10 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/hmac/Makefile.ssl	Thu Feb 20 12:14:14 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/hmac/hmactest.c ../RELENG_5_0/crypto/openssl/crypto/hmac/hmactest.c
+*** crypto/openssl/crypto/hmac/hmactest.c	Thu Apr 13 02:28:33 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/hmac/hmactest.c	Thu Feb 20 12:14:14 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_HMAC
+  int main(int argc, char *argv[])
+  {
+***************
+*** 143,149 ****
+  		else
+  			printf("test %d ok\n",i);
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 145,151 ----
+  		else
+  			printf("test %d ok\n",i);
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/idea/Makefile.ssl
+*** crypto/openssl/crypto/idea/Makefile.ssl	Sat Feb 17 22:23:23 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/idea/Makefile.ssl	Thu Feb 20 12:14:14 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/idea/ideatest.c ../RELENG_5_0/crypto/openssl/crypto/idea/ideatest.c
+*** crypto/openssl/crypto/idea/ideatest.c	Sun Jul 16 01:52:32 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/idea/ideatest.c	Thu Feb 20 12:14:14 2003
+***************
+*** 61,66 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_IDEA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 168,174 ****
+  	else
+  		printf("ok\n");
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 169,175 ----
+  	else
+  		printf("ok\n");
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/lhash/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/lhash/Makefile.ssl
+*** crypto/openssl/crypto/lhash/Makefile.ssl	Sat Feb 17 22:16:11 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/lhash/Makefile.ssl	Thu Feb 20 12:14:15 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/md2/Makefile.ssl
+*** crypto/openssl/crypto/md2/Makefile.ssl	Tue Jul 30 08:43:38 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/md2/Makefile.ssl	Thu Feb 20 12:14:15 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 79,86 ****
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! md2_dgst.o: ../../include/openssl/md2.h ../../include/openssl/opensslconf.h
+! md2_dgst.o: ../../include/openssl/opensslv.h
+  md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+--- 79,88 ----
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! md2_dgst.o: ../../include/openssl/crypto.h ../../include/openssl/md2.h
+! md2_dgst.o: ../../include/openssl/opensslconf.h
+! md2_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md2_dgst.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  md2_one.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+  md2_one.o: ../../include/openssl/crypto.h ../../include/openssl/e_os.h
+  md2_one.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_dgst.c ../RELENG_5_0/crypto/openssl/crypto/md2/md2_dgst.c
+*** crypto/openssl/crypto/md2/md2_dgst.c	Thu Apr 13 02:28:38 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/md2/md2_dgst.c	Thu Feb 20 12:14:15 2003
+***************
+*** 61,66 ****
+--- 61,67 ----
+  #include <string.h>
+  #include <openssl/md2.h>
+  #include <openssl/opensslv.h>
++ #include <openssl/crypto.h>
+  
+  const char *MD2_version="MD2" OPENSSL_VERSION_PTEXT;
+  
+***************
+*** 194,200 ****
+  		t=(t+i)&0xff;
+  		}
+  	memcpy(sp1,state,16*sizeof(MD2_INT));
+! 	memset(state,0,48*sizeof(MD2_INT));
+  	}
+  
+  void MD2_Final(unsigned char *md, MD2_CTX *c)
+--- 195,201 ----
+  		t=(t+i)&0xff;
+  		}
+  	memcpy(sp1,state,16*sizeof(MD2_INT));
+! 	OPENSSL_cleanse(state,48*sizeof(MD2_INT));
+  	}
+  
+  void MD2_Final(unsigned char *md, MD2_CTX *c)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2_one.c ../RELENG_5_0/crypto/openssl/crypto/md2/md2_one.c
+*** crypto/openssl/crypto/md2/md2_one.c	Thu Apr 13 02:28:38 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/md2/md2_one.c	Thu Feb 20 12:14:15 2003
+***************
+*** 88,93 ****
+  	}
+  #endif
+  	MD2_Final(md,&c);
+! 	memset(&c,0,sizeof(c));	/* Security consideration */
+  	return(md);
+  	}
+--- 88,93 ----
+  	}
+  #endif
+  	MD2_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));	/* Security consideration */
+  	return(md);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md2/md2test.c ../RELENG_5_0/crypto/openssl/crypto/md2/md2test.c
+*** crypto/openssl/crypto/md2/md2test.c	Thu Apr 13 02:28:38 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/md2/md2test.c	Thu Feb 20 12:14:15 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD2
+  int main(int argc, char *argv[])
+  {
+***************
+*** 119,125 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 121,127 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md32_common.h ../RELENG_5_0/crypto/openssl/crypto/md32_common.h
+*** crypto/openssl/crypto/md32_common.h	Sat Jan 26 22:11:02 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/md32_common.h	Thu Feb 20 12:14:11 2003
+***************
+*** 602,607 ****
+  	c->num=0;
+  	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+  	 * but I'm not worried :-)
+! 	memset((void *)c,0,sizeof(HASH_CTX));
+  	 */
+  	}
+--- 602,607 ----
+  	c->num=0;
+  	/* clear stuff, HASH_BLOCK may be leaving some stuff on the stack
+  	 * but I'm not worried :-)
+! 	OPENSSL_cleanse((void *)c,sizeof(HASH_CTX));
+  	 */
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/md4/Makefile.ssl
+*** crypto/openssl/crypto/md4/Makefile.ssl	Sat Feb 17 22:16:12 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/md4/Makefile.ssl	Thu Feb 20 12:14:15 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 82,85 ****
+  
+  md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+  md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
+! md4_one.o: ../../include/openssl/md4.h
+--- 82,87 ----
+  
+  md4_dgst.o: ../../include/openssl/md4.h ../../include/openssl/opensslconf.h
+  md4_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md4_locl.h
+! md4_one.o: ../../include/openssl/crypto.h ../../include/openssl/md4.h
+! md4_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md4_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4_one.c ../RELENG_5_0/crypto/openssl/crypto/md4/md4_one.c
+*** crypto/openssl/crypto/md4/md4_one.c	Sun Nov 12 19:58:43 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/md4/md4_one.c	Thu Feb 20 12:14:15 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/md4.h>
++ #include <openssl/crypto.h>
+  
+  #ifdef CHARSET_EBCDIC
+  #include <openssl/ebcdic.h>
+***************
+*** 89,95 ****
+  	}
+  #endif
+  	MD4_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 90,96 ----
+  	}
+  #endif
+  	MD4_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md4/md4test.c ../RELENG_5_0/crypto/openssl/crypto/md4/md4test.c
+*** crypto/openssl/crypto/md4/md4test.c	Sun Nov 12 19:58:45 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/md4/md4test.c	Thu Feb 20 12:14:15 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD4
+  int main(int argc, char *argv[])
+  {
+***************
+*** 115,121 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 117,123 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/md5/Makefile.ssl
+*** crypto/openssl/crypto/md5/Makefile.ssl	Sat Feb 17 22:16:12 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/md5/Makefile.ssl	Thu Feb 20 12:14:15 2003
+***************
+*** 118,124 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 118,124 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 131,134 ****
+  
+  md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+  md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+! md5_one.o: ../../include/openssl/md5.h
+--- 131,136 ----
+  
+  md5_dgst.o: ../../include/openssl/md5.h ../../include/openssl/opensslconf.h
+  md5_dgst.o: ../../include/openssl/opensslv.h ../md32_common.h md5_locl.h
+! md5_one.o: ../../include/openssl/crypto.h ../../include/openssl/md5.h
+! md5_one.o: ../../include/openssl/opensslv.h ../../include/openssl/safestack.h
+! md5_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5_one.c ../RELENG_5_0/crypto/openssl/crypto/md5/md5_one.c
+*** crypto/openssl/crypto/md5/md5_one.c	Thu Apr 13 02:28:39 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/md5/md5_one.c	Thu Feb 20 12:14:15 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/md5.h>
++ #include <openssl/crypto.h>
+  
+  #ifdef CHARSET_EBCDIC
+  #include <openssl/ebcdic.h>
+***************
+*** 89,95 ****
+  	}
+  #endif
+  	MD5_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 90,96 ----
+  	}
+  #endif
+  	MD5_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/md5/md5test.c ../RELENG_5_0/crypto/openssl/crypto/md5/md5test.c
+*** crypto/openssl/crypto/md5/md5test.c	Thu Apr 13 02:28:40 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/md5/md5test.c	Thu Feb 20 12:14:15 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_MD5
+  int main(int argc, char *argv[])
+  {
+***************
+*** 115,121 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 117,123 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/mdc2/Makefile.ssl
+*** crypto/openssl/crypto/mdc2/Makefile.ssl	Sat Feb 17 22:16:13 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/mdc2/Makefile.ssl	Thu Feb 20 12:14:15 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2_one.c ../RELENG_5_0/crypto/openssl/crypto/mdc2/mdc2_one.c
+*** crypto/openssl/crypto/mdc2/mdc2_one.c	Thu Apr 13 02:28:43 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/mdc2/mdc2_one.c	Thu Feb 20 12:14:15 2003
+***************
+*** 69,75 ****
+  	MDC2_Init(&c);
+  	MDC2_Update(&c,d,n);
+          MDC2_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 69,75 ----
+  	MDC2_Init(&c);
+  	MDC2_Update(&c,d,n);
+          MDC2_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mdc2/mdc2test.c ../RELENG_5_0/crypto/openssl/crypto/mdc2/mdc2test.c
+*** crypto/openssl/crypto/mdc2/mdc2test.c	Thu Apr 13 02:28:43 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/mdc2/mdc2test.c	Thu Feb 20 12:14:15 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #if defined(NO_DES) && !defined(NO_MDC2)
+  #define NO_MDC2
+  #endif
+***************
+*** 134,140 ****
+  	else
+  		printf("pad2 - ok\n");
+  
+! 	exit(ret);
+  	return(ret);
+  	}
+  #endif
+--- 136,142 ----
+  	else
+  		printf("pad2 - ok\n");
+  
+! 	EXIT(ret);
+  	return(ret);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem.c ../RELENG_5_0/crypto/openssl/crypto/mem.c
+*** crypto/openssl/crypto/mem.c	Fri Aug  9 21:39:08 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/mem.c	Thu Feb 20 12:14:11 2003
+***************
+*** 173,178 ****
+--- 173,181 ----
+  void *CRYPTO_malloc_locked(int num, const char *file, int line)
+  	{
+  	void *ret = NULL;
++ 	extern unsigned char cleanse_ctr;
++ 
++ 	if (num < 0) return NULL;
+  
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+***************
+*** 187,192 ****
+--- 190,201 ----
+  	if (malloc_debug_func != NULL)
+  		malloc_debug_func(ret, num, file, line, 1);
+  
++         /* Create a dependency on the value of 'cleanse_ctr' so our memory
++          * sanitisation function can't be optimised out. NB: We only do
++          * this for >2Kb so the overhead doesn't bother us. */
++         if(ret && (num > 2048))
++ 		((unsigned char *)ret)[0] = cleanse_ctr;
++ 
+  	return ret;
+  	}
+  
+***************
+*** 205,210 ****
+--- 214,222 ----
+  void *CRYPTO_malloc(int num, const char *file, int line)
+  	{
+  	void *ret = NULL;
++ 	extern unsigned char cleanse_ctr;
++ 
++ 	if (num < 0) return NULL;
+  
+  	allow_customize = 0;
+  	if (malloc_debug_func != NULL)
+***************
+*** 219,224 ****
+--- 231,242 ----
+  	if (malloc_debug_func != NULL)
+  		malloc_debug_func(ret, num, file, line, 1);
+  
++         /* Create a dependency on the value of 'cleanse_ctr' so our memory
++          * sanitisation function can't be optimised out. NB: We only do
++          * this for >2Kb so the overhead doesn't bother us. */
++         if(ret && (num > 2048))
++                 ((unsigned char *)ret)[0] = cleanse_ctr;
++ 
+  	return ret;
+  	}
+  
+***************
+*** 228,233 ****
+--- 246,253 ----
+  
+  	if (str == NULL)
+  		return CRYPTO_malloc(num, file, line);
++ 
++ 	if (num < 0) return NULL;
+  
+  	if (realloc_debug_func != NULL)
+  		realloc_debug_func(str, NULL, num, file, line, 0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_clr.c ../RELENG_5_0/crypto/openssl/crypto/mem_clr.c
+*** crypto/openssl/crypto/mem_clr.c	Wed Dec 31 19:00:00 1969
+--- ../RELENG_5_0/crypto/openssl/crypto/mem_clr.c	Thu Feb 20 12:14:11 2003
+***************
+*** 0 ****
+--- 1,75 ----
++ /* crypto/mem_clr.c -*- mode:C; c-file-style: "eay" -*- */
++ /* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
++  * project 2002.
++  */
++ /* ====================================================================
++  * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
++  *
++  * Redistribution and use in source and binary forms, with or without
++  * modification, are permitted provided that the following conditions
++  * are met:
++  *
++  * 1. Redistributions of source code must retain the above copyright
++  *    notice, this list of conditions and the following disclaimer. 
++  *
++  * 2. Redistributions in binary form must reproduce the above copyright
++  *    notice, this list of conditions and the following disclaimer in
++  *    the documentation and/or other materials provided with the
++  *    distribution.
++  *
++  * 3. All advertising materials mentioning features or use of this
++  *    software must display the following acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
++  *
++  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
++  *    endorse or promote products derived from this software without
++  *    prior written permission. For written permission, please contact
++  *    openssl-core@openssl.org.
++  *
++  * 5. Products derived from this software may not be called "OpenSSL"
++  *    nor may "OpenSSL" appear in their names without prior written
++  *    permission of the OpenSSL Project.
++  *
++  * 6. Redistributions of any form whatsoever must retain the following
++  *    acknowledgment:
++  *    "This product includes software developed by the OpenSSL Project
++  *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
++  *
++  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
++  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
++  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
++  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
++  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
++  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
++  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
++  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
++  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
++  * OF THE POSSIBILITY OF SUCH DAMAGE.
++  * ====================================================================
++  *
++  * This product includes cryptographic software written by Eric Young
++  * (eay@cryptsoft.com).  This product includes software written by Tim
++  * Hudson (tjh@cryptsoft.com).
++  *
++  */
++ 
++ #include <string.h>
++ #include <openssl/crypto.h>
++ 
++ unsigned char cleanse_ctr = 0;
++ 
++ void OPENSSL_cleanse(void *ptr, size_t len)
++ 	{
++ 	unsigned char *p = ptr;
++ 	size_t loop = len;
++ 	while(loop--)
++ 		{
++ 		*(p++) = cleanse_ctr;
++ 		cleanse_ctr += (17 + (unsigned char)((int)p & 0xF));
++ 		}
++ 	if(memchr(ptr, cleanse_ctr, len))
++ 		cleanse_ctr += 63;
++ 	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/mem_dbg.c ../RELENG_5_0/crypto/openssl/crypto/mem_dbg.c
+*** crypto/openssl/crypto/mem_dbg.c	Sat May 19 23:05:15 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/mem_dbg.c	Thu Feb 20 12:14:11 2003
+***************
+*** 102,107 ****
+--- 102,109 ----
+  	int references;
+  	} APP_INFO;
+  
++ static void app_info_free(APP_INFO *);
++ 
+  static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's
+                            * that are at the top of their thread's stack
+                            * (with `thread' as key);
+***************
+*** 140,145 ****
+--- 142,159 ----
+                                              * thread named in disabling_thread).
+                                              */
+  
++ static void app_info_free(APP_INFO *inf)
++ 	{
++ 	if (--(inf->references) <= 0)
++ 		{
++ 		if (inf->next != NULL)
++ 			{
++ 			app_info_free(inf->next);
++ 			}
++ 		OPENSSL_free(inf);
++ 		}
++ 	}
++ 
+  int CRYPTO_mem_ctrl(int mode)
+  	{
+  	int ret=mh_mode;
+***************
+*** 496,504 ****
+  				mp->order, mp->addr, mp->num);
+  #endif
+  				if (mp->app_info != NULL)
+! 					{
+! 					mp->app_info->references--;
+! 					}
+  				OPENSSL_free(mp);
+  				}
+  
+--- 510,516 ----
+  				mp->order, mp->addr, mp->num);
+  #endif
+  				if (mp->app_info != NULL)
+! 					app_info_free(mp->app_info);
+  				OPENSSL_free(mp);
+  				}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/objects/Makefile.ssl
+*** crypto/openssl/crypto/objects/Makefile.ssl	Tue Jul 30 08:43:39 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/objects/Makefile.ssl	Thu Feb 20 12:14:15 2003
+***************
+*** 76,82 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 76,82 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.c ../RELENG_5_0/crypto/openssl/crypto/objects/obj_dat.c
+*** crypto/openssl/crypto/objects/obj_dat.c	Tue Jul 30 09:37:46 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/objects/obj_dat.c	Thu Feb 20 12:14:15 2003
+***************
+*** 417,423 ****
+  	a2d_ASN1_OBJECT(p,i,s,-1);
+  	
+  	p=buf;
+! 	op=d2i_ASN1_OBJECT(NULL,&p,i);
+  	OPENSSL_free(buf);
+  	return op;
+  	}
+--- 417,423 ----
+  	a2d_ASN1_OBJECT(p,i,s,-1);
+  	
+  	p=buf;
+! 	op=d2i_ASN1_OBJECT(NULL,&p,j);
+  	OPENSSL_free(buf);
+  	return op;
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_dat.h ../RELENG_5_0/crypto/openssl/crypto/objects/obj_dat.h
+*** crypto/openssl/crypto/objects/obj_dat.h	Tue Jul 30 08:43:39 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/objects/obj_dat.h	Thu Feb 20 12:14:15 2003
+***************
+*** 62,73 ****
+   * [including the GNU Public Licence.]
+   */
+  
+! #define NUM_NID 404
+! #define NUM_SN 402
+! #define NUM_LN 402
+! #define NUM_OBJ 376
+  
+! static unsigned char lvalues[2951]={
+  0x00,                                        /* [  0] OBJ_undef */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
+--- 62,73 ----
+   * [including the GNU Public Licence.]
+   */
+  
+! #define NUM_NID 406
+! #define NUM_SN 404
+! #define NUM_LN 404
+! #define NUM_OBJ 378
+  
+! static unsigned char lvalues[2971]={
+  0x00,                                        /* [  0] OBJ_undef */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
+  0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
+***************
+*** 444,449 ****
+--- 444,451 ----
+  0x55,0x1D,0x24,                              /* [2941] OBJ_policy_constraints */
+  0x55,0x1D,0x37,                              /* [2944] OBJ_target_information */
+  0x55,0x1D,0x38,                              /* [2947] OBJ_no_rev_avail */
++ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x02,/* [2950] OBJ_ms_smartcard_login */
++ 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x14,0x02,0x03,/* [2960] OBJ_ms_upn */
+  };
+  
+  static ASN1_OBJECT nid_objs[NUM_NID]={
+***************
+*** 1075,1080 ****
+--- 1077,1086 ----
+  	&(lvalues[2944]),0},
+  {"noRevAvail","X509v3 No Revocation Available",NID_no_rev_avail,3,
+  	&(lvalues[2947]),0},
++ {"msSmartcardLogin","Microsoft Smartcardlogin",NID_ms_smartcard_login,
++ 	10,&(lvalues[2950]),0},
++ {"msUPN","Microsoft Universal Principal Name",NID_ms_upn,10,
++ 	&(lvalues[2960]),0},
+  };
+  
+  static ASN1_OBJECT *sn_objs[NUM_SN]={
+***************
+*** 1417,1422 ****
+--- 1423,1430 ----
+  &(nid_objs[138]),/* "msEFS" */
+  &(nid_objs[171]),/* "msExtReq" */
+  &(nid_objs[137]),/* "msSGC" */
++ &(nid_objs[404]),/* "msSmartcardLogin" */
++ &(nid_objs[405]),/* "msUPN" */
+  &(nid_objs[173]),/* "name" */
+  &(nid_objs[369]),/* "noCheck" */
+  &(nid_objs[403]),/* "noRevAvail" */
+***************
+*** 1510,1516 ****
+--- 1518,1526 ----
+  &(nid_objs[171]),/* "Microsoft Extension Request" */
+  &(nid_objs[134]),/* "Microsoft Individual Code Signing" */
+  &(nid_objs[137]),/* "Microsoft Server Gated Crypto" */
++ &(nid_objs[404]),/* "Microsoft Smartcardlogin" */
+  &(nid_objs[136]),/* "Microsoft Trust List Signing" */
++ &(nid_objs[405]),/* "Microsoft Universal Principal Name" */
+  &(nid_objs[72]),/* "Netscape Base Url" */
+  &(nid_objs[76]),/* "Netscape CA Policy Url" */
+  &(nid_objs[74]),/* "Netscape CA Revocation Url" */
+***************
+*** 2196,2201 ****
+--- 2206,2213 ----
+  &(nid_objs[136]),/* OBJ_ms_ctl_sign                  1 3 6 1 4 1 311 10 3 1 */
+  &(nid_objs[137]),/* OBJ_ms_sgc                       1 3 6 1 4 1 311 10 3 3 */
+  &(nid_objs[138]),/* OBJ_ms_efs                       1 3 6 1 4 1 311 10 3 4 */
++ &(nid_objs[404]),/* OBJ_ms_smartcard_login           1 3 6 1 4 1 311 20 2 2 */
++ &(nid_objs[405]),/* OBJ_ms_upn                       1 3 6 1 4 1 311 20 2 3 */
+  &(nid_objs[196]),/* OBJ_id_smime_mod_cms             1 2 840 113549 1 9 16 0 1 */
+  &(nid_objs[197]),/* OBJ_id_smime_mod_ess             1 2 840 113549 1 9 16 0 2 */
+  &(nid_objs[198]),/* OBJ_id_smime_mod_oid             1 2 840 113549 1 9 16 0 3 */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.h ../RELENG_5_0/crypto/openssl/crypto/objects/obj_mac.h
+*** crypto/openssl/crypto/objects/obj_mac.h	Tue Jul 30 08:43:40 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/objects/obj_mac.h	Thu Feb 20 12:14:16 2003
+***************
+*** 780,785 ****
+--- 780,795 ----
+  #define NID_ms_efs		138
+  #define OBJ_ms_efs		1L,3L,6L,1L,4L,1L,311L,10L,3L,4L
+  
++ #define SN_ms_smartcard_login		"msSmartcardLogin"
++ #define LN_ms_smartcard_login		"Microsoft Smartcardlogin"
++ #define NID_ms_smartcard_login		404
++ #define OBJ_ms_smartcard_login		1L,3L,6L,1L,4L,1L,311L,20L,2L,2L
++ 
++ #define SN_ms_upn		"msUPN"
++ #define LN_ms_upn		"Microsoft Universal Principal Name"
++ #define NID_ms_upn		405
++ #define OBJ_ms_upn		1L,3L,6L,1L,4L,1L,311L,20L,2L,3L
++ 
+  #define SN_idea_cbc		"IDEA-CBC"
+  #define LN_idea_cbc		"idea-cbc"
+  #define NID_idea_cbc		34
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/obj_mac.num ../RELENG_5_0/crypto/openssl/crypto/objects/obj_mac.num
+*** crypto/openssl/crypto/objects/obj_mac.num	Sat Jan 26 22:11:52 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/objects/obj_mac.num	Thu Feb 20 12:14:16 2003
+***************
+*** 401,403 ****
+--- 401,405 ----
+  policy_constraints		401
+  target_information		402
+  no_rev_avail		403
++ ms_smartcard_login		404
++ ms_upn		405
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/objects/objects.txt ../RELENG_5_0/crypto/openssl/crypto/objects/objects.txt
+*** crypto/openssl/crypto/objects/objects.txt	Tue Jul 30 08:43:40 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/objects/objects.txt	Thu Feb 20 12:14:16 2003
+***************
+*** 246,251 ****
+--- 246,255 ----
+  1 3 6 1 4 1 311 10 3 3	: msSGC			: Microsoft Server Gated Crypto
+  !Cname ms-efs
+  1 3 6 1 4 1 311 10 3 4	: msEFS			: Microsoft Encrypted File System
++ !Cname ms-smartcard-login
++ 1 3 6 1 4 1 311 20 2 2	: msSmartcardLogin	: Microsoft Smartcardlogin
++ !Cname ms-upn
++ 1 3 6 1 4 1 311 20 2 3	: msUPN			: Microsoft Universal Principal Name
+  
+  1 3 6 1 4 1 188 7 1 1 2	: IDEA-CBC		: idea-cbc
+  			: IDEA-ECB		: idea-ecb
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/opensslv.h ../RELENG_5_0/crypto/openssl/crypto/opensslv.h
+*** crypto/openssl/crypto/opensslv.h	Fri Aug  9 21:48:01 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/opensslv.h	Thu Feb 20 12:14:11 2003
+***************
+*** 25,32 ****
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090607fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6g 9 Aug 2002"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+--- 25,32 ----
+   * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for
+   *  major minor fix final patch/beta)
+   */
+! #define OPENSSL_VERSION_NUMBER	0x0090609fL
+! #define OPENSSL_VERSION_TEXT	"OpenSSL 0.9.6i Feb 19 2003"
+  #define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT
+  
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/pem/Makefile.ssl
+*** crypto/openssl/crypto/pem/Makefile.ssl	Sat Feb 17 22:16:18 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/pem/Makefile.ssl	Thu Feb 20 12:14:16 2003
+***************
+*** 69,75 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 69,75 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_info.c ../RELENG_5_0/crypto/openssl/crypto/pem/pem_info.c
+*** crypto/openssl/crypto/pem/pem_info.c	Tue Jul 30 08:43:41 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/pem/pem_info.c	Thu Feb 20 12:14:16 2003
+***************
+*** 358,364 ****
+  	ret=1;
+  
+  err:
+! 	memset((char *)&ctx,0,sizeof(ctx));
+! 	memset(buf,0,PEM_BUFSIZE);
+  	return(ret);
+  	}
+--- 358,364 ----
+  	ret=1;
+  
+  err:
+! 	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+! 	OPENSSL_cleanse(buf,PEM_BUFSIZE);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_lib.c ../RELENG_5_0/crypto/openssl/crypto/pem/pem_lib.c
+*** crypto/openssl/crypto/pem/pem_lib.c	Tue Jul 30 09:37:46 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/pem/pem_lib.c	Thu Feb 20 12:14:16 2003
+***************
+*** 380,386 ****
+  		 * NOT taken from the BytesToKey function */
+  		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+  
+! 		if (kstr == (unsigned char *)buf) memset(buf,0,PEM_BUFSIZE);
+  
+  		buf[0]='\0';
+  		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+--- 380,386 ----
+  		 * NOT taken from the BytesToKey function */
+  		EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL);
+  
+! 		if (kstr == (unsigned char *)buf) OPENSSL_cleanse(buf,PEM_BUFSIZE);
+  
+  		buf[0]='\0';
+  		PEM_proc_type(buf,PEM_TYPE_ENCRYPTED);
+***************
+*** 401,412 ****
+  	i=PEM_write_bio(bp,name,buf,data,i);
+  	if (i <= 0) ret=0;
+  err:
+! 	memset(key,0,sizeof(key));
+! 	memset(iv,0,sizeof(iv));
+! 	memset((char *)&ctx,0,sizeof(ctx));
+! 	memset(buf,0,PEM_BUFSIZE);
+! 	memset(data,0,(unsigned int)dsize);
+! 	OPENSSL_free(data);
+  	return(ret);
+  	}
+  
+--- 401,415 ----
+  	i=PEM_write_bio(bp,name,buf,data,i);
+  	if (i <= 0) ret=0;
+  err:
+! 	OPENSSL_cleanse(key,sizeof(key));
+! 	OPENSSL_cleanse(iv,sizeof(iv));
+! 	OPENSSL_cleanse((char *)&ctx,sizeof(ctx));
+! 	OPENSSL_cleanse(buf,PEM_BUFSIZE);
+! 	if (data != NULL)
+! 		{
+! 		OPENSSL_cleanse(data,(unsigned int)dsize);
+! 		OPENSSL_free(data);
+! 		}
+  	return(ret);
+  	}
+  
+***************
+*** 444,451 ****
+  	EVP_DecryptUpdate(&ctx,data,&i,data,j);
+  	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+  	EVP_CIPHER_CTX_cleanup(&ctx);
+! 	memset((char *)buf,0,sizeof(buf));
+! 	memset((char *)key,0,sizeof(key));
+  	j+=i;
+  	if (!o)
+  		{
+--- 447,454 ----
+  	EVP_DecryptUpdate(&ctx,data,&i,data,j);
+  	o=EVP_DecryptFinal(&ctx,&(data[i]),&j);
+  	EVP_CIPHER_CTX_cleanup(&ctx);
+! 	OPENSSL_cleanse((char *)buf,sizeof(buf));
+! 	OPENSSL_cleanse((char *)key,sizeof(key));
+  	j+=i;
+  	if (!o)
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pem/pem_seal.c ../RELENG_5_0/crypto/openssl/crypto/pem/pem_seal.c
+*** crypto/openssl/crypto/pem/pem_seal.c	Sun Nov 12 19:59:13 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/pem/pem_seal.c	Thu Feb 20 12:14:16 2003
+***************
+*** 109,115 ****
+  	ret=npubk;
+  err:
+  	if (s != NULL) OPENSSL_free(s);
+! 	memset(key,0,EVP_MAX_KEY_LENGTH);
+  	return(ret);
+  	}
+  
+--- 109,115 ----
+  	ret=npubk;
+  err:
+  	if (s != NULL) OPENSSL_free(s);
+! 	OPENSSL_cleanse(key,EVP_MAX_KEY_LENGTH);
+  	return(ret);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/pkcs12/Makefile.ssl
+*** crypto/openssl/crypto/pkcs12/Makefile.ssl	Sat Feb 17 22:16:21 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/pkcs12/Makefile.ssl	Thu Feb 20 12:14:16 2003
+***************
+*** 74,80 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 74,80 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_crpt.c ../RELENG_5_0/crypto/openssl/crypto/pkcs12/p12_crpt.c
+*** crypto/openssl/crypto/pkcs12/p12_crpt.c	Thu Apr 13 02:29:04 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/pkcs12/p12_crpt.c	Thu Feb 20 12:14:16 2003
+***************
+*** 118,124 ****
+  	}
+  	PBEPARAM_free(pbe);
+  	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+! 	memset(key, 0, EVP_MAX_KEY_LENGTH);
+! 	memset(iv, 0, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+--- 118,124 ----
+  	}
+  	PBEPARAM_free(pbe);
+  	EVP_CipherInit(ctx, cipher, key, iv, en_de);
+! 	OPENSSL_cleanse(key, EVP_MAX_KEY_LENGTH);
+! 	OPENSSL_cleanse(iv, EVP_MAX_IV_LENGTH);
+  	return 1;
+  }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_decr.c ../RELENG_5_0/crypto/openssl/crypto/pkcs12/p12_decr.c
+*** crypto/openssl/crypto/pkcs12/p12_decr.c	Sun Nov 12 19:59:20 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/pkcs12/p12_decr.c	Thu Feb 20 12:14:16 2003
+***************
+*** 137,143 ****
+  	if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
+  				free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+  	else ret = d2i(NULL, &p, outlen);
+! 	if (seq & 2) memset(out, 0, outlen);
+  	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+  	OPENSSL_free (out);
+  	return ret;
+--- 137,143 ----
+  	if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i,
+  				free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+  	else ret = d2i(NULL, &p, outlen);
+! 	if (seq & 2) OPENSSL_cleanse(out, outlen);
+  	if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
+  	OPENSSL_free (out);
+  	return ret;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs12/p12_key.c ../RELENG_5_0/crypto/openssl/crypto/pkcs12/p12_key.c
+*** crypto/openssl/crypto/pkcs12/p12_key.c	Sat May 19 23:06:08 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/pkcs12/p12_key.c	Thu Feb 20 12:14:16 2003
+***************
+*** 91,97 ****
+  	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+  						 id, iter, n, out, md_type);
+  	if(unipass) {
+! 		memset(unipass, 0, uniplen);	/* Clear password from memory */
+  		OPENSSL_free(unipass);
+  	}
+  	return ret;
+--- 91,97 ----
+  	ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen,
+  						 id, iter, n, out, md_type);
+  	if(unipass) {
+! 		OPENSSL_cleanse(unipass, uniplen);	/* Clear password from memory */
+  		OPENSSL_free(unipass);
+  	}
+  	return ret;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/pkcs7/Makefile.ssl
+*** crypto/openssl/crypto/pkcs7/Makefile.ssl	Tue Jul 30 08:43:42 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/pkcs7/Makefile.ssl	Thu Feb 20 12:14:16 2003
+***************
+*** 87,93 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 87,93 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/bio_ber.c ../RELENG_5_0/crypto/openssl/crypto/pkcs7/bio_ber.c
+*** crypto/openssl/crypto/pkcs7/bio_ber.c	Sun Nov 12 19:59:25 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/pkcs7/bio_ber.c	Thu Feb 20 12:14:16 2003
+***************
+*** 145,151 ****
+  
+  	if (a == NULL) return(0);
+  	b=(BIO_BER_CTX *)a->ptr;
+! 	memset(a->ptr,0,sizeof(BIO_BER_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+--- 145,151 ----
+  
+  	if (a == NULL) return(0);
+  	b=(BIO_BER_CTX *)a->ptr;
+! 	OPENSSL_cleanse(a->ptr,sizeof(BIO_BER_CTX));
+  	OPENSSL_free(a->ptr);
+  	a->ptr=NULL;
+  	a->init=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/pkcs7/pk7_doit.c ../RELENG_5_0/crypto/openssl/crypto/pkcs7/pk7_doit.c
+*** crypto/openssl/crypto/pkcs7/pk7_doit.c	Tue Jul 30 09:37:47 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/pkcs7/pk7_doit.c	Thu Feb 20 12:14:16 2003
+***************
+*** 241,247 ****
+  			M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+  			}
+  		OPENSSL_free(tmp);
+! 		memset(key, 0, keylen);
+  
+  		if (out == NULL)
+  			out=btmp;
+--- 241,247 ----
+  			M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj);
+  			}
+  		OPENSSL_free(tmp);
+! 		OPENSSL_cleanse(key, keylen);
+  
+  		if (out == NULL)
+  			out=btmp;
+***************
+*** 448,454 ****
+  		} 
+  		EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+  
+! 		memset(tmp,0,jj);
+  
+  		if (out == NULL)
+  			out=etmp;
+--- 448,454 ----
+  		} 
+  		EVP_CipherInit(evp_ctx,NULL,tmp,NULL,0);
+  
+! 		OPENSSL_cleanse(tmp,jj);
+  
+  		if (out == NULL)
+  			out=etmp;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/rand/Makefile.ssl
+*** crypto/openssl/crypto/rand/Makefile.ssl	Sat Feb 17 22:16:28 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/rand/Makefile.ssl	Thu Feb 20 12:14:16 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/md_rand.c ../RELENG_5_0/crypto/openssl/crypto/rand/md_rand.c
+*** crypto/openssl/crypto/rand/md_rand.c	Sat Jan 26 22:12:02 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/rand/md_rand.c	Thu Feb 20 12:14:16 2003
+***************
+*** 177,186 ****
+  
+  static void ssleay_rand_cleanup(void)
+  	{
+! 	memset(state,0,sizeof(state));
+  	state_num=0;
+  	state_index=0;
+! 	memset(md,0,MD_DIGEST_LENGTH);
+  	md_count[0]=0;
+  	md_count[1]=0;
+  	entropy=0;
+--- 177,186 ----
+  
+  static void ssleay_rand_cleanup(void)
+  	{
+! 	OPENSSL_cleanse(state,sizeof(state));
+  	state_num=0;
+  	state_index=0;
+! 	OPENSSL_cleanse(md,MD_DIGEST_LENGTH);
+  	md_count[0]=0;
+  	md_count[1]=0;
+  	entropy=0;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_egd.c ../RELENG_5_0/crypto/openssl/crypto/rand/rand_egd.c
+*** crypto/openssl/crypto/rand/rand_egd.c	Tue Jul 30 08:43:45 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/rand/rand_egd.c	Thu Feb 20 12:14:16 2003
+***************
+*** 59,65 ****
+  /* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+   */
+  
+! #if defined(WIN32) || defined(VMS) || defined(__VMS)
+  int RAND_egd(const char *path)
+  	{
+  	return(-1);
+--- 59,65 ----
+  /* Query the EGD <URL: http://www.lothar.com/tech/crypto/>.
+   */
+  
+! #if defined(WIN32) || defined(MSDOS) || defined(VMS) || defined(__VMS) || defined(VXWORKS)
+  int RAND_egd(const char *path)
+  	{
+  	return(-1);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/rand_win.c ../RELENG_5_0/crypto/openssl/crypto/rand/rand_win.c
+*** crypto/openssl/crypto/rand/rand_win.c	Tue Jul 30 08:43:45 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/rand/rand_win.c	Thu Feb 20 12:14:16 2003
+***************
+*** 254,259 ****
+--- 254,263 ----
+           * at random times on Windows 2000.  Reported by Jeffrey Altman.  
+           * Only use it on NT.
+  	 */
++ 	/* Wolfgang Marczy <WMarczy@topcall.co.at> reports that
++ 	 * the RegQueryValueEx call below can hang on NT4.0 (SP6).
++ 	 * So we don't use this at all for now. */
++ #if 0
+          if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
+  		osverinfo.dwMajorVersion < 5)
+  		{
+***************
+*** 283,295 ****
+  			{
+                          /* For entropy count assume only least significant
+  			 * byte of each DWORD is random.
+!                          */
+  			RAND_add(&length, sizeof(length), 0);
+  			RAND_add(buf, length, length / 4.0);
+  			}
+  		if (buf)
+  			free(buf);
+  		}
+  
+  	if (advapi)
+  		{
+--- 287,309 ----
+  			{
+                          /* For entropy count assume only least significant
+  			 * byte of each DWORD is random.
+! 			 */
+  			RAND_add(&length, sizeof(length), 0);
+  			RAND_add(buf, length, length / 4.0);
++ 
++ 			/* Close the Registry Key to allow Windows to cleanup/close
++ 			 * the open handle
++ 			 * Note: The 'HKEY_PERFORMANCE_DATA' key is implicitly opened
++ 			 *       when the RegQueryValueEx above is done.  However, if
++ 			 *       it is not explicitly closed, it can cause disk
++ 			 *       partition manipulation problems.
++ 			 */
++ 			RegCloseKey(HKEY_PERFORMANCE_DATA);
+  			}
+  		if (buf)
+  			free(buf);
+  		}
++ #endif
+  
+  	if (advapi)
+  		{
+***************
+*** 461,467 ****
+  						hlist.th32ProcessID,
+  						hlist.th32HeapID))
+  						{
+! 						int entrycnt = 50;
+  						do
+  							RAND_add(&hentry,
+  								hentry.dwSize, 5);
+--- 475,481 ----
+  						hlist.th32ProcessID,
+  						hlist.th32HeapID))
+  						{
+! 						int entrycnt = 80;
+  						do
+  							RAND_add(&hentry,
+  								hentry.dwSize, 5);
+***************
+*** 718,725 ****
+--- 732,741 ----
+  	/* put in some default random data, we need more than just this */
+  	l=curr_pid;
+  	RAND_add(&l,sizeof(l),0);
++ #ifndef VXWORKS
+  	l=getuid();
+  	RAND_add(&l,sizeof(l),0);
++ #endif
+  
+  	l=time(NULL);
+  	RAND_add(&l,sizeof(l),0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randfile.c ../RELENG_5_0/crypto/openssl/crypto/rand/randfile.c
+*** crypto/openssl/crypto/rand/randfile.c	Thu Jul 19 15:58:40 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/rand/randfile.c	Thu Feb 20 12:14:17 2003
+***************
+*** 61,66 ****
+--- 61,68 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "openssl/e_os.h"
++ 
+  #ifdef VMS
+  #include <unixio.h>
+  #endif
+***************
+*** 73,79 ****
+  # include <sys/stat.h>
+  #endif
+  
+- #include "openssl/e_os.h"
+  #include <openssl/crypto.h>
+  #include <openssl/rand.h>
+  
+--- 75,80 ----
+***************
+*** 124,130 ****
+  			}
+  		}
+  	fclose(in);
+! 	memset(buf,0,BUFSIZE);
+  err:
+  	return(ret);
+  	}
+--- 125,131 ----
+  			}
+  		}
+  	fclose(in);
+! 	OPENSSL_cleanse(buf,BUFSIZE);
+  err:
+  	return(ret);
+  	}
+***************
+*** 189,195 ****
+  #endif /* VMS */
+  
+  	fclose(out);
+! 	memset(buf,0,BUFSIZE);
+  err:
+  	return (rand_err ? -1 : ret);
+  	}
+--- 190,196 ----
+  #endif /* VMS */
+  
+  	fclose(out);
+! 	OPENSSL_cleanse(buf,BUFSIZE);
+  err:
+  	return (rand_err ? -1 : ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rand/randtest.c ../RELENG_5_0/crypto/openssl/crypto/rand/randtest.c
+*** crypto/openssl/crypto/rand/randtest.c	Thu Apr 13 02:29:34 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/rand/randtest.c	Thu Feb 20 12:14:17 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <openssl/rand.h>
+  
++ #include "../e_os.h"
++ 
+  /* some FIPS 140-1 random number test */
+  /* some simple tests */
+  
+***************
+*** 202,207 ****
+  		}
+  	printf("test 4 done\n");
+  	err=((err)?1:0);
+! 	exit(err);
+  	return(err);
+  	}
+--- 204,209 ----
+  		}
+  	printf("test 4 done\n");
+  	err=((err)?1:0);
+! 	EXIT(err);
+  	return(err);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/rc2/Makefile.ssl
+*** crypto/openssl/crypto/rc2/Makefile.ssl	Sat Feb 17 22:16:30 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/rc2/Makefile.ssl	Thu Feb 20 12:14:17 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc2/rc2test.c ../RELENG_5_0/crypto/openssl/crypto/rc2/rc2test.c
+*** crypto/openssl/crypto/rc2/rc2test.c	Thu Apr 13 02:29:37 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/rc2/rc2test.c	Thu Feb 20 12:14:17 2003
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC2
+  int main(int argc, char *argv[])
+  {
+***************
+*** 203,209 ****
+  		printf("ok\n");
+  #endif
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 205,211 ----
+  		printf("ok\n");
+  #endif
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/rc4/Makefile.ssl
+*** crypto/openssl/crypto/rc4/Makefile.ssl	Sat Feb 17 22:16:31 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/rc4/Makefile.ssl	Thu Feb 20 12:14:17 2003
+***************
+*** 97,103 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 97,103 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4.c ../RELENG_5_0/crypto/openssl/crypto/rc4/rc4.c
+*** crypto/openssl/crypto/rc4/rc4.c	Mon Jan 10 01:21:50 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/rc4/rc4.c	Thu Feb 20 12:14:17 2003
+***************
+*** 155,161 ****
+  		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+  		if (i != 0)
+  			{
+! 			memset(buf,0,BUFSIZ);
+  			fprintf(stderr,"bad password read\n");
+  			exit(1);
+  			}
+--- 155,161 ----
+  		i=EVP_read_pw_string(buf,BUFSIZ,"Enter RC4 password:",0);
+  		if (i != 0)
+  			{
+! 			OPENSSL_cleanse(buf,BUFSIZ);
+  			fprintf(stderr,"bad password read\n");
+  			exit(1);
+  			}
+***************
+*** 163,169 ****
+  		}
+  
+  	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+! 	memset(keystr,0,strlen(keystr));
+  	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+  	
+  	for(;;)
+--- 163,169 ----
+  		}
+  
+  	MD5((unsigned char *)keystr,(unsigned long)strlen(keystr),md);
+! 	OPENSSL_cleanse(keystr,strlen(keystr));
+  	RC4_set_key(&key,MD5_DIGEST_LENGTH,md);
+  	
+  	for(;;)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc4/rc4test.c ../RELENG_5_0/crypto/openssl/crypto/rc4/rc4test.c
+*** crypto/openssl/crypto/rc4/rc4test.c	Thu Apr 13 02:29:42 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/rc4/rc4test.c	Thu Feb 20 12:14:17 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <stdlib.h>
+  #include <string.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC4
+  int main(int argc, char *argv[])
+  {
+***************
+*** 195,201 ****
+  			}
+  		}
+  	printf("done\n");
+! 	exit(err);
+  	return(0);
+  	}
+  #endif
+--- 197,203 ----
+  			}
+  		}
+  	printf("done\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/rc5/Makefile.ssl
+*** crypto/openssl/crypto/rc5/Makefile.ssl	Sat Feb 17 22:16:32 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/rc5/Makefile.ssl	Thu Feb 20 12:14:17 2003
+***************
+*** 94,100 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 94,100 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rc5/rc5test.c ../RELENG_5_0/crypto/openssl/crypto/rc5/rc5test.c
+*** crypto/openssl/crypto/rc5/rc5test.c	Thu Apr 13 02:29:45 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/rc5/rc5test.c	Thu Feb 20 12:14:17 2003
+***************
+*** 63,68 ****
+--- 63,70 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RC5
+  int main(int argc, char *argv[])
+  {
+***************
+*** 318,324 ****
+  		}
+  	if (err == 0) printf("cbc RC5 ok\n");
+  
+! 	exit(err);
+  	return(err);
+  	}
+  
+--- 320,326 ----
+  		}
+  	if (err == 0) printf("cbc RC5 ok\n");
+  
+! 	EXIT(err);
+  	return(err);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/ripemd/Makefile.ssl
+*** crypto/openssl/crypto/ripemd/Makefile.ssl	Sat Feb 17 22:16:33 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/ripemd/Makefile.ssl	Thu Feb 20 12:14:17 2003
+***************
+*** 92,98 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 92,98 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 106,109 ****
+  rmd_dgst.o: ../../include/openssl/opensslconf.h
+  rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+  rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
+! rmd_one.o: ../../include/openssl/ripemd.h
+--- 106,111 ----
+  rmd_dgst.o: ../../include/openssl/opensslconf.h
+  rmd_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/ripemd.h
+  rmd_dgst.o: ../md32_common.h rmd_locl.h rmdconst.h
+! rmd_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! rmd_one.o: ../../include/openssl/ripemd.h ../../include/openssl/safestack.h
+! rmd_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmd_one.c ../RELENG_5_0/crypto/openssl/crypto/ripemd/rmd_one.c
+*** crypto/openssl/crypto/ripemd/rmd_one.c	Thu Apr 13 02:29:47 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/ripemd/rmd_one.c	Thu Feb 20 12:14:17 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/ripemd.h>
++ #include <openssl/crypto.h>
+  
+  unsigned char *RIPEMD160(const unsigned char *d, unsigned long n,
+  	     unsigned char *md)
+***************
+*** 70,76 ****
+  	RIPEMD160_Init(&c);
+  	RIPEMD160_Update(&c,d,n);
+  	RIPEMD160_Final(md,&c);
+! 	memset(&c,0,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+--- 71,77 ----
+  	RIPEMD160_Init(&c);
+  	RIPEMD160_Update(&c,d,n);
+  	RIPEMD160_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c)); /* security consideration */
+  	return(md);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/ripemd/rmdtest.c ../RELENG_5_0/crypto/openssl/crypto/ripemd/rmdtest.c
+*** crypto/openssl/crypto/ripemd/rmdtest.c	Thu Apr 13 02:29:47 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/ripemd/rmdtest.c	Thu Feb 20 12:14:17 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_RIPEMD
+  int main(int argc, char *argv[])
+  {
+***************
+*** 124,130 ****
+  		R++;
+  		P++;
+  		}
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 126,132 ----
+  		R++;
+  		P++;
+  		}
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/rsa/Makefile.ssl
+*** crypto/openssl/crypto/rsa/Makefile.ssl	Sat Feb 17 22:16:34 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/rsa/Makefile.ssl	Thu Feb 20 12:14:18 2003
+***************
+*** 70,76 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 70,76 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa.h ../RELENG_5_0/crypto/openssl/crypto/rsa/rsa.h
+*** crypto/openssl/crypto/rsa/rsa.h	Tue Jul 30 08:46:49 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/rsa/rsa.h	Thu Feb 20 12:14:18 2003
+***************
+*** 169,174 ****
+--- 168,175 ----
+  #define RSA_SSLV23_PADDING	2
+  #define RSA_NO_PADDING		3
+  #define RSA_PKCS1_OAEP_PADDING	4
++ 
++ #define RSA_PKCS1_PADDING_SIZE	11
+  
+  #define RSA_set_app_data(s,arg)         RSA_set_ex_data(s,0,arg)
+  #define RSA_get_app_data(s)             RSA_get_ex_data(s,0)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_eay.c ../RELENG_5_0/crypto/openssl/crypto/rsa/rsa_eay.c
+*** crypto/openssl/crypto/rsa/rsa_eay.c	Tue Jul 30 09:58:52 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/rsa/rsa_eay.c	Thu Feb 20 12:14:18 2003
+***************
+*** 185,191 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL) 
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 184,190 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL) 
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 269,275 ****
+  	BN_clear_free(&f);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 268,274 ----
+  	BN_clear_free(&f);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 368,374 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 367,373 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+***************
+*** 465,471 ****
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		memset(buf,0,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+--- 464,470 ----
+  	BN_clear_free(&ret);
+  	if (buf != NULL)
+  		{
+! 		OPENSSL_cleanse(buf,num);
+  		OPENSSL_free(buf);
+  		}
+  	return(r);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_pk1.c ../RELENG_5_0/crypto/openssl/crypto/rsa/rsa_pk1.c
+*** crypto/openssl/crypto/rsa/rsa_pk1.c	Thu Apr 13 02:29:52 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/rsa/rsa_pk1.c	Thu Feb 20 12:14:18 2003
+***************
+*** 68,74 ****
+  	int j;
+  	unsigned char *p;
+  
+! 	if (flen > (tlen-11))
+  		{
+  		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+  		return(0);
+--- 68,74 ----
+  	int j;
+  	unsigned char *p;
+  
+! 	if (flen > (tlen-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+  		return(0);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_saos.c ../RELENG_5_0/crypto/openssl/crypto/rsa/rsa_saos.c
+*** crypto/openssl/crypto/rsa/rsa_saos.c	Sun Nov 12 20:00:13 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/rsa/rsa_saos.c	Thu Feb 20 12:14:18 2003
+***************
+*** 76,82 ****
+  
+  	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
+  	j=RSA_size(rsa);
+! 	if ((i-RSA_PKCS1_PADDING) > j)
+  		{
+  		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+--- 76,82 ----
+  
+  	i=i2d_ASN1_OCTET_STRING(&sig,NULL);
+  	j=RSA_size(rsa);
+! 	if (i > (j-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+***************
+*** 95,101 ****
+  	else
+  		*siglen=i;
+  
+! 	memset(s,0,(unsigned int)j+1);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 95,101 ----
+  	else
+  		*siglen=i;
+  
+! 	OPENSSL_cleanse(s,(unsigned int)j+1);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+***************
+*** 137,143 ****
+  		ret=1;
+  err:
+  	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
+! 	memset(s,0,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 137,143 ----
+  		ret=1;
+  err:
+  	if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
+! 	OPENSSL_cleanse(s,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/rsa/rsa_sign.c ../RELENG_5_0/crypto/openssl/crypto/rsa/rsa_sign.c
+*** crypto/openssl/crypto/rsa/rsa_sign.c	Sun Nov 12 20:00:13 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/rsa/rsa_sign.c	Thu Feb 20 12:14:18 2003
+***************
+*** 109,115 ****
+  		i=i2d_X509_SIG(&sig,NULL);
+  	}
+  	j=RSA_size(rsa);
+! 	if ((i-RSA_PKCS1_PADDING) > j)
+  		{
+  		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+--- 109,115 ----
+  		i=i2d_X509_SIG(&sig,NULL);
+  	}
+  	j=RSA_size(rsa);
+! 	if (i > (j-RSA_PKCS1_PADDING_SIZE))
+  		{
+  		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+  		return(0);
+***************
+*** 131,137 ****
+  		*siglen=i;
+  
+  	if(type != NID_md5_sha1) {
+! 		memset(s,0,(unsigned int)j+1);
+  		OPENSSL_free(s);
+  	}
+  	return(ret);
+--- 131,137 ----
+  		*siglen=i;
+  
+  	if(type != NID_md5_sha1) {
+! 		OPENSSL_cleanse(s,(unsigned int)j+1);
+  		OPENSSL_free(s);
+  	}
+  	return(ret);
+***************
+*** 214,220 ****
+  	}
+  err:
+  	if (sig != NULL) X509_SIG_free(sig);
+! 	memset(s,0,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+--- 214,220 ----
+  	}
+  err:
+  	if (sig != NULL) X509_SIG_free(sig);
+! 	OPENSSL_cleanse(s,(unsigned int)siglen);
+  	OPENSSL_free(s);
+  	return(ret);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/sha/Makefile.ssl
+*** crypto/openssl/crypto/sha/Makefile.ssl	Sat Feb 17 22:16:36 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/sha/Makefile.ssl	Thu Feb 20 12:14:18 2003
+***************
+*** 92,98 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 92,98 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 103,113 ****
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! sha1_one.o: ../../include/openssl/sha.h
+  sha1dgst.o: ../../include/openssl/opensslconf.h
+  sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha1dgst.o: ../md32_common.h sha_locl.h
+  sha_dgst.o: ../../include/openssl/opensslconf.h
+  sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha_dgst.o: ../md32_common.h sha_locl.h
+! sha_one.o: ../../include/openssl/sha.h
+--- 103,117 ----
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! sha1_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! sha1_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! sha1_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+  sha1dgst.o: ../../include/openssl/opensslconf.h
+  sha1dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha1dgst.o: ../md32_common.h sha_locl.h
+  sha_dgst.o: ../../include/openssl/opensslconf.h
+  sha_dgst.o: ../../include/openssl/opensslv.h ../../include/openssl/sha.h
+  sha_dgst.o: ../md32_common.h sha_locl.h
+! sha_one.o: ../../include/openssl/crypto.h ../../include/openssl/opensslv.h
+! sha_one.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+! sha_one.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1_one.c ../RELENG_5_0/crypto/openssl/crypto/sha/sha1_one.c
+*** crypto/openssl/crypto/sha/sha1_one.c	Mon Jan 10 01:21:52 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/sha/sha1_one.c	Thu Feb 20 12:14:18 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/sha.h>
++ #include <openssl/crypto.h>
+  
+  #ifndef NO_SHA1
+  unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md)
+***************
+*** 70,76 ****
+  	SHA1_Init(&c);
+  	SHA1_Update(&c,d,n);
+  	SHA1_Final(md,&c);
+! 	memset(&c,0,sizeof(c));
+  	return(md);
+  	}
+  #endif
+--- 71,77 ----
+  	SHA1_Init(&c);
+  	SHA1_Update(&c,d,n);
+  	SHA1_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));
+  	return(md);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha1test.c ../RELENG_5_0/crypto/openssl/crypto/sha/sha1test.c
+*** crypto/openssl/crypto/sha/sha1test.c	Thu Apr 13 02:29:57 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/sha/sha1test.c	Thu Feb 20 12:14:18 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_SHA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 152,158 ****
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 154,160 ----
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/sha_one.c ../RELENG_5_0/crypto/openssl/crypto/sha/sha_one.c
+*** crypto/openssl/crypto/sha/sha_one.c	Mon Jan 10 01:21:52 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/sha/sha_one.c	Thu Feb 20 12:14:18 2003
+***************
+*** 59,64 ****
+--- 59,65 ----
+  #include <stdio.h>
+  #include <string.h>
+  #include <openssl/sha.h>
++ #include <openssl/crypto.h>
+  
+  #ifndef NO_SHA0
+  unsigned char *SHA(const unsigned char *d, unsigned long n, unsigned char *md)
+***************
+*** 70,76 ****
+  	SHA_Init(&c);
+  	SHA_Update(&c,d,n);
+  	SHA_Final(md,&c);
+! 	memset(&c,0,sizeof(c));
+  	return(md);
+  	}
+  #endif
+--- 71,77 ----
+  	SHA_Init(&c);
+  	SHA_Update(&c,d,n);
+  	SHA_Final(md,&c);
+! 	OPENSSL_cleanse(&c,sizeof(c));
+  	return(md);
+  	}
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/sha/shatest.c ../RELENG_5_0/crypto/openssl/crypto/sha/shatest.c
+*** crypto/openssl/crypto/sha/shatest.c	Thu Apr 13 02:29:57 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/sha/shatest.c	Thu Feb 20 12:14:18 2003
+***************
+*** 60,65 ****
+--- 60,67 ----
+  #include <string.h>
+  #include <stdlib.h>
+  
++ #include "../e_os.h"
++ 
+  #ifdef NO_SHA
+  int main(int argc, char *argv[])
+  {
+***************
+*** 152,158 ****
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	exit(err);
+  	return(0);
+  	}
+  
+--- 154,160 ----
+  		}
+  	else
+  		printf("test 3 ok\n");
+! 	EXIT(err);
+  	return(0);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/stack/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/stack/Makefile.ssl
+*** crypto/openssl/crypto/stack/Makefile.ssl	Sat Feb 17 22:16:37 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/stack/Makefile.ssl	Thu Feb 20 12:14:19 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/threads/mttest.c ../RELENG_5_0/crypto/openssl/crypto/threads/mttest.c
+*** crypto/openssl/crypto/threads/mttest.c	Sun Nov 12 20:00:23 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/threads/mttest.c	Thu Feb 20 12:14:19 2003
+***************
+*** 77,82 ****
+--- 77,86 ----
+  #ifdef PTHREADS
+  #include <pthread.h>
+  #endif
++ #ifdef VXWORKS
++ #include <taskLib.h>
++ #include <semLib.h>
++ #endif
+  #include <openssl/lhash.h>
+  #include <openssl/crypto.h>
+  #include <openssl/buffer.h>
+***************
+*** 105,114 ****
+--- 109,120 ----
+  void solaris_locking_callback(int mode,int type,char *file,int line);
+  void win32_locking_callback(int mode,int type,char *file,int line);
+  void pthreads_locking_callback(int mode,int type,char *file,int line);
++ void vxworks_locking_callback(int mode,int type,char *file,int line);
+  
+  unsigned long irix_thread_id(void );
+  unsigned long solaris_thread_id(void );
+  unsigned long pthreads_thread_id(void );
++ unsigned long vxworks_thread_id(void );
+  
+  BIO *bio_err=NULL;
+  BIO *bio_stdout=NULL;
+***************
+*** 1097,1100 ****
+--- 1103,1221 ----
+  #endif /* PTHREADS */
+  
+  
++ #ifdef VXWORKS
++ 
++ #define DEFAULT_TASK_NAME               NULL
++ #define DEFAULT_TASK_PRIORITY           100
++ #define DEFAULT_TASK_OPTIONS            0
++ #define DEFAULT_TASK_STACK_BYTES        32768
++ 
++ static SEM_ID *lock_cs;
++ static long *lock_count;
++ 
++ extern int sysClkRateGet();
++ 
++ void thread_setup(void)
++ 	{
++ 	int i;
++ 
++ 	lock_cs=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(SEM_ID));
++ 	lock_count=OPENSSL_malloc(CRYPTO_num_locks() * sizeof(long));
++ 	for (i=0; i<CRYPTO_num_locks(); i++)
++ 		{
++ 		lock_count[i]=0;
++ 		lock_cs[i] = semMCreate(SEM_Q_PRIORITY | SEM_INVERSION_SAFE);
++ 		}
++ 
++ 	CRYPTO_set_id_callback((unsigned long (*)())vxworks_thread_id);
++ 	CRYPTO_set_locking_callback((void (*)())vxworks_locking_callback);
++ 	}
++ 
++ void thread_cleanup(void)
++ 	{
++ 	int i;
++ 
++ 	CRYPTO_set_locking_callback(NULL);
++ 	fprintf(stderr,"cleanup\n");
++ 	for (i=0; i<CRYPTO_num_locks(); i++)
++ 		{
++ 		semDelete(lock_cs[i]);
++ 		fprintf(stderr,"%8ld:%s\n",lock_count[i],
++ 			CRYPTO_get_lock_name(i));
++ 		}
++ 	OPENSSL_free(lock_cs);
++ 	OPENSSL_free(lock_count);
++ 
++ 	fprintf(stderr,"done cleanup\n");
++ 	}
++ 
++ void vxworks_locking_callback(int mode, int type, char *file, int line)
++       {
++ #ifdef undef
++ 	fprintf(stderr,"thread=%4d mode=%s lock=%s %s:%d\n",
++ 		CRYPTO_thread_id(),
++ 		(mode&CRYPTO_LOCK)?"l":"u",
++ 		(type&CRYPTO_READ)?"r":"w",file,line);
++ #endif
++ /*
++ 	if (CRYPTO_LOCK_SSL_CERT == type)
++ 		fprintf(stderr,"(t,m,f,l) %ld %d %s %d\n",
++ 		CRYPTO_thread_id(),
++ 		mode,file,line);
++ */
++ 	if (mode & CRYPTO_LOCK)
++ 		{
++ 		semTake(lock_cs[type], WAIT_FOREVER);
++ 		lock_count[type]++;
++ 		}
++ 	else
++ 		{
++ 		semGive(lock_cs[type]);
++ 		}
++ 	}
++ 
++ 
++ void do_threads(SSL_CTX *s_ctx, SSL_CTX *c_ctx)
++ 	{
++ 	SSL_CTX *ssl_ctx[2];
++ 	int thread_ctx[MAX_THREAD_NUMBER];
++ 	int i;
++ 
++ 	ssl_ctx[0]=s_ctx;
++ 	ssl_ctx[1]=c_ctx;
++ 
++ 	/*
++ 	thr_setconcurrency(thread_number);
++ 	*/
++ 	for (i=0; i<thread_number; i++)
++ 		{
++ 		thread_ctx[i] = taskSpawn(DEFAULT_TASK_NAME,
++ 				DEFAULT_TASK_PRIORITY,
++ 				DEFAULT_TASK_OPTIONS,
++ 				DEFAULT_TASK_STACK_BYTES,
++ 				(FUNCPTR)ndoit,
++ 				(int)ssl_ctx, 0, 0, 0, 0, 0, 0, 0, 0, 0);
++ 
++ 		printf("Spawned task %d (%x)\n", i, thread_ctx[i]);
++ 		}
++ 
++ 	printf("reaping\n");
++ 	for (i=0; i<thread_number; i++)
++ 		{
++ 		while(taskIdVerify(thread_ctx[i]) != ERROR)
++ 			{
++ 			taskDelay(sysClkRateGet()/10);
++ 			}
++ 		printf("Reaped task %d (%x)\n", i, thread_ctx[i]);
++ 		}
++ 
++ 	printf("vxworks threads done (%d,%d)\n",
++ 		s_ctx->references,c_ctx->references);
++ 	}
++ 
++ unsigned long vxworks_thread_id(void)
++ 	{
++ 	return((unsigned long)taskIdSelf());
++ 	}
+  
++ #endif /* VXWORKS */
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/tmdiff.c ../RELENG_5_0/crypto/openssl/crypto/tmdiff.c
+*** crypto/openssl/crypto/tmdiff.c	Tue Jul 30 08:43:23 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/tmdiff.c	Thu Feb 20 12:14:11 2003
+***************
+*** 105,110 ****
+--- 105,115 ----
+  #include <windows.h>
+  #endif
+  
++ #ifdef VXWORKS
++ #include <tickLib.h>
++ #include <drv/timer/timerDev.h>
++ #endif
++ 
+  /* The following if from times(3) man page.  It may need to be changed */
+  #ifndef HZ
+  # ifndef CLK_TCK
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/txt_db/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/txt_db/Makefile.ssl
+*** crypto/openssl/crypto/txt_db/Makefile.ssl	Sat Feb 17 22:16:38 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/txt_db/Makefile.ssl	Thu Feb 20 12:14:19 2003
+***************
+*** 68,74 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 68,74 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/uid.c ../RELENG_5_0/crypto/openssl/crypto/uid.c
+*** crypto/openssl/crypto/uid.c	Sat May 19 23:05:17 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/uid.c	Thu Feb 20 12:14:11 2003
+***************
+*** 64,70 ****
+  	return issetugid();
+  	}
+  
+! #elif defined(WIN32)
+  
+  int OPENSSL_issetugid(void)
+  	{
+--- 64,70 ----
+  	return issetugid();
+  	}
+  
+! #elif defined(WIN32) || defined(VXWORKS)
+  
+  int OPENSSL_issetugid(void)
+  	{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/x509/Makefile.ssl
+*** crypto/openssl/crypto/x509/Makefile.ssl	Tue Jul 30 08:43:53 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/x509/Makefile.ssl	Thu Feb 20 12:14:19 2003
+***************
+*** 78,84 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 78,84 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/by_file.c ../RELENG_5_0/crypto/openssl/crypto/x509/by_file.c
+*** crypto/openssl/crypto/x509/by_file.c	Thu Apr 13 02:30:05 2000
+--- ../RELENG_5_0/crypto/openssl/crypto/x509/by_file.c	Thu Feb 20 12:14:19 2003
+***************
+*** 100,116 ****
+  	case X509_L_FILE_LOAD:
+  		if (argl == X509_FILETYPE_DEFAULT)
+  			{
+! 			ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+! 				X509_FILETYPE_PEM) != 0);
+  			if (!ok)
+  				{
+  				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+- 				}
+- 			else
+- 				{
+- 				file=(char *)Getenv(X509_get_default_cert_file_env());
+- 				ok = (X509_load_cert_crl_file(ctx,file,
+- 					X509_FILETYPE_PEM) != 0);
+  				}
+  			}
+  		else
+--- 100,117 ----
+  	case X509_L_FILE_LOAD:
+  		if (argl == X509_FILETYPE_DEFAULT)
+  			{
+! 			file = (char *)Getenv(X509_get_default_cert_file_env());
+! 			if (file)
+! 				ok = (X509_load_cert_crl_file(ctx,file,
+! 					      X509_FILETYPE_PEM) != 0);
+! 
+! 			if (!ok)
+! 				ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(),
+! 					      X509_FILETYPE_PEM) != 0);
+! 
+  			if (!ok)
+  				{
+  				X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS);
+  				}
+  			}
+  		else
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_cmp.c ../RELENG_5_0/crypto/openssl/crypto/x509/x509_cmp.c
+*** crypto/openssl/crypto/x509/x509_cmp.c	Sat May 19 23:06:25 2001
+--- ../RELENG_5_0/crypto/openssl/crypto/x509/x509_cmp.c	Thu Feb 20 12:14:19 2003
+***************
+*** 57,62 ****
+--- 57,63 ----
+   */
+  
+  #include <stdio.h>
++ #include <ctype.h>
+  #include "cryptlib.h"
+  #include <openssl/asn1.h>
+  #include <openssl/objects.h>
+***************
+*** 157,162 ****
+--- 158,256 ----
+  }
+  #endif
+  
++ 
++ /* Case insensitive string comparision */
++ static int nocase_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
++ {
++ 	int i;
++ 
++ 	if (a->length != b->length)
++ 		return (a->length - b->length);
++ 
++ 	for (i=0; i<a->length; i++)
++ 	{
++ 		int ca, cb;
++ 
++ 		ca = tolower(a->data[i]);
++ 		cb = tolower(b->data[i]);
++ 
++ 		if (ca != cb)
++ 			return(ca-cb);
++ 	}
++ 	return 0;
++ }
++ 
++ /* Case insensitive string comparision with space normalization 
++  * Space normalization - ignore leading, trailing spaces, 
++  *       multiple spaces between characters are replaced by single space  
++  */
++ static int nocase_spacenorm_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
++ {
++ 	unsigned char *pa = NULL, *pb = NULL;
++ 	int la, lb;
++ 	
++ 	la = a->length;
++ 	lb = b->length;
++ 	pa = a->data;
++ 	pb = b->data;
++ 
++ 	/* skip leading spaces */
++ 	while (la > 0 && isspace(*pa))
++ 	{
++ 		la--;
++ 		pa++;
++ 	}
++ 	while (lb > 0 && isspace(*pb))
++ 	{
++ 		lb--;
++ 		pb++;
++ 	}
++ 
++ 	/* skip trailing spaces */
++ 	while (la > 0 && isspace(pa[la-1]))
++ 		la--;
++ 	while (lb > 0 && isspace(pb[lb-1]))
++ 		lb--;
++ 
++ 	/* compare strings with space normalization */
++ 	while (la > 0 && lb > 0)
++ 	{
++ 		int ca, cb;
++ 
++ 		/* compare character */
++ 		ca = tolower(*pa);
++ 		cb = tolower(*pb);
++ 		if (ca != cb)
++ 			return (ca - cb);
++ 
++ 		pa++; pb++;
++ 		la--; lb--;
++ 
++ 		if (la <= 0 || lb <= 0)
++ 			break;
++ 
++ 		/* is white space next character ? */
++ 		if (isspace(*pa) && isspace(*pb))
++ 		{
++ 			/* skip remaining white spaces */
++ 			while (la > 0 && isspace(*pa))
++ 			{
++ 				la--;
++ 				pa++;
++ 			}
++ 			while (lb > 0 && isspace(*pb))
++ 			{
++ 				lb--;
++ 				pb++;
++ 			}
++ 		}
++ 	}
++ 	if (la > 0 || lb > 0)
++ 		return la - lb;
++ 
++ 	return 0;
++ }
++ 
+  int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b)
+  	{
+  	int i,j;
+***************
+*** 170,179 ****
+  		{
+  		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+  		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+! 		j=na->value->length-nb->value->length;
+  		if (j) return(j);
+! 		j=memcmp(na->value->data,nb->value->data,
+! 			na->value->length);
+  		if (j) return(j);
+  		j=na->set-nb->set;
+  		if (j) return(j);
+--- 264,283 ----
+  		{
+  		na=sk_X509_NAME_ENTRY_value(a->entries,i);
+  		nb=sk_X509_NAME_ENTRY_value(b->entries,i);
+! 		j=na->value->type-nb->value->type;
+  		if (j) return(j);
+! 		if (na->value->type == V_ASN1_PRINTABLESTRING)
+! 			j=nocase_spacenorm_cmp(na->value, nb->value);
+! 		else if (na->value->type == V_ASN1_IA5STRING
+! 			&& OBJ_obj2nid(na->object) == NID_pkcs9_emailAddress)
+! 			j=nocase_cmp(na->value, nb->value);
+! 		else
+! 			{
+! 			j=na->value->length-nb->value->length;
+! 			if (j) return(j);
+! 			j=memcmp(na->value->data,nb->value->data,
+! 				na->value->length);
+! 			}
+  		if (j) return(j);
+  		j=na->set-nb->set;
+  		if (j) return(j);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509/x509_vfy.c ../RELENG_5_0/crypto/openssl/crypto/x509/x509_vfy.c
+*** crypto/openssl/crypto/x509/x509_vfy.c	Sat Jan 26 22:12:13 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/x509/x509_vfy.c	Thu Feb 20 12:14:19 2003
+***************
+*** 567,573 ****
+  	{
+  	char *str;
+  	ASN1_TIME atm;
+! 	time_t offset;
+  	char buff1[24],buff2[24],*p;
+  	int i,j;
+  
+--- 567,573 ----
+  	{
+  	char *str;
+  	ASN1_TIME atm;
+! 	long offset;
+  	char buff1[24],buff2[24],*p;
+  	int i,j;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/crypto/x509v3/Makefile.ssl ../RELENG_5_0/crypto/openssl/crypto/x509v3/Makefile.ssl
+*** crypto/openssl/crypto/x509v3/Makefile.ssl	Tue Jul 30 08:43:54 2002
+--- ../RELENG_5_0/crypto/openssl/crypto/x509v3/Makefile.ssl	Thu Feb 20 12:14:19 2003
+***************
+*** 72,78 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 72,78 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/demos/selfsign.c ../RELENG_5_0/crypto/openssl/demos/selfsign.c
+*** crypto/openssl/demos/selfsign.c	Thu Apr 13 02:30:30 2000
+--- ../RELENG_5_0/crypto/openssl/demos/selfsign.c	Thu Feb 20 12:14:19 2003
+***************
+*** 106,112 ****
+  		}
+  	rsa=NULL;
+  
+! 	X509_set_version(x,3);
+  	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+  	X509_gmtime_adj(X509_get_notBefore(x),0);
+  	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+--- 106,112 ----
+  		}
+  	rsa=NULL;
+  
+! 	X509_set_version(x,2);
+  	ASN1_INTEGER_set(X509_get_serialNumber(x),serial);
+  	X509_gmtime_adj(X509_get_notBefore(x),0);
+  	X509_gmtime_adj(X509_get_notAfter(x),(long)60*60*24*days);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/passwd.pod ../RELENG_5_0/crypto/openssl/doc/apps/passwd.pod
+*** crypto/openssl/doc/apps/passwd.pod	Sun Nov 12 20:01:43 2000
+--- ../RELENG_5_0/crypto/openssl/doc/apps/passwd.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 69,75 ****
+  
+  B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+  
+! B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1>.
+  
+  B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+  
+--- 69,75 ----
+  
+  B<openssl passwd -crypt -salt xx password> prints B<xxj31ZMTZzkVA>.
+  
+! B<openssl passwd -1 -salt xxxxxxxx password> prints B<$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.>.
+  
+  B<openssl passwd -apr1 -salt xxxxxxxx password> prints B<$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0>.
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/req.pod ../RELENG_5_0/crypto/openssl/doc/apps/req.pod
+*** crypto/openssl/doc/apps/req.pod	Sun Nov 12 20:01:48 2000
+--- ../RELENG_5_0/crypto/openssl/doc/apps/req.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 457,469 ****
+  
+  The header and footer lines in the B<PEM> format are normally:
+  
+!  -----BEGIN CERTIFICATE REQUEST----
+!  -----END CERTIFICATE REQUEST----
+  
+  some software (some versions of Netscape certificate server) instead needs:
+  
+!  -----BEGIN NEW CERTIFICATE REQUEST----
+!  -----END NEW CERTIFICATE REQUEST----
+  
+  which is produced with the B<-newhdr> option but is otherwise compatible.
+  Either form is accepted transparently on input.
+--- 457,469 ----
+  
+  The header and footer lines in the B<PEM> format are normally:
+  
+!  -----BEGIN CERTIFICATE REQUEST-----
+!  -----END CERTIFICATE REQUEST-----
+  
+  some software (some versions of Netscape certificate server) instead needs:
+  
+!  -----BEGIN NEW CERTIFICATE REQUEST-----
+!  -----END NEW CERTIFICATE REQUEST-----
+  
+  which is produced with the B<-newhdr> option but is otherwise compatible.
+  Either form is accepted transparently on input.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/smime.pod ../RELENG_5_0/crypto/openssl/doc/apps/smime.pod
+*** crypto/openssl/doc/apps/smime.pod	Tue Jul 30 09:37:55 2002
+--- ../RELENG_5_0/crypto/openssl/doc/apps/smime.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 340,347 ****
+  signature by line wrapping the base64 encoded structure and surrounding
+  it with:
+  
+!  -----BEGIN PKCS7----
+!  -----END PKCS7----
+  
+  and using the command, 
+  
+--- 340,347 ----
+  signature by line wrapping the base64 encoded structure and surrounding
+  it with:
+  
+!  -----BEGIN PKCS7-----
+!  -----END PKCS7-----
+  
+  and using the command, 
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/apps/x509.pod ../RELENG_5_0/crypto/openssl/doc/apps/x509.pod
+*** crypto/openssl/doc/apps/x509.pod	Sun Nov 12 20:01:53 2000
+--- ../RELENG_5_0/crypto/openssl/doc/apps/x509.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 321,327 ****
+  ".srl" appended. For example if the CA certificate file is called 
+  "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+  
+! =item B<-CAcreateserial filename>
+  
+  with this option the CA serial number file is created if it does not exist:
+  it will contain the serial number "02" and the certificate being signed will
+--- 321,327 ----
+  ".srl" appended. For example if the CA certificate file is called 
+  "mycacert.pem" it expects to find a serial number file called "mycacert.srl".
+  
+! =item B<-CAcreateserial>
+  
+  with this option the CA serial number file is created if it does not exist:
+  it will contain the serial number "02" and the certificate being signed will
+***************
+*** 532,556 ****
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust sslclient \
+! 	-alias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+  The PEM format uses the header and footer lines:
+  
+!  -----BEGIN CERTIFICATE----
+!  -----END CERTIFICATE----
+  
+  it will also handle files containing:
+  
+!  -----BEGIN X509 CERTIFICATE----
+!  -----END X509 CERTIFICATE----
+  
+  Trusted certificates have the lines
+  
+!  -----BEGIN TRUSTED CERTIFICATE----
+!  -----END TRUSTED CERTIFICATE----
+  
+  The conversion to UTF8 format used with the name options assumes that
+  T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+--- 532,556 ----
+  Set a certificate to be trusted for SSL client use and change set its alias to
+  "Steve's Class 1 CA"
+  
+!  openssl x509 -in cert.pem -addtrust clientAuth \
+! 	-setalias "Steve's Class 1 CA" -out trust.pem
+  
+  =head1 NOTES
+  
+  The PEM format uses the header and footer lines:
+  
+!  -----BEGIN CERTIFICATE-----
+!  -----END CERTIFICATE-----
+  
+  it will also handle files containing:
+  
+!  -----BEGIN X509 CERTIFICATE-----
+!  -----END X509 CERTIFICATE-----
+  
+  Trusted certificates have the lines
+  
+!  -----BEGIN TRUSTED CERTIFICATE-----
+!  -----END TRUSTED CERTIFICATE-----
+  
+  The conversion to UTF8 format used with the name options assumes that
+  T61Strings use the ISO8859-1 character set. This is wrong but Netscape
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/c-indentation.el ../RELENG_5_0/crypto/openssl/doc/c-indentation.el
+*** crypto/openssl/doc/c-indentation.el	Sun Nov 12 20:01:00 2000
+--- ../RELENG_5_0/crypto/openssl/doc/c-indentation.el	Thu Feb 20 12:14:20 2003
+***************
+*** 13,24 ****
+  ;
+  ; Apparently statement blocks that are not introduced by a statement
+  ; such as "if" and that are not the body of a function cannot
+! ; be handled too well by CC mode with this indentation style.
+! ; The style defined below does not indent them at all.
+! ; To insert tabs manually, prefix them with ^Q (the "quoted-insert"
+! ; command of Emacs).  If you know a solution to this problem
+! ; or find other problems with this indentation style definition,
+! ; please send e-mail to bodo@openssl.org.
+  
+  (c-add-style "eay"
+  	     '((c-basic-offset . 8)
+--- 13,22 ----
+  ;
+  ; Apparently statement blocks that are not introduced by a statement
+  ; such as "if" and that are not the body of a function cannot
+! ; be handled too well by CC mode with this indentation style,
+! ; so you have to indent them manually (you can use C-q tab).
+! ; 
+! ; For suggesting improvements, please send e-mail to bodo@openssl.org.
+  
+  (c-add-style "eay"
+  	     '((c-basic-offset . 8)
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_CTX_new.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_CTX_new.pod
+*** crypto/openssl/doc/crypto/BN_CTX_new.pod	Thu Apr 13 02:31:29 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_CTX_new.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 42,48 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_start(3)|BN_CTX_start(3)>
+  
+  =head1 HISTORY
+--- 42,48 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_start(3)|BN_CTX_start(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_add.pod
+*** crypto/openssl/doc/crypto/BN_add.pod	Thu Apr 13 02:31:29 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_add.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 86,92 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+  L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+  
+  =head1 HISTORY
+--- 86,92 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>,
+  L<BN_add_word(3)|BN_add_word(3)>, L<BN_set_bit(3)|BN_set_bit(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_add_word.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_add_word.pod
+*** crypto/openssl/doc/crypto/BN_add_word.pod	Thu Apr 13 02:31:29 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_add_word.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 46,52 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+--- 46,52 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_bn2bin.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_bn2bin.pod
+*** crypto/openssl/doc/crypto/BN_bn2bin.pod	Tue Jul 30 08:44:00 2002
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_bn2bin.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 80,86 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_zero(3)|BN_zero(3)>,
+  L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
+  L<BN_num_bytes(3)|BN_num_bytes(3)>
+  
+--- 80,86 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_zero(3)|BN_zero(3)>,
+  L<ASN1_INTEGER_to_BN(3)|ASN1_INTEGER_to_BN(3)>,
+  L<BN_num_bytes(3)|BN_num_bytes(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_copy.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_copy.pod
+*** crypto/openssl/doc/crypto/BN_copy.pod	Thu Apr 13 02:31:29 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_copy.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 25,31 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 25,31 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_generate_prime.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_generate_prime.pod
+*** crypto/openssl/doc/crypto/BN_generate_prime.pod	Thu Apr 13 02:31:30 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_generate_prime.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 70,76 ****
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_check>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+--- 70,76 ----
+  
+  Both BN_is_prime() and BN_is_prime_fasttest() perform a Miller-Rabin
+  probabilistic primality test with B<checks> iterations. If
+! B<checks == BN_prime_checks>, a number of iterations is used that
+  yields a false positive rate of at most 2^-80 for random input.
+  
+  If B<callback> is not B<NULL>, B<callback(1, j, cb_arg)> is called
+***************
+*** 90,96 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>
+  
+  =head1 HISTORY
+  
+--- 90,96 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_inverse.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_mod_inverse.pod
+*** crypto/openssl/doc/crypto/BN_mod_inverse.pod	Thu Apr 13 02:31:30 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_mod_inverse.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 27,33 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+--- 27,33 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod
+*** crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod	Sun Nov 12 20:02:03 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_mod_mul_montgomery.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 81,87 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+--- 81,87 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod
+*** crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod	Sun Nov 12 20:02:03 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_mod_mul_reciprocal.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 69,75 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+--- 69,75 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<BN_add(3)|BN_add(3)>,
+  L<BN_CTX_new(3)|BN_CTX_new(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_new.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_new.pod
+*** crypto/openssl/doc/crypto/BN_new.pod	Thu Apr 13 02:31:32 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_new.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 42,48 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 42,48 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/BN_rand.pod ../RELENG_5_0/crypto/openssl/doc/crypto/BN_rand.pod
+*** crypto/openssl/doc/crypto/BN_rand.pod	Tue Jul 30 09:37:56 2002
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/BN_rand.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 45,51 ****
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+  
+  =head1 HISTORY
+--- 45,51 ----
+  
+  =head1 SEE ALSO
+  
+! L<bn(3)|bn(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<RAND_add(3)|RAND_add(3)>, L<RAND_bytes(3)|RAND_bytes(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_key.pod ../RELENG_5_0/crypto/openssl/doc/crypto/DH_generate_key.pod
+*** crypto/openssl/doc/crypto/DH_generate_key.pod	Thu Apr 13 02:31:32 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/DH_generate_key.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 40,46 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+  
+  =head1 HISTORY
+  
+--- 40,46 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<DH_size(3)|DH_size(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_generate_parameters.pod ../RELENG_5_0/crypto/openssl/doc/crypto/DH_generate_parameters.pod
+*** crypto/openssl/doc/crypto/DH_generate_parameters.pod	Thu Apr 13 02:31:32 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/DH_generate_parameters.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DH_free(3)|DH_free(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+! L<DH_free(3)|DH_free(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DH_new.pod ../RELENG_5_0/crypto/openssl/doc/crypto/DH_new.pod
+*** crypto/openssl/doc/crypto/DH_new.pod	Thu Apr 13 02:31:32 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/DH_new.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 29,35 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<err(3)|err(3)>,
+  L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+  L<DH_generate_key(3)|DH_generate_key(3)>
+  
+--- 29,35 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+  L<DH_generate_parameters(3)|DH_generate_parameters(3)>,
+  L<DH_generate_key(3)|DH_generate_key(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_SIG_new.pod ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_SIG_new.pod
+*** crypto/openssl/doc/crypto/DSA_SIG_new.pod	Thu Apr 13 02:31:32 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_SIG_new.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 30,36 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+  
+--- 30,37 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+! L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_do_sign.pod ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_do_sign.pod
+*** crypto/openssl/doc/crypto/DSA_do_sign.pod	Thu Apr 13 02:31:33 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_do_sign.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 36,42 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+  L<DSA_sign(3)|DSA_sign(3)>
+  
+--- 36,42 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_SIG_new(3)|DSA_SIG_new(3)>,
+  L<DSA_sign(3)|DSA_sign(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_dup_DH.pod ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_dup_DH.pod
+*** crypto/openssl/doc/crypto/DSA_dup_DH.pod	Thu Apr 13 02:31:33 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_dup_DH.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 27,33 ****
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 27,33 ----
+  
+  =head1 SEE ALSO
+  
+! L<dh(3)|dh(3)>, L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_key.pod ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_generate_key.pod
+*** crypto/openssl/doc/crypto/DSA_generate_key.pod	Thu Apr 13 02:31:33 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_generate_key.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 24,30 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+  
+  =head1 HISTORY
+  
+--- 24,31 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+! L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_generate_parameters.pod ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_generate_parameters.pod
+*** crypto/openssl/doc/crypto/DSA_generate_parameters.pod	Thu Apr 13 02:31:33 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_generate_parameters.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 90,96 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_free(3)|DSA_free(3)>
+  
+  =head1 HISTORY
+--- 90,96 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_free(3)|DSA_free(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_new.pod ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_new.pod
+*** crypto/openssl/doc/crypto/DSA_new.pod	Thu Apr 13 02:31:33 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_new.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 30,36 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>,
+  L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+  L<DSA_generate_key(3)|DSA_generate_key(3)>
+  
+--- 30,36 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+  L<DSA_generate_parameters(3)|DSA_generate_parameters(3)>,
+  L<DSA_generate_key(3)|DSA_generate_key(3)>
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/DSA_sign.pod ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_sign.pod
+*** crypto/openssl/doc/crypto/DSA_sign.pod	Thu Apr 13 02:31:33 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/DSA_sign.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 55,61 ****
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>,
+  L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+--- 55,61 ----
+  
+  =head1 SEE ALSO
+  
+! L<dsa(3)|dsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>,
+  L<DSA_do_sign(3)|DSA_do_sign(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/EVP_SealInit.pod ../RELENG_5_0/crypto/openssl/doc/crypto/EVP_SealInit.pod
+*** crypto/openssl/doc/crypto/EVP_SealInit.pod	Sun Nov 12 20:02:08 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/EVP_SealInit.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 12,18 ****
+  		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+   int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl, unsigned char *in, int inl);
+!  int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl);
+  
+  =head1 DESCRIPTION
+--- 12,18 ----
+  		int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+   int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl, unsigned char *in, int inl);
+!  void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+           int *outl);
+  
+  =head1 DESCRIPTION
+***************
+*** 43,50 ****
+  
+  EVP_SealInit() returns 0 on error or B<npubk> if successful.
+  
+! EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for
+! failure.
+  
+  =head1 NOTES
+  
+--- 43,49 ----
+  
+  EVP_SealInit() returns 0 on error or B<npubk> if successful.
+  
+! EVP_SealUpdate() returns 1 for success and 0 for failure.
+  
+  =head1 NOTES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RAND_bytes.pod ../RELENG_5_0/crypto/openssl/doc/crypto/RAND_bytes.pod
+*** crypto/openssl/doc/crypto/RAND_bytes.pod	Thu Apr 13 02:31:37 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/RAND_bytes.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 35,41 ****
+  
+  =head1 SEE ALSO
+  
+! L<rand(3)|rand(3)>, L<err(3)|err(3)>, L<RAND_add(3)|RAND_add(3)>
+  
+  =head1 HISTORY
+  
+--- 35,42 ----
+  
+  =head1 SEE ALSO
+  
+! L<rand(3)|rand(3)>, L<ERR_get_error(3)|ERR_get_error(3)>,
+! L<RAND_add(3)|RAND_add(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_check_key.pod ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_check_key.pod
+*** crypto/openssl/doc/crypto/RSA_check_key.pod	Tue Jul 30 09:37:58 2002
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_check_key.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 39,45 ****
+  
+  =head1 SEE ALSO
+  
+! L<rsa(3)|rsa(3)>, L<err(3)|err(3)>
+  
+  =head1 HISTORY
+  
+--- 39,45 ----
+  
+  =head1 SEE ALSO
+  
+! L<rsa(3)|rsa(3)>, L<ERR_get_error(3)|ERR_get_error(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_generate_key.pod ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_generate_key.pod
+*** crypto/openssl/doc/crypto/RSA_generate_key.pod	Tue Jul 30 08:44:02 2002
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_generate_key.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_free(3)|RSA_free(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_free(3)|RSA_free(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_print.pod ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_print.pod
+*** crypto/openssl/doc/crypto/RSA_print.pod	Sun Nov 12 20:02:10 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_print.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 2,10 ****
+  
+  =head1 NAME
+  
+! RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
+! DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic
+! parameters
+  
+  =head1 SYNOPSIS
+  
+--- 2,10 ----
+  
+  =head1 NAME
+  
+! RSA_print, RSA_print_fp,
+! DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+! DHparams_print, DHparams_print_fp - print cryptographic parameters
+  
+  =head1 SYNOPSIS
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_private_encrypt.pod ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_private_encrypt.pod
+*** crypto/openssl/doc/crypto/RSA_private_encrypt.pod	Thu Apr 13 02:31:37 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_private_encrypt.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 59,65 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+  
+--- 59,66 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_sign(3)|RSA_sign(3)>, L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_public_encrypt.pod ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_public_encrypt.pod
+*** crypto/openssl/doc/crypto/RSA_public_encrypt.pod	Sun Nov 12 20:02:13 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_public_encrypt.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 72,78 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)>
+  
+  =head1 NOTES
+  
+--- 72,79 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_size(3)|RSA_size(3)>
+  
+  =head1 NOTES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign.pod ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_sign.pod
+*** crypto/openssl/doc/crypto/RSA_sign.pod	Thu Apr 13 02:31:40 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_sign.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 50,57 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rsa(3)|rsa(3)>,
+! L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+  L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+  
+  =head1 HISTORY
+--- 50,57 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+! L<rsa(3)|rsa(3)>, L<RSA_private_encrypt(3)|RSA_private_encrypt(3)>,
+  L<RSA_public_decrypt(3)|RSA_public_decrypt(3)> 
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod
+*** crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod	Thu Apr 13 02:31:40 2000
+--- ../RELENG_5_0/crypto/openssl/doc/crypto/RSA_sign_ASN1_OCTET_STRING.pod	Thu Feb 20 12:14:20 2003
+***************
+*** 47,54 ****
+  
+  =head1 SEE ALSO
+  
+! L<err(3)|err(3)>, L<objects(3)|objects(3)>, L<rand(3)|rand(3)>,
+! L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+  L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+--- 47,54 ----
+  
+  =head1 SEE ALSO
+  
+! L<ERR_get_error(3)|ERR_get_error(3)>, L<objects(3)|objects(3)>,
+! L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_sign(3)|RSA_sign(3)>,
+  L<RSA_verify(3)|RSA_verify(3)>
+  
+  =head1 HISTORY
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/openssl.txt ../RELENG_5_0/crypto/openssl/doc/openssl.txt
+*** crypto/openssl/doc/openssl.txt	Sun Nov 12 20:01:05 2000
+--- ../RELENG_5_0/crypto/openssl/doc/openssl.txt	Thu Feb 20 12:14:20 2003
+***************
+*** 344,350 ****
+  
+  Examples:
+  
+! subjectAltName=email:copy,email:my@other.address,URL:http://my.url.here/
+  subjectAltName=email:my@other.address,RID:1.2.3.4
+  
+  Issuer Alternative Name.
+--- 344,350 ----
+  
+  Examples:
+  
+! subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
+  subjectAltName=email:my@other.address,RID:1.2.3.4
+  
+  Issuer Alternative Name.
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_add_session.pod ../RELENG_5_0/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_add_session.pod	Sat Feb 17 22:17:10 2001
+--- ../RELENG_5_0/crypto/openssl/doc/ssl/SSL_CTX_add_session.pod	Thu Feb 20 12:14:21 2003
+***************
+*** 37,42 ****
+--- 37,50 ----
+  identical (the SSL_SESSION object is identical), SSL_CTX_add_session()
+  is a no-op, and the return value is 0.
+  
++ If a server SSL_CTX is configured with the SSL_SESS_CACHE_NO_INTERNAL_STORE
++ flag then the internal cache will not be populated automatically by new
++ sessions negotiated by the SSL/TLS implementation, even though the internal
++ cache will be searched automatically for session-resume requests (the
++ latter can be surpressed by SSL_SESS_CACHE_NO_INTERNAL_LOOKUP). So the
++ application can use SSL_CTX_add_session() directly to have full control
++ over the sessions that can be resumed if desired.
++ 
+  
+  =head1 RETURN VALUES
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod ../RELENG_5_0/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod	Sat Jan 26 22:12:41 2002
+--- ../RELENG_5_0/crypto/openssl/doc/ssl/SSL_CTX_set_session_cache_mode.pod	Thu Feb 20 12:14:21 2003
+***************
+*** 26,37 ****
+  object.
+  
+  In order to reuse a session, a client must send the session's id to the
+! server. It can only send exactly one id.  The server then decides whether it
+! agrees in reusing the session or starts the handshake for a new session.
+! 
+! A server will lookup up the session in its internal session storage. If
+! the session is not found in internal storage or internal storage is
+! deactivated, the server will try the external storage if available.
+  
+  Since a client may try to reuse a session intended for use in a different
+  context, the session id context must be set by the server (see
+--- 26,39 ----
+  object.
+  
+  In order to reuse a session, a client must send the session's id to the
+! server. It can only send exactly one id.  The server then either 
+! agrees to reuse the session or it starts a full handshake (to create a new
+! session).
+! 
+! A server will lookup up the session in its internal session storage. If the
+! session is not found in internal storage or lookups for the internal storage
+! have been deactivated (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP), the server will try
+! the external storage if available.
+  
+  Since a client may try to reuse a session intended for use in a different
+  context, the session id context must be set by the server (see
+***************
+*** 57,65 ****
+  =item SSL_SESS_CACHE_SERVER
+  
+  Server sessions are added to the session cache. When a client proposes a
+! session to be reused, the session is looked up in the internal session cache.
+! If the session is found, the server will try to reuse the session.
+! This is the default.
+  
+  =item SSL_SESS_CACHE_BOTH
+  
+--- 59,68 ----
+  =item SSL_SESS_CACHE_SERVER
+  
+  Server sessions are added to the session cache. When a client proposes a
+! session to be reused, the server looks for the corresponding session in (first)
+! the internal session cache (unless SSL_SESS_CACHE_NO_INTERNAL_LOOKUP is set),
+! then (second) in the external cache if available. If the session is found, the
+! server will try to reuse the session.  This is the default.
+  
+  =item SSL_SESS_CACHE_BOTH
+  
+***************
+*** 77,88 ****
+  
+  =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+  
+! By setting this flag sessions are cached in the internal storage but
+! they are not looked up automatically. If an external session cache
+! is enabled, sessions are looked up in the external cache. As automatic
+! lookup only applies for SSL/TLS servers, the flag has no effect on
+  clients.
+  
+  =back
+  
+  The default mode is SSL_SESS_CACHE_SERVER.
+--- 80,111 ----
+  
+  =item SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
+  
+! By setting this flag, session-resume operations in an SSL/TLS server will not
+! automatically look up sessions in the internal cache, even if sessions are
+! automatically stored there. If external session caching callbacks are in use,
+! this flag guarantees that all lookups are directed to the external cache.
+! As automatic lookup only applies for SSL/TLS servers, the flag has no effect on
+  clients.
+  
++ =item SSL_SESS_CACHE_NO_INTERNAL_STORE
++ 
++ Depending on the presence of SSL_SESS_CACHE_CLIENT and/or SSL_SESS_CACHE_SERVER,
++ sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
++ Normally a new session is added to the internal cache as well as any external
++ session caching (callback) that is configured for the SSL_CTX. This flag will
++ prevent sessions being stored in the internal cache (though the application can
++ add them manually using L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>). Note:
++ in any SSL/TLS servers where external caching is configured, any successful
++ session lookups in the external cache (ie. for session-resume requests) would
++ normally be copied into the local cache before processing continues - this flag
++ prevents these additions to the internal cache as well.
++ 
++ =item SSL_SESS_CACHE_NO_INTERNAL
++ 
++ Enable both SSL_SESS_CACHE_NO_INTERNAL_LOOKUP and
++ SSL_SESS_CACHE_NO_INTERNAL_STORE at the same time.
++ 
++ 
+  =back
+  
+  The default mode is SSL_SESS_CACHE_SERVER.
+***************
+*** 98,108 ****
+--- 121,137 ----
+  
+  L<ssl(3)|ssl(3)>, L<SSL_set_session(3)|SSL_set_session(3)>,
+  L<SSL_session_reused(3)|SSL_session_reused(3)>,
++ L<SSL_CTX_add_session(3)|SSL_CTX_add_session(3)>,
+  L<SSL_CTX_sess_number(3)|SSL_CTX_sess_number(3)>,
+  L<SSL_CTX_sess_set_cache_size(3)|SSL_CTX_sess_set_cache_size(3)>,
+  L<SSL_CTX_sess_set_get_cb(3)|SSL_CTX_sess_set_get_cb(3)>,
+  L<SSL_CTX_set_session_id_context(3)|SSL_CTX_set_session_id_context(3)>,
+  L<SSL_CTX_set_timeout(3)|SSL_CTX_set_timeout(3)>,
+  L<SSL_CTX_flush_sessions(3)|SSL_CTX_flush_sessions(3)>
++ 
++ =head1 HISTORY
++ 
++ SSL_SESS_CACHE_NO_INTERNAL_STORE and SSL_SESS_CACHE_NO_INTERNAL
++ were introduced in OpenSSL 0.9.6h.
+  
+  =cut
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod ../RELENG_5_0/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod
+*** crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	Sat Jan 26 22:12:42 2002
+--- ../RELENG_5_0/crypto/openssl/doc/ssl/SSL_CTX_set_verify.pod	Thu Feb 20 12:14:21 2003
+***************
+*** 235,241 ****
+       * At this point, err contains the last verification error. We can use
+       * it for something special
+       */
+!     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
+      {
+        X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+        printf("issuer= %s\n", buf);
+--- 235,241 ----
+       * At this point, err contains the last verification error. We can use
+       * it for something special
+       */
+!     if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
+      {
+        X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+        printf("issuer= %s\n", buf);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/doc/ssl/ssl.pod ../RELENG_5_0/crypto/openssl/doc/ssl/ssl.pod
+*** crypto/openssl/doc/ssl/ssl.pod	Tue Jul 30 09:38:00 2002
+--- ../RELENG_5_0/crypto/openssl/doc/ssl/ssl.pod	Thu Feb 20 12:14:21 2003
+***************
+*** 347,353 ****
+  
+  long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+  
+! The same as L<"SSL_CTX_set_tmp_rsa_callback">, except it operates on an SSL
+  session instead of a context.
+  
+  =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+--- 347,353 ----
+  
+  long B<SSL_set_tmp_rsa_callback>(SSL *ssl, RSA *(*cb)(SSL *ssl, int export, int keylength));
+  
+! The same as B<SSL_CTX_set_tmp_rsa_callback>, except it operates on an SSL
+  session instead of a context.
+  
+  =item void B<SSL_CTX_set_verify>(SSL_CTX *ctx, int mode, int (*cb);(void))
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/e_os.h ../RELENG_5_0/crypto/openssl/e_os.h
+*** crypto/openssl/e_os.h	Tue Jul 30 09:37:25 2002
+--- ../RELENG_5_0/crypto/openssl/e_os.h	Thu Feb 20 12:14:10 2003
+***************
+*** 219,228 ****
+  #    define _kbhit kbhit
+  #  endif
+  
+! #  if defined(WIN16) && !defined(MONOLITH) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+! #    define EXIT(n) { if (n == 0) _wsetexit(_WINEXITNOPERSIST); return(n); }
+  #  else
+! #    define EXIT(n)		return(n);
+  #  endif
+  #  define LIST_SEPARATOR_CHAR ';'
+  #  ifndef X_OK
+--- 219,229 ----
+  #    define _kbhit kbhit
+  #  endif
+  
+! #  if defined(WIN16) && defined(SSLEAY) && defined(_WINEXITNOPERSIST)
+! #    define EXIT(n) _wsetexit(_WINEXITNOPERSIST)
+! #    define OPENSSL_EXIT(n) do { if (n == 0) EXIT(n); return(n); } while(0)
+  #  else
+! #    define EXIT(n) return(n)
+  #  endif
+  #  define LIST_SEPARATOR_CHAR ';'
+  #  ifndef X_OK
+***************
+*** 275,292 ****
+       the status is tagged as an error, which I believe is what is wanted here.
+       -- Richard Levitte
+    */
+! #    if !defined(MONOLITH) || defined(OPENSSL_C)
+! #      define EXIT(n)		do { int __VMS_EXIT = n; \
+                                       if (__VMS_EXIT == 0) \
+  				       __VMS_EXIT = 1; \
+  				     else \
+  				       __VMS_EXIT = (n << 3) | 2; \
+                                       __VMS_EXIT |= 0x10000000; \
+! 				     exit(__VMS_EXIT); \
+! 				     return(__VMS_EXIT); } while(0)
+! #    else
+! #      define EXIT(n)		return(n)
+! #    endif
+  #    define NO_SYS_PARAM_H
+  #  else
+       /* !defined VMS */
+--- 276,288 ----
+       the status is tagged as an error, which I believe is what is wanted here.
+       -- Richard Levitte
+    */
+! #    define EXIT(n)		do { int __VMS_EXIT = n; \
+                                       if (__VMS_EXIT == 0) \
+  				       __VMS_EXIT = 1; \
+  				     else \
+  				       __VMS_EXIT = (n << 3) | 2; \
+                                       __VMS_EXIT |= 0x10000000; \
+! 				     exit(__VMS_EXIT); } while(0)
+  #    define NO_SYS_PARAM_H
+  #  else
+       /* !defined VMS */
+***************
+*** 317,327 ****
+  #    define RFILE		".rnd"
+  #    define LIST_SEPARATOR_CHAR ':'
+  #    define NUL_DEV		"/dev/null"
+! #    ifndef MONOLITH
+! #      define EXIT(n)		exit(n); return(n)
+! #    else
+! #      define EXIT(n)		return(n)
+! #    endif
+  #  endif
+  
+  #  define SSLeay_getpid()	getpid()
+--- 313,319 ----
+  #    define RFILE		".rnd"
+  #    define LIST_SEPARATOR_CHAR ':'
+  #    define NUL_DEV		"/dev/null"
+! #    define EXIT(n)		exit(n)
+  #  endif
+  
+  #  define SSLeay_getpid()	getpid()
+***************
+*** 439,444 ****
+--- 431,444 ----
+  extern char *sys_errlist[]; extern int sys_nerr;
+  # define strerror(errnum) \
+  	(((errnum)<0 || (errnum)>=sys_nerr) ? NULL : sys_errlist[errnum])
++ #endif
++ 
++ #ifndef OPENSSL_EXIT
++ # if defined(MONOLITH) && !defined(OPENSSL_C)
++ #  define OPENSSL_EXIT(n) return(n)
++ # else
++ #  define OPENSSL_EXIT(n) do { EXIT(n); return(n); } while(0)
++ # endif
+  #endif
+  
+  /***********************************************/
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/openssl.spec ../RELENG_5_0/crypto/openssl/openssl.spec
+*** crypto/openssl/openssl.spec	Fri Aug  9 21:47:55 2002
+--- ../RELENG_5_0/crypto/openssl/openssl.spec	Thu Feb 20 12:14:10 2003
+***************
+*** 1,7 ****
+  %define libmaj 0
+  %define libmin 9
+  %define librel 6
+! %define librev g
+  Release: 1
+  
+  %define openssldir /var/ssl
+--- 1,7 ----
+  %define libmaj 0
+  %define libmin 9
+  %define librel 6
+! %define librev i
+  Release: 1
+  
+  %define openssldir /var/ssl
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/Makefile.ssl ../RELENG_5_0/crypto/openssl/ssl/Makefile.ssl
+*** crypto/openssl/ssl/Makefile.ssl	Tue Jul 30 09:38:00 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/Makefile.ssl	Thu Feb 20 12:14:21 2003
+***************
+*** 84,90 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 84,90 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_clnt.c ../RELENG_5_0/crypto/openssl/ssl/s23_clnt.c
+*** crypto/openssl/ssl/s23_clnt.c	Sat Jan 26 22:17:13 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s23_clnt.c	Thu Feb 20 12:14:21 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_clnt.c,v 1.6 2002/01/27 03:17:13 kris Exp $
+   */
+  
+  #include <stdio.h>
+--- 54,59 ----
+***************
+*** 89,106 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_client_data,
+! 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 		SSLv23_client_data.ssl_connect=ssl23_connect;
+! 		SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_client_data);
+  	}
+  
+  int ssl23_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf;
+  	unsigned long Time=time(NULL);
+  	void (*cb)()=NULL;
+  	int ret= -1;
+--- 87,111 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_client_data,
+! 				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 			SSLv23_client_data.ssl_connect=ssl23_connect;
+! 			SSLv23_client_data.get_ssl_method=ssl23_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_client_data);
+  	}
+  
+  int ssl23_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf=NULL;
+  	unsigned long Time=time(NULL);
+  	void (*cb)()=NULL;
+  	int ret= -1;
+***************
+*** 154,159 ****
+--- 159,165 ----
+  					goto end;
+  					}
+  				s->init_buf=buf;
++ 				buf=NULL;
+  				}
+  
+  			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+***************
+*** 202,207 ****
+--- 208,215 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL)
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_lib.c ../RELENG_5_0/crypto/openssl/ssl/s23_lib.c
+*** crypto/openssl/ssl/s23_lib.c	Sat May 19 23:17:35 2001
+--- ../RELENG_5_0/crypto/openssl/ssl/s23_lib.c	Thu Feb 20 12:14:21 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_lib.c,v 1.5 2001/05/20 03:17:35 kris Exp $
+   */
+  
+  #include <stdio.h>
+--- 54,59 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_meth.c ../RELENG_5_0/crypto/openssl/ssl/s23_meth.c
+*** crypto/openssl/ssl/s23_meth.c	Sat May 19 23:06:59 2001
+--- ../RELENG_5_0/crypto/openssl/ssl/s23_meth.c	Thu Feb 20 12:14:21 2003
+***************
+*** 80,91 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv23_data.ssl_connect=ssl23_connect;
+! 		SSLv23_data.ssl_accept=ssl23_accept;
+! 		SSLv23_data.get_ssl_method=ssl23_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_data);
+  	}
+--- 80,98 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_data,(char *)sslv23_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv23_data.ssl_connect=ssl23_connect;
+! 			SSLv23_data.ssl_accept=ssl23_accept;
+! 			SSLv23_data.get_ssl_method=ssl23_get_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s23_srvr.c ../RELENG_5_0/crypto/openssl/ssl/s23_srvr.c
+*** crypto/openssl/ssl/s23_srvr.c	Sat Jan 26 22:17:13 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s23_srvr.c	Thu Feb 20 12:14:21 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s23_srvr.c,v 1.6 2002/01/27 03:17:13 kris Exp $
+   */
+  /* ====================================================================
+   * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
+--- 54,59 ----
+***************
+*** 141,151 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv23_server_data,
+! 			(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 		SSLv23_server_data.ssl_accept=ssl23_accept;
+! 		SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv23_server_data);
+  	}
+--- 139,156 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv23_server_data,
+! 				(char *)sslv23_base_method(),sizeof(SSL_METHOD));
+! 			SSLv23_server_data.ssl_accept=ssl23_accept;
+! 			SSLv23_server_data.get_ssl_method=ssl23_get_server_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv23_server_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_clnt.c ../RELENG_5_0/crypto/openssl/ssl/s2_clnt.c
+*** crypto/openssl/ssl/s2_clnt.c	Fri Aug  9 21:50:50 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s2_clnt.c	Thu Feb 20 12:14:21 2003
+***************
+*** 146,156 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_client_data.ssl_connect=ssl2_connect;
+! 		SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_client_data);
+  	}
+--- 145,162 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_client_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_client_data.ssl_connect=ssl2_connect;
+! 			SSLv2_client_data.get_ssl_method=ssl2_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_client_data);
+  	}
+***************
+*** 202,211 ****
+--- 208,220 ----
+  			if (!BUF_MEM_grow(buf,
+  				SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER))
+  				{
++ 				if (buf == s->init_buf)
++ 					buf=NULL;
+  				ret= -1;
+  				goto end;
+  				}
+  			s->init_buf=buf;
++ 			buf=NULL;
+  			s->init_num=0;
+  			s->state=SSL2_ST_SEND_CLIENT_HELLO_A;
+  			s->ctx->stats.sess_connect++;
+***************
+*** 332,337 ****
+--- 341,348 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL) 
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+***************
+*** 746,753 ****
+  	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
+  		{
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),
+! 			SSL2_MAX_CERT_CHALLENGE_LENGTH+1-s->init_num);
+! 		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+1-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+  		s->init_num += i;
+  
+--- 757,764 ----
+  	if (s->state == SSL2_ST_SEND_CLIENT_CERTIFICATE_A)
+  		{
+  		i=ssl2_read(s,(char *)&(buf[s->init_num]),
+! 			SSL2_MAX_CERT_CHALLENGE_LENGTH+2-s->init_num);
+! 		if (i<(SSL2_MIN_CERT_CHALLENGE_LENGTH+2-s->init_num))
+  			return(ssl2_part_read(s,SSL_F_CLIENT_CERTIFICATE,i));
+  		s->init_num += i;
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_enc.c ../RELENG_5_0/crypto/openssl/ssl/s2_enc.c
+*** crypto/openssl/ssl/s2_enc.c	Fri Aug  9 21:50:50 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s2_enc.c	Thu Feb 20 12:14:21 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_enc.c,v 1.7 2002/08/10 01:50:50 nectar Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_lib.c ../RELENG_5_0/crypto/openssl/ssl/s2_lib.c
+*** crypto/openssl/ssl/s2_lib.c	Fri Aug  9 21:50:50 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s2_lib.c	Thu Feb 20 12:14:21 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_lib.c,v 1.8 2002/08/10 01:50:50 nectar Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+***************
+*** 309,315 ****
+  	s2=s->s2;
+  	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+  	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+! 	memset(s2,0,sizeof *s2);
+  	OPENSSL_free(s2);
+  	s->s2=NULL;
+  	}
+--- 307,313 ----
+  	s2=s->s2;
+  	if (s2->rbuf != NULL) OPENSSL_free(s2->rbuf);
+  	if (s2->wbuf != NULL) OPENSSL_free(s2->wbuf);
+! 	OPENSSL_cleanse(s2,sizeof *s2);
+  	OPENSSL_free(s2);
+  	s->s2=NULL;
+  	}
+***************
+*** 378,392 ****
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		for (i=0; i<SSL2_NUM_CIPHERS; i++)
+! 			sorted[i]= &(ssl2_ciphers[i]);
+! 
+! 		qsort(  (char *)sorted,
+! 			SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 			FP_ICC ssl_cipher_ptr_id_cmp);
+! 
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+- 		init=0;
+  		}
+  
+  	id=0x02000000L|((unsigned long)p[0]<<16L)|
+--- 376,394 ----
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		if (init)
+! 			{
+! 			for (i=0; i<SSL2_NUM_CIPHERS; i++)
+! 				sorted[i]= &(ssl2_ciphers[i]);
+! 
+! 			qsort((char *)sorted,
+! 				SSL2_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 				FP_ICC ssl_cipher_ptr_id_cmp);
+! 
+! 			init=0;
+! 			}
+! 			
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+  		}
+  
+  	id=0x02000000L|((unsigned long)p[0]<<16L)|
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_meth.c ../RELENG_5_0/crypto/openssl/ssl/s2_meth.c
+*** crypto/openssl/ssl/s2_meth.c	Sun Jul 16 01:52:39 2000
+--- ../RELENG_5_0/crypto/openssl/ssl/s2_meth.c	Thu Feb 20 12:14:21 2003
+***************
+*** 54,61 ****
+   * derivative of this code cannot be changed.  i.e. this code cannot simply be
+   * copied and put under another distribution licence
+   * [including the GNU Public Licence.]
+-  *
+-  * $FreeBSD: src/crypto/openssl/ssl/s2_meth.c,v 1.4 2000/07/16 05:52:39 peter Exp $
+   */
+  
+  #include "ssl_locl.h"
+--- 54,59 ----
+***************
+*** 79,90 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_data.ssl_connect=ssl2_connect;
+! 		SSLv2_data.ssl_accept=ssl2_accept;
+! 		SSLv2_data.get_ssl_method=ssl2_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_data);
+  	}
+--- 77,95 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_data.ssl_connect=ssl2_connect;
+! 			SSLv2_data.ssl_accept=ssl2_accept;
+! 			SSLv2_data.get_ssl_method=ssl2_get_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s2_srvr.c ../RELENG_5_0/crypto/openssl/ssl/s2_srvr.c
+*** crypto/openssl/ssl/s2_srvr.c	Fri Aug  9 21:50:50 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s2_srvr.c	Thu Feb 20 12:14:21 2003
+***************
+*** 146,156 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv2_server_data.ssl_accept=ssl2_accept;
+! 		SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv2_server_data);
+  	}
+--- 145,162 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv2_server_data,(char *)sslv2_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv2_server_data.ssl_accept=ssl2_accept;
+! 			SSLv2_server_data.get_ssl_method=ssl2_get_server_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv2_server_data);
+  	}
+***************
+*** 1002,1008 ****
+  	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+  		{
+! 		SSLerr(SSL_F_GET_CLIENT_MASTER_KEY,SSL_R_MESSAGE_TOO_LONG);
+  		goto end;
+  		}
+  	j = (int)len - s->init_num;
+--- 1008,1014 ----
+  	len = 6 + (unsigned long)s->s2->tmp.clen + (unsigned long)s->s2->tmp.rlen;
+  	if (len > SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER)
+  		{
+! 		SSLerr(SSL_F_REQUEST_CERTIFICATE,SSL_R_MESSAGE_TOO_LONG);
+  		goto end;
+  		}
+  	j = (int)len - s->init_num;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_clnt.c ../RELENG_5_0/crypto/openssl/ssl/s3_clnt.c
+*** crypto/openssl/ssl/s3_clnt.c	Fri Aug  9 21:45:56 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s3_clnt.c	Thu Feb 20 12:14:21 2003
+***************
+*** 146,163 ****
+  
+  	if (init)
+  		{
+! 		init=0;
+! 		memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_client_data.ssl_connect=ssl3_connect;
+! 		SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+  		}
+  	return(&SSLv3_client_data);
+  	}
+  
+  int ssl3_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf;
+  	unsigned long Time=time(NULL),l;
+  	long num1;
+  	void (*cb)()=NULL;
+--- 146,170 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_client_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_client_data.ssl_connect=ssl3_connect;
+! 			SSLv3_client_data.get_ssl_method=ssl3_get_client_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_client_data);
+  	}
+  
+  int ssl3_connect(SSL *s)
+  	{
+! 	BUF_MEM *buf=NULL;
+  	unsigned long Time=time(NULL),l;
+  	long num1;
+  	void (*cb)()=NULL;
+***************
+*** 218,223 ****
+--- 225,231 ----
+  					goto end;
+  					}
+  				s->init_buf=buf;
++ 				buf=NULL;
+  				}
+  
+  			if (!ssl3_setup_buffers(s)) { ret= -1; goto end; }
+***************
+*** 496,501 ****
+--- 504,511 ----
+  		}
+  end:
+  	s->in_handshake--;
++ 	if (buf != NULL)
++ 		BUF_MEM_free(buf);
+  	if (cb != NULL)
+  		cb(s,SSL_CB_CONNECT_EXIT,ret);
+  	return(ret);
+***************
+*** 632,654 ****
+  	/* get the session-id */
+  	j= *(p++);
+  
+!        if(j > sizeof s->session->session_id)
+!                {
+!                al=SSL_AD_ILLEGAL_PARAMETER;
+!                SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,
+!                       SSL_R_SSL3_SESSION_ID_TOO_LONG);
+!                goto f_err;
+!                }
+! 
+! 	if ((j != 0) && (j != SSL3_SESSION_ID_SIZE))
+  		{
+! 		/* SSLref returns 16 :-( */
+! 		if (j < SSL2_SSL_SESSION_ID_LENGTH)
+! 			{
+! 			al=SSL_AD_ILLEGAL_PARAMETER;
+! 			SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT);
+! 			goto f_err;
+! 			}
+  		}
+  	if (j != 0 && j == s->session->session_id_length
+  	    && memcmp(p,s->session->session_id,j) == 0)
+--- 642,652 ----
+  	/* get the session-id */
+  	j= *(p++);
+  
+! 	if ((j > sizeof s->session->session_id) || (j > SSL3_SESSION_ID_SIZE))
+  		{
+! 		al=SSL_AD_ILLEGAL_PARAMETER;
+! 		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_LONG);
+! 		goto f_err;
+  		}
+  	if (j != 0 && j == s->session->session_id_length
+  	    && memcmp(p,s->session->session_id,j) == 0)
+***************
+*** 656,661 ****
+--- 654,660 ----
+  	    if(s->sid_ctx_length != s->session->sid_ctx_length
+  	       || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length))
+  		{
++ 		/* actually a client application bug */
+  		al=SSL_AD_ILLEGAL_PARAMETER;
+  		SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
+  		goto f_err;
+***************
+*** 699,705 ****
+  		goto f_err;
+  		}
+  
+! 	if (s->hit && (s->session->cipher != c))
+  		{
+  		if (!(s->options &
+  			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+--- 698,709 ----
+  		goto f_err;
+  		}
+  
+! 	/* Depending on the session caching (internal/external), the cipher
+! 	   and/or cipher_id values may not be set. Make sure that
+! 	   cipher_id is set and use it for comparison. */
+! 	if (s->session->cipher)
+! 		s->session->cipher_id = s->session->cipher->id;
+! 	if (s->hit && (s->session->cipher_id != c->id))
+  		{
+  		if (!(s->options &
+  			SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG))
+***************
+*** 1460,1466 ****
+  				s->method->ssl3_enc->generate_master_secret(s,
+  					s->session->master_key,
+  					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+! 			memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH);
+  			}
+  		else
+  #endif
+--- 1464,1470 ----
+  				s->method->ssl3_enc->generate_master_secret(s,
+  					s->session->master_key,
+  					tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+! 			OPENSSL_cleanse(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH);
+  			}
+  		else
+  #endif
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_enc.c ../RELENG_5_0/crypto/openssl/ssl/s3_enc.c
+*** crypto/openssl/ssl/s3_enc.c	Tue Jul 30 09:38:01 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s3_enc.c	Thu Feb 20 12:14:21 2003
+***************
+*** 174,180 ****
+  
+  		km+=MD5_DIGEST_LENGTH;
+  		}
+! 	memset(smd,0,SHA_DIGEST_LENGTH);
+  	}
+  
+  int ssl3_change_cipher_state(SSL *s, int which)
+--- 174,180 ----
+  
+  		km+=MD5_DIGEST_LENGTH;
+  		}
+! 	OPENSSL_cleanse(smd,SHA_DIGEST_LENGTH);
+  	}
+  
+  int ssl3_change_cipher_state(SSL *s, int which)
+***************
+*** 318,325 ****
+  
+  	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+  
+! 	memset(&(exp_key[0]),0,sizeof(exp_key));
+! 	memset(&(exp_iv[0]),0,sizeof(exp_iv));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+--- 318,325 ----
+  
+  	EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE));
+  
+! 	OPENSSL_cleanse(&(exp_key[0]),sizeof(exp_key));
+! 	OPENSSL_cleanse(&(exp_iv[0]),sizeof(exp_iv));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_SSL3_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+***************
+*** 390,396 ****
+  	{
+  	if (s->s3->tmp.key_block != NULL)
+  		{
+! 		memset(s->s3->tmp.key_block,0,
+  			s->s3->tmp.key_block_length);
+  		OPENSSL_free(s->s3->tmp.key_block);
+  		s->s3->tmp.key_block=NULL;
+--- 390,396 ----
+  	{
+  	if (s->s3->tmp.key_block != NULL)
+  		{
+! 		OPENSSL_cleanse(s->s3->tmp.key_block,
+  			s->s3->tmp.key_block_length);
+  		OPENSSL_free(s->s3->tmp.key_block);
+  		s->s3->tmp.key_block=NULL;
+***************
+*** 456,461 ****
+--- 456,462 ----
+  				ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED);
+  				return 0;
+  				}
++ 			/* otherwise, rec->length >= bs */
+  			}
+  		
+  		EVP_Cipher(ds,rec->data,rec->input,l);
+***************
+*** 464,470 ****
+  			{
+  			i=rec->data[l-1]+1;
+  			/* SSL 3.0 bounds the number of padding bytes by the block size;
+! 			 * padding bytes (except that last) are arbitrary */
+  			if (i > bs)
+  				{
+  				/* Incorrect padding. SSLerr() and ssl3_alert are done
+--- 465,471 ----
+  			{
+  			i=rec->data[l-1]+1;
+  			/* SSL 3.0 bounds the number of padding bytes by the block size;
+! 			 * padding bytes (except the last one) are arbitrary */
+  			if (i > bs)
+  				{
+  				/* Incorrect padding. SSLerr() and ssl3_alert are done
+***************
+*** 473,478 ****
+--- 474,480 ----
+  				 * (see http://www.openssl.org/~bodo/tls-cbc.txt) */
+  				return -1;
+  				}
++ 			/* now i <= bs <= rec->length */
+  			rec->length-=i;
+  			}
+  		}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_lib.c ../RELENG_5_0/crypto/openssl/ssl/s3_lib.c
+*** crypto/openssl/ssl/s3_lib.c	Tue Jul 30 09:38:01 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s3_lib.c	Thu Feb 20 12:14:21 2003
+***************
+*** 732,738 ****
+  #endif
+  	if (s->s3->tmp.ca_names != NULL)
+  		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+! 	memset(s->s3,0,sizeof *s->s3);
+  	OPENSSL_free(s->s3);
+  	s->s3=NULL;
+  	}
+--- 732,738 ----
+  #endif
+  	if (s->s3->tmp.ca_names != NULL)
+  		sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free);
+! 	OPENSSL_cleanse(s->s3,sizeof *s->s3);
+  	OPENSSL_free(s->s3);
+  	s->s3=NULL;
+  	}
+***************
+*** 1084,1099 ****
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		for (i=0; i<SSL3_NUM_CIPHERS; i++)
+! 			sorted[i]= &(ssl3_ciphers[i]);
+  
+! 		qsort(	(char *)sorted,
+! 			SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 			FP_ICC ssl_cipher_ptr_id_cmp);
+  
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+- 
+- 		init=0;
+  		}
+  
+  	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
+--- 1084,1102 ----
+  		{
+  		CRYPTO_w_lock(CRYPTO_LOCK_SSL);
+  
+! 		if (init)
+! 			{
+! 			for (i=0; i<SSL3_NUM_CIPHERS; i++)
+! 				sorted[i]= &(ssl3_ciphers[i]);
+  
+! 			qsort(sorted,
+! 				SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *),
+! 				FP_ICC ssl_cipher_ptr_id_cmp);
+  
++ 			init=0;
++ 			}
++ 		
+  		CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
+  		}
+  
+  	id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1];
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_meth.c ../RELENG_5_0/crypto/openssl/ssl/s3_meth.c
+*** crypto/openssl/ssl/s3_meth.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_5_0/crypto/openssl/ssl/s3_meth.c	Thu Feb 20 12:14:21 2003
+***************
+*** 76,87 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_data.ssl_connect=ssl3_connect;
+! 		SSLv3_data.ssl_accept=ssl3_accept;
+! 		SSLv3_data.get_ssl_method=ssl3_get_method;
+! 		init=0;
+  		}
+  	return(&SSLv3_data);
+  	}
+--- 76,94 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_data.ssl_connect=ssl3_connect;
+! 			SSLv3_data.ssl_accept=ssl3_accept;
+! 			SSLv3_data.get_ssl_method=ssl3_get_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_pkt.c ../RELENG_5_0/crypto/openssl/ssl/s3_pkt.c
+*** crypto/openssl/ssl/s3_pkt.c	Tue Jul 30 08:44:07 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s3_pkt.c	Thu Feb 20 12:14:21 2003
+***************
+*** 238,243 ****
+--- 238,245 ----
+  	unsigned int mac_size;
+  	int clear=0;
+  	size_t extra;
++ 	int decryption_failed_or_bad_record_mac = 0;
++ 	unsigned char *mac = NULL;
+  
+  	rr= &(s->s3->rrec);
+  	sess=s->session;
+***************
+*** 353,360 ****
+  			/* SSLerr() and ssl3_send_alert() have been called */
+  			goto err;
+  
+! 		/* otherwise enc_err == -1 */
+! 		goto decryption_failed_or_bad_record_mac;
+  		}
+  
+  #ifdef TLS_DEBUG
+--- 355,365 ----
+  			/* SSLerr() and ssl3_send_alert() have been called */
+  			goto err;
+  
+! 		/* Otherwise enc_err == -1, which indicates bad padding
+! 		 * (rec->length has not been changed in this case).
+! 		 * To minimize information leaked via timing, we will perform
+! 		 * the MAC computation anyway. */
+! 		decryption_failed_or_bad_record_mac = 1;
+  		}
+  
+  #ifdef TLS_DEBUG
+***************
+*** 380,407 ****
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  #else
+! 			goto decryption_failed_or_bad_record_mac;
+  #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length < mac_size)
+  			{
+  #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  #else
+! 			goto decryption_failed_or_bad_record_mac;
+  #endif
+  			}
+- 		rr->length-=mac_size;
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0)
+  			{
+! 			goto decryption_failed_or_bad_record_mac;
+  			}
+  		}
+  
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+--- 385,430 ----
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG);
+  			goto f_err;
+  #else
+! 			decryption_failed_or_bad_record_mac = 1;
+  #endif			
+  			}
+  		/* check the MAC for rr->input (it's in mac_size bytes at the tail) */
+! 		if (rr->length >= mac_size)
+  			{
++ 			rr->length -= mac_size;
++ 			mac = &rr->data[rr->length];
++ 			}
++ 		else
++ 			{
++ 			/* record (minus padding) is too short to contain a MAC */
+  #if 0 /* OK only for stream ciphers */
+  			al=SSL_AD_DECODE_ERROR;
+  			SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT);
+  			goto f_err;
+  #else
+! 			decryption_failed_or_bad_record_mac = 1;
+! 			rr->length = 0;
+  #endif
+  			}
+  		i=s->method->ssl3_enc->mac(s,md,0);
+! 		if (mac == NULL || memcmp(md, mac, mac_size) != 0)
+  			{
+! 			decryption_failed_or_bad_record_mac = 1;
+  			}
+  		}
+  
++ 	if (decryption_failed_or_bad_record_mac)
++ 		{
++ 		/* A separate 'decryption_failed' alert was introduced with TLS 1.0,
++ 		 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
++ 		 * failure is directly visible from the ciphertext anyway,
++ 		 * we should not reveal which kind of error occured -- this
++ 		 * might become visible to an attacker (e.g. via a logfile) */
++ 		al=SSL_AD_BAD_RECORD_MAC;
++ 		SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
++ 		goto f_err;
++ 		}
++ 
+  	/* r->length is now just compressed */
+  	if (s->expand != NULL)
+  		{
+***************
+*** 443,456 ****
+  
+  	return(1);
+  
+- decryption_failed_or_bad_record_mac:
+- 	/* Separate 'decryption_failed' alert was introduced with TLS 1.0,
+- 	 * SSL 3.0 only has 'bad_record_mac'.  But unless a decryption
+- 	 * failure is directly visible from the ciphertext anyway,
+- 	 * we should not reveal which kind of error occured -- this
+- 	 * might become visible to an attacker (e.g. via logfile) */
+- 	al=SSL_AD_BAD_RECORD_MAC;
+- 	SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
+  f_err:
+  	ssl3_send_alert(s,SSL3_AL_FATAL,al);
+  err:
+--- 466,471 ----
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/s3_srvr.c ../RELENG_5_0/crypto/openssl/ssl/s3_srvr.c
+*** crypto/openssl/ssl/s3_srvr.c	Fri Aug  9 21:45:57 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/s3_srvr.c	Thu Feb 20 12:14:21 2003
+***************
+*** 151,161 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		SSLv3_server_data.ssl_accept=ssl3_accept;
+! 		SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+! 		init=0;
+  		}
+  	return(&SSLv3_server_data);
+  	}
+--- 151,168 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			SSLv3_server_data.ssl_accept=ssl3_accept;
+! 			SSLv3_server_data.get_ssl_method=ssl3_get_server_method;
+! 			init=0;
+! 			}
+! 			
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&SSLv3_server_data);
+  	}
+***************
+*** 1464,1470 ****
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,
+  				p,i);
+! 		memset(p,0,i);
+  		}
+  	else
+  #endif
+--- 1471,1477 ----
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,
+  				p,i);
+! 		OPENSSL_cleanse(p,i);
+  		}
+  	else
+  #endif
+***************
+*** 1527,1533 ****
+  		s->session->master_key_length=
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,p,i);
+! 		memset(p,0,i);
+  		}
+  	else
+  #endif
+--- 1534,1540 ----
+  		s->session->master_key_length=
+  			s->method->ssl3_enc->generate_master_secret(s,
+  				s->session->master_key,p,i);
+! 		OPENSSL_cleanse(p,i);
+  		}
+  	else
+  #endif
+***************
+*** 1559,1565 ****
+  		SSL3_ST_SR_CERT_VRFY_A,
+  		SSL3_ST_SR_CERT_VRFY_B,
+  		-1,
+! 		512, /* 512? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+--- 1566,1572 ----
+  		SSL3_ST_SR_CERT_VRFY_A,
+  		SSL3_ST_SR_CERT_VRFY_B,
+  		-1,
+! 		514, /* 514? */
+  		&ok);
+  
+  	if (!ok) return((int)n);
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl.h ../RELENG_5_0/crypto/openssl/ssl/ssl.h
+*** crypto/openssl/ssl/ssl.h	Fri Aug  9 21:45:57 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/ssl.h	Thu Feb 20 12:14:21 2003
+***************
+*** 551,560 ****
+  #define SSL_SESS_CACHE_SERVER			0x0002
+  #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+  #define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
+! /* This one, when set, makes the server session-id lookup not look
+!  * in the cache.  If there is an application get_session callback
+!  * defined, this will still get called. */
+  #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
+  
+    struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+  #define SSL_CTX_sess_number(ctx) \
+--- 551,561 ----
+  #define SSL_SESS_CACHE_SERVER			0x0002
+  #define SSL_SESS_CACHE_BOTH	(SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
+  #define SSL_SESS_CACHE_NO_AUTO_CLEAR		0x0080
+! /* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
+  #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP	0x0100
++ #define SSL_SESS_CACHE_NO_INTERNAL_STORE	0x0200
++ #define SSL_SESS_CACHE_NO_INTERNAL \
++ 	(SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
+  
+    struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx);
+  #define SSL_CTX_sess_number(ctx) \
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_lib.c ../RELENG_5_0/crypto/openssl/ssl/ssl_lib.c
+*** crypto/openssl/ssl/ssl_lib.c	Tue Jul 30 08:44:08 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/ssl_lib.c	Thu Feb 20 12:14:21 2003
+***************
+*** 1245,1257 ****
+  		abort(); /* ok */
+  		}
+  #endif
+  	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+  
+  	if (a->sessions != NULL)
+! 		{
+! 		SSL_CTX_flush_sessions(a,0);
+! 		lh_free(a->sessions);
+! 		}
+  	if (a->cert_store != NULL)
+  		X509_STORE_free(a->cert_store);
+  	if (a->cipher_list != NULL)
+--- 1245,1268 ----
+  		abort(); /* ok */
+  		}
+  #endif
++   
++ 	/*
++ 	 * Free internal session cache. However: the remove_cb() may reference
++ 	 * the ex_data of SSL_CTX, thus the ex_data store can only be removed
++ 	 * after the sessions were flushed.
++ 	 * As the ex_data handling routines might also touch the session cache,
++ 	 * the most secure solution seems to be: empty (flush) the cache, then
++ 	 * free ex_data, then finally free the cache.
++ 	 * (See ticket [openssl.org #212].)
++ 	 */
++   	if (a->sessions != NULL)
++   		SSL_CTX_flush_sessions(a,0);
++ 
+  	CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data);
+  
+  	if (a->sessions != NULL)
+!   		lh_free(a->sessions);
+! 
+  	if (a->cert_store != NULL)
+  		X509_STORE_free(a->cert_store);
+  	if (a->cipher_list != NULL)
+***************
+*** 1472,1478 ****
+  
+  	i=s->ctx->session_cache_mode;
+  	if ((i & mode) && (!s->hit)
+! 		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)
+  		    || SSL_CTX_add_session(s->ctx,s->session))
+  		&& (s->ctx->new_session_cb != NULL))
+  		{
+--- 1483,1489 ----
+  
+  	i=s->ctx->session_cache_mode;
+  	if ((i & mode) && (!s->hit)
+! 		&& ((i & SSL_SESS_CACHE_NO_INTERNAL_STORE)
+  		    || SSL_CTX_add_session(s->ctx,s->session))
+  		&& (s->ctx->new_session_cb != NULL))
+  		{
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssl_sess.c ../RELENG_5_0/crypto/openssl/ssl/ssl_sess.c
+*** crypto/openssl/ssl/ssl_sess.c	Fri Aug  9 21:45:58 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/ssl_sess.c	Thu Feb 20 12:14:21 2003
+***************
+*** 258,266 ****
+  			if (copy)
+  				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+  
+! 			/* The following should not return 1, otherwise,
+! 			 * things are very strange */
+! 			SSL_CTX_add_session(s->ctx,ret);
+  			}
+  		if (ret == NULL)
+  			goto err;
+--- 258,269 ----
+  			if (copy)
+  				CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION);
+  
+! 			/* Add the externally cached session to the internal
+! 			 * cache as well if and only if we are supposed to. */
+! 			if(!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE))
+! 				/* The following should not return 1, otherwise,
+! 				 * things are very strange */
+! 				SSL_CTX_add_session(s->ctx,ret);
+  			}
+  		if (ret == NULL)
+  			goto err;
+***************
+*** 474,486 ****
+  
+  	CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+  
+! 	memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH);
+! 	memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH);
+! 	memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH);
+  	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
+  	if (ss->peer != NULL) X509_free(ss->peer);
+  	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+! 	memset(ss,0,sizeof(*ss));
+  	OPENSSL_free(ss);
+  	}
+  
+--- 477,489 ----
+  
+  	CRYPTO_free_ex_data(ssl_session_meth,ss,&ss->ex_data);
+  
+! 	OPENSSL_cleanse(ss->key_arg,SSL_MAX_KEY_ARG_LENGTH);
+! 	OPENSSL_cleanse(ss->master_key,SSL_MAX_MASTER_KEY_LENGTH);
+! 	OPENSSL_cleanse(ss->session_id,SSL_MAX_SSL_SESSION_ID_LENGTH);
+  	if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert);
+  	if (ss->peer != NULL) X509_free(ss->peer);
+  	if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers);
+! 	OPENSSL_cleanse(ss,sizeof(*ss));
+  	OPENSSL_free(ss);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/ssltest.c ../RELENG_5_0/crypto/openssl/ssl/ssltest.c
+*** crypto/openssl/ssl/ssltest.c	Tue Jul 30 08:44:08 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/ssltest.c	Thu Feb 20 12:14:21 2003
+***************
+*** 224,235 ****
+  	verbose = 0;
+  	debug = 0;
+  	cipher = 0;
+! 	
+  	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+  
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+- 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
+  	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+  
+  	argc--;
+--- 224,236 ----
+  	verbose = 0;
+  	debug = 0;
+  	cipher = 0;
+! 
+! 	bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);	
+! 
+  	CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
+  
+  	RAND_seed(rnd_seed, sizeof rnd_seed);
+  
+  	bio_stdout=BIO_new_fp(stdout,BIO_NOCLOSE);
+  
+  	argc--;
+***************
+*** 247,258 ****
+  			debug=1;
+  		else if	(strcmp(*argv,"-reuse") == 0)
+  			reuse=1;
+- #ifndef NO_DH
+  		else if	(strcmp(*argv,"-dhe1024") == 0)
+  			dhe1024=1;
+  		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
+  			dhe1024dsa=1;
+  #endif
+  		else if	(strcmp(*argv,"-no_dhe") == 0)
+  			no_dhe=1;
+  		else if	(strcmp(*argv,"-ssl2") == 0)
+--- 248,269 ----
+  			debug=1;
+  		else if	(strcmp(*argv,"-reuse") == 0)
+  			reuse=1;
+  		else if	(strcmp(*argv,"-dhe1024") == 0)
++ 			{
++ #ifndef NO_DH
+  			dhe1024=1;
++ #else
++ 			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
++ #endif
++ 			}
+  		else if	(strcmp(*argv,"-dhe1024dsa") == 0)
++ 			{
++ #ifndef NO_DH
+  			dhe1024dsa=1;
++ #else
++ 			fprintf(stderr,"ignoring -dhe1024, since I'm compiled without DH\n");
+  #endif
++ 			}
+  		else if	(strcmp(*argv,"-no_dhe") == 0)
+  			no_dhe=1;
+  		else if	(strcmp(*argv,"-ssl2") == 0)
+***************
+*** 355,361 ****
+  			"the test anyway (and\n-d to see what happens), "
+  			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+  			"to avoid protocol mismatch.\n");
+! 		exit(1);
+  		}
+  
+  	if (print_time)
+--- 366,372 ----
+  			"the test anyway (and\n-d to see what happens), "
+  			"or add one of -ssl2, -ssl3, -tls1, -reuse\n"
+  			"to avoid protocol mismatch.\n");
+! 		EXIT(1);
+  		}
+  
+  	if (print_time)
+***************
+*** 620,625 ****
+--- 631,638 ----
+  			int i, r;
+  			clock_t c_clock = clock();
+  
++ 			memset(cbuf, 0, sizeof(cbuf));
++ 
+  			if (debug)
+  				if (SSL_in_init(c_ssl))
+  					printf("client waiting in SSL_connect - %s\n",
+***************
+*** 704,709 ****
+--- 717,724 ----
+  			int i, r;
+  			clock_t s_clock = clock();
+  
++ 			memset(sbuf, 0, sizeof(sbuf));
++ 
+  			if (debug)
+  				if (SSL_in_init(s_ssl))
+  					printf("server waiting in SSL_accept - %s\n",
+***************
+*** 946,951 ****
+--- 961,969 ----
+  	int done=0;
+  	int c_write,s_write;
+  	int do_server=0,do_client=0;
++ 
++ 	memset(cbuf,0,sizeof(cbuf));
++ 	memset(sbuf,0,sizeof(sbuf));
+  
+  	c_to_s=BIO_new(BIO_s_mem());
+  	s_to_c=BIO_new(BIO_s_mem());
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_clnt.c ../RELENG_5_0/crypto/openssl/ssl/t1_clnt.c
+*** crypto/openssl/ssl/t1_clnt.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_5_0/crypto/openssl/ssl/t1_clnt.c	Thu Feb 20 12:14:21 2003
+***************
+*** 79,89 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_client_data.ssl_connect=ssl3_connect;
+! 		TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_client_data);
+  	}
+--- 79,96 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_client_data.ssl_connect=ssl3_connect;
+! 			TLSv1_client_data.get_ssl_method=tls1_get_client_method;
+! 			init=0;
+! 			}
+! 		
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&TLSv1_client_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_enc.c ../RELENG_5_0/crypto/openssl/ssl/t1_enc.c
+*** crypto/openssl/ssl/t1_enc.c	Tue Jul 30 09:38:04 2002
+--- ../RELENG_5_0/crypto/openssl/ssl/t1_enc.c	Thu Feb 20 12:14:21 2003
+***************
+*** 158,164 ****
+  		}
+  	HMAC_cleanup(&ctx);
+  	HMAC_cleanup(&ctx_tmp);
+! 	memset(A1,0,sizeof(A1));
+  	}
+  
+  static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+--- 158,164 ----
+  		}
+  	HMAC_cleanup(&ctx);
+  	HMAC_cleanup(&ctx_tmp);
+! 	OPENSSL_cleanse(A1,sizeof(A1));
+  	}
+  
+  static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1,
+***************
+*** 372,381 ****
+  printf("\n");
+  #endif
+  
+! 	memset(tmp1,0,sizeof(tmp1));
+! 	memset(tmp2,0,sizeof(tmp1));
+! 	memset(iv1,0,sizeof(iv1));
+! 	memset(iv2,0,sizeof(iv2));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+--- 372,381 ----
+  printf("\n");
+  #endif
+  
+! 	OPENSSL_cleanse(tmp1,sizeof(tmp1));
+! 	OPENSSL_cleanse(tmp2,sizeof(tmp1));
+! 	OPENSSL_cleanse(iv1,sizeof(iv1));
+! 	OPENSSL_cleanse(iv2,sizeof(iv2));
+  	return(1);
+  err:
+  	SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_MALLOC_FAILURE);
+***************
+*** 426,432 ****
+  { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+  #endif
+  	tls1_generate_key_block(s,p1,p2,num);
+! 	memset(p2,0,num);
+  	OPENSSL_free(p2);
+  #ifdef TLS_DEBUG
+  printf("\nkey block\n");
+--- 426,432 ----
+  { int z; for (z=0; z<s->session->master_key_length; z++) printf("%02X%c",s->session->master_key[z],((z+1)%16)?' ':'\n'); }
+  #endif
+  	tls1_generate_key_block(s,p1,p2,num);
+! 	OPENSSL_cleanse(p2,num);
+  	OPENSSL_free(p2);
+  #ifdef TLS_DEBUG
+  printf("\nkey block\n");
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_meth.c ../RELENG_5_0/crypto/openssl/ssl/t1_meth.c
+*** crypto/openssl/ssl/t1_meth.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_5_0/crypto/openssl/ssl/t1_meth.c	Thu Feb 20 12:14:21 2003
+***************
+*** 76,88 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_data.ssl_connect=ssl3_connect;
+! 		TLSv1_data.ssl_accept=ssl3_accept;
+! 		TLSv1_data.get_ssl_method=tls1_get_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_data);
+  	}
+  
+--- 76,96 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 		
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_data.ssl_connect=ssl3_connect;
+! 			TLSv1_data.ssl_accept=ssl3_accept;
+! 			TLSv1_data.get_ssl_method=tls1_get_method;
+! 			init=0;
+! 			}
+! 
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
++ 	
+  	return(&TLSv1_data);
+  	}
+  
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/ssl/t1_srvr.c ../RELENG_5_0/crypto/openssl/ssl/t1_srvr.c
+*** crypto/openssl/ssl/t1_srvr.c	Mon Jan 10 01:22:00 2000
+--- ../RELENG_5_0/crypto/openssl/ssl/t1_srvr.c	Thu Feb 20 12:14:21 2003
+***************
+*** 80,90 ****
+  
+  	if (init)
+  		{
+! 		memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+! 			sizeof(SSL_METHOD));
+! 		TLSv1_server_data.ssl_accept=ssl3_accept;
+! 		TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+! 		init=0;
+  		}
+  	return(&TLSv1_server_data);
+  	}
+--- 80,97 ----
+  
+  	if (init)
+  		{
+! 		CRYPTO_w_lock(CRYPTO_LOCK_SSL_METHOD);
+! 
+! 		if (init)
+! 			{
+! 			memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(),
+! 				sizeof(SSL_METHOD));
+! 			TLSv1_server_data.ssl_accept=ssl3_accept;
+! 			TLSv1_server_data.get_ssl_method=tls1_get_server_method;
+! 			init=0;
+! 			}
+! 			
+! 		CRYPTO_w_unlock(CRYPTO_LOCK_SSL_METHOD);
+  		}
+  	return(&TLSv1_server_data);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/Makefile.ssl ../RELENG_5_0/crypto/openssl/test/Makefile.ssl
+*** crypto/openssl/test/Makefile.ssl	Tue Jul 30 09:38:04 2002
+--- ../RELENG_5_0/crypto/openssl/test/Makefile.ssl	Thu Feb 20 12:14:22 2003
+***************
+*** 85,91 ****
+  
+  all:	exe
+  
+! exe:	$(EXE)
+  
+  files:
+  	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+--- 85,91 ----
+  
+  all:	exe
+  
+! exe:	$(EXE) dummytest
+  
+  files:
+  	$(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+***************
+*** 93,98 ****
+--- 93,102 ----
+  links:
+  	@@$(TOP)/util/point.sh Makefile.ssl Makefile
+  
++ generate: $(SRC)
++ $(SRC):
++ 	@$(TOP)/util/point.sh dummytest.c $@
++ 
+  errors:
+  
+  install:
+***************
+*** 109,115 ****
+  	test_ss test_ca test_ssl
+  
+  apps:
+! 	@(cd ../apps; $(MAKE)  CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' all)
+  
+  test_des:
+  	./$(DESTEST)
+--- 113,119 ----
+  	test_ss test_ca test_ssl
+  
+  apps:
+! 	@(cd ..; $(MAKE) DIRS=apps all)
+  
+  test_des:
+  	./$(DESTEST)
+***************
+*** 233,239 ****
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+--- 237,243 ----
+  	lint -DLINT $(INCLUDES) $(SRC)>fluff
+  
+  depend:
+! 	$(MAKEDEPEND) -- $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(SRC)
+  
+  dclean:
+  	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+***************
+*** 243,252 ****
+  	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+  
+  $(DLIBSSL):
+! 	(cd ../ssl; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(DLIBCRYPTO):
+! 	(cd ../crypto; $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}')
+  
+  $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+  	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+--- 247,256 ----
+  	rm -f .rnd tmp.bntest tmp.bctest *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff $(EXE) *.ss log
+  
+  $(DLIBSSL):
+! 	(cd ..; $(MAKE) DIRS=ssl all)
+  
+  $(DLIBCRYPTO):
+! 	(cd ..; $(MAKE) DIRS=crypto all)
+  
+  $(RSATEST): $(RSATEST).o $(DLIBCRYPTO)
+  	$(CC) -o $(RSATEST) $(CFLAGS) $(RSATEST).o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
+***************
+*** 317,325 ****
+  $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+  	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+  
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! bftest.o: ../include/openssl/blowfish.h
+  bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+--- 321,333 ----
+  $(SSLTEST): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
+  	$(CC) -o $(SSLTEST) $(CFLAGS) $(SSLTEST).o $(PEX_LIBS) $(LIBSSL) $(LIBCRYPTO) $(EX_LIBS)
+  
++ dummytest: dummytest.o $(DLIBCRYPTO)
++ 	$(CC) -o dummytest $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS)
++ 
+  # DO NOT DELETE THIS LINE -- make depend depends on it.
+  
+! bftest.o: ../e_os.h ../include/openssl/blowfish.h ../include/openssl/e_os2.h
+! bftest.o: ../include/openssl/opensslconf.h
+  bntest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  bntest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  bntest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+***************
+*** 339,367 ****
+  bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+  bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+  bntest.o: ../include/openssl/x509_vfy.h
+! casttest.o: ../include/openssl/cast.h
+  destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  destest.o: ../include/openssl/opensslconf.h
+! dhtest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dhtest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! dhtest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dhtest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! dhtest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! dsatest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dsatest.o: ../include/openssl/dsa.h ../include/openssl/err.h
+! dsatest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! dsatest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! dsatest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! dsatest.o: ../include/openssl/symhacks.h
+! exptest.o: ../include/openssl/bio.h ../include/openssl/bn.h
+! exptest.o: ../include/openssl/crypto.h ../include/openssl/err.h
+! exptest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! exptest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! exptest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! exptest.o: ../include/openssl/symhacks.h
+! hmactest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+  hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+--- 347,377 ----
+  bntest.o: ../include/openssl/sha.h ../include/openssl/stack.h
+  bntest.o: ../include/openssl/symhacks.h ../include/openssl/x509.h
+  bntest.o: ../include/openssl/x509_vfy.h
+! casttest.o: ../e_os.h ../include/openssl/cast.h ../include/openssl/e_os2.h
+! casttest.o: ../include/openssl/opensslconf.h
+  destest.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  destest.o: ../include/openssl/opensslconf.h
+! dhtest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+  dhtest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dhtest.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+! dhtest.o: ../include/openssl/lhash.h ../include/openssl/opensslconf.h
+! dhtest.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+! dhtest.o: ../include/openssl/safestack.h ../include/openssl/stack.h
+! dhtest.o: ../include/openssl/symhacks.h
+! dsatest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+  dsatest.o: ../include/openssl/crypto.h ../include/openssl/dh.h
+! dsatest.o: ../include/openssl/dsa.h ../include/openssl/e_os2.h
+! dsatest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! dsatest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! dsatest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! dsatest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! exptest.o: ../e_os.h ../include/openssl/bio.h ../include/openssl/bn.h
+! exptest.o: ../include/openssl/crypto.h ../include/openssl/e_os2.h
+! exptest.o: ../include/openssl/err.h ../include/openssl/lhash.h
+! exptest.o: ../include/openssl/opensslconf.h ../include/openssl/opensslv.h
+! exptest.o: ../include/openssl/rand.h ../include/openssl/safestack.h
+! exptest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! hmactest.o: ../e_os.h ../include/openssl/asn1.h ../include/openssl/bio.h
+  hmactest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  hmactest.o: ../include/openssl/cast.h ../include/openssl/crypto.h
+  hmactest.o: ../include/openssl/des.h ../include/openssl/dh.h
+***************
+*** 376,392 ****
+  hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+  hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+  hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ideatest.o: ../include/openssl/idea.h ../include/openssl/opensslconf.h
+! md2test.o: ../include/openssl/md2.h ../include/openssl/opensslconf.h
+! md4test.o: ../include/openssl/md4.h
+! md5test.o: ../include/openssl/md5.h
+! mdc2test.o: ../include/openssl/des.h ../include/openssl/e_os2.h
+  mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+! randtest.o: ../include/openssl/rand.h
+  rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
+  rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+! rc5test.o: ../include/openssl/rc5.h
+! rmdtest.o: ../include/openssl/ripemd.h
+  rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+--- 386,411 ----
+  hmactest.o: ../include/openssl/ripemd.h ../include/openssl/rsa.h
+  hmactest.o: ../include/openssl/safestack.h ../include/openssl/sha.h
+  hmactest.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! ideatest.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/idea.h
+! ideatest.o: ../include/openssl/opensslconf.h
+! md2test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md2.h
+! md2test.o: ../include/openssl/opensslconf.h
+! md4test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md4.h
+! md4test.o: ../include/openssl/opensslconf.h
+! md5test.o: ../e_os.h ../include/openssl/e_os2.h ../include/openssl/md5.h
+! md5test.o: ../include/openssl/opensslconf.h
+! mdc2test.o: ../e_os.h ../include/openssl/des.h ../include/openssl/e_os2.h
+  mdc2test.o: ../include/openssl/mdc2.h ../include/openssl/opensslconf.h
+! randtest.o: ../e_os.h ../include/openssl/e_os2.h
+! randtest.o: ../include/openssl/opensslconf.h ../include/openssl/rand.h
+! rc2test.o: ../e_os.h ../include/openssl/e_os2.h
+  rc2test.o: ../include/openssl/opensslconf.h ../include/openssl/rc2.h
++ rc4test.o: ../e_os.h ../include/openssl/e_os2.h
+  rc4test.o: ../include/openssl/opensslconf.h ../include/openssl/rc4.h
+! rc5test.o: ../e_os.h ../include/openssl/e_os2.h
+! rc5test.o: ../include/openssl/opensslconf.h ../include/openssl/rc5.h
+! rmdtest.o: ../e_os.h ../include/openssl/e_os2.h
+! rmdtest.o: ../include/openssl/opensslconf.h ../include/openssl/ripemd.h
+  rsa_test.o: ../include/openssl/bio.h ../include/openssl/bn.h
+  rsa_test.o: ../include/openssl/crypto.h ../include/openssl/e_os.h
+  rsa_test.o: ../include/openssl/e_os2.h ../include/openssl/err.h
+***************
+*** 394,401 ****
+  rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+  rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+  rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! sha1test.o: ../include/openssl/sha.h
+! shatest.o: ../include/openssl/sha.h
+  ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+--- 413,422 ----
+  rsa_test.o: ../include/openssl/opensslv.h ../include/openssl/rand.h
+  rsa_test.o: ../include/openssl/rsa.h ../include/openssl/safestack.h
+  rsa_test.o: ../include/openssl/stack.h ../include/openssl/symhacks.h
+! sha1test.o: ../e_os.h ../include/openssl/e_os2.h
+! sha1test.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
+! shatest.o: ../e_os.h ../include/openssl/e_os2.h
+! shatest.o: ../include/openssl/opensslconf.h ../include/openssl/sha.h
+  ssltest.o: ../include/openssl/asn1.h ../include/openssl/bio.h
+  ssltest.o: ../include/openssl/blowfish.h ../include/openssl/bn.h
+  ssltest.o: ../include/openssl/buffer.h ../include/openssl/cast.h
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/methtest.c ../RELENG_5_0/crypto/openssl/test/methtest.c
+*** crypto/openssl/test/methtest.c	Mon Jan 10 01:22:01 2000
+--- ../RELENG_5_0/crypto/openssl/test/methtest.c	Thu Feb 20 12:14:22 2003
+***************
+*** 96,105 ****
+  	METH_init(top);
+  	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+  	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+! 	exit(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	exit(1);
+  	return(0);
+  	}
+--- 96,105 ----
+  	METH_init(top);
+  	METH_control(tmp1,METH_CONTROL_DUMP,stdout);
+  	METH_control(tmp2,METH_CONTROL_DUMP,stdout);
+! 	EXIT(0);
+  err:
+  	ERR_load_crypto_strings();
+  	ERR_print_errors_fp(stderr);
+! 	EXIT(1);
+  	return(0);
+  	}
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/test/testssl ../RELENG_5_0/crypto/openssl/test/testssl
+*** crypto/openssl/test/testssl	Thu Apr 13 02:32:53 2000
+--- ../RELENG_5_0/crypto/openssl/test/testssl	Thu Feb 20 12:14:22 2003
+***************
+*** 112,119 ****
+  
+  #############################################################################
+  
+! echo test tls1 with 1024bit anonymous DH, multiple handshakes
+! $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+  
+  if ../apps/openssl no-rsa; then
+    echo skipping RSA tests
+--- 112,123 ----
+  
+  #############################################################################
+  
+! if ../apps/openssl no-dh; then
+!   echo skipping anonymous DH tests
+! else
+!   echo test tls1 with 1024bit anonymous DH, multiple handshakes
+!   $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time || exit 1
+! fi
+  
+  if ../apps/openssl no-rsa; then
+    echo skipping RSA tests
+***************
+*** 121,128 ****
+    echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
+  
+!   echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+!   ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+  fi
+  
+  exit 0
+--- 125,136 ----
+    echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
+    ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time || exit 1
+  
+!   if ../apps/openssl no-dh; then
+!     echo skipping RSA+DHE tests
+!   else
+!     echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
+!     ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time || exit 1
+!   fi
+  fi
+  
+  exit 0
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash ../RELENG_5_0/crypto/openssl/tools/c_rehash
+*** crypto/openssl/tools/c_rehash	Fri Aug  9 21:46:08 2002
+--- ../RELENG_5_0/crypto/openssl/tools/c_rehash	Thu Feb 20 12:14:22 2003
+***************
+*** 100,106 ****
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 100,107 ----
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+***************
+*** 130,136 ****
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 131,138 ----
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/tools/c_rehash.in ../RELENG_5_0/crypto/openssl/tools/c_rehash.in
+*** crypto/openssl/tools/c_rehash.in	Sat May 19 23:07:18 2001
+--- ../RELENG_5_0/crypto/openssl/tools/c_rehash.in	Thu Feb 20 12:14:22 2003
+***************
+*** 100,106 ****
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl x509 -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 100,107 ----
+  
+  sub link_hash_cert {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" x509 -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+***************
+*** 130,136 ****
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		my ($hash, $fprint) = `$openssl crl -hash -fingerprint -noout -in $fname`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+--- 131,138 ----
+  
+  sub link_hash_crl {
+  		my $fname = $_[0];
+! 		$fname =~ s/'/'\\''/g;
+! 		my ($hash, $fprint) = `"$openssl" crl -hash -fingerprint -noout -in '$fname'`;
+  		chomp $hash;
+  		chomp $fprint;
+  		$fprint =~ s/^.*=//;
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/libeay.num ../RELENG_5_0/crypto/openssl/util/libeay.num
+*** crypto/openssl/util/libeay.num	Tue Jul 30 08:44:14 2002
+--- ../RELENG_5_0/crypto/openssl/util/libeay.num	Thu Feb 20 12:14:22 2003
+***************
+*** 301,308 ****
+  EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
+  EVP_des_ofb                             310	EXIST::FUNCTION:DES
+  EVP_desx_cbc                            311	EXIST::FUNCTION:DES
+! EVP_dss                                 312	EXIST::FUNCTION:SHA,DSA
+! EVP_dss1                                313	EXIST::FUNCTION:SHA,DSA
+  EVP_enc_null                            314	EXIST::FUNCTION:
+  EVP_get_cipherbyname                    315	EXIST::FUNCTION:
+  EVP_get_digestbyname                    316	EXIST::FUNCTION:
+--- 301,308 ----
+  EVP_des_ede_ofb                         309	EXIST::FUNCTION:DES
+  EVP_des_ofb                             310	EXIST::FUNCTION:DES
+  EVP_desx_cbc                            311	EXIST::FUNCTION:DES
+! EVP_dss                                 312	EXIST::FUNCTION:DSA,SHA
+! EVP_dss1                                313	EXIST::FUNCTION:DSA,SHA
+  EVP_enc_null                            314	EXIST::FUNCTION:
+  EVP_get_cipherbyname                    315	EXIST::FUNCTION:
+  EVP_get_digestbyname                    316	EXIST::FUNCTION:
+***************
+*** 1212,1218 ****
+  str_dup                                 1240	NOEXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+! BIO_s_log                               1243	EXIST:!WIN16,!WIN32,!macintosh:FUNCTION:
+  BIO_f_reliable                          1244	EXIST::FUNCTION:
+  PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+  PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+--- 1212,1218 ----
+  str_dup                                 1240	NOEXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED                     1241	EXIST::FUNCTION:
+  i2s_ASN1_ENUMERATED_TABLE               1242	EXIST::FUNCTION:
+! BIO_s_log                               1243	EXIST:!WIN32,!macintosh,!WIN16:FUNCTION:
+  BIO_f_reliable                          1244	EXIST::FUNCTION:
+  PKCS7_dataFinal                         1245	EXIST::FUNCTION:
+  PKCS7_dataDecode                        1246	EXIST::FUNCTION:
+***************
+*** 1934,1936 ****
+--- 1934,1937 ----
+  BN_pseudo_rand_range                    2523	EXIST::FUNCTION:
+  X509_STORE_CTX_set_verify_cb            2524	EXIST::FUNCTION:
+  ERR_load_COMP_strings                   2525	EXIST::FUNCTION:
++ OPENSSL_cleanse                         3245	EXIST::FUNCTION:
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mk1mf.pl ../RELENG_5_0/crypto/openssl/util/mk1mf.pl
+*** crypto/openssl/util/mk1mf.pl	Tue Jul 30 09:38:05 2002
+--- ../RELENG_5_0/crypto/openssl/util/mk1mf.pl	Thu Feb 20 12:14:22 2003
+***************
+*** 206,212 ****
+  $cflags.=" -DNO_MD5"  if $no_md5;
+  $cflags.=" -DNO_SHA"  if $no_sha;
+  $cflags.=" -DNO_SHA1" if $no_sha1;
+! $cflags.=" -DNO_RIPEMD" if $no_rmd160;
+  $cflags.=" -DNO_MDC2" if $no_mdc2;
+  $cflags.=" -DNO_BF"  if $no_bf;
+  $cflags.=" -DNO_CAST" if $no_cast;
+--- 206,212 ----
+  $cflags.=" -DNO_MD5"  if $no_md5;
+  $cflags.=" -DNO_SHA"  if $no_sha;
+  $cflags.=" -DNO_SHA1" if $no_sha1;
+! $cflags.=" -DNO_RIPEMD" if $no_ripemd;
+  $cflags.=" -DNO_MDC2" if $no_mdc2;
+  $cflags.=" -DNO_BF"  if $no_bf;
+  $cflags.=" -DNO_CAST" if $no_cast;
+***************
+*** 674,680 ****
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_rmd160;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+--- 674,680 ----
+  	@a=grep(!/(^md2)|(_md2$)/,@a) if $no_md2;
+  	@a=grep(!/(^md4)|(_md4$)/,@a) if $no_md4;
+  	@a=grep(!/(^md5)|(_md5$)/,@a) if $no_md5;
+! 	@a=grep(!/(rmd)|(ripemd)/,@a) if $no_ripemd;
+  
+  	@a=grep(!/(^d2i_r_)|(^i2d_r_)/,@a) if $no_rsa;
+  	@a=grep(!/(^p_open$)|(^p_seal$)/,@a) if $no_rsa;
+***************
+*** 883,889 ****
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_rmd160=$no_rc5=1; }
+  
+  	elsif (/^rsaref$/)	{ $rsaref=1; }
+  	elsif (/^gcc$/)		{ $gcc=1; }
+--- 883,889 ----
+  
+  	elsif (/^just-ssl$/)	{ $no_rc2=$no_idea=$no_des=$no_bf=$no_cast=1;
+  				  $no_md2=$no_sha=$no_mdc2=$no_dsa=$no_dh=1;
+! 				  $no_ssl2=$no_err=$no_ripemd=$no_rc5=1; }
+  
+  	elsif (/^rsaref$/)	{ $rsaref=1; }
+  	elsif (/^gcc$/)		{ $gcc=1; }
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/mkcerts.sh ../RELENG_5_0/crypto/openssl/util/mkcerts.sh
+*** crypto/openssl/util/mkcerts.sh	Mon Jan 10 01:22:05 2000
+--- ../RELENG_5_0/crypto/openssl/util/mkcerts.sh	Thu Feb 20 12:14:22 2003
+***************
+*** 1,4 ****
+! #!bin/sh
+  
+  # This script will re-make all the required certs.
+  # cd apps
+--- 1,4 ----
+! #!/bin/sh
+  
+  # This script will re-make all the required certs.
+  # cd apps
+***************
+*** 12,19 ****
+  #
+   
+  CAbits=1024
+! SSLEAY="../apps/ssleay"
+! CONF="-config ../apps/ssleay.cnf"
+  
+  # create pca request.
+  echo creating $CAbits bit PCA cert request
+--- 12,19 ----
+  #
+   
+  CAbits=1024
+! SSLEAY="../apps/openssl"
+! CONF="-config ../apps/openssl.cnf"
+  
+  # create pca request.
+  echo creating $CAbits bit PCA cert request
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pl/BC-32.pl ../RELENG_5_0/crypto/openssl/util/pl/BC-32.pl
+*** crypto/openssl/util/pl/BC-32.pl	Tue Jul 30 09:38:06 2002
+--- ../RELENG_5_0/crypto/openssl/util/pl/BC-32.pl	Thu Feb 20 12:14:23 2003
+***************
+*** 52,60 ****
+  $shlib_ex_obj="";
+  $app_ex_obj="c0x32.obj"; 
+  
+! $asm='n_o_T_a_s_m';
+  $asm.=" /Zi" if $debug;
+! $afile='/Fo';
+  
+  $bn_mulw_obj='';
+  $bn_mulw_src='';
+--- 52,60 ----
+  $shlib_ex_obj="";
+  $app_ex_obj="c0x32.obj"; 
+  
+! $asm='nasmw -f obj';
+  $asm.=" /Zi" if $debug;
+! $afile='-o';
+  
+  $bn_mulw_obj='';
+  $bn_mulw_src='';
+diff --exclude=CVS -I\$FreeBSD -rcN crypto/openssl/util/pod2mantest ../RELENG_5_0/crypto/openssl/util/pod2mantest
+*** crypto/openssl/util/pod2mantest	Tue Jul 30 09:38:06 2002
+--- ../RELENG_5_0/crypto/openssl/util/pod2mantest	Thu Feb 20 12:14:22 2003
+***************
+*** 11,17 ****
+  
+  
+  IFS=:
+! try_without_dir=false
+  # First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+  for dir in dummy:$PATH; do
+      if [ "$try_without_dir" = true ]; then
+--- 11,18 ----
+  
+  
+  IFS=:
+! 
+! try_without_dir=true
+  # First we try "pod2man", then "$dir/pod2man" for each item in $PATH.
+  for dir in dummy:$PATH; do
+      if [ "$try_without_dir" = true ]; then
+***************
+*** 29,37 ****
+      if [ ! "$pod2man" = '' ]; then
+          failure=none
+  
+  
+! 	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null 2>&1; then
+! 	    failure=MultilineTest
+  	fi
+  
+  
+--- 30,45 ----
+      if [ ! "$pod2man" = '' ]; then
+          failure=none
+  
++ 	if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | fgrep OpenSSL >/dev/null; then
++ 	    :
++ 	else
++ 	    failure=BasicTest
++ 	fi
+  
+! 	if [ "$failure" = none ]; then
+! 	    if "$pod2man" --section=1 --center=OpenSSL --release=dev pod2mantest.pod | grep '^MARKER - ' >/dev/null; then
+! 	        failure=MultilineTest
+! 	    fi
+  	fi
+  
+  
+***************
+*** 45,53 ****
+  done
+  
+  echo "No working pod2man found.  Consider installing a new version." >&2
+! if [ "$1" = ignore ]; then
+!   echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+!   echo "../../util/pod2man.pl"
+!   exit 0
+! fi
+! exit 1
+--- 53,57 ----
+  done
+  
+  echo "No working pod2man found.  Consider installing a new version." >&2
+! echo "As a workaround, we'll use a bundled old copy of pod2man.pl." >&2
+! echo "$1 ../../util/pod2man.pl"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/Makefile ../RELENG_5_0/secure/lib/libcrypto/Makefile
+*** secure/lib/libcrypto/Makefile	Thu Nov 21 03:48:08 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/Makefile	Thu Feb 20 12:14:23 2003
+***************
+*** 30,37 ****
+  NOLINT=		true
+  
+  # base sources
+! SRCS+=	cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_dbg.c \
+! 	tmdiff.c uid.c
+  
+  # asn1
+  SRCS+=	a_bitstr.c a_bmp.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \
+--- 30,37 ----
+  NOLINT=		true
+  
+  # base sources
+! SRCS+=	cpt_err.c cryptlib.c cversion.c ebcdic.c ex_data.c mem.c mem_clr.c \
+! 	mem_dbg.c tmdiff.c uid.c
+  
+  # asn1
+  SRCS+=	a_bitstr.c a_bmp.c a_bool.c a_bytes.c a_d2i_fp.c a_digest.c \
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_ctrl.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_ctrl.3
+*** secure/lib/libcrypto/man/BIO_ctrl.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_ctrl.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:01 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_ctrl 3"
+! .TH BIO_ctrl 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_ctrl 3"
+! .TH BIO_ctrl 3 "0.9.6i" "2000-09-18" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_ctrl, BIO_callback_ctrl, BIO_ptr_ctrl, BIO_int_ctrl, BIO_reset,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_base64.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_base64.3
+*** secure/lib/libcrypto/man/BIO_f_base64.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_base64.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:01 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_base64 3"
+! .TH BIO_f_base64 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_base64 \- base64 \s-1BIO\s0 filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_base64 3"
+! .TH BIO_f_base64 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_base64 \- base64 \s-1BIO\s0 filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_buffer.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_buffer.3
+*** secure/lib/libcrypto/man/BIO_f_buffer.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_buffer.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:02 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_buffer 3"
+! .TH BIO_f_buffer 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_buffer \- buffering \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_buffer 3"
+! .TH BIO_f_buffer 3 "0.9.6i" "2000-09-18" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_buffer \- buffering \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_cipher.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_cipher.3
+*** secure/lib/libcrypto/man/BIO_f_cipher.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_cipher.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:03 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_cipher 3"
+! .TH BIO_f_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_cipher 3"
+! .TH BIO_f_cipher 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_cipher, BIO_set_cipher, BIO_get_cipher_status, BIO_get_cipher_ctx \- cipher \s-1BIO\s0 filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_md.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_md.3
+*** secure/lib/libcrypto/man/BIO_f_md.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_md.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:03 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_md 3"
+! .TH BIO_f_md 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_md 3"
+! .TH BIO_f_md 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_md, BIO_set_md, BIO_get_md, BIO_get_md_ctx \- message digest \s-1BIO\s0 filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_null.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_null.3
+*** secure/lib/libcrypto/man/BIO_f_null.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_null.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:04 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_null 3"
+! .TH BIO_f_null 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_null \- null filter
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_null 3"
+! .TH BIO_f_null 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_null \- null filter
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_f_ssl.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_ssl.3
+*** secure/lib/libcrypto/man/BIO_f_ssl.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_f_ssl.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:05 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:04 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_ssl 3"
+! .TH BIO_f_ssl 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_f_ssl 3"
+! .TH BIO_f_ssl 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_f_ssl, BIO_set_ssl, BIO_get_ssl, BIO_set_ssl_mode, BIO_set_ssl_renegotiate_bytes,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_find_type.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_find_type.3
+*** secure/lib/libcrypto/man/BIO_find_type.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_find_type.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:05 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_find_type 3"
+! .TH BIO_find_type 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_find_type 3"
+! .TH BIO_find_type 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_find_type, BIO_next \- \s-1BIO\s0 chain traversal
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_new.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_new.3
+*** secure/lib/libcrypto/man/BIO_new.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_new.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:06 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_new 3"
+! .TH BIO_new 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_new 3"
+! .TH BIO_new 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_new, BIO_set, BIO_free, BIO_vfree, BIO_free_all \- \s-1BIO\s0 allocation and freeing functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_new_bio_pair.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_new_bio_pair.3
+*** secure/lib/libcrypto/man/BIO_new_bio_pair.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_new_bio_pair.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:06 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_new_bio_pair 3"
+! .TH BIO_new_bio_pair 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_new_bio_pair \- create a new \s-1BIO\s0 pair
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_new_bio_pair 3"
+! .TH BIO_new_bio_pair 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_new_bio_pair \- create a new \s-1BIO\s0 pair
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_push.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_push.3
+*** secure/lib/libcrypto/man/BIO_push.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_push.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:07 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_push 3"
+! .TH BIO_push 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_push, BIO_pop \- add and remove BIOs from a chain.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_push 3"
+! .TH BIO_push 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_push, BIO_pop \- add and remove BIOs from a chain.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_read.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_read.3
+*** secure/lib/libcrypto/man/BIO_read.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_read.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:08 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:05 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_read 3"
+! .TH BIO_read 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_read 3"
+! .TH BIO_read 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_read, BIO_write, BIO_gets, BIO_puts \- \s-1BIO\s0 I/O functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_accept.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_accept.3
+*** secure/lib/libcrypto/man/BIO_s_accept.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_accept.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:08 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_accept 3"
+! .TH BIO_s_accept 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_accept 3"
+! .TH BIO_s_accept 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_accept, BIO_set_nbio, BIO_set_accept_port, BIO_get_accept_port,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_bio.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_bio.3
+*** secure/lib/libcrypto/man/BIO_s_bio.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_bio.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:09 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_bio 3"
+! .TH BIO_s_bio 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, 
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_bio 3"
+! .TH BIO_s_bio 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_bio, BIO_make_bio_pair, BIO_destroy_bio_pair, BIO_shutdown_wr, 
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_connect.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_connect.3
+*** secure/lib/libcrypto/man/BIO_s_connect.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_connect.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:09 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_connect 3"
+! .TH BIO_s_connect 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_connect 3"
+! .TH BIO_s_connect 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_connect, BIO_set_conn_hostname, BIO_set_conn_port,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_fd.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_fd.3
+*** secure/lib/libcrypto/man/BIO_s_fd.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_fd.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:10 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_fd 3"
+! .TH BIO_s_fd 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_fd 3"
+! .TH BIO_s_fd 3 "0.9.6i" "2000-09-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_fd, BIO_set_fd, BIO_get_fd, BIO_new_fd \- file descriptor \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_file.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_file.3
+*** secure/lib/libcrypto/man/BIO_s_file.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_file.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:11 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:06 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_file 3"
+! .TH BIO_s_file 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_file 3"
+! .TH BIO_s_file 3 "0.9.6i" "2000-09-18" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_file, BIO_new_file, BIO_new_fp, BIO_set_fp, BIO_get_fp,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_mem.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_mem.3
+*** secure/lib/libcrypto/man/BIO_s_mem.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_mem.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:11 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:07 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_mem 3"
+! .TH BIO_s_mem 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_mem 3"
+! .TH BIO_s_mem 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_mem, BIO_set_mem_eof_return, BIO_get_mem_data, BIO_set_mem_buf,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_null.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_null.3
+*** secure/lib/libcrypto/man/BIO_s_null.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_null.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:12 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:07 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_null 3"
+! .TH BIO_s_null 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_null \- null data sink
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_null 3"
+! .TH BIO_s_null 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_null \- null data sink
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_s_socket.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_socket.3
+*** secure/lib/libcrypto/man/BIO_s_socket.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_s_socket.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:13 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:07 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_socket 3"
+! .TH BIO_s_socket 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_s_socket 3"
+! .TH BIO_s_socket 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_s_socket, BIO_new_socket \- socket \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_set_callback.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_set_callback.3
+*** secure/lib/libcrypto/man/BIO_set_callback.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_set_callback.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:13 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:07 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_set_callback 3"
+! .TH BIO_set_callback 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_set_callback 3"
+! .TH BIO_set_callback 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_set_callback, BIO_get_callback, BIO_set_callback_arg, BIO_get_callback_arg,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BIO_should_retry.3 ../RELENG_5_0/secure/lib/libcrypto/man/BIO_should_retry.3
+*** secure/lib/libcrypto/man/BIO_should_retry.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BIO_should_retry.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:14 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:08 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_should_retry 3"
+! .TH BIO_should_retry 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_should_retry, BIO_should_read, BIO_should_write,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BIO_should_retry 3"
+! .TH BIO_should_retry 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BIO_should_retry, BIO_should_read, BIO_should_write,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_CTX_new.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_CTX_new.3
+*** secure/lib/libcrypto/man/BN_CTX_new.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_CTX_new.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:14 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:08 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_new 3"
+! .TH BN_CTX_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_new 3"
+! .TH BN_CTX_new 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_new, BN_CTX_init, BN_CTX_free \- allocate and free \s-1BN_CTX\s0 structures
+***************
+*** 181,187 ****
+  \&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3), BN_add(3),
+  BN_CTX_start(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+--- 181,187 ----
+  \&\fIBN_CTX_init()\fR and \fIBN_CTX_free()\fR have no return values.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3), BN_add(3),
+  BN_CTX_start(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_CTX_start.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_CTX_start.3
+*** secure/lib/libcrypto/man/BN_CTX_start.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_CTX_start.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:15 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:08 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_start 3"
+! .TH BN_CTX_start 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_CTX_start 3"
+! .TH BN_CTX_start 3 "0.9.6i" "2000-07-11" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_CTX_start, BN_CTX_get, BN_CTX_end \- use temporary \s-1BIGNUM\s0 variables
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_add.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_add.3
+*** secure/lib/libcrypto/man/BN_add.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_add.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:16 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:08 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add 3"
+! .TH BN_add 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add 3"
+! .TH BN_add 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add, BN_sub, BN_mul, BN_div, BN_sqr, BN_mod, BN_mod_mul, BN_exp,
+***************
+*** 233,239 ****
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3), BN_CTX_new(3),
+  BN_add_word(3), BN_set_bit(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+--- 233,239 ----
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3), BN_CTX_new(3),
+  BN_add_word(3), BN_set_bit(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_add_word.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_add_word.3
+*** secure/lib/libcrypto/man/BN_add_word.3	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_add_word.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:16 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:08 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add_word 3"
+! .TH BN_add_word 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_add_word 3"
+! .TH BN_add_word 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_add_word, BN_sub_word, BN_mul_word, BN_div_word, BN_mod_word \- arithmetic
+***************
+*** 188,194 ****
+  \&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3), BN_add(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of
+--- 188,194 ----
+  \&\fIBN_mod_word()\fR and \fIBN_div_word()\fR return \fBa\fR%\fBw\fR.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3), BN_add(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIBN_add_word()\fR and \fIBN_mod_word()\fR are available in all versions of
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_bn2bin.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_bn2bin.3
+*** secure/lib/libcrypto/man/BN_bn2bin.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_bn2bin.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:17 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:09 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_bn2bin 3"
+! .TH BN_bn2bin 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_bn2bin 3"
+! .TH BN_bn2bin 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_bn2bin, BN_bin2bn, BN_bn2hex, BN_bn2dec, BN_hex2bn, BN_dec2bn,
+***************
+*** 221,227 ****
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3), BN_zero(3),
+  ASN1_INTEGER_to_BN(3),
+  BN_num_bytes(3)
+  .SH "HISTORY"
+--- 221,227 ----
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3), BN_zero(3),
+  ASN1_INTEGER_to_BN(3),
+  BN_num_bytes(3)
+  .SH "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_cmp.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_cmp.3
+*** secure/lib/libcrypto/man/BN_cmp.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_cmp.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:18 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:09 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_cmp 3"
+! .TH BN_cmp 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_cmp 3"
+! .TH BN_cmp 3 "0.9.6i" "2000-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_cmp, BN_ucmp, BN_is_zero, BN_is_one, BN_is_word, BN_is_odd \- \s-1BIGNUM\s0 comparison and test functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_copy.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_copy.3
+*** secure/lib/libcrypto/man/BN_copy.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_copy.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:18 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:09 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_copy 3"
+! .TH BN_copy 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_copy, BN_dup \- copy BIGNUMs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_copy 3"
+! .TH BN_copy 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_copy, BN_dup \- copy BIGNUMs
+***************
+*** 164,170 ****
+  by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL.
+--- 164,170 ----
+  by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIBN_copy()\fR and \fIBN_dup()\fR are available in all versions of SSLeay and OpenSSL.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_generate_prime.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_generate_prime.3
+*** secure/lib/libcrypto/man/BN_generate_prime.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_generate_prime.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:19 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:09 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_generate_prime 3"
+! .TH BN_generate_prime 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_generate_prime 3"
+! .TH BN_generate_prime 3 "0.9.6i" "2003-01-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_generate_prime, BN_is_prime, BN_is_prime_fasttest \- generate primes and test for primality
+***************
+*** 202,208 ****
+  .PP
+  Both \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR perform a Miller-Rabin
+  probabilistic primality test with \fBchecks\fR iterations. If
+! \&\fBchecks == BN_prime_check\fR, a number of iterations is used that
+  yields a false positive rate of at most 2^\-80 for random input.
+  .PP
+  If \fBcallback\fR is not \fB\s-1NULL\s0\fR, \fBcallback(1, j, cb_arg)\fR is called
+--- 202,208 ----
+  .PP
+  Both \fIBN_is_prime()\fR and \fIBN_is_prime_fasttest()\fR perform a Miller-Rabin
+  probabilistic primality test with \fBchecks\fR iterations. If
+! \&\fBchecks == BN_prime_checks\fR, a number of iterations is used that
+  yields a false positive rate of at most 2^\-80 for random input.
+  .PP
+  If \fBcallback\fR is not \fB\s-1NULL\s0\fR, \fBcallback(1, j, cb_arg)\fR is called
+***************
+*** 220,226 ****
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3), rand(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR
+--- 220,226 ----
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3), rand(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  The \fBcb_arg\fR arguments to \fIBN_generate_prime()\fR and to \fIBN_is_prime()\fR
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_mod_inverse.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_mod_inverse.3
+*** secure/lib/libcrypto/man/BN_mod_inverse.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_mod_inverse.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:19 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:09 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_inverse 3"
+! .TH BN_mod_inverse 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_inverse \- compute inverse modulo n
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_inverse 3"
+! .TH BN_mod_inverse 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_inverse \- compute inverse modulo n
+***************
+*** 165,171 ****
+  \&\s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3), BN_add(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL.
+--- 165,171 ----
+  \&\s-1NULL\s0 on error. The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3), BN_add(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIBN_mod_inverse()\fR is available in all versions of SSLeay and OpenSSL.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_mod_mul_montgomery.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3
+*** secure/lib/libcrypto/man/BN_mod_mul_montgomery.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_mod_mul_montgomery.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:20 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:10 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_montgomery 3"
+! .TH BN_mod_mul_montgomery 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_montgomery 3"
+! .TH BN_mod_mul_montgomery 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_montgomery, BN_MONT_CTX_new, BN_MONT_CTX_init,
+***************
+*** 224,230 ****
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3), BN_add(3),
+  BN_CTX_new(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+--- 224,230 ----
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3), BN_add(3),
+  BN_CTX_new(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3
+*** secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_mod_mul_reciprocal.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:21 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:10 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_reciprocal 3"
+! .TH BN_mod_mul_reciprocal 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_mod_mul_reciprocal 3"
+! .TH BN_mod_mul_reciprocal 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_mod_mul_reciprocal,  BN_div_recp, BN_RECP_CTX_new, BN_RECP_CTX_init,
+***************
+*** 211,217 ****
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3), BN_add(3),
+  BN_CTX_new(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+--- 211,217 ----
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3), BN_add(3),
+  BN_CTX_new(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_new.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_new.3
+*** secure/lib/libcrypto/man/BN_new.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_new.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:21 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:10 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_new 3"
+! .TH BN_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_new 3"
+! .TH BN_new 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_new, BN_init, BN_clear, BN_free, BN_clear_free \- allocate and free BIGNUMs
+***************
+*** 184,190 ****
+  values.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in
+--- 184,190 ----
+  values.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIBN_new()\fR, \fIBN_clear()\fR, \fIBN_free()\fR and \fIBN_clear_free()\fR are available in
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_num_bytes.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_num_bytes.3
+*** secure/lib/libcrypto/man/BN_num_bytes.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_num_bytes.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:22 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:10 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_num_bytes 3"
+! .TH BN_num_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_num_bytes 3"
+! .TH BN_num_bytes 3 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_num_bits, BN_num_bytes, BN_num_bits_word \- get \s-1BIGNUM\s0 size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_rand.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_rand.3
+*** secure/lib/libcrypto/man/BN_rand.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_rand.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:22 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:10 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_rand 3"
+! .TH BN_rand 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_rand, BN_pseudo_rand \- generate pseudo-random number
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_rand 3"
+! .TH BN_rand 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_rand, BN_pseudo_rand \- generate pseudo-random number
+***************
+*** 186,192 ****
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), err(3), rand(3),
+  RAND_add(3), RAND_bytes(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+--- 186,192 ----
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! bn(3), ERR_get_error(3), rand(3),
+  RAND_add(3), RAND_bytes(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_set_bit.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_set_bit.3
+*** secure/lib/libcrypto/man/BN_set_bit.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_set_bit.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:23 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:11 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_set_bit 3"
+! .TH BN_set_bit 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_set_bit 3"
+! .TH BN_set_bit 3 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_set_bit, BN_clear_bit, BN_is_bit_set, BN_mask_bits, BN_lshift,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/BN_zero.3 ../RELENG_5_0/secure/lib/libcrypto/man/BN_zero.3
+*** secure/lib/libcrypto/man/BN_zero.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/BN_zero.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:24 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:11 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_zero 3"
+! .TH BN_zero 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "BN_zero 3"
+! .TH BN_zero 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BN_zero, BN_one, BN_value_one, BN_set_word, BN_get_word \- \s-1BIGNUM\s0 assignment
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/CA.pl.1 ../RELENG_5_0/secure/lib/libcrypto/man/CA.pl.1
+*** secure/lib/libcrypto/man/CA.pl.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/CA.pl.1	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:38 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CA.PL 1"
+! .TH CA.PL 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CA.PL 1"
+! .TH CA.PL 1 "0.9.6i" "2000-08-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1CA\s0.pl \- friendlier interface for OpenSSL certificate programs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/CRYPTO_set_ex_data.3 ../RELENG_5_0/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3
+*** secure/lib/libcrypto/man/CRYPTO_set_ex_data.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/CRYPTO_set_ex_data.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:24 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:11 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CRYPTO_set_ex_data 3"
+! .TH CRYPTO_set_ex_data 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CRYPTO_set_ex_data 3"
+! .TH CRYPTO_set_ex_data 3 "0.9.6i" "2000-01-29" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_ex_data, CRYPTO_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_generate_key.3 ../RELENG_5_0/secure/lib/libcrypto/man/DH_generate_key.3
+*** secure/lib/libcrypto/man/DH_generate_key.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DH_generate_key.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:25 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:11 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_key 3"
+! .TH DH_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_key 3"
+! .TH DH_generate_key 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_key, DH_compute_key \- perform Diffie-Hellman key exchange
+***************
+*** 179,185 ****
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dh(3), err(3), rand(3), DH_size(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions
+--- 179,185 ----
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dh(3), ERR_get_error(3), rand(3), DH_size(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIDH_generate_key()\fR and \fIDH_compute_key()\fR are available in all versions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_generate_parameters.3 ../RELENG_5_0/secure/lib/libcrypto/man/DH_generate_parameters.3
+*** secure/lib/libcrypto/man/DH_generate_parameters.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DH_generate_parameters.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:25 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:11 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_parameters 3"
+! .TH DH_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_generate_parameters 3"
+! .TH DH_generate_parameters 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_generate_parameters, DH_check \- generate and check Diffie-Hellman parameters
+***************
+*** 196,202 ****
+  a usable generator.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dh(3), err(3), rand(3), DH_free(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL.
+--- 196,203 ----
+  a usable generator.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dh(3), ERR_get_error(3), rand(3),
+! DH_free(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIDH_check()\fR is available in all versions of SSLeay and OpenSSL.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_get_ex_new_index.3 ../RELENG_5_0/secure/lib/libcrypto/man/DH_get_ex_new_index.3
+*** secure/lib/libcrypto/man/DH_get_ex_new_index.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DH_get_ex_new_index.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:26 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:12 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_get_ex_new_index 3"
+! .TH DH_get_ex_new_index 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_get_ex_new_index 3"
+! .TH DH_get_ex_new_index 3 "0.9.6i" "2002-07-10" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_get_ex_new_index, DH_set_ex_data, DH_get_ex_data \- add application specific data to \s-1DH\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_new.3 ../RELENG_5_0/secure/lib/libcrypto/man/DH_new.3
+*** secure/lib/libcrypto/man/DH_new.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DH_new.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:27 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:12 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_new 3"
+! .TH DH_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_new, DH_free \- allocate and free \s-1DH\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_new 3"
+! .TH DH_new 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_new, DH_free \- allocate and free \s-1DH\s0 objects
+***************
+*** 168,174 ****
+  \&\fIDH_free()\fR returns no value.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dh(3), err(3),
+  DH_generate_parameters(3),
+  DH_generate_key(3)
+  .SH "HISTORY"
+--- 168,174 ----
+  \&\fIDH_free()\fR returns no value.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dh(3), ERR_get_error(3),
+  DH_generate_parameters(3),
+  DH_generate_key(3)
+  .SH "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_set_method.3 ../RELENG_5_0/secure/lib/libcrypto/man/DH_set_method.3
+*** secure/lib/libcrypto/man/DH_set_method.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DH_set_method.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:27 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:12 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_set_method 3"
+! .TH DH_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_set_default_method, DH_get_default_method, DH_set_method,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_set_method 3"
+! .TH DH_set_method 3 "0.9.6i" "2000-05-29" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_set_default_method, DH_get_default_method, DH_set_method,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DH_size.3 ../RELENG_5_0/secure/lib/libcrypto/man/DH_size.3
+*** secure/lib/libcrypto/man/DH_size.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DH_size.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:28 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:12 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_size 3"
+! .TH DH_size 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_size \- get Diffie-Hellman prime size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DH_size 3"
+! .TH DH_size 3 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DH_size \- get Diffie-Hellman prime size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_SIG_new.3 ../RELENG_5_0/secure/lib/libcrypto/man/DSA_SIG_new.3
+*** secure/lib/libcrypto/man/DSA_SIG_new.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DSA_SIG_new.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:29 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:12 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_SIG_new 3"
+! .TH DSA_SIG_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_SIG_new 3"
+! .TH DSA_SIG_new 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_SIG_new, DSA_SIG_free \- allocate and free \s-1DSA\s0 signature objects
+***************
+*** 169,175 ****
+  \&\fIDSA_SIG_free()\fR returns no value.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), err(3), DSA_do_sign(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3.
+--- 169,176 ----
+  \&\fIDSA_SIG_free()\fR returns no value.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), ERR_get_error(3),
+! DSA_do_sign(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIDSA_SIG_new()\fR and \fIDSA_SIG_free()\fR were added in OpenSSL 0.9.3.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_do_sign.3 ../RELENG_5_0/secure/lib/libcrypto/man/DSA_do_sign.3
+*** secure/lib/libcrypto/man/DSA_do_sign.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DSA_do_sign.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:29 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:13 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_do_sign 3"
+! .TH DSA_do_sign 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_do_sign 3"
+! .TH DSA_do_sign 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_do_sign, DSA_do_verify \- raw \s-1DSA\s0 signature operations
+***************
+*** 175,181 ****
+  ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), err(3), rand(3),
+  DSA_SIG_new(3),
+  DSA_sign(3)
+  .SH "HISTORY"
+--- 175,181 ----
+  ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), ERR_get_error(3), rand(3),
+  DSA_SIG_new(3),
+  DSA_sign(3)
+  .SH "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_dup_DH.3 ../RELENG_5_0/secure/lib/libcrypto/man/DSA_dup_DH.3
+*** secure/lib/libcrypto/man/DSA_dup_DH.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DSA_dup_DH.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:30 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:13 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_dup_DH 3"
+! .TH DSA_dup_DH 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_dup_DH 3"
+! .TH DSA_dup_DH 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_dup_DH \- create a \s-1DH\s0 structure out of \s-1DSA\s0 structure
+***************
+*** 164,170 ****
+  Be careful to avoid small subgroup attacks when using this.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dh(3), dsa(3), err(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4.
+--- 164,170 ----
+  Be careful to avoid small subgroup attacks when using this.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dh(3), dsa(3), ERR_get_error(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIDSA_dup_DH()\fR was added in OpenSSL 0.9.4.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_generate_key.3 ../RELENG_5_0/secure/lib/libcrypto/man/DSA_generate_key.3
+*** secure/lib/libcrypto/man/DSA_generate_key.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DSA_generate_key.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:30 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:13 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_key 3"
+! .TH DSA_generate_key 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_key \- generate \s-1DSA\s0 key pair
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_key 3"
+! .TH DSA_generate_key 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_key \- generate \s-1DSA\s0 key pair
+***************
+*** 162,168 ****
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), err(3), rand(3), DSA_generate_parameters(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIDSA_generate_key()\fR is available since SSLeay 0.8.
+--- 162,169 ----
+  The error codes can be obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), ERR_get_error(3), rand(3),
+! DSA_generate_parameters(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIDSA_generate_key()\fR is available since SSLeay 0.8.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_generate_parameters.3 ../RELENG_5_0/secure/lib/libcrypto/man/DSA_generate_parameters.3
+*** secure/lib/libcrypto/man/DSA_generate_parameters.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DSA_generate_parameters.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:31 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:13 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_parameters 3"
+! .TH DSA_generate_parameters 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_parameters \- generate \s-1DSA\s0 parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_generate_parameters 3"
+! .TH DSA_generate_parameters 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_generate_parameters \- generate \s-1DSA\s0 parameters
+***************
+*** 209,215 ****
+  Seed lengths > 20 are not supported.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), err(3), rand(3),
+  DSA_free(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+--- 209,215 ----
+  Seed lengths > 20 are not supported.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), ERR_get_error(3), rand(3),
+  DSA_free(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_get_ex_new_index.3 ../RELENG_5_0/secure/lib/libcrypto/man/DSA_get_ex_new_index.3
+*** secure/lib/libcrypto/man/DSA_get_ex_new_index.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DSA_get_ex_new_index.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:32 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:13 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_get_ex_new_index 3"
+! .TH DSA_get_ex_new_index 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_get_ex_new_index 3"
+! .TH DSA_get_ex_new_index 3 "0.9.6i" "2000-01-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_get_ex_new_index, DSA_set_ex_data, DSA_get_ex_data \- add application specific data to \s-1DSA\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_new.3 ../RELENG_5_0/secure/lib/libcrypto/man/DSA_new.3
+*** secure/lib/libcrypto/man/DSA_new.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DSA_new.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:32 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:14 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_new 3"
+! .TH DSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_new 3"
+! .TH DSA_new 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_new, DSA_free \- allocate and free \s-1DSA\s0 objects
+***************
+*** 169,175 ****
+  \&\fIDSA_free()\fR returns no value.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), err(3),
+  DSA_generate_parameters(3),
+  DSA_generate_key(3)
+  .SH "HISTORY"
+--- 169,175 ----
+  \&\fIDSA_free()\fR returns no value.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), ERR_get_error(3),
+  DSA_generate_parameters(3),
+  DSA_generate_key(3)
+  .SH "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_set_method.3 ../RELENG_5_0/secure/lib/libcrypto/man/DSA_set_method.3
+*** secure/lib/libcrypto/man/DSA_set_method.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DSA_set_method.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:33 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:14 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_set_method 3"
+! .TH DSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_set_default_method, DSA_get_default_method, DSA_set_method,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_set_method 3"
+! .TH DSA_set_method 3 "0.9.6i" "2000-05-29" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_set_default_method, DSA_get_default_method, DSA_set_method,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_sign.3 ../RELENG_5_0/secure/lib/libcrypto/man/DSA_sign.3
+*** secure/lib/libcrypto/man/DSA_sign.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DSA_sign.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:33 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:14 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_sign 3"
+! .TH DSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_sign 3"
+! .TH DSA_sign 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_sign, DSA_sign_setup, DSA_verify \- \s-1DSA\s0 signatures
+***************
+*** 194,200 ****
+  Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), err(3), rand(3),
+  DSA_do_sign(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+--- 194,200 ----
+  Standard, \s-1DSS\s0), \s-1ANSI\s0 X9.30
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! dsa(3), ERR_get_error(3), rand(3),
+  DSA_do_sign(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/DSA_size.3 ../RELENG_5_0/secure/lib/libcrypto/man/DSA_size.3
+*** secure/lib/libcrypto/man/DSA_size.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/DSA_size.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:34 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:14 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_size 3"
+! .TH DSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_size \- get \s-1DSA\s0 signature size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA_size 3"
+! .TH DSA_size 3 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  DSA_size \- get \s-1DSA\s0 signature size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_GET_LIB.3 ../RELENG_5_0/secure/lib/libcrypto/man/ERR_GET_LIB.3
+*** secure/lib/libcrypto/man/ERR_GET_LIB.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ERR_GET_LIB.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:35 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:14 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_GET_LIB 3"
+! .TH ERR_GET_LIB 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_GET_LIB 3"
+! .TH ERR_GET_LIB 3 "0.9.6i" "2000-01-31" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1ERR_GET_LIB\s0, \s-1ERR_GET_FUNC\s0, \s-1ERR_GET_REASON\s0 \- get library, function and
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_clear_error.3 ../RELENG_5_0/secure/lib/libcrypto/man/ERR_clear_error.3
+*** secure/lib/libcrypto/man/ERR_clear_error.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ERR_clear_error.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:35 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:15 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_clear_error 3"
+! .TH ERR_clear_error 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_clear_error \- clear the error queue
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_clear_error 3"
+! .TH ERR_clear_error 3 "0.9.6i" "2000-01-31" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_clear_error \- clear the error queue
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_error_string.3 ../RELENG_5_0/secure/lib/libcrypto/man/ERR_error_string.3
+*** secure/lib/libcrypto/man/ERR_error_string.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ERR_error_string.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:36 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:15 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_error_string 3"
+! .TH ERR_error_string 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_error_string 3"
+! .TH ERR_error_string 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_error_string, ERR_error_string_n, ERR_lib_error_string,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_get_error.3 ../RELENG_5_0/secure/lib/libcrypto/man/ERR_get_error.3
+*** secure/lib/libcrypto/man/ERR_get_error.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ERR_get_error.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:36 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:15 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_get_error 3"
+! .TH ERR_get_error 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_get_error, ERR_peek_error, ERR_get_error_line, ERR_peek_error_line,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_get_error 3"
+! .TH ERR_get_error 3 "0.9.6i" "2000-09-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_get_error, ERR_peek_error, ERR_get_error_line, ERR_peek_error_line,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_load_crypto_strings.3 ../RELENG_5_0/secure/lib/libcrypto/man/ERR_load_crypto_strings.3
+*** secure/lib/libcrypto/man/ERR_load_crypto_strings.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ERR_load_crypto_strings.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:37 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:15 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_crypto_strings 3"
+! .TH ERR_load_crypto_strings 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_crypto_strings 3"
+! .TH ERR_load_crypto_strings 3 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_crypto_strings, SSL_load_error_strings, ERR_free_strings \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_load_strings.3 ../RELENG_5_0/secure/lib/libcrypto/man/ERR_load_strings.3
+*** secure/lib/libcrypto/man/ERR_load_strings.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ERR_load_strings.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:38 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:15 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_strings 3"
+! .TH ERR_load_strings 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_load_strings 3"
+! .TH ERR_load_strings 3 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_load_strings, \s-1ERR_PACK\s0, ERR_get_next_error_library \- load
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_print_errors.3 ../RELENG_5_0/secure/lib/libcrypto/man/ERR_print_errors.3
+*** secure/lib/libcrypto/man/ERR_print_errors.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ERR_print_errors.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:38 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:16 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_print_errors 3"
+! .TH ERR_print_errors 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_print_errors, ERR_print_errors_fp \- print error messages
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_print_errors 3"
+! .TH ERR_print_errors 3 "0.9.6i" "2000-01-31" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_print_errors, ERR_print_errors_fp \- print error messages
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_put_error.3 ../RELENG_5_0/secure/lib/libcrypto/man/ERR_put_error.3
+*** secure/lib/libcrypto/man/ERR_put_error.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ERR_put_error.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:39 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:16 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_put_error 3"
+! .TH ERR_put_error 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_put_error, ERR_add_error_data \- record an error
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_put_error 3"
+! .TH ERR_put_error 3 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_put_error, ERR_add_error_data \- record an error
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ERR_remove_state.3 ../RELENG_5_0/secure/lib/libcrypto/man/ERR_remove_state.3
+*** secure/lib/libcrypto/man/ERR_remove_state.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ERR_remove_state.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:39 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:16 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_remove_state 3"
+! .TH ERR_remove_state 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_remove_state \- free a thread's error queue
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ERR_remove_state 3"
+! .TH ERR_remove_state 3 "0.9.6i" "2000-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ERR_remove_state \- free a thread's error queue
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_DigestInit.3 ../RELENG_5_0/secure/lib/libcrypto/man/EVP_DigestInit.3
+*** secure/lib/libcrypto/man/EVP_DigestInit.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/EVP_DigestInit.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:40 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:16 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_DigestInit 3"
+! .TH EVP_DigestInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, \s-1EVP_MAX_MD_SIZE\s0,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_DigestInit 3"
+! .TH EVP_DigestInit 3 "0.9.6i" "2002-07-10" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal, \s-1EVP_MAX_MD_SIZE\s0,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_EncryptInit.3 ../RELENG_5_0/secure/lib/libcrypto/man/EVP_EncryptInit.3
+*** secure/lib/libcrypto/man/EVP_EncryptInit.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/EVP_EncryptInit.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:41 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:16 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_EncryptInit 3"
+! .TH EVP_EncryptInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_DecryptInit,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_EncryptInit 3"
+! .TH EVP_EncryptInit 3 "0.9.6i" "2002-05-08" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal, EVP_DecryptInit,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_OpenInit.3 ../RELENG_5_0/secure/lib/libcrypto/man/EVP_OpenInit.3
+*** secure/lib/libcrypto/man/EVP_OpenInit.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/EVP_OpenInit.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:41 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:17 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_OpenInit 3"
+! .TH EVP_OpenInit 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_OpenInit 3"
+! .TH EVP_OpenInit 3 "0.9.6i" "2000-09-23" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal \- \s-1EVP\s0 envelope decryption
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_SealInit.3 ../RELENG_5_0/secure/lib/libcrypto/man/EVP_SealInit.3
+*** secure/lib/libcrypto/man/EVP_SealInit.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/EVP_SealInit.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:42 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:17 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SealInit 3"
+! .TH EVP_SealInit 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SealInit 3"
+! .TH EVP_SealInit 3 "0.9.6i" "2002-08-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SealInit, EVP_SealUpdate, EVP_SealFinal \- \s-1EVP\s0 envelope encryption
+***************
+*** 152,158 ****
+  \&                int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+  \& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+  \&         int *outl, unsigned char *in, int inl);
+! \& int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+  \&         int *outl);
+  .Ve
+  .SH "DESCRIPTION"
+--- 152,158 ----
+  \&                int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk);
+  \& int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,
+  \&         int *outl, unsigned char *in, int inl);
+! \& void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out,
+  \&         int *outl);
+  .Ve
+  .SH "DESCRIPTION"
+***************
+*** 182,189 ****
+  .IX Header "RETURN VALUES"
+  \&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful.
+  .PP
+! \&\fIEVP_SealUpdate()\fR and \fIEVP_SealFinal()\fR return 1 for success and 0 for
+! failure.
+  .SH "NOTES"
+  .IX Header "NOTES"
+  Because a random secret key is generated the random number generator
+--- 182,188 ----
+  .IX Header "RETURN VALUES"
+  \&\fIEVP_SealInit()\fR returns 0 on error or \fBnpubk\fR if successful.
+  .PP
+! \&\fIEVP_SealUpdate()\fR returns 1 for success and 0 for failure.
+  .SH "NOTES"
+  .IX Header "NOTES"
+  Because a random secret key is generated the random number generator
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_SignInit.3 ../RELENG_5_0/secure/lib/libcrypto/man/EVP_SignInit.3
+*** secure/lib/libcrypto/man/EVP_SignInit.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/EVP_SignInit.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:43 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:17 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SignInit 3"
+! .TH EVP_SignInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_SignInit 3"
+! .TH EVP_SignInit 3 "0.9.6i" "2002-07-10" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_SignInit, EVP_SignUpdate, EVP_SignFinal \- \s-1EVP\s0 signing functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/EVP_VerifyInit.3 ../RELENG_5_0/secure/lib/libcrypto/man/EVP_VerifyInit.3
+*** secure/lib/libcrypto/man/EVP_VerifyInit.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/EVP_VerifyInit.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:43 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:17 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_VerifyInit 3"
+! .TH EVP_VerifyInit 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "EVP_VerifyInit 3"
+! .TH EVP_VerifyInit 3 "0.9.6i" "2002-07-10" "OpenSSL"
+  .UC
+  .SH "NAME"
+  EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal \- \s-1EVP\s0 signature verification functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3 ../RELENG_5_0/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3
+*** secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/OPENSSL_VERSION_NUMBER.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:44 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:18 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL_VERSION_NUMBER 3"
+! .TH OPENSSL_VERSION_NUMBER 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL_VERSION_NUMBER 3"
+! .TH OPENSSL_VERSION_NUMBER 3 "0.9.6i" "2002-01-04" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1OPENSSL_VERSION_NUMBER\s0, SSLeay, SSLeay_version \- get OpenSSL version number
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3 ../RELENG_5_0/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3
+*** secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/OpenSSL_add_all_algorithms.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:44 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:18 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OpenSSL_add_all_algorithms 3"
+! .TH OpenSSL_add_all_algorithms 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OpenSSL_add_all_algorithms 3"
+! .TH OpenSSL_add_all_algorithms 3 "0.9.6i" "2000-09-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_add.3 ../RELENG_5_0/secure/lib/libcrypto/man/RAND_add.3
+*** secure/lib/libcrypto/man/RAND_add.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RAND_add.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:45 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:18 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_add 3"
+! .TH RAND_add 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_add 3"
+! .TH RAND_add 3 "0.9.6i" "2000-03-22" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen \- add
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_bytes.3 ../RELENG_5_0/secure/lib/libcrypto/man/RAND_bytes.3
+*** secure/lib/libcrypto/man/RAND_bytes.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RAND_bytes.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:46 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:18 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_bytes 3"
+! .TH RAND_bytes 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_bytes, RAND_pseudo_bytes \- generate random data
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_bytes 3"
+! .TH RAND_bytes 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_bytes, RAND_pseudo_bytes \- generate random data
+***************
+*** 174,180 ****
+  method.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! rand(3), err(3), RAND_add(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL.  It
+--- 174,181 ----
+  method.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! rand(3), ERR_get_error(3),
+! RAND_add(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIRAND_bytes()\fR is available in all versions of SSLeay and OpenSSL.  It
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_cleanup.3 ../RELENG_5_0/secure/lib/libcrypto/man/RAND_cleanup.3
+*** secure/lib/libcrypto/man/RAND_cleanup.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RAND_cleanup.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:46 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:18 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_cleanup 3"
+! .TH RAND_cleanup 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_cleanup \- erase the \s-1PRNG\s0 state
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_cleanup 3"
+! .TH RAND_cleanup 3 "0.9.6i" "2000-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_cleanup \- erase the \s-1PRNG\s0 state
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_egd.3 ../RELENG_5_0/secure/lib/libcrypto/man/RAND_egd.3
+*** secure/lib/libcrypto/man/RAND_egd.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RAND_egd.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:47 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_egd 3"
+! .TH RAND_egd 3 "0.9.6e" "2001-02-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_egd \- query entropy gathering daemon
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_egd 3"
+! .TH RAND_egd 3 "0.9.6i" "2001-02-08" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_egd \- query entropy gathering daemon
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_load_file.3 ../RELENG_5_0/secure/lib/libcrypto/man/RAND_load_file.3
+*** secure/lib/libcrypto/man/RAND_load_file.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RAND_load_file.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:47 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_load_file 3"
+! .TH RAND_load_file 3 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_load_file 3"
+! .TH RAND_load_file 3 "0.9.6i" "2001-03-21" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_load_file, RAND_write_file, RAND_file_name \- \s-1PRNG\s0 seed file
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RAND_set_rand_method.3 ../RELENG_5_0/secure/lib/libcrypto/man/RAND_set_rand_method.3
+*** secure/lib/libcrypto/man/RAND_set_rand_method.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RAND_set_rand_method.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:48 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_set_rand_method 3"
+! .TH RAND_set_rand_method 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND_set_rand_method 3"
+! .TH RAND_set_rand_method 3 "0.9.6i" "2000-03-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RAND_set_rand_method, RAND_get_rand_method, RAND_SSLeay \- select \s-1RAND\s0 method
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_blinding_on.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_blinding_on.3
+*** secure/lib/libcrypto/man/RSA_blinding_on.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_blinding_on.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:49 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_blinding_on 3"
+! .TH RSA_blinding_on 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_blinding_on 3"
+! .TH RSA_blinding_on 3 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_blinding_on, RSA_blinding_off \- protect the \s-1RSA\s0 operation from timing attacks
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_check_key.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_check_key.3
+*** secure/lib/libcrypto/man/RSA_check_key.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_check_key.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:49 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:19 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_check_key 3"
+! .TH RSA_check_key 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_check_key \- validate private \s-1RSA\s0 keys
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_check_key 3"
+! .TH RSA_check_key 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_check_key \- validate private \s-1RSA\s0 keys
+***************
+*** 176,182 ****
+  key data too.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! rsa(3), err(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIRSA_check()\fR appeared in OpenSSL 0.9.4.
+--- 176,182 ----
+  key data too.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! rsa(3), ERR_get_error(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  \&\fIRSA_check()\fR appeared in OpenSSL 0.9.4.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_generate_key.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_generate_key.3
+*** secure/lib/libcrypto/man/RSA_generate_key.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_generate_key.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:50 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:20 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_generate_key 3"
+! .TH RSA_generate_key 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_generate_key \- generate \s-1RSA\s0 key pair
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_generate_key 3"
+! .TH RSA_generate_key 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_generate_key \- generate \s-1RSA\s0 key pair
+***************
+*** 186,192 ****
+  \&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! err(3), rand(3), rsa(3), RSA_free(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  The \fBcb_arg\fR argument was added in SSLeay 0.9.0.
+--- 186,193 ----
+  \&\fIRSA_generate_key()\fR goes into an infinite loop for illegal input values.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! ERR_get_error(3), rand(3), rsa(3),
+! RSA_free(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  The \fBcb_arg\fR argument was added in SSLeay 0.9.0.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_get_ex_new_index.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_get_ex_new_index.3
+*** secure/lib/libcrypto/man/RSA_get_ex_new_index.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_get_ex_new_index.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:50 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:20 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_get_ex_new_index 3"
+! .TH RSA_get_ex_new_index 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_get_ex_new_index 3"
+! .TH RSA_get_ex_new_index 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data \- add application specific data to \s-1RSA\s0 structures
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_new.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_new.3
+*** secure/lib/libcrypto/man/RSA_new.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_new.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:51 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:20 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_new 3"
+! .TH RSA_new 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_new 3"
+! .TH RSA_new 3 "0.9.6i" "2000-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_new, RSA_free \- allocate and free \s-1RSA\s0 objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3
+*** secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_padding_add_PKCS1_type_1.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:52 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:20 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_padding_add_PKCS1_type_1 3"
+! .TH RSA_padding_add_PKCS1_type_1 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_padding_add_PKCS1_type_1 3"
+! .TH RSA_padding_add_PKCS1_type_1 3 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_padding_add_PKCS1_type_1, RSA_padding_check_PKCS1_type_1,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_print.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_print.3
+*** secure/lib/libcrypto/man/RSA_print.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_print.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:52 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:20 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,149 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_print 3"
+! .TH RSA_print 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+! RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print,
+! DSA_print_fp, DHparams_print, DHparams_print_fp \- print cryptographic
+! parameters
+  .SH "SYNOPSIS"
+  .IX Header "SYNOPSIS"
+  .Vb 1
+--- 138,149 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_print 3"
+! .TH RSA_print 3 "0.9.6i" "2002-11-29" "OpenSSL"
+  .UC
+  .SH "NAME"
+! RSA_print, RSA_print_fp,
+! DSAparams_print, DSAparams_print_fp, DSA_print, DSA_print_fp,
+! DHparams_print, DHparams_print_fp \- print cryptographic parameters
+  .SH "SYNOPSIS"
+  .IX Header "SYNOPSIS"
+  .Vb 1
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_private_encrypt.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_private_encrypt.3
+*** secure/lib/libcrypto/man/RSA_private_encrypt.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_private_encrypt.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:53 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_private_encrypt 3"
+! .TH RSA_private_encrypt 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_private_encrypt, RSA_public_decrypt \- low level signature operations
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_private_encrypt 3"
+! .TH RSA_private_encrypt 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_private_encrypt, RSA_public_decrypt \- low level signature operations
+***************
+*** 192,198 ****
+  obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! err(3), rsa(3), RSA_sign(3), RSA_verify(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is
+--- 192,199 ----
+  obtained by ERR_get_error(3).
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! ERR_get_error(3), rsa(3),
+! RSA_sign(3), RSA_verify(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+  The \fBpadding\fR argument was added in SSLeay 0.8. \s-1RSA_NO_PADDING\s0 is
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_public_encrypt.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_public_encrypt.3
+*** secure/lib/libcrypto/man/RSA_public_encrypt.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_public_encrypt.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:54 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_public_encrypt 3"
+! .TH RSA_public_encrypt 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_public_encrypt 3"
+! .TH RSA_public_encrypt 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_public_encrypt, RSA_private_decrypt \- \s-1RSA\s0 public key cryptography
+***************
+*** 202,208 ****
+  \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! err(3), rand(3), rsa(3), RSA_size(3)
+  .SH "NOTES"
+  .IX Header "NOTES"
+  The RSA_PKCS1_RSAref(3) method supports only the \s-1RSA_PKCS1_PADDING\s0 mode.
+--- 202,209 ----
+  \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! ERR_get_error(3), rand(3), rsa(3),
+! RSA_size(3)
+  .SH "NOTES"
+  .IX Header "NOTES"
+  The RSA_PKCS1_RSAref(3) method supports only the \s-1RSA_PKCS1_PADDING\s0 mode.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_set_method.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_set_method.3
+*** secure/lib/libcrypto/man/RSA_set_method.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_set_method.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:54 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_set_method 3"
+! .TH RSA_set_method 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_set_method 3"
+! .TH RSA_set_method 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_set_default_method, RSA_get_default_method, RSA_set_method,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_sign.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_sign.3
+*** secure/lib/libcrypto/man/RSA_sign.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_sign.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:55 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign 3"
+! .TH RSA_sign 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign, RSA_verify \- \s-1RSA\s0 signatures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign 3"
+! .TH RSA_sign 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign, RSA_verify \- \s-1RSA\s0 signatures
+***************
+*** 187,194 ****
+  \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! err(3), objects(3), rsa(3),
+! RSA_private_encrypt(3),
+  RSA_public_decrypt(3) 
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+--- 187,194 ----
+  \&\s-1SSL\s0, \s-1PKCS\s0 #1 v2.0
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! ERR_get_error(3), objects(3),
+! rsa(3), RSA_private_encrypt(3),
+  RSA_public_decrypt(3) 
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3
+*** secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_sign_ASN1_OCTET_STRING.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:55 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:21 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign_ASN1_OCTET_STRING 3"
+! .TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_sign_ASN1_OCTET_STRING 3"
+! .TH RSA_sign_ASN1_OCTET_STRING 3 "0.9.6i" "2002-09-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_sign_ASN1_OCTET_STRING, RSA_verify_ASN1_OCTET_STRING \- \s-1RSA\s0 signatures
+***************
+*** 185,192 ****
+  These functions serve no recognizable purpose.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! err(3), objects(3), rand(3),
+! rsa(3), RSA_sign(3),
+  RSA_verify(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+--- 185,192 ----
+  These functions serve no recognizable purpose.
+  .SH "SEE ALSO"
+  .IX Header "SEE ALSO"
+! ERR_get_error(3), objects(3),
+! rand(3), rsa(3), RSA_sign(3),
+  RSA_verify(3)
+  .SH "HISTORY"
+  .IX Header "HISTORY"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/RSA_size.3 ../RELENG_5_0/secure/lib/libcrypto/man/RSA_size.3
+*** secure/lib/libcrypto/man/RSA_size.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/RSA_size.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:56 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_size 3"
+! .TH RSA_size 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_size \- get \s-1RSA\s0 modulus size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA_size 3"
+! .TH RSA_size 3 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RSA_size \- get \s-1RSA\s0 modulus size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CIPHER_get_name.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3
+*** secure/lib/libcrypto/man/SSL_CIPHER_get_name.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CIPHER_get_name.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:12 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CIPHER_get_name 3"
+! .TH SSL_CIPHER_get_name 3 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CIPHER_get_name 3"
+! .TH SSL_CIPHER_get_name 3 "0.9.6i" "2001-02-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CIPHER_get_name, SSL_CIPHER_get_bits, SSL_CIPHER_get_version, SSL_CIPHER_description \- get \s-1SSL_CIPHER\s0 properties
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3
+*** secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_COMP_add_compression_method.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:13 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_COMP_add_compression_method 3"
+! .TH SSL_COMP_add_compression_method 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_COMP_add_compression_method 3"
+! .TH SSL_COMP_add_compression_method 3 "0.9.6i" "2001-08-23" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_COMP_add_compression_method \- handle \s-1SSL/TLS\s0 integrated compression methods
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3
+*** secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_add_extra_chain_cert.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:14 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_extra_chain_cert 3"
+! .TH SSL_CTX_add_extra_chain_cert 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_extra_chain_cert \- add certificate to chain
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_extra_chain_cert 3"
+! .TH SSL_CTX_add_extra_chain_cert 3 "0.9.6i" "2002-02-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_extra_chain_cert \- add certificate to chain
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_add_session.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_add_session.3
+*** secure/lib/libcrypto/man/SSL_CTX_add_session.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_add_session.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:14 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_session 3"
+! .TH SSL_CTX_add_session 3 "0.9.6e" "2001-02-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_add_session 3"
+! .TH SSL_CTX_add_session 3 "0.9.6i" "2002-10-29" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_add_session, SSL_add_session, SSL_CTX_remove_session, SSL_remove_session \- manipulate session cache
+***************
+*** 176,181 ****
+--- 176,189 ----
+  removed and replaced by the new session. If the session is actually
+  identical (the \s-1SSL_SESSION\s0 object is identical), \fISSL_CTX_add_session()\fR
+  is a no-op, and the return value is 0.
++ .PP
++ If a server \s-1SSL_CTX\s0 is configured with the \s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0
++ flag then the internal cache will not be populated automatically by new
++ sessions negotiated by the \s-1SSL/TLS\s0 implementation, even though the internal
++ cache will be searched automatically for session-resume requests (the
++ latter can be surpressed by \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0). So the
++ application can use \fISSL_CTX_add_session()\fR directly to have full control
++ over the sessions that can be resumed if desired.
+  .SH "RETURN VALUES"
+  .IX Header "RETURN VALUES"
+  The following values are returned by all functions:
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_ctrl.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_ctrl.3
+*** secure/lib/libcrypto/man/SSL_CTX_ctrl.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_ctrl.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:15 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_ctrl 3"
+! .TH SSL_CTX_ctrl 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_ctrl 3"
+! .TH SSL_CTX_ctrl 3 "0.9.6i" "2001-09-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_ctrl, SSL_CTX_callback_ctrl, SSL_ctrl, SSL_callback_ctrl \- internal handling functions for \s-1SSL_CTX\s0 and \s-1SSL\s0 objects
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3
+*** secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_flush_sessions.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:15 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_flush_sessions 3"
+! .TH SSL_CTX_flush_sessions 3 "0.9.6e" "2001-02-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_flush_sessions 3"
+! .TH SSL_CTX_flush_sessions 3 "0.9.6i" "2001-02-04" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_flush_sessions, SSL_flush_sessions \- remove expired sessions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_free.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_free.3
+*** secure/lib/libcrypto/man/SSL_CTX_free.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_free.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:16 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_free 3"
+! .TH SSL_CTX_free 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_free 3"
+! .TH SSL_CTX_free 3 "0.9.6i" "2001-09-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_free \- free an allocated \s-1SSL_CTX\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3
+*** secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_get_ex_new_index.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:17 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:28 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_ex_new_index 3"
+! .TH SSL_CTX_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_ex_new_index 3"
+! .TH SSL_CTX_get_ex_new_index 3 "0.9.6i" "2001-05-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_ex_new_index, SSL_CTX_set_ex_data, SSL_CTX_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3
+*** secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_get_verify_mode.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:17 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_verify_mode 3"
+! .TH SSL_CTX_get_verify_mode 3 "0.9.6e" "2001-02-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_get_verify_mode 3"
+! .TH SSL_CTX_get_verify_mode 3 "0.9.6i" "2001-01-28" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_get_verify_mode, SSL_get_verify_mode, SSL_CTX_get_verify_depth, SSL_get_verify_depth, SSL_get_verify_callback, SSL_CTX_get_verify_callback \- get currently set verification parameters
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3
+*** secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_load_verify_locations.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:18 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_load_verify_locations 3"
+! .TH SSL_CTX_load_verify_locations 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_load_verify_locations 3"
+! .TH SSL_CTX_load_verify_locations 3 "0.9.6i" "2001-09-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_load_verify_locations \- set default locations for trusted \s-1CA\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_new.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_new.3
+*** secure/lib/libcrypto/man/SSL_CTX_new.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_new.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:18 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_new 3"
+! .TH SSL_CTX_new 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_new 3"
+! .TH SSL_CTX_new 3 "0.9.6i" "2001-07-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_new \- create a new \s-1SSL_CTX\s0 object as framework for \s-1TLS/SSL\s0 enabled functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_sess_number.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_sess_number.3
+*** secure/lib/libcrypto/man/SSL_CTX_sess_number.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_sess_number.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:19 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_number 3"
+! .TH SSL_CTX_sess_number 3 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_number 3"
+! .TH SSL_CTX_sess_number 3 "0.9.6i" "2001-02-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_number, SSL_CTX_sess_connect, SSL_CTX_sess_connect_good, SSL_CTX_sess_connect_renegotiate, SSL_CTX_sess_accept, SSL_CTX_sess_accept_good, SSL_CTX_sess_accept_renegotiate, SSL_CTX_sess_hits, SSL_CTX_sess_cb_hits, SSL_CTX_sess_misses, SSL_CTX_sess_timeouts, SSL_CTX_sess_cache_full \- obtain session cache statistics
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3
+*** secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_sess_set_cache_size.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:20 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:29 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_cache_size 3"
+! .TH SSL_CTX_sess_set_cache_size 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_cache_size 3"
+! .TH SSL_CTX_sess_set_cache_size 3 "0.9.6i" "2002-07-10" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_cache_size, SSL_CTX_sess_get_cache_size \- manipulate session cache size
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3
+*** secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_sess_set_get_cb.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:20 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_get_cb 3"
+! .TH SSL_CTX_sess_set_get_cb 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sess_set_get_cb 3"
+! .TH SSL_CTX_sess_set_get_cb 3 "0.9.6i" "2002-07-10" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sess_set_new_cb, SSL_CTX_sess_set_remove_cb, SSL_CTX_sess_set_get_cb, SSL_CTX_sess_get_new_cb, SSL_CTX_sess_get_remove_cb, SSL_CTX_sess_get_get_cb \- provide callback functions for server side external session caching
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_sessions.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_sessions.3
+*** secure/lib/libcrypto/man/SSL_CTX_sessions.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_sessions.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:21 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sessions 3"
+! .TH SSL_CTX_sessions 3 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sessions \- access internal session cache
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_sessions 3"
+! .TH SSL_CTX_sessions 3 "0.9.6i" "2001-02-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_sessions \- access internal session cache
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_cert_store.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:21 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_store 3"
+! .TH SSL_CTX_set_cert_store 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_store 3"
+! .TH SSL_CTX_set_cert_store 3 "0.9.6i" "2002-06-04" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_store, SSL_CTX_get_cert_store \- manipulate X509 certificate verification storage
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_cert_verify_callback.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:22 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_verify_callback 3"
+! .TH SSL_CTX_set_cert_verify_callback 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cert_verify_callback 3"
+! .TH SSL_CTX_set_cert_verify_callback 3 "0.9.6i" "2001-08-23" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cert_verify_callback \- set peer certificate verification procedure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_cipher_list.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:23 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:30 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cipher_list 3"
+! .TH SSL_CTX_set_cipher_list 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_cipher_list 3"
+! .TH SSL_CTX_set_cipher_list 3 "0.9.6i" "2001-07-23" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_cipher_list, SSL_set_cipher_list \- choose list of available SSL_CIPHERs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_client_CA_list.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:23 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_CA_list 3"
+! .TH SSL_CTX_set_client_CA_list 3 "0.9.6e" "2001-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_CA_list 3"
+! .TH SSL_CTX_set_client_CA_list 3 "0.9.6i" "2001-04-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_CA_list, SSL_set_client_CA_list, SSL_CTX_add_client_CA,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_client_cert_cb.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:24 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_cert_cb 3"
+! .TH SSL_CTX_set_client_cert_cb 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_client_cert_cb 3"
+! .TH SSL_CTX_set_client_cert_cb 3 "0.9.6i" "2002-06-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_client_cert_cb, SSL_CTX_get_client_cert_cb \- handle client certificate callback function
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_default_passwd_cb.3	Thu Feb 20 12:14:23 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:24 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_default_passwd_cb 3"
+! .TH SSL_CTX_set_default_passwd_cb 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_default_passwd_cb 3"
+! .TH SSL_CTX_set_default_passwd_cb 3 "0.9.6i" "2001-07-11" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_default_passwd_cb, SSL_CTX_set_default_passwd_cb_userdata \- set passwd callback for encrypted \s-1PEM\s0 file handling
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_info_callback.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:25 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:31 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_info_callback 3"
+! .TH SSL_CTX_set_info_callback 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_info_callback 3"
+! .TH SSL_CTX_set_info_callback 3 "0.9.6i" "2001-11-09" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_info_callback, SSL_CTX_get_info_callback, SSL_set_info_callback, SSL_get_info_callback \- handle information callback for \s-1SSL\s0 connections
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_mode.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_mode.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_mode.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_mode.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:26 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_mode 3"
+! .TH SSL_CTX_set_mode 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_mode 3"
+! .TH SSL_CTX_set_mode 3 "0.9.6i" "2001-07-11" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_mode, SSL_set_mode, SSL_CTX_get_mode, SSL_get_mode \- manipulate \s-1SSL\s0 engine mode
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_options.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_options.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_options.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_options.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:26 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_options 3"
+! .TH SSL_CTX_set_options 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_options 3"
+! .TH SSL_CTX_set_options 3 "0.9.6i" "2002-07-10" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options \- manipulate \s-1SSL\s0 engine options
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_quiet_shutdown.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:27 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_quiet_shutdown 3"
+! .TH SSL_CTX_set_quiet_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_quiet_shutdown 3"
+! .TH SSL_CTX_set_quiet_shutdown 3 "0.9.6i" "2001-08-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_quiet_shutdown, SSL_CTX_get_quiet_shutdown, SSL_set_quiet_shutdown, SSL_get_quiet_shutdown \- manipulate shutdown behaviour
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_session_cache_mode.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:28 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_cache_mode 3"
+! .TH SSL_CTX_set_session_cache_mode 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_cache_mode 3"
+! .TH SSL_CTX_set_session_cache_mode 3 "0.9.6i" "2002-10-29" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_cache_mode, SSL_CTX_get_session_cache_mode \- enable/disable session caching
+***************
+*** 165,176 ****
+  object.
+  .PP
+  In order to reuse a session, a client must send the session's id to the
+! server. It can only send exactly one id.  The server then decides whether it
+! agrees in reusing the session or starts the handshake for a new session.
+  .PP
+! A server will lookup up the session in its internal session storage. If
+! the session is not found in internal storage or internal storage is
+! deactivated, the server will try the external storage if available.
+  .PP
+  Since a client may try to reuse a session intended for use in a different
+  context, the session id context must be set by the server (see
+--- 165,178 ----
+  object.
+  .PP
+  In order to reuse a session, a client must send the session's id to the
+! server. It can only send exactly one id.  The server then either 
+! agrees to reuse the session or it starts a full handshake (to create a new
+! session).
+  .PP
+! A server will lookup up the session in its internal session storage. If the
+! session is not found in internal storage or lookups for the internal storage
+! have been deactivated (\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0), the server will try
+! the external storage if available.
+  .PP
+  Since a client may try to reuse a session intended for use in a different
+  context, the session id context must be set by the server (see
+***************
+*** 191,199 ****
+  .Ip "\s-1SSL_SESS_CACHE_SERVER\s0" 4
+  .IX Item "SSL_SESS_CACHE_SERVER"
+  Server sessions are added to the session cache. When a client proposes a
+! session to be reused, the session is looked up in the internal session cache.
+! If the session is found, the server will try to reuse the session.
+! This is the default.
+  .Ip "\s-1SSL_SESS_CACHE_BOTH\s0" 4
+  .IX Item "SSL_SESS_CACHE_BOTH"
+  Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time.
+--- 193,202 ----
+  .Ip "\s-1SSL_SESS_CACHE_SERVER\s0" 4
+  .IX Item "SSL_SESS_CACHE_SERVER"
+  Server sessions are added to the session cache. When a client proposes a
+! session to be reused, the server looks for the corresponding session in (first)
+! the internal session cache (unless \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 is set),
+! then (second) in the external cache if available. If the session is found, the
+! server will try to reuse the session.  This is the default.
+  .Ip "\s-1SSL_SESS_CACHE_BOTH\s0" 4
+  .IX Item "SSL_SESS_CACHE_BOTH"
+  Enable both \s-1SSL_SESS_CACHE_CLIENT\s0 and \s-1SSL_SESS_CACHE_SERVER\s0 at the same time.
+***************
+*** 208,218 ****
+  explicitly by the application.
+  .Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4
+  .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP"
+! By setting this flag sessions are cached in the internal storage but
+! they are not looked up automatically. If an external session cache
+! is enabled, sessions are looked up in the external cache. As automatic
+! lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on
+  clients.
+  .PP
+  The default mode is \s-1SSL_SESS_CACHE_SERVER\s0.
+  .SH "RETURN VALUES"
+--- 211,238 ----
+  explicitly by the application.
+  .Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0" 4
+  .IX Item "SSL_SESS_CACHE_NO_INTERNAL_LOOKUP"
+! By setting this flag, session-resume operations in an \s-1SSL/TLS\s0 server will not
+! automatically look up sessions in the internal cache, even if sessions are
+! automatically stored there. If external session caching callbacks are in use,
+! this flag guarantees that all lookups are directed to the external cache.
+! As automatic lookup only applies for \s-1SSL/TLS\s0 servers, the flag has no effect on
+  clients.
++ .Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0" 4
++ .IX Item "SSL_SESS_CACHE_NO_INTERNAL_STORE"
++ Depending on the presence of \s-1SSL_SESS_CACHE_CLIENT\s0 and/or \s-1SSL_SESS_CACHE_SERVER\s0,
++ sessions negotiated in an \s-1SSL/TLS\s0 handshake may be cached for possible reuse.
++ Normally a new session is added to the internal cache as well as any external
++ session caching (callback) that is configured for the \s-1SSL_CTX\s0. This flag will
++ prevent sessions being stored in the internal cache (though the application can
++ add them manually using SSL_CTX_add_session(3)). Note:
++ in any \s-1SSL/TLS\s0 servers where external caching is configured, any successful
++ session lookups in the external cache (ie. for session-resume requests) would
++ normally be copied into the local cache before processing continues \- this flag
++ prevents these additions to the internal cache as well.
++ .Ip "\s-1SSL_SESS_CACHE_NO_INTERNAL\s0" 4
++ .IX Item "SSL_SESS_CACHE_NO_INTERNAL"
++ Enable both \s-1SSL_SESS_CACHE_NO_INTERNAL_LOOKUP\s0 and
++ \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 at the same time.
+  .PP
+  The default mode is \s-1SSL_SESS_CACHE_SERVER\s0.
+  .SH "RETURN VALUES"
+***************
+*** 224,232 ****
+--- 244,257 ----
+  .IX Header "SEE ALSO"
+  ssl(3), SSL_set_session(3),
+  SSL_session_reused(3),
++ SSL_CTX_add_session(3),
+  SSL_CTX_sess_number(3),
+  SSL_CTX_sess_set_cache_size(3),
+  SSL_CTX_sess_set_get_cb(3),
+  SSL_CTX_set_session_id_context(3),
+  SSL_CTX_set_timeout(3),
+  SSL_CTX_flush_sessions(3)
++ .SH "HISTORY"
++ .IX Header "HISTORY"
++ \&\s-1SSL_SESS_CACHE_NO_INTERNAL_STORE\s0 and \s-1SSL_SESS_CACHE_NO_INTERNAL\s0
++ were introduced in OpenSSL 0.9.6h.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_session_id_context.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:28 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:32 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_id_context 3"
+! .TH SSL_CTX_set_session_id_context 3 "0.9.6e" "2001-02-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only)
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_session_id_context 3"
+! .TH SSL_CTX_set_session_id_context 3 "0.9.6i" "2001-01-31" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_session_id_context, SSL_set_session_id_context \- set context within which session can be reused (server side only)
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_ssl_version.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:29 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_ssl_version 3"
+! .TH SSL_CTX_set_ssl_version 3 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_ssl_version 3"
+! .TH SSL_CTX_set_ssl_version 3 "0.9.6i" "2001-03-08" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_ssl_version, SSL_set_ssl_method, SSL_get_ssl_method
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_timeout.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_timeout.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_timeout.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:29 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_timeout 3"
+! .TH SSL_CTX_set_timeout 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_timeout 3"
+! .TH SSL_CTX_set_timeout 3 "0.9.6i" "2001-08-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_timeout, SSL_CTX_get_timeout \- manipulate timeout values for session caching
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_tmp_dh_callback.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:30 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_dh_callback 3"
+! .TH SSL_CTX_set_tmp_dh_callback 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_dh_callback 3"
+! .TH SSL_CTX_set_tmp_dh_callback 3 "0.9.6i" "2001-09-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_dh_callback, SSL_CTX_set_tmp_dh, SSL_set_tmp_dh_callback, SSL_set_tmp_dh \- handle \s-1DH\s0 keys for ephemeral key exchange
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_tmp_rsa_callback.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:31 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_rsa_callback 3"
+! .TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_tmp_rsa_callback 3"
+! .TH SSL_CTX_set_tmp_rsa_callback 3 "0.9.6i" "2001-09-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_tmp_rsa_callback, SSL_CTX_set_tmp_rsa, SSL_CTX_need_tmp_rsa, SSL_set_tmp_rsa_callback, SSL_set_tmp_rsa, SSL_need_tmp_rsa \- handle \s-1RSA\s0 keys for ephemeral key exchange
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_set_verify.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_verify.3
+*** secure/lib/libcrypto/man/SSL_CTX_set_verify.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_set_verify.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:31 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:33 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_verify 3"
+! .TH SSL_CTX_set_verify 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_set_verify 3"
+! .TH SSL_CTX_set_verify 3 "0.9.6i" "2002-12-04" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_set_verify, SSL_set_verify, SSL_CTX_set_verify_depth, SSL_set_verify_depth \- set peer certificate verification parameters
+***************
+*** 370,376 ****
+  \&     * At this point, err contains the last verification error. We can use
+  \&     * it for something special
+  \&     */
+! \&    if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)
+  \&    {
+  \&      X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+  \&      printf("issuer= %s\en", buf);
+--- 370,376 ----
+  \&     * At this point, err contains the last verification error. We can use
+  \&     * it for something special
+  \&     */
+! \&    if (!preverify_ok && (err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT))
+  \&    {
+  \&      X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), buf, 256);
+  \&      printf("issuer= %s\en", buf);
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_CTX_use_certificate.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3
+*** secure/lib/libcrypto/man/SSL_CTX_use_certificate.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_CTX_use_certificate.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:32 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_use_certificate 3"
+! .TH SSL_CTX_use_certificate 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_CTX_use_certificate 3"
+! .TH SSL_CTX_use_certificate 3 "0.9.6i" "2002-02-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_CTX_use_certificate, SSL_CTX_use_certificate_ASN1, SSL_CTX_use_certificate_file, SSL_use_certificate, SSL_use_certificate_ASN1, SSL_use_certificate_file, SSL_CTX_use_certificate_chain_file, SSL_CTX_use_PrivateKey, SSL_CTX_use_PrivateKey_ASN1, SSL_CTX_use_PrivateKey_file, SSL_CTX_use_RSAPrivateKey, SSL_CTX_use_RSAPrivateKey_ASN1, SSL_CTX_use_RSAPrivateKey_file, SSL_use_PrivateKey_file, SSL_use_PrivateKey_ASN1, SSL_use_PrivateKey, SSL_use_RSAPrivateKey, SSL_use_RSAPrivateKey_ASN1, SSL_use_RSAPrivateKey_file, SSL_CTX_check_private_key, SSL_check_private_key \- load certificate and key data
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_SESSION_free.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_SESSION_free.3
+*** secure/lib/libcrypto/man/SSL_SESSION_free.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_SESSION_free.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:33 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_free 3"
+! .TH SSL_SESSION_free 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_free 3"
+! .TH SSL_SESSION_free 3 "0.9.6i" "2001-10-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_free \- free an allocated \s-1SSL_SESSION\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3
+*** secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_SESSION_get_ex_new_index.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:33 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_ex_new_index 3"
+! .TH SSL_SESSION_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_ex_new_index 3"
+! .TH SSL_SESSION_get_ex_new_index 3 "0.9.6i" "2001-05-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_ex_new_index, SSL_SESSION_set_ex_data, SSL_SESSION_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_SESSION_get_time.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_SESSION_get_time.3
+*** secure/lib/libcrypto/man/SSL_SESSION_get_time.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_SESSION_get_time.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:34 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:34 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_time 3"
+! .TH SSL_SESSION_get_time 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_SESSION_get_time 3"
+! .TH SSL_SESSION_get_time 3 "0.9.6i" "2001-08-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_SESSION_get_time, SSL_SESSION_set_time, SSL_SESSION_get_timeout, SSL_SESSION_get_timeout \- retrieve and manipulate session time and timeout settings
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_accept.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_accept.3
+*** secure/lib/libcrypto/man/SSL_accept.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_accept.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:34 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_accept 3"
+! .TH SSL_accept 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_accept 3"
+! .TH SSL_accept 3 "0.9.6i" "2002-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_accept \- wait for a \s-1TLS/SSL\s0 client to initiate a \s-1TLS/SSL\s0 handshake
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_alert_type_string.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_alert_type_string.3
+*** secure/lib/libcrypto/man/SSL_alert_type_string.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_alert_type_string.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:35 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_alert_type_string 3"
+! .TH SSL_alert_type_string 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_alert_type_string 3"
+! .TH SSL_alert_type_string 3 "0.9.6i" "2001-09-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_alert_type_string, SSL_alert_type_string_long, SSL_alert_desc_string, SSL_alert_desc_string_long \- get textual description of alert information
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_clear.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_clear.3
+*** secure/lib/libcrypto/man/SSL_clear.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_clear.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:36 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_clear 3"
+! .TH SSL_clear 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_clear \- reset \s-1SSL\s0 object to allow another connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_clear 3"
+! .TH SSL_clear 3 "0.9.6i" "2002-02-27" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_clear \- reset \s-1SSL\s0 object to allow another connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_connect.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_connect.3
+*** secure/lib/libcrypto/man/SSL_connect.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_connect.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:36 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_connect 3"
+! .TH SSL_connect 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_connect 3"
+! .TH SSL_connect 3 "0.9.6i" "2002-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_connect \- initiate the \s-1TLS/SSL\s0 handshake with an \s-1TLS/SSL\s0 server
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_do_handshake.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_do_handshake.3
+*** secure/lib/libcrypto/man/SSL_do_handshake.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_do_handshake.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:37 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:35 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_do_handshake 3"
+! .TH SSL_do_handshake 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_do_handshake 3"
+! .TH SSL_do_handshake 3 "0.9.6i" "2002-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_do_handshake \- perform a \s-1TLS/SSL\s0 handshake
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_free.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_free.3
+*** secure/lib/libcrypto/man/SSL_free.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_free.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:38 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:36 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_free 3"
+! .TH SSL_free 3 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_free \- free an allocated \s-1SSL\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_free 3"
+! .TH SSL_free 3 "0.9.6i" "2001-02-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_free \- free an allocated \s-1SSL\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_SSL_CTX.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3
+*** secure/lib/libcrypto/man/SSL_get_SSL_CTX.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_SSL_CTX.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:38 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:36 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_SSL_CTX 3"
+! .TH SSL_get_SSL_CTX 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_SSL_CTX 3"
+! .TH SSL_get_SSL_CTX 3 "0.9.6i" "2001-08-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_SSL_CTX \- get the \s-1SSL_CTX\s0 from which an \s-1SSL\s0 is created
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_ciphers.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_ciphers.3
+*** secure/lib/libcrypto/man/SSL_get_ciphers.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_ciphers.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:39 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:36 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ciphers 3"
+! .TH SSL_get_ciphers 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ciphers 3"
+! .TH SSL_get_ciphers 3 "0.9.6i" "2000-09-18" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ciphers, SSL_get_cipher_list \- get list of available SSL_CIPHERs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_client_CA_list.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_client_CA_list.3
+*** secure/lib/libcrypto/man/SSL_get_client_CA_list.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_client_CA_list.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:39 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:36 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_client_CA_list 3"
+! .TH SSL_get_client_CA_list 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_client_CA_list 3"
+! .TH SSL_get_client_CA_list 3 "0.9.6i" "2002-02-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_client_CA_list, SSL_CTX_get_client_CA_list \- get list of client CAs
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_current_cipher.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_current_cipher.3
+*** secure/lib/libcrypto/man/SSL_get_current_cipher.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_current_cipher.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:40 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_current_cipher 3"
+! .TH SSL_get_current_cipher 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_current_cipher 3"
+! .TH SSL_get_current_cipher 3 "0.9.6i" "2000-09-18" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_current_cipher, SSL_get_cipher, SSL_get_cipher_name,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_default_timeout.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_default_timeout.3
+*** secure/lib/libcrypto/man/SSL_get_default_timeout.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_default_timeout.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:41 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_default_timeout 3"
+! .TH SSL_get_default_timeout 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_default_timeout \- get default session timeout value
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_default_timeout 3"
+! .TH SSL_get_default_timeout 3 "0.9.6i" "2001-08-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_default_timeout \- get default session timeout value
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_error.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_error.3
+*** secure/lib/libcrypto/man/SSL_get_error.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_error.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:41 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_error 3"
+! .TH SSL_get_error 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_error 3"
+! .TH SSL_get_error 3 "0.9.6i" "2002-07-29" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_error \- obtain result code for \s-1TLS/SSL\s0 I/O operation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
+*** secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_ex_data_X509_STORE_CTX_idx.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:42 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:37 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
+! .TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.6e" "2001-02-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_data_X509_STORE_CTX_idx 3"
+! .TH SSL_get_ex_data_X509_STORE_CTX_idx 3 "0.9.6i" "2001-01-28" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_data_X509_STORE_CTX_idx \- get ex_data index to access \s-1SSL\s0 structure
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_ex_new_index.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_ex_new_index.3
+*** secure/lib/libcrypto/man/SSL_get_ex_new_index.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_ex_new_index.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:42 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_new_index 3"
+! .TH SSL_get_ex_new_index 3 "0.9.6e" "2001-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_ex_new_index 3"
+! .TH SSL_get_ex_new_index 3 "0.9.6i" "2001-05-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_ex_new_index, SSL_set_ex_data, SSL_get_ex_data \- internal application specific data functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_fd.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_fd.3
+*** secure/lib/libcrypto/man/SSL_get_fd.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_fd.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:43 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_fd 3"
+! .TH SSL_get_fd 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_fd 3"
+! .TH SSL_get_fd 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_fd \- get file descriptor linked to an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3
+*** secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_peer_cert_chain.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:44 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:38 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_cert_chain 3"
+! .TH SSL_get_peer_cert_chain 3 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_cert_chain 3"
+! .TH SSL_get_peer_cert_chain 3 "0.9.6i" "2001-02-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_cert_chain \- get the X509 certificate chain of the peer
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_peer_certificate.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_peer_certificate.3
+*** secure/lib/libcrypto/man/SSL_get_peer_certificate.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_peer_certificate.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:44 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_certificate 3"
+! .TH SSL_get_peer_certificate 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_certificate \- get the X509 certificate of the peer
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_peer_certificate 3"
+! .TH SSL_get_peer_certificate 3 "0.9.6i" "2001-09-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_peer_certificate \- get the X509 certificate of the peer
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_rbio.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_rbio.3
+*** secure/lib/libcrypto/man/SSL_get_rbio.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_rbio.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:45 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_rbio 3"
+! .TH SSL_get_rbio 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_rbio 3"
+! .TH SSL_get_rbio 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_rbio \- get \s-1BIO\s0 linked to an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_session.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_session.3
+*** secure/lib/libcrypto/man/SSL_get_session.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_session.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:45 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_session 3"
+! .TH SSL_get_session 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_session 3"
+! .TH SSL_get_session 3 "0.9.6i" "2001-11-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_session \- retrieve \s-1TLS/SSL\s0 session data
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_verify_result.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_verify_result.3
+*** secure/lib/libcrypto/man/SSL_get_verify_result.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_verify_result.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:46 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:39 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_verify_result 3"
+! .TH SSL_get_verify_result 3 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_verify_result \- get result of peer certificate verification
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_verify_result 3"
+! .TH SSL_get_verify_result 3 "0.9.6i" "2001-02-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_verify_result \- get result of peer certificate verification
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_get_version.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_version.3
+*** secure/lib/libcrypto/man/SSL_get_version.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_get_version.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:47 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_version 3"
+! .TH SSL_get_version 3 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_version \- get the protocol version of a connection.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_get_version 3"
+! .TH SSL_get_version 3 "0.9.6i" "2001-02-23" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_get_version \- get the protocol version of a connection.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_library_init.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_library_init.3
+*** secure/lib/libcrypto/man/SSL_library_init.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_library_init.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:47 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:40 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_library_init 3"
+! .TH SSL_library_init 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_library_init 3"
+! .TH SSL_library_init 3 "0.9.6i" "2000-09-21" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_library_init, OpenSSL_add_ssl_algorithms, SSLeay_add_ssl_algorithms
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_load_client_CA_file.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_load_client_CA_file.3
+*** secure/lib/libcrypto/man/SSL_load_client_CA_file.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_load_client_CA_file.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:48 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_load_client_CA_file 3"
+! .TH SSL_load_client_CA_file 3 "0.9.6e" "2001-02-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_load_client_CA_file \- load certificate names from file
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_load_client_CA_file 3"
+! .TH SSL_load_client_CA_file 3 "0.9.6i" "2000-10-11" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_load_client_CA_file \- load certificate names from file
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_new.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_new.3
+*** secure/lib/libcrypto/man/SSL_new.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_new.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:48 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_new 3"
+! .TH SSL_new 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_new \- create a new \s-1SSL\s0 structure for a connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_new 3"
+! .TH SSL_new 3 "0.9.6i" "2001-08-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_new \- create a new \s-1SSL\s0 structure for a connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_pending.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_pending.3
+*** secure/lib/libcrypto/man/SSL_pending.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_pending.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:49 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_pending 3"
+! .TH SSL_pending 3 "0.9.6e" "2001-02-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_pending 3"
+! .TH SSL_pending 3 "0.9.6i" "2000-12-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_pending \- obtain number of readable bytes buffered in an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_read.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_read.3
+*** secure/lib/libcrypto/man/SSL_read.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_read.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:50 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:41 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_read 3"
+! .TH SSL_read 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_read 3"
+! .TH SSL_read 3 "0.9.6i" "2001-09-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_read \- read bytes from a \s-1TLS/SSL\s0 connection.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_rstate_string.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_rstate_string.3
+*** secure/lib/libcrypto/man/SSL_rstate_string.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_rstate_string.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:50 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_rstate_string 3"
+! .TH SSL_rstate_string 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_rstate_string 3"
+! .TH SSL_rstate_string 3 "0.9.6i" "2001-08-23" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_rstate_string, SSL_rstate_string_long \- get textual description of state of an \s-1SSL\s0 object during read operation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_session_reused.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_session_reused.3
+*** secure/lib/libcrypto/man/SSL_session_reused.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_session_reused.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:51 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_session_reused 3"
+! .TH SSL_session_reused 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_session_reused \- query whether a reused session was negotiated during handshake
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_session_reused 3"
+! .TH SSL_session_reused 3 "0.9.6i" "2001-07-20" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_session_reused \- query whether a reused session was negotiated during handshake
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_set_bio.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_bio.3
+*** secure/lib/libcrypto/man/SSL_set_bio.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_bio.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:51 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_bio 3"
+! .TH SSL_set_bio 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_bio 3"
+! .TH SSL_set_bio 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_bio \- connect the \s-1SSL\s0 object with a \s-1BIO\s0
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_set_connect_state.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_connect_state.3
+*** secure/lib/libcrypto/man/SSL_set_connect_state.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_connect_state.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:52 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_connect_state 3"
+! .TH SSL_set_connect_state 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_connect_state 3"
+! .TH SSL_set_connect_state 3 "0.9.6i" "2002-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_connect_state, SSL_get_accept_state \- prepare \s-1SSL\s0 object to work in client or server mode
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_set_fd.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_fd.3
+*** secure/lib/libcrypto/man/SSL_set_fd.3	Tue Jul 30 10:34:50 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_fd.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:53 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:42 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_fd 3"
+! .TH SSL_set_fd 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_fd 3"
+! .TH SSL_set_fd 3 "0.9.6i" "2000-09-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_fd \- connect the \s-1SSL\s0 object with a file descriptor
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_set_session.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_session.3
+*** secure/lib/libcrypto/man/SSL_set_session.3	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_session.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:53 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_session 3"
+! .TH SSL_set_session 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_session 3"
+! .TH SSL_set_session 3 "0.9.6i" "2001-10-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_session \- set a \s-1TLS/SSL\s0 session to be used during \s-1TLS/SSL\s0 connect
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_set_shutdown.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_shutdown.3
+*** secure/lib/libcrypto/man/SSL_set_shutdown.3	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_shutdown.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:54 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_shutdown 3"
+! .TH SSL_set_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_shutdown 3"
+! .TH SSL_set_shutdown 3 "0.9.6i" "2001-08-20" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_shutdown, SSL_get_shutdown \- manipulate shutdown state of an \s-1SSL\s0 connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_set_verify_result.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_verify_result.3
+*** secure/lib/libcrypto/man/SSL_set_verify_result.3	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_set_verify_result.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:55 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_verify_result 3"
+! .TH SSL_set_verify_result 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_verify_result \- override result of peer certificate verification
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_set_verify_result 3"
+! .TH SSL_set_verify_result 3 "0.9.6i" "2000-09-20" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_set_verify_result \- override result of peer certificate verification
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_shutdown.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_shutdown.3
+*** secure/lib/libcrypto/man/SSL_shutdown.3	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_shutdown.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:55 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_shutdown 3"
+! .TH SSL_shutdown 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_shutdown 3"
+! .TH SSL_shutdown 3 "0.9.6i" "2001-08-20" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_shutdown \- shut down a \s-1TLS/SSL\s0 connection
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_state_string.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_state_string.3
+*** secure/lib/libcrypto/man/SSL_state_string.3	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_state_string.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:56 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:43 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_state_string 3"
+! .TH SSL_state_string 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_state_string 3"
+! .TH SSL_state_string 3 "0.9.6i" "2001-08-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_state_string, SSL_state_string_long \- get textual description of state of an \s-1SSL\s0 object
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_want.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_want.3
+*** secure/lib/libcrypto/man/SSL_want.3	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_want.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:56 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_want 3"
+! .TH SSL_want 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_want 3"
+! .TH SSL_want 3 "0.9.6i" "2001-08-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_want, SSL_want_nothing, SSL_want_read, SSL_want_write, SSL_want_x509_lookup \- obtain state information \s-1TLS/SSL\s0 I/O operation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/SSL_write.3 ../RELENG_5_0/secure/lib/libcrypto/man/SSL_write.3
+*** secure/lib/libcrypto/man/SSL_write.3	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/SSL_write.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:57 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_write 3"
+! .TH SSL_write 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SSL_write 3"
+! .TH SSL_write 3 "0.9.6i" "2002-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  SSL_write \- write bytes to a \s-1TLS/SSL\s0 connection.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/asn1parse.1 ../RELENG_5_0/secure/lib/libcrypto/man/asn1parse.1
+*** secure/lib/libcrypto/man/asn1parse.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/asn1parse.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:39 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:55 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1PARSE 1"
+! .TH ASN1PARSE 1 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  asn1parse \- \s-1ASN\s0.1 parsing tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ASN1PARSE 1"
+! .TH ASN1PARSE 1 "0.9.6i" "2000-01-20" "OpenSSL"
+  .UC
+  .SH "NAME"
+  asn1parse \- \s-1ASN\s0.1 parsing tool
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/bio.3 ../RELENG_5_0/secure/lib/libcrypto/man/bio.3
+*** secure/lib/libcrypto/man/bio.3	Tue Jul 30 10:34:48 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/bio.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:57 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "bio 3"
+! .TH bio 3 "0.9.6e" "2001-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bio \- I/O abstraction
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "bio 3"
+! .TH bio 3 "0.9.6i" "2001-04-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bio \- I/O abstraction
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/blowfish.3 ../RELENG_5_0/secure/lib/libcrypto/man/blowfish.3
+*** secure/lib/libcrypto/man/blowfish.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/blowfish.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:57 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "blowfish 3"
+! .TH blowfish 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "blowfish 3"
+! .TH blowfish 3 "0.9.6i" "2002-01-21" "OpenSSL"
+  .UC
+  .SH "NAME"
+  blowfish, BF_set_key, BF_encrypt, BF_decrypt, BF_ecb_encrypt, BF_cbc_encrypt,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/bn.3 ../RELENG_5_0/secure/lib/libcrypto/man/bn.3
+*** secure/lib/libcrypto/man/bn.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/bn.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:58 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "bn 3"
+! .TH bn 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn \- multiprecision integer arithmetics
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "bn 3"
+! .TH bn 3 "0.9.6i" "2001-09-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn \- multiprecision integer arithmetics
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/bn_internal.3 ../RELENG_5_0/secure/lib/libcrypto/man/bn_internal.3
+*** secure/lib/libcrypto/man/bn_internal.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/bn_internal.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:58 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:22 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "bn_internal 3"
+! .TH bn_internal 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "bn_internal 3"
+! .TH bn_internal 3 "0.9.6i" "2000-09-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  bn_mul_words, bn_mul_add_words, bn_sqr_words, bn_div_words,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/buffer.3 ../RELENG_5_0/secure/lib/libcrypto/man/buffer.3
+*** secure/lib/libcrypto/man/buffer.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/buffer.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:59 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "buffer 3"
+! .TH buffer 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "buffer 3"
+! .TH buffer 3 "0.9.6i" "2000-09-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  BUF_MEM_new, BUF_MEM_free, BUF_MEM_grow, BUF_strdup \- simple
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ca.1 ../RELENG_5_0/secure/lib/libcrypto/man/ca.1
+*** secure/lib/libcrypto/man/ca.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ca.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:40 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CA 1"
+! .TH CA 1 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ca \- sample minimal \s-1CA\s0 application
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CA 1"
+! .TH CA 1 "0.9.6i" "2001-11-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ca \- sample minimal \s-1CA\s0 application
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ciphers.1 ../RELENG_5_0/secure/lib/libcrypto/man/ciphers.1
+*** secure/lib/libcrypto/man/ciphers.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ciphers.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:40 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CIPHERS 1"
+! .TH CIPHERS 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ciphers \- \s-1SSL\s0 cipher display and cipher list tool.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CIPHERS 1"
+! .TH CIPHERS 1 "0.9.6i" "2000-04-06" "OpenSSL"
+  .UC
+  .SH "NAME"
+  ciphers \- \s-1SSL\s0 cipher display and cipher list tool.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/config.1 ../RELENG_5_0/secure/lib/libcrypto/man/config.1
+*** secure/lib/libcrypto/man/config.1	Tue May 14 11:30:36 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/config.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Thu May  9 13:14:01 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 137,144 ****
+  .rm #[ #] #H #V #F C
+  .\" ======================================================================
+  .\"
+! .IX Title "CONFIG 1"
+! .TH CONFIG 1 "perl v5.6.1" "2000-04-13" "User Contributed Perl Documentation"
+  .UC
+  .SH "NAME"
+  config \- OpenSSL \s-1CONF\s0 library configuration files
+--- 137,144 ----
+  .rm #[ #] #H #V #F C
+  .\" ======================================================================
+  .\"
+! .IX Title "config 5"
+! .TH config 5 "0.9.6i" "2000-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  config \- OpenSSL \s-1CONF\s0 library configuration files
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/config.5 ../RELENG_5_0/secure/lib/libcrypto/man/config.5
+*** secure/lib/libcrypto/man/config.5	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/config.5	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:41 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "config 5"
+! .TH config 5 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  config \- OpenSSL \s-1CONF\s0 library configuration files
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "config 5"
+! .TH config 5 "0.9.6i" "2000-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  config \- OpenSSL \s-1CONF\s0 library configuration files
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/crl.1 ../RELENG_5_0/secure/lib/libcrypto/man/crl.1
+*** secure/lib/libcrypto/man/crl.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/crl.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:42 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:56 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL 1"
+! .TH CRL 1 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl \- \s-1CRL\s0 utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL 1"
+! .TH CRL 1 "0.9.6i" "2000-02-08" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl \- \s-1CRL\s0 utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/crl2pkcs7.1 ../RELENG_5_0/secure/lib/libcrypto/man/crl2pkcs7.1
+*** secure/lib/libcrypto/man/crl2pkcs7.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/crl2pkcs7.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:42 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL2PKCS7 1"
+! .TH CRL2PKCS7 1 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "CRL2PKCS7 1"
+! .TH CRL2PKCS7 1 "0.9.6i" "2002-07-09" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crl2pkcs7 \- Create a PKCS#7 structure from a \s-1CRL\s0 and certificates.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/crypto.3 ../RELENG_5_0/secure/lib/libcrypto/man/crypto.3
+*** secure/lib/libcrypto/man/crypto.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/crypto.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:00 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "crypto 3"
+! .TH crypto 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crypto \- OpenSSL cryptographic library
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "crypto 3"
+! .TH crypto 3 "0.9.6i" "2002-01-04" "OpenSSL"
+  .UC
+  .SH "NAME"
+  crypto \- OpenSSL cryptographic library
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_DHparams.3 ../RELENG_5_0/secure/lib/libcrypto/man/d2i_DHparams.3
+*** secure/lib/libcrypto/man/d2i_DHparams.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/d2i_DHparams.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:01 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_DHparams 3"
+! .TH d2i_DHparams 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_DHparams, i2d_DHparams \- ...
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_DHparams 3"
+! .TH d2i_DHparams 3 "0.9.6i" "2000-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_DHparams, i2d_DHparams \- ...
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_RSAPublicKey.3 ../RELENG_5_0/secure/lib/libcrypto/man/d2i_RSAPublicKey.3
+*** secure/lib/libcrypto/man/d2i_RSAPublicKey.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/d2i_RSAPublicKey.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:01 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:23 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_RSAPublicKey 3"
+! .TH d2i_RSAPublicKey 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA \- ...
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_RSAPublicKey 3"
+! .TH d2i_RSAPublicKey 3 "0.9.6i" "2000-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_RSAPublicKey, i2d_RSAPublicKey, d2i_RSAPrivateKey, i2d_RSAPrivateKey, i2d_Netscape_RSA, d2i_Netscape_RSA \- ...
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/d2i_SSL_SESSION.3 ../RELENG_5_0/secure/lib/libcrypto/man/d2i_SSL_SESSION.3
+*** secure/lib/libcrypto/man/d2i_SSL_SESSION.3	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/d2i_SSL_SESSION.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:58 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_SSL_SESSION 3"
+! .TH d2i_SSL_SESSION 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "d2i_SSL_SESSION 3"
+! .TH d2i_SSL_SESSION 3 "0.9.6i" "2001-10-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  d2i_SSL_SESSION, i2d_SSL_SESSION \- convert \s-1SSL_SESSION\s0 object from/to \s-1ASN1\s0 representation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/des.3 ../RELENG_5_0/secure/lib/libcrypto/man/des.3
+*** secure/lib/libcrypto/man/des.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/des.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:02 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "des 3"
+! .TH des 3 "0.9.6e" "2001-02-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  des_random_key, des_set_key, des_key_sched, des_set_key_checked,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "des 3"
+! .TH des 3 "0.9.6i" "2000-10-11" "OpenSSL"
+  .UC
+  .SH "NAME"
+  des_random_key, des_set_key, des_key_sched, des_set_key_checked,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/des_modes.3 ../RELENG_5_0/secure/lib/libcrypto/man/des_modes.3
+*** secure/lib/libcrypto/man/des_modes.3	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/des_modes.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:02 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 137,144 ****
+  .rm #[ #] #H #V #F C
+  .\" ======================================================================
+  .\"
+! .IX Title "des_modes 3"
+! .TH des_modes 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  Modes of \s-1DES\s0 \- the variants of \s-1DES\s0 and other crypto algorithms of OpenSSL
+--- 137,144 ----
+  .rm #[ #] #H #V #F C
+  .\" ======================================================================
+  .\"
+! .IX Title "des_modes 7"
+! .TH des_modes 7 "0.9.6i" "2002-03-05" "OpenSSL"
+  .UC
+  .SH "NAME"
+  Modes of \s-1DES\s0 \- the variants of \s-1DES\s0 and other crypto algorithms of OpenSSL
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/dgst.1 ../RELENG_5_0/secure/lib/libcrypto/man/dgst.1
+*** secure/lib/libcrypto/man/dgst.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/dgst.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:43 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DGST 1"
+! .TH DGST 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DGST 1"
+! .TH DGST 1 "0.9.6i" "2000-09-04" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dgst, md5, md4, md2, sha1, sha, mdc2, ripemd160 \- message digests
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/dh.3 ../RELENG_5_0/secure/lib/libcrypto/man/dh.3
+*** secure/lib/libcrypto/man/dh.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/dh.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:03 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "dh 3"
+! .TH dh 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dh \- Diffie-Hellman key agreement
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "dh 3"
+! .TH dh 3 "0.9.6i" "2000-01-27" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dh \- Diffie-Hellman key agreement
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/dhparam.1 ../RELENG_5_0/secure/lib/libcrypto/man/dhparam.1
+*** secure/lib/libcrypto/man/dhparam.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/dhparam.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:44 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DHPARAM 1"
+! .TH DHPARAM 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dhparam \- \s-1DH\s0 parameter manipulation and generation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DHPARAM 1"
+! .TH DHPARAM 1 "0.9.6i" "2000-04-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dhparam \- \s-1DH\s0 parameter manipulation and generation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/dsa.1 ../RELENG_5_0/secure/lib/libcrypto/man/dsa.1
+*** secure/lib/libcrypto/man/dsa.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/dsa.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:44 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA 1"
+! .TH DSA 1 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- \s-1DSA\s0 key processing
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSA 1"
+! .TH DSA 1 "0.9.6i" "2000-02-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- \s-1DSA\s0 key processing
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/dsa.3 ../RELENG_5_0/secure/lib/libcrypto/man/dsa.3
+*** secure/lib/libcrypto/man/dsa.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/dsa.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:04 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "dsa 3"
+! .TH dsa 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- Digital Signature Algorithm
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "dsa 3"
+! .TH dsa 3 "0.9.6i" "2000-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsa \- Digital Signature Algorithm
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/dsaparam.1 ../RELENG_5_0/secure/lib/libcrypto/man/dsaparam.1
+*** secure/lib/libcrypto/man/dsaparam.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/dsaparam.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:45 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:57 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "DSAPARAM 1"
+! .TH DSAPARAM 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsaparam \- \s-1DSA\s0 parameter manipulation and generation
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "DSAPARAM 1"
+! .TH DSAPARAM 1 "0.9.6i" "2000-04-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  dsaparam \- \s-1DSA\s0 parameter manipulation and generation
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/enc.1 ../RELENG_5_0/secure/lib/libcrypto/man/enc.1
+*** secure/lib/libcrypto/man/enc.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/enc.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:46 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ENC 1"
+! .TH ENC 1 "0.9.6e" "2001-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  enc \- symmetric cipher routines
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ENC 1"
+! .TH ENC 1 "0.9.6i" "2001-07-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  enc \- symmetric cipher routines
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/err.3 ../RELENG_5_0/secure/lib/libcrypto/man/err.3
+*** secure/lib/libcrypto/man/err.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/err.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:04 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:24 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "err 3"
+! .TH err 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  err \- error codes
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "err 3"
+! .TH err 3 "0.9.6i" "2002-07-10" "OpenSSL"
+  .UC
+  .SH "NAME"
+  err \- error codes
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/evp.3 ../RELENG_5_0/secure/lib/libcrypto/man/evp.3
+*** secure/lib/libcrypto/man/evp.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/evp.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:05 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "evp 3"
+! .TH evp 3 "0.9.6e" "2001-02-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  evp \- high-level cryptographic functions
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "evp 3"
+! .TH evp 3 "0.9.6i" "2000-10-10" "OpenSSL"
+  .UC
+  .SH "NAME"
+  evp \- high-level cryptographic functions
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/gendsa.1 ../RELENG_5_0/secure/lib/libcrypto/man/gendsa.1
+*** secure/lib/libcrypto/man/gendsa.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/gendsa.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:46 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "GENDSA 1"
+! .TH GENDSA 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  gendsa \- generate a \s-1DSA\s0 private key from a set of parameters
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "GENDSA 1"
+! .TH GENDSA 1 "0.9.6i" "2000-04-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  gendsa \- generate a \s-1DSA\s0 private key from a set of parameters
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/genrsa.1 ../RELENG_5_0/secure/lib/libcrypto/man/genrsa.1
+*** secure/lib/libcrypto/man/genrsa.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/genrsa.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:47 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "GENRSA 1"
+! .TH GENRSA 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  genrsa \- generate an \s-1RSA\s0 private key
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "GENRSA 1"
+! .TH GENRSA 1 "0.9.6i" "2000-04-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  genrsa \- generate an \s-1RSA\s0 private key
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/hmac.3 ../RELENG_5_0/secure/lib/libcrypto/man/hmac.3
+*** secure/lib/libcrypto/man/hmac.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/hmac.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:06 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "hmac 3"
+! .TH hmac 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "hmac 3"
+! .TH hmac 3 "0.9.6i" "2000-09-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1HMAC\s0, HMAC_Init, HMAC_Update, HMAC_Final, HMAC_cleanup \- \s-1HMAC\s0 message
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/lh_stats.3 ../RELENG_5_0/secure/lib/libcrypto/man/lh_stats.3
+*** secure/lib/libcrypto/man/lh_stats.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/lh_stats.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:06 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "lh_stats 3"
+! .TH lh_stats 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "lh_stats 3"
+! .TH lh_stats 3 "0.9.6i" "2000-01-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_stats, lh_node_stats, lh_node_usage_stats, lh_stats_bio,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/lhash.3 ../RELENG_5_0/secure/lib/libcrypto/man/lhash.3
+*** secure/lib/libcrypto/man/lhash.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/lhash.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:07 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "lhash 3"
+! .TH lhash 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "lhash 3"
+! .TH lhash 3 "0.9.6i" "2000-09-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  lh_new, lh_free, lh_insert, lh_delete, lh_retrieve, lh_doall,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/md5.3 ../RELENG_5_0/secure/lib/libcrypto/man/md5.3
+*** secure/lib/libcrypto/man/md5.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/md5.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:07 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:25 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "md5 3"
+! .TH md5 3 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "md5 3"
+! .TH md5 3 "0.9.6i" "2000-08-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MD2\s0, \s-1MD4\s0, \s-1MD5\s0, MD2_Init, MD2_Update, MD2_Final, MD4_Init, MD4_Update,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/mdc2.3 ../RELENG_5_0/secure/lib/libcrypto/man/mdc2.3
+*** secure/lib/libcrypto/man/mdc2.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/mdc2.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:08 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "mdc2 3"
+! .TH mdc2 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "mdc2 3"
+! .TH mdc2 3 "0.9.6i" "2000-02-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1MDC2\s0, MDC2_Init, MDC2_Update, MDC2_Final \- \s-1MDC2\s0 hash function
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/nseq.1 ../RELENG_5_0/secure/lib/libcrypto/man/nseq.1
+*** secure/lib/libcrypto/man/nseq.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/nseq.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:47 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:58 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "NSEQ 1"
+! .TH NSEQ 1 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  nseq \- create or examine a netscape certificate sequence
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "NSEQ 1"
+! .TH NSEQ 1 "0.9.6i" "2000-01-20" "OpenSSL"
+  .UC
+  .SH "NAME"
+  nseq \- create or examine a netscape certificate sequence
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/openssl.1 ../RELENG_5_0/secure/lib/libcrypto/man/openssl.1
+*** secure/lib/libcrypto/man/openssl.1	Tue Jul 30 10:34:46 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/openssl.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:48 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL 1"
+! .TH OPENSSL 1 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  openssl \- OpenSSL command line tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "OPENSSL 1"
+! .TH OPENSSL 1 "0.9.6i" "2001-08-08" "OpenSSL"
+  .UC
+  .SH "NAME"
+  openssl \- OpenSSL command line tool
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/passwd.1 ../RELENG_5_0/secure/lib/libcrypto/man/passwd.1
+*** secure/lib/libcrypto/man/passwd.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/passwd.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:49 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PASSWD 1"
+! .TH PASSWD 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  passwd \- compute password hashes
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PASSWD 1"
+! .TH PASSWD 1 "0.9.6i" "2002-10-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  passwd \- compute password hashes
+***************
+*** 193,198 ****
+  .IX Header "EXAMPLES"
+  \&\fBopenssl passwd \-crypt \-salt xx password\fR prints \fBxxj31ZMTZzkVA\fR.
+  .PP
+! \&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB$1$xxxxxxxx$8XJIcl6ZXqBMCK0qFevqT1\fR.
+  .PP
+  \&\fBopenssl passwd \-apr1 \-salt xxxxxxxx password\fR prints \fB$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0\fR.
+--- 193,198 ----
+  .IX Header "EXAMPLES"
+  \&\fBopenssl passwd \-crypt \-salt xx password\fR prints \fBxxj31ZMTZzkVA\fR.
+  .PP
+! \&\fBopenssl passwd \-1 \-salt xxxxxxxx password\fR prints \fB$1$xxxxxxxx$UYCIxa628.9qXjpQCjM4a.\fR.
+  .PP
+  \&\fBopenssl passwd \-apr1 \-salt xxxxxxxx password\fR prints \fB$apr1$xxxxxxxx$dxHfLAsjHkDRmG83UXe8K0\fR.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/pkcs12.1 ../RELENG_5_0/secure/lib/libcrypto/man/pkcs12.1
+*** secure/lib/libcrypto/man/pkcs12.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/pkcs12.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:50 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12 1"
+! .TH PKCS12 1 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs12 \- PKCS#12 file utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS12 1"
+! .TH PKCS12 1 "0.9.6i" "2001-03-17" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs12 \- PKCS#12 file utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/pkcs7.1 ../RELENG_5_0/secure/lib/libcrypto/man/pkcs7.1
+*** secure/lib/libcrypto/man/pkcs7.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/pkcs7.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:50 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:04:59 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7 1"
+! .TH PKCS7 1 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs7 \- PKCS#7 utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS7 1"
+! .TH PKCS7 1 "0.9.6i" "2000-02-22" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs7 \- PKCS#7 utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/pkcs8.1 ../RELENG_5_0/secure/lib/libcrypto/man/pkcs8.1
+*** secure/lib/libcrypto/man/pkcs8.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/pkcs8.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:51 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS8 1"
+! .TH PKCS8 1 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs8 \- PKCS#8 format private key conversion tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "PKCS8 1"
+! .TH PKCS8 1 "0.9.6i" "2000-02-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  pkcs8 \- PKCS#8 format private key conversion tool
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rand.1 ../RELENG_5_0/secure/lib/libcrypto/man/rand.1
+*** secure/lib/libcrypto/man/rand.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/rand.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:52 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND 1"
+! .TH RAND 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- generate pseudo-random bytes
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RAND 1"
+! .TH RAND 1 "0.9.6i" "2000-04-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- generate pseudo-random bytes
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rand.3 ../RELENG_5_0/secure/lib/libcrypto/man/rand.3
+*** secure/lib/libcrypto/man/rand.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/rand.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:09 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "rand 3"
+! .TH rand 3 "0.9.6e" "2001-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- pseudo-random number generator
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "rand 3"
+! .TH rand 3 "0.9.6i" "2001-07-09" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rand \- pseudo-random number generator
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rc4.3 ../RELENG_5_0/secure/lib/libcrypto/man/rc4.3
+*** secure/lib/libcrypto/man/rc4.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/rc4.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:09 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "rc4 3"
+! .TH rc4 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "rc4 3"
+! .TH rc4 3 "0.9.6i" "2000-02-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  RC4_set_key, \s-1RC4\s0 \- \s-1RC4\s0 encryption
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/req.1 ../RELENG_5_0/secure/lib/libcrypto/man/req.1
+*** secure/lib/libcrypto/man/req.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/req.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:52 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "REQ 1"
+! .TH REQ 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  req \- PKCS#10 certificate and certificate generating utility.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "REQ 1"
+! .TH REQ 1 "0.9.6i" "2002-11-09" "OpenSSL"
+  .UC
+  .SH "NAME"
+  req \- PKCS#10 certificate and certificate generating utility.
+***************
+*** 566,579 ****
+  The header and footer lines in the \fB\s-1PEM\s0\fR format are normally:
+  .PP
+  .Vb 2
+! \& -----BEGIN CERTIFICATE REQUEST----
+! \& -----END CERTIFICATE REQUEST----
+  .Ve
+  some software (some versions of Netscape certificate server) instead needs:
+  .PP
+  .Vb 2
+! \& -----BEGIN NEW CERTIFICATE REQUEST----
+! \& -----END NEW CERTIFICATE REQUEST----
+  .Ve
+  which is produced with the \fB\-newhdr\fR option but is otherwise compatible.
+  Either form is accepted transparently on input.
+--- 566,579 ----
+  The header and footer lines in the \fB\s-1PEM\s0\fR format are normally:
+  .PP
+  .Vb 2
+! \& -----BEGIN CERTIFICATE REQUEST-----
+! \& -----END CERTIFICATE REQUEST-----
+  .Ve
+  some software (some versions of Netscape certificate server) instead needs:
+  .PP
+  .Vb 2
+! \& -----BEGIN NEW CERTIFICATE REQUEST-----
+! \& -----END NEW CERTIFICATE REQUEST-----
+  .Ve
+  which is produced with the \fB\-newhdr\fR option but is otherwise compatible.
+  Either form is accepted transparently on input.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ripemd.3 ../RELENG_5_0/secure/lib/libcrypto/man/ripemd.3
+*** secure/lib/libcrypto/man/ripemd.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ripemd.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:10 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ripemd 3"
+! .TH ripemd 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \-
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ripemd 3"
+! .TH ripemd 3 "0.9.6i" "2000-02-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1RIPEMD160\s0, RIPEMD160_Init, RIPEMD160_Update, RIPEMD160_Final \-
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rsa.1 ../RELENG_5_0/secure/lib/libcrypto/man/rsa.1
+*** secure/lib/libcrypto/man/rsa.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/rsa.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:53 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:00 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA 1"
+! .TH RSA 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 key processing tool
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSA 1"
+! .TH RSA 1 "0.9.6i" "2000-06-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 key processing tool
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rsa.3 ../RELENG_5_0/secure/lib/libcrypto/man/rsa.3
+*** secure/lib/libcrypto/man/rsa.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/rsa.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:10 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:26 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "rsa 3"
+! .TH rsa 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 public key cryptosystem
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "rsa 3"
+! .TH rsa 3 "0.9.6i" "2002-07-10" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsa \- \s-1RSA\s0 public key cryptosystem
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/rsautl.1 ../RELENG_5_0/secure/lib/libcrypto/man/rsautl.1
+*** secure/lib/libcrypto/man/rsautl.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/rsautl.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:54 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "RSAUTL 1"
+! .TH RSAUTL 1 "0.9.6e" "2001-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsautl \- \s-1RSA\s0 utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "RSAUTL 1"
+! .TH RSAUTL 1 "0.9.6i" "2001-04-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  rsautl \- \s-1RSA\s0 utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/s_client.1 ../RELENG_5_0/secure/lib/libcrypto/man/s_client.1
+*** secure/lib/libcrypto/man/s_client.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/s_client.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:54 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "S_CLIENT 1"
+! .TH S_CLIENT 1 "0.9.6e" "2001-05-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_client \- \s-1SSL/TLS\s0 client program
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "S_CLIENT 1"
+! .TH S_CLIENT 1 "0.9.6i" "2001-02-15" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_client \- \s-1SSL/TLS\s0 client program
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/s_server.1 ../RELENG_5_0/secure/lib/libcrypto/man/s_server.1
+*** secure/lib/libcrypto/man/s_server.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/s_server.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:55 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "S_SERVER 1"
+! .TH S_SERVER 1 "0.9.6e" "2001-07-19" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_server \- \s-1SSL/TLS\s0 server program
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "S_SERVER 1"
+! .TH S_SERVER 1 "0.9.6i" "2001-04-09" "OpenSSL"
+  .UC
+  .SH "NAME"
+  s_server \- \s-1SSL/TLS\s0 server program
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/sess_id.1 ../RELENG_5_0/secure/lib/libcrypto/man/sess_id.1
+*** secure/lib/libcrypto/man/sess_id.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/sess_id.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:56 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:01 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SESS_ID 1"
+! .TH SESS_ID 1 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  sess_id \- \s-1SSL/TLS\s0 session handling utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SESS_ID 1"
+! .TH SESS_ID 1 "0.9.6i" "2000-02-03" "OpenSSL"
+  .UC
+  .SH "NAME"
+  sess_id \- \s-1SSL/TLS\s0 session handling utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/sha.3 ../RELENG_5_0/secure/lib/libcrypto/man/sha.3
+*** secure/lib/libcrypto/man/sha.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/sha.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:11 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "sha 3"
+! .TH sha 3 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "sha 3"
+! .TH sha 3 "0.9.6i" "2000-02-25" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SHA1\s0, SHA1_Init, SHA1_Update, SHA1_Final \- Secure Hash Algorithm
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/smime.1 ../RELENG_5_0/secure/lib/libcrypto/man/smime.1
+*** secure/lib/libcrypto/man/smime.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/smime.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:57 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME 1"
+! .TH SMIME 1 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  smime \- S/MIME utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SMIME 1"
+! .TH SMIME 1 "0.9.6i" "2002-11-09" "OpenSSL"
+  .UC
+  .SH "NAME"
+  smime \- S/MIME utility
+***************
+*** 438,445 ****
+  it with:
+  .PP
+  .Vb 2
+! \& -----BEGIN PKCS7----
+! \& -----END PKCS7----
+  .Ve
+  and using the command, 
+  .PP
+--- 438,445 ----
+  it with:
+  .PP
+  .Vb 2
+! \& -----BEGIN PKCS7-----
+! \& -----END PKCS7-----
+  .Ve
+  and using the command, 
+  .PP
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/speed.1 ../RELENG_5_0/secure/lib/libcrypto/man/speed.1
+*** secure/lib/libcrypto/man/speed.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/speed.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:57 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SPEED 1"
+! .TH SPEED 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  speed \- test library performance
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SPEED 1"
+! .TH SPEED 1 "0.9.6i" "2000-05-29" "OpenSSL"
+  .UC
+  .SH "NAME"
+  speed \- test library performance
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/spkac.1 ../RELENG_5_0/secure/lib/libcrypto/man/spkac.1
+*** secure/lib/libcrypto/man/spkac.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/spkac.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:58 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "SPKAC 1"
+! .TH SPKAC 1 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  spkac \- \s-1SPKAC\s0 printing and generating utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "SPKAC 1"
+! .TH SPKAC 1 "0.9.6i" "2000-02-16" "OpenSSL"
+  .UC
+  .SH "NAME"
+  spkac \- \s-1SPKAC\s0 printing and generating utility
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/ssl.3 ../RELENG_5_0/secure/lib/libcrypto/man/ssl.3
+*** secure/lib/libcrypto/man/ssl.3	Tue Jul 30 10:34:51 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/ssl.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:58 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:44 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "ssl 3"
+! .TH ssl 3 "0.9.6e" "2002-07-30" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "ssl 3"
+! .TH ssl 3 "0.9.6i" "2002-11-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  \&\s-1SSL\s0 \- OpenSSL \s-1SSL/TLS\s0 library
+***************
+*** 436,442 ****
+  .IX Item "SSL_set_tmp_rsa_callback"
+  long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength));
+  .Sp
+! The same as the section on "SSL_CTX_set_tmp_rsa_callback", except it operates on an \s-1SSL\s0
+  session instead of a context.
+  .Ip "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4
+  .IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))"
+--- 436,442 ----
+  .IX Item "SSL_set_tmp_rsa_callback"
+  long \fBSSL_set_tmp_rsa_callback\fR(\s-1SSL\s0 *ssl, \s-1RSA\s0 *(*cb)(\s-1SSL\s0 *ssl, int export, int keylength));
+  .Sp
+! The same as \fBSSL_CTX_set_tmp_rsa_callback\fR, except it operates on an \s-1SSL\s0
+  session instead of a context.
+  .Ip "void \fBSSL_CTX_set_verify\fR(\s-1SSL_CTX\s0 *ctx, int mode, int (*cb);(void))" 4
+  .IX Item "void SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb);(void))"
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/threads.3 ../RELENG_5_0/secure/lib/libcrypto/man/threads.3
+*** secure/lib/libcrypto/man/threads.3	Tue Jul 30 10:34:49 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/threads.3	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:22:12 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:27 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "threads 3"
+! .TH threads 3 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "threads 3"
+! .TH threads 3 "0.9.6i" "2001-11-08" "OpenSSL"
+  .UC
+  .SH "NAME"
+  CRYPTO_set_locking_callback, CRYPTO_set_id_callback, CRYPTO_num_locks,
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/verify.1 ../RELENG_5_0/secure/lib/libcrypto/man/verify.1
+*** secure/lib/libcrypto/man/verify.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/verify.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:59 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:02 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "VERIFY 1"
+! .TH VERIFY 1 "0.9.6e" "2002-01-26" "OpenSSL"
+  .UC
+  .SH "NAME"
+  verify \- Utility to verify certificates.
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "VERIFY 1"
+! .TH VERIFY 1 "0.9.6i" "2001-10-08" "OpenSSL"
+  .UC
+  .SH "NAME"
+  verify \- Utility to verify certificates.
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/version.1 ../RELENG_5_0/secure/lib/libcrypto/man/version.1
+*** secure/lib/libcrypto/man/version.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/version.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:20:59 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "VERSION 1"
+! .TH VERSION 1 "0.9.6e" "2000-04-13" "OpenSSL"
+  .UC
+  .SH "NAME"
+  version \- print OpenSSL version information
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "VERSION 1"
+! .TH VERSION 1 "0.9.6i" "2000-02-24" "OpenSSL"
+  .UC
+  .SH "NAME"
+  version \- print OpenSSL version information
+diff --exclude=CVS -I\$FreeBSD -rcN secure/lib/libcrypto/man/x509.1 ../RELENG_5_0/secure/lib/libcrypto/man/x509.1
+*** secure/lib/libcrypto/man/x509.1	Tue Jul 30 10:34:47 2002
+--- ../RELENG_5_0/secure/lib/libcrypto/man/x509.1	Thu Feb 20 12:14:24 2003
+***************
+*** 1,5 ****
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Tue Jul 30 09:21:00 2002
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+--- 1,5 ----
+  .\" Automatically generated by Pod::Man version 1.15
+! .\" Wed Feb 19 21:05:03 2003
+  .\"
+  .\" Standard preamble:
+  .\" ======================================================================
+***************
+*** 138,144 ****
+  .\" ======================================================================
+  .\"
+  .IX Title "X509 1"
+! .TH X509 1 "0.9.6e" "2000-11-12" "OpenSSL"
+  .UC
+  .SH "NAME"
+  x509 \- Certificate display and signing utility
+--- 138,144 ----
+  .\" ======================================================================
+  .\"
+  .IX Title "X509 1"
+! .TH X509 1 "0.9.6i" "2003-01-14" "OpenSSL"
+  .UC
+  .SH "NAME"
+  x509 \- Certificate display and signing utility
+***************
+*** 400,407 ****
+  The default filename consists of the \s-1CA\s0 certificate file base name with
+  \&\*(L".srl\*(R" appended. For example if the \s-1CA\s0 certificate file is called 
+  \&\*(L"mycacert.pem\*(R" it expects to find a serial number file called \*(L"mycacert.srl\*(R".
+! .Ip "\fB\-CAcreateserial filename\fR" 4
+! .IX Item "-CAcreateserial filename"
+  with this option the \s-1CA\s0 serial number file is created if it does not exist:
+  it will contain the serial number \*(L"02\*(R" and the certificate being signed will
+  have the 1 as its serial number. Normally if the \fB\-CA\fR option is specified
+--- 400,407 ----
+  The default filename consists of the \s-1CA\s0 certificate file base name with
+  \&\*(L".srl\*(R" appended. For example if the \s-1CA\s0 certificate file is called 
+  \&\*(L"mycacert.pem\*(R" it expects to find a serial number file called \*(L"mycacert.srl\*(R".
+! .Ip "\fB\-CAcreateserial\fR" 4
+! .IX Item "-CAcreateserial"
+  with this option the \s-1CA\s0 serial number file is created if it does not exist:
+  it will contain the serial number \*(L"02\*(R" and the certificate being signed will
+  have the 1 as its serial number. Normally if the \fB\-CA\fR option is specified
+***************
+*** 592,619 ****
+  \&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
+  .PP
+  .Vb 2
+! \& openssl x509 -in cert.pem -addtrust sslclient \e
+! \&        -alias "Steve's Class 1 CA" -out trust.pem
+  .Ve
+  .SH "NOTES"
+  .IX Header "NOTES"
+  The \s-1PEM\s0 format uses the header and footer lines:
+  .PP
+  .Vb 2
+! \& -----BEGIN CERTIFICATE----
+! \& -----END CERTIFICATE----
+  .Ve
+  it will also handle files containing:
+  .PP
+  .Vb 2
+! \& -----BEGIN X509 CERTIFICATE----
+! \& -----END X509 CERTIFICATE----
+  .Ve
+  Trusted certificates have the lines
+  .PP
+  .Vb 2
+! \& -----BEGIN TRUSTED CERTIFICATE----
+! \& -----END TRUSTED CERTIFICATE----
+  .Ve
+  The conversion to \s-1UTF8\s0 format used with the name options assumes that
+  T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape
+--- 592,619 ----
+  \&\*(L"Steve's Class 1 \s-1CA\s0\*(R"
+  .PP
+  .Vb 2
+! \& openssl x509 -in cert.pem -addtrust clientAuth \e
+! \&        -setalias "Steve's Class 1 CA" -out trust.pem
+  .Ve
+  .SH "NOTES"
+  .IX Header "NOTES"
+  The \s-1PEM\s0 format uses the header and footer lines:
+  .PP
+  .Vb 2
+! \& -----BEGIN CERTIFICATE-----
+! \& -----END CERTIFICATE-----
+  .Ve
+  it will also handle files containing:
+  .PP
+  .Vb 2
+! \& -----BEGIN X509 CERTIFICATE-----
+! \& -----END X509 CERTIFICATE-----
+  .Ve
+  Trusted certificates have the lines
+  .PP
+  .Vb 2
+! \& -----BEGIN TRUSTED CERTIFICATE-----
+! \& -----END TRUSTED CERTIFICATE-----
+  .Ve
+  The conversion to \s-1UTF8\s0 format used with the name options assumes that
+  T61Strings use the \s-1ISO8859\-1\s0 character set. This is wrong but Netscape
diff --git a/share/security/patches/SA-03:02/openssl50.patch.asc b/share/security/patches/SA-03:02/openssl50.patch.asc
new file mode 100644
index 0000000000..7c4de3610e
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl50.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+WuLEFdaIBMps37IRAlbbAJ9BNweHmJm9v6d1IwC2l/C7jVRYDACfaH+W
+Yz31Zd8YKQNAbzIB/YJPczo=
+=dVJi
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:02/openssl50.patch.gz b/share/security/patches/SA-03:02/openssl50.patch.gz
new file mode 100644
index 0000000000..e7aac63f70
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl50.patch.gz
diff --git a/share/security/patches/SA-03:02/openssl50.patch.gz.asc b/share/security/patches/SA-03:02/openssl50.patch.gz.asc
new file mode 100644
index 0000000000..a946fbca8d
--- /dev/null
+++ b/share/security/patches/SA-03:02/openssl50.patch.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+YBHBFdaIBMps37IRArKfAJ95z+C3Z6qzfyuwBh2IPt/8qMDHugCePVto
+IbZp8gD5Ee7rW4IGUcPOZZs=
+=EF7J
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:03/syncookie.patch b/share/security/patches/SA-03:03/syncookie.patch
new file mode 100644
index 0000000000..352acdaf24
--- /dev/null
+++ b/share/security/patches/SA-03:03/syncookie.patch
@@ -0,0 +1,217 @@
+Index: sys/netinet/tcp_syncache.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_syncache.c,v
+retrieving revision 1.5.2.8
+diff -c -r1.5.2.8 tcp_syncache.c
+*** sys/netinet/tcp_syncache.c	18 Aug 2002 22:04:47 -0000	1.5.2.8
+--- sys/netinet/tcp_syncache.c	23 Feb 2003 14:38:20 -0000
+***************
+*** 1222,1243 ****
+  
+  /*
+   * The values below are chosen to minimize the size of the tcp_secret
+!  * table, as well as providing roughly a 4 second lifetime for the cookie.
+   */
+  
+! #define SYNCOOKIE_HASHSHIFT	2	/* log2(# of 32bit words from hash) */
+! #define SYNCOOKIE_WNDBITS	7	/* exposed bits for window indexing */
+! #define SYNCOOKIE_TIMESHIFT	5	/* scale ticks to window time units */
+  
+- #define SYNCOOKIE_HASHMASK	((1 << SYNCOOKIE_HASHSHIFT) - 1)
+  #define SYNCOOKIE_WNDMASK	((1 << SYNCOOKIE_WNDBITS) - 1)
+! #define SYNCOOKIE_NSECRETS	(1 << (SYNCOOKIE_WNDBITS - SYNCOOKIE_HASHSHIFT))
+  #define SYNCOOKIE_TIMEOUT \
+      (hz * (1 << SYNCOOKIE_WNDBITS) / (1 << SYNCOOKIE_TIMESHIFT))
+  #define SYNCOOKIE_DATAMASK 	((3 << SYNCOOKIE_WNDBITS) | SYNCOOKIE_WNDMASK)
+  
+  static struct {
+! 	u_int32_t	ts_secbits;
+  	u_int		ts_expire;
+  } tcp_secret[SYNCOOKIE_NSECRETS];
+  
+--- 1222,1241 ----
+  
+  /*
+   * The values below are chosen to minimize the size of the tcp_secret
+!  * table, as well as providing roughly a 16 second lifetime for the cookie.
+   */
+  
+! #define SYNCOOKIE_WNDBITS	5	/* exposed bits for window indexing */
+! #define SYNCOOKIE_TIMESHIFT	1	/* scale ticks to window time units */
+  
+  #define SYNCOOKIE_WNDMASK	((1 << SYNCOOKIE_WNDBITS) - 1)
+! #define SYNCOOKIE_NSECRETS	(1 << SYNCOOKIE_WNDBITS)
+  #define SYNCOOKIE_TIMEOUT \
+      (hz * (1 << SYNCOOKIE_WNDBITS) / (1 << SYNCOOKIE_TIMESHIFT))
+  #define SYNCOOKIE_DATAMASK 	((3 << SYNCOOKIE_WNDBITS) | SYNCOOKIE_WNDMASK)
+  
+  static struct {
+! 	u_int32_t	ts_secbits[4];
+  	u_int		ts_expire;
+  } tcp_secret[SYNCOOKIE_NSECRETS];
+  
+***************
+*** 1247,1252 ****
+--- 1245,1260 ----
+  
+  #define MD5Add(v)	MD5Update(&syn_ctx, (u_char *)&v, sizeof(v))
+  
++ struct md5_add {
++ 	u_int32_t laddr, faddr;
++ 	u_int32_t secbits[4];
++ 	u_int16_t lport, fport;
++ };
++ 
++ #ifdef CTASSERT
++ CTASSERT(sizeof(struct md5_add) == 28);
++ #endif
++ 
+  /*
+   * Consider the problem of a recreated (and retransmitted) cookie.  If the
+   * original SYN was accepted, the connection is established.  The second 
+***************
+*** 1262,1296 ****
+  {
+  	u_int32_t md5_buffer[4];
+  	u_int32_t data;
+! 	int wnd, idx;
+  
+! 	wnd = ((ticks << SYNCOOKIE_TIMESHIFT) / hz) & SYNCOOKIE_WNDMASK;
+! 	idx = wnd >> SYNCOOKIE_HASHSHIFT;
+  	if (tcp_secret[idx].ts_expire < ticks) {
+! 		tcp_secret[idx].ts_secbits = arc4random();
+  		tcp_secret[idx].ts_expire = ticks + SYNCOOKIE_TIMEOUT;
+  	}
+  	for (data = sizeof(tcp_msstab) / sizeof(int) - 1; data > 0; data--)
+  		if (tcp_msstab[data] <= sc->sc_peer_mss)
+  			break;
+! 	data = (data << SYNCOOKIE_WNDBITS) | wnd;
+  	data ^= sc->sc_irs;				/* peer's iss */
+  	MD5Init(&syn_ctx);
+  #ifdef INET6
+  	if (sc->sc_inc.inc_isipv6) {
+  		MD5Add(sc->sc_inc.inc6_laddr);
+  		MD5Add(sc->sc_inc.inc6_faddr);
+  	} else
+  #endif
+  	{
+! 		MD5Add(sc->sc_inc.inc_laddr);
+! 		MD5Add(sc->sc_inc.inc_faddr);
+  	}
+! 	MD5Add(sc->sc_inc.inc_lport);
+! 	MD5Add(sc->sc_inc.inc_fport);
+! 	MD5Add(tcp_secret[idx].ts_secbits);
+  	MD5Final((u_char *)&md5_buffer, &syn_ctx);
+! 	data ^= (md5_buffer[wnd & SYNCOOKIE_HASHMASK] & ~SYNCOOKIE_WNDMASK);
+  	return (data);
+  }
+  
+--- 1270,1311 ----
+  {
+  	u_int32_t md5_buffer[4];
+  	u_int32_t data;
+! 	int idx, i;
+! 	struct md5_add add;
+  
+! 	idx = ((ticks << SYNCOOKIE_TIMESHIFT) / hz) & SYNCOOKIE_WNDMASK;
+  	if (tcp_secret[idx].ts_expire < ticks) {
+! 		for (i = 0; i < 4; i++)
+! 			tcp_secret[idx].ts_secbits[i] = arc4random();
+  		tcp_secret[idx].ts_expire = ticks + SYNCOOKIE_TIMEOUT;
+  	}
+  	for (data = sizeof(tcp_msstab) / sizeof(int) - 1; data > 0; data--)
+  		if (tcp_msstab[data] <= sc->sc_peer_mss)
+  			break;
+! 	data = (data << SYNCOOKIE_WNDBITS) | idx;
+  	data ^= sc->sc_irs;				/* peer's iss */
+  	MD5Init(&syn_ctx);
+  #ifdef INET6
+  	if (sc->sc_inc.inc_isipv6) {
+  		MD5Add(sc->sc_inc.inc6_laddr);
+  		MD5Add(sc->sc_inc.inc6_faddr);
++ 		add.laddr = 0;
++ 		add.faddr = 0;
+  	} else
+  #endif
+  	{
+! 		add.laddr = sc->sc_inc.inc_laddr.s_addr;
+! 		add.faddr = sc->sc_inc.inc_faddr.s_addr;
+  	}
+! 	add.lport = sc->sc_inc.inc_lport;
+! 	add.fport = sc->sc_inc.inc_fport;
+! 	add.secbits[0] = tcp_secret[idx].ts_secbits[0];
+! 	add.secbits[1] = tcp_secret[idx].ts_secbits[1];
+! 	add.secbits[2] = tcp_secret[idx].ts_secbits[2];
+! 	add.secbits[3] = tcp_secret[idx].ts_secbits[3];
+! 	MD5Add(add);
+  	MD5Final((u_char *)&md5_buffer, &syn_ctx);
+! 	data ^= (md5_buffer[0] & ~SYNCOOKIE_WNDMASK);
+  	return (data);
+  }
+  
+***************
+*** 1304,1313 ****
+  	struct syncache *sc;
+  	u_int32_t data;
+  	int wnd, idx;
+  
+  	data = (th->th_ack - 1) ^ (th->th_seq - 1);	/* remove ISS */
+! 	wnd = data & SYNCOOKIE_WNDMASK;
+! 	idx = wnd >> SYNCOOKIE_HASHSHIFT;
+  	if (tcp_secret[idx].ts_expire < ticks ||
+  	    sototcpcb(so)->ts_recent + SYNCOOKIE_TIMEOUT < ticks)
+  		return (NULL);
+--- 1319,1328 ----
+  	struct syncache *sc;
+  	u_int32_t data;
+  	int wnd, idx;
++ 	struct md5_add add;
+  
+  	data = (th->th_ack - 1) ^ (th->th_seq - 1);	/* remove ISS */
+! 	idx = data & SYNCOOKIE_WNDMASK;
+  	if (tcp_secret[idx].ts_expire < ticks ||
+  	    sototcpcb(so)->ts_recent + SYNCOOKIE_TIMEOUT < ticks)
+  		return (NULL);
+***************
+*** 1316,1332 ****
+  	if (inc->inc_isipv6) {
+  		MD5Add(inc->inc6_laddr);
+  		MD5Add(inc->inc6_faddr);
+  	} else
+  #endif
+  	{
+! 		MD5Add(inc->inc_laddr);
+! 		MD5Add(inc->inc_faddr);
+  	}
+! 	MD5Add(inc->inc_lport);
+! 	MD5Add(inc->inc_fport);
+! 	MD5Add(tcp_secret[idx].ts_secbits);
+  	MD5Final((u_char *)&md5_buffer, &syn_ctx);
+! 	data ^= md5_buffer[wnd & SYNCOOKIE_HASHMASK];
+  	if ((data & ~SYNCOOKIE_DATAMASK) != 0)
+  		return (NULL);
+  	data = data >> SYNCOOKIE_WNDBITS;
+--- 1331,1353 ----
+  	if (inc->inc_isipv6) {
+  		MD5Add(inc->inc6_laddr);
+  		MD5Add(inc->inc6_faddr);
++ 		add.laddr = 0;
++ 		add.faddr = 0;
+  	} else
+  #endif
+  	{
+! 		add.laddr = inc->inc_laddr.s_addr;
+! 		add.faddr = inc->inc_faddr.s_addr;
+  	}
+! 	add.lport = inc->inc_lport;
+! 	add.fport = inc->inc_fport;
+! 	add.secbits[0] = tcp_secret[idx].ts_secbits[0];
+! 	add.secbits[1] = tcp_secret[idx].ts_secbits[1];
+! 	add.secbits[2] = tcp_secret[idx].ts_secbits[2];
+! 	add.secbits[3] = tcp_secret[idx].ts_secbits[3];
+! 	MD5Add(add);
+  	MD5Final((u_char *)&md5_buffer, &syn_ctx);
+! 	data ^= md5_buffer[0];
+  	if ((data & ~SYNCOOKIE_DATAMASK) != 0)
+  		return (NULL);
+  	data = data >> SYNCOOKIE_WNDBITS;
diff --git a/share/security/patches/SA-03:03/syncookie.patch.asc b/share/security/patches/SA-03:03/syncookie.patch.asc
new file mode 100644
index 0000000000..46d0204ad4
--- /dev/null
+++ b/share/security/patches/SA-03:03/syncookie.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+WN0bFdaIBMps37IRAj2VAKCT+u6roDJ6nwft9bM0rkvVlQoCfACgkDVY
+/iI9ct5ZdIykogNE3wXo+qc=
+=0jee
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz b/share/security/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz
new file mode 100644
index 0000000000..19bc63c447
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz
diff --git a/share/security/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz.asc b/share/security/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz.asc
new file mode 100644
index 0000000000..7e6d6beb0e
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-4.6-i386-crypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+Yml3FdaIBMps37IRAnYrAJ9XJZ7yN3bNb17wVKeOeqaBYKXyrACeO1sL
+1HV+dFHxnom9vbc4c/+Km3Q=
+=9Qhq
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz b/share/security/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz
new file mode 100644
index 0000000000..fb71c3ccd0
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz
diff --git a/share/security/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz.asc b/share/security/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz.asc
new file mode 100644
index 0000000000..61560059f5
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-4.6-i386-nocrypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+Yml3FdaIBMps37IRAuC/AJ95uFPFEmw1mEraCdMZmEoC0yCiOgCeNCFj
+6U+VHYXoxr5JSDx1uxpAHms=
+=jqLA
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz b/share/security/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz
new file mode 100644
index 0000000000..b3122640cc
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz
diff --git a/share/security/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz.asc b/share/security/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz.asc
new file mode 100644
index 0000000000..75e7fa2d0f
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-4.7-i386-crypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+Yml3FdaIBMps37IRAkU1AKCBvYLvW6x3d0+c54fUr+V5PUwFRgCfZgmb
+oSs47XilNcRhC37mfrU+w0c=
+=azTC
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz b/share/security/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz
new file mode 100644
index 0000000000..6b0cb1eccd
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz
diff --git a/share/security/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz.asc b/share/security/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz.asc
new file mode 100644
index 0000000000..6da9477664
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-4.7-i386-nocrypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+Yml3FdaIBMps37IRAjA+AJ9kuytzG66f+5lyJzFr7yNKgqmUEgCeL379
+cxLdY3hcVvK4UVHR5JvgHPY=
+=l89z
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz b/share/security/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz
new file mode 100644
index 0000000000..dca2b4b58a
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz
diff --git a/share/security/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz.asc b/share/security/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz.asc
new file mode 100644
index 0000000000..907edaa795
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-5.0-i386-crypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+Yml3FdaIBMps37IRAuysAJ45+1SMDmgVV2+IXZBGnkyoEZVbXwCfUq04
+rkbAjmzEoU/ACF3HUvqwilM=
+=Zulw
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz b/share/security/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz
new file mode 100644
index 0000000000..3b653a304a
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz
diff --git a/share/security/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz.asc b/share/security/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz.asc
new file mode 100644
index 0000000000..065e1c1adc
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail-5.0-i386-nocrypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+Yml3FdaIBMps37IRAg2WAJ4ib65cf7uVRYVT9/28CeEs87JrYgCfX798
+P2JfWlZPGf0jFulGQQPQbXI=
+=udtf
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:04/sendmail.patch b/share/security/patches/SA-03:04/sendmail.patch
new file mode 100644
index 0000000000..439d2207f9
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail.patch
@@ -0,0 +1,497 @@
+Index: contrib/sendmail/src/daemon.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/daemon.c,v
+retrieving revision 1.1.1.3.2.10
+diff -u -r1.1.1.3.2.10 daemon.c
+--- contrib/sendmail/src/daemon.c	27 Jun 2002 20:43:21 -0000	1.1.1.3.2.10
++++ contrib/sendmail/src/daemon.c	27 Feb 2003 21:42:35 -0000
+@@ -3508,7 +3508,7 @@
+ 	if (i < 0 || p == &ibuf[0])
+ 		goto noident;
+ 
+-	if (*--p == '\n' && *--p == '\r')
++	if (p >= &ibuf[2] && *--p == '\n' && *--p == '\r')
+ 		p--;
+ 	*++p = '\0';
+ 
+Index: contrib/sendmail/src/headers.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/headers.c,v
+retrieving revision 1.4.2.7
+diff -u -r1.4.2.7 headers.c
+--- contrib/sendmail/src/headers.c	3 Sep 2002 01:50:17 -0000	1.4.2.7
++++ contrib/sendmail/src/headers.c	27 Feb 2003 21:42:36 -0000
+@@ -678,8 +678,8 @@
+ 			if (buf[0] != '\0')
+ 			{
+ 				if (bitset(H_FROM, h->h_flags))
+-					expand(crackaddr(buf), buf, sizeof buf,
+-					       e);
++					expand(crackaddr(buf, e),
++					       buf, sizeof buf, e);
+ 				h->h_value = sm_rpool_strdup_x(e->e_rpool, buf);
+ 				h->h_flags &= ~H_DEFAULT;
+ 			}
+@@ -1000,7 +1000,11 @@
+ **	it and replaces it with "$g".  The parse is totally ad hoc
+ **	and isn't even guaranteed to leave something syntactically
+ **	identical to what it started with.  However, it does leave
+-**	something semantically identical.
++**	something semantically identical if possible, else at least
++**	syntactically correct.
++**
++**	For example, it changes "Real Name <real@example.com> (Comment)"
++**	to "Real Name <$g> (Comment)".
+ **
+ **	This algorithm has been cleaned up to handle a wider range
+ **	of cases -- notably quoted and backslash escaped strings.
+@@ -1009,6 +1013,7 @@
+ **
+ **	Parameters:
+ **		addr -- the address to be cracked.
++**		e -- the current envelope.
+ **
+ **	Returns:
+ **		a pointer to the new version.
+@@ -1021,28 +1026,50 @@
+ **		be copied if it is to be reused.
+ */
+ 
++#define SM_HAVE_ROOM		((bp < buflim) && (buflim <= bufend))
++
++/*
++**  Append a character to bp if we have room.
++**  If not, punt and return $g.
++*/
++
++#define SM_APPEND_CHAR(c)					\
++	do							\
++	{							\
++		if (SM_HAVE_ROOM)				\
++			*bp++ = (c);				\
++		else						\
++			goto returng;				\
++	} while (0)
++
++#if MAXNAME < 10
++ERROR MAXNAME must be at least 10
++#endif /* MAXNAME < 10 */
++
+ char *
+-crackaddr(addr)
++crackaddr(addr, e)
+ 	register char *addr;
++	ENVELOPE *e;
+ {
+ 	register char *p;
+ 	register char c;
+-	int cmtlev;
+-	int realcmtlev;
+-	int anglelev, realanglelev;
+-	int copylev;
+-	int bracklev;
+-	bool qmode;
+-	bool realqmode;
+-	bool skipping;
+-	bool putgmac = false;
+-	bool quoteit = false;
+-	bool gotangle = false;
+-	bool gotcolon = false;
++	int cmtlev;			/* comment level in input string */
++	int realcmtlev;			/* comment level in output string */
++	int anglelev;			/* angle level in input string */
++	int copylev;			/* 0 == in address, >0 copying */
++	int bracklev;			/* bracket level for IPv6 addr check */
++	bool addangle;			/* put closing angle in output */
++	bool qmode;			/* quoting in original string? */
++	bool realqmode;			/* quoting in output string? */
++	bool putgmac = false;		/* already wrote $g */
++	bool quoteit = false;		/* need to quote next character */
++	bool gotangle = false;		/* found first '<' */
++	bool gotcolon = false;		/* found a ':' */
+ 	register char *bp;
+ 	char *buflim;
+ 	char *bufhead;
+ 	char *addrhead;
++	char *bufend;
+ 	static char buf[MAXNAME + 1];
+ 
+ 	if (tTd(33, 1))
+@@ -1057,25 +1084,22 @@
+ 	**  adjusted later if we find them.
+ 	*/
+ 
++	buflim = bufend = &buf[sizeof(buf) - 1];
+ 	bp = bufhead = buf;
+-	buflim = &buf[sizeof buf - 7];
+ 	p = addrhead = addr;
+-	copylev = anglelev = realanglelev = cmtlev = realcmtlev = 0;
++	copylev = anglelev = cmtlev = realcmtlev = 0;
+ 	bracklev = 0;
+-	qmode = realqmode = false;
++	qmode = realqmode = addangle = false;
+ 
+ 	while ((c = *p++) != '\0')
+ 	{
+ 		/*
+-		**  If the buffer is overful, go into a special "skipping"
+-		**  mode that tries to keep legal syntax but doesn't actually
+-		**  output things.
++		**  Try to keep legal syntax using spare buffer space
++		**  (maintained by buflim).
+ 		*/
+ 
+-		skipping = bp >= buflim;
+-
+-		if (copylev > 0 && !skipping)
+-			*bp++ = c;
++		if (copylev > 0)
++			SM_APPEND_CHAR(c);
+ 
+ 		/* check for backslash escapes */
+ 		if (c == '\\')
+@@ -1090,8 +1114,8 @@
+ 				p--;
+ 				goto putg;
+ 			}
+-			if (copylev > 0 && !skipping)
+-				*bp++ = c;
++			if (copylev > 0)
++				SM_APPEND_CHAR(c);
+ 			goto putg;
+ 		}
+ 
+@@ -1099,8 +1123,14 @@
+ 		if (c == '"' && cmtlev <= 0)
+ 		{
+ 			qmode = !qmode;
+-			if (copylev > 0 && !skipping)
++			if (copylev > 0 && SM_HAVE_ROOM)
++			{
++				if (realqmode)
++					buflim--;
++				else
++					buflim++;
+ 				realqmode = !realqmode;
++			}
+ 			continue;
+ 		}
+ 		if (qmode)
+@@ -1112,15 +1142,15 @@
+ 			cmtlev++;
+ 
+ 			/* allow space for closing paren */
+-			if (!skipping)
++			if (SM_HAVE_ROOM)
+ 			{
+ 				buflim--;
+ 				realcmtlev++;
+ 				if (copylev++ <= 0)
+ 				{
+ 					if (bp != bufhead)
+-						*bp++ = ' ';
+-					*bp++ = c;
++						SM_APPEND_CHAR(' ');
++					SM_APPEND_CHAR(c);
+ 				}
+ 			}
+ 		}
+@@ -1130,7 +1160,7 @@
+ 			{
+ 				cmtlev--;
+ 				copylev--;
+-				if (!skipping)
++				if (SM_HAVE_ROOM)
+ 				{
+ 					realcmtlev--;
+ 					buflim++;
+@@ -1141,7 +1171,7 @@
+ 		else if (c == ')')
+ 		{
+ 			/* syntax error: unmatched ) */
+-			if (copylev > 0 && !skipping)
++			if (copylev > 0 && SM_HAVE_ROOM)
+ 				bp--;
+ 		}
+ 
+@@ -1159,7 +1189,7 @@
+ 
+ 			/*
+ 			**  Check for DECnet phase IV ``::'' (host::user)
+-			**  or **  DECnet phase V ``:.'' syntaxes.  The latter
++			**  or DECnet phase V ``:.'' syntaxes.  The latter
+ 			**  covers ``user@DEC:.tay.myhost'' and
+ 			**  ``DEC:.tay.myhost::user'' syntaxes (bletch).
+ 			*/
+@@ -1168,10 +1198,10 @@
+ 			{
+ 				if (cmtlev <= 0 && !qmode)
+ 					quoteit = true;
+-				if (copylev > 0 && !skipping)
++				if (copylev > 0)
+ 				{
+-					*bp++ = c;
+-					*bp++ = *p;
++					SM_APPEND_CHAR(c);
++					SM_APPEND_CHAR(*p);
+ 				}
+ 				p++;
+ 				goto putg;
+@@ -1182,41 +1212,43 @@
+ 			bp = bufhead;
+ 			if (quoteit)
+ 			{
+-				*bp++ = '"';
++				SM_APPEND_CHAR('"');
+ 
+ 				/* back up over the ':' and any spaces */
+ 				--p;
+-				while (isascii(*--p) && isspace(*p))
++				while (p > addr &&
++				       isascii(*--p) && isspace(*p))
+ 					continue;
+ 				p++;
+ 			}
+ 			for (q = addrhead; q < p; )
+ 			{
+ 				c = *q++;
+-				if (bp < buflim)
++				if (quoteit && c == '"')
+ 				{
+-					if (quoteit && c == '"')
+-						*bp++ = '\\';
+-					*bp++ = c;
++					SM_APPEND_CHAR('\\');
++					SM_APPEND_CHAR(c);
+ 				}
++				else
++					SM_APPEND_CHAR(c);
+ 			}
+ 			if (quoteit)
+ 			{
+ 				if (bp == &bufhead[1])
+ 					bp--;
+ 				else
+-					*bp++ = '"';
++					SM_APPEND_CHAR('"');
+ 				while ((c = *p++) != ':')
+-				{
+-					if (bp < buflim)
+-						*bp++ = c;
+-				}
+-				*bp++ = c;
++					SM_APPEND_CHAR(c);
++				SM_APPEND_CHAR(c);
+ 			}
+ 
+ 			/* any trailing white space is part of group: */
+-			while (isascii(*p) && isspace(*p) && bp < buflim)
+-				*bp++ = *p++;
++			while (isascii(*p) && isspace(*p))
++			{
++				SM_APPEND_CHAR(*p);
++				p++;
++			}
+ 			copylev = 0;
+ 			putgmac = quoteit = false;
+ 			bufhead = bp;
+@@ -1225,10 +1257,7 @@
+ 		}
+ 
+ 		if (c == ';' && copylev <= 0 && !ColonOkInAddr)
+-		{
+-			if (bp < buflim)
+-				*bp++ = c;
+-		}
++			SM_APPEND_CHAR(c);
+ 
+ 		/* check for characters that may have to be quoted */
+ 		if (strchr(MustQuoteChars, c) != NULL)
+@@ -1256,42 +1285,45 @@
+ 
+ 			/* oops -- have to change our mind */
+ 			anglelev = 1;
+-			if (!skipping)
+-				realanglelev = 1;
++			if (SM_HAVE_ROOM)
++			{
++				if (!addangle)
++					buflim--;
++				addangle = true;
++			}
+ 
+ 			bp = bufhead;
+ 			if (quoteit)
+ 			{
+-				*bp++ = '"';
++				SM_APPEND_CHAR('"');
+ 
+ 				/* back up over the '<' and any spaces */
+ 				--p;
+-				while (isascii(*--p) && isspace(*p))
++				while (p > addr &&
++				       isascii(*--p) && isspace(*p))
+ 					continue;
+ 				p++;
+ 			}
+ 			for (q = addrhead; q < p; )
+ 			{
+ 				c = *q++;
+-				if (bp < buflim)
++				if (quoteit && c == '"')
+ 				{
+-					if (quoteit && c == '"')
+-						*bp++ = '\\';
+-					*bp++ = c;
++					SM_APPEND_CHAR('\\');
++					SM_APPEND_CHAR(c);
+ 				}
++				else
++					SM_APPEND_CHAR(c);
+ 			}
+ 			if (quoteit)
+ 			{
+ 				if (bp == &buf[1])
+ 					bp--;
+ 				else
+-					*bp++ = '"';
++					SM_APPEND_CHAR('"');
+ 				while ((c = *p++) != '<')
+-				{
+-					if (bp < buflim)
+-						*bp++ = c;
+-				}
+-				*bp++ = c;
++					SM_APPEND_CHAR(c);
++				SM_APPEND_CHAR(c);
+ 			}
+ 			copylev = 0;
+ 			putgmac = quoteit = false;
+@@ -1303,13 +1335,14 @@
+ 			if (anglelev > 0)
+ 			{
+ 				anglelev--;
+-				if (!skipping)
++				if (SM_HAVE_ROOM)
+ 				{
+-					realanglelev--;
+-					buflim++;
++					if (addangle)
++						buflim++;
++					addangle = false;
+ 				}
+ 			}
+-			else if (!skipping)
++			else if (SM_HAVE_ROOM)
+ 			{
+ 				/* syntax error: unmatched > */
+ 				if (copylev > 0)
+@@ -1318,7 +1351,7 @@
+ 				continue;
+ 			}
+ 			if (copylev++ <= 0)
+-				*bp++ = c;
++				SM_APPEND_CHAR(c);
+ 			continue;
+ 		}
+ 
+@@ -1326,30 +1359,42 @@
+ 	putg:
+ 		if (copylev <= 0 && !putgmac)
+ 		{
+-			if (bp > bufhead && bp[-1] == ')')
+-				*bp++ = ' ';
+-			*bp++ = MACROEXPAND;
+-			*bp++ = 'g';
++			if (bp > buf && bp[-1] == ')')
++				SM_APPEND_CHAR(' ');
++			SM_APPEND_CHAR(MACROEXPAND);
++			SM_APPEND_CHAR('g');
+ 			putgmac = true;
+ 		}
+ 	}
+ 
+ 	/* repair any syntactic damage */
+-	if (realqmode)
++	if (realqmode && bp < bufend)
+ 		*bp++ = '"';
+-	while (realcmtlev-- > 0)
++	while (realcmtlev-- > 0 && bp < bufend)
+ 		*bp++ = ')';
+-	while (realanglelev-- > 0)
++	if (addangle && bp < bufend)
+ 		*bp++ = '>';
+-	*bp++ = '\0';
++	*bp = '\0';
++	if (bp < bufend)
++		goto success;
++
++ returng:
++	/* String too long, punt */
++	buf[0] = '<';
++	buf[1] = MACROEXPAND;
++	buf[2]= 'g';
++	buf[3] = '>';
++	buf[4]= '\0';
++	sm_syslog(LOG_ALERT, e->e_id,
++		  "Dropped invalid comments from header address");
+ 
++ success:
+ 	if (tTd(33, 1))
+ 	{
+ 		sm_dprintf("crackaddr=>`");
+ 		xputs(buf);
+ 		sm_dprintf("'\n");
+ 	}
+-
+ 	return buf;
+ }
+ /*
+Index: contrib/sendmail/src/main.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/main.c,v
+retrieving revision 1.1.1.3.2.12
+diff -u -r1.1.1.3.2.12 main.c
+--- contrib/sendmail/src/main.c	3 Sep 2002 01:50:17 -0000	1.1.1.3.2.12
++++ contrib/sendmail/src/main.c	27 Feb 2003 21:42:36 -0000
+@@ -4227,7 +4227,7 @@
+ 						     "Usage: /parse address\n");
+ 				return;
+ 			}
+-			q = crackaddr(p);
++			q = crackaddr(p, e);
+ 			(void) sm_io_fprintf(smioout, SM_TIME_DEFAULT,
+ 					     "Cracked address = ");
+ 			xputs(q);
+Index: contrib/sendmail/src/parseaddr.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/parseaddr.c,v
+retrieving revision 1.1.1.2.6.10
+diff -u -r1.1.1.2.6.10 parseaddr.c
+--- contrib/sendmail/src/parseaddr.c	3 Sep 2002 01:50:18 -0000	1.1.1.2.6.10
++++ contrib/sendmail/src/parseaddr.c	27 Feb 2003 21:42:37 -0000
+@@ -2508,7 +2508,7 @@
+ 	if (bitset(RF_CANONICAL, flags) || bitnset(M_NOCOMMENT, m->m_flags))
+ 		fancy = "\201g";
+ 	else
+-		fancy = crackaddr(name);
++		fancy = crackaddr(name, e);
+ 
+ 	/*
+ 	**  Turn the name into canonical form.
+Index: contrib/sendmail/src/sendmail.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sendmail.h,v
+retrieving revision 1.1.1.4.2.12
+diff -u -r1.1.1.4.2.12 sendmail.h
+--- contrib/sendmail/src/sendmail.h	3 Sep 2002 01:50:19 -0000	1.1.1.4.2.12
++++ contrib/sendmail/src/sendmail.h	27 Feb 2003 21:42:38 -0000
+@@ -325,7 +325,7 @@
+ 
+ /* functions */
+ extern void	cataddr __P((char **, char **, char *, int, int));
+-extern char	*crackaddr __P((char *));
++extern char	*crackaddr __P((char *, ENVELOPE *));
+ extern bool	emptyaddr __P((ADDRESS *));
+ extern ADDRESS	*getctladdr __P((ADDRESS *));
+ extern int	include __P((char *, bool, ADDRESS *, ADDRESS **, int, ENVELOPE *));
diff --git a/share/security/patches/SA-03:04/sendmail.patch.asc b/share/security/patches/SA-03:04/sendmail.patch.asc
new file mode 100644
index 0000000000..455cdc4fc1
--- /dev/null
+++ b/share/security/patches/SA-03:04/sendmail.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+YmKDFdaIBMps37IRAgJKAJ4hukqFQ6IXwmjGqfgrUNCs3LuhiACdFpUP
+I3vLb9CMFus0GiAFGUqyAWY=
+=jbnV
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:05/xdr-4.patch b/share/security/patches/SA-03:05/xdr-4.patch
new file mode 100644
index 0000000000..cd39c94828
--- /dev/null
+++ b/share/security/patches/SA-03:05/xdr-4.patch
@@ -0,0 +1,102 @@
+Index: include/rpc/xdr.h
+===================================================================
+RCS file: /home/ncvs/src/include/rpc/xdr.h,v
+retrieving revision 1.14
+diff -u -r1.14 xdr.h
+--- include/rpc/xdr.h	29 Dec 1999 05:00:44 -0000	1.14
++++ include/rpc/xdr.h	20 Mar 2003 00:33:27 -0000
+@@ -118,7 +118,7 @@
+ 	caddr_t 	x_public;	/* users' data */
+ 	caddr_t		x_private;	/* pointer to private data */
+ 	caddr_t 	x_base;		/* private used for position info */
+-	int		x_handy;	/* extra private word */
++	u_int		x_handy;	/* extra private word */
+ } XDR;
+ 
+ /*
+Index: lib/libc/xdr/xdr_mem.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/xdr/xdr_mem.c,v
+retrieving revision 1.8
+diff -u -r1.8 xdr_mem.c
+--- lib/libc/xdr/xdr_mem.c	28 Aug 1999 00:02:56 -0000	1.8
++++ lib/libc/xdr/xdr_mem.c	20 Mar 2003 00:33:27 -0000
+@@ -115,8 +115,9 @@
+ 	long *lp;
+ {
+ 
+-	if ((xdrs->x_handy -= sizeof(int32_t)) < 0)
++	if (xdrs->x_handy < sizeof(int32_t))
+ 		return (FALSE);
++	xdrs->x_handy -= sizeof(int32_t);
+ 	*lp = ntohl(*(int32_t *)(xdrs->x_private));
+ 	xdrs->x_private += sizeof(int32_t);
+ 	return (TRUE);
+@@ -128,8 +129,9 @@
+ 	long *lp;
+ {
+ 
+-	if ((xdrs->x_handy -= sizeof(int32_t)) < 0)
++	if (xdrs->x_handy < sizeof(int32_t))
+ 		return (FALSE);
++	xdrs->x_handy -= sizeof(int32_t);
+ 	*(int32_t *)xdrs->x_private = htonl(*lp);
+ 	xdrs->x_private += sizeof(int32_t);
+ 	return (TRUE);
+@@ -142,8 +144,9 @@
+ {
+ 	int32_t l;
+ 
+-	if ((xdrs->x_handy -= sizeof(int32_t)) < 0)
++	if (xdrs->x_handy < sizeof(int32_t))
+ 		return (FALSE);
++	xdrs->x_handy -= sizeof(int32_t);
+ 	memcpy(&l, xdrs->x_private, sizeof(int32_t));
+ 	*lp = ntohl(l);
+ 	xdrs->x_private += sizeof(int32_t);
+@@ -157,8 +160,9 @@
+ {
+ 	int32_t l;
+ 
+-	if ((xdrs->x_handy -= sizeof(int32_t)) < 0)
++	if (xdrs->x_handy < sizeof(int32_t))
+ 		return (FALSE);
++	xdrs->x_handy -= sizeof(int32_t);
+ 	l = htonl(*lp);
+ 	memcpy(xdrs->x_private, &l, sizeof(int32_t));
+ 	xdrs->x_private += sizeof(int32_t);
+@@ -172,8 +176,9 @@
+ 	register u_int len;
+ {
+ 
+-	if ((xdrs->x_handy -= len) < 0)
++	if (xdrs->x_handy < len)
+ 		return (FALSE);
++	xdrs->x_handy -= len;
+ 	memcpy(addr, xdrs->x_private, len);
+ 	xdrs->x_private += len;
+ 	return (TRUE);
+@@ -186,8 +191,9 @@
+ 	register u_int len;
+ {
+ 
+-	if ((xdrs->x_handy -= len) < 0)
++	if (xdrs->x_handy < len)
+ 		return (FALSE);
++	xdrs->x_handy -= len;
+ 	memcpy(xdrs->x_private, addr, len);
+ 	xdrs->x_private += len;
+ 	return (TRUE);
+@@ -210,10 +216,10 @@
+ 	register caddr_t newaddr = xdrs->x_base + pos;
+ 	register caddr_t lastaddr = xdrs->x_private + xdrs->x_handy;
+ 
+-	if ((long)newaddr > (long)lastaddr)
++	if (newaddr > lastaddr)
+ 		return (FALSE);
+ 	xdrs->x_private = newaddr;
+-	xdrs->x_handy = (long)lastaddr - (long)newaddr;
++	xdrs->x_handy = (u_int)(lastaddr - newaddr); /* XXX sizeof(u_int) <? sizeof(ptrdiff_t) */
+ 	return (TRUE);
+ }
+ 
diff --git a/share/security/patches/SA-03:05/xdr-4.patch.asc b/share/security/patches/SA-03:05/xdr-4.patch.asc
new file mode 100644
index 0000000000..364d5625ec
--- /dev/null
+++ b/share/security/patches/SA-03:05/xdr-4.patch.asc
@@ -0,0 +1,8 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.0 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iD8DBQA+eRTiFdaIBMps37IRArUnAJ4t8g9808IBWg8Vev9114YtTZsCLQCgk8oc
+io1gp61fXPBUbWd0qmkQ5No=
+=w0q3
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:05/xdr-5.patch b/share/security/patches/SA-03:05/xdr-5.patch
new file mode 100644
index 0000000000..712f29e9a8
--- /dev/null
+++ b/share/security/patches/SA-03:05/xdr-5.patch
@@ -0,0 +1,102 @@
+Index: include/rpc/xdr.h
+===================================================================
+RCS file: /home/ncvs/src/include/rpc/xdr.h,v
+retrieving revision 1.21
+diff -u -r1.21 xdr.h
+--- include/rpc/xdr.h	28 Apr 2002 15:18:45 -0000	1.21
++++ include/rpc/xdr.h	20 Mar 2003 01:08:13 -0000
+@@ -121,7 +121,7 @@
+ 	char *	 	x_public;	/* users' data */
+ 	void *		x_private;	/* pointer to private data */
+ 	char * 		x_base;		/* private used for position info */
+-	int		x_handy;	/* extra private word */
++	u_int		x_handy;	/* extra private word */
+ } XDR;
+ 
+ /*
+Index: lib/libc/xdr/xdr_mem.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/xdr/xdr_mem.c,v
+retrieving revision 1.11
+diff -u -r1.11 xdr_mem.c
+--- lib/libc/xdr/xdr_mem.c	22 Mar 2002 21:53:26 -0000	1.11
++++ lib/libc/xdr/xdr_mem.c	20 Mar 2003 01:08:13 -0000
+@@ -126,8 +126,9 @@
+ 	long *lp;
+ {
+ 
+-	if ((xdrs->x_handy -= sizeof(int32_t)) < 0)
++	if (xdrs->x_handy < sizeof(int32_t))
+ 		return (FALSE);
++	xdrs->x_handy -= sizeof(int32_t);
+ 	*lp = ntohl(*(u_int32_t *)xdrs->x_private);
+ 	xdrs->x_private = (char *)xdrs->x_private + sizeof(int32_t);
+ 	return (TRUE);
+@@ -139,8 +140,9 @@
+ 	const long *lp;
+ {
+ 
+-	if ((xdrs->x_handy -= sizeof(int32_t)) < 0)
++	if (xdrs->x_handy < sizeof(int32_t))
+ 		return (FALSE);
++	xdrs->x_handy -= sizeof(int32_t);
+ 	*(u_int32_t *)xdrs->x_private = htonl((u_int32_t)*lp);
+ 	xdrs->x_private = (char *)xdrs->x_private + sizeof(int32_t);
+ 	return (TRUE);
+@@ -153,8 +155,9 @@
+ {
+ 	u_int32_t l;
+ 
+-	if ((xdrs->x_handy -= sizeof(int32_t)) < 0)
++	if (xdrs->x_handy < sizeof(int32_t))
+ 		return (FALSE);
++	xdrs->x_handy -= sizeof(int32_t);
+ 	memmove(&l, xdrs->x_private, sizeof(int32_t));
+ 	*lp = ntohl(l);
+ 	xdrs->x_private = (char *)xdrs->x_private + sizeof(int32_t);
+@@ -168,8 +171,9 @@
+ {
+ 	u_int32_t l;
+ 
+-	if ((xdrs->x_handy -= sizeof(int32_t)) < 0)
++	if (xdrs->x_handy < sizeof(int32_t))
+ 		return (FALSE);
++	xdrs->x_handy -= sizeof(int32_t);
+ 	l = htonl((u_int32_t)*lp);
+ 	memmove(xdrs->x_private, &l, sizeof(int32_t));
+ 	xdrs->x_private = (char *)xdrs->x_private + sizeof(int32_t);
+@@ -183,8 +187,9 @@
+ 	u_int len;
+ {
+ 
+-	if ((xdrs->x_handy -= len) < 0)
++	if (xdrs->x_handy < len)
+ 		return (FALSE);
++	xdrs->x_handy -= len;
+ 	memmove(addr, xdrs->x_private, len);
+ 	xdrs->x_private = (char *)xdrs->x_private + len;
+ 	return (TRUE);
+@@ -197,8 +202,9 @@
+ 	u_int len;
+ {
+ 
+-	if ((xdrs->x_handy -= len) < 0)
++	if (xdrs->x_handy < len)
+ 		return (FALSE);
++	xdrs->x_handy -= len;
+ 	memmove(xdrs->x_private, addr, len);
+ 	xdrs->x_private = (char *)xdrs->x_private + len;
+ 	return (TRUE);
+@@ -221,10 +227,10 @@
+ 	char *newaddr = xdrs->x_base + pos;
+ 	char *lastaddr = (char *)xdrs->x_private + xdrs->x_handy;
+ 
+-	if ((long)newaddr > (long)lastaddr)
++	if (newaddr > lastaddr)
+ 		return (FALSE);
+ 	xdrs->x_private = newaddr;
+-	xdrs->x_handy = (int)((long)lastaddr - (long)newaddr);
++	xdrs->x_handy = (u_int)(lastaddr - newaddr); /* XXX sizeof(u_int) <? sizeof(ptrdiff_t) */
+ 	return (TRUE);
+ }
+ 
diff --git a/share/security/patches/SA-03:05/xdr-5.patch.asc b/share/security/patches/SA-03:05/xdr-5.patch.asc
new file mode 100644
index 0000000000..9be1bf87ae
--- /dev/null
+++ b/share/security/patches/SA-03:05/xdr-5.patch.asc
@@ -0,0 +1,8 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.0 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iD8DBQA+eRTpFdaIBMps37IRAtmqAJwKhBAbisrEmalbXKnhXdrpwRSsrgCbBRsG
+L3GMM4Hj0mSMJs6mXyfaijo=
+=c2Sa
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:06/openssl.patch b/share/security/patches/SA-03:06/openssl.patch
new file mode 100644
index 0000000000..7081d256b8
--- /dev/null
+++ b/share/security/patches/SA-03:06/openssl.patch
@@ -0,0 +1,135 @@
+Index: crypto/openssl/crypto/rsa/rsa_eay.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_eay.c,v
+retrieving revision 1.10
+diff -u -r1.10 rsa_eay.c
+--- crypto/openssl/crypto/rsa/rsa_eay.c	19 Feb 2003 23:24:16 -0000	1.10
++++ crypto/openssl/crypto/rsa/rsa_eay.c	20 Mar 2003 14:01:30 -0000
+@@ -195,6 +195,25 @@
+ 	return(r);
+ 	}
+ 
++static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
++	{
++	int ret = 1;
++	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
++	/* Check again inside the lock - the macro's check is racey */
++	if(rsa->blinding == NULL)
++		ret = RSA_blinding_on(rsa, ctx);
++	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
++	return ret;
++	}
++
++#define BLINDING_HELPER(rsa, ctx, err_instr) \
++	do { \
++		if(((rsa)->flags & RSA_FLAG_BLINDING) && \
++				((rsa)->blinding == NULL) && \
++				!rsa_eay_blinding(rsa, ctx)) \
++			err_instr \
++	} while(0)
++
+ /* signing */
+ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ 	     unsigned char *to, RSA *rsa, int padding)
+@@ -239,8 +258,8 @@
+ 		goto err;
+ 		}
+ 
+-	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+-		RSA_blinding_on(rsa,ctx);
++	BLINDING_HELPER(rsa, ctx, goto err;);
++
+ 	if (rsa->flags & RSA_FLAG_BLINDING)
+ 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+ 
+@@ -318,8 +337,8 @@
+ 		goto err;
+ 		}
+ 
+-	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+-		RSA_blinding_on(rsa,ctx);
++	BLINDING_HELPER(rsa, ctx, goto err;);
++
+ 	if (rsa->flags & RSA_FLAG_BLINDING)
+ 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+ 
+Index: crypto/openssl/crypto/rsa/rsa_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_lib.c,v
+retrieving revision 1.8
+diff -u -r1.8 rsa_lib.c
+--- crypto/openssl/crypto/rsa/rsa_lib.c	19 Feb 2003 23:24:16 -0000	1.8
++++ crypto/openssl/crypto/rsa/rsa_lib.c	20 Mar 2003 14:01:30 -0000
+@@ -72,7 +72,13 @@
+ 
+ RSA *RSA_new(void)
+ 	{
+-	return(RSA_new_method(NULL));
++	RSA *r=RSA_new_method(NULL);
++
++#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
++	r->flags|=RSA_FLAG_BLINDING;
++#endif
++
++	return r;
+ 	}
+ 
+ void RSA_set_default_method(const RSA_METHOD *meth)
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_srvr.c,v
+retrieving revision 1.1.1.10
+diff -u -r1.1.1.10 s3_srvr.c
+--- crypto/openssl/ssl/s3_srvr.c	28 Jan 2003 21:38:47 -0000	1.1.1.10
++++ crypto/openssl/ssl/s3_srvr.c	20 Mar 2003 14:01:31 -0000
+@@ -1447,7 +1447,7 @@
+ 		if (i != SSL_MAX_MASTER_KEY_LENGTH)
+ 			{
+ 			al=SSL_AD_DECODE_ERROR;
+-			SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT);
++			/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); */
+ 			}
+ 
+ 		if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff))))
+@@ -1463,30 +1463,29 @@
+ 				(p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff))))
+ 				{
+ 				al=SSL_AD_DECODE_ERROR;
+-				SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER);
+-				goto f_err;
++				/* SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); */
++
++				/* The Klima-Pokorny-Rosa extension of Bleichenbacher's attack
++				 * (http://eprint.iacr.org/2003/052/) exploits the version
++				 * number check as a "bad version oracle" -- an alert would
++				 * reveal that the plaintext corresponding to some ciphertext
++				 * made up by the adversary is properly formatted except
++				 * that the version number is wrong.  To avoid such attacks,
++				 * we should treat this just like any other decryption error. */
++				p[0] = (char)(int) "CAN-2003-0131 patch 2003-03-19";
+ 				}
+ 			}
+ 
+ 		if (al != -1)
+ 			{
+-#if 0
+-			goto f_err;
+-#else
+ 			/* Some decryption failure -- use random value instead as countermeasure
+ 			 * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding
+-			 * (see RFC 2246, section 7.4.7.1).
+-			 * But note that due to length and protocol version checking, the
+-			 * attack is impractical anyway (see section 5 in D. Bleichenbacher:
+-			 * "Chosen Ciphertext Attacks Against Protocols Based on the RSA
+-			 * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12).
+-			 */
++			 * (see RFC 2246, section 7.4.7.1). */
+ 			ERR_clear_error();
+ 			i = SSL_MAX_MASTER_KEY_LENGTH;
+ 			p[0] = s->client_version >> 8;
+ 			p[1] = s->client_version & 0xff;
+ 			RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */
+-#endif
+ 			}
+ 	
+ 		s->session->master_key_length=
diff --git a/share/security/patches/SA-03:06/openssl.patch.asc b/share/security/patches/SA-03:06/openssl.patch.asc
new file mode 100644
index 0000000000..05eed470a2
--- /dev/null
+++ b/share/security/patches/SA-03:06/openssl.patch.asc
@@ -0,0 +1,8 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.0 (FreeBSD)
+Comment: FreeBSD: The Power To Serve
+
+iD8DBQA+ecu1FdaIBMps37IRAq7LAJ9ZHGZvmZNvx0aA8n+HNTbu7SkodACgm60S
+WDCRfB1z1+b4gOmHuYJksUc=
+=0p3v
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz b/share/security/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz
new file mode 100644
index 0000000000..d1c71ca442
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz
diff --git a/share/security/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz.asc b/share/security/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz.asc
new file mode 100644
index 0000000000..69861c7be4
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-4.6-i386-crypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+h0+SFdaIBMps37IRAsLFAKCcortUGNHr8fLRjjtOJ5Ifc95jbgCbBgyc
+F1fxudcvfxe8cZtcVd0wJnA=
+=2ml2
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz b/share/security/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz
new file mode 100644
index 0000000000..5c01920dbd
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz
diff --git a/share/security/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz.asc b/share/security/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz.asc
new file mode 100644
index 0000000000..81a96ea8e2
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-4.6-i386-nocrypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+h0+UFdaIBMps37IRAvmdAKCYOkSy+uRc2RG8lg74SYtfPUSuWwCfW7O/
+GWTTYx/9oY6OvqERa/qai3A=
+=CpS2
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz b/share/security/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz
new file mode 100644
index 0000000000..26696142f4
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz
diff --git a/share/security/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz.asc b/share/security/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz.asc
new file mode 100644
index 0000000000..ce8a175335
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-4.7-i386-crypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+h0aKFdaIBMps37IRAkCCAJ4seTtonFZ7BCSaA8LCex3P7a31wACfXGLe
+5HER7fnwPwB1poWqoVYDDdQ=
+=VqJ4
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz b/share/security/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz
new file mode 100644
index 0000000000..f98754fd23
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz
diff --git a/share/security/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz.asc b/share/security/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz.asc
new file mode 100644
index 0000000000..8b87b93798
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-4.7-i386-nocrypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+h0aMFdaIBMps37IRAqCPAKCGiGiXZnHJ9cjQyKZRh8QeyCHyoACcDyBt
+oymyIqOfSG7PAbUp1RUX2y4=
+=bwIQ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz b/share/security/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz
new file mode 100644
index 0000000000..b26d6a0506
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz
diff --git a/share/security/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz.asc b/share/security/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz.asc
new file mode 100644
index 0000000000..d19141fb9f
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-5.0-i386-crypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+h0aPFdaIBMps37IRAjvJAJwMEkn+ARcprA6J5X+ZhMZdElej0wCfdrBD
+JpEF8XJ9hxpfLORH733NpCc=
+=5Lxj
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz b/share/security/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz
new file mode 100644
index 0000000000..dcb15b08a9
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz
diff --git a/share/security/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz.asc b/share/security/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz.asc
new file mode 100644
index 0000000000..beed699281
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail-5.0-i386-nocrypto.bin.gz.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+h0aSFdaIBMps37IRAjErAJ9E5eSxpn0jYkLHhikYCkUhbVdIRgCfYjAH
+4qBblobZ1zS4DBJNZdZAWKM=
+=Jgtx
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:07/sendmail.patch b/share/security/patches/SA-03:07/sendmail.patch
new file mode 100644
index 0000000000..325b95d496
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail.patch
@@ -0,0 +1,107 @@
+Index: contrib/sendmail/src/conf.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/conf.c,v
+retrieving revision 1.5.2.11
+retrieving revision 1.5.2.11.2.1
+diff -c -r1.5.2.11 -r1.5.2.11.2.1
+*** contrib/sendmail/src/conf.c	3 Sep 2002 01:50:15 -0000	1.5.2.11
+--- contrib/sendmail/src/conf.c	29 Mar 2003 20:13:03 -0000	1.5.2.11.2.1
+***************
+*** 332,337 ****
+--- 332,339 ----
+  	DontProbeInterfaces = DPI_PROBEALL;
+  	DoubleBounceAddr = "postmaster";
+  	MaxHeadersLength = MAXHDRSLEN;
++ 	MaxMimeHeaderLength = MAXLINE;
++ 	MaxMimeFieldLength = MaxMimeHeaderLength / 2;
+  	MaxForwardEntries = 0;
+  	FastSplit = 1;
+  #if SASL
+Index: contrib/sendmail/src/parseaddr.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/parseaddr.c,v
+retrieving revision 1.1.1.2.6.10.2.1
+retrieving revision 1.1.1.2.6.10.2.2
+diff -c -r1.1.1.2.6.10.2.1 -r1.1.1.2.6.10.2.2
+*** contrib/sendmail/src/parseaddr.c	3 Mar 2003 17:20:23 -0000	1.1.1.2.6.10.2.1
+--- contrib/sendmail/src/parseaddr.c	29 Mar 2003 20:13:04 -0000	1.1.1.2.6.10.2.2
+***************
+*** 608,614 ****
+  };
+  
+  
+! #define NOCHAR		-1	/* signal nothing in lookahead token */
+  
+  char **
+  prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
+--- 608,614 ----
+  };
+  
+  
+! #define NOCHAR		(-1)	/* signal nothing in lookahead token */
+  
+  char **
+  prescan(addr, delim, pvpbuf, pvpbsize, delimptr, toktab)
+***************
+*** 694,699 ****
+--- 694,700 ----
+  				/* see if there is room */
+  				if (q >= &pvpbuf[pvpbsize - 5])
+  				{
++ 	addrtoolong:
+  					usrerr("553 5.1.1 Address too long");
+  					if (strlen(addr) > MAXNAME)
+  						addr[MAXNAME] = '\0';
+***************
+*** 705,715 ****
+  				}
+  
+  				/* squirrel it away */
+  				*q++ = c;
+  			}
+  
+  			/* read a new input character */
+! 			c = *p++;
+  			if (c == '\0')
+  			{
+  				/* diagnose and patch up bad syntax */
+--- 706,720 ----
+  				}
+  
+  				/* squirrel it away */
++ #if !ALLOW_255
++ 				if ((char) c == (char) -1 && !tTd(82, 101))
++ 					c &= 0x7f;
++ #endif /* !ALLOW_255 */
+  				*q++ = c;
+  			}
+  
+  			/* read a new input character */
+! 			c = (*p++) & 0x00ff;
+  			if (c == '\0')
+  			{
+  				/* diagnose and patch up bad syntax */
+***************
+*** 764,769 ****
+--- 769,777 ----
+  				}
+  				else if (c != '!' || state == QST)
+  				{
++ 					/* see if there is room */
++ 					if (q >= &pvpbuf[pvpbsize - 5])
++ 						goto addrtoolong;
+  					*q++ = '\\';
+  					continue;
+  				}
+***************
+*** 849,854 ****
+--- 857,865 ----
+  		/* new token */
+  		if (tok != q)
+  		{
++ 			/* see if there is room */
++ 			if (q >= &pvpbuf[pvpbsize - 5])
++ 				goto addrtoolong;
+  			*q++ = '\0';
+  			if (tTd(22, 36))
+  			{
diff --git a/share/security/patches/SA-03:07/sendmail.patch.asc b/share/security/patches/SA-03:07/sendmail.patch.asc
new file mode 100644
index 0000000000..c8981738c3
--- /dev/null
+++ b/share/security/patches/SA-03:07/sendmail.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.1 (FreeBSD)
+
+iD8DBQA+iHtrFdaIBMps37IRAv2fAJ4rJAboZa4zIi9klGwNJOPqswIoVACfcOP1
+B+zFVGWgovG6J2FXTnz7KPc=
+=0wng
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:08/realpath.patch b/share/security/patches/SA-03:08/realpath.patch
new file mode 100644
index 0000000000..023c5f5cf4
--- /dev/null
+++ b/share/security/patches/SA-03:08/realpath.patch
@@ -0,0 +1,25 @@
+Index: lib/libc/stdlib/realpath.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/stdlib/realpath.c,v
+retrieving revision 1.9
+diff -c -c -r1.9 realpath.c
+*** lib/libc/stdlib/realpath.c	27 Jan 2000 23:06:50 -0000	1.9
+--- lib/libc/stdlib/realpath.c	3 Aug 2003 17:21:20 -0000
+***************
+*** 138,144 ****
+  		rootd = 0;
+  
+  	if (*wbuf) {
+! 		if (strlen(resolved) + strlen(wbuf) + rootd + 1 > MAXPATHLEN) {
+  			errno = ENAMETOOLONG;
+  			goto err1;
+  		}
+--- 138,145 ----
+  		rootd = 0;
+  
+  	if (*wbuf) {
+! 		if (strlen(resolved) + strlen(wbuf) + (1-rootd) + 1 >
+! 		    MAXPATHLEN) {
+  			errno = ENAMETOOLONG;
+  			goto err1;
+  		}
diff --git a/share/security/patches/SA-03:08/realpath.patch.asc b/share/security/patches/SA-03:08/realpath.patch.asc
new file mode 100644
index 0000000000..d144e8052c
--- /dev/null
+++ b/share/security/patches/SA-03:08/realpath.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQA/LU76FdaIBMps37IRAsB3AJ4q9xWtENWOleRyWiql9aDUOJB95gCcCqAl
+Y+DHyjALtLSHAC6Lro5uXOY=
+=lAcD
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:09/signal47.patch b/share/security/patches/SA-03:09/signal47.patch
new file mode 100644
index 0000000000..43231324ac
--- /dev/null
+++ b/share/security/patches/SA-03:09/signal47.patch
@@ -0,0 +1,43 @@
+Index: sys/i386/isa/spigot.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/isa/spigot.c,v
+retrieving revision 1.44
+diff -c -p -r1.44 spigot.c
+*** sys/i386/isa/spigot.c	29 Jan 2000 16:17:36 -0000	1.44
+--- sys/i386/isa/spigot.c	7 Aug 2003 14:50:09 -0000
+*************** struct	spigot_info	*info;
+*** 221,226 ****
+--- 221,228 ----
+  	if(!data) return(EINVAL);
+  	switch(cmd){
+  	case	SPIGOT_SETINT:
++ 		if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
++ 			return (EINVAL);
+  		ss->p = p;
+  		ss->signal_num = *((int *)data);
+  		break;
+Index: sys/kern/sys_process.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/sys_process.c,v
+retrieving revision 1.51.2.4
+diff -c -p -r1.51.2.4 sys_process.c
+*** sys/kern/sys_process.c	17 Jun 2002 19:23:41 -0000	1.51.2.4
+--- sys/kern/sys_process.c	7 Aug 2003 14:50:40 -0000
+*************** ptrace(curp, uap)
+*** 338,344 ****
+  	case PT_STEP:
+  	case PT_CONTINUE:
+  	case PT_DETACH:
+! 		if ((uap->req != PT_STEP) && ((unsigned)uap->data >= NSIG))
+  			return EINVAL;
+  
+  		PHOLD(p);
+--- 338,345 ----
+  	case PT_STEP:
+  	case PT_CONTINUE:
+  	case PT_DETACH:
+! 		/* Zero means do not send any signal */
+! 		if (uap->data < 0 || uap->data > _SIG_MAXSIG)
+  			return EINVAL;
+  
+  		PHOLD(p);
diff --git a/share/security/patches/SA-03:09/signal47.patch.asc b/share/security/patches/SA-03:09/signal47.patch.asc
new file mode 100644
index 0000000000..6fb7035d7d
--- /dev/null
+++ b/share/security/patches/SA-03:09/signal47.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQA/N23lFdaIBMps37IRAt9fAJ4/xeQRC8LpTzNGuGnnCyIzIAzVEQCfcBnB
+GNeHRUo0WhyYss3oDadbYqo=
+=0Vyn
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:09/signal4s.patch b/share/security/patches/SA-03:09/signal4s.patch
new file mode 100644
index 0000000000..cf93238e81
--- /dev/null
+++ b/share/security/patches/SA-03:09/signal4s.patch
@@ -0,0 +1,43 @@
+Index: sys/i386/isa/spigot.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/isa/spigot.c,v
+retrieving revision 1.44
+diff -c -p -r1.44 spigot.c
+*** sys/i386/isa/spigot.c	29 Jan 2000 16:17:36 -0000	1.44
+--- sys/i386/isa/spigot.c	6 Aug 2003 21:23:07 -0000
+*************** struct	spigot_info	*info;
+*** 221,226 ****
+--- 221,228 ----
+  	if(!data) return(EINVAL);
+  	switch(cmd){
+  	case	SPIGOT_SETINT:
++ 		if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
++ 			return (EINVAL);
+  		ss->p = p;
+  		ss->signal_num = *((int *)data);
+  		break;
+Index: sys/kern/sys_process.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/sys_process.c,v
+retrieving revision 1.51.2.6
+diff -c -p -r1.51.2.6 sys_process.c
+*** sys/kern/sys_process.c	8 Jan 2003 03:06:45 -0000	1.51.2.6
+--- sys/kern/sys_process.c	6 Aug 2003 23:16:32 -0000
+*************** kern_ptrace(struct proc *curp, int req, 
+*** 404,410 ****
+  	case PT_STEP:
+  	case PT_CONTINUE:
+  	case PT_DETACH:
+! 		if ((req != PT_STEP) && ((unsigned)data > _SIG_MAXSIG))
+  			return EINVAL;
+  
+  		PHOLD(p);
+--- 404,411 ----
+  	case PT_STEP:
+  	case PT_CONTINUE:
+  	case PT_DETACH:
+! 		/* Zero means do not send any signal */
+! 		if (data < 0 || data > _SIG_MAXSIG)
+  			return EINVAL;
+  
+  		PHOLD(p);
diff --git a/share/security/patches/SA-03:09/signal4s.patch.asc b/share/security/patches/SA-03:09/signal4s.patch.asc
new file mode 100644
index 0000000000..386fb84e98
--- /dev/null
+++ b/share/security/patches/SA-03:09/signal4s.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQA/NtdXFdaIBMps37IRArnmAJ4hWNm6Ir/qmMpQPTVSsxjfkzPWmQCfTLnz
+D3C47iILLS4vYC9XmZ88n8Q=
+=aZxv
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:09/signal50.patch b/share/security/patches/SA-03:09/signal50.patch
new file mode 100644
index 0000000000..08096c213e
--- /dev/null
+++ b/share/security/patches/SA-03:09/signal50.patch
@@ -0,0 +1,71 @@
+Index: sys/i386/isa/spigot.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/isa/spigot.c,v
+retrieving revision 1.55
+diff -c -r1.55 spigot.c
+*** sys/i386/isa/spigot.c	1 Apr 2002 21:30:42 -0000	1.55
+--- sys/i386/isa/spigot.c	10 Aug 2003 23:16:30 -0000
+***************
+*** 227,232 ****
+--- 227,234 ----
+  	if(!data) return(EINVAL);
+  	switch(cmd){
+  	case	SPIGOT_SETINT:
++ 		if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
++ 			return EINVAL;
+  		ss->p = td->td_proc;
+  		ss->signal_num = *((int *)data);
+  		break;
+Index: sys/kern/kern_sig.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_sig.c,v
+retrieving revision 1.197
+diff -c -r1.197 kern_sig.c
+*** sys/kern/kern_sig.c	25 Oct 2002 19:10:57 -0000	1.197
+--- sys/kern/kern_sig.c	10 Aug 2003 23:16:32 -0000
+***************
+*** 1343,1351 ****
+  	struct thread *td;
+  	register int prop;
+  
+! 
+! 	KASSERT(_SIG_VALID(sig),
+! 	    ("psignal(): invalid signal %d\n", sig));
+  
+  	PROC_LOCK_ASSERT(p, MA_OWNED);
+  	KNOTE(&p->p_klist, NOTE_SIGNAL | sig);
+--- 1343,1350 ----
+  	struct thread *td;
+  	register int prop;
+  
+! 	if (!_SIG_VALID(sig))
+! 	    panic("psignal(): invalid signal");
+  
+  	PROC_LOCK_ASSERT(p, MA_OWNED);
+  	KNOTE(&p->p_klist, NOTE_SIGNAL | sig);
+Index: sys/kern/sys_process.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/sys_process.c,v
+retrieving revision 1.104
+diff -c -r1.104 sys_process.c
+*** sys/kern/sys_process.c	16 Oct 2002 16:28:33 -0000	1.104
+--- sys/kern/sys_process.c	10 Aug 2003 23:16:32 -0000
+***************
+*** 547,554 ****
+  	case PT_STEP:
+  	case PT_CONTINUE:
+  	case PT_DETACH:
+! 		/* XXX data is used even in the PT_STEP case. */
+! 		if (req != PT_STEP && (unsigned)data > _SIG_MAXSIG) {
+  			error = EINVAL;
+  			goto fail;
+  		}
+--- 547,554 ----
+  	case PT_STEP:
+  	case PT_CONTINUE:
+  	case PT_DETACH:
+! 		/* Zero means do not send any signal */
+! 		if (data < 0 || data > _SIG_MAXSIG) {
+  			error = EINVAL;
+  			goto fail;
+  		}
diff --git a/share/security/patches/SA-03:09/signal50.patch.asc b/share/security/patches/SA-03:09/signal50.patch.asc
new file mode 100644
index 0000000000..e5af88926d
--- /dev/null
+++ b/share/security/patches/SA-03:09/signal50.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQA/NtdXFdaIBMps37IRAmarAJ4lTMsfXlY/4qgAD8PsBPoy0qexDgCfegIR
+sohny1r4S4B7C0bxeXP/bAw=
+=QJiE
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:09/signal51.patch b/share/security/patches/SA-03:09/signal51.patch
new file mode 100644
index 0000000000..5892721ca0
--- /dev/null
+++ b/share/security/patches/SA-03:09/signal51.patch
@@ -0,0 +1,82 @@
+Index: sys/i386/isa/spigot.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/isa/spigot.c,v
+retrieving revision 1.59
+diff -c -p -r1.59 spigot.c
+*** sys/i386/isa/spigot.c	2 Jun 2003 16:32:55 -0000	1.59
+--- sys/i386/isa/spigot.c	5 Aug 2003 23:46:41 -0000
+*************** struct	spigot_info	*info;
+*** 222,227 ****
+--- 222,229 ----
+  	if(!data) return(EINVAL);
+  	switch(cmd){
+  	case	SPIGOT_SETINT:
++ 		if (*(int *)data < 0 || *(int *)data > _SIG_MAXSIG)
++ 			return EINVAL;
+  		ss->p = td->td_proc;
+  		ss->signal_num = *((int *)data);
+  		break;
+Index: sys/kern/kern_sig.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_sig.c,v
+retrieving revision 1.256
+diff -c -p -r1.256 kern_sig.c
+*** sys/kern/kern_sig.c	30 Jul 2003 23:11:37 -0000	1.256
+--- sys/kern/kern_sig.c	5 Aug 2003 22:43:07 -0000
+*************** psignal(struct proc *p, int sig)
+*** 1629,1634 ****
+--- 1629,1637 ----
+  	struct thread *td;
+  	int prop;
+  
++ 	if (!_SIG_VALID(sig))
++ 		panic("psignal(): invalid signal");
++ 
+  	PROC_LOCK_ASSERT(p, MA_OWNED);
+  	prop = sigprop(sig);
+  
+*************** do_tdsignal(struct thread *td, int sig, 
+*** 1673,1680 ****
+  	register int prop;
+  	struct sigacts *ps;
+  
+! 	KASSERT(_SIG_VALID(sig),
+! 	    ("tdsignal(): invalid signal %d\n", sig));
+  
+  	p = td->td_proc;
+  	ps = p->p_sigacts;
+--- 1676,1683 ----
+  	register int prop;
+  	struct sigacts *ps;
+  
+! 	if (!_SIG_VALID(sig))
+! 		panic("do_tdsignal(): invalid signal");
+  
+  	p = td->td_proc;
+  	ps = p->p_sigacts;
+Index: sys/kern/sys_process.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/sys_process.c,v
+retrieving revision 1.111
+diff -c -p -r1.111 sys_process.c
+*** sys/kern/sys_process.c	2 Aug 2003 17:08:21 -0000	1.111
+--- sys/kern/sys_process.c	5 Aug 2003 22:56:41 -0000
+*************** kern_ptrace(struct thread *td, int req, 
+*** 550,557 ****
+  	case PT_STEP:
+  	case PT_CONTINUE:
+  	case PT_DETACH:
+! 		/* XXX data is used even in the PT_STEP case. */
+! 		if (req != PT_STEP && (unsigned)data > _SIG_MAXSIG) {
+  			error = EINVAL;
+  			goto fail;
+  		}
+--- 550,557 ----
+  	case PT_STEP:
+  	case PT_CONTINUE:
+  	case PT_DETACH:
+! 		/* Zero means do not send any signal */
+! 		if (data < 0 || data > _SIG_MAXSIG) {
+  			error = EINVAL;
+  			goto fail;
+  		}
diff --git a/share/security/patches/SA-03:09/signal51.patch.asc b/share/security/patches/SA-03:09/signal51.patch.asc
new file mode 100644
index 0000000000..54fba3eea8
--- /dev/null
+++ b/share/security/patches/SA-03:09/signal51.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQA/NtdYFdaIBMps37IRAu2uAKCepAxVOotBsWMPYW1sOoaEIfwYogCeOBdN
+UVMwmwhl2mKWVXH171QFXHM=
+=CwRF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:10/ibcs2.patch b/share/security/patches/SA-03:10/ibcs2.patch
new file mode 100644
index 0000000000..fc4a4bac7f
--- /dev/null
+++ b/share/security/patches/SA-03:10/ibcs2.patch
@@ -0,0 +1,20 @@
+Index: sys/i386/ibcs2/ibcs2_stat.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/ibcs2/ibcs2_stat.c,v
+retrieving revision 1.23
+diff -c -p -r1.23 ibcs2_stat.c
+*** sys/i386/ibcs2/ibcs2_stat.c	22 Jun 2003 08:41:42 -0000	1.23
+--- sys/i386/ibcs2/ibcs2_stat.c	7 Aug 2003 17:50:44 -0000
+*************** cvt_statfs(sp, buf, len)
+*** 83,88 ****
+--- 83,92 ----
+  {
+  	struct ibcs2_statfs ssfs;
+  
++ 	if (len < 0)
++ 		return (EINVAL);
++ 	else if (len > sizeof(ssfs))
++ 		len = sizeof(ssfs);
+  	bzero(&ssfs, sizeof ssfs);
+  	ssfs.f_fstyp = 0;
+  	ssfs.f_bsize = sp->f_bsize;
diff --git a/share/security/patches/SA-03:10/ibcs2.patch.asc b/share/security/patches/SA-03:10/ibcs2.patch.asc
new file mode 100644
index 0000000000..363b485b91
--- /dev/null
+++ b/share/security/patches/SA-03:10/ibcs2.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQA/NtdVFdaIBMps37IRAg+HAJ9iMjJYEnUw4whvypKFHhPnSajifwCfezju
+eP7kfwWTH1Up5rkWiWjq1LM=
+=k7EA
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:11/sendmail.patch b/share/security/patches/SA-03:11/sendmail.patch
new file mode 100644
index 0000000000..e11d071add
--- /dev/null
+++ b/share/security/patches/SA-03:11/sendmail.patch
@@ -0,0 +1,10 @@
+--- contrib/sendmail/src/sm_resolve.c.orig   Fri Jun 28 00:43:24 2002
++++ contrib/sendmail/src/sm_resolve.c        Thu Jul 10 01:21:17 2003
+@@ -233,6 +233,7 @@
+			dns_free_data(r);
+			return NULL;
+		}
++		memset(*rr, 0, sizeof(**rr));
+		(*rr)->rr_domain = sm_strdup(host);
+		if ((*rr)->rr_domain == NULL)
+		{
diff --git a/share/security/patches/SA-03:11/sendmail.patch.asc b/share/security/patches/SA-03:11/sendmail.patch.asc
new file mode 100644
index 0000000000..5672ef66d6
--- /dev/null
+++ b/share/security/patches/SA-03:11/sendmail.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.2 (FreeBSD)
+
+iD8DBQA/Sop3FdaIBMps37IRAuobAJ4md1/1Er7ekPOdbItaY2/nSAIClACdH4LZ
+p2+7np9l6ujwPPEKKmPVcF4=
+=dssv
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:12/buffer44.patch b/share/security/patches/SA-03:12/buffer44.patch
new file mode 100644
index 0000000000..3c21155bb4
--- /dev/null
+++ b/share/security/patches/SA-03:12/buffer44.patch
@@ -0,0 +1,319 @@
+Index: crypto/openssh/buffer.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/buffer.c,v
+retrieving revision 1.1.1.1.2.2
+retrieving revision 1.1.1.1.2.2.4.2
+diff -c -p -c -r1.1.1.1.2.2 -r1.1.1.1.2.2.4.2
+*** crypto/openssh/buffer.c	28 Oct 2000 23:00:47 -0000	1.1.1.1.2.2
+--- crypto/openssh/buffer.c	17 Sep 2003 14:57:32 -0000	1.1.1.1.2.2.4.2
+*************** RCSID("$OpenBSD: buffer.c,v 1.8 2000/09/
+*** 23,30 ****
+  void
+  buffer_init(Buffer *buffer)
+  {
+! 	buffer->alloc = 4096;
+! 	buffer->buf = xmalloc(buffer->alloc);
+  	buffer->offset = 0;
+  	buffer->end = 0;
+  }
+--- 23,33 ----
+  void
+  buffer_init(Buffer *buffer)
+  {
+! 	const u_int len = 4096;
+! 
+! 	buffer->alloc = 0;
+! 	buffer->buf = xmalloc(len);
+! 	buffer->alloc = len;
+  	buffer->offset = 0;
+  	buffer->end = 0;
+  }
+*************** buffer_init(Buffer *buffer)
+*** 34,41 ****
+  void
+  buffer_free(Buffer *buffer)
+  {
+! 	memset(buffer->buf, 0, buffer->alloc);
+! 	xfree(buffer->buf);
+  }
+  
+  /*
+--- 37,46 ----
+  void
+  buffer_free(Buffer *buffer)
+  {
+! 	if (buffer->alloc > 0) {
+! 		memset(buffer->buf, 0, buffer->alloc);
+! 		xfree(buffer->buf);
+! 	}
+  }
+  
+  /*
+*************** buffer_append(Buffer *buffer, const char
+*** 69,74 ****
+--- 74,81 ----
+  void
+  buffer_append_space(Buffer *buffer, char **datap, unsigned int len)
+  {
++ 	u_int	newlen;
++ 
+  	/* If the buffer is empty, start using it from the beginning. */
+  	if (buffer->offset == buffer->end) {
+  		buffer->offset = 0;
+*************** restart:
+*** 93,100 ****
+  		goto restart;
+  	}
+  	/* Increase the size of the buffer and retry. */
+! 	buffer->alloc += len + 32768;
+! 	buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+  	goto restart;
+  }
+  
+--- 100,111 ----
+  		goto restart;
+  	}
+  	/* Increase the size of the buffer and retry. */
+! 	newlen = buffer->alloc + len + 32768;
+! 	if (newlen > 0xa00000)
+! 		fatal("buffer_append_space: alloc %u not supported",
+! 		    newlen);
+! 	buffer->buf = xrealloc(buffer->buf, newlen);
+! 	buffer->alloc = newlen;
+  	goto restart;
+  }
+  
+Index: crypto/openssh/channels.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/channels.c,v
+retrieving revision 1.1.1.1.2.4.4.1
+retrieving revision 1.1.1.1.2.4.4.2
+diff -c -p -c -r1.1.1.1.2.4.4.1 -r1.1.1.1.2.4.4.2
+*** crypto/openssh/channels.c	7 Mar 2002 14:34:17 -0000	1.1.1.1.2.4.4.1
+--- crypto/openssh/channels.c	17 Sep 2003 14:57:32 -0000	1.1.1.1.2.4.4.2
+*************** channel_new(char *ctype, int type, int r
+*** 251,259 ****
+  	if (found == -1) {
+  		/* There are no free slots.  Take last+1 slot and expand the array.  */
+  		found = channels_alloc;
+  		channels_alloc += 10;
+  		debug2("channel: expanding %d", channels_alloc);
+- 		channels = xrealloc(channels, channels_alloc * sizeof(Channel));
+  		for (i = found; i < channels_alloc; i++)
+  			channels[i].type = SSH_CHANNEL_FREE;
+  	}
+--- 251,263 ----
+  	if (found == -1) {
+  		/* There are no free slots.  Take last+1 slot and expand the array.  */
+  		found = channels_alloc;
++ 		if (channels_alloc > 10000)
++ 			fatal("channel_new: internal error: channels_alloc %d "
++ 			    "too big.", channels_alloc);
++ 		channels = xrealloc(channels,
++ 		    (channels_alloc + 10) * sizeof(Channel));
+  		channels_alloc += 10;
+  		debug2("channel: expanding %d", channels_alloc);
+  		for (i = found; i < channels_alloc; i++)
+  			channels[i].type = SSH_CHANNEL_FREE;
+  	}
+Index: crypto/openssh/deattack.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/deattack.c,v
+retrieving revision 1.1.1.1.2.2
+retrieving revision 1.1.1.1.2.2.4.1
+diff -c -p -c -r1.1.1.1.2.2 -r1.1.1.1.2.2.4.1
+*** crypto/openssh/deattack.c	12 Jan 2001 04:25:56 -0000	1.1.1.1.2.2
+--- crypto/openssh/deattack.c	17 Sep 2003 14:57:33 -0000	1.1.1.1.2.2.4.1
+*************** detect_attack(unsigned char *buf, u_int3
+*** 100,111 ****
+  
+  	if (h == NULL) {
+  		debug("Installing crc compensation attack detector.");
+  		n = l;
+- 		h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE);
+  	} else {
+  		if (l > n) {
+  			n = l;
+- 			h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE);
+  		}
+  	}
+  
+--- 100,111 ----
+  
+  	if (h == NULL) {
+  		debug("Installing crc compensation attack detector.");
++ 		h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
+  		n = l;
+  	} else {
+  		if (l > n) {
++ 			h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
+  			n = l;
+  		}
+  	}
+  
+Index: crypto/openssh/scp.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/scp.c,v
+retrieving revision 1.1.1.1.2.3
+retrieving revision 1.1.1.1.2.3.4.1
+diff -c -p -c -r1.1.1.1.2.3 -r1.1.1.1.2.3.4.1
+*** crypto/openssh/scp.c	12 Jan 2001 04:25:57 -0000	1.1.1.1.2.3
+--- crypto/openssh/scp.c	17 Sep 2003 14:57:33 -0000	1.1.1.1.2.3.4.1
+*************** addargs(char *fmt, ...)
+*** 1217,1234 ****
+  {
+  	va_list ap;
+  	char buf[1024];
+  
+  	va_start(ap, fmt);
+  	vsnprintf(buf, sizeof(buf), fmt, ap);
+  	va_end(ap);
+  
+  	if (args.list == NULL) {
+! 		args.nalloc = 32;
+  		args.num = 0;
+! 		args.list = xmalloc(args.nalloc * sizeof(char *));
+  	} else if (args.num+2 >= args.nalloc) {
+! 		args.nalloc *= 2;
+! 		args.list = xrealloc(args.list, args.nalloc * sizeof(char *));
+  	}
+  	args.list[args.num++] = xstrdup(buf);
+  	args.list[args.num] = NULL;
+--- 1217,1237 ----
+  {
+  	va_list ap;
+  	char buf[1024];
++ 	int nalloc;
+  
+  	va_start(ap, fmt);
+  	vsnprintf(buf, sizeof(buf), fmt, ap);
+  	va_end(ap);
+  
+  	if (args.list == NULL) {
+! 		nalloc = 32;
+  		args.num = 0;
+! 		args.list = xmalloc(nalloc * sizeof(char *));
+! 		args.nalloc = nalloc;
+  	} else if (args.num+2 >= args.nalloc) {
+! 		nalloc = args.nalloc * 2;
+! 		args.list = xrealloc(args.list, nalloc * sizeof(char *));
+! 		args.nalloc = nalloc;
+  	}
+  	args.list[args.num++] = xstrdup(buf);
+  	args.list[args.num] = NULL;
+Index: crypto/openssh/session.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/session.c,v
+retrieving revision 1.4.2.8.4.1
+retrieving revision 1.4.2.8.4.2
+diff -c -p -c -r1.4.2.8.4.1 -r1.4.2.8.4.2
+*** crypto/openssh/session.c	3 Dec 2001 00:54:18 -0000	1.4.2.8.4.1
+--- crypto/openssh/session.c	17 Sep 2003 14:57:33 -0000	1.4.2.8.4.2
+*************** void
+*** 848,853 ****
+--- 848,854 ----
+  child_set_env(char ***envp, unsigned int *envsizep, const char *name,
+  	      const char *value)
+  {
++ 	u_int envsize;
+  	unsigned int i, namelen;
+  	char **env;
+  
+*************** child_set_env(char ***envp, unsigned int
+*** 866,874 ****
+  		xfree(env[i]);
+  	} else {
+  		/* New variable.  Expand if necessary. */
+! 		if (i >= (*envsizep) - 1) {
+! 			(*envsizep) += 50;
+! 			env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
+  		}
+  		/* Need to set the NULL pointer at end of array beyond the new slot. */
+  		env[i + 1] = NULL;
+--- 867,877 ----
+  		xfree(env[i]);
+  	} else {
+  		/* New variable.  Expand if necessary. */
+! 		envsize = *envsizep;
+! 		if (i >= envsize - 1) {
+! 			envsize += 50;
+! 			env = (*envp) = xrealloc(env, envsize * sizeof(char *));
+! 			*envsizep = envsize;
+  		}
+  		/* Need to set the NULL pointer at end of array beyond the new slot. */
+  		env[i + 1] = NULL;
+Index: crypto/openssh/ssh-agent.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh-agent.c,v
+retrieving revision 1.2.2.6
+retrieving revision 1.2.2.6.4.1
+diff -c -p -c -r1.2.2.6 -r1.2.2.6.4.1
+*** crypto/openssh/ssh-agent.c	12 Feb 2001 06:45:42 -0000	1.2.2.6
+--- crypto/openssh/ssh-agent.c	17 Sep 2003 14:57:33 -0000	1.2.2.6.4.1
+*************** process_message(SocketEntry *e)
+*** 515,521 ****
+  void
+  new_socket(int type, int fd)
+  {
+! 	unsigned int i, old_alloc;
+  	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
+  		error("fcntl O_NONBLOCK: %s", strerror(errno));
+  
+--- 515,521 ----
+  void
+  new_socket(int type, int fd)
+  {
+! 	unsigned int i, old_alloc, new_alloc;
+  	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
+  		error("fcntl O_NONBLOCK: %s", strerror(errno));
+  
+*************** new_socket(int type, int fd)
+*** 525,547 ****
+  	for (i = 0; i < sockets_alloc; i++)
+  		if (sockets[i].type == AUTH_UNUSED) {
+  			sockets[i].fd = fd;
+- 			sockets[i].type = type;
+  			buffer_init(&sockets[i].input);
+  			buffer_init(&sockets[i].output);
+  			return;
+  		}
+  	old_alloc = sockets_alloc;
+! 	sockets_alloc += 10;
+  	if (sockets)
+! 		sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
+  	else
+! 		sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
+! 	for (i = old_alloc; i < sockets_alloc; i++)
+  		sockets[i].type = AUTH_UNUSED;
+! 	sockets[old_alloc].type = type;
+  	sockets[old_alloc].fd = fd;
+  	buffer_init(&sockets[old_alloc].input);
+  	buffer_init(&sockets[old_alloc].output);
+  }
+  
+  void
+--- 525,548 ----
+  	for (i = 0; i < sockets_alloc; i++)
+  		if (sockets[i].type == AUTH_UNUSED) {
+  			sockets[i].fd = fd;
+  			buffer_init(&sockets[i].input);
+  			buffer_init(&sockets[i].output);
++ 			sockets[i].type = type;
+  			return;
+  		}
+  	old_alloc = sockets_alloc;
+! 	new_alloc = sockets_alloc + 10;
+  	if (sockets)
+! 		sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
+  	else
+! 		sockets = xmalloc(new_alloc * sizeof(sockets[0]));
+! 	for (i = old_alloc; i < new_alloc; i++)
+  		sockets[i].type = AUTH_UNUSED;
+! 	sockets_alloc = new_alloc;
+  	sockets[old_alloc].fd = fd;
+  	buffer_init(&sockets[old_alloc].input);
+  	buffer_init(&sockets[old_alloc].output);
++ 	sockets[old_alloc].type = type;
+  }
+  
+  void
diff --git a/share/security/patches/SA-03:12/buffer44.patch.asc b/share/security/patches/SA-03:12/buffer44.patch.asc
new file mode 100644
index 0000000000..6c9796c870
--- /dev/null
+++ b/share/security/patches/SA-03:12/buffer44.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/aKGQFdaIBMps37IRAjtOAJ9r1Pq5elNLdi2rijodicpkPg3DzQCcDxiz
++j0XD1yULBULvvXKpcaigSA=
+=YIKw
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:12/buffer45.patch b/share/security/patches/SA-03:12/buffer45.patch
new file mode 100644
index 0000000000..a4b97f17b0
--- /dev/null
+++ b/share/security/patches/SA-03:12/buffer45.patch
@@ -0,0 +1,269 @@
+Index: crypto/openssh/buffer.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/buffer.c,v
+retrieving revision 1.1.1.1.2.3
+retrieving revision 1.1.1.1.2.3.2.2
+diff -c -p -c -r1.1.1.1.2.3 -r1.1.1.1.2.3.2.2
+*** crypto/openssh/buffer.c	28 Sep 2001 01:33:33 -0000	1.1.1.1.2.3
+--- crypto/openssh/buffer.c	17 Sep 2003 14:52:42 -0000	1.1.1.1.2.3.2.2
+*************** RCSID("$OpenBSD: buffer.c,v 1.13 2001/04
+*** 23,30 ****
+  void
+  buffer_init(Buffer *buffer)
+  {
+! 	buffer->alloc = 4096;
+! 	buffer->buf = xmalloc(buffer->alloc);
+  	buffer->offset = 0;
+  	buffer->end = 0;
+  }
+--- 23,33 ----
+  void
+  buffer_init(Buffer *buffer)
+  {
+! 	const u_int len = 4096;
+! 
+! 	buffer->alloc = 0;
+! 	buffer->buf = xmalloc(len);
+! 	buffer->alloc = len;
+  	buffer->offset = 0;
+  	buffer->end = 0;
+  }
+*************** buffer_init(Buffer *buffer)
+*** 34,41 ****
+  void
+  buffer_free(Buffer *buffer)
+  {
+! 	memset(buffer->buf, 0, buffer->alloc);
+! 	xfree(buffer->buf);
+  }
+  
+  /*
+--- 37,46 ----
+  void
+  buffer_free(Buffer *buffer)
+  {
+! 	if (buffer->alloc > 0) {
+! 		memset(buffer->buf, 0, buffer->alloc);
+! 		xfree(buffer->buf);
+! 	}
+  }
+  
+  /*
+*************** buffer_append(Buffer *buffer, const char
+*** 69,74 ****
+--- 74,81 ----
+  void
+  buffer_append_space(Buffer *buffer, char **datap, u_int len)
+  {
++ 	u_int	newlen;
++ 
+  	/* If the buffer is empty, start using it from the beginning. */
+  	if (buffer->offset == buffer->end) {
+  		buffer->offset = 0;
+*************** restart:
+*** 93,100 ****
+  		goto restart;
+  	}
+  	/* Increase the size of the buffer and retry. */
+! 	buffer->alloc += len + 32768;
+! 	buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+  	goto restart;
+  }
+  
+--- 100,111 ----
+  		goto restart;
+  	}
+  	/* Increase the size of the buffer and retry. */
+! 	newlen = buffer->alloc + len + 32768;
+! 	if (newlen > 0xa00000)
+! 		fatal("buffer_append_space: alloc %u not supported",
+! 		    newlen);
+! 	buffer->buf = xrealloc(buffer->buf, newlen);
+! 	buffer->alloc = newlen;
+  	goto restart;
+  }
+  
+Index: crypto/openssh/channels.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/channels.c,v
+retrieving revision 1.1.1.1.2.5.2.1
+retrieving revision 1.1.1.1.2.5.2.2
+diff -c -p -c -r1.1.1.1.2.5.2.1 -r1.1.1.1.2.5.2.2
+*** crypto/openssh/channels.c	7 Mar 2002 14:33:54 -0000	1.1.1.1.2.5.2.1
+--- crypto/openssh/channels.c	17 Sep 2003 14:52:42 -0000	1.1.1.1.2.5.2.2
+*************** channel_new(char *ctype, int type, int r
+*** 243,251 ****
+  	if (found == -1) {
+  		/* There are no free slots.  Take last+1 slot and expand the array.  */
+  		found = channels_alloc;
+  		channels_alloc += 10;
+  		debug2("channel: expanding %d", channels_alloc);
+- 		channels = xrealloc(channels, channels_alloc * sizeof(Channel));
+  		for (i = found; i < channels_alloc; i++)
+  			channels[i].type = SSH_CHANNEL_FREE;
+  	}
+--- 243,255 ----
+  	if (found == -1) {
+  		/* There are no free slots.  Take last+1 slot and expand the array.  */
+  		found = channels_alloc;
++ 		if (channels_alloc > 10000)
++ 			fatal("channel_new: internal error: channels_alloc %d "
++ 			    "too big.", channels_alloc);
++ 		channels = xrealloc(channels,
++ 		    (channels_alloc + 10) * sizeof(Channel));
+  		channels_alloc += 10;
+  		debug2("channel: expanding %d", channels_alloc);
+  		for (i = found; i < channels_alloc; i++)
+  			channels[i].type = SSH_CHANNEL_FREE;
+  	}
+Index: crypto/openssh/deattack.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/deattack.c,v
+retrieving revision 1.1.1.1.2.3
+retrieving revision 1.1.1.1.2.3.2.1
+diff -c -p -c -r1.1.1.1.2.3 -r1.1.1.1.2.3.2.1
+*** crypto/openssh/deattack.c	28 Sep 2001 01:33:33 -0000	1.1.1.1.2.3
+--- crypto/openssh/deattack.c	17 Sep 2003 14:52:42 -0000	1.1.1.1.2.3.2.1
+*************** detect_attack(u_char *buf, u_int32_t len
+*** 100,111 ****
+  
+  	if (h == NULL) {
+  		debug("Installing crc compensation attack detector.");
+  		n = l;
+- 		h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE);
+  	} else {
+  		if (l > n) {
+  			n = l;
+- 			h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE);
+  		}
+  	}
+  
+--- 100,111 ----
+  
+  	if (h == NULL) {
+  		debug("Installing crc compensation attack detector.");
++ 		h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
+  		n = l;
+  	} else {
+  		if (l > n) {
++ 			h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
+  			n = l;
+  		}
+  	}
+  
+Index: crypto/openssh/session.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/session.c,v
+retrieving revision 1.4.2.11
+retrieving revision 1.4.2.11.2.1
+diff -c -p -c -r1.4.2.11 -r1.4.2.11.2.1
+*** crypto/openssh/session.c	3 Dec 2001 00:53:28 -0000	1.4.2.11
+--- crypto/openssh/session.c	17 Sep 2003 14:52:42 -0000	1.4.2.11.2.1
+*************** void
+*** 886,891 ****
+--- 886,892 ----
+  child_set_env(char ***envp, u_int *envsizep, const char *name,
+  	      const char *value)
+  {
++ 	u_int envsize;
+  	u_int i, namelen;
+  	char **env;
+  
+*************** child_set_env(char ***envp, u_int *envsi
+*** 904,912 ****
+  		xfree(env[i]);
+  	} else {
+  		/* New variable.  Expand if necessary. */
+! 		if (i >= (*envsizep) - 1) {
+! 			(*envsizep) += 50;
+! 			env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
+  		}
+  		/* Need to set the NULL pointer at end of array beyond the new slot. */
+  		env[i + 1] = NULL;
+--- 905,915 ----
+  		xfree(env[i]);
+  	} else {
+  		/* New variable.  Expand if necessary. */
+! 		envsize = *envsizep;
+! 		if (i >= envsize - 1) {
+! 			envsize += 50;
+! 			env = (*envp) = xrealloc(env, envsize * sizeof(char *));
+! 			*envsizep = envsize;
+  		}
+  		/* Need to set the NULL pointer at end of array beyond the new slot. */
+  		env[i + 1] = NULL;
+Index: crypto/openssh/ssh-agent.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh-agent.c,v
+retrieving revision 1.2.2.7
+retrieving revision 1.2.2.7.2.1
+diff -c -p -c -r1.2.2.7 -r1.2.2.7.2.1
+*** crypto/openssh/ssh-agent.c	28 Sep 2001 01:33:35 -0000	1.2.2.7
+--- crypto/openssh/ssh-agent.c	17 Sep 2003 14:52:43 -0000	1.2.2.7.2.1
+*************** process_message(SocketEntry *e)
+*** 508,514 ****
+  void
+  new_socket(int type, int fd)
+  {
+! 	u_int i, old_alloc;
+  	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
+  		error("fcntl O_NONBLOCK: %s", strerror(errno));
+  
+--- 508,514 ----
+  void
+  new_socket(int type, int fd)
+  {
+! 	u_int i, old_alloc, new_alloc;
+  	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
+  		error("fcntl O_NONBLOCK: %s", strerror(errno));
+  
+*************** new_socket(int type, int fd)
+*** 518,540 ****
+  	for (i = 0; i < sockets_alloc; i++)
+  		if (sockets[i].type == AUTH_UNUSED) {
+  			sockets[i].fd = fd;
+- 			sockets[i].type = type;
+  			buffer_init(&sockets[i].input);
+  			buffer_init(&sockets[i].output);
+  			return;
+  		}
+  	old_alloc = sockets_alloc;
+! 	sockets_alloc += 10;
+  	if (sockets)
+! 		sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
+  	else
+! 		sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
+! 	for (i = old_alloc; i < sockets_alloc; i++)
+  		sockets[i].type = AUTH_UNUSED;
+! 	sockets[old_alloc].type = type;
+  	sockets[old_alloc].fd = fd;
+  	buffer_init(&sockets[old_alloc].input);
+  	buffer_init(&sockets[old_alloc].output);
+  }
+  
+  int
+--- 518,541 ----
+  	for (i = 0; i < sockets_alloc; i++)
+  		if (sockets[i].type == AUTH_UNUSED) {
+  			sockets[i].fd = fd;
+  			buffer_init(&sockets[i].input);
+  			buffer_init(&sockets[i].output);
++ 			sockets[i].type = type;
+  			return;
+  		}
+  	old_alloc = sockets_alloc;
+! 	new_alloc = sockets_alloc + 10;
+  	if (sockets)
+! 		sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
+  	else
+! 		sockets = xmalloc(new_alloc * sizeof(sockets[0]));
+! 	for (i = old_alloc; i < new_alloc; i++)
+  		sockets[i].type = AUTH_UNUSED;
+! 	sockets_alloc = new_alloc;
+  	sockets[old_alloc].fd = fd;
+  	buffer_init(&sockets[old_alloc].input);
+  	buffer_init(&sockets[old_alloc].output);
++ 	sockets[old_alloc].type = type;
+  }
+  
+  int
diff --git a/share/security/patches/SA-03:12/buffer45.patch.asc b/share/security/patches/SA-03:12/buffer45.patch.asc
new file mode 100644
index 0000000000..90bbc0f3da
--- /dev/null
+++ b/share/security/patches/SA-03:12/buffer45.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/aKGUFdaIBMps37IRAmrIAJ0dcUddpuhCZze/cp32g5d9CthyPgCglLTN
+H+m2m3mykpl6U5o5mQgBoy4=
+=/iwW
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:12/buffer46.patch b/share/security/patches/SA-03:12/buffer46.patch
new file mode 100644
index 0000000000..8484d938d7
--- /dev/null
+++ b/share/security/patches/SA-03:12/buffer46.patch
@@ -0,0 +1,344 @@
+Index: crypto/openssh/buffer.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/buffer.c,v
+retrieving revision 1.1.1.6
+retrieving revision 1.2
+diff -c -p -c -r1.1.1.6 -r1.2
+*** crypto/openssh/buffer.c	29 Jun 2002 11:33:59 -0000	1.1.1.6
+--- crypto/openssh/buffer.c	17 Sep 2003 00:58:33 -0000	1.2
+*************** RCSID("$OpenBSD: buffer.c,v 1.16 2002/06
+*** 23,30 ****
+  void
+  buffer_init(Buffer *buffer)
+  {
+! 	buffer->alloc = 4096;
+! 	buffer->buf = xmalloc(buffer->alloc);
+  	buffer->offset = 0;
+  	buffer->end = 0;
+  }
+--- 23,33 ----
+  void
+  buffer_init(Buffer *buffer)
+  {
+! 	const u_int len = 4096;
+! 
+! 	buffer->alloc = 0;
+! 	buffer->buf = xmalloc(len);
+! 	buffer->alloc = len;
+  	buffer->offset = 0;
+  	buffer->end = 0;
+  }
+*************** buffer_init(Buffer *buffer)
+*** 34,41 ****
+  void
+  buffer_free(Buffer *buffer)
+  {
+! 	memset(buffer->buf, 0, buffer->alloc);
+! 	xfree(buffer->buf);
+  }
+  
+  /*
+--- 37,46 ----
+  void
+  buffer_free(Buffer *buffer)
+  {
+! 	if (buffer->alloc > 0) {
+! 		memset(buffer->buf, 0, buffer->alloc);
+! 		xfree(buffer->buf);
+! 	}
+  }
+  
+  /*
+*************** buffer_append(Buffer *buffer, const void
+*** 69,74 ****
+--- 74,80 ----
+  void *
+  buffer_append_space(Buffer *buffer, u_int len)
+  {
++ 	u_int newlen;
+  	void *p;
+  
+  	if (len > 0x100000)
+*************** restart:
+*** 98,108 ****
+  		goto restart;
+  	}
+  	/* Increase the size of the buffer and retry. */
+! 	buffer->alloc += len + 32768;
+! 	if (buffer->alloc > 0xa00000)
+  		fatal("buffer_append_space: alloc %u not supported",
+! 		    buffer->alloc);
+! 	buffer->buf = xrealloc(buffer->buf, buffer->alloc);
+  	goto restart;
+  	/* NOTREACHED */
+  }
+--- 104,116 ----
+  		goto restart;
+  	}
+  	/* Increase the size of the buffer and retry. */
+! 	
+! 	newlen = buffer->alloc + len + 32768;
+! 	if (newlen > 0xa00000)
+  		fatal("buffer_append_space: alloc %u not supported",
+! 		    newlen);
+! 	buffer->buf = xrealloc(buffer->buf, newlen);
+! 	buffer->alloc = newlen;
+  	goto restart;
+  	/* NOTREACHED */
+  }
+Index: crypto/openssh/channels.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/channels.c,v
+retrieving revision 1.15
+retrieving revision 1.16
+diff -c -p -c -r1.15 -r1.16
+*** crypto/openssh/channels.c	1 May 2003 15:05:42 -0000	1.15
+--- crypto/openssh/channels.c	17 Sep 2003 00:58:33 -0000	1.16
+*************** channel_new(char *ctype, int type, int r
+*** 229,240 ****
+  	if (found == -1) {
+  		/* There are no free slots.  Take last+1 slot and expand the array.  */
+  		found = channels_alloc;
+- 		channels_alloc += 10;
+  		if (channels_alloc > 10000)
+  			fatal("channel_new: internal error: channels_alloc %d "
+  			    "too big.", channels_alloc);
+  		debug2("channel: expanding %d", channels_alloc);
+- 		channels = xrealloc(channels, channels_alloc * sizeof(Channel *));
+  		for (i = found; i < channels_alloc; i++)
+  			channels[i] = NULL;
+  	}
+--- 229,241 ----
+  	if (found == -1) {
+  		/* There are no free slots.  Take last+1 slot and expand the array.  */
+  		found = channels_alloc;
+  		if (channels_alloc > 10000)
+  			fatal("channel_new: internal error: channels_alloc %d "
+  			    "too big.", channels_alloc);
++ 		channels = xrealloc(channels,
++ 		    (channels_alloc + 10) * sizeof(Channel *));
++ 		channels_alloc += 10;
+  		debug2("channel: expanding %d", channels_alloc);
+  		for (i = found; i < channels_alloc; i++)
+  			channels[i] = NULL;
+  	}
+Index: crypto/openssh/deattack.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/deattack.c,v
+retrieving revision 1.1.1.5
+retrieving revision 1.1.1.6
+diff -c -p -c -r1.1.1.5 -r1.1.1.6
+*** crypto/openssh/deattack.c	18 Mar 2002 09:54:55 -0000	1.1.1.5
+--- crypto/openssh/deattack.c	17 Sep 2003 14:35:03 -0000	1.1.1.6
+*************** detect_attack(u_char *buf, u_int32_t len
+*** 100,111 ****
+  
+  	if (h == NULL) {
+  		debug("Installing crc compensation attack detector.");
+  		n = l;
+- 		h = (u_int16_t *) xmalloc(n * HASH_ENTRYSIZE);
+  	} else {
+  		if (l > n) {
+  			n = l;
+- 			h = (u_int16_t *) xrealloc(h, n * HASH_ENTRYSIZE);
+  		}
+  	}
+  
+--- 100,111 ----
+  
+  	if (h == NULL) {
+  		debug("Installing crc compensation attack detector.");
++ 		h = (u_int16_t *) xmalloc(l * HASH_ENTRYSIZE);
+  		n = l;
+  	} else {
+  		if (l > n) {
++ 			h = (u_int16_t *) xrealloc(h, l * HASH_ENTRYSIZE);
+  			n = l;
+  		}
+  	}
+  
+Index: crypto/openssh/misc.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/misc.c,v
+retrieving revision 1.1.1.4
+retrieving revision 1.1.1.5
+diff -c -p -c -r1.1.1.4 -r1.1.1.5
+*** crypto/openssh/misc.c	23 Apr 2003 16:52:55 -0000	1.1.1.4
+--- crypto/openssh/misc.c	17 Sep 2003 14:35:03 -0000	1.1.1.5
+*************** addargs(arglist *args, char *fmt, ...)
+*** 308,325 ****
+  {
+  	va_list ap;
+  	char buf[1024];
+  
+  	va_start(ap, fmt);
+  	vsnprintf(buf, sizeof(buf), fmt, ap);
+  	va_end(ap);
+  
+  	if (args->list == NULL) {
+! 		args->nalloc = 32;
+  		args->num = 0;
+! 	} else if (args->num+2 >= args->nalloc)
+! 		args->nalloc *= 2;
+  
+! 	args->list = xrealloc(args->list, args->nalloc * sizeof(char *));
+  	args->list[args->num++] = xstrdup(buf);
+  	args->list[args->num] = NULL;
+  }
+--- 308,328 ----
+  {
+  	va_list ap;
+  	char buf[1024];
++ 	int nalloc;
+  
+  	va_start(ap, fmt);
+  	vsnprintf(buf, sizeof(buf), fmt, ap);
+  	va_end(ap);
+  
++ 	nalloc = args->nalloc;
+  	if (args->list == NULL) {
+! 		nalloc = 32;
+  		args->num = 0;
+! 	} else if (args->num+2 >= nalloc)
+! 		nalloc *= 2;
+  
+! 	args->list = xrealloc(args->list, nalloc * sizeof(char *));
+! 	args->nalloc = nalloc;
+  	args->list[args->num++] = xstrdup(buf);
+  	args->list[args->num] = NULL;
+  }
+Index: crypto/openssh/session.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/session.c,v
+retrieving revision 1.40
+retrieving revision 1.41
+diff -c -p -c -r1.40 -r1.41
+*** crypto/openssh/session.c	23 Apr 2003 17:10:53 -0000	1.40
+--- crypto/openssh/session.c	17 Sep 2003 14:36:14 -0000	1.41
+*************** static void
+*** 863,870 ****
+  child_set_env(char ***envp, u_int *envsizep, const char *name,
+  	const char *value)
+  {
+- 	u_int i, namelen;
+  	char **env;
+  
+  	/*
+  	 * Find the slot where the value should be stored.  If the variable
+--- 863,871 ----
+  child_set_env(char ***envp, u_int *envsizep, const char *name,
+  	const char *value)
+  {
+  	char **env;
++ 	u_int envsize;
++ 	u_int i, namelen;
+  
+  	/*
+  	 * Find the slot where the value should be stored.  If the variable
+*************** child_set_env(char ***envp, u_int *envsi
+*** 881,892 ****
+  		xfree(env[i]);
+  	} else {
+  		/* New variable.  Expand if necessary. */
+! 		if (i >= (*envsizep) - 1) {
+! 			if (*envsizep >= 1000)
+! 				fatal("child_set_env: too many env vars,"
+! 				    " skipping: %.100s", name);
+! 			(*envsizep) += 50;
+! 			env = (*envp) = xrealloc(env, (*envsizep) * sizeof(char *));
+  		}
+  		/* Need to set the NULL pointer at end of array beyond the new slot. */
+  		env[i + 1] = NULL;
+--- 882,894 ----
+  		xfree(env[i]);
+  	} else {
+  		/* New variable.  Expand if necessary. */
+! 		envsize = *envsizep;
+! 		if (i >= envsize - 1) {
+! 			if (envsize >= 1000)
+! 				fatal("child_set_env: too many env vars");
+! 			envsize += 50;
+! 			env = (*envp) = xrealloc(env, envsize * sizeof(char *));
+! 			*envsizep = envsize;
+  		}
+  		/* Need to set the NULL pointer at end of array beyond the new slot. */
+  		env[i + 1] = NULL;
+Index: crypto/openssh/ssh-agent.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh-agent.c,v
+retrieving revision 1.18
+retrieving revision 1.19
+diff -c -p -c -r1.18 -r1.19
+*** crypto/openssh/ssh-agent.c	23 Apr 2003 17:10:53 -0000	1.18
+--- crypto/openssh/ssh-agent.c	17 Sep 2003 14:36:14 -0000	1.19
+*************** process_message(SocketEntry *e)
+*** 768,774 ****
+  static void
+  new_socket(sock_type type, int fd)
+  {
+! 	u_int i, old_alloc;
+  
+  	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
+  		error("fcntl O_NONBLOCK: %s", strerror(errno));
+--- 768,774 ----
+  static void
+  new_socket(sock_type type, int fd)
+  {
+! 	u_int i, old_alloc, new_alloc;
+  
+  	if (fcntl(fd, F_SETFL, O_NONBLOCK) < 0)
+  		error("fcntl O_NONBLOCK: %s", strerror(errno));
+*************** new_socket(sock_type type, int fd)
+*** 779,803 ****
+  	for (i = 0; i < sockets_alloc; i++)
+  		if (sockets[i].type == AUTH_UNUSED) {
+  			sockets[i].fd = fd;
+- 			sockets[i].type = type;
+  			buffer_init(&sockets[i].input);
+  			buffer_init(&sockets[i].output);
+  			buffer_init(&sockets[i].request);
+  			return;
+  		}
+  	old_alloc = sockets_alloc;
+! 	sockets_alloc += 10;
+  	if (sockets)
+! 		sockets = xrealloc(sockets, sockets_alloc * sizeof(sockets[0]));
+  	else
+! 		sockets = xmalloc(sockets_alloc * sizeof(sockets[0]));
+! 	for (i = old_alloc; i < sockets_alloc; i++)
+  		sockets[i].type = AUTH_UNUSED;
+! 	sockets[old_alloc].type = type;
+  	sockets[old_alloc].fd = fd;
+  	buffer_init(&sockets[old_alloc].input);
+  	buffer_init(&sockets[old_alloc].output);
+  	buffer_init(&sockets[old_alloc].request);
+  }
+  
+  static int
+--- 779,804 ----
+  	for (i = 0; i < sockets_alloc; i++)
+  		if (sockets[i].type == AUTH_UNUSED) {
+  			sockets[i].fd = fd;
+  			buffer_init(&sockets[i].input);
+  			buffer_init(&sockets[i].output);
+  			buffer_init(&sockets[i].request);
++ 			sockets[i].type = type;
+  			return;
+  		}
+  	old_alloc = sockets_alloc;
+! 	new_alloc = sockets_alloc + 10;
+  	if (sockets)
+! 		sockets = xrealloc(sockets, new_alloc * sizeof(sockets[0]));
+  	else
+! 		sockets = xmalloc(new_alloc * sizeof(sockets[0]));
+! 	for (i = old_alloc; i < new_alloc; i++)
+  		sockets[i].type = AUTH_UNUSED;
+! 	sockets_alloc = new_alloc;
+  	sockets[old_alloc].fd = fd;
+  	buffer_init(&sockets[old_alloc].input);
+  	buffer_init(&sockets[old_alloc].output);
+  	buffer_init(&sockets[old_alloc].request);
++ 	sockets[old_alloc].type = type;
+  }
+  
+  static int
diff --git a/share/security/patches/SA-03:12/buffer46.patch.asc b/share/security/patches/SA-03:12/buffer46.patch.asc
new file mode 100644
index 0000000000..61577a6727
--- /dev/null
+++ b/share/security/patches/SA-03:12/buffer46.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/aKGXFdaIBMps37IRAll5AJsFFxSpQZI/6/XH7FbslOWhscjYmACdGDh+
+zx6gvKGufSA4jhPuzryseqc=
+=GxdJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:13/sendmail.patch b/share/security/patches/SA-03:13/sendmail.patch
new file mode 100644
index 0000000000..28bd4135c6
--- /dev/null
+++ b/share/security/patches/SA-03:13/sendmail.patch
@@ -0,0 +1,22 @@
+Index: contrib/sendmail/src/parseaddr.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/parseaddr.c,v
+retrieving revision 1.1.1.2.6.13
+retrieving revision 1.1.1.2.6.14
+diff -c -p -c -r1.1.1.2.6.13 -r1.1.1.2.6.14
+*** contrib/sendmail/src/parseaddr.c	29 Mar 2003 19:33:17 -0000	1.1.1.2.6.13
+--- contrib/sendmail/src/parseaddr.c	17 Sep 2003 15:18:20 -0000	1.1.1.2.6.14
+*************** prescan(addr, delim, pvpbuf, pvpbsize, d
+*** 700,706 ****
+--- 700,710 ----
+  						addr[MAXNAME] = '\0';
+  	returnnull:
+  					if (delimptr != NULL)
++ 					{
++ 						if (p > addr)
++ 							p--;
+  						*delimptr = p;
++ 					}
+  					CurEnv->e_to = saveto;
+  					return NULL;
+  				}
diff --git a/share/security/patches/SA-03:13/sendmail.patch.asc b/share/security/patches/SA-03:13/sendmail.patch.asc
new file mode 100644
index 0000000000..984ce9708a
--- /dev/null
+++ b/share/security/patches/SA-03:13/sendmail.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/aOLYFdaIBMps37IRAhJeAJ9Cxt8hOK0VrSsB1MFwZJMLdayPWgCbBL8B
+pVIIFZRl1mcELOnIVQKvFQc=
+=jU+8
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:14/arp.patch b/share/security/patches/SA-03:14/arp.patch
new file mode 100644
index 0000000000..4bbcbc0a23
--- /dev/null
+++ b/share/security/patches/SA-03:14/arp.patch
@@ -0,0 +1,43 @@
+Index: sys/netinet/if_ether.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/if_ether.c,v
+retrieving revision 1.104
+retrieving revision 1.104.2.1
+diff -c -p -r1.104 -r1.104.2.1
+*** sys/netinet/if_ether.c	4 Mar 2003 23:19:52 -0000	1.104
+--- sys/netinet/if_ether.c	23 Sep 2003 20:08:42 -0000	1.104.2.1
+*************** arplookup(addr, create, proxy)
+*** 918,929 ****
+  	else if (rt->rt_gateway->sa_family != AF_LINK)
+  		why = "gateway route is not ours";
+  
+! 	if (why && create) {
+! 		log(LOG_DEBUG, "arplookup %s failed: %s\n",
+! 		    inet_ntoa(sin.sin_addr), why);
+! 		return 0;
+! 	} else if (why) {
+! 		return 0;
+  	}
+  	return ((struct llinfo_arp *)rt->rt_llinfo);
+  }
+--- 918,937 ----
+  	else if (rt->rt_gateway->sa_family != AF_LINK)
+  		why = "gateway route is not ours";
+  
+! 	if (why) {
+! 		if (create)
+! 			log(LOG_DEBUG, "arplookup %s failed: %s\n",
+! 			    inet_ntoa(sin.sin_addr), why);
+! 
+! 		/* If there are no references to this route, purge it */
+! 		if (rt->rt_refcnt <= 0 &&
+! 		    (rt->rt_flags & RTF_WASCLONED) == RTF_WASCLONED) {
+! 			rtrequest(RTM_DELETE,
+! 					(struct sockaddr *)rt_key(rt),
+! 					rt->rt_gateway, rt_mask(rt),
+! 					rt->rt_flags, 0);
+! 		}
+! 		return (0);
+  	}
+  	return ((struct llinfo_arp *)rt->rt_llinfo);
+  }
diff --git a/share/security/patches/SA-03:14/arp.patch.asc b/share/security/patches/SA-03:14/arp.patch.asc
new file mode 100644
index 0000000000..e4943afe51
--- /dev/null
+++ b/share/security/patches/SA-03:14/arp.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/cipRFdaIBMps37IRAk8kAJ46QOFndZ33VWRwMn/cJIdMjgkbMQCdG5D4
+Jqu0RO8MZyUzVX8k3YWuVVY=
+=Y2Vi
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:15/openssh46.patch b/share/security/patches/SA-03:15/openssh46.patch
new file mode 100644
index 0000000000..1d5952a332
--- /dev/null
+++ b/share/security/patches/SA-03:15/openssh46.patch
@@ -0,0 +1,282 @@
+Index: crypto/openssh/auth-chall.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
+retrieving revision 1.2.2.2.2.1
+retrieving revision 1.2.2.2.2.2
+diff -p -c -r1.2.2.2.2.1 -r1.2.2.2.2.2
+*** crypto/openssh/auth-chall.c	16 Jul 2002 12:27:05 -0000	1.2.2.2.2.1
+--- crypto/openssh/auth-chall.c	24 Sep 2003 19:53:37 -0000	1.2.2.2.2.2
+*************** verify_response(Authctxt *authctxt, cons
+*** 80,82 ****
+--- 80,90 ----
+  	authctxt->kbdintctxt = NULL;
+  	return res ? 0 : 1;
+  }
++ void
++ abandon_challenge_response(Authctxt *authctxt)
++ {
++ 	if (authctxt->kbdintctxt != NULL) {
++ 		device->free_ctx(authctxt->kbdintctxt);
++ 		authctxt->kbdintctxt = NULL;
++ 	}
++ }
+Index: crypto/openssh/auth.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
+retrieving revision 1.1.1.1.2.4.4.1
+retrieving revision 1.1.1.1.2.4.4.2
+diff -p -c -r1.1.1.1.2.4.4.1 -r1.1.1.1.2.4.4.2
+*** crypto/openssh/auth.h	16 Jul 2002 12:33:06 -0000	1.1.1.1.2.4.4.1
+--- crypto/openssh/auth.h	24 Sep 2003 19:53:37 -0000	1.1.1.1.2.4.4.2
+*************** struct passwd * getpwnamallow(const char
+*** 160,165 ****
+--- 160,166 ----
+  
+  char	*get_challenge(Authctxt *);
+  int	verify_response(Authctxt *, const char *);
++ void	abandon_challenge_response(Authctxt *);
+  
+  struct passwd * auth_get_user(void);
+  
+Index: crypto/openssh/auth1.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v
+retrieving revision 1.3.2.7.4.1
+retrieving revision 1.3.2.7.4.2
+diff -p -c -r1.3.2.7.4.1 -r1.3.2.7.4.2
+*** crypto/openssh/auth1.c	16 Jul 2002 12:33:06 -0000	1.3.2.7.4.1
+--- crypto/openssh/auth1.c	24 Sep 2003 19:53:37 -0000	1.3.2.7.4.2
+*************** do_authloop(Authctxt *authctxt)
+*** 73,79 ****
+  	char info[1024];
+  	u_int dlen;
+  	u_int ulen;
+! 	int type = 0;
+  	struct passwd *pw = authctxt->pw;
+  
+  	debug("Attempting authentication for %s%.100s.",
+--- 73,79 ----
+  	char info[1024];
+  	u_int dlen;
+  	u_int ulen;
+! 	int prev, type = 0;
+  	struct passwd *pw = authctxt->pw;
+  
+  	debug("Attempting authentication for %s%.100s.",
+*************** do_authloop(Authctxt *authctxt)
+*** 103,109 ****
+--- 103,121 ----
+  		info[0] = '\0';
+  
+  		/* Get a packet from the client. */
++ 		prev = type;
+  		type = packet_read();
++ 
++ 		/*
++ 		 * If we started challenge-response authentication but the
++ 		 * next packet is not a response to our challenge, release
++ 		 * the resources allocated by get_challenge() (which would
++ 		 * normally have been released by verify_response() had we
++ 		 * received such a response)
++ 		 */
++ 		if (prev == SSH_CMSG_AUTH_TIS &&
++ 		    type != SSH_CMSG_AUTH_TIS_RESPONSE)
++ 			abandon_challenge_response(authctxt);
+  
+  		/* Process the packet. */
+  		switch (type) {
+Index: crypto/openssh/auth2-pam-freebsd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
+retrieving revision 1.2.2.2
+retrieving revision 1.2.2.4
+diff -p -c -r1.2.2.2 -r1.2.2.4
+*** crypto/openssh/auth2-pam-freebsd.c	17 Jul 2002 17:52:36 -0000	1.2.2.2
+--- crypto/openssh/auth2-pam-freebsd.c	24 Sep 2003 19:16:50 -0000	1.2.2.4
+*************** pam_child_conv(int n,
+*** 76,83 ****
+  	*resp = xmalloc(n * sizeof **resp);
+  	buffer_init(&buffer);
+  	for (i = 0; i < n; ++i) {
+! 		resp[i]->resp_retcode = 0;
+! 		resp[i]->resp = NULL;
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 76,83 ----
+  	*resp = xmalloc(n * sizeof **resp);
+  	buffer_init(&buffer);
+  	for (i = 0; i < n; ++i) {
+! 		(*resp)[i].resp_retcode = 0;
+! 		(*resp)[i].resp = NULL;
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_child_conv(int n,
+*** 85,91 ****
+  			msg_recv(ctxt->pam_sock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 85,91 ----
+  			msg_recv(ctxt->pam_sock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_child_conv(int n,
+*** 93,99 ****
+  			msg_recv(ctxt->pam_sock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_ERROR_MSG:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 93,99 ----
+  			msg_recv(ctxt->pam_sock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_ERROR_MSG:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_child_conv(int n,
+*** 111,118 ****
+  	buffer_free(&buffer);
+  	return (PAM_SUCCESS);
+   fail:
+- 	while (i)
+- 		xfree(resp[--i]);
+  	xfree(*resp);
+  	*resp = NULL;
+  	buffer_free(&buffer);
+--- 111,116 ----
+Index: crypto/openssh/ssh_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
+retrieving revision 1.2.2.4
+retrieving revision 1.2.2.4.4.2
+diff -p -c -r1.2.2.4 -r1.2.2.4.4.2
+*** crypto/openssh/ssh_config	28 Sep 2001 01:33:35 -0000	1.2.2.4
+--- crypto/openssh/ssh_config	24 Sep 2003 19:54:21 -0000	1.2.2.4.4.2
+***************
+*** 1,13 ****
+! # This is ssh client systemwide configuration file.  This file provides 
+! # defaults for users, and the values can be changed in per-user configuration
+! # files or on the command line.
+! #
+! #	$OpenBSD: ssh_config,v 1.10 2001/04/03 21:19:38 todd Exp $
+! # $FreeBSD$
+  
+! # This is ssh client systemwide configuration file.  See ssh(1) for more
+! # information.  This file provides defaults for users, and the values can
+! # be changed in per-user configuration files or on the command line.
+  
+  # Configuration data is parsed as follows:
+  #  1. command line options
+--- 1,10 ----
+! #	$OpenBSD: ssh_config,v 1.15 2002/06/20 20:03:34 stevesk Exp $
+! #	$FreeBSD$
+  
+! # This is the ssh client system-wide configuration file.  See
+! # ssh_config(5) for more information.  This file provides defaults for
+! # users, and the values can be changed in per-user configuration files
+! # or on the command line.
+  
+  # Configuration data is parsed as follows:
+  #  1. command line options
+*************** Host *
+*** 23,40 ****
+  #   ForwardAgent no
+  #   ForwardX11 no
+  #   RhostsAuthentication no
+! #   RhostsRSAAuthentication yes
+  #   RSAAuthentication yes
+  #   PasswordAuthentication yes
+- #   FallBackToRsh no
+- #   UseRsh no
+  #   BatchMode no
+  #   CheckHostIP yes
+! #   StrictHostKeyChecking yes
+  #   IdentityFile ~/.ssh/identity
+- #   IdentityFile ~/.ssh/id_dsa
+  #   IdentityFile ~/.ssh/id_rsa
+  #   Port 22
+    Protocol 1,2
+! #   Cipher blowfish
+  #   EscapeChar ~
+--- 20,37 ----
+  #   ForwardAgent no
+  #   ForwardX11 no
+  #   RhostsAuthentication no
+! #   RhostsRSAAuthentication no
+  #   RSAAuthentication yes
+  #   PasswordAuthentication yes
+  #   BatchMode no
+  #   CheckHostIP yes
+! #   StrictHostKeyChecking ask
+  #   IdentityFile ~/.ssh/identity
+  #   IdentityFile ~/.ssh/id_rsa
++ #   IdentityFile ~/.ssh/id_dsa
+  #   Port 22
+    Protocol 1,2
+! #   Cipher 3des
+! #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+  #   EscapeChar ~
++ #   VersionAddendum FreeBSD-20030924
+Index: crypto/openssh/sshd_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
+retrieving revision 1.4.2.8.2.1
+retrieving revision 1.4.2.8.2.2
+diff -p -c -r1.4.2.8.2.1 -r1.4.2.8.2.2
+*** crypto/openssh/sshd_config	16 Jul 2002 12:33:10 -0000	1.4.2.8.2.1
+--- crypto/openssh/sshd_config	24 Sep 2003 19:54:21 -0000	1.4.2.8.2.2
+***************
+*** 14,20 ****
+  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+  # FreeBSD has a few additional options.
+  
+! #VersionAddendum FreeBSD-20020629
+  
+  #Port 22
+  #Protocol 2,1
+--- 14,20 ----
+  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+  # FreeBSD has a few additional options.
+  
+! #VersionAddendum FreeBSD-20030924
+  
+  #Port 22
+  #Protocol 2,1
+Index: crypto/openssh/version.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/version.h,v
+retrieving revision 1.1.1.1.2.8.2.3
+retrieving revision 1.1.1.1.2.8.2.4
+diff -p -c -r1.1.1.1.2.8.2.3 -r1.1.1.1.2.8.2.4
+*** crypto/openssh/version.h	17 Sep 2003 14:52:09 -0000	1.1.1.1.2.8.2.3
+--- crypto/openssh/version.h	24 Sep 2003 19:54:21 -0000	1.1.1.1.2.8.2.4
+***************
+*** 5,11 ****
+  
+  #define SSH_VERSION             (ssh_version_get())
+  #define SSH_VERSION_BASE        "OpenSSH_3.4p1"
+! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030917"
+  
+  const char *ssh_version_get(void);
+  void ssh_version_set_addendum(const char *add);
+--- 5,11 ----
+  
+  #define SSH_VERSION             (ssh_version_get())
+  #define SSH_VERSION_BASE        "OpenSSH_3.4p1"
+! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030924"
+  
+  const char *ssh_version_get(void);
+  void ssh_version_set_addendum(const char *add);
diff --git a/share/security/patches/SA-03:15/openssh46.patch.asc b/share/security/patches/SA-03:15/openssh46.patch.asc
new file mode 100644
index 0000000000..5960c54ab6
--- /dev/null
+++ b/share/security/patches/SA-03:15/openssh46.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/gE1VFdaIBMps37IRAgTnAJ9RL8HKMTPWESsBZeU93HYypPU5/ACdG6ko
+F6op/WZvW3kUP4Y+UmdWNUM=
+=nNZB
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:15/openssh47.patch b/share/security/patches/SA-03:15/openssh47.patch
new file mode 100644
index 0000000000..9d7946c104
--- /dev/null
+++ b/share/security/patches/SA-03:15/openssh47.patch
@@ -0,0 +1,228 @@
+Index: crypto/openssh/auth-chall.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
+retrieving revision 1.2.2.3
+retrieving revision 1.2.2.3.2.1
+diff -p -c -r1.2.2.3 -r1.2.2.3.2.1
+*** crypto/openssh/auth-chall.c	3 Jul 2002 22:11:41 -0000	1.2.2.3
+--- crypto/openssh/auth-chall.c	24 Sep 2003 19:50:39 -0000	1.2.2.3.2.1
+*************** verify_response(Authctxt *authctxt, cons
+*** 80,82 ****
+--- 80,90 ----
+  	authctxt->kbdintctxt = NULL;
+  	return res ? 0 : 1;
+  }
++ void
++ abandon_challenge_response(Authctxt *authctxt)
++ {
++ 	if (authctxt->kbdintctxt != NULL) {
++ 		device->free_ctx(authctxt->kbdintctxt);
++ 		authctxt->kbdintctxt = NULL;
++ 	}
++ }
+Index: crypto/openssh/auth.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
+retrieving revision 1.1.1.1.2.5
+retrieving revision 1.1.1.1.2.5.2.1
+diff -p -c -r1.1.1.1.2.5 -r1.1.1.1.2.5.2.1
+*** crypto/openssh/auth.h	3 Jul 2002 22:11:41 -0000	1.1.1.1.2.5
+--- crypto/openssh/auth.h	24 Sep 2003 19:50:39 -0000	1.1.1.1.2.5.2.1
+*************** struct passwd * getpwnamallow(const char
+*** 160,165 ****
+--- 160,166 ----
+  
+  char	*get_challenge(Authctxt *);
+  int	verify_response(Authctxt *, const char *);
++ void	abandon_challenge_response(Authctxt *);
+  
+  struct passwd * auth_get_user(void);
+  
+Index: crypto/openssh/auth1.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v
+retrieving revision 1.3.2.8
+retrieving revision 1.3.2.8.2.1
+diff -p -c -r1.3.2.8 -r1.3.2.8.2.1
+*** crypto/openssh/auth1.c	3 Jul 2002 22:11:41 -0000	1.3.2.8
+--- crypto/openssh/auth1.c	24 Sep 2003 19:50:39 -0000	1.3.2.8.2.1
+*************** do_authloop(Authctxt *authctxt)
+*** 73,79 ****
+  	char info[1024];
+  	u_int dlen;
+  	u_int ulen;
+! 	int type = 0;
+  	struct passwd *pw = authctxt->pw;
+  
+  	debug("Attempting authentication for %s%.100s.",
+--- 73,79 ----
+  	char info[1024];
+  	u_int dlen;
+  	u_int ulen;
+! 	int prev, type = 0;
+  	struct passwd *pw = authctxt->pw;
+  
+  	debug("Attempting authentication for %s%.100s.",
+*************** do_authloop(Authctxt *authctxt)
+*** 103,109 ****
+--- 103,121 ----
+  		info[0] = '\0';
+  
+  		/* Get a packet from the client. */
++ 		prev = type;
+  		type = packet_read();
++ 
++ 		/*
++ 		 * If we started challenge-response authentication but the
++ 		 * next packet is not a response to our challenge, release
++ 		 * the resources allocated by get_challenge() (which would
++ 		 * normally have been released by verify_response() had we
++ 		 * received such a response)
++ 		 */
++ 		if (prev == SSH_CMSG_AUTH_TIS &&
++ 		    type != SSH_CMSG_AUTH_TIS_RESPONSE)
++ 			abandon_challenge_response(authctxt);
+  
+  		/* Process the packet. */
+  		switch (type) {
+Index: crypto/openssh/auth2-pam-freebsd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
+retrieving revision 1.1.2.2
+retrieving revision 1.1.2.2.2.2
+diff -p -c -r1.1.2.2 -r1.1.2.2.2.2
+*** crypto/openssh/auth2-pam-freebsd.c	17 Jul 2002 17:45:18 -0000	1.1.2.2
+--- crypto/openssh/auth2-pam-freebsd.c	24 Sep 2003 19:16:24 -0000	1.1.2.2.2.2
+*************** pam_child_conv(int n,
+*** 76,83 ****
+  	*resp = xmalloc(n * sizeof **resp);
+  	buffer_init(&buffer);
+  	for (i = 0; i < n; ++i) {
+! 		resp[i]->resp_retcode = 0;
+! 		resp[i]->resp = NULL;
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 76,83 ----
+  	*resp = xmalloc(n * sizeof **resp);
+  	buffer_init(&buffer);
+  	for (i = 0; i < n; ++i) {
+! 		(*resp)[i].resp_retcode = 0;
+! 		(*resp)[i].resp = NULL;
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_child_conv(int n,
+*** 85,91 ****
+  			msg_recv(ctxt->pam_sock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 85,91 ----
+  			msg_recv(ctxt->pam_sock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_child_conv(int n,
+*** 93,99 ****
+  			msg_recv(ctxt->pam_sock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_ERROR_MSG:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 93,99 ----
+  			msg_recv(ctxt->pam_sock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_ERROR_MSG:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_child_conv(int n,
+*** 111,118 ****
+  	buffer_free(&buffer);
+  	return (PAM_SUCCESS);
+   fail:
+- 	while (i)
+- 		xfree(resp[--i]);
+  	xfree(*resp);
+  	*resp = NULL;
+  	buffer_free(&buffer);
+--- 111,116 ----
+Index: crypto/openssh/ssh_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
+retrieving revision 1.2.2.6
+retrieving revision 1.2.2.6.2.1
+diff -p -c -r1.2.2.6 -r1.2.2.6.2.1
+*** crypto/openssh/ssh_config	25 Jul 2002 16:03:44 -0000	1.2.2.6
+--- crypto/openssh/ssh_config	24 Sep 2003 19:51:42 -0000	1.2.2.6.2.1
+***************
+*** 34,37 ****
+  #   Cipher 3des
+  #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+  #   EscapeChar ~
+! #   VersionAddendum FreeBSD-20020629
+--- 34,37 ----
+  #   Cipher 3des
+  #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+  #   EscapeChar ~
+! #   VersionAddendum FreeBSD-20030924
+Index: crypto/openssh/sshd_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
+retrieving revision 1.4.2.10
+retrieving revision 1.4.2.10.2.1
+diff -p -c -r1.4.2.10 -r1.4.2.10.2.1
+*** crypto/openssh/sshd_config	26 Jul 2002 15:18:32 -0000	1.4.2.10
+--- crypto/openssh/sshd_config	24 Sep 2003 19:51:42 -0000	1.4.2.10.2.1
+***************
+*** 14,20 ****
+  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+  # FreeBSD has a few additional options.
+  
+! #VersionAddendum FreeBSD-20020629
+  
+  #Port 22
+  #Protocol 2,1
+--- 14,20 ----
+  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+  # FreeBSD has a few additional options.
+  
+! #VersionAddendum FreeBSD-20030924
+  
+  #Port 22
+  #Protocol 2,1
+Index: crypto/openssh/version.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/version.h,v
+retrieving revision 1.1.1.1.2.9.2.2
+retrieving revision 1.1.1.1.2.9.2.3
+diff -p -c -r1.1.1.1.2.9.2.2 -r1.1.1.1.2.9.2.3
+*** crypto/openssh/version.h	17 Sep 2003 14:51:37 -0000	1.1.1.1.2.9.2.2
+--- crypto/openssh/version.h	24 Sep 2003 19:51:42 -0000	1.1.1.1.2.9.2.3
+***************
+*** 5,11 ****
+  
+  #define SSH_VERSION             (ssh_version_get())
+  #define SSH_VERSION_BASE        "OpenSSH_3.4p1"
+! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030917"
+  
+  const char *ssh_version_get(void);
+  void ssh_version_set_addendum(const char *add);
+--- 5,11 ----
+  
+  #define SSH_VERSION             (ssh_version_get())
+  #define SSH_VERSION_BASE        "OpenSSH_3.4p1"
+! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030924"
+  
+  const char *ssh_version_get(void);
+  void ssh_version_set_addendum(const char *add);
diff --git a/share/security/patches/SA-03:15/openssh47.patch.asc b/share/security/patches/SA-03:15/openssh47.patch.asc
new file mode 100644
index 0000000000..c2679fcdce
--- /dev/null
+++ b/share/security/patches/SA-03:15/openssh47.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/gE1YFdaIBMps37IRArNnAJ9PuZHuf433vDuk4tvANG94vGTlwgCdEl+Z
+dua+BsWURfvDwJtSQ6U8rDk=
+=Diey
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:15/openssh48.patch b/share/security/patches/SA-03:15/openssh48.patch
new file mode 100644
index 0000000000..2217a1fa23
--- /dev/null
+++ b/share/security/patches/SA-03:15/openssh48.patch
@@ -0,0 +1,347 @@
+Index: crypto/openssh/auth-chall.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
+retrieving revision 1.2.2.4
+retrieving revision 1.2.2.4.2.2
+diff -p -c -r1.2.2.4 -r1.2.2.4.2.2
+*** crypto/openssh/auth-chall.c	3 Feb 2003 17:31:06 -0000	1.2.2.4
+--- crypto/openssh/auth-chall.c	24 Sep 2003 19:47:18 -0000	1.2.2.4.2.2
+*************** verify_response(Authctxt *authctxt, cons
+*** 93,101 ****
+  			xfree(info);
+  		}
+  		/* if we received more prompts, we're screwed */
+! 		res = (numprompts != 0);
+  	}
+  	device->free_ctx(authctxt->kbdintctxt);
+  	authctxt->kbdintctxt = NULL;
+  	return res ? 0 : 1;
+  }
+--- 93,109 ----
+  			xfree(info);
+  		}
+  		/* if we received more prompts, we're screwed */
+! 		res = (res == 0 && numprompts == 0) ? 0 : -1;
+  	}
+  	device->free_ctx(authctxt->kbdintctxt);
+  	authctxt->kbdintctxt = NULL;
+  	return res ? 0 : 1;
++ }
++ void
++ abandon_challenge_response(Authctxt *authctxt)
++ {
++ 	if (authctxt->kbdintctxt != NULL) {
++ 		device->free_ctx(authctxt->kbdintctxt);
++ 		authctxt->kbdintctxt = NULL;
++ 	}
+  }
+Index: crypto/openssh/auth.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
+retrieving revision 1.1.1.1.2.6
+retrieving revision 1.1.1.1.2.6.2.1
+diff -p -c -r1.1.1.1.2.6 -r1.1.1.1.2.6.2.1
+*** crypto/openssh/auth.h	3 Feb 2003 17:31:06 -0000	1.1.1.1.2.6
+--- crypto/openssh/auth.h	24 Sep 2003 19:47:18 -0000	1.1.1.1.2.6.2.1
+*************** struct passwd * getpwnamallow(const char
+*** 160,165 ****
+--- 160,166 ----
+  
+  char	*get_challenge(Authctxt *);
+  int	verify_response(Authctxt *, const char *);
++ void	abandon_challenge_response(Authctxt *);
+  
+  struct passwd * auth_get_user(void);
+  
+Index: crypto/openssh/auth1.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v
+retrieving revision 1.3.2.9
+retrieving revision 1.3.2.9.2.1
+diff -p -c -r1.3.2.9 -r1.3.2.9.2.1
+*** crypto/openssh/auth1.c	3 Feb 2003 17:31:06 -0000	1.3.2.9
+--- crypto/openssh/auth1.c	24 Sep 2003 19:47:18 -0000	1.3.2.9.2.1
+*************** do_authloop(Authctxt *authctxt)
+*** 74,80 ****
+  	char info[1024];
+  	u_int dlen;
+  	u_int ulen;
+! 	int type = 0;
+  	struct passwd *pw = authctxt->pw;
+  
+  	debug("Attempting authentication for %s%.100s.",
+--- 74,80 ----
+  	char info[1024];
+  	u_int dlen;
+  	u_int ulen;
+! 	int prev, type = 0;
+  	struct passwd *pw = authctxt->pw;
+  
+  	debug("Attempting authentication for %s%.100s.",
+*************** do_authloop(Authctxt *authctxt)
+*** 104,110 ****
+--- 104,122 ----
+  		info[0] = '\0';
+  
+  		/* Get a packet from the client. */
++ 		prev = type;
+  		type = packet_read();
++ 
++ 		/*
++ 		 * If we started challenge-response authentication but the
++ 		 * next packet is not a response to our challenge, release
++ 		 * the resources allocated by get_challenge() (which would
++ 		 * normally have been released by verify_response() had we
++ 		 * received such a response)
++ 		 */
++ 		if (prev == SSH_CMSG_AUTH_TIS &&
++ 		    type != SSH_CMSG_AUTH_TIS_RESPONSE)
++ 			abandon_challenge_response(authctxt);
+  
+  		/* Process the packet. */
+  		switch (type) {
+Index: crypto/openssh/auth2-pam-freebsd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
+retrieving revision 1.1.2.5
+retrieving revision 1.1.2.5.2.2
+diff -p -c -r1.1.2.5 -r1.1.2.5.2.2
+*** crypto/openssh/auth2-pam-freebsd.c	22 Feb 2003 16:31:47 -0000	1.1.2.5
+--- crypto/openssh/auth2-pam-freebsd.c	24 Sep 2003 19:14:41 -0000	1.1.2.5.2.2
+*************** pam_thread_conv(int n,
+*** 134,141 ****
+  	*resp = xmalloc(n * sizeof **resp);
+  	buffer_init(&buffer);
+  	for (i = 0; i < n; ++i) {
+! 		resp[i]->resp_retcode = 0;
+! 		resp[i]->resp = NULL;
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 134,141 ----
+  	*resp = xmalloc(n * sizeof **resp);
+  	buffer_init(&buffer);
+  	for (i = 0; i < n; ++i) {
+! 		(*resp)[i].resp_retcode = 0;
+! 		(*resp)[i].resp = NULL;
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_thread_conv(int n,
+*** 143,149 ****
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 143,149 ----
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_thread_conv(int n,
+*** 151,157 ****
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_ERROR_MSG:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 151,157 ----
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_ERROR_MSG:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_thread_conv(int n,
+*** 169,176 ****
+  	buffer_free(&buffer);
+  	return (PAM_SUCCESS);
+   fail:
+- 	while (i)
+- 		xfree(resp[--i]);
+  	xfree(*resp);
+  	*resp = NULL;
+  	buffer_free(&buffer);
+--- 169,174 ----
+*************** pam_chauthtok_conv(int n,
+*** 539,558 ****
+  	for (i = 0; i < n; ++i) {
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+! 			resp[i]->resp =
+  			    read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
+! 			resp[i]->resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			fputs(msg[i]->msg, stderr);
+  			fgets(input, sizeof input, stdin);
+! 			resp[i]->resp = xstrdup(input);
+! 			resp[i]->resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_ERROR_MSG:
+  		case PAM_TEXT_INFO:
+  			fputs(msg[i]->msg, stderr);
+! 			resp[i]->resp_retcode = PAM_SUCCESS;
+  			break;
+  		default:
+  			goto fail;
+--- 537,556 ----
+  	for (i = 0; i < n; ++i) {
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+! 			(*resp)[i].resp =
+  			    read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
+! 			(*resp)[i].resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			fputs(msg[i]->msg, stderr);
+  			fgets(input, sizeof input, stdin);
+! 			(*resp)[i].resp = xstrdup(input);
+! 			(*resp)[i].resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_ERROR_MSG:
+  		case PAM_TEXT_INFO:
+  			fputs(msg[i]->msg, stderr);
+! 			(*resp)[i].resp_retcode = PAM_SUCCESS;
+  			break;
+  		default:
+  			goto fail;
+*************** pam_chauthtok_conv(int n,
+*** 560,567 ****
+  	}
+  	return (PAM_SUCCESS);
+   fail:
+- 	while (i)
+- 		xfree(resp[--i]);
+  	xfree(*resp);
+  	*resp = NULL;
+  	return (PAM_CONV_ERR);
+--- 558,563 ----
+Index: crypto/openssh/ssh_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
+retrieving revision 1.2.2.8
+retrieving revision 1.2.2.8.2.1
+diff -p -c -r1.2.2.8 -r1.2.2.8.2.1
+*** crypto/openssh/ssh_config	11 Feb 2003 12:11:54 -0000	1.2.2.8
+--- crypto/openssh/ssh_config	24 Sep 2003 19:47:43 -0000	1.2.2.8.2.1
+***************
+*** 35,38 ****
+  #   Cipher 3des
+  #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+  #   EscapeChar ~
+! #   VersionAddendum FreeBSD-20030201
+--- 35,38 ----
+  #   Cipher 3des
+  #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+  #   EscapeChar ~
+! #   VersionAddendum FreeBSD-20030924
+Index: crypto/openssh/ssh_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v
+retrieving revision 1.4.2.4
+retrieving revision 1.4.2.4.2.1
+diff -p -c -r1.4.2.4 -r1.4.2.4.2.1
+*** crypto/openssh/ssh_config.5	11 Feb 2003 12:11:54 -0000	1.4.2.4
+--- crypto/openssh/ssh_config.5	24 Sep 2003 19:47:43 -0000	1.4.2.4.2.1
+*************** host key database instead of
+*** 616,622 ****
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030201 .
+  .It Cm XAuthLocation
+  Specifies the full pathname of the
+  .Xr xauth 1
+--- 616,622 ----
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030924 .
+  .It Cm XAuthLocation
+  Specifies the full pathname of the
+  .Xr xauth 1
+Index: crypto/openssh/sshd_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
+retrieving revision 1.4.2.12
+retrieving revision 1.4.2.12.2.1
+diff -p -c -r1.4.2.12 -r1.4.2.12.2.1
+*** crypto/openssh/sshd_config	11 Feb 2003 12:11:54 -0000	1.4.2.12
+--- crypto/openssh/sshd_config	24 Sep 2003 19:47:43 -0000	1.4.2.12.2.1
+***************
+*** 14,20 ****
+  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+  # FreeBSD has a few additional options.
+  
+! #VersionAddendum FreeBSD-20030201
+  
+  #Port 22
+  #Protocol 2,1
+--- 14,20 ----
+  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+  # FreeBSD has a few additional options.
+  
+! #VersionAddendum FreeBSD-20030924
+  
+  #Port 22
+  #Protocol 2,1
+Index: crypto/openssh/sshd_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v
+retrieving revision 1.5.2.5
+retrieving revision 1.5.2.5.2.1
+diff -p -c -r1.5.2.5 -r1.5.2.5.2.1
+*** crypto/openssh/sshd_config.5	11 Feb 2003 12:11:54 -0000	1.5.2.5
+--- crypto/openssh/sshd_config.5	24 Sep 2003 19:47:43 -0000	1.5.2.5.2.1
+*************** The default is
+*** 647,653 ****
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030201 .
+  .It Cm X11DisplayOffset
+  Specifies the first display number available for
+  .Nm sshd Ns 's
+--- 647,653 ----
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030924 .
+  .It Cm X11DisplayOffset
+  Specifies the first display number available for
+  .Nm sshd Ns 's
+Index: crypto/openssh/version.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/version.h,v
+retrieving revision 1.1.1.1.2.10.2.2
+retrieving revision 1.1.1.1.2.10.2.3
+diff -p -c -r1.1.1.1.2.10.2.2 -r1.1.1.1.2.10.2.3
+*** crypto/openssh/version.h	17 Sep 2003 14:51:09 -0000	1.1.1.1.2.10.2.2
+--- crypto/openssh/version.h	24 Sep 2003 19:47:43 -0000	1.1.1.1.2.10.2.3
+***************
+*** 5,11 ****
+  
+  #define SSH_VERSION             (ssh_version_get())
+  #define SSH_VERSION_BASE        "OpenSSH_3.5p1"
+! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030917"
+  
+  const char *ssh_version_get(void);
+  void ssh_version_set_addendum(const char *add);
+--- 5,11 ----
+  
+  #define SSH_VERSION             (ssh_version_get())
+  #define SSH_VERSION_BASE        "OpenSSH_3.5p1"
+! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030924"
+  
+  const char *ssh_version_get(void);
+  void ssh_version_set_addendum(const char *add);
diff --git a/share/security/patches/SA-03:15/openssh48.patch.asc b/share/security/patches/SA-03:15/openssh48.patch.asc
new file mode 100644
index 0000000000..40f7e07889
--- /dev/null
+++ b/share/security/patches/SA-03:15/openssh48.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/gE1aFdaIBMps37IRAgXCAJ4jrg+Cov2pgr+QH7N8Hascv8CN5wCePDxe
+lkYSZ/NupZuPMJNqpq07JuU=
+=7B9W
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:15/openssh4s.patch b/share/security/patches/SA-03:15/openssh4s.patch
new file mode 100644
index 0000000000..275d249f84
--- /dev/null
+++ b/share/security/patches/SA-03:15/openssh4s.patch
@@ -0,0 +1,347 @@
+Index: crypto/openssh/auth-chall.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
+retrieving revision 1.2.2.4
+retrieving revision 1.2.2.6
+diff -p -c -r1.2.2.4 -r1.2.2.6
+*** crypto/openssh/auth-chall.c	3 Feb 2003 17:31:06 -0000	1.2.2.4
+--- crypto/openssh/auth-chall.c	24 Sep 2003 18:25:31 -0000	1.2.2.6
+*************** verify_response(Authctxt *authctxt, cons
+*** 93,101 ****
+  			xfree(info);
+  		}
+  		/* if we received more prompts, we're screwed */
+! 		res = (numprompts != 0);
+  	}
+  	device->free_ctx(authctxt->kbdintctxt);
+  	authctxt->kbdintctxt = NULL;
+  	return res ? 0 : 1;
+  }
+--- 93,109 ----
+  			xfree(info);
+  		}
+  		/* if we received more prompts, we're screwed */
+! 		res = (res == 0 && numprompts == 0) ? 0 : -1;
+  	}
+  	device->free_ctx(authctxt->kbdintctxt);
+  	authctxt->kbdintctxt = NULL;
+  	return res ? 0 : 1;
++ }
++ void
++ abandon_challenge_response(Authctxt *authctxt)
++ {
++ 	if (authctxt->kbdintctxt != NULL) {
++ 		device->free_ctx(authctxt->kbdintctxt);
++ 		authctxt->kbdintctxt = NULL;
++ 	}
+  }
+Index: crypto/openssh/auth.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
+retrieving revision 1.1.1.1.2.6
+retrieving revision 1.1.1.1.2.7
+diff -p -c -r1.1.1.1.2.6 -r1.1.1.1.2.7
+*** crypto/openssh/auth.h	3 Feb 2003 17:31:06 -0000	1.1.1.1.2.6
+--- crypto/openssh/auth.h	7 Apr 2003 09:56:46 -0000	1.1.1.1.2.7
+*************** struct passwd * getpwnamallow(const char
+*** 160,165 ****
+--- 160,166 ----
+  
+  char	*get_challenge(Authctxt *);
+  int	verify_response(Authctxt *, const char *);
++ void	abandon_challenge_response(Authctxt *);
+  
+  struct passwd * auth_get_user(void);
+  
+Index: crypto/openssh/auth1.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth1.c,v
+retrieving revision 1.3.2.9
+retrieving revision 1.3.2.10
+diff -p -c -r1.3.2.9 -r1.3.2.10
+*** crypto/openssh/auth1.c	3 Feb 2003 17:31:06 -0000	1.3.2.9
+--- crypto/openssh/auth1.c	7 Apr 2003 09:56:46 -0000	1.3.2.10
+*************** do_authloop(Authctxt *authctxt)
+*** 74,80 ****
+  	char info[1024];
+  	u_int dlen;
+  	u_int ulen;
+! 	int type = 0;
+  	struct passwd *pw = authctxt->pw;
+  
+  	debug("Attempting authentication for %s%.100s.",
+--- 74,80 ----
+  	char info[1024];
+  	u_int dlen;
+  	u_int ulen;
+! 	int prev, type = 0;
+  	struct passwd *pw = authctxt->pw;
+  
+  	debug("Attempting authentication for %s%.100s.",
+*************** do_authloop(Authctxt *authctxt)
+*** 104,110 ****
+--- 104,122 ----
+  		info[0] = '\0';
+  
+  		/* Get a packet from the client. */
++ 		prev = type;
+  		type = packet_read();
++ 
++ 		/*
++ 		 * If we started challenge-response authentication but the
++ 		 * next packet is not a response to our challenge, release
++ 		 * the resources allocated by get_challenge() (which would
++ 		 * normally have been released by verify_response() had we
++ 		 * received such a response)
++ 		 */
++ 		if (prev == SSH_CMSG_AUTH_TIS &&
++ 		    type != SSH_CMSG_AUTH_TIS_RESPONSE)
++ 			abandon_challenge_response(authctxt);
+  
+  		/* Process the packet. */
+  		switch (type) {
+Index: crypto/openssh/auth2-pam-freebsd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
+retrieving revision 1.1.2.6
+retrieving revision 1.1.2.8
+diff -p -c -r1.1.2.6 -r1.1.2.8
+*** crypto/openssh/auth2-pam-freebsd.c	7 Apr 2003 09:56:46 -0000	1.1.2.6
+--- crypto/openssh/auth2-pam-freebsd.c	24 Sep 2003 19:13:34 -0000	1.1.2.8
+*************** pam_thread_conv(int n,
+*** 134,141 ****
+  	*resp = xmalloc(n * sizeof **resp);
+  	buffer_init(&buffer);
+  	for (i = 0; i < n; ++i) {
+! 		resp[i]->resp_retcode = 0;
+! 		resp[i]->resp = NULL;
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 134,141 ----
+  	*resp = xmalloc(n * sizeof **resp);
+  	buffer_init(&buffer);
+  	for (i = 0; i < n; ++i) {
+! 		(*resp)[i].resp_retcode = 0;
+! 		(*resp)[i].resp = NULL;
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_thread_conv(int n,
+*** 143,149 ****
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 143,149 ----
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_thread_conv(int n,
+*** 151,157 ****
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_ERROR_MSG:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 151,157 ----
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_ERROR_MSG:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_thread_conv(int n,
+*** 169,176 ****
+  	buffer_free(&buffer);
+  	return (PAM_SUCCESS);
+   fail:
+- 	while (i)
+- 		xfree(resp[--i]);
+  	xfree(*resp);
+  	*resp = NULL;
+  	buffer_free(&buffer);
+--- 169,174 ----
+*************** pam_chauthtok_conv(int n,
+*** 550,569 ****
+  	for (i = 0; i < n; ++i) {
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+! 			resp[i]->resp =
+  			    read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
+! 			resp[i]->resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			fputs(msg[i]->msg, stderr);
+  			fgets(input, sizeof input, stdin);
+! 			resp[i]->resp = xstrdup(input);
+! 			resp[i]->resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_ERROR_MSG:
+  		case PAM_TEXT_INFO:
+  			fputs(msg[i]->msg, stderr);
+! 			resp[i]->resp_retcode = PAM_SUCCESS;
+  			break;
+  		default:
+  			goto fail;
+--- 548,567 ----
+  	for (i = 0; i < n; ++i) {
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+! 			(*resp)[i].resp =
+  			    read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
+! 			(*resp)[i].resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			fputs(msg[i]->msg, stderr);
+  			fgets(input, sizeof input, stdin);
+! 			(*resp)[i].resp = xstrdup(input);
+! 			(*resp)[i].resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_ERROR_MSG:
+  		case PAM_TEXT_INFO:
+  			fputs(msg[i]->msg, stderr);
+! 			(*resp)[i].resp_retcode = PAM_SUCCESS;
+  			break;
+  		default:
+  			goto fail;
+*************** pam_chauthtok_conv(int n,
+*** 571,578 ****
+  	}
+  	return (PAM_SUCCESS);
+   fail:
+- 	while (i)
+- 		xfree(resp[--i]);
+  	xfree(*resp);
+  	*resp = NULL;
+  	return (PAM_CONV_ERR);
+--- 569,574 ----
+Index: crypto/openssh/ssh_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
+retrieving revision 1.2.2.8
+retrieving revision 1.2.2.9
+diff -p -c -r1.2.2.8 -r1.2.2.9
+*** crypto/openssh/ssh_config	11 Feb 2003 12:11:54 -0000	1.2.2.8
+--- crypto/openssh/ssh_config	24 Sep 2003 19:28:35 -0000	1.2.2.9
+***************
+*** 35,38 ****
+  #   Cipher 3des
+  #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+  #   EscapeChar ~
+! #   VersionAddendum FreeBSD-20030201
+--- 35,38 ----
+  #   Cipher 3des
+  #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+  #   EscapeChar ~
+! #   VersionAddendum FreeBSD-20030924
+Index: crypto/openssh/sshd_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
+retrieving revision 1.4.2.12
+retrieving revision 1.4.2.13
+diff -p -c -r1.4.2.12 -r1.4.2.13
+*** crypto/openssh/sshd_config	11 Feb 2003 12:11:54 -0000	1.4.2.12
+--- crypto/openssh/sshd_config	24 Sep 2003 19:28:35 -0000	1.4.2.13
+***************
+*** 14,20 ****
+  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+  # FreeBSD has a few additional options.
+  
+! #VersionAddendum FreeBSD-20030201
+  
+  #Port 22
+  #Protocol 2,1
+--- 14,20 ----
+  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+  # FreeBSD has a few additional options.
+  
+! #VersionAddendum FreeBSD-20030924
+  
+  #Port 22
+  #Protocol 2,1
+Index: crypto/openssh/version.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/version.h,v
+retrieving revision 1.1.1.1.2.12
+retrieving revision 1.1.1.1.2.13
+diff -p -c -r1.1.1.1.2.12 -r1.1.1.1.2.13
+*** crypto/openssh/version.h	17 Sep 2003 14:41:41 -0000	1.1.1.1.2.12
+--- crypto/openssh/version.h	24 Sep 2003 19:28:35 -0000	1.1.1.1.2.13
+***************
+*** 5,11 ****
+  
+  #define SSH_VERSION             (ssh_version_get())
+  #define SSH_VERSION_BASE        "OpenSSH_3.5p1"
+! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030917"
+  
+  const char *ssh_version_get(void);
+  void ssh_version_set_addendum(const char *add);
+--- 5,11 ----
+  
+  #define SSH_VERSION             (ssh_version_get())
+  #define SSH_VERSION_BASE        "OpenSSH_3.5p1"
+! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030924"
+  
+  const char *ssh_version_get(void);
+  void ssh_version_set_addendum(const char *add);
+Index: crypto/openssh/sshd_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v
+retrieving revision 1.5.2.5
+retrieving revision 1.5.2.6
+diff -p -c -r1.5.2.5 -r1.5.2.6
+*** crypto/openssh/sshd_config.5	11 Feb 2003 12:11:54 -0000	1.5.2.5
+--- crypto/openssh/sshd_config.5	24 Sep 2003 19:28:35 -0000	1.5.2.6
+*************** The default is
+*** 647,653 ****
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030201 .
+  .It Cm X11DisplayOffset
+  Specifies the first display number available for
+  .Nm sshd Ns 's
+--- 647,653 ----
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030924 .
+  .It Cm X11DisplayOffset
+  Specifies the first display number available for
+  .Nm sshd Ns 's
+Index: crypto/openssh/ssh_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v
+retrieving revision 1.4.2.4
+retrieving revision 1.4.2.5
+diff -p -c -r1.4.2.4 -r1.4.2.5
+*** crypto/openssh/ssh_config.5	11 Feb 2003 12:11:54 -0000	1.4.2.4
+--- crypto/openssh/ssh_config.5	24 Sep 2003 19:28:35 -0000	1.4.2.5
+*************** host key database instead of
+*** 616,622 ****
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030201 .
+  .It Cm XAuthLocation
+  Specifies the full pathname of the
+  .Xr xauth 1
+--- 616,622 ----
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030924 .
+  .It Cm XAuthLocation
+  Specifies the full pathname of the
+  .Xr xauth 1
diff --git a/share/security/patches/SA-03:15/openssh4s.patch.asc b/share/security/patches/SA-03:15/openssh4s.patch.asc
new file mode 100644
index 0000000000..a7b00f1e87
--- /dev/null
+++ b/share/security/patches/SA-03:15/openssh4s.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/gE1eFdaIBMps37IRAhYQAJ9mWC7TW6KzvIOmE0uEmwNyxL2fHACfSAOg
+w/qazP4n9gND3NPmh7U5XTE=
+=jiPB
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:15/openssh51.patch b/share/security/patches/SA-03:15/openssh51.patch
new file mode 100644
index 0000000000..43d1be0b3c
--- /dev/null
+++ b/share/security/patches/SA-03:15/openssh51.patch
@@ -0,0 +1,248 @@
+Index: crypto/openssh/auth-chall.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth-chall.c,v
+retrieving revision 1.6
+retrieving revision 1.6.2.1
+diff -p -c -r1.6 -r1.6.2.1
+*** crypto/openssh/auth-chall.c	31 Mar 2003 13:45:36 -0000	1.6
+--- crypto/openssh/auth-chall.c	24 Sep 2003 18:32:12 -0000	1.6.2.1
+*************** verify_response(Authctxt *authctxt, cons
+*** 93,99 ****
+  			xfree(info);
+  		}
+  		/* if we received more prompts, we're screwed */
+! 		res = (numprompts != 0);
+  	}
+  	device->free_ctx(authctxt->kbdintctxt);
+  	authctxt->kbdintctxt = NULL;
+--- 93,99 ----
+  			xfree(info);
+  		}
+  		/* if we received more prompts, we're screwed */
+! 		res = (res == 0 && numprompts == 0) ? 0 : -1;
+  	}
+  	device->free_ctx(authctxt->kbdintctxt);
+  	authctxt->kbdintctxt = NULL;
+Index: crypto/openssh/auth2-pam-freebsd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth2-pam-freebsd.c,v
+retrieving revision 1.11
+retrieving revision 1.11.2.1
+diff -p -c -r1.11 -r1.11.2.1
+*** crypto/openssh/auth2-pam-freebsd.c	31 Mar 2003 13:48:18 -0000	1.11
+--- crypto/openssh/auth2-pam-freebsd.c	24 Sep 2003 18:32:22 -0000	1.11.2.1
+*************** pam_thread_conv(int n,
+*** 134,141 ****
+  	*resp = xmalloc(n * sizeof **resp);
+  	buffer_init(&buffer);
+  	for (i = 0; i < n; ++i) {
+! 		resp[i]->resp_retcode = 0;
+! 		resp[i]->resp = NULL;
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 134,141 ----
+  	*resp = xmalloc(n * sizeof **resp);
+  	buffer_init(&buffer);
+  	for (i = 0; i < n; ++i) {
+! 		(*resp)[i].resp_retcode = 0;
+! 		(*resp)[i].resp = NULL;
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_thread_conv(int n,
+*** 143,149 ****
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 143,149 ----
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_thread_conv(int n,
+*** 151,157 ****
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			resp[i]->resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_ERROR_MSG:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+--- 151,157 ----
+  			ssh_msg_recv(ctxt->pam_csock, &buffer);
+  			if (buffer_get_char(&buffer) != PAM_AUTHTOK)
+  				goto fail;
+! 			(*resp)[i].resp = buffer_get_string(&buffer, NULL);
+  			break;
+  		case PAM_ERROR_MSG:
+  			buffer_put_cstring(&buffer, msg[i]->msg);
+*************** pam_chauthtok_conv(int n,
+*** 550,569 ****
+  	for (i = 0; i < n; ++i) {
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+! 			resp[i]->resp =
+  			    read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
+! 			resp[i]->resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			fputs(msg[i]->msg, stderr);
+  			fgets(input, sizeof input, stdin);
+! 			resp[i]->resp = xstrdup(input);
+! 			resp[i]->resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_ERROR_MSG:
+  		case PAM_TEXT_INFO:
+  			fputs(msg[i]->msg, stderr);
+! 			resp[i]->resp_retcode = PAM_SUCCESS;
+  			break;
+  		default:
+  			goto fail;
+--- 550,569 ----
+  	for (i = 0; i < n; ++i) {
+  		switch (msg[i]->msg_style) {
+  		case PAM_PROMPT_ECHO_OFF:
+! 			(*resp)[i].resp =
+  			    read_passphrase(msg[i]->msg, RP_ALLOW_STDIN);
+! 			(*resp)[i].resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_PROMPT_ECHO_ON:
+  			fputs(msg[i]->msg, stderr);
+  			fgets(input, sizeof input, stdin);
+! 			(*resp)[i].resp = xstrdup(input);
+! 			(*resp)[i].resp_retcode = PAM_SUCCESS;
+  			break;
+  		case PAM_ERROR_MSG:
+  		case PAM_TEXT_INFO:
+  			fputs(msg[i]->msg, stderr);
+! 			(*resp)[i].resp_retcode = PAM_SUCCESS;
+  			break;
+  		default:
+  			goto fail;
+Index: crypto/openssh/ssh_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
+retrieving revision 1.21
+retrieving revision 1.21.2.1
+diff -p -c -r1.21 -r1.21.2.1
+*** crypto/openssh/ssh_config	23 Apr 2003 17:10:53 -0000	1.21
+--- crypto/openssh/ssh_config	24 Sep 2003 20:23:11 -0000	1.21.2.1
+***************
+*** 35,38 ****
+  #   Cipher 3des
+  #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+  #   EscapeChar ~
+! #   VersionAddendum FreeBSD-20030423
+--- 35,38 ----
+  #   Cipher 3des
+  #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+  #   EscapeChar ~
+! #   VersionAddendum FreeBSD-20030924
+Index: crypto/openssh/ssh_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v
+retrieving revision 1.9
+retrieving revision 1.9.2.1
+diff -p -c -r1.9 -r1.9.2.1
+*** crypto/openssh/ssh_config.5	23 Apr 2003 17:10:53 -0000	1.9
+--- crypto/openssh/ssh_config.5	24 Sep 2003 20:23:11 -0000	1.9.2.1
+*************** host key database instead of
+*** 623,629 ****
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030423 .
+  .It Cm XAuthLocation
+  Specifies the full pathname of the
+  .Xr xauth 1
+--- 623,629 ----
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030924 .
+  .It Cm XAuthLocation
+  Specifies the full pathname of the
+  .Xr xauth 1
+Index: crypto/openssh/sshd_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
+retrieving revision 1.32
+retrieving revision 1.32.2.1
+diff -p -c -r1.32 -r1.32.2.1
+*** crypto/openssh/sshd_config	23 Apr 2003 17:10:53 -0000	1.32
+--- crypto/openssh/sshd_config	24 Sep 2003 20:23:11 -0000	1.32.2.1
+***************
+*** 14,20 ****
+  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+  # FreeBSD has a few additional options.
+  
+! #VersionAddendum FreeBSD-20030423
+  
+  #Port 22
+  #Protocol 2,1
+--- 14,20 ----
+  # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+  # FreeBSD has a few additional options.
+  
+! #VersionAddendum FreeBSD-20030924
+  
+  #Port 22
+  #Protocol 2,1
+Index: crypto/openssh/sshd_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v
+retrieving revision 1.11
+retrieving revision 1.11.2.1
+diff -p -c -r1.11 -r1.11.2.1
+*** crypto/openssh/sshd_config.5	23 Apr 2003 17:10:53 -0000	1.11
+--- crypto/openssh/sshd_config.5	24 Sep 2003 20:23:11 -0000	1.11.2.1
+*************** The default is
+*** 650,656 ****
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030423 .
+  .It Cm X11DisplayOffset
+  Specifies the first display number available for
+  .Nm sshd Ns 's
+--- 650,656 ----
+  Specifies a string to append to the regular version string to identify
+  OS- or site-specific modifications.
+  The default is
+! .Dq FreeBSD-20030924 .
+  .It Cm X11DisplayOffset
+  Specifies the first display number available for
+  .Nm sshd Ns 's
+Index: crypto/openssh/version.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/version.h,v
+retrieving revision 1.20.2.2
+retrieving revision 1.20.2.3
+diff -p -c -r1.20.2.2 -r1.20.2.3
+*** crypto/openssh/version.h	17 Sep 2003 14:47:55 -0000	1.20.2.2
+--- crypto/openssh/version.h	24 Sep 2003 20:23:11 -0000	1.20.2.3
+***************
+*** 5,11 ****
+  
+  #define SSH_VERSION             (ssh_version_get())
+  #define SSH_VERSION_BASE        "OpenSSH_3.6.1p1"
+! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030917"
+  
+  const char *ssh_version_get(void);
+  void ssh_version_set_addendum(const char *add);
+--- 5,11 ----
+  
+  #define SSH_VERSION             (ssh_version_get())
+  #define SSH_VERSION_BASE        "OpenSSH_3.6.1p1"
+! #define SSH_VERSION_ADDENDUM    "FreeBSD-20030924"
+  
+  const char *ssh_version_get(void);
+  void ssh_version_set_addendum(const char *add);
diff --git a/share/security/patches/SA-03:15/openssh51.patch.asc b/share/security/patches/SA-03:15/openssh51.patch.asc
new file mode 100644
index 0000000000..f55d21bc8d
--- /dev/null
+++ b/share/security/patches/SA-03:15/openssh51.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/gE1hFdaIBMps37IRAkAyAJ4wXEjYgxMzJnMplfYIjZeZNhDoLQCePz/Z
+qad9DS5zWV8tZavtxRlvH90=
+=hl6L
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:16/filedesc.patch b/share/security/patches/SA-03:16/filedesc.patch
new file mode 100644
index 0000000000..33ced3268a
--- /dev/null
+++ b/share/security/patches/SA-03:16/filedesc.patch
@@ -0,0 +1,55 @@
+Index: sys/kern/sys_generic.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/sys_generic.c,v
+retrieving revision 1.55.2.10
+diff -c -r1.55.2.10 sys_generic.c
+*** sys/kern/sys_generic.c	17 Mar 2001 10:39:32 -0000	1.55.2.10
+--- sys/kern/sys_generic.c	23 Sep 2003 17:52:41 -0000
+***************
+*** 231,237 ****
+  	register struct filedesc *fdp = p->p_fd;
+  	struct uio auio;
+  	register struct iovec *iov;
+! 	struct iovec *needfree;
+  	struct iovec aiov[UIO_SMALLIOV];
+  	long i, cnt, error = 0;
+  	u_int iovlen;
+--- 231,237 ----
+  	register struct filedesc *fdp = p->p_fd;
+  	struct uio auio;
+  	register struct iovec *iov;
+! 	struct iovec *needfree = NULL;
+  	struct iovec aiov[UIO_SMALLIOV];
+  	long i, cnt, error = 0;
+  	u_int iovlen;
+***************
+*** 245,258 ****
+  	/* note: can't use iovlen until iovcnt is validated */
+  	iovlen = uap->iovcnt * sizeof (struct iovec);
+  	if (uap->iovcnt > UIO_SMALLIOV) {
+! 		if (uap->iovcnt > UIO_MAXIOV)
+! 			return (EINVAL);
+  		MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK);
+  		needfree = iov;
+! 	} else {
+  		iov = aiov;
+- 		needfree = NULL;
+- 	}
+  	auio.uio_iov = iov;
+  	auio.uio_iovcnt = uap->iovcnt;
+  	auio.uio_rw = UIO_READ;
+--- 245,258 ----
+  	/* note: can't use iovlen until iovcnt is validated */
+  	iovlen = uap->iovcnt * sizeof (struct iovec);
+  	if (uap->iovcnt > UIO_SMALLIOV) {
+! 		if (uap->iovcnt > UIO_MAXIOV) {
+! 			error = EINVAL;
+! 			goto done;
+! 		}
+  		MALLOC(iov, struct iovec *, iovlen, M_IOV, M_WAITOK);
+  		needfree = iov;
+! 	} else
+  		iov = aiov;
+  	auio.uio_iov = iov;
+  	auio.uio_iovcnt = uap->iovcnt;
+  	auio.uio_rw = UIO_READ;
diff --git a/share/security/patches/SA-03:16/filedesc.patch.asc b/share/security/patches/SA-03:16/filedesc.patch.asc
new file mode 100644
index 0000000000..4d63b7dd36
--- /dev/null
+++ b/share/security/patches/SA-03:16/filedesc.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/fE6tFdaIBMps37IRAtaaAJ97LUpRMSCvr1iwJhPpxZcnHUwHLgCdFN3E
+/hhhuyBwtMEn1Sk+rZMkZl4=
+=SFxp
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:17/procfs43.patch b/share/security/patches/SA-03:17/procfs43.patch
new file mode 100644
index 0000000000..d386f146ae
--- /dev/null
+++ b/share/security/patches/SA-03:17/procfs43.patch
@@ -0,0 +1,543 @@
+Index: sys/i386/linux/linprocfs/linprocfs_misc.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/linux/linprocfs/Attic/linprocfs_misc.c,v
+retrieving revision 1.3.2.5
+diff -p -c -r1.3.2.5 linprocfs_misc.c
+*** sys/i386/linux/linprocfs/linprocfs_misc.c	7 Dec 2000 13:17:55 -0000	1.3.2.5
+--- sys/i386/linux/linprocfs/linprocfs_misc.c	3 Oct 2003 12:45:02 -0000
+*************** linprocfs_domeminfo(curp, p, pfs, uio)
+*** 85,91 ****
+  	struct uio *uio;
+  {
+  	char *ps;
+- 	int xlen;
+  	char psbuf[512];		/* XXX - conservative */
+  	unsigned long memtotal;		/* total memory in bytes */
+  	unsigned long memused;		/* used memory in bytes */
+--- 85,90 ----
+*************** linprocfs_domeminfo(curp, p, pfs, uio)
+*** 156,166 ****
+  		B2K(memshared), B2K(buffers), B2K(cached),
+  		B2K(swaptotal), B2K(swapfree));
+  
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 155,161 ----
+  		B2K(memshared), B2K(buffers), B2K(cached),
+  		B2K(swaptotal), B2K(swapfree));
+  
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  int
+*************** linprocfs_docpuinfo(curp, p, pfs, uio)
+*** 171,177 ****
+  	struct uio *uio;
+  {
+  	char *ps;
+- 	int xlen;
+  	char psbuf[512];		/* XXX - conservative */
+  	int class;
+          int i;
+--- 166,171 ----
+*************** linprocfs_docpuinfo(curp, p, pfs, uio)
+*** 248,259 ****
+                          (tsc_freq + 4999) / 1000000,
+                          ((tsc_freq + 4999) / 10000) % 100);
+          }
+!         
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 242,248 ----
+                          (tsc_freq + 4999) / 1000000,
+                          ((tsc_freq + 4999) / 10000) % 100);
+          }
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  int
+*************** linprocfs_dostat(curp, p, pfs, uio)
+*** 265,271 ****
+  {
+          char *ps;
+  	char psbuf[512];
+- 	int xlen;
+  
+  	ps = psbuf;
+  	ps += sprintf(ps,
+--- 254,259 ----
+*************** linprocfs_dostat(curp, p, pfs, uio)
+*** 287,297 ****
+  		      cnt.v_intr,
+  		      cnt.v_swtch,
+  		      boottime.tv_sec);
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 275,281 ----
+  		      cnt.v_intr,
+  		      cnt.v_swtch,
+  		      boottime.tv_sec);
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  int
+*************** linprocfs_douptime(curp, p, pfs, uio)
+*** 302,308 ****
+  	struct uio *uio;
+  {
+  	char *ps;
+- 	int xlen;
+  	char psbuf[64];
+  	struct timeval tv;
+  
+--- 286,291 ----
+*************** linprocfs_douptime(curp, p, pfs, uio)
+*** 311,321 ****
+  	ps += sprintf(ps, "%ld.%02ld %ld.%02ld\n",
+  		      tv.tv_sec, tv.tv_usec / 10000,
+  		      T2S(cp_time[CP_IDLE]), T2J(cp_time[CP_IDLE]) % 100);
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 294,300 ----
+  	ps += sprintf(ps, "%ld.%02ld %ld.%02ld\n",
+  		      tv.tv_sec, tv.tv_usec / 10000,
+  		      T2S(cp_time[CP_IDLE]), T2J(cp_time[CP_IDLE]) % 100);
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  int
+*************** linprocfs_doversion(curp, p, pfs, uio)
+*** 332,341 ****
+  	for (xlen = 0; ps[xlen] != '\n'; ++xlen)
+  		/* nothing */ ;
+  	++xlen;
+! 	xlen -= uio->uio_offset;
+! 	ps += uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 311,317 ----
+  	for (xlen = 0; ps[xlen] != '\n'; ++xlen)
+  		/* nothing */ ;
+  	++xlen;
+! 	return (uiomove_frombuf(ps, xlen, uio));
+  }
+  
+  int
+*************** linprocfs_doprocstat(curp, p, pfs, uio)
+*** 346,352 ****
+  	struct uio *uio;
+  {
+  	char *ps, psbuf[1024];
+- 	int xlen;
+  
+  	ps = psbuf;
+  	ps += sprintf(ps, "%d", p->p_pid);
+--- 322,327 ----
+*************** linprocfs_doprocstat(curp, p, pfs, uio)
+*** 388,398 ****
+  #undef PS_ADD
+  	ps += sprintf(ps, "\n");
+  	
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  /*
+--- 363,369 ----
+  #undef PS_ADD
+  	ps += sprintf(ps, "\n");
+  	
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  /*
+*************** linprocfs_doprocstatus(curp, p, pfs, uio
+*** 419,425 ****
+  {
+  	char *ps, psbuf[1024];
+  	char *state;
+! 	int i, xlen;
+  
+  	ps = psbuf;
+  
+--- 390,396 ----
+  {
+  	char *ps, psbuf[1024];
+  	char *state;
+! 	int i;
+  
+  	ps = psbuf;
+  
+*************** linprocfs_doprocstatus(curp, p, pfs, uio
+*** 490,498 ****
+  	PS_ADD(ps, "CapEff:\t%016x\n",	  0);
+  #undef PS_ADD
+  	
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+--- 461,465 ----
+  	PS_ADD(ps, "CapEff:\t%016x\n",	  0);
+  #undef PS_ADD
+  	
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+Index: sys/kern/kern_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_subr.c,v
+retrieving revision 1.31
+diff -p -c -r1.31 kern_subr.c
+*** sys/kern/kern_subr.c	29 Oct 1999 18:08:51 -0000	1.31
+--- sys/kern/kern_subr.c	3 Oct 2003 12:45:02 -0000
+***************
+*** 47,52 ****
+--- 47,53 ----
+  #include <sys/lock.h>
+  #include <sys/resourcevar.h>
+  #include <sys/vnode.h>
++ #include <machine/limits.h>
+  
+  #include <vm/vm.h>
+  #include <vm/vm_page.h>
+*************** uiomove(cp, n, uio)
+*** 119,124 ****
+--- 120,147 ----
+  	if (curproc)
+  		curproc->p_flag = (curproc->p_flag & ~P_DEADLKTREAT) | save;
+  	return (error);
++ }
++ 
++ /*
++  * Wrapper for uiomove() that validates the arguments against a known-good
++  * kernel buffer.  Currently, uiomove accepts a signed (n) argument, which
++  * is almost definitely a bad thing, so we catch that here as well.  We
++  * return a runtime failure, but it might be desirable to generate a runtime
++  * assertion failure instead.
++  */
++ int
++ uiomove_frombuf(void *buf, int buflen, struct uio *uio)
++ {
++ 	unsigned int offset, n;
++ 
++ 	if (uio->uio_offset < 0 || uio->uio_resid < 0 ||
++ 	    (offset = uio->uio_offset) != uio->uio_offset)
++ 		return (EINVAL);
++ 	if (buflen <= 0 || offset >= buflen)
++ 		return (0);
++ 	if ((n = buflen - offset) > INT_MAX)
++ 		return (EINVAL);
++ 	return (uiomove((char *)buf + offset, n, uio));
+  }
+  
+  int
+Index: sys/miscfs/procfs/procfs_dbregs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_dbregs.c,v
+retrieving revision 1.4.2.1.2.1
+diff -p -c -r1.4.2.1.2.1 procfs_dbregs.c
+*** sys/miscfs/procfs/procfs_dbregs.c	23 Jan 2002 23:05:54 -0000	1.4.2.1.2.1
+--- sys/miscfs/procfs/procfs_dbregs.c	3 Oct 2003 12:45:02 -0000
+*************** procfs_dodbregs(curp, p, pfs, uio)
+*** 59,88 ****
+  {
+  	int error;
+  	struct dbreg r;
+- 	char *kv;
+- 	int kl;
+  
+  	/* Can't trace a process that's currently exec'ing. */ 
+  	if ((p->p_flag & P_INEXEC) != 0)
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return (EPERM);
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	PHOLD(p);
+! 
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		error = procfs_read_dbregs(p, &r);
+  	if (error == 0)
+! 		error = uiomove(kv, kl, uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+--- 59,75 ----
+  {
+  	int error;
+  	struct dbreg r;
+  
+  	/* Can't trace a process that's currently exec'ing. */ 
+  	if ((p->p_flag & P_INEXEC) != 0)
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return (EPERM);
+  
+  	PHOLD(p);
+! 	error = procfs_read_dbregs(p, &r);
+  	if (error == 0)
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+Index: sys/miscfs/procfs/procfs_fpregs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_fpregs.c,v
+retrieving revision 1.11.2.1.2.1
+diff -p -c -r1.11.2.1.2.1 procfs_fpregs.c
+*** sys/miscfs/procfs/procfs_fpregs.c	23 Jan 2002 23:05:54 -0000	1.11.2.1.2.1
+--- sys/miscfs/procfs/procfs_fpregs.c	3 Oct 2003 12:45:02 -0000
+*************** procfs_dofpregs(curp, p, pfs, uio)
+*** 56,85 ****
+  {
+  	int error;
+  	struct fpreg r;
+- 	char *kv;
+- 	int kl;
+  
+  	/* Can't trace a process that's currently exec'ing. */ 
+  	if ((p->p_flag & P_INEXEC) != 0)
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return EPERM;
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	PHOLD(p);
+  
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		error = procfs_read_fpregs(p, &r);
+  	if (error == 0)
+! 		error = uiomove(kv, kl, uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+--- 56,73 ----
+  {
+  	int error;
+  	struct fpreg r;
+  
+  	/* Can't trace a process that's currently exec'ing. */ 
+  	if ((p->p_flag & P_INEXEC) != 0)
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return EPERM;
+  
+  	PHOLD(p);
+  
+! 	error = procfs_read_fpregs(p, &r);
+  	if (error == 0)
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+Index: sys/miscfs/procfs/procfs_regs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_regs.c,v
+retrieving revision 1.10.2.1.2.1
+diff -p -c -r1.10.2.1.2.1 procfs_regs.c
+*** sys/miscfs/procfs/procfs_regs.c	23 Jan 2002 23:05:54 -0000	1.10.2.1.2.1
+--- sys/miscfs/procfs/procfs_regs.c	3 Oct 2003 12:45:02 -0000
+*************** procfs_doregs(curp, p, pfs, uio)
+*** 65,86 ****
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return EPERM;
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	PHOLD(p);
+  
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		error = procfs_read_regs(p, &r);
+  	if (error == 0)
+! 		error = uiomove(kv, kl, uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+--- 65,76 ----
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return EPERM;
+  
+  	PHOLD(p);
+  
+! 	error = procfs_read_regs(p, &r);
+  	if (error == 0)
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+Index: sys/miscfs/procfs/procfs_rlimit.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_rlimit.c,v
+retrieving revision 1.5
+diff -p -c -r1.5 procfs_rlimit.c
+*** sys/miscfs/procfs/procfs_rlimit.c	8 Dec 1999 08:59:37 -0000	1.5
+--- sys/miscfs/procfs/procfs_rlimit.c	3 Oct 2003 12:45:02 -0000
+*************** procfs_dorlimit(curp, p, pfs, uio)
+*** 64,70 ****
+  {
+  	char *ps;
+  	int i;
+- 	int xlen;
+  	int error;
+  	char psbuf[512];		/* XXX - conservative */
+  
+--- 64,69 ----
+*************** procfs_dorlimit(curp, p, pfs, uio)
+*** 109,128 ****
+  		}
+  	}
+  
+! 	/*
+! 	 * This logic is rather tasty - but its from procfs_status.c, so
+! 	 * I guess I'll use it here.
+! 	 */
+! 
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	if (xlen <= 0)
+! 		error = 0;
+! 	else
+! 		error = uiomove(ps, xlen, uio);
+! 
+  	return (error);
+  }
+  
+--- 108,114 ----
+  		}
+  	}
+  
+! 	error = uiomove_frombuf(psbuf, ps - psbuf, uio);
+  	return (error);
+  }
+  
+Index: sys/miscfs/procfs/procfs_status.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_status.c,v
+retrieving revision 1.20.2.3.2.1
+diff -p -c -r1.20.2.3.2.1 procfs_status.c
+*** sys/miscfs/procfs/procfs_status.c	23 Jan 2002 23:05:54 -0000	1.20.2.3.2.1
+--- sys/miscfs/procfs/procfs_status.c	3 Oct 2003 12:45:02 -0000
+*************** procfs_dostatus(curp, p, pfs, uio)
+*** 166,180 ****
+  	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "\n");
+  	DOCHECK();
+  
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	if (xlen <= 0)
+! 		error = 0;
+! 	else
+! 		error = uiomove(ps, xlen, uio);
+! 
+  	return (error);
+  
+  bailout:
+--- 166,172 ----
+  	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "\n");
+  	DOCHECK();
+  
+! 	error = uiomove_frombuf(psbuf, ps - psbuf, uio);
+  	return (error);
+  
+  bailout:
+*************** procfs_docmdline(curp, p, pfs, uio)
+*** 246,258 ****
+  		buflen = ps - buf;
+  	}
+  
+! 	buflen -= uio->uio_offset;
+! 	ps = bp + uio->uio_offset;
+! 	xlen = min(buflen, uio->uio_resid);
+! 	if (xlen <= 0)
+! 		error = 0;
+! 	else
+! 		error = uiomove(ps, xlen, uio);
+  	if (buf)
+  		FREE(buf, M_TEMP);
+  	return (error);
+--- 238,244 ----
+  		buflen = ps - buf;
+  	}
+  
+! 	error = uiomove_frombuf(bp, buflen, uio);
+  	if (buf)
+  		FREE(buf, M_TEMP);
+  	return (error);
+Index: sys/sys/uio.h
+===================================================================
+RCS file: /home/ncvs/src/sys/sys/uio.h,v
+retrieving revision 1.11
+diff -p -c -r1.11 uio.h
+*** sys/sys/uio.h	29 Dec 1999 04:24:49 -0000	1.11
+--- sys/sys/uio.h	3 Oct 2003 12:45:02 -0000
+*************** struct uio {
+*** 77,82 ****
+--- 77,83 ----
+  struct vm_object;
+  
+  int	uiomove __P((caddr_t, int, struct uio *));
++ int	uiomove_frombuf __P((void *buf, int buflen, struct uio *uio));
+  int	uiomoveco __P((caddr_t, int, struct uio *, struct vm_object *));
+  int	uioread __P((int, struct uio *, struct vm_object *, int *));
+  
diff --git a/share/security/patches/SA-03:17/procfs43.patch.asc b/share/security/patches/SA-03:17/procfs43.patch.asc
new file mode 100644
index 0000000000..ecba7f4c7e
--- /dev/null
+++ b/share/security/patches/SA-03:17/procfs43.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/fu1AFdaIBMps37IRAtCSAJ0THWuqLPKRBUcQA7U0RDu62n2wiQCfdvPK
+8h2rlzzJFCUGOMvQYq2eako=
+=/XKP
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:17/procfs4x.patch b/share/security/patches/SA-03:17/procfs4x.patch
new file mode 100644
index 0000000000..f588a74dad
--- /dev/null
+++ b/share/security/patches/SA-03:17/procfs4x.patch
@@ -0,0 +1,583 @@
+Index: sys/i386/linux/linprocfs/linprocfs_misc.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/linux/linprocfs/Attic/linprocfs_misc.c,v
+retrieving revision 1.3.2.8
+diff -p -c -r1.3.2.8 linprocfs_misc.c
+*** sys/i386/linux/linprocfs/linprocfs_misc.c	25 Jun 2001 19:46:47 -0000	1.3.2.8
+--- sys/i386/linux/linprocfs/linprocfs_misc.c	3 Oct 2003 12:39:55 -0000
+*************** linprocfs_domeminfo(curp, p, pfs, uio)
+*** 85,91 ****
+  	struct uio *uio;
+  {
+  	char *ps;
+- 	int xlen;
+  	char psbuf[512];		/* XXX - conservative */
+  	unsigned long memtotal;		/* total memory in bytes */
+  	unsigned long memused;		/* used memory in bytes */
+--- 85,90 ----
+*************** linprocfs_domeminfo(curp, p, pfs, uio)
+*** 156,166 ****
+  		B2K(memshared), B2K(buffers), B2K(cached),
+  		B2K(swaptotal), B2K(swapfree));
+  
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 155,161 ----
+  		B2K(memshared), B2K(buffers), B2K(cached),
+  		B2K(swaptotal), B2K(swapfree));
+  
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  int
+*************** linprocfs_docpuinfo(curp, p, pfs, uio)
+*** 171,177 ****
+  	struct uio *uio;
+  {
+  	char *ps;
+- 	int xlen;
+  	char psbuf[512];		/* XXX - conservative */
+  	int class;
+          int i;
+--- 166,171 ----
+*************** linprocfs_docpuinfo(curp, p, pfs, uio)
+*** 248,259 ****
+                          (tsc_freq + 4999) / 1000000,
+                          ((tsc_freq + 4999) / 10000) % 100);
+          }
+!         
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 242,248 ----
+                          (tsc_freq + 4999) / 1000000,
+                          ((tsc_freq + 4999) / 10000) % 100);
+          }
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  int
+*************** linprocfs_dostat(curp, p, pfs, uio)
+*** 265,271 ****
+  {
+          char *ps;
+  	char psbuf[512];
+- 	int xlen;
+  
+  	ps = psbuf;
+  	ps += sprintf(ps,
+--- 254,259 ----
+*************** linprocfs_dostat(curp, p, pfs, uio)
+*** 287,297 ****
+  		      cnt.v_intr,
+  		      cnt.v_swtch,
+  		      boottime.tv_sec);
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 275,281 ----
+  		      cnt.v_intr,
+  		      cnt.v_swtch,
+  		      boottime.tv_sec);
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  int
+*************** linprocfs_douptime(curp, p, pfs, uio)
+*** 302,308 ****
+  	struct uio *uio;
+  {
+  	char *ps;
+- 	int xlen;
+  	char psbuf[64];
+  	struct timeval tv;
+  
+--- 286,291 ----
+*************** linprocfs_douptime(curp, p, pfs, uio)
+*** 311,321 ****
+  	ps += sprintf(ps, "%ld.%02ld %ld.%02ld\n",
+  		      tv.tv_sec, tv.tv_usec / 10000,
+  		      T2S(cp_time[CP_IDLE]), T2J(cp_time[CP_IDLE]) % 100);
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 294,300 ----
+  	ps += sprintf(ps, "%ld.%02ld %ld.%02ld\n",
+  		      tv.tv_sec, tv.tv_usec / 10000,
+  		      T2S(cp_time[CP_IDLE]), T2J(cp_time[CP_IDLE]) % 100);
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  int
+*************** linprocfs_doversion(curp, p, pfs, uio)
+*** 332,341 ****
+  	for (xlen = 0; ps[xlen] != '\n'; ++xlen)
+  		/* nothing */ ;
+  	++xlen;
+! 	xlen -= uio->uio_offset;
+! 	ps += uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 311,317 ----
+  	for (xlen = 0; ps[xlen] != '\n'; ++xlen)
+  		/* nothing */ ;
+  	++xlen;
+! 	return (uiomove_frombuf(ps, xlen, uio));
+  }
+  
+  int
+*************** linprocfs_doprocstat(curp, p, pfs, uio)
+*** 346,352 ****
+  	struct uio *uio;
+  {
+  	char *ps, psbuf[1024];
+- 	int xlen;
+  
+  	ps = psbuf;
+  	ps += sprintf(ps, "%d", p->p_pid);
+--- 322,327 ----
+*************** linprocfs_doprocstat(curp, p, pfs, uio)
+*** 388,398 ****
+  #undef PS_ADD
+  	ps += sprintf(ps, "\n");
+  	
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  /*
+--- 363,369 ----
+  #undef PS_ADD
+  	ps += sprintf(ps, "\n");
+  	
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  /*
+*************** linprocfs_doprocstatus(curp, p, pfs, uio
+*** 419,425 ****
+  {
+  	char *ps, psbuf[1024];
+  	char *state;
+! 	int i, xlen;
+  
+  	ps = psbuf;
+  
+--- 390,396 ----
+  {
+  	char *ps, psbuf[1024];
+  	char *state;
+! 	int i;
+  
+  	ps = psbuf;
+  
+*************** linprocfs_doprocstatus(curp, p, pfs, uio
+*** 490,500 ****
+  	PS_ADD(ps, "CapEff:\t%016x\n",	  0);
+  #undef PS_ADD
+  	
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+  
+  int
+--- 461,467 ----
+  	PS_ADD(ps, "CapEff:\t%016x\n",	  0);
+  #undef PS_ADD
+  	
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+  
+  int
+*************** linprocfs_doloadavg(curp, p, pfs, uio)
+*** 504,511 ****
+  	struct pfsnode *pfs;
+  	struct uio *uio;
+  {
+!      char *ps, psbuf[512];
+!      int xlen;
+  	extern int nextpid;
+  
+  	ps=psbuf;
+--- 471,477 ----
+  	struct pfsnode *pfs;
+  	struct uio *uio;
+  {
+! 	char *ps, psbuf[512];
+  	extern int nextpid;
+  
+  	ps=psbuf;
+*************** linprocfs_doloadavg(curp, p, pfs, uio)
+*** 522,531 ****
+  		-1,			/* number of tasks */
+  		nextpid		/* The last pid */
+  	);
+! 
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+!      return (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  }
+--- 488,492 ----
+  		-1,			/* number of tasks */
+  		nextpid		/* The last pid */
+  	);
+! 	return (uiomove_frombuf(psbuf, ps - psbuf, uio));
+  }
+Index: sys/kern/kern_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_subr.c,v
+retrieving revision 1.31.2.2
+diff -p -c -r1.31.2.2 kern_subr.c
+*** sys/kern/kern_subr.c	21 Apr 2002 08:09:37 -0000	1.31.2.2
+--- sys/kern/kern_subr.c	3 Oct 2003 12:39:55 -0000
+***************
+*** 47,52 ****
+--- 47,53 ----
+  #include <sys/lock.h>
+  #include <sys/resourcevar.h>
+  #include <sys/vnode.h>
++ #include <machine/limits.h>
+  
+  #include <vm/vm.h>
+  #include <vm/vm_page.h>
+*************** uiomove(cp, n, uio)
+*** 117,122 ****
+--- 118,145 ----
+  	if (curproc)
+  		curproc->p_flag = (curproc->p_flag & ~P_DEADLKTREAT) | save;
+  	return (error);
++ }
++ 
++ /*
++  * Wrapper for uiomove() that validates the arguments against a known-good
++  * kernel buffer.  Currently, uiomove accepts a signed (n) argument, which
++  * is almost definitely a bad thing, so we catch that here as well.  We
++  * return a runtime failure, but it might be desirable to generate a runtime
++  * assertion failure instead.
++  */
++ int
++ uiomove_frombuf(void *buf, int buflen, struct uio *uio)
++ {
++ 	unsigned int offset, n;
++ 
++ 	if (uio->uio_offset < 0 || uio->uio_resid < 0 ||
++ 	    (offset = uio->uio_offset) != uio->uio_offset)
++ 		return (EINVAL);
++ 	if (buflen <= 0 || offset >= buflen)
++ 		return (0);
++ 	if ((n = buflen - offset) > INT_MAX)
++ 		return (EINVAL);
++ 	return (uiomove((char *)buf + offset, n, uio));
+  }
+  
+  int
+Index: sys/miscfs/procfs/procfs_dbregs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_dbregs.c,v
+retrieving revision 1.4.2.3
+diff -p -c -r1.4.2.3 procfs_dbregs.c
+*** sys/miscfs/procfs/procfs_dbregs.c	22 Jan 2002 17:22:59 -0000	1.4.2.3
+--- sys/miscfs/procfs/procfs_dbregs.c	3 Oct 2003 12:39:55 -0000
+*************** procfs_dodbregs(curp, p, pfs, uio)
+*** 59,88 ****
+  {
+  	int error;
+  	struct dbreg r;
+- 	char *kv;
+- 	int kl;
+  
+  	/* Can't trace a process that's currently exec'ing. */ 
+  	if ((p->p_flag & P_INEXEC) != 0)
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return (EPERM);
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	PHOLD(p);
+! 
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		error = procfs_read_dbregs(p, &r);
+  	if (error == 0)
+! 		error = uiomove(kv, kl, uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+--- 59,75 ----
+  {
+  	int error;
+  	struct dbreg r;
+  
+  	/* Can't trace a process that's currently exec'ing. */ 
+  	if ((p->p_flag & P_INEXEC) != 0)
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return (EPERM);
+  
+  	PHOLD(p);
+! 	error = procfs_read_dbregs(p, &r);
+  	if (error == 0)
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+Index: sys/miscfs/procfs/procfs_fpregs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_fpregs.c,v
+retrieving revision 1.11.2.3
+diff -p -c -r1.11.2.3 procfs_fpregs.c
+*** sys/miscfs/procfs/procfs_fpregs.c	22 Jan 2002 17:22:59 -0000	1.11.2.3
+--- sys/miscfs/procfs/procfs_fpregs.c	3 Oct 2003 12:39:55 -0000
+*************** procfs_dofpregs(curp, p, pfs, uio)
+*** 56,85 ****
+  {
+  	int error;
+  	struct fpreg r;
+- 	char *kv;
+- 	int kl;
+  
+  	/* Can't trace a process that's currently exec'ing. */ 
+  	if ((p->p_flag & P_INEXEC) != 0)
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return EPERM;
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	PHOLD(p);
+  
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		error = procfs_read_fpregs(p, &r);
+  	if (error == 0)
+! 		error = uiomove(kv, kl, uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+--- 56,73 ----
+  {
+  	int error;
+  	struct fpreg r;
+  
+  	/* Can't trace a process that's currently exec'ing. */ 
+  	if ((p->p_flag & P_INEXEC) != 0)
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return EPERM;
+  
+  	PHOLD(p);
+  
+! 	error = procfs_read_fpregs(p, &r);
+  	if (error == 0)
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+Index: sys/miscfs/procfs/procfs_regs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_regs.c,v
+retrieving revision 1.10.2.3
+diff -p -c -r1.10.2.3 procfs_regs.c
+*** sys/miscfs/procfs/procfs_regs.c	22 Jan 2002 17:22:59 -0000	1.10.2.3
+--- sys/miscfs/procfs/procfs_regs.c	3 Oct 2003 12:39:55 -0000
+*************** procfs_doregs(curp, p, pfs, uio)
+*** 65,86 ****
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return EPERM;
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	PHOLD(p);
+  
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		error = procfs_read_regs(p, &r);
+  	if (error == 0)
+! 		error = uiomove(kv, kl, uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+--- 65,76 ----
+  		return EAGAIN;
+  	if (!CHECKIO(curp, p) || p_trespass(curp, p))
+  		return EPERM;
+  
+  	PHOLD(p);
+  
+! 	error = procfs_read_regs(p, &r);
+  	if (error == 0)
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (p->p_stat != SSTOP)
+  			error = EBUSY;
+Index: sys/miscfs/procfs/procfs_rlimit.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_rlimit.c,v
+retrieving revision 1.5
+diff -p -c -r1.5 procfs_rlimit.c
+*** sys/miscfs/procfs/procfs_rlimit.c	8 Dec 1999 08:59:37 -0000	1.5
+--- sys/miscfs/procfs/procfs_rlimit.c	3 Oct 2003 12:39:55 -0000
+*************** procfs_dorlimit(curp, p, pfs, uio)
+*** 64,70 ****
+  {
+  	char *ps;
+  	int i;
+- 	int xlen;
+  	int error;
+  	char psbuf[512];		/* XXX - conservative */
+  
+--- 64,69 ----
+*************** procfs_dorlimit(curp, p, pfs, uio)
+*** 109,128 ****
+  		}
+  	}
+  
+! 	/*
+! 	 * This logic is rather tasty - but its from procfs_status.c, so
+! 	 * I guess I'll use it here.
+! 	 */
+! 
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	if (xlen <= 0)
+! 		error = 0;
+! 	else
+! 		error = uiomove(ps, xlen, uio);
+! 
+  	return (error);
+  }
+  
+--- 108,114 ----
+  		}
+  	}
+  
+! 	error = uiomove_frombuf(psbuf, ps - psbuf, uio);
+  	return (error);
+  }
+  
+Index: sys/miscfs/procfs/procfs_status.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_status.c,v
+retrieving revision 1.20.2.4
+diff -p -c -r1.20.2.4 procfs_status.c
+*** sys/miscfs/procfs/procfs_status.c	22 Jan 2002 17:22:59 -0000	1.20.2.4
+--- sys/miscfs/procfs/procfs_status.c	3 Oct 2003 12:39:55 -0000
+*************** procfs_dostatus(curp, p, pfs, uio)
+*** 166,180 ****
+  	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "\n");
+  	DOCHECK();
+  
+! 	xlen = ps - psbuf;
+! 	xlen -= uio->uio_offset;
+! 	ps = psbuf + uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	if (xlen <= 0)
+! 		error = 0;
+! 	else
+! 		error = uiomove(ps, xlen, uio);
+! 
+  	return (error);
+  
+  bailout:
+--- 166,172 ----
+  	ps += snprintf(ps, psbuf + sizeof(psbuf) - ps, "\n");
+  	DOCHECK();
+  
+! 	error = uiomove_frombuf(psbuf, ps - psbuf, uio);
+  	return (error);
+  
+  bailout:
+*************** procfs_docmdline(curp, p, pfs, uio)
+*** 246,258 ****
+  		buflen = ps - buf;
+  	}
+  
+! 	buflen -= uio->uio_offset;
+! 	ps = bp + uio->uio_offset;
+! 	xlen = min(buflen, uio->uio_resid);
+! 	if (xlen <= 0)
+! 		error = 0;
+! 	else
+! 		error = uiomove(ps, xlen, uio);
+  	if (buf)
+  		FREE(buf, M_TEMP);
+  	return (error);
+--- 238,244 ----
+  		buflen = ps - buf;
+  	}
+  
+! 	error = uiomove_frombuf(bp, buflen, uio);
+  	if (buf)
+  		FREE(buf, M_TEMP);
+  	return (error);
+Index: sys/sys/uio.h
+===================================================================
+RCS file: /home/ncvs/src/sys/sys/uio.h,v
+retrieving revision 1.11.2.1
+diff -p -c -r1.11.2.1 uio.h
+*** sys/sys/uio.h	28 Sep 2001 16:58:35 -0000	1.11.2.1
+--- sys/sys/uio.h	3 Oct 2003 12:39:55 -0000
+*************** struct vm_object;
+*** 78,83 ****
+--- 78,84 ----
+  
+  void	uio_yield __P((void));
+  int	uiomove __P((caddr_t, int, struct uio *));
++ int	uiomove_frombuf __P((void *buf, int buflen, struct uio *uio));
+  int	uiomoveco __P((caddr_t, int, struct uio *, struct vm_object *));
+  int	uioread __P((int, struct uio *, struct vm_object *, int *));
+  
diff --git a/share/security/patches/SA-03:17/procfs4x.patch.asc b/share/security/patches/SA-03:17/procfs4x.patch.asc
new file mode 100644
index 0000000000..f76cdcec5b
--- /dev/null
+++ b/share/security/patches/SA-03:17/procfs4x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/fu1DFdaIBMps37IRAvcJAJ9d5FXGmlfWD6LOh1hW6fGvCadbfgCglbMg
+v96RKQ71eYcL4ZMtt6sCYIk=
+=Bkv2
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:17/procfs50.patch b/share/security/patches/SA-03:17/procfs50.patch
new file mode 100644
index 0000000000..bf16ecb1d7
--- /dev/null
+++ b/share/security/patches/SA-03:17/procfs50.patch
@@ -0,0 +1,370 @@
+Index: sys/fs/procfs/procfs_dbregs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/procfs/procfs_dbregs.c,v
+retrieving revision 1.21
+diff -p -c -r1.21 procfs_dbregs.c
+*** sys/fs/procfs/procfs_dbregs.c	29 Jun 2002 17:26:15 -0000	1.21
+--- sys/fs/procfs/procfs_dbregs.c	3 Oct 2003 12:57:04 -0000
+*************** procfs_doprocdbregs(PFS_FILL_ARGS)
+*** 65,94 ****
+  {
+  	int error;
+  	struct dbreg r;
+- 	char *kv;
+- 	int kl;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p) != 0) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	_PHOLD(p);
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		/* XXXKSE: */
+! 		error = proc_read_dbregs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0)
+! 		error = uiomove(kv, kl, uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (!P_SHOULDSTOP(p)) /* XXXKSE should be P_TRACED? */
+  			error = EBUSY;
+--- 65,82 ----
+  {
+  	int error;
+  	struct dbreg r;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p) != 0) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+  
+  	_PHOLD(p);
+! 	/* XXXKSE: */
+! 	error = proc_read_dbregs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0)
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (!P_SHOULDSTOP(p)) /* XXXKSE should be P_TRACED? */
+  			error = EBUSY;
+Index: sys/fs/procfs/procfs_fpregs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/procfs/procfs_fpregs.c,v
+retrieving revision 1.27
+diff -p -c -r1.27 procfs_fpregs.c
+*** sys/fs/procfs/procfs_fpregs.c	29 Jun 2002 17:26:15 -0000	1.27
+--- sys/fs/procfs/procfs_fpregs.c	3 Oct 2003 12:56:42 -0000
+*************** procfs_doprocfpregs(PFS_FILL_ARGS)
+*** 59,88 ****
+  {
+  	int error;
+  	struct fpreg r;
+- 	char *kv;
+- 	int kl;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p)) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	_PHOLD(p);
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		/* XXXKSE: */
+! 		error = proc_read_fpregs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0)
+! 		error = uiomove(kv, kl, uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (!P_SHOULDSTOP(p))
+  			error = EBUSY;
+--- 59,76 ----
+  {
+  	int error;
+  	struct fpreg r;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p)) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+  
+  	_PHOLD(p);
+! 	/* XXXKSE: */
+! 	error = proc_read_fpregs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0)
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (!P_SHOULDSTOP(p))
+  			error = EBUSY;
+Index: sys/fs/procfs/procfs_regs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/procfs/procfs_regs.c,v
+retrieving revision 1.26
+diff -p -c -r1.26 procfs_regs.c
+*** sys/fs/procfs/procfs_regs.c	29 Jun 2002 17:26:15 -0000	1.26
+--- sys/fs/procfs/procfs_regs.c	3 Oct 2003 12:57:56 -0000
+*************** procfs_doprocregs(PFS_FILL_ARGS)
+*** 59,89 ****
+  {
+  	int error;
+  	struct reg r;
+- 	char *kv;
+- 	int kl;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p)) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	_PHOLD(p);
+  	PROC_UNLOCK(p);
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		/* XXXKSE: */
+! 		error = proc_read_regs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0)
+! 		error = uiomove(kv, kl, uio);
+  	PROC_LOCK(p);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (!P_SHOULDSTOP(p))
+--- 59,77 ----
+  {
+  	int error;
+  	struct reg r;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p)) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+  
+  	_PHOLD(p);
+  	PROC_UNLOCK(p);
+! 	/* XXXKSE: */
+! 	error = proc_read_regs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0)
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  	PROC_LOCK(p);
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+  		if (!P_SHOULDSTOP(p))
+Index: sys/fs/pseudofs/pseudofs_vnops.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/pseudofs/pseudofs_vnops.c,v
+retrieving revision 1.32
+diff -p -c -r1.32 pseudofs_vnops.c
+*** sys/fs/pseudofs/pseudofs_vnops.c	26 Oct 2002 14:38:20 -0000	1.32
+--- sys/fs/pseudofs/pseudofs_vnops.c	3 Oct 2003 12:54:41 -0000
+***************
+*** 34,39 ****
+--- 34,40 ----
+  #include <sys/ctype.h>
+  #include <sys/dirent.h>
+  #include <sys/fcntl.h>
++ #include <machine/limits.h>
+  #include <sys/lock.h>
+  #include <sys/mount.h>
+  #include <sys/mutex.h>
+*************** pfs_read(struct vop_read_args *va)
+*** 472,479 ****
+  	struct uio *uio = va->a_uio;
+  	struct proc *proc = NULL;
+  	struct sbuf *sb = NULL;
+! 	char *ps;
+! 	int error, xlen;
+  
+  	PFS_TRACE((pn->pn_name));
+  
+--- 473,480 ----
+  	struct uio *uio = va->a_uio;
+  	struct proc *proc = NULL;
+  	struct sbuf *sb = NULL;
+! 	int error;
+! 	unsigned int buflen, offset, resid;
+  
+  	PFS_TRACE((pn->pn_name));
+  
+*************** pfs_read(struct vop_read_args *va)
+*** 508,514 ****
+  		PFS_RETURN (error);
+  	}
+  
+! 	sb = sbuf_new(sb, NULL, uio->uio_offset + uio->uio_resid, 0);
+  	if (sb == NULL) {
+  		if (proc != NULL)
+  			PRELE(proc);
+--- 509,524 ----
+  		PFS_RETURN (error);
+  	}
+  
+! 	/* Beaucoup sanity checks so we don't ask for bogus allocation. */
+! 	if (uio->uio_offset < 0 || uio->uio_resid < 0 ||
+! 	    (offset = uio->uio_offset) != uio->uio_offset ||
+! 	    (resid = uio->uio_resid) != uio->uio_resid ||
+! 	    (buflen = offset + resid) < offset || buflen > INT_MAX) {
+! 		if (proc != NULL)
+! 			PRELE(proc);
+! 		PFS_RETURN (EINVAL);
+! 	}
+! 	sb = sbuf_new(sb, NULL, buflen, 0);
+  	if (sb == NULL) {
+  		if (proc != NULL)
+  			PRELE(proc);
+*************** pfs_read(struct vop_read_args *va)
+*** 525,536 ****
+  		PFS_RETURN (error);
+  	}
+  
+- 	/* XXX we should possibly detect and handle overflows */
+  	sbuf_finish(sb);
+! 	ps = sbuf_data(sb) + uio->uio_offset;
+! 	xlen = sbuf_len(sb) - uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	error = (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  	sbuf_delete(sb);
+  	PFS_RETURN (error);
+  }
+--- 535,542 ----
+  		PFS_RETURN (error);
+  	}
+  
+  	sbuf_finish(sb);
+! 	error = uiomove_frombuf(sbuf_data(sb), sbuf_len(sb), uio);
+  	sbuf_delete(sb);
+  	PFS_RETURN (error);
+  }
+*************** pfs_readlink(struct vop_readlink_args *v
+*** 676,684 ****
+  	struct pfs_node *pn = pvd->pvd_pn;
+  	struct uio *uio = va->a_uio;
+  	struct proc *proc = NULL;
+! 	char buf[MAXPATHLEN], *ps;
+  	struct sbuf sb;
+! 	int error, xlen;
+  
+  	PFS_TRACE((pn->pn_name));
+  
+--- 682,690 ----
+  	struct pfs_node *pn = pvd->pvd_pn;
+  	struct uio *uio = va->a_uio;
+  	struct proc *proc = NULL;
+! 	char buf[MAXPATHLEN];
+  	struct sbuf sb;
+! 	int error;
+  
+  	PFS_TRACE((pn->pn_name));
+  
+*************** pfs_readlink(struct vop_readlink_args *v
+*** 708,719 ****
+  		PFS_RETURN (error);
+  	}
+  
+- 	/* XXX we should detect and handle overflows */
+  	sbuf_finish(&sb);
+! 	ps = sbuf_data(&sb) + uio->uio_offset;
+! 	xlen = sbuf_len(&sb) - uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	error = (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  	sbuf_delete(&sb);
+  	PFS_RETURN (error);
+  }
+--- 714,721 ----
+  		PFS_RETURN (error);
+  	}
+  
+  	sbuf_finish(&sb);
+! 	error = uiomove_frombuf(sbuf_data(&sb), sbuf_len(&sb), uio);
+  	sbuf_delete(&sb);
+  	PFS_RETURN (error);
+  }
+Index: sys/kern/kern_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_subr.c,v
+retrieving revision 1.63
+diff -p -c -r1.63 kern_subr.c
+*** sys/kern/kern_subr.c	28 Nov 2002 08:44:26 -0000	1.63
+--- sys/kern/kern_subr.c	3 Oct 2003 12:54:41 -0000
+***************
+*** 45,50 ****
+--- 45,51 ----
+  #include <sys/systm.h>
+  #include <sys/kernel.h>
+  #include <sys/ktr.h>
++ #include <sys/limits.h>
+  #include <sys/lock.h>
+  #include <sys/mutex.h>
+  #include <sys/proc.h>
+*************** out:
+*** 208,213 ****
+--- 209,236 ----
+  		mtx_unlock_spin(&sched_lock);
+  	}
+  	return (error);
++ }
++ 
++ /*
++  * Wrapper for uiomove() that validates the arguments against a known-good
++  * kernel buffer.  Currently, uiomove accepts a signed (n) argument, which
++  * is almost definitely a bad thing, so we catch that here as well.  We
++  * return a runtime failure, but it might be desirable to generate a runtime
++  * assertion failure instead.
++  */
++ int
++ uiomove_frombuf(void *buf, int buflen, struct uio *uio)
++ {
++ 	unsigned int offset, n;
++ 
++ 	if (uio->uio_offset < 0 || uio->uio_resid < 0 ||
++ 	    (offset = uio->uio_offset) != uio->uio_offset)
++ 		return (EINVAL);
++ 	if (buflen <= 0 || offset >= buflen)
++ 		return (0);
++ 	if ((n = buflen - offset) > INT_MAX)
++ 		return (EINVAL);
++ 	return (uiomove((char *)buf + offset, n, uio));
+  }
+  
+  #if defined(ENABLE_VFS_IOOPT) || defined(ZERO_COPY_SOCKETS)
+Index: sys/sys/uio.h
+===================================================================
+RCS file: /home/ncvs/src/sys/sys/uio.h,v
+retrieving revision 1.23
+diff -p -c -r1.23 uio.h
+*** sys/sys/uio.h	11 Oct 2002 18:21:50 -0000	1.23
+--- sys/sys/uio.h	3 Oct 2003 12:58:36 -0000
+*************** struct vm_object;
+*** 99,104 ****
+--- 99,105 ----
+  
+  void	uio_yield(void);
+  int	uiomove(caddr_t, int, struct uio *);
++ int	uiomove_frombuf(void *buf, int buflen, struct uio *uio);
+  int	uiomoveco(caddr_t, int, struct uio *, struct vm_object *, int);
+  int	uioread(int, struct uio *, struct vm_object *, int *);
+  int	copyinfrom(const void *src, void *dst, size_t len, int seg);
diff --git a/share/security/patches/SA-03:17/procfs50.patch.asc b/share/security/patches/SA-03:17/procfs50.patch.asc
new file mode 100644
index 0000000000..3249e2c97d
--- /dev/null
+++ b/share/security/patches/SA-03:17/procfs50.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/fu1HFdaIBMps37IRAi25AJ94cQqVdaHwqYH8gkBVSrSNFa5sfgCePkE4
+xRVdA8pPgOwDieL5YyUqgT4=
+=mb5c
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:17/procfs51.patch b/share/security/patches/SA-03:17/procfs51.patch
new file mode 100644
index 0000000000..5807a57426
--- /dev/null
+++ b/share/security/patches/SA-03:17/procfs51.patch
@@ -0,0 +1,374 @@
+Index: sys/fs/procfs/procfs_dbregs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/procfs/procfs_dbregs.c,v
+retrieving revision 1.22
+diff -p -c -r1.22 procfs_dbregs.c
+*** sys/fs/procfs/procfs_dbregs.c	5 May 2003 15:12:51 -0000	1.22
+--- sys/fs/procfs/procfs_dbregs.c	3 Oct 2003 12:52:17 -0000
+*************** procfs_doprocdbregs(PFS_FILL_ARGS)
+*** 65,95 ****
+  {
+  	int error;
+  	struct dbreg r;
+- 	char *kv;
+- 	int kl;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p) != 0) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	_PHOLD(p);
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		/* XXXKSE: */
+! 		error = proc_read_dbregs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0) {
+  		PROC_UNLOCK(p);
+! 		error = uiomove(kv, kl, uio);
+  		PROC_LOCK(p);
+  	}
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+--- 65,83 ----
+  {
+  	int error;
+  	struct dbreg r;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p) != 0) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+  
+  	_PHOLD(p);
+! 	/* XXXKSE: */
+! 	error = proc_read_dbregs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0) {
+  		PROC_UNLOCK(p);
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  		PROC_LOCK(p);
+  	}
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+Index: sys/fs/procfs/procfs_fpregs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/procfs/procfs_fpregs.c,v
+retrieving revision 1.28
+diff -p -c -r1.28 procfs_fpregs.c
+*** sys/fs/procfs/procfs_fpregs.c	5 May 2003 15:12:51 -0000	1.28
+--- sys/fs/procfs/procfs_fpregs.c	3 Oct 2003 12:52:18 -0000
+*************** procfs_doprocfpregs(PFS_FILL_ARGS)
+*** 59,89 ****
+  {
+  	int error;
+  	struct fpreg r;
+- 	char *kv;
+- 	int kl;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p)) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	_PHOLD(p);
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		/* XXXKSE: */
+! 		error = proc_read_fpregs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0) {
+  		PROC_UNLOCK(p);
+! 		error = uiomove(kv, kl, uio);
+  		PROC_LOCK(p);
+  	}
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+--- 59,77 ----
+  {
+  	int error;
+  	struct fpreg r;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p)) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+  
+  	_PHOLD(p);
+! 	/* XXXKSE: */
+! 	error = proc_read_fpregs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0) {
+  		PROC_UNLOCK(p);
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  		PROC_LOCK(p);
+  	}
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+Index: sys/fs/procfs/procfs_regs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/procfs/procfs_regs.c,v
+retrieving revision 1.27
+diff -p -c -r1.27 procfs_regs.c
+*** sys/fs/procfs/procfs_regs.c	5 May 2003 15:12:51 -0000	1.27
+--- sys/fs/procfs/procfs_regs.c	3 Oct 2003 12:52:18 -0000
+*************** procfs_doprocregs(PFS_FILL_ARGS)
+*** 59,89 ****
+  {
+  	int error;
+  	struct reg r;
+- 	char *kv;
+- 	int kl;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p)) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+- 	kl = sizeof(r);
+- 	kv = (char *) &r;
+- 
+- 	kv += uio->uio_offset;
+- 	kl -= uio->uio_offset;
+- 	if (kl > uio->uio_resid)
+- 		kl = uio->uio_resid;
+  
+  	_PHOLD(p);
+! 	if (kl < 0)
+! 		error = EINVAL;
+! 	else
+! 		/* XXXKSE: */
+! 		error = proc_read_regs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0) {
+  		PROC_UNLOCK(p);
+! 		error = uiomove(kv, kl, uio);
+  		PROC_LOCK(p);
+  	}
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+--- 59,77 ----
+  {
+  	int error;
+  	struct reg r;
+  
+  	PROC_LOCK(p);
+  	if (p_candebug(td, p)) {
+  		PROC_UNLOCK(p);
+  		return (EPERM);
+  	}
+  
+  	_PHOLD(p);
+! 	/* XXXKSE: */
+! 	error = proc_read_regs(FIRST_THREAD_IN_PROC(p), &r);
+  	if (error == 0) {
+  		PROC_UNLOCK(p);
+! 		error = uiomove_frombuf(&r, sizeof(r), uio);
+  		PROC_LOCK(p);
+  	}
+  	if (error == 0 && uio->uio_rw == UIO_WRITE) {
+Index: sys/fs/pseudofs/pseudofs_vnops.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/pseudofs/pseudofs_vnops.c,v
+retrieving revision 1.35
+diff -p -c -r1.35 pseudofs_vnops.c
+*** sys/fs/pseudofs/pseudofs_vnops.c	2 Mar 2003 22:23:45 -0000	1.35
+--- sys/fs/pseudofs/pseudofs_vnops.c	3 Oct 2003 12:52:18 -0000
+***************
+*** 34,39 ****
+--- 34,40 ----
+  #include <sys/ctype.h>
+  #include <sys/dirent.h>
+  #include <sys/fcntl.h>
++ #include <sys/limits.h>
+  #include <sys/lock.h>
+  #include <sys/mount.h>
+  #include <sys/mutex.h>
+*************** pfs_read(struct vop_read_args *va)
+*** 472,479 ****
+  	struct uio *uio = va->a_uio;
+  	struct proc *proc = NULL;
+  	struct sbuf *sb = NULL;
+! 	char *ps;
+! 	int error, xlen;
+  
+  	PFS_TRACE((pn->pn_name));
+  
+--- 473,480 ----
+  	struct uio *uio = va->a_uio;
+  	struct proc *proc = NULL;
+  	struct sbuf *sb = NULL;
+! 	int error;
+! 	unsigned int buflen, offset, resid;
+  
+  	PFS_TRACE((pn->pn_name));
+  
+*************** pfs_read(struct vop_read_args *va)
+*** 508,514 ****
+  		PFS_RETURN (error);
+  	}
+  
+! 	sb = sbuf_new(sb, NULL, uio->uio_offset + uio->uio_resid, 0);
+  	if (sb == NULL) {
+  		if (proc != NULL)
+  			PRELE(proc);
+--- 509,524 ----
+  		PFS_RETURN (error);
+  	}
+  
+! 	/* Beaucoup sanity checks so we don't ask for bogus allocation. */
+! 	if (uio->uio_offset < 0 || uio->uio_resid < 0 ||
+! 	    (offset = uio->uio_offset) != uio->uio_offset ||
+! 	    (resid = uio->uio_resid) != uio->uio_resid ||
+! 	    (buflen = offset + resid) < offset || buflen > INT_MAX) {
+! 		if (proc != NULL)
+! 			PRELE(proc);
+! 		PFS_RETURN (EINVAL);
+! 	}
+! 	sb = sbuf_new(sb, NULL, buflen, 0);
+  	if (sb == NULL) {
+  		if (proc != NULL)
+  			PRELE(proc);
+*************** pfs_read(struct vop_read_args *va)
+*** 525,536 ****
+  		PFS_RETURN (error);
+  	}
+  
+- 	/* XXX we should possibly detect and handle overflows */
+  	sbuf_finish(sb);
+! 	ps = sbuf_data(sb) + uio->uio_offset;
+! 	xlen = sbuf_len(sb) - uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	error = (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  	sbuf_delete(sb);
+  	PFS_RETURN (error);
+  }
+--- 535,542 ----
+  		PFS_RETURN (error);
+  	}
+  
+  	sbuf_finish(sb);
+! 	error = uiomove_frombuf(sbuf_data(sb), sbuf_len(sb), uio);
+  	sbuf_delete(sb);
+  	PFS_RETURN (error);
+  }
+*************** pfs_readlink(struct vop_readlink_args *v
+*** 676,684 ****
+  	struct pfs_node *pn = pvd->pvd_pn;
+  	struct uio *uio = va->a_uio;
+  	struct proc *proc = NULL;
+! 	char buf[MAXPATHLEN], *ps;
+  	struct sbuf sb;
+! 	int error, xlen;
+  
+  	PFS_TRACE((pn->pn_name));
+  
+--- 682,690 ----
+  	struct pfs_node *pn = pvd->pvd_pn;
+  	struct uio *uio = va->a_uio;
+  	struct proc *proc = NULL;
+! 	char buf[MAXPATHLEN];
+  	struct sbuf sb;
+! 	int error;
+  
+  	PFS_TRACE((pn->pn_name));
+  
+*************** pfs_readlink(struct vop_readlink_args *v
+*** 708,719 ****
+  		PFS_RETURN (error);
+  	}
+  
+- 	/* XXX we should detect and handle overflows */
+  	sbuf_finish(&sb);
+! 	ps = sbuf_data(&sb) + uio->uio_offset;
+! 	xlen = sbuf_len(&sb) - uio->uio_offset;
+! 	xlen = imin(xlen, uio->uio_resid);
+! 	error = (xlen <= 0 ? 0 : uiomove(ps, xlen, uio));
+  	sbuf_delete(&sb);
+  	PFS_RETURN (error);
+  }
+--- 714,721 ----
+  		PFS_RETURN (error);
+  	}
+  
+  	sbuf_finish(&sb);
+! 	error = uiomove_frombuf(sbuf_data(&sb), sbuf_len(&sb), uio);
+  	sbuf_delete(&sb);
+  	PFS_RETURN (error);
+  }
+Index: sys/kern/kern_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_subr.c,v
+retrieving revision 1.74
+diff -p -c -r1.74 kern_subr.c
+*** sys/kern/kern_subr.c	5 May 2003 21:27:29 -0000	1.74
+--- sys/kern/kern_subr.c	3 Oct 2003 12:52:18 -0000
+***************
+*** 45,50 ****
+--- 45,51 ----
+  #include <sys/systm.h>
+  #include <sys/kernel.h>
+  #include <sys/ktr.h>
++ #include <sys/limits.h>
+  #include <sys/lock.h>
+  #include <sys/mutex.h>
+  #include <sys/proc.h>
+*************** out:
+*** 191,196 ****
+--- 192,219 ----
+  		mtx_unlock_spin(&sched_lock);
+  	}
+  	return (error);
++ }
++ 
++ /*
++  * Wrapper for uiomove() that validates the arguments against a known-good
++  * kernel buffer.  Currently, uiomove accepts a signed (n) argument, which
++  * is almost definitely a bad thing, so we catch that here as well.  We
++  * return a runtime failure, but it might be desirable to generate a runtime
++  * assertion failure instead.
++  */
++ int
++ uiomove_frombuf(void *buf, int buflen, struct uio *uio)
++ {
++ 	unsigned int offset, n;
++ 
++ 	if (uio->uio_offset < 0 || uio->uio_resid < 0 ||
++ 	    (offset = uio->uio_offset) != uio->uio_offset)
++ 		return (EINVAL);
++ 	if (buflen <= 0 || offset >= buflen)
++ 		return (0);
++ 	if ((n = buflen - offset) > INT_MAX)
++ 		return (EINVAL);
++ 	return (uiomove((char *)buf + offset, n, uio));
+  }
+  
+  #ifdef ZERO_COPY_SOCKETS
+Index: sys/sys/uio.h
+===================================================================
+RCS file: /home/ncvs/src/sys/sys/uio.h,v
+retrieving revision 1.27
+diff -p -c -r1.27 uio.h
+*** sys/sys/uio.h	6 Mar 2003 03:41:01 -0000	1.27
+--- sys/sys/uio.h	3 Oct 2003 12:52:18 -0000
+*************** struct vm_object;
+*** 87,92 ****
+--- 87,93 ----
+  
+  void	uio_yield(void);
+  int	uiomove(void *, int, struct uio *);
++ int	uiomove_frombuf(void *buf, int buflen, struct uio *uio);
+  int	uiomoveco(void *, int, struct uio *, struct vm_object *, int);
+  int	copyinfrom(const void *src, void *dst, size_t len, int seg);
+  int	copyinstrfrom(const void *src, void *dst, size_t len,
diff --git a/share/security/patches/SA-03:17/procfs51.patch.asc b/share/security/patches/SA-03:17/procfs51.patch.asc
new file mode 100644
index 0000000000..0b3e38f0c7
--- /dev/null
+++ b/share/security/patches/SA-03:17/procfs51.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/fu1LFdaIBMps37IRAqqKAJ0UH/NBIyQecLSCn3OGjG8SUoJObwCeKyF7
+mFq6nv6EsYKaX0wLz45Eji0=
+=5h9d
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:18/openssl96.patch b/share/security/patches/SA-03:18/openssl96.patch
new file mode 100644
index 0000000000..10c94ddf84
--- /dev/null
+++ b/share/security/patches/SA-03:18/openssl96.patch
@@ -0,0 +1,77 @@
+Index: crypto/openssl/crypto/asn1/asn1_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/asn1_lib.c,v
+retrieving revision 1.1.1.7
+diff -p -c -r1.1.1.7 asn1_lib.c
+*** crypto/openssl/crypto/asn1/asn1_lib.c	10 Aug 2002 01:39:27 -0000	1.1.1.7
+--- crypto/openssl/crypto/asn1/asn1_lib.c	3 Oct 2003 17:52:04 -0000
+*************** int ASN1_get_object(unsigned char **pp, 
+*** 104,113 ****
+--- 104,115 ----
+  			l<<=7L;
+  			l|= *(p++)&0x7f;
+  			if (--max == 0) goto err;
++ 			if (l > (INT_MAX >> 7L)) goto err;
+  			}
+  		l<<=7L;
+  		l|= *(p++)&0x7f;
+  		tag=(int)l;
++ 		if (--max == 0) goto err;
+  		}
+  	else
+  		{ 
+Index: crypto/openssl/crypto/x509/x509_vfy.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_vfy.c,v
+retrieving revision 1.1.1.4.2.1
+diff -p -c -r1.1.1.4.2.1 x509_vfy.c
+*** crypto/openssl/crypto/x509/x509_vfy.c	20 Feb 2003 17:14:19 -0000	1.1.1.4.2.1
+--- crypto/openssl/crypto/x509/x509_vfy.c	3 Oct 2003 17:52:04 -0000
+*************** static int internal_verify(X509_STORE_CT
+*** 490,496 ****
+  				ok=(*cb)(0,ctx);
+  				if (!ok) goto end;
+  				}
+! 			if (X509_verify(xs,pkey) <= 0)
+  				{
+  				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
+  				ctx->current_cert=xs;
+--- 490,496 ----
+  				ok=(*cb)(0,ctx);
+  				if (!ok) goto end;
+  				}
+! 			else if (X509_verify(xs,pkey) <= 0)
+  				{
+  				ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE;
+  				ctx->current_cert=xs;
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_srvr.c,v
+retrieving revision 1.1.1.9.2.2
+diff -p -c -r1.1.1.9.2.2 s3_srvr.c
+*** crypto/openssl/ssl/s3_srvr.c	21 Mar 2003 16:13:06 -0000	1.1.1.9.2.2
+--- crypto/openssl/ssl/s3_srvr.c	3 Oct 2003 17:52:04 -0000
+*************** int ssl3_accept(SSL *s)
+*** 420,429 ****
+  			if (ret == 2)
+  				s->state = SSL3_ST_SR_CLNT_HELLO_C;
+  			else {
+! 				/* could be sent for a DH cert, even if we
+! 				 * have not asked for it :-) */
+! 				ret=ssl3_get_client_certificate(s);
+! 				if (ret <= 0) goto end;
+  				s->init_num=0;
+  				s->state=SSL3_ST_SR_KEY_EXCH_A;
+  			}
+--- 420,430 ----
+  			if (ret == 2)
+  				s->state = SSL3_ST_SR_CLNT_HELLO_C;
+  			else {
+! 				if (s->s3->tmp.cert_request)
+! 					{
+! 					ret=ssl3_get_client_certificate(s);
+! 					if (ret <= 0) goto end;
+! 					}
+  				s->init_num=0;
+  				s->state=SSL3_ST_SR_KEY_EXCH_A;
+  			}
diff --git a/share/security/patches/SA-03:18/openssl96.patch.asc b/share/security/patches/SA-03:18/openssl96.patch.asc
new file mode 100644
index 0000000000..0b357f3c01
--- /dev/null
+++ b/share/security/patches/SA-03:18/openssl96.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD4DBQA/feuSFdaIBMps37IRAty9AJdtBpJIIQHC4km2s4oFgTohgD8XAJ0QG0Ok
+WZYXa6Uirc1ReJYD7dsk5Q==
+=H5XG
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:18/openssl97.patch b/share/security/patches/SA-03:18/openssl97.patch
new file mode 100644
index 0000000000..9e41701fbd
--- /dev/null
+++ b/share/security/patches/SA-03:18/openssl97.patch
@@ -0,0 +1,126 @@
+Index: crypto/openssl/crypto/asn1/asn1_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/asn1_lib.c,v
+retrieving revision 1.1.1.8
+diff -p -c -r1.1.1.8 asn1_lib.c
+*** crypto/openssl/crypto/asn1/asn1_lib.c	28 Jan 2003 21:16:10 -0000	1.1.1.8
+--- crypto/openssl/crypto/asn1/asn1_lib.c	3 Oct 2003 14:48:26 -0000
+*************** int ASN1_get_object(unsigned char **pp, 
+*** 104,113 ****
+--- 104,115 ----
+  			l<<=7L;
+  			l|= *(p++)&0x7f;
+  			if (--max == 0) goto err;
++ 			if (l > (INT_MAX >> 7L)) goto err;
+  			}
+  		l<<=7L;
+  		l|= *(p++)&0x7f;
+  		tag=(int)l;
++ 		if (--max == 0) goto err;
+  		}
+  	else
+  		{ 
+Index: crypto/openssl/crypto/asn1/tasn_dec.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/tasn_dec.c,v
+retrieving revision 1.1.1.1
+diff -p -c -r1.1.1.1 tasn_dec.c
+*** crypto/openssl/crypto/asn1/tasn_dec.c	28 Jan 2003 21:16:51 -0000	1.1.1.1
+--- crypto/openssl/crypto/asn1/tasn_dec.c	3 Oct 2003 14:48:26 -0000
+*************** static int asn1_d2i_ex_primitive(ASN1_VA
+*** 691,696 ****
+--- 691,697 ----
+  
+  int asn1_ex_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it)
+  {
++ 	ASN1_VALUE **opval = NULL;
+  	ASN1_STRING *stmp;
+  	ASN1_TYPE *typ = NULL;
+  	int ret = 0;
+*************** int asn1_ex_c2i(ASN1_VALUE **pval, unsig
+*** 705,710 ****
+--- 706,712 ----
+  			*pval = (ASN1_VALUE *)typ;
+  		} else typ = (ASN1_TYPE *)*pval;
+  		if(utype != typ->type) ASN1_TYPE_set(typ, utype, NULL);
++ 		opval = pval;
+  		pval = (ASN1_VALUE **)&typ->value.ptr;
+  	}
+  	switch(utype) {
+*************** int asn1_ex_c2i(ASN1_VALUE **pval, unsig
+*** 796,802 ****
+  
+  	ret = 1;
+  	err:
+! 	if(!ret) ASN1_TYPE_free(typ);
+  	return ret;
+  }
+  
+--- 798,809 ----
+  
+  	ret = 1;
+  	err:
+! 	if(!ret)
+! 		{
+! 		ASN1_TYPE_free(typ);
+! 		if (opval)
+! 			*opval = NULL;
+! 		}
+  	return ret;
+  }
+  
+Index: crypto/openssl/crypto/x509/x509_vfy.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/x509/x509_vfy.c,v
+retrieving revision 1.1.1.5
+diff -p -c -r1.1.1.5 x509_vfy.c
+*** crypto/openssl/crypto/x509/x509_vfy.c	28 Jan 2003 21:30:32 -0000	1.1.1.5
+--- crypto/openssl/crypto/x509/x509_vfy.c	3 Oct 2003 14:48:26 -0000
+*************** static int internal_verify(X509_STORE_CT
+*** 674,680 ****
+  				ok=(*cb)(0,ctx);
+  				if (!ok) goto end;
+  				}
+! 			if (X509_verify(xs,pkey) <= 0)
+  				/* XXX  For the final trusted self-signed cert,
+  				 * this is a waste of time.  That check should
+  				 * optional so that e.g. 'openssl x509' can be
+--- 674,680 ----
+  				ok=(*cb)(0,ctx);
+  				if (!ok) goto end;
+  				}
+! 			else if (X509_verify(xs,pkey) <= 0)
+  				/* XXX  For the final trusted self-signed cert,
+  				 * this is a waste of time.  That check should
+  				 * optional so that e.g. 'openssl x509' can be
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_srvr.c,v
+retrieving revision 1.1.1.11
+diff -p -c -r1.1.1.11 s3_srvr.c
+*** crypto/openssl/ssl/s3_srvr.c	20 Mar 2003 20:41:45 -0000	1.1.1.11
+--- crypto/openssl/ssl/s3_srvr.c	3 Oct 2003 14:48:26 -0000
+*************** int ssl3_accept(SSL *s)
+*** 431,440 ****
+  			if (ret == 2)
+  				s->state = SSL3_ST_SR_CLNT_HELLO_C;
+  			else {
+! 				/* could be sent for a DH cert, even if we
+! 				 * have not asked for it :-) */
+! 				ret=ssl3_get_client_certificate(s);
+! 				if (ret <= 0) goto end;
+  				s->init_num=0;
+  				s->state=SSL3_ST_SR_KEY_EXCH_A;
+  			}
+--- 431,441 ----
+  			if (ret == 2)
+  				s->state = SSL3_ST_SR_CLNT_HELLO_C;
+  			else {
+! 				if (s->s3->tmp.cert_request)
+! 					{
+! 					ret=ssl3_get_client_certificate(s);
+! 					if (ret <= 0) goto end;
+! 					}
+  				s->init_num=0;
+  				s->state=SSL3_ST_SR_KEY_EXCH_A;
+  			}
diff --git a/share/security/patches/SA-03:18/openssl97.patch.asc b/share/security/patches/SA-03:18/openssl97.patch.asc
new file mode 100644
index 0000000000..2416afac66
--- /dev/null
+++ b/share/security/patches/SA-03:18/openssl97.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/feuYFdaIBMps37IRAn2OAKCGHMEjV9yapuOX3jHPtsIkAq2MeQCfelnB
+5E2QEHVEMRj4HqRt8TjoviY=
+=Tequ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:19/bind-833.patch b/share/security/patches/SA-03:19/bind-833.patch
new file mode 100644
index 0000000000..7560180ed1
--- /dev/null
+++ b/share/security/patches/SA-03:19/bind-833.patch
@@ -0,0 +1,106 @@
+Index: contrib/bind/Version
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/Version,v
+retrieving revision 1.1.1.3.2.7
+diff -c -r1.1.1.3.2.7 Version
+*** contrib/bind/Version	7 Jul 2002 08:19:01 -0000	1.1.1.3.2.7
+--- contrib/bind/Version	26 Nov 2003 17:45:18 -0000
+***************
+*** 1 ****
+! 8.3.3-REL
+--- 1 ----
+! 8.3.3-REL-p1
+Index: contrib/bind/bin/named/ns_resp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/bin/named/ns_resp.c,v
+retrieving revision 1.1.1.2.2.7.2.1
+diff -c -r1.1.1.2.2.7.2.1 ns_resp.c
+*** contrib/bind/bin/named/ns_resp.c	14 Nov 2002 02:05:56 -0000	1.1.1.2.2.7.2.1
+--- contrib/bind/bin/named/ns_resp.c	26 Nov 2003 17:44:51 -0000
+***************
+*** 272,278 ****
+  	u_int qtype, qclass;
+  	int restart;	/* flag for processing cname response */
+  	int validanswer, dbflags;
+! 	int cname, lastwascname, externalcname;
+  	int count, founddata, foundname;
+  	int buflen;
+  	int newmsglen;
+--- 272,278 ----
+  	u_int qtype, qclass;
+  	int restart;	/* flag for processing cname response */
+  	int validanswer, dbflags;
+! 	int cname, lastwascname, externalcname, cachenegative;
+  	int count, founddata, foundname;
+  	int buflen;
+  	int newmsglen;
+***************
+*** 912,917 ****
+--- 912,918 ----
+  	cname = 0;
+  	lastwascname = 0;
+  	externalcname = 0;
++ 	cachenegative = 1;
+  	strcpy(aname, qname);
+  
+  	if (count) {
+***************
+*** 981,986 ****
+--- 982,988 ----
+  						 name);
+  				db_detach(&dp);
+  				validanswer = 0;
++ 				cachenegative = 0;
+  				continue;
+  			}
+  			if (type == T_CNAME &&
+***************
+*** 1011,1016 ****
+--- 1013,1019 ----
+  				 "last was cname, ignoring auth. and add.");
+  				db_detach(&dp);
+  				validanswer = 0;
++ 				cachenegative = 0;
+  				break;
+  			}
+  			if (i < arfirst) {
+***************
+*** 1026,1031 ****
+--- 1029,1035 ----
+  							sin_ntoa(from));
+  						db_detach(&dp);
+  						validanswer = 0;
++ 						cachenegative = 0;
+  						continue;
+  					} else if (!ns_samedomain(name,
+  							       qp->q_domain)) {
+***************
+*** 1039,1044 ****
+--- 1043,1049 ----
+  							 sin_ntoa(from));
+  						db_detach(&dp);
+  						validanswer = 0;
++ 						cachenegative = 0;
+  						continue;
+  					}
+  					if (type == T_NS) {
+***************
+*** 1231,1238 ****
+  	     )
+  	    )
+  	{
+! 		cache_n_resp(msg, msglen, from, qp->q_name,
+! 			     qp->q_class, qp->q_type);
+  
+  		if (!qp->q_cmsglen && validanswer) {
+  			ns_debug(ns_log_default, 3,
+--- 1236,1244 ----
+  	     )
+  	    )
+  	{
+! 		if (cachenegative)
+! 			cache_n_resp(msg, msglen, from, qp->q_name,
+! 				     qp->q_class, qp->q_type);
+  
+  		if (!qp->q_cmsglen && validanswer) {
+  			ns_debug(ns_log_default, 3,
diff --git a/share/security/patches/SA-03:19/bind-833.patch.asc b/share/security/patches/SA-03:19/bind-833.patch.asc
new file mode 100644
index 0000000000..b93f652008
--- /dev/null
+++ b/share/security/patches/SA-03:19/bind-833.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/xUzcFdaIBMps37IRAtKwAJ9gt5cYMq3W+tixRiLYfItxjIoHRwCfV3EH
+JNy8e0V+p4hkRntxBvb/qGk=
+=gugK
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:19/bind-834.patch b/share/security/patches/SA-03:19/bind-834.patch
new file mode 100644
index 0000000000..3166b80beb
--- /dev/null
+++ b/share/security/patches/SA-03:19/bind-834.patch
@@ -0,0 +1,106 @@
+Index: contrib/bind/Version
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/Version,v
+retrieving revision 1.1.1.11
+diff -c -r1.1.1.11 Version
+*** contrib/bind/Version	28 Jan 2003 13:07:25 -0000	1.1.1.11
+--- contrib/bind/Version	26 Nov 2003 16:51:22 -0000
+***************
+*** 1 ****
+! 8.3.4-REL
+--- 1 ----
+! 8.3.4-REL-p1
+Index: contrib/bind/bin/named/ns_resp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind/bin/named/ns_resp.c,v
+retrieving revision 1.1.1.11
+diff -c -r1.1.1.11 ns_resp.c
+*** contrib/bind/bin/named/ns_resp.c	28 Jan 2003 13:08:01 -0000	1.1.1.11
+--- contrib/bind/bin/named/ns_resp.c	26 Nov 2003 16:51:10 -0000
+***************
+*** 272,278 ****
+  	u_int qtype, qclass;
+  	int restart;	/* flag for processing cname response */
+  	int validanswer, dbflags;
+! 	int cname, lastwascname, externalcname;
+  	int count, founddata, foundname;
+  	int buflen;
+  	int newmsglen;
+--- 272,278 ----
+  	u_int qtype, qclass;
+  	int restart;	/* flag for processing cname response */
+  	int validanswer, dbflags;
+! 	int cname, lastwascname, externalcname, cachenegative;
+  	int count, founddata, foundname;
+  	int buflen;
+  	int newmsglen;
+***************
+*** 912,917 ****
+--- 912,918 ----
+  	cname = 0;
+  	lastwascname = 0;
+  	externalcname = 0;
++ 	cachenegative = 1;
+  	strcpy(aname, qname);
+  
+  	if (count) {
+***************
+*** 981,986 ****
+--- 982,988 ----
+  						 name);
+  				db_detach(&dp);
+  				validanswer = 0;
++ 				cachenegative = 0;
+  				continue;
+  			}
+  			if (type == T_CNAME &&
+***************
+*** 1011,1016 ****
+--- 1013,1019 ----
+  				 "last was cname, ignoring auth. and add.");
+  				db_detach(&dp);
+  				validanswer = 0;
++ 				cachenegative = 0;
+  				break;
+  			}
+  			if (i < arfirst) {
+***************
+*** 1026,1031 ****
+--- 1029,1035 ----
+  							sin_ntoa(from));
+  						db_detach(&dp);
+  						validanswer = 0;
++ 						cachenegative = 0;
+  						continue;
+  					} else if (!ns_samedomain(name,
+  							       qp->q_domain)) {
+***************
+*** 1039,1044 ****
+--- 1043,1049 ----
+  							 sin_ntoa(from));
+  						db_detach(&dp);
+  						validanswer = 0;
++ 						cachenegative = 0;
+  						continue;
+  					}
+  					if (type == T_NS) {
+***************
+*** 1231,1238 ****
+  	     )
+  	    )
+  	{
+! 		cache_n_resp(msg, msglen, from, qp->q_name,
+! 			     qp->q_class, qp->q_type);
+  
+  		if (!qp->q_cmsglen && validanswer) {
+  			ns_debug(ns_log_default, 3,
+--- 1236,1244 ----
+  	     )
+  	    )
+  	{
+! 		if (cachenegative)
+! 			cache_n_resp(msg, msglen, from, qp->q_name,
+! 				     qp->q_class, qp->q_type);
+  
+  		if (!qp->q_cmsglen && validanswer) {
+  			ns_debug(ns_log_default, 3,
diff --git a/share/security/patches/SA-03:19/bind-834.patch.asc b/share/security/patches/SA-03:19/bind-834.patch.asc
new file mode 100644
index 0000000000..327d02aaa4
--- /dev/null
+++ b/share/security/patches/SA-03:19/bind-834.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/xUzeFdaIBMps37IRAmCuAJ9YEjswoKs2p/DVdBiy3NrD2P1yRQCfandX
+o3dxxmrUSKBHWyu6ZTRyOWA=
+=zRWy
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-03:19/bind-836.patch b/share/security/patches/SA-03:19/bind-836.patch
new file mode 100644
index 0000000000..5aa718abbe
--- /dev/null
+++ b/share/security/patches/SA-03:19/bind-836.patch
@@ -0,0 +1,106 @@
+Index: contrib/bind/Version
+===================================================================
+RCS file: /tmp/ncvs/src/contrib/bind/Version,v
+retrieving revision 1.1.1.12
+diff -c -r1.1.1.12 Version
+*** contrib/bind/Version	17 Jun 2003 08:23:21 -0000	1.1.1.12
+--- contrib/bind/Version	26 Nov 2003 16:44:32 -0000
+***************
+*** 1 ****
+! 8.3.6-REL
+--- 1 ----
+! 8.3.6-REL-p1
+Index: contrib/bind/bin/named/ns_resp.c
+===================================================================
+RCS file: /tmp/ncvs/src/contrib/bind/bin/named/ns_resp.c,v
+retrieving revision 1.1.1.12
+diff -c -r1.1.1.12 ns_resp.c
+*** contrib/bind/bin/named/ns_resp.c	17 Jun 2003 08:23:57 -0000	1.1.1.12
+--- contrib/bind/bin/named/ns_resp.c	26 Nov 2003 16:49:41 -0000
+***************
+*** 271,277 ****
+  	int soacount;
+  	u_int qtype, qclass;
+  	int validanswer, dbflags;
+! 	int cname, lastwascname, externalcname;
+  	int count, founddata, foundname;
+  	int buflen;
+  	int newmsglen;
+--- 271,277 ----
+  	int soacount;
+  	u_int qtype, qclass;
+  	int validanswer, dbflags;
+! 	int cname, lastwascname, externalcname, cachenegative;
+  	int count, founddata, foundname;
+  	int buflen;
+  	int newmsglen;
+***************
+*** 911,916 ****
+--- 911,917 ----
+  	cname = 0;
+  	lastwascname = 0;
+  	externalcname = 0;
++ 	cachenegative = 1;
+  	strcpy(aname, qname);
+  
+  	if (count) {
+***************
+*** 980,985 ****
+--- 981,987 ----
+  						 name);
+  				db_detach(&dp);
+  				validanswer = 0;
++ 				cachenegative = 0;
+  				continue;
+  			}
+  			if (type == T_CNAME &&
+***************
+*** 1014,1019 ****
+--- 1016,1022 ----
+  				 "last was cname, ignoring auth. and add.");
+  				db_detach(&dp);
+  				validanswer = 0;
++ 				cachenegative = 0;
+  				break;
+  			}
+  			if (i < arfirst) {
+***************
+*** 1029,1034 ****
+--- 1032,1038 ----
+  							sin_ntoa(from));
+  						db_detach(&dp);
+  						validanswer = 0;
++ 						cachenegative = 0;
+  						continue;
+  					} else if (!ns_samedomain(name,
+  							       qp->q_domain)) {
+***************
+*** 1042,1047 ****
+--- 1046,1052 ----
+  							 sin_ntoa(from));
+  						db_detach(&dp);
+  						validanswer = 0;
++ 						cachenegative = 0;
+  						continue;
+  					}
+  					if (type == T_NS) {
+***************
+*** 1205,1212 ****
+  	     )
+  	    )
+  	{
+! 		cache_n_resp(msg, msglen, from, qp->q_name,
+! 			     qp->q_class, qp->q_type);
+  
+  		if (!qp->q_cmsglen && validanswer) {
+  			ns_debug(ns_log_default, 3,
+--- 1210,1218 ----
+  	     )
+  	    )
+  	{
+! 		if (cachenegative)
+! 			cache_n_resp(msg, msglen, from, qp->q_name,
+! 				     qp->q_class, qp->q_type);
+  
+  		if (!qp->q_cmsglen && validanswer) {
+  			ns_debug(ns_log_default, 3,
diff --git a/share/security/patches/SA-03:19/bind-836.patch.asc b/share/security/patches/SA-03:19/bind-836.patch.asc
new file mode 100644
index 0000000000..7832ba7372
--- /dev/null
+++ b/share/security/patches/SA-03:19/bind-836.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.3 (FreeBSD)
+
+iD8DBQA/xUzhFdaIBMps37IRAlVTAJ909EvC1bWGh7cPnTwXVhUc+czLkwCfRAyj
+VpDKDxC3IDHB+Hiuu7Buxak=
+=AVet
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:01/mksnap_ffs_5_1.patch b/share/security/patches/SA-04:01/mksnap_ffs_5_1.patch
new file mode 100644
index 0000000000..cbd41b861f
--- /dev/null
+++ b/share/security/patches/SA-04:01/mksnap_ffs_5_1.patch
@@ -0,0 +1,104 @@
+Index: sbin/mksnap_ffs/mksnap_ffs.c
+===================================================================
+RCS file: /home/ncvs/src/sbin/mksnap_ffs/mksnap_ffs.c,v
+retrieving revision 1.2
+retrieving revision 1.2.2.1
+diff -u -r1.2 -r1.2.2.1
+--- sbin/mksnap_ffs/mksnap_ffs.c	2 Mar 2003 08:07:57 -0000	1.2
++++ sbin/mksnap_ffs/mksnap_ffs.c	27 Jan 2004 19:33:16 -0000	1.2.2.1
+@@ -32,7 +32,7 @@
+  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  * SUCH DAMAGE.
+  *
+- * $FreeBSD: src/sbin/mksnap_ffs/mksnap_ffs.c,v 1.2 2003/03/02 08:07:57 mckusick Exp $
++ * $FreeBSD: src/sbin/mksnap_ffs/mksnap_ffs.c,v 1.2.2.1 2004/01/27 19:33:16 des Exp $
+  */
+ 
+ #include <sys/param.h>
+@@ -43,24 +43,20 @@
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <grp.h>
++#include <limits.h>
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+ #include <sysexits.h>
+ #include <unistd.h>
+ 
+-void
+-usage()
+-{
+-
+-	fprintf(stderr, "usage: mksnap_ffs mountpoint file\n");
+-	exit(EX_USAGE);
+-}
++void usage(void);
+ 
+ int
+ main(int argc, char **argv)
+ {
+-	const char *dir;
++	char *dir, *cp, path[PATH_MAX];
++	struct statfs stfsbuf;
+ 	struct ufs_args args;
+ 	struct group *grp;
+ 	struct stat stbuf;
+@@ -72,9 +68,43 @@
+ 	dir = argv[1];
+ 	args.fspec = argv[2];
+ 
++	/*
++	 * Check that the user running this program has permission
++	 * to create and remove a snapshot file from the directory
++	 * in which they have requested to have it made. If the 
++	 * directory is sticky and not owned by the user, then they
++	 * will not be able to remove the snapshot when they are
++	 * done with it.
++	 */
++	if (strlen(args.fspec) >= PATH_MAX)
++		errx(1, "pathname too long %s", args.fspec);
++	cp = strrchr(args.fspec, '/');
++	if (cp == NULL) {
++		strlcpy(path, ".", PATH_MAX);
++	} else if (cp == args.fspec) {
++		strlcpy(path, "/", PATH_MAX);
++	} else {
++		strlcpy(path, args.fspec, cp - args.fspec + 1);
++	}
++	if(statfs(path, &stfsbuf) < 0)
++		err(1, "%s", path);
++	if (stat(path, &stbuf) < 0)
++		err(1, "%s", path);
++	if (!S_ISDIR(stbuf.st_mode))
++		errx(1, "%s: Not a directory", path);
++	if (access(path, W_OK) < 0)
++		err(1, "Lack write permission in %s", path);
++	if ((stbuf.st_mode & S_ISTXT) && stbuf.st_uid != getuid())
++		errx(1, "Lack write permission in %s: Sticky bit set", path);
++
++	/*
++	 * Having verified access to the directory in which the
++	 * snapshot is to be built, proceed with creating it.
++	 */
+ 	if ((grp = getgrnam("operator")) == NULL)
+ 		errx(1, "Cannot retrieve operator gid");
+-	if (mount("ffs", dir, MNT_UPDATE | MNT_SNAPSHOT, &args) < 0)
++	if (mount("ffs", dir, MNT_UPDATE | MNT_SNAPSHOT | stfsbuf.f_flags,
++	    &args) < 0)
+ 		err(1, "Cannot create %s", args.fspec);
+ 	if ((fd = open(args.fspec, O_RDONLY)) < 0)
+ 		err(1, "Cannot open %s", args.fspec);
+@@ -88,4 +118,12 @@
+ 		err(1, "Cannot chmod %s", args.fspec);
+ 
+ 	exit(EXIT_SUCCESS);
++}
++
++void
++usage()
++{
++
++	fprintf(stderr, "usage: mksnap_ffs mountpoint snapshot_name\n");
++	exit(EX_USAGE);
+ }
diff --git a/share/security/patches/SA-04:01/mksnap_ffs_5_1.patch.asc b/share/security/patches/SA-04:01/mksnap_ffs_5_1.patch.asc
new file mode 100644
index 0000000000..af537972c2
--- /dev/null
+++ b/share/security/patches/SA-04:01/mksnap_ffs_5_1.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAGZCPFdaIBMps37IRAi2lAJsHHd7SOvaN7wzr+UeyIfkjQx+wTQCfYKDO
+/SjbP5Vn6qNIME51sKJpE6I=
+=xM1s
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:01/mksnap_ffs_5_2.patch b/share/security/patches/SA-04:01/mksnap_ffs_5_2.patch
new file mode 100644
index 0000000000..864a3f5c3a
--- /dev/null
+++ b/share/security/patches/SA-04:01/mksnap_ffs_5_2.patch
@@ -0,0 +1,44 @@
+Index: sbin/mksnap_ffs/mksnap_ffs.c
+===================================================================
+RCS file: /home/ncvs/src/sbin/mksnap_ffs/mksnap_ffs.c,v
+retrieving revision 1.5
+retrieving revision 1.5.2.1
+diff -u -r1.5 -r1.5.2.1
+--- sbin/mksnap_ffs/mksnap_ffs.c	4 Nov 2003 07:04:01 -0000	1.5
++++ sbin/mksnap_ffs/mksnap_ffs.c	27 Jan 2004 19:33:06 -0000	1.5.2.1
+@@ -32,7 +32,7 @@
+  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+  * SUCH DAMAGE.
+  *
+- * $FreeBSD: src/sbin/mksnap_ffs/mksnap_ffs.c,v 1.5 2003/11/04 07:04:01 mckusick Exp $
++ * $FreeBSD: src/sbin/mksnap_ffs/mksnap_ffs.c,v 1.5.2.1 2004/01/27 19:33:06 des Exp $
+  */
+ 
+ #include <sys/param.h>
+@@ -56,6 +56,7 @@
+ main(int argc, char **argv)
+ {
+ 	char *dir, *cp, path[PATH_MAX];
++	struct statfs stfsbuf;
+ 	struct ufs_args args;
+ 	struct group *grp;
+ 	struct stat stbuf;
+@@ -85,6 +86,8 @@
+ 	} else {
+ 		strlcpy(path, args.fspec, cp - args.fspec + 1);
+ 	}
++	if (statfs(path, &stfsbuf) < 0)
++		err(1, "%s", path);
+ 	if (stat(path, &stbuf) < 0)
+ 		err(1, "%s", path);
+ 	if (!S_ISDIR(stbuf.st_mode))
+@@ -100,7 +103,8 @@
+ 	 */
+ 	if ((grp = getgrnam("operator")) == NULL)
+ 		errx(1, "Cannot retrieve operator gid");
+-	if (mount("ffs", dir, MNT_UPDATE | MNT_SNAPSHOT, &args) < 0)
++	if (mount("ffs", dir, MNT_UPDATE | MNT_SNAPSHOT | stfsbuf.f_flags,
++	    &args) < 0)
+ 		err(1, "Cannot create %s", args.fspec);
+ 	if ((fd = open(args.fspec, O_RDONLY)) < 0)
+ 		err(1, "Cannot open %s", args.fspec);
diff --git a/share/security/patches/SA-04:01/mksnap_ffs_5_2.patch.asc b/share/security/patches/SA-04:01/mksnap_ffs_5_2.patch.asc
new file mode 100644
index 0000000000..99b8aab5b0
--- /dev/null
+++ b/share/security/patches/SA-04:01/mksnap_ffs_5_2.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAGZCUFdaIBMps37IRAjc+AJ9UzgGnBW/z5qryLXyCPWeHRoPPdwCfT6Ri
+nMJGmzr/bzxKQOCLyre9DTI=
+=Xpm8
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:02/shmat.patch b/share/security/patches/SA-04:02/shmat.patch
new file mode 100644
index 0000000000..23ee6e692a
--- /dev/null
+++ b/share/security/patches/SA-04:02/shmat.patch
@@ -0,0 +1,14 @@
+Index: sys/kern/sysv_shm.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/sysv_shm.c,v
+retrieving revision 1.89
+diff -C3 -c -r1.89 sysv_shm.c
+*** sys/kern/sysv_shm.c	7 Nov 2003 04:47:14 -0000	1.89
+--- sys/kern/sysv_shm.c	3 Feb 2004 15:12:26 -0000
+***************
+*** 378,380 ****
+--- 378,381 ----
+  	rv = vm_map_find(&p->p_vmspace->vm_map, shm_handle->shm_object,
+  		0, &attach_va, size, (flags & MAP_FIXED)?0:1, prot, prot, 0);
+  	if (rv != KERN_SUCCESS) {
++ 		vm_object_deallocate(shm_handle->shm_object);
diff --git a/share/security/patches/SA-04:02/shmat.patch.asc b/share/security/patches/SA-04:02/shmat.patch.asc
new file mode 100644
index 0000000000..c570ddc09a
--- /dev/null
+++ b/share/security/patches/SA-04:02/shmat.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAIoHjFdaIBMps37IRAhMUAJ9h4tZSJunMgFLv+XwGod13xu8UVACeNYWY
+QeIYs8c8z+X1T34Q8cr8h8E=
+=9BMF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:03/jail.patch b/share/security/patches/SA-04:03/jail.patch
new file mode 100644
index 0000000000..512077041a
--- /dev/null
+++ b/share/security/patches/SA-04:03/jail.patch
@@ -0,0 +1,72 @@
+Index: src/sys/kern/kern_jail.c
+diff -c src/sys/kern/kern_jail.c:1.34 src/sys/kern/kern_jail.c:1.34.2.1
+*** sys/kern/kern_jail.c:1.34	Tue Jun 10 19:56:55 2003
+--- sys/kern/kern_jail.c	Thu Feb 19 17:26:39 2004
+***************
+*** 179,186 ****
+  	struct prison *pr;
+  	int error;
+  	
+! 	p = td->td_proc;
+  
+  	mtx_lock(&allprison_mtx);
+  	pr = prison_find(uap->jid);
+  	if (pr == NULL) {
+--- 179,197 ----
+  	struct prison *pr;
+  	int error;
+  	
+! 	/*
+! 	 * XXX: Note that there is a slight race here if two threads
+! 	 * in the same privileged process attempt to attach to two
+! 	 * different jails at the same time.  It is important for
+! 	 * user processes not to do this, or they might end up with
+! 	 * a process root from one prison, but attached to the jail
+! 	 * of another.
+! 	 */
+! 	error = suser(td);
+! 	if (error)
+! 		return (error);
+  
++ 	p = td->td_proc;
+  	mtx_lock(&allprison_mtx);
+  	pr = prison_find(uap->jid);
+  	if (pr == NULL) {
+***************
+*** 191,199 ****
+  	mtx_unlock(&pr->pr_mtx);
+  	mtx_unlock(&allprison_mtx);
+  
+- 	error = suser_cred(td->td_ucred, PRISON_ROOT);
+- 	if (error)
+- 		goto e_dropref;
+  	mtx_lock(&Giant);
+  	vn_lock(pr->pr_root, LK_EXCLUSIVE | LK_RETRY, td);
+  	if ((error = change_dir(pr->pr_root, td)) != 0)
+--- 202,207 ----
+***************
+*** 208,220 ****
+  
+  	newcred = crget();
+  	PROC_LOCK(p);
+- 	/* Implicitly fail if already in jail.  */
+- 	error = suser_cred(p->p_ucred, 0);
+- 	if (error) {
+- 		PROC_UNLOCK(p);
+- 		crfree(newcred);
+- 		goto e_dropref;
+- 	}
+  	oldcred = p->p_ucred;
+  	setsugid(p);
+  	crcopy(newcred, oldcred);
+--- 216,221 ----
+***************
+*** 226,232 ****
+  e_unlock:
+  	VOP_UNLOCK(pr->pr_root, 0, td);
+  	mtx_unlock(&Giant);
+- e_dropref:
+  	mtx_lock(&pr->pr_mtx);
+  	pr->pr_ref--;
+  	mtx_unlock(&pr->pr_mtx);
+--- 227,232 ----
diff --git a/share/security/patches/SA-04:03/jail.patch.asc b/share/security/patches/SA-04:03/jail.patch.asc
new file mode 100644
index 0000000000..cb4415685c
--- /dev/null
+++ b/share/security/patches/SA-04:03/jail.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAPQAQFdaIBMps37IRAqVlAJ9pDuo1Ttuty0lBXFzYyR9e+PPulQCgnFa8
+Fn7zMVulcnKX3tbg2A6REaE=
+=Rs5v
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:04/tcp47.patch b/share/security/patches/SA-04:04/tcp47.patch
new file mode 100644
index 0000000000..bf833907ef
--- /dev/null
+++ b/share/security/patches/SA-04:04/tcp47.patch
@@ -0,0 +1,137 @@
+Index: tcp_input.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v
+retrieving revision 1.107.2.39
+diff -u -p -r1.107.2.39 tcp_input.c
+--- sys/netinet/tcp_input.c	14 Feb 2004 22:23:22 -0000	1.107.2.39
++++ sys/netinet/tcp_input.c	1 Mar 2004 16:38:05 -0000
+@@ -126,6 +126,24 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, drop
+     &drop_synfin, 0, "Drop TCP packets with SYN+FIN set");
+ #endif
+ 
++SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0,
++    "TCP Segment Reassembly Queue");
++
++int tcp_reass_maxseg = 0;
++SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, maxsegments, CTLFLAG_RD,
++    &tcp_reass_maxseg, 0,
++    "Global maximum number of TCP Segments in Reassembly Queue");
++
++int tcp_reass_qsize = 0;
++SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, cursegments, CTLFLAG_RD,
++    &tcp_reass_qsize, 0,
++    "Global number of TCP Segments currently in Reassembly Queue");
++
++static int tcp_reass_overflows = 0;
++SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, overflows, CTLFLAG_RD,
++    &tcp_reass_overflows, 0,
++    "Global number of TCP Segment Reassembly Queue Overflows");
++
+ struct inpcbhead tcb;
+ #define	tcb6	tcb  /* for KAME src sync over BSD*'s */
+ struct inpcbinfo tcbinfo;
+@@ -183,6 +201,21 @@ tcp_reass(tp, th, tlenp, m)
+ 	if (th == 0)
+ 		goto present;
+ 
++	/*
++	 * Limit the number of segments in the reassembly queue to prevent
++	 * holding on to too many segments (and thus running out of mbufs).
++	 * Make sure to let the missing segment through which caused this
++	 * queue.  Always keep one global queue entry spare to be able to
++	 * process the missing segment.
++	 */
++	if (th->th_seq != tp->rcv_nxt &&
++	    tcp_reass_qsize + 1 >= tcp_reass_maxseg) {
++		tcp_reass_overflows++;
++		tcpstat.tcps_rcvmemdrop++;
++		m_freem(m);
++		return (0);
++	}
++
+ 	/* Allocate a new queue entry. If we can't, just drop the pkt. XXX */
+ 	MALLOC(te, struct tseg_qent *, sizeof(struct tseg_qent), M_TSEGQ,
+ 	       M_NOWAIT);
+@@ -191,6 +224,7 @@ tcp_reass(tp, th, tlenp, m)
+ 		m_freem(m);
+ 		return (0);
+ 	}
++	tcp_reass_qsize++;
+ 
+ 	/*
+ 	 * Find a segment which begins after this one does.
+@@ -216,6 +250,7 @@ tcp_reass(tp, th, tlenp, m)
+ 				tcpstat.tcps_rcvdupbyte += *tlenp;
+ 				m_freem(m);
+ 				free(te, M_TSEGQ);
++				tcp_reass_qsize--;
+ 				/*
+ 				 * Try to present any queued data
+ 				 * at the left window edge to the user.
+@@ -251,6 +286,7 @@ tcp_reass(tp, th, tlenp, m)
+ 		LIST_REMOVE(q, tqe_q);
+ 		m_freem(q->tqe_m);
+ 		free(q, M_TSEGQ);
++		tcp_reass_qsize--;
+ 		q = nq;
+ 	}
+ 
+@@ -285,6 +321,7 @@ present:
+ 		else
+ 			sbappend(&so->so_rcv, q->tqe_m);
+ 		free(q, M_TSEGQ);
++		tcp_reass_qsize--;
+ 		q = nq;
+ 	} while (q && q->tqe_th->th_seq == tp->rcv_nxt);
+ 	ND6_HINT(tp);
+Index: tcp_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v
+retrieving revision 1.73.2.32
+diff -u -p -r1.73.2.32 tcp_subr.c
+--- sys/netinet/tcp_subr.c	14 Feb 2004 22:23:23 -0000	1.73.2.32
++++ sys/netinet/tcp_subr.c	1 Mar 2004 16:38:05 -0000
+@@ -248,6 +248,11 @@ tcp_init()
+ 					&tcbinfo.porthashmask);
+ 	tcbinfo.ipi_zone = zinit("tcpcb", sizeof(struct inp_tp), maxsockets,
+ 				 ZONE_INTERRUPT, 0);
++
++	tcp_reass_maxseg = nmbclusters / 16;
++	TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments",
++	    &tcp_reass_maxseg);
++
+ #ifdef INET6
+ #define TCP_MINPROTOHDR (sizeof(struct ip6_hdr) + sizeof(struct tcphdr))
+ #else /* INET6 */
+@@ -752,6 +757,7 @@ tcp_close(tp)
+ 		LIST_REMOVE(q, tqe_q);
+ 		m_freem(q->tqe_m);
+ 		FREE(q, M_TSEGQ);
++		tcp_reass_qsize--;
+ 	}
+ 	inp->inp_ppcb = NULL;
+ 	soisdisconnected(so);
+@@ -789,6 +795,7 @@ tcp_drain()
+ 					LIST_REMOVE(te, tqe_q);
+ 					m_freem(te->tqe_m);
+ 					FREE(te, M_TSEGQ);
++					tcp_reass_qsize--;
+ 				}
+ 			}
+ 		}
+Index: tcp_var.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_var.h,v
+retrieving revision 1.56.2.14
+diff -u -p -r1.56.2.14 tcp_var.h
+--- sys/netinet/tcp_var.h	14 Feb 2004 22:23:23 -0000	1.56.2.14
++++ sys/netinet/tcp_var.h	1 Mar 2004 16:38:05 -0000
+@@ -53,6 +53,8 @@ struct tseg_qent {
+ 	struct	mbuf	*tqe_m;		/* mbuf contains packet */
+ };
+ LIST_HEAD(tsegqe_head, tseg_qent);
++extern int	tcp_reass_maxseg;
++extern int	tcp_reass_qsize;
+ #ifdef MALLOC_DECLARE
+ MALLOC_DECLARE(M_TSEGQ);
+ #endif
diff --git a/share/security/patches/SA-04:04/tcp47.patch.asc b/share/security/patches/SA-04:04/tcp47.patch.asc
new file mode 100644
index 0000000000..4297f2adaa
--- /dev/null
+++ b/share/security/patches/SA-04:04/tcp47.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (Darwin)
+
+iD8DBQBARL/zFdaIBMps37IRAib7AJ9P/89x2b5r42XlI33xX0ce7ydcpQCfZDx4
+wxlE71YEfXgrv4oHr9EbnQg=
+=FEqe
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:04/tcp51.patch b/share/security/patches/SA-04:04/tcp51.patch
new file mode 100644
index 0000000000..2e1d969087
--- /dev/null
+++ b/share/security/patches/SA-04:04/tcp51.patch
@@ -0,0 +1,291 @@
+Index: sys/netinet/tcp_input.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v
+retrieving revision 1.205
+retrieving revision 1.205.2.1
+diff -c -r1.205 -r1.205.2.1
+*** sys/netinet/tcp_input.c	7 May 2003 05:26:27 -0000	1.205
+--- sys/netinet/tcp_input.c	15 Mar 2004 20:02:07 -0000	1.205.2.1
+***************
+*** 57,62 ****
+--- 57,64 ----
+  
+  #include <machine/cpu.h>	/* before tcp_seq.h, for tcp_random18() */
+  
++ #include <vm/uma.h>
++ 
+  #include <net/if.h>
+  #include <net/route.h>
+  
+***************
+*** 97,104 ****
+  
+  #include <machine/in_cksum.h>
+  
+- MALLOC_DEFINE(M_TSEGQ, "tseg_qent", "TCP segment queue entry");
+- 
+  static const int tcprexmtthresh = 3;
+  tcp_cc	tcp_ccgen;
+  
+--- 99,104 ----
+***************
+*** 134,139 ****
+--- 134,157 ----
+      &tcp_do_rfc3390, 0,
+      "Enable RFC 3390 (Increasing TCP's Initial Congestion Window)");
+  
++ SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0,
++     "TCP Segment Reassembly Queue");
++ 
++ static int tcp_reass_maxseg = 0;
++ SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, maxsegments, CTLFLAG_RD,
++     &tcp_reass_maxseg, 0,
++     "Global maximum number of TCP Segments in Reassembly Queue");
++ 
++ int tcp_reass_qsize = 0;
++ SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, cursegments, CTLFLAG_RD,
++     &tcp_reass_qsize, 0,
++     "Global number of TCP Segments currently in Reassembly Queue");
++ 
++ static int tcp_reass_overflows = 0;
++ SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, overflows, CTLFLAG_RD,
++     &tcp_reass_overflows, 0,
++     "Global number of TCP Segment Reassembly Queue Overflows");
++ 
+  struct inpcbhead tcb;
+  #define	tcb6	tcb  /* for KAME src sync over BSD*'s */
+  struct inpcbinfo tcbinfo;
+***************
+*** 175,180 ****
+--- 193,211 ----
+  	    (tp->t_flags & TF_RXWIN0SENT) == 0) &&			\
+  	    (tcp_delack_enabled || (tp->t_flags & TF_NEEDSYN)))
+  
++ /* Initialize TCP reassembly queue */
++ uma_zone_t	tcp_reass_zone;
++ void
++ tcp_reass_init()
++ {
++ 	tcp_reass_maxseg = nmbclusters / 16;
++ 	TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments",
++ 	    &tcp_reass_maxseg);
++ 	tcp_reass_zone = uma_zcreate("tcpreass", sizeof (struct tseg_qent),
++ 	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
++ 	uma_zone_set_max(tcp_reass_zone, tcp_reass_maxseg);
++ }
++ 
+  static int
+  tcp_reass(tp, th, tlenp, m)
+  	register struct tcpcb *tp;
+***************
+*** 185,191 ****
+  	struct tseg_qent *q;
+  	struct tseg_qent *p = NULL;
+  	struct tseg_qent *nq;
+! 	struct tseg_qent *te;
+  	struct socket *so = tp->t_inpcb->inp_socket;
+  	int flags;
+  
+--- 216,222 ----
+  	struct tseg_qent *q;
+  	struct tseg_qent *p = NULL;
+  	struct tseg_qent *nq;
+! 	struct tseg_qent *te = NULL;
+  	struct socket *so = tp->t_inpcb->inp_socket;
+  	int flags;
+  
+***************
+*** 196,209 ****
+  	if (th == 0)
+  		goto present;
+  
+! 	/* Allocate a new queue entry. If we can't, just drop the pkt. XXX */
+! 	MALLOC(te, struct tseg_qent *, sizeof (struct tseg_qent), M_TSEGQ,
+! 	       M_NOWAIT);
+  	if (te == NULL) {
+  		tcpstat.tcps_rcvmemdrop++;
+  		m_freem(m);
+  		return (0);
+  	}
+  
+  	/*
+  	 * Find a segment which begins after this one does.
+--- 227,258 ----
+  	if (th == 0)
+  		goto present;
+  
+! 	/*
+! 	 * Limit the number of segments in the reassembly queue to prevent
+! 	 * holding on to too many segments (and thus running out of mbufs).
+! 	 * Make sure to let the missing segment through which caused this
+! 	 * queue.  Always keep one global queue entry spare to be able to
+! 	 * process the missing segment.
+! 	 */
+! 	if (th->th_seq != tp->rcv_nxt &&
+! 	    tcp_reass_qsize + 1 >= tcp_reass_maxseg) {
+! 		tcp_reass_overflows++;
+! 		tcpstat.tcps_rcvmemdrop++;
+! 		m_freem(m);
+! 		return (0);
+! 	}
+! 
+! 	/*
+! 	 * Allocate a new queue entry. If we can't, or hit the zone limit
+! 	 * just drop the pkt.
+! 	 */
+! 	te = uma_zalloc(tcp_reass_zone, M_NOWAIT);
+  	if (te == NULL) {
+  		tcpstat.tcps_rcvmemdrop++;
+  		m_freem(m);
+  		return (0);
+  	}
++ 	tcp_reass_qsize++;
+  
+  	/*
+  	 * Find a segment which begins after this one does.
+***************
+*** 228,234 ****
+  				tcpstat.tcps_rcvduppack++;
+  				tcpstat.tcps_rcvdupbyte += *tlenp;
+  				m_freem(m);
+! 				FREE(te, M_TSEGQ);
+  				/*
+  				 * Try to present any queued data
+  				 * at the left window edge to the user.
+--- 277,284 ----
+  				tcpstat.tcps_rcvduppack++;
+  				tcpstat.tcps_rcvdupbyte += *tlenp;
+  				m_freem(m);
+! 				uma_zfree(tcp_reass_zone, te);
+! 				tcp_reass_qsize--;
+  				/*
+  				 * Try to present any queued data
+  				 * at the left window edge to the user.
+***************
+*** 263,269 ****
+  		nq = LIST_NEXT(q, tqe_q);
+  		LIST_REMOVE(q, tqe_q);
+  		m_freem(q->tqe_m);
+! 		FREE(q, M_TSEGQ);
+  		q = nq;
+  	}
+  
+--- 313,320 ----
+  		nq = LIST_NEXT(q, tqe_q);
+  		LIST_REMOVE(q, tqe_q);
+  		m_freem(q->tqe_m);
+! 		uma_zfree(tcp_reass_zone, q);
+! 		tcp_reass_qsize--;
+  		q = nq;
+  	}
+  
+***************
+*** 297,303 ****
+  			m_freem(q->tqe_m);
+  		else
+  			sbappend(&so->so_rcv, q->tqe_m);
+! 		FREE(q, M_TSEGQ);
+  		q = nq;
+  	} while (q && q->tqe_th->th_seq == tp->rcv_nxt);
+  	ND6_HINT(tp);
+--- 348,355 ----
+  			m_freem(q->tqe_m);
+  		else
+  			sbappend(&so->so_rcv, q->tqe_m);
+! 		uma_zfree(tcp_reass_zone, q);
+! 		tcp_reass_qsize--;
+  		q = nq;
+  	} while (q && q->tqe_th->th_seq == tp->rcv_nxt);
+  	ND6_HINT(tp);
+Index: sys/netinet/tcp_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v
+retrieving revision 1.160
+retrieving revision 1.160.2.1
+diff -c -r1.160 -r1.160.2.1
+*** sys/netinet/tcp_subr.c	7 May 2003 05:26:27 -0000	1.160
+--- sys/netinet/tcp_subr.c	15 Mar 2004 20:02:07 -0000	1.160.2.1
+***************
+*** 262,267 ****
+--- 262,268 ----
+  	uma_zone_set_max(tcptw_zone, maxsockets);
+  	tcp_timer_init();
+  	syncache_init();
++ 	tcp_reass_init();
+  }
+  
+  /*
+***************
+*** 763,769 ****
+  	while ((q = LIST_FIRST(&tp->t_segq)) != NULL) {
+  		LIST_REMOVE(q, tqe_q);
+  		m_freem(q->tqe_m);
+! 		FREE(q, M_TSEGQ);
+  	}
+  	inp->inp_ppcb = NULL;
+  	tp->t_inpcb = NULL;
+--- 764,771 ----
+  	while ((q = LIST_FIRST(&tp->t_segq)) != NULL) {
+  		LIST_REMOVE(q, tqe_q);
+  		m_freem(q->tqe_m);
+! 		uma_zfree(tcp_reass_zone, q);
+! 		tcp_reass_qsize--;
+  	}
+  	inp->inp_ppcb = NULL;
+  	tp->t_inpcb = NULL;
+***************
+*** 824,830 ****
+  			            != NULL) {
+  					LIST_REMOVE(te, tqe_q);
+  					m_freem(te->tqe_m);
+! 					FREE(te, M_TSEGQ);
+  				}
+  			}
+  			INP_UNLOCK(inpb);
+--- 826,833 ----
+  			            != NULL) {
+  					LIST_REMOVE(te, tqe_q);
+  					m_freem(te->tqe_m);
+! 					uma_zfree(tcp_reass_zone, te);
+! 					tcp_reass_qsize--;
+  				}
+  			}
+  			INP_UNLOCK(inpb);
+Index: sys/netinet/tcp_var.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_var.h,v
+retrieving revision 1.89
+retrieving revision 1.89.2.1
+diff -c -r1.89 -r1.89.2.1
+*** sys/netinet/tcp_var.h	7 May 2003 05:26:27 -0000	1.89
+--- sys/netinet/tcp_var.h	15 Mar 2004 20:02:07 -0000	1.89.2.1
+***************
+*** 54,62 ****
+  	struct	mbuf	*tqe_m;		/* mbuf contains packet */
+  };
+  LIST_HEAD(tsegqe_head, tseg_qent);
+! #ifdef MALLOC_DECLARE
+! MALLOC_DECLARE(M_TSEGQ);
+! #endif
+  
+  struct tcptemp {
+  	u_char	tt_ipgen[40]; /* the size must be of max ip header, now IPv6 */
+--- 54,61 ----
+  	struct	mbuf	*tqe_m;		/* mbuf contains packet */
+  };
+  LIST_HEAD(tsegqe_head, tseg_qent);
+! extern int	tcp_reass_qsize;
+! extern struct uma_zone	*tcp_reass_zone;
+  
+  struct tcptemp {
+  	u_char	tt_ipgen[40]; /* the size must be of max ip header, now IPv6 */
+***************
+*** 489,494 ****
+--- 488,494 ----
+  int	 tcp_output(struct tcpcb *);
+  struct inpcb *
+  	 tcp_quench(struct inpcb *, int);
++ void	 tcp_reass_init(void);
+  void	 tcp_respond(struct tcpcb *, void *,
+  	    struct tcphdr *, struct mbuf *, tcp_seq, tcp_seq, int);
+  int	 tcp_twrespond(struct tcptw *, struct socket *, struct mbuf *, int);
diff --git a/share/security/patches/SA-04:04/tcp51.patch.asc b/share/security/patches/SA-04:04/tcp51.patch.asc
new file mode 100644
index 0000000000..9117f78fe9
--- /dev/null
+++ b/share/security/patches/SA-04:04/tcp51.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAVwxJFdaIBMps37IRApJFAJ0WNmecUO0Zf0VfswJ7hzVDUkuCYACeJX1k
+ERTLLiwJolYaMSyEysAMdNM=
+=hMAU
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:04/tcp52.patch b/share/security/patches/SA-04:04/tcp52.patch
new file mode 100644
index 0000000000..ba42ba4b28
--- /dev/null
+++ b/share/security/patches/SA-04:04/tcp52.patch
@@ -0,0 +1,203 @@
+? tcp_reass-5.2.1-20040301.patch
+Index: tcp_input.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_input.c,v
+retrieving revision 1.217.2.1
+diff -u -p -r1.217.2.1 tcp_input.c
+--- sys/netinet/tcp_input.c	9 Jan 2004 12:32:36 -0000	1.217.2.1
++++ sys/netinet/tcp_input.c	1 Mar 2004 15:18:54 -0000
+@@ -57,6 +57,8 @@
+ 
+ #include <machine/cpu.h>	/* before tcp_seq.h, for tcp_random18() */
+ 
++#include <vm/uma.h>
++
+ #include <net/if.h>
+ #include <net/route.h>
+ 
+@@ -97,8 +99,6 @@
+ 
+ #include <machine/in_cksum.h>
+ 
+-MALLOC_DEFINE(M_TSEGQ, "tseg_qent", "TCP segment queue entry");
+-
+ static const int tcprexmtthresh = 3;
+ tcp_cc	tcp_ccgen;
+ 
+@@ -134,6 +134,24 @@ SYSCTL_INT(_net_inet_tcp, OID_AUTO, rfc3
+     &tcp_do_rfc3390, 0,
+     "Enable RFC 3390 (Increasing TCP's Initial Congestion Window)");
+ 
++SYSCTL_NODE(_net_inet_tcp, OID_AUTO, reass, CTLFLAG_RW, 0,
++    "TCP Segment Reassembly Queue");
++
++static int tcp_reass_maxseg = 0;
++SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, maxsegments, CTLFLAG_RDTUN,
++    &tcp_reass_maxseg, 0,
++    "Global maximum number of TCP Segments in Reassembly Queue");
++
++int tcp_reass_qsize = 0;
++SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, cursegments, CTLFLAG_RD,
++    &tcp_reass_qsize, 0,
++    "Global number of TCP Segments currently in Reassembly Queue");
++
++static int tcp_reass_overflows = 0;
++SYSCTL_INT(_net_inet_tcp_reass, OID_AUTO, overflows, CTLFLAG_RD,
++    &tcp_reass_overflows, 0,
++    "Global number of TCP Segment Reassembly Queue Overflows");
++
+ struct inpcbhead tcb;
+ #define	tcb6	tcb  /* for KAME src sync over BSD*'s */
+ struct inpcbinfo tcbinfo;
+@@ -174,6 +192,19 @@ do { \
+ 	    (tp->t_flags & TF_RXWIN0SENT) == 0) &&			\
+ 	    (tcp_delack_enabled || (tp->t_flags & TF_NEEDSYN)))
+ 
++/* Initialize TCP reassembly queue */
++uma_zone_t	tcp_reass_zone;
++void
++tcp_reass_init()
++{
++	tcp_reass_maxseg = nmbclusters / 16;
++	TUNABLE_INT_FETCH("net.inet.tcp.reass.maxsegments",
++	    &tcp_reass_maxseg);
++	tcp_reass_zone = uma_zcreate("tcpreass", sizeof (struct tseg_qent),
++	    NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE);
++	uma_zone_set_max(tcp_reass_zone, tcp_reass_maxseg);
++}
++
+ static int
+ tcp_reass(tp, th, tlenp, m)
+ 	register struct tcpcb *tp;
+@@ -184,7 +215,7 @@ tcp_reass(tp, th, tlenp, m)
+ 	struct tseg_qent *q;
+ 	struct tseg_qent *p = NULL;
+ 	struct tseg_qent *nq;
+-	struct tseg_qent *te;
++	struct tseg_qent *te = NULL;
+ 	struct socket *so = tp->t_inpcb->inp_socket;
+ 	int flags;
+ 
+@@ -195,9 +226,27 @@ tcp_reass(tp, th, tlenp, m)
+ 	if (th == 0)
+ 		goto present;
+ 
+-	/* Allocate a new queue entry. If we can't, just drop the pkt. XXX */
+-	MALLOC(te, struct tseg_qent *, sizeof (struct tseg_qent), M_TSEGQ,
+-	       M_NOWAIT);
++	/*
++	 * Limit the number of segments in the reassembly queue to prevent
++	 * holding on to too many segments (and thus running out of mbufs).
++	 * Make sure to let the missing segment through which caused this
++	 * queue.  Always keep one global queue entry spare to be able to
++	 * process the missing segment.
++	 */
++	if (th->th_seq != tp->rcv_nxt &&
++	    tcp_reass_qsize + 1 >= tcp_reass_maxseg) {
++		tcp_reass_overflows++;
++		tcpstat.tcps_rcvmemdrop++;
++		m_freem(m);
++		return (0);
++	}
++	tcp_reass_qsize++;
++
++	/*
++	 * Allocate a new queue entry. If we can't, or hit the zone limit
++	 * just drop the pkt.
++	 */
++	te = uma_zalloc(tcp_reass_zone, M_NOWAIT);
+ 	if (te == NULL) {
+ 		tcpstat.tcps_rcvmemdrop++;
+ 		m_freem(m);
+@@ -227,7 +276,8 @@ tcp_reass(tp, th, tlenp, m)
+ 				tcpstat.tcps_rcvduppack++;
+ 				tcpstat.tcps_rcvdupbyte += *tlenp;
+ 				m_freem(m);
+-				FREE(te, M_TSEGQ);
++				uma_zfree(tcp_reass_zone, te);
++				tcp_reass_qsize--;
+ 				/*
+ 				 * Try to present any queued data
+ 				 * at the left window edge to the user.
+@@ -262,7 +312,8 @@ tcp_reass(tp, th, tlenp, m)
+ 		nq = LIST_NEXT(q, tqe_q);
+ 		LIST_REMOVE(q, tqe_q);
+ 		m_freem(q->tqe_m);
+-		FREE(q, M_TSEGQ);
++		uma_zfree(tcp_reass_zone, q);
++		tcp_reass_qsize--;
+ 		q = nq;
+ 	}
+ 
+@@ -296,7 +347,8 @@ present:
+ 			m_freem(q->tqe_m);
+ 		else
+ 			sbappendstream(&so->so_rcv, q->tqe_m);
+-		FREE(q, M_TSEGQ);
++		uma_zfree(tcp_reass_zone, q);
++		tcp_reass_qsize--;
+ 		q = nq;
+ 	} while (q && q->tqe_th->th_seq == tp->rcv_nxt);
+ 	ND6_HINT(tp);
+Index: tcp_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v
+retrieving revision 1.169.2.3
+diff -u -p -r1.169.2.3 tcp_subr.c
+--- sys/netinet/tcp_subr.c	23 Feb 2004 15:32:55 -0000	1.169.2.3
++++ sys/netinet/tcp_subr.c	1 Mar 2004 15:18:54 -0000
+@@ -286,6 +286,7 @@ tcp_init()
+ 	tcp_timer_init();
+ 	syncache_init();
+ 	tcp_hc_init();
++	tcp_reass_init();
+ }
+ 
+ /*
+@@ -708,7 +709,8 @@ tcp_discardcb(tp)
+ 	while ((q = LIST_FIRST(&tp->t_segq)) != NULL) {
+ 		LIST_REMOVE(q, tqe_q);
+ 		m_freem(q->tqe_m);
+-		FREE(q, M_TSEGQ);
++		uma_zfree(tcp_reass_zone, q);
++		tcp_reass_qsize--;
+ 	}
+ 	inp->inp_ppcb = NULL;
+ 	tp->t_inpcb = NULL;
+@@ -769,7 +771,8 @@ tcp_drain()
+ 			            != NULL) {
+ 					LIST_REMOVE(te, tqe_q);
+ 					m_freem(te->tqe_m);
+-					FREE(te, M_TSEGQ);
++					uma_zfree(tcp_reass_zone, te);
++					tcp_reass_qsize--;
+ 				}
+ 			}
+ 			INP_UNLOCK(inpb);
+Index: tcp_var.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_var.h,v
+retrieving revision 1.93.2.1
+diff -u -p -r1.93.2.1 tcp_var.h
+--- sys/netinet/tcp_var.h	9 Jan 2004 12:32:36 -0000	1.93.2.1
++++ sys/netinet/tcp_var.h	1 Mar 2004 15:18:55 -0000
+@@ -54,9 +54,8 @@ struct tseg_qent {
+ 	struct	mbuf	*tqe_m;		/* mbuf contains packet */
+ };
+ LIST_HEAD(tsegqe_head, tseg_qent);
+-#ifdef MALLOC_DECLARE
+-MALLOC_DECLARE(M_TSEGQ);
+-#endif
++extern int	tcp_reass_qsize;
++extern struct uma_zone	*tcp_reass_zone;
+ 
+ struct tcptemp {
+ 	u_char	tt_ipgen[40]; /* the size must be of max ip header, now IPv6 */
+@@ -514,6 +513,7 @@ struct tcpcb *
+ int	 tcp_output(struct tcpcb *);
+ struct inpcb *
+ 	 tcp_quench(struct inpcb *, int);
++void	 tcp_reass_init(void);
+ void	 tcp_respond(struct tcpcb *, void *,
+ 	    struct tcphdr *, struct mbuf *, tcp_seq, tcp_seq, int);
+ int	 tcp_twrespond(struct tcptw *, struct socket *, struct mbuf *, int);
diff --git a/share/security/patches/SA-04:04/tcp52.patch.asc b/share/security/patches/SA-04:04/tcp52.patch.asc
new file mode 100644
index 0000000000..984d6fa00f
--- /dev/null
+++ b/share/security/patches/SA-04:04/tcp52.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (Darwin)
+
+iD8DBQBARL/5FdaIBMps37IRApGUAKCE5M7ldxWWx5k3jq+2YVzaratSNQCfYL4+
+BrpzA6sEb1if2TvdGEaXh+o=
+=xgUH
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:05/openssl.patch b/share/security/patches/SA-04:05/openssl.patch
new file mode 100644
index 0000000000..4ec6a3d112
--- /dev/null
+++ b/share/security/patches/SA-04:05/openssl.patch
@@ -0,0 +1,24 @@
+Index: crypto/openssl/ssl/s3_pkt.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_pkt.c,v
+retrieving revision 1.1.1.8
+diff -c -r1.1.1.8 s3_pkt.c
+*** crypto/openssl/ssl/s3_pkt.c	19 Feb 2003 23:17:05 -0000	1.1.1.8
+--- crypto/openssl/ssl/s3_pkt.c	16 Mar 2004 13:18:28 -0000
+***************
+*** 1085,1090 ****
+--- 1085,1098 ----
+  			goto err;
+  			}
+  
++ 		/* Check we have a cipher to change to */
++ 		if (s->s3->tmp.new_cipher == NULL)
++ 			{
++ 			i=SSL_AD_UNEXPECTED_MESSAGE;
++ 			SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_CCS_RECEIVED_EARLY);
++ 			goto err;
++ 			}
++ 
+  		rr->length=0;
+  
+  		if (s->msg_callback)
diff --git a/share/security/patches/SA-04:05/openssl.patch.asc b/share/security/patches/SA-04:05/openssl.patch.asc
new file mode 100644
index 0000000000..c93de14c78
--- /dev/null
+++ b/share/security/patches/SA-04:05/openssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAWGatFdaIBMps37IRAog1AJ9l4XFX5j5v6ISvGb+08dCOhFo72wCeNZyV
+eAd7UXRh33alpAEKvQTlDbI=
+=phrn
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:06/ipv6.patch b/share/security/patches/SA-04:06/ipv6.patch
new file mode 100644
index 0000000000..f9dc54585a
--- /dev/null
+++ b/share/security/patches/SA-04:06/ipv6.patch
@@ -0,0 +1,81 @@
+Index: src/sys/netinet/ip6.h
+diff -c src/sys/netinet/ip6.h:1.10 src/sys/netinet/ip6.h:1.11
+*** sys/netinet/ip6.h:1.10	Sat Oct 25 05:57:08 2003
+--- sys/netinet/ip6.h	Fri Mar 26 13:52:18 2004
+***************
+*** 213,218 ****
+--- 213,219 ----
+  
+  #define IPV6_MMTU	1280	/* minimal MTU and reassembly. 1024 + 256 */
+  #define IPV6_MAXPACKET	65535	/* ip6 max packet size without Jumbo payload*/
++ #define IPV6_MAXOPTHDR	2048	/* max option header size, 256 64-bit words */
+  
+  #ifdef _KERNEL
+  /*
+Index: src/sys/netinet6/ip6_output.c
+diff -c src/sys/netinet6/ip6_output.c:1.78 src/sys/netinet6/ip6_output.c:1.79
+*** sys/netinet6/ip6_output.c:1.78	Tue Feb 17 08:02:37 2004
+--- sys/netinet6/ip6_output.c	Fri Mar 26 13:52:18 2004
+***************
+*** 1780,1791 ****
+  					break;
+  				}
+  
+! 				optbuf = sopt->sopt_val;
+  				optlen = sopt->sopt_valsize;
+  				optp = &in6p->in6p_outputopts;
+  				error = ip6_pcbopt(optname,
+  						   optbuf, optlen,
+  						   optp, privileged, uproto);
+  				break;
+  			}
+  #undef OPTSET
+--- 1780,1827 ----
+  					break;
+  				}
+  
+! 				switch (optname) {
+! 				case IPV6_HOPOPTS:
+! 				case IPV6_DSTOPTS:
+! 				case IPV6_RTHDRDSTOPTS:
+! 				case IPV6_NEXTHOP:
+! 					if (!privileged)
+! 						error = EPERM;
+! 					break;
+! 				}
+! 				if (error)
+! 					break;
+! 
+! 				switch (optname) {
+! 				case IPV6_PKTINFO:
+! 					optlen = sizeof(struct in6_pktinfo);
+! 					break;
+! 				case IPV6_NEXTHOP:
+! 					optlen = SOCK_MAXADDRLEN;
+! 					break;
+! 				default:
+! 					optlen = IPV6_MAXOPTHDR;
+! 					break;
+! 				}
+! 				if (sopt->sopt_valsize > optlen) {
+! 					error = EINVAL;
+! 					break;
+! 				}
+! 
+  				optlen = sopt->sopt_valsize;
++ 				optbuf = malloc(optlen, M_TEMP, M_WAITOK);
++ 				error = sooptcopyin(sopt, optbuf, optlen,
++ 				    optlen);
++ 				if (error) {
++ 					free(optbuf, M_TEMP);
++ 					break;
++ 				}
++ 
+  				optp = &in6p->in6p_outputopts;
+  				error = ip6_pcbopt(optname,
+  						   optbuf, optlen,
+  						   optp, privileged, uproto);
++ 				free(optbuf, M_TEMP);
+  				break;
+  			}
+  #undef OPTSET
diff --git a/share/security/patches/SA-04:06/ipv6.patch.asc b/share/security/patches/SA-04:06/ipv6.patch.asc
new file mode 100644
index 0000000000..cf7311b23b
--- /dev/null
+++ b/share/security/patches/SA-04:06/ipv6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAaCQzFdaIBMps37IRAgOLAJ997cpE5mqo/VNTysOcm+PhymM7yACfVrtk
+aGeVelL6UHIMchAQE+2ENnw=
+=FIoh
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:07/cvs.patch b/share/security/patches/SA-04:07/cvs.patch
new file mode 100644
index 0000000000..93a7b8733f
--- /dev/null
+++ b/share/security/patches/SA-04:07/cvs.patch
@@ -0,0 +1,53 @@
+Index: contrib/cvs/src/client.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/client.c,v
+retrieving revision 1.10
+diff -c -r1.10 client.c
+*** contrib/cvs/src/client.c	21 Jan 2003 22:01:38 -0000	1.10
+--- contrib/cvs/src/client.c	14 Apr 2004 15:51:51 -0000
+***************
+*** 1054,1059 ****
+--- 1054,1072 ----
+      char *rdirp;
+      int reposdirname_absolute;
+  
++     /* For security reasons, if PATHNAME is absolute or attemps to ascend
++      * outside of the current sanbbox, we abort.  The server should not send us
++      * anything but relative paths which remain inside the sandbox here.
++      * Anything less means a trojan CVS server could create and edit arbitrary
++      * files on the client.
++      */
++     if (isabsolute (pathname) || pathname_levels (pathname) > 0)
++     {
++ 	error (0, 0,
++ 		"Server attempted to update a file via an invalid pathname:");
++ 	error (1, 0, "`%s'.", pathname);
++     }
++ 
+      reposname = NULL;
+      read_line (&reposname);
+      assert (reposname != NULL);
+Index: contrib/cvs/src/modules.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/modules.c,v
+retrieving revision 1.1.1.9
+diff -c -r1.1.1.9 modules.c
+*** contrib/cvs/src/modules.c	21 Jan 2004 16:27:56 -0000	1.1.1.9
+--- contrib/cvs/src/modules.c	14 Apr 2004 15:54:51 -0000
+***************
+*** 170,175 ****
+--- 170,183 ----
+      if (isabsolute (mname))
+  	error (1, 0, "Absolute module reference invalid: `%s'", mname);
+  
++     /* Similarly for directories that attempt to step above the root of the
++      * repository.
++      */
++     if (pathname_levels (mname) > 0)
++ 	error (1, 0, "up-level in module reference (`..') invalid: `%s'.",
++ 		mname);
++ 
++ 
+      /* if this is a directory to ignore, add it to that list */
+      if (mname[0] == '!' && mname[1] != '\0')
+      {
diff --git a/share/security/patches/SA-04:07/cvs.patch.asc b/share/security/patches/SA-04:07/cvs.patch.asc
new file mode 100644
index 0000000000..6d6c56d777
--- /dev/null
+++ b/share/security/patches/SA-04:07/cvs.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAfreYFdaIBMps37IRAvOaAJ4kjlv5JKBuQ2WqJNTfdpZHINsWewCggl5m
+gRHGyT7FJ3dXegl9JkPCXMs=
+=GDuC
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:08/heimdal51.patch b/share/security/patches/SA-04:08/heimdal51.patch
new file mode 100644
index 0000000000..c4294fb02a
--- /dev/null
+++ b/share/security/patches/SA-04:08/heimdal51.patch
@@ -0,0 +1,706 @@
+diff -urN crypto/heimdal/kdc/config.c heimdal-0.5.3/kdc/config.c
+--- crypto/heimdal/kdc/config.c	2003-03-17 07:46:55.000000000 +0100
++++ crypto/heimdal/kdc/config.c	2004-02-16 20:08:49.000000000 +0100
+@@ -64,6 +64,8 @@
+ krb5_boolean check_ticket_addresses;
+ krb5_boolean allow_null_ticket_addresses;
+ krb5_boolean allow_anonymous;
++int trpolicy;
++static const char *trpolicy_str;
+ 
+ static struct getarg_strings addresses_str;	/* addresses to listen on */
+ krb5_addresses explicit_addresses;
+@@ -292,9 +294,8 @@
+ 
+     get_dbinfo();
+     
+-    if(max_request_str){
++    if(max_request_str)
+ 	max_request = parse_bytes(max_request_str, NULL);
+-    }
+ 
+     if(max_request == 0){
+ 	p = krb5_config_get_string (context,
+@@ -365,6 +366,23 @@
+     allow_anonymous = 
+ 	krb5_config_get_bool(context, NULL, "kdc", 
+ 			     "allow-anonymous", NULL);
++    trpolicy_str = 
++	krb5_config_get_string_default(context, NULL, "always-check", "kdc", 
++				       "transited-policy", NULL);
++    if(strcasecmp(trpolicy_str, "always-check") == 0)
++	trpolicy = TRPOLICY_ALWAYS_CHECK;
++    else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0)
++	trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL;
++    else if(strcasecmp(trpolicy_str, "always-honour-request") == 0)
++	trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST;
++    else {
++	kdc_log(0, "unknown transited-policy: %s, reverting to always-check", 
++		trpolicy_str);
++	trpolicy = TRPOLICY_ALWAYS_CHECK;
++    }
++	
++	krb5_config_get_bool_default(context, NULL, TRUE, "kdc", 
++				     "enforce-transited-policy", NULL);
+ #ifdef KRB4
+     if(v4_realm == NULL){
+ 	p = krb5_config_get_string (context, NULL, 
+diff -urN crypto/heimdal/kdc/kdc.8 heimdal-0.5.3/kdc/kdc.8
+--- crypto/heimdal/kdc/kdc.8	2003-03-17 07:47:03.000000000 +0100
++++ crypto/heimdal/kdc/kdc.8	2004-02-16 18:50:11.000000000 +0100
+@@ -2,5 +2,5 @@
+ .\"
+-.Dd August 22, 2002
++.Dd October 22, 2003
+ .Dt KDC 8
+ .Os HEIMDAL
+ .Sh NAME
+@@ -145,6 +145,27 @@
+ check-ticket-addresses is TRUE.
+ .It Li allow-anonymous = Va boolean
+ Permit anonymous tickets with no addresses.
++.It Li transited-policy = Xo
++.Li always-check \*(Ba
++.Li allow-per-principal |
++.Li always-honour-request
++.Xc
++This controls how KDC requests with the
++.Li disable-transited-check
++flag are handled. It can be one of:
++.Bl -tag -width "xxx" -offset indent
++.It Li always-check
++Always check transited encoding, this is the default.
++.It Li allow-per-principal
++Currently this is identical to
++.Li always-check .
++In a future release, it will be possible to mark a principal as able
++to handle unchecked requests.
++.It Li always-honour-request
++Always do what the client asked.
++In a future release, it will be possible to force a check per
++principal.
++.El
+ .It encode_as_rep_as_tgs_rep = Va boolean
+ Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE code.  The
+ Heimdal clients allow both.
+diff -urN crypto/heimdal/kdc/kdc_locl.h heimdal-0.5.3/kdc/kdc_locl.h
+--- crypto/heimdal/kdc/kdc_locl.h	2003-03-17 07:47:23.000000000 +0100
++++ crypto/heimdal/kdc/kdc_locl.h	2004-02-16 19:24:43.000000000 +0100
+@@ -62,6 +62,11 @@
+ extern krb5_boolean check_ticket_addresses;
+ extern krb5_boolean allow_null_ticket_addresses;
+ extern krb5_boolean allow_anonymous;
++enum { TRPOLICY_ALWAYS_CHECK,
++       TRPOLICY_ALLOW_PER_PRINCIPAL, 
++       TRPOLICY_ALWAYS_HONOUR_REQUEST };
++extern int trpolicy;
++extern int enable_v4_cross_realm;
+ 
+ #ifdef KRB4
+ extern char *v4_realm;
+diff -urN crypto/heimdal/kdc/kerberos5.c heimdal-0.5.3/kdc/kerberos5.c
+--- crypto/heimdal/kdc/kerberos5.c	2002-09-09 16:03:02.000000000 +0200
++++ crypto/heimdal/kdc/kerberos5.c	2004-02-16 19:23:20.000000000 +0100
+@@ -355,10 +355,13 @@
+     
+     if(n != pa.len) {
+ 	char *name;
+-	krb5_unparse_name(context, client->principal, &name);
++	ret = krb5_unparse_name(context, client->principal, &name);
++	if (ret)
++	    name = "<unparse_name failed>";
+ 	kdc_log(0, "internal error in get_pa_etype_info(%s): %d != %d", 
+ 		name, n, pa.len);
+-	free(name);
++	if (ret == 0)
++	    free(name);
+ 	pa.len = n;
+     }
+ 
+@@ -496,8 +499,8 @@
+     krb5_enctype cetype, setype;
+     EncTicketPart et;
+     EncKDCRepPart ek;
+-    krb5_principal client_princ, server_princ;
+-    char *client_name, *server_name;
++    krb5_principal client_princ = NULL, server_princ = NULL;
++    char *client_name = NULL, *server_name = NULL;
+     krb5_error_code ret = 0;
+     const char *e_text = NULL;
+     krb5_crypto crypto;
+@@ -506,28 +509,32 @@
+     memset(&rep, 0, sizeof(rep));
+ 
+     if(b->sname == NULL){
+-	server_name = "<unknown server>";
+ 	ret = KRB5KRB_ERR_GENERIC;
+ 	e_text = "No server in request";
+     } else{
+ 	principalname2krb5_principal (&server_princ, *(b->sname), b->realm);
+-	krb5_unparse_name(context, server_princ, &server_name);
++	ret = krb5_unparse_name(context, server_princ, &server_name);
++    }
++    if (ret) {
++	kdc_log(0, "AS-REQ malformed server name from %s", from);
++	goto out;
+     }
+     
+     if(b->cname == NULL){
+-	client_name = "<unknown client>";
+ 	ret = KRB5KRB_ERR_GENERIC;
+ 	e_text = "No client in request";
+     } else {
+ 	principalname2krb5_principal (&client_princ, *(b->cname), b->realm);
+-	krb5_unparse_name(context, client_princ, &client_name);
++	ret = krb5_unparse_name(context, client_princ, &client_name);
+     }
++    if (ret) {
++	kdc_log(0, "AS-REQ malformed client name from %s", from);
++	goto out;
++    }
++
+     kdc_log(0, "AS-REQ %s from %s for %s", 
+ 	    client_name, from, server_name);
+ 
+-    if(ret)
+-	goto out;
+-
+     ret = db_fetch(client_princ, &client);
+     if(ret){
+ 	kdc_log(0, "UNKNOWN -- %s: %s", client_name,
+@@ -559,7 +566,6 @@
+ 	while((pa = find_padata(req, &i, KRB5_PADATA_ENC_TIMESTAMP))){
+ 	    krb5_data ts_data;
+ 	    PA_ENC_TS_ENC p;
+-	    time_t patime;
+ 	    size_t len;
+ 	    EncryptedData enc_data;
+ 	    Key *pa_key;
+@@ -635,7 +641,6 @@
+ 			 client_name);
+ 		continue;
+ 	    }
+-	    patime = p.patimestamp;
+ 	    free_PA_ENC_TS_ENC(&p);
+ 	    if (abs(kdc_time - p.patimestamp) > context->max_skew) {
+ 		ret = KRB5KDC_ERR_PREAUTH_FAILED;
+@@ -716,9 +721,10 @@
+ 	    if (ret == 0) {
+ 		kdc_log(5, "Using %s/%s", cet, set);
+ 		free(set);
+-	    } else
+-		free(cet);
+-	} else
++	    }
++	    free(cet);
++	}
++	if (ret != 0)
+ 	    kdc_log(5, "Using e-types %d/%d", cetype, setype);
+     }
+     
+@@ -841,13 +847,8 @@
+ 	copy_HostAddresses(b->addresses, et.caddr);
+     }
+     
+-    {
+-	krb5_data empty_string;
+-      
+-	krb5_data_zero(&empty_string); 
+-	et.transited.tr_type = DOMAIN_X500_COMPRESS;
+-	et.transited.contents = empty_string;
+-    }
++    et.transited.tr_type = DOMAIN_X500_COMPRESS;
++    krb5_data_zero(&et.transited.contents); 
+      
+     copy_EncryptionKey(&et.key, &ek.key);
+ 
+@@ -914,8 +915,8 @@
+ 		       client->kvno, &ckey->key, &e_text, reply);
+     free_EncTicketPart(&et);
+     free_EncKDCRepPart(&ek);
+-    free_AS_REP(&rep);
+   out:
++    free_AS_REP(&rep);
+     if(ret){
+ 	krb5_mk_error(context,
+ 		      ret,
+@@ -929,9 +930,11 @@
+ 	ret = 0;
+     }
+   out2:
+-    krb5_free_principal(context, client_princ);
++    if (client_princ)
++	krb5_free_principal(context, client_princ);
+     free(client_name);
+-    krb5_free_principal(context, server_princ);
++    if (server_princ)
++	krb5_free_principal(context, server_princ);
+     free(server_name);
+     if(client)
+ 	free_ent(client);
+@@ -1054,33 +1057,35 @@
+ }
+ 
+ static krb5_error_code
+-fix_transited_encoding(TransitedEncoding *tr, 
++fix_transited_encoding(krb5_boolean check_policy,
++		       TransitedEncoding *tr, 
++		       EncTicketPart *et, 
+ 		       const char *client_realm, 
+ 		       const char *server_realm, 
+ 		       const char *tgt_realm)
+ {
+     krb5_error_code ret = 0;
+-    if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)){
+-	char **realms = NULL, **tmp;
+-	int num_realms = 0;
+-	int i;
+-	if(tr->tr_type && tr->contents.length != 0) {
+-	    if(tr->tr_type != DOMAIN_X500_COMPRESS){
+-		kdc_log(0, "Unknown transited type: %u", 
+-			tr->tr_type);
+-		return KRB5KDC_ERR_TRTYPE_NOSUPP;
+-	    }
+-	    ret = krb5_domain_x500_decode(context, 
+-					  tr->contents,
+-					  &realms, 
+-					  &num_realms,
+-					  client_realm,
+-					  server_realm);
+-	    if(ret){
+-		krb5_warn(context, ret, "Decoding transited encoding");
+-		return ret;
+-	    }
+-	}
++    char **realms, **tmp;
++    int num_realms;
++    int i;
++
++    if(tr->tr_type != DOMAIN_X500_COMPRESS) {
++	kdc_log(0, "Unknown transited type: %u", tr->tr_type);
++	return KRB5KDC_ERR_TRTYPE_NOSUPP;
++    }
++
++    ret = krb5_domain_x500_decode(context, 
++				  tr->contents,
++				  &realms, 
++				  &num_realms,
++				  client_realm,
++				  server_realm);
++    if(ret){
++	krb5_warn(context, ret, "Decoding transited encoding");
++	return ret;
++    }
++    if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
++	/* not us, so add the previous realm to transited set */
+ 	if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) {
+ 	    ret = ERANGE;
+ 	    goto free_realms;
+@@ -1097,16 +1102,46 @@
+ 	    goto free_realms;
+ 	}
+ 	num_realms++;
+-	free_TransitedEncoding(tr);
+-	tr->tr_type = DOMAIN_X500_COMPRESS;
+-	ret = krb5_domain_x500_encode(realms, num_realms, &tr->contents);
+-	if(ret)
+-	    krb5_warn(context, ret, "Encoding transited encoding");
+-    free_realms:
++    }
++    if(num_realms == 0) {
++	if(strcmp(client_realm, server_realm)) 
++	    kdc_log(0, "cross-realm %s -> %s", client_realm, server_realm);
++    } else {
++	size_t l = 0;
++	char *rs;
+ 	for(i = 0; i < num_realms; i++)
+-	    free(realms[i]);
+-	free(realms);
++	    l += strlen(realms[i]) + 2;
++	rs = malloc(l);
++	if(rs != NULL) {
++	    *rs = '\0';
++	    for(i = 0; i < num_realms; i++) {
++		if(i > 0)
++		    strlcat(rs, ", ", l);
++		strlcat(rs, realms[i], l);
++	    }
++	    kdc_log(0, "cross-realm %s -> %s via [%s]", client_realm, server_realm, rs);
++	    free(rs);
++	}
+     }
++    if(check_policy) {
++	ret = krb5_check_transited(context, client_realm, 
++				   server_realm, 
++				   realms, num_realms, NULL);
++	if(ret) {
++	    krb5_warn(context, ret, "cross-realm %s -> %s", 
++		      client_realm, server_realm);
++	    goto free_realms;
++	}
++	et->flags.transited_policy_checked = 1;
++    }
++    et->transited.tr_type = DOMAIN_X500_COMPRESS;
++    ret = krb5_domain_x500_encode(realms, num_realms, &et->transited.contents);
++    if(ret)
++	krb5_warn(context, ret, "Encoding transited encoding");
++  free_realms:
++    for(i = 0; i < num_realms; i++)
++	free(realms[i]);
++    free(realms);
+     return ret;
+ }
+ 
+@@ -1172,18 +1207,35 @@
+     
+     ret = check_tgs_flags(b, tgt, &et);
+     if(ret)
+-	return ret;
++	goto out;
+ 
+-    copy_TransitedEncoding(&tgt->transited, &et.transited);
+-    ret = fix_transited_encoding(&et.transited,
++    /* We should check the transited encoding if:
++       1) the request doesn't ask not to be checked
++       2) globally enforcing a check
++       3) principal requires checking
++       4) we allow non-check per-principal, but principal isn't marked as allowing this
++       5) we don't globally allow this
++    */
++
++#define GLOBAL_FORCE_TRANSITED_CHECK		(trpolicy == TRPOLICY_ALWAYS_CHECK)
++#define GLOBAL_ALLOW_PER_PRINCIPAL		(trpolicy == TRPOLICY_ALLOW_PER_PRINCIPAL)
++#define GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK	(trpolicy == TRPOLICY_ALWAYS_HONOUR_REQUEST)
++/* these will consult the database in future release */
++#define PRINCIPAL_FORCE_TRANSITED_CHECK(P)		0
++#define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P)	0
++
++    ret = fix_transited_encoding(!f.disable_transited_check ||
++				 GLOBAL_FORCE_TRANSITED_CHECK ||
++				 PRINCIPAL_FORCE_TRANSITED_CHECK(server) ||
++				 !((GLOBAL_ALLOW_PER_PRINCIPAL && 
++				    PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) ||
++				   GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK),
++				 &tgt->transited, &et,
+ 				 *krb5_princ_realm(context, client_principal),
+ 				 *krb5_princ_realm(context, server->principal),
+ 				 *krb5_princ_realm(context, krbtgt->principal));
+-    if(ret){
+-	free_TransitedEncoding(&et.transited);
+-	return ret;
+-    }
+-
++    if(ret)
++	goto out;
+ 
+     copy_Realm(krb5_princ_realm(context, server->principal), 
+ 	       &rep.ticket.realm);
+@@ -1278,7 +1330,7 @@
+        DES3? */
+     ret = encode_reply(&rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey,
+ 		       0, &tgt->key, e_text, reply);
+-out:
++  out:
+     free_TGS_REP(&rep);
+     free_TransitedEncoding(&et.transited);
+     if(et.starttime)
+@@ -1380,13 +1432,13 @@
+ }
+ 
+ static Realm
+-find_rpath(Realm r)
++find_rpath(Realm crealm, Realm srealm)
+ {
+     const char *new_realm = krb5_config_get_string(context,
+ 						   NULL,
+-						   "libdefaults", 
+-						   "capath", 
+-						   r, 
++						   "capaths", 
++						   crealm,
++						   srealm,
+ 						   NULL);
+     return (Realm)new_realm;
+ }
+@@ -1456,10 +1508,14 @@
+ 
+     if(ret) {
+ 	char *p;
+-	krb5_unparse_name(context, princ, &p);
++	ret = krb5_unparse_name(context, princ, &p);
++	if (ret != 0)
++	    p = "<unparse_name failed>";
++	krb5_free_principal(context, princ);
+ 	kdc_log(0, "Ticket-granting ticket not found in database: %s: %s",
+ 		p, krb5_get_err_text(context, ret));
+-	free(p);
++	if (ret == 0)
++	    free(p);
+ 	ret = KRB5KRB_AP_ERR_NOT_US;
+ 	goto out2;
+     }
+@@ -1468,12 +1524,16 @@
+        *ap_req.ticket.enc_part.kvno != krbtgt->kvno){
+ 	char *p;
+ 
+-	krb5_unparse_name (context, princ, &p);
++	ret = krb5_unparse_name (context, princ, &p);
++	krb5_free_principal(context, princ);
++	if (ret != 0)
++	    p = "<unparse_name failed>";
+ 	kdc_log(0, "Ticket kvno = %d, DB kvno = %d (%s)", 
+ 		*ap_req.ticket.enc_part.kvno,
+ 		krbtgt->kvno,
+ 		p);
+-	free (p);
++	if (ret == 0)
++	    free (p);
+ 	ret = KRB5KRB_AP_ERR_BADKEYVER;
+ 	goto out2;
+     }
+@@ -1657,9 +1717,13 @@
+ 	}
+ 
+ 	principalname2krb5_principal(&sp, *s, r);
+-	krb5_unparse_name(context, sp, &spn);	
++	ret = krb5_unparse_name(context, sp, &spn);	
++	if (ret)
++	    goto out;
+ 	principalname2krb5_principal(&cp, tgt->cname, tgt->crealm);
+-	krb5_unparse_name(context, cp, &cpn);
++	ret = krb5_unparse_name(context, cp, &cpn);
++	if (ret)
++	    goto out;
+ 	unparse_flags (KDCOptions2int(b->kdc_options), KDCOptions_units,
+ 		       opt_str, sizeof(opt_str));
+ 	if(*opt_str)
+@@ -1676,7 +1740,7 @@
+ 
+ 	    if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
+ 		if(loop++ < 2) {
+-		    new_rlm = find_rpath(req_rlm);
++		    new_rlm = find_rpath(tgt->crealm, req_rlm);
+ 		    if(new_rlm) {
+ 			kdc_log(5, "krbtgt for realm %s not found, trying %s", 
+ 				req_rlm, new_rlm);
+@@ -1684,7 +1748,9 @@
+ 			free(spn);
+ 			krb5_make_principal(context, &sp, r, 
+ 					    KRB5_TGS_NAME, new_rlm, NULL);
+-			krb5_unparse_name(context, sp, &spn);	
++			ret = krb5_unparse_name(context, sp, &spn);	
++			if (ret)
++			    goto out;
+ 			goto server_lookup;
+ 		    }
+ 		}
+@@ -1697,7 +1763,9 @@
+ 		    free(spn);
+ 		    krb5_make_principal(context, &sp, r, KRB5_TGS_NAME,
+ 					realms[0], NULL);
+-		    krb5_unparse_name(context, sp, &spn);
++		    ret = krb5_unparse_name(context, sp, &spn);
++		    if (ret)
++			goto out;
+ 		    krb5_free_host_realm(context, realms);
+ 		    goto server_lookup;
+ 		}
+@@ -1725,6 +1793,18 @@
+ 	}
+ #endif
+ 
++	if(strcmp(krb5_principal_get_realm(context, sp),
++		  krb5_principal_get_comp_string(context, krbtgt->principal, 1)) != 0) {
++	    char *tpn;
++	    ret = krb5_unparse_name(context, krbtgt->principal, &tpn);
++	    kdc_log(0, "Request with wrong krbtgt: %s", (ret == 0) ? tpn : "<unknown>");
++	    if(ret == 0)
++		free(tpn);
++	    ret = KRB5KRB_AP_ERR_NOT_US;
++	    goto out;
++	    
++	}
++
+ 	ret = check_flags(client, cpn, server, spn, FALSE);
+ 	if(ret)
+ 	    goto out;
+diff -urN crypto/heimdal/lib/krb5/krb5-protos.h heimdal-0.5.3/lib/krb5/krb5-protos.h
+--- crypto/heimdal/lib/krb5/krb5-protos.h	2003-03-17 11:27:40.000000000 +0100
++++ crypto/heimdal/lib/krb5/krb5-protos.h	2004-04-01 16:16:33.000000000 +0200
+@@ -521,6 +521,15 @@
+ 	krb5_data */*result_string*/);
+ 
+ krb5_error_code
++krb5_check_transited (
++	krb5_context /*context*/,
++	krb5_const_realm /*client_realm*/,
++	krb5_const_realm /*server_realm*/,
++	krb5_realm */*realms*/,
++	int /*num_realms*/,
++	int */*bad_realm*/);
++
++krb5_error_code
+ krb5_check_transited_realms (
+ 	krb5_context /*context*/,
+ 	const char *const */*realms*/,
+diff -urN crypto/heimdal/lib/krb5/rd_req.c heimdal-0.5.3/lib/krb5/rd_req.c
+--- crypto/heimdal/lib/krb5/rd_req.c	2001-06-18 04:48:18.000000000 +0200
++++ crypto/heimdal/lib/krb5/rd_req.c	2004-02-16 19:17:47.000000000 +0100
+@@ -129,6 +129,32 @@
+     return 0;
+ }
+ 
++static krb5_error_code
++check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
++{
++    char **realms;
++    int num_realms;
++    krb5_error_code ret;
++	    
++    if(enc->transited.tr_type != DOMAIN_X500_COMPRESS)
++	return KRB5KDC_ERR_TRTYPE_NOSUPP;
++
++    if(enc->transited.contents.length == 0)
++	return 0;
++
++    ret = krb5_domain_x500_decode(context, enc->transited.contents, 
++				  &realms, &num_realms, 
++				  enc->crealm,
++				  ticket->realm);
++    if(ret)
++	return ret;
++    ret = krb5_check_transited(context, enc->crealm, 
++			       ticket->realm, 
++			       realms, num_realms, NULL);
++    free(realms);
++    return ret;
++}
++
+ krb5_error_code
+ krb5_decrypt_ticket(krb5_context context,
+ 		    Ticket *ticket,
+@@ -161,6 +187,14 @@
+ 	    krb5_clear_error_string (context);
+ 	    return KRB5KRB_AP_ERR_TKT_EXPIRED;
+ 	}
++	
++	if(!t.flags.transited_policy_checked) {
++	    ret = check_transited(context, ticket, &t);
++	    if(ret) {
++		free_EncTicketPart(&t);
++		return ret;
++	    }
++	}
+     }
+     
+     if(out)
+@@ -209,29 +243,6 @@
+     return ret;
+ }
+ 
+-#if 0
+-static krb5_error_code
+-check_transited(krb5_context context,
+-		krb5_ticket *ticket)
+-{
+-    char **realms;
+-    int num_realms;
+-    krb5_error_code ret;
+-
+-    if(ticket->ticket.transited.tr_type != DOMAIN_X500_COMPRESS)
+-	return KRB5KDC_ERR_TRTYPE_NOSUPP;
+-
+-    ret = krb5_domain_x500_decode(ticket->ticket.transited.contents, 
+-				  &realms, &num_realms, 
+-				  ticket->client->realm,
+-				  ticket->server->realm);
+-    if(ret)
+-	return ret;
+-    ret = krb5_check_transited_realms(context, realms, num_realms, NULL);
+-    free(realms);
+-    return ret;
+-}
+-#endif
+ 
+ krb5_error_code
+ krb5_verify_ap_req(krb5_context context,
+diff -urN crypto/heimdal/lib/krb5/transited.c heimdal-0.5.3/lib/krb5/transited.c
+--- crypto/heimdal/lib/krb5/transited.c	2002-09-09 16:03:03.000000000 +0200
++++ crypto/heimdal/lib/krb5/transited.c	2004-02-16 19:20:52.000000000 +0100
+@@ -304,6 +304,12 @@
+     struct tr_realm *p, **q;
+     int ret;
+     
++    if(tr.length == 0) {
++	*realms = NULL;
++	*num_realms = 0;
++	return 0;
++    }
++
+     /* split string in components */
+     ret = decode_realms(context, tr.data, tr.length, &r);
+     if(ret)
+@@ -358,6 +364,9 @@
+     char *s = NULL;
+     int len = 0;
+     int i;
++    krb5_data_zero(encoding);
++    if (num_realms == 0)
++	return 0;
+     for(i = 0; i < num_realms; i++){
+ 	len += strlen(realms[i]);
+ 	if(realms[i][0] == '/')
+@@ -365,6 +374,8 @@
+     }
+     len += num_realms - 1;
+     s = malloc(len + 1);
++    if (s == NULL)
++	return ENOMEM;
+     *s = '\0';
+     for(i = 0; i < num_realms; i++){
+ 	if(i && i < num_realms - 1)
+@@ -379,6 +390,44 @@
+ }
+ 
+ krb5_error_code
++krb5_check_transited(krb5_context context,
++		     krb5_const_realm client_realm,
++		     krb5_const_realm server_realm,
++		     krb5_realm *realms,
++		     int num_realms,
++		     int *bad_realm)
++{
++    char **tr_realms;
++    char **p;
++    int i;
++
++    if(num_realms == 0)
++	return 0;
++    
++    tr_realms = krb5_config_get_strings(context, NULL, 
++					"capaths", 
++					client_realm, 
++					server_realm, 
++					NULL);
++    for(i = 0; i < num_realms; i++) {
++	for(p = tr_realms; p && *p; p++) {
++	    if(strcmp(*p, realms[i]) == 0)
++		break;
++	}
++	if(p == NULL || *p == NULL) {
++	    krb5_config_free_strings(tr_realms);
++	    krb5_set_error_string (context, "no transit through realm %s",
++				   realms[i]);
++	    if(bad_realm)
++		*bad_realm = i;
++	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
++	}
++    }
++    krb5_config_free_strings(tr_realms);
++    return 0;
++}
++
++krb5_error_code
+ krb5_check_transited_realms(krb5_context context,
+ 			    const char *const *realms, 
+ 			    int num_realms, 
diff --git a/share/security/patches/SA-04:08/heimdal51.patch.asc b/share/security/patches/SA-04:08/heimdal51.patch.asc
new file mode 100644
index 0000000000..43d2f0d856
--- /dev/null
+++ b/share/security/patches/SA-04:08/heimdal51.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAmQMkFdaIBMps37IRAmCKAJ4sx4mekp5q8Z4x1WAUAWaL0DZJKQCghDH4
+sAJ08K+mQd3Jgr5Vk+db3jI=
+=VhTR
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:08/heimdal6.patch b/share/security/patches/SA-04:08/heimdal6.patch
new file mode 100644
index 0000000000..e4ffe8fab5
--- /dev/null
+++ b/share/security/patches/SA-04:08/heimdal6.patch
@@ -0,0 +1,558 @@
+diff -urN crypto/heimdal/kdc/config.c heimdal-0.5.3/kdc/config.c
+--- crypto/heimdal/kdc/config.c	2003-03-17 07:46:55.000000000 +0100
++++ crypto/heimdal/kdc/config.c	2004-02-16 20:08:49.000000000 +0100
+@@ -64,6 +64,8 @@
+ krb5_boolean check_ticket_addresses;
+ krb5_boolean allow_null_ticket_addresses;
+ krb5_boolean allow_anonymous;
++int trpolicy;
++static const char *trpolicy_str;
+ 
+ static struct getarg_strings addresses_str;	/* addresses to listen on */
+ krb5_addresses explicit_addresses;
+@@ -292,9 +294,8 @@
+ 
+     get_dbinfo();
+     
+-    if(max_request_str){
++    if(max_request_str)
+ 	max_request = parse_bytes(max_request_str, NULL);
+-    }
+ 
+     if(max_request == 0){
+ 	p = krb5_config_get_string (context,
+@@ -365,6 +366,23 @@
+     allow_anonymous = 
+ 	krb5_config_get_bool(context, NULL, "kdc", 
+ 			     "allow-anonymous", NULL);
++    trpolicy_str = 
++	krb5_config_get_string_default(context, NULL, "always-check", "kdc", 
++				       "transited-policy", NULL);
++    if(strcasecmp(trpolicy_str, "always-check") == 0)
++	trpolicy = TRPOLICY_ALWAYS_CHECK;
++    else if(strcasecmp(trpolicy_str, "allow-per-principal") == 0)
++	trpolicy = TRPOLICY_ALLOW_PER_PRINCIPAL;
++    else if(strcasecmp(trpolicy_str, "always-honour-request") == 0)
++	trpolicy = TRPOLICY_ALWAYS_HONOUR_REQUEST;
++    else {
++	kdc_log(0, "unknown transited-policy: %s, reverting to always-check", 
++		trpolicy_str);
++	trpolicy = TRPOLICY_ALWAYS_CHECK;
++    }
++	
++	krb5_config_get_bool_default(context, NULL, TRUE, "kdc", 
++				     "enforce-transited-policy", NULL);
+ #ifdef KRB4
+     if(v4_realm == NULL){
+ 	p = krb5_config_get_string (context, NULL, 
+diff -urN crypto/heimdal/kdc/kdc.8 heimdal-0.5.3/kdc/kdc.8
+--- crypto/heimdal/kdc/kdc.8	2003-03-17 07:47:03.000000000 +0100
++++ crypto/heimdal/kdc/kdc.8	2004-02-16 18:50:11.000000000 +0100
+@@ -2,5 +2,5 @@
+ .\"
+-.Dd August 22, 2002
++.Dd October 22, 2003
+ .Dt KDC 8
+ .Os HEIMDAL
+ .Sh NAME
+@@ -145,6 +145,27 @@
+ check-ticket-addresses is TRUE.
+ .It Li allow-anonymous = Va boolean
+ Permit anonymous tickets with no addresses.
++.It Li transited-policy = Xo
++.Li always-check \*(Ba
++.Li allow-per-principal |
++.Li always-honour-request
++.Xc
++This controls how KDC requests with the
++.Li disable-transited-check
++flag are handled. It can be one of:
++.Bl -tag -width "xxx" -offset indent
++.It Li always-check
++Always check transited encoding, this is the default.
++.It Li allow-per-principal
++Currently this is identical to
++.Li always-check .
++In a future release, it will be possible to mark a principal as able
++to handle unchecked requests.
++.It Li always-honour-request
++Always do what the client asked.
++In a future release, it will be possible to force a check per
++principal.
++.El
+ .It encode_as_rep_as_tgs_rep = Va boolean
+ Encode AS-Rep as TGS-Rep to be bug-compatible with old DCE code.  The
+ Heimdal clients allow both.
+diff -u crypto/heimdal/kdc/kdc_locl.h:1.1.1.6 crypto/heimdal/kdc/kdc_locl.h:1.1.1.7
+--- crypto/heimdal/kdc/kdc_locl.h:1.1.1.6	Thu Oct  9 14:36:19 2003
++++ crypto/heimdal/kdc/kdc_locl.h	Sat Apr  3 15:20:48 2004
+@@ -62,6 +62,10 @@
+ extern krb5_boolean check_ticket_addresses;
+ extern krb5_boolean allow_null_ticket_addresses;
+ extern krb5_boolean allow_anonymous;
++enum { TRPOLICY_ALWAYS_CHECK,
++       TRPOLICY_ALLOW_PER_PRINCIPAL, 
++       TRPOLICY_ALWAYS_HONOUR_REQUEST };
++extern int trpolicy;
+ extern int enable_524;
+ extern int enable_v4_cross_realm;
+ 
+--- crypto/heimdal/kdc/kerberos5.c	9 Oct 2003 19:36:19 -0000	1.1.1.8
++++ crypto/heimdal/kdc/kerberos5.c	3 Apr 2004 21:20:51 -0000	1.1.1.9
+@@ -496,8 +496,8 @@
+     krb5_enctype cetype, setype;
+     EncTicketPart et;
+     EncKDCRepPart ek;
+-    krb5_principal client_princ, server_princ;
+-    char *client_name, *server_name;
++    krb5_principal client_princ = NULL, server_princ = NULL;
++    char *client_name = NULL, *server_name = NULL;
+     krb5_error_code ret = 0;
+     const char *e_text = NULL;
+     krb5_crypto crypto;
+@@ -506,27 +506,30 @@
+     memset(&rep, 0, sizeof(rep));
+ 
+     if(b->sname == NULL){
+-	server_name = "<unknown server>";
+ 	ret = KRB5KRB_ERR_GENERIC;
+ 	e_text = "No server in request";
+     } else{
+ 	principalname2krb5_principal (&server_princ, *(b->sname), b->realm);
+ 	krb5_unparse_name(context, server_princ, &server_name);
+     }
++    if (ret) {
++	kdc_log(0, "AS-REQ malformed server name from %s", from);
++	goto out;
++    }
+     
+     if(b->cname == NULL){
+-	client_name = "<unknown client>";
+ 	ret = KRB5KRB_ERR_GENERIC;
+ 	e_text = "No client in request";
+     } else {
+ 	principalname2krb5_principal (&client_princ, *(b->cname), b->realm);
+ 	krb5_unparse_name(context, client_princ, &client_name);
+     }
+-    kdc_log(0, "AS-REQ %s from %s for %s", 
+-	    client_name, from, server_name);
+-
+-    if(ret)
++    if (ret) {
++	kdc_log(0, "AS-REQ malformed client name from %s", from);
+ 	goto out;
++    }
++
++    kdc_log(0, "AS-REQ %s from %s for %s", client_name, from, server_name);
+ 
+     ret = db_fetch(client_princ, &client);
+     if(ret){
+@@ -842,13 +845,8 @@
+ 	copy_HostAddresses(b->addresses, et.caddr);
+     }
+     
+-    {
+-	krb5_data empty_string;
+-      
+-	krb5_data_zero(&empty_string); 
+-	et.transited.tr_type = DOMAIN_X500_COMPRESS;
+-	et.transited.contents = empty_string;
+-    }
++    et.transited.tr_type = DOMAIN_X500_COMPRESS;
++    krb5_data_zero(&et.transited.contents); 
+      
+     copy_EncryptionKey(&et.key, &ek.key);
+ 
+@@ -930,9 +928,11 @@
+ 	ret = 0;
+     }
+   out2:
+-    krb5_free_principal(context, client_princ);
++    if (client_princ)
++	krb5_free_principal(context, client_princ);
+     free(client_name);
+-    krb5_free_principal(context, server_princ);
++    if (server_princ)
++	krb5_free_principal(context, server_princ);
+     free(server_name);
+     if(client)
+ 	free_ent(client);
+@@ -1055,33 +1055,35 @@
+ }
+ 
+ static krb5_error_code
+-fix_transited_encoding(TransitedEncoding *tr, 
++fix_transited_encoding(krb5_boolean check_policy,
++		       TransitedEncoding *tr, 
++		       EncTicketPart *et, 
+ 		       const char *client_realm, 
+ 		       const char *server_realm, 
+ 		       const char *tgt_realm)
+ {
+     krb5_error_code ret = 0;
+-    if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)){
+-	char **realms = NULL, **tmp;
+-	int num_realms = 0;
+-	int i;
+-	if(tr->tr_type && tr->contents.length != 0) {
+-	    if(tr->tr_type != DOMAIN_X500_COMPRESS){
+-		kdc_log(0, "Unknown transited type: %u", 
+-			tr->tr_type);
+-		return KRB5KDC_ERR_TRTYPE_NOSUPP;
+-	    }
+-	    ret = krb5_domain_x500_decode(context, 
+-					  tr->contents,
+-					  &realms, 
+-					  &num_realms,
+-					  client_realm,
+-					  server_realm);
+-	    if(ret){
+-		krb5_warn(context, ret, "Decoding transited encoding");
+-		return ret;
+-	    }
+-	}
++    char **realms, **tmp;
++    int num_realms;
++    int i;
++
++    if(tr->tr_type != DOMAIN_X500_COMPRESS) {
++	kdc_log(0, "Unknown transited type: %u", tr->tr_type);
++	return KRB5KDC_ERR_TRTYPE_NOSUPP;
++    }
++
++    ret = krb5_domain_x500_decode(context, 
++				  tr->contents,
++				  &realms, 
++				  &num_realms,
++				  client_realm,
++				  server_realm);
++    if(ret){
++	krb5_warn(context, ret, "Decoding transited encoding");
++	return ret;
++    }
++    if(strcmp(client_realm, tgt_realm) && strcmp(server_realm, tgt_realm)) {
++	/* not us, so add the previous realm to transited set */
+ 	if (num_realms < 0 || num_realms + 1 > UINT_MAX/sizeof(*realms)) {
+ 	    ret = ERANGE;
+ 	    goto free_realms;
+@@ -1098,16 +1100,46 @@
+ 	    goto free_realms;
+ 	}
+ 	num_realms++;
+-	free_TransitedEncoding(tr);
+-	tr->tr_type = DOMAIN_X500_COMPRESS;
+-	ret = krb5_domain_x500_encode(realms, num_realms, &tr->contents);
+-	if(ret)
+-	    krb5_warn(context, ret, "Encoding transited encoding");
+-    free_realms:
++    }
++    if(num_realms == 0) {
++	if(strcmp(client_realm, server_realm)) 
++	    kdc_log(0, "cross-realm %s -> %s", client_realm, server_realm);
++    } else {
++	size_t l = 0;
++	char *rs;
+ 	for(i = 0; i < num_realms; i++)
+-	    free(realms[i]);
+-	free(realms);
++	    l += strlen(realms[i]) + 2;
++	rs = malloc(l);
++	if(rs != NULL) {
++	    *rs = '\0';
++	    for(i = 0; i < num_realms; i++) {
++		if(i > 0)
++		    strlcat(rs, ", ", l);
++		strlcat(rs, realms[i], l);
++	    }
++	    kdc_log(0, "cross-realm %s -> %s via [%s]", client_realm, server_realm, rs);
++	    free(rs);
++	}
+     }
++    if(check_policy) {
++	ret = krb5_check_transited(context, client_realm, 
++				   server_realm, 
++				   realms, num_realms, NULL);
++	if(ret) {
++	    krb5_warn(context, ret, "cross-realm %s -> %s", 
++		      client_realm, server_realm);
++	    goto free_realms;
++	}
++	et->flags.transited_policy_checked = 1;
++    }
++    et->transited.tr_type = DOMAIN_X500_COMPRESS;
++    ret = krb5_domain_x500_encode(realms, num_realms, &et->transited.contents);
++    if(ret)
++	krb5_warn(context, ret, "Encoding transited encoding");
++  free_realms:
++    for(i = 0; i < num_realms; i++)
++	free(realms[i]);
++    free(realms);
+     return ret;
+ }
+ 
+@@ -1175,8 +1207,28 @@
+     if(ret)
+ 	goto out;
+ 
+-    copy_TransitedEncoding(&tgt->transited, &et.transited);
+-    ret = fix_transited_encoding(&et.transited,
++    /* We should check the transited encoding if:
++       1) the request doesn't ask not to be checked
++       2) globally enforcing a check
++       3) principal requires checking
++       4) we allow non-check per-principal, but principal isn't marked as allowing this
++       5) we don't globally allow this
++    */
++
++#define GLOBAL_FORCE_TRANSITED_CHECK		(trpolicy == TRPOLICY_ALWAYS_CHECK)
++#define GLOBAL_ALLOW_PER_PRINCIPAL		(trpolicy == TRPOLICY_ALLOW_PER_PRINCIPAL)
++#define GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK	(trpolicy == TRPOLICY_ALWAYS_HONOUR_REQUEST)
++/* these will consult the database in future release */
++#define PRINCIPAL_FORCE_TRANSITED_CHECK(P)		0
++#define PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(P)	0
++
++    ret = fix_transited_encoding(!f.disable_transited_check ||
++				 GLOBAL_FORCE_TRANSITED_CHECK ||
++				 PRINCIPAL_FORCE_TRANSITED_CHECK(server) ||
++				 !((GLOBAL_ALLOW_PER_PRINCIPAL && 
++				    PRINCIPAL_ALLOW_DISABLE_TRANSITED_CHECK(server)) ||
++				   GLOBAL_ALLOW_DISABLE_TRANSITED_CHECK),
++				 &tgt->transited, &et,
+ 				 *krb5_princ_realm(context, client_principal),
+ 				 *krb5_princ_realm(context, server->principal),
+ 				 *krb5_princ_realm(context, krbtgt->principal));
+@@ -1276,7 +1328,7 @@
+        DES3? */
+     ret = encode_reply(&rep, &et, &ek, etype, adtkt ? 0 : server->kvno, ekey,
+ 		       0, &tgt->key, e_text, reply);
+-out:
++  out:
+     free_TGS_REP(&rep);
+     free_TransitedEncoding(&et.transited);
+     if(et.starttime)
+@@ -1378,13 +1430,13 @@
+ }
+ 
+ static Realm
+-find_rpath(Realm r)
++find_rpath(Realm crealm, Realm srealm)
+ {
+     const char *new_realm = krb5_config_get_string(context,
+ 						   NULL,
+-						   "libdefaults", 
+-						   "capath", 
+-						   r, 
++						   "capaths", 
++						   crealm,
++						   srealm,
+ 						   NULL);
+     return (Realm)new_realm;
+ }
+@@ -1676,7 +1728,7 @@
+ 
+ 	    if ((req_rlm = get_krbtgt_realm(&sp->name)) != NULL) {
+ 		if(loop++ < 2) {
+-		    new_rlm = find_rpath(req_rlm);
++		    new_rlm = find_rpath(tgt->crealm, req_rlm);
+ 		    if(new_rlm) {
+ 			kdc_log(5, "krbtgt for realm %s not found, trying %s", 
+ 				req_rlm, new_rlm);
+@@ -1724,6 +1776,18 @@
+ 	    goto out;
+ 	}
+ #endif
++
++	if(strcmp(krb5_principal_get_realm(context, sp),
++		  krb5_principal_get_comp_string(context, krbtgt->principal, 1)) != 0) {
++	    char *tpn;
++	    ret = krb5_unparse_name(context, krbtgt->principal, &tpn);
++	    kdc_log(0, "Request with wrong krbtgt: %s", (ret == 0) ? tpn : "<unknown>");
++	    if(ret == 0)
++		free(tpn);
++	    ret = KRB5KRB_AP_ERR_NOT_US;
++	    goto out;
++	    
++	}
+ 
+ 	ret = check_flags(client, cpn, server, spn, FALSE);
+ 	if(ret)
+diff -urN crypto/heimdal/lib/krb5/krb5-protos.h heimdal-0.5.3/lib/krb5/krb5-protos.h
+--- crypto/heimdal/lib/krb5/krb5-protos.h	2003-03-17 11:27:40.000000000 +0100
++++ crypto/heimdal/lib/krb5/krb5-protos.h	2004-04-01 16:16:33.000000000 +0200
+@@ -521,6 +521,15 @@
+ 	krb5_data */*result_string*/);
+ 
+ krb5_error_code
++krb5_check_transited (
++	krb5_context /*context*/,
++	krb5_const_realm /*client_realm*/,
++	krb5_const_realm /*server_realm*/,
++	krb5_realm */*realms*/,
++	int /*num_realms*/,
++	int */*bad_realm*/);
++
++krb5_error_code
+ krb5_check_transited_realms (
+ 	krb5_context /*context*/,
+ 	const char *const */*realms*/,
+diff -urN crypto/heimdal/lib/krb5/rd_req.c heimdal-0.5.3/lib/krb5/rd_req.c
+--- crypto/heimdal/lib/krb5/rd_req.c	2001-06-18 04:48:18.000000000 +0200
++++ crypto/heimdal/lib/krb5/rd_req.c	2004-02-16 19:17:47.000000000 +0100
+@@ -129,6 +129,32 @@
+     return 0;
+ }
+ 
++static krb5_error_code
++check_transited(krb5_context context, Ticket *ticket, EncTicketPart *enc)
++{
++    char **realms;
++    int num_realms;
++    krb5_error_code ret;
++	    
++    if(enc->transited.tr_type != DOMAIN_X500_COMPRESS)
++	return KRB5KDC_ERR_TRTYPE_NOSUPP;
++
++    if(enc->transited.contents.length == 0)
++	return 0;
++
++    ret = krb5_domain_x500_decode(context, enc->transited.contents, 
++				  &realms, &num_realms, 
++				  enc->crealm,
++				  ticket->realm);
++    if(ret)
++	return ret;
++    ret = krb5_check_transited(context, enc->crealm, 
++			       ticket->realm, 
++			       realms, num_realms, NULL);
++    free(realms);
++    return ret;
++}
++
+ krb5_error_code
+ krb5_decrypt_ticket(krb5_context context,
+ 		    Ticket *ticket,
+@@ -161,6 +187,14 @@
+ 	    krb5_clear_error_string (context);
+ 	    return KRB5KRB_AP_ERR_TKT_EXPIRED;
+ 	}
++	
++	if(!t.flags.transited_policy_checked) {
++	    ret = check_transited(context, ticket, &t);
++	    if(ret) {
++		free_EncTicketPart(&t);
++		return ret;
++	    }
++	}
+     }
+     
+     if(out)
+@@ -209,29 +243,6 @@
+     return ret;
+ }
+ 
+-#if 0
+-static krb5_error_code
+-check_transited(krb5_context context,
+-		krb5_ticket *ticket)
+-{
+-    char **realms;
+-    int num_realms;
+-    krb5_error_code ret;
+-
+-    if(ticket->ticket.transited.tr_type != DOMAIN_X500_COMPRESS)
+-	return KRB5KDC_ERR_TRTYPE_NOSUPP;
+-
+-    ret = krb5_domain_x500_decode(ticket->ticket.transited.contents, 
+-				  &realms, &num_realms, 
+-				  ticket->client->realm,
+-				  ticket->server->realm);
+-    if(ret)
+-	return ret;
+-    ret = krb5_check_transited_realms(context, realms, num_realms, NULL);
+-    free(realms);
+-    return ret;
+-}
+-#endif
+ 
+ krb5_error_code
+ krb5_verify_ap_req(krb5_context context,
+diff -urN crypto/heimdal/lib/krb5/transited.c heimdal-0.5.3/lib/krb5/transited.c
+--- crypto/heimdal/lib/krb5/transited.c	2002-09-09 16:03:03.000000000 +0200
++++ crypto/heimdal/lib/krb5/transited.c	2004-02-16 19:20:52.000000000 +0100
+@@ -304,6 +304,12 @@
+     struct tr_realm *p, **q;
+     int ret;
+     
++    if(tr.length == 0) {
++	*realms = NULL;
++	*num_realms = 0;
++	return 0;
++    }
++
+     /* split string in components */
+     ret = decode_realms(context, tr.data, tr.length, &r);
+     if(ret)
+@@ -358,6 +364,9 @@
+     char *s = NULL;
+     int len = 0;
+     int i;
++    krb5_data_zero(encoding);
++    if (num_realms == 0)
++	return 0;
+     for(i = 0; i < num_realms; i++){
+ 	len += strlen(realms[i]);
+ 	if(realms[i][0] == '/')
+@@ -365,6 +374,8 @@
+     }
+     len += num_realms - 1;
+     s = malloc(len + 1);
++    if (s == NULL)
++	return ENOMEM;
+     *s = '\0';
+     for(i = 0; i < num_realms; i++){
+ 	if(i && i < num_realms - 1)
+@@ -379,6 +390,44 @@
+ }
+ 
+ krb5_error_code
++krb5_check_transited(krb5_context context,
++		     krb5_const_realm client_realm,
++		     krb5_const_realm server_realm,
++		     krb5_realm *realms,
++		     int num_realms,
++		     int *bad_realm)
++{
++    char **tr_realms;
++    char **p;
++    int i;
++
++    if(num_realms == 0)
++	return 0;
++    
++    tr_realms = krb5_config_get_strings(context, NULL, 
++					"capaths", 
++					client_realm, 
++					server_realm, 
++					NULL);
++    for(i = 0; i < num_realms; i++) {
++	for(p = tr_realms; p && *p; p++) {
++	    if(strcmp(*p, realms[i]) == 0)
++		break;
++	}
++	if(p == NULL || *p == NULL) {
++	    krb5_config_free_strings(tr_realms);
++	    krb5_set_error_string (context, "no transit through realm %s",
++				   realms[i]);
++	    if(bad_realm)
++		*bad_realm = i;
++	    return KRB5KRB_AP_ERR_ILL_CR_TKT;
++	}
++    }
++    krb5_config_free_strings(tr_realms);
++    return 0;
++}
++
++krb5_error_code
+ krb5_check_transited_realms(krb5_context context,
+ 			    const char *const *realms, 
+ 			    int num_realms, 
diff --git a/share/security/patches/SA-04:08/heimdal6.patch.asc b/share/security/patches/SA-04:08/heimdal6.patch.asc
new file mode 100644
index 0000000000..a4c013ac74
--- /dev/null
+++ b/share/security/patches/SA-04:08/heimdal6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAmQMsFdaIBMps37IRAishAJ4ztek3BgXcsfTvly5Utcjj0Ea0hACcD6Aa
+Xc8ITO7LoLddoppM9dRniVw=
+=GXJs
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:09/kadmin.patch b/share/security/patches/SA-04:09/kadmin.patch
new file mode 100644
index 0000000000..3b223fffe9
--- /dev/null
+++ b/share/security/patches/SA-04:09/kadmin.patch
@@ -0,0 +1,11 @@
+--- crypto/heimdal/kadmin/version4.c	Thu Oct  9 14:44:32 2003
++++ crypto/heimdal/kadmin/version4.c	Thu Apr 29 07:29:23 2004
+@@ -965,6 +965,8 @@
+ 	if(term_flag)
+ 	    exit(0);
+ 	if(first) {
++	    if (len < 2)
++		krb5_errx(context, 1, "received too short len (%d < 2)", len);
+ 	    /* first time around, we have already read len, and two
+                bytes of the version string */
+ 	    krb5_data_alloc(&message, len);
diff --git a/share/security/patches/SA-04:09/kadmin.patch.asc b/share/security/patches/SA-04:09/kadmin.patch.asc
new file mode 100644
index 0000000000..7f7e992f41
--- /dev/null
+++ b/share/security/patches/SA-04:09/kadmin.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAmQLbFdaIBMps37IRAq8qAJ9emkM0V4OmDIVAje1toTd/fIN/GQCfdTg8
+aG5sx0m9fhaeq4HmLfxX1x4=
+=n+bE
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:10/cvs.patch b/share/security/patches/SA-04:10/cvs.patch
new file mode 100644
index 0000000000..292a9afab7
--- /dev/null
+++ b/share/security/patches/SA-04:10/cvs.patch
@@ -0,0 +1,85 @@
+Index: contrib/cvs/src/server.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/server.c,v
+retrieving revision 1.1.1.15
+diff -u -r1.1.1.15 server.c
+--- contrib/cvs/src/server.c	15 Apr 2004 01:01:55 -0000	1.1.1.15
++++ contrib/cvs/src/server.c	20 May 2004 13:03:43 -0000
+@@ -1638,8 +1638,18 @@
+ 	    && strncmp (arg, name, cp - name) == 0)
+ 	{
+ 	    timefield = strchr (cp + 1, '/') + 1;
+-	    if (*timefield != '=')
++	    /* If the time field is not currently empty, then one of
++	     * serve_modified, serve_is_modified, & serve_unchanged were
++	     * already called for this file.  We would like to ignore the
++	     * reinvocation silently or, better yet, exit with an error
++	     * message, but we just avoid the copy-forward and overwrite the
++	     * value from the last invocation instead.  See the comment below
++	     * for more.
++	     */
++	    if (*timefield == '/')
+ 	    {
++		/* Copy forward one character.  Space was allocated for this
++		 * already in serve_entry().  */
+ 		cp = timefield + strlen (timefield);
+ 		cp[1] = '\0';
+ 		while (cp > timefield)
+@@ -1647,8 +1657,17 @@
+ 		    *cp = cp[-1];
+ 		    --cp;
+ 		}
+-		*timefield = '=';
+ 	    }
++	    /* If *TIMEFIELD wasn't "/", we assume that it was because of
++	     * multiple calls to Is-Modified & Unchanged by the client and
++	     * just overwrite the value from the last call.  Technically, we
++	     * should probably either ignore calls after the first or send the
++	     * client an error, since the client/server protocol specification
++	     * specifies that only one call to either Is-Modified or Unchanged
++	     * is allowed, but broken versions of WinCVS & TortoiseCVS rely on
++	     * this behavior.
++	     */
++	    *timefield = '=';
+ 	    break;
+ 	}
+     }
+@@ -1682,8 +1701,18 @@
+ 	    && strncmp (arg, name, cp - name) == 0)
+ 	{
+ 	    timefield = strchr (cp + 1, '/') + 1;
+-	    if (!(timefield[0] == 'M' && timefield[1] == '/'))
++	    /* If the time field is not currently empty, then one of
++	     * serve_modified, serve_is_modified, & serve_unchanged were
++	     * already called for this file.  We would like to ignore the
++	     * reinvocation silently or, better yet, exit with an error
++	     * message, but we just avoid the copy-forward and overwrite the
++	     * value from the last invocation instead.  See the comment below
++	     * for more.
++	     */
++	    if (*timefield == '/')
+ 	    {
++		/* Copy forward one character.  Space was allocated for this
++		 * already in serve_entry().  */
+ 		cp = timefield + strlen (timefield);
+ 		cp[1] = '\0';
+ 		while (cp > timefield)
+@@ -1691,8 +1720,17 @@
+ 		    *cp = cp[-1];
+ 		    --cp;
+ 		}
+-		*timefield = 'M';
+ 	    }
++	    /* If *TIMEFIELD wasn't "/", we assume that it was because of
++	     * multiple calls to Is-Modified & Unchanged by the client and
++	     * just overwrite the value from the last call.  Technically, we
++	     * should probably either ignore calls after the first or send the
++	     * client an error, since the client/server protocol specification
++	     * specifies that only one call to either Is-Modified or Unchanged
++	     * is allowed, but broken versions of WinCVS & TortoiseCVS rely on
++	     * this behavior.
++	     */
++	    *timefield = 'M';
+ 	    if (kopt != NULL)
+ 	    {
+ 		if (alloc_pending (strlen (name) + 80))
diff --git a/share/security/patches/SA-04:10/cvs.patch.asc b/share/security/patches/SA-04:10/cvs.patch.asc
new file mode 100644
index 0000000000..c117f24231
--- /dev/null
+++ b/share/security/patches/SA-04:10/cvs.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBArLEHFdaIBMps37IRAidpAKCXKvgpqorJPJnX8AXvck7vi+gi7QCdGMEr
+dIzn/hgd6nzxD/azQxHDATY=
+=fEPF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:11/msync4.patch b/share/security/patches/SA-04:11/msync4.patch
new file mode 100644
index 0000000000..b96c40017a
--- /dev/null
+++ b/share/security/patches/SA-04:11/msync4.patch
@@ -0,0 +1,54 @@
+Index: sys/ufs/ufs/ufs_readwrite.c
+===================================================================
+RCS file: /home/ncvs/src/sys/ufs/ufs/Attic/ufs_readwrite.c,v
+retrieving revision 1.65.2.14
+retrieving revision 1.65.2.16
+diff -u -r1.65.2.14 -r1.65.2.16
+--- sys/ufs/ufs/ufs_readwrite.c	4 Apr 2003 22:21:29 -0000	1.65.2.14
++++ sys/ufs/ufs/ufs_readwrite.c	14 May 2004 23:36:20 -0000	1.65.2.16
+@@ -532,6 +532,8 @@
+ 			bp->b_flags |= B_DIRECT;
+ 		if (ioflag & IO_NOWDRAIN)
+ 			bp->b_flags |= B_NOWDRAIN;
++		if ((ioflag & (IO_SYNC|IO_INVAL)) == (IO_SYNC|IO_INVAL))
++			bp->b_flags |= B_NOCACHE;
+ 
+ 		if (uio->uio_offset + xfersize > ip->i_size) {
+ 			ip->i_size = uio->uio_offset + xfersize;
+Index: sys/vm/vm_map.c
+===================================================================
+RCS file: /home/ncvs/src/sys/vm/vm_map.c,v
+retrieving revision 1.187.2.26
+retrieving revision 1.187.2.30
+diff -u -r1.187.2.26 -r1.187.2.30
+--- sys/vm/vm_map.c	5 May 2004 19:28:23 -0000	1.187.2.26
++++ sys/vm/vm_map.c	25 May 2004 22:46:38 -0000	1.187.2.30
+@@ -70,6 +70,8 @@
+ 
+ #include <sys/param.h>
+ #include <sys/systm.h>
++#include <sys/kernel.h>
++#include <sys/sysctl.h>
+ #include <sys/proc.h>
+ #include <sys/vmmeter.h>
+ #include <sys/mman.h>
+@@ -149,6 +151,10 @@
+ static void vm_map_split __P((vm_map_entry_t));
+ static void vm_map_unclip_range __P((vm_map_t map, vm_map_entry_t start_entry, vm_offset_t start, vm_offset_t end, int flags));
+ 
++static int old_msync;
++SYSCTL_INT(_vm, OID_AUTO, old_msync, CTLFLAG_RW, &old_msync, 0,
++    "Use old (insecure) msync behavior");
++
+ void
+ vm_map_startup()
+ {
+@@ -2014,7 +2020,7 @@
+ 			vm_object_page_remove(object,
+ 			    OFF_TO_IDX(offset),
+ 			    OFF_TO_IDX(offset + size + PAGE_MASK),
+-			    FALSE);
++			    old_msync ? FALSE : TRUE);
+ 			vm_object_deallocate(object);
+ 		}
+ 		start += size;
diff --git a/share/security/patches/SA-04:11/msync4.patch.asc b/share/security/patches/SA-04:11/msync4.patch.asc
new file mode 100644
index 0000000000..eca4813dd5
--- /dev/null
+++ b/share/security/patches/SA-04:11/msync4.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAs9MgFdaIBMps37IRAlBoAJ4pkLJA6Cp96chiscjaLnkumLC1xgCfVBH9
+OkWND2p/IStDR0O2tsFdxQ8=
+=LGav
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:11/msync5.patch b/share/security/patches/SA-04:11/msync5.patch
new file mode 100644
index 0000000000..9cd6ec0e1f
--- /dev/null
+++ b/share/security/patches/SA-04:11/msync5.patch
@@ -0,0 +1,45 @@
+Index: sys/ufs/ffs/ffs_vnops.c
+===================================================================
+RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_vnops.c,v
+retrieving revision 1.129
+retrieving revision 1.130
+diff -u -r1.129 -r1.130
+--- sys/ufs/ffs/ffs_vnops.c	7 Apr 2004 11:21:18 -0000	1.129
++++ sys/ufs/ffs/ffs_vnops.c	21 May 2004 12:05:48 -0000	1.130
+@@ -662,6 +662,8 @@
+ 			vfs_bio_clrbuf(bp);
+ 		if (ioflag & IO_DIRECT)
+ 			bp->b_flags |= B_DIRECT;
++		if ((ioflag & (IO_SYNC|IO_INVAL)) == (IO_SYNC|IO_INVAL))
++			bp->b_flags |= B_NOCACHE;
+ 
+ 		if (uio->uio_offset + xfersize > ip->i_size) {
+ 			ip->i_size = uio->uio_offset + xfersize;
+Index: sys/vm/vm_object.c
+===================================================================
+RCS file: /home/ncvs/src/sys/vm/vm_object.c,v
+retrieving revision 1.323
+retrieving revision 1.324
+diff -u -r1.323 -r1.324
+--- sys/vm/vm_object.c	6 Apr 2004 20:15:36 -0000	1.323
++++ sys/vm/vm_object.c	25 May 2004 18:40:53 -0000	1.324
+@@ -104,6 +104,10 @@
+ SYSCTL_INT(_vm, OID_AUTO, msync_flush_flags,
+         CTLFLAG_RW, &msync_flush_flags, 0, "");
+ 
++static int old_msync;
++SYSCTL_INT(_vm, OID_AUTO, old_msync, CTLFLAG_RW, &old_msync, 0,
++    "Use old (insecure) msync behavior");
++
+ static void	vm_object_qcollapse(vm_object_t object);
+ static int	vm_object_page_collect_flush(vm_object_t object, vm_page_t p, int curgeneration, int pagerflags);
+ 
+@@ -1034,7 +1038,7 @@
+ 		vm_object_page_remove(object,
+ 		    OFF_TO_IDX(offset),
+ 		    OFF_TO_IDX(offset + size + PAGE_MASK),
+-		    FALSE);
++		    old_msync ? FALSE : TRUE);
+ 	}
+ 	VM_OBJECT_UNLOCK(object);
+ }
diff --git a/share/security/patches/SA-04:11/msync5.patch.asc b/share/security/patches/SA-04:11/msync5.patch.asc
new file mode 100644
index 0000000000..5638f15139
--- /dev/null
+++ b/share/security/patches/SA-04:11/msync5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAs9MoFdaIBMps37IRAgibAJ9+gXW4ARcQOXUcFaOHSMuP4oF8wACeNpJt
+3kI5WkU4OuKbp68KUSwaKp8=
+=nGyW
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:12/jailroute.patch b/share/security/patches/SA-04:12/jailroute.patch
new file mode 100644
index 0000000000..d9715c2aee
--- /dev/null
+++ b/share/security/patches/SA-04:12/jailroute.patch
@@ -0,0 +1,13 @@
+--- sys/net/rtsock.c	2003/12/08 17:16:58	1.44.2.12
++++ sys/net/rtsock.c	2004/04/06 20:11:53	1.44.2.13
+@@ -330,8 +330,8 @@
+ 	 * Verify that the caller has the appropriate privilege; RTM_GET
+ 	 * is the only operation the non-superuser is allowed.
+ 	 */
+-	if (rtm->rtm_type != RTM_GET && suser_xxx(so->so_cred, NULL, 0) != 0)
+-		senderr(EPERM);
++	if (rtm->rtm_type != RTM_GET && (error = suser(curproc)) != 0)
++		senderr(error);
+ 
+ 	switch (rtm->rtm_type) {
+ 
diff --git a/share/security/patches/SA-04:12/jailroute.patch.asc b/share/security/patches/SA-04:12/jailroute.patch.asc
new file mode 100644
index 0000000000..860fe077ca
--- /dev/null
+++ b/share/security/patches/SA-04:12/jailroute.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBAxMnqFdaIBMps37IRAg2NAKCPUpOJK/buK4/2eHexRsAdC0L3YQCfYhAq
+qLRTmdvHorHJUWOV/yk9D94=
+=i3x5
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:13/linux4.patch b/share/security/patches/SA-04:13/linux4.patch
new file mode 100644
index 0000000000..dd2e5bf6c8
--- /dev/null
+++ b/share/security/patches/SA-04:13/linux4.patch
@@ -0,0 +1,59 @@
+--- sys/compat/linux/linux_ioctl.c	3 Jul 2003 07:43:50 -0000	1.55.2.12
++++ sys/compat/linux/linux_ioctl.c	23 Jun 2004 04:05:47 -0000
+@@ -933,19 +933,21 @@
+ 	}
+ 
+ 	case LINUX_CDROMREADTOCENTRY: {
+-		struct linux_cdrom_tocentry lte, *ltep =
+-		    (struct linux_cdrom_tocentry *)args->arg;
++		struct linux_cdrom_tocentry lte;
+ 		struct ioc_read_toc_single_entry irtse;
+-		irtse.address_format = ltep->cdte_format;
+-		irtse.track = ltep->cdte_track;
++
++		error = copyin((caddr_t)args->arg, &lte, sizeof(lte));
++		if (error)
++			return (error);
++		irtse.address_format = lte.cdte_format;
++		irtse.track = lte.cdte_track;
+ 		error = fo_ioctl(fp, CDIOREADTOCENTRY, (caddr_t)&irtse, p);
+ 		if (!error) {
+-			lte = *ltep;
+ 			lte.cdte_ctrl = irtse.entry.control;
+ 			lte.cdte_adr = irtse.entry.addr_type;
+ 			bsd_to_linux_msf_lba(irtse.address_format,
+ 			    &irtse.entry.addr, &lte.cdte_addr);
+-			copyout(&lte, (caddr_t)args->arg, sizeof(lte));
++			error = copyout(&lte, (caddr_t)args->arg, sizeof(lte));
+ 		}
+ 		return (error);
+ 	}
+@@ -1268,6 +1270,7 @@
+ linux_ioctl_console(struct proc *p, struct linux_ioctl_args *args)
+ {
+ 	struct file *fp = p->p_fd->fd_ofiles[args->fd];
++	int error;
+ 
+ 	switch (args->cmd & 0xffff) {
+ 
+@@ -1326,11 +1329,16 @@
+ 		return  (ioctl(p, (struct ioctl_args *)args));
+ 
+ 	case LINUX_VT_SETMODE: {
+-		struct vt_mode *mode;
++		struct vt_mode mode;
++		error = copyin((caddr_t)args->arg, &mode, sizeof(mode));
++		if (error)
++			return (error);
++		if (!ISSIGVALID(mode.frsig) && ISSIGVALID(mode.acqsig))
++			mode.frsig = mode.acqsig;
++		error = copyout(&mode, (caddr_t)args->arg, sizeof(mode));
++		if (error)
++			return (error);
+ 		args->cmd = VT_SETMODE;
+-		mode = (struct vt_mode *)args->arg;
+-		if (!ISSIGVALID(mode->frsig) && ISSIGVALID(mode->acqsig))
+-			mode->frsig = mode->acqsig;
+ 		return (ioctl(p, (struct ioctl_args *)args));
+ 	}
+ 
diff --git a/share/security/patches/SA-04:13/linux4.patch.asc b/share/security/patches/SA-04:13/linux4.patch.asc
new file mode 100644
index 0000000000..7cd55bed0d
--- /dev/null
+++ b/share/security/patches/SA-04:13/linux4.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBA4776FdaIBMps37IRAqVzAJkBkpyot/VAGB5TNSNB58C3eqPg/QCgj6BK
+DV+NMM0DjggY3D2oMTf5nNU=
+=g3Ci
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:13/linux5.patch b/share/security/patches/SA-04:13/linux5.patch
new file mode 100644
index 0000000000..393a1651df
--- /dev/null
+++ b/share/security/patches/SA-04:13/linux5.patch
@@ -0,0 +1,50 @@
+--- sys/compat/linux/linux_ioctl.c	31 Oct 2003 18:31:55 -0000	1.112
++++ sys/compat/linux/linux_ioctl.c	23 Jun 2004 01:34:41 -0000
+@@ -1328,20 +1328,22 @@
+ 	}
+ 
+ 	case LINUX_CDROMREADTOCENTRY: {
+-		struct linux_cdrom_tocentry lte, *ltep =
+-		    (struct linux_cdrom_tocentry *)args->arg;
++		struct linux_cdrom_tocentry lte;
+ 		struct ioc_read_toc_single_entry irtse;
+-		irtse.address_format = ltep->cdte_format;
+-		irtse.track = ltep->cdte_track;
++
++		error = copyin((void *)args->arg, &lte, sizeof(lte));
++		if (error)
++			break;
++		irtse.address_format = lte.cdte_format;
++		irtse.track = lte.cdte_track;
+ 		error = fo_ioctl(fp, CDIOREADTOCENTRY, (caddr_t)&irtse,
+ 		    td->td_ucred, td);
+ 		if (!error) {
+-			lte = *ltep;
+ 			lte.cdte_ctrl = irtse.entry.control;
+ 			lte.cdte_adr = irtse.entry.addr_type;
+ 			bsd_to_linux_msf_lba(irtse.address_format,
+ 			    &irtse.entry.addr, &lte.cdte_addr);
+-			copyout(&lte, (void *)args->arg, sizeof(lte));
++			error = copyout(&lte, (void *)args->arg, sizeof(lte));
+ 		}
+ 		break;
+ 	}
+@@ -1826,11 +1828,14 @@
+ 		break;
+ 
+ 	case LINUX_VT_SETMODE: {
+-		struct vt_mode *mode;
++		struct vt_mode mode;
++		if ((error = copyin((void *)args->arg, &mode, sizeof(mode))))
++			break;
++		if (!ISSIGVALID(mode.frsig) && ISSIGVALID(mode.acqsig))
++			mode.frsig = mode.acqsig;
++		if ((error = copyout(&mode, (void *)args->arg, sizeof(mode))))
++			break;
+ 		args->cmd = VT_SETMODE;
+-		mode = (struct vt_mode *)args->arg;
+-		if (!ISSIGVALID(mode->frsig) && ISSIGVALID(mode->acqsig))
+-			mode->frsig = mode->acqsig;
+ 		error = (ioctl(td, (struct ioctl_args *)args));
+ 		break;
+ 	}
diff --git a/share/security/patches/SA-04:13/linux5.patch.asc b/share/security/patches/SA-04:13/linux5.patch.asc
new file mode 100644
index 0000000000..f4c2603131
--- /dev/null
+++ b/share/security/patches/SA-04:13/linux5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.4 (FreeBSD)
+
+iD8DBQBA478CFdaIBMps37IRAiS8AJ9rRDlcJlsN0Cayb038q42v5SyE7ACbBW+p
+7hI7Pd5WzBIK+1zKj3ePoIk=
+=YTFz
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:14/cvs.patch b/share/security/patches/SA-04:14/cvs.patch
new file mode 100644
index 0000000000..af574aa8e7
--- /dev/null
+++ b/share/security/patches/SA-04:14/cvs.patch
@@ -0,0 +1,630 @@
+Index: contrib/cvs/lib/xsize.h
+===================================================================
+RCS file: contrib/cvs/lib/xsize.h
+diff -N contrib/cvs/lib/xsize.h
+*** /dev/null	1 Jan 1970 00:00:00 -0000
+--- contrib/cvs/lib/xsize.h	19 Sep 2004 19:29:43 -0000
+***************
+*** 0 ****
+--- 1,110 ----
++ /* xsize.h -- Checked size_t computations.
++ 
++    Copyright (C) 2003 Free Software Foundation, Inc.
++ 
++    This program is free software; you can redistribute it and/or modify
++    it under the terms of the GNU General Public License as published by
++    the Free Software Foundation; either version 2, or (at your option)
++    any later version.
++ 
++    This program is distributed in the hope that it will be useful,
++    but WITHOUT ANY WARRANTY; without even the implied warranty of
++    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++    GNU General Public License for more details.
++ 
++    You should have received a copy of the GNU General Public License
++    along with this program; if not, write to the Free Software Foundation,
++    Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.  */
++ 
++ #ifndef _XSIZE_H
++ #define _XSIZE_H
++ 
++ /* Get size_t.  */
++ #include <stddef.h>
++ 
++ /* Get SIZE_MAX.  */
++ #include <limits.h>
++ #if HAVE_STDINT_H
++ # include <stdint.h>
++ #else
++ #define SIZE_MAX UINT_MAX /* XXX */
++ #endif
++ 
++ /* The size of memory objects is often computed through expressions of
++    type size_t. Example:
++       void* p = malloc (header_size + n * element_size).
++    These computations can lead to overflow.  When this happens, malloc()
++    returns a piece of memory that is way too small, and the program then
++    crashes while attempting to fill the memory.
++    To avoid this, the functions and macros in this file check for overflow.
++    The convention is that SIZE_MAX represents overflow.
++    malloc (SIZE_MAX) is not guaranteed to fail -- think of a malloc
++    implementation that uses mmap --, it's recommended to use size_overflow_p()
++    or size_in_bounds_p() before invoking malloc().
++    The example thus becomes:
++       size_t size = xsum (header_size, xtimes (n, element_size));
++       void *p = (size_in_bounds_p (size) ? malloc (size) : NULL);
++ */
++ 
++ /* Convert an arbitrary value >= 0 to type size_t.  */
++ #define xcast_size_t(N) \
++   ((N) <= SIZE_MAX ? (size_t) (N) : SIZE_MAX)
++ 
++ /* Sum of two sizes, with overflow check.  */
++ static inline size_t
++ #if __GNUC__ >= 3
++ __attribute__ ((__pure__))
++ #endif
++ xsum (size_t size1, size_t size2)
++ {
++   size_t sum = size1 + size2;
++   return (sum >= size1 ? sum : SIZE_MAX);
++ }
++ 
++ /* Sum of three sizes, with overflow check.  */
++ static inline size_t
++ #if __GNUC__ >= 3
++ __attribute__ ((__pure__))
++ #endif
++ xsum3 (size_t size1, size_t size2, size_t size3)
++ {
++   return xsum (xsum (size1, size2), size3);
++ }
++ 
++ /* Sum of four sizes, with overflow check.  */
++ static inline size_t
++ #if __GNUC__ >= 3
++ __attribute__ ((__pure__))
++ #endif
++ xsum4 (size_t size1, size_t size2, size_t size3, size_t size4)
++ {
++   return xsum (xsum (xsum (size1, size2), size3), size4);
++ }
++ 
++ /* Maximum of two sizes, with overflow check.  */
++ static inline size_t
++ #if __GNUC__ >= 3
++ __attribute__ ((__pure__))
++ #endif
++ xmax (size_t size1, size_t size2)
++ {
++   /* No explicit check is needed here, because for any n:
++      max (SIZE_MAX, n) == SIZE_MAX and max (n, SIZE_MAX) == SIZE_MAX.  */
++   return (size1 >= size2 ? size1 : size2);
++ }
++ 
++ /* Multiplication of a count with an element size, with overflow check.
++    The count must be >= 0 and the element size must be > 0.
++    This is a macro, not an inline function, so that it works correctly even
++    when N is of a wider tupe and N > SIZE_MAX.  */
++ #define xtimes(N, ELSIZE) \
++   ((N) <= SIZE_MAX / (ELSIZE) ? (size_t) (N) * (ELSIZE) : SIZE_MAX)
++ 
++ /* Check for overflow.  */
++ #define size_overflow_p(SIZE) \
++   ((SIZE) == SIZE_MAX)
++ /* Check against overflow.  */
++ #define size_in_bounds_p(SIZE) \
++   ((SIZE) != SIZE_MAX)
++ 
++ #endif /* _XSIZE_H */
+Index: contrib/cvs/src/commit.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/commit.c,v
+retrieving revision 1.8.2.5
+diff -c -r1.8.2.5 commit.c
+*** contrib/cvs/src/commit.c	21 Jan 2003 22:26:44 -0000	1.8.2.5
+--- contrib/cvs/src/commit.c	19 Sep 2004 19:28:43 -0000
+***************
+*** 481,487 ****
+  	   operate on, and only work with those files in the future.
+  	   This saves time--we don't want to search the file system
+  	   of the working directory twice.  */
+! 	find_args.argv = (char **) xmalloc (find_args.argc * sizeof (char **));
+  	find_args.argc = 0;
+  	walklist (find_args.ulist, copy_ulist, &find_args);
+  
+--- 481,492 ----
+  	   operate on, and only work with those files in the future.
+  	   This saves time--we don't want to search the file system
+  	   of the working directory twice.  */
+! 	if (size_overflow_p (xtimes (find_args.argc, sizeof (char **))))
+! 	{
+! 	    find_args.argc = 0;
+! 	    return 0;
+! 	}
+! 	find_args.argv = xmalloc (xtimes (find_args.argc, sizeof (char **)));
+  	find_args.argc = 0;
+  	walklist (find_args.ulist, copy_ulist, &find_args);
+  
+Index: contrib/cvs/src/cvs.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/cvs.h,v
+retrieving revision 1.11.2.6
+diff -c -r1.11.2.6 cvs.h
+*** contrib/cvs/src/cvs.h	21 Jan 2003 22:26:44 -0000	1.11.2.6
+--- contrib/cvs/src/cvs.h	19 Sep 2004 19:31:05 -0000
+***************
+*** 41,46 ****
+--- 41,50 ----
+  #include "popen.h"
+  #endif
+  
++ /* Begin GNULIB headers.  */
++ #include "xsize.h"
++ /* End GNULIB headers.  */
++ 
+  #ifdef STDC_HEADERS
+  #include <stdlib.h>
+  #else
+Index: contrib/cvs/src/filesubr.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/filesubr.c,v
+retrieving revision 1.6.2.4
+diff -c -r1.6.2.4 filesubr.c
+*** contrib/cvs/src/filesubr.c	19 Dec 2002 21:17:56 -0000	1.6.2.4
+--- contrib/cvs/src/filesubr.c	19 Sep 2004 19:28:43 -0000
+***************
+*** 988,995 ****
+      char ***pargv;
+  {
+      int i;
+      *pargc = argc;
+!     *pargv = (char **) xmalloc (argc * sizeof (char *));
+      for (i = 0; i < argc; ++i)
+  	(*pargv)[i] = xstrdup (argv[i]);
+  }
+--- 988,1001 ----
+      char ***pargv;
+  {
+      int i;
++     if (size_overflow_p (xtimes (argc, sizeof (char *)))) {
++ 	*pargc = 0;
++ 	*pargv = NULL;
++ 	error (0, 0, "expand_wild: too many arguments");
++ 	return;
++     }
+      *pargc = argc;
+!     *pargv = xmalloc (xtimes (argc, sizeof (char *)));
+      for (i = 0; i < argc; ++i)
+  	(*pargv)[i] = xstrdup (argv[i]);
+  }
+Index: contrib/cvs/src/history.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/history.c,v
+retrieving revision 1.1.1.6.2.4
+diff -c -r1.1.1.6.2.4 history.c
+*** contrib/cvs/src/history.c	19 Dec 2002 21:17:56 -0000	1.1.1.6.2.4
+--- contrib/cvs/src/history.c	19 Sep 2004 19:28:43 -0000
+***************
+*** 414,421 ****
+--- 414,424 ----
+  		working = 1;
+  		break;
+  	    case 'X':			/* Undocumented debugging flag */
++ #ifdef DEBUG
+  		histfile = optarg;
++ #endif
+  		break;
++ 
+  	    case 'D':			/* Since specified date */
+  		if (*since_rev || *since_tag || *backto)
+  		{
+***************
+*** 890,898 ****
+  {
+      if (user_count == user_max)
+      {
+! 	user_max += USER_INCREMENT;
+! 	user_list = (char **) xrealloc ((char *) user_list,
+! 					(int) user_max * sizeof (char *));
+      }
+      user_list[user_count++] = xstrdup (name);
+  }
+--- 893,905 ----
+  {
+      if (user_count == user_max)
+      {
+! 	user_max = xsum (user_max, USER_INCREMENT);
+! 	if (size_overflow_p (xtimes (user_max, sizeof (char *))))
+! 	{
+! 	    error (0, 0, "save_user: too many users");
+! 	    return;
+! 	}
+! 	user_list = xrealloc (user_list, xtimes (user_max, sizeof (char *)));
+      }
+      user_list[user_count++] = xstrdup (name);
+  }
+***************
+*** 920,928 ****
+  
+      if (file_count == file_max)
+      {
+! 	file_max += FILE_INCREMENT;
+! 	file_list = (struct file_list_str *) xrealloc ((char *) file_list,
+! 						   file_max * sizeof (*fl));
+      }
+      fl = &file_list[file_count++];
+      fl->l_file = cp = xmalloc (strlen (dir) + strlen (name) + 2);
+--- 927,939 ----
+  
+      if (file_count == file_max)
+      {
+! 	file_max = xsum (file_max, FILE_INCREMENT);
+! 	if (size_overflow_p (xtimes (file_max, sizeof (*fl))))
+! 	{
+! 	    error (0, 0, "save_file: too many files");
+! 	    return;
+! 	}
+! 	file_list = xrealloc (file_list, xtimes (file_max, sizeof (*fl)));
+      }
+      fl = &file_list[file_count++];
+      fl->l_file = cp = xmalloc (strlen (dir) + strlen (name) + 2);
+***************
+*** 961,969 ****
+  {
+      if (mod_count == mod_max)
+      {
+! 	mod_max += MODULE_INCREMENT;
+! 	mod_list = (char **) xrealloc ((char *) mod_list,
+! 				       mod_max * sizeof (char *));
+      }
+      mod_list[mod_count++] = xstrdup (module);
+  }
+--- 972,984 ----
+  {
+      if (mod_count == mod_max)
+      {
+! 	mod_max = xsum (mod_max, MODULE_INCREMENT);
+! 	if (size_overflow_p (xtimes (mod_max, sizeof (char *))))
+! 	{
+! 	    error (0, 0, "save_module: too many modules");
+! 	    return;
+! 	}
+! 	mod_list = xrealloc (mod_list, xtimes (mod_max, sizeof (char *)));
+      }
+      mod_list[mod_count++] = xstrdup (module);
+  }
+Index: contrib/cvs/src/modules.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/modules.c,v
+retrieving revision 1.1.1.5.2.3.4.1
+diff -c -r1.1.1.5.2.3.4.1 modules.c
+*** contrib/cvs/src/modules.c	15 Apr 2004 15:59:05 -0000	1.1.1.5.2.3.4.1
+--- contrib/cvs/src/modules.c	19 Sep 2004 19:28:43 -0000
+***************
+*** 167,172 ****
+--- 167,190 ----
+  		mname);
+  
+  
++     /* Don't process absolute directories.  Anything else could be a security
++      * problem.  Before this check was put in place:
++      *
++      *   $ cvs -d:fork:/cvsroot co /foo
++      *   cvs server: warning: cannot make directory CVS in /: Permission denied
++      *   cvs [server aborted]: cannot make directory /foo: Permission denied
++      *   $
++      */
++     if (isabsolute (mname))
++ 	error (1, 0, "Absolute module reference invalid: `%s'", mname);
++ 
++     /* Similarly for directories that attempt to step above the root of the
++      * repository.
++      */
++     if (pathname_levels (mname) > 0)
++ 	error (1, 0, "up-level in module reference (`..') invalid: `%s'.",
++ 		mname);
++ 
+      /* if this is a directory to ignore, add it to that list */
+      if (mname[0] == '!' && mname[1] != '\0')
+      {
+Index: contrib/cvs/src/server.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/server.c,v
+retrieving revision 1.13.2.5.4.2
+diff -c -r1.13.2.5.4.2 server.c
+*** contrib/cvs/src/server.c	20 May 2004 13:18:08 -0000	1.13.2.5.4.2
+--- contrib/cvs/src/server.c	19 Sep 2004 19:28:43 -0000
+***************
+*** 927,933 ****
+      int i;
+      char *p;
+  
+!     if (lim < 0)
+  	return;
+      p = xmalloc (strlen (server_temp_dir) + 2 * lim + 10);
+      if (p == NULL)
+--- 927,933 ----
+      int i;
+      char *p;
+  
+!     if (lim < 0 || lim > 10000)
+  	return;
+      p = xmalloc (strlen (server_temp_dir) + 2 * lim + 10);
+      if (p == NULL)
+***************
+*** 1647,1653 ****
+  	    && strlen (arg) == cp - name
+  	    && strncmp (arg, name, cp - name) == 0)
+  	{
+! 	    timefield = strchr (cp + 1, '/') + 1;
+  	    /* If the time field is not currently empty, then one of
+  	     * serve_modified, serve_is_modified, & serve_unchanged were
+  	     * already called for this file.  We would like to ignore the
+--- 1647,1662 ----
+  	    && strlen (arg) == cp - name
+  	    && strncmp (arg, name, cp - name) == 0)
+  	{
+! 	    if (!(timefield = strchr (cp + 1, '/')) || *++timefield == '\0')
+! 	    {
+! 		/* We didn't find the record separator or it is followed by
+! 		 * the end of the string, so just exit.
+! 		 */
+! 		if (alloc_pending (80))
+! 		    sprintf (pending_error_text,
+! 		             "E Malformed Entry encountered.");
+! 		return;
+! 	    }
+  	    /* If the time field is not currently empty, then one of
+  	     * serve_modified, serve_is_modified, & serve_unchanged were
+  	     * already called for this file.  We would like to ignore the
+***************
+*** 1710,1716 ****
+  	    && strlen (arg) == cp - name
+  	    && strncmp (arg, name, cp - name) == 0)
+  	{
+! 	    timefield = strchr (cp + 1, '/') + 1;
+  	    /* If the time field is not currently empty, then one of
+  	     * serve_modified, serve_is_modified, & serve_unchanged were
+  	     * already called for this file.  We would like to ignore the
+--- 1719,1734 ----
+  	    && strlen (arg) == cp - name
+  	    && strncmp (arg, name, cp - name) == 0)
+  	{
+! 	    if (!(timefield = strchr (cp + 1, '/')) || *++timefield == '\0')
+! 	    {
+! 		/* We didn't find the record separator or it is followed by
+! 		 * the end of the string, so just exit.
+! 		 */
+! 		if (alloc_pending (80))
+! 		    sprintf (pending_error_text,
+! 		             "E Malformed Entry encountered.");
+! 		return;
+! 	    }
+  	    /* If the time field is not currently empty, then one of
+  	     * serve_modified, serve_is_modified, & serve_unchanged were
+  	     * already called for this file.  We would like to ignore the
+***************
+*** 1795,1802 ****
+  {
+      struct an_entry *p;
+      char *cp;
+      if (error_pending()) return;
+!     p = (struct an_entry *) xmalloc (sizeof (struct an_entry));
+      if (p == NULL)
+      {
+  	pending_error = ENOMEM;
+--- 1813,1841 ----
+  {
+      struct an_entry *p;
+      char *cp;
++     int i = 0;
+      if (error_pending()) return;
+! 
+!     /* Verify that the entry is well-formed.  This can avoid problems later.
+!      * At the moment we only check that the Entry contains five slashes in
+!      * approximately the correct locations since some of the code makes
+!      * assumptions about this.
+!      */
+!     cp = arg;
+!     if (*cp == 'D') cp++;
+!     while (i++ < 5)
+!     {
+! 	if (!cp || *cp != '/')
+! 	{
+! 	    if (alloc_pending (80))
+! 		sprintf (pending_error_text,
+! 			 "E protocol error: Malformed Entry");
+! 	    return;
+! 	}
+! 	cp = strchr (cp + 1, '/');
+!     }
+! 
+!     p = xmalloc (sizeof (struct an_entry));
+      if (p == NULL)
+      {
+  	pending_error = ENOMEM;
+***************
+*** 2028,2033 ****
+--- 2067,2075 ----
+      {
+  	char *cp;
+  
++ 	if (!data[0])
++ 	    goto error;
++ 
+  	if (strchr (data, '+'))
+  	    goto error;
+  
+***************
+*** 2160,2165 ****
+--- 2202,2215 ----
+  
+      if (error_pending()) return;
+  
++     if (argument_count >= 10000)
++     {
++ 	if (alloc_pending (80))
++ 	    sprintf (pending_error_text, 
++ 		     "E Protocol error: too many arguments");
++ 	return;
++     }
++ 
+      if (argument_vector_size <= argument_count)
+      {
+  	argument_vector_size *= 2;
+***************
+*** 2190,2195 ****
+--- 2240,2253 ----
+  
+      if (error_pending()) return;
+  
++     if (argument_count <= 1) 
++     {
++ 	if (alloc_pending (80))
++ 	    sprintf (pending_error_text,
++ 		     "E Protocol error: called argumentx without prior call to argument");
++ 	return;
++     }
++ 
+      p = argument_vector[argument_count - 1];
+      p = xrealloc (p, strlen (p) + 1 + strlen (arg) + 1);
+      if (p == NULL)
+***************
+*** 2546,2552 ****
+                      save some code here...  -kff */
+  
+                   /* Chop newline by hand, for strcmp()'s sake. */
+!                  if (linebuf[num_red - 1] == '\n')
+                       linebuf[num_red - 1] = '\0';
+  
+                   if (strcmp (linebuf, CVS_Username) == 0)
+--- 2604,2610 ----
+                      save some code here...  -kff */
+  
+                   /* Chop newline by hand, for strcmp()'s sake. */
+!                  if (num_red > 0 && linebuf[num_red - 1] == '\n')
+                       linebuf[num_red - 1] = '\0';
+  
+                   if (strcmp (linebuf, CVS_Username) == 0)
+***************
+*** 2601,2607 ****
+           while ((num_red = getline (&linebuf, &linebuf_len, fp)) >= 0)
+           {
+               /* Chop newline by hand, for strcmp()'s sake. */
+!              if (linebuf[num_red - 1] == '\n')
+                   linebuf[num_red - 1] = '\0';
+  
+               if (strcmp (linebuf, CVS_Username) == 0)
+--- 2659,2665 ----
+           while ((num_red = getline (&linebuf, &linebuf_len, fp)) >= 0)
+           {
+               /* Chop newline by hand, for strcmp()'s sake. */
+!              if (num_red > 0 && linebuf[num_red - 1] == '\n')
+                   linebuf[num_red - 1] = '\0';
+  
+               if (strcmp (linebuf, CVS_Username) == 0)
+Index: contrib/cvs/src/wrapper.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/wrapper.c,v
+retrieving revision 1.1.1.7.2.3
+diff -c -r1.1.1.7.2.3 wrapper.c
+*** contrib/cvs/src/wrapper.c	19 Dec 2002 21:17:59 -0000	1.1.1.7.2.3
+--- contrib/cvs/src/wrapper.c	19 Sep 2004 19:28:43 -0000
+***************
+*** 239,244 ****
+--- 239,268 ----
+  #endif /* SERVER_SUPPORT || CLIENT_SUPPORT */
+  
+  /*
++  * Remove fmt str specifier other than %% or %s. And allow
++  * only max_s %s specifiers
++  */
++ wrap_clean_fmt_str(char *fmt, int max_s)
++ {
++     while (*fmt) {
++ 	if (fmt[0] == '%' && fmt[1])
++ 	{
++ 	    if (fmt[1] == '%') 
++ 		fmt++;
++ 	    else
++ 		if (fmt[1] == 's' && max_s > 0)
++ 		{
++ 		    max_s--;
++ 		    fmt++;
++ 		} else 
++ 		    *fmt = ' ';
++ 	}
++ 	fmt++;
++     }
++     return;
++ }
++ 
++ /*
+   * Open a file and read lines, feeding each line to a line parser. Arrange
+   * for keeping a temporary list of wrappers at the end, if the "temp"
+   * argument is set.
+***************
+*** 558,566 ****
+      args = xmalloc (strlen (e->tocvsFilter)
+  		    + strlen (fileName)
+  		    + strlen (buf));
+!     /* FIXME: sprintf will blow up if the format string contains items other
+!        than %s, or contains too many %s's.  We should instead be parsing
+!        e->tocvsFilter ourselves and giving a real error.  */
+      sprintf (args, e->tocvsFilter, fileName, buf);
+      run_setup (args);
+      run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL|RUN_REALLY );
+--- 582,589 ----
+      args = xmalloc (strlen (e->tocvsFilter)
+  		    + strlen (fileName)
+  		    + strlen (buf));
+! 
+!     wrap_clean_fmt_str(e->tocvsFilter, 2);
+      sprintf (args, e->tocvsFilter, fileName, buf);
+      run_setup (args);
+      run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL|RUN_REALLY );
+***************
+*** 592,600 ****
+  
+      args = xmalloc (strlen (e->fromcvsFilter)
+  		    + strlen (fileName));
+!     /* FIXME: sprintf will blow up if the format string contains items other
+!        than %s, or contains too many %s's.  We should instead be parsing
+!        e->fromcvsFilter ourselves and giving a real error.  */
+      sprintf (args, e->fromcvsFilter, fileName);
+      run_setup (args);
+      run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL );
+--- 615,622 ----
+  
+      args = xmalloc (strlen (e->fromcvsFilter)
+  		    + strlen (fileName));
+! 
+!     wrap_clean_fmt_str(e->fromcvsFilter, 1);
+      sprintf (args, e->fromcvsFilter, fileName);
+      run_setup (args);
+      run_exec(RUN_TTY, RUN_TTY, RUN_TTY, RUN_NORMAL );
+Index: gnu/usr.bin/cvs/lib/config.h.proto
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/cvs/lib/config.h.proto,v
+retrieving revision 1.16.2.1
+diff -c -r1.16.2.1 config.h.proto
+*** gnu/usr.bin/cvs/lib/config.h.proto	21 Jan 2003 23:06:52 -0000	1.16.2.1
+--- gnu/usr.bin/cvs/lib/config.h.proto	19 Sep 2004 18:09:28 -0000
+***************
+*** 248,254 ****
+  #define HAVE_SIGVEC 1
+  
+  /* Define to 1 if you have the <stdint.h> header file. */
+! #define HAVE_STDINT_H 1
+  
+  /* Define to 1 if you have the <stdlib.h> header file. */
+  #define HAVE_STDLIB_H 1
+--- 248,254 ----
+  #define HAVE_SIGVEC 1
+  
+  /* Define to 1 if you have the <stdint.h> header file. */
+! /* #undef HAVE_STDINT_H */
+  
+  /* Define to 1 if you have the <stdlib.h> header file. */
+  #define HAVE_STDLIB_H 1
diff --git a/share/security/patches/SA-04:14/cvs.patch.asc b/share/security/patches/SA-04:14/cvs.patch.asc
new file mode 100644
index 0000000000..4496510223
--- /dev/null
+++ b/share/security/patches/SA-04:14/cvs.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.5 (FreeBSD)
+
+iD8DBQBBTgPzFdaIBMps37IRAsNbAJ4os4LPPhMMGcuXFmmYyTW8bxVwxQCbB/vj
+gxo51vKDHNGbBGQZEYaqXck=
+=J9pu
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:15/syscons.patch b/share/security/patches/SA-04:15/syscons.patch
new file mode 100644
index 0000000000..86134ac65d
--- /dev/null
+++ b/share/security/patches/SA-04:15/syscons.patch
@@ -0,0 +1,26 @@
+Index: sys/dev/syscons/syscons.c
+===================================================================
+RCS file: /home/ncvs/src/sys/dev/syscons/syscons.c,v
+retrieving revision 1.409
+diff -u -r1.409 syscons.c
+--- sys/dev/syscons/syscons.c	29 Oct 2003 20:48:13 -0000	1.409
++++ sys/dev/syscons/syscons.c	4 Oct 2004 16:41:41 -0000
+@@ -855,14 +855,16 @@
+ 	scrshot_t *ptr = (scrshot_t *)data;
+ 	void *outp = ptr->buf;
+ 
++	if (ptr->x < 0 || ptr->y < 0 || ptr->xsize < 0 || ptr->ysize < 0)
++		return EINVAL;
+ 	s = spltty();
+ 	if (ISGRAPHSC(scp)) {
+ 	    splx(s);
+ 	    return EOPNOTSUPP;
+ 	}
+ 	hist_rsz = (scp->history != NULL) ? scp->history->vtb_rows : 0;
+-	if ((ptr->x + ptr->xsize) > scp->xsize ||
+-	    (ptr->y + ptr->ysize) > (scp->ysize + hist_rsz)) {
++	if (((u_int)ptr->x + ptr->xsize) > scp->xsize ||
++	    ((u_int)ptr->y + ptr->ysize) > (scp->ysize + hist_rsz)) {
+ 	    splx(s);
+ 	    return EINVAL;
+ 	}
diff --git a/share/security/patches/SA-04:15/syscons.patch.asc b/share/security/patches/SA-04:15/syscons.patch.asc
new file mode 100644
index 0000000000..2089a254e5
--- /dev/null
+++ b/share/security/patches/SA-04:15/syscons.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.6 (FreeBSD)
+
+iD8DBQBBYX1xFdaIBMps37IRAun4AJ9bLQXz533R2g/0COTHs+KEL1yQ8gCfWLfi
+Wgt+Gii8qkkp+A/qgBNfTfs=
+=xtKi
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:16/fetch.patch b/share/security/patches/SA-04:16/fetch.patch
new file mode 100644
index 0000000000..1c1d6d90e9
--- /dev/null
+++ b/share/security/patches/SA-04:16/fetch.patch
@@ -0,0 +1,17 @@
+Index: usr.bin/fetch/fetch.c
+===================================================================
+RCS file: /home/ncvs/src/usr.bin/fetch/fetch.c,v
+retrieving revision 1.74
+diff -u -p -r1.74 fetch.c
+--- usr.bin/fetch/fetch.c	21 Sep 2004 18:34:19 -0000	1.74
++++ usr.bin/fetch/fetch.c	14 Nov 2004 14:03:12 -0000
+@@ -584,7 +584,8 @@ fetch(char *URL, const char *path)
+ 	/* suck in the data */
+ 	signal(SIGINFO, sig_handler);
+ 	while (!sigint) {
+-		if (us.size != -1 && us.size - count < B_size)
++		if (us.size != -1 && us.size - count < B_size &&
++		    us.size - count >= 0)
+ 			size = us.size - count;
+ 		else
+ 			size = B_size;
diff --git a/share/security/patches/SA-04:16/fetch.patch.asc b/share/security/patches/SA-04:16/fetch.patch.asc
new file mode 100644
index 0000000000..8f5c2c854b
--- /dev/null
+++ b/share/security/patches/SA-04:16/fetch.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.6 (FreeBSD)
+
+iD8DBQBBnIxfFdaIBMps37IRAgnRAKCVaWfP9IkWvydSZbOzrNGGm3R+PgCeL5gk
+9sOuQdngSR8q1CCBo41KgHY=
+=bSEp
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:17/procfs4.patch b/share/security/patches/SA-04:17/procfs4.patch
new file mode 100644
index 0000000000..011c7a8b2c
--- /dev/null
+++ b/share/security/patches/SA-04:17/procfs4.patch
@@ -0,0 +1,47 @@
+Index: sys/miscfs/procfs/procfs_status.c
+===================================================================
+RCS file: /home/ncvs/src/sys/miscfs/procfs/Attic/procfs_status.c,v
+retrieving revision 1.20.2.5
+diff -u -p -u -r1.20.2.5 procfs_status.c
+--- sys/miscfs/procfs/procfs_status.c	2 Oct 2003 16:49:49 -0000	1.20.2.5
++++ sys/miscfs/procfs/procfs_status.c	27 Nov 2004 14:20:17 -0000
+@@ -186,6 +186,7 @@ procfs_docmdline(curp, p, pfs, uio)
+ 	char *buf, *bp;
+ 	int buflen;
+ 	struct ps_strings pstr;
++	char **ps_argvstr;
+ 	int i;
+ 	size_t bytes_left, done;
+ 
+@@ -223,9 +224,22 @@ procfs_docmdline(curp, p, pfs, uio)
+ 			FREE(buf, M_TEMP);
+ 			return (error);
+ 		}
++		if (pstr.ps_nargvstr > ARG_MAX) {
++			FREE(buf, M_TEMP);
++			return (E2BIG);
++		}
++		MALLOC(ps_argvstr, char **, pstr.ps_nargvstr * sizeof(char *),
++		    M_TEMP, M_WAITOK);
++		error = copyin((void *)pstr.ps_argvstr, ps_argvstr,
++		    pstr.ps_nargvstr * sizeof(char *));
++		if (error) {
++			FREE(ps_argvstr, M_TEMP);
++			FREE(buf, M_TEMP);
++			return (error);
++		}
+ 		bytes_left = buflen;
+ 		for (i = 0; bytes_left && (i < pstr.ps_nargvstr); i++) {
+-			error = copyinstr(pstr.ps_argvstr[i], ps,
++			error = copyinstr(ps_argvstr[i], ps,
+ 					  bytes_left, &done);
+ 			/* If too long or malformed, just truncate */
+ 			if (error) {
+@@ -236,6 +250,7 @@ procfs_docmdline(curp, p, pfs, uio)
+ 			bytes_left -= done;
+ 		}
+ 		buflen = ps - buf;
++		FREE(ps_argvstr, M_TEMP);
+ 	}
+ 
+ 	error = uiomove_frombuf(bp, buflen, uio);
diff --git a/share/security/patches/SA-04:17/procfs4.patch.asc b/share/security/patches/SA-04:17/procfs4.patch.asc
new file mode 100644
index 0000000000..29ad87b007
--- /dev/null
+++ b/share/security/patches/SA-04:17/procfs4.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.6 (Darwin)
+
+iD8DBQBBrlnhFdaIBMps37IRAhZAAJ9v0x7YqFv1ZntHC0WcpJU2WVzWugCeJUWg
+gh/jy0Eb8wCQgkjRovbHN3Q=
+=pse7
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-04:17/procfs5.patch b/share/security/patches/SA-04:17/procfs5.patch
new file mode 100644
index 0000000000..8aaed6afb6
--- /dev/null
+++ b/share/security/patches/SA-04:17/procfs5.patch
@@ -0,0 +1,76 @@
+Index: sys/compat/linprocfs/linprocfs.c
+===================================================================
+RCS file: /home/ncvs/src/sys/compat/linprocfs/linprocfs.c,v
+retrieving revision 1.84
+diff -u -r1.84 linprocfs.c
+--- sys/compat/linprocfs/linprocfs.c	16 Aug 2004 08:19:18 -0000	1.84
++++ sys/compat/linprocfs/linprocfs.c	27 Nov 2004 12:28:00 -0000
+@@ -769,6 +769,7 @@
+ linprocfs_doproccmdline(PFS_FILL_ARGS)
+ {
+ 	struct ps_strings pstr;
++	char **ps_argvstr;
+ 	int error, i;
+ 
+ 	/*
+@@ -794,10 +795,21 @@
+ 		    sizeof(pstr));
+ 		if (error)
+ 			return (error);
++		if (pstr.ps_nargvstr > ARG_MAX)
++			return (E2BIG);
++		ps_argvstr = malloc(pstr.ps_nargvstr * sizeof(char *),
++		    M_TEMP, M_WAITOK);
++		error = copyin((void *)pstr.ps_argvstr, ps_argvstr,
++		    pstr.ps_nargvstr * sizeof(char *));
++		if (error) {
++			free(ps_argvstr, M_TEMP);
++			return (error);
++		}
+ 		for (i = 0; i < pstr.ps_nargvstr; i++) {
+-			sbuf_copyin(sb, pstr.ps_argvstr[i], 0);
++			sbuf_copyin(sb, ps_argvstr[i], 0);
+ 			sbuf_printf(sb, "%c", '\0');
+ 		}
++		free(ps_argvstr, M_TEMP);
+ 	}
+ 
+ 	return (0);
+Index: sys/fs/procfs/procfs_status.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/procfs/procfs_status.c,v
+retrieving revision 1.53
+diff -u -r1.53 procfs_status.c
+--- sys/fs/procfs/procfs_status.c	5 Oct 2004 18:51:10 -0000	1.53
++++ sys/fs/procfs/procfs_status.c	27 Nov 2004 12:28:00 -0000
+@@ -173,6 +173,7 @@
+ procfs_doproccmdline(PFS_FILL_ARGS)
+ {
+ 	struct ps_strings pstr;
++	char **ps_argvstr;
+ 	int error, i;
+ 
+ 	/*
+@@ -199,10 +200,21 @@
+ 		    sizeof(pstr));
+ 		if (error)
+ 			return (error);
++		if (pstr.ps_nargvstr > ARG_MAX)
++			return (E2BIG);
++		ps_argvstr = malloc(pstr.ps_nargvstr * sizeof(char *),
++		    M_TEMP, M_WAITOK);
++		error = copyin((void *)pstr.ps_argvstr, ps_argvstr,
++		    pstr.ps_nargvstr * sizeof(char *));
++		if (error) {
++			free(ps_argvstr, M_TEMP);
++			return (error);
++		}
+ 		for (i = 0; i < pstr.ps_nargvstr; i++) {
+-			sbuf_copyin(sb, pstr.ps_argvstr[i], 0);
++			sbuf_copyin(sb, ps_argvstr[i], 0);
+ 			sbuf_printf(sb, "%c", '\0');
+ 		}
++		free(ps_argvstr, M_TEMP);
+ 	}
+ 
+ 	return (0);
diff --git a/share/security/patches/SA-04:17/procfs5.patch.asc b/share/security/patches/SA-04:17/procfs5.patch.asc
new file mode 100644
index 0000000000..3611c3dfcb
--- /dev/null
+++ b/share/security/patches/SA-04:17/procfs5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.2.6 (Darwin)
+
+iD8DBQBBrln2FdaIBMps37IRAmKjAJwOcFtNdyp91j/8ZLaT9tl5ovyLRQCeJXIK
+dlahrpiJjj2yOZDP9YcYvvY=
+=uRPz
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:01/telnet4.patch b/share/security/patches/SA-05:01/telnet4.patch
new file mode 100644
index 0000000000..5c3f6f6c13
--- /dev/null
+++ b/share/security/patches/SA-05:01/telnet4.patch
@@ -0,0 +1,372 @@
+Index: usr.bin/telnet/telnet.c
+===================================================================
+RCS file: /home/ncvs/src/usr.bin/telnet/Attic/telnet.c,v
+retrieving revision 1.8.2.3
+diff -u -r1.8.2.3 telnet.c
+--- usr.bin/telnet/telnet.c	13 Apr 2002 11:07:13 -0000	1.8.2.3
++++ usr.bin/telnet/telnet.c	27 Mar 2005 18:33:43 -0000
+@@ -1193,6 +1193,7 @@
+ }
+ 
+ unsigned char slc_reply[128];
++unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
+ unsigned char *slc_replyp;
+ 
+ void
+@@ -1208,6 +1209,14 @@
+ void
+ slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
+ {
++	/* A sequence of up to 6 bytes my be written for this member of the SLC
++	 * suboption list by this function.  The end of negotiation command,
++	 * which is written by slc_end_reply(), will require 2 additional
++	 * bytes.  Do not proceed unless there is sufficient space for these
++	 * items.
++	 */
++	if (&slc_replyp[6+2] > slc_reply_eom)
++		return;
+ 	if ((*slc_replyp++ = func) == IAC)
+ 		*slc_replyp++ = IAC;
+ 	if ((*slc_replyp++ = flags) == IAC)
+@@ -1221,6 +1230,9 @@
+ {
+     int len;
+ 
++    /* The end of negotiation command requires 2 bytes. */
++    if (&slc_replyp[2] > slc_reply_eom)
++            return;
+     *slc_replyp++ = IAC;
+     *slc_replyp++ = SE;
+     len = slc_replyp - slc_reply;
+@@ -1338,8 +1350,8 @@
+ 	}
+ }
+ 
+-#define	OPT_REPLY_SIZE	256
+-unsigned char *opt_reply;
++#define	OPT_REPLY_SIZE	(2 * SUBBUFSIZE)
++unsigned char *opt_reply = NULL;
+ unsigned char *opt_replyp;
+ unsigned char *opt_replyend;
+ 
+@@ -1392,9 +1404,9 @@
+ 		return;
+ 	}
+ 	vp = env_getvalue(ep);
+-	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
+-				strlen((char *)ep) + 6 > opt_replyend)
+-	{
++        if (opt_replyp + (vp ? 2 * strlen((char *)vp) : 0) +
++                                2 * strlen((char *)ep) + 6 > opt_replyend)
++        {
+ 		int len;
+ 		opt_replyend += OPT_REPLY_SIZE;
+ 		len = opt_replyend - opt_reply;
+@@ -1418,6 +1430,8 @@
+ 		*opt_replyp++ = ENV_USERVAR;
+ 	for (;;) {
+ 		while ((c = *ep++)) {
++			if (opt_replyp + (2 + 2) > opt_replyend)
++				return;
+ 			switch(c&0xff) {
+ 			case IAC:
+ 				*opt_replyp++ = IAC;
+@@ -1432,6 +1446,8 @@
+ 			*opt_replyp++ = c;
+ 		}
+ 		if ((ep = vp)) {
++			if (opt_replyp + (1 + 2 + 2) > opt_replyend)
++				return;
+ #ifdef	OLD_ENVIRON
+ 			if (telopt_environ == TELOPT_OLD_ENVIRON)
+ 				*opt_replyp++ = old_env_value;
+@@ -1462,7 +1478,9 @@
+ {
+ 	int len;
+ 
+-	len = opt_replyp - opt_reply + 2;
++	if (opt_replyp + 2 > opt_replyend)
++		return;
++	len = opt_replyp + 2 - opt_reply;
+ 	if (emptyok || len > 6) {
+ 		*opt_replyp++ = IAC;
+ 		*opt_replyp++ = SE;
+Index: crypto/telnet/telnet/telnet.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/telnet/telnet/Attic/telnet.c,v
+retrieving revision 1.4.2.5
+diff -u -r1.4.2.5 telnet.c
+--- crypto/telnet/telnet/telnet.c	13 Apr 2002 10:59:08 -0000	1.4.2.5
++++ crypto/telnet/telnet/telnet.c	27 Mar 2005 18:34:33 -0000
+@@ -1318,6 +1318,7 @@
+ }
+ 
+ unsigned char slc_reply[128];
++unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
+ unsigned char *slc_replyp;
+ 
+ void
+@@ -1333,6 +1334,14 @@
+ void
+ slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
+ {
++	/* A sequence of up to 6 bytes my be written for this member of the SLC
++	 * suboption list by this function.  The end of negotiation command,
++	 * which is written by slc_end_reply(), will require 2 additional
++	 * bytes.  Do not proceed unless there is sufficient space for these
++	 * items.
++	 */
++	if (&slc_replyp[6+2] > slc_reply_eom)
++		return;
+ 	if ((*slc_replyp++ = func) == IAC)
+ 		*slc_replyp++ = IAC;
+ 	if ((*slc_replyp++ = flags) == IAC)
+@@ -1346,6 +1355,9 @@
+ {
+     int len;
+ 
++    /* The end of negotiation command requires 2 bytes. */
++    if (&slc_replyp[2] > slc_reply_eom)
++            return;
+     *slc_replyp++ = IAC;
+     *slc_replyp++ = SE;
+     len = slc_replyp - slc_reply;
+@@ -1463,8 +1475,8 @@
+ 	}
+ }
+ 
+-#define	OPT_REPLY_SIZE	256
+-unsigned char *opt_reply;
++#define	OPT_REPLY_SIZE	(2 * SUBBUFSIZE)
++unsigned char *opt_reply = NULL;
+ unsigned char *opt_replyp;
+ unsigned char *opt_replyend;
+ 
+@@ -1517,9 +1529,9 @@
+ 		return;
+ 	}
+ 	vp = env_getvalue(ep);
+-	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
+-				strlen((char *)ep) + 6 > opt_replyend)
+-	{
++        if (opt_replyp + (vp ? 2 * strlen((char *)vp) : 0) +
++                                2 * strlen((char *)ep) + 6 > opt_replyend)
++        {
+ 		int len;
+ 		opt_replyend += OPT_REPLY_SIZE;
+ 		len = opt_replyend - opt_reply;
+@@ -1543,6 +1555,8 @@
+ 		*opt_replyp++ = ENV_USERVAR;
+ 	for (;;) {
+ 		while ((c = *ep++)) {
++			if (opt_replyp + (2 + 2) > opt_replyend)
++				return;
+ 			switch(c&0xff) {
+ 			case IAC:
+ 				*opt_replyp++ = IAC;
+@@ -1557,6 +1571,8 @@
+ 			*opt_replyp++ = c;
+ 		}
+ 		if ((ep = vp)) {
++			if (opt_replyp + (1 + 2 + 2) > opt_replyend)
++				return;
+ #ifdef	OLD_ENVIRON
+ 			if (telopt_environ == TELOPT_OLD_ENVIRON)
+ 				*opt_replyp++ = old_env_value;
+@@ -1587,7 +1603,9 @@
+ {
+ 	int len;
+ 
+-	len = opt_replyp - opt_reply + 2;
++	if (opt_replyp + 2 > opt_replyend)
++		return;
++	len = opt_replyp + 2 - opt_reply;
+ 	if (emptyok || len > 6) {
+ 		*opt_replyp++ = IAC;
+ 		*opt_replyp++ = SE;
+Index: crypto/heimdal/appl/telnet/telnet/telnet.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/heimdal/appl/telnet/telnet/telnet.c,v
+retrieving revision 1.1.1.1.2.3
+diff -u -r1.1.1.1.2.3 telnet.c
+--- crypto/heimdal/appl/telnet/telnet/telnet.c	1 Sep 2002 04:21:35 -0000	1.1.1.1.2.3
++++ crypto/heimdal/appl/telnet/telnet/telnet.c	27 Mar 2005 18:34:08 -0000
+@@ -1294,6 +1294,7 @@
+ 
+ 
+ unsigned char slc_reply[128];
++unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
+ unsigned char *slc_replyp;
+ 
+ void
+@@ -1309,6 +1310,14 @@
+ void
+ slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
+ {
++	/* A sequence of up to 6 bytes my be written for this member of the SLC
++	 * suboption list by this function.  The end of negotiation command,
++	 * which is written by slc_end_reply(), will require 2 additional
++	 * bytes.  Do not proceed unless there is sufficient space for these
++	 * items.
++	 */
++	if (&slc_replyp[6+2] > slc_reply_eom)
++		return;
+ 	if ((*slc_replyp++ = func) == IAC)
+ 		*slc_replyp++ = IAC;
+ 	if ((*slc_replyp++ = flags) == IAC)
+@@ -1322,6 +1331,9 @@
+ {
+     int len;
+ 
++    /* The end of negotiation command requires 2 bytes. */
++    if (&slc_replyp[2] > slc_reply_eom)
++            return;
+     *slc_replyp++ = IAC;
+     *slc_replyp++ = SE;
+     len = slc_replyp - slc_reply;
+@@ -1415,8 +1427,8 @@
+ 	}
+ }
+ 
+-#define	OPT_REPLY_SIZE	256
+-unsigned char *opt_reply;
++#define	OPT_REPLY_SIZE	(2 * SUBBUFSIZE)
++unsigned char *opt_reply = NULL;
+ unsigned char *opt_replyp;
+ unsigned char *opt_replyend;
+ 
+@@ -1475,9 +1487,9 @@
+ 		return;
+ 	}
+ 	vp = env_getvalue(ep);
+-	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
+-				strlen((char *)ep) + 6 > opt_replyend)
+-	{
++        if (opt_replyp + (vp ? 2 * strlen((char *)vp) : 0) +
++                                2 * strlen((char *)ep) + 6 > opt_replyend)
++        {
+ 		int len;
+ 		void *tmp;
+ 		opt_replyend += OPT_REPLY_SIZE;
+@@ -1503,6 +1515,8 @@
+ 		*opt_replyp++ = ENV_USERVAR;
+ 	for (;;) {
+ 		while ((c = *ep++)) {
++			if (opt_replyp + (2 + 2) > opt_replyend)
++				return;
+ 			switch(c&0xff) {
+ 			case IAC:
+ 				*opt_replyp++ = IAC;
+@@ -1517,6 +1531,8 @@
+ 			*opt_replyp++ = c;
+ 		}
+ 		if ((ep = vp)) {
++			if (opt_replyp + (1 + 2 + 2) > opt_replyend)
++				return;
+ #ifdef	OLD_ENVIRON
+ 			if (telopt_environ == TELOPT_OLD_ENVIRON)
+ 				*opt_replyp++ = old_env_value;
+@@ -1547,7 +1563,9 @@
+ {
+ 	int len;
+ 
+-	len = opt_replyp - opt_reply + 2;
++	if (opt_replyp + 2 > opt_replyend)
++		return;
++	len = opt_replyp + 2 - opt_reply;
+ 	if (emptyok || len > 6) {
+ 		*opt_replyp++ = IAC;
+ 		*opt_replyp++ = SE;
+Index: crypto/kerberosIV/appl/telnet/telnet/telnet.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/kerberosIV/appl/telnet/telnet/Attic/telnet.c,v
+retrieving revision 1.1.1.1
+diff -u -r1.1.1.1 telnet.c
+--- crypto/kerberosIV/appl/telnet/telnet/telnet.c	19 Sep 1999 14:19:15 -0000	1.1.1.1
++++ crypto/kerberosIV/appl/telnet/telnet/telnet.c	27 Mar 2005 18:34:21 -0000
+@@ -1285,6 +1285,7 @@
+ 
+ 
+ unsigned char slc_reply[128];
++unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
+ unsigned char *slc_replyp;
+ 
+ void
+@@ -1300,6 +1301,14 @@
+ void
+ slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
+ {
++	/* A sequence of up to 6 bytes my be written for this member of the SLC
++	 * suboption list by this function.  The end of negotiation command,
++	 * which is written by slc_end_reply(), will require 2 additional
++	 * bytes.  Do not proceed unless there is sufficient space for these
++	 * items.
++	 */
++	if (&slc_replyp[6+2] > slc_reply_eom)
++		return;
+ 	if ((*slc_replyp++ = func) == IAC)
+ 		*slc_replyp++ = IAC;
+ 	if ((*slc_replyp++ = flags) == IAC)
+@@ -1313,6 +1322,9 @@
+ {
+     int len;
+ 
++    /* The end of negotiation command requires 2 bytes. */
++    if (&slc_replyp[2] > slc_reply_eom)
++            return;
+     *slc_replyp++ = IAC;
+     *slc_replyp++ = SE;
+     len = slc_replyp - slc_reply;
+@@ -1406,8 +1418,8 @@
+ 	}
+ }
+ 
+-#define	OPT_REPLY_SIZE	256
+-unsigned char *opt_reply;
++#define	OPT_REPLY_SIZE	(2 * SUBBUFSIZE)
++unsigned char *opt_reply = NULL;
+ unsigned char *opt_replyp;
+ unsigned char *opt_replyend;
+ 
+@@ -1460,9 +1472,9 @@
+ 		return;
+ 	}
+ 	vp = env_getvalue(ep);
+-	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
+-				strlen((char *)ep) + 6 > opt_replyend)
+-	{
++        if (opt_replyp + (vp ? 2 * strlen((char *)vp) : 0) +
++                                2 * strlen((char *)ep) + 6 > opt_replyend)
++        {
+ 		int len;
+ 		opt_replyend += OPT_REPLY_SIZE;
+ 		len = opt_replyend - opt_reply;
+@@ -1486,6 +1498,8 @@
+ 		*opt_replyp++ = ENV_USERVAR;
+ 	for (;;) {
+ 		while ((c = *ep++)) {
++			if (opt_replyp + (2 + 2) > opt_replyend)
++				return;
+ 			switch(c&0xff) {
+ 			case IAC:
+ 				*opt_replyp++ = IAC;
+@@ -1500,6 +1514,8 @@
+ 			*opt_replyp++ = c;
+ 		}
+ 		if ((ep = vp)) {
++			if (opt_replyp + (1 + 2 + 2) > opt_replyend)
++				return;
+ #ifdef	OLD_ENVIRON
+ 			if (telopt_environ == TELOPT_OLD_ENVIRON)
+ 				*opt_replyp++ = old_env_value;
+@@ -1530,7 +1546,9 @@
+ {
+ 	int len;
+ 
+-	len = opt_replyp - opt_reply + 2;
++	if (opt_replyp + 2 > opt_replyend)
++		return;
++	len = opt_replyp + 2 - opt_reply;
+ 	if (emptyok || len > 6) {
+ 		*opt_replyp++ = IAC;
+ 		*opt_replyp++ = SE;
diff --git a/share/security/patches/SA-05:01/telnet4.patch.asc b/share/security/patches/SA-05:01/telnet4.patch.asc
new file mode 100644
index 0000000000..5292769bd4
--- /dev/null
+++ b/share/security/patches/SA-05:01/telnet4.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0
+
+iD8DBQBCSCoZFdaIBMps37IRApSZAKCTI96ZmvI+5zSsL3GjXznlpT9yiQCgjmoZ
+RQDa8LMpBiWepnigoRrFdpE=
+=weKr
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:01/telnet5.patch b/share/security/patches/SA-05:01/telnet5.patch
new file mode 100644
index 0000000000..49dafa2c78
--- /dev/null
+++ b/share/security/patches/SA-05:01/telnet5.patch
@@ -0,0 +1,93 @@
+Index: contrib/telnet/telnet/telnet.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/telnet/telnet/telnet.c,v
+retrieving revision 1.15
+diff -u -r1.15 telnet.c
+--- contrib/telnet/telnet/telnet.c	28 Feb 2005 12:46:53 -0000	1.15
++++ contrib/telnet/telnet/telnet.c	23 Mar 2005 19:10:31 -0000
+@@ -1326,6 +1326,7 @@
+ }
+ 
+ unsigned char slc_reply[128];
++unsigned char const * const slc_reply_eom = &slc_reply[sizeof(slc_reply)];
+ unsigned char *slc_replyp;
+ 
+ void
+@@ -1341,6 +1342,14 @@
+ void
+ slc_add_reply(unsigned char func, unsigned char flags, cc_t value)
+ {
++	/* A sequence of up to 6 bytes my be written for this member of the SLC
++	 * suboption list by this function.  The end of negotiation command,
++	 * which is written by slc_end_reply(), will require 2 additional
++	 * bytes.  Do not proceed unless there is sufficient space for these
++	 * items.
++	 */
++	if (&slc_replyp[6+2] > slc_reply_eom)
++		return;
+ 	if ((*slc_replyp++ = func) == IAC)
+ 		*slc_replyp++ = IAC;
+ 	if ((*slc_replyp++ = flags) == IAC)
+@@ -1354,6 +1363,9 @@
+ {
+     int len;
+ 
++    /* The end of negotiation command requires 2 bytes. */
++    if (&slc_replyp[2] > slc_reply_eom)
++            return;
+     *slc_replyp++ = IAC;
+     *slc_replyp++ = SE;
+     len = slc_replyp - slc_reply;
+@@ -1471,8 +1483,8 @@
+ 	}
+ }
+ 
+-#define	OPT_REPLY_SIZE	256
+-unsigned char *opt_reply;
++#define	OPT_REPLY_SIZE	(2 * SUBBUFSIZE)
++unsigned char *opt_reply = NULL;
+ unsigned char *opt_replyp;
+ unsigned char *opt_replyend;
+ 
+@@ -1525,9 +1537,9 @@
+ 		return;
+ 	}
+ 	vp = env_getvalue(ep);
+-	if (opt_replyp + (vp ? strlen((char *)vp) : 0) +
+-				strlen((char *)ep) + 6 > opt_replyend)
+-	{
++        if (opt_replyp + (vp ? 2 * strlen((char *)vp) : 0) +
++                                2 * strlen((char *)ep) + 6 > opt_replyend)
++        {
+ 		int len;
+ 		opt_replyend += OPT_REPLY_SIZE;
+ 		len = opt_replyend - opt_reply;
+@@ -1551,6 +1563,8 @@
+ 		*opt_replyp++ = ENV_USERVAR;
+ 	for (;;) {
+ 		while ((c = *ep++)) {
++			if (opt_replyp + (2 + 2) > opt_replyend)
++				return;
+ 			switch(c&0xff) {
+ 			case IAC:
+ 				*opt_replyp++ = IAC;
+@@ -1565,6 +1579,8 @@
+ 			*opt_replyp++ = c;
+ 		}
+ 		if ((ep = vp)) {
++			if (opt_replyp + (1 + 2 + 2) > opt_replyend)
++				return;
+ #ifdef	OLD_ENVIRON
+ 			if (telopt_environ == TELOPT_OLD_ENVIRON)
+ 				*opt_replyp++ = old_env_value;
+@@ -1595,7 +1611,9 @@
+ {
+ 	int len;
+ 
+-	len = opt_replyp - opt_reply + 2;
++	if (opt_replyp + 2 > opt_replyend)
++		return;
++	len = opt_replyp + 2 - opt_reply;
+ 	if (emptyok || len > 6) {
+ 		*opt_replyp++ = IAC;
+ 		*opt_replyp++ = SE;
diff --git a/share/security/patches/SA-05:01/telnet5.patch.asc b/share/security/patches/SA-05:01/telnet5.patch.asc
new file mode 100644
index 0000000000..3cba49af1b
--- /dev/null
+++ b/share/security/patches/SA-05:01/telnet5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0
+
+iD8DBQBCSH1FFdaIBMps37IRAmE7AJwIIhyW9OJOSe3H1DDpV0M1I8iVGgCdFQsT
+8HA1sq+Rzv6BJdGVWB5akhk=
+=Ts1m
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:02/sendfile_4.patch b/share/security/patches/SA-05:02/sendfile_4.patch
new file mode 100644
index 0000000000..401afeb236
--- /dev/null
+++ b/share/security/patches/SA-05:02/sendfile_4.patch
@@ -0,0 +1,15 @@
+Index: sys/ufs/ffs/ffs_inode.c
+===================================================================
+RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_inode.c,v
+retrieving revision 1.56.2.5
+diff -u -r1.56.2.5 ffs_inode.c
+--- sys/ufs/ffs/ffs_inode.c	5 Feb 2002 18:35:03 -0000	1.56.2.5
++++ sys/ufs/ffs/ffs_inode.c	11 Mar 2005 14:29:19 -0000
+@@ -197,6 +197,7 @@
+ #endif
+ 			softdep_setup_freeblocks(oip, length);
+ 			vinvalbuf(ovp, 0, cred, p, 0, 0);
++			vnode_pager_setsize(vp, 0);
+ 			oip->i_flag |= IN_CHANGE | IN_UPDATE;
+ 			return (ffs_update(ovp, 0));
+ 		}
diff --git a/share/security/patches/SA-05:02/sendfile_4.patch.asc b/share/security/patches/SA-05:02/sendfile_4.patch.asc
new file mode 100644
index 0000000000..73b0aba984
--- /dev/null
+++ b/share/security/patches/SA-05:02/sendfile_4.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQBCUdJhFdaIBMps37IRAiMUAKCQND+Mk40OSD3sCd+r472FY7g0cQCghHTV
+E8kone2aus+hkyn4l8L4v1g=
+=YCR+
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:02/sendfile_5.patch b/share/security/patches/SA-05:02/sendfile_5.patch
new file mode 100644
index 0000000000..835409b496
--- /dev/null
+++ b/share/security/patches/SA-05:02/sendfile_5.patch
@@ -0,0 +1,15 @@
+Index: sys/ufs/ffs/ffs_inode.c
+===================================================================
+RCS file: /home/ncvs/src/sys/ufs/ffs/ffs_inode.c,v
+retrieving revision 1.93.2.1
+diff -u -r1.93.2.1 ffs_inode.c
+--- sys/ufs/ffs/ffs_inode.c	31 Jan 2005 23:26:59 -0000	1.93.2.1
++++ sys/ufs/ffs/ffs_inode.c	11 Mar 2005 14:24:46 -0000
+@@ -274,6 +274,7 @@
+ 			    IO_EXT | IO_NORMAL : IO_NORMAL);
+ 			vinvalbuf(ovp, needextclean ? 0 : V_NORMAL,
+ 			    cred, td, 0, 0);
++			vnode_pager_setsize(vp, 0);
+ 			oip->i_flag |= IN_CHANGE | IN_UPDATE;
+ 			return (ffs_update(ovp, 0));
+ 		}
diff --git a/share/security/patches/SA-05:02/sendfile_5.patch.asc b/share/security/patches/SA-05:02/sendfile_5.patch.asc
new file mode 100644
index 0000000000..4adc3dd09a
--- /dev/null
+++ b/share/security/patches/SA-05:02/sendfile_5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQBCUdJ9FdaIBMps37IRAjxTAJ4lnkOuGu/8S7Mxcmu6ajI3LOL55ACfeERX
+bpxDVWaVzg1xpzX/mH/zi+s=
+=bxNb
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:03/amd64.patch b/share/security/patches/SA-05:03/amd64.patch
new file mode 100644
index 0000000000..0e50885b43
--- /dev/null
+++ b/share/security/patches/SA-05:03/amd64.patch
@@ -0,0 +1,47 @@
+Index: sys/amd64/amd64/machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/amd64/amd64/machdep.c,v
+retrieving revision 1.633
+diff -u -p -r1.633 machdep.c
+--- sys/amd64/amd64/machdep.c	4 Apr 2005 21:53:52 -0000	1.633
++++ sys/amd64/amd64/machdep.c	6 Apr 2005 00:35:05 -0000
+@@ -1251,6 +1251,9 @@ hammer_time(u_int64_t modulep, u_int64_t
+ 	/* doublefault stack space, runs on ist1 */
+ 	common_tss[0].tss_ist1 = (long)&dblfault_stack[sizeof(dblfault_stack)];
+ 
++	/* Set the IO permission bitmap (empty due to tss seg limit) */
++	common_tss[0].tss_iobase = sizeof(struct amd64tss);
++
+ 	gsel_tss = GSEL(GPROC0_SEL, SEL_KPL);
+ 	ltr(gsel_tss);
+ 
+Index: sys/amd64/amd64/mp_machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/amd64/amd64/mp_machdep.c,v
+retrieving revision 1.251
+diff -u -p -r1.251 mp_machdep.c
+--- sys/amd64/amd64/mp_machdep.c	4 Apr 2005 21:53:52 -0000	1.251
++++ sys/amd64/amd64/mp_machdep.c	6 Apr 2005 00:35:05 -0000
+@@ -379,6 +379,7 @@ init_secondary(void)
+ 	/* Init tss */
+ 	common_tss[cpu] = common_tss[0];
+ 	common_tss[cpu].tss_rsp0 = 0;   /* not used until after switch */
++	common_tss[cpu].tss_iobase = sizeof(struct amd64tss);
+ 
+ 	gdt_segs[GPROC0_SEL].ssd_base = (long) &common_tss[cpu];
+ 	ssdtosyssd(&gdt_segs[GPROC0_SEL],
+Index: sys/amd64/include/tss.h
+===================================================================
+RCS file: /home/ncvs/src/sys/amd64/include/tss.h,v
+retrieving revision 1.16
+diff -u -p -r1.16 tss.h
+--- sys/amd64/include/tss.h	5 Apr 2004 21:25:51 -0000	1.16
++++ sys/amd64/include/tss.h	6 Apr 2005 00:35:05 -0000
+@@ -50,7 +50,6 @@ struct amd64tss {
+ 	u_int64_t	tss_rsp2 __packed; 	/* kernel stack pointer ring 2 */
+ 	u_int32_t	tss_rsvd1;
+ 	u_int32_t	tss_rsvd2;
+-	u_int32_t	tss_rsvd3;
+ 	u_int64_t	tss_ist1 __packed;	/* Interrupt stack table 1 */
+ 	u_int64_t	tss_ist2 __packed;	/* Interrupt stack table 2 */
+ 	u_int64_t	tss_ist3 __packed;	/* Interrupt stack table 3 */
diff --git a/share/security/patches/SA-05:03/amd64.patch.asc b/share/security/patches/SA-05:03/amd64.patch.asc
new file mode 100644
index 0000000000..54062c17b6
--- /dev/null
+++ b/share/security/patches/SA-05:03/amd64.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQBCUzJgFdaIBMps37IRAmGWAJ46nrA8+h/NJ5NoJDz/gBKmJ3mqdgCgj556
+8WoGi9tqzLtQon3PWiWXEUY=
+=nSO9
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:04/ifconf4.patch b/share/security/patches/SA-05:04/ifconf4.patch
new file mode 100644
index 0000000000..80a9b1b1c4
--- /dev/null
+++ b/share/security/patches/SA-05:04/ifconf4.patch
@@ -0,0 +1,20 @@
+Index: sys/net/if.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/if.c,v
+retrieving revision 1.85.2.28
+diff -u -p -r1.85.2.28 if.c
+--- sys/net/if.c	12 Dec 2004 20:12:50 -0000	1.85.2.28
++++ sys/net/if.c	14 Apr 2005 22:10:46 -0000
+@@ -1326,6 +1326,12 @@ ifconf(cmd, data)
+ 		char workbuf[64];
+ 		int ifnlen, addrs;
+ 
++		/*
++		 * Zero the ifr_name buffer to make sure we don't
++		 * disclose the contents of the stack.
++		 */
++		memset(ifr.ifr_name, 0, sizeof(ifr.ifr_name));
++
+ 		if (space <= sizeof (ifr))
+ 			break;
+ 		ifnlen = snprintf(workbuf, sizeof(workbuf),
diff --git a/share/security/patches/SA-05:04/ifconf4.patch.asc b/share/security/patches/SA-05:04/ifconf4.patch.asc
new file mode 100644
index 0000000000..53c1524c30
--- /dev/null
+++ b/share/security/patches/SA-05:04/ifconf4.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQBCXvwXFdaIBMps37IRAkZCAKCAHStN+yAA9tEc3Thxm1Xljp4I+QCaAmv0
+yeyaBvZFbPPiAUELsos86y8=
+=R/Wp
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:04/ifconf5.patch b/share/security/patches/SA-05:04/ifconf5.patch
new file mode 100644
index 0000000000..5cefefd914
--- /dev/null
+++ b/share/security/patches/SA-05:04/ifconf5.patch
@@ -0,0 +1,20 @@
+Index: sys/net/if.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/if.c,v
+retrieving revision 1.225
+diff -u -p -r1.225 if.c
+--- sys/net/if.c	20 Mar 2005 14:31:45 -0000	1.225
++++ sys/net/if.c	14 Apr 2005 22:06:17 -0000
+@@ -1596,6 +1596,12 @@ again:
+ 	TAILQ_FOREACH(ifp, &ifnet, if_link) {
+ 		int addrs;
+ 
++		/*
++		 * Zero the ifr_name buffer to make sure we don't
++		 * disclose the contents of the stack.
++		 */
++		memset(ifr.ifr_name, 0, sizeof(ifr.ifr_name));
++
+ 		if (strlcpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name))
+ 		    >= sizeof(ifr.ifr_name))
+ 			return (ENAMETOOLONG);
diff --git a/share/security/patches/SA-05:04/ifconf5.patch.asc b/share/security/patches/SA-05:04/ifconf5.patch.asc
new file mode 100644
index 0000000000..7ac8e70840
--- /dev/null
+++ b/share/security/patches/SA-05:04/ifconf5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQBCXvwiFdaIBMps37IRAlN3AKCNhNUFiTWXonZPr/3Jm248pTsyaACeKs76
+YRA1gUfusz2u5jnUc9eMy6Q=
+=mgmS
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:05/cvs.patch b/share/security/patches/SA-05:05/cvs.patch
new file mode 100644
index 0000000000..3c5dd73968
--- /dev/null
+++ b/share/security/patches/SA-05:05/cvs.patch
@@ -0,0 +1,99 @@
+Index: contrib/cvs/src/login.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/login.c,v
+retrieving revision 1.8
+diff -u -d -r1.8 login.c
+--- contrib/cvs/src/login.c	15 Apr 2004 01:17:27 -0000	1.8
++++ contrib/cvs/src/login.c	19 Apr 2005 19:14:15 -0000
+@@ -116,7 +116,7 @@
+ 
+ 	if (isspace(*(linebuf + 1)))
+ 	    /* special case since strtoul ignores leading white space */
+-	    entry_version = 0;
++	    q = linebuf + 1;
+ 	else
+ 	    entry_version = strtoul (linebuf + 1, &q, 10);
+ 
+Index: contrib/cvs/src/patch.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/patch.c,v
+retrieving revision 1.1.1.13
+diff -u -d -r1.1.1.13 patch.c
+--- contrib/cvs/src/patch.c	15 Apr 2004 01:01:55 -0000	1.1.1.13
++++ contrib/cvs/src/patch.c	19 Apr 2005 19:14:15 -0000
+@@ -385,6 +385,7 @@
+     struct utimbuf t;
+     char *vers_tag, *vers_head;
+     char *rcs = NULL;
++    char *rcs_orig = NULL;
+     RCSNode *rcsfile;
+     FILE *fp1, *fp2, *fp3;
+     int ret = 0;
+@@ -415,7 +416,7 @@
+     if ((rcsfile->flags & VALID) && (rcsfile->flags & INATTIC))
+ 	isattic = 1;
+ 
+-    rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
++    rcs_orig = rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
+     (void) sprintf (rcs, "%s%s", finfo->file, RCSEXT);
+ 
+     /* if vers_head is NULL, may have been removed from the release */
+@@ -757,8 +758,8 @@
+ 	free (vers_tag);
+     if (vers_head != NULL)
+ 	free (vers_head);
+-    if (rcs != NULL)
+-	free (rcs);
++    if (rcs_orig)
++	free (rcs_orig);
+     return ret;
+ }
+ 
+Index: contrib/cvs/src/rcs.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/rcs.c,v
+retrieving revision 1.27
+diff -u -d -r1.27 rcs.c
+--- contrib/cvs/src/rcs.c	6 Jul 2004 08:10:38 -0000	1.27
++++ contrib/cvs/src/rcs.c	19 Apr 2005 19:14:15 -0000
+@@ -3041,8 +3041,7 @@
+     if (retval != NULL)
+ 	return (retval);
+ 
+-    if (!force_tag_match ||
+-	(vers != NULL && RCS_datecmp (vers->date, date) <= 0))
++    if (vers && (!force_tag_match || RCS_datecmp (vers->date, date) <= 0))
+ 	return xstrdup (vers->version);
+     else
+ 	return NULL;
+@@ -4139,7 +4138,7 @@
+     size_t len;
+     int free_value = 0;
+     char *log = NULL;
+-    size_t loglen;
++    size_t loglen = 0;
+     Node *vp = NULL;
+ #ifdef PRESERVE_PERMISSIONS_SUPPORT
+     uid_t rcs_owner = (uid_t) -1;
+@@ -7457,7 +7456,7 @@
+ 
+ 		for (ln = 0; ln < headlines.nlines; ++ln)
+ 		{
+-		    char buf[80];
++		    char *buf;
+ 		    /* Period which separates year from month in date.  */
+ 		    char *ym;
+ 		    /* Period which separates month from day in date.  */
+@@ -7468,10 +7467,12 @@
+ 		    if (prvers == NULL)
+ 			prvers = vers;
+ 
++		    buf = xmalloc (strlen (prvers->version) + 24);
+ 		    sprintf (buf, "%-12s (%-8.8s ",
+ 			     prvers->version,
+ 			     prvers->author);
+ 		    cvs_output (buf, 0);
++		    free (buf);
+ 
+ 		    /* Now output the date.  */
+ 		    ym = strchr (prvers->date, '.');
diff --git a/share/security/patches/SA-05:05/cvs.patch.asc b/share/security/patches/SA-05:05/cvs.patch.asc
new file mode 100644
index 0000000000..bc24e287ca
--- /dev/null
+++ b/share/security/patches/SA-05:05/cvs.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQBCaSpzFdaIBMps37IRApGzAJsFgSJemAv7XCi6gGZl06ElIvquiQCfXB3d
+Xb3Qt0g3EGkBahzi5IhIRBc=
+=aF3a
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:05/cvs410.patch b/share/security/patches/SA-05:05/cvs410.patch
new file mode 100644
index 0000000000..37666ca1c4
--- /dev/null
+++ b/share/security/patches/SA-05:05/cvs410.patch
@@ -0,0 +1,99 @@
+Index: contrib/cvs/src/login.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/login.c,v
+retrieving revision 1.3.2.4
+diff -u -d -r1.3.2.4 login.c
+--- contrib/cvs/src/login.c	19 Dec 2002 21:17:56 -0000	1.3.2.4
++++ contrib/cvs/src/login.c	19 Apr 2005 20:24:58 -0000
+@@ -125,7 +125,7 @@
+ 
+ 	if (isspace(*(linebuf + 1)))
+ 	    /* special case since strtoul ignores leading white space */
+-	    entry_version = 0;
++	    q = linebuf + 1;
+ 	else
+ 	    entry_version = strtoul (linebuf + 1, &q, 10);
+ 
+Index: contrib/cvs/src/patch.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/patch.c,v
+retrieving revision 1.1.1.7.2.5
+diff -u -d -r1.1.1.7.2.5 patch.c
+--- contrib/cvs/src/patch.c	21 Jan 2003 22:26:44 -0000	1.1.1.7.2.5
++++ contrib/cvs/src/patch.c	19 Apr 2005 20:27:52 -0000
+@@ -375,6 +375,7 @@
+     struct utimbuf t;
+     char *vers_tag, *vers_head;
+     char *rcs = NULL;
++    char *rcs_orig = NULL;
+     RCSNode *rcsfile;
+     FILE *fp1, *fp2, *fp3;
+     int ret = 0;
+@@ -404,7 +405,7 @@
+     if ((rcsfile->flags & VALID) && (rcsfile->flags & INATTIC))
+ 	isattic = 1;
+ 
+-    rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
++    rcs_orig = rcs = xmalloc (strlen (finfo->file) + sizeof (RCSEXT) + 5);
+     (void) sprintf (rcs, "%s%s", finfo->file, RCSEXT);
+ 
+     /* if vers_head is NULL, may have been removed from the release */
+@@ -743,8 +744,8 @@
+ 	free (vers_tag);
+     if (vers_head != NULL)
+ 	free (vers_head);
+-    if (rcs != NULL)
+-	free (rcs);
++    if (rcs_orig)
++	free (rcs_orig);
+     return (ret);
+ }
+ 
+Index: contrib/cvs/src/rcs.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/rcs.c,v
+retrieving revision 1.19.2.5
+diff -u -d -r1.19.2.5 rcs.c
+--- contrib/cvs/src/rcs.c	21 Jan 2003 22:26:44 -0000	1.19.2.5
++++ contrib/cvs/src/rcs.c	19 Apr 2005 20:26:30 -0000
+@@ -3034,8 +3034,7 @@
+     if (retval != NULL)
+ 	return (retval);
+ 
+-    if (!force_tag_match ||
+-	(vers != NULL && RCS_datecmp (vers->date, date) <= 0))
++    if (vers && (!force_tag_match || RCS_datecmp (vers->date, date) <= 0))
+ 	return (xstrdup (vers->version));
+     else
+ 	return (NULL);
+@@ -4118,7 +4117,7 @@
+     size_t len;
+     int free_value = 0;
+     char *log = NULL;
+-    size_t loglen;
++    size_t loglen = 0;
+     Node *vp = NULL;
+ #ifdef PRESERVE_PERMISSIONS_SUPPORT
+     uid_t rcs_owner = (uid_t) -1;
+@@ -7398,7 +7397,7 @@
+ 
+ 		for (ln = 0; ln < headlines.nlines; ++ln)
+ 		{
+-		    char buf[80];
++		    char *buf;
+ 		    /* Period which separates year from month in date.  */
+ 		    char *ym;
+ 		    /* Period which separates month from day in date.  */
+@@ -7409,10 +7408,12 @@
+ 		    if (prvers == NULL)
+ 			prvers = vers;
+ 
++		    buf = xmalloc (strlen (prvers->version) + 24);
+ 		    sprintf (buf, "%-12s (%-8.8s ",
+ 			     prvers->version,
+ 			     prvers->author);
+ 		    cvs_output (buf, 0);
++		    free (buf);
+ 
+ 		    /* Now output the date.  */
+ 		    ym = strchr (prvers->date, '.');
diff --git a/share/security/patches/SA-05:05/cvs410.patch.asc b/share/security/patches/SA-05:05/cvs410.patch.asc
new file mode 100644
index 0000000000..03af297477
--- /dev/null
+++ b/share/security/patches/SA-05:05/cvs410.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (FreeBSD)
+
+iD8DBQBCaSp7FdaIBMps37IRAkL2AJ9X7i+tjClioyuM5HGpJtQf6IVWtQCfQwVj
+W5w+M2IIXV/65fRxmvc9dOk=
+=Cr8H
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:06/iir.patch b/share/security/patches/SA-05:06/iir.patch
new file mode 100644
index 0000000000..f50a3170ca
--- /dev/null
+++ b/share/security/patches/SA-05:06/iir.patch
@@ -0,0 +1,22 @@
+Index: sys/dev/iir/iir_ctrl.c
+===================================================================
+RCS file: /home/ncvs/src/sys/dev/iir/iir_ctrl.c,v
+retrieving revision 1.16
+diff -u -p -r1.16 iir_ctrl.c
+--- sys/dev/iir/iir_ctrl.c	6 Jan 2005 01:42:47 -0000	1.16
++++ sys/dev/iir/iir_ctrl.c	3 May 2005 11:44:40 -0000
+@@ -102,12 +102,12 @@ gdt_make_dev(int unit)
+ 
+ #ifdef SDEV_PER_HBA
+     dev = make_dev(&iir_cdevsw, hba2minor(unit), UID_ROOT, GID_OPERATOR,
+-                   S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, "iir%d", unit);
++                   S_IRUSR | S_IWUSR, "iir%d", unit);
+ #else
+     if (sdev_made)
+         return (0);
+     dev = make_dev(&iir_cdevsw, 0, UID_ROOT, GID_OPERATOR,
+-                   S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH, "iir");
++                   S_IRUSR | S_IWUSR, "iir");
+     sdev_made = 1;
+ #endif
+     return (dev);
diff --git a/share/security/patches/SA-05:06/iir.patch.asc b/share/security/patches/SA-05:06/iir.patch.asc
new file mode 100644
index 0000000000..92df5129d7
--- /dev/null
+++ b/share/security/patches/SA-05:06/iir.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCes54FdaIBMps37IRAg+SAJ4mmqh302NfOY13jNo31UoD/fqHvwCfajN6
+Nf1wfpkmB6tx4baBQ5DW11Q=
+=MY0r
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:07/ldt4.patch b/share/security/patches/SA-05:07/ldt4.patch
new file mode 100644
index 0000000000..a06c1875c7
--- /dev/null
+++ b/share/security/patches/SA-05:07/ldt4.patch
@@ -0,0 +1,30 @@
+Index: sys/i386/i386/sys_machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/i386/sys_machdep.c,v
+retrieving revision 1.47.2.3
+diff -u -p -r1.47.2.3 sys_machdep.c
+--- sys/i386/i386/sys_machdep.c	7 Oct 2002 17:20:00 -0000	1.47.2.3
++++ sys/i386/i386/sys_machdep.c	4 May 2005 01:51:03 -0000
+@@ -342,10 +342,6 @@ i386_get_ldt(p, args)
+ 	    uap->start, uap->num, (void *)uap->descs);
+ #endif
+ 
+-	/* verify range of LDTs exist */
+-	if ((uap->start < 0) || (uap->num <= 0))
+-		return(EINVAL);
+-
+ 	s = splhigh();
+ 
+ 	if (pcb_ldt) {
+@@ -357,7 +353,10 @@ i386_get_ldt(p, args)
+ 		num = min(uap->num, nldt);
+ 		lp = &ldt[uap->start];
+ 	}
+-	if (uap->start + num > nldt) {
++
++	if ((uap->start > (unsigned int)nldt) ||
++	    ((unsigned int)num > (unsigned int)nldt) ||
++	    ((unsigned int)(uap->start + num) > (unsigned int)nldt)) {
+ 		splx(s);
+ 		return(EINVAL);
+ 	}
diff --git a/share/security/patches/SA-05:07/ldt4.patch.asc b/share/security/patches/SA-05:07/ldt4.patch.asc
new file mode 100644
index 0000000000..4ea4127b01
--- /dev/null
+++ b/share/security/patches/SA-05:07/ldt4.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCes6KFdaIBMps37IRArNuAJ9t0wF0rkHOLMYn2O4cixmSagKZgACfUSP2
+Bu/QfwILX4Ra0hRLc2XUdXE=
+=ye9M
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:07/ldt5.patch b/share/security/patches/SA-05:07/ldt5.patch
new file mode 100644
index 0000000000..c16b2b3377
--- /dev/null
+++ b/share/security/patches/SA-05:07/ldt5.patch
@@ -0,0 +1,30 @@
+Index: sys/i386/i386/sys_machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/i386/sys_machdep.c,v
+retrieving revision 1.100
+diff -u -p -r1.100 sys_machdep.c
+--- sys/i386/i386/sys_machdep.c	19 Apr 2005 13:52:27 -0000	1.100
++++ sys/i386/i386/sys_machdep.c	4 May 2005 00:39:36 -0000
+@@ -476,10 +476,6 @@ i386_get_ldt(td, uap)
+ 	    uap->start, uap->num, (void *)uap->descs);
+ #endif
+ 
+-	/* verify range of LDTs exist */
+-	if ((uap->start < 0) || (uap->num <= 0))
+-		return(EINVAL);
+-
+ 	if (pldt) {
+ 		nldt = pldt->ldt_len;
+ 		num = min(uap->num, nldt);
+@@ -489,7 +485,10 @@ i386_get_ldt(td, uap)
+ 		num = min(uap->num, nldt);
+ 		lp = &ldt[uap->start];
+ 	}
+-	if (uap->start + num > nldt)
++
++	if ((uap->start > (unsigned int)nldt) ||
++	    ((unsigned int)num > (unsigned int)nldt) ||
++	    ((unsigned int)(uap->start + num) > (unsigned int)nldt))
+ 		return(EINVAL);
+ 
+ 	error = copyout(lp, uap->descs, num * sizeof(union descriptor));
diff --git a/share/security/patches/SA-05:07/ldt5.patch.asc b/share/security/patches/SA-05:07/ldt5.patch.asc
new file mode 100644
index 0000000000..de5cfdf2ca
--- /dev/null
+++ b/share/security/patches/SA-05:07/ldt5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCes6PFdaIBMps37IRAjuYAJ9sSIPvIuopeKMT2bBsqR+nT5im8ACbBNrD
+Bznep/YMwEweVt7hebxB71s=
+=lm7h
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:08/kmem4.patch b/share/security/patches/SA-05:08/kmem4.patch
new file mode 100644
index 0000000000..2dac885449
--- /dev/null
+++ b/share/security/patches/SA-05:08/kmem4.patch
@@ -0,0 +1,75 @@
+Index: sys/kern/vfs_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/vfs_subr.c,v
+retrieving revision 1.249.2.31
+diff -u -p -r1.249.2.31 vfs_subr.c
+--- sys/kern/vfs_subr.c	9 Aug 2003 16:21:20 -0000	1.249.2.31
++++ sys/kern/vfs_subr.c	5 May 2005 05:39:37 -0000
+@@ -2302,6 +2302,7 @@ sysctl_ovfs_conf(SYSCTL_HANDLER_ARGS)
+ 	struct ovfsconf ovfs;
+ 
+ 	for (vfsp = vfsconf; vfsp; vfsp = vfsp->vfc_next) {
++		bzero(&ovfs, sizeof(ovfs));
+ 		ovfs.vfc_vfsops = vfsp->vfc_vfsops;	/* XXX used as flag */
+ 		strcpy(ovfs.vfc_name, vfsp->vfc_name);
+ 		ovfs.vfc_index = vfsp->vfc_typenum;
+Index: sys/net/if_mib.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/if_mib.c,v
+retrieving revision 1.8.2.2
+diff -u -p -r1.8.2.2 if_mib.c
+--- sys/net/if_mib.c	4 May 2004 10:52:54 -0000	1.8.2.2
++++ sys/net/if_mib.c	5 May 2005 05:39:37 -0000
+@@ -91,6 +91,7 @@ sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XX
+ 		return ENOENT;
+ 
+ 	case IFDATA_GENERAL:
++		bzero(&ifmd, sizeof(ifmd));
+ 		ifnlen = snprintf(workbuf, sizeof(workbuf),
+ 		    "%s%d", ifp->if_name, ifp->if_unit);
+ 		if(ifnlen + 1 > sizeof ifmd.ifmd_name) {
+Index: sys/netinet/ip_divert.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_divert.c,v
+retrieving revision 1.42.2.7
+diff -u -p -r1.42.2.7 ip_divert.c
+--- sys/netinet/ip_divert.c	1 Dec 2004 11:16:04 -0000	1.42.2.7
++++ sys/netinet/ip_divert.c	5 May 2005 05:39:37 -0000
+@@ -478,6 +478,7 @@ div_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
+Index: sys/netinet/raw_ip.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v
+retrieving revision 1.64.2.19
+diff -u -p -r1.64.2.19 raw_ip.c
+--- sys/netinet/raw_ip.c	16 Jun 2004 06:57:49 -0000	1.64.2.19
++++ sys/netinet/raw_ip.c	5 May 2005 05:39:38 -0000
+@@ -686,6 +686,7 @@ rip_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
+Index: sys/netinet/udp_usrreq.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/udp_usrreq.c,v
+retrieving revision 1.64.2.19
+diff -u -p -r1.64.2.19 udp_usrreq.c
+--- sys/netinet/udp_usrreq.c	9 Sep 2003 19:09:22 -0000	1.64.2.19
++++ sys/netinet/udp_usrreq.c	5 May 2005 05:39:39 -0000
+@@ -612,6 +612,7 @@ udp_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
diff --git a/share/security/patches/SA-05:08/kmem4.patch.asc b/share/security/patches/SA-05:08/kmem4.patch.asc
new file mode 100644
index 0000000000..0e60e43d30
--- /dev/null
+++ b/share/security/patches/SA-05:08/kmem4.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCes6AFdaIBMps37IRAmzdAJ96J4plDUjpX78ZZzdiaF1hv/+ARwCfZk+C
+SLWImNCCQgyOCr41cDM6U1M=
+=YHon
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:08/kmem4x.patch b/share/security/patches/SA-05:08/kmem4x.patch
new file mode 100644
index 0000000000..7148822abd
--- /dev/null
+++ b/share/security/patches/SA-05:08/kmem4x.patch
@@ -0,0 +1,106 @@
+Index: sys/kern/vfs_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/vfs_subr.c,v
+retrieving revision 1.249.2.31
+diff -u -p -r1.249.2.31 vfs_subr.c
+--- sys/kern/vfs_subr.c	9 Aug 2003 16:21:20 -0000	1.249.2.31
++++ sys/kern/vfs_subr.c	5 May 2005 05:39:37 -0000
+@@ -2302,6 +2302,7 @@ sysctl_ovfs_conf(SYSCTL_HANDLER_ARGS)
+ 	struct ovfsconf ovfs;
+ 
+ 	for (vfsp = vfsconf; vfsp; vfsp = vfsp->vfc_next) {
++		bzero(&ovfs, sizeof(ovfs));
+ 		ovfs.vfc_vfsops = vfsp->vfc_vfsops;	/* XXX used as flag */
+ 		strcpy(ovfs.vfc_name, vfsp->vfc_name);
+ 		ovfs.vfc_index = vfsp->vfc_typenum;
+Index: sys/net/if_mib.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/if_mib.c,v
+retrieving revision 1.8.2.2
+diff -u -p -r1.8.2.2 if_mib.c
+--- sys/net/if_mib.c	4 May 2004 10:52:54 -0000	1.8.2.2
++++ sys/net/if_mib.c	5 May 2005 05:39:37 -0000
+@@ -91,6 +91,7 @@ sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XX
+ 		return ENOENT;
+ 
+ 	case IFDATA_GENERAL:
++		bzero(&ifmd, sizeof(ifmd));
+ 		ifnlen = snprintf(workbuf, sizeof(workbuf),
+ 		    "%s%d", ifp->if_name, ifp->if_unit);
+ 		if(ifnlen + 1 > sizeof ifmd.ifmd_name) {
+Index: sys/netinet/ip_divert.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_divert.c,v
+retrieving revision 1.42.2.7
+diff -u -p -r1.42.2.7 ip_divert.c
+--- sys/netinet/ip_divert.c	1 Dec 2004 11:16:04 -0000	1.42.2.7
++++ sys/netinet/ip_divert.c	5 May 2005 05:39:37 -0000
+@@ -478,6 +478,7 @@ div_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
+Index: sys/netinet/raw_ip.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v
+retrieving revision 1.64.2.19
+diff -u -p -r1.64.2.19 raw_ip.c
+--- sys/netinet/raw_ip.c	16 Jun 2004 06:57:49 -0000	1.64.2.19
++++ sys/netinet/raw_ip.c	5 May 2005 05:39:38 -0000
+@@ -686,6 +686,7 @@ rip_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
+Index: sys/netinet/udp_usrreq.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/udp_usrreq.c,v
+retrieving revision 1.64.2.19
+diff -u -p -r1.64.2.19 udp_usrreq.c
+--- sys/netinet/udp_usrreq.c	9 Sep 2003 19:09:22 -0000	1.64.2.19
++++ sys/netinet/udp_usrreq.c	5 May 2005 05:39:39 -0000
+@@ -612,6 +612,7 @@ udp_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
+Index: sys/kern/uipc_usrreq.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/uipc_usrreq.c,v
+retrieving revision 1.54.2.10
+diff -u -p -r1.54.2.10 uipc_usrreq.c
+--- sys/kern/uipc_usrreq.c	4 Mar 2003 17:28:09 -0000	1.54.2.10
++++ sys/kern/uipc_usrreq.c	7 May 2005 10:39:59 -0000
+@@ -849,6 +849,7 @@ unp_pcblist(SYSCTL_HANDLER_ARGS)
+ 		unp = unp_list[i];
+ 		if (unp->unp_gencnt <= gencnt) {
+ 			struct xunpcb xu;
++			bzero(&xu, sizeof(xu));
+ 			xu.xu_len = sizeof xu;
+ 			xu.xu_unpp = unp;
+ 			/*
+Index: sys/netinet/tcp_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v
+retrieving revision 1.225
+diff -u -p -r1.225 tcp_subr.c
+--- sys/netinet/tcp_subr.c	4 May 2005 13:48:44 -0000	1.225
++++ sys/netinet/tcp_subr.c	6 May 2005 23:56:23 -0000
+@@ -941,6 +941,8 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS)
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xtcpcb xt;
+ 			caddr_t inp_ppcb;
++
++			bzero(&xt, sizeof(xt));
+ 			xt.xt_len = sizeof xt;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xt.xt_inp, sizeof *inp);
diff --git a/share/security/patches/SA-05:08/kmem4x.patch.asc b/share/security/patches/SA-05:08/kmem4x.patch.asc
new file mode 100644
index 0000000000..28b3d703f6
--- /dev/null
+++ b/share/security/patches/SA-05:08/kmem4x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCfe6eFdaIBMps37IRAsxJAKCPTfuZBxDpd1tuUYNtyrAUdF6+vgCeM9zF
+Oa5t6LYcvOcBDXmrFdyxPA0=
+=LCSp
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:08/kmem5.patch b/share/security/patches/SA-05:08/kmem5.patch
new file mode 100644
index 0000000000..aa0e55a1e1
--- /dev/null
+++ b/share/security/patches/SA-05:08/kmem5.patch
@@ -0,0 +1,122 @@
+Index: sys/kern/subr_bus.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/subr_bus.c,v
+retrieving revision 1.156.2.6
+diff -u -p -r1.156.2.6 subr_bus.c
+--- sys/kern/subr_bus.c	14 Apr 2005 04:54:15 -0000	1.156.2.6
++++ sys/kern/subr_bus.c	5 May 2005 04:27:26 -0000
+@@ -3785,6 +3785,7 @@ sysctl_devices(SYSCTL_HANDLER_ARGS)
+ 	/*
+ 	 * Populate the return array.
+ 	 */
++	bzero(&udev, sizeof(udev));
+ 	udev.dv_handle = (uintptr_t)dev;
+ 	udev.dv_parent = (uintptr_t)dev->parent;
+ 	if (dev->nameunit == NULL)
+@@ -3856,6 +3857,7 @@ sysctl_rman(SYSCTL_HANDLER_ARGS)
+ 	 * resource manager.
+ 	 */
+ 	if (res_idx == -1) {
++		bzero(&urm, sizeof(urm));
+ 		urm.rm_handle = (uintptr_t)rm;
+ 		strlcpy(urm.rm_descr, rm->rm_descr, RM_TEXTLEN);
+ 		urm.rm_start = rm->rm_start;
+@@ -3871,6 +3873,7 @@ sysctl_rman(SYSCTL_HANDLER_ARGS)
+ 	 */
+ 	TAILQ_FOREACH(res, &rm->rm_list, r_link) {
+ 		if (res_idx-- == 0) {
++			bzero(&ures, sizeof(ures));
+ 			ures.r_handle = (uintptr_t)res;
+ 			ures.r_parent = (uintptr_t)res->r_rm;
+ 			ures.r_device = (uintptr_t)res->r_dev;
+Index: sys/kern/vfs_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/vfs_subr.c,v
+retrieving revision 1.522.2.4
+diff -u -p -r1.522.2.4 vfs_subr.c
+--- sys/kern/vfs_subr.c	1 Mar 2005 11:32:31 -0000	1.522.2.4
++++ sys/kern/vfs_subr.c	5 May 2005 04:27:32 -0000
+@@ -2895,6 +2895,7 @@ sysctl_vfs_conflist(SYSCTL_HANDLER_ARGS)
+ 
+ 	error = 0;
+ 	TAILQ_FOREACH(vfsp, &vfsconf, vfc_list) {
++		bzero(&xvfsp, sizeof(xvfsp));
+ 		vfsconf2x(vfsp, &xvfsp);
+ 		error = SYSCTL_OUT(req, &xvfsp, sizeof xvfsp);
+ 		if (error)
+@@ -2939,6 +2940,7 @@ vfs_sysctl(SYSCTL_HANDLER_ARGS)
+ 				break;
+ 		if (vfsp == NULL)
+ 			return (EOPNOTSUPP);
++		bzero(&xvfsp, sizeof(xvfsp));
+ 		vfsconf2x(vfsp, &xvfsp);
+ 		return (SYSCTL_OUT(req, &xvfsp, sizeof(xvfsp)));
+ 	}
+@@ -2958,6 +2960,7 @@ sysctl_ovfs_conf(SYSCTL_HANDLER_ARGS)
+ 	struct ovfsconf ovfs;
+ 
+ 	TAILQ_FOREACH(vfsp, &vfsconf, vfc_list) {
++		bzero(&ovfs, sizeof(ovfs));
+ 		ovfs.vfc_vfsops = vfsp->vfc_vfsops;	/* XXX used as flag */
+ 		strcpy(ovfs.vfc_name, vfsp->vfc_name);
+ 		ovfs.vfc_index = vfsp->vfc_typenum;
+Index: sys/net/if_mib.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/if_mib.c,v
+retrieving revision 1.13.4.1
+diff -u -p -r1.13.4.1 if_mib.c
+--- sys/net/if_mib.c	31 Jan 2005 23:26:23 -0000	1.13.4.1
++++ sys/net/if_mib.c	5 May 2005 04:27:33 -0000
+@@ -90,6 +90,7 @@ sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XX
+ 		return ENOENT;
+ 
+ 	case IFDATA_GENERAL:
++		bzero(&ifmd, sizeof(ifmd));
+ 		strlcpy(ifmd.ifmd_name, ifp->if_xname, sizeof(ifmd.ifmd_name));
+ 
+ #define COPY(fld) ifmd.ifmd_##fld = ifp->if_##fld
+Index: sys/netinet/ip_divert.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_divert.c,v
+retrieving revision 1.98.2.2
+diff -u -p -r1.98.2.2 ip_divert.c
+--- sys/netinet/ip_divert.c	31 Jan 2005 23:26:35 -0000	1.98.2.2
++++ sys/netinet/ip_divert.c	5 May 2005 04:27:34 -0000
+@@ -567,6 +567,7 @@ div_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
+Index: sys/netinet/raw_ip.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v
+retrieving revision 1.142.2.4
+diff -u -p -r1.142.2.4 raw_ip.c
+--- sys/netinet/raw_ip.c	4 Feb 2005 03:22:06 -0000	1.142.2.4
++++ sys/netinet/raw_ip.c	5 May 2005 04:27:35 -0000
+@@ -847,6 +847,7 @@ rip_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
+Index: sys/netinet/udp_usrreq.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/udp_usrreq.c,v
+retrieving revision 1.162.2.7
+diff -u -p -r1.162.2.7 udp_usrreq.c
+--- sys/netinet/udp_usrreq.c	28 Feb 2005 10:16:23 -0000	1.162.2.7
++++ sys/netinet/udp_usrreq.c	5 May 2005 04:27:37 -0000
+@@ -611,6 +611,7 @@ udp_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
diff --git a/share/security/patches/SA-05:08/kmem5.patch.asc b/share/security/patches/SA-05:08/kmem5.patch.asc
new file mode 100644
index 0000000000..0b7a402233
--- /dev/null
+++ b/share/security/patches/SA-05:08/kmem5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCes6FFdaIBMps37IRAmUVAKCRyKtMYgjGJcQCwju8wlz3aCAeqQCfUwES
+BiIZ86Aee/u6JRmvOWJNptY=
+=wpTH
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:08/kmem5x.patch b/share/security/patches/SA-05:08/kmem5x.patch
new file mode 100644
index 0000000000..42e81a3d61
--- /dev/null
+++ b/share/security/patches/SA-05:08/kmem5x.patch
@@ -0,0 +1,154 @@
+Index: sys/kern/subr_bus.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/subr_bus.c,v
+retrieving revision 1.156.2.6
+diff -u -p -r1.156.2.6 subr_bus.c
+--- sys/kern/subr_bus.c	14 Apr 2005 04:54:15 -0000	1.156.2.6
++++ sys/kern/subr_bus.c	5 May 2005 04:27:26 -0000
+@@ -3785,6 +3785,7 @@ sysctl_devices(SYSCTL_HANDLER_ARGS)
+ 	/*
+ 	 * Populate the return array.
+ 	 */
++	bzero(&udev, sizeof(udev));
+ 	udev.dv_handle = (uintptr_t)dev;
+ 	udev.dv_parent = (uintptr_t)dev->parent;
+ 	if (dev->nameunit == NULL)
+@@ -3856,6 +3857,7 @@ sysctl_rman(SYSCTL_HANDLER_ARGS)
+ 	 * resource manager.
+ 	 */
+ 	if (res_idx == -1) {
++		bzero(&urm, sizeof(urm));
+ 		urm.rm_handle = (uintptr_t)rm;
+ 		strlcpy(urm.rm_descr, rm->rm_descr, RM_TEXTLEN);
+ 		urm.rm_start = rm->rm_start;
+@@ -3871,6 +3873,7 @@ sysctl_rman(SYSCTL_HANDLER_ARGS)
+ 	 */
+ 	TAILQ_FOREACH(res, &rm->rm_list, r_link) {
+ 		if (res_idx-- == 0) {
++			bzero(&ures, sizeof(ures));
+ 			ures.r_handle = (uintptr_t)res;
+ 			ures.r_parent = (uintptr_t)res->r_rm;
+ 			ures.r_device = (uintptr_t)res->r_dev;
+Index: sys/kern/vfs_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/vfs_subr.c,v
+retrieving revision 1.522.2.4
+diff -u -p -r1.522.2.4 vfs_subr.c
+--- sys/kern/vfs_subr.c	1 Mar 2005 11:32:31 -0000	1.522.2.4
++++ sys/kern/vfs_subr.c	5 May 2005 04:27:32 -0000
+@@ -2895,6 +2895,7 @@ sysctl_vfs_conflist(SYSCTL_HANDLER_ARGS)
+ 
+ 	error = 0;
+ 	TAILQ_FOREACH(vfsp, &vfsconf, vfc_list) {
++		bzero(&xvfsp, sizeof(xvfsp));
+ 		vfsconf2x(vfsp, &xvfsp);
+ 		error = SYSCTL_OUT(req, &xvfsp, sizeof xvfsp);
+ 		if (error)
+@@ -2939,6 +2940,7 @@ vfs_sysctl(SYSCTL_HANDLER_ARGS)
+ 				break;
+ 		if (vfsp == NULL)
+ 			return (EOPNOTSUPP);
++		bzero(&xvfsp, sizeof(xvfsp));
+ 		vfsconf2x(vfsp, &xvfsp);
+ 		return (SYSCTL_OUT(req, &xvfsp, sizeof(xvfsp)));
+ 	}
+@@ -2958,6 +2960,7 @@ sysctl_ovfs_conf(SYSCTL_HANDLER_ARGS)
+ 	struct ovfsconf ovfs;
+ 
+ 	TAILQ_FOREACH(vfsp, &vfsconf, vfc_list) {
++		bzero(&ovfs, sizeof(ovfs));
+ 		ovfs.vfc_vfsops = vfsp->vfc_vfsops;	/* XXX used as flag */
+ 		strcpy(ovfs.vfc_name, vfsp->vfc_name);
+ 		ovfs.vfc_index = vfsp->vfc_typenum;
+Index: sys/net/if_mib.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/if_mib.c,v
+retrieving revision 1.13.4.1
+diff -u -p -r1.13.4.1 if_mib.c
+--- sys/net/if_mib.c	31 Jan 2005 23:26:23 -0000	1.13.4.1
++++ sys/net/if_mib.c	5 May 2005 04:27:33 -0000
+@@ -90,6 +90,7 @@ sysctl_ifdata(SYSCTL_HANDLER_ARGS) /* XX
+ 		return ENOENT;
+ 
+ 	case IFDATA_GENERAL:
++		bzero(&ifmd, sizeof(ifmd));
+ 		strlcpy(ifmd.ifmd_name, ifp->if_xname, sizeof(ifmd.ifmd_name));
+ 
+ #define COPY(fld) ifmd.ifmd_##fld = ifp->if_##fld
+Index: sys/netinet/ip_divert.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_divert.c,v
+retrieving revision 1.98.2.2
+diff -u -p -r1.98.2.2 ip_divert.c
+--- sys/netinet/ip_divert.c	31 Jan 2005 23:26:35 -0000	1.98.2.2
++++ sys/netinet/ip_divert.c	5 May 2005 04:27:34 -0000
+@@ -567,6 +567,7 @@ div_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
+Index: sys/netinet/raw_ip.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/raw_ip.c,v
+retrieving revision 1.142.2.4
+diff -u -p -r1.142.2.4 raw_ip.c
+--- sys/netinet/raw_ip.c	4 Feb 2005 03:22:06 -0000	1.142.2.4
++++ sys/netinet/raw_ip.c	5 May 2005 04:27:35 -0000
+@@ -847,6 +847,7 @@ rip_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
+Index: sys/netinet/udp_usrreq.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/udp_usrreq.c,v
+retrieving revision 1.162.2.7
+diff -u -p -r1.162.2.7 udp_usrreq.c
+--- sys/netinet/udp_usrreq.c	28 Feb 2005 10:16:23 -0000	1.162.2.7
++++ sys/netinet/udp_usrreq.c	5 May 2005 04:27:37 -0000
+@@ -611,6 +611,7 @@ udp_pcblist(SYSCTL_HANDLER_ARGS)
+ 		inp = inp_list[i];
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xinpcb xi;
++			bzero(&xi, sizeof(xi));
+ 			xi.xi_len = sizeof xi;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xi.xi_inp, sizeof *inp);
+Index: sys/kern/uipc_usrreq.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/uipc_usrreq.c,v
+retrieving revision 1.154
+diff -u -p -r1.154 uipc_usrreq.c
+--- sys/kern/uipc_usrreq.c	25 Apr 2005 00:48:04 -0000	1.154
++++ sys/kern/uipc_usrreq.c	6 May 2005 23:56:22 -0000
+@@ -1175,7 +1175,7 @@ unp_pcblist(SYSCTL_HANDLER_ARGS)
+ 	n = i;			/* in case we lost some during malloc */
+ 
+ 	error = 0;
+-	xu = malloc(sizeof(*xu), M_TEMP, M_WAITOK);
++	xu = malloc(sizeof(*xu), M_TEMP, M_WAITOK | M_ZERO);
+ 	for (i = 0; i < n; i++) {
+ 		unp = unp_list[i];
+ 		if (unp->unp_gencnt <= gencnt) {
+Index: sys/netinet/tcp_subr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_subr.c,v
+retrieving revision 1.225
+diff -u -p -r1.225 tcp_subr.c
+--- sys/netinet/tcp_subr.c	4 May 2005 13:48:44 -0000	1.225
++++ sys/netinet/tcp_subr.c	6 May 2005 23:56:23 -0000
+@@ -941,6 +941,8 @@ tcp_pcblist(SYSCTL_HANDLER_ARGS)
+ 		if (inp->inp_gencnt <= gencnt) {
+ 			struct xtcpcb xt;
+ 			caddr_t inp_ppcb;
++
++			bzero(&xt, sizeof(xt));
+ 			xt.xt_len = sizeof xt;
+ 			/* XXX should avoid extra copy */
+ 			bcopy(inp, &xt.xt_inp, sizeof *inp);
diff --git a/share/security/patches/SA-05:08/kmem5x.patch.asc b/share/security/patches/SA-05:08/kmem5x.patch.asc
new file mode 100644
index 0000000000..35a4cfcf8f
--- /dev/null
+++ b/share/security/patches/SA-05:08/kmem5x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCfe6lFdaIBMps37IRAmy8AKCc2R2aXzWeD6IC5WfkQ9Ckocfu8QCdFdRR
++RJokM42tXpFttgSGegE7mU=
+=2WA5
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:09/htt410.patch b/share/security/patches/SA-05:09/htt410.patch
new file mode 100644
index 0000000000..e481de0d0c
--- /dev/null
+++ b/share/security/patches/SA-05:09/htt410.patch
@@ -0,0 +1,184 @@
+Index: sys/i386/i386/mp_machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/i386/mp_machdep.c,v
+retrieving revision 1.115.2.20
+diff -u -p -r1.115.2.20 mp_machdep.c
+--- sys/i386/i386/mp_machdep.c	16 Dec 2003 16:32:28 -0000	1.115.2.20
++++ sys/i386/i386/mp_machdep.c	12 May 2005 19:02:40 -0000
+@@ -342,6 +342,9 @@ static int	apic_int_is_bus_type(int intr
+ 
+ static int	hlt_cpus_mask;
+ static int	hlt_logical_cpus = 1;
++static u_int	hyperthreading_cpus;
++static u_int	hyperthreading_cpus_mask;
++static int	hyperthreading_allowed;
+ static struct	sysctl_ctx_list logical_cpu_clist;
+ 
+ /*
+@@ -982,6 +985,9 @@ mptable_pass2(void)
+ 					proc.apic_id++;
+ 					(void)processor_entry(&proc, cpu);
+ 					logical_cpus_mask |= (1 << cpu);
++					if (hyperthreading_cpus > 1 &&
++					    proc.apic_id % hyperthreading_cpus != 0)
++						hyperthreading_cpus_mask |= (1 << cpu);
+ 					cpu++;
+ 				}
+ 			}
+@@ -1033,6 +1039,7 @@ static void
+ mptable_hyperthread_fixup(u_int id_mask)
+ {
+ 	u_int i, id;
++	u_int threads_per_cache, p[4];
+ 
+ 	/* Nothing to do if there is no HTT support. */
+ 	if ((cpu_feature & CPUID_HTT) == 0)
+@@ -1042,6 +1049,48 @@ mptable_hyperthread_fixup(u_int id_mask)
+ 		return;
+ 
+ 	/*
++	 * Work out if hyperthreading is *really* enabled.  This
++	 * is made really ugly by the fact that processors lie: Dual
++	 * core processors claim to be hyperthreaded even when they're
++	 * not, presumably because they want to be treated the same
++	 * way as HTT with respect to per-cpu software licensing.
++	 * At the time of writing (May 12, 2005) the only hyperthreaded
++	 * cpus are from Intel, and Intel's dual-core processors can be
++	 * identified via the "deterministic cache parameters" cpuid
++	 * calls.
++	 */
++	/*
++	 * First determine if this is an Intel processor which claims
++	 * to have hyperthreading support.
++	 */
++	if ((cpu_feature & CPUID_HTT) &&
++	    (strcmp(cpu_vendor, "GenuineIntel") == 0)) {
++		/*
++		 * If the "deterministic cache parameters" cpuid calls
++		 * are available, use them.
++		 */
++		if (cpu_high >= 4) {
++			/* Ask the processor about up to 32 caches. */
++			for (i = 0; i < 32; i++) {
++				cpuid_count(4, i, p);
++				threads_per_cache = ((p[0] & 0x3ffc000) >> 14) + 1;
++				if (hyperthreading_cpus < threads_per_cache)
++					hyperthreading_cpus = threads_per_cache;
++				if ((p[0] & 0x1f) == 0)
++					break;
++			}
++		}
++
++		/*
++		 * If the deterministic cache parameters are not
++		 * available, or if no caches were reported to exist,
++		 * just accept what the HTT flag indicated.
++		 */
++		if (hyperthreading_cpus == 0)
++			hyperthreading_cpus = logical_cpus;
++	}
++
++	/*
+ 	 * For each APIC ID of a CPU that is set in the mask,
+ 	 * scan the other candidate APIC ID's for this
+ 	 * physical processor.  If any of those ID's are
+@@ -3035,6 +3084,9 @@ sysctl_htl_cpus(SYSCTL_HANDLER_ARGS)
+ 	else
+ 		hlt_logical_cpus = 0;
+ 
++	if (! hyperthreading_allowed)
++		mask |= hyperthreading_cpus_mask;
++
+ 	if ((mask & all_cpus) == all_cpus)
+ 		mask &= ~(1<<0);
+ 	hlt_cpus_mask = mask;
+@@ -3058,6 +3110,9 @@ sysctl_hlt_logical_cpus(SYSCTL_HANDLER_A
+ 	else
+ 		hlt_cpus_mask &= ~logical_cpus_mask;
+ 
++	if (! hyperthreading_allowed)
++		hlt_cpus_mask |= hyperthreading_cpus_mask;
++
+ 	if ((hlt_cpus_mask & all_cpus) == all_cpus)
+ 		hlt_cpus_mask &= ~(1<<0);
+ 
+@@ -3065,6 +3120,34 @@ sysctl_hlt_logical_cpus(SYSCTL_HANDLER_A
+ 	return (error);
+ }
+ 
++static int
++sysctl_hyperthreading_allowed(SYSCTL_HANDLER_ARGS)
++{
++	int allowed, error;
++
++	allowed = hyperthreading_allowed;
++	error = sysctl_handle_int(oidp, &allowed, 0, req);
++	if (error || !req->newptr)
++		return (error);
++
++	if (allowed)
++		hlt_cpus_mask &= ~hyperthreading_cpus_mask;
++	else
++		hlt_cpus_mask |= hyperthreading_cpus_mask;
++
++	if (logical_cpus_mask != 0 &&
++	    (hlt_cpus_mask & logical_cpus_mask) == logical_cpus_mask)
++		hlt_logical_cpus = 1;
++	else
++		hlt_logical_cpus = 0;
++
++	if ((hlt_cpus_mask & all_cpus) == all_cpus)
++		hlt_cpus_mask &= ~(1<<0);
++
++	hyperthreading_allowed = allowed;
++	return (error);
++}
++
+ static void
+ cpu_hlt_setup(void *dummy __unused)
+ {
+@@ -3084,6 +3167,22 @@ cpu_hlt_setup(void *dummy __unused)
+ 
+ 		if (hlt_logical_cpus)
+ 			hlt_cpus_mask |= logical_cpus_mask;
++
++		/*
++		 * If necessary for security purposes, force
++		 * hyperthreading off, regardless of the value
++		 * of hlt_logical_cpus.
++		 */
++		if (hyperthreading_cpus_mask) {
++			TUNABLE_INT_FETCH("machdep.hyperthreading_allowed",
++			    &hyperthreading_allowed);
++			SYSCTL_ADD_PROC(&logical_cpu_clist,
++			    SYSCTL_STATIC_CHILDREN(_machdep), OID_AUTO,
++			    "hyperthreading_allowed", CTLTYPE_INT|CTLFLAG_RW,
++			    0, 0, sysctl_hyperthreading_allowed, "IU", "");
++			if (! hyperthreading_allowed)
++				hlt_cpus_mask |= hyperthreading_cpus_mask;
++		}
+ 	}
+ }
+ SYSINIT(cpu_hlt, SI_SUB_SMP, SI_ORDER_ANY, cpu_hlt_setup, NULL);
+Index: sys/i386/include/cpufunc.h
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/include/cpufunc.h,v
+retrieving revision 1.96.2.3
+diff -u -p -r1.96.2.3 cpufunc.h
+--- sys/i386/include/cpufunc.h	28 Apr 2002 22:50:54 -0000	1.96.2.3
++++ sys/i386/include/cpufunc.h	12 May 2005 19:02:40 -0000
+@@ -103,6 +103,14 @@ do_cpuid(u_int ax, u_int *p)
+ }
+ 
+ static __inline void
++cpuid_count(u_int ax, u_int cx, u_int *p)
++{
++	__asm __volatile("cpuid"
++			 : "=a" (p[0]), "=b" (p[1]), "=c" (p[2]), "=d" (p[3])
++			 :  "0" (ax), "c" (cx));
++}
++
++static __inline void
+ enable_intr(void)
+ {
+ #ifdef SMP
diff --git a/share/security/patches/SA-05:09/htt410.patch.asc b/share/security/patches/SA-05:09/htt410.patch.asc
new file mode 100644
index 0000000000..2263ebc4f4
--- /dev/null
+++ b/share/security/patches/SA-05:09/htt410.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (Darwin)
+
+iD8DBQBCg+sjFdaIBMps37IRAi4BAJ9MvR7LDEbEbABgub9Y7E/tMMhuDgCgmi4X
+NnKz8+IJEF1KbCmkvu+6BoM=
+=+4Iz
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:09/htt411.patch b/share/security/patches/SA-05:09/htt411.patch
new file mode 100644
index 0000000000..71b4be72dc
--- /dev/null
+++ b/share/security/patches/SA-05:09/htt411.patch
@@ -0,0 +1,194 @@
+Index: sys/i386/i386/mp_machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/i386/mp_machdep.c,v
+retrieving revision 1.115.2.22
+diff -u -p -r1.115.2.22 mp_machdep.c
+--- sys/i386/i386/mp_machdep.c	2 Jun 2004 14:42:59 -0000	1.115.2.22
++++ sys/i386/i386/mp_machdep.c	12 May 2005 17:46:35 -0000
+@@ -342,6 +342,9 @@ static int	apic_int_is_bus_type(int intr
+ 
+ static int	hlt_cpus_mask;
+ static int	hlt_logical_cpus = 1;
++static u_int	hyperthreading_cpus;
++static u_int	hyperthreading_cpus_mask;
++static int	hyperthreading_allowed;
+ static struct	sysctl_ctx_list logical_cpu_clist;
+ 
+ /*
+@@ -982,6 +985,9 @@ mptable_pass2(void)
+ 					proc.apic_id++;
+ 					(void)processor_entry(&proc, cpu);
+ 					logical_cpus_mask |= (1 << cpu);
++					if (hyperthreading_cpus > 1 &&
++					    proc.apic_id % hyperthreading_cpus != 0)
++						hyperthreading_cpus_mask |= (1 << cpu);
+ 					cpu++;
+ 				}
+ 			} else if (logical_cpus != 0) {
+@@ -993,6 +999,9 @@ mptable_pass2(void)
+ 				 */
+ 				if (id % logical_cpus != 0)
+ 					logical_cpus_mask |= (1 << ID_TO_CPU(id));
++				if (hyperthreading_cpus > 1 &&
++				    id % hyperthreading_cpus != 0)
++					hyperthreading_cpus_mask |= (1 << ID_TO_CPU(id));
+ 			}
+ 			break;
+ 		case 1:
+@@ -1042,6 +1051,7 @@ static void
+ mptable_hyperthread_fixup(u_int id_mask)
+ {
+ 	u_int i, id;
++	u_int threads_per_cache, p[4];
+ 
+ 	/* Nothing to do if there is no HTT support. */
+ 	if ((cpu_feature & CPUID_HTT) == 0)
+@@ -1051,6 +1061,48 @@ mptable_hyperthread_fixup(u_int id_mask)
+ 		return;
+ 
+ 	/*
++	 * Work out if hyperthreading is *really* enabled.  This
++	 * is made really ugly by the fact that processors lie: Dual
++	 * core processors claim to be hyperthreaded even when they're
++	 * not, presumably because they want to be treated the same
++	 * way as HTT with respect to per-cpu software licensing.
++	 * At the time of writing (May 12, 2005) the only hyperthreaded
++	 * cpus are from Intel, and Intel's dual-core processors can be
++	 * identified via the "deterministic cache parameters" cpuid
++	 * calls.
++	 */
++	/*
++	 * First determine if this is an Intel processor which claims
++	 * to have hyperthreading support.
++	 */
++	if ((cpu_feature & CPUID_HTT) &&
++	    (strcmp(cpu_vendor, "GenuineIntel") == 0)) {
++		/*
++		 * If the "deterministic cache parameters" cpuid calls
++		 * are available, use them.
++		 */
++		if (cpu_high >= 4) {
++			/* Ask the processor about up to 32 caches. */
++			for (i = 0; i < 32; i++) {
++				cpuid_count(4, i, p);
++				threads_per_cache = ((p[0] & 0x3ffc000) >> 14) + 1;
++				if (hyperthreading_cpus < threads_per_cache)
++					hyperthreading_cpus = threads_per_cache;
++				if ((p[0] & 0x1f) == 0)
++					break;
++			}
++		}
++
++		/*
++		 * If the deterministic cache parameters are not
++		 * available, or if no caches were reported to exist,
++		 * just accept what the HTT flag indicated.
++		 */
++		if (hyperthreading_cpus == 0)
++			hyperthreading_cpus = logical_cpus;
++	}
++
++	/*
+ 	 * For each APIC ID of a CPU that is set in the mask,
+ 	 * scan the other candidate APIC ID's for this
+ 	 * physical processor.  If any of those ID's are
+@@ -3044,6 +3096,9 @@ sysctl_htl_cpus(SYSCTL_HANDLER_ARGS)
+ 	else
+ 		hlt_logical_cpus = 0;
+ 
++	if (! hyperthreading_allowed)
++		mask |= hyperthreading_cpus_mask;
++
+ 	if ((mask & all_cpus) == all_cpus)
+ 		mask &= ~(1<<0);
+ 	hlt_cpus_mask = mask;
+@@ -3067,6 +3122,9 @@ sysctl_hlt_logical_cpus(SYSCTL_HANDLER_A
+ 	else
+ 		hlt_cpus_mask &= ~logical_cpus_mask;
+ 
++	if (! hyperthreading_allowed)
++		hlt_cpus_mask |= hyperthreading_cpus_mask;
++
+ 	if ((hlt_cpus_mask & all_cpus) == all_cpus)
+ 		hlt_cpus_mask &= ~(1<<0);
+ 
+@@ -3074,6 +3132,34 @@ sysctl_hlt_logical_cpus(SYSCTL_HANDLER_A
+ 	return (error);
+ }
+ 
++static int
++sysctl_hyperthreading_allowed(SYSCTL_HANDLER_ARGS)
++{
++	int allowed, error;
++
++	allowed = hyperthreading_allowed;
++	error = sysctl_handle_int(oidp, &allowed, 0, req);
++	if (error || !req->newptr)
++		return (error);
++
++	if (allowed)
++		hlt_cpus_mask &= ~hyperthreading_cpus_mask;
++	else
++		hlt_cpus_mask |= hyperthreading_cpus_mask;
++
++	if (logical_cpus_mask != 0 &&
++	    (hlt_cpus_mask & logical_cpus_mask) == logical_cpus_mask)
++		hlt_logical_cpus = 1;
++	else
++		hlt_logical_cpus = 0;
++
++	if ((hlt_cpus_mask & all_cpus) == all_cpus)
++		hlt_cpus_mask &= ~(1<<0);
++
++	hyperthreading_allowed = allowed;
++	return (error);
++}
++
+ static void
+ cpu_hlt_setup(void *dummy __unused)
+ {
+@@ -3093,6 +3179,22 @@ cpu_hlt_setup(void *dummy __unused)
+ 
+ 		if (hlt_logical_cpus)
+ 			hlt_cpus_mask |= logical_cpus_mask;
++
++		/*
++		 * If necessary for security purposes, force
++		 * hyperthreading off, regardless of the value
++		 * of hlt_logical_cpus.
++		 */
++		if (hyperthreading_cpus_mask) {
++			TUNABLE_INT_FETCH("machdep.hyperthreading_allowed",
++			    &hyperthreading_allowed);
++			SYSCTL_ADD_PROC(&logical_cpu_clist,
++			    SYSCTL_STATIC_CHILDREN(_machdep), OID_AUTO,
++			    "hyperthreading_allowed", CTLTYPE_INT|CTLFLAG_RW,
++			    0, 0, sysctl_hyperthreading_allowed, "IU", "");
++			if (! hyperthreading_allowed)
++				hlt_cpus_mask |= hyperthreading_cpus_mask;
++		}
+ 	}
+ }
+ SYSINIT(cpu_hlt, SI_SUB_SMP, SI_ORDER_ANY, cpu_hlt_setup, NULL);
+Index: sys/i386/include/cpufunc.h
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/include/cpufunc.h,v
+retrieving revision 1.96.2.3
+diff -u -p -r1.96.2.3 cpufunc.h
+--- sys/i386/include/cpufunc.h	28 Apr 2002 22:50:54 -0000	1.96.2.3
++++ sys/i386/include/cpufunc.h	12 May 2005 17:46:35 -0000
+@@ -103,6 +103,14 @@ do_cpuid(u_int ax, u_int *p)
+ }
+ 
+ static __inline void
++cpuid_count(u_int ax, u_int cx, u_int *p)
++{
++	__asm __volatile("cpuid"
++			 : "=a" (p[0]), "=b" (p[1]), "=c" (p[2]), "=d" (p[3])
++			 :  "0" (ax), "c" (cx));
++}
++
++static __inline void
+ enable_intr(void)
+ {
+ #ifdef SMP
diff --git a/share/security/patches/SA-05:09/htt411.patch.asc b/share/security/patches/SA-05:09/htt411.patch.asc
new file mode 100644
index 0000000000..cda8c8631f
--- /dev/null
+++ b/share/security/patches/SA-05:09/htt411.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (Darwin)
+
+iD8DBQBCg+soFdaIBMps37IRAnCOAJ0SXzBowmVHM+cLbrsdb7RXHZxXqgCgnHLR
+2gDpuP38LdtvI9TxmvtaWaI=
+=38Go
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:09/htt5.patch b/share/security/patches/SA-05:09/htt5.patch
new file mode 100644
index 0000000000..56d2e396f7
--- /dev/null
+++ b/share/security/patches/SA-05:09/htt5.patch
@@ -0,0 +1,372 @@
+Index: sys/amd64/amd64/mp_machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/amd64/amd64/mp_machdep.c,v
+retrieving revision 1.242.2.10
+diff -u -p -r1.242.2.10 mp_machdep.c
+--- sys/amd64/amd64/mp_machdep.c	1 May 2005 05:34:45 -0000	1.242.2.10
++++ sys/amd64/amd64/mp_machdep.c	12 May 2005 15:22:54 -0000
+@@ -142,6 +142,9 @@ static int	start_ap(int apic_id);
+ static void	release_aps(void *dummy);
+ 
+ static int	hlt_logical_cpus;
++static u_int	hyperthreading_cpus;
++static cpumask_t	hyperthreading_cpus_mask;
++static int	hyperthreading_allowed;
+ static struct	sysctl_ctx_list logical_cpu_clist;
+ static u_int	bootMP_size;
+ 
+@@ -301,6 +304,7 @@ void
+ cpu_mp_start(void)
+ {
+ 	int i;
++	u_int threads_per_cache, p[4];
+ 
+ 	/* Initialize the logical ID to APIC ID table. */
+ 	for (i = 0; i < MAXCPU; i++) {
+@@ -340,6 +344,48 @@ cpu_mp_start(void)
+ 	if (cpu_feature & CPUID_HTT)
+ 		logical_cpus = (cpu_procinfo & CPUID_HTT_CORES) >> 16;
+ 
++	/*
++	 * Work out if hyperthreading is *really* enabled.  This
++	 * is made really ugly by the fact that processors lie: Dual
++	 * core processors claim to be hyperthreaded even when they're
++	 * not, presumably because they want to be treated the same
++	 * way as HTT with respect to per-cpu software licensing.
++	 * At the time of writing (May 12, 2005) the only hyperthreaded
++	 * cpus are from Intel, and Intel's dual-core processors can be
++	 * identified via the "deterministic cache parameters" cpuid
++	 * calls.
++	 */
++	/*
++	 * First determine if this is an Intel processor which claims
++	 * to have hyperthreading support.
++	 */
++	if ((cpu_feature & CPUID_HTT) &&
++	    (strcmp(cpu_vendor, "GenuineIntel") == 0)) {
++		/*
++		 * If the "deterministic cache parameters" cpuid calls
++		 * are available, use them.
++		 */
++		if (cpu_high >= 4) {
++			/* Ask the processor about up to 32 caches. */
++			for (i = 0; i < 32; i++) {
++				cpuid_count(4, i, p);
++				threads_per_cache = ((p[0] & 0x3ffc000) >> 14) + 1;
++				if (hyperthreading_cpus < threads_per_cache)
++					hyperthreading_cpus = threads_per_cache;
++				if ((p[0] & 0x1f) == 0)
++					break;
++			}
++		}
++
++		/*
++		 * If the deterministic cache parameters are not
++		 * available, or if no caches were reported to exist,
++		 * just accept what the HTT flag indicated.
++		 */
++		if (hyperthreading_cpus == 0)
++			hyperthreading_cpus = logical_cpus;
++	}
++
+ 	set_logical_apic_ids();
+ }
+ 
+@@ -474,6 +520,11 @@ init_secondary(void)
+ 	if (logical_cpus > 1 && PCPU_GET(apic_id) % logical_cpus != 0)
+ 		logical_cpus_mask |= PCPU_GET(cpumask);
+ 	
++	/* Determine if we are a hyperthread. */
++	if (hyperthreading_cpus > 1 &&
++	    PCPU_GET(apic_id) % hyperthreading_cpus != 0)
++		hyperthreading_cpus_mask |= PCPU_GET(cpumask);
++
+ 	/* Build our map of 'other' CPUs. */
+ 	PCPU_SET(other_cpus, all_cpus & ~PCPU_GET(cpumask));
+ 
+@@ -1148,6 +1199,9 @@ sysctl_hlt_cpus(SYSCTL_HANDLER_ARGS)
+ 	else
+ 		hlt_logical_cpus = 0;
+ 
++	if (! hyperthreading_allowed)
++		mask |= hyperthreading_cpus_mask;
++
+ 	if ((mask & all_cpus) == all_cpus)
+ 		mask &= ~(1<<0);
+ 	hlt_cpus_mask = mask;
+@@ -1172,6 +1226,9 @@ sysctl_hlt_logical_cpus(SYSCTL_HANDLER_A
+ 	else
+ 		hlt_cpus_mask &= ~logical_cpus_mask;
+ 
++	if (! hyperthreading_allowed)
++		hlt_cpus_mask |= hyperthreading_cpus_mask;
++
+ 	if ((hlt_cpus_mask & all_cpus) == all_cpus)
+ 		hlt_cpus_mask &= ~(1<<0);
+ 
+@@ -1179,6 +1236,34 @@ sysctl_hlt_logical_cpus(SYSCTL_HANDLER_A
+ 	return (error);
+ }
+ 
++static int
++sysctl_hyperthreading_allowed(SYSCTL_HANDLER_ARGS)
++{
++	int allowed, error;
++
++	allowed = hyperthreading_allowed;
++	error = sysctl_handle_int(oidp, &allowed, 0, req);
++	if (error || !req->newptr)
++		return (error);
++
++	if (allowed)
++		hlt_cpus_mask &= ~hyperthreading_cpus_mask;
++	else
++		hlt_cpus_mask |= hyperthreading_cpus_mask;
++
++	if (logical_cpus_mask != 0 &&
++	    (hlt_cpus_mask & logical_cpus_mask) == logical_cpus_mask)
++		hlt_logical_cpus = 1;
++	else
++		hlt_logical_cpus = 0;
++
++	if ((hlt_cpus_mask & all_cpus) == all_cpus)
++		hlt_cpus_mask &= ~(1<<0);
++
++	hyperthreading_allowed = allowed;
++	return (error);
++}
++
+ static void
+ cpu_hlt_setup(void *dummy __unused)
+ {
+@@ -1198,6 +1283,22 @@ cpu_hlt_setup(void *dummy __unused)
+ 
+ 		if (hlt_logical_cpus)
+ 			hlt_cpus_mask |= logical_cpus_mask;
++
++		/*
++		 * If necessary for security purposes, force
++		 * hyperthreading off, regardless of the value
++		 * of hlt_logical_cpus.
++		 */
++		if (hyperthreading_cpus_mask) {
++			TUNABLE_INT_FETCH("machdep.hyperthreading_allowed",
++			    &hyperthreading_allowed);
++			SYSCTL_ADD_PROC(&logical_cpu_clist,
++			    SYSCTL_STATIC_CHILDREN(_machdep), OID_AUTO,
++			    "hyperthreading_allowed", CTLTYPE_INT|CTLFLAG_RW,
++			    0, 0, sysctl_hyperthreading_allowed, "IU", "");
++			if (! hyperthreading_allowed)
++				hlt_cpus_mask |= hyperthreading_cpus_mask;
++		}
+ 	}
+ }
+ SYSINIT(cpu_hlt, SI_SUB_SMP, SI_ORDER_ANY, cpu_hlt_setup, NULL);
+Index: sys/amd64/include/cpufunc.h
+===================================================================
+RCS file: /home/ncvs/src/sys/amd64/include/cpufunc.h,v
+retrieving revision 1.145
+diff -u -p -r1.145 cpufunc.h
+--- sys/amd64/include/cpufunc.h	30 Jul 2004 16:44:29 -0000	1.145
++++ sys/amd64/include/cpufunc.h	12 May 2005 15:22:55 -0000
+@@ -110,6 +110,14 @@ do_cpuid(u_int ax, u_int *p)
+ }
+ 
+ static __inline void
++cpuid_count(u_int ax, u_int cx, u_int *p)
++{
++	__asm __volatile("cpuid"
++			 : "=a" (p[0]), "=b" (p[1]), "=c" (p[2]), "=d" (p[3])
++			 :  "0" (ax), "c" (cx));
++}
++
++static __inline void
+ enable_intr(void)
+ {
+ 	__asm __volatile("sti");
+Index: sys/i386/i386/mp_machdep.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/i386/mp_machdep.c,v
+retrieving revision 1.235.2.9
+diff -u -p -r1.235.2.9 mp_machdep.c
+--- sys/i386/i386/mp_machdep.c	1 May 2005 05:34:46 -0000	1.235.2.9
++++ sys/i386/i386/mp_machdep.c	12 May 2005 15:22:55 -0000
+@@ -217,6 +217,9 @@ static int	start_ap(int apic_id);
+ static void	release_aps(void *dummy);
+ 
+ static int	hlt_logical_cpus;
++static u_int	hyperthreading_cpus;
++static cpumask_t	hyperthreading_cpus_mask;
++static int	hyperthreading_allowed;
+ static struct	sysctl_ctx_list logical_cpu_clist;
+ 
+ static void
+@@ -353,6 +356,7 @@ void
+ cpu_mp_start(void)
+ {
+ 	int i;
++	u_int threads_per_cache, p[4];
+ 
+ 	POSTCODE(MP_START_POST);
+ 
+@@ -404,6 +408,48 @@ cpu_mp_start(void)
+ 	if (cpu_feature & CPUID_HTT)
+ 		logical_cpus = (cpu_procinfo & CPUID_HTT_CORES) >> 16;
+ 
++	/*
++	 * Work out if hyperthreading is *really* enabled.  This
++	 * is made really ugly by the fact that processors lie: Dual
++	 * core processors claim to be hyperthreaded even when they're
++	 * not, presumably because they want to be treated the same
++	 * way as HTT with respect to per-cpu software licensing.
++	 * At the time of writing (May 12, 2005) the only hyperthreaded
++	 * cpus are from Intel, and Intel's dual-core processors can be
++	 * identified via the "deterministic cache parameters" cpuid
++	 * calls.
++	 */
++	/*
++	 * First determine if this is an Intel processor which claims
++	 * to have hyperthreading support.
++	 */
++	if ((cpu_feature & CPUID_HTT) &&
++	    (strcmp(cpu_vendor, "GenuineIntel") == 0)) {
++		/*
++		 * If the "deterministic cache parameters" cpuid calls
++		 * are available, use them.
++		 */
++		if (cpu_high >= 4) {
++			/* Ask the processor about up to 32 caches. */
++			for (i = 0; i < 32; i++) {
++				cpuid_count(4, i, p);
++				threads_per_cache = ((p[0] & 0x3ffc000) >> 14) + 1;
++				if (hyperthreading_cpus < threads_per_cache)
++					hyperthreading_cpus = threads_per_cache;
++				if ((p[0] & 0x1f) == 0)
++					break;
++			}
++		}
++
++		/*
++		 * If the deterministic cache parameters are not
++		 * available, or if no caches were reported to exist,
++		 * just accept what the HTT flag indicated.
++		 */
++		if (hyperthreading_cpus == 0)
++			hyperthreading_cpus = logical_cpus;
++	}
++
+ 	set_logical_apic_ids();
+ }
+ 
+@@ -539,6 +585,11 @@ init_secondary(void)
+ 	if (logical_cpus > 1 && PCPU_GET(apic_id) % logical_cpus != 0)
+ 		logical_cpus_mask |= PCPU_GET(cpumask);
+ 	
++	/* Determine if we are a hyperthread. */
++	if (hyperthreading_cpus > 1 &&
++	    PCPU_GET(apic_id) % hyperthreading_cpus != 0)
++		hyperthreading_cpus_mask |= PCPU_GET(cpumask);
++
+ 	/* Build our map of 'other' CPUs. */
+ 	PCPU_SET(other_cpus, all_cpus & ~PCPU_GET(cpumask));
+ 
+@@ -1368,6 +1419,9 @@ sysctl_hlt_cpus(SYSCTL_HANDLER_ARGS)
+ 	else
+ 		hlt_logical_cpus = 0;
+ 
++	if (! hyperthreading_allowed)
++		mask |= hyperthreading_cpus_mask;
++
+ 	if ((mask & all_cpus) == all_cpus)
+ 		mask &= ~(1<<0);
+ 	hlt_cpus_mask = mask;
+@@ -1392,6 +1446,9 @@ sysctl_hlt_logical_cpus(SYSCTL_HANDLER_A
+ 	else
+ 		hlt_cpus_mask &= ~logical_cpus_mask;
+ 
++	if (! hyperthreading_allowed)
++		hlt_cpus_mask |= hyperthreading_cpus_mask;
++
+ 	if ((hlt_cpus_mask & all_cpus) == all_cpus)
+ 		hlt_cpus_mask &= ~(1<<0);
+ 
+@@ -1399,6 +1456,34 @@ sysctl_hlt_logical_cpus(SYSCTL_HANDLER_A
+ 	return (error);
+ }
+ 
++static int
++sysctl_hyperthreading_allowed(SYSCTL_HANDLER_ARGS)
++{
++	int allowed, error;
++
++	allowed = hyperthreading_allowed;
++	error = sysctl_handle_int(oidp, &allowed, 0, req);
++	if (error || !req->newptr)
++		return (error);
++
++	if (allowed)
++		hlt_cpus_mask &= ~hyperthreading_cpus_mask;
++	else
++		hlt_cpus_mask |= hyperthreading_cpus_mask;
++
++	if (logical_cpus_mask != 0 &&
++	    (hlt_cpus_mask & logical_cpus_mask) == logical_cpus_mask)
++		hlt_logical_cpus = 1;
++	else
++		hlt_logical_cpus = 0;
++
++	if ((hlt_cpus_mask & all_cpus) == all_cpus)
++		hlt_cpus_mask &= ~(1<<0);
++
++	hyperthreading_allowed = allowed;
++	return (error);
++}
++
+ static void
+ cpu_hlt_setup(void *dummy __unused)
+ {
+@@ -1418,6 +1503,22 @@ cpu_hlt_setup(void *dummy __unused)
+ 
+ 		if (hlt_logical_cpus)
+ 			hlt_cpus_mask |= logical_cpus_mask;
++
++		/*
++		 * If necessary for security purposes, force
++		 * hyperthreading off, regardless of the value
++		 * of hlt_logical_cpus.
++		 */
++		if (hyperthreading_cpus_mask) {
++			TUNABLE_INT_FETCH("machdep.hyperthreading_allowed",
++			    &hyperthreading_allowed);
++			SYSCTL_ADD_PROC(&logical_cpu_clist,
++			    SYSCTL_STATIC_CHILDREN(_machdep), OID_AUTO,
++			    "hyperthreading_allowed", CTLTYPE_INT|CTLFLAG_RW,
++			    0, 0, sysctl_hyperthreading_allowed, "IU", "");
++			if (! hyperthreading_allowed)
++				hlt_cpus_mask |= hyperthreading_cpus_mask;
++		}
+ 	}
+ }
+ SYSINIT(cpu_hlt, SI_SUB_SMP, SI_ORDER_ANY, cpu_hlt_setup, NULL);
+Index: sys/i386/include/cpufunc.h
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/include/cpufunc.h,v
+retrieving revision 1.142
+diff -u -p -r1.142 cpufunc.h
+--- sys/i386/include/cpufunc.h	7 Apr 2004 20:46:05 -0000	1.142
++++ sys/i386/include/cpufunc.h	12 May 2005 15:22:55 -0000
+@@ -89,6 +89,14 @@ do_cpuid(u_int ax, u_int *p)
+ }
+ 
+ static __inline void
++cpuid_count(u_int ax, u_int cx, u_int *p)
++{
++	__asm __volatile("cpuid"
++			 : "=a" (p[0]), "=b" (p[1]), "=c" (p[2]), "=d" (p[3])
++			 :  "0" (ax), "c" (cx));
++}
++
++static __inline void
+ enable_intr(void)
+ {
+ 	__asm __volatile("sti");
diff --git a/share/security/patches/SA-05:09/htt5.patch.asc b/share/security/patches/SA-05:09/htt5.patch.asc
new file mode 100644
index 0000000000..06bfbf65d8
--- /dev/null
+++ b/share/security/patches/SA-05:09/htt5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0 (Darwin)
+
+iD8DBQBCg+srFdaIBMps37IRAgQmAJ4u2WbIZx5a9hrHdB2+7WAFd0pGvwCfcX4M
+EAs7O8AYkkVCEbC2MVV5+Gs=
+=fHGT
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:10/tcpdump.patch b/share/security/patches/SA-05:10/tcpdump.patch
new file mode 100644
index 0000000000..304e7a317c
--- /dev/null
+++ b/share/security/patches/SA-05:10/tcpdump.patch
@@ -0,0 +1,99 @@
+Index: contrib/tcpdump/print-bgp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/tcpdump/print-bgp.c,v
+retrieving revision 1.1.1.5
+diff -u -d -r1.1.1.5 print-bgp.c
+--- contrib/tcpdump/print-bgp.c	31 Mar 2004 09:16:43 -0000	1.1.1.5
++++ contrib/tcpdump/print-bgp.c	30 May 2005 21:03:44 -0000
+@@ -1216,6 +1216,8 @@
+                             tptr = pptr + len;
+                             break;
+ 			}
++                        if (advance < 0) /* infinite loop protection */
++                            break;
+ 			tptr += advance;
+ 		}
+ 		break;
+@@ -1646,9 +1648,10 @@
+ 		while (dat + length > p) {
+ 			char buf[MAXHOSTNAMELEN + 100];
+ 			i = decode_prefix4(p, buf, sizeof(buf));
+-			if (i == -1)
++			if (i == -1) {
+ 				printf("\n\t    (illegal prefix length)");
+-			else if (i == -2)
++				break;
++			} else if (i == -2)
+ 				goto trunc;
+ 			else {
+ 				printf("\n\t    %s", buf);
+Index: contrib/tcpdump/print-isoclns.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/tcpdump/print-isoclns.c,v
+retrieving revision 1.12
+diff -u -d -r1.12 print-isoclns.c
+--- contrib/tcpdump/print-isoclns.c	31 Mar 2004 14:57:24 -0000	1.12
++++ contrib/tcpdump/print-isoclns.c	22 May 2005 21:49:06 -0000
+@@ -1508,6 +1508,9 @@
+                tlv_type,
+                tlv_len);
+ 
++        if (tlv_len == 0) /* something is malformed */
++            break;
++
+         /* now check if we have a decoder otherwise do a hexdump at the end*/
+ 	switch (tlv_type) {
+ 	case TLV_AREA_ADDR:
+@@ -1538,7 +1541,7 @@
+ 	    break;
+ 
+         case TLV_ISNEIGH_VARLEN:
+-            if (!TTEST2(*tptr, 1))
++            if (!TTEST2(*tptr, 1) || tmp < 3) /* min. TLV length */
+ 		goto trunctlv;
+ 	    lan_alen = *tptr++; /* LAN adress length */
+             tmp --;
+Index: contrib/tcpdump/print-ldp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/tcpdump/print-ldp.c,v
+retrieving revision 1.1.1.1
+diff -u -d -r1.1.1.1 print-ldp.c
+--- contrib/tcpdump/print-ldp.c	31 Mar 2004 09:16:56 -0000	1.1.1.1
++++ contrib/tcpdump/print-ldp.c	30 May 2005 21:11:28 -0000
+@@ -326,6 +326,9 @@
+                EXTRACT_32BITS(&ldp_msg_header->id),
+                LDP_MASK_U_BIT(EXTRACT_16BITS(&ldp_msg_header->type)) ? "continue processing" : "ignore");
+ 
++        if (msg_len == 0) /* infinite loop protection */
++            break;
++
+         msg_tptr=tptr+sizeof(struct ldp_msg_header);
+         msg_tlen=msg_len-sizeof(struct ldp_msg_header)+4; /* Type & Length fields not included */
+ 
+Index: contrib/tcpdump/print-rsvp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/tcpdump/print-rsvp.c,v
+retrieving revision 1.1.1.1
+diff -u -d -r1.1.1.1 print-rsvp.c
+--- contrib/tcpdump/print-rsvp.c	31 Mar 2004 09:17:07 -0000	1.1.1.1
++++ contrib/tcpdump/print-rsvp.c	21 May 2005 20:13:29 -0000
+@@ -875,10 +875,17 @@
+             switch(rsvp_obj_ctype) {
+             case RSVP_CTYPE_IPV4:
+                 while(obj_tlen >= 4 ) {
+-                    printf("\n\t    Subobject Type: %s",
++                    printf("\n\t    Subobject Type: %s, length %u",
+                            tok2str(rsvp_obj_xro_values,
+                                    "Unknown %u",
+-                                   RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)));                
++                                   RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)),
++                           *(obj_tptr+1));                
++
++                    if (*(obj_tptr+1) == 0) { /* prevent infinite loops */
++                        printf("\n\t      ERROR: zero length ERO subtype");
++                        break;
++                    }
++
+                     switch(RSVP_OBJ_XRO_MASK_SUBOBJ(*obj_tptr)) {
+                     case RSVP_OBJ_XRO_IPV4:
+                         printf(", %s, %s/%u, Flags: [%s]",
diff --git a/share/security/patches/SA-05:10/tcpdump.patch.asc b/share/security/patches/SA-05:10/tcpdump.patch.asc
new file mode 100644
index 0000000000..6a69c0dfa5
--- /dev/null
+++ b/share/security/patches/SA-05:10/tcpdump.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0
+
+iD8DBQBCpiv7FdaIBMps37IRAp3PAJwI7a9+ZGlelm2AWvobxn5vsOf1cACeNQNT
+rkH8Ug5ISd96x6h87+kAMpY=
+=Oj1p
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:11/gzip.patch b/share/security/patches/SA-05:11/gzip.patch
new file mode 100644
index 0000000000..30c82f7aa4
--- /dev/null
+++ b/share/security/patches/SA-05:11/gzip.patch
@@ -0,0 +1,64 @@
+Index: gnu/usr.bin/gzip/gzip.c
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/gzip/gzip.c,v
+retrieving revision 1.11
+diff -u -d -r1.11 gzip.c
+--- gnu/usr.bin/gzip/gzip.c	3 May 2004 10:29:23 -0000	1.11
++++ gnu/usr.bin/gzip/gzip.c	7 Jun 2005 19:00:05 -0000
+@@ -830,8 +830,11 @@
+     }
+ 
+     close(ifd);
+-    if (!to_stdout && close(ofd)) {
+-	write_error();
++    if (!to_stdout) {
++        /* Copy modes, times, ownership, and remove the input file */
++        copy_stat(&istat);
++        if (close(ofd))
++	    write_error();
+     }
+     if (method == -1) {
+ 	if (!to_stdout) unlink (ofname);
+@@ -851,10 +854,6 @@
+ 	}
+ 	fprintf(stderr, "\n");
+     }
+-    /* Copy modes, times, ownership, and remove the input file */
+-    if (!to_stdout) {
+-	copy_stat(&istat);
+-    }
+ }
+ 
+ /* ========================================================================
+@@ -1258,6 +1257,7 @@
+ 		/* Copy the base name. Keep a directory prefix intact. */
+                 char *p = basename(ofname);
+                 char *base = p;
++		char *base2;
+ 		for (;;) {
+ 		    *p = (char)get_char();
+ 		    if (*p++ == '\0') break;
+@@ -1265,6 +1265,8 @@
+ 			error("corrupted input -- file name too large");
+ 		    }
+ 		}
++		base2 = basename (base);
++		strcpy(base, base2);
+                 /* If necessary, adapt the name to local OS conventions: */
+                 if (!list) {
+                    MAKE_LEGAL_NAME(base);
+@@ -1637,12 +1639,12 @@
+     reset_times(ofname, ifstat);
+ #endif
+     /* Copy the protection modes */
+-    if (chmod(ofname, ifstat->st_mode & 07777)) {
++    if (fchmod(ofd, ifstat->st_mode & 07777)) {
+ 	WARN((stderr, "%s: ", progname));
+ 	if (!quiet) perror(ofname);
+     }
+ #ifndef NO_CHOWN
+-    chown(ofname, ifstat->st_uid, ifstat->st_gid);  /* Copy ownership */
++    (void) fchown(ofd, ifstat->st_uid, ifstat->st_gid);  /* Copy ownership */
+ #endif
+     remove_ofname = 0;
+     /* It's now safe to remove the input file: */
diff --git a/share/security/patches/SA-05:11/gzip.patch.asc b/share/security/patches/SA-05:11/gzip.patch.asc
new file mode 100644
index 0000000000..d9f531a9f6
--- /dev/null
+++ b/share/security/patches/SA-05:11/gzip.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.0
+
+iD8DBQBCpivnFdaIBMps37IRAqaYAKCN1O5rQ+9TCQDS+NGJa5lbf+sxDwCfTMPi
+gRCwL6X8Y7DEIUAVF+zdw38=
+=2qLE
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:12/bind9.patch b/share/security/patches/SA-05:12/bind9.patch
new file mode 100644
index 0000000000..fb8ed94eb3
--- /dev/null
+++ b/share/security/patches/SA-05:12/bind9.patch
@@ -0,0 +1,25 @@
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/validator.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -p -r1.1.1.1.2.1 validator.c
+--- contrib/bind9/lib/dns/validator.c	26 Sep 2004 03:09:51 -0000	1.1.1.1.2.1
++++ contrib/bind9/lib/dns/validator.c	8 Jun 2005 20:29:12 -0000
+@@ -497,6 +497,8 @@
+ 
+ 	REQUIRE(exists != NULL);
+ 	REQUIRE(data != NULL);
++	REQUIRE(nsecset != NULL &&
++	nsecset->type == dns_rdatatype_nsec);
+ 
+ 	result = dns_rdataset_first(nsecset);
+ 	if (result != ISC_R_SUCCESS) {
+@@ -661,7 +663,7 @@
+ 		if (rdataset->trust == dns_trust_secure)
+ 			val->seensig = ISC_TRUE;
+ 
+-		if (val->nsecset != NULL &&
++		if (rdataset->type == dns_rdatatype_nsec &&
+ 		    rdataset->trust == dns_trust_secure &&
+ 		    ((val->attributes & VALATTR_NEEDNODATA) != 0 ||
+ 		     (val->attributes & VALATTR_NEEDNOQNAME) != 0) &&
diff --git a/share/security/patches/SA-05:12/bind9.patch.asc b/share/security/patches/SA-05:12/bind9.patch.asc
new file mode 100644
index 0000000000..ec20b6ba51
--- /dev/null
+++ b/share/security/patches/SA-05:12/bind9.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCp1W6FdaIBMps37IRAoH8AJ9PTflEL2K4sXDwlebnMI+I29ClowCeMTyQ
+Bhcz7AcSYsLCHC47zEUzIzU=
+=apmF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:13/ipfw.patch b/share/security/patches/SA-05:13/ipfw.patch
new file mode 100644
index 0000000000..7fed8e6902
--- /dev/null
+++ b/share/security/patches/SA-05:13/ipfw.patch
@@ -0,0 +1,74 @@
+Index: sys/netinet/ip_fw2.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
+retrieving revision 1.70.2.13
+diff -u -d -r1.70.2.13 ip_fw2.c
+--- sys/netinet/ip_fw2.c	17 Jun 2005 23:56:59 -0000	1.70.2.13
++++ sys/netinet/ip_fw2.c	20 Jun 2005 21:31:56 -0000
+@@ -185,9 +185,12 @@
+ };
+ 
+ #define	IPFW_TABLES_MAX		128
+-static struct {
++static struct ip_fw_table {
+ 	struct radix_node_head	*rnh;
+ 	int			modified;
++	in_addr_t		last_addr;
++	int			last_match;
++	u_int32_t		last_value;
+ } ipfw_tables[IPFW_TABLES_MAX];
+ 
+ static int fw_debug = 1;
+@@ -1491,36 +1494,36 @@
+ lookup_table(u_int16_t tbl, in_addr_t addr, u_int32_t *val)
+ {
+ 	struct radix_node_head *rnh;
++	struct ip_fw_table *table;
+ 	struct table_entry *ent;
+ 	struct sockaddr_in sa;
+-	static in_addr_t last_addr;
+-	static int last_tbl;
+-	static int last_match;
+-	static u_int32_t last_value;
++	int last_match;
+ 
+ 	if (tbl >= IPFW_TABLES_MAX)
+ 		return (0);
+-	if (tbl == last_tbl && addr == last_addr &&
+-	    !ipfw_tables[tbl].modified) {
++	table = &ipfw_tables[tbl];
++	rnh = table->rnh;
++	RADIX_NODE_HEAD_LOCK(rnh);
++	if (addr == table->last_addr && !table->modified) {
++		last_match = table->last_match;
+ 		if (last_match)
+-			*val = last_value;
++			*val = table->last_value;
++		RADIX_NODE_HEAD_UNLOCK(rnh);
+ 		return (last_match);
+ 	}
+-	rnh = ipfw_tables[tbl].rnh;
++	table->modified = 0;
+ 	sa.sin_len = 8;
+ 	sa.sin_addr.s_addr = addr;
+-	RADIX_NODE_HEAD_LOCK(rnh);
+-	ipfw_tables[tbl].modified = 0;
+ 	ent = (struct table_entry *)(rnh->rnh_lookup(&sa, NULL, rnh));
+-	RADIX_NODE_HEAD_UNLOCK(rnh);
+-	last_addr = addr;
+-	last_tbl = tbl;
++	table->last_addr = addr;
+ 	if (ent != NULL) {
+-		last_value = *val = ent->value;
+-		last_match = 1;
++		table->last_value = *val = ent->value;
++		table->last_match = 1;
++		RADIX_NODE_HEAD_UNLOCK(rnh);
+ 		return (1);
+ 	}
+-	last_match = 0;
++	table->last_match = 0;
++	RADIX_NODE_HEAD_UNLOCK(rnh);
+ 	return (0);
+ }
+ 
diff --git a/share/security/patches/SA-05:13/ipfw.patch.asc b/share/security/patches/SA-05:13/ipfw.patch.asc
new file mode 100644
index 0000000000..5d2461b12f
--- /dev/null
+++ b/share/security/patches/SA-05:13/ipfw.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCwwIgFdaIBMps37IRAhmFAJ9F3etnZluPijRnY1gr30LefECudACdFdQR
+DIq9db7LliHnU+1UMaVdbdo=
+=Wvc8
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:14/bzip2.patch b/share/security/patches/SA-05:14/bzip2.patch
new file mode 100644
index 0000000000..192ae06134
--- /dev/null
+++ b/share/security/patches/SA-05:14/bzip2.patch
@@ -0,0 +1,411 @@
+Index: contrib/bzip2/bzip2.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/bzip2.c,v
+retrieving revision 1.1.1.2
+diff -u -d -r1.1.1.2 bzip2.c
+--- contrib/bzip2/bzip2.c	1 Feb 2002 16:26:13 -0000	1.1.1.2
++++ contrib/bzip2/bzip2.c	21 Jun 2005 21:43:21 -0000
+@@ -312,6 +312,7 @@
+ 
+ static void    copyFileName ( Char*, Char* );
+ static void*   myMalloc     ( Int32 );
++static int     applySavedFileAttrToOutputFile ( int fd );
+ 
+ 
+ 
+@@ -457,6 +458,10 @@
+    ret = fflush ( zStream );
+    if (ret == EOF) goto errhandler_io;
+    if (zStream != stdout) {
++      int fd = fileno ( zStream );
++      if (fd < 0) goto errhandler_io;
++      ret = applySavedFileAttrToOutputFile ( fd );
++      if (ret != 0) goto errhandler_io;
+       ret = fclose ( zStream );
+       outputHandleJustInCase = NULL;
+       if (ret == EOF) goto errhandler_io;
+@@ -525,6 +530,7 @@
+    UChar   obuf[5000];
+    UChar   unused[BZ_MAX_UNUSED];
+    Int32   nUnused;
++   void*   unusedTmpV;
+    UChar*  unusedTmp;
+ 
+    nUnused = 0;
+@@ -554,9 +560,10 @@
+       }
+       if (bzerr != BZ_STREAM_END) goto errhandler;
+ 
+-      BZ2_bzReadGetUnused ( &bzerr, bzf, (void**)(&unusedTmp), &nUnused );
++      BZ2_bzReadGetUnused ( &bzerr, bzf, &unusedTmpV, &nUnused );
+       if (bzerr != BZ_OK) panic ( "decompress:bzReadGetUnused" );
+ 
++      unusedTmp = (UChar*)unusedTmpV;
+       for (i = 0; i < nUnused; i++) unused[i] = unusedTmp[i];
+ 
+       BZ2_bzReadClose ( &bzerr, bzf );
+@@ -567,6 +574,12 @@
+ 
+    closeok:
+    if (ferror(zStream)) goto errhandler_io;
++   if ( stream != stdout) {
++      int fd = fileno ( stream );
++      if (fd < 0) goto errhandler_io;
++      ret = applySavedFileAttrToOutputFile ( fd );
++      if (ret != 0) goto errhandler_io;
++   }
+    ret = fclose ( zStream );
+    if (ret == EOF) goto errhandler_io;
+ 
+@@ -639,6 +652,7 @@
+    UChar   obuf[5000];
+    UChar   unused[BZ_MAX_UNUSED];
+    Int32   nUnused;
++   void*   unusedTmpV;
+    UChar*  unusedTmp;
+ 
+    nUnused = 0;
+@@ -662,9 +676,10 @@
+       }
+       if (bzerr != BZ_STREAM_END) goto errhandler;
+ 
+-      BZ2_bzReadGetUnused ( &bzerr, bzf, (void**)(&unusedTmp), &nUnused );
++      BZ2_bzReadGetUnused ( &bzerr, bzf, &unusedTmpV, &nUnused );
+       if (bzerr != BZ_OK) panic ( "test:bzReadGetUnused" );
+ 
++      unusedTmp = (UChar*)unusedTmpV;
+       for (i = 0; i < nUnused; i++) unused[i] = unusedTmp[i];
+ 
+       BZ2_bzReadClose ( &bzerr, bzf );
+@@ -1125,7 +1140,7 @@
+ 
+ 
+ static 
+-void applySavedMetaInfoToOutputFile ( Char *dstName )
++void applySavedTimeInfoToOutputFile ( Char *dstName )
+ {
+ #  if BZ_UNIX
+    IntNative      retVal;
+@@ -1134,16 +1149,26 @@
+    uTimBuf.actime = fileMetaInfo.st_atime;
+    uTimBuf.modtime = fileMetaInfo.st_mtime;
+ 
+-   retVal = chmod ( dstName, fileMetaInfo.st_mode );
+-   ERROR_IF_NOT_ZERO ( retVal );
+-
+    retVal = utime ( dstName, &uTimBuf );
+    ERROR_IF_NOT_ZERO ( retVal );
++#  endif
++}
+ 
+-   retVal = chown ( dstName, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
++static 
++int applySavedFileAttrToOutputFile ( int fd )
++{
++#  if BZ_UNIX
++   IntNative      retVal;
++
++   retVal = fchmod ( fd, fileMetaInfo.st_mode );
++   if (retVal != 0)
++       return retVal;
++
++   (void) fchown ( fd, fileMetaInfo.st_uid, fileMetaInfo.st_gid );
+    /* chown() will in many cases return with EPERM, which can
+       be safely ignored.
+    */
++   return 0;
+ #  endif
+ }
+ 
+@@ -1366,7 +1391,7 @@
+ 
+    /*--- If there was an I/O error, we won't get here. ---*/
+    if ( srcMode == SM_F2F ) {
+-      applySavedMetaInfoToOutputFile ( outName );
++      applySavedTimeInfoToOutputFile ( outName );
+       deleteOutputOnInterrupt = False;
+       if ( !keepInputFiles ) {
+          IntNative retVal = remove ( inName );
+@@ -1544,7 +1569,7 @@
+    /*--- If there was an I/O error, we won't get here. ---*/
+    if ( magicNumberOK ) {
+       if ( srcMode == SM_F2F ) {
+-         applySavedMetaInfoToOutputFile ( outName );
++         applySavedTimeInfoToOutputFile ( outName );
+          deleteOutputOnInterrupt = False;
+          if ( !keepInputFiles ) {
+             IntNative retVal = remove ( inName );
+Index: contrib/bzip2/bzlib.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/bzlib.c,v
+retrieving revision 1.1.1.2
+diff -u -d -r1.1.1.2 bzlib.c
+--- contrib/bzip2/bzlib.c	1 Feb 2002 16:26:07 -0000	1.1.1.2
++++ contrib/bzip2/bzlib.c	21 Jun 2005 21:43:21 -0000
+@@ -574,8 +574,11 @@
+ 
+ 
+ /*---------------------------------------------------*/
++/* Return  True iff data corruption is discovered.
++   Returns False if there is no problem.
++*/
+ static
+-void unRLE_obuf_to_output_FAST ( DState* s )
++Bool unRLE_obuf_to_output_FAST ( DState* s )
+ {
+    UChar k1;
+ 
+@@ -584,7 +587,7 @@
+       while (True) {
+          /* try to finish existing run */
+          while (True) {
+-            if (s->strm->avail_out == 0) return;
++            if (s->strm->avail_out == 0) return False;
+             if (s->state_out_len == 0) break;
+             *( (UChar*)(s->strm->next_out) ) = s->state_out_ch;
+             BZ_UPDATE_CRC ( s->calculatedBlockCRC, s->state_out_ch );
+@@ -594,10 +597,13 @@
+             s->strm->total_out_lo32++;
+             if (s->strm->total_out_lo32 == 0) s->strm->total_out_hi32++;
+          }
+-   
++
+          /* can a new run be started? */
+-         if (s->nblock_used == s->save_nblock+1) return;
++         if (s->nblock_used == s->save_nblock+1) return False;
+                
++         /* Only caused by corrupt data stream? */
++         if (s->nblock_used > s->save_nblock+1)
++            return True;
+    
+          s->state_out_len = 1;
+          s->state_out_ch = s->k0;
+@@ -667,6 +673,10 @@
+                cs_avail_out--;
+             }
+          }   
++         /* Only caused by corrupt data stream? */
++         if (c_nblock_used > s_save_nblockPP)
++            return True;
++
+          /* can a new run be started? */
+          if (c_nblock_used == s_save_nblockPP) {
+             c_state_out_len = 0; goto return_notr;
+@@ -712,6 +722,7 @@
+       s->strm->avail_out    = cs_avail_out;
+       /* end save */
+    }
++   return False;
+ }
+ 
+ 
+@@ -732,8 +743,11 @@
+ 
+ 
+ /*---------------------------------------------------*/
++/* Return  True iff data corruption is discovered.
++   Returns False if there is no problem.
++*/
+ static
+-void unRLE_obuf_to_output_SMALL ( DState* s )
++Bool unRLE_obuf_to_output_SMALL ( DState* s )
+ {
+    UChar k1;
+ 
+@@ -742,7 +756,7 @@
+       while (True) {
+          /* try to finish existing run */
+          while (True) {
+-            if (s->strm->avail_out == 0) return;
++            if (s->strm->avail_out == 0) return False;
+             if (s->state_out_len == 0) break;
+             *( (UChar*)(s->strm->next_out) ) = s->state_out_ch;
+             BZ_UPDATE_CRC ( s->calculatedBlockCRC, s->state_out_ch );
+@@ -754,8 +768,11 @@
+          }
+    
+          /* can a new run be started? */
+-         if (s->nblock_used == s->save_nblock+1) return;
+-               
++         if (s->nblock_used == s->save_nblock+1) return False;
++
++         /* Only caused by corrupt data stream? */
++         if (s->nblock_used > s->save_nblock+1)
++            return True;
+    
+          s->state_out_len = 1;
+          s->state_out_ch = s->k0;
+@@ -788,7 +805,7 @@
+       while (True) {
+          /* try to finish existing run */
+          while (True) {
+-            if (s->strm->avail_out == 0) return;
++            if (s->strm->avail_out == 0) return False;
+             if (s->state_out_len == 0) break;
+             *( (UChar*)(s->strm->next_out) ) = s->state_out_ch;
+             BZ_UPDATE_CRC ( s->calculatedBlockCRC, s->state_out_ch );
+@@ -800,7 +817,11 @@
+          }
+    
+          /* can a new run be started? */
+-         if (s->nblock_used == s->save_nblock+1) return;
++         if (s->nblock_used == s->save_nblock+1) return False;
++
++         /* Only caused by corrupt data stream? */
++         if (s->nblock_used > s->save_nblock+1)
++            return True;
+    
+          s->state_out_len = 1;
+          s->state_out_ch = s->k0;
+@@ -830,6 +851,7 @@
+ /*---------------------------------------------------*/
+ int BZ_API(BZ2_bzDecompress) ( bz_stream *strm )
+ {
++   Bool    corrupt;
+    DState* s;
+    if (strm == NULL) return BZ_PARAM_ERROR;
+    s = strm->state;
+@@ -840,12 +862,13 @@
+       if (s->state == BZ_X_IDLE) return BZ_SEQUENCE_ERROR;
+       if (s->state == BZ_X_OUTPUT) {
+          if (s->smallDecompress)
+-            unRLE_obuf_to_output_SMALL ( s ); else
+-            unRLE_obuf_to_output_FAST  ( s );
++            corrupt = unRLE_obuf_to_output_SMALL ( s ); else
++            corrupt = unRLE_obuf_to_output_FAST  ( s );
++         if (corrupt) return BZ_DATA_ERROR;
+          if (s->nblock_used == s->save_nblock+1 && s->state_out_len == 0) {
+             BZ_FINALISE_CRC ( s->calculatedBlockCRC );
+             if (s->verbosity >= 3) 
+-               VPrintf2 ( " {0x%x, 0x%x}", s->storedBlockCRC, 
++               VPrintf2 ( " {0x%08x, 0x%08x}", s->storedBlockCRC, 
+                           s->calculatedBlockCRC );
+             if (s->verbosity >= 2) VPrintf0 ( "]" );
+             if (s->calculatedBlockCRC != s->storedBlockCRC)
+@@ -863,7 +886,7 @@
+          Int32 r = BZ2_decompress ( s );
+          if (r == BZ_STREAM_END) {
+             if (s->verbosity >= 3)
+-               VPrintf2 ( "\n    combined CRCs: stored = 0x%x, computed = 0x%x", 
++               VPrintf2 ( "\n    combined CRCs: stored = 0x%08x, computed = 0x%08x", 
+                           s->storedCombinedCRC, s->calculatedCombinedCRC );
+             if (s->calculatedCombinedCRC != s->storedCombinedCRC)
+                return BZ_DATA_ERROR;
+Index: contrib/bzip2/compress.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/compress.c,v
+retrieving revision 1.1.1.2
+diff -u -d -r1.1.1.2 compress.c
+--- contrib/bzip2/compress.c	1 Feb 2002 16:26:07 -0000	1.1.1.2
++++ contrib/bzip2/compress.c	21 Jun 2005 21:43:21 -0000
+@@ -488,9 +488,11 @@
+       /*--
+         Recompute the tables based on the accumulated frequencies.
+       --*/
++      /* maxLen was changed from 20 to 17 in bzip2-1.0.3.  See 
++         comment in huffman.c for details. */
+       for (t = 0; t < nGroups; t++)
+          BZ2_hbMakeCodeLengths ( &(s->len[t][0]), &(s->rfreq[t][0]), 
+-                                 alphaSize, 20 );
++                                 alphaSize, 17 /*20*/ );
+    }
+ 
+ 
+@@ -527,7 +529,7 @@
+          if (s->len[t][i] > maxLen) maxLen = s->len[t][i];
+          if (s->len[t][i] < minLen) minLen = s->len[t][i];
+       }
+-      AssertH ( !(maxLen > 20), 3004 );
++      AssertH ( !(maxLen > 17 /*20*/ ), 3004 );
+       AssertH ( !(minLen < 1),  3005 );
+       BZ2_hbAssignCodes ( &(s->code[t][0]), &(s->len[t][0]), 
+                           minLen, maxLen, alphaSize );
+@@ -651,8 +653,8 @@
+       if (s->blockNo > 1) s->numZ = 0;
+ 
+       if (s->verbosity >= 2)
+-         VPrintf4( "    block %d: crc = 0x%8x, "
+-                   "combined CRC = 0x%8x, size = %d\n",
++         VPrintf4( "    block %d: crc = 0x%08x, "
++                   "combined CRC = 0x%08x, size = %d\n",
+                    s->blockNo, s->blockCRC, s->combinedCRC, s->nblock );
+ 
+       BZ2_blockSort ( s );
+@@ -703,7 +705,7 @@
+       bsPutUChar ( s, 0x50 ); bsPutUChar ( s, 0x90 );
+       bsPutUInt32 ( s, s->combinedCRC );
+       if (s->verbosity >= 2)
+-         VPrintf1( "    final combined CRC = 0x%x\n   ", s->combinedCRC );
++         VPrintf1( "    final combined CRC = 0x%08x\n   ", s->combinedCRC );
+       bsFinishWrite ( s );
+    }
+ }
+Index: contrib/bzip2/decompress.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/decompress.c,v
+retrieving revision 1.1.1.2
+diff -u -d -r1.1.1.2 decompress.c
+--- contrib/bzip2/decompress.c	1 Feb 2002 16:26:07 -0000	1.1.1.2
++++ contrib/bzip2/decompress.c	21 Jun 2005 21:43:21 -0000
+@@ -524,17 +524,23 @@
+       if (s->origPtr < 0 || s->origPtr >= nblock)
+          RETURN(BZ_DATA_ERROR);
+ 
++      /*-- Set up cftab to facilitate generation of T^(-1) --*/
++      s->cftab[0] = 0;
++      for (i = 1; i <= 256; i++) s->cftab[i] = s->unzftab[i-1];
++      for (i = 1; i <= 256; i++) s->cftab[i] += s->cftab[i-1];
++      for (i = 0; i <= 256; i++) {
++         if (s->cftab[i] < 0 || s->cftab[i] > nblock) {
++            /* s->cftab[i] can legitimately be == nblock */
++            RETURN(BZ_DATA_ERROR);
++         }
++      }
++
+       s->state_out_len = 0;
+       s->state_out_ch  = 0;
+       BZ_INITIALISE_CRC ( s->calculatedBlockCRC );
+       s->state = BZ_X_OUTPUT;
+       if (s->verbosity >= 2) VPrintf0 ( "rt+rld" );
+ 
+-      /*-- Set up cftab to facilitate generation of T^(-1) --*/
+-      s->cftab[0] = 0;
+-      for (i = 1; i <= 256; i++) s->cftab[i] = s->unzftab[i-1];
+-      for (i = 1; i <= 256; i++) s->cftab[i] += s->cftab[i-1];
+-
+       if (s->smallDecompress) {
+ 
+          /*-- Make a copy of cftab, used in generation of T --*/
+Index: contrib/bzip2/huffman.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bzip2/huffman.c,v
+retrieving revision 1.1.1.2
+diff -u -d -r1.1.1.2 huffman.c
+--- contrib/bzip2/huffman.c	1 Feb 2002 16:26:03 -0000	1.1.1.2
++++ contrib/bzip2/huffman.c	21 Jun 2005 21:43:21 -0000
+@@ -162,7 +162,24 @@
+       
+       if (! tooLong) break;
+ 
+-      for (i = 1; i < alphaSize; i++) {
++      /* 17 Oct 04: keep-going condition for the following loop used
++         to be 'i < alphaSize', which missed the last element,
++         theoretically leading to the possibility of the compressor
++         looping.  However, this count-scaling step is only needed if
++         one of the generated Huffman code words is longer than
++         maxLen, which up to and including version 1.0.2 was 20 bits,
++         which is extremely unlikely.  In version 1.0.3 maxLen was
++         changed to 17 bits, which has minimal effect on compression
++         ratio, but does mean this scaling step is used from time to
++         time, enough to verify that it works.
++
++         This means that bzip2-1.0.3 and later will only produce
++         Huffman codes with a maximum length of 17 bits.  However, in
++         order to preserve backwards compatibility with bitstreams
++         produced by versions pre-1.0.3, the decompressor must still
++         handle lengths of up to 20. */
++
++      for (i = 1; i <= alphaSize; i++) {
+          j = weight[i] >> 8;
+          j = 1 + (j / 2);
+          weight[i] = j << 8;
diff --git a/share/security/patches/SA-05:14/bzip2.patch.asc b/share/security/patches/SA-05:14/bzip2.patch.asc
new file mode 100644
index 0000000000..b938351096
--- /dev/null
+++ b/share/security/patches/SA-05:14/bzip2.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCwwIXFdaIBMps37IRAuLKAJwIJXYDbtjdW+e3fMM429KVWPcexwCfUHX5
+1GTN+lKRyuo0t/6E2y7WB6c=
+=/0oi
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:15/tcp.patch b/share/security/patches/SA-05:15/tcp.patch
new file mode 100644
index 0000000000..31e14fb8fc
--- /dev/null
+++ b/share/security/patches/SA-05:15/tcp.patch
@@ -0,0 +1,63 @@
+--- sys/netinet/tcp_input.c	27 Feb 2005 21:43:54 -0000	1.252.2.14
++++ sys/netinet/tcp_input.c	28 Jun 2005 20:53:10 -0000
+@@ -1081,7 +1081,7 @@
+ 	 * XXX this is traditional behavior, may need to be cleaned up.
+ 	 */
+ 	tcp_dooptions(tp, &to, optp, optlen, thflags & TH_SYN, th);
+-	if (thflags & TH_SYN) {
++	if (tp->t_state == TCPS_SYN_SENT && (thflags & TH_SYN)) {
+ 		if (to.to_flags & TOF_SCALE) {
+ 			tp->t_flags |= TF_RCVD_SCALE;
+ 			tp->requested_s_scale = to.to_requested_s_scale;
+@@ -1816,11 +1816,25 @@
+ 	/*
+ 	 * If last ACK falls within this segment's sequence numbers,
+ 	 * record its timestamp.
+-	 * NOTE that the test is modified according to the latest
+-	 * proposal of the tcplw@cray.com list (Braden 1993/04/26).
++	 * NOTE: 
++	 * 1) That the test incorporates suggestions from the latest
++	 *    proposal of the tcplw@cray.com list (Braden 1993/04/26).
++	 * 2) That updating only on newer timestamps interferes with
++	 *    our earlier PAWS tests, so this check should be solely
++	 *    predicated on the sequence space of this segment.
++	 * 3) That we modify the segment boundary check to be 
++	 *        Last.ACK.Sent <= SEG.SEQ + SEG.Len  
++	 *    instead of RFC1323's
++	 *        Last.ACK.Sent < SEG.SEQ + SEG.Len,
++	 *    This modified check allows us to overcome RFC1323's
++	 *    limitations as described in Stevens TCP/IP Illustrated
++	 *    Vol. 2 p.869. In such cases, we can still calculate the
++	 *    RTT correctly when RCV.NXT == Last.ACK.Sent.
+ 	 */
+ 	if ((to.to_flags & TOF_TS) != 0 &&
+-	    SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
++	    SEQ_LEQ(th->th_seq, tp->last_ack_sent) &&
++	    SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen +
++		((thflags & (TH_SYN|TH_FIN)) != 0))) {
+ 		tp->ts_recent_age = ticks;
+ 		tp->ts_recent = to.to_tsval;
+ 	}
+@@ -2685,6 +2699,12 @@
+ 			bcopy((char *)cp + 6,
+ 			    (char *)&to->to_tsecr, sizeof(to->to_tsecr));
+ 			to->to_tsecr = ntohl(to->to_tsecr);
++			/*
++			 * If echoed timestamp is later than the current time,
++			 * fall back to non RFC1323 RTT calculation.
++			 */
++			if ((to->to_tsecr != 0) && TSTMP_GT(to->to_tsecr, ticks))
++				to->to_tsecr = 0;
+ 			break;
+ 		case TCPOPT_CC:
+ 			if (optlen != TCPOLEN_CC)
+--- sys/netinet/tcp_seq.h	31 Jan 2005 23:26:36 -0000	1.22.2.1
++++ sys/netinet/tcp_seq.h	29 Jun 2005 08:59:23 -0000
+@@ -47,6 +47,7 @@
+ 
+ /* for modulo comparisons of timestamps */
+ #define TSTMP_LT(a,b)	((int)((a)-(b)) < 0)
++#define TSTMP_GT(a,b)	((int)((a)-(b)) > 0)
+ #define TSTMP_GEQ(a,b)	((int)((a)-(b)) >= 0)
+ 
+ /*
diff --git a/share/security/patches/SA-05:15/tcp.patch.asc b/share/security/patches/SA-05:15/tcp.patch.asc
new file mode 100644
index 0000000000..fe6c8a9580
--- /dev/null
+++ b/share/security/patches/SA-05:15/tcp.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCwwIqFdaIBMps37IRAtRjAJ9nrH8vpubYuiDQ8CDOIx6oPqV86ACghRDF
+pB1r028MLW5vPT94soQudmc=
+=Mx5J
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:15/tcp4.patch b/share/security/patches/SA-05:15/tcp4.patch
new file mode 100644
index 0000000000..a218f2c57f
--- /dev/null
+++ b/share/security/patches/SA-05:15/tcp4.patch
@@ -0,0 +1,63 @@
+--- sys/netinet/tcp_input.c	5 Jan 2005 08:45:43 -0000	1.107.2.43
++++ sys/netinet/tcp_input.c	28 Jun 2005 20:57:44 -0000
+@@ -922,7 +922,7 @@
+ 	 * XXX this is tradtitional behavior, may need to be cleaned up.
+ 	 */
+ 	tcp_dooptions(&to, optp, optlen, thflags & TH_SYN);
+-	if (thflags & TH_SYN) {
++	if (tp->t_state == TCPS_SYN_SENT && (thflags & TH_SYN)) {
+ 		if (to.to_flags & TOF_SCALE) {
+ 			tp->t_flags |= TF_RCVD_SCALE;
+ 			tp->requested_s_scale = to.to_requested_s_scale;
+@@ -1587,11 +1587,25 @@
+ 	/*
+ 	 * If last ACK falls within this segment's sequence numbers,
+ 	 * record its timestamp.
+-	 * NOTE that the test is modified according to the latest
+-	 * proposal of the tcplw@cray.com list (Braden 1993/04/26).
++	 * NOTE: 
++	 * 1) That the test incorporates suggestions from the latest
++	 *    proposal of the tcplw@cray.com list (Braden 1993/04/26).
++	 * 2) That updating only on newer timestamps interferes with
++	 *    our earlier PAWS tests, so this check should be solely
++	 *    predicated on the sequence space of this segment.
++	 * 3) That we modify the segment boundary check to be 
++	 *        Last.ACK.Sent <= SEG.SEQ + SEG.Len  
++	 *    instead of RFC1323's
++	 *        Last.ACK.Sent < SEG.SEQ + SEG.Len,
++	 *    This modified check allows us to overcome RFC1323's
++	 *    limitations as described in Stevens TCP/IP Illustrated
++	 *    Vol. 2 p.869. In such cases, we can still calculate the
++	 *    RTT correctly when RCV.NXT == Last.ACK.Sent.
+ 	 */
+ 	if ((to.to_flags & TOF_TS) != 0 &&
+-	    SEQ_LEQ(th->th_seq, tp->last_ack_sent)) {
++	    SEQ_LEQ(th->th_seq, tp->last_ack_sent) &&
++	    SEQ_LEQ(tp->last_ack_sent, th->th_seq + tlen +
++		((thflags & (TH_SYN|TH_FIN)) != 0))) {
+ 		tp->ts_recent_age = ticks;
+ 		tp->ts_recent = to.to_tsval;
+ 	}
+@@ -2360,6 +2374,12 @@
+ 			bcopy((char *)cp + 6,
+ 			    (char *)&to->to_tsecr, sizeof(to->to_tsecr));
+ 			to->to_tsecr = ntohl(to->to_tsecr);
++			/*
++			 * If echoed timestamp is later than the current time,
++			 * fall back to non RFC1323 RTT calculation.
++			 */
++			if ((to->to_tsecr != 0) && TSTMP_GT(to->to_tsecr, ticks))
++				to->to_tsecr = 0;
+ 			break;
+ 		case TCPOPT_CC:
+ 			if (optlen != TCPOLEN_CC)
+--- sys/netinet/tcp_seq.h	3 Feb 2003 02:33:10 -0000	1.11.2.7
++++ sys/netinet/tcp_seq.h	29 Jun 2005 08:51:51 -0000
+@@ -48,6 +48,7 @@
+ 
+ /* for modulo comparisons of timestamps */
+ #define TSTMP_LT(a,b)	((int)((a)-(b)) < 0)
++#define TSTMP_GT(a,b)	((int)((a)-(b)) > 0)
+ #define TSTMP_GEQ(a,b)	((int)((a)-(b)) >= 0)
+ 
+ /*
diff --git a/share/security/patches/SA-05:15/tcp4.patch.asc b/share/security/patches/SA-05:15/tcp4.patch.asc
new file mode 100644
index 0000000000..f98f0e34fb
--- /dev/null
+++ b/share/security/patches/SA-05:15/tcp4.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCwwIxFdaIBMps37IRAlJjAJ9bq2/AO4YdsNr84qgsL/GEpFQlrgCcCBPI
+OKYF0K6UUSMv9Hvp1BJaSMo=
+=PLgU
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:16/zlib.patch b/share/security/patches/SA-05:16/zlib.patch
new file mode 100644
index 0000000000..0a5e52d3eb
--- /dev/null
+++ b/share/security/patches/SA-05:16/zlib.patch
@@ -0,0 +1,16 @@
+Index: lib/libz/inftrees.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libz/inftrees.c,v
+retrieving revision 1.5
+diff -u -p -r1.5 inftrees.c
+--- lib/libz/inftrees.c	11 May 2005 03:47:48 -0000	1.5
++++ lib/libz/inftrees.c	2 Jul 2005 19:29:56 -0000
+@@ -134,7 +134,7 @@ unsigned short FAR *work;
+         left -= count[len];
+         if (left < 0) return -1;        /* over-subscribed */
+     }
+-    if (left > 0 && (type == CODES || (codes - count[0] != 1)))
++    if (left > 0 && (type == CODES || max != 1))
+         return -1;                      /* incomplete set */
+ 
+     /* generate offsets into symbol table for each length for sorting */
diff --git a/share/security/patches/SA-05:16/zlib.patch.asc b/share/security/patches/SA-05:16/zlib.patch.asc
new file mode 100644
index 0000000000..893aa50521
--- /dev/null
+++ b/share/security/patches/SA-05:16/zlib.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBCy9AgFdaIBMps37IRAq0yAJ4nINjMwCM1ONAegQp+xt4M309OtQCdGw8S
+4aLQeTVoPQCBJXN1cDF856k=
+=cyW3
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:17/devfs.patch b/share/security/patches/SA-05:17/devfs.patch
new file mode 100644
index 0000000000..5192875d34
--- /dev/null
+++ b/share/security/patches/SA-05:17/devfs.patch
@@ -0,0 +1,20 @@
+Index: sys/fs/devfs/devfs_vnops.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/devfs/devfs_vnops.c,v
+retrieving revision 1.115
+diff -u -d -r1.115 devfs_vnops.c
+--- sys/fs/devfs/devfs_vnops.c	14 Jul 2005 10:22:09 -0000	1.115
++++ sys/fs/devfs/devfs_vnops.c	18 Jul 2005 18:51:41 -0000
+@@ -788,6 +788,12 @@
+ 	struct devfs_mount *dmp;
+ 	int error;
+ 
++	/*
++	 * The only type of node we should be creating here is a
++	 * character device, for anything else return EOPNOTSUPP.
++	 */
++	if (ap->a_vap->va_type != VCHR)
++		return (EOPNOTSUPP);
+ 	dvp = ap->a_dvp;
+ 	dmp = VFSTODEVFS(dvp->v_mount);
+ 	lockmgr(&dmp->dm_lock, LK_EXCLUSIVE, 0, curthread);
diff --git a/share/security/patches/SA-05:17/devfs.patch.asc b/share/security/patches/SA-05:17/devfs.patch.asc
new file mode 100644
index 0000000000..c1d05e52da
--- /dev/null
+++ b/share/security/patches/SA-05:17/devfs.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBC3lYLFdaIBMps37IRAipQAJ9FDvxlxFuXkyFcJY1iLUAc2argoACcCaQu
+V1FAMIVg2NVFUNOphzJhvzs=
+=/4xu
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:18/zlib.patch b/share/security/patches/SA-05:18/zlib.patch
new file mode 100644
index 0000000000..fd8462a398
--- /dev/null
+++ b/share/security/patches/SA-05:18/zlib.patch
@@ -0,0 +1,24 @@
+Index: lib/libz/inftrees.h
+===================================================================
+RCS file: /home/ncvs/src/lib/libz/inftrees.h,v
+retrieving revision 1.1.1.5
+diff -u -r1.1.1.5 inftrees.h
+--- lib/libz/inftrees.h	30 Jun 2004 23:43:27 -0000	1.1.1.5
++++ lib/libz/inftrees.h	23 Jul 2005 13:08:30 -0000
+@@ -36,12 +36,12 @@
+  */
+ 
+ /* Maximum size of dynamic tree.  The maximum found in a long but non-
+-   exhaustive search was 1004 code structures (850 for length/literals
+-   and 154 for distances, the latter actually the result of an
++   exhaustive search was 1444 code structures (852 for length/literals
++   and 592 for distances, the latter actually the result of an
+    exhaustive search).  The true maximum is not known, but the value
+    below is more than safe. */
+-#define ENOUGH 1440
+-#define MAXD 154
++#define ENOUGH 2048
++#define MAXD 592
+ 
+ /* Type of code to build for inftable() */
+ typedef enum {
diff --git a/share/security/patches/SA-05:18/zlib.patch.asc b/share/security/patches/SA-05:18/zlib.patch.asc
new file mode 100644
index 0000000000..6ca1316d5c
--- /dev/null
+++ b/share/security/patches/SA-05:18/zlib.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBC50chFdaIBMps37IRAuciAJ4naP86edSUsggdEbh1AyU25MLa1wCgmQ4J
+XUIMvQ/nSp93ioTrT+nRTFo=
+=9VLA
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:19/ipsec.patch b/share/security/patches/SA-05:19/ipsec.patch
new file mode 100644
index 0000000000..b2bd10c984
--- /dev/null
+++ b/share/security/patches/SA-05:19/ipsec.patch
@@ -0,0 +1,47 @@
+Index: sys/netinet6/ah_aesxcbcmac.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/ah_aesxcbcmac.c,v
+retrieving revision 1.2
+diff -u -p -r1.2 ah_aesxcbcmac.c
+--- sys/netinet6/ah_aesxcbcmac.c	7 Jan 2005 02:30:34 -0000	1.2
++++ sys/netinet6/ah_aesxcbcmac.c	26 Jul 2005 06:51:39 -0000
+@@ -78,6 +78,7 @@ ah_aes_xcbc_mac_init(state, sav)
+ 	u_int8_t k3seed[AES_BLOCKSIZE] = { 3,3,3,3,3,3,3,3,3,3,3,3,3,3,3,3 };
+ 	u_int32_t r_ks[(RIJNDAEL_MAXNR+1)*4];
+ 	aesxcbc_ctx *ctx;
++	u_int8_t k1[AES_BLOCKSIZE];
+ 
+ 	if (!state)
+ 		panic("ah_aes_xcbc_mac_init: what?");
+@@ -93,14 +94,15 @@ ah_aes_xcbc_mac_init(state, sav)
+ 	if ((ctx->r_nr = rijndaelKeySetupEnc(r_ks,
+ 	    (char *)_KEYBUF(sav->key_auth), AES_BLOCKSIZE * 8)) == 0)
+ 		return -1;
+-	if (rijndaelKeySetupEnc(ctx->r_k1s, k1seed, AES_BLOCKSIZE * 8) == 0)
++	rijndaelEncrypt(r_ks, ctx->r_nr, k1seed, k1);
++	rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
++	rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
++	if (rijndaelKeySetupEnc(ctx->r_k1s, k1, AES_BLOCKSIZE * 8) == 0)
+ 		return -1;
+-	if (rijndaelKeySetupEnc(ctx->r_k2s, k2seed, AES_BLOCKSIZE * 8) == 0)
++	if (rijndaelKeySetupEnc(ctx->r_k2s, ctx->k2, AES_BLOCKSIZE * 8) == 0)
+ 		return -1;
+-	if (rijndaelKeySetupEnc(ctx->r_k3s, k3seed, AES_BLOCKSIZE * 8) == 0)
++	if (rijndaelKeySetupEnc(ctx->r_k3s, ctx->k3, AES_BLOCKSIZE * 8) == 0)
+ 		return -1;
+-	rijndaelEncrypt(r_ks, ctx->r_nr, k2seed, ctx->k2);
+-	rijndaelEncrypt(r_ks, ctx->r_nr, k3seed, ctx->k3);
+ 
+ 	return 0;
+ }
+@@ -151,8 +153,8 @@ ah_aes_xcbc_mac_loop(state, addr, len)
+ 		addr += AES_BLOCKSIZE;
+ 	}
+ 	if (addr < ep) {
+-		bcopy(addr, ctx->buf, ep - addr);
+-		ctx->buflen = ep - addr;
++		bcopy(addr, ctx->buf + ctx->buflen, ep - addr);
++		ctx->buflen += ep - addr;
+ 	}
+ }
+ 
diff --git a/share/security/patches/SA-05:19/ipsec.patch.asc b/share/security/patches/SA-05:19/ipsec.patch.asc
new file mode 100644
index 0000000000..5e784fb3c1
--- /dev/null
+++ b/share/security/patches/SA-05:19/ipsec.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBC50cpFdaIBMps37IRAjhuAJ0RtJxLP8a5l4YJRBQGgU7akBJj3ACfeP5w
+xcj9aHqeou9/ODLVlJJ+ESA=
+=LQMS
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:20/cvsbug.patch b/share/security/patches/SA-05:20/cvsbug.patch
new file mode 100644
index 0000000000..17ce0c4b6d
--- /dev/null
+++ b/share/security/patches/SA-05:20/cvsbug.patch
@@ -0,0 +1,22 @@
+Index: contrib/cvs/src/cvsbug.in
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/cvsbug.in,v
+retrieving revision 1.1.1.3
+diff -u -p -r1.1.1.3 cvsbug.in
+--- contrib/cvs/src/cvsbug.in	15 Apr 2004 01:01:55 -0000	1.1.1.3
++++ contrib/cvs/src/cvsbug.in	5 Sep 2005 06:23:21 -0000
+@@ -109,14 +109,12 @@ elif [ -f /bin/domainname ]; then
+     /usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAME:" |
+       cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
+     ORIGINATOR="`cat $TEMP`"
+-    rm -f $TEMP
+   fi
+ fi
+ 
+ if [ "$ORIGINATOR" = "" ]; then
+   grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
+   ORIGINATOR="`cat $TEMP`"
+-  rm -f $TEMP
+ fi
+ 
+ if [ -n "$ORGANIZATION" ]; then
diff --git a/share/security/patches/SA-05:20/cvsbug.patch.asc b/share/security/patches/SA-05:20/cvsbug.patch.asc
new file mode 100644
index 0000000000..b9114cfb9e
--- /dev/null
+++ b/share/security/patches/SA-05:20/cvsbug.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBDHvBHFdaIBMps37IRAt1gAJ9z0uQWA3zTTBzqYdNfhMlQOuyf+ACgh71W
+u4EGYQjzvs5Lk8VVggcQSXQ=
+=V4Ms
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:20/cvsbug410.patch b/share/security/patches/SA-05:20/cvsbug410.patch
new file mode 100644
index 0000000000..a5e62781f3
--- /dev/null
+++ b/share/security/patches/SA-05:20/cvsbug410.patch
@@ -0,0 +1,51 @@
+Index: contrib/cvs/src/cvsbug.in
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/cvsbug.in,v
+retrieving revision 1.1.1.1.2.2
+diff -u -p -r1.1.1.1.2.2 cvsbug.in
+--- contrib/cvs/src/cvsbug.in	19 Dec 2002 21:17:56 -0000	1.1.1.1.2.2
++++ contrib/cvs/src/cvsbug.in	9 Sep 2005 06:52:35 -0000
+@@ -85,9 +85,9 @@ fi
+ 
+ [ -z "$TMPDIR" ] && TMPDIR=/tmp
+ 
+-TEMP=$TMPDIR/p$$
+-BAD=$TMPDIR/pbad$$
+-REF=$TMPDIR/pf$$
++TEMP="`/usr/bin/mktemp $TMPDIR/p.XXXXXX`"
++BAD="`/usr/bin/mktemp $TMPDIR/pbad.XXXXXX`"
++REF="`/usr/bin/mktemp $TMPDIR/pf.XXXXXX`"
+ 
+ if [ -z "$LOGNAME" -a -n "$USER" ]; then
+   LOGNAME=$USER
+@@ -108,14 +108,12 @@ elif [ -f /bin/domainname ]; then
+     /usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAME:" |
+       cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
+     ORIGINATOR="`cat $TEMP`"
+-    rm -f $TEMP
+   fi
+ fi
+ 
+ if [ "$ORIGINATOR" = "" ]; then
+   grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
+   ORIGINATOR="`cat $TEMP`"
+-  rm -f $TEMP
+ fi
+ 
+ if [ -n "$ORGANIZATION" ]; then
+Index: gnu/usr.bin/send-pr/send-pr.sh
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/send-pr/send-pr.sh,v
+retrieving revision 1.13.2.13
+diff -u -p -r1.13.2.13 send-pr.sh
+--- gnu/usr.bin/send-pr/send-pr.sh	1 Dec 2003 19:12:58 -0000	1.13.2.13
++++ gnu/usr.bin/send-pr/send-pr.sh	9 Sep 2005 06:52:35 -0000
+@@ -262,7 +262,7 @@ TEMP=`mktemp -t pf` || exit 1
+ # Catch some signals. ($xs kludge needed by Sun /bin/sh)
+ xs=0
+ trap 'rm -f $REF $TEMP; exit $xs' 0
+-trap 'echo "$COMMAND: Aborting ... saving unfinished PR into /tmp/pr.$$"; rm -f $REF ; mv $TEMP /tmp/pr.$$; xs=1; exit' 1 2 3 13 15
++trap 'SAV=`mktemp -t pr`;echo "$COMMAND: Aborting ... saving unfinished PR into $SAV"; rm -f $REF ; mv $TEMP $SAV; xs=1; exit' 1 2 3 13 15
+ 
+ # If they told us to use a specific file, then do so.
+ if [ -n "$IN_FILE" ]; then
diff --git a/share/security/patches/SA-05:20/cvsbug410.patch.asc b/share/security/patches/SA-05:20/cvsbug410.patch.asc
new file mode 100644
index 0000000000..b8f1213475
--- /dev/null
+++ b/share/security/patches/SA-05:20/cvsbug410.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.1 (FreeBSD)
+
+iD8DBQBDIeKpFdaIBMps37IRAlB8AJ0aZ5pSry16q4oH99G5A2HcUOhSswCfUFqV
+SLliP96NPzxB5CiUnt7ptSQ=
+=rCaQ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-05:20/cvsbug53.patch b/share/security/patches/SA-05:20/cvsbug53.patch
new file mode 100644
index 0000000000..fb5252a53e
--- /dev/null
+++ b/share/security/patches/SA-05:20/cvsbug53.patch
@@ -0,0 +1,39 @@
+Index: contrib/cvs/src/cvsbug.in
+===================================================================
+RCS file: /home/ncvs/src/contrib/cvs/src/cvsbug.in,v
+retrieving revision 1.1.1.3
+retrieving revision 1.1.1.3.4.1
+diff -u -p -r1.1.1.3 -r1.1.1.3.4.1
+--- contrib/cvs/src/cvsbug.in	15 Apr 2004 01:01:55 -0000	1.1.1.3
++++ contrib/cvs/src/cvsbug.in	7 Sep 2005 13:43:49 -0000	1.1.1.3.4.1
+@@ -109,14 +109,12 @@ elif [ -f /bin/domainname ]; then
+     /usr/bin/ypcat passwd 2>/dev/null | cat - /etc/passwd | grep "^$LOGNAME:" |
+       cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
+     ORIGINATOR="`cat $TEMP`"
+-    rm -f $TEMP
+   fi
+ fi
+ 
+ if [ "$ORIGINATOR" = "" ]; then
+   grep "^$LOGNAME:" /etc/passwd | cut -f5 -d':' | sed -e 's/,.*//' > $TEMP
+   ORIGINATOR="`cat $TEMP`"
+-  rm -f $TEMP
+ fi
+ 
+ if [ -n "$ORGANIZATION" ]; then
+Index: gnu/usr.bin/send-pr/send-pr.sh
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/send-pr/send-pr.sh,v
+retrieving revision 1.35
+diff -u -p -r1.35 send-pr.sh
+--- gnu/usr.bin/send-pr/send-pr.sh	12 Nov 2003 23:08:23 -0000	1.35
++++ gnu/usr.bin/send-pr/send-pr.sh	9 Sep 2005 08:01:11 -0000
+@@ -262,7 +262,7 @@ TEMP=`mktemp -t pf` || exit 1
+ # Catch some signals. ($xs kludge needed by Sun /bin/sh)
+ xs=0
+ trap 'rm -f $REF $TEMP; exit $xs' 0
+-trap 'echo "$COMMAND: Aborting ... saving unfinished PR into /tmp/pr.$$"; rm -f $REF ; mv $TEMP /tmp/pr.$$; xs=1; exit' 1 2 3 13 15
++trap 'SAV=`mktemp -t pr`;echo "$COMMAND: Aborting ... saving unfinished PR into $SAV"; rm -f $REF ; mv $TEMP $SAV; xs=1; exit' 1 2 3 13 15
+ 
+ # If they told us to use a specific file, then do so.
+ if [ -n "$IN_FILE" ]; then
diff --git a/share/security/patches/SA-05:21/openssl.patch b/share/security/patches/SA-05:21/openssl.patch
new file mode 100644
index 0000000000..210affda33
--- /dev/null
+++ b/share/security/patches/SA-05:21/openssl.patch
@@ -0,0 +1,28 @@
+Index: crypto/openssl/ssl/s23_srvr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s23_srvr.c,v
+retrieving revision 1.7
+diff -u -p -r1.7 s23_srvr.c
+--- crypto/openssl/ssl/s23_srvr.c	28 Jan 2003 22:34:21 -0000	1.7
++++ crypto/openssl/ssl/s23_srvr.c	10 Oct 2005 16:39:19 -0000
+@@ -268,9 +268,6 @@ int ssl23_get_client_hello(SSL *s)
+ 	int n=0,j;
+ 	int type=0;
+ 	int v[2];
+-#ifndef OPENSSL_NO_RSA
+-	int use_sslv2_strong=0;
+-#endif
+ 
+ 	if (s->state ==	SSL23_ST_SR_CLNT_HELLO_A)
+ 		{
+@@ -519,9 +516,7 @@ int ssl23_get_client_hello(SSL *s)
+ 			}
+ 
+ 		s->state=SSL2_ST_GET_CLIENT_HELLO_A;
+-		if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) ||
+-			use_sslv2_strong ||
+-			(s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3))
++		if (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)
+ 			s->s2->ssl2_rollback=0;
+ 		else
+ 			/* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0
diff --git a/share/security/patches/SA-05:21/openssl.patch.asc b/share/security/patches/SA-05:21/openssl.patch.asc
new file mode 100644
index 0000000000..457ff7b514
--- /dev/null
+++ b/share/security/patches/SA-05:21/openssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBDS6SeFdaIBMps37IRAhNRAKCexyy3ar0OSP/u2KHmqAO1vQ1WdQCdFfpw
+STYa5aQ4wENJuFNYDhUxNm8=
+=aizj
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:01/texindex.patch b/share/security/patches/SA-06:01/texindex.patch
new file mode 100644
index 0000000000..da8264d107
--- /dev/null
+++ b/share/security/patches/SA-06:01/texindex.patch
@@ -0,0 +1,96 @@
+Index: contrib/texinfo/util/texindex.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/texinfo/util/texindex.c,v
+retrieving revision 1.1.1.8
+diff -u -p -I__FBSDID -r1.1.1.8 texindex.c
+--- contrib/texinfo/util/texindex.c	23 May 2005 10:46:22 -0000	1.1.1.8
++++ contrib/texinfo/util/texindex.c	8 Jan 2006 23:31:32 -0000
+@@ -384,17 +384,33 @@ For more information about these matters
+     usage (1);
+ }
+ 
++static char **tv;
++static int tv_alloc;
++static int tv_used;
++
++static int
++findtempname (char *tempname)
++{
++  int i;
++
++  for (i = 0; i < tv_used; i++)
++    if (strcmp (tv[i], tempname) == 0)
++	return (1);
++  return (0);
++}
++
+ /* Return a name for temporary file COUNT. */
+ 
+ static char *
+ maketempname (int count)
+ {
+   static char *tempbase = NULL;
++  char *tempname;
+   char tempsuffix[10];
++  int fd;
+ 
+   if (!tempbase)
+     {
+-      int fd;
+       tempbase = concat (tempdir, "txidxXXXXXX");
+ 
+       fd = mkstemp (tempbase);
+@@ -403,7 +419,52 @@ maketempname (int count)
+     }
+ 
+   sprintf (tempsuffix, ".%d", count);
+-  return concat (tempbase, tempsuffix);
++  tempname = concat (tempbase, tempsuffix);
++  /*
++   * The open logic becomes a bit convoluted. If open(2) fails due to EEXIST,
++   * it's likely because somebody attempted to race us, or because we have
++   * already created this file.
++   */
++  fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600);
++  if (fd == -1)
++    {
++	/*
++	 * If errno is not EEXIST, then open failed for some other reason, so
++	 * we should terminate. If errno == EEXIST AND we didn't create this
++	 * file, terminate. Otherwise, it's safe to say that errno == EEXIST
++	 * because we already created it, in this event, we can just return.
++	 */
++	if (errno != EEXIST ||
++	  (errno == EEXIST && findtempname (tempname) == 0))
++	  pfatal_with_name (tempname);
++	return (tempname);
++    }
++  else if (fd > 0)
++    {
++	close (fd);
++    }
++  if (tv == NULL)
++    {
++	tv_alloc = 16;
++	tv = calloc (tv_alloc, sizeof (char *));
++	if (tv == NULL)
++	  {
++	    fprintf (stderr, "calloc failed\n");
++	    exit (1);
++	  }
++    }
++  else if (tv_used == tv_alloc)
++    {
++	tv_alloc += 4;
++	tv = realloc (tv, tv_alloc * sizeof (char *));
++	if (tv == NULL)
++	  {
++	    fprintf (stderr, "realloc failed");
++	    exit (1);
++	  }
++    }
++  tv[tv_used++] = strdup (tempname);
++  return tempname;
+ }
+ 
+ 
diff --git a/share/security/patches/SA-06:01/texindex.patch.asc b/share/security/patches/SA-06:01/texindex.patch.asc
new file mode 100644
index 0000000000..483c3617bd
--- /dev/null
+++ b/share/security/patches/SA-06:01/texindex.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBDxL30FdaIBMps37IRAgQjAJ4/IWsBcRuI5agy4KjToWigtStCQQCfQ7Ud
+IFsKlJ13w5mFXsXt0yH/SqA=
+=D3KE
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:01/texindex5x.patch b/share/security/patches/SA-06:01/texindex5x.patch
new file mode 100644
index 0000000000..5054606c34
--- /dev/null
+++ b/share/security/patches/SA-06:01/texindex5x.patch
@@ -0,0 +1,97 @@
+Index: contrib/texinfo/util/texindex.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/texinfo/util/texindex.c,v
+retrieving revision 1.1.1.7
+diff -u -p -I__FBSDID -r1.1.1.7 texindex.c
+--- contrib/texinfo/util/texindex.c	18 Jun 2003 12:57:43 -0000	1.1.1.7
++++ contrib/texinfo/util/texindex.c	8 Jan 2006 23:37:03 -0000
+@@ -386,6 +386,21 @@ For more information about these matters
+     usage (1);
+ }
+ 
++static char **tv;
++static int tv_alloc;
++static int tv_used;
++
++static int
++findtempname (char *tempname)
++{
++  int i;
++
++  for (i = 0; i < tv_used; i++)
++    if (strcmp (tv[i], tempname) == 0)
++	return (1);
++  return (0);
++}
++
+ /* Return a name for temporary file COUNT. */
+ 
+ static char *
+@@ -393,11 +408,12 @@ maketempname (count)
+      int count;
+ {
+   static char *tempbase = NULL;
++  char *tempname;
+   char tempsuffix[10];
++  int fd;
+ 
+   if (!tempbase)
+     {
+-      int fd;
+       tempbase = concat (tempdir, "txidxXXXXXX");
+ 
+       fd = mkstemp (tempbase);
+@@ -406,7 +422,52 @@ maketempname (count)
+     }
+ 
+   sprintf (tempsuffix, ".%d", count);
+-  return concat (tempbase, tempsuffix);
++  tempname = concat (tempbase, tempsuffix);
++  /*
++   * The open logic becomes a bit convoluted. If open(2) fails due to EEXIST,
++   * it's likely because somebody attempted to race us, or because we have
++   * already created this file.
++   */
++  fd = open (tempname, O_CREAT|O_EXCL|O_WRONLY, 0600);
++  if (fd == -1)
++    {
++	/*
++	 * If errno is not EEXIST, then open failed for some other reason, so
++	 * we should terminate. If errno == EEXIST AND we didn't create this
++	 * file, terminate. Otherwise, it's safe to say that errno == EEXIST
++	 * because we already created it, in this event, we can just return.
++	 */
++	if (errno != EEXIST ||
++	  (errno == EEXIST && findtempname (tempname) == 0))
++	  pfatal_with_name (tempname);
++	return (tempname);
++    }
++  else if (fd > 0)
++    {
++	close (fd);
++    }
++  if (tv == NULL)
++    {
++	tv_alloc = 16;
++	tv = calloc (tv_alloc, sizeof (char *));
++	if (tv == NULL)
++	  {
++	    fprintf (stderr, "calloc failed\n");
++	    exit (1);
++	  }
++    }
++  else if (tv_used == tv_alloc)
++    {
++	tv_alloc += 4;
++	tv = realloc (tv, tv_alloc * sizeof (char *));
++	if (tv == NULL)
++	  {
++	    fprintf (stderr, "realloc failed");
++	    exit (1);
++	  }
++    }
++  tv[tv_used++] = strdup (tempname);
++  return tempname;
+ }
+ 
+ 
diff --git a/share/security/patches/SA-06:01/texindex5x.patch.asc b/share/security/patches/SA-06:01/texindex5x.patch.asc
new file mode 100644
index 0000000000..253054efe5
--- /dev/null
+++ b/share/security/patches/SA-06:01/texindex5x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBDxL37FdaIBMps37IRAsxyAJ0ZwKdiPjolVQLlZFcdYT070KBfugCfUw/c
+kSNeVk5G5qqPFkZT5K2KmrY=
+=1elb
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:02/ee.patch b/share/security/patches/SA-06:02/ee.patch
new file mode 100644
index 0000000000..01157c42e0
--- /dev/null
+++ b/share/security/patches/SA-06:02/ee.patch
@@ -0,0 +1,104 @@
+Index: usr.bin/ee/ee.c
+===================================================================
+RCS file: /home/ncvs/src/usr.bin/ee/ee.c,v
+retrieving revision 1.32
+diff -u -d -r1.32 ee.c
+--- usr.bin/ee/ee.c	5 Nov 2004 10:18:05 -0000	1.32
++++ usr.bin/ee/ee.c	1 Jan 2006 22:51:41 -0000
+@@ -300,7 +300,7 @@
+ int quit P_((int noverify));
+ void edit_abort P_((int arg));
+ void delete_text P_((void));
+-int write_file P_((char *file_name));
++int write_file P_((char *file_name, int warn_if_exists));
+ int search P_((int display_message));
+ void search_prompt P_((void));
+ void del_char P_((void));
+@@ -1688,7 +1688,7 @@
+ 			cmd_str = cmd_str2 = get_string(file_write_prompt_str, TRUE);
+ 		}
+ 		tmp_file = resolve_name(cmd_str);
+-		write_file(tmp_file);
++		write_file(tmp_file, 1);
+ 		if (tmp_file != cmd_str)
+ 			free(tmp_file);
+ 	}
+@@ -2395,7 +2395,7 @@
+ 		file_name = tmp_file;
+ 	}
+ 
+-	if (write_file(file_name))
++	if (write_file(file_name, 1))
+ 	{
+ 		text_changes = FALSE;
+ 		quit(0);
+@@ -2472,8 +2472,9 @@
+ }
+ 
+ int 
+-write_file(file_name)
++write_file(file_name, warn_if_exists)
+ char *file_name;
++int warn_if_exists;
+ {
+ 	char cr;
+ 	char *tmp_point;
+@@ -2483,7 +2484,8 @@
+ 	int write_flag = TRUE;
+ 
+ 	charac = lines = 0;
+-	if ((in_file_name == NULL) || strcmp(in_file_name, file_name))
++	if (warn_if_exists &&
++	    ((in_file_name == NULL) || strcmp(in_file_name, file_name)))
+ 	{
+ 		if ((temp_fp = fopen(file_name, "r")))
+ 		{
+@@ -3725,7 +3727,7 @@
+ 	{
+ 		string = get_string(file_write_prompt_str, TRUE);
+ 		tmp_file = resolve_name(string);
+-		write_file(tmp_file);
++		write_file(tmp_file, 1);
+ 		if (tmp_file != string)
+ 			free(tmp_file);
+ 		free(string);
+@@ -3762,7 +3764,7 @@
+ 				string = tmp_file;
+ 			}
+ 		}
+-		if (write_file(string))
++		if (write_file(string, 1))
+ 		{
+ 			in_file_name = string;
+ 			text_changes = FALSE;
+@@ -4375,17 +4377,25 @@
+ void 
+ ispell_op()
+ {
+-	char name[128];
++	char template[128], *name;
+ 	char string[256];
+-	int pid;
++	int fd;
+ 
+ 	if (restrict_mode())
+ 	{
+ 		return;
+ 	}
+-	pid = getpid();
+-	sprintf(name, "/tmp/ee.%d", pid);
+-	if (write_file(name))
++	(void)sprintf(template, "/tmp/ee.XXXXXXXX");
++	name = mktemp(&template[0]);
++	fd = open(name, O_CREAT | O_EXCL | O_RDWR, 0600);
++	if (fd < 0) {
++		wmove(com_win, 0, 0);
++		wprintw(com_win, create_file_fail_msg, name);
++		wrefresh(com_win);
++		return;
++	}
++	close(fd);
++	if (write_file(name, 0))
+ 	{
+ 		sprintf(string, "ispell %s", name);
+ 		sh_command(string);
diff --git a/share/security/patches/SA-06:02/ee.patch.asc b/share/security/patches/SA-06:02/ee.patch.asc
new file mode 100644
index 0000000000..ff5d52306a
--- /dev/null
+++ b/share/security/patches/SA-06:02/ee.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBDxL3ZFdaIBMps37IRAsFVAJ4k3oW7tkMWrFMlE+2pCHfbAyIZ6wCdFXFC
+BBHT+r3Psl5++egvP4ziQos=
+=tmGt
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:03/cpio.patch b/share/security/patches/SA-06:03/cpio.patch
new file mode 100644
index 0000000000..ed4b662ee9
--- /dev/null
+++ b/share/security/patches/SA-06:03/cpio.patch
@@ -0,0 +1,499 @@
+Index: contrib/cpio/copyin.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cpio/Attic/copyin.c,v
+retrieving revision 1.7
+diff -u -d -r1.7 copyin.c
+--- contrib/cpio/copyin.c	21 Mar 2001 21:17:54 -0000	1.7
++++ contrib/cpio/copyin.c	3 Jan 2006 22:01:58 -0000
+@@ -46,6 +46,19 @@
+ #define lchown chown
+ #endif
+ 
++# ifndef DIRECTORY_SEPARATOR
++#  define DIRECTORY_SEPARATOR '/'
++# endif
++
++# ifndef ISSLASH
++#  define ISSLASH(C) ((C) == DIRECTORY_SEPARATOR)
++# endif
++
++# ifndef FILE_SYSTEM_PREFIX_LEN
++#  define FILE_SYSTEM_PREFIX_LEN(Filename) 0
++# endif
++
++
+ static void read_pattern_file ();
+ static void tape_skip_padding ();
+ static void defer_copyin ();
+@@ -376,6 +389,54 @@
+ /* Current time for verbose table.  */
+ static time_t current_time;
+ 
++/* Return a safer suffix of FILE_NAME, or "." if it has no safer
++   suffix.  Check for fully specified file names and other atrocities.  */
++
++static const char *
++safer_name_suffix (char const *file_name)
++{
++  char const *p;
++
++  /* Skip file system prefixes, leading file name components that contain
++     "..", and leading slashes.  */
++
++  size_t prefix_len = FILE_SYSTEM_PREFIX_LEN (file_name);
++
++  for (p = file_name + prefix_len; *p;)
++    {
++      if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
++       prefix_len = p + 2 - file_name;
++
++      do
++       {
++         char c = *p++;
++         if (ISSLASH (c))
++           break;
++       }
++      while (*p);
++    }
++
++  for (p = file_name + prefix_len; ISSLASH (*p); p++)
++    continue;
++  prefix_len = p - file_name;
++
++  if (prefix_len)
++    {
++      char *prefix = alloca (prefix_len + 1);
++      memcpy (prefix, file_name, prefix_len);
++      prefix[prefix_len] = '\0';
++
++
++      error (0, 0, "Removing leading `%s' from member names", prefix);
++    }
++
++  if (!*p)
++    p = ".";
++
++  return p;
++}
++
++
+ /* Read the collection from standard input and create files
+    in the file system.  */
+ 
+@@ -396,6 +457,7 @@
+   int in_file_des;		/* Input file descriptor.  */
+   char skip_file;		/* Flag for use with patterns.  */
+   int existing_dir;		/* True if file is a dir & already exists.  */
++  mode_t existing_mode;
+   int i;			/* Loop index variable.  */
+   char *link_name = NULL;	/* Name of hard and symbolic links.  */
+ #ifdef HPUX_CDF
+@@ -494,18 +556,11 @@
+ 
+       /* Do we have to ignore absolute paths, and if so, does the filename
+          have an absolute path?  */
+-      if (no_abs_paths_flag && file_hdr.c_name && file_hdr.c_name [0] == '/')
++      if (!abs_paths_flag && file_hdr.c_name && file_hdr.c_name[0])
+ 	{
+-	  char *p;
++	  const char *p = safer_name_suffix (file_hdr.c_name);
+ 
+-	  p = file_hdr.c_name;
+-	  while (*p == '/')
+-	    ++p;
+-	  if (*p == '\0')
+-	    {
+-	      strcpy (file_hdr.c_name, ".");
+-	    }
+-	  else
++	  if (p != file_hdr.c_name)
+ 	    {
+ 	      char *non_abs_name;
+ 
+@@ -642,6 +697,7 @@
+ 		     we are trying to create, don't complain about
+ 		     it.  */
+ 		  existing_dir = TRUE;
++		  existing_mode = file_stat.st_mode;
+ 		}
+ 	      else if (!unconditional_flag
+ 		       && file_hdr.c_mtime <= file_stat.st_mtime)
+@@ -778,8 +834,6 @@
+ 		    }
+ 		  copy_files_tape_to_disk (in_file_des, out_file_des, file_hdr.c_filesize);
+ 		  disk_empty_output_buffer (out_file_des);
+-		  if (close (out_file_des) < 0)
+-		    error (0, errno, "%s", file_hdr.c_name);
+ 
+ 		  if (archive_format == arf_crcascii)
+ 		    {
+@@ -789,13 +843,15 @@
+ 		    }
+ 		  /* File is now copied; set attributes.  */
+ 		  if (!no_chown_flag)
+-		    if ((chown (file_hdr.c_name,
++		    if ((fchown (out_file_des,
+ 				set_owner_flag ? set_owner : file_hdr.c_uid,
+ 			   set_group_flag ? set_group : file_hdr.c_gid) < 0)
+ 			&& errno != EPERM)
+ 		      error (0, errno, "%s", file_hdr.c_name);
+ 		  /* chown may have turned off some permissions we wanted. */
+-		  if (chmod (file_hdr.c_name, (int) file_hdr.c_mode) < 0)
++		  if (fchmod (out_file_des, (int) file_hdr.c_mode) < 0)
++		    error (0, errno, "%s", file_hdr.c_name);
++		  if (close (out_file_des) < 0)
+ 		    error (0, errno, "%s", file_hdr.c_name);
+ 		  if (retain_time_flag)
+ 		    {
+@@ -847,14 +903,23 @@
+ 		      cdf_flag = 1;
+ 		    }
+ #endif
+-		  res = mkdir (file_hdr.c_name, file_hdr.c_mode);
++		  res = mkdir (file_hdr.c_name, file_hdr.c_mode & ~077);
+ 		}
+ 	      else
+-		res = 0;
++		{
++		  if (!no_chown_flag && (existing_mode & 077) != 0
++		     && chmod (file_hdr.c_name, existing_mode & 07700) < 0)
++		   {
++		     error (0, errno, "%s: chmod", file_hdr.c_name);
++		     return;
++		   }
++		   res = 0;
++		}
++
+ 	      if (res < 0 && create_dir_flag)
+ 		{
+ 		  create_all_directories (file_hdr.c_name);
+-		  res = mkdir (file_hdr.c_name, file_hdr.c_mode);
++		  res = mkdir (file_hdr.c_name, file_hdr.c_mode & ~077);
+ 		}
+ 	      if (res < 0)
+ 		{
+@@ -936,20 +1001,20 @@
+ 	      
+ #ifdef CP_IFIFO
+ 	      if ((file_hdr.c_mode & CP_IFMT) == CP_IFIFO)
+-		res = mkfifo (file_hdr.c_name, file_hdr.c_mode);
++		res = mkfifo (file_hdr.c_name, file_hdr.c_mode & ~077);
+ 	      else
+ #endif
+-		res = mknod (file_hdr.c_name, file_hdr.c_mode,
++		res = mknod (file_hdr.c_name, file_hdr.c_mode & ~077,
+ 		      makedev (file_hdr.c_rdev_maj, file_hdr.c_rdev_min));
+ 	      if (res < 0 && create_dir_flag)
+ 		{
+ 		  create_all_directories (file_hdr.c_name);
+ #ifdef CP_IFIFO
+ 		  if ((file_hdr.c_mode & CP_IFMT) == CP_IFIFO)
+-		    res = mkfifo (file_hdr.c_name, file_hdr.c_mode);
++		    res = mkfifo (file_hdr.c_name, file_hdr.c_mode & ~077);
+ 		  else
+ #endif
+-		    res = mknod (file_hdr.c_name, file_hdr.c_mode,
++		    res = mknod (file_hdr.c_name, file_hdr.c_mode & ~077,
+ 				 makedev (file_hdr.c_rdev_maj,
+ 					  file_hdr.c_rdev_min));
+ 		}
+@@ -1376,18 +1441,18 @@
+ 	  continue;
+ 	}
+ 
+-      if (close (out_file_des) < 0)
+-	error (0, errno, "%s", d->header.c_name);
+-
++  
+       /* File is now copied; set attributes.  */
+       if (!no_chown_flag)
+-	if ((chown (d->header.c_name,
++	if ((fchown (out_file_des,
+ 		    set_owner_flag ? set_owner : d->header.c_uid,
+ 	       set_group_flag ? set_group : d->header.c_gid) < 0)
+ 	    && errno != EPERM)
+ 	  error (0, errno, "%s", d->header.c_name);
+       /* chown may have turned off some permissions we wanted. */
+-      if (chmod (d->header.c_name, (int) d->header.c_mode) < 0)
++      if (fchmod (out_file_des, (int) d->header.c_mode) < 0)
++	error (0, errno, "%s", d->header.c_name);
++      if (close (out_file_des) < 0)
+ 	error (0, errno, "%s", d->header.c_name);
+       if (retain_time_flag)
+ 	{
+Index: contrib/cpio/copyout.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cpio/Attic/copyout.c,v
+retrieving revision 1.2
+diff -u -d -r1.2 copyout.c
+--- contrib/cpio/copyout.c	30 Mar 1997 10:34:16 -0000	1.2
++++ contrib/cpio/copyout.c	3 Jan 2006 00:11:55 -0000
+@@ -49,12 +49,13 @@
+     {
+       char ascii_header[112];
+       char *magic_string;
++      int ret;
+ 
+       if (archive_format == arf_crcascii)
+ 	magic_string = "070702";
+       else
+ 	magic_string = "070701";
+-      sprintf (ascii_header,
++      ret = snprintf (ascii_header, sizeof(ascii_header),
+ 	       "%6s%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx%08lx",
+ 	       magic_string,
+ 	       file_hdr->c_ino, file_hdr->c_mode, file_hdr->c_uid,
+@@ -62,6 +63,10 @@
+ 	     file_hdr->c_filesize, file_hdr->c_dev_maj, file_hdr->c_dev_min,
+ 	   file_hdr->c_rdev_maj, file_hdr->c_rdev_min, file_hdr->c_namesize,
+ 	       file_hdr->c_chksum);
++      if (ret >= sizeof(ascii_header)) {
++	fprintf(stderr, "Internal overflow, aborting\n");
++	exit (1);
++      }
+       tape_buffered_write (ascii_header, out_des, 110L);
+ 
+       /* Write file name to output.  */
+@@ -71,6 +76,7 @@
+   else if (archive_format == arf_oldascii || archive_format == arf_hpoldascii)
+     {
+       char ascii_header[78];
++      int ret;
+ #ifndef __MSDOS__
+       dev_t dev;
+       dev_t rdev;
+@@ -112,7 +118,7 @@
+       if ((file_hdr->c_ino >> 16) != 0)
+ 	error (0, 0, "%s: truncating inode number", file_hdr->c_name);
+ 
+-      sprintf (ascii_header,
++      ret = snprintf (ascii_header, sizeof(ascii_header),
+ 	       "%06o%06o%06lo%06lo%06lo%06lo%06lo%06o%011lo%06lo%011lo",
+ 	       file_hdr->c_magic & 0xFFFF, dev & 0xFFFF,
+ 	       file_hdr->c_ino & 0xFFFF, file_hdr->c_mode & 0xFFFF,
+@@ -120,6 +126,10 @@
+ 	       file_hdr->c_nlink & 0xFFFF, rdev & 0xFFFF,
+ 	       file_hdr->c_mtime, file_hdr->c_namesize & 0xFFFF,
+ 	       file_hdr->c_filesize);
++      if (ret >= sizeof(ascii_header)) {
++	fprintf(stderr, "Internal overflow, aborting\n");
++	exit (1);
++      }
+       tape_buffered_write (ascii_header, out_des, 76L);
+ 
+       /* Write file name to output.  */
+@@ -258,6 +268,14 @@
+ 	  file_hdr.c_dev_maj = major (file_stat.st_dev);
+ 	  file_hdr.c_dev_min = minor (file_stat.st_dev);
+ 	  file_hdr.c_ino = file_stat.st_ino;
++
++	  /* Skip files larger than 4GB which will cause problems on
++	     64bit platforms (and just not work on 32bit). */
++	  if (file_stat.st_size > 0xffffffff) {
++	    error (0, 0, "%s: skipping >4GB file", input_name.ds_string);
++	    continue;
++	  }
++
+ 	  /* For POSIX systems that don't define the S_IF macros,
+ 	     we can't assume that S_ISfoo means the standard Unix
+ 	     S_IFfoo bit(s) are set.  So do it manually, with a
+Index: contrib/cpio/copypass.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cpio/Attic/copypass.c,v
+retrieving revision 1.3
+diff -u -d -r1.3 copypass.c
+--- contrib/cpio/copypass.c	11 Jul 2003 02:19:19 -0000	1.3
++++ contrib/cpio/copypass.c	3 Jan 2006 22:01:58 -0000
+@@ -174,18 +174,18 @@
+ 	      disk_empty_output_buffer (out_file_des);
+ 	      if (close (in_file_des) < 0)
+ 		error (0, errno, "%s", input_name.ds_string);
+-	      if (close (out_file_des) < 0)
+-		error (0, errno, "%s", output_name.ds_string);
+ 
+ 	      /* Set the attributes of the new file.  */
+ 	      if (!no_chown_flag)
+-		if ((chown (output_name.ds_string,
++		if ((fchown (out_file_des,
+ 			    set_owner_flag ? set_owner : in_file_stat.st_uid,
+ 		      set_group_flag ? set_group : in_file_stat.st_gid) < 0)
+ 		    && errno != EPERM)
+ 		  error (0, errno, "%s", output_name.ds_string);
+ 	      /* chown may have turned off some permissions we wanted. */
+-	      if (chmod (output_name.ds_string, in_file_stat.st_mode) < 0)
++	      if (fchmod (out_file_des, in_file_stat.st_mode) < 0)
++		error (0, errno, "%s", output_name.ds_string);
++	      if (close (out_file_des) < 0)
+ 		error (0, errno, "%s", output_name.ds_string);
+ 	      if (reset_time_flag)
+ 		{
+@@ -224,15 +224,24 @@
+ 		  cdf_flag = 1;
+ 		}
+ #endif
+-	      res = mkdir (output_name.ds_string, in_file_stat.st_mode);
++	      res = mkdir (output_name.ds_string, in_file_stat.st_mode & ~077);
+ 
+ 	    }
+ 	  else
+-	    res = 0;
++            {
++              if (!no_chown_flag && (out_file_stat.st_mode & 077) != 0
++                  && chmod (output_name.ds_string, out_file_stat.st_mode & 07700) < 0)
++                {
++                  error (0, errno, "%s: chmod", output_name.ds_string);
++                  continue;
++                }
++              res = 0;
++            }
++
+ 	  if (res < 0 && create_dir_flag)
+ 	    {
+ 	      create_all_directories (output_name.ds_string);
+-	      res = mkdir (output_name.ds_string, in_file_stat.st_mode);
++	      res = mkdir (output_name.ds_string, in_file_stat.st_mode & ~077);
+ 	    }
+ 	  if (res < 0)
+ 	    {
+@@ -298,20 +307,20 @@
+ 	    {
+ #ifdef S_ISFIFO
+ 	      if (S_ISFIFO (in_file_stat.st_mode))
+-		res = mkfifo (output_name.ds_string, in_file_stat.st_mode);
++		res = mkfifo (output_name.ds_string, in_file_stat.st_mode & ~077);
+ 	      else
+ #endif
+-		res = mknod (output_name.ds_string, in_file_stat.st_mode,
++		res = mknod (output_name.ds_string, in_file_stat.st_mode & ~077,
+ 			     in_file_stat.st_rdev);
+ 	      if (res < 0 && create_dir_flag)
+ 		{
+ 		  create_all_directories (output_name.ds_string);
+ #ifdef S_ISFIFO
+ 		  if (S_ISFIFO (in_file_stat.st_mode))
+-		    res = mkfifo (output_name.ds_string, in_file_stat.st_mode);
++		    res = mkfifo (output_name.ds_string, in_file_stat.st_mode & ~077);
+ 		  else
+ #endif
+-		    res = mknod (output_name.ds_string, in_file_stat.st_mode,
++		    res = mknod (output_name.ds_string, in_file_stat.st_mode & ~077,
+ 				 in_file_stat.st_rdev);
+ 		}
+ 	      if (res < 0)
+Index: contrib/cpio/cpio.1
+===================================================================
+RCS file: /home/ncvs/src/contrib/cpio/Attic/cpio.1,v
+retrieving revision 1.3
+diff -u -d -r1.3 cpio.1
+--- contrib/cpio/cpio.1	30 Aug 1997 11:01:54 -0000	1.3
++++ contrib/cpio/cpio.1	2 Jan 2006 23:36:02 -0000
+@@ -19,7 +19,7 @@
+ [\-\-unconditional] [\-\-verbose] [\-\-block-size=blocks] [\-\-swap-halfwords]
+ [\-\-io-size=bytes] [\-\-pattern-file=file] [\-\-format=format]
+ [\-\-owner=[user][:.][group]] [\-\-no-preserve-owner] [\-\-message=message]
+-[\-\-force\-local] [\-\-no\-absolute\-filenames] [\-\-sparse] [\-\-only\-verify\-crc]
++[\-\-force\-local] [\-\-absolute\-filenames] [\-\-sparse] [\-\-only\-verify\-crc]
+ [\-\-quiet] [\-\-help] [\-\-version] [pattern...] [< archive]
+ 
+ .B cpio
+@@ -251,9 +251,9 @@
+ In the verbose table of contents listing, show numeric UID and GID
+ instead of translating them into names.
+ .TP
+-.I " \-\-no-absolute-filenames"
+-In copy-in mode, create all files relative to the current directory,
+-even if they have an absolute file name in the archive.
++.I " \-\-absolute-filenames"
++Do not strip leading file name components that contain ".."
++and leading slashes from file names in copy-in mode
+ .TP
+ .I " \-\-no-preserve-owner"
+ In copy-in mode and copy-pass mode, do not change the ownership of the
+Index: contrib/cpio/extern.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/cpio/Attic/extern.h,v
+retrieving revision 1.2
+diff -u -d -r1.2 extern.h
+--- contrib/cpio/extern.h	30 Mar 1997 10:45:44 -0000	1.2
++++ contrib/cpio/extern.h	2 Jan 2006 23:36:02 -0000
+@@ -46,7 +46,7 @@
+ extern int sparse_flag;
+ extern int quiet_flag;
+ extern int only_verify_crc_flag;
+-extern int no_abs_paths_flag;
++extern int abs_paths_flag;
+ 
+ extern int last_header_start;
+ extern int copy_matching_files;
+Index: contrib/cpio/global.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cpio/Attic/global.c,v
+retrieving revision 1.1.1.1
+diff -u -d -r1.1.1.1 global.c
+--- contrib/cpio/global.c	29 Mar 1997 22:40:44 -0000	1.1.1.1
++++ contrib/cpio/global.c	2 Jan 2006 23:36:02 -0000
+@@ -98,8 +98,8 @@
+    actually extract the files. */
+ int only_verify_crc_flag = FALSE;
+ 
+-/* If TRUE, don't use any absolute paths, prefix them by `./'.  */
+-int no_abs_paths_flag = FALSE;
++/* If TRUE, allow any absolute paths */
++int abs_paths_flag = FALSE;
+ 
+ #ifdef DEBUG_CPIO
+ /* If TRUE, print debugging information.  */
+Index: contrib/cpio/main.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/cpio/Attic/main.c,v
+retrieving revision 1.3
+diff -u -d -r1.3 main.c
+--- contrib/cpio/main.c	15 Sep 1999 01:47:13 -0000	1.3
++++ contrib/cpio/main.c	2 Jan 2006 23:36:02 -0000
+@@ -56,7 +56,7 @@
+   {"list", 0, &table_flag, TRUE},
+   {"make-directories", 0, &create_dir_flag, TRUE},
+   {"message", 1, 0, 'M'},
+-  {"no-absolute-filenames", 0, 0, 136},
++  {"absolute-filenames", 0, 0, 136},
+   {"no-preserve-owner", 0, 0, 134},
+   {"nonmatching", 0, &copy_matching_files, FALSE},
+   {"numeric-uid-gid", 0, &numeric_uid, TRUE},
+@@ -105,7 +105,7 @@
+        [--unconditional] [--verbose] [--block-size=blocks] [--swap-halfwords]\n\
+        [--io-size=bytes] [--pattern-file=file] [--format=format]\n\
+        [--owner=[user][:.][group]] [--no-preserve-owner] [--message=message]\n\
+-       [--force-local] [--no-absolute-filenames] [--sparse] [--only-verify-crc]\n\
++       [--force-local] [--absolute-filenames] [--sparse] [--only-verify-crc]\n\
+        [--quiet] [--help] [--version] [pattern...] [< archive]\n",
+ 	   program_name);
+   fprintf (fp, "\
+@@ -266,8 +266,8 @@
+ 	  numeric_uid = TRUE;
+ 	  break;
+ 
+-	case 136:		/* --no-absolute-filenames */
+-	  no_abs_paths_flag = TRUE;
++	case 136:		/* --absolute-filenames */
++	  abs_paths_flag = TRUE;
+ 	  break;
+ 	
+ 	case 134:		/* --no-preserve-owner */
+@@ -414,7 +414,7 @@
+ 	  || retain_time_flag || no_chown_flag || set_owner_flag
+ 	  || set_group_flag || swap_bytes_flag || swap_halfwords_flag
+ 	  || (append_flag && !(archive_name || output_archive_name))
+-	  || rename_batch_file || no_abs_paths_flag
++	  || rename_batch_file || abs_paths_flag
+ 	  || input_archive_name || (archive_name && output_archive_name))
+ 	usage (stderr, 2);
+       if (archive_format == arf_unknown)
+@@ -429,7 +429,7 @@
+       if (argc - 1 != optind || archive_format != arf_unknown
+ 	  || swap_bytes_flag || swap_halfwords_flag
+ 	  || table_flag || rename_flag || append_flag
+-	  || rename_batch_file || no_abs_paths_flag)
++	  || rename_batch_file || abs_paths_flag)
+ 	usage (stderr, 2);
+       directory_name = argv[optind];
+     }
diff --git a/share/security/patches/SA-06:03/cpio.patch.asc b/share/security/patches/SA-06:03/cpio.patch.asc
new file mode 100644
index 0000000000..5eacfc893f
--- /dev/null
+++ b/share/security/patches/SA-06:03/cpio.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBDxL3QFdaIBMps37IRAvt6AJ4v+xOO9aGIwV2Gb1V+YsXyov2uTQCgkITH
+K9qoEah6VFaM0K6bTghOsJY=
+=uyr/
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:04/ipfw.patch b/share/security/patches/SA-06:04/ipfw.patch
new file mode 100644
index 0000000000..e7a6a67973
--- /dev/null
+++ b/share/security/patches/SA-06:04/ipfw.patch
@@ -0,0 +1,16 @@
+Index: sys/netinet/ip_fw2.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/ip_fw2.c,v
+retrieving revision 1.120
+diff -u -d -r1.120 ip_fw2.c
+--- sys/netinet/ip_fw2.c	16 Dec 2005 13:10:32 -0000	1.120
++++ sys/netinet/ip_fw2.c	1 Jan 2006 22:56:39 -0000
+@@ -3054,7 +3054,7 @@
+ 				 * if the packet is not ICMP (or is an ICMP
+ 				 * query), and it is not multicast/broadcast.
+ 				 */
+-				if (hlen > 0 && is_ipv4 &&
++				if (hlen > 0 && is_ipv4 && offset == 0 &&
+ 				    (proto != IPPROTO_ICMP ||
+ 				     is_icmp_query(ICMP(ulp))) &&
+ 				    !(m->m_flags & (M_BCAST|M_MCAST)) &&
diff --git a/share/security/patches/SA-06:04/ipfw.patch.asc b/share/security/patches/SA-06:04/ipfw.patch.asc
new file mode 100644
index 0000000000..37f1e3f662
--- /dev/null
+++ b/share/security/patches/SA-06:04/ipfw.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBDxL3kFdaIBMps37IRAo8CAJ9VyPNF5AdkH3h9RAzaTXJuwOnfhwCgnJGy
+WoObiQXbf2DHOzpBlK4XNLg=
+=ymqp
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:05/80211.patch b/share/security/patches/SA-06:05/80211.patch
new file mode 100644
index 0000000000..7619e5a878
--- /dev/null
+++ b/share/security/patches/SA-06:05/80211.patch
@@ -0,0 +1,49 @@
+Index: sys/net80211/ieee80211_ioctl.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net80211/ieee80211_ioctl.c,v
+retrieving revision 1.41
+diff -u -p -I__FBSDID -r1.41 ieee80211_ioctl.c
+--- sys/net80211/ieee80211_ioctl.c	14 Dec 2005 19:32:53 -0000	1.41
++++ sys/net80211/ieee80211_ioctl.c	18 Jan 2006 04:39:48 -0000
+@@ -976,13 +976,25 @@ get_scan_result(struct ieee80211req_scan
+ 	const struct ieee80211_node *ni)
+ {
+ 	struct ieee80211com *ic = ni->ni_ic;
++	u_int ielen = 0;
+ 
+ 	memset(sr, 0, sizeof(*sr));
+ 	sr->isr_ssid_len = ni->ni_esslen;
+ 	if (ni->ni_wpa_ie != NULL)
+-		sr->isr_ie_len += 2+ni->ni_wpa_ie[1];
++		ielen += 2+ni->ni_wpa_ie[1];
+ 	if (ni->ni_wme_ie != NULL)
+-		sr->isr_ie_len += 2+ni->ni_wme_ie[1];
++		ielen += 2+ni->ni_wme_ie[1];
++
++	/*
++	 * The value sr->isr_ie_len is defined as a uint8_t, so we
++	 * need to be careful to avoid an integer overflow.  If the
++	 * value would overflow, we will set isr_ie_len to zero, and
++	 * ieee80211_ioctl_getscanresults (below) will avoid copying
++	 * the (overflowing) data.
++	 */
++	if (ielen > 255)
++		ielen = 0;
++	sr->isr_ie_len = ielen;
+ 	sr->isr_len = sizeof(*sr) + sr->isr_ssid_len + sr->isr_ie_len;
+ 	sr->isr_len = roundup(sr->isr_len, sizeof(u_int32_t));
+ 	if (ni->ni_chan != IEEE80211_CHAN_ANYC) {
+@@ -1030,11 +1042,11 @@ ieee80211_ioctl_getscanresults(struct ie
+ 		cp = (u_int8_t *)(sr+1);
+ 		memcpy(cp, ni->ni_essid, ni->ni_esslen);
+ 		cp += ni->ni_esslen;
+-		if (ni->ni_wpa_ie != NULL) {
++		if (sr->isr_ie_len > 0 && ni->ni_wpa_ie != NULL) {
+ 			memcpy(cp, ni->ni_wpa_ie, 2+ni->ni_wpa_ie[1]);
+ 			cp += 2+ni->ni_wpa_ie[1];
+ 		}
+-		if (ni->ni_wme_ie != NULL) {
++		if (sr->isr_ie_len > 0 && ni->ni_wme_ie != NULL) {
+ 			memcpy(cp, ni->ni_wme_ie, 2+ni->ni_wme_ie[1]);
+ 			cp += 2+ni->ni_wme_ie[1];
+ 		}
diff --git a/share/security/patches/SA-06:05/80211.patch.asc b/share/security/patches/SA-06:05/80211.patch.asc
new file mode 100644
index 0000000000..f7f4dc4881
--- /dev/null
+++ b/share/security/patches/SA-06:05/80211.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBDzgUTFdaIBMps37IRAgMgAJ9n5arEtiPilfvYIdFWk9cSV5pV1QCglMWG
+nvZnrvY0Jjflu/Le92+OHac=
+=OZW8
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:06/kmem.patch b/share/security/patches/SA-06:06/kmem.patch
new file mode 100644
index 0000000000..4c7121cbe6
--- /dev/null
+++ b/share/security/patches/SA-06:06/kmem.patch
@@ -0,0 +1,31 @@
+Index: sys/net/if_bridge.c
+===================================================================
+RCS file: /usr/ncvs/src/sys/net/if_bridge.c,v
+retrieving revision 1.50
+diff -u -r1.50 if_bridge.c
+--- sys/net/if_bridge.c	14 Jan 2006 03:51:30 -0000	1.50
++++ sys/net/if_bridge.c	22 Jan 2006 18:05:34 -0000
+@@ -615,6 +615,7 @@
+ 			break;
+ 		}
+ 
++		bzero(&args, sizeof args);
+ 		if (bc->bc_flags & BC_F_COPYIN) {
+ 			error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
+ 			if (error)
+@@ -1022,6 +1023,7 @@
+ 
+ 	count = 0;
+ 	len = bifc->ifbic_len;
++	bzero(&breq, sizeof breq);
+ 	LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
+ 		if (len < sizeof(breq))
+ 			break;
+@@ -1075,6 +1077,7 @@
+ 		return (0);
+ 
+ 	len = bac->ifbac_len;
++	bzero(&bareq, sizeof bareq);
+ 	LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
+ 		if (len < sizeof(bareq))
+ 			goto out;
diff --git a/share/security/patches/SA-06:06/kmem.patch.asc b/share/security/patches/SA-06:06/kmem.patch.asc
new file mode 100644
index 0000000000..f8b2083895
--- /dev/null
+++ b/share/security/patches/SA-06:06/kmem.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBD1051FdaIBMps37IRApFjAJ9HKFbVzZO9LVqfXyKqe7Kj3+ISVQCfZE9G
+m8nVTCU01I8MhIlICQ1LAV4=
+=ygBI
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:06/kmem60.patch b/share/security/patches/SA-06:06/kmem60.patch
new file mode 100644
index 0000000000..668ad3bd71
--- /dev/null
+++ b/share/security/patches/SA-06:06/kmem60.patch
@@ -0,0 +1,47 @@
+Index: sys/net/if_bridge.c
+===================================================================
+RCS file: /usr/ncvs/src/sys/net/if_bridge.c,v
+retrieving revision 1.11.2.12.2.3
+diff -u -r1.11.2.12.2.3 if_bridge.c
+--- sys/net/if_bridge.c	27 Oct 2005 19:43:07 -0000	1.11.2.12.2.3
++++ sys/net/if_bridge.c	22 Jan 2006 18:22:38 -0000
+@@ -583,6 +583,7 @@
+ 			break;
+ 		}
+ 
++		bzero(&args, sizeof args);
+ 		if (bc->bc_flags & BC_F_COPYIN) {
+ 			error = copyin(ifd->ifd_data, &args, ifd->ifd_len);
+ 			if (error)
+@@ -914,6 +915,7 @@
+ 
+ 	count = 0;
+ 	len = bifc->ifbic_len;
++	bzero(&breq, sizeof breq);
+ 	LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
+ 		if (len < sizeof(breq))
+ 			break;
+@@ -953,6 +955,7 @@
+ 	getmicrotime(&tv);
+ 
+ 	len = bac->ifbac_len;
++	bzero(&bareq, sizeof bareq);
+ 	LIST_FOREACH(brt, &sc->sc_rtlist, brt_list) {
+ 		if (len < sizeof(bareq))
+ 			goto out;
+Index: sys/net80211/ieee80211_ioctl.c
+===================================================================
+RCS file: /usr/ncvs/src/sys/net80211/ieee80211_ioctl.c,v
+retrieving revision 1.25.2.3.2.1
+diff -u -r1.25.2.3.2.1 ieee80211_ioctl.c
+--- sys/net80211/ieee80211_ioctl.c	18 Jan 2006 09:03:36 -0000	1.25.2.3.2.1
++++ sys/net80211/ieee80211_ioctl.c	22 Jan 2006 18:21:50 -0000
+@@ -884,7 +884,7 @@
+ ieee80211_ioctl_getchanlist(struct ieee80211com *ic, struct ieee80211req *ireq)
+ {
+ 
+-	if (sizeof(ic->ic_chan_active) > ireq->i_len)
++	if (sizeof(ic->ic_chan_active) < ireq->i_len)
+ 		ireq->i_len = sizeof(ic->ic_chan_active);
+ 	return copyout(&ic->ic_chan_active, ireq->i_data, ireq->i_len);
+ }
diff --git a/share/security/patches/SA-06:06/kmem60.patch.asc b/share/security/patches/SA-06:06/kmem60.patch.asc
new file mode 100644
index 0000000000..2ffe72be6e
--- /dev/null
+++ b/share/security/patches/SA-06:06/kmem60.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBD105+FdaIBMps37IRAgxDAJ49TFSCLg3uR69t07j5CFXu3vKbCACfV+T+
+I5cnS2uoqxJRrNQ1lgPNFJA=
+=k17h
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:07/pf.patch b/share/security/patches/SA-06:07/pf.patch
new file mode 100644
index 0000000000..d85aaed5d0
--- /dev/null
+++ b/share/security/patches/SA-06:07/pf.patch
@@ -0,0 +1,16 @@
+Index: sys/contrib/pf/net/pf_norm.c
+===================================================================
+RCS file: /home/ncvs/src/sys/contrib/pf/net/pf_norm.c,v
+retrieving revision 1.11.2.2
+diff -u -p -I__FBSDID -r1.11.2.2 pf_norm.c
+--- sys/contrib/pf/net/pf_norm.c	17 Jan 2006 13:05:32 -0000	1.11.2.2
++++ sys/contrib/pf/net/pf_norm.c	22 Jan 2006 16:38:31 -0000
+@@ -818,7 +818,7 @@ pf_fragcache(struct mbuf **m0, struct ip
+ 			} else {
+ 				hosed++;
+ 			}
+-		} else {
++		} else if (frp == NULL) {
+ 			/* There is a gap between fragments */
+ 			DPFPRINTF(("fragcache[%d]: gap %d %d-%d (%d-%d)\n",
+ 			    h->ip_id, -aftercut, off, max, fra->fr_off,
diff --git a/share/security/patches/SA-06:07/pf.patch.asc b/share/security/patches/SA-06:07/pf.patch.asc
new file mode 100644
index 0000000000..71a112670f
--- /dev/null
+++ b/share/security/patches/SA-06:07/pf.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBD106KFdaIBMps37IRApcXAJ9MXSviHCMO4cqZb9cLWSVRGkJ5ngCfRW/l
+Iba0mEBso0j5Wg3XY7PG0e8=
+=pDZm
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:08/sack.patch b/share/security/patches/SA-06:08/sack.patch
new file mode 100644
index 0000000000..94bcd430de
--- /dev/null
+++ b/share/security/patches/SA-06:08/sack.patch
@@ -0,0 +1,24 @@
+Index: sys/netinet/tcp_sack.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet/tcp_sack.c,v
+retrieving revision 1.3
+diff -u -p -I__FBSDID -r1.3 tcp_sack.c
+--- sys/netinet/tcp_sack.c	17 Aug 2004 22:05:54 -0000	1.3
++++ sys/netinet/tcp_sack.c	26 Jan 2006 15:18:05 -0000
+@@ -301,6 +301,7 @@ tcp_sack_option(struct tcpcb *tp, struct
+ 		tp->snd_numholes = 0;
+ 	if (tp->t_maxseg == 0)
+ 		panic("tcp_sack_option"); /* Should never happen */
++next_block:
+ 	while (tmp_olen > 0) {
+ 		struct sackblk sack;
+ 
+@@ -390,7 +391,7 @@ tcp_sack_option(struct tcpcb *tp, struct
+ 				temp = (struct sackhole *)
+ 					uma_zalloc(sack_hole_zone,M_NOWAIT);
+ 				if (temp == NULL)
+-					continue; /* ENOBUFS */
++					goto next_block; /* ENOBUFS */
+ 				temp->next = cur->next;
+ 				temp->start = sack.end;
+ 				temp->end = cur->end;
diff --git a/share/security/patches/SA-06:08/sack.patch.asc b/share/security/patches/SA-06:08/sack.patch.asc
new file mode 100644
index 0000000000..4f339c8c54
--- /dev/null
+++ b/share/security/patches/SA-06:08/sack.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBD4Q/fFdaIBMps37IRApE7AJoDscEDgh4pZE/nAhu5aJty5Q9tKQCfRxyi
+3Aoid880g9La0KWtYOTDCxI=
+=xdw2
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:09/openssh.patch b/share/security/patches/SA-06:09/openssh.patch
new file mode 100644
index 0000000000..0bb7a77569
--- /dev/null
+++ b/share/security/patches/SA-06:09/openssh.patch
@@ -0,0 +1,104 @@
+Index: crypto/openssh/auth-pam.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth-pam.c,v
+retrieving revision 1.14
+diff -u -r1.14 auth-pam.c
+--- crypto/openssh/auth-pam.c	20 Apr 2004 09:46:39 -0000	1.14
++++ crypto/openssh/auth-pam.c	6 Jan 2006 11:29:00 -0000
+@@ -94,10 +94,17 @@
+ static void 
+ sshpam_sigchld_handler(int sig)
+ {
++	signal(SIGCHLD, SIG_DFL);
+ 	if (cleanup_ctxt == NULL)
+ 		return;	/* handler called after PAM cleanup, shouldn't happen */
+-	if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0) == -1)
+-		return;	/* couldn't wait for process */
++	if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG)
++	     <= 0) {
++		/* PAM thread has not exitted, privsep slave must have */
++		kill(cleanup_ctxt->pam_thread, SIGTERM);
++		if (waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0)
++		    <= 0)
++			return; /* could not wait */
++	}
+ 	if (WIFSIGNALED(sshpam_thread_status) &&
+ 	    WTERMSIG(sshpam_thread_status) == SIGTERM)
+ 		return;	/* terminated by pthread_cancel */
+Index: crypto/openssh/ssh_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
+retrieving revision 1.25
+diff -u -r1.25 ssh_config
+--- crypto/openssh/ssh_config	20 Apr 2004 09:37:28 -0000	1.25
++++ crypto/openssh/ssh_config	23 Jan 2006 09:50:35 -0000
+@@ -36,4 +36,4 @@
+ #   Cipher 3des
+ #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+ #   EscapeChar ~
+-#   VersionAddendum FreeBSD-20040419
++#   VersionAddendum FreeBSD-20060123
+Index: crypto/openssh/ssh_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v
+retrieving revision 1.15
+diff -u -r1.15 ssh_config.5
+--- crypto/openssh/ssh_config.5	20 Apr 2004 09:46:40 -0000	1.15
++++ crypto/openssh/ssh_config.5	23 Jan 2006 09:50:35 -0000
+@@ -719,7 +719,7 @@
+ Specifies a string to append to the regular version string to identify
+ OS- or site-specific modifications.
+ The default is
+-.Dq FreeBSD-20040419 .
++.Dq FreeBSD-20060123 .
+ .It Cm XAuthLocation
+ Specifies the full pathname of the
+ .Xr xauth 1
+Index: crypto/openssh/sshd_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
+retrieving revision 1.40
+diff -u -r1.40 sshd_config
+--- crypto/openssh/sshd_config	20 Apr 2004 09:37:29 -0000	1.40
++++ crypto/openssh/sshd_config	23 Jan 2006 09:50:35 -0000
+@@ -14,7 +14,7 @@
+ # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+ # FreeBSD has a few additional options.
+ 
+-#VersionAddendum FreeBSD-20040419
++#VersionAddendum FreeBSD-20060123
+ 
+ #Port 22
+ #Protocol 2
+Index: crypto/openssh/sshd_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v
+retrieving revision 1.21
+diff -u -r1.21 sshd_config.5
+--- crypto/openssh/sshd_config.5	20 Apr 2004 09:46:40 -0000	1.21
++++ crypto/openssh/sshd_config.5	23 Jan 2006 09:50:35 -0000
+@@ -660,7 +660,7 @@
+ Specifies a string to append to the regular version string to identify
+ OS- or site-specific modifications.
+ The default is
+-.Dq FreeBSD-20040419 .
++.Dq FreeBSD-20060123 .
+ .It Cm X11DisplayOffset
+ Specifies the first display number available for
+ .Nm sshd Ns 's
+Index: crypto/openssh/version.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/version.h,v
+retrieving revision 1.27
+diff -u -r1.27 version.h
+--- crypto/openssh/version.h	20 Apr 2004 09:46:40 -0000	1.27
++++ crypto/openssh/version.h	23 Jan 2006 09:50:35 -0000
+@@ -5,7 +5,7 @@
+ 
+ #define SSH_VERSION             (ssh_version_get())
+ #define SSH_VERSION_BASE        "OpenSSH_3.8.1p1"
+-#define SSH_VERSION_ADDENDUM    "FreeBSD-20040419"
++#define SSH_VERSION_ADDENDUM    "FreeBSD-20060123"
+ 
+ const char *ssh_version_get(void);
+ void ssh_version_set_addendum(const char *add);
diff --git a/share/security/patches/SA-06:09/openssh.patch.asc b/share/security/patches/SA-06:09/openssh.patch.asc
new file mode 100644
index 0000000000..ee495ce7bb
--- /dev/null
+++ b/share/security/patches/SA-06:09/openssh.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBEBbOzFdaIBMps37IRApH/AJ4s+MTO4SrX7hvVR2U8dFBBjTLfUgCfatq/
+Ci1y8lND+BFlKZhXXJ91y68=
+=GF9N
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:10/nfs.patch b/share/security/patches/SA-06:10/nfs.patch
new file mode 100644
index 0000000000..57fae4d2c7
--- /dev/null
+++ b/share/security/patches/SA-06:10/nfs.patch
@@ -0,0 +1,11 @@
+--- sys/nfsserver/nfs_srvsock.c	28 Jan 2006 19:24:40 -0000	1.96
++++ sys/nfsserver/nfs_srvsock.c	25 Feb 2006 21:27:10 -0000
+@@ -592,7 +592,7 @@
+ 			slp->ns_flag |= SLP_LASTFRAG;
+ 		else
+ 			slp->ns_flag &= ~SLP_LASTFRAG;
+-		if (slp->ns_reclen > NFS_MAXPACKET) {
++		if (slp->ns_reclen > NFS_MAXPACKET || slp->ns_reclen <= 0) {
+ 			slp->ns_flag &= ~SLP_GETSTREAM;
+ 			return (EPERM);
+ 		}
diff --git a/share/security/patches/SA-06:10/nfs.patch.asc b/share/security/patches/SA-06:10/nfs.patch.asc
new file mode 100644
index 0000000000..b18cb671ad
--- /dev/null
+++ b/share/security/patches/SA-06:10/nfs.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBEBbOuFdaIBMps37IRAqUmAJ4lMmqDxqdyhI1Qu0dsSDGWt7Zz1ACfaHfC
+eHLKt5oATzCebIO+Uy5DLzc=
+=T/0n
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:10/nfs4.patch b/share/security/patches/SA-06:10/nfs4.patch
new file mode 100644
index 0000000000..539eae8905
--- /dev/null
+++ b/share/security/patches/SA-06:10/nfs4.patch
@@ -0,0 +1,11 @@
+--- sys/nfs/nfs_socket.c	26 Mar 2003 01:44:46 -0000	1.60.2.6
++++ sys/nfs/nfs_socket.c	26 Feb 2006 19:00:39 -0000
+@@ -2189,7 +2189,7 @@
+ 			slp->ns_flag |= SLP_LASTFRAG;
+ 		else
+ 			slp->ns_flag &= ~SLP_LASTFRAG;
+-		if (slp->ns_reclen > NFS_MAXPACKET) {
++		if (slp->ns_reclen > NFS_MAXPACKET || slp->ns_reclen <= 0) {
+ 			slp->ns_flag &= ~SLP_GETSTREAM;
+ 			return (EPERM);
+ 		}
diff --git a/share/security/patches/SA-06:10/nfs4.patch.asc b/share/security/patches/SA-06:10/nfs4.patch.asc
new file mode 100644
index 0000000000..74f49b3006
--- /dev/null
+++ b/share/security/patches/SA-06:10/nfs4.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2 (FreeBSD)
+
+iD8DBQBEBbOxFdaIBMps37IRAk5tAJ45NhNFZiCkYn6fiZp3Z1Bwhg/6fwCfRRxd
+LKPCUq8iGBuTIV3iW/m1vVQ=
+=cXgJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:11/ipsec.patch b/share/security/patches/SA-06:11/ipsec.patch
new file mode 100644
index 0000000000..73dbb8f7b8
--- /dev/null
+++ b/share/security/patches/SA-06:11/ipsec.patch
@@ -0,0 +1,31 @@
+Index: sys/netipsec/xform_esp.c
+===================================================================
+RCS file: /usr/ncvs/src/sys/netipsec/xform_esp.c,v
+retrieving revision 1.11
+diff -u -r1.11 xform_esp.c
+--- sys/netipsec/xform_esp.c	15 Mar 2006 21:11:11 -0000	1.11
++++ sys/netipsec/xform_esp.c	19 Mar 2006 17:20:07 -0000
+@@ -555,6 +555,23 @@
+ 	 */
+ 	m->m_flags |= M_DECRYPTED;
+ 
++	/*
++	 * Update replay sequence number, if appropriate.
++	 */
++	if (sav->replay) {
++		u_int32_t seq;
++
++		m_copydata(m, skip + offsetof(struct newesp, esp_seq),
++			   sizeof (seq), (caddr_t) &seq);
++		if (ipsec_updatereplay(ntohl(seq), sav)) {
++			DPRINTF(("%s: packet replay check for %s\n", __func__,
++			    ipsec_logsastr(sav)));
++			espstat.esps_replay++;
++			error = ENOBUFS;
++			goto bad;
++		}
++	}
++
+ 	/* Determine the ESP header length */
+ 	if (sav->flags & SADB_X_EXT_OLD)
+ 		hlen = sizeof (struct esp) + sav->ivlen;
diff --git a/share/security/patches/SA-06:11/ipsec.patch.asc b/share/security/patches/SA-06:11/ipsec.patch.asc
new file mode 100644
index 0000000000..e5418aa5a1
--- /dev/null
+++ b/share/security/patches/SA-06:11/ipsec.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2.2 (FreeBSD)
+
+iD8DBQBEISkDFdaIBMps37IRAtlUAJ9omAkbdQPqBICjEgBu8baptWvInwCfVAmB
+hG3t/uXdM23bxB4n2UTruOY=
+=6xdy
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:12/opie.patch b/share/security/patches/SA-06:12/opie.patch
new file mode 100644
index 0000000000..e43d876405
--- /dev/null
+++ b/share/security/patches/SA-06:12/opie.patch
@@ -0,0 +1,22 @@
+--- contrib/opie/opiepasswd.c
++++ contrib/opie/opiepasswd.c
+@@ -118,11 +118,18 @@
+   struct opie opie;
+   int rval, n = 499, i, mode = MODE_DEFAULT, force = 0;
+   char seed[OPIE_SEED_MAX+1];
++  char *username;
++  uid_t ruid;
+   struct passwd *pp;
+ 
+   memset(seed, 0, sizeof(seed));
+ 
+-  if (!(pp = getpwnam(getlogin()))) {
++  ruid = getuid();
++  username = getlogin();
++  pp = getpwnam(username);
++  if (username == NULL || pp == NULL || pp->pw_uid != ruid)
++    pp = getpwuid(ruid);
++  if (pp == NULL) {
+     fprintf(stderr, "Who are you?");
+     return 1;
+   }
diff --git a/share/security/patches/SA-06:12/opie.patch.asc b/share/security/patches/SA-06:12/opie.patch.asc
new file mode 100644
index 0000000000..0d9e69b013
--- /dev/null
+++ b/share/security/patches/SA-06:12/opie.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2.2 (FreeBSD)
+
+iD8DBQBEISkaFdaIBMps37IRAqnlAJwKBz+NO9NNHTYuybdb8NJdQftNtgCfc5+N
+BHliH/oBV8DvSL7pUh3GHoM=
+=k74n
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:13/sendmail.patch b/share/security/patches/SA-06:13/sendmail.patch
new file mode 100644
index 0000000000..934a9ee80d
--- /dev/null
+++ b/share/security/patches/SA-06:13/sendmail.patch
@@ -0,0 +1,2973 @@
+Index: contrib/sendmail/libsm/fflush.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/libsm/fflush.c,v
+retrieving revision 1.1.1.3
+diff -u -I__FBSDID -r1.1.1.3 fflush.c
+--- contrib/sendmail/libsm/fflush.c	11 Jun 2002 21:11:58 -0000	1.1.1.3
++++ contrib/sendmail/libsm/fflush.c	21 Mar 2006 12:37:38 -0000
+@@ -145,6 +145,7 @@
+ 				return SM_IO_EOF;
+ 			}
+ 			SM_IO_WR_TIMEOUT(fp, fd, *timeout);
++			t = 0;
+ 		}
+ 	}
+ 	return 0;
+Index: contrib/sendmail/libsm/local.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/libsm/local.h,v
+retrieving revision 1.1.1.7
+diff -u -I__FBSDID -r1.1.1.7 local.h
+--- contrib/sendmail/libsm/local.h	1 Aug 2004 01:04:45 -0000	1.1.1.7
++++ contrib/sendmail/libsm/local.h	21 Mar 2006 12:37:38 -0000
+@@ -192,7 +192,7 @@
+ 	else \
+ 	{ \
+ 		(time)->tv_sec = (val) / 1000; \
+-		(time)->tv_usec = ((val) - ((time)->tv_sec * 1000)) * 10; \
++		(time)->tv_usec = ((val) - ((time)->tv_sec * 1000)) * 1000; \
+ 	} \
+ 	if ((val) == SM_TIME_FOREVER) \
+ 	{ \
+@@ -276,7 +276,7 @@
+ 	else \
+ 	{ \
+ 		sm_io_to.tv_sec = (to) / 1000; \
+-		sm_io_to.tv_usec = ((to) - (sm_io_to.tv_sec * 1000)) * 10; \
++		sm_io_to.tv_usec = ((to) - (sm_io_to.tv_sec * 1000)) * 1000; \
+ 	} \
+ 	if (FD_SETSIZE > 0 && (fd) >= FD_SETSIZE) \
+ 	{ \
+@@ -289,8 +289,11 @@
+ 	FD_SET((fd), &sm_io_x_mask); \
+ 	if (gettimeofday(&sm_io_to_before, NULL) < 0) \
+ 		return SM_IO_EOF; \
+-	sm_io_to_sel = select((fd) + 1, NULL, &sm_io_to_mask, &sm_io_x_mask, \
+-			      &sm_io_to); \
++	do \
++	{	\
++		sm_io_to_sel = select((fd) + 1, NULL, &sm_io_to_mask, \
++					&sm_io_x_mask, &sm_io_to); \
++	} while (sm_io_to_sel < 0 && errno == EINTR); \
+ 	if (sm_io_to_sel < 0) \
+ 	{ \
+ 		/* something went wrong, errno set */ \
+@@ -305,10 +308,9 @@
+ 	/* else loop again */ \
+ 	if (gettimeofday(&sm_io_to_after, NULL) < 0) \
+ 		return SM_IO_EOF; \
+-	timersub(&sm_io_to_before, &sm_io_to_after, &sm_io_to_diff); \
+-	timersub(&sm_io_to, &sm_io_to_diff, &sm_io_to); \
+-	(to) -= (sm_io_to.tv_sec * 1000); \
+-	(to) -= (sm_io_to.tv_usec / 10); \
++	timersub(&sm_io_to_after, &sm_io_to_before, &sm_io_to_diff); \
++	(to) -= (sm_io_to_diff.tv_sec * 1000); \
++	(to) -= (sm_io_to_diff.tv_usec / 1000); \
+ 	if ((to) < 0) \
+ 		(to) = 0; \
+ }
+Index: contrib/sendmail/libsm/refill.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/libsm/refill.c,v
+retrieving revision 1.1.1.5
+diff -u -I__FBSDID -r1.1.1.5 refill.c
+--- contrib/sendmail/libsm/refill.c	1 Aug 2004 01:04:45 -0000	1.1.1.5
++++ contrib/sendmail/libsm/refill.c	21 Mar 2006 12:37:39 -0000
+@@ -76,8 +76,11 @@
+ 	FD_SET((fd), &sm_io_x_mask);					\
+ 	if (gettimeofday(&sm_io_to_before, NULL) < 0)			\
+ 		return SM_IO_EOF;					\
+-	(sel_ret) = select((fd) + 1, &sm_io_to_mask, NULL,		\
+-			   &sm_io_x_mask, (to));			\
++	do								\
++	{								\
++		(sel_ret) = select((fd) + 1, &sm_io_to_mask, NULL,	\
++			   	&sm_io_x_mask, (to));			\
++	} while ((sel_ret) < 0 && errno == EINTR);			\
+ 	if ((sel_ret) < 0)						\
+ 	{								\
+ 		/* something went wrong, errno set */			\
+@@ -94,7 +97,7 @@
+ 	/* calulate wall-clock time used */				\
+ 	if (gettimeofday(&sm_io_to_after, NULL) < 0)			\
+ 		return SM_IO_EOF;					\
+-	timersub(&sm_io_to_before, &sm_io_to_after, &sm_io_to_diff);	\
++	timersub(&sm_io_to_after, &sm_io_to_before, &sm_io_to_diff);	\
+ 	timersub((to), &sm_io_to_diff, (to));				\
+ }
+ 
+Index: contrib/sendmail/src/collect.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/collect.c,v
+retrieving revision 1.1.1.21
+diff -u -I__FBSDID -r1.1.1.21 collect.c
+--- contrib/sendmail/src/collect.c	7 Jun 2005 04:14:11 -0000	1.1.1.21
++++ contrib/sendmail/src/collect.c	21 Mar 2006 12:37:39 -0000
+@@ -15,7 +15,6 @@
+ 
+ SM_RCSID("@(#)$Id: collect.c,v 8.261 2005/02/16 23:38:51 ca Exp $")
+ 
+-static void	collecttimeout __P((int));
+ static void	eatfrom __P((char *volatile, ENVELOPE *));
+ static void	collect_doheader __P((ENVELOPE *));
+ static SM_FILE_T *collect_dfopen __P((ENVELOPE *));
+@@ -263,10 +262,6 @@
+ **		If data file cannot be created, the process is terminated.
+ */
+ 
+-static jmp_buf	CtxCollectTimeout;
+-static bool	volatile CollectProgress;
+-static SM_EVENT	*volatile CollectTimeout = NULL;
+-
+ /* values for input state machine */
+ #define IS_NORM		0	/* middle of line */
+ #define IS_BOL		1	/* beginning of line */
+@@ -288,27 +283,31 @@
+ 	register ENVELOPE *e;
+ 	bool rsetsize;
+ {
+-	register SM_FILE_T *volatile df;
+-	volatile bool ignrdot;
+-	volatile int dbto;
+-	register char *volatile bp;
+-	volatile int c;
+-	volatile bool inputerr;
++	register SM_FILE_T *df;
++	bool ignrdot;
++	int dbto;
++	register char *bp;
++	int c;
++	bool inputerr;
+ 	bool headeronly;
+-	char *volatile buf;
+-	volatile int buflen;
+-	volatile int istate;
+-	volatile int mstate;
+-	volatile int hdrslen;
+-	volatile int numhdrs;
+-	volatile int afd;
+-	unsigned char *volatile pbp;
++	char *buf;
++	int buflen;
++	int istate;
++	int mstate;
++	int hdrslen;
++	int numhdrs;
++	int afd;
++	unsigned char *pbp;
+ 	unsigned char peekbuf[8];
+ 	char bufbuf[MAXLINE];
+ 
+ 	df = NULL;
+ 	ignrdot = smtpmode ? false : IgnrDot;
+-	dbto = smtpmode ? (int) TimeOuts.to_datablock : 0;
++
++	/* timeout for I/O functions is in milliseconds */
++	dbto = smtpmode ? ((int) TimeOuts.to_datablock * 1000)
++			: SM_TIME_FOREVER;
++	sm_io_setinfo(fp, SM_IO_WHAT_TIMEOUT, &dbto);
+ 	c = SM_IO_EOF;
+ 	inputerr = false;
+ 	headeronly = hdrp != NULL;
+@@ -320,7 +319,6 @@
+ 	pbp = peekbuf;
+ 	istate = IS_BOL;
+ 	mstate = SaveFrom ? MS_HEADER : MS_UFROM;
+-	CollectProgress = false;
+ 
+ 	/*
+ 	**  Tell ARPANET to go ahead.
+@@ -341,32 +339,6 @@
+ 	**	the larger picture (e.g., header versus body).
+ 	*/
+ 
+-	if (dbto != 0)
+-	{
+-		/* handle possible input timeout */
+-		if (setjmp(CtxCollectTimeout) != 0)
+-		{
+-			if (LogLevel > 2)
+-				sm_syslog(LOG_NOTICE, e->e_id,
+-					  "timeout waiting for input from %s during message collect",
+-					  CURHOSTNAME);
+-			errno = 0;
+-			if (smtpmode)
+-			{
+-				/*
+-				**  Override e_message in usrerr() as this
+-				**  is the reason for failure that should
+-				**  be logged for undelivered recipients.
+-				*/
+-
+-				e->e_message = NULL;
+-			}
+-			usrerr("451 4.4.1 timeout waiting for input during message collect");
+-			goto readerr;
+-		}
+-		CollectTimeout = sm_setevent(dbto, collecttimeout, dbto);
+-	}
+-
+ 	if (rsetsize)
+ 		e->e_msgsize = 0;
+ 	for (;;)
+@@ -390,9 +362,26 @@
+ 						sm_io_clearerr(fp);
+ 						continue;
+ 					}
++
++					/* timeout? */
++					if (c == SM_IO_EOF && errno == EAGAIN
++					    && smtpmode)
++					{
++						/*
++						**  Override e_message in
++						**  usrerr() as this is the
++						**  reason for failure that
++						**  should be logged for
++						**  undelivered recipients.
++						*/
++
++						e->e_message = NULL;
++						errno = 0;
++						inputerr = true;
++						goto readabort;
++					}
+ 					break;
+ 				}
+-				CollectProgress = true;
+ 				if (TrafficLogFile != NULL && !headeronly)
+ 				{
+ 					if (istate == IS_BOL)
+@@ -538,6 +527,18 @@
+ 					buflen *= 2;
+ 				else
+ 					buflen += MEMCHUNKSIZE;
++				if (buflen <= 0)
++				{
++					sm_syslog(LOG_NOTICE, e->e_id,
++						  "header overflow from %s during message collect",
++						  CURHOSTNAME);
++					errno = 0;
++					e->e_flags |= EF_CLRQUEUE;
++					e->e_status = "5.6.0";
++					usrerrenh(e->e_status,
++						  "552 Headers too large");
++					goto discard;
++				}
+ 				buf = xalloc(buflen);
+ 				memmove(buf, obuf, bp - obuf);
+ 				bp = &buf[bp - obuf];
+@@ -581,6 +582,7 @@
+ 					usrerrenh(e->e_status,
+ 						  "552 Headers too large (%d max)",
+ 						  MaxHeadersLength);
++  discard:
+ 					mstate = MS_DISCARD;
+ 				}
+ 			}
+@@ -620,6 +622,24 @@
+ 				sm_io_clearerr(fp);
+ 				errno = 0;
+ 				c = sm_io_getc(fp, SM_TIME_DEFAULT);
++
++				/* timeout? */
++				if (c == SM_IO_EOF && errno == EAGAIN
++				    && smtpmode)
++				{
++					/*
++					**  Override e_message in
++					**  usrerr() as this is the
++					**  reason for failure that
++					**  should be logged for
++					**  undelivered recipients.
++					*/
++
++					e->e_message = NULL;
++					errno = 0;
++					inputerr = true;
++					goto readabort;
++				}
+ 			} while (c == SM_IO_EOF && errno == EINTR);
+ 			if (c != SM_IO_EOF)
+ 				(void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
+@@ -629,8 +649,12 @@
+ 				continue;
+ 			}
+ 
+-			/* trim off trailing CRLF or NL */
+ 			SM_ASSERT(bp > buf);
++
++			/* guaranteed by isheader(buf) */
++			SM_ASSERT(*(bp - 1) != '\n' || bp > buf + 1);
++
++			/* trim off trailing CRLF or NL */
+ 			if (*--bp != '\n' || *--bp != '\r')
+ 				bp++;
+ 			*bp = '\0';
+@@ -696,10 +720,6 @@
+ 		inputerr = true;
+ 	}
+ 
+-	/* reset global timer */
+-	if (CollectTimeout != NULL)
+-		sm_clrevent(CollectTimeout);
+-
+ 	if (headeronly)
+ 		return;
+ 
+@@ -786,6 +806,7 @@
+ 	}
+ 
+ 	/* An EOF when running SMTP is an error */
++  readabort:
+ 	if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
+ 	{
+ 		char *host;
+@@ -808,13 +829,14 @@
+ 				problem, host,
+ 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
+ 		if (sm_io_eof(fp))
+-			usrerr("451 4.4.1 collect: %s on connection from %s, from=%s",
++			usrerr("421 4.4.1 collect: %s on connection from %s, from=%s",
+ 				problem, host,
+ 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
+ 		else
+-			syserr("451 4.4.1 collect: %s on connection from %s, from=%s",
++			syserr("421 4.4.1 collect: %s on connection from %s, from=%s",
+ 				problem, host,
+ 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
++		flush_errors(true);
+ 
+ 		/* don't return an error indication */
+ 		e->e_to = NULL;
+@@ -907,39 +929,6 @@
+ 	}
+ }
+ 
+-static void
+-collecttimeout(timeout)
+-	int timeout;
+-{
+-	int save_errno = errno;
+-
+-	/*
+-	**  NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER.  DO NOT ADD
+-	**	ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
+-	**	DOING.
+-	*/
+-
+-	if (CollectProgress)
+-	{
+-		/* reset the timeout */
+-		CollectTimeout = sm_sigsafe_setevent(timeout, collecttimeout,
+-						     timeout);
+-		CollectProgress = false;
+-	}
+-	else
+-	{
+-		/* event is done */
+-		CollectTimeout = NULL;
+-	}
+-
+-	/* if no progress was made or problem resetting event, die now */
+-	if (CollectTimeout == NULL)
+-	{
+-		errno = ETIMEDOUT;
+-		longjmp(CtxCollectTimeout, 1);
+-	}
+-	errno = save_errno;
+-}
+ /*
+ **  DFERROR -- signal error on writing the data file.
+ **
+Index: contrib/sendmail/src/conf.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/conf.c,v
+retrieving revision 1.28
+diff -u -I__FBSDID -r1.28 conf.c
+--- contrib/sendmail/src/conf.c	7 Jun 2005 04:17:21 -0000	1.28
++++ contrib/sendmail/src/conf.c	21 Mar 2006 12:37:42 -0000
+@@ -5310,8 +5310,8 @@
+ 	va_dcl
+ #endif /* __STDC__ */
+ {
+-	static char *buf = NULL;
+-	static size_t bufsize;
++	char *buf;
++	size_t bufsize;
+ 	char *begin, *end;
+ 	int save_errno;
+ 	int seq = 1;
+@@ -5335,11 +5335,8 @@
+ 	else
+ 		idlen = strlen(id) + SyslogPrefixLen;
+ 
+-	if (buf == NULL)
+-	{
+-		buf = buf0;
+-		bufsize = sizeof buf0;
+-	}
++	buf = buf0;
++	bufsize = sizeof buf0;
+ 
+ 	for (;;)
+ 	{
+@@ -5381,8 +5378,8 @@
+ 			(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+ 					     "%s: %s\n", id, newstring);
+ #endif /* LOG */
+-		if (buf == buf0)
+-			buf = NULL;
++		if (buf != buf0)
++			sm_free(buf);
+ 		errno = save_errno;
+ 		return;
+ 	}
+@@ -5446,8 +5443,8 @@
+ 		(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+ 				     "%s[%d]: %s\n", id, seq, begin);
+ #endif /* LOG */
+-	if (buf == buf0)
+-		buf = NULL;
++	if (buf != buf0)
++		sm_free(buf);
+ 	errno = save_errno;
+ }
+ /*
+Index: contrib/sendmail/src/deliver.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/deliver.c,v
+retrieving revision 1.1.1.23
+diff -u -I__FBSDID -r1.1.1.23 deliver.c
+--- contrib/sendmail/src/deliver.c	7 Jun 2005 04:14:20 -0000	1.1.1.23
++++ contrib/sendmail/src/deliver.c	21 Mar 2006 12:37:44 -0000
+@@ -3257,16 +3257,33 @@
+ 	}
+ 	else if (!clever)
+ 	{
++		bool ok;
++
+ 		/*
+ 		**  Format and send message.
+ 		*/
+ 
+-		putfromline(mci, e);
+-		(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
+-		(*e->e_putbody)(mci, e, NULL);
++		rcode = EX_OK;
++		errno = 0;
++		ok = putfromline(mci, e);
++		if (ok)
++			ok = (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
++		if (ok)
++			ok = (*e->e_putbody)(mci, e, NULL);
+ 
+-		/* get the exit status */
++		/*
++		**  Ignore an I/O error that was caused by EPIPE.
++		**  Some broken mailers don't read the entire body
++		**  but just exit() thus causing an I/O error.
++		*/
++
++		if (!ok && (sm_io_error(mci->mci_out) && errno == EPIPE))
++			ok = true;
++
++		/* (always) get the exit status */
+ 		rcode = endmailer(mci, e, pv);
++		if (!ok)
++			rcode = EX_TEMPFAIL;
+ 		if (rcode == EX_TEMPFAIL && SmtpError[0] == '\0')
+ 		{
+ 			/*
+@@ -4430,13 +4447,13 @@
+ **		e -- the envelope.
+ **
+ **	Returns:
+-**		none
++**		true iff line was written successfully
+ **
+ **	Side Effects:
+ **		outputs some text to fp.
+ */
+ 
+-void
++bool
+ putfromline(mci, e)
+ 	register MCI *mci;
+ 	ENVELOPE *e;
+@@ -4446,7 +4463,7 @@
+ 	char xbuf[MAXLINE];
+ 
+ 	if (bitnset(M_NHDR, mci->mci_mailer->m_flags))
+-		return;
++		return true;
+ 
+ 	mci->mci_flags |= MCIF_INHEADER;
+ 
+@@ -4487,8 +4504,9 @@
+ 		}
+ 	}
+ 	expand(template, buf, sizeof buf, e);
+-	putxline(buf, strlen(buf), mci, PXLF_HEADER);
++	return putxline(buf, strlen(buf), mci, PXLF_HEADER);
+ }
++
+ /*
+ **  PUTBODY -- put the body of a message.
+ **
+@@ -4499,7 +4517,7 @@
+ **			not be permitted in the resulting message.
+ **
+ **	Returns:
+-**		none.
++**		true iff message was written successfully
+ **
+ **	Side Effects:
+ **		The message is written onto fp.
+@@ -4510,13 +4528,15 @@
+ #define OS_CR		1	/* read a carriage return */
+ #define OS_INLINE	2	/* putting rest of line */
+ 
+-void
++bool
+ putbody(mci, e, separator)
+ 	register MCI *mci;
+ 	register ENVELOPE *e;
+ 	char *separator;
+ {
+ 	bool dead = false;
++	bool ioerr = false;
++	int save_errno;
+ 	char buf[MAXLINE];
+ #if MIME8TO7
+ 	char *boundaries[MAXMIMENESTING + 1];
+@@ -4546,10 +4566,12 @@
+ 	{
+ 		if (bitset(MCIF_INHEADER, mci->mci_flags))
+ 		{
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 			mci->mci_flags &= ~MCIF_INHEADER;
+ 		}
+-		putline("<<< No Message Collected >>>", mci);
++		if (!putline("<<< No Message Collected >>>", mci))
++			goto writeerr;
+ 		goto endofmessage;
+ 	}
+ 
+@@ -4578,26 +4600,31 @@
+ 		*/
+ 
+ 		/* make sure it looks like a MIME message */
+-		if (hvalue("MIME-Version", e->e_header) == NULL)
+-			putline("MIME-Version: 1.0", mci);
++		if (hvalue("MIME-Version", e->e_header) == NULL &&
++		    !putline("MIME-Version: 1.0", mci))
++			goto writeerr;
+ 
+ 		if (hvalue("Content-Type", e->e_header) == NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 					   "Content-Type: text/plain; charset=%s",
+ 					   defcharset(e));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/* now do the hard work */
+ 		boundaries[0] = NULL;
+ 		mci->mci_flags |= MCIF_INHEADER;
+-		(void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER);
++		if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER) ==
++								SM_IO_EOF)
++			goto writeerr;
+ 	}
+ # if MIME7TO8
+ 	else if (bitset(MCIF_CVT7TO8, mci->mci_flags))
+ 	{
+-		(void) mime7to8(mci, e->e_header, e);
++		if (!mime7to8(mci, e->e_header, e))
++			goto writeerr;
+ 	}
+ # endif /* MIME7TO8 */
+ 	else if (MaxMimeHeaderLength > 0 || MaxMimeFieldLength > 0)
+@@ -4619,8 +4646,9 @@
+ 		if (bitset(EF_DONT_MIME, e->e_flags))
+ 			SuprErrs = true;
+ 
+-		(void) mime8to7(mci, e->e_header, e, boundaries,
+-				M87F_OUTER|M87F_NO8TO7);
++		if (mime8to7(mci, e->e_header, e, boundaries,
++				M87F_OUTER|M87F_NO8TO7) == SM_IO_EOF)
++			goto writeerr;
+ 
+ 		/* restore SuprErrs */
+ 		SuprErrs = oldsuprerrs;
+@@ -4640,7 +4668,8 @@
+ 
+ 		if (bitset(MCIF_INHEADER, mci->mci_flags))
+ 		{
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 			mci->mci_flags &= ~MCIF_INHEADER;
+ 		}
+ 
+@@ -4731,11 +4760,6 @@
+ 						dead = true;
+ 						continue;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos++;
+ 				}
+ 				for (xp = buf; xp < bp; xp++)
+@@ -4748,11 +4772,6 @@
+ 						dead = true;
+ 						break;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 				}
+ 				if (dead)
+ 					continue;
+@@ -4763,11 +4782,6 @@
+ 							mci->mci_mailer->m_eol)
+ 							== SM_IO_EOF)
+ 						break;
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos = 0;
+ 				}
+ 				else
+@@ -4801,11 +4815,6 @@
+ 							mci->mci_mailer->m_eol)
+ 							== SM_IO_EOF)
+ 						continue;
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 
+ 					if (TrafficLogFile != NULL)
+ 					{
+@@ -4867,11 +4876,6 @@
+ 							dead = true;
+ 							continue;
+ 						}
+-						else
+-						{
+-							/* record progress for DATA timeout */
+-							DataProgress = true;
+-						}
+ 						pos++;
+ 						continue;
+ 					}
+@@ -4887,11 +4891,6 @@
+ 						dead = true;
+ 						continue;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 
+ 					if (TrafficLogFile != NULL)
+ 					{
+@@ -4917,11 +4916,6 @@
+ 							mci->mci_mailer->m_eol)
+ 							== SM_IO_EOF)
+ 						continue;
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos = 0;
+ 					ostate = OS_HEAD;
+ 				}
+@@ -4939,11 +4933,6 @@
+ 						dead = true;
+ 						continue;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos++;
+ 					ostate = OS_INLINE;
+ 				}
+@@ -4970,11 +4959,6 @@
+ 					dead = true;
+ 					break;
+ 				}
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 			}
+ 			pos += bp - buf;
+ 		}
+@@ -4984,11 +4968,9 @@
+ 				(void) sm_io_fputs(TrafficLogFile,
+ 						   SM_TIME_DEFAULT,
+ 						   mci->mci_mailer->m_eol);
+-			(void) sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
+-					   mci->mci_mailer->m_eol);
+-
+-			/* record progress for DATA timeout */
+-			DataProgress = true;
++			if (sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
++					   mci->mci_mailer->m_eol) == SM_IO_EOF)
++				goto writeerr;
+ 		}
+ 	}
+ 
+@@ -4998,6 +4980,7 @@
+ 		       qid_printqueue(e->e_dfqgrp, e->e_dfqdir),
+ 		       DATAFL_LETTER, e->e_id);
+ 		ExitStat = EX_IOERR;
++		ioerr = true;
+ 	}
+ 
+ endofmessage:
+@@ -5012,23 +4995,35 @@
+ 	**  offset to match.
+ 	*/
+ 
++	save_errno = errno;
+ 	if (e->e_dfp != NULL)
+ 		(void) bfrewind(e->e_dfp);
+ 
+ 	/* some mailers want extra blank line at end of message */
+ 	if (!dead && bitnset(M_BLANKEND, mci->mci_mailer->m_flags) &&
+ 	    buf[0] != '\0' && buf[0] != '\n')
+-		putline("", mci);
++	{
++		if (!putline("", mci))
++			goto writeerr;
++	}
+ 
+-	(void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);
+-	if (sm_io_error(mci->mci_out) && errno != EPIPE)
++	if (!dead &&
++	    (sm_io_flush(mci->mci_out, SM_TIME_DEFAULT) == SM_IO_EOF ||
++	     (sm_io_error(mci->mci_out) && errno != EPIPE)))
+ 	{
++		save_errno = errno;
+ 		syserr("putbody: write error");
+ 		ExitStat = EX_IOERR;
++		ioerr = true;
+ 	}
+ 
+-	errno = 0;
++	errno = save_errno;
++	return !dead && !ioerr;
++
++  writeerr:
++	return false;
+ }
++
+ /*
+ **  MAILFILE -- Send a message to a file.
+ **
+@@ -5559,14 +5554,14 @@
+ 		}
+ #endif /* MIME7TO8 */
+ 
+-		putfromline(&mcibuf, e);
+-		(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER);
+-		(*e->e_putbody)(&mcibuf, e, NULL);
+-		putline("\n", &mcibuf);
+-		if (sm_io_flush(f, SM_TIME_DEFAULT) != 0 ||
++		if (!putfromline(&mcibuf, e) ||
++		    !(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER) ||
++		    !(*e->e_putbody)(&mcibuf, e, NULL) ||
++		    !putline("\n", &mcibuf) ||
++		    (sm_io_flush(f, SM_TIME_DEFAULT) != 0 ||
+ 		    (SuperSafe != SAFE_NO &&
+ 		     fsync(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL)) < 0) ||
+-		    sm_io_error(f))
++		    sm_io_error(f)))
+ 		{
+ 			setstat(EX_IOERR);
+ #if !NOFTRUNCATE
+@@ -6128,86 +6123,23 @@
+ ssl_retry:
+ 	if ((result = SSL_connect(clt_ssl)) <= 0)
+ 	{
+-		int i;
+-		bool timedout;
+-		time_t left;
+-		time_t now = curtime();
+-		struct timeval tv;
++		int i, ssl_err;
+ 
+-		/* what to do in this case? */
+-		i = SSL_get_error(clt_ssl, result);
++		ssl_err = SSL_get_error(clt_ssl, result);
++		i = tls_retry(clt_ssl, rfd, wfd, tlsstart,
++			TimeOuts.to_starttls, ssl_err, "client");
++		if (i > 0)
++			goto ssl_retry;
+ 
+-		/*
+-		**  For SSL_ERROR_WANT_{READ,WRITE}:
+-		**  There is not a complete SSL record available yet
+-		**  or there is only a partial SSL record removed from
+-		**  the network (socket) buffer into the SSL buffer.
+-		**  The SSL_connect will only succeed when a full
+-		**  SSL record is available (assuming a "real" error
+-		**  doesn't happen). To handle when a "real" error
+-		**  does happen the select is set for exceptions too.
+-		**  The connection may be re-negotiated during this time
+-		**  so both read and write "want errors" need to be handled.
+-		**  A select() exception loops back so that a proper SSL
+-		**  error message can be gotten.
+-		*/
+-
+-		left = TimeOuts.to_starttls - (now - tlsstart);
+-		timedout = left <= 0;
+-		if (!timedout)
+-		{
+-			tv.tv_sec = left;
+-			tv.tv_usec = 0;
+-		}
+-
+-		if (!timedout && FD_SETSIZE > 0 &&
+-		    (rfd >= FD_SETSIZE ||
+-		     (i == SSL_ERROR_WANT_WRITE && wfd >= FD_SETSIZE)))
+-		{
+-			if (LogLevel > 5)
+-			{
+-				sm_syslog(LOG_ERR, e->e_id,
+-					  "STARTTLS=client, error: fd %d/%d too large",
+-					  rfd, wfd);
+-			if (LogLevel > 8)
+-				tlslogerr("client");
+-			}
+-			errno = EINVAL;
+-			goto tlsfail;
+-		}
+-		if (!timedout && i == SSL_ERROR_WANT_READ)
+-		{
+-			fd_set ssl_maskr, ssl_maskx;
+-
+-			FD_ZERO(&ssl_maskr);
+-			FD_SET(rfd, &ssl_maskr);
+-			FD_ZERO(&ssl_maskx);
+-			FD_SET(rfd, &ssl_maskx);
+-			if (select(rfd + 1, &ssl_maskr, NULL, &ssl_maskx, &tv)
+-			    > 0)
+-				goto ssl_retry;
+-		}
+-		if (!timedout && i == SSL_ERROR_WANT_WRITE)
+-		{
+-			fd_set ssl_maskw, ssl_maskx;
+-
+-			FD_ZERO(&ssl_maskw);
+-			FD_SET(wfd, &ssl_maskw);
+-			FD_ZERO(&ssl_maskx);
+-			FD_SET(rfd, &ssl_maskx);
+-			if (select(wfd + 1, NULL, &ssl_maskw, &ssl_maskx, &tv)
+-			    > 0)
+-				goto ssl_retry;
+-		}
+ 		if (LogLevel > 5)
+ 		{
+-			sm_syslog(LOG_ERR, e->e_id,
+-				  "STARTTLS=client, error: connect failed=%d, SSL_error=%d, timedout=%d, errno=%d",
+-				  result, i, (int) timedout, errno);
++			sm_syslog(LOG_WARNING, NOQID,
++				  "STARTTLS=client, error: connect failed=%d, SSL_error=%d, errno=%d, retry=%d",
++				  result, ssl_err, errno, i);
+ 			if (LogLevel > 8)
+ 				tlslogerr("client");
+ 		}
+-tlsfail:
++
+ 		SSL_free(clt_ssl);
+ 		clt_ssl = NULL;
+ 		return EX_SOFTWARE;
+Index: contrib/sendmail/src/headers.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/headers.c,v
+retrieving revision 1.21
+diff -u -I__FBSDID -r1.21 headers.c
+--- contrib/sendmail/src/headers.c	14 Feb 2005 02:39:14 -0000	1.21
++++ contrib/sendmail/src/headers.c	21 Mar 2006 12:37:45 -0000
+@@ -19,7 +19,7 @@
+ static HDR	*allocheader __P((char *, char *, int, SM_RPOOL_T *));
+ static size_t	fix_mime_header __P((HDR *, ENVELOPE *));
+ static int	priencode __P((char *));
+-static void	put_vanilla_header __P((HDR *, char *, MCI *));
++static bool	put_vanilla_header __P((HDR *, char *, MCI *));
+ 
+ /*
+ **  SETUPHEADERS -- initialize headers in symbol table
+@@ -994,7 +994,6 @@
+ 	char *name;
+ 	register char *sbp;
+ 	register char *p;
+-	int l;
+ 	char hbuf[MAXNAME + 1];
+ 	char sbuf[MAXLINE + 1];
+ 	char mbuf[MAXNAME + 1];
+@@ -1003,6 +1002,8 @@
+ 	/* XXX do we still need this? sm_syslog() replaces control chars */
+ 	if (msgid != NULL)
+ 	{
++		size_t l;
++
+ 		l = strlen(msgid);
+ 		if (l > sizeof mbuf - 1)
+ 			l = sizeof mbuf - 1;
+@@ -1542,13 +1543,13 @@
+ **		flags -- MIME conversion flags.
+ **
+ **	Returns:
+-**		none.
++**		success
+ **
+ **	Side Effects:
+ **		none.
+ */
+ 
+-void
++bool
+ putheader(mci, hdr, e, flags)
+ 	register MCI *mci;
+ 	HDR *hdr;
+@@ -1683,7 +1684,8 @@
+ 		{
+ 			if (tTd(34, 11))
+ 				sm_dprintf("\n");
+-			put_vanilla_header(h, p, mci);
++			if (!put_vanilla_header(h, p, mci))
++				goto writeerr;
+ 			continue;
+ 		}
+ 
+@@ -1742,7 +1744,8 @@
+ 				/* no other recipient headers: truncate value */
+ 				(void) sm_strlcpyn(obuf, sizeof obuf, 2,
+ 						   h->h_field, ":");
+-				putline(obuf, mci);
++				if (!putline(obuf, mci))
++					goto writeerr;
+ 			}
+ 			continue;
+ 		}
+@@ -1761,7 +1764,8 @@
+ 		}
+ 		else
+ 		{
+-			put_vanilla_header(h, p, mci);
++			if (!put_vanilla_header(h, p, mci))
++				goto writeerr;
+ 		}
+ 	}
+ 
+@@ -1778,18 +1782,25 @@
+ 	    !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) &&
+ 	    hvalue("MIME-Version", e->e_header) == NULL)
+ 	{
+-		putline("MIME-Version: 1.0", mci);
++		if (!putline("MIME-Version: 1.0", mci))
++			goto writeerr;
+ 		if (hvalue("Content-Type", e->e_header) == NULL)
+ 		{
+ 			(void) sm_snprintf(obuf, sizeof obuf,
+ 					"Content-Type: text/plain; charset=%s",
+ 					defcharset(e));
+-			putline(obuf, mci);
++			if (!putline(obuf, mci))
++				goto writeerr;
+ 		}
+-		if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL)
+-			putline("Content-Transfer-Encoding: 8bit", mci);
++		if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL
++		    && !putline("Content-Transfer-Encoding: 8bit", mci))
++			goto writeerr;
+ 	}
+ #endif /* MIME8TO7 */
++	return true;
++
++  writeerr:
++	return false;
+ }
+ /*
+ **  PUT_VANILLA_HEADER -- output a fairly ordinary header
+@@ -1800,10 +1811,10 @@
+ **		mci -- the connection info for output
+ **
+ **	Returns:
+-**		none.
++**		success
+ */
+ 
+-static void
++static bool
+ put_vanilla_header(h, v, mci)
+ 	HDR *h;
+ 	char *v;
+@@ -1834,7 +1845,8 @@
+ 			l = SPACELEFT(obuf, obp) - 1;
+ 
+ 		(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v);
+-		putxline(obuf, strlen(obuf), mci, putflags);
++		if (!putxline(obuf, strlen(obuf), mci, putflags))
++			goto writeerr;
+ 		v += l + 1;
+ 		obp = obuf;
+ 		if (*v != ' ' && *v != '\t')
+@@ -1844,7 +1856,10 @@
+ 	/* XXX This is broken for SPACELEFT()==0 */
+ 	(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
+ 			   (int) (SPACELEFT(obuf, obp) - 1), v);
+-	putxline(obuf, strlen(obuf), mci, putflags);
++	return putxline(obuf, strlen(obuf), mci, putflags);
++
++  writeerr:
++	return false;
+ }
+ /*
+ **  COMMAIZE -- output a header field, making a comma-translated list.
+@@ -1857,13 +1872,13 @@
+ **		e -- the envelope containing the message.
+ **
+ **	Returns:
+-**		none.
++**		success
+ **
+ **	Side Effects:
+ **		outputs "p" to file "fp".
+ */
+ 
+-void
++bool
+ commaize(h, p, oldstyle, mci, e)
+ 	register HDR *h;
+ 	register char *p;
+@@ -2002,13 +2017,6 @@
+ 		}
+ 		name = denlstring(name, false, true);
+ 
+-		/*
+-		**  record data progress so DNS timeouts
+-		**  don't cause DATA timeouts
+-		*/
+-
+-		DataProgress = true;
+-
+ 		/* output the name with nice formatting */
+ 		opos += strlen(name);
+ 		if (!firstone)
+@@ -2016,7 +2024,8 @@
+ 		if (opos > omax && !firstone)
+ 		{
+ 			(void) sm_strlcpy(obp, ",\n", SPACELEFT(obuf, obp));
+-			putxline(obuf, strlen(obuf), mci, putflags);
++			if (!putxline(obuf, strlen(obuf), mci, putflags))
++				goto writeerr;
+ 			obp = obuf;
+ 			(void) sm_strlcpy(obp, "        ", sizeof obuf);
+ 			opos = strlen(obp);
+@@ -2038,8 +2047,12 @@
+ 		*obp = '\0';
+ 	else
+ 		obuf[sizeof obuf - 1] = '\0';
+-	putxline(obuf, strlen(obuf), mci, putflags);
++	return putxline(obuf, strlen(obuf), mci, putflags);
++
++  writeerr:
++	return false;
+ }
++
+ /*
+ **  COPYHEADER -- copy header list
+ **
+Index: contrib/sendmail/src/mime.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/mime.c,v
+retrieving revision 1.1.1.13
+diff -u -I__FBSDID -r1.1.1.13 mime.c
+--- contrib/sendmail/src/mime.c	14 Feb 2005 02:29:33 -0000	1.1.1.13
++++ contrib/sendmail/src/mime.c	21 Mar 2006 12:37:45 -0000
+@@ -86,6 +86,7 @@
+ **		  MBT_FINAL -- the final boundary
+ **		  MBT_INTERMED -- an intermediate boundary
+ **		  MBT_NOTSEP -- an end of file
++**		  SM_IO_EOF -- I/O error occurred
+ */
+ 
+ struct args
+@@ -298,7 +299,8 @@
+ 		mci->mci_flags |= MCIF_INMIME;
+ 
+ 		/* skip the early "comment" prologue */
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		bt = MBT_FINAL;
+ 		while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof buf)
+@@ -307,8 +309,9 @@
+ 			bt = mimeboundary(buf, boundaries);
+ 			if (bt != MBT_NOTSEP)
+ 				break;
+-			putxline(buf, strlen(buf), mci,
+-				 PXLF_MAPFROM|PXLF_STRIP8BIT);
++			if (!putxline(buf, strlen(buf), mci,
++					PXLF_MAPFROM|PXLF_STRIP8BIT))
++				goto writeerr;
+ 			if (tTd(43, 99))
+ 				sm_dprintf("  ...%s", buf);
+ 		}
+@@ -319,19 +322,24 @@
+ 			auto HDR *hdr = NULL;
+ 
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "--", bbuf);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 			if (tTd(43, 35))
+ 				sm_dprintf("  ...%s\n", buf);
+ 			collect(e->e_dfp, false, &hdr, e, false);
+ 			if (tTd(43, 101))
+ 				putline("+++after collect", mci);
+-			putheader(mci, hdr, e, flags);
++			if (!putheader(mci, hdr, e, flags))
++				goto writeerr;
+ 			if (tTd(43, 101))
+ 				putline("+++after putheader", mci);
+ 			bt = mime8to7(mci, hdr, e, boundaries, flags);
++			if (bt == SM_IO_EOF)
++				goto writeerr;
+ 		}
+ 		(void) sm_strlcpyn(buf, sizeof buf, 3, "--", bbuf, "--");
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (tTd(43, 35))
+ 			sm_dprintf("  ...%s\n", buf);
+ 		boundaries[i] = NULL;
+@@ -344,8 +352,9 @@
+ 			bt = mimeboundary(buf, boundaries);
+ 			if (bt != MBT_NOTSEP)
+ 				break;
+-			putxline(buf, strlen(buf), mci,
+-				 PXLF_MAPFROM|PXLF_STRIP8BIT);
++			if (!putxline(buf, strlen(buf), mci,
++					PXLF_MAPFROM|PXLF_STRIP8BIT))
++				goto writeerr;
+ 			if (tTd(43, 99))
+ 				sm_dprintf("  ...%s", buf);
+ 		}
+@@ -373,18 +382,21 @@
+ 		{
+ 			auto HDR *hdr = NULL;
+ 
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 
+ 			mci->mci_flags |= MCIF_INMIME;
+ 			collect(e->e_dfp, false, &hdr, e, false);
+ 			if (tTd(43, 101))
+ 				putline("+++after collect", mci);
+-			putheader(mci, hdr, e, flags);
++			if (!putheader(mci, hdr, e, flags))
++				goto writeerr;
+ 			if (tTd(43, 101))
+ 				putline("+++after putheader", mci);
+ 			if (hvalue("MIME-Version", hdr) == NULL &&
+-			    !bitset(M87F_NO8TO7, flags))
+-				putline("MIME-Version: 1.0", mci);
++			    !bitset(M87F_NO8TO7, flags) &&
++			    !putline("MIME-Version: 1.0", mci))
++				goto writeerr;
+ 			bt = mime8to7(mci, hdr, e, boundaries, flags);
+ 			mci->mci_flags &= ~MCIF_INMIME;
+ 			return bt;
+@@ -480,11 +492,13 @@
+ 
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"Content-Transfer-Encoding: %.200s", cte);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 			if (tTd(43, 36))
+ 				sm_dprintf("  ...%s\n", buf);
+ 		}
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof buf)
+ 			!= NULL)
+@@ -492,7 +506,8 @@
+ 			bt = mimeboundary(buf, boundaries);
+ 			if (bt != MBT_NOTSEP)
+ 				break;
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 		if (sm_io_eof(e->e_dfp))
+ 			bt = MBT_FINAL;
+@@ -505,12 +520,13 @@
+ 
+ 		if (tTd(43, 36))
+ 			sm_dprintf("  ...Content-Transfer-Encoding: base64\n");
+-		putline("Content-Transfer-Encoding: base64", mci);
++		if (!putline("Content-Transfer-Encoding: base64", mci))
++			goto writeerr;
+ 		(void) sm_snprintf(buf, sizeof buf,
+ 			"X-MIME-Autoconverted: from 8bit to base64 by %s id %s",
+ 			MyHostName, e->e_id);
+-		putline(buf, mci);
+-		putline("", mci);
++		if (!putline(buf, mci) || !putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		while ((c1 = mime_getchar_crlf(e->e_dfp, boundaries, &bt)) !=
+ 			SM_IO_EOF)
+@@ -518,7 +534,8 @@
+ 			if (linelen > 71)
+ 			{
+ 				*bp = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 				linelen = 0;
+ 				bp = buf;
+ 			}
+@@ -548,7 +565,8 @@
+ 			*bp++ = Base64Code[c2 & 0x3f];
+ 		}
+ 		*bp = '\0';
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 	}
+ 	else
+ 	{
+@@ -571,12 +589,14 @@
+ 
+ 		if (tTd(43, 36))
+ 			sm_dprintf("  ...Content-Transfer-Encoding: quoted-printable\n");
+-		putline("Content-Transfer-Encoding: quoted-printable", mci);
++		if (!putline("Content-Transfer-Encoding: quoted-printable",
++				mci))
++			goto writeerr;
+ 		(void) sm_snprintf(buf, sizeof buf,
+ 			"X-MIME-Autoconverted: from 8bit to quoted-printable by %s id %s",
+ 			MyHostName, e->e_id);
+-		putline(buf, mci);
+-		putline("", mci);
++		if (!putline(buf, mci) || !putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		fromstate = 0;
+ 		c2 = '\n';
+@@ -598,7 +618,8 @@
+ 					*bp++ = Base16Code['.' & 0x0f];
+ 				}
+ 				*bp = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 				linelen = fromstate = 0;
+ 				bp = buf;
+ 				c2 = c1;
+@@ -627,7 +648,8 @@
+ 					c2 = '\n';
+ 				*bp++ = '=';
+ 				*bp = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 				linelen = fromstate = 0;
+ 				bp = buf;
+ 				if (c2 == '.')
+@@ -665,13 +687,17 @@
+ 		if (linelen > 0 || boundaries[0] != NULL)
+ 		{
+ 			*bp = '\0';
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 	}
+ 	if (tTd(43, 3))
+ 		sm_dprintf("\t\t\tmime8to7=>%s (basic)\n", MimeBoundaryNames[bt]);
+ 	return bt;
++
++  writeerr:
++	return SM_IO_EOF;
+ }
+ /*
+ **  MIME_GETCHAR -- get a character for MIME processing
+@@ -958,7 +984,7 @@
+ **		e -- envelope.
+ **
+ **	Returns:
+-**		none.
++**		true iff body was written successfully
+ */
+ 
+ static char index_64[128] =
+@@ -975,7 +1001,7 @@
+ 
+ # define CHAR64(c)  (((c) < 0 || (c) > 127) ? -1 : index_64[(c)])
+ 
+-void
++bool
+ mime7to8(mci, header, e)
+ 	register MCI *mci;
+ 	HDR *header;
+@@ -1008,25 +1034,31 @@
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"Content-Transfer-Encoding: %s", p);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof buf)
+ 			!= NULL)
+-			putline(buf, mci);
+-		return;
++		{
++			if (!putline(buf, mci))
++				goto writeerr;
++		}
++		return true;
+ 	}
+ 	cataddr(pvp, NULL, buf, sizeof buf, '\0');
+ 	cte = sm_rpool_strdup_x(e->e_rpool, buf);
+ 
+ 	mci->mci_flags |= MCIF_INHEADER;
+-	putline("Content-Transfer-Encoding: 8bit", mci);
++	if (!putline("Content-Transfer-Encoding: 8bit", mci))
++		goto writeerr;
+ 	(void) sm_snprintf(buf, sizeof buf,
+ 		"X-MIME-Autoconverted: from %.200s to 8bit by %s id %s",
+ 		cte, MyHostName, e->e_id);
+-	putline(buf, mci);
+-	putline("", mci);
++	if (!putline(buf, mci) || !putline("", mci))
++		goto writeerr;
+ 	mci->mci_flags &= ~MCIF_INHEADER;
+ 
+ 	/*
+@@ -1090,7 +1122,8 @@
+ 		if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE])	\
+ 		{							\
+ 			CHK_EOL;					\
+-			putxline((char *) fbuf, fbufp - fbuf, mci, pxflags); \
++			if (!putxline((char *) fbuf, fbufp - fbuf, mci, pxflags)) \
++				goto writeerr;				\
+ 			pxflags &= ~PXLF_NOADDEOL;			\
+ 			fbufp = fbuf;					\
+ 		}	\
+@@ -1127,8 +1160,11 @@
+ 				continue;
+ 
+ 			if (fbufp - fbuf > 0)
+-				putxline((char *) fbuf, fbufp - fbuf - 1, mci,
+-					 pxflags);
++			{
++				if (!putxline((char *) fbuf, fbufp - fbuf - 1,
++						mci, pxflags))
++					goto writeerr;
++			}
+ 			fbufp = fbuf;
+ 			if (off >= 0 && buf[off] != '\0')
+ 			{
+@@ -1144,7 +1180,8 @@
+ 	if (fbufp > fbuf)
+ 	{
+ 		*fbufp = '\0';
+-		putxline((char *) fbuf, fbufp - fbuf, mci, pxflags);
++		if (!putxline((char *) fbuf, fbufp - fbuf, mci, pxflags))
++			goto writeerr;
+ 	}
+ 
+ 	/*
+@@ -1154,10 +1191,15 @@
+ 	**  but so is auto-converting MIME in the first place.
+ 	*/
+ 
+-	putline("", mci);
++	if (!putline("", mci))
++		goto writeerr;
+ 
+ 	if (tTd(43, 3))
+ 		sm_dprintf("\t\t\tmime7to8 => %s to 8bit done\n", cte);
++	return true;
++
++  writeerr:
++	return false;
+ }
+ /*
+ **  The following is based on Borenstein's "codes.c" module, with simplifying
+Index: contrib/sendmail/src/parseaddr.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/parseaddr.c,v
+retrieving revision 1.1.1.22
+diff -u -I__FBSDID -r1.1.1.22 parseaddr.c
+--- contrib/sendmail/src/parseaddr.c	7 Jun 2005 04:14:35 -0000	1.1.1.22
++++ contrib/sendmail/src/parseaddr.c	21 Mar 2006 12:37:47 -0000
+@@ -1337,7 +1337,7 @@
+ 					/* $&{x} replacement */
+ 					char *mval = macvalue(rp[1], e);
+ 					char **xpvp;
+-					int trsize = 0;
++					size_t trsize = 0;
+ 					static size_t pvpb1_size = 0;
+ 					static char **pvpb1 = NULL;
+ 					char pvpbuf[PSBUFSIZE];
+@@ -1352,7 +1352,7 @@
+ 					/* save the remainder of the input */
+ 					for (xpvp = pvp; *xpvp != NULL; xpvp++)
+ 						trsize += sizeof *xpvp;
+-					if ((size_t) trsize > pvpb1_size)
++					if (trsize > pvpb1_size)
+ 					{
+ 						if (pvpb1 != NULL)
+ 							sm_free(pvpb1);
+@@ -1407,7 +1407,7 @@
+ 		{
+ 			char **hbrvp;
+ 			char **xpvp;
+-			int trsize;
++			size_t trsize;
+ 			char *replac;
+ 			int endtoken;
+ 			STAB *map;
+@@ -1509,7 +1509,7 @@
+ 				*++arg_rvp = NULL;
+ 
+ 			/* save the remainder of the input string */
+-			trsize = (int) (avp - rvp + 1) * sizeof *rvp;
++			trsize = (avp - rvp + 1) * sizeof *rvp;
+ 			memmove((char *) pvpb1, (char *) rvp, trsize);
+ 
+ 			/* look it up */
+@@ -2949,7 +2949,7 @@
+ 	char *logid;
+ {
+ 	char *volatile buf;
+-	int bufsize;
++	size_t bufsize;
+ 	int saveexitstat;
+ 	int volatile rstat = EX_OK;
+ 	char **pvp;
+@@ -3163,7 +3163,7 @@
+ 	int size;
+ {
+ 	char *volatile buf;
+-	int bufsize;
++	size_t bufsize;
+ 	int volatile rstat = EX_OK;
+ 	int rsno;
+ 	bool saveQuickAbort = QuickAbort;
+Index: contrib/sendmail/src/savemail.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/savemail.c,v
+retrieving revision 1.17
+diff -u -I__FBSDID -r1.17 savemail.c
+--- contrib/sendmail/src/savemail.c	14 Feb 2005 02:39:14 -0000	1.17
++++ contrib/sendmail/src/savemail.c	21 Mar 2006 12:37:47 -0000
+@@ -15,7 +15,7 @@
+ 
+ SM_RCSID("@(#)$Id: savemail.c,v 8.304 2004/10/06 21:36:06 ca Exp $")
+ 
+-static void	errbody __P((MCI *, ENVELOPE *, char *));
++static bool	errbody __P((MCI *, ENVELOPE *, char *));
+ static bool	pruneroute __P((char *));
+ 
+ /*
+@@ -432,12 +432,13 @@
+ 			p = macvalue('g', e);
+ 			macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
+ 
+-			putfromline(&mcibuf, e);
+-			(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER);
+-			(*e->e_putbody)(&mcibuf, e, NULL);
+-			putline("\n", &mcibuf); /* XXX EOL from FileMailer? */
+-			(void) sm_io_flush(fp, SM_TIME_DEFAULT);
+-			if (sm_io_error(fp) ||
++			if (!putfromline(&mcibuf, e) ||
++			    !(*e->e_puthdr)(&mcibuf, e->e_header, e,
++					M87F_OUTER) ||
++			    !(*e->e_putbody)(&mcibuf, e, NULL) ||
++			    !putline("\n", &mcibuf) ||
++			    sm_io_flush(fp, SM_TIME_DEFAULT) == SM_IO_EOF ||
++			    sm_io_error(fp) ||
+ 			    sm_io_close(fp, SM_TIME_DEFAULT) < 0)
+ 				state = ESM_PANIC;
+ 			else
+@@ -732,14 +733,14 @@
+ **		separator -- any possible MIME separator (unused).
+ **
+ **	Returns:
+-**		none
++**		success
+ **
+ **	Side Effects:
+ **		Outputs the body of an error message.
+ */
+ 
+ /* ARGSUSED2 */
+-static void
++static bool
+ errbody(mci, e, separator)
+ 	register MCI *mci;
+ 	register ENVELOPE *e;
+@@ -757,14 +758,16 @@
+ 
+ 	if (bitset(MCIF_INHEADER, mci->mci_flags))
+ 	{
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 	}
+ 	if (e->e_parent == NULL)
+ 	{
+ 		syserr("errbody: null parent");
+-		putline("   ----- Original message lost -----\n", mci);
+-		return;
++		if (!putline("   ----- Original message lost -----\n", mci))
++			goto writeerr;
++		return true;
+ 	}
+ 
+ 	/*
+@@ -773,11 +776,12 @@
+ 
+ 	if (e->e_msgboundary != NULL)
+ 	{
+-		putline("This is a MIME-encapsulated message", mci);
+-		putline("", mci);
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "--", e->e_msgboundary);
+-		putline(buf, mci);
+-		putline("", mci);
++		if (!putline("This is a MIME-encapsulated message", mci) ||
++		    !putline("", mci) ||
++		    !putline(buf, mci) ||
++		    !putline("", mci))
++			goto writeerr;
+ 	}
+ 
+ 	/*
+@@ -799,31 +803,36 @@
+ 	if (!pm_notify && q == NULL &&
+ 	    !bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags))
+ 	{
+-		putline("    **********************************************",
+-			mci);
+-		putline("    **      THIS IS A WARNING MESSAGE ONLY      **",
+-			mci);
+-		putline("    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **",
+-			mci);
+-		putline("    **********************************************",
+-			mci);
+-		putline("", mci);
++		if (!putline("    **********************************************",
++			mci) ||
++		    !putline("    **      THIS IS A WARNING MESSAGE ONLY      **",
++			mci) ||
++		    !putline("    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **",
++			mci) ||
++		    !putline("    **********************************************",
++			mci) ||
++		    !putline("", mci))
++			goto writeerr;
+ 	}
+ 	(void) sm_snprintf(buf, sizeof buf,
+ 		"The original message was received at %s",
+ 		arpadate(ctime(&e->e_parent->e_ctime)));
+-	putline(buf, mci);
++	if (!putline(buf, mci))
++		goto writeerr;
+ 	expand("from \201_", buf, sizeof buf, e->e_parent);
+-	putline(buf, mci);
++	if (!putline(buf, mci))
++		goto writeerr;
+ 
+ 	/* include id in postmaster copies */
+ 	if (pm_notify && e->e_parent->e_id != NULL)
+ 	{
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "with id ",
+ 			e->e_parent->e_id);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 	}
+-	putline("", mci);
++	if (!putline("", mci))
++		goto writeerr;
+ 
+ 	/*
+ 	**  Output error message header (if specified and available).
+@@ -849,17 +858,19 @@
+ 				{
+ 					translate_dollars(buf);
+ 					expand(buf, buf, sizeof buf, e);
+-					putline(buf, mci);
++					if (!putline(buf, mci))
++						goto writeerr;
+ 				}
+ 				(void) sm_io_close(xfile, SM_TIME_DEFAULT);
+-				putline("\n", mci);
++				if (!putline("\n", mci))
++					goto writeerr;
+ 			}
+ 		}
+ 		else
+ 		{
+ 			expand(ErrMsgFile, buf, sizeof buf, e);
+-			putline(buf, mci);
+-			putline("", mci);
++			if (!putline(buf, mci) || !putline("", mci))
++				goto writeerr;
+ 		}
+ 	}
+ 
+@@ -877,21 +888,24 @@
+ 
+ 		if (printheader)
+ 		{
+-			putline("   ----- The following addresses had permanent fatal errors -----",
+-				mci);
++			if (!putline("   ----- The following addresses had permanent fatal errors -----",
++					mci))
++				goto writeerr;
+ 			printheader = false;
+ 		}
+ 
+ 		(void) sm_strlcpy(buf, shortenstring(q->q_paddr, MAXSHORTSTR),
+ 				  sizeof buf);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (q->q_rstatus != NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"    (reason: %s)",
+ 				shortenstring(exitstat(q->q_rstatus),
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 		if (q->q_alias != NULL)
+ 		{
+@@ -899,11 +913,12 @@
+ 				"    (expanded from: %s)",
+ 				shortenstring(q->q_alias->q_paddr,
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+-	if (!printheader)
+-		putline("", mci);
++	if (!printheader && !putline("", mci))
++		goto writeerr;
+ 
+ 	/* transient non-fatal errors */
+ 	printheader = true;
+@@ -917,25 +932,28 @@
+ 
+ 		if (printheader)
+ 		{
+-			putline("   ----- The following addresses had transient non-fatal errors -----",
+-				mci);
++			if (!putline("   ----- The following addresses had transient non-fatal errors -----",
++					mci))
++				goto writeerr;
+ 			printheader = false;
+ 		}
+ 
+ 		(void) sm_strlcpy(buf, shortenstring(q->q_paddr, MAXSHORTSTR),
+ 				  sizeof buf);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (q->q_alias != NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"    (expanded from: %s)",
+ 				shortenstring(q->q_alias->q_paddr,
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+-	if (!printheader)
+-		putline("", mci);
++	if (!printheader && !putline("", mci))
++		goto writeerr;
+ 
+ 	/* successful delivery notifications */
+ 	printheader = true;
+@@ -968,25 +986,28 @@
+ 
+ 		if (printheader)
+ 		{
+-			putline("   ----- The following addresses had successful delivery notifications -----",
+-				mci);
++			if (!putline("   ----- The following addresses had successful delivery notifications -----",
++					mci))
++				goto writeerr;
+ 			printheader = false;
+ 		}
+ 
+ 		(void) sm_snprintf(buf, sizeof buf, "%s  (%s)",
+ 			 shortenstring(q->q_paddr, MAXSHORTSTR), p);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (q->q_alias != NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"    (expanded from: %s)",
+ 				shortenstring(q->q_alias->q_paddr,
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+-	if (!printheader)
+-		putline("", mci);
++	if (!printheader && !putline("", mci))
++		goto writeerr;
+ 
+ 	/*
+ 	**  Output transcript of errors
+@@ -995,8 +1016,9 @@
+ 	(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
+ 	if (e->e_parent->e_xfp == NULL)
+ 	{
+-		putline("   ----- Transcript of session is unavailable -----\n",
+-			mci);
++		if (!putline("   ----- Transcript of session is unavailable -----\n",
++				mci))
++			goto writeerr;
+ 	}
+ 	else
+ 	{
+@@ -1007,11 +1029,12 @@
+ 		while (sm_io_fgets(e->e_parent->e_xfp, SM_TIME_DEFAULT, buf,
+ 				   sizeof buf) != NULL)
+ 		{
+-			if (printheader)
+-				putline("   ----- Transcript of session follows -----\n",
+-					mci);
++			if (printheader && !putline("   ----- Transcript of session follows -----\n",
++						mci))
++				goto writeerr;
+ 			printheader = false;
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+ 	errno = 0;
+@@ -1023,11 +1046,12 @@
+ 
+ 	if (e->e_msgboundary != NULL)
+ 	{
+-		putline("", mci);
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "--", e->e_msgboundary);
+-		putline(buf, mci);
+-		putline("Content-Type: message/delivery-status", mci);
+-		putline("", mci);
++		if (!putline("", mci) ||
++		    !putline(buf, mci) ||
++		    !putline("Content-Type: message/delivery-status", mci) ||
++		    !putline("", mci))
++			goto writeerr;
+ 
+ 		/*
+ 		**  Output per-message information.
+@@ -1039,13 +1063,15 @@
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 					"Original-Envelope-Id: %.800s",
+ 					xuntextify(e->e_parent->e_envid));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/* Reporting-MTA: is us (required) */
+ 		(void) sm_snprintf(buf, sizeof buf,
+ 				   "Reporting-MTA: dns; %.800s", MyHostName);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 
+ 		/* DSN-Gateway: not relevant since we are not translating */
+ 
+@@ -1059,13 +1085,15 @@
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 					"Received-From-MTA: %s; %.800s",
+ 					p, RealHostName);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/* Arrival-Date: -- when it arrived here */
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "Arrival-Date: ",
+ 				arpadate(ctime(&e->e_parent->e_ctime)));
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 
+ 		/* Deliver-By-Date: -- when it should have been delivered */
+ 		if (IS_DLVR_BY(e->e_parent))
+@@ -1076,7 +1104,8 @@
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2,
+ 					"Deliver-By-Date: ",
+ 					arpadate(ctime(&dbyd)));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/*
+@@ -1119,7 +1148,8 @@
+ 			else
+ 				continue;
+ 
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 
+ 			/* Original-Recipient: -- passed from on high */
+ 			if (q->q_orcpt != NULL)
+@@ -1127,7 +1157,8 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						"Original-Recipient: %.800s",
+ 						q->q_orcpt);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Figure out actual recipient */
+@@ -1176,7 +1207,8 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						   "Final-Recipient: %s",
+ 						   q->q_finalrcpt);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* X-Actual-Recipient: -- the real problem address */
+@@ -1190,13 +1222,15 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						   "X-Actual-Recipient: %s",
+ 						   actual);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Action: -- what happened? */
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Action: ",
+ 				action);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			/* Status: -- what _really_ happened? */
+ 			if (q->q_status != NULL)
+@@ -1208,7 +1242,8 @@
+ 			else
+ 				p = "2.0.0";
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Status: ", p);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			/* Remote-MTA: -- who was I talking to? */
+ 			if (q->q_statmta != NULL)
+@@ -1222,7 +1257,8 @@
+ 				p = &buf[strlen(buf) - 1];
+ 				if (*p == '.')
+ 					*p = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Diagnostic-Code: -- actual result from other end */
+@@ -1234,7 +1270,8 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						"Diagnostic-Code: %s; %.800s",
+ 						p, q->q_rstatus);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Last-Attempt-Date: -- fine granularity */
+@@ -1243,7 +1280,8 @@
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2,
+ 					"Last-Attempt-Date: ",
+ 					arpadate(ctime(&q->q_statdate)));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			/* Will-Retry-Until: -- for delayed messages only */
+ 			if (QS_IS_QUEUEUP(q->q_state))
+@@ -1255,7 +1293,8 @@
+ 				(void) sm_strlcpyn(buf, sizeof buf, 2,
+ 					 "Will-Retry-Until: ",
+ 					 arpadate(ctime(&xdate)));
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 		}
+ 	}
+@@ -1265,7 +1304,8 @@
+ 	**  Output text of original message
+ 	*/
+ 
+-	putline("", mci);
++	if (!putline("", mci))
++		goto writeerr;
+ 	if (bitset(EF_HAS_DF, e->e_parent->e_flags))
+ 	{
+ 		sendbody = !bitset(EF_NO_BODY_RETN, e->e_parent->e_flags) &&
+@@ -1273,21 +1313,27 @@
+ 
+ 		if (e->e_msgboundary == NULL)
+ 		{
+-			if (sendbody)
+-				putline("   ----- Original message follows -----\n", mci);
+-			else
+-				putline("   ----- Message header follows -----\n", mci);
++			if (!putline(
++				sendbody
++				? "   ----- Original message follows -----\n"
++				: "   ----- Message header follows -----\n",
++				mci))
++			{
++				goto writeerr;
++			}
+ 		}
+ 		else
+ 		{
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "--",
+ 					e->e_msgboundary);
+ 
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Content-Type: ",
+ 					sendbody ? "message/rfc822"
+ 						 : "text/rfc822-headers");
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			p = hvalue("Content-Transfer-Encoding",
+ 				   e->e_parent->e_header);
+@@ -1301,43 +1347,62 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						"Content-Transfer-Encoding: %s",
+ 						p);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 		}
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		save_errno = errno;
+-		putheader(mci, e->e_parent->e_header, e->e_parent, M87F_OUTER);
++		if (!putheader(mci, e->e_parent->e_header, e->e_parent,
++				M87F_OUTER))
++			goto writeerr;
+ 		errno = save_errno;
+ 		if (sendbody)
+-			putbody(mci, e->e_parent, e->e_msgboundary);
++		{
++			if (!putbody(mci, e->e_parent, e->e_msgboundary))
++				goto writeerr;
++		}
+ 		else if (e->e_msgboundary == NULL)
+ 		{
+-			putline("", mci);
+-			putline("   ----- Message body suppressed -----", mci);
++			if (!putline("", mci) ||
++			    !putline("   ----- Message body suppressed -----",
++					mci))
++			{
++				goto writeerr;
++			}
+ 		}
+ 	}
+ 	else if (e->e_msgboundary == NULL)
+ 	{
+-		putline("  ----- No message was collected -----\n", mci);
++		if (!putline("  ----- No message was collected -----\n", mci))
++			goto writeerr;
+ 	}
+ 
+ 	if (e->e_msgboundary != NULL)
+ 	{
+-		putline("", mci);
+ 		(void) sm_strlcpyn(buf, sizeof buf, 3, "--", e->e_msgboundary,
+ 				   "--");
+-		putline(buf, mci);
++		if (!putline("", mci) || !putline(buf, mci))
++			goto writeerr;
+ 	}
+-	putline("", mci);
+-	(void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);
++	if (!putline("", mci) ||
++	    sm_io_flush(mci->mci_out, SM_TIME_DEFAULT) == SM_IO_EOF)
++			goto writeerr;
+ 
+ 	/*
+ 	**  Cleanup and exit
+ 	*/
+ 
+ 	if (errno != 0)
++	{
++  writeerr:
+ 		syserr("errbody: I/O error");
++		return false;
++	}
++	return true;
+ }
++
+ /*
+ **  SMTPTODSN -- convert SMTP to DSN status code
+ **
+Index: contrib/sendmail/src/sendmail.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sendmail.h,v
+retrieving revision 1.1.1.26
+diff -u -I__FBSDID -r1.1.1.26 sendmail.h
+--- contrib/sendmail/src/sendmail.h	7 Jun 2005 04:14:49 -0000	1.1.1.26
++++ contrib/sendmail/src/sendmail.h	21 Mar 2006 12:37:49 -0000
+@@ -809,13 +809,13 @@
+ /* functions */
+ extern void	addheader __P((char *, char *, int, ENVELOPE *));
+ extern unsigned long	chompheader __P((char *, int, HDR **, ENVELOPE *));
+-extern void	commaize __P((HDR *, char *, bool, MCI *, ENVELOPE *));
++extern bool	commaize __P((HDR *, char *, bool, MCI *, ENVELOPE *));
+ extern HDR	*copyheader __P((HDR *, SM_RPOOL_T *));
+ extern void	eatheader __P((ENVELOPE *, bool, bool));
+ extern char	*hvalue __P((char *, HDR *));
+ extern void	insheader __P((int, char *, char *, int, ENVELOPE *));
+ extern bool	isheader __P((char *));
+-extern void	putfromline __P((MCI *, ENVELOPE *));
++extern bool	putfromline __P((MCI *, ENVELOPE *));
+ extern void	setupheaders __P((void));
+ 
+ /*
+@@ -870,9 +870,9 @@
+ 	short		e_sendmode;	/* message send mode */
+ 	short		e_errormode;	/* error return mode */
+ 	short		e_timeoutclass;	/* message timeout class */
+-	void		(*e_puthdr)__P((MCI *, HDR *, ENVELOPE *, int));
++	bool		(*e_puthdr)__P((MCI *, HDR *, ENVELOPE *, int));
+ 					/* function to put header of message */
+-	void		(*e_putbody)__P((MCI *, ENVELOPE *, char *));
++	bool		(*e_putbody)__P((MCI *, ENVELOPE *, char *));
+ 					/* function to put body of message */
+ 	ENVELOPE	*e_parent;	/* the message this one encloses */
+ 	ENVELOPE	*e_sibling;	/* the next envelope of interest */
+@@ -965,8 +965,8 @@
+ extern ENVELOPE	*newenvelope __P((ENVELOPE *, ENVELOPE *, SM_RPOOL_T *));
+ extern void	clrsessenvelope __P((ENVELOPE *));
+ extern void	printenvflags __P((ENVELOPE *));
+-extern void	putbody __P((MCI *, ENVELOPE *, char *));
+-extern void	putheader __P((MCI *, HDR *, ENVELOPE *, int));
++extern bool	putbody __P((MCI *, ENVELOPE *, char *));
++extern bool	putheader __P((MCI *, HDR *, ENVELOPE *, int));
+ 
+ /*
+ **  Message priority classes.
+@@ -1650,7 +1650,7 @@
+ #define M87F_NO8TO7		0x0004	/* don't do 8->7 bit conversions */
+ 
+ /* functions */
+-extern void	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
++extern bool	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
+ extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int));
+ 
+ /*
+@@ -2145,7 +2145,6 @@
+ #if !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_)
+ EXTERN bool	ConfigFileRead;	/* configuration file has been read */
+ #endif /* !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_) */
+-EXTERN bool	volatile DataProgress;	/* have we sent anything since last check */
+ EXTERN bool	DisConnected;	/* running with OutChannel redirect to transcript file */
+ EXTERN bool	DontExpandCnames;	/* do not $[...$] expand CNAMEs */
+ EXTERN bool	DontInitGroups;	/* avoid initgroups() because of NIS cost */
+@@ -2519,8 +2518,8 @@
+ extern void	printqueue __P((void));
+ extern void	printrules __P((void));
+ extern pid_t	prog_open __P((char **, int *, ENVELOPE *));
+-extern void	putline __P((char *, MCI *));
+-extern void	putxline __P((char *, size_t, MCI *, int));
++extern bool	putline __P((char *, MCI *));
++extern bool	putxline __P((char *, size_t, MCI *, int));
+ extern void	queueup_macros __P((int, SM_FILE_T *, ENVELOPE *));
+ extern void	readcf __P((char *, bool, ENVELOPE *));
+ extern SIGFUNC_DECL	reapchild __P((int));
+Index: contrib/sendmail/src/sfsasl.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sfsasl.c,v
+retrieving revision 1.1.1.15
+diff -u -I__FBSDID -r1.1.1.15 sfsasl.c
+--- contrib/sendmail/src/sfsasl.c	14 Feb 2005 02:29:38 -0000	1.1.1.15
++++ contrib/sendmail/src/sfsasl.c	21 Mar 2006 12:37:50 -0000
+@@ -541,6 +541,125 @@
+ # define MAX_TLS_IOS	4
+ 
+ /*
++**  TLS_RETRY -- check whether a failed SSL operation can be retried
++**
++**	Parameters:
++**		ssl -- TLS structure
++**		rfd -- read fd
++**		wfd -- write fd
++**		tlsstart -- start time of TLS operation
++**		timeout -- timeout for TLS operation
++**		err -- SSL error
++**		where -- description of operation
++**
++**	Results:
++**		>0 on success
++**		0 on timeout
++**		<0 on error
++*/
++
++int
++tls_retry(ssl, rfd, wfd, tlsstart, timeout, err, where)
++	SSL *ssl;
++	int rfd;
++	int wfd;
++	time_t tlsstart;
++	int timeout;
++	int err;
++	const char *where;
++{
++	int ret;
++	time_t left;
++	time_t now = curtime();
++	struct timeval tv;
++
++	ret = -1;
++
++	/*
++	**  For SSL_ERROR_WANT_{READ,WRITE}:
++	**  There is not a complete SSL record available yet
++	**  or there is only a partial SSL record removed from
++	**  the network (socket) buffer into the SSL buffer.
++	**  The SSL_connect will only succeed when a full
++	**  SSL record is available (assuming a "real" error
++	**  doesn't happen). To handle when a "real" error
++	**  does happen the select is set for exceptions too.
++	**  The connection may be re-negotiated during this time
++	**  so both read and write "want errors" need to be handled.
++	**  A select() exception loops back so that a proper SSL
++	**  error message can be gotten.
++	*/
++
++	left = timeout - (now - tlsstart);
++	if (left <= 0)
++		return 0;	/* timeout */
++	tv.tv_sec = left;
++	tv.tv_usec = 0;
++
++	if (LogLevel > 14)
++	{
++		sm_syslog(LOG_INFO, NOQID,
++			  "STARTTLS=%s, info: fds=%d/%d, err=%d",
++			  where, rfd, wfd, err);
++	}
++
++	if (FD_SETSIZE > 0 &&
++	    ((err == SSL_ERROR_WANT_READ && rfd >= FD_SETSIZE) ||
++	     (err == SSL_ERROR_WANT_WRITE && wfd >= FD_SETSIZE)))
++	{
++		if (LogLevel > 5)
++		{
++			sm_syslog(LOG_ERR, NOQID,
++				  "STARTTLS=%s, error: fd %d/%d too large",
++				  where, rfd, wfd);
++		if (LogLevel > 8)
++			tlslogerr(where);
++		}
++		errno = EINVAL;
++	}
++	else if (err == SSL_ERROR_WANT_READ)
++	{
++		fd_set ssl_maskr, ssl_maskx;
++
++		FD_ZERO(&ssl_maskr);
++		FD_SET(rfd, &ssl_maskr);
++		FD_ZERO(&ssl_maskx);
++		FD_SET(rfd, &ssl_maskx);
++		do
++		{
++			ret = select(rfd + 1, &ssl_maskr, NULL, &ssl_maskx,
++					&tv);
++		} while (ret < 0 && errno == EINTR);
++		if (ret < 0 && errno > 0)
++			ret = -errno;
++	}
++	else if (err == SSL_ERROR_WANT_WRITE)
++	{
++		fd_set ssl_maskw, ssl_maskx;
++
++		FD_ZERO(&ssl_maskw);
++		FD_SET(wfd, &ssl_maskw);
++		FD_ZERO(&ssl_maskx);
++		FD_SET(rfd, &ssl_maskx);
++		do
++		{
++			ret = select(wfd + 1, NULL, &ssl_maskw, &ssl_maskx,
++					&tv);
++		} while (ret < 0 && errno == EINTR);
++		if (ret < 0 && errno > 0)
++			ret = -errno;
++	}
++	return ret;
++}
++
++/* errno to force refill() etc to stop (see IS_IO_ERROR()) */
++#ifdef ETIMEDOUT
++# define SM_ERR_TIMEOUT	ETIMEDOUT
++#else /* ETIMEDOUT */
++# define SM_ERR_TIMEOUT	EIO
++#endif /* ETIMEDOUT */
++
++/*
+ **  TLS_READ -- read secured information for the caller
+ **
+ **	Parameters:
+@@ -561,38 +680,42 @@
+ 	char *buf;
+ 	size_t size;
+ {
+-	int r;
+-	static int again = MAX_TLS_IOS;
++	int r, rfd, wfd, try, ssl_err;
+ 	struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
++	time_t tlsstart;
+ 	char *err;
+ 
++	try = 99;
++	err = NULL;
++	tlsstart = curtime();
++
++  retry:
+ 	r = SSL_read(so->con, (char *) buf, size);
+ 
+ 	if (r > 0)
+-	{
+-		again = MAX_TLS_IOS;
+ 		return r;
+-	}
+ 
+ 	err = NULL;
+-	switch (SSL_get_error(so->con, r))
++	switch (ssl_err = SSL_get_error(so->con, r))
+ 	{
+ 	  case SSL_ERROR_NONE:
+ 	  case SSL_ERROR_ZERO_RETURN:
+-		again = MAX_TLS_IOS;
+ 		break;
+ 	  case SSL_ERROR_WANT_WRITE:
+-		if (--again <= 0)
+-			err = "read W BLOCK";
+-		else
+-			errno = EAGAIN;
+-		break;
++		err = "read W BLOCK";
++		/* FALLTHROUGH */
+ 	  case SSL_ERROR_WANT_READ:
+-		if (--again <= 0)
++		if (err == NULL)
+ 			err = "read R BLOCK";
+-		else
+-			errno = EAGAIN;
++		rfd = SSL_get_rfd(so->con);
++		wfd = SSL_get_wfd(so->con);
++		try = tls_retry(so->con, rfd, wfd, tlsstart,
++				TimeOuts.to_datablock, ssl_err, "read");
++		if (try > 0)
++			goto retry;
++		errno = SM_ERR_TIMEOUT;
+ 		break;
++
+ 	  case SSL_ERROR_WANT_X509_LOOKUP:
+ 		err = "write X BLOCK";
+ 		break;
+@@ -625,15 +748,22 @@
+ 		int save_errno;
+ 
+ 		save_errno = (errno == 0) ? EIO : errno;
+-		again = MAX_TLS_IOS;
+-		if (LogLevel > 9)
++		if (try == 0 && save_errno == SM_ERR_TIMEOUT)
++		{
++			if (LogLevel > 7)
++				sm_syslog(LOG_WARNING, NOQID,
++					  "STARTTLS: read error=timeout");
++		}
++		else if (LogLevel > 8)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: read error=%s (%d), errno=%d, get_error=%s",
++				  "STARTTLS: read error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d",
+ 				  err, r, errno,
+-				  ERR_error_string(ERR_get_error(), NULL));
++				  ERR_error_string(ERR_get_error(), NULL), try,
++				  ssl_err);
+ 		else if (LogLevel > 7)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: read error=%s (%d)", err, r);
++				  "STARTTLS: read error=%s (%d), retry=%d, ssl_err=%d",
++				  err, r, errno, try, ssl_err);
+ 		errno = save_errno;
+ 	}
+ 	return r;
+@@ -660,36 +790,39 @@
+ 	const char *buf;
+ 	size_t size;
+ {
+-	int r;
+-	static int again = MAX_TLS_IOS;
++	int r, rfd, wfd, try, ssl_err;
+ 	struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
++	time_t tlsstart;
+ 	char *err;
+ 
++	try = 99;
++	err = NULL;
++	tlsstart = curtime();
++
++  retry:
+ 	r = SSL_write(so->con, (char *) buf, size);
+ 
+ 	if (r > 0)
+-	{
+-		again = MAX_TLS_IOS;
+ 		return r;
+-	}
+ 	err = NULL;
+-	switch (SSL_get_error(so->con, r))
++	switch (ssl_err = SSL_get_error(so->con, r))
+ 	{
+ 	  case SSL_ERROR_NONE:
+ 	  case SSL_ERROR_ZERO_RETURN:
+-		again = MAX_TLS_IOS;
+ 		break;
+ 	  case SSL_ERROR_WANT_WRITE:
+-		if (--again <= 0)
+-			err = "write W BLOCK";
+-		else
+-			errno = EAGAIN;
+-		break;
++		err = "read W BLOCK";
++		/* FALLTHROUGH */
+ 	  case SSL_ERROR_WANT_READ:
+-		if (--again <= 0)
+-			err = "write R BLOCK";
+-		else
+-			errno = EAGAIN;
++		if (err == NULL)
++			err = "read R BLOCK";
++		rfd = SSL_get_rfd(so->con);
++		wfd = SSL_get_wfd(so->con);
++		try = tls_retry(so->con, rfd, wfd, tlsstart,
++				DATA_PROGRESS_TIMEOUT, ssl_err, "write");
++		if (try > 0)
++			goto retry;
++		errno = SM_ERR_TIMEOUT;
+ 		break;
+ 	  case SSL_ERROR_WANT_X509_LOOKUP:
+ 		err = "write X BLOCK";
+@@ -722,15 +855,22 @@
+ 		int save_errno;
+ 
+ 		save_errno = (errno == 0) ? EIO : errno;
+-		again = MAX_TLS_IOS;
+-		if (LogLevel > 9)
++		if (try == 0 && save_errno == SM_ERR_TIMEOUT)
++		{
++			if (LogLevel > 7)
++				sm_syslog(LOG_WARNING, NOQID,
++					  "STARTTLS: write error=timeout");
++		}
++		else if (LogLevel > 8)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: write error=%s (%d), errno=%d, get_error=%s",
++				  "STARTTLS: write error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d",
+ 				  err, r, errno,
+-				  ERR_error_string(ERR_get_error(), NULL));
++				  ERR_error_string(ERR_get_error(), NULL), try,
++				  ssl_err);
+ 		else if (LogLevel > 7)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: write error=%s (%d)", err, r);
++				  "STARTTLS: write error=%s (%d), errno=%d, retry=%d, ssl_err=%d",
++				  err, r, errno, try, ssl_err);
+ 		errno = save_errno;
+ 	}
+ 	return r;
+Index: contrib/sendmail/src/sfsasl.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sfsasl.h,v
+retrieving revision 1.1.1.4
+diff -u -I__FBSDID -r1.1.1.4 sfsasl.h
+--- contrib/sendmail/src/sfsasl.h	11 Jun 2002 21:11:52 -0000	1.1.1.4
++++ contrib/sendmail/src/sfsasl.h	21 Mar 2006 12:37:50 -0000
+@@ -17,6 +17,8 @@
+ #endif /* SASL */
+ 
+ # if STARTTLS
++extern int	tls_retry __P((SSL *, int, int, time_t, int, int,
++				const char *));
+ extern int	sfdctls __P((SM_FILE_T **, SM_FILE_T **, SSL *));
+ # endif /* STARTTLS */
+ 
+Index: contrib/sendmail/src/srvrsmtp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/srvrsmtp.c,v
+retrieving revision 1.1.1.22
+diff -u -I__FBSDID -r1.1.1.22 srvrsmtp.c
+--- contrib/sendmail/src/srvrsmtp.c	7 Jun 2005 04:14:53 -0000	1.1.1.22
++++ contrib/sendmail/src/srvrsmtp.c	21 Mar 2006 12:37:51 -0000
+@@ -504,7 +504,6 @@
+ #endif /* SASL */
+ 	int r;
+ #if STARTTLS
+-	int fdfl;
+ 	int rfd, wfd;
+ 	volatile bool tls_active = false;
+ 	volatile bool smtps = bitnset(D_SMTPS, d_flags);
+@@ -1693,97 +1692,26 @@
+ #  define SSL_ACC(s)	SSL_accept(s)
+ 
+ 			tlsstart = curtime();
+-			fdfl = fcntl(rfd, F_GETFL);
+-			if (fdfl != -1)
+-				fcntl(rfd, F_SETFL, fdfl|O_NONBLOCK);
+   ssl_retry:
+ 			if ((r = SSL_ACC(srv_ssl)) <= 0)
+ 			{
+-				int i;
+-				bool timedout;
+-				time_t left;
+-				time_t now = curtime();
+-				struct timeval tv;
++				int i, ssl_err;
+ 
+-				/* what to do in this case? */
+-				i = SSL_get_error(srv_ssl, r);
++				ssl_err = SSL_get_error(srv_ssl, r);
++				i = tls_retry(srv_ssl, rfd, wfd, tlsstart,
++						TimeOuts.to_starttls, ssl_err,
++						"server");
++				if (i > 0)
++					goto ssl_retry;
+ 
+-				/*
+-				**  For SSL_ERROR_WANT_{READ,WRITE}:
+-				**  There is no SSL record available yet
+-				**  or there is only a partial SSL record
+-				**  removed from the network (socket) buffer
+-				**  into the SSL buffer. The SSL_accept will
+-				**  only succeed when a full SSL record is
+-				**  available (assuming a "real" error
+-				**  doesn't happen). To handle when a "real"
+-				**  error does happen the select is set for
+-				**  exceptions too.
+-				**  The connection may be re-negotiated
+-				**  during this time so both read and write
+-				**  "want errors" need to be handled.
+-				**  A select() exception loops back so that
+-				**  a proper SSL error message can be gotten.
+-				*/
+-
+-				left = TimeOuts.to_starttls - (now - tlsstart);
+-				timedout = left <= 0;
+-				if (!timedout)
+-				{
+-					tv.tv_sec = left;
+-					tv.tv_usec = 0;
+-				}
+-
+-				if (!timedout && FD_SETSIZE > 0 &&
+-				    (rfd >= FD_SETSIZE ||
+-				     (i == SSL_ERROR_WANT_WRITE &&
+-				      wfd >= FD_SETSIZE)))
+-				{
+-					if (LogLevel > 5)
+-					{
+-						sm_syslog(LOG_ERR, NOQID,
+-							  "STARTTLS=server, error: fd %d/%d too large",
+-							  rfd, wfd);
+-						if (LogLevel > 8)
+-							tlslogerr("server");
+-					}
+-					goto tlsfail;
+-				}
+-
+-				/* XXX what about SSL_pending() ? */
+-				if (!timedout && i == SSL_ERROR_WANT_READ)
+-				{
+-					fd_set ssl_maskr, ssl_maskx;
+-
+-					FD_ZERO(&ssl_maskr);
+-					FD_SET(rfd, &ssl_maskr);
+-					FD_ZERO(&ssl_maskx);
+-					FD_SET(rfd, &ssl_maskx);
+-					if (select(rfd + 1, &ssl_maskr, NULL,
+-						   &ssl_maskx, &tv) > 0)
+-						goto ssl_retry;
+-				}
+-				if (!timedout && i == SSL_ERROR_WANT_WRITE)
+-				{
+-					fd_set ssl_maskw, ssl_maskx;
+-
+-					FD_ZERO(&ssl_maskw);
+-					FD_SET(wfd, &ssl_maskw);
+-					FD_ZERO(&ssl_maskx);
+-					FD_SET(rfd, &ssl_maskx);
+-					if (select(wfd + 1, NULL, &ssl_maskw,
+-						   &ssl_maskx, &tv) > 0)
+-						goto ssl_retry;
+-				}
+ 				if (LogLevel > 5)
+ 				{
+ 					sm_syslog(LOG_WARNING, NOQID,
+-						  "STARTTLS=server, error: accept failed=%d, SSL_error=%d, timedout=%d, errno=%d",
+-						  r, i, (int) timedout, errno);
++						  "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d",
++						  r, ssl_err, errno, i);
+ 					if (LogLevel > 8)
+ 						tlslogerr("server");
+ 				}
+-tlsfail:
+ 				tls_ok_srv = false;
+ 				SSL_free(srv_ssl);
+ 				srv_ssl = NULL;
+@@ -1798,9 +1726,6 @@
+ 				goto doquit;
+ 			}
+ 
+-			if (fdfl != -1)
+-				fcntl(rfd, F_SETFL, fdfl);
+-
+ 			/* ignore return code for now, it's in {verify} */
+ 			(void) tls_get_info(srv_ssl, true,
+ 					    CurSmtpClient,
+Index: contrib/sendmail/src/usersmtp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/usersmtp.c,v
+retrieving revision 1.1.1.21
+diff -u -I__FBSDID -r1.1.1.21 usersmtp.c
+--- contrib/sendmail/src/usersmtp.c	7 Jun 2005 04:14:58 -0000	1.1.1.21
++++ contrib/sendmail/src/usersmtp.c	21 Mar 2006 12:37:53 -0000
+@@ -18,7 +18,6 @@
+ #include <sysexits.h>
+ 
+ 
+-static void	datatimeout __P((int));
+ static void	esmtp_check __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
+ static void	helo_options __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
+ static int	smtprcptstat __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *));
+@@ -2491,9 +2490,6 @@
+ **		exit status corresponding to DATA command.
+ */
+ 
+-static jmp_buf	CtxDataTimeout;
+-static SM_EVENT	*volatile DataTimeout = NULL;
+-
+ int
+ smtpdata(m, mci, e, ctladdr, xstart)
+ 	MAILER *m;
+@@ -2629,43 +2625,22 @@
+ 	**  factor.  The main thing is that it should not be infinite.
+ 	*/
+ 
+-	if (setjmp(CtxDataTimeout) != 0)
+-	{
+-		mci->mci_errno = errno;
+-		mci->mci_state = MCIS_ERROR;
+-		mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
+-
+-		/*
+-		**  If putbody() couldn't finish due to a timeout,
+-		**  rewind it here in the timeout handler.  See
+-		**  comments at the end of putbody() for reasoning.
+-		*/
+-
+-		if (e->e_dfp != NULL)
+-			(void) bfrewind(e->e_dfp);
+-
+-		errno = mci->mci_errno;
+-		syserr("451 4.4.1 timeout writing message to %s", CurHostName);
+-		smtpquit(m, mci, e);
+-		return EX_TEMPFAIL;
+-	}
+-
+ 	if (tTd(18, 101))
+ 	{
+ 		/* simulate a DATA timeout */
+-		timeout = 1;
++		timeout = 10;
+ 	}
+ 	else
+-		timeout = DATA_PROGRESS_TIMEOUT;
+-
+-	DataTimeout = sm_setevent(timeout, datatimeout, 0);
++		timeout = DATA_PROGRESS_TIMEOUT * 1000;
++	sm_io_setinfo(mci->mci_out, SM_IO_WHAT_TIMEOUT, &timeout);
+ 
+ 
+ 	/*
+ 	**  Output the actual message.
+ 	*/
+ 
+-	(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
++	if (!(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER))
++		goto writeerr;
+ 
+ 	if (tTd(18, 101))
+ 	{
+@@ -2673,14 +2648,13 @@
+ 		(void) sleep(2);
+ 	}
+ 
+-	(*e->e_putbody)(mci, e, NULL);
++	if (!(*e->e_putbody)(mci, e, NULL))
++		goto writeerr;
+ 
+ 	/*
+ 	**  Cleanup after sending message.
+ 	*/
+ 
+-	if (DataTimeout != NULL)
+-		sm_clrevent(DataTimeout);
+ 
+ #if PIPELINING
+ 	}
+@@ -2720,7 +2694,9 @@
+ 	}
+ 
+ 	/* terminate the message */
+-	(void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s", m->m_eol);
++	if (sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s", m->m_eol) ==
++								SM_IO_EOF)
++		goto writeerr;
+ 	if (TrafficLogFile != NULL)
+ 		(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
+ 				     "%05d >>> .\n", (int) CurrentPid);
+@@ -2771,51 +2747,27 @@
+ 			  shortenstring(SmtpReplyBuffer, 403));
+ 	}
+ 	return rstat;
+-}
+ 
+-static void
+-datatimeout(ignore)
+-	int ignore;
+-{
+-	int save_errno = errno;
++  writeerr:
++	mci->mci_errno = errno;
++	mci->mci_state = MCIS_ERROR;
++	mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
+ 
+ 	/*
+-	**  NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER.  DO NOT ADD
+-	**	ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
+-	**	DOING.
++	**  If putbody() couldn't finish due to a timeout,
++	**  rewind it here in the timeout handler.  See
++	**  comments at the end of putbody() for reasoning.
+ 	*/
+ 
+-	if (DataProgress)
+-	{
+-		time_t timeout;
+-
+-		/* check back again later */
+-		if (tTd(18, 101))
+-		{
+-			/* simulate a DATA timeout */
+-			timeout = 1;
+-		}
+-		else
+-			timeout = DATA_PROGRESS_TIMEOUT;
+-
+-		/* reset the timeout */
+-		DataTimeout = sm_sigsafe_setevent(timeout, datatimeout, 0);
+-		DataProgress = false;
+-	}
+-	else
+-	{
+-		/* event is done */
+-		DataTimeout = NULL;
+-	}
++	if (e->e_dfp != NULL)
++		(void) bfrewind(e->e_dfp);
+ 
+-	/* if no progress was made or problem resetting event, die now */
+-	if (DataTimeout == NULL)
+-	{
+-		errno = ETIMEDOUT;
+-		longjmp(CtxDataTimeout, 1);
+-	}
+-	errno = save_errno;
++	errno = mci->mci_errno;
++	syserr("451 4.4.1 timeout writing message to %s", CurHostName);
++	smtpquit(m, mci, e);
++	return EX_TEMPFAIL;
+ }
++
+ /*
+ **  SMTPGETSTAT -- get status code from DATA in LMTP
+ **
+Index: contrib/sendmail/src/util.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/util.c,v
+retrieving revision 1.1.1.18
+diff -u -I__FBSDID -r1.1.1.18 util.c
+--- contrib/sendmail/src/util.c	14 Feb 2005 02:29:40 -0000	1.1.1.18
++++ contrib/sendmail/src/util.c	21 Mar 2006 12:37:53 -0000
+@@ -456,6 +456,8 @@
+ {
+ 	register char *p;
+ 
++	SM_REQUIRE(sz >= 0);
++
+ 	/* some systems can't handle size zero mallocs */
+ 	if (sz <= 0)
+ 		sz = 1;
+@@ -970,18 +972,18 @@
+ **		mci -- the mailer connection information.
+ **
+ **	Returns:
+-**		none
++**		true iff line was written successfully
+ **
+ **	Side Effects:
+ **		output of l to mci->mci_out.
+ */
+ 
+-void
++bool
+ putline(l, mci)
+ 	register char *l;
+ 	register MCI *mci;
+ {
+-	putxline(l, strlen(l), mci, PXLF_MAPFROM);
++	return putxline(l, strlen(l), mci, PXLF_MAPFROM);
+ }
+ /*
+ **  PUTXLINE -- putline with flags bits.
+@@ -1000,13 +1002,13 @@
+ **		    PXLF_NOADDEOL -- don't add an EOL if one wasn't present.
+ **
+ **	Returns:
+-**		none
++**		true iff line was written successfully
+ **
+ **	Side Effects:
+ **		output of l to mci->mci_out.
+ */
+ 
+-void
++bool
+ putxline(l, len, mci, pxflags)
+ 	register char *l;
+ 	size_t len;
+@@ -1058,11 +1060,6 @@
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+ 					       '.') == SM_IO_EOF)
+ 					dead = true;
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 				if (TrafficLogFile != NULL)
+ 					(void) sm_io_putc(TrafficLogFile,
+ 							  SM_TIME_DEFAULT, '.');
+@@ -1075,11 +1072,6 @@
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+ 					       '>') == SM_IO_EOF)
+ 					dead = true;
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 				if (TrafficLogFile != NULL)
+ 					(void) sm_io_putc(TrafficLogFile,
+ 							  SM_TIME_DEFAULT,
+@@ -1091,16 +1083,11 @@
+ 			while (l < q)
+ 			{
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+-					       (unsigned char) *l++) == SM_IO_EOF)
++				       (unsigned char) *l++) == SM_IO_EOF)
+ 				{
+ 					dead = true;
+ 					break;
+ 				}
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 			}
+ 			if (dead)
+ 				break;
+@@ -1116,11 +1103,6 @@
+ 				dead = true;
+ 				break;
+ 			}
+-			else
+-			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
+-			}
+ 			if (TrafficLogFile != NULL)
+ 			{
+ 				for (l = l_base; l < q; l++)
+@@ -1144,11 +1126,9 @@
+ 		{
+ 			if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, '.') ==
+ 			    SM_IO_EOF)
+-				break;
+-			else
+ 			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
++				dead = true;
++				break;
+ 			}
+ 			if (TrafficLogFile != NULL)
+ 				(void) sm_io_putc(TrafficLogFile,
+@@ -1161,11 +1141,9 @@
+ 		{
+ 			if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, '>') ==
+ 			    SM_IO_EOF)
+-				break;
+-			else
+ 			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
++				dead = true;
++				break;
+ 			}
+ 			if (TrafficLogFile != NULL)
+ 				(void) sm_io_putc(TrafficLogFile,
+@@ -1183,11 +1161,6 @@
+ 				dead = true;
+ 				break;
+ 			}
+-			else
+-			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
+-			}
+ 		}
+ 		if (dead)
+ 			break;
+@@ -1198,11 +1171,9 @@
+ 		if ((!bitset(PXLF_NOADDEOL, pxflags) || !noeol) &&
+ 		    sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
+ 				mci->mci_mailer->m_eol) == SM_IO_EOF)
+-			break;
+-		else
+ 		{
+-			/* record progress for DATA timeout */
+-			DataProgress = true;
++			dead = true;
++			break;
+ 		}
+ 		if (l < end && *l == '\n')
+ 		{
+@@ -1211,11 +1182,9 @@
+ 			{
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+ 					       ' ') == SM_IO_EOF)
+-					break;
+-				else
+ 				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
++					dead = true;
++					break;
+ 				}
+ 
+ 				if (TrafficLogFile != NULL)
+@@ -1224,10 +1193,10 @@
+ 			}
+ 		}
+ 
+-		/* record progress for DATA timeout */
+-		DataProgress = true;
+ 	} while (l < end);
++	return !dead;
+ }
++
+ /*
+ **  XUNLINK -- unlink a file, doing logging as appropriate.
+ **
+@@ -2433,6 +2402,7 @@
+ 				*h++ = 'r';
+ 				break;
+ 			  default:
++				SM_ASSERT(l >= 2);
+ 				(void) sm_snprintf(h, l, "%03o",
+ 					(unsigned int)((unsigned char) c));
+ 
diff --git a/share/security/patches/SA-06:13/sendmail.patch.asc b/share/security/patches/SA-06:13/sendmail.patch.asc
new file mode 100644
index 0000000000..a6d5ad1d23
--- /dev/null
+++ b/share/security/patches/SA-06:13/sendmail.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2.2 (FreeBSD)
+
+iD8DBQBEISknFdaIBMps37IRAiloAJ0YLEP9c2d0tqyTXZTmmNYnmWXZjACeP5GH
++1rR1/eHzDZt0NnhB5PuSPU=
+=zz1D
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:13/sendmail410.patch b/share/security/patches/SA-06:13/sendmail410.patch
new file mode 100644
index 0000000000..3bf56d0550
--- /dev/null
+++ b/share/security/patches/SA-06:13/sendmail410.patch
@@ -0,0 +1,2936 @@
+Index: contrib/sendmail/libsm/fflush.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/libsm/fflush.c,v
+retrieving revision 1.1.1.1.2.1
+diff -u -I__FBSDID -r1.1.1.1.2.1 fflush.c
+--- contrib/sendmail/libsm/fflush.c	25 Mar 2002 21:25:20 -0000	1.1.1.1.2.1
++++ contrib/sendmail/libsm/fflush.c	22 Mar 2006 04:22:59 -0000
+@@ -145,6 +145,7 @@
+ 				return SM_IO_EOF;
+ 			}
+ 			SM_IO_WR_TIMEOUT(fp, fd, *timeout);
++			t = 0;
+ 		}
+ 	}
+ 	return 0;
+Index: contrib/sendmail/libsm/local.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/libsm/local.h,v
+retrieving revision 1.1.1.1.2.4
+diff -u -I__FBSDID -r1.1.1.1.2.4 local.h
+--- contrib/sendmail/libsm/local.h	22 Feb 2004 04:25:41 -0000	1.1.1.1.2.4
++++ contrib/sendmail/libsm/local.h	22 Mar 2006 04:22:59 -0000
+@@ -192,7 +192,7 @@
+ 	else \
+ 	{ \
+ 		(time)->tv_sec = (val) / 1000; \
+-		(time)->tv_usec = ((val) - ((time)->tv_sec * 1000)) * 10; \
++		(time)->tv_usec = ((val) - ((time)->tv_sec * 1000)) * 1000; \
+ 	} \
+ 	if ((val) == SM_TIME_FOREVER) \
+ 	{ \
+@@ -276,7 +276,7 @@
+ 	else \
+ 	{ \
+ 		sm_io_to.tv_sec = (to) / 1000; \
+-		sm_io_to.tv_usec = ((to) - (sm_io_to.tv_sec * 1000)) * 10; \
++		sm_io_to.tv_usec = ((to) - (sm_io_to.tv_sec * 1000)) * 1000; \
+ 	} \
+ 	if (FD_SETSIZE > 0 && (fd) >= FD_SETSIZE) \
+ 	{ \
+@@ -289,8 +289,11 @@
+ 	FD_SET((fd), &sm_io_x_mask); \
+ 	if (gettimeofday(&sm_io_to_before, NULL) < 0) \
+ 		return SM_IO_EOF; \
+-	sm_io_to_sel = select((fd) + 1, NULL, &sm_io_to_mask, &sm_io_x_mask, \
+-			      &sm_io_to); \
++	do \
++	{	\
++		sm_io_to_sel = select((fd) + 1, NULL, &sm_io_to_mask, \
++					&sm_io_x_mask, &sm_io_to); \
++	} while (sm_io_to_sel < 0 && errno == EINTR); \
+ 	if (sm_io_to_sel < 0) \
+ 	{ \
+ 		/* something went wrong, errno set */ \
+@@ -305,10 +308,9 @@
+ 	/* else loop again */ \
+ 	if (gettimeofday(&sm_io_to_after, NULL) < 0) \
+ 		return SM_IO_EOF; \
+-	timersub(&sm_io_to_before, &sm_io_to_after, &sm_io_to_diff); \
+-	timersub(&sm_io_to, &sm_io_to_diff, &sm_io_to); \
+-	(to) -= (sm_io_to.tv_sec * 1000); \
+-	(to) -= (sm_io_to.tv_usec / 10); \
++	timersub(&sm_io_to_after, &sm_io_to_before, &sm_io_to_diff); \
++	(to) -= (sm_io_to_diff.tv_sec * 1000); \
++	(to) -= (sm_io_to_diff.tv_usec / 1000); \
+ 	if ((to) < 0) \
+ 		(to) = 0; \
+ }
+Index: contrib/sendmail/libsm/refill.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/libsm/refill.c,v
+retrieving revision 1.1.1.1.2.2
+diff -u -I__FBSDID -r1.1.1.1.2.2 refill.c
+--- contrib/sendmail/libsm/refill.c	13 Feb 2003 18:03:16 -0000	1.1.1.1.2.2
++++ contrib/sendmail/libsm/refill.c	22 Mar 2006 04:22:59 -0000
+@@ -76,8 +76,11 @@
+ 	FD_SET((fd), &sm_io_x_mask);					\
+ 	if (gettimeofday(&sm_io_to_before, NULL) < 0)			\
+ 		return SM_IO_EOF;					\
+-	(sel_ret) = select((fd) + 1, &sm_io_to_mask, NULL,		\
+-			   &sm_io_x_mask, (to));			\
++	do								\
++	{								\
++		(sel_ret) = select((fd) + 1, &sm_io_to_mask, NULL,	\
++			   	&sm_io_x_mask, (to));			\
++	} while ((sel_ret) < 0 && errno == EINTR);			\
+ 	if ((sel_ret) < 0)						\
+ 	{								\
+ 		/* something went wrong, errno set */			\
+@@ -94,7 +97,7 @@
+ 	/* calulate wall-clock time used */				\
+ 	if (gettimeofday(&sm_io_to_after, NULL) < 0)			\
+ 		return SM_IO_EOF;					\
+-	timersub(&sm_io_to_before, &sm_io_to_after, &sm_io_to_diff);	\
++	timersub(&sm_io_to_after, &sm_io_to_before, &sm_io_to_diff);	\
+ 	timersub((to), &sm_io_to_diff, (to));				\
+ }
+ 
+Index: contrib/sendmail/src/collect.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/collect.c,v
+retrieving revision 1.1.1.4.2.13
+diff -u -I__FBSDID -r1.1.1.4.2.13 collect.c
+--- contrib/sendmail/src/collect.c	30 Oct 2003 22:31:43 -0000	1.1.1.4.2.13
++++ contrib/sendmail/src/collect.c	22 Mar 2006 04:23:00 -0000
+@@ -15,7 +15,6 @@
+ 
+ SM_RCSID("@(#)$Id: collect.c,v 8.242.2.8 2003/07/08 01:16:35 ca Exp $")
+ 
+-static void	collecttimeout __P((time_t));
+ static void	dferror __P((SM_FILE_T *volatile, char *, ENVELOPE *));
+ static void	eatfrom __P((char *volatile, ENVELOPE *));
+ static void	collect_doheader __P((ENVELOPE *));
+@@ -264,10 +263,6 @@
+ **		If data file cannot be created, the process is terminated.
+ */
+ 
+-static jmp_buf	CtxCollectTimeout;
+-static bool	volatile CollectProgress;
+-static SM_EVENT	*volatile CollectTimeout = NULL;
+-
+ /* values for input state machine */
+ #define IS_NORM		0	/* middle of line */
+ #define IS_BOL		1	/* beginning of line */
+@@ -290,26 +285,30 @@
+ 	bool rsetsize;
+ {
+ 	register SM_FILE_T *volatile df;
+-	volatile bool ignrdot;
+-	volatile time_t dbto;
++	bool ignrdot;
++	int dbto;
+ 	register char *volatile bp;
+-	volatile int c;
+-	volatile bool inputerr;
++	int c;
++	bool inputerr;
+ 	bool headeronly;
+-	char *volatile buf;
+-	volatile int buflen;
+-	volatile int istate;
+-	volatile int mstate;
+-	volatile int hdrslen;
+-	volatile int numhdrs;
+-	volatile int afd;
+-	unsigned char *volatile pbp;
++	char *buf;
++	int buflen;
++	int istate;
++	int mstate;
++	int hdrslen;
++	int numhdrs;
++	int afd;
++	unsigned char *pbp;
+ 	unsigned char peekbuf[8];
+ 	char bufbuf[MAXLINE];
+ 
+ 	df = NULL;
+ 	ignrdot = smtpmode ? false : IgnrDot;
+-	dbto = smtpmode ? TimeOuts.to_datablock : 0;
++
++	/* timeout for I/O functions is in milliseconds */
++	dbto = smtpmode ? ((int) TimeOuts.to_datablock * 1000)
++			: SM_TIME_FOREVER;
++	sm_io_setinfo(fp, SM_IO_WHAT_TIMEOUT, &dbto);
+ 	c = SM_IO_EOF;
+ 	inputerr = false;
+ 	headeronly = hdrp != NULL;
+@@ -321,7 +320,6 @@
+ 	pbp = peekbuf;
+ 	istate = IS_BOL;
+ 	mstate = SaveFrom ? MS_HEADER : MS_UFROM;
+-	CollectProgress = false;
+ 
+ 	/*
+ 	**  Tell ARPANET to go ahead.
+@@ -342,32 +340,6 @@
+ 	**	the larger picture (e.g., header versus body).
+ 	*/
+ 
+-	if (dbto != 0)
+-	{
+-		/* handle possible input timeout */
+-		if (setjmp(CtxCollectTimeout) != 0)
+-		{
+-			if (LogLevel > 2)
+-				sm_syslog(LOG_NOTICE, e->e_id,
+-					  "timeout waiting for input from %s during message collect",
+-					  CURHOSTNAME);
+-			errno = 0;
+-			if (smtpmode)
+-			{
+-				/*
+-				**  Override e_message in usrerr() as this
+-				**  is the reason for failure that should
+-				**  be logged for undelivered recipients.
+-				*/
+-
+-				e->e_message = NULL;
+-			}
+-			usrerr("451 4.4.1 timeout waiting for input during message collect");
+-			goto readerr;
+-		}
+-		CollectTimeout = sm_setevent(dbto, collecttimeout, dbto);
+-	}
+-
+ 	if (rsetsize)
+ 		e->e_msgsize = 0;
+ 	for (;;)
+@@ -391,9 +363,26 @@
+ 						sm_io_clearerr(fp);
+ 						continue;
+ 					}
++
++					/* timeout? */
++					if (c == SM_IO_EOF && errno == EAGAIN
++					    && smtpmode)
++					{
++						/*
++						**  Override e_message in
++						**  usrerr() as this is the
++						**  reason for failure that
++						**  should be logged for
++						**  undelivered recipients.
++						*/
++
++						e->e_message = NULL;
++						errno = 0;
++						inputerr = true;
++						goto readabort;
++					}
+ 					break;
+ 				}
+-				CollectProgress = true;
+ 				if (TrafficLogFile != NULL && !headeronly)
+ 				{
+ 					if (istate == IS_BOL)
+@@ -540,6 +529,18 @@
+ 					buflen *= 2;
+ 				else
+ 					buflen += MEMCHUNKSIZE;
++				if (buflen <= 0)
++				{
++					sm_syslog(LOG_NOTICE, e->e_id,
++						  "header overflow from %s during message collect",
++						  CURHOSTNAME);
++					errno = 0;
++					e->e_flags |= EF_CLRQUEUE;
++					e->e_status = "5.6.0";
++					usrerrenh(e->e_status,
++						  "552 Headers too large");
++					goto discard;
++				}
+ 				buf = xalloc(buflen);
+ 				memmove(buf, obuf, bp - obuf);
+ 				bp = &buf[bp - obuf];
+@@ -583,6 +584,7 @@
+ 					usrerrenh(e->e_status,
+ 						  "552 Headers too large (%d max)",
+ 						  MaxHeadersLength);
++  discard:
+ 					mstate = MS_DISCARD;
+ 				}
+ 			}
+@@ -622,6 +624,24 @@
+ 				sm_io_clearerr(fp);
+ 				errno = 0;
+ 				c = sm_io_getc(fp, SM_TIME_DEFAULT);
++
++				/* timeout? */
++				if (c == SM_IO_EOF && errno == EAGAIN
++				    && smtpmode)
++				{
++					/*
++					**  Override e_message in
++					**  usrerr() as this is the
++					**  reason for failure that
++					**  should be logged for
++					**  undelivered recipients.
++					*/
++
++					e->e_message = NULL;
++					errno = 0;
++					inputerr = true;
++					goto readabort;
++				}
+ 			} while (c == SM_IO_EOF && errno == EINTR);
+ 			if (c != SM_IO_EOF)
+ 				(void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
+@@ -631,8 +651,12 @@
+ 				continue;
+ 			}
+ 
+-			/* trim off trailing CRLF or NL */
+ 			SM_ASSERT(bp > buf);
++
++			/* guaranteed by isheader(buf) */
++			SM_ASSERT(*(bp - 1) != '\n' || bp > buf + 1);
++
++			/* trim off trailing CRLF or NL */
+ 			if (*--bp != '\n' || *--bp != '\r')
+ 				bp++;
+ 			*bp = '\0';
+@@ -698,10 +722,6 @@
+ 		inputerr = true;
+ 	}
+ 
+-	/* reset global timer */
+-	if (CollectTimeout != NULL)
+-		sm_clrevent(CollectTimeout);
+-
+ 	if (headeronly)
+ 		return;
+ 
+@@ -779,6 +799,7 @@
+ 	}
+ 
+ 	/* An EOF when running SMTP is an error */
++  readabort:
+ 	if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
+ 	{
+ 		char *host;
+@@ -801,13 +822,14 @@
+ 				problem, host,
+ 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
+ 		if (sm_io_eof(fp))
+-			usrerr("451 4.4.1 collect: %s on connection from %s, from=%s",
++			usrerr("421 4.4.1 collect: %s on connection from %s, from=%s",
+ 				problem, host,
+ 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
+ 		else
+-			syserr("451 4.4.1 collect: %s on connection from %s, from=%s",
++			syserr("421 4.4.1 collect: %s on connection from %s, from=%s",
+ 				problem, host,
+ 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
++		flush_errors(true);
+ 
+ 		/* don't return an error indication */
+ 		e->e_to = NULL;
+@@ -904,39 +926,6 @@
+ 	}
+ }
+ 
+-static void
+-collecttimeout(timeout)
+-	time_t timeout;
+-{
+-	int save_errno = errno;
+-
+-	/*
+-	**  NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER.  DO NOT ADD
+-	**	ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
+-	**	DOING.
+-	*/
+-
+-	if (CollectProgress)
+-	{
+-		/* reset the timeout */
+-		CollectTimeout = sm_sigsafe_setevent(timeout, collecttimeout,
+-						     timeout);
+-		CollectProgress = false;
+-	}
+-	else
+-	{
+-		/* event is done */
+-		CollectTimeout = NULL;
+-	}
+-
+-	/* if no progress was made or problem resetting event, die now */
+-	if (CollectTimeout == NULL)
+-	{
+-		errno = ETIMEDOUT;
+-		longjmp(CtxCollectTimeout, 1);
+-	}
+-	errno = save_errno;
+-}
+ /*
+ **  DFERROR -- signal error on writing the data file.
+ **
+Index: contrib/sendmail/src/conf.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/conf.c,v
+retrieving revision 1.5.2.16
+diff -u -I__FBSDID -r1.5.2.16 conf.c
+--- contrib/sendmail/src/conf.c	22 Feb 2004 04:25:41 -0000	1.5.2.16
++++ contrib/sendmail/src/conf.c	22 Mar 2006 04:23:03 -0000
+@@ -5210,8 +5210,8 @@
+ 	va_dcl
+ #endif /* __STDC__ */
+ {
+-	static char *buf = NULL;
+-	static size_t bufsize;
++	char *buf;
++	size_t bufsize;
+ 	char *begin, *end;
+ 	int save_errno;
+ 	int seq = 1;
+@@ -5235,11 +5235,8 @@
+ 	else
+ 		idlen = strlen(id) + SyslogPrefixLen;
+ 
+-	if (buf == NULL)
+-	{
+-		buf = buf0;
+-		bufsize = sizeof buf0;
+-	}
++	buf = buf0;
++	bufsize = sizeof buf0;
+ 
+ 	for (;;)
+ 	{
+@@ -5281,8 +5278,8 @@
+ 			(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+ 					     "%s: %s\n", id, newstring);
+ #endif /* LOG */
+-		if (buf == buf0)
+-			buf = NULL;
++		if (buf != buf0)
++			sm_free(buf);
+ 		errno = save_errno;
+ 		return;
+ 	}
+@@ -5346,8 +5343,8 @@
+ 		(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+ 				     "%s[%d]: %s\n", id, seq, begin);
+ #endif /* LOG */
+-	if (buf == buf0)
+-		buf = NULL;
++	if (buf != buf0)
++		sm_free(buf);
+ 	errno = save_errno;
+ }
+ /*
+Index: contrib/sendmail/src/deliver.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/deliver.c,v
+retrieving revision 1.1.1.3.2.16
+diff -u -I__FBSDID -r1.1.1.3.2.16 deliver.c
+--- contrib/sendmail/src/deliver.c	22 Feb 2004 04:25:42 -0000	1.1.1.3.2.16
++++ contrib/sendmail/src/deliver.c	22 Mar 2006 04:23:05 -0000
+@@ -3219,16 +3219,33 @@
+ 	}
+ 	else if (!clever)
+ 	{
++		bool ok;
++
+ 		/*
+ 		**  Format and send message.
+ 		*/
+ 
+-		putfromline(mci, e);
+-		(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
+-		(*e->e_putbody)(mci, e, NULL);
++		rcode = EX_OK;
++		errno = 0;
++		ok = putfromline(mci, e);
++		if (ok)
++			ok = (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
++		if (ok)
++			ok = (*e->e_putbody)(mci, e, NULL);
+ 
+-		/* get the exit status */
++		/*
++		**  Ignore an I/O error that was caused by EPIPE.
++		**  Some broken mailers don't read the entire body
++		**  but just exit() thus causing an I/O error.
++		*/
++
++		if (!ok && (sm_io_error(mci->mci_out) && errno == EPIPE))
++			ok = true;
++
++		/* (always) get the exit status */
+ 		rcode = endmailer(mci, e, pv);
++		if (!ok)
++			rcode = EX_TEMPFAIL;
+ 		if (rcode == EX_TEMPFAIL && SmtpError[0] == '\0')
+ 		{
+ 			/*
+@@ -4380,13 +4397,13 @@
+ **		e -- the envelope.
+ **
+ **	Returns:
+-**		none
++**		true iff line was written successfully
+ **
+ **	Side Effects:
+ **		outputs some text to fp.
+ */
+ 
+-void
++bool
+ putfromline(mci, e)
+ 	register MCI *mci;
+ 	ENVELOPE *e;
+@@ -4396,7 +4413,7 @@
+ 	char xbuf[MAXLINE];
+ 
+ 	if (bitnset(M_NHDR, mci->mci_mailer->m_flags))
+-		return;
++		return true;
+ 
+ 	mci->mci_flags |= MCIF_INHEADER;
+ 
+@@ -4437,8 +4454,9 @@
+ 		}
+ 	}
+ 	expand(template, buf, sizeof buf, e);
+-	putxline(buf, strlen(buf), mci, PXLF_HEADER);
++	return putxline(buf, strlen(buf), mci, PXLF_HEADER);
+ }
++
+ /*
+ **  PUTBODY -- put the body of a message.
+ **
+@@ -4449,7 +4467,7 @@
+ **			not be permitted in the resulting message.
+ **
+ **	Returns:
+-**		none.
++**		true iff message was written successfully
+ **
+ **	Side Effects:
+ **		The message is written onto fp.
+@@ -4460,13 +4478,15 @@
+ #define OS_CR		1	/* read a carriage return */
+ #define OS_INLINE	2	/* putting rest of line */
+ 
+-void
++bool
+ putbody(mci, e, separator)
+ 	register MCI *mci;
+ 	register ENVELOPE *e;
+ 	char *separator;
+ {
+ 	bool dead = false;
++	bool ioerr = false;
++	int save_errno;
+ 	char buf[MAXLINE];
+ #if MIME8TO7
+ 	char *boundaries[MAXMIMENESTING + 1];
+@@ -4496,10 +4516,12 @@
+ 	{
+ 		if (bitset(MCIF_INHEADER, mci->mci_flags))
+ 		{
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 			mci->mci_flags &= ~MCIF_INHEADER;
+ 		}
+-		putline("<<< No Message Collected >>>", mci);
++		if (!putline("<<< No Message Collected >>>", mci))
++			goto writeerr;
+ 		goto endofmessage;
+ 	}
+ 
+@@ -4528,26 +4550,31 @@
+ 		*/
+ 
+ 		/* make sure it looks like a MIME message */
+-		if (hvalue("MIME-Version", e->e_header) == NULL)
+-			putline("MIME-Version: 1.0", mci);
++		if (hvalue("MIME-Version", e->e_header) == NULL &&
++		    !putline("MIME-Version: 1.0", mci))
++			goto writeerr;
+ 
+ 		if (hvalue("Content-Type", e->e_header) == NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 					   "Content-Type: text/plain; charset=%s",
+ 					   defcharset(e));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/* now do the hard work */
+ 		boundaries[0] = NULL;
+ 		mci->mci_flags |= MCIF_INHEADER;
+-		(void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER);
++		if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER) ==
++								SM_IO_EOF)
++			goto writeerr;
+ 	}
+ # if MIME7TO8
+ 	else if (bitset(MCIF_CVT7TO8, mci->mci_flags))
+ 	{
+-		(void) mime7to8(mci, e->e_header, e);
++		if (!mime7to8(mci, e->e_header, e))
++			goto writeerr;
+ 	}
+ # endif /* MIME7TO8 */
+ 	else if (MaxMimeHeaderLength > 0 || MaxMimeFieldLength > 0)
+@@ -4569,8 +4596,9 @@
+ 		if (bitset(EF_DONT_MIME, e->e_flags))
+ 			SuprErrs = true;
+ 
+-		(void) mime8to7(mci, e->e_header, e, boundaries,
+-				M87F_OUTER|M87F_NO8TO7);
++		if (mime8to7(mci, e->e_header, e, boundaries,
++				M87F_OUTER|M87F_NO8TO7) == SM_IO_EOF)
++			goto writeerr;
+ 
+ 		/* restore SuprErrs */
+ 		SuprErrs = oldsuprerrs;
+@@ -4590,7 +4618,8 @@
+ 
+ 		if (bitset(MCIF_INHEADER, mci->mci_flags))
+ 		{
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 			mci->mci_flags &= ~MCIF_INHEADER;
+ 		}
+ 
+@@ -4681,11 +4710,6 @@
+ 						dead = true;
+ 						continue;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos++;
+ 				}
+ 				for (xp = buf; xp < bp; xp++)
+@@ -4698,11 +4722,6 @@
+ 						dead = true;
+ 						break;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 				}
+ 				if (dead)
+ 					continue;
+@@ -4713,11 +4732,6 @@
+ 							mci->mci_mailer->m_eol)
+ 							== SM_IO_EOF)
+ 						break;
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos = 0;
+ 				}
+ 				else
+@@ -4751,11 +4765,6 @@
+ 							mci->mci_mailer->m_eol)
+ 							== SM_IO_EOF)
+ 						continue;
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 
+ 					if (TrafficLogFile != NULL)
+ 					{
+@@ -4817,11 +4826,6 @@
+ 							dead = true;
+ 							continue;
+ 						}
+-						else
+-						{
+-							/* record progress for DATA timeout */
+-							DataProgress = true;
+-						}
+ 						pos++;
+ 						continue;
+ 					}
+@@ -4837,11 +4841,6 @@
+ 						dead = true;
+ 						continue;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 
+ 					if (TrafficLogFile != NULL)
+ 					{
+@@ -4867,11 +4866,6 @@
+ 							mci->mci_mailer->m_eol)
+ 							== SM_IO_EOF)
+ 						continue;
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos = 0;
+ 					ostate = OS_HEAD;
+ 				}
+@@ -4889,11 +4883,6 @@
+ 						dead = true;
+ 						continue;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos++;
+ 					ostate = OS_INLINE;
+ 				}
+@@ -4920,11 +4909,6 @@
+ 					dead = true;
+ 					break;
+ 				}
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 			}
+ 			pos += bp - buf;
+ 		}
+@@ -4934,11 +4918,9 @@
+ 				(void) sm_io_fputs(TrafficLogFile,
+ 						   SM_TIME_DEFAULT,
+ 						   mci->mci_mailer->m_eol);
+-			(void) sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
+-					   mci->mci_mailer->m_eol);
+-
+-			/* record progress for DATA timeout */
+-			DataProgress = true;
++			if (sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
++					   mci->mci_mailer->m_eol) == SM_IO_EOF)
++				goto writeerr;
+ 		}
+ 	}
+ 
+@@ -4948,6 +4930,7 @@
+ 		       qid_printqueue(e->e_dfqgrp, e->e_dfqdir),
+ 		       DATAFL_LETTER, e->e_id);
+ 		ExitStat = EX_IOERR;
++		ioerr = true;
+ 	}
+ 
+ endofmessage:
+@@ -4962,23 +4945,35 @@
+ 	**  offset to match.
+ 	*/
+ 
++	save_errno = errno;
+ 	if (e->e_dfp != NULL)
+ 		(void) bfrewind(e->e_dfp);
+ 
+ 	/* some mailers want extra blank line at end of message */
+ 	if (!dead && bitnset(M_BLANKEND, mci->mci_mailer->m_flags) &&
+ 	    buf[0] != '\0' && buf[0] != '\n')
+-		putline("", mci);
++	{
++		if (!putline("", mci))
++			goto writeerr;
++	}
+ 
+-	(void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);
+-	if (sm_io_error(mci->mci_out) && errno != EPIPE)
++	if (!dead &&
++	    (sm_io_flush(mci->mci_out, SM_TIME_DEFAULT) == SM_IO_EOF ||
++	     (sm_io_error(mci->mci_out) && errno != EPIPE)))
+ 	{
++		save_errno = errno;
+ 		syserr("putbody: write error");
+ 		ExitStat = EX_IOERR;
++		ioerr = true;
+ 	}
+ 
+-	errno = 0;
++	errno = save_errno;
++	return !dead && !ioerr;
++
++  writeerr:
++	return false;
+ }
++
+ /*
+ **  MAILFILE -- Send a message to a file.
+ **
+@@ -5503,14 +5498,14 @@
+ 		}
+ #endif /* MIME7TO8 */
+ 
+-		putfromline(&mcibuf, e);
+-		(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER);
+-		(*e->e_putbody)(&mcibuf, e, NULL);
+-		putline("\n", &mcibuf);
+-		if (sm_io_flush(f, SM_TIME_DEFAULT) != 0 ||
++		if (!putfromline(&mcibuf, e) ||
++		    !(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER) ||
++		    !(*e->e_putbody)(&mcibuf, e, NULL) ||
++		    !putline("\n", &mcibuf) ||
++		    (sm_io_flush(f, SM_TIME_DEFAULT) != 0 ||
+ 		    (SuperSafe != SAFE_NO &&
+ 		     fsync(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL)) < 0) ||
+-		    sm_io_error(f))
++		    sm_io_error(f)))
+ 		{
+ 			setstat(EX_IOERR);
+ #if !NOFTRUNCATE
+@@ -6066,86 +6061,23 @@
+ ssl_retry:
+ 	if ((result = SSL_connect(clt_ssl)) <= 0)
+ 	{
+-		int i;
+-		bool timedout;
+-		time_t left;
+-		time_t now = curtime();
+-		struct timeval tv;
++		int i, ssl_err;
+ 
+-		/* what to do in this case? */
+-		i = SSL_get_error(clt_ssl, result);
++		ssl_err = SSL_get_error(clt_ssl, result);
++		i = tls_retry(clt_ssl, rfd, wfd, tlsstart,
++			TimeOuts.to_starttls, ssl_err, "client");
++		if (i > 0)
++			goto ssl_retry;
+ 
+-		/*
+-		**  For SSL_ERROR_WANT_{READ,WRITE}:
+-		**  There is not a complete SSL record available yet
+-		**  or there is only a partial SSL record removed from
+-		**  the network (socket) buffer into the SSL buffer.
+-		**  The SSL_connect will only succeed when a full
+-		**  SSL record is available (assuming a "real" error
+-		**  doesn't happen). To handle when a "real" error
+-		**  does happen the select is set for exceptions too.
+-		**  The connection may be re-negotiated during this time
+-		**  so both read and write "want errors" need to be handled.
+-		**  A select() exception loops back so that a proper SSL
+-		**  error message can be gotten.
+-		*/
+-
+-		left = TimeOuts.to_starttls - (now - tlsstart);
+-		timedout = left <= 0;
+-		if (!timedout)
+-		{
+-			tv.tv_sec = left;
+-			tv.tv_usec = 0;
+-		}
+-
+-		if (!timedout && FD_SETSIZE > 0 &&
+-		    (rfd >= FD_SETSIZE ||
+-		     (i == SSL_ERROR_WANT_WRITE && wfd >= FD_SETSIZE)))
+-		{
+-			if (LogLevel > 5)
+-			{
+-				sm_syslog(LOG_ERR, e->e_id,
+-					  "STARTTLS=client, error: fd %d/%d too large",
+-					  rfd, wfd);
+-			if (LogLevel > 8)
+-				tlslogerr("client");
+-			}
+-			errno = EINVAL;
+-			goto tlsfail;
+-		}
+-		if (!timedout && i == SSL_ERROR_WANT_READ)
+-		{
+-			fd_set ssl_maskr, ssl_maskx;
+-
+-			FD_ZERO(&ssl_maskr);
+-			FD_SET(rfd, &ssl_maskr);
+-			FD_ZERO(&ssl_maskx);
+-			FD_SET(rfd, &ssl_maskx);
+-			if (select(rfd + 1, &ssl_maskr, NULL, &ssl_maskx, &tv)
+-			    > 0)
+-				goto ssl_retry;
+-		}
+-		if (!timedout && i == SSL_ERROR_WANT_WRITE)
+-		{
+-			fd_set ssl_maskw, ssl_maskx;
+-
+-			FD_ZERO(&ssl_maskw);
+-			FD_SET(wfd, &ssl_maskw);
+-			FD_ZERO(&ssl_maskx);
+-			FD_SET(rfd, &ssl_maskx);
+-			if (select(wfd + 1, NULL, &ssl_maskw, &ssl_maskx, &tv)
+-			    > 0)
+-				goto ssl_retry;
+-		}
+ 		if (LogLevel > 5)
+ 		{
+-			sm_syslog(LOG_ERR, e->e_id,
+-				  "STARTTLS=client, error: connect failed=%d, SSL_error=%d, timedout=%d, errno=%d",
+-				  result, i, (int) timedout, errno);
++			sm_syslog(LOG_WARNING, NOQID,
++				  "STARTTLS=client, error: connect failed=%d, SSL_error=%d, errno=%d, retry=%d",
++				  result, ssl_err, errno, i);
+ 			if (LogLevel > 8)
+ 				tlslogerr("client");
+ 		}
+-tlsfail:
++
+ 		SSL_free(clt_ssl);
+ 		clt_ssl = NULL;
+ 		return EX_SOFTWARE;
+Index: contrib/sendmail/src/headers.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/headers.c,v
+retrieving revision 1.4.2.13
+diff -u -I__FBSDID -r1.4.2.13 headers.c
+--- contrib/sendmail/src/headers.c	22 Feb 2004 04:25:43 -0000	1.4.2.13
++++ contrib/sendmail/src/headers.c	22 Mar 2006 04:23:06 -0000
+@@ -18,7 +18,7 @@
+ 
+ static size_t	fix_mime_header __P((HDR *, ENVELOPE *));
+ static int	priencode __P((char *));
+-static void	put_vanilla_header __P((HDR *, char *, MCI *));
++static bool	put_vanilla_header __P((HDR *, char *, MCI *));
+ 
+ /*
+ **  SETUPHEADERS -- initialize headers in symbol table
+@@ -870,7 +870,6 @@
+ 	char *name;
+ 	register char *sbp;
+ 	register char *p;
+-	int l;
+ 	char hbuf[MAXNAME + 1];
+ 	char sbuf[MAXLINE + 1];
+ 	char mbuf[MAXNAME + 1];
+@@ -879,6 +878,8 @@
+ 	/* XXX do we still need this? sm_syslog() replaces control chars */
+ 	if (msgid != NULL)
+ 	{
++		size_t l;
++
+ 		l = strlen(msgid);
+ 		if (l > sizeof mbuf - 1)
+ 			l = sizeof mbuf - 1;
+@@ -1422,13 +1423,13 @@
+ **		flags -- MIME conversion flags.
+ **
+ **	Returns:
+-**		none.
++**		success
+ **
+ **	Side Effects:
+ **		none.
+ */
+ 
+-void
++bool
+ putheader(mci, hdr, e, flags)
+ 	register MCI *mci;
+ 	HDR *hdr;
+@@ -1563,7 +1564,8 @@
+ 		{
+ 			if (tTd(34, 11))
+ 				sm_dprintf("\n");
+-			put_vanilla_header(h, p, mci);
++			if (!put_vanilla_header(h, p, mci))
++				goto writeerr;
+ 			continue;
+ 		}
+ 
+@@ -1622,7 +1624,8 @@
+ 				/* no other recipient headers: truncate value */
+ 				(void) sm_strlcpyn(obuf, sizeof obuf, 2,
+ 						   h->h_field, ":");
+-				putline(obuf, mci);
++				if (!putline(obuf, mci))
++					goto writeerr;
+ 			}
+ 			continue;
+ 		}
+@@ -1641,7 +1644,8 @@
+ 		}
+ 		else
+ 		{
+-			put_vanilla_header(h, p, mci);
++			if (!put_vanilla_header(h, p, mci))
++				goto writeerr;
+ 		}
+ 	}
+ 
+@@ -1658,18 +1662,25 @@
+ 	    !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) &&
+ 	    hvalue("MIME-Version", e->e_header) == NULL)
+ 	{
+-		putline("MIME-Version: 1.0", mci);
++		if (!putline("MIME-Version: 1.0", mci))
++			goto writeerr;
+ 		if (hvalue("Content-Type", e->e_header) == NULL)
+ 		{
+ 			(void) sm_snprintf(obuf, sizeof obuf,
+ 					"Content-Type: text/plain; charset=%s",
+ 					defcharset(e));
+-			putline(obuf, mci);
++			if (!putline(obuf, mci))
++				goto writeerr;
+ 		}
+-		if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL)
+-			putline("Content-Transfer-Encoding: 8bit", mci);
++		if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL
++		    && !putline("Content-Transfer-Encoding: 8bit", mci))
++			goto writeerr;
+ 	}
+ #endif /* MIME8TO7 */
++	return true;
++
++  writeerr:
++	return false;
+ }
+ /*
+ **  PUT_VANILLA_HEADER -- output a fairly ordinary header
+@@ -1680,10 +1691,10 @@
+ **		mci -- the connection info for output
+ **
+ **	Returns:
+-**		none.
++**		success
+ */
+ 
+-static void
++static bool
+ put_vanilla_header(h, v, mci)
+ 	HDR *h;
+ 	char *v;
+@@ -1714,7 +1725,8 @@
+ 			l = SPACELEFT(obuf, obp) - 1;
+ 
+ 		(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v);
+-		putxline(obuf, strlen(obuf), mci, putflags);
++		if (!putxline(obuf, strlen(obuf), mci, putflags))
++			goto writeerr;
+ 		v += l + 1;
+ 		obp = obuf;
+ 		if (*v != ' ' && *v != '\t')
+@@ -1724,7 +1736,10 @@
+ 	/* XXX This is broken for SPACELEFT()==0 */
+ 	(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
+ 			   (int) (SPACELEFT(obuf, obp) - 1), v);
+-	putxline(obuf, strlen(obuf), mci, putflags);
++	return putxline(obuf, strlen(obuf), mci, putflags);
++
++  writeerr:
++	return false;
+ }
+ /*
+ **  COMMAIZE -- output a header field, making a comma-translated list.
+@@ -1737,13 +1752,13 @@
+ **		e -- the envelope containing the message.
+ **
+ **	Returns:
+-**		none.
++**		success
+ **
+ **	Side Effects:
+ **		outputs "p" to file "fp".
+ */
+ 
+-void
++bool
+ commaize(h, p, oldstyle, mci, e)
+ 	register HDR *h;
+ 	register char *p;
+@@ -1882,13 +1897,6 @@
+ 		}
+ 		name = denlstring(name, false, true);
+ 
+-		/*
+-		**  record data progress so DNS timeouts
+-		**  don't cause DATA timeouts
+-		*/
+-
+-		DataProgress = true;
+-
+ 		/* output the name with nice formatting */
+ 		opos += strlen(name);
+ 		if (!firstone)
+@@ -1896,7 +1904,8 @@
+ 		if (opos > omax && !firstone)
+ 		{
+ 			(void) sm_strlcpy(obp, ",\n", SPACELEFT(obuf, obp));
+-			putxline(obuf, strlen(obuf), mci, putflags);
++			if (!putxline(obuf, strlen(obuf), mci, putflags))
++				goto writeerr;
+ 			obp = obuf;
+ 			(void) sm_strlcpy(obp, "        ", sizeof obuf);
+ 			opos = strlen(obp);
+@@ -1918,8 +1927,12 @@
+ 		*obp = '\0';
+ 	else
+ 		obuf[sizeof obuf - 1] = '\0';
+-	putxline(obuf, strlen(obuf), mci, putflags);
++	return putxline(obuf, strlen(obuf), mci, putflags);
++
++  writeerr:
++	return false;
+ }
++
+ /*
+ **  COPYHEADER -- copy header list
+ **
+Index: contrib/sendmail/src/mime.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/mime.c,v
+retrieving revision 1.1.1.3.2.7
+diff -u -I__FBSDID -r1.1.1.3.2.7 mime.c
+--- contrib/sendmail/src/mime.c	22 Feb 2004 04:25:43 -0000	1.1.1.3.2.7
++++ contrib/sendmail/src/mime.c	22 Mar 2006 04:23:07 -0000
+@@ -86,6 +86,7 @@
+ **		  MBT_FINAL -- the final boundary
+ **		  MBT_INTERMED -- an intermediate boundary
+ **		  MBT_NOTSEP -- an end of file
++**		  SM_IO_EOF -- I/O error occurred
+ */
+ 
+ struct args
+@@ -298,7 +299,8 @@
+ 		mci->mci_flags |= MCIF_INMIME;
+ 
+ 		/* skip the early "comment" prologue */
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		bt = MBT_FINAL;
+ 		while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof buf)
+@@ -307,8 +309,9 @@
+ 			bt = mimeboundary(buf, boundaries);
+ 			if (bt != MBT_NOTSEP)
+ 				break;
+-			putxline(buf, strlen(buf), mci,
+-				 PXLF_MAPFROM|PXLF_STRIP8BIT);
++			if (!putxline(buf, strlen(buf), mci,
++					PXLF_MAPFROM|PXLF_STRIP8BIT))
++				goto writeerr;
+ 			if (tTd(43, 99))
+ 				sm_dprintf("  ...%s", buf);
+ 		}
+@@ -319,19 +322,24 @@
+ 			auto HDR *hdr = NULL;
+ 
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "--", bbuf);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 			if (tTd(43, 35))
+ 				sm_dprintf("  ...%s\n", buf);
+ 			collect(e->e_dfp, false, &hdr, e, false);
+ 			if (tTd(43, 101))
+ 				putline("+++after collect", mci);
+-			putheader(mci, hdr, e, flags);
++			if (!putheader(mci, hdr, e, flags))
++				goto writeerr;
+ 			if (tTd(43, 101))
+ 				putline("+++after putheader", mci);
+ 			bt = mime8to7(mci, hdr, e, boundaries, flags);
++			if (bt == SM_IO_EOF)
++				goto writeerr;
+ 		}
+ 		(void) sm_strlcpyn(buf, sizeof buf, 3, "--", bbuf, "--");
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (tTd(43, 35))
+ 			sm_dprintf("  ...%s\n", buf);
+ 		boundaries[i] = NULL;
+@@ -344,8 +352,9 @@
+ 			bt = mimeboundary(buf, boundaries);
+ 			if (bt != MBT_NOTSEP)
+ 				break;
+-			putxline(buf, strlen(buf), mci,
+-				 PXLF_MAPFROM|PXLF_STRIP8BIT);
++			if (!putxline(buf, strlen(buf), mci,
++					PXLF_MAPFROM|PXLF_STRIP8BIT))
++				goto writeerr;
+ 			if (tTd(43, 99))
+ 				sm_dprintf("  ...%s", buf);
+ 		}
+@@ -373,18 +382,21 @@
+ 		{
+ 			auto HDR *hdr = NULL;
+ 
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 
+ 			mci->mci_flags |= MCIF_INMIME;
+ 			collect(e->e_dfp, false, &hdr, e, false);
+ 			if (tTd(43, 101))
+ 				putline("+++after collect", mci);
+-			putheader(mci, hdr, e, flags);
++			if (!putheader(mci, hdr, e, flags))
++				goto writeerr;
+ 			if (tTd(43, 101))
+ 				putline("+++after putheader", mci);
+ 			if (hvalue("MIME-Version", hdr) == NULL &&
+-			    !bitset(M87F_NO8TO7, flags))
+-				putline("MIME-Version: 1.0", mci);
++			    !bitset(M87F_NO8TO7, flags) &&
++			    !putline("MIME-Version: 1.0", mci))
++				goto writeerr;
+ 			bt = mime8to7(mci, hdr, e, boundaries, flags);
+ 			mci->mci_flags &= ~MCIF_INMIME;
+ 			return bt;
+@@ -480,11 +492,13 @@
+ 
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"Content-Transfer-Encoding: %.200s", cte);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 			if (tTd(43, 36))
+ 				sm_dprintf("  ...%s\n", buf);
+ 		}
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof buf)
+ 			!= NULL)
+@@ -492,7 +506,8 @@
+ 			bt = mimeboundary(buf, boundaries);
+ 			if (bt != MBT_NOTSEP)
+ 				break;
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 		if (sm_io_eof(e->e_dfp))
+ 			bt = MBT_FINAL;
+@@ -505,12 +520,13 @@
+ 
+ 		if (tTd(43, 36))
+ 			sm_dprintf("  ...Content-Transfer-Encoding: base64\n");
+-		putline("Content-Transfer-Encoding: base64", mci);
++		if (!putline("Content-Transfer-Encoding: base64", mci))
++			goto writeerr;
+ 		(void) sm_snprintf(buf, sizeof buf,
+ 			"X-MIME-Autoconverted: from 8bit to base64 by %s id %s",
+ 			MyHostName, e->e_id);
+-		putline(buf, mci);
+-		putline("", mci);
++		if (!putline(buf, mci) || !putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		while ((c1 = mime_getchar_crlf(e->e_dfp, boundaries, &bt)) !=
+ 			SM_IO_EOF)
+@@ -518,7 +534,8 @@
+ 			if (linelen > 71)
+ 			{
+ 				*bp = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 				linelen = 0;
+ 				bp = buf;
+ 			}
+@@ -548,7 +565,8 @@
+ 			*bp++ = Base64Code[c2 & 0x3f];
+ 		}
+ 		*bp = '\0';
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 	}
+ 	else
+ 	{
+@@ -571,12 +589,14 @@
+ 
+ 		if (tTd(43, 36))
+ 			sm_dprintf("  ...Content-Transfer-Encoding: quoted-printable\n");
+-		putline("Content-Transfer-Encoding: quoted-printable", mci);
++		if (!putline("Content-Transfer-Encoding: quoted-printable",
++				mci))
++			goto writeerr;
+ 		(void) sm_snprintf(buf, sizeof buf,
+ 			"X-MIME-Autoconverted: from 8bit to quoted-printable by %s id %s",
+ 			MyHostName, e->e_id);
+-		putline(buf, mci);
+-		putline("", mci);
++		if (!putline(buf, mci) || !putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		fromstate = 0;
+ 		c2 = '\n';
+@@ -598,7 +618,8 @@
+ 					*bp++ = Base16Code['.' & 0x0f];
+ 				}
+ 				*bp = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 				linelen = fromstate = 0;
+ 				bp = buf;
+ 				c2 = c1;
+@@ -627,7 +648,8 @@
+ 					c2 = '\n';
+ 				*bp++ = '=';
+ 				*bp = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 				linelen = fromstate = 0;
+ 				bp = buf;
+ 				if (c2 == '.')
+@@ -665,13 +687,17 @@
+ 		if (linelen > 0 || boundaries[0] != NULL)
+ 		{
+ 			*bp = '\0';
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 	}
+ 	if (tTd(43, 3))
+ 		sm_dprintf("\t\t\tmime8to7=>%s (basic)\n", MimeBoundaryNames[bt]);
+ 	return bt;
++
++  writeerr:
++	return SM_IO_EOF;
+ }
+ /*
+ **  MIME_GETCHAR -- get a character for MIME processing
+@@ -954,7 +980,7 @@
+ **		e -- envelope.
+ **
+ **	Returns:
+-**		none.
++**		true iff body was written successfully
+ */
+ 
+ static char index_64[128] =
+@@ -971,7 +997,7 @@
+ 
+ # define CHAR64(c)  (((c) < 0 || (c) > 127) ? -1 : index_64[(c)])
+ 
+-void
++bool
+ mime7to8(mci, header, e)
+ 	register MCI *mci;
+ 	HDR *header;
+@@ -1004,25 +1030,31 @@
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"Content-Transfer-Encoding: %s", p);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof buf)
+ 			!= NULL)
+-			putline(buf, mci);
+-		return;
++		{
++			if (!putline(buf, mci))
++				goto writeerr;
++		}
++		return true;
+ 	}
+ 	cataddr(pvp, NULL, buf, sizeof buf, '\0');
+ 	cte = sm_rpool_strdup_x(e->e_rpool, buf);
+ 
+ 	mci->mci_flags |= MCIF_INHEADER;
+-	putline("Content-Transfer-Encoding: 8bit", mci);
++	if (!putline("Content-Transfer-Encoding: 8bit", mci))
++		goto writeerr;
+ 	(void) sm_snprintf(buf, sizeof buf,
+ 		"X-MIME-Autoconverted: from %.200s to 8bit by %s id %s",
+ 		cte, MyHostName, e->e_id);
+-	putline(buf, mci);
+-	putline("", mci);
++	if (!putline(buf, mci) || !putline("", mci))
++		goto writeerr;
+ 	mci->mci_flags &= ~MCIF_INHEADER;
+ 
+ 	/*
+@@ -1086,7 +1118,8 @@
+ 		if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE])	\
+ 		{							\
+ 			CHK_EOL;					\
+-			putxline((char *) fbuf, fbufp - fbuf, mci, pxflags); \
++			if (!putxline((char *) fbuf, fbufp - fbuf, mci, pxflags)) \
++				goto writeerr;				\
+ 			pxflags &= ~PXLF_NOADDEOL;			\
+ 			fbufp = fbuf;					\
+ 		}	\
+@@ -1123,8 +1156,11 @@
+ 				continue;
+ 
+ 			if (fbufp - fbuf > 0)
+-				putxline((char *) fbuf, fbufp - fbuf - 1, mci,
+-					 pxflags);
++			{
++				if (!putxline((char *) fbuf, fbufp - fbuf - 1,
++						mci, pxflags))
++					goto writeerr;
++			}
+ 			fbufp = fbuf;
+ 			if (off >= 0 && buf[off] != '\0')
+ 			{
+@@ -1140,7 +1176,8 @@
+ 	if (fbufp > fbuf)
+ 	{
+ 		*fbufp = '\0';
+-		putxline((char *) fbuf, fbufp - fbuf, mci, pxflags);
++		if (!putxline((char *) fbuf, fbufp - fbuf, mci, pxflags))
++			goto writeerr;
+ 	}
+ 
+ 	/*
+@@ -1150,10 +1187,15 @@
+ 	**  but so is auto-converting MIME in the first place.
+ 	*/
+ 
+-	putline("", mci);
++	if (!putline("", mci))
++		goto writeerr;
+ 
+ 	if (tTd(43, 3))
+ 		sm_dprintf("\t\t\tmime7to8 => %s to 8bit done\n", cte);
++	return true;
++
++  writeerr:
++	return false;
+ }
+ /*
+ **  The following is based on Borenstein's "codes.c" module, with simplifying
+Index: contrib/sendmail/src/parseaddr.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/parseaddr.c,v
+retrieving revision 1.1.1.2.6.16
+diff -u -I__FBSDID -r1.1.1.2.6.16 parseaddr.c
+--- contrib/sendmail/src/parseaddr.c	30 Oct 2003 22:31:44 -0000	1.1.1.2.6.16
++++ contrib/sendmail/src/parseaddr.c	22 Mar 2006 04:23:08 -0000
+@@ -1328,7 +1328,7 @@
+ 					/* $&{x} replacement */
+ 					char *mval = macvalue(rp[1], e);
+ 					char **xpvp;
+-					int trsize = 0;
++					size_t trsize = 0;
+ 					static size_t pvpb1_size = 0;
+ 					static char **pvpb1 = NULL;
+ 					char pvpbuf[PSBUFSIZE];
+@@ -1343,7 +1343,7 @@
+ 					/* save the remainder of the input */
+ 					for (xpvp = pvp; *xpvp != NULL; xpvp++)
+ 						trsize += sizeof *xpvp;
+-					if ((size_t) trsize > pvpb1_size)
++					if (trsize > pvpb1_size)
+ 					{
+ 						if (pvpb1 != NULL)
+ 							sm_free(pvpb1);
+@@ -1398,7 +1398,7 @@
+ 		{
+ 			char **hbrvp;
+ 			char **xpvp;
+-			int trsize;
++			size_t trsize;
+ 			char *replac;
+ 			int endtoken;
+ 			STAB *map;
+@@ -1500,7 +1500,7 @@
+ 				*++arg_rvp = NULL;
+ 
+ 			/* save the remainder of the input string */
+-			trsize = (int) (avp - rvp + 1) * sizeof *rvp;
++			trsize = (avp - rvp + 1) * sizeof *rvp;
+ 			memmove((char *) pvpb1, (char *) rvp, trsize);
+ 
+ 			/* look it up */
+@@ -2933,7 +2933,7 @@
+ 	char *logid;
+ {
+ 	char *volatile buf;
+-	int bufsize;
++	size_t bufsize;
+ 	int saveexitstat;
+ 	int volatile rstat = EX_OK;
+ 	char **pvp;
+@@ -3152,7 +3152,7 @@
+ 	int size;
+ {
+ 	char *volatile buf;
+-	int bufsize;
++	size_t bufsize;
+ 	int volatile rstat = EX_OK;
+ 	int rsno;
+ 	bool saveQuickAbort = QuickAbort;
+Index: contrib/sendmail/src/savemail.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/savemail.c,v
+retrieving revision 1.4.2.10
+diff -u -I__FBSDID -r1.4.2.10 savemail.c
+--- contrib/sendmail/src/savemail.c	3 Mar 2003 17:31:15 -0000	1.4.2.10
++++ contrib/sendmail/src/savemail.c	22 Mar 2006 04:23:09 -0000
+@@ -15,7 +15,7 @@
+ 
+ SM_RCSID("@(#)$Id: savemail.c,v 8.299.2.1 2002/10/23 15:08:47 ca Exp $")
+ 
+-static void	errbody __P((MCI *, ENVELOPE *, char *));
++static bool	errbody __P((MCI *, ENVELOPE *, char *));
+ static bool	pruneroute __P((char *));
+ 
+ /*
+@@ -427,12 +427,13 @@
+ 			p = macvalue('g', e);
+ 			macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
+ 
+-			putfromline(&mcibuf, e);
+-			(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER);
+-			(*e->e_putbody)(&mcibuf, e, NULL);
+-			putline("\n", &mcibuf); /* XXX EOL from FileMailer? */
+-			(void) sm_io_flush(fp, SM_TIME_DEFAULT);
+-			if (sm_io_error(fp) ||
++			if (!putfromline(&mcibuf, e) ||
++			    !(*e->e_puthdr)(&mcibuf, e->e_header, e,
++					M87F_OUTER) ||
++			    !(*e->e_putbody)(&mcibuf, e, NULL) ||
++			    !putline("\n", &mcibuf) ||
++			    sm_io_flush(fp, SM_TIME_DEFAULT) == SM_IO_EOF ||
++			    sm_io_error(fp) ||
+ 			    sm_io_close(fp, SM_TIME_DEFAULT) < 0)
+ 				state = ESM_PANIC;
+ 			else
+@@ -727,14 +728,14 @@
+ **		separator -- any possible MIME separator (unused).
+ **
+ **	Returns:
+-**		none
++**		success
+ **
+ **	Side Effects:
+ **		Outputs the body of an error message.
+ */
+ 
+ /* ARGSUSED2 */
+-static void
++static bool
+ errbody(mci, e, separator)
+ 	register MCI *mci;
+ 	register ENVELOPE *e;
+@@ -752,14 +753,16 @@
+ 
+ 	if (bitset(MCIF_INHEADER, mci->mci_flags))
+ 	{
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 	}
+ 	if (e->e_parent == NULL)
+ 	{
+ 		syserr("errbody: null parent");
+-		putline("   ----- Original message lost -----\n", mci);
+-		return;
++		if (!putline("   ----- Original message lost -----\n", mci))
++			goto writeerr;
++		return true;
+ 	}
+ 
+ 	/*
+@@ -768,11 +771,12 @@
+ 
+ 	if (e->e_msgboundary != NULL)
+ 	{
+-		putline("This is a MIME-encapsulated message", mci);
+-		putline("", mci);
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "--", e->e_msgboundary);
+-		putline(buf, mci);
+-		putline("", mci);
++		if (!putline("This is a MIME-encapsulated message", mci) ||
++		    !putline("", mci) ||
++		    !putline(buf, mci) ||
++		    !putline("", mci))
++			goto writeerr;
+ 	}
+ 
+ 	/*
+@@ -794,31 +798,36 @@
+ 	if (!pm_notify && q == NULL &&
+ 	    !bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags))
+ 	{
+-		putline("    **********************************************",
+-			mci);
+-		putline("    **      THIS IS A WARNING MESSAGE ONLY      **",
+-			mci);
+-		putline("    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **",
+-			mci);
+-		putline("    **********************************************",
+-			mci);
+-		putline("", mci);
++		if (!putline("    **********************************************",
++			mci) ||
++		    !putline("    **      THIS IS A WARNING MESSAGE ONLY      **",
++			mci) ||
++		    !putline("    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **",
++			mci) ||
++		    !putline("    **********************************************",
++			mci) ||
++		    !putline("", mci))
++			goto writeerr;
+ 	}
+ 	(void) sm_snprintf(buf, sizeof buf,
+ 		"The original message was received at %s",
+ 		arpadate(ctime(&e->e_parent->e_ctime)));
+-	putline(buf, mci);
++	if (!putline(buf, mci))
++		goto writeerr;
+ 	expand("from \201_", buf, sizeof buf, e->e_parent);
+-	putline(buf, mci);
++	if (!putline(buf, mci))
++		goto writeerr;
+ 
+ 	/* include id in postmaster copies */
+ 	if (pm_notify && e->e_parent->e_id != NULL)
+ 	{
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "with id ",
+ 			e->e_parent->e_id);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 	}
+-	putline("", mci);
++	if (!putline("", mci))
++		goto writeerr;
+ 
+ 	/*
+ 	**  Output error message header (if specified and available).
+@@ -844,17 +853,19 @@
+ 				{
+ 					translate_dollars(buf);
+ 					expand(buf, buf, sizeof buf, e);
+-					putline(buf, mci);
++					if (!putline(buf, mci))
++						goto writeerr;
+ 				}
+ 				(void) sm_io_close(xfile, SM_TIME_DEFAULT);
+-				putline("\n", mci);
++				if (!putline("\n", mci))
++					goto writeerr;
+ 			}
+ 		}
+ 		else
+ 		{
+ 			expand(ErrMsgFile, buf, sizeof buf, e);
+-			putline(buf, mci);
+-			putline("", mci);
++			if (!putline(buf, mci) || !putline("", mci))
++				goto writeerr;
+ 		}
+ 	}
+ 
+@@ -872,21 +883,24 @@
+ 
+ 		if (printheader)
+ 		{
+-			putline("   ----- The following addresses had permanent fatal errors -----",
+-				mci);
++			if (!putline("   ----- The following addresses had permanent fatal errors -----",
++					mci))
++				goto writeerr;
+ 			printheader = false;
+ 		}
+ 
+ 		(void) sm_strlcpy(buf, shortenstring(q->q_paddr, MAXSHORTSTR),
+ 				  sizeof buf);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (q->q_rstatus != NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"    (reason: %s)",
+ 				shortenstring(exitstat(q->q_rstatus),
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 		if (q->q_alias != NULL)
+ 		{
+@@ -894,11 +908,12 @@
+ 				"    (expanded from: %s)",
+ 				shortenstring(q->q_alias->q_paddr,
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+-	if (!printheader)
+-		putline("", mci);
++	if (!printheader && !putline("", mci))
++		goto writeerr;
+ 
+ 	/* transient non-fatal errors */
+ 	printheader = true;
+@@ -912,25 +927,28 @@
+ 
+ 		if (printheader)
+ 		{
+-			putline("   ----- The following addresses had transient non-fatal errors -----",
+-				mci);
++			if (!putline("   ----- The following addresses had transient non-fatal errors -----",
++					mci))
++				goto writeerr;
+ 			printheader = false;
+ 		}
+ 
+ 		(void) sm_strlcpy(buf, shortenstring(q->q_paddr, MAXSHORTSTR),
+ 				  sizeof buf);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (q->q_alias != NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"    (expanded from: %s)",
+ 				shortenstring(q->q_alias->q_paddr,
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+-	if (!printheader)
+-		putline("", mci);
++	if (!printheader && !putline("", mci))
++		goto writeerr;
+ 
+ 	/* successful delivery notifications */
+ 	printheader = true;
+@@ -963,25 +981,28 @@
+ 
+ 		if (printheader)
+ 		{
+-			putline("   ----- The following addresses had successful delivery notifications -----",
+-				mci);
++			if (!putline("   ----- The following addresses had successful delivery notifications -----",
++					mci))
++				goto writeerr;
+ 			printheader = false;
+ 		}
+ 
+ 		(void) sm_snprintf(buf, sizeof buf, "%s  (%s)",
+ 			 shortenstring(q->q_paddr, MAXSHORTSTR), p);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (q->q_alias != NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"    (expanded from: %s)",
+ 				shortenstring(q->q_alias->q_paddr,
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+-	if (!printheader)
+-		putline("", mci);
++	if (!printheader && !putline("", mci))
++		goto writeerr;
+ 
+ 	/*
+ 	**  Output transcript of errors
+@@ -990,8 +1011,9 @@
+ 	(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
+ 	if (e->e_parent->e_xfp == NULL)
+ 	{
+-		putline("   ----- Transcript of session is unavailable -----\n",
+-			mci);
++		if (!putline("   ----- Transcript of session is unavailable -----\n",
++				mci))
++			goto writeerr;
+ 	}
+ 	else
+ 	{
+@@ -1002,11 +1024,12 @@
+ 		while (sm_io_fgets(e->e_parent->e_xfp, SM_TIME_DEFAULT, buf,
+ 				   sizeof buf) != NULL)
+ 		{
+-			if (printheader)
+-				putline("   ----- Transcript of session follows -----\n",
+-					mci);
++			if (printheader && !putline("   ----- Transcript of session follows -----\n",
++						mci))
++				goto writeerr;
+ 			printheader = false;
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+ 	errno = 0;
+@@ -1018,11 +1041,12 @@
+ 
+ 	if (e->e_msgboundary != NULL)
+ 	{
+-		putline("", mci);
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "--", e->e_msgboundary);
+-		putline(buf, mci);
+-		putline("Content-Type: message/delivery-status", mci);
+-		putline("", mci);
++		if (!putline("", mci) ||
++		    !putline(buf, mci) ||
++		    !putline("Content-Type: message/delivery-status", mci) ||
++		    !putline("", mci))
++			goto writeerr;
+ 
+ 		/*
+ 		**  Output per-message information.
+@@ -1034,13 +1058,15 @@
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 					"Original-Envelope-Id: %.800s",
+ 					xuntextify(e->e_parent->e_envid));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/* Reporting-MTA: is us (required) */
+ 		(void) sm_snprintf(buf, sizeof buf,
+ 				   "Reporting-MTA: dns; %.800s", MyHostName);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 
+ 		/* DSN-Gateway: not relevant since we are not translating */
+ 
+@@ -1054,13 +1080,15 @@
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 					"Received-From-MTA: %s; %.800s",
+ 					p, RealHostName);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/* Arrival-Date: -- when it arrived here */
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "Arrival-Date: ",
+ 				arpadate(ctime(&e->e_parent->e_ctime)));
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 
+ 		/* Deliver-By-Date: -- when it should have been delivered */
+ 		if (IS_DLVR_BY(e->e_parent))
+@@ -1071,7 +1099,8 @@
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2,
+ 					"Deliver-By-Date: ",
+ 					arpadate(ctime(&dbyd)));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/*
+@@ -1114,7 +1143,8 @@
+ 			else
+ 				continue;
+ 
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 
+ 			/* Original-Recipient: -- passed from on high */
+ 			if (q->q_orcpt != NULL)
+@@ -1122,7 +1152,8 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						"Original-Recipient: %.800s",
+ 						q->q_orcpt);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Figure out actual recipient */
+@@ -1171,7 +1202,8 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						   "Final-Recipient: %s",
+ 						   q->q_finalrcpt);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* X-Actual-Recipient: -- the real problem address */
+@@ -1182,13 +1214,15 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						   "X-Actual-Recipient: %s",
+ 						   actual);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Action: -- what happened? */
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Action: ",
+ 				action);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			/* Status: -- what _really_ happened? */
+ 			if (q->q_status != NULL)
+@@ -1200,7 +1234,8 @@
+ 			else
+ 				p = "2.0.0";
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Status: ", p);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			/* Remote-MTA: -- who was I talking to? */
+ 			if (q->q_statmta != NULL)
+@@ -1214,7 +1249,8 @@
+ 				p = &buf[strlen(buf) - 1];
+ 				if (*p == '.')
+ 					*p = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Diagnostic-Code: -- actual result from other end */
+@@ -1226,7 +1262,8 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						"Diagnostic-Code: %s; %.800s",
+ 						p, q->q_rstatus);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Last-Attempt-Date: -- fine granularity */
+@@ -1235,7 +1272,8 @@
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2,
+ 					"Last-Attempt-Date: ",
+ 					arpadate(ctime(&q->q_statdate)));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			/* Will-Retry-Until: -- for delayed messages only */
+ 			if (QS_IS_QUEUEUP(q->q_state))
+@@ -1247,7 +1285,8 @@
+ 				(void) sm_strlcpyn(buf, sizeof buf, 2,
+ 					 "Will-Retry-Until: ",
+ 					 arpadate(ctime(&xdate)));
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 		}
+ 	}
+@@ -1257,7 +1296,8 @@
+ 	**  Output text of original message
+ 	*/
+ 
+-	putline("", mci);
++	if (!putline("", mci))
++		goto writeerr;
+ 	if (bitset(EF_HAS_DF, e->e_parent->e_flags))
+ 	{
+ 		sendbody = !bitset(EF_NO_BODY_RETN, e->e_parent->e_flags) &&
+@@ -1265,21 +1305,27 @@
+ 
+ 		if (e->e_msgboundary == NULL)
+ 		{
+-			if (sendbody)
+-				putline("   ----- Original message follows -----\n", mci);
+-			else
+-				putline("   ----- Message header follows -----\n", mci);
++			if (!putline(
++				sendbody
++				? "   ----- Original message follows -----\n"
++				: "   ----- Message header follows -----\n",
++				mci))
++			{
++				goto writeerr;
++			}
+ 		}
+ 		else
+ 		{
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "--",
+ 					e->e_msgboundary);
+ 
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Content-Type: ",
+ 					sendbody ? "message/rfc822"
+ 						 : "text/rfc822-headers");
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			p = hvalue("Content-Transfer-Encoding",
+ 				   e->e_parent->e_header);
+@@ -1293,43 +1339,62 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						"Content-Transfer-Encoding: %s",
+ 						p);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 		}
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		save_errno = errno;
+-		putheader(mci, e->e_parent->e_header, e->e_parent, M87F_OUTER);
++		if (!putheader(mci, e->e_parent->e_header, e->e_parent,
++				M87F_OUTER))
++			goto writeerr;
+ 		errno = save_errno;
+ 		if (sendbody)
+-			putbody(mci, e->e_parent, e->e_msgboundary);
++		{
++			if (!putbody(mci, e->e_parent, e->e_msgboundary))
++				goto writeerr;
++		}
+ 		else if (e->e_msgboundary == NULL)
+ 		{
+-			putline("", mci);
+-			putline("   ----- Message body suppressed -----", mci);
++			if (!putline("", mci) ||
++			    !putline("   ----- Message body suppressed -----",
++					mci))
++			{
++				goto writeerr;
++			}
+ 		}
+ 	}
+ 	else if (e->e_msgboundary == NULL)
+ 	{
+-		putline("  ----- No message was collected -----\n", mci);
++		if (!putline("  ----- No message was collected -----\n", mci))
++			goto writeerr;
+ 	}
+ 
+ 	if (e->e_msgboundary != NULL)
+ 	{
+-		putline("", mci);
+ 		(void) sm_strlcpyn(buf, sizeof buf, 3, "--", e->e_msgboundary,
+ 				   "--");
+-		putline(buf, mci);
++		if (!putline("", mci) || !putline(buf, mci))
++			goto writeerr;
+ 	}
+-	putline("", mci);
+-	(void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);
++	if (!putline("", mci) ||
++	    sm_io_flush(mci->mci_out, SM_TIME_DEFAULT) == SM_IO_EOF)
++			goto writeerr;
+ 
+ 	/*
+ 	**  Cleanup and exit
+ 	*/
+ 
+ 	if (errno != 0)
++	{
++  writeerr:
+ 		syserr("errbody: I/O error");
++		return false;
++	}
++	return true;
+ }
++
+ /*
+ **  SMTPTODSN -- convert SMTP to DSN status code
+ **
+Index: contrib/sendmail/src/sendmail.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sendmail.h,v
+retrieving revision 1.1.1.4.2.18
+diff -u -I__FBSDID -r1.1.1.4.2.18 sendmail.h
+--- contrib/sendmail/src/sendmail.h	22 Feb 2004 04:25:44 -0000	1.1.1.4.2.18
++++ contrib/sendmail/src/sendmail.h	22 Mar 2006 04:23:11 -0000
+@@ -804,12 +804,12 @@
+ /* functions */
+ extern void	addheader __P((char *, char *, int, ENVELOPE *));
+ extern unsigned long	chompheader __P((char *, int, HDR **, ENVELOPE *));
+-extern void	commaize __P((HDR *, char *, bool, MCI *, ENVELOPE *));
++extern bool	commaize __P((HDR *, char *, bool, MCI *, ENVELOPE *));
+ extern HDR	*copyheader __P((HDR *, SM_RPOOL_T *));
+ extern void	eatheader __P((ENVELOPE *, bool, bool));
+ extern char	*hvalue __P((char *, HDR *));
+ extern bool	isheader __P((char *));
+-extern void	putfromline __P((MCI *, ENVELOPE *));
++extern bool	putfromline __P((MCI *, ENVELOPE *));
+ extern void	setupheaders __P((void));
+ 
+ /*
+@@ -864,9 +864,9 @@
+ 	short		e_sendmode;	/* message send mode */
+ 	short		e_errormode;	/* error return mode */
+ 	short		e_timeoutclass;	/* message timeout class */
+-	void		(*e_puthdr)__P((MCI *, HDR *, ENVELOPE *, int));
++	bool		(*e_puthdr)__P((MCI *, HDR *, ENVELOPE *, int));
+ 					/* function to put header of message */
+-	void		(*e_putbody)__P((MCI *, ENVELOPE *, char *));
++	bool		(*e_putbody)__P((MCI *, ENVELOPE *, char *));
+ 					/* function to put body of message */
+ 	ENVELOPE	*e_parent;	/* the message this one encloses */
+ 	ENVELOPE	*e_sibling;	/* the next envelope of interest */
+@@ -965,8 +965,8 @@
+ extern ENVELOPE	*newenvelope __P((ENVELOPE *, ENVELOPE *, SM_RPOOL_T *));
+ extern void	clrsessenvelope __P((ENVELOPE *));
+ extern void	printenvflags __P((ENVELOPE *));
+-extern void	putbody __P((MCI *, ENVELOPE *, char *));
+-extern void	putheader __P((MCI *, HDR *, ENVELOPE *, int));
++extern bool	putbody __P((MCI *, ENVELOPE *, char *));
++extern bool	putheader __P((MCI *, HDR *, ENVELOPE *, int));
+ 
+ /*
+ **  Message priority classes.
+@@ -1591,7 +1591,7 @@
+ #define M87F_NO8TO7		0x0004	/* don't do 8->7 bit conversions */
+ 
+ /* functions */
+-extern void	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
++extern bool	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
+ extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int));
+ 
+ /*
+@@ -2148,7 +2148,6 @@
+ #if !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_)
+ EXTERN bool	ConfigFileRead;	/* configuration file has been read */
+ #endif /* !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_) */
+-EXTERN bool	volatile DataProgress;	/* have we sent anything since last check */
+ EXTERN bool	DisConnected;	/* running with OutChannel redirect to transcript file */
+ EXTERN bool	DontExpandCnames;	/* do not $[...$] expand CNAMEs */
+ EXTERN bool	DontInitGroups;	/* avoid initgroups() because of NIS cost */
+@@ -2513,8 +2512,8 @@
+ extern void	printqueue __P((void));
+ extern void	printrules __P((void));
+ extern pid_t	prog_open __P((char **, int *, ENVELOPE *));
+-extern void	putline __P((char *, MCI *));
+-extern void	putxline __P((char *, size_t, MCI *, int));
++extern bool	putline __P((char *, MCI *));
++extern bool	putxline __P((char *, size_t, MCI *, int));
+ extern void	queueup_macros __P((int, SM_FILE_T *, ENVELOPE *));
+ extern void	readcf __P((char *, bool, ENVELOPE *));
+ extern SIGFUNC_DECL	reapchild __P((int));
+Index: contrib/sendmail/src/sfsasl.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sfsasl.c,v
+retrieving revision 1.1.1.1.2.13
+diff -u -I__FBSDID -r1.1.1.1.2.13 sfsasl.c
+--- contrib/sendmail/src/sfsasl.c	30 Oct 2003 22:31:45 -0000	1.1.1.1.2.13
++++ contrib/sendmail/src/sfsasl.c	22 Mar 2006 04:23:11 -0000
+@@ -516,6 +516,125 @@
+ # define MAX_TLS_IOS	4
+ 
+ /*
++**  TLS_RETRY -- check whether a failed SSL operation can be retried
++**
++**	Parameters:
++**		ssl -- TLS structure
++**		rfd -- read fd
++**		wfd -- write fd
++**		tlsstart -- start time of TLS operation
++**		timeout -- timeout for TLS operation
++**		err -- SSL error
++**		where -- description of operation
++**
++**	Results:
++**		>0 on success
++**		0 on timeout
++**		<0 on error
++*/
++
++int
++tls_retry(ssl, rfd, wfd, tlsstart, timeout, err, where)
++	SSL *ssl;
++	int rfd;
++	int wfd;
++	time_t tlsstart;
++	int timeout;
++	int err;
++	const char *where;
++{
++	int ret;
++	time_t left;
++	time_t now = curtime();
++	struct timeval tv;
++
++	ret = -1;
++
++	/*
++	**  For SSL_ERROR_WANT_{READ,WRITE}:
++	**  There is not a complete SSL record available yet
++	**  or there is only a partial SSL record removed from
++	**  the network (socket) buffer into the SSL buffer.
++	**  The SSL_connect will only succeed when a full
++	**  SSL record is available (assuming a "real" error
++	**  doesn't happen). To handle when a "real" error
++	**  does happen the select is set for exceptions too.
++	**  The connection may be re-negotiated during this time
++	**  so both read and write "want errors" need to be handled.
++	**  A select() exception loops back so that a proper SSL
++	**  error message can be gotten.
++	*/
++
++	left = timeout - (now - tlsstart);
++	if (left <= 0)
++		return 0;	/* timeout */
++	tv.tv_sec = left;
++	tv.tv_usec = 0;
++
++	if (LogLevel > 14)
++	{
++		sm_syslog(LOG_INFO, NOQID,
++			  "STARTTLS=%s, info: fds=%d/%d, err=%d",
++			  where, rfd, wfd, err);
++	}
++
++	if (FD_SETSIZE > 0 &&
++	    ((err == SSL_ERROR_WANT_READ && rfd >= FD_SETSIZE) ||
++	     (err == SSL_ERROR_WANT_WRITE && wfd >= FD_SETSIZE)))
++	{
++		if (LogLevel > 5)
++		{
++			sm_syslog(LOG_ERR, NOQID,
++				  "STARTTLS=%s, error: fd %d/%d too large",
++				  where, rfd, wfd);
++		if (LogLevel > 8)
++			tlslogerr(where);
++		}
++		errno = EINVAL;
++	}
++	else if (err == SSL_ERROR_WANT_READ)
++	{
++		fd_set ssl_maskr, ssl_maskx;
++
++		FD_ZERO(&ssl_maskr);
++		FD_SET(rfd, &ssl_maskr);
++		FD_ZERO(&ssl_maskx);
++		FD_SET(rfd, &ssl_maskx);
++		do
++		{
++			ret = select(rfd + 1, &ssl_maskr, NULL, &ssl_maskx,
++					&tv);
++		} while (ret < 0 && errno == EINTR);
++		if (ret < 0 && errno > 0)
++			ret = -errno;
++	}
++	else if (err == SSL_ERROR_WANT_WRITE)
++	{
++		fd_set ssl_maskw, ssl_maskx;
++
++		FD_ZERO(&ssl_maskw);
++		FD_SET(wfd, &ssl_maskw);
++		FD_ZERO(&ssl_maskx);
++		FD_SET(rfd, &ssl_maskx);
++		do
++		{
++			ret = select(wfd + 1, NULL, &ssl_maskw, &ssl_maskx,
++					&tv);
++		} while (ret < 0 && errno == EINTR);
++		if (ret < 0 && errno > 0)
++			ret = -errno;
++	}
++	return ret;
++}
++
++/* errno to force refill() etc to stop (see IS_IO_ERROR()) */
++#ifdef ETIMEDOUT
++# define SM_ERR_TIMEOUT	ETIMEDOUT
++#else /* ETIMEDOUT */
++# define SM_ERR_TIMEOUT	EIO
++#endif /* ETIMEDOUT */
++
++/*
+ **  TLS_READ -- read secured information for the caller
+ **
+ **	Parameters:
+@@ -536,38 +655,42 @@
+ 	char *buf;
+ 	size_t size;
+ {
+-	int r;
+-	static int again = MAX_TLS_IOS;
++	int r, rfd, wfd, try, ssl_err;
+ 	struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
++	time_t tlsstart;
+ 	char *err;
+ 
++	try = 99;
++	err = NULL;
++	tlsstart = curtime();
++
++  retry:
+ 	r = SSL_read(so->con, (char *) buf, size);
+ 
+ 	if (r > 0)
+-	{
+-		again = MAX_TLS_IOS;
+ 		return r;
+-	}
+ 
+ 	err = NULL;
+-	switch (SSL_get_error(so->con, r))
++	switch (ssl_err = SSL_get_error(so->con, r))
+ 	{
+ 	  case SSL_ERROR_NONE:
+ 	  case SSL_ERROR_ZERO_RETURN:
+-		again = MAX_TLS_IOS;
+ 		break;
+ 	  case SSL_ERROR_WANT_WRITE:
+-		if (--again <= 0)
+-			err = "read W BLOCK";
+-		else
+-			errno = EAGAIN;
+-		break;
++		err = "read W BLOCK";
++		/* FALLTHROUGH */
+ 	  case SSL_ERROR_WANT_READ:
+-		if (--again <= 0)
++		if (err == NULL)
+ 			err = "read R BLOCK";
+-		else
+-			errno = EAGAIN;
++		rfd = SSL_get_rfd(so->con);
++		wfd = SSL_get_wfd(so->con);
++		try = tls_retry(so->con, rfd, wfd, tlsstart,
++				TimeOuts.to_datablock, ssl_err, "read");
++		if (try > 0)
++			goto retry;
++		errno = SM_ERR_TIMEOUT;
+ 		break;
++
+ 	  case SSL_ERROR_WANT_X509_LOOKUP:
+ 		err = "write X BLOCK";
+ 		break;
+@@ -600,15 +723,22 @@
+ 		int save_errno;
+ 
+ 		save_errno = (errno == 0) ? EIO : errno;
+-		again = MAX_TLS_IOS;
+-		if (LogLevel > 9)
++		if (try == 0 && save_errno == SM_ERR_TIMEOUT)
++		{
++			if (LogLevel > 7)
++				sm_syslog(LOG_WARNING, NOQID,
++					  "STARTTLS: read error=timeout");
++		}
++		else if (LogLevel > 8)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: read error=%s (%d), errno=%d, get_error=%s",
++				  "STARTTLS: read error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d",
+ 				  err, r, errno,
+-				  ERR_error_string(ERR_get_error(), NULL));
++				  ERR_error_string(ERR_get_error(), NULL), try,
++				  ssl_err);
+ 		else if (LogLevel > 7)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: read error=%s (%d)", err, r);
++				  "STARTTLS: read error=%s (%d), retry=%d, ssl_err=%d",
++				  err, r, errno, try, ssl_err);
+ 		errno = save_errno;
+ 	}
+ 	return r;
+@@ -635,36 +765,39 @@
+ 	const char *buf;
+ 	size_t size;
+ {
+-	int r;
+-	static int again = MAX_TLS_IOS;
++	int r, rfd, wfd, try, ssl_err;
+ 	struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
++	time_t tlsstart;
+ 	char *err;
+ 
++	try = 99;
++	err = NULL;
++	tlsstart = curtime();
++
++  retry:
+ 	r = SSL_write(so->con, (char *) buf, size);
+ 
+ 	if (r > 0)
+-	{
+-		again = MAX_TLS_IOS;
+ 		return r;
+-	}
+ 	err = NULL;
+-	switch (SSL_get_error(so->con, r))
++	switch (ssl_err = SSL_get_error(so->con, r))
+ 	{
+ 	  case SSL_ERROR_NONE:
+ 	  case SSL_ERROR_ZERO_RETURN:
+-		again = MAX_TLS_IOS;
+ 		break;
+ 	  case SSL_ERROR_WANT_WRITE:
+-		if (--again <= 0)
+-			err = "write W BLOCK";
+-		else
+-			errno = EAGAIN;
+-		break;
++		err = "read W BLOCK";
++		/* FALLTHROUGH */
+ 	  case SSL_ERROR_WANT_READ:
+-		if (--again <= 0)
+-			err = "write R BLOCK";
+-		else
+-			errno = EAGAIN;
++		if (err == NULL)
++			err = "read R BLOCK";
++		rfd = SSL_get_rfd(so->con);
++		wfd = SSL_get_wfd(so->con);
++		try = tls_retry(so->con, rfd, wfd, tlsstart,
++				DATA_PROGRESS_TIMEOUT, ssl_err, "write");
++		if (try > 0)
++			goto retry;
++		errno = SM_ERR_TIMEOUT;
+ 		break;
+ 	  case SSL_ERROR_WANT_X509_LOOKUP:
+ 		err = "write X BLOCK";
+@@ -697,15 +830,22 @@
+ 		int save_errno;
+ 
+ 		save_errno = (errno == 0) ? EIO : errno;
+-		again = MAX_TLS_IOS;
+-		if (LogLevel > 9)
++		if (try == 0 && save_errno == SM_ERR_TIMEOUT)
++		{
++			if (LogLevel > 7)
++				sm_syslog(LOG_WARNING, NOQID,
++					  "STARTTLS: write error=timeout");
++		}
++		else if (LogLevel > 8)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: write error=%s (%d), errno=%d, get_error=%s",
++				  "STARTTLS: write error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d",
+ 				  err, r, errno,
+-				  ERR_error_string(ERR_get_error(), NULL));
++				  ERR_error_string(ERR_get_error(), NULL), try,
++				  ssl_err);
+ 		else if (LogLevel > 7)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: write error=%s (%d)", err, r);
++				  "STARTTLS: write error=%s (%d), errno=%d, retry=%d, ssl_err=%d",
++				  err, r, errno, try, ssl_err);
+ 		errno = save_errno;
+ 	}
+ 	return r;
+Index: contrib/sendmail/src/sfsasl.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sfsasl.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -I__FBSDID -r1.1.1.1.2.2 sfsasl.h
+--- contrib/sendmail/src/sfsasl.h	25 Mar 2002 21:26:05 -0000	1.1.1.1.2.2
++++ contrib/sendmail/src/sfsasl.h	22 Mar 2006 04:23:11 -0000
+@@ -17,6 +17,8 @@
+ #endif /* SASL */
+ 
+ # if STARTTLS
++extern int	tls_retry __P((SSL *, int, int, time_t, int, int,
++				const char *));
+ extern int	sfdctls __P((SM_FILE_T **, SM_FILE_T **, SSL *));
+ # endif /* STARTTLS */
+ 
+Index: contrib/sendmail/src/srvrsmtp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/srvrsmtp.c,v
+retrieving revision 1.1.1.2.6.16
+diff -u -I__FBSDID -r1.1.1.2.6.16 srvrsmtp.c
+--- contrib/sendmail/src/srvrsmtp.c	22 Feb 2004 04:25:44 -0000	1.1.1.2.6.16
++++ contrib/sendmail/src/srvrsmtp.c	22 Mar 2006 04:23:13 -0000
+@@ -1603,91 +1603,23 @@
+   ssl_retry:
+ 			if ((r = SSL_ACC(srv_ssl)) <= 0)
+ 			{
+-				int i;
+-				bool timedout;
+-				time_t left;
+-				time_t now = curtime();
+-				struct timeval tv;
++				int i, ssl_err;
+ 
+-				/* what to do in this case? */
+-				i = SSL_get_error(srv_ssl, r);
++				ssl_err = SSL_get_error(srv_ssl, r);
++				i = tls_retry(srv_ssl, rfd, wfd, tlsstart,
++						TimeOuts.to_starttls, ssl_err,
++						"server");
++				if (i > 0)
++					goto ssl_retry;
+ 
+-				/*
+-				**  For SSL_ERROR_WANT_{READ,WRITE}:
+-				**  There is no SSL record available yet
+-				**  or there is only a partial SSL record
+-				**  removed from the network (socket) buffer
+-				**  into the SSL buffer. The SSL_accept will
+-				**  only succeed when a full SSL record is
+-				**  available (assuming a "real" error
+-				**  doesn't happen). To handle when a "real"
+-				**  error does happen the select is set for
+-				**  exceptions too.
+-				**  The connection may be re-negotiated
+-				**  during this time so both read and write
+-				**  "want errors" need to be handled.
+-				**  A select() exception loops back so that
+-				**  a proper SSL error message can be gotten.
+-				*/
+-
+-				left = TimeOuts.to_starttls - (now - tlsstart);
+-				timedout = left <= 0;
+-				if (!timedout)
+-				{
+-					tv.tv_sec = left;
+-					tv.tv_usec = 0;
+-				}
+-
+-				if (!timedout && FD_SETSIZE > 0 &&
+-				    (rfd >= FD_SETSIZE ||
+-				     (i == SSL_ERROR_WANT_WRITE &&
+-				      wfd >= FD_SETSIZE)))
+-				{
+-					if (LogLevel > 5)
+-					{
+-						sm_syslog(LOG_ERR, NOQID,
+-							  "STARTTLS=server, error: fd %d/%d too large",
+-							  rfd, wfd);
+-						if (LogLevel > 8)
+-							tlslogerr("server");
+-					}
+-					goto tlsfail;
+-				}
+-
+-				/* XXX what about SSL_pending() ? */
+-				if (!timedout && i == SSL_ERROR_WANT_READ)
+-				{
+-					fd_set ssl_maskr, ssl_maskx;
+-
+-					FD_ZERO(&ssl_maskr);
+-					FD_SET(rfd, &ssl_maskr);
+-					FD_ZERO(&ssl_maskx);
+-					FD_SET(rfd, &ssl_maskx);
+-					if (select(rfd + 1, &ssl_maskr, NULL,
+-						   &ssl_maskx, &tv) > 0)
+-						goto ssl_retry;
+-				}
+-				if (!timedout && i == SSL_ERROR_WANT_WRITE)
+-				{
+-					fd_set ssl_maskw, ssl_maskx;
+-
+-					FD_ZERO(&ssl_maskw);
+-					FD_SET(wfd, &ssl_maskw);
+-					FD_ZERO(&ssl_maskx);
+-					FD_SET(rfd, &ssl_maskx);
+-					if (select(wfd + 1, NULL, &ssl_maskw,
+-						   &ssl_maskx, &tv) > 0)
+-						goto ssl_retry;
+-				}
+ 				if (LogLevel > 5)
+ 				{
+ 					sm_syslog(LOG_WARNING, NOQID,
+-						  "STARTTLS=server, error: accept failed=%d, SSL_error=%d, timedout=%d, errno=%d",
+-						  r, i, (int) timedout, errno);
++						  "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d",
++						  r, ssl_err, errno, i);
+ 					if (LogLevel > 8)
+ 						tlslogerr("server");
+ 				}
+-tlsfail:
+ 				tls_ok_srv = false;
+ 				SSL_free(srv_ssl);
+ 				srv_ssl = NULL;
+Index: contrib/sendmail/src/usersmtp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/usersmtp.c,v
+retrieving revision 1.1.1.3.2.13
+diff -u -I__FBSDID -r1.1.1.3.2.13 usersmtp.c
+--- contrib/sendmail/src/usersmtp.c	30 Oct 2003 22:31:45 -0000	1.1.1.3.2.13
++++ contrib/sendmail/src/usersmtp.c	22 Mar 2006 04:23:14 -0000
+@@ -19,7 +19,6 @@
+ 
+ 
+ extern void	markfailure __P((ENVELOPE *, ADDRESS *, MCI *, int, bool));
+-static void	datatimeout __P((void));
+ static void	esmtp_check __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
+ static void	helo_options __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
+ static int	smtprcptstat __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *));
+@@ -2495,9 +2494,6 @@
+ **		exit status corresponding to DATA command.
+ */
+ 
+-static jmp_buf	CtxDataTimeout;
+-static SM_EVENT	*volatile DataTimeout = NULL;
+-
+ int
+ smtpdata(m, mci, e, ctladdr, xstart)
+ 	MAILER *m;
+@@ -2509,7 +2505,7 @@
+ 	register int r;
+ 	int rstat;
+ 	int xstat;
+-	time_t timeout;
++	int timeout;
+ 	char *enhsc;
+ 
+ 	/*
+@@ -2619,43 +2615,22 @@
+ 	**  factor.  The main thing is that it should not be infinite.
+ 	*/
+ 
+-	if (setjmp(CtxDataTimeout) != 0)
+-	{
+-		mci->mci_errno = errno;
+-		mci->mci_state = MCIS_ERROR;
+-		mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
+-
+-		/*
+-		**  If putbody() couldn't finish due to a timeout,
+-		**  rewind it here in the timeout handler.  See
+-		**  comments at the end of putbody() for reasoning.
+-		*/
+-
+-		if (e->e_dfp != NULL)
+-			(void) bfrewind(e->e_dfp);
+-
+-		errno = mci->mci_errno;
+-		syserr("451 4.4.1 timeout writing message to %s", CurHostName);
+-		smtpquit(m, mci, e);
+-		return EX_TEMPFAIL;
+-	}
+-
+ 	if (tTd(18, 101))
+ 	{
+ 		/* simulate a DATA timeout */
+-		timeout = 1;
++		timeout = 10;
+ 	}
+ 	else
+-		timeout = DATA_PROGRESS_TIMEOUT;
+-
+-	DataTimeout = sm_setevent(timeout, datatimeout, 0);
++		timeout = DATA_PROGRESS_TIMEOUT * 1000;
++	sm_io_setinfo(mci->mci_out, SM_IO_WHAT_TIMEOUT, &timeout);
+ 
+ 
+ 	/*
+ 	**  Output the actual message.
+ 	*/
+ 
+-	(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
++	if (!(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER))
++		goto writeerr;
+ 
+ 	if (tTd(18, 101))
+ 	{
+@@ -2663,14 +2638,13 @@
+ 		(void) sleep(2);
+ 	}
+ 
+-	(*e->e_putbody)(mci, e, NULL);
++	if (!(*e->e_putbody)(mci, e, NULL))
++		goto writeerr;
+ 
+ 	/*
+ 	**  Cleanup after sending message.
+ 	*/
+ 
+-	if (DataTimeout != NULL)
+-		sm_clrevent(DataTimeout);
+ 
+ #if PIPELINING
+ 	}
+@@ -2710,7 +2684,9 @@
+ 	}
+ 
+ 	/* terminate the message */
+-	(void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s", m->m_eol);
++	if (sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s", m->m_eol) ==
++								SM_IO_EOF)
++		goto writeerr;
+ 	if (TrafficLogFile != NULL)
+ 		(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
+ 				     "%05d >>> .\n", (int) CurrentPid);
+@@ -2760,50 +2736,27 @@
+ 			  shortenstring(SmtpReplyBuffer, 403));
+ 	}
+ 	return rstat;
+-}
+ 
+-static void
+-datatimeout()
+-{
+-	int save_errno = errno;
++  writeerr:
++	mci->mci_errno = errno;
++	mci->mci_state = MCIS_ERROR;
++	mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
+ 
+ 	/*
+-	**  NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER.  DO NOT ADD
+-	**	ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
+-	**	DOING.
++	**  If putbody() couldn't finish due to a timeout,
++	**  rewind it here in the timeout handler.  See
++	**  comments at the end of putbody() for reasoning.
+ 	*/
+ 
+-	if (DataProgress)
+-	{
+-		time_t timeout;
+-
+-		/* check back again later */
+-		if (tTd(18, 101))
+-		{
+-			/* simulate a DATA timeout */
+-			timeout = 1;
+-		}
+-		else
+-			timeout = DATA_PROGRESS_TIMEOUT;
+-
+-		/* reset the timeout */
+-		DataTimeout = sm_sigsafe_setevent(timeout, datatimeout, 0);
+-		DataProgress = false;
+-	}
+-	else
+-	{
+-		/* event is done */
+-		DataTimeout = NULL;
+-	}
++	if (e->e_dfp != NULL)
++		(void) bfrewind(e->e_dfp);
+ 
+-	/* if no progress was made or problem resetting event, die now */
+-	if (DataTimeout == NULL)
+-	{
+-		errno = ETIMEDOUT;
+-		longjmp(CtxDataTimeout, 1);
+-	}
+-	errno = save_errno;
++	errno = mci->mci_errno;
++	syserr("451 4.4.1 timeout writing message to %s", CurHostName);
++	smtpquit(m, mci, e);
++	return EX_TEMPFAIL;
+ }
++
+ /*
+ **  SMTPGETSTAT -- get status code from DATA in LMTP
+ **
+Index: contrib/sendmail/src/util.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/util.c,v
+retrieving revision 1.1.1.3.2.12
+diff -u -I__FBSDID -r1.1.1.3.2.12 util.c
+--- contrib/sendmail/src/util.c	22 Feb 2004 04:25:44 -0000	1.1.1.3.2.12
++++ contrib/sendmail/src/util.c	22 Mar 2006 04:23:15 -0000
+@@ -910,18 +910,18 @@
+ **		mci -- the mailer connection information.
+ **
+ **	Returns:
+-**		none
++**		true iff line was written successfully
+ **
+ **	Side Effects:
+ **		output of l to mci->mci_out.
+ */
+ 
+-void
++bool
+ putline(l, mci)
+ 	register char *l;
+ 	register MCI *mci;
+ {
+-	putxline(l, strlen(l), mci, PXLF_MAPFROM);
++	return putxline(l, strlen(l), mci, PXLF_MAPFROM);
+ }
+ /*
+ **  PUTXLINE -- putline with flags bits.
+@@ -940,13 +940,13 @@
+ **		    PXLF_NOADDEOL -- don't add an EOL if one wasn't present.
+ **
+ **	Returns:
+-**		none
++**		true iff line was written successfully
+ **
+ **	Side Effects:
+ **		output of l to mci->mci_out.
+ */
+ 
+-void
++bool
+ putxline(l, len, mci, pxflags)
+ 	register char *l;
+ 	size_t len;
+@@ -998,11 +998,6 @@
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+ 					       '.') == SM_IO_EOF)
+ 					dead = true;
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 				if (TrafficLogFile != NULL)
+ 					(void) sm_io_putc(TrafficLogFile,
+ 							  SM_TIME_DEFAULT, '.');
+@@ -1015,11 +1010,6 @@
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+ 					       '>') == SM_IO_EOF)
+ 					dead = true;
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 				if (TrafficLogFile != NULL)
+ 					(void) sm_io_putc(TrafficLogFile,
+ 							  SM_TIME_DEFAULT,
+@@ -1031,16 +1021,11 @@
+ 			while (l < q)
+ 			{
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+-					       (unsigned char) *l++) == SM_IO_EOF)
++				       (unsigned char) *l++) == SM_IO_EOF)
+ 				{
+ 					dead = true;
+ 					break;
+ 				}
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 			}
+ 			if (dead)
+ 				break;
+@@ -1056,11 +1041,6 @@
+ 				dead = true;
+ 				break;
+ 			}
+-			else
+-			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
+-			}
+ 			if (TrafficLogFile != NULL)
+ 			{
+ 				for (l = l_base; l < q; l++)
+@@ -1084,11 +1064,9 @@
+ 		{
+ 			if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, '.') ==
+ 			    SM_IO_EOF)
+-				break;
+-			else
+ 			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
++				dead = true;
++				break;
+ 			}
+ 			if (TrafficLogFile != NULL)
+ 				(void) sm_io_putc(TrafficLogFile,
+@@ -1101,11 +1079,9 @@
+ 		{
+ 			if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, '>') ==
+ 			    SM_IO_EOF)
+-				break;
+-			else
+ 			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
++				dead = true;
++				break;
+ 			}
+ 			if (TrafficLogFile != NULL)
+ 				(void) sm_io_putc(TrafficLogFile,
+@@ -1123,11 +1099,6 @@
+ 				dead = true;
+ 				break;
+ 			}
+-			else
+-			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
+-			}
+ 		}
+ 		if (dead)
+ 			break;
+@@ -1138,11 +1109,9 @@
+ 		if ((!bitset(PXLF_NOADDEOL, pxflags) || !noeol) &&
+ 		    sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
+ 				mci->mci_mailer->m_eol) == SM_IO_EOF)
+-			break;
+-		else
+ 		{
+-			/* record progress for DATA timeout */
+-			DataProgress = true;
++			dead = true;
++			break;
+ 		}
+ 		if (l < end && *l == '\n')
+ 		{
+@@ -1151,11 +1120,9 @@
+ 			{
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+ 					       ' ') == SM_IO_EOF)
+-					break;
+-				else
+ 				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
++					dead = true;
++					break;
+ 				}
+ 
+ 				if (TrafficLogFile != NULL)
+@@ -1164,10 +1131,10 @@
+ 			}
+ 		}
+ 
+-		/* record progress for DATA timeout */
+-		DataProgress = true;
+ 	} while (l < end);
++	return !dead;
+ }
++
+ /*
+ **  XUNLINK -- unlink a file, doing logging as appropriate.
+ **
diff --git a/share/security/patches/SA-06:13/sendmail410.patch.asc b/share/security/patches/SA-06:13/sendmail410.patch.asc
new file mode 100644
index 0000000000..89cf8ee9d2
--- /dev/null
+++ b/share/security/patches/SA-06:13/sendmail410.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2.2 (FreeBSD)
+
+iD8DBQBEISk7FdaIBMps37IRAo8uAJ9A8OU0fSTFUfiGNu9rr3nWk2Z+egCgndTV
+qBvKtrrPNE5sbu/TqduC5TI=
+=QquS
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:13/sendmail411.patch b/share/security/patches/SA-06:13/sendmail411.patch
new file mode 100644
index 0000000000..caa2acd6a4
--- /dev/null
+++ b/share/security/patches/SA-06:13/sendmail411.patch
@@ -0,0 +1,2972 @@
+Index: contrib/sendmail/libsm/fflush.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/libsm/fflush.c,v
+retrieving revision 1.1.1.3
+diff -u -I__FBSDID -r1.1.1.3 fflush.c
+--- contrib/sendmail/libsm/fflush.c	11 Jun 2002 21:11:58 -0000	1.1.1.3
++++ contrib/sendmail/libsm/fflush.c	21 Mar 2006 12:43:09 -0000
+@@ -145,6 +145,7 @@
+ 				return SM_IO_EOF;
+ 			}
+ 			SM_IO_WR_TIMEOUT(fp, fd, *timeout);
++			t = 0;
+ 		}
+ 	}
+ 	return 0;
+Index: contrib/sendmail/libsm/local.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/libsm/local.h,v
+retrieving revision 1.1.1.7
+diff -u -I__FBSDID -r1.1.1.7 local.h
+--- contrib/sendmail/libsm/local.h	1 Aug 2004 01:04:45 -0000	1.1.1.7
++++ contrib/sendmail/libsm/local.h	21 Mar 2006 12:43:09 -0000
+@@ -192,7 +192,7 @@
+ 	else \
+ 	{ \
+ 		(time)->tv_sec = (val) / 1000; \
+-		(time)->tv_usec = ((val) - ((time)->tv_sec * 1000)) * 10; \
++		(time)->tv_usec = ((val) - ((time)->tv_sec * 1000)) * 1000; \
+ 	} \
+ 	if ((val) == SM_TIME_FOREVER) \
+ 	{ \
+@@ -276,7 +276,7 @@
+ 	else \
+ 	{ \
+ 		sm_io_to.tv_sec = (to) / 1000; \
+-		sm_io_to.tv_usec = ((to) - (sm_io_to.tv_sec * 1000)) * 10; \
++		sm_io_to.tv_usec = ((to) - (sm_io_to.tv_sec * 1000)) * 1000; \
+ 	} \
+ 	if (FD_SETSIZE > 0 && (fd) >= FD_SETSIZE) \
+ 	{ \
+@@ -289,8 +289,11 @@
+ 	FD_SET((fd), &sm_io_x_mask); \
+ 	if (gettimeofday(&sm_io_to_before, NULL) < 0) \
+ 		return SM_IO_EOF; \
+-	sm_io_to_sel = select((fd) + 1, NULL, &sm_io_to_mask, &sm_io_x_mask, \
+-			      &sm_io_to); \
++	do \
++	{	\
++		sm_io_to_sel = select((fd) + 1, NULL, &sm_io_to_mask, \
++					&sm_io_x_mask, &sm_io_to); \
++	} while (sm_io_to_sel < 0 && errno == EINTR); \
+ 	if (sm_io_to_sel < 0) \
+ 	{ \
+ 		/* something went wrong, errno set */ \
+@@ -305,10 +308,9 @@
+ 	/* else loop again */ \
+ 	if (gettimeofday(&sm_io_to_after, NULL) < 0) \
+ 		return SM_IO_EOF; \
+-	timersub(&sm_io_to_before, &sm_io_to_after, &sm_io_to_diff); \
+-	timersub(&sm_io_to, &sm_io_to_diff, &sm_io_to); \
+-	(to) -= (sm_io_to.tv_sec * 1000); \
+-	(to) -= (sm_io_to.tv_usec / 10); \
++	timersub(&sm_io_to_after, &sm_io_to_before, &sm_io_to_diff); \
++	(to) -= (sm_io_to_diff.tv_sec * 1000); \
++	(to) -= (sm_io_to_diff.tv_usec / 1000); \
+ 	if ((to) < 0) \
+ 		(to) = 0; \
+ }
+Index: contrib/sendmail/libsm/refill.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/libsm/refill.c,v
+retrieving revision 1.1.1.5
+diff -u -I__FBSDID -r1.1.1.5 refill.c
+--- contrib/sendmail/libsm/refill.c	1 Aug 2004 01:04:45 -0000	1.1.1.5
++++ contrib/sendmail/libsm/refill.c	21 Mar 2006 12:43:09 -0000
+@@ -76,8 +76,11 @@
+ 	FD_SET((fd), &sm_io_x_mask);					\
+ 	if (gettimeofday(&sm_io_to_before, NULL) < 0)			\
+ 		return SM_IO_EOF;					\
+-	(sel_ret) = select((fd) + 1, &sm_io_to_mask, NULL,		\
+-			   &sm_io_x_mask, (to));			\
++	do								\
++	{								\
++		(sel_ret) = select((fd) + 1, &sm_io_to_mask, NULL,	\
++			   	&sm_io_x_mask, (to));			\
++	} while ((sel_ret) < 0 && errno == EINTR);			\
+ 	if ((sel_ret) < 0)						\
+ 	{								\
+ 		/* something went wrong, errno set */			\
+@@ -94,7 +97,7 @@
+ 	/* calulate wall-clock time used */				\
+ 	if (gettimeofday(&sm_io_to_after, NULL) < 0)			\
+ 		return SM_IO_EOF;					\
+-	timersub(&sm_io_to_before, &sm_io_to_after, &sm_io_to_diff);	\
++	timersub(&sm_io_to_after, &sm_io_to_before, &sm_io_to_diff);	\
+ 	timersub((to), &sm_io_to_diff, (to));				\
+ }
+ 
+Index: contrib/sendmail/src/collect.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/collect.c,v
+retrieving revision 1.1.1.19
+diff -u -I__FBSDID -r1.1.1.19 collect.c
+--- contrib/sendmail/src/collect.c	1 Aug 2004 01:04:20 -0000	1.1.1.19
++++ contrib/sendmail/src/collect.c	21 Mar 2006 12:43:10 -0000
+@@ -15,7 +15,6 @@
+ 
+ SM_RCSID("@(#)$Id: collect.c,v 8.254 2004/04/05 18:41:38 ca Exp $")
+ 
+-static void	collecttimeout __P((time_t));
+ static void	eatfrom __P((char *volatile, ENVELOPE *));
+ static void	collect_doheader __P((ENVELOPE *));
+ static SM_FILE_T *collect_dfopen __P((ENVELOPE *));
+@@ -263,10 +262,6 @@
+ **		If data file cannot be created, the process is terminated.
+ */
+ 
+-static jmp_buf	CtxCollectTimeout;
+-static bool	volatile CollectProgress;
+-static SM_EVENT	*volatile CollectTimeout = NULL;
+-
+ /* values for input state machine */
+ #define IS_NORM		0	/* middle of line */
+ #define IS_BOL		1	/* beginning of line */
+@@ -288,27 +283,31 @@
+ 	register ENVELOPE *e;
+ 	bool rsetsize;
+ {
+-	register SM_FILE_T *volatile df;
+-	volatile bool ignrdot;
+-	volatile time_t dbto;
+-	register char *volatile bp;
+-	volatile int c;
+-	volatile bool inputerr;
++	register SM_FILE_T *df;
++	bool ignrdot;
++	time_t dbto;
++	register char *bp;
++	int c;
++	bool inputerr;
+ 	bool headeronly;
+-	char *volatile buf;
+-	volatile int buflen;
+-	volatile int istate;
+-	volatile int mstate;
+-	volatile int hdrslen;
+-	volatile int numhdrs;
+-	volatile int afd;
+-	unsigned char *volatile pbp;
++	char *buf;
++	int buflen;
++	int istate;
++	int mstate;
++	int hdrslen;
++	int numhdrs;
++	int afd;
++	unsigned char *pbp;
+ 	unsigned char peekbuf[8];
+ 	char bufbuf[MAXLINE];
+ 
+ 	df = NULL;
+ 	ignrdot = smtpmode ? false : IgnrDot;
+-	dbto = smtpmode ? TimeOuts.to_datablock : 0;
++
++	/* timeout for I/O functions is in milliseconds */
++	dbto = smtpmode ? (TimeOuts.to_datablock * 1000)
++			: SM_TIME_FOREVER;
++	sm_io_setinfo(fp, SM_IO_WHAT_TIMEOUT, &dbto);
+ 	c = SM_IO_EOF;
+ 	inputerr = false;
+ 	headeronly = hdrp != NULL;
+@@ -320,7 +319,6 @@
+ 	pbp = peekbuf;
+ 	istate = IS_BOL;
+ 	mstate = SaveFrom ? MS_HEADER : MS_UFROM;
+-	CollectProgress = false;
+ 
+ 	/*
+ 	**  Tell ARPANET to go ahead.
+@@ -341,32 +339,6 @@
+ 	**	the larger picture (e.g., header versus body).
+ 	*/
+ 
+-	if (dbto != 0)
+-	{
+-		/* handle possible input timeout */
+-		if (setjmp(CtxCollectTimeout) != 0)
+-		{
+-			if (LogLevel > 2)
+-				sm_syslog(LOG_NOTICE, e->e_id,
+-					  "timeout waiting for input from %s during message collect",
+-					  CURHOSTNAME);
+-			errno = 0;
+-			if (smtpmode)
+-			{
+-				/*
+-				**  Override e_message in usrerr() as this
+-				**  is the reason for failure that should
+-				**  be logged for undelivered recipients.
+-				*/
+-
+-				e->e_message = NULL;
+-			}
+-			usrerr("451 4.4.1 timeout waiting for input during message collect");
+-			goto readerr;
+-		}
+-		CollectTimeout = sm_setevent(dbto, collecttimeout, dbto);
+-	}
+-
+ 	if (rsetsize)
+ 		e->e_msgsize = 0;
+ 	for (;;)
+@@ -390,9 +362,26 @@
+ 						sm_io_clearerr(fp);
+ 						continue;
+ 					}
++
++					/* timeout? */
++					if (c == SM_IO_EOF && errno == EAGAIN
++					    && smtpmode)
++					{
++						/*
++						**  Override e_message in
++						**  usrerr() as this is the
++						**  reason for failure that
++						**  should be logged for
++						**  undelivered recipients.
++						*/
++
++						e->e_message = NULL;
++						errno = 0;
++						inputerr = true;
++						goto readabort;
++					}
+ 					break;
+ 				}
+-				CollectProgress = true;
+ 				if (TrafficLogFile != NULL && !headeronly)
+ 				{
+ 					if (istate == IS_BOL)
+@@ -539,6 +528,18 @@
+ 					buflen *= 2;
+ 				else
+ 					buflen += MEMCHUNKSIZE;
++				if (buflen <= 0)
++				{
++					sm_syslog(LOG_NOTICE, e->e_id,
++						  "header overflow from %s during message collect",
++						  CURHOSTNAME);
++					errno = 0;
++					e->e_flags |= EF_CLRQUEUE;
++					e->e_status = "5.6.0";
++					usrerrenh(e->e_status,
++						  "552 Headers too large");
++					goto discard;
++				}
+ 				buf = xalloc(buflen);
+ 				memmove(buf, obuf, bp - obuf);
+ 				bp = &buf[bp - obuf];
+@@ -582,6 +583,7 @@
+ 					usrerrenh(e->e_status,
+ 						  "552 Headers too large (%d max)",
+ 						  MaxHeadersLength);
++  discard:
+ 					mstate = MS_DISCARD;
+ 				}
+ 			}
+@@ -621,6 +623,24 @@
+ 				sm_io_clearerr(fp);
+ 				errno = 0;
+ 				c = sm_io_getc(fp, SM_TIME_DEFAULT);
++
++				/* timeout? */
++				if (c == SM_IO_EOF && errno == EAGAIN
++				    && smtpmode)
++				{
++					/*
++					**  Override e_message in
++					**  usrerr() as this is the
++					**  reason for failure that
++					**  should be logged for
++					**  undelivered recipients.
++					*/
++
++					e->e_message = NULL;
++					errno = 0;
++					inputerr = true;
++					goto readabort;
++				}
+ 			} while (c == SM_IO_EOF && errno == EINTR);
+ 			if (c != SM_IO_EOF)
+ 				(void) sm_io_ungetc(fp, SM_TIME_DEFAULT, c);
+@@ -630,8 +650,12 @@
+ 				continue;
+ 			}
+ 
+-			/* trim off trailing CRLF or NL */
+ 			SM_ASSERT(bp > buf);
++
++			/* guaranteed by isheader(buf) */
++			SM_ASSERT(*(bp - 1) != '\n' || bp > buf + 1);
++
++			/* trim off trailing CRLF or NL */
+ 			if (*--bp != '\n' || *--bp != '\r')
+ 				bp++;
+ 			*bp = '\0';
+@@ -697,10 +721,6 @@
+ 		inputerr = true;
+ 	}
+ 
+-	/* reset global timer */
+-	if (CollectTimeout != NULL)
+-		sm_clrevent(CollectTimeout);
+-
+ 	if (headeronly)
+ 		return;
+ 
+@@ -786,6 +806,7 @@
+ 	}
+ 
+ 	/* An EOF when running SMTP is an error */
++  readabort:
+ 	if (inputerr && (OpMode == MD_SMTP || OpMode == MD_DAEMON))
+ 	{
+ 		char *host;
+@@ -808,13 +829,14 @@
+ 				problem, host,
+ 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
+ 		if (sm_io_eof(fp))
+-			usrerr("451 4.4.1 collect: %s on connection from %s, from=%s",
++			usrerr("421 4.4.1 collect: %s on connection from %s, from=%s",
+ 				problem, host,
+ 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
+ 		else
+-			syserr("451 4.4.1 collect: %s on connection from %s, from=%s",
++			syserr("421 4.4.1 collect: %s on connection from %s, from=%s",
+ 				problem, host,
+ 				shortenstring(e->e_from.q_paddr, MAXSHORTSTR));
++		flush_errors(true);
+ 
+ 		/* don't return an error indication */
+ 		e->e_to = NULL;
+@@ -907,39 +929,6 @@
+ 	}
+ }
+ 
+-static void
+-collecttimeout(timeout)
+-	time_t timeout;
+-{
+-	int save_errno = errno;
+-
+-	/*
+-	**  NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER.  DO NOT ADD
+-	**	ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
+-	**	DOING.
+-	*/
+-
+-	if (CollectProgress)
+-	{
+-		/* reset the timeout */
+-		CollectTimeout = sm_sigsafe_setevent(timeout, collecttimeout,
+-						     timeout);
+-		CollectProgress = false;
+-	}
+-	else
+-	{
+-		/* event is done */
+-		CollectTimeout = NULL;
+-	}
+-
+-	/* if no progress was made or problem resetting event, die now */
+-	if (CollectTimeout == NULL)
+-	{
+-		errno = ETIMEDOUT;
+-		longjmp(CtxCollectTimeout, 1);
+-	}
+-	errno = save_errno;
+-}
+ /*
+ **  DFERROR -- signal error on writing the data file.
+ **
+Index: contrib/sendmail/src/conf.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/conf.c,v
+retrieving revision 1.26
+diff -u -I__FBSDID -r1.26 conf.c
+--- contrib/sendmail/src/conf.c	1 Aug 2004 01:16:16 -0000	1.26
++++ contrib/sendmail/src/conf.c	21 Mar 2006 12:43:12 -0000
+@@ -5290,8 +5290,8 @@
+ 	va_dcl
+ #endif /* __STDC__ */
+ {
+-	static char *buf = NULL;
+-	static size_t bufsize;
++	char *buf;
++	size_t bufsize;
+ 	char *begin, *end;
+ 	int save_errno;
+ 	int seq = 1;
+@@ -5315,11 +5315,8 @@
+ 	else
+ 		idlen = strlen(id) + SyslogPrefixLen;
+ 
+-	if (buf == NULL)
+-	{
+-		buf = buf0;
+-		bufsize = sizeof buf0;
+-	}
++	buf = buf0;
++	bufsize = sizeof buf0;
+ 
+ 	for (;;)
+ 	{
+@@ -5361,8 +5358,8 @@
+ 			(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+ 					     "%s: %s\n", id, newstring);
+ #endif /* LOG */
+-		if (buf == buf0)
+-			buf = NULL;
++		if (buf != buf0)
++			sm_free(buf);
+ 		errno = save_errno;
+ 		return;
+ 	}
+@@ -5426,8 +5423,8 @@
+ 		(void) sm_io_fprintf(smioerr, SM_TIME_DEFAULT,
+ 				     "%s[%d]: %s\n", id, seq, begin);
+ #endif /* LOG */
+-	if (buf == buf0)
+-		buf = NULL;
++	if (buf != buf0)
++		sm_free(buf);
+ 	errno = save_errno;
+ }
+ /*
+Index: contrib/sendmail/src/deliver.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/deliver.c,v
+retrieving revision 1.1.1.21
+diff -u -I__FBSDID -r1.1.1.21 deliver.c
+--- contrib/sendmail/src/deliver.c	1 Aug 2004 01:04:23 -0000	1.1.1.21
++++ contrib/sendmail/src/deliver.c	21 Mar 2006 12:43:15 -0000
+@@ -3257,16 +3257,33 @@
+ 	}
+ 	else if (!clever)
+ 	{
++		bool ok;
++
+ 		/*
+ 		**  Format and send message.
+ 		*/
+ 
+-		putfromline(mci, e);
+-		(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
+-		(*e->e_putbody)(mci, e, NULL);
++		rcode = EX_OK;
++		errno = 0;
++		ok = putfromline(mci, e);
++		if (ok)
++			ok = (*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
++		if (ok)
++			ok = (*e->e_putbody)(mci, e, NULL);
+ 
+-		/* get the exit status */
++		/*
++		**  Ignore an I/O error that was caused by EPIPE.
++		**  Some broken mailers don't read the entire body
++		**  but just exit() thus causing an I/O error.
++		*/
++
++		if (!ok && (sm_io_error(mci->mci_out) && errno == EPIPE))
++			ok = true;
++
++		/* (always) get the exit status */
+ 		rcode = endmailer(mci, e, pv);
++		if (!ok)
++			rcode = EX_TEMPFAIL;
+ 		if (rcode == EX_TEMPFAIL && SmtpError[0] == '\0')
+ 		{
+ 			/*
+@@ -4414,13 +4431,13 @@
+ **		e -- the envelope.
+ **
+ **	Returns:
+-**		none
++**		true iff line was written successfully
+ **
+ **	Side Effects:
+ **		outputs some text to fp.
+ */
+ 
+-void
++bool
+ putfromline(mci, e)
+ 	register MCI *mci;
+ 	ENVELOPE *e;
+@@ -4430,7 +4447,7 @@
+ 	char xbuf[MAXLINE];
+ 
+ 	if (bitnset(M_NHDR, mci->mci_mailer->m_flags))
+-		return;
++		return true;
+ 
+ 	mci->mci_flags |= MCIF_INHEADER;
+ 
+@@ -4471,8 +4488,9 @@
+ 		}
+ 	}
+ 	expand(template, buf, sizeof buf, e);
+-	putxline(buf, strlen(buf), mci, PXLF_HEADER);
++	return putxline(buf, strlen(buf), mci, PXLF_HEADER);
+ }
++
+ /*
+ **  PUTBODY -- put the body of a message.
+ **
+@@ -4483,7 +4501,7 @@
+ **			not be permitted in the resulting message.
+ **
+ **	Returns:
+-**		none.
++**		true iff message was written successfully
+ **
+ **	Side Effects:
+ **		The message is written onto fp.
+@@ -4494,13 +4512,15 @@
+ #define OS_CR		1	/* read a carriage return */
+ #define OS_INLINE	2	/* putting rest of line */
+ 
+-void
++bool
+ putbody(mci, e, separator)
+ 	register MCI *mci;
+ 	register ENVELOPE *e;
+ 	char *separator;
+ {
+ 	bool dead = false;
++	bool ioerr = false;
++	int save_errno;
+ 	char buf[MAXLINE];
+ #if MIME8TO7
+ 	char *boundaries[MAXMIMENESTING + 1];
+@@ -4530,10 +4550,12 @@
+ 	{
+ 		if (bitset(MCIF_INHEADER, mci->mci_flags))
+ 		{
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 			mci->mci_flags &= ~MCIF_INHEADER;
+ 		}
+-		putline("<<< No Message Collected >>>", mci);
++		if (!putline("<<< No Message Collected >>>", mci))
++			goto writeerr;
+ 		goto endofmessage;
+ 	}
+ 
+@@ -4562,26 +4584,31 @@
+ 		*/
+ 
+ 		/* make sure it looks like a MIME message */
+-		if (hvalue("MIME-Version", e->e_header) == NULL)
+-			putline("MIME-Version: 1.0", mci);
++		if (hvalue("MIME-Version", e->e_header) == NULL &&
++		    !putline("MIME-Version: 1.0", mci))
++			goto writeerr;
+ 
+ 		if (hvalue("Content-Type", e->e_header) == NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 					   "Content-Type: text/plain; charset=%s",
+ 					   defcharset(e));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/* now do the hard work */
+ 		boundaries[0] = NULL;
+ 		mci->mci_flags |= MCIF_INHEADER;
+-		(void) mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER);
++		if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER) ==
++								SM_IO_EOF)
++			goto writeerr;
+ 	}
+ # if MIME7TO8
+ 	else if (bitset(MCIF_CVT7TO8, mci->mci_flags))
+ 	{
+-		(void) mime7to8(mci, e->e_header, e);
++		if (!mime7to8(mci, e->e_header, e))
++			goto writeerr;
+ 	}
+ # endif /* MIME7TO8 */
+ 	else if (MaxMimeHeaderLength > 0 || MaxMimeFieldLength > 0)
+@@ -4603,8 +4630,9 @@
+ 		if (bitset(EF_DONT_MIME, e->e_flags))
+ 			SuprErrs = true;
+ 
+-		(void) mime8to7(mci, e->e_header, e, boundaries,
+-				M87F_OUTER|M87F_NO8TO7);
++		if (mime8to7(mci, e->e_header, e, boundaries,
++				M87F_OUTER|M87F_NO8TO7) == SM_IO_EOF)
++			goto writeerr;
+ 
+ 		/* restore SuprErrs */
+ 		SuprErrs = oldsuprerrs;
+@@ -4624,7 +4652,8 @@
+ 
+ 		if (bitset(MCIF_INHEADER, mci->mci_flags))
+ 		{
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 			mci->mci_flags &= ~MCIF_INHEADER;
+ 		}
+ 
+@@ -4715,11 +4744,6 @@
+ 						dead = true;
+ 						continue;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos++;
+ 				}
+ 				for (xp = buf; xp < bp; xp++)
+@@ -4732,11 +4756,6 @@
+ 						dead = true;
+ 						break;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 				}
+ 				if (dead)
+ 					continue;
+@@ -4747,11 +4766,6 @@
+ 							mci->mci_mailer->m_eol)
+ 							== SM_IO_EOF)
+ 						break;
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos = 0;
+ 				}
+ 				else
+@@ -4785,11 +4799,6 @@
+ 							mci->mci_mailer->m_eol)
+ 							== SM_IO_EOF)
+ 						continue;
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 
+ 					if (TrafficLogFile != NULL)
+ 					{
+@@ -4851,11 +4860,6 @@
+ 							dead = true;
+ 							continue;
+ 						}
+-						else
+-						{
+-							/* record progress for DATA timeout */
+-							DataProgress = true;
+-						}
+ 						pos++;
+ 						continue;
+ 					}
+@@ -4871,11 +4875,6 @@
+ 						dead = true;
+ 						continue;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 
+ 					if (TrafficLogFile != NULL)
+ 					{
+@@ -4901,11 +4900,6 @@
+ 							mci->mci_mailer->m_eol)
+ 							== SM_IO_EOF)
+ 						continue;
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos = 0;
+ 					ostate = OS_HEAD;
+ 				}
+@@ -4923,11 +4917,6 @@
+ 						dead = true;
+ 						continue;
+ 					}
+-					else
+-					{
+-						/* record progress for DATA timeout */
+-						DataProgress = true;
+-					}
+ 					pos++;
+ 					ostate = OS_INLINE;
+ 				}
+@@ -4954,11 +4943,6 @@
+ 					dead = true;
+ 					break;
+ 				}
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 			}
+ 			pos += bp - buf;
+ 		}
+@@ -4968,11 +4952,9 @@
+ 				(void) sm_io_fputs(TrafficLogFile,
+ 						   SM_TIME_DEFAULT,
+ 						   mci->mci_mailer->m_eol);
+-			(void) sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
+-					   mci->mci_mailer->m_eol);
+-
+-			/* record progress for DATA timeout */
+-			DataProgress = true;
++			if (sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
++					   mci->mci_mailer->m_eol) == SM_IO_EOF)
++				goto writeerr;
+ 		}
+ 	}
+ 
+@@ -4982,6 +4964,7 @@
+ 		       qid_printqueue(e->e_dfqgrp, e->e_dfqdir),
+ 		       DATAFL_LETTER, e->e_id);
+ 		ExitStat = EX_IOERR;
++		ioerr = true;
+ 	}
+ 
+ endofmessage:
+@@ -4996,23 +4979,35 @@
+ 	**  offset to match.
+ 	*/
+ 
++	save_errno = errno;
+ 	if (e->e_dfp != NULL)
+ 		(void) bfrewind(e->e_dfp);
+ 
+ 	/* some mailers want extra blank line at end of message */
+ 	if (!dead && bitnset(M_BLANKEND, mci->mci_mailer->m_flags) &&
+ 	    buf[0] != '\0' && buf[0] != '\n')
+-		putline("", mci);
++	{
++		if (!putline("", mci))
++			goto writeerr;
++	}
+ 
+-	(void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);
+-	if (sm_io_error(mci->mci_out) && errno != EPIPE)
++	if (!dead &&
++	    (sm_io_flush(mci->mci_out, SM_TIME_DEFAULT) == SM_IO_EOF ||
++	     (sm_io_error(mci->mci_out) && errno != EPIPE)))
+ 	{
++		save_errno = errno;
+ 		syserr("putbody: write error");
+ 		ExitStat = EX_IOERR;
++		ioerr = true;
+ 	}
+ 
+-	errno = 0;
++	errno = save_errno;
++	return !dead && !ioerr;
++
++  writeerr:
++	return false;
+ }
++
+ /*
+ **  MAILFILE -- Send a message to a file.
+ **
+@@ -5543,14 +5538,14 @@
+ 		}
+ #endif /* MIME7TO8 */
+ 
+-		putfromline(&mcibuf, e);
+-		(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER);
+-		(*e->e_putbody)(&mcibuf, e, NULL);
+-		putline("\n", &mcibuf);
+-		if (sm_io_flush(f, SM_TIME_DEFAULT) != 0 ||
++		if (!putfromline(&mcibuf, e) ||
++		    !(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER) ||
++		    !(*e->e_putbody)(&mcibuf, e, NULL) ||
++		    !putline("\n", &mcibuf) ||
++		    (sm_io_flush(f, SM_TIME_DEFAULT) != 0 ||
+ 		    (SuperSafe != SAFE_NO &&
+ 		     fsync(sm_io_getinfo(f, SM_IO_WHAT_FD, NULL)) < 0) ||
+-		    sm_io_error(f))
++		    sm_io_error(f)))
+ 		{
+ 			setstat(EX_IOERR);
+ #if !NOFTRUNCATE
+@@ -6107,86 +6102,23 @@
+ ssl_retry:
+ 	if ((result = SSL_connect(clt_ssl)) <= 0)
+ 	{
+-		int i;
+-		bool timedout;
+-		time_t left;
+-		time_t now = curtime();
+-		struct timeval tv;
++		int i, ssl_err;
+ 
+-		/* what to do in this case? */
+-		i = SSL_get_error(clt_ssl, result);
++		ssl_err = SSL_get_error(clt_ssl, result);
++		i = tls_retry(clt_ssl, rfd, wfd, tlsstart,
++			TimeOuts.to_starttls, ssl_err, "client");
++		if (i > 0)
++			goto ssl_retry;
+ 
+-		/*
+-		**  For SSL_ERROR_WANT_{READ,WRITE}:
+-		**  There is not a complete SSL record available yet
+-		**  or there is only a partial SSL record removed from
+-		**  the network (socket) buffer into the SSL buffer.
+-		**  The SSL_connect will only succeed when a full
+-		**  SSL record is available (assuming a "real" error
+-		**  doesn't happen). To handle when a "real" error
+-		**  does happen the select is set for exceptions too.
+-		**  The connection may be re-negotiated during this time
+-		**  so both read and write "want errors" need to be handled.
+-		**  A select() exception loops back so that a proper SSL
+-		**  error message can be gotten.
+-		*/
+-
+-		left = TimeOuts.to_starttls - (now - tlsstart);
+-		timedout = left <= 0;
+-		if (!timedout)
+-		{
+-			tv.tv_sec = left;
+-			tv.tv_usec = 0;
+-		}
+-
+-		if (!timedout && FD_SETSIZE > 0 &&
+-		    (rfd >= FD_SETSIZE ||
+-		     (i == SSL_ERROR_WANT_WRITE && wfd >= FD_SETSIZE)))
+-		{
+-			if (LogLevel > 5)
+-			{
+-				sm_syslog(LOG_ERR, e->e_id,
+-					  "STARTTLS=client, error: fd %d/%d too large",
+-					  rfd, wfd);
+-			if (LogLevel > 8)
+-				tlslogerr("client");
+-			}
+-			errno = EINVAL;
+-			goto tlsfail;
+-		}
+-		if (!timedout && i == SSL_ERROR_WANT_READ)
+-		{
+-			fd_set ssl_maskr, ssl_maskx;
+-
+-			FD_ZERO(&ssl_maskr);
+-			FD_SET(rfd, &ssl_maskr);
+-			FD_ZERO(&ssl_maskx);
+-			FD_SET(rfd, &ssl_maskx);
+-			if (select(rfd + 1, &ssl_maskr, NULL, &ssl_maskx, &tv)
+-			    > 0)
+-				goto ssl_retry;
+-		}
+-		if (!timedout && i == SSL_ERROR_WANT_WRITE)
+-		{
+-			fd_set ssl_maskw, ssl_maskx;
+-
+-			FD_ZERO(&ssl_maskw);
+-			FD_SET(wfd, &ssl_maskw);
+-			FD_ZERO(&ssl_maskx);
+-			FD_SET(rfd, &ssl_maskx);
+-			if (select(wfd + 1, NULL, &ssl_maskw, &ssl_maskx, &tv)
+-			    > 0)
+-				goto ssl_retry;
+-		}
+ 		if (LogLevel > 5)
+ 		{
+-			sm_syslog(LOG_ERR, e->e_id,
+-				  "STARTTLS=client, error: connect failed=%d, SSL_error=%d, timedout=%d, errno=%d",
+-				  result, i, (int) timedout, errno);
++			sm_syslog(LOG_WARNING, NOQID,
++				  "STARTTLS=client, error: connect failed=%d, SSL_error=%d, errno=%d, retry=%d",
++				  result, ssl_err, errno, i);
+ 			if (LogLevel > 8)
+ 				tlslogerr("client");
+ 		}
+-tlsfail:
++
+ 		SSL_free(clt_ssl);
+ 		clt_ssl = NULL;
+ 		return EX_SOFTWARE;
+Index: contrib/sendmail/src/headers.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/headers.c,v
+retrieving revision 1.20
+diff -u -I__FBSDID -r1.20 headers.c
+--- contrib/sendmail/src/headers.c	1 Aug 2004 01:16:16 -0000	1.20
++++ contrib/sendmail/src/headers.c	21 Mar 2006 12:43:15 -0000
+@@ -19,7 +19,7 @@
+ static HDR	*allocheader __P((char *, char *, int, SM_RPOOL_T *));
+ static size_t	fix_mime_header __P((HDR *, ENVELOPE *));
+ static int	priencode __P((char *));
+-static void	put_vanilla_header __P((HDR *, char *, MCI *));
++static bool	put_vanilla_header __P((HDR *, char *, MCI *));
+ 
+ /*
+ **  SETUPHEADERS -- initialize headers in symbol table
+@@ -994,7 +994,6 @@
+ 	char *name;
+ 	register char *sbp;
+ 	register char *p;
+-	int l;
+ 	char hbuf[MAXNAME + 1];
+ 	char sbuf[MAXLINE + 1];
+ 	char mbuf[MAXNAME + 1];
+@@ -1003,6 +1002,8 @@
+ 	/* XXX do we still need this? sm_syslog() replaces control chars */
+ 	if (msgid != NULL)
+ 	{
++		size_t l;
++
+ 		l = strlen(msgid);
+ 		if (l > sizeof mbuf - 1)
+ 			l = sizeof mbuf - 1;
+@@ -1542,13 +1543,13 @@
+ **		flags -- MIME conversion flags.
+ **
+ **	Returns:
+-**		none.
++**		success
+ **
+ **	Side Effects:
+ **		none.
+ */
+ 
+-void
++bool
+ putheader(mci, hdr, e, flags)
+ 	register MCI *mci;
+ 	HDR *hdr;
+@@ -1683,7 +1684,8 @@
+ 		{
+ 			if (tTd(34, 11))
+ 				sm_dprintf("\n");
+-			put_vanilla_header(h, p, mci);
++			if (!put_vanilla_header(h, p, mci))
++				goto writeerr;
+ 			continue;
+ 		}
+ 
+@@ -1742,7 +1744,8 @@
+ 				/* no other recipient headers: truncate value */
+ 				(void) sm_strlcpyn(obuf, sizeof obuf, 2,
+ 						   h->h_field, ":");
+-				putline(obuf, mci);
++				if (!putline(obuf, mci))
++					goto writeerr;
+ 			}
+ 			continue;
+ 		}
+@@ -1761,7 +1764,8 @@
+ 		}
+ 		else
+ 		{
+-			put_vanilla_header(h, p, mci);
++			if (!put_vanilla_header(h, p, mci))
++				goto writeerr;
+ 		}
+ 	}
+ 
+@@ -1778,18 +1782,25 @@
+ 	    !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) &&
+ 	    hvalue("MIME-Version", e->e_header) == NULL)
+ 	{
+-		putline("MIME-Version: 1.0", mci);
++		if (!putline("MIME-Version: 1.0", mci))
++			goto writeerr;
+ 		if (hvalue("Content-Type", e->e_header) == NULL)
+ 		{
+ 			(void) sm_snprintf(obuf, sizeof obuf,
+ 					"Content-Type: text/plain; charset=%s",
+ 					defcharset(e));
+-			putline(obuf, mci);
++			if (!putline(obuf, mci))
++				goto writeerr;
+ 		}
+-		if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL)
+-			putline("Content-Transfer-Encoding: 8bit", mci);
++		if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL
++		    && !putline("Content-Transfer-Encoding: 8bit", mci))
++			goto writeerr;
+ 	}
+ #endif /* MIME8TO7 */
++	return true;
++
++  writeerr:
++	return false;
+ }
+ /*
+ **  PUT_VANILLA_HEADER -- output a fairly ordinary header
+@@ -1800,10 +1811,10 @@
+ **		mci -- the connection info for output
+ **
+ **	Returns:
+-**		none.
++**		success
+ */
+ 
+-static void
++static bool
+ put_vanilla_header(h, v, mci)
+ 	HDR *h;
+ 	char *v;
+@@ -1834,7 +1845,8 @@
+ 			l = SPACELEFT(obuf, obp) - 1;
+ 
+ 		(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v);
+-		putxline(obuf, strlen(obuf), mci, putflags);
++		if (!putxline(obuf, strlen(obuf), mci, putflags))
++			goto writeerr;
+ 		v += l + 1;
+ 		obp = obuf;
+ 		if (*v != ' ' && *v != '\t')
+@@ -1844,7 +1856,10 @@
+ 	/* XXX This is broken for SPACELEFT()==0 */
+ 	(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
+ 			   (int) (SPACELEFT(obuf, obp) - 1), v);
+-	putxline(obuf, strlen(obuf), mci, putflags);
++	return putxline(obuf, strlen(obuf), mci, putflags);
++
++  writeerr:
++	return false;
+ }
+ /*
+ **  COMMAIZE -- output a header field, making a comma-translated list.
+@@ -1857,13 +1872,13 @@
+ **		e -- the envelope containing the message.
+ **
+ **	Returns:
+-**		none.
++**		success
+ **
+ **	Side Effects:
+ **		outputs "p" to file "fp".
+ */
+ 
+-void
++bool
+ commaize(h, p, oldstyle, mci, e)
+ 	register HDR *h;
+ 	register char *p;
+@@ -2002,13 +2017,6 @@
+ 		}
+ 		name = denlstring(name, false, true);
+ 
+-		/*
+-		**  record data progress so DNS timeouts
+-		**  don't cause DATA timeouts
+-		*/
+-
+-		DataProgress = true;
+-
+ 		/* output the name with nice formatting */
+ 		opos += strlen(name);
+ 		if (!firstone)
+@@ -2016,7 +2024,8 @@
+ 		if (opos > omax && !firstone)
+ 		{
+ 			(void) sm_strlcpy(obp, ",\n", SPACELEFT(obuf, obp));
+-			putxline(obuf, strlen(obuf), mci, putflags);
++			if (!putxline(obuf, strlen(obuf), mci, putflags))
++				goto writeerr;
+ 			obp = obuf;
+ 			(void) sm_strlcpy(obp, "        ", sizeof obuf);
+ 			opos = strlen(obp);
+@@ -2038,8 +2047,12 @@
+ 		*obp = '\0';
+ 	else
+ 		obuf[sizeof obuf - 1] = '\0';
+-	putxline(obuf, strlen(obuf), mci, putflags);
++	return putxline(obuf, strlen(obuf), mci, putflags);
++
++  writeerr:
++	return false;
+ }
++
+ /*
+ **  COPYHEADER -- copy header list
+ **
+Index: contrib/sendmail/src/mime.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/mime.c,v
+retrieving revision 1.1.1.12
+diff -u -I__FBSDID -r1.1.1.12 mime.c
+--- contrib/sendmail/src/mime.c	1 Aug 2004 01:04:28 -0000	1.1.1.12
++++ contrib/sendmail/src/mime.c	21 Mar 2006 12:43:16 -0000
+@@ -86,6 +86,7 @@
+ **		  MBT_FINAL -- the final boundary
+ **		  MBT_INTERMED -- an intermediate boundary
+ **		  MBT_NOTSEP -- an end of file
++**		  SM_IO_EOF -- I/O error occurred
+ */
+ 
+ struct args
+@@ -298,7 +299,8 @@
+ 		mci->mci_flags |= MCIF_INMIME;
+ 
+ 		/* skip the early "comment" prologue */
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		bt = MBT_FINAL;
+ 		while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof buf)
+@@ -307,8 +309,9 @@
+ 			bt = mimeboundary(buf, boundaries);
+ 			if (bt != MBT_NOTSEP)
+ 				break;
+-			putxline(buf, strlen(buf), mci,
+-				 PXLF_MAPFROM|PXLF_STRIP8BIT);
++			if (!putxline(buf, strlen(buf), mci,
++					PXLF_MAPFROM|PXLF_STRIP8BIT))
++				goto writeerr;
+ 			if (tTd(43, 99))
+ 				sm_dprintf("  ...%s", buf);
+ 		}
+@@ -319,19 +322,24 @@
+ 			auto HDR *hdr = NULL;
+ 
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "--", bbuf);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 			if (tTd(43, 35))
+ 				sm_dprintf("  ...%s\n", buf);
+ 			collect(e->e_dfp, false, &hdr, e, false);
+ 			if (tTd(43, 101))
+ 				putline("+++after collect", mci);
+-			putheader(mci, hdr, e, flags);
++			if (!putheader(mci, hdr, e, flags))
++				goto writeerr;
+ 			if (tTd(43, 101))
+ 				putline("+++after putheader", mci);
+ 			bt = mime8to7(mci, hdr, e, boundaries, flags);
++			if (bt == SM_IO_EOF)
++				goto writeerr;
+ 		}
+ 		(void) sm_strlcpyn(buf, sizeof buf, 3, "--", bbuf, "--");
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (tTd(43, 35))
+ 			sm_dprintf("  ...%s\n", buf);
+ 		boundaries[i] = NULL;
+@@ -344,8 +352,9 @@
+ 			bt = mimeboundary(buf, boundaries);
+ 			if (bt != MBT_NOTSEP)
+ 				break;
+-			putxline(buf, strlen(buf), mci,
+-				 PXLF_MAPFROM|PXLF_STRIP8BIT);
++			if (!putxline(buf, strlen(buf), mci,
++					PXLF_MAPFROM|PXLF_STRIP8BIT))
++				goto writeerr;
+ 			if (tTd(43, 99))
+ 				sm_dprintf("  ...%s", buf);
+ 		}
+@@ -373,18 +382,21 @@
+ 		{
+ 			auto HDR *hdr = NULL;
+ 
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 
+ 			mci->mci_flags |= MCIF_INMIME;
+ 			collect(e->e_dfp, false, &hdr, e, false);
+ 			if (tTd(43, 101))
+ 				putline("+++after collect", mci);
+-			putheader(mci, hdr, e, flags);
++			if (!putheader(mci, hdr, e, flags))
++				goto writeerr;
+ 			if (tTd(43, 101))
+ 				putline("+++after putheader", mci);
+ 			if (hvalue("MIME-Version", hdr) == NULL &&
+-			    !bitset(M87F_NO8TO7, flags))
+-				putline("MIME-Version: 1.0", mci);
++			    !bitset(M87F_NO8TO7, flags) &&
++			    !putline("MIME-Version: 1.0", mci))
++				goto writeerr;
+ 			bt = mime8to7(mci, hdr, e, boundaries, flags);
+ 			mci->mci_flags &= ~MCIF_INMIME;
+ 			return bt;
+@@ -480,11 +492,13 @@
+ 
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"Content-Transfer-Encoding: %.200s", cte);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 			if (tTd(43, 36))
+ 				sm_dprintf("  ...%s\n", buf);
+ 		}
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof buf)
+ 			!= NULL)
+@@ -492,7 +506,8 @@
+ 			bt = mimeboundary(buf, boundaries);
+ 			if (bt != MBT_NOTSEP)
+ 				break;
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 		if (sm_io_eof(e->e_dfp))
+ 			bt = MBT_FINAL;
+@@ -505,12 +520,13 @@
+ 
+ 		if (tTd(43, 36))
+ 			sm_dprintf("  ...Content-Transfer-Encoding: base64\n");
+-		putline("Content-Transfer-Encoding: base64", mci);
++		if (!putline("Content-Transfer-Encoding: base64", mci))
++			goto writeerr;
+ 		(void) sm_snprintf(buf, sizeof buf,
+ 			"X-MIME-Autoconverted: from 8bit to base64 by %s id %s",
+ 			MyHostName, e->e_id);
+-		putline(buf, mci);
+-		putline("", mci);
++		if (!putline(buf, mci) || !putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		while ((c1 = mime_getchar_crlf(e->e_dfp, boundaries, &bt)) !=
+ 			SM_IO_EOF)
+@@ -518,7 +534,8 @@
+ 			if (linelen > 71)
+ 			{
+ 				*bp = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 				linelen = 0;
+ 				bp = buf;
+ 			}
+@@ -548,7 +565,8 @@
+ 			*bp++ = Base64Code[c2 & 0x3f];
+ 		}
+ 		*bp = '\0';
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 	}
+ 	else
+ 	{
+@@ -571,12 +589,14 @@
+ 
+ 		if (tTd(43, 36))
+ 			sm_dprintf("  ...Content-Transfer-Encoding: quoted-printable\n");
+-		putline("Content-Transfer-Encoding: quoted-printable", mci);
++		if (!putline("Content-Transfer-Encoding: quoted-printable",
++				mci))
++			goto writeerr;
+ 		(void) sm_snprintf(buf, sizeof buf,
+ 			"X-MIME-Autoconverted: from 8bit to quoted-printable by %s id %s",
+ 			MyHostName, e->e_id);
+-		putline(buf, mci);
+-		putline("", mci);
++		if (!putline(buf, mci) || !putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		fromstate = 0;
+ 		c2 = '\n';
+@@ -598,7 +618,8 @@
+ 					*bp++ = Base16Code['.' & 0x0f];
+ 				}
+ 				*bp = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 				linelen = fromstate = 0;
+ 				bp = buf;
+ 				c2 = c1;
+@@ -627,7 +648,8 @@
+ 					c2 = '\n';
+ 				*bp++ = '=';
+ 				*bp = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 				linelen = fromstate = 0;
+ 				bp = buf;
+ 				if (c2 == '.')
+@@ -665,13 +687,17 @@
+ 		if (linelen > 0 || boundaries[0] != NULL)
+ 		{
+ 			*bp = '\0';
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 	}
+ 	if (tTd(43, 3))
+ 		sm_dprintf("\t\t\tmime8to7=>%s (basic)\n", MimeBoundaryNames[bt]);
+ 	return bt;
++
++  writeerr:
++	return SM_IO_EOF;
+ }
+ /*
+ **  MIME_GETCHAR -- get a character for MIME processing
+@@ -954,7 +980,7 @@
+ **		e -- envelope.
+ **
+ **	Returns:
+-**		none.
++**		true iff body was written successfully
+ */
+ 
+ static char index_64[128] =
+@@ -971,7 +997,7 @@
+ 
+ # define CHAR64(c)  (((c) < 0 || (c) > 127) ? -1 : index_64[(c)])
+ 
+-void
++bool
+ mime7to8(mci, header, e)
+ 	register MCI *mci;
+ 	HDR *header;
+@@ -1004,25 +1030,31 @@
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"Content-Transfer-Encoding: %s", p);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 		while (sm_io_fgets(e->e_dfp, SM_TIME_DEFAULT, buf, sizeof buf)
+ 			!= NULL)
+-			putline(buf, mci);
+-		return;
++		{
++			if (!putline(buf, mci))
++				goto writeerr;
++		}
++		return true;
+ 	}
+ 	cataddr(pvp, NULL, buf, sizeof buf, '\0');
+ 	cte = sm_rpool_strdup_x(e->e_rpool, buf);
+ 
+ 	mci->mci_flags |= MCIF_INHEADER;
+-	putline("Content-Transfer-Encoding: 8bit", mci);
++	if (!putline("Content-Transfer-Encoding: 8bit", mci))
++		goto writeerr;
+ 	(void) sm_snprintf(buf, sizeof buf,
+ 		"X-MIME-Autoconverted: from %.200s to 8bit by %s id %s",
+ 		cte, MyHostName, e->e_id);
+-	putline(buf, mci);
+-	putline("", mci);
++	if (!putline(buf, mci) || !putline("", mci))
++		goto writeerr;
+ 	mci->mci_flags &= ~MCIF_INHEADER;
+ 
+ 	/*
+@@ -1086,7 +1118,8 @@
+ 		if (*fbufp++ == '\n' || fbufp >= &fbuf[MAXLINE])	\
+ 		{							\
+ 			CHK_EOL;					\
+-			putxline((char *) fbuf, fbufp - fbuf, mci, pxflags); \
++			if (!putxline((char *) fbuf, fbufp - fbuf, mci, pxflags)) \
++				goto writeerr;				\
+ 			pxflags &= ~PXLF_NOADDEOL;			\
+ 			fbufp = fbuf;					\
+ 		}	\
+@@ -1123,8 +1156,11 @@
+ 				continue;
+ 
+ 			if (fbufp - fbuf > 0)
+-				putxline((char *) fbuf, fbufp - fbuf - 1, mci,
+-					 pxflags);
++			{
++				if (!putxline((char *) fbuf, fbufp - fbuf - 1,
++						mci, pxflags))
++					goto writeerr;
++			}
+ 			fbufp = fbuf;
+ 			if (off >= 0 && buf[off] != '\0')
+ 			{
+@@ -1140,7 +1176,8 @@
+ 	if (fbufp > fbuf)
+ 	{
+ 		*fbufp = '\0';
+-		putxline((char *) fbuf, fbufp - fbuf, mci, pxflags);
++		if (!putxline((char *) fbuf, fbufp - fbuf, mci, pxflags))
++			goto writeerr;
+ 	}
+ 
+ 	/*
+@@ -1150,10 +1187,15 @@
+ 	**  but so is auto-converting MIME in the first place.
+ 	*/
+ 
+-	putline("", mci);
++	if (!putline("", mci))
++		goto writeerr;
+ 
+ 	if (tTd(43, 3))
+ 		sm_dprintf("\t\t\tmime7to8 => %s to 8bit done\n", cte);
++	return true;
++
++  writeerr:
++	return false;
+ }
+ /*
+ **  The following is based on Borenstein's "codes.c" module, with simplifying
+Index: contrib/sendmail/src/parseaddr.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/parseaddr.c,v
+retrieving revision 1.1.1.20
+diff -u -I__FBSDID -r1.1.1.20 parseaddr.c
+--- contrib/sendmail/src/parseaddr.c	1 Aug 2004 01:04:28 -0000	1.1.1.20
++++ contrib/sendmail/src/parseaddr.c	21 Mar 2006 12:43:17 -0000
+@@ -1337,7 +1337,7 @@
+ 					/* $&{x} replacement */
+ 					char *mval = macvalue(rp[1], e);
+ 					char **xpvp;
+-					int trsize = 0;
++					size_t trsize = 0;
+ 					static size_t pvpb1_size = 0;
+ 					static char **pvpb1 = NULL;
+ 					char pvpbuf[PSBUFSIZE];
+@@ -1352,7 +1352,7 @@
+ 					/* save the remainder of the input */
+ 					for (xpvp = pvp; *xpvp != NULL; xpvp++)
+ 						trsize += sizeof *xpvp;
+-					if ((size_t) trsize > pvpb1_size)
++					if (trsize > pvpb1_size)
+ 					{
+ 						if (pvpb1 != NULL)
+ 							sm_free(pvpb1);
+@@ -1407,7 +1407,7 @@
+ 		{
+ 			char **hbrvp;
+ 			char **xpvp;
+-			int trsize;
++			size_t trsize;
+ 			char *replac;
+ 			int endtoken;
+ 			STAB *map;
+@@ -1509,7 +1509,7 @@
+ 				*++arg_rvp = NULL;
+ 
+ 			/* save the remainder of the input string */
+-			trsize = (int) (avp - rvp + 1) * sizeof *rvp;
++			trsize = (avp - rvp + 1) * sizeof *rvp;
+ 			memmove((char *) pvpb1, (char *) rvp, trsize);
+ 
+ 			/* look it up */
+@@ -2936,7 +2936,7 @@
+ 	char *logid;
+ {
+ 	char *volatile buf;
+-	int bufsize;
++	size_t bufsize;
+ 	int saveexitstat;
+ 	int volatile rstat = EX_OK;
+ 	char **pvp;
+@@ -3150,7 +3150,7 @@
+ 	int size;
+ {
+ 	char *volatile buf;
+-	int bufsize;
++	size_t bufsize;
+ 	int volatile rstat = EX_OK;
+ 	int rsno;
+ 	bool saveQuickAbort = QuickAbort;
+Index: contrib/sendmail/src/savemail.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/savemail.c,v
+retrieving revision 1.16
+diff -u -I__FBSDID -r1.16 savemail.c
+--- contrib/sendmail/src/savemail.c	1 Aug 2004 01:16:16 -0000	1.16
++++ contrib/sendmail/src/savemail.c	21 Mar 2006 12:43:18 -0000
+@@ -15,7 +15,7 @@
+ 
+ SM_RCSID("@(#)$Id: savemail.c,v 8.303 2004/01/14 02:56:51 ca Exp $")
+ 
+-static void	errbody __P((MCI *, ENVELOPE *, char *));
++static bool	errbody __P((MCI *, ENVELOPE *, char *));
+ static bool	pruneroute __P((char *));
+ 
+ /*
+@@ -432,12 +432,13 @@
+ 			p = macvalue('g', e);
+ 			macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
+ 
+-			putfromline(&mcibuf, e);
+-			(*e->e_puthdr)(&mcibuf, e->e_header, e, M87F_OUTER);
+-			(*e->e_putbody)(&mcibuf, e, NULL);
+-			putline("\n", &mcibuf); /* XXX EOL from FileMailer? */
+-			(void) sm_io_flush(fp, SM_TIME_DEFAULT);
+-			if (sm_io_error(fp) ||
++			if (!putfromline(&mcibuf, e) ||
++			    !(*e->e_puthdr)(&mcibuf, e->e_header, e,
++					M87F_OUTER) ||
++			    !(*e->e_putbody)(&mcibuf, e, NULL) ||
++			    !putline("\n", &mcibuf) ||
++			    sm_io_flush(fp, SM_TIME_DEFAULT) == SM_IO_EOF ||
++			    sm_io_error(fp) ||
+ 			    sm_io_close(fp, SM_TIME_DEFAULT) < 0)
+ 				state = ESM_PANIC;
+ 			else
+@@ -732,14 +733,14 @@
+ **		separator -- any possible MIME separator (unused).
+ **
+ **	Returns:
+-**		none
++**		success
+ **
+ **	Side Effects:
+ **		Outputs the body of an error message.
+ */
+ 
+ /* ARGSUSED2 */
+-static void
++static bool
+ errbody(mci, e, separator)
+ 	register MCI *mci;
+ 	register ENVELOPE *e;
+@@ -757,14 +758,16 @@
+ 
+ 	if (bitset(MCIF_INHEADER, mci->mci_flags))
+ 	{
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		mci->mci_flags &= ~MCIF_INHEADER;
+ 	}
+ 	if (e->e_parent == NULL)
+ 	{
+ 		syserr("errbody: null parent");
+-		putline("   ----- Original message lost -----\n", mci);
+-		return;
++		if (!putline("   ----- Original message lost -----\n", mci))
++			goto writeerr;
++		return true;
+ 	}
+ 
+ 	/*
+@@ -773,11 +776,12 @@
+ 
+ 	if (e->e_msgboundary != NULL)
+ 	{
+-		putline("This is a MIME-encapsulated message", mci);
+-		putline("", mci);
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "--", e->e_msgboundary);
+-		putline(buf, mci);
+-		putline("", mci);
++		if (!putline("This is a MIME-encapsulated message", mci) ||
++		    !putline("", mci) ||
++		    !putline(buf, mci) ||
++		    !putline("", mci))
++			goto writeerr;
+ 	}
+ 
+ 	/*
+@@ -799,31 +803,36 @@
+ 	if (!pm_notify && q == NULL &&
+ 	    !bitset(EF_FATALERRS|EF_SENDRECEIPT, e->e_parent->e_flags))
+ 	{
+-		putline("    **********************************************",
+-			mci);
+-		putline("    **      THIS IS A WARNING MESSAGE ONLY      **",
+-			mci);
+-		putline("    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **",
+-			mci);
+-		putline("    **********************************************",
+-			mci);
+-		putline("", mci);
++		if (!putline("    **********************************************",
++			mci) ||
++		    !putline("    **      THIS IS A WARNING MESSAGE ONLY      **",
++			mci) ||
++		    !putline("    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **",
++			mci) ||
++		    !putline("    **********************************************",
++			mci) ||
++		    !putline("", mci))
++			goto writeerr;
+ 	}
+ 	(void) sm_snprintf(buf, sizeof buf,
+ 		"The original message was received at %s",
+ 		arpadate(ctime(&e->e_parent->e_ctime)));
+-	putline(buf, mci);
++	if (!putline(buf, mci))
++		goto writeerr;
+ 	expand("from \201_", buf, sizeof buf, e->e_parent);
+-	putline(buf, mci);
++	if (!putline(buf, mci))
++		goto writeerr;
+ 
+ 	/* include id in postmaster copies */
+ 	if (pm_notify && e->e_parent->e_id != NULL)
+ 	{
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "with id ",
+ 			e->e_parent->e_id);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 	}
+-	putline("", mci);
++	if (!putline("", mci))
++		goto writeerr;
+ 
+ 	/*
+ 	**  Output error message header (if specified and available).
+@@ -849,17 +858,19 @@
+ 				{
+ 					translate_dollars(buf);
+ 					expand(buf, buf, sizeof buf, e);
+-					putline(buf, mci);
++					if (!putline(buf, mci))
++						goto writeerr;
+ 				}
+ 				(void) sm_io_close(xfile, SM_TIME_DEFAULT);
+-				putline("\n", mci);
++				if (!putline("\n", mci))
++					goto writeerr;
+ 			}
+ 		}
+ 		else
+ 		{
+ 			expand(ErrMsgFile, buf, sizeof buf, e);
+-			putline(buf, mci);
+-			putline("", mci);
++			if (!putline(buf, mci) || !putline("", mci))
++				goto writeerr;
+ 		}
+ 	}
+ 
+@@ -877,21 +888,24 @@
+ 
+ 		if (printheader)
+ 		{
+-			putline("   ----- The following addresses had permanent fatal errors -----",
+-				mci);
++			if (!putline("   ----- The following addresses had permanent fatal errors -----",
++					mci))
++				goto writeerr;
+ 			printheader = false;
+ 		}
+ 
+ 		(void) sm_strlcpy(buf, shortenstring(q->q_paddr, MAXSHORTSTR),
+ 				  sizeof buf);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (q->q_rstatus != NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"    (reason: %s)",
+ 				shortenstring(exitstat(q->q_rstatus),
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 		if (q->q_alias != NULL)
+ 		{
+@@ -899,11 +913,12 @@
+ 				"    (expanded from: %s)",
+ 				shortenstring(q->q_alias->q_paddr,
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+-	if (!printheader)
+-		putline("", mci);
++	if (!printheader && !putline("", mci))
++		goto writeerr;
+ 
+ 	/* transient non-fatal errors */
+ 	printheader = true;
+@@ -917,25 +932,28 @@
+ 
+ 		if (printheader)
+ 		{
+-			putline("   ----- The following addresses had transient non-fatal errors -----",
+-				mci);
++			if (!putline("   ----- The following addresses had transient non-fatal errors -----",
++					mci))
++				goto writeerr;
+ 			printheader = false;
+ 		}
+ 
+ 		(void) sm_strlcpy(buf, shortenstring(q->q_paddr, MAXSHORTSTR),
+ 				  sizeof buf);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (q->q_alias != NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"    (expanded from: %s)",
+ 				shortenstring(q->q_alias->q_paddr,
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+-	if (!printheader)
+-		putline("", mci);
++	if (!printheader && !putline("", mci))
++		goto writeerr;
+ 
+ 	/* successful delivery notifications */
+ 	printheader = true;
+@@ -968,25 +986,28 @@
+ 
+ 		if (printheader)
+ 		{
+-			putline("   ----- The following addresses had successful delivery notifications -----",
+-				mci);
++			if (!putline("   ----- The following addresses had successful delivery notifications -----",
++					mci))
++				goto writeerr;
+ 			printheader = false;
+ 		}
+ 
+ 		(void) sm_snprintf(buf, sizeof buf, "%s  (%s)",
+ 			 shortenstring(q->q_paddr, MAXSHORTSTR), p);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 		if (q->q_alias != NULL)
+ 		{
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 				"    (expanded from: %s)",
+ 				shortenstring(q->q_alias->q_paddr,
+ 					      MAXSHORTSTR));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+-	if (!printheader)
+-		putline("", mci);
++	if (!printheader && !putline("", mci))
++		goto writeerr;
+ 
+ 	/*
+ 	**  Output transcript of errors
+@@ -995,8 +1016,9 @@
+ 	(void) sm_io_flush(smioout, SM_TIME_DEFAULT);
+ 	if (e->e_parent->e_xfp == NULL)
+ 	{
+-		putline("   ----- Transcript of session is unavailable -----\n",
+-			mci);
++		if (!putline("   ----- Transcript of session is unavailable -----\n",
++				mci))
++			goto writeerr;
+ 	}
+ 	else
+ 	{
+@@ -1007,11 +1029,12 @@
+ 		while (sm_io_fgets(e->e_parent->e_xfp, SM_TIME_DEFAULT, buf,
+ 				   sizeof buf) != NULL)
+ 		{
+-			if (printheader)
+-				putline("   ----- Transcript of session follows -----\n",
+-					mci);
++			if (printheader && !putline("   ----- Transcript of session follows -----\n",
++						mci))
++				goto writeerr;
+ 			printheader = false;
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 	}
+ 	errno = 0;
+@@ -1023,11 +1046,12 @@
+ 
+ 	if (e->e_msgboundary != NULL)
+ 	{
+-		putline("", mci);
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "--", e->e_msgboundary);
+-		putline(buf, mci);
+-		putline("Content-Type: message/delivery-status", mci);
+-		putline("", mci);
++		if (!putline("", mci) ||
++		    !putline(buf, mci) ||
++		    !putline("Content-Type: message/delivery-status", mci) ||
++		    !putline("", mci))
++			goto writeerr;
+ 
+ 		/*
+ 		**  Output per-message information.
+@@ -1039,13 +1063,15 @@
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 					"Original-Envelope-Id: %.800s",
+ 					xuntextify(e->e_parent->e_envid));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/* Reporting-MTA: is us (required) */
+ 		(void) sm_snprintf(buf, sizeof buf,
+ 				   "Reporting-MTA: dns; %.800s", MyHostName);
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 
+ 		/* DSN-Gateway: not relevant since we are not translating */
+ 
+@@ -1059,13 +1085,15 @@
+ 			(void) sm_snprintf(buf, sizeof buf,
+ 					"Received-From-MTA: %s; %.800s",
+ 					p, RealHostName);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/* Arrival-Date: -- when it arrived here */
+ 		(void) sm_strlcpyn(buf, sizeof buf, 2, "Arrival-Date: ",
+ 				arpadate(ctime(&e->e_parent->e_ctime)));
+-		putline(buf, mci);
++		if (!putline(buf, mci))
++			goto writeerr;
+ 
+ 		/* Deliver-By-Date: -- when it should have been delivered */
+ 		if (IS_DLVR_BY(e->e_parent))
+@@ -1076,7 +1104,8 @@
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2,
+ 					"Deliver-By-Date: ",
+ 					arpadate(ctime(&dbyd)));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 		}
+ 
+ 		/*
+@@ -1119,7 +1148,8 @@
+ 			else
+ 				continue;
+ 
+-			putline("", mci);
++			if (!putline("", mci))
++				goto writeerr;
+ 
+ 			/* Original-Recipient: -- passed from on high */
+ 			if (q->q_orcpt != NULL)
+@@ -1127,7 +1157,8 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						"Original-Recipient: %.800s",
+ 						q->q_orcpt);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Figure out actual recipient */
+@@ -1176,7 +1207,8 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						   "Final-Recipient: %s",
+ 						   q->q_finalrcpt);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* X-Actual-Recipient: -- the real problem address */
+@@ -1187,13 +1219,15 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						   "X-Actual-Recipient: %s",
+ 						   actual);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Action: -- what happened? */
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Action: ",
+ 				action);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			/* Status: -- what _really_ happened? */
+ 			if (q->q_status != NULL)
+@@ -1205,7 +1239,8 @@
+ 			else
+ 				p = "2.0.0";
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Status: ", p);
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			/* Remote-MTA: -- who was I talking to? */
+ 			if (q->q_statmta != NULL)
+@@ -1219,7 +1254,8 @@
+ 				p = &buf[strlen(buf) - 1];
+ 				if (*p == '.')
+ 					*p = '\0';
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Diagnostic-Code: -- actual result from other end */
+@@ -1231,7 +1267,8 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						"Diagnostic-Code: %s; %.800s",
+ 						p, q->q_rstatus);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 
+ 			/* Last-Attempt-Date: -- fine granularity */
+@@ -1240,7 +1277,8 @@
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2,
+ 					"Last-Attempt-Date: ",
+ 					arpadate(ctime(&q->q_statdate)));
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			/* Will-Retry-Until: -- for delayed messages only */
+ 			if (QS_IS_QUEUEUP(q->q_state))
+@@ -1252,7 +1290,8 @@
+ 				(void) sm_strlcpyn(buf, sizeof buf, 2,
+ 					 "Will-Retry-Until: ",
+ 					 arpadate(ctime(&xdate)));
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 		}
+ 	}
+@@ -1262,7 +1301,8 @@
+ 	**  Output text of original message
+ 	*/
+ 
+-	putline("", mci);
++	if (!putline("", mci))
++		goto writeerr;
+ 	if (bitset(EF_HAS_DF, e->e_parent->e_flags))
+ 	{
+ 		sendbody = !bitset(EF_NO_BODY_RETN, e->e_parent->e_flags) &&
+@@ -1270,21 +1310,27 @@
+ 
+ 		if (e->e_msgboundary == NULL)
+ 		{
+-			if (sendbody)
+-				putline("   ----- Original message follows -----\n", mci);
+-			else
+-				putline("   ----- Message header follows -----\n", mci);
++			if (!putline(
++				sendbody
++				? "   ----- Original message follows -----\n"
++				: "   ----- Message header follows -----\n",
++				mci))
++			{
++				goto writeerr;
++			}
+ 		}
+ 		else
+ 		{
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "--",
+ 					e->e_msgboundary);
+ 
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 			(void) sm_strlcpyn(buf, sizeof buf, 2, "Content-Type: ",
+ 					sendbody ? "message/rfc822"
+ 						 : "text/rfc822-headers");
+-			putline(buf, mci);
++			if (!putline(buf, mci))
++				goto writeerr;
+ 
+ 			p = hvalue("Content-Transfer-Encoding",
+ 				   e->e_parent->e_header);
+@@ -1298,43 +1344,62 @@
+ 				(void) sm_snprintf(buf, sizeof buf,
+ 						"Content-Transfer-Encoding: %s",
+ 						p);
+-				putline(buf, mci);
++				if (!putline(buf, mci))
++					goto writeerr;
+ 			}
+ 		}
+-		putline("", mci);
++		if (!putline("", mci))
++			goto writeerr;
+ 		save_errno = errno;
+-		putheader(mci, e->e_parent->e_header, e->e_parent, M87F_OUTER);
++		if (!putheader(mci, e->e_parent->e_header, e->e_parent,
++				M87F_OUTER))
++			goto writeerr;
+ 		errno = save_errno;
+ 		if (sendbody)
+-			putbody(mci, e->e_parent, e->e_msgboundary);
++		{
++			if (!putbody(mci, e->e_parent, e->e_msgboundary))
++				goto writeerr;
++		}
+ 		else if (e->e_msgboundary == NULL)
+ 		{
+-			putline("", mci);
+-			putline("   ----- Message body suppressed -----", mci);
++			if (!putline("", mci) ||
++			    !putline("   ----- Message body suppressed -----",
++					mci))
++			{
++				goto writeerr;
++			}
+ 		}
+ 	}
+ 	else if (e->e_msgboundary == NULL)
+ 	{
+-		putline("  ----- No message was collected -----\n", mci);
++		if (!putline("  ----- No message was collected -----\n", mci))
++			goto writeerr;
+ 	}
+ 
+ 	if (e->e_msgboundary != NULL)
+ 	{
+-		putline("", mci);
+ 		(void) sm_strlcpyn(buf, sizeof buf, 3, "--", e->e_msgboundary,
+ 				   "--");
+-		putline(buf, mci);
++		if (!putline("", mci) || !putline(buf, mci))
++			goto writeerr;
+ 	}
+-	putline("", mci);
+-	(void) sm_io_flush(mci->mci_out, SM_TIME_DEFAULT);
++	if (!putline("", mci) ||
++	    sm_io_flush(mci->mci_out, SM_TIME_DEFAULT) == SM_IO_EOF)
++			goto writeerr;
+ 
+ 	/*
+ 	**  Cleanup and exit
+ 	*/
+ 
+ 	if (errno != 0)
++	{
++  writeerr:
+ 		syserr("errbody: I/O error");
++		return false;
++	}
++	return true;
+ }
++
+ /*
+ **  SMTPTODSN -- convert SMTP to DSN status code
+ **
+Index: contrib/sendmail/src/sendmail.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sendmail.h,v
+retrieving revision 1.1.1.23
+diff -u -I__FBSDID -r1.1.1.23 sendmail.h
+--- contrib/sendmail/src/sendmail.h	1 Aug 2004 01:04:33 -0000	1.1.1.23
++++ contrib/sendmail/src/sendmail.h	21 Mar 2006 12:43:19 -0000
+@@ -808,13 +808,13 @@
+ /* functions */
+ extern void	addheader __P((char *, char *, int, ENVELOPE *));
+ extern unsigned long	chompheader __P((char *, int, HDR **, ENVELOPE *));
+-extern void	commaize __P((HDR *, char *, bool, MCI *, ENVELOPE *));
++extern bool	commaize __P((HDR *, char *, bool, MCI *, ENVELOPE *));
+ extern HDR	*copyheader __P((HDR *, SM_RPOOL_T *));
+ extern void	eatheader __P((ENVELOPE *, bool, bool));
+ extern char	*hvalue __P((char *, HDR *));
+ extern void	insheader __P((int, char *, char *, int, ENVELOPE *));
+ extern bool	isheader __P((char *));
+-extern void	putfromline __P((MCI *, ENVELOPE *));
++extern bool	putfromline __P((MCI *, ENVELOPE *));
+ extern void	setupheaders __P((void));
+ 
+ /*
+@@ -869,9 +869,9 @@
+ 	short		e_sendmode;	/* message send mode */
+ 	short		e_errormode;	/* error return mode */
+ 	short		e_timeoutclass;	/* message timeout class */
+-	void		(*e_puthdr)__P((MCI *, HDR *, ENVELOPE *, int));
++	bool		(*e_puthdr)__P((MCI *, HDR *, ENVELOPE *, int));
+ 					/* function to put header of message */
+-	void		(*e_putbody)__P((MCI *, ENVELOPE *, char *));
++	bool		(*e_putbody)__P((MCI *, ENVELOPE *, char *));
+ 					/* function to put body of message */
+ 	ENVELOPE	*e_parent;	/* the message this one encloses */
+ 	ENVELOPE	*e_sibling;	/* the next envelope of interest */
+@@ -964,8 +964,8 @@
+ extern ENVELOPE	*newenvelope __P((ENVELOPE *, ENVELOPE *, SM_RPOOL_T *));
+ extern void	clrsessenvelope __P((ENVELOPE *));
+ extern void	printenvflags __P((ENVELOPE *));
+-extern void	putbody __P((MCI *, ENVELOPE *, char *));
+-extern void	putheader __P((MCI *, HDR *, ENVELOPE *, int));
++extern bool	putbody __P((MCI *, ENVELOPE *, char *));
++extern bool	putheader __P((MCI *, HDR *, ENVELOPE *, int));
+ 
+ /*
+ **  Message priority classes.
+@@ -1646,7 +1646,7 @@
+ #define M87F_NO8TO7		0x0004	/* don't do 8->7 bit conversions */
+ 
+ /* functions */
+-extern void	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
++extern bool	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
+ extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int));
+ 
+ /*
+@@ -2140,7 +2140,6 @@
+ #if !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_)
+ EXTERN bool	ConfigFileRead;	/* configuration file has been read */
+ #endif /* !defined(_USE_SUN_NSSWITCH_) && !defined(_USE_DEC_SVC_CONF_) */
+-EXTERN bool	volatile DataProgress;	/* have we sent anything since last check */
+ EXTERN bool	DisConnected;	/* running with OutChannel redirect to transcript file */
+ EXTERN bool	DontExpandCnames;	/* do not $[...$] expand CNAMEs */
+ EXTERN bool	DontInitGroups;	/* avoid initgroups() because of NIS cost */
+@@ -2513,8 +2512,8 @@
+ extern void	printqueue __P((void));
+ extern void	printrules __P((void));
+ extern pid_t	prog_open __P((char **, int *, ENVELOPE *));
+-extern void	putline __P((char *, MCI *));
+-extern void	putxline __P((char *, size_t, MCI *, int));
++extern bool	putline __P((char *, MCI *));
++extern bool	putxline __P((char *, size_t, MCI *, int));
+ extern void	queueup_macros __P((int, SM_FILE_T *, ENVELOPE *));
+ extern void	readcf __P((char *, bool, ENVELOPE *));
+ extern SIGFUNC_DECL	reapchild __P((int));
+Index: contrib/sendmail/src/sfsasl.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sfsasl.c,v
+retrieving revision 1.1.1.14
+diff -u -I__FBSDID -r1.1.1.14 sfsasl.c
+--- contrib/sendmail/src/sfsasl.c	1 Aug 2004 01:04:33 -0000	1.1.1.14
++++ contrib/sendmail/src/sfsasl.c	21 Mar 2006 12:43:20 -0000
+@@ -516,6 +516,125 @@
+ # define MAX_TLS_IOS	4
+ 
+ /*
++**  TLS_RETRY -- check whether a failed SSL operation can be retried
++**
++**	Parameters:
++**		ssl -- TLS structure
++**		rfd -- read fd
++**		wfd -- write fd
++**		tlsstart -- start time of TLS operation
++**		timeout -- timeout for TLS operation
++**		err -- SSL error
++**		where -- description of operation
++**
++**	Results:
++**		>0 on success
++**		0 on timeout
++**		<0 on error
++*/
++
++int
++tls_retry(ssl, rfd, wfd, tlsstart, timeout, err, where)
++	SSL *ssl;
++	int rfd;
++	int wfd;
++	time_t tlsstart;
++	int timeout;
++	int err;
++	const char *where;
++{
++	int ret;
++	time_t left;
++	time_t now = curtime();
++	struct timeval tv;
++
++	ret = -1;
++
++	/*
++	**  For SSL_ERROR_WANT_{READ,WRITE}:
++	**  There is not a complete SSL record available yet
++	**  or there is only a partial SSL record removed from
++	**  the network (socket) buffer into the SSL buffer.
++	**  The SSL_connect will only succeed when a full
++	**  SSL record is available (assuming a "real" error
++	**  doesn't happen). To handle when a "real" error
++	**  does happen the select is set for exceptions too.
++	**  The connection may be re-negotiated during this time
++	**  so both read and write "want errors" need to be handled.
++	**  A select() exception loops back so that a proper SSL
++	**  error message can be gotten.
++	*/
++
++	left = timeout - (now - tlsstart);
++	if (left <= 0)
++		return 0;	/* timeout */
++	tv.tv_sec = left;
++	tv.tv_usec = 0;
++
++	if (LogLevel > 14)
++	{
++		sm_syslog(LOG_INFO, NOQID,
++			  "STARTTLS=%s, info: fds=%d/%d, err=%d",
++			  where, rfd, wfd, err);
++	}
++
++	if (FD_SETSIZE > 0 &&
++	    ((err == SSL_ERROR_WANT_READ && rfd >= FD_SETSIZE) ||
++	     (err == SSL_ERROR_WANT_WRITE && wfd >= FD_SETSIZE)))
++	{
++		if (LogLevel > 5)
++		{
++			sm_syslog(LOG_ERR, NOQID,
++				  "STARTTLS=%s, error: fd %d/%d too large",
++				  where, rfd, wfd);
++		if (LogLevel > 8)
++			tlslogerr(where);
++		}
++		errno = EINVAL;
++	}
++	else if (err == SSL_ERROR_WANT_READ)
++	{
++		fd_set ssl_maskr, ssl_maskx;
++
++		FD_ZERO(&ssl_maskr);
++		FD_SET(rfd, &ssl_maskr);
++		FD_ZERO(&ssl_maskx);
++		FD_SET(rfd, &ssl_maskx);
++		do
++		{
++			ret = select(rfd + 1, &ssl_maskr, NULL, &ssl_maskx,
++					&tv);
++		} while (ret < 0 && errno == EINTR);
++		if (ret < 0 && errno > 0)
++			ret = -errno;
++	}
++	else if (err == SSL_ERROR_WANT_WRITE)
++	{
++		fd_set ssl_maskw, ssl_maskx;
++
++		FD_ZERO(&ssl_maskw);
++		FD_SET(wfd, &ssl_maskw);
++		FD_ZERO(&ssl_maskx);
++		FD_SET(rfd, &ssl_maskx);
++		do
++		{
++			ret = select(wfd + 1, NULL, &ssl_maskw, &ssl_maskx,
++					&tv);
++		} while (ret < 0 && errno == EINTR);
++		if (ret < 0 && errno > 0)
++			ret = -errno;
++	}
++	return ret;
++}
++
++/* errno to force refill() etc to stop (see IS_IO_ERROR()) */
++#ifdef ETIMEDOUT
++# define SM_ERR_TIMEOUT	ETIMEDOUT
++#else /* ETIMEDOUT */
++# define SM_ERR_TIMEOUT	EIO
++#endif /* ETIMEDOUT */
++
++/*
+ **  TLS_READ -- read secured information for the caller
+ **
+ **	Parameters:
+@@ -536,38 +655,42 @@
+ 	char *buf;
+ 	size_t size;
+ {
+-	int r;
+-	static int again = MAX_TLS_IOS;
++	int r, rfd, wfd, try, ssl_err;
+ 	struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
++	time_t tlsstart;
+ 	char *err;
+ 
++	try = 99;
++	err = NULL;
++	tlsstart = curtime();
++
++  retry:
+ 	r = SSL_read(so->con, (char *) buf, size);
+ 
+ 	if (r > 0)
+-	{
+-		again = MAX_TLS_IOS;
+ 		return r;
+-	}
+ 
+ 	err = NULL;
+-	switch (SSL_get_error(so->con, r))
++	switch (ssl_err = SSL_get_error(so->con, r))
+ 	{
+ 	  case SSL_ERROR_NONE:
+ 	  case SSL_ERROR_ZERO_RETURN:
+-		again = MAX_TLS_IOS;
+ 		break;
+ 	  case SSL_ERROR_WANT_WRITE:
+-		if (--again <= 0)
+-			err = "read W BLOCK";
+-		else
+-			errno = EAGAIN;
+-		break;
++		err = "read W BLOCK";
++		/* FALLTHROUGH */
+ 	  case SSL_ERROR_WANT_READ:
+-		if (--again <= 0)
++		if (err == NULL)
+ 			err = "read R BLOCK";
+-		else
+-			errno = EAGAIN;
++		rfd = SSL_get_rfd(so->con);
++		wfd = SSL_get_wfd(so->con);
++		try = tls_retry(so->con, rfd, wfd, tlsstart,
++				TimeOuts.to_datablock, ssl_err, "read");
++		if (try > 0)
++			goto retry;
++		errno = SM_ERR_TIMEOUT;
+ 		break;
++
+ 	  case SSL_ERROR_WANT_X509_LOOKUP:
+ 		err = "write X BLOCK";
+ 		break;
+@@ -600,15 +723,22 @@
+ 		int save_errno;
+ 
+ 		save_errno = (errno == 0) ? EIO : errno;
+-		again = MAX_TLS_IOS;
+-		if (LogLevel > 9)
++		if (try == 0 && save_errno == SM_ERR_TIMEOUT)
++		{
++			if (LogLevel > 7)
++				sm_syslog(LOG_WARNING, NOQID,
++					  "STARTTLS: read error=timeout");
++		}
++		else if (LogLevel > 8)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: read error=%s (%d), errno=%d, get_error=%s",
++				  "STARTTLS: read error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d",
+ 				  err, r, errno,
+-				  ERR_error_string(ERR_get_error(), NULL));
++				  ERR_error_string(ERR_get_error(), NULL), try,
++				  ssl_err);
+ 		else if (LogLevel > 7)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: read error=%s (%d)", err, r);
++				  "STARTTLS: read error=%s (%d), retry=%d, ssl_err=%d",
++				  err, r, errno, try, ssl_err);
+ 		errno = save_errno;
+ 	}
+ 	return r;
+@@ -635,36 +765,39 @@
+ 	const char *buf;
+ 	size_t size;
+ {
+-	int r;
+-	static int again = MAX_TLS_IOS;
++	int r, rfd, wfd, try, ssl_err;
+ 	struct tls_obj *so = (struct tls_obj *) fp->f_cookie;
++	time_t tlsstart;
+ 	char *err;
+ 
++	try = 99;
++	err = NULL;
++	tlsstart = curtime();
++
++  retry:
+ 	r = SSL_write(so->con, (char *) buf, size);
+ 
+ 	if (r > 0)
+-	{
+-		again = MAX_TLS_IOS;
+ 		return r;
+-	}
+ 	err = NULL;
+-	switch (SSL_get_error(so->con, r))
++	switch (ssl_err = SSL_get_error(so->con, r))
+ 	{
+ 	  case SSL_ERROR_NONE:
+ 	  case SSL_ERROR_ZERO_RETURN:
+-		again = MAX_TLS_IOS;
+ 		break;
+ 	  case SSL_ERROR_WANT_WRITE:
+-		if (--again <= 0)
+-			err = "write W BLOCK";
+-		else
+-			errno = EAGAIN;
+-		break;
++		err = "read W BLOCK";
++		/* FALLTHROUGH */
+ 	  case SSL_ERROR_WANT_READ:
+-		if (--again <= 0)
+-			err = "write R BLOCK";
+-		else
+-			errno = EAGAIN;
++		if (err == NULL)
++			err = "read R BLOCK";
++		rfd = SSL_get_rfd(so->con);
++		wfd = SSL_get_wfd(so->con);
++		try = tls_retry(so->con, rfd, wfd, tlsstart,
++				DATA_PROGRESS_TIMEOUT, ssl_err, "write");
++		if (try > 0)
++			goto retry;
++		errno = SM_ERR_TIMEOUT;
+ 		break;
+ 	  case SSL_ERROR_WANT_X509_LOOKUP:
+ 		err = "write X BLOCK";
+@@ -697,15 +830,22 @@
+ 		int save_errno;
+ 
+ 		save_errno = (errno == 0) ? EIO : errno;
+-		again = MAX_TLS_IOS;
+-		if (LogLevel > 9)
++		if (try == 0 && save_errno == SM_ERR_TIMEOUT)
++		{
++			if (LogLevel > 7)
++				sm_syslog(LOG_WARNING, NOQID,
++					  "STARTTLS: write error=timeout");
++		}
++		else if (LogLevel > 8)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: write error=%s (%d), errno=%d, get_error=%s",
++				  "STARTTLS: write error=%s (%d), errno=%d, get_error=%s, retry=%d, ssl_err=%d",
+ 				  err, r, errno,
+-				  ERR_error_string(ERR_get_error(), NULL));
++				  ERR_error_string(ERR_get_error(), NULL), try,
++				  ssl_err);
+ 		else if (LogLevel > 7)
+ 			sm_syslog(LOG_WARNING, NOQID,
+-				  "STARTTLS: write error=%s (%d)", err, r);
++				  "STARTTLS: write error=%s (%d), errno=%d, retry=%d, ssl_err=%d",
++				  err, r, errno, try, ssl_err);
+ 		errno = save_errno;
+ 	}
+ 	return r;
+Index: contrib/sendmail/src/sfsasl.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sfsasl.h,v
+retrieving revision 1.1.1.4
+diff -u -I__FBSDID -r1.1.1.4 sfsasl.h
+--- contrib/sendmail/src/sfsasl.h	11 Jun 2002 21:11:52 -0000	1.1.1.4
++++ contrib/sendmail/src/sfsasl.h	21 Mar 2006 12:43:20 -0000
+@@ -17,6 +17,8 @@
+ #endif /* SASL */
+ 
+ # if STARTTLS
++extern int	tls_retry __P((SSL *, int, int, time_t, int, int,
++				const char *));
+ extern int	sfdctls __P((SM_FILE_T **, SM_FILE_T **, SSL *));
+ # endif /* STARTTLS */
+ 
+Index: contrib/sendmail/src/srvrsmtp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/srvrsmtp.c,v
+retrieving revision 1.1.1.20
+diff -u -I__FBSDID -r1.1.1.20 srvrsmtp.c
+--- contrib/sendmail/src/srvrsmtp.c	1 Aug 2004 01:04:35 -0000	1.1.1.20
++++ contrib/sendmail/src/srvrsmtp.c	21 Mar 2006 12:43:22 -0000
+@@ -503,7 +503,6 @@
+ #endif /* SASL */
+ 	int r;
+ #if STARTTLS
+-	int fdfl;
+ 	int rfd, wfd;
+ 	volatile bool tls_active = false;
+ 	volatile bool smtps = bitnset(D_SMTPS, d_flags);
+@@ -1693,97 +1692,26 @@
+ #  define SSL_ACC(s)	SSL_accept(s)
+ 
+ 			tlsstart = curtime();
+-			fdfl = fcntl(rfd, F_GETFL);
+-			if (fdfl != -1)
+-				fcntl(rfd, F_SETFL, fdfl|O_NONBLOCK);
+   ssl_retry:
+ 			if ((r = SSL_ACC(srv_ssl)) <= 0)
+ 			{
+-				int i;
+-				bool timedout;
+-				time_t left;
+-				time_t now = curtime();
+-				struct timeval tv;
++				int i, ssl_err;
+ 
+-				/* what to do in this case? */
+-				i = SSL_get_error(srv_ssl, r);
++				ssl_err = SSL_get_error(srv_ssl, r);
++				i = tls_retry(srv_ssl, rfd, wfd, tlsstart,
++						TimeOuts.to_starttls, ssl_err,
++						"server");
++				if (i > 0)
++					goto ssl_retry;
+ 
+-				/*
+-				**  For SSL_ERROR_WANT_{READ,WRITE}:
+-				**  There is no SSL record available yet
+-				**  or there is only a partial SSL record
+-				**  removed from the network (socket) buffer
+-				**  into the SSL buffer. The SSL_accept will
+-				**  only succeed when a full SSL record is
+-				**  available (assuming a "real" error
+-				**  doesn't happen). To handle when a "real"
+-				**  error does happen the select is set for
+-				**  exceptions too.
+-				**  The connection may be re-negotiated
+-				**  during this time so both read and write
+-				**  "want errors" need to be handled.
+-				**  A select() exception loops back so that
+-				**  a proper SSL error message can be gotten.
+-				*/
+-
+-				left = TimeOuts.to_starttls - (now - tlsstart);
+-				timedout = left <= 0;
+-				if (!timedout)
+-				{
+-					tv.tv_sec = left;
+-					tv.tv_usec = 0;
+-				}
+-
+-				if (!timedout && FD_SETSIZE > 0 &&
+-				    (rfd >= FD_SETSIZE ||
+-				     (i == SSL_ERROR_WANT_WRITE &&
+-				      wfd >= FD_SETSIZE)))
+-				{
+-					if (LogLevel > 5)
+-					{
+-						sm_syslog(LOG_ERR, NOQID,
+-							  "STARTTLS=server, error: fd %d/%d too large",
+-							  rfd, wfd);
+-						if (LogLevel > 8)
+-							tlslogerr("server");
+-					}
+-					goto tlsfail;
+-				}
+-
+-				/* XXX what about SSL_pending() ? */
+-				if (!timedout && i == SSL_ERROR_WANT_READ)
+-				{
+-					fd_set ssl_maskr, ssl_maskx;
+-
+-					FD_ZERO(&ssl_maskr);
+-					FD_SET(rfd, &ssl_maskr);
+-					FD_ZERO(&ssl_maskx);
+-					FD_SET(rfd, &ssl_maskx);
+-					if (select(rfd + 1, &ssl_maskr, NULL,
+-						   &ssl_maskx, &tv) > 0)
+-						goto ssl_retry;
+-				}
+-				if (!timedout && i == SSL_ERROR_WANT_WRITE)
+-				{
+-					fd_set ssl_maskw, ssl_maskx;
+-
+-					FD_ZERO(&ssl_maskw);
+-					FD_SET(wfd, &ssl_maskw);
+-					FD_ZERO(&ssl_maskx);
+-					FD_SET(rfd, &ssl_maskx);
+-					if (select(wfd + 1, NULL, &ssl_maskw,
+-						   &ssl_maskx, &tv) > 0)
+-						goto ssl_retry;
+-				}
+ 				if (LogLevel > 5)
+ 				{
+ 					sm_syslog(LOG_WARNING, NOQID,
+-						  "STARTTLS=server, error: accept failed=%d, SSL_error=%d, timedout=%d, errno=%d",
+-						  r, i, (int) timedout, errno);
++						  "STARTTLS=server, error: accept failed=%d, SSL_error=%d, errno=%d, retry=%d",
++						  r, ssl_err, errno, i);
+ 					if (LogLevel > 8)
+ 						tlslogerr("server");
+ 				}
+-tlsfail:
+ 				tls_ok_srv = false;
+ 				SSL_free(srv_ssl);
+ 				srv_ssl = NULL;
+@@ -1798,9 +1726,6 @@
+ 				goto doquit;
+ 			}
+ 
+-			if (fdfl != -1)
+-				fcntl(rfd, F_SETFL, fdfl);
+-
+ 			/* ignore return code for now, it's in {verify} */
+ 			(void) tls_get_info(srv_ssl, true,
+ 					    CurSmtpClient,
+Index: contrib/sendmail/src/usersmtp.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/usersmtp.c,v
+retrieving revision 1.1.1.18
+diff -u -I__FBSDID -r1.1.1.18 usersmtp.c
+--- contrib/sendmail/src/usersmtp.c	1 Aug 2004 01:04:36 -0000	1.1.1.18
++++ contrib/sendmail/src/usersmtp.c	21 Mar 2006 12:43:23 -0000
+@@ -19,7 +19,6 @@
+ 
+ 
+ extern void	markfailure __P((ENVELOPE *, ADDRESS *, MCI *, int, bool));
+-static void	datatimeout __P((void));
+ static void	esmtp_check __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
+ static void	helo_options __P((char *, bool, MAILER *, MCI *, ENVELOPE *));
+ static int	smtprcptstat __P((ADDRESS *, MAILER *, MCI *, ENVELOPE *));
+@@ -2493,9 +2492,6 @@
+ **		exit status corresponding to DATA command.
+ */
+ 
+-static jmp_buf	CtxDataTimeout;
+-static SM_EVENT	*volatile DataTimeout = NULL;
+-
+ int
+ smtpdata(m, mci, e, ctladdr, xstart)
+ 	MAILER *m;
+@@ -2617,43 +2613,22 @@
+ 	**  factor.  The main thing is that it should not be infinite.
+ 	*/
+ 
+-	if (setjmp(CtxDataTimeout) != 0)
+-	{
+-		mci->mci_errno = errno;
+-		mci->mci_state = MCIS_ERROR;
+-		mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
+-
+-		/*
+-		**  If putbody() couldn't finish due to a timeout,
+-		**  rewind it here in the timeout handler.  See
+-		**  comments at the end of putbody() for reasoning.
+-		*/
+-
+-		if (e->e_dfp != NULL)
+-			(void) bfrewind(e->e_dfp);
+-
+-		errno = mci->mci_errno;
+-		syserr("451 4.4.1 timeout writing message to %s", CurHostName);
+-		smtpquit(m, mci, e);
+-		return EX_TEMPFAIL;
+-	}
+-
+ 	if (tTd(18, 101))
+ 	{
+ 		/* simulate a DATA timeout */
+-		timeout = 1;
++		timeout = 10;
+ 	}
+ 	else
+-		timeout = DATA_PROGRESS_TIMEOUT;
+-
+-	DataTimeout = sm_setevent(timeout, datatimeout, 0);
++		timeout = DATA_PROGRESS_TIMEOUT * 1000;
++	sm_io_setinfo(mci->mci_out, SM_IO_WHAT_TIMEOUT, &timeout);
+ 
+ 
+ 	/*
+ 	**  Output the actual message.
+ 	*/
+ 
+-	(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER);
++	if (!(*e->e_puthdr)(mci, e->e_header, e, M87F_OUTER))
++		goto writeerr;
+ 
+ 	if (tTd(18, 101))
+ 	{
+@@ -2661,14 +2636,13 @@
+ 		(void) sleep(2);
+ 	}
+ 
+-	(*e->e_putbody)(mci, e, NULL);
++	if (!(*e->e_putbody)(mci, e, NULL))
++		goto writeerr;
+ 
+ 	/*
+ 	**  Cleanup after sending message.
+ 	*/
+ 
+-	if (DataTimeout != NULL)
+-		sm_clrevent(DataTimeout);
+ 
+ #if PIPELINING
+ 	}
+@@ -2708,7 +2682,9 @@
+ 	}
+ 
+ 	/* terminate the message */
+-	(void) sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s", m->m_eol);
++	if (sm_io_fprintf(mci->mci_out, SM_TIME_DEFAULT, ".%s", m->m_eol) ==
++								SM_IO_EOF)
++		goto writeerr;
+ 	if (TrafficLogFile != NULL)
+ 		(void) sm_io_fprintf(TrafficLogFile, SM_TIME_DEFAULT,
+ 				     "%05d >>> .\n", (int) CurrentPid);
+@@ -2758,50 +2734,27 @@
+ 			  shortenstring(SmtpReplyBuffer, 403));
+ 	}
+ 	return rstat;
+-}
+ 
+-static void
+-datatimeout()
+-{
+-	int save_errno = errno;
++  writeerr:
++	mci->mci_errno = errno;
++	mci->mci_state = MCIS_ERROR;
++	mci_setstat(mci, EX_TEMPFAIL, "4.4.2", NULL);
+ 
+ 	/*
+-	**  NOTE: THIS CAN BE CALLED FROM A SIGNAL HANDLER.  DO NOT ADD
+-	**	ANYTHING TO THIS ROUTINE UNLESS YOU KNOW WHAT YOU ARE
+-	**	DOING.
++	**  If putbody() couldn't finish due to a timeout,
++	**  rewind it here in the timeout handler.  See
++	**  comments at the end of putbody() for reasoning.
+ 	*/
+ 
+-	if (DataProgress)
+-	{
+-		time_t timeout;
+-
+-		/* check back again later */
+-		if (tTd(18, 101))
+-		{
+-			/* simulate a DATA timeout */
+-			timeout = 1;
+-		}
+-		else
+-			timeout = DATA_PROGRESS_TIMEOUT;
+-
+-		/* reset the timeout */
+-		DataTimeout = sm_sigsafe_setevent(timeout, datatimeout, 0);
+-		DataProgress = false;
+-	}
+-	else
+-	{
+-		/* event is done */
+-		DataTimeout = NULL;
+-	}
++	if (e->e_dfp != NULL)
++		(void) bfrewind(e->e_dfp);
+ 
+-	/* if no progress was made or problem resetting event, die now */
+-	if (DataTimeout == NULL)
+-	{
+-		errno = ETIMEDOUT;
+-		longjmp(CtxDataTimeout, 1);
+-	}
+-	errno = save_errno;
++	errno = mci->mci_errno;
++	syserr("451 4.4.1 timeout writing message to %s", CurHostName);
++	smtpquit(m, mci, e);
++	return EX_TEMPFAIL;
+ }
++
+ /*
+ **  SMTPGETSTAT -- get status code from DATA in LMTP
+ **
+Index: contrib/sendmail/src/util.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/util.c,v
+retrieving revision 1.1.1.17
+diff -u -I__FBSDID -r1.1.1.17 util.c
+--- contrib/sendmail/src/util.c	1 Aug 2004 01:04:36 -0000	1.1.1.17
++++ contrib/sendmail/src/util.c	21 Mar 2006 12:43:24 -0000
+@@ -455,6 +455,8 @@
+ {
+ 	register char *p;
+ 
++	SM_REQUIRE(sz >= 0);
++
+ 	/* some systems can't handle size zero mallocs */
+ 	if (sz <= 0)
+ 		sz = 1;
+@@ -969,18 +971,18 @@
+ **		mci -- the mailer connection information.
+ **
+ **	Returns:
+-**		none
++**		true iff line was written successfully
+ **
+ **	Side Effects:
+ **		output of l to mci->mci_out.
+ */
+ 
+-void
++bool
+ putline(l, mci)
+ 	register char *l;
+ 	register MCI *mci;
+ {
+-	putxline(l, strlen(l), mci, PXLF_MAPFROM);
++	return putxline(l, strlen(l), mci, PXLF_MAPFROM);
+ }
+ /*
+ **  PUTXLINE -- putline with flags bits.
+@@ -999,13 +1001,13 @@
+ **		    PXLF_NOADDEOL -- don't add an EOL if one wasn't present.
+ **
+ **	Returns:
+-**		none
++**		true iff line was written successfully
+ **
+ **	Side Effects:
+ **		output of l to mci->mci_out.
+ */
+ 
+-void
++bool
+ putxline(l, len, mci, pxflags)
+ 	register char *l;
+ 	size_t len;
+@@ -1057,11 +1059,6 @@
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+ 					       '.') == SM_IO_EOF)
+ 					dead = true;
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 				if (TrafficLogFile != NULL)
+ 					(void) sm_io_putc(TrafficLogFile,
+ 							  SM_TIME_DEFAULT, '.');
+@@ -1074,11 +1071,6 @@
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+ 					       '>') == SM_IO_EOF)
+ 					dead = true;
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 				if (TrafficLogFile != NULL)
+ 					(void) sm_io_putc(TrafficLogFile,
+ 							  SM_TIME_DEFAULT,
+@@ -1090,16 +1082,11 @@
+ 			while (l < q)
+ 			{
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+-					       (unsigned char) *l++) == SM_IO_EOF)
++				       (unsigned char) *l++) == SM_IO_EOF)
+ 				{
+ 					dead = true;
+ 					break;
+ 				}
+-				else
+-				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
+-				}
+ 			}
+ 			if (dead)
+ 				break;
+@@ -1115,11 +1102,6 @@
+ 				dead = true;
+ 				break;
+ 			}
+-			else
+-			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
+-			}
+ 			if (TrafficLogFile != NULL)
+ 			{
+ 				for (l = l_base; l < q; l++)
+@@ -1143,11 +1125,9 @@
+ 		{
+ 			if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, '.') ==
+ 			    SM_IO_EOF)
+-				break;
+-			else
+ 			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
++				dead = true;
++				break;
+ 			}
+ 			if (TrafficLogFile != NULL)
+ 				(void) sm_io_putc(TrafficLogFile,
+@@ -1160,11 +1140,9 @@
+ 		{
+ 			if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT, '>') ==
+ 			    SM_IO_EOF)
+-				break;
+-			else
+ 			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
++				dead = true;
++				break;
+ 			}
+ 			if (TrafficLogFile != NULL)
+ 				(void) sm_io_putc(TrafficLogFile,
+@@ -1182,11 +1160,6 @@
+ 				dead = true;
+ 				break;
+ 			}
+-			else
+-			{
+-				/* record progress for DATA timeout */
+-				DataProgress = true;
+-			}
+ 		}
+ 		if (dead)
+ 			break;
+@@ -1197,11 +1170,9 @@
+ 		if ((!bitset(PXLF_NOADDEOL, pxflags) || !noeol) &&
+ 		    sm_io_fputs(mci->mci_out, SM_TIME_DEFAULT,
+ 				mci->mci_mailer->m_eol) == SM_IO_EOF)
+-			break;
+-		else
+ 		{
+-			/* record progress for DATA timeout */
+-			DataProgress = true;
++			dead = true;
++			break;
+ 		}
+ 		if (l < end && *l == '\n')
+ 		{
+@@ -1210,11 +1181,9 @@
+ 			{
+ 				if (sm_io_putc(mci->mci_out, SM_TIME_DEFAULT,
+ 					       ' ') == SM_IO_EOF)
+-					break;
+-				else
+ 				{
+-					/* record progress for DATA timeout */
+-					DataProgress = true;
++					dead = true;
++					break;
+ 				}
+ 
+ 				if (TrafficLogFile != NULL)
+@@ -1223,10 +1192,10 @@
+ 			}
+ 		}
+ 
+-		/* record progress for DATA timeout */
+-		DataProgress = true;
+ 	} while (l < end);
++	return !dead;
+ }
++
+ /*
+ **  XUNLINK -- unlink a file, doing logging as appropriate.
+ **
+@@ -2432,6 +2401,7 @@
+ 				*h++ = 'r';
+ 				break;
+ 			  default:
++				SM_ASSERT(l >= 2);
+ 				(void) sm_snprintf(h, l, "%03o",
+ 					(unsigned int)((unsigned char) c));
+ 
diff --git a/share/security/patches/SA-06:13/sendmail411.patch.asc b/share/security/patches/SA-06:13/sendmail411.patch.asc
new file mode 100644
index 0000000000..d6885688b8
--- /dev/null
+++ b/share/security/patches/SA-06:13/sendmail411.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.2.2 (FreeBSD)
+
+iD8DBQBEISkzFdaIBMps37IRAqICAKCZoIUOO+0HwZnx56VeHAO5664MlQCgl4ct
+OuOQv2L7PufyMehwdYttJAE=
+=q76i
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:14/fpu.patch b/share/security/patches/SA-06:14/fpu.patch
new file mode 100644
index 0000000000..1758f124d4
--- /dev/null
+++ b/share/security/patches/SA-06:14/fpu.patch
@@ -0,0 +1,141 @@
+Index: sys/amd64/amd64/fpu.c
+===================================================================
+RCS file: /home/ncvs/src/sys/amd64/amd64/fpu.c,v
+retrieving revision 1.157
+diff -u -I__FBSDID -r1.157 fpu.c
+--- sys/amd64/amd64/fpu.c	11 Mar 2005 22:16:09 -0000	1.157
++++ sys/amd64/amd64/fpu.c	16 Apr 2006 20:18:07 -0000
+@@ -96,6 +96,8 @@
+ 
+ typedef u_char bool_t;
+ 
++static	void	fpu_clean_state(void);
++
+ int	hw_float = 1;
+ SYSCTL_INT(_hw,HW_FLOATINGPT, floatingpoint,
+ 	CTLFLAG_RD, &hw_float, 0, 
+@@ -407,6 +409,8 @@
+ 	PCPU_SET(fpcurthread, curthread);
+ 	pcb = PCPU_GET(curpcb);
+ 
++	fpu_clean_state();
++
+ 	if ((pcb->pcb_flags & PCB_FPUINITDONE) == 0) {
+ 		/*
+ 		 * This is the first time this thread has used the FPU,
+@@ -474,6 +478,7 @@
+ 
+ 	s = intr_disable();
+ 	if (td == PCPU_GET(fpcurthread)) {
++		fpu_clean_state();
+ 		fxrstor(addr);
+ 		intr_restore(s);
+ 	} else {
+@@ -484,6 +489,37 @@
+ }
+ 
+ /*
++ * On AuthenticAMD processors, the fxrstor instruction does not restore
++ * the x87's stored last instruction pointer, last data pointer, and last
++ * opcode values, except in the rare case in which the exception summary
++ * (ES) bit in the x87 status word is set to 1.
++ *
++ * In order to avoid leaking this information across processes, we clean
++ * these values by performing a dummy load before executing fxrstor().
++ */
++static	double	dummy_variable = 0.0;
++static void
++fpu_clean_state(void)
++{
++	u_short status;
++
++	/*
++	 * Clear the ES bit in the x87 status word if it is currently
++	 * set, in order to avoid causing a fault in the upcoming load.
++	 */
++	fnstsw(&status);
++	if (status & 0x80)
++		fnclex();
++
++	/*
++	 * Load the dummy variable into the x87 stack.  This mangles
++	 * the x87 stack, but we don't care since we're about to call
++	 * fxrstor() anyway.
++	 */
++	__asm __volatile("ffree %%st(7); fld %0" : : "m" (dummy_variable));
++}
++
++/*
+  * This really sucks.  We want the acpi version only, but it requires
+  * the isa_if.h file in order to get the definitions.
+  */
+Index: sys/i386/isa/npx.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/isa/npx.c,v
+retrieving revision 1.164
+diff -u -I__FBSDID -r1.164 npx.c
+--- sys/i386/isa/npx.c	6 Apr 2006 17:17:45 -0000	1.164
++++ sys/i386/isa/npx.c	16 Apr 2006 20:18:08 -0000
+@@ -142,6 +142,10 @@
+ 
+ typedef u_char bool_t;
+ 
++#ifdef CPU_ENABLE_SSE
++static	void	fpu_clean_state(void);
++#endif
++
+ static	void	fpusave(union savefpu *);
+ static	void	fpurstor(union savefpu *);
+ static	int	npx_attach(device_t dev);
+@@ -952,15 +956,49 @@
+ 		fnsave(addr);
+ }
+ 
++#ifdef CPU_ENABLE_SSE
++/*
++ * On AuthenticAMD processors, the fxrstor instruction does not restore
++ * the x87's stored last instruction pointer, last data pointer, and last
++ * opcode values, except in the rare case in which the exception summary
++ * (ES) bit in the x87 status word is set to 1.
++ *
++ * In order to avoid leaking this information across processes, we clean
++ * these values by performing a dummy load before executing fxrstor().
++ */
++static	double	dummy_variable = 0.0;
++static void
++fpu_clean_state(void)
++{
++	u_short status;
++
++	/*
++	 * Clear the ES bit in the x87 status word if it is currently
++	 * set, in order to avoid causing a fault in the upcoming load.
++	 */
++	fnstsw(&status);
++	if (status & 0x80)
++		fnclex();
++
++	/*
++	 * Load the dummy variable into the x87 stack.  This mangles
++	 * the x87 stack, but we don't care since we're about to call
++	 * fxrstor() anyway.
++	 */
++	__asm __volatile("ffree %%st(7); fld %0" : : "m" (dummy_variable));
++}
++#endif /* CPU_ENABLE_SSE */
++
+ static void
+ fpurstor(addr)
+ 	union savefpu *addr;
+ {
+ 
+ #ifdef CPU_ENABLE_SSE
+-	if (cpu_fxsr)
++	if (cpu_fxsr) {
++		fpu_clean_state();
+ 		fxrstor(addr);
+-	else
++	} else
+ #endif
+ 		frstor(addr);
+ }
diff --git a/share/security/patches/SA-06:14/fpu.patch.asc b/share/security/patches/SA-06:14/fpu.patch.asc
new file mode 100644
index 0000000000..8d6d6bb7e2
--- /dev/null
+++ b/share/security/patches/SA-06:14/fpu.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBERXFYFdaIBMps37IRArKEAJwOnX3+6sDooFtsIlK2eHlS1+a04ACgkaem
+p4ahbS1PmjLjhC+dpugs6jY=
+=tBzt
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:14/fpu4x.patch b/share/security/patches/SA-06:14/fpu4x.patch
new file mode 100644
index 0000000000..f1af32e1fc
--- /dev/null
+++ b/share/security/patches/SA-06:14/fpu4x.patch
@@ -0,0 +1,70 @@
+Index: sys/i386/isa/npx.c
+===================================================================
+RCS file: /home/ncvs/src/sys/i386/isa/npx.c,v
+retrieving revision 1.80.2.3
+diff -u -I__FBSDID -r1.80.2.3 npx.c
+--- sys/i386/isa/npx.c	20 Oct 2001 19:04:38 -0000	1.80.2.3
++++ sys/i386/isa/npx.c	16 Apr 2006 21:10:59 -0000
+@@ -137,6 +137,10 @@
+ 
+ typedef u_char bool_t;
+ 
++#ifdef CPU_ENABLE_SSE
++static	void	fpu_clean_state(void);
++#endif
++
+ static	int	npx_attach	__P((device_t dev));
+ 	void	npx_intr	__P((void *));
+ static	void	npx_identify	__P((driver_t *driver, device_t parent));
+@@ -914,15 +918,49 @@
+ 		fnsave(addr);
+ }
+ 
++#ifdef CPU_ENABLE_SSE
++/*
++ * On AuthenticAMD processors, the fxrstor instruction does not restore
++ * the x87's stored last instruction pointer, last data pointer, and last
++ * opcode values, except in the rare case in which the exception summary
++ * (ES) bit in the x87 status word is set to 1.
++ *
++ * In order to avoid leaking this information across processes, we clean
++ * these values by performing a dummy load before executing fxrstor().
++ */
++static	double	dummy_variable = 0.0;
++static void
++fpu_clean_state(void)
++{
++	u_short status;
++
++	/*
++	 * Clear the ES bit in the x87 status word if it is currently
++	 * set, in order to avoid causing a fault in the upcoming load.
++	 */
++	fnstsw(&status);
++	if (status & 0x80)
++		fnclex();
++
++	/*
++	 * Load the dummy variable into the x87 stack.  This mangles
++	 * the x87 stack, but we don't care since we're about to call
++	 * fxrstor() anyway.
++	 */
++	__asm __volatile("ffree %%st(7); fld %0" : : "m" (dummy_variable));
++}
++#endif /* CPU_ENABLE_SSE */
++
+ static void
+ fpurstor(addr)
+       union savefpu *addr;
+ {
+ 
+ #ifdef CPU_ENABLE_SSE
+-	if (cpu_fxsr)
++	if (cpu_fxsr) {
++		fpu_clean_state();
+ 		fxrstor(addr);
+-	else
++	} else
+ #endif
+ 		frstor(addr);
+ }
diff --git a/share/security/patches/SA-06:14/fpu4x.patch.asc b/share/security/patches/SA-06:14/fpu4x.patch.asc
new file mode 100644
index 0000000000..7563e94dbd
--- /dev/null
+++ b/share/security/patches/SA-06:14/fpu4x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBERXFnFdaIBMps37IRAglSAJ9HwgSKO7ovPX90fVhNGN+gR5qlMACfUn/r
+JXuAvTkSrIa0tzpIF92zJdg=
+=hjpT
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:15/ypserv.patch b/share/security/patches/SA-06:15/ypserv.patch
new file mode 100644
index 0000000000..e5f62357a4
--- /dev/null
+++ b/share/security/patches/SA-06:15/ypserv.patch
@@ -0,0 +1,84 @@
+Index: usr.sbin/ypserv/yp_access.c
+===================================================================
+RCS file: /home/ncvs/src/usr.sbin/ypserv/yp_access.c,v
+retrieving revision 1.22
+diff -u -I__FBSDID -r1.22 yp_access.c
+--- usr.sbin/ypserv/yp_access.c	3 May 2003 21:06:42 -0000	1.22
++++ usr.sbin/ypserv/yp_access.c	31 May 2006 03:41:25 -0000
+@@ -87,12 +87,6 @@
+ 	"ypproc_maplist"
+ };
+ 
+-#ifdef TCP_WRAPPER
+-void
+-load_securenets(void)
+-{
+-}
+-#else
+ struct securenet {
+ 	struct in_addr net;
+ 	struct in_addr mask;
+@@ -177,7 +171,6 @@
+ 	fclose(fp);
+ 
+ }
+-#endif
+ 
+ /*
+  * Access control functions.
+@@ -219,11 +212,12 @@
+ #endif
+ {
+ 	struct sockaddr_in *rqhost;
+-	int status = 0;
++	int status_securenets = 0;
++#ifdef TCP_WRAPPER
++	int status_tcpwrap;
++#endif
+ 	static unsigned long oldaddr = 0;
+-#ifndef TCP_WRAPPER
+ 	struct securenet *tmp;
+-#endif
+ 	const char *yp_procedure = NULL;
+ 	char procbuf[50];
+ 
+@@ -274,21 +268,34 @@
+ 	}
+ 
+ #ifdef TCP_WRAPPER
+-	status = hosts_ctl("ypserv", STRING_UNKNOWN,
++	status_tcpwrap = hosts_ctl("ypserv", STRING_UNKNOWN,
+ 			   inet_ntoa(rqhost->sin_addr), "");
+-#else
++#endif
+ 	tmp = securenets;
+ 	while (tmp) {
+ 		if (((rqhost->sin_addr.s_addr & ~tmp->mask.s_addr)
+ 		    | tmp->net.s_addr) == rqhost->sin_addr.s_addr) {
+-			status = 1;
++			status_securenets = 1;
+ 			break;
+ 		}
+ 		tmp = tmp->next;
+ 	}
+-#endif
+ 
+-	if (!status) {
++#ifdef TCP_WRAPPER
++	if (status_securenets == 0 || status_tcpwrap == 0) {
++#else
++	if (status_securenets == 0) {
++#endif
++	/*
++	 * One of the following two events occured:
++	 *
++	 * (1) The /var/yp/securenets exists and the remote host does not
++	 *     match any of the networks specified in it.
++	 * (2) The hosts.allow file has denied access and TCP_WRAPPER is
++	 *     defined.
++	 *
++	 * In either case deny access.
++	 */
+ 		if (rqhost->sin_addr.s_addr != oldaddr) {
+ 			yp_error("connect from %s:%d to procedure %s refused",
+ 					inet_ntoa(rqhost->sin_addr),
diff --git a/share/security/patches/SA-06:15/ypserv.patch.asc b/share/security/patches/SA-06:15/ypserv.patch.asc
new file mode 100644
index 0000000000..c3658986d2
--- /dev/null
+++ b/share/security/patches/SA-06:15/ypserv.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBEfhvIFdaIBMps37IRAm8yAJ9/Dsahjk/6nlf+891LoP/imxfxjQCglLrw
+l7X5uVAEoSQHm5nGZAAUGwo=
+=4TSJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:16/smbfs.patch b/share/security/patches/SA-06:16/smbfs.patch
new file mode 100644
index 0000000000..826af157b2
--- /dev/null
+++ b/share/security/patches/SA-06:16/smbfs.patch
@@ -0,0 +1,27 @@
+Index: sys/fs/smbfs/smbfs_vnops.c
+===================================================================
+RCS file: /home/ncvs/src/sys/fs/smbfs/smbfs_vnops.c,v
+retrieving revision 1.61
+diff -u -I__FBSDID -r1.61 smbfs_vnops.c
+--- sys/fs/smbfs/smbfs_vnops.c	13 Apr 2005 10:59:08 -0000	1.61
++++ sys/fs/smbfs/smbfs_vnops.c	27 May 2006 10:18:33 -0000
+@@ -1018,11 +1018,18 @@
+ static int
+ smbfs_pathcheck(struct smbmount *smp, const char *name, int nmlen, int nameiop)
+ {
+-	static const char *badchars = "*/\\:<>;?";
++	static const char *badchars = "*/:<>;?";
+ 	static const char *badchars83 = " +|,[]=";
+ 	const char *cp;
+ 	int i, error;
+ 
++	/*
++	 * Backslash characters, being a path delimiter, are prohibited
++	 * within a path component even for LOOKUP operations.
++	 */
++	if (index(name, '\\') != NULL)
++		return ENOENT;
++
+ 	if (nameiop == LOOKUP)
+ 		return 0;
+ 	error = ENOENT;
diff --git a/share/security/patches/SA-06:16/smbfs.patch.asc b/share/security/patches/SA-06:16/smbfs.patch.asc
new file mode 100644
index 0000000000..125c25d123
--- /dev/null
+++ b/share/security/patches/SA-06:16/smbfs.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBEfhu8FdaIBMps37IRAnIMAJ9Zpv56KsyCL1SzGKRRqAZRcXB+HgCdFv52
+YLfA/ifiMgobHO+YiTXd2KE=
+=okvN
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:17/sendmail.patch b/share/security/patches/SA-06:17/sendmail.patch
new file mode 100644
index 0000000000..9d2784f156
--- /dev/null
+++ b/share/security/patches/SA-06:17/sendmail.patch
@@ -0,0 +1,155 @@
+Index: contrib/sendmail/src/deliver.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/deliver.c,v
+retrieving revision 1.1.1.24
+diff -u -I__FBSDID -r1.1.1.24 deliver.c
+--- contrib/sendmail/src/deliver.c	22 Mar 2006 16:39:57 -0000	1.1.1.24
++++ contrib/sendmail/src/deliver.c	12 Jun 2006 11:42:10 -0000
+@@ -4623,7 +4623,7 @@
+ 		/* now do the hard work */
+ 		boundaries[0] = NULL;
+ 		mci->mci_flags |= MCIF_INHEADER;
+-		if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER) ==
++		if (mime8to7(mci, e->e_header, e, boundaries, M87F_OUTER, 0) ==
+ 								SM_IO_EOF)
+ 			goto writeerr;
+ 	}
+@@ -4654,7 +4654,7 @@
+ 			SuprErrs = true;
+ 
+ 		if (mime8to7(mci, e->e_header, e, boundaries,
+-				M87F_OUTER|M87F_NO8TO7) == SM_IO_EOF)
++				M87F_OUTER|M87F_NO8TO7, 0) == SM_IO_EOF)
+ 			goto writeerr;
+ 
+ 		/* restore SuprErrs */
+Index: contrib/sendmail/src/mime.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/mime.c,v
+retrieving revision 1.1.1.14
+diff -u -I__FBSDID -r1.1.1.14 mime.c
+--- contrib/sendmail/src/mime.c	22 Mar 2006 16:39:59 -0000	1.1.1.14
++++ contrib/sendmail/src/mime.c	12 Jun 2006 11:42:11 -0000
+@@ -80,6 +80,7 @@
+ **		boundaries -- the currently pending message boundaries.
+ **			NULL if we are processing the outer portion.
+ **		flags -- to tweak processing.
++**		level -- recursion level.
+ **
+ **	Returns:
+ **		An indicator of what terminated the message part:
+@@ -96,12 +97,13 @@
+ };
+ 
+ int
+-mime8to7(mci, header, e, boundaries, flags)
++mime8to7(mci, header, e, boundaries, flags, level)
+ 	register MCI *mci;
+ 	HDR *header;
+ 	register ENVELOPE *e;
+ 	char **boundaries;
+ 	int flags;
++	int level;
+ {
+ 	register char *p;
+ 	int linelen;
+@@ -122,6 +124,18 @@
+ 	char pvpbuf[MAXLINE];
+ 	extern unsigned char MimeTokenTab[256];
+ 
++	if (level > MAXMIMENESTING)
++	{
++		if (!bitset(EF_TOODEEP, e->e_flags))
++		{
++			if (tTd(43, 4))
++				sm_dprintf("mime8to7: too deep, level=%d\n",
++					   level);
++			usrerr("mime8to7: recursion level %d exceeded",
++				level);
++			e->e_flags |= EF_DONT_MIME|EF_TOODEEP;
++		}
++	}
+ 	if (tTd(43, 1))
+ 	{
+ 		sm_dprintf("mime8to7: flags = %x, boundaries =", flags);
+@@ -242,7 +256,9 @@
+ 	*/
+ 
+ 	if (sm_strcasecmp(type, "multipart") == 0 &&
+-	    (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)))
++	    (!bitset(M87F_NO8BIT, flags) || bitset(M87F_NO8TO7, flags)) &&
++	    !bitset(EF_TOODEEP, e->e_flags)
++	   )
+ 	{
+ 
+ 		if (sm_strcasecmp(subtype, "digest") == 0)
+@@ -286,10 +302,13 @@
+ 		}
+ 		if (i >= MAXMIMENESTING)
+ 		{
+-			usrerr("mime8to7: multipart nesting boundary too deep");
++			if (tTd(43, 4))
++				sm_dprintf("mime8to7: too deep, i=%d\n", i);
++			if (!bitset(EF_TOODEEP, e->e_flags))
++				usrerr("mime8to7: multipart nesting boundary too deep");
+ 
+ 			/* avoid bounce loops */
+-			e->e_flags |= EF_DONT_MIME;
++			e->e_flags |= EF_DONT_MIME|EF_TOODEEP;
+ 		}
+ 		else
+ 		{
+@@ -333,7 +352,8 @@
+ 				goto writeerr;
+ 			if (tTd(43, 101))
+ 				putline("+++after putheader", mci);
+-			bt = mime8to7(mci, hdr, e, boundaries, flags);
++			bt = mime8to7(mci, hdr, e, boundaries, flags,
++				      level + 1);
+ 			if (bt == SM_IO_EOF)
+ 				goto writeerr;
+ 		}
+@@ -374,7 +394,8 @@
+ 
+ 	if (sm_strcasecmp(type, "message") == 0)
+ 	{
+-		if (!wordinclass(subtype, 's'))
++		if (!wordinclass(subtype, 's') ||
++		    bitset(EF_TOODEEP, e->e_flags))
+ 		{
+ 			flags |= M87F_NO8BIT;
+ 		}
+@@ -397,7 +418,8 @@
+ 			    !bitset(M87F_NO8TO7, flags) &&
+ 			    !putline("MIME-Version: 1.0", mci))
+ 				goto writeerr;
+-			bt = mime8to7(mci, hdr, e, boundaries, flags);
++			bt = mime8to7(mci, hdr, e, boundaries, flags,
++				      level + 1);
+ 			mci->mci_flags &= ~MCIF_INMIME;
+ 			return bt;
+ 		}
+Index: contrib/sendmail/src/sendmail.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/sendmail/src/sendmail.h,v
+retrieving revision 1.1.1.27
+diff -u -I__FBSDID -r1.1.1.27 sendmail.h
+--- contrib/sendmail/src/sendmail.h	22 Mar 2006 16:40:02 -0000	1.1.1.27
++++ contrib/sendmail/src/sendmail.h	12 Jun 2006 11:42:13 -0000
+@@ -942,6 +942,7 @@
+ #define EF_TOOBIG	0x02000000L	/* message is too big */
+ #define EF_SPLIT	0x04000000L	/* envelope has been split */
+ #define EF_UNSAFE	0x08000000L	/* unsafe: read from untrusted source */
++#define EF_TOODEEP	0x10000000L	/* message is nested too deep */
+ 
+ #define DLVR_NOTIFY	0x01
+ #define DLVR_RETURN	0x02
+@@ -1655,7 +1656,7 @@
+ 
+ /* functions */
+ extern bool	mime7to8 __P((MCI *, HDR *, ENVELOPE *));
+-extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int));
++extern int	mime8to7 __P((MCI *, HDR *, ENVELOPE *, char **, int, int));
+ 
+ /*
+ **  Flags passed to returntosender.
diff --git a/share/security/patches/SA-06:17/sendmail.patch.asc b/share/security/patches/SA-06:17/sendmail.patch.asc
new file mode 100644
index 0000000000..54854b2de1
--- /dev/null
+++ b/share/security/patches/SA-06:17/sendmail.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBEkCyQFdaIBMps37IRAty8AJ0WgUVE/ii9ZF7qzU+0TKmbo99HmgCdH0mP
+nkOKCu2uXhni37zwbolKEBY=
+=SdNP
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:18/ppp.patch b/share/security/patches/SA-06:18/ppp.patch
new file mode 100644
index 0000000000..b0b32d6fae
--- /dev/null
+++ b/share/security/patches/SA-06:18/ppp.patch
@@ -0,0 +1,127 @@
+Index: sys/net/if_spppsubr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/if_spppsubr.c,v
+retrieving revision 1.124
+diff -u -I__FBSDID -r1.124 if_spppsubr.c
+--- sys/net/if_spppsubr.c	15 Jul 2006 02:49:35 -0000	1.124
++++ sys/net/if_spppsubr.c	21 Aug 2006 11:32:49 -0000
+@@ -2363,7 +2363,8 @@
+ 
+ 	/* pass 1: check for things that need to be rejected */
+ 	p = (void*) (h+1);
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2442,7 +2443,8 @@
+ 
+ 	p = (void*) (h+1);
+ 	len = origlen;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2584,7 +2586,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2648,7 +2651,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3039,7 +3043,8 @@
+ 		log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
+ 		    SPP_ARGS(ifp));
+ 	p = (void*) (h+1);
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3108,7 +3113,8 @@
+ 		       SPP_ARGS(ifp));
+ 	p = (void*) (h+1);
+ 	len = origlen;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3239,7 +3245,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3285,7 +3292,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3511,7 +3519,8 @@
+ 		    SPP_ARGS(ifp));
+ 	p = (void*) (h+1);
+ 	ifidcount = 0;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
+@@ -3561,7 +3570,8 @@
+ 	p = (void*) (h+1);
+ 	len = origlen;
+ 	type = CONF_ACK;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
+@@ -3660,7 +3670,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
+@@ -3706,7 +3717,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
diff --git a/share/security/patches/SA-06:18/ppp.patch.asc b/share/security/patches/SA-06:18/ppp.patch.asc
new file mode 100644
index 0000000000..9fc3fc37a0
--- /dev/null
+++ b/share/security/patches/SA-06:18/ppp.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBE7M4sFdaIBMps37IRAmevAJ9avmTthZ71griD48qr7YgXo6YS1gCff1jb
+amB5eETJPElF2Blbwps46XA=
+=kbLH
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:18/ppp4x.patch b/share/security/patches/SA-06:18/ppp4x.patch
new file mode 100644
index 0000000000..3c9ae80a9c
--- /dev/null
+++ b/share/security/patches/SA-06:18/ppp4x.patch
@@ -0,0 +1,127 @@
+Index: sys/net/if_spppsubr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/if_spppsubr.c,v
+retrieving revision 1.59.2.14
+diff -u -I__FBSDID -r1.59.2.14 if_spppsubr.c
+--- sys/net/if_spppsubr.c	25 Jun 2005 12:27:17 -0000	1.59.2.14
++++ sys/net/if_spppsubr.c	21 Aug 2006 11:43:56 -0000
+@@ -2292,7 +2292,8 @@
+ 
+ 	/* pass 1: check for things that need to be rejected */
+ 	p = (void*) (h+1);
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			addlog(" %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2371,7 +2372,8 @@
+ 
+ 	p = (void*) (h+1);
+ 	len = origlen;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			addlog(" %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2513,7 +2515,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			addlog(" %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2577,7 +2580,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			addlog(" %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2969,7 +2973,8 @@
+ 		log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
+ 		    SPP_ARGS(ifp));
+ 	p = (void*) (h+1);
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			addlog(" %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3037,7 +3042,8 @@
+ 		       SPP_ARGS(ifp));
+ 	p = (void*) (h+1);
+ 	len = origlen;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			addlog(" %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3167,7 +3173,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			addlog(" %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3213,7 +3220,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			addlog(" %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3443,7 +3451,8 @@
+ 		    SPP_ARGS(ifp));
+ 	p = (void*) (h+1);
+ 	ifidcount = 0;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			addlog(" %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
+@@ -3493,7 +3502,8 @@
+ 	p = (void*) (h+1);
+ 	len = origlen;
+ 	type = CONF_ACK;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			addlog(" %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
+@@ -3592,7 +3602,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			addlog(" %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
+@@ -3638,7 +3649,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			addlog(" %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
diff --git a/share/security/patches/SA-06:18/ppp4x.patch.asc b/share/security/patches/SA-06:18/ppp4x.patch.asc
new file mode 100644
index 0000000000..3f6cb412a7
--- /dev/null
+++ b/share/security/patches/SA-06:18/ppp4x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBE7M4/FdaIBMps37IRAj3RAJ9lj27j7gmJNxC/eDz/CoHL5DsKJwCbBsNL
+HoSzKpTemiIS4Wt2tPQPl0w=
+=rkTZ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:18/ppp53.patch b/share/security/patches/SA-06:18/ppp53.patch
new file mode 100644
index 0000000000..0fdacb6c5e
--- /dev/null
+++ b/share/security/patches/SA-06:18/ppp53.patch
@@ -0,0 +1,127 @@
+Index: sys/net/if_spppsubr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/net/if_spppsubr.c,v
+retrieving revision 1.113.2.1
+diff -u -I__FBSDID -r1.113.2.1 if_spppsubr.c
+--- sys/net/if_spppsubr.c	15 Sep 2004 15:14:18 -0000	1.113.2.1
++++ sys/net/if_spppsubr.c	21 Aug 2006 11:49:02 -0000
+@@ -2204,7 +2204,8 @@
+ 
+ 	/* pass 1: check for things that need to be rejected */
+ 	p = (void*) (h+1);
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2283,7 +2284,8 @@
+ 
+ 	p = (void*) (h+1);
+ 	len = origlen;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2425,7 +2427,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2489,7 +2492,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_lcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2881,7 +2885,8 @@
+ 		log(LOG_DEBUG, SPP_FMT "ipcp parse opts: ",
+ 		    SPP_ARGS(ifp));
+ 	p = (void*) (h+1);
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -2950,7 +2955,8 @@
+ 		       SPP_ARGS(ifp));
+ 	p = (void*) (h+1);
+ 	len = origlen;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3081,7 +3087,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3127,7 +3134,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s ", sppp_ipcp_opt_name(*p));
+ 		switch (*p) {
+@@ -3357,7 +3365,8 @@
+ 		    SPP_ARGS(ifp));
+ 	p = (void*) (h+1);
+ 	ifidcount = 0;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
+@@ -3407,7 +3416,8 @@
+ 	p = (void*) (h+1);
+ 	len = origlen;
+ 	type = CONF_ACK;
+-	for (rlen=0; len>1 && p[1]; len-=p[1], p+=p[1]) {
++	for (rlen=0; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len-=p[1], p+=p[1]) {
+ 		if (debug)
+ 			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
+@@ -3506,7 +3516,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
+@@ -3552,7 +3563,8 @@
+ 		    SPP_ARGS(ifp));
+ 
+ 	p = (void*) (h+1);
+-	for (; len > 1 && p[1]; len -= p[1], p += p[1]) {
++	for (; len >= 2 && p[1] >= 2 && len >= p[1];
++	    len -= p[1], p += p[1]) {
+ 		if (debug)
+ 			log(-1, " %s", sppp_ipv6cp_opt_name(*p));
+ 		switch (*p) {
diff --git a/share/security/patches/SA-06:18/ppp53.patch.asc b/share/security/patches/SA-06:18/ppp53.patch.asc
new file mode 100644
index 0000000000..ce41a53779
--- /dev/null
+++ b/share/security/patches/SA-06:18/ppp53.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBE7M41FdaIBMps37IRAtzIAKCZyaiJsZIGxX8JPUarUQ7Kv407LACeKd+8
+FNF8mxdGP17sjXF+Py6eJ2w=
+=6DNi
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:19/openssl.patch b/share/security/patches/SA-06:19/openssl.patch
new file mode 100644
index 0000000000..b21a8debaf
--- /dev/null
+++ b/share/security/patches/SA-06:19/openssl.patch
@@ -0,0 +1,31 @@
+Index: crypto/openssl/crypto/rsa/rsa_sign.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_sign.c,v
+retrieving revision 1.1.1.7
+diff -u -I__FBSDID -r1.1.1.7 rsa_sign.c
+--- crypto/openssl/crypto/rsa/rsa_sign.c	29 Jul 2006 19:10:19 -0000	1.1.1.7
++++ crypto/openssl/crypto/rsa/rsa_sign.c	6 Sep 2006 15:37:11 -0000
+@@ -185,6 +185,23 @@
+ 		sig=d2i_X509_SIG(NULL,&p,(long)i);
+ 
+ 		if (sig == NULL) goto err;
++
++		/* Excess data can be used to create forgeries */
++		if(p != s+i)
++			{
++			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
++			goto err;
++			}
++
++		/* Parameters to the signature algorithm can also be used to
++		   create forgeries */
++		if(sig->algor->parameter
++		   && sig->algor->parameter->type != V_ASN1_NULL)
++			{
++			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
++			goto err;
++			}
++
+ 		sigtype=OBJ_obj2nid(sig->algor->algorithm);
+ 
+ 
diff --git a/share/security/patches/SA-06:19/openssl.patch.asc b/share/security/patches/SA-06:19/openssl.patch.asc
new file mode 100644
index 0000000000..63ca409c39
--- /dev/null
+++ b/share/security/patches/SA-06:19/openssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQBE/0GLFdaIBMps37IRAiluAJ9mYIarHXCcSVc/+MjCbsNhC53Z3ACdHplL
+i/e4Pzr8lPlFXu3Sxr0Om54=
+=loKn
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:20/bind.patch b/share/security/patches/SA-06:20/bind.patch
new file mode 100644
index 0000000000..00ea586b9e
--- /dev/null
+++ b/share/security/patches/SA-06:20/bind.patch
@@ -0,0 +1,154 @@
+Index: contrib/bind9/bin/named/query.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/bin/named/query.c,v
+retrieving revision 1.1.1.2
+diff -u -d -r1.1.1.2 query.c
+--- contrib/bind9/bin/named/query.c	29 Dec 2005 04:21:54 -0000	1.1.1.2
++++ contrib/bind9/bin/named/query.c	5 Sep 2006 18:35:02 -0000
+@@ -2393,7 +2393,7 @@
+ 		is_zone = ISC_FALSE;
+ 
+ 		qtype = event->qtype;
+-		if (qtype == dns_rdatatype_rrsig)
++		if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
+ 			type = dns_rdatatype_any;
+ 		else
+ 			type = qtype;
+@@ -2434,7 +2434,7 @@
+ 	/*
+ 	 * If it's a SIG query, we'll iterate the node.
+ 	 */
+-	if (qtype == dns_rdatatype_rrsig)
++	if (qtype == dns_rdatatype_rrsig || qtype == dns_rdatatype_sig)
+ 		type = dns_rdatatype_any;
+ 	else
+ 		type = qtype;
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/resolver.c,v
+retrieving revision 1.1.1.4
+diff -u -d -r1.1.1.4 resolver.c
+--- contrib/bind9/lib/dns/resolver.c	29 Dec 2005 04:22:47 -0000	1.1.1.4
++++ contrib/bind9/lib/dns/resolver.c	5 Sep 2006 18:35:02 -0000
+@@ -762,7 +762,8 @@
+ 		INSIST(result != ISC_R_SUCCESS ||
+ 		       dns_rdataset_isassociated(event->rdataset) ||
+ 		       fctx->type == dns_rdatatype_any ||
+-		       fctx->type == dns_rdatatype_rrsig);
++		       fctx->type == dns_rdatatype_rrsig ||
++		       fctx->type == dns_rdatatype_sig);
+ 
+ 		isc_task_sendanddetach(&task, ISC_EVENT_PTR(&event));
+ 	}
+@@ -3188,7 +3189,8 @@
+ 	if (hevent != NULL) {
+ 		if (!negative && !chaining &&
+ 		    (fctx->type == dns_rdatatype_any ||
+-		     fctx->type == dns_rdatatype_rrsig)) {
++		     fctx->type == dns_rdatatype_rrsig ||
++		     fctx->type == dns_rdatatype_sig)) {
+ 			/*
+ 			 * Don't bind rdatasets; the caller
+ 			 * will iterate the node.
+@@ -3306,7 +3308,8 @@
+ 	if (!ISC_LIST_EMPTY(fctx->validators)) {
+ 		INSIST(!negative);
+ 		INSIST(fctx->type == dns_rdatatype_any ||
+-		       fctx->type == dns_rdatatype_rrsig);
++		       fctx->type == dns_rdatatype_rrsig ||
++		       fctx->type == dns_rdatatype_sig);
+ 		/*
+ 		 * Don't send a response yet - we have
+ 		 * more rdatasets that still need to
+@@ -3455,14 +3458,15 @@
+ 				return (result);
+ 			anodep = &event->node;
+ 			/*
+-			 * If this is an ANY or SIG query, we're not going
+-			 * to return any rdatasets, unless we encountered
++			 * If this is an ANY, SIG or RRSIG query, we're not
++			 * going to return any rdatasets, unless we encountered
+ 			 * a CNAME or DNAME as "the answer".  In this case,
+ 			 * we're going to return DNS_R_CNAME or DNS_R_DNAME
+ 			 * and we must set up the rdatasets.
+ 			 */
+ 			if ((fctx->type != dns_rdatatype_any &&
+-			    fctx->type != dns_rdatatype_rrsig) ||
++			     fctx->type != dns_rdatatype_rrsig &&
++			     fctx->type != dns_rdatatype_sig) ||
+ 			    (name->attributes & DNS_NAMEATTR_CHAINING) != 0) {
+ 				ardataset = event->rdataset;
+ 				asigrdataset = event->sigrdataset;
+@@ -3521,7 +3525,7 @@
+ 		 */
+ 		if (secure_domain && rdataset->trust != dns_trust_glue) {
+ 			/*
+-			 * SIGs are validated as part of validating the
++			 * RRSIGs are validated as part of validating the
+ 			 * type they cover.
+ 			 */
+ 			if (rdataset->type == dns_rdatatype_rrsig)
+@@ -3591,7 +3595,8 @@
+ 
+ 			if (ANSWER(rdataset) && need_validation) {
+ 				if (fctx->type != dns_rdatatype_any &&
+-				    fctx->type != dns_rdatatype_rrsig) {
++				    fctx->type != dns_rdatatype_rrsig &&
++				    fctx->type != dns_rdatatype_sig) {
+ 					/*
+ 					 * This is The Answer.  We will
+ 					 * validate it, but first we cache
+@@ -3763,23 +3768,28 @@
+ 		  isc_result_t *eresultp)
+ {
+ 	isc_result_t result;
++	dns_rdataset_t rdataset;
++
++	if (ardataset == NULL) {
++		dns_rdataset_init(&rdataset);
++		ardataset = &rdataset;
++	}
+ 	result = dns_ncache_add(message, cache, node, covers, now,
+ 				maxttl, ardataset);
+-	if (result == DNS_R_UNCHANGED) {
++	if (result == DNS_R_UNCHANGED || result == ISC_R_SUCCESS) {
+ 		/*
+-		 * The data in the cache are better than the negative cache
+-		 * entry we're trying to add.
++		 * If the cache now contains a negative entry and we
++		 * care about whether it is DNS_R_NCACHENXDOMAIN or
++		 * DNS_R_NCACHENXRRSET then extract it.
+ 		 */
+-		if (ardataset != NULL && ardataset->type == 0) {
++		if (ardataset->type == 0) {
+ 			/*
+-			 * The cache data is also a negative cache
+-			 * entry.
++			 * The cache data is a negative cache entry.
+ 			 */
+ 			if (NXDOMAIN(ardataset))
+ 				*eresultp = DNS_R_NCACHENXDOMAIN;
+ 			else
+ 				*eresultp = DNS_R_NCACHENXRRSET;
+-			result = ISC_R_SUCCESS;
+ 		} else {
+ 			/*
+ 			 * Either we don't care about the nature of the
+@@ -3791,14 +3801,11 @@
+ 			 * XXXRTH  There's a CNAME/DNAME problem here.
+ 			 */
+ 			*eresultp = ISC_R_SUCCESS;
+-			result = ISC_R_SUCCESS;
+ 		}
+-	} else if (result == ISC_R_SUCCESS) {
+-		if (NXDOMAIN(ardataset))
+-			*eresultp = DNS_R_NCACHENXDOMAIN;
+-		else
+-			*eresultp = DNS_R_NCACHENXRRSET;
++		result = ISC_R_SUCCESS;
+ 	}
++	if (ardataset == &rdataset && dns_rdataset_isassociated(ardataset))
++		dns_rdataset_disassociate(ardataset);
+ 
+ 	return (result);
+ }
diff --git a/share/security/patches/SA-06:20/bind.patch.asc b/share/security/patches/SA-06:20/bind.patch.asc
new file mode 100644
index 0000000000..da7d39a461
--- /dev/null
+++ b/share/security/patches/SA-06:20/bind.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQBE/0GOFdaIBMps37IRAld7AKCMZNhHLasuOm2f0cW6aseueEY+KQCgjOn3
+X9zP9KgjISYWNOcdIPxNJcg=
+=YHHl
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:21/gzip.patch b/share/security/patches/SA-06:21/gzip.patch
new file mode 100644
index 0000000000..1627ff2ef8
--- /dev/null
+++ b/share/security/patches/SA-06:21/gzip.patch
@@ -0,0 +1,200 @@
+Index: gnu/usr.bin/gzip/gzip.h
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/gzip/gzip.h,v
+retrieving revision 1.4
+diff -u -d -r1.4 gzip.h
+--- gnu/usr.bin/gzip/gzip.h	2 May 2004 23:07:49 -0000	1.4
++++ gnu/usr.bin/gzip/gzip.h	17 Sep 2006 10:58:37 -0000
+@@ -202,6 +202,8 @@
+ extern int to_stdout;      /* output to stdout (-c) */
+ extern int save_orig_name; /* set if original name must be saved */
+ 
++#define MIN(a,b) ((a) <= (b) ? (a) : (b))
++
+ #define get_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
+ #define try_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
+ 
+Index: gnu/usr.bin/gzip/inflate.c
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/gzip/inflate.c,v
+retrieving revision 1.9
+diff -u -d -r1.9 inflate.c
+--- gnu/usr.bin/gzip/inflate.c	13 Aug 2004 05:38:44 -0000	1.9
++++ gnu/usr.bin/gzip/inflate.c	17 Sep 2006 10:58:37 -0000
+@@ -316,7 +316,7 @@
+   {
+     *t = (struct huft *)NULL;
+     *m = 0;
+-    return 0;
++    return 2;
+   }
+ 
+ 
+Index: gnu/usr.bin/gzip/unlzh.c
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/gzip/unlzh.c,v
+retrieving revision 1.5
+diff -u -d -r1.5 unlzh.c
+--- gnu/usr.bin/gzip/unlzh.c	27 Aug 1999 23:35:53 -0000	1.5
++++ gnu/usr.bin/gzip/unlzh.c	17 Sep 2006 10:58:37 -0000
+@@ -148,13 +148,17 @@
+     unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
+ 
+     for (i = 1; i <= 16; i++) count[i] = 0;
+-    for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
++    for (i = 0; i < (unsigned)nchar; i++) {
++        if (bitlen[i] > 16)
++        error("Bad table (case a)\n");
++        else count[bitlen[i]]++;
++    }
+ 
+     start[1] = 0;
+     for (i = 1; i <= 16; i++)
+ 	start[i + 1] = start[i] + (count[i] << (16 - i));
+-    if ((start[17] & 0xffff) != 0)
+-	error("Bad table\n");
++    if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
++	error("Bad table (case b)\n");
+ 
+     jutbits = 16 - tablebits;
+     for (i = 1; i <= (unsigned)tablebits; i++) {
+@@ -168,15 +172,15 @@
+ 
+     i = start[tablebits + 1] >> jutbits;
+     if (i != 0) {
+-	k = 1 << tablebits;
+-	while (i != k) table[i++] = 0;
++	k = MIN(1 << tablebits, DIST_BUFSIZE);
++	while (i < k) table[i++] = 0;
+     }
+ 
+     avail = nchar;
+     mask = (unsigned) 1 << (15 - tablebits);
+     for (ch = 0; ch < (unsigned)nchar; ch++) {
+ 	if ((len = bitlen[ch]) == 0) continue;
+-	nextcode = start[len] + weight[len];
++	nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
+ 	if (len <= (unsigned)tablebits) {
+ 	    for (i = start[len]; i < nextcode; i++) table[i] = ch;
+ 	} else {
+@@ -217,7 +221,7 @@
+ 	for (i = 0; i < 256; i++) pt_table[i] = c;
+     } else {
+ 	i = 0;
+-	while (i < n) {
++	while (i < MIN(n,NPT)) {
+ 	    c = bitbuf >> (BITBUFSIZ - 3);
+ 	    if (c == 7) {
+ 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
+@@ -227,7 +231,7 @@
+ 	    pt_len[i++] = c;
+ 	    if (i == i_special) {
+ 		c = getbits(2);
+-		while (--c >= 0) pt_len[i++] = 0;
++		while (--c >= 0 && i < NPT) pt_len[i++] = 0;
+ 	    }
+ 	}
+ 	while (i < nn) pt_len[i++] = 0;
+@@ -247,7 +251,7 @@
+ 	for (i = 0; i < 4096; i++) c_table[i] = c;
+     } else {
+ 	i = 0;
+-	while (i < n) {
++	while (i < MIN(n,NC)) {
+ 	    c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
+ 	    if (c >= NT) {
+ 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
+@@ -255,14 +259,14 @@
+ 		    if (bitbuf & mask) c = right[c];
+ 		    else               c = left [c];
+ 		    mask >>= 1;
+-		} while (c >= NT);
++		} while (c >= NT && (mask || c != left[c]));
+ 	    }
+ 	    fillbuf((int) pt_len[c]);
+ 	    if (c <= 2) {
+ 		if      (c == 0) c = 1;
+ 		else if (c == 1) c = getbits(4) + 3;
+ 		else             c = getbits(CBIT) + 20;
+-		while (--c >= 0) c_len[i++] = 0;
++		while (--c >= 0 && i < NC) c_len[i++] = 0;
+ 	    } else c_len[i++] = c - 2;
+ 	}
+ 	while (i < NC) c_len[i++] = 0;
+@@ -291,7 +295,7 @@
+ 	    if (bitbuf & mask) j = right[j];
+ 	    else               j = left [j];
+ 	    mask >>= 1;
+-	} while (j >= NC);
++	} while (j >= NC && (mask || j != left[j]));
+     }
+     fillbuf((int) c_len[j]);
+     return j;
+@@ -308,7 +312,7 @@
+ 	    if (bitbuf & mask) j = right[j];
+ 	    else               j = left [j];
+ 	    mask >>= 1;
+-	} while (j >= NP);
++	} while (j >= NP && (mask || j != left[j]));
+     }
+     fillbuf((int) pt_len[j]);
+     if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
+@@ -355,7 +359,7 @@
+     while (--j >= 0) {
+ 	buffer[r] = buffer[i];
+ 	i = (i + 1) & (DICSIZ - 1);
+-	if (++r == count) return r;
++	if (++r >= count) return r;
+     }
+     for ( ; ; ) {
+ 	c = decode_c();
+@@ -365,14 +369,14 @@
+ 	}
+ 	if (c <= UCHAR_MAX) {
+ 	    buffer[r] = c;
+-	    if (++r == count) return r;
++	    if (++r >= count) return r;
+ 	} else {
+ 	    j = c - (UCHAR_MAX + 1 - THRESHOLD);
+ 	    i = (r - decode_p() - 1) & (DICSIZ - 1);
+ 	    while (--j >= 0) {
+ 		buffer[r] = buffer[i];
+ 		i = (i + 1) & (DICSIZ - 1);
+-		if (++r == count) return r;
++		if (++r >= count) return r;
+ 	    }
+ 	}
+     }
+Index: gnu/usr.bin/gzip/unpack.c
+===================================================================
+RCS file: /home/ncvs/src/gnu/usr.bin/gzip/unpack.c,v
+retrieving revision 1.6
+diff -u -d -r1.6 unpack.c
+--- gnu/usr.bin/gzip/unpack.c	27 Aug 1999 23:35:54 -0000	1.6
++++ gnu/usr.bin/gzip/unpack.c	17 Sep 2006 10:58:37 -0000
+@@ -12,7 +12,6 @@
+ #include "gzip.h"
+ #include "crypt.h"
+ 
+-#define MIN(a,b) ((a) <= (b) ? (a) : (b))
+ /* The arguments must not have side effects. */
+ 
+ #define MAX_BITLEN 25
+@@ -132,7 +131,7 @@
+ 	/* Remember where the literals of this length start in literal[] : */
+ 	lit_base[len] = base;
+ 	/* And read the literals: */
+-	for (n = leaves[len]; n > 0; n--) {
++	for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
+ 	    literal[base++] = (uch)get_byte();
+ 	}
+     }
+@@ -168,7 +167,7 @@
+     prefixp = &prefix_len[1<<peek_bits];
+     for (len = 1; len <= peek_bits; len++) {
+ 	int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
+-	while (prefixes--) *--prefixp = (uch)len;
++	while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
+     }
+     /* The length of all other codes is unknown: */
+     while (prefixp > prefix_len) *--prefixp = 0;
diff --git a/share/security/patches/SA-06:21/gzip.patch.asc b/share/security/patches/SA-06:21/gzip.patch.asc
new file mode 100644
index 0000000000..896486a3e6
--- /dev/null
+++ b/share/security/patches/SA-06:21/gzip.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQBFD/6lFdaIBMps37IRAnKBAJ9szxPXDma97ohrTfAeO78qh9qGMACfbVAX
+Ia9zB//KjVm3VHF4F7vj8jc=
+=PT9h
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:22/openssh4x.patch b/share/security/patches/SA-06:22/openssh4x.patch
new file mode 100644
index 0000000000..cf5bc10990
--- /dev/null
+++ b/share/security/patches/SA-06:22/openssh4x.patch
@@ -0,0 +1,256 @@
+Index: crypto/openssh/deattack.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/deattack.c,v
+retrieving revision 1.1.1.1.2.5
+diff -u -d -r1.1.1.1.2.5 deattack.c
+--- crypto/openssh/deattack.c	17 Sep 2003 14:41:41 -0000	1.1.1.1.2.5
++++ crypto/openssh/deattack.c	30 Sep 2006 16:38:22 -0000
+@@ -27,6 +27,24 @@
+ #include "xmalloc.h"
+ #include "deattack.h"
+ 
++/*
++ * CRC attack detection has a worst-case behaviour that is O(N^3) over
++ * the number of identical blocks in a packet. This behaviour can be 
++ * exploited to create a limited denial of service attack. 
++ * 
++ * However, because we are dealing with encrypted data, identical
++ * blocks should only occur every 2^35 maximally-sized packets or so. 
++ * Consequently, we can detect this DoS by looking for identical blocks
++ * in a packet.
++ *
++ * The parameter below determines how many identical blocks we will
++ * accept in a single packet, trading off between attack detection and
++ * likelihood of terminating a legitimate connection. A value of 32 
++ * corresponds to an average of 2^40 messages before an attack is
++ * misdetected
++ */
++#define MAX_IDENTICAL	32
++
+ /* SSH Constants */
+ #define SSH_MAXBLOCKS	(32 * 1024)
+ #define SSH_BLOCKSIZE	(8)
+@@ -87,7 +105,7 @@
+ 	static u_int16_t *h = (u_int16_t *) NULL;
+ 	static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ 	u_int32_t i, j;
+-	u_int32_t l;
++	u_int32_t l, same;
+ 	u_char *c;
+ 	u_char *d;
+ 
+@@ -133,7 +151,7 @@
+ 	if (IV)
+ 		h[HASH(IV) & (n - 1)] = HASH_IV;
+ 
+-	for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
++	for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
+ 		for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
+ 		    i = (i + 1) & (n - 1)) {
+ 			if (h[i] == HASH_IV) {
+@@ -144,6 +162,8 @@
+ 						break;
+ 				}
+ 			} else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
++				if (++same > MAX_IDENTICAL)
++					return (DEATTACK_DOS_DETECTED);
+ 				if (check_crc(c, buf, len, IV))
+ 					return (DEATTACK_DETECTED);
+ 				else
+Index: crypto/openssh/deattack.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/deattack.h,v
+retrieving revision 1.1.1.1.2.2
+diff -u -d -r1.1.1.1.2.2 deattack.h
+--- crypto/openssh/deattack.h	3 Jul 2002 22:11:42 -0000	1.1.1.1.2.2
++++ crypto/openssh/deattack.h	30 Sep 2006 16:38:22 -0000
+@@ -25,6 +25,7 @@
+ /* Return codes */
+ #define DEATTACK_OK		0
+ #define DEATTACK_DETECTED	1
++#define DEATTACK_DOS_DETECTED	2
+ 
+ int	 detect_attack(u_char *, u_int32_t, u_char[8]);
+ #endif
+Index: crypto/openssh/defines.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/defines.h,v
+retrieving revision 1.1.1.2.2.2
+diff -u -d -r1.1.1.2.2.2 defines.h
+--- crypto/openssh/defines.h	3 Feb 2003 17:31:06 -0000	1.1.1.2.2.2
++++ crypto/openssh/defines.h	30 Sep 2006 16:38:22 -0000
+@@ -450,6 +450,11 @@
+ # undef HAVE_GAI_STRERROR
+ #endif
+ 
++#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \
++    defined(SYSLOG_R_SAFE_IN_SIGHAND)
++# define DO_LOG_SAFE_IN_SIGHAND
++#endif
++
+ #if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY)
+ # define memmove(s1, s2, n) bcopy((s2), (s1), (n))
+ #endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */
+Index: crypto/openssh/log.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/log.c,v
+retrieving revision 1.1.1.1.2.5
+diff -u -d -r1.1.1.1.2.5 log.c
+--- crypto/openssh/log.c	3 Feb 2003 17:31:07 -0000	1.1.1.1.2.5
++++ crypto/openssh/log.c	30 Sep 2006 16:38:22 -0000
+@@ -124,6 +124,20 @@
+ 	va_end(args);
+ }
+ 
++void
++sigdie(const char *fmt,...)
++{
++	va_list args;
++
++#ifdef DO_LOG_SAFE_IN_SIGHAND
++	va_start(args, fmt);
++	do_log(SYSLOG_LEVEL_FATAL, fmt, args);
++	va_end(args);
++#endif
++	_exit(1);
++}
++
++
+ /* Log this message (information that usually should go to the log). */
+ 
+ void
+Index: crypto/openssh/log.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/log.h,v
+retrieving revision 1.1.1.1.2.3
+diff -u -d -r1.1.1.1.2.3 log.h
+--- crypto/openssh/log.h	3 Feb 2003 17:31:07 -0000	1.1.1.1.2.3
++++ crypto/openssh/log.h	30 Sep 2006 16:38:22 -0000
+@@ -55,6 +55,7 @@
+ 
+ void     fatal(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     error(const char *, ...) __attribute__((format(printf, 1, 2)));
++void     sigdie(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     log(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     debug(const char *, ...) __attribute__((format(printf, 1, 2)));
+Index: crypto/openssh/packet.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/packet.c,v
+retrieving revision 1.1.1.1.2.6
+diff -u -d -r1.1.1.1.2.6 packet.c
+--- crypto/openssh/packet.c	3 Feb 2003 17:31:07 -0000	1.1.1.1.2.6
++++ crypto/openssh/packet.c	30 Sep 2006 18:29:54 -0000
+@@ -857,9 +857,16 @@
+ 	 * (C)1998 CORE-SDI, Buenos Aires Argentina
+ 	 * Ariel Futoransky(futo@core-sdi.com)
+ 	 */
+-	if (!receive_context.plaintext &&
+-	    detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)
+-		packet_disconnect("crc32 compensation attack: network attack detected");
++	if (!receive_context.plaintext) {
++		switch (detect_attack(buffer_ptr(&input), padded_len, NULL)) {
++		case DEATTACK_DETECTED:
++			packet_disconnect("crc32 compensation attack: "
++			    "network attack detected");
++		case DEATTACK_DOS_DETECTED:
++			packet_disconnect("deattack denial of "
++			    "service detected");
++		}
++	}
+ 
+ 	/* Decrypt data to incoming_packet. */
+ 	buffer_clear(&incoming_packet);
+Index: crypto/openssh/ssh_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
+retrieving revision 1.2.2.9
+diff -u -d -r1.2.2.9 ssh_config
+--- crypto/openssh/ssh_config	24 Sep 2003 19:28:35 -0000	1.2.2.9
++++ crypto/openssh/ssh_config	30 Sep 2006 16:38:22 -0000
+@@ -35,4 +35,4 @@
+ #   Cipher 3des
+ #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+ #   EscapeChar ~
+-#   VersionAddendum FreeBSD-20030924
++#   VersionAddendum FreeBSD-20060930
+Index: crypto/openssh/ssh_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v
+retrieving revision 1.4.2.5
+diff -u -d -r1.4.2.5 ssh_config.5
+--- crypto/openssh/ssh_config.5	24 Sep 2003 19:28:35 -0000	1.4.2.5
++++ crypto/openssh/ssh_config.5	30 Sep 2006 16:38:22 -0000
+@@ -616,7 +616,7 @@
+ Specifies a string to append to the regular version string to identify
+ OS- or site-specific modifications.
+ The default is
+-.Dq FreeBSD-20030924 .
++.Dq FreeBSD-20060930 .
+ .It Cm XAuthLocation
+ Specifies the full pathname of the
+ .Xr xauth 1
+Index: crypto/openssh/sshd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd.c,v
+retrieving revision 1.6.2.11
+diff -u -d -r1.6.2.11 sshd.c
+--- crypto/openssh/sshd.c	3 Feb 2003 17:31:08 -0000	1.6.2.11
++++ crypto/openssh/sshd.c	30 Sep 2006 16:38:22 -0000
+@@ -309,7 +309,7 @@
+ 	/* XXX no idea how fix this signal handler */
+ 
+ 	/* Log error and exit. */
+-	fatal("Timeout before authentication for %s", get_remote_ipaddr());
++	sigdie("Timeout before authentication for %s", get_remote_ipaddr());
+ }
+ 
+ /*
+Index: crypto/openssh/sshd_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
+retrieving revision 1.4.2.13
+diff -u -d -r1.4.2.13 sshd_config
+--- crypto/openssh/sshd_config	24 Sep 2003 19:28:35 -0000	1.4.2.13
++++ crypto/openssh/sshd_config	30 Sep 2006 16:38:22 -0000
+@@ -14,7 +14,7 @@
+ # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+ # FreeBSD has a few additional options.
+ 
+-#VersionAddendum FreeBSD-20030924
++#VersionAddendum FreeBSD-20060930
+ 
+ #Port 22
+ #Protocol 2,1
+Index: crypto/openssh/sshd_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v
+retrieving revision 1.5.2.7
+diff -u -d -r1.5.2.7 sshd_config.5
+--- crypto/openssh/sshd_config.5	7 Nov 2003 11:48:56 -0000	1.5.2.7
++++ crypto/openssh/sshd_config.5	30 Sep 2006 16:38:22 -0000
+@@ -647,7 +647,7 @@
+ Specifies a string to append to the regular version string to identify
+ OS- or site-specific modifications.
+ The default is
+-.Dq FreeBSD-20030924 .
++.Dq FreeBSD-20060930 .
+ .It Cm X11DisplayOffset
+ Specifies the first display number available for
+ .Nm sshd Ns 's
+Index: crypto/openssh/version.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/version.h,v
+retrieving revision 1.1.1.1.2.13
+diff -u -d -r1.1.1.1.2.13 version.h
+--- crypto/openssh/version.h	24 Sep 2003 19:28:35 -0000	1.1.1.1.2.13
++++ crypto/openssh/version.h	30 Sep 2006 16:38:22 -0000
+@@ -5,7 +5,7 @@
+ 
+ #define SSH_VERSION             (ssh_version_get())
+ #define SSH_VERSION_BASE        "OpenSSH_3.5p1"
+-#define SSH_VERSION_ADDENDUM    "FreeBSD-20030924"
++#define SSH_VERSION_ADDENDUM    "FreeBSD-20060930"
+ 
+ const char *ssh_version_get(void);
+ void ssh_version_set_addendum(const char *add);
diff --git a/share/security/patches/SA-06:22/openssh4x.patch.asc b/share/security/patches/SA-06:22/openssh4x.patch.asc
new file mode 100644
index 0000000000..a2e7e50339
--- /dev/null
+++ b/share/security/patches/SA-06:22/openssh4x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQBFHtESFdaIBMps37IRAgWHAJ9t15Th4kzzFwMNHui8fNJGGydsawCgg+JN
+c2O3tdCYhpUOilg1NEfo/R0=
+=H4im
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:22/openssh5x.patch b/share/security/patches/SA-06:22/openssh5x.patch
new file mode 100644
index 0000000000..6021b971f8
--- /dev/null
+++ b/share/security/patches/SA-06:22/openssh5x.patch
@@ -0,0 +1,296 @@
+Index: crypto/openssh/auth.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
+retrieving revision 1.13
+diff -u -d -r1.13 auth.h
+--- crypto/openssh/auth.h	20 Apr 2004 09:46:39 -0000	1.13
++++ crypto/openssh/auth.h	30 Sep 2006 16:38:17 -0000
+@@ -49,6 +49,7 @@
+ 
+ struct Authctxt {
+ 	int		 success;
++	int		 authenticated;	/* authenticated and alarms cancelled */
+ 	int		 postponed;	/* authentication needs another step */
+ 	int		 valid;		/* user exists and is allowed to login */
+ 	int		 attempt;
+Index: crypto/openssh/deattack.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/deattack.c,v
+retrieving revision 1.1.1.7
+diff -u -d -r1.1.1.7 deattack.c
+--- crypto/openssh/deattack.c	7 Jan 2004 11:10:03 -0000	1.1.1.7
++++ crypto/openssh/deattack.c	30 Sep 2006 16:38:17 -0000
+@@ -27,6 +27,24 @@
+ #include "xmalloc.h"
+ #include "deattack.h"
+ 
++/*
++ * CRC attack detection has a worst-case behaviour that is O(N^3) over
++ * the number of identical blocks in a packet. This behaviour can be 
++ * exploited to create a limited denial of service attack. 
++ * 
++ * However, because we are dealing with encrypted data, identical
++ * blocks should only occur every 2^35 maximally-sized packets or so. 
++ * Consequently, we can detect this DoS by looking for identical blocks
++ * in a packet.
++ *
++ * The parameter below determines how many identical blocks we will
++ * accept in a single packet, trading off between attack detection and
++ * likelihood of terminating a legitimate connection. A value of 32 
++ * corresponds to an average of 2^40 messages before an attack is
++ * misdetected
++ */
++#define MAX_IDENTICAL	32
++
+ /* SSH Constants */
+ #define SSH_MAXBLOCKS	(32 * 1024)
+ #define SSH_BLOCKSIZE	(8)
+@@ -87,7 +105,7 @@
+ 	static u_int16_t *h = (u_int16_t *) NULL;
+ 	static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ 	u_int32_t i, j;
+-	u_int32_t l;
++	u_int32_t l, same;
+ 	u_char *c;
+ 	u_char *d;
+ 
+@@ -133,7 +151,7 @@
+ 	if (IV)
+ 		h[HASH(IV) & (n - 1)] = HASH_IV;
+ 
+-	for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
++	for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
+ 		for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
+ 		    i = (i + 1) & (n - 1)) {
+ 			if (h[i] == HASH_IV) {
+@@ -144,6 +162,8 @@
+ 						break;
+ 				}
+ 			} else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
++				if (++same > MAX_IDENTICAL)
++					return (DEATTACK_DOS_DETECTED);
+ 				if (check_crc(c, buf, len, IV))
+ 					return (DEATTACK_DETECTED);
+ 				else
+Index: crypto/openssh/deattack.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/deattack.h,v
+retrieving revision 1.1.1.3
+diff -u -d -r1.1.1.3 deattack.h
+--- crypto/openssh/deattack.h	18 Mar 2002 09:54:55 -0000	1.1.1.3
++++ crypto/openssh/deattack.h	30 Sep 2006 16:38:17 -0000
+@@ -25,6 +25,7 @@
+ /* Return codes */
+ #define DEATTACK_OK		0
+ #define DEATTACK_DETECTED	1
++#define DEATTACK_DOS_DETECTED	2
+ 
+ int	 detect_attack(u_char *, u_int32_t, u_char[8]);
+ #endif
+Index: crypto/openssh/defines.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/defines.h,v
+retrieving revision 1.1.1.7
+diff -u -d -r1.1.1.7 defines.h
+--- crypto/openssh/defines.h	20 Apr 2004 09:35:01 -0000	1.1.1.7
++++ crypto/openssh/defines.h	30 Sep 2006 16:38:17 -0000
+@@ -511,6 +511,11 @@
+ # undef HAVE_UPDWTMPX
+ #endif
+ 
++#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \
++    defined(SYSLOG_R_SAFE_IN_SIGHAND)
++# define DO_LOG_SAFE_IN_SIGHAND
++#endif
++
+ #if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY)
+ # define memmove(s1, s2, n) bcopy((s2), (s1), (n))
+ #endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */
+Index: crypto/openssh/log.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/log.c,v
+retrieving revision 1.1.1.10
+diff -u -d -r1.1.1.10 log.c
+--- crypto/openssh/log.c	26 Feb 2004 10:38:40 -0000	1.1.1.10
++++ crypto/openssh/log.c	30 Sep 2006 16:38:17 -0000
+@@ -127,6 +127,20 @@
+ 	va_end(args);
+ }
+ 
++void
++sigdie(const char *fmt,...)
++{
++	va_list args;
++
++#ifdef DO_LOG_SAFE_IN_SIGHAND
++	va_start(args, fmt);
++	do_log(SYSLOG_LEVEL_FATAL, fmt, args);
++	va_end(args);
++#endif
++	_exit(1);
++}
++
++
+ /* Log this message (information that usually should go to the log). */
+ 
+ void
+Index: crypto/openssh/log.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/log.h,v
+retrieving revision 1.5
+diff -u -d -r1.5 log.h
+--- crypto/openssh/log.h	26 Feb 2004 10:52:30 -0000	1.5
++++ crypto/openssh/log.h	30 Sep 2006 16:38:17 -0000
+@@ -64,6 +64,7 @@
+ 
+ void     fatal(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     error(const char *, ...) __attribute__((format(printf, 1, 2)));
++void     sigdie(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     logit(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     debug(const char *, ...) __attribute__((format(printf, 1, 2)));
+Index: crypto/openssh/packet.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/packet.c,v
+retrieving revision 1.1.1.14
+diff -u -d -r1.1.1.14 packet.c
+--- crypto/openssh/packet.c	26 Feb 2004 10:38:42 -0000	1.1.1.14
++++ crypto/openssh/packet.c	30 Sep 2006 18:29:32 -0000
+@@ -940,9 +940,16 @@
+ 	 * (C)1998 CORE-SDI, Buenos Aires Argentina
+ 	 * Ariel Futoransky(futo@core-sdi.com)
+ 	 */
+-	if (!receive_context.plaintext &&
+-	    detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)
+-		packet_disconnect("crc32 compensation attack: network attack detected");
++	if (!receive_context.plaintext) {
++		switch (detect_attack(buffer_ptr(&input), padded_len, NULL)) {
++		case DEATTACK_DETECTED:
++			packet_disconnect("crc32 compensation attack: "
++			    "network attack detected");
++		case DEATTACK_DOS_DETECTED:
++			packet_disconnect("deattack denial of "
++			    "service detected");
++		}
++	}
+ 
+ 	/* Decrypt data to incoming_packet. */
+ 	buffer_clear(&incoming_packet);
+Index: crypto/openssh/session.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/session.c,v
+retrieving revision 1.44
+diff -u -d -r1.44 session.c
+--- crypto/openssh/session.c	20 Apr 2004 09:46:40 -0000	1.44
++++ crypto/openssh/session.c	30 Sep 2006 16:38:17 -0000
+@@ -2266,7 +2266,7 @@
+ 		return;
+ 	called = 1;
+ 
+-	if (authctxt == NULL)
++	if (authctxt == NULL || !authctxt->authenticated)
+ 		return;
+ #ifdef KRB5
+ 	if (options.kerberos_ticket_cleanup &&
+Index: crypto/openssh/ssh_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
+retrieving revision 1.25.2.1
+diff -u -d -r1.25.2.1 ssh_config
+--- crypto/openssh/ssh_config	1 Mar 2006 14:19:48 -0000	1.25.2.1
++++ crypto/openssh/ssh_config	30 Sep 2006 16:38:17 -0000
+@@ -36,4 +36,4 @@
+ #   Cipher 3des
+ #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+ #   EscapeChar ~
+-#   VersionAddendum FreeBSD-20060123
++#   VersionAddendum FreeBSD-20060930
+Index: crypto/openssh/ssh_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v
+retrieving revision 1.15.2.1
+diff -u -d -r1.15.2.1 ssh_config.5
+--- crypto/openssh/ssh_config.5	1 Mar 2006 14:19:48 -0000	1.15.2.1
++++ crypto/openssh/ssh_config.5	30 Sep 2006 16:38:17 -0000
+@@ -719,7 +719,7 @@
+ Specifies a string to append to the regular version string to identify
+ OS- or site-specific modifications.
+ The default is
+-.Dq FreeBSD-20060123 .
++.Dq FreeBSD-20060930 .
+ .It Cm XAuthLocation
+ Specifies the full pathname of the
+ .Xr xauth 1
+Index: crypto/openssh/sshd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd.c,v
+retrieving revision 1.37
+diff -u -d -r1.37 sshd.c
+--- crypto/openssh/sshd.c	20 Apr 2004 09:46:40 -0000	1.37
++++ crypto/openssh/sshd.c	30 Sep 2006 16:38:17 -0000
+@@ -314,7 +314,7 @@
+ 		kill(pmonitor->m_pid, SIGALRM);
+ 
+ 	/* Log error and exit. */
+-	fatal("Timeout before authentication for %s", get_remote_ipaddr());
++	sigdie("Timeout before authentication for %s", get_remote_ipaddr());
+ }
+ 
+ /*
+@@ -1509,6 +1509,8 @@
+ 	}
+ 
+  authenticated:
++	authctxt->authenticated = 1;
++
+ 	/*
+ 	 * In privilege separation, we fork another child and prepare
+ 	 * file descriptor passing.
+Index: crypto/openssh/sshd_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
+retrieving revision 1.40.2.1
+diff -u -d -r1.40.2.1 sshd_config
+--- crypto/openssh/sshd_config	1 Mar 2006 14:19:48 -0000	1.40.2.1
++++ crypto/openssh/sshd_config	30 Sep 2006 16:38:17 -0000
+@@ -14,7 +14,7 @@
+ # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+ # FreeBSD has a few additional options.
+ 
+-#VersionAddendum FreeBSD-20060123
++#VersionAddendum FreeBSD-20060930
+ 
+ #Port 22
+ #Protocol 2
+Index: crypto/openssh/sshd_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v
+retrieving revision 1.21.2.1
+diff -u -d -r1.21.2.1 sshd_config.5
+--- crypto/openssh/sshd_config.5	1 Mar 2006 14:19:48 -0000	1.21.2.1
++++ crypto/openssh/sshd_config.5	30 Sep 2006 16:38:17 -0000
+@@ -660,7 +660,7 @@
+ Specifies a string to append to the regular version string to identify
+ OS- or site-specific modifications.
+ The default is
+-.Dq FreeBSD-20060123 .
++.Dq FreeBSD-20060930 .
+ .It Cm X11DisplayOffset
+ Specifies the first display number available for
+ .Nm sshd Ns 's
+Index: crypto/openssh/version.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/version.h,v
+retrieving revision 1.27.2.1
+diff -u -d -r1.27.2.1 version.h
+--- crypto/openssh/version.h	1 Mar 2006 14:19:48 -0000	1.27.2.1
++++ crypto/openssh/version.h	30 Sep 2006 16:38:17 -0000
+@@ -5,7 +5,7 @@
+ 
+ #define SSH_VERSION             (ssh_version_get())
+ #define SSH_VERSION_BASE        "OpenSSH_3.8.1p1"
+-#define SSH_VERSION_ADDENDUM    "FreeBSD-20060123"
++#define SSH_VERSION_ADDENDUM    "FreeBSD-20060930"
+ 
+ const char *ssh_version_get(void);
+ void ssh_version_set_addendum(const char *add);
diff --git a/share/security/patches/SA-06:22/openssh5x.patch.asc b/share/security/patches/SA-06:22/openssh5x.patch.asc
new file mode 100644
index 0000000000..738bbd4878
--- /dev/null
+++ b/share/security/patches/SA-06:22/openssh5x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQBFHtEWFdaIBMps37IRApekAKCGIlfQnFXx94zKHo5hQHrJLKworwCfTpC9
+sdRbyXs484xzl7NuBkAcrwA=
+=pwvt
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:22/openssh6x.patch b/share/security/patches/SA-06:22/openssh6x.patch
new file mode 100644
index 0000000000..d00ffe72de
--- /dev/null
+++ b/share/security/patches/SA-06:22/openssh6x.patch
@@ -0,0 +1,295 @@
+Index: crypto/openssh/auth.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/auth.h,v
+retrieving revision 1.15.2.1
+diff -u -d -r1.15.2.1 auth.h
+--- crypto/openssh/auth.h	11 Sep 2005 16:50:34 -0000	1.15.2.1
++++ crypto/openssh/auth.h	30 Sep 2006 16:38:10 -0000
+@@ -50,6 +50,7 @@
+ 
+ struct Authctxt {
+ 	int		 success;
++	int		 authenticated;	/* authenticated and alarms cancelled */
+ 	int		 postponed;	/* authentication needs another step */
+ 	int		 valid;		/* user exists and is allowed to login */
+ 	int		 attempt;
+Index: crypto/openssh/deattack.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/deattack.c,v
+retrieving revision 1.1.1.7
+diff -u -d -r1.1.1.7 deattack.c
+--- crypto/openssh/deattack.c	7 Jan 2004 11:10:03 -0000	1.1.1.7
++++ crypto/openssh/deattack.c	30 Sep 2006 16:38:10 -0000
+@@ -27,6 +27,24 @@
+ #include "xmalloc.h"
+ #include "deattack.h"
+ 
++/*
++ * CRC attack detection has a worst-case behaviour that is O(N^3) over
++ * the number of identical blocks in a packet. This behaviour can be 
++ * exploited to create a limited denial of service attack. 
++ * 
++ * However, because we are dealing with encrypted data, identical
++ * blocks should only occur every 2^35 maximally-sized packets or so. 
++ * Consequently, we can detect this DoS by looking for identical blocks
++ * in a packet.
++ *
++ * The parameter below determines how many identical blocks we will
++ * accept in a single packet, trading off between attack detection and
++ * likelihood of terminating a legitimate connection. A value of 32 
++ * corresponds to an average of 2^40 messages before an attack is
++ * misdetected
++ */
++#define MAX_IDENTICAL	32
++
+ /* SSH Constants */
+ #define SSH_MAXBLOCKS	(32 * 1024)
+ #define SSH_BLOCKSIZE	(8)
+@@ -87,7 +105,7 @@
+ 	static u_int16_t *h = (u_int16_t *) NULL;
+ 	static u_int32_t n = HASH_MINSIZE / HASH_ENTRYSIZE;
+ 	u_int32_t i, j;
+-	u_int32_t l;
++	u_int32_t l, same;
+ 	u_char *c;
+ 	u_char *d;
+ 
+@@ -133,7 +151,7 @@
+ 	if (IV)
+ 		h[HASH(IV) & (n - 1)] = HASH_IV;
+ 
+-	for (c = buf, j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
++	for (c = buf, same = j = 0; c < (buf + len); c += SSH_BLOCKSIZE, j++) {
+ 		for (i = HASH(c) & (n - 1); h[i] != HASH_UNUSED;
+ 		    i = (i + 1) & (n - 1)) {
+ 			if (h[i] == HASH_IV) {
+@@ -144,6 +162,8 @@
+ 						break;
+ 				}
+ 			} else if (!CMP(c, buf + h[i] * SSH_BLOCKSIZE)) {
++				if (++same > MAX_IDENTICAL)
++					return (DEATTACK_DOS_DETECTED);
+ 				if (check_crc(c, buf, len, IV))
+ 					return (DEATTACK_DETECTED);
+ 				else
+Index: crypto/openssh/deattack.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/deattack.h,v
+retrieving revision 1.1.1.3
+diff -u -d -r1.1.1.3 deattack.h
+--- crypto/openssh/deattack.h	18 Mar 2002 09:54:55 -0000	1.1.1.3
++++ crypto/openssh/deattack.h	30 Sep 2006 16:38:10 -0000
+@@ -25,6 +25,7 @@
+ /* Return codes */
+ #define DEATTACK_OK		0
+ #define DEATTACK_DETECTED	1
++#define DEATTACK_DOS_DETECTED	2
+ 
+ int	 detect_attack(u_char *, u_int32_t, u_char[8]);
+ #endif
+Index: crypto/openssh/defines.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/defines.h,v
+retrieving revision 1.1.1.9.2.1
+diff -u -d -r1.1.1.9.2.1 defines.h
+--- crypto/openssh/defines.h	11 Sep 2005 16:50:34 -0000	1.1.1.9.2.1
++++ crypto/openssh/defines.h	30 Sep 2006 16:38:10 -0000
+@@ -540,6 +540,11 @@
+ # undef HAVE_UPDWTMPX
+ #endif
+ 
++#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT) && \
++    defined(SYSLOG_R_SAFE_IN_SIGHAND)
++# define DO_LOG_SAFE_IN_SIGHAND
++#endif
++
+ #if !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY)
+ # define memmove(s1, s2, n) bcopy((s2), (s1), (n))
+ #endif /* !defined(HAVE_MEMMOVE) && defined(HAVE_BCOPY) */
+Index: crypto/openssh/log.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/log.c,v
+retrieving revision 1.1.1.13
+diff -u -d -r1.1.1.13 log.c
+--- crypto/openssh/log.c	5 Jun 2005 15:41:49 -0000	1.1.1.13
++++ crypto/openssh/log.c	30 Sep 2006 16:38:10 -0000
+@@ -130,6 +130,20 @@
+ 	va_end(args);
+ }
+ 
++void
++sigdie(const char *fmt,...)
++{
++	va_list args;
++
++#ifdef DO_LOG_SAFE_IN_SIGHAND
++	va_start(args, fmt);
++	do_log(SYSLOG_LEVEL_FATAL, fmt, args);
++	va_end(args);
++#endif
++	_exit(1);
++}
++
++
+ /* Log this message (information that usually should go to the log). */
+ 
+ void
+Index: crypto/openssh/log.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/log.h,v
+retrieving revision 1.6
+diff -u -d -r1.6 log.h
+--- crypto/openssh/log.h	28 Oct 2004 16:11:28 -0000	1.6
++++ crypto/openssh/log.h	30 Sep 2006 16:38:10 -0000
+@@ -64,6 +64,7 @@
+ 
+ void     fatal(const char *, ...) __dead __attribute__((format(printf, 1, 2)));
+ void     error(const char *, ...) __attribute__((format(printf, 1, 2)));
++void     sigdie(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     logit(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     verbose(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void     debug(const char *, ...) __attribute__((format(printf, 1, 2)));
+Index: crypto/openssh/packet.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/packet.c,v
+retrieving revision 1.1.1.16.2.1
+diff -u -d -r1.1.1.16.2.1 packet.c
+--- crypto/openssh/packet.c	11 Sep 2005 16:50:34 -0000	1.1.1.16.2.1
++++ crypto/openssh/packet.c	30 Sep 2006 18:26:30 -0000
+@@ -978,9 +978,16 @@
+ 	 * (C)1998 CORE-SDI, Buenos Aires Argentina
+ 	 * Ariel Futoransky(futo@core-sdi.com)
+ 	 */
+-	if (!receive_context.plaintext &&
+-	    detect_attack(buffer_ptr(&input), padded_len, NULL) == DEATTACK_DETECTED)
+-		packet_disconnect("crc32 compensation attack: network attack detected");
++	if (!receive_context.plaintext) {
++		switch (detect_attack(buffer_ptr(&input), padded_len, NULL)) {
++		case DEATTACK_DETECTED:
++			packet_disconnect("crc32 compensation attack: "
++			    "network attack detected");
++		case DEATTACK_DOS_DETECTED:
++			packet_disconnect("deattack denial of "
++			    "service detected");
++		}
++	}
+ 
+ 	/* Decrypt data to incoming_packet. */
+ 	buffer_clear(&incoming_packet);
+Index: crypto/openssh/session.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/session.c,v
+retrieving revision 1.46.2.1
+diff -u -d -r1.46.2.1 session.c
+--- crypto/openssh/session.c	11 Sep 2005 16:50:34 -0000	1.46.2.1
++++ crypto/openssh/session.c	30 Sep 2006 16:38:10 -0000
+@@ -2472,7 +2472,7 @@
+ 		return;
+ 	called = 1;
+ 
+-	if (authctxt == NULL)
++	if (authctxt == NULL || !authctxt->authenticated)
+ 		return;
+ #ifdef KRB5
+ 	if (options.kerberos_ticket_cleanup &&
+Index: crypto/openssh/ssh_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config,v
+retrieving revision 1.27.2.1
+diff -u -d -r1.27.2.1 ssh_config
+--- crypto/openssh/ssh_config	11 Sep 2005 16:50:35 -0000	1.27.2.1
++++ crypto/openssh/ssh_config	30 Sep 2006 16:38:10 -0000
+@@ -38,4 +38,4 @@
+ #   Cipher 3des
+ #   Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
+ #   EscapeChar ~
+-#   VersionAddendum FreeBSD-20050903
++#   VersionAddendum FreeBSD-20060930
+Index: crypto/openssh/ssh_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/ssh_config.5,v
+retrieving revision 1.17.2.1
+diff -u -d -r1.17.2.1 ssh_config.5
+--- crypto/openssh/ssh_config.5	11 Sep 2005 16:50:35 -0000	1.17.2.1
++++ crypto/openssh/ssh_config.5	30 Sep 2006 16:38:10 -0000
+@@ -900,7 +900,7 @@
+ Specifies a string to append to the regular version string to identify
+ OS- or site-specific modifications.
+ The default is
+-.Dq FreeBSD-20050903 .
++.Dq FreeBSD-20060930 .
+ .It Cm XAuthLocation
+ Specifies the full pathname of the
+ .Xr xauth 1
+Index: crypto/openssh/sshd.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd.c,v
+retrieving revision 1.39.2.1
+diff -u -d -r1.39.2.1 sshd.c
+--- crypto/openssh/sshd.c	11 Sep 2005 16:50:35 -0000	1.39.2.1
++++ crypto/openssh/sshd.c	30 Sep 2006 16:38:10 -0000
+@@ -317,7 +317,7 @@
+ 		kill(pmonitor->m_pid, SIGALRM);
+ 
+ 	/* Log error and exit. */
+-	fatal("Timeout before authentication for %s", get_remote_ipaddr());
++	sigdie("Timeout before authentication for %s", get_remote_ipaddr());
+ }
+ 
+ /*
+@@ -1730,6 +1730,7 @@
+ 	}
+ 
+  authenticated:
++	authctxt->authenticated = 1;
+ #ifdef SSH_AUDIT_EVENTS
+ 	audit_event(SSH_AUTH_SUCCESS);
+ #endif
+Index: crypto/openssh/sshd_config
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config,v
+retrieving revision 1.42.2.1
+diff -u -d -r1.42.2.1 sshd_config
+--- crypto/openssh/sshd_config	11 Sep 2005 16:50:35 -0000	1.42.2.1
++++ crypto/openssh/sshd_config	30 Sep 2006 16:38:10 -0000
+@@ -14,7 +14,7 @@
+ # Note that some of FreeBSD's defaults differ from OpenBSD's, and
+ # FreeBSD has a few additional options.
+ 
+-#VersionAddendum FreeBSD-20050903
++#VersionAddendum FreeBSD-20060930
+ 
+ #Port 22
+ #Protocol 2
+Index: crypto/openssh/sshd_config.5
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/sshd_config.5,v
+retrieving revision 1.23.2.1
+diff -u -d -r1.23.2.1 sshd_config.5
+--- crypto/openssh/sshd_config.5	11 Sep 2005 16:50:35 -0000	1.23.2.1
++++ crypto/openssh/sshd_config.5	30 Sep 2006 16:38:10 -0000
+@@ -725,7 +725,7 @@
+ Specifies a string to append to the regular version string to identify
+ OS- or site-specific modifications.
+ The default is
+-.Dq FreeBSD-20050903 .
++.Dq FreeBSD-20060930 .
+ .It Cm X11DisplayOffset
+ Specifies the first display number available for
+ .Nm sshd Ns 's
+Index: crypto/openssh/version.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/version.h,v
+retrieving revision 1.30.2.1
+diff -u -d -r1.30.2.1 version.h
+--- crypto/openssh/version.h	11 Sep 2005 16:50:35 -0000	1.30.2.1
++++ crypto/openssh/version.h	30 Sep 2006 16:38:10 -0000
+@@ -6,7 +6,7 @@
+ #define SSH_VERSION             (ssh_version_get())
+ #define SSH_RELEASE             (ssh_version_get())
+ #define SSH_VERSION_BASE        "OpenSSH_4.2p1"
+-#define SSH_VERSION_ADDENDUM    "FreeBSD-20050903"
++#define SSH_VERSION_ADDENDUM    "FreeBSD-20060930"
+ 
+ const char *ssh_version_get(void);
+ void ssh_version_set_addendum(const char *add);
diff --git a/share/security/patches/SA-06:22/openssh6x.patch.asc b/share/security/patches/SA-06:22/openssh6x.patch.asc
new file mode 100644
index 0000000000..4122f05617
--- /dev/null
+++ b/share/security/patches/SA-06:22/openssh6x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQBFHtEZFdaIBMps37IRAgeQAKCKNd8SRYoUfgAZiWx11dzv0io4PACfceyx
+2e2YIq402go+jDrYJs+yk3w=
+=HyAh
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:23/openssl-correction.patch b/share/security/patches/SA-06:23/openssl-correction.patch
new file mode 100644
index 0000000000..7ac2f27dfb
--- /dev/null
+++ b/share/security/patches/SA-06:23/openssl-correction.patch
@@ -0,0 +1,16 @@
+Index: crypto/openssl/crypto/dh/dh_key.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dh/dh_key.c,v
+retrieving revision 1.1.1.9.2.1
+diff -u -I__FBSDID -r1.1.1.9.2.1 dh_key.c
+--- crypto/openssl/crypto/dh/dh_key.c	28 Sep 2006 13:02:36 -0000	1.1.1.9.2.1
++++ crypto/openssl/crypto/dh/dh_key.c	29 Sep 2006 06:52:54 -0000
+@@ -167,7 +167,7 @@
+ 	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
+ 		{
+ 		DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
+-		goto err;
++		return -1;
+ 		}
+ 
+ 	ctx = BN_CTX_new();
diff --git a/share/security/patches/SA-06:23/openssl-correction.patch.asc b/share/security/patches/SA-06:23/openssl-correction.patch.asc
new file mode 100644
index 0000000000..a6abeb52d9
--- /dev/null
+++ b/share/security/patches/SA-06:23/openssl-correction.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBFHSWcFdaIBMps37IRAqj3AJ9U4sVUh3q6nKv+JorHzqG+GR1FVACfZ/7B
+OlmS5+lYp4kt32VKYkPwDfk=
+=N/q8
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:23/openssl.patch b/share/security/patches/SA-06:23/openssl.patch
new file mode 100644
index 0000000000..984d2bbea7
--- /dev/null
+++ b/share/security/patches/SA-06:23/openssl.patch
@@ -0,0 +1,313 @@
+Index: crypto/openssl/crypto/asn1/tasn_dec.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/asn1/tasn_dec.c,v
+retrieving revision 1.1.1.2
+diff -u -I__FBSDID -r1.1.1.2 tasn_dec.c
+--- crypto/openssl/crypto/asn1/tasn_dec.c	1 Oct 2003 12:32:37 -0000	1.1.1.2
++++ crypto/openssl/crypto/asn1/tasn_dec.c	27 Sep 2006 07:03:22 -0000
+@@ -628,6 +628,9 @@
+ 		ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
+ 		return 0;
+ 	} else if(ret == -1) return -1;
++
++	ret = 0;
++
+ 	/* SEQUENCE, SET and "OTHER" are left in encoded form */
+ 	if((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) {
+ 		/* Clear context cache for type OTHER because the auto clear when
+Index: crypto/openssl/crypto/dh/dh.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dh/dh.h,v
+retrieving revision 1.1.1.6
+diff -u -I__FBSDID -r1.1.1.6 dh.h
+--- crypto/openssl/crypto/dh/dh.h	28 Jan 2003 21:21:24 -0000	1.1.1.6
++++ crypto/openssl/crypto/dh/dh.h	27 Sep 2006 07:03:22 -0000
+@@ -70,6 +70,10 @@
+ #include <openssl/crypto.h>
+ #include <openssl/ossl_typ.h>
+ 	
++#ifndef OPENSSL_DH_MAX_MODULUS_BITS
++# define OPENSSL_DH_MAX_MODULUS_BITS	10000
++#endif
++
+ #define DH_FLAG_CACHE_MONT_P	0x01
+ 
+ #ifdef  __cplusplus
+@@ -200,6 +204,7 @@
+ /* Reason codes. */
+ #define DH_R_BAD_GENERATOR				 101
+ #define DH_R_NO_PRIVATE_VALUE				 100
++#define DH_R_MODULUS_TOO_LARGE				 103
+ 
+ #ifdef  __cplusplus
+ }
+Index: crypto/openssl/crypto/dh/dh_err.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dh/dh_err.c,v
+retrieving revision 1.1.1.5
+diff -u -I__FBSDID -r1.1.1.5 dh_err.c
+--- crypto/openssl/crypto/dh/dh_err.c	25 Feb 2005 05:34:36 -0000	1.1.1.5
++++ crypto/openssl/crypto/dh/dh_err.c	27 Sep 2006 07:03:22 -0000
+@@ -78,6 +78,7 @@
+ static ERR_STRING_DATA DH_str_reasons[]=
+ 	{
+ {DH_R_BAD_GENERATOR                      ,"bad generator"},
++{DH_R_MODULUS_TOO_LARGE                  ,"modulus too large"},
+ {DH_R_NO_PRIVATE_VALUE                   ,"no private value"},
+ {0,NULL}
+ 	};
+Index: crypto/openssl/crypto/dh/dh_key.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dh/dh_key.c,v
+retrieving revision 1.1.1.9
+diff -u -I__FBSDID -r1.1.1.9 dh_key.c
+--- crypto/openssl/crypto/dh/dh_key.c	25 Feb 2005 05:34:37 -0000	1.1.1.9
++++ crypto/openssl/crypto/dh/dh_key.c	27 Sep 2006 07:03:22 -0000
+@@ -164,6 +164,12 @@
+ 	BIGNUM *tmp;
+ 	int ret= -1;
+ 
++	if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS)
++		{
++		DHerr(DH_F_DH_COMPUTE_KEY,DH_R_MODULUS_TOO_LARGE);
++		return -1;
++		}
++
+ 	ctx = BN_CTX_new();
+ 	if (ctx == NULL) goto err;
+ 	BN_CTX_start(ctx);
+Index: crypto/openssl/crypto/dsa/dsa.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dsa/dsa.h,v
+retrieving revision 1.1.1.7
+diff -u -I__FBSDID -r1.1.1.7 dsa.h
+--- crypto/openssl/crypto/dsa/dsa.h	25 Feb 2005 05:34:39 -0000	1.1.1.7
++++ crypto/openssl/crypto/dsa/dsa.h	27 Sep 2006 07:03:23 -0000
+@@ -79,6 +79,10 @@
+ # include <openssl/dh.h>
+ #endif
+ 
++#ifndef OPENSSL_DSA_MAX_MODULUS_BITS
++# define OPENSSL_DSA_MAX_MODULUS_BITS	10000
++#endif
++
+ #define DSA_FLAG_CACHE_MONT_P	0x01
+ 
+ #if defined(OPENSSL_FIPS)
+@@ -245,8 +249,10 @@
+ #define DSA_F_SIG_CB					 114
+ 
+ /* Reason codes. */
++#define DSA_R_BAD_Q_VALUE				 102
+ #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 100
+ #define DSA_R_MISSING_PARAMETERS			 101
++#define DSA_R_MODULUS_TOO_LARGE				 103
+ 
+ #ifdef  __cplusplus
+ }
+Index: crypto/openssl/crypto/dsa/dsa_err.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dsa/dsa_err.c,v
+retrieving revision 1.1.1.4
+diff -u -I__FBSDID -r1.1.1.4 dsa_err.c
+--- crypto/openssl/crypto/dsa/dsa_err.c	28 Jan 2003 21:21:31 -0000	1.1.1.4
++++ crypto/openssl/crypto/dsa/dsa_err.c	27 Sep 2006 07:03:23 -0000
+@@ -85,8 +85,10 @@
+ 
+ static ERR_STRING_DATA DSA_str_reasons[]=
+ 	{
++{DSA_R_BAD_Q_VALUE                       ,"bad q value"},
+ {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
+ {DSA_R_MISSING_PARAMETERS                ,"missing parameters"},
++{DSA_R_MODULUS_TOO_LARGE                 ,"modulus too large"},
+ {0,NULL}
+ 	};
+ 
+Index: crypto/openssl/crypto/dsa/dsa_ossl.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/dsa/dsa_ossl.c,v
+retrieving revision 1.1.1.8
+diff -u -I__FBSDID -r1.1.1.8 dsa_ossl.c
+--- crypto/openssl/crypto/dsa/dsa_ossl.c	25 Feb 2005 05:34:40 -0000	1.1.1.8
++++ crypto/openssl/crypto/dsa/dsa_ossl.c	27 Sep 2006 07:03:23 -0000
+@@ -245,6 +245,18 @@
+ 		return -1;
+ 		}
+ 
++	if (BN_num_bits(dsa->q) != 160)
++		{
++		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_BAD_Q_VALUE);
++		return -1;
++		}
++
++	if (BN_num_bits(dsa->p) > OPENSSL_DSA_MAX_MODULUS_BITS)
++		{
++		DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MODULUS_TOO_LARGE);
++		return -1;
++		}
++
+ 	BN_init(&u1);
+ 	BN_init(&u2);
+ 	BN_init(&t1);
+Index: crypto/openssl/crypto/rsa/rsa.h
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa.h,v
+retrieving revision 1.11
+diff -u -I__FBSDID -r1.11 rsa.h
+--- crypto/openssl/crypto/rsa/rsa.h	25 Feb 2005 05:49:43 -0000	1.11
++++ crypto/openssl/crypto/rsa/rsa.h	27 Sep 2006 07:03:23 -0000
+@@ -155,6 +155,17 @@
+ 	BN_BLINDING *blinding;
+ 	};
+ 
++#ifndef OPENSSL_RSA_MAX_MODULUS_BITS
++# define OPENSSL_RSA_MAX_MODULUS_BITS	16400
++#endif
++
++#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
++# define OPENSSL_RSA_SMALL_MODULUS_BITS	4112
++#endif
++#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
++# define OPENSSL_RSA_MAX_PUBEXP_BITS	72 /* exponent limit enforced for "large" modulus only */
++#endif
++
+ #define RSA_3	0x3L
+ #define RSA_F4	0x10001L
+ 
+@@ -348,6 +359,7 @@
+ #define RSA_R_INVALID_MESSAGE_LENGTH			 131
+ #define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
+ #define RSA_R_KEY_SIZE_TOO_SMALL			 120
++#define RSA_R_MODULUS_TOO_LARGE				 105
+ #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
+ #define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
+ #define RSA_R_OAEP_DECODING_ERROR			 121
+Index: crypto/openssl/crypto/rsa/rsa_eay.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_eay.c,v
+retrieving revision 1.13
+diff -u -I__FBSDID -r1.13 rsa_eay.c
+--- crypto/openssl/crypto/rsa/rsa_eay.c	25 Feb 2005 05:49:43 -0000	1.13
++++ crypto/openssl/crypto/rsa/rsa_eay.c	27 Sep 2006 07:03:24 -0000
+@@ -105,6 +105,28 @@
+ 	unsigned char *buf=NULL;
+ 	BN_CTX *ctx=NULL;
+ 
++	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
++		{
++		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
++		return -1;
++		}
++
++	if (BN_ucmp(rsa->n, rsa->e) <= 0)
++		{
++		RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
++		return -1;
++		}
++
++	/* for large moduli, enforce exponent limit */
++	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
++		{
++		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
++			{
++			RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
++			return -1;
++			}
++		}
++	
+ 	BN_init(&f);
+ 	BN_init(&ret);
+ 	if ((ctx=BN_CTX_new()) == NULL) goto err;
+@@ -505,6 +527,28 @@
+ 	unsigned char *buf=NULL;
+ 	BN_CTX *ctx=NULL;
+ 
++	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
++		{
++		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
++		return -1;
++		}
++
++	if (BN_ucmp(rsa->n, rsa->e) <= 0)
++		{
++		RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
++		return -1;
++		}
++
++	/* for large moduli, enforce exponent limit */
++	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
++		{
++		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
++			{
++			RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
++			return -1;
++			}
++		}
++	
+ 	BN_init(&f);
+ 	BN_init(&ret);
+ 	ctx=BN_CTX_new();
+Index: crypto/openssl/crypto/rsa/rsa_err.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/crypto/rsa/rsa_err.c,v
+retrieving revision 1.1.1.4
+diff -u -I__FBSDID -r1.1.1.4 rsa_err.c
+--- crypto/openssl/crypto/rsa/rsa_err.c	28 Jan 2003 21:28:58 -0000	1.1.1.4
++++ crypto/openssl/crypto/rsa/rsa_err.c	27 Sep 2006 07:03:24 -0000
+@@ -116,6 +116,7 @@
+ {RSA_R_INVALID_MESSAGE_LENGTH            ,"invalid message length"},
+ {RSA_R_IQMP_NOT_INVERSE_OF_Q             ,"iqmp not inverse of q"},
+ {RSA_R_KEY_SIZE_TOO_SMALL                ,"key size too small"},
++{RSA_R_MODULUS_TOO_LARGE                 ,"modulus too large"},
+ {RSA_R_NULL_BEFORE_BLOCK_MISSING         ,"null before block missing"},
+ {RSA_R_N_DOES_NOT_EQUAL_P_Q              ,"n does not equal p q"},
+ {RSA_R_OAEP_DECODING_ERROR               ,"oaep decoding error"},
+Index: crypto/openssl/ssl/s2_clnt.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s2_clnt.c,v
+retrieving revision 1.13
+diff -u -I__FBSDID -r1.13 s2_clnt.c
+--- crypto/openssl/ssl/s2_clnt.c	25 Feb 2005 05:49:43 -0000	1.13
++++ crypto/openssl/ssl/s2_clnt.c	27 Sep 2006 07:03:24 -0000
+@@ -538,7 +538,8 @@
+ 		CRYPTO_add(&s->session->peer->references, 1, CRYPTO_LOCK_X509);
+ 		}
+ 
+-	if (s->session->peer != s->session->sess_cert->peer_key->x509)
++	if (s->session->sess_cert == NULL 
++      || s->session->peer != s->session->sess_cert->peer_key->x509)
+ 		/* can't happen */
+ 		{
+ 		ssl2_return_error(s, SSL2_PE_UNDEFINED_ERROR);
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/s3_srvr.c,v
+retrieving revision 1.1.1.14
+diff -u -I__FBSDID -r1.1.1.14 s3_srvr.c
+--- crypto/openssl/ssl/s3_srvr.c	25 Feb 2005 05:38:27 -0000	1.1.1.14
++++ crypto/openssl/ssl/s3_srvr.c	27 Sep 2006 07:03:25 -0000
+@@ -1733,7 +1733,7 @@
+ 
+                 if (kssl_ctx->client_princ)
+                         {
+-                        int len = strlen(kssl_ctx->client_princ);
++                        size_t len = strlen(kssl_ctx->client_princ);
+                         if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) 
+                                 {
+                                 s->session->krb5_client_princ_len = len;
+Index: crypto/openssl/ssl/ssl_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl_lib.c,v
+retrieving revision 1.1.1.12
+diff -u -I__FBSDID -r1.1.1.12 ssl_lib.c
+--- crypto/openssl/ssl/ssl_lib.c	25 Feb 2005 05:38:37 -0000	1.1.1.12
++++ crypto/openssl/ssl/ssl_lib.c	27 Sep 2006 07:03:26 -0000
+@@ -1167,7 +1167,7 @@
+ 		c=sk_SSL_CIPHER_value(sk,i);
+ 		for (cp=c->name; *cp; )
+ 			{
+-			if (len-- == 0)
++			if (len-- <= 0)
+ 				{
+ 				*p='\0';
+ 				return(buf);
diff --git a/share/security/patches/SA-06:23/openssl.patch.asc b/share/security/patches/SA-06:23/openssl.patch.asc
new file mode 100644
index 0000000000..9f23bef00f
--- /dev/null
+++ b/share/security/patches/SA-06:23/openssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBFHSWSFdaIBMps37IRAop3AKCJw1cqU227Xgv3mVmcJ90suwVrXACcCrag
+YUghZIe455UdGGvrJq8syXY=
+=VVts
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:24/libarchive.patch b/share/security/patches/SA-06:24/libarchive.patch
new file mode 100644
index 0000000000..20c4c8f268
--- /dev/null
+++ b/share/security/patches/SA-06:24/libarchive.patch
@@ -0,0 +1,55 @@
+Index: lib/libarchive/archive_read_support_compression_none.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libarchive/archive_read_support_compression_none.c,v
+retrieving revision 1.8
+diff -u -I__FBSDID -r1.8 archive_read_support_compression_none.c
+--- lib/libarchive/archive_read_support_compression_none.c	29 Aug 2006 04:59:25 -0000	1.8
++++ lib/libarchive/archive_read_support_compression_none.c	2 Nov 2006 05:17:28 -0000
+@@ -257,7 +257,9 @@
+ }
+ 
+ /*
+- * Skip at most request bytes. Skipped data is marked as consumed.
++ * Skip forward by exactly the requested bytes or else return
++ * ARCHIVE_FATAL.  Note that this differs from the contract for
++ * read_ahead, which does not gaurantee a minimum count.
+  */
+ static ssize_t
+ archive_decompressor_none_skip(struct archive *a, size_t request)
+@@ -287,9 +289,7 @@
+ 	if (request == 0)
+ 		return (total_bytes_skipped);
+ 	/*
+-	 * If no client_skipper is provided, just read the old way. It is very
+-	 * likely that after skipping, the request has not yet been fully
+-	 * satisfied (and is still > 0). In that case, read as well.
++	 * If a client_skipper was provided, try that first.
+ 	 */
+ 	if (a->client_skipper != NULL) {
+ 		bytes_skipped = (a->client_skipper)(a, a->client_data,
+@@ -307,6 +307,12 @@
+ 		a->raw_position += bytes_skipped;
+ 		state->client_avail = state->client_total = 0;
+ 	}
++	/*
++	 * Note that client_skipper will usually not satisfy the
++	 * full request (due to low-level blocking concerns),
++	 * so even if client_skipper is provided, we may still
++	 * have to use ordinary reads to finish out the request.
++	 */
+ 	while (request > 0) {
+ 		const void* dummy_buffer;
+ 		ssize_t bytes_read;
+@@ -314,6 +320,12 @@
+ 		    &dummy_buffer, request);
+ 		if (bytes_read < 0)
+ 			return (bytes_read);
++		if (bytes_read == 0) {
++			/* We hit EOF before we satisfied the skip request. */
++			archive_set_error(a, ARCHIVE_ERRNO_MISC,
++			    "Truncated input file (need to skip %d bytes)", (int)request);
++			return (ARCHIVE_FATAL);
++		}
+ 		assert(bytes_read >= 0); /* precondition for cast below */
+ 		min = minimum((size_t)bytes_read, request);
+ 		bytes_read = archive_decompressor_none_read_consume(a, min);
diff --git a/share/security/patches/SA-06:24/libarchive.patch.asc b/share/security/patches/SA-06:24/libarchive.patch.asc
new file mode 100644
index 0000000000..ab00cf9d7d
--- /dev/null
+++ b/share/security/patches/SA-06:24/libarchive.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.5 (FreeBSD)
+
+iD8DBQBFUeS+FdaIBMps37IRAsi1AKCXJgyqpkuIZE6YR3y4VP7oJvTiBQCfeQxE
+8zA7jWuVCURIYsvE2Hi2bAo=
+=99WR
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:25/kmem.patch b/share/security/patches/SA-06:25/kmem.patch
new file mode 100644
index 0000000000..eeb72a1333
--- /dev/null
+++ b/share/security/patches/SA-06:25/kmem.patch
@@ -0,0 +1,16 @@
+Index: sys/dev/firewire/fwdev.c
+===================================================================
+RCS file: /home/ncvs/src/sys/dev/firewire/fwdev.c,v
+retrieving revision 1.47
+diff -u -I__FBSDID -r1.47 fwdev.c
+--- sys/dev/firewire/fwdev.c	8 Aug 2005 19:55:30 -0000	1.47
++++ sys/dev/firewire/fwdev.c	30 Nov 2006 22:15:06 -0000
+@@ -712,7 +712,7 @@
+ 			else
+ 				len = fwdev->rommax - CSRROMOFF + 4;
+ 		}
+-		if (crom_buf->len < len)
++		if (crom_buf->len < len && crom_buf->len >= 0)
+ 			len = crom_buf->len;
+ 		else
+ 			crom_buf->len = len;
diff --git a/share/security/patches/SA-06:25/kmem.patch.asc b/share/security/patches/SA-06:25/kmem.patch.asc
new file mode 100644
index 0000000000..f4bbfd1fbc
--- /dev/null
+++ b/share/security/patches/SA-06:25/kmem.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBFdomMFdaIBMps37IRAkhOAKCdIux55UdRAzXP7JmH/TDW16wonQCgmBja
+lBRugZ5XqRwH6AVl/9XPpvw=
+=hv39
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-06:26/gtar.patch b/share/security/patches/SA-06:26/gtar.patch
new file mode 100644
index 0000000000..d264bfacdd
--- /dev/null
+++ b/share/security/patches/SA-06:26/gtar.patch
@@ -0,0 +1,82 @@
+Index: contrib/tar/src/common.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/tar/src/Attic/common.h,v
+retrieving revision 1.2
+diff -u -d -r1.2 common.h
+--- contrib/tar/src/common.h	4 Jun 2002 17:31:15 -0000	1.2
++++ contrib/tar/src/common.h	2 Dec 2006 14:47:16 -0000
+@@ -124,6 +124,9 @@
+ /* Boolean value.  */
+ GLOBAL int absolute_names_option;
+ 
++/* Allow GNUTYPE_NAMES type? */
++GLOBAL bool allow_name_mangling_option;
++
+ /* This variable tells how to interpret newer_mtime_option, below.  If zero,
+    files get archived if their mtime is not less than newer_mtime_option.
+    If nonzero, files get archived if *either* their ctime or mtime is not less
+Index: contrib/tar/src/extract.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/tar/src/Attic/extract.c,v
+retrieving revision 1.6
+diff -u -d -r1.6 extract.c
+--- contrib/tar/src/extract.c	19 Oct 2002 09:32:03 -0000	1.6
++++ contrib/tar/src/extract.c	2 Dec 2006 14:39:30 -0000
+@@ -1219,7 +1219,13 @@
+       break;
+ 
+     case GNUTYPE_NAMES:
+-      extract_mangle ();
++      if (allow_name_mangling_option)
++	extract_mangle ();
++      else {
++	ERROR ((0, 0, _("GNUTYPE_NAMES mangling ignored")));
++	if (backup_option)
++	  undo_last_backup ();
++      }
+       break;
+ 
+     case GNUTYPE_MULTIVOL:
+Index: contrib/tar/src/tar.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/tar/src/Attic/tar.c,v
+retrieving revision 1.3
+diff -u -d -r1.3 tar.c
+--- contrib/tar/src/tar.c	24 Jul 2003 00:04:01 -0000	1.3
++++ contrib/tar/src/tar.c	2 Dec 2006 14:29:15 -0000
+@@ -129,6 +129,7 @@
+ enum
+ {
+   ANCHORED_OPTION = CHAR_MAX + 1,
++  ALLOW_NAME_MANGLING_OPTION,
+   BACKUP_OPTION,
+   DELETE_OPTION,
+   EXCLUDE_OPTION,
+@@ -178,6 +179,7 @@
+   {"absolute-names", no_argument, 0, 'P'},
+   {"absolute-paths", no_argument, 0, OBSOLETE_ABSOLUTE_NAMES},
+   {"after-date", required_argument, 0, 'N'},
++  {"allow-name-mangling", no_argument, 0, ALLOW_NAME_MANGLING_OPTION},
+   {"anchored", no_argument, 0, ANCHORED_OPTION},
+   {"append", no_argument, 0, 'r'},
+   {"atime-preserve", no_argument, &atime_preserve_option, 1},
+@@ -392,6 +394,8 @@
+               PATTERN                at list/extract time, a globbing PATTERN\n\
+   -o, --old-archive, --portability   write a V7 format archive\n\
+       --posix                        write a POSIX format archive\n\
++      --allow-name-mangling          allow GNUTYPE_NAMES mangling --\n\
++                                     considered dangerous\n\
+   -j, -y, --bzip, --bzip2, --bunzip2 filter the archive through bzip2\n\
+   -z, --gzip, --ungzip               filter the archive through gzip\n\
+   -Z, --compress, --uncompress       filter the archive through compress\n\
+@@ -901,6 +905,10 @@
+ 	set_use_compress_program_option ("compress");
+ 	break;
+ 
++      case ALLOW_NAME_MANGLING_OPTION:
++	allow_name_mangling_option = true;
++	break;
++
+       case OBSOLETE_VERSION_CONTROL:
+ 	WARN ((0, 0, _("Obsolete option name replaced by --backup")));
+ 	/* Fall through.  */
diff --git a/share/security/patches/SA-06:26/gtar.patch.asc b/share/security/patches/SA-06:26/gtar.patch.asc
new file mode 100644
index 0000000000..b640801167
--- /dev/null
+++ b/share/security/patches/SA-06:26/gtar.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.3 (FreeBSD)
+
+iD8DBQBFdomCFdaIBMps37IRAh7HAJ9BPWzhyW7ctvzHem0lUdGRQJJPSACbB1ns
+RT+OaG8E8ED55aFJ4imCX00=
+=iRpd
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:01/jail5-correction.patch b/share/security/patches/SA-07:01/jail5-correction.patch
new file mode 100644
index 0000000000..b0a2dd64eb
--- /dev/null
+++ b/share/security/patches/SA-07:01/jail5-correction.patch
@@ -0,0 +1,16 @@
+Index: etc/rc.d/jail
+===================================================================
+RCS file: /home/ncvs/src/etc/rc.d/jail,v
+retrieving revision 1.15.2.5.2.1
+diff -u -d -r1.15.2.5.2.1 jail
+--- etc/rc.d/jail	11 Jan 2007 18:19:33 -0000	1.15.2.5.2.1
++++ etc/rc.d/jail	27 Jul 2007 08:49:37 -0000
+@@ -228,7 +228,7 @@
+ 			warn "${_mountpt} has symlink as parent - not mounting from ${jail_fstab}"
+ 			return
+ 		fi
+-	done <${_fstab}
++	done <${jail_fstab}
+ 	mount -a -F "${jail_fstab}"
+ }
+ 
diff --git a/share/security/patches/SA-07:01/jail5-correction.patch.asc b/share/security/patches/SA-07:01/jail5-correction.patch.asc
new file mode 100644
index 0000000000..39b035791f
--- /dev/null
+++ b/share/security/patches/SA-07:01/jail5-correction.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBGsPhZFdaIBMps37IRAnhuAJkBD3uWWo/wCF2+PdtSYNBYCN4UnwCeIjoa
+rECtAXyqDzG+n4lFk3zWZF4=
+=4EF4
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:01/jail5.patch b/share/security/patches/SA-07:01/jail5.patch
new file mode 100644
index 0000000000..f409283d2f
--- /dev/null
+++ b/share/security/patches/SA-07:01/jail5.patch
@@ -0,0 +1,211 @@
+Index: etc/rc.d/jail
+===================================================================
+RCS file: /home/ncvs/src/etc/rc.d/jail,v
+retrieving revision 1.15.2.5
+diff -u -d -r1.15.2.5 jail
+--- etc/rc.d/jail	3 Jul 2005 12:40:13 -0000	1.15.2.5
++++ etc/rc.d/jail	30 Jul 2007 20:24:12 -0000
+@@ -66,6 +66,8 @@
+ 	[ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"
+ 	eval jail_flags=\"\$jail_${_j}_flags\"
+ 	[ -z "${jail_flags}" ] && jail_flags="-l -U root"
++	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
++	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
+ 
+ 	# Debugging aid
+ 	#
+@@ -84,6 +86,7 @@
+ 	debug "$_j exec start: $jail_exec_start"
+ 	debug "$_j exec stop: $jail_exec_stop"
+ 	debug "$_j flags: $jail_flags"
++	debug "$_j consolelog: $_consolelog"
+ }
+ 
+ # set_sysctl rc_knob mib msg
+@@ -113,6 +116,56 @@
+ 	fi
+ }
+ 
++# is_current_mountpoint()
++#	Is the directory mount point for a currently mounted file
++#	system?
++#
++is_current_mountpoint()
++{
++	local _dir _dir2
++
++	_dir=$1
++
++	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
++	[ ! -d "${_dir}" ] && return 1
++	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
++	[ "${_dir}" = "${_dir2}" ]
++	return $?
++}
++
++# is_symlinked_mountpoint()
++#	Is a mount point, or any of its parent directories, a symlink?
++#
++is_symlinked_mountpoint()
++{
++	local _dir
++
++	_dir=$1
++
++	[ -L "$_dir" ] && return 0
++	[ "$_dir" = "/" ] && return 1
++	is_symlinked_mountpoint `dirname $_dir`
++	return $?
++}
++
++# secure_umount
++#	Try to unmount a mount point without being vulnerable to
++#	symlink attacks.
++#
++secure_umount()
++{
++	local _dir
++
++	_dir=$1
++
++	if is_current_mountpoint ${_dir}; then
++		umount -f ${_dir} >/dev/null 2>&1
++	else
++		debug "Nothing mounted on ${_dir} - not unmounting"
++	fi
++}
++
++
+ # jail_umount_fs
+ #	This function unmounts certain special filesystems in the
+ #	currently selected jail. The caller must call the init_variables()
+@@ -120,27 +173,65 @@
+ #
+ jail_umount_fs()
+ {
++	local _device _mountpt _rest
++
+ 	if checkyesno jail_fdescfs; then
+ 		if [ -d "${jail_fdescdir}" ] ; then
+-			umount -f ${jail_fdescdir} >/dev/null 2>&1
++			secure_umount ${jail_fdescdir}
+ 		fi
+ 	fi
+ 	if checkyesno jail_devfs; then
+ 		if [ -d "${jail_devdir}" ] ; then
+-			umount -f ${jail_devdir} >/dev/null 2>&1
++			secure_umount ${jail_devdir}
+ 		fi
+ 	fi
+ 	if checkyesno jail_procfs; then
+ 		if [ -d "${jail_procdir}" ] ; then
+-			umount -f ${jail_procdir} >/dev/null 2>&1
++			secure_umount ${jail_procdir}
+ 		fi
+ 	fi
+ 	if checkyesno jail_mount; then
+ 		[ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist"
+-		umount -a -F "${jail_fstab}" >/dev/null 2>&1
++		tail -r ${jail_fstab} | while read _device _mountpt _rest; do
++			case ":${_device}" in
++			:#* | :)
++				continue
++				;;
++			esac
++			secure_umount ${_mountpt}
++		done
+ 	fi
+ }
+ 
++# jail_mount_fstab()
++#	Mount file systems from a per jail fstab while trying to
++#	secure against symlink attacks at the mount points.
++#
++#	If we are certain we cannot secure against symlink attacks we
++#	do not mount all of the file systems (since we cannot just not
++#	mount the file system with the problematic mount point).
++#
++#	The caller must call the init_variables() routine before
++#	calling this one.
++#
++jail_mount_fstab()
++{
++	local _device _mountpt _rest
++
++	while read _device _mountpt _rest; do
++		case ":${_device}" in
++		:#* | :)
++			continue
++			;;
++		esac
++		if is_symlinked_mountpoint ${_mountpt}; then
++			warn "${_mountpt} has symlink as parent - not mounting from ${jail_fstab}"
++			return
++		fi
++	done <${jail_fstab}
++	mount -a -F "${jail_fstab}"
++}
++
+ jail_start()
+ {
+ 	echo -n 'Configuring jails:'
+@@ -163,9 +254,13 @@
+ 			if [ ! -f "${jail_fstab}" ]; then
+ 				err 3 "$name: ${jail_fstab} does not exist"
+ 			fi
+-			mount -a -F "${jail_fstab}"
++			jail_mount_fstab
+ 		fi
+ 		if checkyesno jail_devfs; then
++			if is_symlinked_mountpoint ${jail_devdir}; then
++				warn "${jail_devdir} has symlink as parent - not starting jail ${_jail}"
++				continue
++			fi
+ 			info "Mounting devfs on ${jail_devdir}"
+ 			devfs_mount_jail "${jail_devdir}" ${jail_ruleset}
+ 
+@@ -186,13 +281,21 @@
+ 			#	cd "$__pwd"
+ 		fi
+ 		if checkyesno jail_fdescfs; then
+-			info "Mounting fdescfs on ${jail_fdescdir}"
+-			mount -t fdescfs fdesc "${jail_fdescdir}"
++ 			if is_symlinked_mountpoint ${jail_fdescdir}; then
++ 				warn "${jail_fdescdir} has symlink as parent, not mounting"
++ 			else
++				info "Mounting fdescfs on ${jail_fdescdir}"
++				mount -t fdescfs fdesc "${jail_fdescdir}"
++			fi
+ 		fi
+ 		if checkyesno jail_procfs; then
+-			info "Mounting procfs onto ${jail_procdir}"
+-			if [ -d "${jail_procdir}" ] ; then
+-				mount -t procfs proc "${jail_procdir}"
++			if is_symlinked_mountpoint ${jail_procdir}; then
++				warn "${jail_procdir} has symlink as parent, not mounting"
++			else
++				info "Mounting procfs onto ${jail_procdir}"
++				if [ -d "${jail_procdir}" ] ; then
++					mount -t procfs proc "${jail_procdir}"
++				fi
+ 			fi
+ 		fi
+ 		_tmp_jail=${_tmp_dir}/jail.$$
+@@ -200,7 +303,7 @@
+ 			${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1
+ 		[ "$?" -eq 0 ] && echo -n " $jail_hostname"
+ 		_jail_id=$(head -1 ${_tmp_jail})
+-		tail +2 ${_tmp_jail} >${jail_rootdir}/var/log/console.log
++		tail +2 ${_tmp_jail} >${_consolelog}
+ 		rm -f ${_tmp_jail}
+ 		echo ${_jail_id} > /var/run/jail_${_jail}.id
+ 	done
+@@ -219,7 +322,7 @@
+ 				init_variables $_jail
+ 				if [ -n "${jail_exec_stop}" ]; then
+ 					eval env -i /usr/sbin/jexec ${_jail_id} ${jail_exec_stop} \
+-						>> ${jail_rootdir}/var/log/console.log 2>&1
++						>> ${_consolelog} 2>&1
+ 				fi
+ 				killall -j ${_jail_id} -TERM > /dev/null 2>&1
+ 				sleep 1
diff --git a/share/security/patches/SA-07:01/jail5.patch.asc b/share/security/patches/SA-07:01/jail5.patch.asc
new file mode 100644
index 0000000000..ce555f96d1
--- /dev/null
+++ b/share/security/patches/SA-07:01/jail5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBGsPhVFdaIBMps37IRAv8jAJ4td7Vyypl30jD8QzqblpTa87WpQgCfQPaF
+kx8TEijb2K5rSn98kiE7WgE=
+=saJe
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:01/jail60.patch b/share/security/patches/SA-07:01/jail60.patch
new file mode 100644
index 0000000000..0449c9b4ce
--- /dev/null
+++ b/share/security/patches/SA-07:01/jail60.patch
@@ -0,0 +1,214 @@
+Index: etc/rc.d/jail
+===================================================================
+RCS file: /home/ncvs/src/etc/rc.d/jail,v
+retrieving revision 1.23.2.2
+diff -u -d -r1.23.2.2 jail
+--- etc/rc.d/jail	16 Aug 2005 08:43:06 -0000	1.23.2.2
++++ etc/rc.d/jail	9 Jan 2007 21:45:16 -0000
+@@ -66,6 +66,8 @@
+ 	[ -z "${jail_fstab}" ] && jail_fstab="/etc/fstab.${_j}"
+ 	eval jail_flags=\"\$jail_${_j}_flags\"
+ 	[ -z "${jail_flags}" ] && jail_flags="-l -U root"
++	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
++	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
+ 
+ 	# Debugging aid
+ 	#
+@@ -84,6 +86,7 @@
+ 	debug "$_j exec start: $jail_exec_start"
+ 	debug "$_j exec stop: $jail_exec_stop"
+ 	debug "$_j flags: $jail_flags"
++	debug "$_j consolelog: $_consolelog"
+ }
+ 
+ # set_sysctl rc_knob mib msg
+@@ -113,6 +116,56 @@
+ 	fi
+ }
+ 
++# is_current_mountpoint()
++#	Is the directory mount point for a currently mounted file
++#	system?
++#
++is_current_mountpoint()
++{
++	local _dir _dir2
++
++	_dir=$1
++
++	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
++	[ ! -d "${_dir}" ] && return 1
++	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
++	[ "${_dir}" = "${_dir2}" ]
++	return $?
++}
++
++# is_symlinked_mountpoint()
++#	Is a mount point, or any of its parent directories, a symlink?
++#
++is_symlinked_mountpoint()
++{
++	local _dir
++
++	_dir=$1
++
++	[ -L "$_dir" ] && return 0
++	[ "$_dir" = "/" ] && return 1
++	is_symlinked_mountpoint `dirname $_dir`
++	return $?
++}
++
++# secure_umount
++#	Try to unmount a mount point without being vulnerable to
++#	symlink attacks.
++#
++secure_umount()
++{
++	local _dir
++
++	_dir=$1
++
++	if is_current_mountpoint ${_dir}; then
++		umount -f ${_dir} >/dev/null 2>&1
++	else
++		debug "Nothing mounted on ${_dir} - not unmounting"
++	fi
++}
++
++
+ # jail_umount_fs
+ #	This function unmounts certain special filesystems in the
+ #	currently selected jail. The caller must call the init_variables()
+@@ -120,27 +173,65 @@
+ #
+ jail_umount_fs()
+ {
++	local _device _mountpt _rest
++
+ 	if checkyesno jail_fdescfs; then
+ 		if [ -d "${jail_fdescdir}" ] ; then
+-			umount -f ${jail_fdescdir} >/dev/null 2>&1
++			secure_umount ${jail_fdescdir}
+ 		fi
+ 	fi
+ 	if checkyesno jail_devfs; then
+ 		if [ -d "${jail_devdir}" ] ; then
+-			umount -f ${jail_devdir} >/dev/null 2>&1
++			secure_umount ${jail_devdir}
+ 		fi
+ 	fi
+ 	if checkyesno jail_procfs; then
+ 		if [ -d "${jail_procdir}" ] ; then
+-			umount -f ${jail_procdir} >/dev/null 2>&1
++			secure_umount ${jail_procdir}
+ 		fi
+ 	fi
+ 	if checkyesno jail_mount; then
+ 		[ -f "${jail_fstab}" ] || warn "${jail_fstab} does not exist"
+-		umount -a -F "${jail_fstab}" >/dev/null 2>&1
++		tail -r ${jail_fstab} | while read _device _mountpt _rest; do
++			case ":${_device}" in
++			:#* | :)
++				continue
++				;;
++			esac
++			secure_umount ${_mountpt}
++		done
+ 	fi
+ }
+ 
++# jail_mount_fstab()
++#	Mount file systems from a per jail fstab while trying to
++#	secure against symlink attacks at the mount points.
++#
++#	If we are certain we cannot secure against symlink attacks we
++#	do not mount all of the file systems (since we cannot just not
++#	mount the file system with the problematic mount point).
++#
++#	The caller must call the init_variables() routine before
++#	calling this one.
++#
++jail_mount_fstab()
++{
++	local _device _mountpt _rest
++
++	while read _device _mountpt _rest; do
++		case ":${_device}" in
++		:#* | :)
++			continue
++			;;
++		esac
++		if is_symlinked_mountpoint ${_mountpt}; then
++			warn "${_mountpt} has symlink as parent - not mounting from ${jail_fstab}"
++			return
++		fi
++	done <${_fstab}
++	mount -a -F "${jail_fstab}"
++}
++
+ jail_start()
+ {
+ 	echo -n 'Configuring jails:'
+@@ -167,12 +258,16 @@
+ 			if [ ! -f "${jail_fstab}" ]; then
+ 				err 3 "$name: ${jail_fstab} does not exist"
+ 			fi
+-			mount -a -F "${jail_fstab}"
++			jail_mount_fstab
+ 		fi
+ 		if checkyesno jail_devfs; then
+ 			# If devfs is already mounted here, skip it.
+ 			df -t devfs "${jail_devdir}" >/dev/null
+ 			if [ $? -ne 0 ]; then
++				if is_symlinked_mountpoint ${jail_devdir}; then
++					warn "${jail_devdir} has symlink as parent - not starting jail ${_jail}"
++					continue
++				fi
+ 				info "Mounting devfs on ${jail_devdir}"
+ 				devfs_mount_jail "${jail_devdir}" ${jail_ruleset}
+ 				# Transitional symlink for old binaries
+@@ -193,13 +288,21 @@
+ 			#	cd "$__pwd"
+ 		fi
+ 		if checkyesno jail_fdescfs; then
+-			info "Mounting fdescfs on ${jail_fdescdir}"
+-			mount -t fdescfs fdesc "${jail_fdescdir}"
++ 			if is_symlinked_mountpoint ${jail_fdescdir}; then
++ 				warn "${jail_fdescdir} has symlink as parent, not mounting"
++ 			else
++				info "Mounting fdescfs on ${jail_fdescdir}"
++				mount -t fdescfs fdesc "${jail_fdescdir}"
++			fi
+ 		fi
+ 		if checkyesno jail_procfs; then
+-			info "Mounting procfs onto ${jail_procdir}"
+-			if [ -d "${jail_procdir}" ] ; then
+-				mount -t procfs proc "${jail_procdir}"
++			if is_symlinked_mountpoint ${jail_procdir}; then
++				warn "${jail_procdir} has symlink as parent, not mounting"
++			else
++				info "Mounting procfs onto ${jail_procdir}"
++				if [ -d "${jail_procdir}" ] ; then
++					mount -t procfs proc "${jail_procdir}"
++				fi
+ 			fi
+ 		fi
+ 		_tmp_jail=${_tmp_dir}/jail.$$
+@@ -207,7 +310,7 @@
+ 			${jail_ip} ${jail_exec_start} > ${_tmp_jail} 2>&1
+ 		[ "$?" -eq 0 ] && echo -n " $jail_hostname"
+ 		_jail_id=$(head -1 ${_tmp_jail})
+-		tail +2 ${_tmp_jail} >${jail_rootdir}/var/log/console.log
++		tail +2 ${_tmp_jail} >${_consolelog}
+ 		rm -f ${_tmp_jail}
+ 		echo ${_jail_id} > /var/run/jail_${_jail}.id
+ 	done
+@@ -226,7 +329,7 @@
+ 				init_variables $_jail
+ 				if [ -n "${jail_exec_stop}" ]; then
+ 					eval env -i /usr/sbin/jexec ${_jail_id} ${jail_exec_stop} \
+-						>> ${jail_rootdir}/var/log/console.log 2>&1
++						>> ${_consolelog} 2>&1
+ 				fi
+ 				killall -j ${_jail_id} -TERM > /dev/null 2>&1
+ 				sleep 1
diff --git a/share/security/patches/SA-07:01/jail60.patch.asc b/share/security/patches/SA-07:01/jail60.patch.asc
new file mode 100644
index 0000000000..3962e7b351
--- /dev/null
+++ b/share/security/patches/SA-07:01/jail60.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBFpoNwFdaIBMps37IRAjq/AKCYdLshetGjyd11MfCxnek7wOrbFQCeM8Kw
+02kQ+HyjuaJykczBh8JsEYg=
+=KHQ1
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:01/jail61.patch b/share/security/patches/SA-07:01/jail61.patch
new file mode 100644
index 0000000000..93dd97c07c
--- /dev/null
+++ b/share/security/patches/SA-07:01/jail61.patch
@@ -0,0 +1,214 @@
+Index: etc/rc.d/jail
+===================================================================
+RCS file: /home/ncvs/src/etc/rc.d/jail,v
+retrieving revision 1.23.2.3.2.2
+diff -u -d -r1.23.2.3.2.2 jail
+--- etc/rc.d/jail	7 Jul 2006 07:25:21 -0000	1.23.2.3.2.2
++++ etc/rc.d/jail	9 Jan 2007 21:53:36 -0000
+@@ -67,6 +67,8 @@
+ 	[ -z "${_fstab}" ] && _fstab="/etc/fstab.${_j}"
+ 	eval _flags=\"\${jail_${_j}_flags:-${jail_flags}}\"
+ 	[ -z "${_flags}" ] && _flags="-l -U root"
++	eval _consolelog=\"\${jail_${_j}_consolelog:-${jail_consolelog}}\"
++	[ -z "${_consolelog}" ] && _consolelog="/var/log/jail_${_j}_console.log"
+ 
+ 	# Debugging aid
+ 	#
+@@ -86,6 +88,7 @@
+ 	debug "$_j exec start: $_exec_start"
+ 	debug "$_j exec stop: $_exec_stop"
+ 	debug "$_j flags: $_flags"
++	debug "$_j consolelog: $_consolelog"
+ 
+ 	if [ -z "${_hostname}" ]; then
+ 		err 3 "$name: No hostname has been defined for ${_j}"
+@@ -126,6 +129,56 @@
+ 	fi
+ }
+ 
++# is_current_mountpoint()
++#	Is the directory mount point for a currently mounted file
++#	system?
++#
++is_current_mountpoint()
++{
++	local _dir _dir2
++
++	_dir=$1
++
++	_dir=`echo $_dir | sed -Ee 's#//+#/#g' -e 's#/$##'`
++	[ ! -d "${_dir}" ] && return 1
++	_dir2=`df ${_dir} | tail +2 | awk '{ print $6 }'`
++	[ "${_dir}" = "${_dir2}" ]
++	return $?
++}
++
++# is_symlinked_mountpoint()
++#	Is a mount point, or any of its parent directories, a symlink?
++#
++is_symlinked_mountpoint()
++{
++	local _dir
++
++	_dir=$1
++
++	[ -L "$_dir" ] && return 0
++	[ "$_dir" = "/" ] && return 1
++	is_symlinked_mountpoint `dirname $_dir`
++	return $?
++}
++
++# secure_umount
++#	Try to unmount a mount point without being vulnerable to
++#	symlink attacks.
++#
++secure_umount()
++{
++	local _dir
++
++	_dir=$1
++
++	if is_current_mountpoint ${_dir}; then
++		umount -f ${_dir} >/dev/null 2>&1
++	else
++		debug "Nothing mounted on ${_dir} - not unmounting"
++	fi
++}
++
++
+ # jail_umount_fs
+ #	This function unmounts certain special filesystems in the
+ #	currently selected jail. The caller must call the init_variables()
+@@ -133,27 +186,65 @@
+ #
+ jail_umount_fs()
+ {
++	local _device _mountpt _rest
++
+ 	if checkyesno _fdescfs; then
+ 		if [ -d "${_fdescdir}" ] ; then
+-			umount -f ${_fdescdir} >/dev/null 2>&1
++			secure_umount ${_fdescdir}
+ 		fi
+ 	fi
+ 	if checkyesno _devfs; then
+ 		if [ -d "${_devdir}" ] ; then
+-			umount -f ${_devdir} >/dev/null 2>&1
++			secure_umount ${_devdir}
+ 		fi
+ 	fi
+ 	if checkyesno _procfs; then
+ 		if [ -d "${_procdir}" ] ; then
+-			umount -f ${_procdir} >/dev/null 2>&1
++			secure_umount ${_procdir}
+ 		fi
+ 	fi
+ 	if checkyesno _mount; then
+ 		[ -f "${_fstab}" ] || warn "${_fstab} does not exist"
+-		umount -a -F "${_fstab}" >/dev/null 2>&1
++		tail -r ${_fstab} | while read _device _mountpt _rest; do
++			case ":${_device}" in
++			:#* | :)
++				continue
++				;;
++			esac
++			secure_umount ${_mountpt}
++		done
+ 	fi
+ }
+ 
++# jail_mount_fstab()
++#	Mount file systems from a per jail fstab while trying to
++#	secure against symlink attacks at the mount points.
++#
++#	If we are certain we cannot secure against symlink attacks we
++#	do not mount all of the file systems (since we cannot just not
++#	mount the file system with the problematic mount point).
++#
++#	The caller must call the init_variables() routine before
++#	calling this one.
++#
++jail_mount_fstab()
++{
++	local _device _mountpt _rest
++
++	while read _device _mountpt _rest; do
++		case ":${_device}" in
++		:#* | :)
++			continue
++			;;
++		esac
++		if is_symlinked_mountpoint ${_mountpt}; then
++			warn "${_mountpt} has symlink as parent - not mounting from ${_fstab}"
++			return
++		fi
++	done <${_fstab}
++	mount -a -F "${_fstab}"
++}
++
+ jail_start()
+ {
+ 	echo -n 'Configuring jails:'
+@@ -183,12 +274,16 @@
+ 			if [ ! -f "${_fstab}" ]; then
+ 				err 3 "$name: ${_fstab} does not exist"
+ 			fi
+-			mount -a -F "${_fstab}"
++			jail_mount_fstab
+ 		fi
+ 		if checkyesno _devfs; then
+ 			# If devfs is already mounted here, skip it.
+ 			df -t devfs "${_devdir}" >/dev/null
+ 			if [ $? -ne 0 ]; then
++				if is_symlinked_mountpoint ${_devdir}; then
++					warn "${_devdir} has symlink as parent - not starting jail ${_jail}"
++					continue
++				fi
+ 				info "Mounting devfs on ${_devdir}"
+ 				devfs_mount_jail "${_devdir}" ${_ruleset}
+ 				# Transitional symlink for old binaries
+@@ -209,13 +304,21 @@
+ 			#	cd "$__pwd"
+ 		fi
+ 		if checkyesno _fdescfs; then
+-			info "Mounting fdescfs on ${_fdescdir}"
+-			mount -t fdescfs fdesc "${_fdescdir}"
++			if is_symlinked_mountpoint ${_fdescdir}; then
++				warn "${_fdescdir} has symlink as parent, not mounting"
++			else
++				info "Mounting fdescfs on ${_fdescdir}"
++				mount -t fdescfs fdesc "${_fdescdir}"
++			fi
+ 		fi
+ 		if checkyesno _procfs; then
+-			info "Mounting procfs onto ${_procdir}"
+-			if [ -d "${_procdir}" ] ; then
+-				mount -t procfs proc "${_procdir}"
++			if is_symlinked_mountpoint ${_procdir}; then
++				warn "${_procdir} has symlink as parent, not mounting"
++			else
++				info "Mounting procfs onto ${_procdir}"
++				if [ -d "${_procdir}" ] ; then
++					mount -t procfs proc "${_procdir}"
++				fi
+ 			fi
+ 		fi
+ 		_tmp_jail=${_tmp_dir}/jail.$$
+@@ -223,7 +326,7 @@
+ 			${_ip} ${_exec_start} > ${_tmp_jail} 2>&1
+ 		[ "$?" -eq 0 ] && echo -n " $_hostname"
+ 		_jail_id=$(head -1 ${_tmp_jail})
+-		tail +2 ${_tmp_jail} >${_rootdir}/var/log/console.log
++		tail +2 ${_tmp_jail} >${_consolelog}
+ 		rm -f ${_tmp_jail}
+ 		echo ${_jail_id} > /var/run/jail_${_jail}.id
+ 	done
+@@ -242,7 +345,7 @@
+ 				init_variables $_jail
+ 				if [ -n "${_exec_stop}" ]; then
+ 					eval env -i /usr/sbin/jexec ${_jail_id} ${_exec_stop} \
+-						>> ${_rootdir}/var/log/console.log 2>&1
++						>> ${_consolelog} 2>&1
+ 				fi
+ 				killall -j ${_jail_id} -TERM > /dev/null 2>&1
+ 				sleep 1
diff --git a/share/security/patches/SA-07:01/jail61.patch.asc b/share/security/patches/SA-07:01/jail61.patch.asc
new file mode 100644
index 0000000000..5dadc5a7ba
--- /dev/null
+++ b/share/security/patches/SA-07:01/jail61.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBFpoN0FdaIBMps37IRAkohAKCMfqIxSDvbPZhs8lLPKsDDv1ufAACeOw6K
+43mix1sCHYp/gK2GGsIOq+Y=
+=royu
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:02/bind61.patch b/share/security/patches/SA-07:02/bind61.patch
new file mode 100644
index 0000000000..77715a8d7a
--- /dev/null
+++ b/share/security/patches/SA-07:02/bind61.patch
@@ -0,0 +1,257 @@
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/resolver.c,v
+retrieving revision 1.1.1.2.2.2.2.1
+diff -u -I__FBSDID -r1.1.1.2.2.2.2.1 resolver.c
+--- contrib/bind9/lib/dns/resolver.c	6 Sep 2006 21:19:20 -0000	1.1.1.2.2.2.2.1
++++ contrib/bind9/lib/dns/resolver.c	9 Feb 2007 07:24:35 -0000
+@@ -215,6 +215,11 @@
+ 	dns_name_t 			nsname; 
+ 	dns_fetch_t *			nsfetch;
+ 	dns_rdataset_t			nsrrset;
++
++	/*%
++	 * Number of queries that reference this context.
++	 */
++	unsigned int			nqueries;
+ };
+ 
+ #define FCTX_MAGIC			ISC_MAGIC('F', '!', '!', '!')
+@@ -348,6 +353,7 @@
+ 				      dns_rdataset_t *ardataset,
+ 				      isc_result_t *eresultp);
+ static void validated(isc_task_t *task, isc_event_t *event); 
++static void maybe_destroy(fetchctx_t *fctx);
+ 
+ static isc_result_t
+ valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
+@@ -366,6 +372,9 @@
+ 	valarg->fctx = fctx;
+ 	valarg->addrinfo = addrinfo;
+ 
++	if (!ISC_LIST_EMPTY(fctx->validators))
++		INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
++
+ 	result = dns_validator_create(fctx->res->view, name, type, rdataset,
+ 				      sigrdataset, fctx->rmessage,
+ 				      valoptions, task, validated, valarg,
+@@ -513,6 +522,9 @@
+ 
+ 	INSIST(query->tcpsocket == NULL);
+ 
++	query->fctx->nqueries--;
++	if (SHUTTINGDOWN(query->fctx))
++		maybe_destroy(query->fctx);	/* Locks bucket. */
+ 	query->magic = 0;
+ 	isc_mem_put(query->mctx, query, sizeof(*query));
+ 	*queryp = NULL;
+@@ -971,6 +983,8 @@
+ 	if (result != ISC_R_SUCCESS)
+ 		return (result);
+ 
++	INSIST(ISC_LIST_EMPTY(fctx->validators));
++
+ 	dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
+ 
+ 	query = isc_mem_get(res->mctx, sizeof(*query));
+@@ -1084,6 +1098,7 @@
+ 	}
+ 
+ 	ISC_LIST_APPEND(fctx->queries, query, link);
++	query->fctx->nqueries++;
+ 
+ 	return (ISC_R_SUCCESS);
+ 
+@@ -1530,7 +1545,7 @@
+ 			want_done = ISC_TRUE;
+ 		}
+ 	} else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
+-		   ISC_LIST_EMPTY(fctx->validators)) {
++		   fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
+ 		bucketnum = fctx->bucketnum;
+ 		LOCK(&res->buckets[bucketnum].lock);
+ 		/*
+@@ -2384,8 +2399,8 @@
+ 	REQUIRE(ISC_LIST_EMPTY(fctx->finds));
+ 	REQUIRE(ISC_LIST_EMPTY(fctx->altfinds));
+ 	REQUIRE(fctx->pending == 0);
+-	REQUIRE(ISC_LIST_EMPTY(fctx->validators));
+ 	REQUIRE(fctx->references == 0);
++	REQUIRE(ISC_LIST_EMPTY(fctx->validators));
+ 
+ 	FCTXTRACE("destroy");
+ 
+@@ -2559,7 +2574,7 @@
+ 	}
+ 
+ 	if (fctx->references == 0 && fctx->pending == 0 &&
+-	    ISC_LIST_EMPTY(fctx->validators))
++	    fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators))
+ 		bucket_empty = fctx_destroy(fctx);
+ 
+ 	UNLOCK(&res->buckets[bucketnum].lock);
+@@ -2600,6 +2615,7 @@
+ 		 * pending ADB finds and no pending validations.
+ 		 */
+ 		INSIST(fctx->pending == 0);
++		INSIST(fctx->nqueries == 0);
+ 		INSIST(ISC_LIST_EMPTY(fctx->validators));
+ 		if (fctx->references == 0) {
+ 			/*
+@@ -2761,6 +2777,7 @@
+ 	fctx->restarts = 0;
+ 	fctx->timeouts = 0;
+ 	fctx->attributes = 0;
++	fctx->nqueries = 0;
+ 
+ 	dns_name_init(&fctx->nsname, NULL);
+ 	fctx->nsfetch = NULL;
+@@ -3083,12 +3100,21 @@
+ 	unsigned int bucketnum;
+ 	isc_boolean_t bucket_empty = ISC_FALSE;
+ 	dns_resolver_t *res = fctx->res;
++	dns_validator_t *validator;
+ 
+ 	REQUIRE(SHUTTINGDOWN(fctx));
+ 
+-	if (fctx->pending != 0 || !ISC_LIST_EMPTY(fctx->validators))
++	if (fctx->pending != 0 || fctx->nqueries != 0)
+ 		return;
+ 
++	for (validator = ISC_LIST_HEAD(fctx->validators);
++	     validator != NULL;
++	     validator = ISC_LIST_HEAD(fctx->validators)) {
++		ISC_LIST_UNLINK(fctx->validators, validator, link);
++		dns_validator_cancel(validator);
++		dns_validator_destroy(&validator);
++	}
++
+ 	bucketnum = fctx->bucketnum;
+ 	LOCK(&res->buckets[bucketnum].lock);
+ 	if (fctx->references == 0)
+@@ -3219,7 +3245,9 @@
+ 		result = vevent->result;
+ 		add_bad(fctx, &addrinfo->sockaddr, result);
+ 		isc_event_free(&event);
+-		if (sentresponse)
++		if (!ISC_LIST_EMPTY(fctx->validators))
++			dns_validator_send(ISC_LIST_HEAD(fctx->validators));
++		else if (sentresponse)
+ 			fctx_done(fctx, result);
+ 		else
+ 			fctx_try(fctx);
+@@ -3315,6 +3343,7 @@
+ 		 * more rdatasets that still need to
+ 		 * be validated.
+ 		 */
++		dns_validator_send(ISC_LIST_HEAD(fctx->validators));
+ 		goto cleanup_event;
+ 	}
+ 
+@@ -3623,6 +3652,13 @@
+ 							   rdataset,
+ 							   sigrdataset,
+ 							   valoptions, task);
++					/*
++					 * Defer any further validations.
++					 * This prevents multiple validators
++					 * from manipulating fctx->rmessage
++					 * simultaniously.
++					 */
++					valoptions |= DNS_VALIDATOR_DEFER;
+ 				}
+ 			} else if (CHAINING(rdataset)) {
+ 				if (rdataset->type == dns_rdatatype_cname)
+@@ -6346,7 +6382,8 @@
+ 		/*
+ 		 * No one cares about the result of this fetch anymore.
+ 		 */
+-		if (fctx->pending == 0 && ISC_LIST_EMPTY(fctx->validators) &&
++		if (fctx->pending == 0 && fctx->nqueries == 0 &&
++		    ISC_LIST_EMPTY(fctx->validators) &&
+ 		    SHUTTINGDOWN(fctx)) {
+ 			/*
+ 			 * This fctx is already shutdown; we were just
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/validator.c,v
+retrieving revision 1.1.1.2.2.1
+diff -u -I__FBSDID -r1.1.1.2.2.1 validator.c
+--- contrib/bind9/lib/dns/validator.c	14 Jan 2006 10:13:45 -0000	1.1.1.2.2.1
++++ contrib/bind9/lib/dns/validator.c	9 Feb 2007 07:24:37 -0000
+@@ -2632,7 +2632,8 @@
+ 	ISC_LINK_INIT(val, link);
+ 	val->magic = VALIDATOR_MAGIC;
+ 
+-	isc_task_send(task, ISC_EVENT_PTR(&event));
++	if ((options & DNS_VALIDATOR_DEFER) == 0)
++		isc_task_send(task, ISC_EVENT_PTR(&event));
+ 
+ 	*validatorp = val;
+ 
+@@ -2650,6 +2651,21 @@
+ }
+ 
+ void
++dns_validator_send(dns_validator_t *validator) {
++	isc_event_t *event;
++	REQUIRE(VALID_VALIDATOR(validator));
++
++	LOCK(&validator->lock);
++
++	INSIST((validator->options & DNS_VALIDATOR_DEFER) != 0);
++	event = (isc_event_t *)validator->event;
++	validator->options &= ~DNS_VALIDATOR_DEFER;
++	UNLOCK(&validator->lock);
++
++	isc_task_send(validator->task, ISC_EVENT_PTR(&event));
++}
++
++void
+ dns_validator_cancel(dns_validator_t *validator) {
+ 	REQUIRE(VALID_VALIDATOR(validator));
+ 
+@@ -2663,6 +2679,12 @@
+ 
+ 		if (validator->subvalidator != NULL)
+ 			dns_validator_cancel(validator->subvalidator);
++		if ((validator->options & DNS_VALIDATOR_DEFER) != 0) {
++			isc_task_t *task = validator->event->ev_sender;
++			validator->options &= ~DNS_VALIDATOR_DEFER;
++			isc_event_free((isc_event_t **)&validator->event);
++			isc_task_detach(&task);
++		}
+ 	}
+ 	UNLOCK(&validator->lock);
+ }
+Index: contrib/bind9/lib/dns/include/dns/validator.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/include/dns/validator.h,v
+retrieving revision 1.1.1.1.4.1
+diff -u -I__FBSDID -r1.1.1.1.4.1 validator.h
+--- contrib/bind9/lib/dns/include/dns/validator.h	14 Jan 2006 10:13:45 -0000	1.1.1.1.4.1
++++ contrib/bind9/lib/dns/include/dns/validator.h	9 Feb 2007 07:24:37 -0000
+@@ -129,6 +129,7 @@
+ };
+ 
+ #define DNS_VALIDATOR_DLV 1
++#define DNS_VALIDATOR_DEFER 2
+ 
+ ISC_LANG_BEGINDECLS
+ 
+@@ -173,6 +174,15 @@
+  */
+ 
+ void
++dns_validator_send(dns_validator_t *validator);
++/*%<
++ * Send a deferred validation request
++ *
++ * Requires:
++ *	'validator' to points to a valid DNSSEC validator.
++ */
++
++void
+ dns_validator_cancel(dns_validator_t *validator);
+ /*
+  * Cancel a DNSSEC validation in progress.
diff --git a/share/security/patches/SA-07:02/bind61.patch.asc b/share/security/patches/SA-07:02/bind61.patch.asc
new file mode 100644
index 0000000000..d7f678f641
--- /dev/null
+++ b/share/security/patches/SA-07:02/bind61.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBFzNj0FdaIBMps37IRAgewAJsGgAXr5wzauYYCG/MARvzgnHlr+wCeM8ZK
+slWoM9qF/VWz7LJ0ru4+eVQ=
+=c3Iy
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:02/bind62.patch b/share/security/patches/SA-07:02/bind62.patch
new file mode 100644
index 0000000000..4e38b27a72
--- /dev/null
+++ b/share/security/patches/SA-07:02/bind62.patch
@@ -0,0 +1,257 @@
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/resolver.c,v
+retrieving revision 1.1.1.2.2.5
+diff -u -I__FBSDID -r1.1.1.2.2.5 resolver.c
+--- contrib/bind9/lib/dns/resolver.c	13 Dec 2006 09:46:57 -0000	1.1.1.2.2.5
++++ contrib/bind9/lib/dns/resolver.c	6 Feb 2007 08:11:29 -0000
+@@ -218,6 +218,11 @@
+ 	dns_name_t 			nsname; 
+ 	dns_fetch_t *			nsfetch;
+ 	dns_rdataset_t			nsrrset;
++
++	/*%
++	 * Number of queries that reference this context.
++	 */
++	unsigned int			nqueries;
+ };
+ 
+ #define FCTX_MAGIC			ISC_MAGIC('F', '!', '!', '!')
+@@ -351,6 +356,7 @@
+ 				      dns_rdataset_t *ardataset,
+ 				      isc_result_t *eresultp);
+ static void validated(isc_task_t *task, isc_event_t *event); 
++static void maybe_destroy(fetchctx_t *fctx);
+ 
+ static isc_result_t
+ valcreate(fetchctx_t *fctx, dns_adbaddrinfo_t *addrinfo, dns_name_t *name,
+@@ -369,6 +375,9 @@
+ 	valarg->fctx = fctx;
+ 	valarg->addrinfo = addrinfo;
+ 
++	if (!ISC_LIST_EMPTY(fctx->validators))
++		INSIST((valoptions & DNS_VALIDATOR_DEFER) != 0);
++
+ 	result = dns_validator_create(fctx->res->view, name, type, rdataset,
+ 				      sigrdataset, fctx->rmessage,
+ 				      valoptions, task, validated, valarg,
+@@ -515,6 +524,9 @@
+ 
+ 	INSIST(query->tcpsocket == NULL);
+ 
++	query->fctx->nqueries--;
++	if (SHUTTINGDOWN(query->fctx))
++		maybe_destroy(query->fctx);	/* Locks bucket. */
+ 	query->magic = 0;
+ 	isc_mem_put(query->mctx, query, sizeof(*query));
+ 	*queryp = NULL;
+@@ -973,6 +985,8 @@
+ 	if (result != ISC_R_SUCCESS)
+ 		return (result);
+ 
++	INSIST(ISC_LIST_EMPTY(fctx->validators));
++
+ 	dns_message_reset(fctx->rmessage, DNS_MESSAGE_INTENTPARSE);
+ 
+ 	query = isc_mem_get(res->mctx, sizeof(*query));
+@@ -1088,6 +1102,7 @@
+ 	}
+ 
+ 	ISC_LIST_APPEND(fctx->queries, query, link);
++	query->fctx->nqueries++;
+ 
+ 	return (ISC_R_SUCCESS);
+ 
+@@ -1540,7 +1555,7 @@
+ 			want_done = ISC_TRUE;
+ 		}
+ 	} else if (SHUTTINGDOWN(fctx) && fctx->pending == 0 &&
+-		   ISC_LIST_EMPTY(fctx->validators)) {
++		   fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators)) {
+ 		bucketnum = fctx->bucketnum;
+ 		LOCK(&res->buckets[bucketnum].lock);
+ 		/*
+@@ -2394,8 +2409,8 @@
+ 	REQUIRE(ISC_LIST_EMPTY(fctx->finds));
+ 	REQUIRE(ISC_LIST_EMPTY(fctx->altfinds));
+ 	REQUIRE(fctx->pending == 0);
+-	REQUIRE(ISC_LIST_EMPTY(fctx->validators));
+ 	REQUIRE(fctx->references == 0);
++	REQUIRE(ISC_LIST_EMPTY(fctx->validators));
+ 
+ 	FCTXTRACE("destroy");
+ 
+@@ -2569,7 +2584,7 @@
+ 	}
+ 
+ 	if (fctx->references == 0 && fctx->pending == 0 &&
+-	    ISC_LIST_EMPTY(fctx->validators))
++	    fctx->nqueries == 0 && ISC_LIST_EMPTY(fctx->validators))
+ 		bucket_empty = fctx_destroy(fctx);
+ 
+ 	UNLOCK(&res->buckets[bucketnum].lock);
+@@ -2610,6 +2625,7 @@
+ 		 * pending ADB finds and no pending validations.
+ 		 */
+ 		INSIST(fctx->pending == 0);
++		INSIST(fctx->nqueries == 0);
+ 		INSIST(ISC_LIST_EMPTY(fctx->validators));
+ 		if (fctx->references == 0) {
+ 			/*
+@@ -2771,6 +2787,7 @@
+ 	fctx->restarts = 0;
+ 	fctx->timeouts = 0;
+ 	fctx->attributes = 0;
++	fctx->nqueries = 0;
+ 
+ 	dns_name_init(&fctx->nsname, NULL);
+ 	fctx->nsfetch = NULL;
+@@ -3093,12 +3110,21 @@
+ 	unsigned int bucketnum;
+ 	isc_boolean_t bucket_empty = ISC_FALSE;
+ 	dns_resolver_t *res = fctx->res;
++	dns_validator_t *validator;
+ 
+ 	REQUIRE(SHUTTINGDOWN(fctx));
+ 
+-	if (fctx->pending != 0 || !ISC_LIST_EMPTY(fctx->validators))
++	if (fctx->pending != 0 || fctx->nqueries != 0)
+ 		return;
+ 
++	for (validator = ISC_LIST_HEAD(fctx->validators);
++	     validator != NULL;
++	     validator = ISC_LIST_HEAD(fctx->validators)) {
++		ISC_LIST_UNLINK(fctx->validators, validator, link);
++		dns_validator_cancel(validator);
++		dns_validator_destroy(&validator);
++	}
++
+ 	bucketnum = fctx->bucketnum;
+ 	LOCK(&res->buckets[bucketnum].lock);
+ 	if (fctx->references == 0)
+@@ -3232,7 +3258,9 @@
+ 		add_bad(fctx, &addrinfo->sockaddr, result);
+ 		isc_event_free(&event);
+ 		UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
+-		if (sentresponse)
++		if (!ISC_LIST_EMPTY(fctx->validators))
++			dns_validator_send(ISC_LIST_HEAD(fctx->validators));
++		else if (sentresponse)
+ 			fctx_done(fctx, result);	/* Locks bucket. */
+ 		else
+ 			fctx_try(fctx);			/* Locks bucket. */
+@@ -3330,6 +3358,7 @@
+ 		 * be validated.
+ 		 */
+ 		UNLOCK(&fctx->res->buckets[fctx->bucketnum].lock);
++		dns_validator_send(ISC_LIST_HEAD(fctx->validators));
+ 		goto cleanup_event;
+ 	}
+ 
+@@ -3640,6 +3669,13 @@
+ 							   rdataset,
+ 							   sigrdataset,
+ 							   valoptions, task);
++					/*
++					 * Defer any further validations.
++					 * This prevents multiple validators
++					 * from manipulating fctx->rmessage
++					 * simultaniously.
++					 */
++					valoptions |= DNS_VALIDATOR_DEFER;
+ 				}
+ 			} else if (CHAINING(rdataset)) {
+ 				if (rdataset->type == dns_rdatatype_cname)
+@@ -6371,7 +6407,8 @@
+ 		/*
+ 		 * No one cares about the result of this fetch anymore.
+ 		 */
+-		if (fctx->pending == 0 && ISC_LIST_EMPTY(fctx->validators) &&
++		if (fctx->pending == 0 && fctx->nqueries == 0 &&
++		    ISC_LIST_EMPTY(fctx->validators) &&
+ 		    SHUTTINGDOWN(fctx)) {
+ 			/*
+ 			 * This fctx is already shutdown; we were just
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/validator.c,v
+retrieving revision 1.1.1.2.2.2
+diff -u -I__FBSDID -r1.1.1.2.2.2 validator.c
+--- contrib/bind9/lib/dns/validator.c	13 Dec 2006 09:46:57 -0000	1.1.1.2.2.2
++++ contrib/bind9/lib/dns/validator.c	6 Feb 2007 08:11:31 -0000
+@@ -2825,7 +2825,8 @@
+ 	ISC_LINK_INIT(val, link);
+ 	val->magic = VALIDATOR_MAGIC;
+ 
+-	isc_task_send(task, ISC_EVENT_PTR(&event));
++	if ((options & DNS_VALIDATOR_DEFER) == 0)
++		isc_task_send(task, ISC_EVENT_PTR(&event));
+ 
+ 	*validatorp = val;
+ 
+@@ -2843,6 +2844,21 @@
+ }
+ 
+ void
++dns_validator_send(dns_validator_t *validator) {
++	isc_event_t *event;
++	REQUIRE(VALID_VALIDATOR(validator));
++
++	LOCK(&validator->lock);
++
++	INSIST((validator->options & DNS_VALIDATOR_DEFER) != 0);
++	event = (isc_event_t *)validator->event;
++	validator->options &= ~DNS_VALIDATOR_DEFER;
++	UNLOCK(&validator->lock);
++
++	isc_task_send(validator->task, ISC_EVENT_PTR(&event));
++}
++
++void
+ dns_validator_cancel(dns_validator_t *validator) {
+ 	REQUIRE(VALID_VALIDATOR(validator));
+ 
+@@ -2856,6 +2872,12 @@
+ 
+ 		if (validator->subvalidator != NULL)
+ 			dns_validator_cancel(validator->subvalidator);
++		if ((validator->options & DNS_VALIDATOR_DEFER) != 0) {
++			isc_task_t *task = validator->event->ev_sender;
++			validator->options &= ~DNS_VALIDATOR_DEFER;
++			isc_event_free((isc_event_t **)&validator->event);
++			isc_task_detach(&task);
++		}
+ 	}
+ 	UNLOCK(&validator->lock);
+ }
+Index: contrib/bind9/lib/dns/include/dns/validator.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/include/dns/validator.h,v
+retrieving revision 1.1.1.1.4.2
+diff -u -I__FBSDID -r1.1.1.1.4.2 validator.h
+--- contrib/bind9/lib/dns/include/dns/validator.h	13 Dec 2006 09:46:58 -0000	1.1.1.1.4.2
++++ contrib/bind9/lib/dns/include/dns/validator.h	6 Feb 2007 08:11:31 -0000
+@@ -144,6 +144,7 @@
+  * dns_validator_create() options.
+  */
+ #define DNS_VALIDATOR_DLV 1U
++#define DNS_VALIDATOR_DEFER 2U
+ 
+ ISC_LANG_BEGINDECLS
+ 
+@@ -192,6 +193,15 @@
+  */
+ 
+ void
++dns_validator_send(dns_validator_t *validator);
++/*%<
++ * Send a deferred validation request
++ *
++ * Requires:
++ *	'validator' to points to a valid DNSSEC validator.
++ */
++
++void
+ dns_validator_cancel(dns_validator_t *validator);
+ /*%<
+  * Cancel a DNSSEC validation in progress.
diff --git a/share/security/patches/SA-07:02/bind62.patch.asc b/share/security/patches/SA-07:02/bind62.patch.asc
new file mode 100644
index 0000000000..fb5c21806a
--- /dev/null
+++ b/share/security/patches/SA-07:02/bind62.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBFzNj8FdaIBMps37IRApj7AKCfpEiSf7W06qlR2O/MvRaKXAJHAwCfSXX3
+d0gbjkzr3sAVfasTXAvbQ0I=
+=cvdv
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:03/ipv6.patch b/share/security/patches/SA-07:03/ipv6.patch
new file mode 100644
index 0000000000..1f4c0e7664
--- /dev/null
+++ b/share/security/patches/SA-07:03/ipv6.patch
@@ -0,0 +1,66 @@
+Index: sys/netinet6/in6.h
+===================================================================
+RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6.h,v
+retrieving revision 1.36.2.7
+diff -u -r1.36.2.7 in6.h
+--- sys/netinet6/in6.h	20 Aug 2006 19:28:43 -0000	1.36.2.7
++++ sys/netinet6/in6.h	24 Apr 2007 03:11:29 -0000
+@@ -574,5 +574,6 @@
+ #define IPV6CTL_STEALTH		45
+-#define IPV6CTL_MAXID		46
++#define IPV6CTL_RTHDR0_ALLOWED  46
++#define IPV6CTL_MAXID		47
+ #endif /* __BSD_VISIBLE */
+ 
+ /*
+Index: sys/netinet6/in6_proto.c
+===================================================================
+RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/in6_proto.c,v
+retrieving revision 1.32.2.5
+diff -u -r1.32.2.5 in6_proto.c
+--- sys/netinet6/in6_proto.c	16 Oct 2006 15:11:18 -0000	1.32.2.5
++++ sys/netinet6/in6_proto.c	24 Apr 2007 07:46:54 -0000
+@@ -376,6 +376,8 @@
+ #ifdef IPSTEALTH
+ int	ip6stealth = 0;
+ #endif
++int     ip6_rthdr0_allowed = 0; /* Disallow use of routing header 0 */
++				/* by default. */
+ 
+ /* icmp6 */
+ /*
+@@ -519,6 +521,9 @@
+ SYSCTL_INT(_net_inet6_ip6, IPV6CTL_STEALTH, stealth, CTLFLAG_RW,
+ 	&ip6stealth, 0, "");
+ #endif
++SYSCTL_INT(_net_inet6_ip6, IPV6CTL_RTHDR0_ALLOWED, 
++	   rthdr0_allowed, CTLFLAG_RW, &ip6_rthdr0_allowed, 0, "");
++
+ 
+ /* net.inet6.icmp6 */
+ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_REDIRACCEPT,
+Index: sys/netinet6/route6.c
+===================================================================
+RCS file: /sources/FreeBSD-CVS/src/sys/netinet6/route6.c,v
+retrieving revision 1.11.2.1
+diff -u -r1.11.2.1 route6.c
+--- sys/netinet6/route6.c	4 Nov 2005 20:26:15 -0000	1.11.2.1
++++ sys/netinet6/route6.c	24 Apr 2007 08:06:00 -0000
+@@ -49,6 +49,8 @@
+ 
+ #include <netinet/icmp6.h>
+ 
++extern int ip6_rthdr0_allowed;
++
+ static int ip6_rthdr0 __P((struct mbuf *, struct ip6_hdr *,
+     struct ip6_rthdr0 *));
+ 
+@@ -88,6 +90,8 @@
+ 
+ 	switch (rh->ip6r_type) {
+ 	case IPV6_RTHDR_TYPE_0:
++		if (!ip6_rthdr0_allowed)
++			return (IPPROTO_DONE);
+ 		rhlen = (rh->ip6r_len + 1) << 3;
+ #ifndef PULLDOWN_TEST
+ 		/*
diff --git a/share/security/patches/SA-07:03/ipv6.patch.asc b/share/security/patches/SA-07:03/ipv6.patch.asc
new file mode 100644
index 0000000000..af28a7a060
--- /dev/null
+++ b/share/security/patches/SA-07:03/ipv6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.6 (FreeBSD)
+
+iD8DBQBGMTl8FdaIBMps37IRAmMAAJkBlolsolVdaS1E8iHeNDJPUnw1RQCfZZzT
+uP/k/3AVh+GOFos9ykmF/ig=
+=S5qA
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:04/file5.patch b/share/security/patches/SA-07:04/file5.patch
new file mode 100644
index 0000000000..e1cdd39094
--- /dev/null
+++ b/share/security/patches/SA-07:04/file5.patch
@@ -0,0 +1,125 @@
+Index: contrib/file/file.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/file/file.h,v
+retrieving revision 1.1.1.7
+diff -u -I__FBSDID -I$FreeBSD -r1.1.1.7 file.h
+--- contrib/file/file.h	9 Aug 2004 08:45:39 -0000	1.1.1.7
++++ contrib/file/file.h	17 May 2007 17:05:04 -0000
+@@ -225,7 +225,7 @@
+ 	/* Accumulation buffer */
+ 	char *buf;
+ 	char *ptr;
+-	size_t len;
++	size_t left;
+ 	size_t size;
+ 	/* Printable buffer */
+ 	char *pbuf;
+Index: contrib/file/funcs.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/file/funcs.c,v
+retrieving revision 1.1.1.1
+diff -u -I__FBSDID -I$FreeBSD -r1.1.1.1 funcs.c
+--- contrib/file/funcs.c	9 Aug 2004 08:45:39 -0000	1.1.1.1
++++ contrib/file/funcs.c	17 May 2007 17:05:04 -0000
+@@ -28,6 +28,7 @@
+  */
+ #include "file.h"
+ #include "magic.h"
++#include <limits.h>
+ #include <stdarg.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -43,27 +44,31 @@
+ file_printf(struct magic_set *ms, const char *fmt, ...)
+ {
+ 	va_list ap;
+-	size_t len;
++	size_t len, size;
+ 	char *buf;
+ 
+ 	va_start(ap, fmt);
+ 
+-	if ((len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap)) >= ms->o.len) {
++	if ((len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap)) >= ms->o.left) {
++		long diff;  /* XXX: really ptrdiff_t */
++
+ 		va_end(ap);
+-		if ((buf = realloc(ms->o.buf, len + 1024)) == NULL) {
++		size = (ms->o.size - ms->o.left) + len + 1024;
++		if ((buf = realloc(ms->o.buf, size)) == NULL) {
+ 			file_oomem(ms);
+ 			return -1;
+ 		}
+-		ms->o.ptr = buf + (ms->o.ptr - ms->o.buf);
++		diff = ms->o.ptr - ms->o.buf;
++		ms->o.ptr = buf + diff;
+ 		ms->o.buf = buf;
+-		ms->o.len = ms->o.size - (ms->o.ptr - ms->o.buf);
+-		ms->o.size = len + 1024;
++		ms->o.left = size - diff;
++		ms->o.size = size;
+ 
+ 		va_start(ap, fmt);
+-		len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap);
++		len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap);
+ 	}
+ 	ms->o.ptr += len;
+-	ms->o.len -= len;
++	ms->o.left -= len;
+ 	va_end(ap);
+ 	return 0;
+ }
+@@ -152,8 +157,8 @@
+ protected const char *
+ file_getbuffer(struct magic_set *ms)
+ {
+-	char *nbuf, *op, *np;
+-	size_t nsize;
++	char *pbuf, *op, *np;
++	size_t psize, len;
+ 
+ 	if (ms->haderr)
+ 		return NULL;
+@@ -161,14 +166,20 @@
+ 	if (ms->flags & MAGIC_RAW)
+ 		return ms->o.buf;
+ 
+-	nsize = ms->o.len * 4 + 1;
+-	if (ms->o.psize < nsize) {
+-		if ((nbuf = realloc(ms->o.pbuf, nsize)) == NULL) {
++	len = ms->o.size - ms->o.left;
++	if (len > (SIZE_T_MAX - 1) / 4) {
++		file_oomem(ms);
++		return NULL;
++	}
++	/* * 4 is for octal representation, + 1 is for NUL */
++	psize = len * 4 + 1;
++	if (ms->o.psize < psize) {
++		if ((pbuf = realloc(ms->o.pbuf, psize)) == NULL) {
+ 			file_oomem(ms);
+ 			return NULL;
+ 		}
+-		ms->o.psize = nsize;
+-		ms->o.pbuf = nbuf;
++		ms->o.psize = psize;
++		ms->o.pbuf = pbuf;
+ 	}
+ 
+ 	for (np = ms->o.pbuf, op = ms->o.buf; *op; op++) {
+Index: contrib/file/magic.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/file/magic.c,v
+retrieving revision 1.1.1.1
+diff -u -I__FBSDID -I$FreeBSD -r1.1.1.1 magic.c
+--- contrib/file/magic.c	9 Aug 2004 08:45:39 -0000	1.1.1.1
++++ contrib/file/magic.c	17 May 2007 17:05:04 -0000
+@@ -92,8 +92,7 @@
+ 		return NULL;
+ 	}
+ 
+-	ms->o.ptr = ms->o.buf = malloc(ms->o.size = 1024);
+-	ms->o.len = 0;
++	ms->o.ptr = ms->o.buf = malloc(ms->o.left = ms->o.size = 1024);
+ 	if (ms->o.buf == NULL) {
+ 		free(ms);
+ 		return NULL;
diff --git a/share/security/patches/SA-07:04/file5.patch.asc b/share/security/patches/SA-07:04/file5.patch.asc
new file mode 100644
index 0000000000..76d3a13eaf
--- /dev/null
+++ b/share/security/patches/SA-07:04/file5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBGVGjtFdaIBMps37IRApDpAJ9JFvq/4bzQItBAIeREF66AyPGrFQCeKsF5
+qO3tfUQsWzvt43igbd0Qfr0=
+=HB3d
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:04/file6.patch b/share/security/patches/SA-07:04/file6.patch
new file mode 100644
index 0000000000..c86df64c0c
--- /dev/null
+++ b/share/security/patches/SA-07:04/file6.patch
@@ -0,0 +1,132 @@
+Index: contrib/file/file.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/file/file.h,v
+retrieving revision 1.1.1.8
+diff -u -I__FBSDID -I$FreeBSD -r1.1.1.8 file.h
+--- contrib/file/file.h	28 Dec 2004 04:31:45 -0000	1.1.1.8
++++ contrib/file/file.h	17 May 2007 17:09:58 -0000
+@@ -226,7 +226,7 @@
+ 	/* Accumulation buffer */
+ 	char *buf;
+ 	char *ptr;
+-	size_t len;
++	size_t left;
+ 	size_t size;
+ 	/* Printable buffer */
+ 	char *pbuf;
+Index: contrib/file/funcs.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/file/funcs.c,v
+retrieving revision 1.1.1.2
+diff -u -I__FBSDID -I$FreeBSD -r1.1.1.2 funcs.c
+--- contrib/file/funcs.c	28 Dec 2004 04:31:45 -0000	1.1.1.2
++++ contrib/file/funcs.c	17 May 2007 17:09:58 -0000
+@@ -26,6 +26,7 @@
+  */
+ #include "file.h"
+ #include "magic.h"
++#include <limits.h>
+ #include <stdarg.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -41,27 +42,31 @@
+ file_printf(struct magic_set *ms, const char *fmt, ...)
+ {
+ 	va_list ap;
+-	size_t len;
++	size_t len, size;
+ 	char *buf;
+ 
+ 	va_start(ap, fmt);
+ 
+-	if ((len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap)) >= ms->o.len) {
++	if ((len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap)) >= ms->o.left) {
++		long diff;  /* XXX: really ptrdiff_t */
++
+ 		va_end(ap);
+-		if ((buf = realloc(ms->o.buf, len + 1024)) == NULL) {
++		size = (ms->o.size - ms->o.left) + len + 1024;
++		if ((buf = realloc(ms->o.buf, size)) == NULL) {
+ 			file_oomem(ms);
+ 			return -1;
+ 		}
+-		ms->o.ptr = buf + (ms->o.ptr - ms->o.buf);
++		diff = ms->o.ptr - ms->o.buf;
++		ms->o.ptr = buf + diff;
+ 		ms->o.buf = buf;
+-		ms->o.len = ms->o.size - (ms->o.ptr - ms->o.buf);
+-		ms->o.size = len + 1024;
++		ms->o.left = size - diff;
++		ms->o.size = size;
+ 
+ 		va_start(ap, fmt);
+-		len = vsnprintf(ms->o.ptr, ms->o.len, fmt, ap);
++		len = vsnprintf(ms->o.ptr, ms->o.left, fmt, ap);
+ 	}
+ 	ms->o.ptr += len;
+-	ms->o.len -= len;
++	ms->o.left -= len;
+ 	va_end(ap);
+ 	return 0;
+ }
+@@ -150,8 +155,8 @@
+ protected const char *
+ file_getbuffer(struct magic_set *ms)
+ {
+-	char *nbuf, *op, *np;
+-	size_t nsize;
++	char *pbuf, *op, *np;
++	size_t psize, len;
+ 
+ 	if (ms->haderr)
+ 		return NULL;
+@@ -159,14 +164,20 @@
+ 	if (ms->flags & MAGIC_RAW)
+ 		return ms->o.buf;
+ 
+-	nsize = ms->o.len * 4 + 1;
+-	if (ms->o.psize < nsize) {
+-		if ((nbuf = realloc(ms->o.pbuf, nsize)) == NULL) {
++	len = ms->o.size - ms->o.left;
++	if (len > (SIZE_T_MAX - 1) / 4) {
++		file_oomem(ms);
++		return NULL;
++	}
++	/* * 4 is for octal representation, + 1 is for NUL */
++	psize = len * 4 + 1;
++	if (ms->o.psize < psize) {
++		if ((pbuf = realloc(ms->o.pbuf, psize)) == NULL) {
+ 			file_oomem(ms);
+ 			return NULL;
+ 		}
+-		ms->o.psize = nsize;
+-		ms->o.pbuf = nbuf;
++		ms->o.psize = psize;
++		ms->o.pbuf = pbuf;
+ 	}
+ 
+ 	for (np = ms->o.pbuf, op = ms->o.buf; *op; op++) {
+Index: contrib/file/magic.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/file/magic.c,v
+retrieving revision 1.1.1.2
+diff -u -I__FBSDID -I$FreeBSD -r1.1.1.2 magic.c
+--- contrib/file/magic.c	28 Dec 2004 04:31:45 -0000	1.1.1.2
++++ contrib/file/magic.c	17 May 2007 17:09:58 -0000
+@@ -89,7 +89,7 @@
+ 		goto free1;
+ 	}
+ 
+-	ms->o.ptr = ms->o.buf = malloc(ms->o.size = 1024);
++	ms->o.ptr = ms->o.buf = malloc(ms->o.left = ms->o.size = 1024);
+ 	if (ms->o.buf == NULL)
+ 		goto free1;
+ 
+@@ -101,7 +101,6 @@
+ 	if (ms->c.off == NULL)
+ 		goto free3;
+ 	
+-	ms->o.len = 0;
+ 	ms->haderr = 0;
+ 	ms->error = -1;
+ 	ms->mlist = NULL;
diff --git a/share/security/patches/SA-07:04/file6.patch.asc b/share/security/patches/SA-07:04/file6.patch.asc
new file mode 100644
index 0000000000..3b91c67559
--- /dev/null
+++ b/share/security/patches/SA-07:04/file6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBGVGj0FdaIBMps37IRAvf/AJ0QGMbmg+iVhVGt/MU81qp1K7jhewCaAjDS
+fc90iNICMags8rWKSVaLnU8=
+=rofZ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:05/libarchive.patch b/share/security/patches/SA-07:05/libarchive.patch
new file mode 100644
index 0000000000..ade2cbe59d
--- /dev/null
+++ b/share/security/patches/SA-07:05/libarchive.patch
@@ -0,0 +1,231 @@
+Index: lib/libarchive/archive_read_support_format_tar.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libarchive/archive_read_support_format_tar.c,v
+retrieving revision 1.32.2.2
+diff -u -I__FBSDID -I$FreeBSD -r1.32.2.2 archive_read_support_format_tar.c
+--- lib/libarchive/archive_read_support_format_tar.c	5 Sep 2006 05:23:51 -0000	1.32.2.2
++++ lib/libarchive/archive_read_support_format_tar.c	10 Jul 2007 09:10:24 -0000
+@@ -670,7 +670,13 @@
+ 		}
+ 	}
+ 	--tar->header_recursion_depth;
+-	return (err);
++	/* We return warnings or success as-is.  Anything else is fatal. */
++	if (err == ARCHIVE_WARN || err == ARCHIVE_OK)
++		return (err);
++	if (err == ARCHIVE_EOF)
++		/* EOF when recursively reading a header is bad. */
++		archive_set_error(a, EINVAL, "Damaged tar archive");
++	return (ARCHIVE_FATAL);
+ }
+ 
+ /*
+@@ -741,32 +747,55 @@
+ header_Solaris_ACL(struct archive *a, struct tar *tar,
+     struct archive_entry *entry, struct stat *st, const void *h)
+ {
+-	int err, err2;
+-	char *p;
++	const struct archive_entry_header_ustar *header;
++	size_t size;
++	int err;
++	char *acl, *p;
+ 	wchar_t *wp;
+ 
++	/*
++	 * read_body_to_string adds a NUL terminator, but we need a little
++	 * more to make sure that we don't overrun acl_text later.
++	 */
++	header = (const struct archive_entry_header_ustar *)h;
++	size = tar_atol(header->size, sizeof(header->size));
+ 	err = read_body_to_string(a, tar, &(tar->acl_text), h);
+-	err2 = tar_read_header(a, tar, entry, st);
+-	err = err_combine(err, err2);
+-
+-	/* XXX Ensure p doesn't overrun acl_text */
++	if (err != ARCHIVE_OK)
++		return (err);
++	err = tar_read_header(a, tar, entry, st);
++	if ((err != ARCHIVE_OK) && (err != ARCHIVE_WARN))
++		return (err);
+ 
+ 	/* Skip leading octal number. */
+ 	/* XXX TODO: Parse the octal number and sanity-check it. */
+-	p = tar->acl_text.s;
+-	while (*p != '\0')
++	p = acl = tar->acl_text.s;
++	while (*p != '\0' && p < acl + size)
+ 		p++;
+ 	p++;
+ 
+-	wp = malloc((strlen(p) + 1) * sizeof(wchar_t));
+-	if (wp != NULL) {
+-		utf8_decode(wp, p, strlen(p));
+-		err2 = __archive_entry_acl_parse_w(entry, wp,
+-		    ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
+-		err = err_combine(err, err2);
+-		free(wp);
++	if (p >= acl + size) {
++		archive_set_error(a, ARCHIVE_ERRNO_MISC,
++		    "Malformed Solaris ACL attribute");
++		return(ARCHIVE_WARN);
+ 	}
+ 
++	/* Skip leading octal number. */
++	size -= (p - acl);
++	acl = p;
++
++	while (*p != '\0' && p < acl + size)
++		p++;
++
++	wp = malloc((p - acl + 1) * sizeof(wchar_t));
++	if (wp == NULL) {
++		archive_set_error(a, ENOMEM,
++		    "Can't allocate work buffer for ACL parsing");
++		return (ARCHIVE_FATAL);
++	}
++	utf8_decode(wp, acl, p - acl);
++	err = __archive_entry_acl_parse_w(entry, wp,
++	    ARCHIVE_ENTRY_ACL_TYPE_ACCESS);
++	free(wp);
+ 	return (err);
+ }
+ 
+@@ -777,15 +806,17 @@
+ header_longlink(struct archive *a, struct tar *tar,
+     struct archive_entry *entry, struct stat *st, const void *h)
+ {
+-	int err, err2;
++	int err;
+ 
+ 	err = read_body_to_string(a, tar, &(tar->longlink), h);
+-	err2 = tar_read_header(a, tar, entry, st);
+-	if (err == ARCHIVE_OK && err2 == ARCHIVE_OK) {
+-		/* Set symlink if symlink already set, else hardlink. */
+-		archive_entry_set_link(entry, tar->longlink.s);
+-	}
+-	return (err_combine(err, err2));
++	if (err != ARCHIVE_OK)
++		return (err);
++	err = tar_read_header(a, tar, entry, st);
++	if ((err != ARCHIVE_OK) && (err != ARCHIVE_WARN))
++		return (err);
++	/* Set symlink if symlink already set, else hardlink. */
++	archive_entry_set_link(entry, tar->longlink.s);
++	return (ARCHIVE_OK);
+ }
+ 
+ /*
+@@ -795,14 +826,17 @@
+ header_longname(struct archive *a, struct tar *tar,
+     struct archive_entry *entry, struct stat *st, const void *h)
+ {
+-	int err, err2;
++	int err;
+ 
+ 	err = read_body_to_string(a, tar, &(tar->longname), h);
++	if (err != ARCHIVE_OK)
++		return (err);
+ 	/* Read and parse "real" header, then override name. */
+-	err2 = tar_read_header(a, tar, entry, st);
+-	if (err == ARCHIVE_OK && err2 == ARCHIVE_OK)
+-		archive_entry_set_pathname(entry, tar->longname.s);
+-	return (err_combine(err, err2));
++	err = tar_read_header(a, tar, entry, st);
++	if ((err != ARCHIVE_OK) && (err != ARCHIVE_WARN))
++		return (err);
++	archive_entry_set_pathname(entry, tar->longname.s);
++	return (ARCHIVE_OK);
+ }
+ 
+ 
+@@ -836,12 +870,20 @@
+ 	header = h;
+ 	size  = tar_atol(header->size, sizeof(header->size));
+ 
++	/* Sanity check. */
++	if ((size > 1048576) || (size < 0)) {
++		archive_set_error(a, EINVAL, "Special header too large");
++		return (ARCHIVE_FATAL);
++	}
++
+ 	/* Read the body into the string. */
+ 	archive_string_ensure(as, size+1);
+ 	padded_size = (size + 511) & ~ 511;
+ 	dest = as->s;
+ 	while (padded_size > 0) {
+ 		bytes_read = (a->compression_read_ahead)(a, &src, padded_size);
++		if (bytes_read == 0)
++			return (ARCHIVE_EOF);
+ 		if (bytes_read < 0)
+ 			return (ARCHIVE_FATAL);
+ 		if (bytes_read > padded_size)
+@@ -1027,11 +1069,13 @@
+ header_pax_global(struct archive *a, struct tar *tar,
+     struct archive_entry *entry, struct stat *st, const void *h)
+ {
+-	int err, err2;
++	int err;
+ 
+ 	err = read_body_to_string(a, tar, &(tar->pax_global), h);
+-	err2 = tar_read_header(a, tar, entry, st);
+-	return (err_combine(err, err2));
++	if (err != ARCHIVE_OK)
++		return (err);
++	err = tar_read_header(a, tar, entry, st);
++	return (err);
+ }
+ 
+ static int
+@@ -1040,10 +1084,14 @@
+ {
+ 	int err, err2;
+ 
+-	read_body_to_string(a, tar, &(tar->pax_header), h);
++	err = read_body_to_string(a, tar, &(tar->pax_header), h);
++	if (err != ARCHIVE_OK)
++		return (err);
+ 
+ 	/* Parse the next header. */
+ 	err = tar_read_header(a, tar, entry, st);
++	if ((err != ARCHIVE_OK) && (err != ARCHIVE_WARN))
++		return (err);
+ 
+ 	/*
+ 	 * TODO: Parse global/default options into 'entry' struct here
+@@ -1141,8 +1189,11 @@
+ 				l--;
+ 				break;
+ 			}
+-			if (*p < '0' || *p > '9')
+-				return (-1);
++			if (*p < '0' || *p > '9') {
++				archive_set_error(a, ARCHIVE_ERRNO_MISC,
++				    "Ignoring malformed pax extended attributes");
++				return (ARCHIVE_WARN);
++			}
+ 			line_length *= 10;
+ 			line_length += *p - '0';
+ 			if (line_length > 999999) {
+@@ -1154,8 +1205,19 @@
+ 			l--;
+ 		}
+ 
+-		if (line_length > attr_length)
+-			return (0);
++		/*
++		 * Parsed length must be no bigger than available data,
++		 * at least 1, and the last character of the line must
++		 * be '\n'.
++		 */
++		if (line_length > attr_length
++		    || line_length < 1
++		    || attr[line_length - 1] != '\n')
++		{
++			archive_set_error(a, ARCHIVE_ERRNO_MISC,
++			    "Ignoring malformed pax extended attribute");
++			return (ARCHIVE_WARN);
++		}
+ 
+ 		/* Ensure pax_entry buffer is big enough. */
+ 		if (tar->pax_entry_length <= line_length) {
diff --git a/share/security/patches/SA-07:05/libarchive.patch.asc b/share/security/patches/SA-07:05/libarchive.patch.asc
new file mode 100644
index 0000000000..806b425e79
--- /dev/null
+++ b/share/security/patches/SA-07:05/libarchive.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBGljoBFdaIBMps37IRAtZ9AJ9o2lWVhirm8oL/gMzszSo9EovmJACeKJcq
+skEPFZoeCjHysNVMDf21lIw=
+=KTEX
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:06/tcpdump.patch b/share/security/patches/SA-07:06/tcpdump.patch
new file mode 100644
index 0000000000..e6e5c8fcb2
--- /dev/null
+++ b/share/security/patches/SA-07:06/tcpdump.patch
@@ -0,0 +1,89 @@
+Index: contrib/tcpdump/print-bgp.c
+===================================================================
+RCS file: /usr/ncvs/src/contrib/tcpdump/print-bgp.c,v
+retrieving revision 1.1.1.5.2.1
+diff -u -r1.1.1.5.2.1 print-bgp.c
+--- contrib/tcpdump/print-bgp.c	8 Jun 2005 21:26:27 -0000	1.1.1.5.2.1
++++ contrib/tcpdump/print-bgp.c	22 Jul 2007 00:33:54 -0000
+@@ -618,6 +618,26 @@
+ 	return -2;
+ }
+ 
++/*
++ * As I remember, some versions of systems have an snprintf() that
++ * returns -1 if the buffer would have overflowed.  If the return
++ * value is negative, set buflen to 0, to indicate that we've filled
++ * the buffer up.
++ *
++ * If the return value is greater than buflen, that means that
++ * the buffer would have overflowed; again, set buflen to 0 in
++ * that case.
++ */
++#define UPDATE_BUF_BUFLEN(buf, buflen, strlen) \
++    if (strlen<0) \
++       	buflen=0; \
++    else if ((u_int)strlen>buflen) \
++        buflen=0; \
++    else { \
++        buflen-=strlen; \
++	buf+=strlen; \
++    }
++
+ static int
+ decode_labeled_vpn_l2(const u_char *pptr, char *buf, u_int buflen)
+ {
+@@ -628,11 +648,13 @@
+         tlen=plen;
+         pptr+=2;
+ 	TCHECK2(pptr[0],15);
++	buf[0]='\0';
+         strlen=snprintf(buf, buflen, "RD: %s, CE-ID: %u, Label-Block Offset: %u, Label Base %u",
+                         bgp_vpn_rd_print(pptr),
+                         EXTRACT_16BITS(pptr+8),
+                         EXTRACT_16BITS(pptr+10),
+                         EXTRACT_24BITS(pptr+12)>>4); /* the label is offsetted by 4 bits so lets shift it right */
++        UPDATE_BUF_BUFLEN(buf, buflen, strlen);
+         pptr+=15;
+         tlen-=15;
+ 
+@@ -648,23 +670,32 @@
+ 
+             switch(tlv_type) {
+             case 1:
+-                strlen+=snprintf(buf+strlen,buflen-strlen, "\n\t\tcircuit status vector (%u) length: %u: 0x",
+-                                 tlv_type,
+-                                 tlv_len);
++                if (buflen!=0) {
++                    strlen=snprintf(buf,buflen, "\n\t\tcircuit status vector (%u) length: %u: 0x",
++                                    tlv_type,
++                                    tlv_len);
++                    UPDATE_BUF_BUFLEN(buf, buflen, strlen);
++                }
+                 ttlv_len=ttlv_len/8+1; /* how many bytes do we need to read ? */
+                 while (ttlv_len>0) {
+                     TCHECK(pptr[0]);
+-                    strlen+=snprintf(buf+strlen,buflen-strlen, "%02x",*pptr++);
++                    if (buflen!=0) {
++                        strlen=snprintf(buf,buflen, "%02x",*pptr++);
++                        UPDATE_BUF_BUFLEN(buf, buflen, strlen);
++                    }
+                     ttlv_len--;
+                 }
+                 break;
+             default:
+-                snprintf(buf+strlen,buflen-strlen, "\n\t\tunknown TLV #%u, length: %u",
+-                         tlv_type,
+-                         tlv_len);
++                if (buflen!=0) {
++                    strlen=snprintf(buf,buflen, "\n\t\tunknown TLV #%u, length: %u",
++                                    tlv_type,
++                                    tlv_len);
++                    UPDATE_BUF_BUFLEN(buf, buflen, strlen);
++                }
+                 break;
+             }
+-            tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so lets shift it tright */
++            tlen-=(tlv_len<<3); /* the tlv-length is expressed in bits so lets shift it right */
+         }
+         return plen+2;
+ 
diff --git a/share/security/patches/SA-07:06/tcpdump.patch.asc b/share/security/patches/SA-07:06/tcpdump.patch.asc
new file mode 100644
index 0000000000..8a5559d376
--- /dev/null
+++ b/share/security/patches/SA-07:06/tcpdump.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBGsPhkFdaIBMps37IRAlYdAJ0VzZsZb8uoVAZRk/JM6Cc0AN2JlgCfds/F
+bwxZ0/syq+TJoBjeL4afERY=
+=dPVf
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:07/bind.patch b/share/security/patches/SA-07:07/bind.patch
new file mode 100644
index 0000000000..fad1e1eb7d
--- /dev/null
+++ b/share/security/patches/SA-07:07/bind.patch
@@ -0,0 +1,670 @@
+Index: contrib/bind9/bin/named/client.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/bin/named/client.c,v
+retrieving revision 1.1.1.2.2.1.4.1
+diff -u -d -r1.1.1.2.2.1.4.1 client.c
+--- contrib/bind9/bin/named/client.c	13 Dec 2006 09:52:17 -0000	1.1.1.2.2.1.4.1
++++ contrib/bind9/bin/named/client.c	30 Jul 2007 21:30:21 -0000
+@@ -1349,6 +1349,14 @@
+ 	}
+ 
+ 	/*
++	 * Hash the incoming request here as it is after
++	 * dns_dispatch_importrecv().
++	 */
++	dns_dispatch_hash(&client->now, sizeof(client->now));
++	dns_dispatch_hash(isc_buffer_base(buffer),
++			  isc_buffer_usedlength(buffer));
++
++	/*
+ 	 * It's a request.  Parse it.
+ 	 */
+ 	result = dns_message_parse(client->message, buffer, 0);
+Index: contrib/bind9/lib/dns/dispatch.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/dispatch.c,v
+retrieving revision 1.1.1.1.10.1
+diff -u -d -r1.1.1.1.10.1 dispatch.c
+--- contrib/bind9/lib/dns/dispatch.c	13 Dec 2006 09:52:24 -0000	1.1.1.1.10.1
++++ contrib/bind9/lib/dns/dispatch.c	30 Jul 2007 21:31:09 -0000
+@@ -20,14 +20,16 @@
+ #include <config.h>
+ 
+ #include <stdlib.h>
++#include <sys/types.h>
++#include <unistd.h>
+ 
+ #include <isc/entropy.h>
+-#include <isc/lfsr.h>
+ #include <isc/mem.h>
+ #include <isc/mutex.h>
+ #include <isc/print.h>
+ #include <isc/string.h>
+ #include <isc/task.h>
++#include <isc/time.h>
+ #include <isc/util.h>
+ 
+ #include <dns/acl.h>
+@@ -41,13 +43,22 @@
+ 
+ typedef ISC_LIST(dns_dispentry_t)	dns_displist_t;
+ 
++typedef struct dns_nsid {
++	isc_uint16_t	nsid_state;
++	isc_uint16_t	*nsid_vtable;
++	isc_uint16_t	*nsid_pool;
++	isc_uint16_t	nsid_a1, nsid_a2, nsid_a3;
++	isc_uint16_t	nsid_c1, nsid_c2, nsid_c3;
++	isc_uint16_t	nsid_state2;
++	isc_boolean_t	nsid_usepool;
++} dns_nsid_t;
++
+ typedef struct dns_qid {
+ 	unsigned int	magic;
+ 	unsigned int	qid_nbuckets;	/* hash table size */
+ 	unsigned int	qid_increment;	/* id increment on collision */
+ 	isc_mutex_t	lock;
+-	isc_lfsr_t	qid_lfsr1;	/* state generator info */
+-	isc_lfsr_t	qid_lfsr2;	/* state generator info */
++	dns_nsid_t	nsid;
+ 	dns_displist_t	*qid_table;	/* the table itself */
+ } dns_qid_t;
+ 
+@@ -156,7 +167,7 @@
+ static void udp_recv(isc_task_t *, isc_event_t *);
+ static void tcp_recv(isc_task_t *, isc_event_t *);
+ static void startrecv(dns_dispatch_t *);
+-static dns_messageid_t dns_randomid(dns_qid_t *);
++static dns_messageid_t dns_randomid(dns_nsid_t *);
+ static isc_uint32_t dns_hash(dns_qid_t *, isc_sockaddr_t *, dns_messageid_t);
+ static void free_buffer(dns_dispatch_t *disp, void *buf, unsigned int len);
+ static void *allocate_udp_buffer(dns_dispatch_t *disp);
+@@ -177,8 +188,12 @@
+ static isc_boolean_t destroy_mgr_ok(dns_dispatchmgr_t *mgr);
+ static void destroy_mgr(dns_dispatchmgr_t **mgrp);
+ static isc_result_t qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
+-				 unsigned int increment, dns_qid_t **qidp);
++				 unsigned int increment, isc_boolean_t usepool,
++				 dns_qid_t **qidp);
+ static void qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp);
++static isc_uint16_t nsid_next(dns_nsid_t *nsid);
++static isc_result_t nsid_init(isc_mem_t *mctx, dns_nsid_t *nsid, isc_boolean_t usepool);
++static void nsid_destroy(isc_mem_t *mctx, dns_nsid_t *nsid);
+ 
+ #define LVL(x) ISC_LOG_DEBUG(x)
+ 
+@@ -258,38 +273,16 @@
+ 	}
+ }
+ 
+-static void
+-reseed_lfsr(isc_lfsr_t *lfsr, void *arg)
+-{
+-	dns_dispatchmgr_t *mgr = arg;
+-	isc_result_t result;
+-	isc_uint32_t val;
+-
+-	REQUIRE(VALID_DISPATCHMGR(mgr));
+-
+-	if (mgr->entropy != NULL) {
+-		result = isc_entropy_getdata(mgr->entropy, &val, sizeof(val),
+-					     NULL, 0);
+-		INSIST(result == ISC_R_SUCCESS);
+-		lfsr->count = (val & 0x1f) + 32;
+-		lfsr->state = val;
+-		return;
+-	}
+-
+-	lfsr->count = (random() & 0x1f) + 32;	/* From 32 to 63 states */
+-	lfsr->state = random();
+-}
+-
+ /*
+  * Return an unpredictable message ID.
+  */
+ static dns_messageid_t
+-dns_randomid(dns_qid_t *qid) {
++dns_randomid(dns_nsid_t *nsid) {
+ 	isc_uint32_t id;
+ 
+-	id = isc_lfsr_generate32(&qid->qid_lfsr1, &qid->qid_lfsr2);
++	id = nsid_next(nsid);
+ 
+-	return (dns_messageid_t)(id & 0xFFFF);
++	return ((dns_messageid_t)id);
+ }
+ 
+ /*
+@@ -629,6 +622,9 @@
+ 		goto restart;
+ 	}
+ 
++	dns_dispatch_hash(&ev->timestamp, sizeof(&ev->timestamp));
++	dns_dispatch_hash(ev->region.base, ev->region.length);
++
+ 	/* response */
+ 	bucket = dns_hash(qid, &ev->address, id);
+ 	LOCK(&qid->lock);
+@@ -863,6 +859,8 @@
+ 		goto restart;
+ 	}
+ 
++	dns_dispatch_hash(tcpmsg->buffer.base, tcpmsg->buffer.length);
++
+ 	/*
+ 	 * Response.
+ 	 */
+@@ -1246,7 +1244,7 @@
+ 	isc_mempool_setmaxalloc(mgr->bpool, maxbuffers);
+ 	isc_mempool_associatelock(mgr->bpool, &mgr->pool_lock);
+ 
+-	result = qid_allocate(mgr, buckets, increment, &mgr->qid);
++	result = qid_allocate(mgr, buckets, increment, ISC_TRUE, &mgr->qid);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto cleanup;
+ 
+@@ -1392,7 +1390,7 @@
+ 
+ static isc_result_t
+ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
+-	     unsigned int increment, dns_qid_t **qidp)
++	     unsigned int increment, isc_boolean_t usepool, dns_qid_t **qidp)
+ {
+ 	dns_qid_t *qid;
+ 	unsigned int i;
+@@ -1413,8 +1411,16 @@
+ 		return (ISC_R_NOMEMORY);
+ 	}
+ 
++	if (nsid_init(mgr->mctx, &qid->nsid, usepool) != ISC_R_SUCCESS) {
++		isc_mem_put(mgr->mctx, qid->qid_table,
++			    buckets * sizeof(dns_displist_t));
++		isc_mem_put(mgr->mctx, qid, sizeof(*qid));
++		return (ISC_R_NOMEMORY);
++	}
++
+ 	if (isc_mutex_init(&qid->lock) != ISC_R_SUCCESS) {
+ 		UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_mutex_init failed");
++		nsid_destroy(mgr->mctx, &qid->nsid);
+ 		isc_mem_put(mgr->mctx, qid->qid_table,
+ 			    buckets * sizeof(dns_displist_t));
+ 		isc_mem_put(mgr->mctx, qid, sizeof(*qid));
+@@ -1427,21 +1433,6 @@
+ 	qid->qid_nbuckets = buckets;
+ 	qid->qid_increment = increment;
+ 	qid->magic = QID_MAGIC;
+-
+-	/*
+-	 * Initialize to a 32-bit LFSR.  Both of these are from Applied
+-	 * Cryptography.
+-	 *
+-	 * lfsr1:
+-	 *	x^32 + x^7 + x^5 + x^3 + x^2 + x + 1
+-	 *
+-	 * lfsr2:
+-	 *	x^32 + x^7 + x^6 + x^2 + 1
+-	 */
+-	isc_lfsr_init(&qid->qid_lfsr1, 0, 32, 0x80000057U,
+-		      0, reseed_lfsr, mgr);
+-	isc_lfsr_init(&qid->qid_lfsr2, 0, 32, 0x80000062U,
+-		      0, reseed_lfsr, mgr);
+ 	*qidp = qid;
+ 	return (ISC_R_SUCCESS);
+ }
+@@ -1457,6 +1448,7 @@
+ 
+ 	*qidp = NULL;
+ 	qid->magic = 0;
++	nsid_destroy(mctx, &qid->nsid);
+ 	isc_mem_put(mctx, qid->qid_table,
+ 		    qid->qid_nbuckets * sizeof(dns_displist_t));
+ 	DESTROYLOCK(&qid->lock);
+@@ -1600,7 +1592,7 @@
+ 		return (result);
+ 	}
+ 
+-	result = qid_allocate(mgr, buckets, increment, &disp->qid);
++	result = qid_allocate(mgr, buckets, increment, ISC_FALSE, &disp->qid);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto deallocate_dispatch;
+ 
+@@ -1921,7 +1913,7 @@
+ 	 */
+ 	qid = DNS_QID(disp);
+ 	LOCK(&qid->lock);
+-	id = dns_randomid(qid);
++	id = dns_randomid(&qid->nsid);
+ 	bucket = dns_hash(qid, dest, id);
+ 	ok = ISC_FALSE;
+ 	for (i = 0; i < 64; i++) {
+@@ -2264,3 +2256,409 @@
+ 	}
+ }
+ #endif
++
++/*
++ * Allow the user to pick one of two ID randomization algorithms.
++ *
++ * The first algorithm is an adaptation of the sequence shuffling
++ * algorithm discovered by Carter Bays and S. D. Durham [ACM Trans. Math.
++ * Software 2 (1976), 59-64], as documented as Algorithm B in Chapter
++ * 3.2.2 in Volume 2 of Knuth's "The Art of Computer Programming".  We use
++ * a randomly selected linear congruential random number generator with a
++ * modulus of 2^16, whose increment is a randomly picked odd number, and
++ * whose multiplier is picked from a set which meets the following
++ * criteria:
++ *     Is of the form 8*n+5, which ensures "high potency" according to
++ *     principle iii in the summary chapter 3.6.  This form also has a
++ *     gcd(a-1,m) of 4 which is good according to principle iv.
++ *
++ *     Is between 0.01 and 0.99 times the modulus as specified by
++ *     principle iv.
++ *
++ *     Passes the spectral test "with flying colors" (ut >= 1) in
++ *     dimensions 2 through 6 as calculated by Algorithm S in Chapter
++ *     3.3.4 and the ratings calculated by formula 35 in section E.
++ *
++ *     Of the multipliers that pass this test, pick the set that is
++ *     best according to the theoretical bounds of the serial
++ *     correlation test.  This was calculated using a simplified
++ *     version of Knuth's Theorem K in Chapter 3.3.3.
++ *
++ * These criteria may not be important for this use, but we might as well
++ * pick from the best generators since there are so many possible ones and
++ * we don't have that many random bits to do the picking.
++ *
++ * We use a modulus of 2^16 instead of something bigger so that we will
++ * tend to cycle through all the possible IDs before repeating any,
++ * however the shuffling will perturb this somewhat.  Theoretically there
++ * is no minimimum interval between two uses of the same ID, but in
++ * practice it seems to be >64000.
++ *
++ * Our adaptatation  of Algorithm B mixes the hash state which has
++ * captured various random events into the shuffler to perturb the
++ * sequence.
++ *
++ * One disadvantage of this algorithm is that if the generator parameters
++ * were to be guessed, it would be possible to mount a limited brute force
++ * attack on the ID space since the IDs are only shuffled within a limited
++ * range.
++ *
++ * The second algorithm uses the same random number generator to populate
++ * a pool of 65536 IDs.  The hash state is used to pick an ID from a window
++ * of 4096 IDs in this pool, then the chosen ID is swapped with the ID
++ * at the beginning of the window and the window position is advanced.
++ * This means that the interval between uses of the ID will be no less
++ * than 65536-4096.  The ID sequence in the pool will become more random
++ * over time.
++ *
++ * For both algorithms, two more linear congruential random number generators
++ * are selected.  The ID from the first part of algorithm is used to seed
++ * the first of these generators, and its output is used to seed the second.
++ * The strategy is use these generators as 1 to 1 hashes to obfuscate the
++ * properties of the generator used in the first part of either algorithm.
++ *
++ * The first algorithm may be suitable for use in a client resolver since
++ * its memory requirements are fairly low and it's pretty random out of
++ * the box.  It is somewhat succeptible to a limited brute force attack,
++ * so the second algorithm is probably preferable for a longer running
++ * program that issues a large number of queries and has time to randomize
++ * the pool.
++ */
++
++#define NSID_SHUFFLE_TABLE_SIZE 100 /* Suggested by Knuth */
++/*
++ * Pick one of the next 4096 IDs in the pool.
++ * There is a tradeoff here between randomness and how often and ID is reused.
++ */
++#define NSID_LOOKAHEAD 4096     /* Must be a power of 2 */
++#define NSID_SHUFFLE_ONLY 1     /* algorithm 1 */
++#define NSID_USE_POOL 2         /* algorithm 2 */
++#define NSID_HASHSHIFT       3
++#define NSID_HASHROTATE(v) \
++        (((v) << NSID_HASHSHIFT) | ((v) >> ((sizeof(v) * 8) - NSID_HASHSHIFT)))
++
++static isc_uint32_t	nsid_hash_state;
++
++/*
++ * Keep a running hash of various bits of data that we'll use to
++ * stir the ID pool or perturb the ID generator
++ */
++static void
++nsid_hash(void *data, size_t len) {
++	unsigned char *p = data;
++	/*
++	 * Hash function similar to the one we use for hashing names.
++	 * We don't fold case or toss the upper bit here, though.
++	 * This hash doesn't do much interesting when fed binary zeros,
++	 * so there may be a better hash function.
++	 * This function doesn't need to be very strong since we're
++	 * only using it to stir the pool, but it should be reasonably
++	 * fast.
++	 */
++	/*
++	 * We don't care about locking access to nsid_hash_state.
++	 * In fact races make the result even more non deteministic.
++	 */
++	while (len-- > 0U) {
++		nsid_hash_state = NSID_HASHROTATE(nsid_hash_state);
++		nsid_hash_state += *p++;
++	}
++}
++
++/*
++ * Table of good linear congruential multipliers for modulus 2^16
++ * in order of increasing serial correlation bounds (so trim from
++ * the end).
++ */
++static const isc_uint16_t nsid_multiplier_table[] = {
++	17565, 25013, 11733, 19877, 23989, 23997, 24997, 25421,
++	26781, 27413, 35901, 35917, 35973, 36229, 38317, 38437,
++	39941, 40493, 41853, 46317, 50581, 51429, 53453, 53805,
++	11317, 11789, 12045, 12413, 14277, 14821, 14917, 18989,
++	19821, 23005, 23533, 23573, 23693, 27549, 27709, 28461,
++	29365, 35605, 37693, 37757, 38309, 41285, 45261, 47061,
++	47269, 48133, 48597, 50277, 50717, 50757, 50805, 51341,
++	51413, 51581, 51597, 53445, 11493, 14229, 20365, 20653,
++	23485, 25541, 27429, 29421, 30173, 35445, 35653, 36789,
++	36797, 37109, 37157, 37669, 38661, 39773, 40397, 41837,
++	41877, 45293, 47277, 47845, 49853, 51085, 51349, 54085,
++	56933,  8877,  8973,  9885, 11365, 11813, 13581, 13589,
++	13613, 14109, 14317, 15765, 15789, 16925, 17069, 17205,
++	17621, 17941, 19077, 19381, 20245, 22845, 23733, 24869,
++	25453, 27213, 28381, 28965, 29245, 29997, 30733, 30901,
++	34877, 35485, 35613, 36133, 36661, 36917, 38597, 40285,
++	40693, 41413, 41541, 41637, 42053, 42349, 45245, 45469,
++	46493, 48205, 48613, 50861, 51861, 52877, 53933, 54397,
++	55669, 56453, 56965, 58021,  7757,  7781,  8333,  9661,
++	12229, 14373, 14453, 17549, 18141, 19085, 20773, 23701,
++	24205, 24333, 25261, 25317, 27181, 30117, 30477, 34757,
++	34885, 35565, 35885, 36541, 37957, 39733, 39813, 41157,
++	41893, 42317, 46621, 48117, 48181, 49525, 55261, 55389,
++	56845,  7045,  7749,  7965,  8469,  9133,  9549,  9789,
++	10173, 11181, 11285, 12253, 13453, 13533, 13757, 14477,
++	15053, 16901, 17213, 17269, 17525, 17629, 18605, 19013,
++	19829, 19933, 20069, 20093, 23261, 23333, 24949, 25309,
++	27613, 28453, 28709, 29301, 29541, 34165, 34413, 37301,
++	37773, 38045, 38405, 41077, 41781, 41925, 42717, 44437,
++	44525, 44613, 45933, 45941, 47077, 50077, 50893, 52117,
++	 5293, 55069, 55989, 58125, 59205,  6869, 14685, 15453,
++	16821, 17045, 17613, 18437, 21029, 22773, 22909, 25445,
++	25757, 26541, 30709, 30909, 31093, 31149, 37069, 37725,
++	37925, 38949, 39637, 39701, 40765, 40861, 42965, 44813,
++	45077, 45733, 47045, 50093, 52861, 52957, 54181, 56325,
++	56365, 56381, 56877, 57013,  5741, 58101, 58669,  8613,
++	10045, 10261, 10653, 10733, 11461, 12261, 14069, 15877,
++	17757, 21165, 23885, 24701, 26429, 26645, 27925, 28765,
++	29197, 30189, 31293, 39781, 39909, 40365, 41229, 41453,
++	41653, 42165, 42365, 47421, 48029, 48085, 52773,  5573,
++	57037, 57637, 58341, 58357, 58901,  6357,  7789,  9093,
++	10125, 10709, 10765, 11957, 12469, 13437, 13509, 14773,
++	15437, 15773, 17813, 18829, 19565, 20237, 23461, 23685,
++	23725, 23941, 24877, 25461, 26405, 29509, 30285, 35181,
++	37229, 37893, 38565, 40293, 44189, 44581, 45701, 47381,
++	47589, 48557,  4941, 51069,  5165, 52797, 53149,  5341,
++	56301, 56765, 58581, 59493, 59677,  6085,  6349,  8293,
++	 8501,  8517, 11597, 11709, 12589, 12693, 13517, 14909,
++	17397, 18085, 21101, 21269, 22717, 25237, 25661, 29189,
++	30101, 31397, 33933, 34213, 34661, 35533, 36493, 37309,
++	40037,  4189, 42909, 44309, 44357, 44389,  4541, 45461,
++	46445, 48237, 54149, 55301, 55853, 56621, 56717, 56901,
++	 5813, 58437, 12493, 15365, 15989, 17829, 18229, 19341,
++	21013, 21357, 22925, 24885, 26053, 27581, 28221, 28485,
++	30605, 30613, 30789, 35437, 36285, 37189,  3941, 41797,
++	 4269, 42901, 43293, 44645, 45221, 46893,  4893, 50301,
++	50325,  5189, 52109, 53517, 54053, 54485,  5525, 55949,
++	56973, 59069, 59421, 60733, 61253,  6421,  6701,  6709,
++	 7101,  8669, 15797, 19221, 19837, 20133, 20957, 21293,
++	21461, 22461, 29085, 29861, 30869, 34973, 36469, 37565,
++	38125, 38829, 39469, 40061, 40117, 44093, 47429, 48341,
++	50597, 51757,  5541, 57629, 58405, 59621, 59693, 59701,
++	61837,  7061, 10421, 11949, 15405, 20861, 25397, 25509,
++	25893, 26037, 28629, 28869, 29605, 30213, 34205, 35637,
++	36365, 37285,  3773, 39117,  4021, 41061, 42653, 44509,
++	 4461, 44829,  4725,  5125, 52269, 56469, 59085,  5917,
++	60973,  8349, 17725, 18637, 19773, 20293, 21453, 22533,
++	24285, 26333, 26997, 31501, 34541, 34805, 37509, 38477,
++	41333, 44125, 46285, 46997, 47637, 48173,  4925, 50253,
++	50381, 50917, 51205, 51325, 52165, 52229,  5253,  5269,
++	53509, 56253, 56341,  5821, 58373, 60301, 61653, 61973,
++	62373,  8397, 11981, 14341, 14509, 15077, 22261, 22429,
++	24261, 28165, 28685, 30661, 34021, 34445, 39149,  3917,
++	43013, 43317, 44053, 44101,  4533, 49541, 49981,  5277,
++	54477, 56357, 57261, 57765, 58573, 59061, 60197, 61197,
++	62189,  7725,  8477,  9565, 10229, 11437, 14613, 14709,
++	16813, 20029, 20677, 31445,  3165, 31957,  3229, 33541,
++	36645,  3805, 38973,  3965,  4029, 44293, 44557, 46245,
++	48917,  4909, 51749, 53709, 55733, 56445,  5925,  6093,
++	61053, 62637,  8661,  9109, 10821, 11389, 13813, 14325,
++	15501, 16149, 18845, 22669, 26437, 29869, 31837, 33709,
++	33973, 34173,  3677,  3877,  3981, 39885, 42117,  4421,
++	44221, 44245, 44693, 46157, 47309,  5005, 51461, 52037,
++	55333, 55693, 56277, 58949,  6205, 62141, 62469,  6293,
++	10101, 12509, 14029, 17997, 20469, 21149, 25221, 27109,
++	 2773,  2877, 29405, 31493, 31645,  4077, 42005, 42077,
++	42469, 42501, 44013, 48653, 49349,  4997, 50101, 55405,
++	56957, 58037, 59429, 60749, 61797, 62381, 62837,  6605,
++	10541, 23981, 24533,  2701, 27333, 27341, 31197, 33805,
++	 3621, 37381,  3749,  3829, 38533, 42613, 44381, 45901,
++	48517, 51269, 57725, 59461, 60045, 62029, 13805, 14013,
++	15461, 16069, 16157, 18573,  2309, 23501, 28645,  3077,
++	31541, 36357, 36877,  3789, 39429, 39805, 47685, 47949,
++	49413,  5485, 56757, 57549, 57805, 58317, 59549, 62213,
++	62613, 62853, 62933,  8909, 12941, 16677, 20333, 21541,
++	24429, 26077, 26421,  2885, 31269, 33381,  3661, 40925,
++	42925, 45173,  4525,  4709, 53133, 55941, 57413, 57797,
++	62125, 62237, 62733,  6773, 12317, 13197, 16533, 16933,
++	18245,  2213,  2477, 29757, 33293, 35517, 40133, 40749,
++	 4661, 49941, 62757,  7853,  8149,  8573, 11029, 13421,
++	21549, 22709, 22725, 24629,  2469, 26125,  2669, 34253,
++	36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013,
++	60997, 61189, 61981, 62605, 62821,  7077,  7525,  8781,
++	10861, 15277,  2205, 22077, 28517, 28949, 32109, 33493,
++	 4661, 49941, 62757,  7853,  8149,  8573, 11029, 13421,
++	21549, 22709, 22725, 24629,  2469, 26125,  2669, 34253,
++	36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013,
++	60997, 61189, 61981, 62605, 62821,  7077,  7525,  8781,
++	10861, 15277,  2205, 22077, 28517, 28949, 32109, 33493,
++	 3685, 39197, 39869, 42621, 44997, 48565,  5221, 57381,
++	61749, 62317, 63245, 63381, 23149,  2549, 28661, 31653,
++	33885, 36341, 37053, 39517, 42805, 45853, 48997, 59349,
++	60053, 62509, 63069,  6525,  1893, 20181,  2365, 24893,
++	27397, 31357, 32277, 33357, 34437, 36677, 37661, 43469,
++	43917, 50997, 53869,  5653, 13221, 16741, 17893,  2157,
++	28653, 31789, 35301, 35821, 61613, 62245, 12405, 14517,
++	17453, 18421,  3149,  3205, 40341,  4109, 43941, 46869,
++	48837, 50621, 57405, 60509, 62877,  8157, 12933, 12957,
++	16501, 19533,  3461, 36829, 52357, 58189, 58293, 63053,
++	17109,  1933, 32157, 37701, 59005, 61621, 13029, 15085,
++	16493, 32317, 35093,  5061, 51557, 62221, 20765, 24613,
++	 2629, 30861, 33197, 33749, 35365, 37933, 40317, 48045,
++	56229, 61157, 63797,  7917, 17965,  1917,  1973, 20301,
++	 2253, 33157, 58629, 59861, 61085, 63909,  8141,  9221,
++	14757,  1581, 21637, 26557, 33869, 34285, 35733, 40933,
++	42517, 43501, 53653, 61885, 63805,  7141, 21653, 54973,
++	31189, 60061, 60341, 63357, 16045,  2053, 26069, 33997,
++	43901, 54565, 63837,  8949, 17909, 18693, 32349, 33125,
++	37293, 48821, 49053, 51309, 64037,  7117,  1445, 20405,
++	23085, 26269, 26293, 27349, 32381, 33141, 34525, 36461,
++	37581, 43525,  4357, 43877,  5069, 55197, 63965,  9845,
++	12093,  2197,  2229, 32165, 33469, 40981, 42397,  8749,
++	10853,  1453, 18069, 21693, 30573, 36261, 37421, 42533
++};
++
++#define NSID_MULT_TABLE_SIZE \
++        ((sizeof nsid_multiplier_table)/(sizeof nsid_multiplier_table[0]))
++#define NSID_RANGE_MASK (NSID_LOOKAHEAD - 1)
++#define NSID_POOL_MASK 0xFFFF /* used to wrap the pool index */
++#define NSID_SHUFFLE_ONLY 1
++#define NSID_USE_POOL 2
++
++static isc_uint16_t
++nsid_next(dns_nsid_t *nsid) {
++        isc_uint16_t id, compressed_hash;
++	isc_uint16_t j;
++
++        compressed_hash = ((nsid_hash_state >> 16) ^
++			   (nsid_hash_state)) & 0xFFFF;
++
++	if (nsid->nsid_usepool) {
++	        isc_uint16_t pick;
++
++                pick = compressed_hash & NSID_RANGE_MASK;
++		pick = (nsid->nsid_state + pick) & NSID_POOL_MASK;
++                id = nsid->nsid_pool[pick];
++                if (pick != 0) {
++                        /* Swap two IDs to stir the pool */
++                        nsid->nsid_pool[pick] =
++                                nsid->nsid_pool[nsid->nsid_state];
++                        nsid->nsid_pool[nsid->nsid_state] = id;
++                }
++
++                /* increment the base pointer into the pool */
++                if (nsid->nsid_state == 65535)
++                        nsid->nsid_state = 0;
++                else
++                        nsid->nsid_state++;
++	} else {
++		/*
++		 * This is the original Algorithm B
++		 * j = ((u_long) NSID_SHUFFLE_TABLE_SIZE * nsid_state2) >> 16;
++		 *
++		 * We'll perturb it with some random stuff  ...
++		 */
++		j = ((isc_uint32_t) NSID_SHUFFLE_TABLE_SIZE *
++		     (nsid->nsid_state2 ^ compressed_hash)) >> 16;
++		nsid->nsid_state2 = id = nsid->nsid_vtable[j];
++		nsid->nsid_state = (((isc_uint32_t) nsid->nsid_a1 * nsid->nsid_state) +
++				      nsid->nsid_c1) & 0xFFFF;
++		nsid->nsid_vtable[j] = nsid->nsid_state;
++	}
++
++        /* Now lets obfuscate ... */
++        id = (((isc_uint32_t) nsid->nsid_a2 * id) + nsid->nsid_c2) & 0xFFFF;
++        id = (((isc_uint32_t) nsid->nsid_a3 * id) + nsid->nsid_c3) & 0xFFFF;
++
++        return (id);
++}
++
++static isc_result_t
++nsid_init(isc_mem_t *mctx, dns_nsid_t *nsid, isc_boolean_t usepool) {
++        isc_time_t now;
++        pid_t mypid;
++        isc_uint16_t a1ndx, a2ndx, a3ndx, c1ndx, c2ndx, c3ndx;
++        int i;
++
++	isc_time_now(&now);
++        mypid = getpid();
++
++        /* Initialize the state */
++	memset(nsid, 0, sizeof(*nsid));
++        nsid_hash(&now, sizeof now);
++        nsid_hash(&mypid, sizeof mypid);
++
++        /*
++         * Select our random number generators and initial seed.
++         * We could really use more random bits at this point,
++         * but we'll try to make a silk purse out of a sows ear ...
++         */
++        /* generator 1 */
++        a1ndx = ((isc_uint32_t) NSID_MULT_TABLE_SIZE *
++                 (nsid_hash_state & 0xFFFF)) >> 16;
++        nsid->nsid_a1 = nsid_multiplier_table[a1ndx];
++        c1ndx = (nsid_hash_state >> 9) & 0x7FFF;
++        nsid->nsid_c1 = 2 * c1ndx + 1;
++
++        /* generator 2, distinct from 1 */
++        a2ndx = ((isc_uint32_t) (NSID_MULT_TABLE_SIZE - 1) *
++                 ((nsid_hash_state >> 10) & 0xFFFF)) >> 16;
++        if (a2ndx >= a1ndx)
++                a2ndx++;
++        nsid->nsid_a2 = nsid_multiplier_table[a2ndx];
++        c2ndx = nsid_hash_state % 32767;
++        if (c2ndx >= c1ndx)
++                c2ndx++;
++        nsid->nsid_c2 = 2*c2ndx + 1;
++
++        /* generator 3, distinct from 1 and 2 */
++        a3ndx = ((isc_uint32_t) (NSID_MULT_TABLE_SIZE - 2) *
++                 ((nsid_hash_state >> 20) & 0xFFFF)) >> 16;
++        if (a3ndx >= a1ndx || a3ndx >= a2ndx)
++                a3ndx++;
++        if (a3ndx >= a1ndx && a3ndx >= a2ndx)
++                a3ndx++;
++        nsid->nsid_a3 = nsid_multiplier_table[a3ndx];
++        c3ndx = nsid_hash_state % 32766;
++        if (c3ndx >= c1ndx || c3ndx >= c2ndx)
++                c3ndx++;
++        if (c3ndx >= c1ndx && c3ndx >= c2ndx)
++                c3ndx++;
++        nsid->nsid_c3 = 2*c3ndx + 1;
++
++        nsid->nsid_state =
++		((nsid_hash_state >> 16) ^ (nsid_hash_state)) & 0xFFFF;
++
++	nsid->nsid_usepool = usepool;
++	if (nsid->nsid_usepool) {
++                nsid->nsid_pool = isc_mem_get(mctx, 0x10000 * sizeof(isc_uint16_t));
++		if (nsid->nsid_pool == NULL)
++			return (ISC_R_NOMEMORY);
++                for (i = 0; ; i++) {
++                        nsid->nsid_pool[i] = nsid->nsid_state;
++                        nsid->nsid_state =
++				 (((u_long) nsid->nsid_a1 * nsid->nsid_state) +
++				   nsid->nsid_c1) & 0xFFFF;
++                        if (i == 0xFFFF)
++                                break;
++                }
++	} else {
++		nsid->nsid_vtable = isc_mem_get(mctx, NSID_SHUFFLE_TABLE_SIZE *
++						(sizeof(isc_uint16_t)) );
++		if (nsid->nsid_vtable == NULL)
++			return (ISC_R_NOMEMORY);
++
++		for (i = 0; i < NSID_SHUFFLE_TABLE_SIZE; i++) {
++			nsid->nsid_vtable[i] = nsid->nsid_state;
++			nsid->nsid_state =
++				   (((isc_uint32_t) nsid->nsid_a1 * nsid->nsid_state) +
++					 nsid->nsid_c1) & 0xFFFF;
++		}
++		nsid->nsid_state2 = nsid->nsid_state;
++	} 
++	return (ISC_R_SUCCESS);
++}
++
++static void
++nsid_destroy(isc_mem_t *mctx, dns_nsid_t *nsid) {
++	if (nsid->nsid_usepool)
++		isc_mem_put(mctx, nsid->nsid_pool,
++			    0x10000 * sizeof(isc_uint16_t));
++	else
++		isc_mem_put(mctx, nsid->nsid_vtable,
++			    NSID_SHUFFLE_TABLE_SIZE * (sizeof(isc_uint16_t)) );
++	memset(nsid, 0, sizeof(*nsid));
++}
++
++void
++dns_dispatch_hash(void *data, size_t len) {
++	nsid_hash(data, len);
++}
+Index: contrib/bind9/lib/dns/include/dns/dispatch.h
+===================================================================
+RCS file: /home/ncvs/src/contrib/bind9/lib/dns/include/dns/dispatch.h,v
+retrieving revision 1.1.1.1
+diff -u -d -r1.1.1.1 dispatch.h
+--- contrib/bind9/lib/dns/include/dns/dispatch.h	19 Sep 2004 01:30:20 -0000	1.1.1.1
++++ contrib/bind9/lib/dns/include/dns/dispatch.h	30 Jul 2007 21:30:21 -0000
+@@ -437,6 +437,13 @@
+  * 	event != NULL
+  */
+ 
++void
++dns_dispatch_hash(void *data, size_t len);
++/*%<
++ * Feed 'data' to the dispatch query id generator where 'len' is the size
++ * of 'data'.
++ */
++
+ ISC_LANG_ENDDECLS
+ 
+ #endif /* DNS_DISPATCH_H */
diff --git a/share/security/patches/SA-07:07/bind.patch.asc b/share/security/patches/SA-07:07/bind.patch.asc
new file mode 100644
index 0000000000..dd138ffb1d
--- /dev/null
+++ b/share/security/patches/SA-07:07/bind.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBGsPhgFdaIBMps37IRAvWFAJ9QbO0J0bsFSmLBT/RV4WbJstqQAgCfUAcM
+qXUZc5rPiKRyufOk7RXhb80=
+=gkVx
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:08/openssl.patch b/share/security/patches/SA-07:08/openssl.patch
new file mode 100644
index 0000000000..e4d7f81879
--- /dev/null
+++ b/share/security/patches/SA-07:08/openssl.patch
@@ -0,0 +1,47 @@
+Index: crypto/openssl/ssl/ssl_lib.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssl/ssl/ssl_lib.c,v
+retrieving revision 1.1.1.12.2.1
+diff -u -d -r1.1.1.12.2.1 ssl_lib.c
+--- crypto/openssl/ssl/ssl_lib.c	28 Sep 2006 13:02:36 -0000	1.1.1.12.2.1
++++ crypto/openssl/ssl/ssl_lib.c	3 Oct 2007 17:01:24 -0000
+@@ -1149,7 +1149,6 @@
+ char *SSL_get_shared_ciphers(SSL *s,char *buf,int len)
+ 	{
+ 	char *p;
+-	const char *cp;
+ 	STACK_OF(SSL_CIPHER) *sk;
+ 	SSL_CIPHER *c;
+ 	int i;
+@@ -1162,20 +1161,21 @@
+ 	sk=s->session->ciphers;
+ 	for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
+ 		{
+-		/* Decrement for either the ':' or a '\0' */
+-		len--;
++		int n;
++
+ 		c=sk_SSL_CIPHER_value(sk,i);
+-		for (cp=c->name; *cp; )
++		n=strlen(c->name);
++		if (n+1 > len)
+ 			{
+-			if (len-- <= 0)
+-				{
+-				*p='\0';
+-				return(buf);
+-				}
+-			else
+-				*(p++)= *(cp++);
++			if (p != buf)
++				--p;
++			*p='\0';
++			return buf;
+ 			}
++		strcpy(p,c->name);
++		p+=n;
+ 		*(p++)=':';
++		len-=n+1;
+ 		}
+ 	p[-1]='\0';
+ 	return(buf);
diff --git a/share/security/patches/SA-07:08/openssl.patch.asc b/share/security/patches/SA-07:08/openssl.patch.asc
new file mode 100644
index 0000000000..92194d19d8
--- /dev/null
+++ b/share/security/patches/SA-07:08/openssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHBA4UFdaIBMps37IRAsuLAJ9+ogEyviL77JM1MS/0ya9Wd7H+DQCePmVW
+rSdJFyAmlbYmZ1FQEDFa+QA=
+=Um+t
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:09/random.patch b/share/security/patches/SA-07:09/random.patch
new file mode 100644
index 0000000000..b6bbf02762
--- /dev/null
+++ b/share/security/patches/SA-07:09/random.patch
@@ -0,0 +1,15 @@
+Index: sys/dev/random/yarrow.c
+===================================================================
+RCS file: /usr/ncvs/src/sys/dev/random/yarrow.c,v
+retrieving revision 1.47
+diff -u -r1.47 yarrow.c
+--- sys/dev/random/yarrow.c	27 May 2007 18:54:58 -0000	1.47
++++ sys/dev/random/yarrow.c	27 Nov 2007 17:17:29 -0000
+@@ -296,6 +296,7 @@
+ 				random_state.outputblocks = 0;
+ 			}
+ 			retval += (int)tomove;
++			cur = 0;
+ 		}
+ 	}
+ 	else {
diff --git a/share/security/patches/SA-07:09/random.patch.asc b/share/security/patches/SA-07:09/random.patch.asc
new file mode 100644
index 0000000000..fe0dfe8e7f
--- /dev/null
+++ b/share/security/patches/SA-07:09/random.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHTufGFdaIBMps37IRAgAWAJ9IHrI8sv94ScffjpplrxTjN5GmcQCcD+1l
+NpipfXNLCsTsTntI19qBd8M=
+=09dL
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-07:10/gtar.patch b/share/security/patches/SA-07:10/gtar.patch
new file mode 100644
index 0000000000..a6a54fc281
--- /dev/null
+++ b/share/security/patches/SA-07:10/gtar.patch
@@ -0,0 +1,21 @@
+Index: contrib/tar/src/misc.c
+===================================================================
+RCS file: /home/ncvs/src/contrib/tar/src/Attic/misc.c,v
+retrieving revision 1.3
+diff -u -u -r1.3 misc.c
+--- contrib/tar/src/misc.c	19 Oct 2002 09:32:03 -0000	1.3
++++ contrib/tar/src/misc.c	8 Oct 2007 11:59:55 -0000
+@@ -210,12 +210,11 @@
+       if (p[0] == '.' && p[1] == '.' && (ISSLASH (p[2]) || !p[2]))
+ 	return 1;
+ 
+-      do
++      while (! ISSLASH (*p))
+ 	{
+ 	  if (! *p++)
+ 	    return 0;
+ 	}
+-      while (! ISSLASH (*p));
+ 
+       do
+ 	{
diff --git a/share/security/patches/SA-07:10/gtar.patch.asc b/share/security/patches/SA-07:10/gtar.patch.asc
new file mode 100644
index 0000000000..85755de682
--- /dev/null
+++ b/share/security/patches/SA-07:10/gtar.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHTufJFdaIBMps37IRAhHDAKCdcxtZuzLLT526R0gn5auJl3oJ8ACfR2jd
+WoHNlV1//2tReG17Yj6hDhM=
+=ED51
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:01/pty5.patch b/share/security/patches/SA-08:01/pty5.patch
new file mode 100644
index 0000000000..776a3e9903
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty5.patch
@@ -0,0 +1,17 @@
+Index: lib/libutil/pty.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libutil/pty.c,v
+retrieving revision 1.15
+diff -u -I__FBSDID -I$FreeBSD -r1.15 pty.c
+--- lib/libutil/pty.c	18 Oct 2003 10:04:16 -0000	1.15
++++ lib/libutil/pty.c	10 Jan 2008 20:51:06 -0000
+@@ -76,8 +76,7 @@
+ 					break; /* try the next pty group */
+ 			} else {
+ 				line[5] = 't';
+-				(void) chown(line, getuid(), ttygid);
+-				(void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
++				(void) grantpt(master);
+ 				(void) revoke(line);
+ 				if ((slave = open(line, O_RDWR, 0)) != -1) {
+ 					*amaster = master;
diff --git a/share/security/patches/SA-08:01/pty5.patch.asc b/share/security/patches/SA-08:01/pty5.patch.asc
new file mode 100644
index 0000000000..3caa8220cb
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty5.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHi+sPFdaIBMps37IRAmBIAKCSYeUoNYJnimwFWy6tVBnUrAi1xgCeKwH8
+hO2fifwcXhIEEm9nYuEF25w=
+=sUeL
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:01/pty5stable.patch b/share/security/patches/SA-08:01/pty5stable.patch
new file mode 100644
index 0000000000..9111452e62
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty5stable.patch
@@ -0,0 +1,105 @@
+Index: lib/libutil/pty.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libutil/pty.c,v
+retrieving revision 1.15
+diff -u -I__FBSDID -I$FreeBSD -r1.15 pty.c
+--- lib/libutil/pty.c	18 Oct 2003 10:04:16 -0000	1.15
++++ lib/libutil/pty.c	10 Jan 2008 20:50:22 -0000
+@@ -54,50 +54,55 @@
+ #include <unistd.h>
+ 
+ int
+-openpty(int *amaster, int *aslave, char *name, struct termios *termp, struct winsize *winp)
++openpty(int *amaster, int *aslave, char *name, struct termios *termp,
++    struct winsize *winp)
+ {
+-	char line[] = "/dev/ptyXX";
+-	const char *cp1, *cp2;
+-	int master, slave, ttygid;
+-	struct group *gr;
+-
+-	if ((gr = getgrnam("tty")) != NULL)
+-		ttygid = gr->gr_gid;
+-	else
+-		ttygid = -1;
+-
+-	for (cp1 = "pqrsPQRS"; *cp1; cp1++) {
+-		line[8] = *cp1;
+-		for (cp2 = "0123456789abcdefghijklmnopqrstuv"; *cp2; cp2++) {
+-			line[5] = 'p';
+-			line[9] = *cp2;
+-			if ((master = open(line, O_RDWR, 0)) == -1) {
+-				if (errno == ENOENT)
+-					break; /* try the next pty group */
+-			} else {
+-				line[5] = 't';
+-				(void) chown(line, getuid(), ttygid);
+-				(void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
+-				(void) revoke(line);
+-				if ((slave = open(line, O_RDWR, 0)) != -1) {
+-					*amaster = master;
+-					*aslave = slave;
+-					if (name)
+-						strcpy(name, line);
+-					if (termp)
+-						(void) tcsetattr(slave,
+-							TCSAFLUSH, termp);
+-					if (winp)
+-						(void) ioctl(slave, TIOCSWINSZ,
+-							(char *)winp);
+-					return (0);
+-				}
+-				(void) close(master);
+-			}
+-		}
++	const char *slavename;
++	int master, slave;
++
++	master = posix_openpt(O_RDWR);
++	if (master == -1)
++		return (-1);
++
++	if (grantpt(master) == -1) {
++		close(master);
++		return (-1);
++	}
++
++	slavename = ptsname(master);
++	if (slavename == NULL) {
++		close(master);
++		return (-1);
++	}
++
++	if (revoke(slavename) == -1) {
++		close(master);
++		return (-1);
+ 	}
+-	errno = ENOENT;	/* out of ptys */
+-	return (-1);
++
++	slave = open(slavename, O_RDWR);
++	if (slave == -1) {
++		close(master);
++		return (-1);
++	}
++
++	if (unlockpt(master) == -1) {
++		close(master);
++		close(slave);
++		return (-1);
++	}
++
++	*amaster = master;
++	*aslave = slave;
++
++	if (name)
++		strcpy(name, slavename);
++	if (termp)
++		tcsetattr(slave, TCSAFLUSH, termp);
++	if (winp)
++		ioctl(slave, TIOCSWINSZ, (char *)winp);
++
++	return (0);
+ }
+ 
+ int
diff --git a/share/security/patches/SA-08:01/pty5stable.patch.asc b/share/security/patches/SA-08:01/pty5stable.patch.asc
new file mode 100644
index 0000000000..fe7ab0d9d7
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty5stable.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHi+sUFdaIBMps37IRAjv4AJ4/KMLQy0EhnN7/kF1EKMn362zHcACeNxCG
+LFNepaAqmYkTL4Z3kC7Re2w=
+=YCiE
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:01/pty6.patch b/share/security/patches/SA-08:01/pty6.patch
new file mode 100644
index 0000000000..12095fa3f1
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty6.patch
@@ -0,0 +1,93 @@
+Index: lib/libc/stdlib/grantpt.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/stdlib/grantpt.c,v
+retrieving revision 1.4.10.1
+diff -u -I__FBSDID -I$FreeBSD -r1.4.10.1 grantpt.c
+--- lib/libc/stdlib/grantpt.c	18 Dec 2007 00:36:21 -0000	1.4.10.1
++++ lib/libc/stdlib/grantpt.c	10 Jan 2008 20:54:30 -0000
+@@ -214,24 +214,30 @@
+ ptsname(int fildes)
+ {
+ 	static char slave[] = _PATH_DEV PTS_PREFIX "XY";
+-	char *retval;
++	const char *master;
+ 	struct stat sbuf;
+ 
+-	retval = NULL;
+-
+-	if (_fstat(fildes, &sbuf) == 0) {
+-		if (!ISPTM(sbuf))
+-			errno = EINVAL;
+-		else {
+-			(void)snprintf(slave, sizeof(slave),
+-				       _PATH_DEV PTS_PREFIX "%s",
+-				       devname(sbuf.st_rdev, S_IFCHR) +
+-				       strlen(PTM_PREFIX));
+-			retval = slave;
+-		}
+-	}
+-
+-	return (retval);
++	/* All master pty's must be char devices. */
++	if (_fstat(fildes, &sbuf) == -1)
++		goto invalid;
++	if (!S_ISCHR(sbuf.st_mode))
++		goto invalid;
++
++	/* Check to see if this device is a pty(4) master. */
++	master = devname(sbuf.st_rdev, S_IFCHR);
++	if (strlen(master) != strlen(PTM_PREFIX "XY"))
++		goto invalid;
++	if (strncmp(master, PTM_PREFIX, strlen(PTM_PREFIX)) != 0)
++		goto invalid;
++
++	/* It is, so generate the corresponding pty(4) slave name. */
++	(void)snprintf(slave, sizeof(slave), _PATH_DEV PTS_PREFIX "%s",
++	    master + strlen(PTM_PREFIX));
++	return (slave);
++
++invalid:
++	errno = EINVAL;
++	return (NULL);
+ }
+ 
+ /*
+@@ -240,18 +246,14 @@
+ int
+ unlockpt(int fildes)
+ {
+-	int retval;
+-	struct stat sbuf;
+ 
+ 	/*
+ 	 * Unlocking a master/slave pseudo-terminal pair has no meaning in a
+ 	 * non-streams PTY environment.  However, we do ensure fildes is a
+ 	 * valid master pseudo-terminal device.
+ 	 */
+-	if ((retval = _fstat(fildes, &sbuf)) == 0 && !ISPTM(sbuf)) {
+-		errno = EINVAL;
+-		retval = -1;
+-	}
++	if (ptsname(fildes) == NULL)
++		return (-1);
+ 
+-	return (retval);
++	return (0);
+ }
+Index: lib/libutil/pty.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libutil/pty.c,v
+retrieving revision 1.15.20.1
+diff -u -I__FBSDID -I$FreeBSD -r1.15.20.1 pty.c
+--- lib/libutil/pty.c	27 Nov 2007 18:43:09 -0000	1.15.20.1
++++ lib/libutil/pty.c	10 Jan 2008 20:54:30 -0000
+@@ -76,8 +76,7 @@
+ 					break; /* try the next pty group */
+ 			} else {
+ 				line[5] = 't';
+-				(void) chown(line, getuid(), ttygid);
+-				(void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
++				(void) grantpt(master);
+ 				(void) revoke(line);
+ 				if ((slave = open(line, O_RDWR, 0)) != -1) {
+ 					*amaster = master;
diff --git a/share/security/patches/SA-08:01/pty6.patch.asc b/share/security/patches/SA-08:01/pty6.patch.asc
new file mode 100644
index 0000000000..aa1da6c78c
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHi+saFdaIBMps37IRAo53AJ9mSTOSwQPcg97LG5AX/BlydteppQCfSbdm
+0Xc4tfEf6dIWgJIJ1dqO4dc=
+=Vurt
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:01/pty6stable.patch b/share/security/patches/SA-08:01/pty6stable.patch
new file mode 100644
index 0000000000..671ad716de
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty6stable.patch
@@ -0,0 +1,181 @@
+Index: lib/libc/stdlib/grantpt.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/stdlib/grantpt.c,v
+retrieving revision 1.4.2.1
+diff -u -I__FBSDID -I$FreeBSD -r1.4.2.1 grantpt.c
+--- lib/libc/stdlib/grantpt.c	18 Dec 2007 00:35:53 -0000	1.4.2.1
++++ lib/libc/stdlib/grantpt.c	10 Jan 2008 20:53:54 -0000
+@@ -214,24 +214,30 @@
+ ptsname(int fildes)
+ {
+ 	static char slave[] = _PATH_DEV PTS_PREFIX "XY";
+-	char *retval;
++	const char *master;
+ 	struct stat sbuf;
+ 
+-	retval = NULL;
+-
+-	if (_fstat(fildes, &sbuf) == 0) {
+-		if (!ISPTM(sbuf))
+-			errno = EINVAL;
+-		else {
+-			(void)snprintf(slave, sizeof(slave),
+-				       _PATH_DEV PTS_PREFIX "%s",
+-				       devname(sbuf.st_rdev, S_IFCHR) +
+-				       strlen(PTM_PREFIX));
+-			retval = slave;
+-		}
+-	}
+-
+-	return (retval);
++	/* All master pty's must be char devices. */
++	if (_fstat(fildes, &sbuf) == -1)
++		goto invalid;
++	if (!S_ISCHR(sbuf.st_mode))
++		goto invalid;
++
++	/* Check to see if this device is a pty(4) master. */
++	master = devname(sbuf.st_rdev, S_IFCHR);
++	if (strlen(master) != strlen(PTM_PREFIX "XY"))
++		goto invalid;
++	if (strncmp(master, PTM_PREFIX, strlen(PTM_PREFIX)) != 0)
++		goto invalid;
++
++	/* It is, so generate the corresponding pty(4) slave name. */
++	(void)snprintf(slave, sizeof(slave), _PATH_DEV PTS_PREFIX "%s",
++	    master + strlen(PTM_PREFIX));
++	return (slave);
++
++invalid:
++	errno = EINVAL;
++	return (NULL);
+ }
+ 
+ /*
+@@ -240,18 +246,14 @@
+ int
+ unlockpt(int fildes)
+ {
+-	int retval;
+-	struct stat sbuf;
+ 
+ 	/*
+ 	 * Unlocking a master/slave pseudo-terminal pair has no meaning in a
+ 	 * non-streams PTY environment.  However, we do ensure fildes is a
+ 	 * valid master pseudo-terminal device.
+ 	 */
+-	if ((retval = _fstat(fildes, &sbuf)) == 0 && !ISPTM(sbuf)) {
+-		errno = EINVAL;
+-		retval = -1;
+-	}
++	if (ptsname(fildes) == NULL)
++		return (-1);
+ 
+-	return (retval);
++	return (0);
+ }
+Index: lib/libutil/pty.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libutil/pty.c,v
+retrieving revision 1.15.10.1
+diff -u -I__FBSDID -I$FreeBSD -r1.15.10.1 pty.c
+--- lib/libutil/pty.c	27 Nov 2007 18:41:52 -0000	1.15.10.1
++++ lib/libutil/pty.c	10 Jan 2008 20:53:54 -0000
+@@ -54,50 +54,55 @@
+ #include <unistd.h>
+ 
+ int
+-openpty(int *amaster, int *aslave, char *name, struct termios *termp, struct winsize *winp)
++openpty(int *amaster, int *aslave, char *name, struct termios *termp,
++    struct winsize *winp)
+ {
+-	char line[] = "/dev/ptyXX";
+-	const char *cp1, *cp2;
+-	int master, slave, ttygid;
+-	struct group *gr;
+-
+-	if ((gr = getgrnam("tty")) != NULL)
+-		ttygid = gr->gr_gid;
+-	else
+-		ttygid = -1;
+-
+-	for (cp1 = "pqrsPQRSlmnoLMNO"; *cp1; cp1++) {
+-		line[8] = *cp1;
+-		for (cp2 = "0123456789abcdefghijklmnopqrstuv"; *cp2; cp2++) {
+-			line[5] = 'p';
+-			line[9] = *cp2;
+-			if ((master = open(line, O_RDWR, 0)) == -1) {
+-				if (errno == ENOENT)
+-					break; /* try the next pty group */
+-			} else {
+-				line[5] = 't';
+-				(void) chown(line, getuid(), ttygid);
+-				(void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
+-				(void) revoke(line);
+-				if ((slave = open(line, O_RDWR, 0)) != -1) {
+-					*amaster = master;
+-					*aslave = slave;
+-					if (name)
+-						strcpy(name, line);
+-					if (termp)
+-						(void) tcsetattr(slave,
+-							TCSAFLUSH, termp);
+-					if (winp)
+-						(void) ioctl(slave, TIOCSWINSZ,
+-							(char *)winp);
+-					return (0);
+-				}
+-				(void) close(master);
+-			}
+-		}
++	const char *slavename;
++	int master, slave;
++
++	master = posix_openpt(O_RDWR);
++	if (master == -1)
++		return (-1);
++
++	if (grantpt(master) == -1) {
++		close(master);
++		return (-1);
++	}
++
++	slavename = ptsname(master);
++	if (slavename == NULL) {
++		close(master);
++		return (-1);
++	}
++
++	if (revoke(slavename) == -1) {
++		close(master);
++		return (-1);
+ 	}
+-	errno = ENOENT;	/* out of ptys */
+-	return (-1);
++
++	slave = open(slavename, O_RDWR);
++	if (slave == -1) {
++		close(master);
++		return (-1);
++	}
++
++	if (unlockpt(master) == -1) {
++		close(master);
++		close(slave);
++		return (-1);
++	}
++
++	*amaster = master;
++	*aslave = slave;
++
++	if (name)
++		strcpy(name, slavename);
++	if (termp)
++		tcsetattr(slave, TCSAFLUSH, termp);
++	if (winp)
++		ioctl(slave, TIOCSWINSZ, (char *)winp);
++
++	return (0);
+ }
+ 
+ int
diff --git a/share/security/patches/SA-08:01/pty6stable.patch.asc b/share/security/patches/SA-08:01/pty6stable.patch.asc
new file mode 100644
index 0000000000..63fb248f3b
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty6stable.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHi+sgFdaIBMps37IRAv1zAJ9O827LrIEPIxSanF5D3f+Uf1bdxACgnO32
+C9pSwrWnUzNskhh6X+7Ut9g=
+=vWk1
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:01/pty7.patch b/share/security/patches/SA-08:01/pty7.patch
new file mode 100644
index 0000000000..cdbe00e2c4
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty7.patch
@@ -0,0 +1,127 @@
+Index: lib/libc/stdlib/grantpt.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/stdlib/grantpt.c,v
+retrieving revision 1.7.2.2.2.1
+diff -u -I__FBSDID -I$FreeBSD -r1.7.2.2.2.1 grantpt.c
+--- lib/libc/stdlib/grantpt.c	31 Dec 2007 17:39:24 -0000	1.7.2.2.2.1
++++ lib/libc/stdlib/grantpt.c	10 Jan 2008 20:55:28 -0000
+@@ -84,14 +84,6 @@
+ 			 minor((x).st_rdev) < PTY_MAX)
+ 
+ 
+-static int
+-is_pts(int fd)
+-{
+-	int nb;
+-
+-	return (_ioctl(fd, TIOCGPTN, &nb) == 0);
+-}
+-
+ #if 0
+ int
+ __use_pts(void)
+@@ -255,33 +247,43 @@
+ ptsname(int fildes)
+ {
+ 	static char pty_slave[] = _PATH_DEV PTYS_PREFIX "XY";
++#if 0
+ 	static char ptmx_slave[] = _PATH_DEV PTMXS_PREFIX "4294967295";
+-	char *retval;
++#endif
++	const char *master;
+ 	struct stat sbuf;
++#if 0
++	int ptn;
+ 
+-	retval = NULL;
+-
+-	if (_fstat(fildes, &sbuf) == 0) {
+-		if (!ISPTM(sbuf))
+-			errno = EINVAL;
+-		else {
+-			if (!is_pts(fildes)) {
+-				(void)snprintf(pty_slave, sizeof(pty_slave),
+-					       _PATH_DEV PTYS_PREFIX "%s",
+-					       devname(sbuf.st_rdev, S_IFCHR) +
+-					       strlen(PTYM_PREFIX));
+-				retval = pty_slave;
+-			} else {
+-				(void)snprintf(ptmx_slave, sizeof(ptmx_slave),
+-					       _PATH_DEV PTMXS_PREFIX "%s",
+-					       devname(sbuf.st_rdev, S_IFCHR) +
+-					       strlen(PTMXM_PREFIX));
+-				retval = ptmx_slave;
+-			}
+-		}
++	/* Handle pts(4) masters first. */
++	if (_ioctl(fildes, TIOCGPTN, &ptn) == 0) {
++		(void)snprintf(ptmx_slave, sizeof(ptmx_slave),
++		    _PATH_DEV PTMXS_PREFIX "%d", ptn);
++		return (ptmx_slave);
+ 	}
++#endif
+ 
+-	return (retval);
++	/* All master pty's must be char devices. */
++	if (_fstat(fildes, &sbuf) == -1)
++		goto invalid;
++	if (!S_ISCHR(sbuf.st_mode))
++		goto invalid;
++
++	/* Check to see if this device is a pty(4) master. */
++	master = devname(sbuf.st_rdev, S_IFCHR);
++	if (strlen(master) != strlen(PTYM_PREFIX "XY"))
++		goto invalid;
++	if (strncmp(master, PTYM_PREFIX, strlen(PTYM_PREFIX)) != 0)
++		goto invalid;
++
++	/* It is, so generate the corresponding pty(4) slave name. */
++	(void)snprintf(pty_slave, sizeof(pty_slave), _PATH_DEV PTYS_PREFIX "%s",
++	    master + strlen(PTYM_PREFIX));
++	return (pty_slave);
++
++invalid:
++	errno = EINVAL;
++	return (NULL);
+ }
+ 
+ /*
+@@ -290,18 +292,14 @@
+ int
+ unlockpt(int fildes)
+ {
+-	int retval;
+-	struct stat sbuf;
+ 
+ 	/*
+ 	 * Unlocking a master/slave pseudo-terminal pair has no meaning in a
+ 	 * non-streams PTY environment.  However, we do ensure fildes is a
+ 	 * valid master pseudo-terminal device.
+ 	 */
+-	if ((retval = _fstat(fildes, &sbuf)) == 0 && !ISPTM(sbuf)) {
+-		errno = EINVAL;
+-		retval = -1;
+-	}
++	if (ptsname(fildes) == NULL)
++		return (-1);
+ 
+-	return (retval);
++	return (0);
+ }
+Index: lib/libutil/pty.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libutil/pty.c,v
+retrieving revision 1.17.2.2
+diff -u -I__FBSDID -I$FreeBSD -r1.17.2.2 pty.c
+--- lib/libutil/pty.c	6 Dec 2007 10:15:29 -0000	1.17.2.2
++++ lib/libutil/pty.c	10 Jan 2008 20:55:28 -0000
+@@ -121,8 +121,7 @@
+ 					break; /* try the next pty group */
+ 			} else {
+ 				line[5] = 't';
+-				(void) chown(line, getuid(), ttygid);
+-				(void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
++				(void) grantpt(master);
+ 				(void) revoke(line);
+ 				if ((slave = open(line, O_RDWR, 0)) != -1) {
+ 					*amaster = master;
diff --git a/share/security/patches/SA-08:01/pty7.patch.asc b/share/security/patches/SA-08:01/pty7.patch.asc
new file mode 100644
index 0000000000..0c0217f82c
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty7.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHi+slFdaIBMps37IRArFdAKCghZpryUpRhJUSxwwFSqUwJKTH5gCfejaV
+CkuWDerPPd4LVahIfHXpq+I=
+=tFuu
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:01/pty7stable.patch b/share/security/patches/SA-08:01/pty7stable.patch
new file mode 100644
index 0000000000..f64a215c46
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty7stable.patch
@@ -0,0 +1,223 @@
+Index: lib/libc/stdlib/grantpt.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/stdlib/grantpt.c,v
+retrieving revision 1.7.2.3
+diff -u -I__FBSDID -I$FreeBSD -r1.7.2.3 grantpt.c
+--- lib/libc/stdlib/grantpt.c	31 Dec 2007 17:38:55 -0000	1.7.2.3
++++ lib/libc/stdlib/grantpt.c	10 Jan 2008 20:57:02 -0000
+@@ -84,14 +84,6 @@
+ 			 minor((x).st_rdev) < PTY_MAX)
+ 
+ 
+-static int
+-is_pts(int fd)
+-{
+-	int nb;
+-
+-	return (_ioctl(fd, TIOCGPTN, &nb) == 0);
+-}
+-
+ #if 0
+ int
+ __use_pts(void)
+@@ -255,33 +247,43 @@
+ ptsname(int fildes)
+ {
+ 	static char pty_slave[] = _PATH_DEV PTYS_PREFIX "XY";
++#if 0
+ 	static char ptmx_slave[] = _PATH_DEV PTMXS_PREFIX "4294967295";
+-	char *retval;
++#endif
++	const char *master;
+ 	struct stat sbuf;
++#if 0
++	int ptn;
+ 
+-	retval = NULL;
+-
+-	if (_fstat(fildes, &sbuf) == 0) {
+-		if (!ISPTM(sbuf))
+-			errno = EINVAL;
+-		else {
+-			if (!is_pts(fildes)) {
+-				(void)snprintf(pty_slave, sizeof(pty_slave),
+-					       _PATH_DEV PTYS_PREFIX "%s",
+-					       devname(sbuf.st_rdev, S_IFCHR) +
+-					       strlen(PTYM_PREFIX));
+-				retval = pty_slave;
+-			} else {
+-				(void)snprintf(ptmx_slave, sizeof(ptmx_slave),
+-					       _PATH_DEV PTMXS_PREFIX "%s",
+-					       devname(sbuf.st_rdev, S_IFCHR) +
+-					       strlen(PTMXM_PREFIX));
+-				retval = ptmx_slave;
+-			}
+-		}
++	/* Handle pts(4) masters first. */
++	if (_ioctl(fildes, TIOCGPTN, &ptn) == 0) {
++		(void)snprintf(ptmx_slave, sizeof(ptmx_slave),
++		    _PATH_DEV PTMXS_PREFIX "%d", ptn);
++		return (ptmx_slave);
+ 	}
++#endif
+ 
+-	return (retval);
++	/* All master pty's must be char devices. */
++	if (_fstat(fildes, &sbuf) == -1)
++		goto invalid;
++	if (!S_ISCHR(sbuf.st_mode))
++		goto invalid;
++
++	/* Check to see if this device is a pty(4) master. */
++	master = devname(sbuf.st_rdev, S_IFCHR);
++	if (strlen(master) != strlen(PTYM_PREFIX "XY"))
++		goto invalid;
++	if (strncmp(master, PTYM_PREFIX, strlen(PTYM_PREFIX)) != 0)
++		goto invalid;
++
++	/* It is, so generate the corresponding pty(4) slave name. */
++	(void)snprintf(pty_slave, sizeof(pty_slave), _PATH_DEV PTYS_PREFIX "%s",
++	    master + strlen(PTYM_PREFIX));
++	return (pty_slave);
++
++invalid:
++	errno = EINVAL;
++	return (NULL);
+ }
+ 
+ /*
+@@ -290,18 +292,14 @@
+ int
+ unlockpt(int fildes)
+ {
+-	int retval;
+-	struct stat sbuf;
+ 
+ 	/*
+ 	 * Unlocking a master/slave pseudo-terminal pair has no meaning in a
+ 	 * non-streams PTY environment.  However, we do ensure fildes is a
+ 	 * valid master pseudo-terminal device.
+ 	 */
+-	if ((retval = _fstat(fildes, &sbuf)) == 0 && !ISPTM(sbuf)) {
+-		errno = EINVAL;
+-		retval = -1;
+-	}
++	if (ptsname(fildes) == NULL)
++		return (-1);
+ 
+-	return (retval);
++	return (0);
+ }
+Index: lib/libutil/pty.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libutil/pty.c,v
+retrieving revision 1.17.2.2
+diff -u -I__FBSDID -I$FreeBSD -r1.17.2.2 pty.c
+--- lib/libutil/pty.c	6 Dec 2007 10:15:29 -0000	1.17.2.2
++++ lib/libutil/pty.c	10 Jan 2008 20:57:02 -0000
+@@ -49,13 +49,11 @@
+ #include <termios.h>
+ #include <unistd.h>
+ 
+-#if 0
+-int __use_pts(void);
+-
+-static int
+-new_openpty(int *amaster, int *aslave, char *name, struct termios *termp,
++int
++openpty(int *amaster, int *aslave, char *name, struct termios *termp,
+     struct winsize *winp)
+ {
++	const char *slavename;
+ 	int master, slave;
+ 
+ 	master = posix_openpt(O_RDWR);
+@@ -67,7 +65,18 @@
+ 		return (-1);
+ 	}
+ 
+-	slave = open(ptsname(master), O_RDWR);
++	slavename = ptsname(master);
++	if (slavename == NULL) {
++		close(master);
++		return (-1);
++	}
++
++	if (revoke(slavename) == -1) {
++		close(master);
++		return (-1);
++	}
++
++	slave = open(slavename, O_RDWR);
+ 	if (slave == -1) {
+ 		close(master);
+ 		return (-1);
+@@ -83,7 +92,7 @@
+ 	*aslave = slave;
+ 
+ 	if (name)
+-		strcpy(name, ptsname(master));
++		strcpy(name, slavename);
+ 	if (termp)
+ 		tcsetattr(slave, TCSAFLUSH, termp);
+ 	if (winp)
+@@ -91,59 +100,6 @@
+ 
+ 	return (0);
+ }
+-#endif
+-
+-int
+-openpty(int *amaster, int *aslave, char *name, struct termios *termp, struct winsize *winp)
+-{
+-	char line[] = "/dev/ptyXX";
+-	const char *cp1, *cp2;
+-	int master, slave, ttygid;
+-	struct group *gr;
+-
+-#if 0
+-	if (__use_pts())
+-		return (new_openpty(amaster, aslave, name, termp, winp));
+-#endif
+-
+-	if ((gr = getgrnam("tty")) != NULL)
+-		ttygid = gr->gr_gid;
+-	else
+-		ttygid = -1;
+-
+-	for (cp1 = "pqrsPQRSlmnoLMNO"; *cp1; cp1++) {
+-		line[8] = *cp1;
+-		for (cp2 = "0123456789abcdefghijklmnopqrstuv"; *cp2; cp2++) {
+-			line[5] = 'p';
+-			line[9] = *cp2;
+-			if ((master = open(line, O_RDWR, 0)) == -1) {
+-				if (errno == ENOENT)
+-					break; /* try the next pty group */
+-			} else {
+-				line[5] = 't';
+-				(void) chown(line, getuid(), ttygid);
+-				(void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
+-				(void) revoke(line);
+-				if ((slave = open(line, O_RDWR, 0)) != -1) {
+-					*amaster = master;
+-					*aslave = slave;
+-					if (name)
+-						strcpy(name, line);
+-					if (termp)
+-						(void) tcsetattr(slave,
+-							TCSAFLUSH, termp);
+-					if (winp)
+-						(void) ioctl(slave, TIOCSWINSZ,
+-							(char *)winp);
+-					return (0);
+-				}
+-				(void) close(master);
+-			}
+-		}
+-	}
+-	errno = ENOENT;	/* out of ptys */
+-	return (-1);
+-}
+ 
+ int
+ forkpty(int *amaster, char *name, struct termios *termp, struct winsize *winp)
diff --git a/share/security/patches/SA-08:01/pty7stable.patch.asc b/share/security/patches/SA-08:01/pty7stable.patch.asc
new file mode 100644
index 0000000000..0cb7fb7736
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty7stable.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHi+sqFdaIBMps37IRArdYAJ0cCoWcdXum7AFK3PRzzJHY5zUtvACgiWbv
+jN/GGkfvPdOum5E9nprFVVI=
+=VCAB
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:01/pty8.patch b/share/security/patches/SA-08:01/pty8.patch
new file mode 100644
index 0000000000..99555cbc30
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty8.patch
@@ -0,0 +1,205 @@
+Index: lib/libc/stdlib/grantpt.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/stdlib/grantpt.c,v
+retrieving revision 1.9
+diff -u -I__FBSDID -I$FreeBSD -r1.9 grantpt.c
+--- lib/libc/stdlib/grantpt.c	21 Dec 2007 21:26:08 -0000	1.9
++++ lib/libc/stdlib/grantpt.c	10 Jan 2008 20:35:06 -0000
+@@ -75,23 +75,6 @@
+  */
+ #define _PATH_PTCHOWN	"/usr/libexec/pt_chown"
+ 
+-/*
+- * ISPTM(x) returns 0 for struct stat x if x is not a pty master.
+- * The bounds checking may be unnecessary but it does eliminate doubt.
+- */
+-#define ISPTM(x)	(S_ISCHR((x).st_mode) && 			\
+-			 minor((x).st_rdev) >= 0 &&			\
+-			 minor((x).st_rdev) < PTY_MAX)
+-
+-
+-static int
+-is_pts(int fd)
+-{
+-	int nb;
+-
+-	return (_ioctl(fd, TIOCGPTN, &nb) == 0);
+-}
+-
+ int
+ __use_pts(void)
+ {
+@@ -251,33 +234,43 @@
+ ptsname(int fildes)
+ {
+ 	static char pty_slave[] = _PATH_DEV PTYS_PREFIX "XY";
++#if 0
+ 	static char ptmx_slave[] = _PATH_DEV PTMXS_PREFIX "4294967295";
+-	char *retval;
++#endif
++	const char *master;
+ 	struct stat sbuf;
++#if 0
++	int ptn;
+ 
+-	retval = NULL;
+-
+-	if (_fstat(fildes, &sbuf) == 0) {
+-		if (!ISPTM(sbuf))
+-			errno = EINVAL;
+-		else {
+-			if (!is_pts(fildes)) {
+-				(void)snprintf(pty_slave, sizeof(pty_slave),
+-					       _PATH_DEV PTYS_PREFIX "%s",
+-					       devname(sbuf.st_rdev, S_IFCHR) +
+-					       strlen(PTYM_PREFIX));
+-				retval = pty_slave;
+-			} else {
+-				(void)snprintf(ptmx_slave, sizeof(ptmx_slave),
+-					       _PATH_DEV PTMXS_PREFIX "%s",
+-					       devname(sbuf.st_rdev, S_IFCHR) +
+-					       strlen(PTMXM_PREFIX));
+-				retval = ptmx_slave;
+-			}
+-		}
++	/* Handle pts(4) masters first. */
++	if (_ioctl(fildes, TIOCGPTN, &ptn) == 0) {
++		(void)snprintf(ptmx_slave, sizeof(ptmx_slave),
++		    _PATH_DEV PTMXS_PREFIX "%d", ptn);
++		return (ptmx_slave);
+ 	}
++#endif
+ 
+-	return (retval);
++	/* All master pty's must be char devices. */
++	if (_fstat(fildes, &sbuf) == -1)
++		goto invalid;
++	if (!S_ISCHR(sbuf.st_mode))
++		goto invalid;
++
++	/* Check to see if this device is a pty(4) master. */
++	master = devname(sbuf.st_rdev, S_IFCHR);
++	if (strlen(master) != strlen(PTYM_PREFIX "XY"))
++		goto invalid;
++	if (strncmp(master, PTYM_PREFIX, strlen(PTYM_PREFIX)) != 0)
++		goto invalid;
++
++	/* It is, so generate the corresponding pty(4) slave name. */
++	(void)snprintf(pty_slave, sizeof(pty_slave), _PATH_DEV PTYS_PREFIX "%s",
++	    master + strlen(PTYM_PREFIX));
++	return (pty_slave);
++
++invalid:
++	errno = EINVAL;
++	return (NULL);
+ }
+ 
+ /*
+@@ -286,18 +279,14 @@
+ int
+ unlockpt(int fildes)
+ {
+-	int retval;
+-	struct stat sbuf;
+ 
+ 	/*
+ 	 * Unlocking a master/slave pseudo-terminal pair has no meaning in a
+ 	 * non-streams PTY environment.  However, we do ensure fildes is a
+ 	 * valid master pseudo-terminal device.
+ 	 */
+-	if ((retval = _fstat(fildes, &sbuf)) == 0 && !ISPTM(sbuf)) {
+-		errno = EINVAL;
+-		retval = -1;
+-	}
++	if (ptsname(fildes) == NULL)
++		return (-1);
+ 
+-	return (retval);
++	return (0);
+ }
+Index: lib/libutil/pty.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libutil/pty.c,v
+retrieving revision 1.19
+diff -u -I__FBSDID -I$FreeBSD -r1.19 pty.c
+--- lib/libutil/pty.c	20 Dec 2007 21:10:06 -0000	1.19
++++ lib/libutil/pty.c	10 Jan 2008 20:35:06 -0000
+@@ -49,10 +49,8 @@
+ #include <termios.h>
+ #include <unistd.h>
+ 
+-int __use_pts(void);
+-
+-static int
+-new_openpty(int *amaster, int *aslave, char *name, struct termios *termp,
++int
++openpty(int *amaster, int *aslave, char *name, struct termios *termp,
+     struct winsize *winp)
+ {
+ 	const char *slavename;
+@@ -94,7 +92,7 @@
+ 	*aslave = slave;
+ 
+ 	if (name)
+-		strcpy(name, ptsname(master));
++		strcpy(name, slavename);
+ 	if (termp)
+ 		tcsetattr(slave, TCSAFLUSH, termp);
+ 	if (winp)
+@@ -104,56 +102,6 @@
+ }
+ 
+ int
+-openpty(int *amaster, int *aslave, char *name, struct termios *termp, struct winsize *winp)
+-{
+-	char line[] = "/dev/ptyXX";
+-	const char *cp1, *cp2;
+-	int master, slave, ttygid;
+-	struct group *gr;
+-
+-	if (__use_pts())
+-		return (new_openpty(amaster, aslave, name, termp, winp));
+-
+-	if ((gr = getgrnam("tty")) != NULL)
+-		ttygid = gr->gr_gid;
+-	else
+-		ttygid = -1;
+-
+-	for (cp1 = "pqrsPQRSlmnoLMNO"; *cp1; cp1++) {
+-		line[8] = *cp1;
+-		for (cp2 = "0123456789abcdefghijklmnopqrstuv"; *cp2; cp2++) {
+-			line[5] = 'p';
+-			line[9] = *cp2;
+-			if ((master = open(line, O_RDWR, 0)) == -1) {
+-				if (errno == ENOENT)
+-					break; /* try the next pty group */
+-			} else {
+-				line[5] = 't';
+-				(void) chown(line, getuid(), ttygid);
+-				(void) chmod(line, S_IRUSR|S_IWUSR|S_IWGRP);
+-				(void) revoke(line);
+-				if ((slave = open(line, O_RDWR, 0)) != -1) {
+-					*amaster = master;
+-					*aslave = slave;
+-					if (name)
+-						strcpy(name, line);
+-					if (termp)
+-						(void) tcsetattr(slave,
+-							TCSAFLUSH, termp);
+-					if (winp)
+-						(void) ioctl(slave, TIOCSWINSZ,
+-							(char *)winp);
+-					return (0);
+-				}
+-				(void) close(master);
+-			}
+-		}
+-	}
+-	errno = ENOENT;	/* out of ptys */
+-	return (-1);
+-}
+-
+-int
+ forkpty(int *amaster, char *name, struct termios *termp, struct winsize *winp)
+ {
+ 	int master, slave, pid;
diff --git a/share/security/patches/SA-08:01/pty8.patch.asc b/share/security/patches/SA-08:01/pty8.patch.asc
new file mode 100644
index 0000000000..567f0f9c51
--- /dev/null
+++ b/share/security/patches/SA-08:01/pty8.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHi+swFdaIBMps37IRAq4JAJ0ZLyMG1/rjK4t33K204WC0yRBlFgCfTovb
+4tV2zvItY9IUrQlsG1Qb4p0=
+=r9hC
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:02/libc.patch b/share/security/patches/SA-08:02/libc.patch
new file mode 100644
index 0000000000..aab2024abc
--- /dev/null
+++ b/share/security/patches/SA-08:02/libc.patch
@@ -0,0 +1,19 @@
+Index: lib/libc/inet/inet_network.c
+===================================================================
+RCS file: /home/ncvs/src/lib/libc/inet/inet_network.c,v
+retrieving revision 1.4
+diff -u -u -r1.4 inet_network.c
+--- lib/libc/inet/inet_network.c	3 Jun 2007 17:20:26 -0000	1.4
++++ lib/libc/inet/inet_network.c	6 Jan 2008 15:38:28 -0000
+@@ -82,9 +82,9 @@
+ 	}
+ 	if (!digit)
+ 		return (INADDR_NONE);
++	if (pp >= parts + 4 || val > 0xffU)
++		return (INADDR_NONE);
+ 	if (*cp == '.') {
+-		if (pp >= parts + 4 || val > 0xffU)
+-			return (INADDR_NONE);
+ 		*pp++ = val, cp++;
+ 		goto again;
+ 	}
diff --git a/share/security/patches/SA-08:02/libc.patch.asc b/share/security/patches/SA-08:02/libc.patch.asc
new file mode 100644
index 0000000000..e0f9a4806d
--- /dev/null
+++ b/share/security/patches/SA-08:02/libc.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBHi+sJFdaIBMps37IRAqHyAJwJsTUfRkKrkxnXm0EC9PspN1kXVwCffiX7
+A07hmagOp/wTb3wG4/3PO5o=
+=Gmr0
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:03/sendfile.patch b/share/security/patches/SA-08:03/sendfile.patch
new file mode 100644
index 0000000000..2be1b5777f
--- /dev/null
+++ b/share/security/patches/SA-08:03/sendfile.patch
@@ -0,0 +1,61 @@
+Index: sys/kern/kern_descrip.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_descrip.c,v
+retrieving revision 1.313
+diff -u -d -r1.313 kern_descrip.c
+--- sys/kern/kern_descrip.c	6 Aug 2007 14:26:00 -0000	1.313
++++ sys/kern/kern_descrip.c	4 Feb 2008 19:05:42 -0000
+@@ -2046,7 +2046,7 @@
+ 	int error;
+ 
+ 	*vpp = NULL;
+-	if ((error = _fget(td, fd, &fp, 0, 0)) != 0)
++	if ((error = _fget(td, fd, &fp, flags, 0)) != 0)
+ 		return (error);
+ 	if (fp->f_vnode == NULL) {
+ 		error = EINVAL;
+Index: sys/kern/uipc_syscalls.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/uipc_syscalls.c,v
+retrieving revision 1.259.2.1
+diff -u -d -r1.259.2.1 uipc_syscalls.c
+--- sys/kern/uipc_syscalls.c	1 Feb 2008 22:51:39 -0000	1.259.2.1
++++ sys/kern/uipc_syscalls.c	4 Feb 2008 19:05:42 -0000
+@@ -1796,20 +1796,23 @@
+ 		goto out;
+ 	vfslocked = VFS_LOCK_GIANT(vp->v_mount);
+ 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+-	obj = vp->v_object;
+-	if (obj != NULL) {
+-		/*
+-		 * Temporarily increase the backing VM object's reference
+-		 * count so that a forced reclamation of its vnode does not
+-		 * immediately destroy it.
+-		 */
+-		VM_OBJECT_LOCK(obj);
+-		if ((obj->flags & OBJ_DEAD) == 0) {
+-			vm_object_reference_locked(obj);
+-			VM_OBJECT_UNLOCK(obj);
+-		} else {
+-			VM_OBJECT_UNLOCK(obj);
+-			obj = NULL;
++	if (vp->v_type == VREG) {
++		obj = vp->v_object;
++		if (obj != NULL) {
++			/*
++			 * Temporarily increase the backing VM
++			 * object's reference count so that a forced
++			 * reclamation of its vnode does not
++			 * immediately destroy it.
++			 */
++			VM_OBJECT_LOCK(obj);
++			if ((obj->flags & OBJ_DEAD) == 0) {
++				vm_object_reference_locked(obj);
++				VM_OBJECT_UNLOCK(obj);
++			} else {
++				VM_OBJECT_UNLOCK(obj);
++				obj = NULL;
++			}
+ 		}
+ 	}
+ 	VOP_UNLOCK(vp, 0, td);
diff --git a/share/security/patches/SA-08:03/sendfile.patch.asc b/share/security/patches/SA-08:03/sendfile.patch.asc
new file mode 100644
index 0000000000..e67ca119f6
--- /dev/null
+++ b/share/security/patches/SA-08:03/sendfile.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.8 (FreeBSD)
+
+iD8DBQBHtC0gFdaIBMps37IRAkiAAKCITg1m4HzjX3loeIL+7L3QqVp+hQCeLzKA
+42aFaloqelt6Et9RwfM+GPU=
+=yQh7
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:03/sendfile55.patch b/share/security/patches/SA-08:03/sendfile55.patch
new file mode 100644
index 0000000000..256867d9b2
--- /dev/null
+++ b/share/security/patches/SA-08:03/sendfile55.patch
@@ -0,0 +1,16 @@
+Index: sys/kern/kern_descrip.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_descrip.c,v
+retrieving revision 1.313
+diff -u -d -r1.313 kern_descrip.c
+--- sys/kern/kern_descrip.c	6 Aug 2007 14:26:00 -0000	1.313
++++ sys/kern/kern_descrip.c	4 Feb 2008 19:05:42 -0000
+@@ -2046,7 +2046,7 @@
+ 	int error;
+ 
+ 	*vpp = NULL;
+-	if ((error = _fget(td, fd, &fp, 0, 0)) != 0)
++	if ((error = _fget(td, fd, &fp, flags, 0)) != 0)
+ 		return (error);
+ 	if (fp->f_vnode == NULL) {
+ 		error = EINVAL;
diff --git a/share/security/patches/SA-08:03/sendfile55.patch.asc b/share/security/patches/SA-08:03/sendfile55.patch.asc
new file mode 100644
index 0000000000..58ebab3499
--- /dev/null
+++ b/share/security/patches/SA-08:03/sendfile55.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.8 (FreeBSD)
+
+iD8DBQBHtC0lFdaIBMps37IRAvsSAJ9Q4vzdZQwJB0kfeVTANjqoMmvTRQCgn0l4
++nwAtY2TdWBxD7p/ptVs24U=
+=eTMF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:03/sendfile61.patch b/share/security/patches/SA-08:03/sendfile61.patch
new file mode 100644
index 0000000000..5bc5e41b55
--- /dev/null
+++ b/share/security/patches/SA-08:03/sendfile61.patch
@@ -0,0 +1,42 @@
+Index: sys/kern/kern_descrip.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_descrip.c,v
+retrieving revision 1.279.2.6
+diff -u -d -r1.279.2.6 kern_descrip.c
+--- sys/kern/kern_descrip.c	23 Mar 2006 04:07:01 -0000	1.279.2.6
++++ sys/kern/kern_descrip.c	10 Feb 2008 20:58:40 -0000
+@@ -2031,7 +2031,7 @@
+ 	int error;
+ 
+ 	*vpp = NULL;
+-	if ((error = _fget(td, fd, &fp, 0, 0)) != 0)
++	if ((error = _fget(td, fd, &fp, flags, 0)) != 0)
+ 		return (error);
+ 	if (fp->f_vnode == NULL) {
+ 		error = EINVAL;
+Index: sys/kern/uipc_syscalls.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/uipc_syscalls.c,v
+retrieving revision 1.221.2.1
+diff -u -d -r1.221.2.1 uipc_syscalls.c
+--- sys/kern/uipc_syscalls.c	28 Dec 2005 19:30:41 -0000	1.221.2.1
++++ sys/kern/uipc_syscalls.c	10 Feb 2008 21:35:00 -0000
+@@ -1762,7 +1762,7 @@
+ do_sendfile(struct thread *td, struct sendfile_args *uap, int compat)
+ {
+ 	struct vnode *vp;
+-	struct vm_object *obj;
++	struct vm_object *obj = NULL;
+ 	struct socket *so = NULL;
+ 	struct mbuf *m, *m_header = NULL;
+ 	struct sf_buf *sf;
+@@ -1783,7 +1783,8 @@
+ 	if ((error = fgetvp_read(td, uap->fd, &vp)) != 0)
+ 		goto done;
+ 	vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+-	obj = vp->v_object;
++	if (vp->v_type == VREG)
++		obj = vp->v_object;
+ 	VOP_UNLOCK(vp, 0, td);
+ 	if (obj == NULL) {
+ 		error = EINVAL;
diff --git a/share/security/patches/SA-08:03/sendfile61.patch.asc b/share/security/patches/SA-08:03/sendfile61.patch.asc
new file mode 100644
index 0000000000..89dc3b51da
--- /dev/null
+++ b/share/security/patches/SA-08:03/sendfile61.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.8 (FreeBSD)
+
+iD8DBQBHtC0pFdaIBMps37IRAh59AJ0Samx+yHn9hqljp77hmQJImgjUTQCeNSJ4
+jHr8d9ES9aX84mPBp+lpEeg=
+=xafm
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:04/ipsec.patch b/share/security/patches/SA-08:04/ipsec.patch
new file mode 100644
index 0000000000..f57b0c943a
--- /dev/null
+++ b/share/security/patches/SA-08:04/ipsec.patch
@@ -0,0 +1,16 @@
+Index: sys/netinet6/ipcomp_input.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/Attic/ipcomp_input.c,v
+retrieving revision 1.7.4.1
+diff -u -r1.7.4.1 ipcomp_input.c
+--- sys/netinet6/ipcomp_input.c	31 Jan 2005 23:26:39 -0000	1.7.4.1
++++ sys/netinet6/ipcomp_input.c	13 Feb 2008 13:44:24 -0000
+@@ -258,7 +258,7 @@
+ 	off = *offp;
+ 
+ 	md = m_pulldown(m, off, sizeof(*ipcomp), NULL);
+-	if (!m) {
++	if (!md) {
+ 		m = NULL;	/* already freed */
+ 		ipseclog((LOG_DEBUG, "IPv6 IPComp input: assumption failed "
+ 		    "(pulldown failure)\n"));
diff --git a/share/security/patches/SA-08:04/ipsec.patch.asc b/share/security/patches/SA-08:04/ipsec.patch.asc
new file mode 100644
index 0000000000..f8a7f13a6b
--- /dev/null
+++ b/share/security/patches/SA-08:04/ipsec.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.8 (FreeBSD)
+
+iD8DBQBHtC0cFdaIBMps37IRAvXaAJ4p1qsq+D7Fd0W9kMqeYoWD0nWqGgCffxwI
+OyR7ilX2UUL8FQ5J9BjA+Hc=
+=uZol
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:05/openssh.patch b/share/security/patches/SA-08:05/openssh.patch
new file mode 100644
index 0000000000..6cc0b64013
--- /dev/null
+++ b/share/security/patches/SA-08:05/openssh.patch
@@ -0,0 +1,17 @@
+Index: crypto/openssh/channels.c
+===================================================================
+RCS file: /home/ncvs/src/crypto/openssh/channels.c,v
+retrieving revision 1.23
+diff -u -r1.23 channels.c
+--- crypto/openssh/channels.c	30 Sep 2006 13:38:04 -0000	1.23
++++ crypto/openssh/channels.c	15 Apr 2008 19:09:48 -0000
+@@ -2895,9 +2895,6 @@
+ 				debug2("bind port %d: %.100s", port, strerror(errno));
+ 				close(sock);
+ 
+-				if (ai->ai_next)
+-					continue;
+-
+ 				for (n = 0; n < num_socks; n++) {
+ 					close(socks[n]);
+ 				}
diff --git a/share/security/patches/SA-08:05/openssh.patch.asc b/share/security/patches/SA-08:05/openssh.patch.asc
new file mode 100644
index 0000000000..e1235bab4a
--- /dev/null
+++ b/share/security/patches/SA-08:05/openssh.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.7 (FreeBSD)
+
+iD8DBQBIBpW5FdaIBMps37IRAtA+AJ0WzQJOGv2m+axpXht6LM0UpT1QtACfYGDE
+88sq7IUrHaABRz7LeKNCPkk=
+=Uc39
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:06/bind63.patch b/share/security/patches/SA-08:06/bind63.patch
new file mode 100644
index 0000000000..9a201b4cb6
--- /dev/null
+++ b/share/security/patches/SA-08:06/bind63.patch
@@ -0,0 +1,1220 @@
+Index: contrib/bind9/bin/named/client.c
+===================================================================
+RCS file: /usr/ncvs/src/contrib/bind9/bin/named/client.c,v
+retrieving revision 1.1.1.2.2.3
+diff -u -r1.1.1.2.2.3 client.c
+--- contrib/bind9/bin/named/client.c	25 Jul 2007 08:23:07 -0000	1.1.1.2.2.3
++++ contrib/bind9/bin/named/client.c	10 Jul 2008 16:07:20 -0000
+@@ -1349,14 +1349,6 @@
+ 	}
+ 
+ 	/*
+-	 * Hash the incoming request here as it is after
+-	 * dns_dispatch_importrecv().
+-	 */
+-	dns_dispatch_hash(&client->now, sizeof(client->now));
+-	dns_dispatch_hash(isc_buffer_base(buffer),
+-			  isc_buffer_usedlength(buffer));
+-
+-	/*
+ 	 * It's a request.  Parse it.
+ 	 */
+ 	result = dns_message_parse(client->message, buffer, 0);
+Index: contrib/bind9/bin/named/server.c
+===================================================================
+RCS file: /usr/ncvs/src/contrib/bind9/bin/named/server.c,v
+retrieving revision 1.1.1.2.2.2
+diff -u -r1.1.1.2.2.2 server.c
+--- contrib/bind9/bin/named/server.c	13 Dec 2006 09:46:50 -0000	1.1.1.2.2.2
++++ contrib/bind9/bin/named/server.c	10 Jul 2008 16:07:20 -0000
+@@ -477,6 +477,14 @@
+ 		attrs |= DNS_DISPATCHATTR_IPV6;
+ 		break;
+ 	}
++
++	if (isc_sockaddr_getport(&sa) != 0) {
++		INSIST(obj != NULL);
++		cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO,
++			    "using specific query-source port suppresses port "
++			    "randomization and can be insecure.");
++	}
++
+ 	attrmask = 0;
+ 	attrmask |= DNS_DISPATCHATTR_UDP;
+ 	attrmask |= DNS_DISPATCHATTR_TCP;
+@@ -486,7 +494,7 @@
+ 	disp = NULL;
+ 	result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
+ 				     ns_g_taskmgr, &sa, 4096,
+-				     1000, 32768, 16411, 16433,
++				     1024, 32768, 16411, 16433,
+ 				     attrs, attrmask, &disp);
+ 	if (result != ISC_R_SUCCESS) {
+ 		isc_sockaddr_t any;
+@@ -1858,7 +1866,9 @@
+ }
+ 
+ static isc_result_t
+-add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr) {
++add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr,
++	      isc_boolean_t wcardport_ok)
++{
+ 	ns_listenelt_t *lelt = NULL;
+ 	dns_acl_t *src_acl = NULL;
+ 	dns_aclelement_t aelt;
+@@ -1868,7 +1878,8 @@
+ 	REQUIRE(isc_sockaddr_pf(addr) == AF_INET6);
+ 
+ 	isc_sockaddr_any6(&any_sa6);
+-	if (!isc_sockaddr_equal(&any_sa6, addr)) {
++	if (!isc_sockaddr_equal(&any_sa6, addr) &&
++	    (wcardport_ok || isc_sockaddr_getport(addr) != 0)) {
+ 		aelt.type = dns_aclelementtype_ipprefix;
+ 		aelt.negative = ISC_FALSE;
+ 		aelt.u.ip_prefix.prefixlen = 128;
+@@ -1927,7 +1938,16 @@
+ 		result = dns_dispatch_getlocaladdress(dispatch6, &addr);
+ 		if (result != ISC_R_SUCCESS)
+ 			goto fail;
+-		result = add_listenelt(mctx, list, &addr);
++
++		/*
++		 * We always add non-wildcard address regardless of whether
++		 * the port is 'any' (the fourth arg is TRUE): if the port is
++		 * specific, we need to add it since it may conflict with a
++		 * listening interface; if it's zero, we'll dynamically open
++		 * query ports, and some of them may override an existing
++		 * wildcard IPv6 port.
++		 */
++		result = add_listenelt(mctx, list, &addr, ISC_TRUE);
+ 		if (result != ISC_R_SUCCESS)
+ 			goto fail;
+ 	}
+@@ -1957,12 +1977,12 @@
+ 			continue;
+ 
+ 		addrp = dns_zone_getnotifysrc6(zone);
+-		result = add_listenelt(mctx, list, addrp);
++		result = add_listenelt(mctx, list, addrp, ISC_FALSE);
+ 		if (result != ISC_R_SUCCESS)
+ 			goto fail;
+ 
+ 		addrp = dns_zone_getxfrsource6(zone);
+-		result = add_listenelt(mctx, list, addrp);
++		result = add_listenelt(mctx, list, addrp, ISC_FALSE);
+ 		if (result != ISC_R_SUCCESS)
+ 			goto fail;
+ 	}
+Index: contrib/bind9/lib/dns/api
+===================================================================
+RCS file: /usr/ncvs/src/contrib/bind9/lib/dns/api,v
+retrieving revision 1.1.1.2.2.3
+diff -u -r1.1.1.2.2.3 api
+--- contrib/bind9/lib/dns/api	7 Feb 2007 00:42:08 -0000	1.1.1.2.2.3
++++ contrib/bind9/lib/dns/api	10 Jul 2008 16:07:28 -0000
+@@ -1,3 +1,3 @@
+-LIBINTERFACE = 23
+-LIBREVISION = 0
+-LIBAGE = 1
++LIBINTERFACE = 24
++LIBREVISION = 2
++LIBAGE = 2
+Index: contrib/bind9/lib/dns/dispatch.c
+===================================================================
+RCS file: /usr/ncvs/src/contrib/bind9/lib/dns/dispatch.c,v
+retrieving revision 1.1.1.1.4.2
+diff -u -r1.1.1.1.4.2 dispatch.c
+--- contrib/bind9/lib/dns/dispatch.c	25 Jul 2007 08:23:07 -0000	1.1.1.1.4.2
++++ contrib/bind9/lib/dns/dispatch.c	10 Jul 2008 16:07:28 -0000
+@@ -27,6 +27,7 @@
+ #include <isc/mem.h>
+ #include <isc/mutex.h>
+ #include <isc/print.h>
++#include <isc/random.h>
+ #include <isc/string.h>
+ #include <isc/task.h>
+ #include <isc/time.h>
+@@ -43,25 +44,22 @@
+ 
+ typedef ISC_LIST(dns_dispentry_t)	dns_displist_t;
+ 
+-typedef struct dns_nsid {
+-	isc_uint16_t	nsid_state;
+-	isc_uint16_t	*nsid_vtable;
+-	isc_uint16_t	*nsid_pool;
+-	isc_uint16_t	nsid_a1, nsid_a2, nsid_a3;
+-	isc_uint16_t	nsid_c1, nsid_c2, nsid_c3;
+-	isc_uint16_t	nsid_state2;
+-	isc_boolean_t	nsid_usepool;
+-} dns_nsid_t;
+-
+ typedef struct dns_qid {
+ 	unsigned int	magic;
+ 	unsigned int	qid_nbuckets;	/* hash table size */
+ 	unsigned int	qid_increment;	/* id increment on collision */
+ 	isc_mutex_t	lock;
+-	dns_nsid_t	nsid;
+ 	dns_displist_t	*qid_table;	/* the table itself */
+ } dns_qid_t;
+ 
++/* ARC4 Random generator state */
++typedef struct arc4ctx {
++	isc_uint8_t	i;
++	isc_uint8_t	j;
++	isc_uint8_t	s[256];
++	int		count;
++} arc4ctx_t;
++
+ struct dns_dispatchmgr {
+ 	/* Unlocked. */
+ 	unsigned int			magic;
+@@ -74,6 +72,10 @@
+ 	unsigned int			state;
+ 	ISC_LIST(dns_dispatch_t)	list;
+ 
++	/* Locked by arc4_lock. */
++	isc_mutex_t			arc4_lock;
++	arc4ctx_t			arc4ctx;    /*%< ARC4 context for QID */
++
+ 	/* locked by buffer lock */
+ 	dns_qid_t			*qid;
+ 	isc_mutex_t			buffer_lock;
+@@ -100,6 +102,7 @@
+ 	unsigned int			magic;
+ 	dns_dispatch_t		       *disp;
+ 	dns_messageid_t			id;
++	in_port_t			port;
+ 	unsigned int			bucket;
+ 	isc_sockaddr_t			host;
+ 	isc_task_t		       *task;
+@@ -119,6 +122,7 @@
+ 	isc_task_t	       *task;		/* internal task */
+ 	isc_socket_t	       *socket;		/* isc socket attached to */
+ 	isc_sockaddr_t		local;		/* local address */
++	in_port_t		localport;	/* local UDP port */
+ 	unsigned int		maxrequests;	/* max requests */
+ 	isc_event_t	       *ctlevent;
+ 
+@@ -161,14 +165,14 @@
+  * Statics.
+  */
+ static dns_dispentry_t *bucket_search(dns_qid_t *, isc_sockaddr_t *,
+-				      dns_messageid_t, unsigned int);
++				      dns_messageid_t, in_port_t, unsigned int);
+ static isc_boolean_t destroy_disp_ok(dns_dispatch_t *);
+ static void destroy_disp(isc_task_t *task, isc_event_t *event);
+ static void udp_recv(isc_task_t *, isc_event_t *);
+ static void tcp_recv(isc_task_t *, isc_event_t *);
+ static void startrecv(dns_dispatch_t *);
+-static dns_messageid_t dns_randomid(dns_nsid_t *);
+-static isc_uint32_t dns_hash(dns_qid_t *, isc_sockaddr_t *, dns_messageid_t);
++static isc_uint32_t dns_hash(dns_qid_t *, isc_sockaddr_t *, dns_messageid_t,
++			     in_port_t);
+ static void free_buffer(dns_dispatch_t *disp, void *buf, unsigned int len);
+ static void *allocate_udp_buffer(dns_dispatch_t *disp);
+ static inline void free_event(dns_dispatch_t *disp, dns_dispatchevent_t *ev);
+@@ -188,12 +192,8 @@
+ static isc_boolean_t destroy_mgr_ok(dns_dispatchmgr_t *mgr);
+ static void destroy_mgr(dns_dispatchmgr_t **mgrp);
+ static isc_result_t qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
+-				 unsigned int increment, isc_boolean_t usepool,
+-				 dns_qid_t **qidp);
++				 unsigned int increment, dns_qid_t **qidp);
+ static void qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp);
+-static isc_uint16_t nsid_next(dns_nsid_t *nsid);
+-static isc_result_t nsid_init(isc_mem_t *mctx, dns_nsid_t *nsid, isc_boolean_t usepool);
+-static void nsid_destroy(isc_mem_t *mctx, dns_nsid_t *nsid);
+ 
+ #define LVL(x) ISC_LOG_DEBUG(x)
+ 
+@@ -274,26 +274,152 @@
+ }
+ 
+ /*
+- * Return an unpredictable message ID.
++ * ARC4 random number generator obtained from OpenBSD
+  */
+-static dns_messageid_t
+-dns_randomid(dns_nsid_t *nsid) {
+-	isc_uint32_t id;
++static void
++dispatch_arc4init(arc4ctx_t *actx) {
++	int n;
++	for (n = 0; n < 256; n++)
++		actx->s[n] = n;
++	actx->i = 0;
++	actx->j = 0;
++	actx->count = 0;
++}
++
++static void
++dispatch_arc4addrandom(arc4ctx_t *actx, unsigned char *dat, int datlen) {
++	int n;
++	isc_uint8_t si;
++
++	actx->i--;
++	for (n = 0; n < 256; n++) {
++		actx->i = (actx->i + 1);
++		si = actx->s[actx->i];
++		actx->j = (actx->j + si + dat[n % datlen]);
++		actx->s[actx->i] = actx->s[actx->j];
++		actx->s[actx->j] = si;
++	}
++	actx->j = actx->i;
++}
++
++static inline isc_uint8_t
++dispatch_arc4get8(arc4ctx_t *actx) {
++	isc_uint8_t si, sj;
++
++	actx->i = (actx->i + 1);
++	si = actx->s[actx->i];
++	actx->j = (actx->j + si);
++	sj = actx->s[actx->j];
++	actx->s[actx->i] = sj;
++	actx->s[actx->j] = si;
++
++	return (actx->s[(si + sj) & 0xff]);
++}
++
++static inline isc_uint16_t
++dispatch_arc4get16(arc4ctx_t *actx) {
++	isc_uint16_t val;
++
++	val = dispatch_arc4get8(actx) << 8;
++	val |= dispatch_arc4get8(actx);
++
++	return (val);
++}
++
++static void
++dispatch_arc4stir(dns_dispatchmgr_t *mgr) {
++	int i;
++	union {
++		unsigned char rnd[128];
++		isc_uint32_t rnd32[32];
++	} rnd;
++	isc_result_t result;
+ 
+-	id = nsid_next(nsid);
++	if (mgr->entropy != NULL) {
++		/*
++		 * We accept any quality of random data to avoid blocking.
++		 */
++		result = isc_entropy_getdata(mgr->entropy, rnd.rnd,
++					     sizeof(rnd), NULL, 0);
++		RUNTIME_CHECK(result == ISC_R_SUCCESS);
++	} else {
++		for (i = 0; i < 32; i++)
++			isc_random_get(&rnd.rnd32[i]);
++	}
++	dispatch_arc4addrandom(&mgr->arc4ctx, rnd.rnd, sizeof(rnd.rnd));
+ 
+-	return ((dns_messageid_t)id);
++	/*
++	 * Discard early keystream, as per recommendations in:
++	 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
++	 */
++	for (i = 0; i < 256; i++)
++		(void)dispatch_arc4get8(&mgr->arc4ctx);
++
++	/*
++	 * Derived from OpenBSD's implementation.  The rationale is not clear,
++	 * but should be conservative enough in safety, and reasonably large
++	 * for efficiency.
++	 */
++	mgr->arc4ctx.count = 1600000;
++}
++
++static isc_uint16_t
++dispatch_arc4random(dns_dispatchmgr_t *mgr) {
++	isc_uint16_t result;
++
++	LOCK(&mgr->arc4_lock);
++	mgr->arc4ctx.count -= sizeof(isc_uint16_t);
++	if (mgr->arc4ctx.count <= 0)
++		dispatch_arc4stir(mgr);
++	result = dispatch_arc4get16(&mgr->arc4ctx);
++	UNLOCK(&mgr->arc4_lock);
++	return (result);
++}
++
++static isc_uint16_t
++dispatch_arc4uniformrandom(dns_dispatchmgr_t *mgr, isc_uint16_t upper_bound) {
++	isc_uint16_t min, r;
++	/* The caller must hold the manager lock. */
++
++	if (upper_bound < 2)
++		return (0);
++
++	/*
++	 * Ensure the range of random numbers [min, 0xffff] be a multiple of
++	 * upper_bound and contain at least a half of the 16 bit range.
++	 */
++
++	if (upper_bound > 0x8000)
++		min = 1 + ~upper_bound; /* 0x8000 - upper_bound */
++	else
++		min = (isc_uint16_t)(0x10000 % (isc_uint32_t)upper_bound);
++
++	/*
++	 * This could theoretically loop forever but each retry has
++	 * p > 0.5 (worst case, usually far better) of selecting a
++	 * number inside the range we need, so it should rarely need
++	 * to re-roll.
++	 */
++	for (;;) {
++		r = dispatch_arc4random(mgr);
++		if (r >= min)
++			break;
++	}
++
++	return (r % upper_bound);
+ }
+ 
+ /*
+  * Return a hash of the destination and message id.
+  */
+ static isc_uint32_t
+-dns_hash(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id) {
++dns_hash(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id,
++	 in_port_t port)
++{
+ 	unsigned int ret;
+ 
+ 	ret = isc_sockaddr_hash(dest, ISC_TRUE);
+-	ret ^= id;
++	ret ^= (id << 16) | port;
+ 	ret %= qid->qid_nbuckets;
+ 
+ 	INSIST(ret < qid->qid_nbuckets);
+@@ -410,7 +536,7 @@
+  */
+ static dns_dispentry_t *
+ bucket_search(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id,
+-	      unsigned int bucket)
++	      in_port_t port, unsigned int bucket)
+ {
+ 	dns_dispentry_t *res;
+ 
+@@ -419,8 +545,10 @@
+ 	res = ISC_LIST_HEAD(qid->qid_table[bucket]);
+ 
+ 	while (res != NULL) {
+-		if ((res->id == id) && isc_sockaddr_equal(dest, &res->host))
++		if ((res->id == id) && isc_sockaddr_equal(dest, &res->host) &&
++		    res->port == port) {
+ 			return (res);
++		}
+ 		res = ISC_LIST_NEXT(res, link);
+ 	}
+ 
+@@ -622,13 +750,10 @@
+ 		goto restart;
+ 	}
+ 
+-	dns_dispatch_hash(&ev->timestamp, sizeof(&ev->timestamp));
+-	dns_dispatch_hash(ev->region.base, ev->region.length);
+-
+ 	/* response */
+-	bucket = dns_hash(qid, &ev->address, id);
++	bucket = dns_hash(qid, &ev->address, id, disp->localport);
+ 	LOCK(&qid->lock);
+-	resp = bucket_search(qid, &ev->address, id, bucket);
++	resp = bucket_search(qid, &ev->address, id, disp->localport, bucket);
+ 	dispatch_log(disp, LVL(90),
+ 		     "search for response in bucket %d: %s",
+ 		     bucket, (resp == NULL ? "not found" : "found"));
+@@ -859,14 +984,13 @@
+ 		goto restart;
+ 	}
+ 
+-	dns_dispatch_hash(tcpmsg->buffer.base, tcpmsg->buffer.length);
+-
+ 	/*
+ 	 * Response.
+ 	 */
+-	bucket = dns_hash(qid, &tcpmsg->address, id);
++	bucket = dns_hash(qid, &tcpmsg->address, id, disp->localport);
+ 	LOCK(&qid->lock);
+-	resp = bucket_search(qid, &tcpmsg->address, id, bucket);
++	resp = bucket_search(qid, &tcpmsg->address, id, disp->localport,
++			     bucket);
+ 	dispatch_log(disp, LVL(90),
+ 		     "search for response in bucket %d: %s",
+ 		     bucket, (resp == NULL ? "not found" : "found"));
+@@ -1015,6 +1139,8 @@
+ 	DESTROYLOCK(&mgr->lock);
+ 	mgr->state = 0;
+ 
++	DESTROYLOCK(&mgr->arc4_lock);
++
+ 	isc_mempool_destroy(&mgr->epool);
+ 	isc_mempool_destroy(&mgr->rpool);
+ 	isc_mempool_destroy(&mgr->dpool);
+@@ -1093,10 +1219,14 @@
+ 	if (result != ISC_R_SUCCESS)
+ 		goto deallocate;
+ 
+-	result = isc_mutex_init(&mgr->buffer_lock);
++	result = isc_mutex_init(&mgr->arc4_lock);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto kill_lock;
+ 
++	result = isc_mutex_init(&mgr->buffer_lock);
++	if (result != ISC_R_SUCCESS)
++		goto kill_arc4_lock;
++
+ 	result = isc_mutex_init(&mgr->pool_lock);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto kill_buffer_lock;
+@@ -1147,6 +1277,8 @@
+ 	if (entropy != NULL)
+ 		isc_entropy_attach(entropy, &mgr->entropy);
+ 
++	dispatch_arc4init(&mgr->arc4ctx);
++
+ 	*mgrp = mgr;
+ 	return (ISC_R_SUCCESS);
+ 
+@@ -1158,6 +1290,8 @@
+ 	DESTROYLOCK(&mgr->pool_lock);
+  kill_buffer_lock:
+ 	DESTROYLOCK(&mgr->buffer_lock);
++ kill_arc4_lock:
++	DESTROYLOCK(&mgr->arc4_lock);
+  kill_lock:
+ 	DESTROYLOCK(&mgr->lock);
+  deallocate:
+@@ -1244,7 +1378,7 @@
+ 	isc_mempool_setmaxalloc(mgr->bpool, maxbuffers);
+ 	isc_mempool_associatelock(mgr->bpool, &mgr->pool_lock);
+ 
+-	result = qid_allocate(mgr, buckets, increment, ISC_TRUE, &mgr->qid);
++	result = qid_allocate(mgr, buckets, increment, &mgr->qid);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto cleanup;
+ 
+@@ -1283,20 +1417,27 @@
+ }
+ 
+ static isc_boolean_t
+-blacklisted(dns_dispatchmgr_t *mgr, isc_socket_t *sock) {
++blacklisted(dns_dispatchmgr_t *mgr, isc_socket_t *sock,
++	    isc_sockaddr_t *sockaddrp)
++{
+ 	isc_sockaddr_t sockaddr;
+ 	isc_result_t result;
+ 
++	REQUIRE(sock != NULL || sockaddrp != NULL);
++
+ 	if (mgr->portlist == NULL)
+ 		return (ISC_FALSE);
+ 
+-	result = isc_socket_getsockname(sock, &sockaddr);
+-	if (result != ISC_R_SUCCESS)
+-		return (ISC_FALSE);
++	if (sock != NULL) {
++		sockaddrp = &sockaddr;
++		result = isc_socket_getsockname(sock, sockaddrp);
++		if (result != ISC_R_SUCCESS)
++			return (ISC_FALSE);
++	}
+ 
+ 	if (mgr->portlist != NULL &&
+-	    dns_portlist_match(mgr->portlist, isc_sockaddr_pf(&sockaddr),
+-			       isc_sockaddr_getport(&sockaddr)))
++	    dns_portlist_match(mgr->portlist, isc_sockaddr_pf(sockaddrp),
++			       isc_sockaddr_getport(sockaddrp)))
+ 		return (ISC_TRUE);
+ 	return (ISC_FALSE);
+ }
+@@ -1317,7 +1458,7 @@
+ 	if (disp->mgr->portlist != NULL &&
+ 	    isc_sockaddr_getport(addr) == 0 &&
+ 	    isc_sockaddr_getport(&disp->local) == 0 &&
+-	    blacklisted(disp->mgr, disp->socket))
++	    blacklisted(disp->mgr, disp->socket, NULL))
+ 		return (ISC_FALSE);
+ 
+ 	/*
+@@ -1390,7 +1531,7 @@
+ 
+ static isc_result_t
+ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
+-	     unsigned int increment, isc_boolean_t usepool, dns_qid_t **qidp)
++	     unsigned int increment, dns_qid_t **qidp)
+ {
+ 	dns_qid_t *qid;
+ 	unsigned int i;
+@@ -1411,16 +1552,8 @@
+ 		return (ISC_R_NOMEMORY);
+ 	}
+ 
+-	if (nsid_init(mgr->mctx, &qid->nsid, usepool) != ISC_R_SUCCESS) {
+-		isc_mem_put(mgr->mctx, qid->qid_table,
+-			    buckets * sizeof(dns_displist_t));
+-		isc_mem_put(mgr->mctx, qid, sizeof(*qid));
+-		return (ISC_R_NOMEMORY);
+-	}
+-
+ 	if (isc_mutex_init(&qid->lock) != ISC_R_SUCCESS) {
+ 		UNEXPECTED_ERROR(__FILE__, __LINE__, "isc_mutex_init failed");
+-		nsid_destroy(mgr->mctx, &qid->nsid);
+ 		isc_mem_put(mgr->mctx, qid->qid_table,
+ 			    buckets * sizeof(dns_displist_t));
+ 		isc_mem_put(mgr->mctx, qid, sizeof(*qid));
+@@ -1448,7 +1581,6 @@
+ 
+ 	*qidp = NULL;
+ 	qid->magic = 0;
+-	nsid_destroy(mctx, &qid->nsid);
+ 	isc_mem_put(mctx, qid->qid_table,
+ 		    qid->qid_nbuckets * sizeof(dns_displist_t));
+ 	DESTROYLOCK(&qid->lock);
+@@ -1485,6 +1617,7 @@
+ 	disp->refcount = 1;
+ 	disp->recv_pending = 0;
+ 	memset(&disp->local, 0, sizeof(disp->local));
++	disp->localport = 0;
+ 	disp->shutting_down = 0;
+ 	disp->shutdown_out = 0;
+ 	disp->connected = 0;
+@@ -1592,7 +1725,7 @@
+ 		return (result);
+ 	}
+ 
+-	result = qid_allocate(mgr, buckets, increment, ISC_FALSE, &disp->qid);
++	result = qid_allocate(mgr, buckets, increment, &disp->qid);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto deallocate_dispatch;
+ 
+@@ -1657,7 +1790,7 @@
+ 		    dns_dispatch_t **dispp)
+ {
+ 	isc_result_t result;
+-	dns_dispatch_t *disp;
++	dns_dispatch_t *disp = NULL;
+ 
+ 	REQUIRE(VALID_DISPATCHMGR(mgr));
+ 	REQUIRE(sockmgr != NULL);
+@@ -1677,6 +1810,11 @@
+ 
+ 	LOCK(&mgr->lock);
+ 
++	if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) != 0) {
++		REQUIRE(isc_sockaddr_getport(localaddr) == 0);
++		goto createudp;
++	}
++
+ 	/*
+ 	 * First, see if we have a dispatcher that matches.
+ 	 */
+@@ -1705,6 +1843,7 @@
+ 		return (ISC_R_SUCCESS);
+ 	}
+ 
++ createudp:
+ 	/*
+ 	 * Nope, create one.
+ 	 */
+@@ -1740,7 +1879,9 @@
+ 	dns_dispatch_t *disp;
+ 	isc_socket_t *sock = NULL;
+ 	isc_socket_t *held[DNS_DISPATCH_HELD];
+-	unsigned int i = 0, j = 0;
++	unsigned int i = 0, j = 0, k = 0;
++	isc_sockaddr_t localaddr_bound;
++	in_port_t localport = 0;
+ 
+ 	/*
+ 	 * dispatch_allocate() checks mgr for us.
+@@ -1756,11 +1897,34 @@
+ 	 * from returning the same port to us too quickly.
+ 	 */
+ 	memset(held, 0, sizeof(held));
++	localaddr_bound = *localaddr;
+  getsocket:
+-	result = create_socket(sockmgr, localaddr, &sock);
++	if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) != 0) {
++		in_port_t prt;
++
++		/* XXX: should the range be configurable? */
++		prt = 1024 + dispatch_arc4uniformrandom(mgr, 65535 - 1023);
++		isc_sockaddr_setport(&localaddr_bound, prt);
++		if (blacklisted(mgr, NULL, &localaddr_bound)) {
++			if (++k == 1024)
++				attributes &= ~DNS_DISPATCHATTR_RANDOMPORT;
++			goto getsocket;
++		}
++		result = create_socket(sockmgr, &localaddr_bound, &sock);
++		if (result == ISC_R_ADDRINUSE) {
++			if (++k == 1024)
++				attributes &= ~DNS_DISPATCHATTR_RANDOMPORT;
++			goto getsocket;
++		}
++		localport = prt;
++	} else
++		result = create_socket(sockmgr, localaddr, &sock);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto deallocate_dispatch;
+-	if (isc_sockaddr_getport(localaddr) == 0 && blacklisted(mgr, sock)) {
++	if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) == 0 &&
++	    isc_sockaddr_getport(localaddr) == 0 &&
++	    blacklisted(mgr, sock, NULL))
++	{
+ 		if (held[i] != NULL)
+ 			isc_socket_detach(&held[i]);
+ 		held[i++] = sock;
+@@ -1781,6 +1945,7 @@
+ 	disp->socktype = isc_sockettype_udp;
+ 	disp->socket = sock;
+ 	disp->local = *localaddr;
++	disp->localport = localport;
+ 
+ 	disp->task = NULL;
+ 	result = isc_task_create(taskmgr, 0, &disp->task);
+@@ -1911,19 +2076,20 @@
+ 	/*
+ 	 * Try somewhat hard to find an unique ID.
+ 	 */
++	id = (dns_messageid_t)dispatch_arc4random(disp->mgr);
+ 	qid = DNS_QID(disp);
+ 	LOCK(&qid->lock);
+-	id = dns_randomid(&qid->nsid);
+-	bucket = dns_hash(qid, dest, id);
++	bucket = dns_hash(qid, dest, id, disp->localport);
+ 	ok = ISC_FALSE;
+ 	for (i = 0; i < 64; i++) {
+-		if (bucket_search(qid, dest, id, bucket) == NULL) {
++		if (bucket_search(qid, dest, id, disp->localport, bucket) ==
++		    NULL) {
+ 			ok = ISC_TRUE;
+ 			break;
+ 		}
+ 		id += qid->qid_increment;
+ 		id &= 0x0000ffff;
+-		bucket = dns_hash(qid, dest, id);
++		bucket = dns_hash(qid, dest, id, disp->localport);
+ 	}
+ 
+ 	if (!ok) {
+@@ -1945,6 +2111,7 @@
+ 	isc_task_attach(task, &res->task);
+ 	res->disp = disp;
+ 	res->id = id;
++	res->port = disp->localport;
+ 	res->bucket = bucket;
+ 	res->host = *dest;
+ 	res->action = action;
+@@ -2256,409 +2423,3 @@
+ 	}
+ }
+ #endif
+-
+-/*
+- * Allow the user to pick one of two ID randomization algorithms.
+- *
+- * The first algorithm is an adaptation of the sequence shuffling
+- * algorithm discovered by Carter Bays and S. D. Durham [ACM Trans. Math.
+- * Software 2 (1976), 59-64], as documented as Algorithm B in Chapter
+- * 3.2.2 in Volume 2 of Knuth's "The Art of Computer Programming".  We use
+- * a randomly selected linear congruential random number generator with a
+- * modulus of 2^16, whose increment is a randomly picked odd number, and
+- * whose multiplier is picked from a set which meets the following
+- * criteria:
+- *     Is of the form 8*n+5, which ensures "high potency" according to
+- *     principle iii in the summary chapter 3.6.  This form also has a
+- *     gcd(a-1,m) of 4 which is good according to principle iv.
+- *
+- *     Is between 0.01 and 0.99 times the modulus as specified by
+- *     principle iv.
+- *
+- *     Passes the spectral test "with flying colors" (ut >= 1) in
+- *     dimensions 2 through 6 as calculated by Algorithm S in Chapter
+- *     3.3.4 and the ratings calculated by formula 35 in section E.
+- *
+- *     Of the multipliers that pass this test, pick the set that is
+- *     best according to the theoretical bounds of the serial
+- *     correlation test.  This was calculated using a simplified
+- *     version of Knuth's Theorem K in Chapter 3.3.3.
+- *
+- * These criteria may not be important for this use, but we might as well
+- * pick from the best generators since there are so many possible ones and
+- * we don't have that many random bits to do the picking.
+- *
+- * We use a modulus of 2^16 instead of something bigger so that we will
+- * tend to cycle through all the possible IDs before repeating any,
+- * however the shuffling will perturb this somewhat.  Theoretically there
+- * is no minimimum interval between two uses of the same ID, but in
+- * practice it seems to be >64000.
+- *
+- * Our adaptatation  of Algorithm B mixes the hash state which has
+- * captured various random events into the shuffler to perturb the
+- * sequence.
+- *
+- * One disadvantage of this algorithm is that if the generator parameters
+- * were to be guessed, it would be possible to mount a limited brute force
+- * attack on the ID space since the IDs are only shuffled within a limited
+- * range.
+- *
+- * The second algorithm uses the same random number generator to populate
+- * a pool of 65536 IDs.  The hash state is used to pick an ID from a window
+- * of 4096 IDs in this pool, then the chosen ID is swapped with the ID
+- * at the beginning of the window and the window position is advanced.
+- * This means that the interval between uses of the ID will be no less
+- * than 65536-4096.  The ID sequence in the pool will become more random
+- * over time.
+- *
+- * For both algorithms, two more linear congruential random number generators
+- * are selected.  The ID from the first part of algorithm is used to seed
+- * the first of these generators, and its output is used to seed the second.
+- * The strategy is use these generators as 1 to 1 hashes to obfuscate the
+- * properties of the generator used in the first part of either algorithm.
+- *
+- * The first algorithm may be suitable for use in a client resolver since
+- * its memory requirements are fairly low and it's pretty random out of
+- * the box.  It is somewhat succeptible to a limited brute force attack,
+- * so the second algorithm is probably preferable for a longer running
+- * program that issues a large number of queries and has time to randomize
+- * the pool.
+- */
+-
+-#define NSID_SHUFFLE_TABLE_SIZE 100 /* Suggested by Knuth */
+-/*
+- * Pick one of the next 4096 IDs in the pool.
+- * There is a tradeoff here between randomness and how often and ID is reused.
+- */
+-#define NSID_LOOKAHEAD 4096     /* Must be a power of 2 */
+-#define NSID_SHUFFLE_ONLY 1     /* algorithm 1 */
+-#define NSID_USE_POOL 2         /* algorithm 2 */
+-#define NSID_HASHSHIFT       3
+-#define NSID_HASHROTATE(v) \
+-        (((v) << NSID_HASHSHIFT) | ((v) >> ((sizeof(v) * 8) - NSID_HASHSHIFT)))
+-
+-static isc_uint32_t	nsid_hash_state;
+-
+-/*
+- * Keep a running hash of various bits of data that we'll use to
+- * stir the ID pool or perturb the ID generator
+- */
+-static void
+-nsid_hash(void *data, size_t len) {
+-	unsigned char *p = data;
+-	/*
+-	 * Hash function similar to the one we use for hashing names.
+-	 * We don't fold case or toss the upper bit here, though.
+-	 * This hash doesn't do much interesting when fed binary zeros,
+-	 * so there may be a better hash function.
+-	 * This function doesn't need to be very strong since we're
+-	 * only using it to stir the pool, but it should be reasonably
+-	 * fast.
+-	 */
+-	/*
+-	 * We don't care about locking access to nsid_hash_state.
+-	 * In fact races make the result even more non deteministic.
+-	 */
+-	while (len-- > 0U) {
+-		nsid_hash_state = NSID_HASHROTATE(nsid_hash_state);
+-		nsid_hash_state += *p++;
+-	}
+-}
+-
+-/*
+- * Table of good linear congruential multipliers for modulus 2^16
+- * in order of increasing serial correlation bounds (so trim from
+- * the end).
+- */
+-static const isc_uint16_t nsid_multiplier_table[] = {
+-	17565, 25013, 11733, 19877, 23989, 23997, 24997, 25421,
+-	26781, 27413, 35901, 35917, 35973, 36229, 38317, 38437,
+-	39941, 40493, 41853, 46317, 50581, 51429, 53453, 53805,
+-	11317, 11789, 12045, 12413, 14277, 14821, 14917, 18989,
+-	19821, 23005, 23533, 23573, 23693, 27549, 27709, 28461,
+-	29365, 35605, 37693, 37757, 38309, 41285, 45261, 47061,
+-	47269, 48133, 48597, 50277, 50717, 50757, 50805, 51341,
+-	51413, 51581, 51597, 53445, 11493, 14229, 20365, 20653,
+-	23485, 25541, 27429, 29421, 30173, 35445, 35653, 36789,
+-	36797, 37109, 37157, 37669, 38661, 39773, 40397, 41837,
+-	41877, 45293, 47277, 47845, 49853, 51085, 51349, 54085,
+-	56933,  8877,  8973,  9885, 11365, 11813, 13581, 13589,
+-	13613, 14109, 14317, 15765, 15789, 16925, 17069, 17205,
+-	17621, 17941, 19077, 19381, 20245, 22845, 23733, 24869,
+-	25453, 27213, 28381, 28965, 29245, 29997, 30733, 30901,
+-	34877, 35485, 35613, 36133, 36661, 36917, 38597, 40285,
+-	40693, 41413, 41541, 41637, 42053, 42349, 45245, 45469,
+-	46493, 48205, 48613, 50861, 51861, 52877, 53933, 54397,
+-	55669, 56453, 56965, 58021,  7757,  7781,  8333,  9661,
+-	12229, 14373, 14453, 17549, 18141, 19085, 20773, 23701,
+-	24205, 24333, 25261, 25317, 27181, 30117, 30477, 34757,
+-	34885, 35565, 35885, 36541, 37957, 39733, 39813, 41157,
+-	41893, 42317, 46621, 48117, 48181, 49525, 55261, 55389,
+-	56845,  7045,  7749,  7965,  8469,  9133,  9549,  9789,
+-	10173, 11181, 11285, 12253, 13453, 13533, 13757, 14477,
+-	15053, 16901, 17213, 17269, 17525, 17629, 18605, 19013,
+-	19829, 19933, 20069, 20093, 23261, 23333, 24949, 25309,
+-	27613, 28453, 28709, 29301, 29541, 34165, 34413, 37301,
+-	37773, 38045, 38405, 41077, 41781, 41925, 42717, 44437,
+-	44525, 44613, 45933, 45941, 47077, 50077, 50893, 52117,
+-	 5293, 55069, 55989, 58125, 59205,  6869, 14685, 15453,
+-	16821, 17045, 17613, 18437, 21029, 22773, 22909, 25445,
+-	25757, 26541, 30709, 30909, 31093, 31149, 37069, 37725,
+-	37925, 38949, 39637, 39701, 40765, 40861, 42965, 44813,
+-	45077, 45733, 47045, 50093, 52861, 52957, 54181, 56325,
+-	56365, 56381, 56877, 57013,  5741, 58101, 58669,  8613,
+-	10045, 10261, 10653, 10733, 11461, 12261, 14069, 15877,
+-	17757, 21165, 23885, 24701, 26429, 26645, 27925, 28765,
+-	29197, 30189, 31293, 39781, 39909, 40365, 41229, 41453,
+-	41653, 42165, 42365, 47421, 48029, 48085, 52773,  5573,
+-	57037, 57637, 58341, 58357, 58901,  6357,  7789,  9093,
+-	10125, 10709, 10765, 11957, 12469, 13437, 13509, 14773,
+-	15437, 15773, 17813, 18829, 19565, 20237, 23461, 23685,
+-	23725, 23941, 24877, 25461, 26405, 29509, 30285, 35181,
+-	37229, 37893, 38565, 40293, 44189, 44581, 45701, 47381,
+-	47589, 48557,  4941, 51069,  5165, 52797, 53149,  5341,
+-	56301, 56765, 58581, 59493, 59677,  6085,  6349,  8293,
+-	 8501,  8517, 11597, 11709, 12589, 12693, 13517, 14909,
+-	17397, 18085, 21101, 21269, 22717, 25237, 25661, 29189,
+-	30101, 31397, 33933, 34213, 34661, 35533, 36493, 37309,
+-	40037,  4189, 42909, 44309, 44357, 44389,  4541, 45461,
+-	46445, 48237, 54149, 55301, 55853, 56621, 56717, 56901,
+-	 5813, 58437, 12493, 15365, 15989, 17829, 18229, 19341,
+-	21013, 21357, 22925, 24885, 26053, 27581, 28221, 28485,
+-	30605, 30613, 30789, 35437, 36285, 37189,  3941, 41797,
+-	 4269, 42901, 43293, 44645, 45221, 46893,  4893, 50301,
+-	50325,  5189, 52109, 53517, 54053, 54485,  5525, 55949,
+-	56973, 59069, 59421, 60733, 61253,  6421,  6701,  6709,
+-	 7101,  8669, 15797, 19221, 19837, 20133, 20957, 21293,
+-	21461, 22461, 29085, 29861, 30869, 34973, 36469, 37565,
+-	38125, 38829, 39469, 40061, 40117, 44093, 47429, 48341,
+-	50597, 51757,  5541, 57629, 58405, 59621, 59693, 59701,
+-	61837,  7061, 10421, 11949, 15405, 20861, 25397, 25509,
+-	25893, 26037, 28629, 28869, 29605, 30213, 34205, 35637,
+-	36365, 37285,  3773, 39117,  4021, 41061, 42653, 44509,
+-	 4461, 44829,  4725,  5125, 52269, 56469, 59085,  5917,
+-	60973,  8349, 17725, 18637, 19773, 20293, 21453, 22533,
+-	24285, 26333, 26997, 31501, 34541, 34805, 37509, 38477,
+-	41333, 44125, 46285, 46997, 47637, 48173,  4925, 50253,
+-	50381, 50917, 51205, 51325, 52165, 52229,  5253,  5269,
+-	53509, 56253, 56341,  5821, 58373, 60301, 61653, 61973,
+-	62373,  8397, 11981, 14341, 14509, 15077, 22261, 22429,
+-	24261, 28165, 28685, 30661, 34021, 34445, 39149,  3917,
+-	43013, 43317, 44053, 44101,  4533, 49541, 49981,  5277,
+-	54477, 56357, 57261, 57765, 58573, 59061, 60197, 61197,
+-	62189,  7725,  8477,  9565, 10229, 11437, 14613, 14709,
+-	16813, 20029, 20677, 31445,  3165, 31957,  3229, 33541,
+-	36645,  3805, 38973,  3965,  4029, 44293, 44557, 46245,
+-	48917,  4909, 51749, 53709, 55733, 56445,  5925,  6093,
+-	61053, 62637,  8661,  9109, 10821, 11389, 13813, 14325,
+-	15501, 16149, 18845, 22669, 26437, 29869, 31837, 33709,
+-	33973, 34173,  3677,  3877,  3981, 39885, 42117,  4421,
+-	44221, 44245, 44693, 46157, 47309,  5005, 51461, 52037,
+-	55333, 55693, 56277, 58949,  6205, 62141, 62469,  6293,
+-	10101, 12509, 14029, 17997, 20469, 21149, 25221, 27109,
+-	 2773,  2877, 29405, 31493, 31645,  4077, 42005, 42077,
+-	42469, 42501, 44013, 48653, 49349,  4997, 50101, 55405,
+-	56957, 58037, 59429, 60749, 61797, 62381, 62837,  6605,
+-	10541, 23981, 24533,  2701, 27333, 27341, 31197, 33805,
+-	 3621, 37381,  3749,  3829, 38533, 42613, 44381, 45901,
+-	48517, 51269, 57725, 59461, 60045, 62029, 13805, 14013,
+-	15461, 16069, 16157, 18573,  2309, 23501, 28645,  3077,
+-	31541, 36357, 36877,  3789, 39429, 39805, 47685, 47949,
+-	49413,  5485, 56757, 57549, 57805, 58317, 59549, 62213,
+-	62613, 62853, 62933,  8909, 12941, 16677, 20333, 21541,
+-	24429, 26077, 26421,  2885, 31269, 33381,  3661, 40925,
+-	42925, 45173,  4525,  4709, 53133, 55941, 57413, 57797,
+-	62125, 62237, 62733,  6773, 12317, 13197, 16533, 16933,
+-	18245,  2213,  2477, 29757, 33293, 35517, 40133, 40749,
+-	 4661, 49941, 62757,  7853,  8149,  8573, 11029, 13421,
+-	21549, 22709, 22725, 24629,  2469, 26125,  2669, 34253,
+-	36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013,
+-	60997, 61189, 61981, 62605, 62821,  7077,  7525,  8781,
+-	10861, 15277,  2205, 22077, 28517, 28949, 32109, 33493,
+-	 4661, 49941, 62757,  7853,  8149,  8573, 11029, 13421,
+-	21549, 22709, 22725, 24629,  2469, 26125,  2669, 34253,
+-	36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013,
+-	60997, 61189, 61981, 62605, 62821,  7077,  7525,  8781,
+-	10861, 15277,  2205, 22077, 28517, 28949, 32109, 33493,
+-	 3685, 39197, 39869, 42621, 44997, 48565,  5221, 57381,
+-	61749, 62317, 63245, 63381, 23149,  2549, 28661, 31653,
+-	33885, 36341, 37053, 39517, 42805, 45853, 48997, 59349,
+-	60053, 62509, 63069,  6525,  1893, 20181,  2365, 24893,
+-	27397, 31357, 32277, 33357, 34437, 36677, 37661, 43469,
+-	43917, 50997, 53869,  5653, 13221, 16741, 17893,  2157,
+-	28653, 31789, 35301, 35821, 61613, 62245, 12405, 14517,
+-	17453, 18421,  3149,  3205, 40341,  4109, 43941, 46869,
+-	48837, 50621, 57405, 60509, 62877,  8157, 12933, 12957,
+-	16501, 19533,  3461, 36829, 52357, 58189, 58293, 63053,
+-	17109,  1933, 32157, 37701, 59005, 61621, 13029, 15085,
+-	16493, 32317, 35093,  5061, 51557, 62221, 20765, 24613,
+-	 2629, 30861, 33197, 33749, 35365, 37933, 40317, 48045,
+-	56229, 61157, 63797,  7917, 17965,  1917,  1973, 20301,
+-	 2253, 33157, 58629, 59861, 61085, 63909,  8141,  9221,
+-	14757,  1581, 21637, 26557, 33869, 34285, 35733, 40933,
+-	42517, 43501, 53653, 61885, 63805,  7141, 21653, 54973,
+-	31189, 60061, 60341, 63357, 16045,  2053, 26069, 33997,
+-	43901, 54565, 63837,  8949, 17909, 18693, 32349, 33125,
+-	37293, 48821, 49053, 51309, 64037,  7117,  1445, 20405,
+-	23085, 26269, 26293, 27349, 32381, 33141, 34525, 36461,
+-	37581, 43525,  4357, 43877,  5069, 55197, 63965,  9845,
+-	12093,  2197,  2229, 32165, 33469, 40981, 42397,  8749,
+-	10853,  1453, 18069, 21693, 30573, 36261, 37421, 42533
+-};
+-
+-#define NSID_MULT_TABLE_SIZE \
+-        ((sizeof nsid_multiplier_table)/(sizeof nsid_multiplier_table[0]))
+-#define NSID_RANGE_MASK (NSID_LOOKAHEAD - 1)
+-#define NSID_POOL_MASK 0xFFFF /* used to wrap the pool index */
+-#define NSID_SHUFFLE_ONLY 1
+-#define NSID_USE_POOL 2
+-
+-static isc_uint16_t
+-nsid_next(dns_nsid_t *nsid) {
+-        isc_uint16_t id, compressed_hash;
+-	isc_uint16_t j;
+-
+-        compressed_hash = ((nsid_hash_state >> 16) ^
+-			   (nsid_hash_state)) & 0xFFFF;
+-
+-	if (nsid->nsid_usepool) {
+-	        isc_uint16_t pick;
+-
+-                pick = compressed_hash & NSID_RANGE_MASK;
+-		pick = (nsid->nsid_state + pick) & NSID_POOL_MASK;
+-                id = nsid->nsid_pool[pick];
+-                if (pick != 0) {
+-                        /* Swap two IDs to stir the pool */
+-                        nsid->nsid_pool[pick] =
+-                                nsid->nsid_pool[nsid->nsid_state];
+-                        nsid->nsid_pool[nsid->nsid_state] = id;
+-                }
+-
+-                /* increment the base pointer into the pool */
+-                if (nsid->nsid_state == 65535)
+-                        nsid->nsid_state = 0;
+-                else
+-                        nsid->nsid_state++;
+-	} else {
+-		/*
+-		 * This is the original Algorithm B
+-		 * j = ((u_long) NSID_SHUFFLE_TABLE_SIZE * nsid_state2) >> 16;
+-		 *
+-		 * We'll perturb it with some random stuff  ...
+-		 */
+-		j = ((isc_uint32_t) NSID_SHUFFLE_TABLE_SIZE *
+-		     (nsid->nsid_state2 ^ compressed_hash)) >> 16;
+-		nsid->nsid_state2 = id = nsid->nsid_vtable[j];
+-		nsid->nsid_state = (((isc_uint32_t) nsid->nsid_a1 * nsid->nsid_state) +
+-				      nsid->nsid_c1) & 0xFFFF;
+-		nsid->nsid_vtable[j] = nsid->nsid_state;
+-	}
+-
+-        /* Now lets obfuscate ... */
+-        id = (((isc_uint32_t) nsid->nsid_a2 * id) + nsid->nsid_c2) & 0xFFFF;
+-        id = (((isc_uint32_t) nsid->nsid_a3 * id) + nsid->nsid_c3) & 0xFFFF;
+-
+-        return (id);
+-}
+-
+-static isc_result_t
+-nsid_init(isc_mem_t *mctx, dns_nsid_t *nsid, isc_boolean_t usepool) {
+-        isc_time_t now;
+-        pid_t mypid;
+-        isc_uint16_t a1ndx, a2ndx, a3ndx, c1ndx, c2ndx, c3ndx;
+-        int i;
+-
+-	isc_time_now(&now);
+-        mypid = getpid();
+-
+-        /* Initialize the state */
+-	memset(nsid, 0, sizeof(*nsid));
+-        nsid_hash(&now, sizeof now);
+-        nsid_hash(&mypid, sizeof mypid);
+-
+-        /*
+-         * Select our random number generators and initial seed.
+-         * We could really use more random bits at this point,
+-         * but we'll try to make a silk purse out of a sows ear ...
+-         */
+-        /* generator 1 */
+-        a1ndx = ((isc_uint32_t) NSID_MULT_TABLE_SIZE *
+-                 (nsid_hash_state & 0xFFFF)) >> 16;
+-        nsid->nsid_a1 = nsid_multiplier_table[a1ndx];
+-        c1ndx = (nsid_hash_state >> 9) & 0x7FFF;
+-        nsid->nsid_c1 = 2 * c1ndx + 1;
+-
+-        /* generator 2, distinct from 1 */
+-        a2ndx = ((isc_uint32_t) (NSID_MULT_TABLE_SIZE - 1) *
+-                 ((nsid_hash_state >> 10) & 0xFFFF)) >> 16;
+-        if (a2ndx >= a1ndx)
+-                a2ndx++;
+-        nsid->nsid_a2 = nsid_multiplier_table[a2ndx];
+-        c2ndx = nsid_hash_state % 32767;
+-        if (c2ndx >= c1ndx)
+-                c2ndx++;
+-        nsid->nsid_c2 = 2*c2ndx + 1;
+-
+-        /* generator 3, distinct from 1 and 2 */
+-        a3ndx = ((isc_uint32_t) (NSID_MULT_TABLE_SIZE - 2) *
+-                 ((nsid_hash_state >> 20) & 0xFFFF)) >> 16;
+-        if (a3ndx >= a1ndx || a3ndx >= a2ndx)
+-                a3ndx++;
+-        if (a3ndx >= a1ndx && a3ndx >= a2ndx)
+-                a3ndx++;
+-        nsid->nsid_a3 = nsid_multiplier_table[a3ndx];
+-        c3ndx = nsid_hash_state % 32766;
+-        if (c3ndx >= c1ndx || c3ndx >= c2ndx)
+-                c3ndx++;
+-        if (c3ndx >= c1ndx && c3ndx >= c2ndx)
+-                c3ndx++;
+-        nsid->nsid_c3 = 2*c3ndx + 1;
+-
+-        nsid->nsid_state =
+-		((nsid_hash_state >> 16) ^ (nsid_hash_state)) & 0xFFFF;
+-
+-	nsid->nsid_usepool = usepool;
+-	if (nsid->nsid_usepool) {
+-                nsid->nsid_pool = isc_mem_get(mctx, 0x10000 * sizeof(isc_uint16_t));
+-		if (nsid->nsid_pool == NULL)
+-			return (ISC_R_NOMEMORY);
+-                for (i = 0; ; i++) {
+-                        nsid->nsid_pool[i] = nsid->nsid_state;
+-                        nsid->nsid_state =
+-				 (((u_long) nsid->nsid_a1 * nsid->nsid_state) +
+-				   nsid->nsid_c1) & 0xFFFF;
+-                        if (i == 0xFFFF)
+-                                break;
+-                }
+-	} else {
+-		nsid->nsid_vtable = isc_mem_get(mctx, NSID_SHUFFLE_TABLE_SIZE *
+-						(sizeof(isc_uint16_t)) );
+-		if (nsid->nsid_vtable == NULL)
+-			return (ISC_R_NOMEMORY);
+-
+-		for (i = 0; i < NSID_SHUFFLE_TABLE_SIZE; i++) {
+-			nsid->nsid_vtable[i] = nsid->nsid_state;
+-			nsid->nsid_state =
+-				   (((isc_uint32_t) nsid->nsid_a1 * nsid->nsid_state) +
+-					 nsid->nsid_c1) & 0xFFFF;
+-		}
+-		nsid->nsid_state2 = nsid->nsid_state;
+-	} 
+-	return (ISC_R_SUCCESS);
+-}
+-
+-static void
+-nsid_destroy(isc_mem_t *mctx, dns_nsid_t *nsid) {
+-	if (nsid->nsid_usepool)
+-		isc_mem_put(mctx, nsid->nsid_pool,
+-			    0x10000 * sizeof(isc_uint16_t));
+-	else
+-		isc_mem_put(mctx, nsid->nsid_vtable,
+-			    NSID_SHUFFLE_TABLE_SIZE * (sizeof(isc_uint16_t)) );
+-	memset(nsid, 0, sizeof(*nsid));
+-}
+-
+-void
+-dns_dispatch_hash(void *data, size_t len) {
+-	nsid_hash(data, len);
+-}
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+RCS file: /usr/ncvs/src/contrib/bind9/lib/dns/resolver.c,v
+retrieving revision 1.1.1.2.2.6
+diff -u -r1.1.1.2.2.6 resolver.c
+--- contrib/bind9/lib/dns/resolver.c	7 Feb 2007 00:42:08 -0000	1.1.1.2.2.6
++++ contrib/bind9/lib/dns/resolver.c	10 Jul 2008 16:07:28 -0000
+@@ -1054,17 +1054,50 @@
+ 		 * A dispatch will be created once the connect succeeds.
+ 		 */
+ 	} else {
++		isc_sockaddr_t localaddr;
++		unsigned int attrs, attrmask;
++		dns_dispatch_t *disp_base;
++
++		attrs = 0;
++		attrs |= DNS_DISPATCHATTR_UDP;
++		attrs |= DNS_DISPATCHATTR_RANDOMPORT;
++
++		attrmask = 0;
++		attrmask |= DNS_DISPATCHATTR_UDP;
++		attrmask |= DNS_DISPATCHATTR_TCP;
++		attrmask |= DNS_DISPATCHATTR_IPV4;
++		attrmask |= DNS_DISPATCHATTR_IPV6;
++
+ 		switch (isc_sockaddr_pf(&addrinfo->sockaddr)) {
+-		case PF_INET:
+-			dns_dispatch_attach(res->dispatchv4, &query->dispatch);
++		case AF_INET:
++			disp_base = res->dispatchv4;
++			attrs |= DNS_DISPATCHATTR_IPV4;
+ 			break;
+-		case PF_INET6:
+-			dns_dispatch_attach(res->dispatchv6, &query->dispatch);
++		case AF_INET6:
++			disp_base = res->dispatchv6;
++			attrs |= DNS_DISPATCHATTR_IPV6;
+ 			break;
+ 		default:
+ 			result = ISC_R_NOTIMPLEMENTED;
+ 			goto cleanup_query;
+ 		}
++
++		result = dns_dispatch_getlocaladdress(disp_base, &localaddr);
++		if (result != ISC_R_SUCCESS)
++			goto cleanup_query;
++		if (isc_sockaddr_getport(&localaddr) == 0) {
++			result = dns_dispatch_getudp(res->dispatchmgr,
++						     res->socketmgr,
++						     res->taskmgr,
++						     &localaddr,
++						     4096, 1000, 32768,
++						     16411, 16433,
++						     attrs, attrmask,
++						     &query->dispatch);
++			if (result != ISC_R_SUCCESS)
++				goto cleanup_query;
++		} else
++			dns_dispatch_attach(disp_base, &query->dispatch);
+ 		/*
+ 		 * We should always have a valid dispatcher here.  If we
+ 		 * don't support a protocol family, then its dispatcher
+Index: contrib/bind9/lib/dns/include/dns/dispatch.h
+===================================================================
+RCS file: /usr/ncvs/src/contrib/bind9/lib/dns/include/dns/dispatch.h,v
+retrieving revision 1.1.1.1.4.1
+diff -u -r1.1.1.1.4.1 dispatch.h
+--- contrib/bind9/lib/dns/include/dns/dispatch.h	25 Jul 2007 08:23:07 -0000	1.1.1.1.4.1
++++ contrib/bind9/lib/dns/include/dns/dispatch.h	10 Jul 2008 16:07:28 -0000
+@@ -112,6 +112,9 @@
+  * _MAKEQUERY
+  *	The dispatcher can be used to issue queries to other servers, and
+  *	accept replies from them.
++ *
++ * _RANDOMPORT
++ *	Allocate UDP port randomly.
+  */
+ #define DNS_DISPATCHATTR_PRIVATE	0x00000001U
+ #define DNS_DISPATCHATTR_TCP		0x00000002U
+@@ -121,6 +124,7 @@
+ #define DNS_DISPATCHATTR_NOLISTEN	0x00000020U
+ #define DNS_DISPATCHATTR_MAKEQUERY	0x00000040U
+ #define DNS_DISPATCHATTR_CONNECTED	0x00000080U
++#define DNS_DISPATCHATTR_RANDOMPORT	0x00000100U
+ 
+ isc_result_t
+ dns_dispatchmgr_create(isc_mem_t *mctx, isc_entropy_t *entropy,
+@@ -437,13 +441,6 @@
+  * 	event != NULL
+  */
+ 
+-void
+-dns_dispatch_hash(void *data, size_t len);
+-/*%<
+- * Feed 'data' to the dispatch query id generator where 'len' is the size
+- * of 'data'.
+- */
+-
+ ISC_LANG_ENDDECLS
+ 
+ #endif /* DNS_DISPATCH_H */
diff --git a/share/security/patches/SA-08:06/bind63.patch.asc b/share/security/patches/SA-08:06/bind63.patch.asc
new file mode 100644
index 0000000000..f23c4580d8
--- /dev/null
+++ b/share/security/patches/SA-08:06/bind63.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkh6UnUACgkQFdaIBMps37JWYwCeL/4wvUEW7NYziq4oSkwipBzZ
+X8oAn36hHi79wPjDCRtrek7Zb0VlBIZR
+=JSzN
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:06/bind7.patch b/share/security/patches/SA-08:06/bind7.patch
new file mode 100644
index 0000000000..ff9ce970c3
--- /dev/null
+++ b/share/security/patches/SA-08:06/bind7.patch
@@ -0,0 +1,1208 @@
+Index: contrib/bind9/lib/dns/dispatch.c
+===================================================================
+--- contrib/bind9/lib/dns/dispatch.c	(revision 180402)
++++ contrib/bind9/lib/dns/dispatch.c	(working copy)
+@@ -29,6 +29,7 @@
+ #include <isc/mem.h>
+ #include <isc/mutex.h>
+ #include <isc/print.h>
++#include <isc/random.h>
+ #include <isc/string.h>
+ #include <isc/task.h>
+ #include <isc/time.h>
+@@ -45,25 +46,22 @@
+ 
+ typedef ISC_LIST(dns_dispentry_t)	dns_displist_t;
+ 
+-typedef struct dns_nsid {
+-	isc_uint16_t	nsid_state;
+-	isc_uint16_t	*nsid_vtable;
+-	isc_uint16_t	*nsid_pool;
+-	isc_uint16_t	nsid_a1, nsid_a2, nsid_a3;
+-	isc_uint16_t	nsid_c1, nsid_c2, nsid_c3;
+-	isc_uint16_t	nsid_state2;
+-	isc_boolean_t	nsid_usepool;
+-} dns_nsid_t;
+-
+ typedef struct dns_qid {
+ 	unsigned int	magic;
+ 	unsigned int	qid_nbuckets;	/*%< hash table size */
+ 	unsigned int	qid_increment;	/*%< id increment on collision */
+ 	isc_mutex_t	lock;
+-	dns_nsid_t      nsid;
+ 	dns_displist_t	*qid_table;	/*%< the table itself */
+ } dns_qid_t;
+ 
++/* ARC4 Random generator state */
++typedef struct arc4ctx {
++	isc_uint8_t	i;
++	isc_uint8_t	j;
++	isc_uint8_t	s[256];
++	int		count;
++} arc4ctx_t;
++
+ struct dns_dispatchmgr {
+ 	/* Unlocked. */
+ 	unsigned int			magic;
+@@ -76,6 +74,10 @@
+ 	unsigned int			state;
+ 	ISC_LIST(dns_dispatch_t)	list;
+ 
++	/* Locked by arc4_lock. */
++	isc_mutex_t			arc4_lock;
++	arc4ctx_t			arc4ctx;    /*%< ARC4 context for QID */
++
+ 	/* locked by buffer lock */
+ 	dns_qid_t			*qid;
+ 	isc_mutex_t			buffer_lock;
+@@ -102,6 +104,7 @@
+ 	unsigned int			magic;
+ 	dns_dispatch_t		       *disp;
+ 	dns_messageid_t			id;
++	in_port_t			port;
+ 	unsigned int			bucket;
+ 	isc_sockaddr_t			host;
+ 	isc_task_t		       *task;
+@@ -121,6 +124,7 @@
+ 	isc_task_t	       *task;		/*%< internal task */
+ 	isc_socket_t	       *socket;		/*%< isc socket attached to */
+ 	isc_sockaddr_t		local;		/*%< local address */
++	in_port_t		localport;	/*%< local UDP port */
+ 	unsigned int		maxrequests;	/*%< max requests */
+ 	isc_event_t	       *ctlevent;
+ 
+@@ -163,14 +167,14 @@
+  * Statics.
+  */
+ static dns_dispentry_t *bucket_search(dns_qid_t *, isc_sockaddr_t *,
+-				      dns_messageid_t, unsigned int);
++				      dns_messageid_t, in_port_t, unsigned int);
+ static isc_boolean_t destroy_disp_ok(dns_dispatch_t *);
+ static void destroy_disp(isc_task_t *task, isc_event_t *event);
+ static void udp_recv(isc_task_t *, isc_event_t *);
+ static void tcp_recv(isc_task_t *, isc_event_t *);
+ static void startrecv(dns_dispatch_t *);
+-static dns_messageid_t dns_randomid(dns_nsid_t *);
+-static isc_uint32_t dns_hash(dns_qid_t *, isc_sockaddr_t *, dns_messageid_t);
++static isc_uint32_t dns_hash(dns_qid_t *, isc_sockaddr_t *, dns_messageid_t,
++			     in_port_t);
+ static void free_buffer(dns_dispatch_t *disp, void *buf, unsigned int len);
+ static void *allocate_udp_buffer(dns_dispatch_t *disp);
+ static inline void free_event(dns_dispatch_t *disp, dns_dispatchevent_t *ev);
+@@ -190,12 +194,8 @@
+ static isc_boolean_t destroy_mgr_ok(dns_dispatchmgr_t *mgr);
+ static void destroy_mgr(dns_dispatchmgr_t **mgrp);
+ static isc_result_t qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
+-				 unsigned int increment, isc_boolean_t usepool,
+-				 dns_qid_t **qidp);
++				 unsigned int increment, dns_qid_t **qidp);
+ static void qid_destroy(isc_mem_t *mctx, dns_qid_t **qidp);
+-static isc_uint16_t nsid_next(dns_nsid_t *nsid);
+-static isc_result_t nsid_init(isc_mem_t *mctx, dns_nsid_t *nsid, isc_boolean_t usepool);
+-static void nsid_destroy(isc_mem_t *mctx, dns_nsid_t *nsid);
+ 
+ #define LVL(x) ISC_LOG_DEBUG(x)
+ 
+@@ -276,26 +276,152 @@
+ }
+ 
+ /*
+- * Return an unpredictable message ID.
++ * ARC4 random number generator obtained from OpenBSD
+  */
+-static dns_messageid_t
+-dns_randomid(dns_nsid_t *nsid) {
+-	isc_uint32_t id;
++static void
++dispatch_arc4init(arc4ctx_t *actx) {
++	int n;
++	for (n = 0; n < 256; n++)
++		actx->s[n] = n;
++	actx->i = 0;
++	actx->j = 0;
++	actx->count = 0;
++}
+ 
+-	id = nsid_next(nsid);
++static void
++dispatch_arc4addrandom(arc4ctx_t *actx, unsigned char *dat, int datlen) {
++	int n;
++	isc_uint8_t si;
+ 
+-	return ((dns_messageid_t)id);
++	actx->i--;
++	for (n = 0; n < 256; n++) {
++		actx->i = (actx->i + 1);
++		si = actx->s[actx->i];
++		actx->j = (actx->j + si + dat[n % datlen]);
++		actx->s[actx->i] = actx->s[actx->j];
++		actx->s[actx->j] = si;
++	}
++	actx->j = actx->i;
+ }
+ 
++static inline isc_uint8_t
++dispatch_arc4get8(arc4ctx_t *actx) {
++	isc_uint8_t si, sj;
++
++	actx->i = (actx->i + 1);
++	si = actx->s[actx->i];
++	actx->j = (actx->j + si);
++	sj = actx->s[actx->j];
++	actx->s[actx->i] = sj;
++	actx->s[actx->j] = si;
++
++	return (actx->s[(si + sj) & 0xff]);
++}
++
++static inline isc_uint16_t
++dispatch_arc4get16(arc4ctx_t *actx) {
++	isc_uint16_t val;
++
++	val = dispatch_arc4get8(actx) << 8;
++	val |= dispatch_arc4get8(actx);
++
++	return (val);
++}
++
++static void
++dispatch_arc4stir(dns_dispatchmgr_t *mgr) {
++	int i;
++	union {
++		unsigned char rnd[128];
++		isc_uint32_t rnd32[32];
++	} rnd;
++	isc_result_t result;
++
++	if (mgr->entropy != NULL) {
++		/*
++		 * We accept any quality of random data to avoid blocking.
++		 */
++		result = isc_entropy_getdata(mgr->entropy, rnd.rnd,
++					     sizeof(rnd), NULL, 0);
++		RUNTIME_CHECK(result == ISC_R_SUCCESS);
++	} else {
++		for (i = 0; i < 32; i++)
++			isc_random_get(&rnd.rnd32[i]);
++	}
++	dispatch_arc4addrandom(&mgr->arc4ctx, rnd.rnd, sizeof(rnd.rnd));
++
++	/*
++	 * Discard early keystream, as per recommendations in:
++	 * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps
++	 */
++	for (i = 0; i < 256; i++)
++		(void)dispatch_arc4get8(&mgr->arc4ctx);
++
++	/*
++	 * Derived from OpenBSD's implementation.  The rationale is not clear,
++	 * but should be conservative enough in safety, and reasonably large
++	 * for efficiency.
++	 */
++	mgr->arc4ctx.count = 1600000;
++}
++
++static isc_uint16_t
++dispatch_arc4random(dns_dispatchmgr_t *mgr) {
++	isc_uint16_t result;
++
++	LOCK(&mgr->arc4_lock);
++	mgr->arc4ctx.count -= sizeof(isc_uint16_t);
++	if (mgr->arc4ctx.count <= 0)
++		dispatch_arc4stir(mgr);
++	result = dispatch_arc4get16(&mgr->arc4ctx);
++	UNLOCK(&mgr->arc4_lock);
++	return (result);
++}
++
++static isc_uint16_t
++dispatch_arc4uniformrandom(dns_dispatchmgr_t *mgr, isc_uint16_t upper_bound) {
++	isc_uint16_t min, r;
++	/* The caller must hold the manager lock. */
++
++	if (upper_bound < 2)
++		return (0);
++
++	/*
++	 * Ensure the range of random numbers [min, 0xffff] be a multiple of
++	 * upper_bound and contain at least a half of the 16 bit range.
++	 */
++
++	if (upper_bound > 0x8000)
++		min = 1 + ~upper_bound; /* 0x8000 - upper_bound */
++	else
++		min = (isc_uint16_t)(0x10000 % (isc_uint32_t)upper_bound);
++
++	/*
++	 * This could theoretically loop forever but each retry has
++	 * p > 0.5 (worst case, usually far better) of selecting a
++	 * number inside the range we need, so it should rarely need
++	 * to re-roll.
++	 */
++	for (;;) {
++		r = dispatch_arc4random(mgr);
++		if (r >= min)
++			break;
++	}
++
++	return (r % upper_bound);
++}
++
+ /*
+  * Return a hash of the destination and message id.
+  */
+ static isc_uint32_t
+-dns_hash(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id) {
++dns_hash(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id,
++	 in_port_t port)
++{
+ 	unsigned int ret;
+ 
+ 	ret = isc_sockaddr_hash(dest, ISC_TRUE);
+-	ret ^= id;
++	ret ^= (id << 16) | port;
+ 	ret %= qid->qid_nbuckets;
+ 
+ 	INSIST(ret < qid->qid_nbuckets);
+@@ -412,7 +538,7 @@
+  */
+ static dns_dispentry_t *
+ bucket_search(dns_qid_t *qid, isc_sockaddr_t *dest, dns_messageid_t id,
+-	      unsigned int bucket)
++	      in_port_t port, unsigned int bucket)
+ {
+ 	dns_dispentry_t *res;
+ 
+@@ -421,8 +547,10 @@
+ 	res = ISC_LIST_HEAD(qid->qid_table[bucket]);
+ 
+ 	while (res != NULL) {
+-		if ((res->id == id) && isc_sockaddr_equal(dest, &res->host))
++		if ((res->id == id) && isc_sockaddr_equal(dest, &res->host) &&
++		    res->port == port) {
+ 			return (res);
++		}
+ 		res = ISC_LIST_NEXT(res, link);
+ 	}
+ 
+@@ -624,13 +752,10 @@
+ 		goto restart;
+ 	}
+ 
+-	dns_dispatch_hash(&ev->timestamp, sizeof(&ev->timestamp));
+-	dns_dispatch_hash(ev->region.base, ev->region.length);
+-
+ 	/* response */
+-	bucket = dns_hash(qid, &ev->address, id);
++	bucket = dns_hash(qid, &ev->address, id, disp->localport);
+ 	LOCK(&qid->lock);
+-	resp = bucket_search(qid, &ev->address, id, bucket);
++	resp = bucket_search(qid, &ev->address, id, disp->localport, bucket);
+ 	dispatch_log(disp, LVL(90),
+ 		     "search for response in bucket %d: %s",
+ 		     bucket, (resp == NULL ? "not found" : "found"));
+@@ -861,14 +986,13 @@
+ 		goto restart;
+ 	}
+ 
+-	dns_dispatch_hash(tcpmsg->buffer.base, tcpmsg->buffer.length);
+-
+ 	/*
+ 	 * Response.
+ 	 */
+-	bucket = dns_hash(qid, &tcpmsg->address, id);
++	bucket = dns_hash(qid, &tcpmsg->address, id, disp->localport);
+ 	LOCK(&qid->lock);
+-	resp = bucket_search(qid, &tcpmsg->address, id, bucket);
++	resp = bucket_search(qid, &tcpmsg->address, id, disp->localport,
++			     bucket);
+ 	dispatch_log(disp, LVL(90),
+ 		     "search for response in bucket %d: %s",
+ 		     bucket, (resp == NULL ? "not found" : "found"));
+@@ -1020,6 +1144,8 @@
+ 	DESTROYLOCK(&mgr->lock);
+ 	mgr->state = 0;
+ 
++	DESTROYLOCK(&mgr->arc4_lock);
++
+ 	isc_mempool_destroy(&mgr->epool);
+ 	isc_mempool_destroy(&mgr->rpool);
+ 	isc_mempool_destroy(&mgr->dpool);
+@@ -1098,10 +1224,14 @@
+ 	if (result != ISC_R_SUCCESS)
+ 		goto deallocate;
+ 
+-	result = isc_mutex_init(&mgr->buffer_lock);
++	result = isc_mutex_init(&mgr->arc4_lock);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto kill_lock;
+ 
++	result = isc_mutex_init(&mgr->buffer_lock);
++	if (result != ISC_R_SUCCESS)
++		goto kill_arc4_lock;
++
+ 	result = isc_mutex_init(&mgr->pool_lock);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto kill_buffer_lock;
+@@ -1152,6 +1282,8 @@
+ 	if (entropy != NULL)
+ 		isc_entropy_attach(entropy, &mgr->entropy);
+ 
++	dispatch_arc4init(&mgr->arc4ctx);
++
+ 	*mgrp = mgr;
+ 	return (ISC_R_SUCCESS);
+ 
+@@ -1163,6 +1295,8 @@
+ 	DESTROYLOCK(&mgr->pool_lock);
+  kill_buffer_lock:
+ 	DESTROYLOCK(&mgr->buffer_lock);
++ kill_arc4_lock:
++	DESTROYLOCK(&mgr->arc4_lock);
+  kill_lock:
+ 	DESTROYLOCK(&mgr->lock);
+  deallocate:
+@@ -1250,7 +1384,7 @@
+ 	isc_mempool_setmaxalloc(mgr->bpool, maxbuffers);
+ 	isc_mempool_associatelock(mgr->bpool, &mgr->pool_lock);
+ 
+-	result = qid_allocate(mgr, buckets, increment, ISC_TRUE, &mgr->qid);
++	result = qid_allocate(mgr, buckets, increment, &mgr->qid);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto cleanup;
+ 
+@@ -1289,20 +1423,27 @@
+ }
+ 
+ static isc_boolean_t
+-blacklisted(dns_dispatchmgr_t *mgr, isc_socket_t *sock) {
++blacklisted(dns_dispatchmgr_t *mgr, isc_socket_t *sock,
++	    isc_sockaddr_t *sockaddrp)
++{
+ 	isc_sockaddr_t sockaddr;
+ 	isc_result_t result;
+ 
++	REQUIRE(sock != NULL || sockaddrp != NULL);
++
+ 	if (mgr->portlist == NULL)
+ 		return (ISC_FALSE);
+ 
+-	result = isc_socket_getsockname(sock, &sockaddr);
+-	if (result != ISC_R_SUCCESS)
+-		return (ISC_FALSE);
++	if (sock != NULL) {
++		sockaddrp = &sockaddr;
++		result = isc_socket_getsockname(sock, sockaddrp);
++		if (result != ISC_R_SUCCESS)
++			return (ISC_FALSE);
++	}
+ 
+ 	if (mgr->portlist != NULL &&
+-	    dns_portlist_match(mgr->portlist, isc_sockaddr_pf(&sockaddr),
+-			       isc_sockaddr_getport(&sockaddr)))
++	    dns_portlist_match(mgr->portlist, isc_sockaddr_pf(sockaddrp),
++			       isc_sockaddr_getport(sockaddrp)))
+ 		return (ISC_TRUE);
+ 	return (ISC_FALSE);
+ }
+@@ -1323,7 +1464,7 @@
+ 	if (disp->mgr->portlist != NULL &&
+ 	    isc_sockaddr_getport(addr) == 0 &&
+ 	    isc_sockaddr_getport(&disp->local) == 0 &&
+-	    blacklisted(disp->mgr, disp->socket))
++	    blacklisted(disp->mgr, disp->socket, NULL))
+ 		return (ISC_FALSE);
+ 
+ 	/*
+@@ -1396,7 +1537,7 @@
+ 
+ static isc_result_t
+ qid_allocate(dns_dispatchmgr_t *mgr, unsigned int buckets,
+-	     unsigned int increment, isc_boolean_t usepool, dns_qid_t **qidp)
++	     unsigned int increment, dns_qid_t **qidp)
+ {
+ 	dns_qid_t *qid;
+ 	unsigned int i;
+@@ -1418,17 +1559,8 @@
+ 		return (ISC_R_NOMEMORY);
+ 	}
+ 
+-	result = nsid_init(mgr->mctx, &qid->nsid, usepool);
+-	if (result != ISC_R_SUCCESS) {
+-		isc_mem_put(mgr->mctx, qid->qid_table,
+-			    buckets * sizeof(dns_displist_t));
+-		isc_mem_put(mgr->mctx, qid, sizeof(*qid));
+-		return (ISC_R_NOMEMORY);
+-	}
+-
+ 	result = isc_mutex_init(&qid->lock);
+ 	if (result != ISC_R_SUCCESS) {
+-		nsid_destroy(mgr->mctx, &qid->nsid);
+ 		isc_mem_put(mgr->mctx, qid->qid_table,
+ 			    buckets * sizeof(dns_displist_t));
+ 		isc_mem_put(mgr->mctx, qid, sizeof(*qid));
+@@ -1456,7 +1588,6 @@
+ 
+ 	*qidp = NULL;
+ 	qid->magic = 0;
+-	nsid_destroy(mctx, &qid->nsid);
+ 	isc_mem_put(mctx, qid->qid_table,
+ 		    qid->qid_nbuckets * sizeof(dns_displist_t));
+ 	DESTROYLOCK(&qid->lock);
+@@ -1493,6 +1624,7 @@
+ 	disp->refcount = 1;
+ 	disp->recv_pending = 0;
+ 	memset(&disp->local, 0, sizeof(disp->local));
++	disp->localport = 0;
+ 	disp->shutting_down = 0;
+ 	disp->shutdown_out = 0;
+ 	disp->connected = 0;
+@@ -1598,7 +1730,7 @@
+ 		return (result);
+ 	}
+ 
+-	result = qid_allocate(mgr, buckets, increment, ISC_FALSE, &disp->qid);
++	result = qid_allocate(mgr, buckets, increment, &disp->qid);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto deallocate_dispatch;
+ 
+@@ -1665,7 +1797,7 @@
+ 		    dns_dispatch_t **dispp)
+ {
+ 	isc_result_t result;
+-	dns_dispatch_t *disp;
++	dns_dispatch_t *disp = NULL;
+ 
+ 	REQUIRE(VALID_DISPATCHMGR(mgr));
+ 	REQUIRE(sockmgr != NULL);
+@@ -1685,6 +1817,11 @@
+ 
+ 	LOCK(&mgr->lock);
+ 
++	if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) != 0) {
++		REQUIRE(isc_sockaddr_getport(localaddr) == 0);
++		goto createudp;
++	}
++
+ 	/*
+ 	 * First, see if we have a dispatcher that matches.
+ 	 */
+@@ -1713,6 +1850,7 @@
+ 		return (ISC_R_SUCCESS);
+ 	}
+ 
++ createudp:
+ 	/*
+ 	 * Nope, create one.
+ 	 */
+@@ -1748,7 +1886,9 @@
+ 	dns_dispatch_t *disp;
+ 	isc_socket_t *sock = NULL;
+ 	isc_socket_t *held[DNS_DISPATCH_HELD];
+-	unsigned int i = 0, j = 0;
++	unsigned int i = 0, j = 0, k = 0;
++	isc_sockaddr_t localaddr_bound;
++	in_port_t localport = 0;
+ 
+ 	/*
+ 	 * dispatch_allocate() checks mgr for us.
+@@ -1764,11 +1904,34 @@
+ 	 * from returning the same port to us too quickly.
+ 	 */
+ 	memset(held, 0, sizeof(held));
++	localaddr_bound = *localaddr;
+  getsocket:
+-	result = create_socket(sockmgr, localaddr, &sock);
++	if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) != 0) {
++		in_port_t prt;
++
++		/* XXX: should the range be configurable? */
++		prt = 1024 + dispatch_arc4uniformrandom(mgr, 65535 - 1023);
++		isc_sockaddr_setport(&localaddr_bound, prt);
++		if (blacklisted(mgr, NULL, &localaddr_bound)) {
++			if (++k == 1024)
++				attributes &= ~DNS_DISPATCHATTR_RANDOMPORT;
++			goto getsocket;
++		}
++		result = create_socket(sockmgr, &localaddr_bound, &sock);
++		if (result == ISC_R_ADDRINUSE) {
++			if (++k == 1024)
++				attributes &= ~DNS_DISPATCHATTR_RANDOMPORT;
++			goto getsocket;
++		}
++		localport = prt;
++	} else
++		result = create_socket(sockmgr, localaddr, &sock);
+ 	if (result != ISC_R_SUCCESS)
+ 		goto deallocate_dispatch;
+-	if (isc_sockaddr_getport(localaddr) == 0 && blacklisted(mgr, sock)) {
++	if ((attributes & DNS_DISPATCHATTR_RANDOMPORT) == 0 &&
++	    isc_sockaddr_getport(localaddr) == 0 &&
++	    blacklisted(mgr, sock, NULL))
++	{
+ 		if (held[i] != NULL)
+ 			isc_socket_detach(&held[i]);
+ 		held[i++] = sock;
+@@ -1789,6 +1952,7 @@
+ 	disp->socktype = isc_sockettype_udp;
+ 	disp->socket = sock;
+ 	disp->local = *localaddr;
++	disp->localport = localport;
+ 
+ 	disp->task = NULL;
+ 	result = isc_task_create(taskmgr, 0, &disp->task);
+@@ -1921,19 +2085,20 @@
+ 	/*
+ 	 * Try somewhat hard to find an unique ID.
+ 	 */
++	id = (dns_messageid_t)dispatch_arc4random(disp->mgr);
+ 	qid = DNS_QID(disp);
+ 	LOCK(&qid->lock);
+-	id = dns_randomid(&qid->nsid);
+-	bucket = dns_hash(qid, dest, id);
++	bucket = dns_hash(qid, dest, id, disp->localport);
+ 	ok = ISC_FALSE;
+ 	for (i = 0; i < 64; i++) {
+-		if (bucket_search(qid, dest, id, bucket) == NULL) {
++		if (bucket_search(qid, dest, id, disp->localport, bucket) ==
++		    NULL) {
+ 			ok = ISC_TRUE;
+ 			break;
+ 		}
+ 		id += qid->qid_increment;
+ 		id &= 0x0000ffff;
+-		bucket = dns_hash(qid, dest, id);
++		bucket = dns_hash(qid, dest, id, disp->localport);
+ 	}
+ 
+ 	if (!ok) {
+@@ -1955,6 +2120,7 @@
+ 	isc_task_attach(task, &res->task);
+ 	res->disp = disp;
+ 	res->id = id;
++	res->port = disp->localport;
+ 	res->bucket = bucket;
+ 	res->host = *dest;
+ 	res->action = action;
+@@ -2266,409 +2432,3 @@
+ 	}
+ }
+ #endif
+-
+-/*
+- * Allow the user to pick one of two ID randomization algorithms.
+- *
+- * The first algorithm is an adaptation of the sequence shuffling
+- * algorithm discovered by Carter Bays and S. D. Durham [ACM Trans. Math.
+- * Software 2 (1976), 59-64], as documented as Algorithm B in Chapter
+- * 3.2.2 in Volume 2 of Knuth's "The Art of Computer Programming".  We use
+- * a randomly selected linear congruential random number generator with a
+- * modulus of 2^16, whose increment is a randomly picked odd number, and
+- * whose multiplier is picked from a set which meets the following
+- * criteria:
+- *     Is of the form 8*n+5, which ensures "high potency" according to
+- *     principle iii in the summary chapter 3.6.  This form also has a
+- *     gcd(a-1,m) of 4 which is good according to principle iv.
+- *
+- *     Is between 0.01 and 0.99 times the modulus as specified by
+- *     principle iv.
+- *
+- *     Passes the spectral test "with flying colors" (ut >= 1) in
+- *     dimensions 2 through 6 as calculated by Algorithm S in Chapter
+- *     3.3.4 and the ratings calculated by formula 35 in section E.
+- *
+- *     Of the multipliers that pass this test, pick the set that is
+- *     best according to the theoretical bounds of the serial
+- *     correlation test.  This was calculated using a simplified
+- *     version of Knuth's Theorem K in Chapter 3.3.3.
+- *
+- * These criteria may not be important for this use, but we might as well
+- * pick from the best generators since there are so many possible ones and
+- * we don't have that many random bits to do the picking.
+- *
+- * We use a modulus of 2^16 instead of something bigger so that we will
+- * tend to cycle through all the possible IDs before repeating any,
+- * however the shuffling will perturb this somewhat.  Theoretically there
+- * is no minimimum interval between two uses of the same ID, but in
+- * practice it seems to be >64000.
+- *
+- * Our adaptatation  of Algorithm B mixes the hash state which has
+- * captured various random events into the shuffler to perturb the
+- * sequence.
+- *
+- * One disadvantage of this algorithm is that if the generator parameters
+- * were to be guessed, it would be possible to mount a limited brute force
+- * attack on the ID space since the IDs are only shuffled within a limited
+- * range.
+- *
+- * The second algorithm uses the same random number generator to populate
+- * a pool of 65536 IDs.  The hash state is used to pick an ID from a window
+- * of 4096 IDs in this pool, then the chosen ID is swapped with the ID
+- * at the beginning of the window and the window position is advanced.
+- * This means that the interval between uses of the ID will be no less
+- * than 65536-4096.  The ID sequence in the pool will become more random
+- * over time.
+- *
+- * For both algorithms, two more linear congruential random number generators
+- * are selected.  The ID from the first part of algorithm is used to seed
+- * the first of these generators, and its output is used to seed the second.
+- * The strategy is use these generators as 1 to 1 hashes to obfuscate the
+- * properties of the generator used in the first part of either algorithm.
+- *
+- * The first algorithm may be suitable for use in a client resolver since
+- * its memory requirements are fairly low and it's pretty random out of
+- * the box.  It is somewhat succeptible to a limited brute force attack,
+- * so the second algorithm is probably preferable for a longer running
+- * program that issues a large number of queries and has time to randomize
+- * the pool.
+- */
+-
+-#define NSID_SHUFFLE_TABLE_SIZE 100 /* Suggested by Knuth */
+-/*
+- * Pick one of the next 4096 IDs in the pool.
+- * There is a tradeoff here between randomness and how often and ID is reused.
+- */
+-#define NSID_LOOKAHEAD 4096     /* Must be a power of 2 */
+-#define NSID_SHUFFLE_ONLY 1     /* algorithm 1 */
+-#define NSID_USE_POOL 2         /* algorithm 2 */
+-#define NSID_HASHSHIFT       3
+-#define NSID_HASHROTATE(v) \
+-        (((v) << NSID_HASHSHIFT) | ((v) >> ((sizeof(v) * 8) - NSID_HASHSHIFT)))
+-
+-static isc_uint32_t	nsid_hash_state;
+-
+-/*
+- * Keep a running hash of various bits of data that we'll use to
+- * stir the ID pool or perturb the ID generator
+- */
+-static void
+-nsid_hash(void *data, size_t len) {
+-	unsigned char *p = data;
+-	/*
+-	 * Hash function similar to the one we use for hashing names.
+-	 * We don't fold case or toss the upper bit here, though.
+-	 * This hash doesn't do much interesting when fed binary zeros,
+-	 * so there may be a better hash function.
+-	 * This function doesn't need to be very strong since we're
+-	 * only using it to stir the pool, but it should be reasonably
+-	 * fast.
+-	 */
+-	/*
+-	 * We don't care about locking access to nsid_hash_state.
+-	 * In fact races make the result even more non deteministic.
+-	 */
+-	while (len-- > 0U) {
+-		nsid_hash_state = NSID_HASHROTATE(nsid_hash_state);
+-		nsid_hash_state += *p++;
+-	}
+-}
+-
+-/*
+- * Table of good linear congruential multipliers for modulus 2^16
+- * in order of increasing serial correlation bounds (so trim from
+- * the end).
+- */
+-static const isc_uint16_t nsid_multiplier_table[] = {
+-	17565, 25013, 11733, 19877, 23989, 23997, 24997, 25421,
+-	26781, 27413, 35901, 35917, 35973, 36229, 38317, 38437,
+-	39941, 40493, 41853, 46317, 50581, 51429, 53453, 53805,
+-	11317, 11789, 12045, 12413, 14277, 14821, 14917, 18989,
+-	19821, 23005, 23533, 23573, 23693, 27549, 27709, 28461,
+-	29365, 35605, 37693, 37757, 38309, 41285, 45261, 47061,
+-	47269, 48133, 48597, 50277, 50717, 50757, 50805, 51341,
+-	51413, 51581, 51597, 53445, 11493, 14229, 20365, 20653,
+-	23485, 25541, 27429, 29421, 30173, 35445, 35653, 36789,
+-	36797, 37109, 37157, 37669, 38661, 39773, 40397, 41837,
+-	41877, 45293, 47277, 47845, 49853, 51085, 51349, 54085,
+-	56933,  8877,  8973,  9885, 11365, 11813, 13581, 13589,
+-	13613, 14109, 14317, 15765, 15789, 16925, 17069, 17205,
+-	17621, 17941, 19077, 19381, 20245, 22845, 23733, 24869,
+-	25453, 27213, 28381, 28965, 29245, 29997, 30733, 30901,
+-	34877, 35485, 35613, 36133, 36661, 36917, 38597, 40285,
+-	40693, 41413, 41541, 41637, 42053, 42349, 45245, 45469,
+-	46493, 48205, 48613, 50861, 51861, 52877, 53933, 54397,
+-	55669, 56453, 56965, 58021,  7757,  7781,  8333,  9661,
+-	12229, 14373, 14453, 17549, 18141, 19085, 20773, 23701,
+-	24205, 24333, 25261, 25317, 27181, 30117, 30477, 34757,
+-	34885, 35565, 35885, 36541, 37957, 39733, 39813, 41157,
+-	41893, 42317, 46621, 48117, 48181, 49525, 55261, 55389,
+-	56845,  7045,  7749,  7965,  8469,  9133,  9549,  9789,
+-	10173, 11181, 11285, 12253, 13453, 13533, 13757, 14477,
+-	15053, 16901, 17213, 17269, 17525, 17629, 18605, 19013,
+-	19829, 19933, 20069, 20093, 23261, 23333, 24949, 25309,
+-	27613, 28453, 28709, 29301, 29541, 34165, 34413, 37301,
+-	37773, 38045, 38405, 41077, 41781, 41925, 42717, 44437,
+-	44525, 44613, 45933, 45941, 47077, 50077, 50893, 52117,
+-	 5293, 55069, 55989, 58125, 59205,  6869, 14685, 15453,
+-	16821, 17045, 17613, 18437, 21029, 22773, 22909, 25445,
+-	25757, 26541, 30709, 30909, 31093, 31149, 37069, 37725,
+-	37925, 38949, 39637, 39701, 40765, 40861, 42965, 44813,
+-	45077, 45733, 47045, 50093, 52861, 52957, 54181, 56325,
+-	56365, 56381, 56877, 57013,  5741, 58101, 58669,  8613,
+-	10045, 10261, 10653, 10733, 11461, 12261, 14069, 15877,
+-	17757, 21165, 23885, 24701, 26429, 26645, 27925, 28765,
+-	29197, 30189, 31293, 39781, 39909, 40365, 41229, 41453,
+-	41653, 42165, 42365, 47421, 48029, 48085, 52773,  5573,
+-	57037, 57637, 58341, 58357, 58901,  6357,  7789,  9093,
+-	10125, 10709, 10765, 11957, 12469, 13437, 13509, 14773,
+-	15437, 15773, 17813, 18829, 19565, 20237, 23461, 23685,
+-	23725, 23941, 24877, 25461, 26405, 29509, 30285, 35181,
+-	37229, 37893, 38565, 40293, 44189, 44581, 45701, 47381,
+-	47589, 48557,  4941, 51069,  5165, 52797, 53149,  5341,
+-	56301, 56765, 58581, 59493, 59677,  6085,  6349,  8293,
+-	 8501,  8517, 11597, 11709, 12589, 12693, 13517, 14909,
+-	17397, 18085, 21101, 21269, 22717, 25237, 25661, 29189,
+-	30101, 31397, 33933, 34213, 34661, 35533, 36493, 37309,
+-	40037,  4189, 42909, 44309, 44357, 44389,  4541, 45461,
+-	46445, 48237, 54149, 55301, 55853, 56621, 56717, 56901,
+-	 5813, 58437, 12493, 15365, 15989, 17829, 18229, 19341,
+-	21013, 21357, 22925, 24885, 26053, 27581, 28221, 28485,
+-	30605, 30613, 30789, 35437, 36285, 37189,  3941, 41797,
+-	 4269, 42901, 43293, 44645, 45221, 46893,  4893, 50301,
+-	50325,  5189, 52109, 53517, 54053, 54485,  5525, 55949,
+-	56973, 59069, 59421, 60733, 61253,  6421,  6701,  6709,
+-	 7101,  8669, 15797, 19221, 19837, 20133, 20957, 21293,
+-	21461, 22461, 29085, 29861, 30869, 34973, 36469, 37565,
+-	38125, 38829, 39469, 40061, 40117, 44093, 47429, 48341,
+-	50597, 51757,  5541, 57629, 58405, 59621, 59693, 59701,
+-	61837,  7061, 10421, 11949, 15405, 20861, 25397, 25509,
+-	25893, 26037, 28629, 28869, 29605, 30213, 34205, 35637,
+-	36365, 37285,  3773, 39117,  4021, 41061, 42653, 44509,
+-	 4461, 44829,  4725,  5125, 52269, 56469, 59085,  5917,
+-	60973,  8349, 17725, 18637, 19773, 20293, 21453, 22533,
+-	24285, 26333, 26997, 31501, 34541, 34805, 37509, 38477,
+-	41333, 44125, 46285, 46997, 47637, 48173,  4925, 50253,
+-	50381, 50917, 51205, 51325, 52165, 52229,  5253,  5269,
+-	53509, 56253, 56341,  5821, 58373, 60301, 61653, 61973,
+-	62373,  8397, 11981, 14341, 14509, 15077, 22261, 22429,
+-	24261, 28165, 28685, 30661, 34021, 34445, 39149,  3917,
+-	43013, 43317, 44053, 44101,  4533, 49541, 49981,  5277,
+-	54477, 56357, 57261, 57765, 58573, 59061, 60197, 61197,
+-	62189,  7725,  8477,  9565, 10229, 11437, 14613, 14709,
+-	16813, 20029, 20677, 31445,  3165, 31957,  3229, 33541,
+-	36645,  3805, 38973,  3965,  4029, 44293, 44557, 46245,
+-	48917,  4909, 51749, 53709, 55733, 56445,  5925,  6093,
+-	61053, 62637,  8661,  9109, 10821, 11389, 13813, 14325,
+-	15501, 16149, 18845, 22669, 26437, 29869, 31837, 33709,
+-	33973, 34173,  3677,  3877,  3981, 39885, 42117,  4421,
+-	44221, 44245, 44693, 46157, 47309,  5005, 51461, 52037,
+-	55333, 55693, 56277, 58949,  6205, 62141, 62469,  6293,
+-	10101, 12509, 14029, 17997, 20469, 21149, 25221, 27109,
+-	 2773,  2877, 29405, 31493, 31645,  4077, 42005, 42077,
+-	42469, 42501, 44013, 48653, 49349,  4997, 50101, 55405,
+-	56957, 58037, 59429, 60749, 61797, 62381, 62837,  6605,
+-	10541, 23981, 24533,  2701, 27333, 27341, 31197, 33805,
+-	 3621, 37381,  3749,  3829, 38533, 42613, 44381, 45901,
+-	48517, 51269, 57725, 59461, 60045, 62029, 13805, 14013,
+-	15461, 16069, 16157, 18573,  2309, 23501, 28645,  3077,
+-	31541, 36357, 36877,  3789, 39429, 39805, 47685, 47949,
+-	49413,  5485, 56757, 57549, 57805, 58317, 59549, 62213,
+-	62613, 62853, 62933,  8909, 12941, 16677, 20333, 21541,
+-	24429, 26077, 26421,  2885, 31269, 33381,  3661, 40925,
+-	42925, 45173,  4525,  4709, 53133, 55941, 57413, 57797,
+-	62125, 62237, 62733,  6773, 12317, 13197, 16533, 16933,
+-	18245,  2213,  2477, 29757, 33293, 35517, 40133, 40749,
+-	 4661, 49941, 62757,  7853,  8149,  8573, 11029, 13421,
+-	21549, 22709, 22725, 24629,  2469, 26125,  2669, 34253,
+-	36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013,
+-	60997, 61189, 61981, 62605, 62821,  7077,  7525,  8781,
+-	10861, 15277,  2205, 22077, 28517, 28949, 32109, 33493,
+-	 4661, 49941, 62757,  7853,  8149,  8573, 11029, 13421,
+-	21549, 22709, 22725, 24629,  2469, 26125,  2669, 34253,
+-	36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013,
+-	60997, 61189, 61981, 62605, 62821,  7077,  7525,  8781,
+-	10861, 15277,  2205, 22077, 28517, 28949, 32109, 33493,
+-	 3685, 39197, 39869, 42621, 44997, 48565,  5221, 57381,
+-	61749, 62317, 63245, 63381, 23149,  2549, 28661, 31653,
+-	33885, 36341, 37053, 39517, 42805, 45853, 48997, 59349,
+-	60053, 62509, 63069,  6525,  1893, 20181,  2365, 24893,
+-	27397, 31357, 32277, 33357, 34437, 36677, 37661, 43469,
+-	43917, 50997, 53869,  5653, 13221, 16741, 17893,  2157,
+-	28653, 31789, 35301, 35821, 61613, 62245, 12405, 14517,
+-	17453, 18421,  3149,  3205, 40341,  4109, 43941, 46869,
+-	48837, 50621, 57405, 60509, 62877,  8157, 12933, 12957,
+-	16501, 19533,  3461, 36829, 52357, 58189, 58293, 63053,
+-	17109,  1933, 32157, 37701, 59005, 61621, 13029, 15085,
+-	16493, 32317, 35093,  5061, 51557, 62221, 20765, 24613,
+-	 2629, 30861, 33197, 33749, 35365, 37933, 40317, 48045,
+-	56229, 61157, 63797,  7917, 17965,  1917,  1973, 20301,
+-	 2253, 33157, 58629, 59861, 61085, 63909,  8141,  9221,
+-	14757,  1581, 21637, 26557, 33869, 34285, 35733, 40933,
+-	42517, 43501, 53653, 61885, 63805,  7141, 21653, 54973,
+-	31189, 60061, 60341, 63357, 16045,  2053, 26069, 33997,
+-	43901, 54565, 63837,  8949, 17909, 18693, 32349, 33125,
+-	37293, 48821, 49053, 51309, 64037,  7117,  1445, 20405,
+-	23085, 26269, 26293, 27349, 32381, 33141, 34525, 36461,
+-	37581, 43525,  4357, 43877,  5069, 55197, 63965,  9845,
+-	12093,  2197,  2229, 32165, 33469, 40981, 42397,  8749,
+-	10853,  1453, 18069, 21693, 30573, 36261, 37421, 42533
+-};
+-
+-#define NSID_MULT_TABLE_SIZE \
+-        ((sizeof nsid_multiplier_table)/(sizeof nsid_multiplier_table[0]))
+-#define NSID_RANGE_MASK (NSID_LOOKAHEAD - 1)
+-#define NSID_POOL_MASK 0xFFFF /* used to wrap the pool index */
+-#define NSID_SHUFFLE_ONLY 1
+-#define NSID_USE_POOL 2
+-
+-static isc_uint16_t
+-nsid_next(dns_nsid_t *nsid) {
+-        isc_uint16_t id, compressed_hash;
+-	isc_uint16_t j;
+-
+-        compressed_hash = ((nsid_hash_state >> 16) ^
+-			   (nsid_hash_state)) & 0xFFFF;
+-
+-	if (nsid->nsid_usepool) {
+-	        isc_uint16_t pick;
+-
+-                pick = compressed_hash & NSID_RANGE_MASK;
+-		pick = (nsid->nsid_state + pick) & NSID_POOL_MASK;
+-                id = nsid->nsid_pool[pick];
+-                if (pick != 0) {
+-                        /* Swap two IDs to stir the pool */
+-                        nsid->nsid_pool[pick] =
+-                                nsid->nsid_pool[nsid->nsid_state];
+-                        nsid->nsid_pool[nsid->nsid_state] = id;
+-                }
+-
+-                /* increment the base pointer into the pool */
+-                if (nsid->nsid_state == 65535)
+-                        nsid->nsid_state = 0;
+-                else
+-                        nsid->nsid_state++;
+-	} else {
+-		/*
+-		 * This is the original Algorithm B
+-		 * j = ((u_long) NSID_SHUFFLE_TABLE_SIZE * nsid_state2) >> 16;
+-		 *
+-		 * We'll perturb it with some random stuff  ...
+-		 */
+-		j = ((isc_uint32_t) NSID_SHUFFLE_TABLE_SIZE *
+-		     (nsid->nsid_state2 ^ compressed_hash)) >> 16;
+-		nsid->nsid_state2 = id = nsid->nsid_vtable[j];
+-		nsid->nsid_state = (((isc_uint32_t) nsid->nsid_a1 * nsid->nsid_state) +
+-				      nsid->nsid_c1) & 0xFFFF;
+-		nsid->nsid_vtable[j] = nsid->nsid_state;
+-	}
+-
+-        /* Now lets obfuscate ... */
+-        id = (((isc_uint32_t) nsid->nsid_a2 * id) + nsid->nsid_c2) & 0xFFFF;
+-        id = (((isc_uint32_t) nsid->nsid_a3 * id) + nsid->nsid_c3) & 0xFFFF;
+-
+-        return (id);
+-}
+-
+-static isc_result_t
+-nsid_init(isc_mem_t *mctx, dns_nsid_t *nsid, isc_boolean_t usepool) {
+-        isc_time_t now;
+-        pid_t mypid;
+-        isc_uint16_t a1ndx, a2ndx, a3ndx, c1ndx, c2ndx, c3ndx;
+-        int i;
+-
+-	isc_time_now(&now);
+-        mypid = getpid();
+-
+-        /* Initialize the state */
+-	memset(nsid, 0, sizeof(*nsid));
+-        nsid_hash(&now, sizeof now);
+-        nsid_hash(&mypid, sizeof mypid);
+-
+-        /*
+-         * Select our random number generators and initial seed.
+-         * We could really use more random bits at this point,
+-         * but we'll try to make a silk purse out of a sows ear ...
+-         */
+-        /* generator 1 */
+-        a1ndx = ((isc_uint32_t) NSID_MULT_TABLE_SIZE *
+-                 (nsid_hash_state & 0xFFFF)) >> 16;
+-        nsid->nsid_a1 = nsid_multiplier_table[a1ndx];
+-        c1ndx = (nsid_hash_state >> 9) & 0x7FFF;
+-        nsid->nsid_c1 = 2 * c1ndx + 1;
+-
+-        /* generator 2, distinct from 1 */
+-        a2ndx = ((isc_uint32_t) (NSID_MULT_TABLE_SIZE - 1) *
+-                 ((nsid_hash_state >> 10) & 0xFFFF)) >> 16;
+-        if (a2ndx >= a1ndx)
+-                a2ndx++;
+-        nsid->nsid_a2 = nsid_multiplier_table[a2ndx];
+-        c2ndx = nsid_hash_state % 32767;
+-        if (c2ndx >= c1ndx)
+-                c2ndx++;
+-        nsid->nsid_c2 = 2*c2ndx + 1;
+-
+-        /* generator 3, distinct from 1 and 2 */
+-        a3ndx = ((isc_uint32_t) (NSID_MULT_TABLE_SIZE - 2) *
+-                 ((nsid_hash_state >> 20) & 0xFFFF)) >> 16;
+-        if (a3ndx >= a1ndx || a3ndx >= a2ndx)
+-                a3ndx++;
+-        if (a3ndx >= a1ndx && a3ndx >= a2ndx)
+-                a3ndx++;
+-        nsid->nsid_a3 = nsid_multiplier_table[a3ndx];
+-        c3ndx = nsid_hash_state % 32766;
+-        if (c3ndx >= c1ndx || c3ndx >= c2ndx)
+-                c3ndx++;
+-        if (c3ndx >= c1ndx && c3ndx >= c2ndx)
+-                c3ndx++;
+-        nsid->nsid_c3 = 2*c3ndx + 1;
+-
+-        nsid->nsid_state =
+-		((nsid_hash_state >> 16) ^ (nsid_hash_state)) & 0xFFFF;
+-
+-	nsid->nsid_usepool = usepool;
+-	if (nsid->nsid_usepool) {
+-                nsid->nsid_pool = isc_mem_get(mctx, 0x10000 * sizeof(isc_uint16_t));
+-		if (nsid->nsid_pool == NULL)
+-			return (ISC_R_NOMEMORY);
+-                for (i = 0; ; i++) {
+-                        nsid->nsid_pool[i] = nsid->nsid_state;
+-                        nsid->nsid_state =
+-				 (((u_long) nsid->nsid_a1 * nsid->nsid_state) +
+-				   nsid->nsid_c1) & 0xFFFF;
+-                        if (i == 0xFFFF)
+-                                break;
+-                }
+-	} else {
+-		nsid->nsid_vtable = isc_mem_get(mctx, NSID_SHUFFLE_TABLE_SIZE *
+-						(sizeof(isc_uint16_t)) );
+-		if (nsid->nsid_vtable == NULL)
+-			return (ISC_R_NOMEMORY);
+-
+-		for (i = 0; i < NSID_SHUFFLE_TABLE_SIZE; i++) {
+-			nsid->nsid_vtable[i] = nsid->nsid_state;
+-			nsid->nsid_state =
+-				   (((isc_uint32_t) nsid->nsid_a1 * nsid->nsid_state) +
+-					 nsid->nsid_c1) & 0xFFFF;
+-		}
+-		nsid->nsid_state2 = nsid->nsid_state;
+-	} 
+-	return (ISC_R_SUCCESS);
+-}
+-
+-static void
+-nsid_destroy(isc_mem_t *mctx, dns_nsid_t *nsid) {
+-	if (nsid->nsid_usepool)
+-		isc_mem_put(mctx, nsid->nsid_pool,
+-			    0x10000 * sizeof(isc_uint16_t));
+-	else
+-		isc_mem_put(mctx, nsid->nsid_vtable,
+-			    NSID_SHUFFLE_TABLE_SIZE * (sizeof(isc_uint16_t)) );
+-	memset(nsid, 0, sizeof(*nsid));
+-}
+-
+-void
+-dns_dispatch_hash(void *data, size_t len) {
+-	nsid_hash(data, len);
+-}
+Index: contrib/bind9/lib/dns/include/dns/dispatch.h
+===================================================================
+--- contrib/bind9/lib/dns/include/dns/dispatch.h	(revision 180402)
++++ contrib/bind9/lib/dns/include/dns/dispatch.h	(working copy)
+@@ -113,6 +113,9 @@
+  * _MAKEQUERY
+  *	The dispatcher can be used to issue queries to other servers, and
+  *	accept replies from them.
++ *
++ * _RANDOMPORT
++ *	Allocate UDP port randomly.
+  */
+ #define DNS_DISPATCHATTR_PRIVATE	0x00000001U
+ #define DNS_DISPATCHATTR_TCP		0x00000002U
+@@ -122,6 +125,7 @@
+ #define DNS_DISPATCHATTR_NOLISTEN	0x00000020U
+ #define DNS_DISPATCHATTR_MAKEQUERY	0x00000040U
+ #define DNS_DISPATCHATTR_CONNECTED	0x00000080U
++#define DNS_DISPATCHATTR_RANDOMPORT	0x00000100U
+ /*@}*/
+ 
+ isc_result_t
+@@ -441,13 +445,6 @@
+  * 	event != NULL
+  */
+ 
+-void
+-dns_dispatch_hash(void *data, size_t len);
+-/*%<
+- * Feed 'data' to the dispatch query id generator where 'len' is the size
+- * of 'data'.
+- */
+-
+ ISC_LANG_ENDDECLS
+ 
+ #endif /* DNS_DISPATCH_H */
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+--- contrib/bind9/lib/dns/resolver.c	(revision 180402)
++++ contrib/bind9/lib/dns/resolver.c	(working copy)
+@@ -1159,19 +1159,53 @@
+ 			if (result != ISC_R_SUCCESS)
+ 				goto cleanup_query;
+ 		} else {
++			isc_sockaddr_t localaddr;
++			unsigned int attrs, attrmask;
++			dns_dispatch_t *disp_base;
++
++			attrs = 0;
++			attrs |= DNS_DISPATCHATTR_UDP;
++			attrs |= DNS_DISPATCHATTR_RANDOMPORT;
++
++			attrmask = 0;
++			attrmask |= DNS_DISPATCHATTR_UDP;
++			attrmask |= DNS_DISPATCHATTR_TCP;
++			attrmask |= DNS_DISPATCHATTR_IPV4;
++			attrmask |= DNS_DISPATCHATTR_IPV6;
++
+ 			switch (isc_sockaddr_pf(&addrinfo->sockaddr)) {
+-			case PF_INET:
+-				dns_dispatch_attach(res->dispatchv4,
+-						    &query->dispatch);
++			case AF_INET:
++				disp_base = res->dispatchv4;
++				attrs |= DNS_DISPATCHATTR_IPV4;
+ 				break;
+-			case PF_INET6:
+-				dns_dispatch_attach(res->dispatchv6,
+-						    &query->dispatch);
++			case AF_INET6:
++				disp_base = res->dispatchv6;
++				attrs |= DNS_DISPATCHATTR_IPV6;
+ 				break;
+ 			default:
+ 				result = ISC_R_NOTIMPLEMENTED;
+ 				goto cleanup_query;
+ 			}
++
++			result = dns_dispatch_getlocaladdress(disp_base,
++							      &localaddr);
++			if (result != ISC_R_SUCCESS)
++				goto cleanup_query;
++			if (isc_sockaddr_getport(&localaddr) == 0) {
++				result = dns_dispatch_getudp(res->dispatchmgr,
++							     res->socketmgr,
++							     res->taskmgr,
++							     &localaddr,
++							     4096, 1000, 32768,
++							     16411, 16433,
++							     attrs, attrmask,
++							     &query->dispatch);
++				if (result != ISC_R_SUCCESS)
++					goto cleanup_query;
++			} else {
++				dns_dispatch_attach(disp_base,
++						    &query->dispatch);
++			}
+ 		}
+ 		/*
+ 		 * We should always have a valid dispatcher here.  If we
+Index: contrib/bind9/lib/dns/api
+===================================================================
+--- contrib/bind9/lib/dns/api	(revision 180402)
++++ contrib/bind9/lib/dns/api	(working copy)
+@@ -1,3 +1,3 @@
+-LIBINTERFACE = 34
+-LIBREVISION = 2
+-LIBAGE = 2
++LIBINTERFACE = 35
++LIBREVISION = 0
++LIBAGE = 0
+Index: contrib/bind9/bin/named/client.c
+===================================================================
+--- contrib/bind9/bin/named/client.c	(revision 180402)
++++ contrib/bind9/bin/named/client.c	(working copy)
+@@ -1440,14 +1440,6 @@
+ 	}
+ 
+ 	/*
+-	 * Hash the incoming request here as it is after
+-	 * dns_dispatch_importrecv().
+-	 */
+-	dns_dispatch_hash(&client->now, sizeof(client->now));
+-	dns_dispatch_hash(isc_buffer_base(buffer),
+-			  isc_buffer_usedlength(buffer));
+-
+-	/*
+ 	 * It's a request.  Parse it.
+ 	 */
+ 	result = dns_message_parse(client->message, buffer, 0);
+Index: contrib/bind9/bin/named/server.c
+===================================================================
+--- contrib/bind9/bin/named/server.c	(revision 180402)
++++ contrib/bind9/bin/named/server.c	(working copy)
+@@ -540,6 +540,14 @@
+ 		attrs |= DNS_DISPATCHATTR_IPV6;
+ 		break;
+ 	}
++
++	if (isc_sockaddr_getport(&sa) != 0) {
++		INSIST(obj != NULL);
++		cfg_obj_log(obj, ns_g_lctx, ISC_LOG_INFO,
++			    "using specific query-source port suppresses port "
++			    "randomization and can be insecure.");
++	}
++
+ 	attrmask = 0;
+ 	attrmask |= DNS_DISPATCHATTR_UDP;
+ 	attrmask |= DNS_DISPATCHATTR_TCP;
+@@ -549,7 +557,7 @@
+ 	disp = NULL;
+ 	result = dns_dispatch_getudp(ns_g_dispatchmgr, ns_g_socketmgr,
+ 				     ns_g_taskmgr, &sa, 4096,
+-				     1000, 32768, 16411, 16433,
++				     1024, 32768, 16411, 16433,
+ 				     attrs, attrmask, &disp);
+ 	if (result != ISC_R_SUCCESS) {
+ 		isc_sockaddr_t any;
+@@ -2369,7 +2377,9 @@
+ }
+ 
+ static isc_result_t
+-add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr) {
++add_listenelt(isc_mem_t *mctx, ns_listenlist_t *list, isc_sockaddr_t *addr,
++	      isc_boolean_t wcardport_ok)
++{
+ 	ns_listenelt_t *lelt = NULL;
+ 	dns_acl_t *src_acl = NULL;
+ 	dns_aclelement_t aelt;
+@@ -2379,7 +2389,8 @@
+ 	REQUIRE(isc_sockaddr_pf(addr) == AF_INET6);
+ 
+ 	isc_sockaddr_any6(&any_sa6);
+-	if (!isc_sockaddr_equal(&any_sa6, addr)) {
++	if (!isc_sockaddr_equal(&any_sa6, addr) &&
++	    (wcardport_ok || isc_sockaddr_getport(addr) != 0)) {
+ 		aelt.type = dns_aclelementtype_ipprefix;
+ 		aelt.negative = ISC_FALSE;
+ 		aelt.u.ip_prefix.prefixlen = 128;
+@@ -2438,7 +2449,16 @@
+ 		result = dns_dispatch_getlocaladdress(dispatch6, &addr);
+ 		if (result != ISC_R_SUCCESS)
+ 			goto fail;
+-		result = add_listenelt(mctx, list, &addr);
++
++		/*
++		 * We always add non-wildcard address regardless of whether
++		 * the port is 'any' (the fourth arg is TRUE): if the port is
++		 * specific, we need to add it since it may conflict with a
++		 * listening interface; if it's zero, we'll dynamically open
++		 * query ports, and some of them may override an existing
++		 * wildcard IPv6 port.
++		 */
++		result = add_listenelt(mctx, list, &addr, ISC_TRUE);
+ 		if (result != ISC_R_SUCCESS)
+ 			goto fail;
+ 	}
+@@ -2468,12 +2488,12 @@
+ 			continue;
+ 
+ 		addrp = dns_zone_getnotifysrc6(zone);
+-		result = add_listenelt(mctx, list, addrp);
++		result = add_listenelt(mctx, list, addrp, ISC_FALSE);
+ 		if (result != ISC_R_SUCCESS)
+ 			goto fail;
+ 
+ 		addrp = dns_zone_getxfrsource6(zone);
+-		result = add_listenelt(mctx, list, addrp);
++		result = add_listenelt(mctx, list, addrp, ISC_FALSE);
+ 		if (result != ISC_R_SUCCESS)
+ 			goto fail;
+ 	}
diff --git a/share/security/patches/SA-08:06/bind7.patch.asc b/share/security/patches/SA-08:06/bind7.patch.asc
new file mode 100644
index 0000000000..49e894dae1
--- /dev/null
+++ b/share/security/patches/SA-08:06/bind7.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkh6Un0ACgkQFdaIBMps37KSRQCfcU1vPRGKd8BjrjU2fuepiraQ
+7FYAn1p5wry1DlJwSV+jz3ujGLGQZbTF
+=g534
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:07/amd64.patch b/share/security/patches/SA-08:07/amd64.patch
new file mode 100644
index 0000000000..9e910317ce
--- /dev/null
+++ b/share/security/patches/SA-08:07/amd64.patch
@@ -0,0 +1,25 @@
+Index: sys/amd64/amd64/exception.S
+===================================================================
+RCS file: /home/ncvs/src/sys/amd64/amd64/exception.S,v
+retrieving revision 1.132
+retrieving revision 1.133
+diff -u -d -r1.132 -r1.133
+--- sys/amd64/amd64/exception.S	24 May 2008 06:32:26 -0000	1.132
++++ sys/amd64/amd64/exception.S	18 Aug 2008 08:47:27 -0000	1.133
+@@ -636,13 +636,10 @@
+ 	.globl	doreti_iret_fault
+ doreti_iret_fault:
+ 	subq	$TF_RIP,%rsp		/* space including tf_err, tf_trapno */
+-	testb	$SEL_RPL_MASK,TF_CS(%rsp) /* Did we come from kernel? */
+-	jz	1f			/* already running with kernel GS.base */
+-	swapgs
+-1:	testl	$PSL_I,TF_RFLAGS(%rsp)
+-	jz	2f
++	testl	$PSL_I,TF_RFLAGS(%rsp)
++	jz	1f
+ 	sti
+-2:	movq	%rdi,TF_RDI(%rsp)
++1:	movq	%rdi,TF_RDI(%rsp)
+ 	movq	%rsi,TF_RSI(%rsp)
+ 	movq	%rdx,TF_RDX(%rsp)
+ 	movq	%rcx,TF_RCX(%rsp)
diff --git a/share/security/patches/SA-08:07/amd64.patch.asc b/share/security/patches/SA-08:07/amd64.patch.asc
new file mode 100644
index 0000000000..c0a5fcd109
--- /dev/null
+++ b/share/security/patches/SA-08:07/amd64.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQBIvuT0FdaIBMps37IRAiC0AJ47qE5LHnO9WkgntCE8/jfgW5LQ0gCcDuTj
+uUIxhjbwhrO3AzbF2a0nvY8=
+=SqpH
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:08/nmount.patch b/share/security/patches/SA-08:08/nmount.patch
new file mode 100644
index 0000000000..a872e20bfa
--- /dev/null
+++ b/share/security/patches/SA-08:08/nmount.patch
@@ -0,0 +1,17 @@
+Index: sys/kern/vfs_mount.c
+===================================================================
+RCS file: /usr/ncvs/src/sys/kern/vfs_mount.c,v
+retrieving revision 1.265.2.3
+diff -u -r1.265.2.3 vfs_mount.c
+--- sys/kern/vfs_mount.c	6 Apr 2008 10:02:20 -0000	1.265.2.3
++++ sys/kern/vfs_mount.c	17 Jul 2008 15:39:37 -0000
+@@ -1830,7 +1830,8 @@
+ 		}
+ 		if (*t != NULL)
+ 			continue;
+-		sprintf(errmsg, "mount option <%s> is unknown", p);
++		snprintf(errmsg, sizeof(errmsg),
++		    "mount option <%s> is unknown", p);
+ 		printf("%s\n", errmsg);
+ 		ret = EINVAL;
+ 	}
diff --git a/share/security/patches/SA-08:08/nmount.patch.asc b/share/security/patches/SA-08:08/nmount.patch.asc
new file mode 100644
index 0000000000..48da105726
--- /dev/null
+++ b/share/security/patches/SA-08:08/nmount.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQBIvuT5FdaIBMps37IRAlnPAJ9ZWkbyO31p+VAgtRHNm9C/eicCugCfdCag
+VyDs7ZK5c8mtnnNnqM3wYJw=
+=ruO9
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:09/icmp6.patch b/share/security/patches/SA-08:09/icmp6.patch
new file mode 100644
index 0000000000..6b97b16b3f
--- /dev/null
+++ b/share/security/patches/SA-08:09/icmp6.patch
@@ -0,0 +1,23 @@
+Index: sys/netinet6/icmp6.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/icmp6.c,v
+retrieving revision 1.80.2.4
+diff -u -p -r1.80.2.4 icmp6.c
+--- sys/netinet6/icmp6.c	31 Aug 2008 21:54:24 -0000	1.80.2.4
++++ sys/netinet6/icmp6.c	1 Sep 2008 23:03:44 -0000
+@@ -1117,6 +1117,15 @@ icmp6_mtudisc_update(struct ip6ctlparam 
+ 	if (!validated)
+ 		return;
+ 
++	/*
++	 * In case the suggested mtu is less than IPV6_MMTU, we
++	 * only need to remember that it was for above mentioned
++	 * "alwaysfrag" case.
++	 * Try to be as close to the spec as possible.
++	 */
++	if (mtu < IPV6_MMTU)
++		mtu = IPV6_MMTU - 8;
++
+ 	bzero(&inc, sizeof(inc));
+ 	inc.inc_flags = 1; /* IPv6 */
+ 	inc.inc6_faddr = *dst;
diff --git a/share/security/patches/SA-08:09/icmp6.patch.asc b/share/security/patches/SA-08:09/icmp6.patch.asc
new file mode 100644
index 0000000000..a1b7e6b381
--- /dev/null
+++ b/share/security/patches/SA-08:09/icmp6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQBIvuT/FdaIBMps37IRAh1vAJ9dUrC2OjH9tW2mmxrcprPCGGZ/DwCcDH+r
+3ao+dvaeMab8SjbGfa8/iWg=
+=0Rwc
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:10/nd6-6.patch b/share/security/patches/SA-08:10/nd6-6.patch
new file mode 100644
index 0000000000..dc32f71064
--- /dev/null
+++ b/share/security/patches/SA-08:10/nd6-6.patch
@@ -0,0 +1,86 @@
+Index: sys/netinet6/in6.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/in6.h,v
+retrieving revision 1.36.2.9
+diff -u -p -r1.36.2.9 in6.h
+--- sys/netinet6/in6.h	1 Sep 2008 22:57:56 -0000	1.36.2.9
++++ sys/netinet6/in6.h	28 Sep 2008 21:27:09 -0000
+@@ -575,7 +575,8 @@ struct ip6_mtuinfo {
+ /* to define items, should talk with KAME guys first, for *BSD compatibility */
+ #define IPV6CTL_STEALTH		45
+ #define IPV6CTL_RTHDR0_ALLOWED  46
+-#define IPV6CTL_MAXID		47
++#define	ICMPV6CTL_ND6_ONLINKNSRFC4861	47
++#define IPV6CTL_MAXID		48
+ #endif /* __BSD_VISIBLE */
+ 
+ /*
+Index: sys/netinet6/in6_proto.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/in6_proto.c,v
+retrieving revision 1.32.2.9
+diff -u -p -r1.32.2.9 in6_proto.c
+--- sys/netinet6/in6_proto.c	1 Sep 2008 22:57:56 -0000	1.32.2.9
++++ sys/netinet6/in6_proto.c	28 Sep 2008 21:26:24 -0000
+@@ -354,6 +354,7 @@ DOMAIN_SET(inet6);
+ #ifndef	IPV6_SENDREDIRECTS
+ #define	IPV6_SENDREDIRECTS	1
+ #endif
++int	nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */
+ 
+ int	ip6_forwarding = IPV6FORWARDING;	/* act as router? */
+ int	ip6_sendredirects = IPV6_SENDREDIRECTS;
+@@ -553,3 +554,6 @@ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_N
+ 	nd6_maxnudhint, CTLFLAG_RW,	&nd6_maxnudhint, 0, "");
+ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG,
+ 	nd6_debug, CTLFLAG_RW,	&nd6_debug,		0, "");
++SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
++	nd6_onlink_ns_rfc4861, CTLFLAG_RW, &nd6_onlink_ns_rfc4861, 0,
++	"Accept 'on-link' nd6 NS in compliance with RFC 4861.");
+Index: sys/netinet6/nd6.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/nd6.h,v
+retrieving revision 1.19.2.3
+diff -u -p -r1.19.2.3 nd6.h
+--- sys/netinet6/nd6.h	1 Sep 2008 22:57:56 -0000	1.19.2.3
++++ sys/netinet6/nd6.h	28 Sep 2008 21:26:24 -0000
+@@ -339,6 +339,7 @@ extern struct llinfo_nd6 llinfo_nd6;
+ extern struct nd_drhead nd_defrouter;
+ extern struct nd_prhead nd_prefix;
+ extern int nd6_debug;
++extern int nd6_onlink_ns_rfc4861;
+ 
+ #define nd6log(x)	do { if (nd6_debug) log x; } while (/*CONSTCOND*/ 0)
+ 
+Index: sys/netinet6/nd6_nbr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/nd6_nbr.c,v
+retrieving revision 1.29.2.10
+diff -u -p -r1.29.2.10 nd6_nbr.c
+--- sys/netinet6/nd6_nbr.c	1 Sep 2008 22:57:56 -0000	1.29.2.10
++++ sys/netinet6/nd6_nbr.c	28 Sep 2008 21:26:24 -0000
+@@ -148,6 +148,24 @@ nd6_ns_input(m, off, icmp6len)
+ 			    "(wrong ip6 dst)\n"));
+ 			goto bad;
+ 		}
++	} else if (!nd6_onlink_ns_rfc4861) {
++		struct sockaddr_in6 src_sa6;
++
++		/*
++		 * According to recent IETF discussions, it is not a good idea
++		 * to accept a NS from an address which would not be deemed
++		 * to be a neighbor otherwise.  This point is expected to be
++		 * clarified in future revisions of the specification.
++		 */
++		bzero(&src_sa6, sizeof(src_sa6));
++		src_sa6.sin6_family = AF_INET6;
++		src_sa6.sin6_len = sizeof(src_sa6);
++		src_sa6.sin6_addr = saddr6;
++		if (!nd6_is_addr_neighbor(&src_sa6, ifp)) {
++			nd6log((LOG_INFO, "nd6_ns_input: "
++				"NS packet from non-neighbor\n"));
++			goto bad;
++		}
+ 	}
+ 
+ 	if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
diff --git a/share/security/patches/SA-08:10/nd6-6.patch.asc b/share/security/patches/SA-08:10/nd6-6.patch.asc
new file mode 100644
index 0000000000..64ffee2301
--- /dev/null
+++ b/share/security/patches/SA-08:10/nd6-6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkjkFuUACgkQFdaIBMps37IAVQCgiwvU/KDi5RDKjJ862AocLitN
+ICAAoI6crhGpX057bQQEg1a6otUbHB00
+=Poyj
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:10/nd6-7.patch b/share/security/patches/SA-08:10/nd6-7.patch
new file mode 100644
index 0000000000..e75f72c315
--- /dev/null
+++ b/share/security/patches/SA-08:10/nd6-7.patch
@@ -0,0 +1,87 @@
+Index: sys/netinet6/in6.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/in6.h,v
+retrieving revision 1.51.2.1
+diff -u -p -r1.51.2.1 in6.h
+--- sys/netinet6/in6.h	1 Sep 2008 19:23:04 -0000	1.51.2.1
++++ sys/netinet6/in6.h	28 Sep 2008 21:07:34 -0000
+@@ -599,7 +599,9 @@ struct ip6_mtuinfo {
+ /* New entries should be added here from current IPV6CTL_MAXID value. */
+ /* to define items, should talk with KAME guys first, for *BSD compatibility */
+ #define IPV6CTL_STEALTH		45
+-#define IPV6CTL_MAXID		46
++
++#define	ICMPV6CTL_ND6_ONLINKNSRFC4861	47
++#define IPV6CTL_MAXID		48
+ #endif /* __BSD_VISIBLE */
+ 
+ /*
+Index: sys/netinet6/in6_proto.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/in6_proto.c,v
+retrieving revision 1.46.2.2
+diff -u -p -r1.46.2.2 in6_proto.c
+--- sys/netinet6/in6_proto.c	1 Sep 2008 19:23:04 -0000	1.46.2.2
++++ sys/netinet6/in6_proto.c	28 Sep 2008 21:14:27 -0000
+@@ -394,6 +394,7 @@ time_t	ip6_log_time = (time_t)0L;
+ #ifdef IPSTEALTH
+ int	ip6stealth = 0;
+ #endif
++int	nd6_onlink_ns_rfc4861 = 0; /* allow 'on-link' nd6 NS (as in RFC 4861) */
+ 
+ /* icmp6 */
+ /*
+@@ -567,3 +568,6 @@ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_N
+ 	nd6_maxnudhint, CTLFLAG_RW,	&nd6_maxnudhint, 0, "");
+ SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_DEBUG,
+ 	nd6_debug, CTLFLAG_RW,	&nd6_debug,		0, "");
++SYSCTL_INT(_net_inet6_icmp6, ICMPV6CTL_ND6_ONLINKNSRFC4861,
++	nd6_onlink_ns_rfc4861, CTLFLAG_RW, &nd6_onlink_ns_rfc4861, 0,
++	"Accept 'on-link' nd6 NS in compliance with RFC 4861.");
+Index: sys/netinet6/nd6.h
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/nd6.h,v
+retrieving revision 1.21.2.1
+diff -u -p -r1.21.2.1 nd6.h
+--- sys/netinet6/nd6.h	1 Sep 2008 19:23:04 -0000	1.21.2.1
++++ sys/netinet6/nd6.h	28 Sep 2008 21:18:01 -0000
+@@ -339,6 +339,7 @@ extern struct llinfo_nd6 llinfo_nd6;
+ extern struct nd_drhead nd_defrouter;
+ extern struct nd_prhead nd_prefix;
+ extern int nd6_debug;
++extern int nd6_onlink_ns_rfc4861;
+ 
+ #define nd6log(x)	do { if (nd6_debug) log x; } while (/*CONSTCOND*/ 0)
+ 
+Index: sys/netinet6/nd6_nbr.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/nd6_nbr.c,v
+retrieving revision 1.47.2.2
+diff -u -p -r1.47.2.2 nd6_nbr.c
+--- sys/netinet6/nd6_nbr.c	1 Sep 2008 19:23:04 -0000	1.47.2.2
++++ sys/netinet6/nd6_nbr.c	28 Sep 2008 21:14:44 -0000
+@@ -145,6 +145,24 @@ nd6_ns_input(struct mbuf *m, int off, in
+ 			    "(wrong ip6 dst)\n"));
+ 			goto bad;
+ 		}
++	} else if (!nd6_onlink_ns_rfc4861) {
++		struct sockaddr_in6 src_sa6;
++
++		/*
++		 * According to recent IETF discussions, it is not a good idea
++		 * to accept a NS from an address which would not be deemed
++		 * to be a neighbor otherwise.  This point is expected to be
++		 * clarified in future revisions of the specification.
++		 */
++		bzero(&src_sa6, sizeof(src_sa6));
++		src_sa6.sin6_family = AF_INET6;
++		src_sa6.sin6_len = sizeof(src_sa6);
++		src_sa6.sin6_addr = saddr6;
++		if (!nd6_is_addr_neighbor(&src_sa6, ifp)) {
++			nd6log((LOG_INFO, "nd6_ns_input: "
++				"NS packet from non-neighbor\n"));
++			goto bad;
++		}
+ 	}
+ 
+ 	if (IN6_IS_ADDR_MULTICAST(&taddr6)) {
diff --git a/share/security/patches/SA-08:10/nd6-7.patch.asc b/share/security/patches/SA-08:10/nd6-7.patch.asc
new file mode 100644
index 0000000000..0e700ee243
--- /dev/null
+++ b/share/security/patches/SA-08:10/nd6-7.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkjkFuwACgkQFdaIBMps37IkigCeI00S9OHiBpzxOBq7MTMvjkjQ
+Xl0An1BrccvaJLxP3z78q7kya8uDvEeF
+=NoQk
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:11/arc4random.patch b/share/security/patches/SA-08:11/arc4random.patch
new file mode 100644
index 0000000000..31e040c633
--- /dev/null
+++ b/share/security/patches/SA-08:11/arc4random.patch
@@ -0,0 +1,81 @@
+Index: sys/dev/random/randomdev.c
+===================================================================
+--- sys/dev/random/randomdev.c	(revision 185214)
++++ sys/dev/random/randomdev.c	(working copy)
+@@ -90,6 +90,7 @@
+ 	    && (securelevel_gt(td->td_ucred, 0) == 0)) {
+ 		(*random_systat.reseed)();
+ 		random_systat.seeded = 1;
++		arc4rand(NULL, 0, 1);	/* Reseed arc4random as well. */
+ 	}
+ 
+ 	return (0);
+Index: sys/dev/random/randomdev_soft.c
+===================================================================
+--- sys/dev/random/randomdev_soft.c	(revision 185214)
++++ sys/dev/random/randomdev_soft.c	(working copy)
+@@ -61,6 +61,7 @@
+     u_int, u_int, enum esource);
+ static int random_yarrow_poll(int event,struct thread *td);
+ static int random_yarrow_block(int flag);
++static void random_yarrow_flush_reseed(void);
+ 
+ struct random_systat random_yarrow = {
+ 	.ident = "Software, Yarrow",
+@@ -70,7 +71,7 @@
+ 	.read = random_yarrow_read,
+ 	.write = random_yarrow_write,
+ 	.poll = random_yarrow_poll,
+-	.reseed = random_yarrow_reseed,
++	.reseed = random_yarrow_flush_reseed,
+ 	.seeded = 1,
+ };
+ 
+@@ -96,7 +97,7 @@
+ /* Harvested entropy */
+ static struct entropyfifo harvestfifo[ENTROPYSOURCE];
+ 
+-/* <0 to end the kthread, 0 to let it run */
++/* <0 to end the kthread, 0 to let it run, 1 to flush the harvest queues */
+ static int random_kthread_control = 0;
+ 
+ static struct proc *random_kthread_proc;
+@@ -241,7 +242,7 @@
+ 	local_count = 0;
+ 
+ 	/* Process until told to stop */
+-	for (; random_kthread_control == 0;) {
++	for (; random_kthread_control >= 0;) {
+ 
+ 		active = 0;
+ 
+@@ -276,6 +277,13 @@
+ 		KASSERT(local_count == 0, ("random_kthread: local_count %d",
+ 		    local_count));
+ 
++		/*
++		 * If a queue flush was commanded, it has now happened,
++		 * and we can mark this by resetting the command.
++		 */
++		if (random_kthread_control == 1)
++			random_kthread_control = 0;
++
+ 		/* Found nothing, so don't belabour the issue */
+ 		if (!active)
+ 			pause("-", hz / 10);
+@@ -400,3 +408,15 @@
+ 
+ 	return error;
+ }	
++
++/* Helper routine to perform explicit reseeds */
++static void
++random_yarrow_flush_reseed(void)
++{
++	/* Command a entropy queue flush and wait for it to finish */
++	random_kthread_control = 1;
++	while (random_kthread_control)
++		pause("-", hz / 10);
++
++	random_yarrow_reseed();
++}
diff --git a/share/security/patches/SA-08:11/arc4random.patch.asc b/share/security/patches/SA-08:11/arc4random.patch.asc
new file mode 100644
index 0000000000..5133da364e
--- /dev/null
+++ b/share/security/patches/SA-08:11/arc4random.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkkq57MACgkQFdaIBMps37KBUACfQoo98MtmfF6LjRDVDXcosSZ8
+tTkAnjY8ki6sJJMwJERjFE/a81OqXnuF
+=LACg
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:11/arc4random6x.patch b/share/security/patches/SA-08:11/arc4random6x.patch
new file mode 100644
index 0000000000..1fda03c8f1
--- /dev/null
+++ b/share/security/patches/SA-08:11/arc4random6x.patch
@@ -0,0 +1,81 @@
+Index: sys/dev/random/randomdev.c
+===================================================================
+--- sys/dev/random/randomdev.c	(revision 185214)
++++ sys/dev/random/randomdev.c	(working copy)
+@@ -89,6 +89,7 @@
+ 	    && (securelevel_gt(td->td_ucred, 0) == 0)) {
+ 		(*random_systat.reseed)();
+ 		random_systat.seeded = 1;
++		arc4rand(NULL, 0, 1);	/* Reseed arc4random as well. */
+ 	}
+ 
+ 	return (0);
+Index: sys/dev/random/randomdev_soft.c
+===================================================================
+--- sys/dev/random/randomdev_soft.c	(revision 185214)
++++ sys/dev/random/randomdev_soft.c	(working copy)
+@@ -61,6 +61,7 @@
+     u_int, u_int, enum esource);
+ static int random_yarrow_poll(int event,struct thread *td);
+ static int random_yarrow_block(int flag);
++static void random_yarrow_flush_reseed(void);
+ 
+ struct random_systat random_yarrow = {
+ 	.ident = "Software, Yarrow",
+@@ -70,7 +71,7 @@
+ 	.read = random_yarrow_read,
+ 	.write = random_yarrow_write,
+ 	.poll = random_yarrow_poll,
+-	.reseed = random_yarrow_reseed,
++	.reseed = random_yarrow_flush_reseed,
+ 	.seeded = 1,
+ };
+ 
+@@ -96,7 +97,7 @@
+ /* Harvested entropy */
+ static struct entropyfifo harvestfifo[ENTROPYSOURCE];
+ 
+-/* <0 to end the kthread, 0 to let it run */
++/* <0 to end the kthread, 0 to let it run, 1 to flush the harvest queues */
+ static int random_kthread_control = 0;
+ 
+ static struct proc *random_kthread_proc;
+@@ -247,7 +248,7 @@
+ 	local_count = 0;
+ 
+ 	/* Process until told to stop */
+-	for (; random_kthread_control == 0;) {
++	for (; random_kthread_control >= 0;) {
+ 
+ 		active = 0;
+ 
+@@ -282,6 +283,13 @@
+ 		KASSERT(local_count == 0, ("random_kthread: local_count %d",
+ 		    local_count));
+ 
++		/*
++		 * If a queue flush was commanded, it has now happened,
++		 * and we can mark this by resetting the command.
++		 */
++		if (random_kthread_control == 1)
++			random_kthread_control = 0;
++
+ 		/* Found nothing, so don't belabour the issue */
+ 		if (!active)
+ 			tsleep(&harvestfifo, 0, "-", hz / 10);
+@@ -406,3 +414,15 @@
+ 
+ 	return error;
+ }	
++
++/* Helper routine to perform explicit reseeds */
++static void
++random_yarrow_flush_reseed(void)
++{
++	/* Command a entropy queue flush and wait for it to finish */
++	random_kthread_control = 1;
++	while (random_kthread_control)
++		tsleep(&harvestfifo, 0, "-", hz / 10);
++
++	random_yarrow_reseed();
++}
diff --git a/share/security/patches/SA-08:11/arc4random6x.patch.asc b/share/security/patches/SA-08:11/arc4random6x.patch.asc
new file mode 100644
index 0000000000..a09731fd76
--- /dev/null
+++ b/share/security/patches/SA-08:11/arc4random6x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkkq570ACgkQFdaIBMps37LLYACfQR9CZIBmyVR9SACw81f3eKMB
+eYMAoJeurnnrAq80kqu/m4c3BSJrfoRv
+=3IHZ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:12/ftpd.patch b/share/security/patches/SA-08:12/ftpd.patch
new file mode 100644
index 0000000000..4d1370eec4
--- /dev/null
+++ b/share/security/patches/SA-08:12/ftpd.patch
@@ -0,0 +1,113 @@
+Index: libexec/ftpd/ftpcmd.y
+===================================================================
+--- libexec/ftpd/ftpcmd.y	(revision 185134)
++++ libexec/ftpd/ftpcmd.y	(working copy)
+@@ -1191,7 +1191,7 @@
+ /*
+  * getline - a hacked up version of fgets to ignore TELNET escape codes.
+  */
+-char *
++int
+ getline(char *s, int n, FILE *iop)
+ {
+ 	int c;
+@@ -1207,7 +1207,7 @@
+ 			if (ftpdebug)
+ 				syslog(LOG_DEBUG, "command: %s", s);
+ 			tmpline[0] = '\0';
+-			return(s);
++			return(0);
+ 		}
+ 		if (c == 0)
+ 			tmpline[0] = '\0';
+@@ -1244,13 +1244,24 @@
+ 			}
+ 		}
+ 		*cs++ = c;
+-		if (--n <= 0 || c == '\n')
++		if (--n <= 0) {
++			/*
++			 * If command doesn't fit into buffer, discard the
++			 * rest of the command and indicate truncation.
++			 * This prevents the command to be split up into
++			 * multiple commands.
++			 */
++			while (c != '\n' && (c = getc(iop)) != EOF)
++				;
++			return (-2);
++		}
++		if (c == '\n')
+ 			break;
+ 	}
+ got_eof:
+ 	sigprocmask(SIG_SETMASK, &osset, NULL);
+ 	if (c == EOF && cs == s)
+-		return (NULL);
++		return (-1);
+ 	*cs++ = '\0';
+ 	if (ftpdebug) {
+ 		if (!guest && strncasecmp("pass ", s, 5) == 0) {
+@@ -1270,7 +1281,7 @@
+ 			syslog(LOG_DEBUG, "command: %.*s", len, s);
+ 		}
+ 	}
+-	return (s);
++	return (0);
+ }
+ 
+ static void
+@@ -1300,9 +1311,14 @@
+ 		case CMD:
+ 			(void) signal(SIGALRM, toolong);
+ 			(void) alarm(timeout);
+-			if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) {
++			n = getline(cbuf, sizeof(cbuf)-1, stdin);
++			if (n == -1) {
+ 				reply(221, "You could at least say goodbye.");
+ 				dologout(0);
++			} else if (n == -2) {
++				reply(500, "Command too long.");
++				(void) alarm(0);
++				continue;
+ 			}
+ 			(void) alarm(0);
+ #ifdef SETPROCTITLE
+Index: libexec/ftpd/extern.h
+===================================================================
+--- libexec/ftpd/extern.h	(revision 185134)
++++ libexec/ftpd/extern.h	(working copy)
+@@ -46,7 +46,7 @@
+ void    ftpd_logwtmp(char *, char *, struct sockaddr *addr);
+ int	ftpd_pclose(FILE *);
+ FILE   *ftpd_popen(char *, char *);
+-char   *getline(char *, int, FILE *);
++int	getline(char *, int, FILE *);
+ void	lreply(int, const char *, ...) __printflike(2, 3);
+ void	makedir(char *);
+ void	nack(char *);
+Index: libexec/ftpd/ftpd.c
+===================================================================
+--- libexec/ftpd/ftpd.c	(revision 185134)
++++ libexec/ftpd/ftpd.c	(working copy)
+@@ -2794,15 +2794,20 @@
+ myoob(void)
+ {
+ 	char *cp;
++	int ret;
+ 
+ 	if (!transflag) {
+ 		syslog(LOG_ERR, "Internal: myoob() while no transfer");
+ 		return (0);
+ 	}
+ 	cp = tmpline;
+-	if (getline(cp, 7, stdin) == NULL) {
++	ret = getline(cp, 7, stdin);
++	if (ret == -1) {
+ 		reply(221, "You could at least say goodbye.");
+ 		dologout(0);
++	} else if (ret == -2) {
++		/* Ignore truncated command. */
++		return (0);
+ 	}
+ 	upper(cp);
+ 	if (strcmp(cp, "ABOR\r\n") == 0) {
diff --git a/share/security/patches/SA-08:12/ftpd.patch.asc b/share/security/patches/SA-08:12/ftpd.patch.asc
new file mode 100644
index 0000000000..694edc4d5c
--- /dev/null
+++ b/share/security/patches/SA-08:12/ftpd.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEUEABECAAYFAklQP4gACgkQFdaIBMps37JipQCYj0axRzvcQCdNzQvTmMzLZTUu
+XgCfe2b25Z7/j0gZJTQPSU5PBFrTygw=
+=wLn/
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:13/protosw.patch b/share/security/patches/SA-08:13/protosw.patch
new file mode 100644
index 0000000000..3210c46554
--- /dev/null
+++ b/share/security/patches/SA-08:13/protosw.patch
@@ -0,0 +1,23 @@
+Index: sys/kern/uipc_domain.c
+===================================================================
+--- sys/kern/uipc_domain.c	(revision 186366)
++++ sys/kern/uipc_domain.c	(working copy)
+@@ -112,13 +112,18 @@
+ 
+ #define DEFAULT(foo, bar)	if ((foo) == NULL)  (foo) = (bar)
+ 	DEFAULT(pu->pru_accept, pru_accept_notsupp);
++	DEFAULT(pu->pru_bind, pru_bind_notsupp);
+ 	DEFAULT(pu->pru_connect, pru_connect_notsupp);
+ 	DEFAULT(pu->pru_connect2, pru_connect2_notsupp);
+ 	DEFAULT(pu->pru_control, pru_control_notsupp);
++	DEFAULT(pu->pru_disconnect, pru_disconnect_notsupp);
+ 	DEFAULT(pu->pru_listen, pru_listen_notsupp);
++	DEFAULT(pu->pru_peeraddr, pru_peeraddr_notsupp);
+ 	DEFAULT(pu->pru_rcvd, pru_rcvd_notsupp);
+ 	DEFAULT(pu->pru_rcvoob, pru_rcvoob_notsupp);
+ 	DEFAULT(pu->pru_sense, pru_sense_null);
++	DEFAULT(pu->pru_shutdown, pru_shutdown_notsupp);
++	DEFAULT(pu->pru_sockaddr, pru_sockaddr_notsupp);
+ 	DEFAULT(pu->pru_sosend, sosend_generic);
+ 	DEFAULT(pu->pru_soreceive, soreceive_generic);
+ 	DEFAULT(pu->pru_sopoll, sopoll_generic);
diff --git a/share/security/patches/SA-08:13/protosw.patch.asc b/share/security/patches/SA-08:13/protosw.patch.asc
new file mode 100644
index 0000000000..4d653d2817
--- /dev/null
+++ b/share/security/patches/SA-08:13/protosw.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAklQP5EACgkQFdaIBMps37KW7QCdErWtjMQnNR0up/3o/TWKWsRO
+qgIAoIPTcoHDuhLGUjQ20FN4U92PRPJ5
+=3L8Q
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-08:13/protosw6x.patch b/share/security/patches/SA-08:13/protosw6x.patch
new file mode 100644
index 0000000000..f1a540c3e8
--- /dev/null
+++ b/share/security/patches/SA-08:13/protosw6x.patch
@@ -0,0 +1,23 @@
+Index: sys/kern/uipc_domain.c
+===================================================================
+--- sys/kern/uipc_domain.c	(revision 186366)
++++ sys/kern/uipc_domain.c	(working copy)
+@@ -112,13 +112,18 @@
+ 
+ #define DEFAULT(foo, bar)	if ((foo) == NULL)  (foo) = (bar)
+ 	DEFAULT(pu->pru_accept, pru_accept_notsupp);
++	DEFAULT(pu->pru_bind, pru_bind_notsupp);
+ 	DEFAULT(pu->pru_connect, pru_connect_notsupp);
+ 	DEFAULT(pu->pru_connect2, pru_connect2_notsupp);
+ 	DEFAULT(pu->pru_control, pru_control_notsupp);
++	DEFAULT(pu->pru_disconnect, pru_disconnect_notsupp);
+ 	DEFAULT(pu->pru_listen, pru_listen_notsupp);
++	DEFAULT(pu->pru_peeraddr, pru_peeraddr_notsupp);
+ 	DEFAULT(pu->pru_rcvd, pru_rcvd_notsupp);
+ 	DEFAULT(pu->pru_rcvoob, pru_rcvoob_notsupp);
+ 	DEFAULT(pu->pru_sense, pru_sense_null);
++	DEFAULT(pu->pru_shutdown, pru_shutdown_notsupp);
++	DEFAULT(pu->pru_sockaddr, pru_sockaddr_notsupp);
+ 	DEFAULT(pu->pru_sosend, sosend);
+ 	DEFAULT(pu->pru_soreceive, soreceive);
+ 	DEFAULT(pu->pru_sopoll, sopoll);
diff --git a/share/security/patches/SA-08:13/protosw6x.patch.asc b/share/security/patches/SA-08:13/protosw6x.patch.asc
new file mode 100644
index 0000000000..907166e5bf
--- /dev/null
+++ b/share/security/patches/SA-08:13/protosw6x.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAklQP54ACgkQFdaIBMps37Ji3ACfZ+Og9J9JA0aE5IfUIxp9VccH
+oZQAoJiCZgq3OtsHnUYGl09k16fQp7CV
+=lSFP
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:01/lukemftpd.patch b/share/security/patches/SA-09:01/lukemftpd.patch
new file mode 100644
index 0000000000..f49b0d3c5d
--- /dev/null
+++ b/share/security/patches/SA-09:01/lukemftpd.patch
@@ -0,0 +1,135 @@
+Index: contrib/lukemftpd/src/ftpcmd.y
+===================================================================
+--- contrib/lukemftpd/src/ftpcmd.y	(revision 186403)
++++ contrib/lukemftpd/src/ftpcmd.y	(working copy)
+@@ -1363,8 +1363,12 @@
+ 
+ /*
+  * getline - a hacked up version of fgets to ignore TELNET escape codes.
++ *	`s' is the buffer to read into.
++ *	`n' is the 1 less than the size of the buffer, to allow trailing NUL
++ *	`iop' is the FILE to read from.
++ *	Returns 0 on success, -1 on EOF, -2 if the command was too long.
+  */
+-char *
++int
+ getline(char *s, int n, FILE *iop)
+ {
+ 	int c;
+@@ -1379,7 +1383,7 @@
+ 			if (ftpd_debug)
+ 				syslog(LOG_DEBUG, "command: %s", s);
+ 			tmpline[0] = '\0';
+-			return(s);
++			return(0);
+ 		}
+ 		if (c == 0)
+ 			tmpline[0] = '\0';
+@@ -1418,11 +1422,25 @@
+ 		    }
+ 		}
+ 		*cs++ = c;
+-		if (--n <= 0 || c == '\n')
++		if (--n <= 0) {
++			/*
++			 * If command doesn't fit into buffer, discard the
++			 * rest of the command and indicate truncation.
++			 * This prevents the command to be split up into
++			 * multiple commands.
++			 */
++			if (ftpd_debug)
++				syslog(LOG_DEBUG,
++				    "command too long, last char: %d", c);
++			while (c != '\n' && (c = getc(iop)) != EOF)
++				continue;
++			return (-2);
++		}
++		if (c == '\n')
+ 			break;
+ 	}
+ 	if (c == EOF && cs == s)
+-		return (NULL);
++		return (-1);
+ 	*cs++ = '\0';
+ 	if (ftpd_debug) {
+ 		if ((curclass.type != CLASS_GUEST &&
+@@ -1444,7 +1462,7 @@
+ 			syslog(LOG_DEBUG, "command: %.*s", len, s);
+ 		}
+ 	}
+-	return (s);
++	return (0);
+ }
+ 
+ void
+@@ -1458,15 +1476,20 @@
+ void
+ ftp_loop(void)
+ {
++	int ret;
+ 
+ 	while (1) {
+ 		(void) alarm(curclass.timeout);
+-		if (getline(cbuf, sizeof(cbuf)-1, stdin) == NULL) {
++		ret = getline(cbuf, sizeof(cbuf)-1, stdin);
++		(void) alarm(0);
++		if (ret == -1) {
+ 			reply(221, "You could at least say goodbye.");
+ 			dologout(0);
++		} else if (ret == -2) {
++			reply(500, "Command too long.");
++		} else {
++			ftp_handle_line(cbuf);
+ 		}
+-		(void) alarm(0);
+-		ftp_handle_line(cbuf);
+ 	}
+ 	/*NOTREACHED*/
+ }
+Index: contrib/lukemftpd/src/extern.h
+===================================================================
+--- contrib/lukemftpd/src/extern.h	(revision 186403)
++++ contrib/lukemftpd/src/extern.h	(working copy)
+@@ -139,7 +139,7 @@
+ void	format_path(char *, const char *);
+ int	ftpd_pclose(FILE *);
+ FILE   *ftpd_popen(char *[], const char *, int);
+-char   *getline(char *, int, FILE *);
++int	getline(char *, int, FILE *);
+ void	init_curclass(void);
+ void	logxfer(const char *, off_t, const char *, const char *,
+ 	    const struct timeval *, const char *);
+Index: contrib/lukemftpd/src/ftpd.c
+===================================================================
+--- contrib/lukemftpd/src/ftpd.c	(revision 186403)
++++ contrib/lukemftpd/src/ftpd.c	(working copy)
+@@ -1,4 +1,4 @@
+-/*	$NetBSD: ftpd.c,v 1.176 2006/05/09 20:18:06 mrg Exp $	*/
++/*	$NetBSD: ftpd.c,v 1.187 2008/09/13 03:30:35 lukem Exp $	*/
+ 
+ /*
+  * Copyright (c) 1997-2004 The NetBSD Foundation, Inc.
+@@ -2896,6 +2896,7 @@
+ handleoobcmd()
+ {
+ 	char *cp;
++	int ret;
+ 
+ 	if (!urgflag)
+ 		return (0);
+@@ -2904,9 +2905,14 @@
+ 	if (!transflag)
+ 		return (0);
+ 	cp = tmpline;
+-	if (getline(cp, sizeof(tmpline), stdin) == NULL) {
++	ret = getline(cp, sizeof(tmpline)-1, stdin);
++	if (ret == -1) {
+ 		reply(221, "You could at least say goodbye.");
+ 		dologout(0);
++	} else if (ret == -2) {
++		/* Ignore truncated command */
++		/* XXX: abort xfer with "500 command too long", & return 1 ? */
++		return 0;
+ 	}
+ 		/*
+ 		 * Manually parse OOB commands, because we can't
diff --git a/share/security/patches/SA-09:01/lukemftpd.patch.asc b/share/security/patches/SA-09:01/lukemftpd.patch.asc
new file mode 100644
index 0000000000..8a996cf870
--- /dev/null
+++ b/share/security/patches/SA-09:01/lukemftpd.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQBJZR5+FdaIBMps37IRAsamAKCC4HSbA6K1mS/0ckj3+lSzvGtFcQCfSakO
+IZno745wfotdhlm9akRe+LY=
+=+1Pu
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:02/openssl.patch b/share/security/patches/SA-09:02/openssl.patch
new file mode 100644
index 0000000000..4cd3a4fd24
--- /dev/null
+++ b/share/security/patches/SA-09:02/openssl.patch
@@ -0,0 +1,149 @@
+Index: crypto/openssl/apps/speed.c
+===================================================================
+--- crypto/openssl/apps/speed.c	(revision 186740)
++++ crypto/openssl/apps/speed.c	(working copy)
+@@ -2038,7 +2038,7 @@
+ 				{
+ 				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
+ 					rsa_num, rsa_key[j]);
+-				if (ret == 0)
++				if (ret <= 0)
+ 					{
+ 					BIO_printf(bio_err,
+ 						"RSA verify failure\n");
+Index: crypto/openssl/apps/verify.c
+===================================================================
+--- crypto/openssl/apps/verify.c	(revision 186740)
++++ crypto/openssl/apps/verify.c	(working copy)
+@@ -266,7 +266,7 @@
+ 
+ 	ret=0;
+ end:
+-	if (i)
++	if (i > 0)
+ 		{
+ 		fprintf(stdout,"OK\n");
+ 		ret=1;
+@@ -367,4 +367,3 @@
+ 		ERR_clear_error();
+ 	return(ok);
+ 	}
+-
+Index: crypto/openssl/apps/x509.c
+===================================================================
+--- crypto/openssl/apps/x509.c	(revision 186740)
++++ crypto/openssl/apps/x509.c	(working copy)
+@@ -1144,7 +1144,7 @@
+ 	/* NOTE: this certificate can/should be self signed, unless it was
+ 	 * a certificate request in which case it is not. */
+ 	X509_STORE_CTX_set_cert(&xsc,x);
+-	if (!reqfile && !X509_verify_cert(&xsc))
++	if (!reqfile && X509_verify_cert(&xsc) <= 0)
+ 		goto end;
+ 
+ 	if (!X509_check_private_key(xca,pkey))
+Index: crypto/openssl/apps/spkac.c
+===================================================================
+--- crypto/openssl/apps/spkac.c	(revision 186740)
++++ crypto/openssl/apps/spkac.c	(working copy)
+@@ -285,7 +285,7 @@
+ 	pkey = NETSCAPE_SPKI_get_pubkey(spki);
+ 	if(verify) {
+ 		i = NETSCAPE_SPKI_verify(spki, pkey);
+-		if(i) BIO_printf(bio_err, "Signature OK\n");
++		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
+ 		else {
+ 			BIO_printf(bio_err, "Signature Failure\n");
+ 			ERR_print_errors(bio_err);
+Index: crypto/openssl/ssl/s2_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s2_srvr.c	(revision 186740)
++++ crypto/openssl/ssl/s2_srvr.c	(working copy)
+@@ -1054,7 +1054,7 @@
+ 
+ 	i=ssl_verify_cert_chain(s,sk);
+ 
+-	if (i)	/* we like the packet, now check the chksum */
++	if (i > 0)	/* we like the packet, now check the chksum */
+ 		{
+ 		EVP_MD_CTX ctx;
+ 		EVP_PKEY *pkey=NULL;
+@@ -1083,7 +1083,7 @@
+ 		EVP_PKEY_free(pkey);
+ 		EVP_MD_CTX_cleanup(&ctx);
+ 
+-		if (i) 
++		if (i > 0) 
+ 			{
+ 			if (s->session->peer != NULL)
+ 				X509_free(s->session->peer);
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s3_clnt.c	(revision 186740)
++++ crypto/openssl/ssl/s3_clnt.c	(working copy)
+@@ -883,7 +883,7 @@
+ 		}
+ 
+ 	i=ssl_verify_cert_chain(s,sk);
+-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
++	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
+ #ifndef OPENSSL_NO_KRB5
+ 	        && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+ 	        != (SSL_aKRB5|SSL_kKRB5)
+@@ -1368,7 +1368,7 @@
+ 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+ 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+ 			EVP_VerifyUpdate(&md_ctx,param,param_len);
+-			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
++			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
+ 				{
+ 				/* bad signature */
+ 				al=SSL_AD_DECRYPT_ERROR;
+@@ -1386,7 +1386,7 @@
+ 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+ 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+ 			EVP_VerifyUpdate(&md_ctx,param,param_len);
+-			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
++			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
+ 				{
+ 				/* bad signature */
+ 				al=SSL_AD_DECRYPT_ERROR;
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c	(revision 186740)
++++ crypto/openssl/ssl/s3_srvr.c	(working copy)
+@@ -2481,7 +2481,7 @@
+ 	else
+ 		{
+ 		i=ssl_verify_cert_chain(s,sk);
+-		if (!i)
++		if (i <= 0)
+ 			{
+ 			al=ssl_verify_alarm_type(s->verify_result);
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
+Index: crypto/openssl/ssl/ssltest.c
+===================================================================
+--- crypto/openssl/ssl/ssltest.c	(revision 186740)
++++ crypto/openssl/ssl/ssltest.c	(working copy)
+@@ -2072,7 +2072,7 @@
+ 
+ 	if (cb_arg->proxy_auth)
+ 		{
+-		if (ok)
++		if (ok > 0)
+ 			{
+ 			const char *cond_end = NULL;
+ 
+Index: crypto/openssl/ssl/s2_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s2_clnt.c	(revision 186740)
++++ crypto/openssl/ssl/s2_clnt.c	(working copy)
+@@ -1044,7 +1044,7 @@
+ 
+ 	i=ssl_verify_cert_chain(s,sk);
+ 		
+-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
++	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
+ 		{
+ 		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
+ 		goto err;
diff --git a/share/security/patches/SA-09:02/openssl.patch.asc b/share/security/patches/SA-09:02/openssl.patch.asc
new file mode 100644
index 0000000000..28556c4617
--- /dev/null
+++ b/share/security/patches/SA-09:02/openssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQBJZR50FdaIBMps37IRAk59AJ9jFn/ZKuq7EGOlmzXnmCYZMfnTYwCfVQ1a
+/gcdaOIWJA/ND2q3fj+JNRM=
+=Bu0F
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:02/openssl6.patch b/share/security/patches/SA-09:02/openssl6.patch
new file mode 100644
index 0000000000..fa7bdb6f13
--- /dev/null
+++ b/share/security/patches/SA-09:02/openssl6.patch
@@ -0,0 +1,127 @@
+Index: crypto/openssl/apps/speed.c
+===================================================================
+--- crypto/openssl/apps/speed.c	(revision 186750)
++++ crypto/openssl/apps/speed.c	(working copy)
+@@ -1486,7 +1486,7 @@
+ 				{
+ 				ret=RSA_verify(NID_md5_sha1, buf,36, buf2,
+ 					rsa_num, rsa_key[j]);
+-				if (ret == 0)
++				if (ret <= 0)
+ 					{
+ 					BIO_printf(bio_err,
+ 						"RSA verify failure\n");
+Index: crypto/openssl/apps/verify.c
+===================================================================
+--- crypto/openssl/apps/verify.c	(revision 186750)
++++ crypto/openssl/apps/verify.c	(working copy)
+@@ -275,7 +275,7 @@
+ 
+ 	ret=0;
+ end:
+-	if (i)
++	if (i > 0)
+ 		{
+ 		fprintf(stdout,"OK\n");
+ 		ret=1;
+@@ -365,4 +365,3 @@
+ 		ERR_clear_error();
+ 	return(ok);
+ 	}
+-
+Index: crypto/openssl/apps/x509.c
+===================================================================
+--- crypto/openssl/apps/x509.c	(revision 186750)
++++ crypto/openssl/apps/x509.c	(working copy)
+@@ -1113,7 +1113,7 @@
+ 	/* NOTE: this certificate can/should be self signed, unless it was
+ 	 * a certificate request in which case it is not. */
+ 	X509_STORE_CTX_set_cert(&xsc,x);
+-	if (!reqfile && !X509_verify_cert(&xsc))
++	if (!reqfile && X509_verify_cert(&xsc) <= 0)
+ 		goto end;
+ 
+ 	if (!X509_check_private_key(xca,pkey))
+Index: crypto/openssl/apps/spkac.c
+===================================================================
+--- crypto/openssl/apps/spkac.c	(revision 186750)
++++ crypto/openssl/apps/spkac.c	(working copy)
+@@ -284,7 +284,7 @@
+ 	pkey = NETSCAPE_SPKI_get_pubkey(spki);
+ 	if(verify) {
+ 		i = NETSCAPE_SPKI_verify(spki, pkey);
+-		if(i) BIO_printf(bio_err, "Signature OK\n");
++		if (i > 0) BIO_printf(bio_err, "Signature OK\n");
+ 		else {
+ 			BIO_printf(bio_err, "Signature Failure\n");
+ 			ERR_print_errors(bio_err);
+Index: crypto/openssl/ssl/s2_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s2_srvr.c	(revision 186750)
++++ crypto/openssl/ssl/s2_srvr.c	(working copy)
+@@ -1070,7 +1070,7 @@
+ 
+ 	i=ssl_verify_cert_chain(s,sk);
+ 
+-	if (i)	/* we like the packet, now check the chksum */
++	if (i > 0)	/* we like the packet, now check the chksum */
+ 		{
+ 		EVP_MD_CTX ctx;
+ 		EVP_PKEY *pkey=NULL;
+@@ -1099,7 +1099,7 @@
+ 		EVP_PKEY_free(pkey);
+ 		EVP_MD_CTX_cleanup(&ctx);
+ 
+-		if (i) 
++		if (i > 0) 
+ 			{
+ 			if (s->session->peer != NULL)
+ 				X509_free(s->session->peer);
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s3_clnt.c	(revision 186750)
++++ crypto/openssl/ssl/s3_clnt.c	(working copy)
+@@ -833,7 +833,7 @@
+ 		}
+ 
+ 	i=ssl_verify_cert_chain(s,sk);
+-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)
++	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0)
+ #ifndef OPENSSL_NO_KRB5
+                 && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK))
+                 != (SSL_aKRB5|SSL_kKRB5)
+@@ -1206,7 +1206,7 @@
+ 			EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE);
+ 			EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE);
+ 			EVP_VerifyUpdate(&md_ctx,param,param_len);
+-			if (!EVP_VerifyFinal(&md_ctx,p,(int)n,pkey))
++			if (EVP_VerifyFinal(&md_ctx,p,(int)n,pkey) <= 0)
+ 				{
+ 				/* bad signature */
+ 				al=SSL_AD_DECRYPT_ERROR;
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c	(revision 186750)
++++ crypto/openssl/ssl/s3_srvr.c	(working copy)
+@@ -2015,7 +2015,7 @@
+ 	else
+ 		{
+ 		i=ssl_verify_cert_chain(s,sk);
+-		if (!i)
++		if (i <= 0)
+ 			{
+ 			al=ssl_verify_alarm_type(s->verify_result);
+ 			SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_NO_CERTIFICATE_RETURNED);
+Index: crypto/openssl/ssl/s2_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s2_clnt.c	(revision 186750)
++++ crypto/openssl/ssl/s2_clnt.c	(working copy)
+@@ -1062,7 +1062,7 @@
+ 
+ 	i=ssl_verify_cert_chain(s,sk);
+ 		
+-	if ((s->verify_mode != SSL_VERIFY_NONE) && (!i))
++	if ((s->verify_mode != SSL_VERIFY_NONE) && (i <= 0))
+ 		{
+ 		SSLerr(SSL_F_SSL2_SET_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED);
+ 		goto err;
diff --git a/share/security/patches/SA-09:02/openssl6.patch.asc b/share/security/patches/SA-09:02/openssl6.patch.asc
new file mode 100644
index 0000000000..4b18089636
--- /dev/null
+++ b/share/security/patches/SA-09:02/openssl6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQBJZR53FdaIBMps37IRAjj2AJ9Nu9/kkoG8iL+kbtTk46AOxIfjwgCcDvev
+8xZ67eo9xKjkohn5sF05T+s=
+=CyZR
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:03/ntpd.patch b/share/security/patches/SA-09:03/ntpd.patch
new file mode 100644
index 0000000000..6c71193a00
--- /dev/null
+++ b/share/security/patches/SA-09:03/ntpd.patch
@@ -0,0 +1,13 @@
+Index: contrib/ntp/ntpd/ntp_crypto.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_crypto.c	(revision 186734)
++++ contrib/ntp/ntpd/ntp_crypto.c	(working copy)
+@@ -1612,7 +1612,7 @@
+ 	 */
+ 	EVP_VerifyInit(&ctx, peer->digest);
+ 	EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen + 12);
+-	if (!EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey))
++	if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen, pkey) <= 0)
+ 		return (XEVNT_SIG);
+ 
+ 	if (peer->crypto & CRYPTO_FLAG_VRFY) {
diff --git a/share/security/patches/SA-09:03/ntpd.patch.asc b/share/security/patches/SA-09:03/ntpd.patch.asc
new file mode 100644
index 0000000000..88615182af
--- /dev/null
+++ b/share/security/patches/SA-09:03/ntpd.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQBJbQalFdaIBMps37IRAnb2AJ9v/NWPjPdQCDaJZ0DgQzDR8xjC7ACgmXwn
+U20cmZlxJH66ypTa+BVfNwQ=
+=g72R
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:03/ntpd63.patch b/share/security/patches/SA-09:03/ntpd63.patch
new file mode 100644
index 0000000000..b0fb765d1d
--- /dev/null
+++ b/share/security/patches/SA-09:03/ntpd63.patch
@@ -0,0 +1,13 @@
+Index: contrib/ntp/ntpd/ntp_crypto.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_crypto.c	(revision 186798)
++++ contrib/ntp/ntpd/ntp_crypto.c	(working copy)
+@@ -1536,7 +1536,7 @@
+ 		EVP_VerifyUpdate(&ctx, (u_char *)&ep->tstamp, vallen +
+ 		    12);
+ 		if (EVP_VerifyFinal(&ctx, (u_char *)&ep->pkt[i], siglen,
+-		    pkey)) {
++		    pkey) == 1) {
+ 			if (peer->crypto & CRYPTO_FLAG_VRFY)
+ 				peer->crypto |= CRYPTO_FLAG_PROV;
+ 		} else {
diff --git a/share/security/patches/SA-09:03/ntpd63.patch.asc b/share/security/patches/SA-09:03/ntpd63.patch.asc
new file mode 100644
index 0000000000..6054073371
--- /dev/null
+++ b/share/security/patches/SA-09:03/ntpd63.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQBJbQapFdaIBMps37IRAh2ZAJ9IgmeEgADnULYupGHNvhTI//RZ3QCgmiji
+Qu/j67coHXSSYygJ6B33D3Q=
+=ZTOF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:04/bind.patch b/share/security/patches/SA-09:04/bind.patch
new file mode 100644
index 0000000000..70774f5c7f
--- /dev/null
+++ b/share/security/patches/SA-09:04/bind.patch
@@ -0,0 +1,26 @@
+Index: contrib/bind9/lib/dns/opensslrsa_link.c
+===================================================================
+--- contrib/bind9/lib/dns/opensslrsa_link.c	(revision 187056)
++++ contrib/bind9/lib/dns/opensslrsa_link.c	(working copy)
+@@ -246,7 +246,7 @@
+ 
+ 	status = RSA_verify(type, digest, digestlen, sig->base,
+ 			    RSA_size(rsa), rsa);
+-	if (status == 0)
++	if (status != 1)
+ 		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
+ 
+ 	return (ISC_R_SUCCESS);
+Index: contrib/bind9/lib/dns/openssldsa_link.c
+===================================================================
+--- contrib/bind9/lib/dns/openssldsa_link.c	(revision 187056)
++++ contrib/bind9/lib/dns/openssldsa_link.c	(working copy)
+@@ -133,7 +133,7 @@
+ 
+ 	status = DSA_do_verify(digest, ISC_SHA1_DIGESTLENGTH, dsasig, dsa);
+ 	DSA_SIG_free(dsasig);
+-	if (status == 0)
++	if (status != 1)
+ 		return (dst__openssl_toresult(DST_R_VERIFYFAILURE));
+ 
+ 	return (ISC_R_SUCCESS);
diff --git a/share/security/patches/SA-09:04/bind.patch.asc b/share/security/patches/SA-09:04/bind.patch.asc
new file mode 100644
index 0000000000..a73004cda8
--- /dev/null
+++ b/share/security/patches/SA-09:04/bind.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQBJbQavFdaIBMps37IRAs0SAJ9nLCNiwOn9SK54ym+GJ2LXOzGWSQCfYYs6
+mJZwBO95FpvK+cwr2Z10054=
+=av7q
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:05/telnetd.patch b/share/security/patches/SA-09:05/telnetd.patch
new file mode 100644
index 0000000000..fbe847b325
--- /dev/null
+++ b/share/security/patches/SA-09:05/telnetd.patch
@@ -0,0 +1,43 @@
+Index: contrib/telnet/telnetd/sys_term.c
+===================================================================
+--- contrib/telnet/telnetd/sys_term.c	(revision 188667)
++++ contrib/telnet/telnetd/sys_term.c	(working copy)
+@@ -1271,8 +1271,18 @@
+ 
+ 	char **cpp, **cpp2;
+ 	const char **p;
+- 
+- 	for (cpp2 = cpp = environ; *cpp; cpp++) {
++	char ** new_environ;
++	size_t count;
++
++	/* Allocate space for scrubbed environment. */
++	for (count = 1, cpp = environ; *cpp; count++, cpp++)
++		continue;
++	if ((new_environ = malloc(count * sizeof(char *))) == NULL) {
++		environ = NULL;
++		return;
++	}
++
++ 	for (cpp2 = new_environ, cpp = environ; *cpp; cpp++) {
+ 		int reject_it = 0;
+ 
+ 		for(p = rej; *p; p++)
+@@ -1286,10 +1296,15 @@
+ 		for(p = acc; *p; p++)
+ 			if(strncmp(*cpp, *p, strlen(*p)) == 0)
+ 				break;
+-		if(*p != NULL)
+- 			*cpp2++ = *cpp;
++		if(*p != NULL) {
++			if ((*cpp2++ = strdup(*cpp)) == NULL) {
++				environ = new_environ;
++				return;
++			}
++		}
+  	}
+ 	*cpp2 = NULL;
++	environ = new_environ;
+ }
+ 
+ /*
diff --git a/share/security/patches/SA-09:05/telnetd.patch.asc b/share/security/patches/SA-09:05/telnetd.patch.asc
new file mode 100644
index 0000000000..9f7cec8fc7
--- /dev/null
+++ b/share/security/patches/SA-09:05/telnetd.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkmZ2usACgkQFdaIBMps37JByACghwxW/lELmw/DAmBDxIk6C0d/
+gtUAniiauz3pieJShc2TjvjwFRBS0v8z
+=ctF3
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:06/ktimer.patch b/share/security/patches/SA-09:06/ktimer.patch
new file mode 100644
index 0000000000..0d20688ce0
--- /dev/null
+++ b/share/security/patches/SA-09:06/ktimer.patch
@@ -0,0 +1,14 @@
+Index: sys/kern/kern_time.c
+===================================================================
+--- sys/kern/kern_time.c	(revision 190192)
++++ sys/kern/kern_time.c	(working copy)
+@@ -1085,7 +1085,8 @@
+ 	struct itimer *it;
+ 
+ 	PROC_LOCK_ASSERT(p, MA_OWNED);
+-	if ((p->p_itimers == NULL) || (timerid >= TIMER_MAX) ||
++	if ((p->p_itimers == NULL) ||
++	    (timerid < 0) || (timerid >= TIMER_MAX) ||
+ 	    (it = p->p_itimers->its_timers[timerid]) == NULL) {
+ 		return (NULL);
+ 	}
diff --git a/share/security/patches/SA-09:06/ktimer.patch.asc b/share/security/patches/SA-09:06/ktimer.patch.asc
new file mode 100644
index 0000000000..cda77ca107
--- /dev/null
+++ b/share/security/patches/SA-09:06/ktimer.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAknG0P4ACgkQFdaIBMps37JPigCfQXiAdJ1gzf1KdCatjIKsq84v
+T0oAni8Mhx9PQ23FvRRbWeUkT1Bq1zza
+=r0So
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:07/libc.patch b/share/security/patches/SA-09:07/libc.patch
new file mode 100644
index 0000000000..ac1ac0d9e9
--- /dev/null
+++ b/share/security/patches/SA-09:07/libc.patch
@@ -0,0 +1,65 @@
+Index: lib/libc/db/btree/bt_split.c
+===================================================================
+--- lib/libc/db/btree/bt_split.c
++++ lib/libc/db/btree/bt_split.c
+@@ -372,7 +372,7 @@
+ 	}
+ 
+ 	/* Put the new left page for the split into place. */
+-	if ((l = (PAGE *)malloc(t->bt_psize)) == NULL) {
++	if ((l = (PAGE *)calloc(1, t->bt_psize)) == NULL) {
+ 		mpool_put(t->bt_mp, r, 0);
+ 		return (NULL);
+ 	}
+Index: lib/libc/db/hash/hash_buf.c
+===================================================================
+--- lib/libc/db/hash/hash_buf.c
++++ lib/libc/db/hash/hash_buf.c
+@@ -57,6 +57,7 @@
+ #include <stddef.h>
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <string.h>
+ 
+ #ifdef DEBUG
+ #include <assert.h>
+@@ -169,12 +170,12 @@
+ 	 */
+ 	if (hashp->nbufs || (bp->flags & BUF_PIN)) {
+ 		/* Allocate a new one */
+-		if ((bp = (BUFHEAD *)malloc(sizeof(BUFHEAD))) == NULL)
++		if ((bp = (BUFHEAD *)calloc(1, sizeof(BUFHEAD))) == NULL)
+ 			return (NULL);
+ #ifdef PURIFY
+ 		memset(bp, 0xff, sizeof(BUFHEAD));
+ #endif
+-		if ((bp->page = (char *)malloc(hashp->BSIZE)) == NULL) {
++		if ((bp->page = (char *)calloc(1, hashp->BSIZE)) == NULL) {
+ 			free(bp);
+ 			return (NULL);
+ 		}
+@@ -319,8 +314,10 @@
+ 		}
+ 		/* Check if we are freeing stuff */
+ 		if (do_free) {
+-			if (bp->page)
++			if (bp->page) {
++				(void)memset(bp->page, 0, hashp->BSIZE);
+ 				free(bp->page);
++			}
+ 			BUF_REMOVE(bp);
+ 			free(bp);
+ 			bp = LRU;
+Index: lib/libc/db/mpool/mpool.c
+===================================================================
+--- lib/libc/db/mpool/mpool.c
++++ lib/libc/db/mpool/mpool.c
+@@ -332,7 +332,7 @@
+ 			return (bp);
+ 		}
+ 
+-new:	if ((bp = (BKT *)malloc(sizeof(BKT) + mp->pagesize)) == NULL)
++new:	if ((bp = (BKT *)calloc(1, sizeof(BKT) + mp->pagesize)) == NULL)
+ 		return (NULL);
+ #ifdef STATISTICS
+ 	++mp->pagealloc;
diff --git a/share/security/patches/SA-09:07/libc.patch.asc b/share/security/patches/SA-09:07/libc.patch.asc
new file mode 100644
index 0000000000..2e97c5ff97
--- /dev/null
+++ b/share/security/patches/SA-09:07/libc.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAknvJoYACgkQFdaIBMps37KelQCgkhMIqvoA2VUzd3mqQUbnGOv1
+CY8AoJq5PsPo/yOIIlLfZJBsfXcwTxQo
+=7URs
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:08/openssl.patch b/share/security/patches/SA-09:08/openssl.patch
new file mode 100644
index 0000000000..33a9fdce82
--- /dev/null
+++ b/share/security/patches/SA-09:08/openssl.patch
@@ -0,0 +1,63 @@
+Index: crypto/openssl/crypto/asn1/asn1_err.c
+===================================================================
+--- crypto/openssl/crypto/asn1/asn1_err.c	(revision 191346)
++++ crypto/openssl/crypto/asn1/asn1_err.c	(working copy)
+@@ -188,6 +188,7 @@
+ {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER)    ,"bad object header"},
+ {ERR_REASON(ASN1_R_BAD_PASSWORD_READ)    ,"bad password read"},
+ {ERR_REASON(ASN1_R_BAD_TAG)              ,"bad tag"},
++{ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH),"bmpstring is wrong length"},
+ {ERR_REASON(ASN1_R_BN_LIB)               ,"bn lib"},
+ {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH),"boolean is wrong length"},
+ {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL)     ,"buffer too small"},
+@@ -267,6 +268,7 @@
+ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY),"unable to decode rsa key"},
+ {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY),"unable to decode rsa private key"},
+ {ERR_REASON(ASN1_R_UNEXPECTED_EOC)       ,"unexpected eoc"},
++{ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH),"universalstring is wrong length"},
+ {ERR_REASON(ASN1_R_UNKNOWN_FORMAT)       ,"unknown format"},
+ {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM),"unknown message digest algorithm"},
+ {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE)  ,"unknown object type"},
+Index: crypto/openssl/crypto/asn1/tasn_dec.c
+===================================================================
+--- crypto/openssl/crypto/asn1/tasn_dec.c	(revision 191346)
++++ crypto/openssl/crypto/asn1/tasn_dec.c	(working copy)
+@@ -1012,6 +1012,18 @@
+ 		case V_ASN1_SET:
+ 		case V_ASN1_SEQUENCE:
+ 		default:
++		if (utype == V_ASN1_BMPSTRING && (len & 1))
++			{
++			ASN1err(ASN1_F_ASN1_EX_C2I,
++					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
++			goto err;
++			}
++		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
++			{
++			ASN1err(ASN1_F_ASN1_EX_C2I,
++					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
++			goto err;
++			}
+ 		/* All based on ASN1_STRING and handled the same */
+ 		if (!*pval)
+ 			{
+Index: crypto/openssl/crypto/asn1/asn1.h
+===================================================================
+--- crypto/openssl/crypto/asn1/asn1.h	(revision 191346)
++++ crypto/openssl/crypto/asn1/asn1.h	(working copy)
+@@ -1134,6 +1134,7 @@
+ #define ASN1_R_BAD_OBJECT_HEADER			 102
+ #define ASN1_R_BAD_PASSWORD_READ			 103
+ #define ASN1_R_BAD_TAG					 104
++#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 210
+ #define ASN1_R_BN_LIB					 105
+ #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
+ #define ASN1_R_BUFFER_TOO_SMALL				 107
+@@ -1213,6 +1214,7 @@
+ #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
+ #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
+ #define ASN1_R_UNEXPECTED_EOC				 159
++#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 211
+ #define ASN1_R_UNKNOWN_FORMAT				 160
+ #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
+ #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
diff --git a/share/security/patches/SA-09:08/openssl.patch.asc b/share/security/patches/SA-09:08/openssl.patch.asc
new file mode 100644
index 0000000000..31c920b43b
--- /dev/null
+++ b/share/security/patches/SA-09:08/openssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAknvJnEACgkQFdaIBMps37LKFwCfR2irbA1zGXDNXvO8Q134wQHX
+S94AoIFMEJpK0ltQE+CMdiLcDCxkQDdx
+=c7CM
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:08/openssl6.patch b/share/security/patches/SA-09:08/openssl6.patch
new file mode 100644
index 0000000000..14274a3c24
--- /dev/null
+++ b/share/security/patches/SA-09:08/openssl6.patch
@@ -0,0 +1,63 @@
+Index: crypto/openssl/crypto/asn1/tasn_dec.c
+===================================================================
+--- crypto/openssl/crypto/asn1/tasn_dec.c	(revision 191353)
++++ crypto/openssl/crypto/asn1/tasn_dec.c	(working copy)
+@@ -768,6 +768,18 @@
+ 		case V_ASN1_SET:
+ 		case V_ASN1_SEQUENCE:
+ 		default:
++		if (utype == V_ASN1_BMPSTRING && (len & 1))
++			{
++			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
++					ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
++			goto err;
++			}
++		if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
++			{
++			ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
++					ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
++			goto err;
++			}
+ 		/* All based on ASN1_STRING and handled the same */
+ 		if(!*pval) {
+ 			stmp = ASN1_STRING_type_new(utype);
+Index: crypto/openssl/crypto/asn1/asn1.h
+===================================================================
+--- crypto/openssl/crypto/asn1/asn1.h	(revision 191353)
++++ crypto/openssl/crypto/asn1/asn1.h	(working copy)
+@@ -1030,6 +1030,7 @@
+ #define ASN1_R_BAD_OBJECT_HEADER			 102
+ #define ASN1_R_BAD_PASSWORD_READ			 103
+ #define ASN1_R_BAD_TAG					 104
++#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH		 210
+ #define ASN1_R_BN_LIB					 105
+ #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH			 106
+ #define ASN1_R_BUFFER_TOO_SMALL				 107
+@@ -1088,6 +1089,7 @@
+ #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY			 157
+ #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY		 158
+ #define ASN1_R_UNEXPECTED_EOC				 159
++#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH		 211
+ #define ASN1_R_UNKNOWN_FORMAT				 160
+ #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM		 161
+ #define ASN1_R_UNKNOWN_OBJECT_TYPE			 162
+Index: crypto/openssl/crypto/asn1/asn1_err.c
+===================================================================
+--- crypto/openssl/crypto/asn1/asn1_err.c	(revision 191353)
++++ crypto/openssl/crypto/asn1/asn1_err.c	(working copy)
+@@ -153,6 +153,7 @@
+ {ASN1_R_BAD_OBJECT_HEADER                ,"bad object header"},
+ {ASN1_R_BAD_PASSWORD_READ                ,"bad password read"},
+ {ASN1_R_BAD_TAG                          ,"bad tag"},
++{ASN1_R_BMPSTRING_IS_WRONG_LENGTH        ,"bmpstring is wrong length"},
+ {ASN1_R_BN_LIB                           ,"bn lib"},
+ {ASN1_R_BOOLEAN_IS_WRONG_LENGTH          ,"boolean is wrong length"},
+ {ASN1_R_BUFFER_TOO_SMALL                 ,"buffer too small"},
+@@ -211,6 +212,7 @@
+ {ASN1_R_UNABLE_TO_DECODE_RSA_KEY         ,"unable to decode rsa key"},
+ {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"},
+ {ASN1_R_UNEXPECTED_EOC                   ,"unexpected eoc"},
++{ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH  ,"universalstring is wrong length"},
+ {ASN1_R_UNKNOWN_FORMAT                   ,"unknown format"},
+ {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"},
+ {ASN1_R_UNKNOWN_OBJECT_TYPE              ,"unknown object type"},
diff --git a/share/security/patches/SA-09:08/openssl6.patch.asc b/share/security/patches/SA-09:08/openssl6.patch.asc
new file mode 100644
index 0000000000..e170b1beed
--- /dev/null
+++ b/share/security/patches/SA-09:08/openssl6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAknvJn4ACgkQFdaIBMps37LatACcCESpaCXyFQP2KQPoe1AhFtKr
+09cAnivuvQQ7vq5C8NGjr1ZlmERvxscv
+=Xr5+
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:09/pipe.patch b/share/security/patches/SA-09:09/pipe.patch
new file mode 100644
index 0000000000..c21081981c
--- /dev/null
+++ b/share/security/patches/SA-09:09/pipe.patch
@@ -0,0 +1,16 @@
+Index: sys/kern/sys_pipe.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/sys_pipe.c,v
+retrieving revision 1.201
+diff -p -u -I__FBSDID -I$FreeBSD -r1.201 sys_pipe.c
+--- sys/kern/sys_pipe.c	10 Mar 2009 21:28:43 -0000	1.201
++++ sys/kern/sys_pipe.c	5 Jun 2009 07:53:01 -0000
+@@ -761,6 +761,8 @@ pipe_build_write_buffer(wpipe, uio)
+ 	pmap = vmspace_pmap(curproc->p_vmspace);
+ 	endaddr = round_page((vm_offset_t)uio->uio_iov->iov_base + size);
+ 	addr = trunc_page((vm_offset_t)uio->uio_iov->iov_base);
++	if (endaddr < addr)
++		return (EFAULT);
+ 	for (i = 0; addr < endaddr; addr += PAGE_SIZE, i++) {
+ 		/*
+ 		 * vm_fault_quick() can sleep.  Consequently,
diff --git a/share/security/patches/SA-09:09/pipe.patch.asc b/share/security/patches/SA-09:09/pipe.patch.asc
new file mode 100644
index 0000000000..b51c316c5f
--- /dev/null
+++ b/share/security/patches/SA-09:09/pipe.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkovjIsACgkQFdaIBMps37LsjACghmQy0HZBiLanuiz7smBLycsa
+G9cAn1KnGGkgukCsPKZxpa/kDD/eJaaS
+=D/YQ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:10/ipv6-6.patch b/share/security/patches/SA-09:10/ipv6-6.patch
new file mode 100644
index 0000000000..00f1ab159e
--- /dev/null
+++ b/share/security/patches/SA-09:10/ipv6-6.patch
@@ -0,0 +1,21 @@
+Index: sys/netinet6/in6.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/in6.c,v
+retrieving revision 1.51.2.12
+diff -p -u -I__FBSDID -I$FreeBSD -r1.51.2.12 in6.c
+--- sys/netinet6/in6.c	1 Sep 2008 22:57:56 -0000	1.51.2.12
++++ sys/netinet6/in6.c	9 Jun 2009 11:45:22 -0000
+@@ -359,12 +359,12 @@ in6_control(so, cmd, data, ifp, td)
+ 	case SIOCSRTRFLUSH_IN6:
+ 	case SIOCSDEFIFACE_IN6:
+ 	case SIOCSIFINFO_FLAGS:
++	case SIOCSIFINFO_IN6:
+ 		if (!privileged)
+ 			return (EPERM);
+ 		/* FALLTHROUGH */
+ 	case OSIOCGIFINFO_IN6:
+ 	case SIOCGIFINFO_IN6:
+-	case SIOCSIFINFO_IN6:
+ 	case SIOCGDRLST_IN6:
+ 	case SIOCGPRLST_IN6:
+ 	case SIOCGNBRINFO_IN6:
diff --git a/share/security/patches/SA-09:10/ipv6-6.patch.asc b/share/security/patches/SA-09:10/ipv6-6.patch.asc
new file mode 100644
index 0000000000..9e8b71a722
--- /dev/null
+++ b/share/security/patches/SA-09:10/ipv6-6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkovjLAACgkQFdaIBMps37JZYwCfRpxQSx61jLi3rQ1HoQ2SBBA4
+nugAoJSfEunvnb5TRi3Tou65N7AZb/i6
+=0tig
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:10/ipv6.patch b/share/security/patches/SA-09:10/ipv6.patch
new file mode 100644
index 0000000000..73200ec7e4
--- /dev/null
+++ b/share/security/patches/SA-09:10/ipv6.patch
@@ -0,0 +1,23 @@
+Index: sys/netinet6/in6.c
+===================================================================
+RCS file: /home/ncvs/src/sys/netinet6/in6.c,v
+retrieving revision 1.109
+diff -p -u -I__FBSDID -I$FreeBSD -u -r1.109 in6.c
+--- sys/netinet6/in6.c	27 May 2009 14:11:23 -0000	1.109
++++ sys/netinet6/in6.c	8 Jun 2009 18:02:59 -0000
+@@ -215,6 +215,7 @@ in6_control(struct socket *so, u_long cm
+ 	case SIOCSRTRFLUSH_IN6:
+ 	case SIOCSDEFIFACE_IN6:
+ 	case SIOCSIFINFO_FLAGS:
++	case SIOCSIFINFO_IN6:
+ 		if (td != NULL) {
+ 			error = priv_check(td, PRIV_NETINET_ND6);
+ 			if (error)
+@@ -223,7 +224,6 @@ in6_control(struct socket *so, u_long cm
+ 		/* FALLTHROUGH */
+ 	case OSIOCGIFINFO_IN6:
+ 	case SIOCGIFINFO_IN6:
+-	case SIOCSIFINFO_IN6:
+ 	case SIOCGDRLST_IN6:
+ 	case SIOCGPRLST_IN6:
+ 	case SIOCGNBRINFO_IN6:
diff --git a/share/security/patches/SA-09:10/ipv6.patch.asc b/share/security/patches/SA-09:10/ipv6.patch.asc
new file mode 100644
index 0000000000..d56bfc5070
--- /dev/null
+++ b/share/security/patches/SA-09:10/ipv6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkovjKgACgkQFdaIBMps37JITwCcDzq4EQCEV3rCdiko6AdrGmJ8
+SaYAoJYLuhkd2w4ZyUIh+0FMgu/5q8p4
+=x39f
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:11/ntpd.patch b/share/security/patches/SA-09:11/ntpd.patch
new file mode 100644
index 0000000000..6bab0de059
--- /dev/null
+++ b/share/security/patches/SA-09:11/ntpd.patch
@@ -0,0 +1,155 @@
+Index: contrib/ntp/ntpd/ntp_crypto.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_crypto.c	(revision 192562)
++++ contrib/ntp/ntpd/ntp_crypto.c	(working copy)
+@@ -570,7 +570,7 @@
+ 			peer->issuer = emalloc(vallen + 1);
+ 			strcpy(peer->issuer, peer->subject);
+ 			temp32 = (fstamp >> 16) & 0xffff;
+-			sprintf(statstr,
++			snprintf(statstr, NTP_MAXSTRLEN,
+ 			    "flags 0x%x host %s signature %s", fstamp,
+ 			    peer->subject, OBJ_nid2ln(temp32));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+@@ -636,7 +636,8 @@
+ 			}
+ 			peer->flash &= ~TEST8;
+ 			temp32 = cinfo->nid;
+-			sprintf(statstr, "cert %s 0x%x %s (%u) fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN,
++			    "cert %s 0x%x %s (%u) fs %u",
+ 			    cinfo->subject, cinfo->flags,
+ 			    OBJ_nid2ln(temp32), temp32,
+ 			    ntohl(ep->fstamp));
+@@ -685,7 +686,7 @@
+ 			peer->crypto |= CRYPTO_FLAG_VRFY |
+ 			    CRYPTO_FLAG_PROV;
+ 			peer->flash &= ~TEST8;
+-			sprintf(statstr, "iff fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "iff fs %u",
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+ #ifdef DEBUG
+@@ -733,7 +734,7 @@
+ 			peer->crypto |= CRYPTO_FLAG_VRFY |
+ 			    CRYPTO_FLAG_PROV;
+ 			peer->flash &= ~TEST8;
+-			sprintf(statstr, "gq fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "gq fs %u",
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+ #ifdef DEBUG
+@@ -774,7 +775,7 @@
+ 			peer->crypto |= CRYPTO_FLAG_VRFY |
+ 			    CRYPTO_FLAG_PROV;
+ 			peer->flash &= ~TEST8;
+-			sprintf(statstr, "mv fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "mv fs %u",
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+ #ifdef DEBUG
+@@ -828,7 +829,7 @@
+ 			peer->crypto &= ~CRYPTO_FLAG_AUTO;
+ 			peer->crypto |= CRYPTO_FLAG_AGREE;
+ 			peer->flash &= ~TEST8;
+-			sprintf(statstr, "cook %x ts %u fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "cook %x ts %u fs %u",
+ 			    peer->pcookie, ntohl(ep->tstamp),
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+@@ -893,7 +894,7 @@
+ 				peer->crypto &= ~CRYPTO_FLAG_AUTO;
+ 			peer->crypto |= CRYPTO_FLAG_AGREE;
+ 			peer->flash &= ~TEST8;
+-			sprintf(statstr, "cook %x ts %u fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "cook %x ts %u fs %u",
+ 			    peer->pcookie, ntohl(ep->tstamp),
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+@@ -944,7 +945,7 @@
+ 			peer->pkeyid = bp->key;
+ 			peer->crypto |= CRYPTO_FLAG_AUTO;
+ 			peer->flash &= ~TEST8;
+-			sprintf(statstr,
++			snprintf(statstr, NTP_MAXSTRLEN,
+ 			    "auto seq %d key %x ts %u fs %u", bp->seq,
+ 			    bp->key, ntohl(ep->tstamp),
+ 			    ntohl(ep->fstamp));
+@@ -987,7 +988,8 @@
+ 			peer->crypto |= CRYPTO_FLAG_SIGN;
+ 			peer->flash &= ~TEST8;
+ 			temp32 = cinfo->nid;
+-			sprintf(statstr, "sign %s 0x%x %s (%u) fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN,
++			    "sign %s 0x%x %s (%u) fs %u",
+ 			    cinfo->issuer, cinfo->flags,
+ 			    OBJ_nid2ln(temp32), temp32,
+ 			    ntohl(ep->fstamp));
+@@ -1071,7 +1073,8 @@
+ 			crypto_flags |= CRYPTO_FLAG_TAI;
+ 			peer->crypto |= CRYPTO_FLAG_LEAP;
+ 			peer->flash &= ~TEST8;
+-			sprintf(statstr, "leap %u ts %u fs %u", vallen,
++			snprintf(statstr, NTP_MAXSTRLEN,
++			    "leap %u ts %u fs %u", vallen,
+ 			    ntohl(ep->tstamp), ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+ #ifdef DEBUG
+@@ -1127,7 +1130,7 @@
+ 		 * cheerfully ignored, as the message is not sent.
+ 		 */
+ 		if (rval > XEVNT_TSP) {
+-			sprintf(statstr,
++			snprintf(statstr, NTP_MAXSTRLEN,
+ 			    "error %x opcode %x ts %u fs %u", rval,
+ 			    code, tstamp, fstamp);
+ 			record_crypto_stats(&peer->srcadr, statstr);
+@@ -1453,7 +1456,8 @@
+ 	 */
+ 	if (rval != XEVNT_OK) {
+ 		opcode |= CRYPTO_ERROR;
+-		sprintf(statstr, "error %x opcode %x", rval, opcode);
++		snprintf(statstr, NTP_MAXSTRLEN,
++		    "error %x opcode %x", rval, opcode);
+ 		record_crypto_stats(srcadr_sin, statstr);
+ 		report_event(rval, NULL);
+ #ifdef DEBUG
+@@ -1952,7 +1956,8 @@
+ 		if (EVP_SignFinal(&ctx, tai_leap.sig, &len, sign_pkey))
+ 			tai_leap.siglen = htonl(len);
+ 	}
+-	sprintf(statstr, "update ts %u", ntohl(hostval.tstamp)); 
++	snprintf(statstr, NTP_MAXSTRLEN,
++	    "update ts %u", ntohl(hostval.tstamp)); 
+ 	record_crypto_stats(NULL, statstr);
+ #ifdef DEBUG
+ 	if (debug)
+@@ -3606,7 +3611,7 @@
+ 	 */
+ 	if ((ptr = strrchr(linkname, '\n')) != NULL)
+ 		*ptr = '\0'; 
+-	sprintf(statstr, "%s mod %d", &linkname[2],
++	snprintf(statstr, NTP_MAXSTRLEN, "%s mod %d", &linkname[2],
+ 	    EVP_PKEY_size(pkey) * 8);
+ 	record_crypto_stats(NULL, statstr);
+ #ifdef DEBUG
+@@ -3715,8 +3720,8 @@
+ 
+ 	if ((ptr = strrchr(linkname, '\n')) != NULL)
+ 		*ptr = '\0'; 
+-	sprintf(statstr, "%s 0x%x len %lu", &linkname[2], ret->flags,
+-	    len);
++	snprintf(statstr, NTP_MAXSTRLEN,
++	    "%s 0x%x len %lu", &linkname[2], ret->flags, len);
+ 	record_crypto_stats(NULL, statstr);
+ #ifdef DEBUG
+ 	if (debug)
+@@ -3832,7 +3837,7 @@
+ 	for (j = 0; j < i; j++)
+ 		*ptr++ = htonl(leapsec[j]);
+ 	crypto_flags |= CRYPTO_FLAG_TAI;
+-	sprintf(statstr, "%s fs %u leap %u len %u", cp, fstamp,
++	snprintf(statstr, NTP_MAXSTRLEN, "%s fs %u leap %u len %u", cp, fstamp,
+ 	   leapsec[--j], len);
+ 	record_crypto_stats(NULL, statstr);
+ #ifdef DEBUG
diff --git a/share/security/patches/SA-09:11/ntpd.patch.asc b/share/security/patches/SA-09:11/ntpd.patch.asc
new file mode 100644
index 0000000000..638aa5926c
--- /dev/null
+++ b/share/security/patches/SA-09:11/ntpd.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkovjLkACgkQFdaIBMps37LwWQCeOOmFfQFI3KaKOBw6yml5UM83
+gyUAn1OlTCEgcWsYwrPLRXGz79qKVS3M
+=YOKP
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:11/ntpd63.patch b/share/security/patches/SA-09:11/ntpd63.patch
new file mode 100644
index 0000000000..3dd3cbc221
--- /dev/null
+++ b/share/security/patches/SA-09:11/ntpd63.patch
@@ -0,0 +1,153 @@
+Index: contrib/ntp/ntpd/ntp_crypto.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_crypto.c	(revision 193283)
++++ contrib/ntp/ntpd/ntp_crypto.c	(working copy)
+@@ -534,7 +534,7 @@
+ 			peer->issuer = emalloc(vallen + 1);
+ 			strcpy(peer->issuer, peer->subject);
+ 			temp32 = (fstamp >> 16) & 0xffff;
+-			sprintf(statstr,
++			snprintf(statstr, NTP_MAXSTRLEN,
+ 			    "flags 0x%x host %s signature %s", fstamp,
+ 			    peer->subject, OBJ_nid2ln(temp32));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+@@ -604,7 +604,8 @@
+ 			}
+ 			peer->flash &= ~TEST10;
+ 			temp32 = cinfo->nid;
+-			sprintf(statstr, "cert %s 0x%x %s (%u) fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN,
++			    "cert %s 0x%x %s (%u) fs %u",
+ 			    cinfo->subject, cinfo->flags,
+ 			    OBJ_nid2ln(temp32), temp32,
+ 			    ntohl(ep->fstamp));
+@@ -652,7 +653,7 @@
+ 			peer->crypto |= CRYPTO_FLAG_VRFY |
+ 			    CRYPTO_FLAG_PROV;
+ 			peer->flash &= ~TEST10;
+-			sprintf(statstr, "iff fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "iff fs %u",
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+ #ifdef DEBUG
+@@ -699,7 +700,7 @@
+ 			peer->crypto |= CRYPTO_FLAG_VRFY |
+ 			    CRYPTO_FLAG_PROV;
+ 			peer->flash &= ~TEST10;
+-			sprintf(statstr, "gq fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "gq fs %u",
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+ #ifdef DEBUG
+@@ -739,7 +740,7 @@
+ 			peer->crypto |= CRYPTO_FLAG_VRFY |
+ 			    CRYPTO_FLAG_PROV;
+ 			peer->flash &= ~TEST10;
+-			sprintf(statstr, "mv fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "mv fs %u",
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+ #ifdef DEBUG
+@@ -778,7 +779,7 @@
+ 			peer->crypto |= CRYPTO_FLAG_SIGN;
+ 			peer->flash &= ~TEST10;
+ 			temp32 = cinfo->nid;
+-			sprintf(statstr, "sign %s 0x%x %s (%u) fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "sign %s 0x%x %s (%u) fs %u",
+ 			    cinfo->issuer, cinfo->flags,
+ 			    OBJ_nid2ln(temp32), temp32,
+ 			    ntohl(ep->fstamp));
+@@ -833,7 +834,7 @@
+ 			peer->crypto &= ~CRYPTO_FLAG_AUTO;
+ 			peer->crypto |= CRYPTO_FLAG_AGREE;
+ 			peer->flash &= ~TEST10;
+-			sprintf(statstr, "cook %x ts %u fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "cook %x ts %u fs %u",
+ 			    peer->pcookie, ntohl(ep->tstamp),
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+@@ -897,7 +898,7 @@
+ 				peer->crypto &= ~CRYPTO_FLAG_AUTO;
+ 			peer->crypto |= CRYPTO_FLAG_AGREE;
+ 			peer->flash &= ~TEST10;
+-			sprintf(statstr, "cook %x ts %u fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "cook %x ts %u fs %u",
+ 			    peer->pcookie, ntohl(ep->tstamp),
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+@@ -947,7 +948,7 @@
+ 			peer->pkeyid = bp->key;
+ 			peer->crypto |= CRYPTO_FLAG_AUTO;
+ 			peer->flash &= ~TEST10;
+-			sprintf(statstr,
++			snprintf(statstr, NTP_MAXSTRLEN,
+ 			    "auto seq %d key %x ts %u fs %u", bp->seq,
+ 			    bp->key, ntohl(ep->tstamp),
+ 			    ntohl(ep->fstamp));
+@@ -1051,7 +1052,7 @@
+ 			(void)ntp_adjtime(&ntv);
+ #endif /* NTP_API */
+ #endif /* KERNEL_PLL */
+-			sprintf(statstr, "leap %u ts %u fs %u",
++			snprintf(statstr, NTP_MAXSTRLEN, "leap %u ts %u fs %u",
+ 			    vallen, ntohl(ep->tstamp),
+ 			    ntohl(ep->fstamp));
+ 			record_crypto_stats(&peer->srcadr, statstr);
+@@ -1106,7 +1107,7 @@
+ 		 * scan and we return the laundry to the caller.
+ 		 */
+ 		if (rval != XEVNT_OK) {
+-			sprintf(statstr,
++			snprintf(statstr, NTP_MAXSTRLEN,
+ 			    "error %x opcode %x ts %u fs %u", rval,
+ 			    code, tstamp, fstamp);
+ 			if (rval > XEVNT_TSP)
+@@ -1388,7 +1389,8 @@
+ 	 */
+ 	if (rval > XEVNT_TSP) {
+ 		opcode |= CRYPTO_ERROR;
+-		sprintf(statstr, "error %x opcode %x", rval, opcode);
++		snprintf(statstr, NTP_MAXSTRLEN,
++		    "error %x opcode %x", rval, opcode);
+ 		record_crypto_stats(srcadr_sin, statstr);
+ #ifdef DEBUG
+ 		if (debug)
+@@ -1884,7 +1886,8 @@
+ 		if (EVP_SignFinal(&ctx, tai_leap.sig, &len, sign_pkey))
+ 			tai_leap.siglen = htonl(len);
+ 	}
+-	sprintf(statstr, "update ts %u", ntohl(hostval.tstamp)); 
++	snprintf(statstr, NTP_MAXSTRLEN,
++	    "update ts %u", ntohl(hostval.tstamp)); 
+ 	record_crypto_stats(NULL, statstr);
+ #ifdef DEBUG
+ 	if (debug)
+@@ -3461,7 +3464,7 @@
+ 	 */
+ 	if ((ptr = strrchr(linkname, '\n')) != NULL)
+ 		*ptr = '\0'; 
+-	sprintf(statstr, "%s mod %d", &linkname[2],
++	snprintf(statstr, NTP_MAXSTRLEN, "%s mod %d", &linkname[2],
+ 	    EVP_PKEY_size(pkey) * 8);
+ 	record_crypto_stats(NULL, statstr);
+ #ifdef DEBUG
+@@ -3563,8 +3566,8 @@
+ 		return (NULL);
+ 	if ((ptr = strrchr(linkname, '\n')) != NULL)
+ 		*ptr = '\0'; 
+-	sprintf(statstr, "%s 0x%x len %lu", &linkname[2], ret->flags,
+-	    len);
++	snprintf(statstr, NTP_MAXSTRLEN,
++	    "%s 0x%x len %lu", &linkname[2], ret->flags, len);
+ 	record_crypto_stats(NULL, statstr);
+ #ifdef DEBUG
+ 	if (debug)
+@@ -3692,7 +3695,7 @@
+ 		    "crypto_tai: kernel TAI update failed");
+ #endif /* NTP_API */
+ #endif /* KERNEL_PLL */
+-	sprintf(statstr, "%s link %d fs %u offset %u", cp, rval, fstamp,
++	snprintf(statstr, NTP_MAXSTRLEN, "%s link %d fs %u offset %u", cp, rval, fstamp,
+ 	    ntohl(tai_leap.vallen) / 4 + TAI_1972 - 1);
+ 	record_crypto_stats(NULL, statstr);
+ #ifdef DEBUG
diff --git a/share/security/patches/SA-09:11/ntpd63.patch.asc b/share/security/patches/SA-09:11/ntpd63.patch.asc
new file mode 100644
index 0000000000..28ecfa9126
--- /dev/null
+++ b/share/security/patches/SA-09:11/ntpd63.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iEYEABECAAYFAkovjMEACgkQFdaIBMps37JQ0ACeMYPX+jHisWPFjYMYJhBo5ZiU
+imUAnR5cfdhE3fg2C3X9Pib569jDhR0M
+=zx7e
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:12/bind.patch b/share/security/patches/SA-09:12/bind.patch
new file mode 100644
index 0000000000..b74f417f01
--- /dev/null
+++ b/share/security/patches/SA-09:12/bind.patch
@@ -0,0 +1,17 @@
+Index: contrib/bind9/bin/named/update.c
+===================================================================
+--- contrib/bind9/bin/named/update.c	(revision 195863)
++++ contrib/bind9/bin/named/update.c	(working copy)
+@@ -979,7 +979,11 @@
+ 			if (type == dns_rdatatype_rrsig ||
+ 			    type == dns_rdatatype_sig)
+ 				covers = dns_rdata_covers(&t->rdata);
+-			else
++			else if (type == dns_rdatatype_any) {
++				dns_db_detachnode(db, &node);
++				dns_diff_clear(&trash);
++				return (DNS_R_NXRRSET);
++			} else
+ 				covers = 0;
+ 
+ 			/*
diff --git a/share/security/patches/SA-09:12/bind.patch.asc b/share/security/patches/SA-09:12/bind.patch.asc
new file mode 100644
index 0000000000..810f43da41
--- /dev/null
+++ b/share/security/patches/SA-09:12/bind.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (FreeBSD)
+
+iD8DBQBKb5kyFdaIBMps37IRAgJuAJ9kYexLfGg79YF42CYHTQh+E7xFjQCfdlza
+HQa8Xm8uWqJNIHgmy6hergA=
+=wgI5
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:13/pipe.patch b/share/security/patches/SA-09:13/pipe.patch
new file mode 100644
index 0000000000..0ce893d535
--- /dev/null
+++ b/share/security/patches/SA-09:13/pipe.patch
@@ -0,0 +1,355 @@
+Index: sys/kern/kern_event.c
+===================================================================
+--- sys/kern/kern_event.c	(revision 197652)
++++ sys/kern/kern_event.c	(working copy)
+@@ -392,30 +392,82 @@ filt_proc(struct knote *kn, long hint)
+ 		return (1);
+ 	}
+ 
+-	/*
+-	 * process forked, and user wants to track the new process,
+-	 * so attach a new knote to it, and immediately report an
+-	 * event with the parent's pid.
+-	 */
+-	if ((event == NOTE_FORK) && (kn->kn_sfflags & NOTE_TRACK)) {
+-		struct kevent kev;
+-		int error;
++	return (kn->kn_fflags != 0);
++}
+ 
++/*
++ * Called when the process forked. It mostly does the same as the
++ * knote(), activating all knotes registered to be activated when the
++ * process forked. Additionally, for each knote attached to the
++ * parent, check whether user wants to track the new process. If so
++ * attach a new knote to it, and immediately report an event with the
++ * child's pid.
++ */
++void
++knote_fork(struct knlist *list, int pid)
++{
++	struct kqueue *kq;
++	struct knote *kn;
++	struct kevent kev;
++	int error;
++
++	if (list == NULL)
++		return;
++	list->kl_lock(list->kl_lockarg);
++
++	SLIST_FOREACH(kn, &list->kl_list, kn_selnext) {
++		if ((kn->kn_status & KN_INFLUX) == KN_INFLUX)
++			continue;
++		kq = kn->kn_kq;
++		KQ_LOCK(kq);
++		if ((kn->kn_status & KN_INFLUX) == KN_INFLUX) {
++			KQ_UNLOCK(kq);
++			continue;
++		}
++
+ 		/*
+-		 * register knote with new process.
++		 * The same as knote(), activate the event.
+ 		 */
+-		kev.ident = hint & NOTE_PDATAMASK;	/* pid */
++		if ((kn->kn_sfflags & NOTE_TRACK) == 0) {
++			kn->kn_status |= KN_HASKQLOCK;
++			if (kn->kn_fop->f_event(kn, NOTE_FORK | pid))
++				KNOTE_ACTIVATE(kn, 1);
++			kn->kn_status &= ~KN_HASKQLOCK;
++			KQ_UNLOCK(kq);
++			continue;
++		}
++
++		/*
++		 * The NOTE_TRACK case. In addition to the activation
++		 * of the event, we need to register new event to
++		 * track the child. Drop the locks in preparation for
++		 * the call to kqueue_register().
++		 */
++		kn->kn_status |= KN_INFLUX;
++		KQ_UNLOCK(kq);
++		list->kl_unlock(list->kl_lockarg);
++
++		/*
++		 * Activate existing knote and register a knote with
++		 * new process.
++		 */
++		kev.ident = pid;
+ 		kev.filter = kn->kn_filter;
+ 		kev.flags = kn->kn_flags | EV_ADD | EV_ENABLE | EV_FLAG1;
+ 		kev.fflags = kn->kn_sfflags;
+-		kev.data = kn->kn_id;			/* parent */
+-		kev.udata = kn->kn_kevent.udata;	/* preserve udata */
+-		error = kqueue_register(kn->kn_kq, &kev, NULL, 0);
++		kev.data = kn->kn_id;		/* parent */
++		kev.udata = kn->kn_kevent.udata;/* preserve udata */
++		error = kqueue_register(kq, &kev, NULL, 0);
++		if (kn->kn_fop->f_event(kn, NOTE_FORK | pid))
++			KNOTE_ACTIVATE(kn, 0);
+ 		if (error)
+ 			kn->kn_fflags |= NOTE_TRACKERR;
++		KQ_LOCK(kq);
++		kn->kn_status &= ~KN_INFLUX;
++		KQ_UNLOCK_FLUX(kq);
++		list->kl_lock(list->kl_lockarg);
+ 	}
+-
+-	return (kn->kn_fflags != 0);
++	list->kl_unlock(list->kl_lockarg);
+ }
+ 
+ static int
+@@ -1123,7 +1175,7 @@ kqueue_scan(struct kqueue *kq, int maxevents, stru
+ 	struct kevent *kevp;
+ 	struct timeval atv, rtv, ttv;
+ 	struct knote *kn, *marker;
+-	int count, timeout, nkev, error;
++	int count, timeout, nkev, error, influx;
+ 	int haskqglobal;
+ 
+ 	count = maxevents;
+@@ -1193,12 +1245,17 @@ start:
+ 	}
+ 
+ 	TAILQ_INSERT_TAIL(&kq->kq_head, marker, kn_tqe);
++	influx = 0;
+ 	while (count) {
+ 		KQ_OWNED(kq);
+ 		kn = TAILQ_FIRST(&kq->kq_head);
+ 
+ 		if ((kn->kn_status == KN_MARKER && kn != marker) ||
+ 		    (kn->kn_status & KN_INFLUX) == KN_INFLUX) {
++			if (influx) {
++				influx = 0;
++				KQ_FLUX_WAKEUP(kq);
++			}
+ 			kq->kq_state |= KQ_FLUXWAIT;
+ 			error = msleep(kq, &kq->kq_lock, PSOCK,
+ 			    "kqflxwt", 0);
+@@ -1248,6 +1305,7 @@ start:
+ 				    ~(KN_QUEUED | KN_ACTIVE | KN_INFLUX);
+ 				kq->kq_count--;
+ 				KN_LIST_UNLOCK(kn);
++				influx = 1;
+ 				continue;
+ 			}
+ 			*kevp = kn->kn_kevent;
+@@ -1263,6 +1321,7 @@ start:
+ 			
+ 			kn->kn_status &= ~(KN_INFLUX);
+ 			KN_LIST_UNLOCK(kn);
++			influx = 1;
+ 		}
+ 
+ 		/* we are returning a copy to the user */
+@@ -1271,6 +1330,7 @@ start:
+ 		count--;
+ 
+ 		if (nkev == KQ_NEVENTS) {
++			influx = 0;
+ 			KQ_UNLOCK_FLUX(kq);
+ 			error = k_ops->k_copyout(k_ops->arg, keva, nkev);
+ 			nkev = 0;
+@@ -1434,8 +1494,11 @@ kqueue_close(struct file *fp, struct thread *td)
+ 
+ 	for (i = 0; i < kq->kq_knlistsize; i++) {
+ 		while ((kn = SLIST_FIRST(&kq->kq_knlist[i])) != NULL) {
+-			KASSERT((kn->kn_status & KN_INFLUX) == 0,
+-			    ("KN_INFLUX set when not suppose to be"));
++			if ((kn->kn_status & KN_INFLUX) == KN_INFLUX) {
++				kq->kq_state |= KQ_FLUXWAIT;
++				msleep(kq, &kq->kq_lock, PSOCK, "kqclo1", 0);
++				continue;
++			}
+ 			kn->kn_status |= KN_INFLUX;
+ 			KQ_UNLOCK(kq);
+ 			if (!(kn->kn_status & KN_DETACHED))
+@@ -1447,8 +1510,12 @@ kqueue_close(struct file *fp, struct thread *td)
+ 	if (kq->kq_knhashmask != 0) {
+ 		for (i = 0; i <= kq->kq_knhashmask; i++) {
+ 			while ((kn = SLIST_FIRST(&kq->kq_knhash[i])) != NULL) {
+-				KASSERT((kn->kn_status & KN_INFLUX) == 0,
+-				    ("KN_INFLUX set when not suppose to be"));
++				if ((kn->kn_status & KN_INFLUX) == KN_INFLUX) {
++					kq->kq_state |= KQ_FLUXWAIT;
++					msleep(kq, &kq->kq_lock, PSOCK,
++					       "kqclo2", 0);
++					continue;
++				}
+ 				kn->kn_status |= KN_INFLUX;
+ 				KQ_UNLOCK(kq);
+ 				if (!(kn->kn_status & KN_DETACHED))
+Index: sys/kern/kern_fork.c
+===================================================================
+--- sys/kern/kern_fork.c	(revision 197652)
++++ sys/kern/kern_fork.c	(working copy)
+@@ -699,14 +699,12 @@ again:
+ 	 */
+ 	PROC_LOCK(p1);
+ 	_PRELE(p1);
++	PROC_UNLOCK(p1);
+ 
+ 	/*
+ 	 * Tell any interested parties about the new process.
+ 	 */
+-	KNOTE_LOCKED(&p1->p_klist, NOTE_FORK | p2->p_pid);
+-
+-	PROC_UNLOCK(p1);
+-
++	knote_fork(&p1->p_klist, p2->p_pid);
+ 	/*
+ 	 * Preserve synchronization semantics of vfork.  If waiting for
+ 	 * child to exec or exit, set P_PPWAIT on child, and sleep on our
+Index: sys/kern/sys_pipe.c
+===================================================================
+--- sys/kern/sys_pipe.c	(revision 197652)
++++ sys/kern/sys_pipe.c	(working copy)
+@@ -268,8 +268,8 @@ pipe_zone_ctor(void *mem, int size, void *arg, int
+ 	 * one at a time.  When both are free'd, then the whole pair
+ 	 * is released.
+ 	 */
+-	rpipe->pipe_present = 1;
+-	wpipe->pipe_present = 1;
++	rpipe->pipe_present = PIPE_ACTIVE;
++	wpipe->pipe_present = PIPE_ACTIVE;
+ 
+ 	/*
+ 	 * Eventually, the MAC Framework may initialize the label
+@@ -1003,7 +1003,8 @@ pipe_write(fp, uio, active_cred, flags, td)
+ 	/*
+ 	 * detect loss of pipe read side, issue SIGPIPE if lost.
+ 	 */
+-	if ((!wpipe->pipe_present) || (wpipe->pipe_state & PIPE_EOF)) {
++	if (wpipe->pipe_present != PIPE_ACTIVE ||
++	    (wpipe->pipe_state & PIPE_EOF)) {
+ 		pipeunlock(wpipe);
+ 		PIPE_UNLOCK(rpipe);
+ 		return (EPIPE);
+@@ -1361,13 +1362,14 @@ pipe_poll(fp, events, active_cred, td)
+ 			revents |= events & (POLLIN | POLLRDNORM);
+ 
+ 	if (events & (POLLOUT | POLLWRNORM))
+-		if (!wpipe->pipe_present || (wpipe->pipe_state & PIPE_EOF) ||
++		if (wpipe->pipe_present != PIPE_ACTIVE ||
++		    (wpipe->pipe_state & PIPE_EOF) ||
+ 		    (((wpipe->pipe_state & PIPE_DIRECTW) == 0) &&
+ 		     (wpipe->pipe_buffer.size - wpipe->pipe_buffer.cnt) >= PIPE_BUF))
+ 			revents |= events & (POLLOUT | POLLWRNORM);
+ 
+ 	if ((rpipe->pipe_state & PIPE_EOF) ||
+-	    (!wpipe->pipe_present) ||
++	    wpipe->pipe_present != PIPE_ACTIVE ||
+ 	    (wpipe->pipe_state & PIPE_EOF))
+ 		revents |= POLLHUP;
+ 
+@@ -1506,7 +1508,7 @@ pipeclose(cpipe)
+ 	 * Disconnect from peer, if any.
+ 	 */
+ 	ppipe = cpipe->pipe_peer;
+-	if (ppipe->pipe_present != 0) {
++	if (ppipe->pipe_present == PIPE_ACTIVE) {
+ 		pipeselwakeup(ppipe);
+ 
+ 		ppipe->pipe_state |= PIPE_EOF;
+@@ -1523,16 +1525,23 @@ pipeclose(cpipe)
+ 	PIPE_UNLOCK(cpipe);
+ 	pipe_free_kmem(cpipe);
+ 	PIPE_LOCK(cpipe);
+-	cpipe->pipe_present = 0;
++	cpipe->pipe_present = PIPE_CLOSING;
+ 	pipeunlock(cpipe);
++
++	/*
++	 * knlist_clear() may sleep dropping the PIPE_MTX. Set the
++	 * PIPE_FINALIZED, that allows other end to free the
++	 * pipe_pair, only after the knotes are completely dismantled.
++	 */
+ 	knlist_clear(&cpipe->pipe_sel.si_note, 1);
++	cpipe->pipe_present = PIPE_FINALIZED;
+ 	knlist_destroy(&cpipe->pipe_sel.si_note);
+ 
+ 	/*
+ 	 * If both endpoints are now closed, release the memory for the
+ 	 * pipe pair.  If not, unlock.
+ 	 */
+-	if (ppipe->pipe_present == 0) {
++	if (ppipe->pipe_present == PIPE_FINALIZED) {
+ 		PIPE_UNLOCK(cpipe);
+ #ifdef MAC
+ 		mac_destroy_pipe(pp);
+@@ -1556,7 +1565,7 @@ pipe_kqfilter(struct file *fp, struct knote *kn)
+ 		break;
+ 	case EVFILT_WRITE:
+ 		kn->kn_fop = &pipe_wfiltops;
+-		if (!cpipe->pipe_peer->pipe_present) {
++		if (cpipe->pipe_peer->pipe_present != PIPE_ACTIVE) {
+ 			/* other end of pipe has been closed */
+ 			PIPE_UNLOCK(cpipe);
+ 			return (EPIPE);
+@@ -1579,13 +1588,8 @@ filt_pipedetach(struct knote *kn)
+ 	struct pipe *cpipe = (struct pipe *)kn->kn_fp->f_data;
+ 
+ 	PIPE_LOCK(cpipe);
+-	if (kn->kn_filter == EVFILT_WRITE) {
+-		if (!cpipe->pipe_peer->pipe_present) {
+-			PIPE_UNLOCK(cpipe);
+-			return;
+-		}
++	if (kn->kn_filter == EVFILT_WRITE)
+ 		cpipe = cpipe->pipe_peer;
+-	}
+ 	knlist_remove(&cpipe->pipe_sel.si_note, kn, 1);
+ 	PIPE_UNLOCK(cpipe);
+ }
+@@ -1604,7 +1608,8 @@ filt_piperead(struct knote *kn, long hint)
+ 		kn->kn_data = rpipe->pipe_map.cnt;
+ 
+ 	if ((rpipe->pipe_state & PIPE_EOF) ||
+-	    (!wpipe->pipe_present) || (wpipe->pipe_state & PIPE_EOF)) {
++	    wpipe->pipe_present != PIPE_ACTIVE ||
++	    (wpipe->pipe_state & PIPE_EOF)) {
+ 		kn->kn_flags |= EV_EOF;
+ 		PIPE_UNLOCK(rpipe);
+ 		return (1);
+@@ -1622,7 +1627,8 @@ filt_pipewrite(struct knote *kn, long hint)
+ 	struct pipe *wpipe = rpipe->pipe_peer;
+ 
+ 	PIPE_LOCK(rpipe);
+-	if ((!wpipe->pipe_present) || (wpipe->pipe_state & PIPE_EOF)) {
++	if (wpipe->pipe_present != PIPE_ACTIVE ||
++	    (wpipe->pipe_state & PIPE_EOF)) {
+ 		kn->kn_data = 0;
+ 		kn->kn_flags |= EV_EOF;
+ 		PIPE_UNLOCK(rpipe);
+
+Index: sys/sys/event.h
+===================================================================
+--- sys/sys/event.h	(revision 197652)
++++ sys/sys/event.h	(working copy)
+@@ -208,6 +208,7 @@ struct proc;
+ struct knlist;
+ 
+ extern void	knote(struct knlist *list, long hint, int islocked);
++extern void	knote_fork(struct knlist *list, int pid);
+ extern void	knlist_add(struct knlist *knl, struct knote *kn, int islocked);
+ extern void	knlist_remove(struct knlist *knl, struct knote *kn, int islocked);
+ extern void	knlist_remove_inevent(struct knlist *knl, struct knote *kn);
+Index: sys/sys/pipe.h
+===================================================================
+--- sys/sys/pipe.h	(revision 197652)
++++ sys/sys/pipe.h	(working copy)
+@@ -115,6 +115,13 @@ struct pipe {
+ };
+ 
+ /*
++ * Values for the pipe_present.
++ */
++#define PIPE_ACTIVE		1
++#define	PIPE_CLOSING		2
++#define	PIPE_FINALIZED		3
++
++/*
+  * Container structure to hold the two pipe endpoints, mutex, and label
+  * pointer.
+  */
diff --git a/share/security/patches/SA-09:13/pipe.patch.asc b/share/security/patches/SA-09:13/pipe.patch.asc
new file mode 100644
index 0000000000..c33acc655c
--- /dev/null
+++ b/share/security/patches/SA-09:13/pipe.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBKxlvHFdaIBMps37IRArnkAKCMld4Pjs/GlWGAJXFHyom1OILGWwCcDTz7
+WZKHZRu3q3noGrLJI+8KloU=
+=L3eo
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:14/devfs6.patch b/share/security/patches/SA-09:14/devfs6.patch
new file mode 100644
index 0000000000..2838a4b171
--- /dev/null
+++ b/share/security/patches/SA-09:14/devfs6.patch
@@ -0,0 +1,17 @@
+Index: sys/fs/devfs/devfs_vnops.c
+===================================================================
+--- sys/fs/devfs/devfs_vnops.c	(revision 197641)
++++ sys/fs/devfs/devfs_vnops.c	(working copy)
+@@ -759,6 +759,9 @@
+ 
+ 	VOP_UNLOCK(vp, 0, td);
+ 
++	if (ap->a_fdidx >= 0)
++		ap->a_td->td_proc->p_fd->fd_ofiles[ap->a_fdidx]->f_vnode = vp;
++
+ 	if(!(dsw->d_flags & D_NEEDGIANT)) {
+ 		DROP_GIANT();
+ 		if (dsw->d_fdopen != NULL)
+
+
+
diff --git a/share/security/patches/SA-09:14/devfs6.patch.asc b/share/security/patches/SA-09:14/devfs6.patch.asc
new file mode 100644
index 0000000000..471746ab7f
--- /dev/null
+++ b/share/security/patches/SA-09:14/devfs6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBKxluxFdaIBMps37IRAhB+AJ9Idwy6F5exYd9xQ9w0C+DIBkaBVwCcDVvP
+RKLqwVI0DAcpvbTNOPe4JXk=
+=WlE+
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:14/devfs7.patch b/share/security/patches/SA-09:14/devfs7.patch
new file mode 100644
index 0000000000..8535c5c682
--- /dev/null
+++ b/share/security/patches/SA-09:14/devfs7.patch
@@ -0,0 +1,13 @@
+Index: sys/fs/devfs/devfs_vnops.c
+===================================================================
+--- sys/fs/devfs/devfs_vnops.c	(revision 192300)
++++ sys/fs/devfs/devfs_vnops.c	(revision 192301)
+@@ -890,6 +890,7 @@
+ 	if (fp != NULL) {
+ 		FILE_LOCK(fp);
+ 		fp->f_data = dev;
++		fp->f_vnode = vp;
+ 		FILE_UNLOCK(fp);
+ 	}
+ 	fpop = td->td_fpop;
+
diff --git a/share/security/patches/SA-09:14/devfs7.patch.asc b/share/security/patches/SA-09:14/devfs7.patch.asc
new file mode 100644
index 0000000000..b4a46e0f64
--- /dev/null
+++ b/share/security/patches/SA-09:14/devfs7.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBKxlu1FdaIBMps37IRAv2eAJ0bUIZSOEr9BQwsENjqwyUJZM3b7ACgliwu
+4Ou67dSBUMqO1sGJpY76Bcs=
+=TNYU
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:15/ssl.patch b/share/security/patches/SA-09:15/ssl.patch
new file mode 100644
index 0000000000..5e336e7f9c
--- /dev/null
+++ b/share/security/patches/SA-09:15/ssl.patch
@@ -0,0 +1,57 @@
+Index: crypto/openssl/ssl/s3_pkt.c
+===================================================================
+--- crypto/openssl/ssl/s3_pkt.c	(revision 199950)
++++ crypto/openssl/ssl/s3_pkt.c	(working copy)
+@@ -983,9 +983,7 @@
+ 		if (s->msg_callback)
+ 			s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg);
+ 
+-		if (SSL_is_init_finished(s) &&
+-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) &&
+-			!s->s3->renegotiate)
++		if (0)
+ 			{
+ 			ssl3_renegotiate(s);
+ 			if (ssl3_renegotiate_check(s))
+@@ -1116,8 +1114,7 @@
+ 	/* Unexpected handshake message (Client Hello, or protocol violation) */
+ 	if ((s->s3->handshake_fragment_len >= 4) &&	!s->in_handshake)
+ 		{
+-		if (((s->state&SSL_ST_MASK) == SSL_ST_OK) &&
+-			!(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS))
++		if (0)
+ 			{
+ #if 0 /* worked only because C operator preferences are not as expected (and
+        * because this is not really needed for clients except for detecting
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c	(revision 199950)
++++ crypto/openssl/ssl/s3_srvr.c	(working copy)
+@@ -718,6 +718,13 @@
+ #endif
+ 	STACK_OF(SSL_CIPHER) *ciphers=NULL;
+ 
++	if (s->new_session)
++		{
++		al=SSL_AD_HANDSHAKE_FAILURE;
++		SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, ERR_R_INTERNAL_ERROR);
++		goto f_err;
++		}
++
+ 	/* We do this so that we will respond with our native type.
+ 	 * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
+ 	 * This down switching should be handled by a different method.
+Index: crypto/openssl/ssl/s3_lib.c
+===================================================================
+--- crypto/openssl/ssl/s3_lib.c	(revision 199950)
++++ crypto/openssl/ssl/s3_lib.c	(working copy)
+@@ -2592,6 +2592,9 @@
+ 	if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+ 		return(0);
+ 
++	if (1)
++		return(0);
++
+ 	s->s3->renegotiate=1;
+ 	return(1);
+ 	}
diff --git a/share/security/patches/SA-09:15/ssl.patch.asc b/share/security/patches/SA-09:15/ssl.patch.asc
new file mode 100644
index 0000000000..1ca96f8f9e
--- /dev/null
+++ b/share/security/patches/SA-09:15/ssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAksXhDYACgkQFdaIBMps37Ls5gCdFXXZulTHhNNFLan7LOiM1pQJ
+eCMAn03cxvORnOiMQQ65hhas8h8D4EfZ
+=t19/
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:16/rtld.patch b/share/security/patches/SA-09:16/rtld.patch
new file mode 100644
index 0000000000..3f53585620
--- /dev/null
+++ b/share/security/patches/SA-09:16/rtld.patch
@@ -0,0 +1,23 @@
+Index: libexec/rtld-elf/rtld.c
+===================================================================
+--- libexec/rtld-elf/rtld.c	(revision 199978)
++++ libexec/rtld-elf/rtld.c	(revision 199979)
+@@ -366,12 +366,12 @@
+      * future processes to honor the potentially un-safe variables.
+      */
+     if (!trust) {
+-        unsetenv(LD_ "PRELOAD");
+-        unsetenv(LD_ "LIBMAP");
+-        unsetenv(LD_ "LIBRARY_PATH");
+-        unsetenv(LD_ "LIBMAP_DISABLE");
+-        unsetenv(LD_ "DEBUG");
+-        unsetenv(LD_ "ELF_HINTS_PATH");
++        if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
++	    unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") ||
++	    unsetenv(LD_ "DEBUG") || unsetenv(LD_ "ELF_HINTS_PATH")) {
++		_rtld_error("environment corrupt; aborting");
++		die();
++	}
+     }
+     ld_debug = getenv(LD_ "DEBUG");
+     libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;
diff --git a/share/security/patches/SA-09:16/rtld.patch.asc b/share/security/patches/SA-09:16/rtld.patch.asc
new file mode 100644
index 0000000000..c53ff30ad9
--- /dev/null
+++ b/share/security/patches/SA-09:16/rtld.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAksXhEIACgkQFdaIBMps37JsRgCggL2LUu5NW4PdMC21UjBjKDsL
+jS4Anj73HUkK4gx5HwF+NLW5+xHJQacU
+=uLAT
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:16/rtld7.patch b/share/security/patches/SA-09:16/rtld7.patch
new file mode 100644
index 0000000000..f4a139e308
--- /dev/null
+++ b/share/security/patches/SA-09:16/rtld7.patch
@@ -0,0 +1,22 @@
+Index: libexec/rtld-elf/rtld.c
+===================================================================
+--- libexec/rtld-elf/rtld.c
++++ libexec/rtld-elf/rtld.c
+@@ -358,11 +358,12 @@
+      * future processes to honor the potentially un-safe variables.
+      */
+     if (!trust) {
+-        unsetenv(LD_ "PRELOAD");
+-        unsetenv(LD_ "LIBMAP");
+-        unsetenv(LD_ "LIBRARY_PATH");
+-        unsetenv(LD_ "LIBMAP_DISABLE");
+-        unsetenv(LD_ "DEBUG");
++        if (unsetenv(LD_ "PRELOAD") || unsetenv(LD_ "LIBMAP") ||
++	    unsetenv(LD_ "LIBRARY_PATH") || unsetenv(LD_ "LIBMAP_DISABLE") ||
++	    unsetenv(LD_ "DEBUG")) {
++		_rtld_error("environment corrupt; aborting");
++		die();
++	}
+     }
+     ld_debug = getenv(LD_ "DEBUG");
+     libmap_disable = getenv(LD_ "LIBMAP_DISABLE") != NULL;
diff --git a/share/security/patches/SA-09:16/rtld7.patch.asc b/share/security/patches/SA-09:16/rtld7.patch.asc
new file mode 100644
index 0000000000..c08fab8d70
--- /dev/null
+++ b/share/security/patches/SA-09:16/rtld7.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAksXhFAACgkQFdaIBMps37Km9wCfUDNjK+ldYVBcitIz4gPavbq/
+UWgAn2qVHhzi8pHlEWkoFgqolk2RPEV3
+=y2YK
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-09:17/freebsd-update.patch b/share/security/patches/SA-09:17/freebsd-update.patch
new file mode 100644
index 0000000000..6986d42cd6
--- /dev/null
+++ b/share/security/patches/SA-09:17/freebsd-update.patch
@@ -0,0 +1,25 @@
+Index: usr.sbin/freebsd-update/freebsd-update.sh
+===================================================================
+--- usr.sbin/freebsd-update/freebsd-update.sh	(revision 199972)
++++ usr.sbin/freebsd-update/freebsd-update.sh	(working copy)
+@@ -603,6 +603,7 @@
+ 		echo ${WORKDIR}
+ 		exit 1
+ 	fi
++	chmod 700 ${WORKDIR}
+ 	cd ${WORKDIR} || exit 1
+ 
+ 	# Generate release number.  The s/SECURITY/RELEASE/ bit exists
+Index: etc/mtree/BSD.var.dist
+===================================================================
+--- etc/mtree/BSD.var.dist	(revision 200019)
++++ etc/mtree/BSD.var.dist	(working copy)
+@@ -32,7 +32,7 @@
+     db
+         entropy         uname=operator gname=operator mode=0700
+         ..
+-        freebsd-update
++        freebsd-update  mode=0700
+         ..
+         ipf             mode=0700
+         ..
diff --git a/share/security/patches/SA-09:17/freebsd-update.patch.asc b/share/security/patches/SA-09:17/freebsd-update.patch.asc
new file mode 100644
index 0000000000..1c91253a7d
--- /dev/null
+++ b/share/security/patches/SA-09:17/freebsd-update.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAksXhG4ACgkQFdaIBMps37JB/QCfURksZr+GNx+L99gjYxfpkXSa
+dt0An2CPLJFHs7PpAnxbxIDwIvf+ilvn
+=Uix9
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:01/bind9-6.patch b/share/security/patches/SA-10:01/bind9-6.patch
new file mode 100644
index 0000000000..ffb51fdc7c
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-6.patch
@@ -0,0 +1,317 @@
+Index: contrib/bind9/lib/dns/rbtdb.c
+===================================================================
+--- contrib/bind9/lib/dns/rbtdb.c	(revision 200668)
++++ contrib/bind9/lib/dns/rbtdb.c	(working copy)
+@@ -2667,7 +2667,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_na
+ 	}
+ 
+ 	if (dname_header != NULL &&
+-	    (dname_header->trust != dns_trust_pending ||
++	    (!DNS_TRUST_PENDING(dname_header->trust) ||
+ 	     (search->options & DNS_DBFIND_PENDINGOK) != 0)) {
+ 		/*
+ 		 * We increment the reference count on node to ensure that
+@@ -3129,7 +3129,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbv
+ 	if (found == NULL ||
+ 	    (found->trust == dns_trust_glue &&
+ 	     ((options & DNS_DBFIND_GLUEOK) == 0)) ||
+-	    (found->trust == dns_trust_pending &&
++	    (DNS_TRUST_PENDING(found->trust) &&
+ 	     ((options & DNS_DBFIND_PENDINGOK) == 0))) {
+ 		/*
+ 		 * If there is an NS rdataset at this node, then this is the
+Index: contrib/bind9/lib/dns/include/dns/types.h
+===================================================================
+--- contrib/bind9/lib/dns/include/dns/types.h	(revision 200668)
++++ contrib/bind9/lib/dns/include/dns/types.h	(working copy)
+@@ -226,40 +226,51 @@ enum {
+ 	dns_trust_none = 0,
+ #define dns_trust_none			((dns_trust_t)dns_trust_none)
+ 
+-	/* Subject to DNSSEC validation but has not yet been validated */
+-	dns_trust_pending = 1,
+-#define dns_trust_pending		((dns_trust_t)dns_trust_pending)
++	/*%
++	 * Subject to DNSSEC validation but has not yet been validated
++	 * dns_trust_pending_additional (from the additional section).
++	 */
++	dns_trust_pending_additional = 1,
++#define dns_trust_pending_additional \
++		((dns_trust_t)dns_trust_pending_additional)
+ 
+-	/* Received in the additional section of a response. */
+-	dns_trust_additional = 2,
++	dns_trust_pending_answer = 2,
++#define dns_trust_pending_answer	((dns_trust_t)dns_trust_pending_answer)
++
++	/*% Received in the additional section of a response. */
++	dns_trust_additional = 3,
+ #define dns_trust_additional		((dns_trust_t)dns_trust_additional)
+ 
+-	/* Received in a referral response. */ 
+-	dns_trust_glue = 3,
++	/* Received in a referral response. */
++	dns_trust_glue = 4,
+ #define dns_trust_glue			((dns_trust_t)dns_trust_glue)
+ 
+-	/* Answser from a non-authoritative server */
+-	dns_trust_answer = 4,
++	/* Answer from a non-authoritative server */
++	dns_trust_answer = 5,
+ #define dns_trust_answer		((dns_trust_t)dns_trust_answer)
+ 
+ 	/*  Received in the authority section as part of an
+ 	    authoritative response */
+-	dns_trust_authauthority = 5,
++	dns_trust_authauthority = 6,
+ #define dns_trust_authauthority		((dns_trust_t)dns_trust_authauthority)
+ 
+-	/* Answser from an authoritative server */
+-	dns_trust_authanswer = 6,
++	/* Answer from an authoritative server */
++	dns_trust_authanswer = 7,
+ #define dns_trust_authanswer		((dns_trust_t)dns_trust_authanswer)
+ 
+-	/* Successfully DNSSEC validated */	
+-	dns_trust_secure = 7,
++	/* Successfully DNSSEC validated */
++	dns_trust_secure = 8,
+ #define dns_trust_secure		((dns_trust_t)dns_trust_secure)
+ 
+ 	/* This server is authoritative */
+-	dns_trust_ultimate = 8
++	dns_trust_ultimate = 9
+ #define dns_trust_ultimate		((dns_trust_t)dns_trust_ultimate)
+ };
+ 
++#define DNS_TRUST_PENDING(x)		((x) == dns_trust_pending_answer || \
++					 (x) == dns_trust_pending_additional)
++#define DNS_TRUST_GLUE(x)		((x) == dns_trust_glue)
++
+ /*
+  * Name checking severites.
+  */
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+--- contrib/bind9/lib/dns/resolver.c	(revision 200668)
++++ contrib/bind9/lib/dns/resolver.c	(working copy)
+@@ -3694,6 +3694,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 		 * for it, unless it is glue.
+ 		 */
+ 		if (secure_domain && rdataset->trust != dns_trust_glue) {
++			dns_trust_t trust;
+ 			/*
+ 			 * RRSIGs are validated as part of validating the
+ 			 * type they cover.
+@@ -3730,12 +3731,34 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 			}
+ 
+ 			/*
++			 * Reject out of bailiwick additional records
++			 * without RRSIGs as they can't possibly validate
++			 * as "secure" and as we will never never want to
++			 * store these as "answers" after validation.
++			 */
++			if (rdataset->trust == dns_trust_additional &&
++			    sigrdataset == NULL && EXTERNAL(rdataset))
++				continue;
++ 
++			/*
++			 * XXXMPA: If we store as "answer" after validating
++			 * then we need to do bailiwick processing and
++			 * also need to track whether RRsets are in or
++			 * out of bailiwick.  This will require a another
++			 * pending trust level.
++			 *
+ 			 * Cache this rdataset/sigrdataset pair as
+-			 * pending data.
++			 * pending data.  Track whether it was additional
++			 * or not.
+ 			 */
+-			rdataset->trust = dns_trust_pending;
++			if (rdataset->trust == dns_trust_additional)
++				trust = dns_trust_pending_additional;
++			else
++				trust = dns_trust_pending_answer;
++ 
++			rdataset->trust = trust;
+ 			if (sigrdataset != NULL)
+-				sigrdataset->trust = dns_trust_pending;
++				sigrdataset->trust = trust;
+ 			if (!need_validation)
+ 				addedrdataset = ardataset;
+ 			else
+@@ -4081,7 +4104,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t
+ 			for (trdataset = ISC_LIST_HEAD(tname->list);
+ 			     trdataset != NULL;
+ 			     trdataset = ISC_LIST_NEXT(trdataset, link))
+-				trdataset->trust = dns_trust_pending;
++				trdataset->trust = dns_trust_pending_answer;
+ 			result = dns_message_nextname(fctx->rmessage,
+ 						      DNS_SECTION_AUTHORITY);
+ 		}
+Index: contrib/bind9/lib/dns/masterdump.c
+===================================================================
+--- contrib/bind9/lib/dns/masterdump.c	(revision 200668)
++++ contrib/bind9/lib/dns/masterdump.c	(working copy)
+@@ -763,7 +763,8 @@ dump_order_compare(const void *a, const void *b) {
+ 
+ static const char *trustnames[] = {
+ 	"none",
+-	"pending",
++	"pending-additional",
++	"pending-answer",
+ 	"additional",
+ 	"glue",
+ 	"answer",
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+--- contrib/bind9/lib/dns/validator.c	(revision 200668)
++++ contrib/bind9/lib/dns/validator.c	(working copy)
+@@ -238,7 +238,7 @@ auth_nonpending(dns_message_t *message) {
+ 		     rdataset != NULL;
+ 		     rdataset = ISC_LIST_NEXT(rdataset, link))
+ 		{
+-			if (rdataset->trust == dns_trust_pending)
++			if (DNS_TRUST_PENDING(rdataset->trust))
+ 				rdataset->trust = dns_trust_authauthority;
+ 		}
+ 	}
+@@ -1176,7 +1176,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 		 * We have an rrset for the given keyname.
+ 		 */
+ 		val->keyset = &val->frdataset;
+-		if (val->frdataset.trust == dns_trust_pending &&
++		if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 		    dns_rdataset_isassociated(&val->fsigrdataset))
+ 		{
+ 			/*
+@@ -1191,7 +1191,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 			if (result != ISC_R_SUCCESS)
+ 				return (result);
+ 			return (DNS_R_WAIT);
+-		} else if (val->frdataset.trust == dns_trust_pending) {
++		} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 			/*
+ 			 * Having a pending key with no signature means that
+ 			 * something is broken.
+@@ -1760,7 +1760,7 @@ validatezonekey(dns_validator_t *val) {
+ 			 * We have DS records.
+ 			 */
+ 			val->dsset = &val->frdataset;
+-			if (val->frdataset.trust == dns_trust_pending &&
++			if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 			    dns_rdataset_isassociated(&val->fsigrdataset))
+ 			{
+ 				result = create_validator(val,
+@@ -1773,7 +1773,7 @@ validatezonekey(dns_validator_t *val) {
+ 				if (result != ISC_R_SUCCESS)
+ 					return (result);
+ 				return (DNS_R_WAIT);
+-			} else if (val->frdataset.trust == dns_trust_pending) {
++			} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				/*
+ 				 * There should never be an unsigned DS.
+ 				 */
+@@ -2568,7 +2568,7 @@ proveunsecure(dns_validator_t *val, isc_boolean_t
+ 			 * There is no DS.  If this is a delegation,
+ 			 * we maybe done.
+ 			 */
+-			if (val->frdataset.trust == dns_trust_pending) {
++			if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				result = create_fetch(val, tname,
+ 						      dns_rdatatype_ds,
+ 						      dsfetched2,
+Index: contrib/bind9/bin/named/query.c
+===================================================================
+--- contrib/bind9/bin/named/query.c	(revision 200668)
++++ contrib/bind9/bin/named/query.c	(working copy)
+@@ -92,6 +92,8 @@
+ #define DNS_GETDB_NOLOG 0x02U
+ #define DNS_GETDB_PARTIAL 0x04U
+ 
++#define PENDINGOK(x)	(((x) & DNS_DBFIND_PENDINGOK) != 0)
++
+ static void
+ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype);
+ 
+@@ -1698,14 +1700,14 @@ query_addbestns(ns_client_t *client) {
+ 		zsigrdataset = NULL;
+ 	}
+ 
+-	if ((client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0 &&
+-	    (rdataset->trust == dns_trust_pending ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending)))
++	if ((DNS_TRUST_PENDING(rdataset->trust) ||
++	    (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust))) &&
++	    !PENDINGOK(client->query.dboptions))
+ 		goto cleanup;
+ 
+-	if (WANTDNSSEC(client) && SECURE(client) &&
+-	    (rdataset->trust == dns_trust_glue ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)))
++	if ((DNS_TRUST_GLUE(rdataset->trust) ||
++	    (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) &&
++  	    SECURE(client) && WANTDNSSEC(client))
+ 		goto cleanup;
+ 
+ 	query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
+@@ -2376,6 +2378,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	isc_boolean_t empty_wild;
+ 	dns_rdataset_t *noqname;
+ 	isc_boolean_t resuming;
++	dns_rdataset_t tmprdataset;
++	unsigned int dboptions;
+ 
+ 	CTRACE("query_find");
+ 
+@@ -2577,9 +2581,47 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	/*
+ 	 * Now look for an answer in the database.
+ 	 */
++	dboptions = client->query.dboptions;
++	if (sigrdataset == NULL && client->view->enablednssec) {
++		/*
++		 * If the client doesn't want DNSSEC we still want to
++		 * look for any data pending validation to save a remote
++		 * lookup if possible.
++		 */
++		dns_rdataset_init(&tmprdataset);
++		sigrdataset = &tmprdataset;
++		dboptions |= DNS_DBFIND_PENDINGOK;
++	}
++ refind:
+ 	result = dns_db_find(db, client->query.qname, version, type,
+-			     client->query.dboptions, client->now,
+-			     &node, fname, rdataset, sigrdataset);
++			     dboptions, client->now, &node, fname,
++			     rdataset, sigrdataset);
++	/*
++	 * If we have found pending data try to validate it.
++	 * If the data does not validate as secure and we can't
++	 * use the unvalidated data requery the database with
++	 * pending disabled to prevent infinite looping.
++	 */
++	if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust))
++		goto validation_done;
++	if (rdataset->trust != dns_trust_pending_answer ||
++	    !PENDINGOK(client->query.dboptions)) {
++		dns_rdataset_disassociate(rdataset);
++		if (sigrdataset != NULL &&
++		    dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		if (sigrdataset == &tmprdataset)
++			sigrdataset = NULL;
++		dns_db_detachnode(db, &node);
++		dboptions &= ~DNS_DBFIND_PENDINGOK;
++		goto refind;
++	}
++ validation_done:
++	if (sigrdataset == &tmprdataset) {
++		if (dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		sigrdataset = NULL;
++	}
+ 
+  resume:
+ 	CTRACE("query_find: resume");
diff --git a/share/security/patches/SA-10:01/bind9-6.patch.asc b/share/security/patches/SA-10:01/bind9-6.patch.asc
new file mode 100644
index 0000000000..81ea6cc52a
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-6.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRRBXFdaIBMps37IRAgOTAJ9nohOq/qMnHn+UqpIzTzGUSfSyBgCfe1+E
+dYrlrNWv7HuHcZz1XmMk1pc=
+=uwek
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:01/bind9-63.patch b/share/security/patches/SA-10:01/bind9-63.patch
new file mode 100644
index 0000000000..1209ca9935
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-63.patch
@@ -0,0 +1,308 @@
+Index: contrib/bind9/lib/dns/rbtdb.c
+===================================================================
+--- contrib/bind9/lib/dns/rbtdb.c	(revision 200669)
++++ contrib/bind9/lib/dns/rbtdb.c	(working copy)
+@@ -2652,7 +2652,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_na
+ 	}
+ 
+ 	if (dname_header != NULL &&
+-	    (dname_header->trust != dns_trust_pending ||
++	    (!DNS_TRUST_PENDING(dname_header->trust) ||
+ 	     (search->options & DNS_DBFIND_PENDINGOK) != 0)) {
+ 		/*
+ 		 * We increment the reference count on node to ensure that
+@@ -3113,7 +3113,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbv
+ 	if (found == NULL ||
+ 	    (found->trust == dns_trust_glue &&
+ 	     ((options & DNS_DBFIND_GLUEOK) == 0)) ||
+-	    (found->trust == dns_trust_pending &&
++	    (DNS_TRUST_PENDING(found->trust) &&
+ 	     ((options & DNS_DBFIND_PENDINGOK) == 0))) {
+ 		/*
+ 		 * If there is an NS rdataset at this node, then this is the
+Index: contrib/bind9/lib/dns/include/dns/types.h
+===================================================================
+--- contrib/bind9/lib/dns/include/dns/types.h	(revision 200669)
++++ contrib/bind9/lib/dns/include/dns/types.h	(working copy)
+@@ -226,40 +226,51 @@ enum {
+ 	dns_trust_none = 0,
+ #define dns_trust_none			((dns_trust_t)dns_trust_none)
+ 
+-	/* Subject to DNSSEC validation but has not yet been validated */
+-	dns_trust_pending = 1,
+-#define dns_trust_pending		((dns_trust_t)dns_trust_pending)
++	/*%
++	 * Subject to DNSSEC validation but has not yet been validated
++	 * dns_trust_pending_additional (from the additional section).
++	 */
++	dns_trust_pending_additional = 1,
++#define dns_trust_pending_additional \
++		((dns_trust_t)dns_trust_pending_additional)
+ 
+-	/* Received in the additional section of a response. */
+-	dns_trust_additional = 2,
++	dns_trust_pending_answer = 2,
++#define dns_trust_pending_answer	((dns_trust_t)dns_trust_pending_answer)
++
++	/*% Received in the additional section of a response. */
++	dns_trust_additional = 3,
+ #define dns_trust_additional		((dns_trust_t)dns_trust_additional)
+ 
+-	/* Received in a referral response. */ 
+-	dns_trust_glue = 3,
++	/* Received in a referral response. */
++	dns_trust_glue = 4,
+ #define dns_trust_glue			((dns_trust_t)dns_trust_glue)
+ 
+-	/* Answser from a non-authoritative server */
+-	dns_trust_answer = 4,
++	/* Answer from a non-authoritative server */
++	dns_trust_answer = 5,
+ #define dns_trust_answer		((dns_trust_t)dns_trust_answer)
+ 
+ 	/*  Received in the authority section as part of an
+ 	    authoritative response */
+-	dns_trust_authauthority = 5,
++	dns_trust_authauthority = 6,
+ #define dns_trust_authauthority		((dns_trust_t)dns_trust_authauthority)
+ 
+-	/* Answser from an authoritative server */
+-	dns_trust_authanswer = 6,
++	/* Answer from an authoritative server */
++	dns_trust_authanswer = 7,
+ #define dns_trust_authanswer		((dns_trust_t)dns_trust_authanswer)
+ 
+-	/* Successfully DNSSEC validated */	
+-	dns_trust_secure = 7,
++	/* Successfully DNSSEC validated */
++	dns_trust_secure = 8,
+ #define dns_trust_secure		((dns_trust_t)dns_trust_secure)
+ 
+ 	/* This server is authoritative */
+-	dns_trust_ultimate = 8
++	dns_trust_ultimate = 9
+ #define dns_trust_ultimate		((dns_trust_t)dns_trust_ultimate)
+ };
+ 
++#define DNS_TRUST_PENDING(x)		((x) == dns_trust_pending_answer || \
++					 (x) == dns_trust_pending_additional)
++#define DNS_TRUST_GLUE(x)		((x) == dns_trust_glue)
++
+ /*
+  * Name checking severites.
+  */
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+--- contrib/bind9/lib/dns/resolver.c	(revision 200669)
++++ contrib/bind9/lib/dns/resolver.c	(working copy)
+@@ -3603,6 +3603,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 		 * for it, unless it is glue.
+ 		 */
+ 		if (secure_domain && rdataset->trust != dns_trust_glue) {
++			dns_trust_t trust;
+ 			/*
+ 			 * RRSIGs are validated as part of validating the
+ 			 * type they cover.
+@@ -3639,12 +3640,34 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 			}
+ 
+ 			/*
++			 * Reject out of bailiwick additional records
++			 * without RRSIGs as they can't possibly validate
++			 * as "secure" and as we will never never want to
++			 * store these as "answers" after validation.
++			 */
++			if (rdataset->trust == dns_trust_additional &&
++			    sigrdataset == NULL && EXTERNAL(rdataset))
++				continue;
++ 
++			/*
++			 * XXXMPA: If we store as "answer" after validating
++			 * then we need to do bailiwick processing and
++			 * also need to track whether RRsets are in or
++			 * out of bailiwick.  This will require a another
++			 * pending trust level.
++			 *
+ 			 * Cache this rdataset/sigrdataset pair as
+-			 * pending data.
++			 * pending data.  Track whether it was additional
++			 * or not.
+ 			 */
+-			rdataset->trust = dns_trust_pending;
++			if (rdataset->trust == dns_trust_additional)
++				trust = dns_trust_pending_additional;
++			else
++				trust = dns_trust_pending_answer;
++ 
++			rdataset->trust = trust;
+ 			if (sigrdataset != NULL)
+-				sigrdataset->trust = dns_trust_pending;
++				sigrdataset->trust = trust;
+ 			if (!need_validation)
+ 				addedrdataset = ardataset;
+ 			else
+@@ -3964,7 +3987,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t
+ 			for (trdataset = ISC_LIST_HEAD(tname->list);
+ 			     trdataset != NULL;
+ 			     trdataset = ISC_LIST_NEXT(trdataset, link))
+-				trdataset->trust = dns_trust_pending;
++				trdataset->trust = dns_trust_pending_answer;
+ 			result = dns_message_nextname(fctx->rmessage,
+ 						      DNS_SECTION_AUTHORITY);
+ 		}
+Index: contrib/bind9/lib/dns/masterdump.c
+===================================================================
+--- contrib/bind9/lib/dns/masterdump.c	(revision 200669)
++++ contrib/bind9/lib/dns/masterdump.c	(working copy)
+@@ -763,7 +763,8 @@ dump_order_compare(const void *a, const void *b) {
+ 
+ static const char *trustnames[] = {
+ 	"none",
+-	"pending",
++	"pending-additional",
++	"pending-answer",
+ 	"additional",
+ 	"glue",
+ 	"answer",
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+--- contrib/bind9/lib/dns/validator.c	(revision 200669)
++++ contrib/bind9/lib/dns/validator.c	(working copy)
+@@ -235,7 +235,7 @@ auth_nonpending(dns_message_t *message) {
+ 		     rdataset != NULL;
+ 		     rdataset = ISC_LIST_NEXT(rdataset, link))
+ 		{
+-			if (rdataset->trust == dns_trust_pending)
++			if (DNS_TRUST_PENDING(rdataset->trust))
+ 				rdataset->trust = dns_trust_authauthority;
+ 		}
+ 	}
+@@ -1146,7 +1146,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 		 * We have an rrset for the given keyname.
+ 		 */
+ 		val->keyset = &val->frdataset;
+-		if (val->frdataset.trust == dns_trust_pending &&
++		if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 		    dns_rdataset_isassociated(&val->fsigrdataset))
+ 		{
+ 			/*
+@@ -1161,7 +1161,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 			if (result != ISC_R_SUCCESS)
+ 				return (result);
+ 			return (DNS_R_WAIT);
+-		} else if (val->frdataset.trust == dns_trust_pending) {
++		} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 			/*
+ 			 * Having a pending key with no signature means that
+ 			 * something is broken.
+@@ -1723,7 +1723,7 @@ validatezonekey(dns_validator_t *val) {
+ 			 * We have DS records.
+ 			 */
+ 			val->dsset = &val->frdataset;
+-			if (val->frdataset.trust == dns_trust_pending &&
++			if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 			    dns_rdataset_isassociated(&val->fsigrdataset))
+ 			{
+ 				result = create_validator(val,
+@@ -1736,7 +1736,7 @@ validatezonekey(dns_validator_t *val) {
+ 				if (result != ISC_R_SUCCESS)
+ 					return (result);
+ 				return (DNS_R_WAIT);
+-			} else if (val->frdataset.trust == dns_trust_pending) {
++			} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				/*
+ 				 * There should never be an unsigned DS.
+ 				 */
+Index: contrib/bind9/bin/named/query.c
+===================================================================
+--- contrib/bind9/bin/named/query.c	(revision 200669)
++++ contrib/bind9/bin/named/query.c	(working copy)
+@@ -92,6 +92,8 @@
+ #define DNS_GETDB_NOLOG 0x02U
+ #define DNS_GETDB_PARTIAL 0x04U
+ 
++#define PENDINGOK(x)	(((x) & DNS_DBFIND_PENDINGOK) != 0)
++
+ static void
+ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype);
+ 
+@@ -1698,14 +1700,14 @@ query_addbestns(ns_client_t *client) {
+ 		zsigrdataset = NULL;
+ 	}
+ 
+-	if ((client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0 &&
+-	    (rdataset->trust == dns_trust_pending ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending)))
++	if ((DNS_TRUST_PENDING(rdataset->trust) ||
++	    (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust))) &&
++	    !PENDINGOK(client->query.dboptions))
+ 		goto cleanup;
+ 
+-	if (WANTDNSSEC(client) && SECURE(client) &&
+-	    (rdataset->trust == dns_trust_glue ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)))
++	if ((DNS_TRUST_GLUE(rdataset->trust) ||
++	    (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) &&
++  	    SECURE(client) && WANTDNSSEC(client))
+ 		goto cleanup;
+ 
+ 	query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
+@@ -2364,6 +2366,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	unsigned int options;
+ 	isc_boolean_t empty_wild;
+ 	dns_rdataset_t *noqname;
++	dns_rdataset_t tmprdataset;
++	unsigned int dboptions;
+ 
+ 	CTRACE("query_find");
+ 
+@@ -2563,9 +2567,47 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	/*
+ 	 * Now look for an answer in the database.
+ 	 */
++	dboptions = client->query.dboptions;
++	if (sigrdataset == NULL && client->view->enablednssec) {
++		/*
++		 * If the client doesn't want DNSSEC we still want to
++		 * look for any data pending validation to save a remote
++		 * lookup if possible.
++		 */
++		dns_rdataset_init(&tmprdataset);
++		sigrdataset = &tmprdataset;
++		dboptions |= DNS_DBFIND_PENDINGOK;
++	}
++ refind:
+ 	result = dns_db_find(db, client->query.qname, version, type,
+-			     client->query.dboptions, client->now,
+-			     &node, fname, rdataset, sigrdataset);
++			     dboptions, client->now, &node, fname,
++			     rdataset, sigrdataset);
++	/*
++	 * If we have found pending data try to validate it.
++	 * If the data does not validate as secure and we can't
++	 * use the unvalidated data requery the database with
++	 * pending disabled to prevent infinite looping.
++	 */
++	if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust))
++		goto validation_done;
++	if (rdataset->trust != dns_trust_pending_answer ||
++	    !PENDINGOK(client->query.dboptions)) {
++		dns_rdataset_disassociate(rdataset);
++		if (sigrdataset != NULL &&
++		    dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		if (sigrdataset == &tmprdataset)
++			sigrdataset = NULL;
++		dns_db_detachnode(db, &node);
++		dboptions &= ~DNS_DBFIND_PENDINGOK;
++		goto refind;
++	}
++ validation_done:
++	if (sigrdataset == &tmprdataset) {
++		if (dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		sigrdataset = NULL;
++	}
+ 
+  resume:
+ 	CTRACE("query_find: resume");
diff --git a/share/security/patches/SA-10:01/bind9-63.patch.asc b/share/security/patches/SA-10:01/bind9-63.patch.asc
new file mode 100644
index 0000000000..dafbad5c1a
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-63.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRRBiFdaIBMps37IRAtY0AJ4oHb/GiLKlyBzMpoLiCRQu/KG3MgCgmgHL
+aUIToaiXh7iR2PIlNHVWc7U=
+=Sv7L
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:01/bind9-64.patch b/share/security/patches/SA-10:01/bind9-64.patch
new file mode 100644
index 0000000000..3fe56e9374
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-64.patch
@@ -0,0 +1,317 @@
+Index: contrib/bind9/lib/dns/rbtdb.c
+===================================================================
+--- contrib/bind9/lib/dns/rbtdb.c	(revision 200669)
++++ contrib/bind9/lib/dns/rbtdb.c	(working copy)
+@@ -2667,7 +2667,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_na
+ 	}
+ 
+ 	if (dname_header != NULL &&
+-	    (dname_header->trust != dns_trust_pending ||
++	    (!DNS_TRUST_PENDING(dname_header->trust) ||
+ 	     (search->options & DNS_DBFIND_PENDINGOK) != 0)) {
+ 		/*
+ 		 * We increment the reference count on node to ensure that
+@@ -3129,7 +3129,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbv
+ 	if (found == NULL ||
+ 	    (found->trust == dns_trust_glue &&
+ 	     ((options & DNS_DBFIND_GLUEOK) == 0)) ||
+-	    (found->trust == dns_trust_pending &&
++	    (DNS_TRUST_PENDING(found->trust) &&
+ 	     ((options & DNS_DBFIND_PENDINGOK) == 0))) {
+ 		/*
+ 		 * If there is an NS rdataset at this node, then this is the
+Index: contrib/bind9/lib/dns/include/dns/types.h
+===================================================================
+--- contrib/bind9/lib/dns/include/dns/types.h	(revision 200669)
++++ contrib/bind9/lib/dns/include/dns/types.h	(working copy)
+@@ -226,40 +226,51 @@ enum {
+ 	dns_trust_none = 0,
+ #define dns_trust_none			((dns_trust_t)dns_trust_none)
+ 
+-	/* Subject to DNSSEC validation but has not yet been validated */
+-	dns_trust_pending = 1,
+-#define dns_trust_pending		((dns_trust_t)dns_trust_pending)
++	/*%
++	 * Subject to DNSSEC validation but has not yet been validated
++	 * dns_trust_pending_additional (from the additional section).
++	 */
++	dns_trust_pending_additional = 1,
++#define dns_trust_pending_additional \
++		((dns_trust_t)dns_trust_pending_additional)
+ 
+-	/* Received in the additional section of a response. */
+-	dns_trust_additional = 2,
++	dns_trust_pending_answer = 2,
++#define dns_trust_pending_answer	((dns_trust_t)dns_trust_pending_answer)
++
++	/*% Received in the additional section of a response. */
++	dns_trust_additional = 3,
+ #define dns_trust_additional		((dns_trust_t)dns_trust_additional)
+ 
+-	/* Received in a referral response. */ 
+-	dns_trust_glue = 3,
++	/* Received in a referral response. */
++	dns_trust_glue = 4,
+ #define dns_trust_glue			((dns_trust_t)dns_trust_glue)
+ 
+-	/* Answser from a non-authoritative server */
+-	dns_trust_answer = 4,
++	/* Answer from a non-authoritative server */
++	dns_trust_answer = 5,
+ #define dns_trust_answer		((dns_trust_t)dns_trust_answer)
+ 
+ 	/*  Received in the authority section as part of an
+ 	    authoritative response */
+-	dns_trust_authauthority = 5,
++	dns_trust_authauthority = 6,
+ #define dns_trust_authauthority		((dns_trust_t)dns_trust_authauthority)
+ 
+-	/* Answser from an authoritative server */
+-	dns_trust_authanswer = 6,
++	/* Answer from an authoritative server */
++	dns_trust_authanswer = 7,
+ #define dns_trust_authanswer		((dns_trust_t)dns_trust_authanswer)
+ 
+-	/* Successfully DNSSEC validated */	
+-	dns_trust_secure = 7,
++	/* Successfully DNSSEC validated */
++	dns_trust_secure = 8,
+ #define dns_trust_secure		((dns_trust_t)dns_trust_secure)
+ 
+ 	/* This server is authoritative */
+-	dns_trust_ultimate = 8
++	dns_trust_ultimate = 9
+ #define dns_trust_ultimate		((dns_trust_t)dns_trust_ultimate)
+ };
+ 
++#define DNS_TRUST_PENDING(x)		((x) == dns_trust_pending_answer || \
++					 (x) == dns_trust_pending_additional)
++#define DNS_TRUST_GLUE(x)		((x) == dns_trust_glue)
++
+ /*
+  * Name checking severites.
+  */
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+--- contrib/bind9/lib/dns/resolver.c	(revision 200669)
++++ contrib/bind9/lib/dns/resolver.c	(working copy)
+@@ -3657,6 +3657,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 		 * for it, unless it is glue.
+ 		 */
+ 		if (secure_domain && rdataset->trust != dns_trust_glue) {
++			dns_trust_t trust;
+ 			/*
+ 			 * RRSIGs are validated as part of validating the
+ 			 * type they cover.
+@@ -3693,12 +3694,34 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 			}
+ 
+ 			/*
++			 * Reject out of bailiwick additional records
++			 * without RRSIGs as they can't possibly validate
++			 * as "secure" and as we will never never want to
++			 * store these as "answers" after validation.
++			 */
++			if (rdataset->trust == dns_trust_additional &&
++			    sigrdataset == NULL && EXTERNAL(rdataset))
++				continue;
++ 
++			/*
++			 * XXXMPA: If we store as "answer" after validating
++			 * then we need to do bailiwick processing and
++			 * also need to track whether RRsets are in or
++			 * out of bailiwick.  This will require a another
++			 * pending trust level.
++			 *
+ 			 * Cache this rdataset/sigrdataset pair as
+-			 * pending data.
++			 * pending data.  Track whether it was additional
++			 * or not.
+ 			 */
+-			rdataset->trust = dns_trust_pending;
++			if (rdataset->trust == dns_trust_additional)
++				trust = dns_trust_pending_additional;
++			else
++				trust = dns_trust_pending_answer;
++ 
++			rdataset->trust = trust;
+ 			if (sigrdataset != NULL)
+-				sigrdataset->trust = dns_trust_pending;
++				sigrdataset->trust = trust;
+ 			if (!need_validation)
+ 				addedrdataset = ardataset;
+ 			else
+@@ -4044,7 +4067,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t
+ 			for (trdataset = ISC_LIST_HEAD(tname->list);
+ 			     trdataset != NULL;
+ 			     trdataset = ISC_LIST_NEXT(trdataset, link))
+-				trdataset->trust = dns_trust_pending;
++				trdataset->trust = dns_trust_pending_answer;
+ 			result = dns_message_nextname(fctx->rmessage,
+ 						      DNS_SECTION_AUTHORITY);
+ 		}
+Index: contrib/bind9/lib/dns/masterdump.c
+===================================================================
+--- contrib/bind9/lib/dns/masterdump.c	(revision 200669)
++++ contrib/bind9/lib/dns/masterdump.c	(working copy)
+@@ -763,7 +763,8 @@ dump_order_compare(const void *a, const void *b) {
+ 
+ static const char *trustnames[] = {
+ 	"none",
+-	"pending",
++	"pending-additional",
++	"pending-answer",
+ 	"additional",
+ 	"glue",
+ 	"answer",
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+--- contrib/bind9/lib/dns/validator.c	(revision 200669)
++++ contrib/bind9/lib/dns/validator.c	(working copy)
+@@ -238,7 +238,7 @@ auth_nonpending(dns_message_t *message) {
+ 		     rdataset != NULL;
+ 		     rdataset = ISC_LIST_NEXT(rdataset, link))
+ 		{
+-			if (rdataset->trust == dns_trust_pending)
++			if (DNS_TRUST_PENDING(rdataset->trust))
+ 				rdataset->trust = dns_trust_authauthority;
+ 		}
+ 	}
+@@ -1175,7 +1175,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 		 * We have an rrset for the given keyname.
+ 		 */
+ 		val->keyset = &val->frdataset;
+-		if (val->frdataset.trust == dns_trust_pending &&
++		if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 		    dns_rdataset_isassociated(&val->fsigrdataset))
+ 		{
+ 			/*
+@@ -1190,7 +1190,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 			if (result != ISC_R_SUCCESS)
+ 				return (result);
+ 			return (DNS_R_WAIT);
+-		} else if (val->frdataset.trust == dns_trust_pending) {
++		} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 			/*
+ 			 * Having a pending key with no signature means that
+ 			 * something is broken.
+@@ -1758,7 +1758,7 @@ validatezonekey(dns_validator_t *val) {
+ 			 * We have DS records.
+ 			 */
+ 			val->dsset = &val->frdataset;
+-			if (val->frdataset.trust == dns_trust_pending &&
++			if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 			    dns_rdataset_isassociated(&val->fsigrdataset))
+ 			{
+ 				result = create_validator(val,
+@@ -1771,7 +1771,7 @@ validatezonekey(dns_validator_t *val) {
+ 				if (result != ISC_R_SUCCESS)
+ 					return (result);
+ 				return (DNS_R_WAIT);
+-			} else if (val->frdataset.trust == dns_trust_pending) {
++			} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				/*
+ 				 * There should never be an unsigned DS.
+ 				 */
+@@ -2564,7 +2564,7 @@ proveunsecure(dns_validator_t *val, isc_boolean_t
+ 			 * There is no DS.  If this is a delegation,
+ 			 * we maybe done.
+ 			 */
+-			if (val->frdataset.trust == dns_trust_pending) {
++			if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				result = create_fetch(val, tname,
+ 						      dns_rdatatype_ds,
+ 						      dsfetched2,
+Index: contrib/bind9/bin/named/query.c
+===================================================================
+--- contrib/bind9/bin/named/query.c	(revision 200669)
++++ contrib/bind9/bin/named/query.c	(working copy)
+@@ -92,6 +92,8 @@
+ #define DNS_GETDB_NOLOG 0x02U
+ #define DNS_GETDB_PARTIAL 0x04U
+ 
++#define PENDINGOK(x)	(((x) & DNS_DBFIND_PENDINGOK) != 0)
++
+ static void
+ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype);
+ 
+@@ -1698,14 +1700,14 @@ query_addbestns(ns_client_t *client) {
+ 		zsigrdataset = NULL;
+ 	}
+ 
+-	if ((client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0 &&
+-	    (rdataset->trust == dns_trust_pending ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending)))
++	if ((DNS_TRUST_PENDING(rdataset->trust) ||
++	    (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust))) &&
++	    !PENDINGOK(client->query.dboptions))
+ 		goto cleanup;
+ 
+-	if (WANTDNSSEC(client) && SECURE(client) &&
+-	    (rdataset->trust == dns_trust_glue ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)))
++	if ((DNS_TRUST_GLUE(rdataset->trust) ||
++	    (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) &&
++  	    SECURE(client) && WANTDNSSEC(client))
+ 		goto cleanup;
+ 
+ 	query_addrrset(client, &fname, &rdataset, &sigrdataset, dbuf,
+@@ -2367,6 +2369,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	unsigned int options;
+ 	isc_boolean_t empty_wild;
+ 	dns_rdataset_t *noqname;
++	dns_rdataset_t tmprdataset;
++	unsigned int dboptions;
+ 
+ 	CTRACE("query_find");
+ 
+@@ -2566,9 +2570,47 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	/*
+ 	 * Now look for an answer in the database.
+ 	 */
++	dboptions = client->query.dboptions;
++	if (sigrdataset == NULL && client->view->enablednssec) {
++		/*
++		 * If the client doesn't want DNSSEC we still want to
++		 * look for any data pending validation to save a remote
++		 * lookup if possible.
++		 */
++		dns_rdataset_init(&tmprdataset);
++		sigrdataset = &tmprdataset;
++		dboptions |= DNS_DBFIND_PENDINGOK;
++	}
++ refind:
+ 	result = dns_db_find(db, client->query.qname, version, type,
+-			     client->query.dboptions, client->now,
+-			     &node, fname, rdataset, sigrdataset);
++			     dboptions, client->now, &node, fname,
++			     rdataset, sigrdataset);
++	/*
++	 * If we have found pending data try to validate it.
++	 * If the data does not validate as secure and we can't
++	 * use the unvalidated data requery the database with
++	 * pending disabled to prevent infinite looping.
++	 */
++	if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust))
++		goto validation_done;
++	if (rdataset->trust != dns_trust_pending_answer ||
++	    !PENDINGOK(client->query.dboptions)) {
++		dns_rdataset_disassociate(rdataset);
++		if (sigrdataset != NULL &&
++		    dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		if (sigrdataset == &tmprdataset)
++			sigrdataset = NULL;
++		dns_db_detachnode(db, &node);
++		dboptions &= ~DNS_DBFIND_PENDINGOK;
++		goto refind;
++	}
++ validation_done:
++	if (sigrdataset == &tmprdataset) {
++		if (dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		sigrdataset = NULL;
++	}
+ 
+  resume:
+ 	CTRACE("query_find: resume");
diff --git a/share/security/patches/SA-10:01/bind9-64.patch.asc b/share/security/patches/SA-10:01/bind9-64.patch.asc
new file mode 100644
index 0000000000..e546dc110b
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-64.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRRBlFdaIBMps37IRAm/eAJ9VMEyBjEw1TRPaVdBipCifs+slhACdEkgr
+1TgS4uwTQRC74qxYgIN430k=
+=5N1s
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:01/bind9-71.patch b/share/security/patches/SA-10:01/bind9-71.patch
new file mode 100644
index 0000000000..a0fccf50a0
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-71.patch
@@ -0,0 +1,336 @@
+Index: contrib/bind9/lib/dns/rbtdb.c
+===================================================================
+--- contrib/bind9/lib/dns/rbtdb.c	(revision 200669)
++++ contrib/bind9/lib/dns/rbtdb.c	(working copy)
+@@ -3070,7 +3070,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_na
+ 	}
+ 
+ 	if (dname_header != NULL &&
+-	    (dname_header->trust != dns_trust_pending ||
++	    (!DNS_TRUST_PENDING(dname_header->trust) ||
+ 	     (search->options & DNS_DBFIND_PENDINGOK) != 0)) {
+ 		/*
+ 		 * We increment the reference count on node to ensure that
+@@ -3584,7 +3584,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbv
+ 	if (found == NULL ||
+ 	    (found->trust == dns_trust_glue &&
+ 	     ((options & DNS_DBFIND_GLUEOK) == 0)) ||
+-	    (found->trust == dns_trust_pending &&
++	    (DNS_TRUST_PENDING(found->trust) &&
+ 	     ((options & DNS_DBFIND_PENDINGOK) == 0))) {
+ 		/*
+ 		 * If there is an NS rdataset at this node, then this is the
+Index: contrib/bind9/lib/dns/include/dns/types.h
+===================================================================
+--- contrib/bind9/lib/dns/include/dns/types.h	(revision 200669)
++++ contrib/bind9/lib/dns/include/dns/types.h	(working copy)
+@@ -241,40 +241,52 @@ enum {
+ 	dns_trust_none = 0,
+ #define dns_trust_none			((dns_trust_t)dns_trust_none)
+ 
+-	/*% Subject to DNSSEC validation but has not yet been validated */
+-	dns_trust_pending = 1,
+-#define dns_trust_pending		((dns_trust_t)dns_trust_pending)
+-
++	/*%
++	 * Subject to DNSSEC validation but has not yet been validated
++	 * dns_trust_pending_additional (from the additional section).
++	 */
++	dns_trust_pending_additional = 1,
++#define dns_trust_pending_additional \
++		((dns_trust_t)dns_trust_pending_additional)
++ 
++	dns_trust_pending_answer = 2,
++#define dns_trust_pending_answer	((dns_trust_t)dns_trust_pending_answer)
++ 
+ 	/*% Received in the additional section of a response. */
+-	dns_trust_additional = 2,
++	dns_trust_additional = 3,
+ #define dns_trust_additional		((dns_trust_t)dns_trust_additional)
+-
+-	/* Received in a referral response. */ 
+-	dns_trust_glue = 3,
++ 
++	/* Received in a referral response. */
++	dns_trust_glue = 4,
+ #define dns_trust_glue			((dns_trust_t)dns_trust_glue)
+-
+-	/* Answser from a non-authoritative server */
+-	dns_trust_answer = 4,
++ 
++	/* Answer from a non-authoritative server */
++	dns_trust_answer = 5,
+ #define dns_trust_answer		((dns_trust_t)dns_trust_answer)
+-
++ 
+ 	/*  Received in the authority section as part of an
+ 	    authoritative response */
+-	dns_trust_authauthority = 5,
++	dns_trust_authauthority = 6,
+ #define dns_trust_authauthority		((dns_trust_t)dns_trust_authauthority)
+ 
+-	/* Answser from an authoritative server */
+-	dns_trust_authanswer = 6,
++	/* Answer from an authoritative server */
++	dns_trust_authanswer = 7,
+ #define dns_trust_authanswer		((dns_trust_t)dns_trust_authanswer)
+-
+-	/* Successfully DNSSEC validated */	
+-	dns_trust_secure = 7,
++ 
++	/* Successfully DNSSEC validated */
++	dns_trust_secure = 8,
+ #define dns_trust_secure		((dns_trust_t)dns_trust_secure)
+ 
+ 	/* This server is authoritative */
+-	dns_trust_ultimate = 8
++	dns_trust_ultimate = 9
+ #define dns_trust_ultimate		((dns_trust_t)dns_trust_ultimate)
+ };
+ 
++#define DNS_TRUST_PENDING(x)		((x) == dns_trust_pending_answer || \
++					 (x) == dns_trust_pending_additional)
++#define DNS_TRUST_GLUE(x)		((x) == dns_trust_glue)
++ 
++ 
+ /*%
+  * Name checking severites.
+  */
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+--- contrib/bind9/lib/dns/resolver.c	(revision 200669)
++++ contrib/bind9/lib/dns/resolver.c	(working copy)
+@@ -3847,6 +3847,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 		 * for it, unless it is glue.
+ 		 */
+ 		if (secure_domain && rdataset->trust != dns_trust_glue) {
++			dns_trust_t trust;
+ 			/*
+ 			 * RRSIGs are validated as part of validating the
+ 			 * type they cover.
+@@ -3883,12 +3884,34 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 			}
+ 
+ 			/*
++			 * Reject out of bailiwick additional records
++			 * without RRSIGs as they can't possibly validate
++			 * as "secure" and as we will never never want to
++			 * store these as "answers" after validation.
++			 */
++			if (rdataset->trust == dns_trust_additional &&
++			    sigrdataset == NULL && EXTERNAL(rdataset))
++				continue;
++ 
++			/*
++			 * XXXMPA: If we store as "answer" after validating
++			 * then we need to do bailiwick processing and
++			 * also need to track whether RRsets are in or
++			 * out of bailiwick.  This will require a another
++			 * pending trust level.
++			 *
+ 			 * Cache this rdataset/sigrdataset pair as
+-			 * pending data.
++			 * pending data.  Track whether it was additional
++			 * or not.
+ 			 */
+-			rdataset->trust = dns_trust_pending;
++			if (rdataset->trust == dns_trust_additional)
++				trust = dns_trust_pending_additional;
++			else
++				trust = dns_trust_pending_answer;
++ 
++			rdataset->trust = trust;
+ 			if (sigrdataset != NULL)
+-				sigrdataset->trust = dns_trust_pending;
++				sigrdataset->trust = trust;
+ 			if (!need_validation)
+ 				addedrdataset = ardataset;
+ 			else
+@@ -4236,7 +4259,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t
+ 			for (trdataset = ISC_LIST_HEAD(tname->list);
+ 			     trdataset != NULL;
+ 			     trdataset = ISC_LIST_NEXT(trdataset, link))
+-				trdataset->trust = dns_trust_pending;
++				trdataset->trust = dns_trust_pending_answer;
+ 			result = dns_message_nextname(fctx->rmessage,
+ 						      DNS_SECTION_AUTHORITY);
+ 		}
+Index: contrib/bind9/lib/dns/masterdump.c
+===================================================================
+--- contrib/bind9/lib/dns/masterdump.c	(revision 200669)
++++ contrib/bind9/lib/dns/masterdump.c	(working copy)
+@@ -774,7 +774,8 @@ dump_order_compare(const void *a, const void *b) {
+ 
+ static const char *trustnames[] = {
+ 	"none",
+-	"pending",
++	"pending-additional",
++	"pending-answer",
+ 	"additional",
+ 	"glue",
+ 	"answer",
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+--- contrib/bind9/lib/dns/validator.c	(revision 200669)
++++ contrib/bind9/lib/dns/validator.c	(working copy)
+@@ -1140,7 +1140,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 		 * We have an rrset for the given keyname.
+ 		 */
+ 		val->keyset = &val->frdataset;
+-		if (val->frdataset.trust == dns_trust_pending &&
++		if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 		    dns_rdataset_isassociated(&val->fsigrdataset))
+ 		{
+ 			/*
+@@ -1155,7 +1155,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 			if (result != ISC_R_SUCCESS)
+ 				return (result);
+ 			return (DNS_R_WAIT);
+-		} else if (val->frdataset.trust == dns_trust_pending) {
++		} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 			/*
+ 			 * Having a pending key with no signature means that
+ 			 * something is broken.
+@@ -1763,7 +1763,7 @@ validatezonekey(dns_validator_t *val) {
+ 			 * We have DS records.
+ 			 */
+ 			val->dsset = &val->frdataset;
+-			if (val->frdataset.trust == dns_trust_pending &&
++			if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 			    dns_rdataset_isassociated(&val->fsigrdataset))
+ 			{
+ 				result = create_validator(val,
+@@ -1776,7 +1776,7 @@ validatezonekey(dns_validator_t *val) {
+ 				if (result != ISC_R_SUCCESS)
+ 					return (result);
+ 				return (DNS_R_WAIT);
+-			} else if (val->frdataset.trust == dns_trust_pending) {
++			} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				/*
+ 				 * There should never be an unsigned DS.
+ 				 */
+@@ -2586,7 +2586,7 @@ proveunsecure(dns_validator_t *val, isc_boolean_t
+ 			 * There is no DS.  If this is a delegation,
+ 			 * we maybe done.
+ 			 */
+-			if (val->frdataset.trust == dns_trust_pending) {
++			if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				result = create_fetch(val, tname,
+ 						      dns_rdatatype_ds,
+ 						      dsfetched2,
+Index: contrib/bind9/bin/named/query.c
+===================================================================
+--- contrib/bind9/bin/named/query.c	(revision 200669)
++++ contrib/bind9/bin/named/query.c	(working copy)
+@@ -109,6 +109,8 @@
+ #define DNS_GETDB_NOLOG 0x02U
+ #define DNS_GETDB_PARTIAL 0x04U
+ 
++#define PENDINGOK(x)	(((x) & DNS_DBFIND_PENDINGOK) != 0)
++
+ typedef struct client_additionalctx {
+ 	ns_client_t *client;
+ 	dns_rdataset_t *rdataset;
+@@ -1721,8 +1723,8 @@ query_addadditional2(void *arg, dns_name_t *name,
+ 	 */
+ 	if (result == ISC_R_SUCCESS &&
+ 	    additionaltype == dns_rdatasetadditional_fromcache &&
+-	    (rdataset->trust == dns_trust_pending ||
+-	     rdataset->trust == dns_trust_glue) &&
++	    (DNS_TRUST_PENDING(rdataset->trust) ||
++	     DNS_TRUST_GLUE(rdataset->trust)) &&
+ 	    !validate(client, db, fname, rdataset, sigrdataset)) {
+ 		dns_rdataset_disassociate(rdataset);
+ 		if (dns_rdataset_isassociated(sigrdataset))
+@@ -1761,8 +1763,8 @@ query_addadditional2(void *arg, dns_name_t *name,
+ 	 */
+ 	if (result == ISC_R_SUCCESS &&
+ 	    additionaltype == dns_rdatasetadditional_fromcache &&
+-	    (rdataset->trust == dns_trust_pending ||
+-	     rdataset->trust == dns_trust_glue) &&
++	    (DNS_TRUST_PENDING(rdataset->trust) ||
++	     DNS_TRUST_GLUE(rdataset->trust)) &&
+ 	    !validate(client, db, fname, rdataset, sigrdataset)) {
+ 		dns_rdataset_disassociate(rdataset);
+ 		if (dns_rdataset_isassociated(sigrdataset))
+@@ -2547,14 +2549,14 @@ query_addbestns(ns_client_t *client) {
+ 	/*
+ 	 * Attempt to validate RRsets that are pending or that are glue.
+ 	 */
+-	if ((rdataset->trust == dns_trust_pending ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending))
++	if ((DNS_TRUST_PENDING(rdataset->trust) ||
++	     (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust)))
+ 	    && !validate(client, db, fname, rdataset, sigrdataset) &&
+-	    (client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0)
++	    !PENDINGOK(client->query.dboptions))
+ 		goto cleanup;
+ 
+-	if ((rdataset->trust == dns_trust_glue ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)) &&
++	if ((DNS_TRUST_GLUE(rdataset->trust) ||
++	     (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) &&
+ 	    !validate(client, db, fname, rdataset, sigrdataset) &&
+ 	    SECURE(client) && WANTDNSSEC(client))
+ 		goto cleanup;
+@@ -3335,6 +3337,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	unsigned int options;
+ 	isc_boolean_t empty_wild;
+ 	dns_rdataset_t *noqname;
++	dns_rdataset_t tmprdataset;
++	unsigned int dboptions;
+ 
+ 	CTRACE("query_find");
+ 
+@@ -3544,9 +3548,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	/*
+ 	 * Now look for an answer in the database.
+ 	 */
++	dboptions = client->query.dboptions;
++	if (sigrdataset == NULL && client->view->enablednssec) {
++		/*
++		 * If the client doesn't want DNSSEC we still want to
++		 * look for any data pending validation to save a remote
++		 * lookup if possible.
++		 */
++		dns_rdataset_init(&tmprdataset);
++		sigrdataset = &tmprdataset;
++		dboptions |= DNS_DBFIND_PENDINGOK;
++	}
++ refind:
+ 	result = dns_db_find(db, client->query.qname, version, type,
+-			     client->query.dboptions, client->now,
+-			     &node, fname, rdataset, sigrdataset);
++			     dboptions, client->now, &node, fname,
++			     rdataset, sigrdataset);
++	/*
++	 * If we have found pending data try to validate it.
++	 * If the data does not validate as secure and we can't
++	 * use the unvalidated data requery the database with
++	 * pending disabled to prevent infinite looping.
++	 */
++	if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust))
++		goto validation_done;
++	if (validate(client, db, fname, rdataset, sigrdataset))
++		goto validation_done;
++	if (rdataset->trust != dns_trust_pending_answer ||
++	    !PENDINGOK(client->query.dboptions)) {
++		dns_rdataset_disassociate(rdataset);
++		if (sigrdataset != NULL &&
++		    dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		if (sigrdataset == &tmprdataset)
++			sigrdataset = NULL;
++		dns_db_detachnode(db, &node);
++		dboptions &= ~DNS_DBFIND_PENDINGOK;
++		goto refind;
++	}
++ validation_done:
++	if (sigrdataset == &tmprdataset) {
++		if (dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		sigrdataset = NULL;
++	}
+ 
+  resume:
+ 	CTRACE("query_find: resume");
diff --git a/share/security/patches/SA-10:01/bind9-71.patch.asc b/share/security/patches/SA-10:01/bind9-71.patch.asc
new file mode 100644
index 0000000000..4d445c3d9d
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-71.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRRBrFdaIBMps37IRAtZJAJ9IdqpfMK4zSudbEwUAHfVXm/RCIwCdEAlz
+3RzPwYBclU4x6C1lk4AMhas=
+=yp5I
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:01/bind9-72.patch b/share/security/patches/SA-10:01/bind9-72.patch
new file mode 100644
index 0000000000..2cb4a234f5
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-72.patch
@@ -0,0 +1,336 @@
+Index: contrib/bind9/lib/dns/rbtdb.c
+===================================================================
+--- contrib/bind9/lib/dns/rbtdb.c	(revision 200669)
++++ contrib/bind9/lib/dns/rbtdb.c	(working copy)
+@@ -3072,7 +3072,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_na
+ 	}
+ 
+ 	if (dname_header != NULL &&
+-	    (dname_header->trust != dns_trust_pending ||
++	    (!DNS_TRUST_PENDING(dname_header->trust) ||
+ 	     (search->options & DNS_DBFIND_PENDINGOK) != 0)) {
+ 		/*
+ 		 * We increment the reference count on node to ensure that
+@@ -3586,7 +3586,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbv
+ 	if (found == NULL ||
+ 	    (found->trust == dns_trust_glue &&
+ 	     ((options & DNS_DBFIND_GLUEOK) == 0)) ||
+-	    (found->trust == dns_trust_pending &&
++	    (DNS_TRUST_PENDING(found->trust) &&
+ 	     ((options & DNS_DBFIND_PENDINGOK) == 0))) {
+ 		/*
+ 		 * If there is an NS rdataset at this node, then this is the
+Index: contrib/bind9/lib/dns/include/dns/types.h
+===================================================================
+--- contrib/bind9/lib/dns/include/dns/types.h	(revision 200669)
++++ contrib/bind9/lib/dns/include/dns/types.h	(working copy)
+@@ -241,40 +241,52 @@ enum {
+ 	dns_trust_none = 0,
+ #define dns_trust_none			((dns_trust_t)dns_trust_none)
+ 
+-	/*% Subject to DNSSEC validation but has not yet been validated */
+-	dns_trust_pending = 1,
+-#define dns_trust_pending		((dns_trust_t)dns_trust_pending)
+-
++	/*%
++	 * Subject to DNSSEC validation but has not yet been validated
++	 * dns_trust_pending_additional (from the additional section).
++	 */
++	dns_trust_pending_additional = 1,
++#define dns_trust_pending_additional \
++		((dns_trust_t)dns_trust_pending_additional)
++ 
++	dns_trust_pending_answer = 2,
++#define dns_trust_pending_answer	((dns_trust_t)dns_trust_pending_answer)
++ 
+ 	/*% Received in the additional section of a response. */
+-	dns_trust_additional = 2,
++	dns_trust_additional = 3,
+ #define dns_trust_additional		((dns_trust_t)dns_trust_additional)
+-
+-	/* Received in a referral response. */ 
+-	dns_trust_glue = 3,
++ 
++	/* Received in a referral response. */
++	dns_trust_glue = 4,
+ #define dns_trust_glue			((dns_trust_t)dns_trust_glue)
+-
+-	/* Answser from a non-authoritative server */
+-	dns_trust_answer = 4,
++ 
++	/* Answer from a non-authoritative server */
++	dns_trust_answer = 5,
+ #define dns_trust_answer		((dns_trust_t)dns_trust_answer)
+-
++ 
+ 	/*  Received in the authority section as part of an
+ 	    authoritative response */
+-	dns_trust_authauthority = 5,
++	dns_trust_authauthority = 6,
+ #define dns_trust_authauthority		((dns_trust_t)dns_trust_authauthority)
+ 
+-	/* Answser from an authoritative server */
+-	dns_trust_authanswer = 6,
++	/* Answer from an authoritative server */
++	dns_trust_authanswer = 7,
+ #define dns_trust_authanswer		((dns_trust_t)dns_trust_authanswer)
+-
+-	/* Successfully DNSSEC validated */	
+-	dns_trust_secure = 7,
++ 
++	/* Successfully DNSSEC validated */
++	dns_trust_secure = 8,
+ #define dns_trust_secure		((dns_trust_t)dns_trust_secure)
+ 
+ 	/* This server is authoritative */
+-	dns_trust_ultimate = 8
++	dns_trust_ultimate = 9
+ #define dns_trust_ultimate		((dns_trust_t)dns_trust_ultimate)
+ };
+ 
++#define DNS_TRUST_PENDING(x)		((x) == dns_trust_pending_answer || \
++					 (x) == dns_trust_pending_additional)
++#define DNS_TRUST_GLUE(x)		((x) == dns_trust_glue)
++ 
++ 
+ /*%
+  * Name checking severites.
+  */
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+--- contrib/bind9/lib/dns/resolver.c	(revision 200669)
++++ contrib/bind9/lib/dns/resolver.c	(working copy)
+@@ -3887,6 +3887,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 		 * for it, unless it is glue.
+ 		 */
+ 		if (secure_domain && rdataset->trust != dns_trust_glue) {
++			dns_trust_t trust;
+ 			/*
+ 			 * RRSIGs are validated as part of validating the
+ 			 * type they cover.
+@@ -3923,12 +3924,34 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 			}
+ 
+ 			/*
++			 * Reject out of bailiwick additional records
++			 * without RRSIGs as they can't possibly validate
++			 * as "secure" and as we will never never want to
++			 * store these as "answers" after validation.
++			 */
++			if (rdataset->trust == dns_trust_additional &&
++			    sigrdataset == NULL && EXTERNAL(rdataset))
++				continue;
++ 
++			/*
++			 * XXXMPA: If we store as "answer" after validating
++			 * then we need to do bailiwick processing and
++			 * also need to track whether RRsets are in or
++			 * out of bailiwick.  This will require a another
++			 * pending trust level.
++			 *
+ 			 * Cache this rdataset/sigrdataset pair as
+-			 * pending data.
++			 * pending data.  Track whether it was additional
++			 * or not.
+ 			 */
+-			rdataset->trust = dns_trust_pending;
++			if (rdataset->trust == dns_trust_additional)
++				trust = dns_trust_pending_additional;
++			else
++				trust = dns_trust_pending_answer;
++ 
++			rdataset->trust = trust;
+ 			if (sigrdataset != NULL)
+-				sigrdataset->trust = dns_trust_pending;
++				sigrdataset->trust = trust;
+ 			if (!need_validation)
+ 				addedrdataset = ardataset;
+ 			else
+@@ -4276,7 +4299,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t
+ 			for (trdataset = ISC_LIST_HEAD(tname->list);
+ 			     trdataset != NULL;
+ 			     trdataset = ISC_LIST_NEXT(trdataset, link))
+-				trdataset->trust = dns_trust_pending;
++				trdataset->trust = dns_trust_pending_answer;
+ 			result = dns_message_nextname(fctx->rmessage,
+ 						      DNS_SECTION_AUTHORITY);
+ 		}
+Index: contrib/bind9/lib/dns/masterdump.c
+===================================================================
+--- contrib/bind9/lib/dns/masterdump.c	(revision 200669)
++++ contrib/bind9/lib/dns/masterdump.c	(working copy)
+@@ -774,7 +774,8 @@ dump_order_compare(const void *a, const void *b) {
+ 
+ static const char *trustnames[] = {
+ 	"none",
+-	"pending",
++	"pending-additional",
++	"pending-answer",
+ 	"additional",
+ 	"glue",
+ 	"answer",
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+--- contrib/bind9/lib/dns/validator.c	(revision 200669)
++++ contrib/bind9/lib/dns/validator.c	(working copy)
+@@ -1174,7 +1174,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 		 * We have an rrset for the given keyname.
+ 		 */
+ 		val->keyset = &val->frdataset;
+-		if (val->frdataset.trust == dns_trust_pending &&
++		if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 		    dns_rdataset_isassociated(&val->fsigrdataset))
+ 		{
+ 			/*
+@@ -1189,7 +1189,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 			if (result != ISC_R_SUCCESS)
+ 				return (result);
+ 			return (DNS_R_WAIT);
+-		} else if (val->frdataset.trust == dns_trust_pending) {
++		} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 			/*
+ 			 * Having a pending key with no signature means that
+ 			 * something is broken.
+@@ -1805,7 +1805,7 @@ validatezonekey(dns_validator_t *val) {
+ 			 * We have DS records.
+ 			 */
+ 			val->dsset = &val->frdataset;
+-			if (val->frdataset.trust == dns_trust_pending &&
++			if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 			    dns_rdataset_isassociated(&val->fsigrdataset))
+ 			{
+ 				result = create_validator(val,
+@@ -1818,7 +1818,7 @@ validatezonekey(dns_validator_t *val) {
+ 				if (result != ISC_R_SUCCESS)
+ 					return (result);
+ 				return (DNS_R_WAIT);
+-			} else if (val->frdataset.trust == dns_trust_pending) {
++			} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				/*
+ 				 * There should never be an unsigned DS.
+ 				 */
+@@ -2667,7 +2667,7 @@ proveunsecure(dns_validator_t *val, isc_boolean_t
+ 			 * There is no DS.  If this is a delegation,
+ 			 * we maybe done.
+ 			 */
+-			if (val->frdataset.trust == dns_trust_pending) {
++			if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				result = create_fetch(val, tname,
+ 						      dns_rdatatype_ds,
+ 						      dsfetched2,
+Index: contrib/bind9/bin/named/query.c
+===================================================================
+--- contrib/bind9/bin/named/query.c	(revision 200669)
++++ contrib/bind9/bin/named/query.c	(working copy)
+@@ -109,6 +109,8 @@
+ #define DNS_GETDB_NOLOG 0x02U
+ #define DNS_GETDB_PARTIAL 0x04U
+ 
++#define PENDINGOK(x)	(((x) & DNS_DBFIND_PENDINGOK) != 0)
++
+ typedef struct client_additionalctx {
+ 	ns_client_t *client;
+ 	dns_rdataset_t *rdataset;
+@@ -1721,8 +1723,8 @@ query_addadditional2(void *arg, dns_name_t *name,
+ 	 */
+ 	if (result == ISC_R_SUCCESS &&
+ 	    additionaltype == dns_rdatasetadditional_fromcache &&
+-	    (rdataset->trust == dns_trust_pending ||
+-	     rdataset->trust == dns_trust_glue) &&
++	    (DNS_TRUST_PENDING(rdataset->trust) ||
++	     DNS_TRUST_GLUE(rdataset->trust)) &&
+ 	    !validate(client, db, fname, rdataset, sigrdataset)) {
+ 		dns_rdataset_disassociate(rdataset);
+ 		if (dns_rdataset_isassociated(sigrdataset))
+@@ -1761,8 +1763,8 @@ query_addadditional2(void *arg, dns_name_t *name,
+ 	 */
+ 	if (result == ISC_R_SUCCESS &&
+ 	    additionaltype == dns_rdatasetadditional_fromcache &&
+-	    (rdataset->trust == dns_trust_pending ||
+-	     rdataset->trust == dns_trust_glue) &&
++	    (DNS_TRUST_PENDING(rdataset->trust) ||
++	     DNS_TRUST_GLUE(rdataset->trust)) &&
+ 	    !validate(client, db, fname, rdataset, sigrdataset)) {
+ 		dns_rdataset_disassociate(rdataset);
+ 		if (dns_rdataset_isassociated(sigrdataset))
+@@ -2547,14 +2549,14 @@ query_addbestns(ns_client_t *client) {
+ 	/*
+ 	 * Attempt to validate RRsets that are pending or that are glue.
+ 	 */
+-	if ((rdataset->trust == dns_trust_pending ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending))
++	if ((DNS_TRUST_PENDING(rdataset->trust) ||
++	     (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust)))
+ 	    && !validate(client, db, fname, rdataset, sigrdataset) &&
+-	    (client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0)
++	    !PENDINGOK(client->query.dboptions))
+ 		goto cleanup;
+ 
+-	if ((rdataset->trust == dns_trust_glue ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)) &&
++	if ((DNS_TRUST_GLUE(rdataset->trust) ||
++	     (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) &&
+ 	    !validate(client, db, fname, rdataset, sigrdataset) &&
+ 	    SECURE(client) && WANTDNSSEC(client))
+ 		goto cleanup;
+@@ -3344,6 +3346,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	isc_boolean_t empty_wild;
+ 	dns_rdataset_t *noqname;
+ 	isc_boolean_t resuming;
++	dns_rdataset_t tmprdataset;
++	unsigned int dboptions;
+ 
+ 	CTRACE("query_find");
+ 
+@@ -3555,9 +3559,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	/*
+ 	 * Now look for an answer in the database.
+ 	 */
++	dboptions = client->query.dboptions;
++	if (sigrdataset == NULL && client->view->enablednssec) {
++		/*
++		 * If the client doesn't want DNSSEC we still want to
++		 * look for any data pending validation to save a remote
++		 * lookup if possible.
++		 */
++		dns_rdataset_init(&tmprdataset);
++		sigrdataset = &tmprdataset;
++		dboptions |= DNS_DBFIND_PENDINGOK;
++	}
++ refind:
+ 	result = dns_db_find(db, client->query.qname, version, type,
+-			     client->query.dboptions, client->now,
+-			     &node, fname, rdataset, sigrdataset);
++			     dboptions, client->now, &node, fname,
++			     rdataset, sigrdataset);
++	/*
++	 * If we have found pending data try to validate it.
++	 * If the data does not validate as secure and we can't
++	 * use the unvalidated data requery the database with
++	 * pending disabled to prevent infinite looping.
++	 */
++	if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust))
++		goto validation_done;
++	if (validate(client, db, fname, rdataset, sigrdataset))
++		goto validation_done;
++	if (rdataset->trust != dns_trust_pending_answer ||
++	    !PENDINGOK(client->query.dboptions)) {
++		dns_rdataset_disassociate(rdataset);
++		if (sigrdataset != NULL &&
++		    dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		if (sigrdataset == &tmprdataset)
++			sigrdataset = NULL;
++		dns_db_detachnode(db, &node);
++		dboptions &= ~DNS_DBFIND_PENDINGOK;
++		goto refind;
++	}
++ validation_done:
++	if (sigrdataset == &tmprdataset) {
++		if (dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		sigrdataset = NULL;
++	}
+ 
+  resume:
+ 	CTRACE("query_find: resume");
diff --git a/share/security/patches/SA-10:01/bind9-72.patch.asc b/share/security/patches/SA-10:01/bind9-72.patch.asc
new file mode 100644
index 0000000000..091918766b
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-72.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRRBvFdaIBMps37IRAmqkAJ94AVHt4t45TRg5cSmFvZ0i8MNliwCeNiTo
+AceJ7BPfoO88r2+jUiKejbM=
+=3tum
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:01/bind9-80.patch b/share/security/patches/SA-10:01/bind9-80.patch
new file mode 100644
index 0000000000..8cd8a3ad3a
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-80.patch
@@ -0,0 +1,327 @@
+Index: contrib/bind9/lib/dns/rbtdb.c
+===================================================================
+--- contrib/bind9/lib/dns/rbtdb.c	(revision 200669)
++++ contrib/bind9/lib/dns/rbtdb.c	(working copy)
+@@ -4005,7 +4005,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_na
+ 	}
+ 
+ 	if (dname_header != NULL &&
+-	    (dname_header->trust != dns_trust_pending ||
++	    (!DNS_TRUST_PENDING(dname_header->trust) ||
+ 	     (search->options & DNS_DBFIND_PENDINGOK) != 0)) {
+ 		/*
+ 		 * We increment the reference count on node to ensure that
+@@ -4548,7 +4548,7 @@ cache_find(dns_db_t *db, dns_name_t *name, dns_dbv
+ 	if (found == NULL ||
+ 	    (found->trust == dns_trust_glue &&
+ 	     ((options & DNS_DBFIND_GLUEOK) == 0)) ||
+-	    (found->trust == dns_trust_pending &&
++	    (DNS_TRUST_PENDING(found->trust) &&
+ 	     ((options & DNS_DBFIND_PENDINGOK) == 0))) {
+ 		/*
+ 		 * If there is an NS rdataset at this node, then this is the
+Index: contrib/bind9/lib/dns/include/dns/types.h
+===================================================================
+--- contrib/bind9/lib/dns/include/dns/types.h	(revision 200669)
++++ contrib/bind9/lib/dns/include/dns/types.h	(working copy)
+@@ -258,40 +258,52 @@ enum {
+ 	dns_trust_none = 0,
+ #define dns_trust_none			((dns_trust_t)dns_trust_none)
+ 
+-	/*% Subject to DNSSEC validation but has not yet been validated */
+-	dns_trust_pending = 1,
+-#define dns_trust_pending		((dns_trust_t)dns_trust_pending)
++	/*%
++	 * Subject to DNSSEC validation but has not yet been validated
++	 * dns_trust_pending_additional (from the additional section).
++	 */
++	dns_trust_pending_additional = 1,
++#define dns_trust_pending_additional \
++		 ((dns_trust_t)dns_trust_pending_additional)
+ 
++	dns_trust_pending_answer = 2,
++#define dns_trust_pending_answer	((dns_trust_t)dns_trust_pending_answer)
++
+ 	/*% Received in the additional section of a response. */
+-	dns_trust_additional = 2,
++	dns_trust_additional = 3,
+ #define dns_trust_additional		((dns_trust_t)dns_trust_additional)
+ 
+ 	/* Received in a referral response. */
+-	dns_trust_glue = 3,
++	dns_trust_glue = 4,
+ #define dns_trust_glue			((dns_trust_t)dns_trust_glue)
+ 
+ 	/* Answer from a non-authoritative server */
+-	dns_trust_answer = 4,
++	dns_trust_answer = 5,
+ #define dns_trust_answer		((dns_trust_t)dns_trust_answer)
+ 
+ 	/*  Received in the authority section as part of an
+ 	    authoritative response */
+-	dns_trust_authauthority = 5,
++	dns_trust_authauthority = 6,
+ #define dns_trust_authauthority		((dns_trust_t)dns_trust_authauthority)
+ 
+ 	/* Answer from an authoritative server */
+-	dns_trust_authanswer = 6,
++	dns_trust_authanswer = 7,
+ #define dns_trust_authanswer		((dns_trust_t)dns_trust_authanswer)
+ 
+ 	/* Successfully DNSSEC validated */
+-	dns_trust_secure = 7,
++	dns_trust_secure = 8,
+ #define dns_trust_secure		((dns_trust_t)dns_trust_secure)
+ 
+ 	/* This server is authoritative */
+-	dns_trust_ultimate = 8
++	dns_trust_ultimate = 9
+ #define dns_trust_ultimate		((dns_trust_t)dns_trust_ultimate)
+ };
+ 
++#define DNS_TRUST_PENDING(x)		((x) == dns_trust_pending_answer || \
++					 (x) == dns_trust_pending_additional)
++#define DNS_TRUST_GLUE(x)		((x) == dns_trust_glue)
++
++
+ /*%
+  * Name checking severities.
+  */
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+--- contrib/bind9/lib/dns/resolver.c	(revision 200669)
++++ contrib/bind9/lib/dns/resolver.c	(working copy)
+@@ -4293,6 +4293,7 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 		 * for it, unless it is glue.
+ 		 */
+ 		if (secure_domain && rdataset->trust != dns_trust_glue) {
++			dns_trust_t trust;
+ 			/*
+ 			 * RRSIGs are validated as part of validating the
+ 			 * type they cover.
+@@ -4329,12 +4330,34 @@ cache_name(fetchctx_t *fctx, dns_name_t *name, dns
+ 			}
+ 
+ 			/*
++			 * Reject out of bailiwick additional records
++			 * without RRSIGs as they can't possibly validate
++			 * as "secure" and as we will never never want to
++			 * store these as "answers" after validation.
++			 */
++			if (rdataset->trust == dns_trust_additional &&
++			    sigrdataset == NULL && EXTERNAL(rdataset))
++				continue;
++				
++			/*
++                         * XXXMPA: If we store as "answer" after validating
++                         * then we need to do bailiwick processing and
++                         * also need to track whether RRsets are in or
++                         * out of bailiwick.  This will require a another 
++                         * pending trust level.
++                         *
+ 			 * Cache this rdataset/sigrdataset pair as
+-			 * pending data.
++			 * pending data.  Track whether it was additional
++			 * or not.
+ 			 */
+-			rdataset->trust = dns_trust_pending;
++			if (rdataset->trust == dns_trust_additional)
++				trust = dns_trust_pending_additional;
++			else
++				trust = dns_trust_pending_answer;
++
++			rdataset->trust = trust;
+ 			if (sigrdataset != NULL)
+-				sigrdataset->trust = dns_trust_pending;
++				sigrdataset->trust = trust;
+ 			if (!need_validation || !ANSWER(rdataset)) {
+ 				addedrdataset = ardataset;
+ 				result = dns_db_addrdataset(fctx->cache, node,
+@@ -4682,7 +4705,7 @@ ncache_message(fetchctx_t *fctx, dns_adbaddrinfo_t
+ 			for (trdataset = ISC_LIST_HEAD(tname->list);
+ 			     trdataset != NULL;
+ 			     trdataset = ISC_LIST_NEXT(trdataset, link))
+-				trdataset->trust = dns_trust_pending;
++				trdataset->trust = dns_trust_pending_answer;
+ 			result = dns_message_nextname(fctx->rmessage,
+ 						      DNS_SECTION_AUTHORITY);
+ 		}
+Index: contrib/bind9/lib/dns/masterdump.c
+===================================================================
+--- contrib/bind9/lib/dns/masterdump.c	(revision 200669)
++++ contrib/bind9/lib/dns/masterdump.c	(working copy)
+@@ -775,7 +775,8 @@ dump_order_compare(const void *a, const void *b) {
+ 
+ static const char *trustnames[] = {
+ 	"none",
+-	"pending",
++	"pending-additional",
++	"pending-answer",
+ 	"additional",
+ 	"glue",
+ 	"answer",
+Index: contrib/bind9/lib/dns/validator.c
+===================================================================
+--- contrib/bind9/lib/dns/validator.c	(revision 200669)
++++ contrib/bind9/lib/dns/validator.c	(working copy)
+@@ -1607,7 +1607,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 		 * We have an rrset for the given keyname.
+ 		 */
+ 		val->keyset = &val->frdataset;
+-		if (val->frdataset.trust == dns_trust_pending &&
++		if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 		    dns_rdataset_isassociated(&val->fsigrdataset))
+ 		{
+ 			/*
+@@ -1622,7 +1622,7 @@ get_key(dns_validator_t *val, dns_rdata_rrsig_t *s
+ 			if (result != ISC_R_SUCCESS)
+ 				return (result);
+ 			return (DNS_R_WAIT);
+-		} else if (val->frdataset.trust == dns_trust_pending) {
++		} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 			/*
+ 			 * Having a pending key with no signature means that
+ 			 * something is broken.
+@@ -2243,7 +2243,7 @@ validatezonekey(dns_validator_t *val) {
+ 			 * We have DS records.
+ 			 */
+ 			val->dsset = &val->frdataset;
+-			if (val->frdataset.trust == dns_trust_pending &&
++			if (DNS_TRUST_PENDING(val->frdataset.trust) &&
+ 			    dns_rdataset_isassociated(&val->fsigrdataset))
+ 			{
+ 				result = create_validator(val,
+@@ -2256,7 +2256,7 @@ validatezonekey(dns_validator_t *val) {
+ 				if (result != ISC_R_SUCCESS)
+ 					return (result);
+ 				return (DNS_R_WAIT);
+-			} else if (val->frdataset.trust == dns_trust_pending) {
++			} else if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				/*
+ 				 * There should never be an unsigned DS.
+ 				 */
+@@ -3337,7 +3337,7 @@ proveunsecure(dns_validator_t *val, isc_boolean_t
+ 			 * There is no DS.  If this is a delegation,
+ 			 * we maybe done.
+ 			 */
+-			if (val->frdataset.trust == dns_trust_pending) {
++			if (DNS_TRUST_PENDING(val->frdataset.trust)) {
+ 				result = create_fetch(val, tname,
+ 						      dns_rdatatype_ds,
+ 						      dsfetched2,
+Index: contrib/bind9/bin/named/query.c
+===================================================================
+--- contrib/bind9/bin/named/query.c	(revision 200669)
++++ contrib/bind9/bin/named/query.c	(working copy)
+@@ -116,6 +116,8 @@
+ #define DNS_GETDB_NOLOG 0x02U
+ #define DNS_GETDB_PARTIAL 0x04U
+ 
++#define PENDINGOK(x)	(((x) & DNS_DBFIND_PENDINGOK) != 0)
++
+ typedef struct client_additionalctx {
+ 	ns_client_t *client;
+ 	dns_rdataset_t *rdataset;
+@@ -1761,8 +1763,8 @@ query_addadditional2(void *arg, dns_name_t *name,
+ 	 */
+ 	if (result == ISC_R_SUCCESS &&
+ 	    additionaltype == dns_rdatasetadditional_fromcache &&
+-	    (rdataset->trust == dns_trust_pending ||
+-	     rdataset->trust == dns_trust_glue) &&
++	    (DNS_TRUST_PENDING(rdataset->trust) ||
++	     DNS_TRUST_GLUE(rdataset->trust)) &&
+ 	    !validate(client, db, fname, rdataset, sigrdataset)) {
+ 		dns_rdataset_disassociate(rdataset);
+ 		if (dns_rdataset_isassociated(sigrdataset))
+@@ -1801,8 +1803,8 @@ query_addadditional2(void *arg, dns_name_t *name,
+ 	 */
+ 	if (result == ISC_R_SUCCESS &&
+ 	    additionaltype == dns_rdatasetadditional_fromcache &&
+-	    (rdataset->trust == dns_trust_pending ||
+-	     rdataset->trust == dns_trust_glue) &&
++	    (DNS_TRUST_PENDING(rdataset->trust) ||
++	     DNS_TRUST_GLUE(rdataset->trust)) &&
+ 	    !validate(client, db, fname, rdataset, sigrdataset)) {
+ 		dns_rdataset_disassociate(rdataset);
+ 		if (dns_rdataset_isassociated(sigrdataset))
+@@ -2601,14 +2603,14 @@ query_addbestns(ns_client_t *client) {
+ 	/*
+ 	 * Attempt to validate RRsets that are pending or that are glue.
+ 	 */
+-	if ((rdataset->trust == dns_trust_pending ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_pending))
++	if ((DNS_TRUST_PENDING(rdataset->trust) ||
++	     (sigrdataset != NULL && DNS_TRUST_PENDING(sigrdataset->trust)))
+ 	    && !validate(client, db, fname, rdataset, sigrdataset) &&
+-	    (client->query.dboptions & DNS_DBFIND_PENDINGOK) == 0)
++	    !PENDINGOK(client->query.dboptions))
+ 		goto cleanup;
+ 
+-	if ((rdataset->trust == dns_trust_glue ||
+-	     (sigrdataset != NULL && sigrdataset->trust == dns_trust_glue)) &&
++	if ((DNS_TRUST_GLUE(rdataset->trust) ||
++	     (sigrdataset != NULL && DNS_TRUST_GLUE(sigrdataset->trust))) &&
+ 	    !validate(client, db, fname, rdataset, sigrdataset) &&
+ 	    SECURE(client) && WANTDNSSEC(client))
+ 		goto cleanup;
+@@ -3716,6 +3718,8 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	dns_rdataset_t *noqname;
+ 	isc_boolean_t resuming;
+ 	int line = -1;
++	dns_rdataset_t tmprdataset;
++	unsigned int dboptions;
+ 
+ 	CTRACE("query_find");
+ 
+@@ -3933,9 +3937,49 @@ query_find(ns_client_t *client, dns_fetchevent_t *
+ 	/*
+ 	 * Now look for an answer in the database.
+ 	 */
++	dboptions = client->query.dboptions;
++	if (sigrdataset == NULL && client->view->enablednssec) {
++		/*
++		 * If the client doesn't want DNSSEC we still want to
++		 * look for any data pending validation to save a remote
++		 * lookup if possible.
++		 */
++		dns_rdataset_init(&tmprdataset);
++		sigrdataset = &tmprdataset;
++		dboptions |= DNS_DBFIND_PENDINGOK;
++	}
++ refind:
+ 	result = dns_db_find(db, client->query.qname, version, type,
+-			     client->query.dboptions, client->now,
+-			     &node, fname, rdataset, sigrdataset);
++			     dboptions, client->now, &node, fname,
++			     rdataset, sigrdataset);
++	/*
++	 * If we have found pending data try to validate it.
++	 * If the data does not validate as secure and we can't
++	 * use the unvalidated data requery the database with
++	 * pending disabled to prevent infinite looping.
++	 */
++	if (result != ISC_R_SUCCESS || !DNS_TRUST_PENDING(rdataset->trust))
++		goto validation_done;
++	if (validate(client, db, fname, rdataset, sigrdataset))
++		goto validation_done;
++	if (rdataset->trust != dns_trust_pending_answer ||
++	    !PENDINGOK(client->query.dboptions)) {
++		dns_rdataset_disassociate(rdataset);
++		if (sigrdataset != NULL &&
++		    dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		if (sigrdataset == &tmprdataset)
++			sigrdataset = NULL;
++		dns_db_detachnode(db, &node);
++		dboptions &= ~DNS_DBFIND_PENDINGOK;
++		goto refind;
++	}
++ validation_done:
++	if (sigrdataset == &tmprdataset) {
++		if (dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
++		sigrdataset = NULL;
++	}
+ 
+  resume:
+ 	CTRACE("query_find: resume");
diff --git a/share/security/patches/SA-10:01/bind9-80.patch.asc b/share/security/patches/SA-10:01/bind9-80.patch.asc
new file mode 100644
index 0000000000..436ad54890
--- /dev/null
+++ b/share/security/patches/SA-10:01/bind9-80.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRRB1FdaIBMps37IRAoD9AJ9++5CEPw8lvD0A/QT3rEAg7+fXewCfSEC3
+/YbkymQ+K92DUPn8cStNwUk=
+=XMDw
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:02/ntpd.patch b/share/security/patches/SA-10:02/ntpd.patch
new file mode 100644
index 0000000000..a92f3d6253
--- /dev/null
+++ b/share/security/patches/SA-10:02/ntpd.patch
@@ -0,0 +1,29 @@
+Index: contrib/ntp/ntpd/ntp_request.c
+===================================================================
+--- contrib/ntp/ntpd/ntp_request.c	(revision 199995)
++++ contrib/ntp/ntpd/ntp_request.c	(working copy)
+@@ -409,6 +409,7 @@
+ 	int mod_okay
+ 	)
+ {
++	static u_long quiet_until;
+ 	struct req_pkt *inpkt;
+ 	struct req_pkt_tail *tailinpkt;
+ 	struct sockaddr_storage *srcadr;
+@@ -444,8 +445,14 @@
+ 	    || (++ec, INFO_MBZ(inpkt->mbz_itemsize) != 0)
+ 	    || (++ec, rbufp->recv_length < REQ_LEN_HDR)
+ 		) {
+-		msyslog(LOG_ERR, "process_private: INFO_ERR_FMT: test %d failed, pkt from %s", ec, stoa(srcadr));
+-		req_ack(srcadr, inter, inpkt, INFO_ERR_FMT);
++		NLOG(NLOG_SYSEVENT)
++			if (current_time >= quiet_until) {
++				msyslog(LOG_ERR,
++					"process_private: drop test %d"
++					" failed, pkt from %s",
++					ec, stoa(srcadr));
++				quiet_until = current_time + 60;
++			}
+ 		return;
+ 	}
+ 
diff --git a/share/security/patches/SA-10:02/ntpd.patch.asc b/share/security/patches/SA-10:02/ntpd.patch.asc
new file mode 100644
index 0000000000..216fb6ae49
--- /dev/null
+++ b/share/security/patches/SA-10:02/ntpd.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRRCuFdaIBMps37IRAt17AJ0ZQyJGpWljUgjBqGcmlrqD9jZ4vACdFe9B
+xEXZtGJf51vu/t8gJ1oY8zg=
+=H2fl
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:03/zfs.patch b/share/security/patches/SA-10:03/zfs.patch
new file mode 100644
index 0000000000..f81b2b5bed
--- /dev/null
+++ b/share/security/patches/SA-10:03/zfs.patch
@@ -0,0 +1,23 @@
+Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
+===================================================================
+--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c	(revision 200583)
++++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c	(working copy)
+@@ -60,10 +60,14 @@ zfs_init_vattr(vattr_t *vap, uint64_t mask, uint64
+ {
+ 	VATTR_NULL(vap);
+ 	vap->va_mask = (uint_t)mask;
+-	vap->va_type = IFTOVT(mode);
+-	vap->va_mode = mode & MODEMASK;
+-	vap->va_uid = (uid_t)(IS_EPHEMERAL(uid)) ? -1 : uid;
+-	vap->va_gid = (gid_t)(IS_EPHEMERAL(gid)) ? -1 : gid;
++	if (mask & AT_TYPE)
++		vap->va_type = IFTOVT(mode);
++	if (mask & AT_MODE)
++		vap->va_mode = mode & MODEMASK;
++	if (mask & AT_UID)
++		vap->va_uid = (uid_t)(IS_EPHEMERAL(uid)) ? -1 : uid;
++	if (mask & AT_GID)
++		vap->va_gid = (gid_t)(IS_EPHEMERAL(gid)) ? -1 : gid;
+ 	vap->va_rdev = zfs_cmpldev(rdev);
+ 	vap->va_nodeid = nodeid;
+ }
diff --git a/share/security/patches/SA-10:03/zfs.patch.asc b/share/security/patches/SA-10:03/zfs.patch.asc
new file mode 100644
index 0000000000..78a7a94813
--- /dev/null
+++ b/share/security/patches/SA-10:03/zfs.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRRDWFdaIBMps37IRAhgIAJsFc4XJn6xUGK328ZNEa5K+5Nh5UACfdYFt
+W2F8Ik1ybSlug9/bHQCzmhI=
+=u/lA
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:03/zfs712.patch b/share/security/patches/SA-10:03/zfs712.patch
new file mode 100644
index 0000000000..0e0f69f7e3
--- /dev/null
+++ b/share/security/patches/SA-10:03/zfs712.patch
@@ -0,0 +1,23 @@
+Index: sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c
+===================================================================
+--- sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c	(revision 200583)
++++ sys/cddl/contrib/opensolaris/uts/common/fs/zfs/zfs_replay.c	(working copy)
+@@ -60,10 +60,14 @@ zfs_init_vattr(vattr_t *vap, uint64_t mask, uint64
+ {
+ 	VATTR_NULL(vap);
+ 	vap->va_mask = (uint_t)mask;
+-	vap->va_type = IFTOVT(mode);
+-	vap->va_mode = mode & MODEMASK;
+-	vap->va_uid = (uid_t)uid;
+-	vap->va_gid = (gid_t)gid;
++	if (mask & AT_TYPE)
++		vap->va_type = IFTOVT(mode);
++	if (mask & AT_MODE)
++		vap->va_mode = mode & MODEMASK;
++	if (mask & AT_UID)
++		vap->va_uid = (uid_t)uid;
++	if (mask & AT_GID)
++		vap->va_gid = (gid_t)gid;
+ 	vap->va_rdev = zfs_cmpldev(rdev);
+ 	vap->va_nodeid = nodeid;
+ }
diff --git a/share/security/patches/SA-10:03/zfs712.patch.asc b/share/security/patches/SA-10:03/zfs712.patch.asc
new file mode 100644
index 0000000000..6252314a8b
--- /dev/null
+++ b/share/security/patches/SA-10:03/zfs712.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iD8DBQBLRRDZFdaIBMps37IRAmFwAJwO5tfn804c3cMQoY6Y2uBYWPotaACfVRim
+Pju6lQ+lIjQA0gnuFgnjrYE=
+=/SBy
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:04/jail.patch b/share/security/patches/SA-10:04/jail.patch
new file mode 100644
index 0000000000..5eab89b2c6
--- /dev/null
+++ b/share/security/patches/SA-10:04/jail.patch
@@ -0,0 +1,15 @@
+Index: usr.sbin/jail/jail.c
+===================================================================
+--- usr.sbin/jail/jail.c	(revision 204873)
++++ usr.sbin/jail/jail.c	(working copy)
+@@ -511,6 +511,10 @@
+ 			*value++ = '\0';
+ 	}
+ 
++	/* jail_set won't chdir along with its chroot, so do it here. */
++	if (!strcmp(name, "path") && chdir(value) < 0)
++		err(1, "chdir: %s", value);
++
+ 	/* Check for repeat parameters */
+ 	for (i = 0; i < nparams; i++)
+ 		if (!strcmp(name, params[i].jp_name)) {
diff --git a/share/security/patches/SA-10:04/jail.patch.asc b/share/security/patches/SA-10:04/jail.patch.asc
new file mode 100644
index 0000000000..d29914212c
--- /dev/null
+++ b/share/security/patches/SA-10:04/jail.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAkv95U4ACgkQFdaIBMps37JUpgCghxzClzUbMLigXa9LbUP4ob+m
+qUUAn363wYae3qvJkCjNVBrskjeOy88G
+=B7gD
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:05/opie.patch b/share/security/patches/SA-10:05/opie.patch
new file mode 100644
index 0000000000..543efbfd46
--- /dev/null
+++ b/share/security/patches/SA-10:05/opie.patch
@@ -0,0 +1,16 @@
+Index: contrib/opie/libopie/readrec.c
+===================================================================
+--- contrib/opie/libopie/readrec.c	(revision 208306)
++++ contrib/opie/libopie/readrec.c	(working copy)
+@@ -141,10 +141,8 @@
+     
+     if (c = strchr(opie->opie_principal, ':'))
+       *c = 0;
+-    if (strlen(opie->opie_principal) > OPIE_PRINCIPAL_MAX)
+-      (opie->opie_principal)[OPIE_PRINCIPAL_MAX] = 0;
+     
+-    strcpy(principal, opie->opie_principal);
++    strlcpy(principal, opie->opie_principal, sizeof(principal));
+     
+     do {
+       if ((opie->opie_recstart = ftell(f)) < 0)
diff --git a/share/security/patches/SA-10:05/opie.patch.asc b/share/security/patches/SA-10:05/opie.patch.asc
new file mode 100644
index 0000000000..05833d8b00
--- /dev/null
+++ b/share/security/patches/SA-10:05/opie.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAkv95VsACgkQFdaIBMps37LVgACdHyDxlalLnYcv6enCcG54NiZg
+P9kAnjRZumm9cH1+A/C4LqdIJY8Ex0tk
+=k4PF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:06/nfsclient.patch b/share/security/patches/SA-10:06/nfsclient.patch
new file mode 100644
index 0000000000..5e4bbf0694
--- /dev/null
+++ b/share/security/patches/SA-10:06/nfsclient.patch
@@ -0,0 +1,40 @@
+Index: sys/nfsclient/nfs_vfsops.c
+===================================================================
+--- sys/nfsclient/nfs_vfsops.c	(revision 208414)
++++ sys/nfsclient/nfs_vfsops.c	(working copy)
+@@ -1074,6 +1074,11 @@
+ 		error = EINVAL;
+ 		goto out;
+ 	}
++	if (args.fhsize < 0 || args.fhsize > NFSX_V3FHMAX) {
++		vfs_mount_error(mp, "Bad file handle");
++		error = EINVAL;
++		goto out;
++	}
+ 
+ 	if (mp->mnt_flag & MNT_UPDATE) {
+ 		struct nfsmount *nmp = VFSTONFS(mp);
+Index: lib/libc/sys/mount.2
+===================================================================
+--- lib/libc/sys/mount.2	(revision 208535)
++++ lib/libc/sys/mount.2	(working copy)
+@@ -107,7 +107,7 @@
+ .Va vfs.usermount
+ .Xr sysctl 8
+ variable
+-to a non-zero value.
++to a non-zero value; see the BUGS section for more information.
+ .Pp
+ The following
+ .Fa flags
+@@ -374,3 +374,10 @@
+ .Fx 5.0 .
+ .Sh BUGS
+ Some of the error codes need translation to more obvious messages.
++.Pp
++Allowing untrusted users to mount arbitrary media, e.g. by enabling
++.Va vfs.usermount ,
++should not be considered safe.
++Most file systems in
++.Fx
++were not built to safeguard against malicious devices.
diff --git a/share/security/patches/SA-10:06/nfsclient.patch.asc b/share/security/patches/SA-10:06/nfsclient.patch.asc
new file mode 100644
index 0000000000..b47a8b9de8
--- /dev/null
+++ b/share/security/patches/SA-10:06/nfsclient.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAkv95WMACgkQFdaIBMps37Ll6wCdHzfvpEARMa8z+fJOWuJb9fIu
+DkMAn3NWRMJqD7bdSgr4PjZNSCHy/BBI
+=l6c1
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:07/mbuf.patch b/share/security/patches/SA-10:07/mbuf.patch
new file mode 100644
index 0000000000..ca137fd6e5
--- /dev/null
+++ b/share/security/patches/SA-10:07/mbuf.patch
@@ -0,0 +1,12 @@
+Index: sys/kern/uipc_mbuf.c
+===================================================================
+--- sys/kern/uipc_mbuf.c	(revision 209948)
++++ sys/kern/uipc_mbuf.c	(working copy)
+@@ -302,6 +302,7 @@
+ 	n->m_ext.ref_cnt = m->m_ext.ref_cnt;
+ 	n->m_ext.ext_type = m->m_ext.ext_type;
+ 	n->m_flags |= M_EXT;
++	n->m_flags |= m->m_flags & M_RDONLY;
+ }
+ 
+ /*
diff --git a/share/security/patches/SA-10:07/mbuf.patch.asc b/share/security/patches/SA-10:07/mbuf.patch.asc
new file mode 100644
index 0000000000..9da70a15cd
--- /dev/null
+++ b/share/security/patches/SA-10:07/mbuf.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAkw70vIACgkQFdaIBMps37JKnQCfRRB8RJDFa4PN0qt5gAV63YLB
+xNIAmgNG6Tb+Ls1UQPneODAZC3uwUnAz
+=1h97
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:08/bzip2.patch b/share/security/patches/SA-10:08/bzip2.patch
new file mode 100644
index 0000000000..8205a1d592
--- /dev/null
+++ b/share/security/patches/SA-10:08/bzip2.patch
@@ -0,0 +1,18 @@
+Index: contrib/bzip2/decompress.c
+===================================================================
+--- contrib/bzip2/decompress.c	(revision 212452)
++++ contrib/bzip2/decompress.c	(working copy)
+@@ -381,6 +381,13 @@
+             es = -1;
+             N = 1;
+             do {
++               /* Check that N doesn't get too big, so that es doesn't
++                  go negative.  The maximum value that can be
++                  RUNA/RUNB encoded is equal to the block size (post
++                  the initial RLE), viz, 900k, so bounding N at 2
++                  million should guard against overflow without
++                  rejecting any legitimate inputs. */
++               if (N >= 2*1024*1024) RETURN(BZ_DATA_ERROR);
+                if (nextSym == BZ_RUNA) es = es + (0+1) * N; else
+                if (nextSym == BZ_RUNB) es = es + (1+1) * N;
+                N = N * 2;
diff --git a/share/security/patches/SA-10:08/bzip2.patch.asc b/share/security/patches/SA-10:08/bzip2.patch.asc
new file mode 100644
index 0000000000..b2c818e6f3
--- /dev/null
+++ b/share/security/patches/SA-10:08/bzip2.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAkyXd1wACgkQFdaIBMps37LOFQCdHB/J2wCcRGGmpBLzpoShqjUM
+dLsAmQE5kTyhaCLDmliLtod4jZW3Nak8
+=oPO/
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:09/pseudofs.patch b/share/security/patches/SA-10:09/pseudofs.patch
new file mode 100644
index 0000000000..38f1022580
--- /dev/null
+++ b/share/security/patches/SA-10:09/pseudofs.patch
@@ -0,0 +1,12 @@
+Index: sys/fs/pseudofs/pseudofs_vnops.c
+===================================================================
+--- sys/fs/pseudofs/pseudofs_vnops.c	(revision 212324)
++++ sys/fs/pseudofs/pseudofs_vnops.c	(working copy)
+@@ -305,7 +305,6 @@ pfs_getextattr(struct vop_getextattr_args *va)
+ 	if (proc != NULL)
+ 		PROC_UNLOCK(proc);
+ 
+-	pfs_unlock(pn);
+ 	PFS_RETURN (error);
+ }
+ 
diff --git a/share/security/patches/SA-10:09/pseudofs.patch.asc b/share/security/patches/SA-10:09/pseudofs.patch.asc
new file mode 100644
index 0000000000..1ab1a1fac2
--- /dev/null
+++ b/share/security/patches/SA-10:09/pseudofs.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.10 (FreeBSD)
+
+iEYEABECAAYFAkzbLRkACgkQFdaIBMps37K/EQCfXG27ptJCRHL6J6oCYpETDccf
+8d0AnRg32GlChrlRKuip5bJ6Jv2cASAF
+=OdQZ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:10/openssl.patch b/share/security/patches/SA-10:10/openssl.patch
new file mode 100644
index 0000000000..9afaa2c21d
--- /dev/null
+++ b/share/security/patches/SA-10:10/openssl.patch
@@ -0,0 +1,53 @@
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s3_clnt.c	(revision 215630)
++++ crypto/openssl/ssl/s3_clnt.c	(working copy)
+@@ -1377,6 +1377,7 @@
+ 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ 		ecdh=NULL;
+ 		BN_CTX_free(bn_ctx);
++		bn_ctx = NULL;
+ 		EC_POINT_free(srvr_ecpoint);
+ 		srvr_ecpoint = NULL;
+ 		}
+Index: crypto/openssl/ssl/t1_lib.c
+===================================================================
+--- crypto/openssl/ssl/t1_lib.c	(revision 215630)
++++ crypto/openssl/ssl/t1_lib.c	(working copy)
+@@ -432,14 +432,23 @@
+ 				switch (servname_type)
+ 					{
+ 				case TLSEXT_NAMETYPE_host_name:
+-					if (s->session->tlsext_hostname == NULL)
++					if (!s->hit)
+ 						{
+-						if (len > TLSEXT_MAXLEN_host_name || 
+-							((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL))
++						if(s->session->tlsext_hostname)
+ 							{
++							*al = SSL_AD_DECODE_ERROR;
++							return 0;
++							}
++						if (len > TLSEXT_MAXLEN_host_name)
++							{
+ 							*al = TLS1_AD_UNRECOGNIZED_NAME;
+ 							return 0;
+ 							}
++						if ((s->session->tlsext_hostname = OPENSSL_malloc(len+1)) == NULL)
++							{
++							*al = TLS1_AD_INTERNAL_ERROR;
++							return 0;
++							}
+ 						memcpy(s->session->tlsext_hostname, sdata, len);
+ 						s->session->tlsext_hostname[len]='\0';
+ 						if (strlen(s->session->tlsext_hostname) != len) {
+@@ -452,7 +461,8 @@
+ 
+ 						}
+ 					else 
+-						s->servername_done = strlen(s->session->tlsext_hostname) == len 
++						s->servername_done = s->session->tlsext_hostname
++							&& strlen(s->session->tlsext_hostname) == len 
+ 							&& strncmp(s->session->tlsext_hostname, (char *)sdata, len) == 0;
+ 					
+ 					break;
diff --git a/share/security/patches/SA-10:10/openssl.patch.asc b/share/security/patches/SA-10:10/openssl.patch.asc
new file mode 100644
index 0000000000..88f220e74d
--- /dev/null
+++ b/share/security/patches/SA-10:10/openssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9
+
+iEYEABECAAYFAkz0FfAACgkQFdaIBMps37LAPwCfR18gpeSwDJbXhx+xPVYIU+gs
+//YAnA+Xmj+V2EdPf4mUP0I/Ps1mjMs8
+=LUoF
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-10:10/openssl7.patch b/share/security/patches/SA-10:10/openssl7.patch
new file mode 100644
index 0000000000..dab70363a4
--- /dev/null
+++ b/share/security/patches/SA-10:10/openssl7.patch
@@ -0,0 +1,12 @@
+Index: crypto/openssl/ssl/s3_clnt.c
+===================================================================
+--- crypto/openssl/ssl/s3_clnt.c	(revision 215630)
++++ crypto/openssl/ssl/s3_clnt.c	(working copy)
+@@ -1377,6 +1377,7 @@
+ 		s->session->sess_cert->peer_ecdh_tmp=ecdh;
+ 		ecdh=NULL;
+ 		BN_CTX_free(bn_ctx);
++		bn_ctx = NULL;
+ 		EC_POINT_free(srvr_ecpoint);
+ 		srvr_ecpoint = NULL;
+ 		}
diff --git a/share/security/patches/SA-10:10/openssl7.patch.asc b/share/security/patches/SA-10:10/openssl7.patch.asc
new file mode 100644
index 0000000000..3e3d8ab275
--- /dev/null
+++ b/share/security/patches/SA-10:10/openssl7.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9
+
+iEYEABECAAYFAkz0FfQACgkQFdaIBMps37Kz5wCdFUmj7RlM+P0Nh3cTWKtgmOgB
+8iMAnRsAenMLqHUR9JQQ3sO4ykmQoxRH
+=/frJ
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:01/mountd.patch b/share/security/patches/SA-11:01/mountd.patch
new file mode 100644
index 0000000000..83f39061bd
--- /dev/null
+++ b/share/security/patches/SA-11:01/mountd.patch
@@ -0,0 +1,13 @@
+Index: usr.sbin/mountd/mountd.c
+===================================================================
+--- usr.sbin/mountd/mountd.c	20 Dec 2010 09:28:28 -0000	1.107
++++ usr.sbin/mountd/mountd.c	1 Mar 2011 11:47:16 -0000	1.108
+@@ -2875,7 +2875,7 @@ makemask(struct sockaddr_storage *ssp, i
+ 
+ 	for (i = 0; i < len; i++) {
+ 		bits = (bitlen > CHAR_BIT) ? CHAR_BIT : bitlen;
+-		*p++ = (1 << bits) - 1;
++		*p++ = (u_char)~0 << (CHAR_BIT - bits);
+ 		bitlen -= bits;
+ 	}
+ 	return 0;
diff --git a/share/security/patches/SA-11:01/mountd.patch.asc b/share/security/patches/SA-11:01/mountd.patch.asc
new file mode 100644
index 0000000000..b76dffb2d0
--- /dev/null
+++ b/share/security/patches/SA-11:01/mountd.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.11 (FreeBSD)
+
+iEYEABECAAYFAk2vSl0ACgkQFdaIBMps37Ka1wCfVt0MiUP+M64eJKGpT1mElB6w
+LMEAn2i+aeVlsMneSU54F4xszGPiM36K
+=atQ3
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:02/bind.patch b/share/security/patches/SA-11:02/bind.patch
new file mode 100644
index 0000000000..35344f14f1
--- /dev/null
+++ b/share/security/patches/SA-11:02/bind.patch
@@ -0,0 +1,13 @@
+Index: contrib/bind9/lib/dns/ncache.c
+===================================================================
+--- contrib/bind9/lib/dns/ncache.c	(revision 220971)
++++ contrib/bind9/lib/dns/ncache.c	(working copy)
+@@ -186,7 +186,7 @@
+ 					 */
+ 					isc_buffer_availableregion(&buffer,
+ 								   &r);
+-					if (r.length < 2)
++					if (r.length < 3)
+ 						return (ISC_R_NOSPACE);
+ 					isc_buffer_putuint16(&buffer,
+ 							     rdataset->type);
diff --git a/share/security/patches/SA-11:02/bind.patch.asc b/share/security/patches/SA-11:02/bind.patch.asc
new file mode 100644
index 0000000000..b6fdd218b3
--- /dev/null
+++ b/share/security/patches/SA-11:02/bind.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9
+
+iEYEABECAAYFAk3gviUACgkQFdaIBMps37Jp4ACbBB0OipAtMPXpahVTz3rEwjJ7
+6zQAn2jHatCiAFSEtaSqZh6PAc3HvjJf
+=EJXo
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:03/bind.patch b/share/security/patches/SA-11:03/bind.patch
new file mode 100644
index 0000000000..904c557255
--- /dev/null
+++ b/share/security/patches/SA-11:03/bind.patch
@@ -0,0 +1,13 @@
+Index: contrib/bind9/lib/dns/message.c
+===================================================================
+--- contrib/bind9/lib/dns/message.c	(revision 223383)
++++ contrib/bind9/lib/dns/message.c	(working copy)
+@@ -2481,7 +2481,7 @@
+ 	    msg->opcode != dns_opcode_notify)
+ 		want_question_section = ISC_FALSE;
+ 	if (msg->opcode == dns_opcode_update)
+-		first_section = DNS_SECTION_ADDITIONAL;
++		first_section = DNS_SECTION_PREREQUISITE;
+ 	else if (want_question_section) {
+ 		if (!msg->question_ok)
+ 			return (DNS_R_FORMERR);
diff --git a/share/security/patches/SA-11:03/bind.patch.asc b/share/security/patches/SA-11:03/bind.patch.asc
new file mode 100644
index 0000000000..87832356f6
--- /dev/null
+++ b/share/security/patches/SA-11:03/bind.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk6C4EMACgkQFdaIBMps37JgzQCfeQK3CbhPHFemgrjnYCY3PeO4
+QdcAnR0gJCasbmv/vYaDM6cf2/fINFdg
+=sHOg
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:04/compress.patch b/share/security/patches/SA-11:04/compress.patch
new file mode 100644
index 0000000000..3690c95642
--- /dev/null
+++ b/share/security/patches/SA-11:04/compress.patch
@@ -0,0 +1,126 @@
+Index: usr.bin/compress/zopen.c
+===================================================================
+--- usr.bin/compress/zopen.c	(revision 225020)
++++ usr.bin/compress/zopen.c	(working copy)
+@@ -486,7 +486,7 @@ zread(void *cookie, char *rbp, int num)
+ 	block_compress = maxbits & BLOCK_MASK;
+ 	maxbits &= BIT_MASK;
+ 	maxmaxcode = 1L << maxbits;
+-	if (maxbits > BITS) {
++	if (maxbits > BITS || maxbits < 12) {
+ 		errno = EFTYPE;
+ 		return (-1);
+ 	}
+@@ -513,17 +513,28 @@ zread(void *cookie, char *rbp, int num)
+ 			for (code = 255; code >= 0; code--)
+ 				tab_prefixof(code) = 0;
+ 			clear_flg = 1;
+-			free_ent = FIRST - 1;
+-			if ((code = getcode(zs)) == -1)	/* O, untimely death! */
+-				break;
++			free_ent = FIRST;
++			oldcode = -1;
++			continue;
+ 		}
+ 		incode = code;
+ 
+-		/* Special case for KwKwK string. */
++		/* Special case for kWkWk string. */
+ 		if (code >= free_ent) {
++			if (code > free_ent || oldcode == -1) {
++				/* Bad stream. */
++				errno = EINVAL;
++				return (-1);
++			}
+ 			*stackp++ = finchar;
+ 			code = oldcode;
+ 		}
++		/*
++		 * The above condition ensures that code < free_ent.
++		 * The construction of tab_prefixof in turn guarantees that
++		 * each iteration decreases code and therefore stack usage is
++		 * bound by 1 << BITS - 256.
++		 */
+ 
+ 		/* Generate output characters in reverse order. */
+ 		while (code >= 256) {
+@@ -540,7 +551,7 @@ middle:		do {
+ 		} while (stackp > de_stack);
+ 
+ 		/* Generate the new entry. */
+-		if ((code = free_ent) < maxmaxcode) {
++		if ((code = free_ent) < maxmaxcode && oldcode != -1) {
+ 			tab_prefixof(code) = (u_short) oldcode;
+ 			tab_suffixof(code) = finchar;
+ 			free_ent = code + 1;
+Index: usr.bin/gzip/zuncompress.c
+===================================================================
+--- usr.bin/gzip/zuncompress.c	(revision 225020)
++++ usr.bin/gzip/zuncompress.c	(working copy)
+@@ -247,7 +247,7 @@ zread(void *cookie, char *rbp, int num)
+ 	zs->zs_block_compress = zs->zs_maxbits & BLOCK_MASK;
+ 	zs->zs_maxbits &= BIT_MASK;
+ 	zs->zs_maxmaxcode = 1L << zs->zs_maxbits;
+-	if (zs->zs_maxbits > BITS) {
++	if (zs->zs_maxbits > BITS || zs->zs_maxbits < 12) {
+ 		errno = EFTYPE;
+ 		return (-1);
+ 	}
+@@ -259,13 +259,7 @@ zread(void *cookie, char *rbp, int num)
+ 	}
+ 	zs->zs_free_ent = zs->zs_block_compress ? FIRST : 256;
+ 
+-	zs->u.r.zs_finchar = zs->u.r.zs_oldcode = getcode(zs);
+-	if (zs->u.r.zs_oldcode == -1)	/* EOF already? */
+-		return (0);	/* Get out of here */
+-
+-	/* First code must be 8 bits = char. */
+-	*bp++ = (u_char)zs->u.r.zs_finchar;
+-	count--;
++	zs->u.r.zs_oldcode = -1;
+ 	zs->u.r.zs_stackp = de_stack;
+ 
+ 	while ((zs->u.r.zs_code = getcode(zs)) > -1) {
+@@ -275,17 +269,29 @@ zread(void *cookie, char *rbp, int num)
+ 			    zs->u.r.zs_code--)
+ 				tab_prefixof(zs->u.r.zs_code) = 0;
+ 			zs->zs_clear_flg = 1;
+-			zs->zs_free_ent = FIRST - 1;
+-			if ((zs->u.r.zs_code = getcode(zs)) == -1)	/* O, untimely death! */
+-				break;
++			zs->zs_free_ent = FIRST;
++			zs->u.r.zs_oldcode = -1;
++			continue;
+ 		}
+ 		zs->u.r.zs_incode = zs->u.r.zs_code;
+ 
+ 		/* Special case for KwKwK string. */
+ 		if (zs->u.r.zs_code >= zs->zs_free_ent) {
++			if (zs->u.r.zs_code > zs->zs_free_ent ||
++			    zs->u.r.zs_oldcode == -1) {
++				/* Bad stream. */
++				errno = EINVAL;
++				return (-1);
++			}
+ 			*zs->u.r.zs_stackp++ = zs->u.r.zs_finchar;
+ 			zs->u.r.zs_code = zs->u.r.zs_oldcode;
+ 		}
++		/*
++		 * The above condition ensures that code < free_ent.
++		 * The construction of tab_prefixof in turn guarantees that
++		 * each iteration decreases code and therefore stack usage is
++		 * bound by 1 << BITS - 256.
++		 */
+ 
+ 		/* Generate output characters in reverse order. */
+ 		while (zs->u.r.zs_code >= 256) {
+@@ -302,7 +308,8 @@ middle:		do {
+ 		} while (zs->u.r.zs_stackp > de_stack);
+ 
+ 		/* Generate the new entry. */
+-		if ((zs->u.r.zs_code = zs->zs_free_ent) < zs->zs_maxmaxcode) {
++		if ((zs->u.r.zs_code = zs->zs_free_ent) < zs->zs_maxmaxcode &&
++		    zs->u.r.zs_oldcode != -1) {
+ 			tab_prefixof(zs->u.r.zs_code) = (u_short) zs->u.r.zs_oldcode;
+ 			tab_suffixof(zs->u.r.zs_code) = zs->u.r.zs_finchar;
+ 			zs->zs_free_ent = zs->u.r.zs_code + 1;
diff --git a/share/security/patches/SA-11:04/compress.patch.asc b/share/security/patches/SA-11:04/compress.patch.asc
new file mode 100644
index 0000000000..a2ce35e733
--- /dev/null
+++ b/share/security/patches/SA-11:04/compress.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk6C4FIACgkQFdaIBMps37JvrwCfbJBc7TpJH3eZWR/26k0V9v0Y
+nyUAn178hdwKlyPSM/UH5g9pLirFJD3T
+=0jz5
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:05/unix-linux.patch b/share/security/patches/SA-11:05/unix-linux.patch
new file mode 100644
index 0000000000..abedbdb2b1
--- /dev/null
+++ b/share/security/patches/SA-11:05/unix-linux.patch
@@ -0,0 +1,33 @@
+Index: sys/compat/linux/linux_socket.c
+===================================================================
+--- sys/compat/linux/linux_socket.c	(revision 225919)
++++ sys/compat/linux/linux_socket.c	(working copy)
+@@ -104,6 +104,7 @@
+ 	int oldv6size;
+ 	struct sockaddr_in6 *sin6;
+ #endif
++	int namelen;
+ 
+ 	if (*osalen < 2 || *osalen > UCHAR_MAX || !osa)
+ 		return (EINVAL);
+@@ -166,6 +167,20 @@
+ 		}
+ 	}
+ 
++	if ((bdom == AF_LOCAL) && (*osalen > sizeof(struct sockaddr_un))) {
++		for (namelen = 0;
++		    namelen < *osalen - offsetof(struct sockaddr_un, sun_path);
++		    namelen++)
++			if (!((struct sockaddr_un *)kosa)->sun_path[namelen])
++				break;
++		if (namelen + offsetof(struct sockaddr_un, sun_path) >
++		    sizeof(struct sockaddr_un)) {
++			error = EINVAL;
++			goto out;
++		}
++		alloclen = sizeof(struct sockaddr_un);
++	}
++
+ 	sa = (struct sockaddr *) kosa;
+ 	sa->sa_family = bdom;
+ 	sa->sa_len = alloclen;
diff --git a/share/security/patches/SA-11:05/unix-linux.patch.asc b/share/security/patches/SA-11:05/unix-linux.patch.asc
new file mode 100644
index 0000000000..5b5ff41412
--- /dev/null
+++ b/share/security/patches/SA-11:05/unix-linux.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk6LWmcACgkQFdaIBMps37JFeQCfZXMfZdaGhAP5KMUtQzZloHBQ
+OYYAnjr2ps/8BluTdbraJ0PMgCQUIx6L
+=IUwk
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:05/unix.patch b/share/security/patches/SA-11:05/unix.patch
new file mode 100644
index 0000000000..7e4dbedb17
--- /dev/null
+++ b/share/security/patches/SA-11:05/unix.patch
@@ -0,0 +1,22 @@
+Index: sys/kern/uipc_usrreq.c
+===================================================================
+--- sys/kern/uipc_usrreq.c	(revision 225745)
++++ sys/kern/uipc_usrreq.c	(working copy)
+@@ -462,6 +462,8 @@
+ 	unp = sotounpcb(so);
+ 	KASSERT(unp != NULL, ("uipc_bind: unp == NULL"));
+ 
++	if (soun->sun_len > sizeof(struct sockaddr_un))
++		return (EINVAL);
+ 	namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path);
+ 	if (namelen <= 0)
+ 		return (EINVAL);
+@@ -1252,6 +1254,8 @@
+ 	unp = sotounpcb(so);
+ 	KASSERT(unp != NULL, ("unp_connect: unp == NULL"));
+ 
++	if (nam->sa_len > sizeof(struct sockaddr_un))
++		return (EINVAL);
+ 	len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
+ 	if (len <= 0)
+ 		return (EINVAL);
diff --git a/share/security/patches/SA-11:05/unix.patch.asc b/share/security/patches/SA-11:05/unix.patch.asc
new file mode 100644
index 0000000000..74a2b56746
--- /dev/null
+++ b/share/security/patches/SA-11:05/unix.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk6C4FcACgkQFdaIBMps37Ih2gCdFOEbzmhQqOYcvzjqjaEvXYv+
+ZlEAoJ8pQpdvPmszGTMBqzJoFgO4BBZJ
+=X3O3
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:05/unix2.patch b/share/security/patches/SA-11:05/unix2.patch
new file mode 100644
index 0000000000..50dacd0e5a
--- /dev/null
+++ b/share/security/patches/SA-11:05/unix2.patch
@@ -0,0 +1,55 @@
+Index: sys/kern/uipc_usrreq.c
+===================================================================
+--- sys/kern/uipc_usrreq.c	(revision 225745)
++++ sys/kern/uipc_usrreq.c	(working copy)
+@@ -462,6 +462,8 @@
+ 	unp = sotounpcb(so);
+ 	KASSERT(unp != NULL, ("uipc_bind: unp == NULL"));
+ 
++	if (soun->sun_len > sizeof(struct sockaddr_un))
++		return (EINVAL);
+ 	namelen = soun->sun_len - offsetof(struct sockaddr_un, sun_path);
+ 	if (namelen <= 0)
+ 		return (EINVAL);
+@@ -1252,6 +1254,8 @@
+ 	unp = sotounpcb(so);
+ 	KASSERT(unp != NULL, ("unp_connect: unp == NULL"));
+ 
++	if (nam->sa_len > sizeof(struct sockaddr_un))
++		return (EINVAL);
+ 	len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
+ 	if (len <= 0)
+ 		return (EINVAL);
+Index: sys/compat/linux/linux_socket.c
+===================================================================
+--- sys/compat/linux/linux_socket.c	(revision 225919)
++++ sys/compat/linux/linux_socket.c	(working copy)
+@@ -104,6 +104,7 @@
+ 	int oldv6size;
+ 	struct sockaddr_in6 *sin6;
+ #endif
++	int namelen;
+ 
+ 	if (*osalen < 2 || *osalen > UCHAR_MAX || !osa)
+ 		return (EINVAL);
+@@ -166,6 +167,20 @@
+ 		}
+ 	}
+ 
++	if ((bdom == AF_LOCAL) && (*osalen > sizeof(struct sockaddr_un))) {
++		for (namelen = 0;
++		    namelen < *osalen - offsetof(struct sockaddr_un, sun_path);
++		    namelen++)
++			if (!((struct sockaddr_un *)kosa)->sun_path[namelen])
++				break;
++		if (namelen + offsetof(struct sockaddr_un, sun_path) >
++		    sizeof(struct sockaddr_un)) {
++			error = EINVAL;
++			goto out;
++		}
++		alloclen = sizeof(struct sockaddr_un);
++	}
++
+ 	sa = (struct sockaddr *) kosa;
+ 	sa->sa_family = bdom;
+ 	sa->sa_len = alloclen;
diff --git a/share/security/patches/SA-11:05/unix2.patch.asc b/share/security/patches/SA-11:05/unix2.patch.asc
new file mode 100644
index 0000000000..5dc6afb058
--- /dev/null
+++ b/share/security/patches/SA-11:05/unix2.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk6LWmEACgkQFdaIBMps37JdcgCggSG2HfzMNs9axOQ88Wa2A5dW
+NZ4AoIEHZwIyBsq10MqEYvHifnZ0TcDt
+=NfUS
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:06/bind7.patch b/share/security/patches/SA-11:06/bind7.patch
new file mode 100644
index 0000000000..0adf932e1a
--- /dev/null
+++ b/share/security/patches/SA-11:06/bind7.patch
@@ -0,0 +1,83 @@
+Index: contrib/bind9/lib/dns/rbtdb.c
+===================================================================
+--- contrib/bind9/lib/dns/rbtdb.c	(revision 228801)
++++ contrib/bind9/lib/dns/rbtdb.c	(working copy)
+@@ -244,6 +244,7 @@
+ #define RDATASET_ATTR_IGNORE		0x0004
+ #define RDATASET_ATTR_RETAIN		0x0008
+ #define RDATASET_ATTR_NXDOMAIN		0x0010
++#define RDATASET_ATTR_NEGATIVE		0x0100
+ 
+ typedef struct acache_cbarg {
+ 	dns_rdatasetadditional_t	type;
+@@ -278,6 +279,8 @@
+ 	(((header)->attributes & RDATASET_ATTR_RETAIN) != 0)
+ #define NXDOMAIN(header) \
+ 	(((header)->attributes & RDATASET_ATTR_NXDOMAIN) != 0)
++#define NEGATIVE(header) \
++	(((header)->attributes & RDATASET_ATTR_NEGATIVE) != 0)
+ 
+ #define DEFAULT_NODE_LOCK_COUNT		7	/*%< Should be prime. */
+ #define DEFAULT_CACHE_NODE_LOCK_COUNT	1009	/*%< Should be prime. */
+@@ -3662,7 +3665,7 @@
+ 	    result == DNS_R_NCACHENXRRSET) {
+ 		bind_rdataset(search.rbtdb, node, found, search.now,
+ 			      rdataset);
+-		if (foundsig != NULL)
++		if (!NEGATIVE(found) && foundsig != NULL)
+ 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
+ 				      sigrdataset);
+ 	}
+@@ -4248,7 +4251,7 @@
+ 	}
+ 	if (found != NULL) {
+ 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+-		if (foundsig != NULL)
++		if (!NEGATIVE(found) && foundsig != NULL)
+ 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
+ 				      sigrdataset);
+ 	}
+Index: contrib/bind9/bin/named/query.c
+===================================================================
+--- contrib/bind9/bin/named/query.c	(revision 228801)
++++ contrib/bind9/bin/named/query.c	(working copy)
+@@ -1251,11 +1251,9 @@
+ 			goto addname;
+ 		if (result == DNS_R_NCACHENXRRSET) {
+ 			dns_rdataset_disassociate(rdataset);
+-			/*
+-			 * Negative cache entries don't have sigrdatasets.
+-			 */
+-			INSIST(sigrdataset == NULL ||
+-			       ! dns_rdataset_isassociated(sigrdataset));
++			if (sigrdataset != NULL &&
++			    dns_rdataset_isassociated(sigrdataset))
++				dns_rdataset_disassociate(sigrdataset);
+ 		}
+ 		if (result == ISC_R_SUCCESS) {
+ 			mname = NULL;
+@@ -1296,8 +1294,9 @@
+ 			goto addname;
+ 		if (result == DNS_R_NCACHENXRRSET) {
+ 			dns_rdataset_disassociate(rdataset);
+-			INSIST(sigrdataset == NULL ||
+-			       ! dns_rdataset_isassociated(sigrdataset));
++			if (sigrdataset != NULL &&
++			    dns_rdataset_isassociated(sigrdataset))
++				dns_rdataset_disassociate(sigrdataset);
+ 		}
+ 		if (result == ISC_R_SUCCESS) {
+ 			mname = NULL;
+@@ -1746,10 +1745,8 @@
+ 		goto setcache;
+ 	if (result == DNS_R_NCACHENXRRSET) {
+ 		dns_rdataset_disassociate(rdataset);
+-		/*
+-		 * Negative cache entries don't have sigrdatasets.
+-		 */
+-		INSIST(! dns_rdataset_isassociated(sigrdataset));
++		if (dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
+ 	}
+ 	if (result == ISC_R_SUCCESS) {
+ 		/* Remember the result as a cache */
diff --git a/share/security/patches/SA-11:06/bind7.patch.asc b/share/security/patches/SA-11:06/bind7.patch.asc
new file mode 100644
index 0000000000..fdd88154fc
--- /dev/null
+++ b/share/security/patches/SA-11:06/bind7.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEUEABECAAYFAk70lBoACgkQFdaIBMps37Jy3wCdE13xw/mdrducnihmhP1EzoEP
+FDwAmNlbmmh17791rl7Io22gUCwobss=
+=dUL/
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:06/bind8.patch b/share/security/patches/SA-11:06/bind8.patch
new file mode 100644
index 0000000000..3708bb5433
--- /dev/null
+++ b/share/security/patches/SA-11:06/bind8.patch
@@ -0,0 +1,83 @@
+Index: contrib/bind9/lib/dns/rbtdb.c
+===================================================================
+--- contrib/bind9/lib/dns/rbtdb.c	(revision 228802)
++++ contrib/bind9/lib/dns/rbtdb.c	(working copy)
+@@ -278,6 +278,7 @@
+ #define RDATASET_ATTR_RESIGN            0x0020
+ #define RDATASET_ATTR_STATCOUNT         0x0040
+ #define RDATASET_ATTR_OPTOUT		0x0080
++#define RDATASET_ATTR_NEGATIVE		0x0100
+ 
+ typedef struct acache_cbarg {
+ 	dns_rdatasetadditional_t        type;
+@@ -316,6 +317,8 @@
+ 	(((header)->attributes & RDATASET_ATTR_RESIGN) != 0)
+ #define OPTOUT(header) \
+ 	(((header)->attributes & RDATASET_ATTR_OPTOUT) != 0)
++#define NEGATIVE(header) \
++	(((header)->attributes & RDATASET_ATTR_NEGATIVE) != 0)
+ 
+ #define DEFAULT_NODE_LOCK_COUNT         7       /*%< Should be prime. */
+ 
+@@ -4620,7 +4623,7 @@
+ 			      rdataset);
+ 		if (need_headerupdate(found, search.now))
+ 			update = found;
+-		if (foundsig != NULL) {
++		if (!NEGATIVE(found) && foundsig != NULL) {
+ 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
+ 				      sigrdataset);
+ 			if (need_headerupdate(foundsig, search.now))
+@@ -5249,7 +5252,7 @@
+ 	}
+ 	if (found != NULL) {
+ 		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+-		if (foundsig != NULL)
++		if (!NEGATIVE(found) && foundsig != NULL)
+ 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
+ 				      sigrdataset);
+ 	}
+Index: contrib/bind9/bin/named/query.c
+===================================================================
+--- contrib/bind9/bin/named/query.c	(revision 228802)
++++ contrib/bind9/bin/named/query.c	(working copy)
+@@ -1280,11 +1280,9 @@
+ 			goto addname;
+ 		if (result == DNS_R_NCACHENXRRSET) {
+ 			dns_rdataset_disassociate(rdataset);
+-			/*
+-			 * Negative cache entries don't have sigrdatasets.
+-			 */
+-			INSIST(sigrdataset == NULL ||
+-			       ! dns_rdataset_isassociated(sigrdataset));
++			if (sigrdataset != NULL &&
++			    dns_rdataset_isassociated(sigrdataset))
++				dns_rdataset_disassociate(sigrdataset);
+ 		}
+ 		if (result == ISC_R_SUCCESS) {
+ 			mname = NULL;
+@@ -1325,8 +1323,9 @@
+ 			goto addname;
+ 		if (result == DNS_R_NCACHENXRRSET) {
+ 			dns_rdataset_disassociate(rdataset);
+-			INSIST(sigrdataset == NULL ||
+-			       ! dns_rdataset_isassociated(sigrdataset));
++			if (sigrdataset != NULL &&
++			    dns_rdataset_isassociated(sigrdataset))
++				dns_rdataset_disassociate(sigrdataset);
+ 		}
+ 		if (result == ISC_R_SUCCESS) {
+ 			mname = NULL;
+@@ -1775,10 +1774,8 @@
+ 		goto setcache;
+ 	if (result == DNS_R_NCACHENXRRSET) {
+ 		dns_rdataset_disassociate(rdataset);
+-		/*
+-		 * Negative cache entries don't have sigrdatasets.
+-		 */
+-		INSIST(! dns_rdataset_isassociated(sigrdataset));
++		if (dns_rdataset_isassociated(sigrdataset))
++			dns_rdataset_disassociate(sigrdataset);
+ 	}
+ 	if (result == ISC_R_SUCCESS) {
+ 		/* Remember the result as a cache */
diff --git a/share/security/patches/SA-11:06/bind8.patch.asc b/share/security/patches/SA-11:06/bind8.patch.asc
new file mode 100644
index 0000000000..0373af8241
--- /dev/null
+++ b/share/security/patches/SA-11:06/bind8.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk70lBoACgkQFdaIBMps37LZkACfXmPidWb1o+t/ejTXjzFninQJ
+gSUAn0ggHTbcIGCyXglMkwauy+Mp8z3b
+=6kFV
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:07/chroot7.patch b/share/security/patches/SA-11:07/chroot7.patch
new file mode 100644
index 0000000000..e77e6709f4
--- /dev/null
+++ b/share/security/patches/SA-11:07/chroot7.patch
@@ -0,0 +1,194 @@
+Index: include/unistd.h
+===================================================================
+--- include/unistd.h	(revision 228798)
++++ include/unistd.h	(working copy)
+@@ -494,6 +494,7 @@
+ int	 iruserok(unsigned long, int, const char *, const char *);
+ int	 iruserok_sa(const void *, int, int, const char *, const char *);
+ int	 issetugid(void);
++void	__FreeBSD_libc_enter_restricted_mode(void);
+ char	*mkdtemp(char *);
+ #ifndef	_MKNOD_DECLARED
+ int	 mknod(const char *, mode_t, dev_t);
+Index: lib/libc/include/libc_private.h
+===================================================================
+--- lib/libc/include/libc_private.h	(revision 228798)
++++ lib/libc/include/libc_private.h	(working copy)
+@@ -44,6 +44,17 @@
+ extern int	__isthreaded;
+ 
+ /*
++ * libc should use libc_dlopen internally, which respects a global
++ * flag where loading of new shared objects can be restricted.
++ */
++void *libc_dlopen(const char *, int);
++
++/*
++ * For dynamic linker.
++ */
++void _rtld_error(const char *fmt, ...);
++
++/*
+  * File lock contention is difficult to diagnose without knowing
+  * where locks were set. Allow a debug library to be built which
+  * records the source file and line number of each lock call.
+Index: lib/libc/Versions.def
+===================================================================
+--- lib/libc/Versions.def	(revision 228798)
++++ lib/libc/Versions.def	(working copy)
+@@ -20,9 +20,13 @@
+ FBSD_1.2 {
+ } FBSD_1.1;
+ 
++# This version was first added to 10.0-current.
++FBSD_1.3 {
++} FBSD_1.2;
++
+ # This is our private namespace.  Any global interfaces that are
+ # strictly for use only by other FreeBSD applications and libraries
+ # are listed here.  We use a separate namespace so we can write
+ # simple ABI-checking tools.
+ FBSDprivate_1.0 {
+-} FBSD_1.2;
++} FBSD_1.3;
+Index: lib/libc/net/nsdispatch.c
+===================================================================
+--- lib/libc/net/nsdispatch.c	(revision 228798)
++++ lib/libc/net/nsdispatch.c	(working copy)
+@@ -369,7 +369,7 @@
+ 	confmod = statbuf.st_mtime;
+ 
+ #ifdef NS_CACHING
+-	handle = dlopen(NULL, RTLD_LAZY | RTLD_GLOBAL);
++	handle = libc_dlopen(NULL, RTLD_LAZY | RTLD_GLOBAL);
+ 	if (handle != NULL) {
+ 		nss_cache_cycle_prevention_func = dlsym(handle,
+ 			"_nss_cache_cycle_prevention_function");
+@@ -482,7 +482,7 @@
+ 		if (snprintf(buf, sizeof(buf), "nss_%s.so.%d", mod.name,
+ 		    NSS_MODULE_INTERFACE_VERSION) >= (int)sizeof(buf))
+ 			goto fin;
+-		mod.handle = dlopen(buf, RTLD_LOCAL|RTLD_LAZY);
++		mod.handle = libc_dlopen(buf, RTLD_LOCAL|RTLD_LAZY);
+ 		if (mod.handle == NULL) {
+ #ifdef _NSS_DEBUG
+ 			/* This gets pretty annoying since the built-in
+Index: lib/libc/gen/Symbol.map
+===================================================================
+--- lib/libc/gen/Symbol.map	(revision 228798)
++++ lib/libc/gen/Symbol.map	(working copy)
+@@ -345,6 +345,10 @@
+ 	getpagesizes;
+ };
+ 
++FBSD_1.3 {
++	__FreeBSD_libc_enter_restricted_mode;
++};
++
+ FBSDprivate_1.0 {
+ 	/* needed by thread libraries */
+ 	__thr_jtable;
+Index: lib/libc/gen/Makefile.inc
+===================================================================
+--- lib/libc/gen/Makefile.inc	(revision 228798)
++++ lib/libc/gen/Makefile.inc	(working copy)
+@@ -20,6 +20,7 @@
+ 	getpeereid.c getprogname.c getpwent.c getttyent.c \
+ 	getusershell.c getvfsbyname.c glob.c \
+ 	initgroups.c isatty.c isinf.c isnan.c jrand48.c lcong48.c \
++	libc_dlopen.c \
+ 	lockf.c lrand48.c mrand48.c nftw.c nice.c \
+ 	nlist.c nrand48.c opendir.c \
+ 	pause.c pmadvise.c popen.c posixshm.c pselect.c \
+Index: lib/libc/gen/libc_dlopen.c
+===================================================================
+--- lib/libc/gen/libc_dlopen.c	(revision 0)
++++ lib/libc/gen/libc_dlopen.c	(working copy)
+@@ -0,0 +1,61 @@
++/*-
++ * Copyright (c) 2011 Xin Li <delphij@FreeBSD.org>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * $FreeBSD$
++ */
++
++#include <sys/cdefs.h>
++__FBSDID("$FreeBSD$");
++
++#include <dlfcn.h>
++#include <stddef.h>
++#include <unistd.h>
++
++#include "libc_private.h"
++
++/*
++ * Whether we want to restrict dlopen()s.
++ */
++static int __libc_restricted_mode = 0;
++
++void *
++libc_dlopen(const char *path, int mode)
++{
++
++	if (__libc_restricted_mode) {
++		_rtld_error("Service unavailable -- libc in restricted mode");
++		return (NULL);
++	} else
++		return (dlopen(path, mode));
++}
++
++void
++__FreeBSD_libc_enter_restricted_mode(void)
++{
++
++	__libc_restricted_mode = 1;
++	return;
++}
++
+Index: libexec/ftpd/popen.c
+===================================================================
+--- libexec/ftpd/popen.c	(revision 228798)
++++ libexec/ftpd/popen.c	(working copy)
+@@ -143,6 +143,9 @@
+ 			}
+ 			(void)close(pdes[1]);
+ 		}
++		/* Drop privileges before proceeding */
++		if (getuid() != geteuid() && setuid(geteuid()) < 0)
++			_exit(1);
+ 		if (strcmp(gargv[0], _PATH_LS) == 0) {
+ 			/* Reset getopt for ls_main() */
+ 			optreset = optind = optopt = 1;
+Index: libexec/ftpd/ftpd.c
+===================================================================
+--- libexec/ftpd/ftpd.c	(revision 228798)
++++ libexec/ftpd/ftpd.c	(working copy)
+@@ -1546,6 +1546,7 @@
+ 			reply(550, "Can't change root.");
+ 			goto bad;
+ 		}
++		__FreeBSD_libc_enter_restricted_mode();
+ 	} else	/* real user w/o chroot */
+ 		homedir = pw->pw_dir;
+ 	/*
diff --git a/share/security/patches/SA-11:07/chroot7.patch.asc b/share/security/patches/SA-11:07/chroot7.patch.asc
new file mode 100644
index 0000000000..52e666d10b
--- /dev/null
+++ b/share/security/patches/SA-11:07/chroot7.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk70lBoACgkQFdaIBMps37KFvwCfa0eZuue2mWNSxqdHGFMkQ4ja
+JZUAnjDQ6GkzgreWMvWrnFlENOa9jn9b
+=RNt4
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:07/chroot8.patch b/share/security/patches/SA-11:07/chroot8.patch
new file mode 100644
index 0000000000..545cf1456a
--- /dev/null
+++ b/share/security/patches/SA-11:07/chroot8.patch
@@ -0,0 +1,196 @@
+Index: include/unistd.h
+===================================================================
+--- include/unistd.h	(revision 228798)
++++ include/unistd.h	(working copy)
+@@ -513,6 +513,7 @@
+ int	 iruserok(unsigned long, int, const char *, const char *);
+ int	 iruserok_sa(const void *, int, int, const char *, const char *);
+ int	 issetugid(void);
++void	__FreeBSD_libc_enter_restricted_mode(void);
+ long	 lpathconf(const char *, int);
+ #ifndef _MKDTEMP_DECLARED
+ char	*mkdtemp(char *);
+Index: lib/libc/include/libc_private.h
+===================================================================
+--- lib/libc/include/libc_private.h	(revision 228798)
++++ lib/libc/include/libc_private.h	(working copy)
+@@ -44,6 +44,17 @@
+ extern int	__isthreaded;
+ 
+ /*
++ * libc should use libc_dlopen internally, which respects a global
++ * flag where loading of new shared objects can be restricted.
++ */
++void *libc_dlopen(const char *, int);
++
++/*
++ * For dynamic linker.
++ */
++void _rtld_error(const char *fmt, ...);
++
++/*
+  * File lock contention is difficult to diagnose without knowing
+  * where locks were set. Allow a debug library to be built which
+  * records the source file and line number of each lock call.
+Index: lib/libc/Versions.def
+===================================================================
+--- lib/libc/Versions.def	(revision 228798)
++++ lib/libc/Versions.def	(working copy)
+@@ -19,6 +19,10 @@
+ FBSD_1.2 {
+ } FBSD_1.1;
+ 
++# This version was first added to 10.0-current.
++FBSD_1.3 {
++} FBSD_1.2;
++
+ # This is our private namespace.  Any global interfaces that are
+ # strictly for use only by other FreeBSD applications and libraries
+ # are listed here.  We use a separate namespace so we can write
+@@ -26,4 +30,4 @@
+ #
+ # Please do NOT increment the version of this namespace.
+ FBSDprivate_1.0 {
+-} FBSD_1.2;
++} FBSD_1.3;
+Index: lib/libc/net/nsdispatch.c
+===================================================================
+--- lib/libc/net/nsdispatch.c	(revision 228798)
++++ lib/libc/net/nsdispatch.c	(working copy)
+@@ -384,7 +384,7 @@
+ 	confmod = statbuf.st_mtime;
+ 
+ #ifdef NS_CACHING
+-	handle = dlopen(NULL, RTLD_LAZY | RTLD_GLOBAL);
++	handle = libc_dlopen(NULL, RTLD_LAZY | RTLD_GLOBAL);
+ 	if (handle != NULL) {
+ 		nss_cache_cycle_prevention_func = dlsym(handle,
+ 			"_nss_cache_cycle_prevention_function");
+@@ -497,7 +497,7 @@
+ 		if (snprintf(buf, sizeof(buf), "nss_%s.so.%d", mod.name,
+ 		    NSS_MODULE_INTERFACE_VERSION) >= (int)sizeof(buf))
+ 			goto fin;
+-		mod.handle = dlopen(buf, RTLD_LOCAL|RTLD_LAZY);
++		mod.handle = libc_dlopen(buf, RTLD_LOCAL|RTLD_LAZY);
+ 		if (mod.handle == NULL) {
+ #ifdef _NSS_DEBUG
+ 			/* This gets pretty annoying since the built-in
+Index: lib/libc/gen/Symbol.map
+===================================================================
+--- lib/libc/gen/Symbol.map	(revision 228798)
++++ lib/libc/gen/Symbol.map	(working copy)
+@@ -369,6 +369,10 @@
+ 	getpagesizes;
+ };
+ 
++FBSD_1.3 {
++	__FreeBSD_libc_enter_restricted_mode;
++};
++
+ FBSDprivate_1.0 {
+ 	/* needed by thread libraries */
+ 	__thr_jtable;
+Index: lib/libc/gen/Makefile.inc
+===================================================================
+--- lib/libc/gen/Makefile.inc	(revision 228798)
++++ lib/libc/gen/Makefile.inc	(working copy)
+@@ -20,6 +20,7 @@
+ 	getpeereid.c getprogname.c getpwent.c getttyent.c \
+ 	getusershell.c getvfsbyname.c glob.c \
+ 	initgroups.c isatty.c isinf.c isnan.c jrand48.c lcong48.c \
++	libc_dlopen.c \
+ 	lockf.c lrand48.c mrand48.c nftw.c nice.c \
+ 	nlist.c nrand48.c opendir.c \
+ 	pause.c pmadvise.c popen.c posix_spawn.c \
+Index: lib/libc/gen/libc_dlopen.c
+===================================================================
+--- lib/libc/gen/libc_dlopen.c	(revision 0)
++++ lib/libc/gen/libc_dlopen.c	(working copy)
+@@ -0,0 +1,61 @@
++/*-
++ * Copyright (c) 2011 Xin Li <delphij@FreeBSD.org>
++ * All rights reserved.
++ *
++ * Redistribution and use in source and binary forms, with or without
++ * modification, are permitted provided that the following conditions
++ * are met:
++ * 1. Redistributions of source code must retain the above copyright
++ *    notice, this list of conditions and the following disclaimer.
++ * 2. Redistributions in binary form must reproduce the above copyright
++ *    notice, this list of conditions and the following disclaimer in the
++ *    documentation and/or other materials provided with the distribution.
++ *
++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
++ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
++ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++ * SUCH DAMAGE.
++ *
++ * $FreeBSD$
++ */
++
++#include <sys/cdefs.h>
++__FBSDID("$FreeBSD$");
++
++#include <dlfcn.h>
++#include <stddef.h>
++#include <unistd.h>
++
++#include "libc_private.h"
++
++/*
++ * Whether we want to restrict dlopen()s.
++ */
++static int __libc_restricted_mode = 0;
++
++void *
++libc_dlopen(const char *path, int mode)
++{
++
++	if (__libc_restricted_mode) {
++		_rtld_error("Service unavailable -- libc in restricted mode");
++		return (NULL);
++	} else
++		return (dlopen(path, mode));
++}
++
++void
++__FreeBSD_libc_enter_restricted_mode(void)
++{
++
++	__libc_restricted_mode = 1;
++	return;
++}
++
+Index: libexec/ftpd/popen.c
+===================================================================
+--- libexec/ftpd/popen.c	(revision 228798)
++++ libexec/ftpd/popen.c	(working copy)
+@@ -143,6 +143,9 @@
+ 			}
+ 			(void)close(pdes[1]);
+ 		}
++		/* Drop privileges before proceeding */
++		if (getuid() != geteuid() && setuid(geteuid()) < 0)
++			_exit(1);
+ 		if (strcmp(gargv[0], _PATH_LS) == 0) {
+ 			/* Reset getopt for ls_main() */
+ 			optreset = optind = optopt = 1;
+Index: libexec/ftpd/ftpd.c
+===================================================================
+--- libexec/ftpd/ftpd.c	(revision 228798)
++++ libexec/ftpd/ftpd.c	(working copy)
+@@ -1543,6 +1543,7 @@
+ 			reply(550, "Can't change root.");
+ 			goto bad;
+ 		}
++		__FreeBSD_libc_enter_restricted_mode();
+ 	} else	/* real user w/o chroot */
+ 		homedir = pw->pw_dir;
+ 	/*
diff --git a/share/security/patches/SA-11:07/chroot8.patch.asc b/share/security/patches/SA-11:07/chroot8.patch.asc
new file mode 100644
index 0000000000..b0e972116d
--- /dev/null
+++ b/share/security/patches/SA-11:07/chroot8.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk70lBoACgkQFdaIBMps37LyeACeOCTxqyns1NQQmFo5VA00lmZ3
+CSoAoJLR4sqUrYmA6eouc+qSIEUKlVID
+=cJHR
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:08/telnetd.patch b/share/security/patches/SA-11:08/telnetd.patch
new file mode 100644
index 0000000000..adb31d7b6d
--- /dev/null
+++ b/share/security/patches/SA-11:08/telnetd.patch
@@ -0,0 +1,28 @@
+Index: crypto/heimdal/appl/telnet/libtelnet/encrypt.c
+===================================================================
+--- crypto/heimdal/appl/telnet/libtelnet/encrypt.c	(revision 228798)
++++ crypto/heimdal/appl/telnet/libtelnet/encrypt.c	(working copy)
+@@ -736,6 +736,9 @@
+     int dir = kp->dir;
+     int ret = 0;
+ 
++    if (len > MAXKEYLEN)
++        len = MAXKEYLEN;
++
+     if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+ 	if (len == 0)
+ 	    return;
+Index: contrib/telnet/libtelnet/encrypt.c
+===================================================================
+--- contrib/telnet/libtelnet/encrypt.c	(revision 228798)
++++ contrib/telnet/libtelnet/encrypt.c	(working copy)
+@@ -721,6 +721,9 @@
+ 	int dir = kp->dir;
+ 	int ret = 0;
+ 
++	if (len > MAXKEYLEN)
++		len = MAXKEYLEN;
++
+ 	if (!(ep = (*kp->getcrypt)(*kp->modep))) {
+ 		if (len == 0)
+ 			return;
diff --git a/share/security/patches/SA-11:08/telnetd.patch.asc b/share/security/patches/SA-11:08/telnetd.patch.asc
new file mode 100644
index 0000000000..7e67613fed
--- /dev/null
+++ b/share/security/patches/SA-11:08/telnetd.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk70lBoACgkQFdaIBMps37JlgQCcC2y3dg3op5c5MoL2S7lO6s9S
+7+sAoIqH8YPc1iT4FrXl6AQPeozETyVS
+=20V2
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:09/pam_ssh.patch b/share/security/patches/SA-11:09/pam_ssh.patch
new file mode 100644
index 0000000000..67d351be30
--- /dev/null
+++ b/share/security/patches/SA-11:09/pam_ssh.patch
@@ -0,0 +1,64 @@
+Index: lib/libpam/modules/pam_ssh/pam_ssh.c
+===================================================================
+--- lib/libpam/modules/pam_ssh/pam_ssh.c	(revision 227756)
++++ lib/libpam/modules/pam_ssh/pam_ssh.c	(revision 227757)
+@@ -93,7 +93,8 @@
+  * struct pam_ssh_key containing the key and its comment.
+  */
+ static struct pam_ssh_key *
+-pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase)
++pam_ssh_load_key(const char *dir, const char *kfn, const char *passphrase,
++    int nullok)
+ {
+ 	struct pam_ssh_key *psk;
+ 	char fn[PATH_MAX];
+@@ -103,7 +104,21 @@
+ 	if (snprintf(fn, sizeof(fn), "%s/%s", dir, kfn) > (int)sizeof(fn))
+ 		return (NULL);
+ 	comment = NULL;
+-	key = key_load_private(fn, passphrase, &comment);
++	/*
++	 * If the key is unencrypted, OpenSSL ignores the passphrase, so
++	 * it will seem like the user typed in the right one.  This allows
++	 * a user to circumvent nullok by providing a dummy passphrase.
++	 * Verify that the key really *is* encrypted by trying to load it
++	 * with an empty passphrase, and if the key is not encrypted,
++	 * accept only an empty passphrase.
++	 */
++	key = key_load_private(fn, NULL, &comment);
++	if (key != NULL && !(*passphrase == '\0' && nullok)) {
++		key_free(key);
++		return (NULL);
++	}
++	if (key == NULL)
++		key = key_load_private(fn, passphrase, &comment);
+ 	if (key == NULL) {
+ 		openpam_log(PAM_LOG_DEBUG, "failed to load key from %s", fn);
+ 		return (NULL);
+@@ -170,9 +185,6 @@
+ 	if (pam_err != PAM_SUCCESS)
+ 		return (pam_err);
+ 
+-	if (*passphrase == '\0' && !nullok)
+-		goto skip_keys;
+-
+ 	/* switch to user credentials */
+ 	pam_err = openpam_borrow_cred(pamh, pwd);
+ 	if (pam_err != PAM_SUCCESS)
+@@ -180,7 +192,7 @@
+ 
+ 	/* try to load keys from all keyfiles we know of */
+ 	for (kfn = pam_ssh_keyfiles; *kfn != NULL; ++kfn) {
+-		psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase);
++		psk = pam_ssh_load_key(pwd->pw_dir, *kfn, passphrase, nullok);
+ 		if (psk != NULL) {
+ 			pam_set_data(pamh, *kfn, psk, pam_ssh_free_key);
+ 			++nkeys;
+@@ -190,7 +202,6 @@
+ 	/* switch back to arbitrator credentials */
+ 	openpam_restore_cred(pamh);
+ 
+- skip_keys:
+ 	/*
+ 	 * If we tried an old token and didn't get anything, and
+ 	 * try_first_pass was specified, try again after prompting the
diff --git a/share/security/patches/SA-11:09/pam_ssh.patch.asc b/share/security/patches/SA-11:09/pam_ssh.patch.asc
new file mode 100644
index 0000000000..9873975a6e
--- /dev/null
+++ b/share/security/patches/SA-11:09/pam_ssh.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk70lBoACgkQFdaIBMps37I3swCgjen8IqPneKqYZIIhmHC1Xghp
+bzEAn1+rAhk18L/gwMO0O4i/rSke2WjK
+=tCg/
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-11:10/pam.patch b/share/security/patches/SA-11:10/pam.patch
new file mode 100644
index 0000000000..a8d38235e8
--- /dev/null
+++ b/share/security/patches/SA-11:10/pam.patch
@@ -0,0 +1,18 @@
+Index: contrib/openpam/lib/openpam_configure.c
+===================================================================
+--- contrib/openpam/lib/openpam_configure.c	(revision 228383)
++++ contrib/openpam/lib/openpam_configure.c	(revision 228384)
+@@ -285,6 +285,13 @@
+ 	size_t len;
+ 	int r;
+ 
++	/* don't allow to escape from policy_path */
++	if (strchr(service, '/')) {
++		openpam_log(PAM_LOG_ERROR, "invalid service name: %s",
++		    service);
++		return (-PAM_SYSTEM_ERR);
++	}
++
+ 	for (path = openpam_policy_path; *path != NULL; ++path) {
+ 		len = strlen(*path);
+ 		if ((*path)[len - 1] == '/') {
diff --git a/share/security/patches/SA-11:10/pam.patch.asc b/share/security/patches/SA-11:10/pam.patch.asc
new file mode 100644
index 0000000000..a3e8af3995
--- /dev/null
+++ b/share/security/patches/SA-11:10/pam.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2.0.18 (FreeBSD)
+
+iEYEABECAAYFAk70lBoACgkQFdaIBMps37LwmQCcC1cnhIeA99TWEyfcvJnKWmsg
+abUAnRPtEj4AWz5H2xce/vCrUWOuMRrV
+=AeGO
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-12:01/openssl-sgc-fix.patch b/share/security/patches/SA-12:01/openssl-sgc-fix.patch
new file mode 100644
index 0000000000..9a46f502c6
--- /dev/null
+++ b/share/security/patches/SA-12:01/openssl-sgc-fix.patch
@@ -0,0 +1,46 @@
+Index: crypto/openssl/crypto/buffer/buffer.c
+===================================================================
+--- crypto/openssl/crypto/buffer/buffer.c	(revision 234992)
++++ crypto/openssl/crypto/buffer/buffer.c	(working copy)
+@@ -166,7 +166,7 @@
+ 	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
+ 	if (len > LIMIT_BEFORE_EXPANSION)
+ 		{
+-		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
++		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
+ 		return 0;
+ 		}
+ 	n=(len+3)/3*4;
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c	(revision 234992)
++++ crypto/openssl/ssl/s3_srvr.c	(working copy)
+@@ -698,14 +698,6 @@
+ 	int ok;
+ 	long n;
+ 
+-	/* We only allow the client to restart the handshake once per
+-	 * negotiation. */
+-	if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
+-		{
+-		SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
+-		return -1;
+-		}
+-
+ 	/* this function is called when we really expect a Certificate message,
+ 	 * so permit appropriate message length */
+ 	n=s->method->ssl_get_message(s,
+@@ -718,6 +710,13 @@
+ 	s->s3->tmp.reuse_message = 1;
+ 	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
+ 		{
++		/* We only allow the client to restart the handshake once per
++		 * negotiation. */
++		if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
++			{
++			SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
++			return -1;
++			}
+ 		/* Throw away what we have done so far in the current handshake,
+ 		 * which will now be aborted. (A full SSL_clear would be too much.) */
+ #ifndef OPENSSL_NO_DH
diff --git a/share/security/patches/SA-12:01/openssl-sgc-fix.patch.asc b/share/security/patches/SA-12:01/openssl-sgc-fix.patch.asc
new file mode 100644
index 0000000000..9bf183cf1d
--- /dev/null
+++ b/share/security/patches/SA-12:01/openssl-sgc-fix.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAk/GBHAACgkQFdaIBMps37IWTQCfSYXZKf/bYtZXWmVjrlFj/Phd
+TgYAn1A8WwNT7mItg6ZWl1Zhyv4x11WA
+=4Nl4
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-12:01/openssl.patch b/share/security/patches/SA-12:01/openssl.patch
new file mode 100644
index 0000000000..12d01ab0d9
--- /dev/null
+++ b/share/security/patches/SA-12:01/openssl.patch
@@ -0,0 +1,503 @@
+Index: crypto/openssl/crypto/pkcs7/pk7_doit.c
+===================================================================
+--- crypto/openssl/crypto/pkcs7/pk7_doit.c	(revision 234636)
++++ crypto/openssl/crypto/pkcs7/pk7_doit.c	(working copy)
+@@ -420,6 +420,8 @@
+ 		int max;
+ 		X509_OBJECT ret;
+ #endif
++		unsigned char *tkey = NULL;
++		int tkeylen;
+ 		int jj;
+ 
+ 		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
+@@ -461,36 +463,42 @@
+ 
+ 		if (pcert == NULL)
+ 			{
++			/* Temporary storage in case EVP_PKEY_decrypt
++			 * overwrites output buffer on error.
++			 */
++			unsigned char *tmp2;
++			tmp2 = OPENSSL_malloc(jj);
++			if (!tmp2)
++				goto err;
++			jj = -1;
++			/* Always attempt to decrypt all cases to avoid
++			 * leaking timing information about a successful
++			 * decrypt.
++			 */
+ 			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
+ 				{
++				int tret;
+ 				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+-				jj=EVP_PKEY_decrypt(tmp,
++				tret=EVP_PKEY_decrypt(tmp2,
+ 					M_ASN1_STRING_data(ri->enc_key),
+ 					M_ASN1_STRING_length(ri->enc_key),
+ 						pkey);
+-				if (jj > 0)
+-					break;
++				if (tret > 0)
++					{
++					memcpy(tmp, tmp2, tret);
++					OPENSSL_cleanse(tmp2, tret);
++					jj = tret;
++					}
+ 				ERR_clear_error();
+-				ri = NULL;
+ 				}
+-			if (ri == NULL)
+-				{
+-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+-				      PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
+-				goto err;
+-				}
++			OPENSSL_free(tmp2);
+ 			}
+ 		else
+ 			{
+ 			jj=EVP_PKEY_decrypt(tmp,
+ 				M_ASN1_STRING_data(ri->enc_key),
+ 				M_ASN1_STRING_length(ri->enc_key), pkey);
+-			if (jj <= 0)
+-				{
+-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+-								ERR_R_EVP_LIB);
+-				goto err;
+-				}
++			ERR_clear_error();
+ 			}
+ 
+ 		evp_ctx=NULL;
+@@ -499,24 +507,49 @@
+ 			goto err;
+ 		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
+ 			goto err;
++		/* Generate random key to counter MMA */
++		tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
++		tkey = OPENSSL_malloc(tkeylen);
++		if (!tkey)
++			goto err;
++		if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
++			goto err;
++		/* If we have no key use random key */
++		if (jj <= 0)
++			{
++			OPENSSL_free(tmp);
++			jj = tkeylen;
++			tmp = tkey;
++			tkey = NULL;
++			}
+ 
+-		if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
++		if (jj != tkeylen) {
+ 			/* Some S/MIME clients don't use the same key
+ 			 * and effective key length. The key length is
+ 			 * determined by the size of the decrypted RSA key.
+ 			 */
+ 			if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
+ 				{
+-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+-					PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
+-				goto err;
++				/* As MMA defence use random key instead */
++				OPENSSL_cleanse(tmp, jj);
++				OPENSSL_free(tmp);
++				jj = tkeylen;
++				tmp = tkey;
++				tkey = NULL;
+ 				}
+ 		} 
++		ERR_clear_error();
+ 		if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
+ 			goto err;
+ 
+ 		OPENSSL_cleanse(tmp,jj);
+ 
++		if (tkey)
++			{
++			OPENSSL_cleanse(tkey, tkeylen);
++			OPENSSL_free(tkey);
++			}
++
+ 		if (out == NULL)
+ 			out=etmp;
+ 		else
+Index: crypto/openssl/crypto/mem.c
+===================================================================
+--- crypto/openssl/crypto/mem.c	(revision 234636)
++++ crypto/openssl/crypto/mem.c	(working copy)
+@@ -372,6 +372,10 @@
+ 
+ 	if (num <= 0) return NULL;
+ 
++	/* We don't support shrinking the buffer. Note the memcpy that copies
++	 * |old_len| bytes to the new buffer, below. */
++	if (num < old_len) return NULL;
++
+ 	if (realloc_debug_func != NULL)
+ 		realloc_debug_func(str, NULL, num, file, line, 0);
+ 	ret=malloc_ex_func(num,file,line);
+Index: crypto/openssl/crypto/x509v3/pcy_map.c
+===================================================================
+--- crypto/openssl/crypto/x509v3/pcy_map.c	(revision 234636)
++++ crypto/openssl/crypto/x509v3/pcy_map.c	(working copy)
+@@ -70,8 +70,6 @@
+ 
+ static void policy_map_free(X509_POLICY_REF *map)
+ 	{
+-	if (map->subjectDomainPolicy)
+-		ASN1_OBJECT_free(map->subjectDomainPolicy);
+ 	OPENSSL_free(map);
+ 	}
+ 
+@@ -95,6 +93,7 @@
+ 	{
+ 	POLICY_MAPPING *map;
+ 	X509_POLICY_REF *ref = NULL;
++	ASN1_OBJECT *subjectDomainPolicyRef;
+ 	X509_POLICY_DATA *data;
+ 	X509_POLICY_CACHE *cache = x->policy_cache;
+ 	int i;
+@@ -153,13 +152,16 @@
+ 		if (!sk_ASN1_OBJECT_push(data->expected_policy_set, 
+ 						map->subjectDomainPolicy))
+ 			goto bad_mapping;
++                /* map->subjectDomainPolicy will be freed when
++                 * cache->data is freed. Set it to NULL to avoid double-free. */
++                subjectDomainPolicyRef = map->subjectDomainPolicy;
++                map->subjectDomainPolicy = NULL;
+ 		
+ 		ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
+ 		if (!ref)
+ 			goto bad_mapping;
+ 
+-		ref->subjectDomainPolicy = map->subjectDomainPolicy;
+-		map->subjectDomainPolicy = NULL;
++		ref->subjectDomainPolicy = subjectDomainPolicyRef;
+ 		ref->data = data;
+ 
+ 		if (!sk_X509_POLICY_REF_push(cache->maps, ref))
+Index: crypto/openssl/crypto/x509v3/pcy_tree.c
+===================================================================
+--- crypto/openssl/crypto/x509v3/pcy_tree.c	(revision 234636)
++++ crypto/openssl/crypto/x509v3/pcy_tree.c	(working copy)
+@@ -612,6 +612,10 @@
+ 		case 2:
+ 		return 1;
+ 
++                /* Some internal error */
++		case -1:
++		return -1;
++
+ 		/* Some internal error */
+ 		case 0:
+ 		return 0;
+@@ -691,4 +695,3 @@
+ 	return 0;
+ 
+ 	}
+-
+Index: crypto/openssl/crypto/asn1/a_d2i_fp.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_d2i_fp.c	(revision 234636)
++++ crypto/openssl/crypto/asn1/a_d2i_fp.c	(working copy)
+@@ -57,6 +57,7 @@
+  */
+ 
+ #include <stdio.h>
++#include <limits.h>
+ #include "cryptlib.h"
+ #include <openssl/buffer.h>
+ #include <openssl/asn1_mac.h>
+@@ -143,17 +144,11 @@
+ 	BUF_MEM *b;
+ 	unsigned char *p;
+ 	int i;
+-	int ret=-1;
+ 	ASN1_const_CTX c;
+-	int want=HEADER_SIZE;
++	size_t want=HEADER_SIZE;
+ 	int eos=0;
+-#if defined(__GNUC__) && defined(__ia64)
+-	/* pathetic compiler bug in all known versions as of Nov. 2002 */
+-	long off=0;
+-#else
+-	int off=0;
+-#endif
+-	int len=0;
++	size_t off=0;
++	size_t len=0;
+ 
+ 	b=BUF_MEM_new();
+ 	if (b == NULL)
+@@ -169,7 +164,7 @@
+ 			{
+ 			want-=(len-off);
+ 
+-			if (!BUF_MEM_grow_clean(b,len+want))
++			if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
+ 				{
+ 				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+ 				goto err;
+@@ -181,7 +176,14 @@
+ 				goto err;
+ 				}
+ 			if (i > 0)
++				{
++				if (len+i < len)
++					{
++					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
++					goto err;
++					}
+ 				len+=i;
++				}
+ 			}
+ 		/* else data already loaded */
+ 
+@@ -206,6 +208,11 @@
+ 			{
+ 			/* no data body so go round again */
+ 			eos++;
++			if (eos < 0)
++				{
++				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
++				goto err;
++				}
+ 			want=HEADER_SIZE;
+ 			}
+ 		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
+@@ -220,10 +227,16 @@
+ 		else 
+ 			{
+ 			/* suck in c.slen bytes of data */
+-			want=(int)c.slen;
++			want=c.slen;
+ 			if (want > (len-off))
+ 				{
+ 				want-=(len-off);
++				if (want > INT_MAX /* BIO_read takes an int length */ ||
++					len+want < len)
++						{
++						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
++						goto err;
++						}
+ 				if (!BUF_MEM_grow_clean(b,len+want))
+ 					{
+ 					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+@@ -238,11 +251,18 @@
+ 						    ASN1_R_NOT_ENOUGH_DATA);
+ 						goto err;
+ 						}
++					/* This can't overflow because
++					 * |len+want| didn't overflow. */
+ 					len+=i;
+-					want -= i;
++					want-=i;
+ 					}
+ 				}
+-			off+=(int)c.slen;
++			if (off + c.slen < off)
++				{
++				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
++				goto err;
++				}
++			off+=c.slen;
+ 			if (eos <= 0)
+ 				{
+ 				break;
+@@ -252,9 +272,15 @@
+ 			}
+ 		}
+ 
++	if (off > INT_MAX)
++		{
++		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
++		goto err;
++		}
++
+ 	*pb = b;
+ 	return off;
+ err:
+ 	if (b != NULL) BUF_MEM_free(b);
+-	return(ret);
++	return -1;
+ 	}
+Index: crypto/openssl/crypto/buffer/buffer.c
+===================================================================
+--- crypto/openssl/crypto/buffer/buffer.c	(revision 234636)
++++ crypto/openssl/crypto/buffer/buffer.c	(working copy)
+@@ -60,6 +60,11 @@
+ #include "cryptlib.h"
+ #include <openssl/buffer.h>
+ 
++/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
++ * function is applied in several functions in this file and this limit ensures
++ * that the result fits in an int. */
++#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
++
+ BUF_MEM *BUF_MEM_new(void)
+ 	{
+ 	BUF_MEM *ret;
+@@ -94,6 +99,11 @@
+ 	char *ret;
+ 	unsigned int n;
+ 
++	if (len < 0)
++		{
++		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
+ 	if (str->length >= len)
+ 		{
+ 		str->length=len;
+@@ -105,6 +115,12 @@
+ 		str->length=len;
+ 		return(len);
+ 		}
++	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
++	if (len > LIMIT_BEFORE_EXPANSION)
++		{
++		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
+ 	n=(len+3)/3*4;
+ 	if (str->data == NULL)
+ 		ret=OPENSSL_malloc(n);
+@@ -130,6 +146,11 @@
+ 	char *ret;
+ 	unsigned int n;
+ 
++	if (len < 0)
++		{
++		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
+ 	if (str->length >= len)
+ 		{
+ 		memset(&str->data[len],0,str->length-len);
+@@ -142,6 +163,12 @@
+ 		str->length=len;
+ 		return(len);
+ 		}
++	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
++	if (len > LIMIT_BEFORE_EXPANSION)
++		{
++		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
+ 	n=(len+3)/3*4;
+ 	if (str->data == NULL)
+ 		ret=OPENSSL_malloc(n);
+Index: crypto/openssl/ssl/ssl_err.c
+===================================================================
+--- crypto/openssl/ssl/ssl_err.c	(revision 234636)
++++ crypto/openssl/ssl/ssl_err.c	(working copy)
+@@ -137,6 +137,7 @@
+ {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL),	"SSL3_CALLBACK_CTRL"},
+ {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE),	"SSL3_CHANGE_CIPHER_STATE"},
+ {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),	"SSL3_CHECK_CERT_AND_ALGORITHM"},
++{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO),	"SSL3_CHECK_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO),	"SSL3_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_SSL3_CONNECT),	"SSL3_CONNECT"},
+ {ERR_FUNC(SSL_F_SSL3_CTRL),	"SSL3_CTRL"},
+@@ -375,6 +376,7 @@
+ {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   ,"missing tmp rsa key"},
+ {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY)  ,"missing tmp rsa pkey"},
+ {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
++{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
+ {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
+ {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
+ {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c	(revision 234636)
++++ crypto/openssl/ssl/s3_srvr.c	(working copy)
+@@ -235,6 +235,7 @@
+ 				}
+ 
+ 			s->init_num=0;
++			s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
+ 
+ 			if (s->state != SSL_ST_RENEGOTIATE)
+ 				{
+@@ -697,6 +698,14 @@
+ 	int ok;
+ 	long n;
+ 
++	/* We only allow the client to restart the handshake once per
++	 * negotiation. */
++	if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
++		{
++		SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
++		return -1;
++		}
++
+ 	/* this function is called when we really expect a Certificate message,
+ 	 * so permit appropriate message length */
+ 	n=s->method->ssl_get_message(s,
+@@ -725,6 +734,7 @@
+ 			s->s3->tmp.ecdh = NULL;
+ 			}
+ #endif
++		s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
+ 		return 2;
+ 		}
+ 	return 1;
+Index: crypto/openssl/ssl/ssl.h
+===================================================================
+--- crypto/openssl/ssl/ssl.h	(revision 234636)
++++ crypto/openssl/ssl/ssl.h	(working copy)
+@@ -1739,6 +1739,7 @@
+ #define SSL_F_SSL3_CALLBACK_CTRL			 233
+ #define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
+ #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
++#define SSL_F_SSL3_CHECK_CLIENT_HELLO			 292
+ #define SSL_F_SSL3_CLIENT_HELLO				 131
+ #define SSL_F_SSL3_CONNECT				 132
+ #define SSL_F_SSL3_CTRL					 213
+@@ -1974,6 +1975,7 @@
+ #define SSL_R_MISSING_TMP_RSA_KEY			 172
+ #define SSL_R_MISSING_TMP_RSA_PKEY			 173
+ #define SSL_R_MISSING_VERIFY_MESSAGE			 174
++#define SSL_R_MULTIPLE_SGC_RESTARTS			 325
+ #define SSL_R_NON_SSLV2_INITIAL_PACKET			 175
+ #define SSL_R_NO_CERTIFICATES_RETURNED			 176
+ #define SSL_R_NO_CERTIFICATE_ASSIGNED			 177
+Index: crypto/openssl/ssl/s3_enc.c
+===================================================================
+--- crypto/openssl/ssl/s3_enc.c	(revision 234636)
++++ crypto/openssl/ssl/s3_enc.c	(working copy)
+@@ -479,6 +479,9 @@
+ 
+ 			/* we need to add 'i-1' padding bytes */
+ 			l+=i;
++			/* the last of these zero bytes will be overwritten
++			 * with the padding length. */
++			memset(&rec->input[rec->length], 0, i);
+ 			rec->length+=i;
+ 			rec->input[l-1]=(i-1);
+ 			}
+Index: crypto/openssl/ssl/ssl3.h
+===================================================================
+--- crypto/openssl/ssl/ssl3.h	(revision 234636)
++++ crypto/openssl/ssl/ssl3.h	(working copy)
+@@ -333,6 +333,17 @@
+ #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
+ #define SSL3_FLAGS_POP_BUFFER			0x0004
+ #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
++ 
++/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
++ * restart a handshake because of MS SGC and so prevents us
++ * from restarting the handshake in a loop. It's reset on a
++ * renegotiation, so effectively limits the client to one restart
++ * per negotiation. This limits the possibility of a DDoS
++ * attack where the client handshakes in a loop using SGC to
++ * restart. Servers which permit renegotiation can still be
++ * effected, but we can't prevent that.
++ */
++#define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
+ 
+ typedef struct ssl3_state_st
+ 	{
diff --git a/share/security/patches/SA-12:01/openssl.patch.asc b/share/security/patches/SA-12:01/openssl.patch.asc
new file mode 100644
index 0000000000..4e89af08e0
--- /dev/null
+++ b/share/security/patches/SA-12:01/openssl.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEUEABECAAYFAk+ip04ACgkQFdaIBMps37KfoQCYziAwQv6yeSny5h+4sl8cpURc
+KwCfRWA8orkz1xzW+4p9NpqK6pLD2BY=
+=te9I
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-12:01/openssl2.patch b/share/security/patches/SA-12:01/openssl2.patch
new file mode 100644
index 0000000000..5cff441cb6
--- /dev/null
+++ b/share/security/patches/SA-12:01/openssl2.patch
@@ -0,0 +1,502 @@
+Index: crypto/openssl/crypto/buffer/buffer.c
+===================================================================
+--- crypto/openssl/crypto/buffer/buffer.c	(revision 234953)
++++ crypto/openssl/crypto/buffer/buffer.c	(working copy)
+@@ -60,6 +60,11 @@
+ #include "cryptlib.h"
+ #include <openssl/buffer.h>
+ 
++/* LIMIT_BEFORE_EXPANSION is the maximum n such that (n+3)/3*4 < 2**31. That
++ * function is applied in several functions in this file and this limit ensures
++ * that the result fits in an int. */
++#define LIMIT_BEFORE_EXPANSION 0x5ffffffc
++
+ BUF_MEM *BUF_MEM_new(void)
+ 	{
+ 	BUF_MEM *ret;
+@@ -94,6 +99,11 @@
+ 	char *ret;
+ 	unsigned int n;
+ 
++	if (len < 0)
++		{
++		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
+ 	if (str->length >= len)
+ 		{
+ 		str->length=len;
+@@ -105,6 +115,12 @@
+ 		str->length=len;
+ 		return(len);
+ 		}
++	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
++	if (len > LIMIT_BEFORE_EXPANSION)
++		{
++		BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
+ 	n=(len+3)/3*4;
+ 	if (str->data == NULL)
+ 		ret=OPENSSL_malloc(n);
+@@ -130,6 +146,11 @@
+ 	char *ret;
+ 	unsigned int n;
+ 
++	if (len < 0)
++		{
++		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
+ 	if (str->length >= len)
+ 		{
+ 		memset(&str->data[len],0,str->length-len);
+@@ -142,6 +163,12 @@
+ 		str->length=len;
+ 		return(len);
+ 		}
++	/* This limit is sufficient to ensure (len+3)/3*4 < 2**31 */
++	if (len > LIMIT_BEFORE_EXPANSION)
++		{
++		BUFerr(BUF_F_BUF_MEM_GROW_CLEAN,ERR_R_MALLOC_FAILURE);
++		return 0;
++		}
+ 	n=(len+3)/3*4;
+ 	if (str->data == NULL)
+ 		ret=OPENSSL_malloc(n);
+Index: crypto/openssl/crypto/pkcs7/pk7_doit.c
+===================================================================
+--- crypto/openssl/crypto/pkcs7/pk7_doit.c	(revision 234953)
++++ crypto/openssl/crypto/pkcs7/pk7_doit.c	(working copy)
+@@ -420,6 +420,8 @@
+ 		int max;
+ 		X509_OBJECT ret;
+ #endif
++		unsigned char *tkey = NULL;
++		int tkeylen;
+ 		int jj;
+ 
+ 		if ((etmp=BIO_new(BIO_f_cipher())) == NULL)
+@@ -461,36 +463,42 @@
+ 
+ 		if (pcert == NULL)
+ 			{
++			/* Temporary storage in case EVP_PKEY_decrypt
++			 * overwrites output buffer on error.
++			 */
++			unsigned char *tmp2;
++			tmp2 = OPENSSL_malloc(jj);
++			if (!tmp2)
++				goto err;
++			jj = -1;
++			/* Always attempt to decrypt all cases to avoid
++			 * leaking timing information about a successful
++			 * decrypt.
++			 */
+ 			for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++)
+ 				{
++				int tret;
+ 				ri=sk_PKCS7_RECIP_INFO_value(rsk,i);
+-				jj=EVP_PKEY_decrypt(tmp,
++				tret=EVP_PKEY_decrypt(tmp2,
+ 					M_ASN1_STRING_data(ri->enc_key),
+ 					M_ASN1_STRING_length(ri->enc_key),
+ 						pkey);
+-				if (jj > 0)
+-					break;
++				if (tret > 0)
++					{
++					memcpy(tmp, tmp2, tret);
++					OPENSSL_cleanse(tmp2, tret);
++					jj = tret;
++					}
+ 				ERR_clear_error();
+-				ri = NULL;
+ 				}
+-			if (ri == NULL)
+-				{
+-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+-				      PKCS7_R_NO_RECIPIENT_MATCHES_KEY);
+-				goto err;
+-				}
++			OPENSSL_free(tmp2);
+ 			}
+ 		else
+ 			{
+ 			jj=EVP_PKEY_decrypt(tmp,
+ 				M_ASN1_STRING_data(ri->enc_key),
+ 				M_ASN1_STRING_length(ri->enc_key), pkey);
+-			if (jj <= 0)
+-				{
+-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+-								ERR_R_EVP_LIB);
+-				goto err;
+-				}
++			ERR_clear_error();
+ 			}
+ 
+ 		evp_ctx=NULL;
+@@ -499,24 +507,49 @@
+ 			goto err;
+ 		if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0)
+ 			goto err;
++		/* Generate random key to counter MMA */
++		tkeylen = EVP_CIPHER_CTX_key_length(evp_ctx);
++		tkey = OPENSSL_malloc(tkeylen);
++		if (!tkey)
++			goto err;
++		if (EVP_CIPHER_CTX_rand_key(evp_ctx, tkey) <= 0)
++			goto err;
++		/* If we have no key use random key */
++		if (jj <= 0)
++			{
++			OPENSSL_free(tmp);
++			jj = tkeylen;
++			tmp = tkey;
++			tkey = NULL;
++			}
+ 
+-		if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) {
++		if (jj != tkeylen) {
+ 			/* Some S/MIME clients don't use the same key
+ 			 * and effective key length. The key length is
+ 			 * determined by the size of the decrypted RSA key.
+ 			 */
+ 			if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj))
+ 				{
+-				PKCS7err(PKCS7_F_PKCS7_DATADECODE,
+-					PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH);
+-				goto err;
++				/* As MMA defence use random key instead */
++				OPENSSL_cleanse(tmp, jj);
++				OPENSSL_free(tmp);
++				jj = tkeylen;
++				tmp = tkey;
++				tkey = NULL;
+ 				}
+ 		} 
++		ERR_clear_error();
+ 		if (EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0) <= 0)
+ 			goto err;
+ 
+ 		OPENSSL_cleanse(tmp,jj);
+ 
++		if (tkey)
++			{
++			OPENSSL_cleanse(tkey, tkeylen);
++			OPENSSL_free(tkey);
++			}
++
+ 		if (out == NULL)
+ 			out=etmp;
+ 		else
+Index: crypto/openssl/crypto/mem.c
+===================================================================
+--- crypto/openssl/crypto/mem.c	(revision 234953)
++++ crypto/openssl/crypto/mem.c	(working copy)
+@@ -372,6 +372,10 @@
+ 
+ 	if (num <= 0) return NULL;
+ 
++	/* We don't support shrinking the buffer. Note the memcpy that copies
++	 * |old_len| bytes to the new buffer, below. */
++	if (num < old_len) return NULL;
++
+ 	if (realloc_debug_func != NULL)
+ 		realloc_debug_func(str, NULL, num, file, line, 0);
+ 	ret=malloc_ex_func(num,file,line);
+Index: crypto/openssl/crypto/x509v3/pcy_map.c
+===================================================================
+--- crypto/openssl/crypto/x509v3/pcy_map.c	(revision 234953)
++++ crypto/openssl/crypto/x509v3/pcy_map.c	(working copy)
+@@ -70,8 +70,6 @@
+ 
+ static void policy_map_free(X509_POLICY_REF *map)
+ 	{
+-	if (map->subjectDomainPolicy)
+-		ASN1_OBJECT_free(map->subjectDomainPolicy);
+ 	OPENSSL_free(map);
+ 	}
+ 
+@@ -95,6 +93,7 @@
+ 	{
+ 	POLICY_MAPPING *map;
+ 	X509_POLICY_REF *ref = NULL;
++	ASN1_OBJECT *subjectDomainPolicyRef;
+ 	X509_POLICY_DATA *data;
+ 	X509_POLICY_CACHE *cache = x->policy_cache;
+ 	int i;
+@@ -153,13 +152,16 @@
+ 		if (!sk_ASN1_OBJECT_push(data->expected_policy_set, 
+ 						map->subjectDomainPolicy))
+ 			goto bad_mapping;
++                /* map->subjectDomainPolicy will be freed when
++                 * cache->data is freed. Set it to NULL to avoid double-free. */
++                subjectDomainPolicyRef = map->subjectDomainPolicy;
++                map->subjectDomainPolicy = NULL;
+ 		
+ 		ref = OPENSSL_malloc(sizeof(X509_POLICY_REF));
+ 		if (!ref)
+ 			goto bad_mapping;
+ 
+-		ref->subjectDomainPolicy = map->subjectDomainPolicy;
+-		map->subjectDomainPolicy = NULL;
++		ref->subjectDomainPolicy = subjectDomainPolicyRef;
+ 		ref->data = data;
+ 
+ 		if (!sk_X509_POLICY_REF_push(cache->maps, ref))
+Index: crypto/openssl/crypto/x509v3/pcy_tree.c
+===================================================================
+--- crypto/openssl/crypto/x509v3/pcy_tree.c	(revision 234953)
++++ crypto/openssl/crypto/x509v3/pcy_tree.c	(working copy)
+@@ -612,6 +612,10 @@
+ 		case 2:
+ 		return 1;
+ 
++                /* Some internal error */
++		case -1:
++		return -1;
++
+ 		/* Some internal error */
+ 		case 0:
+ 		return 0;
+@@ -691,4 +695,3 @@
+ 	return 0;
+ 
+ 	}
+-
+Index: crypto/openssl/crypto/asn1/a_d2i_fp.c
+===================================================================
+--- crypto/openssl/crypto/asn1/a_d2i_fp.c	(revision 234953)
++++ crypto/openssl/crypto/asn1/a_d2i_fp.c	(working copy)
+@@ -57,6 +57,7 @@
+  */
+ 
+ #include <stdio.h>
++#include <limits.h>
+ #include "cryptlib.h"
+ #include <openssl/buffer.h>
+ #include <openssl/asn1_mac.h>
+@@ -143,17 +144,11 @@
+ 	BUF_MEM *b;
+ 	unsigned char *p;
+ 	int i;
+-	int ret=-1;
+ 	ASN1_const_CTX c;
+-	int want=HEADER_SIZE;
++	size_t want=HEADER_SIZE;
+ 	int eos=0;
+-#if defined(__GNUC__) && defined(__ia64)
+-	/* pathetic compiler bug in all known versions as of Nov. 2002 */
+-	long off=0;
+-#else
+-	int off=0;
+-#endif
+-	int len=0;
++	size_t off=0;
++	size_t len=0;
+ 
+ 	b=BUF_MEM_new();
+ 	if (b == NULL)
+@@ -169,7 +164,7 @@
+ 			{
+ 			want-=(len-off);
+ 
+-			if (!BUF_MEM_grow_clean(b,len+want))
++			if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
+ 				{
+ 				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+ 				goto err;
+@@ -181,7 +176,14 @@
+ 				goto err;
+ 				}
+ 			if (i > 0)
++				{
++				if (len+i < len)
++					{
++					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
++					goto err;
++					}
+ 				len+=i;
++				}
+ 			}
+ 		/* else data already loaded */
+ 
+@@ -206,6 +208,11 @@
+ 			{
+ 			/* no data body so go round again */
+ 			eos++;
++			if (eos < 0)
++				{
++				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_HEADER_TOO_LONG);
++				goto err;
++				}
+ 			want=HEADER_SIZE;
+ 			}
+ 		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
+@@ -220,10 +227,16 @@
+ 		else 
+ 			{
+ 			/* suck in c.slen bytes of data */
+-			want=(int)c.slen;
++			want=c.slen;
+ 			if (want > (len-off))
+ 				{
+ 				want-=(len-off);
++				if (want > INT_MAX /* BIO_read takes an int length */ ||
++					len+want < len)
++						{
++						ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
++						goto err;
++						}
+ 				if (!BUF_MEM_grow_clean(b,len+want))
+ 					{
+ 					ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ERR_R_MALLOC_FAILURE);
+@@ -238,11 +251,18 @@
+ 						    ASN1_R_NOT_ENOUGH_DATA);
+ 						goto err;
+ 						}
++					/* This can't overflow because
++					 * |len+want| didn't overflow. */
+ 					len+=i;
+-					want -= i;
++					want-=i;
+ 					}
+ 				}
+-			off+=(int)c.slen;
++			if (off + c.slen < off)
++				{
++				ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
++				goto err;
++				}
++			off+=c.slen;
+ 			if (eos <= 0)
+ 				{
+ 				break;
+@@ -252,9 +272,15 @@
+ 			}
+ 		}
+ 
++	if (off > INT_MAX)
++		{
++		ASN1err(ASN1_F_ASN1_D2I_READ_BIO,ASN1_R_TOO_LONG);
++		goto err;
++		}
++
+ 	*pb = b;
+ 	return off;
+ err:
+ 	if (b != NULL) BUF_MEM_free(b);
+-	return(ret);
++	return -1;
+ 	}
+Index: crypto/openssl/ssl/ssl.h
+===================================================================
+--- crypto/openssl/ssl/ssl.h	(revision 234953)
++++ crypto/openssl/ssl/ssl.h	(working copy)
+@@ -1739,6 +1739,7 @@
+ #define SSL_F_SSL3_CALLBACK_CTRL			 233
+ #define SSL_F_SSL3_CHANGE_CIPHER_STATE			 129
+ #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM		 130
++#define SSL_F_SSL3_CHECK_CLIENT_HELLO			 292
+ #define SSL_F_SSL3_CLIENT_HELLO				 131
+ #define SSL_F_SSL3_CONNECT				 132
+ #define SSL_F_SSL3_CTRL					 213
+@@ -1974,6 +1975,7 @@
+ #define SSL_R_MISSING_TMP_RSA_KEY			 172
+ #define SSL_R_MISSING_TMP_RSA_PKEY			 173
+ #define SSL_R_MISSING_VERIFY_MESSAGE			 174
++#define SSL_R_MULTIPLE_SGC_RESTARTS			 325
+ #define SSL_R_NON_SSLV2_INITIAL_PACKET			 175
+ #define SSL_R_NO_CERTIFICATES_RETURNED			 176
+ #define SSL_R_NO_CERTIFICATE_ASSIGNED			 177
+Index: crypto/openssl/ssl/ssl_err.c
+===================================================================
+--- crypto/openssl/ssl/ssl_err.c	(revision 234953)
++++ crypto/openssl/ssl/ssl_err.c	(working copy)
+@@ -137,6 +137,7 @@
+ {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL),	"SSL3_CALLBACK_CTRL"},
+ {ERR_FUNC(SSL_F_SSL3_CHANGE_CIPHER_STATE),	"SSL3_CHANGE_CIPHER_STATE"},
+ {ERR_FUNC(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM),	"SSL3_CHECK_CERT_AND_ALGORITHM"},
++{ERR_FUNC(SSL_F_SSL3_CHECK_CLIENT_HELLO),	"SSL3_CHECK_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_SSL3_CLIENT_HELLO),	"SSL3_CLIENT_HELLO"},
+ {ERR_FUNC(SSL_F_SSL3_CONNECT),	"SSL3_CONNECT"},
+ {ERR_FUNC(SSL_F_SSL3_CTRL),	"SSL3_CTRL"},
+@@ -375,6 +376,7 @@
+ {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   ,"missing tmp rsa key"},
+ {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY)  ,"missing tmp rsa pkey"},
+ {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE),"missing verify message"},
++{ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) ,"multiple sgc restarts"},
+ {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET),"non sslv2 initial packet"},
+ {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED),"no certificates returned"},
+ {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED),"no certificate assigned"},
+Index: crypto/openssl/ssl/s3_enc.c
+===================================================================
+--- crypto/openssl/ssl/s3_enc.c	(revision 234953)
++++ crypto/openssl/ssl/s3_enc.c	(working copy)
+@@ -479,6 +479,9 @@
+ 
+ 			/* we need to add 'i-1' padding bytes */
+ 			l+=i;
++			/* the last of these zero bytes will be overwritten
++			 * with the padding length. */
++			memset(&rec->input[rec->length], 0, i);
+ 			rec->length+=i;
+ 			rec->input[l-1]=(i-1);
+ 			}
+Index: crypto/openssl/ssl/s3_srvr.c
+===================================================================
+--- crypto/openssl/ssl/s3_srvr.c	(revision 234953)
++++ crypto/openssl/ssl/s3_srvr.c	(working copy)
+@@ -235,6 +235,7 @@
+ 				}
+ 
+ 			s->init_num=0;
++			s->s3->flags &= ~SSL3_FLAGS_SGC_RESTART_DONE;
+ 
+ 			if (s->state != SSL_ST_RENEGOTIATE)
+ 				{
+@@ -709,6 +710,13 @@
+ 	s->s3->tmp.reuse_message = 1;
+ 	if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO)
+ 		{
++		/* We only allow the client to restart the handshake once per
++		 * negotiation. */
++		if (s->s3->flags & SSL3_FLAGS_SGC_RESTART_DONE)
++			{
++			SSLerr(SSL_F_SSL3_CHECK_CLIENT_HELLO, SSL_R_MULTIPLE_SGC_RESTARTS);
++			return -1;
++			}
+ 		/* Throw away what we have done so far in the current handshake,
+ 		 * which will now be aborted. (A full SSL_clear would be too much.) */
+ #ifndef OPENSSL_NO_DH
+@@ -725,6 +733,7 @@
+ 			s->s3->tmp.ecdh = NULL;
+ 			}
+ #endif
++		s->s3->flags |= SSL3_FLAGS_SGC_RESTART_DONE;
+ 		return 2;
+ 		}
+ 	return 1;
+Index: crypto/openssl/ssl/ssl3.h
+===================================================================
+--- crypto/openssl/ssl/ssl3.h	(revision 234953)
++++ crypto/openssl/ssl/ssl3.h	(working copy)
+@@ -333,6 +333,17 @@
+ #define SSL3_FLAGS_DELAY_CLIENT_FINISHED	0x0002
+ #define SSL3_FLAGS_POP_BUFFER			0x0004
+ #define TLS1_FLAGS_TLS_PADDING_BUG		0x0008
++ 
++/* SSL3_FLAGS_SGC_RESTART_DONE is set when we
++ * restart a handshake because of MS SGC and so prevents us
++ * from restarting the handshake in a loop. It's reset on a
++ * renegotiation, so effectively limits the client to one restart
++ * per negotiation. This limits the possibility of a DDoS
++ * attack where the client handshakes in a loop using SGC to
++ * restart. Servers which permit renegotiation can still be
++ * effected, but we can't prevent that.
++ */
++#define SSL3_FLAGS_SGC_RESTART_DONE		0x0040
+ 
+ typedef struct ssl3_state_st
+ 	{
diff --git a/share/security/patches/SA-12:01/openssl2.patch.asc b/share/security/patches/SA-12:01/openssl2.patch.asc
new file mode 100644
index 0000000000..f184590406
--- /dev/null
+++ b/share/security/patches/SA-12:01/openssl2.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAk/GBHcACgkQFdaIBMps37JbfwCeNEZzrq/qKk3a8eI+94sCbXu7
+XnMAn0ztxgUsWOFFuGH5YVPQ9f2TW7V3
+=t+YW
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-12:02/crypt.patch b/share/security/patches/SA-12:02/crypt.patch
new file mode 100644
index 0000000000..ef93ac14f2
--- /dev/null
+++ b/share/security/patches/SA-12:02/crypt.patch
@@ -0,0 +1,13 @@
+Index: secure/lib/libcrypt/crypt-des.c
+===================================================================
+--- secure/lib/libcrypt/crypt-des.c	(revision 234682)
++++ secure/lib/libcrypt/crypt-des.c	(working copy)
+@@ -606,7 +606,7 @@
+ 	q = (u_char *)keybuf;
+ 	while (q - (u_char *)keybuf - 8) {
+ 		*q++ = *key << 1;
+-		if (*(q - 1))
++		if (*key != '\0')
+ 			key++;
+ 	}
+ 	if (des_setkey((char *)keybuf))
diff --git a/share/security/patches/SA-12:02/crypt.patch.asc b/share/security/patches/SA-12:02/crypt.patch.asc
new file mode 100644
index 0000000000..d476b4e5a7
--- /dev/null
+++ b/share/security/patches/SA-12:02/crypt.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAk/GBGkACgkQFdaIBMps37JSXQCdHmD5T7yiIBawPCPyg6Ozq39S
+bEUAni8JoFqkBN8VVR5rkJj1JAOfJ1uT
+=lcWz
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-12:03/bind-90.patch b/share/security/patches/SA-12:03/bind-90.patch
new file mode 100644
index 0000000000..0351559ee0
--- /dev/null
+++ b/share/security/patches/SA-12:03/bind-90.patch
@@ -0,0 +1,69 @@
+Index: contrib/bind9/lib/dns/rdata.c
+===================================================================
+--- contrib/bind9/lib/dns/rdata.c.orig
++++ contrib/bind9/lib/dns/rdata.c
+@@ -329,8 +329,8 @@
+ 
+ 	REQUIRE(rdata1 != NULL);
+ 	REQUIRE(rdata2 != NULL);
+-	REQUIRE(rdata1->data != NULL);
+-	REQUIRE(rdata2->data != NULL);
++	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
++	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+@@ -360,8 +360,8 @@
+ 
+ 	REQUIRE(rdata1 != NULL);
+ 	REQUIRE(rdata2 != NULL);
+-	REQUIRE(rdata1->data != NULL);
+-	REQUIRE(rdata2->data != NULL);
++	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
++	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+Index: contrib/bind9/lib/dns/rdataslab.c
+===================================================================
+--- contrib/bind9/lib/dns/rdataslab.c.orig
++++ contrib/bind9/lib/dns/rdataslab.c
+@@ -126,6 +126,11 @@
+ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ 			   isc_region_t *region, unsigned int reservelen)
+ {
++	/*
++	 * Use &removed as a sentinal pointer for duplicate
++	 * rdata as rdata.data == NULL is valid.
++	 */
++	static unsigned char removed;
+ 	struct xrdata  *x;
+ 	unsigned char  *rawbuf;
+ #if DNS_RDATASET_FIXED
+@@ -169,6 +174,7 @@
+ 		INSIST(result == ISC_R_SUCCESS);
+ 		dns_rdata_init(&x[i].rdata);
+ 		dns_rdataset_current(rdataset, &x[i].rdata);
++		INSIST(x[i].rdata.data != &removed);
+ #if DNS_RDATASET_FIXED
+ 		x[i].order = i;
+ #endif
+@@ -201,8 +207,7 @@
+ 	 */
+ 	for (i = 1; i < nalloc; i++) {
+ 		if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
+-			x[i-1].rdata.data = NULL;
+-			x[i-1].rdata.length = 0;
++			x[i-1].rdata.data = &removed;
+ #if DNS_RDATASET_FIXED
+ 			/*
+ 			 * Preserve the least order so A, B, A -> A, B
+@@ -292,7 +297,7 @@
+ #endif
+ 
+ 	for (i = 0; i < nalloc; i++) {
+-		if (x[i].rdata.data == NULL)
++		if (x[i].rdata.data == &removed)
+ 			continue;
+ #if DNS_RDATASET_FIXED
+ 		offsettable[x[i].order] = rawbuf - offsetbase;
diff --git a/share/security/patches/SA-12:03/bind-90.patch.asc b/share/security/patches/SA-12:03/bind-90.patch.asc
new file mode 100644
index 0000000000..b587bce0a8
--- /dev/null
+++ b/share/security/patches/SA-12:03/bind-90.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAk/XKNwACgkQFdaIBMps37LuywCfS7ctd55nkoVPb1cyZNE2BdyM
+7qoAnA1At+No6kAlWjEZwXWg3uA1Zi1d
+=Zn4x
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-12:03/bind.patch b/share/security/patches/SA-12:03/bind.patch
new file mode 100644
index 0000000000..dffcdfc133
--- /dev/null
+++ b/share/security/patches/SA-12:03/bind.patch
@@ -0,0 +1,58 @@
+Index: contrib/bind9/lib/dns/rdata.c
+===================================================================
+--- contrib/bind9/lib/dns/rdata.c.orig
++++ contrib/bind9/lib/dns/rdata.c	(working copy)
+@@ -334,8 +334,8 @@ dns_rdata_compare(const dns_rdata_t *rdata1, const
+ 
+ 	REQUIRE(rdata1 != NULL);
+ 	REQUIRE(rdata2 != NULL);
+-	REQUIRE(rdata1->data != NULL);
+-	REQUIRE(rdata2->data != NULL);
++	REQUIRE(rdata1->length == 0 || rdata1->data != NULL);
++	REQUIRE(rdata2->length == 0 || rdata2->data != NULL);
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata1));
+ 	REQUIRE(DNS_RDATA_VALIDFLAGS(rdata2));
+ 
+Index: contrib/bind9/lib/dns/rdataslab.c
+===================================================================
+--- contrib/bind9/lib/dns/rdataslab.c.orig
++++ contrib/bind9/lib/dns/rdataslab.c	(working copy)
+@@ -128,6 +128,11 @@ isc_result_t
+ dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
+ 			   isc_region_t *region, unsigned int reservelen)
+ {
++	/*
++	 * Use &removed as a sentinal pointer for duplicate
++	 * rdata as rdata.data == NULL is valid.
++	 */
++	static unsigned char removed;
+ 	struct xrdata  *x;
+ 	unsigned char  *rawbuf;
+ #if DNS_RDATASET_FIXED
+@@ -166,6 +171,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdatase
+ 		INSIST(result == ISC_R_SUCCESS);
+ 		dns_rdata_init(&x[i].rdata);
+ 		dns_rdataset_current(rdataset, &x[i].rdata);
++		INSIST(x[i].rdata.data != &removed);
+ #if DNS_RDATASET_FIXED
+ 		x[i].order = i;
+ #endif
+@@ -198,8 +204,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdatase
+ 	 */
+ 	for (i = 1; i < nalloc; i++) {
+ 		if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
+-			x[i-1].rdata.data = NULL;
+-			x[i-1].rdata.length = 0;
++			x[i-1].rdata.data = &removed;
+ #if DNS_RDATASET_FIXED
+ 			/*
+ 			 * Preserve the least order so A, B, A -> A, B
+@@ -275,7 +280,7 @@ dns_rdataslab_fromrdataset(dns_rdataset_t *rdatase
+ #endif
+ 
+ 	for (i = 0; i < nalloc; i++) {
+-		if (x[i].rdata.data == NULL)
++		if (x[i].rdata.data == &removed)
+ 			continue;
+ #if DNS_RDATASET_FIXED
+ 		offsettable[x[i].order] = rawbuf - offsetbase;
diff --git a/share/security/patches/SA-12:03/bind.patch.asc b/share/security/patches/SA-12:03/bind.patch.asc
new file mode 100644
index 0000000000..34a1a61ee7
--- /dev/null
+++ b/share/security/patches/SA-12:03/bind.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAk/XKOAACgkQFdaIBMps37KDWACfcRoJKmsZc7Eg87jL3BuAIeWN
++6cAoJgXo/+QMwkwdsG5JGcCNVnHdjju
+=y2ka
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-12:04/sysret-81-correction.patch b/share/security/patches/SA-12:04/sysret-81-correction.patch
new file mode 100644
index 0000000000..eed26c6adc
--- /dev/null
+++ b/share/security/patches/SA-12:04/sysret-81-correction.patch
@@ -0,0 +1,48 @@
+--- releng/8.1/sys/amd64/amd64/trap.c	2012/06/18 20:19:07	237240
++++ releng/8.1/sys/amd64/amd64/trap.c	2012/06/18 20:48:21	237241
+@@ -972,23 +972,6 @@
+ 		ksi.ksi_code = TRAP_TRACE;
+ 		ksi.ksi_addr = (void *)frame->tf_rip;
+ 		trapsignal(td, &ksi);
+-
+-	/*
+-	 * If the user-supplied value of %rip is not a canonical
+-	 * address, then some CPUs will trigger a ring 0 #GP during
+-	 * the sysret instruction.  However, the fault handler would
+-	 * execute with the user's %gs and %rsp in ring 0 which would
+-	 * not be safe.  Instead, preemptively kill the thread with a
+-	 * SIGBUS.
+-	 */
+-	if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
+-		ksiginfo_init_trap(&ksi);
+-		ksi.ksi_signo = SIGBUS;
+-		ksi.ksi_code = BUS_OBJERR;
+-		ksi.ksi_trapno = T_PROTFLT;
+-		ksi.ksi_addr = (void *)td->td_frame->tf_rip;
+-		trapsignal(td, &ksi);
+-	}
+ 	}
+ 
+ 	/*
+@@ -1027,4 +1010,21 @@
+ 	STOPEVENT(p, S_SCX, sa.code);
+ 
+ 	PTRACESTOP_SC(p, td, S_PT_SCX);
++
++	/*
++	 * If the user-supplied value of %rip is not a canonical
++	 * address, then some CPUs will trigger a ring 0 #GP during
++	 * the sysret instruction.  However, the fault handler would
++	 * execute with the user's %gs and %rsp in ring 0 which would
++	 * not be safe.  Instead, preemptively kill the thread with a
++	 * SIGBUS.
++	 */
++	if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
++		ksiginfo_init_trap(&ksi);
++		ksi.ksi_signo = SIGBUS;
++		ksi.ksi_code = BUS_OBJERR;
++		ksi.ksi_trapno = T_PROTFLT;
++		ksi.ksi_addr = (void *)td->td_frame->tf_rip;
++		trapsignal(td, &ksi);
++	}
+ }
diff --git a/share/security/patches/SA-12:04/sysret-81-correction.patch.asc b/share/security/patches/SA-12:04/sysret-81-correction.patch.asc
new file mode 100644
index 0000000000..b8de69e605
--- /dev/null
+++ b/share/security/patches/SA-12:04/sysret-81-correction.patch.asc
@@ -0,0 +1,8 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (Darwin)
+Comment: GPGTools - http://gpgtools.org
+
+iEYEABECAAYFAk/gjSAACgkQFdaIBMps37JyIgCgmYAmGo1PjLpJVf0L3rhhZEMp
+R0IAn28IUMcXuHT1M21bostInIS44x9n
+=uBqS
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-12:04/sysret-81.patch b/share/security/patches/SA-12:04/sysret-81.patch
new file mode 100644
index 0000000000..47e8932873
--- /dev/null
+++ b/share/security/patches/SA-12:04/sysret-81.patch
@@ -0,0 +1,24 @@
+--- releng/8.1/sys/amd64/amd64/trap.c	2010/06/14 02:09:06	209145
++++ releng/8.1/sys/amd64/amd64/trap.c	2012/06/18 20:48:21	237241
+@@ -1010,4 +1010,21 @@
+ 	STOPEVENT(p, S_SCX, sa.code);
+ 
+ 	PTRACESTOP_SC(p, td, S_PT_SCX);
++
++	/*
++	 * If the user-supplied value of %rip is not a canonical
++	 * address, then some CPUs will trigger a ring 0 #GP during
++	 * the sysret instruction.  However, the fault handler would
++	 * execute with the user's %gs and %rsp in ring 0 which would
++	 * not be safe.  Instead, preemptively kill the thread with a
++	 * SIGBUS.
++	 */
++	if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
++		ksiginfo_init_trap(&ksi);
++		ksi.ksi_signo = SIGBUS;
++		ksi.ksi_code = BUS_OBJERR;
++		ksi.ksi_trapno = T_PROTFLT;
++		ksi.ksi_addr = (void *)td->td_frame->tf_rip;
++		trapsignal(td, &ksi);
++	}
+ }
diff --git a/share/security/patches/SA-12:04/sysret-81.patch.asc b/share/security/patches/SA-12:04/sysret-81.patch.asc
new file mode 100644
index 0000000000..b10012ccac
--- /dev/null
+++ b/share/security/patches/SA-12:04/sysret-81.patch.asc
@@ -0,0 +1,8 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9 (Darwin)
+Comment: GPGTools - http://gpgtools.org
+
+iEYEABECAAYFAk/gjRwACgkQFdaIBMps37IG0wCeMtJiSqZWjU2cvkvnw5uTRrlV
+NKEAmwblt9+jmBbLbj/YAChwemB9riF9
+=2EZ8
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-12:04/sysret.patch b/share/security/patches/SA-12:04/sysret.patch
new file mode 100644
index 0000000000..0bf1b611a0
--- /dev/null
+++ b/share/security/patches/SA-12:04/sysret.patch
@@ -0,0 +1,26 @@
+Index: sys/amd64/amd64/trap.c
+===================================================================
+--- sys/amd64/amd64/trap.c.orig
++++ sys/amd64/amd64/trap.c	(working copy)
+@@ -972,4 +972,21 @@
+ 	     syscallname(td->td_proc, sa.code)));
+ 
+ 	syscallret(td, error, &sa);
++
++	/*
++	 * If the user-supplied value of %rip is not a canonical
++	 * address, then some CPUs will trigger a ring 0 #GP during
++	 * the sysret instruction.  However, the fault handler would
++	 * execute with the user's %gs and %rsp in ring 0 which would
++	 * not be safe.  Instead, preemptively kill the thread with a
++	 * SIGBUS.
++	 */
++	if (td->td_frame->tf_rip >= VM_MAXUSER_ADDRESS) {
++		ksiginfo_init_trap(&ksi);
++		ksi.ksi_signo = SIGBUS;
++		ksi.ksi_code = BUS_OBJERR;
++		ksi.ksi_trapno = T_PROTFLT;
++		ksi.ksi_addr = (void *)td->td_frame->tf_rip;
++		trapsignal(td, &ksi);
++	}
+ }
diff --git a/share/security/patches/SA-12:04/sysret.patch.asc b/share/security/patches/SA-12:04/sysret.patch.asc
new file mode 100644
index 0000000000..b3e04004f7
--- /dev/null
+++ b/share/security/patches/SA-12:04/sysret.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.12 (FreeBSD)
+
+iEYEABECAAYFAk/XKOkACgkQFdaIBMps37JDmwCcDy1JweGCVEfqeuuLuky3P/2W
+aDsAn09r9ZSqqnV8n5L1QRYB5nTAULe+
+=7o1j
+-----END PGP SIGNATURE-----
diff --git a/share/security/patches/SA-12:05/bind.patch b/share/security/patches/SA-12:05/bind.patch
new file mode 100644
index 0000000000..047c99fd24
--- /dev/null
+++ b/share/security/patches/SA-12:05/bind.patch
@@ -0,0 +1,23 @@
+Index: contrib/bind9/lib/dns/resolver.c
+===================================================================
+--- contrib/bind9/lib/dns/resolver.c	(revision 238745)
++++ contrib/bind9/lib/dns/resolver.c	(revision 238746)
+@@ -8448,6 +8448,7 @@
+ 			goto cleanup;
+ 		bad->type = type;
+ 		bad->hashval = hashval;
++		bad->expire = *expire;
+ 		isc_buffer_init(&buffer, bad + 1, name->length);
+ 		dns_name_init(&bad->name, NULL);
+ 		dns_name_copy(name, &bad->name, &buffer);
+@@ -8459,8 +8460,8 @@
+ 		if (resolver->badcount < resolver->badhash * 2 &&
+ 		    resolver->badhash > DNS_BADCACHE_SIZE)
+ 			resizehash(resolver, &now, ISC_FALSE);
+-	}
+-	bad->expire = *expire;
++	} else
++		bad->expire = *expire;
+  cleanup:
+ 	UNLOCK(&resolver->lock);
+ }
diff --git a/share/security/patches/SA-12:05/bind.patch.asc b/share/security/patches/SA-12:05/bind.patch.asc
new file mode 100644
index 0000000000..dc61af4afd
--- /dev/null
+++ b/share/security/patches/SA-12:05/bind.patch.asc
@@ -0,0 +1,7 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.4.9
+
+iEYEABECAAYFAlAgP7AACgkQFdaIBMps37IIOwCfSOc9y5qDLfkEvgN/YAXW19fB
+69kAoIiHBs8FTgrv/lCpz+IRSzZ2tvvV
+=cNNY
+-----END PGP SIGNATURE-----